[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-commits] [torbrowser/master] Remove archived-patches directory



commit 88d9ef6a3df89287fc5784b42956052a8abe45a1
Author: Sebastian Hahn <sebastian@xxxxxxxxxxxxxx>
Date:   Thu Feb 2 16:29:12 2012 +0100

    Remove archived-patches directory
    
    The archived patches are in git history, along with (implicit)
    information about when they were current, so we don't need to have them
    sitting around in the checkout and confuse grep etc.
---
 README.dev                                         |    4 +-
 .../0001-Firefox4-Fix-SOCKS-timeout.patch          | 1500 --------------------
 ...ock-Components.interfaces-lookupMethod-fr.patch |   50 -
 ...ock-Components.interfaces-lookupMethod-fr.patch |   50 -
 ...-Make-Intermediate-Cert-Store-memory-only.patch |  300 ----
 ...-Make-Intermediate-Cert-Store-memory-only.patch |  283 ----
 ...fox5-Make-Permissions-Manager-memory-only.patch |   94 --
 ...fox4-Make-Permissions-Manager-memory-only.patch |   94 --
 src/archived-patches/0005-Smash-the-state.patch    |   37 -
 src/archived-patches/vidalia-altlauncher.patch     |  185 ---
 src/archived-patches/vidalia-miniupnp.patch        |  185 ---
 src/archived-patches/vidalia-startbrowser.patch    |  254 ----
 src/archived-patches/vidalia-startim.patch         |  257 ----
 src/archived-patches/vidalia-startproxy.patch      |  429 ------
 .../vidalia-startproxyarguments.patch              |   69 -
 15 files changed, 1 insertions(+), 3790 deletions(-)

diff --git a/README.dev b/README.dev
index fe4bf4a..6113822 100644
--- a/README.dev
+++ b/README.dev
@@ -21,9 +21,7 @@ src: Source code
   |                 termination behaviour (see included README for
   |                 build instructions)
   |___ current-patches: Patches to other applications currently in
-  |                     testing
-  |___ archived-patches: Patches to other applications which have
-                         either been applied upstream or abandoned 
+                        testing
 
 Status
 ------
diff --git a/src/archived-patches/0001-Firefox4-Fix-SOCKS-timeout.patch b/src/archived-patches/0001-Firefox4-Fix-SOCKS-timeout.patch
deleted file mode 100644
index 3b9343e..0000000
--- a/src/archived-patches/0001-Firefox4-Fix-SOCKS-timeout.patch
+++ /dev/null
@@ -1,1500 +0,0 @@
-From d37dce07b9eb9b40244d2fa867728e7a57a33f0f Mon Sep 17 00:00:00 2001
-From: Mike Perry <mikeperry-git@xxxxxxxxxx>
-Date: Mon, 20 Jun 2011 17:07:33 -0700
-Subject: [PATCH 1/4] Firefox4: Fix SOCKS timeout
-
-This patch by chrisd removes the hardcoded SOCKS timeout by rewriting the
-Firefox SOCKS code to use non-blocking IO.
-
-See also: https://bugzilla.mozilla.org/show_bug.cgi?id=280661
-https://trac.torproject.org/projects/tor/ticket/3247
----
- netwerk/base/src/nsSocketTransport2.cpp |   21 +-
- netwerk/socket/nsSOCKSIOLayer.cpp       | 1273 ++++++++++++++++++-------------
- 2 files changed, 775 insertions(+), 519 deletions(-)
-
-diff --git a/netwerk/base/src/nsSocketTransport2.cpp b/netwerk/base/src/nsSocketTransport2.cpp
-index 3f95dfd..fb363db 100644
---- a/netwerk/base/src/nsSocketTransport2.cpp
-+++ b/netwerk/base/src/nsSocketTransport2.cpp
-@@ -1227,6 +1227,16 @@ nsSocketTransport::InitiateSocket()
-             }
-         }
-         //
-+        // A SOCKS request was rejected; get the actual error code from
-+        // the OS error
-+        //
-+        else if (PR_UNKNOWN_ERROR == code &&
-+                 mProxyTransparent &&
-+                 !mProxyHost.IsEmpty()) {
-+            code = PR_GetOSError();
-+            rv = ErrorAccordingToNSPR(code);
-+        }
-+        //
-         // The connection was refused...
-         //
-         else {
-@@ -1549,7 +1559,16 @@ nsSocketTransport::OnSocketReady(PRFileDesc *fd, PRInt16 outFlags)
-                 mPollFlags = (PR_POLL_EXCEPT | PR_POLL_WRITE);
-                 // Update poll timeout in case it was changed
-                 mPollTimeout = mTimeouts[TIMEOUT_CONNECT];
--            } 
-+            }
-+            //
-+            // The SOCKS proxy rejected our request. Find out why.
-+            //
-+            else if (PR_UNKNOWN_ERROR == code &&
-+                     mProxyTransparent &&
-+                     !mProxyHost.IsEmpty()) {
-+                code = PR_GetOSError();
-+                mCondition = ErrorAccordingToNSPR(code);
-+            }
-             else {
-                 //
-                 // else, the connection failed...
-diff --git a/netwerk/socket/nsSOCKSIOLayer.cpp b/netwerk/socket/nsSOCKSIOLayer.cpp
-index 9a15667..4d3a4e8 100644
---- a/netwerk/socket/nsSOCKSIOLayer.cpp
-+++ b/netwerk/socket/nsSOCKSIOLayer.cpp
-@@ -25,6 +25,7 @@
-  *   Bradley Baetz <bbaetz@xxxxxxx>
-  *   Darin Fisher <darin@xxxxxxxx>
-  *   Malcolm Smith <malsmith@xxxxxxxxxxxxxx>
-+ *   Christopher Davis <chrisd@xxxxxxxxxxxxxx>
-  *
-  * Alternatively, the contents of this file may be used under the terms of
-  * either the GNU General Public License Version 2 or later (the "GPL"), or
-@@ -68,9 +69,28 @@ static PRLogModuleInfo *gSOCKSLog;
- 
- class nsSOCKSSocketInfo : public nsISOCKSSocketInfo
- {
-+    enum State {
-+        SOCKS_INITIAL,
-+        SOCKS_CONNECTING_TO_PROXY,
-+        SOCKS4_WRITE_CONNECT_REQUEST,
-+        SOCKS4_READ_CONNECT_RESPONSE,
-+        SOCKS5_WRITE_AUTH_REQUEST,
-+        SOCKS5_READ_AUTH_RESPONSE,
-+        SOCKS5_WRITE_CONNECT_REQUEST,
-+        SOCKS5_READ_CONNECT_RESPONSE_TOP,
-+        SOCKS5_READ_CONNECT_RESPONSE_BOTTOM,
-+        SOCKS_CONNECTED,
-+        SOCKS_FAILED
-+    };
-+
-+    // A buffer of 262 bytes should be enough for any request and response
-+    // in case of SOCKS4 as well as SOCKS5
-+    static const PRUint32 BUFFER_SIZE = 262;
-+    static const PRUint32 MAX_HOSTNAME_LEN = 255;
-+
- public:
-     nsSOCKSSocketInfo();
--    virtual ~nsSOCKSSocketInfo() {}
-+    virtual ~nsSOCKSSocketInfo() { HandshakeFinished(); }
- 
-     NS_DECL_ISUPPORTS
-     NS_DECL_NSISOCKSSOCKETINFO
-@@ -81,13 +101,50 @@ public:
-               const char *destinationHost,
-               PRUint32 flags);
- 
--    const nsCString &DestinationHost() { return mDestinationHost; }
--    const nsCString &ProxyHost()       { return mProxyHost; }
--    PRInt32          ProxyPort()       { return mProxyPort; }
--    PRInt32          Version()         { return mVersion; }
--    PRUint32         Flags()           { return mFlags; }
-+    void SetConnectTimeout(PRIntervalTime to);
-+    PRStatus DoHandshake(PRFileDesc *fd, PRInt16 oflags = -1);
-+    PRInt16 GetPollFlags() const;
-+    bool IsConnected() const { return mState == SOCKS_CONNECTED; }
-+
-+private:
-+    void HandshakeFinished(PRErrorCode err = 0);
-+    PRStatus ConnectToProxy(PRFileDesc *fd);
-+    PRStatus ContinueConnectingToProxy(PRFileDesc *fd, PRInt16 oflags);
-+    PRStatus WriteV4ConnectRequest();
-+    PRStatus ReadV4ConnectResponse();
-+    PRStatus WriteV5AuthRequest();
-+    PRStatus ReadV5AuthResponse();
-+    PRStatus WriteV5ConnectRequest();
-+    PRStatus ReadV5AddrTypeAndLength(PRUint8 *type, PRUint32 *len);
-+    PRStatus ReadV5ConnectResponseTop();
-+    PRStatus ReadV5ConnectResponseBottom();
-+
-+    void WriteUint8(PRUint8 d);
-+    void WriteUint16(PRUint16 d);
-+    void WriteUint32(PRUint32 d);
-+    void WriteNetAddr(const PRNetAddr *addr);
-+    void WriteNetPort(const PRNetAddr *addr);
-+    void WriteString(const nsACString &str);
-+
-+    PRUint8 ReadUint8();
-+    PRUint16 ReadUint16();
-+    PRUint32 ReadUint32();
-+    void ReadNetAddr(PRNetAddr *addr, PRUint16 fam);
-+    void ReadNetPort(PRNetAddr *addr);
-+
-+    void WantRead(PRUint32 sz);
-+    PRStatus ReadFromSocket(PRFileDesc *fd);
-+    PRStatus WriteToSocket(PRFileDesc *fd);
- 
- private:
-+    State     mState;
-+    PRUint8 * mData;
-+    PRUint8 * mDataIoPtr;
-+    PRUint32  mDataLength;
-+    PRUint32  mReadOffset;
-+    PRUint32  mAmountToRead;
-+    nsCOMPtr<nsIDNSRecord> mDnsRec;
-+
-     nsCString mDestinationHost;
-     nsCString mProxyHost;
-     PRInt32   mProxyPort;
-@@ -96,13 +153,21 @@ private:
-     PRNetAddr mInternalProxyAddr;
-     PRNetAddr mExternalProxyAddr;
-     PRNetAddr mDestinationAddr;
-+    PRIntervalTime mTimeout;
- };
- 
- nsSOCKSSocketInfo::nsSOCKSSocketInfo()
--    : mProxyPort(-1)
-+    : mState(SOCKS_INITIAL)
-+    , mDataIoPtr(nsnull)
-+    , mDataLength(0)
-+    , mReadOffset(0)
-+    , mAmountToRead(0)
-+    , mProxyPort(-1)
-     , mVersion(-1)
-     , mFlags(0)
-+    , mTimeout(PR_INTERVAL_NO_TIMEOUT)
- {
-+    mData = new PRUint8[BUFFER_SIZE];
-     PR_InitializeNetAddr(PR_IpAddrAny, 0, &mInternalProxyAddr);
-     PR_InitializeNetAddr(PR_IpAddrAny, 0, &mExternalProxyAddr);
-     PR_InitializeNetAddr(PR_IpAddrAny, 0, &mDestinationAddr);
-@@ -162,637 +227,807 @@ nsSOCKSSocketInfo::SetInternalProxyAddr(PRNetAddr *aInternalProxyAddr)
-     return NS_OK;
- }
- 
--static PRInt32
--pr_RecvAll(PRFileDesc *fd, unsigned char *buf, PRInt32 amount, PRIntn flags, 
--           PRIntervalTime *timeout)
-+// There needs to be a means of distinguishing between connection errors
-+// that the SOCKS server reports when it rejects a connection request, and
-+// connection errors that happen while attempting to connect to the SOCKS
-+// server. Otherwise, Firefox will report incorrectly that the proxy server
-+// is refusing connections when a SOCKS request is rejected by the proxy.
-+// When a SOCKS handshake failure occurs, the PR error is set to
-+// PR_UNKNOWN_ERROR, and the real error code is returned via the OS error.
-+void
-+nsSOCKSSocketInfo::HandshakeFinished(PRErrorCode err)
- {
--    PRInt32 bytesRead = 0;
--    PRInt32 offset = 0;
-+    if (err == 0) {
-+        mState = SOCKS_CONNECTED;
-+    } else {
-+        mState = SOCKS_FAILED;
-+        PR_SetError(PR_UNKNOWN_ERROR, err);
-+    }
- 
--    while (offset < amount) {
--        PRIntervalTime start_time = PR_IntervalNow();
--        bytesRead = PR_Recv(fd, buf + offset, amount - offset, flags, *timeout);
--        PRIntervalTime elapsed = PR_IntervalNow() - start_time;
-+    // We don't need the buffer any longer, so free it.
-+    delete [] mData;
-+    mData = nsnull;
-+    mDataIoPtr = nsnull;
-+    mDataLength = 0;
-+    mReadOffset = 0;
-+    mAmountToRead = 0;
-+}
- 
--        if (elapsed > *timeout) {
--            *timeout = 0;
--        } else {
--            *timeout -= elapsed;
--        }
-+PRStatus
-+nsSOCKSSocketInfo::ConnectToProxy(PRFileDesc *fd)
-+{
-+    PRStatus status;
-+    nsresult rv;
- 
--        if (bytesRead > 0) {
--            offset += bytesRead;
--        } else if (bytesRead == 0 || offset != 0) {
--            return offset;
--        } else {
--            return bytesRead;
--        }
-+    NS_ABORT_IF_FALSE(mState == SOCKS_INITIAL,
-+                      "Must be in initial state to make connection!");
- 
--        if (*timeout == 0) {
--            LOGERROR(("PR_Recv() timed out. amount = %d. offset = %d.",
--                     amount, offset));
--            return offset;
-+    // If we haven't performed the DNS lookup, do that now.
