[tor-commits] [torbrowser/maint-2.2] Update patches to Firefox 9.0.

erinn at torproject.org erinn at torproject.org
Wed Dec 21 13:25:44 UTC 2011


commit 04d333474f827dd57b23b06906c4b4a173f45c61
Author: Mike Perry <mikeperry-git at fscked.org>
Date:   Tue Dec 20 21:06:02 2011 -0800

    Update patches to Firefox 9.0.
    
    Also add a patch for #2875.
---
 ...nents.interfaces-lookupMethod-from-conten.patch |   10 ++--
 ...0002-Make-Permissions-Manager-memory-only.patch |   14 ++--
 ...-Make-Intermediate-Cert-Store-memory-only.patch |    8 +-
 ...th-headers-before-the-modify-request-obse.patch |   12 ++--
 .../firefox/0005-Add-a-string-based-cacheKey.patch |   12 ++--
 ...6-Randomize-HTTP-pipeline-order-and-depth.patch |    6 +-
 .../0007-Block-all-plugins-except-flash.patch      |   14 ++--
 ...ontent-pref-service-memory-only-clearable.patch |   10 ++--
 ...owser-exit-when-not-launched-from-Vidalia.patch |    8 +-
 .../0010-Disable-SSL-Session-ID-tracking.patch     |   10 ++--
 ...observer-event-to-close-persistent-connec.patch |    4 +-
 ...e-client-values-only-to-CSS-Media-Queries.patch |   72 ++++++++++++++++++++
 12 files changed, 126 insertions(+), 54 deletions(-)

diff --git a/src/current-patches/firefox/0001-Block-Components.interfaces-lookupMethod-from-conten.patch b/src/current-patches/firefox/0001-Block-Components.interfaces-lookupMethod-from-conten.patch
index 209f101..de0903c 100644
--- a/src/current-patches/firefox/0001-Block-Components.interfaces-lookupMethod-from-conten.patch
+++ b/src/current-patches/firefox/0001-Block-Components.interfaces-lookupMethod-from-conten.patch
@@ -1,7 +1,7 @@
-From 5087e59f2ada4c6fc2cea00f0fc5a529f3d9a2f4 Mon Sep 17 00:00:00 2001
+From 658f53653a37767802d9cd992b8dd58d7503ea1b Mon Sep 17 00:00:00 2001
 From: Mike Perry <mikeperry-git at fscked.org>
 Date: Mon, 20 Jun 2011 17:07:41 -0700
-Subject: [PATCH 1/9] Block Components.interfaces,lookupMethod from content
+Subject: [PATCH 01/12] Block Components.interfaces,lookupMethod from content
 
 This patch removes the ability of content script to access
 Components.interfaces.* as well as call or access Components.lookupMethod.
@@ -20,10 +20,10 @@ https://trac.torproject.org/projects/tor/ticket/2874
  1 files changed, 6 insertions(+), 2 deletions(-)
 
