[tbb-commits] [tor-browser-bundle/maint-7.0] Apply patch for bug 23044

gk at torproject.org gk at torproject.org
Thu Jul 27 21:29:19 UTC 2017


commit a11a8b301950e1c25adcfd5bea07c773f5082533
Author: Georg Koppen <gk at torproject.org>
Date:   Thu Jul 27 08:10:20 2017 +0000

    Apply patch for bug 23044
---
 gitian/descriptors/linux/gitian-firefox.yml |  2 ++
 gitian/patches/gio.patch                    | 48 +++++++++++++++++++++++++++++
 2 files changed, 50 insertions(+)

diff --git a/gitian/descriptors/linux/gitian-firefox.yml b/gitian/descriptors/linux/gitian-firefox.yml
index 1ff66a2..49c457c 100644
--- a/gitian/descriptors/linux/gitian-firefox.yml
+++ b/gitian/descriptors/linux/gitian-firefox.yml
@@ -33,6 +33,7 @@ files:
 - "gcc-linux32-utils.zip"
 - "gcc-linux64-utils.zip"
 - "get-moz-build-date"
+- "gio.patch"
 - "re-dzip.sh"
 - "dzip.sh"
 - "versions"
@@ -88,6 +89,7 @@ script: |
   mkdir -p $INSTDIR/Debug/Browser/
 
   cd tor-browser
+  patch -p1 < ../gio.patch
   # run get-moz-build-date before removing .git, which is used to get the year
   chmod +x ~/build/get-moz-build-date
   eval $(~/build/get-moz-build-date $(cat browser/config/version.txt))
diff --git a/gitian/patches/gio.patch b/gitian/patches/gio.patch
new file mode 100644
index 0000000..1edae4d
--- /dev/null
+++ b/gitian/patches/gio.patch
@@ -0,0 +1,48 @@
+From a96f898e0da42de751a5e1367a9899cc96fadb1f Mon Sep 17 00:00:00 2001
+From: Georg Koppen <gk at torproject.org>
+Date: Thu, 27 Jul 2017 07:31:38 +0000
+Subject: [PATCH] Bug 23044: Don't allow GIO supported protocols by default
+
+
+diff --git a/browser/app/profile/000-tor-browser.js b/browser/app/profile/000-tor-browser.js
+index aaeba630422d..3edaad88f59e 100644
+--- a/browser/app/profile/000-tor-browser.js
++++ b/browser/app/profile/000-tor-browser.js
+@@ -210,6 +210,9 @@ pref("network.protocol-handler.warn-external.mailto", true);
+ pref("network.protocol-handler.warn-external.news", true);
+ pref("network.protocol-handler.warn-external.nntp", true);
+ pref("network.protocol-handler.warn-external.snews", true);
++// Make sure we don't have any GIO supported protocols (defense in depth
++// measure)
++pref("network.gio.supported-protocols", "");
+ pref("plugin.disable", true); // Disable to search plugins on first start
+ pref("plugins.click_to_play", true);
+ pref("plugin.state.flash", 1);
+diff --git a/extensions/gio/nsGIOProtocolHandler.cpp b/extensions/gio/nsGIOProtocolHandler.cpp
+index a378e8700821..5f6b2a0a2a57 100644
+--- a/extensions/gio/nsGIOProtocolHandler.cpp
++++ b/extensions/gio/nsGIOProtocolHandler.cpp
+@@ -922,16 +922,16 @@ nsGIOProtocolHandler::InitSupportedProtocolsPref(nsIPrefBranch *prefs)
+   // Get user preferences to determine which protocol is supported.
+   // Gvfs/GIO has a set of supported protocols like obex, network, archive,
+   // computer, dav, cdda, gphoto2, trash, etc. Some of these seems to be
+-  // irrelevant to process by browser. By default accept only smb and sftp
+-  // protocols so far.
++  // irrelevant to process by browser. By default accept none.
+   nsresult rv = prefs->GetCharPref(MOZ_GIO_SUPPORTED_PROTOCOLS,
+                                    getter_Copies(mSupportedProtocols));
+   if (NS_SUCCEEDED(rv)) {
+     mSupportedProtocols.StripWhitespace();
+     ToLowerCase(mSupportedProtocols);
+   }
+-  else
+-    mSupportedProtocols.AssignLiteral("smb:,sftp:"); // use defaults
++  else {
++    mSupportedProtocols.AssignLiteral(""); // use none by default
++  }
+ 
+   LOG(("gio: supported protocols \"%s\"\n", mSupportedProtocols.get()));
+ }
+-- 
+2.13.2
+



More information about the tbb-commits mailing list