tbb-commits

tbb-commits@lists.torproject.org

1 participants
17967 discussions

[torbutton/master] Add changelog and bump version for 1.6.10.0.
by mikeperry＠torproject.org 05 Jun '14

05 Jun '14

commit c7d0b46de6645d3888f205f6e7ae95b77c153ae6 Author: Mike Perry <mikeperry-git(a)torproject.org> Date: Thu Jun 5 05:08:45 2014 -0700 Add changelog and bump version for 1.6.10.0. --- src/CHANGELOG | 7 +++++++ src/install.rdf | 2 +- 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/src/CHANGELOG b/src/CHANGELOG index edf33dd..dbcf7b3 100644 --- a/src/CHANGELOG +++ b/src/CHANGELOG @@ -1,3 +1,10 @@ +1.6.10.0 + 5 Jun 2014 + * Bug 11510: about:tor should not report success if tor proxy is unreachable + * Bug 11783: Avoid b.webProgress error when double-clicking on New Identity + * Bug 11722: Add hidden pref to force remote Tor check + * Bug 11763: Fix pref dialog double-click race that caused settings to be reset + 1.6.9.0: 25 Apr 2014 * Bug 7439: Improve download warning dialog text. diff --git a/src/install.rdf b/src/install.rdf index 428595d..d4483a3 100644 --- a/src/install.rdf +++ b/src/install.rdf @@ -6,7 +6,7 @@ <em:name>Torbutton</em:name> <em:creator>Mike Perry</em:creator> <em:id>torbutton(a)torproject.org</em:id> - <em:version>1.6.9.0</em:version> + <em:version>1.6.10.0</em:version> <em:homepageURL>https://www.torproject.org/projects/torbrowser.html.en</em:homepageURL> <em:optionsURL>chrome://torbutton/content/preferences.xul</em:optionsURL> <em:iconURL>chrome://torbutton/skin/tor.png</em:iconURL>

1 0

[tor-browser/tor-browser-24.5.0esr-4.x-1] fixup! Randomize HTTP request order and pipeline depth.
by mikeperry＠torproject.org 05 Jun '14

05 Jun '14

commit 90a820bc1619812881eefdc9f9ea35205a5489d2 Author: Mike Perry <mikeperry-git(a)torproject.org> Date: Thu Jun 5 03:48:45 2014 -0700 fixup! Randomize HTTP request order and pipeline depth. Bug 10355 testing: Randomize pipeline depth regardless of aggressive setting. --- netwerk/protocol/http/nsHttpConnectionMgr.cpp | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/netwerk/protocol/http/nsHttpConnectionMgr.cpp b/netwerk/protocol/http/nsHttpConnectionMgr.cpp index a02fe07..931278c 100644 --- a/netwerk/protocol/http/nsHttpConnectionMgr.cpp +++ b/netwerk/protocol/http/nsHttpConnectionMgr.cpp @@ -3198,11 +3198,13 @@ nsConnectionEntry::nsConnectionEntry(nsHttpConnectionInfo *ci) , mPreferIPv6(false) { NS_ADDREF(mConnInfo); + + // Randomize the pipeline depth (3..12) + mGreenDepth = gHttpHandler->GetMaxOptimisticPipelinedRequests() + + rand() % (gHttpHandler->GetMaxPipelinedRequests() + - gHttpHandler->GetMaxOptimisticPipelinedRequests()); + if (gHttpHandler->GetPipelineAggressive()) { - // Randomize the pipeline depth (3..12) - mGreenDepth = gHttpHandler->GetMaxOptimisticPipelinedRequests() - + rand() % (gHttpHandler->GetMaxPipelinedRequests() - - gHttpHandler->GetMaxOptimisticPipelinedRequests()); mPipelineState = PS_GREEN; }

1 0

[tor-browser/tor-browser-24.5.0esr-4.x-1] Bug #9701: Prevent ClipBoardCache from writing to disk.
by mikeperry＠torproject.org 05 Jun '14

05 Jun '14

commit 80fcc83fc269eb5b370700646f12cd0b099f1e3c Author: Michael Schloh von Bennewitz <michael(a)schloh.com> Date: Thu Jun 5 03:53:15 2014 -0700 Bug #9701: Prevent ClipBoardCache from writing to disk. This disables the disk activity entirely. It seems as though there is no reason in to write backup copies of clipboard data to disk, as the clipboard code does not release the related memory upon disk writes anyway. See https://trac.torproject.org/projects/tor/ticket/9701. --- widget/xpwidgets/nsTransferable.cpp | 2 ++ 1 file changed, 2 insertions(+) diff --git a/widget/xpwidgets/nsTransferable.cpp b/widget/xpwidgets/nsTransferable.cpp index 2f15f47..d94ecd9 100644 --- a/widget/xpwidgets/nsTransferable.cpp +++ b/widget/xpwidgets/nsTransferable.cpp @@ -58,6 +58,7 @@ DataStruct::~DataStruct() void DataStruct::SetData ( nsISupports* aData, uint32_t aDataLen ) { +#if 0 // Remove unnecessary disk caching to accommodate https://www.torproject.org/projects/torbrowser/design/#disk-avoidance // Now, check to see if we consider the data to be "too large" if (aDataLen > kLargeDatasetSize) { // if so, cache it to disk instead of memory @@ -66,6 +67,7 @@ DataStruct::SetData ( nsISupports* aData, uint32_t aDataLen ) else NS_WARNING("Oh no, couldn't write data to the cache file"); } +#endif // #if 0 mData = aData; mDataLen = aDataLen;

1 0

[tor-browser/tor-browser-24.5.0esr-1] Bug #9701: Prevent ClipBoardCache from writing to disk.
by mikeperry＠torproject.org 05 Jun '14

05 Jun '14

commit 8088761c016eecba6d3e223fdc2965353577d735 Author: Michael Schloh von Bennewitz <michael(a)schloh.com> Date: Thu Jun 5 03:53:15 2014 -0700 Bug #9701: Prevent ClipBoardCache from writing to disk. This disables the disk activity entirely. It seems as though there is no reason in to write backup copies of clipboard data to disk, as the clipboard code does not release the related memory upon disk writes anyway. See https://trac.torproject.org/projects/tor/ticket/9701. --- widget/xpwidgets/nsTransferable.cpp | 2 ++ 1 file changed, 2 insertions(+) diff --git a/widget/xpwidgets/nsTransferable.cpp b/widget/xpwidgets/nsTransferable.cpp index 2f15f47..d94ecd9 100644 --- a/widget/xpwidgets/nsTransferable.cpp +++ b/widget/xpwidgets/nsTransferable.cpp @@ -58,6 +58,7 @@ DataStruct::~DataStruct() void DataStruct::SetData ( nsISupports* aData, uint32_t aDataLen ) { +#if 0 // Remove unnecessary disk caching to accommodate https://www.torproject.org/projects/torbrowser/design/#disk-avoidance // Now, check to see if we consider the data to be "too large" if (aDataLen > kLargeDatasetSize) { // if so, cache it to disk instead of memory @@ -66,6 +67,7 @@ DataStruct::SetData ( nsISupports* aData, uint32_t aDataLen ) else NS_WARNING("Oh no, couldn't write data to the cache file"); } +#endif // #if 0 mData = aData; mDataLen = aDataLen;

1 0

[tor-browser/tor-browser-24.5.0esr-1] fixup! Randomize HTTP request order and pipeline depth.
by mikeperry＠torproject.org 05 Jun '14

05 Jun '14

commit b938631c83089e7ffe091c1b5ebe47aae45a3509 Author: Mike Perry <mikeperry-git(a)torproject.org> Date: Thu Jun 5 03:48:45 2014 -0700 fixup! Randomize HTTP request order and pipeline depth. Bug 10355 testing: Randomize pipeline depth regardless of aggressive setting. --- netwerk/protocol/http/nsHttpConnectionMgr.cpp | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/netwerk/protocol/http/nsHttpConnectionMgr.cpp b/netwerk/protocol/http/nsHttpConnectionMgr.cpp index a02fe07..931278c 100644 --- a/netwerk/protocol/http/nsHttpConnectionMgr.cpp +++ b/netwerk/protocol/http/nsHttpConnectionMgr.cpp @@ -3198,11 +3198,13 @@ nsConnectionEntry::nsConnectionEntry(nsHttpConnectionInfo *ci) , mPreferIPv6(false) { NS_ADDREF(mConnInfo); + + // Randomize the pipeline depth (3..12) + mGreenDepth = gHttpHandler->GetMaxOptimisticPipelinedRequests() + + rand() % (gHttpHandler->GetMaxPipelinedRequests() + - gHttpHandler->GetMaxOptimisticPipelinedRequests()); + if (gHttpHandler->GetPipelineAggressive()) { - // Randomize the pipeline depth (3..12) - mGreenDepth = gHttpHandler->GetMaxOptimisticPipelinedRequests() - + rand() % (gHttpHandler->GetMaxPipelinedRequests() - - gHttpHandler->GetMaxOptimisticPipelinedRequests()); mPipelineState = PS_GREEN; }

