[tor-commits] [torbrowser/master] remove alpha directory from firefox patches

erinn at torproject.org erinn at torproject.org
Wed Oct 24 15:35:18 UTC 2012


commit 06557b2845665a44c11b954d24081bed0e2011ba
Author: Erinn Clark <erinn at torproject.org>
Date:   Wed Oct 24 16:34:44 2012 +0100

    remove alpha directory from firefox patches
---
 ...nents.interfaces-lookupMethod-from-conten.patch |   50 --
 ...0002-Make-Permissions-Manager-memory-only.patch |   94 ----
 ...-Make-Intermediate-Cert-Store-memory-only.patch |   43 --
 .../alpha/0004-Add-a-string-based-cacheKey.patch   |   85 ---
 .../0005-Block-all-plugins-except-flash.patch      |   85 ---
 ...ontent-pref-service-memory-only-clearable.patch |   37 --
 .../0007-Disable-SSL-Session-ID-tracking.patch     |   28 -
 ...ice-and-system-specific-CSS-Media-Queries.patch |  116 -----
 .../0009-Make-Download-manager-memory-only.patch   |   57 --
 .../0010-Add-DDG-and-StartPage-to-Omnibox.patch    |   84 ---
 ...-nsICacheService.EvictEntries-synchronous.patch |   44 --
 ...owser-exit-when-not-launched-from-Vidalia.patch |   45 --
 ...13-Limit-the-number-of-fonts-per-document.patch |  225 --------
 ...observer-event-to-close-persistent-connec.patch |   40 --
 .../alpha/0015-Rebrand-Firefox-to-TorBrowser.patch |   59 ---
 .../alpha/0016-Prevent-WebSocket-DNS-leak.patch    |  133 -----
 ...ize-HTTP-request-order-and-pipeline-depth.patch |  151 ------
 ...Adapt-Steven-Michaud-s-Mac-crashfix-patch.patch |  545 --------------------
 ...9-Add-a-redirect-API-for-HTTPS-Everywhere.patch |  345 -------------
 ...d-mozIThirdPartyUtil.getFirstPartyURI-API.patch |  148 ------
 20 files changed, 0 insertions(+), 2414 deletions(-)

diff --git a/src/current-patches/firefox/alpha/0001-Block-Components.interfaces-lookupMethod-from-conten.patch b/src/current-patches/firefox/alpha/0001-Block-Components.interfaces-lookupMethod-from-conten.patch
deleted file mode 100644
index 921a716..0000000
--- a/src/current-patches/firefox/alpha/0001-Block-Components.interfaces-lookupMethod-from-conten.patch
+++ /dev/null
@@ -1,50 +0,0 @@
-From caab8c136e806dcd913d637210ff187abb1b6b29 Mon Sep 17 00:00:00 2001
-From: Mike Perry <mikeperry-git at torproject.org>
-Date: Wed, 1 Feb 2012 15:40:40 -0800
-Subject: [PATCH 01/19] Block Components.interfaces,lookupMethod from content
-
-This patch removes the ability of content script to access
-Components.interfaces.* as well as call or access Components.lookupMethod.
-
-These two interfaces seem to be exposed to content script only to make our
-lives difficult. Components.lookupMethod can undo our JS hooks, and
-Components.interfaces is useful for fingerprinting the platform, OS, and
-Firebox version.
-
-They appear to have no other legitimate use. See also:
-https://bugzilla.mozilla.org/show_bug.cgi?id=429070
-https://trac.torproject.org/projects/tor/ticket/2873
-https://trac.torproject.org/projects/tor/ticket/2874
----
- js/xpconnect/src/XPCComponents.cpp |    8 ++++++--
- 1 files changed, 6 insertions(+), 2 deletions(-)
-
-diff --git a/js/xpconnect/src/XPCComponents.cpp b/js/xpconnect/src/XPCComponents.cpp
-index ed7ab0a..609b73f 100644
---- a/js/xpconnect/src/XPCComponents.cpp
-+++ b/js/xpconnect/src/XPCComponents.cpp
-@@ -4621,7 +4621,9 @@ nsXPCComponents::CanCreateWrapper(const nsIID * iid, char **_retval)
- NS_IMETHODIMP
- nsXPCComponents::CanCallMethod(const nsIID * iid, const PRUnichar *methodName, char **_retval)
- {
--    static const char* allowed[] = { "isSuccessCode", "lookupMethod", nsnull };
-+    // XXX: Pref observer? Also, is this what we want? Seems like a plan
-+    //static const char* allowed[] = { "isSuccessCode", "lookupMethod", nsnull };
-+    static const char* allowed[] = { "isSuccessCode", nsnull };
-     *_retval = xpc_CheckAccessList(methodName, allowed);
-     return NS_OK;
- }
-@@ -4630,7 +4632,9 @@ nsXPCComponents::CanCallMethod(const nsIID * iid, const PRUnichar *methodName, c
- NS_IMETHODIMP
- nsXPCComponents::CanGetProperty(const nsIID * iid, const PRUnichar *propertyName, char **_retval)
- {
--    static const char* allowed[] = { "interfaces", "interfacesByID", "results", nsnull};
-+    // XXX: Pref observer? Also, is this what we want? Seems like a plan
-+    //    static const char* allowed[] = { "interfaces", "interfacesByID", "results", nsnull};
-+    static const char* allowed[] = { "results", nsnull};
-     *_retval = xpc_CheckAccessList(propertyName, allowed);
-     return NS_OK;
- }
--- 
-1.7.5.4
-
diff --git a/src/current-patches/firefox/alpha/0002-Make-Permissions-Manager-memory-only.patch b/src/current-patches/firefox/alpha/0002-Make-Permissions-Manager-memory-only.patch
deleted file mode 100644
index d73f1ab..0000000
--- a/src/current-patches/firefox/alpha/0002-Make-Permissions-Manager-memory-only.patch
+++ /dev/null
@@ -1,94 +0,0 @@
-From 12acd440d185f5536eed99084c4800a46d617197 Mon Sep 17 00:00:00 2001
-From: Mike Perry <mikeperry-git at torproject.org>
-Date: Wed, 1 Feb 2012 15:45:16 -0800
-Subject: [PATCH 02/19] Make Permissions Manager memory-only
-
-This patch exposes a pref 'permissions.memory_only' that properly isolates the
-permissions manager to memory, which is responsible for all user specified
-site permissions, as well as stored STS policy.
-
-The pref does successfully clear the permissions manager memory if toggled. It
-does not need to be set in prefs.js, and can be handled by Torbutton.
-
-https://trac.torproject.org/projects/tor/ticket/2950
----
- extensions/cookie/nsPermissionManager.cpp |   34 ++++++++++++++++++++++++++--
- 1 files changed, 31 insertions(+), 3 deletions(-)
-
-diff --git a/extensions/cookie/nsPermissionManager.cpp b/extensions/cookie/nsPermissionManager.cpp
-index 94791ca..1f7bcbd 100644
---- a/extensions/cookie/nsPermissionManager.cpp
-+++ b/extensions/cookie/nsPermissionManager.cpp
-@@ -24,6 +24,10 @@
- #include "mozStorageHelper.h"
- #include "mozStorageCID.h"
- #include "nsXULAppAPI.h"
-+#include "nsCOMPtr.h"
-+#include "nsIPrefService.h"
-+#include "nsIPrefBranch.h"
-+#include "nsIPrefBranch2.h"
- 
- static nsPermissionManager *gPermissionManager = nsnull;
- 
-@@ -167,6 +171,11 @@ nsPermissionManager::Init()
-     mObserverService->AddObserver(this, "profile-do-change", true);
-   }
- 
-+  nsCOMPtr<nsIPrefBranch2> pbi = do_GetService(NS_PREFSERVICE_CONTRACTID);
-+  if (pbi) {
-+    pbi->AddObserver("permissions.", this, PR_FALSE);
-+  }
-+
-   if (IsChildProcess()) {
-     // Get the permissions from the parent process
-     InfallibleTArray<IPC::Permission> perms;
-@@ -215,8 +224,18 @@ nsPermissionManager::InitDB(bool aRemoveFile)
-   if (!storage)
-     return NS_ERROR_UNEXPECTED;
- 
-+  bool memory_db = false;
-+  nsCOMPtr<nsIPrefBranch> prefs = do_GetService(NS_PREFSERVICE_CONTRACTID);
-+  if (prefs) {
-+    prefs->GetBoolPref("permissions.memory_only", &memory_db); 
-+  }
-+
-   // cache a connection to the hosts database
--  rv = storage->OpenDatabase(permissionsFile, getter_AddRefs(mDBConn));
-+  if (memory_db) {
-+    rv = storage->OpenSpecialDatabase("memory", getter_AddRefs(mDBConn));
-+  } else {
-+    rv = storage->OpenDatabase(permissionsFile, getter_AddRefs(mDBConn));
-+  }
-   NS_ENSURE_SUCCESS(rv, rv);
- 
-   bool ready;
-@@ -226,7 +245,11 @@ nsPermissionManager::InitDB(bool aRemoveFile)
-     rv = permissionsFile->Remove(false);
-     NS_ENSURE_SUCCESS(rv, rv);
- 
--    rv = storage->OpenDatabase(permissionsFile, getter_AddRefs(mDBConn));
-+    if (memory_db) {
-+      rv = storage->OpenSpecialDatabase("memory", getter_AddRefs(mDBConn));
-+    } else {
-+      rv = storage->OpenDatabase(permissionsFile, getter_AddRefs(mDBConn));
-+    }
-     NS_ENSURE_SUCCESS(rv, rv);
- 
-     mDBConn->GetConnectionReady(&ready);
-@@ -758,7 +781,12 @@ NS_IMETHODIMP nsPermissionManager::Observe(nsISupports *aSubject, const char *aT
- {
-   ENSURE_NOT_CHILD_PROCESS;
- 
--  if (!nsCRT::strcmp(aTopic, "profile-before-change")) {
-+  if (nsCRT::strcmp(aTopic, NS_PREFBRANCH_PREFCHANGE_TOPIC_ID) == 0) {
-+    if (!nsCRT::strcmp(someData, NS_LITERAL_STRING("permissions.memory_only").get())) {
-+      // XXX: Should we remove the file? Probably not..
-+      InitDB(PR_FALSE);
-+    }
-+  } else if (!nsCRT::strcmp(aTopic, "profile-before-change")) {
-     // The profile is about to change,
-     // or is going away because the application is shutting down.
-     if (!nsCRT::strcmp(someData, NS_LITERAL_STRING("shutdown-cleanse").get())) {
--- 
-1.7.5.4
-
diff --git a/src/current-patches/firefox/alpha/0003-Make-Intermediate-Cert-Store-memory-only.patch b/src/current-patches/firefox/alpha/0003-Make-Intermediate-Cert-Store-memory-only.patch
deleted file mode 100644
index 33cf5e9..0000000
--- a/src/current-patches/firefox/alpha/0003-Make-Intermediate-Cert-Store-memory-only.patch
+++ /dev/null
@@ -1,43 +0,0 @@
-From a95872e8de8230e8e0128314acd335a7cb3510fb Mon Sep 17 00:00:00 2001
-From: Mike Perry <mikeperry-git at fscked.org>
-Date: Fri, 19 Aug 2011 17:58:23 -0700
-Subject: [PATCH 03/19] Make Intermediate Cert Store memory-only.
-
-This patch makes the intermediate SSL cert store exist in memory only.
-
-The pref must be set before startup in prefs.js.
-https://trac.torproject.org/projects/tor/ticket/2949
----
- security/manager/ssl/src/nsNSSComponent.cpp |   15 ++++++++++++++-
- 1 files changed, 14 insertions(+), 1 deletions(-)
-
-diff --git a/security/manager/ssl/src/nsNSSComponent.cpp b/security/manager/ssl/src/nsNSSComponent.cpp
-index bc49de9..0f66320 100644
---- a/security/manager/ssl/src/nsNSSComponent.cpp
-+++ b/security/manager/ssl/src/nsNSSComponent.cpp
-@@ -1743,8 +1743,21 @@ nsNSSComponent::InitializeNSS(bool showWarningBox)
-     // Ubuntu 8.04, which loads any nonexistent "<configdir>/libnssckbi.so" as
-     // "/usr/lib/nss/libnssckbi.so".
-     PRUint32 init_flags = NSS_INIT_NOROOTINIT | NSS_INIT_OPTIMIZESPACE;
--    SECStatus init_rv = ::NSS_Initialize(profileStr.get(), "", "",
-+    bool nocertdb = false;
-+    mPrefBranch->GetBoolPref("security.nocertdb", &nocertdb);
-+
-+    // XXX: We can also do the the following to only disable the certdb.
-+    // Leaving this codepath in as a fallback in case InitNODB fails
-+    if (nocertdb)
-+      init_flags |= NSS_INIT_NOCERTDB;
-+
-+    SECStatus init_rv;
-+    if (nocertdb) {
-+        init_rv = ::NSS_NoDB_Init(NULL);
-+    } else {
-+        init_rv = ::NSS_Initialize(profileStr.get(), "", "",
-                                          SECMOD_DB, init_flags);
-+    }
- 
-     if (init_rv != SECSuccess) {
-       PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("can not init NSS r/w in %s\n", profileStr.get()));
--- 
-1.7.5.4
-
diff --git a/src/current-patches/firefox/alpha/0004-Add-a-string-based-cacheKey.patch b/src/current-patches/firefox/alpha/0004-Add-a-string-based-cacheKey.patch
deleted file mode 100644
index bbc6220..0000000
--- a/src/current-patches/firefox/alpha/0004-Add-a-string-based-cacheKey.patch
+++ /dev/null
@@ -1,85 +0,0 @@
-From df164279499b23794a112de4305f3ed99a25da68 Mon Sep 17 00:00:00 2001
-From: Mike Perry <mikeperry-git at torproject.org>
-Date: Tue, 28 Aug 2012 17:03:57 -0700
-Subject: [PATCH 04/19] Add a string-based cacheKey.
-
-Used for isolating cache according to same-origin policy.
----
- netwerk/base/public/nsICachingChannel.idl |    7 +++++++
- netwerk/protocol/http/nsHttpChannel.cpp   |   22 ++++++++++++++++++++++
- netwerk/protocol/http/nsHttpChannel.h     |    1 +
- 3 files changed, 30 insertions(+), 0 deletions(-)
-
-diff --git a/netwerk/base/public/nsICachingChannel.idl b/netwerk/base/public/nsICachingChannel.idl
-index 96a8aef..b1c6f05 100644
---- a/netwerk/base/public/nsICachingChannel.idl
-+++ b/netwerk/base/public/nsICachingChannel.idl
-@@ -66,6 +66,13 @@ interface nsICachingChannel : nsICacheInfoChannel
-     attribute nsISupports cacheKey;
- 
-     /**
-+     * Set/get the cache domain... uniquely identifies the data in the cache
-+     * for this channel.  Holding a reference to this key does NOT prevent
-+     * the cached data from being removed.
