tbb-commits
Threads by month
- ----- 2026 -----
- March
- February
- January
- ----- 2025 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2024 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2023 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2022 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2021 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2020 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2019 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2018 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2017 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2016 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2015 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2014 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- 1 participants
- 20078 discussions
[torbutton/maint-1.9.3] Bug 9263: Spoof referer when leaving a .onion domain
by gk@torproject.org 13 Oct '15
by gk@torproject.org 13 Oct '15
13 Oct '15
commit d5234a3e37fb717d5c2f65ef039cd7872cbd1de3
Author: Yan Zhu <yan(a)mit.edu>
Date: Tue Jul 29 17:36:27 2014 -0700
Bug 9263: Spoof referer when leaving a .onion domain
---
makexpi.sh | 2 +-
src/chrome.manifest | 15 +--
src/components/tor-protocol.js | 103 ------------------
src/components/torRefSpoofer.js | 103 ++++++------------
src/components/tors-protocol.js | 103 ------------------
src/components/window-mapper.js | 180 -------------------------------
src/defaults/preferences/preferences.js | 1 -
7 files changed, 39 insertions(+), 468 deletions(-)
diff --git a/makexpi.sh b/makexpi.sh
index 4d01e2c..243fbd6 100755
--- a/makexpi.sh
+++ b/makexpi.sh
@@ -21,7 +21,7 @@ echo ---------- create $APP_NAME.xpi ----------
mkdir -p pkg
cd src
echo zip -X -9r ../pkg/$XPI_NAME ./ -x "chrome/*" -x "*.diff" -x "*.svn/*"
-zip -X -9r ../pkg/$XPI_NAME ./ -x "*.svn/*" -x "*.diff" -x "components/torRefSpoofer.js" #-x "chrome/*"
+zip -X -9r ../pkg/$XPI_NAME ./ -x "*.svn/*" -x "*.diff" #-x "chrome/*"
#mv ../$APP_NAME.jar ./chrome
#zip -9m ../pkg/$XPI_NAME chrome/$APP_NAME.jar
cd ..
diff --git a/src/chrome.manifest b/src/chrome.manifest
index ddf582e..1d3efb4 100644
--- a/src/chrome.manifest
+++ b/src/chrome.manifest
@@ -159,18 +159,11 @@ contract @torproject.org/torbutton-logger;1 {f36d72c9-9718-4134-b550-e109638331d
component {e33fd6d4-270f-475f-a96f-ff3140279f68} components/domain-isolator.js
contract @torproject.org/domain-isolator;1 {e33fd6d4-270f-475f-a96f-ff3140279f68}
-# component {b985e49c-12cb-4f29-9d14-b62603332ec4} components/window-mapper.js
-# contract @torproject.org/content-window-mapper;1 {b985e49c-12cb-4f29-9d14-b62603332ec4}
-
-# component {65be2be0-ceb4-44c2-91a5-9c75c53430bf} components/torRefSpoofer.js
-# contract @torproject.org/torRefSpoofer;1 {65be2be0-ceb4-44c2-91a5-9c75c53430bf}
-
-# component {52183e20-4d4b-11de-8a39-0800200c9a66} components/tor-protocol.js
-# contract @mozilla.org/network/protocol;1?name=tor {52183e20-4d4b-11de-8a39-0800200c9a66}
+category profile-after-change CookieJarSelector @torproject.org/cookie-jar-selector;1
-# component {a5a4bc50-5e8d-11de-8a39-0800200c9a66} components/tors-protocol.js
-# contract @mozilla.org/network/protocol;1?name=tors {a5a4bc50-5e8d-11de-8a39-0800200c9a66}
+component {65be2be0-ceb4-44c2-91a5-9c75c53430bf} components/torRefSpoofer.js
+contract @torproject.org/torRefSpoofer;1 {65be2be0-ceb4-44c2-91a5-9c75c53430bf}
-category profile-after-change CookieJarSelector @torproject.org/cookie-jar-selector;1
+category profile-after-change RefSpoofer @torproject.org/torRefSpoofer;1
category profile-after-change StartupObserver @torproject.org/startup-observer;1
category profile-after-change DomainIsolator @torproject.org/domain-isolator;1
diff --git a/src/components/tor-protocol.js b/src/components/tor-protocol.js
deleted file mode 100644
index 4ba5cf4..0000000
--- a/src/components/tor-protocol.js
+++ /dev/null
@@ -1,103 +0,0 @@
-// Bug 1506 P0: This code is toggle-mode code and is unused. Kill it.
-
-// Test protocol related
-const kSCHEME = "tor";
-const kPROTOCOL_NAME = "tor";
-const kPROTOCOL_CONTRACTID = "@mozilla.org/network/protocol;1?name=" + kSCHEME;
-const kPROTOCOL_CID = Components.ID("52183e20-4d4b-11de-8a39-0800200c9a66");
-
-// Mozilla defined
-const kSIMPLEURI_CONTRACTID = "@mozilla.org/network/simple-uri;1";
-const kIOSERVICE_CONTRACTID = "@mozilla.org/network/io-service;1";
-const nsISupports = Components.interfaces.nsISupports;
-const nsIIOService = Components.interfaces.nsIIOService;
-const nsIProtocolHandler = Components.interfaces.nsIProtocolHandler;
-const nsIURI = Components.interfaces.nsIURI;
-
-function Protocol()
-{
-}
-
-Protocol.prototype =
-{
- QueryInterface: function(iid)
- {
- if (!iid.equals(nsIProtocolHandler) &&
- !iid.equals(nsISupports))
- throw Components.results.NS_ERROR_NO_INTERFACE;
- return this;
- },
-
- scheme: kSCHEME,
- defaultPort: -1,
- protocolFlags: nsIProtocolHandler.URI_NORELATIVE |
- nsIProtocolHandler.URI_NOAUTH,
-
- allowPort: function(port, scheme)
- {
- return false;
- },
-
- newURI: function(spec, charset, baseURI)
- {
- const nsIStandardURL = Components.interfaces.nsIStandardURL;
- var uri = Components.classes["@mozilla.org/network/standard-url;1"].createInstance(nsIStandardURL);
- uri.init(nsIStandardURL.URLTYPE_STANDARD, 80, spec, charset, baseURI);
-
- return uri.QueryInterface(Components.interfaces.nsIURI);
-
- },
-
- newChannel: function(aURI)
- {
- var prefs = Components.classes["@mozilla.org/preferences-service;1"]
- .getService(Components.interfaces.nsIPrefBranch);
- if (!prefs.getBoolPref("extensions.torbutton.tor_urls")) {
- throw Components.results.NS_ERROR_UNKNOWN_PROTOCOL;
- }
-
- /*The protocol has been called, therefore we want to enable tor, wait for it to activate return the new channel with the scheme of http.*/
- var ios = Components.classes[kIOSERVICE_CONTRACTID].getService(nsIIOService);
- var prompt = Components.classes["@mozilla.org/embedcomp/prompt-service;1"]
- .getService(Components.interfaces.nsIPromptService);
- var tor_enabled = prefs.getBoolPref("extensions.torbutton.tor_enabled");
- var wm = Components.classes["@mozilla.org/appshell/window-mediator;1"]
- .getService(Components.interfaces.nsIWindowMediator);
- var chrome = wm.getMostRecentWindow("navigator:browser");
- if (!ios.allowPort(aURI.port, aURI.scheme))
- throw Components.results.NS_ERROR_FAILURE;
-
- if (!tor_enabled)
- {
- var result = prompt.confirm(null, "Allow Tor toggle?", "Do you want to enable Tor and navigate to " + aURI.spec + "?");
- if (!result)
- throw Components.results.NS_ERROR_UNEXPECTED;
- chrome.torbutton_enable_tor(true);
- }
-
- //if tor is turned on then, else we should throw exception of some sort.
- tor_enabled = prefs.getBoolPref("extensions.torbutton.tor_enabled");
- if (!tor_enabled)
- throw Components.results.NS_ERROR_UNEXPECTED;
- else
- {
- aURI.scheme = "http";
- return ios.newChannelFromURI(aURI);
- }
- },
-
- // method of nsIClassInfo
- classDescription: "Tor protocol handler",
- classID: kPROTOCOL_CID,
- contractID: kPROTOCOL_CONTRACTID,
-}
-
-/**
-* XPCOMUtils.generateNSGetFactory was introduced in Mozilla 2 (Firefox 4).
-* XPCOMUtils.generateNSGetModule is for Mozilla 1.9.2 (Firefox 3.6).
-*/
-Components.utils.import("resource://gre/modules/XPCOMUtils.jsm");
-if (XPCOMUtils.generateNSGetFactory)
- var NSGetFactory = XPCOMUtils.generateNSGetFactory([Protocol]);
-else
- var NSGetModule = XPCOMUtils.generateNSGetModule([Protocol]);
diff --git a/src/components/torRefSpoofer.js b/src/components/torRefSpoofer.js
index 8b50075..b69f8e0 100644
--- a/src/components/torRefSpoofer.js
+++ b/src/components/torRefSpoofer.js
@@ -1,89 +1,60 @@
-// Bug 1506 P0: I don't really believe referers matter in the grand scheme.
-// Kill this code.
+// Clear referer on cross-domain requests to/from Tor Hidden Services: #9623
+// ("Smart referer" previously spoofed referer on all cross-domain requests.)
const kMODULE_CID = Components.ID("65be2be0-ceb4-44c2-91a5-9c75c53430bf");
const kMODULE_CONTRACTID = "@torproject.org/torRefSpoofer;1";
function RefSpoofer() {
- this.logger = Components.classes["@torproject.org/torbutton-logger;1"].getService(Components.interfaces.nsISupports).wrappedJSObject;
- this.logger.log(3, "RefSpoof component created");
- this.specials = /[-[\]{}()*+?.,\\^$|#\s]/g;
+ this.logger = Components.classes["@torproject.org/torbutton-logger;1"].
+ getService(Components.interfaces.nsISupports).wrappedJSObject;
+ this.logger.log(3, "RefSpoof component created");
+ this.onionDomainRegex = new RegExp("\\.onion$", "i"); // THS hosts
+ this.thirdPartyUtil = Components.classes["@mozilla.org/thirdpartyutil;1"].
+ getService(Components.interfaces.mozIThirdPartyUtil);
+ this.ios = Components.classes["@mozilla.org/network/io-service;1"].
+ getService(Components.interfaces.nsIIOService);
}
-RefSpoofer.prototype = {
+RefSpoofer.prototype = {
observe: function(subject, topic, data)
{
if (topic == "http-on-modify-request") {
- var prefs = Components.classes["@mozilla.org/preferences-service;1"]
- .getService(Components.interfaces.nsIPrefBranch);
- var tor_enabled = prefs.getBoolPref("extensions.torbutton.tor_enabled");
-
- if (!tor_enabled)
- return;
-
subject.QueryInterface(Components.interfaces.nsIHttpChannel);
this.onModifyRequest(subject);
return;
}
if (topic == "profile-after-change") {
this.logger.log(3, "RefSpoof got profile-after-change");
- var os = Components.classes["@mozilla.org/observer-service;1"].getService(Components.interfaces.nsIObserverService);
+ var os = Components.classes["@mozilla.org/observer-service;1"].
+ getService(Components.interfaces.nsIObserverService);
os.addObserver(this, "http-on-modify-request", false);
return;
}
},
onModifyRequest: function(oHttpChannel)
{
- var prefs = Components.classes["@mozilla.org/preferences-service;1"].getService(Components.interfaces.nsIPrefBranch);
-
- var spoofmode = prefs.getIntPref("extensions.torbutton.refererspoof");
-
- var ios = Components.classes["@mozilla.org/network/io-service;1"]
- .getService(Components.interfaces.nsIIOService);
+ var referer;
- if (spoofmode == 0)
try {
oHttpChannel.QueryInterface(Components.interfaces.nsIChannel);
- var referer;
- try{
+ try {
referer = oHttpChannel.getRequestHeader("Referer");
- referer = ios.newURI(referer,null,null);//make a nsIURI object for referer
- }catch(referr) {
- return;//no referer available or invalid uri
+ referer = this.ios.newURI(referer, null, null); //make a nsIURI object for referer
+ } catch (referr) {
+ return; //no referer available or invalid uri
}
- var requestURI = oHttpChannel.URI; //request nsIURI object
- var destHost = referer.host; //referer host w/o scheme
- var srcHost = oHttpChannel.URI.host;//request host without scheme
-
- // match is not what we want, unless we escape dots:
- var destHostMatch = destHost.replace(this.specials, "\\$&");
- var srcHostMatch = srcHost.replace(this.specials, "\\$&");
-
- // FIXME: This isn't exactly bulletproof security here, but it still
- // may need to be more lenient not to break sites...
- //
- // If we suspect issues, we can try doing the following first:
- // 1. Strip off all TLD suffixes, up to but not including '.'
- // 2. If more than one domain part is till left, strip off prefix
-
- //if they're in the same domain(if we can tell) or have the same host, keep the referer
- if (srcHost.split(".").length >= destHost.split(".").length
- && srcHost.match(destHostMatch)) // dest is a substring of src
- return;
- else if (destHost.split(".").length >= srcHost.split(".").length
- && destHost.match(srcHostMatch)) // src is a substring of dest
- return;
- //if they do not have the same host
- this.adjustRef(oHttpChannel, requestURI.scheme + "://" + requestURI.host);
- this.logger.safe_log(3, "Adjusting Referer, ",
- "from " + destHost + " to " + requestURI.host);
- }
- catch (ex) {
- this.logger.log(5, "RefSpoof onModifyRequest: " +ex);
+ // Only spoof referer for cross-domain requests from .onions
+ if (this.onionDomainRegex.test(referer.host) &&
+ this.thirdPartyUtil.isThirdPartyURI(referer, oHttpChannel.URI)) {
+ // Set the referer to the domain being requested. This makes it harder
+ // to tell that we are referer-spoofing.
+ this.adjustRef(oHttpChannel,
+ [oHttpChannel.URI.scheme, oHttpChannel.URI.host].join("://"));
+ }
+ } catch (ex) {
+ this.logger.log(5, "RefSpoof onModifyRequest: " + ex);
}
- else if (spoofmode == 2)
- this.adjustRef(oHttpChannel, "");
},
adjustRef: function(oChannel, sRef)
{
@@ -94,7 +65,7 @@ RefSpoofer.prototype = {
oChannel.setRequestHeader("Referer", sRef, false);
}
return true;
- }
+ }
catch (ex) {
this.logger.log(5, "RefSpoof adjustRef: " +ex);
}
@@ -103,9 +74,10 @@ RefSpoofer.prototype = {
QueryInterface: function(iid)
{
if (!iid.equals(Components.interfaces.nsISupports) &&
- !iid.equals(Components.interfaces.nsIObserver) &&
- !iid.equals(Components.interfaces.nsISupportsWeakReference))
- throw Components.results.NS_ERROR_NO_INTERFACE;
+ !iid.equals(Components.interfaces.nsIObserver) &&
+ !iid.equals(Components.interfaces.nsISupportsWeakReference)) {
+ throw Components.results.NS_ERROR_NO_INTERFACE;
+ }
return this;
},
_xpcom_categories: [{category:"profile-after-change"}],
@@ -114,12 +86,5 @@ RefSpoofer.prototype = {
classDescription: "Tor Ref Spoofer"
};
-/**
-* XPCOMUtils.generateNSGetFactory was introduced in Mozilla 2 (Firefox 4).
-* XPCOMUtils.generateNSGetModule is for Mozilla 1.9.2 (Firefox 3.6).