1 0

[torbutton/master] remove obsolete jshooks files
by mikeperry＠torproject.org 05 Jun '14

05 Jun '14

commit 888fed495d12475444747b527663fefaff907753 Author: Arthur Edelstein <arthuredelstein(a)gmail.com> Date: Mon Jun 2 11:14:37 2014 -0700 remove obsolete jshooks files --- src/chrome/content/jshooks.js | 362 --------------------------------------- src/chrome/content/jshooks4.js | 267 ----------------------------- src/chrome/content/torbutton.js | 1 - 3 files changed, 630 deletions(-) diff --git a/src/chrome/content/jshooks.js b/src/chrome/content/jshooks.js deleted file mode 100644 index a47cb5a..0000000 --- a/src/chrome/content/jshooks.js +++ /dev/null @@ -1,362 +0,0 @@ -// Bug 1506 P0: These hooks are only relevant to FF 3.5 and below. - -window.__HookObjects = function() { - if (typeof(window.__tb_hooks_ran) === "boolean") { - return false; - } - - - /* For reference/debugging only: - if(false && window.__tb_set_uagent===true) { - var tmp_oscpu = window.__tb_oscpu; - var tmp_platform = window.__tb_platform; - var tmp_productSub = window.__tb_productSub; - - try { - if(!(window.navigator.__proto__ == null) || - typeof(window.navigator.__defineGetter__) === "function") { - var cE = window.navigator.cookieEnabled; - var lang = window.navigator.language; - var uA = window.navigator.userAgent; - var v = window.navigator.vendor; - var vS = window.navigator.vendorSub; - var jE = window.navigator.javaEnabled; - var pl = new window.Array(); - var mT = new window.Object(); - //var pl = window.navigator.plugins; - //var mT = window.navigator.mimeTypes; - - window.navigator.__defineGetter__("appCodeName", function() { return "Mozilla";}); - window.navigator.__defineGetter__("appName", function() { return "Netscape";}); - window.navigator.__defineGetter__("appVersion", function() { return "5.0";}); - window.navigator.__defineGetter__("buildID", function() { return 0;}); - window.navigator.__defineGetter__("cookieEnabled", function() { return cE;}); - window.navigator.__defineGetter__("language", function() { return lang;}); - window.navigator.__defineGetter__("mimeTypes", function() { return mT;}); - window.navigator.__defineGetter__("onLine", function() { return true;}); - window.navigator.__defineGetter__("oscpu", function() { return tmp_oscpu;}); - window.navigator.__defineGetter__("platform", function() { return tmp_platform;}); - window.navigator.__defineGetter__("plugins", function() { return pl;}); - window.navigator.__defineGetter__("product", function() { return "Gecko";}); - window.navigator.__defineGetter__("productSub", function() { return tmp_productSub;}); - window.navigator.__defineGetter__("securityPolicy", function() { return "";}); - window.navigator.__defineGetter__("userAgent", function() { return uA;}); - window.navigator.__defineGetter__("vendor", function() { return v;}); - window.navigator.__defineGetter__("vendorSub", function() { return vS;}); - window.navigator.__defineGetter__("javaEnabled", function() { return jE;}); - window.navigator.__proto__ = null; - } - } catch(e) { - } - } */ - - - /* Hrmm.. Is it possible this breaks plugin install or other weird shit - for non-windows OS's? */ - if(window.__tb_set_uagent===true) { - var tmp_oscpu = window.__tb_oscpu; - var tmp_platform = window.__tb_platform; - var tmp_productSub = window.__tb_productSub; - var tmp_locale = window.__tb_locale; - - // This is just unreasonable.. Firefox caches - // window.navigator.__proto__ between same-origin loads of a document. - // So this means when we null it out, we lose most of the navigator - // object for subsequent loads. I tried doing the whole-object hooks - // like we do for Date, screen, and history, but it seems to behave - // like Date upon delete, allowing unmasking for that case. Talk about - // rock+hard place. - try { - if(!(window.navigator.__proto__ == null) || - typeof(window.navigator.__defineGetter__) === "function") { - var tmpNav = new window.Object(); - for(var i in window.navigator) { - tmpNav[i] = window.navigator[i]; - - // XPCNative objects are special for some reason. So far, - // all we have are "plugins" and mimeTypes, which - // are empty anyways. Disable them. - //if(tmpNav[i].toString().indexOf("XPCNative") != -1) { - if(i === "plugins" || i === "mimeTypes") { - tmpNav[i] = new Array(); - } - (function() { // crazy scope hack to preserve i - var holder = i; - window.navigator.__defineGetter__(i, function() { return tmpNav[holder];}); - })(); - } - - if(tmp_locale != false) { - window.navigator.__defineGetter__("language", function() { return tmp_locale;}); - } - window.navigator.__defineGetter__("oscpu", function() { return tmp_oscpu;}); - window.navigator.__defineGetter__("productSub", function() { return tmp_productSub;}); - window.navigator.__defineGetter__("buildID", function() { return 0;}); - window.navigator.__proto__ = null; - } - } catch(e) { - } - } - - // No pref for this.. Should be mostly harmless.. - if(true) { - var origHeight = window.innerHeight; - var origWidth = window.innerWidth; - window.__proto__.__defineGetter__("innerHeight", function() { return Math.round(origHeight/50.0)*50;}); - window.__proto__.__defineGetter__("innerWidth", function() { return Math.round(origWidth/50.0)*50;}); - window.__proto__.__defineGetter__("outerWidth", function() { return window.innerWidth;}); - window.__proto__.__defineGetter__("outerHeight", function() { return window.innerHeight;}); - window.__proto__.__defineGetter__("screenX", function() { return 0;}); - window.__proto__.__defineGetter__("screenY", function() { return 0;}); - window.__proto__.__defineGetter__("pageXOffset", function() { return 0;}); - window.__proto__.__defineGetter__("pageYOffset", function() { return 0;}); - - // Wrap in anonymous function to protect scr variables just in case. - (function () { - // We can't define individual getters/setters for window.screen - // for some reason. works in html but not in these hooks.. No idea why - - var scr = new Object(); - var origScr = window.screen; - scr.__defineGetter__("height", function() { return window.innerHeight; }); - scr.__defineGetter__("width", function() { return window.innerWidth; }); - - scr.__defineGetter__("availTop", function() { return 0;}); - scr.__defineGetter__("availLeft", function() { return 0;}); - - scr.__defineGetter__("top", function() { return 0;}); - scr.__defineGetter__("left", function() { return 0;}); - - scr.__defineGetter__("availHeight", function() { return window.innerHeight;}); - scr.__defineGetter__("availWidth", function() { return window.innerWidth;}); - - scr.__defineGetter__("colorDepth", function() { return origScr.colorDepth;}); - scr.__defineGetter__("pixelDepth", function() { return origScr.pixelDepth;}); - - scr.__defineGetter__("availTop", function() { return 0;}); - scr.__defineGetter__("availLeft", function() { return 0;}); - - window.__defineGetter__("screen", function() { return scr; }); - window.__defineSetter__("screen", function(a) { return; }); - window.__proto__.__defineGetter__("screen", function() { return scr; }); - - // Needed for Firefox bug 418983: - with(window) { - var screen = scr; - } - - })(); - - } - - - if(window.__tb_hook_date == true) { // don't feel like indenting this - - /* Timezone fix for http://gemal.dk/browserspy/css.html */ - var reparseDate = function(d, str) { - /* Rules: - * - If they specify a timezone, it is converted to local - * time. All getter fucntions then convert properly to - * UTC. No mod needed. - * - If they specify UTC timezone, then it is converted - * to local time. All getter functions then convert back. - * No mod needed. - * - If they specify NO timezone, it is local time. - * The UTC conversion then reveals the offset. Fix. - */ - - /* Step 1: Remove everything inside ()'s (they are "comments") */ - var s = str.toLowerCase(); - var re = new RegExp('\$.*\$', "gm"); - s = s.replace(re, ""); - - /* Step 2: Look for +/-. If found, do nothing */ - if(s.indexOf("+") == -1 && s.indexOf("-") == -1) { - /* Step 3: Look for timezone string from - * http://lxr.mozilla.org/seamonkey/source/js/src/jsdate.c - */ - if(s.indexOf(" gmt") == -1 && s.indexOf(" ut") == -1 && - s.indexOf(" est") == -1 && s.indexOf(" edt") == -1 && - s.indexOf(" cst") == -1 && s.indexOf(" cdt") == -1 && - s.indexOf(" mst") == -1 && s.indexOf(" mdt") == -1 && - s.indexOf(" pst") == -1 && s.indexOf(" pdt")) { - /* No timezone specified. Adjust. */ - d.setTime(d.getTime()-(d.getTimezoneOffset()*60000)); - } - } - } - - var origDate = window.Date; - var newDate = function() { - /* DO NOT make 'd' a member! EvilCode will use it! */ - var d; - var a = arguments; - /* apply doesn't seem to work for constructors :( */ - if(arguments.length == 0) d=new origDate(); - if(arguments.length == 1) d=new origDate(a[0]); - if(arguments.length == 3) d=new origDate(a[0],a[1],a[2]); - if(arguments.length == 4) d=new origDate(a[0],a[1],a[2],a[3]); - if(arguments.length == 5) d=new origDate(a[0],a[1],a[2],a[3],a[4]); - if(arguments.length == 6) d=new origDate(a[0],a[1],a[2],a[3],a[4],a[5]); - if(arguments.length == 7) d=new origDate(a[0],a[1],a[2],a[3],a[4],a[5],a[6]); - if(arguments.length > 7) d=new origDate(); - - if(arguments.length > 0) { - if((arguments.length == 1) && typeof(a[0]) == "string") { - reparseDate(d,a[0]); - } else if(arguments.length > 1) { - /* Numerical value. No timezone given, adjust. */ - d.setTime(d.getTime()-(d.getTimezoneOffset()*60000)); - } - } - - // XXX: the native valueOf seems to sometimes return toString and - // sometimes return getTime depending on context (which we can't detect) - // It seems as though we can't win here.. - window.Date.prototype.valueOf=function(){return d.getTime()}; - window.Date.prototype.getTime=function(){return d.getTime();} /* UTC already */ - window.Date.prototype.getFullYear=function(){return d.getUTCFullYear();} - window.Date.prototype.getYear=function() {return d.getYear();} - window.Date.prototype.getMonth=function(){return d.getUTCMonth();} - window.Date.prototype.getDate=function() {return d.getUTCDate();} - window.Date.prototype.getDay=function() {return d.getUTCDay();} - window.Date.prototype.getHours=function(){return d.getUTCHours();} - window.Date.prototype.getMinutes=function(){return d.getUTCMinutes();} - window.Date.prototype.getSeconds=function(){return d.getUTCSeconds();} - window.Date.prototype.getMilliseconds=function(){return d.getUTCMilliseconds();} - window.Date.prototype.getTimezoneOffset=function(){return 0;} - - window.Date.prototype.setTime = - function(x) {return d.setTime(x);} - window.Date.prototype.setFullYear=function(x){return d.setUTCFullYear(x);} - window.Date.prototype.setYear=function(x){return d.setYear(x);} - window.Date.prototype.setMonth=function(x){return d.setUTCMonth(x);} - window.Date.prototype.setDate=function(x){return d.setUTCDate(x);} - window.Date.prototype.setDay=function(x){return d.setUTCDay(x);} - window.Date.prototype.setHours=function(x){return d.setUTCHours(x);} - window.Date.prototype.setMinutes=function(x){return d.setUTCMinutes(x);} - window.Date.prototype.setSeconds=function(x){return d.setUTCSeconds(x);} - window.Date.prototype.setMilliseconds= - function(x) {return d.setUTCMilliseconds(x);} - - window.Date.prototype.getUTCFullYear=function(){return d.getUTCFullYear();} - window.Date.prototype.getUTCMonth=function(){return d.getUTCMonth();} - window.Date.prototype.getUTCDate=function() {return d.getUTCDate();} - window.Date.prototype.getUTCDay=function() {return d.getUTCDay();} - window.Date.prototype.getUTCHours=function(){return d.getUTCHours();} - window.Date.prototype.getUTCMinutes=function(){return d.getUTCMinutes();} - window.Date.prototype.getUTCSeconds=function(){return d.getUTCSeconds();} - window.Date.prototype.getUTCMilliseconds= - function(){return d.getUTCMilliseconds();} - - window.Date.prototype.setUTCFullYear=function(x){return d.setUTCFullYear(x);} - window.Date.prototype.setUTCMonth=function(x){return d.setUTCMonth(x);} - window.Date.prototype.setUTCDate=function(x){return d.setUTCDate(x);} - window.Date.prototype.setUTCDay=function(x){return d.setUTCDay(x);} - window.Date.prototype.setUTCHours=function(x){return d.setUTCHours(x);} - window.Date.prototype.setUTCMinutes=function(x){return d.setUTCMinutes(x);} - window.Date.prototype.setUTCSeconds=function(x){return d.setUTCSeconds(x);} - window.Date.prototype.setUTCMilliseconds= - function(x) {return d.setUTCMilliseconds(x);} - - window.Date.prototype.toUTCString=function(){return d.toUTCString();} - window.Date.prototype.toGMTString=function(){return d.toGMTString();} - window.Date.prototype.toString=function(){return d.toUTCString();} - window.Date.prototype.toLocaleString=function(){return d.toUTCString();} - - /* Fuck 'em if they can't take a joke: */ - window.Date.prototype.toLocaleTimeString=function(){return d.toUTCString();} - window.Date.prototype.toLocaleDateString=function(){return d.toUTCString();} - window.Date.prototype.toDateString=function(){return d.toUTCString();} - window.Date.prototype.toTimeString=function(){return d.toUTCString();} - - /* Hack to solve the problem of multiple date objects - * all sharing the same lexically scoped d every time a new one is - * created. This hack creates a fresh new prototype reference for - * the next object to use with a different d binding. - * It doesn't break stuff because at the start of this function, - * the interpreter grabbed a reference to Date.prototype. During - * this function we modified Date.prototype to create the new methods - * with the lexically scoped d reference. - */ - - // valueOf gets called for implicit string conversion?? - window.Date.prototype = window.eval(window.Object.prototype.toSource()); - return d.toUTCString(); - } - - // Need to do this madness so that we use the window's notion of Function - // for the constructor. If this is not done, then changes to Function - // and Object in the real window are not propogated to Date (for example, - // to extend the Date class with extra functions via a generic inheritance - // framework added onto Object - this is done by livejournal and others) - var newWrappedDate = window.eval("function() { return newDate(); }"); - - newWrappedDate.parse=function(s) { - var d = new origDate(s); - if(typeof(s) == "string") reparseDate(d, s); - return d.getTime(); - } - - newWrappedDate.now=function(){return origDate.now();} - newWrappedDate.UTC=function(){return origDate.apply(origDate, arguments); } - - // d = new Date(); - // d.__proto__ === Date.prototype - // d.constructor === Date - // d.__proto__ === d.constructor.prototype - // Date.prototype.__proto__ === Date.prototype.constructor.prototype - // window.__proto__ === Window.prototypea - - // XXX: This is still not enough.. But at least we get to claim the - // unmasking is violating ECMA-262 by allowing the deletion of var's - // (FF Bug 419598) - with(window) { - var Date = newWrappedDate; - } - - } // window.__tb_hook_date == true - - with(window) { - XPCNativeWrapper = function(a) { return a; }; - } - with(window.__proto__) { - XPCNativeWrapper = function(a) { return a; }; - } - - // Gain access to the implict global object (which interestingly claims - // to be a 'Window' but is not the same class as 'window'...) and - // hide XPCNativeWrapper there. - // This seems no longer necessary in FF2.0.0.13+, and may break FF3? - //with(window.valueOf.call().__proto__) { - // XPCNativeWrapper = function(a) { return a; }; - //} - - // FIXME: Commenting this may open us to unmasking, but allows the hooks to - // work on FF4. Since we lost the bulletproof resolution masking battle to - // CSS3 anyways, let's just do what we can. - //window.__proto__ = null; // Prevent delete from unmasking our properties. - return true; -} - -if (typeof(window.__HookObjects) != "undefined") { - var res = 23; - - if(!window.__HookObjects()) { - res = 13; - } - - window.__HookObjects = undefined; - delete window['__HookObjects']; - delete window['__CheckFlag']; - delete window['__tb_set_uagent']; - delete window['__tb_oscpu']; - delete window['__tb_platform']; - delete window['__tb_productSub']; - - window.__tb_hooks_ran = true; - - res; // Secret result code. -} else { - 42; -} diff --git a/src/chrome/content/jshooks4.js b/src/chrome/content/jshooks4.js deleted file mode 100644 index c15e5c5..0000000 --- a/src/chrome/content/jshooks4.js +++ /dev/null @@ -1,267 +0,0 @@ -// Bug 1506 P1: We're almost certainly going to replace this stuff with direct -// patches of the JS VM. - -window.__HookObjects = function() { - if (typeof(window.__tb_hooks_ran) === "boolean") { - return false; - } - - // No pref for this.. Should be mostly harmless.. - if(true) { - // Wrap in anonymous function to protect scr variables just in case. - (function () { - var origHeight = window.innerHeight; - var origWidth = window.innerWidth; - - Object.defineProperty(window.__proto__, "innerWidth", - {get: function() { return Math.round(origWidth/50.0)*50;}, - configurable: false}); - Object.defineProperty(window.__proto__, "innerHeight", - {get: function() { return Math.round(origHeight/50.0)*50;}, - configurable: false}); - Object.defineProperty(window.__proto__, "outerWidth", - {get: function() { return Math.round(origWidth/50.0)*50;}, - configurable: false}); - Object.defineProperty(window.__proto__, "outerHeight", - {get: function() { return Math.round(origHeight/50.0)*50;}, - configurable: false}); - Object.defineProperty(window.__proto__, "screenX", - {get: function() { return 0;}, - configurable: false}); - Object.defineProperty(window.__proto__, "screenY", - {get: function() { return 0;}, - configurable: false}); - Object.defineProperty(MouseEvent.prototype, "screenX", - {get: function() { return this.clientX;}, - configurable: false}); - Object.defineProperty(MouseEvent.prototype, "screenY", - {get: function() { return this.clientY;}, - configurable: false}); - - // We can't define individual getters/setters for window.screen - // for some reason. works in html but not in these hooks.. No idea why - - var scr = new Object(); - var origScr = window.screen; - scr.__defineGetter__("height", function() { return window.innerHeight; }); - scr.__defineGetter__("width", function() { return window.innerWidth; }); - - scr.__defineGetter__("availTop", function() { return 0;}); - scr.__defineGetter__("availLeft", function() { return 0;}); - - scr.__defineGetter__("top", function() { return 0;}); - scr.__defineGetter__("left", function() { return 0;}); - - scr.__defineGetter__("availHeight", function() { return window.innerHeight;}); - scr.__defineGetter__("availWidth", function() { return window.innerWidth;}); - - scr.__defineGetter__("colorDepth", function() { return origScr.colorDepth;}); - scr.