tor-commits
Threads by month
- ----- 2026 -----
- February
- January
- ----- 2025 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2024 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2023 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2022 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2021 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2020 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2019 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2018 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2017 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2016 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2015 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2014 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2013 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2012 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2011 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- 1 participants
- 214711 discussions
commit 1a372064a9d4e91ef1c10b72242b8ceddbfefdc5
Author: Erinn Clark <erinn(a)torproject.org>
Date: Mon Mar 28 01:14:00 2011 +0200
update release date
---
changelog.osx-0.2.2 | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/changelog.osx-0.2.2 b/changelog.osx-0.2.2
index 6ad7f78..51f6026 100644
--- a/changelog.osx-0.2.2
+++ b/changelog.osx-0.2.2
@@ -8,4 +8,4 @@ Tor Browser Bundle (2.2.23-1) alpha; suite=osx
* Update NoScript to 2.0.9.9
* Update BetterPrivacy to 1.49
- -- Erinn Clark <erinn(a)torproject.org> Sat Mar 26 13:44:53 CET 2011
+ -- Erinn Clark <erinn(a)torproject.org> Sun Mar 27 23:27:39 CEST 2011
1
0
[torbrowser/master] add preliminary hacking doc, with preliminary versioning and git branching information
by erinn@torproject.org 23 Oct '11
by erinn@torproject.org 23 Oct '11
23 Oct '11
commit e4469eac78603fb80c9cc81793588e8b2f6d4492
Author: Erinn Clark <erinn(a)torproject.org>
Date: Tue Mar 29 03:09:45 2011 +0200
add preliminary hacking doc, with preliminary versioning and git branching information
---
docs/HACKING | 123 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
1 files changed, 123 insertions(+), 0 deletions(-)
diff --git a/docs/HACKING b/docs/HACKING
new file mode 100644
index 0000000..e27206d
--- /dev/null
+++ b/docs/HACKING
@@ -0,0 +1,123 @@
+How to Contribute to the Tor Browser Bundle
+===========================================
+
+General system layout
+---------------------
+
+The Tor Browser Bundle (henceforth known as 'TBB') consists of several
+components of software:
+
+Main Players
+- Tor
+- Vidalia (front-end to Tor)
+- Firefox
+ * Firefox extensions
+ - Torbutton
+ - HTTPS-Everywhere
+ - (Linux and OS X) NoScript
+ - (Linux and OS X) BetterPrivacy
+Supporting Cast (libraries)
+- OpenSSL
+- zlib
+- libevent
+- Qt
+
+It works by having a launch script which opens Vidalia, which then launches
+Firefox, pre-configured with Torbutton and other privacy-enhancing extensions.
+
+
+Git branching strategy
+----------------------
+
+TBB's git strategy is based loosely on Tor's method. At any given time there
+are three TBB branches which correspond to Tor's branches. Currently that
+means:
+
+torbrowser.git
+ - master
+ - maint-2.3
+ - maint-2.2
+ - archive-1.0
+
+master:
+The master branch's versions are considered equivalent in spirit to Tor's
+master branch, which is to say things under heavy and occasionally turbulent
+development. This branch will use Tor's 'master' as its main Tor build, and all
+other components in TBB will be equally alpha, which is to say, they ought to
+be the kinds of things that are pulled directly from version control with
+absolutely no guarantee that they will work separately or together.
+
+maint-2.3:
+The maint-2.3 branch's versions correspond to Tor's 0.2.3.x series of releases.
+Since 0.2.3.x is the next alpha release of Tor, all of the components of TBB
+will mimic its stability, as above. This means it will be a testing ground for
+newly released pieces of software, rather than relying on the latest commits in
+the various components' version control systems. (As of current writing
+(2011-03-29), 0.2.3.x is still the alpha-dev version of Tor, but it is expected
+to become the normal alpha release soon.)
+
+maint-2.2:
+The maint-2.2 branch's versions correspond to Tor's 0.2.2.x series of releases.
+This is the (almost) incumbent stable branch of Tor, and of TBB. Every
+component in this branch should consistently work together, and new versions of
+non-Tor software can only be moved in once they have proven to be stable in the
+maint-2.3 branch. New features and build improvements may be added to this
+branch, but only after they have had sufficient testing in the alpha branch.
+
+archive-1.0:
+This will be a record of all changes prior to the new git methodology.
+
+Versioning
+-----------------------
+
+A brief history lesson is necessary to explain the versioning of TBB.
+
+The first version of TBB (0.0.1) was released 2007-12-11. It was Windows only
+until 2010-03-25, at which point it was joined by the Linux version (1.0.0,
+thusly versioned because Andrew said "Just call it 1.0.0. Users won't use
+anything else.") At this point, Windows was at version 1.3.3. The OS X version
+joined the fray on 2010-09-15 as version 1.0.0, at which point the Windows
+version was at 1.3.9 and the Linux version was at 1.0.10. The Linux and OS X
+versions were widely diverged from the Windows version in the sense that they
+were alpha -- both in terms of overall bundle testing, and because they were
+using the Tor alpha version.
+
+When your humble narrator took over all three of them, and the Tor 0.2.2.x
+branch began to stabilize, it was clear that soon all three versions would be
+able to use the same versions of software, and in order to remain consistent,
+the version should meet the following requirements:
+
+1. It must be an increment of the previous shared version so as to avoid
+ confusing users
+2. It must be consistent across operating systems
+3. It must communicate the Tor version it contains
+4. It must allow for package versioning that does not impact the Tor version
+5. It should not make the filenames any longer
+6. It should be flexible enough to allow for deviation between architectural
+ packages on the same operating system, or packaging changes irrespective of
+ operating system, while maintaining clarity about which 'family' the package
+ belongs to
+
+(For more information on the Tor versioning scheme, please see:
+https://gitweb.torproject.org/torspec.git/blob/HEAD:/version-spec.txt)
+
+Based on the blend of TBB's old versioning system and Tor's current versioning
+system, we end up with:
+Tor's MINOR.MICRO.PATCHLEVEL(-status_tag)-tbb_ver(-tbb_status_tag)(-arch)
+
+If Tor is ever perfect and releases a major version that is non-zero we will
+have to rethink this strategy.
+
+Tor's MINOR, MICRO, PATCHLEVEL, and status_tag are covered in its version spec.
+
+Official TBB releases must have 'tbb_ver' which refers to the current version
+of the package, beginning with 1.
+
+Official TBB releases may have 'tbb_status_tag' if there is a good enough
+reason. What constitutes a 'good enough reason' is left to the discretion of
+the official maintainer and must have a corresponding git branch in the
+maintainer's personal repo. Unofficial TBB releases must have 'tbb_status_tag'
+as well as a corresponding git branch.
+
+Official TBB releases for more than one architecture must use 'arch' in the
+filename.
1
0
[torbrowser/master] add the firefox4 version of the non-blocking socks patch
by erinn@torproject.org 23 Oct '11
by erinn@torproject.org 23 Oct '11
23 Oct '11
commit 7912dbe21196f4731f787f12c943dff12324cff6
Author: Erinn Clark <erinn(a)torproject.org>
Date: Sun Mar 27 18:44:08 2011 +0200
add the firefox4 version of the non-blocking socks patch
---
.../non-blocking-socks-firefox-4.0.patch | 1637 ++++++++++++++++++++
1 files changed, 1637 insertions(+), 0 deletions(-)
diff --git a/src/current-patches/non-blocking-socks-firefox-4.0.patch b/src/current-patches/non-blocking-socks-firefox-4.0.patch
new file mode 100644
index 0000000..cf5aeae
--- /dev/null
+++ b/src/current-patches/non-blocking-socks-firefox-4.0.patch
@@ -0,0 +1,1637 @@
+--- a/netwerk/base/src/nsSocketTransport2.cpp
++++ a/netwerk/base/src/nsSocketTransport2.cpp
+@@ -1222,16 +1222,26 @@ nsSocketTransport::InitiateSocket()
+ // connection... wouldn't we need to call ProxyStartSSL after a call
+ // to PR_ConnectContinue indicates that we are connected?
+ //
+ // XXX this appears to be what the old socket transport did. why
+ // isn't this broken?
+ }
+ }
+ //
++ // A SOCKS request was rejected; get the actual error code from
++ // the OS error
++ //
++ else if (PR_UNKNOWN_ERROR == code &&
++ mProxyTransparent &&
++ !mProxyHost.IsEmpty()) {
++ code = PR_GetOSError();
++ rv = ErrorAccordingToNSPR(code);
++ }
++ //
+ // The connection was refused...
+ //
+ else {
+ rv = ErrorAccordingToNSPR(code);
+ if ((rv == NS_ERROR_CONNECTION_REFUSED) && !mProxyHost.IsEmpty())
+ rv = NS_ERROR_PROXY_CONNECTION_REFUSED;
+ }
+ }
+@@ -1544,17 +1554,26 @@ nsSocketTransport::OnSocketReady(PRFileD
+ //
+ // If the connect is still not ready, then continue polling...
+ //
+ if ((PR_WOULD_BLOCK_ERROR == code) || (PR_IN_PROGRESS_ERROR == code)) {
+ // Set up the select flags for connect...
+ mPollFlags = (PR_POLL_EXCEPT | PR_POLL_WRITE);
+ // Update poll timeout in case it was changed
+ mPollTimeout = mTimeouts[TIMEOUT_CONNECT];
+- }
++ }
++ //
++ // The SOCKS proxy rejected our request. Find out why.
++ //
++ else if (PR_UNKNOWN_ERROR == code &&
++ mProxyTransparent &&
++ !mProxyHost.IsEmpty()) {
++ code = PR_GetOSError();
++ mCondition = ErrorAccordingToNSPR(code);
++ }
+ else {
+ //
+ // else, the connection failed...
+ //
+ mCondition = ErrorAccordingToNSPR(code);
+ if ((mCondition == NS_ERROR_CONNECTION_REFUSED) && !mProxyHost.IsEmpty())
+ mCondition = NS_ERROR_PROXY_CONNECTION_REFUSED;
+ SOCKET_LOG((" connection failed! [reason=%x]\n", mCondition));
+--- a/netwerk/socket/nsSOCKSIOLayer.cpp
++++ a/netwerk/socket/nsSOCKSIOLayer.cpp
+@@ -20,16 +20,17 @@
+ * Portions created by the Initial Developer are Copyright (C) 1998
+ * the Initial Developer. All Rights Reserved.
+ *
+ * Contributor(s):
+ * Justin Bradford <jab(a)atdot.org>
+ * Bradley Baetz <bbaetz(a)acm.org>
+ * Darin Fisher <darin(a)meer.net>
+ * Malcolm Smith <malsmith(a)cs.rmit.edu.au>
++ * Christopher Davis <chrisd(a)torproject.org>
+ *
+ * Alternatively, the contents of this file may be used under the terms of
+ * either the GNU General Public License Version 2 or later (the "GPL"), or
+ * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+ * in which case the provisions of the GPL or the LGPL are applicable instead
+ * of those above. If you wish to allow use of your version of this file only
+ * under the terms of either the GPL or the LGPL, and not to allow others to
+ * use your version of this file under the terms of the MPL, indicate your
+@@ -63,51 +64,115 @@ static PRLogModuleInfo *gSOCKSLog;
+
+ #else
+ #define LOGDEBUG(args)
+ #define LOGERROR(args)
+ #endif
+
+ class nsSOCKSSocketInfo : public nsISOCKSSocketInfo
+ {
++ enum State {
++ SOCKS_INITIAL,
++ SOCKS_CONNECTING_TO_PROXY,
++ SOCKS4_WRITE_CONNECT_REQUEST,
++ SOCKS4_READ_CONNECT_RESPONSE,
++ SOCKS5_WRITE_AUTH_REQUEST,
++ SOCKS5_READ_AUTH_RESPONSE,
++ SOCKS5_WRITE_CONNECT_REQUEST,
++ SOCKS5_READ_CONNECT_RESPONSE_TOP,
++ SOCKS5_READ_CONNECT_RESPONSE_BOTTOM,
++ SOCKS_CONNECTED,
++ SOCKS_FAILED
++ };
++
++ // A buffer of 262 bytes should be enough for any request and response
++ // in case of SOCKS4 as well as SOCKS5
++ static const PRUint32 BUFFER_SIZE = 262;
++ static const PRUint32 MAX_HOSTNAME_LEN = 255;
++
+ public:
+ nsSOCKSSocketInfo();
+- virtual ~nsSOCKSSocketInfo() {}
++ virtual ~nsSOCKSSocketInfo() { HandshakeFinished(); }
+
+ NS_DECL_ISUPPORTS
+ NS_DECL_NSISOCKSSOCKETINFO
+
+ void Init(PRInt32 version,
+ const char *proxyHost,
+ PRInt32 proxyPort,
+ const char *destinationHost,
+ PRUint32 flags);
+
+- const nsCString &DestinationHost() { return mDestinationHost; }
+- const nsCString &ProxyHost() { return mProxyHost; }
+- PRInt32 ProxyPort() { return mProxyPort; }
+- PRInt32 Version() { return mVersion; }
+- PRUint32 Flags() { return mFlags; }
++ void SetConnectTimeout(PRIntervalTime to);
++ PRStatus DoHandshake(PRFileDesc *fd, PRInt16 oflags = -1);
++ PRInt16 GetPollFlags() const;
++ bool IsConnected() const { return mState == SOCKS_CONNECTED; }
+
+ private:
++ void HandshakeFinished(PRErrorCode err = 0);
++ PRStatus ConnectToProxy(PRFileDesc *fd);
++ PRStatus ContinueConnectingToProxy(PRFileDesc *fd, PRInt16 oflags);
++ PRStatus WriteV4ConnectRequest();
++ PRStatus ReadV4ConnectResponse();
++ PRStatus WriteV5AuthRequest();
++ PRStatus ReadV5AuthResponse();
++ PRStatus WriteV5ConnectRequest();
++ PRStatus ReadV5AddrTypeAndLength(PRUint8 *type, PRUint32 *len);
++ PRStatus ReadV5ConnectResponseTop();
++ PRStatus ReadV5ConnectResponseBottom();
++
++ void WriteUint8(PRUint8 d);
++ void WriteUint16(PRUint16 d);
++ void WriteUint32(PRUint32 d);
++ void WriteNetAddr(const PRNetAddr *addr);
++ void WriteNetPort(const PRNetAddr *addr);
++ void WriteString(const nsACString &str);
++
++ PRUint8 ReadUint8();
++ PRUint16 ReadUint16();
++ PRUint32 ReadUint32();
++ void ReadNetAddr(PRNetAddr *addr, PRUint16 fam);
++ void ReadNetPort(PRNetAddr *addr);
++
++ void WantRead(PRUint32 sz);
++ PRStatus ReadFromSocket(PRFileDesc *fd);
++ PRStatus WriteToSocket(PRFileDesc *fd);
++
++private:
++ State mState;
++ PRUint8 * mData;
++ PRUint8 * mDataIoPtr;
++ PRUint32 mDataLength;
++ PRUint32 mReadOffset;
++ PRUint32 mAmountToRead;
++ nsCOMPtr<nsIDNSRecord> mDnsRec;
++
+ nsCString mDestinationHost;
+ nsCString mProxyHost;
+ PRInt32 mProxyPort;
+ PRInt32 mVersion; // SOCKS version 4 or 5
+ PRUint32 mFlags;
+ PRNetAddr mInternalProxyAddr;
+ PRNetAddr mExternalProxyAddr;
+ PRNetAddr mDestinationAddr;
++ PRIntervalTime mTimeout;
+ };
+
+ nsSOCKSSocketInfo::nsSOCKSSocketInfo()
+- : mProxyPort(-1)
++ : mState(SOCKS_INITIAL)
++ , mDataIoPtr(nsnull)
++ , mDataLength(0)
++ , mReadOffset(0)
++ , mAmountToRead(0)
++ , mProxyPort(-1)
+ , mVersion(-1)
+ , mFlags(0)
++ , mTimeout(PR_INTERVAL_NO_TIMEOUT)
+ {
++ mData = new PRUint8[BUFFER_SIZE];
+ PR_InitializeNetAddr(PR_IpAddrAny, 0, &mInternalProxyAddr);
+ PR_InitializeNetAddr(PR_IpAddrAny, 0, &mExternalProxyAddr);
+ PR_InitializeNetAddr(PR_IpAddrAny, 0, &mDestinationAddr);
+ }
+
+ void
+ nsSOCKSSocketInfo::Init(PRInt32 version, const char *proxyHost, PRInt32 proxyPort, const char *host, PRUint32 flags)
+ {
+@@ -157,647 +222,817 @@ nsSOCKSSocketInfo::GetInternalProxyAddr(
+
+ NS_IMETHODIMP
+ nsSOCKSSocketInfo::SetInternalProxyAddr(PRNetAddr *aInternalProxyAddr)
+ {
+ memcpy(&mInternalProxyAddr, aInternalProxyAddr, sizeof(PRNetAddr));
+ return NS_OK;
+ }
+
+-static PRInt32
+-pr_RecvAll(PRFileDesc *fd, unsigned char *buf, PRInt32 amount, PRIntn flags,
+- PRIntervalTime *timeout)
++// There needs to be a means of distinguishing between connection errors
++// that the SOCKS server reports when it rejects a connection request, and
++// connection errors that happen while attempting to connect to the SOCKS
++// server. Otherwise, Firefox will report incorrectly that the proxy server
++// is refusing connections when a SOCKS request is rejected by the proxy.
++// When a SOCKS handshake failure occurs, the PR error is set to
++// PR_UNKNOWN_ERROR, and the real error code is returned via the OS error.
