[tor-commits] [torbrowser/maint-2.3] remove alpha directory from firefox patches
erinn at torproject.org
erinn at torproject.org
Wed Oct 24 15:35:18 UTC 2012
commit 06557b2845665a44c11b954d24081bed0e2011ba
Author: Erinn Clark <erinn at torproject.org>
Date: Wed Oct 24 16:34:44 2012 +0100
remove alpha directory from firefox patches
---
...nents.interfaces-lookupMethod-from-conten.patch | 50 --
...0002-Make-Permissions-Manager-memory-only.patch | 94 ----
...-Make-Intermediate-Cert-Store-memory-only.patch | 43 --
.../alpha/0004-Add-a-string-based-cacheKey.patch | 85 ---
.../0005-Block-all-plugins-except-flash.patch | 85 ---
...ontent-pref-service-memory-only-clearable.patch | 37 --
.../0007-Disable-SSL-Session-ID-tracking.patch | 28 -
...ice-and-system-specific-CSS-Media-Queries.patch | 116 -----
.../0009-Make-Download-manager-memory-only.patch | 57 --
.../0010-Add-DDG-and-StartPage-to-Omnibox.patch | 84 ---
...-nsICacheService.EvictEntries-synchronous.patch | 44 --
...owser-exit-when-not-launched-from-Vidalia.patch | 45 --
...13-Limit-the-number-of-fonts-per-document.patch | 225 --------
...observer-event-to-close-persistent-connec.patch | 40 --
.../alpha/0015-Rebrand-Firefox-to-TorBrowser.patch | 59 ---
.../alpha/0016-Prevent-WebSocket-DNS-leak.patch | 133 -----
...ize-HTTP-request-order-and-pipeline-depth.patch | 151 ------
...Adapt-Steven-Michaud-s-Mac-crashfix-patch.patch | 545 --------------------
...9-Add-a-redirect-API-for-HTTPS-Everywhere.patch | 345 -------------
...d-mozIThirdPartyUtil.getFirstPartyURI-API.patch | 148 ------
20 files changed, 0 insertions(+), 2414 deletions(-)
diff --git a/src/current-patches/firefox/alpha/0001-Block-Components.interfaces-lookupMethod-from-conten.patch b/src/current-patches/firefox/alpha/0001-Block-Components.interfaces-lookupMethod-from-conten.patch
deleted file mode 100644
index 921a716..0000000
--- a/src/current-patches/firefox/alpha/0001-Block-Components.interfaces-lookupMethod-from-conten.patch
+++ /dev/null
@@ -1,50 +0,0 @@
-From caab8c136e806dcd913d637210ff187abb1b6b29 Mon Sep 17 00:00:00 2001
-From: Mike Perry <mikeperry-git at torproject.org>
-Date: Wed, 1 Feb 2012 15:40:40 -0800
-Subject: [PATCH 01/19] Block Components.interfaces,lookupMethod from content
-
-This patch removes the ability of content script to access
-Components.interfaces.* as well as call or access Components.lookupMethod.
-
-These two interfaces seem to be exposed to content script only to make our
-lives difficult. Components.lookupMethod can undo our JS hooks, and
-Components.interfaces is useful for fingerprinting the platform, OS, and
-Firebox version.
-
-They appear to have no other legitimate use. See also:
-https://bugzilla.mozilla.org/show_bug.cgi?id=429070
-https://trac.torproject.org/projects/tor/ticket/2873
-https://trac.torproject.org/projects/tor/ticket/2874
----
- js/xpconnect/src/XPCComponents.cpp | 8 ++++++--
- 1 files changed, 6 insertions(+), 2 deletions(-)
-
-diff --git a/js/xpconnect/src/XPCComponents.cpp b/js/xpconnect/src/XPCComponents.cpp
-index ed7ab0a..609b73f 100644
---- a/js/xpconnect/src/XPCComponents.cpp
-+++ b/js/xpconnect/src/XPCComponents.cpp
-@@ -4621,7 +4621,9 @@ nsXPCComponents::CanCreateWrapper(const nsIID * iid, char **_retval)
- NS_IMETHODIMP
- nsXPCComponents::CanCallMethod(const nsIID * iid, const PRUnichar *methodName, char **_retval)
- {
-- static const char* allowed[] = { "isSuccessCode", "lookupMethod", nsnull };
-+ // XXX: Pref observer? Also, is this what we want? Seems like a plan
-+ //static const char* allowed[] = { "isSuccessCode", "lookupMethod", nsnull };
-+ static const char* allowed[] = { "isSuccessCode", nsnull };
- *_retval = xpc_CheckAccessList(methodName, allowed);
- return NS_OK;
- }
-@@ -4630,7 +4632,9 @@ nsXPCComponents::CanCallMethod(const nsIID * iid, const PRUnichar *methodName, c
- NS_IMETHODIMP
- nsXPCComponents::CanGetProperty(const nsIID * iid, const PRUnichar *propertyName, char **_retval)
- {
-- static const char* allowed[] = { "interfaces", "interfacesByID", "results", nsnull};
-+ // XXX: Pref observer? Also, is this what we want? Seems like a plan
-+ // static const char* allowed[] = { "interfaces", "interfacesByID", "results", nsnull};
-+ static const char* allowed[] = { "results", nsnull};
- *_retval = xpc_CheckAccessList(propertyName, allowed);
- return NS_OK;
- }
---
-1.7.5.4
-
diff --git a/src/current-patches/firefox/alpha/0002-Make-Permissions-Manager-memory-only.patch b/src/current-patches/firefox/alpha/0002-Make-Permissions-Manager-memory-only.patch
deleted file mode 100644
index d73f1ab..0000000
--- a/src/current-patches/firefox/alpha/0002-Make-Permissions-Manager-memory-only.patch
+++ /dev/null
@@ -1,94 +0,0 @@
-From 12acd440d185f5536eed99084c4800a46d617197 Mon Sep 17 00:00:00 2001
-From: Mike Perry <mikeperry-git at torproject.org>
-Date: Wed, 1 Feb 2012 15:45:16 -0800
-Subject: [PATCH 02/19] Make Permissions Manager memory-only
-
-This patch exposes a pref 'permissions.memory_only' that properly isolates the
-permissions manager to memory, which is responsible for all user specified
-site permissions, as well as stored STS policy.
-
-The pref does successfully clear the permissions manager memory if toggled. It
-does not need to be set in prefs.js, and can be handled by Torbutton.
-
-https://trac.torproject.org/projects/tor/ticket/2950
----
- extensions/cookie/nsPermissionManager.cpp | 34 ++++++++++++++++++++++++++--
- 1 files changed, 31 insertions(+), 3 deletions(-)
-
-diff --git a/extensions/cookie/nsPermissionManager.cpp b/extensions/cookie/nsPermissionManager.cpp
-index 94791ca..1f7bcbd 100644
---- a/extensions/cookie/nsPermissionManager.cpp
-+++ b/extensions/cookie/nsPermissionManager.cpp
-@@ -24,6 +24,10 @@
- #include "mozStorageHelper.h"
- #include "mozStorageCID.h"
- #include "nsXULAppAPI.h"
-+#include "nsCOMPtr.h"
-+#include "nsIPrefService.h"
-+#include "nsIPrefBranch.h"
-+#include "nsIPrefBranch2.h"
-
- static nsPermissionManager *gPermissionManager = nsnull;
-
-@@ -167,6 +171,11 @@ nsPermissionManager::Init()
- mObserverService->AddObserver(this, "profile-do-change", true);
- }
-
-+ nsCOMPtr<nsIPrefBranch2> pbi = do_GetService(NS_PREFSERVICE_CONTRACTID);
-+ if (pbi) {
-+ pbi->AddObserver("permissions.", this, PR_FALSE);
-+ }
-+
- if (IsChildProcess()) {
- // Get the permissions from the parent process
- InfallibleTArray<IPC::Permission> perms;
-@@ -215,8 +224,18 @@ nsPermissionManager::InitDB(bool aRemoveFile)
- if (!storage)
- return NS_ERROR_UNEXPECTED;
-
-+ bool memory_db = false;
-+ nsCOMPtr<nsIPrefBranch> prefs = do_GetService(NS_PREFSERVICE_CONTRACTID);
-+ if (prefs) {
-+ prefs->GetBoolPref("permissions.memory_only", &memory_db);
-+ }
-+
- // cache a connection to the hosts database
-- rv = storage->OpenDatabase(permissionsFile, getter_AddRefs(mDBConn));
-+ if (memory_db) {
-+ rv = storage->OpenSpecialDatabase("memory", getter_AddRefs(mDBConn));
-+ } else {
-+ rv = storage->OpenDatabase(permissionsFile, getter_AddRefs(mDBConn));
-+ }
- NS_ENSURE_SUCCESS(rv, rv);
-
- bool ready;
-@@ -226,7 +245,11 @@ nsPermissionManager::InitDB(bool aRemoveFile)
- rv = permissionsFile->Remove(false);
- NS_ENSURE_SUCCESS(rv, rv);
-
-- rv = storage->OpenDatabase(permissionsFile, getter_AddRefs(mDBConn));
-+ if (memory_db) {
-+ rv = storage->OpenSpecialDatabase("memory", getter_AddRefs(mDBConn));
-+ } else {
-+ rv = storage->OpenDatabase(permissionsFile, getter_AddRefs(mDBConn));
-+ }
- NS_ENSURE_SUCCESS(rv, rv);
-
- mDBConn->GetConnectionReady(&ready);
-@@ -758,7 +781,12 @@ NS_IMETHODIMP nsPermissionManager::Observe(nsISupports *aSubject, const char *aT
- {
- ENSURE_NOT_CHILD_PROCESS;
-
-- if (!nsCRT::strcmp(aTopic, "profile-before-change")) {
-+ if (nsCRT::strcmp(aTopic, NS_PREFBRANCH_PREFCHANGE_TOPIC_ID) == 0) {
-+ if (!nsCRT::strcmp(someData, NS_LITERAL_STRING("permissions.memory_only").get())) {
-+ // XXX: Should we remove the file? Probably not..
-+ InitDB(PR_FALSE);
-+ }
-+ } else if (!nsCRT::strcmp(aTopic, "profile-before-change")) {
- // The profile is about to change,
- // or is going away because the application is shutting down.
- if (!nsCRT::strcmp(someData, NS_LITERAL_STRING("shutdown-cleanse").get())) {
---
-1.7.5.4
-
diff --git a/src/current-patches/firefox/alpha/0003-Make-Intermediate-Cert-Store-memory-only.patch b/src/current-patches/firefox/alpha/0003-Make-Intermediate-Cert-Store-memory-only.patch
deleted file mode 100644
index 33cf5e9..0000000
--- a/src/current-patches/firefox/alpha/0003-Make-Intermediate-Cert-Store-memory-only.patch
+++ /dev/null
@@ -1,43 +0,0 @@
-From a95872e8de8230e8e0128314acd335a7cb3510fb Mon Sep 17 00:00:00 2001
-From: Mike Perry <mikeperry-git at fscked.org>
-Date: Fri, 19 Aug 2011 17:58:23 -0700
-Subject: [PATCH 03/19] Make Intermediate Cert Store memory-only.
-
-This patch makes the intermediate SSL cert store exist in memory only.
-
-The pref must be set before startup in prefs.js.
-https://trac.torproject.org/projects/tor/ticket/2949
----
- security/manager/ssl/src/nsNSSComponent.cpp | 15 ++++++++++++++-
- 1 files changed, 14 insertions(+), 1 deletions(-)
-
-diff --git a/security/manager/ssl/src/nsNSSComponent.cpp b/security/manager/ssl/src/nsNSSComponent.cpp
-index bc49de9..0f66320 100644
---- a/security/manager/ssl/src/nsNSSComponent.cpp
-+++ b/security/manager/ssl/src/nsNSSComponent.cpp
-@@ -1743,8 +1743,21 @@ nsNSSComponent::InitializeNSS(bool showWarningBox)
- // Ubuntu 8.04, which loads any nonexistent "<configdir>/libnssckbi.so" as
- // "/usr/lib/nss/libnssckbi.so".
- PRUint32 init_flags = NSS_INIT_NOROOTINIT | NSS_INIT_OPTIMIZESPACE;
-- SECStatus init_rv = ::NSS_Initialize(profileStr.get(), "", "",
-+ bool nocertdb = false;
-+ mPrefBranch->GetBoolPref("security.nocertdb", &nocertdb);
-+
-+ // XXX: We can also do the the following to only disable the certdb.
-+ // Leaving this codepath in as a fallback in case InitNODB fails
-+ if (nocertdb)
-+ init_flags |= NSS_INIT_NOCERTDB;
-+
-+ SECStatus init_rv;
-+ if (nocertdb) {
-+ init_rv = ::NSS_NoDB_Init(NULL);
-+ } else {
-+ init_rv = ::NSS_Initialize(profileStr.get(), "", "",
- SECMOD_DB, init_flags);
-+ }
-
- if (init_rv != SECSuccess) {
- PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("can not init NSS r/w in %s\n", profileStr.get()));
---
-1.7.5.4
-
diff --git a/src/current-patches/firefox/alpha/0004-Add-a-string-based-cacheKey.patch b/src/current-patches/firefox/alpha/0004-Add-a-string-based-cacheKey.patch
deleted file mode 100644
index bbc6220..0000000
--- a/src/current-patches/firefox/alpha/0004-Add-a-string-based-cacheKey.patch
+++ /dev/null
@@ -1,85 +0,0 @@
-From df164279499b23794a112de4305f3ed99a25da68 Mon Sep 17 00:00:00 2001
-From: Mike Perry <mikeperry-git at torproject.org>
-Date: Tue, 28 Aug 2012 17:03:57 -0700
-Subject: [PATCH 04/19] Add a string-based cacheKey.
-
-Used for isolating cache according to same-origin policy.
----
- netwerk/base/public/nsICachingChannel.idl | 7 +++++++
- netwerk/protocol/http/nsHttpChannel.cpp | 22 ++++++++++++++++++++++
- netwerk/protocol/http/nsHttpChannel.h | 1 +
- 3 files changed, 30 insertions(+), 0 deletions(-)
-
-diff --git a/netwerk/base/public/nsICachingChannel.idl b/netwerk/base/public/nsICachingChannel.idl
-index 96a8aef..b1c6f05 100644
---- a/netwerk/base/public/nsICachingChannel.idl
-+++ b/netwerk/base/public/nsICachingChannel.idl
-@@ -66,6 +66,13 @@ interface nsICachingChannel : nsICacheInfoChannel
- attribute nsISupports cacheKey;
-
- /**
-+ * Set/get the cache domain... uniquely identifies the data in the cache
-+ * for this channel. Holding a reference to this key does NOT prevent
-+ * the cached data from being removed.
