[torbrowser/maint-2.3] move firefox patches into firefox directory
commit e5050b2a1cdbb9a44c82e6afb07c4f0d6626f5dd Author: Erinn Clark <erinn@torproject.org> Date: Sat Oct 29 13:58:50 2011 +0100 move firefox patches into firefox directory --- ...nents.interfaces-lookupMethod-from-conten.patch | 50 ------- ...0002-Make-Permissions-Manager-memory-only.patch | 94 ------------ ...-Make-Intermediate-Cert-Store-memory-only.patch | 43 ------ ...th-headers-before-the-modify-request-obse.patch | 51 ------- .../0005-Add-a-string-based-cacheKey.patch | 85 ----------- ...6-Randomize-HTTP-pipeline-order-and-depth.patch | 149 -------------------- .../0007-Block-all-plugins-except-flash.patch | 85 ----------- ...ontent-pref-service-memory-only-clearable.patch | 37 ----- ...owser-exit-when-not-launched-from-Vidalia.patch | 46 ------ ...nents.interfaces-lookupMethod-from-conten.patch | 50 +++++++ ...0002-Make-Permissions-Manager-memory-only.patch | 94 ++++++++++++ ...-Make-Intermediate-Cert-Store-memory-only.patch | 43 ++++++ ...th-headers-before-the-modify-request-obse.patch | 51 +++++++ .../firefox/0005-Add-a-string-based-cacheKey.patch | 85 +++++++++++ ...6-Randomize-HTTP-pipeline-order-and-depth.patch | 149 ++++++++++++++++++++ .../0007-Block-all-plugins-except-flash.patch | 85 +++++++++++ ...ontent-pref-service-memory-only-clearable.patch | 37 +++++ ...owser-exit-when-not-launched-from-Vidalia.patch | 46 ++++++ 18 files changed, 640 insertions(+), 640 deletions(-) diff --git a/src/current-patches/0001-Block-Components.interfaces-lookupMethod-from-conten.patch b/src/current-patches/0001-Block-Components.interfaces-lookupMethod-from-conten.patch deleted file mode 100644 index 70070d2..0000000 --- a/src/current-patches/0001-Block-Components.interfaces-lookupMethod-from-conten.patch +++ /dev/null @@ -1,50 +0,0 @@ -From b31cf77e084355158252629efd6bf794212d807a Mon Sep 17 00:00:00 2001 -From: Mike Perry <mikeperry-git@fscked.org> -Date: Mon, 20 Jun 2011 17:07:41 -0700 -Subject: [PATCH 1/8] Block Components.interfaces,lookupMethod from content - -This patch removes the ability of content script to access -Components.interfaces.* as well as call or access Components.lookupMethod. - -These two interfaces seem to be exposed to content script only to make our -lives difficult. Components.lookupMethod can undo our JS hooks, and -Components.interfaces is useful for fingerprinting the platform, OS, and -Firebox version. - -They appear to have no other legitimate use. See also: -https://bugzilla.mozilla.org/show_bug.cgi?id=429070 -https://trac.torproject.org/projects/tor/ticket/2873 -https://trac.torproject.org/projects/tor/ticket/2874 ---- - js/src/xpconnect/src/xpccomponents.cpp | 8 ++++++-- - 1 files changed, 6 insertions(+), 2 deletions(-) - -diff --git a/js/src/xpconnect/src/xpccomponents.cpp b/js/src/xpconnect/src/xpccomponents.cpp -index 664021e..9c8c415 100644 ---- a/js/src/xpconnect/src/xpccomponents.cpp -+++ b/js/src/xpconnect/src/xpccomponents.cpp -@@ -4393,7 +4393,9 @@ nsXPCComponents::CanCreateWrapper(const nsIID * iid, char **_retval) - NS_IMETHODIMP - nsXPCComponents::CanCallMethod(const nsIID * iid, const PRUnichar *methodName, char **_retval) - { -- static const char* allowed[] = { "isSuccessCode", "lookupMethod", nsnull }; -+ // XXX: Pref observer? Also, is this what we want? Seems like a plan -+ //static const char* allowed[] = { "isSuccessCode", "lookupMethod", nsnull }; -+ static const char* allowed[] = { "isSuccessCode", nsnull }; - *_retval = xpc_CheckAccessList(methodName, allowed); - return NS_OK; - } -@@ -4402,7 +4404,9 @@ nsXPCComponents::CanCallMethod(const nsIID * iid, const PRUnichar *methodName, c - NS_IMETHODIMP - nsXPCComponents::CanGetProperty(const nsIID * iid, const PRUnichar *propertyName, char **_retval) - { -- static const char* allowed[] = { "interfaces", "interfacesByID", "results", nsnull}; -+ // XXX: Pref observer? Also, is this what we want? Seems like a plan -+ // static const char* allowed[] = { "interfaces", "interfacesByID", "results", nsnull}; -+ static const char* allowed[] = { "results", nsnull}; - *_retval = xpc_CheckAccessList(propertyName, allowed); - return NS_OK; - } --- -1.7.3.4 - diff --git a/src/current-patches/0002-Make-Permissions-Manager-memory-only.patch b/src/current-patches/0002-Make-Permissions-Manager-memory-only.patch deleted file mode 100644 index 0429cca..0000000 --- a/src/current-patches/0002-Make-Permissions-Manager-memory-only.patch +++ /dev/null @@ -1,94 +0,0 @@ -From 9eff68b74bb38d535c1d09246c8c2893f05edd1b Mon Sep 17 00:00:00 2001 -From: Mike Perry <mikeperry-git@fscked.org> -Date: Mon, 20 Jun 2011 17:07:56 -0700 -Subject: [PATCH 2/8] Make Permissions Manager memory-only - -This patch exposes a pref 'permissions.memory_only' that properly isolates the -permissions manager to memory, which is responsible for all user specified -site permissions, as well as stored STS policy. - -The pref does successfully clear the permissions manager memory if toggled. It -does not need to be set in prefs.js, and can be handled by Torbutton. - -https://trac.torproject.org/projects/tor/ticket/2950 ---- - extensions/cookie/nsPermissionManager.cpp | 34 ++++++++++++++++++++++++++-- - 1 files changed, 31 insertions(+), 3 deletions(-) - -diff --git a/extensions/cookie/nsPermissionManager.cpp b/extensions/cookie/nsPermissionManager.cpp -index 773a973..5387397 100644 ---- a/extensions/cookie/nsPermissionManager.cpp -+++ b/extensions/cookie/nsPermissionManager.cpp -@@ -58,6 +58,10 @@ - #include "mozStorageHelper.h" - #include "mozStorageCID.h" - #include "nsXULAppAPI.h" -+#include "nsCOMPtr.h" -+#include "nsIPrefService.h" -+#include "nsIPrefBranch.h" -+#include "nsIPrefBranch2.h" - - static nsPermissionManager *gPermissionManager = nsnull; - -@@ -227,6 +231,11 @@ nsPermissionManager::Init() - mObserverService->AddObserver(this, "profile-do-change", PR_TRUE); - } - -+ nsCOMPtr<nsIPrefBranch2> pbi = do_GetService(NS_PREFSERVICE_CONTRACTID); -+ if (pbi) { -+ pbi->AddObserver("permissions.", this, PR_FALSE); -+ } -+ - if (IsChildProcess()) { - // Get the permissions from the parent process - InfallibleTArray<IPC::Permission> perms; -@@ -275,8 +284,18 @@ nsPermissionManager::InitDB(PRBool aRemoveFile) - if (!storage) - return NS_ERROR_UNEXPECTED; - -+ PRBool memory_db = false; -+ nsCOMPtr<nsIPrefBranch> prefs = do_GetService(NS_PREFSERVICE_CONTRACTID); -+ if (prefs) { -+ prefs->GetBoolPref("permissions.memory_only", &memory_db); -+ } -+ - // cache a connection to the hosts database -- rv = storage->OpenDatabase(permissionsFile, getter_AddRefs(mDBConn)); -+ if (memory_db) { -+ rv = storage->OpenSpecialDatabase("memory", getter_AddRefs(mDBConn)); -+ } else { -+ rv = storage->OpenDatabase(permissionsFile, getter_AddRefs(mDBConn)); -+ } - NS_ENSURE_SUCCESS(rv, rv); - - PRBool ready; -@@ -286,7 +305,11 @@ nsPermissionManager::InitDB(PRBool aRemoveFile) - rv = permissionsFile->Remove(PR_FALSE); - NS_ENSURE_SUCCESS(rv, rv); - -- rv = storage->OpenDatabase(permissionsFile, getter_AddRefs(mDBConn)); -+ if (memory_db) { -+ rv = storage->OpenSpecialDatabase("memory", getter_AddRefs(mDBConn)); -+ } else { -+ rv = storage->OpenDatabase(permissionsFile, getter_AddRefs(mDBConn)); -+ } - NS_ENSURE_SUCCESS(rv, rv); - - mDBConn->GetConnectionReady(&ready); -@@ -805,7 +828,12 @@ NS_IMETHODIMP nsPermissionManager::Observe(nsISupports *aSubject, const char *aT - { - ENSURE_NOT_CHILD_PROCESS; - -- if (!nsCRT::strcmp(aTopic, "profile-before-change")) { -+ if (nsCRT::strcmp(aTopic, NS_PREFBRANCH_PREFCHANGE_TOPIC_ID) == 0) { -+ if (!nsCRT::strcmp(someData, NS_LITERAL_STRING("permissions.memory_only").get())) { -+ // XXX: Should we remove the file? Probably not.. -+ InitDB(PR_FALSE); -+ } -+ } else if (!nsCRT::strcmp(aTopic, "profile-before-change")) { - // The profile is about to change, - // or is going away because the application is shutting down. - if (!nsCRT::strcmp(someData, NS_LITERAL_STRING("shutdown-cleanse").get())) { --- -1.7.3.4 - diff --git a/src/current-patches/0003-Make-Intermediate-Cert-Store-memory-only.patch b/src/current-patches/0003-Make-Intermediate-Cert-Store-memory-only.patch deleted file mode 100644 index 0d3c991..0000000 --- a/src/current-patches/0003-Make-Intermediate-Cert-Store-memory-only.patch +++ /dev/null @@ -1,43 +0,0 @@ -From 6b2fed2b29f239c1c85e32bd417bacc3fd7155a7 Mon Sep 17 00:00:00 2001 -From: Mike Perry <mikeperry-git@fscked.org> -Date: Fri, 19 Aug 2011 17:58:23 -0700 -Subject: [PATCH 3/8] Make Intermediate Cert Store memory-only. - -This patch makes the intermediate SSL cert store exist in memory only. - -The pref must be set before startup in prefs.js. -https://trac.torproject.org/projects/tor/ticket/2949 ---- - security/manager/ssl/src/nsNSSComponent.cpp | 15 ++++++++++++++- - 1 files changed, 14 insertions(+), 1 deletions(-) - -diff --git a/security/manager/ssl/src/nsNSSComponent.cpp b/security/manager/ssl/src/nsNSSComponent.cpp -index 11cb2bd..fd717f4 100644 ---- a/security/manager/ssl/src/nsNSSComponent.cpp -+++ b/security/manager/ssl/src/nsNSSComponent.cpp -@@ -1757,8 +1757,21 @@ nsNSSComponent::InitializeNSS(PRBool showWarningBox) - // Ubuntu 8.04, which loads any nonexistent "<configdir>/libnssckbi.so" as - // "/usr/lib/nss/libnssckbi.so". - PRUint32 init_flags = NSS_INIT_NOROOTINIT | NSS_INIT_OPTIMIZESPACE; -- SECStatus init_rv = ::NSS_Initialize(profileStr.get(), "", "", -+ PRBool nocertdb = false; -+ mPrefBranch->GetBoolPref("security.nocertdb", &nocertdb); -+ -+ // XXX: We can also do the the following to only disable the certdb. -+ // Leaving this codepath in as a fallback in case InitNODB fails -+ if (nocertdb) -+ init_flags |= NSS_INIT_NOCERTDB; -+ -+ SECStatus init_rv; -+ if (nocertdb) { -+ init_rv = ::NSS_NoDB_Init(NULL); -+ } else { -+ init_rv = ::NSS_Initialize(profileStr.get(), "", "", - SECMOD_DB, init_flags); -+ } - - if (init_rv != SECSuccess) { - PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("can not init NSS r/w in %s\n", profileStr.get())); --- -1.7.3.4 - diff --git a/src/current-patches/0004-Add-HTTP-auth-headers-before-the-modify-request-obse.patch b/src/current-patches/0004-Add-HTTP-auth-headers-before-the-modify-request-obse.patch deleted file mode 100644 index 24ab5fd..0000000 --- a/src/current-patches/0004-Add-HTTP-auth-headers-before-the-modify-request-obse.patch +++ /dev/null @@ -1,51 +0,0 @@ -From 273ae174b0db5c37d39bb4aefdf1ce3c14fee3d6 Mon Sep 17 00:00:00 2001 -From: Mike Perry <mikeperry-git@fscked.org> -Date: Fri, 2 Sep 2011 15:33:20 -0700 -Subject: [PATCH 4/8] Add HTTP auth headers before the modify-request observer. - -Otherwise, how are we supposed to modify them? - -Thanks to Georg Koppen for spotting both the problem and this fix. ---- - netwerk/protocol/http/nsHttpChannel.cpp | 11 +++++++---- - 1 files changed, 7 insertions(+), 4 deletions(-) - -diff --git a/netwerk/protocol/http/nsHttpChannel.cpp b/netwerk/protocol/http/nsHttpChannel.cpp -index cd11187..144ecb7 100644 ---- a/netwerk/protocol/http/nsHttpChannel.cpp -+++ b/netwerk/protocol/http/nsHttpChannel.cpp -@@ -287,9 +287,6 @@ nsHttpChannel::Connect(PRBool firstTime) - return NS_ERROR_DOCUMENT_NOT_CACHED; - } - -- // check to see if authorization headers should be included -- mAuthProvider->AddAuthorizationHeaders(); -- - if (mLoadFlags & LOAD_NO_NETWORK_IO) { - return NS_ERROR_DOCUMENT_NOT_CACHED; - } -@@ -3621,6 +3618,9 @@ nsHttpChannel::AsyncOpen(nsIStreamListener *listener, nsISupports *context) - - AddCookiesToRequest(); - -+ // check to see if authorization headers should be included -+ mAuthProvider->AddAuthorizationHeaders(); -+ - // notify "http-on-modify-request" observers - gHttpHandler->OnModifyRequest(this); - -@@ -4693,7 +4693,10 @@ nsHttpChannel::DoAuthRetry(nsAHttpConnection *conn) - // this authentication attempt (bug 84794). - // TODO: save cookies from auth response and send them here (bug 572151). - AddCookiesToRequest(); -- -+ -+ // check to see if authorization headers should be included -+ mAuthProvider->AddAuthorizationHeaders(); -+ - // notify "http-on-modify-request" observers - gHttpHandler->OnModifyRequest(this); - --- -1.7.3.4 - diff --git a/src/current-patches/0005-Add-a-string-based-cacheKey.patch b/src/current-patches/0005-Add-a-string-based-cacheKey.patch deleted file mode 100644 index 3d5fd54..0000000 --- a/src/current-patches/0005-Add-a-string-based-cacheKey.patch +++ /dev/null @@ -1,85 +0,0 @@ -From b777a0bc7898314cf13f8ad30a3ed072f4246941 Mon Sep 17 00:00:00 2001 -From: Mike Perry <mikeperry-git@fscked.org> -Date: Fri, 2 Sep 2011 20:47:02 -0700 -Subject: [PATCH 5/8] Add a string-based cacheKey. - -Used for isolating cache according to same-origin policy. ---- - netwerk/base/public/nsICachingChannel.idl | 7 +++++++ - netwerk/protocol/http/nsHttpChannel.cpp | 22 ++++++++++++++++++++++ - netwerk/protocol/http/nsHttpChannel.h | 1 + - 3 files changed, 30 insertions(+), 0 deletions(-) - -diff --git a/netwerk/base/public/nsICachingChannel.idl b/netwerk/base/public/nsICachingChannel.idl -index 2da46d6..4ee5774 100644 ---- a/netwerk/base/public/nsICachingChannel.idl -+++ b/netwerk/base/public/nsICachingChannel.idl -@@ -98,6 +98,13 @@ interface nsICachingChannel : nsICacheInfoChannel - attribute