--- /dev/null
+# ChangeLog for www-client/torbrowser
+# Copyright 1999-2012 Gentoo Foundation; Distributed under the GPL v2
+# $Header: $
+
+*torbrowser-10.0.1 (29 Feb 2012)
+
+ 29 Feb 2012; hasufell <julian.ospald@googlemail.com>
+ +files/0001-Block-Components.interfaces-lookupMethod-from-conten.patch,
+ +torbrowser-10.0.1.ebuild,
+ +files/0002-Make-Permissions-Manager-memory-only.patch,
+ +files/0003-Make-Intermediate-Cert-Store-memory-only.patch,
+ +files/0004-Add-HTTP-auth-headers-before-the-modify-request-obse.patch,
+ +files/0005-Add-a-string-based-cacheKey.patch,
+ +files/0008-Make-content-pref-service-memory-only-clearable.patch,
+ +files/libvpx-1.0.0.patch,
+ +files/0006-Randomize-HTTP-pipeline-order-and-depth.patch,
+ +files/0007-Block-all-plugins-except-flash.patch,
+ +files/0010-Disable-SSL-Session-ID-tracking.patch,
+ +files/0011-Provide-an-observer-event-to-close-persistent-connec.patch,
+ +files/0012-Provide-client-values-only-to-CSS-Media-Queries.patch,
+ +files/0013-Limit-the-number-of-fonts-per-document.patch, +metadata.xml:
+ New Ebuild for bug 406361 thanks to Tommy[D] and floppym
+
--- /dev/null
+AUX 0001-Block-Components.interfaces-lookupMethod-from-conten.patch 2341 RMD160 fbc2fcfce6b4bd0c71e7047465b58d036940b121 SHA1 44e132cc77c83a34040e9443b1ac02753bdb460c SHA256 ba87ff0d71b2805a55ee81faa94c28495d1c32758cc7dca625587973a542c328
+AUX 0002-Make-Permissions-Manager-memory-only.patch 3527 RMD160 f7fd305b9839db035221ffb82b4e5d95e27e1300 SHA1 6ce5d7db03952ee8958f89f02393df64e9c2da35 SHA256 0e37c7613f8002d8c3c12dfb2751b690a499bc5dcd62efaaf6ef609cdd9f14f5
+AUX 0003-Make-Intermediate-Cert-Store-memory-only.patch 1759 RMD160 216e937a942d7ada8dead73a7adb2e8a4a64fa45 SHA1 38db3394757a93cbfebd904a1ff271ab157617ca SHA256 3ffdc4f243a7fca22fb10c01ecf60557f6106deb8f11593ed6414ee63447ab15
+AUX 0004-Add-HTTP-auth-headers-before-the-modify-request-obse.patch 1809 RMD160 454d41069f4dd30beec764f9d97d685bcb2b0b9a SHA1 60b12a906417b73359499b4b021bc6c959feaa09 SHA256 5ea53134f9597d114045d2194e2bc095639a214f659fe5aa01522e0ca855c1d3
+AUX 0005-Add-a-string-based-cacheKey.patch 2944 RMD160 795329a18c9648b1a9e8772c9a824f03c2d6289d SHA1 66d15a7d5cfb367d48780acbef5d086e1172195f SHA256 df7ced575cd74eef0abf3c4df6a6f550768347ece1217d5902de40e870df7924
+AUX 0006-Randomize-HTTP-pipeline-order-and-depth.patch 5102 RMD160 dea65273fef40e0bcc40448a0ef7774a174a7589 SHA1 237d4e95546e0be5688d493261d33640d8c8b158 SHA256 4a3070b13c5fd7b3cfd49379ba6c694fac4801e691dd02c4c8ae810d4cd18898
+AUX 0007-Block-all-plugins-except-flash.patch 2976 RMD160 ca87d505cfe5c6c81500f1d45bc41045fea744c9 SHA1 d2928897d807462c24b6aee0808f74bcdec14df1 SHA256 6a4fe0d7f477fb973b0d1f31a1f2863ef5e989c660711b33c5aba67a797cccc2
+AUX 0008-Make-content-pref-service-memory-only-clearable.patch 1357 RMD160 9026ff8ac2b2084c16134241d890e329e25e9a4d SHA1 39cbb12229ee6c1b332255ca26df48b6aa77c35a SHA256 38622cfd79a01e2dc26ff21342a082ad5d8d3ecfbf9a507814ff32e8cf6e9137
+AUX 0010-Disable-SSL-Session-ID-tracking.patch 1165 RMD160 998f444b644f3e51f9cbe4d4825899f123ef3c8d SHA1 17ddc949e4bc418bb7aff2297a2309de9841a2b4 SHA256 4610d5774472d8cc70aeb5e13a536ab23913c941d930d8b81c8a60bab7c8085e
+AUX 0011-Provide-an-observer-event-to-close-persistent-connec.patch 1448 RMD160 02b6e4b943c97e0c75878577aefd96e9e684226e SHA1 80de39474fd21408d56595b7204b20684e1cca8c SHA256 0e59e4e9599f1cb0a62f1a85534b77308b83ce583f4b8bec5422f7007cff9103
+AUX 0012-Provide-client-values-only-to-CSS-Media-Queries.patch 2042 RMD160 effddc0d7b4097c6b2d9a334146eae7ae315264d SHA1 2dcdfe22f9092ac797db689a7e19a802347fec70 SHA256 33172e4cce2136b9005ebde7c2f0f4388aecdc6c1702781fc7481e34ab00d558
+AUX 0013-Limit-the-number-of-fonts-per-document.patch 7318 RMD160 85178f067f3294f20c515cdb71e9b7ff24ba742d SHA1 34c887ff33549f5820479e3d86144114fc1c746e SHA256 91dcd13b99d5378c4966f305b4089a4f6ebee46957ac057f9c0dc42544469b84
+AUX libvpx-1.0.0.patch 2137 RMD160 f5425c9694d8c668da6fbe4726907579e3e1e1ff SHA1 6ffca3b3672eb97f88b72f14e792c5d02633307a SHA256 49ce639966c6596aaf6f1de4ed77699aaa86d7d14c0fe4b64b99bf2c6450e184
+DIST firefox-10.0-patches-0.5.tar.xz 16708 RMD160 40ccd212e16d4e5dd389db95aa7be0fe68361073 SHA1 3ca7cb54cdc2b704fe468cc26e1818648635b514 SHA256 981f40b1f2f12439d1301a0f7f4171aee4b84b16fe6b926344b63750efb21158
+DIST firefox-10.0.1.source.tar.bz2 75537947 RMD160 853c76ee98b25664daee8ee3ad881f45010767e1 SHA1 8613957db84e6722ccf1ebf74fab927139614bfc SHA256 d06dc35607e354d4c1524ca3344cd316a6d7a38c8c0578a52caee6a3adb054f5
+DIST tor-browser-gnu-linux-i686-2.2.35-7.2-dev-en-US.tar.gz 30489710 RMD160 fca09ea9a5f7778a8179f274040561287f206da0 SHA1 b83c21d1f7965df69ec0a71cef22abc8f3024d14 SHA256 5b657ffa3724658c4225493c868fbe8938eec8f3db3017988857c416d075af10
+DIST tor-browser-gnu-linux-x86_64-2.2.35-7.2-dev-en-US.tar.gz 31430945 RMD160 fbc930b08509abac9f5d11d67bfa84dce16639d9 SHA1 18ce8a31287e712c3b34a175d4179ee479bb8cd9 SHA256 45cba289d2b97639bea7910e86684614d7defca377d6c0a41af3f20ad267a720
+DIST torbrowser.png 1383 RMD160 fb32cdee9dfb09a5341c5f96aff540ac122ee46a SHA1 c5bc62339515de7c0ff0691db086eec8a7fe18a1 SHA256 36af7b3f72fab03d478f08416df7832bf146ebdb2fa1f2ed0ac398d75c7f9284
+EBUILD torbrowser-10.0.1.ebuild 10297 RMD160 5dd3031ace3f125baca25ab6d49adf75b7e4f52a SHA1 3c7a19bba5634b329286a22b27178653daeee188 SHA256 44e285a2e51bfb9ad5eeff7036689d4f162419efea15554e56a7ee7ee2aef463
+MISC ChangeLog 1099 RMD160 94aeb2d1431808a74cfe5540170160a14b4980b4 SHA1 659ef490efc1effb925345bc98777b76be10eeb3 SHA256 9bae6229bedcfe5ffdf9b97a78ccb04a0ebb14f8611ab5a2a261588f0947ded6
+MISC metadata.xml 1555 RMD160 1e680102798f010e1cc55f83c222ec0637cd0076 SHA1 19c7df9ff79d404198790c4ec10fc3f06910c607 SHA256 a3fd93d9116129c075b6fbab64591b4ce9319c452135fa28d01efced982bfda7
--- /dev/null
+From 67b86f0c22070cbf86112174ae1e2ce6d6a36dee Mon Sep 17 00:00:00 2001
+From: Mike Perry <mikeperry-git@torproject.org>
+Date: Wed, 1 Feb 2012 15:40:40 -0800
+Subject: [PATCH 01/13] Block Components.interfaces,lookupMethod from content
+
+This patch removes the ability of content script to access
+Components.interfaces.* as well as call or access Components.lookupMethod.