-+     */
-+    attribute AUTF8String cacheDomain;
-+
-+    /**
-      * Specifies whether or not the data should be cached to a file.  This
-      * may fail if the disk cache is not present.  The value of this attribute
-      * is usually only settable during the processing of a channel's
-diff --git a/netwerk/protocol/http/nsHttpChannel.cpp b/netwerk/protocol/http/nsHttpChannel.cpp
-index 290d04c..9c10e3a 100644
---- a/netwerk/protocol/http/nsHttpChannel.cpp
-+++ b/netwerk/protocol/http/nsHttpChannel.cpp
-@@ -2538,6 +2538,12 @@ nsHttpChannel::AssembleCacheKey(const char *spec, PRUint32 postID,
-         cacheKey.Append(buf);
-     }
- 
-+    if (strlen(mCacheDomain.get()) > 0) {
-+        cacheKey.AppendLiteral("domain=");
-+        cacheKey.Append(mCacheDomain.get());
-+        cacheKey.AppendLiteral("&");
-+    }
-+
-     if (!cacheKey.IsEmpty()) {
-         cacheKey.AppendLiteral("uri=");
-     }
-@@ -4876,6 +4882,22 @@ nsHttpChannel::SetCacheForOfflineUse(bool value)
- }
- 
- NS_IMETHODIMP
-+nsHttpChannel::GetCacheDomain(nsACString &value)
-+{
-+    value = mCacheDomain;
-+
-+    return NS_OK;
-+}
-+
-+NS_IMETHODIMP
-+nsHttpChannel::SetCacheDomain(const nsACString &value)
-+{
-+    mCacheDomain = value;
-+
-+    return NS_OK;
-+}
-+
-+NS_IMETHODIMP
- nsHttpChannel::GetOfflineCacheClientID(nsACString &value)
- {
-     value = mOfflineCacheClientID;
-diff --git a/netwerk/protocol/http/nsHttpChannel.h b/netwerk/protocol/http/nsHttpChannel.h
-index eaad05e..0382b1c 100644
---- a/netwerk/protocol/http/nsHttpChannel.h
-+++ b/netwerk/protocol/http/nsHttpChannel.h
-@@ -292,6 +292,7 @@ private:
-     nsCOMPtr<nsICacheEntryDescriptor> mOfflineCacheEntry;
-     nsCacheAccessMode                 mOfflineCacheAccess;
-     nsCString                         mOfflineCacheClientID;
-+    nsCString                         mCacheDomain;
- 
-     nsCOMPtr<nsILocalFile>            mProfileDirectory;
- 
--- 
-1.7.5.4
-
diff --git a/src/current-patches/firefox/alpha/0005-Block-all-plugins-except-flash.patch b/src/current-patches/firefox/alpha/0005-Block-all-plugins-except-flash.patch
deleted file mode 100644
index 79d92de..0000000
--- a/src/current-patches/firefox/alpha/0005-Block-all-plugins-except-flash.patch
+++ /dev/null
@@ -1,85 +0,0 @@
-From 5c43ec0bcc08d82d7ea1895e2586028ff0c43db2 Mon Sep 17 00:00:00 2001
-From: Mike Perry <mikeperry-git at torproject.org>
-Date: Wed, 1 Feb 2012 15:50:15 -0800
-Subject: [PATCH 05/19] Block all plugins except flash.
-
-We cannot use the @mozilla.org/extensions/blocklist;1 service, because we
-actually want to stop plugins from ever entering the browser's process space
-and/or executing code (for example, AV plugins that collect statistics/analyse
-urls, magical toolbars that phone home or "help" the user, skype buttons that
-ruin our day, and censorship filters). Hence we rolled our own.
-
-See https://trac.torproject.org/projects/tor/ticket/3547#comment:6 for musings
-on a better way. Until then, it is delta-darwinism for us.
----
- dom/plugins/base/nsPluginHost.cpp |   33 +++++++++++++++++++++++++++++++++
- dom/plugins/base/nsPluginHost.h   |    2 ++
- 2 files changed, 35 insertions(+), 0 deletions(-)
-
-diff --git a/dom/plugins/base/nsPluginHost.cpp b/dom/plugins/base/nsPluginHost.cpp
-index 2877669..901fbb9 100644
---- a/dom/plugins/base/nsPluginHost.cpp
-+++ b/dom/plugins/base/nsPluginHost.cpp
-@@ -1876,6 +1876,35 @@ bool nsPluginHost::IsDuplicatePlugin(nsPluginTag * aPluginTag)
-   return false;
- }
- 
-+PRBool nsPluginHost::GhettoBlacklist(nsIFile *pluginFile)
-+{
-+    nsCString leaf;
-+    const char *leafStr;
-+    nsresult rv;
-+    
-+    rv = pluginFile->GetNativeLeafName(leaf);
-+    if (NS_FAILED(rv)) {
-+        return PR_TRUE; // fuck 'em. blacklist.
-+    }
-+
-+    leafStr = leaf.get();
-+
-+    if (!leafStr) {
-+        return PR_TRUE; // fuck 'em. blacklist.
-+    }
-+
-+    // libgnashplugin.so, libflashplayer.so, Flash Player-10.4-10.5.plugin,
-+    // NPSWF32.dll, NPSWF64.dll
-+    if (strstr(leafStr, "libgnashplugin") == leafStr ||
-+        strstr(leafStr, "libflashplayer") == leafStr ||
-+        strstr(leafStr, "Flash Player") == leafStr ||
-+        strstr(leafStr, "NPSWF") == leafStr) {
-+        return PR_FALSE;
-+    }
-+
-+    return PR_TRUE; // fuck 'em. blacklist.
-+}
-+
- typedef NS_NPAPIPLUGIN_CALLBACK(char *, NP_GETMIMEDESCRIPTION)(void);
- 
- nsresult nsPluginHost::ScanPluginsDirectory(nsIFile *pluginsDir,
-@@ -2009,6 +2038,10 @@ nsresult nsPluginHost::ScanPluginsDirectory(nsIFile *pluginsDir,
-       continue;
-     }
- 
-+    if (GhettoBlacklist(localfile)) {
-+        continue;
-+    }
-+
-     // if it is not found in cache info list or has been changed, create a new one
-     if (!pluginTag) {
-       nsPluginFile pluginFile(localfile);
-diff --git a/dom/plugins/base/nsPluginHost.h b/dom/plugins/base/nsPluginHost.h
-index 036a102..1f7bd14 100644
---- a/dom/plugins/base/nsPluginHost.h
-+++ b/dom/plugins/base/nsPluginHost.h
-@@ -247,6 +247,8 @@ private:
-   // Loads all cached plugins info into mCachedPlugins
-   nsresult ReadPluginInfo();
- 
-+  PRBool GhettoBlacklist(nsIFile *pluginFile);
-+
-   // Given a file path, returns the plugins info from our cache
-   // and removes it from the cache.
-   void RemoveCachedPluginsInfo(const char *filePath,
--- 
-1.7.5.4
-
diff --git a/src/current-patches/firefox/alpha/0006-Make-content-pref-service-memory-only-clearable.patch b/src/current-patches/firefox/alpha/0006-Make-content-pref-service-memory-only-clearable.patch
deleted file mode 100644
index cc75ee1..0000000
--- a/src/current-patches/firefox/alpha/0006-Make-content-pref-service-memory-only-clearable.patch
+++ /dev/null
@@ -1,37 +0,0 @@
-From c1f6abc0766763e65c5e8b22f72171c5f8e4639b Mon Sep 17 00:00:00 2001
-From: Mike Perry <mikeperry-git at fscked.org>
-Date: Thu, 8 Sep 2011 08:40:17 -0700
-Subject: [PATCH 06/19] Make content pref service memory-only + clearable
-
-This prevents random urls from being inserted into content-prefs.sqllite in
-the profile directory as content prefs change (includes site-zoom and perhaps
-other site prefs?).
----
- .../contentprefs/nsContentPrefService.js           |    4 ++--
- 1 files changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/toolkit/components/contentprefs/nsContentPrefService.js b/toolkit/components/contentprefs/nsContentPrefService.js
-index 81f974d..31597ac 100644
---- a/toolkit/components/contentprefs/nsContentPrefService.js
-+++ b/toolkit/components/contentprefs/nsContentPrefService.js
-@@ -1208,7 +1208,7 @@ ContentPrefService.prototype = {
- 
-     var dbConnection;
- 
--    if (!dbFile.exists())
-+    if (true || !dbFile.exists())
-       dbConnection = this._dbCreate(dbService, dbFile);
-     else {
-       try {
-@@ -1256,7 +1256,7 @@ ContentPrefService.prototype = {
-   },
- 
-   _dbCreate: function ContentPrefService__dbCreate(aDBService, aDBFile) {
--    var dbConnection = aDBService.openDatabase(aDBFile);
-+    var dbConnection = aDBService.openSpecialDatabase("memory");
- 
-     try {
-       this._dbCreateSchema(dbConnection);
--- 
-1.7.5.4
-
diff --git a/src/current-patches/firefox/alpha/0007-Disable-SSL-Session-ID-tracking.patch b/src/current-patches/firefox/alpha/0007-Disable-SSL-Session-ID-tracking.patch
deleted file mode 100644
index 5b8270a..0000000
--- a/src/current-patches/firefox/alpha/0007-Disable-SSL-Session-ID-tracking.patch
+++ /dev/null
@@ -1,28 +0,0 @@
-From e3703799acddc621be9c64299070180721b489dc Mon Sep 17 00:00:00 2001
-From: Mike Perry <mikeperry-git at fscked.org>
-Date: Wed, 7 Dec 2011 19:36:38 -0800
-Subject: [PATCH 07/19] Disable SSL Session ID tracking.
-
-We can't easily bind SSL Session ID tracking to url bar domain,
-so we have to disable them to satisfy
-https://www.torproject.org/projects/torbrowser/design/#identifier-linkability.
----
- security/nss/lib/ssl/sslsock.c |    2 +-
- 1 files changed, 1 insertions(+), 1 deletions(-)
-
-diff --git a/security/nss/lib/ssl/sslsock.c b/security/nss/lib/ssl/sslsock.c
-index 0c4d0c7..8d23fc0 100644
---- a/security/nss/lib/ssl/sslsock.c
-+++ b/security/nss/lib/ssl/sslsock.c
-@@ -173,7 +173,7 @@ static sslOptions ssl_defaults = {
-     PR_FALSE,	/* enableSSL2         */ /* now defaults to off in NSS 3.13 */
-     PR_TRUE,	/* enableSSL3         */
-     PR_TRUE, 	/* enableTLS          */ /* now defaults to on in NSS 3.0 */
--    PR_FALSE,	/* noCache            */
-+    PR_TRUE,	/* noCache            */
-     PR_FALSE,	/* fdx                */
-     PR_FALSE,	/* v2CompatibleHello  */ /* now defaults to off in NSS 3.13 */
-     PR_TRUE,	/* detectRollBack     */
--- 
-1.7.5.4
-
diff --git a/src/current-patches/firefox/alpha/0008-Limit-device-and-system-specific-CSS-Media-Queries.patch b/src/current-patches/firefox/alpha/0008-Limit-device-and-system-specific-CSS-Media-Queries.patch
deleted file mode 100644
index 1b7d396..0000000
--- a/src/current-patches/firefox/alpha/0008-Limit-device-and-system-specific-CSS-Media-Queries.patch
+++ /dev/null
@@ -1,116 +0,0 @@
-From fdecb1911dd0bbd9bc611931c16026de17f6cbe9 Mon Sep 17 00:00:00 2001
-From: Shondoit Walker <shondoit at gmail.com>
-Date: Mon, 4 Jun 2012 19:15:31 +0200
-Subject: [PATCH 08/19] Limit device- and system-specific CSS Media Queries
-
-This is done to address
-https://www.torproject.org/projects/torbrowser/design/#fingerprinting-linkability
-
-This also fixes bug #4795 by making queries still available for chrome windows,
-whilst returning nothing or non-device-specific values for web pages or extensions.
----
- layout/style/nsMediaFeatures.cpp |   42 ++++++++++++++++++++++++-------------
- 1 files changed, 27 insertions(+), 15 deletions(-)
-
-diff --git a/layout/style/nsMediaFeatures.cpp b/layout/style/nsMediaFeatures.cpp
-index a814f30..c9785b9 100644
---- a/layout/style/nsMediaFeatures.cpp
-+++ b/layout/style/nsMediaFeatures.cpp
-@@ -98,6 +98,9 @@ GetDeviceContextFor(nsPresContext* aPresContext)
- static nsSize
- GetDeviceSize(nsPresContext* aPresContext)
- {
-+  if (!aPresContext->IsChrome()) {
-+    return GetSize(aPresContext);
-+  } else {
-     nsSize size;
-     if (aPresContext->IsRootPaginatedDocument())
-         // We want the page size, including unprintable areas and margins.
-@@ -108,6 +111,7 @@ GetDeviceSize(nsPresContext* aPresContext)
-         GetDeviceContextFor(aPresContext)->
-             GetDeviceSurfaceDimensions(size.width, size.height);
-     return size;
-+  }
- }
- 
- static nsresult
-@@ -151,17 +155,17 @@ static nsresult
- GetDeviceOrientation(nsPresContext* aPresContext, const nsMediaFeature*,
-                      nsCSSValue& aResult)
- {
--    nsSize size = GetDeviceSize(aPresContext);
--    PRInt32 orientation;
--    if (size.width > size.height) {
--        orientation = NS_STYLE_ORIENTATION_LANDSCAPE;
--    } else {
--        // Per spec, square viewports should be 'portrait'
--        orientation = NS_STYLE_ORIENTATION_PORTRAIT;
--    }
--
--    aResult.SetIntValue(orientation, eCSSUnit_Enumerated);
--    return NS_OK;
-+  nsSize size = GetDeviceSize(aPresContext);
-+  PRInt32 orientation;
-+  if (size.width > size.height) {
-+      orientation = NS_STYLE_ORIENTATION_LANDSCAPE;
-+  } else {
-+      // Per spec, square viewports should be 'portrait'
-+      orientation = NS_STYLE_ORIENTATION_PORTRAIT;
-+  }
-+
-+  aResult.SetIntValue(orientation, eCSSUnit_Enumerated);
-+  return NS_OK;
- }
- 
- static nsresult
-@@ -279,8 +283,12 @@ static nsresult
- GetDevicePixelRatio(nsPresContext* aPresContext, const nsMediaFeature*,
-                     nsCSSValue& aResult)
- {
--  float ratio = aPresContext->CSSPixelsToDevPixels(1.0f);
--  aResult.SetFloatValue(ratio, eCSSUnit_Number);
-+  if (aPresContext->IsChrome()) {
-+    float ratio = aPresContext->CSSPixelsToDevPixels(1.0f);
-+    aResult.SetFloatValue(ratio, eCSSUnit_Number);
-+  } else {
-+    aResult.SetFloatValue(1.0, eCSSUnit_Number);
-+  }
-   return NS_OK;
- }
- 
-@@ -288,18 +296,21 @@ static nsresult
- GetSystemMetric(nsPresContext* aPresContext, const nsMediaFeature* aFeature,
-                 nsCSSValue& aResult)
- {
-+  if (aPresContext->IsChrome()) {
-     NS_ABORT_IF_FALSE(aFeature->mValueType == nsMediaFeature::eBoolInteger,
-                       "unexpected type");
-     nsIAtom *metricAtom = *aFeature->mData.mMetric;
-     bool hasMetric = nsCSSRuleProcessor::HasSystemMetric(metricAtom);
-     aResult.SetIntValue(hasMetric ? 1 : 0, eCSSUnit_Integer);
--    return NS_OK;
-+  }
-+  return NS_OK;
- }
- 
- static nsresult
- GetWindowsTheme(nsPresContext* aPresContext, const nsMediaFeature* aFeature,
-                 nsCSSValue& aResult)
- {
-+  if (aPresContext->IsChrome()) {
-     aResult.Reset();
- #ifdef XP_WIN
-     PRUint8 windowsThemeId =
-@@ -318,7 +329,8 @@ GetWindowsTheme(nsPresContext* aPresContext, const nsMediaFeature* aFeature,
-         }
-     }
- #endif
--    return NS_OK;
-+  }
-+  return NS_OK;
- }
- 
- /*
--- 
-1.7.5.4
-
diff --git a/src/current-patches/firefox/alpha/0009-Make-Download-manager-memory-only.patch b/src/current-patches/firefox/alpha/0009-Make-Download-manager-memory-only.patch
deleted file mode 100644
index 6ee2744..0000000
--- a/src/current-patches/firefox/alpha/0009-Make-Download-manager-memory-only.patch
+++ /dev/null
@@ -1,57 +0,0 @@
-From ec182e8a83826db0c2bae711d594a26cd0b08a22 Mon Sep 17 00:00:00 2001
-From: Mike Perry <mikeperry-git at torproject.org>
-Date: Wed, 25 Apr 2012 13:39:35 -0700
-Subject: [PATCH 09/19] Make Download manager memory only.
-
-Solves https://trac.torproject.org/projects/tor/ticket/4017.
-
-Yes, this is an ugly hack. We *could* send the observer notification from
-Torbutton to tell the download manager to switch to memory, but then we have
-to dance around and tell it again if the user switches in and out of private
-browsing mode..
