commit a9287e590da71d3cbc170c3bb7af1b52a88e2b03 Author: Mike Perry mikeperry-git@fscked.org Date: Wed Sep 28 13:29:39 2011 -0700
Rebase patches to Firefox 7.0. --- ...nents.interfaces-lookupMethod-from-conten.patch | 50 +++++++++++ ...ock-Components.interfaces-lookupMethod-fr.patch | 50 ----------- ...fox6-Make-Permissions-Manager-memory-only.patch | 94 -------------------- ...0002-Make-Permissions-Manager-memory-only.patch | 94 ++++++++++++++++++++ ...-Make-Intermediate-Cert-Store-memory-only.patch | 43 --------- ...-Make-Intermediate-Cert-Store-memory-only.patch | 43 +++++++++ ...th-headers-before-the-modify-request-obse.patch | 12 ++-- .../0005-Add-a-string-based-cacheKey.patch | 14 ++-- ...6-Randomize-HTTP-pipeline-order-and-depth.patch | 16 ++-- .../0007-Block-all-plugins-except-flash.patch | 28 +++--- ...ontent-pref-service-memory-only-clearable.patch | 2 +- 11 files changed, 223 insertions(+), 223 deletions(-)
diff --git a/src/current-patches/0001-Block-Components.interfaces-lookupMethod-from-conten.patch b/src/current-patches/0001-Block-Components.interfaces-lookupMethod-from-conten.patch new file mode 100644 index 0000000..70070d2 --- /dev/null +++ b/src/current-patches/0001-Block-Components.interfaces-lookupMethod-from-conten.patch @@ -0,0 +1,50 @@ +From b31cf77e084355158252629efd6bf794212d807a Mon Sep 17 00:00:00 2001 +From: Mike Perry mikeperry-git@fscked.org +Date: Mon, 20 Jun 2011 17:07:41 -0700 +Subject: [PATCH 1/8] Block Components.interfaces,lookupMethod from content + +This patch removes the ability of content script to access +Components.interfaces.* as well as call or access Components.lookupMethod. + +These two interfaces seem to be exposed to content script only to make our +lives difficult. Components.lookupMethod can undo our JS hooks, and +Components.interfaces is useful for fingerprinting the platform, OS, and +Firebox version. + +They appear to have no other legitimate use. See also: +https://bugzilla.mozilla.org/show_bug.cgi?id=429070 +https://trac.torproject.org/projects/tor/ticket/2873 +https://trac.torproject.org/projects/tor/ticket/2874 +--- + js/src/xpconnect/src/xpccomponents.cpp | 8 ++++++-- + 1 files changed, 6 insertions(+), 2 deletions(-) + +diff --git a/js/src/xpconnect/src/xpccomponents.cpp b/js/src/xpconnect/src/xpccomponents.cpp +index 664021e..9c8c415 100644 +--- a/js/src/xpconnect/src/xpccomponents.cpp ++++ b/js/src/xpconnect/src/xpccomponents.cpp +@@ -4393,7 +4393,9 @@ nsXPCComponents::CanCreateWrapper(const nsIID * iid, char **_retval) + NS_IMETHODIMP + nsXPCComponents::CanCallMethod(const nsIID * iid, const PRUnichar *methodName, char **_retval) + { +- static const char* allowed[] = { "isSuccessCode", "lookupMethod", nsnull }; ++ // XXX: Pref observer? Also, is this what we want? Seems like a plan ++ //static const char* allowed[] = { "isSuccessCode", "lookupMethod", nsnull }; ++ static const char* allowed[] = { "isSuccessCode", nsnull }; + *_retval = xpc_CheckAccessList(methodName, allowed); + return NS_OK; + } +@@ -4402,7 +4404,9 @@ nsXPCComponents::CanCallMethod(const nsIID * iid, const PRUnichar *methodName, c + NS_IMETHODIMP + nsXPCComponents::CanGetProperty(const nsIID * iid, const PRUnichar *propertyName, char **_retval) + { +- static const char* allowed[] = { "interfaces", "interfacesByID", "results", nsnull}; ++ // XXX: Pref observer? Also, is this what we want? Seems like a plan ++ // static const char* allowed[] = { "interfaces", "interfacesByID", "results", nsnull}; ++ static const char* allowed[] = { "results", nsnull}; + *_retval = xpc_CheckAccessList(propertyName, allowed); + return NS_OK; + } +-- +1.7.3.4 + diff --git a/src/current-patches/0001-Firefox6-Block-Components.interfaces-lookupMethod-fr.patch b/src/current-patches/0001-Firefox6-Block-Components.interfaces-lookupMethod-fr.patch deleted file mode 100644 index cfef3c2..0000000 --- a/src/current-patches/0001-Firefox6-Block-Components.interfaces-lookupMethod-fr.patch +++ /dev/null @@ -1,50 +0,0 @@ -From 1e21a3046829028f07c9bd13945e8bbeee2d5aad Mon Sep 17 00:00:00 2001 -From: Mike Perry mikeperry-git@fscked.org -Date: Mon, 20 Jun 2011 17:07:41 -0700 -Subject: [PATCH 1/7] Firefox6: Block Components.interfaces,lookupMethod from content - -This patch removes the ability of content script to access -Components.interfaces.