+
+These two interfaces seem to be exposed to content script only to make our
+lives difficult. Components.lookupMethod can undo our JS hooks, and
+Components.interfaces is useful for fingerprinting the platform, OS, and
+Firebox version.
+
+They appear to have no other legitimate use. See also:
+https://bugzilla.mozilla.org/show_bug.cgi?id=429070
+https://trac.torproject.org/projects/tor/ticket/2873
+https://trac.torproject.org/projects/tor/ticket/2874
+---
+ js/xpconnect/src/XPCComponents.cpp | 8 ++++++--
+ 1 files changed, 6 insertions(+), 2 deletions(-)
+
+diff --git a/js/xpconnect/src/XPCComponents.cpp b/js/xpconnect/src/XPCComponents.cpp
+index 3bcbf91..d5c020a 100644
+--- a/js/xpconnect/src/XPCComponents.cpp
++++ b/js/xpconnect/src/XPCComponents.cpp
+@@ -4456,7 +4456,9 @@ nsXPCComponents::CanCreateWrapper(const nsIID * iid, char **_retval)
+ NS_IMETHODIMP
+ nsXPCComponents::CanCallMethod(const nsIID * iid, const PRUnichar *methodName, char **_retval)
+ {
+- static const char* allowed[] = { "isSuccessCode", "lookupMethod", nsnull };
++ // XXX: Pref observer? Also, is this what we want? Seems like a plan
++ //static const char* allowed[] = { "isSuccessCode", "lookupMethod", nsnull };
++ static const char* allowed[] = { "isSuccessCode", nsnull };
+ *_retval = xpc_CheckAccessList(methodName, allowed);
+ return NS_OK;
+ }
+@@ -4465,7 +4467,9 @@ nsXPCComponents::CanCallMethod(const nsIID * iid, const PRUnichar *methodName, c
+ NS_IMETHODIMP
+ nsXPCComponents::CanGetProperty(const nsIID * iid, const PRUnichar *propertyName, char **_retval)
+ {
+- static const char* allowed[] = { "interfaces", "interfacesByID", "results", nsnull};
++ // XXX: Pref observer? Also, is this what we want? Seems like a plan
++ // static const char* allowed[] = { "interfaces", "interfacesByID", "results", nsnull};
++ static const char* allowed[] = { "results", nsnull};
+ *_retval = xpc_CheckAccessList(propertyName, allowed);
+ return NS_OK;
+ }
+--
+1.7.5.4
+
--- /dev/null
+From 193c50c03aa61eef5415d0476467c22941022a11 Mon Sep 17 00:00:00 2001
+From: Mike Perry <mikeperry-git@torproject.org>
+Date: Wed, 1 Feb 2012 15:45:16 -0800
+Subject: [PATCH 02/13] Make Permissions Manager memory-only
+
+This patch exposes a pref 'permissions.memory_only' that properly isolates the
+permissions manager to memory, which is responsible for all user specified
+site permissions, as well as stored STS policy.
+
+The pref does successfully clear the permissions manager memory if toggled. It
+does not need to be set in prefs.js, and can be handled by Torbutton.
+
+https://trac.torproject.org/projects/tor/ticket/2950
+---
+ extensions/cookie/nsPermissionManager.cpp | 34 ++++++++++++++++++++++++++--
+ 1 files changed, 31 insertions(+), 3 deletions(-)
+
+diff --git a/extensions/cookie/nsPermissionManager.cpp b/extensions/cookie/nsPermissionManager.cpp
+index 67eb216..12cc7cf 100644
+--- a/extensions/cookie/nsPermissionManager.cpp
++++ b/extensions/cookie/nsPermissionManager.cpp
+@@ -58,6 +58,10 @@
+ #include "mozStorageHelper.h"
+ #include "mozStorageCID.h"
+ #include "nsXULAppAPI.h"
++#include "nsCOMPtr.h"
++#include "nsIPrefService.h"
++#include "nsIPrefBranch.h"
++#include "nsIPrefBranch2.h"
+
+ static nsPermissionManager *gPermissionManager = nsnull;
+
+@@ -203,6 +207,11 @@ nsPermissionManager::Init()
+ mObserverService->AddObserver(this, "profile-do-change", true);
+ }
+
++ nsCOMPtr<nsIPrefBranch2> pbi = do_GetService(NS_PREFSERVICE_CONTRACTID);
++ if (pbi) {
++ pbi->AddObserver("permissions.", this, PR_FALSE);
++ }
++
+ if (IsChildProcess()) {
+ // Get the permissions from the parent process
+ InfallibleTArray<IPC::Permission> perms;
+@@ -251,8 +260,18 @@ nsPermissionManager::InitDB(bool aRemoveFile)
+ if (!storage)
+ return NS_ERROR_UNEXPECTED;
+
++ bool memory_db = false;
++ nsCOMPtr<nsIPrefBranch> prefs = do_GetService(NS_PREFSERVICE_CONTRACTID);
++ if (prefs) {
++ prefs->GetBoolPref("permissions.memory_only", &memory_db);
++ }
++
+ // cache a connection to the hosts database
+- rv = storage->OpenDatabase(permissionsFile, getter_AddRefs(mDBConn));
++ if (memory_db) {
++ rv = storage->OpenSpecialDatabase("memory", getter_AddRefs(mDBConn));
++ } else {
++ rv = storage->OpenDatabase(permissionsFile, getter_AddRefs(mDBConn));
++ }
+ NS_ENSURE_SUCCESS(rv, rv);
+
+ bool ready;
+@@ -262,7 +281,11 @@ nsPermissionManager::InitDB(bool aRemoveFile)
+ rv = permissionsFile->Remove(false);
+ NS_ENSURE_SUCCESS(rv, rv);
+
+- rv = storage->OpenDatabase(permissionsFile, getter_AddRefs(mDBConn));
++ if (memory_db) {
++ rv = storage->OpenSpecialDatabase("memory", getter_AddRefs(mDBConn));
++ } else {
++ rv = storage->OpenDatabase(permissionsFile, getter_AddRefs(mDBConn));
++ }
+ NS_ENSURE_SUCCESS(rv, rv);
+
+ mDBConn->GetConnectionReady(&ready);
+@@ -783,7 +806,12 @@ NS_IMETHODIMP nsPermissionManager::Observe(nsISupports *aSubject, const char *aT
+ {
+ ENSURE_NOT_CHILD_PROCESS;
+
+- if (!nsCRT::strcmp(aTopic, "profile-before-change")) {
++ if (nsCRT::strcmp(aTopic, NS_PREFBRANCH_PREFCHANGE_TOPIC_ID) == 0) {
++ if (!nsCRT::strcmp(someData, NS_LITERAL_STRING("permissions.memory_only").get())) {
++ // XXX: Should we remove the file? Probably not..
++ InitDB(PR_FALSE);
++ }
++ } else if (!nsCRT::strcmp(aTopic, "profile-before-change")) {
+ // The profile is about to change,
+ // or is going away because the application is shutting down.
+ if (!nsCRT::strcmp(someData, NS_LITERAL_STRING("shutdown-cleanse").get())) {
+--
+1.7.5.4
+
--- /dev/null
+From 5d72233faeba1745962f55fa09fe2f537eda93ec Mon Sep 17 00:00:00 2001
+From: Mike Perry <mikeperry-git@fscked.org>
+Date: Fri, 19 Aug 2011 17:58:23 -0700
+Subject: [PATCH 03/13] Make Intermediate Cert Store memory-only.
+
+This patch makes the intermediate SSL cert store exist in memory only.
+
+The pref must be set before startup in prefs.js.
+https://trac.torproject.org/projects/tor/ticket/2949
+---
+ security/manager/ssl/src/nsNSSComponent.cpp | 15 ++++++++++++++-
+ 1 files changed, 14 insertions(+), 1 deletions(-)
+
+diff --git a/security/manager/ssl/src/nsNSSComponent.cpp b/security/manager/ssl/src/nsNSSComponent.cpp
+index a08c4ef..0ec3713 100644
+--- a/security/manager/ssl/src/nsNSSComponent.cpp
++++ b/security/manager/ssl/src/nsNSSComponent.cpp
+@@ -1730,8 +1730,21 @@ nsNSSComponent::InitializeNSS(bool showWarningBox)
+ // Ubuntu 8.04, which loads any nonexistent "<configdir>/libnssckbi.so" as
+ // "/usr/lib/nss/libnssckbi.so".
