MacSurf

Released: 2026-05-29
Verified on: Power Macintosh G3 iMac, Mac OS 9.1
Engine HEAD: fixes315

The headline

macTLS v0.x ran on a documented insecure-stub entropy source. It was the largest known security limitation in 1.0 — the rotate-XOR placeholder lifted from BearSSL's reference scaffolding, sitting in the spot where a real CSPRNG belongs. 1.2 closes that hole. macTLS v1.0 (macEntropy v1.0) replaces it with a SHA-256 accumulator feeding BearSSL's HMAC-DRBG, fed by OT packet-arrival jitter, mouse and key-press timing from the event loop, high-resolution clock samples, and a cold-start seed file persisted across boots.

This is what "production HTTPS" was supposed to mean. 1.0 was the chrome polish release; 1.2 is the security release.

Three pieces in scope

1. macTLS v1.0 (macEntropy v1.0) — hardware-validated on G3 across four separate launches with the Stage E statistical self-test: distinct seed fingerprints per run (94A7251B, 52AB2050, 665DF442, 165814CB), the actual per-run-entropy proof. The pre-1.2 binary was using a rotating XOR seeded only from TickCount(); every TLS handshake on that build shared a predictable seed line. Replaced.
2. POST forms work. Through 1.0 both fetcher API setup functions silently discarded post_urlenc at entry ((void)pu;). Every form POST became a no-op — search forms on results pages, login forms, comment submissions. 1.2 wires the body through; DDG's "search again from the results page" (the canonical #144 repro) now returns fresh results.
3. A working download manager. Through 1.0 clicking a download link either did nothing visible or rendered the binary as HTML. 1.2 implements all four gui_download_table callbacks: NavPutFile save dialog, FSWrite streaming, MIME-mapped Mac type/creator codes, partial-file cleanup on error, and Content-Disposition: attachment detection in the fetcher so Drupal-style sites (mactrove, macintoshgarden) route through download instead of render.

Issues closed since 1.0

• #41 — background-attachment: fixed anchors to viewport in window coords (fixes309)
• #56 — white-space: pre-line collapses internal whitespace runs (fixes307)
• #36 — SVG fill-opacity / stroke-opacity (fixes305 + 305a)
• #143 — <img> HTML width/height verified not reproducing (closed during the lead-in)
• #144 — POST form body wired through both HTTP and HTTPS (fixes312)
• #149 — Content-Disposition: attachment routes to download (fixes313b)
• #150 — HTTPS abort + auto-upgrade FALLBACK crash on DDG (fixes315)

Plus the macTLS chain: macEntropy Stages A → C → B → E → v1.0 → D, tracked in the macTLS repo and tagged macentropy-v1.0.

Full notes

docs/release-notes/MacSurf-1.2.md

Building

Same as 1.0. Clone the repo, open browser/netsurf/frontends/macos9/MacSurf.mcp in CodeWarrior 8 Pro (8.3 update) on the Mac side, choose Build. One project-file note for builders pulling 1.2 onto a 1.0 workspace: desktop/download.c needs to be in MacSurf.mcp (introduced as part of fixes313, provides download_context_create and the four download_context_get_* accessors).