nsISupports cacheKey; - - /** -+ * Set/get the cache domain... uniquely identifies the data in the cache -+ * for this channel. Holding a reference to this key does NOT prevent -+ * the cached data from being removed. -+ */ -+ attribute AUTF8String cacheDomain; -+ -+ /** - * Specifies whether or not the data should be cached to a file. This - * may fail if the disk cache is not present. The value of this attribute - * is usually only settable during the processing of a channel's -diff --git a/netwerk/protocol/http/nsHttpChannel.cpp b/netwerk/protocol/http/nsHttpChannel.cpp -index 144ecb7..0c8f8ae 100644 ---- a/netwerk/protocol/http/nsHttpChannel.cpp -+++ b/netwerk/protocol/http/nsHttpChannel.cpp -@@ -2313,6 +2313,12 @@ nsHttpChannel::AssembleCacheKey(const char *spec, PRUint32 postID, - cacheKey.Append(buf); - } - -+ if (strlen(mCacheDomain.get()) > 0) { -+ cacheKey.AppendLiteral("domain="); -+ cacheKey.Append(mCacheDomain.get()); -+ cacheKey.AppendLiteral("&"); -+ } -+ - if (!cacheKey.IsEmpty()) { - cacheKey.AppendLiteral("uri="); - } -@@ -4593,6 +4599,22 @@ nsHttpChannel::SetCacheForOfflineUse(PRBool value) - } - - NS_IMETHODIMP -+nsHttpChannel::GetCacheDomain(nsACString &value) -+{ -+ value = mCacheDomain; -+ -+ return NS_OK; -+} -+ -+NS_IMETHODIMP -+nsHttpChannel::SetCacheDomain(const nsACString &value) -+{ -+ mCacheDomain = value; -+ -+ return NS_OK; -+} -+ -+NS_IMETHODIMP - nsHttpChannel::GetOfflineCacheClientID(nsACString &value) - { - value = mOfflineCacheClientID; -diff --git a/netwerk/protocol/http/nsHttpChannel.h b/netwerk/protocol/http/nsHttpChannel.h -index a64ec07..7e89afe 100644 ---- a/netwerk/protocol/http/nsHttpChannel.h -+++ b/netwerk/protocol/http/nsHttpChannel.h -@@ -303,6 +303,7 @@ private: - nsCOMPtr<nsICacheEntryDescriptor> mOfflineCacheEntry; - nsCacheAccessMode mOfflineCacheAccess; - nsCString mOfflineCacheClientID; -+ nsCString mCacheDomain; - - // auth specific data - nsCOMPtr<nsIHttpChannelAuthProvider> mAuthProvider; --- -1.7.3.4 - diff --git a/src/current-patches/0006-Randomize-HTTP-pipeline-order-and-depth.patch b/src/current-patches/0006-Randomize-HTTP-pipeline-order-and-depth.patch deleted file mode 100644 index 76ce04d..0000000 --- a/src/current-patches/0006-Randomize-HTTP-pipeline-order-and-depth.patch +++ /dev/null @@ -1,149 +0,0 @@ -From f68b858073e7c16236430ee349fb565ac18cf3d4 Mon Sep 17 00:00:00 2001 -From: Mike Perry <mikeperry-git@fscked.org> -Date: Sat, 3 Sep 2011 00:10:35 -0700 -Subject: [PATCH 6/8] Randomize HTTP pipeline order and depth. - -Also turn up maximum depth to 12. - -This is an experimental defense against -http://lorre.uni.lu/~andriy/papers/acmccs-wpes11-fingerprinting.pdf ---- - netwerk/protocol/http/nsHttpConnectionMgr.cpp | 78 ++++++++++++++++++++++++- - netwerk/protocol/http/nsHttpConnectionMgr.h | 4 + - 2 files changed, 81 insertions(+), 1 deletions(-) - -diff --git a/netwerk/protocol/http/nsHttpConnectionMgr.cpp b/netwerk/protocol/http/nsHttpConnectionMgr.cpp -index c754f83..6a522ec 100644 ---- a/netwerk/protocol/http/nsHttpConnectionMgr.cpp -+++ b/netwerk/protocol/http/nsHttpConnectionMgr.cpp -@@ -93,6 +93,11 @@ nsHttpConnectionMgr::nsHttpConnectionMgr() - , mTimeOfNextWakeUp(LL_MAXUINT) - { - LOG(("Creating nsHttpConnectionMgr @%x\n", this)); -+ nsresult rv; -+ mRandomGenerator = do_GetService("@mozilla.org/security/random-generator;1", &rv); -+ if (NS_FAILED(rv)) { -+ mRandomGenerator = nsnull; -+ } - } - - nsHttpConnectionMgr::~nsHttpConnectionMgr() -@@ -822,7 +827,7 @@ nsHttpConnectionMgr::DispatchTransaction(nsConnectionEntry *ent, - nsHttpPipeline *pipeline = nsnull; - if (conn->SupportsPipelining() && (caps & NS_HTTP_ALLOW_PIPELINING)) { - LOG((" looking to build pipeline...\n")); -- if (BuildPipeline(ent, trans, &pipeline)) -+ if (BuildRandomizedPipeline(ent, trans, &pipeline)) - trans = pipeline; - } - -@@ -895,6 +900,77 @@ nsHttpConnectionMgr::BuildPipeline(nsConnectionEntry *ent, - return PR_TRUE; - } - -+PRBool -+nsHttpConnectionMgr::BuildRandomizedPipeline(nsConnectionEntry *ent, -+ nsAHttpTransaction *firstTrans, -+ nsHttpPipeline **result) -+{ -+ if (mRandomGenerator == nsnull) -+ return BuildPipeline(ent, firstTrans, result); -+ if (mMaxPipelinedRequests < 2) -+ return PR_FALSE; -+ -+ nsresult rv; -+ PRUint8 *bytes = nsnull; -+ -+ nsHttpPipeline *pipeline = nsnull; -+ nsHttpTransaction *trans; -+ -+ PRUint32 i = 0, numAdded = 0, numAllowed = 0; -+ PRUint32 max = 0; -+ -+ while (i < ent->mPendingQ.Length()) { -+ if (ent->mPendingQ[i]->Caps() & NS_HTTP_ALLOW_PIPELINING) -+ numAllowed++; -+ i++; -+ } -+ -+ rv = mRandomGenerator->GenerateRandomBytes(1, &bytes); -+ NS_ENSURE_SUCCESS(rv, rv); -+ // 4...12 -+ max = 4 + (bytes[0] % (mMaxPipelinedRequests + 1)); -+ NS_Free(bytes); -+ -+ while (numAllowed > 0) { -+ rv = mRandomGenerator->GenerateRandomBytes(1, &bytes); -+ NS_ENSURE_SUCCESS(rv, rv); -+ i = bytes[0] % ent->mPendingQ.Length(); -+ NS_Free(bytes); -+ -+ trans = ent->mPendingQ[i]; -+ -+ if (!(ent->mPendingQ[i]->Caps() & NS_HTTP_ALLOW_PIPELINING)) -+ continue; -+ -+ if (numAdded == 0) { -+ pipeline = new nsHttpPipeline; -+ if (!pipeline) -+ return PR_FALSE; -+ pipeline->AddTransaction(firstTrans); -+ numAdded = 1; -+ } -+ pipeline->AddTransaction(trans); -+ -+ // remove transaction from pending queue -+ ent->mPendingQ.RemoveElementAt(i); -+ NS_RELEASE(trans); -+ -+ numAllowed--; -+ -+ if (++numAdded == max) -+ break; -+ } -+ -+ //fprintf(stderr, "Yay!!! pipelined %u/%u transactions\n", numAdded, max); -+ LOG((" pipelined %u/%u transactions\n", numAdded, max)); -+ -+ if (numAdded == 0) -+ return PR_FALSE; -+ -+ NS_ADDREF(*result = pipeline); -+ return PR_TRUE; -+} -+ - nsresult - nsHttpConnectionMgr::ProcessNewTransaction(nsHttpTransaction *trans) - { -diff --git a/netwerk/protocol/http/nsHttpConnectionMgr.h b/netwerk/protocol/http/nsHttpConnectionMgr.h -index 695cd8f..1806d17 100644 ---- a/netwerk/protocol/http/nsHttpConnectionMgr.h -+++ b/netwerk/protocol/http/nsHttpConnectionMgr.h -@@ -48,6 +48,7 @@ - #include "nsAutoPtr.h" - #include "mozilla/ReentrantMonitor.h" - #include "nsISocketTransportService.h" -+#include "nsIRandomGenerator.h" - - #include "nsIObserver.h" - #include "nsITimer.h" -@@ -270,6 +271,7 @@ private: - nsresult DispatchTransaction(nsConnectionEntry *, nsAHttpTransaction *, - PRUint8 caps, nsHttpConnection *); - PRBool BuildPipeline(nsConnectionEntry *, nsAHttpTransaction *, nsHttpPipeline **); -+ PRBool BuildRandomizedPipeline(nsConnectionEntry *, nsAHttpTransaction *, nsHttpPipeline **); - nsresult ProcessNewTransaction(nsHttpTransaction *); - nsresult EnsureSocketThreadTargetIfOnline(); - nsresult