+ PRUint32 init_flags = NSS_INIT_NOROOTINIT | NSS_INIT_OPTIMIZESPACE;
+- SECStatus init_rv = ::NSS_Initialize(profileStr.get(), "", "",
++ bool nocertdb = false;
++ mPrefBranch->GetBoolPref("security.nocertdb", &nocertdb);
++
++ // XXX: We can also do the the following to only disable the certdb.
++ // Leaving this codepath in as a fallback in case InitNODB fails
++ if (nocertdb)
++ init_flags |= NSS_INIT_NOCERTDB;
++
++ SECStatus init_rv;
++ if (nocertdb) {
++ init_rv = ::NSS_NoDB_Init(NULL);
++ } else {
++ init_rv = ::NSS_Initialize(profileStr.get(), "", "",
+ SECMOD_DB, init_flags);
++ }
+
+ if (init_rv != SECSuccess) {
+ PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("can not init NSS r/w in %s\n", profileStr.get()));
+--
+1.7.5.4
+
--- /dev/null
+From 6dc27a50e06bca139a07546f94a827f1fdb762b7 Mon Sep 17 00:00:00 2001
+From: Mike Perry <mikeperry-git@fscked.org>
+Date: Fri, 2 Sep 2011 15:33:20 -0700
+Subject: [PATCH 04/13] Add HTTP auth headers before the modify-request
+ observer.
+
+Otherwise, how are we supposed to modify them?
+
+Thanks to Georg Koppen for spotting both the problem and this fix.
+---
+ netwerk/protocol/http/nsHttpChannel.cpp | 11 +++++++----
+ 1 files changed, 7 insertions(+), 4 deletions(-)
+
+diff --git a/netwerk/protocol/http/nsHttpChannel.cpp b/netwerk/protocol/http/nsHttpChannel.cpp
+index dec2a83..4c5e759 100644
+--- a/netwerk/protocol/http/nsHttpChannel.cpp
++++ b/netwerk/protocol/http/nsHttpChannel.cpp
+@@ -316,9 +316,6 @@ nsHttpChannel::Connect(bool firstTime)
+ return NS_ERROR_DOCUMENT_NOT_CACHED;
+ }
+
+- // check to see if authorization headers should be included
+- mAuthProvider->AddAuthorizationHeaders();
+-
+ if (mLoadFlags & LOAD_NO_NETWORK_IO) {
+ return NS_ERROR_DOCUMENT_NOT_CACHED;
+ }
+@@ -3701,6 +3698,9 @@ nsHttpChannel::AsyncOpen(nsIStreamListener *listener, nsISupports *context)
+
+ AddCookiesToRequest();
+
++ // check to see if authorization headers should be included
++ mAuthProvider->AddAuthorizationHeaders();
++
+ // notify "http-on-modify-request" observers
+ gHttpHandler->OnModifyRequest(this);
+
+@@ -4795,7 +4795,10 @@ nsHttpChannel::DoAuthRetry(nsAHttpConnection *conn)
+ // this authentication attempt (bug 84794).
+ // TODO: save cookies from auth response and send them here (bug 572151).
+ AddCookiesToRequest();
+-
++
++ // check to see if authorization headers should be included
++ mAuthProvider->AddAuthorizationHeaders();
++
+ // notify "http-on-modify-request" observers
+ gHttpHandler->OnModifyRequest(this);
+
+--
+1.7.5.4
+
--- /dev/null
+From a06818f3a358e6c4502b944ecd264fd2ccaff5bf Mon Sep 17 00:00:00 2001
+From: Mike Perry <mikeperry-git@fscked.org>
+Date: Fri, 2 Sep 2011 20:47:02 -0700
+Subject: [PATCH 05/13] Add a string-based cacheKey.
+
+Used for isolating cache according to same-origin policy.
+---
+ netwerk/base/public/nsICachingChannel.idl | 7 +++++++
+ netwerk/protocol/http/nsHttpChannel.cpp | 22 ++++++++++++++++++++++
+ netwerk/protocol/http/nsHttpChannel.h | 1 +
+ 3 files changed, 30 insertions(+), 0 deletions(-)
+
+diff --git a/netwerk/base/public/nsICachingChannel.idl b/netwerk/base/public/nsICachingChannel.idl
+index 2da46d6..4ee5774 100644
+--- a/netwerk/base/public/nsICachingChannel.idl
++++ b/netwerk/base/public/nsICachingChannel.idl
+@@ -98,6 +98,13 @@ interface nsICachingChannel : nsICacheInfoChannel
+ attribute nsISupports cacheKey;
+
+ /**
++ * Set/get the cache domain... uniquely identifies the data in the cache
++ * for this channel. Holding a reference to this key does NOT prevent
++ * the cached data from being removed.
++ */
++ attribute AUTF8String cacheDomain;
++
++ /**
+ * Specifies whether or not the data should be cached to a file. This
+ * may fail if the disk cache is not present. The value of this attribute
+ * is usually only settable during the processing of a channel's
+diff --git a/netwerk/protocol/http/nsHttpChannel.cpp b/netwerk/protocol/http/nsHttpChannel.cpp
+index 4c5e759..6205d62 100644
+--- a/netwerk/protocol/http/nsHttpChannel.cpp
++++ b/netwerk/protocol/http/nsHttpChannel.cpp
+@@ -2389,6 +2389,12 @@ nsHttpChannel::AssembleCacheKey(const char *spec, PRUint32 postID,
+ cacheKey.Append(buf);
+ }
+
++ if (strlen(mCacheDomain.get()) > 0) {
++ cacheKey.AppendLiteral("domain=");
++ cacheKey.Append(mCacheDomain.get());
++ cacheKey.AppendLiteral("&");
++ }
++
+ if (!cacheKey.IsEmpty()) {
+ cacheKey.AppendLiteral("uri=");
+ }
+@@ -4695,6 +4701,22 @@ nsHttpChannel::SetCacheForOfflineUse(bool value)
+ }
+
+ NS_IMETHODIMP
++nsHttpChannel::GetCacheDomain(nsACString &value)
++{
++ value = mCacheDomain;
++
++ return NS_OK;
++}
++
++NS_IMETHODIMP
++nsHttpChannel::SetCacheDomain(const nsACString &value)
++{
++ mCacheDomain = value;
++
++ return NS_OK;
++}
++
++NS_IMETHODIMP
+ nsHttpChannel::GetOfflineCacheClientID(nsACString &value)
+ {
+ value = mOfflineCacheClientID;
+diff --git a/netwerk/protocol/http/nsHttpChannel.h b/netwerk/protocol/http/nsHttpChannel.h
+index 88ce469..53538cf 100644
+--- a/netwerk/protocol/http/nsHttpChannel.h
++++ b/netwerk/protocol/http/nsHttpChannel.h
+@@ -303,6 +303,7 @@ private:
+ nsCOMPtr<nsICacheEntryDescriptor> mOfflineCacheEntry;
+ nsCacheAccessMode mOfflineCacheAccess;
+ nsCString mOfflineCacheClientID;
++ nsCString mCacheDomain;
+
+ // auth specific data
+ nsCOMPtr<nsIHttpChannelAuthProvider> mAuthProvider;
+--
+1.7.5.4
+
--- /dev/null
+From 755f71320538b0a813807cc3f4076dd20cbe9849 Mon Sep 17 00:00:00 2001
+From: Mike Perry <mikeperry-git@torproject.org>
+Date: Wed, 1 Feb 2012 16:05:22 -0800
+Subject: [PATCH 06/13] Randomize HTTP pipeline order and depth.
