[tor-commits] [torbrowser/master] Update patches for FF15.0.1.

commit 2077234f9c6b74b41a4d7d2c6a36455a039cd651 Author: Mike Perry mikeperry-git@fscked.org Date: Fri Sep 7 17:50:11 2012 -0700

Update patches for FF15.0.1. --- ...nents.interfaces-lookupMethod-from-conten.patch | 4 +- ...0002-Make-Permissions-Manager-memory-only.patch | 4 +- ...-Make-Intermediate-Cert-Store-memory-only.patch | 4 +- .../alpha/0004-Add-a-string-based-cacheKey.patch | 14 ++++---- .../0005-Block-all-plugins-except-flash.patch | 4 +- ...ontent-pref-service-memory-only-clearable.patch | 4 +- .../0007-Disable-SSL-Session-ID-tracking.patch | 4 +- ...ice-and-system-specific-CSS-Media-Queries.patch | 4 +- .../0009-Make-Download-manager-memory-only.patch | 4 +- .../0010-Add-DDG-and-StartPage-to-Omnibox.patch | 4 +- ...-nsICacheService.EvictEntries-synchronous.patch | 10 +++--- ...owser-exit-when-not-launched-from-Vidalia.patch | 4 +- ...13-Limit-the-number-of-fonts-per-document.patch | 4 +- ...observer-event-to-close-persistent-connec.patch | 14 ++++---- .../alpha/0015-Rebrand-Firefox-to-TorBrowser.patch | 4 +- .../alpha/0016-Prevent-WebSocket-DNS-leak.patch | 4 +- ...ize-HTTP-request-order-and-pipeline-depth.patch | 10 +++--- ...Adapt-Steven-Michaud-s-Mac-crashfix-patch.patch | 4 +- ...9-Add-a-redirect-API-for-HTTPS-Everywhere.patch | 36 ++++++++++---------- 19 files changed, 70 insertions(+), 70 deletions(-)

diff --git a/src/current-patches/firefox/alpha/0001-Block-Components.interfaces-lookupMethod-from-conten.patch b/src/current-patches/firefox/alpha/0001-Block-Components.interfaces-lookupMethod-from-conten.patch index 41da39d..921a716 100644 --- a/src/current-patches/firefox/alpha/0001-Block-Components.interfaces-lookupMethod-from-conten.patch +++ b/src/current-patches/firefox/alpha/0001-Block-Components.interfaces-lookupMethod-from-conten.patch @@ -1,7 +1,7 @@ -From d4c3ef2aadb70643bf0a3784cd5d9e9bb72481e1 Mon Sep 17 00:00:00 2001 +From caab8c136e806dcd913d637210ff187abb1b6b29 Mon Sep 17 00:00:00 2001 From: Mike Perry mikeperry-git@torproject.org Date: Wed, 1 Feb 2012 15:40:40 -0800 -Subject: [PATCH 01/20] Block Components.interfaces,lookupMethod from content +Subject: [PATCH 01/19] Block Components.interfaces,lookupMethod from content

This patch removes the ability of content script to access Components.interfaces.* as well as call or access Components.lookupMethod. diff --git a/src/current-patches/firefox/alpha/0002-Make-Permissions-Manager-memory-only.patch b/src/current-patches/firefox/alpha/0002-Make-Permissions-Manager-memory-only.patch index 3dfb09b..d73f1ab 100644 --- a/src/current-patches/firefox/alpha/0002-Make-Permissions-Manager-memory-only.patch +++ b/src/current-patches/firefox/alpha/0002-Make-Permissions-Manager-memory-only.patch @@ -1,7 +1,7 @@ -From 59d440e340d37c95fe71396f420db13908df80d2 Mon Sep 17 00:00:00 2001 +From 12acd440d185f5536eed99084c4800a46d617197 Mon Sep 17 00:00:00 2001 From: Mike Perry mikeperry-git@torproject.org Date: Wed, 1 Feb 2012 15:45:16 -0800 -Subject: [PATCH 02/20] Make Permissions Manager memory-only +Subject: [PATCH 02/19] Make Permissions Manager memory-only

This patch exposes a pref 'permissions.memory_only' that properly isolates the permissions manager to memory, which is responsible for all user specified diff --git a/src/current-patches/firefox/alpha/0003-Make-Intermediate-Cert-Store-memory-only.patch b/src/current-patches/firefox/alpha/0003-Make-Intermediate-Cert-Store-memory-only.patch index 6873aee..33cf5e9 100644 --- a/src/current-patches/firefox/alpha/0003-Make-Intermediate-Cert-Store-memory-only.patch +++ b/src/current-patches/firefox/alpha/0003-Make-Intermediate-Cert-Store-memory-only.patch @@ -1,7 +1,7 @@ -From 128b9ac61b08961bd606290c5a24231d4bf5622c Mon Sep 17 00:00:00 2001 +From a95872e8de8230e8e0128314acd335a7cb3510fb Mon Sep 17 00:00:00 2001 From: Mike Perry mikeperry-git@fscked.org Date: Fri, 19 Aug 2011 17:58:23 -0700 -Subject: [PATCH 03/20] Make Intermediate Cert Store memory-only. +Subject: [PATCH 03/19] Make Intermediate Cert Store memory-only.