CreateTransport(nsConnectionEntry *, nsHttpTransaction *); -@@ -345,6 +347,8 @@ private: - PRUint64 mTimeOfNextWakeUp; - // Timer for next pruning of dead connections. - nsCOMPtr<nsITimer> mTimer; -+ // Random number generator for reordering HTTP pipeline -+ nsCOMPtr<nsIRandomGenerator> mRandomGenerator; - - // - // the connection table --- -1.7.3.4 - diff --git a/src/current-patches/0007-Block-all-plugins-except-flash.patch b/src/current-patches/0007-Block-all-plugins-except-flash.patch deleted file mode 100644 index eae5f1f..0000000 --- a/src/current-patches/0007-Block-all-plugins-except-flash.patch +++ /dev/null @@ -1,85 +0,0 @@ -From 32c9fdda43a02e738cbe9c7207795ed92bf835b9 Mon Sep 17 00:00:00 2001 -From: Mike Perry <mikeperry-git@fscked.org> -Date: Wed, 28 Sep 2011 13:24:20 -0700 -Subject: [PATCH 7/8] Block all plugins except flash. - -We cannot use the @mozilla.org/extensions/blocklist;1 service, because we -actually want to stop plugins from ever entering the browser's process space -and/or executing code (for example, AV plugins that collect statistics/analyse -urls, magical toolbars that phone home or "help" the user, skype buttons that -ruin our day, and censorship filters). Hence we rolled our own. - -See https://trac.torproject.org/projects/tor/ticket/3547#comment:6 for musings -on a better way. Until then, it is delta-darwinism for us. ---- - dom/plugins/base/nsPluginHost.cpp | 33 +++++++++++++++++++++++++++++++++ - dom/plugins/base/nsPluginHost.h | 2 ++ - 2 files changed, 35 insertions(+), 0 deletions(-) - -diff --git a/dom/plugins/base/nsPluginHost.cpp b/dom/plugins/base/nsPluginHost.cpp -index 2c2ad7d..eba8c24 100644 ---- a/dom/plugins/base/nsPluginHost.cpp -+++ b/dom/plugins/base/nsPluginHost.cpp -@@ -2014,6 +2014,35 @@ PRBool nsPluginHost::IsDuplicatePlugin(nsPluginTag * aPluginTag) - return PR_FALSE; - } - -+PRBool nsPluginHost::GhettoBlacklist(nsIFile *pluginFile) -+{ -+ nsCString leaf; -+ const char *leafStr; -+ nsresult rv; -+ -+ rv = pluginFile->GetNativeLeafName(leaf); -+ if (NS_FAILED(rv)) { -+ return PR_TRUE; // fuck 'em. blacklist. -+ } -+ -+ leafStr = leaf.get(); -+ -+ if (!leafStr) { -+ return PR_TRUE; // fuck 'em. blacklist. -+ } -+ -+ // libgnashplugin.so, libflashplayer.so, Flash Player-10.4-10.5.plugin, -+ // NPSWF32.dll, NPSWF64.dll -+ if (strstr(leafStr, "libgnashplugin") == leafStr || -+ strstr(leafStr, "libflashplayer") == leafStr || -+ strstr(leafStr, "Flash Player") == leafStr || -+ strstr(leafStr, "NPSWF") == leafStr) { -+ return PR_FALSE; -+ } -+ -+ return PR_TRUE; // fuck 'em. blacklist. -+} -+ - typedef NS_NPAPIPLUGIN_CALLBACK(char *, NP_GETMIMEDESCRIPTION)(void); - - nsresult nsPluginHost::ScanPluginsDirectory(nsIFile *pluginsDir, -@@ -2135,6 +2164,10 @@ nsresult nsPluginHost::ScanPluginsDirectory(nsIFile *pluginsDir, - continue; - } - -+ if (GhettoBlacklist(localfile)) { -+ continue; -+ } -+ - // if it is not found in cache info list or has been changed, create a new one - if (!pluginTag) { - nsPluginFile pluginFile(localfile); -diff --git a/dom/plugins/base/nsPluginHost.h b/dom/plugins/base/nsPluginHost.h -index cb43042..41dbf63 100644 ---- a/dom/plugins/base/nsPluginHost.h -+++ b/dom/plugins/base/nsPluginHost.h -@@ -282,6 +282,8 @@ private: - // Loads all cached plugins info into mCachedPlugins - nsresult ReadPluginInfo(); - -+ PRBool GhettoBlacklist(nsIFile *pluginFile); -+ - // Given a file path, returns the plugins info from our cache - // and removes it from the cache. - void RemoveCachedPluginsInfo(const char *filePath, --- -1.7.3.4 - diff --git a/src/current-patches/0008-Make-content-pref-service-memory-only-clearable.patch b/src/current-patches/0008-Make-content-pref-service-memory-only-clearable.patch deleted file mode 100644 index 3b46894..0000000 --- a/src/current-patches/0008-Make-content-pref-service-memory-only-clearable.patch +++ /dev/null @@ -1,37 +0,0 @@ -From cdf48e30d76f7e1c349cdf8597e9cdc94623b8d8 Mon Sep 17 00:00:00 2001 -From: Mike Perry <mikeperry-git@fscked.org> -Date: Thu, 8 Sep 2011 08:40:17 -0700 -Subject: [PATCH 8/8] Make content pref service memory-only + clearable - -This prevents random urls from being inserted into content-prefs.sqllite in -the profile directory as content prefs change (includes site-zoom and perhaps -other site prefs?). ---- - .../contentprefs/nsContentPrefService.js | 4 ++-- - 1 files changed, 2 insertions(+), 2 deletions(-) - -diff --git a/toolkit/components/contentprefs/nsContentPrefService.js b/toolkit/components/contentprefs/nsContentPrefService.js -index a5f417f..601f7a3 100644 ---- a/toolkit/components/contentprefs/nsContentPrefService.js -+++ b/toolkit/components/contentprefs/nsContentPrefService.js -@@ -1036,7 +1036,7 @@ ContentPrefService.prototype = { - - var dbConnection; - -- if (!dbFile.exists()) -+ if (true || !dbFile.exists()) - dbConnection = this._dbCreate(dbService, dbFile); - else { - try { -@@ -1084,7 +1084,7 @@ ContentPrefService.prototype = { - }, - - _dbCreate: function ContentPrefService__dbCreate(aDBService, aDBFile) { -- var dbConnection = aDBService.openDatabase(aDBFile); -+ var dbConnection = aDBService.openSpecialDatabase("memory"); - - try { - this._dbCreateSchema(dbConnection); --- -1.7.3.4 - diff --git a/src/current-patches/0009-Make-Tor-Browser-exit-when-not-launched-from-Vidalia.patch b/src/current-patches/0009-Make-Tor-Browser-exit-when-not-launched-from-Vidalia.patch deleted file mode 100644 index 6659770..0000000 --- a/src/current-patches/0009-Make-Tor-Browser-exit-when-not-launched-from-Vidalia.patch +++ /dev/null @@ -1,46 +0,0 @@ -From 369d7df54fe13dd69a069a43959bdabcc364e6e4 Mon Sep 17 00:00:00 2001 -From: Mike Perry <mikeperry-git@fscked.org> -Date: Sun, 9 Oct 2011 22:50:07 -0700 -Subject: [PATCH] Make Tor Browser exit when not launched from Vidalia - -Turns out the Windows 7 UI encourages users to "dock" their Tor Browser app -for easy relaunch. If they manage to do this, we should fail closed rather -than opened. Hopefully they will get the hint and dock Vidalia instead. - -This is an emergency fix for -https://trac.torproject.org/projects/tor/ticket/4192. We can do a better -localized fix w/ a translated alert menu later, if it seems like this might -actually be common. ---- - browser/base/content/browser.js | 15 +++++++++++++++ - 1 files changed, 15 insertions(+), 0 deletions(-) - -diff --git a/browser/base/content/browser.js b/browser/base/content/browser.js -index 50f6963..ed2812c 100644 ---- a/browser/base/content/browser.js -+++ b/browser/base/content/browser.js -@@ -1203,6 +1203,21 @@ function BrowserStartup() { - - prepareForStartup(); - -+ // If this is not a TBB profile, exit. -+ // Solves https://trac.torproject.org/projects/tor/ticket/4192 -+ var foundPref = false; -+ try { -+ foundPref = gPrefService.prefHasUserValue("torbrowser.version"); -+ } catch(e) { -+ //dump("No pref: "+e); -+ } -+ if(!foundPref) { -+ var appStartup = Components.classes["@mozilla.org/toolkit/app-startup;1"] -+ .getService(Components.interfaces.nsIAppStartup); -+ appStartup.quit(3); // Force all windows to close, and then quit. -+ } -+ -+ - if (uriToLoad && !isLoadingBlank) { - if (uriToLoad instanceof Ci.nsISupportsArray) { - let count = uriToLoad.Count(); --- -1.7.3.4 - diff --git a/src/current-patches/firefox/0001-Block-Components.interfaces-lookupMethod-from-conten.patch b/src/current-patches/firefox/0001-Block-Components.interfaces-lookupMethod-from-conten.patch new file mode 100644 index 0000000..70070d2 --- /dev/null +++ b/src/current-patches/firefox/0001-Block-Components.interfaces-lookupMethod-from-conten.patch @@ -0,0 +1,50 @@ +From b31cf77e084355158252629efd6bf794212d807a Mon Sep 17 00:00:00 2001 +From: Mike Perry <mikeperry-git@fscked.org> +Date: Mon, 20 Jun 2011 17:07:41 -0700 +Subject: [PATCH 1/8] Block Components.interfaces,lookupMethod from content + +This patch removes the ability of content script to access +Components.interfaces.* as well as call or access Components.lookupMethod. + +These two interfaces seem to be exposed to content script only to make our +lives difficult. Components.lookupMethod can undo our JS hooks, and +Components.interfaces is useful for fingerprinting the platform, OS, and +Firebox version. + +They appear to have no other legitimate use. See also: +https://bugzilla.mozilla.org/show_bug.cgi?id=429070 +https://trac.torproject.org/projects/tor/ticket/2873 +https://trac.torproject.org/projects/tor/ticket/2874 +--- + js/src/xpconnect/src/xpccomponents.cpp | 8 ++++++-- + 1 files changed, 6 insertions(+), 2 deletions(-) + +diff --git a/js/src/xpconnect/src/xpccomponents.cpp b/js/src/xpconnect/src/xpccomponents.cpp +index 664021e..9c8c415 100644 +--- a/js/src/xpconnect/src/xpccomponents.cpp ++++ b/js/src/xpconnect/src/xpccomponents.cpp +@@ -4393,7 +4393,9 @@ nsXPCComponents::CanCreateWrapper(const nsIID * iid, char **_retval) + NS_IMETHODIMP + nsXPCComponents::CanCallMethod(const nsIID * iid, const PRUnichar *methodName, char **_retval) + { +- static const char* allowed[] = { "isSuccessCode", "lookupMethod", nsnull }; ++ // XXX: Pref observer? Also, is this what we want? Seems like a plan ++ //static const char* allowed[] = { "isSuccessCode", "lookupMethod", nsnull }; ++ static const char* allowed[] = { "isSuccessCode", nsnull }; + *_retval = xpc_CheckAccessList(methodName, allowed); + return NS_OK; + } +@@ -4402,7 +4404,9 @@ nsXPCComponents::CanCallMethod(const nsIID * iid, const PRUnichar *methodName, c + NS_IMETHODIMP + nsXPCComponents::CanGetProperty(const nsIID * iid, const PRUnichar *propertyName, char **_retval) + { +- static const char* allowed[] = { "interfaces", "interfacesByID", "results", nsnull}; ++ // XXX: Pref observer? Also, is this what we want? Seems like a plan ++ // static const char* allowed[] = { "interfaces", "interfacesByID", "results", nsnull}; ++ static const char* allowed[] = { "results", nsnull}; + *_retval = xpc_CheckAccessList(propertyName, allowed); + return NS_OK; + } +-- +1.7.3.4 + diff --git a/src/current-patches/firefox/0002-Make-Permissions-Manager-memory-only.patch b/src/current-patches/firefox/0002-Make-Permissions-Manager-memory-only.patch new file mode 100644 index 0000000..0429cca --- /dev/null +++ b/src/current-patches/firefox/0002-Make-Permissions-Manager-memory-only.patch @@ -0,0 +1,94 @@ +From 9eff68b74bb38d535c1d09246c8c2893f05edd1b Mon Sep 17 00:00:00 2001 +From: Mike Perry <mikeperry-git@fscked.org> +Date: Mon, 20 Jun 2011 17:07:56 -0700 +Subject: [PATCH 2/8] Make Permissions Manager memory-only + +This patch exposes a pref 'permissions.memory_only' that properly isolates the +permissions manager to memory, which is responsible for all user specified +site permissions, as well as stored STS policy. + +The pref does successfully clear the permissions manager memory if toggled. It +does not need to be set in prefs.js, and can be handled by Torbutton. + +https://trac.torproject.org/projects/tor/ticket/2950 +--- + extensions/cookie/nsPermissionManager.cpp | 34 ++++++++++++++++++++++++++-- + 1 files changed, 31 insertions(+), 3 deletions(-) + +diff --git a/extensions/cookie/nsPermissionManager.cpp b/extensions/cookie/nsPermissionManager.cpp +index 773a973..5387397 100644 +--- a/extensions/cookie/nsPermissionManager.cpp ++++ b/extensions/cookie/nsPermissionManager.cpp +@@ -58,6 +58,10 @@ + #include "mozStorageHelper.h" + #include "mozStorageCID.h" + #include "nsXULAppAPI.h" ++#include "nsCOMPtr.h" ++#include "nsIPrefService.h" ++#include "nsIPrefBranch.h" ++#include "nsIPrefBranch2.h" + + static nsPermissionManager *gPermissionManager = nsnull; + +@@ -227,6 +231,11 @@ nsPermissionManager::Init() + mObserverService->AddObserver(this, "profile-do-change", PR_TRUE); + } + ++ nsCOMPtr<nsIPrefBranch2> pbi = do_GetService(NS_PREFSERVICE_CONTRACTID); ++ if (pbi) { ++ pbi->AddObserver("permissions.", this, PR_FALSE); ++ } ++ + if (IsChildProcess()) { + // Get the permissions from the parent process + InfallibleTArray<IPC::Permission> perms; +@@ -275,8 +284,18 @@ nsPermissionManager::InitDB(PRBool aRemoveFile) + if (!storage) + return NS_ERROR_UNEXPECTED; + ++ PRBool memory_db = false; ++ nsCOMPtr<nsIPrefBranch> prefs = do_GetService(NS_PREFSERVICE_CONTRACTID); ++ if (prefs) { ++ prefs->GetBoolPref("permissions.memory_only", &memory_db); ++ } ++ + // cache a connection to the hosts database +- rv = storage->OpenDatabase(permissionsFile, getter_AddRefs(mDBConn)); ++ if (memory_db) { ++ rv = storage->OpenSpecialDatabase("memory", getter_AddRefs(mDBConn)); ++ } else { ++ rv = storage->OpenDatabase(permissionsFile, getter_AddRefs(mDBConn)); ++ } + NS_ENSURE_SUCCESS(rv, rv); + + PRBool ready; +@@ -286,7 +305,11 @@ nsPermissionManager::InitDB(PRBool aRemoveFile) + rv = permissionsFile->Remove(PR_FALSE); + NS_ENSURE_SUCCESS(rv, rv); + +- rv = storage->OpenDatabase(permissionsFile, getter_AddRefs(mDBConn)); ++ if (memory_db) { ++ rv = storage->OpenSpecialDatabase("memory", getter_AddRefs(mDBConn)); ++ } else { ++ rv = storage->OpenDatabase(permissionsFile, getter_AddRefs(mDBConn)); ++ } + NS_ENSURE_SUCCESS(rv, rv); + + mDBConn->GetConnectionReady(&ready); +@@ -805,7 +828,12 @@ NS_IMETHODIMP nsPermissionManager::Observe(nsISupports *aSubject, const char *aT + { + ENSURE_NOT_CHILD_PROCESS; + +- if (!nsCRT::strcmp(aTopic, "profile-before-change")) { ++ if (nsCRT::strcmp(aTopic, NS_PREFBRANCH_PREFCHANGE_TOPIC_ID) == 0) { ++ if (!nsCRT::strcmp(someData, NS_LITERAL_STRING("permissions.memory_only").get())) { ++ // XXX: Should we remove the file? Probably not.. ++ InitDB(PR_FALSE); ++ } ++ } else if (!nsCRT::strcmp(aTopic, "profile-before-change")) { + // The profile is about to change, + // or is going away because the application is shutting down. + if (!nsCRT::strcmp(someData, NS_LITERAL_STRING("shutdown-cleanse").get())) { +-- +1.7.3.4 + diff --git a/src/current-patches/firefox/0003-Make-Intermediate-Cert-Store-memory-only.patch b/src/current-patches/firefox/0003-Make-Intermediate-Cert-Store-memory-only.patch new file mode 100644 index 0000000..0d3c991 --- /dev/null +++ b/src/current-patches/firefox/0003-Make-Intermediate-Cert-Store-memory-only.patch @@ -0,0 +1,43 @@ +From 6b2fed2b29f239c1c85e32bd417bacc3fd7155a7 Mon Sep 17 00:00:00 2001 +From: Mike Perry <mikeperry-git@fscked.org> +Date: Fri, 19 Aug 2011 17:58:23 -0700 +Subject: [PATCH 3/8] Make Intermediate Cert Store memory-only. + +This patch makes the intermediate SSL cert store exist in memory only. + +The pref must be set before startup in prefs.js. +https://trac.torproject.org/projects/tor/ticket/2949 +--- + security/manager/ssl/src/nsNSSComponent.cpp | 15 ++++++++++++++- + 1 files changed, 14 insertions(+), 1 deletions(-) + +diff --git a/security/manager/ssl/src/nsNSSComponent.cpp b/security/manager/ssl/src/nsNSSComponent.cpp +index 11cb2bd..fd717f4 100644 +--- a/security/manager/ssl/src/nsNSSComponent.cpp ++++ b/security/manager/ssl/src/nsNSSComponent.cpp +@@ -1757,8 +1757,21 @@ nsNSSComponent::InitializeNSS(PRBool showWarningBox) + // Ubuntu 8.04, which loads any nonexistent "<configdir>/libnssckbi.so" as + // "/usr/lib/nss/libnssckbi.so". + PRUint32 init_flags = NSS_INIT_NOROOTINIT | NSS_INIT_OPTIMIZESPACE; +- SECStatus init_rv = ::NSS_Initialize(profileStr.get(), "", "", ++ PRBool nocertdb = false; ++ mPrefBranch->GetBoolPref("security.nocertdb", &nocertdb); ++ ++ // XXX: We can also do the the following to only disable the certdb. ++ // Leaving this codepath in as a fallback in case InitNODB fails ++ if (nocertdb) ++ init_flags |= NSS_INIT_NOCERTDB; ++ ++ SECStatus init_rv; ++ if (nocertdb) { ++ init_rv = ::NSS_NoDB_Init(NULL); ++ } else { ++ init_rv = ::NSS_Initialize(profileStr.get(), "", "", + SECMOD_DB, init_flags); ++ } + + if (init_rv != SECSuccess) { + PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("can not init NSS r/w in %s\n", profileStr.get())); +-- +1.7.3.4 + diff --git a/src/current-patches/firefox/0004-Add-HTTP-auth-headers-before-the-modify-request-obse.patch b/src/current-patches/firefox/0004-Add-HTTP-auth-headers-before-the-modify-request-obse.patch new file mode 100644 index 0000000..24ab5fd --- /dev/null +++ b/src/current-patches/firefox/0004-Add-HTTP-auth-headers-before-the-modify-request-obse.patch @@ -0,0 +1,51 @@ +From 273ae174b0db5c37d39bb4aefdf1ce3c14fee3d6 Mon Sep 17 00:00:00 2001 +From: Mike Perry <mikeperry-git@fscked.org> +Date: Fri, 2 Sep 2011 15:33:20 -0700 +Subject: [PATCH 4/8] Add HTTP auth headers before the modify-request observer. + +Otherwise, how are we supposed to modify them? + +Thanks to Georg Koppen for spotting both the problem and this fix. +--- + netwerk/protocol/http/nsHttpChannel.cpp | 11 +++++++---- + 1 files changed, 7 insertions(+), 4 deletions(-) + +diff --git a/netwerk/protocol/http/nsHttpChannel.cpp b/netwerk/protocol/http/nsHttpChannel.cpp +index cd11187..144ecb7 100644 +--- a/netwerk/protocol/http/nsHttpChannel.cpp ++++ b/netwerk/protocol/http/nsHttpChannel.cpp +@@ -287,9 +287,6 @@ nsHttpChannel::Connect(PRBool firstTime) + return NS_ERROR_DOCUMENT_NOT_CACHED; + } + +- // check to see if authorization headers should be included +- mAuthProvider->AddAuthorizationHeaders(); +- + if (mLoadFlags & LOAD_NO_NETWORK_IO) { + return NS_ERROR_DOCUMENT_NOT_CACHED; + } +@@ -3621,6 +3618,9 @@ nsHttpChannel::AsyncOpen(nsIStreamListener *listener, nsISupports *context) + + AddCookiesToRequest(); + ++ // check to see if authorization headers should be included ++ mAuthProvider->AddAuthorizationHeaders(); ++ + // notify "http-on-modify-request" observers + gHttpHandler->OnModifyRequest(this); + +@@ -4693,7 +4693,10 @@ nsHttpChannel::DoAuthRetry(nsAHttpConnection *conn) + // this authentication attempt (bug 84794). + // TODO: save cookies from auth response and send them here (bug 572151). + AddCookiesToRequest(); +- ++ ++ // check to see if authorization headers should be included ++ mAuthProvider->AddAuthorizationHeaders(); ++ + // notify "http-on-modify-request" observers + gHttpHandler->OnModifyRequest(this); + +-- +1.7.3.4 + diff --git a/src/current-patches/firefox/0005-Add-a-string-based-cacheKey.patch b/src/current-patches/firefox/0005-Add-a-string-based-cacheKey.patch new file mode 100644 index 0000000..3d5fd54 --- /dev/null +++ b/src/current-patches/firefox/0005-Add-a-string-based-cacheKey.patch @@ -0,0 +1,85 @@ +From b777a0bc7898314cf13f8ad30a3ed072f4246941 Mon Sep 17 00:00:00 2001 +From: Mike Perry <mikeperry-git@fscked.org> +Date: Fri, 2 Sep 2011 20:47:02 -0700 +Subject: [PATCH 5/8] Add a string-based cacheKey. + +Used for isolating cache according to same-origin policy. +--- + netwerk/base/public/nsICachingChannel.idl | 7 +++++++ + netwerk/protocol/http/nsHttpChannel.cpp | 22 ++++++++++++++++++++++ + netwerk/protocol/http/nsHttpChannel.h | 1 + + 3 files changed, 30 insertions(+), 0 deletions(-) + +diff --git a/netwerk/base/public/nsICachingChannel.idl b/netwerk/base/public/nsICachingChannel.idl +index 2da46d6..4ee5774 100644 +--- a/netwerk/base/public/nsICachingChannel.idl ++++ b/netwerk/base/public/nsICachingChannel.idl +@@ -98,6 +98,13 @@ interface nsICachingChannel : nsICacheInfoChannel + attribute nsISupports cacheKey; + + /** ++ * Set/get the cache domain... uniquely identifies the data in the cache ++ * for this channel. Holding a reference to this key does NOT prevent ++ * the cached data from being removed. ++ */ ++ attribute AUTF8String cacheDomain; ++ ++ /** + * Specifies whether or not the data should be cached to a file. This + * may fail if the disk cache is not present. The value of this attribute + * is usually only settable during the processing of a channel's +diff --git a/netwerk/protocol/http/nsHttpChannel.cpp b/netwerk/protocol/http/nsHttpChannel.cpp +index 144ecb7..0c8f8ae 100644 +--- a/netwerk/protocol/http/nsHttpChannel.cpp ++++ b/netwerk/protocol/http/nsHttpChannel.cpp +@@ -2313,6 +2313,12 @@ nsHttpChannel::AssembleCacheKey(const