tor-commits
Threads by month
- ----- 2025 -----
- July
- June
- May
- April
- March
- February
- January
- ----- 2024 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2023 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2022 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2021 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2020 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2019 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2018 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2017 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2016 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2015 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2014 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2013 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2012 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2011 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
June 2012
- 17 participants
- 880 discussions

06 Jun '12
commit 0a95676ad47d10a24fe84eed180743d1918b5f48
Author: Mike Perry <mikeperry-git(a)fscked.org>
Date: Wed Jun 6 12:31:14 2012 -0700
Rebase patches to 10.0.5-esr.
Also add back in the HTTP auth request observer patch that was merged.
---
...nents.interfaces-lookupMethod-from-conten.patch | 10 +-
...0002-Make-Permissions-Manager-memory-only.patch | 8 +-
...-Make-Intermediate-Cert-Store-memory-only.patch | 8 +-
.../firefox/0004-Add-a-string-based-cacheKey.patch | 14 +-
.../0005-Block-all-plugins-except-flash.patch | 14 +-
...ontent-pref-service-memory-only-clearable.patch | 10 +-
...owser-exit-when-not-launched-from-Vidalia.patch | 8 +-
.../0008-Disable-SSL-Session-ID-tracking.patch | 6 +-
...observer-event-to-close-persistent-connec.patch | 10 +-
...e-client-values-only-to-CSS-Media-Queries.patch | 4 +-
...11-Limit-the-number-of-fonts-per-document.patch | 26 +-
...ize-HTTP-request-order-and-pipeline-depth.patch | 251 ---------
.../0012-Rebrand-Firefox-to-TorBrowser.patch | 50 ++
.../0013-Make-Download-manager-memory-only.patch | 57 ++
.../0013-Rebrand-Firefox-to-TorBrowser.patch | 50 --
.../0014-Add-DDG-and-StartPage-to-Omnibox.patch | 84 +++
.../0014-Make-Download-manager-memory-only.patch | 57 --
.../0015-Add-DDG-and-StartPage-to-Omnibox.patch | 84 ---
...-nsICacheService.EvictEntries-synchronous.patch | 44 ++
...ven-Michaud-s-Mac-crashfix-patch-for-FF12.patch | 544 --------------------
.../firefox/0016-Prevent-WebSocket-DNS-leak.patch | 132 +++++
...-nsICacheService.EvictEntries-synchronous.patch | 44 --
...ize-HTTP-request-order-and-pipeline-depth.patch | 251 +++++++++
...th-headers-before-the-modify-request-obse.patch | 52 ++
.../firefox/0018-Prevent-WebSocket-DNS-leak.patch | 132 -----
25 files changed, 729 insertions(+), 1221 deletions(-)
diff --git a/src/current-patches/firefox/0001-Block-Components.interfaces-lookupMethod-from-conten.patch b/src/current-patches/firefox/0001-Block-Components.interfaces-lookupMethod-from-conten.patch
index df1c202..1f4a712 100644
--- a/src/current-patches/firefox/0001-Block-Components.interfaces-lookupMethod-from-conten.patch
+++ b/src/current-patches/firefox/0001-Block-Components.interfaces-lookupMethod-from-conten.patch
@@ -1,7 +1,7 @@
-From 878aa170944f7d44a76f0eb09214d46b6028c549 Mon Sep 17 00:00:00 2001
+From 18fea351a9f218893514ccbca82c492ce81d038d Mon Sep 17 00:00:00 2001
From: Mike Perry <mikeperry-git(a)torproject.org>
Date: Wed, 1 Feb 2012 15:40:40 -0800
-Subject: [PATCH 01/16] Block Components.interfaces,lookupMethod from content
+Subject: [PATCH 01/18] Block Components.interfaces,lookupMethod from content
This patch removes the ability of content script to access
Components.interfaces.* as well as call or access Components.lookupMethod.
@@ -20,10 +20,10 @@ https://trac.torproject.org/projects/tor/ticket/2874
1 files changed, 6 insertions(+), 2 deletions(-)
diff --git a/js/xpconnect/src/XPCComponents.cpp b/js/xpconnect/src/XPCComponents.cpp
-index 716cfdb..56e3f55 100644
+index 3bcbf91..d5c020a 100644
--- a/js/xpconnect/src/XPCComponents.cpp
+++ b/js/xpconnect/src/XPCComponents.cpp
-@@ -4261,7 +4261,9 @@ nsXPCComponents::CanCreateWrapper(const nsIID * iid, char **_retval)
+@@ -4456,7 +4456,9 @@ nsXPCComponents::CanCreateWrapper(const nsIID * iid, char **_retval)
NS_IMETHODIMP
nsXPCComponents::CanCallMethod(const nsIID * iid, const PRUnichar *methodName, char **_retval)
{
@@ -34,7 +34,7 @@ index 716cfdb..56e3f55 100644
*_retval = xpc_CheckAccessList(methodName, allowed);
return NS_OK;
}
-@@ -4270,7 +4272,9 @@ nsXPCComponents::CanCallMethod(const nsIID * iid, const PRUnichar *methodName, c
+@@ -4465,7 +4467,9 @@ nsXPCComponents::CanCallMethod(const nsIID * iid, const PRUnichar *methodName, c
NS_IMETHODIMP
nsXPCComponents::CanGetProperty(const nsIID * iid, const PRUnichar *propertyName, char **_retval)
{
diff --git a/src/current-patches/firefox/0002-Make-Permissions-Manager-memory-only.patch b/src/current-patches/firefox/0002-Make-Permissions-Manager-memory-only.patch
index f38dc99..1638a75 100644
--- a/src/current-patches/firefox/0002-Make-Permissions-Manager-memory-only.patch
+++ b/src/current-patches/firefox/0002-Make-Permissions-Manager-memory-only.patch
@@ -1,7 +1,7 @@
-From 5f47c5bdf95633e28b6e338ba8794243b429aefb Mon Sep 17 00:00:00 2001
+From 336217485d707ff63ef42d2a0bc3705c2c7f7a3c Mon Sep 17 00:00:00 2001
From: Mike Perry <mikeperry-git(a)torproject.org>
Date: Wed, 1 Feb 2012 15:45:16 -0800
-Subject: [PATCH 02/16] Make Permissions Manager memory-only
+Subject: [PATCH 02/18] Make Permissions Manager memory-only
This patch exposes a pref 'permissions.memory_only' that properly isolates the
permissions manager to memory, which is responsible for all user specified
@@ -16,7 +16,7 @@ https://trac.torproject.org/projects/tor/ticket/2950
1 files changed, 31 insertions(+), 3 deletions(-)
diff --git a/extensions/cookie/nsPermissionManager.cpp b/extensions/cookie/nsPermissionManager.cpp
-index cdfe21b..a7a0efb 100644
+index 67eb216..12cc7cf 100644
--- a/extensions/cookie/nsPermissionManager.cpp
+++ b/extensions/cookie/nsPermissionManager.cpp
@@ -58,6 +58,10 @@
@@ -75,7 +75,7 @@ index cdfe21b..a7a0efb 100644
NS_ENSURE_SUCCESS(rv, rv);
mDBConn->GetConnectionReady(&ready);
-@@ -794,7 +817,12 @@ NS_IMETHODIMP nsPermissionManager::Observe(nsISupports *aSubject, const char *aT
+@@ -783,7 +806,12 @@ NS_IMETHODIMP nsPermissionManager::Observe(nsISupports *aSubject, const char *aT
{
ENSURE_NOT_CHILD_PROCESS;
diff --git a/src/current-patches/firefox/0003-Make-Intermediate-Cert-Store-memory-only.patch b/src/current-patches/firefox/0003-Make-Intermediate-Cert-Store-memory-only.patch
index 617a78e..faaa4b3 100644
--- a/src/current-patches/firefox/0003-Make-Intermediate-Cert-Store-memory-only.patch
+++ b/src/current-patches/firefox/0003-Make-Intermediate-Cert-Store-memory-only.patch
@@ -1,7 +1,7 @@
-From 8cb78993225793692fe0560d25db4af55e0553bd Mon Sep 17 00:00:00 2001
+From e6d127b805461470bff0dad12f5ad89fc3cd3df3 Mon Sep 17 00:00:00 2001
From: Mike Perry <mikeperry-git(a)fscked.org>
Date: Fri, 19 Aug 2011 17:58:23 -0700
-Subject: [PATCH 03/16] Make Intermediate Cert Store memory-only.
+Subject: [PATCH 03/18] Make Intermediate Cert Store memory-only.
This patch makes the intermediate SSL cert store exist in memory only.
@@ -12,10 +12,10 @@ https://trac.torproject.org/projects/tor/ticket/2949
1 files changed, 14 insertions(+), 1 deletions(-)
diff --git a/security/manager/ssl/src/nsNSSComponent.cpp b/security/manager/ssl/src/nsNSSComponent.cpp
-index 5abc0a5..22becca 100644
+index a08c4ef..0ec3713 100644
--- a/security/manager/ssl/src/nsNSSComponent.cpp
+++ b/security/manager/ssl/src/nsNSSComponent.cpp
-@@ -1738,8 +1738,21 @@ nsNSSComponent::InitializeNSS(bool showWarningBox)
+@@ -1730,8 +1730,21 @@ nsNSSComponent::InitializeNSS(bool showWarningBox)
// Ubuntu 8.04, which loads any nonexistent "<configdir>/libnssckbi.so" as
// "/usr/lib/nss/libnssckbi.so".
PRUint32 init_flags = NSS_INIT_NOROOTINIT | NSS_INIT_OPTIMIZESPACE;
diff --git a/src/current-patches/firefox/0004-Add-a-string-based-cacheKey.patch b/src/current-patches/firefox/0004-Add-a-string-based-cacheKey.patch
index 7ddd877..d917eb4 100644
--- a/src/current-patches/firefox/0004-Add-a-string-based-cacheKey.patch
+++ b/src/current-patches/firefox/0004-Add-a-string-based-cacheKey.patch
@@ -1,7 +1,7 @@
-From c4212c764149b74a04aad7d15cb3df810512e4ba Mon Sep 17 00:00:00 2001
+From 84668dfe7bdcd35d96ffcaf273ade5a5d8d470f8 Mon Sep 17 00:00:00 2001
From: Mike Perry <mikeperry-git(a)fscked.org>
Date: Fri, 2 Sep 2011 20:47:02 -0700
-Subject: [PATCH 04/16] Add a string-based cacheKey.
+Subject: [PATCH 04/18] Add a string-based cacheKey.
Used for isolating cache according to same-origin policy.
---
@@ -29,10 +29,10 @@ index 2da46d6..4ee5774 100644
* may fail if the disk cache is not present. The value of this attribute
* is usually only settable during the processing of a channel's
diff --git a/netwerk/protocol/http/nsHttpChannel.cpp b/netwerk/protocol/http/nsHttpChannel.cpp
-index fab0726..5f42b7b 100644
+index dec2a83..97bd84c 100644
--- a/netwerk/protocol/http/nsHttpChannel.cpp
+++ b/netwerk/protocol/http/nsHttpChannel.cpp
-@@ -2415,6 +2415,12 @@ nsHttpChannel::AssembleCacheKey(const char *spec, PRUint32 postID,
+@@ -2392,6 +2392,12 @@ nsHttpChannel::AssembleCacheKey(const char *spec, PRUint32 postID,
cacheKey.Append(buf);
}
@@ -45,7 +45,7 @@ index fab0726..5f42b7b 100644
if (!cacheKey.IsEmpty()) {
cacheKey.AppendLiteral("uri=");
}
-@@ -4762,6 +4768,22 @@ nsHttpChannel::SetCacheForOfflineUse(bool value)
+@@ -4695,6 +4701,22 @@ nsHttpChannel::SetCacheForOfflineUse(bool value)
}
NS_IMETHODIMP
@@ -69,10 +69,10 @@ index fab0726..5f42b7b 100644
{
value = mOfflineCacheClientID;
diff --git a/netwerk/protocol/http/nsHttpChannel.h b/netwerk/protocol/http/nsHttpChannel.h
-index b7bba48..605dc80 100644
+index 88ce469..53538cf 100644
--- a/netwerk/protocol/http/nsHttpChannel.h
+++ b/netwerk/protocol/http/nsHttpChannel.h
-@@ -304,6 +304,7 @@ private:
+@@ -303,6 +303,7 @@ private:
nsCOMPtr<nsICacheEntryDescriptor> mOfflineCacheEntry;
nsCacheAccessMode mOfflineCacheAccess;
nsCString mOfflineCacheClientID;
diff --git a/src/current-patches/firefox/0005-Block-all-plugins-except-flash.patch b/src/current-patches/firefox/0005-Block-all-plugins-except-flash.patch
index 9a577c0..bb00c55 100644
--- a/src/current-patches/firefox/0005-Block-all-plugins-except-flash.patch
+++ b/src/current-patches/firefox/0005-Block-all-plugins-except-flash.patch
@@ -1,7 +1,7 @@
-From 89d6deddce94c720793a33a1c9fc812ad65116a9 Mon Sep 17 00:00:00 2001
+From 3457f78e346df5962449cbd5aa86624e19fd5f64 Mon Sep 17 00:00:00 2001
From: Mike Perry <mikeperry-git(a)torproject.org>
Date: Wed, 1 Feb 2012 15:50:15 -0800
-Subject: [PATCH 05/16] Block all plugins except flash.
+Subject: [PATCH 05/18] Block all plugins except flash.
We cannot use the @mozilla.org/extensions/blocklist;1 service, because we
actually want to stop plugins from ever entering the browser's process space
@@ -17,10 +17,10 @@ on a better way. Until then, it is delta-darwinism for us.
2 files changed, 35 insertions(+), 0 deletions(-)
diff --git a/dom/plugins/base/nsPluginHost.cpp b/dom/plugins/base/nsPluginHost.cpp
-index ed081fc..7384bcc 100644
+index 992bcd4..f56f231 100644
--- a/dom/plugins/base/nsPluginHost.cpp
+++ b/dom/plugins/base/nsPluginHost.cpp
-@@ -1985,6 +1985,35 @@ bool nsPluginHost::IsDuplicatePlugin(nsPluginTag * aPluginTag)
+@@ -1968,6 +1968,35 @@ bool nsPluginHost::IsDuplicatePlugin(nsPluginTag * aPluginTag)
return false;
}
@@ -56,7 +56,7 @@ index ed081fc..7384bcc 100644
typedef NS_NPAPIPLUGIN_CALLBACK(char *, NP_GETMIMEDESCRIPTION)(void);
nsresult nsPluginHost::ScanPluginsDirectory(nsIFile *pluginsDir,
-@@ -2118,6 +2147,10 @@ nsresult nsPluginHost::ScanPluginsDirectory(nsIFile *pluginsDir,
+@@ -2101,6 +2130,10 @@ nsresult nsPluginHost::ScanPluginsDirectory(nsIFile *pluginsDir,
continue;
}
@@ -68,10 +68,10 @@ index ed081fc..7384bcc 100644
if (!pluginTag) {
nsPluginFile pluginFile(localfile);
diff --git a/dom/plugins/base/nsPluginHost.h b/dom/plugins/base/nsPluginHost.h
-index 5630b8d..f54bd32 100644
+index 39a8891..c262abf 100644
--- a/dom/plugins/base/nsPluginHost.h
+++ b/dom/plugins/base/nsPluginHost.h
-@@ -285,6 +285,8 @@ private:
+@@ -278,6 +278,8 @@ private:
// Loads all cached plugins info into mCachedPlugins
nsresult ReadPluginInfo();
diff --git a/src/current-patches/firefox/0006-Make-content-pref-service-memory-only-clearable.patch b/src/current-patches/firefox/0006-Make-content-pref-service-memory-only-clearable.patch
index a26bfec..285c619 100644
--- a/src/current-patches/firefox/0006-Make-content-pref-service-memory-only-clearable.patch
+++ b/src/current-patches/firefox/0006-Make-content-pref-service-memory-only-clearable.patch
@@ -1,7 +1,7 @@
-From b2cc8f517c6589def4cc126af0b5f1898d61541c Mon Sep 17 00:00:00 2001
+From 66ff6c30d5b1de5d549181acbba686f792fe4cb4 Mon Sep 17 00:00:00 2001
From: Mike Perry <mikeperry-git(a)fscked.org>
Date: Thu, 8 Sep 2011 08:40:17 -0700
-Subject: [PATCH 06/16] Make content pref service memory-only + clearable
+Subject: [PATCH 06/18] Make content pref service memory-only + clearable
This prevents random urls from being inserted into content-prefs.sqllite in
the profile directory as content prefs change (includes site-zoom and perhaps
@@ -11,10 +11,10 @@ other site prefs?).
1 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/toolkit/components/contentprefs/nsContentPrefService.js b/toolkit/components/contentprefs/nsContentPrefService.js
-index 17cac93..1f12609 100644
+index adfb650..1619d5f 100644
--- a/toolkit/components/contentprefs/nsContentPrefService.js
+++ b/toolkit/components/contentprefs/nsContentPrefService.js
-@@ -1242,7 +1242,7 @@ ContentPrefService.prototype = {
+@@ -1240,7 +1240,7 @@ ContentPrefService.prototype = {
var dbConnection;
@@ -23,7 +23,7 @@ index 17cac93..1f12609 100644
dbConnection = this._dbCreate(dbService, dbFile);
else {
try {
-@@ -1290,7 +1290,7 @@ ContentPrefService.prototype = {
+@@ -1288,7 +1288,7 @@ ContentPrefService.prototype = {
},
_dbCreate: function ContentPrefService__dbCreate(aDBService, aDBFile) {
diff --git a/src/current-patches/firefox/0007-Make-Tor-Browser-exit-when-not-launched-from-Vidalia.patch b/src/current-patches/firefox/0007-Make-Tor-Browser-exit-when-not-launched-from-Vidalia.patch
index 9b76f8c..af74f2c 100644
--- a/src/current-patches/firefox/0007-Make-Tor-Browser-exit-when-not-launched-from-Vidalia.patch
+++ b/src/current-patches/firefox/0007-Make-Tor-Browser-exit-when-not-launched-from-Vidalia.patch
@@ -1,7 +1,7 @@
-From 57e5abfa15950713acfb5d9a94f636579dde4d12 Mon Sep 17 00:00:00 2001
+From d6956a597662f3d753622377183cb317ef6a3ad4 Mon Sep 17 00:00:00 2001
From: Mike Perry <mikeperry-git(a)fscked.org>
Date: Sun, 9 Oct 2011 22:50:07 -0700
-Subject: [PATCH 07/16] Make Tor Browser exit when not launched from Vidalia
+Subject: [PATCH 07/18] Make Tor Browser exit when not launched from Vidalia
Turns out the Windows 7 UI encourages users to "dock" their Tor Browser app
for easy relaunch. If they manage to do this, we should fail closed rather
@@ -16,10 +16,10 @@ actually be common.
1 files changed, 15 insertions(+), 0 deletions(-)
diff --git a/browser/base/content/browser.js b/browser/base/content/browser.js
-index 9dfc667..dd1619a 100644
+index b06a17b..fc1d305 100644
--- a/browser/base/content/browser.js
+++ b/browser/base/content/browser.js
-@@ -1226,6 +1226,21 @@ function BrowserStartup() {
+@@ -1217,6 +1217,21 @@ function BrowserStartup() {
prepareForStartup();
diff --git a/src/current-patches/firefox/0008-Disable-SSL-Session-ID-tracking.patch b/src/current-patches/firefox/0008-Disable-SSL-Session-ID-tracking.patch
index ff692fe..2c8669e 100644
--- a/src/current-patches/firefox/0008-Disable-SSL-Session-ID-tracking.patch
+++ b/src/current-patches/firefox/0008-Disable-SSL-Session-ID-tracking.patch
@@ -1,7 +1,7 @@
-From 4d7f3122a76e0d5a31ba352880892fecd493252b Mon Sep 17 00:00:00 2001
+From 70161b38e1855ce4b7a61ac1e9572fb07dfbedda Mon Sep 17 00:00:00 2001
From: Mike Perry <mikeperry-git(a)fscked.org>
Date: Wed, 7 Dec 2011 19:36:38 -0800
-Subject: [PATCH 08/16] Disable SSL Session ID tracking.