 diff --git a/js/src/xpconnect/src/xpccomponents.cpp b/js/src/xpconnect/src/xpccomponents.cpp
-index c36841c..af55624 100644
+index ca38e47..34175a5 100644
 --- a/js/src/xpconnect/src/xpccomponents.cpp
 +++ b/js/src/xpconnect/src/xpccomponents.cpp
-@@ -4394,7 +4394,9 @@ nsXPCComponents::CanCreateWrapper(const nsIID * iid, char **_retval)
+@@ -4431,7 +4431,9 @@ nsXPCComponents::CanCreateWrapper(const nsIID * iid, char **_retval)
  NS_IMETHODIMP
  nsXPCComponents::CanCallMethod(const nsIID * iid, const PRUnichar *methodName, char **_retval)
  {
@@ -34,7 +34,7 @@ index c36841c..af55624 100644
      *_retval = xpc_CheckAccessList(methodName, allowed);
      return NS_OK;
  }
-@@ -4403,7 +4405,9 @@ nsXPCComponents::CanCallMethod(const nsIID * iid, const PRUnichar *methodName, c
+@@ -4440,7 +4442,9 @@ nsXPCComponents::CanCallMethod(const nsIID * iid, const PRUnichar *methodName, c
  NS_IMETHODIMP
  nsXPCComponents::CanGetProperty(const nsIID * iid, const PRUnichar *propertyName, char **_retval)
  {
diff --git a/src/current-patches/firefox/0002-Make-Permissions-Manager-memory-only.patch b/src/current-patches/firefox/0002-Make-Permissions-Manager-memory-only.patch
index e0948b9..fcc3802 100644
--- a/src/current-patches/firefox/0002-Make-Permissions-Manager-memory-only.patch
+++ b/src/current-patches/firefox/0002-Make-Permissions-Manager-memory-only.patch
@@ -1,7 +1,7 @@
-From 21a59f630eb8cbcc5add31fa297e9edcd10d155f Mon Sep 17 00:00:00 2001
+From b390a17593f20c837facf0b9da1ee4696697f1b6 Mon Sep 17 00:00:00 2001
 From: Mike Perry <mikeperry-git at fscked.org>
 Date: Mon, 20 Jun 2011 17:07:56 -0700
-Subject: [PATCH 2/9] Make Permissions Manager memory-only
+Subject: [PATCH 02/12] Make Permissions Manager memory-only
 
 This patch exposes a pref 'permissions.memory_only' that properly isolates the
 permissions manager to memory, which is responsible for all user specified
@@ -16,7 +16,7 @@ https://trac.torproject.org/projects/tor/ticket/2950
  1 files changed, 31 insertions(+), 3 deletions(-)
 
 diff --git a/extensions/cookie/nsPermissionManager.cpp b/extensions/cookie/nsPermissionManager.cpp
-index f852218..4f0f58b 100644
+index d72b794..b89887e 100644
 --- a/extensions/cookie/nsPermissionManager.cpp
 +++ b/extensions/cookie/nsPermissionManager.cpp
 @@ -58,6 +58,10 @@
@@ -30,7 +30,7 @@ index f852218..4f0f58b 100644
  
  static nsPermissionManager *gPermissionManager = nsnull;
  
-@@ -227,6 +231,11 @@ nsPermissionManager::Init()
+@@ -203,6 +207,11 @@ nsPermissionManager::Init()
      mObserverService->AddObserver(this, "profile-do-change", PR_TRUE);
    }
  
@@ -42,7 +42,7 @@ index f852218..4f0f58b 100644
    if (IsChildProcess()) {
      // Get the permissions from the parent process
      InfallibleTArray<IPC::Permission> perms;
-@@ -275,8 +284,18 @@ nsPermissionManager::InitDB(PRBool aRemoveFile)
+@@ -251,8 +260,18 @@ nsPermissionManager::InitDB(PRBool aRemoveFile)
    if (!storage)
      return NS_ERROR_UNEXPECTED;
  
@@ -62,7 +62,7 @@ index f852218..4f0f58b 100644
    NS_ENSURE_SUCCESS(rv, rv);
  
    PRBool ready;
-@@ -286,7 +305,11 @@ nsPermissionManager::InitDB(PRBool aRemoveFile)
+@@ -262,7 +281,11 @@ nsPermissionManager::InitDB(PRBool aRemoveFile)
      rv = permissionsFile->Remove(PR_FALSE);
      NS_ENSURE_SUCCESS(rv, rv);
  
@@ -75,7 +75,7 @@ index f852218..4f0f58b 100644
      NS_ENSURE_SUCCESS(rv, rv);
  
      mDBConn->GetConnectionReady(&ready);
-@@ -803,7 +826,12 @@ NS_IMETHODIMP nsPermissionManager::Observe(nsISupports *aSubject, const char *aT
+@@ -783,7 +806,12 @@ NS_IMETHODIMP nsPermissionManager::Observe(nsISupports *aSubject, const char *aT
  {
    ENSURE_NOT_CHILD_PROCESS;
  
