[tor-commits] [torbrowser/master] Update patches for FF8.
erinn at torproject.org
erinn at torproject.org
Wed Nov 9 02:22:04 UTC 2011
commit 2c7dd341b683944b7fb52e86fbc8434555570b41
Author: Mike Perry <mikeperry-git at fscked.org>
Date: Tue Nov 8 17:49:46 2011 -0800
Update patches for FF8.
---
...nents.interfaces-lookupMethod-from-conten.patch | 10 +++---
...0002-Make-Permissions-Manager-memory-only.patch | 8 +++---
...-Make-Intermediate-Cert-Store-memory-only.patch | 8 +++---
...th-headers-before-the-modify-request-obse.patch | 12 ++++----
.../firefox/0005-Add-a-string-based-cacheKey.patch | 10 +++---
...6-Randomize-HTTP-pipeline-order-and-depth.patch | 29 ++++++++++---------
.../0007-Block-all-plugins-except-flash.patch | 14 +++++-----
...ontent-pref-service-memory-only-clearable.patch | 4 +-
...owser-exit-when-not-launched-from-Vidalia.patch | 8 +++---
9 files changed, 52 insertions(+), 51 deletions(-)
diff --git a/src/current-patches/firefox/0001-Block-Components.interfaces-lookupMethod-from-conten.patch b/src/current-patches/firefox/0001-Block-Components.interfaces-lookupMethod-from-conten.patch
index 70070d2..209f101 100644
--- a/src/current-patches/firefox/0001-Block-Components.interfaces-lookupMethod-from-conten.patch
+++ b/src/current-patches/firefox/0001-Block-Components.interfaces-lookupMethod-from-conten.patch
@@ -1,7 +1,7 @@
-From b31cf77e084355158252629efd6bf794212d807a Mon Sep 17 00:00:00 2001
+From 5087e59f2ada4c6fc2cea00f0fc5a529f3d9a2f4 Mon Sep 17 00:00:00 2001
From: Mike Perry <mikeperry-git at fscked.org>
Date: Mon, 20 Jun 2011 17:07:41 -0700
-Subject: [PATCH 1/8] Block Components.interfaces,lookupMethod from content
+Subject: [PATCH 1/9] Block Components.interfaces,lookupMethod from content
This patch removes the ability of content script to access
Components.interfaces.* as well as call or access Components.lookupMethod.
@@ -20,10 +20,10 @@ https://trac.torproject.org/projects/tor/ticket/2874
1 files changed, 6 insertions(+), 2 deletions(-)
diff --git a/js/src/xpconnect/src/xpccomponents.cpp b/js/src/xpconnect/src/xpccomponents.cpp
-index 664021e..9c8c415 100644
+index c36841c..af55624 100644
--- a/js/src/xpconnect/src/xpccomponents.cpp
+++ b/js/src/xpconnect/src/xpccomponents.cpp
-@@ -4393,7 +4393,9 @@ nsXPCComponents::CanCreateWrapper(const nsIID * iid, char **_retval)
+@@ -4394,7 +4394,9 @@ nsXPCComponents::CanCreateWrapper(const nsIID * iid, char **_retval)
NS_IMETHODIMP
nsXPCComponents::CanCallMethod(const nsIID * iid, const PRUnichar *methodName, char **_retval)
{
@@ -34,7 +34,7 @@ index 664021e..9c8c415 100644
*_retval = xpc_CheckAccessList(methodName, allowed);
return NS_OK;
}
-@@ -4402,7 +4404,9 @@ nsXPCComponents::CanCallMethod(const nsIID * iid, const PRUnichar *methodName, c
+@@ -4403,7 +4405,9 @@ nsXPCComponents::CanCallMethod(const nsIID * iid, const PRUnichar *methodName, c
NS_IMETHODIMP
nsXPCComponents::CanGetProperty(const nsIID * iid, const PRUnichar *propertyName, char **_retval)
{