This patch makes the intermediate SSL cert store exist in memory only.

diff --git a/src/current-patches/firefox/alpha/0004-Add-a-string-based-cacheKey.patch b/src/current-patches/firefox/alpha/0004-Add-a-string-based-cacheKey.patch index 3f01281..bbc6220 100644 --- a/src/current-patches/firefox/alpha/0004-Add-a-string-based-cacheKey.patch +++ b/src/current-patches/firefox/alpha/0004-Add-a-string-based-cacheKey.patch @@ -1,7 +1,7 @@ -From edf66166ab881d3cafc73ffcc8d2ec4b78ef42ed Mon Sep 17 00:00:00 2001 +From df164279499b23794a112de4305f3ed99a25da68 Mon Sep 17 00:00:00 2001 From: Mike Perry mikeperry-git@torproject.org Date: Tue, 28 Aug 2012 17:03:57 -0700 -Subject: [PATCH 04/20] Add a string-based cacheKey. +Subject: [PATCH 04/19] Add a string-based cacheKey.

Used for isolating cache according to same-origin policy. --- @@ -29,10 +29,10 @@ index 96a8aef..b1c6f05 100644 * may fail if the disk cache is not present. The value of this attribute * is usually only settable during the processing of a channel's diff --git a/netwerk/protocol/http/nsHttpChannel.cpp b/netwerk/protocol/http/nsHttpChannel.cpp -index 0c8b530..529857b 100644 +index 290d04c..9c10e3a 100644 --- a/netwerk/protocol/http/nsHttpChannel.cpp +++ b/netwerk/protocol/http/nsHttpChannel.cpp -@@ -2543,6 +2543,12 @@ nsHttpChannel::AssembleCacheKey(const char *spec, PRUint32 postID, +@@ -2538,6 +2538,12 @@ nsHttpChannel::AssembleCacheKey(const char *spec, PRUint32 postID, cacheKey.Append(buf); }

@@ -45,7 +45,7 @@ index 0c8b530..529857b 100644 if (!cacheKey.IsEmpty()) { cacheKey.AppendLiteral("uri="); } -@@ -4881,6 +4887,22 @@ nsHttpChannel::SetCacheForOfflineUse(bool value) +@@ -4876,6 +4882,22 @@ nsHttpChannel::SetCacheForOfflineUse(bool value) }

NS_IMETHODIMP @@ -69,10 +69,10 @@ index 0c8b530..529857b 100644 { value = mOfflineCacheClientID; diff --git a/netwerk/protocol/http/nsHttpChannel.h b/netwerk/protocol/http/nsHttpChannel.h -index 333e884..3d06ffd 100644 +index eaad05e..0382b1c 100644 --- a/netwerk/protocol/http/nsHttpChannel.h +++ b/netwerk/protocol/http/nsHttpChannel.h -@@ -302,6 +302,7 @@ private: +@@ -292,6 +292,7 @@ private: nsCOMPtr<nsICacheEntryDescriptor> mOfflineCacheEntry; nsCacheAccessMode mOfflineCacheAccess; nsCString mOfflineCacheClientID; diff --git a/src/current-patches/firefox/alpha/0005-Block-all-plugins-except-flash.patch b/src/current-patches/firefox/alpha/0005-Block-all-plugins-except-flash.patch index bc7afbb..79d92de 100644 --- a/src/current-patches/firefox/alpha/0005-Block-all-plugins-except-flash.patch +++ b/src/current-patches/firefox/alpha/0005-Block-all-plugins-except-flash.patch @@ -1,7 +1,7 @@ -From 20068bdda01cb2a1cd0f890fe2172887318ec20c Mon Sep 17 00:00:00 2001 +From 5c43ec0bcc08d82d7ea1895e2586028ff0c43db2 Mon Sep 17 00:00:00 2001 From: Mike Perry mikeperry-git@torproject.org Date: Wed, 1 Feb 2012 15:50:15 -0800 -Subject: [PATCH 05/20] Block all plugins except flash. +Subject: [PATCH 05/19] Block all plugins except flash.