-+ */
-+ attribute AUTF8String cacheDomain;
-+
-+ /**
- * Specifies whether or not the data should be cached to a file. This
- * may fail if the disk cache is not present. The value of this attribute
- * is usually only settable during the processing of a channel's
-diff --git a/netwerk/protocol/http/nsHttpChannel.cpp b/netwerk/protocol/http/nsHttpChannel.cpp
-index 290d04c..9c10e3a 100644
---- a/netwerk/protocol/http/nsHttpChannel.cpp
-+++ b/netwerk/protocol/http/nsHttpChannel.cpp
-@@ -2538,6 +2538,12 @@ nsHttpChannel::AssembleCacheKey(const char *spec, PRUint32 postID,
- cacheKey.Append(buf);
- }
-
-+ if (strlen(mCacheDomain.get()) > 0) {
-+ cacheKey.AppendLiteral("domain=");
-+ cacheKey.Append(mCacheDomain.get());
-+ cacheKey.AppendLiteral("&");
-+ }
-+
- if (!cacheKey.IsEmpty()) {
- cacheKey.AppendLiteral("uri=");
- }
-@@ -4876,6 +4882,22 @@ nsHttpChannel::SetCacheForOfflineUse(bool value)
- }
-
- NS_IMETHODIMP
-+nsHttpChannel::GetCacheDomain(nsACString &value)
-+{
-+ value = mCacheDomain;
-+
-+ return NS_OK;
-+}
-+
-+NS_IMETHODIMP
-+nsHttpChannel::SetCacheDomain(const nsACString &value)
-+{
-+ mCacheDomain = value;
-+
-+ return NS_OK;
-+}
-+
-+NS_IMETHODIMP
- nsHttpChannel::GetOfflineCacheClientID(nsACString &value)
- {
- value = mOfflineCacheClientID;
-diff --git a/netwerk/protocol/http/nsHttpChannel.h b/netwerk/protocol/http/nsHttpChannel.h
-index eaad05e..0382b1c 100644
---- a/netwerk/protocol/http/nsHttpChannel.h
-+++ b/netwerk/protocol/http/nsHttpChannel.h
-@@ -292,6 +292,7 @@ private:
- nsCOMPtr<nsICacheEntryDescriptor> mOfflineCacheEntry;
- nsCacheAccessMode mOfflineCacheAccess;
- nsCString mOfflineCacheClientID;
-+ nsCString mCacheDomain;
-
- nsCOMPtr<nsILocalFile> mProfileDirectory;
-
---
-1.7.5.4
-
diff --git a/src/current-patches/firefox/alpha/0005-Block-all-plugins-except-flash.patch b/src/current-patches/firefox/alpha/0005-Block-all-plugins-except-flash.patch
deleted file mode 100644
index 79d92de..0000000
--- a/src/current-patches/firefox/alpha/0005-Block-all-plugins-except-flash.patch
+++ /dev/null
@@ -1,85 +0,0 @@
-From 5c43ec0bcc08d82d7ea1895e2586028ff0c43db2 Mon Sep 17 00:00:00 2001
-From: Mike Perry <mikeperry-git at torproject.org>
-Date: Wed, 1 Feb 2012 15:50:15 -0800
-Subject: [PATCH 05/19] Block all plugins except flash.
-
-We cannot use the @mozilla.org/extensions/blocklist;1 service, because we
-actually want to stop plugins from ever entering the browser's process space
-and/or executing code (for example, AV plugins that collect statistics/analyse
-urls, magical toolbars that phone home or "help" the user, skype buttons that
-ruin our day, and censorship filters). Hence we rolled our own.
-
-See https://trac.torproject.org/projects/tor/ticket/3547#comment:6 for musings
-on a better way. Until then, it is delta-darwinism for us.
----
- dom/plugins/base/nsPluginHost.cpp | 33 +++++++++++++++++++++++++++++++++
- dom/plugins/base/nsPluginHost.h | 2 ++
- 2 files changed, 35 insertions(+), 0 deletions(-)
-
-diff --git a/dom/plugins/base/nsPluginHost.cpp b/dom/plugins/base/nsPluginHost.cpp
-index 2877669..901fbb9 100644
---- a/dom/plugins/base/nsPluginHost.cpp
-+++ b/dom/plugins/base/nsPluginHost.cpp
-@@ -1876,6 +1876,35 @@ bool nsPluginHost::IsDuplicatePlugin(nsPluginTag * aPluginTag)
- return false;
- }
-
-+PRBool nsPluginHost::GhettoBlacklist(nsIFile *pluginFile)
-+{
-+ nsCString leaf;
-+ const char *leafStr;
-+ nsresult rv;
-+
-+ rv = pluginFile->GetNativeLeafName(leaf);
-+ if (NS_FAILED(rv)) {
-+ return PR_TRUE; // fuck 'em. blacklist.
-+ }
-+
-+ leafStr = leaf.get();
-+
-+ if (!leafStr) {
-+ return PR_TRUE; // fuck 'em. blacklist.
-+ }
-+
-+ // libgnashplugin.so, libflashplayer.so, Flash Player-10.4-10.5.plugin,
-+ // NPSWF32.dll, NPSWF64.dll
-+ if (strstr(leafStr, "libgnashplugin") == leafStr ||
-+ strstr(leafStr, "libflashplayer") == leafStr ||
-+ strstr(leafStr, "Flash Player") == leafStr ||
-+ strstr(leafStr, "NPSWF") == leafStr) {
-+ return PR_FALSE;
-+ }
-+
-+ return PR_TRUE; // fuck 'em. blacklist.
-+}
-+
- typedef NS_NPAPIPLUGIN_CALLBACK(char *, NP_GETMIMEDESCRIPTION)(void);
-
- nsresult nsPluginHost::ScanPluginsDirectory(nsIFile *pluginsDir,
-@@ -2009,6 +2038,10 @@ nsresult nsPluginHost::ScanPluginsDirectory(nsIFile *pluginsDir,
- continue;
- }
-
-+ if (GhettoBlacklist(localfile)) {
-+ continue;
-+ }
-+
- // if it is not found in cache info list or has been changed, create a new one
- if (!pluginTag) {
- nsPluginFile pluginFile(localfile);
-diff --git a/dom/plugins/base/nsPluginHost.h b/dom/plugins/base/nsPluginHost.h
-index 036a102..1f7bd14 100644
---- a/dom/plugins/base/nsPluginHost.h
-+++ b/dom/plugins/base/nsPluginHost.h
-@@ -247,6 +247,8 @@ private:
- // Loads all cached plugins info into mCachedPlugins
- nsresult ReadPluginInfo();
-
-+ PRBool GhettoBlacklist(nsIFile *pluginFile);
-+
- // Given a file path, returns the plugins info from our cache
- // and removes it from the cache.
- void RemoveCachedPluginsInfo(const char *filePath,
---
-1.7.5.4
-
diff --git a/src/current-patches/firefox/alpha/0006-Make-content-pref-service-memory-only-clearable.patch b/src/current-patches/firefox/alpha/0006-Make-content-pref-service-memory-only-clearable.patch
deleted file mode 100644
index cc75ee1..0000000
--- a/src/current-patches/firefox/alpha/0006-Make-content-pref-service-memory-only-clearable.patch
+++ /dev/null
@@ -1,37 +0,0 @@
-From c1f6abc0766763e65c5e8b22f72171c5f8e4639b Mon Sep 17 00:00:00 2001
-From: Mike Perry <mikeperry-git at fscked.org>
-Date: Thu, 8 Sep 2011 08:40:17 -0700
-Subject: [PATCH 06/19] Make content pref service memory-only + clearable
-
-This prevents random urls from being inserted into content-prefs.sqllite in
-the profile directory as content prefs change (includes site-zoom and perhaps
-other site prefs?).
----
- .../contentprefs/nsContentPrefService.js | 4 ++--
- 1 files changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/toolkit/components/contentprefs/nsContentPrefService.js b/toolkit/components/contentprefs/nsContentPrefService.js
-index 81f974d..31597ac 100644
---- a/toolkit/components/contentprefs/nsContentPrefService.js
-+++ b/toolkit/components/contentprefs/nsContentPrefService.js
-@@ -1208,7 +1208,7 @@ ContentPrefService.prototype = {
-
- var dbConnection;
-
-- if (!dbFile.exists())
-+ if (true || !dbFile.exists())
- dbConnection = this._dbCreate(dbService, dbFile);
- else {
- try {
-@@ -1256,7 +1256,7 @@ ContentPrefService.prototype = {
- },
-
- _dbCreate: function ContentPrefService__dbCreate(aDBService, aDBFile) {
-- var dbConnection = aDBService.openDatabase(aDBFile);
-+ var dbConnection = aDBService.openSpecialDatabase("memory");
-
- try {
- this._dbCreateSchema(dbConnection);
---
-1.7.5.4
-
diff --git a/src/current-patches/firefox/alpha/0007-Disable-SSL-Session-ID-tracking.patch b/src/current-patches/firefox/alpha/0007-Disable-SSL-Session-ID-tracking.patch
deleted file mode 100644
index 5b8270a..0000000
--- a/src/current-patches/firefox/alpha/0007-Disable-SSL-Session-ID-tracking.patch
+++ /dev/null
@@ -1,28 +0,0 @@
-From e3703799acddc621be9c64299070180721b489dc Mon Sep 17 00:00:00 2001
-From: Mike Perry <mikeperry-git at fscked.org>
-Date: Wed, 7 Dec 2011 19:36:38 -0800
-Subject: [PATCH 07/19] Disable SSL Session ID tracking.
-
-We can't easily bind SSL Session ID tracking to url bar domain,
-so we have to disable them to satisfy
-https://www.torproject.org/projects/torbrowser/design/#identifier-linkability.
----
- security/nss/lib/ssl/sslsock.c | 2 +-
- 1 files changed, 1 insertions(+), 1 deletions(-)
-
-diff --git a/security/nss/lib/ssl/sslsock.c b/security/nss/lib/ssl/sslsock.c
-index 0c4d0c7..8d23fc0 100644
---- a/security/nss/lib/ssl/sslsock.c
-+++ b/security/nss/lib/ssl/sslsock.c
-@@ -173,7 +173,7 @@ static sslOptions ssl_defaults = {
- PR_FALSE, /* enableSSL2 */ /* now defaults to off in NSS 3.13 */
- PR_TRUE, /* enableSSL3 */
- PR_TRUE, /* enableTLS */ /* now defaults to on in NSS 3.0 */
-- PR_FALSE, /* noCache */
-+ PR_TRUE, /* noCache */
- PR_FALSE, /* fdx */
- PR_FALSE, /* v2CompatibleHello */ /* now defaults to off in NSS 3.13 */
- PR_TRUE, /* detectRollBack */
---
-1.7.5.4
-
diff --git a/src/current-patches/firefox/alpha/0008-Limit-device-and-system-specific-CSS-Media-Queries.patch b/src/current-patches/firefox/alpha/0008-Limit-device-and-system-specific-CSS-Media-Queries.patch
deleted file mode 100644
index 1b7d396..0000000
--- a/src/current-patches/firefox/alpha/0008-Limit-device-and-system-specific-CSS-Media-Queries.patch
+++ /dev/null
@@ -1,116 +0,0 @@
-From fdecb1911dd0bbd9bc611931c16026de17f6cbe9 Mon Sep 17 00:00:00 2001
-From: Shondoit Walker <shondoit at gmail.com>
-Date: Mon, 4 Jun 2012 19:15:31 +0200
-Subject: [PATCH 08/19] Limit device- and system-specific CSS Media Queries
-
-This is done to address
-https://www.torproject.org/projects/torbrowser/design/#fingerprinting-linkability
-
-This also fixes bug #4795 by making queries still available for chrome windows,
-whilst returning nothing or non-device-specific values for web pages or extensions.
----
- layout/style/nsMediaFeatures.cpp | 42 ++++++++++++++++++++++++-------------
- 1 files changed, 27 insertions(+), 15 deletions(-)
-
-diff --git a/layout/style/nsMediaFeatures.cpp b/layout/style/nsMediaFeatures.cpp
-index a814f30..c9785b9 100644
---- a/layout/style/nsMediaFeatures.cpp
-+++ b/layout/style/nsMediaFeatures.cpp
-@@ -98,6 +98,9 @@ GetDeviceContextFor(nsPresContext* aPresContext)
- static nsSize
- GetDeviceSize(nsPresContext* aPresContext)
- {
-+ if (!aPresContext->IsChrome()) {
-+ return GetSize(aPresContext);
-+ } else {
- nsSize size;
- if (aPresContext->IsRootPaginatedDocument())
- // We want the page size, including unprintable areas and margins.
-@@ -108,6 +111,7 @@ GetDeviceSize(nsPresContext* aPresContext)
- GetDeviceContextFor(aPresContext)->
- GetDeviceSurfaceDimensions(size.width, size.height);
- return size;
-+ }
- }
-
- static nsresult
-@@ -151,17 +155,17 @@ static nsresult
- GetDeviceOrientation(nsPresContext* aPresContext, const nsMediaFeature*,
- nsCSSValue& aResult)
- {
-- nsSize size = GetDeviceSize(aPresContext);
-- PRInt32 orientation;
-- if (size.width > size.height) {
-- orientation = NS_STYLE_ORIENTATION_LANDSCAPE;
-- } else {
-- // Per spec, square viewports should be 'portrait'
-- orientation = NS_STYLE_ORIENTATION_PORTRAIT;
-- }
--
-- aResult.SetIntValue(orientation, eCSSUnit_Enumerated);
-- return NS_OK;
-+ nsSize size = GetDeviceSize(aPresContext);
-+ PRInt32 orientation;
-+ if (size.width > size.height) {
-+ orientation = NS_STYLE_ORIENTATION_LANDSCAPE;
-+ } else {
-+ // Per spec, square viewports should be 'portrait'
-+ orientation = NS_STYLE_ORIENTATION_PORTRAIT;
-+ }
-+
-+ aResult.SetIntValue(orientation, eCSSUnit_Enumerated);
-+ return NS_OK;
- }
-
- static nsresult
-@@ -279,8 +283,12 @@ static nsresult
- GetDevicePixelRatio(nsPresContext* aPresContext, const nsMediaFeature*,
- nsCSSValue& aResult)
- {
-- float ratio = aPresContext->CSSPixelsToDevPixels(1.0f);
-- aResult.SetFloatValue(ratio, eCSSUnit_Number);
-+ if (aPresContext->IsChrome()) {
-+ float ratio = aPresContext->CSSPixelsToDevPixels(1.0f);
-+ aResult.SetFloatValue(ratio, eCSSUnit_Number);
-+ } else {
-+ aResult.SetFloatValue(1.0, eCSSUnit_Number);
-+ }
- return NS_OK;
- }
-
-@@ -288,18 +296,21 @@ static nsresult
- GetSystemMetric(nsPresContext* aPresContext, const nsMediaFeature* aFeature,
- nsCSSValue& aResult)
- {
-+ if (aPresContext->IsChrome()) {
- NS_ABORT_IF_FALSE(aFeature->mValueType == nsMediaFeature::eBoolInteger,
- "unexpected type");
- nsIAtom *metricAtom = *aFeature->mData.mMetric;
- bool hasMetric = nsCSSRuleProcessor::HasSystemMetric(metricAtom);
- aResult.SetIntValue(hasMetric ? 1 : 0, eCSSUnit_Integer);
-- return NS_OK;
-+ }
-+ return NS_OK;
- }
-
- static nsresult
- GetWindowsTheme(nsPresContext* aPresContext, const nsMediaFeature* aFeature,
- nsCSSValue& aResult)
- {
-+ if (aPresContext->IsChrome()) {
- aResult.Reset();
- #ifdef XP_WIN
- PRUint8 windowsThemeId =
-@@ -318,7 +329,8 @@ GetWindowsTheme(nsPresContext* aPresContext, const nsMediaFeature* aFeature,
- }
- }
- #endif
-- return NS_OK;
-+ }
-+ return NS_OK;
- }
-
- /*
---
-1.7.5.4
-
diff --git a/src/current-patches/firefox/alpha/0009-Make-Download-manager-memory-only.patch b/src/current-patches/firefox/alpha/0009-Make-Download-manager-memory-only.patch
deleted file mode 100644
index 6ee2744..0000000
--- a/src/current-patches/firefox/alpha/0009-Make-Download-manager-memory-only.patch
+++ /dev/null
@@ -1,57 +0,0 @@
-From ec182e8a83826db0c2bae711d594a26cd0b08a22 Mon Sep 17 00:00:00 2001
-From: Mike Perry <mikeperry-git at torproject.org>
-Date: Wed, 25 Apr 2012 13:39:35 -0700
-Subject: [PATCH 09/19] Make Download manager memory only.
-
-Solves https://trac.torproject.org/projects/tor/ticket/4017.
-
-Yes, this is an ugly hack. We *could* send the observer notification from
-Torbutton to tell the download manager to switch to memory, but then we have
-to dance around and tell it again if the user switches in and out of private
-browsing mode..
-
-The right way to do this is with a pref. Maybe I'll get to that someday, if
-this breaks enough times in conflict.