* as well as call or access Components.lookupMethod. - -These two interfaces seem to be exposed to content script only to make our -lives difficult. Components.lookupMethod can undo our JS hooks, and -Components.interfaces is useful for fingerprinting the platform, OS, and -Firebox version. - -They appear to have no other legitimate use. See also: -https://bugzilla.mozilla.org/show_bug.cgi?id=429070 -https://trac.torproject.org/projects/tor/ticket/2873 -https://trac.torproject.org/projects/tor/ticket/2874 ---- - js/src/xpconnect/src/xpccomponents.cpp | 8 ++++++-- - 1 files changed, 6 insertions(+), 2 deletions(-) - -diff --git a/js/src/xpconnect/src/xpccomponents.cpp b/js/src/xpconnect/src/xpccomponents.cpp -index c1d3e30..48c8b6a 100644 ---- a/js/src/xpconnect/src/xpccomponents.cpp -+++ b/js/src/xpconnect/src/xpccomponents.cpp -@@ -4231,7 +4231,9 @@ nsXPCComponents::CanCreateWrapper(const nsIID * iid, char **_retval) - NS_IMETHODIMP - nsXPCComponents::CanCallMethod(const nsIID * iid, const PRUnichar *methodName, char **_retval) - { -- static const char* allowed[] = { "isSuccessCode", "lookupMethod", nsnull }; -+ // XXX: Pref observer? Also, is this what we want? Seems like a plan -+ //static const char* allowed[] = { "isSuccessCode", "lookupMethod", nsnull }; -+ static const char* allowed[] = { "isSuccessCode", nsnull }; - *_retval = xpc_CheckAccessList(methodName, allowed); - return NS_OK; - } -@@ -4240,7 +4242,9 @@ nsXPCComponents::CanCallMethod(const nsIID * iid, const PRUnichar *methodName, c - NS_IMETHODIMP - nsXPCComponents::CanGetProperty(const nsIID * iid, const PRUnichar *propertyName, char **_retval) - { -- static const char* allowed[] = { "interfaces", "interfacesByID", "results", nsnull}; -+ // XXX: Pref observer? Also, is this what we want? Seems like a plan -+ // static const char* allowed[] = { "interfaces", "interfacesByID", "results", nsnull}; -+ static const char* allowed[] = { "results", nsnull}; - *_retval = xpc_CheckAccessList(propertyName, allowed); - return NS_OK; - } --- -1.7.3.4 - diff --git a/src/current-patches/0002-Firefox6-Make-Permissions-Manager-memory-only.patch b/src/current-patches/0002-Firefox6-Make-Permissions-Manager-memory-only.patch deleted file mode 100644 index ac1ae8b..0000000 --- a/src/current-patches/0002-Firefox6-Make-Permissions-Manager-memory-only.patch +++ /dev/null @@ -1,94 +0,0 @@ -From c8cbe2617fd627f3edbd64c7ddaf99e6dd0301fb Mon Sep 17 00:00:00 2001 -From: Mike Perry mikeperry-git@fscked.org -Date: Mon, 20 Jun 2011 17:07:56 -0700 -Subject: [PATCH 2/7] Firefox6: Make Permissions Manager memory-only - -This patch exposes a pref 'permissions.memory_only' that properly isolates the -permissions manager to memory, which is responsible for all user specified -site permissions, as well as stored STS policy. - -The pref does successfully clear the permissions manager memory if toggled. It -does not need to be set in prefs.js, and can be handled by Torbutton. - -https://trac.torproject.org/projects/tor/ticket/2950 ---- - extensions/cookie/nsPermissionManager.cpp | 34 ++++++++++++++++++++++++++-- - 1 files changed, 31 insertions(+), 3 deletions(-) - -diff --git a/extensions/cookie/nsPermissionManager.cpp b/extensions/cookie/nsPermissionManager.cpp -index 773a973..5387397 100644 ---- a/extensions/cookie/nsPermissionManager.cpp -+++ b/extensions/cookie/nsPermissionManager.cpp -@@ -58,6 +58,10 @@ - #include "mozStorageHelper.h" - #include "mozStorageCID.h" - #include "nsXULAppAPI.h" -+#include "nsCOMPtr.h" -+#include "nsIPrefService.h" -+#include "nsIPrefBranch.h" -+#include "nsIPrefBranch2.h" - - static nsPermissionManager *gPermissionManager = nsnull; - -@@ -227,6 +231,11 @@ nsPermissionManager::Init() - mObserverService->AddObserver(this, "profile-do-change", PR_TRUE); - } - -+ nsCOMPtr<nsIPrefBranch2> pbi = do_GetService(NS_PREFSERVICE_CONTRACTID); -+ if (pbi) { -+ pbi->AddObserver("permissions.", this, PR_FALSE); -+ } -+ - if (IsChildProcess()) { - // Get the permissions from the parent process - InfallibleTArrayIPC::Permission perms; -@@ -275,8 +284,18 @@ nsPermissionManager::InitDB(PRBool aRemoveFile) - if (!storage) - return NS_ERROR_UNEXPECTED; - -+ PRBool memory_db = false; -+ nsCOMPtr<nsIPrefBranch> prefs = do_GetService(NS_PREFSERVICE_CONTRACTID); -+ if (prefs) { -+ prefs->GetBoolPref("permissions.memory_only", &memory_db); -+ } -+ - // cache a connection to the hosts database -- rv = storage->OpenDatabase(permissionsFile, getter_AddRefs(mDBConn)); -+ if (memory_db) { -+ rv = storage->OpenSpecialDatabase("memory", getter_AddRefs(mDBConn)); -+ } else { -+ rv = storage->OpenDatabase(permissionsFile, getter_AddRefs(mDBConn)); -+ } - NS_ENSURE_SUCCESS(rv, rv); - - PRBool ready; -@@ -286,7 +305,11 @@ nsPermissionManager::InitDB(PRBool aRemoveFile) - rv = permissionsFile->Remove(PR_FALSE); - NS_ENSURE_SUCCESS(rv, rv); - -- rv = storage->OpenDatabase(permissionsFile, getter_AddRefs(mDBConn)); -+ if (memory_db) { -+ rv = storage->OpenSpecialDatabase("memory", getter_AddRefs(mDBConn)); -+ } else { -+ rv = storage->OpenDatabase(permissionsFile, getter_AddRefs(mDBConn)); -+ } - NS_ENSURE_SUCCESS(rv, rv); - - mDBConn->GetConnectionReady(&ready); -@@ -805,7 +828,12 @@ NS_IMETHODIMP nsPermissionManager::Observe(nsISupports *aSubject, const char *aT - { - ENSURE_NOT_CHILD_PROCESS; - -- if (!nsCRT::strcmp(aTopic, "profile-before-change")) { -+ if (nsCRT::strcmp(aTopic, NS_PREFBRANCH_PREFCHANGE_TOPIC_ID) == 0) { -+ if (!nsCRT::strcmp(someData, NS_LITERAL_STRING("permissions.memory_only").get())) { -+ // XXX: Should we remove the file? Probably not.. -+ InitDB(PR_FALSE); -+ } -+ } else if (!nsCRT::strcmp(aTopic, "profile-before-change")) { - // The profile is about to change, - // or is going away because the application is shutting down. - if (!nsCRT::strcmp(someData, NS_LITERAL_STRING("shutdown-cleanse").get())) { --- -1.7.3.4 - diff --git a/src/current-patches/0002-Make-Permissions-Manager-memory-only.patch b/src/current-patches/0002-Make-Permissions-Manager-memory-only.patch new file mode 100644 index 0000000..0429cca --- /dev/null +++ b/src/current-patches/0002-Make-Permissions-Manager-memory-only.patch @@ -0,0 +1,94 @@ +From 9eff68b74bb38d535c1d09246c8c2893f05edd1b Mon Sep 17 00:00:00 2001 +From: Mike Perry mikeperry-git@fscked.org +Date: Mon, 20 Jun 2011 17:07:56 -0700 +Subject: [PATCH 2/8] Make Permissions Manager memory-only + +This patch exposes a pref 'permissions.memory_only' that properly isolates the +permissions manager to memory, which is responsible for all user specified +site permissions, as well as stored STS policy. + +The pref does successfully clear the permissions manager memory if toggled. It +does not need to be set in prefs.js, and can be handled by Torbutton. + +https://trac.torproject.org/projects/tor/ticket/2950 +--- + extensions/cookie/nsPermissionManager.cpp | 34 ++++++++++++++++++++++++++-- + 1 files changed, 31 insertions(+), 3 deletions(-) + +diff --git a/extensions/cookie/nsPermissionManager.cpp