We cannot use the @mozilla.org/extensions/blocklist;1 service, because we actually want to stop plugins from ever entering the browser's process space diff --git a/src/current-patches/firefox/alpha/0006-Make-content-pref-service-memory-only-clearable.patch b/src/current-patches/firefox/alpha/0006-Make-content-pref-service-memory-only-clearable.patch index f2bd23d..cc75ee1 100644 --- a/src/current-patches/firefox/alpha/0006-Make-content-pref-service-memory-only-clearable.patch +++ b/src/current-patches/firefox/alpha/0006-Make-content-pref-service-memory-only-clearable.patch @@ -1,7 +1,7 @@ -From b967a0bf9803f887876635cb0c40c66e900dec35 Mon Sep 17 00:00:00 2001 +From c1f6abc0766763e65c5e8b22f72171c5f8e4639b Mon Sep 17 00:00:00 2001 From: Mike Perry mikeperry-git@fscked.org Date: Thu, 8 Sep 2011 08:40:17 -0700 -Subject: [PATCH 06/20] Make content pref service memory-only + clearable +Subject: [PATCH 06/19] Make content pref service memory-only + clearable

This prevents random urls from being inserted into content-prefs.sqllite in the profile directory as content prefs change (includes site-zoom and perhaps diff --git a/src/current-patches/firefox/alpha/0007-Disable-SSL-Session-ID-tracking.patch b/src/current-patches/firefox/alpha/0007-Disable-SSL-Session-ID-tracking.patch index befce4a..5b8270a 100644 --- a/src/current-patches/firefox/alpha/0007-Disable-SSL-Session-ID-tracking.patch +++ b/src/current-patches/firefox/alpha/0007-Disable-SSL-Session-ID-tracking.patch @@ -1,7 +1,7 @@ -From a143df8693d811bde257a748ffc914aca38acb21 Mon Sep 17 00:00:00 2001 +From e3703799acddc621be9c64299070180721b489dc Mon Sep 17 00:00:00 2001 From: Mike Perry mikeperry-git@fscked.org Date: Wed, 7 Dec 2011 19:36:38 -0800 -Subject: [PATCH 07/20] Disable SSL Session ID tracking. +Subject: [PATCH 07/19] Disable SSL Session ID tracking.

We can't easily bind SSL Session ID tracking to url bar domain, so we have to disable them to satisfy diff --git a/src/current-patches/firefox/alpha/0008-Limit-device-and-system-specific-CSS-Media-Queries.patch b/src/current-patches/firefox/alpha/0008-Limit-device-and-system-specific-CSS-Media-Queries.patch index 7276a46..1b7d396 100644 --- a/src/current-patches/firefox/alpha/0008-Limit-device-and-system-specific-CSS-Media-Queries.patch +++ b/src/current-patches/firefox/alpha/0008-Limit-device-and-system-specific-CSS-Media-Queries.patch @@ -1,7 +1,7 @@ -From 1bed42f67d1dd1a10693199448e495b155c44034 Mon Sep 17 00:00:00 2001 +From fdecb1911dd0bbd9bc611931c16026de17f6cbe9 Mon Sep 17 00:00:00 2001 From: Shondoit Walker shondoit@gmail.com Date: Mon, 4 Jun 2012 19:15:31 +0200 -Subject: [PATCH 08/20] Limit device- and system-specific CSS Media Queries +Subject: [PATCH 08/19] Limit device- and system-specific CSS Media Queries

This is done to address https://www.torproject.org/projects/torbrowser/design/#fingerprinting-linkab... diff --git a/src/current-patches/firefox/alpha/0009-Make-Download-manager-memory-only.patch b/src/current-patches/firefox/alpha/0009-Make-Download-manager-memory-only.patch index dfc54fd..6ee2744 100644 --- a/src/current-patches/firefox/alpha/0009-Make-Download-manager-memory-only.patch +++ b/src/current-patches/firefox/alpha/0009-Make-Download-manager-memory-only.patch @@ -1,7 +1,7 @@ -From 3788af0e0eee6639870de19a48178d9718542dc6 Mon Sep 17 00:00:00 2001 +From ec182e8a83826db0c2bae711d594a26cd0b08a22 Mon Sep 17 00:00:00 2001 From: Mike Perry mikeperry-git@torproject.org Date: Wed, 25 Apr 2012 13:39:35 -0700 -Subject: [PATCH 09/20] Make Download manager memory only. +Subject: [PATCH 09/19] Make Download manager memory only.

Solves https://trac.torproject.org/projects/tor/ticket/4017.

diff --git a/src/current-patches/firefox/alpha/0010-Add-DDG-and-StartPage-to-Omnibox.patch b/src/current-patches/firefox/alpha/0010-Add-DDG-and-StartPage-to-Omnibox.patch index 50feb06..e9c6c2c 100644 --- a/src/current-patches/firefox/alpha/0010-Add-DDG-and-StartPage-to-Omnibox.patch +++ b/src/current-patches/firefox/alpha/0010-Add-DDG-and-StartPage-to-Omnibox.patch @@ -1,7 +1,7 @@ -From 78271fc762f49a74b762afa62b69d62f55bc5ab9 Mon Sep 17 00:00:00 2001 +From e58200766a98fc8e239c95eb19a0afcf9fcd6381 Mon Sep 17 00:00:00 2001 From: Mike Perry mikeperry-git@torproject.org Date: Wed, 25 Apr 2012 15:03:46 -0700 -Subject: [PATCH 10/20] Add DDG and StartPage to Omnibox. +Subject: [PATCH 10/19] Add DDG and StartPage to Omnibox.

