The next ESR, version 102, is due in June. I'll change the EV and certificate roots over around that time as usual, but we might also take the opportunity to pull up some of the vendored libraries like zlib, so it might be a somewhat bigger update than it would ordinarily be.
Saturday, April 30, 2022
April patch set for TenFourFox
I've had my hands full with the POWER9 64-bit JIT (a descendant of TenFourFox's 32-bit JIT), but I had a better idea about the lazy image loader workaround in February's drop and got the rest of the maintenance patches down at the same time. These patches include the standard security fixes and updates to timezones, pinned certificates and HSTS, as well as another entry for the ATSUI font blacklist. In addition, a bug in the POWER9 JIT turns out to affect TenFourFox as well (going back to at least TenFourFox 38), which I ported a fix for. It should correct some residual issues with IonPower-NVLE on a few sites, though it may allow code to run that couldn't run before that may have its own issues, of course. A clobber is not required for this update. The commits are already hot and live on Github.
Thursday, February 24, 2022
Next update set available for TenFourFox
Security patches and a couple tweaks have been landed on the TenFourFox Github, so warm up your computers and prepare to rebuild. The security patches mostly cover DOM and media, but the tweaks add a UA exception for YouTube to prevent it forcing you onto the really slow main page from its "unsupported browser" page, as well as a workaround for sites using lazy-loaded images with lozad.js. (I said I scratch my own itches, and these annoyed me personally, so I fixed them.) If you have a custom UA for YouTube in your own settings, it should remain unaffected. There are also the usual updates for the HSTS and TLD lists, and a more complete fix for non-SHA-1 OCSP stapled responses.
The workaround is needed because TenFourFox doesn't support IntersectionObserver. I'm pondering whether this is the point to add a global polyfill to the browser that could potentially cover this and other deficiencies, but although it would be nice to not play whack-a-mole so much, that would have some consequences for performance and memory use over a targetted fix like this. I don't want to get too complex with having a "black list" for sites that need the polyfill you can add to, but maybe that's the least bad option. I'll do some thinking.
In case you missed it, I've always maintained that the most logical upgrade path from a PowerPC-based computer is to ... another PowerPC-based computer. SheepShaver, the well-known classic Mac OS emulator (which many of you use to run Classic apps in Leopard), is now ported to OpenPOWER, so you can run it on a POWER9-based workstation like the Raptor Talos II or Blackbird. Myself, with this port working, I've migrated almost entirely from QEMU to SheepShaver except for a few apps that still have compatibility issues. Come on in: Power ISA isn't dead, not by a long shot.
Sunday, January 2, 2022
Updates to TenFourFox on Github
Happy New Year (I'd like to say nothing can be worse than 2021 was, but I don't want to tempt 2022). Fortunately, we're starting the year off right with new changesets on Github for the TenFourFox rolling release. Besides the periodic updates to TLDs, HSTS and timezone data, these two changesets also fix some security issues, include a minor update to NSS with new support for SHA-2 OCSP stapled responses (thanks to roytam1 for the suggestion), and correct a couple minor Mac OS X-specific widget problems. No clobber is needed for this go-around, so just pull down the changes and gmake -f client.mk build to fresh your installation. If you're new to self-building TenFourFox on your Power Mac (or unsupported Intel Mac), read this recent article.
Friday, December 10, 2021
The strawberry iMac that made the Wikipedia
Back briefly on topic, watch for a dump of security updates in the next few days now that I've made some more progress on the POWER9 JIT for my Raptor Talos II.
Tuesday, November 23, 2021
Do you run Void on your Power Mac?
If so, heads up, because builds for your configuration may be ending soon (along with Void PPC on big-endian platforms generally). If you want this to continue, and you've got the interest, chops or gumption, you can help by becoming a maintainer -- take a look at the Void PPC Github. Most of you are probably running the glibc variant, which will end by January 2023, but if you are running musl-based packages those repos will be taken down by the end of 2021. Don't whine to the maintainer, please: the current matrix is four different repos which all require their own maintenance and builds. Even just 32-bit glibc would probably benefit a whole lot of people and yourself. If this is important to you, there's no time like the present to step up.