+Subject: [PATCH 08/18] Disable SSL Session ID tracking.
We can't easily bind SSL Session ID tracking to url bar domain,
so we have to disable them to satisfy
@@ -11,7 +11,7 @@ https://www.torproject.org/projects/torbrowser/design/#identifier-linkabili….
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/security/nss/lib/ssl/sslsock.c b/security/nss/lib/ssl/sslsock.c
-index 22206f7..31086db 100644
+index 28e6210..fa48ecd 100644
--- a/security/nss/lib/ssl/sslsock.c
+++ b/security/nss/lib/ssl/sslsock.c
@@ -173,7 +173,7 @@ static sslOptions ssl_defaults = {
diff --git a/src/current-patches/firefox/0009-Provide-an-observer-event-to-close-persistent-connec.patch b/src/current-patches/firefox/0009-Provide-an-observer-event-to-close-persistent-connec.patch
index 2c5f135..cf63ff1 100644
--- a/src/current-patches/firefox/0009-Provide-an-observer-event-to-close-persistent-connec.patch
+++ b/src/current-patches/firefox/0009-Provide-an-observer-event-to-close-persistent-connec.patch
@@ -1,7 +1,7 @@
-From 873acaa3fd6df60fe57f1549cdb45df7e277808d Mon Sep 17 00:00:00 2001
+From d5ef29d9219a7ff9a78f9523845a2e2966c2a266 Mon Sep 17 00:00:00 2001
From: Mike Perry <mikeperry-git(a)torproject.org>
Date: Wed, 1 Feb 2012 15:53:28 -0800
-Subject: [PATCH 09/16] Provide an observer event to close persistent
+Subject: [PATCH 09/18] Provide an observer event to close persistent
connections
We need to prevent linkability across "New Identity", which includes closing
@@ -11,10 +11,10 @@ keep-alive connections.
1 files changed, 7 insertions(+), 0 deletions(-)
diff --git a/netwerk/protocol/http/nsHttpHandler.cpp b/netwerk/protocol/http/nsHttpHandler.cpp
-index ebc7641..dbcdff7 100644
+index 281d6ff..8125681 100644
--- a/netwerk/protocol/http/nsHttpHandler.cpp
+++ b/netwerk/protocol/http/nsHttpHandler.cpp
-@@ -331,6 +331,7 @@ nsHttpHandler::Init()
+@@ -325,6 +325,7 @@ nsHttpHandler::Init()
mObserverService->AddObserver(this, "net:clear-active-logins", true);
mObserverService->AddObserver(this, NS_PRIVATE_BROWSING_SWITCH_TOPIC, true);
mObserverService->AddObserver(this, "net:prune-dead-connections", true);
@@ -22,7 +22,7 @@ index ebc7641..dbcdff7 100644
}
return NS_OK;
-@@ -1522,6 +1523,12 @@ nsHttpHandler::Observe(nsISupports *subject,
+@@ -1504,6 +1505,12 @@ nsHttpHandler::Observe(nsISupports *subject,
mConnMgr->PruneDeadConnections();
}
}
diff --git a/src/current-patches/firefox/0010-Provide-client-values-only-to-CSS-Media-Queries.patch b/src/current-patches/firefox/0010-Provide-client-values-only-to-CSS-Media-Queries.patch
index 661f0ca..fc55116 100644
--- a/src/current-patches/firefox/0010-Provide-client-values-only-to-CSS-Media-Queries.patch
+++ b/src/current-patches/firefox/0010-Provide-client-values-only-to-CSS-Media-Queries.patch
@@ -1,7 +1,7 @@
-From a27dcd387d8c3c1f1e150dcdd3c8aa1872ad14b5 Mon Sep 17 00:00:00 2001
+From ee455135f0084be04e74952182e4f948643c5347 Mon Sep 17 00:00:00 2001
From: Mike Perry <mikeperry-git(a)fscked.org>
Date: Tue, 20 Dec 2011 21:02:49 -0800
-Subject: [PATCH 10/16] Provide client values only to CSS Media Queries
+Subject: [PATCH 10/18] Provide client values only to CSS Media Queries
Also disable a bunch of Mozilla extensions that smell like they are
fingerprintable.
diff --git a/src/current-patches/firefox/0011-Limit-the-number-of-fonts-per-document.patch b/src/current-patches/firefox/0011-Limit-the-number-of-fonts-per-document.patch
index 9dce423..3e0391d 100644
--- a/src/current-patches/firefox/0011-Limit-the-number-of-fonts-per-document.patch
+++ b/src/current-patches/firefox/0011-Limit-the-number-of-fonts-per-document.patch
@@ -1,7 +1,7 @@
-From c4d1c23872e2be83f33f2b9bfc5c49d2b98c73a6 Mon Sep 17 00:00:00 2001
+From 6eff7de2e19b0970b04b8721be4f46577617894c Mon Sep 17 00:00:00 2001
From: Mike Perry <mikeperry-git(a)torproject.org>
Date: Wed, 1 Feb 2012 16:01:21 -0800
-Subject: [PATCH 11/16] Limit the number of fonts per document.
+Subject: [PATCH 11/18] Limit the number of fonts per document.
We create two prefs:
browser.display.max_font_count and browser.display.max_font_attempts.
@@ -23,7 +23,7 @@ https://www.torproject.org/projects/torbrowser/design/#fingerprinting-linka…
3 files changed, 119 insertions(+), 3 deletions(-)
diff --git a/layout/base/nsPresContext.cpp b/layout/base/nsPresContext.cpp
-index 49b201e..0a8db3c 100644
+index e1587db..9690d9c 100644
--- a/layout/base/nsPresContext.cpp
+++ b/layout/base/nsPresContext.cpp
@@ -98,6 +98,8 @@
@@ -35,7 +35,7 @@ index 49b201e..0a8db3c 100644
#ifdef IBMBIDI
#include "nsBidiPresUtils.h"
-@@ -733,6 +735,10 @@ nsPresContext::GetUserPreferences()
+@@ -706,6 +708,10 @@ nsPresContext::GetUserPreferences()
// * use fonts?
mUseDocumentFonts =
Preferences::GetInt("browser.display.use_document_fonts") != 0;
@@ -46,7 +46,7 @@ index 49b201e..0a8db3c 100644
// * replace backslashes with Yen signs? (bug 245770)
mEnableJapaneseTransform =
-@@ -1334,6 +1340,100 @@ nsPresContext::GetDefaultFont(PRUint8 aFontID) const
+@@ -1300,6 +1306,100 @@ nsPresContext::GetDefaultFont(PRUint8 aFontID) const
return font;
}
@@ -148,10 +148,10 @@ index 49b201e..0a8db3c 100644
nsPresContext::SetFullZoom(float aZoom)
{
diff --git a/layout/base/nsPresContext.h b/layout/base/nsPresContext.h
-index 4b70c2f..ae8fcd5 100644
+index ecd01d8..552a69a 100644
--- a/layout/base/nsPresContext.h
+++ b/layout/base/nsPresContext.h
-@@ -535,6 +535,13 @@ public:
+@@ -548,6 +548,13 @@ public:
}
}
@@ -165,7 +165,7 @@ index 4b70c2f..ae8fcd5 100644
PRInt32 MinFontSize() const {
return NS_MAX(mMinFontSize, mMinimumFontSizePref);
}
-@@ -1127,6 +1134,8 @@ protected:
+@@ -1117,6 +1124,8 @@ protected:
PRUint32 mInterruptChecksToSkip;
mozilla::TimeStamp mReflowStartTime;
@@ -175,10 +175,10 @@ index 4b70c2f..ae8fcd5 100644
unsigned mHasPendingInterrupt : 1;
unsigned mInterruptsEnabled : 1;
diff --git a/layout/style/nsRuleNode.cpp b/layout/style/nsRuleNode.cpp
-index 9eb41ac..47065d0 100644
+index 27336bf..827585a 100644
--- a/layout/style/nsRuleNode.cpp
+++ b/layout/style/nsRuleNode.cpp
-@@ -3087,6 +3087,7 @@ nsRuleNode::ComputeFontData(void* aStartStruct,
+@@ -3091,6 +3091,7 @@ nsRuleNode::ComputeFontData(void* aStartStruct,
// See if there is a minimum font-size constraint to honor
nscoord minimumFontSize = mPresContext->MinFontSize();
@@ -186,7 +186,7 @@ index 9eb41ac..47065d0 100644
if (minimumFontSize < 0)
minimumFontSize = 0;
-@@ -3098,10 +3099,10 @@ nsRuleNode::ComputeFontData(void* aStartStruct,
+@@ -3102,10 +3103,10 @@ nsRuleNode::ComputeFontData(void* aStartStruct,
// We only need to know this to determine if we have to use the
// document fonts (overriding the useDocumentFonts flag), or to
// determine if we have to override the minimum font-size constraint.
@@ -199,7 +199,7 @@ index 9eb41ac..47065d0 100644
minimumFontSize = 0;
}
-@@ -3116,9 +3117,13 @@ nsRuleNode::ComputeFontData(void* aStartStruct,
+@@ -3120,9 +3121,13 @@ nsRuleNode::ComputeFontData(void* aStartStruct,
// generic?
nsFont::GetGenericID(font->mFont.name, &generic);
@@ -214,7 +214,7 @@ index 9eb41ac..47065d0 100644
// Extract the generic from the specified font family...
nsAutoString genericName;
if (!font->mFont.EnumerateFamilies(ExtractGeneric, &genericName)) {
-@@ -3154,6 +3159,8 @@ nsRuleNode::ComputeFontData(void* aStartStruct,
+@@ -3158,6 +3163,8 @@ nsRuleNode::ComputeFontData(void* aStartStruct,
minimumFontSize, font);
}
diff --git a/src/current-patches/firefox/0012-Randomize-HTTP-request-order-and-pipeline-depth.patch b/src/current-patches/firefox/0012-Randomize-HTTP-request-order-and-pipeline-depth.patch
deleted file mode 100644
index 33ff9a2..0000000
--- a/src/current-patches/firefox/0012-Randomize-HTTP-request-order-and-pipeline-depth.patch
+++ /dev/null
@@ -1,251 +0,0 @@
-From 6147cea4de151dade922b3c2787016f70c222458 Mon Sep 17 00:00:00 2001
-From: Mike Perry <mikeperry-git(a)torproject.org>
-Date: Tue, 24 Apr 2012 17:21:45 -0700
-Subject: [PATCH 12/16] Randomize HTTP request order and pipeline depth.
-
-This is an experimental defense against
-http://lorre.uni.lu/~andriy/papers/acmccs-wpes11-fingerprinting.pdf
-
-See:
-https://blog.torproject.org/blog/experimental-defense-website-traffic-fingerprinting
-
-This defense has been improved since that blog post to additionally randomize
-the order and concurrency of non-pipelined HTTP requests.
----
- netwerk/protocol/http/nsHttpConnectionMgr.cpp | 133 ++++++++++++++++++++++++-
- netwerk/protocol/http/nsHttpConnectionMgr.h | 5 +
- 2 files changed, 133 insertions(+), 5 deletions(-)
-
-diff --git a/netwerk/protocol/http/nsHttpConnectionMgr.cpp b/netwerk/protocol/http/nsHttpConnectionMgr.cpp
-index 6e1099d..3eec5b3 100644
---- a/netwerk/protocol/http/nsHttpConnectionMgr.cpp
-+++ b/netwerk/protocol/http/nsHttpConnectionMgr.cpp
-@@ -100,6 +100,12 @@ nsHttpConnectionMgr::nsHttpConnectionMgr()
- mCT.Init();
- mAlternateProtocolHash.Init(16);
- mSpdyPreferredHash.Init();
-+
-+ nsresult rv;
-+ mRandomGenerator = do_GetService("@mozilla.org/security/random-generator;1", &rv);
-+ if (NS_FAILED(rv)) {
-+ mRandomGenerator = nsnull;
-+ }
- }
-
- nsHttpConnectionMgr::~nsHttpConnectionMgr()
-@@ -353,8 +359,12 @@ nsHttpConnectionMgr::AddTransactionToPipeline(nsHttpPipeline *pipeline)
- nsConnectionEntry *ent = mCT.Get(ci->HashKey());
- if (ent) {
- // search for another request to pipeline...
-- PRInt32 i, count = ent->mPendingQ.Length();
-- for (i=0; i<count; ++i) {
-+ PRInt32 i, h, count = ent->mPendingQ.Length();
-+ PRInt32* ind = new PRInt32[count];
-+ ShuffleRequestOrder((PRUint32*)ind, (PRUint32)count);
-+
-+ for (h=0; h<count; ++h) {
-+ i = ind[h]; // random request sequence
- nsHttpTransaction *trans = ent->mPendingQ[i];
- if (trans->Caps() & NS_HTTP_ALLOW_PIPELINING) {
- pipeline->AddTransaction(trans);
-@@ -365,6 +375,8 @@
- break;
- }
- }
-+
-+ delete [] ind;
- }
- }
- }
-@@ -898,12 +908,17 @@ nsHttpConnectionMgr::ProcessPendingQForEntry(nsConnectionEntry *ent)
-
- ProcessSpdyPendingQ(ent);
-
-- PRUint32 i, count = ent->mPendingQ.Length();
-+ PRUint32 h, i = 0, count = ent->mPendingQ.Length();
- if (count > 0) {
- LOG((" pending-count=%u\n", count));
- nsHttpTransaction *trans = nsnull;
- nsHttpConnection *conn = nsnull;
-- for (i = 0; i < count; ++i) {
-+
-+ PRUint32* ind = new PRUint32[count];
-+ ShuffleRequestOrder(ind, count);
-+
-+ for (h=0; h<count; ++h) {
-+ i = ind[h]; // random request sequence
- trans = ent->mPendingQ[i];
-
- // When this transaction has already established a half-open
-@@ -927,6 +944,7 @@
- "something mutated pending queue from "
- "GetConnection()");
- }
-+ delete [] ind;
- if (conn) {
- LOG((" dispatching pending transaction...\n"));
-
-@@ -1011,6 +1026,19 @@ nsHttpConnectionMgr::AtActiveConnectionLimit(nsConnectionEntry *ent, PRUint8 cap
- maxPersistConns = mMaxPersistConnsPerHost;
- }
-
-+ // Fuzz maxConns for website fingerprinting attack
-+ // We create a range of maxConns/5 up to 6*maxConns/5
-+ // because this function is called repeatedly, and we'll
-+ // end up converging on a the high side of concurrent connections
-+ // after a short while.
-+ PRUint8 *bytes = nsnull;
-+ nsresult rv = mRandomGenerator->GenerateRandomBytes(1, &bytes);
-+ NS_ENSURE_SUCCESS(rv, rv);
-+
-+ bytes[0] = bytes[0] % (maxConns + 1);
-+ maxConns = (maxConns/5) + bytes[0];
-+ NS_Free(bytes);
-+
- // use >= just to be safe
- return (totalCount >= maxConns) || ( (caps & NS_HTTP_ALLOW_KEEPALIVE) &&
- (persistCount >= maxPersistConns) );
-@@ -1227,7 +1255,7 @@ nsHttpConnectionMgr::DispatchTransaction(nsConnectionEntry *ent,
-
- if (conn->SupportsPipelining() && (caps & NS_HTTP_ALLOW_PIPELINING)) {
- LOG((" looking to build pipeline...\n"));
-- if (BuildPipeline(ent, trans, &pipeline))
-+ if (BuildRandomizedPipeline(ent, trans, &pipeline))
- trans = pipeline;
- }
-
-@@ -1300,6 +1328,101 @@ nsHttpConnectionMgr::BuildPipeline(nsConnectionEntry *ent,
- return true;
- }
-
-+
-+// Generate a shuffled request ordering sequence
-+void
-+nsHttpConnectionMgr::ShuffleRequestOrder(PRUint32 *ind, PRUint32 count)
-+{
-+ PRUint32 i;
-+ PRUint32 *rints;
-+
-+ for (i=0; i<count; ++i) {
-+ ind[i] = i;
-+ }
-+ nsresult rv = mRandomGenerator->GenerateRandomBytes(sizeof(PRUint32)*count,
-+ (PRUint8**)&rints);
-+ if (NS_FAILED(rv))
-+ return; // Leave unshuffled if error
-+
-+ for (i=0; i < count; ++i) {
-+ PRInt32 temp = ind[i];
-+ ind[i] = ind[rints[i]%count];
-+ ind[rints[i]%count] = temp;
-+ }
-+ NS_Free(rints);
-+}
-+
-+bool
-+nsHttpConnectionMgr::BuildRandomizedPipeline(nsConnectionEntry *ent,
-+ nsAHttpTransaction *firstTrans,
-+ nsHttpPipeline **result)
-+{
-+ if (mRandomGenerator == nsnull)
-+ return BuildPipeline(ent, firstTrans, result);
-+ if (mMaxPipelinedRequests < 2)
-+ return PR_FALSE;
-+
-+ nsresult rv;
-+ PRUint8 *bytes = nsnull;
-+
-+ nsHttpPipeline *pipeline = nsnull;
-+ nsHttpTransaction *trans;
-+
-+ PRUint32 i = 0, numAdded = 0, numAllowed = 0;
-+ PRUint32 max = 0;
-+
-+ while (i < ent->mPendingQ.Length()) {
-+ if (ent->mPendingQ[i]->Caps() & NS_HTTP_ALLOW_PIPELINING)
-+ numAllowed++;
-+ i++;
-+ }
-+
-+ rv = mRandomGenerator->GenerateRandomBytes(1, &bytes);
-+ NS_ENSURE_SUCCESS(rv, rv);
-+ // 4...12
-+ max = 4 + (bytes[0] % (mMaxPipelinedRequests + 1));
-+ NS_Free(bytes);
-+
-+ while (numAllowed > 0) {
-+ rv = mRandomGenerator->GenerateRandomBytes(1, &bytes);
-+ NS_ENSURE_SUCCESS(rv, rv);
-+ i = bytes[0] % ent->mPendingQ.Length();
-+ NS_Free(bytes);
-+
-+ trans = ent->mPendingQ[i];
-+
-+ if (!(ent->mPendingQ[i]->Caps() & NS_HTTP_ALLOW_PIPELINING))
-+ continue;
-+
-+ if (numAdded == 0) {
-+ pipeline = new nsHttpPipeline;
-+ if (!pipeline)
-+ return PR_FALSE;
-+ pipeline->AddTransaction(firstTrans);
-+ numAdded = 1;
-+ }
-+ pipeline->AddTransaction(trans);
-+
-+ // remove transaction from pending queue
-+ ent->mPendingQ.RemoveElementAt(i);
-+ NS_RELEASE(trans);
-+
-+ numAllowed--;
-+
-+ if (++numAdded == max)
-+ break;
-+ }
-+
-+ //fprintf(stderr, "Yay!!! pipelined %u/%u transactions\n", numAdded, max);
-+ LOG((" pipelined %u/%u transactions\n", numAdded, max));
-+
-+ if (numAdded == 0)
-+ return PR_FALSE;
-+
-+ NS_ADDREF(*result = pipeline);
-+ return PR_TRUE;
-+}
-+
- nsresult
- nsHttpConnectionMgr::ProcessNewTransaction(nsHttpTransaction *trans)
- {
-diff --git a/netwerk/protocol/http/nsHttpConnectionMgr.h b/netwerk/protocol/http/nsHttpConnectionMgr.h
-index a13da0f..59ee9b9 100644
---- a/netwerk/protocol/http/nsHttpConnectionMgr.h
-+++ b/netwerk/protocol/http/nsHttpConnectionMgr.h
-@@ -54,6 +54,7 @@
- #include "nsIObserver.h"
- #include "nsITimer.h"
- #include "nsIX509Cert3.h"
-+#include "nsIRandomGenerator.h"
-
- class nsHttpPipeline;
-
-@@ -317,6 +318,8 @@ private:
- nsresult DispatchTransaction(nsConnectionEntry *, nsHttpTransaction *,
- PRUint8 caps, nsHttpConnection *);
- bool BuildPipeline(nsConnectionEntry *, nsAHttpTransaction *, nsHttpPipeline **);
-+ bool BuildRandomizedPipeline(nsConnectionEntry *, nsAHttpTransaction *, nsHttpPipeline **);
-+ void ShuffleRequestOrder(PRUint32 *, PRUint32);
- nsresult ProcessNewTransaction(nsHttpTransaction *);
- nsresult EnsureSocketThreadTargetIfOnline();
- void ClosePersistentConnections(nsConnectionEntry *ent);
-@@ -409,6 +412,8 @@ private:
- PRUint64 mTimeOfNextWakeUp;
- // Timer for next pruning of dead connections.