-*/
Components.utils.import("resource://gre/modules/XPCOMUtils.jsm");
-if (XPCOMUtils.generateNSGetFactory)
- var NSGetFactory = XPCOMUtils.generateNSGetFactory([RefSpoofer]);
-else
- var NSGetModule = XPCOMUtils.generateNSGetModule([RefSpoofer]);
+var NSGetFactory = XPCOMUtils.generateNSGetFactory([RefSpoofer]);
diff --git a/src/components/tors-protocol.js b/src/components/tors-protocol.js
deleted file mode 100644
index f075e43..0000000
--- a/src/components/tors-protocol.js
+++ /dev/null
@@ -1,103 +0,0 @@
-// Bug 1506 P0: This code is toggle-mode code and is unused. Kill it.
-
-// Test protocol related
-const kSCHEME = "tors";
-const kPROTOCOL_NAME = "tors";
-const kPROTOCOL_CONTRACTID = "@mozilla.org/network/protocol;1?name=" + kSCHEME;
-const kPROTOCOL_CID = Components.ID("a5a4bc50-5e8d-11de-8a39-0800200c9a66");
-
-// Mozilla defined
-const kSIMPLEURI_CONTRACTID = "@mozilla.org/network/simple-uri;1";
-const kIOSERVICE_CONTRACTID = "@mozilla.org/network/io-service;1";
-const nsISupports = Components.interfaces.nsISupports;
-const nsIIOService = Components.interfaces.nsIIOService;
-const nsIProtocolHandler = Components.interfaces.nsIProtocolHandler;
-const nsIURI = Components.interfaces.nsIURI;
-
-function Protocol()
-{
-}
-
-Protocol.prototype =
-{
- QueryInterface: function(iid)
- {
- if (!iid.equals(nsIProtocolHandler) &&
- !iid.equals(nsISupports))
- throw Components.results.NS_ERROR_NO_INTERFACE;
- return this;
- },
-
- scheme: kSCHEME,
- defaultPort: -1,
- protocolFlags: nsIProtocolHandler.URI_NORELATIVE |
- nsIProtocolHandler.URI_NOAUTH,
-
- allowPort: function(port, scheme)
- {
- return false;
- },
-
- newURI: function(spec, charset, baseURI)
- {
- const nsIStandardURL = Components.interfaces.nsIStandardURL;
- var uri = Components.classes["@mozilla.org/network/standard-url;1"].createInstance(nsIStandardURL);
- uri.init(nsIStandardURL.URLTYPE_STANDARD, 433, spec, charset, baseURI);
-
- return uri.QueryInterface(Components.interfaces.nsIURI);
-
- },
-
- newChannel: function(aURI)
- {
- var prefs = Components.classes["@mozilla.org/preferences-service;1"]
- .getService(Components.interfaces.nsIPrefBranch);
- if (!prefs.getBoolPref("extensions.torbutton.tor_urls")) {
- throw Components.results.NS_ERROR_UNKNOWN_PROTOCOL;
- }
-
- /*The protocol has been called, therefore we want to enable tor, wait for it to activate return the new channel with the scheme of https.*/
- var ios = Components.classes[kIOSERVICE_CONTRACTID].getService(nsIIOService);
- var prompt = Components.classes["@mozilla.org/embedcomp/prompt-service;1"]
- .getService(Components.interfaces.nsIPromptService);
- var tor_enabled = prefs.getBoolPref("extensions.torbutton.tor_enabled");
- var wm = Components.classes["@mozilla.org/appshell/window-mediator;1"]
- .getService(Components.interfaces.nsIWindowMediator);
- var chrome = wm.getMostRecentWindow("navigator:browser");
- if (!ios.allowPort(aURI.port, aURI.scheme))
- throw Components.results.NS_ERROR_FAILURE;
-
- if (!tor_enabled)
- {
- var result = prompt.confirm(null, "Allow Tor toggle?", "Do you want to enable Tor and navigate to " + aURI.spec + "?");
- if (!result)
- throw Components.results.NS_ERROR_UNEXPECTED;
- chrome.torbutton_enable_tor(true);
- }
-
- //if tor is turned on then, else we should throw exception of some sort.
- tor_enabled = prefs.getBoolPref("extensions.torbutton.tor_enabled");
- if (!tor_enabled)
- throw Components.results.NS_ERROR_UNEXPECTED;
- else
- {
- aURI.scheme = "https";
- return ios.newChannelFromURI(aURI);
- }
- },
-
- // method of nsIClassInfo
- classDescription: "Tor protocol handler",
- classID: kPROTOCOL_CID,
- contractID: kPROTOCOL_CONTRACTID
-}
-
-/**
-* XPCOMUtils.generateNSGetFactory was introduced in Mozilla 2 (Firefox 4).
-* XPCOMUtils.generateNSGetModule is for Mozilla 1.9.2 (Firefox 3.6).
-*/
-Components.utils.import("resource://gre/modules/XPCOMUtils.jsm");
-if (XPCOMUtils.generateNSGetFactory)
- var NSGetFactory = XPCOMUtils.generateNSGetFactory([Protocol]);
-else
- var NSGetModule = XPCOMUtils.generateNSGetModule([Protocol]);
diff --git a/src/components/window-mapper.js b/src/components/window-mapper.js
deleted file mode 100644
index a04f12b..0000000
--- a/src/components/window-mapper.js
+++ /dev/null
@@ -1,180 +0,0 @@
-// Bug 1506 P0: This code is toggle-mode code and is unused. Kill it.
-
-/*************************************************************************
- * ContentWindowMapper (JavaScript XPCOM component)
- *
- * Allows you to find a tabbrowser tab for a top level content window.
- *
- *************************************************************************/
-
-// Module specific constants
-const kMODULE_NAME = "Content Window Mapper";
-const kMODULE_CONTRACTID = "@torproject.org/content-window-mapper;1";
-const kMODULE_CID = Components.ID("b985e49c-12cb-4f29-9d14-b62603332ec4");
-
-const Cr = Components.results;
-const Cc = Components.classes;
-const Ci = Components.interfaces;
-const EXPIRATION_TIME = 60000; // 60 seconds
-
-const nsISupports = Components.interfaces.nsISupports;
-const nsIClassInfo = Components.interfaces.nsIClassInfo;
-const nsIComponentRegistrar = Components.interfaces.nsIComponentRegistrar;
-const nsIObserverService = Components.interfaces.nsIObserverService;
-
-function ContentWindowMapper() {
- this.cache = {};
-
- this.logger = Components.classes["@torproject.org/torbutton-logger;1"]
- .getService(Components.interfaces.nsISupports).wrappedJSObject;
- this.logger.log(3, "Component Load 2: Content window mapper online: "+kMODULE_CONTRACTID);
- this.last_expired = Date.now();
- // This JSObject is exported directly to chrome
- this.wrappedJSObject = this;
-}
-
-ContentWindowMapper.prototype =
-{
- QueryInterface: function(iid)
- {
- if (!iid.equals(nsIClassInfo) &&
- !iid.equals(nsISupports)) {
- Components.returnCode = Cr.NS_ERROR_NO_INTERFACE;
- return null;
- }
- return this;
- },
-
- wrappedJSObject: null, // Initialized by constructor
-
- // make this an nsIClassInfo object
- flags: nsIClassInfo.DOM_OBJECT,
-
- // method of nsIClassInfo
- classDescription: kMODULE_NAME,
- classID: kMODULE_CID,
- contractID: kMODULE_CONTRACTID,
-
- // method of nsIClassInfo
- getInterfaces: function(count) {
- var interfaceList = [nsIClassInfo];
- count.value = interfaceList.length;
- return interfaceList;
- },
-
- // method of nsIClassInfo
- getHelperForLanguage: function(count) { return null; },
-
- checkCache: function(topContentWindow) {
- if(typeof(topContentWindow.ghetto_guid) != "undefined"
- && typeof(this.cache[topContentWindow.ghetto_guid]) != "undefined") {
- return this.cache[topContentWindow.ghetto_guid].browser;
- }
-
- return null;
- },
-
- addCache: function(topContentWindow, browser) {
- var insertion = new Object();
- insertion.browser = browser;
- insertion.time = Date.now();
- topContentWindow.ghetto_guid = Math.random().toString()+Math.random().toString();
- this.cache[topContentWindow.ghetto_guid] = insertion;
- },
-
- expireOldCache: function() {
- var now = Date.now();
-
- if((now - this.last_expired) < EXPIRATION_TIME) {
- this.logger.log(3, "Early mapper check.");
- return;
- }
-
- var delkeys = [];
- for(var elem in this.cache) {
- if((now - this.cache[elem].time) > EXPIRATION_TIME) {
- this.logger.log(2, "Deleting cached element: "+elem.location);
- delkeys.push(elem);
- }
- }
-
- for(var k in delkeys) {
- delete this.cache[k];
- }
-
- this.last_expired = now;
- },
-
- getBrowserForContentWindow: function(topContentWindow) {
- if(topContentWindow instanceof Components.interfaces.nsIDOMChromeWindow) {
- if(topContentWindow.browserDOMWindow) {
- var browser = topContentWindow.getBrowser().selectedTab.linkedBrowser;
- this.logger.log(3, "Chrome browser at "
- +browser.contentWindow.location+" found for: "
- +topContentWindow.location);
- return browser;
- }
- // Allow strange chrome to go through..
- this.logger.log(3, "Odd chome window"+topContentWindow.location);
- return topContentWindow;
- }
-
- var cached = this.checkCache(topContentWindow);
- if(cached != null) {
- return cached;
- }
-
- try {
- this.logger.log(3, "Cache failed for: "+topContentWindow.location);
- } catch(e) {
- this.logger.log(3, "Cache failed for unknown location?");
- }
-
- var wm = Components.classes["@mozilla.org/appshell/window-mediator;1"]
- .getService(Components.interfaces.nsIWindowMediator);
- var enumerator = wm.getEnumerator("navigator:browser");
- while(enumerator.hasMoreElements()) {
- var win = enumerator.getNext();
- var browser = win.getBrowser();
- for (var i = 0; i < browser.browsers.length; ++i) {
- var b = browser.browsers[i];
- if (b && b.contentWindow == topContentWindow) {
- this.addCache(topContentWindow, b);
- return b;
- }
- }
- }
-
- // SpeedDial, google notebook and other extensions can create their
- // own "<browser>" tag elements. AFAICT, there is no way to enumerate
- // these... Just punt and return the most recently used browser
- try {
- if(topContentWindow.name != "speedDialLoaderBrowser") {
- if(topContentWindow && topContentWindow.location)
- this.logger.safe_log(4, "No browser found: ", topContentWindow.location);
- else
- this.logger.safe_log(4, "No browser found: ", topContentWindow.name);
- } else {
- this.logger.log(3, "SpeedDial browser found: "+topContentWindow.name);
- }
- } catch(e) {
- this.logger.log(4, "No browser found.");
- }
-
- // Punt..
- var wm = Components.classes["@mozilla.org/appshell/window-mediator;1"].
- getService(Components.interfaces.nsIWindowMediator);
- var recentWindow = wm.getMostRecentWindow("navigator:browser");
- return recentWindow ? recentWindow.getBrowser().selectedTab.linkedBrowser : null;
- }
-}
-
-/**
-* XPCOMUtils.generateNSGetFactory was introduced in Mozilla 2 (Firefox 4).
-* XPCOMUtils.generateNSGetModule is for Mozilla 1.9.2 (Firefox 3.6).
-*/
-Components.utils.import("resource://gre/modules/XPCOMUtils.jsm");
-if (XPCOMUtils.generateNSGetFactory)
- var NSGetFactory = XPCOMUtils.generateNSGetFactory([ContentWindowMapper]);
-else
- var NSGetModule = XPCOMUtils.generateNSGetModule([ContentWindowMapper]);
diff --git a/src/defaults/preferences/preferences.js b/src/defaults/preferences/preferences.js
index 83706ef..7985b21 100644
--- a/src/defaults/preferences/preferences.js
+++ b/src/defaults/preferences/preferences.js
@@ -165,7 +165,6 @@ pref("extensions.torbutton.tor_memory_jar",false);
pref("extensions.torbutton.nontor_memory_jar",false);
pref("extensions.torbutton.tz_string","");
pref("extensions.torbutton.launch_warning",true);
-pref("extensions.torbutton.refererspoof", 0); //0=no spoof, 1=root spoof, 2=domain spoof, 3=blank spoof, 4=custom spoof
pref("extensions.torbutton.fakerefresh", false);
pref("extensions.torbutton.customeref","");
pref("extensions.torbutton.disable_livemarks",true);
1
0
[torbutton/master] Bug 9263: Spoof referer when leaving a .onion domain
by gk@torproject.org 13 Oct '15
by gk@torproject.org 13 Oct '15
13 Oct '15
commit f98243cfed952d1a1375fb1f486d728e6ca1bd44
Author: Yan Zhu <yan(a)mit.edu>
Date: Tue Jul 29 17:36:27 2014 -0700
Bug 9263: Spoof referer when leaving a .onion domain
---
makexpi.sh | 2 +-
src/chrome.manifest | 15 +--
src/components/tor-protocol.js | 103 ------------------
src/components/torRefSpoofer.js | 103 ++++++------------
src/components/tors-protocol.js | 103 ------------------
src/components/window-mapper.js | 180 -------------------------------
src/defaults/preferences/preferences.js | 1 -
7 files changed, 39 insertions(+), 468 deletions(-)
diff --git a/makexpi.sh b/makexpi.sh
index 4d01e2c..243fbd6 100755
--- a/makexpi.sh
+++ b/makexpi.sh
@@ -21,7 +21,7 @@ echo ---------- create $APP_NAME.xpi ----------
mkdir -p pkg
cd src
echo zip -X -9r ../pkg/$XPI_NAME ./ -x "chrome/*" -x "*.diff" -x "*.svn/*"
-zip -X -9r ../pkg/$XPI_NAME ./ -x "*.svn/*" -x "*.diff" -x "components/torRefSpoofer.js" #-x "chrome/*"
+zip -X -9r ../pkg/$XPI_NAME ./ -x "*.svn/*" -x "*.diff" #-x "chrome/*"
#mv ../$APP_NAME.jar ./chrome
#zip -9m ../pkg/$XPI_NAME chrome/$APP_NAME.jar
cd ..
diff --git a/src/chrome.manifest b/src/chrome.manifest
index ddf582e..1d3efb4 100644
--- a/src/chrome.manifest
+++ b/src/chrome.manifest
@@ -159,18 +159,11 @@ contract @torproject.org/torbutton-logger;1 {f36d72c9-9718-4134-b550-e109638331d
component {e33fd6d4-270f-475f-a96f-ff3140279f68} components/domain-isolator.js
contract @torproject.org/domain-isolator;1 {e33fd6d4-270f-475f-a96f-ff3140279f68}
-# component {b985e49c-12cb-4f29-9d14-b62603332ec4} components/window-mapper.js
-# contract @torproject.org/content-window-mapper;1 {b985e49c-12cb-4f29-9d14-b62603332ec4}
-
-# component {65be2be0-ceb4-44c2-91a5-9c75c53430bf} components/torRefSpoofer.js
-# contract @torproject.org/torRefSpoofer;1 {65be2be0-ceb4-44c2-91a5-9c75c53430bf}
-
-# component {52183e20-4d4b-11de-8a39-0800200c9a66} components/tor-protocol.js
-# contract @mozilla.org/network/protocol;1?name=tor {52183e20-4d4b-11de-8a39-0800200c9a66}
+category profile-after-change CookieJarSelector @torproject.org/cookie-jar-selector;1
-# component {a5a4bc50-5e8d-11de-8a39-0800200c9a66} components/tors-protocol.js
-# contract @mozilla.org/network/protocol;1?name=tors {a5a4bc50-5e8d-11de-8a39-0800200c9a66}
+component {65be2be0-ceb4-44c2-91a5-9c75c53430bf} components/torRefSpoofer.js
+contract @torproject.org/torRefSpoofer;1 {65be2be0-ceb4-44c2-91a5-9c75c53430bf}
-category profile-after-change CookieJarSelector @torproject.org/cookie-jar-selector;1
+category profile-after-change RefSpoofer @torproject.org/torRefSpoofer;1
category profile-after-change StartupObserver @torproject.org/startup-observer;1
category profile-after-change DomainIsolator @torproject.org/domain-isolator;1
diff --git a/src/components/tor-protocol.js b/src/components/tor-protocol.js
deleted file mode 100644
index 4ba5cf4..0000000
--- a/src/components/tor-protocol.js
+++ /dev/null
@@ -1,103 +0,0 @@
-// Bug 1506 P0: This code is toggle-mode code and is unused. Kill it.
