[tor-commits] [torbrowser/master] Rebase patches to Firefox 7.0.

erinn at torproject.org erinn at torproject.org
Sun Oct 23 23:18:33 UTC 2011


commit a9287e590da71d3cbc170c3bb7af1b52a88e2b03
Author: Mike Perry <mikeperry-git at fscked.org>
Date:   Wed Sep 28 13:29:39 2011 -0700

    Rebase patches to Firefox 7.0.
---
 ...nents.interfaces-lookupMethod-from-conten.patch |   50 +++++++++++
 ...ock-Components.interfaces-lookupMethod-fr.patch |   50 -----------
 ...fox6-Make-Permissions-Manager-memory-only.patch |   94 --------------------
 ...0002-Make-Permissions-Manager-memory-only.patch |   94 ++++++++++++++++++++
 ...-Make-Intermediate-Cert-Store-memory-only.patch |   43 ---------
 ...-Make-Intermediate-Cert-Store-memory-only.patch |   43 +++++++++
 ...th-headers-before-the-modify-request-obse.patch |   12 ++--
 .../0005-Add-a-string-based-cacheKey.patch         |   14 ++--
 ...6-Randomize-HTTP-pipeline-order-and-depth.patch |   16 ++--
 .../0007-Block-all-plugins-except-flash.patch      |   28 +++---
 ...ontent-pref-service-memory-only-clearable.patch |    2 +-
 11 files changed, 223 insertions(+), 223 deletions(-)