- nsCOMPtr<nsITimer> mTimer;
-+ // Random number generator for reordering HTTP pipeline
-+ nsCOMPtr<nsIRandomGenerator> mRandomGenerator;
-
- //
- // the connection table
---
-1.7.5.4
-
diff --git a/src/current-patches/firefox/0012-Rebrand-Firefox-to-TorBrowser.patch b/src/current-patches/firefox/0012-Rebrand-Firefox-to-TorBrowser.patch
new file mode 100644
index 0000000..6f087be
--- /dev/null
+++ b/src/current-patches/firefox/0012-Rebrand-Firefox-to-TorBrowser.patch
@@ -0,0 +1,50 @@
+From a1fcacb6cf3286226552028775aa41c4109546a6 Mon Sep 17 00:00:00 2001
+From: Erinn Clark <erinn(a)torproject.org>
+Date: Wed, 25 Apr 2012 09:14:00 -0300
+Subject: [PATCH 12/18] Rebrand Firefox to TorBrowser
+
+This patch does some basic renaming of Firefox to TorBrowser. The rest of the
+branding is done by images and icons.
+---
+ browser/branding/official/configure.sh | 2 +-
+ browser/branding/official/locales/en-US/brand.dtd | 6 +++---
+ .../official/locales/en-US/brand.properties | 6 +++---
+ 3 files changed, 7 insertions(+), 7 deletions(-)
+
+diff --git a/browser/branding/official/configure.sh b/browser/branding/official/configure.sh
+index 4d3d297..e9b3738 100644
+--- a/browser/branding/official/configure.sh
++++ b/browser/branding/official/configure.sh
+@@ -1,2 +1,2 @@
+-MOZ_APP_DISPLAYNAME=Firefox
++MOZ_APP_DISPLAYNAME=TorBrowser
+ MOZ_UA_BUILDID=20100101
+diff --git a/browser/branding/official/locales/en-US/brand.dtd b/browser/branding/official/locales/en-US/brand.dtd
+index 142d79b..c137e04 100644
+--- a/browser/branding/official/locales/en-US/brand.dtd
++++ b/browser/branding/official/locales/en-US/brand.dtd
+@@ -1,4 +1,4 @@
+-<!ENTITY brandShortName "Firefox">
+-<!ENTITY brandFullName "Mozilla Firefox">
+-<!ENTITY vendorShortName "Mozilla">
++<!ENTITY brandShortName "TorBrowser">
++<!ENTITY brandFullName "Tor Browser">
++<!ENTITY vendorShortName "Tor Project">
+ <!ENTITY trademarkInfo.part1 "Firefox and the Firefox logos are trademarks of the Mozilla Foundation.">
+diff --git a/browser/branding/official/locales/en-US/brand.properties b/browser/branding/official/locales/en-US/brand.properties
+index 5f3ad54..62ac2fd 100644
+--- a/browser/branding/official/locales/en-US/brand.properties
++++ b/browser/branding/official/locales/en-US/brand.properties
+@@ -1,6 +1,6 @@
+-brandShortName=Firefox
+-brandFullName=Mozilla Firefox
+-vendorShortName=Mozilla
++brandShortName=TorBrowser
++brandFullName=Tor Browser
++vendorShortName=Tor Project
+
+ homePageSingleStartMain=Firefox Start, a fast home page with built-in search
+ homePageImport=Import your home page from %S
+--
+1.7.5.4
+
diff --git a/src/current-patches/firefox/0013-Make-Download-manager-memory-only.patch b/src/current-patches/firefox/0013-Make-Download-manager-memory-only.patch
new file mode 100644
index 0000000..171a699
--- /dev/null
+++ b/src/current-patches/firefox/0013-Make-Download-manager-memory-only.patch
@@ -0,0 +1,57 @@
+From c1ddd87b5cc6e69516c4b465cfa992a5c496e6d0 Mon Sep 17 00:00:00 2001
+From: Mike Perry <mikeperry-git(a)torproject.org>
+Date: Wed, 25 Apr 2012 13:39:35 -0700
+Subject: [PATCH 13/18] Make Download manager memory only.
+
+Solves https://trac.torproject.org/projects/tor/ticket/4017.
+
+Yes, this is an ugly hack. We *could* send the observer notification from
+Torbutton to tell the download manager to switch to memory, but then we have
+to dance around and tell it again if the user switches in and out of private
+browsing mode..
+
+The right way to do this is with a pref. Maybe I'll get to that someday, if
+this breaks enough times in conflict.
+---
+ toolkit/components/downloads/nsDownloadManager.cpp | 4 ++--
+ toolkit/components/downloads/nsDownloadManager.h | 2 +-
+ 2 files changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/toolkit/components/downloads/nsDownloadManager.cpp b/toolkit/components/downloads/nsDownloadManager.cpp
+index 00a6e7d..2e83f61 100644
+--- a/toolkit/components/downloads/nsDownloadManager.cpp
++++ b/toolkit/components/downloads/nsDownloadManager.cpp
+@@ -1992,7 +1992,7 @@ nsDownloadManager::Observe(nsISupports *aSubject,
+ if (NS_LITERAL_STRING("memory").Equals(aData))
+ return SwitchDatabaseTypeTo(DATABASE_MEMORY);
+ else if (NS_LITERAL_STRING("disk").Equals(aData))
+- return SwitchDatabaseTypeTo(DATABASE_DISK);
++ return SwitchDatabaseTypeTo(DATABASE_MEMORY);
+ }
+ else if (strcmp(aTopic, "alertclickcallback") == 0) {
+ nsCOMPtr<nsIDownloadManagerUI> dmui =
+@@ -2069,7 +2069,7 @@ nsDownloadManager::OnLeavePrivateBrowsingMode()
+ (void)ResumeAllDownloads(false);
+
+ // Switch back to the on-disk DB again
+- (void)SwitchDatabaseTypeTo(DATABASE_DISK);
++ //(void)SwitchDatabaseTypeTo(DATABASE_DISK);
+
+ mInPrivateBrowsing = false;
+ }
+diff --git a/toolkit/components/downloads/nsDownloadManager.h b/toolkit/components/downloads/nsDownloadManager.h
+index 54312e4..cb63b52 100644
+--- a/toolkit/components/downloads/nsDownloadManager.h
++++ b/toolkit/components/downloads/nsDownloadManager.h
+@@ -90,7 +90,7 @@ public:
+
+ virtual ~nsDownloadManager();
+ nsDownloadManager() :
+- mDBType(DATABASE_DISK)
++ mDBType(DATABASE_MEMORY)
+ , mInPrivateBrowsing(false)
+ #ifdef DOWNLOAD_SCANNER
+ , mScanner(nsnull)
+--
+1.7.5.4
+
diff --git a/src/current-patches/firefox/0013-Rebrand-Firefox-to-TorBrowser.patch b/src/current-patches/firefox/0013-Rebrand-Firefox-to-TorBrowser.patch
deleted file mode 100644
index 81ee4e2..0000000
--- a/src/current-patches/firefox/0013-Rebrand-Firefox-to-TorBrowser.patch
+++ /dev/null
@@ -1,50 +0,0 @@
-From 6a588618b49d59512c118802911d6f95c610299f Mon Sep 17 00:00:00 2001
-From: Erinn Clark <erinn(a)torproject.org>
-Date: Wed, 25 Apr 2012 09:14:00 -0300
-Subject: [PATCH 13/16] Rebrand Firefox to TorBrowser
-
-This patch does some basic renaming of Firefox to TorBrowser. The rest of the
-branding is done by images and icons.
----
- browser/branding/official/configure.sh | 2 +-
- browser/branding/official/locales/en-US/brand.dtd | 6 +++---
- .../official/locales/en-US/brand.properties | 6 +++---
- 3 files changed, 7 insertions(+), 7 deletions(-)
-
-diff --git a/browser/branding/official/configure.sh b/browser/branding/official/configure.sh
-index 4d3d297..e9b3738 100644
---- a/browser/branding/official/configure.sh
-+++ b/browser/branding/official/configure.sh
-@@ -1,2 +1,2 @@
--MOZ_APP_DISPLAYNAME=Firefox
-+MOZ_APP_DISPLAYNAME=TorBrowser
- MOZ_UA_BUILDID=20100101
-diff --git a/browser/branding/official/locales/en-US/brand.dtd b/browser/branding/official/locales/en-US/brand.dtd
-index 142d79b..c137e04 100644
---- a/browser/branding/official/locales/en-US/brand.dtd
-+++ b/browser/branding/official/locales/en-US/brand.dtd
-@@ -1,4 +1,4 @@
--<!ENTITY brandShortName "Firefox">
--<!ENTITY brandFullName "Mozilla Firefox">
--<!ENTITY vendorShortName "Mozilla">
-+<!ENTITY brandShortName "TorBrowser">
-+<!ENTITY brandFullName "Tor Browser">
-+<!ENTITY vendorShortName "Tor Project">
- <!ENTITY trademarkInfo.part1 "Firefox and the Firefox logos are trademarks of the Mozilla Foundation.">
-diff --git a/browser/branding/official/locales/en-US/brand.properties b/browser/branding/official/locales/en-US/brand.properties
-index 5f3ad54..62ac2fd 100644
---- a/browser/branding/official/locales/en-US/brand.properties
-+++ b/browser/branding/official/locales/en-US/brand.properties
-@@ -1,6 +1,6 @@
--brandShortName=Firefox
--brandFullName=Mozilla Firefox
--vendorShortName=Mozilla
-+brandShortName=TorBrowser
-+brandFullName=Tor Browser
-+vendorShortName=Tor Project
-
- homePageSingleStartMain=Firefox Start, a fast home page with built-in search
- homePageImport=Import your home page from %S
---
-1.7.5.4
-
diff --git a/src/current-patches/firefox/0014-Add-DDG-and-StartPage-to-Omnibox.patch b/src/current-patches/firefox/0014-Add-DDG-and-StartPage-to-Omnibox.patch
new file mode 100644
index 0000000..2a9e97c
--- /dev/null
+++ b/src/current-patches/firefox/0014-Add-DDG-and-StartPage-to-Omnibox.patch
@@ -0,0 +1,84 @@
+From bac6dfa9b86a7389ab5217be629ec2c490dcf193 Mon Sep 17 00:00:00 2001
+From: Mike Perry <mikeperry-git(a)torproject.org>
+Date: Wed, 25 Apr 2012 15:03:46 -0700
+Subject: [PATCH 14/18] Add DDG and StartPage to Omnibox.
+
+You mean there are search engines that don't require captchas if you don't
+have a cookie? Holy crap. Get those in there now.
+---
+ browser/locales/en-US/searchplugins/duckduckgo.xml | 29 ++++++++++++++++++++
+ browser/locales/en-US/searchplugins/list.txt | 2 +
+ browser/locales/en-US/searchplugins/startpage.xml | 11 +++++++
+ 3 files changed, 42 insertions(+), 0 deletions(-)
+ create mode 100644 browser/locales/en-US/searchplugins/duckduckgo.xml
+ create mode 100644 browser/locales/en-US/searchplugins/startpage.xml
+
+diff --git a/browser/locales/en-US/searchplugins/duckduckgo.xml b/browser/locales/en-US/searchplugins/duckduckgo.xml
+new file mode 100644
+index 0000000..4f00b4d
+--- /dev/null
++++ b/browser/locales/en-US/searchplugins/duckduckgo.xml
+@@ -0,0 +1,29 @@
++<SearchPlugin xmlns="http://www.mozilla.org/2006/browser/search/">
++<ShortName>DuckDuckGo</ShortName>
++<Description>Duck Duck Go</Description>
++<InputEncoding>UTF-8</InputEncoding>
++<Image width="16" height="16">data:image/png;base64,AAABAAEAEBAAAAEAIABoBAAAFgAAACgAAAAQAAAAIAAAAAEAIAAAAAAAAAAAANcNAADXDQAAAAAA
++AAAAAAAAAAAAAAAAAAAAAAAAAAAAJyDsJmlk8pf6+v3s/v7+++zr/fcnIOyzJyDsgCcg7CYAAAAA
++AAAAAAAAAAAAAAAAAAAAAAAAAAAnIOwBJyDscCcg7PZttJ7/7Pfs//////++xO7/S5GA/ycg7P8n
++IOz2JyDscCcg7AEAAAAAAAAAAAAAAAAnIOwBJyDstScg7P8nIOz/Y8p5/2fHZf9Yv0z/YcF2/1rB
++Uv8nIOz/JyDs/ycg7P8nIOy1JyDsAQAAAAAAAAAAJyDscCcg7P8nIOz/JyDs/4jQoP/p9+n/////
++/05X3v9LkYD/JyDs/ycg7P8nIOz/JyDs/ycg7HAAAAAAJyDsJicg7PYnIOz/JyDs/zUu7f/+/v//
++//////////89N+7/JyDs/yUo7f8nIOz/JyDs/ycg7P8nIOz2JyDsJicg7IAnIOz/JyDs/ycg7P9h
++XPH////////////t/P//GIr2/wfD+/8Gyfz/DKv5/yM57/8nIOz/JyDs/ycg7H8nIOyzJyDs/ycg
++7P8nIOz/jov1////////////Otz9/w3G/P8cWfH/JSvt/ycg7P8nIOz/JyDs/ycg7P8nIOyzJyDs
++5icg7P8nIOz/JyDs/7u5+f///////////27l/v8E0v3/BNL9/wTQ/f8Oofn/IT7v/ycg7P8nIOz/
++JyDs5icg7OYnIOz/JyDs/ycg7P/p6P3/uWsC////////////5fr//6Po/f8Thfb/DKv5/w6f+f8n IOz/JyDs/ycg7OYnIOyzJyDs/ycg7P8nIOz/9/b+/////////////////7lrAv/V1Pv/JyDs/ycg
++7P8nIOz/JyDs/ycg7P8nIOyzJyDsgCcg7P8nIOz/JyDs/8/N+///////////////////////iIX1
++/ycg7P8nIOz/JyDs/ycg7P8nIOz/JyDsfycg7CYnIOz2JyDs/ycg7P9FP+7/q6n4/+7u/f/n5v3/
++fXn0/yoj7P8nIOz/JyDs/ycg7P8nIOz/JyDs9icg7CYAAAAAJyDscCcg7P8nIOz/wsD6/+no/f/Y
++1/z/eHTz/ycg7P8nIOz/JyDs/ycg7P8nIOz/JyDs/ycg7HAAAAAAAAAAACcg7AEnIOy1JyDs/ycg
++7P8nIOz/JyDs/ycg7P8nIOz/JyDs/ycg7P8nIOz/JyDs/ycg7LUnIOwBAAAAAAAAAAAAAAAAJyDs
++AScg7HAnIOz2JyDs/ycg7P8nIOz/JyDs/ycg7P8nIOz/JyDs9icg7HAnIOwBAAAAAAAAAAAAAAAA
++AAAAAAAAAAAAAAAAJyDsJicg7IAnIOyzJyDs5icg7OYnIOyzJyDsgCcg7CYAAAAAAAAAAAAAAAAA
++AAAA+B8AAPAPAADAAwAAwAMAAIABAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAABAACAAQAAwAMAAMAD
++AADwDwAA+B8AAA==</Image>
++<Url type="text/html" method="POST" template="https://duckduckgo.com/html/">
++ <Param name="q" value="{searchTerms}"/>
++</Url>
++<SearchForm>https://duckduckgo.com/html/</SearchForm>
++</SearchPlugin>
+diff --git a/browser/locales/en-US/searchplugins/list.txt b/browser/locales/en-US/searchplugins/list.txt
+index 2a1141a..0466f4e 100644
+--- a/browser/locales/en-US/searchplugins/list.txt
++++ b/browser/locales/en-US/searchplugins/list.txt
+@@ -1,7 +1,9 @@
+ amazondotcom
+ bing
++duckduckgo
+ eBay
+ google
++startpage
+ twitter
+ wikipedia
+ yahoo
+diff --git a/browser/locales/en-US/searchplugins/startpage.xml b/browser/locales/en-US/searchplugins/startpage.xml
+new file mode 100644
+index 0000000..1a310b1
+--- /dev/null
++++ b/browser/locales/en-US/searchplugins/startpage.xml
+@@ -0,0 +1,11 @@
++<SearchPlugin xmlns="http://www.mozilla.org/2006/browser/search/">
++<ShortName>Startpage</ShortName>
++<Description>Start Page</Description>
++<InputEncoding>UTF-8</InputEncoding>
++<Image width="16" height="16">data:image/png;base64,AAABAAEAEBAAAAEAIABoBAAAFgAAACgAAAAQAAAAIAAAAAEAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD2jkj+9YtD/vWLQ/71i0P+9otD/vaLRP72i0T+9YtE/vWLRP72i0T+9otD/vaNRP72jUT+9otF/vaLRf73kkv+9Yc///WJP//1iT//9Yk///rAmf/94Mz/+sCa//aRTv/1iUH/9ok///aJP//2i0H/9otB//aJQv/2iUL/9otC//aNRP/2jUT/9o1E//aNRP/6wpv////////////96dr/95dQ//aNRP/2kET/9pBG//aQRv/2kEb/9pBG//aRR//3lEz/95BH//mueP/7xJ3/959g//efYf/4p23//vDm//3p2//3kEr/95FJ//aRSf/niFH/95FK//aRSv/2mE//95hS/vq4iP/////////////////81bj/95xZ//q4iP//////+bF+//eZT//njFT/PSqi/2xGjv/2mVD/951V/vedVv783cX///////vQrf/++PP///////748//+8uj///////m3gf/olFr/PSuj/w8Pt/9sSJD/951V//eeWf73oVv++8ul///////5sXf/+KRi//vRsf////////////3r3v/olF//Piyk/w8Pt/9sSJH/+J5Z//ieWv/3oV/++KZf/vihXP/97N7//vn0//zTs//6wJP/+bBy//q6iP/onW//Piyl/w8Pt/8fGbH/m2iB/+icY//4pGD/96hl/viqZf74pmD/+Kxr//3iy/////////n1//ivbP/onGj/Pi2m/w8Pt/8uJKz/fFeQ/x8Zsf8+Lqb/6J9r//ivbP74rm3++Klm//mpZv/5q2f/+bR9//m0e//poW7/Pi6n/w8Pt/9sTZj/+Ktp//ira/+rd4P/Dw+3/4xijv/5snH+
+LN1/vmvbf/5r23/+a5t//mvb//4r2//TTuk/w8Pt/8fGrL/6ah1//ivcP/4r3P/q3yI/w8Pt/+MZpP/+bN5/vm4ev75t3X/+bV1//m1df/5t3X/+Ld3/8qUhP98XZn/Hxqz/+mse//5t3f/2p+B/x8as/8PD7f/u4qK//m7fv76u4D++bl7//m3fP/5uXz/+bl8//m5fP/5t3z/+bl//x8as/9NPKf/fWCb/x8as/8PD7f/bVOh//q5f//6v4X++sGI/vm9g//5voX/+b6F//m9hf/6vYX/+r6F//nCh/+bepr/Hxu0/w8Pt/8PD7f/fWOh//q+hf/6wof/+saN/vrGjf75xIv/+ceL//nEi//5xIv/+sSL//rHi//6x43/+ceN/+m7kP+7lpj/6ruQ//rHkP/6x43/+seQ//rLlf76ypT++seR//rJkf/6yZH/+seR//rJkf/6yZH/+8mR//vJlP/7yZT/+smU//rJlP/6yZT/+8yV//rJlf/6zpn+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==</Image>
++
++<Url type="text/html" method="POST" template="https://startpage.com/do/search">
++ <Param name="q" value="{searchTerms}"/>
++</Url>
++<SearchForm>https://startpage.com/do/search/</SearchForm>
++</SearchPlugin>
+--
+1.7.5.4
+
diff --git a/src/current-patches/firefox/0014-Make-Download-manager-memory-only.patch b/src/current-patches/firefox/0014-Make-Download-manager-memory-only.patch
deleted file mode 100644
index 6634688..0000000
--- a/src/current-patches/firefox/0014-Make-Download-manager-memory-only.patch
+++ /dev/null
@@ -1,57 +0,0 @@
-From e01aaa410e0e8fabf75841ad6b975fc3ff89e154 Mon Sep 17 00:00:00 2001
-From: Mike Perry <mikeperry-git(a)torproject.org>
-Date: Wed, 25 Apr 2012 13:39:35 -0700
-Subject: [PATCH 14/16] Make Download manager memory only.