-
-The right way to do this is with a pref. Maybe I'll get to that someday, if
-this breaks enough times in conflict.
----
- toolkit/components/downloads/nsDownloadManager.cpp |    4 ++--
- toolkit/components/downloads/nsDownloadManager.h   |    2 +-
- 2 files changed, 3 insertions(+), 3 deletions(-)
-
-diff --git a/toolkit/components/downloads/nsDownloadManager.cpp b/toolkit/components/downloads/nsDownloadManager.cpp
-index 0e846a0..42ca743 100644
---- a/toolkit/components/downloads/nsDownloadManager.cpp
-+++ b/toolkit/components/downloads/nsDownloadManager.cpp
-@@ -2005,7 +2005,7 @@ nsDownloadManager::Observe(nsISupports *aSubject,
-     if (NS_LITERAL_STRING("memory").Equals(aData))
-       return SwitchDatabaseTypeTo(DATABASE_MEMORY);
-     else if (NS_LITERAL_STRING("disk").Equals(aData))
--      return SwitchDatabaseTypeTo(DATABASE_DISK);
-+      return SwitchDatabaseTypeTo(DATABASE_MEMORY);
-   }
-   else if (strcmp(aTopic, "alertclickcallback") == 0) {
-     nsCOMPtr<nsIDownloadManagerUI> dmui =
-@@ -2082,7 +2082,7 @@ nsDownloadManager::OnLeavePrivateBrowsingMode()
-   (void)ResumeAllDownloads(false);
- 
-   // Switch back to the on-disk DB again
--  (void)SwitchDatabaseTypeTo(DATABASE_DISK);
-+  //(void)SwitchDatabaseTypeTo(DATABASE_DISK);
- 
-   mInPrivateBrowsing = false;
- }
-diff --git a/toolkit/components/downloads/nsDownloadManager.h b/toolkit/components/downloads/nsDownloadManager.h
-index 5649eeb..1e7912b 100644
---- a/toolkit/components/downloads/nsDownloadManager.h
-+++ b/toolkit/components/downloads/nsDownloadManager.h
-@@ -54,7 +54,7 @@ public:
- 
-   virtual ~nsDownloadManager();
-   nsDownloadManager() :
--      mDBType(DATABASE_DISK)
-+      mDBType(DATABASE_MEMORY)
-     , mInPrivateBrowsing(false)
- #ifdef DOWNLOAD_SCANNER
-     , mScanner(nsnull)
--- 
-1.7.5.4
-
diff --git a/src/current-patches/firefox/alpha/0010-Add-DDG-and-StartPage-to-Omnibox.patch b/src/current-patches/firefox/alpha/0010-Add-DDG-and-StartPage-to-Omnibox.patch
deleted file mode 100644
index e9c6c2c..0000000
--- a/src/current-patches/firefox/alpha/0010-Add-DDG-and-StartPage-to-Omnibox.patch
+++ /dev/null
@@ -1,84 +0,0 @@
-From e58200766a98fc8e239c95eb19a0afcf9fcd6381 Mon Sep 17 00:00:00 2001
-From: Mike Perry <mikeperry-git at torproject.org>
-Date: Wed, 25 Apr 2012 15:03:46 -0700
-Subject: [PATCH 10/19] Add DDG and StartPage to Omnibox.
-
-You mean there are search engines that don't require captchas if you don't
-have a cookie? Holy crap. Get those in there now.
----
- browser/locales/en-US/searchplugins/duckduckgo.xml |   29 ++++++++++++++++++++
- browser/locales/en-US/searchplugins/list.txt       |    2 +
- browser/locales/en-US/searchplugins/startpage.xml  |   11 +++++++
- 3 files changed, 42 insertions(+), 0 deletions(-)
- create mode 100644 browser/locales/en-US/searchplugins/duckduckgo.xml
- create mode 100644 browser/locales/en-US/searchplugins/startpage.xml
-
-diff --git a/browser/locales/en-US/searchplugins/duckduckgo.xml b/browser/locales/en-US/searchplugins/duckduckgo.xml
-new file mode 100644
-index 0000000..4f00b4d
---- /dev/null
-+++ b/browser/locales/en-US/searchplugins/duckduckgo.xml
-@@ -0,0 +1,29 @@
-+<SearchPlugin xmlns="http://www.mozilla.org/2006/browser/search/">
-+<ShortName>DuckDuckGo</ShortName>
-+<Description>Duck Duck Go</Description>
-+<InputEncoding>UTF-8</InputEncoding>
-+<Image width="16" height="16">
-+AAAAAAAAAAAAAAAAAAAAAAAAAAAAJyDsJmlk8pf6+v3s/v7+++zr/fcnIOyzJyDsgCcg7CYAAAAA
-+AAAAAAAAAAAAAAAAAAAAAAAAAAAnIOwBJyDscCcg7PZttJ7/7Pfs//////++xO7/S5GA/ycg7P8n
-+IOz2JyDscCcg7AEAAAAAAAAAAAAAAAAnIOwBJyDstScg7P8nIOz/Y8p5/2fHZf9Yv0z/YcF2/1rB
-+Uv8nIOz/JyDs/ycg7P8nIOy1JyDsAQAAAAAAAAAAJyDscCcg7P8nIOz/JyDs/4jQoP/p9+n/////
-+/05X3v9LkYD/JyDs/ycg7P8nIOz/JyDs/ycg7HAAAAAAJyDsJicg7PYnIOz/JyDs/zUu7f/+/v//
-+//////////89N+7/JyDs/yUo7f8nIOz/JyDs/ycg7P8nIOz2JyDsJicg7IAnIOz/JyDs/ycg7P9h
-+XPH////////////t/P//GIr2/wfD+/8Gyfz/DKv5/yM57/8nIOz/JyDs/ycg7H8nIOyzJyDs/ycg
-+7P8nIOz/jov1////////////Otz9/w3G/P8cWfH/JSvt/ycg7P8nIOz/JyDs/ycg7P8nIOyzJyDs
-+5icg7P8nIOz/JyDs/7u5+f///////////27l/v8E0v3/BNL9/wTQ/f8Oofn/IT7v/ycg7P8nIOz/
-+JyDs5icg7OYnIOz/JyDs/ycg7P/p6P3/uWsC////////////5fr//6Po/f8Thfb/DKv5/w6f+f8n IOz/JyDs/ycg7OYnIOyzJyDs/ycg7P8nIOz/9/b+/////////////////7lrAv/V1Pv/JyDs/ycg
-+7P8nIOz/JyDs/ycg7P8nIOyzJyDsgCcg7P8nIOz/JyDs/8/N+///////////////////////iIX1
-+/ycg7P8nIOz/JyDs/ycg7P8nIOz/JyDsfycg7CYnIOz2JyDs/ycg7P9FP+7/q6n4/+7u/f/n5v3/
-+fXn0/yoj7P8nIOz/JyDs/ycg7P8nIOz/JyDs9icg7CYAAAAAJyDscCcg7P8nIOz/wsD6/+no/f/Y
-+1/z/eHTz/ycg7P8nIOz/JyDs/ycg7P8nIOz/JyDs/ycg7HAAAAAAAAAAACcg7AEnIOy1JyDs/ycg
-+7P8nIOz/JyDs/ycg7P8nIOz/JyDs/ycg7P8nIOz/JyDs/ycg7LUnIOwBAAAAAAAAAAAAAAAAJyDs
-+AScg7HAnIOz2JyDs/ycg7P8nIOz/JyDs/ycg7P8nIOz/JyDs9icg7HAnIOwBAAAAAAAAAAAAAAAA
-+AAAAAAAAAAAAAAAAJyDsJicg7IAnIOyzJyDs5icg7OYnIOyzJyDsgCcg7CYAAAAAAAAAAAAAAAAA
-+AAAA+B8AAPAPAADAAwAAwAMAAIABAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAABAACAAQAAwAMAAMAD
-+AADwDwAA+B8AAA==</Image>
-+<Url type="text/html" method="POST" template="https://duckduckgo.com/html/">
-+  <Param name="q" value="{searchTerms}"/>
-+</Url>
-+<SearchForm>https://duckduckgo.com/html/</SearchForm>
-+</SearchPlugin>
-diff --git a/browser/locales/en-US/searchplugins/list.txt b/browser/locales/en-US/searchplugins/list.txt
-index 2a1141a..0466f4e 100644
---- a/browser/locales/en-US/searchplugins/list.txt
-+++ b/browser/locales/en-US/searchplugins/list.txt
-@@ -1,7 +1,9 @@
- amazondotcom
- bing
-+duckduckgo
- eBay
- google
-+startpage
- twitter
- wikipedia
- yahoo
-diff --git a/browser/locales/en-US/searchplugins/startpage.xml b/browser/locales/en-US/searchplugins/startpage.xml
-new file mode 100644
-index 0000000..1a310b1
---- /dev/null
-+++ b/browser/locales/en-US/searchplugins/startpage.xml
-@@ -0,0 +1,11 @@
-+<SearchPlugin xmlns="http://www.mozilla.org/2006/browser/search/">
-+<ShortName>Startpage</ShortName>
-+<Description>Start Page</Description>
-+<InputEncoding>UTF-8</InputEncoding>
-+<Image width="16" height="16">
 +LN1/vmvbf/5r23/+a5t//mvb//4r2//TTuk/w8Pt/8fGrL/6ah1//ivcP/4r3P/q3yI/w8Pt/+MZpP/+bN5/vm4ev75t3X/+bV1//m1df/5t3X/+Ld3/8qUhP98XZn/Hxqz/+mse//5t3f/2p+B/x8as/8PD7f/u4qK//m7fv76u4D++bl7//m3fP/5uXz/+bl8//m5fP/5t3z/+bl//x8as/9NPKf/fWCb/x8as/8PD7f/bVOh//q5f//6v4X++sGI/vm9g//5voX/+b6F//m9hf/6vYX/+r6F//nCh/+bepr/Hxu0/w8Pt/8PD7f/fWOh//q+hf/6wof/+saN/vrGjf75xIv/+ceL//nEi//5xIv/+sSL//rHi//6x43/+ceN/+m7kP+7lpj/6ruQ//rHkP/6x43/+seQ//rLlf76ypT++seR//rJkf/6yZH/+seR//rJkf/6yZH/+8mR//vJlP/7yZT/+smU//rJlP/6yZT/+8yV//rJlf/6zpn+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==</Image>
-+
-+<Url type="text/html" method="POST" template="https://startpage.com/do/search">
-+  <Param name="q" value="{searchTerms}"/>
-+</Url>
-+<SearchForm>https://startpage.com/do/search/</SearchForm>
-+</SearchPlugin>
--- 
-1.7.5.4
-
diff --git a/src/current-patches/firefox/alpha/0011-Make-nsICacheService.EvictEntries-synchronous.patch b/src/current-patches/firefox/alpha/0011-Make-nsICacheService.EvictEntries-synchronous.patch
deleted file mode 100644
index 879cfa6..0000000
--- a/src/current-patches/firefox/alpha/0011-Make-nsICacheService.EvictEntries-synchronous.patch
+++ /dev/null
@@ -1,44 +0,0 @@
-From b0f594e6130bf618a25d33d80f7b66d110449dc9 Mon Sep 17 00:00:00 2001
-From: Mike Perry <mikeperry-git at torproject.org>
-Date: Tue, 1 May 2012 15:02:03 -0700
-Subject: [PATCH 11/19] Make nsICacheService.EvictEntries synchronous
-
-This fixes a race condition that allows cache-based EverCookies to persist for
-a brief time (on the order of minutes?) after cache clearing/"New Identity".
-
-https://trac.torproject.org/projects/tor/ticket/5715
----
- netwerk/cache/nsCacheService.cpp |   15 +++++++++++++--
- 1 files changed, 13 insertions(+), 2 deletions(-)
-
-diff --git a/netwerk/cache/nsCacheService.cpp b/netwerk/cache/nsCacheService.cpp
-index 991cc34..ef2ad25 100644
---- a/netwerk/cache/nsCacheService.cpp
-+++ b/netwerk/cache/nsCacheService.cpp
-@@ -1506,10 +1506,21 @@ NS_IMETHODIMP nsCacheService::VisitEntries(nsICacheVisitor *visitor)
-     return NS_OK;
- }
- 
--
- NS_IMETHODIMP nsCacheService::EvictEntries(nsCacheStoragePolicy storagePolicy)
- {
--    return  EvictEntriesForClient(nsnull, storagePolicy);
-+    NS_IMETHODIMP r;
-+    r = EvictEntriesForClient(nsnull, storagePolicy);
-+
-+    // XXX: Bloody hack until we get this notifier in FF14.0:
-+    // https://developer.mozilla.org/en/XPCOM_Interface_Reference/nsICacheListener#onCacheEntryDoomed%28%29
-+    if (storagePolicy == nsICache::STORE_ANYWHERE &&
-+            NS_IsMainThread() && gService && gService->mInitialized) {
-+        nsCacheServiceAutoLock lock;
-+        gService->DoomActiveEntries();
-+        gService->ClearDoomList();
-+        (void) SyncWithCacheIOThread();
-+    }
-+    return r; 
- }
- 
- NS_IMETHODIMP nsCacheService::GetCacheIOTarget(nsIEventTarget * *aCacheIOTarget)
--- 
-1.7.5.4
-
diff --git a/src/current-patches/firefox/alpha/0012-Make-Tor-Browser-exit-when-not-launched-from-Vidalia.patch b/src/current-patches/firefox/alpha/0012-Make-Tor-Browser-exit-when-not-launched-from-Vidalia.patch
deleted file mode 100644
index 91a5347..0000000
--- a/src/current-patches/firefox/alpha/0012-Make-Tor-Browser-exit-when-not-launched-from-Vidalia.patch
+++ /dev/null
@@ -1,45 +0,0 @@
-From 07ed1fba9d99b3aa860ab75f34c7650341c59b77 Mon Sep 17 00:00:00 2001
-From: Mike Perry <mikeperry-git at torproject.org>
-Date: Thu, 7 Jun 2012 14:45:26 -0700
-Subject: [PATCH 12/19] Make Tor Browser exit when not launched from Vidalia
-
-Turns out the Windows 7 UI encourages users to "dock" their Tor Browser app
-for easy relaunch. If they manage to do this, we should fail closed rather
-than opened. Hopefully they will get the hint and dock Vidalia instead.
-
-This is an emergency fix for
-https://trac.torproject.org/projects/tor/ticket/4192. We can do a better
-localized fix w/ a translated alert menu later, if it seems like this might
-actually be common.
----
- browser/base/content/browser.js |   14 ++++++++++++++
- 1 files changed, 14 insertions(+), 0 deletions(-)
-
-diff --git a/browser/base/content/browser.js b/browser/base/content/browser.js
-index 79ab155..84f747c 100644
---- a/browser/base/content/browser.js
-+++ b/browser/base/content/browser.js
-@@ -995,6 +995,20 @@ function BrowserStartup() {
- 
-   prepareForStartup();
- 
-+  // If this is not a TBB profile, exit. 
-+  // Solves https://trac.torproject.org/projects/tor/ticket/4192
-+  var foundPref = false;
-+  try {
-+    foundPref = gPrefService.prefHasUserValue("torbrowser.version");
-+  } catch(e) {
-+    //dump("No pref: "+e);
-+  }
-+  if(!foundPref) {
-+    var appStartup = Components.classes["@mozilla.org/toolkit/app-startup;1"]
-+                         .getService(Components.interfaces.nsIAppStartup);
-+    appStartup.quit(3); // Force all windows to close, and then quit.
-+  }
-+
-   if (uriToLoad && uriToLoad != "about:blank") {
-     if (uriToLoad instanceof Ci.nsISupportsArray) {
-       let count = uriToLoad.Count();
--- 
-1.7.5.4
-
diff --git a/src/current-patches/firefox/alpha/0013-Limit-the-number-of-fonts-per-document.patch b/src/current-patches/firefox/alpha/0013-Limit-the-number-of-fonts-per-document.patch
deleted file mode 100644
index 95e3f48..0000000
--- a/src/current-patches/firefox/alpha/0013-Limit-the-number-of-fonts-per-document.patch
+++ /dev/null
@@ -1,225 +0,0 @@
-From a94c453f1b68acddb84d1a97e10de3994dfdf2cd Mon Sep 17 00:00:00 2001
-From: Mike Perry <mikeperry-git at torproject.org>
-Date: Thu, 7 Jun 2012 15:09:59 -0700
-Subject: [PATCH 13/19] Limit the number of fonts per document.