+
+This is an experimental defense against
+http://lorre.uni.lu/~andriy/papers/acmccs-wpes11-fingerprinting.pdf
+
+See also:
+https://blog.torproject.org/blog/experimental-defense-website-traffic-fingerprinting
+---
+ netwerk/protocol/http/nsHttpConnectionMgr.cpp | 78 ++++++++++++++++++++++++-
+ netwerk/protocol/http/nsHttpConnectionMgr.h | 4 +
+ 2 files changed, 81 insertions(+), 1 deletions(-)
+
+diff --git a/netwerk/protocol/http/nsHttpConnectionMgr.cpp b/netwerk/protocol/http/nsHttpConnectionMgr.cpp
+index 23ef893..bba456d 100644
+--- a/netwerk/protocol/http/nsHttpConnectionMgr.cpp
++++ b/netwerk/protocol/http/nsHttpConnectionMgr.cpp
+@@ -94,6 +94,11 @@ nsHttpConnectionMgr::nsHttpConnectionMgr()
+ {
+ LOG(("Creating nsHttpConnectionMgr @%x\n", this));
+ mCT.Init();
++ nsresult rv;
++ mRandomGenerator = do_GetService("@mozilla.org/security/random-generator;1", &rv);
++ if (NS_FAILED(rv)) {
++ mRandomGenerator = nsnull;
++ }
+ }
+
+ nsHttpConnectionMgr::~nsHttpConnectionMgr()
+@@ -865,7 +870,7 @@ nsHttpConnectionMgr::DispatchTransaction(nsConnectionEntry *ent,
+ nsHttpPipeline *pipeline = nsnull;
+ if (conn->SupportsPipelining() && (caps & NS_HTTP_ALLOW_PIPELINING)) {
+ LOG((" looking to build pipeline...\n"));
+- if (BuildPipeline(ent, trans, &pipeline))
++ if (BuildRandomizedPipeline(ent, trans, &pipeline))
+ trans = pipeline;
+ }
+
+@@ -938,6 +943,77 @@ nsHttpConnectionMgr::BuildPipeline(nsConnectionEntry *ent,
+ return true;
+ }
+
++bool
++nsHttpConnectionMgr::BuildRandomizedPipeline(nsConnectionEntry *ent,
++ nsAHttpTransaction *firstTrans,
++ nsHttpPipeline **result)
++{
++ if (mRandomGenerator == nsnull)
++ return BuildPipeline(ent, firstTrans, result);
++ if (mMaxPipelinedRequests < 2)
++ return PR_FALSE;
++
++ nsresult rv;
++ PRUint8 *bytes = nsnull;
++
++ nsHttpPipeline *pipeline = nsnull;
++ nsHttpTransaction *trans;
++
++ PRUint32 i = 0, numAdded = 0, numAllowed = 0;
++ PRUint32 max = 0;
++
++ while (i < ent->mPendingQ.Length()) {
++ if (ent->mPendingQ[i]->Caps() & NS_HTTP_ALLOW_PIPELINING)
++ numAllowed++;
++ i++;
++ }
++
++ rv = mRandomGenerator->GenerateRandomBytes(1, &bytes);
++ NS_ENSURE_SUCCESS(rv, rv);
++ // 4...12
++ max = 4 + (bytes[0] % (mMaxPipelinedRequests + 1));
++ NS_Free(bytes);
++
++ while (numAllowed > 0) {
++ rv = mRandomGenerator->GenerateRandomBytes(1, &bytes);
++ NS_ENSURE_SUCCESS(rv, rv);
++ i = bytes[0] % ent->mPendingQ.Length();
++ NS_Free(bytes);
++
++ trans = ent->mPendingQ[i];
++
++ if (!(ent->mPendingQ[i]->Caps() & NS_HTTP_ALLOW_PIPELINING))
++ continue;
++
++ if (numAdded == 0) {
++ pipeline = new nsHttpPipeline;
++ if (!pipeline)
++ return PR_FALSE;
++ pipeline->AddTransaction(firstTrans);
++ numAdded = 1;
++ }
++ pipeline->AddTransaction(trans);
++
++ // remove transaction from pending queue
++ ent->mPendingQ.RemoveElementAt(i);
++ NS_RELEASE(trans);
++
++ numAllowed--;
++
++ if (++numAdded == max)
++ break;
++ }
++
++ //fprintf(stderr, "Yay!!! pipelined %u/%u transactions\n", numAdded, max);
++ LOG((" pipelined %u/%u transactions\n", numAdded, max));
++
++ if (numAdded == 0)
++ return PR_FALSE;
++
++ NS_ADDREF(*result = pipeline);
++ return PR_TRUE;
++}
++
+ nsresult
+ nsHttpConnectionMgr::ProcessNewTransaction(nsHttpTransaction *trans)
+ {
+diff --git a/netwerk/protocol/http/nsHttpConnectionMgr.h b/netwerk/protocol/http/nsHttpConnectionMgr.h
+index cdf21a9..9647225 100644
+--- a/netwerk/protocol/http/nsHttpConnectionMgr.h
++++ b/netwerk/protocol/http/nsHttpConnectionMgr.h
+@@ -48,6 +48,7 @@
+ #include "nsAutoPtr.h"
+ #include "mozilla/ReentrantMonitor.h"
+ #include "nsISocketTransportService.h"
++#include "nsIRandomGenerator.h"
+
+ #include "nsIObserver.h"
+ #include "nsITimer.h"
+@@ -276,6 +277,7 @@ private:
+ nsresult DispatchTransaction(nsConnectionEntry *, nsAHttpTransaction *,
+ PRUint8 caps, nsHttpConnection *);
+ bool BuildPipeline(nsConnectionEntry *, nsAHttpTransaction *, nsHttpPipeline **);
++ bool BuildRandomizedPipeline(nsConnectionEntry *, nsAHttpTransaction *, nsHttpPipeline **);
+ nsresult ProcessNewTransaction(nsHttpTransaction *);
+ nsresult EnsureSocketThreadTargetIfOnline();
+ void ClosePersistentConnections(nsConnectionEntry *ent);
+@@ -353,6 +355,8 @@ private:
+ PRUint64 mTimeOfNextWakeUp;
+ // Timer for next pruning of dead connections.
+ nsCOMPtr<nsITimer> mTimer;
++ // Random number generator for reordering HTTP pipeline
++ nsCOMPtr<nsIRandomGenerator> mRandomGenerator;
+
+ //
+ // the connection table
+--
+1.7.5.4
+
--- /dev/null
+From 7d6e270e1a05e1fe57d069b9859c9b51904db33e Mon Sep 17 00:00:00 2001
+From: Mike Perry <mikeperry-git@torproject.org>
+Date: Wed, 1 Feb 2012 15:50:15 -0800
+Subject: [PATCH 07/13] Block all plugins except flash.
+
+We cannot use the @mozilla.org/extensions/blocklist;1 service, because we
+actually want to stop plugins from ever entering the browser's process space
+and/or executing code (for example, AV plugins that collect statistics/analyse
+urls, magical toolbars that phone home or "help" the user, skype buttons that
+ruin our day, and censorship filters). Hence we rolled our own.
+
+See https://trac.torproject.org/projects/tor/ticket/3547#comment:6 for musings
+on a better way. Until then, it is delta-darwinism for us.
+---
+ dom/plugins/base/nsPluginHost.cpp | 33 +++++++++++++++++++++++++++++++++
+ dom/plugins/base/nsPluginHost.h | 2 ++
+ 2 files changed, 35 insertions(+), 0 deletions(-)
+
+diff --git a/dom/plugins/base/nsPluginHost.cpp b/dom/plugins/base/nsPluginHost.cpp
+index 729c9ef..1f4652d 100644
+--- a/dom/plugins/base/nsPluginHost.cpp
++++ b/dom/plugins/base/nsPluginHost.cpp
+@@ -1965,6 +1965,35 @@ bool nsPluginHost::IsDuplicatePlugin(nsPluginTag * aPluginTag)
+ return false;
+ }
+
++PRBool nsPluginHost::GhettoBlacklist(nsIFile *pluginFile)
++{
++ nsCString leaf;
++ const char *leafStr;
++ nsresult rv;
++
++ rv = pluginFile->GetNativeLeafName(leaf);
++ if (NS_FAILED(rv)) {
++ return PR_TRUE; // fuck 'em. blacklist.
++ }
++
++ leafStr = leaf.get();
++
++ if (!leafStr) {
++ return PR_TRUE; // fuck 'em. blacklist.
++ }
++
++ // libgnashplugin.so, libflashplayer.so, Flash Player-10.4-10.5.plugin,
++ // NPSWF32.dll, NPSWF64.dll
++ if (strstr(leafStr, "libgnashplugin") == leafStr ||
++ strstr(leafStr, "libflashplayer") == leafStr ||
++ strstr(leafStr, "Flash Player") == leafStr ||
++ strstr(leafStr, "NPSWF") == leafStr) {
++ return PR_FALSE;
++ }
++
++ return PR_TRUE; // fuck 'em. blacklist.
++}
++
+ typedef NS_NPAPIPLUGIN_CALLBACK(char *, NP_GETMIMEDESCRIPTION)(void);
+
+ nsresult nsPluginHost::ScanPluginsDirectory(nsIFile *pluginsDir,
+@@ -2086,6 +2115,10 @@ nsresult nsPluginHost::ScanPluginsDirectory(nsIFile *pluginsDir,
+ continue;
+ }
+
++ if (GhettoBlacklist(localfile)) {
++ continue;
++ }
++
+ // if it is not found in cache info list or has been changed, create a new one
+ if (!pluginTag) {
+ nsPluginFile pluginFile(localfile);
+diff --git a/dom/plugins/base/nsPluginHost.h b/dom/plugins/base/nsPluginHost.h
+index 39a8891..c262abf 100644
+--- a/dom/plugins/base/nsPluginHost.h
++++ b/dom/plugins/base/nsPluginHost.h
+@@ -278,6 +278,8 @@ private:
+ // Loads all cached plugins info into mCachedPlugins
+ nsresult ReadPluginInfo();
+
++ PRBool GhettoBlacklist(nsIFile *pluginFile);
++
+ // Given a file path, returns the plugins info from our cache
+ // and removes it from the cache.