-+    if (!mDnsRec) {
-+        nsCOMPtr<nsIDNSService> dns = do_GetService(NS_DNSSERVICE_CONTRACTID);
-+        if (!dns)
-+            return PR_FAILURE;
-+
-+        rv = dns->Resolve(mProxyHost, 0, getter_AddRefs(mDnsRec));
-+        if (NS_FAILED(rv)) {
-+            LOGERROR(("socks: DNS lookup for SOCKS proxy %s failed",
-+                     mProxyHost.get()));
-+            return PR_FAILURE;
-         }
-     }
--    return offset;
--}
- 
--static PRInt32
--pr_Send(PRFileDesc *fd, const void *buf, PRInt32 amount, PRIntn flags,
--        PRIntervalTime *timeout)
--{
--    PRIntervalTime start_time = PR_IntervalNow();
--    PRInt32 retval = PR_Send(fd, buf, amount, flags, *timeout);
--    PRIntervalTime elapsed = PR_IntervalNow() - start_time;
--
--    if (elapsed > *timeout) {
--        *timeout = 0;
--        LOGERROR(("PR_Send() timed out. amount = %d. retval = %d.",
--                 amount, retval));
--        return retval;
--    } else {
--        *timeout -= elapsed;
--    }
-+    do {
-+        rv = mDnsRec->GetNextAddr(mProxyPort, &mInternalProxyAddr);
-+        // No more addresses to try? If so, we'll need to bail
-+        if (NS_FAILED(rv)) {
-+            LOGERROR(("socks: unable to connect to SOCKS proxy, %s",
-+                     mProxyHost.get()));
-+            return PR_FAILURE;
-+        }
- 
--    if (retval <= 0) {
--        LOGERROR(("PR_Send() failed. amount = %d. retval = %d.",
--                 amount, retval));
--    }
-+#if defined(PR_LOGGING)
-+        char buf[64];
-+        PR_NetAddrToString(&mInternalProxyAddr, buf, sizeof(buf));
-+        LOGDEBUG(("socks: trying proxy server, %s:%hu",
-+                 buf, PR_ntohs(PR_NetAddrInetPort(&mInternalProxyAddr))));
-+#endif
-+        status = fd->lower->methods->connect(fd->lower,
-+                        &mInternalProxyAddr, mTimeout);
-+        if (status != PR_SUCCESS) {
-+            PRErrorCode c = PR_GetError();
-+            // If EINPROGRESS, return now and check back later after polling
-+            if (c == PR_WOULD_BLOCK_ERROR || c == PR_IN_PROGRESS_ERROR) {
-+                mState = SOCKS_CONNECTING_TO_PROXY;
-+                return status;
-+            }
-+        }
-+    } while (status != PR_SUCCESS);
- 
--    return retval;
-+    // Connected now, start SOCKS
-+    if (mVersion == 4)
-+        return WriteV4ConnectRequest();
-+    return WriteV5AuthRequest();
- }
- 
--// Negotiate a SOCKS 5 connection. Assumes the TCP connection to the socks 
--// server port has been established.
--static nsresult
--ConnectSOCKS5(PRFileDesc *fd, const PRNetAddr *addr, PRNetAddr *extAddr, PRIntervalTime timeout)
-+PRStatus
-+nsSOCKSSocketInfo::ContinueConnectingToProxy(PRFileDesc *fd, PRInt16 oflags)
- {
--    int request_len = 0;
--    int response_len = 0;
--    int desired_len = 0;
--    unsigned char request[22];
--    unsigned char response[262];
--
--    NS_ENSURE_TRUE(fd, NS_ERROR_NOT_INITIALIZED);
--    NS_ENSURE_TRUE(addr, NS_ERROR_NOT_INITIALIZED);
--    NS_ENSURE_TRUE(extAddr, NS_ERROR_NOT_INITIALIZED);
--
--    request[0] = 0x05; // SOCKS version 5
--    request[1] = 0x01; // number of auth procotols we recognize
--    // auth protocols
--    request[2] = 0x00; // no authentication required
--    // compliant implementations MUST implement GSSAPI
--    // and SHOULD implement username/password and MAY
--    // implement CHAP
--    // TODO: we don't implement these
--    //request[3] = 0x01; // GSSAPI
--    //request[4] = 0x02; // username/password
--    //request[5] = 0x03; // CHAP
-+    PRStatus status;
- 
--    request_len = 2 + request[1];
--    int write_len = pr_Send(fd, request, request_len, 0, &timeout);
--    if (write_len != request_len) {
--        return NS_ERROR_FAILURE;
--    }
-+    NS_ABORT_IF_FALSE(mState == SOCKS_CONNECTING_TO_PROXY,
-+                      "Continuing connection in wrong state!");
- 
--    // get the server's response. 
--    desired_len = 2;
--    response_len = pr_RecvAll(fd, response, desired_len, 0, &timeout);
-+    LOGDEBUG(("socks: continuing connection to proxy"));
- 
--    if (response_len < desired_len) {
--        LOGERROR(("pr_RecvAll() failed. response_len = %d.", response_len));
--        return NS_ERROR_FAILURE;
--    }
-+    status = fd->lower->methods->connectcontinue(fd->lower, oflags);
-+    if (status != PR_SUCCESS) {
-+        PRErrorCode c = PR_GetError();
-+        if (c != PR_WOULD_BLOCK_ERROR && c != PR_IN_PROGRESS_ERROR) {
-+            // A connection failure occured, try another address
-+            mState = SOCKS_INITIAL;
-+            return ConnectToProxy(fd);
-+        }
- 
--    if (response[0] != 0x05) {
--        // it's a either not SOCKS or not our version
--        LOGERROR(("Not a SOCKS 5 reply. Expected: 5; received: %x", response[0]));
--        return NS_ERROR_FAILURE;
--    }
--    switch (response[1]) {
--        case 0x00:
--            // no auth
--            break;
--        case 0x01:
--            // GSSAPI
--            // TODO: implement
--            LOGERROR(("Server want to use GSSAPI to authenticate, but we don't support it."));
--            return NS_ERROR_FAILURE;
--        case 0x02:
--            // username/password
--            // TODO: implement
--            LOGERROR(("Server want to use username/password to authenticate, but we don't support it."));
--            return NS_ERROR_FAILURE;
--        case 0x03:
--            // CHAP
--            // TODO: implement?
--            LOGERROR(("Server want to use CHAP to authenticate, but we don't support it."));
--            return NS_ERROR_FAILURE;
--        default:
--            // unrecognized auth method
--            LOGERROR(("Uncrecognized authentication method received: %x", response[1]));
--            return NS_ERROR_FAILURE;
-+        // We're still connecting
-+        return PR_FAILURE;
-     }
- 
--    // we are now authenticated, so lets tell
--    // the server where to connect to
-+    // Connected now, start SOCKS
-+    if (mVersion == 4)
-+        return WriteV4ConnectRequest();
-+    return WriteV5AuthRequest();
-+}
- 
--    request_len = 0;
-+PRStatus
-+nsSOCKSSocketInfo::WriteV4ConnectRequest()
-+{
-+    PRNetAddr *addr = &mDestinationAddr;
-+    PRInt32 proxy_resolve;
- 
--    request[0] = 0x05; // SOCKS version 5
--    request[1] = 0x01; // CONNECT command
--    request[2] = 0x00; // obligatory reserved field (perfect for MS tampering!)
-+    NS_ABORT_IF_FALSE(mState == SOCKS_CONNECTING_TO_PROXY,
-+                      "Invalid state!");
-+    
-+    proxy_resolve = mFlags & nsISocketProvider::PROXY_RESOLVES_HOST;
-+
-+    mDataLength = 0;
-+    mState = SOCKS4_WRITE_CONNECT_REQUEST;
-+
-+    LOGDEBUG(("socks4: sending connection request (socks4a resolve? %s)",
-+             proxy_resolve? "yes" : "no"));
-+
-+    // Send a SOCKS 4 connect request.
-+    WriteUint8(0x04); // version -- 4
-+    WriteUint8(0x01); // command -- connect
-+    WriteNetPort(addr);
-+    if (proxy_resolve) {
-+        // Add the full name, null-terminated, to the request
-+        // according to SOCKS 4a. A fake IP address, with the first
-+        // four bytes set to 0 and the last byte set to something other
-+        // than 0, is used to notify the proxy that this is a SOCKS 4a
-+        // request. This request type works for Tor and perhaps others.
-+        WriteUint32(PR_htonl(0x00000001)); // Fake IP
-+        WriteUint8(0x00); // Send an emtpy username
-+        if (mDestinationHost.Length() > MAX_HOSTNAME_LEN) {
-+            LOGERROR(("socks4: destination host name is too long!"));
-+            HandshakeFinished(PR_BAD_ADDRESS_ERROR);
-+            return PR_FAILURE;
-+        }
-+        WriteString(mDestinationHost); // Hostname
-+        WriteUint8(0x00);
-+    } else if (PR_NetAddrFamily(addr) == PR_AF_INET) {
-+        WriteNetAddr(addr); // Add the IPv4 address
-+        WriteUint8(0x00); // Send an emtpy username
-+    } else if (PR_NetAddrFamily(addr) == PR_AF_INET6) {
-+        LOGERROR(("socks: SOCKS 4 can't handle IPv6 addresses!"));
-+        HandshakeFinished(PR_BAD_ADDRESS_ERROR);
-+        return PR_FAILURE;
-+    }
- 
--    // get destination port
--    PRInt32 destPort = PR_ntohs(PR_NetAddrInetPort(addr));
--    nsSOCKSSocketInfo * info = (nsSOCKSSocketInfo*) fd->secret;
-+    return PR_SUCCESS;
-+}
- 
--    if (info->Flags() & nsISocketProvider::PROXY_RESOLVES_HOST) {
-+PRStatus
-+nsSOCKSSocketInfo::ReadV4ConnectResponse()
-+{
-+    NS_ABORT_IF_FALSE(mState == SOCKS4_READ_CONNECT_RESPONSE,
-+                      "Handling SOCKS 4 connection reply in wrong state!");
-+    NS_ABORT_IF_FALSE(mDataLength == 8,
-+                      "SOCKS 4 connection reply must be 8 bytes!");
- 
--        LOGDEBUG(("using server to resolve hostnames rather than resolving it first\n"));
-+    LOGDEBUG(("socks4: checking connection reply"));
- 
--        // if the PROXY_RESOLVES_HOST flag is set, we assume
--        // that the transport wants us to pass the SOCKS server the 
--        // hostname and port and let it do the name resolution.
-+    if (ReadUint8() != 0x00) {
-+        LOGERROR(("socks4: wrong connection reply"));
-+        HandshakeFinished(PR_CONNECT_REFUSED_ERROR);
-+        return PR_FAILURE;
-+    }
- 
--        // the real destination hostname and port was stored
--        // in our info object earlier when this layer was created.
-+    // See if our connection request was granted
-+    if (ReadUint8() == 90) {
-+        LOGDEBUG(("socks4: connection successful!"));
-+        HandshakeFinished();
-+        return PR_SUCCESS;
-+    }
- 
--        const nsCString& destHost = info->DestinationHost();
-+    LOGERROR(("socks4: unable to connect"));
-+    HandshakeFinished(PR_CONNECT_REFUSED_ERROR);
-+    return PR_FAILURE;
-+}
- 
--        LOGDEBUG(("host:port -> %s:%li", destHost.get(), destPort));
-+PRStatus
-+nsSOCKSSocketInfo::WriteV5AuthRequest()
-+{
-+    NS_ABORT_IF_FALSE(mVersion == 5, "SOCKS version must be 5!");
- 
--        request[3] = 0x03; // encoding of destination address (3 == hostname)
-+    mState = SOCKS5_WRITE_AUTH_REQUEST;
- 
--        int host_len = destHost.Length();
--        if (host_len > 255) {
--            // SOCKS5 transmits the length of the hostname in a single char.
--            // This gives us an absolute limit of 255 chars in a hostname, and
--            // there's nothing we can do to extend it.  I don't think many
--            // hostnames will ever be bigger than this, so hopefully it's an
--            // uneventful abort condition.
--            LOGERROR (("Hostname too big for SOCKS5."));
--            return NS_ERROR_INVALID_ARG;
--        }
--        request[4] = (char) host_len;
--        request_len = 5;
--
--        // Send the initial header first...
--        write_len = pr_Send(fd, request, request_len, 0, &timeout);
--        if (write_len != request_len) {
--            // bad write
--            return NS_ERROR_FAILURE;
--        }
-+    // Send an initial SOCKS 5 greeting
-+    LOGDEBUG(("socks5: sending auth methods"));
-+    WriteUint8(0x05); // version -- 5
-+    WriteUint8(0x01); // # auth methods -- 1
-+    WriteUint8(0x00); // we don't support authentication
- 
--        // Now send the hostname...
--        write_len = pr_Send(fd, destHost.get(), host_len, 0, &timeout);
--        if (write_len != host_len) {
--            // bad write
--            return NS_ERROR_FAILURE;
--        }
-+    return PR_SUCCESS;
-+}
- 
--        // There's no data left because we just sent it.
--        request_len = 0;
-+PRStatus
-+nsSOCKSSocketInfo::ReadV5AuthResponse()
-+{
-+    NS_ABORT_IF_FALSE(mState == SOCKS5_READ_AUTH_RESPONSE,
-+                      "Handling SOCKS 5 auth method reply in wrong state!");
-+    NS_ABORT_IF_FALSE(mDataLength == 2,
-+                      "SOCKS 5 auth method reply must be 2 bytes!");
- 
--    } else if (PR_NetAddrFamily(addr) == PR_AF_INET) {
-+    LOGDEBUG(("socks5: checking auth method reply"));
- 
--        request[3] = 0x01; // encoding of destination address (1 == IPv4)
--        request_len = 8;   // 4 for address, 4 SOCKS headers
-+    // Check version number
-+    if (ReadUint8() != 0x05) {
-+        LOGERROR(("socks5: unexpected version in the reply"));
-+        HandshakeFinished(PR_CONNECT_REFUSED_ERROR);
-+        return PR_FAILURE;
-+    }
- 
--        char * ip = (char*)(&addr->inet.ip);
--        request[4] = *ip++;
--        request[5] = *ip++;
--        request[6] = *ip++;
--        request[7] = *ip++;
-+    // Make sure our authentication choice was accepted
-+    if (ReadUint8() != 0x00) {
-+        LOGERROR(("socks5: server did not accept our authentication method"));
-+        HandshakeFinished(PR_CONNECT_REFUSED_ERROR);
-+        return PR_FAILURE;
-+    }
- 
--    } else if (PR_NetAddrFamily(addr) == PR_AF_INET6) {
-+    return WriteV5ConnectRequest();
-+}
- 
--        request[3] = 0x04; // encoding of destination address (4 == IPv6)
--        request_len = 20;  // 16 for address, 4 SOCKS headers
--
--        char * ip = (char*)(&addr->ipv6.ip.pr_s6_addr);
--        request[4] = *ip++; request[5] = *ip++; 
--        request[6] = *ip++; request[7] = *ip++;
--        request[8] = *ip++; request[9] = *ip++; 
--        request[10] = *ip++; request[11] = *ip++;
--        request[12] = *ip++; request[13] = *ip++; 
--        request[14] = *ip++; request[15] = *ip++;
--        request[16] = *ip++; request[17] = *ip++; 
--        request[18] = *ip++; request[19] = *ip++;
--
--        // we're going to test to see if this address can
--        // be mapped back into IPv4 without loss. if so,
--        // we'll use IPv4 instead, as reliable SOCKS server 
--        // support for IPv6 is probably questionable.
