[tor-commits] [tor-browser-spec/master] Describe new Firefox patches and update links.

mikeperry at torproject.org mikeperry at torproject.org
Mon Apr 28 15:18:48 UTC 2014 

commit 122128797f57ee3d77dda4e6ebcca0645a079d30
Author: Mike Perry <mikeperry-git at fscked.org>
Date:   Fri Dec 16 20:40:26 2011 -0800

    Describe new Firefox patches and update links.
---
 docs/design/design.xml |   50 +++++++++++++++++++++++++++++++++++++++---------
 1 file changed, 41 insertions(+), 9 deletions(-)

diff --git a/docs/design/design.xml b/docs/design/design.xml
index f034fb5..27c8769 100644
--- a/docs/design/design.xml
+++ b/docs/design/design.xml
@@ -727,7 +727,7 @@ supported mime types for all currently installed plugins.
  <para>
 In addition, to prevent any unproxied activity by plugins at load time, we
 also patch the Firefox source code to <ulink
-url="https://gitweb.torproject.org/torbrowser.git/blob/refs/heads/maint-2.2:/src/current-patches/0007-Block-all-plugins-except-flash.patch">prevent the load of any plugins except
+url="https://gitweb.torproject.org/torbrowser.git/blob/maint-2.2:/src/current-patches/firefox/0007-Block-all-plugins-except-flash.patch">prevent the load of any plugins except
 for Flash and Gnash</ulink>.
 
  </para>
@@ -806,13 +806,13 @@ In addition, three Firefox patches are needed to prevent disk writes, even if
 Private Browsing Mode is enabled. We need to
 
 <ulink
-url="https://gitweb.torproject.org/torbrowser.git/blob/refs/heads/maint-2.2:/src/current-patches/0002-Make-Permissions-Manager-memory-only.patch">prevent
+url="https://gitweb.torproject.org/torbrowser.git/blob/maint-2.2:/src/current-patches/firefox/0002-Make-Permissions-Manager-memory-only.patch">prevent
 the permissions manager from recording HTTPS STS state</ulink>,
 <ulink
-url="https://gitweb.torproject.org/torbrowser.git/blob/refs/heads/maint-2.2:/src/current-patches/0003-Make-Intermediate-Cert-Store-memory-only.patch">prevent
+url="https://gitweb.torproject.org/torbrowser.git/blob/maint-2.2:/src/current-patches/firefox/0003-Make-Intermediate-Cert-Store-memory-only.patch">prevent
 intermediate SSL certificates from being recorded</ulink>, and
 <ulink
-url="https://gitweb.torproject.org/torbrowser.git/blob/refs/heads/maint-2.2:/src/current-patches/0008-Make-content-pref-service-memory-only-clearable.patch">prevent
+url="https://gitweb.torproject.org/torbrowser.git/blob/maint-2.2:/src/current-patches/firefox/0008-Make-content-pref-service-memory-only-clearable.patch">prevent
 the content preferences service from recording site zoom</ulink>.
 
 For more details on these patches, <link linkend="firefox-patches">see the
@@ -930,7 +930,7 @@ security of the isolation</ulink> and to <ulink
 url="https://trac.torproject.org/projects/tor/ticket/3754">solve conflicts
 with OCSP relying the cacheKey property for reuse of POST requests</ulink>, we
 had to <ulink
-url="https://gitweb.torproject.org/torbrowser.git/blob/refs/heads/maint-2.2:/src/current-patches/0005-Add-a-string-based-cacheKey.patch">patch
+url="https://gitweb.torproject.org/torbrowser.git/blob/maint-2.2:/src/current-patches/firefox/0005-Add-a-string-based-cacheKey.patch">patch
 Firefox to provide a cacheDomain cache attribute</ulink>. We use the fully
 qualified url bar domain as input to this field.
 
@@ -967,7 +967,7 @@ url="https://developer.mozilla.org/en/Setting_HTTP_request_headers#Observers">ht
 observer</ulink> to remove the Authorization headers to prevent <ulink
 url="http://jeremiahgrossman.blogspot.com/2007/04/tracking-users-without-cookies.html">silent
 linkability between domains</ulink>.  We also needed to <ulink
-url="https://gitweb.torproject.org/torbrowser.git/blob/refs/heads/maint-2.2:/src/current-patches/0004-Add-HTTP-auth-headers-before-the-modify-request-obse.patch">patch
+url="https://gitweb.torproject.org/torbrowser.git/blob/maint-2.2:/src/current-patches/firefox/0004-Add-HTTP-auth-headers-before-the-modify-request-obse.patch">patch
 Firefox to cause the headers to get added early enough</ulink> to allow the
 observer to modify it.
 
@@ -1263,7 +1263,7 @@ Firefox provides several options for controlling the browser user agent string
 which we leverage. We also set similar prefs for controlling the
 Accept-Language and Accept-Charset headers, which we spoof to English by default. Additionally, we
 <ulink
-url="https://gitweb.torproject.org/torbrowser.git/blob/refs/heads/maint-2.2:/src/current-patches/0001-Block-Components.interfaces-lookupMethod-from-conten.patch">remove
+url="https://gitweb.torproject.org/torbrowser.git/blob/maint-2.2:/src/current-patches/firefox/0001-Block-Components.interfaces-lookupMethod-from-conten.patch">remove
 content script access</ulink> to Components.interfaces, which <ulink
 url="http://pseudo-flaw.net/tor/torbutton/fingerprint-firefox.html">can be
 used</ulink> to fingerprint OS, platform, and Firefox minor version.  </para>
@@ -1464,8 +1464,7 @@ audio and video objects.
    <title>Description of Firefox Patches</title>
    <para>
 The set of patches we have against Firefox can be found in the <ulink
-url="https://gitweb.torproject.org/torbrowser.git/tree/refs/heads/maint-2.2:/src/current-patches">current-patches
-directory of the torbrowser git repository</ulink>. They are:
+url="https://gitweb.torproject.org/torbrowser.git/tree/maint-2.2:/src/current-patches/firefox">current-patches directory of the torbrowser git repository</ulink>. They are:
    </para>
    <orderedlist>
     <listitem>Block Components.interfaces and Components.lookupMethod
@@ -1566,6 +1565,39 @@ the profile directory as content prefs change (includes site-zoom and perhaps
 other site prefs?).
      </para>
     </listitem>
+    <listitem>Make Tor Browser exit when not launched from Vidalia
+     <para>
+
+It turns out that on Windows 7 and later systems, the Taskbar attempts to
+automatically learn the most frequent apps used by the user, and it recognizes
+Tor Browser as a seperate app from Vidalia. This can cause users to try to
+launch Tor Brower without Vidalia or a Tor instance running. Worse, the Tor
+Browser will automatically find their default Firefox profile, and properly
+connect directly without using Tor. This patch is a simple hack to cause Tor
+Browser to immediately exit in this case.
+
+     </para>
+    </listitem>
+    <listitem>Disable SSL Session ID tracking
+     <para>
+
+This patch is a simple 1-line hack to prevent SSL connections from caching
+(and then later transmitting) their Session IDs. There was no preference to
+govern this behavior, so we had to hack it by altering the SSL new connection
+defaults.
+
+     </para>
+    </listitem>
+    <listitem>Provide an observer event to close persistent connections
+     <para>
+
+This patch creates an observer event in the HTTP connection manager to close
+all keep-alive connections that still happen to be open. This event is emitted
+by the <link linkend="new-identity">New Identity</link> button.
+
+     </para>
+    </listitem>
+
    </orderedlist>
   </sect2>

More information about the tor-commits mailing list