+ void RemoveCachedPluginsInfo(const char *filePath,
+--
+1.7.5.4
+
--- /dev/null
+From 23a09d0a6def1e2f7190177a875ab5a85c5da7b7 Mon Sep 17 00:00:00 2001
+From: Mike Perry <mikeperry-git@fscked.org>
+Date: Thu, 8 Sep 2011 08:40:17 -0700
+Subject: [PATCH 08/13] Make content pref service memory-only + clearable
+
+This prevents random urls from being inserted into content-prefs.sqllite in
+the profile directory as content prefs change (includes site-zoom and perhaps
+other site prefs?).
+---
+ .../contentprefs/nsContentPrefService.js | 4 ++--
+ 1 files changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/toolkit/components/contentprefs/nsContentPrefService.js b/toolkit/components/contentprefs/nsContentPrefService.js
+index adfb650..1619d5f 100644
+--- a/toolkit/components/contentprefs/nsContentPrefService.js
++++ b/toolkit/components/contentprefs/nsContentPrefService.js
+@@ -1240,7 +1240,7 @@ ContentPrefService.prototype = {
+
+ var dbConnection;
+
+- if (!dbFile.exists())
++ if (true || !dbFile.exists())
+ dbConnection = this._dbCreate(dbService, dbFile);
+ else {
+ try {
+@@ -1288,7 +1288,7 @@ ContentPrefService.prototype = {
+ },
+
+ _dbCreate: function ContentPrefService__dbCreate(aDBService, aDBFile) {
+- var dbConnection = aDBService.openDatabase(aDBFile);
++ var dbConnection = aDBService.openSpecialDatabase("memory");
+
+ try {
+ this._dbCreateSchema(dbConnection);
+--
+1.7.5.4
+
--- /dev/null
+From 8bfcf12fe59b7b9940830446bf331729f5c86b3d Mon Sep 17 00:00:00 2001
+From: Mike Perry <mikeperry-git@fscked.org>
+Date: Wed, 7 Dec 2011 19:36:38 -0800
+Subject: [PATCH 10/13] Disable SSL Session ID tracking.
+
+We can't easily bind SSL Session ID tracking to url bar domain,
+so we have to disable them to satisfy
+https://www.torproject.org/projects/torbrowser/design/#identifier-linkability.
+---
+ security/nss/lib/ssl/sslsock.c | 2 +-
+ 1 files changed, 1 insertions(+), 1 deletions(-)
+
+diff --git a/security/nss/lib/ssl/sslsock.c b/security/nss/lib/ssl/sslsock.c
+index 2e6f9ed..c8a993b 100644
+--- a/security/nss/lib/ssl/sslsock.c
++++ b/security/nss/lib/ssl/sslsock.c
+@@ -172,7 +172,7 @@ static sslOptions ssl_defaults = {
+ PR_FALSE, /* enableSSL2 */ /* now defaults to off in NSS 3.13 */
+ PR_TRUE, /* enableSSL3 */
+ PR_TRUE, /* enableTLS */ /* now defaults to on in NSS 3.0 */
+- PR_FALSE, /* noCache */
++ PR_TRUE, /* noCache */
+ PR_FALSE, /* fdx */
+ PR_FALSE, /* v2CompatibleHello */ /* now defaults to off in NSS 3.13 */
+ PR_TRUE, /* detectRollBack */
+--
+1.7.5.4
+
--- /dev/null
+From befcfaff647b1e09722d100fbf2dadcc22cfdc2b Mon Sep 17 00:00:00 2001
+From: Mike Perry <mikeperry-git@torproject.org>
+Date: Wed, 1 Feb 2012 15:53:28 -0800
+Subject: [PATCH 11/13] Provide an observer event to close persistent
+ connections
+
+We need to prevent linkability across "New Identity", which includes closing
+keep-alive connections.
+---
+ netwerk/protocol/http/nsHttpHandler.cpp | 7 +++++++
+ 1 files changed, 7 insertions(+), 0 deletions(-)
+
+diff --git a/netwerk/protocol/http/nsHttpHandler.cpp b/netwerk/protocol/http/nsHttpHandler.cpp
+index f21598e..f3bf6af 100644
+--- a/netwerk/protocol/http/nsHttpHandler.cpp
++++ b/netwerk/protocol/http/nsHttpHandler.cpp
+@@ -321,6 +321,7 @@ nsHttpHandler::Init()
+ mObserverService->AddObserver(this, "net:clear-active-logins", true);
+ mObserverService->AddObserver(this, NS_PRIVATE_BROWSING_SWITCH_TOPIC, true);
+ mObserverService->AddObserver(this, "net:prune-dead-connections", true);
++ mObserverService->AddObserver(this, "net:prune-all-connections", PR_TRUE);
+ }
+
+ return NS_OK;
+@@ -1481,6 +1482,12 @@ nsHttpHandler::Observe(nsISupports *subject,
+ mConnMgr->PruneDeadConnections();
+ }
+ }
++ else if (strcmp(topic, "net:prune-all-connections") == 0) {
++ if (mConnMgr) {
++ mConnMgr->ClosePersistentConnections();
++ mConnMgr->PruneDeadConnections();
++ }
++ }
+
+ return NS_OK;
+ }
+--
+1.7.5.4
+
--- /dev/null
+From b5c42aa7668ac12b034cc1806ae1dc48732fa9b5 Mon Sep 17 00:00:00 2001
+From: Mike Perry <mikeperry-git@fscked.org>
+Date: Tue, 20 Dec 2011 21:02:49 -0800
+Subject: [PATCH 12/13] Provide client values only to CSS Media Queries
+
+Also disable a bunch of Mozilla extensions that smell like they are
+fingerprintable.
+
+This is done to address
+https://www.torproject.org/projects/torbrowser/design/#fingerprinting-linkability
+---
+ layout/style/nsMediaFeatures.cpp | 10 ++++++----
+ 1 files changed, 6 insertions(+), 4 deletions(-)
+
+diff --git a/layout/style/nsMediaFeatures.cpp b/layout/style/nsMediaFeatures.cpp
+index 6eca06e..c68f191 100644
+--- a/layout/style/nsMediaFeatures.cpp
++++ b/layout/style/nsMediaFeatures.cpp
+@@ -383,14 +383,14 @@ nsMediaFeatures::features[] = {
+ nsMediaFeature::eMinMaxAllowed,
+ nsMediaFeature::eLength,
+ { nsnull },
+- GetDeviceWidth
++ GetWidth
+ },
+ {
+ &nsGkAtoms::deviceHeight,
+ nsMediaFeature::eMinMaxAllowed,
+ nsMediaFeature::eLength,
+ { nsnull },
+- GetDeviceHeight
++ GetHeight
+ },
+ {
+ &nsGkAtoms::orientation,
+@@ -411,7 +411,7 @@ nsMediaFeatures::features[] = {
+ nsMediaFeature::eMinMaxAllowed,
+ nsMediaFeature::eIntRatio,
+ { nsnull },
+- GetDeviceAspectRatio
++ GetAspectRatio
+ },
+ {
+ &nsGkAtoms::color,
+@@ -457,6 +457,7 @@ nsMediaFeatures::features[] = {
+ },
+
+ // Mozilla extensions
++/*
+ {
+ &nsGkAtoms::_moz_device_pixel_ratio,
+ nsMediaFeature::eMinMaxAllowed,
+@@ -469,7 +470,7 @@ nsMediaFeatures::features[] = {
+ nsMediaFeature::eMinMaxNotAllowed,
+ nsMediaFeature::eEnumerated,
+ { kOrientationKeywords },
+- GetDeviceOrientation
++ GetOrientation
+ },
+ {
+ &nsGkAtoms::_moz_is_resource_document,
+@@ -590,6 +591,7 @@ nsMediaFeatures::features[] = {
+ { nsnull },
+ GetWindowsTheme
+ },
++*/
+ // Null-mName terminator:
+ {
+ nsnull,
+--
+1.7.5.4
+
--- /dev/null
+From 4ed1e1c2372216cfcf377b369a9d44bb9f60ee14 Mon Sep 17 00:00:00 2001
+From: Mike Perry <mikeperry-git@torproject.org>
+Date: Wed, 1 Feb 2012 16:01:21 -0800
+Subject: [PATCH 13/13] Limit the number of fonts per document.
+
+We create two prefs:
+browser.display.max_font_count and browser.display.max_font_attempts.
+max_font_count sets a limit on the number of fonts actually used in the
+document, and max_font_attempts sets a limit on the total number of CSS
+queries that a document is allowed to perform.
+
+Once either limit is reached, the browser behaves as if
+browser.display.use_document_fonts was set to 0 for subsequent font queries.
+
+If a pref is not set or is negative, that limit does not apply.