-
-We create two prefs:
-browser.display.max_font_count and browser.display.max_font_attempts.
-max_font_count sets a limit on the number of fonts actually used in the
-document, and max_font_attempts sets a limit on the total number of CSS
-queries that a document is allowed to perform.
-
-Once either limit is reached, the browser behaves as if
-browser.display.use_document_fonts was set to 0 for subsequent font queries.
-
-If a pref is not set or is negative, that limit does not apply.
-
-This is done to address:
-https://www.torproject.org/projects/torbrowser/design/#fingerprinting-linkability
----
- layout/base/nsPresContext.cpp |  100 +++++++++++++++++++++++++++++++++++++++++
- layout/base/nsPresContext.h   |    9 ++++
- layout/style/nsRuleNode.cpp   |   13 ++++-
- 3 files changed, 119 insertions(+), 3 deletions(-)
-
-diff --git a/layout/base/nsPresContext.cpp b/layout/base/nsPresContext.cpp
-index f49d9f3..53f0b12 100644
---- a/layout/base/nsPresContext.cpp
-+++ b/layout/base/nsPresContext.cpp
-@@ -63,6 +63,8 @@
- #include "FrameLayerBuilder.h"
- #include "nsDOMMediaQueryList.h"
- #include "nsSMILAnimationController.h"
-+#include "nsString.h"
-+#include "nsUnicharUtils.h"
- 
- #ifdef IBMBIDI
- #include "nsBidiPresUtils.h"
-@@ -740,6 +742,10 @@ nsPresContext::GetUserPreferences()
-   // * use fonts?
-   mUseDocumentFonts =
-     Preferences::GetInt("browser.display.use_document_fonts") != 0;
-+  mMaxFonts =
-+    Preferences::GetInt("browser.display.max_font_count", -1);
-+  mMaxFontAttempts =
-+    Preferences::GetInt("browser.display.max_font_attempts", -1);
- 
-   // * replace backslashes with Yen signs? (bug 245770)
-   mEnableJapaneseTransform =
-@@ -1363,6 +1369,100 @@ nsPresContext::GetDefaultFont(PRUint8 aFontID, nsIAtom *aLanguage) const
-   return font;
- }
- 
-+PRBool
-+nsPresContext::FontUseCountReached(const nsFont &font) {
-+  if (mMaxFonts < 0) {
-+    return PR_FALSE;
-+  }
-+
-+  for (PRUint32 i = 0; i < mFontsUsed.Length(); i++) {
-+    if (mFontsUsed[i].name.Equals(font.name,
-+                                  nsCaseInsensitiveStringComparator())
-+        // XXX: Style is sometimes filled with garbage??
-+        /*&& mFontsUsed[i].style == font.style*/) {
-+      // seen it before: OK
-+      return PR_FALSE;
-+    }
-+  }
-+
-+  if (mFontsUsed.Length() >= mMaxFonts) {
-+    return PR_TRUE;
-+  }
-+
-+  return PR_FALSE;
-+}
-+
-+PRBool
-+nsPresContext::FontAttemptCountReached(const nsFont &font) {
-+  if (mMaxFontAttempts < 0) {
-+    return PR_FALSE;
-+  }
-+
-+  for (PRUint32 i = 0; i < mFontsTried.Length(); i++) {
-+    if (mFontsTried[i].name.Equals(font.name,
-+                                  nsCaseInsensitiveStringComparator())
-+        // XXX: Style is sometimes filled with garbage??
-+        /*&& mFontsTried[i].style == font.style*/) {
-+      // seen it before: OK
-+      return PR_FALSE;
-+    }
-+  }
-+
-+  if (mFontsTried.Length() >= mMaxFontAttempts) {
-+    return PR_TRUE;
-+  }
-+
-+  return PR_FALSE;
-+}
-+
-+void
-+nsPresContext::AddFontUse(const nsFont &font) {
-+  if (mMaxFonts < 0) {
-+    return;
-+  }
-+
-+  for (PRUint32 i = 0; i < mFontsUsed.Length(); i++) {
-+    if (mFontsUsed[i].name.Equals(font.name,
-+                                  nsCaseInsensitiveStringComparator())
-+        // XXX: Style is sometimes filled with garbage??
-+        /*&& mFontsUsed[i].style == font.style*/) {
-+      // seen it before: OK
-+      return;
-+    }
-+  }
-+
-+  if (mFontsUsed.Length() >= mMaxFonts) {
-+    return;
-+  }
-+   
-+  mFontsUsed.AppendElement(font);
-+  return;
-+}
-+
-+void
-+nsPresContext::AddFontAttempt(const nsFont &font) {
-+  if (mMaxFontAttempts < 0) {
-+    return;
-+  }
-+
-+  for (PRUint32 i = 0; i < mFontsTried.Length(); i++) {
-+    if (mFontsTried[i].name.Equals(font.name,
-+                                  nsCaseInsensitiveStringComparator())
-+        // XXX: Style is sometimes filled with garbage??
-+        /*&& mFontsTried[i].style == font.style*/) {
-+      // seen it before: OK
-+      return;
-+    }
-+  }
-+
-+  if (mFontsTried.Length() >= mMaxFontAttempts) {
-+    return;
-+  }
-+   
-+  mFontsTried.AppendElement(font);
-+  return;
-+}
-+
- void
- nsPresContext::SetFullZoom(float aZoom)
- {
-diff --git a/layout/base/nsPresContext.h b/layout/base/nsPresContext.h
-index 0c42c6b..f37c7a2 100644
---- a/layout/base/nsPresContext.h
-+++ b/layout/base/nsPresContext.h
-@@ -514,6 +514,13 @@ public:
-     }
-   }
- 
-+  nsTArray<nsFont> mFontsUsed; // currently for font-count limiting only
-+  nsTArray<nsFont> mFontsTried; // currently for font-count limiting only
-+  void AddFontUse(const nsFont &font);
-+  void AddFontAttempt(const nsFont &font);
-+  PRBool FontUseCountReached(const nsFont &font);
-+  PRBool FontAttemptCountReached(const nsFont &font);
-+
-   /**
-    * Get the minimum font size for the specified language. If aLanguage
-    * is nsnull, then the document's language is used.
-@@ -1174,6 +1181,8 @@ protected:
-   PRUint32              mInterruptChecksToSkip;
- 
-   mozilla::TimeStamp    mReflowStartTime;
-+  PRInt32               mMaxFontAttempts;
-+  PRInt32               mMaxFonts;
- 
-   unsigned              mHasPendingInterrupt : 1;
-   unsigned              mInterruptsEnabled : 1;
-diff --git a/layout/style/nsRuleNode.cpp b/layout/style/nsRuleNode.cpp
-index 01613b8..fb19eba 100644
---- a/layout/style/nsRuleNode.cpp
-+++ b/layout/style/nsRuleNode.cpp
-@@ -3387,14 +3387,15 @@ nsRuleNode::ComputeFontData(void* aStartStruct,
- 
-   bool useDocumentFonts =
-     mPresContext->GetCachedBoolPref(kPresContext_UseDocumentFonts);
-+  bool isXUL = PR_FALSE;
- 
-   // See if we are in the chrome
-   // We only need to know this to determine if we have to use the
-   // document fonts (overriding the useDocumentFonts flag).
--  if (!useDocumentFonts && mPresContext->IsChrome()) {
-+  if (mPresContext->IsChrome()) {
-     // if we are not using document fonts, but this is a XUL document,
-     // then we use the document fonts anyway
--    useDocumentFonts = true;
-+    isXUL = true;
-   }
- 
-   // Figure out if we are a generic font
-@@ -3408,9 +3409,13 @@ nsRuleNode::ComputeFontData(void* aStartStruct,
-     // generic?
-     nsFont::GetGenericID(font->mFont.name, &generic);
- 
-+    mPresContext->AddFontAttempt(font->mFont);
-+
-     // If we aren't allowed to use document fonts, then we are only entitled
-     // to use the user's default variable-width font and fixed-width font
--    if (!useDocumentFonts) {
-+    if (!isXUL && (!useDocumentFonts ||
-+                    mPresContext->FontAttemptCountReached(font->mFont) ||
-+                    mPresContext->FontUseCountReached(font->mFont))) {
-       // Extract the generic from the specified font family...
-       nsAutoString genericName;
-       if (!font->mFont.EnumerateFamilies(ExtractGeneric, &genericName)) {
-@@ -3446,6 +3451,8 @@ nsRuleNode::ComputeFontData(void* aStartStruct,
-                                font);
-   }
- 
-+  if (font->mGenericID == kGenericFont_NONE)
-+    mPresContext->AddFontUse(font->mFont);
-   COMPUTE_END_INHERITED(Font, font)
- }
- 
--- 
-1.7.5.4
-
diff --git a/src/current-patches/firefox/alpha/0014-Provide-an-observer-event-to-close-persistent-connec.patch b/src/current-patches/firefox/alpha/0014-Provide-an-observer-event-to-close-persistent-connec.patch
deleted file mode 100644
index 6f63876..0000000
--- a/src/current-patches/firefox/alpha/0014-Provide-an-observer-event-to-close-persistent-connec.patch
+++ /dev/null
@@ -1,40 +0,0 @@
-From af43ed872bd64b623ea1d5b83926c4d06e8fcd7d Mon Sep 17 00:00:00 2001
-From: Mike Perry <mikeperry-git at torproject.org>
-Date: Fri, 7 Sep 2012 16:18:26 -0700
-Subject: [PATCH 14/19] Provide an observer event to close persistent
- connections
-
-We need to prevent linkability across "New Identity", which includes closing
-keep-alive connections.
----
- netwerk/protocol/http/nsHttpHandler.cpp |    7 +++++++
- 1 files changed, 7 insertions(+), 0 deletions(-)
-
-diff --git a/netwerk/protocol/http/nsHttpHandler.cpp b/netwerk/protocol/http/nsHttpHandler.cpp
-index 2f71837..b066140 100644
---- a/netwerk/protocol/http/nsHttpHandler.cpp
-+++ b/netwerk/protocol/http/nsHttpHandler.cpp
-@@ -309,6 +309,7 @@ nsHttpHandler::Init()
-         mObserverService->AddObserver(this, "net:clear-active-logins", true);
-         mObserverService->AddObserver(this, NS_PRIVATE_BROWSING_SWITCH_TOPIC, true);
-         mObserverService->AddObserver(this, "net:prune-dead-connections", true);
-+        mObserverService->AddObserver(this, "net:prune-all-connections", true);
-         mObserverService->AddObserver(this, "net:failed-to-process-uri-content", true);
-     }
-  
-@@ -1651,6 +1652,12 @@ nsHttpHandler::Observe(nsISupports *subject,
-         if (uri && mConnMgr)
-             mConnMgr->ReportFailedToProcess(uri);
-     }
-+    else if (strcmp(topic, "net:prune-all-connections") == 0) {
-+        if (mConnMgr) {
-+           mConnMgr->ClosePersistentConnections();
-+           mConnMgr->PruneDeadConnections();
-+        }
-+    }
-   
-     return NS_OK;
- }
--- 
-1.7.5.4
-
diff --git a/src/current-patches/firefox/alpha/0015-Rebrand-Firefox-to-TorBrowser.patch b/src/current-patches/firefox/alpha/0015-Rebrand-Firefox-to-TorBrowser.patch
deleted file mode 100644
index 2a6a9c5..0000000
--- a/src/current-patches/firefox/alpha/0015-Rebrand-Firefox-to-TorBrowser.patch
+++ /dev/null
@@ -1,59 +0,0 @@
-From d14732e7069aa8c33733f067e1e706bd852e3aba Mon Sep 17 00:00:00 2001
-From: Mike Perry <mikeperry-git at torproject.org>
-Date: Tue, 28 Aug 2012 18:05:11 -0700
-Subject: [PATCH 15/19] Rebrand Firefox to TorBrowser
-
-This patch does some basic renaming of Firefox to TorBrowser. The rest of the
-branding is done by images and icons.
----
- browser/branding/official/configure.sh             |    2 +-
- browser/branding/official/locales/en-US/brand.dtd  |    6 +++---
- .../official/locales/en-US/brand.properties        |    6 +++---
- 3 files changed, 7 insertions(+), 7 deletions(-)
-
-diff --git a/browser/branding/official/configure.sh b/browser/branding/official/configure.sh
-index 55f3f18..33102b0 100644
---- a/browser/branding/official/configure.sh
-+++ b/browser/branding/official/configure.sh
-@@ -2,5 +2,5 @@
- # License, v. 2.0. If a copy of the MPL was not distributed with this
- # file, You can obtain one at http://mozilla.org/MPL/2.0/.
- 
--MOZ_APP_DISPLAYNAME=Firefox
-+MOZ_APP_DISPLAYNAME=TorBrowser
- MOZ_UA_BUILDID=20100101
-diff --git a/browser/branding/official/locales/en-US/brand.dtd b/browser/branding/official/locales/en-US/brand.dtd
-index 8e7f6c9..76e405d 100644
---- a/browser/branding/official/locales/en-US/brand.dtd
-+++ b/browser/branding/official/locales/en-US/brand.dtd
-@@ -2,7 +2,7 @@
-    - License, v. 2.0. If a copy of the MPL was not distributed with this
-    - file, You can obtain one at http://mozilla.org/MPL/2.0/. -->
- 
--<!ENTITY  brandShortName        "Firefox">
--<!ENTITY  brandFullName         "Mozilla Firefox">
--<!ENTITY  vendorShortName       "Mozilla">
-+<!ENTITY  brandShortName        "TorBrowser">
-+<!ENTITY  brandFullName         "Tor Browser">
-+<!ENTITY  vendorShortName       "Tor Project">
- <!ENTITY  trademarkInfo.part1   "Firefox and the Firefox logos are trademarks of the Mozilla Foundation.">
-diff --git a/browser/branding/official/locales/en-US/brand.properties b/browser/branding/official/locales/en-US/brand.properties
-index 4a67c55..9ae168e 100644
---- a/browser/branding/official/locales/en-US/brand.properties
-+++ b/browser/branding/official/locales/en-US/brand.properties
-@@ -2,9 +2,9 @@
- # License, v. 2.0. If a copy of the MPL was not distributed with this
- # file, You can obtain one at http://mozilla.org/MPL/2.0/.
- 
--brandShortName=Firefox
--brandFullName=Mozilla Firefox
--vendorShortName=Mozilla
-+brandShortName=TorBrowser
-+brandFullName=Tor Browser
-+vendorShortName=Tor Project
- 
- homePageSingleStartMain=Firefox Start, a fast home page with built-in search
- homePageImport=Import your home page from %S
--- 
-1.7.5.4
-
diff --git a/src/current-patches/firefox/alpha/0016-Prevent-WebSocket-DNS-leak.patch b/src/current-patches/firefox/alpha/0016-Prevent-WebSocket-DNS-leak.patch
deleted file mode 100644
index 3c0367d..0000000
--- a/src/current-patches/firefox/alpha/0016-Prevent-WebSocket-DNS-leak.patch
+++ /dev/null
@@ -1,133 +0,0 @@
-From 727bc1103bc663e1bc2a25bb4fb8e9c9fb31763b Mon Sep 17 00:00:00 2001
-From: Mike Perry <mikeperry-git at torproject.org>
-Date: Tue, 28 Aug 2012 18:07:37 -0700
-Subject: [PATCH 16/19] Prevent WebSocket DNS leak.
-
-This is due to an improper implementation of the WebSocket spec by Mozilla.
-
-"There MUST be no more than one connection in a CONNECTING state.  If multiple
-connections to the same IP address are attempted simultaneously, the client
-MUST serialize them so that there is no more than one connection at a time
-running through the following steps.