diff --git a/src/current-patches/firefox/0002-Make-Permissions-Manager-memory-only.patch b/src/current-patches/firefox/0002-Make-Permissions-Manager-memory-only.patch
index 0429cca..e0948b9 100644
--- a/src/current-patches/firefox/0002-Make-Permissions-Manager-memory-only.patch
+++ b/src/current-patches/firefox/0002-Make-Permissions-Manager-memory-only.patch
@@ -1,7 +1,7 @@
-From 9eff68b74bb38d535c1d09246c8c2893f05edd1b Mon Sep 17 00:00:00 2001
+From 21a59f630eb8cbcc5add31fa297e9edcd10d155f Mon Sep 17 00:00:00 2001
From: Mike Perry <mikeperry-git at fscked.org>
Date: Mon, 20 Jun 2011 17:07:56 -0700
-Subject: [PATCH 2/8] Make Permissions Manager memory-only
+Subject: [PATCH 2/9] Make Permissions Manager memory-only
This patch exposes a pref 'permissions.memory_only' that properly isolates the
permissions manager to memory, which is responsible for all user specified
@@ -16,7 +16,7 @@ https://trac.torproject.org/projects/tor/ticket/2950
1 files changed, 31 insertions(+), 3 deletions(-)
diff --git a/extensions/cookie/nsPermissionManager.cpp b/extensions/cookie/nsPermissionManager.cpp
-index 773a973..5387397 100644
+index f852218..4f0f58b 100644
--- a/extensions/cookie/nsPermissionManager.cpp
+++ b/extensions/cookie/nsPermissionManager.cpp
@@ -58,6 +58,10 @@
@@ -75,7 +75,7 @@ index 773a973..5387397 100644
NS_ENSURE_SUCCESS(rv, rv);
mDBConn->GetConnectionReady(&ready);
-@@ -805,7 +828,12 @@ NS_IMETHODIMP nsPermissionManager::Observe(nsISupports *aSubject, const char *aT
+@@ -803,7 +826,12 @@ NS_IMETHODIMP nsPermissionManager::Observe(nsISupports *aSubject, const char *aT
{
ENSURE_NOT_CHILD_PROCESS;
diff --git a/src/current-patches/firefox/0003-Make-Intermediate-Cert-Store-memory-only.patch b/src/current-patches/firefox/0003-Make-Intermediate-Cert-Store-memory-only.patch
index 0d3c991..6538b1a 100644
--- a/src/current-patches/firefox/0003-Make-Intermediate-Cert-Store-memory-only.patch
+++ b/src/current-patches/firefox/0003-Make-Intermediate-Cert-Store-memory-only.patch
@@ -1,7 +1,7 @@
-From 6b2fed2b29f239c1c85e32bd417bacc3fd7155a7 Mon Sep 17 00:00:00 2001
+From c2b3fb6a517dfd6cad3670e8aeb0cce5c2cba342 Mon Sep 17 00:00:00 2001
From: Mike Perry <mikeperry-git at fscked.org>
Date: Fri, 19 Aug 2011 17:58:23 -0700
-Subject: [PATCH 3/8] Make Intermediate Cert Store memory-only.
+Subject: [PATCH 3/9] Make Intermediate Cert Store memory-only.
This patch makes the intermediate SSL cert store exist in memory only.
@@ -12,10 +12,10 @@ https://trac.torproject.org/projects/tor/ticket/2949
1 files changed, 14 insertions(+), 1 deletions(-)
diff --git a/security/manager/ssl/src/nsNSSComponent.cpp b/security/manager/ssl/src/nsNSSComponent.cpp
-index 11cb2bd..fd717f4 100644
+index c29aaf7..5488f06 100644
--- a/security/manager/ssl/src/nsNSSComponent.cpp
+++ b/security/manager/ssl/src/nsNSSComponent.cpp
-@@ -1757,8 +1757,21 @@ nsNSSComponent::InitializeNSS(PRBool showWarningBox)
+@@ -1744,8 +1744,21 @@ nsNSSComponent::InitializeNSS(PRBool showWarningBox)
// Ubuntu 8.04, which loads any nonexistent "<configdir>/libnssckbi.so" as
// "/usr/lib/nss/libnssckbi.so".