char *spec, PRUint32 postID, + cacheKey.Append(buf); + } + ++ if (strlen(mCacheDomain.get()) > 0) { ++ cacheKey.AppendLiteral("domain="); ++ cacheKey.Append(mCacheDomain.get()); ++ cacheKey.AppendLiteral("&"); ++ } ++ + if (!cacheKey.IsEmpty()) { + cacheKey.AppendLiteral("uri="); + } +@@ -4593,6 +4599,22 @@ nsHttpChannel::SetCacheForOfflineUse(PRBool value) + } + + NS_IMETHODIMP ++nsHttpChannel::GetCacheDomain(nsACString &value) ++{ ++ value = mCacheDomain; ++ ++ return NS_OK; ++} ++ ++NS_IMETHODIMP ++nsHttpChannel::SetCacheDomain(const nsACString &value) ++{ ++ mCacheDomain = value; ++ ++ return NS_OK; ++} ++ ++NS_IMETHODIMP + nsHttpChannel::GetOfflineCacheClientID(nsACString &value) + { + value = mOfflineCacheClientID; +diff --git a/netwerk/protocol/http/nsHttpChannel.h b/netwerk/protocol/http/nsHttpChannel.h +index a64ec07..7e89afe 100644 +--- a/netwerk/protocol/http/nsHttpChannel.h ++++ b/netwerk/protocol/http/nsHttpChannel.h +@@ -303,6 +303,7 @@ private: + nsCOMPtr<nsICacheEntryDescriptor> mOfflineCacheEntry; + nsCacheAccessMode mOfflineCacheAccess; + nsCString mOfflineCacheClientID; ++ nsCString mCacheDomain; + + // auth specific data + nsCOMPtr<nsIHttpChannelAuthProvider> mAuthProvider; +-- +1.7.3.4 + diff --git a/src/current-patches/firefox/0006-Randomize-HTTP-pipeline-order-and-depth.patch b/src/current-patches/firefox/0006-Randomize-HTTP-pipeline-order-and-depth.patch new file mode 100644 index 0000000..76ce04d --- /dev/null +++ b/src/current-patches/firefox/0006-Randomize-HTTP-pipeline-order-and-depth.patch @@ -0,0 +1,149 @@ +From f68b858073e7c16236430ee349fb565ac18cf3d4 Mon Sep 17 00:00:00 2001 +From: Mike Perry <mikeperry-git@fscked.org> +Date: Sat, 3 Sep 2011 00:10:35 -0700 +Subject: [PATCH 6/8] Randomize HTTP pipeline order and depth. + +Also turn up maximum depth to 12. + +This is an experimental defense against +http://lorre.uni.lu/~andriy/papers/acmccs-wpes11-fingerprinting.pdf +--- + netwerk/protocol/http/nsHttpConnectionMgr.cpp | 78 ++++++++++++++++++++++++- + netwerk/protocol/http/nsHttpConnectionMgr.h | 4 + + 2 files changed, 81 insertions(+), 1 deletions(-) + +diff --git a/netwerk/protocol/http/nsHttpConnectionMgr.cpp b/netwerk/protocol/http/nsHttpConnectionMgr.cpp +index c754f83..6a522ec 100644 +--- a/netwerk/protocol/http/nsHttpConnectionMgr.cpp ++++ b/netwerk/protocol/http/nsHttpConnectionMgr.cpp +@@ -93,6 +93,11 @@ nsHttpConnectionMgr::nsHttpConnectionMgr() + , mTimeOfNextWakeUp(LL_MAXUINT) + { + LOG(("Creating nsHttpConnectionMgr @%x\n", this)); ++ nsresult rv; ++ mRandomGenerator = do_GetService("@mozilla.org/security/random-generator;1", &rv); ++ if (NS_FAILED(rv)) { ++ mRandomGenerator = nsnull; ++ } + } + + nsHttpConnectionMgr::~nsHttpConnectionMgr() +@@ -822,7 +827,7 @@ nsHttpConnectionMgr::DispatchTransaction(nsConnectionEntry *ent, + nsHttpPipeline *pipeline = nsnull; + if (conn->SupportsPipelining() && (caps & NS_HTTP_ALLOW_PIPELINING)) { + LOG((" looking to build pipeline...\n")); +- if (BuildPipeline(ent, trans, &pipeline)) ++ if (BuildRandomizedPipeline(ent, trans, &pipeline)) + trans = pipeline; + } + +@@ -895,6 +900,77 @@ nsHttpConnectionMgr::BuildPipeline(nsConnectionEntry *ent, + return PR_TRUE; + } + ++PRBool ++nsHttpConnectionMgr::BuildRandomizedPipeline(nsConnectionEntry *ent, ++ nsAHttpTransaction *firstTrans, ++ nsHttpPipeline **result) ++{ ++ if (mRandomGenerator == nsnull) ++ return BuildPipeline(ent, firstTrans, result); ++ if (mMaxPipelinedRequests < 2) ++ return PR_FALSE; ++ ++ nsresult rv; ++ PRUint8 *bytes = nsnull; ++ ++ nsHttpPipeline *pipeline = nsnull; ++ nsHttpTransaction *trans; ++ ++ PRUint32 i = 0, numAdded = 0, numAllowed = 0; ++ PRUint32 max = 0; ++ ++ while (i < ent->mPendingQ.Length()) { ++ if (ent->mPendingQ[i]->Caps() & NS_HTTP_ALLOW_PIPELINING) ++ numAllowed++; ++ i++; ++ } ++ ++ rv = mRandomGenerator->GenerateRandomBytes(1, &bytes); ++ NS_ENSURE_SUCCESS(rv, rv); ++ // 4...12 ++ max = 4 + (bytes[0] % (mMaxPipelinedRequests + 1)); ++ NS_Free(bytes); ++ ++ while (numAllowed > 0) { ++ rv = mRandomGenerator->GenerateRandomBytes(1, &bytes); ++ NS_ENSURE_SUCCESS(rv, rv); ++ i = bytes[0] % ent->mPendingQ.Length(); ++ NS_Free(bytes); ++ ++ trans = ent->mPendingQ[i]; ++ ++ if (!(ent->mPendingQ[i]->Caps() & NS_HTTP_ALLOW_PIPELINING)) ++ continue; ++ ++ if (numAdded == 0) { ++ pipeline = new nsHttpPipeline; ++ if (!pipeline) ++ return PR_FALSE; ++ pipeline->AddTransaction(firstTrans); ++ numAdded = 1; ++ } ++ pipeline->AddTransaction(trans); ++ ++ // remove transaction from pending queue ++ ent->mPendingQ.RemoveElementAt(i); ++ NS_RELEASE(trans); ++ ++ numAllowed--; ++ ++ if (++numAdded == max) ++ break; ++ } ++ ++ //fprintf(stderr, "Yay!!! pipelined %u/%u transactions\n", numAdded, max); ++ LOG((" pipelined %u/%u transactions\n", numAdded, max)); ++ ++ if (numAdded == 0) ++ return PR_FALSE; ++ ++ NS_ADDREF(*result = pipeline); ++ return PR_TRUE; ++} ++ + nsresult + nsHttpConnectionMgr::ProcessNewTransaction(nsHttpTransaction *trans) + { +diff --git a/netwerk/protocol/http/nsHttpConnectionMgr.h b/netwerk/protocol/http/nsHttpConnectionMgr.h +index 695cd8f..1806d17 100644 +--- a/netwerk/protocol/http/nsHttpConnectionMgr.h ++++ b/netwerk/protocol/http/nsHttpConnectionMgr.h +@@ -48,6 +48,7 @@ + #include "nsAutoPtr.h" + #include "mozilla/ReentrantMonitor.h" + #include "nsISocketTransportService.h" ++#include "nsIRandomGenerator.h" + + #include "nsIObserver.h" + #include "nsITimer.h" +@@ -270,6 +271,7 @@ private: + nsresult DispatchTransaction(nsConnectionEntry *, nsAHttpTransaction *, + PRUint8 caps, nsHttpConnection *); + PRBool BuildPipeline(nsConnectionEntry *, nsAHttpTransaction *, nsHttpPipeline **); ++ PRBool BuildRandomizedPipeline(nsConnectionEntry *, nsAHttpTransaction *, nsHttpPipeline **); + nsresult ProcessNewTransaction(nsHttpTransaction *); + nsresult EnsureSocketThreadTargetIfOnline(); + nsresult CreateTransport(nsConnectionEntry *, nsHttpTransaction *); +@@ -345,6 +347,8 @@ private: + PRUint64 mTimeOfNextWakeUp; + // Timer for next pruning of dead connections. + nsCOMPtr<nsITimer> mTimer; ++ // Random number generator for reordering HTTP pipeline ++ nsCOMPtr<nsIRandomGenerator> mRandomGenerator; + + // + // the connection table +-- +1.7.3.4 + diff --git a/src/current-patches/firefox/0007-Block-all-plugins-except-flash.patch b/src/current-patches/firefox/0007-Block-all-plugins-except-flash.patch new file mode 100644 index 0000000..eae5f1f --- /dev/null +++ b/src/current-patches/firefox/0007-Block-all-plugins-except-flash.patch @@ -0,0 +1,85 @@ +From 32c9fdda43a02e738cbe9c7207795ed92bf835b9 Mon Sep 17 