You mean there are search engines that don't require captchas if you don't have a cookie? Holy crap. Get those in there now. diff --git a/src/current-patches/firefox/alpha/0011-Make-nsICacheService.EvictEntries-synchronous.patch b/src/current-patches/firefox/alpha/0011-Make-nsICacheService.EvictEntries-synchronous.patch index 9db46a6..879cfa6 100644 --- a/src/current-patches/firefox/alpha/0011-Make-nsICacheService.EvictEntries-synchronous.patch +++ b/src/current-patches/firefox/alpha/0011-Make-nsICacheService.EvictEntries-synchronous.patch @@ -1,7 +1,7 @@ -From fe734b407d4dca7e83cd08b918418b73af15fa8a Mon Sep 17 00:00:00 2001 +From b0f594e6130bf618a25d33d80f7b66d110449dc9 Mon Sep 17 00:00:00 2001 From: Mike Perry mikeperry-git@torproject.org Date: Tue, 1 May 2012 15:02:03 -0700 -Subject: [PATCH 11/20] Make nsICacheService.EvictEntries synchronous +Subject: [PATCH 11/19] Make nsICacheService.EvictEntries synchronous

This fixes a race condition that allows cache-based EverCookies to persist for a brief time (on the order of minutes?) after cache clearing/"New Identity". @@ -12,10 +12,10 @@ https://trac.torproject.org/projects/tor/ticket/5715 1 files changed, 13 insertions(+), 2 deletions(-)

diff --git a/netwerk/cache/nsCacheService.cpp b/netwerk/cache/nsCacheService.cpp -index 709705e..d3af3fc 100644 +index 991cc34..ef2ad25 100644 --- a/netwerk/cache/nsCacheService.cpp +++ b/netwerk/cache/nsCacheService.cpp -@@ -1460,10 +1460,21 @@ NS_IMETHODIMP nsCacheService::VisitEntries(nsICacheVisitor *visitor) +@@ -1506,10 +1506,21 @@ NS_IMETHODIMP nsCacheService::VisitEntries(nsICacheVisitor *visitor) return NS_OK; }

@@ -31,7 +31,7 @@ index 709705e..d3af3fc 100644 + if (storagePolicy == nsICache::STORE_ANYWHERE && + NS_IsMainThread() && gService && gService->mInitialized) { + nsCacheServiceAutoLock lock; -+ gService->DoomActiveEntries(nsnull); ++ gService->DoomActiveEntries(); + gService->ClearDoomList(); + (void) SyncWithCacheIOThread(); + } diff --git a/src/current-patches/firefox/alpha/0012-Make-Tor-Browser-exit-when-not-launched-from-Vidalia.patch b/src/current-patches/firefox/alpha/0012-Make-Tor-Browser-exit-when-not-launched-from-Vidalia.patch index a3d06cc..91a5347 100644 --- a/src/current-patches/firefox/alpha/0012-Make-Tor-Browser-exit-when-not-launched-from-Vidalia.patch +++ b/src/current-patches/firefox/alpha/0012-Make-Tor-Browser-exit-when-not-launched-from-Vidalia.patch @@ -1,7 +1,7 @@ -From 4d49aed78e8185f590060be473ab7e2013e6a792 Mon Sep 17 00:00:00 2001 +From 07ed1fba9d99b3aa860ab75f34c7650341c59b77 Mon Sep 17 00:00:00 2001 From: Mike Perry mikeperry-git@torproject.org Date: Thu, 7 Jun 2012 14:45:26 -0700 -Subject: [PATCH 12/20] Make Tor Browser exit when not launched from Vidalia +Subject: [PATCH 12/19] Make Tor Browser exit when not launched from Vidalia

Turns out the Windows 7 UI encourages users to "dock" their Tor Browser app for easy relaunch. If they manage to do this, we should fail closed rather diff --git a/src/current-patches/firefox/alpha/0013-Limit-the-number-of-fonts-per-document.patch b/src/current-patches/firefox/alpha/0013-Limit-the-number-of-fonts-per-document.patch index cf7aac9..95e3f48 100644 --- a/src/current-patches/firefox/alpha/0013-Limit-the-number-of-fonts-per-document.patch +++ b/src/current-patches/firefox/alpha/0013-Limit-the-number-of-fonts-per-document.patch @@ -1,7 +1,7 @@ -From a7917e7ceb3aebfc20f56fa64ec9780dd32f78e3 Mon Sep 17 00:00:00 2001 +From a94c453f1b68acddb84d1a97e10de3994dfdf2cd Mon Sep 17 00:00:00 2001 From: Mike Perry mikeperry-git@torproject.org Date: Thu, 7 Jun 2012 15:09:59 -0700 -Subject: [PATCH 13/20] Limit the number of fonts per document. +Subject: [PATCH 13/19] Limit the number of fonts per document.