----
- toolkit/components/downloads/nsDownloadManager.cpp | 4 ++--
- toolkit/components/downloads/nsDownloadManager.h | 2 +-
- 2 files changed, 3 insertions(+), 3 deletions(-)
-
-diff --git a/toolkit/components/downloads/nsDownloadManager.cpp b/toolkit/components/downloads/nsDownloadManager.cpp
-index 0e846a0..42ca743 100644
---- a/toolkit/components/downloads/nsDownloadManager.cpp
-+++ b/toolkit/components/downloads/nsDownloadManager.cpp
-@@ -2005,7 +2005,7 @@ nsDownloadManager::Observe(nsISupports *aSubject,
- if (NS_LITERAL_STRING("memory").Equals(aData))
- return SwitchDatabaseTypeTo(DATABASE_MEMORY);
- else if (NS_LITERAL_STRING("disk").Equals(aData))
-- return SwitchDatabaseTypeTo(DATABASE_DISK);
-+ return SwitchDatabaseTypeTo(DATABASE_MEMORY);
- }
- else if (strcmp(aTopic, "alertclickcallback") == 0) {
- nsCOMPtr<nsIDownloadManagerUI> dmui =
-@@ -2082,7 +2082,7 @@ nsDownloadManager::OnLeavePrivateBrowsingMode()
- (void)ResumeAllDownloads(false);
-
- // Switch back to the on-disk DB again
-- (void)SwitchDatabaseTypeTo(DATABASE_DISK);
-+ //(void)SwitchDatabaseTypeTo(DATABASE_DISK);
-
- mInPrivateBrowsing = false;
- }
-diff --git a/toolkit/components/downloads/nsDownloadManager.h b/toolkit/components/downloads/nsDownloadManager.h
-index 5649eeb..1e7912b 100644
---- a/toolkit/components/downloads/nsDownloadManager.h
-+++ b/toolkit/components/downloads/nsDownloadManager.h
-@@ -54,7 +54,7 @@ public:
-
- virtual ~nsDownloadManager();
- nsDownloadManager() :
-- mDBType(DATABASE_DISK)
-+ mDBType(DATABASE_MEMORY)
- , mInPrivateBrowsing(false)
- #ifdef DOWNLOAD_SCANNER
- , mScanner(nsnull)
---
-1.7.5.4
-
diff --git a/src/current-patches/firefox/alpha/0010-Add-DDG-and-StartPage-to-Omnibox.patch b/src/current-patches/firefox/alpha/0010-Add-DDG-and-StartPage-to-Omnibox.patch
deleted file mode 100644
index e9c6c2c..0000000
--- a/src/current-patches/firefox/alpha/0010-Add-DDG-and-StartPage-to-Omnibox.patch
+++ /dev/null
@@ -1,84 +0,0 @@
-From e58200766a98fc8e239c95eb19a0afcf9fcd6381 Mon Sep 17 00:00:00 2001
-From: Mike Perry <mikeperry-git at torproject.org>
-Date: Wed, 25 Apr 2012 15:03:46 -0700
-Subject: [PATCH 10/19] Add DDG and StartPage to Omnibox.
-
-You mean there are search engines that don't require captchas if you don't
-have a cookie? Holy crap. Get those in there now.
----
- browser/locales/en-US/searchplugins/duckduckgo.xml | 29 ++++++++++++++++++++
- browser/locales/en-US/searchplugins/list.txt | 2 +
- browser/locales/en-US/searchplugins/startpage.xml | 11 +++++++
- 3 files changed, 42 insertions(+), 0 deletions(-)
- create mode 100644 browser/locales/en-US/searchplugins/duckduckgo.xml
- create mode 100644 browser/locales/en-US/searchplugins/startpage.xml
-
-diff --git a/browser/locales/en-US/searchplugins/duckduckgo.xml b/browser/locales/en-US/searchplugins/duckduckgo.xml
-new file mode 100644
-index 0000000..4f00b4d
---- /dev/null
-+++ b/browser/locales/en-US/searchplugins/duckduckgo.xml
-@@ -0,0 +1,29 @@
-+<SearchPlugin xmlns="http://www.mozilla.org/2006/browser/search/">
-+<ShortName>DuckDuckGo</ShortName>
-+<Description>Duck Duck Go</Description>
-+<InputEncoding>UTF-8</InputEncoding>
-+<Image width="16" height="16">data:image/png;base64,AAABAAEAEBAAAAEAIABoBAAAFgAAACgAAAAQAAAAIAAAAAEAIAAAAAAAAAAAANcNAADXDQAAAAAA
-+AAAAAAAAAAAAAAAAAAAAAAAAAAAAJyDsJmlk8pf6+v3s/v7+++zr/fcnIOyzJyDsgCcg7CYAAAAA
-+AAAAAAAAAAAAAAAAAAAAAAAAAAAnIOwBJyDscCcg7PZttJ7/7Pfs//////++xO7/S5GA/ycg7P8n
-+IOz2JyDscCcg7AEAAAAAAAAAAAAAAAAnIOwBJyDstScg7P8nIOz/Y8p5/2fHZf9Yv0z/YcF2/1rB
-+Uv8nIOz/JyDs/ycg7P8nIOy1JyDsAQAAAAAAAAAAJyDscCcg7P8nIOz/JyDs/4jQoP/p9+n/////
-+/05X3v9LkYD/JyDs/ycg7P8nIOz/JyDs/ycg7HAAAAAAJyDsJicg7PYnIOz/JyDs/zUu7f/+/v//
-+//////////89N+7/JyDs/yUo7f8nIOz/JyDs/ycg7P8nIOz2JyDsJicg7IAnIOz/JyDs/ycg7P9h
-+XPH////////////t/P//GIr2/wfD+/8Gyfz/DKv5/yM57/8nIOz/JyDs/ycg7H8nIOyzJyDs/ycg
-+7P8nIOz/jov1////////////Otz9/w3G/P8cWfH/JSvt/ycg7P8nIOz/JyDs/ycg7P8nIOyzJyDs
-+5icg7P8nIOz/JyDs/7u5+f///////////27l/v8E0v3/BNL9/wTQ/f8Oofn/IT7v/ycg7P8nIOz/
-+JyDs5icg7OYnIOz/JyDs/ycg7P/p6P3/uWsC////////////5fr//6Po/f8Thfb/DKv5/w6f+f8n IOz/JyDs/ycg7OYnIOyzJyDs/ycg7P8nIOz/9/b+/////////////////7lrAv/V1Pv/JyDs/ycg
-+7P8nIOz/JyDs/ycg7P8nIOyzJyDsgCcg7P8nIOz/JyDs/8/N+///////////////////////iIX1
-+/ycg7P8nIOz/JyDs/ycg7P8nIOz/JyDsfycg7CYnIOz2JyDs/ycg7P9FP+7/q6n4/+7u/f/n5v3/
-+fXn0/yoj7P8nIOz/JyDs/ycg7P8nIOz/JyDs9icg7CYAAAAAJyDscCcg7P8nIOz/wsD6/+no/f/Y
-+1/z/eHTz/ycg7P8nIOz/JyDs/ycg7P8nIOz/JyDs/ycg7HAAAAAAAAAAACcg7AEnIOy1JyDs/ycg
-+7P8nIOz/JyDs/ycg7P8nIOz/JyDs/ycg7P8nIOz/JyDs/ycg7LUnIOwBAAAAAAAAAAAAAAAAJyDs
-+AScg7HAnIOz2JyDs/ycg7P8nIOz/JyDs/ycg7P8nIOz/JyDs9icg7HAnIOwBAAAAAAAAAAAAAAAA
-+AAAAAAAAAAAAAAAAJyDsJicg7IAnIOyzJyDs5icg7OYnIOyzJyDsgCcg7CYAAAAAAAAAAAAAAAAA
-+AAAA+B8AAPAPAADAAwAAwAMAAIABAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAABAACAAQAAwAMAAMAD
-+AADwDwAA+B8AAA==</Image>
-+<Url type="text/html" method="POST" template="https://duckduckgo.com/html/">
-+ <Param name="q" value="{searchTerms}"/>
-+</Url>
-+<SearchForm>https://duckduckgo.com/html/</SearchForm>
-+</SearchPlugin>
-diff --git a/browser/locales/en-US/searchplugins/list.txt b/browser/locales/en-US/searchplugins/list.txt
-index 2a1141a..0466f4e 100644
---- a/browser/locales/en-US/searchplugins/list.txt
-+++ b/browser/locales/en-US/searchplugins/list.txt
-@@ -1,7 +1,9 @@
- amazondotcom
- bing
-+duckduckgo
- eBay
- google
-+startpage
- twitter
- wikipedia
- yahoo
-diff --git a/browser/locales/en-US/searchplugins/startpage.xml b/browser/locales/en-US/searchplugins/startpage.xml
-new file mode 100644
-index 0000000..1a310b1
---- /dev/null
-+++ b/browser/locales/en-US/searchplugins/startpage.xml
-@@ -0,0 +1,11 @@
-+<SearchPlugin xmlns="http://www.mozilla.org/2006/browser/search/">
-+<ShortName>Startpage</ShortName>
-+<Description>Start Page</Description>
-+<InputEncoding>UTF-8</InputEncoding>
-+<Image width="16" height="16">data:image/png;base64,AAABAAEAEBAAAAEAIABoBAAAFgAAACgAAAAQAAAAIAAAAAEAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD2jkj+9YtD/vWLQ/71i0P+9otD/vaLRP72i0T+9YtE/vWLRP72i0T+9otD/vaNRP72jUT+9otF/vaLRf73kkv+9Yc///WJP//1iT//9Yk///rAmf/94Mz/+sCa//aRTv/1iUH/9ok///aJP//2i0H/9otB//aJQv/2iUL/9otC//aNRP/2jUT/9o1E//aNRP/6wpv////////////96dr/95dQ//aNRP/2kET/9pBG//aQRv/2kEb/9pBG//aRR//3lEz/95BH//mueP/7xJ3/959g//efYf/4p23//vDm//3p2//3kEr/95FJ//aRSf/niFH/95FK//aRSv/2mE//95hS/vq4iP/////////////////81bj/95xZ//q4iP//////+bF+//eZT//njFT/PSqi/2xGjv/2mVD/951V/vedVv783cX///////vQrf/++PP///////748//+8uj///////m3gf/olFr/PSuj/w8Pt/9sSJD/951V//eeWf73oVv++8ul///////5sXf/+KRi//vRsf////////////3r3v/olF//Piyk/w8Pt/9sSJH/+J5Z//ieWv/3oV/++KZf/vihXP/97N7//vn0//zTs//6wJP/+bBy//q6iP/onW//Piyl/w8Pt/8fGbH/m2iB/+icY//4pGD/96hl/viqZf74pmD/+Kxr//3iy/////////n1//ivbP/onGj/Pi2m/w8Pt/8uJKz/fFeQ/x8Zsf8+Lqb/6J9r//ivbP74rm3++Klm//mpZv/5q2f/+bR9//m0e//poW7/Pi6n/w8Pt/9sTZj/+Ktp//ira/+rd4P/Dw+3/4xijv/5snH+
+LN1/vmvbf/5r23/+a5t//mvb//4r2//TTuk/w8Pt/8fGrL/6ah1//ivcP/4r3P/q3yI/w8Pt/+MZpP/+bN5/vm4ev75t3X/+bV1//m1df/5t3X/+Ld3/8qUhP98XZn/Hxqz/+mse//5t3f/2p+B/x8as/8PD7f/u4qK//m7fv76u4D++bl7//m3fP/5uXz/+bl8//m5fP/5t3z/+bl//x8as/9NPKf/fWCb/x8as/8PD7f/bVOh//q5f//6v4X++sGI/vm9g//5voX/+b6F//m9hf/6vYX/+r6F//nCh/+bepr/Hxu0/w8Pt/8PD7f/fWOh//q+hf/6wof/+saN/vrGjf75xIv/+ceL//nEi//5xIv/+sSL//rHi//6x43/+ceN/+m7kP+7lpj/6ruQ//rHkP/6x43/+seQ//rLlf76ypT++seR//rJkf/6yZH/+seR//rJkf/6yZH/+8mR//vJlP/7yZT/+smU//rJlP/6yZT/+8yV//rJlf/6zpn+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==</Image>
-+
-+<Url type="text/html" method="POST" template="https://startpage.com/do/search">
-+ <Param name="q" value="{searchTerms}"/>
-+</Url>
-+<SearchForm>https://startpage.com/do/search/</SearchForm>
-+</SearchPlugin>
---
-1.7.5.4
-
diff --git a/src/current-patches/firefox/alpha/0011-Make-nsICacheService.EvictEntries-synchronous.patch b/src/current-patches/firefox/alpha/0011-Make-nsICacheService.EvictEntries-synchronous.patch
deleted file mode 100644
index 879cfa6..0000000
--- a/src/current-patches/firefox/alpha/0011-Make-nsICacheService.EvictEntries-synchronous.patch
+++ /dev/null
@@ -1,44 +0,0 @@
-From b0f594e6130bf618a25d33d80f7b66d110449dc9 Mon Sep 17 00:00:00 2001
-From: Mike Perry <mikeperry-git at torproject.org>
-Date: Tue, 1 May 2012 15:02:03 -0700
-Subject: [PATCH 11/19] Make nsICacheService.EvictEntries synchronous
-
-This fixes a race condition that allows cache-based EverCookies to persist for
-a brief time (on the order of minutes?) after cache clearing/"New Identity".
-
-https://trac.torproject.org/projects/tor/ticket/5715
----
- netwerk/cache/nsCacheService.cpp | 15 +++++++++++++--
- 1 files changed, 13 insertions(+), 2 deletions(-)
-
-diff --git a/netwerk/cache/nsCacheService.cpp b/netwerk/cache/nsCacheService.cpp
-index 991cc34..ef2ad25 100644
---- a/netwerk/cache/nsCacheService.cpp
-+++ b/netwerk/cache/nsCacheService.cpp
-@@ -1506,10 +1506,21 @@ NS_IMETHODIMP nsCacheService::VisitEntries(nsICacheVisitor *visitor)
- return NS_OK;
- }
-
--
- NS_IMETHODIMP nsCacheService::EvictEntries(nsCacheStoragePolicy storagePolicy)
- {
-- return EvictEntriesForClient(nsnull, storagePolicy);
-+ NS_IMETHODIMP r;
-+ r = EvictEntriesForClient(nsnull, storagePolicy);
-+
-+ // XXX: Bloody hack until we get this notifier in FF14.0:
-+ // https://developer.mozilla.org/en/XPCOM_Interface_Reference/nsICacheListener#onCacheEntryDoomed%28%29
-+ if (storagePolicy == nsICache::STORE_ANYWHERE &&
-+ NS_IsMainThread() && gService && gService->mInitialized) {
-+ nsCacheServiceAutoLock lock;
-+ gService->DoomActiveEntries();
-+ gService->ClearDoomList();
-+ (void) SyncWithCacheIOThread();
-+ }
-+ return r;
- }
-
- NS_IMETHODIMP nsCacheService::GetCacheIOTarget(nsIEventTarget * *aCacheIOTarget)
---
-1.7.5.4
-
diff --git a/src/current-patches/firefox/alpha/0012-Make-Tor-Browser-exit-when-not-launched-from-Vidalia.patch b/src/current-patches/firefox/alpha/0012-Make-Tor-Browser-exit-when-not-launched-from-Vidalia.patch
deleted file mode 100644
index 91a5347..0000000
--- a/src/current-patches/firefox/alpha/0012-Make-Tor-Browser-exit-when-not-launched-from-Vidalia.patch
+++ /dev/null
@@ -1,45 +0,0 @@
-From 07ed1fba9d99b3aa860ab75f34c7650341c59b77 Mon Sep 17 00:00:00 2001
-From: Mike Perry <mikeperry-git at torproject.org>
-Date: Thu, 7 Jun 2012 14:45:26 -0700
-Subject: [PATCH 12/19] Make Tor Browser exit when not launched from Vidalia
-
-Turns out the Windows 7 UI encourages users to "dock" their Tor Browser app
-for easy relaunch. If they manage to do this, we should fail closed rather
-than opened. Hopefully they will get the hint and dock Vidalia instead.
-
-This is an emergency fix for
-https://trac.torproject.org/projects/tor/ticket/4192. We can do a better
-localized fix w/ a translated alert menu later, if it seems like this might
-actually be common.