PRUint32 init_flags = NSS_INIT_NOROOTINIT | NSS_INIT_OPTIMIZESPACE;
diff --git a/src/current-patches/firefox/0004-Add-HTTP-auth-headers-before-the-modify-request-obse.patch b/src/current-patches/firefox/0004-Add-HTTP-auth-headers-before-the-modify-request-obse.patch
index 24ab5fd..e0d9ee7 100644
--- a/src/current-patches/firefox/0004-Add-HTTP-auth-headers-before-the-modify-request-obse.patch
+++ b/src/current-patches/firefox/0004-Add-HTTP-auth-headers-before-the-modify-request-obse.patch
@@ -1,7 +1,7 @@
-From 273ae174b0db5c37d39bb4aefdf1ce3c14fee3d6 Mon Sep 17 00:00:00 2001
+From e03a22c70c5f68013a72bc4ca2624c6d889c22a4 Mon Sep 17 00:00:00 2001
From: Mike Perry <mikeperry-git at fscked.org>
Date: Fri, 2 Sep 2011 15:33:20 -0700
-Subject: [PATCH 4/8] Add HTTP auth headers before the modify-request observer.
+Subject: [PATCH 4/9] Add HTTP auth headers before the modify-request observer.
Otherwise, how are we supposed to modify them?
@@ -11,10 +11,10 @@ Thanks to Georg Koppen for spotting both the problem and this fix.
1 files changed, 7 insertions(+), 4 deletions(-)
diff --git a/netwerk/protocol/http/nsHttpChannel.cpp b/netwerk/protocol/http/nsHttpChannel.cpp
-index cd11187..144ecb7 100644
+index 6cc90a9..bf60bb3 100644
--- a/netwerk/protocol/http/nsHttpChannel.cpp
+++ b/netwerk/protocol/http/nsHttpChannel.cpp
-@@ -287,9 +287,6 @@ nsHttpChannel::Connect(PRBool firstTime)
+@@ -286,9 +286,6 @@ nsHttpChannel::Connect(PRBool firstTime)
return NS_ERROR_DOCUMENT_NOT_CACHED;
}
@@ -24,7 +24,7 @@ index cd11187..144ecb7 100644
if (mLoadFlags & LOAD_NO_NETWORK_IO) {
return NS_ERROR_DOCUMENT_NOT_CACHED;
}
-@@ -3621,6 +3618,9 @@ nsHttpChannel::AsyncOpen(nsIStreamListener *listener, nsISupports *context)
+@@ -3624,6 +3621,9 @@ nsHttpChannel::AsyncOpen(nsIStreamListener *listener, nsISupports *context)
AddCookiesToRequest();
@@ -34,7 +34,7 @@ index cd11187..144ecb7 100644
// notify "http-on-modify-request" observers
gHttpHandler->OnModifyRequest(this);
-@@ -4693,7 +4693,10 @@ nsHttpChannel::DoAuthRetry(nsAHttpConnection *conn)
+@@ -4700,7 +4700,10 @@ nsHttpChannel::DoAuthRetry(nsAHttpConnection *conn)
// this authentication attempt (bug 84794).
// TODO: save cookies from auth response and send them here (bug 572151).
AddCookiesToRequest();
diff --git a/src/current-patches/firefox/0005-Add-a-string-based-cacheKey.patch b/src/current-patches/firefox/0005-Add-a-string-based-cacheKey.patch
index 3d5fd54..d1bcc54 100644
--- a/src/current-patches/firefox/0005-Add-a-string-based-cacheKey.patch
+++ b/src/current-patches/firefox/0005-Add-a-string-based-cacheKey.patch
@@ -1,7 +1,7 @@
-From b777a0bc7898314cf13f8ad30a3ed072f4246941 Mon Sep 17 00:00:00 2001
+From bedc5d561ea3b17de6702274ee07f6c130e2cd95 Mon Sep 17 00:00:00 2001
From: Mike Perry <mikeperry-git at fscked.org>
Date: Fri, 2 Sep 2011 20:47:02 -0700
-Subject: [PATCH 5/8] Add a string-based cacheKey.
+Subject: [PATCH 5/9] Add a string-based cacheKey.
Used for isolating cache according to same-origin policy.