-
-Solves https://trac.torproject.org/projects/tor/ticket/4017.
-
-Yes, this is an ugly hack. We *could* send the observer notification from
-Torbutton to tell the download manager to switch to memory, but then we have
-to dance around and tell it again if the user switches in and out of private
-browsing mode..
-
-The right way to do this is with a pref. Maybe I'll get to that someday, if
-this breaks enough times in conflict.
----
- toolkit/components/downloads/nsDownloadManager.cpp | 4 ++--
- toolkit/components/downloads/nsDownloadManager.h | 2 +-
- 2 files changed, 3 insertions(+), 3 deletions(-)
-
-diff --git a/toolkit/components/downloads/nsDownloadManager.cpp b/toolkit/components/downloads/nsDownloadManager.cpp
-index 17c9dcb..62e0ad9 100644
---- a/toolkit/components/downloads/nsDownloadManager.cpp
-+++ b/toolkit/components/downloads/nsDownloadManager.cpp
-@@ -2002,7 +2002,7 @@ nsDownloadManager::Observe(nsISupports *aSubject,
- if (NS_LITERAL_STRING("memory").Equals(aData))
- return SwitchDatabaseTypeTo(DATABASE_MEMORY);
- else if (NS_LITERAL_STRING("disk").Equals(aData))
-- return SwitchDatabaseTypeTo(DATABASE_DISK);
-+ return SwitchDatabaseTypeTo(DATABASE_MEMORY);
- }
- else if (strcmp(aTopic, "alertclickcallback") == 0) {
- nsCOMPtr<nsIDownloadManagerUI> dmui =
-@@ -2079,7 +2079,7 @@ nsDownloadManager::OnLeavePrivateBrowsingMode()
- (void)ResumeAllDownloads(false);
-
- // Switch back to the on-disk DB again
-- (void)SwitchDatabaseTypeTo(DATABASE_DISK);
-+ //(void)SwitchDatabaseTypeTo(DATABASE_DISK);
-
- mInPrivateBrowsing = false;
- }
-diff --git a/toolkit/components/downloads/nsDownloadManager.h b/toolkit/components/downloads/nsDownloadManager.h
-index 54312e4..cb63b52 100644
---- a/toolkit/components/downloads/nsDownloadManager.h
-+++ b/toolkit/components/downloads/nsDownloadManager.h
-@@ -90,7 +90,7 @@ public:
-
- virtual ~nsDownloadManager();
- nsDownloadManager() :
-- mDBType(DATABASE_DISK)
-+ mDBType(DATABASE_MEMORY)
- , mInPrivateBrowsing(false)
- #ifdef DOWNLOAD_SCANNER
- , mScanner(nsnull)
---
-1.7.5.4
-
diff --git a/src/current-patches/firefox/0015-Add-DDG-and-StartPage-to-Omnibox.patch b/src/current-patches/firefox/0015-Add-DDG-and-StartPage-to-Omnibox.patch
deleted file mode 100644
index e0740ae..0000000
--- a/src/current-patches/firefox/0015-Add-DDG-and-StartPage-to-Omnibox.patch
+++ /dev/null
@@ -1,84 +0,0 @@
-From db055738d6431057670e8f219616170ed3644a9e Mon Sep 17 00:00:00 2001
-From: Mike Perry <mikeperry-git(a)torproject.org>
-Date: Wed, 25 Apr 2012 15:03:46 -0700
-Subject: [PATCH 15/16] Add DDG and StartPage to Omnibox.
-
-You mean there are search engines that don't require captchas if you don't
-have a cookie? Holy crap. Get those in there now.
----
- browser/locales/en-US/searchplugins/duckduckgo.xml | 29 ++++++++++++++++++++
- browser/locales/en-US/searchplugins/list.txt | 2 +
- browser/locales/en-US/searchplugins/startpage.xml | 11 +++++++
- 3 files changed, 42 insertions(+), 0 deletions(-)
- create mode 100644 browser/locales/en-US/searchplugins/duckduckgo.xml
- create mode 100644 browser/locales/en-US/searchplugins/startpage.xml
-
-diff --git a/browser/locales/en-US/searchplugins/duckduckgo.xml b/browser/locales/en-US/searchplugins/duckduckgo.xml
-new file mode 100644
-index 0000000..4f00b4d
---- /dev/null
-+++ b/browser/locales/en-US/searchplugins/duckduckgo.xml
-@@ -0,0 +1,29 @@
-+<SearchPlugin xmlns="http://www.mozilla.org/2006/browser/search/">
-+<ShortName>DuckDuckGo</ShortName>
-+<Description>Duck Duck Go</Description>
-+<InputEncoding>UTF-8</InputEncoding>
-+<Image width="16" height="16">data:image/png;base64,AAABAAEAEBAAAAEAIABoBAAAFgAAACgAAAAQAAAAIAAAAAEAIAAAAAAAAAAAANcNAADXDQAAAAAA
-+AAAAAAAAAAAAAAAAAAAAAAAAAAAAJyDsJmlk8pf6+v3s/v7+++zr/fcnIOyzJyDsgCcg7CYAAAAA
-+AAAAAAAAAAAAAAAAAAAAAAAAAAAnIOwBJyDscCcg7PZttJ7/7Pfs//////++xO7/S5GA/ycg7P8n
-+IOz2JyDscCcg7AEAAAAAAAAAAAAAAAAnIOwBJyDstScg7P8nIOz/Y8p5/2fHZf9Yv0z/YcF2/1rB
-+Uv8nIOz/JyDs/ycg7P8nIOy1JyDsAQAAAAAAAAAAJyDscCcg7P8nIOz/JyDs/4jQoP/p9+n/////
-+/05X3v9LkYD/JyDs/ycg7P8nIOz/JyDs/ycg7HAAAAAAJyDsJicg7PYnIOz/JyDs/zUu7f/+/v//
-+//////////89N+7/JyDs/yUo7f8nIOz/JyDs/ycg7P8nIOz2JyDsJicg7IAnIOz/JyDs/ycg7P9h
-+XPH////////////t/P//GIr2/wfD+/8Gyfz/DKv5/yM57/8nIOz/JyDs/ycg7H8nIOyzJyDs/ycg
-+7P8nIOz/jov1////////////Otz9/w3G/P8cWfH/JSvt/ycg7P8nIOz/JyDs/ycg7P8nIOyzJyDs
-+5icg7P8nIOz/JyDs/7u5+f///////////27l/v8E0v3/BNL9/wTQ/f8Oofn/IT7v/ycg7P8nIOz/
-+JyDs5icg7OYnIOz/JyDs/ycg7P/p6P3/uWsC////////////5fr//6Po/f8Thfb/DKv5/w6f+f8n IOz/JyDs/ycg7OYnIOyzJyDs/ycg7P8nIOz/9/b+/////////////////7lrAv/V1Pv/JyDs/ycg
-+7P8nIOz/JyDs/ycg7P8nIOyzJyDsgCcg7P8nIOz/JyDs/8/N+///////////////////////iIX1
-+/ycg7P8nIOz/JyDs/ycg7P8nIOz/JyDsfycg7CYnIOz2JyDs/ycg7P9FP+7/q6n4/+7u/f/n5v3/
-+fXn0/yoj7P8nIOz/JyDs/ycg7P8nIOz/JyDs9icg7CYAAAAAJyDscCcg7P8nIOz/wsD6/+no/f/Y
-+1/z/eHTz/ycg7P8nIOz/JyDs/ycg7P8nIOz/JyDs/ycg7HAAAAAAAAAAACcg7AEnIOy1JyDs/ycg
-+7P8nIOz/JyDs/ycg7P8nIOz/JyDs/ycg7P8nIOz/JyDs/ycg7LUnIOwBAAAAAAAAAAAAAAAAJyDs
-+AScg7HAnIOz2JyDs/ycg7P8nIOz/JyDs/ycg7P8nIOz/JyDs9icg7HAnIOwBAAAAAAAAAAAAAAAA
-+AAAAAAAAAAAAAAAAJyDsJicg7IAnIOyzJyDs5icg7OYnIOyzJyDsgCcg7CYAAAAAAAAAAAAAAAAA
-+AAAA+B8AAPAPAADAAwAAwAMAAIABAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAABAACAAQAAwAMAAMAD
-+AADwDwAA+B8AAA==</Image>
-+<Url type="text/html" method="POST" template="https://duckduckgo.com/html/">
-+ <Param name="q" value="{searchTerms}"/>
-+</Url>
-+<SearchForm>https://duckduckgo.com/html/</SearchForm>
-+</SearchPlugin>
-diff --git a/browser/locales/en-US/searchplugins/list.txt b/browser/locales/en-US/searchplugins/list.txt
-index 2a1141a..0466f4e 100644
---- a/browser/locales/en-US/searchplugins/list.txt
-+++ b/browser/locales/en-US/searchplugins/list.txt
-@@ -1,7 +1,9 @@
- amazondotcom
- bing
-+duckduckgo
- eBay
- google
-+startpage
- twitter
- wikipedia
- yahoo
-diff --git a/browser/locales/en-US/searchplugins/startpage.xml b/browser/locales/en-US/searchplugins/startpage.xml
-new file mode 100644
-index 0000000..1a310b1
---- /dev/null
-+++ b/browser/locales/en-US/searchplugins/startpage.xml
-@@ -0,0 +1,11 @@
-+<SearchPlugin xmlns="http://www.mozilla.org/2006/browser/search/">
-+<ShortName>Startpage</ShortName>
-+<Description>Start Page</Description>
-+<InputEncoding>UTF-8</InputEncoding>
-+<Image width="16" height="16">data:image/png;base64,AAABAAEAEBAAAAEAIABoBAAAFgAAACgAAAAQAAAAIAAAAAEAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD2jkj+9YtD/vWLQ/71i0P+9otD/vaLRP72i0T+9YtE/vWLRP72i0T+9otD/vaNRP72jUT+9otF/vaLRf73kkv+9Yc///WJP//1iT//9Yk///rAmf/94Mz/+sCa//aRTv/1iUH/9ok///aJP//2i0H/9otB//aJQv/2iUL/9otC//aNRP/2jUT/9o1E//aNRP/6wpv////////////96dr/95dQ//aNRP/2kET/9pBG//aQRv/2kEb/9pBG//aRR//3lEz/95BH//mueP/7xJ3/959g//efYf/4p23//vDm//3p2//3kEr/95FJ//aRSf/niFH/95FK//aRSv/2mE//95hS/vq4iP/////////////////81bj/95xZ//q4iP//////+bF+//eZT//njFT/PSqi/2xGjv/2mVD/951V/vedVv783cX///////vQrf/++PP///////748//+8uj///////m3gf/olFr/PSuj/w8Pt/9sSJD/951V//eeWf73oVv++8ul///////5sXf/+KRi//vRsf////////////3r3v/olF//Piyk/w8Pt/9sSJH/+J5Z//ieWv/3oV/++KZf/vihXP/97N7//vn0//zTs//6wJP/+bBy//q6iP/onW//Piyl/w8Pt/8fGbH/m2iB/+icY//4pGD/96hl/viqZf74pmD/+Kxr//3iy/////////n1//ivbP/onGj/Pi2m/w8Pt/8uJKz/fFeQ/x8Zsf8+Lqb/6J9r//ivbP74rm3++Klm//mpZv/5q2f/+bR9//m0e//poW7/Pi6n/w8Pt/9sTZj/+Ktp//ira/+rd4P/Dw+3/4xijv/5snH+
+LN1/vmvbf/5r23/+a5t//mvb//4r2//TTuk/w8Pt/8fGrL/6ah1//ivcP/4r3P/q3yI/w8Pt/+MZpP/+bN5/vm4ev75t3X/+bV1//m1df/5t3X/+Ld3/8qUhP98XZn/Hxqz/+mse//5t3f/2p+B/x8as/8PD7f/u4qK//m7fv76u4D++bl7//m3fP/5uXz/+bl8//m5fP/5t3z/+bl//x8as/9NPKf/fWCb/x8as/8PD7f/bVOh//q5f//6v4X++sGI/vm9g//5voX/+b6F//m9hf/6vYX/+r6F//nCh/+bepr/Hxu0/w8Pt/8PD7f/fWOh//q+hf/6wof/+saN/vrGjf75xIv/+ceL//nEi//5xIv/+sSL//rHi//6x43/+ceN/+m7kP+7lpj/6ruQ//rHkP/6x43/+seQ//rLlf76ypT++seR//rJkf/6yZH/+seR//rJkf/6yZH/+8mR//vJlP/7yZT/+smU//rJlP/6yZT/+8yV//rJlf/6zpn+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==</Image>
-+
-+<Url type="text/html" method="POST" template="https://startpage.com/do/search">
-+ <Param name="q" value="{searchTerms}"/>
-+</Url>
-+<SearchForm>https://startpage.com/do/search/</SearchForm>
-+</SearchPlugin>
---
-1.7.5.4
-
diff --git a/src/current-patches/firefox/0015-Make-nsICacheService.EvictEntries-synchronous.patch b/src/current-patches/firefox/0015-Make-nsICacheService.EvictEntries-synchronous.patch
new file mode 100644
index 0000000..f51bd3c
--- /dev/null
+++ b/src/current-patches/firefox/0015-Make-nsICacheService.EvictEntries-synchronous.patch
@@ -0,0 +1,44 @@
+From 22fe0ff634913df18d3757d5bdf9faf8527ab395 Mon Sep 17 00:00:00 2001
+From: Mike Perry <mikeperry-git(a)torproject.org>
+Date: Tue, 1 May 2012 15:02:03 -0700
+Subject: [PATCH 15/18] Make nsICacheService.EvictEntries synchronous
+
+This fixes a race condition that allows cache-based EverCookies to persist for
+a brief time (on the order of minutes?) after cache clearing/"New Identity".
+
+https://trac.torproject.org/projects/tor/ticket/5715
+---
+ netwerk/cache/nsCacheService.cpp | 15 +++++++++++++--
+ 1 files changed, 13 insertions(+), 2 deletions(-)
+
+diff --git a/netwerk/cache/nsCacheService.cpp b/netwerk/cache/nsCacheService.cpp
+index 8af611f..65686c7 100644
+--- a/netwerk/cache/nsCacheService.cpp
++++ b/netwerk/cache/nsCacheService.cpp
+@@ -1315,10 +1315,21 @@ NS_IMETHODIMP nsCacheService::VisitEntries(nsICacheVisitor *visitor)
+ return NS_OK;
+ }
+
+-
+ NS_IMETHODIMP nsCacheService::EvictEntries(nsCacheStoragePolicy storagePolicy)
+ {
+- return EvictEntriesForClient(nsnull, storagePolicy);
++ NS_IMETHODIMP r;
++ r = EvictEntriesForClient(nsnull, storagePolicy);
++
++ // XXX: Bloody hack until we get this notifier in FF14.0:
++ // https://developer.mozilla.org/en/XPCOM_Interface_Reference/nsICacheListener…
++ if (storagePolicy == nsICache::STORE_ANYWHERE &&
++ NS_IsMainThread() && gService && gService->mInitialized) {
++ nsCacheServiceAutoLock lock;
++ gService->DoomActiveEntries();
++ gService->ClearDoomList();
++ (void) SyncWithCacheIOThread();
++ }
++ return r;
+ }
+
+ NS_IMETHODIMP nsCacheService::GetCacheIOTarget(nsIEventTarget * *aCacheIOTarget)
+--
+1.7.5.4
+
diff --git a/src/current-patches/firefox/0016-Adapt-Steven-Michaud-s-Mac-crashfix-patch-for-FF12.patch b/src/current-patches/firefox/0016-Adapt-Steven-Michaud-s-Mac-crashfix-patch-for-FF12.patch
deleted file mode 100644
index 5a08ed4..0000000
--- a/src/current-patches/firefox/0016-Adapt-Steven-Michaud-s-Mac-crashfix-patch-for-FF12.patch
+++ /dev/null
@@ -1,544 +0,0 @@
-From 262403fb627ca452bfbcaf06fd6ad965f156ed18 Mon Sep 17 00:00:00 2001
-From: Mike Perry <mikeperry-git(a)torproject.org>
-Date: Thu, 26 Apr 2012 10:54:24 -0700
-Subject: [PATCH 16/16] Adapt Steven Michaud's Mac crashfix patch for FF12.
-
-Source is: https://bugzilla.mozilla.org/show_bug.cgi?id=715885#c35
-
-Some minor tweaks were needed to get it to apply to FF12 and to compile on
-MacOS.
----
- widget/Makefile.in | 1 +
- widget/cocoa/nsChildView.mm | 35 +++++++++++++--------
- widget/gtk2/nsDragService.cpp | 2 +-
- widget/gtk2/nsWindow.cpp | 2 +-
- widget/nsIDragService.idl | 4 +--
- widget/nsPIDragService.idl | 48 +++++++++++++++++++++++++++++
- widget/qt/nsDragService.h | 2 +
- widget/windows/Makefile.in | 4 ++
- widget/windows/nsDragService.cpp | 13 +++++---
- widget/windows/nsDragService.h | 12 +++---
- widget/windows/nsNativeDragSource.cpp | 7 ++--
- widget/windows/nsNativeDragTarget.cpp | 28 ++++++++++------
- widget/windows/nsPIDragServiceWindows.idl | 46 +++++++++++++++++++++++++++
- widget/xpwidgets/nsBaseDragService.cpp | 16 +++++++++-
- widget/xpwidgets/nsBaseDragService.h | 9 ++---
- 15 files changed, 180 insertions(+), 49 deletions(-)
- create mode 100644 widget/nsPIDragService.idl
- create mode 100644 widget/windows/nsPIDragServiceWindows.idl
-
-diff --git a/widget/Makefile.in b/widget/Makefile.in
-index 4a3405b..4c105a4 100644
---- a/widget/Makefile.in
-+++ b/widget/Makefile.in
-@@ -138,6 +138,7 @@ XPIDLSRCS = \
- nsIClipboardDragDropHooks.idl \
- nsIClipboardDragDropHookList.idl \
- nsIDragSession.idl \
-+ nsPIDragService.idl \
- nsIDragService.idl \
- nsIFormatConverter.idl \
- nsIClipboard.idl \
-diff --git a/widget/cocoa/nsChildView.mm b/widget/cocoa/nsChildView.mm
-index 7f738a1..0149ab1 100644
---- a/widget/cocoa/nsChildView.mm
-+++ b/widget/cocoa/nsChildView.mm
-@@ -4566,11 +4566,12 @@ NSEvent* gLastDragMouseDownEvent = nil;
- if (!dragService) {
- dragService = do_GetService(kDragServiceContractID);
- }
-+ nsCOMPtr<nsPIDragService> dragServicePriv = do_QueryInterface(dragService);
-
- if (dragService) {
- NSPoint pnt = [NSEvent mouseLocation];
- FlipCocoaScreenCoordinate(pnt);
-- dragService->DragMoved(NSToIntRound(pnt.x), NSToIntRound(pnt.y));
-+ dragServicePriv->DragMoved(NSToIntRound(pnt.x), NSToIntRound(pnt.y));
- }
- }
-
-@@ -4591,11 +4592,13 @@ NSEvent* gLastDragMouseDownEvent = nil;
- }
-
- if (mDragService) {
-- // set the dragend point from the current mouse location
-- nsDragService* dragService = static_cast<nsDragService *>(mDragService);
-- NSPoint pnt = [NSEvent mouseLocation];
-- FlipCocoaScreenCoordinate(pnt);
-- dragService->SetDragEndPoint(nsIntPoint(NSToIntRound(pnt.x), NSToIntRound(pnt.y)));
-+ nsCOMPtr<nsPIDragService> dragServicePriv = do_QueryInterface(mDragService);
-+ if (dragServicePriv) {
-+ // set the dragend point from the current mouse location
-+ NSPoint pnt = [NSEvent mouseLocation];
-+ FlipCocoaScreenCoordinate(pnt);
-+ dragServicePriv->SetDragEndPoint(NSToIntRound(pnt.x), NSToIntRound(pnt.y));
-+ }
-
- // XXX: dropEffect should be updated per |operation|.