diff --git a/src/current-patches/firefox/0003-Make-Intermediate-Cert-Store-memory-only.patch b/src/current-patches/firefox/0003-Make-Intermediate-Cert-Store-memory-only.patch
index 6538b1a..e921f7d 100644
--- a/src/current-patches/firefox/0003-Make-Intermediate-Cert-Store-memory-only.patch
+++ b/src/current-patches/firefox/0003-Make-Intermediate-Cert-Store-memory-only.patch
@@ -1,7 +1,7 @@
-From c2b3fb6a517dfd6cad3670e8aeb0cce5c2cba342 Mon Sep 17 00:00:00 2001
+From 93a3a1886d34e5f73a385726c22ecfc4e72598a3 Mon Sep 17 00:00:00 2001
 From: Mike Perry <mikeperry-git at fscked.org>
 Date: Fri, 19 Aug 2011 17:58:23 -0700
-Subject: [PATCH 3/9] Make Intermediate Cert Store memory-only.
+Subject: [PATCH 03/12] Make Intermediate Cert Store memory-only.
 
 This patch makes the intermediate SSL cert store exist in memory only.
 
@@ -12,10 +12,10 @@ https://trac.torproject.org/projects/tor/ticket/2949
  1 files changed, 14 insertions(+), 1 deletions(-)
 
 diff --git a/security/manager/ssl/src/nsNSSComponent.cpp b/security/manager/ssl/src/nsNSSComponent.cpp
-index c29aaf7..5488f06 100644
+index 5bb09ae..737715d 100644
 --- a/security/manager/ssl/src/nsNSSComponent.cpp
 +++ b/security/manager/ssl/src/nsNSSComponent.cpp
-@@ -1744,8 +1744,21 @@ nsNSSComponent::InitializeNSS(PRBool showWarningBox)
+@@ -1732,8 +1732,21 @@ nsNSSComponent::InitializeNSS(PRBool showWarningBox)
      // Ubuntu 8.04, which loads any nonexistent "<configdir>/libnssckbi.so" as
      // "/usr/lib/nss/libnssckbi.so".
      PRUint32 init_flags = NSS_INIT_NOROOTINIT | NSS_INIT_OPTIMIZESPACE;
diff --git a/src/current-patches/firefox/0004-Add-HTTP-auth-headers-before-the-modify-request-obse.patch b/src/current-patches/firefox/0004-Add-HTTP-auth-headers-before-the-modify-request-obse.patch
index e0d9ee7..c0b2070 100644
--- a/src/current-patches/firefox/0004-Add-HTTP-auth-headers-before-the-modify-request-obse.patch
+++ b/src/current-patches/firefox/0004-Add-HTTP-auth-headers-before-the-modify-request-obse.patch
@@ -1,7 +1,7 @@
-From e03a22c70c5f68013a72bc4ca2624c6d889c22a4 Mon Sep 17 00:00:00 2001
+From f30579c50a6915314a470579da533f53200e61d8 Mon Sep 17 00:00:00 2001
 From: Mike Perry <mikeperry-git at fscked.org>
 Date: Fri, 2 Sep 2011 15:33:20 -0700
-Subject: [PATCH 4/9] Add HTTP auth headers before the modify-request observer.
+Subject: [PATCH 04/12] Add HTTP auth headers before the modify-request observer.
 
 Otherwise, how are we supposed to modify them?
 
@@ -11,10 +11,10 @@ Thanks to Georg Koppen for spotting both the problem and this fix.
  1 files changed, 7 insertions(+), 4 deletions(-)
 
 diff --git a/netwerk/protocol/http/nsHttpChannel.cpp b/netwerk/protocol/http/nsHttpChannel.cpp
-index 6cc90a9..bf60bb3 100644
+index 3f9d049..945bc0d 100644
 --- a/netwerk/protocol/http/nsHttpChannel.cpp
 +++ b/netwerk/protocol/http/nsHttpChannel.cpp
-@@ -286,9 +286,6 @@ nsHttpChannel::Connect(PRBool firstTime)
+@@ -291,9 +291,6 @@ nsHttpChannel::Connect(PRBool firstTime)
          return NS_ERROR_DOCUMENT_NOT_CACHED;
      }
  
