[tor-commits] [torbrowser/maint-2.2] Rebase patches to Firefox 7.0.
erinn at torproject.org
erinn at torproject.org
Wed Sep 28 22:28:29 UTC 2011
commit a9287e590da71d3cbc170c3bb7af1b52a88e2b03
Author: Mike Perry <mikeperry-git at fscked.org>
Date: Wed Sep 28 13:29:39 2011 -0700
Rebase patches to Firefox 7.0.
---
...nents.interfaces-lookupMethod-from-conten.patch | 50 +++++++++++
...ock-Components.interfaces-lookupMethod-fr.patch | 50 -----------
...fox6-Make-Permissions-Manager-memory-only.patch | 94 --------------------
...0002-Make-Permissions-Manager-memory-only.patch | 94 ++++++++++++++++++++
...-Make-Intermediate-Cert-Store-memory-only.patch | 43 ---------
...-Make-Intermediate-Cert-Store-memory-only.patch | 43 +++++++++
...th-headers-before-the-modify-request-obse.patch | 12 ++--
.../0005-Add-a-string-based-cacheKey.patch | 14 ++--
...6-Randomize-HTTP-pipeline-order-and-depth.patch | 16 ++--
.../0007-Block-all-plugins-except-flash.patch | 28 +++---
...ontent-pref-service-memory-only-clearable.patch | 2 +-
11 files changed, 223 insertions(+), 223 deletions(-)
diff --git a/src/current-patches/0001-Block-Components.interfaces-lookupMethod-from-conten.patch b/src/current-patches/0001-Block-Components.interfaces-lookupMethod-from-conten.patch
new file mode 100644
index 0000000..70070d2
--- /dev/null
+++ b/src/current-patches/0001-Block-Components.interfaces-lookupMethod-from-conten.patch
@@ -0,0 +1,50 @@
+From b31cf77e084355158252629efd6bf794212d807a Mon Sep 17 00:00:00 2001
+From: Mike Perry <mikeperry-git at fscked.org>
+Date: Mon, 20 Jun 2011 17:07:41 -0700
+Subject: [PATCH 1/8] Block Components.interfaces,lookupMethod from content
+
+This patch removes the ability of content script to access
+Components.interfaces.* as well as call or access Components.lookupMethod.
+
+These two interfaces seem to be exposed to content script only to make our
+lives difficult. Components.lookupMethod can undo our JS hooks, and
+Components.interfaces is useful for fingerprinting the platform, OS, and
+Firebox version.
+
+They appear to have no other legitimate use. See also:
+https://bugzilla.mozilla.org/show_bug.cgi?id=429070
+https://trac.torproject.org/projects/tor/ticket/2873
+https://trac.torproject.org/projects/tor/ticket/2874
+---
+ js/src/xpconnect/src/xpccomponents.cpp | 8 ++++++--
+ 1 files changed, 6 insertions(+), 2 deletions(-)
+
+diff --git a/js/src/xpconnect/src/xpccomponents.cpp b/js/src/xpconnect/src/xpccomponents.cpp
+index 664021e..9c8c415 100644
+--- a/js/src/xpconnect/src/xpccomponents.cpp
++++ b/js/src/xpconnect/src/xpccomponents.cpp
+@@ -4393,7 +4393,9 @@ nsXPCComponents::CanCreateWrapper(const nsIID * iid, char **_retval)
+ NS_IMETHODIMP
+ nsXPCComponents::CanCallMethod(const nsIID * iid, const PRUnichar *methodName, char **_retval)
+ {
+- static const char* allowed[] = { "isSuccessCode", "lookupMethod", nsnull };
++ // XXX: Pref observer? Also, is this what we want? Seems like a plan
++ //static const char* allowed[] = { "isSuccessCode", "lookupMethod", nsnull };
++ static const char* allowed[] = { "isSuccessCode", nsnull };
+ *_retval = xpc_CheckAccessList(methodName, allowed);
+ return NS_OK;
+ }
+@@ -4402,7 +4404,9 @@ nsXPCComponents::CanCallMethod(const nsIID * iid, const PRUnichar *methodName, c
+ NS_IMETHODIMP
+ nsXPCComponents::CanGetProperty(const nsIID * iid, const PRUnichar *propertyName, char **_retval)
+ {
+- static const char* allowed[] = { "interfaces", "interfacesByID", "results", nsnull};
++ // XXX: Pref observer? Also, is this what we want? Seems like a plan
++ // static const char* allowed[] = { "interfaces", "interfacesByID", "results", nsnull};
++ static const char* allowed[] = { "results", nsnull};
+ *_retval = xpc_CheckAccessList(propertyName, allowed);
+ return NS_OK;
+ }
+--
+1.7.3.4
+
diff --git a/src/current-patches/0001-Firefox6-Block-Components.interfaces-lookupMethod-fr.patch b/src/current-patches/0001-Firefox6-Block-Components.interfaces-lookupMethod-fr.patch
deleted file mode 100644
index cfef3c2..0000000
--- a/src/current-patches/0001-Firefox6-Block-Components.interfaces-lookupMethod-fr.patch
+++ /dev/null
@@ -1,50 +0,0 @@
-From 1e21a3046829028f07c9bd13945e8bbeee2d5aad Mon Sep 17 00:00:00 2001
-From: Mike Perry <mikeperry-git at fscked.org>
-Date: Mon, 20 Jun 2011 17:07:41 -0700
-Subject: [PATCH 1/7] Firefox6: Block Components.interfaces,lookupMethod from content
-
-This patch removes the ability of content script to access
-Components.interfaces.* as well as call or access Components.lookupMethod.