--
--        if (PR_IsNetAddrType(addr, PR_IpAddrV4Mapped)) {
--            request[3] = 0x01; // ipv4 encoding
--            request[4] = request[16];
--            request[5] = request[17];
--            request[6] = request[18];
--            request[7] = request[19];
--            request_len -= 12;
-+PRStatus
-+nsSOCKSSocketInfo::WriteV5ConnectRequest()
-+{
-+    // Send SOCKS 5 connect request
-+    PRNetAddr *addr = &mDestinationAddr;
-+    PRInt32 proxy_resolve;
-+    proxy_resolve = mFlags & nsISocketProvider::PROXY_RESOLVES_HOST;
-+
-+    LOGDEBUG(("socks5: sending connection request (socks5 resolve? %s)",
-+             proxy_resolve? "yes" : "no"));
-+
-+    mDataLength = 0;
-+    mState = SOCKS5_WRITE_CONNECT_REQUEST;
-+
-+    WriteUint8(0x05); // version -- 5
-+    WriteUint8(0x01); // command -- connect
-+    WriteUint8(0x00); // reserved
-+   
-+    // Add the address to the SOCKS 5 request. SOCKS 5 supports several
-+    // address types, so we pick the one that works best for us.
-+    if (proxy_resolve) {
-+        // Add the host name. Only a single byte is used to store the length,
-+        // so we must prevent long names from being used.
-+        if (mDestinationHost.Length() > MAX_HOSTNAME_LEN) {
-+            LOGERROR(("socks5: destination host name is too long!"));
-+            HandshakeFinished(PR_BAD_ADDRESS_ERROR);
-+            return PR_FAILURE;
-         }
-+        WriteUint8(0x03); // addr type -- domainname
-+        WriteUint8(mDestinationHost.Length()); // name length
-+        WriteString(mDestinationHost);
-+    } else if (PR_NetAddrFamily(addr) == PR_AF_INET) {
-+        WriteUint8(0x01); // addr type -- IPv4
-+        WriteNetAddr(addr);
-+    } else if (PR_NetAddrFamily(addr) == PR_AF_INET6) {
-+        WriteUint8(0x04); // addr type -- IPv6
-+        WriteNetAddr(addr);
-     } else {
--        // Unknown address type
--        LOGERROR(("Don't know what kind of IP address this is."));
--        return NS_ERROR_FAILURE;
--    }
--
--    // add the destination port to the request
--    request[request_len] = (unsigned char)(destPort >> 8);
--    request[request_len+1] = (unsigned char)destPort;
--    request_len += 2;
--
--    write_len = pr_Send(fd, request, request_len, 0, &timeout);
--    if (write_len != request_len) {
--        // bad write
--        return NS_ERROR_FAILURE;
-+        LOGERROR(("socks5: destination address of unknown type!"));
-+        HandshakeFinished(PR_BAD_ADDRESS_ERROR);
-+        return PR_FAILURE;
-     }
- 
--    desired_len = 5;
--    response_len = pr_RecvAll(fd, response, desired_len, 0, &timeout);
--    if (response_len < desired_len) { // bad read
--        LOGERROR(("pr_RecvAll() failed getting connect command reply. response_len = %d.", response_len));
--        return NS_ERROR_FAILURE;
--    }
-+    WriteNetPort(addr); // port
- 
--    if (response[0] != 0x05) {
--        // bad response
--        LOGERROR(("Not a SOCKS 5 reply. Expected: 5; received: %x", response[0]));
--        return NS_ERROR_FAILURE;
--    }
-+    return PR_SUCCESS;
-+}
- 
--    switch(response[1]) {
--        case 0x00:  break;      // success
--        case 0x01:  LOGERROR(("SOCKS 5 server rejected connect request: 01, General SOCKS server failure."));
--                    return NS_ERROR_FAILURE;
--        case 0x02:  LOGERROR(("SOCKS 5 server rejected connect request: 02, Connection not allowed by ruleset."));
--                    return NS_ERROR_FAILURE;
--        case 0x03:  LOGERROR(("SOCKS 5 server rejected connect request: 03, Network unreachable."));
--                    return NS_ERROR_FAILURE;
--        case 0x04:  LOGERROR(("SOCKS 5 server rejected connect request: 04, Host unreachable."));
--                    return NS_ERROR_FAILURE;
--        case 0x05:  LOGERROR(("SOCKS 5 server rejected connect request: 05, Connection refused."));
--                    return NS_ERROR_FAILURE;
--        case 0x06:  LOGERROR(("SOCKS 5 server rejected connect request: 06, TTL expired."));
--                    return NS_ERROR_FAILURE;
--        case 0x07:  LOGERROR(("SOCKS 5 server rejected connect request: 07, Command not supported."));
--                    return NS_ERROR_FAILURE;
--        case 0x08:  LOGERROR(("SOCKS 5 server rejected connect request: 08, Address type not supported."));
--                    return NS_ERROR_FAILURE;
--        default:    LOGERROR(("SOCKS 5 server rejected connect request: %x.", response[1]));
--                    return NS_ERROR_FAILURE;
--
--
--    }
--
--    switch (response[3]) {
--        case 0x01: // IPv4
--	    desired_len = 4 + 2 - 1;
--            break;
--        case 0x03: // FQDN 
--	    desired_len = response[4] + 2;
-+PRStatus
-+nsSOCKSSocketInfo::ReadV5AddrTypeAndLength(PRUint8 *type, PRUint32 *len)
-+{
-+    NS_ABORT_IF_FALSE(mState == SOCKS5_READ_CONNECT_RESPONSE_TOP ||
-+                      mState == SOCKS5_READ_CONNECT_RESPONSE_BOTTOM,
-+                      "Invalid state!");
-+    NS_ABORT_IF_FALSE(mDataLength >= 5,
-+                      "SOCKS 5 connection reply must be at least 5 bytes!");
-+ 
-+    // Seek to the address location 
-+    mReadOffset = 3;
-+   
-+    *type = ReadUint8();
-+
-+    switch (*type) {
-+        case 0x01: // ipv4
-+            *len = 4 - 1;
-             break;
--        case 0x04: // IPv6
--	    desired_len = 16 + 2 - 1;
-+        case 0x04: // ipv6
-+            *len = 16 - 1;
-             break;
--        default: // unknown format
--            return NS_ERROR_FAILURE;
-+        case 0x03: // fqdn
-+            *len = ReadUint8();
-             break;
-+        default:   // wrong address type
-+            LOGERROR(("socks5: wrong address type in connection reply!"));
-+            return PR_FAILURE;
-     }
--    response_len = pr_RecvAll(fd, response + 5, desired_len, 0, &timeout);
--    if (response_len < desired_len) { // bad read
--        LOGERROR(("pr_RecvAll() failed getting connect command reply. response_len = %d.", response_len));
--        return NS_ERROR_FAILURE;
--    }
--    response_len += 5;
- 
--    // get external bound address (this is what 
--    // the outside world sees as "us")
--    char *ip = nsnull;
--    PRUint16 extPort = 0;
-+    return PR_SUCCESS;
-+}
- 
--    switch (response[3]) {
--        case 0x01: // IPv4
-+PRStatus
-+nsSOCKSSocketInfo::ReadV5ConnectResponseTop()
-+{
-+    PRUint8 res;
-+    PRUint32 len;
- 
--            extPort = (response[8] << 8) | response[9];
-+    NS_ABORT_IF_FALSE(mState == SOCKS5_READ_CONNECT_RESPONSE_TOP,
-+                      "Invalid state!");
-+    NS_ABORT_IF_FALSE(mDataLength == 5,
-+                      "SOCKS 5 connection reply must be exactly 5 bytes!");
- 
--            PR_SetNetAddr(PR_IpAddrAny, PR_AF_INET, extPort, extAddr);
-+    LOGDEBUG(("socks5: checking connection reply"));
- 
--            ip = (char*)(&extAddr->inet.ip);
--            *ip++ = response[4];
--            *ip++ = response[5];
--            *ip++ = response[6];
--            *ip++ = response[7];
-+    // Check version number
-+    if (ReadUint8() != 0x05) {
-+        LOGERROR(("socks5: unexpected version in the reply"));
-+        HandshakeFinished(PR_CONNECT_REFUSED_ERROR);
-+        return PR_FAILURE;
-+    }
- 
--            break;
--        case 0x04: // IPv6
-+    // Check response
-+    res = ReadUint8();
-+    if (res != 0x00) {
-+        PRErrorCode c = PR_CONNECT_REFUSED_ERROR;
-+
-+        switch (res) {
-+            case 0x01:
-+                LOGERROR(("socks5: connect failed: "
-+                          "01, General SOCKS server failure."));
-+                break;
-+            case 0x02:
-+                LOGERROR(("socks5: connect failed: "
-+                          "02, Connection not allowed by ruleset."));
-+                break;
-+            case 0x03:
-+                LOGERROR(("socks5: connect failed: 03, Network unreachable."));
-+                c = PR_NETWORK_UNREACHABLE_ERROR;
-+                break;
-+            case 0x04:
-+                LOGERROR(("socks5: connect failed: 04, Host unreachable."));
-+                break;
-+            case 0x05:
-+                LOGERROR(("socks5: connect failed: 05, Connection refused."));
-+                break;
-+            case 0x06:  
-+                LOGERROR(("socks5: connect failed: 06, TTL expired."));
-+                c = PR_CONNECT_TIMEOUT_ERROR;
-+                break;
-+            case 0x07:
-+                LOGERROR(("socks5: connect failed: "
-+                          "07, Command not supported."));
-+                break;
-+            case 0x08:
-+                LOGERROR(("socks5: connect failed: "
-+                          "08, Address type not supported."));
-+                c = PR_BAD_ADDRESS_ERROR;
-+                break;
-+            default:
-+                LOGERROR(("socks5: connect failed."));
-+                break;
-+        }
- 
--            extPort = (response[20] << 8) | response[21];
-+        HandshakeFinished(c);
-+        return PR_FAILURE;
-+    }
- 
--            PR_SetNetAddr(PR_IpAddrAny, PR_AF_INET6, extPort, extAddr);
-+    if (ReadV5AddrTypeAndLength(&res, &len) != PR_SUCCESS) {
-+        HandshakeFinished(PR_BAD_ADDRESS_ERROR);
-+        return PR_FAILURE;
-+    }
- 
--            ip = (char*)(&extAddr->ipv6.ip.pr_s6_addr);
--            *ip++ = response[4]; *ip++ = response[5]; 
--            *ip++ = response[6]; *ip++ = response[7];
--            *ip++ = response[8]; *ip++ = response[9]; 
--            *ip++ = response[10]; *ip++ = response[11];
--            *ip++ = response[12]; *ip++ = response[13]; 
--            *ip++ = response[14]; *ip++ = response[15];
--            *ip++ = response[16]; *ip++ = response[17]; 
--            *ip++ = response[18]; *ip++ = response[19];
-+    mState = SOCKS5_READ_CONNECT_RESPONSE_BOTTOM;
-+    WantRead(len + 2);
- 
--            break;
--        case 0x03: // FQDN 
--            // if we get here, we don't know our external address.
--            // however, as that's possibly not critical to the user,
--            // we let it slide.
--            extPort = (response[response_len - 2] << 8) | 
--                       response[response_len - 1];
--            PR_InitializeNetAddr(PR_IpAddrNull, extPort, extAddr);
--            break;
--    }
--    return NS_OK;
-+    return PR_SUCCESS;
- }
- 
--// Negotiate a SOCKS 4 connection. Assumes the TCP connection to the socks 
--// server port has been established.
--static nsresult
--ConnectSOCKS4(PRFileDesc *fd, const PRNetAddr *addr, PRIntervalTime timeout)
-+PRStatus
-+nsSOCKSSocketInfo::ReadV5ConnectResponseBottom()
- {
--    int request_len = 0;
--    int write_len;
--    int response_len = 0;
--    int desired_len = 0;
--    char *ip = nsnull;
--    unsigned char request[12];
--    unsigned char response[10];
-+    PRUint8 type;
-+    PRUint32 len;
- 
--    NS_ENSURE_TRUE(fd, NS_ERROR_NOT_INITIALIZED);
--    NS_ENSURE_TRUE(addr, NS_ERROR_NOT_INITIALIZED);
-+    NS_ABORT_IF_FALSE(mState == SOCKS5_READ_CONNECT_RESPONSE_BOTTOM,
-+                      "Invalid state!");
- 
--    request[0] = 0x04; // SOCKS version 4
--    request[1] = 0x01; // CD command code -- 1 for connect
--
--    // destination port
--    PRInt32 destPort = PR_ntohs(PR_NetAddrInetPort(addr));
--
--    // store the port
--    request[2] = (unsigned char)(destPort >> 8);
--    request[3] = (unsigned char)destPort;
--
--    // username
--    request[8] = 'M';
--    request[9] = 'O';
--    request[10] = 'Z';
--
--    request[11] = 0x00;
--
--    request_len = 12;
--
--    nsSOCKSSocketInfo * info = (nsSOCKSSocketInfo*) fd->secret;
-+    if (ReadV5AddrTypeAndLength(&type, &len) != PR_SUCCESS) {
-+        HandshakeFinished(PR_BAD_ADDRESS_ERROR);
-+        return PR_FAILURE;
-+    }
- 
--    if (info->Flags() & nsISocketProvider::PROXY_RESOLVES_HOST) {
-+    NS_ABORT_IF_FALSE(mDataLength == 7+len,
-+                      "SOCKS 5 unexpected length of connection reply!");
- 
--        LOGDEBUG(("using server to resolve hostnames rather than resolving it first\n"));
-+    LOGDEBUG(("socks5: loading source addr and port"));
-+    // Read what the proxy says is our source address
-+    switch (type) {
-+        case 0x01: // ipv4
-+            ReadNetAddr(&mExternalProxyAddr, PR_AF_INET);
-+            break;
-+        case 0x04: // ipv6
-+            ReadNetAddr(&mExternalProxyAddr, PR_AF_INET6);
-+            break;
-+        case 0x03: // fqdn (skip)
-+            mReadOffset += len;
-+            mExternalProxyAddr.raw.family = PR_AF_INET;
-+            break;
-+    }
- 
--        // if the PROXY_RESOLVES_HOST flag is set, we assume that the
--        // transport wants us to pass the SOCKS server the hostname
--        // and port and let it do the name resolution.