@@ -24,7 +24,7 @@ index 6cc90a9..bf60bb3 100644
      if (mLoadFlags & LOAD_NO_NETWORK_IO) {
          return NS_ERROR_DOCUMENT_NOT_CACHED;
      }
-@@ -3624,6 +3621,9 @@ nsHttpChannel::AsyncOpen(nsIStreamListener *listener, nsISupports *context)
+@@ -3665,6 +3662,9 @@ nsHttpChannel::AsyncOpen(nsIStreamListener *listener, nsISupports *context)
  
      AddCookiesToRequest();
  
@@ -34,7 +34,7 @@ index 6cc90a9..bf60bb3 100644
      // notify "http-on-modify-request" observers
      gHttpHandler->OnModifyRequest(this);
  
-@@ -4700,7 +4700,10 @@ nsHttpChannel::DoAuthRetry(nsAHttpConnection *conn)
+@@ -4741,7 +4741,10 @@ nsHttpChannel::DoAuthRetry(nsAHttpConnection *conn)
      // this authentication attempt (bug 84794).
      // TODO: save cookies from auth response and send them here (bug 572151).
      AddCookiesToRequest();
diff --git a/src/current-patches/firefox/0005-Add-a-string-based-cacheKey.patch b/src/current-patches/firefox/0005-Add-a-string-based-cacheKey.patch
index d1bcc54..87941e2 100644
--- a/src/current-patches/firefox/0005-Add-a-string-based-cacheKey.patch
+++ b/src/current-patches/firefox/0005-Add-a-string-based-cacheKey.patch
@@ -1,7 +1,7 @@
-From bedc5d561ea3b17de6702274ee07f6c130e2cd95 Mon Sep 17 00:00:00 2001
+From 65410adb53fafe4ec717ab464cdefee3cdd35708 Mon Sep 17 00:00:00 2001
 From: Mike Perry <mikeperry-git at fscked.org>
 Date: Fri, 2 Sep 2011 20:47:02 -0700
-Subject: [PATCH 5/9] Add a string-based cacheKey.
+Subject: [PATCH 05/12] Add a string-based cacheKey.
 
 Used for isolating cache according to same-origin policy.
 ---
@@ -29,10 +29,10 @@ index 2da46d6..4ee5774 100644
       * may fail if the disk cache is not present.  The value of this attribute
       * is usually only settable during the processing of a channel's
 diff --git a/netwerk/protocol/http/nsHttpChannel.cpp b/netwerk/protocol/http/nsHttpChannel.cpp
-index bf60bb3..b0a5d0d 100644
+index 945bc0d..9e838d8 100644
 --- a/netwerk/protocol/http/nsHttpChannel.cpp
 +++ b/netwerk/protocol/http/nsHttpChannel.cpp
-@@ -2316,6 +2316,12 @@ nsHttpChannel::AssembleCacheKey(const char *spec, PRUint32 postID,
+@@ -2356,6 +2356,12 @@ nsHttpChannel::AssembleCacheKey(const char *spec, PRUint32 postID,
          cacheKey.Append(buf);
      }
  
@@ -45,7 +45,7 @@ index bf60bb3..b0a5d0d 100644
      if (!cacheKey.IsEmpty()) {
          cacheKey.AppendLiteral("uri=");
      }
-@@ -4600,6 +4606,22 @@ nsHttpChannel::SetCacheForOfflineUse(PRBool value)
+@@ -4641,6 +4647,22 @@ nsHttpChannel::SetCacheForOfflineUse(PRBool value)
  }
  