----
- browser/base/content/browser.js | 14 ++++++++++++++
- 1 files changed, 14 insertions(+), 0 deletions(-)
-
-diff --git a/browser/base/content/browser.js b/browser/base/content/browser.js
-index 79ab155..84f747c 100644
---- a/browser/base/content/browser.js
-+++ b/browser/base/content/browser.js
-@@ -995,6 +995,20 @@ function BrowserStartup() {
-
- prepareForStartup();
-
-+ // If this is not a TBB profile, exit.
-+ // Solves https://trac.torproject.org/projects/tor/ticket/4192
-+ var foundPref = false;
-+ try {
-+ foundPref = gPrefService.prefHasUserValue("torbrowser.version");
-+ } catch(e) {
-+ //dump("No pref: "+e);
-+ }
-+ if(!foundPref) {
-+ var appStartup = Components.classes["@mozilla.org/toolkit/app-startup;1"]
-+ .getService(Components.interfaces.nsIAppStartup);
-+ appStartup.quit(3); // Force all windows to close, and then quit.
-+ }
-+
- if (uriToLoad && uriToLoad != "about:blank") {
- if (uriToLoad instanceof Ci.nsISupportsArray) {
- let count = uriToLoad.Count();
---
-1.7.5.4
-
diff --git a/src/current-patches/firefox/alpha/0013-Limit-the-number-of-fonts-per-document.patch b/src/current-patches/firefox/alpha/0013-Limit-the-number-of-fonts-per-document.patch
deleted file mode 100644
index 95e3f48..0000000
--- a/src/current-patches/firefox/alpha/0013-Limit-the-number-of-fonts-per-document.patch
+++ /dev/null
@@ -1,225 +0,0 @@
-From a94c453f1b68acddb84d1a97e10de3994dfdf2cd Mon Sep 17 00:00:00 2001
-From: Mike Perry <mikeperry-git at torproject.org>
-Date: Thu, 7 Jun 2012 15:09:59 -0700
-Subject: [PATCH 13/19] Limit the number of fonts per document.
-
-We create two prefs:
-browser.display.max_font_count and browser.display.max_font_attempts.
-max_font_count sets a limit on the number of fonts actually used in the
-document, and max_font_attempts sets a limit on the total number of CSS
-queries that a document is allowed to perform.
-
-Once either limit is reached, the browser behaves as if
-browser.display.use_document_fonts was set to 0 for subsequent font queries.
-
-If a pref is not set or is negative, that limit does not apply.
-
-This is done to address:
-https://www.torproject.org/projects/torbrowser/design/#fingerprinting-linkability
----
- layout/base/nsPresContext.cpp | 100 +++++++++++++++++++++++++++++++++++++++++
- layout/base/nsPresContext.h | 9 ++++
- layout/style/nsRuleNode.cpp | 13 ++++-
- 3 files changed, 119 insertions(+), 3 deletions(-)
-
-diff --git a/layout/base/nsPresContext.cpp b/layout/base/nsPresContext.cpp
-index f49d9f3..53f0b12 100644
---- a/layout/base/nsPresContext.cpp
-+++ b/layout/base/nsPresContext.cpp
-@@ -63,6 +63,8 @@
- #include "FrameLayerBuilder.h"
- #include "nsDOMMediaQueryList.h"
- #include "nsSMILAnimationController.h"
-+#include "nsString.h"
-+#include "nsUnicharUtils.h"
-
- #ifdef IBMBIDI
- #include "nsBidiPresUtils.h"
-@@ -740,6 +742,10 @@ nsPresContext::GetUserPreferences()
- // * use fonts?
- mUseDocumentFonts =
- Preferences::GetInt("browser.display.use_document_fonts") != 0;
-+ mMaxFonts =
-+ Preferences::GetInt("browser.display.max_font_count", -1);
-+ mMaxFontAttempts =
-+ Preferences::GetInt("browser.display.max_font_attempts", -1);
-
- // * replace backslashes with Yen signs? (bug 245770)
- mEnableJapaneseTransform =
-@@ -1363,6 +1369,100 @@ nsPresContext::GetDefaultFont(PRUint8 aFontID, nsIAtom *aLanguage) const
- return font;
- }
-
-+PRBool
-+nsPresContext::FontUseCountReached(const nsFont &font) {
-+ if (mMaxFonts < 0) {
-+ return PR_FALSE;
-+ }
-+
-+ for (PRUint32 i = 0; i < mFontsUsed.Length(); i++) {
-+ if (mFontsUsed[i].name.Equals(font.name,
-+ nsCaseInsensitiveStringComparator())
-+ // XXX: Style is sometimes filled with garbage??
-+ /*&& mFontsUsed[i].style == font.style*/) {
-+ // seen it before: OK
-+ return PR_FALSE;
-+ }
-+ }
-+
-+ if (mFontsUsed.Length() >= mMaxFonts) {
-+ return PR_TRUE;
-+ }
-+
-+ return PR_FALSE;
-+}
-+
-+PRBool
-+nsPresContext::FontAttemptCountReached(const nsFont &font) {
-+ if (mMaxFontAttempts < 0) {
-+ return PR_FALSE;
-+ }
-+
-+ for (PRUint32 i = 0; i < mFontsTried.Length(); i++) {
-+ if (mFontsTried[i].name.Equals(font.name,
-+ nsCaseInsensitiveStringComparator())
-+ // XXX: Style is sometimes filled with garbage??
-+ /*&& mFontsTried[i].style == font.style*/) {
-+ // seen it before: OK
-+ return PR_FALSE;
-+ }
-+ }
-+
-+ if (mFontsTried.Length() >= mMaxFontAttempts) {
-+ return PR_TRUE;
-+ }
-+
-+ return PR_FALSE;
-+}
-+
-+void
-+nsPresContext::AddFontUse(const nsFont &font) {
-+ if (mMaxFonts < 0) {
-+ return;
-+ }
-+
-+ for (PRUint32 i = 0; i < mFontsUsed.Length(); i++) {
-+ if (mFontsUsed[i].name.Equals(font.name,
-+ nsCaseInsensitiveStringComparator())
-+ // XXX: Style is sometimes filled with garbage??
-+ /*&& mFontsUsed[i].style == font.style*/) {
-+ // seen it before: OK
-+ return;
-+ }
-+ }
-+
-+ if (mFontsUsed.Length() >= mMaxFonts) {
-+ return;
-+ }
-+
-+ mFontsUsed.AppendElement(font);
-+ return;
-+}
-+
-+void
-+nsPresContext::AddFontAttempt(const nsFont &font) {
-+ if (mMaxFontAttempts < 0) {
-+ return;
-+ }
-+
-+ for (PRUint32 i = 0; i < mFontsTried.Length(); i++) {
-+ if (mFontsTried[i].name.Equals(font.name,
-+ nsCaseInsensitiveStringComparator())
-+ // XXX: Style is sometimes filled with garbage??
-+ /*&& mFontsTried[i].style == font.style*/) {
-+ // seen it before: OK
-+ return;
-+ }
-+ }
-+
-+ if (mFontsTried.Length() >= mMaxFontAttempts) {
-+ return;
-+ }
-+
-+ mFontsTried.AppendElement(font);
-+ return;
-+}
-+
- void
- nsPresContext::SetFullZoom(float aZoom)
- {
-diff --git a/layout/base/nsPresContext.h b/layout/base/nsPresContext.h
-index 0c42c6b..f37c7a2 100644
---- a/layout/base/nsPresContext.h
-+++ b/layout/base/nsPresContext.h
-@@ -514,6 +514,13 @@ public:
- }
- }
-
-+ nsTArray<nsFont> mFontsUsed; // currently for font-count limiting only
-+ nsTArray<nsFont> mFontsTried; // currently for font-count limiting only
-+ void AddFontUse(const nsFont &font);
-+ void AddFontAttempt(const nsFont &font);
-+ PRBool FontUseCountReached(const nsFont &font);
-+ PRBool FontAttemptCountReached(const nsFont &font);
-+
- /**
- * Get the minimum font size for the specified language. If aLanguage
- * is nsnull, then the document's language is used.
-@@ -1174,6 +1181,8 @@ protected:
- PRUint32 mInterruptChecksToSkip;
-
- mozilla::TimeStamp mReflowStartTime;
-+ PRInt32 mMaxFontAttempts;
-+ PRInt32 mMaxFonts;
-
- unsigned mHasPendingInterrupt : 1;
- unsigned mInterruptsEnabled : 1;
-diff --git a/layout/style/nsRuleNode.cpp b/layout/style/nsRuleNode.cpp
-index 01613b8..fb19eba 100644
---- a/layout/style/nsRuleNode.cpp
-+++ b/layout/style/nsRuleNode.cpp
-@@ -3387,14 +3387,15 @@ nsRuleNode::ComputeFontData(void* aStartStruct,
-
- bool useDocumentFonts =
- mPresContext->GetCachedBoolPref(kPresContext_UseDocumentFonts);
-+ bool isXUL = PR_FALSE;
-
- // See if we are in the chrome
- // We only need to know this to determine if we have to use the
- // document fonts (overriding the useDocumentFonts flag).
-- if (!useDocumentFonts && mPresContext->IsChrome()) {
-+ if (mPresContext->IsChrome()) {
- // if we are not using document fonts, but this is a XUL document,
- // then we use the document fonts anyway
-- useDocumentFonts = true;
-+ isXUL = true;
- }
-
- // Figure out if we are a generic font
-@@ -3408,9 +3409,13 @@ nsRuleNode::ComputeFontData(void* aStartStruct,
- // generic?
- nsFont::GetGenericID(font->mFont.name, &generic);
-
-+ mPresContext->AddFontAttempt(font->mFont);
-+
- // If we aren't allowed to use document fonts, then we are only entitled
- // to use the user's default variable-width font and fixed-width font
-- if (!useDocumentFonts) {
-+ if (!isXUL && (!useDocumentFonts ||
-+ mPresContext->FontAttemptCountReached(font->mFont) ||
-+ mPresContext->FontUseCountReached(font->mFont))) {
- // Extract the generic from the specified font family...
- nsAutoString genericName;
- if (!font->mFont.EnumerateFamilies(ExtractGeneric, &genericName)) {
-@@ -3446,6 +3451,8 @@ nsRuleNode::ComputeFontData(void* aStartStruct,
- font);
- }
-
-+ if (font->mGenericID == kGenericFont_NONE)
-+ mPresContext->AddFontUse(font->mFont);
- COMPUTE_END_INHERITED(Font, font)
- }
-
---
-1.7.5.4
-
diff --git a/src/current-patches/firefox/alpha/0014-Provide-an-observer-event-to-close-persistent-connec.patch b/src/current-patches/firefox/alpha/0014-Provide-an-observer-event-to-close-persistent-connec.patch
deleted file mode 100644
index 6f63876..0000000
--- a/src/current-patches/firefox/alpha/0014-Provide-an-observer-event-to-close-persistent-connec.patch
+++ /dev/null
@@ -1,40 +0,0 @@
-From af43ed872bd64b623ea1d5b83926c4d06e8fcd7d Mon Sep 17 00:00:00 2001
-From: Mike Perry <mikeperry-git at torproject.org>
-Date: Fri, 7 Sep 2012 16:18:26 -0700
-Subject: [PATCH 14/19] Provide an observer event to close persistent
- connections
-
-We need to prevent linkability across "New Identity", which includes closing
-keep-alive connections.
----
- netwerk/protocol/http/nsHttpHandler.cpp | 7 +++++++
- 1 files changed, 7 insertions(+), 0 deletions(-)
-
-diff --git a/netwerk/protocol/http/nsHttpHandler.cpp b/netwerk/protocol/http/nsHttpHandler.cpp
-index 2f71837..b066140 100644
---- a/netwerk/protocol/http/nsHttpHandler.cpp
-+++ b/netwerk/protocol/http/nsHttpHandler.cpp
-@@ -309,6 +309,7 @@ nsHttpHandler::Init()
- mObserverService->AddObserver(this, "net:clear-active-logins", true);
- mObserverService->AddObserver(this, NS_PRIVATE_BROWSING_SWITCH_TOPIC, true);
- mObserverService->AddObserver(this, "net:prune-dead-connections", true);
-+ mObserverService->AddObserver(this, "net:prune-all-connections", true);
- mObserverService->AddObserver(this, "net:failed-to-process-uri-content", true);
- }
-
-@@ -1651,6 +1652,12 @@ nsHttpHandler::Observe(nsISupports *subject,
- if (uri && mConnMgr)
- mConnMgr->ReportFailedToProcess(uri);
- }
-+ else if (strcmp(topic, "net:prune-all-connections") == 0) {
-+ if (mConnMgr) {
-+ mConnMgr->ClosePersistentConnections();
-+ mConnMgr->PruneDeadConnections();
-+ }
-+ }
-
- return NS_OK;
- }
---
-1.7.5.4
-
diff --git a/src/current-patches/firefox/alpha/0015-Rebrand-Firefox-to-TorBrowser.patch b/src/current-patches/firefox/alpha/0015-Rebrand-Firefox-to-TorBrowser.patch
deleted file mode 100644
index 2a6a9c5..0000000
--- a/src/current-patches/firefox/alpha/0015-Rebrand-Firefox-to-TorBrowser.patch
+++ /dev/null
@@ -1,59 +0,0 @@
-From d14732e7069aa8c33733f067e1e706bd852e3aba Mon Sep 17 00:00:00 2001
-From: Mike Perry <mikeperry-git at torproject.org>
-Date: Tue, 28 Aug 2012 18:05:11 -0700
-Subject: [PATCH 15/19] Rebrand Firefox to TorBrowser
-
-This patch does some basic renaming of Firefox to TorBrowser. The rest of the
-branding is done by images and icons.
----
- browser/branding/official/configure.sh | 2 +-
- browser/branding/official/locales/en-US/brand.dtd | 6 +++---
- .../official/locales/en-US/brand.properties | 6 +++---
- 3 files changed, 7 insertions(+), 7 deletions(-)
-
-diff --git a/browser/branding/official/configure.sh b/browser/branding/official/configure.sh
-index 55f3f18..33102b0 100644
---- a/browser/branding/official/configure.sh
-+++ b/browser/branding/official/configure.sh
-@@ -2,5 +2,5 @@
- # License, v. 2.0. If a copy of the MPL was not distributed with this
- # file, You can obtain one at http://mozilla.org/MPL/2.0/.
-
--MOZ_APP_DISPLAYNAME=Firefox
-+MOZ_APP_DISPLAYNAME=TorBrowser
- MOZ_UA_BUILDID=20100101
-diff --git a/browser/branding/official/locales/en-US/brand.dtd b/browser/branding/official/locales/en-US/brand.dtd
-index 8e7f6c9..76e405d 100644
---- a/browser/branding/official/locales/en-US/brand.dtd
-+++ b/browser/branding/official/locales/en-US/brand.dtd
-@@ -2,7 +2,7 @@
- - License, v. 2.0. If a copy of the MPL was not distributed with this
- - file, You can obtain one at http://mozilla.org/MPL/2.0/. -->
-
--<!ENTITY brandShortName "Firefox">
--<!ENTITY brandFullName "Mozilla Firefox">
--<!ENTITY vendorShortName "Mozilla">
-+<!ENTITY brandShortName "TorBrowser">
-+<!ENTITY brandFullName "Tor Browser">
-+<!ENTITY vendorShortName "Tor Project">
- <!ENTITY trademarkInfo.part1 "Firefox and the Firefox logos are trademarks of the Mozilla Foundation.">
-diff --git a/browser/branding/official/locales/en-US/brand.properties b/browser/branding/official/locales/en-US/brand.properties
-index 4a67c55..9ae168e 100644
---- a/browser/branding/official/locales/en-US/brand.properties
-+++ b/browser/branding/official/locales/en-US/brand.properties
-@@ -2,9 +2,9 @@
- # License, v. 2.0. If a copy of the MPL was not distributed with this
- # file, You can obtain one at http://mozilla.org/MPL/2.0/.