-+    ReadNetPort(&mExternalProxyAddr);
- 
--        // an extension to SOCKS 4, called 4a, specifies a way
--        // to do this, so we'll try that and hope the
--        // server supports it.
-+    LOGDEBUG(("socks5: connected!"));
-+    HandshakeFinished();
- 
--        // the real destination hostname and port was stored
--        // in our info object earlier when this layer was created.
-+    return PR_SUCCESS;
-+}
- 
--        const nsCString& destHost = info->DestinationHost();
-+void
-+nsSOCKSSocketInfo::SetConnectTimeout(PRIntervalTime to)
-+{
-+    mTimeout = to;
-+}
- 
--        LOGDEBUG(("host:port -> %s:%li\n", destHost.get(), destPort));
-+PRStatus
-+nsSOCKSSocketInfo::DoHandshake(PRFileDesc *fd, PRInt16 oflags)
-+{
-+    LOGDEBUG(("socks: DoHandshake(), state = %d", mState));
-+
-+    switch (mState) {
-+        case SOCKS_INITIAL:
-+            return ConnectToProxy(fd);
-+        case SOCKS_CONNECTING_TO_PROXY:
-+            return ContinueConnectingToProxy(fd, oflags);
-+        case SOCKS4_WRITE_CONNECT_REQUEST:
-+            if (WriteToSocket(fd) != PR_SUCCESS)
-+                return PR_FAILURE;
-+            WantRead(8);
-+            mState = SOCKS4_READ_CONNECT_RESPONSE;
-+            return PR_SUCCESS;
-+        case SOCKS4_READ_CONNECT_RESPONSE:
-+            if (ReadFromSocket(fd) != PR_SUCCESS)
-+                return PR_FAILURE;
-+            return ReadV4ConnectResponse();
-+
-+        case SOCKS5_WRITE_AUTH_REQUEST:
-+            if (WriteToSocket(fd) != PR_SUCCESS)
-+                return PR_FAILURE;
-+            WantRead(2);
-+            mState = SOCKS5_READ_AUTH_RESPONSE;
-+            return PR_SUCCESS;
-+        case SOCKS5_READ_AUTH_RESPONSE:
-+            if (ReadFromSocket(fd) != PR_SUCCESS)
-+                return PR_FAILURE;
-+            return ReadV5AuthResponse();
-+        case SOCKS5_WRITE_CONNECT_REQUEST:
-+            if (WriteToSocket(fd) != PR_SUCCESS)
-+                return PR_FAILURE;
-+
-+            // The SOCKS 5 response to the connection request is variable
-+            // length. First, we'll read enough to tell how long the response
-+            // is, and will read the rest later.
-+            WantRead(5);
-+            mState = SOCKS5_READ_CONNECT_RESPONSE_TOP;
-+            return PR_SUCCESS;
-+        case SOCKS5_READ_CONNECT_RESPONSE_TOP:
-+            if (ReadFromSocket(fd) != PR_SUCCESS)
-+                return PR_FAILURE;
-+            return ReadV5ConnectResponseTop();
-+        case SOCKS5_READ_CONNECT_RESPONSE_BOTTOM:
-+            if (ReadFromSocket(fd) != PR_SUCCESS)
-+                return PR_FAILURE;
-+            return ReadV5ConnectResponseBottom();
-+
-+        case SOCKS_CONNECTED:
-+            LOGERROR(("socks: already connected"));
-+            HandshakeFinished(PR_IS_CONNECTED_ERROR);
-+            return PR_FAILURE;
-+        case SOCKS_FAILED:
-+            LOGERROR(("socks: already failed"));
-+            return PR_FAILURE;
-+    }
- 
--        // the IP portion of the query is set to this special address.
--        request[4] = 0;
--        request[5] = 0;
--        request[6] = 0;
--        request[7] = 1;
-+    LOGERROR(("socks: executing handshake in invalid state, %d", mState));
-+    HandshakeFinished(PR_INVALID_STATE_ERROR);
- 
--        write_len = pr_Send(fd, request, request_len, 0, &timeout);
--        if (write_len != request_len) {
--            return NS_ERROR_FAILURE;
--        }
-+    return PR_FAILURE;
-+}
- 
--        // Remember the NULL.
--        int host_len = destHost.Length() + 1;
-+PRInt16
-+nsSOCKSSocketInfo::GetPollFlags() const
-+{
-+    switch (mState) {
-+        case SOCKS_CONNECTING_TO_PROXY:
-+            return PR_POLL_EXCEPT | PR_POLL_WRITE;
-+        case SOCKS4_WRITE_CONNECT_REQUEST:
-+        case SOCKS5_WRITE_AUTH_REQUEST:
-+        case SOCKS5_WRITE_CONNECT_REQUEST:
-+            return PR_POLL_WRITE;
-+        case SOCKS4_READ_CONNECT_RESPONSE:
-+        case SOCKS5_READ_AUTH_RESPONSE:
-+        case SOCKS5_READ_CONNECT_RESPONSE_TOP:
-+        case SOCKS5_READ_CONNECT_RESPONSE_BOTTOM:
-+            return PR_POLL_READ;
-+        default:
-+            break;
-+    }
- 
--        write_len = pr_Send(fd, destHost.get(), host_len, 0, &timeout);
--        if (write_len != host_len) {
--            return NS_ERROR_FAILURE;
--        }
-+    return 0;
-+}
- 
--        // No data to send, just sent it.
--        request_len = 0;
--
--    } else if (PR_NetAddrFamily(addr) == PR_AF_INET) { // IPv4
--
--        // store the ip
--        ip = (char*)(&addr->inet.ip);
--        request[4] = *ip++;
--        request[5] = *ip++;
--        request[6] = *ip++;
--        request[7] = *ip++;
--
--    } else if (PR_NetAddrFamily(addr) == PR_AF_INET6) { // IPv6
--
--        // IPv4 address encoded in an IPv6 address
--        if (PR_IsNetAddrType(addr, PR_IpAddrV4Mapped)) {
--            // store the ip
--            ip = (char*)(&addr->ipv6.ip.pr_s6_addr[12]);
--            request[4] = *ip++;
--            request[5] = *ip++;
--            request[6] = *ip++;
--            request[7] = *ip++;
--        } else {
--            LOGERROR(("IPv6 is not supported in SOCKS 4."));
--            return NS_ERROR_FAILURE;	// SOCKS 4 can't do IPv6
--        }
-+inline void
-+nsSOCKSSocketInfo::WriteUint8(PRUint8 v)
-+{
-+    NS_ABORT_IF_FALSE(mDataLength + sizeof(v) <= BUFFER_SIZE,
-+                      "Can't write that much data!");
-+    mData[mDataLength] = v;
-+    mDataLength += sizeof(v);
-+}
- 
--    } else {
--        LOGERROR(("Don't know what kind of IP address this is."));
--        return NS_ERROR_FAILURE;		// don't recognize this type
--    }
-+inline void
-+nsSOCKSSocketInfo::WriteUint16(PRUint16 v)
-+{
-+    NS_ABORT_IF_FALSE(mDataLength + sizeof(v) <= BUFFER_SIZE,
-+                      "Can't write that much data!");
-+    memcpy(mData + mDataLength, &v, sizeof(v));
-+    mDataLength += sizeof(v);
-+}
- 
--    if (request_len > 0) {
--        write_len = pr_Send(fd, request, request_len, 0, &timeout);
--        if (write_len != request_len) {
--            return NS_ERROR_FAILURE;
--        }
--    }
-+inline void
-+nsSOCKSSocketInfo::WriteUint32(PRUint32 v)
-+{
-+    NS_ABORT_IF_FALSE(mDataLength + sizeof(v) <= BUFFER_SIZE,
-+                      "Can't write that much data!");
-+    memcpy(mData + mDataLength, &v, sizeof(v));
-+    mDataLength += sizeof(v);
-+}
- 
--    // get the server's response
--    desired_len = 8;	// size of the response
--    response_len = pr_RecvAll(fd, response, desired_len, 0, &timeout);
--    if (response_len < desired_len) {
--        LOGERROR(("pr_RecvAll() failed. response_len = %d.", response_len));
--        return NS_ERROR_FAILURE;
--    }
-+void
-+nsSOCKSSocketInfo::WriteNetAddr(const PRNetAddr *addr)
-+{
-+    const char *ip = NULL;
-+    PRUint32 len = 0;
- 
--    if ((response[0] != 0x00) && (response[0] != 0x04)) {
--        // Novell BorderManager sends a response of type 4, should be zero
--        // According to the spec. Cope with this brokenness.        
--        // it's not a SOCKS 4 reply or version 0 of the reply code
--        LOGERROR(("Not a SOCKS 4 reply. Expected: 0; received: %x.", response[0]));
--        return NS_ERROR_FAILURE;
-+    if (PR_NetAddrFamily(addr) == PR_AF_INET) {
-+        ip = (const char*)&addr->inet.ip;
-+        len = sizeof(addr->inet.ip);
-+    } else if (PR_NetAddrFamily(addr) == PR_AF_INET6) {
-+        ip = (const char*)addr->ipv6.ip.pr_s6_addr;
-+        len = sizeof(addr->ipv6.ip.pr_s6_addr);
-     }
- 
--    if (response[1] != 0x5A) { // = 90: request granted
--        // connect request not granted
--        LOGERROR(("Connection request refused. Expected: 90; received: %d.", response[1]));
--        return NS_ERROR_FAILURE;
--    }
-+    NS_ABORT_IF_FALSE(ip != NULL, "Unknown address");
-+    NS_ABORT_IF_FALSE(mDataLength + len <= BUFFER_SIZE,
-+                      "Can't write that much data!");
-  
--    return NS_OK;
-+    memcpy(mData + mDataLength, ip, len);
-+    mDataLength += len;
-+}
- 
-+void
-+nsSOCKSSocketInfo::WriteNetPort(const PRNetAddr *addr)
-+{
-+    WriteUint16(PR_NetAddrInetPort(addr));
- }
- 
-+void
-+nsSOCKSSocketInfo::WriteString(const nsACString &str)
-+{
-+    NS_ABORT_IF_FALSE(mDataLength + str.Length() <= BUFFER_SIZE,
-+                      "Can't write that much data!");
-+    memcpy(mData + mDataLength, str.Data(), str.Length());
-+    mDataLength += str.Length();
-+}
- 
--static PRStatus
--nsSOCKSIOLayerConnect(PRFileDesc *fd, const PRNetAddr *addr, PRIntervalTime /*timeout*/)
-+inline PRUint8
-+nsSOCKSSocketInfo::ReadUint8()
- {
-+    PRUint8 rv;
-+    NS_ABORT_IF_FALSE(mReadOffset + sizeof(rv) <= mDataLength,
-+                      "Not enough space to pop a uint8!");
-+    rv = mData[mReadOffset];
-+    mReadOffset += sizeof(rv);
-+    return rv;
-+}
- 
--    PRStatus status;
-+inline PRUint16
-+nsSOCKSSocketInfo::ReadUint16()
-+{
-+    PRUint16 rv;
-+    NS_ABORT_IF_FALSE(mReadOffset + sizeof(rv) <= mDataLength,
-+                      "Not enough space to pop a uint16!");
-+    memcpy(&rv, mData + mReadOffset, sizeof(rv));
-+    mReadOffset += sizeof(rv);
-+    return rv;
-+}
- 
--    nsSOCKSSocketInfo * info = (nsSOCKSSocketInfo*) fd->secret;
--    if (info == NULL) return PR_FAILURE;
-+inline PRUint32
-+nsSOCKSSocketInfo::ReadUint32()
-+{
-+    PRUint32 rv;
-+    NS_ABORT_IF_FALSE(mReadOffset + sizeof(rv) <= mDataLength,
-+                      "Not enough space to pop a uint32!");
-+    memcpy(&rv, mData + mReadOffset, sizeof(rv));
-+    mReadOffset += sizeof(rv);
-+    return rv;
-+}
- 
--    // First, we need to look up our proxy...
--    const nsCString &proxyHost = info->ProxyHost();
-+void
-+nsSOCKSSocketInfo::ReadNetAddr(PRNetAddr *addr, PRUint16 fam)
-+{
-+    PRUint32 amt;
-+    const PRUint8 *ip = mData + mReadOffset;
-+
-+    addr->raw.family = fam;
-+    if (fam == PR_AF_INET) {
-+        amt = sizeof(addr->inet.ip);
-+        NS_ABORT_IF_FALSE(mReadOffset + amt <= mDataLength,
-+                          "Not enough space to pop an ipv4 addr!");
-+        memcpy(&addr->inet.ip, ip, amt);
-+    } else if (fam == PR_AF_INET6) {
-+        amt = sizeof(addr->ipv6.ip.pr_s6_addr);
-+        NS_ABORT_IF_FALSE(mReadOffset + amt <= mDataLength,
-+                          "Not enough space to pop an ipv6 addr!");
-+        memcpy(addr->ipv6.ip.pr_s6_addr, ip, amt);
-+    }
- 
--    if (proxyHost.IsEmpty())
--        return PR_FAILURE;
-+    mReadOffset += amt;
-+}
- 
--    PRInt32 socksVersion = info->Version();
-+void
-+nsSOCKSSocketInfo::ReadNetPort(PRNetAddr *addr)
-+{
-+    addr->inet.port = ReadUint16();
-+}
- 
--    LOGDEBUG(("nsSOCKSIOLayerConnect SOCKS %u; proxyHost: %s.", socksVersion, proxyHost.get()));
-+void
-+nsSOCKSSocketInfo::WantRead(PRUint32 sz)
-+{
-+    NS_ABORT_IF_FALSE(mDataIoPtr == NULL,
-+                      "WantRead() called while I/O already in progress!");
-+    NS_ABORT_IF_FALSE(mDataLength + sz <= BUFFER_SIZE,
-+                      "Can't read that much data!");
-+    mAmountToRead = sz;
-+}
- 
--    // Sync resolve the proxy hostname.