diff --git a/src/current-patches/0001-Block-Components.interfaces-lookupMethod-from-conten.patch b/src/current-patches/0001-Block-Components.interfaces-lookupMethod-from-conten.patch
new file mode 100644
index 0000000..70070d2
--- /dev/null
+++ b/src/current-patches/0001-Block-Components.interfaces-lookupMethod-from-conten.patch
@@ -0,0 +1,50 @@
+From b31cf77e084355158252629efd6bf794212d807a Mon Sep 17 00:00:00 2001
+From: Mike Perry <mikeperry-git at fscked.org>
+Date: Mon, 20 Jun 2011 17:07:41 -0700
+Subject: [PATCH 1/8] Block Components.interfaces,lookupMethod from content
+
+This patch removes the ability of content script to access
+Components.interfaces.* as well as call or access Components.lookupMethod.
+
+These two interfaces seem to be exposed to content script only to make our
+lives difficult. Components.lookupMethod can undo our JS hooks, and
+Components.interfaces is useful for fingerprinting the platform, OS, and
+Firebox version.
+
+They appear to have no other legitimate use. See also:
+https://bugzilla.mozilla.org/show_bug.cgi?id=429070
+https://trac.torproject.org/projects/tor/ticket/2873
+https://trac.torproject.org/projects/tor/ticket/2874
+---
+ js/src/xpconnect/src/xpccomponents.cpp |    8 ++++++--
+ 1 files changed, 6 insertions(+), 2 deletions(-)
+
+diff --git a/js/src/xpconnect/src/xpccomponents.cpp b/js/src/xpconnect/src/xpccomponents.cpp
+index 664021e..9c8c415 100644
+--- a/js/src/xpconnect/src/xpccomponents.cpp
++++ b/js/src/xpconnect/src/xpccomponents.cpp
+@@ -4393,7 +4393,9 @@ nsXPCComponents::CanCreateWrapper(const nsIID * iid, char **_retval)
+ NS_IMETHODIMP
+ nsXPCComponents::CanCallMethod(const nsIID * iid, const PRUnichar *methodName, char **_retval)
+ {
+-    static const char* allowed[] = { "isSuccessCode", "lookupMethod", nsnull };
++    // XXX: Pref observer? Also, is this what we want? Seems like a plan
++    //static const char* allowed[] = { "isSuccessCode", "lookupMethod", nsnull };
++    static const char* allowed[] = { "isSuccessCode", nsnull };
+     *_retval = xpc_CheckAccessList(methodName, allowed);
+     return NS_OK;
+ }
+@@ -4402,7 +4404,9 @@ nsXPCComponents::CanCallMethod(const nsIID * iid, const PRUnichar *methodName, c
+ NS_IMETHODIMP
+ nsXPCComponents::CanGetProperty(const nsIID * iid, const PRUnichar *propertyName, char **_retval)
+ {
+-    static const char* allowed[] = { "interfaces", "interfacesByID", "results", nsnull};
++    // XXX: Pref observer? Also, is this what we want? Seems like a plan
++    //    static const char* allowed[] = { "interfaces", "interfacesByID", "results", nsnull};
++    static const char* allowed[] = { "results", nsnull};
+     *_retval = xpc_CheckAccessList(propertyName, allowed);
+     return NS_OK;
+ }
+-- 
+1.7.3.4
+
diff --git a/src/current-patches/0001-Firefox6-Block-Components.interfaces-lookupMethod-fr.patch b/src/current-patches/0001-Firefox6-Block-Components.interfaces-lookupMethod-fr.patch
deleted file mode 100644
index cfef3c2..0000000
--- a/src/current-patches/0001-Firefox6-Block-Components.interfaces-lookupMethod-fr.patch
+++ /dev/null
@@ -1,50 +0,0 @@
-From 1e21a3046829028f07c9bd13945e8bbeee2d5aad Mon Sep 17 00:00:00 2001
-From: Mike Perry <mikeperry-git at fscked.org>
-Date: Mon, 20 Jun 2011 17:07:41 -0700
-Subject: [PATCH 1/7] Firefox6: Block Components.interfaces,lookupMethod from content
-
-This patch removes the ability of content script to access
-Components.interfaces.* as well as call or access Components.lookupMethod.
-
-These two interfaces seem to be exposed to content script only to make our
-lives difficult. Components.lookupMethod can undo our JS hooks, and
-Components.interfaces is useful for fingerprinting the platform, OS, and
-Firebox version.
-
-They appear to have no other legitimate use. See also:
-https://bugzilla.mozilla.org/show_bug.cgi?id=429070
-https://trac.torproject.org/projects/tor/ticket/2873
-https://trac.torproject.org/projects/tor/ticket/2874
----
- js/src/xpconnect/src/xpccomponents.cpp |    8 ++++++--
- 1 files changed, 6 insertions(+), 2 deletions(-)
-
-diff --git a/js/src/xpconnect/src/xpccomponents.cpp b/js/src/xpconnect/src/xpccomponents.cpp
-index c1d3e30..48c8b6a 100644
---- a/js/src/xpconnect/src/xpccomponents.cpp
-+++ b/js/src/xpconnect/src/xpccomponents.cpp
-@@ -4231,7 +4231,9 @@ nsXPCComponents::CanCreateWrapper(const nsIID * iid, char **_retval)
- NS_IMETHODIMP
- nsXPCComponents::CanCallMethod(const nsIID * iid, const PRUnichar *methodName, char **_retval)
- {
--    static const char* allowed[] = { "isSuccessCode", "lookupMethod", nsnull };
-+    // XXX: Pref observer? Also, is this what we want? Seems like a plan