__defineGetter__("pixelDepth", function() { return origScr.pixelDepth;}); - - scr.__defineGetter__("availTop", function() { return 0;}); - scr.__defineGetter__("availLeft", function() { return 0;}); - - Object.defineProperty(window.__proto__, "screen", - {get: function() { return scr;}, - configurable: false}); - - })(); - - } - - if(window.__tb_hook_date == true) { // don't feel like indenting this - // XXX: events should not have timeStamp, unless they are of type MozBeforePaint? - - /* Timezone fix for http://gemal.dk/browserspy/css.html */ - var reparseDate = function(d, str) { - /* Rules: - * - If they specify a timezone, it is converted to local - * time. All getter fucntions then convert properly to - * UTC. No mod needed. - * - If they specify UTC timezone, then it is converted - * to local time. All getter functions then convert back. - * No mod needed. - * - If they specify NO timezone, it is local time. - * The UTC conversion then reveals the offset. Fix. - */ - - /* Step 1: Remove everything inside ()'s (they are "comments") */ - var s = str.toLowerCase(); - var re = new RegExp('\$.*\$', "gm"); - s = s.replace(re, ""); - - /* Step 2: Look for +/-. If found, do nothing */ - if(s.indexOf("+") == -1 && s.indexOf("-") == -1) { - /* Step 3: Look for timezone string from - * http://lxr.mozilla.org/seamonkey/source/js/src/jsdate.c - */ - if(s.indexOf(" gmt") == -1 && s.indexOf(" ut") == -1 && - s.indexOf(" est") == -1 && s.indexOf(" edt") == -1 && - s.indexOf(" cst") == -1 && s.indexOf(" cdt") == -1 && - s.indexOf(" mst") == -1 && s.indexOf(" mdt") == -1 && - s.indexOf(" pst") == -1 && s.indexOf(" pdt")) { - /* No timezone specified. Adjust. */ - d.setTime(d.getTime()-(d.getTimezoneOffset()*60000)); - } - } - } - - // XXX: Each origin should have its own unique offset from the real date - // XXX: Subsequent calls to the ms timer should be monotonically increasing, but randomized - - var origDate = window.Date; - var newDate = function() { - /* DO NOT make 'd' a member! EvilCode will use it! */ - var d; - var a = arguments; - /* apply doesn't seem to work for constructors :( */ - if(arguments.length == 0) d=new origDate(); - if(arguments.length == 1) d=new origDate(a[0]); - if(arguments.length == 3) d=new origDate(a[0],a[1],a[2]); - if(arguments.length == 4) d=new origDate(a[0],a[1],a[2],a[3]); - if(arguments.length == 5) d=new origDate(a[0],a[1],a[2],a[3],a[4]); - if(arguments.length == 6) d=new origDate(a[0],a[1],a[2],a[3],a[4],a[5]); - if(arguments.length == 7) d=new origDate(a[0],a[1],a[2],a[3],a[4],a[5],a[6]); - if(arguments.length > 7) d=new origDate(); - - if(arguments.length > 0) { - if((arguments.length == 1) && typeof(a[0]) == "string") { - reparseDate(d,a[0]); - } else if(arguments.length > 1) { - /* Numerical value. No timezone given, adjust. */ - d.setTime(d.getTime()-(d.getTimezoneOffset()*60000)); - } - } - - // XXX: the native valueOf seems to sometimes return toString and - // sometimes return getTime depending on context (which we can't detect) - // It seems as though we can't win here.. - window.Date.prototype.valueOf=function(){return d.getTime()}; - window.Date.prototype.getTime=function(){return d.getTime();} /* UTC already */ - window.Date.prototype.getFullYear=function(){return d.getUTCFullYear();} - window.Date.prototype.getYear=function() {return d.getYear();} - window.Date.prototype.getMonth=function(){return d.getUTCMonth();} - window.Date.prototype.getDate=function() {return d.getUTCDate();} - window.Date.prototype.getDay=function() {return d.getUTCDay();} - window.Date.prototype.getHours=function(){return d.getUTCHours();} - window.Date.prototype.getMinutes=function(){return d.getUTCMinutes();} - window.Date.prototype.getSeconds=function(){return d.getUTCSeconds();} - window.Date.prototype.getMilliseconds=function(){return d.getUTCMilliseconds();} - window.Date.prototype.getTimezoneOffset=function(){return 0;} - - window.Date.prototype.setTime = - function(x) {return d.setTime(x);} - window.Date.prototype.setFullYear=function(x){return d.setUTCFullYear(x);} - window.Date.prototype.setYear=function(x){return d.setYear(x);} - window.Date.prototype.setMonth=function(x){return d.setUTCMonth(x);} - window.Date.prototype.setDate=function(x){return d.setUTCDate(x);} - window.Date.prototype.setDay=function(x){return d.setUTCDay(x);} - window.Date.prototype.setHours=function(x){return d.setUTCHours(x);} - window.Date.prototype.setMinutes=function(x){return d.setUTCMinutes(x);} - window.Date.prototype.setSeconds=function(x){return d.setUTCSeconds(x);} - window.Date.prototype.setMilliseconds= - function(x) {return d.setUTCMilliseconds(x);} - - window.Date.prototype.getUTCFullYear=function(){return d.getUTCFullYear();} - window.Date.prototype.getUTCMonth=function(){return d.getUTCMonth();} - window.Date.prototype.getUTCDate=function() {return d.getUTCDate();} - window.Date.prototype.getUTCDay=function() {return d.getUTCDay();} - window.Date.prototype.getUTCHours=function(){return d.getUTCHours();} - window.Date.prototype.getUTCMinutes=function(){return d.getUTCMinutes();} - window.Date.prototype.getUTCSeconds=function(){return d.getUTCSeconds();} - window.Date.prototype.getUTCMilliseconds= - function(){return d.getUTCMilliseconds();} - - window.Date.prototype.setUTCFullYear=function(x){return d.setUTCFullYear(x);} - window.Date.prototype.setUTCMonth=function(x){return d.setUTCMonth(x);} - window.Date.prototype.setUTCDate=function(x){return d.setUTCDate(x);} - window.Date.prototype.setUTCDay=function(x){return d.setUTCDay(x);} - window.Date.prototype.setUTCHours=function(x){return d.setUTCHours(x);} - window.Date.prototype.setUTCMinutes=function(x){return d.setUTCMinutes(x);} - window.Date.prototype.setUTCSeconds=function(x){return d.setUTCSeconds(x);} - window.Date.prototype.setUTCMilliseconds= - function(x) {return d.setUTCMilliseconds(x);} - - window.Date.prototype.toUTCString=function(){return d.toUTCString();} - window.Date.prototype.toGMTString=function(){return d.toGMTString();} - window.Date.prototype.toString=function(){return d.toUTCString();} - window.Date.prototype.toLocaleString=function(){return d.toUTCString();} - - /* Fuck 'em if they can't take a joke: */ - window.Date.prototype.toLocaleTimeString=function(){return d.toUTCString();} - window.Date.prototype.toLocaleDateString=function(){return d.toUTCString();} - window.Date.prototype.toDateString=function(){return d.toUTCString();} - window.Date.prototype.toTimeString=function(){return d.toUTCString();} - - /* Hack to solve the problem of multiple date objects - * all sharing the same lexically scoped d every time a new one is - * created. This hack creates a fresh new prototype reference for - * the next object to use with a different d binding. - * It doesn't break stuff because at the start of this function, - * the interpreter grabbed a reference to Date.prototype. During - * this function we modified Date.prototype to create the new methods - * with the lexically scoped d reference. - */ - - // valueOf gets called for implicit string conversion?? - window.Date.prototype = window.eval(window.Object.prototype.toSource()); - return d.toUTCString(); - } - - // Need to do this madness so that we use the window's notion of Function - // for the constructor. If this is not done, then changes to Function - // and Object in the real window are not propogated to Date (for example, - // to extend the Date class with extra functions via a generic inheritance - // framework added onto Object - this is done by livejournal and others) - var newWrappedDate = window.eval("function() { return newDate(); }"); - - newWrappedDate.parse=function(s) { - var d = new origDate(s); - if(typeof(s) == "string") reparseDate(d, s); - return d.getTime(); - } - - newWrappedDate.now=function(){return origDate.now();} - newWrappedDate.UTC=function(){return origDate.apply(origDate, arguments); } - - // d = new Date(); - // d.__proto__ === Date.prototype - // d.constructor === Date - // d.__proto__ === d.constructor.prototype - // Date.prototype.__proto__ === Date.prototype.constructor.prototype - // window.__proto__ === Window.prototypea - - Object.defineProperty(window.__proto__, "Date", - {get: function() { return newWrappedDate;}, - configurable: false}); - - } // window.__tb_hook_date == true - - //Object.defineProperty(window.Components.__proto__, "lookupMethod", - // {get: function() { return function (a,b) { return function() { return a[b]; }; };}, - // configurable: false}); - - return true; -} - -if (typeof(window.__HookObjects) != "undefined") { - var res = 23; - - if(!window.__HookObjects()) { - res = 13; - } - - window.__HookObjects = undefined; - delete window['__HookObjects']; - delete window['__CheckFlag']; - delete window['__tb_set_uagent']; - delete window['__tb_oscpu']; - delete window['__tb_platform']; - delete window['__tb_productSub']; - - window.__tb_hooks_ran = true; - - res; // Secret result code. -} else { - 42; -} diff --git a/src/chrome/content/torbutton.js b/src/chrome/content/torbutton.js index ee49ae4..589e7c5 100644 --- a/src/chrome/content/torbutton.js +++ b/src/chrome/content/torbutton.js @@ -21,7 +21,6 @@ const k_tb_tor_check_failed_topic = "Torbutton:TorCheckFailed"; // status var m_tb_wasinited = false; var m_tb_prefs = false; -var m_tb_jshooks = false; var m_tb_plugin_string = false; var m_tb_is_main_window = false; var m_tb_hidden_browser = false;