--    PRNetAddr proxyAddr;
--    nsCOMPtr<nsIDNSRecord> rec;
--    nsresult rv;
--    {
--        nsCOMPtr<nsIDNSService> dns = do_GetService(NS_DNSSERVICE_CONTRACTID);
--        if (!dns)
--            return PR_FAILURE;
-+PRStatus
-+nsSOCKSSocketInfo::ReadFromSocket(PRFileDesc *fd)
-+{
-+    PRInt32 rc;
-+    const PRUint8 *end;
- 
--        rv = dns->Resolve(proxyHost, 0, getter_AddRefs(rec));
--        if (NS_FAILED(rv))
--            return PR_FAILURE;
-+    if (!mAmountToRead) {
-+        LOGDEBUG(("socks: ReadFromSocket(), nothing to do"));
-+        return PR_SUCCESS;
-     }
- 
--    info->SetInternalProxyAddr(&proxyAddr);
-+    if (!mDataIoPtr) {
-+        mDataIoPtr = mData + mDataLength;
-+        mDataLength += mAmountToRead;
-+    }
- 
--    // For now, we'll do this as a blocking connect,
--    // but with nspr 4.1, the necessary functions to
--    // do a non-blocking connect will be available
-+    end = mData + mDataLength;
-+
-+    while (mDataIoPtr < end) {
-+        rc = PR_Read(fd, mDataIoPtr, end - mDataIoPtr);
-+        if (rc <= 0) {
-+            if (rc == 0) {
-+                LOGERROR(("socks: proxy server closed connection"));
-+                HandshakeFinished(PR_CONNECT_REFUSED_ERROR);
-+                return PR_FAILURE;
-+            } else if (PR_GetError() == PR_WOULD_BLOCK_ERROR) {
-+                LOGDEBUG(("socks: ReadFromSocket(), want read"));
-+            }
-+            break;
-+        }
- 
--    // Preserve the non-blocking state of the socket
--    PRBool nonblocking;
--    PRSocketOptionData sockopt;
--    sockopt.option = PR_SockOpt_Nonblocking;
--    status = PR_GetSocketOption(fd, &sockopt);
-+        mDataIoPtr += rc;
-+    }
- 
--    if (PR_SUCCESS != status) {
--        LOGERROR(("PR_GetSocketOption() failed. status = %x.", status));
--        return status;
-+    LOGDEBUG(("socks: ReadFromSocket(), have %u bytes total",
-+             unsigned(mDataIoPtr - mData)));
-+    if (mDataIoPtr == end) {
-+        mDataIoPtr = nsnull;
-+        mAmountToRead = 0;
-+        mReadOffset = 0;
-+        return PR_SUCCESS;
-     }
- 
--    // Store blocking option
--    nonblocking = sockopt.value.non_blocking;
-+    return PR_FAILURE;
-+}
- 
--    sockopt.option = PR_SockOpt_Nonblocking;
--    sockopt.value.non_blocking = PR_FALSE;
--    status = PR_SetSocketOption(fd, &sockopt);
-+PRStatus
-+nsSOCKSSocketInfo::WriteToSocket(PRFileDesc *fd)
-+{
-+    PRInt32 rc;
-+    const PRUint8 *end;
- 
--    if (PR_SUCCESS != status) {
--        LOGERROR(("PR_SetSocketOption() failed. status = %x.", status));
--        return status;
-+    if (!mDataLength) {
-+        LOGDEBUG(("socks: WriteToSocket(), nothing to do"));
-+        return PR_SUCCESS;
-     }
- 
--    // Now setup sockopts, so we can restore the value later.
--    sockopt.option = PR_SockOpt_Nonblocking;
--    sockopt.value.non_blocking = nonblocking;
-+    if (!mDataIoPtr)
-+        mDataIoPtr = mData;
- 
--    // This connectWait should be long enough to connect to local proxy
--    // servers, but not much longer. Since this protocol negotiation
--    // uses blocking network calls, the app can appear to hang for a maximum
--    // of this time if the user presses the STOP button during the SOCKS
--    // connection negotiation. Note that this value only applies to the
--    // connecting to the SOCKS server: once the SOCKS connection has been
--    // established, the value is not used anywhere else.
--    PRIntervalTime connectWait = PR_SecondsToInterval(10);
-+    end = mData + mDataLength;
- 
--    // Connect to the proxy server.
--    PRInt32 addresses = 0;
--    do {
--        rv = rec->GetNextAddr(info->ProxyPort(), &proxyAddr);
--        if (NS_FAILED(rv)) {
--            status = PR_FAILURE;
-+    while (mDataIoPtr < end) {
-+        rc = PR_Write(fd, mDataIoPtr, end - mDataIoPtr);
-+        if (rc < 0) {
-+            if (PR_GetError() == PR_WOULD_BLOCK_ERROR) {
-+                LOGDEBUG(("socks: WriteToSocket(), want write"));
-+            }
-             break;
-         }
--        ++addresses;
--        status = fd->lower->methods->connect(fd->lower, &proxyAddr, connectWait);
--    } while (PR_SUCCESS != status);
-+        
-+        mDataIoPtr += rc;
-+    }
- 
--    if (PR_SUCCESS != status) {
--        LOGERROR(("Failed to TCP connect to the proxy server (%s): timeout = %d, status = %x, tried %d addresses.", proxyHost.get(), connectWait, status, addresses));
--        PR_SetSocketOption(fd, &sockopt);
--        return status;
-+    if (mDataIoPtr == end) {
-+        mDataIoPtr = nsnull;
-+        mDataLength = 0;
-+        mReadOffset = 0;
-+        return PR_SUCCESS;
-     }
-+    
-+    return PR_FAILURE;
-+}
- 
-+static PRStatus
-+nsSOCKSIOLayerConnect(PRFileDesc *fd, const PRNetAddr *addr, PRIntervalTime to)
-+{
-+    PRStatus status;
-+    PRNetAddr dst;
- 
--    // We are now connected to the SOCKS proxy server.
--    // Now we will negotiate a connection to the desired server.
-+    nsSOCKSSocketInfo * info = (nsSOCKSSocketInfo*) fd->secret;
-+    if (info == NULL) return PR_FAILURE;
- 
--    // External IP address returned from ConnectSOCKS5(). Not supported in SOCKS4.
--    PRNetAddr extAddr;
--    PR_InitializeNetAddr(PR_IpAddrNull, 0, &extAddr);
-+    if (PR_NetAddrFamily(addr) == PR_AF_INET6 &&
-+        PR_IsNetAddrType(addr, PR_IpAddrV4Mapped)) {
-+        const PRUint8 *srcp;
- 
--    NS_ASSERTION((socksVersion == 4) || (socksVersion == 5), "SOCKS Version must be selected");
-+        LOGDEBUG(("socks: converting ipv4-mapped ipv6 address to ipv4"));
- 
--    // Try to connect via SOCKS 5.
--    if (socksVersion == 5) {
--        rv = ConnectSOCKS5(fd, addr, &extAddr, connectWait);
-+        // copied from _PR_ConvertToIpv4NetAddr()
-+        PR_InitializeNetAddr(PR_IpAddrAny, 0, &dst);
-+        srcp = addr->ipv6.ip.pr_s6_addr;
-+        memcpy(&dst.inet.ip, srcp + 12, 4);
-+        dst.inet.family = PR_AF_INET;
-+        dst.inet.port = addr->ipv6.port;
-+    } else {
-+        memcpy(&dst, addr, sizeof(dst));
-+    }
- 
--        if (NS_FAILED(rv)) {
--            PR_SetSocketOption(fd, &sockopt);
--            return PR_FAILURE;
--        }
-+    info->SetDestinationAddr(&dst);
-+    info->SetConnectTimeout(to);
- 
--    }
-+    do {
-+        status = info->DoHandshake(fd, -1);
-+    } while (status == PR_SUCCESS && !info->IsConnected());
- 
--    // Try to connect via SOCKS 4.
--    else {
--        rv = ConnectSOCKS4(fd, addr, connectWait);
-+    return status;
-+}
- 
--        if (NS_FAILED(rv)) {
--            PR_SetSocketOption(fd, &sockopt);
--            return PR_FAILURE;
--        }
-+static PRStatus
-+nsSOCKSIOLayerConnectContinue(PRFileDesc *fd, PRInt16 oflags)
-+{
-+    PRStatus status;
- 
--    }
-+    nsSOCKSSocketInfo * info = (nsSOCKSSocketInfo*) fd->secret;
-+    if (info == NULL) return PR_FAILURE;
- 
-+    do { 
-+        status = info->DoHandshake(fd, oflags);
-+    } while (status == PR_SUCCESS && !info->IsConnected());
- 
--    info->SetDestinationAddr((PRNetAddr*)addr);
--    info->SetExternalProxyAddr(&extAddr);
-+    return status;
-+}
- 
--    // restore non-blocking option
--    PR_SetSocketOption(fd, &sockopt);
-+static PRInt16
-+nsSOCKSIOLayerPoll(PRFileDesc *fd, PRInt16 in_flags, PRInt16 *out_flags)
-+{
-+    nsSOCKSSocketInfo * info = (nsSOCKSSocketInfo*) fd->secret;
-+    if (info == NULL) return PR_FAILURE;
- 
--    // we're set-up and connected.
--    // this socket can be used as normal now.
-+    if (!info->IsConnected()) {
-+        *out_flags = 0;
-+        return info->GetPollFlags();
-+    }
- 
--    return PR_SUCCESS;
-+    return fd->lower->methods->poll(fd->lower, in_flags, out_flags);
- }
- 
- static PRStatus
-@@ -885,6 +1120,8 @@ nsSOCKSIOLayerAddToSocket(PRInt32 family,
-         nsSOCKSIOLayerMethods		= *PR_GetDefaultIOMethods();
- 
-         nsSOCKSIOLayerMethods.connect	= nsSOCKSIOLayerConnect;
-+        nsSOCKSIOLayerMethods.connectcontinue	= nsSOCKSIOLayerConnectContinue;
-+        nsSOCKSIOLayerMethods.poll	= nsSOCKSIOLayerPoll;
-         nsSOCKSIOLayerMethods.bind	= nsSOCKSIOLayerBind;
-         nsSOCKSIOLayerMethods.acceptread = nsSOCKSIOLayerAcceptRead;
-         nsSOCKSIOLayerMethods.getsockname = nsSOCKSIOLayerGetName;
--- 
-1.7.3.4
-
diff --git a/src/archived-patches/0001-Firefox5-Block-Components.interfaces-lookupMethod-fr.patch b/src/archived-patches/0001-Firefox5-Block-Components.interfaces-lookupMethod-fr.patch
deleted file mode 100644
index 816e2d2..0000000
--- a/src/archived-patches/0001-Firefox5-Block-Components.interfaces-lookupMethod-fr.patch
+++ /dev/null
@@ -1,50 +0,0 @@
-From cb6df58b95028693007936e423d43223609e17cc Mon Sep 17 00:00:00 2001
-From: Mike Perry <mikeperry-git@xxxxxxxxxx>
-Date: Mon, 20 Jun 2011 17:07:41 -0700
-Subject: [PATCH 1/3] Firefox5: Block Components.interfaces,lookupMethod from content
-
-This patch removes the ability of content script to access
-Components.interfaces.* as well as call or access Components.lookupMethod.
-
-These two interfaces seem to be exposed to content script only to make our
-lives difficult. Components.lookupMethod can undo our JS hooks, and
-Components.interfaces is useful for fingerprinting the platform, OS, and
-Firebox version.
-
-They appear to have no other legitimate use. See also:
-https://bugzilla.mozilla.org/show_bug.cgi?id=429070
-https://trac.torproject.org/projects/tor/ticket/2873
-https://trac.torproject.org/projects/tor/ticket/2874
----
- js/src/xpconnect/src/xpccomponents.cpp |    8 ++++++--
- 1 files changed, 6 insertions(+), 2 deletions(-)
-
-diff --git a/js/src/xpconnect/src/xpccomponents.cpp b/js/src/xpconnect/src/xpccomponents.cpp
-index 5e789e7..5c76981 100644
---- a/js/src/xpconnect/src/xpccomponents.cpp
-+++ b/js/src/xpconnect/src/xpccomponents.cpp
-@@ -4287,7 +4287,9 @@ nsXPCComponents::CanCreateWrapper(const nsIID * iid, char **_retval)
- NS_IMETHODIMP
- nsXPCComponents::CanCallMethod(const nsIID * iid, const PRUnichar *methodName, char **_retval)
- {
--    static const char* allowed[] = { "isSuccessCode", "lookupMethod", nsnull };
-+    // XXX: Pref observer? Also, is this what we want? Seems like a plan
-+    //static const char* allowed[] = { "isSuccessCode", "lookupMethod", nsnull };
-+    static const char* allowed[] = { "isSuccessCode", nsnull };
-     *_retval = xpc_CheckAccessList(methodName, allowed);
-     return NS_OK;
- }
-@@ -4296,7 +4298,9 @@ nsXPCComponents::CanCallMethod(const nsIID * iid, const PRUnichar *methodName, c
- NS_IMETHODIMP
- nsXPCComponents::CanGetProperty(const nsIID * iid, const PRUnichar *propertyName, char **_retval)
- {
--    static const char* allowed[] = { "interfaces", "interfacesByID", "results", nsnull};
-+    // XXX: Pref observer? Also, is this what we want? Seems like a plan
-+    //    static const char* allowed[] = { "interfaces", "interfacesByID", "results", nsnull};
-+    static const char* allowed[] = { "results", nsnull};
-     *_retval = xpc_CheckAccessList(propertyName, allowed);
-     return NS_OK;
- }
--- 
-1.7.3.4
-
diff --git a/src/archived-patches/0002-Firefox4-Block-Components.interfaces-lookupMethod-fr.patch b/src/archived-patches/0002-Firefox4-Block-Components.interfaces-lookupMethod-fr.patch
deleted file mode 100644
index 8e34500..0000000
--- a/src/archived-patches/0002-Firefox4-Block-Components.interfaces-lookupMethod-fr.patch
+++ /dev/null
@@ -1,50 +0,0 @@
-From ebaf58a014f98942886ae829da83fadd662df948 Mon Sep 17 00:00:00 2001
-From: Mike Perry <mikeperry-git@xxxxxxxxxx>
-Date: Mon, 20 Jun 2011 17:07:41 -0700
-Subject: [PATCH 2/4] Firefox4: Block Components.interfaces,lookupMethod from content
-
-This patch removes the ability of content script to access
-Components.interfaces.* as well as call or access Components.lookupMethod.