---
@@ -29,10 +29,10 @@ index 2da46d6..4ee5774 100644
* may fail if the disk cache is not present. The value of this attribute
* is usually only settable during the processing of a channel's
diff --git a/netwerk/protocol/http/nsHttpChannel.cpp b/netwerk/protocol/http/nsHttpChannel.cpp
-index 144ecb7..0c8f8ae 100644
+index bf60bb3..b0a5d0d 100644
--- a/netwerk/protocol/http/nsHttpChannel.cpp
+++ b/netwerk/protocol/http/nsHttpChannel.cpp
-@@ -2313,6 +2313,12 @@ nsHttpChannel::AssembleCacheKey(const char *spec, PRUint32 postID,
+@@ -2316,6 +2316,12 @@ nsHttpChannel::AssembleCacheKey(const char *spec, PRUint32 postID,
cacheKey.Append(buf);
}
@@ -45,7 +45,7 @@ index 144ecb7..0c8f8ae 100644
if (!cacheKey.IsEmpty()) {
cacheKey.AppendLiteral("uri=");
}
-@@ -4593,6 +4599,22 @@ nsHttpChannel::SetCacheForOfflineUse(PRBool value)
+@@ -4600,6 +4606,22 @@ nsHttpChannel::SetCacheForOfflineUse(PRBool value)
}
NS_IMETHODIMP
diff --git a/src/current-patches/firefox/0006-Randomize-HTTP-pipeline-order-and-depth.patch b/src/current-patches/firefox/0006-Randomize-HTTP-pipeline-order-and-depth.patch
index 76ce04d..f4ca4a4 100644
--- a/src/current-patches/firefox/0006-Randomize-HTTP-pipeline-order-and-depth.patch
+++ b/src/current-patches/firefox/0006-Randomize-HTTP-pipeline-order-and-depth.patch
@@ -1,25 +1,26 @@
-From f68b858073e7c16236430ee349fb565ac18cf3d4 Mon Sep 17 00:00:00 2001
+From efa29783b4f6fb53b37400e6f5da0ace157a1f08 Mon Sep 17 00:00:00 2001
From: Mike Perry <mikeperry-git at fscked.org>
-Date: Sat, 3 Sep 2011 00:10:35 -0700
-Subject: [PATCH 6/8] Randomize HTTP pipeline order and depth.
-
-Also turn up maximum depth to 12.
+Date: Tue, 8 Nov 2011 17:34:54 -0800
+Subject: [PATCH 6/9] Randomize HTTP pipeline order and depth.
This is an experimental defense against
http://lorre.uni.lu/~andriy/papers/acmccs-wpes11-fingerprinting.pdf
+
+See also:
+https://blog.torproject.org/blog/experimental-defense-website-traffic-fingerprinting
---
netwerk/protocol/http/nsHttpConnectionMgr.cpp | 78 ++++++++++++++++++++++++-
netwerk/protocol/http/nsHttpConnectionMgr.h | 4 +
2 files changed, 81 insertions(+), 1 deletions(-)
diff --git a/netwerk/protocol/http/nsHttpConnectionMgr.cpp b/netwerk/protocol/http/nsHttpConnectionMgr.cpp
-index c754f83..6a522ec 100644
+index 3435d29..fbfee3f 100644
--- a/netwerk/protocol/http/nsHttpConnectionMgr.cpp
+++ b/netwerk/protocol/http/nsHttpConnectionMgr.cpp
-@@ -93,6 +93,11 @@ nsHttpConnectionMgr::nsHttpConnectionMgr()
- , mTimeOfNextWakeUp(LL_MAXUINT)
+@@ -94,6 +94,11 @@ nsHttpConnectionMgr::nsHttpConnectionMgr()
{
LOG(("Creating nsHttpConnectionMgr @%x\n", this));
+ mCT.Init();
+ nsresult rv;
+ mRandomGenerator = do_GetService("@mozilla.org/security/random-generator;1", &rv);
+ if (NS_FAILED(rv)) {
@@ -28,7 +29,7 @@ index c754f83..6a522ec 100644