We create two prefs: browser.display.max_font_count and browser.display.max_font_attempts. diff --git a/src/current-patches/firefox/alpha/0014-Provide-an-observer-event-to-close-persistent-connec.patch b/src/current-patches/firefox/alpha/0014-Provide-an-observer-event-to-close-persistent-connec.patch index 9d50822..6f63876 100644 --- a/src/current-patches/firefox/alpha/0014-Provide-an-observer-event-to-close-persistent-connec.patch +++ b/src/current-patches/firefox/alpha/0014-Provide-an-observer-event-to-close-persistent-connec.patch @@ -1,7 +1,7 @@ -From f67aed29f53ef17aad69cba6d008df4f2d09d231 Mon Sep 17 00:00:00 2001 +From af43ed872bd64b623ea1d5b83926c4d06e8fcd7d Mon Sep 17 00:00:00 2001 From: Mike Perry mikeperry-git@torproject.org -Date: Tue, 28 Aug 2012 18:03:22 -0700 -Subject: [PATCH 14/20] Provide an observer event to close persistent +Date: Fri, 7 Sep 2012 16:18:26 -0700 +Subject: [PATCH 14/19] Provide an observer event to close persistent connections

We need to prevent linkability across "New Identity", which includes closing @@ -11,18 +11,18 @@ keep-alive connections. 1 files changed, 7 insertions(+), 0 deletions(-)

diff --git a/netwerk/protocol/http/nsHttpHandler.cpp b/netwerk/protocol/http/nsHttpHandler.cpp -index 8b5533f..3647edc 100644 +index 2f71837..b066140 100644 --- a/netwerk/protocol/http/nsHttpHandler.cpp +++ b/netwerk/protocol/http/nsHttpHandler.cpp -@@ -307,6 +307,7 @@ nsHttpHandler::Init() - mObserverService->AddObserver(this, NS_XPCOM_SHUTDOWN_OBSERVER_ID, true); +@@ -309,6 +309,7 @@ nsHttpHandler::Init() mObserverService->AddObserver(this, "net:clear-active-logins", true); + mObserverService->AddObserver(this, NS_PRIVATE_BROWSING_SWITCH_TOPIC, true); mObserverService->AddObserver(this, "net:prune-dead-connections", true); + mObserverService->AddObserver(this, "net:prune-all-connections", true); mObserverService->AddObserver(this, "net:failed-to-process-uri-content", true); }

-@@ -1625,6 +1626,12 @@ nsHttpHandler::Observe(nsISupports *subject, +@@ -1651,6 +1652,12 @@ nsHttpHandler::Observe(nsISupports *subject, if (uri && mConnMgr) mConnMgr->ReportFailedToProcess(uri); } diff --git a/src/current-patches/firefox/alpha/0015-Rebrand-Firefox-to-TorBrowser.patch b/src/current-patches/firefox/alpha/0015-Rebrand-Firefox-to-TorBrowser.patch index 2829fa2..2a6a9c5 100644 --- a/src/current-patches/firefox/alpha/0015-Rebrand-Firefox-to-TorBrowser.patch +++ b/src/current-patches/firefox/alpha/0015-Rebrand-Firefox-to-TorBrowser.patch @@ -1,7 +1,7 @@ -From 883793ca836ce271f65ea6c31d27f41c7240ca59 Mon Sep 17 00:00:00 2001 +From d14732e7069aa8c33733f067e1e706bd852e3aba Mon Sep 17 00:00:00 2001 From: Mike Perry mikeperry-git@torproject.org Date: Tue, 28 Aug 2012 18:05:11 -0700 -Subject: [PATCH 15/20] Rebrand Firefox to TorBrowser +Subject: [PATCH 15/19] Rebrand Firefox to TorBrowser

This patch does some basic renaming of Firefox to TorBrowser. The rest of the branding is done by images and icons. diff --git a/src/current-patches/firefox/alpha/0016-Prevent-WebSocket-DNS-leak.patch b/src/current-patches/firefox/alpha/0016-Prevent-WebSocket-DNS-leak.patch index bde4e62..3c0367d 100644 --- a/src/current-patches/firefox/alpha/0016-Prevent-WebSocket-DNS-leak.patch +++ b/src/current-patches/firefox/alpha/0016-Prevent-WebSocket-DNS-leak.patch @@ -1,7 +1,7 @@ -From 2bf15d1165f2d7aad286ab1591db318682ef4df2 Mon Sep 17 00:00:00 2001 +From 727bc1103bc663e1bc2a25bb4fb8e9c9fb31763b Mon Sep 17 00:00:00 2001 From: Mike Perry mikeperry-git@torproject.org Date: Tue, 28 Aug 2012 18:07:37 -0700 -Subject: [PATCH 16/20] Prevent WebSocket DNS leak. +Subject: [PATCH 16/19] Prevent WebSocket DNS leak.