+
+This is done to address:
+https://www.torproject.org/projects/torbrowser/design/#fingerprinting-linkability
+---
+ layout/base/nsPresContext.cpp | 100 +++++++++++++++++++++++++++++++++++++++++
+ layout/base/nsPresContext.h | 9 ++++
+ layout/style/nsRuleNode.cpp | 13 ++++-
+ 3 files changed, 119 insertions(+), 3 deletions(-)
+
+diff --git a/layout/base/nsPresContext.cpp b/layout/base/nsPresContext.cpp
+index e1587db..9690d9c 100644
+--- a/layout/base/nsPresContext.cpp
++++ b/layout/base/nsPresContext.cpp
+@@ -98,6 +98,8 @@
+ #include "FrameLayerBuilder.h"
+ #include "nsDOMMediaQueryList.h"
+ #include "nsSMILAnimationController.h"
++#include "nsString.h"
++#include "nsUnicharUtils.h"
+
+ #ifdef IBMBIDI
+ #include "nsBidiPresUtils.h"
+@@ -706,6 +708,10 @@ nsPresContext::GetUserPreferences()
+ // * use fonts?
+ mUseDocumentFonts =
+ Preferences::GetInt("browser.display.use_document_fonts") != 0;
++ mMaxFonts =
++ Preferences::GetInt("browser.display.max_font_count", -1);
++ mMaxFontAttempts =
++ Preferences::GetInt("browser.display.max_font_attempts", -1);
+
+ // * replace backslashes with Yen signs? (bug 245770)
+ mEnableJapaneseTransform =
+@@ -1300,6 +1306,100 @@ nsPresContext::GetDefaultFont(PRUint8 aFontID) const
+ return font;
+ }
+
++PRBool
++nsPresContext::FontUseCountReached(const nsFont &font) {
++ if (mMaxFonts < 0) {
++ return PR_FALSE;
++ }
++
++ for (PRUint32 i = 0; i < mFontsUsed.Length(); i++) {
++ if (mFontsUsed[i].name.Equals(font.name,
++ nsCaseInsensitiveStringComparator())
++ // XXX: Style is sometimes filled with garbage??
++ /*&& mFontsUsed[i].style == font.style*/) {
++ // seen it before: OK
++ return PR_FALSE;
++ }
++ }
++
++ if (mFontsUsed.Length() >= mMaxFonts) {
++ return PR_TRUE;
++ }
++
++ return PR_FALSE;
++}
++
++PRBool
++nsPresContext::FontAttemptCountReached(const nsFont &font) {
++ if (mMaxFontAttempts < 0) {
++ return PR_FALSE;
++ }
++
++ for (PRUint32 i = 0; i < mFontsTried.Length(); i++) {
++ if (mFontsTried[i].name.Equals(font.name,
++ nsCaseInsensitiveStringComparator())
++ // XXX: Style is sometimes filled with garbage??
++ /*&& mFontsTried[i].style == font.style*/) {
++ // seen it before: OK
++ return PR_FALSE;
++ }
++ }
++
++ if (mFontsTried.Length() >= mMaxFontAttempts) {
++ return PR_TRUE;
++ }
++
++ return PR_FALSE;
++}
++
++void
++nsPresContext::AddFontUse(const nsFont &font) {
++ if (mMaxFonts < 0) {
++ return;
++ }
++
++ for (PRUint32 i = 0; i < mFontsUsed.Length(); i++) {
++ if (mFontsUsed[i].name.Equals(font.name,
++ nsCaseInsensitiveStringComparator())
++ // XXX: Style is sometimes filled with garbage??
++ /*&& mFontsUsed[i].style == font.style*/) {
++ // seen it before: OK
++ return;
++ }
++ }
++
++ if (mFontsUsed.Length() >= mMaxFonts) {
++ return;
++ }
++
++ mFontsUsed.AppendElement(font);
++ return;
++}
++
++void
++nsPresContext::AddFontAttempt(const nsFont &font) {
++ if (mMaxFontAttempts < 0) {
++ return;
++ }
++
++ for (PRUint32 i = 0; i < mFontsTried.Length(); i++) {
++ if (mFontsTried[i].name.Equals(font.name,
++ nsCaseInsensitiveStringComparator())
++ // XXX: Style is sometimes filled with garbage??
++ /*&& mFontsTried[i].style == font.style*/) {
++ // seen it before: OK
++ return;
++ }
++ }
++
++ if (mFontsTried.Length() >= mMaxFontAttempts) {
++ return;
++ }
++
++ mFontsTried.AppendElement(font);
++ return;
++}
++
+ void
+ nsPresContext::SetFullZoom(float aZoom)
+ {
+diff --git a/layout/base/nsPresContext.h b/layout/base/nsPresContext.h
+index ecd01d8..552a69a 100644
+--- a/layout/base/nsPresContext.h
++++ b/layout/base/nsPresContext.h
+@@ -548,6 +548,13 @@ public:
+ }
+ }
+
++ nsTArray<nsFont> mFontsUsed; // currently for font-count limiting only
++ nsTArray<nsFont> mFontsTried; // currently for font-count limiting only
++ void AddFontUse(const nsFont &font);
++ void AddFontAttempt(const nsFont &font);
++ PRBool FontUseCountReached(const nsFont &font);
++ PRBool FontAttemptCountReached(const nsFont &font);
++
+ PRInt32 MinFontSize() const {
+ return NS_MAX(mMinFontSize, mMinimumFontSizePref);
+ }
+@@ -1117,6 +1124,8 @@ protected:
+ PRUint32 mInterruptChecksToSkip;
+
+ mozilla::TimeStamp mReflowStartTime;
++ PRInt32 mMaxFontAttempts;
++ PRInt32 mMaxFonts;
+
+ unsigned mHasPendingInterrupt : 1;
+ unsigned mInterruptsEnabled : 1;
+diff --git a/layout/style/nsRuleNode.cpp b/layout/style/nsRuleNode.cpp
+index 27336bf..827585a 100644
+--- a/layout/style/nsRuleNode.cpp
++++ b/layout/style/nsRuleNode.cpp
+@@ -3091,6 +3091,7 @@ nsRuleNode::ComputeFontData(void* aStartStruct,
+
+ // See if there is a minimum font-size constraint to honor
+ nscoord minimumFontSize = mPresContext->MinFontSize();
++ PRBool isXUL = PR_FALSE;
+
+ if (minimumFontSize < 0)
+ minimumFontSize = 0;
+@@ -3102,10 +3103,10 @@ nsRuleNode::ComputeFontData(void* aStartStruct,
+ // We only need to know this to determine if we have to use the
+ // document fonts (overriding the useDocumentFonts flag), or to
+ // determine if we have to override the minimum font-size constraint.
+- if ((!useDocumentFonts || minimumFontSize > 0) && mPresContext->IsChrome()) {
++ if (mPresContext->IsChrome()) {
+ // if we are not using document fonts, but this is a XUL document,
+ // then we use the document fonts anyway
+- useDocumentFonts = true;
++ isXUL = PR_TRUE;
+ minimumFontSize = 0;
+ }
+
+@@ -3120,9 +3121,13 @@ nsRuleNode::ComputeFontData(void* aStartStruct,
+ // generic?
+ nsFont::GetGenericID(font->mFont.name, &generic);
+
++ mPresContext->AddFontAttempt(font->mFont);
++
+ // If we aren't allowed to use document fonts, then we are only entitled
+ // to use the user's default variable-width font and fixed-width font
+- if (!useDocumentFonts) {
++ if (!isXUL && (!useDocumentFonts ||
++ mPresContext->FontAttemptCountReached(font->mFont) ||
++ mPresContext->FontUseCountReached(font->mFont))) {
+ // Extract the generic from the specified font family...
+ nsAutoString genericName;
+ if (!font->mFont.EnumerateFamilies(ExtractGeneric, &genericName)) {
+@@ -3158,6 +3163,8 @@ nsRuleNode::ComputeFontData(void* aStartStruct,
+ minimumFontSize, font);
+ }
+
++ if (font->mGenericID == kGenericFont_NONE)
++ mPresContext->AddFontUse(font->mFont);
+ COMPUTE_END_INHERITED(Font, font)
+ }
+
+--
+1.7.5.4
+
--- /dev/null
+--- configure.in 2012-02-03 09:19:03.710073220 -0800
++++ configure.in 2012-02-03 09:18:56.158036304 -0800
+@@ -5616,20 +5616,20 @@
+ [MOZ_NATIVE_LIBVPX_DEC_TEST=1],
+ ([--with-system-libvpx requested but symbol vpx_codec_dec_init_ver not found]))
+ if test -n "$MOZ_NATIVE_LIBVPX_DEC_TEST" ; then
+- AC_MSG_CHECKING([for libvpx version >= v0.9.7])
+- dnl We need at least v0.9.7 to fix several crash bugs (for which we
+- dnl had local patches prior to v0.9.7).