++void
++nsSOCKSSocketInfo::HandshakeFinished(PRErrorCode err)
+ {
+- PRInt32 bytesRead = 0;
+- PRInt32 offset = 0;
++ if (err == 0) {
++ mState = SOCKS_CONNECTED;
++ } else {
++ mState = SOCKS_FAILED;
++ PR_SetError(PR_UNKNOWN_ERROR, err);
++ }
+
+- while (offset < amount) {
+- PRIntervalTime start_time = PR_IntervalNow();
+- bytesRead = PR_Recv(fd, buf + offset, amount - offset, flags, *timeout);
+- PRIntervalTime elapsed = PR_IntervalNow() - start_time;
+-
+- if (elapsed > *timeout) {
+- *timeout = 0;
+- } else {
+- *timeout -= elapsed;
+- }
+-
+- if (bytesRead > 0) {
+- offset += bytesRead;
+- } else if (bytesRead == 0 || offset != 0) {
+- return offset;
+- } else {
+- return bytesRead;
+- }
+-
+- if (*timeout == 0) {
+- LOGERROR(("PR_Recv() timed out. amount = %d. offset = %d.",
+- amount, offset));
+- return offset;
+- }
+- }
+- return offset;
++ // We don't need the buffer any longer, so free it.
++ delete [] mData;
++ mData = nsnull;
++ mDataIoPtr = nsnull;
++ mDataLength = 0;
++ mReadOffset = 0;
++ mAmountToRead = 0;
+ }
+
+-static PRInt32
+-pr_Send(PRFileDesc *fd, const void *buf, PRInt32 amount, PRIntn flags,
+- PRIntervalTime *timeout)
++PRStatus
++nsSOCKSSocketInfo::ConnectToProxy(PRFileDesc *fd)
+ {
+- PRIntervalTime start_time = PR_IntervalNow();
+- PRInt32 retval = PR_Send(fd, buf, amount, flags, *timeout);
+- PRIntervalTime elapsed = PR_IntervalNow() - start_time;
++ PRStatus status;
++ nsresult rv;
+
+- if (elapsed > *timeout) {
+- *timeout = 0;
+- LOGERROR(("PR_Send() timed out. amount = %d. retval = %d.",
+- amount, retval));
+- return retval;
+- } else {
+- *timeout -= elapsed;
+- }
++ NS_ABORT_IF_FALSE(mState == SOCKS_INITIAL,
++ "Must be in initial state to make connection!");
+
+- if (retval <= 0) {
+- LOGERROR(("PR_Send() failed. amount = %d. retval = %d.",
+- amount, retval));
+- }
++ // If we haven't performed the DNS lookup, do that now.
++ if (!mDnsRec) {
++ nsCOMPtr<nsIDNSService> dns = do_GetService(NS_DNSSERVICE_CONTRACTID);
++ if (!dns)
++ return PR_FAILURE;
+
+- return retval;
+-}
+-
+-// Negotiate a SOCKS 5 connection. Assumes the TCP connection to the socks
+-// server port has been established.
+-static nsresult
+-ConnectSOCKS5(PRFileDesc *fd, const PRNetAddr *addr, PRNetAddr *extAddr, PRIntervalTime timeout)
+-{
+- int request_len = 0;
+- int response_len = 0;
+- int desired_len = 0;
+- unsigned char request[22];
+- unsigned char response[262];
+-
+- NS_ENSURE_TRUE(fd, NS_ERROR_NOT_INITIALIZED);
+- NS_ENSURE_TRUE(addr, NS_ERROR_NOT_INITIALIZED);
+- NS_ENSURE_TRUE(extAddr, NS_ERROR_NOT_INITIALIZED);
+-
+- request[0] = 0x05; // SOCKS version 5
+- request[1] = 0x01; // number of auth procotols we recognize
+- // auth protocols
+- request[2] = 0x00; // no authentication required
+- // compliant implementations MUST implement GSSAPI
+- // and SHOULD implement username/password and MAY
+- // implement CHAP
+- // TODO: we don't implement these
+- //request[3] = 0x01; // GSSAPI
+- //request[4] = 0x02; // username/password
+- //request[5] = 0x03; // CHAP
+-
+- request_len = 2 + request[1];
+- int write_len = pr_Send(fd, request, request_len, 0, &timeout);
+- if (write_len != request_len) {
+- return NS_ERROR_FAILURE;
+- }
+-
+- // get the server's response.
+- desired_len = 2;
+- response_len = pr_RecvAll(fd, response, desired_len, 0, &timeout);
+-
+- if (response_len < desired_len) {
+- LOGERROR(("pr_RecvAll() failed. response_len = %d.", response_len));
+- return NS_ERROR_FAILURE;
+- }
+-
+- if (response[0] != 0x05) {
+- // it's a either not SOCKS or not our version
+- LOGERROR(("Not a SOCKS 5 reply. Expected: 5; received: %x", response[0]));
+- return NS_ERROR_FAILURE;
+- }
+- switch (response[1]) {
+- case 0x00:
+- // no auth
+- break;
+- case 0x01:
+- // GSSAPI
+- // TODO: implement
+- LOGERROR(("Server want to use GSSAPI to authenticate, but we don't support it."));
+- return NS_ERROR_FAILURE;
+- case 0x02:
+- // username/password
+- // TODO: implement
+- LOGERROR(("Server want to use username/password to authenticate, but we don't support it."));
+- return NS_ERROR_FAILURE;
+- case 0x03:
+- // CHAP
+- // TODO: implement?
+- LOGERROR(("Server want to use CHAP to authenticate, but we don't support it."));
+- return NS_ERROR_FAILURE;
+- default:
+- // unrecognized auth method
+- LOGERROR(("Uncrecognized authentication method received: %x", response[1]));
+- return NS_ERROR_FAILURE;
+- }
+-
+- // we are now authenticated, so lets tell
+- // the server where to connect to
+-
+- request_len = 0;
+-
+- request[0] = 0x05; // SOCKS version 5
+- request[1] = 0x01; // CONNECT command
+- request[2] = 0x00; // obligatory reserved field (perfect for MS tampering!)
+-
+- // get destination port
+- PRInt32 destPort = PR_ntohs(PR_NetAddrInetPort(addr));
+- nsSOCKSSocketInfo * info = (nsSOCKSSocketInfo*) fd->secret;
+-
+- if (info->Flags() & nsISocketProvider::PROXY_RESOLVES_HOST) {
+-
+- LOGDEBUG(("using server to resolve hostnames rather than resolving it first\n"));
+-
+- // if the PROXY_RESOLVES_HOST flag is set, we assume
+- // that the transport wants us to pass the SOCKS server the
+- // hostname and port and let it do the name resolution.
+-
+- // the real destination hostname and port was stored
+- // in our info object earlier when this layer was created.
+-
+- const nsCString& destHost = info->DestinationHost();
+-
+- LOGDEBUG(("host:port -> %s:%li", destHost.get(), destPort));
+-
+- request[3] = 0x03; // encoding of destination address (3 == hostname)
+-
+- int host_len = destHost.Length();
+- if (host_len > 255) {
+- // SOCKS5 transmits the length of the hostname in a single char.
+- // This gives us an absolute limit of 255 chars in a hostname, and
+- // there's nothing we can do to extend it. I don't think many
+- // hostnames will ever be bigger than this, so hopefully it's an
+- // uneventful abort condition.
+- LOGERROR (("Hostname too big for SOCKS5."));
+- return NS_ERROR_INVALID_ARG;
+- }
+- request[4] = (char) host_len;
+- request_len = 5;
+-
+- // Send the initial header first...
+- write_len = pr_Send(fd, request, request_len, 0, &timeout);
+- if (write_len != request_len) {
+- // bad write
+- return NS_ERROR_FAILURE;
+- }
+-
+- // Now send the hostname...
+- write_len = pr_Send(fd, destHost.get(), host_len, 0, &timeout);
+- if (write_len != host_len) {
+- // bad write
+- return NS_ERROR_FAILURE;
+- }
+-
+- // There's no data left because we just sent it.
+- request_len = 0;
+-
+- } else if (PR_NetAddrFamily(addr) == PR_AF_INET) {
+-
+- request[3] = 0x01; // encoding of destination address (1 == IPv4)
+- request_len = 8; // 4 for address, 4 SOCKS headers
+-
+- char * ip = (char*)(&addr->inet.ip);
+- request[4] = *ip++;
+- request[5] = *ip++;
+- request[6] = *ip++;
+- request[7] = *ip++;
+-
+- } else if (PR_NetAddrFamily(addr) == PR_AF_INET6) {
+-
+- request[3] = 0x04; // encoding of destination address (4 == IPv6)
+- request_len = 20; // 16 for address, 4 SOCKS headers
+-
+- char * ip = (char*)(&addr->ipv6.ip.pr_s6_addr);
+- request[4] = *ip++; request[5] = *ip++;
+- request[6] = *ip++; request[7] = *ip++;
+- request[8] = *ip++; request[9] = *ip++;
+- request[10] = *ip++; request[11] = *ip++;
+- request[12] = *ip++; request[13] = *ip++;
+- request[14] = *ip++; request[15] = *ip++;
+- request[16] = *ip++; request[17] = *ip++;
+- request[18] = *ip++; request[19] = *ip++;
+-
+- // we're going to test to see if this address can
+- // be mapped back into IPv4 without loss. if so,
+- // we'll use IPv4 instead, as reliable SOCKS server
+- // support for IPv6 is probably questionable.
+-
+- if (PR_IsNetAddrType(addr, PR_IpAddrV4Mapped)) {
+- request[3] = 0x01; // ipv4 encoding
+- request[4] = request[16];
+- request[5] = request[17];
+- request[6] = request[18];
+- request[7] = request[19];
+- request_len -= 12;
+- }
+- } else {
+- // Unknown address type
+- LOGERROR(("Don't know what kind of IP address this is."));
+- return NS_ERROR_FAILURE;
+- }
+-
+- // add the destination port to the request
+- request[request_len] = (unsigned char)(destPort >> 8);
+- request[request_len+1] = (unsigned char)destPort;
+- request_len += 2;
+-
+- write_len = pr_Send(fd, request, request_len, 0, &timeout);
+- if (write_len != request_len) {
+- // bad write
+- return NS_ERROR_FAILURE;
+- }
+-
+- desired_len = 5;
+- response_len = pr_RecvAll(fd, response, desired_len, 0, &timeout);
+- if (response_len < desired_len) { // bad read
+- LOGERROR(("pr_RecvAll() failed getting connect command reply. response_len = %d.", response_len));
+- return NS_ERROR_FAILURE;
+- }
+-
+- if (response[0] != 0x05) {
+- // bad response
+- LOGERROR(("Not a SOCKS 5 reply. Expected: 5; received: %x", response[0]));
+- return NS_ERROR_FAILURE;
+- }
+-
+- switch(response[1]) {
+- case 0x00: break; // success
+- case 0x01: LOGERROR(("SOCKS 5 server rejected connect request: 01, General SOCKS server failure."));
+- return NS_ERROR_FAILURE;
+- case 0x02: LOGERROR(("SOCKS 5 server rejected connect request: 02, Connection not allowed by ruleset."));
+- return NS_ERROR_FAILURE;
+- case 0x03: LOGERROR(("SOCKS 5 server rejected connect request: 03, Network unreachable."));
+- return NS_ERROR_FAILURE;
+- case 0x04: LOGERROR(("SOCKS 5 server rejected connect request: 04, Host unreachable."));
+- return NS_ERROR_FAILURE;
+- case 0x05: LOGERROR(("SOCKS 5 server rejected connect request: 05, Connection refused."));
+- return NS_ERROR_FAILURE;
+- case 0x06: LOGERROR(("SOCKS 5 server rejected connect request: 06, TTL expired."));
+- return NS_ERROR_FAILURE;
+- case 0x07: LOGERROR(("SOCKS 5 server rejected connect request: 07, Command not supported."));
+- return NS_ERROR_FAILURE;
+- case 0x08: LOGERROR(("SOCKS 5 server rejected connect request: 08, Address type not supported."));
+- return NS_ERROR_FAILURE;
+- default: LOGERROR(("SOCKS 5 server rejected connect request: %x.", response[1]));
+- return NS_ERROR_FAILURE;
+-
+-
+- }
+-
+- switch (response[3]) {
+- case 0x01: // IPv4
+- desired_len = 4 + 2 - 1;
+- break;
+- case 0x03: // FQDN
+- desired_len = response[4] + 2;
+- break;
+- case 0x04: // IPv6
+- desired_len = 16 + 2 - 1;
+- break;
+- default: // unknown format
+- return NS_ERROR_FAILURE;
+- break;
+- }
+- response_len = pr_RecvAll(fd, response + 5, desired_len, 0, &timeout);
+- if (response_len < desired_len) { // bad read
+- LOGERROR(("pr_RecvAll() failed getting connect command reply. response_len = %d.", response_len));
+- return NS_ERROR_FAILURE;
+- }
+- response_len += 5;
+-
+- // get external bound address (this is what
+- // the outside world sees as "us")
+- char *ip = nsnull;
+- PRUint16 extPort = 0;
+-
+- switch (response[3]) {
+- case 0x01: // IPv4
+-
+- extPort = (response[8] << 8) | response[9];
+-
+- PR_SetNetAddr(PR_IpAddrAny, PR_AF_INET, extPort, extAddr);
+-
+- ip = (char*)(&extAddr->inet.ip);
+- *ip++ = response[4];
+- *ip++ = response[5];
+- *ip++ = response[6];
+- *ip++ = response[7];
+-
+- break;
+- case 0x04: // IPv6
+-
+- extPort = (response[20] << 8) | response[21];
+-
+- PR_SetNetAddr(PR_IpAddrAny, PR_AF_INET6, extPort, extAddr);
+-
+- ip = (char*)(&extAddr->ipv6.ip.pr_s6_addr);
+- *ip++ = response[4]; *ip++ = response[5];
+- *ip++ = response[6]; *ip++ = response[7];
+- *ip++ = response[8]; *ip++ = response[9];
+- *ip++ = response[10]; *ip++ = response[11];
+- *ip++ = response[12]; *ip++ = response[13];
+- *ip++ = response[14]; *ip++ = response[15];
+- *ip++ = response[16]; *ip++ = response[17];
+- *ip++ = response[18]; *ip++ = response[19];
+-
+- break;
+- case 0x03: // FQDN
+- // if we get here, we don't know our external address.
+- // however, as that's possibly not critical to the user,
+- // we let it slide.
+- extPort = (response[response_len - 2] << 8) |
+- response[response_len - 1];
+- PR_InitializeNetAddr(PR_IpAddrNull, extPort, extAddr);
+- break;
+- }
+- return NS_OK;
+-}
+-
+-// Negotiate a SOCKS 4 connection. Assumes the TCP connection to the socks
+-// server port has been established.
+-static nsresult
+-ConnectSOCKS4(PRFileDesc *fd, const PRNetAddr *addr, PRIntervalTime timeout)
+-{
+- int request_len = 0;
+- int write_len;
+- int response_len = 0;
+- int desired_len = 0;
+- char *ip = nsnull;
+- unsigned char request[12];
+- unsigned char response[10];
+-
+- NS_ENSURE_TRUE(fd, NS_ERROR_NOT_INITIALIZED);
+- NS_ENSURE_TRUE(addr, NS_ERROR_NOT_INITIALIZED);
+-
+- request[0] = 0x04; // SOCKS version 4
+- request[1] = 0x01; // CD command code -- 1 for connect
+-
+- // destination port
+- PRInt32 destPort = PR_ntohs(PR_NetAddrInetPort(addr));
+-
+- // store the port
+- request[2] = (unsigned char)(destPort >> 8);
+- request[3] = (unsigned char)destPort;
+-
+- // username
+- request[8] = 'M';
+- request[9] = 'O';
+- request[10] = 'Z';
+-
+- request[11] = 0x00;
+-
+- request_len = 12;
+-
+- nsSOCKSSocketInfo * info = (nsSOCKSSocketInfo*) fd->secret;
+-
+- if (info->Flags() & nsISocketProvider::PROXY_RESOLVES_HOST) {
+-
+- LOGDEBUG(("using server to resolve hostnames rather than resolving it first\n"));
+-
+- // if the PROXY_RESOLVES_HOST flag is set, we assume that the
+- // transport wants us to pass the SOCKS server the hostname
+- // and port and let it do the name resolution.
+-
+- // an extension to SOCKS 4, called 4a, specifies a way
+- // to do this, so we'll try that and hope the
+- // server supports it.
+-
+- // the real destination hostname and port was stored
+- // in our info object earlier when this layer was created.
+-
+- const nsCString& destHost = info->DestinationHost();
+-
+- LOGDEBUG(("host:port -> %s:%li\n", destHost.get(), destPort));
+-
+- // the IP portion of the query is set to this special address.
+- request[4] = 0;
+- request[5] = 0;
+- request[6] = 0;
+- request[7] = 1;
+-
+- write_len = pr_Send(fd, request, request_len, 0, &timeout);
+- if (write_len != request_len) {
+- return NS_ERROR_FAILURE;
+- }
+-
+- // Remember the NULL.
+- int host_len = destHost.Length() + 1;
+-
+- write_len = pr_Send(fd, destHost.get(), host_len, 0, &timeout);
+- if (write_len != host_len) {
+- return NS_ERROR_FAILURE;
+- }
+-
+- // No data to send, just sent it.
