[tor-commits] [torbrowser/maint-2.2] Two more Firefox patches.
erinn at torproject.org
erinn at torproject.org
Fri Sep 9 16:48:56 UTC 2011
commit 0efc1760fda3acaef28f5d66c62d374614d1a299
Author: Mike Perry <mikeperry-git at fscked.org>
Date: Thu Sep 8 10:16:19 2011 -0700
Two more Firefox patches.
First one disables all plugins except flash from loading, second one makes
the content-prefs service not write to disk.
---
.../0007-Block-all-plugins-except-flash.patch | 85 ++++++++++++++++++++
...ontent-pref-service-memory-only-clearable.patch | 37 +++++++++
2 files changed, 122 insertions(+), 0 deletions(-)
diff --git a/src/current-patches/0007-Block-all-plugins-except-flash.patch b/src/current-patches/0007-Block-all-plugins-except-flash.patch
new file mode 100644
index 0000000..d2c54dc
--- /dev/null
+++ b/src/current-patches/0007-Block-all-plugins-except-flash.patch
@@ -0,0 +1,85 @@
+From dfabac8eddc37d794e23d25de3f1ef602ad4ad86 Mon Sep 17 00:00:00 2001
+From: Mike Perry <mikeperry-git at fscked.org>
+Date: Thu, 8 Sep 2011 08:40:05 -0700
+Subject: [PATCH 7/8] Block all plugins except flash.
+
+We cannot use the @mozilla.org/extensions/blocklist;1 service, because we
+actually want to stop plugins from ever entering the browser's process space
+and/or executing code (for example, AV plugins that collect statistics/analyse
+urls, magical toolbars that phone home or "help" the user, skype buttons that
+ruin our day, and censorship filters). Hence we rolled our own.
+
+See https://trac.torproject.org/projects/tor/ticket/3547#comment:6 for musings
+on a better way. Until then, it is delta-darwinism for us.
+---
+ dom/plugins/base/nsPluginHost.cpp | 33 +++++++++++++++++++++++++++++++++
+ dom/plugins/base/nsPluginHost.h | 2 ++
+ 2 files changed, 35 insertions(+), 0 deletions(-)
+
+diff --git a/dom/plugins/base/nsPluginHost.cpp b/dom/plugins/base/nsPluginHost.cpp
+index 93c2413..1dc4ee0 100644
+--- a/dom/plugins/base/nsPluginHost.cpp
++++ b/dom/plugins/base/nsPluginHost.cpp
+@@ -2062,6 +2062,35 @@ class nsDefaultComparator<pluginFileinDirectory, pluginFileinDirectory>
+
+ typedef NS_NPAPIPLUGIN_CALLBACK(char *, NP_GETMIMEDESCRIPTION)(void);
+
++PRBool nsPluginHost::GhettoBlacklist(nsIFile *pluginFile)
++{
++ nsCString leaf;
++ const char *leafStr;
++ nsresult rv;
++
++ rv = pluginFile->GetNativeLeafName(leaf);
++ if (NS_FAILED(rv)) {
++ return PR_TRUE; // fuck 'em. blacklist.
++ }
++
++ leafStr = leaf.get();
++
++ if (!leafStr) {
++ return PR_TRUE; // fuck 'em. blacklist.
++ }
++
++ // libgnashplugin.so, libflashplayer.so, Flash Player-10.4-10.5.plugin,
++ // NPSWF32.dll, NPSWF64.dll
++ if (strstr(leafStr, "libgnashplugin") == leafStr ||
++ strstr(leafStr, "libflashplayer") == leafStr ||
++ strstr(leafStr, "Flash Player") == leafStr ||
++ strstr(leafStr, "NPSWF") == leafStr) {
++ return PR_FALSE;
++ }
++
++ return PR_TRUE; // fuck 'em. blacklist.
++}
++
+ nsresult nsPluginHost::ScanPluginsDirectory(nsIFile *pluginsDir,
+ PRBool aCreatePluginList,
+ PRBool *aPluginsChanged)
+@@ -2197,6 +2226,10 @@ nsresult nsPluginHost::ScanPluginsDirectory(nsIFile *pluginsDir,
+ continue;
+ }
+
++ if (GhettoBlacklist(file)) {
++ continue;
++ }
++
+ // if it is not found in cache info list or has been changed, create a new one
+ if (!pluginTag) {
+ nsPluginFile pluginFile(file);
+diff --git a/dom/plugins/base/nsPluginHost.h b/dom/plugins/base/nsPluginHost.h
+index b1b8759..d6e237f 100644
+--- a/dom/plugins/base/nsPluginHost.h
++++ b/dom/plugins/base/nsPluginHost.h
+@@ -283,6 +283,8 @@ private:
+ // Loads all cached plugins info into mCachedPlugins
+ nsresult ReadPluginInfo();
+
++ PRBool GhettoBlacklist(nsIFile *pluginFile);
++
+ // Given a file path, returns the plugins info from our cache
+ // and removes it from the cache.
+ void RemoveCachedPluginsInfo(const char *filePath,
+--
+1.7.3.4
+
diff --git a/src/current-patches/0008-Make-content-pref-service-memory-only-clearable.patch b/src/current-patches/0008-Make-content-pref-service-memory-only-clearable.patch
new file mode 100644
index 0000000..75f0c0c
--- /dev/null
+++ b/src/current-patches/0008-Make-content-pref-service-memory-only-clearable.patch
@@ -0,0 +1,37 @@
+From 3964288545a78c28ca4585ac51bd7d9b8ccb3503 Mon Sep 17 00:00:00 2001
+From: Mike Perry <mikeperry-git at fscked.org>
+Date: Thu, 8 Sep 2011 08:40:17 -0700
+Subject: [PATCH 8/8] Make content pref service memory-only + clearable
+
+This prevents random urls from being inserted into content-prefs.sqllite in
+the profile directory as content prefs change (includes site-zoom and perhaps
+other site prefs?).
+---
+ .../contentprefs/nsContentPrefService.js | 4 ++--
+ 1 files changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/toolkit/components/contentprefs/nsContentPrefService.js b/toolkit/components/contentprefs/nsContentPrefService.js
+index a5f417f..601f7a3 100644
+--- a/toolkit/components/contentprefs/nsContentPrefService.js
++++ b/toolkit/components/contentprefs/nsContentPrefService.js
+@@ -1036,7 +1036,7 @@ ContentPrefService.prototype = {
+
+ var dbConnection;
+
+- if (!dbFile.exists())
++ if (true || !dbFile.exists())
+ dbConnection = this._dbCreate(dbService, dbFile);
+ else {
+ try {
+@@ -1084,7 +1084,7 @@ ContentPrefService.prototype = {
+ },
+
+ _dbCreate: function ContentPrefService__dbCreate(aDBService, aDBFile) {
+- var dbConnection = aDBService.openDatabase(aDBFile);
++ var dbConnection = aDBService.openSpecialDatabase("memory");
+
+ try {
+ this._dbCreateSchema(dbConnection);
+--
+1.7.3.4
+
More information about the tor-commits
mailing list