  NS_IMETHODIMP
@@ -69,7 +69,7 @@ index bf60bb3..b0a5d0d 100644
  {
      value = mOfflineCacheClientID;
 diff --git a/netwerk/protocol/http/nsHttpChannel.h b/netwerk/protocol/http/nsHttpChannel.h
-index a64ec07..7e89afe 100644
+index 6e0f360..9df9e38 100644
 --- a/netwerk/protocol/http/nsHttpChannel.h
 +++ b/netwerk/protocol/http/nsHttpChannel.h
 @@ -303,6 +303,7 @@ private:
diff --git a/src/current-patches/firefox/0006-Randomize-HTTP-pipeline-order-and-depth.patch b/src/current-patches/firefox/0006-Randomize-HTTP-pipeline-order-and-depth.patch
index f4ca4a4..2935289 100644
--- a/src/current-patches/firefox/0006-Randomize-HTTP-pipeline-order-and-depth.patch
+++ b/src/current-patches/firefox/0006-Randomize-HTTP-pipeline-order-and-depth.patch
@@ -1,7 +1,7 @@
-From efa29783b4f6fb53b37400e6f5da0ace157a1f08 Mon Sep 17 00:00:00 2001
+From 797fecf94e73e4f65fa8fdd58e0980e0d79ec092 Mon Sep 17 00:00:00 2001
 From: Mike Perry <mikeperry-git at fscked.org>
 Date: Tue, 8 Nov 2011 17:34:54 -0800
-Subject: [PATCH 6/9] Randomize HTTP pipeline order and depth.
+Subject: [PATCH 06/12] Randomize HTTP pipeline order and depth.
 
 This is an experimental defense against
 http://lorre.uni.lu/~andriy/papers/acmccs-wpes11-fingerprinting.pdf
@@ -14,7 +14,7 @@ https://blog.torproject.org/blog/experimental-defense-website-traffic-fingerprin
  2 files changed, 81 insertions(+), 1 deletions(-)
 
 diff --git a/netwerk/protocol/http/nsHttpConnectionMgr.cpp b/netwerk/protocol/http/nsHttpConnectionMgr.cpp
-index 3435d29..fbfee3f 100644
+index 3bb2b55..89ec350 100644
 --- a/netwerk/protocol/http/nsHttpConnectionMgr.cpp
 +++ b/netwerk/protocol/http/nsHttpConnectionMgr.cpp
 @@ -94,6 +94,11 @@ nsHttpConnectionMgr::nsHttpConnectionMgr()
diff --git a/src/current-patches/firefox/0007-Block-all-plugins-except-flash.patch b/src/current-patches/firefox/0007-Block-all-plugins-except-flash.patch
index 1661c8f..c8d55f8 100644
--- a/src/current-patches/firefox/0007-Block-all-plugins-except-flash.patch
+++ b/src/current-patches/firefox/0007-Block-all-plugins-except-flash.patch
@@ -1,7 +1,7 @@
-From 0dec1ab529b55f8380890d1a39148a16f80f02de Mon Sep 17 00:00:00 2001
+From 2954118c9ab70d2e1c4d983a8f101b3a237461bb Mon Sep 17 00:00:00 2001
 From: Mike Perry <mikeperry-git at fscked.org>
 Date: Wed, 28 Sep 2011 13:24:20 -0700
-Subject: [PATCH 7/9] Block all plugins except flash.
+Subject: [PATCH 07/12] Block all plugins except flash.
 
 We cannot use the @mozilla.org/extensions/blocklist;1 service, because we
 actually want to stop plugins from ever entering the browser's process space
@@ -17,10 +17,10 @@ on a better way. Until then, it is delta-darwinism for us.
  2 files changed, 35 insertions(+), 0 deletions(-)
 
 diff --git a/dom/plugins/base/nsPluginHost.cpp b/dom/plugins/base/nsPluginHost.cpp
-index 7c2c5d1..1e1d983 100644
+index 8578d56..3fbae53 100644
 --- a/dom/plugins/base/nsPluginHost.cpp
 +++ b/dom/plugins/base/nsPluginHost.cpp
-@@ -1953,6 +1953,35 @@ PRBool nsPluginHost::IsDuplicatePlugin(nsPluginTag * aPluginTag)
+@@ -1964,6 +1964,35 @@ PRBool nsPluginHost::IsDuplicatePlugin(nsPluginTag * aPluginTag)
    return PR_FALSE;
  }
  