-
--brandShortName=Firefox
--brandFullName=Mozilla Firefox
--vendorShortName=Mozilla
-+brandShortName=TorBrowser
-+brandFullName=Tor Browser
-+vendorShortName=Tor Project
-
- homePageSingleStartMain=Firefox Start, a fast home page with built-in search
- homePageImport=Import your home page from %S
---
-1.7.5.4
-
diff --git a/src/current-patches/firefox/alpha/0016-Prevent-WebSocket-DNS-leak.patch b/src/current-patches/firefox/alpha/0016-Prevent-WebSocket-DNS-leak.patch
deleted file mode 100644
index 3c0367d..0000000
--- a/src/current-patches/firefox/alpha/0016-Prevent-WebSocket-DNS-leak.patch
+++ /dev/null
@@ -1,133 +0,0 @@
-From 727bc1103bc663e1bc2a25bb4fb8e9c9fb31763b Mon Sep 17 00:00:00 2001
-From: Mike Perry <mikeperry-git at torproject.org>
-Date: Tue, 28 Aug 2012 18:07:37 -0700
-Subject: [PATCH 16/19] Prevent WebSocket DNS leak.
-
-This is due to an improper implementation of the WebSocket spec by Mozilla.
-
-"There MUST be no more than one connection in a CONNECTING state. If multiple
-connections to the same IP address are attempted simultaneously, the client
-MUST serialize them so that there is no more than one connection at a time
-running through the following steps.
-
-If the client cannot determine the IP address of the remote host (for
-example, because all communication is being done through a proxy server that
-performs DNS queries itself), then the client MUST assume for the purposes of
-this step that each host name refers to a distinct remote host,"
-
-https://tools.ietf.org/html/rfc6455#page-15
-
-They implmented the first paragraph, but not the second...
-
-While we're at it, we also prevent the DNS service from being used to look up
-anything other than IP addresses if socks_remote_dns is set to true, so this
-bug can't turn up in other components or due to 3rd party addons.
----
- netwerk/dns/nsDNSService2.cpp | 24 ++++++++++++++++++++++-
- netwerk/dns/nsDNSService2.h | 1 +
- netwerk/protocol/websocket/WebSocketChannel.cpp | 8 +++++-
- 3 files changed, 30 insertions(+), 3 deletions(-)
-
-diff --git a/netwerk/dns/nsDNSService2.cpp b/netwerk/dns/nsDNSService2.cpp
-index a59b6e3..d54ebf3 100644
---- a/netwerk/dns/nsDNSService2.cpp
-+++ b/netwerk/dns/nsDNSService2.cpp
-@@ -373,6 +373,7 @@ nsDNSService::Init()
- bool enableIDN = true;
- bool disableIPv6 = false;
- bool disablePrefetch = false;
-+ bool disableDNS = false;
- int proxyType = nsIProtocolProxyService::PROXYCONFIG_DIRECT;
-
- nsAdoptingCString ipv4OnlyDomains;
-@@ -398,6 +399,10 @@ nsDNSService::Init()
-
- // If a manual proxy is in use, disable prefetch implicitly
- prefs->GetIntPref("network.proxy.type", &proxyType);
-+
-+ // If the user wants remote DNS, we should fail any lookups that still
-+ // make it here.
-+ prefs->GetBoolPref("network.proxy.socks_remote_dns", &disableDNS);
- }
-
- if (mFirstTime) {
-@@ -418,7 +423,7 @@ nsDNSService::Init()
-
- // Monitor these to see if there is a change in proxy configuration
- // If a manual proxy is in use, disable prefetch implicitly
-- prefs->AddObserver("network.proxy.type", this, false);
-+ prefs->AddObserver("network.proxy.", this, false);
- }
- }
-
-@@ -447,6 +452,7 @@ nsDNSService::Init()
- mIDN = idn;
- mIPv4OnlyDomains = ipv4OnlyDomains; // exchanges buffer ownership
- mDisableIPv6 = disableIPv6;
-+ mDisableDNS = disableDNS;
-
- // Disable prefetching either by explicit preference or if a manual proxy is configured
- mDisablePrefetch = disablePrefetch || (proxyType == nsIProtocolProxyService::PROXYCONFIG_MANUAL);
-@@ -572,6 +578,14 @@ nsDNSService::AsyncResolve(const nsACString &hostname,
- if (mDisablePrefetch && (flags & RESOLVE_SPECULATE))
- return NS_ERROR_DNS_LOOKUP_QUEUE_FULL;
-
-+ PRNetAddr tempAddr;
-+ if (mDisableDNS) {
-+ // Allow IP lookups through, but nothing else.
-+ if (PR_StringToNetAddr(hostname.BeginReading(), &tempAddr) != PR_SUCCESS) {
-+ return NS_ERROR_UNKNOWN_PROXY_HOST; // XXX: NS_ERROR_NOT_IMPLEMENTED?
-+ }
-+ }
-+
- res = mResolver;
- idn = mIDN;
- localDomain = mLocalDomains.GetEntry(hostname);
-@@ -668,6 +682,14 @@ nsDNSService::Resolve(const nsACString &hostname,
- }
- NS_ENSURE_TRUE(res, NS_ERROR_OFFLINE);
-
-+ PRNetAddr tempAddr;
-+ if (mDisableDNS) {
-+ // Allow IP lookups through, but nothing else.
-+ if (PR_StringToNetAddr(hostname.BeginReading(), &tempAddr) != PR_SUCCESS) {
-+ return NS_ERROR_UNKNOWN_PROXY_HOST; // XXX: NS_ERROR_NOT_IMPLEMENTED?
-+ }
-+ }
-+
- const nsACString *hostPtr = &hostname;
-
- if (localDomain) {
-diff --git a/netwerk/dns/nsDNSService2.h b/netwerk/dns/nsDNSService2.h
-index b60572c..3cf00e9 100644
---- a/netwerk/dns/nsDNSService2.h
-+++ b/netwerk/dns/nsDNSService2.h
-@@ -40,5 +40,6 @@ private:
- bool mDisableIPv6;
- bool mDisablePrefetch;
- bool mFirstTime;
-+ bool mDisableDNS;
- nsTHashtable<nsCStringHashKey> mLocalDomains;
- };
-diff --git a/netwerk/protocol/websocket/WebSocketChannel.cpp b/netwerk/protocol/websocket/WebSocketChannel.cpp
-index a87e1e0..4bee667 100644
---- a/netwerk/protocol/websocket/WebSocketChannel.cpp
-+++ b/netwerk/protocol/websocket/WebSocketChannel.cpp
-@@ -1897,8 +1897,12 @@ WebSocketChannel::ApplyForAdmission()
- LOG(("WebSocketChannel::ApplyForAdmission: checking for concurrent open\n"));
- nsCOMPtr<nsIThread> mainThread;
- NS_GetMainThread(getter_AddRefs(mainThread));
-- dns->AsyncResolve(hostName, 0, this, mainThread, getter_AddRefs(mDNSRequest));
-- NS_ENSURE_SUCCESS(rv, rv);
-+ rv = dns->AsyncResolve(hostName, 0, this, mainThread, getter_AddRefs(mDNSRequest));
-+ if (NS_FAILED(rv)) {
-+ // Fall back to hostname on dispatch failure
-+ mDNSRequest = nsnull;
-+ OnLookupComplete(nsnull, nsnull, rv);
-+ }
-
- return NS_OK;
- }
---
-1.7.5.4
-
diff --git a/src/current-patches/firefox/alpha/0017-Randomize-HTTP-request-order-and-pipeline-depth.patch b/src/current-patches/firefox/alpha/0017-Randomize-HTTP-request-order-and-pipeline-depth.patch
deleted file mode 100644
index 76330a3..0000000
--- a/src/current-patches/firefox/alpha/0017-Randomize-HTTP-request-order-and-pipeline-depth.patch
+++ /dev/null
@@ -1,151 +0,0 @@
-From c5b94226e50a5502ef7902e2d05874f36d678769 Mon Sep 17 00:00:00 2001
-From: Mike Perry <mikeperry-git at torproject.org>
-Date: Tue, 28 Aug 2012 18:08:27 -0700
-Subject: [PATCH 17/19] Randomize HTTP request order and pipeline depth.
-
-This is an experimental defense against
-http://lorre.uni.lu/~andriy/papers/acmccs-wpes11-fingerprinting.pdf
-
-See:
-https://blog.torproject.org/blog/experimental-defense-website-traffic-fingerprinting
-
-This defense has been improved since that blog post to additionally randomize
-the order and concurrency of non-pipelined HTTP requests.
-
-This patch is also different from the 10.x ESR patch, as the pipelining
-code has changed. We may want to set network.http.pipelining.aggressive to get
-similar behavior...
-
-The good news is we now randomize SPDY request order as well as pipeline
-request order (though SPDY is still disabled by default in TBB).
----
- netwerk/protocol/http/nsHttpConnectionMgr.cpp | 58 +++++++++++++++++++++++--
- netwerk/protocol/http/nsHttpConnectionMgr.h | 3 +
- 2 files changed, 57 insertions(+), 4 deletions(-)
-
-diff --git a/netwerk/protocol/http/nsHttpConnectionMgr.cpp b/netwerk/protocol/http/nsHttpConnectionMgr.cpp
-index 0bfaf3b..d565532 100644
---- a/netwerk/protocol/http/nsHttpConnectionMgr.cpp
-+++ b/netwerk/protocol/http/nsHttpConnectionMgr.cpp
-@@ -20,6 +20,8 @@
- #include "prnetdb.h"
- #include "mozilla/Telemetry.h"
-
-+#include <stdlib.h>
-+
- using namespace mozilla;
- using namespace mozilla::net;
-
-@@ -39,15 +41,39 @@ InsertTransactionSorted(nsTArray<nsHttpTransaction*> &pendingQ, nsHttpTransactio
- // insert into queue with smallest valued number first. search in reverse
- // order under the assumption that many of the existing transactions will
- // have the same priority (usually 0).
-+ PRInt32 begin = 0, end = -1;
-+
-+ if (pendingQ.IsEmpty()) {
-+ pendingQ.InsertElementAt(0, trans);
-+ return;
-+ }
-
- for (PRInt32 i=pendingQ.Length()-1; i>=0; --i) {
- nsHttpTransaction *t = pendingQ[i];
-- if (trans->Priority() >= t->Priority()) {
-- pendingQ.InsertElementAt(i+1, trans);
-- return;
-+ if (end == -1 && trans->Priority() >= t->Priority()) {
-+ end = i+1;
-+ } else if (trans->Priority() < t->Priority()) {
-+ begin = i+1;
-+ break;
- }
- }
-- pendingQ.InsertElementAt(0, trans);
-+
-+ if (end == -1) {
-+ pendingQ.AppendElement(trans);
-+ return;
-+ }
-+
-+ // Choose random destination begin..end
-+ PRInt32 count = 1+end - begin;
-+
-+ if (count == 0) count = 1; // shouldn't happen...
-+
-+ // FIXME: rand() is not crypto-secure.. but meh, this code will probably
-+ // change like 2 dozen more times before merge, and rand() is probably
-+ // good enough for our purposes anyways.
-+ pendingQ.InsertElementAt(begin + (rand()%count), trans);
-+
-+ // XXX Verify length, ordering inside a DEBUG ifdef??
- }
-
- //-----------------------------------------------------------------------------
-@@ -70,6 +96,12 @@ nsHttpConnectionMgr::nsHttpConnectionMgr()
- mCT.Init();
- mAlternateProtocolHash.Init(16);
- mSpdyPreferredHash.Init();
-+
-+ nsresult rv;
-+ mRandomGenerator = do_GetService("@mozilla.org/security/random-generator;1", &rv);
-+ if (NS_FAILED(rv)) {
-+ mRandomGenerator = nsnull;
-+ }
- }
-
- nsHttpConnectionMgr::~nsHttpConnectionMgr()
-@@ -1141,6 +1173,19 @@ nsHttpConnectionMgr::AtActiveConnectionLimit(nsConnectionEntry *ent, PRUint8 cap
- maxPersistConns = mMaxPersistConnsPerHost;
- }
-
-+ // Fuzz maxConns for website fingerprinting attack
-+ // We create a range of maxConns/5 up to 6*maxConns/5
-+ // because this function is called repeatedly, and we'll
-+ // end up converging on the high side of concurrent connections
-+ // after a short while.
-+ PRUint8 *bytes = nsnull;
-+ nsresult rv = mRandomGenerator->GenerateRandomBytes(1, &bytes);
-+ NS_ENSURE_SUCCESS(rv, rv);
-+
-+ bytes[0] = bytes[0] % (maxConns + 1);
-+ maxConns = (maxConns/5) + bytes[0];
-+ NS_Free(bytes);
-+
- // use >= just to be safe
- bool result = (totalCount >= maxConns) || ( (caps & NS_HTTP_ALLOW_KEEPALIVE) &&
- (persistCount >= maxPersistConns) );
-@@ -1307,6 +1352,11 @@ nsHttpConnectionMgr::AddToShortestPipeline(nsConnectionEntry *ent,
-
- maxdepth = PR_MIN(maxdepth, depthLimit);
-
-+ if (maxdepth/2 > 1) {
-+ // This is a crazy hack to randomize pipeline depth a bit more..
-+ maxdepth = 1 + maxdepth/2 + (rand() % (maxdepth/2));
-+ }
-+
- if (maxdepth < 2)
- return false;
-
-diff --git a/netwerk/protocol/http/nsHttpConnectionMgr.h b/netwerk/protocol/http/nsHttpConnectionMgr.h
-index 9e65da0..07c93b1 100644
---- a/netwerk/protocol/http/nsHttpConnectionMgr.h
-+++ b/netwerk/protocol/http/nsHttpConnectionMgr.h
-@@ -22,6 +22,7 @@
- #include "nsIObserver.h"
- #include "nsITimer.h"
- #include "nsIX509Cert3.h"
-+#include "nsIRandomGenerator.h"
-
- class nsHttpPipeline;
-
-@@ -579,6 +580,8 @@ private:
- PRUint64 mTimeOfNextWakeUp;
- // Timer for next pruning of dead connections.
- nsCOMPtr<nsITimer> mTimer;
-+ // Random number generator for reordering HTTP pipeline
-+ nsCOMPtr<nsIRandomGenerator> mRandomGenerator;
-
- // A 1s tick to call nsHttpConnection::ReadTimeoutTick on
- // active http/1 connections. Disabled when there are no
---
-1.7.5.4
-
diff --git a/src/current-patches/firefox/alpha/0018-Adapt-Steven-Michaud-s-Mac-crashfix-patch.patch b/src/current-patches/firefox/alpha/0018-Adapt-Steven-Michaud-s-Mac-crashfix-patch.patch
deleted file mode 100644
index 109574a..0000000
--- a/src/current-patches/firefox/alpha/0018-Adapt-Steven-Michaud-s-Mac-crashfix-patch.patch
+++ /dev/null
@@ -1,545 +0,0 @@
-From d705e4bb2b7efd4166d46d6fcb3183212902707c Mon Sep 17 00:00:00 2001
-From: Mike Perry <mikeperry-git at torproject.org>
-Date: Tue, 28 Aug 2012 18:22:32 -0700
-Subject: [PATCH 18/19] Adapt Steven Michaud's Mac crashfix patch
-
-Source is: https://bugzilla.mozilla.org/show_bug.cgi?id=715885#c35
-
-Some minor tweaks were needed to get it to apply and to compile on
-MacOS.