+- request_len = 0;
+-
+- } else if (PR_NetAddrFamily(addr) == PR_AF_INET) { // IPv4
+-
+- // store the ip
+- ip = (char*)(&addr->inet.ip);
+- request[4] = *ip++;
+- request[5] = *ip++;
+- request[6] = *ip++;
+- request[7] = *ip++;
+-
+- } else if (PR_NetAddrFamily(addr) == PR_AF_INET6) { // IPv6
+-
+- // IPv4 address encoded in an IPv6 address
+- if (PR_IsNetAddrType(addr, PR_IpAddrV4Mapped)) {
+- // store the ip
+- ip = (char*)(&addr->ipv6.ip.pr_s6_addr[12]);
+- request[4] = *ip++;
+- request[5] = *ip++;
+- request[6] = *ip++;
+- request[7] = *ip++;
+- } else {
+- LOGERROR(("IPv6 is not supported in SOCKS 4."));
+- return NS_ERROR_FAILURE; // SOCKS 4 can't do IPv6
+- }
+-
+- } else {
+- LOGERROR(("Don't know what kind of IP address this is."));
+- return NS_ERROR_FAILURE; // don't recognize this type
+- }
+-
+- if (request_len > 0) {
+- write_len = pr_Send(fd, request, request_len, 0, &timeout);
+- if (write_len != request_len) {
+- return NS_ERROR_FAILURE;
++ rv = dns->Resolve(mProxyHost, 0, getter_AddRefs(mDnsRec));
++ if (NS_FAILED(rv)) {
++ LOGERROR(("socks: DNS lookup for SOCKS proxy %s failed",
++ mProxyHost.get()));
++ return PR_FAILURE;
+ }
+ }
+
+- // get the server's response
+- desired_len = 8; // size of the response
+- response_len = pr_RecvAll(fd, response, desired_len, 0, &timeout);
+- if (response_len < desired_len) {
+- LOGERROR(("pr_RecvAll() failed. response_len = %d.", response_len));
+- return NS_ERROR_FAILURE;
++ do {
++ rv = mDnsRec->GetNextAddr(mProxyPort, &mInternalProxyAddr);
++ // No more addresses to try? If so, we'll need to bail
++ if (NS_FAILED(rv)) {
++ LOGERROR(("socks: unable to connect to SOCKS proxy, %s",
++ mProxyHost.get()));
++ return PR_FAILURE;
++ }
++
++#if defined(PR_LOGGING)
++ char buf[64];
++ PR_NetAddrToString(&mInternalProxyAddr, buf, sizeof(buf));
++ LOGDEBUG(("socks: trying proxy server, %s:%hu",
++ buf, PR_ntohs(PR_NetAddrInetPort(&mInternalProxyAddr))));
++#endif
++ status = fd->lower->methods->connect(fd->lower,
++ &mInternalProxyAddr, mTimeout);
++ if (status != PR_SUCCESS) {
++ PRErrorCode c = PR_GetError();
++ // If EINPROGRESS, return now and check back later after polling
++ if (c == PR_WOULD_BLOCK_ERROR || c == PR_IN_PROGRESS_ERROR) {
++ mState = SOCKS_CONNECTING_TO_PROXY;
++ return status;
++ }
++ }
++ } while (status != PR_SUCCESS);
++
++ // Connected now, start SOCKS
++ if (mVersion == 4)
++ return WriteV4ConnectRequest();
++ return WriteV5AuthRequest();
++}
++
++PRStatus
++nsSOCKSSocketInfo::ContinueConnectingToProxy(PRFileDesc *fd, PRInt16 oflags)
++{
++ PRStatus status;
++
++ NS_ABORT_IF_FALSE(mState == SOCKS_CONNECTING_TO_PROXY,
++ "Continuing connection in wrong state!");
++
++ LOGDEBUG(("socks: continuing connection to proxy"));
++
++ status = fd->lower->methods->connectcontinue(fd->lower, oflags);
++ if (status != PR_SUCCESS) {
++ PRErrorCode c = PR_GetError();
++ if (c != PR_WOULD_BLOCK_ERROR && c != PR_IN_PROGRESS_ERROR) {
++ // A connection failure occured, try another address
++ mState = SOCKS_INITIAL;
++ return ConnectToProxy(fd);
++ }
++
++ // We're still connecting
++ return PR_FAILURE;
+ }
+
+- if ((response[0] != 0x00) && (response[0] != 0x04)) {
+- // Novell BorderManager sends a response of type 4, should be zero
+- // According to the spec. Cope with this brokenness.
+- // it's not a SOCKS 4 reply or version 0 of the reply code
+- LOGERROR(("Not a SOCKS 4 reply. Expected: 0; received: %x.", response[0]));
+- return NS_ERROR_FAILURE;
++ // Connected now, start SOCKS
++ if (mVersion == 4)
++ return WriteV4ConnectRequest();
++ return WriteV5AuthRequest();
++}
++
++PRStatus
++nsSOCKSSocketInfo::WriteV4ConnectRequest()
++{
++ PRNetAddr *addr = &mDestinationAddr;
++ PRInt32 proxy_resolve;
++
++ NS_ABORT_IF_FALSE(mState == SOCKS_CONNECTING_TO_PROXY,
++ "Invalid state!");
++
++ proxy_resolve = mFlags & nsISocketProvider::PROXY_RESOLVES_HOST;
++
++ mDataLength = 0;
++ mState = SOCKS4_WRITE_CONNECT_REQUEST;
++
++ LOGDEBUG(("socks4: sending connection request (socks4a resolve? %s)",
++ proxy_resolve? "yes" : "no"));
++
++ // Send a SOCKS 4 connect request.
++ WriteUint8(0x04); // version -- 4
++ WriteUint8(0x01); // command -- connect
++ WriteNetPort(addr);
++ if (proxy_resolve) {
++ // Add the full name, null-terminated, to the request
++ // according to SOCKS 4a. A fake IP address, with the first
++ // four bytes set to 0 and the last byte set to something other
++ // than 0, is used to notify the proxy that this is a SOCKS 4a
++ // request. This request type works for Tor and perhaps others.
++ WriteUint32(PR_htonl(0x00000001)); // Fake IP
++ WriteUint8(0x00); // Send an emtpy username
++ if (mDestinationHost.Length() > MAX_HOSTNAME_LEN) {
++ LOGERROR(("socks4: destination host name is too long!"));
++ HandshakeFinished(PR_BAD_ADDRESS_ERROR);
++ return PR_FAILURE;
++ }
++ WriteString(mDestinationHost); // Hostname
++ WriteUint8(0x00);
++ } else if (PR_NetAddrFamily(addr) == PR_AF_INET) {
++ WriteNetAddr(addr); // Add the IPv4 address
++ WriteUint8(0x00); // Send an emtpy username
++ } else if (PR_NetAddrFamily(addr) == PR_AF_INET6) {
++ LOGERROR(("socks: SOCKS 4 can't handle IPv6 addresses!"));
++ HandshakeFinished(PR_BAD_ADDRESS_ERROR);
++ return PR_FAILURE;
+ }
+
+- if (response[1] != 0x5A) { // = 90: request granted
+- // connect request not granted
+- LOGERROR(("Connection request refused. Expected: 90; received: %d.", response[1]));
+- return NS_ERROR_FAILURE;
+- }
+-
+- return NS_OK;
+-
++ return PR_SUCCESS;
+ }
+
++PRStatus
++nsSOCKSSocketInfo::ReadV4ConnectResponse()
++{
++ NS_ABORT_IF_FALSE(mState == SOCKS4_READ_CONNECT_RESPONSE,
++ "Handling SOCKS 4 connection reply in wrong state!");
++ NS_ABORT_IF_FALSE(mDataLength == 8,
++ "SOCKS 4 connection reply must be 8 bytes!");
++
++ LOGDEBUG(("socks4: checking connection reply"));
++
++ if (ReadUint8() != 0x00) {
++ LOGERROR(("socks4: wrong connection reply"));
++ HandshakeFinished(PR_CONNECT_REFUSED_ERROR);
++ return PR_FAILURE;
++ }
++
++ // See if our connection request was granted
++ if (ReadUint8() == 90) {
++ LOGDEBUG(("socks4: connection successful!"));
++ HandshakeFinished();
++ return PR_SUCCESS;
++ }
++
++ LOGERROR(("socks4: unable to connect"));
++ HandshakeFinished(PR_CONNECT_REFUSED_ERROR);
++ return PR_FAILURE;
++}
++
++PRStatus
++nsSOCKSSocketInfo::WriteV5AuthRequest()
++{
++ NS_ABORT_IF_FALSE(mVersion == 5, "SOCKS version must be 5!");
++
++ mState = SOCKS5_WRITE_AUTH_REQUEST;
++
++ // Send an initial SOCKS 5 greeting
++ LOGDEBUG(("socks5: sending auth methods"));
++ WriteUint8(0x05); // version -- 5
++ WriteUint8(0x01); // # auth methods -- 1
++ WriteUint8(0x00); // we don't support authentication
++
++ return PR_SUCCESS;
++}
++
++PRStatus
++nsSOCKSSocketInfo::ReadV5AuthResponse()
++{
++ NS_ABORT_IF_FALSE(mState == SOCKS5_READ_AUTH_RESPONSE,
++ "Handling SOCKS 5 auth method reply in wrong state!");
++ NS_ABORT_IF_FALSE(mDataLength == 2,
++ "SOCKS 5 auth method reply must be 2 bytes!");
++
++ LOGDEBUG(("socks5: checking auth method reply"));
++
++ // Check version number
++ if (ReadUint8() != 0x05) {
++ LOGERROR(("socks5: unexpected version in the reply"));
++ HandshakeFinished(PR_CONNECT_REFUSED_ERROR);
++ return PR_FAILURE;
++ }
++
++ // Make sure our authentication choice was accepted
++ if (ReadUint8() != 0x00) {
++ LOGERROR(("socks5: server did not accept our authentication method"));
++ HandshakeFinished(PR_CONNECT_REFUSED_ERROR);
++ return PR_FAILURE;
++ }
++
++ return WriteV5ConnectRequest();
++}
++
++PRStatus
++nsSOCKSSocketInfo::WriteV5ConnectRequest()
++{
++ // Send SOCKS 5 connect request
++ PRNetAddr *addr = &mDestinationAddr;
++ PRInt32 proxy_resolve;
++ proxy_resolve = mFlags & nsISocketProvider::PROXY_RESOLVES_HOST;
++
++ LOGDEBUG(("socks5: sending connection request (socks5 resolve? %s)",
++ proxy_resolve? "yes" : "no"));
++
++ mDataLength = 0;
++ mState = SOCKS5_WRITE_CONNECT_REQUEST;
++
++ WriteUint8(0x05); // version -- 5
++ WriteUint8(0x01); // command -- connect
++ WriteUint8(0x00); // reserved
++
++ // Add the address to the SOCKS 5 request. SOCKS 5 supports several
++ // address types, so we pick the one that works best for us.
++ if (proxy_resolve) {
++ // Add the host name. Only a single byte is used to store the length,
++ // so we must prevent long names from being used.
++ if (mDestinationHost.Length() > MAX_HOSTNAME_LEN) {
++ LOGERROR(("socks5: destination host name is too long!"));
++ HandshakeFinished(PR_BAD_ADDRESS_ERROR);
++ return PR_FAILURE;
++ }
++ WriteUint8(0x03); // addr type -- domainname
++ WriteUint8(mDestinationHost.Length()); // name length
++ WriteString(mDestinationHost);
++ } else if (PR_NetAddrFamily(addr) == PR_AF_INET) {
++ WriteUint8(0x01); // addr type -- IPv4
++ WriteNetAddr(addr);
++ } else if (PR_NetAddrFamily(addr) == PR_AF_INET6) {
++ WriteUint8(0x04); // addr type -- IPv6
++ WriteNetAddr(addr);
++ } else {
++ LOGERROR(("socks5: destination address of unknown type!"));
++ HandshakeFinished(PR_BAD_ADDRESS_ERROR);
++ return PR_FAILURE;
++ }
++
++ WriteNetPort(addr); // port
++
++ return PR_SUCCESS;
++}
++
++PRStatus
++nsSOCKSSocketInfo::ReadV5AddrTypeAndLength(PRUint8 *type, PRUint32 *len)
++{
++ NS_ABORT_IF_FALSE(mState == SOCKS5_READ_CONNECT_RESPONSE_TOP ||
++ mState == SOCKS5_READ_CONNECT_RESPONSE_BOTTOM,
++ "Invalid state!");
++ NS_ABORT_IF_FALSE(mDataLength >= 5,
++ "SOCKS 5 connection reply must be at least 5 bytes!");
++
++ // Seek to the address location
++ mReadOffset = 3;
++
++ *type = ReadUint8();
++
++ switch (*type) {
++ case 0x01: // ipv4
++ *len = 4 - 1;
++ break;
++ case 0x04: // ipv6
++ *len = 16 - 1;
++ break;
++ case 0x03: // fqdn
++ *len = ReadUint8();
++ break;
++ default: // wrong address type
++ LOGERROR(("socks5: wrong address type in connection reply!"));
++ return PR_FAILURE;
++ }
++
++ return PR_SUCCESS;
++}
++
++PRStatus
++nsSOCKSSocketInfo::ReadV5ConnectResponseTop()
++{
++ PRUint8 res;
++ PRUint32 len;
++
++ NS_ABORT_IF_FALSE(mState == SOCKS5_READ_CONNECT_RESPONSE_TOP,
++ "Invalid state!");
++ NS_ABORT_IF_FALSE(mDataLength == 5,
++ "SOCKS 5 connection reply must be exactly 5 bytes!");
++
++ LOGDEBUG(("socks5: checking connection reply"));
++
++ // Check version number
++ if (ReadUint8() != 0x05) {
++ LOGERROR(("socks5: unexpected version in the reply"));
++ HandshakeFinished(PR_CONNECT_REFUSED_ERROR);
++ return PR_FAILURE;
++ }
++
++ // Check response
++ res = ReadUint8();
++ if (res != 0x00) {
++ PRErrorCode c = PR_CONNECT_REFUSED_ERROR;
++
++ switch (res) {
++ case 0x01:
++ LOGERROR(("socks5: connect failed: "
++ "01, General SOCKS server failure."));
++ break;
++ case 0x02:
++ LOGERROR(("socks5: connect failed: "
++ "02, Connection not allowed by ruleset."));
++ break;
++ case 0x03:
++ LOGERROR(("socks5: connect failed: 03, Network unreachable."));
++ c = PR_NETWORK_UNREACHABLE_ERROR;
++ break;
++ case 0x04:
++ LOGERROR(("socks5: connect failed: 04, Host unreachable."));
++ break;
++ case 0x05:
++ LOGERROR(("socks5: connect failed: 05, Connection refused."));
++ break;
++ case 0x06:
++ LOGERROR(("socks5: connect failed: 06, TTL expired."));
++ c = PR_CONNECT_TIMEOUT_ERROR;
++ break;
++ case 0x07:
++ LOGERROR(("socks5: connect failed: "
++ "07, Command not supported."));
++ break;
++ case 0x08:
++ LOGERROR(("socks5: connect failed: "
++ "08, Address type not supported."));
++ c = PR_BAD_ADDRESS_ERROR;
++ break;
++ default:
++ LOGERROR(("socks5: connect failed."));
++ break;
++ }
++
++ HandshakeFinished(c);
++ return PR_FAILURE;
++ }
++
++ if (ReadV5AddrTypeAndLength(&res, &len) != PR_SUCCESS) {
++ HandshakeFinished(PR_BAD_ADDRESS_ERROR);
++ return PR_FAILURE;
++ }
++
++ mState = SOCKS5_READ_CONNECT_RESPONSE_BOTTOM;
++ WantRead(len + 2);
++
++ return PR_SUCCESS;
++}
++
++PRStatus
++nsSOCKSSocketInfo::ReadV5ConnectResponseBottom()
++{
++ PRUint8 type;
++ PRUint32 len;
++
++ NS_ABORT_IF_FALSE(mState == SOCKS5_READ_CONNECT_RESPONSE_BOTTOM,
++ "Invalid state!");
++
++ if (ReadV5AddrTypeAndLength(&type, &len) != PR_SUCCESS) {
++ HandshakeFinished(PR_BAD_ADDRESS_ERROR);
++ return PR_FAILURE;
++ }
++
++ NS_ABORT_IF_FALSE(mDataLength == 7+len,
++ "SOCKS 5 unexpected length of connection reply!");
++
++ LOGDEBUG(("socks5: loading source addr and port"));
++ // Read what the proxy says is our source address
++ switch (type) {
++ case 0x01: // ipv4
++ ReadNetAddr(&mExternalProxyAddr, PR_AF_INET);
++ break;
++ case 0x04: // ipv6
++ ReadNetAddr(&mExternalProxyAddr, PR_AF_INET6);
++ break;
++ case 0x03: // fqdn (skip)
++ mReadOffset += len;
++ mExternalProxyAddr.raw.family = PR_AF_INET;
++ break;
++ }
++
++ ReadNetPort(&mExternalProxyAddr);
++
++ LOGDEBUG(("socks5: connected!"));
++ HandshakeFinished();
++
++ return PR_SUCCESS;
++}
++
++void
++nsSOCKSSocketInfo::SetConnectTimeout(PRIntervalTime to)
++{
++ mTimeout = to;
++}
++
++PRStatus
++nsSOCKSSocketInfo::DoHandshake(PRFileDesc *fd, PRInt16 oflags)
++{
++ LOGDEBUG(("socks: DoHandshake(), state = %d", mState));
++
++ switch (mState) {
++ case SOCKS_INITIAL:
++ return ConnectToProxy(fd);
++ case SOCKS_CONNECTING_TO_PROXY:
++ return ContinueConnectingToProxy(fd, oflags);
++ case SOCKS4_WRITE_CONNECT_REQUEST:
++ if (WriteToSocket(fd) != PR_SUCCESS)
++ return PR_FAILURE;
++ WantRead(8);
++ mState = SOCKS4_READ_CONNECT_RESPONSE;
++ return PR_SUCCESS;
++ case SOCKS4_READ_CONNECT_RESPONSE:
++ if (ReadFromSocket(fd) != PR_SUCCESS)
++ return PR_FAILURE;
++ return ReadV4ConnectResponse();
++
++ case SOCKS5_WRITE_AUTH_REQUEST:
++ if (WriteToSocket(fd) != PR_SUCCESS)
++ return PR_FAILURE;
++ WantRead(2);
++ mState = SOCKS5_READ_AUTH_RESPONSE;
++ return PR_SUCCESS;
++ case SOCKS5_READ_AUTH_RESPONSE:
++ if (ReadFromSocket(fd) != PR_SUCCESS)
++ return PR_FAILURE;
++ return ReadV5AuthResponse();
++ case SOCKS5_WRITE_CONNECT_REQUEST:
++ if (WriteToSocket(fd) != PR_SUCCESS)
++ return PR_FAILURE;
++
++ // The SOCKS 5 response to the connection request is variable
++ // length. First, we'll read enough to tell how long the response
++ // is, and will read the rest later.