This is due to an improper implementation of the WebSocket spec by Mozilla.

diff --git a/src/current-patches/firefox/alpha/0017-Randomize-HTTP-request-order-and-pipeline-depth.patch b/src/current-patches/firefox/alpha/0017-Randomize-HTTP-request-order-and-pipeline-depth.patch index 8550cdd..76330a3 100644 --- a/src/current-patches/firefox/alpha/0017-Randomize-HTTP-request-order-and-pipeline-depth.patch +++ b/src/current-patches/firefox/alpha/0017-Randomize-HTTP-request-order-and-pipeline-depth.patch @@ -1,7 +1,7 @@ -From fc8110586a4777dfd3cb93eb5544535f6bd7b0f3 Mon Sep 17 00:00:00 2001 +From c5b94226e50a5502ef7902e2d05874f36d678769 Mon Sep 17 00:00:00 2001 From: Mike Perry mikeperry-git@torproject.org Date: Tue, 28 Aug 2012 18:08:27 -0700 -Subject: [PATCH 17/20] Randomize HTTP request order and pipeline depth. +Subject: [PATCH 17/19] Randomize HTTP request order and pipeline depth.

This is an experimental defense against http://lorre.uni.lu/~andriy/papers/acmccs-wpes11-fingerprinting.pdf @@ -24,7 +24,7 @@ request order (though SPDY is still disabled by default in TBB). 2 files changed, 57 insertions(+), 4 deletions(-)

diff --git a/netwerk/protocol/http/nsHttpConnectionMgr.cpp b/netwerk/protocol/http/nsHttpConnectionMgr.cpp -index 60a6807..334c5fb 100644 +index 0bfaf3b..d565532 100644 --- a/netwerk/protocol/http/nsHttpConnectionMgr.cpp +++ b/netwerk/protocol/http/nsHttpConnectionMgr.cpp @@ -20,6 +20,8 @@ @@ -93,7 +93,7 @@ index 60a6807..334c5fb 100644 }

nsHttpConnectionMgr::~nsHttpConnectionMgr() -@@ -1153,6 +1185,19 @@ nsHttpConnectionMgr::AtActiveConnectionLimit(nsConnectionEntry *ent, PRUint8 cap +@@ -1141,6 +1173,19 @@ nsHttpConnectionMgr::AtActiveConnectionLimit(nsConnectionEntry *ent, PRUint8 cap maxPersistConns = mMaxPersistConnsPerHost; }

@@ -113,7 +113,7 @@ index 60a6807..334c5fb 100644 // use >= just to be safe bool result = (totalCount >= maxConns) || ( (caps & NS_HTTP_ALLOW_KEEPALIVE) && (persistCount >= maxPersistConns) ); -@@ -1319,6 +1364,11 @@ nsHttpConnectionMgr::AddToShortestPipeline(nsConnectionEntry *ent, +@@ -1307,6 +1352,11 @@ nsHttpConnectionMgr::AddToShortestPipeline(nsConnectionEntry *ent,

maxdepth = PR_MIN(maxdepth, depthLimit);

diff --git a/src/current-patches/firefox/alpha/0018-Adapt-Steven-Michaud-s-Mac-crashfix-patch.patch b/src/current-patches/firefox/alpha/0018-Adapt-Steven-Michaud-s-Mac-crashfix-patch.patch index 4bdffcc..109574a 100644 --- a/src/current-patches/firefox/alpha/0018-Adapt-Steven-Michaud-s-Mac-crashfix-patch.patch +++ b/src/current-patches/firefox/alpha/0018-Adapt-Steven-Michaud-s-Mac-crashfix-patch.patch @@ -1,7 +1,7 @@ -From 40ffe7af2a41166a91f95fe145d3cb97527e4165 Mon Sep 17 00:00:00 2001 +From d705e4bb2b7efd4166d46d6fcb3183212902707c Mon Sep 17 00:00:00 2001 From: Mike Perry mikeperry-git@torproject.org Date: Tue, 28 Aug 2012 18:22:32 -0700 -Subject: [PATCH 18/20] Adapt Steven Michaud's Mac crashfix patch +Subject: [PATCH 18/19] Adapt Steven Michaud's Mac crashfix patch