-
-// Test protocol related
-const kSCHEME = "tor";
-const kPROTOCOL_NAME = "tor";
-const kPROTOCOL_CONTRACTID = "@mozilla.org/network/protocol;1?name=" + kSCHEME;
-const kPROTOCOL_CID = Components.ID("52183e20-4d4b-11de-8a39-0800200c9a66");
-
-// Mozilla defined
-const kSIMPLEURI_CONTRACTID = "@mozilla.org/network/simple-uri;1";
-const kIOSERVICE_CONTRACTID = "@mozilla.org/network/io-service;1";
-const nsISupports = Components.interfaces.nsISupports;
-const nsIIOService = Components.interfaces.nsIIOService;
-const nsIProtocolHandler = Components.interfaces.nsIProtocolHandler;
-const nsIURI = Components.interfaces.nsIURI;
-
-function Protocol()
-{
-}
-
-Protocol.prototype =
-{
- QueryInterface: function(iid)
- {
- if (!iid.equals(nsIProtocolHandler) &&
- !iid.equals(nsISupports))
- throw Components.results.NS_ERROR_NO_INTERFACE;
- return this;
- },
-
- scheme: kSCHEME,
- defaultPort: -1,
- protocolFlags: nsIProtocolHandler.URI_NORELATIVE |
- nsIProtocolHandler.URI_NOAUTH,
-
- allowPort: function(port, scheme)
- {
- return false;
- },
-
- newURI: function(spec, charset, baseURI)
- {
- const nsIStandardURL = Components.interfaces.nsIStandardURL;
- var uri = Components.classes["@mozilla.org/network/standard-url;1"].createInstance(nsIStandardURL);
- uri.init(nsIStandardURL.URLTYPE_STANDARD, 80, spec, charset, baseURI);
-
- return uri.QueryInterface(Components.interfaces.nsIURI);
-
- },
-
- newChannel: function(aURI)
- {
- var prefs = Components.classes["@mozilla.org/preferences-service;1"]
- .getService(Components.interfaces.nsIPrefBranch);
- if (!prefs.getBoolPref("extensions.torbutton.tor_urls")) {
- throw Components.results.NS_ERROR_UNKNOWN_PROTOCOL;
- }
-
- /*The protocol has been called, therefore we want to enable tor, wait for it to activate return the new channel with the scheme of http.*/
- var ios = Components.classes[kIOSERVICE_CONTRACTID].getService(nsIIOService);
- var prompt = Components.classes["@mozilla.org/embedcomp/prompt-service;1"]
- .getService(Components.interfaces.nsIPromptService);
- var tor_enabled = prefs.getBoolPref("extensions.torbutton.tor_enabled");
- var wm = Components.classes["@mozilla.org/appshell/window-mediator;1"]
- .getService(Components.interfaces.nsIWindowMediator);
- var chrome = wm.getMostRecentWindow("navigator:browser");
- if (!ios.allowPort(aURI.port, aURI.scheme))
- throw Components.results.NS_ERROR_FAILURE;
-
- if (!tor_enabled)
- {
- var result = prompt.confirm(null, "Allow Tor toggle?", "Do you want to enable Tor and navigate to " + aURI.spec + "?");
- if (!result)
- throw Components.results.NS_ERROR_UNEXPECTED;
- chrome.torbutton_enable_tor(true);
- }
-
- //if tor is turned on then, else we should throw exception of some sort.
- tor_enabled = prefs.getBoolPref("extensions.torbutton.tor_enabled");
- if (!tor_enabled)
- throw Components.results.NS_ERROR_UNEXPECTED;
- else
- {
- aURI.scheme = "http";
- return ios.newChannelFromURI(aURI);
- }
- },
-
- // method of nsIClassInfo
- classDescription: "Tor protocol handler",
- classID: kPROTOCOL_CID,
- contractID: kPROTOCOL_CONTRACTID,
-}
-
-/**
-* XPCOMUtils.generateNSGetFactory was introduced in Mozilla 2 (Firefox 4).
-* XPCOMUtils.generateNSGetModule is for Mozilla 1.9.2 (Firefox 3.6).
-*/
-Components.utils.import("resource://gre/modules/XPCOMUtils.jsm");
-if (XPCOMUtils.generateNSGetFactory)
- var NSGetFactory = XPCOMUtils.generateNSGetFactory([Protocol]);
-else
- var NSGetModule = XPCOMUtils.generateNSGetModule([Protocol]);
diff --git a/src/components/torRefSpoofer.js b/src/components/torRefSpoofer.js
index 8b50075..b69f8e0 100644
--- a/src/components/torRefSpoofer.js
+++ b/src/components/torRefSpoofer.js
@@ -1,89 +1,60 @@
-// Bug 1506 P0: I don't really believe referers matter in the grand scheme.
-// Kill this code.
+// Clear referer on cross-domain requests to/from Tor Hidden Services: #9623
+// ("Smart referer" previously spoofed referer on all cross-domain requests.)
const kMODULE_CID = Components.ID("65be2be0-ceb4-44c2-91a5-9c75c53430bf");
const kMODULE_CONTRACTID = "@torproject.org/torRefSpoofer;1";
function RefSpoofer() {
- this.logger = Components.classes["@torproject.org/torbutton-logger;1"].getService(Components.interfaces.nsISupports).wrappedJSObject;
- this.logger.log(3, "RefSpoof component created");
- this.specials = /[-[\]{}()*+?.,\\^$|#\s]/g;
+ this.logger = Components.classes["@torproject.org/torbutton-logger;1"].
+ getService(Components.interfaces.nsISupports).wrappedJSObject;
+ this.logger.log(3, "RefSpoof component created");
+ this.onionDomainRegex = new RegExp("\\.onion$", "i"); // THS hosts
+ this.thirdPartyUtil = Components.classes["@mozilla.org/thirdpartyutil;1"].
+ getService(Components.interfaces.mozIThirdPartyUtil);
+ this.ios = Components.classes["@mozilla.org/network/io-service;1"].
+ getService(Components.interfaces.nsIIOService);
}
-RefSpoofer.prototype = {
+RefSpoofer.prototype = {
observe: function(subject, topic, data)
{
if (topic == "http-on-modify-request") {
- var prefs = Components.classes["@mozilla.org/preferences-service;1"]
- .getService(Components.interfaces.nsIPrefBranch);
- var tor_enabled = prefs.getBoolPref("extensions.torbutton.tor_enabled");
-
- if (!tor_enabled)
- return;
-
subject.QueryInterface(Components.interfaces.nsIHttpChannel);
this.onModifyRequest(subject);
return;
}
if (topic == "profile-after-change") {
this.logger.log(3, "RefSpoof got profile-after-change");
- var os = Components.classes["@mozilla.org/observer-service;1"].getService(Components.interfaces.nsIObserverService);
+ var os = Components.classes["@mozilla.org/observer-service;1"].
+ getService(Components.interfaces.nsIObserverService);
os.addObserver(this, "http-on-modify-request", false);
return;
}
},
onModifyRequest: function(oHttpChannel)
{
- var prefs = Components.classes["@mozilla.org/preferences-service;1"].getService(Components.interfaces.nsIPrefBranch);
-
- var spoofmode = prefs.getIntPref("extensions.torbutton.refererspoof");
-
- var ios = Components.classes["@mozilla.org/network/io-service;1"]
- .getService(Components.interfaces.nsIIOService);
+ var referer;
- if (spoofmode == 0)
try {
oHttpChannel.QueryInterface(Components.interfaces.nsIChannel);
- var referer;
- try{
+ try {
referer = oHttpChannel.getRequestHeader("Referer");
- referer = ios.newURI(referer,null,null);//make a nsIURI object for referer
- }catch(referr) {
- return;//no referer available or invalid uri
+ referer = this.ios.newURI(referer, null, null); //make a nsIURI object for referer
+ } catch (referr) {
+ return; //no referer available or invalid uri
}
- var requestURI = oHttpChannel.URI; //request nsIURI object
- var destHost = referer.host; //referer host w/o scheme
- var srcHost = oHttpChannel.URI.host;//request host without scheme
-
- // match is not what we want, unless we escape dots:
- var destHostMatch = destHost.replace(this.specials, "\\$&");
- var srcHostMatch = srcHost.replace(this.specials, "\\$&");
-
- // FIXME: This isn't exactly bulletproof security here, but it still
- // may need to be more lenient not to break sites...
- //
- // If we suspect issues, we can try doing the following first:
- // 1. Strip off all TLD suffixes, up to but not including '.'
- // 2. If more than one domain part is till left, strip off prefix
-
- //if they're in the same domain(if we can tell) or have the same host, keep the referer
- if (srcHost.split(".").length >= destHost.split(".").length
- && srcHost.match(destHostMatch)) // dest is a substring of src
- return;
- else if (destHost.split(".").length >= srcHost.split(".").length
- && destHost.match(srcHostMatch)) // src is a substring of dest
- return;
- //if they do not have the same host
- this.adjustRef(oHttpChannel, requestURI.scheme + "://" + requestURI.host);
- this.logger.safe_log(3, "Adjusting Referer, ",
- "from " + destHost + " to " + requestURI.host);
- }
- catch (ex) {
- this.logger.log(5, "RefSpoof onModifyRequest: " +ex);
+ // Only spoof referer for cross-domain requests from .onions
+ if (this.onionDomainRegex.test(referer.host) &&
+ this.thirdPartyUtil.isThirdPartyURI(referer, oHttpChannel.URI)) {
+ // Set the referer to the domain being requested. This makes it harder
+ // to tell that we are referer-spoofing.
+ this.adjustRef(oHttpChannel,
+ [oHttpChannel.URI.scheme, oHttpChannel.URI.host].join("://"));
+ }
+ } catch (ex) {
+ this.logger.log(5, "RefSpoof onModifyRequest: " + ex);
}
- else if (spoofmode == 2)
- this.adjustRef(oHttpChannel, "");
},
adjustRef: function(oChannel, sRef)
{
@@ -94,7 +65,7 @@ RefSpoofer.prototype = {
oChannel.setRequestHeader("Referer", sRef, false);
}
return true;
- }
+ }
catch (ex) {
this.logger.log(5, "RefSpoof adjustRef: " +ex);
}
@@ -103,9 +74,10 @@ RefSpoofer.prototype = {
QueryInterface: function(iid)
{
if (!iid.equals(Components.interfaces.nsISupports) &&
- !iid.equals(Components.interfaces.nsIObserver) &&
- !iid.equals(Components.interfaces.nsISupportsWeakReference))
- throw Components.results.NS_ERROR_NO_INTERFACE;
+ !iid.equals(Components.interfaces.nsIObserver) &&
+ !iid.equals(Components.interfaces.nsISupportsWeakReference)) {
+ throw Components.results.NS_ERROR_NO_INTERFACE;
+ }
return this;
},
_xpcom_categories: [{category:"profile-after-change"}],
@@ -114,12 +86,5 @@ RefSpoofer.prototype = {
classDescription: "Tor Ref Spoofer"
};
-/**
-* XPCOMUtils.generateNSGetFactory was introduced in Mozilla 2 (Firefox 4).
-* XPCOMUtils.generateNSGetModule is for Mozilla 1.9.2 (Firefox 3.6).
-*/
Components.utils.import("resource://gre/modules/XPCOMUtils.jsm");
-if (XPCOMUtils.generateNSGetFactory)
- var NSGetFactory = XPCOMUtils.generateNSGetFactory([RefSpoofer]);
-else
- var NSGetModule = XPCOMUtils.generateNSGetModule([RefSpoofer]);
+var NSGetFactory = XPCOMUtils.generateNSGetFactory([RefSpoofer]);
diff --git a/src/components/tors-protocol.js b/src/components/tors-protocol.js
deleted file mode 100644
index f075e43..0000000
--- a/src/components/tors-protocol.js
+++ /dev/null
@@ -1,103 +0,0 @@
-// Bug 1506 P0: This code is toggle-mode code and is unused. Kill it.
-
-// Test protocol related
-const kSCHEME = "tors";
-const kPROTOCOL_NAME = "tors";
-const kPROTOCOL_CONTRACTID = "@mozilla.org/network/protocol;1?name=" + kSCHEME;
-const kPROTOCOL_CID = Components.ID("a5a4bc50-5e8d-11de-8a39-0800200c9a66");
-
-// Mozilla defined
-const kSIMPLEURI_CONTRACTID = "@mozilla.org/network/simple-uri;1";
-const kIOSERVICE_CONTRACTID = "@mozilla.org/network/io-service;1";
-const nsISupports = Components.interfaces.nsISupports;
-const nsIIOService = Components.interfaces.nsIIOService;
-const nsIProtocolHandler = Components.interfaces.nsIProtocolHandler;
-const nsIURI = Components.interfaces.nsIURI;
-
-function Protocol()
-{
-}
-
-Protocol.prototype =
-{
- QueryInterface: function(iid)
- {
- if (!iid.equals(nsIProtocolHandler) &&
- !iid.equals(nsISupports))
- throw Components.results.NS_ERROR_NO_INTERFACE;
- return this;
- },
-
- scheme: kSCHEME,
- defaultPort: -1,
- protocolFlags: nsIProtocolHandler.URI_NORELATIVE |
- nsIProtocolHandler.URI_NOAUTH,
-
- allowPort: function(port, scheme)
- {
- return false;
- },
-
- newURI: function(spec, charset, baseURI)
- {
- const nsIStandardURL = Components.interfaces.nsIStandardURL;
- var uri = Components.classes["@mozilla.org/network/standard-url;1"].createInstance(nsIStandardURL);
- uri.init(nsIStandardURL.URLTYPE_STANDARD, 433, spec, charset, baseURI);
-
- return uri.QueryInterface(Components.interfaces.nsIURI);
-
- },
-
- newChannel: function(aURI)
- {
- var prefs = Components.classes["@mozilla.org/preferences-service;1"]
- .getService(Components.interfaces.nsIPrefBranch);
- if (!prefs.getBoolPref("extensions.torbutton.tor_urls")) {
- throw Components.results.NS_ERROR_UNKNOWN_PROTOCOL;
- }
-
- /*The protocol has been called, therefore we want to enable tor, wait for it to activate return the new channel with the scheme of https.*/
- var ios = Components.classes[kIOSERVICE_CONTRACTID].getService(nsIIOService);
- var prompt = Components.classes["@mozilla.org/embedcomp/prompt-service;1"]
- .getService(Components.interfaces.nsIPromptService);
- var tor_enabled = prefs.getBoolPref("extensions.torbutton.tor_enabled");
- var wm = Components.classes["@mozilla.org/appshell/window-mediator;1"]
- .getService(Components.interfaces.nsIWindowMediator);
- var chrome = wm.getMostRecentWindow("navigator:browser");
- if (!ios.allowPort(aURI.port, aURI.scheme))
- throw Components.results.NS_ERROR_FAILURE;
-
- if (!tor_enabled)
- {
- var result = prompt.confirm(null, "Allow Tor toggle?", "Do you want to enable Tor and navigate to " + aURI.spec + "?");
- if (!result)
- throw Components.results.NS_ERROR_UNEXPECTED;
- chrome.torbutton_enable_tor(true);
- }
-
- //if tor is turned on then, else we should throw exception of some sort.