++ WantRead(5);
++ mState = SOCKS5_READ_CONNECT_RESPONSE_TOP;
++ return PR_SUCCESS;
++ case SOCKS5_READ_CONNECT_RESPONSE_TOP:
++ if (ReadFromSocket(fd) != PR_SUCCESS)
++ return PR_FAILURE;
++ return ReadV5ConnectResponseTop();
++ case SOCKS5_READ_CONNECT_RESPONSE_BOTTOM:
++ if (ReadFromSocket(fd) != PR_SUCCESS)
++ return PR_FAILURE;
++ return ReadV5ConnectResponseBottom();
++
++ case SOCKS_CONNECTED:
++ LOGERROR(("socks: already connected"));
++ HandshakeFinished(PR_IS_CONNECTED_ERROR);
++ return PR_FAILURE;
++ case SOCKS_FAILED:
++ LOGERROR(("socks: already failed"));
++ return PR_FAILURE;
++ }
++
++ LOGERROR(("socks: executing handshake in invalid state, %d", mState));
++ HandshakeFinished(PR_INVALID_STATE_ERROR);
++
++ return PR_FAILURE;
++}
++
++PRInt16
++nsSOCKSSocketInfo::GetPollFlags() const
++{
++ switch (mState) {
++ case SOCKS_CONNECTING_TO_PROXY:
++ return PR_POLL_EXCEPT | PR_POLL_WRITE;
++ case SOCKS4_WRITE_CONNECT_REQUEST:
++ case SOCKS5_WRITE_AUTH_REQUEST:
++ case SOCKS5_WRITE_CONNECT_REQUEST:
++ return PR_POLL_WRITE;
++ case SOCKS4_READ_CONNECT_RESPONSE:
++ case SOCKS5_READ_AUTH_RESPONSE:
++ case SOCKS5_READ_CONNECT_RESPONSE_TOP:
++ case SOCKS5_READ_CONNECT_RESPONSE_BOTTOM:
++ return PR_POLL_READ;
++ default:
++ break;
++ }
++
++ return 0;
++}
++
++inline void
++nsSOCKSSocketInfo::WriteUint8(PRUint8 v)
++{
++ NS_ABORT_IF_FALSE(mDataLength + sizeof(v) <= BUFFER_SIZE,
++ "Can't write that much data!");
++ mData[mDataLength] = v;
++ mDataLength += sizeof(v);
++}
++
++inline void
++nsSOCKSSocketInfo::WriteUint16(PRUint16 v)
++{
++ NS_ABORT_IF_FALSE(mDataLength + sizeof(v) <= BUFFER_SIZE,
++ "Can't write that much data!");
++ memcpy(mData + mDataLength, &v, sizeof(v));
++ mDataLength += sizeof(v);
++}
++
++inline void
++nsSOCKSSocketInfo::WriteUint32(PRUint32 v)
++{
++ NS_ABORT_IF_FALSE(mDataLength + sizeof(v) <= BUFFER_SIZE,
++ "Can't write that much data!");
++ memcpy(mData + mDataLength, &v, sizeof(v));
++ mDataLength += sizeof(v);
++}
++
++void
++nsSOCKSSocketInfo::WriteNetAddr(const PRNetAddr *addr)
++{
++ const char *ip = NULL;
++ PRUint32 len = 0;
++
++ if (PR_NetAddrFamily(addr) == PR_AF_INET) {
++ ip = (const char*)&addr->inet.ip;
++ len = sizeof(addr->inet.ip);
++ } else if (PR_NetAddrFamily(addr) == PR_AF_INET6) {
++ ip = (const char*)addr->ipv6.ip.pr_s6_addr;
++ len = sizeof(addr->ipv6.ip.pr_s6_addr);
++ }
++
++ NS_ABORT_IF_FALSE(ip != NULL, "Unknown address");
++ NS_ABORT_IF_FALSE(mDataLength + len <= BUFFER_SIZE,
++ "Can't write that much data!");
++
++ memcpy(mData + mDataLength, ip, len);
++ mDataLength += len;
++}
++
++void
++nsSOCKSSocketInfo::WriteNetPort(const PRNetAddr *addr)
++{
++ WriteUint16(PR_NetAddrInetPort(addr));
++}
++
++void
++nsSOCKSSocketInfo::WriteString(const nsACString &str)
++{
++ NS_ABORT_IF_FALSE(mDataLength + str.Length() <= BUFFER_SIZE,
++ "Can't write that much data!");
++ memcpy(mData + mDataLength, str.Data(), str.Length());
++ mDataLength += str.Length();
++}
++
++inline PRUint8
++nsSOCKSSocketInfo::ReadUint8()
++{
++ PRUint8 rv;
++ NS_ABORT_IF_FALSE(mReadOffset + sizeof(rv) <= mDataLength,
++ "Not enough space to pop a uint8!");
++ rv = mData[mReadOffset];
++ mReadOffset += sizeof(rv);
++ return rv;
++}
++
++inline PRUint16
++nsSOCKSSocketInfo::ReadUint16()
++{
++ PRUint16 rv;
++ NS_ABORT_IF_FALSE(mReadOffset + sizeof(rv) <= mDataLength,
++ "Not enough space to pop a uint16!");
++ memcpy(&rv, mData + mReadOffset, sizeof(rv));
++ mReadOffset += sizeof(rv);
++ return rv;
++}
++
++inline PRUint32
++nsSOCKSSocketInfo::ReadUint32()
++{
++ PRUint32 rv;
++ NS_ABORT_IF_FALSE(mReadOffset + sizeof(rv) <= mDataLength,
++ "Not enough space to pop a uint32!");
++ memcpy(&rv, mData + mReadOffset, sizeof(rv));
++ mReadOffset += sizeof(rv);
++ return rv;
++}
++
++void
++nsSOCKSSocketInfo::ReadNetAddr(PRNetAddr *addr, PRUint16 fam)
++{
++ PRUint32 amt;
++ const PRUint8 *ip = mData + mReadOffset;
++
++ addr->raw.family = fam;
++ if (fam == PR_AF_INET) {
++ amt = sizeof(addr->inet.ip);
++ NS_ABORT_IF_FALSE(mReadOffset + amt <= mDataLength,
++ "Not enough space to pop an ipv4 addr!");
++ memcpy(&addr->inet.ip, ip, amt);
++ } else if (fam == PR_AF_INET6) {
++ amt = sizeof(addr->ipv6.ip.pr_s6_addr);
++ NS_ABORT_IF_FALSE(mReadOffset + amt <= mDataLength,
++ "Not enough space to pop an ipv6 addr!");
++ memcpy(addr->ipv6.ip.pr_s6_addr, ip, amt);
++ }
++
++ mReadOffset += amt;
++}
++
++void
++nsSOCKSSocketInfo::ReadNetPort(PRNetAddr *addr)
++{
++ addr->inet.port = ReadUint16();
++}
++
++void
++nsSOCKSSocketInfo::WantRead(PRUint32 sz)
++{
++ NS_ABORT_IF_FALSE(mDataIoPtr == NULL,
++ "WantRead() called while I/O already in progress!");
++ NS_ABORT_IF_FALSE(mDataLength + sz <= BUFFER_SIZE,
++ "Can't read that much data!");
++ mAmountToRead = sz;
++}
++
++PRStatus
++nsSOCKSSocketInfo::ReadFromSocket(PRFileDesc *fd)
++{
++ PRInt32 rc;
++ const PRUint8 *end;
++
++ if (!mAmountToRead) {
++ LOGDEBUG(("socks: ReadFromSocket(), nothing to do"));
++ return PR_SUCCESS;
++ }
++
++ if (!mDataIoPtr) {
++ mDataIoPtr = mData + mDataLength;
++ mDataLength += mAmountToRead;
++ }
++
++ end = mData + mDataLength;
++
++ while (mDataIoPtr < end) {
++ rc = PR_Read(fd, mDataIoPtr, end - mDataIoPtr);
++ if (rc <= 0) {
++ if (rc == 0) {
++ LOGERROR(("socks: proxy server closed connection"));
++ HandshakeFinished(PR_CONNECT_REFUSED_ERROR);
++ return PR_FAILURE;
++ } else if (PR_GetError() == PR_WOULD_BLOCK_ERROR) {
++ LOGDEBUG(("socks: ReadFromSocket(), want read"));
++ }
++ break;
++ }
++
++ mDataIoPtr += rc;
++ }
++
++ LOGDEBUG(("socks: ReadFromSocket(), have %u bytes total",
++ unsigned(mDataIoPtr - mData)));
++ if (mDataIoPtr == end) {
++ mDataIoPtr = nsnull;
++ mAmountToRead = 0;
++ mReadOffset = 0;
++ return PR_SUCCESS;
++ }
++
++ return PR_FAILURE;
++}
++
++PRStatus
++nsSOCKSSocketInfo::WriteToSocket(PRFileDesc *fd)
++{
++ PRInt32 rc;
++ const PRUint8 *end;
++
++ if (!mDataLength) {
++ LOGDEBUG(("socks: WriteToSocket(), nothing to do"));
++ return PR_SUCCESS;
++ }
++
++ if (!mDataIoPtr)
++ mDataIoPtr = mData;
++
++ end = mData + mDataLength;
++
++ while (mDataIoPtr < end) {
++ rc = PR_Write(fd, mDataIoPtr, end - mDataIoPtr);
++ if (rc < 0) {
++ if (PR_GetError() == PR_WOULD_BLOCK_ERROR) {
++ LOGDEBUG(("socks: WriteToSocket(), want write"));
++ }
++ break;
++ }
++
++ mDataIoPtr += rc;
++ }
++
++ if (mDataIoPtr == end) {
++ mDataIoPtr = nsnull;
++ mDataLength = 0;
++ mReadOffset = 0;
++ return PR_SUCCESS;
++ }
++
++ return PR_FAILURE;
++}
+
+ static PRStatus
+-nsSOCKSIOLayerConnect(PRFileDesc *fd, const PRNetAddr *addr, PRIntervalTime /*timeout*/)
++nsSOCKSIOLayerConnect(PRFileDesc *fd, const PRNetAddr *addr, PRIntervalTime to)
+ {
++ PRStatus status;
++ PRNetAddr dst;
+
++ nsSOCKSSocketInfo * info = (nsSOCKSSocketInfo*) fd->secret;
++ if (info == NULL) return PR_FAILURE;
++
++ if (PR_NetAddrFamily(addr) == PR_AF_INET6 &&
++ PR_IsNetAddrType(addr, PR_IpAddrV4Mapped)) {
++ const PRUint8 *srcp;
++
++ LOGDEBUG(("socks: converting ipv4-mapped ipv6 address to ipv4"));
++
++ // copied from _PR_ConvertToIpv4NetAddr()
++ PR_InitializeNetAddr(PR_IpAddrAny, 0, &dst);
++ srcp = addr->ipv6.ip.pr_s6_addr;
++ memcpy(&dst.inet.ip, srcp + 12, 4);
++ dst.inet.family = PR_AF_INET;
++ dst.inet.port = addr->ipv6.port;
++ } else {
++ memcpy(&dst, addr, sizeof(dst));
++ }
++
++ info->SetDestinationAddr(&dst);
++ info->SetConnectTimeout(to);
++
++ do {
++ status = info->DoHandshake(fd, -1);
++ } while (status == PR_SUCCESS && !info->IsConnected());
++
++ return status;
++}
++
++static PRStatus
++nsSOCKSIOLayerConnectContinue(PRFileDesc *fd, PRInt16 oflags)
++{
+ PRStatus status;
+
+ nsSOCKSSocketInfo * info = (nsSOCKSSocketInfo*) fd->secret;
+ if (info == NULL) return PR_FAILURE;
+
+- // First, we need to look up our proxy...
+- const nsCString &proxyHost = info->ProxyHost();
++ do {
++ status = info->DoHandshake(fd, oflags);
++ } while (status == PR_SUCCESS && !info->IsConnected());
+
+- if (proxyHost.IsEmpty())
+- return PR_FAILURE;
++ return status;
++}
+
+- PRInt32 socksVersion = info->Version();
++static PRInt16
++nsSOCKSIOLayerPoll(PRFileDesc *fd, PRInt16 in_flags, PRInt16 *out_flags)
++{
++ nsSOCKSSocketInfo * info = (nsSOCKSSocketInfo*) fd->secret;
++ if (info == NULL) return PR_FAILURE;
+
+- LOGDEBUG(("nsSOCKSIOLayerConnect SOCKS %u; proxyHost: %s.", socksVersion, proxyHost.get()));
+-
+- // Sync resolve the proxy hostname.
+- PRNetAddr proxyAddr;
+- nsCOMPtr<nsIDNSRecord> rec;
+- nsresult rv;
+- {
+- nsCOMPtr<nsIDNSService> dns = do_GetService(NS_DNSSERVICE_CONTRACTID);
+- if (!dns)
+- return PR_FAILURE;
+-
+- rv = dns->Resolve(proxyHost, 0, getter_AddRefs(rec));
+- if (NS_FAILED(rv))
+- return PR_FAILURE;
++ if (!info->IsConnected()) {
++ *out_flags = 0;
++ return info->GetPollFlags();
+ }
+
+- info->SetInternalProxyAddr(&proxyAddr);
+-
+- // For now, we'll do this as a blocking connect,
+- // but with nspr 4.1, the necessary functions to
+- // do a non-blocking connect will be available
+-
+- // Preserve the non-blocking state of the socket
+- PRBool nonblocking;
+- PRSocketOptionData sockopt;
+- sockopt.option = PR_SockOpt_Nonblocking;
+- status = PR_GetSocketOption(fd, &sockopt);
+-
+- if (PR_SUCCESS != status) {
+- LOGERROR(("PR_GetSocketOption() failed. status = %x.", status));
+- return status;
+- }
+-
+- // Store blocking option
+- nonblocking = sockopt.value.non_blocking;
+-
+- sockopt.option = PR_SockOpt_Nonblocking;
+- sockopt.value.non_blocking = PR_FALSE;
+- status = PR_SetSocketOption(fd, &sockopt);
+-
+- if (PR_SUCCESS != status) {
+- LOGERROR(("PR_SetSocketOption() failed. status = %x.", status));
+- return status;
+- }
+-
+- // Now setup sockopts, so we can restore the value later.
+- sockopt.option = PR_SockOpt_Nonblocking;
+- sockopt.value.non_blocking = nonblocking;
+-
+- // This connectWait should be long enough to connect to local proxy
+- // servers, but not much longer. Since this protocol negotiation
+- // uses blocking network calls, the app can appear to hang for a maximum
+- // of this time if the user presses the STOP button during the SOCKS
+- // connection negotiation. Note that this value only applies to the
+- // connecting to the SOCKS server: once the SOCKS connection has been
+- // established, the value is not used anywhere else.
+- PRIntervalTime connectWait = PR_SecondsToInterval(10);
+-
+- // Connect to the proxy server.
+- PRInt32 addresses = 0;
+- do {
+- rv = rec->GetNextAddr(info->ProxyPort(), &proxyAddr);
+- if (NS_FAILED(rv)) {
+- status = PR_FAILURE;
+- break;
+- }
+- ++addresses;
+- status = fd->lower->methods->connect(fd->lower, &proxyAddr, connectWait);
+- } while (PR_SUCCESS != status);
+-
+- if (PR_SUCCESS != status) {
+- LOGERROR(("Failed to TCP connect to the proxy server (%s): timeout = %d, status = %x, tried %d addresses.", proxyHost.get(), connectWait, status, addresses));
+- PR_SetSocketOption(fd, &sockopt);
+- return status;
+- }
+-
+-
+- // We are now connected to the SOCKS proxy server.
+- // Now we will negotiate a connection to the desired server.
+-
+- // External IP address returned from ConnectSOCKS5(). Not supported in SOCKS4.
+- PRNetAddr extAddr;
+- PR_InitializeNetAddr(PR_IpAddrNull, 0, &extAddr);
+-
+- NS_ASSERTION((socksVersion == 4) || (socksVersion == 5), "SOCKS Version must be selected");
+-
+- // Try to connect via SOCKS 5.
+- if (socksVersion == 5) {
+- rv = ConnectSOCKS5(fd, addr, &extAddr, connectWait);
+-
+- if (NS_FAILED(rv)) {
+- PR_SetSocketOption(fd, &sockopt);
+- return PR_FAILURE;
+- }
+-
+- }
+-
+- // Try to connect via SOCKS 4.