++ AC_MSG_CHECKING([for libvpx version >= v1.0.0])
++ dnl We need at least v1.0.0 to fix several crash bugs (for which we
++ dnl had local patches prior to v1.0.0).
+ dnl
+ dnl This is a terrible test for the library version, but we don't
+ dnl have a good one. There is no version number in a public header,
+ dnl and testing the headers still doesn't guarantee we link against
+ dnl the right version. While we could call vpx_codec_version() at
+ dnl run-time, that would break cross-compiling. There are no
+- dnl additional exported symbols between the v0.9.7 release and the
+- dnl v0.9.6 one to check for.
++ dnl additional exported decoder symbols between the v1.0.0 release
++ dnl and the v0.9.7 one to check for.
+ AC_TRY_COMPILE([
+ #include <vpx/vpx_decoder.h>
+- #if !defined(VPX_CODEC_USE_INPUT_PARTITION)
++ #if !defined(VPX_CODEC_USE_INPUT_FRAGMENTS)
+ #error "test failed."
+ #endif
+ ],
+@@ -5639,7 +5639,7 @@
+ MOZ_LIBVPX_INCLUDES="-I${LIBVPX_DIR}/include"
+ MOZ_LIBVPX_LIBS="-L${LIBVPX_DIR}/lib -lvpx"],
+ [AC_MSG_RESULT([no])
+- AC_MSG_ERROR([--with-system-libvpx requested but it is not v0.9.7 or later])])
++ AC_MSG_ERROR([--with-system-libvpx requested but it is not v1.0.0 or later])])
+ fi
+ CFLAGS=$_SAVE_CFLAGS
+ LDFLAGS=$_SAVE_LDFLAGS
--- /dev/null
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+ <maintainer><email>maintainer-wanted@gentoo.org</email></maintainer>
+ <use>
+ <flag name="bindist">Disable official Firefox branding (icons, name) which
+ are not binary-redistributable according to upstream.</flag>
+ <flag name="custom-optimization">Fine-tune custom compiler
+ optimizations, setting this is not recommended.</flag>
+ <flag name="crashreporter">Enable crashreporter for mozilla upstream, debugging
+ symbols are not required for reporting crashes.</flag>
+ <flag name="ipc">Use inter-process communication between tabs and plugins.
+ Allows for greater stability in case of plugin crashes</flag>
+ <flag name="minimal"> Prevent sdk and headers from being installed</flag>
+ <flag name="pgo">Add support for profile-guided optimization using gcc-4.5,
+ for faster binaries. This option will double the compile time.</flag>
+ <flag name="system-sqlite">Use the system-wide <pkg>dev-db/sqlite</pkg>
+ installation with secure-delete enabled</flag>
+ <flag name="webm">Use system <pkg>media-libs/libvpx</pkg> for HTML5 WebM
+ video support.</flag>
+ </use>
+ <longdescription>
+ This is the torbrowser from the torbrowser-bundle, compiled from source
+ and without vidalia or tor. It optionally provides the preconfigured
+ profile-folder recommended by upstream which includes the extensions
+ Torbutton, NoScript and HTTPS-Everywhere. It does not conflict with
+ firefox.
+ </longdescription>
+</pkgmetadata>
--- /dev/null
+# Copyright 1999-2012 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: $
+
+EAPI="3"
+VIRTUALX_REQUIRED="pgo"
+WANT_AUTOCONF="2.1"
+
+MY_PN="firefox"
+# latest version of the torbrowser-bundle we use the profile-folder from
+# https://www.torproject.org/dist/torbrowser/linux/
+TB_V="2.2.35-7.2"
+
+# Patch version
+PATCH="${MY_PN}-10.0-patches-0.5"
+# Upstream ftp release URI that's used by mozlinguas.eclass
+# We don't use the http mirror because it deletes old tarballs.
+MOZ_FTP_URI="ftp://ftp.mozilla.org/pub/${MY_PN}/releases/"
+
+inherit check-reqs flag-o-matic toolchain-funcs eutils gnome2-utils mozconfig-3 multilib pax-utils autotools python virtualx nsplugins
+
+DESCRIPTION="Torbrowser without vidalia or tor, includes profile and extensions"
+HOMEPAGE="https://www.torproject.org/projects/torbrowser.html.en"
+
+# may work on other arches, but untested
+KEYWORDS="~amd64 ~x86"
+SLOT="0"
+# BSD license applies to torproject-related code like the patches
+# GPL-2 and MIT applies to the extensions
+# icons are under CCPL-Attribution-3.0
+LICENSE="|| ( MPL-1.1 GPL-2 LGPL-2.1 )
+ BSD
+ GPL-2
+ MIT
+ CCPL-Attribution-3.0"
+IUSE="bindist +crashreporter +ipc pgo selinux system-sqlite +webm"
+
+SRC_URI="${SRC_URI}
+ http://dev.gentoo.org/~anarchy/mozilla/patchsets/${PATCH}.tar.xz
+ ${MOZ_FTP_URI}/${PV}/source/${MY_PN}-${PV}.source.tar.bz2
+ https://gitweb.torproject.org/user/ioerror/torbrowser.git/blob_plain/branding:/build-scripts/branding/torbrowser/default48.png -> torbrowser.png
+ amd64? ( https://www.torproject.org/dist/${PN}/linux/tor-browser-gnu-linux-x86_64-${TB_V}-dev-en-US.tar.gz )
+ x86? ( https://www.torproject.org/dist/${PN}/linux/tor-browser-gnu-linux-i686-${TB_V}-dev-en-US.tar.gz )"
+
+# Mesa 7.10 needed for WebGL + bugfixes
+RDEPEND="
+ >=sys-devel/binutils-2.16.1
+ >=dev-libs/nss-3.13.1
+ >=dev-libs/nspr-4.8.8
+ >=dev-libs/glib-2.26:2
+ >=media-libs/mesa-7.10
+ media-libs/libpng[apng]
+ virtual/libffi
+ system-sqlite? ( >=dev-db/sqlite-3.7.7.1[fts3,secure-delete,threadsafe,unlock-notify,debug=] )
+ webm? ( >=media-libs/libvpx-1.0.0
+ media-libs/alsa-lib )
+ crashreporter? ( net-misc/curl )
+ selinux? ( sec-policy/selinux-mozilla )"
+# We don't use PYTHON_DEPEND/PYTHON_USE_WITH for some silly reason
+DEPEND="${RDEPEND}
+ dev-util/pkgconfig
+ pgo? (
+ =dev-lang/python-2*[sqlite]
+ >=sys-devel/gcc-4.5 )
+ webm? ( >=dev-lang/yasm-1.1 )"
+
+S="${WORKDIR}/mozilla-release"
+
+QA_PRESTRIPPED="usr/$(get_libdir)/${PN}/${MY_PN}/firefox"
+
+pkg_setup() {
+ moz_pkgsetup
+
+ # Avoid PGO profiling problems due to enviroment leakage
+ # These should *always* be cleaned up anyway
+ unset DBUS_SESSION_BUS_ADDRESS \
+ DISPLAY \
+ ORBIT_SOCKETDIR \
+ SESSION_MANAGER \
+ XDG_SESSION_COOKIE \
+ XAUTHORITY
+
+ if ! use bindist; then
+ einfo
+ elog "You are enabling official branding. You may not redistribute this build"
+ elog "to any users on your network or the internet. Doing so puts yourself into"
+ elog "a legal problem with Mozilla Foundation"
+ elog "You can disable it by emerging ${PN} _with_ the bindist USE-flag"
+ fi
+
+ if use pgo; then
+ einfo
+ ewarn "You will do a double build for profile guided optimization."
+ ewarn "This will result in your build taking at least twice as long as before."