-
-These two interfaces seem to be exposed to content script only to make our
-lives difficult. Components.lookupMethod can undo our JS hooks, and
-Components.interfaces is useful for fingerprinting the platform, OS, and
-Firebox version.
-
-They appear to have no other legitimate use. See also:
-https://bugzilla.mozilla.org/show_bug.cgi?id=429070
-https://trac.torproject.org/projects/tor/ticket/2873
-https://trac.torproject.org/projects/tor/ticket/2874
----
- js/src/xpconnect/src/xpccomponents.cpp |    8 ++++++--
- 1 files changed, 6 insertions(+), 2 deletions(-)
-
-diff --git a/js/src/xpconnect/src/xpccomponents.cpp b/js/src/xpconnect/src/xpccomponents.cpp
-index 1c141f9..85a2b4e 100644
---- a/js/src/xpconnect/src/xpccomponents.cpp
-+++ b/js/src/xpconnect/src/xpccomponents.cpp
-@@ -4294,7 +4294,9 @@ nsXPCComponents::CanCreateWrapper(const nsIID * iid, char **_retval)
- NS_IMETHODIMP
- nsXPCComponents::CanCallMethod(const nsIID * iid, const PRUnichar *methodName, char **_retval)
- {
--    static const char* allowed[] = { "isSuccessCode", "lookupMethod", nsnull };
-+    // XXX: Pref observer? Also, is this what we want? Seems like a plan
-+    //static const char* allowed[] = { "isSuccessCode", "lookupMethod", nsnull };
-+    static const char* allowed[] = { "isSuccessCode", nsnull };
-     *_retval = xpc_CheckAccessList(methodName, allowed);
-     return NS_OK;
- }
-@@ -4303,7 +4305,9 @@ nsXPCComponents::CanCallMethod(const nsIID * iid, const PRUnichar *methodName, c
- NS_IMETHODIMP
- nsXPCComponents::CanGetProperty(const nsIID * iid, const PRUnichar *propertyName, char **_retval)
- {
--    static const char* allowed[] = { "interfaces", "interfacesByID", "results", nsnull};
-+    // XXX: Pref observer? Also, is this what we want? Seems like a plan
-+    //    static const char* allowed[] = { "interfaces", "interfacesByID", "results", nsnull};
-+    static const char* allowed[] = { "results", nsnull};
-     *_retval = xpc_CheckAccessList(propertyName, allowed);
-     return NS_OK;
- }
--- 
-1.7.3.4
-
diff --git a/src/archived-patches/0002-Firefox5-Make-Intermediate-Cert-Store-memory-only.patch b/src/archived-patches/0002-Firefox5-Make-Intermediate-Cert-Store-memory-only.patch
deleted file mode 100644
index 2bd11e8..0000000
--- a/src/archived-patches/0002-Firefox5-Make-Intermediate-Cert-Store-memory-only.patch
+++ /dev/null
@@ -1,300 +0,0 @@
-From 16b89c54032d1ad0acf2d6fa005b292a6f434791 Mon Sep 17 00:00:00 2001
-From: Mike Perry <mikeperry-git@xxxxxxxxxx>
-Date: Mon, 20 Jun 2011 17:07:49 -0700
-Subject: [PATCH 2/3] Firefox5: Make Intermediate Cert Store memory-only.
-
-This patch makes the intermediate SSL cert store exist in memory only. It
-exposes a pref ('security.nocertdb') to toggle to clear the store, but this
-seems buggy.
-
-The pref must be set before startup in prefs.js.
-https://trac.torproject.org/projects/tor/ticket/2949
----
- security/manager/ssl/src/nsNSSComponent.cpp |  180 ++++++++++++++++++---------
- 1 files changed, 120 insertions(+), 60 deletions(-)
-
-diff --git a/security/manager/ssl/src/nsNSSComponent.cpp b/security/manager/ssl/src/nsNSSComponent.cpp
-index d3ae772..fa37ace 100644
---- a/security/manager/ssl/src/nsNSSComponent.cpp
-+++ b/security/manager/ssl/src/nsNSSComponent.cpp
-@@ -1658,8 +1658,21 @@ nsNSSComponent::InitializeNSS(PRBool showWarningBox)
-     // Ubuntu 8.04, which loads any nonexistent "<configdir>/libnssckbi.so" as
-     // "/usr/lib/nss/libnssckbi.so".
-     PRUint32 init_flags = NSS_INIT_NOROOTINIT | NSS_INIT_OPTIMIZESPACE;
--    SECStatus init_rv = ::NSS_Initialize(profileStr.get(), "", "",
-+    PRBool nocertdb = false;
-+    mPrefBranch->GetBoolPref("security.nocertdb", &nocertdb);
-+
-+    // XXX: We can also do the the following to only disable the certdb.
-+    // Leaving this codepath in as a fallback in case InitNODB fails
-+    if (nocertdb)
-+      init_flags |= NSS_INIT_NOCERTDB;
-+
-+    SECStatus init_rv;
-+    if (nocertdb) {
-+        init_rv = ::NSS_NoDB_Init(NULL);
-+    } else {
-+        init_rv = ::NSS_Initialize(profileStr.get(), "", "",
-                                          SECMOD_DB, init_flags);
-+    }
- 
-     if (init_rv != SECSuccess) {
-       PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("can not init NSS r/w in %s\n", profileStr.get()));
-@@ -2215,70 +2228,106 @@ nsNSSComponent::Observe(nsISupports *aSubject, const char *aTopic,
-       }
-     }
-   }
--  else if (nsCRT::strcmp(aTopic, NS_PREFBRANCH_PREFCHANGE_TOPIC_ID) == 0) { 
--    nsNSSShutDownPreventionLock locker;
--    PRBool clearSessionCache = PR_FALSE;
--    PRBool enabled;
-+  else if (nsCRT::strcmp(aTopic, NS_PREFBRANCH_PREFCHANGE_TOPIC_ID) == 0) {
-     NS_ConvertUTF16toUTF8  prefName(someData);
-+    // XXX: This should be an observer notification, so we can properly cancel it
-+    if (prefName.Equals("security.nocertdb")) {
-+      // XXX: If these functions tell us to cancel, the browser seems to get left in an
-+      // indeterminate state that prevents SSL from being used.
-+      //
-+      // We apparently need to wait for all SSL sockets to shut down on their
-+      // own (this can take up to a minute!) and then attempt to alter the pref
-+      // again before doing anything.
-+      //
-+      // So any implementation of New Identity based on this code will need to keep
-+      // attempting to send the notification until it is not canceled. Ugh...
-+      if (!DoProfileApproveChange(aSubject)) {
-+        PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("CertDB change canceled\n"));
-+        return NS_OK;
-+      }
- 
--    if (prefName.Equals("security.enable_ssl2")) {
--      mPrefBranch->GetBoolPref("security.enable_ssl2", &enabled);
--      SSL_OptionSetDefault(SSL_ENABLE_SSL2, enabled);
--      SSL_OptionSetDefault(SSL_V2_COMPATIBLE_HELLO, enabled);
--      clearSessionCache = PR_TRUE;
--    } else if (prefName.Equals("security.enable_ssl3")) {
--      mPrefBranch->GetBoolPref("security.enable_ssl3", &enabled);
--      SSL_OptionSetDefault(SSL_ENABLE_SSL3, enabled);
--      clearSessionCache = PR_TRUE;
--    } else if (prefName.Equals("security.enable_tls")) {
--      mPrefBranch->GetBoolPref("security.enable_tls", &enabled);
--      SSL_OptionSetDefault(SSL_ENABLE_TLS, enabled);
--      clearSessionCache = PR_TRUE;
--    } else if (prefName.Equals("security.enable_tls_session_tickets")) {
--      mPrefBranch->GetBoolPref("security.enable_tls_session_tickets", &enabled);
--      SSL_OptionSetDefault(SSL_ENABLE_SESSION_TICKETS, enabled);
--    } else if (prefName.Equals("security.ssl.require_safe_negotiation")) {
--      mPrefBranch->GetBoolPref("security.ssl.require_safe_negotiation", &enabled);
--      SSL_OptionSetDefault(SSL_REQUIRE_SAFE_NEGOTIATION, enabled);
--    } else if (prefName.Equals("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref")) {
--      mPrefBranch->GetBoolPref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", &enabled);
--      SSL_OptionSetDefault(SSL_ENABLE_RENEGOTIATION, 
--        enabled ? SSL_RENEGOTIATE_UNRESTRICTED : SSL_RENEGOTIATE_REQUIRES_XTN);
--    } else if (prefName.Equals("security.ssl.renego_unrestricted_hosts")) {
--      char *unrestricted_hosts=nsnull;
--      mPrefBranch->GetCharPref("security.ssl.renego_unrestricted_hosts", &unrestricted_hosts);
--      if (unrestricted_hosts) {
--        nsSSLIOLayerHelpers::setRenegoUnrestrictedSites(nsDependentCString(unrestricted_hosts));
--        nsMemory::Free(unrestricted_hosts);
-+      DoProfileChangeNetTeardown();
-+      if (!DoProfileChangeTeardown(aSubject)) {
-+        PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("CertDB change canceled\n"));
-+        return NS_OK;
-+      }
-+
-+      if (!DoProfileBeforeChange(aSubject)) {
-+        PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("CertDB change canceled by NSS shutdown\n"));
-+        // Need to re-add observer because ShutdownNSS removed it.
-+        nsCOMPtr<nsIPrefBranch2> pbi = do_QueryInterface(mPrefBranch);
-+        pbi->AddObserver("security.", this, PR_FALSE);
-+        return NS_OK;
-       }
--    } else if (prefName.Equals("security.ssl.treat_unsafe_negotiation_as_broken")) {
--      mPrefBranch->GetBoolPref("security.ssl.treat_unsafe_negotiation_as_broken", &enabled);
--      nsSSLIOLayerHelpers::setTreatUnsafeNegotiationAsBroken(enabled);
--    } else if (prefName.Equals("security.ssl.warn_missing_rfc5746")) {
--      PRInt32 warnLevel = 1;
--      mPrefBranch->GetIntPref("security.ssl.warn_missing_rfc5746", &warnLevel);
--      nsSSLIOLayerHelpers::setWarnLevelMissingRFC5746(warnLevel);
-+
-+      DoProfileChangeNetRestore();
-+      InitializeNSS(PR_FALSE);
-+      InitializeCRLUpdateTimer();
-+      return NS_OK;
-+    } else {
-+      nsNSSShutDownPreventionLock locker;
-+      PRBool clearSessionCache = PR_FALSE;
-+      PRBool enabled;
-+
-+      if (prefName.Equals("security.enable_ssl2")) {
-+        mPrefBranch->GetBoolPref("security.enable_ssl2", &enabled);
-+        SSL_OptionSetDefault(SSL_ENABLE_SSL2, enabled);
-+        SSL_OptionSetDefault(SSL_V2_COMPATIBLE_HELLO, enabled);
-+        clearSessionCache = PR_TRUE;
-+      } else if (prefName.Equals("security.enable_ssl3")) {
-+        mPrefBranch->GetBoolPref("security.enable_ssl3", &enabled);
-+        SSL_OptionSetDefault(SSL_ENABLE_SSL3, enabled);
-+        clearSessionCache = PR_TRUE;
-+      } else if (prefName.Equals("security.enable_tls")) {
-+        mPrefBranch->GetBoolPref("security.enable_tls", &enabled);
-+        SSL_OptionSetDefault(SSL_ENABLE_TLS, enabled);
-+        clearSessionCache = PR_TRUE;
-+      } else if (prefName.Equals("security.enable_tls_session_tickets")) {
-+        mPrefBranch->GetBoolPref("security.enable_tls_session_tickets", &enabled);
-+        SSL_OptionSetDefault(SSL_ENABLE_SESSION_TICKETS, enabled);
-+      } else if (prefName.Equals("security.ssl.require_safe_negotiation")) {
-+        mPrefBranch->GetBoolPref("security.ssl.require_safe_negotiation", &enabled);
-+        SSL_OptionSetDefault(SSL_REQUIRE_SAFE_NEGOTIATION, enabled);
-+      } else if (prefName.Equals("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref")) {
-+        mPrefBranch->GetBoolPref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", &enabled);
-+        SSL_OptionSetDefault(SSL_ENABLE_RENEGOTIATION, 
-+          enabled ? SSL_RENEGOTIATE_UNRESTRICTED : SSL_RENEGOTIATE_REQUIRES_XTN);
-+      } else if (prefName.Equals("security.ssl.renego_unrestricted_hosts")) {
-+        char *unrestricted_hosts=nsnull;
-+        mPrefBranch->GetCharPref("security.ssl.renego_unrestricted_hosts", &unrestricted_hosts);
-+        if (unrestricted_hosts) {
-+          nsSSLIOLayerHelpers::setRenegoUnrestrictedSites(nsDependentCString(unrestricted_hosts));
-+          nsMemory::Free(unrestricted_hosts);
-+        }
-+      } else if (prefName.Equals("security.ssl.treat_unsafe_negotiation_as_broken")) {
-+        mPrefBranch->GetBoolPref("security.ssl.treat_unsafe_negotiation_as_broken", &enabled);