-
-If the client cannot determine the IP address of the remote host (for
-example, because all communication is being done through a proxy server that
-performs DNS queries itself), then the client MUST assume for the purposes of
-this step that each host name refers to a distinct remote host,"
-
-https://tools.ietf.org/html/rfc6455#page-15
-
-They implmented the first paragraph, but not the second...
-
-While we're at it, we also prevent the DNS service from being used to look up
-anything other than IP addresses if socks_remote_dns is set to true, so this
-bug can't turn up in other components or due to 3rd party addons.
----
- netwerk/dns/nsDNSService2.cpp                   |   24 ++++++++++++++++++++++-
- netwerk/dns/nsDNSService2.h                     |    1 +
- netwerk/protocol/websocket/WebSocketChannel.cpp |    8 +++++-
- 3 files changed, 30 insertions(+), 3 deletions(-)
-
-diff --git a/netwerk/dns/nsDNSService2.cpp b/netwerk/dns/nsDNSService2.cpp
-index a59b6e3..d54ebf3 100644
---- a/netwerk/dns/nsDNSService2.cpp
-+++ b/netwerk/dns/nsDNSService2.cpp
-@@ -373,6 +373,7 @@ nsDNSService::Init()
-     bool     enableIDN        = true;
-     bool     disableIPv6      = false;
-     bool     disablePrefetch  = false;
-+    bool     disableDNS       = false;
-     int      proxyType        = nsIProtocolProxyService::PROXYCONFIG_DIRECT;
-     
-     nsAdoptingCString ipv4OnlyDomains;
-@@ -398,6 +399,10 @@ nsDNSService::Init()
- 
-         // If a manual proxy is in use, disable prefetch implicitly
-         prefs->GetIntPref("network.proxy.type", &proxyType);
-+
-+        // If the user wants remote DNS, we should fail any lookups that still
-+        // make it here.
-+        prefs->GetBoolPref("network.proxy.socks_remote_dns", &disableDNS);
-     }
- 
-     if (mFirstTime) {
-@@ -418,7 +423,7 @@ nsDNSService::Init()
- 
-             // Monitor these to see if there is a change in proxy configuration
-             // If a manual proxy is in use, disable prefetch implicitly
--            prefs->AddObserver("network.proxy.type", this, false);
-+            prefs->AddObserver("network.proxy.", this, false);
-         }
-     }
- 
-@@ -447,6 +452,7 @@ nsDNSService::Init()
-         mIDN = idn;
-         mIPv4OnlyDomains = ipv4OnlyDomains; // exchanges buffer ownership
-         mDisableIPv6 = disableIPv6;
-+        mDisableDNS = disableDNS;
- 
-         // Disable prefetching either by explicit preference or if a manual proxy is configured 
-         mDisablePrefetch = disablePrefetch || (proxyType == nsIProtocolProxyService::PROXYCONFIG_MANUAL);
-@@ -572,6 +578,14 @@ nsDNSService::AsyncResolve(const nsACString  &hostname,
-         if (mDisablePrefetch && (flags & RESOLVE_SPECULATE))
-             return NS_ERROR_DNS_LOOKUP_QUEUE_FULL;
- 
-+        PRNetAddr tempAddr;
-+        if (mDisableDNS) {
-+            // Allow IP lookups through, but nothing else.
-+            if (PR_StringToNetAddr(hostname.BeginReading(), &tempAddr) != PR_SUCCESS) {
-+                return NS_ERROR_UNKNOWN_PROXY_HOST; // XXX: NS_ERROR_NOT_IMPLEMENTED?
-+            }
-+        }
-+
-         res = mResolver;
-         idn = mIDN;
-         localDomain = mLocalDomains.GetEntry(hostname);
-@@ -668,6 +682,14 @@ nsDNSService::Resolve(const nsACString &hostname,
-     }
-     NS_ENSURE_TRUE(res, NS_ERROR_OFFLINE);
- 
-+    PRNetAddr tempAddr;
-+    if (mDisableDNS) {
-+        // Allow IP lookups through, but nothing else.
-+        if (PR_StringToNetAddr(hostname.BeginReading(), &tempAddr) != PR_SUCCESS) {
-+            return NS_ERROR_UNKNOWN_PROXY_HOST; // XXX: NS_ERROR_NOT_IMPLEMENTED?
-+        }
-+    }
-+
-     const nsACString *hostPtr = &hostname;
- 
-     if (localDomain) {
-diff --git a/netwerk/dns/nsDNSService2.h b/netwerk/dns/nsDNSService2.h
-index b60572c..3cf00e9 100644
---- a/netwerk/dns/nsDNSService2.h
-+++ b/netwerk/dns/nsDNSService2.h
-@@ -40,5 +40,6 @@ private:
-     bool                      mDisableIPv6;
-     bool                      mDisablePrefetch;
-     bool                      mFirstTime;
-+    bool                      mDisableDNS;
-     nsTHashtable<nsCStringHashKey> mLocalDomains;
- };
-diff --git a/netwerk/protocol/websocket/WebSocketChannel.cpp b/netwerk/protocol/websocket/WebSocketChannel.cpp
-index a87e1e0..4bee667 100644
---- a/netwerk/protocol/websocket/WebSocketChannel.cpp
-+++ b/netwerk/protocol/websocket/WebSocketChannel.cpp
-@@ -1897,8 +1897,12 @@ WebSocketChannel::ApplyForAdmission()
-   LOG(("WebSocketChannel::ApplyForAdmission: checking for concurrent open\n"));
-   nsCOMPtr<nsIThread> mainThread;
-   NS_GetMainThread(getter_AddRefs(mainThread));
--  dns->AsyncResolve(hostName, 0, this, mainThread, getter_AddRefs(mDNSRequest));
--  NS_ENSURE_SUCCESS(rv, rv);
-+  rv = dns->AsyncResolve(hostName, 0, this, mainThread, getter_AddRefs(mDNSRequest));
-+  if (NS_FAILED(rv)) {
-+      // Fall back to hostname on dispatch failure
-+      mDNSRequest = nsnull;
-+      OnLookupComplete(nsnull, nsnull, rv);
-+  }
- 
-   return NS_OK;
- }
--- 
-1.7.5.4
-
diff --git a/src/current-patches/firefox/alpha/0017-Randomize-HTTP-request-order-and-pipeline-depth.patch b/src/current-patches/firefox/alpha/0017-Randomize-HTTP-request-order-and-pipeline-depth.patch
deleted file mode 100644
index 76330a3..0000000
--- a/src/current-patches/firefox/alpha/0017-Randomize-HTTP-request-order-and-pipeline-depth.patch
+++ /dev/null
@@ -1,151 +0,0 @@
-From c5b94226e50a5502ef7902e2d05874f36d678769 Mon Sep 17 00:00:00 2001
-From: Mike Perry <mikeperry-git at torproject.org>
-Date: Tue, 28 Aug 2012 18:08:27 -0700
-Subject: [PATCH 17/19] Randomize HTTP request order and pipeline depth.
-
-This is an experimental defense against
-http://lorre.uni.lu/~andriy/papers/acmccs-wpes11-fingerprinting.pdf
-
-See:
-https://blog.torproject.org/blog/experimental-defense-website-traffic-fingerprinting
-
-This defense has been improved since that blog post to additionally randomize
-the order and concurrency of non-pipelined HTTP requests.
-
-This patch is also different from the 10.x ESR patch, as the pipelining
-code has changed. We may want to set network.http.pipelining.aggressive to get
-similar behavior...
-
-The good news is we now randomize SPDY request order as well as pipeline
-request order (though SPDY is still disabled by default in TBB).
----
- netwerk/protocol/http/nsHttpConnectionMgr.cpp |   58 +++++++++++++++++++++++--
- netwerk/protocol/http/nsHttpConnectionMgr.h   |    3 +
- 2 files changed, 57 insertions(+), 4 deletions(-)
-
-diff --git a/netwerk/protocol/http/nsHttpConnectionMgr.cpp b/netwerk/protocol/http/nsHttpConnectionMgr.cpp
-index 0bfaf3b..d565532 100644
---- a/netwerk/protocol/http/nsHttpConnectionMgr.cpp
-+++ b/netwerk/protocol/http/nsHttpConnectionMgr.cpp
-@@ -20,6 +20,8 @@
- #include "prnetdb.h"
- #include "mozilla/Telemetry.h"
- 
-+#include <stdlib.h>
-+
- using namespace mozilla;
- using namespace mozilla::net;
- 
-@@ -39,15 +41,39 @@ InsertTransactionSorted(nsTArray<nsHttpTransaction*> &pendingQ, nsHttpTransactio
-     // insert into queue with smallest valued number first.  search in reverse
-     // order under the assumption that many of the existing transactions will
-     // have the same priority (usually 0).
-+    PRInt32 begin = 0, end = -1;
-+
-+    if (pendingQ.IsEmpty()) {
-+         pendingQ.InsertElementAt(0, trans);
-+         return;
-+    }
- 
-     for (PRInt32 i=pendingQ.Length()-1; i>=0; --i) {
-         nsHttpTransaction *t = pendingQ[i];
--        if (trans->Priority() >= t->Priority()) {
--            pendingQ.InsertElementAt(i+1, trans);
--            return;
-+        if (end == -1 && trans->Priority() >= t->Priority()) {
-+            end = i+1;
-+        } else if (trans->Priority() < t->Priority()) {
-+            begin = i+1;
-+            break;
-         }
-     }
--    pendingQ.InsertElementAt(0, trans);
-+
-+    if (end == -1) {
-+         pendingQ.AppendElement(trans);
-+         return;
-+    }
-+
-+    // Choose random destination begin..end
-+    PRInt32 count = 1+end - begin;
-+
-+    if (count == 0) count = 1; // shouldn't happen...
-+
-+    // FIXME: rand() is not crypto-secure.. but meh, this code will probably
-+    // change like 2 dozen more times before merge, and rand() is probably 
-+    // good enough for our purposes anyways.
-+    pendingQ.InsertElementAt(begin + (rand()%count), trans);
-+
-+    // XXX Verify length, ordering inside a DEBUG ifdef??
- }
- 
- //-----------------------------------------------------------------------------
-@@ -70,6 +96,12 @@ nsHttpConnectionMgr::nsHttpConnectionMgr()
-     mCT.Init();
-     mAlternateProtocolHash.Init(16);
-     mSpdyPreferredHash.Init();
-+
-+    nsresult rv;
-+    mRandomGenerator = do_GetService("@mozilla.org/security/random-generator;1", &rv);
-+    if (NS_FAILED(rv)) {
-+        mRandomGenerator = nsnull;
-+    }
- }
- 
- nsHttpConnectionMgr::~nsHttpConnectionMgr()
-@@ -1141,6 +1173,19 @@ nsHttpConnectionMgr::AtActiveConnectionLimit(nsConnectionEntry *ent, PRUint8 cap
-         maxPersistConns = mMaxPersistConnsPerHost;
-     }
- 
-+    // Fuzz maxConns for website fingerprinting attack
-+    // We create a range of maxConns/5 up to 6*maxConns/5 
-+    // because this function is called repeatedly, and we'll
-+    // end up converging on the high side of concurrent connections
-+    // after a short while. 
-+    PRUint8 *bytes = nsnull;
-+    nsresult rv = mRandomGenerator->GenerateRandomBytes(1, &bytes);
-+    NS_ENSURE_SUCCESS(rv, rv);
-+
-+    bytes[0] = bytes[0] % (maxConns + 1);
-+    maxConns = (maxConns/5) + bytes[0];
-+    NS_Free(bytes);
-+
-     // use >= just to be safe
-     bool result = (totalCount >= maxConns) || ( (caps & NS_HTTP_ALLOW_KEEPALIVE) &&
-                                               (persistCount >= maxPersistConns) );
-@@ -1307,6 +1352,11 @@ nsHttpConnectionMgr::AddToShortestPipeline(nsConnectionEntry *ent,
- 
-     maxdepth = PR_MIN(maxdepth, depthLimit);
- 
-+    if (maxdepth/2 > 1) { 
-+      // This is a crazy hack to randomize pipeline depth a bit more..
-+      maxdepth = 1 + maxdepth/2 + (rand() % (maxdepth/2));
-+    }
-+
-     if (maxdepth < 2)
-         return false;
- 
-diff --git a/netwerk/protocol/http/nsHttpConnectionMgr.h b/netwerk/protocol/http/nsHttpConnectionMgr.h
-index 9e65da0..07c93b1 100644
---- a/netwerk/protocol/http/nsHttpConnectionMgr.h
-+++ b/netwerk/protocol/http/nsHttpConnectionMgr.h
-@@ -22,6 +22,7 @@
- #include "nsIObserver.h"
- #include "nsITimer.h"
- #include "nsIX509Cert3.h"
-+#include "nsIRandomGenerator.h"
- 
- class nsHttpPipeline;
- 
-@@ -579,6 +580,8 @@ private:
-     PRUint64 mTimeOfNextWakeUp;
-     // Timer for next pruning of dead connections.
-     nsCOMPtr<nsITimer> mTimer;
-+    // Random number generator for reordering HTTP pipeline
-+    nsCOMPtr<nsIRandomGenerator>             mRandomGenerator;
- 
-     // A 1s tick to call nsHttpConnection::ReadTimeoutTick on
-     // active http/1 connections. Disabled when there are no
--- 
-1.7.5.4
-
diff --git a/src/current-patches/firefox/alpha/0018-Adapt-Steven-Michaud-s-Mac-crashfix-patch.patch b/src/current-patches/firefox/alpha/0018-Adapt-Steven-Michaud-s-Mac-crashfix-patch.patch
deleted file mode 100644
index 109574a..0000000
--- a/src/current-patches/firefox/alpha/0018-Adapt-Steven-Michaud-s-Mac-crashfix-patch.patch
+++ /dev/null
@@ -1,545 +0,0 @@
-From d705e4bb2b7efd4166d46d6fcb3183212902707c Mon Sep 17 00:00:00 2001
-From: Mike Perry <mikeperry-git at torproject.org>
-Date: Tue, 28 Aug 2012 18:22:32 -0700
-Subject: [PATCH 18/19] Adapt Steven Michaud's Mac crashfix patch
-
-Source is: https://bugzilla.mozilla.org/show_bug.cgi?id=715885#c35
-
-Some minor tweaks were needed to get it to apply and to compile on
-MacOS.