1 0

[torbutton/master] Fix #12172: Enhance makepkg.sh to create the pkg directory if doesn't already exist
by mikeperry＠torproject.org 05 Jun '14

05 Jun '14

commit 4af89e0cace0d638d6793a6d8fecd475e263d693 Author: Arthur Edelstein <arthuredelstein(a)gmail.com> Date: Mon Jun 2 11:40:31 2014 -0700 Fix #12172: Enhance makepkg.sh to create the pkg directory if doesn't already exist --- makexpi.sh | 2 ++ 1 file changed, 2 insertions(+) diff --git a/makexpi.sh b/makexpi.sh index 580bcf5..4d01e2c 100755 --- a/makexpi.sh +++ b/makexpi.sh @@ -17,6 +17,8 @@ cd ../.. # create .xpi echo ---------- create $APP_NAME.xpi ---------- +# create the pkg directory if it doesn't exist yet +mkdir -p pkg cd src echo zip -X -9r ../pkg/$XPI_NAME ./ -x "chrome/*" -x "*.diff" -x "*.svn/*" zip -X -9r ../pkg/$XPI_NAME ./ -x "*.svn/*" -x "*.diff" -x "components/torRefSpoofer.js" #-x "chrome/*"

1 0

[tor-browser-bundle/master] Bug 11630: Make rules.sqlite deterministic.
by gk＠torproject.org 05 Jun '14