00:00:00 2001 +From: Mike Perry <mikeperry-git@fscked.org> +Date: Wed, 28 Sep 2011 13:24:20 -0700 +Subject: [PATCH 7/8] Block all plugins except flash. + +We cannot use the @mozilla.org/extensions/blocklist;1 service, because we +actually want to stop plugins from ever entering the browser's process space +and/or executing code (for example, AV plugins that collect statistics/analyse +urls, magical toolbars that phone home or "help" the user, skype buttons that +ruin our day, and censorship filters). Hence we rolled our own. + +See https://trac.torproject.org/projects/tor/ticket/3547#comment:6 for musings +on a better way. Until then, it is delta-darwinism for us. +--- + dom/plugins/base/nsPluginHost.cpp | 33 +++++++++++++++++++++++++++++++++ + dom/plugins/base/nsPluginHost.h | 2 ++ + 2 files changed, 35 insertions(+), 0 deletions(-) + +diff --git a/dom/plugins/base/nsPluginHost.cpp b/dom/plugins/base/nsPluginHost.cpp +index 2c2ad7d..eba8c24 100644 +--- a/dom/plugins/base/nsPluginHost.cpp ++++ b/dom/plugins/base/nsPluginHost.cpp +@@ -2014,6 +2014,35 @@ PRBool nsPluginHost::IsDuplicatePlugin(nsPluginTag * aPluginTag) + return PR_FALSE; + } + ++PRBool nsPluginHost::GhettoBlacklist(nsIFile *pluginFile) ++{ ++ nsCString leaf; ++ const char *leafStr; ++ nsresult rv; ++ ++ rv = pluginFile->GetNativeLeafName(leaf); ++ if (NS_FAILED(rv)) { ++ return PR_TRUE; // fuck 'em. blacklist. ++ } ++ ++ leafStr = leaf.get(); ++ ++ if (!leafStr) { ++ return PR_TRUE; // fuck 'em. blacklist. ++ } ++ ++ // libgnashplugin.so, libflashplayer.so, Flash Player-10.4-10.5.plugin, ++ // NPSWF32.dll, NPSWF64.dll ++ if (strstr(leafStr, "libgnashplugin") == leafStr || ++ strstr(leafStr, "libflashplayer") == leafStr || ++ strstr(leafStr, "Flash Player") == leafStr || ++ strstr(leafStr, "NPSWF") == leafStr) { ++ return PR_FALSE; ++ } ++ ++ return PR_TRUE; // fuck 'em. blacklist. ++} ++ + typedef NS_NPAPIPLUGIN_CALLBACK(char *, NP_GETMIMEDESCRIPTION)(void); + + nsresult nsPluginHost::ScanPluginsDirectory(nsIFile *pluginsDir, +@@ -2135,6 +2164,10 @@ nsresult nsPluginHost::ScanPluginsDirectory(nsIFile *pluginsDir, + continue; + } + ++ if (GhettoBlacklist(localfile)) { ++ continue; ++ } ++ + // if it is not found in cache info list or has been changed, create a new one + if (!pluginTag) { + nsPluginFile pluginFile(localfile); +diff --git a/dom/plugins/base/nsPluginHost.h b/dom/plugins/base/nsPluginHost.h +index cb43042..41dbf63 100644 +--- a/dom/plugins/base/nsPluginHost.h ++++ b/dom/plugins/base/nsPluginHost.h +@@ -282,6 +282,8 @@ private: + // Loads all cached plugins info into mCachedPlugins + nsresult ReadPluginInfo(); + ++ PRBool GhettoBlacklist(nsIFile *pluginFile); ++ + // Given a file path, returns the plugins info from our cache + // and removes it from the cache. + void RemoveCachedPluginsInfo(const char *filePath, +-- +1.7.3.4 + diff --git a/src/current-patches/firefox/0008-Make-content-pref-service-memory-only-clearable.patch b/src/current-patches/firefox/0008-Make-content-pref-service-memory-only-clearable.patch new file mode 100644 index 0000000..3b46894 --- /dev/null +++ b/src/current-patches/firefox/0008-Make-content-pref-service-memory-only-clearable.patch @@ -0,0 +1,37 @@ +From cdf48e30d76f7e1c349cdf8597e9cdc94623b8d8 Mon Sep 17 00:00:00 2001 +From: Mike Perry <mikeperry-git@fscked.org> +Date: Thu, 8 Sep 2011 08:40:17 -0700 +Subject: [PATCH 8/8] Make content pref service memory-only + clearable + +This prevents random urls from being inserted into content-prefs.sqllite in +the profile directory as content prefs change (includes site-zoom and perhaps +other site prefs?). +--- + .../contentprefs/nsContentPrefService.js | 4 ++-- + 1 files changed, 2 insertions(+), 2 deletions(-) + +diff --git a/toolkit/components/contentprefs/nsContentPrefService.js b/toolkit/components/contentprefs/nsContentPrefService.js +index a5f417f..601f7a3 100644 +--- a/toolkit/components/contentprefs/nsContentPrefService.js ++++ b/toolkit/components/contentprefs/nsContentPrefService.js +@@ -1036,7 +1036,7 @@ ContentPrefService.prototype = { + + var dbConnection; + +- if (!dbFile.exists()) ++ if (true || !dbFile.exists()) + dbConnection = this._dbCreate(dbService, dbFile); + else { + try { +@@ -1084,7 +1084,7 @@ ContentPrefService.prototype = { + }, + + _dbCreate: function ContentPrefService__dbCreate(aDBService, aDBFile) { +- var dbConnection = aDBService.openDatabase(aDBFile); ++ var dbConnection = aDBService.openSpecialDatabase("memory"); + + try { + this._dbCreateSchema(dbConnection); +-- +1.7.3.4 + diff --git a/src/current-patches/firefox/0009-Make-Tor-Browser-exit-when-not-launched-from-Vidalia.patch b/src/current-patches/firefox/0009-Make-Tor-Browser-exit-when-not-launched-from-Vidalia.patch new file mode 100644 index 0000000..6659770 --- /dev/null +++ b/src/current-patches/firefox/0009-Make-Tor-Browser-exit-when-not-launched-from-Vidalia.patch @@ -0,0 +1,46 @@ +From 369d7df54fe13dd69a069a43959bdabcc364e6e4 Mon Sep 17 00:00:00 2001 +From: Mike Perry <mikeperry-git@fscked.org> +Date: Sun, 9 Oct 2011 22:50:07 -0700 +Subject: [PATCH] Make Tor Browser exit when not launched from Vidalia + +Turns out the Windows 7 UI encourages users to "dock" their Tor Browser app +for easy relaunch. If they manage to do this, we should fail closed rather +than opened. Hopefully they will get the hint and dock Vidalia instead. + +This is an emergency fix for +https://trac.torproject.org/projects/tor/ticket/4192. We can do a better +localized fix w/ a translated alert menu later, if it seems like this might +actually be common. +--- + browser/base/content/browser.js | 15 +++++++++++++++ + 1 files changed, 15 insertions(+), 0 deletions(-) + +diff --git a/browser/base/content/browser.js b/browser/base/content/browser.js +index 50f6963..ed2812c 100644 +--- a/browser/base/content/browser.js ++++ b/browser/base/content/browser.js +@@ -1203,6 +1203,21 @@ function BrowserStartup() { + + prepareForStartup(); + ++ // If this is not a TBB profile, exit. ++ // Solves https://trac.torproject.org/projects/tor/ticket/4192 ++ var foundPref = false; ++ try { ++ foundPref = gPrefService.prefHasUserValue("torbrowser.version"); ++ } catch(e) { ++ //dump("No pref: "+e); ++ } ++ if(!foundPref) { ++ var appStartup = Components.classes["@mozilla.org/toolkit/app-startup;1"] ++ .getService(Components.interfaces.nsIAppStartup); ++ appStartup.quit(3); // Force all windows to close, and then quit. ++ } ++ ++ + if (uriToLoad && !isLoadingBlank) { + if (uriToLoad instanceof Ci.nsISupportsArray) { + let count = uriToLoad.Count(); +-- +1.7.3.4 +
participants (1)
-
erinn@torproject.org