-
-These two interfaces seem to be exposed to content script only to make our
-lives difficult. Components.lookupMethod can undo our JS hooks, and
-Components.interfaces is useful for fingerprinting the platform, OS, and
-Firebox version.
-
-They appear to have no other legitimate use. See also:
-https://bugzilla.mozilla.org/show_bug.cgi?id=429070
-https://trac.torproject.org/projects/tor/ticket/2873
-https://trac.torproject.org/projects/tor/ticket/2874
----
- js/src/xpconnect/src/xpccomponents.cpp | 8 ++++++--
- 1 files changed, 6 insertions(+), 2 deletions(-)
-
-diff --git a/js/src/xpconnect/src/xpccomponents.cpp b/js/src/xpconnect/src/xpccomponents.cpp
-index c1d3e30..48c8b6a 100644
---- a/js/src/xpconnect/src/xpccomponents.cpp
-+++ b/js/src/xpconnect/src/xpccomponents.cpp
-@@ -4231,7 +4231,9 @@ nsXPCComponents::CanCreateWrapper(const nsIID * iid, char **_retval)
- NS_IMETHODIMP
- nsXPCComponents::CanCallMethod(const nsIID * iid, const PRUnichar *methodName, char **_retval)
- {
-- static const char* allowed[] = { "isSuccessCode", "lookupMethod", nsnull };
-+ // XXX: Pref observer? Also, is this what we want? Seems like a plan
-+ //static const char* allowed[] = { "isSuccessCode", "lookupMethod", nsnull };
-+ static const char* allowed[] = { "isSuccessCode", nsnull };
- *_retval = xpc_CheckAccessList(methodName, allowed);
- return NS_OK;
- }
-@@ -4240,7 +4242,9 @@ nsXPCComponents::CanCallMethod(const nsIID * iid, const PRUnichar *methodName, c
- NS_IMETHODIMP
- nsXPCComponents::CanGetProperty(const nsIID * iid, const PRUnichar *propertyName, char **_retval)
- {
-- static const char* allowed[] = { "interfaces", "interfacesByID", "results", nsnull};
-+ // XXX: Pref observer? Also, is this what we want? Seems like a plan
-+ // static const char* allowed[] = { "interfaces", "interfacesByID", "results", nsnull};
-+ static const char* allowed[] = { "results", nsnull};
- *_retval = xpc_CheckAccessList(propertyName, allowed);
- return NS_OK;
- }
---
-1.7.3.4
-
diff --git a/src/current-patches/0002-Firefox6-Make-Permissions-Manager-memory-only.patch b/src/current-patches/0002-Firefox6-Make-Permissions-Manager-memory-only.patch
deleted file mode 100644
index ac1ae8b..0000000
--- a/src/current-patches/0002-Firefox6-Make-Permissions-Manager-memory-only.patch
+++ /dev/null
@@ -1,94 +0,0 @@
-From c8cbe2617fd627f3edbd64c7ddaf99e6dd0301fb Mon Sep 17 00:00:00 2001
-From: Mike Perry <mikeperry-git at fscked.org>
-Date: Mon, 20 Jun 2011 17:07:56 -0700
-Subject: [PATCH 2/7] Firefox6: Make Permissions Manager memory-only
-
-This patch exposes a pref 'permissions.memory_only' that properly isolates the
-permissions manager to memory, which is responsible for all user specified
-site permissions, as well as stored STS policy.
-
-The pref does successfully clear the permissions manager memory if toggled. It
-does not need to be set in prefs.js, and can be handled by Torbutton.