- // As things stand though, |operation| isn't well handled within "our"
-@@ -4606,13 +4609,19 @@ NSEvent* gLastDragMouseDownEvent = nil;
- // value for NSDragOperationGeneric that is passed by other applications.
- // All that said, NSDragOperationNone is still reliable.
- if (operation == NSDragOperationNone) {
-- nsCOMPtr<nsIDOMDataTransfer> dataTransfer;
-- dragService->GetDataTransfer(getter_AddRefs(dataTransfer));
-- nsCOMPtr<nsIDOMNSDataTransfer> dataTransferNS =
-- do_QueryInterface(dataTransfer);
--
-- if (dataTransferNS)
-- dataTransferNS->SetDropEffectInt(nsIDragService::DRAGDROP_ACTION_NONE);
-+ nsCOMPtr<nsIDragSession> dragSession;
-+ mDragService->GetCurrentSession(getter_AddRefs(dragSession));
-+ if (dragSession) {
-+ nsCOMPtr<nsIDOMDataTransfer> dataTransfer;
-+ dragSession->GetDataTransfer(getter_AddRefs(dataTransfer));
-+ if (dataTransfer) {
-+ nsCOMPtr<nsIDOMNSDataTransfer> dataTransferNS =
-+ do_QueryInterface(dataTransfer);
-+ if (dataTransferNS) {
-+ dataTransferNS->SetDropEffectInt(nsIDragService::DRAGDROP_ACTION_NONE);
-+ }
-+ }
-+ }
- }
-
- mDragService->EndDragSession(true);
-diff --git a/widget/gtk2/nsDragService.cpp b/widget/gtk2/nsDragService.cpp
-index ca5a42c..876fd55 100644
---- a/widget/gtk2/nsDragService.cpp
-+++ b/widget/gtk2/nsDragService.cpp
-@@ -1334,7 +1334,7 @@ nsDragService::SourceEndDragSession(GdkDragContext *aContext,
- GdkDisplay* display = gdk_display_get_default();
- if (display) {
- gdk_display_get_pointer(display, NULL, &x, &y, NULL);
-- SetDragEndPoint(nsIntPoint(x, y));
-+ SetDragEndPoint(x, y);
- }
-
- // Either the drag was aborted or the drop occurred outside the app.
-diff --git a/widget/gtk2/nsWindow.cpp b/widget/gtk2/nsWindow.cpp
-index 5e4afee..25c394b 100644
---- a/widget/gtk2/nsWindow.cpp
-+++ b/widget/gtk2/nsWindow.cpp
-@@ -3698,7 +3698,7 @@ nsWindow::OnDragDropEvent(GtkWidget *aWidget,
- if (display) {
- // get the current cursor position
- gdk_display_get_pointer(display, NULL, &x, &y, NULL);
-- ((nsDragService *)dragService.get())->SetDragEndPoint(nsIntPoint(x, y));
-+ ((nsDragService *)dragService.get())->SetDragEndPoint(x, y);
- }
- dragService->EndDragSession(true);
-
-diff --git a/widget/nsIDragService.idl b/widget/nsIDragService.idl
-index e42c578..ef8c46f 100644
---- a/widget/nsIDragService.idl
-+++ b/widget/nsIDragService.idl
-@@ -48,7 +48,7 @@ interface nsIDOMDragEvent;
- interface nsIDOMDataTransfer;
- interface nsISelection;
-
--[scriptable, uuid(82B58ADA-F490-4C3D-B737-1057C4F1D052), builtinclass]
-+[scriptable, uuid(82B58ADA-F490-4C3D-B737-1057C4F1D052)]
- interface nsIDragService : nsISupports
- {
- const long DRAGDROP_ACTION_NONE = 0;
-@@ -145,8 +145,6 @@ interface nsIDragService : nsISupports
- */
- void suppress();
- void unsuppress();
--
-- [noscript] void dragMoved(in long aX, in long aY);
- };
-
-
-diff --git a/widget/nsPIDragService.idl b/widget/nsPIDragService.idl
-new file mode 100644
-index 0000000..93a144d
---- /dev/null
-+++ b/widget/nsPIDragService.idl
-@@ -0,0 +1,48 @@
-+/* ***** BEGIN LICENSE BLOCK *****
-+ * Version: MPL 1.1/GPL 2.0/LGPL 2.1
-+ *
-+ * The contents of this file are subject to the Mozilla Public License Version
-+ * 1.1 (the "License"); you may not use this file except in compliance with
-+ * the License. You may obtain a copy of the License at
-+ * http://www.mozilla.org/MPL/
-+ *
-+ * Software distributed under the License is distributed on an "AS IS" basis,
-+ * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
-+ * for the specific language governing rights and limitations under the
-+ * License.
-+ *
-+ * The Original Code is mozilla.org code.
-+ *
-+ * The Initial Developer of the Original Code is
-+ * The Mozilla Foundation.
-+ * Portions created by the Initial Developer are Copyright (C) 2012
-+ * the Initial Developer. All Rights Reserved.
-+ *
-+ * Contributor(s):
-+ * Steven Michaud <smichaud(a)pobox.com>
-+ *
-+ * Alternatively, the contents of this file may be used under the terms of
-+ * either the GNU General Public License Version 2 or later (the "GPL"), or
-+ * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
-+ * in which case the provisions of the GPL or the LGPL are applicable instead
-+ * of those above. If you wish to allow use of your version of this file only
-+ * under the terms of either the GPL or the LGPL, and not to allow others to
-+ * use your version of this file under the terms of the MPL, indicate your
-+ * decision by deleting the provisions above and replace them with the notice
-+ * and other provisions required by the GPL or the LGPL. If you do not delete
-+ * the provisions above, a recipient may use your version of this file under
-+ * the terms of any one of the MPL, the GPL or the LGPL.
-+ *
-+ * ***** END LICENSE BLOCK ***** */
-+
-+#include "nsISupports.idl"
-+
-+[scriptable, uuid(FAD8C90B-8E1D-446A-9B6C-241486A85CBD)]
-+interface nsPIDragService : nsISupports
-+{
-+ void dragMoved(in long aX, in long aY);
-+
-+ PRUint16 getInputSource();
-+
-+ void setDragEndPoint(in long aX, in long aY);
-+};
-diff --git a/widget/qt/nsDragService.h b/widget/qt/nsDragService.h
-index 5a3e5bb..50dcfac 100644
---- a/widget/qt/nsDragService.h
-+++ b/widget/qt/nsDragService.h
-@@ -50,6 +50,8 @@ public:
- NS_DECL_ISUPPORTS
- NS_DECL_NSIDRAGSERVICE
-
-+ NS_IMETHOD DragMoved(PRInt32 aX, PRInt32 aY);
-+
- nsDragService();
-
- private:
-diff --git a/widget/windows/Makefile.in b/widget/windows/Makefile.in
-index c9327f8..3298997 100644
---- a/widget/windows/Makefile.in
-+++ b/widget/windows/Makefile.in
-@@ -119,6 +119,10 @@ ifdef MOZ_ENABLE_D3D10_LAYER
- DEFINES += -DMOZ_ENABLE_D3D10_LAYER
- endif
-
-+XPIDLSRCS += \
-+ nsPIDragServiceWindows.idl \
-+ $(NULL)
-+
- SHARED_LIBRARY_LIBS = \
- ../xpwidgets/$(LIB_PREFIX)xpwidgets_s.$(LIB_SUFFIX) \
- $(NULL)
-diff --git a/widget/windows/nsDragService.cpp b/widget/windows/nsDragService.cpp
-index 8c5df7e..1cf9995 100644
---- a/widget/windows/nsDragService.cpp
-+++ b/widget/windows/nsDragService.cpp
-@@ -97,6 +97,8 @@ nsDragService::~nsDragService()
- NS_IF_RELEASE(mDataObject);
- }
-
-+NS_IMPL_ISUPPORTS_INHERITED1(nsDragService, nsBaseDragService, nsPIDragServiceWindows)
-+
- bool
- nsDragService::CreateDragImage(nsIDOMNode *aDOMNode,
- nsIScriptableRegion *aRegion,
-@@ -350,7 +352,7 @@ nsDragService::StartInvokingDragSession(IDataObject * aDataObj,
- POINT cpos;
- cpos.x = GET_X_LPARAM(pos);
- cpos.y = GET_Y_LPARAM(pos);
-- SetDragEndPoint(nsIntPoint(cpos.x, cpos.y));
-+ SetDragEndPoint(cpos.x, cpos.y);
- EndDragSession(true);
-
- mDoingDrag = false;
-@@ -468,25 +470,26 @@ nsDragService::GetData(nsITransferable * aTransferable, PRUint32 anItem)
-
- //---------------------------------------------------------
- NS_IMETHODIMP
--nsDragService::SetIDataObject(IDataObject * aDataObj)
-+nsDragService::SetIDataObject(nsISupports * aDataObj)
- {
-+ IDataObject *dataObj = (IDataObject*) aDataObj;
- // When the native drag starts the DragService gets
- // the IDataObject that is being dragged
- NS_IF_RELEASE(mDataObject);
-- mDataObject = aDataObj;
-+ mDataObject = dataObj;
- NS_IF_ADDREF(mDataObject);
-
- return NS_OK;
- }
-
- //---------------------------------------------------------
--void
-+NS_IMETHODIMP
- nsDragService::SetDroppedLocal()
- {
- // Sent from the native drag handler, letting us know
- // a drop occurred within the application vs. outside of it.
- mSentLocalDropEvent = true;
-- return;
-+ return NS_OK;
- }
-
- //-------------------------------------------------------------------------
-diff --git a/widget/windows/nsDragService.h b/widget/windows/nsDragService.h
-index 87d6cc9..04c8746 100644
---- a/widget/windows/nsDragService.h
-+++ b/widget/windows/nsDragService.h
-@@ -39,6 +39,7 @@
- #define nsDragService_h__
-
- #include "nsBaseDragService.h"
-+#include "nsPIDragServiceWindows.h"
- #include <windows.h>
- #include <shlobj.h>
-
-@@ -52,12 +53,15 @@ class nsString;
- * Native Win32 DragService wrapper
- */
-
--class nsDragService : public nsBaseDragService
-+class nsDragService : public nsBaseDragService, public nsPIDragServiceWindows
- {
- public:
- nsDragService();
- virtual ~nsDragService();
--
-+
-+ NS_DECL_ISUPPORTS_INHERITED
-+ NS_DECL_NSPIDRAGSERVICEWINDOWS
-+
- // nsIDragService
- NS_IMETHOD InvokeDragSession(nsIDOMNode *aDOMNode,
- nsISupportsArray *anArrayTransferables,
-@@ -71,13 +75,9 @@ public:
- NS_IMETHOD EndDragSession(bool aDoneDrag);
-
- // native impl.
-- NS_IMETHOD SetIDataObject(IDataObject * aDataObj);
- NS_IMETHOD StartInvokingDragSession(IDataObject * aDataObj,
- PRUint32 aActionType);
-
-- // A drop occurred within the application vs. outside of it.
-- void SetDroppedLocal();
--
- protected:
- nsDataObjCollection* GetDataObjCollection(IDataObject * aDataObj);
-
-diff --git a/widget/windows/nsNativeDragSource.cpp b/widget/windows/nsNativeDragSource.cpp
-index e51101e..0fe6ffe 100644
---- a/widget/windows/nsNativeDragSource.cpp
-+++ b/widget/windows/nsNativeDragSource.cpp
-@@ -42,7 +42,7 @@
- #include "nsIServiceManager.h"
- #include "nsToolkit.h"
- #include "nsWidgetsCID.h"
--#include "nsIDragService.h"
-+#include "nsDragService.h"
-
- static NS_DEFINE_IID(kCDragServiceCID, NS_DRAGSERVICE_CID);
-
-@@ -101,9 +101,10 @@ STDMETHODIMP
- nsNativeDragSource::QueryContinueDrag(BOOL fEsc, DWORD grfKeyState)
- {
- nsCOMPtr<nsIDragService> dragService = do_GetService(kCDragServiceCID);
-- if (dragService) {
-+ nsCOMPtr<nsPIDragService> dragServicePriv = do_QueryInterface(dragService);
-+ if (dragServicePriv) {
- DWORD pos = ::GetMessagePos();
-- dragService->DragMoved(GET_X_LPARAM(pos), GET_Y_LPARAM(pos));
-+ dragServicePriv->DragMoved(GET_X_LPARAM(pos), GET_Y_LPARAM(pos));
- }
-
- if (fEsc) {
-diff --git a/widget/windows/nsNativeDragTarget.cpp b/widget/windows/nsNativeDragTarget.cpp
-index cf6196b..82ad3c6 100644
---- a/widget/windows/nsNativeDragTarget.cpp
-+++ b/widget/windows/nsNativeDragTarget.cpp
-@@ -209,7 +209,11 @@ nsNativeDragTarget::DispatchDragDropEvent(PRUint32 aEventType, POINTL aPT)
- event.isControl = IsKeyDown(NS_VK_CONTROL);
- event.isMeta = false;
- event.isAlt = IsKeyDown(NS_VK_ALT);
-- event.inputSource = static_cast<nsBaseDragService*>(mDragService)->GetInputSource();
-+ event.inputSource = 0;
-+ nsCOMPtr<nsPIDragService> dragServicePriv = do_QueryInterface(mDragService);
-+ if (dragServicePriv) {
-+ dragServicePriv->GetInputSource(&event.inputSource);
-+ }
-
- mWindow->DispatchEvent(&event, status);
- }
-@@ -296,9 +300,8 @@ nsNativeDragTarget::DragEnter(LPDATAOBJECT pIDataSource,
- // This cast is ok because in the constructor we created a
- // the actual implementation we wanted, so we know this is
- // a nsDragService. It should be a private interface, though.
-- nsDragService * winDragService =
-- static_cast<nsDragService *>(mDragService);
-- winDragService->SetIDataObject(pIDataSource);
-+ nsCOMPtr<nsPIDragServiceWindows> winDragService = do_QueryInterface(mDragService);
-+ winDragService->SetIDataObject((nsISupports*)pIDataSource);
-
- // Now process the native drag state and then dispatch the event
- ProcessDrag(NS_DRAGDROP_ENTER, grfKeyState, ptl, pdwEffect);
-@@ -436,8 +439,8 @@ nsNativeDragTarget::Drop(LPDATAOBJECT pData,
- // This cast is ok because in the constructor we created a
- // the actual implementation we wanted, so we know this is
- // a nsDragService (but it should still be a private interface)
-- nsDragService* winDragService = static_cast<nsDragService*>(mDragService);
-- winDragService->SetIDataObject(pData);
-+ nsCOMPtr<nsPIDragServiceWindows> winDragService = do_QueryInterface(mDragService);
-+ winDragService->SetIDataObject((nsISupports*)pData);
-
- // NOTE: ProcessDrag spins the event loop which may destroy arbitrary objects.
- // We use strong refs to prevent it from destroying these:
-@@ -461,11 +464,14 @@ nsNativeDragTarget::Drop(LPDATAOBJECT pData,
- // tell the drag service we're done with the session
- // Use GetMessagePos to get the position of the mouse at the last message
- // seen by the event loop. (Bug 489729)
-- DWORD pos = ::GetMessagePos();
-- POINT cpos;
-- cpos.x = GET_X_LPARAM(pos);
-- cpos.y = GET_Y_LPARAM(pos);
-- winDragService->SetDragEndPoint(nsIntPoint(cpos.x, cpos.y));
-+ nsCOMPtr<nsPIDragService> dragServicePriv = do_QueryInterface(mDragService);
-+ if (dragServicePriv) {
-+ DWORD pos = ::GetMessagePos();
-+ POINT cpos;
-+ cpos.x = GET_X_LPARAM(pos);
-+ cpos.y = GET_Y_LPARAM(pos);
-+ dragServicePriv->SetDragEndPoint(cpos.x, cpos.y);
-+ }
- serv->EndDragSession(true);
-
- // release the ref that was taken in DragEnter
-diff --git a/widget/windows/nsPIDragServiceWindows.idl b/widget/windows/nsPIDragServiceWindows.idl
-new file mode 100644
-index 0000000..c8a46dd
---- /dev/null
-+++ b/widget/windows/nsPIDragServiceWindows.idl
-@@ -0,0 +1,46 @@
-+/* ***** BEGIN LICENSE BLOCK *****
-+ * Version: MPL 1.1/GPL 2.0/LGPL 2.1
-+ *
-+ * The contents of this file are subject to the Mozilla Public License Version
-+ * 1.1 (the "License"); you may not use this file except in compliance with
-+ * the License. You may obtain a copy of the License at
-+ * http://www.mozilla.org/MPL/
-+ *
-+ * Software distributed under the License is distributed on an "AS IS" basis,
-+ * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
-+ * for the specific language governing rights and limitations under the
-+ * License.
-+ *
-+ * The Original Code is mozilla.org code.
-+ *
-+ * The Initial Developer of the Original Code is
-+ * The Mozilla Foundation.
-+ * Portions created by the Initial Developer are Copyright (C) 2012
-+ * the Initial Developer. All Rights Reserved.
-+ *
-+ * Contributor(s):
-+ * Steven Michaud <smichaud(a)pobox.com>
-+ *
-+ * Alternatively, the contents of this file may be used under the terms of
-+ * either the GNU General Public License Version 2 or later (the "GPL"), or
-+ * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
-+ * in which case the provisions of the GPL or the LGPL are applicable instead
-+ * of those above. If you wish to allow use of your version of this file only
-+ * under the terms of either the GPL or the LGPL, and not to allow others to
-+ * use your version of this file under the terms of the MPL, indicate your
-+ * decision by deleting the provisions above and replace them with the notice
-+ * and other provisions required by the GPL or the LGPL. If you do not delete
-+ * the provisions above, a recipient may use your version of this file under
-+ * the terms of any one of the MPL, the GPL or the LGPL.