+- else {
+- rv = ConnectSOCKS4(fd, addr, connectWait);
+-
+- if (NS_FAILED(rv)) {
+- PR_SetSocketOption(fd, &sockopt);
+- return PR_FAILURE;
+- }
+-
+- }
+-
+-
+- info->SetDestinationAddr((PRNetAddr*)addr);
+- info->SetExternalProxyAddr(&extAddr);
+-
+- // restore non-blocking option
+- PR_SetSocketOption(fd, &sockopt);
+-
+- // we're set-up and connected.
+- // this socket can be used as normal now.
+-
+- return PR_SUCCESS;
++ return fd->lower->methods->poll(fd->lower, in_flags, out_flags);
+ }
+
+ static PRStatus
+ nsSOCKSIOLayerClose(PRFileDesc *fd)
+ {
+ nsSOCKSSocketInfo * info = (nsSOCKSSocketInfo*) fd->secret;
+ PRDescIdentity id = PR_GetLayersIdentity(fd);
+
+@@ -880,16 +1115,18 @@ nsSOCKSIOLayerAddToSocket(PRInt32 family
+
+
+ if (firstTime)
+ {
+ nsSOCKSIOLayerIdentity = PR_GetUniqueIdentity("SOCKS layer");
+ nsSOCKSIOLayerMethods = *PR_GetDefaultIOMethods();
+
+ nsSOCKSIOLayerMethods.connect = nsSOCKSIOLayerConnect;
++ nsSOCKSIOLayerMethods.connectcontinue = nsSOCKSIOLayerConnectContinue;
++ nsSOCKSIOLayerMethods.poll = nsSOCKSIOLayerPoll;
+ nsSOCKSIOLayerMethods.bind = nsSOCKSIOLayerBind;
+ nsSOCKSIOLayerMethods.acceptread = nsSOCKSIOLayerAcceptRead;
+ nsSOCKSIOLayerMethods.getsockname = nsSOCKSIOLayerGetName;
+ nsSOCKSIOLayerMethods.getpeername = nsSOCKSIOLayerGetPeerName;
+ nsSOCKSIOLayerMethods.accept = nsSOCKSIOLayerAccept;
+ nsSOCKSIOLayerMethods.listen = nsSOCKSIOLayerListen;
+ nsSOCKSIOLayerMethods.close = nsSOCKSIOLayerClose;
+
1
0
[torbrowser/master] update the 4.0 prefs so that they actually show the toggle buttons, and remove all of the https-everywhere rules
by erinn@torproject.org 23 Oct '11
by erinn@torproject.org 23 Oct '11
23 Oct '11
commit 48cb945f7f180baad7f536405d4a0cf3ddfa3714
Author: Erinn Clark <erinn(a)torproject.org>
Date: Tue Mar 29 23:53:27 2011 +0200
update the 4.0 prefs so that they actually show the toggle buttons, and remove all of the https-everywhere rules
---
build-scripts/config/no-polipo-4.0.js | 590 ---------------------------------
1 files changed, 0 insertions(+), 590 deletions(-)
diff --git a/build-scripts/config/no-polipo-4.0.js b/build-scripts/config/no-polipo-4.0.js
index 636a30f..086d602 100644
--- a/build-scripts/config/no-polipo-4.0.js
+++ b/build-scripts/config/no-polipo-4.0.js
@@ -66,598 +66,9 @@ user_pref("extensions.databaseSchema", 3);
user_pref("extensions.enabledAddons", "https-everywhere@eff.org:0.9.9.development.4,{73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.9.9,{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.49,{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}:1.3.2-alpha,{972ce4c6-7e08-4474-a285-3208198ce6fd}:4.0");
user_pref("extensions.enabledItems", "langpack-en-US@firefox.mozilla.org:,{73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.9.57,{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}:1.2.4,{972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.8");
user_pref("extensions.enabledScopes", 5);
-user_pref("extensions.https_everywhere.123-Reg", true);
-user_pref("extensions.https_everywhere.2o7.net", true);
-user_pref("extensions.https_everywhere.33Bits", false);
-user_pref("extensions.https_everywhere.38.de", true);
-user_pref("extensions.https_everywhere.3min", true);
-user_pref("extensions.https_everywhere.4sevens", true);
-user_pref("extensions.https_everywhere.7chan", true);
-user_pref("extensions.https_everywhere.99.se", true);
-user_pref("extensions.https_everywhere.ABN AMRO Bank", true);
-user_pref("extensions.https_everywhere.AJC.com", true);
-user_pref("extensions.https_everywhere.AK-Vorrat", true);
-user_pref("extensions.https_everywhere.ANZ", true);
-user_pref("extensions.https_everywhere.ATBank", true);
-user_pref("extensions.https_everywhere.AboutMe", true);
-user_pref("extensions.https_everywhere.AccessNow.org", true);
-user_pref("extensions.https_everywhere.Accessibility.nl", true);
-user_pref("extensions.https_everywhere.AdaFruit", true);
-user_pref("extensions.https_everywhere.AdblockPlus", true);
-user_pref("extensions.https_everywhere.Adbrite", true);
-user_pref("extensions.https_everywhere.AddThis", true);
-user_pref("extensions.https_everywhere.Adobe", true);
-user_pref("extensions.https_everywhere.Aftenposten", true);
-user_pref("extensions.https_everywhere.AirshipVentures", true);
-user_pref("extensions.https_everywhere.Airtricity", true);
-user_pref("extensions.https_everywhere.Aldi - Germany", true);
-user_pref("extensions.https_everywhere.AliceDSL", true);
-user_pref("extensions.https_everywhere.All-inkl.com", true);
-user_pref("extensions.https_everywhere.Allegro", false);
-user_pref("extensions.https_everywhere.Amazon (buggy)", false);
-user_pref("extensions.https_everywhere.Amazon S3", true);
-user_pref("extensions.https_everywhere.American Airlines", true);
-user_pref("extensions.https_everywhere.AmericanExpress", true);
-user_pref("extensions.https_everywhere.Amnesty-International", true);
-user_pref("extensions.https_everywhere.An Post", true);
-user_pref("extensions.https_everywhere.Android", true);
-user_pref("extensions.https_everywhere.Ansa.it", true);
-user_pref("extensions.https_everywhere.Apache", true);
-user_pref("extensions.https_everywhere.Apoteket.se", true);
-user_pref("extensions.https_everywhere.Apple.com (partial)", true);
-user_pref("extensions.https_everywhere.Arch Linux", true);
-user_pref("extensions.https_everywhere.Argos", true);
-user_pref("extensions.https_everywhere.Arlanda.se", true);
-user_pref("extensions.https_everywhere.Assembla", true);
-user_pref("extensions.https_everywhere.Asterisk", true);
-user_pref("extensions.https_everywhere.Atlassian", true);
-user_pref("extensions.https_everywhere.Audible.de", true);
-user_pref("extensions.https_everywhere.Autistici/Inventati", true);
-user_pref("extensions.https_everywhere.Avira", true);
-user_pref("extensions.https_everywhere.BT", true);
-user_pref("extensions.https_everywhere.BTunnel", true);
-user_pref("extensions.https_everywhere.Backupify", true);
-user_pref("extensions.https_everywhere.Badoo.com", false);
-user_pref("extensions.https_everywhere.Bahn.de", true);
-user_pref("extensions.https_everywhere.Balatarin", true);
-user_pref("extensions.https_everywhere.BankOfNewZeland", true);
-user_pref("extensions.https_everywhere.Barclays", true);
-user_pref("extensions.https_everywhere.BerliOS", false);
-user_pref("extensions.https_everywhere.Berlin.de", true);
-user_pref("extensions.https_everywhere.BinRev", true);
-user_pref("extensions.https_everywhere.BinSearch", true);
-user_pref("extensions.https_everywhere.Binero.se", true);
-user_pref("extensions.https_everywhere.BitBucket", true);
-user_pref("extensions.https_everywhere.Black Night", true);
-user_pref("extensions.https_everywhere.BlackHat", true);
-user_pref("extensions.https_everywhere.BlameStella", true);
-user_pref("extensions.https_everywhere.Blekko", true);
-user_pref("extensions.https_everywhere.BlockBuster", true);
-user_pref("extensions.https_everywhere.Blocket.se", true);
-user_pref("extensions.https_everywhere.Bloglines", true);
-user_pref("extensions.https_everywhere.BlueHost", true);
-user_pref("extensions.https_everywhere.Boards.ie", true);
-user_pref("extensions.https_everywhere.BofA", true);
-user_pref("extensions.https_everywhere.Bokelskere", true);
-user_pref("extensions.https_everywhere.Boltbus.com", true);
-user_pref("extensions.https_everywhere.BookMyName", true);
-user_pref("extensions.https_everywhere.Booklog.jp", true);
-user_pref("extensions.https_everywhere.Bookworm", true);
-user_pref("extensions.https_everywhere.Bothar", true);
-user_pref("extensions.https_everywhere.BoxUK", true);
-user_pref("extensions.https_everywhere.Boxee.tv", true);
-user_pref("extensions.https_everywhere.Brainbench", true);
-user_pref("extensions.https_everywhere.Braunschweig", true);
-user_pref("extensions.https_everywhere.BritishAirways", true);
-user_pref("extensions.https_everywhere.Broadband Reports", true);
-user_pref("extensions.https_everywhere.BrowserShots", true);
-user_pref("extensions.https_everywhere.Buckyballs", true);
-user_pref("extensions.https_everywhere.BufferedIO", false);
-user_pref("extensions.https_everywhere.BulkSMS", true);
-user_pref("extensions.https_everywhere.Bungie", true);
-user_pref("extensions.https_everywhere.C-Base", true);
-user_pref("extensions.https_everywhere.CACert.org", false);
-user_pref("extensions.https_everywhere.CDT", true);
-user_pref("extensions.https_everywhere.CJ", true);
-user_pref("extensions.https_everywhere.CPJ", true);
-user_pref("extensions.https_everywhere.CPSC.gov", true);
-user_pref("extensions.https_everywhere.CTunnel", true);
-user_pref("extensions.https_everywhere.CaceTech", true);
-user_pref("extensions.https_everywhere.Canv.as", true);
-user_pref("extensions.https_everywhere.Cdon.se", true);
-user_pref("extensions.https_everywhere.Centos", true);
-user_pref("extensions.https_everywhere.Cert", true);
-user_pref("extensions.https_everywhere.Check Point", true);
-user_pref("extensions.https_everywhere.ChillingEffects", true);
-user_pref("extensions.https_everywhere.Chronicle", true);
-user_pref("extensions.https_everywhere.Cisco", false);
-user_pref("extensions.https_everywhere.CiteULike", true);
-user_pref("extensions.https_everywhere.CitizensInformation", true);
-user_pref("extensions.https_everywhere.Cloudflare", true);
-user_pref("extensions.https_everywhere.Cloudfront", true);
-user_pref("extensions.https_everywhere.Codeplex", true);
-user_pref("extensions.https_everywhere.CommonDreams", true);
-user_pref("extensions.https_everywhere.CommuniGate", true);
-user_pref("extensions.https_everywhere.Comodo (Partial)", true);
-user_pref("extensions.https_everywhere.Comparis.ch", true);
-user_pref("extensions.https_everywhere.ComputerWorld", true);
-user_pref("extensions.https_everywhere.Continental", true);
-user_pref("extensions.https_everywhere.Coop.ch", true);
-user_pref("extensions.https_everywhere.Couchsurfing", true);
-user_pref("extensions.https_everywhere.Creative Commons", true);
-user_pref("extensions.https_everywhere.Cultura Sparebank", true);
-user_pref("extensions.https_everywhere.D.S.V. Sint Jansbrug", true);
-user_pref("extensions.https_everywhere.DALnet", true);
-user_pref("extensions.https_everywhere.DTunnel", true);
-user_pref("extensions.https_everywhere.DVDFab", true);
-user_pref("extensions.https_everywhere.DaLinuxFrenchPage", true);
-user_pref("extensions.https_everywhere.Daft.ie", false);
-user_pref("extensions.https_everywhere.Daily", true);
-user_pref("extensions.https_everywhere.Datatilsynet", true);
-user_pref("extensions.https_everywhere.Deal Extreme", true);
-user_pref("extensions.https_everywhere.DebianLists", false);
-user_pref("extensions.https_everywhere.DemocracyNow", true);
-user_pref("extensions.https_everywhere.Demonoid", true);
-user_pref("extensions.https_everywhere.DepositProtection", true);
-user_pref("extensions.https_everywhere.Der Freitag", true);
-user_pref("extensions.https_everywhere.Deviantart", true);
-user_pref("extensions.https_everywhere.Die-Linke.de", true);
-user_pref("extensions.https_everywhere.Digitec.ch", true);
-user_pref("extensions.https_everywhere.Diskusjon", true);
-user_pref("extensions.https_everywhere.Ditt Distrikt", true);
-user_pref("extensions.https_everywhere.DnB Nor", true);
-user_pref("extensions.https_everywhere.DocumentCloud", true);
-user_pref("extensions.https_everywhere.Dotster", true);
-user_pref("extensions.https_everywhere.Dreamwidth", false);
-user_pref("extensions.https_everywhere.DropDav", true);
-user_pref("extensions.https_everywhere.Dropbox", true);
-user_pref("extensions.https_everywhere.Drupal", true);
-user_pref("extensions.https_everywhere.DuckDuckGo", true);
-user_pref("extensions.https_everywhere.EFF", true);
-user_pref("extensions.https_everywhere.EPA (.ie)", true);
-user_pref("extensions.https_everywhere.EPEAT", true);
-user_pref("extensions.https_everywhere.ESB.ie", true);
-user_pref("extensions.https_everywhere.ESISS", true);
-user_pref("extensions.https_everywhere.EZTV", true);
-user_pref("extensions.https_everywhere.EasyNews", true);
-user_pref("extensions.https_everywhere.Economist", true);
-user_pref("extensions.https_everywhere.EdUbuntu", true);
-user_pref("extensions.https_everywhere.Egg", true);
-user_pref("extensions.https_everywhere.Elgiganten.se", true);
-user_pref("extensions.https_everywhere.EnergyStar", true);
-user_pref("extensions.https_everywhere.Eniro.se", true);
-user_pref("extensions.https_everywhere.Enom", true);
-user_pref("extensions.https_everywhere.Epson.com (partial)", true);
-user_pref("extensions.https_everywhere.Erowid", true);
-user_pref("extensions.https_everywhere.Eventbrite", true);
-user_pref("extensions.https_everywhere.Evernote", true);
-user_pref("extensions.https_everywhere.EzineArticles", true);
-user_pref("extensions.https_everywhere.FAZ", true);
-user_pref("extensions.https_everywhere.FFMPEG", false);
-user_pref("extensions.https_everywhere.Facebook", true);
-user_pref("extensions.https_everywhere.Facebook+ (may break apps)", false);
-user_pref("extensions.https_everywhere.Fanboy", true);
-user_pref("extensions.https_everywhere.Farmaciforbundet.se", true);
-user_pref("extensions.https_everywhere.Fass.se", true);
-user_pref("extensions.https_everywhere.Fastmail", true);
-user_pref("extensions.https_everywhere.Fedora Project", true);
-user_pref("extensions.https_everywhere.FeedMyInbox", true);
-user_pref("extensions.https_everywhere.Fefe", true);
-user_pref("extensions.https_everywhere.Feide", true);
-user_pref("extensions.https_everywhere.Fianna Fail", true);
-user_pref("extensions.https_everywhere.Finn", true);
-user_pref("extensions.https_everywhere.FiveTV", true);
-user_pref("extensions.https_everywhere.Flattr", true);
-user_pref("extensions.https_everywhere.FluxBB.org", true);
-user_pref("extensions.https_everywhere.Fokus Bank", true);
-user_pref("extensions.https_everywhere.Foris Wine", true);
-user_pref("extensions.https_everywhere.Forsvarsforbundet.se", true);
-user_pref("extensions.https_everywhere.FreeDNS.Afraid.org", true);
-user_pref("extensions.https_everywhere.Freedombox Foundation", true);
-user_pref("extensions.https_everywhere.Freelancer", true);
-user_pref("extensions.https_everywhere.Freenet", true);
-user_pref("extensions.https_everywhere.Fridge", true);
-user_pref("extensions.https_everywhere.Friendfeed", true);
-user_pref("extensions.https_everywhere.Frontline Defenders", true);
-user_pref("extensions.https_everywhere.FusionIO", true);
-user_pref("extensions.https_everywhere.GMX", true);
-user_pref("extensions.https_everywhere.GNOME", true);
-user_pref("extensions.https_everywhere.Gandi", true);
-user_pref("extensions.https_everywhere.Gentoo", true);
-user_pref("extensions.https_everywhere.GetClicky", true);
-user_pref("extensions.https_everywhere.GetFirebug", true);
-user_pref("extensions.https_everywhere.GetPersonas.com", true);
-user_pref("extensions.https_everywhere.GiBlod.no", true);
-user_pref("extensions.https_everywhere.GitHub", true);
-user_pref("extensions.https_everywhere.GoDaddy", true);
-user_pref("extensions.https_everywhere.Google APIs", true);
-user_pref("extensions.https_everywhere.Google Search", true);
-user_pref("extensions.https_everywhere.GoogleServices", true);
-user_pref("extensions.https_everywhere.Governo Português", true);
-user_pref("extensions.https_everywhere.Gravatar", true);
-user_pref("extensions.https_everywhere.Grepular", true);
-user_pref("extensions.https_everywhere.Groupon", true);
-user_pref("extensions.https_everywhere.Groupon.se", true);
-user_pref("extensions.https_everywhere.Gsfacket.se", true);
-user_pref("extensions.https_everywhere.Guardian Project", true);
-user_pref("extensions.https_everywhere.Guifi.net", false);
-user_pref("extensions.https_everywhere.Gulesider", true);
-user_pref("extensions.https_everywhere.HD.se", true);