-
-https://trac.torproject.org/projects/tor/ticket/2950
----
- extensions/cookie/nsPermissionManager.cpp | 34 ++++++++++++++++++++++++++--
- 1 files changed, 31 insertions(+), 3 deletions(-)
-
-diff --git a/extensions/cookie/nsPermissionManager.cpp b/extensions/cookie/nsPermissionManager.cpp
-index 773a973..5387397 100644
---- a/extensions/cookie/nsPermissionManager.cpp
-+++ b/extensions/cookie/nsPermissionManager.cpp
-@@ -58,6 +58,10 @@
- #include "mozStorageHelper.h"
- #include "mozStorageCID.h"
- #include "nsXULAppAPI.h"
-+#include "nsCOMPtr.h"
-+#include "nsIPrefService.h"
-+#include "nsIPrefBranch.h"
-+#include "nsIPrefBranch2.h"
-
- static nsPermissionManager *gPermissionManager = nsnull;
-
-@@ -227,6 +231,11 @@ nsPermissionManager::Init()
- mObserverService->AddObserver(this, "profile-do-change", PR_TRUE);
- }
-
-+ nsCOMPtr<nsIPrefBranch2> pbi = do_GetService(NS_PREFSERVICE_CONTRACTID);
-+ if (pbi) {
-+ pbi->AddObserver("permissions.", this, PR_FALSE);
-+ }
-+
- if (IsChildProcess()) {
- // Get the permissions from the parent process
- InfallibleTArray<IPC::Permission> perms;
-@@ -275,8 +284,18 @@ nsPermissionManager::InitDB(PRBool aRemoveFile)
- if (!storage)
- return NS_ERROR_UNEXPECTED;
-
-+ PRBool memory_db = false;
-+ nsCOMPtr<nsIPrefBranch> prefs = do_GetService(NS_PREFSERVICE_CONTRACTID);
-+ if (prefs) {
-+ prefs->GetBoolPref("permissions.memory_only", &memory_db);
-+ }
-+
- // cache a connection to the hosts database
-- rv = storage->OpenDatabase(permissionsFile, getter_AddRefs(mDBConn));
-+ if (memory_db) {
-+ rv = storage->OpenSpecialDatabase("memory", getter_AddRefs(mDBConn));
-+ } else {
-+ rv = storage->OpenDatabase(permissionsFile, getter_AddRefs(mDBConn));
-+ }
- NS_ENSURE_SUCCESS(rv, rv);
-
- PRBool ready;
-@@ -286,7 +305,11 @@ nsPermissionManager::InitDB(PRBool aRemoveFile)
- rv = permissionsFile->Remove(PR_FALSE);
- NS_ENSURE_SUCCESS(rv, rv);
-
-- rv = storage->OpenDatabase(permissionsFile, getter_AddRefs(mDBConn));
-+ if (memory_db) {
-+ rv = storage->OpenSpecialDatabase("memory", getter_AddRefs(mDBConn));
-+ } else {
-+ rv = storage->OpenDatabase(permissionsFile, getter_AddRefs(mDBConn));
-+ }
- NS_ENSURE_SUCCESS(rv, rv);
-
- mDBConn->GetConnectionReady(&ready);
-@@ -805,7 +828,12 @@ NS_IMETHODIMP nsPermissionManager::Observe(nsISupports *aSubject, const char *aT
- {
- ENSURE_NOT_CHILD_PROCESS;
-
-- if (!nsCRT::strcmp(aTopic, "profile-before-change")) {
-+ if (nsCRT::strcmp(aTopic, NS_PREFBRANCH_PREFCHANGE_TOPIC_ID) == 0) {
-+ if (!nsCRT::strcmp(someData, NS_LITERAL_STRING("permissions.memory_only").get())) {
-+ // XXX: Should we remove the file? Probably not..
-+ InitDB(PR_FALSE);
-+ }
-+ } else if (!nsCRT::strcmp(aTopic, "profile-before-change")) {
- // The profile is about to change,
- // or is going away because the application is shutting down.
- if (!nsCRT::strcmp(someData, NS_LITERAL_STRING("shutdown-cleanse").get())) {
---
-1.7.3.4
-
diff --git a/src/current-patches/0002-Make-Permissions-Manager-memory-only.patch b/src/current-patches/0002-Make-Permissions-Manager-memory-only.patch
new file mode 100644
index 0000000..0429cca
--- /dev/null
+++ b/src/current-patches/0002-Make-Permissions-Manager-memory-only.patch
@@ -0,0 +1,94 @@
+From 9eff68b74bb38d535c1d09246c8c2893f05edd1b Mon Sep 17 00:00:00 2001
+From: Mike Perry <mikeperry-git at fscked.org>
+Date: Mon, 20 Jun 2011 17:07:56 -0700
+Subject: [PATCH 2/8] Make Permissions Manager memory-only
+
+This patch exposes a pref 'permissions.memory_only' that properly isolates the
+permissions manager to memory, which is responsible for all user specified
+site permissions, as well as stored STS policy.
+
+The pref does successfully clear the permissions manager memory if toggled. It
+does not need to be set in prefs.js, and can be handled by Torbutton.