- tor_enabled = prefs.getBoolPref("extensions.torbutton.tor_enabled");
- if (!tor_enabled)
- throw Components.results.NS_ERROR_UNEXPECTED;
- else
- {
- aURI.scheme = "https";
- return ios.newChannelFromURI(aURI);
- }
- },
-
- // method of nsIClassInfo
- classDescription: "Tor protocol handler",
- classID: kPROTOCOL_CID,
- contractID: kPROTOCOL_CONTRACTID
-}
-
-/**
-* XPCOMUtils.generateNSGetFactory was introduced in Mozilla 2 (Firefox 4).
-* XPCOMUtils.generateNSGetModule is for Mozilla 1.9.2 (Firefox 3.6).
-*/
-Components.utils.import("resource://gre/modules/XPCOMUtils.jsm");
-if (XPCOMUtils.generateNSGetFactory)
- var NSGetFactory = XPCOMUtils.generateNSGetFactory([Protocol]);
-else
- var NSGetModule = XPCOMUtils.generateNSGetModule([Protocol]);
diff --git a/src/components/window-mapper.js b/src/components/window-mapper.js
deleted file mode 100644
index a04f12b..0000000
--- a/src/components/window-mapper.js
+++ /dev/null
@@ -1,180 +0,0 @@
-// Bug 1506 P0: This code is toggle-mode code and is unused. Kill it.
-
-/*************************************************************************
- * ContentWindowMapper (JavaScript XPCOM component)
- *
- * Allows you to find a tabbrowser tab for a top level content window.
- *
- *************************************************************************/
-
-// Module specific constants
-const kMODULE_NAME = "Content Window Mapper";
-const kMODULE_CONTRACTID = "@torproject.org/content-window-mapper;1";
-const kMODULE_CID = Components.ID("b985e49c-12cb-4f29-9d14-b62603332ec4");
-
-const Cr = Components.results;
-const Cc = Components.classes;
-const Ci = Components.interfaces;
-const EXPIRATION_TIME = 60000; // 60 seconds
-
-const nsISupports = Components.interfaces.nsISupports;
-const nsIClassInfo = Components.interfaces.nsIClassInfo;
-const nsIComponentRegistrar = Components.interfaces.nsIComponentRegistrar;
-const nsIObserverService = Components.interfaces.nsIObserverService;
-
-function ContentWindowMapper() {
- this.cache = {};
-
- this.logger = Components.classes["@torproject.org/torbutton-logger;1"]
- .getService(Components.interfaces.nsISupports).wrappedJSObject;
- this.logger.log(3, "Component Load 2: Content window mapper online: "+kMODULE_CONTRACTID);
- this.last_expired = Date.now();
- // This JSObject is exported directly to chrome
- this.wrappedJSObject = this;
-}
-
-ContentWindowMapper.prototype =
-{
- QueryInterface: function(iid)
- {
- if (!iid.equals(nsIClassInfo) &&
- !iid.equals(nsISupports)) {
- Components.returnCode = Cr.NS_ERROR_NO_INTERFACE;
- return null;
- }
- return this;
- },
-
- wrappedJSObject: null, // Initialized by constructor
-
- // make this an nsIClassInfo object
- flags: nsIClassInfo.DOM_OBJECT,
-
- // method of nsIClassInfo
- classDescription: kMODULE_NAME,
- classID: kMODULE_CID,
- contractID: kMODULE_CONTRACTID,
-
- // method of nsIClassInfo
- getInterfaces: function(count) {
- var interfaceList = [nsIClassInfo];
- count.value = interfaceList.length;
- return interfaceList;
- },
-
- // method of nsIClassInfo
- getHelperForLanguage: function(count) { return null; },
-
- checkCache: function(topContentWindow) {
- if(typeof(topContentWindow.ghetto_guid) != "undefined"
- && typeof(this.cache[topContentWindow.ghetto_guid]) != "undefined") {
- return this.cache[topContentWindow.ghetto_guid].browser;
- }
-
- return null;
- },
-
- addCache: function(topContentWindow, browser) {
- var insertion = new Object();
- insertion.browser = browser;
- insertion.time = Date.now();
- topContentWindow.ghetto_guid = Math.random().toString()+Math.random().toString();
- this.cache[topContentWindow.ghetto_guid] = insertion;
- },
-
- expireOldCache: function() {
- var now = Date.now();
-
- if((now - this.last_expired) < EXPIRATION_TIME) {
- this.logger.log(3, "Early mapper check.");
- return;
- }
-
- var delkeys = [];
- for(var elem in this.cache) {
- if((now - this.cache[elem].time) > EXPIRATION_TIME) {
- this.logger.log(2, "Deleting cached element: "+elem.location);
- delkeys.push(elem);
- }
- }
-
- for(var k in delkeys) {
- delete this.cache[k];
- }
-
- this.last_expired = now;
- },
-
- getBrowserForContentWindow: function(topContentWindow) {
- if(topContentWindow instanceof Components.interfaces.nsIDOMChromeWindow) {
- if(topContentWindow.browserDOMWindow) {
- var browser = topContentWindow.getBrowser().selectedTab.linkedBrowser;
- this.logger.log(3, "Chrome browser at "
- +browser.contentWindow.location+" found for: "
- +topContentWindow.location);
- return browser;
- }
- // Allow strange chrome to go through..
- this.logger.log(3, "Odd chome window"+topContentWindow.location);
- return topContentWindow;
- }
-
- var cached = this.checkCache(topContentWindow);
- if(cached != null) {
- return cached;
- }
-
- try {
- this.logger.log(3, "Cache failed for: "+topContentWindow.location);
- } catch(e) {
- this.logger.log(3, "Cache failed for unknown location?");
- }
-
- var wm = Components.classes["@mozilla.org/appshell/window-mediator;1"]
- .getService(Components.interfaces.nsIWindowMediator);
- var enumerator = wm.getEnumerator("navigator:browser");
- while(enumerator.hasMoreElements()) {
- var win = enumerator.getNext();
- var browser = win.getBrowser();
- for (var i = 0; i < browser.browsers.length; ++i) {
- var b = browser.browsers[i];
- if (b && b.contentWindow == topContentWindow) {
- this.addCache(topContentWindow, b);
- return b;
- }
- }
- }
-
- // SpeedDial, google notebook and other extensions can create their
- // own "<browser>" tag elements. AFAICT, there is no way to enumerate
- // these... Just punt and return the most recently used browser
- try {
- if(topContentWindow.name != "speedDialLoaderBrowser") {
- if(topContentWindow && topContentWindow.location)
- this.logger.safe_log(4, "No browser found: ", topContentWindow.location);
- else
- this.logger.safe_log(4, "No browser found: ", topContentWindow.name);
- } else {
- this.logger.log(3, "SpeedDial browser found: "+topContentWindow.name);
- }
- } catch(e) {
- this.logger.log(4, "No browser found.");
- }
-
- // Punt..
- var wm = Components.classes["@mozilla.org/appshell/window-mediator;1"].
- getService(Components.interfaces.nsIWindowMediator);
- var recentWindow = wm.getMostRecentWindow("navigator:browser");
- return recentWindow ? recentWindow.getBrowser().selectedTab.linkedBrowser : null;
- }
-}
-
-/**
-* XPCOMUtils.generateNSGetFactory was introduced in Mozilla 2 (Firefox 4).
-* XPCOMUtils.generateNSGetModule is for Mozilla 1.9.2 (Firefox 3.6).
-*/
-Components.utils.import("resource://gre/modules/XPCOMUtils.jsm");
-if (XPCOMUtils.generateNSGetFactory)
- var NSGetFactory = XPCOMUtils.generateNSGetFactory([ContentWindowMapper]);
-else
- var NSGetModule = XPCOMUtils.generateNSGetModule([ContentWindowMapper]);
diff --git a/src/defaults/preferences/preferences.js b/src/defaults/preferences/preferences.js
index 164abbf..c481546 100644
--- a/src/defaults/preferences/preferences.js
+++ b/src/defaults/preferences/preferences.js
@@ -165,7 +165,6 @@ pref("extensions.torbutton.tor_memory_jar",false);
pref("extensions.torbutton.nontor_memory_jar",false);
pref("extensions.torbutton.tz_string","");
pref("extensions.torbutton.launch_warning",true);
-pref("extensions.torbutton.refererspoof", 0); //0=no spoof, 1=root spoof, 2=domain spoof, 3=blank spoof, 4=custom spoof
pref("extensions.torbutton.fakerefresh", false);
pref("extensions.torbutton.customeref","");
pref("extensions.torbutton.disable_livemarks",true);
1
0
13 Oct '15
commit 9fe9cdfe816ed030e615643e35b9e0dcaa5a8635
Author: Yan Zhu <yan(a)mit.edu>
Date: Tue Jul 29 17:08:36 2014 -0700
Revert "remove obsolete files, re Bug 1506 P0"
This reverts commit 80b06cdf422238f5eece38a1974d31e6e7be7a17.
---
src/chrome.manifest | 12 +++
src/components/tor-protocol.js | 103 ++++++++++++++++++++++
src/components/torRefSpoofer.js | 125 +++++++++++++++++++++++++++
src/components/tors-protocol.js | 103 ++++++++++++++++++++++
src/components/window-mapper.js | 180 +++++++++++++++++++++++++++++++++++++++
5 files changed, 523 insertions(+)
diff --git a/src/chrome.manifest b/src/chrome.manifest
index 8323e66..ddf582e 100644
--- a/src/chrome.manifest
+++ b/src/chrome.manifest
@@ -159,6 +159,18 @@ contract @torproject.org/torbutton-logger;1 {f36d72c9-9718-4134-b550-e109638331d
component {e33fd6d4-270f-475f-a96f-ff3140279f68} components/domain-isolator.js
contract @torproject.org/domain-isolator;1 {e33fd6d4-270f-475f-a96f-ff3140279f68}
+# component {b985e49c-12cb-4f29-9d14-b62603332ec4} components/window-mapper.js
+# contract @torproject.org/content-window-mapper;1 {b985e49c-12cb-4f29-9d14-b62603332ec4}
+
+# component {65be2be0-ceb4-44c2-91a5-9c75c53430bf} components/torRefSpoofer.js
+# contract @torproject.org/torRefSpoofer;1 {65be2be0-ceb4-44c2-91a5-9c75c53430bf}
+
+# component {52183e20-4d4b-11de-8a39-0800200c9a66} components/tor-protocol.js
+# contract @mozilla.org/network/protocol;1?name=tor {52183e20-4d4b-11de-8a39-0800200c9a66}
+
+# component {a5a4bc50-5e8d-11de-8a39-0800200c9a66} components/tors-protocol.js
+# contract @mozilla.org/network/protocol;1?name=tors {a5a4bc50-5e8d-11de-8a39-0800200c9a66}
+
category profile-after-change CookieJarSelector @torproject.org/cookie-jar-selector;1
category profile-after-change StartupObserver @torproject.org/startup-observer;1
category profile-after-change DomainIsolator @torproject.org/domain-isolator;1
diff --git a/src/components/tor-protocol.js b/src/components/tor-protocol.js
new file mode 100644
index 0000000..4ba5cf4
--- /dev/null
+++ b/src/components/tor-protocol.js
@@ -0,0 +1,103 @@
+// Bug 1506 P0: This code is toggle-mode code and is unused. Kill it.
+
+// Test protocol related
+const kSCHEME = "tor";
+const kPROTOCOL_NAME = "tor";
+const kPROTOCOL_CONTRACTID = "@mozilla.org/network/protocol;1?name=" + kSCHEME;
+const kPROTOCOL_CID = Components.ID("52183e20-4d4b-11de-8a39-0800200c9a66");
+
+// Mozilla defined
+const kSIMPLEURI_CONTRACTID = "@mozilla.org/network/simple-uri;1";
+const kIOSERVICE_CONTRACTID = "@mozilla.org/network/io-service;1";
+const nsISupports = Components.interfaces.nsISupports;
+const nsIIOService = Components.interfaces.nsIIOService;
+const nsIProtocolHandler = Components.interfaces.nsIProtocolHandler;
+const nsIURI = Components.interfaces.nsIURI;
+
+function Protocol()
+{
+}
+
+Protocol.prototype =
+{
+ QueryInterface: function(iid)
+ {
+ if (!iid.equals(nsIProtocolHandler) &&
+ !iid.equals(nsISupports))
+ throw Components.results.NS_ERROR_NO_INTERFACE;
+ return this;
+ },
+
+ scheme: kSCHEME,
+ defaultPort: -1,
+ protocolFlags: nsIProtocolHandler.URI_NORELATIVE |
+ nsIProtocolHandler.URI_NOAUTH,
+
+ allowPort: function(port, scheme)
+ {
+ return false;
+ },
+
+ newURI: function(spec, charset, baseURI)
+ {
+ const nsIStandardURL = Components.interfaces.nsIStandardURL;
+ var uri = Components.classes["@mozilla.org/network/standard-url;1"].createInstance(nsIStandardURL);
+ uri.init(nsIStandardURL.URLTYPE_STANDARD, 80, spec, charset, baseURI);
+
+ return uri.QueryInterface(Components.interfaces.nsIURI);
+
+ },
+
+ newChannel: function(aURI)
+ {
+ var prefs = Components.classes["@mozilla.org/preferences-service;1"]
+ .getService(Components.interfaces.nsIPrefBranch);
+ if (!prefs.getBoolPref("extensions.torbutton.tor_urls")) {
+ throw Components.results.NS_ERROR_UNKNOWN_PROTOCOL;
+ }
+
+ /*The protocol has been called, therefore we want to enable tor, wait for it to activate return the new channel with the scheme of http.*/
+ var ios = Components.classes[kIOSERVICE_CONTRACTID].getService(nsIIOService);
+ var prompt = Components.classes["@mozilla.org/embedcomp/prompt-service;1"]
+ .getService(Components.interfaces.nsIPromptService);
+ var tor_enabled = prefs.getBoolPref("extensions.torbutton.tor_enabled");
+ var wm = Components.classes["@mozilla.org/appshell/window-mediator;1"]
+ .getService(Components.interfaces.nsIWindowMediator);
+ var chrome = wm.getMostRecentWindow("navigator:browser");
+ if (!ios.allowPort(aURI.port, aURI.scheme))
+ throw Components.results.NS_ERROR_FAILURE;
+
+ if (!tor_enabled)
+ {
+ var result = prompt.confirm(null, "Allow Tor toggle?", "Do you want to enable Tor and navigate to " + aURI.spec + "?");
+ if (!result)
+ throw Components.results.NS_ERROR_UNEXPECTED;
+ chrome.torbutton_enable_tor(true);
+ }
+
+ //if tor is turned on then, else we should throw exception of some sort.
+ tor_enabled = prefs.getBoolPref("extensions.torbutton.tor_enabled");
+ if (!tor_enabled)
+ throw Components.results.NS_ERROR_UNEXPECTED;
+ else
+ {
+ aURI.scheme = "http";
+ return ios.newChannelFromURI(aURI);
+ }
+ },
+
+ // method of nsIClassInfo
+ classDescription: "Tor protocol handler",
+ classID: kPROTOCOL_CID,
+ contractID: kPROTOCOL_CONTRACTID,
+}
+
+/**
+* XPCOMUtils.generateNSGetFactory was introduced in Mozilla 2 (Firefox 4).
+* XPCOMUtils.generateNSGetModule is for Mozilla 1.9.2 (Firefox 3.6).
+*/
+Components.utils.import("resource://gre/modules/XPCOMUtils.jsm");
+if (XPCOMUtils.generateNSGetFactory)
+ var NSGetFactory = XPCOMUtils.generateNSGetFactory([Protocol]);
+else
+ var NSGetModule = XPCOMUtils.generateNSGetModule([Protocol]);
diff --git a/src/components/torRefSpoofer.js b/src/components/torRefSpoofer.js
new file mode 100644
index 0000000..8b50075
--- /dev/null
+++ b/src/components/torRefSpoofer.js
@@ -0,0 +1,125 @@
+// Bug 1506 P0: I don't really believe referers matter in the grand scheme.
