[tor-bugs] #21448 [Applications/Tor Browser]: Identify what build flags we should be using for security, and use them
Tor Bug Tracker & Wiki
blackhole at torproject.org
Tue Feb 14 01:35:36 UTC 2017
#21448: Identify what build flags we should be using for security, and use them
--------------------------------------+--------------------------
Reporter: arthuredelstein | Owner: tbb-team
Type: defect | Status: new
Priority: Medium | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Resolution:
Keywords: | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
--------------------------------------+--------------------------
Comment (by arthuredelstein):
For comparison, here are the current Firefox release build flags:
Linux Firefox 51.01
{{{
target
x86_64-pc-linux-gnu
Build tools
Compiler Version Compiler flags
/builds/slave/m-rel-l64-00000000000000000000/build/src/gcc/bin/gcc
-std=gnu99 4.8.5 -Wall -Wempty-body -Wignored-qualifiers -Wpointer-
arith -Wsign-compare -Wtype-limits -Wunreachable-code -Wno-error=maybe-
uninitialized -Wno-error=deprecated-declarations -Wno-error=array-bounds
-Wno-error=coverage-mismatch -Wno-error=free-nonheap-object -fno-strict-
aliasing -ffunction-sections -fdata-sections -fno-math-errno -pthread
-pipe
/builds/slave/m-rel-l64-00000000000000000000/build/src/gcc/bin/g++
-std=gnu++11 4.8.5 -Wall -Wc++11-compat -Wempty-body -Wignored-
qualifiers -Woverloaded-virtual -Wpointer-arith -Wsign-compare -Wtype-
limits -Wunreachable-code -Wwrite-strings -Wno-invalid-offsetof -Wno-error
=maybe-uninitialized -Wno-error=deprecated-declarations -Wno-error=array-
bounds -Wno-error=coverage-mismatch -Wno-error=free-nonheap-object -fno-
exceptions -fno-strict-aliasing -fno-rtti -ffunction-sections -fdata-
sections -fno-exceptions -fno-math-errno -pthread
-D_GLIBCXX_USE_CXX11_ABI=0 -pipe -g -fprofile-use -fprofile-correction
-Wcoverage-mismatch -O3 -fomit-frame-pointer -Werror
Configure options
MOZ_AUTOMATION=1 --enable-update-channel=release
PKG_CONFIG=/builds/slave/m-rel-l64-00000000000000000000/build/src/gtk3/usr/local/bin
/pkg-config --enable-js-shell --enable-default-toolkit=cairo-gtk3 --with-
mozilla-api-keyfile=/builds/mozilla-desktop-geoloc-api.key --with-google-
api-keyfile=/builds/gapi.data MOZ_PGO=1
CC=/builds/slave/m-rel-l64-00000000000000000000/build/src/gcc/bin/gcc
CXX=/builds/slave/m-rel-l64-00000000000000000000/build/src/gcc/bin/g++
--enable-rust
RUSTC=/builds/slave/m-rel-l64-00000000000000000000/build/src/rustc/bin/rustc
CARGO=/builds/slave/m-rel-l64-00000000000000000000/build/src/cargo/bin/cargo
MAKE=/usr/bin/gmake --enable-crashreporter --enable-elf-hack --enable-
official-branding --enable-release --enable-stdcxx-compat --enable-verify-
mar
}}}
Windows Firefox 51.01:
{{{
target
i686-pc-mingw32
Build tools
Compiler Version Compiler flags
c:/builds/moz2_slave/m-rel-w32-00000000000000000000/build/src/vs2015u3/VC/bin/amd64_x86/cl.EXE
19.00.24213 -TC -nologo -wd4091 -D_HAS_EXCEPTIONS=0 -W3 -Gy -Zc:inline
-arch:SSE2 -FS -wd4244 -wd4267 -wd4819 -we4553
c:/builds/moz2_slave/m-rel-w32-00000000000000000000/build/src/vs2015u3/VC/bin/amd64_x86/cl.EXE
19.00.24213 -TP -nologo -wd5026 -wd5027 -Zc:sizedDealloc-
-Zc:threadSafeInit- -wd4091 -wd4577 -D_HAS_EXCEPTIONS=0 -W3 -Gy -Zc:inline
-arch:SSE2 -FS -wd4251 -wd4244 -wd4267 -wd4345 -wd4351 -wd4800 -wd4819
-wd4595 -we4553 -GR- -Zi -GL -wd4624 -wd4952 -O1 -Oi -Oy
Configure options
MOZ_AUTOMATION=1 'MOZILLABUILD=C:\mozilla-build' --enable-update-