+
+https://trac.torproject.org/projects/tor/ticket/2950
+---
+ extensions/cookie/nsPermissionManager.cpp | 34 ++++++++++++++++++++++++++--
+ 1 files changed, 31 insertions(+), 3 deletions(-)
+
+diff --git a/extensions/cookie/nsPermissionManager.cpp b/extensions/cookie/nsPermissionManager.cpp
+index 773a973..5387397 100644
+--- a/extensions/cookie/nsPermissionManager.cpp
++++ b/extensions/cookie/nsPermissionManager.cpp
+@@ -58,6 +58,10 @@
+ #include "mozStorageHelper.h"
+ #include "mozStorageCID.h"
+ #include "nsXULAppAPI.h"
++#include "nsCOMPtr.h"
++#include "nsIPrefService.h"
++#include "nsIPrefBranch.h"
++#include "nsIPrefBranch2.h"
+
+ static nsPermissionManager *gPermissionManager = nsnull;
+
+@@ -227,6 +231,11 @@ nsPermissionManager::Init()
+ mObserverService->AddObserver(this, "profile-do-change", PR_TRUE);
+ }
+
++ nsCOMPtr<nsIPrefBranch2> pbi = do_GetService(NS_PREFSERVICE_CONTRACTID);
++ if (pbi) {
++ pbi->AddObserver("permissions.", this, PR_FALSE);
++ }
++
+ if (IsChildProcess()) {
+ // Get the permissions from the parent process
+ InfallibleTArray<IPC::Permission> perms;
+@@ -275,8 +284,18 @@ nsPermissionManager::InitDB(PRBool aRemoveFile)
+ if (!storage)
+ return NS_ERROR_UNEXPECTED;
+
++ PRBool memory_db = false;
++ nsCOMPtr<nsIPrefBranch> prefs = do_GetService(NS_PREFSERVICE_CONTRACTID);
++ if (prefs) {
++ prefs->GetBoolPref("permissions.memory_only", &memory_db);
++ }
++
+ // cache a connection to the hosts database
+- rv = storage->OpenDatabase(permissionsFile, getter_AddRefs(mDBConn));
++ if (memory_db) {
++ rv = storage->OpenSpecialDatabase("memory", getter_AddRefs(mDBConn));
++ } else {
++ rv = storage->OpenDatabase(permissionsFile, getter_AddRefs(mDBConn));
++ }
+ NS_ENSURE_SUCCESS(rv, rv);
+
+ PRBool ready;
+@@ -286,7 +305,11 @@ nsPermissionManager::InitDB(PRBool aRemoveFile)
+ rv = permissionsFile->Remove(PR_FALSE);
+ NS_ENSURE_SUCCESS(rv, rv);
+
+- rv = storage->OpenDatabase(permissionsFile, getter_AddRefs(mDBConn));
++ if (memory_db) {
++ rv = storage->OpenSpecialDatabase("memory", getter_AddRefs(mDBConn));
++ } else {
++ rv = storage->OpenDatabase(permissionsFile, getter_AddRefs(mDBConn));
++ }
+ NS_ENSURE_SUCCESS(rv, rv);
+
+ mDBConn->GetConnectionReady(&ready);
+@@ -805,7 +828,12 @@ NS_IMETHODIMP nsPermissionManager::Observe(nsISupports *aSubject, const char *aT
+ {
+ ENSURE_NOT_CHILD_PROCESS;
+
+- if (!nsCRT::strcmp(aTopic, "profile-before-change")) {
++ if (nsCRT::strcmp(aTopic, NS_PREFBRANCH_PREFCHANGE_TOPIC_ID) == 0) {
++ if (!nsCRT::strcmp(someData, NS_LITERAL_STRING("permissions.memory_only").get())) {
++ // XXX: Should we remove the file? Probably not..
++ InitDB(PR_FALSE);
++ }
++ } else if (!nsCRT::strcmp(aTopic, "profile-before-change")) {
+ // The profile is about to change,
+ // or is going away because the application is shutting down.
+ if (!nsCRT::strcmp(someData, NS_LITERAL_STRING("shutdown-cleanse").get())) {
+--
+1.7.3.4
+
diff --git a/src/current-patches/0003-Firefox6-Make-Intermediate-Cert-Store-memory-only.patch b/src/current-patches/0003-Firefox6-Make-Intermediate-Cert-Store-memory-only.patch
deleted file mode 100644
index 34a2a3e..0000000
--- a/src/current-patches/0003-Firefox6-Make-Intermediate-Cert-Store-memory-only.patch
+++ /dev/null
@@ -1,43 +0,0 @@
-From 66d789bb9eb916dc909f7fda79f988c4360a3924 Mon Sep 17 00:00:00 2001
-From: Mike Perry <mikeperry-git at fscked.org>
-Date: Fri, 19 Aug 2011 17:58:23 -0700
-Subject: [PATCH 3/7] Firefox6: Make Intermediate Cert Store memory-only.
-
-This patch makes the intermediate SSL cert store exist in memory only.
-
-The pref must be set before startup in prefs.js.