+// Kill this code.
+
+const kMODULE_CID = Components.ID("65be2be0-ceb4-44c2-91a5-9c75c53430bf");
+const kMODULE_CONTRACTID = "@torproject.org/torRefSpoofer;1";
+
+function RefSpoofer() {
+ this.logger = Components.classes["@torproject.org/torbutton-logger;1"].getService(Components.interfaces.nsISupports).wrappedJSObject;
+ this.logger.log(3, "RefSpoof component created");
+ this.specials = /[-[\]{}()*+?.,\\^$|#\s]/g;
+}
+
+
+RefSpoofer.prototype = {
+ observe: function(subject, topic, data)
+ {
+ if (topic == "http-on-modify-request") {
+ var prefs = Components.classes["@mozilla.org/preferences-service;1"]
+ .getService(Components.interfaces.nsIPrefBranch);
+ var tor_enabled = prefs.getBoolPref("extensions.torbutton.tor_enabled");
+
+ if (!tor_enabled)
+ return;
+
+ subject.QueryInterface(Components.interfaces.nsIHttpChannel);
+ this.onModifyRequest(subject);
+ return;
+ }
+ if (topic == "profile-after-change") {
+ this.logger.log(3, "RefSpoof got profile-after-change");
+ var os = Components.classes["@mozilla.org/observer-service;1"].getService(Components.interfaces.nsIObserverService);
+ os.addObserver(this, "http-on-modify-request", false);
+ return;
+ }
+ },
+ onModifyRequest: function(oHttpChannel)
+ {
+ var prefs = Components.classes["@mozilla.org/preferences-service;1"].getService(Components.interfaces.nsIPrefBranch);
+
+ var spoofmode = prefs.getIntPref("extensions.torbutton.refererspoof");
+
+ var ios = Components.classes["@mozilla.org/network/io-service;1"]
+ .getService(Components.interfaces.nsIIOService);
+
+ if (spoofmode == 0)
+ try {
+ oHttpChannel.QueryInterface(Components.interfaces.nsIChannel);
+ var referer;
+ try{
+ referer = oHttpChannel.getRequestHeader("Referer");
+ referer = ios.newURI(referer,null,null);//make a nsIURI object for referer
+ }catch(referr) {
+ return;//no referer available or invalid uri
+ }
+ var requestURI = oHttpChannel.URI; //request nsIURI object
+ var destHost = referer.host; //referer host w/o scheme
+ var srcHost = oHttpChannel.URI.host;//request host without scheme
+
+ // match is not what we want, unless we escape dots:
+ var destHostMatch = destHost.replace(this.specials, "\\$&");
+ var srcHostMatch = srcHost.replace(this.specials, "\\$&");
+
+ // FIXME: This isn't exactly bulletproof security here, but it still
+ // may need to be more lenient not to break sites...
+ //
+ // If we suspect issues, we can try doing the following first:
+ // 1. Strip off all TLD suffixes, up to but not including '.'
+ // 2. If more than one domain part is till left, strip off prefix
+
+ //if they're in the same domain(if we can tell) or have the same host, keep the referer
+ if (srcHost.split(".").length >= destHost.split(".").length
+ && srcHost.match(destHostMatch)) // dest is a substring of src
+ return;
+ else if (destHost.split(".").length >= srcHost.split(".").length
+ && destHost.match(srcHostMatch)) // src is a substring of dest
+ return;
+ //if they do not have the same host
+ this.adjustRef(oHttpChannel, requestURI.scheme + "://" + requestURI.host);
+ this.logger.safe_log(3, "Adjusting Referer, ",
+ "from " + destHost + " to " + requestURI.host);
+ }
+ catch (ex) {
+ this.logger.log(5, "RefSpoof onModifyRequest: " +ex);
+ }
+ else if (spoofmode == 2)
+ this.adjustRef(oHttpChannel, "");
+ },
+ adjustRef: function(oChannel, sRef)
+ {
+ try {
+ if (oChannel.referrer)
+ {
+ oChannel.referrer.spec = sRef;
+ oChannel.setRequestHeader("Referer", sRef, false);
+ }
+ return true;
+ }
+ catch (ex) {
+ this.logger.log(5, "RefSpoof adjustRef: " +ex);
+ }
+ return false;
+ },
+ QueryInterface: function(iid)
+ {
+ if (!iid.equals(Components.interfaces.nsISupports) &&
+ !iid.equals(Components.interfaces.nsIObserver) &&
+ !iid.equals(Components.interfaces.nsISupportsWeakReference))
+ throw Components.results.NS_ERROR_NO_INTERFACE;
+ return this;
+ },
+ _xpcom_categories: [{category:"profile-after-change"}],
+ classID: kMODULE_CID,
+ contractID: kMODULE_CONTRACTID,
+ classDescription: "Tor Ref Spoofer"
+};
+
+/**
+* XPCOMUtils.generateNSGetFactory was introduced in Mozilla 2 (Firefox 4).
+* XPCOMUtils.generateNSGetModule is for Mozilla 1.9.2 (Firefox 3.6).
+*/
+Components.utils.import("resource://gre/modules/XPCOMUtils.jsm");
+if (XPCOMUtils.generateNSGetFactory)
+ var NSGetFactory = XPCOMUtils.generateNSGetFactory([RefSpoofer]);
+else
+ var NSGetModule = XPCOMUtils.generateNSGetModule([RefSpoofer]);
diff --git a/src/components/tors-protocol.js b/src/components/tors-protocol.js
new file mode 100644
index 0000000..f075e43
--- /dev/null
+++ b/src/components/tors-protocol.js
@@ -0,0 +1,103 @@
+// Bug 1506 P0: This code is toggle-mode code and is unused. Kill it.
+
+// Test protocol related
+const kSCHEME = "tors";
+const kPROTOCOL_NAME = "tors";
+const kPROTOCOL_CONTRACTID = "@mozilla.org/network/protocol;1?name=" + kSCHEME;
+const kPROTOCOL_CID = Components.ID("a5a4bc50-5e8d-11de-8a39-0800200c9a66");
+
+// Mozilla defined
+const kSIMPLEURI_CONTRACTID = "@mozilla.org/network/simple-uri;1";
+const kIOSERVICE_CONTRACTID = "@mozilla.org/network/io-service;1";
+const nsISupports = Components.interfaces.nsISupports;
+const nsIIOService = Components.interfaces.nsIIOService;
+const nsIProtocolHandler = Components.interfaces.nsIProtocolHandler;
+const nsIURI = Components.interfaces.nsIURI;
+
+function Protocol()
+{
+}
+
+Protocol.prototype =
+{
+ QueryInterface: function(iid)
+ {
+ if (!iid.equals(nsIProtocolHandler) &&
+ !iid.equals(nsISupports))
+ throw Components.results.NS_ERROR_NO_INTERFACE;
+ return this;
+ },
+
+ scheme: kSCHEME,
+ defaultPort: -1,
+ protocolFlags: nsIProtocolHandler.URI_NORELATIVE |
+ nsIProtocolHandler.URI_NOAUTH,
+
+ allowPort: function(port, scheme)
+ {
+ return false;
+ },
+
+ newURI: function(spec, charset, baseURI)
+ {
+ const nsIStandardURL = Components.interfaces.nsIStandardURL;
+ var uri = Components.classes["@mozilla.org/network/standard-url;1"].createInstance(nsIStandardURL);
+ uri.init(nsIStandardURL.URLTYPE_STANDARD, 433, spec, charset, baseURI);
+
+ return uri.QueryInterface(Components.interfaces.nsIURI);
+
+ },
+
+ newChannel: function(aURI)
+ {
+ var prefs = Components.classes["@mozilla.org/preferences-service;1"]
+ .getService(Components.interfaces.nsIPrefBranch);
+ if (!prefs.getBoolPref("extensions.torbutton.tor_urls")) {
+ throw Components.results.NS_ERROR_UNKNOWN_PROTOCOL;
+ }
+
+ /*The protocol has been called, therefore we want to enable tor, wait for it to activate return the new channel with the scheme of https.*/
+ var ios = Components.classes[kIOSERVICE_CONTRACTID].getService(nsIIOService);
+ var prompt = Components.classes["@mozilla.org/embedcomp/prompt-service;1"]
+ .getService(Components.interfaces.nsIPromptService);
+ var tor_enabled = prefs.getBoolPref("extensions.torbutton.tor_enabled");
+ var wm = Components.classes["@mozilla.org/appshell/window-mediator;1"]
+ .getService(Components.interfaces.nsIWindowMediator);
+ var chrome = wm.getMostRecentWindow("navigator:browser");
+ if (!ios.allowPort(aURI.port, aURI.scheme))
+ throw Components.results.NS_ERROR_FAILURE;
+
+ if (!tor_enabled)
+ {
+ var result = prompt.confirm(null, "Allow Tor toggle?", "Do you want to enable Tor and navigate to " + aURI.spec + "?");
+ if (!result)
+ throw Components.results.NS_ERROR_UNEXPECTED;
+ chrome.torbutton_enable_tor(true);
+ }
+
+ //if tor is turned on then, else we should throw exception of some sort.
+ tor_enabled = prefs.getBoolPref("extensions.torbutton.tor_enabled");
+ if (!tor_enabled)
+ throw Components.results.NS_ERROR_UNEXPECTED;
+ else
+ {
+ aURI.scheme = "https";
+ return ios.newChannelFromURI(aURI);
+ }
+ },
+
+ // method of nsIClassInfo
+ classDescription: "Tor protocol handler",
+ classID: kPROTOCOL_CID,
+ contractID: kPROTOCOL_CONTRACTID
+}
+
+/**
+* XPCOMUtils.generateNSGetFactory was introduced in Mozilla 2 (Firefox 4).
+* XPCOMUtils.generateNSGetModule is for Mozilla 1.9.2 (Firefox 3.6).
+*/
+Components.utils.import("resource://gre/modules/XPCOMUtils.jsm");
+if (XPCOMUtils.generateNSGetFactory)
+ var NSGetFactory = XPCOMUtils.generateNSGetFactory([Protocol]);
+else
+ var NSGetModule = XPCOMUtils.generateNSGetModule([Protocol]);
diff --git a/src/components/window-mapper.js b/src/components/window-mapper.js
new file mode 100644
index 0000000..a04f12b
--- /dev/null
+++ b/src/components/window-mapper.js
@@ -0,0 +1,180 @@
+// Bug 1506 P0: This code is toggle-mode code and is unused. Kill it.
+
+/*************************************************************************
+ * ContentWindowMapper (JavaScript XPCOM component)
+ *
+ * Allows you to find a tabbrowser tab for a top level content window.
+ *
+ *************************************************************************/
+
+// Module specific constants
+const kMODULE_NAME = "Content Window Mapper";
+const kMODULE_CONTRACTID = "@torproject.org/content-window-mapper;1";
+const kMODULE_CID = Components.ID("b985e49c-12cb-4f29-9d14-b62603332ec4");
+
+const Cr = Components.results;
+const Cc = Components.classes;
+const Ci = Components.interfaces;
+const EXPIRATION_TIME = 60000; // 60 seconds
+
+const nsISupports = Components.interfaces.nsISupports;
+const nsIClassInfo = Components.interfaces.nsIClassInfo;
+const nsIComponentRegistrar = Components.interfaces.nsIComponentRegistrar;
+const nsIObserverService = Components.interfaces.nsIObserverService;
+
+function ContentWindowMapper() {
+ this.cache = {};
+
+ this.logger = Components.classes["@torproject.org/torbutton-logger;1"]
+ .getService(Components.interfaces.nsISupports).wrappedJSObject;
+ this.logger.log(3, "Component Load 2: Content window mapper online: "+kMODULE_CONTRACTID);
+ this.last_expired = Date.now();
+ // This JSObject is exported directly to chrome
+ this.wrappedJSObject = this;
+}
+
+ContentWindowMapper.prototype =
+{
+ QueryInterface: function(iid)
+ {
+ if (!iid.equals(nsIClassInfo) &&
+ !iid.equals(nsISupports)) {
+ Components.returnCode = Cr.NS_ERROR_NO_INTERFACE;
+ return null;
+ }
+ return this;
+ },
+
+ wrappedJSObject: null, // Initialized by constructor
+
+ // make this an nsIClassInfo object
+ flags: nsIClassInfo.DOM_OBJECT,
+
+ // method of nsIClassInfo
+ classDescription: kMODULE_NAME,
+ classID: kMODULE_CID,
+ contractID: kMODULE_CONTRACTID,
+
+ // method of nsIClassInfo
+ getInterfaces: function(count) {
+ var interfaceList = [nsIClassInfo];
+ count.value = interfaceList.length;
+ return interfaceList;
+ },
+
+ // method of nsIClassInfo
+ getHelperForLanguage: function(count) { return null; },
+
+ checkCache: function(topContentWindow) {
+ if(typeof(topContentWindow.ghetto_guid) != "undefined"
+ && typeof(this.cache[topContentWindow.ghetto_guid]) != "undefined") {
+ return this.cache[topContentWindow.ghetto_guid].browser;
+ }
+
+ return null;
+ },
+
+ addCache: function(topContentWindow, browser) {
+ var insertion = new Object();
+ insertion.browser = browser;
+ insertion.time = Date.now();
+ topContentWindow.ghetto_guid = Math.random().toString()+Math.random().toString();
+ this.cache[topContentWindow.ghetto_guid] = insertion;
+ },
+
+ expireOldCache: function() {
+ var now = Date.now();
+
+ if((now - this.last_expired) < EXPIRATION_TIME) {
+ this.logger.log(3, "Early mapper check.");
+ return;
+ }
+
+ var delkeys = [];
+ for(var elem in this.cache) {
+ if((now - this.cache[elem].time) > EXPIRATION_TIME) {
+ this.logger.log(2, "Deleting cached element: "+elem.location);
+ delkeys.push(elem);
+ }
+ }
+
+ for(var k in delkeys) {
+ delete this.cache[k];
+ }
+
+ this.last_expired = now;
+ },
+
+ getBrowserForContentWindow: function(topContentWindow) {
+ if(topContentWindow instanceof Components.interfaces.nsIDOMChromeWindow) {
+ if(topContentWindow.browserDOMWindow) {
+ var browser = topContentWindow.getBrowser().selectedTab.linkedBrowser;
+ this.logger.log(3, "Chrome browser at "
+ +browser.contentWindow.location+" found for: "
+ +topContentWindow.location);
+ return browser;
+ }
+ // Allow strange chrome to go through..
+ this.logger.log(3, "Odd chome window"+topContentWindow.location);
+ return topContentWindow;
+ }
+
+ var cached = this.checkCache(topContentWindow);
+ if(cached != null) {
+ return cached;
+ }
+
+ try {
+ this.logger.log(3, "Cache failed for: "+topContentWindow.location);
+ } catch(e) {
+ this.logger.log(3, "Cache failed for unknown location?");
+ }
+
+ var wm = Components.classes["@mozilla.org/appshell/window-mediator;1"]
+ .getService(Components.interfaces.nsIWindowMediator);
+ var enumerator = wm.getEnumerator("navigator:browser");
+ while(enumerator.hasMoreElements()) {
+ var win = enumerator.getNext();
+ var browser = win.getBrowser();
+ for (var i = 0; i < browser.browsers.length; ++i) {
+ var b = browser.browsers[i];
+ if (b && b.contentWindow == topContentWindow) {
+ this.addCache(topContentWindow, b);
+ return b;
+ }
+ }
+ }
+
+ // SpeedDial, google notebook and other extensions can create their
+ // own "<browser>" tag elements. AFAICT, there is no way to enumerate
+ // these... Just punt and return the most recently used browser
+ try {
+ if(topContentWindow.name != "speedDialLoaderBrowser") {
+ if(topContentWindow && topContentWindow.location)
+ this.logger.safe_log(4, "No browser found: ", topContentWindow.location);
+ else
+ this.logger.safe_log(4, "No browser found: ", topContentWindow.name);
+ } else {
+ this.logger.log(3, "SpeedDial browser found: "+topContentWindow.name);
+ }
+ } catch(e) {
+ this.logger.log(4, "No browser found.");
+ }
+
+ // Punt..