@@ -56,7 +56,7 @@ index 7c2c5d1..1e1d983 100644
  typedef NS_NPAPIPLUGIN_CALLBACK(char *, NP_GETMIMEDESCRIPTION)(void);
  
  nsresult nsPluginHost::ScanPluginsDirectory(nsIFile *pluginsDir,
-@@ -2074,6 +2103,10 @@ nsresult nsPluginHost::ScanPluginsDirectory(nsIFile *pluginsDir,
+@@ -2085,6 +2114,10 @@ nsresult nsPluginHost::ScanPluginsDirectory(nsIFile *pluginsDir,
        continue;
      }
  
@@ -68,10 +68,10 @@ index 7c2c5d1..1e1d983 100644
      if (!pluginTag) {
        nsPluginFile pluginFile(localfile);
 diff --git a/dom/plugins/base/nsPluginHost.h b/dom/plugins/base/nsPluginHost.h
-index 4a537ba..038851a 100644
+index 1cfd59b..7d83c20 100644
 --- a/dom/plugins/base/nsPluginHost.h
 +++ b/dom/plugins/base/nsPluginHost.h
-@@ -276,6 +276,8 @@ private:
+@@ -278,6 +278,8 @@ private:
    // Loads all cached plugins info into mCachedPlugins
    nsresult ReadPluginInfo();
  
diff --git a/src/current-patches/firefox/0008-Make-content-pref-service-memory-only-clearable.patch b/src/current-patches/firefox/0008-Make-content-pref-service-memory-only-clearable.patch
index 22adcd5..6473b13 100644
--- a/src/current-patches/firefox/0008-Make-content-pref-service-memory-only-clearable.patch
+++ b/src/current-patches/firefox/0008-Make-content-pref-service-memory-only-clearable.patch
@@ -1,7 +1,7 @@
-From d5356d3d6d33ead6c5c7d149fd851a6666c2daac Mon Sep 17 00:00:00 2001
+From e14ab520ed4e012dbeb051eb9320e59f06873674 Mon Sep 17 00:00:00 2001
 From: Mike Perry <mikeperry-git at fscked.org>
 Date: Thu, 8 Sep 2011 08:40:17 -0700
-Subject: [PATCH 8/9] Make content pref service memory-only + clearable
+Subject: [PATCH 08/12] Make content pref service memory-only + clearable
 
 This prevents random urls from being inserted into content-prefs.sqllite in
 the profile directory as content prefs change (includes site-zoom and perhaps
@@ -11,10 +11,10 @@ other site prefs?).
  1 files changed, 2 insertions(+), 2 deletions(-)
 
 diff --git a/toolkit/components/contentprefs/nsContentPrefService.js b/toolkit/components/contentprefs/nsContentPrefService.js
-index a5f417f..601f7a3 100644
+index 0d12b36..494515b 100644
 --- a/toolkit/components/contentprefs/nsContentPrefService.js
 +++ b/toolkit/components/contentprefs/nsContentPrefService.js
-@@ -1036,7 +1036,7 @@ ContentPrefService.prototype = {
+@@ -1183,7 +1183,7 @@ ContentPrefService.prototype = {
  
      var dbConnection;
  
@@ -23,7 +23,7 @@ index a5f417f..601f7a3 100644
        dbConnection = this._dbCreate(dbService, dbFile);
      else {
        try {
-@@ -1084,7 +1084,7 @@ ContentPrefService.prototype = {
+@@ -1231,7 +1231,7 @@ ContentPrefService.prototype = {
    },
  
    _dbCreate: function ContentPrefService__dbCreate(aDBService, aDBFile) {
diff --git a/src/current-patches/firefox/0009-Make-Tor-Browser-exit-when-not-launched-from-Vidalia.patch b/src/current-patches/firefox/0009-Make-Tor-Browser-exit-when-not-launched-from-Vidalia.patch
index 060c1c9..11d3cdf 100644
--- a/src/current-patches/firefox/0009-Make-Tor-Browser-exit-when-not-launched-from-Vidalia.patch
+++ b/src/current-patches/firefox/0009-Make-Tor-Browser-exit-when-not-launched-from-Vidalia.patch
@@ -1,7 +1,7 @@
-From 64af9b4632e393451295a69257846537a1307b74 Mon Sep 17 00:00:00 2001
+From 84286ac84d1973747f9ff541df90ed79c34ed443 Mon Sep 17 00:00:00 2001
 From: Mike Perry <mikeperry-git at fscked.org>
 Date: Sun, 9 Oct 2011 22:50:07 -0700
-Subject: [PATCH 9/9] Make Tor Browser exit when not launched from Vidalia
+Subject: [PATCH 09/12] Make Tor Browser exit when not launched from Vidalia
 