-https://trac.torproject.org/projects/tor/ticket/2949
----
- security/manager/ssl/src/nsNSSComponent.cpp | 15 ++++++++++++++-
- 1 files changed, 14 insertions(+), 1 deletions(-)
-
-diff --git a/security/manager/ssl/src/nsNSSComponent.cpp b/security/manager/ssl/src/nsNSSComponent.cpp
-index 7a8569b..828c3eb 100644
---- a/security/manager/ssl/src/nsNSSComponent.cpp
-+++ b/security/manager/ssl/src/nsNSSComponent.cpp
-@@ -1729,8 +1729,21 @@ nsNSSComponent::InitializeNSS(PRBool showWarningBox)
- // Ubuntu 8.04, which loads any nonexistent "<configdir>/libnssckbi.so" as
- // "/usr/lib/nss/libnssckbi.so".
- PRUint32 init_flags = NSS_INIT_NOROOTINIT | NSS_INIT_OPTIMIZESPACE;
-- SECStatus init_rv = ::NSS_Initialize(profileStr.get(), "", "",
-+ PRBool nocertdb = false;
-+ mPrefBranch->GetBoolPref("security.nocertdb", &nocertdb);
-+
-+ // XXX: We can also do the the following to only disable the certdb.
-+ // Leaving this codepath in as a fallback in case InitNODB fails
-+ if (nocertdb)
-+ init_flags |= NSS_INIT_NOCERTDB;
-+
-+ SECStatus init_rv;
-+ if (nocertdb) {
-+ init_rv = ::NSS_NoDB_Init(NULL);
-+ } else {
-+ init_rv = ::NSS_Initialize(profileStr.get(), "", "",
- SECMOD_DB, init_flags);
-+ }
-
- if (init_rv != SECSuccess) {
- PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("can not init NSS r/w in %s\n", profileStr.get()));
---
-1.7.3.4
-
diff --git a/src/current-patches/0003-Make-Intermediate-Cert-Store-memory-only.patch b/src/current-patches/0003-Make-Intermediate-Cert-Store-memory-only.patch
new file mode 100644
index 0000000..0d3c991
--- /dev/null
+++ b/src/current-patches/0003-Make-Intermediate-Cert-Store-memory-only.patch
@@ -0,0 +1,43 @@
+From 6b2fed2b29f239c1c85e32bd417bacc3fd7155a7 Mon Sep 17 00:00:00 2001
+From: Mike Perry <mikeperry-git at fscked.org>
+Date: Fri, 19 Aug 2011 17:58:23 -0700
+Subject: [PATCH 3/8] Make Intermediate Cert Store memory-only.
+
+This patch makes the intermediate SSL cert store exist in memory only.
+
+The pref must be set before startup in prefs.js.
+https://trac.torproject.org/projects/tor/ticket/2949
+---
+ security/manager/ssl/src/nsNSSComponent.cpp | 15 ++++++++++++++-
+ 1 files changed, 14 insertions(+), 1 deletions(-)
+
+diff --git a/security/manager/ssl/src/nsNSSComponent.cpp b/security/manager/ssl/src/nsNSSComponent.cpp
+index 11cb2bd..fd717f4 100644
+--- a/security/manager/ssl/src/nsNSSComponent.cpp
++++ b/security/manager/ssl/src/nsNSSComponent.cpp
+@@ -1757,8 +1757,21 @@ nsNSSComponent::InitializeNSS(PRBool showWarningBox)
+ // Ubuntu 8.04, which loads any nonexistent "<configdir>/libnssckbi.so" as
+ // "/usr/lib/nss/libnssckbi.so".
+ PRUint32 init_flags = NSS_INIT_NOROOTINIT | NSS_INIT_OPTIMIZESPACE;
+- SECStatus init_rv = ::NSS_Initialize(profileStr.get(), "", "",
++ PRBool nocertdb = false;
++ mPrefBranch->GetBoolPref("security.nocertdb", &nocertdb);
++
++ // XXX: We can also do the the following to only disable the certdb.
++ // Leaving this codepath in as a fallback in case InitNODB fails
++ if (nocertdb)
++ init_flags |= NSS_INIT_NOCERTDB;
++
++ SECStatus init_rv;
++ if (nocertdb) {
++ init_rv = ::NSS_NoDB_Init(NULL);
++ } else {
++ init_rv = ::NSS_Initialize(profileStr.get(), "", "",
+ SECMOD_DB, init_flags);
++ }
+
+ if (init_rv != SECSuccess) {
+ PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("can not init NSS r/w in %s\n", profileStr.get()));
+--
+1.7.3.4
+
diff --git a/src/current-patches/0004-Add-HTTP-auth-headers-before-the-modify-request-obse.patch b/src/current-patches/0004-Add-HTTP-auth-headers-before-the-modify-request-obse.patch
index 522407b..24ab5fd 100644
--- a/src/current-patches/0004-Add-HTTP-auth-headers-before-the-modify-request-obse.patch
+++ b/src/current-patches/0004-Add-HTTP-auth-headers-before-the-modify-request-obse.patch
@@ -1,7 +1,7 @@
-From 3e7e9375aff79629b13332cf250715b155535a5b Mon Sep 17 00:00:00 2001
+From 273ae174b0db5c37d39bb4aefdf1ce3c14fee3d6 Mon Sep 17 00:00:00 2001
From: Mike Perry <mikeperry-git at fscked.org>
Date: Fri, 2 Sep 2011 15:33:20 -0700
-Subject: [PATCH 4/7] Add HTTP auth headers before the modify-request observer.