+ var wm = Components.classes["@mozilla.org/appshell/window-mediator;1"].
+ getService(Components.interfaces.nsIWindowMediator);
+ var recentWindow = wm.getMostRecentWindow("navigator:browser");
+ return recentWindow ? recentWindow.getBrowser().selectedTab.linkedBrowser : null;
+ }
+}
+
+/**
+* XPCOMUtils.generateNSGetFactory was introduced in Mozilla 2 (Firefox 4).
+* XPCOMUtils.generateNSGetModule is for Mozilla 1.9.2 (Firefox 3.6).
+*/
+Components.utils.import("resource://gre/modules/XPCOMUtils.jsm");
+if (XPCOMUtils.generateNSGetFactory)
+ var NSGetFactory = XPCOMUtils.generateNSGetFactory([ContentWindowMapper]);
+else
+ var NSGetModule = XPCOMUtils.generateNSGetModule([ContentWindowMapper]);
1
0
[tor-browser-bundle/master] Revert "Revert "Bug 16909: Adapt to HTTPS-Everyhwere build changes""
by gk@torproject.org 13 Oct '15
by gk@torproject.org 13 Oct '15
13 Oct '15
commit 21a4618ade947a8dac9b422f4be3e0945388967a
Author: Georg Koppen <gk(a)torproject.org>
Date: Mon Oct 12 09:53:27 2015 +0000
Revert "Revert "Bug 16909: Adapt to HTTPS-Everyhwere build changes""
This reverts commit 2b50a8cb7d2f4e43f41f82c13704b9af15ba6b4e.
---
gitian/README.build | 2 +-
gitian/check-prerequisites.sh | 25 ++++++++++++++++---------
gitian/descriptors/linux/gitian-bundle.yml | 18 ++++++++++++------
gitian/descriptors/mac/gitian-bundle.yml | 18 ++++++++++++------
gitian/descriptors/windows/gitian-bundle.yml | 18 ++++++++++++------
gitian/fetch-inputs.sh | 9 ++++++++-
gitian/versions | 2 +-
gitian/versions.alpha | 2 +-
gitian/versions.beta | 2 +-
9 files changed, 64 insertions(+), 32 deletions(-)
diff --git a/gitian/README.build b/gitian/README.build
index 656dddd..f289791 100644
--- a/gitian/README.build
+++ b/gitian/README.build
@@ -1,6 +1,6 @@
QuickStart:
- On an Ubuntu 12.04+/Debian Wheezy+ machine or VM, run:
+ On an Ubuntu 14.04+/Debian Wheezy+ machine or VM, run:
$ make
diff --git a/gitian/check-prerequisites.sh b/gitian/check-prerequisites.sh
index 32c9b7b..cc16d0e 100755
--- a/gitian/check-prerequisites.sh
+++ b/gitian/check-prerequisites.sh
@@ -6,7 +6,7 @@ if [ ! -f /etc/debian_version ];
then
echo "Gitian is dependent upon the Ubuntu Virtualization Tools."
echo
- echo "You need to run Ubuntu 12.04 LTS/Debian Wheezy or newer."
+ echo "You need to run Ubuntu 14.04 LTS/Debian Wheezy or newer."
exit 1
fi
@@ -14,15 +14,22 @@ DISTRO=`cat /etc/issue | grep -Eo 'Ubuntu|Debian*'`
if [ $DISTRO = "Ubuntu" ];
then
- dpkg -s ruby apache2 git apt-cacher-ng python-vm-builder qemu-kvm virt-what lxc lxctl fakeroot faketime zip unzip subversion torsocks tor 2>/dev/null >/dev/null
-
- if [ $? -ne 0 ];
+ VERSION=`cat /etc/issue | grep -Eo '[0-9]{2}' | head -1`
+ if [ "$VERSION" -ge "14" ];
then
- echo "You are missing one or more Gitian build tool dependencies."
- echo
- echo "Please run:"
- echo " sudo apt-get install torsocks tor"
- echo " sudo torsocks apt-get install ruby apache2 git apt-cacher-ng python-vm-builder qemu-kvm virt-what lxc lxctl fakeroot faketime zip unzip subversion"
+ dpkg -s ruby apache2 git apt-cacher-ng python-vm-builder qemu-kvm virt-what lxc lxctl fakeroot faketime zip unzip subversion torsocks tor 2>/dev/null >/dev/null
+
+ if [ $? -ne 0 ];
+ then
+ echo "You are missing one or more Gitian build tool dependencies."
+ echo
+ echo "Please run:"
+ echo " sudo apt-get install torsocks tor"
+ echo " sudo torsocks apt-get install ruby apache2 git apt-cacher-ng python-vm-builder qemu-kvm virt-what lxc lxctl fakeroot faketime zip unzip subversion"
+ exit 1
+ fi
+ else
+ echo "Your Ubuntu is too old. You need Ubuntu 14.04 LTS or newer to build Tor Browser with Gitian."
exit 1
fi
elif [ $DISTRO = "Debian" ];
diff --git a/gitian/descriptors/linux/gitian-bundle.yml b/gitian/descriptors/linux/gitian-bundle.yml
index 27bbec0..b90356b 100644
--- a/gitian/descriptors/linux/gitian-bundle.yml
+++ b/gitian/descriptors/linux/gitian-bundle.yml
@@ -67,7 +67,7 @@ script: |
umask 0022
#
mkdir -p $OUTDIR/
- mkdir -p tor-browser/Browser/TorBrowser/Data/Browser/profile.default/extensions/https-everywhere(a)eff.org
+ mkdir -p tor-browser/Browser/TorBrowser/Data/Browser/profile.default/extensions/https-everywhere-eff(a)eff.org
mkdir -p tor-browser/Browser/TorBrowser/Data/Browser/profile.meek-http-helper/extensions
mkdir -p tor-browser/Browser/TorBrowser/Data/Browser/Caches
mkdir -p tor-browser/Browser/TorBrowser/Docs/sources/
@@ -101,10 +101,16 @@ script: |
cd ../../../
#
cd https-everywhere
- # XXX: Bloody hack to workaround a bug in HTTPS_E's git hash extraction in
- # makexpi.sh. See https://trac.torproject.org/projects/tor/ticket/10066
- rm -f .git/refs/heads/master
- ./makexpi.sh
+ # We are invoking the build script with a particular tag to avoid #10066. This
+ # does not work for nightlies as there is no "master" tag in that sense. But
+ # we don't need to care about that as we don't need reproducibility for
+ # nightly builds.
+ if [ $HTTPSE_TAG != "master" ];
+ then
+ ./makexpi.sh $HTTPSE_TAG
+ else
+ ./makexpi.sh
+ fi
# Since 5.0.2 a .xpi for AMO is built, too. We don't need it.
rm ./pkg/*-amo.xpi
cp pkg/*.xpi ../tor-browser/Browser/TorBrowser/Data/Browser/profile.default/extensions/https-everywhere(a)eff.org.xpi
@@ -113,7 +119,7 @@ script: |
cp *.xpi tor-browser/Browser/TorBrowser/Data/Browser/profile.default/extensions/
cd tor-browser/Browser/TorBrowser/Data/Browser/profile.default/extensions
mv noscript(a)noscript.net.xpi {73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
- cd https-everywhere(a)eff.org/
+ cd https-everywhere-eff(a)eff.org/
unzip ../https-everywhere(a)eff.org.xpi
rm ../https-everywhere(a)eff.org.xpi
cd ~/build
diff --git a/gitian/descriptors/mac/gitian-bundle.yml b/gitian/descriptors/mac/gitian-bundle.yml
index a80311e..c4477e2 100644
--- a/gitian/descriptors/mac/gitian-bundle.yml
+++ b/gitian/descriptors/mac/gitian-bundle.yml
@@ -75,7 +75,7 @@ script: |
MARTOOLS=~/build/mar-tools
#
mkdir -p $OUTDIR/
- mkdir -p $TORBROWSER_NAME.app/TorBrowser/Data/Browser/profile.default/extensions/https-everywhere(a)eff.org
+ mkdir -p $TORBROWSER_NAME.app/TorBrowser/Data/Browser/profile.default/extensions/https-everywhere-eff(a)eff.org
mkdir -p $TORBROWSER_NAME.app/TorBrowser/Data/Browser/profile.meek-http-helper/extensions
mkdir -p $TORBROWSER_NAME.app/TorBrowser/Data/Browser/Caches
mkdir -p $TORBROWSER_NAME.app/TorBrowser/Docs/sources
@@ -103,10 +103,16 @@ script: |
cd ../../../
#
cd https-everywhere
- # XXX: Bloody hack to workaround a bug in HTTPS_E's git hash extraction in
- # makexpi.sh. See https://trac.torproject.org/projects/tor/ticket/10066
- rm -f .git/refs/heads/master
- ./makexpi.sh
+ # We are invoking the build script with a particular tag to avoid #10066. This
+ # does not work for nightlies as there is no "master" tag in that sense. But
+ # we don't need to care about that as we don't need reproducibility for
+ # nightly builds.
+ if [ $HTTPSE_TAG != "master" ];
+ then
+ ./makexpi.sh $HTTPSE_TAG
+ else
+ ./makexpi.sh
+ fi
# Since 5.0.2 a .xpi for AMO is built, too. We don't need it.
rm ./pkg/*-amo.xpi
cp pkg/*.xpi ../$TORBROWSER_NAME.app/TorBrowser/Data/Browser/profile.default/extensions/https-everywhere(a)eff.org.xpi
@@ -115,7 +121,7 @@ script: |
cp *.xpi ./$TORBROWSER_NAME.app/TorBrowser/Data/Browser/profile.default/extensions/
cd $TORBROWSER_NAME.app/TorBrowser/Data/Browser/profile.default/extensions/
mv noscript(a)noscript.net.xpi {73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
- cd https-everywhere(a)eff.org
+ cd https-everywhere-eff(a)eff.org
unzip ../https-everywhere(a)eff.org.xpi
rm ../https-everywhere(a)eff.org.xpi
cd ~/build/
diff --git a/gitian/descriptors/windows/gitian-bundle.yml b/gitian/descriptors/windows/gitian-bundle.yml
index 6028601..dc8ad05 100644
--- a/gitian/descriptors/windows/gitian-bundle.yml
+++ b/gitian/descriptors/windows/gitian-bundle.yml
@@ -65,7 +65,7 @@ script: |
MARTOOLS=~/build/mar-tools
#
mkdir -p $OUTDIR/
- mkdir -p tbb-windows-installer/"Tor Browser"/Browser/TorBrowser/Data/Browser/profile.default/extensions/https-everywhere(a)eff.org
+ mkdir -p tbb-windows-installer/"Tor Browser"/Browser/TorBrowser/Data/Browser/profile.default/extensions/https-everywhere-eff(a)eff.org
mkdir -p tbb-windows-installer/"Tor Browser"/Browser/TorBrowser/Data/Browser/profile.meek-http-helper/extensions
mkdir -p tbb-windows-installer/"Tor Browser"/Browser/TorBrowser/Data/Browser/Caches
mkdir -p tbb-windows-installer/"Tor Browser"/Browser/TorBrowser/Docs/sources
@@ -90,10 +90,16 @@ script: |
cd ../../../
#
cd https-everywhere
- # XXX: Bloody hack to workaround a bug in HTTPS_E's git hash extraction in
- # makexpi.sh. See https://trac.torproject.org/projects/tor/ticket/10066
- rm -f .git/refs/heads/master
- ./makexpi.sh
+ # We are invoking the build script with a particular tag to avoid #10066. This
+ # does not work for nightlies as there is no "master" tag in that sense. But
+ # we don't need to care about that as we don't need reproducibility for
+ # nightly builds.
+ if [ $HTTPSE_TAG != "master" ];
+ then
+ ./makexpi.sh $HTTPSE_TAG
+ else
+ ./makexpi.sh
+ fi
# Since 5.0.2 a .xpi for AMO is built, too. We don't need it.
rm ./pkg/*-amo.xpi
cp ./pkg/*.xpi ../tbb-windows-installer/"Tor Browser"/Browser/TorBrowser/Data/Browser/profile.default/extensions/https-everywhere(a)eff.org.xpi
@@ -102,7 +108,7 @@ script: |
cp *.xpi tbb-windows-installer/"Tor Browser"/Browser/TorBrowser/Data/Browser/profile.default/extensions
cd tbb-windows-installer/"Tor Browser"/Browser/TorBrowser/Data/Browser/profile.default/extensions
mv noscript(a)noscript.net.xpi {73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
- cd https-everywhere(a)eff.org
+ cd https-everywhere-eff(a)eff.org
unzip ../https-everywhere(a)eff.org.xpi
rm ../https-everywhere(a)eff.org.xpi
cd ~/build/
diff --git a/gitian/fetch-inputs.sh b/gitian/fetch-inputs.sh
index 881e556..9252aea 100755
--- a/gitian/fetch-inputs.sh
+++ b/gitian/fetch-inputs.sh
@@ -162,7 +162,7 @@ do
get "${!PACKAGE}" "${!URL}"
done
-# NoScript and HTTPS-Everywhere are magikal and special:
+# NoScript is magikal and special:
wget -U "" -N ${NOSCRIPT_URL}
# Verify packages with weak or no signatures via direct sha256 check
@@ -281,5 +281,12 @@ obfs4 https://git.torproject.org/pluggable-transports/obfs4.git
noto-fonts https://github.com/googlei18n/noto-fonts $NOTOFONTS_TAG
EOF
+# HTTPS-Everywhere is special, too. We need to initialize the git submodules and
+# update them here. Otherwise it would happen during the build.
+cd https-everywhere
+git submodule init
+git submodule update
+cd ..
+
exit 0
diff --git a/gitian/versions b/gitian/versions
index ee7f459..8e35391 100755
--- a/gitian/versions
+++ b/gitian/versions
@@ -16,7 +16,7 @@ TORBROWSER_TAG=tor-browser-${FIREFOX_VERSION}-5.0-1-build2
TOR_TAG=tor-0.2.6.10
TORLAUNCHER_TAG=0.2.7.7
TORBUTTON_TAG=1.9.3.2
-HTTPSE_TAG=5.0.7
+HTTPSE_TAG=5.1.0
NSIS_TAG=v0.3
ZLIB_TAG=v1.2.8
LIBEVENT_TAG=release-2.0.21-stable
diff --git a/gitian/versions.alpha b/gitian/versions.alpha
index eaae8d2..3588096 100755
--- a/gitian/versions.alpha
+++ b/gitian/versions.alpha
@@ -15,7 +15,7 @@ TORBROWSER_TAG=tor-browser-${FIREFOX_VERSION}-5.5-2-build4
TOR_TAG=tor-0.2.7.2-alpha
TORLAUNCHER_TAG=0.2.7.7
TORBUTTON_TAG=1.9.4
-HTTPSE_TAG=5.0.7
+HTTPSE_TAG=5.1.1
NSIS_TAG=v0.3
ZLIB_TAG=v1.2.8
LIBEVENT_TAG=release-2.0.22-stable
diff --git a/gitian/versions.beta b/gitian/versions.beta
index 501a891..43c5fde 100755
--- a/gitian/versions.beta
+++ b/gitian/versions.beta
@@ -15,7 +15,7 @@ TORBROWSER_TAG=tor-browser-${FIREFOX_VERSION}-1-build4
TOR_TAG=tor-0.2.4.21
TORLAUNCHER_TAG=0.2.5.4
TORBUTTON_TAG=1.6.9.0
-HTTPSE_TAG=5.0.2
+HTTPSE_TAG=5.1.0
NSIS_TAG=v0.1
ZLIB_TAG=v1.2.8
LIBEVENT_TAG=release-2.0.21-stable
1
0
[tor-browser-bundle/master] Bug 16909: Workaround for old git in 10.04
by gk@torproject.org 13 Oct '15
by gk@torproject.org 13 Oct '15
13 Oct '15
commit c88cf009396bac20601b2de35eba2d9d98905438
Author: Georg Koppen <gk(a)torproject.org>
Date: Mon Oct 12 10:00:17 2015 +0000
Bug 16909: Workaround for old git in 10.04
---
gitian/descriptors/linux/gitian-bundle.yml | 3 +++
1 file changed, 3 insertions(+)
diff --git a/gitian/descriptors/linux/gitian-bundle.yml b/gitian/descriptors/linux/gitian-bundle.yml
index b90356b..8cd38b6 100644
--- a/gitian/descriptors/linux/gitian-bundle.yml
+++ b/gitian/descriptors/linux/gitian-bundle.yml
@@ -101,6 +101,9 @@ script: |
cd ../../../
#
cd https-everywhere
+ # Workaround for git not knowing `git submodule -f` in the version shipped in
+ # 10.04.