+ fi
+
+ # Ensure we have enough disk space to compile
+ if use pgo || use debug || use test ; then
+ CHECKREQS_DISK_BUILD="8G"
+ else
+ CHECKREQS_DISK_BUILD="4G"
+ fi
+ check-reqs_pkg_setup
+}
+
+src_prepare() {
+ # Apply our patches
+ EPATCH_SUFFIX="patch" \
+ EPATCH_FORCE="yes" \
+ epatch "${WORKDIR}/firefox"
+
+ # patch for libvpx-1.0.0 compatibility
+ # https://bugzilla.mozilla.org/show_bug.cgi?id=722127
+ epatch "${FILESDIR}"/libvpx-1.0.0.patch
+
+ # Torbrowser patches for firefox 10, check regularly/for every version-bump
+ # https://gitweb.torproject.org/torbrowser.git/history/HEAD:/src/current-patches
+ epatch "${FILESDIR}"/0001-Block-Components.interfaces-lookupMethod-from-conten.patch
+ epatch "${FILESDIR}"/0002-Make-Permissions-Manager-memory-only.patch
+ epatch "${FILESDIR}"/0003-Make-Intermediate-Cert-Store-memory-only.patch
+ epatch "${FILESDIR}"/0004-Add-HTTP-auth-headers-before-the-modify-request-obse.patch
+ epatch "${FILESDIR}"/0005-Add-a-string-based-cacheKey.patch
+ epatch "${FILESDIR}"/0006-Randomize-HTTP-pipeline-order-and-depth.patch
+ epatch "${FILESDIR}"/0007-Block-all-plugins-except-flash.patch
+ epatch "${FILESDIR}"/0008-Make-content-pref-service-memory-only-clearable.patch
+ epatch "${FILESDIR}"/0010-Disable-SSL-Session-ID-tracking.patch
+ epatch "${FILESDIR}"/0011-Provide-an-observer-event-to-close-persistent-connec.patch
+ epatch "${FILESDIR}"/0012-Provide-client-values-only-to-CSS-Media-Queries.patch
+ epatch "${FILESDIR}"/0013-Limit-the-number-of-fonts-per-document.patch
+
+ # Allow user to apply any additional patches without modifing ebuild
+ epatch_user
+
+ # Enable gnomebreakpad
+ if use debug ; then
+ sed -i -e "s:GNOME_DISABLE_CRASH_DIALOG=1:GNOME_DISABLE_CRASH_DIALOG=0:g" \
+ "${S}"/build/unix/run-mozilla.sh || die "sed failed!"
+ fi
+
+ # Disable gnomevfs extension
+ sed -i -e "s:gnomevfs::" "${S}/"browser/confvars.sh \
+ -e "s:gnomevfs::" "${S}/"xulrunner/confvars.sh \
+ || die "Failed to remove gnomevfs extension"
+
+ # Ensure that plugins dir is enabled as default
+ # and is different from firefox-location
+ sed -i -e "s:/usr/lib/mozilla/plugins:/usr/$(get_libdir)/${PN}/${MY_PN}/plugins:" \
+ "${S}"/xpcom/io/nsAppFileLocationProvider.cpp || die "sed failed to replace plugin path!"
+
+ # Fix sandbox violations during make clean, bug 372817
+ sed -e "s:\(/no-such-file\):${T}\1:g" \
+ -i "${S}"/config/rules.mk \
+ -i "${S}"/js/src/config/rules.mk \
+ -i "${S}"/nsprpub/configure{.in,} \
+ || die
+
+ #Fix compilation with curl-7.21.7 bug 376027
+ sed -e '/#include <curl\/types.h>/d' \
+ -i "${S}"/toolkit/crashreporter/google-breakpad/src/common/linux/http_upload.cc \
+ -i "${S}"/toolkit/crashreporter/google-breakpad/src/common/linux/libcurl_wrapper.cc \
+ -i "${S}"/config/system-headers \
+ -i "${S}"/js/src/config/system-headers || die "Sed failed"
+
+ eautoreconf
+}
+
+src_configure() {
+ MOZILLA_FIVE_HOME="/usr/$(get_libdir)/${PN}/${MY_PN}"
+ MEXTENSIONS="default"
+
+ ####################################
+ #
+ # mozconfig, CFLAGS and CXXFLAGS setup
+ #
+ ####################################
+
+ mozconfig_init
+ mozconfig_config
+
+ mozconfig_annotate '' --prefix="${EPREFIX}"/usr
+ mozconfig_annotate '' --libdir="${EPREFIX}"/usr/$(get_libdir)/${PN}
+ mozconfig_annotate '' --enable-extensions="${MEXTENSIONS}"
+ mozconfig_annotate '' --disable-gconf
+ mozconfig_annotate '' --disable-mailnews
+ mozconfig_annotate '' --enable-canvas
+ mozconfig_annotate '' --enable-safe-browsing
+ mozconfig_annotate '' --with-system-png
+ mozconfig_annotate '' --enable-system-ffi
+
+ # Other ff-specific settings
+ mozconfig_annotate '' --with-default-mozilla-five-home=${MOZILLA_FIVE_HOME}
+ mozconfig_annotate '' --target="${CTARGET:-${CHOST}}"
+
+ # Allow for a proper pgo build
+ if use pgo; then
+ echo "mk_add_options PROFILE_GEN_SCRIPT='\$(PYTHON) \$(OBJDIR)/_profile/pgo/profileserver.py'" >> "${S}"/.mozconfig
+ fi
+
+ # Finalize and report settings
+ mozconfig_final
+
+ if [[ $(gcc-major-version) -lt 4 ]]; then
+ append-cxxflags -fno-stack-protector
+ elif [[ $(gcc-major-version) -gt 4 || $(gcc-minor-version) -gt 3 ]]; then
+ if use amd64 || use x86; then
+ append-flags -mno-avx
+ fi
+ fi
+}
+
+src_compile() {
+ if use pgo; then
+ addpredict /root
+ addpredict /etc/gconf
+ # Reset and cleanup environment variables used by GNOME/XDG
+ gnome2_environment_reset
+
+ # Firefox tries to use dri stuff when it's run, see bug 380283
+ shopt -s nullglob
+ cards=$(echo -n /dev/dri/card* | sed 's/ /:/g')
+ if test -n "${cards}"; then
+ # FOSS drivers are fine
+ addpredict "${cards}"
+ else
+ cards=$(echo -n /dev/ati/card* /dev/nvidiactl* | sed 's/ /:/g')
+ if test -n "${cards}"; then
+ # Binary drivers seem to cause access violations anyway, so
+ # let's use indirect rendering so that the device files aren't
+ # touched at all. See bug 394715.
+ export LIBGL_ALWAYS_INDIRECT=1
+ addpredict "${cards}"
+ fi
+ fi
+ shopt -u nullglob
+
+ CC="$(tc-getCC)" CXX="$(tc-getCXX)" LD="$(tc-getLD)" \
+ MOZ_MAKE_FLAGS="${MAKEOPTS}" \
+ Xemake -f client.mk profiledbuild || die "Xemake failed"
+ else
+ CC="$(tc-getCC)" CXX="$(tc-getCXX)" LD="$(tc-getLD)" \
+ MOZ_MAKE_FLAGS="${MAKEOPTS}" \
+ emake -f client.mk || die "emake failed"
+ fi
+}
+
+src_install() {
+ MOZILLA_FIVE_HOME="/usr/$(get_libdir)/${PN}/${MY_PN}"
+
+ # MOZ_BUILD_ROOT, and hence OBJ_DIR change depending on arch, compiler, pgo, etc.
+ local obj_dir="$(echo */config.log)"
+ obj_dir="${obj_dir%/*}"
+ cd "${S}/${obj_dir}"
+
+ # Pax mark xpcshell for hardened support, only used for startupcache creation.
+ pax-mark m "${S}/${obj_dir}"/dist/bin/xpcshell
+
+ MOZ_MAKE_FLAGS="${MAKEOPTS}" \
+ emake DESTDIR="${D}" install || die "emake install failed"
+
+ # remove default symlink in /usr/bin, because we add a proper wrapper-script later
+ rm "${ED}"/usr/bin/${MY_PN} || die "Failed to remove binary-symlink"
+ # we dont want development stuff for this kind of build, might as well
+ # conflict with other firefox-builds
+ rm -rf "${ED}"/usr/include "${ED}${MOZILLA_FIVE_HOME}"/{idl,include,lib,sdk} || \
+ die "Failed to remove sdk and headers"
+
+ # Required in order to use plugins and even run firefox on hardened.
+ pax-mark m "${ED}"${MOZILLA_FIVE_HOME}/{firefox,firefox-bin,plugin-container}
+
+ # Plugins dir
+ share_plugins_dir
+ dodir /usr/$(get_libdir)/${PN}/nsbrowser/plugins || die
+
+ # Install pre-configured Torbrowser-profile
+ insinto /usr/share/${PN}
+ doins -r "${WORKDIR}"/tor-browser_en-US/Data/profile || die
+
+ # create wrapper to start torbrowser
+ make_wrapper ${PN} "/usr/$(get_libdir)/${PN}/${MY_PN}/${MY_PN} -no-remote -profile ~/.${PN}"
+
+ doicon "${DISTDIR}"/torbrowser.png
+ make_desktop_entry ${PN} "Torbrowser" torbrowser.png "Network;WebBrowser"
+ dodoc "${WORKDIR}"/tor-browser_en-US/Docs/changelog || die
+}
+
+pkg_postinst() {
+ einfo ""
+ elog "Copy /usr/share/${PN}/profile to ~/.${PN} and run '${PN}'."
+ elog ""
+ elog "This profile folder includes pre-configuration recommended by upstream,"
+ elog "as well as the _extensions_ Torbutton, NoScript and HTTPS-Everywhere."
+ elog "Note that torbrowser uses a different _plugins_ folder too:"
+ elog "/usr/$(get_libdir)/${PN}/nsbrowser/plugins"
+ einfo ""
+}