+Subject: [PATCH 4/8] Add HTTP auth headers before the modify-request observer.
Otherwise, how are we supposed to modify them?
@@ -11,10 +11,10 @@ Thanks to Georg Koppen for spotting both the problem and this fix.
1 files changed, 7 insertions(+), 4 deletions(-)
diff --git a/netwerk/protocol/http/nsHttpChannel.cpp b/netwerk/protocol/http/nsHttpChannel.cpp
-index 7038338..7a3254e 100644
+index cd11187..144ecb7 100644
--- a/netwerk/protocol/http/nsHttpChannel.cpp
+++ b/netwerk/protocol/http/nsHttpChannel.cpp
-@@ -311,9 +311,6 @@ nsHttpChannel::Connect(PRBool firstTime)
+@@ -287,9 +287,6 @@ nsHttpChannel::Connect(PRBool firstTime)
return NS_ERROR_DOCUMENT_NOT_CACHED;
}
@@ -24,7 +24,7 @@ index 7038338..7a3254e 100644
if (mLoadFlags & LOAD_NO_NETWORK_IO) {
return NS_ERROR_DOCUMENT_NOT_CACHED;
}
-@@ -3687,6 +3684,9 @@ nsHttpChannel::AsyncOpen(nsIStreamListener *listener, nsISupports *context)
+@@ -3621,6 +3618,9 @@ nsHttpChannel::AsyncOpen(nsIStreamListener *listener, nsISupports *context)
AddCookiesToRequest();
@@ -34,7 +34,7 @@ index 7038338..7a3254e 100644
// notify "http-on-modify-request" observers
gHttpHandler->OnModifyRequest(this);
-@@ -4758,7 +4758,10 @@ nsHttpChannel::DoAuthRetry(nsAHttpConnection *conn)
+@@ -4693,7 +4693,10 @@ nsHttpChannel::DoAuthRetry(nsAHttpConnection *conn)
// this authentication attempt (bug 84794).
// TODO: save cookies from auth response and send them here (bug 572151).
AddCookiesToRequest();
diff --git a/src/current-patches/0005-Add-a-string-based-cacheKey.patch b/src/current-patches/0005-Add-a-string-based-cacheKey.patch
index 1a3b214..3d5fd54 100644
--- a/src/current-patches/0005-Add-a-string-based-cacheKey.patch
+++ b/src/current-patches/0005-Add-a-string-based-cacheKey.patch
@@ -1,7 +1,7 @@
-From 29844b8d74f033c3a2682af40f4b3ee6183450f4 Mon Sep 17 00:00:00 2001
+From b777a0bc7898314cf13f8ad30a3ed072f4246941 Mon Sep 17 00:00:00 2001
From: Mike Perry <mikeperry-git at fscked.org>
Date: Fri, 2 Sep 2011 20:47:02 -0700
-Subject: [PATCH 5/7] Add a string-based cacheKey.
+Subject: [PATCH 5/8] Add a string-based cacheKey.
Used for isolating cache according to same-origin policy.