05 Jun '14

commit d7dc1e0781aa2735e6ed98d68fed9f54f1c2a374 Author: Georg Koppen <gk(a)torproject.org> Date: Thu Jun 5 12:18:29 2014 +0000 Bug 11630: Make rules.sqlite deterministic. It turned out that the rules.sqlite file got already deterministic by running VACUUM before closing the connection. The different bytes in some meta data were due to having an old rules.sqlite in src/defaults. SQLite takes the values found there as the starting point and increments them during the new run of the makexpi script. --- gitian/descriptors/linux/gitian-bundle.yml | 11 +++++------ gitian/descriptors/mac/gitian-bundle.yml | 9 ++++----- gitian/descriptors/windows/gitian-bundle.yml | 11 +++++------ gitian/fetch-inputs.sh | 6 ++---- gitian/verify-tags.sh | 2 +- gitian/versions | 6 +----- gitian/versions.alpha | 6 +----- gitian/versions.beta | 6 +----- gitian/versions.nightly | 4 ---- 9 files changed, 20 insertions(+), 41 deletions(-) diff --git a/gitian/descriptors/linux/gitian-bundle.yml b/gitian/descriptors/linux/gitian-bundle.yml index 8543a33..c96d950 100644 --- a/gitian/descriptors/linux/gitian-bundle.yml +++ b/gitian/descriptors/linux/gitian-bundle.yml @@ -41,7 +41,6 @@ files: - "linux-skeleton.zip" - "linux-langpacks.zip" - "noscript(a)noscript.net.xpi" -- "https-everywhere(a)eff.org.xpi" - "dzip.sh" - "dtar.sh" - "bare-version" @@ -89,13 +88,13 @@ script: | ~/build/dzip.sh ../../../tor-browser/Browser/TorBrowser/Data/Browser/profile.default/extensions/torbutton(a)torproject.org.xpi . cd ../../../ # - #cd https-everywhere + cd https-everywhere # XXX: Bloody hack to workaround a bug in HTTPS_E's git hash extraction in # makexpi.sh. See https://trac.torproject.org/projects/tor/ticket/10066 - #rm -f .git/refs/heads/master - #./makexpi.sh - #cp pkg/*.xpi ../tor-browser/Browser/TorBrowser/Data/Browser/profile.default/extensions/https-everywhere(a)eff.org.xpi - #cd .. + rm -f .git/refs/heads/master + ./makexpi.sh + cp pkg/*.xpi ../tor-browser/Browser/TorBrowser/Data/Browser/profile.default/extensions/https-everywhere(a)eff.org.xpi + cd .. # cp *.xpi tor-browser/Browser/TorBrowser/Data/Browser/profile.default/extensions/ cd tor-browser/Browser/TorBrowser/Data/Browser/profile.default/extensions diff --git a/gitian/descriptors/mac/gitian-bundle.yml b/gitian/descriptors/mac/gitian-bundle.yml index d959d82..1e3649b 100644 --- a/gitian/descriptors/mac/gitian-bundle.yml +++ b/gitian/descriptors/mac/gitian-bundle.yml @@ -40,7 +40,6 @@ files: - "dmg-desktop.tar.xz" - "mac-langpacks.zip" - "noscript(a)noscript.net.xpi" -- "https-everywhere(a)eff.org.xpi" - "dzip.sh" - "ddmg.sh" - "libdmg.patch" @@ -95,12 +94,12 @@ script: | ~/build/dzip.sh ../../../$TORBROWSER_NAME.app/TorBrowser/Data/Browser/profile.default/extensions/torbutton(a)torproject.org.xpi . cd ../../../ # - # cd https-everywhere + cd https-everywhere # XXX: Bloody hack to workaround a bug in HTTPS_E's git hash extraction in # makexpi.sh. See https://trac.torproject.org/projects/tor/ticket/10066 - # rm -f .git/refs/heads/master - # ./makexpi.sh - # cp pkg/*.xpi ../$TORBROWSER_NAME.app/TorBrowser/Data/Browser/profile.default/extensions/https-everywhere(a)eff.org.xpi + rm -f .git/refs/heads/master + ./makexpi.sh + cp pkg/*.xpi ../$TORBROWSER_NAME.app/TorBrowser/Data/Browser/profile.default/extensions/https-everywhere(a)eff.org.xpi # cd .. # cp *.xpi ./$TORBROWSER_NAME.app/TorBrowser/Data/Browser/profile.default/extensions/ diff --git a/gitian/descriptors/windows/gitian-bundle.yml b/gitian/descriptors/windows/gitian-bundle.yml index 8f21b3b..f4cbf9c 100644 --- a/gitian/descriptors/windows/gitian-bundle.yml +++ b/gitian/descriptors/windows/gitian-bundle.yml @@ -36,7 +36,6 @@ files: - "windows-skeleton.zip" - "win32-langpacks.zip" - "noscript(a)noscript.net.xpi" -- "https-everywhere(a)eff.org.xpi" - "dzip.sh" - "bare-version" - "bundle.inputs" @@ -78,13 +77,13 @@ script: | ~/build/dzip.sh ../../../tbb-windows-installer/"Tor Browser"/Browser/TorBrowser/Data/Browser/profile.default/extensions/torbutton(a)torproject.org.xpi . cd ../../../ # - #cd https-everywhere + cd https-everywhere # XXX: Bloody hack to workaround a bug in HTTPS_E's git hash extraction in # makexpi.sh. See https://trac.torproject.org/projects/tor/ticket/10066 - #rm -f .git/refs/heads/master - #./makexpi.sh - #cp ./pkg/*.xpi ../tbb-windows-installer/"Tor Browser"/Browser/TorBrowser/Data/Browser/profile.default/extensions/https-everywhere(a)eff.org.xpi - #cd .. + rm -f .git/refs/heads/master + ./makexpi.sh + cp ./pkg/*.xpi ../tbb-windows-installer/"Tor Browser"/Browser/TorBrowser/Data/Browser/profile.default/extensions/https-everywhere(a)eff.org.xpi + cd .. # cp *.xpi tbb-windows-installer/"Tor Browser"/Browser/TorBrowser/Data/Browser/profile.default/extensions cd tbb-windows-installer/"Tor Browser"/Browser/TorBrowser/Data/Browser/profile.default/extensions diff --git a/gitian/fetch-inputs.sh b/gitian/fetch-inputs.sh index 34e8727..39c1608 100755 --- a/gitian/fetch-inputs.sh +++ b/gitian/fetch-inputs.sh @@ -208,9 +208,8 @@ done cd .. -# NoScript and HTTPS-Everywhere are magikal and special: +# NoScript is magikal and special: wget -U "" -N ${NOSCRIPT_URL} -wget -U "" -N ${HTTPSE_URL} # So is mingw: if [ ! -f mingw-w64-svn-snapshot.zip ]; @@ -229,7 +228,7 @@ fi # Verify packages with weak or no signatures via direct sha256 check # (OpenSSL is signed with MD5, and OSXSDK is not signed at all) -for i in OSXSDK TOOLCHAIN4 TOOLCHAIN4_OLD NOSCRIPT HTTPSE MINGW MSVCR100 PYCRYPTO ARGPARSE PYYAML ZOPEINTERFACE TWISTED M2CRYPTO SETUPTOOLS OPENSSL GMP PARSLEY +for i in OSXSDK TOOLCHAIN4 TOOLCHAIN4_OLD NOSCRIPT MINGW MSVCR100 PYCRYPTO ARGPARSE PYYAML ZOPEINTERFACE TWISTED M2CRYPTO SETUPTOOLS OPENSSL GMP PARSLEY do PACKAGE="${i}_PACKAGE" HASH="${i}_HASH" @@ -265,7 +264,6 @@ done cd .. ln -sf "$NOSCRIPT_PACKAGE" noscript(a)noscript.net.xpi -ln -sf "$HTTPSE_PACKAGE" https-everywhere(a)eff.org.xpi ln -sf "$OPENSSL_PACKAGE" openssl.tar.gz ln -sf "$BINUTILS_PACKAGE" binutils.tar.bz2 ln -sf "$GCC_PACKAGE" gcc.tar.bz2 diff --git a/gitian/verify-tags.sh b/gitian/verify-tags.sh index 324a27a..4367e13 100755 --- a/gitian/verify-tags.sh +++ b/gitian/verify-tags.sh @@ -132,7 +132,7 @@ done # Verify packages with weak or no signatures via direct sha256 check # (OpenSSL is signed with MD5, and OSXSDK is not signed at all) -for i in OSXSDK TOOLCHAIN4 TOOLCHAIN4_OLD NOSCRIPT HTTPSE MINGW MSVCR100 PYCRYPTO ARGPARSE PYYAML ZOPEINTERFACE TWISTED M2CRYPTO SETUPTOOLS OPENSSL GMP PARSLEY +for i in OSXSDK TOOLCHAIN4 TOOLCHAIN4_OLD NOSCRIPT MINGW MSVCR100 PYCRYPTO ARGPARSE PYYAML ZOPEINTERFACE TWISTED M2CRYPTO SETUPTOOLS OPENSSL GMP PARSLEY do PACKAGE="${i}_PACKAGE" HASH="${i}_HASH" diff --git a/gitian/versions b/gitian/versions index d37a117..1f74a48 100755 --- a/gitian/versions +++ b/gitian/versions @@ -10,7 +10,7 @@ TORBROWSER_TAG=bug11641 TOR_TAG=tor-0.2.4.22 TORLAUNCHER_TAG=bug11641 TORBUTTON_TAG=1.6.9.0 -HTTPSE_TAG=3.4.5 # XXX: HTTPSE_VER is used instead, pending #11630 +HTTPSE_TAG=3.5.1 NSIS_TAG=bug11641 ZLIB_TAG=v1.2.8 LIBEVENT_TAG=release-2.0.21-stable @@ -41,13 +41,11 @@ PY2EXE_VER=0.6.9 SETUPTOOLS_VER=1.4 LXML_VER=3.3.5 PARSLEY_VER=1.2 -HTTPSE_VER=3.5.1 ## File names for the source packages OPENSSL_PACKAGE=openssl-${OPENSSL_VER}.tar.gz GMP_PACKAGE=gmp-${GMP_VER}.tar.bz2 NOSCRIPT_PACKAGE=noscript_security_suite-2.6.8.22-sm+fx+fn.xpi -HTTPSE_PACKAGE=https-everywhere-${HTTPSE_VER}.xpi TOOLCHAIN4_PACKAGE=x86_64-apple-darwin10.tar.xz TOOLCHAIN4_OLD_PACKAGE=multiarch-darwin11-cctools127.2-gcc42-5666.3-llvmgcc42-2336.1-Linux-120724.tar.xz OSXSDK_PACKAGE=apple-uni-sdk-10.6_20110407-0.flosoft1_i386.deb @@ -75,7 +73,6 @@ OSXSDK_HASH=6602d8d5ddb371fbc02e2a5967d9bd0cd7358d46f9417753c8234b923f2ea6fc TOOLCHAIN4_HASH=7b71bfe02820409b994c5c33a7eab81a81c72550f5da85ff7af70da3da244645 TOOLCHAIN4_OLD_HASH=65c1b2d302358a6b95a26c6828a66908a199276193bb0b268f2dcc1a997731e9 NOSCRIPT_HASH=5ec75d2f6fbf3ff7950a8eea2c7878d887ed3916aa89f99ec76b322b1e140c08 -HTTPSE_HASH=62ac6560bb224a8f5557722153a72fb245b30b345940c537423bfbb7d8144e29 MINGW_HASH=a5b03d0448a309341be4cf34c6ad3016d04c89952dca5243254b4d6c738b164f MSVCR100_HASH=1221a09484964a6f38af5e34ee292b9afefccb3dc6e55435fd3aaf7c235d9067 PYCRYPTO_HASH=f2ce1e989b272cfcb677616763e0a2e7ec659effa67a88aa92b3a65528f60a3c @@ -97,7 +94,6 @@ OSXSDK_URL=https://launchpad.net/~flosoft/+archive/cross-apple/+files/${OSX… BINUTILS_URL=https://ftp.gnu.org/gnu/binutils/${BINUTILS_PACKAGE} GCC_URL=https://ftp.gnu.org/gnu/gcc/gcc-${GCC_VER}/${GCC_PACKAGE} NOSCRIPT_URL=https://addons.cdn.mozilla.net/storage/public-staging/722/${NO… -HTTPSE_URL=https://www.eff.org/files/${HTTPSE_PACKAGE} PYTHON_URL=http://www.python.org/ftp/python/${PYTHON_VER}/${PYTHON_PACKAGE} PYTHON_MSI_URL=http://www.python.org/ftp/python/${PYTHON_VER}/${PYTHON_MSI_… PYCRYPTO_URL=https://ftp.dlitz.net/pub/dlitz/crypto/pycrypto/${PYCRYPTO_PAC… diff --git a/gitian/versions.alpha b/gitian/versions.alpha index ce3520c..8fc13d6 100755 --- a/gitian/versions.alpha +++ b/gitian/versions.alpha @@ -10,7 +10,7 @@ TORBROWSER_TAG=tor-browser-24.5.0esr-4.x-1 TOR_TAG=tor-0.2.4.22 TORLAUNCHER_TAG=master TORBUTTON_TAG=1.6.9.0 -HTTPSE_TAG=3.4.5 # XXX: HTTPSE_VER is used instead, pending #11630 +HTTPSE_TAG=3.5.1 NSIS_TAG=00133b8741eb8ca34fc8153d344c7c54a5e3fae9 ZLIB_TAG=v1.2.8 LIBEVENT_TAG=release-2.0.21-stable @@ -41,13 +41,11 @@ PY2EXE_VER=0.6.9 SETUPTOOLS_VER=1.4 LXML_VER=3.3.5 PARSLEY_VER=1.2 -HTTPSE_VER=3.5.1 ## File names for the source packages OPENSSL_PACKAGE=openssl-${OPENSSL_VER}.tar.gz GMP_PACKAGE=gmp-${GMP_VER}.tar.bz2 NOSCRIPT_PACKAGE=noscript_security_suite-2.6.8.22-sm+fx+fn.xpi -HTTPSE_PACKAGE=https-everywhere-${HTTPSE_VER}.xpi TOOLCHAIN4_PACKAGE=x86_64-apple-darwin10.tar.xz TOOLCHAIN4_OLD_PACKAGE=multiarch-darwin11-cctools127.2-gcc42-5666.3-llvmgcc42-2336.1-Linux-120724.tar.xz OSXSDK_PACKAGE=apple-uni-sdk-10.6_20110407-0.flosoft1_i386.deb @@ -75,7 +73,6 @@ OSXSDK_HASH=6602d8d5ddb371fbc02e2a5967d9bd0cd7358d46f9417753c8234b923f2ea6fc TOOLCHAIN4_HASH=7b71bfe02820409b994c5c33a7eab81a81c72550f5da85ff7af70da3da244645 TOOLCHAIN4_OLD_HASH=65c1b2d302358a6b95a26c6828a66908a199276193bb0b268f2dcc1a997731e9 NOSCRIPT_HASH=5ec75d2f6fbf3ff7950a8eea2c7878d887ed3916aa89f99ec76b322b1e140c08 -HTTPSE_HASH=62ac6560bb224a8f5557722153a72fb245b30b345940c537423bfbb7d8144e29 MINGW_HASH=a5b03d0448a309341be4cf34c6ad3016d04c89952dca5243254b4d6c738b164f MSVCR100_HASH=1221a09484964a6f38af5e34ee292b9afefccb3dc6e55435fd3aaf7c235d9067 PYCRYPTO_HASH=f2ce1e989b272cfcb677616763e0a2e7ec659effa67a88aa92b3a65528f60a3c @@ -97,7 +94,6 @@ OSXSDK_URL=https://launchpad.net/~flosoft/+archive/cross-apple/+files/${OSX… BINUTILS_URL=https://ftp.gnu.org/gnu/binutils/${BINUTILS_PACKAGE} GCC_URL=https://ftp.gnu.org/gnu/gcc/gcc-${GCC_VER}/${GCC_PACKAGE} NOSCRIPT_URL=https://addons.cdn.mozilla.net/storage/public-staging/722/${NO… -HTTPSE_URL=https://www.eff.org/files/${HTTPSE_PACKAGE} PYTHON_URL=http://www.python.org/ftp/python/${PYTHON_VER}/${PYTHON_PACKAGE} PYTHON_MSI_URL=http://www.python.org/ftp/python/${PYTHON_VER}/${PYTHON_MSI_… PYCRYPTO_URL=https://ftp.dlitz.net/pub/dlitz/crypto/pycrypto/${PYCRYPTO_PAC… diff --git a/gitian/versions.beta b/gitian/versions.beta index 817a880..cebfae2 100755 --- a/gitian/versions.beta +++ b/gitian/versions.beta @@ -10,7 +10,7 @@ TORBROWSER_TAG=tor-browser-${FIREFOX_VERSION}-1-build4 TOR_TAG=tor-0.2.4.21 TORLAUNCHER_TAG=0.2.5.4 TORBUTTON_TAG=1.6.9.0 -HTTPSE_TAG=3.4.5 +HTTPSE_TAG=3.5.1 NSIS_TAG=v0.1 ZLIB_TAG=v1.2.8 LIBEVENT_TAG=release-2.0.21-stable @@ -41,13 +41,11 @@ PY2EXE_VER=0.6.9 SETUPTOOLS_VER=1.4 LXML_VER=3.3.5 PARSLEY_VER=1.2 -HTTPSE_VER=3.5.1 ## File names for the source packages OPENSSL_PACKAGE=openssl-${OPENSSL_VER}.tar.gz GMP_PACKAGE=gmp-${GMP_VER}.tar.bz2 NOSCRIPT_PACKAGE=noscript_security_suite-2.6.8.22-sm+fx+fn.xpi -HTTPSE_PACKAGE=https-everywhere-${HTTPSE_VER}.xpi TOOLCHAIN4_PACKAGE=x86_64-apple-darwin10.tar.xz TOOLCHAIN4_OLD_PACKAGE=multiarch-darwin11-cctools127.2-gcc42-5666.3-llvmgcc42-2336.1-Linux-120724.tar.xz OSXSDK_PACKAGE=apple-uni-sdk-10.6_20110407-0.flosoft1_i386.deb @@ -75,7 +73,6 @@ OSXSDK_HASH=6602d8d5ddb371fbc02e2a5967d9bd0cd7358d46f9417753c8234b923f2ea6fc TOOLCHAIN4_HASH=7b71bfe02820409b994c5c33a7eab81a81c72550f5da85ff7af70da3da244645 TOOLCHAIN4_OLD_HASH=65c1b2d302358a6b95a26c6828a66908a199276193bb0b268f2dcc1a997731e9 NOSCRIPT_HASH=5ec75d2f6fbf3ff7950a8eea2c7878d887ed3916aa89f99ec76b322b1e140c08 -HTTPSE_HASH=62ac6560bb224a8f5557722153a72fb245b30b345940c537423bfbb7d8144e29 MINGW_HASH=a5b03d0448a309341be4cf34c6ad3016d04c89952dca5243254b4d6c738b164f MSVCR100_HASH=1221a09484964a6f38af5e34ee292b9afefccb3dc6e55435fd3aaf7c235d9067 PYCRYPTO_HASH=f2ce1e989b272cfcb677616763e0a2e7ec659effa67a88aa92b3a65528f60a3c @@ -97,7 +94,6 @@ OSXSDK_URL=https://launchpad.net/~flosoft/+archive/cross-apple/+files/${OSX… BINUTILS_URL=https://ftp.gnu.org/gnu/binutils/${BINUTILS_PACKAGE} GCC_URL=https://ftp.gnu.org/gnu/gcc/gcc-${GCC_VER}/${GCC_PACKAGE} NOSCRIPT_URL=https://addons.cdn.mozilla.net/storage/public-staging/722/${NO… -HTTPSE_URL=https://www.eff.org/files/${HTTPSE_PACKAGE} PYTHON_URL=http://www.python.org/ftp/python/${PYTHON_VER}/${PYTHON_PACKAGE} PYTHON_MSI_URL=http://www.python.org/ftp/python/${PYTHON_VER}/${PYTHON_MSI_… PYCRYPTO_URL=https://ftp.dlitz.net/pub/dlitz/crypto/pycrypto/${PYCRYPTO_PAC… diff --git a/gitian/versions.nightly b/gitian/versions.nightly index 9958aab..d3bfe31 100755 --- a/gitian/versions.nightly +++ b/gitian/versions.nightly @@ -40,14 +40,12 @@ M2CRYPTO_VER=0.21.1 PY2EXE_VER=0.6.9 SETUPTOOLS_VER=1.4 LXML_VER=3.3.5 -HTTPSE_VER=3.5.1 PARSLEY_VER=1.2 ## File names for the source packages OPENSSL_PACKAGE=openssl-${OPENSSL_VER}.tar.gz GMP_PACKAGE=gmp-${GMP_VER}.tar.bz2 NOSCRIPT_PACKAGE=noscript_security_suite-2.6.8.20-fn+fx+sm.xpi -HTTPSE_PACKAGE=https-everywhere-${HTTPSE_VER}.xpi TOOLCHAIN4_PACKAGE=x86_64-apple-darwin10.tar.xz TOOLCHAIN4_OLD_PACKAGE=multiarch-darwin11-cctools127.2-gcc42-5666.3-llvmgcc42-2336.1-Linux-120724.tar.xz OSXSDK_PACKAGE=apple-uni-sdk-10.6_20110407-0.flosoft1_i386.deb @@ -75,7 +73,6 @@ OSXSDK_HASH=6602d8d5ddb371fbc02e2a5967d9bd0cd7358d46f9417753c8234b923f2ea6fc TOOLCHAIN4_HASH=7b71bfe02820409b994c5c33a7eab81a81c72550f5da85ff7af70da3da244645 TOOLCHAIN4_OLD_HASH=65c1b2d302358a6b95a26c6828a66908a199276193bb0b268f2dcc1a997731e9 NOSCRIPT_HASH=dae2abeb3c57240168c1fdfbf6c6664fa64859fb430ca1a05c218f81371f5ad1 -HTTPSE_HASH=62ac6560bb224a8f5557722153a72fb245b30b345940c537423bfbb7d8144e29 MINGW_HASH=a5b03d0448a309341be4cf34c6ad3016d04c89952dca5243254b4d6c738b164f MSVCR100_HASH=1221a09484964a6f38af5e34ee292b9afefccb3dc6e55435fd3aaf7c235d9067 PYCRYPTO_HASH=f2ce1e989b272cfcb677616763e0a2e7ec659effa67a88aa92b3a65528f60a3c @@ -97,7 +94,6 @@ OSXSDK_URL=https://launchpad.net/~flosoft/+archive/cross-apple/+files/${OSX… BINUTILS_URL=https://ftp.gnu.org/gnu/binutils/${BINUTILS_PACKAGE} GCC_URL=https://ftp.gnu.org/gnu/gcc/gcc-${GCC_VER}/${GCC_PACKAGE} NOSCRIPT_URL=https://addons.cdn.mozilla.net/storage/public-staging/722/${NO… -HTTPSE_URL=https://www.eff.org/files/${HTTPSE_PACKAGE} PYTHON_URL=http://www.python.org/ftp/python/${PYTHON_VER}/${PYTHON_PACKAGE} PYTHON_MSI_URL=http://www.python.org/ftp/python/${PYTHON_VER}/${PYTHON_MSI_… PYCRYPTO_URL=https://ftp.dlitz.net/pub/dlitz/crypto/pycrypto/${PYCRYPTO_PAC…