Friday, October 29, 2021
The current status of DIY TenFourFox
Due to family and work issues my time has been curtailed for all kinds of things, but at this point, at least, there's something for you to work with: as promised, the TenFourFox source code has been updated to use 91ESR for the certificate and security base and the roots pulled up accordingly. I've also got a few security updates loaded and backported a performance tweak intended for Monterey systems but also yields a small boost on any version of Mac OS X. The browser will now be forever "45.41.6" (ESR32 SPR6) with the perpetual name "Rolling Release." This version number will not be revved again without good reason.
So now it's time for you to make your first build (and, if you feel adventurous, find a problem and try to fix it, but let's take baby steps). Officially, we have documentation for that already using MacPorts. A semi-frozen build of MacPorts what I use on my G5: I have three trees, one being the main testing debug tree which pulls from Github, and then two local subtrees that pull from the local debug tree (created with git clone --shared so that they are about 25% the size) which I use to make rolling G5-optimized (for my Quad) and 7450-optimized (for my iMac and iBook) builds. I do my work in the debug tree and make sure everything functions properly, then check it in and git pull and gmake -f client.mk build in the optimized subtrees to roll up the changes. When the subtrees are happy too, I'll git push from the main debug tree into Github. I consider this as officially supported a solution as presently exists under the circumstances. The Quad runs TenFourFox directly from the G5 subtree now.
However, MacPorts does have a lot of prereqs and requires some additional prep time (sometimes many hours) to build the tools from source. Macintosh Garden has an "unofficial TenFourFox toolkit" that contains an Automator workflow, a supervising script and a fully precompiled toolchain. You will have to install Xcode first (2.5 for Tiger, 3.1.4 for Leopard), but that is the only apparent requirement, and multiple users have reported it builds the browser successfully.
One common problem that gets reported on non-G5 systems is the dreaded internal compiler error. However, when the build is restarted, it usually progresses and continues for awhile without incident. The problem is likely tied to memory pressure and compilers really thrash memory. If your system hits this a lot and starts to annoy you, consider removing -j2 out of the build flags in whatever .mozconfig you're using (change your copy in .mozconfig, not the master *.mozcfg). This will only run one compiler instance at a time, which is slower, but requires less memory and is more likely to complete the build in one shot without manual intervention.
If you really don't want to build it yourself, however, you do have at least one option: InterWebPPC. This is a modified build of TenFourFox that explicitly removes some features for performance, so it is not equivalent with TenFourFox, and it is not necessarily built on any particular schedule either. It also does not have separate G4/7400 and G4/7450 builds, though this may not be noticeable on your particular system. You can download prebuilt binaries for G3, G4 or G5 as well as compile it from source using the "unofficial toolkit" above. I haven't seen other downstream builds yet but if you know of one, plan to make one or are using one, post it in the comments.
There are a couple other security fixes I'm reviewing, and I'm toying with some Github specific hacks to deal with its dependence on async/await, but these again will not be done on any particular timetable (I'll post here when or if I get around to them). Still, some of you have already built the browser successfully, and if you can build TenFourFox on your Power Mac you can build pretty much anything. Perhaps this might spark some additional development interest ...
Sunday, October 3, 2021
TenFourFox FPR32 SPR5 available (the last official build)
TenFourFox Feature Parity Release 32 Security Parity Release 5 "32.5" is available for testing (downloads, hashes). Aside from the announced change with .inetloc and .webloc handling, this release also updates the ATSUI font blacklist and includes the usual security updates. It will go live Monday evening Pacific as usual assuming no issues.
As stated previously, this is the last official build before TenFourFox goes into hobby mode; version checking is therefore disabled in this release since there will be no new official build to check for. I know I keep teasing a future consolidated post about how users who want to continue using it can get or make their own builds, but I want to update the docs and FAQ first, plus actually give you something new to test your build out (in this case it's going to be switching the certificate and security base over to Firefox 91ESR from 78ESR). There are already some options already apart from the official method and we'll discuss those, but if you yourself are gearing up to offer public builds or toolkits, feel free to make this known in the comments. Work is a little hairy this month but I want to get to this in the next couple weeks.
Subscribe to:
Posts (Atom)