---
@@ -29,10 +29,10 @@ index 2da46d6..4ee5774 100644
* may fail if the disk cache is not present. The value of this attribute
* is usually only settable during the processing of a channel's
diff --git a/netwerk/protocol/http/nsHttpChannel.cpp b/netwerk/protocol/http/nsHttpChannel.cpp
-index 7a3254e..cef5eaa 100644
+index 144ecb7..0c8f8ae 100644
--- a/netwerk/protocol/http/nsHttpChannel.cpp
+++ b/netwerk/protocol/http/nsHttpChannel.cpp
-@@ -2379,6 +2379,12 @@ nsHttpChannel::AssembleCacheKey(const char *spec, PRUint32 postID,
+@@ -2313,6 +2313,12 @@ nsHttpChannel::AssembleCacheKey(const char *spec, PRUint32 postID,
cacheKey.Append(buf);
}
@@ -45,7 +45,7 @@ index 7a3254e..cef5eaa 100644
if (!cacheKey.IsEmpty()) {
cacheKey.AppendLiteral("uri=");
}
-@@ -4658,6 +4664,22 @@ nsHttpChannel::SetCacheForOfflineUse(PRBool value)
+@@ -4593,6 +4599,22 @@ nsHttpChannel::SetCacheForOfflineUse(PRBool value)
}
NS_IMETHODIMP
@@ -69,10 +69,10 @@ index 7a3254e..cef5eaa 100644
{
value = mOfflineCacheClientID;
diff --git a/netwerk/protocol/http/nsHttpChannel.h b/netwerk/protocol/http/nsHttpChannel.h
-index dd0d7f4..f5016a8 100644
+index a64ec07..7e89afe 100644
--- a/netwerk/protocol/http/nsHttpChannel.h
+++ b/netwerk/protocol/http/nsHttpChannel.h
-@@ -312,6 +312,7 @@ private:
+@@ -303,6 +303,7 @@ private:
nsCOMPtr<nsICacheEntryDescriptor> mOfflineCacheEntry;
nsCacheAccessMode mOfflineCacheAccess;
nsCString mOfflineCacheClientID;
diff --git a/src/current-patches/0006-Randomize-HTTP-pipeline-order-and-depth.patch b/src/current-patches/0006-Randomize-HTTP-pipeline-order-and-depth.patch
index 818d450..76ce04d 100644
--- a/src/current-patches/0006-Randomize-HTTP-pipeline-order-and-depth.patch
+++ b/src/current-patches/0006-Randomize-HTTP-pipeline-order-and-depth.patch
@@ -1,7 +1,7 @@
-From 1c5c12f3c28b6c618f2273d2fe36d7c898b7f012 Mon Sep 17 00:00:00 2001
+From f68b858073e7c16236430ee349fb565ac18cf3d4 Mon Sep 17 00:00:00 2001
From: Mike Perry <mikeperry-git at fscked.org>
Date: Sat, 3 Sep 2011 00:10:35 -0700
-Subject: [PATCH 6/7] Randomize HTTP pipeline order and depth.
+Subject: [PATCH 6/8] Randomize HTTP pipeline order and depth.
Also turn up maximum depth to 12.
@@ -13,7 +13,7 @@ http://lorre.uni.lu/~andriy/papers/acmccs-wpes11-fingerprinting.pdf
2 files changed, 81 insertions(+), 1 deletions(-)
diff --git a/netwerk/protocol/http/nsHttpConnectionMgr.cpp b/netwerk/protocol/http/nsHttpConnectionMgr.cpp
-index 108f2c5..6961ab6 100644
+index c754f83..6a522ec 100644
--- a/netwerk/protocol/http/nsHttpConnectionMgr.cpp
+++ b/netwerk/protocol/http/nsHttpConnectionMgr.cpp
@@ -93,6 +93,11 @@ nsHttpConnectionMgr::nsHttpConnectionMgr()
@@ -28,7 +28,7 @@ index 108f2c5..6961ab6 100644
}
nsHttpConnectionMgr::~nsHttpConnectionMgr()
-@@ -794,7 +799,7 @@ nsHttpConnectionMgr::DispatchTransaction(nsConnectionEntry *ent,
+@@ -822,7 +827,7 @@ nsHttpConnectionMgr::DispatchTransaction(nsConnectionEntry *ent,
nsHttpPipeline *pipeline = nsnull;
if (conn->SupportsPipelining() && (caps & NS_HTTP_ALLOW_PIPELINING)) {
LOG((" looking to build pipeline...\n"));
@@ -37,7 +37,7 @@ index 108f2c5..6961ab6 100644
trans = pipeline;
}
-@@ -867,6 +872,77 @@ nsHttpConnectionMgr::BuildPipeline(nsConnectionEntry *ent,
+@@ -895,6 +900,77 @@ nsHttpConnectionMgr::BuildPipeline(nsConnectionEntry *ent,
return PR_TRUE;
}
@@ -116,7 +116,7 @@ index 108f2c5..6961ab6 100644
nsHttpConnectionMgr::ProcessNewTransaction(nsHttpTransaction *trans)
{
diff --git a/netwerk/protocol/http/nsHttpConnectionMgr.h b/netwerk/protocol/http/nsHttpConnectionMgr.h
-index fc3ed1d..7dde291 100644
+index 695cd8f..1806d17 100644
--- a/netwerk/protocol/http/nsHttpConnectionMgr.h
+++ b/netwerk/protocol/http/nsHttpConnectionMgr.h
@@ -48,6 +48,7 @@
@@ -127,7 +127,7 @@ index fc3ed1d..7dde291 100644
#include "nsIObserver.h"
#include "nsITimer.h"
-@@ -264,6 +265,7 @@ private:
+@@ -270,6 +271,7 @@ private:
nsresult DispatchTransaction(nsConnectionEntry *, nsAHttpTransaction *,
PRUint8 caps, nsHttpConnection *);
PRBool BuildPipeline(nsConnectionEntry *, nsAHttpTransaction *, nsHttpPipeline **);
@@ -135,7 +135,7 @@ index fc3ed1d..7dde291 100644
nsresult ProcessNewTransaction(nsHttpTransaction *);
nsresult EnsureSocketThreadTargetIfOnline();
nsresult CreateTransport(nsConnectionEntry *, nsHttpTransaction *);
-@@ -339,6 +341,8 @@ private:
+@@ -345,6 +347,8 @@ private:
PRUint64 mTimeOfNextWakeUp;
// Timer for next pruning of dead connections.