b/extensions/cookie/nsPermissionManager.cpp +index 773a973..5387397 100644 +--- a/extensions/cookie/nsPermissionManager.cpp ++++ b/extensions/cookie/nsPermissionManager.cpp +@@ -58,6 +58,10 @@ + #include "mozStorageHelper.h" + #include "mozStorageCID.h" + #include "nsXULAppAPI.h" ++#include "nsCOMPtr.h" ++#include "nsIPrefService.h" ++#include "nsIPrefBranch.h" ++#include "nsIPrefBranch2.h" + + static nsPermissionManager *gPermissionManager = nsnull; + +@@ -227,6 +231,11 @@ nsPermissionManager::Init() + mObserverService->AddObserver(this, "profile-do-change", PR_TRUE); + } + ++ nsCOMPtr<nsIPrefBranch2> pbi = do_GetService(NS_PREFSERVICE_CONTRACTID); ++ if (pbi) { ++ pbi->AddObserver("permissions.", this, PR_FALSE); ++ } ++ + if (IsChildProcess()) { + // Get the permissions from the parent process + InfallibleTArrayIPC::Permission perms; +@@ -275,8 +284,18 @@ nsPermissionManager::InitDB(PRBool aRemoveFile) + if (!storage) + return NS_ERROR_UNEXPECTED; + ++ PRBool memory_db = false; ++ nsCOMPtr<nsIPrefBranch> prefs = do_GetService(NS_PREFSERVICE_CONTRACTID); ++ if (prefs) { ++ prefs->GetBoolPref("permissions.memory_only", &memory_db); ++ } ++ + // cache a connection to the hosts database +- rv = storage->OpenDatabase(permissionsFile, getter_AddRefs(mDBConn)); ++ if (memory_db) { ++ rv = storage->OpenSpecialDatabase("memory", getter_AddRefs(mDBConn)); ++ } else { ++ rv = storage->OpenDatabase(permissionsFile, getter_AddRefs(mDBConn)); ++ } + NS_ENSURE_SUCCESS(rv, rv); + + PRBool ready; +@@ -286,7 +305,11 @@ nsPermissionManager::InitDB(PRBool aRemoveFile) + rv = permissionsFile->Remove(PR_FALSE); + NS_ENSURE_SUCCESS(rv, rv); + +- rv = storage->OpenDatabase(permissionsFile, getter_AddRefs(mDBConn)); ++ if (memory_db) { ++ rv = storage->OpenSpecialDatabase("memory", getter_AddRefs(mDBConn)); ++ } else { ++ rv = storage->OpenDatabase(permissionsFile, getter_AddRefs(mDBConn)); ++ } + NS_ENSURE_SUCCESS(rv, rv); + + mDBConn->GetConnectionReady(&ready); +@@ -805,7 +828,12 @@ NS_IMETHODIMP nsPermissionManager::Observe(nsISupports *aSubject, const char *aT + { + ENSURE_NOT_CHILD_PROCESS; + +- if (!nsCRT::strcmp(aTopic, "profile-before-change")) { ++ if (nsCRT::strcmp(aTopic, NS_PREFBRANCH_PREFCHANGE_TOPIC_ID) == 0) { ++ if (!nsCRT::strcmp(someData, NS_LITERAL_STRING("permissions.memory_only").get())) { ++ // XXX: Should we remove the file? Probably not.. ++ InitDB(PR_FALSE); ++ } ++ } else if (!nsCRT::strcmp(aTopic, "profile-before-change")) { + // The profile is about to change, + // or is going away because the application is shutting down. + if (!nsCRT::strcmp(someData, NS_LITERAL_STRING("shutdown-cleanse").get())) { +-- +1.7.3.4 + diff --git a/src/current-patches/0003-Firefox6-Make-Intermediate-Cert-Store-memory-only.patch b/src/current-patches/0003-Firefox6-Make-Intermediate-Cert-Store-memory-only.patch deleted file mode 100644 index 34a2a3e..0000000 --- a/src/current-patches/0003-Firefox6-Make-Intermediate-Cert-Store-memory-only.patch +++ /dev/null @@ -1,43 +0,0 @@ -From 66d789bb9eb916dc909f7fda79f988c4360a3924 Mon Sep 17 00:00:00 2001 -From: Mike Perry mikeperry-git@fscked.org -Date: Fri, 19 Aug 2011 17:58:23 -0700 -Subject: [PATCH 3/7] Firefox6: Make Intermediate Cert Store memory-only. - -This patch makes the intermediate SSL cert store exist in memory only. - -The pref must be set before startup in prefs.js. -https://trac.torproject.org/projects/tor/ticket/2949 ---- - security/manager/ssl/src/nsNSSComponent.cpp | 15 ++++++++++++++- - 1 files changed, 14 insertions(+), 1 deletions(-) - -diff --git a/security/manager/ssl/src/nsNSSComponent.cpp b/security/manager/ssl/src/nsNSSComponent.cpp -index 7a8569b..828c3eb 100644 ---- a/security/manager/ssl/src/nsNSSComponent.cpp -+++ b/security/manager/ssl/src/nsNSSComponent.cpp -@@ -1729,8 +1729,21 @@ nsNSSComponent::InitializeNSS(PRBool showWarningBox) - // Ubuntu 8.04, which loads any nonexistent "<configdir>/libnssckbi.so" as - // "/usr/lib/nss/libnssckbi.so". - PRUint32 init_flags = NSS_INIT_NOROOTINIT | NSS_INIT_OPTIMIZESPACE; -- SECStatus init_rv = ::NSS_Initialize(profileStr.get(), "", "", -+ PRBool nocertdb = false; -+ mPrefBranch->GetBoolPref("security.nocertdb", &nocertdb); -+ -+ // XXX: We can also do the the following to only disable the certdb. -+ // Leaving this codepath in as a fallback in case InitNODB fails -+ if (nocertdb) -+ init_flags |= NSS_INIT_NOCERTDB; -+ -+ SECStatus init_rv; -+ if (nocertdb) { -+ init_rv = ::NSS_NoDB_Init(NULL); -+ } else { -+ init_rv = ::NSS_Initialize(profileStr.get(), "", "", - SECMOD_DB, init_flags); -+ } - - if (init_rv != SECSuccess) { - PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("can not init NSS r/w in %s\n", profileStr.get())); --- -1.7.3.4 - diff --git a/src/current-patches/0003-Make-Intermediate-Cert-Store-memory-only.patch b/src/current-patches/0003-Make-Intermediate-Cert-Store-memory-only.patch new file mode 100644 index 0000000..0d3c991 --- /dev/null +++ b/src/current-patches/0003-Make-Intermediate-Cert-Store-memory-only.patch @@ -0,0 +1,43 @@ +From 6b2fed2b29f239c1c85e32bd417bacc3fd7155a7 Mon Sep 17 00:00:00 2001 +From: Mike Perry mikeperry-git@fscked.org +Date: Fri, 19 Aug 2011 17:58:23 -0700 +Subject: [PATCH 3/8] Make Intermediate Cert Store memory-only. + +This patch makes the intermediate SSL cert store exist in memory only. + +The pref must be set before startup in prefs.js. +https://trac.torproject.org/projects/tor/ticket/2949 +--- + security/manager/ssl/src/nsNSSComponent.cpp | 15 ++++++++++++++- + 1 files changed, 14 insertions(+), 1 deletions(-) + +diff --git a/security/manager/ssl/src/nsNSSComponent.cpp b/security/manager/ssl/src/nsNSSComponent.cpp +index 11cb2bd..fd717f4 100644 +--- a/security/manager/ssl/src/nsNSSComponent.cpp ++++ b/security/manager/ssl/src/nsNSSComponent.cpp +@@ -1757,8 +1757,21 @@ nsNSSComponent::InitializeNSS(PRBool showWarningBox) + // Ubuntu 8.04, which loads any nonexistent "<configdir>/libnssckbi.so" as + // "/usr/lib/nss/libnssckbi.so". + PRUint32 init_flags = NSS_INIT_NOROOTINIT | NSS_INIT_OPTIMIZESPACE; +- SECStatus init_rv = ::NSS_Initialize(profileStr.get(), "", "", ++ PRBool nocertdb = false; ++ mPrefBranch->GetBoolPref("security.nocertdb", &nocertdb); ++ ++ // XXX: We can also do the the following to only disable the certdb. ++ // Leaving this codepath in as a fallback in case InitNODB fails ++ if (nocertdb) ++ init_flags |= NSS_INIT_NOCERTDB; ++ ++ SECStatus init_rv; ++ if (nocertdb) { ++ init_rv = ::NSS_NoDB_Init(NULL); ++ } else { ++ init_rv = ::NSS_Initialize(profileStr.get(), "", "", + SECMOD_DB, init_flags); ++ } + + if (init_rv != SECSuccess) { + PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("can not init NSS r/w in %s\n", profileStr.get())); +-- +1.7.3.4 + diff --git a/src/current-patches/0004-Add-HTTP-auth-headers-before-the-modify-request-obse.patch b/src/current-patches/0004-Add-HTTP-auth-headers-before-the-modify-request-obse.patch index 522407b..24ab5fd 100644 --- a/src/current-patches/0004-Add-HTTP-auth-headers-before-the-modify-request-obse.patch +++ b/src/current-patches/0004-Add-HTTP-auth-headers-before-the-modify-request-obse.patch @@ -1,7 +1,7 @@ -From 3e7e9375aff79629b13332cf250715b155535a5b Mon Sep 17 00:00:00 2001 +From 273ae174b0db5c37d39bb4aefdf1ce3c14fee3d6 Mon Sep 17 00:00:00 2001 From: Mike Perry mikeperry-git@fscked.org Date: Fri, 2 Sep 2011 15:33:20 -0700 -Subject: [PATCH 4/7] Add HTTP auth headers before the modify-request observer. +Subject: [PATCH 4/8] Add HTTP auth headers before the modify-request observer.