----
- widget/Makefile.in                        |    1 +
- widget/cocoa/nsChildView.mm               |   28 +++++++++++------
- widget/gtk2/nsDragService.cpp             |    9 +++--
- widget/nsIDragService.idl                 |    4 +--
- widget/nsPIDragService.idl                |   48 +++++++++++++++++++++++++++++
- widget/qt/nsDragService.h                 |    2 +
- widget/windows/Makefile.in                |    4 ++
- widget/windows/nsDragService.cpp          |   13 +++++---
- widget/windows/nsDragService.h            |   12 +++---
- widget/windows/nsNativeDragSource.cpp     |    7 ++--
- widget/windows/nsNativeDragTarget.cpp     |   28 ++++++++++------
- widget/windows/nsPIDragServiceWindows.idl |   46 +++++++++++++++++++++++++++
- widget/xpwidgets/nsBaseDragService.cpp    |   16 +++++++++-
- widget/xpwidgets/nsBaseDragService.h      |    9 ++---
- 14 files changed, 179 insertions(+), 48 deletions(-)
- create mode 100644 widget/nsPIDragService.idl
- create mode 100644 widget/windows/nsPIDragServiceWindows.idl
-
-diff --git a/widget/Makefile.in b/widget/Makefile.in
-index f1df966..eb6eec2 100644
---- a/widget/Makefile.in
-+++ b/widget/Makefile.in
-@@ -105,6 +105,7 @@ XPIDLSRCS	= \
- 		nsIClipboardDragDropHooks.idl \
- 		nsIClipboardDragDropHookList.idl \
- 		nsIDragSession.idl \
-+		nsPIDragService.idl \
- 		nsIDragService.idl \
- 		nsIFormatConverter.idl \
- 		nsIClipboard.idl \
-diff --git a/widget/cocoa/nsChildView.mm b/widget/cocoa/nsChildView.mm
-index 9cbc1e3..92b93cb 100644
---- a/widget/cocoa/nsChildView.mm
-+++ b/widget/cocoa/nsChildView.mm
-@@ -4513,11 +4513,12 @@ NSEvent* gLastDragMouseDownEvent = nil;
-   if (!dragService) {
-     dragService = do_GetService(kDragServiceContractID);
-   }
-+  nsCOMPtr<nsPIDragService> dragServicePriv = do_QueryInterface(dragService);
- 
-   if (dragService) {
-     NSPoint pnt = [NSEvent mouseLocation];
-     FlipCocoaScreenCoordinate(pnt);
--    dragService->DragMoved(NSToIntRound(pnt.x), NSToIntRound(pnt.y));
-+    dragServicePriv->DragMoved(NSToIntRound(pnt.x), NSToIntRound(pnt.y));
-   }
- }
- 
-@@ -4538,11 +4539,13 @@ NSEvent* gLastDragMouseDownEvent = nil;
-   }
- 
-   if (mDragService) {
--    // set the dragend point from the current mouse location
--    nsDragService* dragService = static_cast<nsDragService *>(mDragService);
--    NSPoint pnt = [NSEvent mouseLocation];
--    FlipCocoaScreenCoordinate(pnt);
--    dragService->SetDragEndPoint(nsIntPoint(NSToIntRound(pnt.x), NSToIntRound(pnt.y)));
-+    nsCOMPtr<nsPIDragService> dragServicePriv = do_QueryInterface(mDragService);
-+    if (dragServicePriv) {
-+      // set the dragend point from the current mouse location
-+      NSPoint pnt = [NSEvent mouseLocation];
-+      FlipCocoaScreenCoordinate(pnt);
-+      dragServicePriv->SetDragEndPoint(NSToIntRound(pnt.x), NSToIntRound(pnt.y));
-+    }
- 
-     // XXX: dropEffect should be updated per |operation|. 
-     // As things stand though, |operation| isn't well handled within "our"
-@@ -4553,10 +4556,15 @@ NSEvent* gLastDragMouseDownEvent = nil;
-     // value for NSDragOperationGeneric that is passed by other applications.
-     // All that said, NSDragOperationNone is still reliable.
-     if (operation == NSDragOperationNone) {
--      nsCOMPtr<nsIDOMDataTransfer> dataTransfer;
--      dragService->GetDataTransfer(getter_AddRefs(dataTransfer));
--      if (dataTransfer)
--        dataTransfer->SetDropEffectInt(nsIDragService::DRAGDROP_ACTION_NONE);
-+      nsCOMPtr<nsIDragSession> dragSession;
-+      mDragService->GetCurrentSession(getter_AddRefs(dragSession));
-+      if (dragSession) {
-+        nsCOMPtr<nsIDOMDataTransfer> dataTransfer;
-+        dragSession->GetDataTransfer(getter_AddRefs(dataTransfer));
-+        if (dataTransfer) {
-+            dataTransfer->SetDropEffectInt(nsIDragService::DRAGDROP_ACTION_NONE);
-+        }
-+      }
-     }
- 
-     mDragService->EndDragSession(true);
-diff --git a/widget/gtk2/nsDragService.cpp b/widget/gtk2/nsDragService.cpp
-index e0ff5d6..2c10c10 100644
---- a/widget/gtk2/nsDragService.cpp
-+++ b/widget/gtk2/nsDragService.cpp
-@@ -239,8 +239,8 @@ OnSourceGrabEventAfter(GtkWidget *widget, GdkEvent *event, gpointer user_data)
-         // Update the cursor position.  The last of these recorded gets used for
-         // the NS_DRAGDROP_END event.
-         nsDragService *dragService = static_cast<nsDragService*>(user_data);
--        dragService->SetDragEndPoint(nsIntPoint(event->motion.x_root,
--                                                event->motion.y_root));
-+        dragService->SetDragEndPoint(event->motion.x_root,
-+                                     event->motion.y_root);
-     } else if (sMotionEvent && (event->type != GDK_KEY_PRESS ||
-                                 event->type != GDK_KEY_RELEASE)) {
-         // Update modifier state from keypress events.
-@@ -1348,7 +1348,7 @@ nsDragService::SourceEndDragSession(GdkDragContext *aContext,
-         GdkDisplay* display = gdk_display_get_default();
-         if (display) {
-             gdk_display_get_pointer(display, NULL, &x, &y, NULL);
--            SetDragEndPoint(nsIntPoint(x, y));
-+            SetDragEndPoint(x, y);
-         }
-     }
- 
-@@ -1765,8 +1765,9 @@ nsDragService::ScheduleDropEvent(nsWindow *aWindow,
-         NS_WARNING("Additional drag drop ignored");
-         return FALSE;        
-     }
-+    nsIntPoint pt = aWindowPoint + aWindow->WidgetToScreenOffset();
- 
--    SetDragEndPoint(aWindowPoint + aWindow->WidgetToScreenOffset());
-+    SetDragEndPoint(pt.x, pt.y);
- 
-     // We'll reply with gtk_drag_finish().
-     return TRUE;
-diff --git a/widget/nsIDragService.idl b/widget/nsIDragService.idl
-index 196761e..c0565bb 100644
---- a/widget/nsIDragService.idl
-+++ b/widget/nsIDragService.idl
-@@ -15,7 +15,7 @@ interface nsIDOMDragEvent;
- interface nsIDOMDataTransfer;
- interface nsISelection;
- 
--[scriptable, uuid(82B58ADA-F490-4C3D-B737-1057C4F1D052), builtinclass]
-+[scriptable, uuid(82B58ADA-F490-4C3D-B737-1057C4F1D052)]
- interface nsIDragService : nsISupports
- {
-   const long DRAGDROP_ACTION_NONE = 0;
-@@ -112,8 +112,6 @@ interface nsIDragService : nsISupports
-    */
-   void suppress();
-   void unsuppress();
--
--  [noscript] void dragMoved(in long aX, in long aY);
- };
- 
- 
-diff --git a/widget/nsPIDragService.idl b/widget/nsPIDragService.idl
-new file mode 100644
-index 0000000..93a144d
---- /dev/null
-+++ b/widget/nsPIDragService.idl
-@@ -0,0 +1,48 @@
-+/* ***** BEGIN LICENSE BLOCK *****
-+ * Version: MPL 1.1/GPL 2.0/LGPL 2.1
-+ *
-+ * The contents of this file are subject to the Mozilla Public License Version
-+ * 1.1 (the "License"); you may not use this file except in compliance with
-+ * the License. You may obtain a copy of the License at
-+ * http://www.mozilla.org/MPL/
-+ *
-+ * Software distributed under the License is distributed on an "AS IS" basis,
-+ * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
-+ * for the specific language governing rights and limitations under the
-+ * License.
-+ *
-+ * The Original Code is mozilla.org code.
-+ *
-+ * The Initial Developer of the Original Code is
-+ * The Mozilla Foundation.
-+ * Portions created by the Initial Developer are Copyright (C) 2012
-+ * the Initial Developer. All Rights Reserved.
-+ *
-+ * Contributor(s):
-+ *   Steven Michaud <smichaud at pobox.com>
-+ *
-+ * Alternatively, the contents of this file may be used under the terms of
-+ * either the GNU General Public License Version 2 or later (the "GPL"), or
-+ * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
-+ * in which case the provisions of the GPL or the LGPL are applicable instead
-+ * of those above. If you wish to allow use of your version of this file only
-+ * under the terms of either the GPL or the LGPL, and not to allow others to
-+ * use your version of this file under the terms of the MPL, indicate your
-+ * decision by deleting the provisions above and replace them with the notice
-+ * and other provisions required by the GPL or the LGPL. If you do not delete
-+ * the provisions above, a recipient may use your version of this file under
-+ * the terms of any one of the MPL, the GPL or the LGPL.
-+ *
-+ * ***** END LICENSE BLOCK ***** */
-+
-+#include "nsISupports.idl"
-+
-+[scriptable, uuid(FAD8C90B-8E1D-446A-9B6C-241486A85CBD)]
-+interface nsPIDragService : nsISupports
-+{
-+  void dragMoved(in long aX, in long aY);
-+
-+  PRUint16 getInputSource();
-+
-+  void setDragEndPoint(in long aX, in long aY);
-+};
-diff --git a/widget/qt/nsDragService.h b/widget/qt/nsDragService.h
-index 393be99..56d0312 100644
---- a/widget/qt/nsDragService.h
-+++ b/widget/qt/nsDragService.h
-@@ -17,6 +17,8 @@ public:
-     NS_DECL_ISUPPORTS
-     NS_DECL_NSIDRAGSERVICE
- 
-+    NS_IMETHOD DragMoved(PRInt32 aX, PRInt32 aY);
-+
-     nsDragService();
- 
- private:
-diff --git a/widget/windows/Makefile.in b/widget/windows/Makefile.in
-index 160c941..12f6dc7 100644
---- a/widget/windows/Makefile.in
-+++ b/widget/windows/Makefile.in
-@@ -88,6 +88,10 @@ ifdef MOZ_ENABLE_D3D10_LAYER
- DEFINES		+= -DMOZ_ENABLE_D3D10_LAYER
- endif
- 
-+XPIDLSRCS	+= \
-+		nsPIDragServiceWindows.idl \
-+		$(NULL)
-+
- SHARED_LIBRARY_LIBS = \
-   ../xpwidgets/$(LIB_PREFIX)xpwidgets_s.$(LIB_SUFFIX) \
-   $(NULL)
-diff --git a/widget/windows/nsDragService.cpp b/widget/windows/nsDragService.cpp
-index efe8ce1..62e7d97 100644
---- a/widget/windows/nsDragService.cpp
-+++ b/widget/windows/nsDragService.cpp
-@@ -60,6 +60,8 @@ nsDragService::~nsDragService()
-   NS_IF_RELEASE(mDataObject);
- }
- 
-+NS_IMPL_ISUPPORTS_INHERITED1(nsDragService, nsBaseDragService, nsPIDragServiceWindows)
-+
- bool
- nsDragService::CreateDragImage(nsIDOMNode *aDOMNode,
-                                nsIScriptableRegion *aRegion,
-@@ -305,7 +307,7 @@ nsDragService::StartInvokingDragSession(IDataObject * aDataObj,
-   POINT cpos;
-   cpos.x = GET_X_LPARAM(pos);
-   cpos.y = GET_Y_LPARAM(pos);
--  SetDragEndPoint(nsIntPoint(cpos.x, cpos.y));
-+  SetDragEndPoint(cpos.x, cpos.y);
-   EndDragSession(true);
- 
-   mDoingDrag = false;
-@@ -423,25 +425,26 @@ nsDragService::GetData(nsITransferable * aTransferable, PRUint32 anItem)
- 
- //---------------------------------------------------------
- NS_IMETHODIMP
--nsDragService::SetIDataObject(IDataObject * aDataObj)
-+nsDragService::SetIDataObject(nsISupports * aDataObj)
- {
-+  IDataObject *dataObj = (IDataObject*) aDataObj;
-   // When the native drag starts the DragService gets
-   // the IDataObject that is being dragged
-   NS_IF_RELEASE(mDataObject);
--  mDataObject = aDataObj;
-+  mDataObject = dataObj;
-   NS_IF_ADDREF(mDataObject);
- 
-   return NS_OK;
- }
- 
- //---------------------------------------------------------
--void
-+NS_IMETHODIMP
- nsDragService::SetDroppedLocal()
- {
-   // Sent from the native drag handler, letting us know
-   // a drop occurred within the application vs. outside of it.
-   mSentLocalDropEvent = true;
--  return;
-+  return NS_OK;
- }
- 
- //-------------------------------------------------------------------------
-diff --git a/widget/windows/nsDragService.h b/widget/windows/nsDragService.h
-index 93b5480..bd2125b 100644
---- a/widget/windows/nsDragService.h
-+++ b/widget/windows/nsDragService.h
-@@ -7,6 +7,7 @@
- #define nsDragService_h__
- 
- #include "nsBaseDragService.h"
-+#include "nsPIDragServiceWindows.h"
- #include <windows.h>
- #include <shlobj.h>
- 
-@@ -20,12 +21,15 @@ class  nsString;
-  * Native Win32 DragService wrapper
-  */
- 
--class nsDragService : public nsBaseDragService
-+class nsDragService : public nsBaseDragService, public nsPIDragServiceWindows
- {
- public:
-   nsDragService();
-   virtual ~nsDragService();
--  
-+
-+  NS_DECL_ISUPPORTS_INHERITED
-+  NS_DECL_NSPIDRAGSERVICEWINDOWS
-+
-   // nsIDragService
-   NS_IMETHOD InvokeDragSession(nsIDOMNode *aDOMNode,
-                                nsISupportsArray *anArrayTransferables,
-@@ -39,13 +43,9 @@ public:
-   NS_IMETHOD EndDragSession(bool aDoneDrag);
- 
-   // native impl.
--  NS_IMETHOD SetIDataObject(IDataObject * aDataObj);
-   NS_IMETHOD StartInvokingDragSession(IDataObject * aDataObj,
-                                       PRUint32 aActionType);
- 
--  // A drop occurred within the application vs. outside of it.
--  void SetDroppedLocal();
--
- protected:
-   nsDataObjCollection* GetDataObjCollection(IDataObject * aDataObj);
- 
-diff --git a/widget/windows/nsNativeDragSource.cpp b/widget/windows/nsNativeDragSource.cpp
-index e981ff9..e34613f 100644
---- a/widget/windows/nsNativeDragSource.cpp
-+++ b/widget/windows/nsNativeDragSource.cpp
-@@ -10,7 +10,7 @@
- #include "nsIServiceManager.h"
- #include "nsToolkit.h"
- #include "nsWidgetsCID.h"
--#include "nsIDragService.h"
-+#include "nsDragService.h"
- 
- static NS_DEFINE_IID(kCDragServiceCID,  NS_DRAGSERVICE_CID);
- 
-@@ -69,9 +69,10 @@ STDMETHODIMP
- nsNativeDragSource::QueryContinueDrag(BOOL fEsc, DWORD grfKeyState)
- {
-   nsCOMPtr<nsIDragService> dragService = do_GetService(kCDragServiceCID);
--  if (dragService) {
-+  nsCOMPtr<nsPIDragService> dragServicePriv = do_QueryInterface(dragService);
-+  if (dragServicePriv) {
-     DWORD pos = ::GetMessagePos();
--    dragService->DragMoved(GET_X_LPARAM(pos), GET_Y_LPARAM(pos));
-+    dragServicePriv->DragMoved(GET_X_LPARAM(pos), GET_Y_LPARAM(pos));
-   }
- 
-   if (fEsc) {
-diff --git a/widget/windows/nsNativeDragTarget.cpp b/widget/windows/nsNativeDragTarget.cpp
-index da1cd1f..96303c3 100644
---- a/widget/windows/nsNativeDragTarget.cpp
-+++ b/widget/windows/nsNativeDragTarget.cpp
-@@ -172,7 +172,11 @@ nsNativeDragTarget::DispatchDragDropEvent(PRUint32 aEventType, POINTL aPT)
-   nsModifierKeyState modifierKeyState;
-   modifierKeyState.InitInputEvent(event);
- 
--  event.inputSource = static_cast<nsBaseDragService*>(mDragService)->GetInputSource();
-+  event.inputSource = 0;
-+  nsCOMPtr<nsPIDragService> dragServicePriv = do_QueryInterface(mDragService);
-+  if (dragServicePriv) {
-+    dragServicePriv->GetInputSource(&event.inputSource);
-+  }
- 
-   mWindow->DispatchEvent(&event, status);
- }
-@@ -259,9 +263,8 @@ nsNativeDragTarget::DragEnter(LPDATAOBJECT pIDataSource,
-   // This cast is ok because in the constructor we created a
-   // the actual implementation we wanted, so we know this is
-   // a nsDragService. It should be a private interface, though.