-+    //static const char* allowed[] = { "isSuccessCode", "lookupMethod", nsnull };
-+    static const char* allowed[] = { "isSuccessCode", nsnull };
-     *_retval = xpc_CheckAccessList(methodName, allowed);
-     return NS_OK;
- }
-@@ -4240,7 +4242,9 @@ nsXPCComponents::CanCallMethod(const nsIID * iid, const PRUnichar *methodName, c
- NS_IMETHODIMP
- nsXPCComponents::CanGetProperty(const nsIID * iid, const PRUnichar *propertyName, char **_retval)
- {
--    static const char* allowed[] = { "interfaces", "interfacesByID", "results", nsnull};
-+    // XXX: Pref observer? Also, is this what we want? Seems like a plan
-+    //    static const char* allowed[] = { "interfaces", "interfacesByID", "results", nsnull};
-+    static const char* allowed[] = { "results", nsnull};
-     *_retval = xpc_CheckAccessList(propertyName, allowed);
-     return NS_OK;
- }
--- 
-1.7.3.4
-
diff --git a/src/current-patches/0002-Firefox6-Make-Permissions-Manager-memory-only.patch b/src/current-patches/0002-Firefox6-Make-Permissions-Manager-memory-only.patch
deleted file mode 100644
index ac1ae8b..0000000
--- a/src/current-patches/0002-Firefox6-Make-Permissions-Manager-memory-only.patch
+++ /dev/null
@@ -1,94 +0,0 @@
-From c8cbe2617fd627f3edbd64c7ddaf99e6dd0301fb Mon Sep 17 00:00:00 2001
-From: Mike Perry <mikeperry-git at fscked.org>
-Date: Mon, 20 Jun 2011 17:07:56 -0700
-Subject: [PATCH 2/7] Firefox6: Make Permissions Manager memory-only
-
-This patch exposes a pref 'permissions.memory_only' that properly isolates the
-permissions manager to memory, which is responsible for all user specified
-site permissions, as well as stored STS policy.
-
-The pref does successfully clear the permissions manager memory if toggled. It
-does not need to be set in prefs.js, and can be handled by Torbutton.
-
-https://trac.torproject.org/projects/tor/ticket/2950
----
- extensions/cookie/nsPermissionManager.cpp |   34 ++++++++++++++++++++++++++--
- 1 files changed, 31 insertions(+), 3 deletions(-)
-
-diff --git a/extensions/cookie/nsPermissionManager.cpp b/extensions/cookie/nsPermissionManager.cpp
-index 773a973..5387397 100644
---- a/extensions/cookie/nsPermissionManager.cpp
-+++ b/extensions/cookie/nsPermissionManager.cpp
-@@ -58,6 +58,10 @@
- #include "mozStorageHelper.h"
- #include "mozStorageCID.h"
- #include "nsXULAppAPI.h"
-+#include "nsCOMPtr.h"
-+#include "nsIPrefService.h"
-+#include "nsIPrefBranch.h"
-+#include "nsIPrefBranch2.h"
- 
- static nsPermissionManager *gPermissionManager = nsnull;
- 
-@@ -227,6 +231,11 @@ nsPermissionManager::Init()
-     mObserverService->AddObserver(this, "profile-do-change", PR_TRUE);
-   }
- 
-+  nsCOMPtr<nsIPrefBranch2> pbi = do_GetService(NS_PREFSERVICE_CONTRACTID);
-+  if (pbi) {
-+    pbi->AddObserver("permissions.", this, PR_FALSE);
-+  }
-+
-   if (IsChildProcess()) {
-     // Get the permissions from the parent process
-     InfallibleTArray<IPC::Permission> perms;
-@@ -275,8 +284,18 @@ nsPermissionManager::InitDB(PRBool aRemoveFile)
-   if (!storage)
-     return NS_ERROR_UNEXPECTED;
- 
-+  PRBool memory_db = false;
-+  nsCOMPtr<nsIPrefBranch> prefs = do_GetService(NS_PREFSERVICE_CONTRACTID);
-+  if (prefs) {
-+    prefs->GetBoolPref("permissions.memory_only", &memory_db); 
-+  }
-+
-   // cache a connection to the hosts database
--  rv = storage->OpenDatabase(permissionsFile, getter_AddRefs(mDBConn));
-+  if (memory_db) {
-+    rv = storage->OpenSpecialDatabase("memory", getter_AddRefs(mDBConn));
-+  } else {
-+    rv = storage->OpenDatabase(permissionsFile, getter_AddRefs(mDBConn));
-+  }
-   NS_ENSURE_SUCCESS(rv, rv);
- 
-   PRBool ready;
-@@ -286,7 +305,11 @@ nsPermissionManager::InitDB(PRBool aRemoveFile)
-     rv = permissionsFile->Remove(PR_FALSE);
-     NS_ENSURE_SUCCESS(rv, rv);
- 
--    rv = storage->OpenDatabase(permissionsFile, getter_AddRefs(mDBConn));
-+    if (memory_db) {
-+      rv = storage->OpenSpecialDatabase("memory", getter_AddRefs(mDBConn));
-+    } else {
-+      rv = storage->OpenDatabase(permissionsFile, getter_AddRefs(mDBConn));
-+    }
-     NS_ENSURE_SUCCESS(rv, rv);
- 
-     mDBConn->GetConnectionReady(&ready);
-@@ -805,7 +828,12 @@ NS_IMETHODIMP nsPermissionManager::Observe(nsISupports *aSubject, const char *aT
- {
-   ENSURE_NOT_CHILD_PROCESS;
- 
--  if (!nsCRT::strcmp(aTopic, "profile-before-change")) {
-+  if (nsCRT::strcmp(aTopic, NS_PREFBRANCH_PREFCHANGE_TOPIC_ID) == 0) {
-+    if (!nsCRT::strcmp(someData, NS_LITERAL_STRING("permissions.memory_only").get())) {
-+      // XXX: Should we remove the file? Probably not..
-+      InitDB(PR_FALSE);
-+    }
-+  } else if (!nsCRT::strcmp(aTopic, "profile-before-change")) {