----
- widget/Makefile.in | 1 +
- widget/cocoa/nsChildView.mm | 28 +++++++++++------
- widget/gtk2/nsDragService.cpp | 9 +++--
- widget/nsIDragService.idl | 4 +--
- widget/nsPIDragService.idl | 48 +++++++++++++++++++++++++++++
- widget/qt/nsDragService.h | 2 +
- widget/windows/Makefile.in | 4 ++
- widget/windows/nsDragService.cpp | 13 +++++---
- widget/windows/nsDragService.h | 12 +++---
- widget/windows/nsNativeDragSource.cpp | 7 ++--
- widget/windows/nsNativeDragTarget.cpp | 28 ++++++++++------
- widget/windows/nsPIDragServiceWindows.idl | 46 +++++++++++++++++++++++++++
- widget/xpwidgets/nsBaseDragService.cpp | 16 +++++++++-
- widget/xpwidgets/nsBaseDragService.h | 9 ++---
- 14 files changed, 179 insertions(+), 48 deletions(-)
- create mode 100644 widget/nsPIDragService.idl
- create mode 100644 widget/windows/nsPIDragServiceWindows.idl
-
-diff --git a/widget/Makefile.in b/widget/Makefile.in
-index f1df966..eb6eec2 100644
---- a/widget/Makefile.in
-+++ b/widget/Makefile.in
-@@ -105,6 +105,7 @@ XPIDLSRCS = \
- nsIClipboardDragDropHooks.idl \
- nsIClipboardDragDropHookList.idl \
- nsIDragSession.idl \
-+ nsPIDragService.idl \
- nsIDragService.idl \
- nsIFormatConverter.idl \
- nsIClipboard.idl \
-diff --git a/widget/cocoa/nsChildView.mm b/widget/cocoa/nsChildView.mm
-index 9cbc1e3..92b93cb 100644
---- a/widget/cocoa/nsChildView.mm
-+++ b/widget/cocoa/nsChildView.mm
-@@ -4513,11 +4513,12 @@ NSEvent* gLastDragMouseDownEvent = nil;
- if (!dragService) {
- dragService = do_GetService(kDragServiceContractID);
- }
-+ nsCOMPtr<nsPIDragService> dragServicePriv = do_QueryInterface(dragService);
-
- if (dragService) {
- NSPoint pnt = [NSEvent mouseLocation];
- FlipCocoaScreenCoordinate(pnt);
-- dragService->DragMoved(NSToIntRound(pnt.x), NSToIntRound(pnt.y));
-+ dragServicePriv->DragMoved(NSToIntRound(pnt.x), NSToIntRound(pnt.y));
- }
- }
-
-@@ -4538,11 +4539,13 @@ NSEvent* gLastDragMouseDownEvent = nil;
- }
-
- if (mDragService) {
-- // set the dragend point from the current mouse location
-- nsDragService* dragService = static_cast<nsDragService *>(mDragService);
-- NSPoint pnt = [NSEvent mouseLocation];
-- FlipCocoaScreenCoordinate(pnt);
-- dragService->SetDragEndPoint(nsIntPoint(NSToIntRound(pnt.x), NSToIntRound(pnt.y)));
-+ nsCOMPtr<nsPIDragService> dragServicePriv = do_QueryInterface(mDragService);
-+ if (dragServicePriv) {
-+ // set the dragend point from the current mouse location
-+ NSPoint pnt = [NSEvent mouseLocation];
-+ FlipCocoaScreenCoordinate(pnt);
-+ dragServicePriv->SetDragEndPoint(NSToIntRound(pnt.x), NSToIntRound(pnt.y));
-+ }
-
- // XXX: dropEffect should be updated per |operation|.
- // As things stand though, |operation| isn't well handled within "our"
-@@ -4553,10 +4556,15 @@ NSEvent* gLastDragMouseDownEvent = nil;
- // value for NSDragOperationGeneric that is passed by other applications.
- // All that said, NSDragOperationNone is still reliable.
- if (operation == NSDragOperationNone) {
-- nsCOMPtr<nsIDOMDataTransfer> dataTransfer;
-- dragService->GetDataTransfer(getter_AddRefs(dataTransfer));
-- if (dataTransfer)
-- dataTransfer->SetDropEffectInt(nsIDragService::DRAGDROP_ACTION_NONE);
-+ nsCOMPtr<nsIDragSession> dragSession;
-+ mDragService->GetCurrentSession(getter_AddRefs(dragSession));
-+ if (dragSession) {
-+ nsCOMPtr<nsIDOMDataTransfer> dataTransfer;
-+ dragSession->GetDataTransfer(getter_AddRefs(dataTransfer));
-+ if (dataTransfer) {
-+ dataTransfer->SetDropEffectInt(nsIDragService::DRAGDROP_ACTION_NONE);
-+ }
-+ }
- }
-
- mDragService->EndDragSession(true);
-diff --git a/widget/gtk2/nsDragService.cpp b/widget/gtk2/nsDragService.cpp
-index e0ff5d6..2c10c10 100644
---- a/widget/gtk2/nsDragService.cpp
-+++ b/widget/gtk2/nsDragService.cpp
-@@ -239,8 +239,8 @@ OnSourceGrabEventAfter(GtkWidget *widget, GdkEvent *event, gpointer user_data)
- // Update the cursor position. The last of these recorded gets used for
- // the NS_DRAGDROP_END event.
- nsDragService *dragService = static_cast<nsDragService*>(user_data);
-- dragService->SetDragEndPoint(nsIntPoint(event->motion.x_root,
-- event->motion.y_root));
-+ dragService->SetDragEndPoint(event->motion.x_root,
-+ event->motion.y_root);
- } else if (sMotionEvent && (event->type != GDK_KEY_PRESS ||
- event->type != GDK_KEY_RELEASE)) {
- // Update modifier state from keypress events.
-@@ -1348,7 +1348,7 @@ nsDragService::SourceEndDragSession(GdkDragContext *aContext,
- GdkDisplay* display = gdk_display_get_default();
- if (display) {
- gdk_display_get_pointer(display, NULL, &x, &y, NULL);
-- SetDragEndPoint(nsIntPoint(x, y));
-+ SetDragEndPoint(x, y);
- }
- }
-
-@@ -1765,8 +1765,9 @@ nsDragService::ScheduleDropEvent(nsWindow *aWindow,
- NS_WARNING("Additional drag drop ignored");
- return FALSE;
- }
-+ nsIntPoint pt = aWindowPoint + aWindow->WidgetToScreenOffset();
-
-- SetDragEndPoint(aWindowPoint + aWindow->WidgetToScreenOffset());
-+ SetDragEndPoint(pt.x, pt.y);
-
- // We'll reply with gtk_drag_finish().
- return TRUE;
-diff --git a/widget/nsIDragService.idl b/widget/nsIDragService.idl
-index 196761e..c0565bb 100644
---- a/widget/nsIDragService.idl
-+++ b/widget/nsIDragService.idl
-@@ -15,7 +15,7 @@ interface nsIDOMDragEvent;
- interface nsIDOMDataTransfer;
- interface nsISelection;
-
--[scriptable, uuid(82B58ADA-F490-4C3D-B737-1057C4F1D052), builtinclass]
-+[scriptable, uuid(82B58ADA-F490-4C3D-B737-1057C4F1D052)]
- interface nsIDragService : nsISupports
- {
- const long DRAGDROP_ACTION_NONE = 0;
-@@ -112,8 +112,6 @@ interface nsIDragService : nsISupports
- */
- void suppress();
- void unsuppress();
--
-- [noscript] void dragMoved(in long aX, in long aY);
- };
-
-
-diff --git a/widget/nsPIDragService.idl b/widget/nsPIDragService.idl
-new file mode 100644
-index 0000000..93a144d
---- /dev/null
-+++ b/widget/nsPIDragService.idl
-@@ -0,0 +1,48 @@
-+/* ***** BEGIN LICENSE BLOCK *****
-+ * Version: MPL 1.1/GPL 2.0/LGPL 2.1
-+ *
-+ * The contents of this file are subject to the Mozilla Public License Version
-+ * 1.1 (the "License"); you may not use this file except in compliance with
-+ * the License. You may obtain a copy of the License at
-+ * http://www.mozilla.org/MPL/
-+ *
-+ * Software distributed under the License is distributed on an "AS IS" basis,
-+ * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
-+ * for the specific language governing rights and limitations under the
-+ * License.
-+ *
-+ * The Original Code is mozilla.org code.
-+ *
-+ * The Initial Developer of the Original Code is
-+ * The Mozilla Foundation.
-+ * Portions created by the Initial Developer are Copyright (C) 2012
-+ * the Initial Developer. All Rights Reserved.
-+ *
-+ * Contributor(s):
-+ * Steven Michaud <smichaud at pobox.com>
-+ *
-+ * Alternatively, the contents of this file may be used under the terms of
-+ * either the GNU General Public License Version 2 or later (the "GPL"), or
-+ * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
-+ * in which case the provisions of the GPL or the LGPL are applicable instead
-+ * of those above. If you wish to allow use of your version of this file only
-+ * under the terms of either the GPL or the LGPL, and not to allow others to
-+ * use your version of this file under the terms of the MPL, indicate your
-+ * decision by deleting the provisions above and replace them with the notice
-+ * and other provisions required by the GPL or the LGPL. If you do not delete
-+ * the provisions above, a recipient may use your version of this file under
-+ * the terms of any one of the MPL, the GPL or the LGPL.
-+ *
-+ * ***** END LICENSE BLOCK ***** */
-+
-+#include "nsISupports.idl"
-+
-+[scriptable, uuid(FAD8C90B-8E1D-446A-9B6C-241486A85CBD)]
-+interface nsPIDragService : nsISupports
-+{
-+ void dragMoved(in long aX, in long aY);
-+
-+ PRUint16 getInputSource();
-+
-+ void setDragEndPoint(in long aX, in long aY);
-+};
-diff --git a/widget/qt/nsDragService.h b/widget/qt/nsDragService.h
-index 393be99..56d0312 100644
---- a/widget/qt/nsDragService.h
-+++ b/widget/qt/nsDragService.h
-@@ -17,6 +17,8 @@ public:
- NS_DECL_ISUPPORTS
- NS_DECL_NSIDRAGSERVICE
-
-+ NS_IMETHOD DragMoved(PRInt32 aX, PRInt32 aY);
-+
- nsDragService();
-
- private:
-diff --git a/widget/windows/Makefile.in b/widget/windows/Makefile.in
-index 160c941..12f6dc7 100644
---- a/widget/windows/Makefile.in
-+++ b/widget/windows/Makefile.in
-@@ -88,6 +88,10 @@ ifdef MOZ_ENABLE_D3D10_LAYER
- DEFINES += -DMOZ_ENABLE_D3D10_LAYER
- endif
-
-+XPIDLSRCS += \
-+ nsPIDragServiceWindows.idl \
-+ $(NULL)
-+
- SHARED_LIBRARY_LIBS = \
- ../xpwidgets/$(LIB_PREFIX)xpwidgets_s.$(LIB_SUFFIX) \
- $(NULL)
-diff --git a/widget/windows/nsDragService.cpp b/widget/windows/nsDragService.cpp
-index efe8ce1..62e7d97 100644
---- a/widget/windows/nsDragService.cpp
-+++ b/widget/windows/nsDragService.cpp
-@@ -60,6 +60,8 @@ nsDragService::~nsDragService()
- NS_IF_RELEASE(mDataObject);
- }
-
-+NS_IMPL_ISUPPORTS_INHERITED1(nsDragService, nsBaseDragService, nsPIDragServiceWindows)
-+
- bool
- nsDragService::CreateDragImage(nsIDOMNode *aDOMNode,
- nsIScriptableRegion *aRegion,
-@@ -305,7 +307,7 @@ nsDragService::StartInvokingDragSession(IDataObject * aDataObj,
- POINT cpos;
- cpos.x = GET_X_LPARAM(pos);
- cpos.y = GET_Y_LPARAM(pos);
-- SetDragEndPoint(nsIntPoint(cpos.x, cpos.y));
-+ SetDragEndPoint(cpos.x, cpos.y);
- EndDragSession(true);
-
- mDoingDrag = false;
-@@ -423,25 +425,26 @@ nsDragService::GetData(nsITransferable * aTransferable, PRUint32 anItem)
-
- //---------------------------------------------------------
- NS_IMETHODIMP
--nsDragService::SetIDataObject(IDataObject * aDataObj)
-+nsDragService::SetIDataObject(nsISupports * aDataObj)
- {
-+ IDataObject *dataObj = (IDataObject*) aDataObj;
- // When the native drag starts the DragService gets
- // the IDataObject that is being dragged
- NS_IF_RELEASE(mDataObject);
-- mDataObject = aDataObj;
-+ mDataObject = dataObj;
- NS_IF_ADDREF(mDataObject);
-
- return NS_OK;
- }
-
- //---------------------------------------------------------
--void
-+NS_IMETHODIMP
- nsDragService::SetDroppedLocal()
- {
- // Sent from the native drag handler, letting us know
- // a drop occurred within the application vs. outside of it.
- mSentLocalDropEvent = true;
-- return;
-+ return NS_OK;
- }
-
- //-------------------------------------------------------------------------
-diff --git a/widget/windows/nsDragService.h b/widget/windows/nsDragService.h
-index 93b5480..bd2125b 100644
---- a/widget/windows/nsDragService.h
-+++ b/widget/windows/nsDragService.h
-@@ -7,6 +7,7 @@
- #define nsDragService_h__
-
- #include "nsBaseDragService.h"
-+#include "nsPIDragServiceWindows.h"
- #include <windows.h>
- #include <shlobj.h>
-
-@@ -20,12 +21,15 @@ class nsString;
- * Native Win32 DragService wrapper
- */
-
--class nsDragService : public nsBaseDragService
-+class nsDragService : public nsBaseDragService, public nsPIDragServiceWindows
- {
- public:
- nsDragService();
- virtual ~nsDragService();
--
-+
-+ NS_DECL_ISUPPORTS_INHERITED
-+ NS_DECL_NSPIDRAGSERVICEWINDOWS
-+
- // nsIDragService
- NS_IMETHOD InvokeDragSession(nsIDOMNode *aDOMNode,
- nsISupportsArray *anArrayTransferables,
-@@ -39,13 +43,9 @@ public:
- NS_IMETHOD EndDragSession(bool aDoneDrag);
-
- // native impl.
-- NS_IMETHOD SetIDataObject(IDataObject * aDataObj);
- NS_IMETHOD StartInvokingDragSession(IDataObject * aDataObj,
- PRUint32 aActionType);
-
-- // A drop occurred within the application vs. outside of it.
-- void SetDroppedLocal();
--
- protected:
- nsDataObjCollection* GetDataObjCollection(IDataObject * aDataObj);
-
-diff --git a/widget/windows/nsNativeDragSource.cpp b/widget/windows/nsNativeDragSource.cpp
-index e981ff9..e34613f 100644
---- a/widget/windows/nsNativeDragSource.cpp
-+++ b/widget/windows/nsNativeDragSource.cpp
-@@ -10,7 +10,7 @@
- #include "nsIServiceManager.h"
- #include "nsToolkit.h"
- #include "nsWidgetsCID.h"
--#include "nsIDragService.h"
-+#include "nsDragService.h"
-
- static NS_DEFINE_IID(kCDragServiceCID, NS_DRAGSERVICE_CID);
-
-@@ -69,9 +69,10 @@ STDMETHODIMP
- nsNativeDragSource::QueryContinueDrag(BOOL fEsc, DWORD grfKeyState)
- {
- nsCOMPtr<nsIDragService> dragService = do_GetService(kCDragServiceCID);
-- if (dragService) {
-+ nsCOMPtr<nsPIDragService> dragServicePriv = do_QueryInterface(dragService);
-+ if (dragServicePriv) {
- DWORD pos = ::GetMessagePos();
-- dragService->DragMoved(GET_X_LPARAM(pos), GET_Y_LPARAM(pos));
-+ dragServicePriv->DragMoved(GET_X_LPARAM(pos), GET_Y_LPARAM(pos));
- }
-
- if (fEsc) {
-diff --git a/widget/windows/nsNativeDragTarget.cpp b/widget/windows/nsNativeDragTarget.cpp
-index da1cd1f..96303c3 100644
---- a/widget/windows/nsNativeDragTarget.cpp
-+++ b/widget/windows/nsNativeDragTarget.cpp
-@@ -172,7 +172,11 @@ nsNativeDragTarget::DispatchDragDropEvent(PRUint32 aEventType, POINTL aPT)
- nsModifierKeyState modifierKeyState;
- modifierKeyState.InitInputEvent(event);
-
-- event.inputSource = static_cast<nsBaseDragService*>(mDragService)->GetInputSource();
-+ event.inputSource = 0;
-+ nsCOMPtr<nsPIDragService> dragServicePriv = do_QueryInterface(mDragService);
-+ if (dragServicePriv) {
-+ dragServicePriv->GetInputSource(&event.inputSource);
-+ }
-
- mWindow->DispatchEvent(&event, status);
- }
-@@ -259,9 +263,8 @@ nsNativeDragTarget::DragEnter(LPDATAOBJECT pIDataSource,
- // This cast is ok because in the constructor we created a
- // the actual implementation we wanted, so we know this is
- // a nsDragService. It should be a private interface, though.