--  nsDragService * winDragService =
--    static_cast<nsDragService *>(mDragService);
--  winDragService->SetIDataObject(pIDataSource);
-+  nsCOMPtr<nsPIDragServiceWindows> winDragService = do_QueryInterface(mDragService);
-+  winDragService->SetIDataObject((nsISupports*)pIDataSource);
- 
-   // Now process the native drag state and then dispatch the event
-   ProcessDrag(NS_DRAGDROP_ENTER, grfKeyState, ptl, pdwEffect);
-@@ -399,8 +402,8 @@ nsNativeDragTarget::Drop(LPDATAOBJECT pData,
-   // This cast is ok because in the constructor we created a
-   // the actual implementation we wanted, so we know this is
-   // a nsDragService (but it should still be a private interface)
--  nsDragService* winDragService = static_cast<nsDragService*>(mDragService);
--  winDragService->SetIDataObject(pData);
-+  nsCOMPtr<nsPIDragServiceWindows> winDragService = do_QueryInterface(mDragService);
-+  winDragService->SetIDataObject((nsISupports*)pData);
- 
-   // NOTE: ProcessDrag spins the event loop which may destroy arbitrary objects.
-   // We use strong refs to prevent it from destroying these:
-@@ -424,11 +427,14 @@ nsNativeDragTarget::Drop(LPDATAOBJECT pData,
-   // tell the drag service we're done with the session
-   // Use GetMessagePos to get the position of the mouse at the last message
-   // seen by the event loop. (Bug 489729)
--  DWORD pos = ::GetMessagePos();
--  POINT cpos;
--  cpos.x = GET_X_LPARAM(pos);
--  cpos.y = GET_Y_LPARAM(pos);
--  winDragService->SetDragEndPoint(nsIntPoint(cpos.x, cpos.y));
-+  nsCOMPtr<nsPIDragService> dragServicePriv = do_QueryInterface(mDragService);
-+  if (dragServicePriv) {
-+    DWORD pos = ::GetMessagePos();
-+    POINT cpos;
-+    cpos.x = GET_X_LPARAM(pos);
-+    cpos.y = GET_Y_LPARAM(pos);
-+    dragServicePriv->SetDragEndPoint(cpos.x, cpos.y);
-+  }
-   serv->EndDragSession(true);
- 
-   // release the ref that was taken in DragEnter
-diff --git a/widget/windows/nsPIDragServiceWindows.idl b/widget/windows/nsPIDragServiceWindows.idl
-new file mode 100644
-index 0000000..c8a46dd
---- /dev/null
-+++ b/widget/windows/nsPIDragServiceWindows.idl
-@@ -0,0 +1,46 @@
-+/* ***** BEGIN LICENSE BLOCK *****
-+ * Version: MPL 1.1/GPL 2.0/LGPL 2.1
-+ *
-+ * The contents of this file are subject to the Mozilla Public License Version
-+ * 1.1 (the "License"); you may not use this file except in compliance with
-+ * the License. You may obtain a copy of the License at
-+ * http://www.mozilla.org/MPL/
-+ *
-+ * Software distributed under the License is distributed on an "AS IS" basis,
-+ * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
-+ * for the specific language governing rights and limitations under the
-+ * License.
-+ *
-+ * The Original Code is mozilla.org code.
-+ *
-+ * The Initial Developer of the Original Code is
-+ * The Mozilla Foundation.
-+ * Portions created by the Initial Developer are Copyright (C) 2012
-+ * the Initial Developer. All Rights Reserved.
-+ *
-+ * Contributor(s):
-+ *   Steven Michaud <smichaud at pobox.com>
-+ *
-+ * Alternatively, the contents of this file may be used under the terms of
-+ * either the GNU General Public License Version 2 or later (the "GPL"), or
-+ * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
-+ * in which case the provisions of the GPL or the LGPL are applicable instead
-+ * of those above. If you wish to allow use of your version of this file only
-+ * under the terms of either the GPL or the LGPL, and not to allow others to
-+ * use your version of this file under the terms of the MPL, indicate your
-+ * decision by deleting the provisions above and replace them with the notice
-+ * and other provisions required by the GPL or the LGPL. If you do not delete
-+ * the provisions above, a recipient may use your version of this file under
-+ * the terms of any one of the MPL, the GPL or the LGPL.
-+ *
-+ * ***** END LICENSE BLOCK ***** */
-+
-+#include "nsISupports.idl"
-+
-+[scriptable, uuid(6FC2117D-5EB4-441A-9C12-62A783BEBC0C)]
-+interface nsPIDragServiceWindows : nsISupports
-+{
-+  void setIDataObject(in nsISupports aDataObj);
-+
-+  void setDroppedLocal();
-+};
-diff --git a/widget/xpwidgets/nsBaseDragService.cpp b/widget/xpwidgets/nsBaseDragService.cpp
-index 1b2ef0d..627ebd2 100644
---- a/widget/xpwidgets/nsBaseDragService.cpp
-+++ b/widget/xpwidgets/nsBaseDragService.cpp
-@@ -55,7 +55,7 @@ nsBaseDragService::~nsBaseDragService()
- {
- }
- 
--NS_IMPL_ISUPPORTS2(nsBaseDragService, nsIDragService, nsIDragSession)
-+NS_IMPL_ISUPPORTS3(nsBaseDragService, nsIDragService, nsPIDragService, nsIDragSession)
- 
- //---------------------------------------------------------
- NS_IMETHODIMP
-@@ -403,6 +403,20 @@ nsBaseDragService::DragMoved(PRInt32 aX, PRInt32 aY)
-   return NS_OK;
- }
- 
-+NS_IMETHODIMP
-+nsBaseDragService::SetDragEndPoint(PRInt32 aX, PRInt32 aY)
-+{
-+  mEndDragPoint = nsIntPoint(aX, aY);
-+  return NS_OK;
-+}
-+
-+NS_IMETHODIMP
-+nsBaseDragService::GetInputSource(PRUint16* aInputSource)
-+{
-+  *aInputSource = mInputSource;
-+  return NS_OK;
-+}
-+
- static nsIPresShell*
- GetPresShellForContent(nsIDOMNode* aDOMNode)
- {
-diff --git a/widget/xpwidgets/nsBaseDragService.h b/widget/xpwidgets/nsBaseDragService.h
-index 006747f..d825b53 100644
---- a/widget/xpwidgets/nsBaseDragService.h
-+++ b/widget/xpwidgets/nsBaseDragService.h
-@@ -7,6 +7,7 @@
- #define nsBaseDragService_h__
- 
- #include "nsIDragService.h"
-+#include "nsPIDragService.h"
- #include "nsIDragSession.h"
- #include "nsITransferable.h"
- #include "nsISupportsArray.h"
-@@ -32,6 +33,7 @@ class nsICanvasElementExternal;
-  */
- 
- class nsBaseDragService : public nsIDragService,
-+                          public nsPIDragService,
-                           public nsIDragSession
- {
- 
-@@ -42,14 +44,11 @@ public:
-   //nsISupports
-   NS_DECL_ISUPPORTS
- 
--  //nsIDragSession and nsIDragService
-+  //nsIDragSession, nsIDragService and nsPIDragService
-   NS_DECL_NSIDRAGSERVICE
-+  NS_DECL_NSPIDRAGSERVICE
-   NS_DECL_NSIDRAGSESSION
- 
--  void SetDragEndPoint(nsIntPoint aEndDragPoint) { mEndDragPoint = aEndDragPoint; }
--
--  PRUint16 GetInputSource() { return mInputSource; }
--
- protected:
- 
-   /**
--- 
-1.7.5.4
-
diff --git a/src/current-patches/firefox/alpha/0019-Add-a-redirect-API-for-HTTPS-Everywhere.patch b/src/current-patches/firefox/alpha/0019-Add-a-redirect-API-for-HTTPS-Everywhere.patch
deleted file mode 100644
index 7f8ac2d..0000000
--- a/src/current-patches/firefox/alpha/0019-Add-a-redirect-API-for-HTTPS-Everywhere.patch
+++ /dev/null
@@ -1,345 +0,0 @@
-From b5d6491427d18bbae057a2974ea80421163fbc0a Mon Sep 17 00:00:00 2001
-From: Mike Perry <mikeperry-git at torproject.org>
-Date: Tue, 28 Aug 2012 18:30:22 -0700
-Subject: [PATCH 19/19] Add a redirect API for HTTPS-Everywhere.
-
----
- netwerk/protocol/http/HttpChannelChild.cpp         |   15 ++++-
- netwerk/protocol/http/HttpChannelChild.h           |    4 +
- netwerk/protocol/http/HttpChannelParent.cpp        |    4 +
- netwerk/protocol/http/HttpChannelParent.h          |    1 +
- netwerk/protocol/http/PHttpChannel.ipdl            |    1 +
- netwerk/protocol/http/nsHttpChannel.cpp            |   67 +++++++++++++++++---
- netwerk/protocol/http/nsHttpChannel.h              |   12 +++-
- netwerk/protocol/http/nsIHttpChannel.idl           |   12 ++++
- .../protocol/viewsource/nsViewSourceChannel.cpp    |   13 ++++-
- 9 files changed, 117 insertions(+), 12 deletions(-)
-
-diff --git a/netwerk/protocol/http/HttpChannelChild.cpp b/netwerk/protocol/http/HttpChannelChild.cpp
-index cc88184..c26c8f4 100644
---- a/netwerk/protocol/http/HttpChannelChild.cpp
-+++ b/netwerk/protocol/http/HttpChannelChild.cpp
-@@ -1035,7 +1035,8 @@ HttpChannelChild::AsyncOpen(nsIStreamListener *listener, nsISupports *aContext)
-   gNeckoChild->SendPHttpChannelConstructor(this, tabChild);
- 
-   SendAsyncOpen(IPC::URI(mURI), IPC::URI(mOriginalURI),
--                IPC::URI(mDocumentURI), IPC::URI(mReferrer), mLoadFlags,
-+                IPC::URI(mDocumentURI), IPC::URI(mReferrer),
-+                IPC::URI(mInternalRedirectURI), mLoadFlags,
-                 mClientSetRequestHeaders, mRequestHead.Method(),
-                 IPC::InputStream(mUploadStream), mUploadStreamHasHeaders,
-                 mPriority, mRedirectionLimit, mAllowPipelining,
-@@ -1079,6 +1080,18 @@ HttpChannelChild::SetupFallbackChannel(const char *aFallbackKey)
-   DROP_DEAD();
- }
- 
-+NS_IMETHODIMP
-+HttpChannelChild::RedirectTo(nsIURI *uri)
-+{
-+  // We can only redirect unopened channels
-+  NS_ENSURE_TRUE(!mIPCOpen, NS_ERROR_ALREADY_OPENED);
-+
-+  // The redirect is stored internally for use in AsyncOpen
-+  mInternalRedirectURI = uri;
-+
-+  return NS_OK;
-+}
-+
- // The next four _should_ be implemented, but we need to figure out how
- // to transfer the data from the chrome process first.
- 
-diff --git a/netwerk/protocol/http/HttpChannelChild.h b/netwerk/protocol/http/HttpChannelChild.h
-index 6b699c7..b29a4a7 100644
---- a/netwerk/protocol/http/HttpChannelChild.h
-+++ b/netwerk/protocol/http/HttpChannelChild.h
-@@ -75,6 +75,9 @@ public:
-   NS_IMETHOD GetLocalPort(PRInt32* port);
-   NS_IMETHOD GetRemoteAddress(nsACString& addr);
-   NS_IMETHOD GetRemotePort(PRInt32* port);
-+
-+  NS_IMETHOD RedirectTo(nsIURI *uri);
-+
-   // nsISupportsPriority
-   NS_IMETHOD SetPriority(PRInt32 value);
-   // nsIResumableChannel
-@@ -125,6 +128,7 @@ private:
-   RequestHeaderTuples mClientSetRequestHeaders;
-   nsCOMPtr<nsIChildChannel> mRedirectChannelChild;
-   nsCOMPtr<nsISupports> mSecurityInfo;
-+  nsCOMPtr<nsIURI>      mInternalRedirectURI;
- 
-   bool mIsFromCache;
-   bool mCacheEntryAvailable;
-diff --git a/netwerk/protocol/http/HttpChannelParent.cpp b/netwerk/protocol/http/HttpChannelParent.cpp
-index 8f95076..22f3bba 100644
---- a/netwerk/protocol/http/HttpChannelParent.cpp
-+++ b/netwerk/protocol/http/HttpChannelParent.cpp
-@@ -97,6 +97,7 @@ HttpChannelParent::RecvAsyncOpen(const IPC::URI&            aURI,
-                                  const IPC::URI&            aOriginalURI,
-                                  const IPC::URI&            aDocURI,
-                                  const IPC::URI&            aReferrerURI,
-+                                 const IPC::URI&            aInternalRedirectURI,
-                                  const PRUint32&            loadFlags,
-                                  const RequestHeaderTuples& requestHeaders,
-                                  const nsHttpAtom&          requestMethod,
-@@ -117,6 +118,7 @@ HttpChannelParent::RecvAsyncOpen(const IPC::URI&            aURI,
-   nsCOMPtr<nsIURI> originalUri(aOriginalURI);
-   nsCOMPtr<nsIURI> docUri(aDocURI);
-   nsCOMPtr<nsIURI> referrerUri(aReferrerURI);
-+  nsCOMPtr<nsIURI> internalRedirectUri(aInternalRedirectURI);
- 
-   nsCString uriSpec;
-   uri->GetSpec(uriSpec);
-@@ -144,6 +146,8 @@ HttpChannelParent::RecvAsyncOpen(const IPC::URI&            aURI,
-     httpChan->SetDocumentURI(docUri);
-   if (referrerUri)
-     httpChan->SetReferrerInternal(referrerUri);
-+  if (internalRedirectUri)
-+    httpChan->SetInternalRedirectURI(internalRedirectUri);
-   if (loadFlags != nsIRequest::LOAD_NORMAL)
-     httpChan->SetLoadFlags(loadFlags);
- 
-diff --git a/netwerk/protocol/http/HttpChannelParent.h b/netwerk/protocol/http/HttpChannelParent.h
-index 9650aa9..2ac7e81 100644
---- a/netwerk/protocol/http/HttpChannelParent.h
-+++ b/netwerk/protocol/http/HttpChannelParent.h
-@@ -49,6 +49,7 @@ protected:
-                              const IPC::URI&            originalUri,
-                              const IPC::URI&            docUri,
-                              const IPC::URI&            referrerUri,
-+                             const IPC::URI&            internalRedirectUri,
-                              const PRUint32&            loadFlags,
-                              const RequestHeaderTuples& requestHeaders,
-                              const nsHttpAtom&          requestMethod,
-diff --git a/netwerk/protocol/http/PHttpChannel.ipdl b/netwerk/protocol/http/PHttpChannel.ipdl
-index 10af59f..6053541 100644
---- a/netwerk/protocol/http/PHttpChannel.ipdl
-+++ b/netwerk/protocol/http/PHttpChannel.ipdl
-@@ -35,6 +35,7 @@ parent:
-             URI                 original,
-             URI                 doc,
-             URI                 referrer,
-+            URI                 internalRedirect,
-             PRUint32            loadFlags,
-             RequestHeaderTuples requestHeaders,
-             nsHttpAtom          requestMethod,
-diff --git a/netwerk/protocol/http/nsHttpChannel.cpp b/netwerk/protocol/http/nsHttpChannel.cpp
-index 9c10e3a..57afae4 100644
---- a/netwerk/protocol/http/nsHttpChannel.cpp
-+++ b/netwerk/protocol/http/nsHttpChannel.cpp
-@@ -1396,18 +1396,17 @@ nsHttpChannel::HandleAsyncRedirectChannelToHttps()
-         return;
-     }
- 
--    nsresult rv = AsyncRedirectChannelToHttps();
-+    nsresult rv = InternalRedirectChannelToHttps();
-     if (NS_FAILED(rv))
--        ContinueAsyncRedirectChannelToHttps(rv);
-+        ContinueInternalRedirectChannelToURI(rv);
- }
- 
- nsresult
--nsHttpChannel::AsyncRedirectChannelToHttps()
-+nsHttpChannel::InternalRedirectChannelToHttps()
- {
-     nsresult rv = NS_OK;
-     LOG(("nsHttpChannel::HandleAsyncRedirectChannelToHttps() [STS]\n"));
- 
--    nsCOMPtr<nsIChannel> newChannel;
-     nsCOMPtr<nsIURI> upgradedURI;
- 
-     rv = mURI->Clone(getter_AddRefs(upgradedURI));
-@@ -1429,6 +1428,48 @@ nsHttpChannel::AsyncRedirectChannelToHttps()
-     else
-         upgradedURI->SetPort(oldPort);
- 
-+    return InternalRedirectChannelToURI(upgradedURI);
-+}
-+
-+NS_IMETHODIMP
-+nsHttpChannel::RedirectTo(nsIURI *newURI)
-+{
-+    // We can only redirect unopened channels
-+    NS_ENSURE_TRUE(!mWasOpened, NS_ERROR_ALREADY_OPENED);
-+
-+    // The redirect is stored internally for use in AsyncOpen
-+    mInternalRedirectURI = newURI;
-+
-+    return NS_OK;
-+}
-+
-+void
-+nsHttpChannel::HandleAsyncInternalRedirect()
-+{
-+    NS_PRECONDITION(!mCallOnResume, "How did that happen?");
-+    NS_PRECONDITION(mInternalRedirectURI, "How did that happen?");
-+
-+    if (mSuspendCount) {
-+        LOG(("Waiting until resume to do async API redirect [this=%p]\n", this));
-+        mCallOnResume = &nsHttpChannel::HandleAsyncInternalRedirect;
-+        return;
-+    }
-+
-+    nsresult rv = InternalRedirectChannelToURI(mInternalRedirectURI);
-+    if (NS_FAILED(rv))
-+        ContinueInternalRedirectChannelToURI(rv);
-+
-+    return;
-+}
-+
-+nsresult
-+nsHttpChannel::InternalRedirectChannelToURI(nsIURI *upgradedURI)
-+{
-+    nsresult rv = NS_OK;
-+    LOG(("nsHttpChannel::InternalRedirectChannelToURI()\n"));
-+
-+    nsCOMPtr<nsIChannel> newChannel;
-+
-     nsCOMPtr<nsIIOService> ioService;
-     rv = gHttpHandler->GetIOService(getter_AddRefs(ioService));
-     NS_ENSURE_SUCCESS(rv, rv);
-@@ -1444,7 +1485,7 @@ nsHttpChannel::AsyncRedirectChannelToHttps()
-     PRUint32 flags = nsIChannelEventSink::REDIRECT_PERMANENT;
- 
-     PushRedirectAsyncFunc(
--        &nsHttpChannel::ContinueAsyncRedirectChannelToHttps);
-+        &nsHttpChannel::ContinueInternalRedirectChannelToURI);
-     rv = gHttpHandler->AsyncOnChannelRedirect(this, newChannel, flags);
- 
-     if (NS_SUCCEEDED(rv))
-@@ -1453,14 +1494,18 @@ nsHttpChannel::AsyncRedirectChannelToHttps()
-     if (NS_FAILED(rv)) {
-         AutoRedirectVetoNotifier notifier(this);
-         PopRedirectAsyncFunc(
--            &nsHttpChannel::ContinueAsyncRedirectChannelToHttps);
-+            &nsHttpChannel::ContinueInternalRedirectChannelToURI);
-+
-+        // If we've failed so far, cancel the current channel, too,
-+        // as both HSTS and the redirectTo codepaths prefer
-+        // request failure to insecurity.