-     // The profile is about to change,
-     // or is going away because the application is shutting down.
-     if (!nsCRT::strcmp(someData, NS_LITERAL_STRING("shutdown-cleanse").get())) {
--- 
-1.7.3.4
-
diff --git a/src/current-patches/0002-Make-Permissions-Manager-memory-only.patch b/src/current-patches/0002-Make-Permissions-Manager-memory-only.patch
new file mode 100644
index 0000000..0429cca
--- /dev/null
+++ b/src/current-patches/0002-Make-Permissions-Manager-memory-only.patch
@@ -0,0 +1,94 @@
+From 9eff68b74bb38d535c1d09246c8c2893f05edd1b Mon Sep 17 00:00:00 2001
+From: Mike Perry <mikeperry-git at fscked.org>
+Date: Mon, 20 Jun 2011 17:07:56 -0700
+Subject: [PATCH 2/8] Make Permissions Manager memory-only
+
+This patch exposes a pref 'permissions.memory_only' that properly isolates the
+permissions manager to memory, which is responsible for all user specified
+site permissions, as well as stored STS policy.
+
+The pref does successfully clear the permissions manager memory if toggled. It
+does not need to be set in prefs.js, and can be handled by Torbutton.
+
+https://trac.torproject.org/projects/tor/ticket/2950
+---
+ extensions/cookie/nsPermissionManager.cpp |   34 ++++++++++++++++++++++++++--
+ 1 files changed, 31 insertions(+), 3 deletions(-)
+
+diff --git a/extensions/cookie/nsPermissionManager.cpp b/extensions/cookie/nsPermissionManager.cpp
+index 773a973..5387397 100644
+--- a/extensions/cookie/nsPermissionManager.cpp
++++ b/extensions/cookie/nsPermissionManager.cpp
+@@ -58,6 +58,10 @@
+ #include "mozStorageHelper.h"
+ #include "mozStorageCID.h"
+ #include "nsXULAppAPI.h"
++#include "nsCOMPtr.h"
++#include "nsIPrefService.h"
++#include "nsIPrefBranch.h"
++#include "nsIPrefBranch2.h"
+ 
+ static nsPermissionManager *gPermissionManager = nsnull;
+ 
+@@ -227,6 +231,11 @@ nsPermissionManager::Init()
+     mObserverService->AddObserver(this, "profile-do-change", PR_TRUE);
+   }
+ 
++  nsCOMPtr<nsIPrefBranch2> pbi = do_GetService(NS_PREFSERVICE_CONTRACTID);
++  if (pbi) {
++    pbi->AddObserver("permissions.", this, PR_FALSE);
++  }
++
+   if (IsChildProcess()) {
+     // Get the permissions from the parent process
+     InfallibleTArray<IPC::Permission> perms;
+@@ -275,8 +284,18 @@ nsPermissionManager::InitDB(PRBool aRemoveFile)
+   if (!storage)
+     return NS_ERROR_UNEXPECTED;
+ 
++  PRBool memory_db = false;
++  nsCOMPtr<nsIPrefBranch> prefs = do_GetService(NS_PREFSERVICE_CONTRACTID);
++  if (prefs) {
++    prefs->GetBoolPref("permissions.memory_only", &memory_db); 
++  }
++
+   // cache a connection to the hosts database
+-  rv = storage->OpenDatabase(permissionsFile, getter_AddRefs(mDBConn));
++  if (memory_db) {
++    rv = storage->OpenSpecialDatabase("memory", getter_AddRefs(mDBConn));
++  } else {
++    rv = storage->OpenDatabase(permissionsFile, getter_AddRefs(mDBConn));
++  }
+   NS_ENSURE_SUCCESS(rv, rv);
+ 
+   PRBool ready;
+@@ -286,7 +305,11 @@ nsPermissionManager::InitDB(PRBool aRemoveFile)
+     rv = permissionsFile->Remove(PR_FALSE);
+     NS_ENSURE_SUCCESS(rv, rv);
+ 
+-    rv = storage->OpenDatabase(permissionsFile, getter_AddRefs(mDBConn));
++    if (memory_db) {
++      rv = storage->OpenSpecialDatabase("memory", getter_AddRefs(mDBConn));
++    } else {
++      rv = storage->OpenDatabase(permissionsFile, getter_AddRefs(mDBConn));
++    }
+     NS_ENSURE_SUCCESS(rv, rv);
+ 
+     mDBConn->GetConnectionReady(&ready);
+@@ -805,7 +828,12 @@ NS_IMETHODIMP nsPermissionManager::Observe(nsISupports *aSubject, const char *aT
+ {
+   ENSURE_NOT_CHILD_PROCESS;
+ 
+-  if (!nsCRT::strcmp(aTopic, "profile-before-change")) {
++  if (nsCRT::strcmp(aTopic, NS_PREFBRANCH_PREFCHANGE_TOPIC_ID) == 0) {
++    if (!nsCRT::strcmp(someData, NS_LITERAL_STRING("permissions.memory_only").get())) {
++      // XXX: Should we remove the file? Probably not..
++      InitDB(PR_FALSE);
++    }
++  } else if (!nsCRT::strcmp(aTopic, "profile-before-change")) {
+     // The profile is about to change,
+     // or is going away because the application is shutting down.
+     if (!nsCRT::strcmp(someData, NS_LITERAL_STRING("shutdown-cleanse").get())) {
+-- 
+1.7.3.4
+
diff --git a/src/current-patches/0003-Firefox6-Make-Intermediate-Cert-Store-memory-only.patch b/src/current-patches/0003-Firefox6-Make-Intermediate-Cert-Store-memory-only.patch
deleted file mode 100644
index 34a2a3e..0000000
--- a/src/current-patches/0003-Firefox6-Make-Intermediate-Cert-Store-memory-only.patch
+++ /dev/null
@@ -1,43 +0,0 @@
-From 66d789bb9eb916dc909f7fda79f988c4360a3924 Mon Sep 17 00:00:00 2001
-From: Mike Perry <mikeperry-git at fscked.org>
-Date: Fri, 19 Aug 2011 17:58:23 -0700