Source is: https://bugzilla.mozilla.org/show_bug.cgi?id=715885#c35

diff --git a/src/current-patches/firefox/alpha/0019-Add-a-redirect-API-for-HTTPS-Everywhere.patch b/src/current-patches/firefox/alpha/0019-Add-a-redirect-API-for-HTTPS-Everywhere.patch index de0b3ad..7f8ac2d 100644 --- a/src/current-patches/firefox/alpha/0019-Add-a-redirect-API-for-HTTPS-Everywhere.patch +++ b/src/current-patches/firefox/alpha/0019-Add-a-redirect-API-for-HTTPS-Everywhere.patch @@ -1,7 +1,7 @@ -From 704d06cc2310082c12abd7b8ccfbb71dae1c0a9f Mon Sep 17 00:00:00 2001 +From b5d6491427d18bbae057a2974ea80421163fbc0a Mon Sep 17 00:00:00 2001 From: Mike Perry mikeperry-git@torproject.org Date: Tue, 28 Aug 2012 18:30:22 -0700 -Subject: [PATCH 19/20] Add a redirect API for HTTPS-Everywhere. +Subject: [PATCH 19/19] Add a redirect API for HTTPS-Everywhere.

--- netwerk/protocol/http/HttpChannelChild.cpp | 15 ++++- @@ -16,7 +16,7 @@ Subject: [PATCH 19/20] Add a redirect API for HTTPS-Everywhere. 9 files changed, 117 insertions(+), 12 deletions(-)

diff --git a/netwerk/protocol/http/HttpChannelChild.cpp b/netwerk/protocol/http/HttpChannelChild.cpp -index 691fee0..f22fa40 100644 +index cc88184..c26c8f4 100644 --- a/netwerk/protocol/http/HttpChannelChild.cpp +++ b/netwerk/protocol/http/HttpChannelChild.cpp @@ -1035,7 +1035,8 @@ HttpChannelChild::AsyncOpen(nsIStreamListener *listener, nsISupports *aContext) @@ -71,7 +71,7 @@ index 6b699c7..b29a4a7 100644 bool mIsFromCache; bool mCacheEntryAvailable; diff --git a/netwerk/protocol/http/HttpChannelParent.cpp b/netwerk/protocol/http/HttpChannelParent.cpp -index 31aa582..25568bd 100644 +index 8f95076..22f3bba 100644 --- a/netwerk/protocol/http/HttpChannelParent.cpp +++ b/netwerk/protocol/http/HttpChannelParent.cpp @@ -97,6 +97,7 @@ HttpChannelParent::RecvAsyncOpen(const IPC::URI& aURI, @@ -82,7 +82,7 @@ index 31aa582..25568bd 100644 const PRUint32& loadFlags, const RequestHeaderTuples& requestHeaders, const nsHttpAtom& requestMethod, -@@ -118,6 +119,7 @@ HttpChannelParent::RecvAsyncOpen(const IPC::URI& aURI, +@@ -117,6 +118,7 @@ HttpChannelParent::RecvAsyncOpen(const IPC::URI& aURI, nsCOMPtr<nsIURI> originalUri(aOriginalURI); nsCOMPtr<nsIURI> docUri(aDocURI); nsCOMPtr<nsIURI> referrerUri(aReferrerURI); @@ -90,7 +90,7 @@ index 31aa582..25568bd 100644

nsCString uriSpec; uri->GetSpec(uriSpec); -@@ -145,6 +147,8 @@ HttpChannelParent::RecvAsyncOpen(const IPC::URI& aURI, +@@ -144,6 +146,8 @@ HttpChannelParent::RecvAsyncOpen(const IPC::URI& aURI, httpChan->SetDocumentURI(docUri); if (referrerUri) httpChan->SetReferrerInternal(referrerUri); @@ -100,7 +100,7 @@ index 31aa582..25568bd 100644 httpChan->SetLoadFlags(loadFlags);