-+        nsSSLIOLayerHelpers::setTreatUnsafeNegotiationAsBroken(enabled);
-+      } else if (prefName.Equals("security.ssl.warn_missing_rfc5746")) {
-+        PRInt32 warnLevel = 1;
-+        mPrefBranch->GetIntPref("security.ssl.warn_missing_rfc5746", &warnLevel);
-+        nsSSLIOLayerHelpers::setWarnLevelMissingRFC5746(warnLevel);
- #ifdef SSL_ENABLE_FALSE_START // Requires NSS 3.12.8
--    } else if (prefName.Equals("security.ssl.enable_false_start")) {
--      mPrefBranch->GetBoolPref("security.ssl.enable_false_start", &enabled);
--      SSL_OptionSetDefault(SSL_ENABLE_FALSE_START, enabled);
-+      } else if (prefName.Equals("security.ssl.enable_false_start")) {
-+        mPrefBranch->GetBoolPref("security.ssl.enable_false_start", &enabled);
-+        SSL_OptionSetDefault(SSL_ENABLE_FALSE_START, enabled);
- #endif
--    } else if (prefName.Equals("security.OCSP.enabled")
--               || prefName.Equals("security.OCSP.require")) {
--      setOCSPOptions(mPrefBranch);
--    } else {
--      /* Look through the cipher table and set according to pref setting */
--      for (CipherPref* cp = CipherPrefs; cp->pref; ++cp) {
--        if (prefName.Equals(cp->pref)) {
--          mPrefBranch->GetBoolPref(cp->pref, &enabled);
--          SSL_CipherPrefSetDefault(cp->id, enabled);
--          clearSessionCache = PR_TRUE;
--          break;
-+      } else if (prefName.Equals("security.OCSP.enabled")
-+                 || prefName.Equals("security.OCSP.require")) {
-+        setOCSPOptions(mPrefBranch);
-+      } else {
-+        /* Look through the cipher table and set according to pref setting */
-+        for (CipherPref* cp = CipherPrefs; cp->pref; ++cp) {
-+          if (prefName.Equals(cp->pref)) {
-+            mPrefBranch->GetBoolPref(cp->pref, &enabled);
-+            SSL_CipherPrefSetDefault(cp->id, enabled);
-+            clearSessionCache = PR_TRUE;
-+            break;
-+          }
-         }
-       }
-+      if (clearSessionCache)
-+        SSL_ClearSessionCache();
-     }
--    if (clearSessionCache)
--      SSL_ClearSessionCache();
-   }
-   else if (nsCRT::strcmp(aTopic, PROFILE_CHANGE_NET_TEARDOWN_TOPIC) == 0) {
-     PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("receiving network teardown topic\n"));
-@@ -2447,16 +2496,19 @@ nsNSSComponent::RememberCert(CERTCertificate *cert)
-   return NS_OK;
- }
- 
--void
-+PRBool
- nsNSSComponent::DoProfileApproveChange(nsISupports* aSubject)
- {
-   if (mShutdownObjectList->isUIActive()) {
-+    PR_LOG(gPIPNSSLog, PR_LOG_WARN, ("NSS UI active in profile change!\n"));
-     ShowAlert(ai_crypto_ui_active);
-     nsCOMPtr<nsIProfileChangeStatus> status = do_QueryInterface(aSubject);
-     if (status) {
-       status->VetoChange();
-     }
-+    return false;
-   }
-+  return true;
- }
- 
- void
-@@ -2469,16 +2521,18 @@ nsNSSComponent::DoProfileChangeNetTeardown()
-   mIsNetworkDown = PR_TRUE;
- }
- 
--void
-+PRBool
- nsNSSComponent::DoProfileChangeTeardown(nsISupports* aSubject)
- {
-   PRBool callVeto = PR_FALSE;
- 
-   if (!mShutdownObjectList->ifPossibleDisallowUI()) {
-     callVeto = PR_TRUE;
-+    PR_LOG(gPIPNSSLog, PR_LOG_WARN, ("NSS: Not possible to disallow UI!\n"));
-     ShowAlert(ai_crypto_ui_active);
-   }
-   else if (mShutdownObjectList->areSSLSocketsActive()) {
-+    PR_LOG(gPIPNSSLog, PR_LOG_WARN, ("NSS: SSL Sockets are active!\n"));
-     callVeto = PR_TRUE;
-     ShowAlert(ai_sockets_still_active);
-   }
-@@ -2489,9 +2543,11 @@ nsNSSComponent::DoProfileChangeTeardown(nsISupports* aSubject)
-       status->VetoChange();
-     }
-   }
-+
-+  return !callVeto;
- }
- 
--void
-+PRBool
- nsNSSComponent::DoProfileBeforeChange(nsISupports* aSubject)
- {
-   NS_ASSERTION(mIsNetworkDown, "nsNSSComponent relies on profile manager to wait for synchronous shutdown of all network activity");
-@@ -2510,16 +2566,20 @@ nsNSSComponent::DoProfileBeforeChange(nsISupports* aSubject)
-   }
-     
-   StopCRLUpdateTimer();
-+  PRBool allow_change = PR_TRUE;
- 
-   if (needsCleanup) {
-     if (NS_FAILED(ShutdownNSS())) {
-+      PR_LOG(gPIPNSSLog, PR_LOG_WARN, ("NSS: Shutdown failed\n"));
-       nsCOMPtr<nsIProfileChangeStatus> status = do_QueryInterface(aSubject);
-       if (status) {
-         status->ChangeFailed();
-       }
-+      allow_change = PR_FALSE;
-     }
-   }
-   mShutdownObjectList->allowUI();
-+  return allow_change;
- }
- 
- void
---- a/security/manager/ssl/src/nsNSSComponent.h
-+++ b/security/manager/ssl/src/nsNSSComponent.h
-@@ -321,10 +321,10 @@
- 
-   // Methods that we use to handle the profile change notifications (and to
-   // synthesize a full profile change when we're just doing a profile startup):
--  void DoProfileApproveChange(nsISupports* aSubject);
-+  PRBool DoProfileApproveChange(nsISupports* aSubject);
-   void DoProfileChangeNetTeardown();
--  void DoProfileChangeTeardown(nsISupports* aSubject);
--  void DoProfileBeforeChange(nsISupports* aSubject);
-+  PRBool DoProfileChangeTeardown(nsISupports* aSubject);
-+  PRBool DoProfileBeforeChange(nsISupports* aSubject);
-   void DoProfileChangeNetRestore();
-   
-   Mutex mutex;
-
--- 
-1.7.3.4
-
diff --git a/src/archived-patches/0003-Firefox4-Make-Intermediate-Cert-Store-memory-only.patch b/src/archived-patches/0003-Firefox4-Make-Intermediate-Cert-Store-memory-only.patch
deleted file mode 100644
index d4f7b73..0000000
--- a/src/archived-patches/0003-Firefox4-Make-Intermediate-Cert-Store-memory-only.patch
+++ /dev/null
@@ -1,283 +0,0 @@
-From 4db14cbb5a0aff6102189d30b9202555dcc39ff4 Mon Sep 17 00:00:00 2001
-From: Mike Perry <mikeperry-git@xxxxxxxxxx>
-Date: Mon, 20 Jun 2011 17:07:49 -0700
-Subject: [PATCH 3/4] Firefox4: Make Intermediate Cert Store memory-only.
-
-This patch makes the intermediate SSL cert store exist in memory only. It
-exposes a pref ('security.nocertdb') to toggle to clear the store, but this
-seems buggy.
-
-The pref must be set before startup in prefs.js.
-https://trac.torproject.org/projects/tor/ticket/2949
----
- security/manager/ssl/src/nsNSSComponent.cpp |  180 ++++++++++++++++++---------
- 1 files changed, 120 insertions(+), 60 deletions(-)
-
-diff --git a/security/manager/ssl/src/nsNSSComponent.cpp b/security/manager/ssl/src/nsNSSComponent.cpp
-index 33377ac..716bcee 100644
---- a/security/manager/ssl/src/nsNSSComponent.cpp
-+++ b/security/manager/ssl/src/nsNSSComponent.cpp
-@@ -1674,8 +1674,21 @@ nsNSSComponent::InitializeNSS(PRBool showWarningBox)
-     // Ubuntu 8.04, which loads any nonexistent "<configdir>/libnssckbi.so" as
-     // "/usr/lib/nss/libnssckbi.so".
-     PRUint32 init_flags = NSS_INIT_NOROOTINIT | NSS_INIT_OPTIMIZESPACE;
--    SECStatus init_rv = ::NSS_Initialize(profileStr.get(), "", "",
-+    PRBool nocertdb = false;
-+    mPrefBranch->GetBoolPref("security.nocertdb", &nocertdb);
-+
-+    // XXX: We can also do the the following to only disable the certdb.
-+    // Leaving this codepath in as a fallback in case InitNODB fails
-+    if (nocertdb)
-+      init_flags |= NSS_INIT_NOCERTDB;
-+
-+    SECStatus init_rv;
-+    if (nocertdb) {
-+        init_rv = ::NSS_NoDB_Init(NULL);
-+    } else {
-+        init_rv = ::NSS_Initialize(profileStr.get(), "", "",
-                                          SECMOD_DB, init_flags);
-+    }
- 
-     if (init_rv != SECSuccess) {
-       PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("can not init NSS r/w in %s\n", profileStr.get()));
-@@ -2231,70 +2244,106 @@ nsNSSComponent::Observe(nsISupports *aSubject, const char *aTopic,
-       }
-     }
-   }
--  else if (nsCRT::strcmp(aTopic, NS_PREFBRANCH_PREFCHANGE_TOPIC_ID) == 0) { 
--    nsNSSShutDownPreventionLock locker;
--    PRBool clearSessionCache = PR_FALSE;
--    PRBool enabled;
-+  else if (nsCRT::strcmp(aTopic, NS_PREFBRANCH_PREFCHANGE_TOPIC_ID) == 0) {
-     NS_ConvertUTF16toUTF8  prefName(someData);
-+    // XXX: This should be an observer notification, so we can properly cancel it
-+    if (prefName.Equals("security.nocertdb")) {
-+      // XXX: If these functions tell us to cancel, the browser seems to get left in an
-+      // indeterminate state that prevents SSL from being used.
-+      //
-+      // We apparently need to wait for all SSL sockets to shut down on their
-+      // own (this can take up to a minute!) and then attempt to alter the pref
-+      // again before doing anything.
-+      //
-+      // So any implementation of New Identity based on this code will need to keep
-+      // attempting to send the notification until it is not canceled. Ugh...
-+      if (!DoProfileApproveChange(aSubject)) {
-+        PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("CertDB change canceled\n"));
-+        return NS_OK;
-+      }
- 
--    if (prefName.Equals("security.enable_ssl2")) {
--      mPrefBranch->GetBoolPref("security.enable_ssl2", &enabled);
--      SSL_OptionSetDefault(SSL_ENABLE_SSL2, enabled);
--      SSL_OptionSetDefault(SSL_V2_COMPATIBLE_HELLO, enabled);
--      clearSessionCache = PR_TRUE;
--    } else if (prefName.Equals("security.enable_ssl3")) {
--      mPrefBranch->GetBoolPref("security.enable_ssl3", &enabled);
--      SSL_OptionSetDefault(SSL_ENABLE_SSL3, enabled);
--      clearSessionCache = PR_TRUE;
--    } else if (prefName.Equals("security.enable_tls")) {
--      mPrefBranch->GetBoolPref("security.enable_tls", &enabled);
--      SSL_OptionSetDefault(SSL_ENABLE_TLS, enabled);
--      clearSessionCache = PR_TRUE;
--    } else if (prefName.Equals("security.enable_tls_session_tickets")) {
--      mPrefBranch->GetBoolPref("security.enable_tls_session_tickets", &enabled);
--      SSL_OptionSetDefault(SSL_ENABLE_SESSION_TICKETS, enabled);
--    } else if (prefName.Equals("security.ssl.require_safe_negotiation")) {
--      mPrefBranch->GetBoolPref("security.ssl.require_safe_negotiation", &enabled);
--      SSL_OptionSetDefault(SSL_REQUIRE_SAFE_NEGOTIATION, enabled);
--    } else if (prefName.Equals("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref")) {
--      mPrefBranch->GetBoolPref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", &enabled);
--      SSL_OptionSetDefault(SSL_ENABLE_RENEGOTIATION, 
--        enabled ? SSL_RENEGOTIATE_UNRESTRICTED : SSL_RENEGOTIATE_REQUIRES_XTN);
--    } else if (prefName.Equals("security.ssl.renego_unrestricted_hosts")) {
--      char *unrestricted_hosts=nsnull;
--      mPrefBranch->GetCharPref("security.ssl.renego_unrestricted_hosts", &unrestricted_hosts);
--      if (unrestricted_hosts) {
--        nsSSLIOLayerHelpers::setRenegoUnrestrictedSites(nsDependentCString(unrestricted_hosts));
--        nsMemory::Free(unrestricted_hosts);
-+      DoProfileChangeNetTeardown();
-+      if (!DoProfileChangeTeardown(aSubject)) {
-+        PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("CertDB change canceled\n"));
-+        return NS_OK;
-+      }
-+
-+      if (!DoProfileBeforeChange(aSubject)) {
-+        PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("CertDB change canceled by NSS shutdown\n"));
-+        // Need to re-add observer because ShutdownNSS removed it.