+ sed 's/recursive -f/recursive/' -i makexpi.sh
# We are invoking the build script with a particular tag to avoid #10066. This
# does not work for nightlies as there is no "master" tag in that sense. But
# we don't need to care about that as we don't need reproducibility for
1
0
[tor-browser-bundle/master] Merge remote-tracking branch 'arthur/17220+1'
by gk@torproject.org 13 Oct '15
by gk@torproject.org 13 Oct '15
13 Oct '15
commit bf18016f9066faab660ebff8f8b1a9e49adbfb70
Merge: fed9df7 19bde77
Author: Georg Koppen <gk(a)torproject.org>
Date: Tue Oct 13 08:41:33 2015 +0000
Merge remote-tracking branch 'arthur/17220+1'
gitian/descriptors/linux/gitian-bundle.yml | 3 +++
gitian/descriptors/mac/gitian-bundle.yml | 3 +++
gitian/fetch-inputs.sh | 4 ++--
gitian/verify-tags.sh | 2 +-
gitian/versions | 3 +++
gitian/versions.alpha | 3 +++
gitian/versions.beta | 3 +++
gitian/versions.nightly | 3 +++
8 files changed, 21 insertions(+), 3 deletions(-)
1
0
[tor-browser-bundle/master] Bug 17220: Bundle STIX Math font for Linux and OS X
by gk@torproject.org 13 Oct '15
by gk@torproject.org 13 Oct '15
13 Oct '15
commit 19bde773ac5dbd3d204f17aeee15549bd562bb6f
Author: Arthur Edelstein <arthuredelstein(a)gmail.com>
Date: Tue Oct 6 00:46:00 2015 +0000
Bug 17220: Bundle STIX Math font for Linux and OS X
---
gitian/descriptors/linux/gitian-bundle.yml | 3 +++
gitian/descriptors/mac/gitian-bundle.yml | 3 +++
gitian/fetch-inputs.sh | 4 ++--
gitian/verify-tags.sh | 2 +-
gitian/versions | 3 +++
gitian/versions.alpha | 3 +++
gitian/versions.beta | 3 +++
gitian/versions.nightly | 3 +++
8 files changed, 21 insertions(+), 3 deletions(-)
diff --git a/gitian/descriptors/linux/gitian-bundle.yml b/gitian/descriptors/linux/gitian-bundle.yml
index ce743df..27bbec0 100644
--- a/gitian/descriptors/linux/gitian-bundle.yml
+++ b/gitian/descriptors/linux/gitian-bundle.yml
@@ -54,6 +54,7 @@ files:
- "mar-tools-linux64.zip"
- "tbb-docs.zip"
- "NotoSansCJKsc-Regular.otf"
+- "STIXv1.1.1-latex.zip"
script: |
INSTDIR="$HOME/install"
source versions
@@ -132,6 +133,8 @@ script: |
cp "noto-fonts/unhinted/$fontfile" tor-browser/Browser/fonts/
done
cp NotoSansCJKsc-Regular.otf tor-browser/Browser/fonts/
+ unzip -o STIXv1.1.1-latex.zip -d STIX
+ cp "STIX/Fonts/fonts/opentype/public/stix/STIXMath-Regular.otf" tor-browser/Browser/fonts/
#
unzip relativelink-src.zip
cp RelativeLink/* tor-browser/Browser/
diff --git a/gitian/descriptors/mac/gitian-bundle.yml b/gitian/descriptors/mac/gitian-bundle.yml
index e250365..a80311e 100644
--- a/gitian/descriptors/mac/gitian-bundle.yml
+++ b/gitian/descriptors/mac/gitian-bundle.yml
@@ -56,6 +56,7 @@ files:
- "mar-tools-mac64.zip"
- "tbb-docs.zip"
- "mac-tor.sh"
+- "STIXv1.1.1-latex.zip"
script: |
INSTDIR="$HOME/install"
source versions
@@ -133,6 +134,8 @@ script: |
for fontfile in $NOTO_FONTS_UNHINTED; do
cp "noto-fonts/unhinted/$fontfile" $TORBROWSER_NAME.app/Contents/Resources/fonts/
done
+ unzip -o STIXv1.1.1-latex.zip -d STIX
+ cp "STIX/Fonts/fonts/opentype/public/stix/STIXMath-Regular.otf" $TORBROWSER_NAME.app/Contents/Resources/fonts/
#
unzip tor-mac$GBUILD_BITS-gbuilt.zip
if [ $BUILD_PT_BUNDLES ]; then
diff --git a/gitian/fetch-inputs.sh b/gitian/fetch-inputs.sh
index 42efa33..881e556 100755
--- a/gitian/fetch-inputs.sh
+++ b/gitian/fetch-inputs.sh
@@ -155,7 +155,7 @@ do
get "${!PACKAGE}" "${MIRROR_URL_ASN}${!PACKAGE}"
done
-for i in ZOPEINTERFACE TWISTED PY2EXE SETUPTOOLS PARSLEY GO NOTOCJKFONT
+for i in ZOPEINTERFACE TWISTED PY2EXE SETUPTOOLS PARSLEY GO NOTOCJKFONT STIXMATHFONT
do
URL="${i}_URL"
PACKAGE="${i}_PACKAGE"
@@ -167,7 +167,7 @@ wget -U "" -N ${NOSCRIPT_URL}
# Verify packages with weak or no signatures via direct sha256 check
# (OpenSSL is signed with MD5, and OSXSDK + OSXSDK_OLD are not signed at all)
-for i in OSXSDK OSXSDK_OLD TOOLCHAIN4 TOOLCHAIN4_OLD NOSCRIPT MSVCR100 PYCRYPTO ARGPARSE PYYAML ZOPEINTERFACE TWISTED M2CRYPTO SETUPTOOLS OPENSSL GMP PARSLEY GO GCC NOTOCJKFONT
+for i in OSXSDK OSXSDK_OLD TOOLCHAIN4 TOOLCHAIN4_OLD NOSCRIPT MSVCR100 PYCRYPTO ARGPARSE PYYAML ZOPEINTERFACE TWISTED M2CRYPTO SETUPTOOLS OPENSSL GMP PARSLEY GO GCC NOTOCJKFONT STIXMATHFONT
do
PACKAGE="${i}_PACKAGE"
HASH="${i}_HASH"
diff --git a/gitian/verify-tags.sh b/gitian/verify-tags.sh
index b8fc0e0..a1ce6a1 100755
--- a/gitian/verify-tags.sh
+++ b/gitian/verify-tags.sh
@@ -142,7 +142,7 @@ done
# Verify packages with weak or no signatures via direct sha256 check
# (OpenSSL is signed with MD5, and OSXSDK + OSXSDK_OLD are not signed at all)
-for i in OSXSDK OSXSDK_OLD TOOLCHAIN4 TOOLCHAIN4_OLD NOSCRIPT MSVCR100 PYCRYPTO ARGPARSE PYYAML ZOPEINTERFACE TWISTED M2CRYPTO SETUPTOOLS OPENSSL GMP PARSLEY GO GCC NOTOCJKFONT
+for i in OSXSDK OSXSDK_OLD TOOLCHAIN4 TOOLCHAIN4_OLD NOSCRIPT MSVCR100 PYCRYPTO ARGPARSE PYYAML ZOPEINTERFACE TWISTED M2CRYPTO SETUPTOOLS OPENSSL GMP PARSLEY GO GCC NOTOCJKFONT STIXMATHFONT
do
PACKAGE="${i}_PACKAGE"
HASH="${i}_HASH"
diff --git a/gitian/versions b/gitian/versions
index b833342..ee7f459 100755
--- a/gitian/versions
+++ b/gitian/versions
@@ -85,6 +85,7 @@ LXML_PACKAGE=lxml-${LXML_VER}.tar.gz
PARSLEY_PACKAGE=Parsley-${PARSLEY_VER}.tar.gz
GO_PACKAGE=go${GO_VER}.src.tar.gz
NOTOCJKFONT_PACKAGE=NotoSansCJKsc-Regular.otf
+STIXMATHFONT_PACKAGE=STIXv1.1.1-latex.zip
# Hashes for packages with weak sigs or no sigs
OPENSSL_HASH=bd5ee6803165c0fb60bbecbacacf244f1f90d2aa0d71353af610c29121e9b2f1
@@ -107,6 +108,7 @@ PARSLEY_HASH=50d30cee70770fd44db7cea421cb2fb75af247c3a1cd54885c06b30a7c85dd23
GO_HASH=299a6fd8f8adfdce15bc06bde926e7b252ae8e24dd5b16b7d8791ed79e7b5e9b
GCC_HASH=b7dafdf89cbb0e20333dbf5b5349319ae06e3d1a30bf3515b5488f7e89dca5ad
NOTOCJKFONT_HASH=1652500938055a232cfbfa321de6ebaadfc5635dd9f75e369bc991d14a6512dd
+STIXMATHFONT_HASH=e3b0f712e2644438eee2d0dcd2b10b2d54f1b972039de95b2f8e800bae1adbd8
## Non-git package URLs
OPENSSL_URL=https://www.openssl.org/source/${OPENSSL_PACKAGE}
@@ -132,3 +134,4 @@ LXML_URL=https://pypi.python.org/packages/source/l/lxml/${LXML_PACKAGE}
PARSLEY_URL=https://pypi.python.org/packages/source/P/Parsley/${PARSLEY_PAC…
GO_URL=https://golang.org/dl/${GO_PACKAGE}
NOTOCJKFONT_URL=https://github.com/googlei18n/noto-cjk/raw/f36eda03dfa5582a…
+STIXMATHFONT_URL=http://iweb.dl.sourceforge.net/project/stixfonts/Current%20Release/${STIXMATHFONT_PACKAGE}
diff --git a/gitian/versions.alpha b/gitian/versions.alpha
index c856979..eaae8d2 100755
--- a/gitian/versions.alpha
+++ b/gitian/versions.alpha
@@ -84,6 +84,7 @@ LXML_PACKAGE=lxml-${LXML_VER}.tar.gz
PARSLEY_PACKAGE=Parsley-${PARSLEY_VER}.tar.gz
GO_PACKAGE=go${GO_VER}.src.tar.gz
NOTOCJKFONT_PACKAGE=NotoSansCJKsc-Regular.otf
+STIXMATHFONT_PACKAGE=STIXv1.1.1-latex.zip
# Hashes for packages with weak sigs or no sigs
OPENSSL_HASH=bd5ee6803165c0fb60bbecbacacf244f1f90d2aa0d71353af610c29121e9b2f1
@@ -106,6 +107,7 @@ PARSLEY_HASH=50d30cee70770fd44db7cea421cb2fb75af247c3a1cd54885c06b30a7c85dd23
GO_HASH=299a6fd8f8adfdce15bc06bde926e7b252ae8e24dd5b16b7d8791ed79e7b5e9b
GCC_HASH=b7dafdf89cbb0e20333dbf5b5349319ae06e3d1a30bf3515b5488f7e89dca5ad
NOTOCJKFONT_HASH=1652500938055a232cfbfa321de6ebaadfc5635dd9f75e369bc991d14a6512dd
+STIXMATHFONT_HASH=e3b0f712e2644438eee2d0dcd2b10b2d54f1b972039de95b2f8e800bae1adbd8
## Non-git package URLs
OPENSSL_URL=https://www.openssl.org/source/${OPENSSL_PACKAGE}
@@ -131,3 +133,4 @@ LXML_URL=https://pypi.python.org/packages/source/l/lxml/${LXML_PACKAGE}
PARSLEY_URL=https://pypi.python.org/packages/source/P/Parsley/${PARSLEY_PAC…
GO_URL=https://golang.org/dl/${GO_PACKAGE}
NOTOCJKFONT_URL=https://github.com/googlei18n/noto-cjk/raw/f36eda03dfa5582a…
+STIXMATHFONT_URL=http://iweb.dl.sourceforge.net/project/stixfonts/Current%20Release/${STIXMATHFONT_PACKAGE}
diff --git a/gitian/versions.beta b/gitian/versions.beta
index c2143a0..501a891 100755
--- a/gitian/versions.beta
+++ b/gitian/versions.beta
@@ -78,6 +78,7 @@ LXML_PACKAGE=lxml-${LXML_VER}.tar.gz
PARSLEY_PACKAGE=Parsley-${PARSLEY_VER}.tar.gz
GO_PACKAGE=go${GO_VER}.src.tar.gz
NOTOCJKFONT_PACKAGE=NotoSansCJKsc-Regular.otf
+STIXMATHFONT_PACKAGE=STIXv1.1.1-latex.zip
# Hashes for packages with weak sigs or no sigs
OPENSSL_HASH=53cb818c3b90e507a8348f4f5eaedb05d8bfe5358aabb508b7263cc670c3e028
@@ -99,6 +100,7 @@ SETUPTOOLS_HASH=75d288687066ed124311d6ca5f40ffa92a0e81adcd7fff318c6e84082713cf39
PARSLEY_HASH=50d30cee70770fd44db7cea421cb2fb75af247c3a1cd54885c06b30a7c85dd23
GO_HASH=299a6fd8f8adfdce15bc06bde926e7b252ae8e24dd5b16b7d8791ed79e7b5e9b
NOTOCJKFONT_HASH=1652500938055a232cfbfa321de6ebaadfc5635dd9f75e369bc991d14a6512dd
+STIXMATHFONT_HASH=e3b0f712e2644438eee2d0dcd2b10b2d54f1b972039de95b2f8e800bae1adbd8
## Non-git package URLs
OPENSSL_URL=https://www.openssl.org/source/${OPENSSL_PACKAGE}
@@ -124,3 +126,4 @@ LXML_URL=https://pypi.python.org/packages/source/l/lxml/${LXML_PACKAGE}
PARSLEY_URL=https://pypi.python.org/packages/source/P/Parsley/${PARSLEY_PAC…
GO_URL=https://golang.org/dl/${GO_PACKAGE}
NOTOCJKFONT_URL=https://github.com/googlei18n/noto-cjk/raw/f36eda03dfa5582a…
+STIXMATHFONT_URL=http://iweb.dl.sourceforge.net/project/stixfonts/Current%20Release/${STIXMATHFONT_PACKAGE}
diff --git a/gitian/versions.nightly b/gitian/versions.nightly
index 85e4128..04d2214 100755
--- a/gitian/versions.nightly
+++ b/gitian/versions.nightly
@@ -87,6 +87,7 @@ LXML_PACKAGE=lxml-${LXML_VER}.tar.gz
PARSLEY_PACKAGE=Parsley-${PARSLEY_VER}.tar.gz
GO_PACKAGE=go${GO_VER}.src.tar.gz
NOTOCJKFONT_PACKAGE=NotoSansCJKsc-Regular.otf
+STIXMATHFONT_PACKAGE=STIXv1.1.1-latex.zip
# Hashes for packages with weak sigs or no sigs
OPENSSL_HASH=bd5ee6803165c0fb60bbecbacacf244f1f90d2aa0d71353af610c29121e9b2f1
@@ -109,6 +110,7 @@ PARSLEY_HASH=50d30cee70770fd44db7cea421cb2fb75af247c3a1cd54885c06b30a7c85dd23
GO_HASH=299a6fd8f8adfdce15bc06bde926e7b252ae8e24dd5b16b7d8791ed79e7b5e9b
GCC_HASH=b7dafdf89cbb0e20333dbf5b5349319ae06e3d1a30bf3515b5488f7e89dca5ad
NOTOCJKFONT_HASH=1652500938055a232cfbfa321de6ebaadfc5635dd9f75e369bc991d14a6512dd
+STIXMATHFONT_HASH=e3b0f712e2644438eee2d0dcd2b10b2d54f1b972039de95b2f8e800bae1adbd8
## Non-git package URLs
OPENSSL_URL=https://www.openssl.org/source/${OPENSSL_PACKAGE}
@@ -134,3 +136,4 @@ LXML_URL=https://pypi.python.org/packages/source/l/lxml/${LXML_PACKAGE}
PARSLEY_URL=https://pypi.python.org/packages/source/P/Parsley/${PARSLEY_PAC…
GO_URL=https://golang.org/dl/${GO_PACKAGE}
NOTOCJKFONT_URL=https://github.com/googlei18n/noto-cjk/raw/f36eda03dfa5582a…
+STIXMATHFONT_URL=http://iweb.dl.sourceforge.net/project/stixfonts/Current%20Release/${STIXMATHFONT_PACKAGE}
1
0
[tor-browser/tor-browser-38.3.0esr-5.5-2] Revert "Back out changes for bug 16909"
by gk@torproject.org 13 Oct '15
by gk@torproject.org 13 Oct '15
13 Oct '15
commit 6b8cc11e03d53a1e31b7b3d587f8a567ce360251
Author: Georg Koppen <gk(a)torproject.org>
Date: Tue Oct 13 08:35:06 2015 +0000
Revert "Back out changes for bug 16909"
This reverts commit fc16b4e722d7a956563eb6c008f9b88f5aef8434.