-Subject: [PATCH 3/7] Firefox6: Make Intermediate Cert Store memory-only.
-
-This patch makes the intermediate SSL cert store exist in memory only.
-
-The pref must be set before startup in prefs.js.
-https://trac.torproject.org/projects/tor/ticket/2949
----
- security/manager/ssl/src/nsNSSComponent.cpp |   15 ++++++++++++++-
- 1 files changed, 14 insertions(+), 1 deletions(-)
-
-diff --git a/security/manager/ssl/src/nsNSSComponent.cpp b/security/manager/ssl/src/nsNSSComponent.cpp
-index 7a8569b..828c3eb 100644
---- a/security/manager/ssl/src/nsNSSComponent.cpp
-+++ b/security/manager/ssl/src/nsNSSComponent.cpp
-@@ -1729,8 +1729,21 @@ nsNSSComponent::InitializeNSS(PRBool showWarningBox)
-     // Ubuntu 8.04, which loads any nonexistent "<configdir>/libnssckbi.so" as
-     // "/usr/lib/nss/libnssckbi.so".
-     PRUint32 init_flags = NSS_INIT_NOROOTINIT | NSS_INIT_OPTIMIZESPACE;
--    SECStatus init_rv = ::NSS_Initialize(profileStr.get(), "", "",
-+    PRBool nocertdb = false;
-+    mPrefBranch->GetBoolPref("security.nocertdb", &nocertdb);
-+
-+    // XXX: We can also do the the following to only disable the certdb.
-+    // Leaving this codepath in as a fallback in case InitNODB fails
-+    if (nocertdb)
-+      init_flags |= NSS_INIT_NOCERTDB;
-+
-+    SECStatus init_rv;
-+    if (nocertdb) {
-+        init_rv = ::NSS_NoDB_Init(NULL);
-+    } else {
-+        init_rv = ::NSS_Initialize(profileStr.get(), "", "",
-                                          SECMOD_DB, init_flags);
-+    }
- 
-     if (init_rv != SECSuccess) {
-       PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("can not init NSS r/w in %s\n", profileStr.get()));
--- 
-1.7.3.4
-
diff --git a/src/current-patches/0003-Make-Intermediate-Cert-Store-memory-only.patch b/src/current-patches/0003-Make-Intermediate-Cert-Store-memory-only.patch
new file mode 100644
index 0000000..0d3c991
--- /dev/null
+++ b/src/current-patches/0003-Make-Intermediate-Cert-Store-memory-only.patch
@@ -0,0 +1,43 @@
+From 6b2fed2b29f239c1c85e32bd417bacc3fd7155a7 Mon Sep 17 00:00:00 2001
+From: Mike Perry <mikeperry-git at fscked.org>
+Date: Fri, 19 Aug 2011 17:58:23 -0700
+Subject: [PATCH 3/8] Make Intermediate Cert Store memory-only.
+
+This patch makes the intermediate SSL cert store exist in memory only.
+
+The pref must be set before startup in prefs.js.
+https://trac.torproject.org/projects/tor/ticket/2949
+---
+ security/manager/ssl/src/nsNSSComponent.cpp |   15 ++++++++++++++-
+ 1 files changed, 14 insertions(+), 1 deletions(-)
+
+diff --git a/security/manager/ssl/src/nsNSSComponent.cpp b/security/manager/ssl/src/nsNSSComponent.cpp
+index 11cb2bd..fd717f4 100644
+--- a/security/manager/ssl/src/nsNSSComponent.cpp
++++ b/security/manager/ssl/src/nsNSSComponent.cpp
+@@ -1757,8 +1757,21 @@ nsNSSComponent::InitializeNSS(PRBool showWarningBox)
+     // Ubuntu 8.04, which loads any nonexistent "<configdir>/libnssckbi.so" as
+     // "/usr/lib/nss/libnssckbi.so".
+     PRUint32 init_flags = NSS_INIT_NOROOTINIT | NSS_INIT_OPTIMIZESPACE;
+-    SECStatus init_rv = ::NSS_Initialize(profileStr.get(), "", "",
++    PRBool nocertdb = false;
++    mPrefBranch->GetBoolPref("security.nocertdb", &nocertdb);
++
++    // XXX: We can also do the the following to only disable the certdb.
++    // Leaving this codepath in as a fallback in case InitNODB fails
++    if (nocertdb)
++      init_flags |= NSS_INIT_NOCERTDB;
++
++    SECStatus init_rv;
++    if (nocertdb) {
++        init_rv = ::NSS_NoDB_Init(NULL);
++    } else {
++        init_rv = ::NSS_Initialize(profileStr.get(), "", "",
+                                          SECMOD_DB, init_flags);
++    }
+ 
+     if (init_rv != SECSuccess) {
+       PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("can not init NSS r/w in %s\n", profileStr.get()));
+-- 
+1.7.3.4
+
diff --git a/src/current-patches/0004-Add-HTTP-auth-headers-before-the-modify-request-obse.patch b/src/current-patches/0004-Add-HTTP-auth-headers-before-the-modify-request-obse.patch
index 522407b..24ab5fd 100644
--- a/src/current-patches/0004-Add-HTTP-auth-headers-before-the-modify-request-obse.patch
+++ b/src/current-patches/0004-Add-HTTP-auth-headers-before-the-modify-request-obse.patch
@@ -1,7 +1,7 @@
-From 3e7e9375aff79629b13332cf250715b155535a5b Mon Sep 17 00:00:00 2001
+From 273ae174b0db5c37d39bb4aefdf1ce3c14fee3d6 Mon Sep 17 00:00:00 2001
 From: Mike Perry <mikeperry-git at fscked.org>
 Date: Fri, 2 Sep 2011 15:33:20 -0700
-Subject: [PATCH 4/7] Add HTTP auth headers before the modify-request observer.
+Subject: [PATCH 4/8] Add HTTP auth headers before the modify-request observer.
 