Otherwise, how are we supposed to modify them?
@@ -11,10 +11,10 @@ Thanks to Georg Koppen for spotting both the problem and this fix. 1 files changed, 7 insertions(+), 4 deletions(-)
diff --git a/netwerk/protocol/http/nsHttpChannel.cpp b/netwerk/protocol/http/nsHttpChannel.cpp -index 7038338..7a3254e 100644 +index cd11187..144ecb7 100644 --- a/netwerk/protocol/http/nsHttpChannel.cpp +++ b/netwerk/protocol/http/nsHttpChannel.cpp -@@ -311,9 +311,6 @@ nsHttpChannel::Connect(PRBool firstTime) +@@ -287,9 +287,6 @@ nsHttpChannel::Connect(PRBool firstTime) return NS_ERROR_DOCUMENT_NOT_CACHED; }
@@ -24,7 +24,7 @@ index 7038338..7a3254e 100644 if (mLoadFlags & LOAD_NO_NETWORK_IO) { return NS_ERROR_DOCUMENT_NOT_CACHED; } -@@ -3687,6 +3684,9 @@ nsHttpChannel::AsyncOpen(nsIStreamListener *listener, nsISupports *context) +@@ -3621,6 +3618,9 @@ nsHttpChannel::AsyncOpen(nsIStreamListener *listener, nsISupports *context)
AddCookiesToRequest();
@@ -34,7 +34,7 @@ index 7038338..7a3254e 100644 // notify "http-on-modify-request" observers gHttpHandler->OnModifyRequest(this);
-@@ -4758,7 +4758,10 @@ nsHttpChannel::DoAuthRetry(nsAHttpConnection *conn) +@@ -4693,7 +4693,10 @@ nsHttpChannel::DoAuthRetry(nsAHttpConnection *conn) // this authentication attempt (bug 84794). // TODO: save cookies from auth response and send them here (bug 572151). AddCookiesToRequest(); diff --git a/src/current-patches/0005-Add-a-string-based-cacheKey.patch b/src/current-patches/0005-Add-a-string-based-cacheKey.patch index 1a3b214..3d5fd54 100644 --- a/src/current-patches/0005-Add-a-string-based-cacheKey.patch +++ b/src/current-patches/0005-Add-a-string-based-cacheKey.patch @@ -1,7 +1,7 @@ -From 29844b8d74f033c3a2682af40f4b3ee6183450f4 Mon Sep 17 00:00:00 2001 +From b777a0bc7898314cf13f8ad30a3ed072f4246941 Mon Sep 17 00:00:00 2001 From: Mike Perry mikeperry-git@fscked.org Date: Fri, 2 Sep 2011 20:47:02 -0700 -Subject: [PATCH 5/7] Add a string-based cacheKey. +Subject: [PATCH 5/8] Add a string-based cacheKey.
Used for isolating cache according to same-origin policy. --- @@ -29,10 +29,10 @@ index 2da46d6..4ee5774 100644 * may fail if the disk cache is not present. The value of this attribute * is usually only settable during the processing of a channel's diff --git a/netwerk/protocol/http/nsHttpChannel.cpp b/netwerk/protocol/http/nsHttpChannel.cpp -index 7a3254e..cef5eaa 100644 +index 144ecb7..0c8f8ae 100644 --- a/netwerk/protocol/http/nsHttpChannel.cpp +++ b/netwerk/protocol/http/nsHttpChannel.cpp -@@ -2379,6 +2379,12 @@ nsHttpChannel::AssembleCacheKey(const char *spec, PRUint32 postID, +@@ -2313,6 +2313,12 @@ nsHttpChannel::AssembleCacheKey(const char *spec, PRUint32 postID, cacheKey.Append(buf); }
@@ -45,7 +45,7 @@ index 7a3254e..cef5eaa 100644 if (!cacheKey.IsEmpty()) { cacheKey.AppendLiteral("uri="); } -@@ -4658,6 +4664,22 @@ nsHttpChannel::SetCacheForOfflineUse(PRBool value) +@@ -4593,6 +4599,22 @@ nsHttpChannel::SetCacheForOfflineUse(PRBool value) }
NS_IMETHODIMP @@ -69,10 +69,10 @@ index 7a3254e..cef5eaa 100644 { value = mOfflineCacheClientID; diff --git a/netwerk/protocol/http/nsHttpChannel.h b/netwerk/protocol/http/nsHttpChannel.h -index dd0d7f4..f5016a8 100644 +index a64ec07..7e89afe 100644 --- a/netwerk/protocol/http/nsHttpChannel.h +++ b/netwerk/protocol/http/nsHttpChannel.h -@@ -312,6 +312,7 @@ private: +@@ -303,6 +303,7 @@ private: nsCOMPtr<nsICacheEntryDescriptor> mOfflineCacheEntry; nsCacheAccessMode mOfflineCacheAccess; nsCString mOfflineCacheClientID; diff --git a/src/current-patches/0006-Randomize-HTTP-pipeline-order-and-depth.patch