-- nsDragService * winDragService =
-- static_cast<nsDragService *>(mDragService);
-- winDragService->SetIDataObject(pIDataSource);
-+ nsCOMPtr<nsPIDragServiceWindows> winDragService = do_QueryInterface(mDragService);
-+ winDragService->SetIDataObject((nsISupports*)pIDataSource);
-
- // Now process the native drag state and then dispatch the event
- ProcessDrag(NS_DRAGDROP_ENTER, grfKeyState, ptl, pdwEffect);
-@@ -399,8 +402,8 @@ nsNativeDragTarget::Drop(LPDATAOBJECT pData,
- // This cast is ok because in the constructor we created a
- // the actual implementation we wanted, so we know this is
- // a nsDragService (but it should still be a private interface)
-- nsDragService* winDragService = static_cast<nsDragService*>(mDragService);
-- winDragService->SetIDataObject(pData);
-+ nsCOMPtr<nsPIDragServiceWindows> winDragService = do_QueryInterface(mDragService);
-+ winDragService->SetIDataObject((nsISupports*)pData);
-
- // NOTE: ProcessDrag spins the event loop which may destroy arbitrary objects.
- // We use strong refs to prevent it from destroying these:
-@@ -424,11 +427,14 @@ nsNativeDragTarget::Drop(LPDATAOBJECT pData,
- // tell the drag service we're done with the session
- // Use GetMessagePos to get the position of the mouse at the last message
- // seen by the event loop. (Bug 489729)
-- DWORD pos = ::GetMessagePos();
-- POINT cpos;
-- cpos.x = GET_X_LPARAM(pos);
-- cpos.y = GET_Y_LPARAM(pos);
-- winDragService->SetDragEndPoint(nsIntPoint(cpos.x, cpos.y));
-+ nsCOMPtr<nsPIDragService> dragServicePriv = do_QueryInterface(mDragService);
-+ if (dragServicePriv) {
-+ DWORD pos = ::GetMessagePos();
-+ POINT cpos;
-+ cpos.x = GET_X_LPARAM(pos);
-+ cpos.y = GET_Y_LPARAM(pos);
-+ dragServicePriv->SetDragEndPoint(cpos.x, cpos.y);
-+ }
- serv->EndDragSession(true);
-
- // release the ref that was taken in DragEnter
-diff --git a/widget/windows/nsPIDragServiceWindows.idl b/widget/windows/nsPIDragServiceWindows.idl
-new file mode 100644
-index 0000000..c8a46dd
---- /dev/null
-+++ b/widget/windows/nsPIDragServiceWindows.idl
-@@ -0,0 +1,46 @@
-+/* ***** BEGIN LICENSE BLOCK *****
-+ * Version: MPL 1.1/GPL 2.0/LGPL 2.1
-+ *
-+ * The contents of this file are subject to the Mozilla Public License Version
-+ * 1.1 (the "License"); you may not use this file except in compliance with
-+ * the License. You may obtain a copy of the License at
-+ * http://www.mozilla.org/MPL/
-+ *
-+ * Software distributed under the License is distributed on an "AS IS" basis,
-+ * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
-+ * for the specific language governing rights and limitations under the
-+ * License.
-+ *
-+ * The Original Code is mozilla.org code.
-+ *
-+ * The Initial Developer of the Original Code is
-+ * The Mozilla Foundation.
-+ * Portions created by the Initial Developer are Copyright (C) 2012
-+ * the Initial Developer. All Rights Reserved.
-+ *
-+ * Contributor(s):
-+ * Steven Michaud <smichaud at pobox.com>
-+ *
-+ * Alternatively, the contents of this file may be used under the terms of
-+ * either the GNU General Public License Version 2 or later (the "GPL"), or
-+ * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
-+ * in which case the provisions of the GPL or the LGPL are applicable instead
-+ * of those above. If you wish to allow use of your version of this file only
-+ * under the terms of either the GPL or the LGPL, and not to allow others to
-+ * use your version of this file under the terms of the MPL, indicate your
-+ * decision by deleting the provisions above and replace them with the notice
-+ * and other provisions required by the GPL or the LGPL. If you do not delete
-+ * the provisions above, a recipient may use your version of this file under
-+ * the terms of any one of the MPL, the GPL or the LGPL.
-+ *
-+ * ***** END LICENSE BLOCK ***** */
-+
-+#include "nsISupports.idl"
-+
-+[scriptable, uuid(6FC2117D-5EB4-441A-9C12-62A783BEBC0C)]
-+interface nsPIDragServiceWindows : nsISupports
-+{
-+ void setIDataObject(in nsISupports aDataObj);
-+
-+ void setDroppedLocal();
-+};
-diff --git a/widget/xpwidgets/nsBaseDragService.cpp b/widget/xpwidgets/nsBaseDragService.cpp
-index 1b2ef0d..627ebd2 100644
---- a/widget/xpwidgets/nsBaseDragService.cpp
-+++ b/widget/xpwidgets/nsBaseDragService.cpp
-@@ -55,7 +55,7 @@ nsBaseDragService::~nsBaseDragService()
- {
- }
-
--NS_IMPL_ISUPPORTS2(nsBaseDragService, nsIDragService, nsIDragSession)
-+NS_IMPL_ISUPPORTS3(nsBaseDragService, nsIDragService, nsPIDragService, nsIDragSession)
-
- //---------------------------------------------------------
- NS_IMETHODIMP
-@@ -403,6 +403,20 @@ nsBaseDragService::DragMoved(PRInt32 aX, PRInt32 aY)
- return NS_OK;
- }
-
-+NS_IMETHODIMP
-+nsBaseDragService::SetDragEndPoint(PRInt32 aX, PRInt32 aY)
-+{
-+ mEndDragPoint = nsIntPoint(aX, aY);
-+ return NS_OK;
-+}
-+
-+NS_IMETHODIMP
-+nsBaseDragService::GetInputSource(PRUint16* aInputSource)
-+{
-+ *aInputSource = mInputSource;
-+ return NS_OK;
-+}
-+
- static nsIPresShell*
- GetPresShellForContent(nsIDOMNode* aDOMNode)
- {
-diff --git a/widget/xpwidgets/nsBaseDragService.h b/widget/xpwidgets/nsBaseDragService.h
-index 006747f..d825b53 100644
---- a/widget/xpwidgets/nsBaseDragService.h
-+++ b/widget/xpwidgets/nsBaseDragService.h
-@@ -7,6 +7,7 @@
- #define nsBaseDragService_h__
-
- #include "nsIDragService.h"
-+#include "nsPIDragService.h"
- #include "nsIDragSession.h"
- #include "nsITransferable.h"
- #include "nsISupportsArray.h"
-@@ -32,6 +33,7 @@ class nsICanvasElementExternal;
- */
-
- class nsBaseDragService : public nsIDragService,
-+ public nsPIDragService,
- public nsIDragSession
- {
-
-@@ -42,14 +44,11 @@ public:
- //nsISupports
- NS_DECL_ISUPPORTS
-
-- //nsIDragSession and nsIDragService
-+ //nsIDragSession, nsIDragService and nsPIDragService
- NS_DECL_NSIDRAGSERVICE
-+ NS_DECL_NSPIDRAGSERVICE
- NS_DECL_NSIDRAGSESSION
-
-- void SetDragEndPoint(nsIntPoint aEndDragPoint) { mEndDragPoint = aEndDragPoint; }
--
-- PRUint16 GetInputSource() { return mInputSource; }
--
- protected:
-
- /**
---
-1.7.5.4
-
diff --git a/src/current-patches/firefox/alpha/0019-Add-a-redirect-API-for-HTTPS-Everywhere.patch b/src/current-patches/firefox/alpha/0019-Add-a-redirect-API-for-HTTPS-Everywhere.patch
deleted file mode 100644
index 7f8ac2d..0000000
--- a/src/current-patches/firefox/alpha/0019-Add-a-redirect-API-for-HTTPS-Everywhere.patch
+++ /dev/null
@@ -1,345 +0,0 @@
-From b5d6491427d18bbae057a2974ea80421163fbc0a Mon Sep 17 00:00:00 2001
-From: Mike Perry <mikeperry-git at torproject.org>
-Date: Tue, 28 Aug 2012 18:30:22 -0700
-Subject: [PATCH 19/19] Add a redirect API for HTTPS-Everywhere.
-
----
- netwerk/protocol/http/HttpChannelChild.cpp | 15 ++++-
- netwerk/protocol/http/HttpChannelChild.h | 4 +
- netwerk/protocol/http/HttpChannelParent.cpp | 4 +
- netwerk/protocol/http/HttpChannelParent.h | 1 +
- netwerk/protocol/http/PHttpChannel.ipdl | 1 +
- netwerk/protocol/http/nsHttpChannel.cpp | 67 +++++++++++++++++---
- netwerk/protocol/http/nsHttpChannel.h | 12 +++-
- netwerk/protocol/http/nsIHttpChannel.idl | 12 ++++
- .../protocol/viewsource/nsViewSourceChannel.cpp | 13 ++++-
- 9 files changed, 117 insertions(+), 12 deletions(-)
-
-diff --git a/netwerk/protocol/http/HttpChannelChild.cpp b/netwerk/protocol/http/HttpChannelChild.cpp
-index cc88184..c26c8f4 100644
---- a/netwerk/protocol/http/HttpChannelChild.cpp
-+++ b/netwerk/protocol/http/HttpChannelChild.cpp
-@@ -1035,7 +1035,8 @@ HttpChannelChild::AsyncOpen(nsIStreamListener *listener, nsISupports *aContext)
- gNeckoChild->SendPHttpChannelConstructor(this, tabChild);
-
- SendAsyncOpen(IPC::URI(mURI), IPC::URI(mOriginalURI),
-- IPC::URI(mDocumentURI), IPC::URI(mReferrer), mLoadFlags,
-+ IPC::URI(mDocumentURI), IPC::URI(mReferrer),
-+ IPC::URI(mInternalRedirectURI), mLoadFlags,
- mClientSetRequestHeaders, mRequestHead.Method(),
- IPC::InputStream(mUploadStream), mUploadStreamHasHeaders,
- mPriority, mRedirectionLimit, mAllowPipelining,
-@@ -1079,6 +1080,18 @@ HttpChannelChild::SetupFallbackChannel(const char *aFallbackKey)
- DROP_DEAD();
- }
-
-+NS_IMETHODIMP
-+HttpChannelChild::RedirectTo(nsIURI *uri)
-+{
-+ // We can only redirect unopened channels
-+ NS_ENSURE_TRUE(!mIPCOpen, NS_ERROR_ALREADY_OPENED);
-+
-+ // The redirect is stored internally for use in AsyncOpen
-+ mInternalRedirectURI = uri;
-+
-+ return NS_OK;
-+}
-+
- // The next four _should_ be implemented, but we need to figure out how
- // to transfer the data from the chrome process first.
-
-diff --git a/netwerk/protocol/http/HttpChannelChild.h b/netwerk/protocol/http/HttpChannelChild.h
-index 6b699c7..b29a4a7 100644
---- a/netwerk/protocol/http/HttpChannelChild.h
-+++ b/netwerk/protocol/http/HttpChannelChild.h
-@@ -75,6 +75,9 @@ public:
- NS_IMETHOD GetLocalPort(PRInt32* port);
- NS_IMETHOD GetRemoteAddress(nsACString& addr);
- NS_IMETHOD GetRemotePort(PRInt32* port);
-+
-+ NS_IMETHOD RedirectTo(nsIURI *uri);
-+
- // nsISupportsPriority
- NS_IMETHOD SetPriority(PRInt32 value);
- // nsIResumableChannel
-@@ -125,6 +128,7 @@ private:
- RequestHeaderTuples mClientSetRequestHeaders;
- nsCOMPtr<nsIChildChannel> mRedirectChannelChild;
- nsCOMPtr<nsISupports> mSecurityInfo;
-+ nsCOMPtr<nsIURI> mInternalRedirectURI;
-
- bool mIsFromCache;
- bool mCacheEntryAvailable;
-diff --git a/netwerk/protocol/http/HttpChannelParent.cpp b/netwerk/protocol/http/HttpChannelParent.cpp
-index 8f95076..22f3bba 100644
---- a/netwerk/protocol/http/HttpChannelParent.cpp
-+++ b/netwerk/protocol/http/HttpChannelParent.cpp
-@@ -97,6 +97,7 @@ HttpChannelParent::RecvAsyncOpen(const IPC::URI& aURI,
- const IPC::URI& aOriginalURI,
- const IPC::URI& aDocURI,
- const IPC::URI& aReferrerURI,
-+ const IPC::URI& aInternalRedirectURI,
- const PRUint32& loadFlags,
- const RequestHeaderTuples& requestHeaders,
- const nsHttpAtom& requestMethod,
-@@ -117,6 +118,7 @@ HttpChannelParent::RecvAsyncOpen(const IPC::URI& aURI,
- nsCOMPtr<nsIURI> originalUri(aOriginalURI);
- nsCOMPtr<nsIURI> docUri(aDocURI);
- nsCOMPtr<nsIURI> referrerUri(aReferrerURI);
-+ nsCOMPtr<nsIURI> internalRedirectUri(aInternalRedirectURI);
-
- nsCString uriSpec;
- uri->GetSpec(uriSpec);
-@@ -144,6 +146,8 @@ HttpChannelParent::RecvAsyncOpen(const IPC::URI& aURI,
- httpChan->SetDocumentURI(docUri);
- if (referrerUri)
- httpChan->SetReferrerInternal(referrerUri);
-+ if (internalRedirectUri)
-+ httpChan->SetInternalRedirectURI(internalRedirectUri);
- if (loadFlags != nsIRequest::LOAD_NORMAL)
- httpChan->SetLoadFlags(loadFlags);
-
-diff --git a/netwerk/protocol/http/HttpChannelParent.h b/netwerk/protocol/http/HttpChannelParent.h
-index 9650aa9..2ac7e81 100644
---- a/netwerk/protocol/http/HttpChannelParent.h
-+++ b/netwerk/protocol/http/HttpChannelParent.h
-@@ -49,6 +49,7 @@ protected:
- const IPC::URI& originalUri,
- const IPC::URI& docUri,
- const IPC::URI& referrerUri,
-+ const IPC::URI& internalRedirectUri,
- const PRUint32& loadFlags,
- const RequestHeaderTuples& requestHeaders,
- const nsHttpAtom& requestMethod,
-diff --git a/netwerk/protocol/http/PHttpChannel.ipdl b/netwerk/protocol/http/PHttpChannel.ipdl
-index 10af59f..6053541 100644
---- a/netwerk/protocol/http/PHttpChannel.ipdl
-+++ b/netwerk/protocol/http/PHttpChannel.ipdl
-@@ -35,6 +35,7 @@ parent:
- URI original,
- URI doc,
- URI referrer,
-+ URI internalRedirect,
- PRUint32 loadFlags,
- RequestHeaderTuples requestHeaders,
- nsHttpAtom requestMethod,
-diff --git a/netwerk/protocol/http/nsHttpChannel.cpp b/netwerk/protocol/http/nsHttpChannel.cpp
-index 9c10e3a..57afae4 100644
---- a/netwerk/protocol/http/nsHttpChannel.cpp
-+++ b/netwerk/protocol/http/nsHttpChannel.cpp
-@@ -1396,18 +1396,17 @@ nsHttpChannel::HandleAsyncRedirectChannelToHttps()
- return;
- }
-
-- nsresult rv = AsyncRedirectChannelToHttps();
-+ nsresult rv = InternalRedirectChannelToHttps();
- if (NS_FAILED(rv))
-- ContinueAsyncRedirectChannelToHttps(rv);
-+ ContinueInternalRedirectChannelToURI(rv);
- }
-
- nsresult
--nsHttpChannel::AsyncRedirectChannelToHttps()
-+nsHttpChannel::InternalRedirectChannelToHttps()
- {
- nsresult rv = NS_OK;
- LOG(("nsHttpChannel::HandleAsyncRedirectChannelToHttps() [STS]\n"));
-
-- nsCOMPtr<nsIChannel> newChannel;
- nsCOMPtr<nsIURI> upgradedURI;
-
- rv = mURI->Clone(getter_AddRefs(upgradedURI));
-@@ -1429,6 +1428,48 @@ nsHttpChannel::AsyncRedirectChannelToHttps()
- else
- upgradedURI->SetPort(oldPort);
-
-+ return InternalRedirectChannelToURI(upgradedURI);
-+}
-+
-+NS_IMETHODIMP
-+nsHttpChannel::RedirectTo(nsIURI *newURI)
-+{
-+ // We can only redirect unopened channels
-+ NS_ENSURE_TRUE(!mWasOpened, NS_ERROR_ALREADY_OPENED);
-+
-+ // The redirect is stored internally for use in AsyncOpen
-+ mInternalRedirectURI = newURI;
-+
-+ return NS_OK;
-+}
-+
-+void
-+nsHttpChannel::HandleAsyncInternalRedirect()
-+{
-+ NS_PRECONDITION(!mCallOnResume, "How did that happen?");
-+ NS_PRECONDITION(mInternalRedirectURI, "How did that happen?");
-+
-+ if (mSuspendCount) {
-+ LOG(("Waiting until resume to do async API redirect [this=%p]\n", this));
-+ mCallOnResume = &nsHttpChannel::HandleAsyncInternalRedirect;
-+ return;
-+ }
-+
-+ nsresult rv = InternalRedirectChannelToURI(mInternalRedirectURI);
-+ if (NS_FAILED(rv))
-+ ContinueInternalRedirectChannelToURI(rv);
-+
-+ return;
-+}
-+
-+nsresult
-+nsHttpChannel::InternalRedirectChannelToURI(nsIURI *upgradedURI)
-+{
-+ nsresult rv = NS_OK;
-+ LOG(("nsHttpChannel::InternalRedirectChannelToURI()\n"));
-+
-+ nsCOMPtr<nsIChannel> newChannel;
-+
- nsCOMPtr<nsIIOService> ioService;
- rv = gHttpHandler->GetIOService(getter_AddRefs(ioService));
- NS_ENSURE_SUCCESS(rv, rv);
-@@ -1444,7 +1485,7 @@ nsHttpChannel::AsyncRedirectChannelToHttps()
- PRUint32 flags = nsIChannelEventSink::REDIRECT_PERMANENT;
-
- PushRedirectAsyncFunc(
-- &nsHttpChannel::ContinueAsyncRedirectChannelToHttps);
-+ &nsHttpChannel::ContinueInternalRedirectChannelToURI);
- rv = gHttpHandler->AsyncOnChannelRedirect(this, newChannel, flags);
-
- if (NS_SUCCEEDED(rv))
-@@ -1453,14 +1494,18 @@ nsHttpChannel::AsyncRedirectChannelToHttps()
- if (NS_FAILED(rv)) {
- AutoRedirectVetoNotifier notifier(this);
- PopRedirectAsyncFunc(
-- &nsHttpChannel::ContinueAsyncRedirectChannelToHttps);
-+ &nsHttpChannel::ContinueInternalRedirectChannelToURI);
-+
-+ // If we've failed so far, cancel the current channel, too,
-+ // as both HSTS and the redirectTo codepaths prefer
-+ // request failure to insecurity.