-+        Cancel(rv);
-     }
- 
-     return rv;
- }
--
- nsresult
--nsHttpChannel::ContinueAsyncRedirectChannelToHttps(nsresult rv)
-+nsHttpChannel::ContinueInternalRedirectChannelToURI(nsresult rv)
- {
-     AutoRedirectVetoNotifier notifier(this);
- 
-@@ -3905,6 +3950,12 @@ nsHttpChannel::AsyncOpen(nsIStreamListener *listener, nsISupports *context)
-     if (mLoadGroup)
-         mLoadGroup->AddRequest(this, nsnull);
- 
-+    // Check to see if we should redirect this channel elsewhere by 
-+    // nsIHttpChannel.redirectTo API request
-+    if (mInternalRedirectURI) {
-+        return AsyncCall(&nsHttpChannel::HandleAsyncInternalRedirect);
-+    }
-+
-     // Collect mAsyncOpenTime after we have called all obsrevers like
-     // "http-on-modify-request" and load group observers that may set
-     // mTimingEnabled flag.
-diff --git a/netwerk/protocol/http/nsHttpChannel.h b/netwerk/protocol/http/nsHttpChannel.h
-index 0382b1c..2c50507 100644
---- a/netwerk/protocol/http/nsHttpChannel.h
-+++ b/netwerk/protocol/http/nsHttpChannel.h
-@@ -103,6 +103,8 @@ public:
-     // nsIChannel
-     NS_IMETHOD GetSecurityInfo(nsISupports **aSecurityInfo);
-     NS_IMETHOD AsyncOpen(nsIStreamListener *listener, nsISupports *aContext);
-+    // nsIHttpChannel
-+    NS_IMETHOD RedirectTo(nsIURI *newURI);
-     // nsIHttpChannelInternal
-     NS_IMETHOD SetupFallbackChannel(const char *aFallbackKey);
-     // nsISupportsPriority
-@@ -117,6 +119,9 @@ public: /* internal necko use only */
-     void SetUploadStreamHasHeaders(bool hasHeaders) 
-       { mUploadStreamHasHeaders = hasHeaders; }
- 
-+    void SetInternalRedirectURI(nsIURI *redirectTo) 
-+      { mInternalRedirectURI = redirectTo; }
-+
-     nsresult SetReferrerInternal(nsIURI *referrer) {
-         nsCAutoString spec;
-         nsresult rv = referrer->GetAsciiSpec(spec);
-@@ -173,11 +178,13 @@ private:
- 
-     // redirection specific methods
-     void     HandleAsyncRedirect();
-+    void     HandleAsyncInternalRedirect();
-     nsresult ContinueHandleAsyncRedirect(nsresult);
-     void     HandleAsyncNotModified();
-     void     HandleAsyncFallback();
-     nsresult ContinueHandleAsyncFallback(nsresult);
-     nsresult PromptTempRedirect();
-+    nsresult InternalRedirectChannelToURI(nsIURI *);
-     virtual nsresult SetupReplacementChannel(nsIURI *, nsIChannel *, bool preserveMethod);
- 
-     // proxy specific methods
-@@ -237,8 +244,8 @@ private:
-     bool     MustValidateBasedOnQueryUrl();
- 
-     void     HandleAsyncRedirectChannelToHttps();
--    nsresult AsyncRedirectChannelToHttps();
--    nsresult ContinueAsyncRedirectChannelToHttps(nsresult rv);
-+    nsresult InternalRedirectChannelToHttps();
-+    nsresult ContinueInternalRedirectChannelToURI(nsresult rv);
- 
-     /**
-      * A function that takes care of reading STS headers and enforcing STS 
-@@ -310,6 +317,7 @@ private:
-     friend class AutoRedirectVetoNotifier;
-     friend class HttpAsyncAborter<nsHttpChannel>;
-     nsCOMPtr<nsIURI>                  mRedirectURI;
-+    nsCOMPtr<nsIURI>                  mInternalRedirectURI;
-     nsCOMPtr<nsIChannel>              mRedirectChannel;
-     PRUint32                          mRedirectType;
- 
-diff --git a/netwerk/protocol/http/nsIHttpChannel.idl b/netwerk/protocol/http/nsIHttpChannel.idl
-index c541df1..2ee3cbc 100644
---- a/netwerk/protocol/http/nsIHttpChannel.idl
-+++ b/netwerk/protocol/http/nsIHttpChannel.idl
-@@ -257,4 +257,16 @@ interface nsIHttpChannel : nsIChannel
-      *         has been received (before onStartRequest).
-      */
-     boolean isNoCacheResponse();
-+    
-+    /**
-+     * Instructs the channel to immediately redirect to a new destination.
-+     * Can only be called on channels not yet opened.
-+     * 
-+     * This method provides no explicit conflict resolution. The last
-+     * caller to call it wins.
-+     *
-+     * @throws NS_ERROR_ALREADY_OPENED if called after the channel
-+     *         has been opened.
-+     */ 
-+    void redirectTo(in nsIURI aNewURI);
- };
-diff --git a/netwerk/protocol/viewsource/nsViewSourceChannel.cpp b/netwerk/protocol/viewsource/nsViewSourceChannel.cpp
-index 8f6d159..d1ca639 100644
---- a/netwerk/protocol/viewsource/nsViewSourceChannel.cpp
-+++ b/netwerk/protocol/viewsource/nsViewSourceChannel.cpp
-@@ -671,4 +671,15 @@ nsViewSourceChannel::IsNoCacheResponse(bool *_retval)
- {
-     return !mHttpChannel ? NS_ERROR_NULL_POINTER :
-         mHttpChannel->IsNoCacheResponse(_retval);
--} 
-+}
-+
-+// XXX: Is this the right thing to do here? Or should we have
-+// made an nsIHTTPChannelRedirect that only nsHttpChannel implements?
-+// Also, will this mean that some ViewSource requests may be non-https?
-+// Or will the mHttpChannel take care of that for us?
-+NS_IMETHODIMP
-+nsViewSourceChannel::RedirectTo(nsIURI *uri)
-+{
-+    return NS_ERROR_NOT_IMPLEMENTED;
-+}
-+
--- 
-1.7.5.4
-
diff --git a/src/current-patches/firefox/alpha/0020-Add-mozIThirdPartyUtil.getFirstPartyURI-API.patch b/src/current-patches/firefox/alpha/0020-Add-mozIThirdPartyUtil.getFirstPartyURI-API.patch
deleted file mode 100644
index d7a24d9..0000000
--- a/src/current-patches/firefox/alpha/0020-Add-mozIThirdPartyUtil.getFirstPartyURI-API.patch
+++ /dev/null
@@ -1,148 +0,0 @@
-From e91ad38f3db238eebf2f1cae9383a6f317717bef Mon Sep 17 00:00:00 2001
-From: Mike Perry <mikeperry-git at torproject.org>
-Date: Tue, 28 Aug 2012 18:35:33 -0700
-Subject: [PATCH 20/21] Add mozIThirdPartyUtil.getFirstPartyURI API
-
-API allows you to get the url bar URI for a channel or nsIDocument.
----
- content/base/src/ThirdPartyUtil.cpp        |   52 ++++++++++++++++++++++++++++
- content/base/src/ThirdPartyUtil.h          |    2 +
- netwerk/base/public/mozIThirdPartyUtil.idl |   21 +++++++++++
- 3 files changed, 75 insertions(+), 0 deletions(-)
-
-diff --git a/content/base/src/ThirdPartyUtil.cpp b/content/base/src/ThirdPartyUtil.cpp
-index 97a000e..87ffc8a 100644
---- a/content/base/src/ThirdPartyUtil.cpp
-+++ b/content/base/src/ThirdPartyUtil.cpp
-@@ -7,6 +7,9 @@
- #include "nsIServiceManager.h"
- #include "nsIHttpChannelInternal.h"
- #include "nsIDOMWindow.h"
-+#include "nsICookiePermission.h"
-+#include "nsIDOMDocument.h"
-+#include "nsIDocument.h"
- #include "nsILoadContext.h"
- #include "nsIPrincipal.h"
- #include "nsIScriptObjectPrincipal.h"
-@@ -21,6 +24,7 @@ ThirdPartyUtil::Init()
- 
-   nsresult rv;
-   mTLDService = do_GetService(NS_EFFECTIVETLDSERVICE_CONTRACTID, &rv);
-+  mCookiePermissions = do_GetService(NS_COOKIEPERMISSION_CONTRACTID);
-   return rv;
- }
- 
-@@ -282,3 +286,51 @@ ThirdPartyUtil::GetBaseDomain(nsIURI* aHostURI,
- 
-   return NS_OK;
- }
-+
-+NS_IMETHODIMP
-+ThirdPartyUtil::GetFirstPartyURI(nsIChannel *aChannel,
-+                                 nsIDocument *aDoc,
-+                                 nsIURI **aOutput)
-+{
-+  nsresult rv = NS_ERROR_NULL_POINTER;
-+
-+  if (!aChannel && aDoc) {
-+    aChannel = aDoc->GetChannel();
-+  }
-+
-+  // If aChannel is specified or available, use the official route
-+  // for sure
-+  if (aChannel) {
-+    rv = mCookiePermissions->GetOriginatingURI(aChannel, aOutput);
-+  }
-+
-+  // If the channel was missing, closed or broken, try the
-+  // window hierarchy directly. 
-+  //
-+  // This might fail to work for first-party loads themselves, but 
-+  // we don't need this codepath for that case.
-+  if (NS_FAILED(rv) && aDoc) {
-+    nsCOMPtr<nsIDOMWindow> top;
-+    nsCOMPtr<nsIDOMDocument> topDDoc;
-+    
-+    aDoc->GetWindow()->GetTop(getter_AddRefs(top));
-+    top->GetDocument(getter_AddRefs(topDDoc));
-+
-+    nsCOMPtr<nsIDocument> topDoc(do_QueryInterface(topDDoc));
-+    *aOutput = topDoc->GetOriginalURI();
-+
-+    if (*aOutput)
-+      rv = NS_OK;
-+  }
-+
-+  // TODO: We could provide a route through the loadgroup + notification
-+  // callbacks too, but either channel or document was always available
-+  // in the cases where this function was originally needed (the image cache).
-+  // The notification callbacks also appear to suffers from the same limitation
-+  // as the document path. See nsICookiePermissions.GetOriginatingURI() for
-+  // details.
-+
-+  return rv;
-+}
-+
-+
-diff --git a/content/base/src/ThirdPartyUtil.h b/content/base/src/ThirdPartyUtil.h
-index 269069b..37c30e8 100644
---- a/content/base/src/ThirdPartyUtil.h
-+++ b/content/base/src/ThirdPartyUtil.h
-@@ -9,6 +9,7 @@
- #include "nsString.h"
- #include "mozIThirdPartyUtil.h"
- #include "nsIEffectiveTLDService.h"
-+#include "nsICookiePermission.h"
- 
- class nsIURI;
- class nsIChannel;
-@@ -28,6 +29,7 @@ private:
-   static already_AddRefed<nsIURI> GetURIFromWindow(nsIDOMWindow* aWin);
- 
-   nsCOMPtr<nsIEffectiveTLDService> mTLDService;
-+  nsCOMPtr<nsICookiePermission> mCookiePermissions;
- };
- 
- #endif
-diff --git a/netwerk/base/public/mozIThirdPartyUtil.idl b/netwerk/base/public/mozIThirdPartyUtil.idl
-index 578d8db..1869d14 100644
---- a/netwerk/base/public/mozIThirdPartyUtil.idl
-+++ b/netwerk/base/public/mozIThirdPartyUtil.idl
-@@ -7,6 +7,7 @@
- interface nsIURI;
- interface nsIDOMWindow;
- interface nsIChannel;
-+interface nsIDocument;
- 
- /**
-  * Utility functions for determining whether a given URI, channel, or window
-@@ -140,6 +141,26 @@ interface mozIThirdPartyUtil : nsISupports
-    * @return the base domain.
-    */
-   AUTF8String getBaseDomain(in nsIURI aHostURI);
-+
-+
-+  /**
-+   * getFirstPartyURI
-+   *
-+   * Obtain the top-level url bar URI for either a channel or a document.
-+   * Either parameter may be null (but not both).
-+   * 
-+   * @param aChannel
-+   *        An arbitrary channel for some content element of a first party
-+   *        load. Can be null.
-+   *
-+   * @param aDoc
-+   *        An arbitrary third party document. Can be null.
-+   *
-+   * @return the first party url bar URI for the load.
-+   */ 
-+  nsIURI getFirstPartyURI(in nsIChannel aChannel,
-+                          in nsIDocument aDoc);
-+
- };
- 
- %{ C++
--- 
-1.7.5.4
-



More information about the tor-commits mailing list