diff --git a/netwerk/protocol/http/HttpChannelParent.h b/netwerk/protocol/http/HttpChannelParent.h -index 97eea07..e254589 100644 +index 9650aa9..2ac7e81 100644 --- a/netwerk/protocol/http/HttpChannelParent.h +++ b/netwerk/protocol/http/HttpChannelParent.h @@ -49,6 +49,7 @@ protected: @@ -112,7 +112,7 @@ index 97eea07..e254589 100644 const RequestHeaderTuples& requestHeaders, const nsHttpAtom& requestMethod, diff --git a/netwerk/protocol/http/PHttpChannel.ipdl b/netwerk/protocol/http/PHttpChannel.ipdl -index b67e2c1..2b919cc 100644 +index 10af59f..6053541 100644 --- a/netwerk/protocol/http/PHttpChannel.ipdl +++ b/netwerk/protocol/http/PHttpChannel.ipdl @@ -35,6 +35,7 @@ parent: @@ -124,10 +124,10 @@ index b67e2c1..2b919cc 100644 RequestHeaderTuples requestHeaders, nsHttpAtom requestMethod, diff --git a/netwerk/protocol/http/nsHttpChannel.cpp b/netwerk/protocol/http/nsHttpChannel.cpp -index 529857b..73b54ce 100644 +index 9c10e3a..57afae4 100644 --- a/netwerk/protocol/http/nsHttpChannel.cpp +++ b/netwerk/protocol/http/nsHttpChannel.cpp -@@ -1398,18 +1398,17 @@ nsHttpChannel::HandleAsyncRedirectChannelToHttps() +@@ -1396,18 +1396,17 @@ nsHttpChannel::HandleAsyncRedirectChannelToHttps() return; }

@@ -149,7 +149,7 @@ index 529857b..73b54ce 100644 nsCOMPtr<nsIURI> upgradedURI;

rv = mURI->Clone(getter_AddRefs(upgradedURI)); -@@ -1431,6 +1430,48 @@ nsHttpChannel::AsyncRedirectChannelToHttps() +@@ -1429,6 +1428,48 @@ nsHttpChannel::AsyncRedirectChannelToHttps() else upgradedURI->SetPort(oldPort);

@@ -198,7 +198,7 @@ index 529857b..73b54ce 100644 nsCOMPtr<nsIIOService> ioService; rv = gHttpHandler->GetIOService(getter_AddRefs(ioService)); NS_ENSURE_SUCCESS(rv, rv); -@@ -1446,7 +1487,7 @@ nsHttpChannel::AsyncRedirectChannelToHttps() +@@ -1444,7 +1485,7 @@ nsHttpChannel::AsyncRedirectChannelToHttps() PRUint32 flags = nsIChannelEventSink::REDIRECT_PERMANENT;

PushRedirectAsyncFunc( @@ -207,7 +207,7 @@ index 529857b..73b54ce 100644 rv = gHttpHandler->AsyncOnChannelRedirect(this, newChannel, flags);

if (NS_SUCCEEDED(rv)) -@@ -1455,14 +1496,18 @@ nsHttpChannel::AsyncRedirectChannelToHttps() +@@ -1453,14 +1494,18 @@ nsHttpChannel::AsyncRedirectChannelToHttps() if (NS_FAILED(rv)) { AutoRedirectVetoNotifier notifier(this); PopRedirectAsyncFunc( @@ -229,7 +229,7 @@ index 529857b..73b54ce 100644 { AutoRedirectVetoNotifier notifier(this);

-@@ -3910,6 +3955,12 @@ nsHttpChannel::AsyncOpen(nsIStreamListener *listener, nsISupports *context) +@@ -3905,6 +3950,12 @@ nsHttpChannel::AsyncOpen(nsIStreamListener *listener, nsISupports *context) if (mLoadGroup) mLoadGroup->AddRequest(this, nsnull);

@@ -243,7 +243,7 @@ index 529857b..73b54ce 100644 // "http-on-modify-request" and load group observers that may set // mTimingEnabled flag. diff --git a/netwerk/protocol/http/nsHttpChannel.h b/netwerk/protocol/http/nsHttpChannel.h -index 3d06ffd..60f52dd 100644 +index 0382b1c..2c50507 100644 --- a/netwerk/protocol/http/nsHttpChannel.h +++ b/netwerk/protocol/http/nsHttpChannel.h @@ -103,6 +103,8 @@ public: @@ -265,7 +265,7 @@ index 3d06ffd..60f52dd 100644 nsresult SetReferrerInternal(nsIURI *referrer) { nsCAutoString spec; nsresult rv = referrer->GetAsciiSpec(spec); -@@ -183,11 +188,13 @@ private: +@@ -173,11 +178,13 @@ private:

// redirection specific methods void HandleAsyncRedirect(); @@ -279,7 +279,7 @@ index 3d06ffd..60f52dd 100644 virtual nsresult SetupReplacementChannel(nsIURI *, nsIChannel *, bool preserveMethod);

// proxy specific methods -@@ -247,8 +254,8 @@ private: +@@ -237,8 +244,8 @@ private: bool MustValidateBasedOnQueryUrl();

void HandleAsyncRedirectChannelToHttps(); @@ -290,7 +290,7 @@ index 3d06ffd..60f52dd 100644

/** * A function that takes care of reading STS headers and enforcing STS -@@ -320,6 +327,7 @@ private: +@@ -310,6 +317,7 @@ private: friend class AutoRedirectVetoNotifier; friend class HttpAsyncAborter<nsHttpChannel>; nsCOMPtr<nsIURI> mRedirectURI;