 Otherwise, how are we supposed to modify them?
 
@@ -11,10 +11,10 @@ Thanks to Georg Koppen for spotting both the problem and this fix.
  1 files changed, 7 insertions(+), 4 deletions(-)
 
 diff --git a/netwerk/protocol/http/nsHttpChannel.cpp b/netwerk/protocol/http/nsHttpChannel.cpp
-index 7038338..7a3254e 100644
+index cd11187..144ecb7 100644
 --- a/netwerk/protocol/http/nsHttpChannel.cpp
 +++ b/netwerk/protocol/http/nsHttpChannel.cpp
-@@ -311,9 +311,6 @@ nsHttpChannel::Connect(PRBool firstTime)
+@@ -287,9 +287,6 @@ nsHttpChannel::Connect(PRBool firstTime)
          return NS_ERROR_DOCUMENT_NOT_CACHED;
      }
  
@@ -24,7 +24,7 @@ index 7038338..7a3254e 100644
      if (mLoadFlags & LOAD_NO_NETWORK_IO) {
          return NS_ERROR_DOCUMENT_NOT_CACHED;
      }
-@@ -3687,6 +3684,9 @@ nsHttpChannel::AsyncOpen(nsIStreamListener *listener, nsISupports *context)
+@@ -3621,6 +3618,9 @@ nsHttpChannel::AsyncOpen(nsIStreamListener *listener, nsISupports *context)
  
      AddCookiesToRequest();
  
@@ -34,7 +34,7 @@ index 7038338..7a3254e 100644
      // notify "http-on-modify-request" observers
      gHttpHandler->OnModifyRequest(this);
  
-@@ -4758,7 +4758,10 @@ nsHttpChannel::DoAuthRetry(nsAHttpConnection *conn)
+@@ -4693,7 +4693,10 @@ nsHttpChannel::DoAuthRetry(nsAHttpConnection *conn)
      // this authentication attempt (bug 84794).
      // TODO: save cookies from auth response and send them here (bug 572151).
      AddCookiesToRequest();
diff --git a/src/current-patches/0005-Add-a-string-based-cacheKey.patch b/src/current-patches/0005-Add-a-string-based-cacheKey.patch
index 1a3b214..3d5fd54 100644
--- a/src/current-patches/0005-Add-a-string-based-cacheKey.patch
+++ b/src/current-patches/0005-Add-a-string-based-cacheKey.patch
@@ -1,7 +1,7 @@
-From 29844b8d74f033c3a2682af40f4b3ee6183450f4 Mon Sep 17 00:00:00 2001
+From b777a0bc7898314cf13f8ad30a3ed072f4246941 Mon Sep 17 00:00:00 2001
 From: Mike Perry <mikeperry-git at fscked.org>
 Date: Fri, 2 Sep 2011 20:47:02 -0700
-Subject: [PATCH 5/7] Add a string-based cacheKey.
+Subject: [PATCH 5/8] Add a string-based cacheKey.
 
 Used for isolating cache according to same-origin policy.
 ---
@@ -29,10 +29,10 @@ index 2da46d6..4ee5774 100644
       * may fail if the disk cache is not present.  The value of this attribute
       * is usually only settable during the processing of a channel's
 diff --git a/netwerk/protocol/http/nsHttpChannel.cpp b/netwerk/protocol/http/nsHttpChannel.cpp
-index 7a3254e..cef5eaa 100644
+index 144ecb7..0c8f8ae 100644
 --- a/netwerk/protocol/http/nsHttpChannel.cpp
 +++ b/netwerk/protocol/http/nsHttpChannel.cpp
-@@ -2379,6 +2379,12 @@ nsHttpChannel::AssembleCacheKey(const char *spec, PRUint32 postID,
+@@ -2313,6 +2313,12 @@ nsHttpChannel::AssembleCacheKey(const char *spec, PRUint32 postID,
          cacheKey.Append(buf);
      }
  
@@ -45,7 +45,7 @@ index 7a3254e..cef5eaa 100644
      if (!cacheKey.IsEmpty()) {
          cacheKey.AppendLiteral("uri=");
      }
-@@ -4658,6 +4664,22 @@ nsHttpChannel::SetCacheForOfflineUse(PRBool value)
+@@ -4593,6 +4599,22 @@ nsHttpChannel::SetCacheForOfflineUse(PRBool value)
  }
  