 Turns out the Windows 7 UI encourages users to "dock" their Tor Browser app
 for easy relaunch. If they manage to do this, we should fail closed rather
@@ -16,10 +16,10 @@ actually be common.
  1 files changed, 15 insertions(+), 0 deletions(-)
 
 diff --git a/browser/base/content/browser.js b/browser/base/content/browser.js
-index 200d457..371d45c 100644
+index e78919d..c1e90f3 100644
 --- a/browser/base/content/browser.js
 +++ b/browser/base/content/browser.js
-@@ -1212,6 +1212,21 @@ function BrowserStartup() {
+@@ -1217,6 +1217,21 @@ function BrowserStartup() {
  
    prepareForStartup();
  
diff --git a/src/current-patches/firefox/0010-Disable-SSL-Session-ID-tracking.patch b/src/current-patches/firefox/0010-Disable-SSL-Session-ID-tracking.patch
index b74a5c1..53553f1 100644
--- a/src/current-patches/firefox/0010-Disable-SSL-Session-ID-tracking.patch
+++ b/src/current-patches/firefox/0010-Disable-SSL-Session-ID-tracking.patch
@@ -1,7 +1,7 @@
-From 6ec4ac9d2cafa8b400611a07d62c6279b3568204 Mon Sep 17 00:00:00 2001
+From 5e8424690ef1d9f5c38dbf87811f82fa92e29eb5 Mon Sep 17 00:00:00 2001
 From: Mike Perry <mikeperry-git at fscked.org>
 Date: Wed, 7 Dec 2011 19:36:38 -0800
-Subject: [PATCH 10/11] Disable SSL Session ID tracking.
+Subject: [PATCH 10/12] Disable SSL Session ID tracking.
 
 We can't easily bind SSL Session ID tracking to url bar domain,
 so we have to disable them to satisfy
@@ -11,17 +11,17 @@ https://www.torproject.org/projects/torbrowser/design/#identifier-linkability.
  1 files changed, 1 insertions(+), 1 deletions(-)
 
 diff --git a/security/nss/lib/ssl/sslsock.c b/security/nss/lib/ssl/sslsock.c
-index 568b500..35540a8 100644
+index 2e6f9ed..c8a993b 100644
 --- a/security/nss/lib/ssl/sslsock.c
 +++ b/security/nss/lib/ssl/sslsock.c
 @@ -172,7 +172,7 @@ static sslOptions ssl_defaults = {
-     PR_TRUE,	/* enableSSL2         */
+     PR_FALSE,	/* enableSSL2         */ /* now defaults to off in NSS 3.13 */
      PR_TRUE,	/* enableSSL3         */
      PR_TRUE, 	/* enableTLS          */ /* now defaults to on in NSS 3.0 */
 -    PR_FALSE,	/* noCache            */
 +    PR_TRUE,	/* noCache            */
      PR_FALSE,	/* fdx                */
-     PR_TRUE,	/* v2CompatibleHello  */
+     PR_FALSE,	/* v2CompatibleHello  */ /* now defaults to off in NSS 3.13 */
      PR_TRUE,	/* detectRollBack     */
 -- 
 1.7.3.4
diff --git a/src/current-patches/firefox/0011-Provide-an-observer-event-to-close-persistent-connec.patch b/src/current-patches/firefox/0011-Provide-an-observer-event-to-close-persistent-connec.patch
index d2cdfa3..0b67cd6 100644
--- a/src/current-patches/firefox/0011-Provide-an-observer-event-to-close-persistent-connec.patch
+++ b/src/current-patches/firefox/0011-Provide-an-observer-event-to-close-persistent-connec.patch
@@ -1,7 +1,7 @@
-From 7f6e76f1cbab26bcd6dead6427a9a19460877434 Mon Sep 17 00:00:00 2001
+From f29be5f0e41e9915bcd15b692685bebce9d33f91 Mon Sep 17 00:00:00 2001
 From: Mike Perry <mikeperry-git at fscked.org>
 Date: Wed, 7 Dec 2011 20:05:19 -0800
-Subject: [PATCH 11/11] Provide an observer event to close persistent connections
+Subject: [PATCH 11/12] Provide an observer event to close persistent connections
 