b/src/current-patches/0006-Randomize-HTTP-pipeline-order-and-depth.patch index 818d450..76ce04d 100644 --- a/src/current-patches/0006-Randomize-HTTP-pipeline-order-and-depth.patch +++ b/src/current-patches/0006-Randomize-HTTP-pipeline-order-and-depth.patch @@ -1,7 +1,7 @@ -From 1c5c12f3c28b6c618f2273d2fe36d7c898b7f012 Mon Sep 17 00:00:00 2001 +From f68b858073e7c16236430ee349fb565ac18cf3d4 Mon Sep 17 00:00:00 2001 From: Mike Perry mikeperry-git@fscked.org Date: Sat, 3 Sep 2011 00:10:35 -0700 -Subject: [PATCH 6/7] Randomize HTTP pipeline order and depth. +Subject: [PATCH 6/8] Randomize HTTP pipeline order and depth.
Also turn up maximum depth to 12.
@@ -13,7 +13,7 @@ http://lorre.uni.lu/~andriy/papers/acmccs-wpes11-fingerprinting.pdf 2 files changed, 81 insertions(+), 1 deletions(-)
diff --git a/netwerk/protocol/http/nsHttpConnectionMgr.cpp b/netwerk/protocol/http/nsHttpConnectionMgr.cpp -index 108f2c5..6961ab6 100644 +index c754f83..6a522ec 100644 --- a/netwerk/protocol/http/nsHttpConnectionMgr.cpp +++ b/netwerk/protocol/http/nsHttpConnectionMgr.cpp @@ -93,6 +93,11 @@ nsHttpConnectionMgr::nsHttpConnectionMgr() @@ -28,7 +28,7 @@ index 108f2c5..6961ab6 100644 }
nsHttpConnectionMgr::~nsHttpConnectionMgr() -@@ -794,7 +799,7 @@ nsHttpConnectionMgr::DispatchTransaction(nsConnectionEntry *ent, +@@ -822,7 +827,7 @@ nsHttpConnectionMgr::DispatchTransaction(nsConnectionEntry *ent, nsHttpPipeline *pipeline = nsnull; if (conn->SupportsPipelining() && (caps & NS_HTTP_ALLOW_PIPELINING)) { LOG((" looking to build pipeline...\n")); @@ -37,7 +37,7 @@ index 108f2c5..6961ab6 100644 trans = pipeline; }
-@@ -867,6 +872,77 @@ nsHttpConnectionMgr::BuildPipeline(nsConnectionEntry *ent, +@@ -895,6 +900,77 @@ nsHttpConnectionMgr::BuildPipeline(nsConnectionEntry *ent, return PR_TRUE; }
@@ -116,7 +116,7 @@ index 108f2c5..6961ab6 100644 nsHttpConnectionMgr::ProcessNewTransaction(nsHttpTransaction *trans) { diff --git a/netwerk/protocol/http/nsHttpConnectionMgr.h b/netwerk/protocol/http/nsHttpConnectionMgr.h -index fc3ed1d..7dde291 100644 +index 695cd8f..1806d17 100644 --- a/netwerk/protocol/http/nsHttpConnectionMgr.h +++ b/netwerk/protocol/http/nsHttpConnectionMgr.h @@ -48,6 +48,7 @@ @@ -127,7 +127,7 @@ index fc3ed1d..7dde291 100644
#include "nsIObserver.h" #include "nsITimer.h" -@@ -264,6 +265,7 @@ private: +@@ -270,6 +271,7 @@ private: nsresult DispatchTransaction(nsConnectionEntry *, nsAHttpTransaction *, PRUint8 caps, nsHttpConnection *); PRBool BuildPipeline(nsConnectionEntry *, nsAHttpTransaction *, nsHttpPipeline **); @@ -135,7 +135,7 @@ index fc3ed1d..7dde291 100644 nsresult ProcessNewTransaction(nsHttpTransaction *); nsresult EnsureSocketThreadTargetIfOnline(); nsresult CreateTransport(nsConnectionEntry *, nsHttpTransaction *); -@@ -339,6 +341,8 @@ private: +@@ -345,6 +347,8 @@ private: PRUint64 mTimeOfNextWakeUp; // Timer for next pruning of dead connections. nsCOMPtr<nsITimer> mTimer; diff --git a/src/current-patches/0007-Block-all-plugins-except-flash.patch b/src/current-patches/0007-Block-all-plugins-except-flash.patch index d2c54dc..eae5f1f 100644 --- a/src/current-patches/0007-Block-all-plugins-except-flash.patch +++ b/src/current-patches/0007-Block-all-plugins-except-flash.patch @@ -1,6 +1,6 @@ -From dfabac8eddc37d794e23d25de3f1ef602ad4ad86 Mon Sep 17 00:00:00 2001 +From 32c9fdda43a02e738cbe9c7207795ed92bf835b9 Mon Sep 17 00:00:00 2001 From: Mike Perry mikeperry-git@fscked.org -Date: Thu, 8 Sep 2011 08:40:05 -0700 +Date: Wed, 28 Sep 2011 13:24:20 -0700 Subject: [PATCH 7/8] Block all plugins except flash.