-+ Cancel(rv);
- }
-
- return rv;
- }
--
- nsresult
--nsHttpChannel::ContinueAsyncRedirectChannelToHttps(nsresult rv)
-+nsHttpChannel::ContinueInternalRedirectChannelToURI(nsresult rv)
- {
- AutoRedirectVetoNotifier notifier(this);
-
-@@ -3905,6 +3950,12 @@ nsHttpChannel::AsyncOpen(nsIStreamListener *listener, nsISupports *context)
- if (mLoadGroup)
- mLoadGroup->AddRequest(this, nsnull);
-
-+ // Check to see if we should redirect this channel elsewhere by
-+ // nsIHttpChannel.redirectTo API request
-+ if (mInternalRedirectURI) {
-+ return AsyncCall(&nsHttpChannel::HandleAsyncInternalRedirect);
-+ }
-+
- // Collect mAsyncOpenTime after we have called all obsrevers like
- // "http-on-modify-request" and load group observers that may set
- // mTimingEnabled flag.
-diff --git a/netwerk/protocol/http/nsHttpChannel.h b/netwerk/protocol/http/nsHttpChannel.h
-index 0382b1c..2c50507 100644
---- a/netwerk/protocol/http/nsHttpChannel.h
-+++ b/netwerk/protocol/http/nsHttpChannel.h
-@@ -103,6 +103,8 @@ public:
- // nsIChannel
- NS_IMETHOD GetSecurityInfo(nsISupports **aSecurityInfo);
- NS_IMETHOD AsyncOpen(nsIStreamListener *listener, nsISupports *aContext);
-+ // nsIHttpChannel
-+ NS_IMETHOD RedirectTo(nsIURI *newURI);
- // nsIHttpChannelInternal
- NS_IMETHOD SetupFallbackChannel(const char *aFallbackKey);
- // nsISupportsPriority
-@@ -117,6 +119,9 @@ public: /* internal necko use only */
- void SetUploadStreamHasHeaders(bool hasHeaders)
- { mUploadStreamHasHeaders = hasHeaders; }
-
-+ void SetInternalRedirectURI(nsIURI *redirectTo)
-+ { mInternalRedirectURI = redirectTo; }
-+
- nsresult SetReferrerInternal(nsIURI *referrer) {
- nsCAutoString spec;
- nsresult rv = referrer->GetAsciiSpec(spec);
-@@ -173,11 +178,13 @@ private:
-
- // redirection specific methods
- void HandleAsyncRedirect();
-+ void HandleAsyncInternalRedirect();
- nsresult ContinueHandleAsyncRedirect(nsresult);
- void HandleAsyncNotModified();
- void HandleAsyncFallback();
- nsresult ContinueHandleAsyncFallback(nsresult);
- nsresult PromptTempRedirect();
-+ nsresult InternalRedirectChannelToURI(nsIURI *);
- virtual nsresult SetupReplacementChannel(nsIURI *, nsIChannel *, bool preserveMethod);
-
- // proxy specific methods
-@@ -237,8 +244,8 @@ private:
- bool MustValidateBasedOnQueryUrl();
-
- void HandleAsyncRedirectChannelToHttps();
-- nsresult AsyncRedirectChannelToHttps();
-- nsresult ContinueAsyncRedirectChannelToHttps(nsresult rv);
-+ nsresult InternalRedirectChannelToHttps();
-+ nsresult ContinueInternalRedirectChannelToURI(nsresult rv);
-
- /**
- * A function that takes care of reading STS headers and enforcing STS
-@@ -310,6 +317,7 @@ private:
- friend class AutoRedirectVetoNotifier;
- friend class HttpAsyncAborter<nsHttpChannel>;
- nsCOMPtr<nsIURI> mRedirectURI;
-+ nsCOMPtr<nsIURI> mInternalRedirectURI;
- nsCOMPtr<nsIChannel> mRedirectChannel;
- PRUint32 mRedirectType;
-
-diff --git a/netwerk/protocol/http/nsIHttpChannel.idl b/netwerk/protocol/http/nsIHttpChannel.idl
-index c541df1..2ee3cbc 100644
---- a/netwerk/protocol/http/nsIHttpChannel.idl
-+++ b/netwerk/protocol/http/nsIHttpChannel.idl
-@@ -257,4 +257,16 @@ interface nsIHttpChannel : nsIChannel
- * has been received (before onStartRequest).
- */
- boolean isNoCacheResponse();
-+
-+ /**
-+ * Instructs the channel to immediately redirect to a new destination.
-+ * Can only be called on channels not yet opened.
-+ *
-+ * This method provides no explicit conflict resolution. The last
-+ * caller to call it wins.
-+ *
-+ * @throws NS_ERROR_ALREADY_OPENED if called after the channel
-+ * has been opened.
-+ */
-+ void redirectTo(in nsIURI aNewURI);
- };
-diff --git a/netwerk/protocol/viewsource/nsViewSourceChannel.cpp b/netwerk/protocol/viewsource/nsViewSourceChannel.cpp
-index 8f6d159..d1ca639 100644
---- a/netwerk/protocol/viewsource/nsViewSourceChannel.cpp
-+++ b/netwerk/protocol/viewsource/nsViewSourceChannel.cpp
-@@ -671,4 +671,15 @@ nsViewSourceChannel::IsNoCacheResponse(bool *_retval)
- {
- return !mHttpChannel ? NS_ERROR_NULL_POINTER :
- mHttpChannel->IsNoCacheResponse(_retval);
--}
-+}
-+
-+// XXX: Is this the right thing to do here? Or should we have
-+// made an nsIHTTPChannelRedirect that only nsHttpChannel implements?
-+// Also, will this mean that some ViewSource requests may be non-https?
-+// Or will the mHttpChannel take care of that for us?
-+NS_IMETHODIMP
-+nsViewSourceChannel::RedirectTo(nsIURI *uri)
-+{
-+ return NS_ERROR_NOT_IMPLEMENTED;
-+}
-+
---
-1.7.5.4
-
diff --git a/src/current-patches/firefox/alpha/0020-Add-mozIThirdPartyUtil.getFirstPartyURI-API.patch b/src/current-patches/firefox/alpha/0020-Add-mozIThirdPartyUtil.getFirstPartyURI-API.patch
deleted file mode 100644
index d7a24d9..0000000
--- a/src/current-patches/firefox/alpha/0020-Add-mozIThirdPartyUtil.getFirstPartyURI-API.patch
+++ /dev/null
@@ -1,148 +0,0 @@
-From e91ad38f3db238eebf2f1cae9383a6f317717bef Mon Sep 17 00:00:00 2001
-From: Mike Perry <mikeperry-git at torproject.org>
-Date: Tue, 28 Aug 2012 18:35:33 -0700
-Subject: [PATCH 20/21] Add mozIThirdPartyUtil.getFirstPartyURI API
-
-API allows you to get the url bar URI for a channel or nsIDocument.
----
- content/base/src/ThirdPartyUtil.cpp | 52 ++++++++++++++++++++++++++++
- content/base/src/ThirdPartyUtil.h | 2 +
- netwerk/base/public/mozIThirdPartyUtil.idl | 21 +++++++++++
- 3 files changed, 75 insertions(+), 0 deletions(-)
-
-diff --git a/content/base/src/ThirdPartyUtil.cpp b/content/base/src/ThirdPartyUtil.cpp
-index 97a000e..87ffc8a 100644
---- a/content/base/src/ThirdPartyUtil.cpp
-+++ b/content/base/src/ThirdPartyUtil.cpp
-@@ -7,6 +7,9 @@
- #include "nsIServiceManager.h"
- #include "nsIHttpChannelInternal.h"
- #include "nsIDOMWindow.h"
-+#include "nsICookiePermission.h"
-+#include "nsIDOMDocument.h"
-+#include "nsIDocument.h"
- #include "nsILoadContext.h"
- #include "nsIPrincipal.h"
- #include "nsIScriptObjectPrincipal.h"
-@@ -21,6 +24,7 @@ ThirdPartyUtil::Init()
-
- nsresult rv;
- mTLDService = do_GetService(NS_EFFECTIVETLDSERVICE_CONTRACTID, &rv);
-+ mCookiePermissions = do_GetService(NS_COOKIEPERMISSION_CONTRACTID);
- return rv;
- }
-
-@@ -282,3 +286,51 @@ ThirdPartyUtil::GetBaseDomain(nsIURI* aHostURI,
-
- return NS_OK;
- }
-+
-+NS_IMETHODIMP
-+ThirdPartyUtil::GetFirstPartyURI(nsIChannel *aChannel,
-+ nsIDocument *aDoc,
-+ nsIURI **aOutput)
-+{
-+ nsresult rv = NS_ERROR_NULL_POINTER;
-+
-+ if (!aChannel && aDoc) {
-+ aChannel = aDoc->GetChannel();
-+ }
-+
-+ // If aChannel is specified or available, use the official route
-+ // for sure
-+ if (aChannel) {
-+ rv = mCookiePermissions->GetOriginatingURI(aChannel, aOutput);
-+ }
-+
-+ // If the channel was missing, closed or broken, try the
-+ // window hierarchy directly.
-+ //
-+ // This might fail to work for first-party loads themselves, but
-+ // we don't need this codepath for that case.
-+ if (NS_FAILED(rv) && aDoc) {
-+ nsCOMPtr<nsIDOMWindow> top;
-+ nsCOMPtr<nsIDOMDocument> topDDoc;
-+
-+ aDoc->GetWindow()->GetTop(getter_AddRefs(top));
-+ top->GetDocument(getter_AddRefs(topDDoc));
-+
-+ nsCOMPtr<nsIDocument> topDoc(do_QueryInterface(topDDoc));
-+ *aOutput = topDoc->GetOriginalURI();
-+
-+ if (*aOutput)
-+ rv = NS_OK;
-+ }
-+
-+ // TODO: We could provide a route through the loadgroup + notification
-+ // callbacks too, but either channel or document was always available
-+ // in the cases where this function was originally needed (the image cache).
-+ // The notification callbacks also appear to suffers from the same limitation
-+ // as the document path. See nsICookiePermissions.GetOriginatingURI() for
-+ // details.
-+
-+ return rv;
-+}
-+
-+
-diff --git a/content/base/src/ThirdPartyUtil.h b/content/base/src/ThirdPartyUtil.h
-index 269069b..37c30e8 100644
---- a/content/base/src/ThirdPartyUtil.h
-+++ b/content/base/src/ThirdPartyUtil.h
-@@ -9,6 +9,7 @@
- #include "nsString.h"
- #include "mozIThirdPartyUtil.h"
- #include "nsIEffectiveTLDService.h"
-+#include "nsICookiePermission.h"
-
- class nsIURI;
- class nsIChannel;
-@@ -28,6 +29,7 @@ private:
- static already_AddRefed<nsIURI> GetURIFromWindow(nsIDOMWindow* aWin);
-
- nsCOMPtr<nsIEffectiveTLDService> mTLDService;
-+ nsCOMPtr<nsICookiePermission> mCookiePermissions;
- };
-
- #endif
-diff --git a/netwerk/base/public/mozIThirdPartyUtil.idl b/netwerk/base/public/mozIThirdPartyUtil.idl
-index 578d8db..1869d14 100644
---- a/netwerk/base/public/mozIThirdPartyUtil.idl
-+++ b/netwerk/base/public/mozIThirdPartyUtil.idl
-@@ -7,6 +7,7 @@
- interface nsIURI;
- interface nsIDOMWindow;
- interface nsIChannel;
-+interface nsIDocument;
-
- /**
- * Utility functions for determining whether a given URI, channel, or window
-@@ -140,6 +141,26 @@ interface mozIThirdPartyUtil : nsISupports
- * @return the base domain.
- */
- AUTF8String getBaseDomain(in nsIURI aHostURI);
-+
-+
-+ /**
-+ * getFirstPartyURI
-+ *
-+ * Obtain the top-level url bar URI for either a channel or a document.
-+ * Either parameter may be null (but not both).
-+ *
-+ * @param aChannel
-+ * An arbitrary channel for some content element of a first party
-+ * load. Can be null.
-+ *
-+ * @param aDoc
-+ * An arbitrary third party document. Can be null.
-+ *
-+ * @return the first party url bar URI for the load.
-+ */
-+ nsIURI getFirstPartyURI(in nsIChannel aChannel,
-+ in nsIDocument aDoc);
-+
- };
-
- %{ C++
---
-1.7.5.4
-
More information about the tor-commits
mailing list