nsCOMPtr<nsITimer> mTimer;
diff --git a/src/current-patches/0007-Block-all-plugins-except-flash.patch b/src/current-patches/0007-Block-all-plugins-except-flash.patch
index d2c54dc..eae5f1f 100644
--- a/src/current-patches/0007-Block-all-plugins-except-flash.patch
+++ b/src/current-patches/0007-Block-all-plugins-except-flash.patch
@@ -1,6 +1,6 @@
-From dfabac8eddc37d794e23d25de3f1ef602ad4ad86 Mon Sep 17 00:00:00 2001
+From 32c9fdda43a02e738cbe9c7207795ed92bf835b9 Mon Sep 17 00:00:00 2001
From: Mike Perry <mikeperry-git at fscked.org>
-Date: Thu, 8 Sep 2011 08:40:05 -0700
+Date: Wed, 28 Sep 2011 13:24:20 -0700
Subject: [PATCH 7/8] Block all plugins except flash.
We cannot use the @mozilla.org/extensions/blocklist;1 service, because we
@@ -17,12 +17,12 @@ on a better way. Until then, it is delta-darwinism for us.
2 files changed, 35 insertions(+), 0 deletions(-)
diff --git a/dom/plugins/base/nsPluginHost.cpp b/dom/plugins/base/nsPluginHost.cpp
-index 93c2413..1dc4ee0 100644
+index 2c2ad7d..eba8c24 100644
--- a/dom/plugins/base/nsPluginHost.cpp
+++ b/dom/plugins/base/nsPluginHost.cpp
-@@ -2062,6 +2062,35 @@ class nsDefaultComparator<pluginFileinDirectory, pluginFileinDirectory>
-
- typedef NS_NPAPIPLUGIN_CALLBACK(char *, NP_GETMIMEDESCRIPTION)(void);
+@@ -2014,6 +2014,35 @@ PRBool nsPluginHost::IsDuplicatePlugin(nsPluginTag * aPluginTag)
+ return PR_FALSE;
+ }
+PRBool nsPluginHost::GhettoBlacklist(nsIFile *pluginFile)
+{
@@ -53,25 +53,25 @@ index 93c2413..1dc4ee0 100644
+ return PR_TRUE; // fuck 'em. blacklist.
+}
+
+ typedef NS_NPAPIPLUGIN_CALLBACK(char *, NP_GETMIMEDESCRIPTION)(void);
+
nsresult nsPluginHost::ScanPluginsDirectory(nsIFile *pluginsDir,
- PRBool aCreatePluginList,
- PRBool *aPluginsChanged)
-@@ -2197,6 +2226,10 @@ nsresult nsPluginHost::ScanPluginsDirectory(nsIFile *pluginsDir,
+@@ -2135,6 +2164,10 @@ nsresult nsPluginHost::ScanPluginsDirectory(nsIFile *pluginsDir,
continue;
}
-+ if (GhettoBlacklist(file)) {
-+ continue;
++ if (GhettoBlacklist(localfile)) {
++ continue;
+ }
+
// if it is not found in cache info list or has been changed, create a new one
if (!pluginTag) {
- nsPluginFile pluginFile(file);
+ nsPluginFile pluginFile(localfile);
diff --git a/dom/plugins/base/nsPluginHost.h b/dom/plugins/base/nsPluginHost.h
-index b1b8759..d6e237f 100644
+index cb43042..41dbf63 100644
--- a/dom/plugins/base/nsPluginHost.h
+++ b/dom/plugins/base/nsPluginHost.h
-@@ -283,6 +283,8 @@ private:
+@@ -282,6 +282,8 @@ private:
// Loads all cached plugins info into mCachedPlugins
nsresult ReadPluginInfo();
diff --git a/src/current-patches/0008-Make-content-pref-service-memory-only-clearable.patch b/src/current-patches/0008-Make-content-pref-service-memory-only-clearable.patch
index 75f0c0c..3b46894 100644
--- a/src/current-patches/0008-Make-content-pref-service-memory-only-clearable.patch
+++ b/src/current-patches/0008-Make-content-pref-service-memory-only-clearable.patch
@@ -1,4 +1,4 @@
-From 3964288545a78c28ca4585ac51bd7d9b8ccb3503 Mon Sep 17 00:00:00 2001
+From cdf48e30d76f7e1c349cdf8597e9cdc94623b8d8 Mon Sep 17 00:00:00 2001
From: Mike Perry <mikeperry-git at fscked.org>
Date: Thu, 8 Sep 2011 08:40:17 -0700
Subject: [PATCH 8/8] Make content pref service memory-only + clearable
More information about the tor-commits
mailing list