-user_pref("extensions.https_everywhere.HMV", true);
-user_pref("extensions.https_everywhere.HSBC", true);
-user_pref("extensions.https_everywhere.HTC", true);
-user_pref("extensions.https_everywhere.Heroku", true);
-user_pref("extensions.https_everywhere.Hexagon", true);
-user_pref("extensions.https_everywhere.Homebase", true);
-user_pref("extensions.https_everywhere.Hosts", true);
-user_pref("extensions.https_everywhere.Hotfile", true);
-user_pref("extensions.https_everywhere.Hotmail / Live", true);
-user_pref("extensions.https_everywhere.Hungerhost", true);
-user_pref("extensions.https_everywhere.HurricaneElectric", true);
-user_pref("extensions.https_everywhere.Hushmail", true);
-user_pref("extensions.https_everywhere.Hustler", true);
-user_pref("extensions.https_everywhere.Hypovereinsbank", true);
-user_pref("extensions.https_everywhere.I2P", false);
-user_pref("extensions.https_everywhere.IBM", true);
-user_pref("extensions.https_everywhere.ICA.se", true);
-user_pref("extensions.https_everywhere.ICMail", true);
-user_pref("extensions.https_everywhere.IDG.se", true);
-user_pref("extensions.https_everywhere.IEEE", true);
-user_pref("extensions.https_everywhere.IETF", true);
-user_pref("extensions.https_everywhere.IFA.ch", true);
-user_pref("extensions.https_everywhere.IIS.se", true);
-user_pref("extensions.https_everywhere.ISC", true);
-user_pref("extensions.https_everywhere.ISIS", true);
-user_pref("extensions.https_everywhere.IceHeberg", true);
-user_pref("extensions.https_everywhere.Identica", true);
-user_pref("extensions.https_everywhere.IdentityTheft", true);
-user_pref("extensions.https_everywhere.Imgur", true);
-user_pref("extensions.https_everywhere.Indymedia.org", true);
-user_pref("extensions.https_everywhere.Infragard.net", true);
-user_pref("extensions.https_everywhere.Inschrijven.nl", true);
-user_pref("extensions.https_everywhere.InterNetworX", true);
-user_pref("extensions.https_everywhere.Interpol", true);
-user_pref("extensions.https_everywhere.Irish Broadband", true);
-user_pref("extensions.https_everywhere.IsoHunt", true);
-user_pref("extensions.https_everywhere.Ixquick", true);
-user_pref("extensions.https_everywhere.JANET", true);
-user_pref("extensions.https_everywhere.JPG Magazine", true);
-user_pref("extensions.https_everywhere.Jappix", true);
-user_pref("extensions.https_everywhere.Java", true);
-user_pref("extensions.https_everywhere.Joker", true);
-user_pref("extensions.https_everywhere.Jottit", true);
-user_pref("extensions.https_everywhere.Juniper Networks", true);
-user_pref("extensions.https_everywhere.Jusek.se", true);
-user_pref("extensions.https_everywhere.KDE Bugtracker", true);
-user_pref("extensions.https_everywhere.KLM", true);
-user_pref("extensions.https_everywhere.KPT.ch", true);
-user_pref("extensions.https_everywhere.KTH.se", true);
-user_pref("extensions.https_everywhere.Kabel Deutschland", true);
-user_pref("extensions.https_everywhere.Kayak", true);
-user_pref("extensions.https_everywhere.Kernel.org", true);
-user_pref("extensions.https_everywhere.Kommunal.se", true);
-user_pref("extensions.https_everywhere.Komplett.no", true);
-user_pref("extensions.https_everywhere.LKML", true);
-user_pref("extensions.https_everywhere.LWN", true);
-user_pref("extensions.https_everywhere.La Caixa", true);
-user_pref("extensions.https_everywhere.LastPass", true);
-user_pref("extensions.https_everywhere.Lastminute.com", true);
-user_pref("extensions.https_everywhere.LboroAcUk", true);
-user_pref("extensions.https_everywhere.Legtux", false);
-user_pref("extensions.https_everywhere.LensRentals.com", true);
-user_pref("extensions.https_everywhere.Library Anywhere", true);
-user_pref("extensions.https_everywhere.LibraryThing", true);
-user_pref("extensions.https_everywhere.LibreOffice", true);
-user_pref("extensions.https_everywhere.LiftShare", true);
-user_pref("extensions.https_everywhere.Linode", true);
-user_pref("extensions.https_everywhere.Linux.com", true);
-user_pref("extensions.https_everywhere.LinuxFoundation", true);
-user_pref("extensions.https_everywhere.LinuxQuestions", true);
-user_pref("extensions.https_everywhere.LiveJournal", false);
-user_pref("extensions.https_everywhere.Local.ch", true);
-user_pref("extensions.https_everywhere.LogLevel", 5);
-user_pref("extensions.https_everywhere.Loopt", true);
-user_pref("extensions.https_everywhere.LoveFilm", true);
-user_pref("extensions.https_everywhere.MacWorld", true);
-user_pref("extensions.https_everywhere.Magento", true);
-user_pref("extensions.https_everywhere.Magnatune", true);
-user_pref("extensions.https_everywhere.Magnet.ie", true);
-user_pref("extensions.https_everywhere.Mail.Yandex", true);
-user_pref("extensions.https_everywhere.Mail.com", true);
-user_pref("extensions.https_everywhere.Malwarebytes", true);
-user_pref("extensions.https_everywhere.MapQuest", true);
-user_pref("extensions.https_everywhere.MarksandSpencer", true);
-user_pref("extensions.https_everywhere.Marxists Internet Archive", false);
-user_pref("extensions.https_everywhere.Match", true);
-user_pref("extensions.https_everywhere.MaxMind", true);
-user_pref("extensions.https_everywhere.May First/People Link", true);
-user_pref("extensions.https_everywhere.Medikamente-Per-Klick", true);
-user_pref("extensions.https_everywhere.Medstop.se", true);
-user_pref("extensions.https_everywhere.Meebo", true);
-user_pref("extensions.https_everywhere.Meego", true);
-user_pref("extensions.https_everywhere.Mibbit", true);
-user_pref("extensions.https_everywhere.Microsoft", true);
-user_pref("extensions.https_everywhere.Mijn ING", true);
-user_pref("extensions.https_everywhere.Miles-and-more.com", true);
-user_pref("extensions.https_everywhere.MilkAndMore", true);
-user_pref("extensions.https_everywhere.Mint", true);
-user_pref("extensions.https_everywhere.Miranda-IM", true);
-user_pref("extensions.https_everywhere.ModSecurity", true);
-user_pref("extensions.https_everywhere.Moneybookers", true);
-user_pref("extensions.https_everywhere.MoonPig", true);
-user_pref("extensions.https_everywhere.Motesplatsen.se", true);
-user_pref("extensions.https_everywhere.Mozdev", true);
-user_pref("extensions.https_everywhere.Mozilla", true);
-user_pref("extensions.https_everywhere.Mozy", true);
-user_pref("extensions.https_everywhere.Mpx", true);
-user_pref("extensions.https_everywhere.Musikerforbundet.se", true);
-user_pref("extensions.https_everywhere.My-files.de", true);
-user_pref("extensions.https_everywhere.MyCharity.ie", true);
-user_pref("extensions.https_everywhere.MyPoints", true);
-user_pref("extensions.https_everywhere.MySQL", true);
-user_pref("extensions.https_everywhere.MyUHC", true);
-user_pref("extensions.https_everywhere.MyWOT", true);
-user_pref("extensions.https_everywhere.NL Overheid", true);
-user_pref("extensions.https_everywhere.NL Politiek", true);
-user_pref("extensions.https_everywhere.NTU", true);
-user_pref("extensions.https_everywhere.NYDailyNews", true);
-user_pref("extensions.https_everywhere.NYTimes", true);
-user_pref("extensions.https_everywhere.NZBIndex.nl", true);
-user_pref("extensions.https_everywhere.NameCheap", true);
-user_pref("extensions.https_everywhere.Names", true);
-user_pref("extensions.https_everywhere.National Lawyers Guild", true);
-user_pref("extensions.https_everywhere.NationalArchivesGovUK", true);
-user_pref("extensions.https_everywhere.NationalLottery", true);
-user_pref("extensions.https_everywhere.Netflix", true);
-user_pref("extensions.https_everywhere.Nettica", true);
-user_pref("extensions.https_everywhere.NetworkWorld", true);
-user_pref("extensions.https_everywhere.Netzpolitik.org", true);
-user_pref("extensions.https_everywhere.NewIT", true);
-user_pref("extensions.https_everywhere.Next", true);
-user_pref("extensions.https_everywhere.NextBus", true);
-user_pref("extensions.https_everywhere.Ninite", true);
-user_pref("extensions.https_everywhere.Noisebridge", true);
-user_pref("extensions.https_everywhere.Nokia", true);
-user_pref("extensions.https_everywhere.Nordea", true);
-user_pref("extensions.https_everywhere.NottinghamAC", true);
-user_pref("extensions.https_everywhere.NutriCentre", true);
-user_pref("extensions.https_everywhere.O2online.de", true);
-user_pref("extensions.https_everywhere.OVH", true);
-user_pref("extensions.https_everywhere.Officersforbundet.se", true);
-user_pref("extensions.https_everywhere.Olark", true);
-user_pref("extensions.https_everywhere.Onehub.com", true);
-user_pref("extensions.https_everywhere.OomphMe", false);
-user_pref("extensions.https_everywhere.Open-Mesh", true);
-user_pref("extensions.https_everywhere.OpenDNS", true);
-user_pref("extensions.https_everywhere.OpenID", true);
-user_pref("extensions.https_everywhere.OpenLeaks", true);
-user_pref("extensions.https_everywhere.OpenSSL", true);
-user_pref("extensions.https_everywhere.OpenStreetMap Wiki", true);
-user_pref("extensions.https_everywhere.OpenVPN", true);
-user_pref("extensions.https_everywhere.Opera", false);
-user_pref("extensions.https_everywhere.Orange", true);
-user_pref("extensions.https_everywhere.OverClockers", true);
-user_pref("extensions.https_everywhere.Oxfam Unwrapped", true);
-user_pref("extensions.https_everywhere.OzBargain", true);
-user_pref("extensions.https_everywhere.PC World", true);
-user_pref("extensions.https_everywhere.PCCaseGear", true);
-user_pref("extensions.https_everywhere.PGP", true);
-user_pref("extensions.https_everywhere.PageKite", true);
-user_pref("extensions.https_everywhere.Pandora", true);
-user_pref("extensions.https_everywhere.PassThePopcorn", true);
-user_pref("extensions.https_everywhere.PasswordCard", true);
-user_pref("extensions.https_everywhere.Pastebin.ca", true);
-user_pref("extensions.https_everywhere.Pastebin.com", true);
-user_pref("extensions.https_everywhere.Pastee.org", true);
-user_pref("extensions.https_everywhere.PayPal", true);
-user_pref("extensions.https_everywhere.PearsonVue", true);
-user_pref("extensions.https_everywhere.Picasa Web Albums", true);
-user_pref("extensions.https_everywhere.Ping.fm", true);
-user_pref("extensions.https_everywhere.Pipex", true);
-user_pref("extensions.https_everywhere.PirateParty", true);
-user_pref("extensions.https_everywhere.Pivotal Tracker", true);
-user_pref("extensions.https_everywhere.Pizzahut", true);
-user_pref("extensions.https_everywhere.PlanetRomeo", true);
-user_pref("extensions.https_everywhere.Playboy", true);
-user_pref("extensions.https_everywhere.PlentyOfFish", true);
-user_pref("extensions.https_everywhere.Plus.net", true);
-user_pref("extensions.https_everywhere.Pogo", true);
-user_pref("extensions.https_everywhere.Polisforbundet.se", true);
-user_pref("extensions.https_everywhere.Post.ch", true);
-user_pref("extensions.https_everywhere.Postbank", true);
-user_pref("extensions.https_everywhere.Posten.se", true);
-user_pref("extensions.https_everywhere.PrivacyBox", true);
-user_pref("extensions.https_everywhere.PrivatePaste", true);
-user_pref("extensions.https_everywhere.ProjectHoneypot", true);
-user_pref("extensions.https_everywhere.Prometric", true);
-user_pref("extensions.https_everywhere.Proxify", true);
-user_pref("extensions.https_everywhere.Public Citizen", true);
-user_pref("extensions.https_everywhere.QIP", true);
-user_pref("extensions.https_everywhere.Qualys", true);
-user_pref("extensions.https_everywhere.Quora", true);
-user_pref("extensions.https_everywhere.Quorks", false);
-user_pref("extensions.https_everywhere.Qxl", true);
-user_pref("extensions.https_everywhere.RAC", true);
-user_pref("extensions.https_everywhere.RFC-Editor", true);
-user_pref("extensions.https_everywhere.ROBOXchange", true);
-user_pref("extensions.https_everywhere.Rabobank", true);
-user_pref("extensions.https_everywhere.RadioShack", true);
-user_pref("extensions.https_everywhere.Raiffeisen.ch", true);
-user_pref("extensions.https_everywhere.Random.org", true);
-user_pref("extensions.https_everywhere.RapidSSL", true);
-user_pref("extensions.https_everywhere.ReadWriteWeb", true);
-user_pref("extensions.https_everywhere.RedHat", true);
-user_pref("extensions.https_everywhere.Redbox.com", true);
-user_pref("extensions.https_everywhere.Reddit", true);
-user_pref("extensions.https_everywhere.Reddit+", false);
-user_pref("extensions.https_everywhere.Reformed Church", true);
-user_pref("extensions.https_everywhere.RememberTheMilk", true);
-user_pref("extensions.https_everywhere.Riga", true);
-user_pref("extensions.https_everywhere.Riseup", true);
-user_pref("extensions.https_everywhere.RoadRunner", true);
-user_pref("extensions.https_everywhere.Robeco", true);
-user_pref("extensions.https_everywhere.RoyalGovUK", true);
-user_pref("extensions.https_everywhere.RubyGems.org", true);
-user_pref("extensions.https_everywhere.Rutgers", true);
-user_pref("extensions.https_everywhere.SBB.ch", true);
-user_pref("extensions.https_everywhere.SF.se", true);
-user_pref("extensions.https_everywhere.SJ.se", true);
-user_pref("extensions.https_everywhere.SL.se", true);
-user_pref("extensions.https_everywhere.SLF.se", true);
-user_pref("extensions.https_everywhere.SNS Bank", true);
-user_pref("extensions.https_everywhere.ST.org", true);
-user_pref("extensions.https_everywhere.SVT.se", true);
-user_pref("extensions.https_everywhere.Safari Books Online", true);
-user_pref("extensions.https_everywhere.Savannah", true);
-user_pref("extensions.https_everywhere.Schneier on Security", true);
-user_pref("extensions.https_everywhere.Scroogle", true);
-user_pref("extensions.https_everywhere.Secunia", true);
-user_pref("extensions.https_everywhere.Security.NL", true);
-user_pref("extensions.https_everywhere.Sendmail", true);
-user_pref("extensions.https_everywhere.SigmaBeauty", true);
-user_pref("extensions.https_everywhere.Sinn Fein", true);
-user_pref("extensions.https_everywhere.Sipgate", true);
-user_pref("extensions.https_everywhere.SixApart", true);
-user_pref("extensions.https_everywhere.Skandiabanken", true);
-user_pref("extensions.https_everywhere.Slo-Tech", true);
-user_pref("extensions.https_everywhere.SlySoft", false);
-user_pref("extensions.https_everywhere.SouthernElectric", true);
-user_pref("extensions.https_everywhere.SpamGourmet", true);
-user_pref("extensions.https_everywhere.Sparkfun", true);
-user_pref("extensions.https_everywhere.Spin.de", true);
-user_pref("extensions.https_everywhere.Springpad", true);
-user_pref("extensions.https_everywhere.Spyderco", true);
-user_pref("extensions.https_everywhere.Srware", true);
-user_pref("extensions.https_everywhere.StartCom", true);
-user_pref("extensions.https_everywhere.Statcounter", true);
-user_pref("extensions.https_everywhere.StateBankOfIndia", true);
-user_pref("extensions.https_everywhere.Stevens", true);
-user_pref("extensions.https_everywhere.Storebrand", true);
-user_pref("extensions.https_everywhere.StumbleUpon", true);
-user_pref("extensions.https_everywhere.SuperAntiSpyware", true);
-user_pref("extensions.https_everywhere.Svenskaspel.se", true);
-user_pref("extensions.https_everywhere.Swiss.com", true);
-user_pref("extensions.https_everywhere.Sydostran.se", true);
-user_pref("extensions.https_everywhere.Symbian Foundation", true);
-user_pref("extensions.https_everywhere.TAZ", true);
-user_pref("extensions.https_everywhere.TT.se", true);
-user_pref("extensions.https_everywhere.TV.com", true);
-user_pref("extensions.https_everywhere.Tandlakarforbundet.se", true);
-user_pref("extensions.https_everywhere.Target", true);
-user_pref("extensions.https_everywhere.Teamviewer", true);
-user_pref("extensions.https_everywhere.Teamxlink", false);
-user_pref("extensions.https_everywhere.Techcrunch", false);
-user_pref("extensions.https_everywhere.TechnologyReview", true);
-user_pref("extensions.https_everywhere.Telia.se", true);
-user_pref("extensions.https_everywhere.Tesco", true);
-user_pref("extensions.https_everywhere.The Open University", true);