-+ *
-+ * ***** END LICENSE BLOCK ***** */
-+
-+#include "nsISupports.idl"
-+
-+[scriptable, uuid(6FC2117D-5EB4-441A-9C12-62A783BEBC0C)]
-+interface nsPIDragServiceWindows : nsISupports
-+{
-+ void setIDataObject(in nsISupports aDataObj);
-+
-+ void setDroppedLocal();
-+};
-diff --git a/widget/xpwidgets/nsBaseDragService.cpp b/widget/xpwidgets/nsBaseDragService.cpp
-index 342a036..87e28f7 100644
---- a/widget/xpwidgets/nsBaseDragService.cpp
-+++ b/widget/xpwidgets/nsBaseDragService.cpp
-@@ -88,7 +88,7 @@ nsBaseDragService::~nsBaseDragService()
- {
- }
-
--NS_IMPL_ISUPPORTS2(nsBaseDragService, nsIDragService, nsIDragSession)
-+NS_IMPL_ISUPPORTS3(nsBaseDragService, nsIDragService, nsPIDragService, nsIDragSession)
-
- //---------------------------------------------------------
- NS_IMETHODIMP
-@@ -436,6 +436,20 @@ nsBaseDragService::DragMoved(PRInt32 aX, PRInt32 aY)
- return NS_OK;
- }
-
-+NS_IMETHODIMP
-+nsBaseDragService::SetDragEndPoint(PRInt32 aX, PRInt32 aY)
-+{
-+ mEndDragPoint = nsIntPoint(aX, aY);
-+ return NS_OK;
-+}
-+
-+NS_IMETHODIMP
-+nsBaseDragService::GetInputSource(PRUint16* aInputSource)
-+{
-+ *aInputSource = mInputSource;
-+ return NS_OK;
-+}
-+
- static nsIPresShell*
- GetPresShellForContent(nsIDOMNode* aDOMNode)
- {
-diff --git a/widget/xpwidgets/nsBaseDragService.h b/widget/xpwidgets/nsBaseDragService.h
-index 290c0cb..2ceac2b 100644
---- a/widget/xpwidgets/nsBaseDragService.h
-+++ b/widget/xpwidgets/nsBaseDragService.h
-@@ -39,6 +39,7 @@
- #define nsBaseDragService_h__
-
- #include "nsIDragService.h"
-+#include "nsPIDragService.h"
- #include "nsIDragSession.h"
- #include "nsITransferable.h"
- #include "nsISupportsArray.h"
-@@ -64,6 +65,7 @@ class nsICanvasElementExternal;
- */
-
- class nsBaseDragService : public nsIDragService,
-+ public nsPIDragService,
- public nsIDragSession
- {
-
-@@ -74,14 +76,11 @@ public:
- //nsISupports
- NS_DECL_ISUPPORTS
-
-- //nsIDragSession and nsIDragService
-+ //nsIDragSession, nsIDragService and nsPIDragService
- NS_DECL_NSIDRAGSERVICE
-+ NS_DECL_NSPIDRAGSERVICE
- NS_DECL_NSIDRAGSESSION
-
-- void SetDragEndPoint(nsIntPoint aEndDragPoint) { mEndDragPoint = aEndDragPoint; }
--
-- PRUint16 GetInputSource() { return mInputSource; }
--
- protected:
-
- /**
---
-1.7.5.4
-
diff --git a/src/current-patches/firefox/0016-Prevent-WebSocket-DNS-leak.patch b/src/current-patches/firefox/0016-Prevent-WebSocket-DNS-leak.patch
new file mode 100644
index 0000000..c9a8e91
--- /dev/null
+++ b/src/current-patches/firefox/0016-Prevent-WebSocket-DNS-leak.patch
@@ -0,0 +1,132 @@
+From 975bce873ae2d127e6a0681466b21d55e14b1550 Mon Sep 17 00:00:00 2001
+From: Mike Perry <mikeperry-git(a)torproject.org>
+Date: Wed, 2 May 2012 17:44:39 -0700
+Subject: [PATCH 16/18] Prevent WebSocket DNS leak.
+
+This is due to an improper implementation of the WebSocket spec by Mozilla.
+
+"There MUST be no more than one connection in a CONNECTING state. If multiple
+connections to the same IP address are attempted simultaneously, the client
+MUST serialize them so that there is no more than one connection at a time
+running through the following steps.
+
+If the client cannot determine the IP address of the remote host (for
+example, because all communication is being done through a proxy server that
+performs DNS queries itself), then the client MUST assume for the purposes of
+this step that each host name refers to a distinct remote host,"
+
+https://tools.ietf.org/html/rfc6455#page-15
+
+They implmented the first paragraph, but not the second...
+
+While we're at it, we also prevent the DNS service from being used to look up
+anything other than IP addresses if socks_remote_dns is set to true, so this
+bug can't turn up in other components or due to 3rd party addons.
+---
+ netwerk/dns/nsDNSService2.cpp | 24 ++++++++++++++++++++++-
+ netwerk/dns/nsDNSService2.h | 1 +
+ netwerk/protocol/websocket/WebSocketChannel.cpp | 8 +++++-
+ 3 files changed, 30 insertions(+), 3 deletions(-)
+
+diff --git a/netwerk/dns/nsDNSService2.cpp b/netwerk/dns/nsDNSService2.cpp
+index 68ad8a5..1253b2f 100644
+--- a/netwerk/dns/nsDNSService2.cpp
++++ b/netwerk/dns/nsDNSService2.cpp
+@@ -383,6 +383,7 @@ nsDNSService::Init()
+ bool enableIDN = true;
+ bool disableIPv6 = false;
+ bool disablePrefetch = false;
++ bool disableDNS = false;
+ int proxyType = nsIProtocolProxyService::PROXYCONFIG_DIRECT;
+
+ nsAdoptingCString ipv4OnlyDomains;
+@@ -404,6 +405,10 @@ nsDNSService::Init()
+
+ // If a manual proxy is in use, disable prefetch implicitly
+ prefs->GetIntPref("network.proxy.type", &proxyType);
++
++ // If the user wants remote DNS, we should fail any lookups that still
++ // make it here.
++ prefs->GetBoolPref("network.proxy.socks_remote_dns", &disableDNS);
+ }
+
+ if (mFirstTime) {
+@@ -420,7 +425,7 @@ nsDNSService::Init()
+
+ // Monitor these to see if there is a change in proxy configuration
+ // If a manual proxy is in use, disable prefetch implicitly
+- prefs->AddObserver("network.proxy.type", this, false);
++ prefs->AddObserver("network.proxy.", this, false);
+ }
+ }
+
+@@ -448,6 +453,7 @@ nsDNSService::Init()
+ mIDN = idn;
+ mIPv4OnlyDomains = ipv4OnlyDomains; // exchanges buffer ownership
+ mDisableIPv6 = disableIPv6;
++ mDisableDNS = disableDNS;
+
+ // Disable prefetching either by explicit preference or if a manual proxy is configured
+ mDisablePrefetch = disablePrefetch || (proxyType == nsIProtocolProxyService::PROXYCONFIG_MANUAL);
+@@ -547,6 +553,14 @@ nsDNSService::AsyncResolve(const nsACString &hostname,
+ if (mDisablePrefetch && (flags & RESOLVE_SPECULATE))
+ return NS_ERROR_DNS_LOOKUP_QUEUE_FULL;
+
++ PRNetAddr tempAddr;
++ if (mDisableDNS) {
++ // Allow IP lookups through, but nothing else.
++ if (PR_StringToNetAddr(hostname.BeginReading(), &tempAddr) != PR_SUCCESS) {
++ return NS_ERROR_UNKNOWN_PROXY_HOST; // XXX: NS_ERROR_NOT_IMPLEMENTED?
++ }
++ }
++
+ res = mResolver;
+ idn = mIDN;
+ }
+@@ -597,6 +611,14 @@ nsDNSService::Resolve(const nsACString &hostname,
+ MutexAutoLock lock(mLock);
+ res = mResolver;
+ idn = mIDN;
++
++ PRNetAddr tempAddr;
++ if (mDisableDNS) {
++ // Allow IP lookups through, but nothing else.
++ if (PR_StringToNetAddr(hostname.BeginReading(), &tempAddr) != PR_SUCCESS) {
++ return NS_ERROR_UNKNOWN_PROXY_HOST; // XXX: NS_ERROR_NOT_IMPLEMENTED?
++ }
++ }
+ }
+ NS_ENSURE_TRUE(res, NS_ERROR_OFFLINE);
+
+diff --git a/netwerk/dns/nsDNSService2.h b/netwerk/dns/nsDNSService2.h
+index 1749b41..3ec8eba 100644
+--- a/netwerk/dns/nsDNSService2.h
++++ b/netwerk/dns/nsDNSService2.h
+@@ -70,4 +70,5 @@ private:
+ bool mDisableIPv6;
+ bool mDisablePrefetch;
+ bool mFirstTime;
++ bool mDisableDNS;
+ };
+diff --git a/netwerk/protocol/websocket/WebSocketChannel.cpp b/netwerk/protocol/websocket/WebSocketChannel.cpp
+index 9e446e9..42aa6ca 100644
+--- a/netwerk/protocol/websocket/WebSocketChannel.cpp
++++ b/netwerk/protocol/websocket/WebSocketChannel.cpp
+@@ -1698,8 +1698,12 @@ WebSocketChannel::ApplyForAdmission()
+ LOG(("WebSocketChannel::ApplyForAdmission: checking for concurrent open\n"));
+ nsCOMPtr<nsIThread> mainThread;
+ NS_GetMainThread(getter_AddRefs(mainThread));
+- dns->AsyncResolve(hostName, 0, this, mainThread, getter_AddRefs(mDNSRequest));
+- NS_ENSURE_SUCCESS(rv, rv);
++ rv = dns->AsyncResolve(hostName, 0, this, mainThread, getter_AddRefs(mDNSRequest));
++ if (NS_FAILED(rv)) {
++ // Fall back to hostname on dispatch failure
++ mDNSRequest = nsnull;
++ OnLookupComplete(nsnull, nsnull, rv);
++ }
+
+ return NS_OK;
+ }
+--
+1.7.5.4
+
diff --git a/src/current-patches/firefox/0017-Make-nsICacheService.EvictEntries-synchronous.patch b/src/current-patches/firefox/0017-Make-nsICacheService.EvictEntries-synchronous.patch
deleted file mode 100644
index 5354027..0000000
--- a/src/current-patches/firefox/0017-Make-nsICacheService.EvictEntries-synchronous.patch
+++ /dev/null
@@ -1,44 +0,0 @@
-From f7bdc9274aa6dc8efccc50d18dbb287225aa6c27 Mon Sep 17 00:00:00 2001
-From: Mike Perry <mikeperry-git(a)torproject.org>
-Date: Tue, 1 May 2012 15:02:03 -0700
-Subject: [PATCH 17/17] Make nsICacheService.EvictEntries synchronous
-
-This fixes a race condition that allows cache-based EverCookies to persist for
-a brief time (on the order of minutes?) after cache clearing/"New Identity".
-
-https://trac.torproject.org/projects/tor/ticket/5715
----
- netwerk/cache/nsCacheService.cpp | 15 +++++++++++++--
- 1 files changed, 13 insertions(+), 2 deletions(-)
-
-diff --git a/netwerk/cache/nsCacheService.cpp b/netwerk/cache/nsCacheService.cpp
-index 015e49e..1ef0db1 100644
---- a/netwerk/cache/nsCacheService.cpp
-+++ b/netwerk/cache/nsCacheService.cpp
-@@ -1415,10 +1415,21 @@ NS_IMETHODIMP nsCacheService::VisitEntries(nsICacheVisitor *visitor)
- return NS_OK;
- }
-
--
- NS_IMETHODIMP nsCacheService::EvictEntries(nsCacheStoragePolicy storagePolicy)
- {
-- return EvictEntriesForClient(nsnull, storagePolicy);
-+ NS_IMETHODIMP r;
-+ r = EvictEntriesForClient(nsnull, storagePolicy);
-+
-+ // XXX: Bloody hack until we get this notifier in FF14.0:
-+ // https://developer.mozilla.org/en/XPCOM_Interface_Reference/nsICacheListener…
-+ if (storagePolicy == nsICache::STORE_ANYWHERE &&
-+ NS_IsMainThread() && gService && gService->mInitialized) {
-+ nsCacheServiceAutoLock lock;
-+ gService->DoomActiveEntries();
-+ gService->ClearDoomList();
-+ (void) SyncWithCacheIOThread();
-+ }
-+ return r;
- }
-
- NS_IMETHODIMP nsCacheService::GetCacheIOTarget(nsIEventTarget * *aCacheIOTarget)
---
-1.7.5.4
-
diff --git a/src/current-patches/firefox/0017-Randomize-HTTP-request-order-and-pipeline-depth.patch b/src/current-patches/firefox/0017-Randomize-HTTP-request-order-and-pipeline-depth.patch
new file mode 100644
index 0000000..f3b7aeb
--- /dev/null
+++ b/src/current-patches/firefox/0017-Randomize-HTTP-request-order-and-pipeline-depth.patch
@@ -0,0 +1,251 @@
+From 60d369378ea65b1502ba2ab28a851318e7910a64 Mon Sep 17 00:00:00 2001
+From: Mike Perry <mikeperry-git(a)torproject.org>
+Date: Wed, 6 Jun 2012 11:08:56 -0700
+Subject: [PATCH 17/18] Randomize HTTP request order and pipeline depth.
+
+This is an experimental defense against
+http://lorre.uni.lu/~andriy/papers/acmccs-wpes11-fingerprinting.pdf
+
+See:
+https://blog.torproject.org/blog/experimental-defense-website-traffic-fingerprinting
+
+This defense has been improved since that blog post to additionally randomize
+the order and concurrency of non-pipelined HTTP requests.
+---
+ netwerk/protocol/http/nsHttpConnectionMgr.cpp | 136 ++++++++++++++++++++++++-
+ netwerk/protocol/http/nsHttpConnectionMgr.h | 5 +
+ 2 files changed, 136 insertions(+), 5 deletions(-)
+
+diff --git a/netwerk/protocol/http/nsHttpConnectionMgr.cpp b/netwerk/protocol/http/nsHttpConnectionMgr.cpp
+index 23ef893..788368f 100644
+--- a/netwerk/protocol/http/nsHttpConnectionMgr.cpp
++++ b/netwerk/protocol/http/nsHttpConnectionMgr.cpp
+@@ -94,6 +94,12 @@ nsHttpConnectionMgr::nsHttpConnectionMgr()
+ {
+ LOG(("Creating nsHttpConnectionMgr @%x\n", this));
+ mCT.Init();
++
++ nsresult rv;
++ mRandomGenerator = do_GetService("@mozilla.org/security/random-generator;1", &rv);
++ if (NS_FAILED(rv)) {
++ mRandomGenerator = nsnull;
++ }
+ }
+
+ nsHttpConnectionMgr::~nsHttpConnectionMgr()
+@@ -342,8 +348,12 @@ nsHttpConnectionMgr::AddTransactionToPipeline(nsHttpPipeline *pipeline)
+ nsConnectionEntry *ent = mCT.Get(ci->HashKey());
+ if (ent) {
+ // search for another request to pipeline...
+- PRInt32 i, count = ent->mPendingQ.Length();
+- for (i=0; i<count; ++i) {
++ PRInt32 i, h, count = ent->mPendingQ.Length();
++ PRInt32* ind = new PRInt32[count];
++ ShuffleRequestOrder((PRUint32*)ind, (PRUint32)count);
++
++ for (h=0; h<count; ++h) {
++ i = ind[h]; // random request sequence
+ nsHttpTransaction *trans = ent->mPendingQ[i];
+ if (trans->Caps() & NS_HTTP_ALLOW_PIPELINING) {
+ pipeline->AddTransaction(trans);
+@@ -354,6 +364,8 @@ nsHttpConnectionMgr::AddTransactionToPipeline(nsHttpPipeline *pipeline)
+ break;
+ }
+ }
++
++ delete [] ind;
+ }
+ }
+ }
+@@ -585,12 +597,17 @@ nsHttpConnectionMgr::ProcessPendingQForEntry(nsConnectionEntry *ent)
+ LOG(("nsHttpConnectionMgr::ProcessPendingQForEntry [ci=%s]\n",
+ ent->mConnInfo->HashKey().get()));
+
+- PRInt32 i, count = ent->mPendingQ.Length();
++ PRUint32 h, i = 0, count = ent->mPendingQ.Length();
+ if (count > 0) {
+ LOG((" pending-count=%u\n", count));
+ nsHttpTransaction *trans = nsnull;
+ nsHttpConnection *conn = nsnull;
+- for (i=0; i<count; ++i) {
++
++ PRUint32* ind = new PRUint32[count];
++ ShuffleRequestOrder(ind, count);
++
++ for (h=0; h<count; ++h) {
++ i = ind[h]; // random request sequence
+ trans = ent->mPendingQ[i];
+
+ // When this transaction has already established a half-open
+@@ -610,6 +627,7 @@ nsHttpConnectionMgr::ProcessPendingQForEntry(nsConnectionEntry *ent)
+ if (conn)
+ break;
+ }
++ delete [] ind;
+ if (conn) {
+ LOG((" dispatching pending transaction...\n"));
+
+@@ -694,6 +712,19 @@ nsHttpConnectionMgr::AtActiveConnectionLimit(nsConnectionEntry *ent, PRUint8 cap
+ maxPersistConns = mMaxPersistConnsPerHost;
+ }
+
++ // Fuzz maxConns for website fingerprinting attack
++ // We create a range of maxConns/5 up to 6*maxConns/5
++ // because this function is called repeatedly, and we'll
++ // end up converging to the high side of concurrent connections
++ // after a short while.
++ PRUint8 *bytes = nsnull;
++ nsresult rv = mRandomGenerator->GenerateRandomBytes(1, &bytes);
++ NS_ENSURE_SUCCESS(rv, rv);
++
++ bytes[0] = bytes[0] % (maxConns + 1);
++ maxConns = (maxConns/5) + bytes[0];
++ NS_Free(bytes);
++
+ // use >= just to be safe
+ return (totalCount >= maxConns) || ( (caps & NS_HTTP_ALLOW_KEEPALIVE) &&
+ (persistCount >= maxPersistConns) );
+@@ -865,7 +896,7 @@ nsHttpConnectionMgr::DispatchTransaction(nsConnectionEntry *ent,
+ nsHttpPipeline *pipeline = nsnull;
+ if (conn->SupportsPipelining() && (caps & NS_HTTP_ALLOW_PIPELINING)) {
+ LOG((" looking to build pipeline...\n"));
+- if (BuildPipeline(ent, trans, &pipeline))
++ if (BuildRandomizedPipeline(ent, trans, &pipeline))
+ trans = pipeline;
+ }
+
+@@ -938,6 +969,101 @@ nsHttpConnectionMgr::BuildPipeline(nsConnectionEntry *ent,
+ return true;
+ }
+
++
++// Generate a shuffled request ordering sequence
++void
++nsHttpConnectionMgr::ShuffleRequestOrder(PRUint32 *ind, PRUint32 count)
++{
++ PRUint32 i;
++ PRUint32 *rints;
++
++ for (i=0; i<count; ++i) {
++ ind[i] = i;
++ }
++ nsresult rv = mRandomGenerator->GenerateRandomBytes(sizeof(PRUint32)*count,
++ (PRUint8**)&rints);
++ if (NS_FAILED(rv))
++ return; // Leave unshuffled if error
++
++ for (i=0; i < count; ++i) {
++ PRInt32 temp = ind[i];
++ ind[i] = ind[rints[i]%count];
++ ind[rints[i]%count] = temp;
++ }
++ NS_Free(rints);
++}
++
++bool
++nsHttpConnectionMgr::BuildRandomizedPipeline(nsConnectionEntry *ent,
++ nsAHttpTransaction *firstTrans,
++ nsHttpPipeline **result)
++{
++ if (mRandomGenerator == nsnull)
++ return BuildPipeline(ent, firstTrans, result);
++ if (mMaxPipelinedRequests < 2)
++ return PR_FALSE;
++
++ nsresult rv;
++ PRUint8 *bytes = nsnull;
++
++ nsHttpPipeline *pipeline = nsnull;
++ nsHttpTransaction *trans;
++
++ PRUint32 i = 0, numAdded = 0, numAllowed = 0;
++ PRUint32 max = 0;
++
++ while (i < ent->mPendingQ.Length()) {
++ if (ent->mPendingQ[i]->Caps() & NS_HTTP_ALLOW_PIPELINING)
++ numAllowed++;
++ i++;
++ }
++
++ rv = mRandomGenerator->GenerateRandomBytes(1, &bytes);
++ NS_ENSURE_SUCCESS(rv, rv);
++ // 4...12
++ max = 4 + (bytes[0] % (mMaxPipelinedRequests + 1));
++ NS_Free(bytes);
++
++ while (numAllowed > 0) {
++ rv = mRandomGenerator->GenerateRandomBytes(1, &bytes);
++ NS_ENSURE_SUCCESS(rv, rv);
++ i = bytes[0] % ent->mPendingQ.Length();
++ NS_Free(bytes);
++
++ trans = ent->mPendingQ[i];
++
++ if (!(ent->mPendingQ[i]->Caps() & NS_HTTP_ALLOW_PIPELINING))
++ continue;
++
++ if (numAdded == 0) {
++ pipeline = new nsHttpPipeline;
++ if (!pipeline)
++ return PR_FALSE;
++ pipeline->AddTransaction(firstTrans);
++ numAdded = 1;
++ }
++ pipeline->AddTransaction(trans);
++
++ // remove transaction from pending queue
++ ent->mPendingQ.RemoveElementAt(i);
++ NS_RELEASE(trans);
++
++ numAllowed--;
++
++ if (++numAdded == max)
++ break;
++ }
++
++ //fprintf(stderr, "Yay!!! pipelined %u/%u transactions\n", numAdded, max);
++ LOG((" pipelined %u/%u transactions\n", numAdded, max));
++
++ if (numAdded == 0)
++ return PR_FALSE;
++
++ NS_ADDREF(*result = pipeline);
++ return PR_TRUE;
++}
++
+ nsresult
+ nsHttpConnectionMgr::ProcessNewTransaction(nsHttpTransaction *trans)
+ {
+diff --git a/netwerk/protocol/http/nsHttpConnectionMgr.h b/netwerk/protocol/http/nsHttpConnectionMgr.h
+index cdf21a9..81b282a 100644
+--- a/netwerk/protocol/http/nsHttpConnectionMgr.h
++++ b/netwerk/protocol/http/nsHttpConnectionMgr.h
+@@ -51,6 +51,7 @@
+
+ #include "nsIObserver.h"
+ #include "nsITimer.h"
++#include "nsIRandomGenerator.h"
+
+ class nsHttpPipeline;
+
+@@ -276,6 +277,8 @@ private:
+ nsresult DispatchTransaction(nsConnectionEntry *, nsAHttpTransaction *,
+ PRUint8 caps, nsHttpConnection *);
+ bool BuildPipeline(nsConnectionEntry *, nsAHttpTransaction *, nsHttpPipeline **);
++ bool BuildRandomizedPipeline(nsConnectionEntry *, nsAHttpTransaction *, nsHttpPipeline **);
++ void ShuffleRequestOrder(PRUint32 *, PRUint32);
+ nsresult ProcessNewTransaction(nsHttpTransaction *);
+ nsresult EnsureSocketThreadTargetIfOnline();
+ void ClosePersistentConnections(nsConnectionEntry *ent);
+@@ -353,6 +356,8 @@ private:
+ PRUint64 mTimeOfNextWakeUp;
+ // Timer for next pruning of dead connections.