---
tools/update-packaging/make_full_update.sh | 5 ++++-
tools/update-packaging/make_incremental_update.sh | 13 ++++++++-----
2 files changed, 12 insertions(+), 6 deletions(-)
diff --git a/tools/update-packaging/make_full_update.sh b/tools/update-packaging/make_full_update.sh
index 62baf4c..3578ae4 100755
--- a/tools/update-packaging/make_full_update.sh
+++ b/tools/update-packaging/make_full_update.sh
@@ -11,7 +11,10 @@
. $(dirname "$0")/common.sh
# TODO: it would be better to pass this as a command line option.
-directories_to_remove='TorBrowser/Data/Browser/profile.default/extensions/https-everywhere(a)eff.org'
+# Make sure we delete the pre 5.1.0 HTTPS Everywhere as well in case it
+# exists. The extension ID got changed with the version bump to 5.1.0.
+ext_path='TorBrowser/Data/Browser/profile.default/extensions'
+directories_to_remove="$ext_path/https-everywhere(a)eff.org $ext_path/https-everywhere-eff(a)eff.org"
# -----------------------------------------------------------------------------
diff --git a/tools/update-packaging/make_incremental_update.sh b/tools/update-packaging/make_incremental_update.sh
index 0e1e3f6..c803809 100755
--- a/tools/update-packaging/make_incremental_update.sh
+++ b/tools/update-packaging/make_incremental_update.sh
@@ -64,7 +64,8 @@ check_for_forced_update() {
fi
# If the file in the skip list ends with /*, do a prefix match.
- # This allows TorBrowser/Data/Browser/profile.default/extensions/https-everywhere(a)eff.org/* to be used to force all HTTPS Everywhere files to be updated.
+ # This allows TorBrowser/Data/Browser/profile.default/extensions/https-everywhere-eff(a)eff.org/*
+ # to be used to force all HTTPS Everywhere files to be updated.
f_suffix=${f##*/}
if [[ $f_suffix = "*" ]]; then
f_prefix="${f%\/\*}";
@@ -122,7 +123,7 @@ archivefiles="updatev2.manifest updatev3.manifest"
# If the NoScript or HTTPS Everywhere extensions have changed between
# releases, add them to the "force updates" list.
ext_path='TorBrowser/Data/Browser/profile.default/extensions'
-https_everywhere='https-everywhere(a)eff.org'
+https_everywhere='https-everywhere-eff(a)eff.org'
noscript='{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi'
# NoScript is a packed extension, so we simply compare the old and the new
@@ -144,12 +145,14 @@ https_everywhere_install_rdf="$ext_path/$https_everywhere/install.rdf"
diff "$olddir/$https_everywhere_install_rdf" \
"$newdir/$https_everywhere_install_rdf" > /dev/null
rc=$?
-if [ $rc -gt 1 ]; then
+if [ $rc -gt 1 -a -e "$olddir/$https_everywhere_install_rdf" ]; then
notice "Unexpected exit $rc from $https_everywhere_install_rdf diff command"
exit 2
-elif [ $rc -eq 1 ]; then
+elif [ $rc -ge 1 ]; then
requested_forced_updates="$requested_forced_updates $ext_path/$https_everywhere/*"
- directories_to_remove="$directories_to_remove $ext_path/$https_everywhere"
+ # Make sure we delete the pre 5.1.0 HTTPS Everywhere as well in case it
+ # exists. The extension ID got changed with the version bump to 5.1.0.
+ directories_to_remove="$directories_to_remove $ext_path/https-everywhere(a)eff.org $ext_path/$https_everywhere"
fi
mkdir -p "$workdir"
1
0
[tor-browser/tor-browser-38.3.0esr-5.5-2] fixup! TB4: Tor Browser's Firefox preference overrides.
by gk@torproject.org 13 Oct '15
by gk@torproject.org 13 Oct '15
13 Oct '15
commit 1c95cfa27db267c332262518c64a79c96f3ef4fa
Author: Arthur Edelstein <arthuredelstein(a)gmail.com>
Date: Mon Oct 5 16:48:36 2015 -0700
fixup! TB4: Tor Browser's Firefox preference overrides.
Fixes bug 17220.
---
browser/app/profile/000-tor-browser.js | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/browser/app/profile/000-tor-browser.js b/browser/app/profile/000-tor-browser.js
index 3e4afd8..26b50e3 100644
--- a/browser/app/profile/000-tor-browser.js
+++ b/browser/app/profile/000-tor-browser.js
@@ -260,7 +260,7 @@ pref("browser.download.panel.shown", true);
#ifdef MOZ_BUNDLED_FONTS
#ifdef XP_MACOSX
-pref("font.system.whitelist", "AppleGothic, Arial, Courier, Geneva, Georgia, Heiti TC, Helvetica, Helvetica Neue, Hiragino Kaku Gothic ProN, Lucida Grande, Monaco, Noto Sans Armenian, Noto Sans Bengali, Noto Sans Canadian Aboriginal, Noto Sans Cherokee, Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Kannada, Noto Sans Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto Sans Telugu, Noto Sans Thaana, Noto Sans Tibetan, Noto Sans Yi, STHeiti, Tahoma, Thonburi, Times, Times New Roman, Verdana");
+pref("font.system.whitelist", "AppleGothic, Arial, Courier, Geneva, Georgia, Heiti TC, Helvetica, Helvetica Neue, Hiragino Kaku Gothic ProN, Lucida Grande, Monaco, Noto Sans Armenian, Noto Sans Bengali, Noto Sans Canadian Aboriginal, Noto Sans Cherokee, Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Kannada, Noto Sans Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto Sans Telugu, Noto Sans Thaana, Noto Sans Tibetan, Noto Sans Yi, STHeiti, STIX Math, Tahoma, Thonburi, Times, Times New Roman, Verdana");
pref("font.name-list.cursive.x-unicode", "Apple Chancery, Noto Sans Armenian, Noto Sans Bengali, Noto Sans Canadian Aboriginal, Noto Sans Cherokee, Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Kannada, Noto Sans Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto Sans Telugu, Noto Sans Thaana, Noto Sans Tibetan, Noto Sans Yi");
pref("font.name-list.fantasy.x-unicode", "Papyrus, Noto Sans Armenian, Noto Sans Bengali, Noto Sans Canadian Aboriginal, Noto Sans Cherokee, Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Kannada, Noto Sans Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto Sans Telugu, Noto Sans Thaana, Noto Sans Tibetan, Noto Sans Yi");
pref("font.name-list.monospace.x-unicode", "Courier, Arial, Noto Sans Armenian, Noto Sans Bengali, Noto Sans Canadian Aboriginal, Noto Sans Cherokee, Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Kannada, Noto Sans Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto Sans Telugu, Noto Sans Thaana, Noto Sans Tibetan, Noto Sans Yi");
@@ -273,7 +273,7 @@ pref("font.name.sans-serif.ar", "Arial");
#endif
#ifdef XP_WIN
-pref("font.system.whitelist", "Arial, Batang, Courier New, Euphemia, Gautami, Georgia, Gulim, GulimChe, Iskoola Pota, Kalinga, Kartika, Latha, Lucida Console, MS Gothic, MS Mincho, MS PGothic, MS PMincho, MV Boli, Mangal, Microsoft Himalaya, Microsoft YaHei, MingLiU, Noto Sans Buginese, Noto Sans Khmer, Noto Sans Lao, Noto Sans Myanmar, Noto Sans Yi, Nyala, PMingLiU, Plantagenet Cherokee, Raavi, Segoe UI, Shruti, SimSun, Sylfaen, Tahoma, Times New Roman, Tunga, Verdana, Vrinda");
+pref("font.system.whitelist", "Arial, Batang, Cambria Math, Courier New, Euphemia, Gautami, Georgia, Gulim, GulimChe, Iskoola Pota, Kalinga, Kartika, Latha, Lucida Console, MS Gothic, MS Mincho, MS PGothic, MS PMincho, MV Boli, Mangal, Microsoft Himalaya, Microsoft YaHei, MingLiU, Noto Sans Buginese, Noto Sans Khmer, Noto Sans Lao, Noto Sans Myanmar, Noto Sans Yi, Nyala, PMingLiU, Plantagenet Cherokee, Raavi, Segoe UI, Shruti, SimSun, Sylfaen, Tahoma, Times New Roman, Tunga, Verdana, Vrinda");
#endif
#ifdef XP_LINUX
1
0
[tor-browser-bundle/master] Bug 17124: No patch for tor alpha > 0.2.7.2 anymore
by gk@torproject.org 12 Oct '15
by gk@torproject.org 12 Oct '15
12 Oct '15
commit fed9df74f3fc35a898710b8186efbfd250ea926d
Author: Georg Koppen <gk(a)torproject.org>
Date: Tue Oct 6 07:48:05 2015 +0000
Bug 17124: No patch for tor alpha > 0.2.7.2 anymore
---
Bundle-Data/linux/Data/Tor/torrc-defaults | 2 +-
Bundle-Data/mac/TorBrowser/Data/Tor/torrc-defaults | 2 +-
Bundle-Data/windows/Data/Tor/torrc-defaults | 2 +-
gitian/descriptors/linux/gitian-tor.yml | 2 --
gitian/descriptors/mac/gitian-tor.yml | 2 --
gitian/descriptors/windows/gitian-tor.yml | 2 --
6 files changed, 3 insertions(+), 9 deletions(-)
diff --git a/Bundle-Data/linux/Data/Tor/torrc-defaults b/Bundle-Data/linux/Data/Tor/torrc-defaults
index e4c8920..4b91aae 100644
--- a/Bundle-Data/linux/Data/Tor/torrc-defaults
+++ b/Bundle-Data/linux/Data/Tor/torrc-defaults
@@ -5,6 +5,6 @@ AvoidDiskWrites 1
Log notice stdout
# Bind to this address to listen to connections from SOCKS-speaking
# applications.
-SocksPort 9150 IPv6Traffic PreferIPv6
+SocksPort 9150 IPv6Traffic PreferIPv6 KeepAliveIsolateSOCKSAuth
ControlPort 9151
CookieAuthentication 1
diff --git a/Bundle-Data/mac/TorBrowser/Data/Tor/torrc-defaults b/Bundle-Data/mac/TorBrowser/Data/Tor/torrc-defaults
index e4c8920..4b91aae 100644
--- a/Bundle-Data/mac/TorBrowser/Data/Tor/torrc-defaults
+++ b/Bundle-Data/mac/TorBrowser/Data/Tor/torrc-defaults
@@ -5,6 +5,6 @@ AvoidDiskWrites 1
Log notice stdout
# Bind to this address to listen to connections from SOCKS-speaking
# applications.
-SocksPort 9150 IPv6Traffic PreferIPv6
+SocksPort 9150 IPv6Traffic PreferIPv6 KeepAliveIsolateSOCKSAuth
ControlPort 9151
CookieAuthentication 1
diff --git a/Bundle-Data/windows/Data/Tor/torrc-defaults b/Bundle-Data/windows/Data/Tor/torrc-defaults
index e4c8920..4b91aae 100644
--- a/Bundle-Data/windows/Data/Tor/torrc-defaults
+++ b/Bundle-Data/windows/Data/Tor/torrc-defaults
@@ -5,6 +5,6 @@ AvoidDiskWrites 1
Log notice stdout
# Bind to this address to listen to connections from SOCKS-speaking
# applications.
-SocksPort 9150 IPv6Traffic PreferIPv6
+SocksPort 9150 IPv6Traffic PreferIPv6 KeepAliveIsolateSOCKSAuth
ControlPort 9151
CookieAuthentication 1
diff --git a/gitian/descriptors/linux/gitian-tor.yml b/gitian/descriptors/linux/gitian-tor.yml
index 906077b..d8e3557 100644
--- a/gitian/descriptors/linux/gitian-tor.yml
+++ b/gitian/descriptors/linux/gitian-tor.yml
@@ -84,8 +84,6 @@ script: |
git am ~/build/bug15482.patch
git am ~/build/bug16430.patch
git am ~/build/bug16674.patch
- else
- git am ~/build/bug15482.patch
fi
mkdir -p $OUTDIR/src
#git archive HEAD | tar -x -C $OUTDIR/src
diff --git a/gitian/descriptors/mac/gitian-tor.yml b/gitian/descriptors/mac/gitian-tor.yml
index 848fbe9..857b5de 100644
--- a/gitian/descriptors/mac/gitian-tor.yml
+++ b/gitian/descriptors/mac/gitian-tor.yml
@@ -62,8 +62,6 @@ script: |
git am ~/build/bug15482.patch
git am ~/build/bug16430.patch
git am ~/build/bug16674.patch
- else
- git am ~/build/bug15482.patch
fi
mkdir -p $OUTDIR/src
#git archive HEAD | tar -x -C $OUTDIR/src
diff --git a/gitian/descriptors/windows/gitian-tor.yml b/gitian/descriptors/windows/gitian-tor.yml
index 7320a65..9d6838c 100644
--- a/gitian/descriptors/windows/gitian-tor.yml
+++ b/gitian/descriptors/windows/gitian-tor.yml
@@ -62,8 +62,6 @@ script: |
git am ~/build/bug15482.patch
git am ~/build/bug16430.patch
git am ~/build/bug16674.patch
- else
- git am ~/build/bug15482.patch
fi
mkdir -p $OUTDIR/src
#git archive HEAD | tar -x -C $OUTDIR/src
1
0