  NS_IMETHODIMP
@@ -69,10 +69,10 @@ index 7a3254e..cef5eaa 100644
  {
      value = mOfflineCacheClientID;
 diff --git a/netwerk/protocol/http/nsHttpChannel.h b/netwerk/protocol/http/nsHttpChannel.h
-index dd0d7f4..f5016a8 100644
+index a64ec07..7e89afe 100644
 --- a/netwerk/protocol/http/nsHttpChannel.h
 +++ b/netwerk/protocol/http/nsHttpChannel.h
-@@ -312,6 +312,7 @@ private:
+@@ -303,6 +303,7 @@ private:
      nsCOMPtr<nsICacheEntryDescriptor> mOfflineCacheEntry;
      nsCacheAccessMode                 mOfflineCacheAccess;
      nsCString                         mOfflineCacheClientID;
diff --git a/src/current-patches/0006-Randomize-HTTP-pipeline-order-and-depth.patch b/src/current-patches/0006-Randomize-HTTP-pipeline-order-and-depth.patch
index 818d450..76ce04d 100644
--- a/src/current-patches/0006-Randomize-HTTP-pipeline-order-and-depth.patch
+++ b/src/current-patches/0006-Randomize-HTTP-pipeline-order-and-depth.patch
@@ -1,7 +1,7 @@
-From 1c5c12f3c28b6c618f2273d2fe36d7c898b7f012 Mon Sep 17 00:00:00 2001
+From f68b858073e7c16236430ee349fb565ac18cf3d4 Mon Sep 17 00:00:00 2001
 From: Mike Perry <mikeperry-git at fscked.org>
 Date: Sat, 3 Sep 2011 00:10:35 -0700
-Subject: [PATCH 6/7] Randomize HTTP pipeline order and depth.
+Subject: [PATCH 6/8] Randomize HTTP pipeline order and depth.
 
 Also turn up maximum depth to 12.
 
@@ -13,7 +13,7 @@ http://lorre.uni.lu/~andriy/papers/acmccs-wpes11-fingerprinting.pdf
  2 files changed, 81 insertions(+), 1 deletions(-)
 
 diff --git a/netwerk/protocol/http/nsHttpConnectionMgr.cpp b/netwerk/protocol/http/nsHttpConnectionMgr.cpp
-index 108f2c5..6961ab6 100644
+index c754f83..6a522ec 100644
 --- a/netwerk/protocol/http/nsHttpConnectionMgr.cpp
 +++ b/netwerk/protocol/http/nsHttpConnectionMgr.cpp
 @@ -93,6 +93,11 @@ nsHttpConnectionMgr::nsHttpConnectionMgr()
@@ -28,7 +28,7 @@ index 108f2c5..6961ab6 100644
  }
  
  nsHttpConnectionMgr::~nsHttpConnectionMgr()
-@@ -794,7 +799,7 @@ nsHttpConnectionMgr::DispatchTransaction(nsConnectionEntry *ent,
+@@ -822,7 +827,7 @@ nsHttpConnectionMgr::DispatchTransaction(nsConnectionEntry *ent,
      nsHttpPipeline *pipeline = nsnull;
      if (conn->SupportsPipelining() && (caps & NS_HTTP_ALLOW_PIPELINING)) {
          LOG(("  looking to build pipeline...\n"));
@@ -37,7 +37,7 @@ index 108f2c5..6961ab6 100644
              trans = pipeline;
      }
  
-@@ -867,6 +872,77 @@ nsHttpConnectionMgr::BuildPipeline(nsConnectionEntry *ent,
+@@ -895,6 +900,77 @@ nsHttpConnectionMgr::BuildPipeline(nsConnectionEntry *ent,
      return PR_TRUE;
  }
  
@@ -116,7 +116,7 @@ index 108f2c5..6961ab6 100644
  nsHttpConnectionMgr::ProcessNewTransaction(nsHttpTransaction *trans)
  {
 diff --git a/netwerk/protocol/http/nsHttpConnectionMgr.h b/netwerk/protocol/http/nsHttpConnectionMgr.h
-index fc3ed1d..7dde291 100644
+index 695cd8f..1806d17 100644
 --- a/netwerk/protocol/http/nsHttpConnectionMgr.h
 +++ b/netwerk/protocol/http/nsHttpConnectionMgr.h
 @@ -48,6 +48,7 @@
@@ -127,7 +127,7 @@ index fc3ed1d..7dde291 100644
  