We cannot use the @mozilla.org/extensions/blocklist;1 service, because we @@ -17,12 +17,12 @@ on a better way. Until then, it is delta-darwinism for us. 2 files changed, 35 insertions(+), 0 deletions(-)
diff --git a/dom/plugins/base/nsPluginHost.cpp b/dom/plugins/base/nsPluginHost.cpp -index 93c2413..1dc4ee0 100644 +index 2c2ad7d..eba8c24 100644 --- a/dom/plugins/base/nsPluginHost.cpp +++ b/dom/plugins/base/nsPluginHost.cpp -@@ -2062,6 +2062,35 @@ class nsDefaultComparator<pluginFileinDirectory, pluginFileinDirectory> - - typedef NS_NPAPIPLUGIN_CALLBACK(char *, NP_GETMIMEDESCRIPTION)(void); +@@ -2014,6 +2014,35 @@ PRBool nsPluginHost::IsDuplicatePlugin(nsPluginTag * aPluginTag) + return PR_FALSE; + }
+PRBool nsPluginHost::GhettoBlacklist(nsIFile *pluginFile) +{ @@ -53,25 +53,25 @@ index 93c2413..1dc4ee0 100644 + return PR_TRUE; // fuck 'em. blacklist. +} + + typedef NS_NPAPIPLUGIN_CALLBACK(char *, NP_GETMIMEDESCRIPTION)(void); + nsresult nsPluginHost::ScanPluginsDirectory(nsIFile *pluginsDir, - PRBool aCreatePluginList, - PRBool *aPluginsChanged) -@@ -2197,6 +2226,10 @@ nsresult nsPluginHost::ScanPluginsDirectory(nsIFile *pluginsDir, +@@ -2135,6 +2164,10 @@ nsresult nsPluginHost::ScanPluginsDirectory(nsIFile *pluginsDir, continue; }
-+ if (GhettoBlacklist(file)) { -+ continue; ++ if (GhettoBlacklist(localfile)) { ++ continue; + } + // if it is not found in cache info list or has been changed, create a new one if (!pluginTag) { - nsPluginFile pluginFile(file); + nsPluginFile pluginFile(localfile); diff --git a/dom/plugins/base/nsPluginHost.h b/dom/plugins/base/nsPluginHost.h -index b1b8759..d6e237f 100644 +index cb43042..41dbf63 100644 --- a/dom/plugins/base/nsPluginHost.h +++ b/dom/plugins/base/nsPluginHost.h -@@ -283,6 +283,8 @@ private: +@@ -282,6 +282,8 @@ private: // Loads all cached plugins info into mCachedPlugins nsresult ReadPluginInfo();
diff --git a/src/current-patches/0008-Make-content-pref-service-memory-only-clearable.patch b/src/current-patches/0008-Make-content-pref-service-memory-only-clearable.patch index 75f0c0c..3b46894 100644 --- a/src/current-patches/0008-Make-content-pref-service-memory-only-clearable.patch +++ b/src/current-patches/0008-Make-content-pref-service-memory-only-clearable.patch @@ -1,4 +1,4 @@ -From 3964288545a78c28ca4585ac51bd7d9b8ccb3503 Mon Sep 17 00:00:00 2001 +From cdf48e30d76f7e1c349cdf8597e9cdc94623b8d8 Mon Sep 17 00:00:00 2001 From: Mike Perry mikeperry-git@fscked.org Date: Thu, 8 Sep 2011 08:40:17 -0700 Subject: [PATCH 8/8] Make content pref service memory-only + clearable