+ nsCOMPtr<nsITimer> mTimer;
++ // Random number generator for reordering HTTP pipeline
++ nsCOMPtr<nsIRandomGenerator> mRandomGenerator;
+
+ //
+ // the connection table
+--
+1.7.5.4
+
diff --git a/src/current-patches/firefox/0018-Add-HTTP-auth-headers-before-the-modify-request-obse.patch b/src/current-patches/firefox/0018-Add-HTTP-auth-headers-before-the-modify-request-obse.patch
new file mode 100644
index 0000000..1f18aa5
--- /dev/null
+++ b/src/current-patches/firefox/0018-Add-HTTP-auth-headers-before-the-modify-request-obse.patch
@@ -0,0 +1,52 @@
+From 8c741c1ee9b05e23582047df6179bc7344864011 Mon Sep 17 00:00:00 2001
+From: Mike Perry <mikeperry-git(a)fscked.org>
+Date: Fri, 2 Sep 2011 15:33:20 -0700
+Subject: [PATCH 18/18] Add HTTP auth headers before the modify-request
+ observer.
+
+Otherwise, how are we supposed to modify them?
+
+Thanks to Georg Koppen for spotting both the problem and this fix.
+---
+ netwerk/protocol/http/nsHttpChannel.cpp | 11 +++++++----
+ 1 files changed, 7 insertions(+), 4 deletions(-)
+
+diff --git a/netwerk/protocol/http/nsHttpChannel.cpp b/netwerk/protocol/http/nsHttpChannel.cpp
+index 97bd84c..6205d62 100644
+--- a/netwerk/protocol/http/nsHttpChannel.cpp
++++ b/netwerk/protocol/http/nsHttpChannel.cpp
+@@ -316,9 +316,6 @@ nsHttpChannel::Connect(bool firstTime)
+ return NS_ERROR_DOCUMENT_NOT_CACHED;
+ }
+
+- // check to see if authorization headers should be included
+- mAuthProvider->AddAuthorizationHeaders();
+-
+ if (mLoadFlags & LOAD_NO_NETWORK_IO) {
+ return NS_ERROR_DOCUMENT_NOT_CACHED;
+ }
+@@ -3707,6 +3704,9 @@ nsHttpChannel::AsyncOpen(nsIStreamListener *listener, nsISupports *context)
+
+ AddCookiesToRequest();
+
++ // check to see if authorization headers should be included
++ mAuthProvider->AddAuthorizationHeaders();
++
+ // notify "http-on-modify-request" observers
+ gHttpHandler->OnModifyRequest(this);
+
+@@ -4817,7 +4817,10 @@ nsHttpChannel::DoAuthRetry(nsAHttpConnection *conn)
+ // this authentication attempt (bug 84794).
+ // TODO: save cookies from auth response and send them here (bug 572151).
+ AddCookiesToRequest();
+-
++
++ // check to see if authorization headers should be included
++ mAuthProvider->AddAuthorizationHeaders();
++
+ // notify "http-on-modify-request" observers
+ gHttpHandler->OnModifyRequest(this);
+
+--
+1.7.5.4
+
diff --git a/src/current-patches/firefox/0018-Prevent-WebSocket-DNS-leak.patch b/src/current-patches/firefox/0018-Prevent-WebSocket-DNS-leak.patch
deleted file mode 100644
index 9b30987..0000000
--- a/src/current-patches/firefox/0018-Prevent-WebSocket-DNS-leak.patch
+++ /dev/null
@@ -1,132 +0,0 @@
-From 93199734c06485660fb922c61f740191648a6dc6 Mon Sep 17 00:00:00 2001
-From: Mike Perry <mikeperry-git(a)torproject.org>
-Date: Wed, 2 May 2012 17:44:39 -0700
-Subject: [PATCH 18/18] Prevent WebSocket DNS leak.
-
-This is due to an improper implementation of the WebSocket spec by Mozilla.
-
-"There MUST be no more than one connection in a CONNECTING state. If multiple
-connections to the same IP address are attempted simultaneously, the client
-MUST serialize them so that there is no more than one connection at a time
-running through the following steps.
-
-If the client cannot determine the IP address of the remote host (for
-example, because all communication is being done through a proxy server that
-performs DNS queries itself), then the client MUST assume for the purposes of
-this step that each host name refers to a distinct remote host,"
-
-https://tools.ietf.org/html/rfc6455#page-15
-
-They implmented the first paragraph, but not the second...
-
-While we're at it, we also prevent the DNS service from being used to look up
-anything other than IP addresses if socks_remote_dns is set to true, so this
-bug can't turn up in other components or due to 3rd party addons.
----
- netwerk/dns/nsDNSService2.cpp | 24 ++++++++++++++++++++++-
- netwerk/dns/nsDNSService2.h | 1 +
- netwerk/protocol/websocket/WebSocketChannel.cpp | 8 +++++-
- 3 files changed, 30 insertions(+), 3 deletions(-)
-
-diff --git a/netwerk/dns/nsDNSService2.cpp b/netwerk/dns/nsDNSService2.cpp
-index 1bd5f38..eda0e48 100644
---- a/netwerk/dns/nsDNSService2.cpp
-+++ b/netwerk/dns/nsDNSService2.cpp
-@@ -404,6 +404,7 @@ nsDNSService::Init()
- bool enableIDN = true;
- bool disableIPv6 = false;
- bool disablePrefetch = false;
-+ bool disableDNS = false;
- int proxyType = nsIProtocolProxyService::PROXYCONFIG_DIRECT;
-
- nsAdoptingCString ipv4OnlyDomains;
-@@ -427,6 +428,10 @@ nsDNSService::Init()
-
- // If a manual proxy is in use, disable prefetch implicitly
- prefs->GetIntPref("network.proxy.type", &proxyType);
-+
-+ // If the user wants remote DNS, we should fail any lookups that still
-+ // make it here.
-+ prefs->GetBoolPref("network.proxy.socks_remote_dns", &disableDNS);
- }
-
- if (mFirstTime) {
-@@ -444,7 +449,7 @@ nsDNSService::Init()
-
- // Monitor these to see if there is a change in proxy configuration
- // If a manual proxy is in use, disable prefetch implicitly
-- prefs->AddObserver("network.proxy.type", this, false);
-+ prefs->AddObserver("network.proxy.", this, false);
- }
- }
-
-@@ -473,6 +478,7 @@ nsDNSService::Init()
- mIDN = idn;
- mIPv4OnlyDomains = ipv4OnlyDomains; // exchanges buffer ownership
- mDisableIPv6 = disableIPv6;
-+ mDisableDNS = disableDNS;
-
- // Disable prefetching either by explicit preference or if a manual proxy is configured
- mDisablePrefetch = disablePrefetch || (proxyType == nsIProtocolProxyService::PROXYCONFIG_MANUAL);
-@@ -584,6 +590,14 @@ nsDNSService::AsyncResolve(const nsACString &hostname,
- if (mDisablePrefetch && (flags & RESOLVE_SPECULATE))
- return NS_ERROR_DNS_LOOKUP_QUEUE_FULL;
-
-+ PRNetAddr tempAddr;
-+ if (mDisableDNS) {
-+ // Allow IP lookups through, but nothing else.
-+ if (PR_StringToNetAddr(hostname.BeginReading(), &tempAddr) != PR_SUCCESS) {
-+ return NS_ERROR_UNKNOWN_PROXY_HOST; // XXX: NS_ERROR_NOT_IMPLEMENTED?
-+ }
-+ }
-+
- res = mResolver;
- idn = mIDN;
- }
-@@ -670,6 +684,14 @@ nsDNSService::Resolve(const nsACString &hostname,
- MutexAutoLock lock(mLock);
- res = mResolver;
- idn = mIDN;
-+
-+ PRNetAddr tempAddr;
-+ if (mDisableDNS) {
-+ // Allow IP lookups through, but nothing else.
-+ if (PR_StringToNetAddr(hostname.BeginReading(), &tempAddr) != PR_SUCCESS) {
-+ return NS_ERROR_UNKNOWN_PROXY_HOST; // XXX: NS_ERROR_NOT_IMPLEMENTED?
-+ }
-+ }
- }
- NS_ENSURE_TRUE(res, NS_ERROR_OFFLINE);
-
-diff --git a/netwerk/dns/nsDNSService2.h b/netwerk/dns/nsDNSService2.h
-index 1749b41..3ec8eba 100644
---- a/netwerk/dns/nsDNSService2.h
-+++ b/netwerk/dns/nsDNSService2.h
-@@ -70,4 +70,5 @@ private:
- bool mDisableIPv6;
- bool mDisablePrefetch;
- bool mFirstTime;
-+ bool mDisableDNS;
- };
-diff --git a/netwerk/protocol/websocket/WebSocketChannel.cpp b/netwerk/protocol/websocket/WebSocketChannel.cpp
-index 22873d3..0875c12 100644
---- a/netwerk/protocol/websocket/WebSocketChannel.cpp
-+++ b/netwerk/protocol/websocket/WebSocketChannel.cpp
-@@ -1875,8 +1875,12 @@ WebSocketChannel::ApplyForAdmission()
- LOG(("WebSocketChannel::ApplyForAdmission: checking for concurrent open\n"));
- nsCOMPtr<nsIThread> mainThread;
- NS_GetMainThread(getter_AddRefs(mainThread));
-- dns->AsyncResolve(hostName, 0, this, mainThread, getter_AddRefs(mDNSRequest));
-- NS_ENSURE_SUCCESS(rv, rv);
-+ rv = dns->AsyncResolve(hostName, 0, this, mainThread, getter_AddRefs(mDNSRequest));
-+ if (NS_FAILED(rv)) {
-+ // Fall back to hostname on dispatch failure
-+ mDNSRequest = nsnull;
-+ OnLookupComplete(nsnull, nsnull, rv);
-+ }
-
- return NS_OK;
- }
---
-1.7.5.4
-
1
0

[stem/master] Targeting reader test at /usr rather than root dir
by atagar@torproject.org 06 Jun '12
by atagar@torproject.org 06 Jun '12
06 Jun '12
commit ee6e475a347277ff6a387107219fa5ba79a7ae99
Author: Damian Johnson <atagar(a)torproject.org>
Date: Wed Jun 6 09:53:03 2012 -0700
Targeting reader test at /usr rather than root dir
I've been running the reader's test_stop() integ test by running over the root
direcctory because I simply needed something 'big' to keep the test occupied
for a second or two. This turned out to inadvertantly fuzz the reader which is
sorta a good thing since it discovered that block devices and encrypted
partitions can be slow to read, causing stop() to block for a bit.
However, we don't want to run over people's private stuff, and slow reads on
encrypted partitions probably isn't a problem that we want to solve anyway, so
running over '/usr' instead.
---
test/integ/descriptor/reader.py | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/test/integ/descriptor/reader.py b/test/integ/descriptor/reader.py
index 0ae882e..0e6c867 100644
--- a/test/integ/descriptor/reader.py
+++ b/test/integ/descriptor/reader.py
@@ -281,7 +281,7 @@ class TestDescriptorReader(unittest.TestCase):
"""
is_test_running = True
- reader = stem.descriptor.reader.DescriptorReader("/")
+ reader = stem.descriptor.reader.DescriptorReader("/usr")
# Fails the test after a couple seconds if we don't finish successfully.
# Depending on what we're blocked on this might not work when the test
1
0
commit 63c2ddb95e4c96e509e030240df12266012ce844
Author: Damian Johnson <atagar(a)torproject.org>
Date: Wed Jun 6 10:09:21 2012 -0700
Descriptor typo corrections
Fixes by Karsten
---
stem/descriptor/extrainfo_descriptor.py | 6 ++++--
stem/descriptor/reader.py | 2 +-
stem/descriptor/server_descriptor.py | 4 ++--
3 files changed, 7 insertions(+), 5 deletions(-)
diff --git a/stem/descriptor/extrainfo_descriptor.py b/stem/descriptor/extrainfo_descriptor.py
index ff37064..0a4e893 100644
--- a/stem/descriptor/extrainfo_descriptor.py
+++ b/stem/descriptor/extrainfo_descriptor.py
@@ -37,7 +37,7 @@ Extra-info descriptors are available from a few sources...
|- MIN - smallest rate at which a descriptor was downloaded in B/s
|- MAX - largest rate at which a descriptor was downloaded in B/s
|- D1-4 and D6-9 - rate of the slowest x/10 download rates in B/s
- |- Q1 and Q3 - rate of the slowest and fastest querter download rates in B/s
+ |- Q1 and Q3 - rate of the slowest and fastest quarter download rates in B/s
+- MD - median download rate in B/s
parse_file - Iterates over the extra-info descriptors in a file.
@@ -179,6 +179,8 @@ class ExtraInfoDescriptor(stem.descriptor.Descriptor):
:var str geoip_db_digest: sha1 of geoIP database file
:var str signature: **\*** signature for this extrainfo descriptor
+ **Bi-directional connection usage:**
+
:var datetime conn_bi_direct_end: end of the sampling interval
:var int conn_bi_direct_interval: seconds per interval
:var int conn_bi_direct_below: connections that read/wrote less than 20 KiB
@@ -203,7 +205,7 @@ class ExtraInfoDescriptor(stem.descriptor.Descriptor):
:var list cell_processed_cells: measurement of processed cells per circuit
:var list cell_queued_cells: measurement of queued cells per circuit
:var list cell_time_in_queue: mean enqueued time in milliseconds for cells
- :var int cell_circuits_per_decile: mean number of circuits in a deciles
+ :var int cell_circuits_per_decile: mean number of circuits in a decile
**Directory Mirror Attributes:**
diff --git a/stem/descriptor/reader.py b/stem/descriptor/reader.py
index 51eb46c..499ded1 100644
--- a/stem/descriptor/reader.py
+++ b/stem/descriptor/reader.py
@@ -103,7 +103,7 @@ class ParsingFailure(FileSkipped):
class UnrecognizedType(FileSkipped):
"""
File doesn't contain descriptor data. This could either be due to its file
- type or because it doens't conform to a recognizable descriptor type.
+ type or because it doesn't conform to a recognizable descriptor type.
"""
def __init__(self, mime_type):
diff --git a/stem/descriptor/server_descriptor.py b/stem/descriptor/server_descriptor.py
index e19a3bd..bbce9d1 100644
--- a/stem/descriptor/server_descriptor.py
+++ b/stem/descriptor/server_descriptor.py
@@ -152,7 +152,7 @@ class ServerDescriptor(stem.descriptor.Descriptor):
:var stem.exit_policy.ExitPolicy exit_policy: **\*** stated exit policy
:var list family: **\*** nicknames or fingerprints of declared family
- :var int average_bandwidth: **\*** averate rate it's willing to relay in bytes/s
+ :var int average_bandwidth: **\*** average rate it's willing to relay in bytes/s
:var int burst_bandwidth: **\*** burst rate it's willing to relay in bytes/s
:var int observed_bandwidth: **\*** estimated capacity based on usage in bytes/s
@@ -271,7 +271,7 @@ class ServerDescriptor(stem.descriptor.Descriptor):
def get_annotations(self):
"""
- Provides content that appeard prior to the descriptor. If this comes from
+ Provides content that appeared prior to the descriptor. If this comes from
the cached-descriptors file then this commonly contains content like...
::
1
0

06 Jun '12
commit da1e0a75082efef9e24f86fbba68e6c47116619c
Author: Damian Johnson <atagar(a)torproject.org>
Date: Wed Jun 6 09:23:11 2012 -0700
Correcting incorrect variable in logging
Issue caught by Karsten.
---
test/integ/process.py | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/test/integ/process.py b/test/integ/process.py
index 470faa7..61440fd 100644
--- a/test/integ/process.py
+++ b/test/integ/process.py
@@ -51,5 +51,5 @@ class TestProcess(unittest.TestCase):
runtime = time.time() - start_time
if not (runtime > 2 and runtime < 3):
- self.fail("Test should have taken 2-3 seconds, took %i instead" % timeout)
+ self.fail("Test should have taken 2-3 seconds, took %i instead" % runtime)
1
0

06 Jun '12
commit ebed653be563f2e16c384d9d3b235ad2ecb11566
Author: Damian Johnson <atagar(a)torproject.org>
Date: Wed Jun 6 08:47:54 2012 -0700
Skipping non-regular files when the reader crawls
When the reader encounters block devices it can get stuck, causing the integ
test for stop() to fail. Caught by nickm.
---
stem/descriptor/reader.py | 5 +++++
1 files changed, 5 insertions(+), 0 deletions(-)
diff --git a/stem/descriptor/reader.py b/stem/descriptor/reader.py
index acc9f8f..51eb46c 100644
--- a/stem/descriptor/reader.py
+++ b/stem/descriptor/reader.py
@@ -386,6 +386,11 @@ class DescriptorReader:
self._notify_skip_listeners(target, AlreadyRead(last_modified, last_used))
return
+ # Block devices and such are never descriptors, and can cause us to block
+ # for quite a while so skipping anything that isn't a regular file.