  #include "nsIObserver.h"
  #include "nsITimer.h"
-@@ -264,6 +265,7 @@ private:
+@@ -270,6 +271,7 @@ private:
      nsresult DispatchTransaction(nsConnectionEntry *, nsAHttpTransaction *,
                                   PRUint8 caps, nsHttpConnection *);
      PRBool   BuildPipeline(nsConnectionEntry *, nsAHttpTransaction *, nsHttpPipeline **);
@@ -135,7 +135,7 @@ index fc3ed1d..7dde291 100644
      nsresult ProcessNewTransaction(nsHttpTransaction *);
      nsresult EnsureSocketThreadTargetIfOnline();
      nsresult CreateTransport(nsConnectionEntry *, nsHttpTransaction *);
-@@ -339,6 +341,8 @@ private:
+@@ -345,6 +347,8 @@ private:
      PRUint64 mTimeOfNextWakeUp;
      // Timer for next pruning of dead connections.
      nsCOMPtr<nsITimer> mTimer;
diff --git a/src/current-patches/0007-Block-all-plugins-except-flash.patch b/src/current-patches/0007-Block-all-plugins-except-flash.patch
index d2c54dc..eae5f1f 100644
--- a/src/current-patches/0007-Block-all-plugins-except-flash.patch
+++ b/src/current-patches/0007-Block-all-plugins-except-flash.patch
@@ -1,6 +1,6 @@
-From dfabac8eddc37d794e23d25de3f1ef602ad4ad86 Mon Sep 17 00:00:00 2001
+From 32c9fdda43a02e738cbe9c7207795ed92bf835b9 Mon Sep 17 00:00:00 2001
 From: Mike Perry <mikeperry-git at fscked.org>
-Date: Thu, 8 Sep 2011 08:40:05 -0700
+Date: Wed, 28 Sep 2011 13:24:20 -0700
 Subject: [PATCH 7/8] Block all plugins except flash.
 
 We cannot use the @mozilla.org/extensions/blocklist;1 service, because we
@@ -17,12 +17,12 @@ on a better way. Until then, it is delta-darwinism for us.
  2 files changed, 35 insertions(+), 0 deletions(-)
 
 diff --git a/dom/plugins/base/nsPluginHost.cpp b/dom/plugins/base/nsPluginHost.cpp
-index 93c2413..1dc4ee0 100644
+index 2c2ad7d..eba8c24 100644
 --- a/dom/plugins/base/nsPluginHost.cpp
 +++ b/dom/plugins/base/nsPluginHost.cpp
-@@ -2062,6 +2062,35 @@ class nsDefaultComparator<pluginFileinDirectory, pluginFileinDirectory>
- 
- typedef NS_NPAPIPLUGIN_CALLBACK(char *, NP_GETMIMEDESCRIPTION)(void);
+@@ -2014,6 +2014,35 @@ PRBool nsPluginHost::IsDuplicatePlugin(nsPluginTag * aPluginTag)
+   return PR_FALSE;
+ }
  
 +PRBool nsPluginHost::GhettoBlacklist(nsIFile *pluginFile)
 +{
@@ -53,25 +53,25 @@ index 93c2413..1dc4ee0 100644
 +    return PR_TRUE; // fuck 'em. blacklist.
 +}
 +
+ typedef NS_NPAPIPLUGIN_CALLBACK(char *, NP_GETMIMEDESCRIPTION)(void);
+ 
  nsresult nsPluginHost::ScanPluginsDirectory(nsIFile *pluginsDir,
-                                             PRBool aCreatePluginList,
-                                             PRBool *aPluginsChanged)
-@@ -2197,6 +2226,10 @@ nsresult nsPluginHost::ScanPluginsDirectory(nsIFile *pluginsDir,
+@@ -2135,6 +2164,10 @@ nsresult nsPluginHost::ScanPluginsDirectory(nsIFile *pluginsDir,
        continue;
      }
  
-+    if (GhettoBlacklist(file)) {
-+      continue;
++    if (GhettoBlacklist(localfile)) {
++        continue;
 +    }
 +
      // if it is not found in cache info list or has been changed, create a new one
      if (!pluginTag) {
-       nsPluginFile pluginFile(file);
+       nsPluginFile pluginFile(localfile);
 diff --git a/dom/plugins/base/nsPluginHost.h b/dom/plugins/base/nsPluginHost.h
-index b1b8759..d6e237f 100644
+index cb43042..41dbf63 100644
 --- a/dom/plugins/base/nsPluginHost.h
 +++ b/dom/plugins/base/nsPluginHost.h
-@@ -283,6 +283,8 @@ private:
+@@ -282,6 +282,8 @@ private:
    // Loads all cached plugins info into mCachedPlugins
    nsresult ReadPluginInfo();
  
diff --git a/src/current-patches/0008-Make-content-pref-service-memory-only-clearable.patch b/src/current-patches/0008-Make-content-pref-service-memory-only-clearable.patch
index 75f0c0c..3b46894 100644
--- a/src/current-patches/0008-Make-content-pref-service-memory-only-clearable.patch
+++ b/src/current-patches/0008-Make-content-pref-service-memory-only-clearable.patch
@@ -1,4 +1,4 @@
-From 3964288545a78c28ca4585ac51bd7d9b8ccb3503 Mon Sep 17 00:00:00 2001
+From cdf48e30d76f7e1c349cdf8597e9cdc94623b8d8 Mon Sep 17 00:00:00 2001
 From: Mike Perry <mikeperry-git at fscked.org>
 Date: Thu, 8 Sep 2011 08:40:17 -0700
 Subject: [PATCH 8/8] Make content pref service memory-only + clearable





More information about the tor-commits mailing list