}
nsHttpConnectionMgr::~nsHttpConnectionMgr()
-@@ -822,7 +827,7 @@ nsHttpConnectionMgr::DispatchTransaction(nsConnectionEntry *ent,
+@@ -856,7 +861,7 @@ nsHttpConnectionMgr::DispatchTransaction(nsConnectionEntry *ent,
nsHttpPipeline *pipeline = nsnull;
if (conn->SupportsPipelining() && (caps & NS_HTTP_ALLOW_PIPELINING)) {
LOG((" looking to build pipeline...\n"));
@@ -37,7 +38,7 @@ index c754f83..6a522ec 100644
trans = pipeline;
}
-@@ -895,6 +900,77 @@ nsHttpConnectionMgr::BuildPipeline(nsConnectionEntry *ent,
+@@ -929,6 +934,77 @@ nsHttpConnectionMgr::BuildPipeline(nsConnectionEntry *ent,
return PR_TRUE;
}
@@ -116,7 +117,7 @@ index c754f83..6a522ec 100644
nsHttpConnectionMgr::ProcessNewTransaction(nsHttpTransaction *trans)
{
diff --git a/netwerk/protocol/http/nsHttpConnectionMgr.h b/netwerk/protocol/http/nsHttpConnectionMgr.h
-index 695cd8f..1806d17 100644
+index d6dba79..c6e295f 100644
--- a/netwerk/protocol/http/nsHttpConnectionMgr.h
+++ b/netwerk/protocol/http/nsHttpConnectionMgr.h
@@ -48,6 +48,7 @@
@@ -127,15 +128,15 @@ index 695cd8f..1806d17 100644
#include "nsIObserver.h"
#include "nsITimer.h"
-@@ -270,6 +271,7 @@ private:
+@@ -275,6 +276,7 @@ private:
nsresult DispatchTransaction(nsConnectionEntry *, nsAHttpTransaction *,
PRUint8 caps, nsHttpConnection *);
PRBool BuildPipeline(nsConnectionEntry *, nsAHttpTransaction *, nsHttpPipeline **);
+ PRBool BuildRandomizedPipeline(nsConnectionEntry *, nsAHttpTransaction *, nsHttpPipeline **);
nsresult ProcessNewTransaction(nsHttpTransaction *);
nsresult EnsureSocketThreadTargetIfOnline();
- nsresult CreateTransport(nsConnectionEntry *, nsHttpTransaction *);
-@@ -345,6 +347,8 @@ private:
+ void ClosePersistentConnections(nsConnectionEntry *ent);
+@@ -352,6 +354,8 @@ private:
PRUint64 mTimeOfNextWakeUp;
// Timer for next pruning of dead connections.
nsCOMPtr<nsITimer> mTimer;
diff --git a/src/current-patches/firefox/0007-Block-all-plugins-except-flash.patch b/src/current-patches/firefox/0007-Block-all-plugins-except-flash.patch
index eae5f1f..1661c8f 100644
--- a/src/current-patches/firefox/0007-Block-all-plugins-except-flash.patch
+++ b/src/current-patches/firefox/0007-Block-all-plugins-except-flash.patch
@@ -1,7 +1,7 @@
-From 32c9fdda43a02e738cbe9c7207795ed92bf835b9 Mon Sep 17 00:00:00 2001
+From 0dec1ab529b55f8380890d1a39148a16f80f02de Mon Sep 17 00:00:00 2001
From: Mike Perry <mikeperry-git at fscked.org>
Date: Wed, 28 Sep 2011 13:24:20 -0700
-Subject: [PATCH 7/8] Block all plugins except flash.
+Subject: [PATCH 7/9] Block all plugins except flash.
We cannot use the @mozilla.org/extensions/blocklist;1 service, because we
actually want to stop plugins from ever entering the browser's process space
@@ -17,10 +17,10 @@ on a better way. Until then, it is delta-darwinism for us.