+
+ if not os.path.isfile(target): return
+
# The mimetypes module only checks the file extension. To actually
# check the content (like the 'file' command) we'd need something like
# pymagic (https://github.com/cloudburst/pymagic)
1
0
commit 1cb095be419cde92e433e07ac4c3bb1190c2f2b2
Author: George Kadianakis <desnacked(a)riseup.net>
Date: Tue Jun 5 14:53:04 2012 +0300
yatei customizations
---
task-2718/detector.py | 3 +--
1 files changed, 1 insertions(+), 2 deletions(-)
diff --git a/task-2718/detector.py b/task-2718/detector.py
index 716bbdf..a3d073c 100644
--- a/task-2718/detector.py
+++ b/task-2718/detector.py
@@ -297,7 +297,6 @@ def write_all(tss, minc, maxc, INTERVAL=7):
for c in tss.country_codes:
if c in exclude:
continue
- print ".",
series = tss.get_country_series(c)
for i, v in enumerate(series):
if i > 0 and i - INTERVAL >= 0 and series[i] != None and series[i-INTERVAL] != None and series[i-INTERVAL] != 0 and minc[i]!= None and maxc[i]!= None:
@@ -319,7 +318,7 @@ def main():
tss = torstatstore(CSV_FILE)
l = tss.get_largest_locations(50)
minx, maxx = make_tendencies_minmax(l, INTERV)
- plot_all(tss, minx, maxx, INTERV, DAYS, rdir=GRAPH_DIR)
+ #plot_all(tss, minx, maxx, INTERV, DAYS, rdir=GRAPH_DIR)
write_all(tss, minx, maxx, INTERV)
if __name__ == "__main__":
1
0

[metrics-tasks/master] Add support for daily censorship reports.
by karsten@torproject.org 06 Jun '12
by karsten@torproject.org 06 Jun '12
06 Jun '12
commit 94f955ec4266ac21c782a495bb1bd60f0c48be7e
Author: George Kadianakis <desnacked(a)riseup.net>
Date: Tue Jun 5 19:37:28 2012 +0300
Add support for daily censorship reports.
---
task-2718/detector.py | 54 ++++++++++++++++++++++++++++++++++++++++++++++--
1 files changed, 51 insertions(+), 3 deletions(-)
diff --git a/task-2718/detector.py b/task-2718/detector.py
index 1d6b4c2..5a55b39 100644
--- a/task-2718/detector.py
+++ b/task-2718/detector.py
@@ -267,15 +267,22 @@ def absolute_plot(series, minc, maxc, labels,INTERVAL, xtitle):
If 'scoring_interval' is specifed we only consider upscore/downscore
that happened in the latest 'scoring_interval' days.
"""
-def censor_score(series, minc, maxc, INTERVAL):
+def censor_score(series, minc, maxc, INTERVAL, scoring_interval=None):
upscore = 0
downscore = 0
+
+ if scoring_interval is None:
+ scoring_interval = len(series)
+ assert(len(series) >= scoring_interval)
+
for i, v in enumerate(series):
if i > 0 and i - INTERVAL >= 0 and series[i] != None and series[i-INTERVAL] != None and series[i-INTERVAL] != 0 and minc[i]!= None and maxc[i]!= None:
in_minc = minc[i] * poisson.ppf(1-0.9999, series[i-INTERVAL])
in_maxc = maxc[i] * poisson.ppf(0.9999, series[i-INTERVAL])
- downscore += 1 if minc[i] != None and v < in_minc else 0
- upscore += 1 if maxc[i] != None and v > in_maxc else 0
+ if (i >= (len(series) - scoring_interval)):
+ downscore += 1 if minc[i] != None and v < in_minc else 0
+ upscore += 1 if maxc[i] != None and v > in_maxc else 0
+
return downscore, upscore
def plot_target(tss, TARGET, xtitle, minx, maxx, DAYS=365, INTERV = 7):
@@ -338,6 +345,44 @@ def write_all(tss, minc, maxc, INTERVAL=7):
ranges_file.write("%s,%s,%s,%s\n" % (tss.all_dates[i], c, minv, maxv))
ranges_file.close()
+"""Write a file containing a short censorship report over the last
+'notification_period' days.
+"""
+def write_ml_report(tss, minx, maxx, INTERV, DAYS, notification_period=None):
+ if notification_period is None:
+ notification_period = DAYS
+
+ report_file = open('short_censorship_report.txt', 'w')
+ file_prologue_written = False
+
+ s = tss.get_largest(None) # no restrictions, get 'em all.
+ scores = []
+ for num, li in s:
+ ds,us = censor_score(tss.get_country_series(li)[-DAYS:], minx[-DAYS:], maxx[-DAYS:], INTERV, notification_period)
+ scores += [(ds,num, us, li)]
+ scores.sort()
+ scores.reverse()
+
+ for downscores,users_n,upscores,country_name in scores:
+ if (downscores > 0) or (upscores > 0):
+ if not file_prologue_written:
+ prologue = "=======================\n"
+ prologue += "Automatic Censorship Report for %s to %s\n" % (tss.all_dates[-notification_period], tss.all_dates[-1])
+ prologue += "=======================\n\n"
+ report_file.write(prologue)
+ file_prologue_written = True
+
+ if ((upscores > 0) and (downscores == 0)):
+ s = "We detected an unusual spike of Tor users in %s (%d upscores, %d users).\n" % \
+ (country_name, upscores, users_n)
+ else:
+ s = "We detected %d potential censorship events in %s (users: %d, upscores: %d).\n" % \
+ (downscores, country_name, users_n, upscores)
+
+ report_file.write(s + "\n")
+
+ report_file.close()
+
def main():
# Change these to customize script
CSV_FILE = "direct-users.csv"
@@ -353,5 +398,8 @@ def main():
#plot_all(tss, minx, maxx, INTERV, DAYS, rdir=GRAPH_DIR)
write_all(tss, minx, maxx, INTERV)
+ # Make our short report; only consider events of the last day
+ write_ml_report(tss, minx, maxx, INTERV, DAYS, 1)
+
if __name__ == "__main__":
main()
1
0
commit ad7d50bd436e2994c34fd454e969704b4902e418
Author: George Kadianakis <desnacked(a)riseup.net>
Date: Tue Jun 5 18:09:16 2012 +0300
Add documentation.
---
task-2718/detector.py | 76 ++++++++++++++++++++++++++++++++++--------------
1 files changed, 54 insertions(+), 22 deletions(-)
diff --git a/task-2718/detector.py b/task-2718/detector.py
index a3d073c..1d6b4c2 100644
--- a/task-2718/detector.py
+++ b/task-2718/detector.py
@@ -38,14 +38,14 @@
## anomalies that might be indicative of censorship.
# Dep: matplotlib
-from pylab import *
+from pylab import *
import matplotlib
# Dep: numpy
-import numpy
+import numpy
# Dep: scipy
-import scipy.stats
+import scipy.stats
from scipy.stats.distributions import norm
from scipy.stats.distributions import poisson
@@ -56,7 +56,18 @@ import os.path
days = ["Mon", "Tue", "Wed", "Thu", "Fri", "Sat", "Sun"]
-# read the .csv file
+"""
+Represents a .csv file containing information on the number of
+connecting Tor users per country.
+
+'store': Dictionary with (<country code>, <counter>) as key, and the number of users as value.
+ <country code> can also be "date"...
+'all_dates': List of the data intervals (with default timedelta: 1 day).
+'country_codes': List of all relevant country codes.
+'MAX_INDEX': Length of store, number of country codes etc.
+'date_min': The oldest date found in the .csv.
+'date_min': The latest date found in the .csv.
+"""
class torstatstore:
def __init__(self, file_name):
f = file(file_name)
@@ -72,13 +83,13 @@ class torstatstore:
processed_val = None
if ccode == "date":
try:
- year, month, day = int(val[:4]), int(val[5:7]), int(val[8:10])
+ year, month, day = int(val[:4]), int(val[5:7]), int(val[8:10])
processed_val = date(year, month, day)
except Exception, e:
print "Parsing error (ignoring line %s):" % j
print "%s" % val,e
- break
-
+ break
+
elif val != "NA":
processed_val = int(val)
store[(ccode, i)] = processed_val
@@ -91,7 +102,7 @@ class torstatstore:
d = date_min
dt = timedelta(days=1)
while d <= date_max:
- all_dates += [d]
+ all_dates += [d]
d = d + dt
# Save for later
@@ -102,6 +113,9 @@ class torstatstore:
self.date_min = date_min
self.date_max = date_max
+ """Return a list representing a time series of 'ccode' with respect
+ to the number of connected users.
+ """
def get_country_series(self, ccode):
assert ccode in self.country_codes
series = {}
@@ -114,6 +128,10 @@ class torstatstore:
sx += [series[d]]
return sx
+ """Return an ordered list containing tuples of the form (<number of
+ users>, <country code>). The list is ordered with respect to the
+ number of users for each country.
+ """
def get_largest(self, number):
exclude = set(["all", "??", "date"])
l = [(self.store[(c, self.MAX_INDEX-1)], c) for c in self.country_codes if c not in exclude]
@@ -121,6 +139,9 @@ class torstatstore:
l.reverse()
return l[:number]
+ """Return a dictionary, with <country code> as key, and the time
+ series of the country code as the value.
+ """
def get_largest_locations(self, number):
l = self.get_largest(number)
res = {}
@@ -128,14 +149,16 @@ class torstatstore:
res[ccode] = self.get_country_series(ccode)
return res
-# Computes the difference between today and a number of days in the past
+"""Return a list containing lists (?) where each such list contains
+the difference in users for a time delta of 'days'
+"""
def n_day_rel(series, days):
rel = []
for i, v in enumerate(series):
if series[i] is None:
rel += [None]
continue
-
+
if i - days < 0 or series[i-days] is None or series[i-days] == 0:
rel += [None]
else:
@@ -175,7 +198,7 @@ def make_tendencies_minmax(l, INTERVAL = 1):
return minx, maxx
# Makes pretty plots
-def raw_plot(series, minc, maxc, labels, xtitle):
+def raw_plot(series, minc, maxc, labels, xtitle):
assert len(xtitle) == 3
fname, stitle, slegend = xtitle
@@ -185,19 +208,19 @@ def raw_plot(series, minc, maxc, labels, xtitle):
matplotlib.rc('font', **font)
ylim( (-max(series)*0.1, max(series)*1.1) )
- plot(labels, series, linewidth=1.0, label="Users")
+ plot(labels, series, linewidth=1.0, label="Users")
wherefill = []
for mm,mx in zip(minc, maxc):
- wherefill += [not (mm == None and mx == None)]
+ wherefill += [not (mm == None and mx == None)]
assert mm < mx or (mm == None and mx == None)
-
+
fill_between(labels, minc, maxc, where=wherefill, color="gray", label="Prediction")
vdown = []
vup = []
for i,v in enumerate(series):
- if minc[i] != None and v < minc[i]:
+ if minc[i] != None and v < minc[i]:
vdown += [v]
vup += [None]
elif maxc[i] != None and v > maxc[i]:
@@ -206,7 +229,7 @@ def raw_plot(series, minc, maxc, labels, xtitle):
else:
vup += [None]
vdown += [None]
-
+
plot(labels, vdown, 'o', ms=10, lw=2, alpha=0.5, mfc='orange', label="Downturns")
plot(labels, vup, 'o', ms=10, lw=2, alpha=0.5, mfc='green', label="Upturns")
@@ -235,9 +258,15 @@ def absolute_plot(series, minc, maxc, labels,INTERVAL, xtitle):
else:
in_minc += [None]
in_maxc += [None]
- raw_plot(series, in_minc, in_maxc, labels, xtitle)
+ raw_plot(series, in_minc, in_maxc, labels, xtitle)
-# Censorship score by jurisdiction
+"""Return the number of downscores and upscores of a time series
+'series', given tendencies 'minc' and 'maxc' for the time interval
+'INTERVAL'.
+
+If 'scoring_interval' is specifed we only consider upscore/downscore
+that happened in the latest 'scoring_interval' days.
+"""
def censor_score(series, minc, maxc, INTERVAL):
upscore = 0
downscore = 0
@@ -263,17 +292,17 @@ def plot_all(tss, minx, maxx, INTERV, DAYS=None, rdir="img"):
return
summary_file = file(os.path.join(rdir, "summary.txt"), "w")
-
+
if DAYS == None:
DAYS = 6*31
-
+
s = tss.get_largest(200)
scores = []
for num, li in s:
print ".",
ds,us = censor_score(tss.get_country_series(li)[-DAYS:], minx[-DAYS:], maxx[-DAYS:], INTERV)
# print ds, us
- scores += [(ds,num, us, li)]
+ scores += [(ds,num, us, li)]
scores.sort()
scores.reverse()
s = "\n=======================\n"
@@ -290,6 +319,7 @@ def plot_all(tss, minx, maxx, INTERV, DAYS=None, rdir="img"):
plot_target(tss, c,xtitle, minx, maxx, DAYS, INTERV)
summary_file.close()
+"""Write a CSV report on the minimum/maximum users of each country per date."""
def write_all(tss, minc, maxc, INTERVAL=7):
ranges_file = file("direct-users-ranges.csv", "w")
ranges_file.write("date,country,minusers,maxusers\n")
@@ -312,9 +342,11 @@ def main():
# Change these to customize script
CSV_FILE = "direct-users.csv"
GRAPH_DIR = "img"
+ # Time interval to model connection rates.
INTERV = 7
+ # Consider maximum DAYS days back.
DAYS= 6 * 31
-
+
tss = torstatstore(CSV_FILE)
l = tss.get_largest_locations(50)
minx, maxx = make_tendencies_minmax(l, INTERV)
1
0

[metrics-web/master] Use a temp file for writing raw bridge usage data.
by karsten@torproject.org 06 Jun '12
by karsten@torproject.org 06 Jun '12
06 Jun '12
commit 7ce5984810a05bdd59790b8010da0d1f47e8910a
Author: Karsten Loesing <karsten.loesing(a)gmx.net>
Date: Wed Jun 6 10:00:49 2012 +0200
Use a temp file for writing raw bridge usage data.
Fixes more of #6064.
---
.../ernie/cron/BridgeStatsFileHandler.java | 24 ++++++++++++++++---
1 files changed, 20 insertions(+), 4 deletions(-)
diff --git a/src/org/torproject/ernie/cron/BridgeStatsFileHandler.java b/src/org/torproject/ernie/cron/BridgeStatsFileHandler.java
index aba7804..70a6a6f 100644
--- a/src/org/torproject/ernie/cron/BridgeStatsFileHandler.java
+++ b/src/org/torproject/ernie/cron/BridgeStatsFileHandler.java
@@ -50,6 +50,11 @@ public class BridgeStatsFileHandler {
private File bridgeStatsRawFile;
/**
+ * Temp file for writing intermediate results.
+ */
+ private File bridgeStatsRawTempFile;
+
+ /**
* Bridge user numbers by country as seen by single bridges on a given
* day. Map keys are bridge and date written as "bridge,date", map
* values are lines as read from <code>stats/bridge-stats-raw</code>.
@@ -118,6 +123,7 @@ public class BridgeStatsFileHandler {
/* Initialize file names for intermediate and final results. */
this.bridgeStatsRawFile = new File("stats/bridge-stats-raw");
+ this.bridgeStatsRawTempFile = new File("stats/bridge-stats-raw.tmp");
this.bridgeStatsFile = new File("stats/bridge-stats");
this.hashedRelayIdentitiesFile = new File(
"stats/hashed-relay-identities");
@@ -368,10 +374,12 @@ public class BridgeStatsFileHandler {
/* Write observations made by single bridges to disk. */
try {
this.logger.fine("Writing file "
- + this.bridgeStatsRawFile.getAbsolutePath() + "...");
- this.bridgeStatsRawFile.getParentFile().mkdirs();
+ + this.bridgeStatsRawFile.getAbsolutePath() + " (using "
+ + this.bridgeStatsRawTempFile.getAbsolutePath() + " as temp "
+ + "file)...");
+ this.bridgeStatsRawTempFile.getParentFile().mkdirs();
BufferedWriter bw = new BufferedWriter(new FileWriter(
- this.bridgeStatsRawFile));
+ this.bridgeStatsRawTempFile));
bw.append("bridge,date,time");
for (String c : this.countries) {
if (c.equals("zy")) {
@@ -399,11 +407,19 @@ public class BridgeStatsFileHandler {
}
}
bw.close();
+ if (!this.bridgeStatsRawTempFile.renameTo(
+ this.bridgeStatsRawFile)) {
+ this.logger.fine("Failed to rename "
+ + this.bridgeStatsRawTempFile.getAbsolutePath() + " to "
+ + this.bridgeStatsRawFile.getAbsolutePath() + ".");
+ }
this.logger.fine("Finished writing file "
+ this.bridgeStatsRawFile.getAbsolutePath() + ".");
} catch (IOException e) {
this.logger.log(Level.WARNING, "Failed to write "
- + this.bridgeStatsRawFile.getAbsolutePath() + "!", e);
+ + this.bridgeStatsRawFile.getAbsolutePath() + " (using "
+ + this.bridgeStatsRawTempFile.getAbsolutePath() + " as temp "
+ + "file)!", e);
}
/* Aggregate per-day statistics. */
1
0

06 Jun '12
commit 1caa8dad46cd4a803036ebc0b76f4f9e6784e196
Author: David Fifield <david(a)bamsoftware.com>
Date: Tue Jun 5 22:10:18 2012 -0700
Use plain http (not https) in embed links.
Using https would be preferable, which is why I changed this to explicit
https in 836b7a27. But I learned that Firefox doesn't allow making a
plaintext (ws) WebSocket connection in an https page; you have to use
wss instead, for the same reason you get mixed-content warnings.
https://bugzilla.mozilla.org/show_bug.cgi?id=662692
https://developer.mozilla.org/en/Firefox_8_for_developers#WebSockets
https://developer.mozilla.org/en/WebSockets/Writing_WebSocket_client_applic…
I think that we can't use wss sockets because they would require each
client to have a CA cert.
In the iframe link, I've left the protocol implicit, so it will use
https if the page itself is https and http otherwise. This is to avoid
using mixed content, but the badge won't work if the browser disallows
the plaintext WebSocket.
The about:config setting that controls this is
network.websocket.allowInsecureFromHTTPS.
---
README | 8 ++++----
doc/websocket-transport.txt | 4 ++--
2 files changed, 6 insertions(+), 6 deletions(-)
diff --git a/README b/README
index c00804b..71fbffe 100644
--- a/README
+++ b/README
@@ -26,7 +26,7 @@ changing pool of addresses.
This page has a description of the project; viewing it also turns your
computer into a flash proxy as long as the page is open.
-https://crypto.stanford.edu/flashproxy/
+http://crypto.stanford.edu/flashproxy/
== Quick start for users
@@ -46,7 +46,7 @@ if you are able to configure port forwarding or receive direct
connections from the Internet.
If you don't get a connection within 30 seconds or so, make sure someone
-with Flash Player is viewing https://crypto.stanford.edu/flashproxy/.
+with Flash Player is viewing http://crypto.stanford.edu/flashproxy/.
There aren't yet enough operational proxies that one is available all
the time.
@@ -87,7 +87,7 @@ without having to do port forwarding.
=== Troubleshooting
-Make sure someone is viewing https://crypto.stanford.edu/flashproxy/, or
+Make sure someone is viewing http://crypto.stanford.edu/flashproxy/, or
another web page with a flash proxy badge on it.
Sometimes Tor can think that the bridge you reach through a proxy is
@@ -131,7 +131,7 @@ Add this line to torrc to make the relay use the external proxy:
Paste in this HTML where you want the badge to appear:
-<iframe src="https://crypto.stanford.edu/flashproxy/embed.html" width="70px" height="23px" frameBorder="0" scrolling="no"></iframe>
+<iframe src="//crypto.stanford.edu/flashproxy/embed.html" width="70px" height="23px" frameBorder="0" scrolling="no"></iframe>
== For developers
diff --git a/doc/websocket-transport.txt b/doc/websocket-transport.txt
index ad1eef5..cf46301 100644
--- a/doc/websocket-transport.txt
+++ b/doc/websocket-transport.txt
@@ -103,7 +103,7 @@ Examples
> GET / HTTP/1.1\r\n
> Host: 192.0.2.1:80\r\n
-> Origin: https://example.com\r\n
+> Origin: http://example.com\r\n
> Sec-WebSocket-Version: 13\r\n
> Sec-WebSocket-Key: mzo2xSF9N8VUxuefqO0RSw==\r\n
> Connection: Upgrade\r\n
@@ -121,7 +121,7 @@ Examples
> GET / HTTP/1.1\r\n
> Host: 192.0.2.1:80\r\n
-> Origin: https://example.com\r\n
+> Origin: http://example.com\r\n
> Sec-WebSocket-Version: 13\r\n
> Sec-WebSocket-Protocol: base64\r\n
> Sec-WebSocket-Key: k5Ybhw0XBDeBfmda1J9ooQ==\r\n
1
0