channel=release --enable-js-shell --enable-eme=+adobe --with-mozilla-api-
keyfile=c:/builds/mozilla-desktop-geoloc-api.key --with-google-api-
keyfile=c:/builds/gapi.data MOZ_PGO=1
WINDOWSSDKDIR=c:/builds/moz2_slave/m-rel-w32-00000000000000000000/build/src/vs2015u3/SDK
--enable-rust
RUSTC=c:/builds/moz2_slave/m-rel-w32-00000000000000000000/build/src/rustc/bin/rustc
CARGO=c:/builds/moz2_slave/m-rel-w32-00000000000000000000/build/src/cargo/bin/cargo
--enable-jemalloc
MAKE=c:/builds/moz2_slave/m-rel-w32-00000000000000000000/build/src/mozmake.EXE
--enable-crashreporter --enable-official-branding --enable-release
--enable-require-all-d3dc-versions --enable-verify-mar
}}}
Mac Firefox 51.01:
{{{
target
x86_64-apple-darwin11.2.0
Build tools
Compiler Version Compiler flags
/usr/local/bin/ccache
/builds/slave/m-rel-m64-00000000000000000000/build/src/clang/bin/clang
-arch x86_64 -std=gnu99 3.8.0 -Qunused-arguments -Wall -Wempty-body
-Wignored-qualifiers -Wpointer-arith -Wsign-compare -Wtype-limits
-Wunreachable-code -Wclass-varargs -Wloop-analysis -Werror=non-literal-
null-conversion -Wstring-conversion -Wthread-safety -Wno-error=deprecated-
declarations -Wno-error=array-bounds -isysroot
/Developer/SDKs/MacOSX10.7.sdk -fno-strict-aliasing -ffunction-sections
-fdata-sections -fno-math-errno -pthread -pipe
/usr/local/bin/ccache
/builds/slave/m-rel-m64-00000000000000000000/build/src/clang/bin/clang++
-arch x86_64 -std=gnu++11 3.8.0 -Qunused-arguments -Qunused-arguments
-Wall -Wc++11-compat -Wempty-body -Wignored-qualifiers -Woverloaded-
virtual -Wpointer-arith -Wsign-compare -Wtype-limits -Wunreachable-code
-Wwrite-strings -Wno-invalid-offsetof -Wclass-varargs -Wloop-analysis
-Wc++11-compat-pedantic -Wc++14-compat -Wc++14-compat-pedantic -Wc++1z-
compat -Wimplicit-fallthrough -Werror=non-literal-null-conversion
-Wstring-conversion -Wthread-safety -Wno-inline-new-delete -Wno-error
=deprecated-declarations -Wno-error=array-bounds -Wno-unknown-warning-
option -Wno-return-type-c-linkage -isysroot /Developer/SDKs/MacOSX10.7.sdk
-fno-exceptions -fno-strict-aliasing -stdlib=libc++ -fno-rtti -ffunction-
sections -fdata-sections -fno-exceptions -fno-math-errno -pthread -pipe -g
-O3 -fomit-frame-pointer -Werror
Configure options
MOZ_AUTOMATION=1 MOZ_CURRENT_PROJECT=x86_64 --target=x86_64-apple-
darwin11.2.0 --enable-application=browser --enable-update-channel=release
--enable-js-shell --with-mozilla-api-keyfile=/builds/mozilla-desktop-
geoloc-api.key --with-google-api-keyfile=/builds/gapi.data --with-ccache
'CC=/builds/slave/m-rel-m64-00000000000000000000/build/src/clang/bin/clang
-arch x86_64'
'CXX=/builds/slave/m-rel-m64-00000000000000000000/build/src/clang/bin/clang++
-arch x86_64'
HOST_CC=/builds/slave/m-rel-m64-00000000000000000000/build/src/clang/bin/clang
HOST_CXX=/builds/slave/m-rel-m64-00000000000000000000/build/src/clang/bin/clang++
LD=ld --enable-rust
RUSTC=/builds/slave/m-rel-m64-00000000000000000000/build/src/rustc/bin/rustc
CARGO=/builds/slave/m-rel-m64-00000000000000000000/build/src/cargo/bin/cargo
MAKE=/usr/bin/make
DSYMUTIL=/builds/slave/m-rel-m64-00000000000000000000/build/src/clang/bin
/llvm-dsymutil --enable-crashreporter --enable-official-branding --enable-
release --enable-verify-mar --with-macos-
sdk=/Developer/SDKs/MacOSX10.7.sdk --with-unify-dist=../i386/dist
}}}
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/21448#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list