1 0

[tor-browser/tor-browser-24.5.0esr-4.x-1] Make the CONNECT Host header the same as the Request-URI.
by mikeperry＠torproject.org 05 Jun '14

05 Jun '14

commit dab5565168923a476dadc32e6cc093a77d704582 Author: David Fifield <david(a)bamsoftware.com> Date: Sat May 31 16:59:11 2014 -0700 Make the CONNECT Host header the same as the Request-URI. It's possible to construct a request where the Host header differs from the authority in the URL, for example in an extension with nsIHttpChannel and setRequestHeader. MakeConnectString generates a host:port string for the CONNECT Request-Line, but peeks into the tunneled request in order to copy the Host header to the proxy request. Instead, use the same host:port string for Host as is used in the Request-URI, to avoid revealing the plaintext of the Host header outside of the tunnel. Backport of https://hg.mozilla.org/mozilla-central/rev/a1f6458800d4. --- netwerk/protocol/http/nsHttpConnection.cpp | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/netwerk/protocol/http/nsHttpConnection.cpp b/netwerk/protocol/http/nsHttpConnection.cpp index 695f8a5..25ad335 100644 --- a/netwerk/protocol/http/nsHttpConnection.cpp +++ b/netwerk/protocol/http/nsHttpConnection.cpp @@ -1466,12 +1466,9 @@ nsHttpConnection::SetupProxyConnect() request.SetHeader(nsHttp::Proxy_Connection, NS_LITERAL_CSTRING("keep-alive")); request.SetHeader(nsHttp::Connection, NS_LITERAL_CSTRING("keep-alive")); - val = mTransaction->RequestHead()->PeekHeader(nsHttp::Host); - if (val) { - // all HTTP/1.1 requests must include a Host header (even though it - // may seem redundant in this case; see bug 82388). - request.SetHeader(nsHttp::Host, nsDependentCString(val)); - } + // all HTTP/1.1 requests must include a Host header (even though it + // may seem redundant in this case; see bug 82388). + request.SetHeader(nsHttp::Host, buf); val = mTransaction->RequestHead()->PeekHeader(nsHttp::Proxy_Authorization); if (val) {

1 0

[tor-browser/tor-browser-24.5.0esr-1] Make the CONNECT Host header the same as the Request-URI.
by mikeperry＠torproject.org 05 Jun '14

05 Jun '14

commit dbbe17313416ab3b17e9d05009026c1c4a37a273 Author: David Fifield <david(a)bamsoftware.com> Date: Sat May 31 16:59:11 2014 -0700 Make the CONNECT Host header the same as the Request-URI. It's possible to construct a request where the Host header differs from the authority in the URL, for example in an extension with nsIHttpChannel and setRequestHeader. MakeConnectString generates a host:port string for the CONNECT Request-Line, but peeks into the tunneled request in order to copy the Host header to the proxy request. Instead, use the same host:port string for Host as is used in the Request-URI, to avoid revealing the plaintext of the Host header outside of the tunnel. Backport of https://hg.mozilla.org/mozilla-central/rev/a1f6458800d4. --- netwerk/protocol/http/nsHttpConnection.cpp | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/netwerk/protocol/http/nsHttpConnection.cpp b/netwerk/protocol/http/nsHttpConnection.cpp index 695f8a5..25ad335 100644 --- a/netwerk/protocol/http/nsHttpConnection.cpp +++ b/netwerk/protocol/http/nsHttpConnection.cpp @@ -1466,12 +1466,9 @@ nsHttpConnection::SetupProxyConnect() request.SetHeader(nsHttp::Proxy_Connection, NS_LITERAL_CSTRING("keep-alive")); request.SetHeader(nsHttp::Connection, NS_LITERAL_CSTRING("keep-alive")); - val = mTransaction->RequestHead()->PeekHeader(nsHttp::Host); - if (val) { - // all HTTP/1.1 requests must include a Host header (even though it - // may seem redundant in this case; see bug 82388). - request.SetHeader(nsHttp::Host, nsDependentCString(val)); - } + // all HTTP/1.1 requests must include a Host header (even though it + // may seem redundant in this case; see bug 82388). + request.SetHeader(nsHttp::Host, buf); val = mTransaction->RequestHead()->PeekHeader(nsHttp::Proxy_Authorization); if (val) {

1 0

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

tbb-commits