-user_pref("extensions.https_everywhere.The Privacy Blog", true);
-user_pref("extensions.https_everywhere.TheAA", true);
-user_pref("extensions.https_everywhere.TheGlobeAndMail", true);
-user_pref("extensions.https_everywhere.ThePirateBay", true);
-user_pref("extensions.https_everywhere.ThreatPost", true);
-user_pref("extensions.https_everywhere.Three", true);
-user_pref("extensions.https_everywhere.Tmobile", true);
-user_pref("extensions.https_everywhere.TodoLy", true);
-user_pref("extensions.https_everywhere.Todoist", true);
-user_pref("extensions.https_everywhere.TofinoSecurity", true);
-user_pref("extensions.https_everywhere.Tor2Web", true);
-user_pref("extensions.https_everywhere.Torproject", true);
-user_pref("extensions.https_everywhere.Torrentz", true);
-user_pref("extensions.https_everywhere.Tradera", true);
-user_pref("extensions.https_everywhere.Trashmail", true);
-user_pref("extensions.https_everywhere.Tweetdeck", true);
-user_pref("extensions.https_everywhere.TwitPic", true);
-user_pref("extensions.https_everywhere.Twitter", true);
-user_pref("extensions.https_everywhere.Typepad", true);
-user_pref("extensions.https_everywhere.UK Local Government", true);
-user_pref("extensions.https_everywhere.UNM", true);
-user_pref("extensions.https_everywhere.UOregon (Partial!)", true);
-user_pref("extensions.https_everywhere.USPS", true);
-user_pref("extensions.https_everywhere.Ubuntuone", true);
-user_pref("extensions.https_everywhere.UiO", true);
-user_pref("extensions.https_everywhere.Unbound", true);
-user_pref("extensions.https_everywhere.Underskog", true);
-user_pref("extensions.https_everywhere.United Airlines", true);
-user_pref("extensions.https_everywhere.UsrJoy", true);
-user_pref("extensions.https_everywhere.VTunnel", true);
-user_pref("extensions.https_everywhere.VZnetzwerke", true);
-user_pref("extensions.https_everywhere.Verizon", true);
-user_pref("extensions.https_everywhere.VideoLAN", false);
-user_pref("extensions.https_everywhere.Vimeo login", true);
-user_pref("extensions.https_everywhere.VirusTotal", true);
-user_pref("extensions.https_everywhere.Vitelity", true);
-user_pref("extensions.https_everywhere.Vodafone", true);
-user_pref("extensions.https_everywhere.Volcano eCigs", true);
-user_pref("extensions.https_everywhere.Volkswagen Bank", true);
-user_pref("extensions.https_everywhere.Vonage", true);
-user_pref("extensions.https_everywhere.Vuze", true);
-user_pref("extensions.https_everywhere.WashingtonPost", true);
-user_pref("extensions.https_everywhere.Wells Fargo", true);
-user_pref("extensions.https_everywhere.Weltbild.ch", true);
-user_pref("extensions.https_everywhere.WestlandUtrecht Bank", true);
-user_pref("extensions.https_everywhere.WhatCD", true);
-user_pref("extensions.https_everywhere.WhatIsMyIP", true);
-user_pref("extensions.https_everywhere.Wiggle", true);
-user_pref("extensions.https_everywhere.Wikipedia", true);
-user_pref("extensions.https_everywhere.WinPcap", true);
-user_pref("extensions.https_everywhere.Wippies Webmail", true);
-user_pref("extensions.https_everywhere.Wireshark", true);
-user_pref("extensions.https_everywhere.Woot (broken)", false);
-user_pref("extensions.https_everywhere.WordPress", true);
-user_pref("extensions.https_everywhere.World Community Grid", true);
-user_pref("extensions.https_everywhere.World Socialist Web Site", true);
-user_pref("extensions.https_everywhere.XO Skins", true);
-user_pref("extensions.https_everywhere.XS4ALL (partial)", true);
-user_pref("extensions.https_everywhere.Xing", true);
-user_pref("extensions.https_everywhere.Xmarks", true);
-user_pref("extensions.https_everywhere.YFrog", true);
-user_pref("extensions.https_everywhere.Yaha", true);
-user_pref("extensions.https_everywhere.Yahoo! Mail", true);
-user_pref("extensions.https_everywhere.YouTube (buggy)", false);
-user_pref("extensions.https_everywhere.Your Freedom", true);
-user_pref("extensions.https_everywhere.Yubico", true);
-user_pref("extensions.https_everywhere.ZTunnel", true);
-user_pref("extensions.https_everywhere.Zimbra", true);
-user_pref("extensions.https_everywhere.Zoho", true);
-user_pref("extensions.https_everywhere.associatedcontent.com", true);
-user_pref("extensions.https_everywhere.bankrate.com", true);
-user_pref("extensions.https_everywhere.bit.ly", true);
-user_pref("extensions.https_everywhere.bittorrentdotorg", false);
-user_pref("extensions.https_everywhere.boots.com", true);
-user_pref("extensions.https_everywhere.btjunkie", true);
-user_pref("extensions.https_everywhere.ccc.de", true);
-user_pref("extensions.https_everywhere.comdirect bank", true);
-user_pref("extensions.https_everywhere.coxnewsweb.net", true);
-user_pref("extensions.https_everywhere.doubleclick.net", true);
-user_pref("extensions.https_everywhere.eHow", true);
-user_pref("extensions.https_everywhere.ehrensenf", false);
-user_pref("extensions.https_everywhere.examiner.com", true);
-user_pref("extensions.https_everywhere.hi5", true);
-user_pref("extensions.https_everywhere.kuro5hin.org", true);
-user_pref("extensions.https_everywhere.lawblog.de", true);
-user_pref("extensions.https_everywhere.leadback.advertising.com", true);
-user_pref("extensions.https_everywhere.lists.mindrot.org", true);
-user_pref("extensions.https_everywhere.mixx.com", true);
-user_pref("extensions.https_everywhere.netzclub", true);
-user_pref("extensions.https_everywhere.newsvine.com", true);
-user_pref("extensions.https_everywhere.one.com", true);
-user_pref("extensions.https_everywhere.partypoker", true);
-user_pref("extensions.https_everywhere.politisktinkorrekt.info", true);
-user_pref("extensions.https_everywhere.quantserve.com", true);
-user_pref("extensions.https_everywhere.ripe.net", true);
-user_pref("extensions.https_everywhere.romab.com", true);
-user_pref("extensions.https_everywhere.snagajob", true);
-user_pref("extensions.https_everywhere.so36.NET", true);
-user_pref("extensions.https_everywhere.switch.ch", true);
-user_pref("extensions.https_everywhere.uTorrent", true);
-user_pref("extensions.https_everywhere.web.de", true);
-user_pref("extensions.https_everywhere.xkcd", true);
-user_pref("extensions.installCache", "[{\"name\":\"app-global\",\"addons\":{\"{972ce4c6-7e08-4474-a285-3208198ce6fd}\":{\"descriptor\":\"/Users/erinn/src/tbb-master.git/build-scripts/tbb.app/Contents/MacOS/Firefox.app/Contents/MacOS/extensions/{972ce4c6-7e08-4474-a285-3208198ce6fd}\",\"mtime\":1301232918000}}},{\"name\":\"app-profile\",\"addons\":{\"https-everywhere(a)eff.org\":{\"descriptor\":\"/Users/erinn/src/tbb-master.git/build-scripts/tbb.app/Contents/MacOS/../..//Library/Application Support/Firefox/Profiles/profile/extensions/https-everywhere(a)eff.org\",\"mtime\":1301232920000},\"{73a6fe31-595d-460b-a920-fcc0f8843232}\":{\"descriptor\":\"/Users/erinn/src/tbb-master.git/build-scripts/tbb.app/Contents/MacOS/../..//Library/Application Support/Firefox/Profiles/profile/extensions/{73a6fe31-595d-460b-a920-fcc0f8843232}\",\"mtime\":1301232920000},\"{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}\":{\"descriptor\":\"/Users/erinn/src/tbb-master.git/build-scripts/tbb.app/Contents/MacOS/../
..//Library/Application Support/Firefox/Profiles/profile/extensions/{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}\",\"mtime\":1301232920000},\"{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}\":{\"descriptor\":\"/Users/erinn/src/tbb-master.git/build-scripts/tbb.app/Contents/MacOS/../..//Library/Application Support/Firefox/Profiles/profile/extensions/{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}\",\"mtime\":1301232920000}}}]");
user_pref("extensions.lastAppVersion", "4.0");
user_pref("extensions.pendingOperations", false);
user_pref("extensions.torbutton.fresh_install", false);
-user_pref("extensions.torbutton.inserted_button", true);
user_pref("extensions.torbutton.locked_mode", true);
user_pref("extensions.torbutton.proxies_applied", true);
user_pref("extensions.torbutton.restore_tor", true);
@@ -729,7 +140,6 @@ user_pref("noscript.subscription.lastCheck", -142148139);
user_pref("noscript.temp", "");
user_pref("noscript.untrusted", "");
user_pref("noscript.version", "2.0.9.9");
-user_pref("noscript.visibleUIChecked", true);
user_pref("places.history.enabled", false);
user_pref("places.history.expiration.transient_current_max_pages", 120795);
user_pref("plugin.disable_full_page_plugin_for_types", "application/asx,video/x-ms-asf-plugin,application/x-mplayer2,video/x-ms-asf,video/x-ms-wm,audio/x-ms-wma,audio/x-ms-wax,video/x-ms-wmv,video/x-ms-wvx,application/x-drm-v2,application/x-drm");
1
0
commit f9a70aadab4d4a950d55df0f373bb4804ef9e012
Author: Erinn Clark <erinn(a)torproject.org>
Date: Tue Mar 29 23:57:20 2011 +0200
update changelog for new release
---
changelog.osx-0.2.2 | 8 ++++++++
1 files changed, 8 insertions(+), 0 deletions(-)
diff --git a/changelog.osx-0.2.2 b/changelog.osx-0.2.2
index 51f6026..c4ff5af 100644
--- a/changelog.osx-0.2.2
+++ b/changelog.osx-0.2.2
@@ -1,3 +1,11 @@
+Tor Browser Bundle (2.2.23-2) alpha; suite=osx
+
+ * Update Firefox prefs to show the toggle buttons for NoScript and Torbutton
+ * Make Vidalia stop linking to an OpenSSL that isn't present on the user's system
+ in i386 bundle (closes: #2813)
+
+ -- Erinn Clark <erinn(a)torproject.org> Tue Mar 29 23:55:49 CEST 2011
+
Tor Browser Bundle (2.2.23-1) alpha; suite=osx
* Create new bundles for Firefox 4, both i386 and x86_64 (closes: #2140)
1
0
23 Oct '11
commit cc9ed8871ceb9a4c89e6c95c1ee87c91096c07df
Author: Erinn Clark <erinn(a)torproject.org>
Date: Tue Mar 29 23:57:58 2011 +0200
bump ff4 osx release to 2.2.23-2-alpha
---
build-scripts/osx.mk | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/build-scripts/osx.mk b/build-scripts/osx.mk
index 707c0a2..71784b1 100644
--- a/build-scripts/osx.mk
+++ b/build-scripts/osx.mk
@@ -144,7 +144,7 @@ NAME=TorBrowser
DISTDIR=tbbosx-alpha-dist
## Version and name of the compressed bundle (also used for source)
-VERSION=2.2.23-1-alpha
+VERSION=2.2.23-2-alpha
DEFAULT_COMPRESSED_BASENAME=TorBrowser-$(VERSION)-osx-$(ARCH_TYPE)-
IM_COMPRESSED_BASENAME=TorBrowser-IM-$(VERSION)-
DEFAULT_COMPRESSED_NAME=$(DEFAULT_COMPRESSED_BASENAME)
1
0
[torbrowser/master] update linux makefile with new libevent2 libraries and fix the XAUTHORITY bug
by erinn@torproject.org 23 Oct '11
by erinn@torproject.org 23 Oct '11
23 Oct '11
commit cb101fdce6c7a8b1dc1a58ceef979d316c83b3d8
Author: Erinn Clark <erinn(a)torproject.org>
Date: Wed Mar 23 22:01:04 2011 +0100
update linux makefile with new libevent2 libraries and fix the XAUTHORITY bug
---
src/RelativeLink/RelativeLink.sh | 5 +++++
1 files changed, 5 insertions(+), 0 deletions(-)
diff --git a/src/RelativeLink/RelativeLink.sh b/src/RelativeLink/RelativeLink.sh
index 5b83305..c5b7b28 100755
--- a/src/RelativeLink/RelativeLink.sh
+++ b/src/RelativeLink/RelativeLink.sh
@@ -14,6 +14,11 @@ if [ $1 ]; then
printf "\nDebug enabled.\n\n"
fi
+if [ -z $XAUTHORITY]; then
+ XAUTHORITY=~/.Xauthority
+ export XAUTHORITY
+fi
+
# Try to be agnostic to where we're being started from, chdir to where
# the script is.
mydir="$(dirname $0)"
1
0
[torbrowser/master] add some more details to the hacking documentation
by erinn@torproject.org 23 Oct '11
by erinn@torproject.org 23 Oct '11
23 Oct '11
commit 4e0a743606f0e2b1f61beb1b78d8e1c9faa10814
Author: Erinn Clark <erinn(a)torproject.org>
Date: Wed Mar 30 04:40:04 2011 +0200
add some more details to the hacking documentation
---
build-scripts/osx.mk | 2 +-
docs/HACKING | 62 +++++++++++++++++++++++++++++++++++++++++++++-----
2 files changed, 57 insertions(+), 7 deletions(-)
diff --git a/build-scripts/osx.mk b/build-scripts/osx.mk
index 71784b1..2b2de3f 100644
--- a/build-scripts/osx.mk
+++ b/build-scripts/osx.mk
@@ -35,7 +35,7 @@
include $(PWD)/versions.mk
## Architecture
-ARCH_TYPE=i386
+ARCH_TYPE=x86_64
## Location of directory for source unpacking
FETCH_DIR=$(PWD)/build-alpha-$(ARCH_TYPE)
diff --git a/docs/HACKING b/docs/HACKING
index e27206d..03ad072 100644
--- a/docs/HACKING
+++ b/docs/HACKING
@@ -25,6 +25,41 @@ Supporting Cast (libraries)
It works by having a launch script which opens Vidalia, which then launches
Firefox, pre-configured with Torbutton and other privacy-enhancing extensions.
+Releases
+----------------------
+Official vs. Unofficial releases
+
+Official releases are regularly maintained and must be updated whenever one of
+the main three components is updated (Tor, Vidalia, or Firefox) as well as
+whenever there are any important security bugs in any of the components. It is
+not necessary for them to be updated whenever the Firefox extensions or
+libraries are updated (except as previously mentioned, for security reasons.)
+
+Unofficial releases are not maintained and are intended either for testing or
+favor purposes.
+
+Modifications
+----------------------
+
+Some components of TBB are modified and all of the patches are available in the
+git repository in src/current-patches.
+
+- Vidalia: modified on Linux and OS X
+ * Vidalia has been patched for Linux in order to allow it to quit at the same
+ time as the browser
+ * It has been modified on OS X in order to make it conform to the standard OS
+ X bundle layout
+
+- Firefox: modified on Linux (3.6 and 4.0), OS X (4.0), Windows (3.6)
+ * On Linux and OS X, the non-blocking SOCKS proxy has been applied before
+ being built. See: https://bugzilla.mozilla.org/show_bug.cgi?id=280661
+
+ * On Windows, a section of nsExtensionManager.js has been commented out to
+ prevent Firefox from picking up system plugins. See:
+ https://trac.torproject.org/projects/tor/ticket/2118
+
+- Torbutton: 1.2.5 (Linux), 1.3.2-alpha (Linux andOS X Firefox 4 bundles)
+ * In both versions it has had its use_privoxy option set to false instead of true
Git branching strategy
----------------------
@@ -43,8 +78,8 @@ master:
The master branch's versions are considered equivalent in spirit to Tor's
master branch, which is to say things under heavy and occasionally turbulent
development. This branch will use Tor's 'master' as its main Tor build, and all
-other components in TBB will be equally alpha, which is to say, they ought to
-be the kinds of things that are pulled directly from version control with
+other components in TBB will be equally alpha, and most (if not all) components
+should be drawn directly from their respective project's version control with
absolutely no guarantee that they will work separately or together.
maint-2.3:
@@ -103,7 +138,9 @@ https://gitweb.torproject.org/torspec.git/blob/HEAD:/version-spec.txt)
Based on the blend of TBB's old versioning system and Tor's current versioning
system, we end up with:
-Tor's MINOR.MICRO.PATCHLEVEL(-status_tag)-tbb_ver(-tbb_status_tag)(-arch)
+
+Tor's MINOR.MICRO.PATCHLEVEL(-status_tag)-tbb_ver(~tbb_status_tag)(-arch)
+Example: 2.2.23-alpha-1~libevent33-s390
If Tor is ever perfect and releases a major version that is non-zero we will
have to rethink this strategy.
@@ -115,9 +152,22 @@ of the package, beginning with 1.
Official TBB releases may have 'tbb_status_tag' if there is a good enough
reason. What constitutes a 'good enough reason' is left to the discretion of
-the official maintainer and must have a corresponding git branch in the
-maintainer's personal repo. Unofficial TBB releases must have 'tbb_status_tag'
-as well as a corresponding git branch.
+the official maintainer, but this is primarily intended for one-off packages --
+for example, security or architecture-specific fixes that don't comfortably fit
+into the existing naming scheme. For official packages the use of
+'tbb_status_tag' is discouraged.
+
+Unofficial TBB releases must have 'tbb_status_tag'. The reasons for making an
+unofficial TBB package are more broad and likely to be one-time testing
+packages, but could also be special language requests or TBBs that are
+specifically modified to appeal to various regions.