2 files changed, 35 insertions(+), 0 deletions(-)
diff --git a/dom/plugins/base/nsPluginHost.cpp b/dom/plugins/base/nsPluginHost.cpp
-index 2c2ad7d..eba8c24 100644
+index 7c2c5d1..1e1d983 100644
--- a/dom/plugins/base/nsPluginHost.cpp
+++ b/dom/plugins/base/nsPluginHost.cpp
-@@ -2014,6 +2014,35 @@ PRBool nsPluginHost::IsDuplicatePlugin(nsPluginTag * aPluginTag)
+@@ -1953,6 +1953,35 @@ PRBool nsPluginHost::IsDuplicatePlugin(nsPluginTag * aPluginTag)
return PR_FALSE;
}
@@ -56,7 +56,7 @@ index 2c2ad7d..eba8c24 100644
typedef NS_NPAPIPLUGIN_CALLBACK(char *, NP_GETMIMEDESCRIPTION)(void);
nsresult nsPluginHost::ScanPluginsDirectory(nsIFile *pluginsDir,
-@@ -2135,6 +2164,10 @@ nsresult nsPluginHost::ScanPluginsDirectory(nsIFile *pluginsDir,
+@@ -2074,6 +2103,10 @@ nsresult nsPluginHost::ScanPluginsDirectory(nsIFile *pluginsDir,
continue;
}
@@ -68,10 +68,10 @@ index 2c2ad7d..eba8c24 100644
if (!pluginTag) {
nsPluginFile pluginFile(localfile);
diff --git a/dom/plugins/base/nsPluginHost.h b/dom/plugins/base/nsPluginHost.h
-index cb43042..41dbf63 100644
+index 4a537ba..038851a 100644
--- a/dom/plugins/base/nsPluginHost.h
+++ b/dom/plugins/base/nsPluginHost.h
-@@ -282,6 +282,8 @@ private:
+@@ -276,6 +276,8 @@ private:
// Loads all cached plugins info into mCachedPlugins
nsresult ReadPluginInfo();
diff --git a/src/current-patches/firefox/0008-Make-content-pref-service-memory-only-clearable.patch b/src/current-patches/firefox/0008-Make-content-pref-service-memory-only-clearable.patch
index 3b46894..22adcd5 100644
--- a/src/current-patches/firefox/0008-Make-content-pref-service-memory-only-clearable.patch
+++ b/src/current-patches/firefox/0008-Make-content-pref-service-memory-only-clearable.patch
@@ -1,7 +1,7 @@
-From cdf48e30d76f7e1c349cdf8597e9cdc94623b8d8 Mon Sep 17 00:00:00 2001
+From d5356d3d6d33ead6c5c7d149fd851a6666c2daac Mon Sep 17 00:00:00 2001
From: Mike Perry <mikeperry-git at fscked.org>
Date: Thu, 8 Sep 2011 08:40:17 -0700
-Subject: [PATCH 8/8] Make content pref service memory-only + clearable
+Subject: [PATCH 8/9] Make content pref service memory-only + clearable
This prevents random urls from being inserted into content-prefs.sqllite in
the profile directory as content prefs change (includes site-zoom and perhaps
diff --git a/src/current-patches/firefox/0009-Make-Tor-Browser-exit-when-not-launched-from-Vidalia.patch b/src/current-patches/firefox/0009-Make-Tor-Browser-exit-when-not-launched-from-Vidalia.patch
index 6659770..060c1c9 100644
--- a/src/current-patches/firefox/0009-Make-Tor-Browser-exit-when-not-launched-from-Vidalia.patch
+++ b/src/current-patches/firefox/0009-Make-Tor-Browser-exit-when-not-launched-from-Vidalia.patch
@@ -1,7 +1,7 @@
-From 369d7df54fe13dd69a069a43959bdabcc364e6e4 Mon Sep 17 00:00:00 2001
+From 64af9b4632e393451295a69257846537a1307b74 Mon Sep 17 00:00:00 2001
From: Mike Perry <mikeperry-git at fscked.org>
Date: Sun, 9 Oct 2011 22:50:07 -0700
-Subject: [PATCH] Make Tor Browser exit when not launched from Vidalia
+Subject: [PATCH 9/9] Make Tor Browser exit when not launched from Vidalia
Turns out the Windows 7 UI encourages users to "dock" their Tor Browser app
for easy relaunch. If they manage to do this, we should fail closed rather
@@ -16,10 +16,10 @@ actually be common.
1 files changed, 15 insertions(+), 0 deletions(-)
diff --git a/browser/base/content/browser.js b/browser/base/content/browser.js
-index 50f6963..ed2812c 100644
+index 200d457..371d45c 100644
--- a/browser/base/content/browser.js
+++ b/browser/base/content/browser.js
-@@ -1203,6 +1203,21 @@ function BrowserStartup() {
+@@ -1212,6 +1212,21 @@ function BrowserStartup() {
prepareForStartup();
More information about the tor-commits
mailing list