 We need to prevent linkability across "New Identity", which includes closing
 keep-alive connections.
diff --git a/src/current-patches/firefox/0012-Provide-client-values-only-to-CSS-Media-Queries.patch b/src/current-patches/firefox/0012-Provide-client-values-only-to-CSS-Media-Queries.patch
new file mode 100644
index 0000000..7253f9c
--- /dev/null
+++ b/src/current-patches/firefox/0012-Provide-client-values-only-to-CSS-Media-Queries.patch
@@ -0,0 +1,72 @@
+From e4586005446c57161e14adc153aa5890f5694223 Mon Sep 17 00:00:00 2001
+From: Mike Perry <mikeperry-git at fscked.org>
+Date: Tue, 20 Dec 2011 21:02:49 -0800
+Subject: [PATCH 12/12] Provide client values only to CSS Media Queries
+
+Also disable a bunch of Mozilla extensions that smell like they are
+fingerprintable.
+
+This is done to address
+https://www.torproject.org/projects/torbrowser/design/#fingerprinting-linkability
+---
+ layout/style/nsMediaFeatures.cpp |   10 ++++++----
+ 1 files changed, 6 insertions(+), 4 deletions(-)
+
+diff --git a/layout/style/nsMediaFeatures.cpp b/layout/style/nsMediaFeatures.cpp
+index 9a65c8e..d633dd1 100644
+--- a/layout/style/nsMediaFeatures.cpp
++++ b/layout/style/nsMediaFeatures.cpp
+@@ -381,14 +381,14 @@ nsMediaFeatures::features[] = {
+         nsMediaFeature::eMinMaxAllowed,
+         nsMediaFeature::eLength,
+         { nsnull },
+-        GetDeviceWidth
++        GetWidth
+     },
+     {
+         &nsGkAtoms::deviceHeight,
+         nsMediaFeature::eMinMaxAllowed,
+         nsMediaFeature::eLength,
+         { nsnull },
+-        GetDeviceHeight
++        GetHeight
+     },
+     {
+         &nsGkAtoms::orientation,
+@@ -409,7 +409,7 @@ nsMediaFeatures::features[] = {
+         nsMediaFeature::eMinMaxAllowed,
+         nsMediaFeature::eIntRatio,
+         { nsnull },
+-        GetDeviceAspectRatio
++        GetAspectRatio
+     },
+     {
+         &nsGkAtoms::color,
+@@ -455,6 +455,7 @@ nsMediaFeatures::features[] = {
+     },
+ 
+     // Mozilla extensions
++/*
+     {
+         &nsGkAtoms::_moz_device_pixel_ratio,
+         nsMediaFeature::eMinMaxAllowed,
+@@ -467,7 +468,7 @@ nsMediaFeatures::features[] = {
+         nsMediaFeature::eMinMaxNotAllowed,
+         nsMediaFeature::eEnumerated,
+         { kOrientationKeywords },
+-        GetDeviceOrientation
++        GetOrientation
+     },
+     {
+         &nsGkAtoms::_moz_is_resource_document,
+@@ -588,6 +589,7 @@ nsMediaFeatures::features[] = {
+         { nsnull },
+         GetWindowsTheme
+     },
++*/
+     // Null-mName terminator:
+     {
+         nsnull,
+-- 
+1.7.3.4
+





More information about the tor-commits mailing list