+
+In order to make sure our sources are always available for auditing, any
+package that uses 'tbb_status_tag' must also have an accompanying git branch,
+preferably in the maintainer's personal (but public) repo. If the changes are
+eventually merged back into master or the maint branches, the 'tbb_status_repo'
+can be removed. If the changes are not merged back into any of the branches,
+whether they should be kept around in perpetuity is undecided at this moment.
Official TBB releases for more than one architecture must use 'arch' in the
filename.
1
0
[torbrowser/master] update linux makefile with appropriate changes for firefox 4 bundles
by erinn@torproject.org 23 Oct '11
by erinn@torproject.org 23 Oct '11
23 Oct '11
commit b5fecd74e329ac387fc168f19312ca3417a67384
Author: Erinn Clark <erinn(a)dixie.torproject.org>
Date: Thu Mar 31 13:48:52 2011 +0000
update linux makefile with appropriate changes for firefox 4 bundles
---
build-scripts/linux.mk | 115 +++++++++------------------------------------
build-scripts/versions.mk | 2 +-
2 files changed, 24 insertions(+), 93 deletions(-)
diff --git a/build-scripts/linux.mk b/build-scripts/linux.mk
index 5a4b2e6..4fc6be8 100644
--- a/build-scripts/linux.mk
+++ b/build-scripts/linux.mk
@@ -31,80 +31,18 @@
### Configuration ###
#####################
+## Include versions
+include $(PWD)/versions.mk
+
## Architecture
ARCH_TYPE=$(shell uname -m)
## Location of directory for source unpacking
-FETCH_DIR=$(HOME)/build-alpha
+FETCH_DIR=$(PWD)/build-alpha-$(ARCH_TYPE)
## Location of directory for prefix/destdir/compiles/etc
BUILT_DIR=$(FETCH_DIR)/built
TBB_FINAL=$(BUILT_DIR)/TBBL
-## Versions for our source packages
-HTTPSEVERY_VER=0.9.9.development.2
-FIREFOX_VER=4.0b8
-LIBEVENT_VER=2.0.10-stable
-LIBPNG_VER=1.5.1beta01
-NOSCRIPT_VER=2.0.7
-OPENSSL_VER=1.0.0c
-OTR_VER=3.2.0
-PIDGIN_VER=2.6.4
-POLIPO_VER=1.0.4.1
-QT_VER=4.7.1
-TOR_VER=0.2.3.0-alpha
-TORBUTTON_VER=1.3.1-alpha
-VIDALIA_VER=0.2.10
-ZLIB_VER=1.2.5
-
-## Extension IDs
-FF_VENDOR_ID:=\{ec8030f7-c20a-464f-9b0e-13a3a9e97384\}
-
-## File names for the source packages
-FIREFOX_PACKAGE=firefox-$(FIREFOX_VER).source.tar.bz2
-LIBEVENT_PACKAGE=libevent-$(LIBEVENT_VER).tar.gz
-LIBPNG_PACKAGE=libpng-$(LIBPNG_VER).tar.gz
-OPENSSL_PACKAGE=openssl-$(OPENSSL_VER).tar.gz
-PIDGIN_PACKAGE=pidgin-$(PIDGIN_VER).tar.bz2
-POLIPO_PACKAGE=polipo-$(POLIPO_VER).tar.gz
-QT_PACKAGE=qt-everywhere-opensource-src-$(QT_VER).tar.gz
-TOR_PACKAGE=tor-$(TOR_VER).tar.gz
-VIDALIA_PACKAGE=vidalia-$(VIDALIA_VER).tar.gz
-ZLIB_PACKAGE=zlib-$(ZLIB_VER).tar.gz
-
-## Location of files for download
-FIREFOX_URL=http://releases.mozilla.org/pub/mozilla.org/firefox/releases/$(FIREFOX_VER)/source/$(FIREFOX_PACKAGE)
-LIBEVENT_URL=http://www.monkey.org/~provos/$(LIBEVENT_PACKAGE)
-LIBPNG_URL=http://download.sourceforge.net/libpng/$(LIBPNG_PACKAGE).tar.gz
-OPENSSL_URL=https://www.openssl.org/source/$(OPENSSL_PACKAGE)
-PIDGIN_URL=http://sourceforge.net/projects/pidgin/files/Pidgin/$(PIDGIN_PACKAGE)
-POLIPO_URL=http://freehaven.net/~chrisd/polipo/$(POLIPO_PACKAGE)
-QT_URL=http://get.qt.nokia.com/qt/source/$(QT_PACKAGE)
-TOR_URL=https://www.torproject.org/dist/$(TOR_PACKAGE)
-VIDALIA_URL=https://www.torproject.org/vidalia/dist/$(VIDALIA_PACKAGE)
-ZLIB_URL=http://www.zlib.net/$(ZLIB_PACKAGE)
-
-fetch-source:
- -mkdir $(FETCH_DIR)
- $(WGET) --directory-prefix=$(FETCH_DIR) $(ZLIB_URL)
- $(WGET) --directory-prefix=$(FETCH_DIR) $(OPENSSL_URL)
- $(WGET) --directory-prefix=$(FETCH_DIR) $(QT_URL)
- $(WGET) --directory-prefix=$(FETCH_DIR) $(VIDALIA_URL)
- $(WGET) --directory-prefix=$(FETCH_DIR) $(LIBEVENT_URL)
- $(WGET) --directory-prefix=$(FETCH_DIR) $(TOR_URL)
- $(WGET) --directory-prefix=$(FETCH_DIR) $(POLIPO_URL)
- $(WGET) --directory-prefix=$(FETCH_DIR) $(PIDGIN_URL)
- $(WGET) --directory-prefix=$(FETCH_DIR) $(FIREFOX_URL)
-
-unpack-source:
- cd $(FETCH_DIR) && tar -xvzf $(ZLIB_PACKAGE)
- cd $(FETCH_DIR) && tar -xvzf $(OPENSSL_PACKAGE)
- cd $(FETCH_DIR) && tar -xvzf $(QT_PACKAGE)
- cd $(FETCH_DIR) && tar -xvzf $(VIDALIA_PACKAGE)
- cd $(FETCH_DIR) && tar -xvzf $(LIBEVENT_PACKAGE)
- cd $(FETCH_DIR) && tar -xvzf $(TOR_PACKAGE)
- cd $(FETCH_DIR) && tar -xvzf $(POLIPO_PACKAGE)
- cd $(FETCH_DIR) && tar -xvjf $(FIREFOX_PACKAGE)
-
source-dance: fetch-source unpack-source
echo "We're ready for building now."
@@ -116,7 +54,7 @@ build-zlib:
cd $(ZLIB_DIR) && make install
OPENSSL_DIR=$(FETCH_DIR)/openssl-$(OPENSSL_VER)
-OPENSSL_OPTS=-no-idea -no-rc5 -no-md2 shared zlib -Wa,--noexecstack --prefix=$(BUILT_DIR) --openssldir=$(BUILT_DIR) -I$(BUILT_DIR)/include -L$(BUILT_DIR)/lib
+OPENSSL_OPTS=-no-idea -no-rc5 -no-md2 shared zlib --prefix=$(BUILT_DIR) --openssldir=$(BUILT_DIR) -I$(BUILT_DIR)/include -L$(BUILT_DIR)/lib
build-openssl:
cd $(OPENSSL_DIR) && ./config $(OPENSSL_OPTS)
cd $(OPENSSL_DIR) && make depend
@@ -131,7 +69,7 @@ build-qt:
cd $(QT_DIR) && make
cd $(QT_DIR) && make install
-VIDALIA_DIR=$(FETCH_DIR)/vidalia.trunk
+VIDALIA_DIR=$(FETCH_DIR)/vidalia-$(VIDALIA_VER)
VIDALIA_OPTS=-DCMAKE_BUILD_TYPE=debug -DQT_QMAKE_EXECUTABLE=$(BUILT_DIR)/bin/qmake ..
build-vidalia:
-mkdir $(VIDALIA_DIR)/build
@@ -152,10 +90,9 @@ build-libpng:
cd $(LIBPNG_DIR) && make
cd $(LIBPNG_DIR) && make install
-TOR_DIR=$(FETCH_DIR)/tor.git
+TOR_DIR=$(FETCH_DIR)/tor-$(TOR_VER)
TOR_OPTS=--with-openssl-dir=$(BUILT_DIR) --with-zlib-dir=$(BUILT_DIR) --with-libevent-dir=$(BUILT_DIR)/lib --prefix=$(BUILT_DIR)
build-tor:
- cd $(TOR_DIR) && ./autogen.sh
cd $(TOR_DIR) && ./configure $(TOR_OPTS)
cd $(TOR_DIR) && make -j2
cd $(TOR_DIR) && make install
@@ -217,7 +154,7 @@ NAME=tor-browser
DISTDIR=tbbl-dist
## Version and name of the compressed bundle (also used for source)
-VERSION=1.1.2-dev
+VERSION=2.2.23-1-alpha
DEFAULT_COMPRESSED_BASENAME=tor-browser-gnu-linux-$(ARCH_TYPE)-$(VERSION)-
IM_COMPRESSED_BASENAME=tor-im-browser-gnu-linux-$(VERSION)-
DEFAULT_COMPRESSED_NAME=$(DEFAULT_COMPRESSED_BASENAME)$(VERSION)
@@ -316,7 +253,6 @@ directory-structure:
mkdir -p $(LIBSDIR)/libz
mkdir -p $(DATADIR)/Tor
mkdir -p $(DATADIR)/Vidalia
- #mkdir -p $(DATADIR)/Polipo
mkdir -p $(DATADIR)/profile
mkdir -p $(DOCSDIR)
mkdir -p $(TB_TMPDIR)
@@ -325,11 +261,10 @@ directory-structure:
## Firefox and Pidgin are installed in their own targets
install-binaries:
# A minimal set of Qt libs and the proper symlinks
- cp -d $(QT)/libQtCore.so $(QT)/libQtCore.so.4 $(QT)/libQtCore.so.4.7 $(QT)/libQtCore.so.4.7.1 $(LIBSDIR)
- cp -d $(QT)/libQtGui.so $(QT)/libQtGui.so.4 $(QT)/libQtGui.so.4.7 $(QT)/libQtGui.so.4.7.1 $(LIBSDIR)
- cp -d $(QT)/libQtNetwork.so $(QT)/libQtNetwork.so.4 $(QT)/libQtNetwork.so.4.7 \
- $(QT)/libQtNetwork.so.4.7.1 $(LIBSDIR)
- cp -d $(QT)/libQtXml.so $(QT)/libQtXml.so.4 $(QT)/libQtXml.so.4.7 $(QT)/libQtXml.so.4.7.1 $(LIBSDIR)
+ cp -d $(QT)/libQtCore.so* $(LIBSDIR)
+ cp -d $(QT)/libQtGui.so* $(LIBSDIR)
+ cp -d $(QT)/libQtNetwork.so* $(LIBSDIR)
+ cp -d $(QT)/libQtXml.so* $(LIBSDIR)
# zlib
cp -d $(ZLIB)/libz.so $(ZLIB)/libz.so.1 $(ZLIB)/libz.so.1.2.5 $(LIBSDIR)/libz
# Libevent
@@ -338,14 +273,11 @@ install-binaries:
$(LIBEVENT)/libevent_extra-2.0.so.5 $(LIBEVENT)/libevent_extra-2.0.so.5.0.1 \
$(LIBEVENT)/libevent_extra.so $(LIBEVENT)/libevent.so $(LIBSDIR)
# libpng
- cp -d $(LIBPNG)/libpng15.so* $(LIBSDIR)
+ cp -d $(LIBPNG)/libpng14.so* $(LIBSDIR)
# OpenSSL
cp -d $(OPENSSL)/libcrypto.a $(OPENSSL)/libssl.a $(OPENSSL)/libssl.so* $(OPENSSL)/libcrypto.so* $(LIBSDIR)
# Vidalia
cp $(VIDALIA) $(APPDIR)
- # Polipo
- #cp $(POLIPO) $(APPDIR)
- # Tor (perhaps we want tor-resolve too?)
cp $(TOR) $(APPDIR)
## Fixup
@@ -354,13 +286,12 @@ install-docs:
mkdir -p $(DOCSDIR)/Vidalia
mkdir -p $(DOCSDIR)/Tor
mkdir -p $(DOCSDIR)/Qt
- #mkdir -p $(DOCSDIR)/Polipo
cp $(VIDALIA_DIR)/LICENSE* $(VIDALIA_DIR)/CREDITS $(DOCSDIR)/Vidalia
cp $(TOR_DIR)/LICENSE $(TOR_DIR)/README $(DOCSDIR)/Tor
cp $(QT_DIR)/LICENSE.GPL* $(QT_DIR)/LICENSE.LGPL $(DOCSDIR)/Qt
- #cp $(POLIPO_DIR)/COPYING $(POLIPO_DIR)/README $(DOCSDIR)/Polipo
+ cp ../changelog.linux-0.2.2 $(DOCSDIR)/changelog
# This should be updated to be more generic (version-wise) and more Linux specific
- cp ../README.Linux $(DOCSDIR)/README-TorBrowserBundle
+ cp ../README.LINUX-0.2.2 $(DOCSDIR)/README-TorBrowserBundle
## Copy over Firefox
install-firefox:
@@ -381,7 +312,7 @@ configure-apps:
#mkdir -p $(DEST)/.mozilla/Firefox/firefox.default
cp -R $(CONFIG_SRC)/firefox-profiles.ini $(DEST)/Data/profiles.ini
cp $(CONFIG_SRC)/bookmarks.html $(DEST)/Data/profile
- cp $(CONFIG_SRC)/no-polipo.js $(DEST)/Data/profile/prefs.js
+ cp $(CONFIG_SRC)/no-polipo-4.0.js $(DEST)/Data/profile/prefs.js
## Configure Pidgin
ifeq ($(USE_PIDGIN),1)
mkdir -p $(DEST)/PidginPortable/Data/settings/.purple
@@ -421,12 +352,12 @@ strip-it-stripper:
# $(WGET) -O $@ $(TORBUTTON)
## NoScript development version
-#noscript.xpi:
-# $(WGET) -O $@ $(NOSCRIPT)
+noscript.xpi:
+ $(WGET) -O $@ $(NOSCRIPT)
## BetterPrivacy
-#betterprivacy.xpi:
-# $(WGET) -O $@ $(BETTERPRIVACY)
+betterprivacy.xpi:
+ $(WGET) -O $@ $(BETTERPRIVACY)
## HTTPS Everywhere
httpseverywhere.xpi:
@@ -450,7 +381,7 @@ compressed-bundle_%:
LANGCODE=$* make -f linux.mk compressed-bundle-localized
bundle-localized_%.stamp:
- make -f linux.mk copy-files_$* install-lang-extensions patch-vidalia-language patch-firefox-language patch-pidgin-language update-extension-pref
+ make -f linux.mk copy-files_$* install-extensions install-betterprivacy install-lang-extensions patch-vidalia-language patch-firefox-language patch-pidgin-language update-extension-pref
touch bundle-localized_$*.stamp
bundle-localized: bundle-localized_$(LANGCODE).stamp
@@ -514,9 +445,9 @@ patch-firefox-language:
## Don't use {} because they aren't always interpreted correctly. Thanks, sh.
mkdir -p $(BUNDLE)/App/Firefox/defaults/profile/
cp $(CONFIG_SRC)/bookmarks.html $(BUNDLE)/App/Firefox/defaults/profile/
- cp $(CONFIG_SRC)/no-polipo.js $(BUNDLE)/App/Firefox/defaults/profile/prefs.js
+ cp $(CONFIG_SRC)/no-polipo-4.0.js $(BUNDLE)/App/Firefox/defaults/profile/prefs.js
cp $(CONFIG_SRC)/bookmarks.html $(BUNDLE)/Data/profile
- cp $(CONFIG_SRC)/no-polipo.js $(BUNDLE)/Data/profile/prefs.js
+ cp $(CONFIG_SRC)/no-polipo-4.0.js $(BUNDLE)/Data/profile/prefs.js
./patch-firefox-language.sh $(BUNDLE)/App/Firefox/defaults/profile/prefs.js $(LANGCODE) -e
./patch-firefox-language.sh $(BUNDLE)/Data/profile/prefs.js $(LANGCODE) -e
diff --git a/build-scripts/versions.mk b/build-scripts/versions.mk
index f66dbd7..539bc55 100644
--- a/build-scripts/versions.mk
+++ b/build-scripts/versions.mk
@@ -3,7 +3,7 @@
HTTPSEVERY_VER=0.9.9.development.4
FIREFOX_VER=4.0
LIBEVENT_VER=2.0.10-stable
-LIBPNG_VER=1.5.1
+LIBPNG_VER=1.4.3
NOSCRIPT_VER=2.0.9.9
OPENSSL_VER=1.0.0d
OTR_VER=3.2.0
1
0
commit 6210d3c3ce1877db34f0aedbeb3910b90158f000
Author: Erinn Clark <erinn(a)torproject.org>
Date: Thu Mar 31 16:06:49 2011 +0200
add space to xauthority patch
---
src/RelativeLink/RelativeLink.sh | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/src/RelativeLink/RelativeLink.sh b/src/RelativeLink/RelativeLink.sh
index c5b7b28..99e5255 100755
--- a/src/RelativeLink/RelativeLink.sh
+++ b/src/RelativeLink/RelativeLink.sh
@@ -14,7 +14,7 @@ if [ $1 ]; then
printf "\nDebug enabled.\n\n"
fi
-if [ -z $XAUTHORITY]; then
+if [ -z $XAUTHORITY ]; then
XAUTHORITY=~/.Xauthority
export XAUTHORITY
fi
1
0