-+        nsCOMPtr<nsIPrefBranch2> pbi = do_QueryInterface(mPrefBranch);
-+        pbi->AddObserver("security.", this, PR_FALSE);
-+        return NS_OK;
-       }
--    } else if (prefName.Equals("security.ssl.treat_unsafe_negotiation_as_broken")) {
--      mPrefBranch->GetBoolPref("security.ssl.treat_unsafe_negotiation_as_broken", &enabled);
--      nsSSLIOLayerHelpers::setTreatUnsafeNegotiationAsBroken(enabled);
--    } else if (prefName.Equals("security.ssl.warn_missing_rfc5746")) {
--      PRInt32 warnLevel = 1;
--      mPrefBranch->GetIntPref("security.ssl.warn_missing_rfc5746", &warnLevel);
--      nsSSLIOLayerHelpers::setWarnLevelMissingRFC5746(warnLevel);
-+
-+      DoProfileChangeNetRestore();
-+      InitializeNSS(PR_FALSE);
-+      InitializeCRLUpdateTimer();
-+      return NS_OK;
-+    } else {
-+      nsNSSShutDownPreventionLock locker;
-+      PRBool clearSessionCache = PR_FALSE;
-+      PRBool enabled;
-+
-+      if (prefName.Equals("security.enable_ssl2")) {
-+        mPrefBranch->GetBoolPref("security.enable_ssl2", &enabled);
-+        SSL_OptionSetDefault(SSL_ENABLE_SSL2, enabled);
-+        SSL_OptionSetDefault(SSL_V2_COMPATIBLE_HELLO, enabled);
-+        clearSessionCache = PR_TRUE;
-+      } else if (prefName.Equals("security.enable_ssl3")) {
-+        mPrefBranch->GetBoolPref("security.enable_ssl3", &enabled);
-+        SSL_OptionSetDefault(SSL_ENABLE_SSL3, enabled);
-+        clearSessionCache = PR_TRUE;
-+      } else if (prefName.Equals("security.enable_tls")) {
-+        mPrefBranch->GetBoolPref("security.enable_tls", &enabled);
-+        SSL_OptionSetDefault(SSL_ENABLE_TLS, enabled);
-+        clearSessionCache = PR_TRUE;
-+      } else if (prefName.Equals("security.enable_tls_session_tickets")) {
-+        mPrefBranch->GetBoolPref("security.enable_tls_session_tickets", &enabled);
-+        SSL_OptionSetDefault(SSL_ENABLE_SESSION_TICKETS, enabled);
-+      } else if (prefName.Equals("security.ssl.require_safe_negotiation")) {
-+        mPrefBranch->GetBoolPref("security.ssl.require_safe_negotiation", &enabled);
-+        SSL_OptionSetDefault(SSL_REQUIRE_SAFE_NEGOTIATION, enabled);
-+      } else if (prefName.Equals("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref")) {
-+        mPrefBranch->GetBoolPref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", &enabled);
-+        SSL_OptionSetDefault(SSL_ENABLE_RENEGOTIATION, 
-+          enabled ? SSL_RENEGOTIATE_UNRESTRICTED : SSL_RENEGOTIATE_REQUIRES_XTN);
-+      } else if (prefName.Equals("security.ssl.renego_unrestricted_hosts")) {
-+        char *unrestricted_hosts=nsnull;
-+        mPrefBranch->GetCharPref("security.ssl.renego_unrestricted_hosts", &unrestricted_hosts);
-+        if (unrestricted_hosts) {
-+          nsSSLIOLayerHelpers::setRenegoUnrestrictedSites(nsDependentCString(unrestricted_hosts));
-+          nsMemory::Free(unrestricted_hosts);
-+        }
-+      } else if (prefName.Equals("security.ssl.treat_unsafe_negotiation_as_broken")) {
-+        mPrefBranch->GetBoolPref("security.ssl.treat_unsafe_negotiation_as_broken", &enabled);
-+        nsSSLIOLayerHelpers::setTreatUnsafeNegotiationAsBroken(enabled);
-+      } else if (prefName.Equals("security.ssl.warn_missing_rfc5746")) {
-+        PRInt32 warnLevel = 1;
-+        mPrefBranch->GetIntPref("security.ssl.warn_missing_rfc5746", &warnLevel);
-+        nsSSLIOLayerHelpers::setWarnLevelMissingRFC5746(warnLevel);
- #ifdef SSL_ENABLE_FALSE_START // Requires NSS 3.12.8
--    } else if (prefName.Equals("security.ssl.enable_false_start")) {
--      mPrefBranch->GetBoolPref("security.ssl.enable_false_start", &enabled);
--      SSL_OptionSetDefault(SSL_ENABLE_FALSE_START, enabled);
-+      } else if (prefName.Equals("security.ssl.enable_false_start")) {
-+        mPrefBranch->GetBoolPref("security.ssl.enable_false_start", &enabled);
-+        SSL_OptionSetDefault(SSL_ENABLE_FALSE_START, enabled);
- #endif
--    } else if (prefName.Equals("security.OCSP.enabled")
--               || prefName.Equals("security.OCSP.require")) {
--      setOCSPOptions(mPrefBranch);
--    } else {
--      /* Look through the cipher table and set according to pref setting */
--      for (CipherPref* cp = CipherPrefs; cp->pref; ++cp) {
--        if (prefName.Equals(cp->pref)) {
--          mPrefBranch->GetBoolPref(cp->pref, &enabled);
--          SSL_CipherPrefSetDefault(cp->id, enabled);
--          clearSessionCache = PR_TRUE;
--          break;
-+      } else if (prefName.Equals("security.OCSP.enabled")
-+                 || prefName.Equals("security.OCSP.require")) {
-+        setOCSPOptions(mPrefBranch);
-+      } else {
-+        /* Look through the cipher table and set according to pref setting */
-+        for (CipherPref* cp = CipherPrefs; cp->pref; ++cp) {
-+          if (prefName.Equals(cp->pref)) {
-+            mPrefBranch->GetBoolPref(cp->pref, &enabled);
-+            SSL_CipherPrefSetDefault(cp->id, enabled);
-+            clearSessionCache = PR_TRUE;
-+            break;
-+          }
-         }
-       }
-+      if (clearSessionCache)
-+        SSL_ClearSessionCache();
-     }
--    if (clearSessionCache)
--      SSL_ClearSessionCache();
-   }
-   else if (nsCRT::strcmp(aTopic, PROFILE_CHANGE_NET_TEARDOWN_TOPIC) == 0) {
-     PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("receiving network teardown topic\n"));
-@@ -2463,16 +2512,19 @@ nsNSSComponent::RememberCert(CERTCertificate *cert)
-   return NS_OK;
- }
- 
--void
-+PRBool
- nsNSSComponent::DoProfileApproveChange(nsISupports* aSubject)
- {
-   if (mShutdownObjectList->isUIActive()) {
-+    PR_LOG(gPIPNSSLog, PR_LOG_WARN, ("NSS UI active in profile change!\n"));
-     ShowAlert(ai_crypto_ui_active);
-     nsCOMPtr<nsIProfileChangeStatus> status = do_QueryInterface(aSubject);
-     if (status) {
-       status->VetoChange();
-     }
-+    return false;
-   }
-+  return true;
- }
- 
- void
-@@ -2485,16 +2537,18 @@ nsNSSComponent::DoProfileChangeNetTeardown()
-   mIsNetworkDown = PR_TRUE;
- }
- 
--void
-+PRBool
- nsNSSComponent::DoProfileChangeTeardown(nsISupports* aSubject)
- {
-   PRBool callVeto = PR_FALSE;
- 
-   if (!mShutdownObjectList->ifPossibleDisallowUI()) {
-     callVeto = PR_TRUE;
-+    PR_LOG(gPIPNSSLog, PR_LOG_WARN, ("NSS: Not possible to disallow UI!\n"));
-     ShowAlert(ai_crypto_ui_active);
-   }
-   else if (mShutdownObjectList->areSSLSocketsActive()) {
-+    PR_LOG(gPIPNSSLog, PR_LOG_WARN, ("NSS: SSL Sockets are active!\n"));
-     callVeto = PR_TRUE;
-     ShowAlert(ai_sockets_still_active);
-   }
-@@ -2505,9 +2559,11 @@ nsNSSComponent::DoProfileChangeTeardown(nsISupports* aSubject)
-       status->VetoChange();
-     }
-   }
-+
-+  return !callVeto;
- }
- 
--void
-+PRBool
- nsNSSComponent::DoProfileBeforeChange(nsISupports* aSubject)
- {
-   NS_ASSERTION(mIsNetworkDown, "nsNSSComponent relies on profile manager to wait for synchronous shutdown of all network activity");
-@@ -2526,16 +2582,20 @@ nsNSSComponent::DoProfileBeforeChange(nsISupports* aSubject)
-   }
-     
-   StopCRLUpdateTimer();
-+  PRBool allow_change = PR_TRUE;
- 
-   if (needsCleanup) {
-     if (NS_FAILED(ShutdownNSS())) {
-+      PR_LOG(gPIPNSSLog, PR_LOG_WARN, ("NSS: Shutdown failed\n"));
-       nsCOMPtr<nsIProfileChangeStatus> status = do_QueryInterface(aSubject);
-       if (status) {
-         status->ChangeFailed();
-       }
-+      allow_change = PR_FALSE;
-     }
-   }
-   mShutdownObjectList->allowUI();
-+  return allow_change;
- }
- 
- void
--- 
-1.7.3.4
-
diff --git a/src/archived-patches/0003-Firefox5-Make-Permissions-Manager-memory-only.patch b/src/archived-patches/0003-Firefox5-Make-Permissions-Manager-memory-only.patch
deleted file mode 100644
index 1384245..0000000
--- a/src/archived-patches/0003-Firefox5-Make-Permissions-Manager-memory-only.patch
+++ /dev/null
@@ -1,94 +0,0 @@
-From 16bafbf39c89cce901af6500255822677bc4c36d Mon Sep 17 00:00:00 2001
-From: Mike Perry <mikeperry-git@xxxxxxxxxx>
-Date: Mon, 20 Jun 2011 17:07:56 -0700
-Subject: [PATCH 3/3] Firefox5: Make Permissions Manager memory-only
-
-This patch exposes a pref 'permissions.memory_only' that properly isolates the
-permissions manager to memory, which is responsible for all user specified
-site permissions, as well as stored STS policy.
-
-The pref does successfully clear the permissions manager memory if toggled. It
-does not need to be set in prefs.js, and can be handled by Torbutton.
-
-https://trac.torproject.org/projects/tor/ticket/2950
----
- extensions/cookie/nsPermissionManager.cpp |   34 ++++++++++++++++++++++++++--
- 1 files changed, 31 insertions(+), 3 deletions(-)
-
-diff --git a/extensions/cookie/nsPermissionManager.cpp b/extensions/cookie/nsPermissionManager.cpp
-index 773a973..5387397 100644
---- a/extensions/cookie/nsPermissionManager.cpp
-+++ b/extensions/cookie/nsPermissionManager.cpp
-@@ -58,6 +58,10 @@
- #include "mozStorageHelper.h"
- #include "mozStorageCID.h"
- #include "nsXULAppAPI.h"
-+#include "nsCOMPtr.h"
-+#include "nsIPrefService.h"
-+#include "nsIPrefBranch.h"
-+#include "nsIPrefBranch2.h"
- 
- static nsPermissionManager *gPermissionManager = nsnull;
- 
-@@ -227,6 +231,11 @@ nsPermissionManager::Init()
-     mObserverService->AddObserver(this, "profile-do-change", PR_TRUE);
-   }
- 
-+  nsCOMPtr<nsIPrefBranch2> pbi = do_GetService(NS_PREFSERVICE_CONTRACTID);
-+  if (pbi) {
-+    pbi->AddObserver("permissions.", this, PR_FALSE);
-+  }
-+
-   if (IsChildProcess()) {
-     // Get the permissions from the parent process
-     InfallibleTArray<IPC::Permission> perms;
-@@ -275,8 +284,18 @@ nsPermissionManager::InitDB(PRBool aRemoveFile)
-   if (!storage)
-     return NS_ERROR_UNEXPECTED;
- 
-+  PRBool memory_db = false;
-+  nsCOMPtr<nsIPrefBranch> prefs = do_GetService(NS_PREFSERVICE_CONTRACTID);
-+  if (prefs) {
-+    prefs->GetBoolPref("permissions.memory_only", &memory_db); 
-+  }
-+
-   // cache a connection to the hosts database
--  rv = storage->OpenDatabase(permissionsFile, getter_AddRefs(mDBConn));
-+  if (memory_db) {
-+    rv = storage->OpenSpecialDatabase("memory", getter_AddRefs(mDBConn));
-+  } else {
-+    rv = storage->OpenDatabase(permissionsFile, getter_AddRefs(mDBConn));
-+  }
-   NS_ENSURE_SUCCESS(rv, rv);
- 
-   PRBool ready;
-@@ -286,7 +305,11 @@ nsPermissionManager::InitDB(PRBool aRemoveFile)
-     rv = permissionsFile->Remove(PR_FALSE);
-     NS_ENSURE_SUCCESS(rv, rv);
- 
--    rv = storage->OpenDatabase(permissionsFile, getter_AddRefs(mDBConn));
-+    if (memory_db) {
-+      rv = storage->OpenSpecialDatabase("memory", getter_AddRefs(mDBConn));
-+    } else {
-+      rv = storage->OpenDatabase(permissionsFile, getter_AddRefs(mDBConn));
-+    }
-     NS_ENSURE_SUCCESS(rv, rv);
- 
-     mDBConn->GetConnectionReady(&ready);
-@@ -805,7 +828,12 @@ NS_IMETHODIMP nsPermissionManager::Observe(nsISupports *aSubject, const char *aT
- {
-   ENSURE_NOT_CHILD_PROCESS;
- 
--  if (!nsCRT::strcmp(aTopic, "profile-before-change")) {
-+  if (nsCRT::strcmp(aTopic, NS_PREFBRANCH_PREFCHANGE_TOPIC_ID) == 0) {
-+    if (!nsCRT::strcmp(someData, NS_LITERAL_STRING("permissions.memory_only").get())) {
-+      // XXX: Should we remove the file? Probably not..
-+      InitDB(PR_FALSE);
-+    }
-+  } else if (!nsCRT::strcmp(aTopic, "profile-before-change")) {
-     // The profile is about to change,
-     // or is going away because the application is shutting down.
-     if (!nsCRT::strcmp(someData, NS_LITERAL_STRING("shutdown-cleanse").get())) {
--- 
-1.7.3.4
-
diff --git a/src/archived-patches/0004-Firefox4-Make-Permissions-Manager-memory-only.patch b/src/archived-patches/0004-Firefox4-Make-Permissions-Manager-memory-only.patch
deleted file mode 100644
index 8f7ddd9..0000000
--- a/src/archived-patches/0004-Firefox4-Make-Permissions-Manager-memory-only.patch
+++ /dev/null
@@ -1,94 +0,0 @@
-From 6f37edd80181906c37ace589fc26eabf6731b09d Mon Sep 17 00:00:00 2001
-From: Mike Perry <mikeperry-git@xxxxxxxxxx>
-Date: Mon, 20 Jun 2011 17:07:56 -0700
-Subject: [PATCH 4/4] Firefox4: Make Permissions Manager memory-only
-
-This patch exposes a pref 'permissions.memory_only' that properly isolates the
-permissions manager to memory, which is responsible for all user specified
-site permissions, as well as stored STS policy.
-
-The pref does successfully clear the permissions manager memory if toggled. It
-does not need to be set in prefs.js, and can be handled by Torbutton.
-
-https://trac.torproject.org/projects/tor/ticket/2950
----
- extensions/cookie/nsPermissionManager.cpp |   34 ++++++++++++++++++++++++++--
- 1 files changed, 31 insertions(+), 3 deletions(-)
-
-diff --git a/extensions/cookie/nsPermissionManager.cpp b/extensions/cookie/nsPermissionManager.cpp
-index d182013..0a1aea6 100644
---- a/extensions/cookie/nsPermissionManager.cpp
-+++ b/extensions/cookie/nsPermissionManager.cpp
-@@ -60,6 +60,10 @@
- #include "mozStorageHelper.h"
- #include "mozStorageCID.h"
- #include "nsXULAppAPI.h"
-+#include "nsCOMPtr.h"
-+#include "nsIPrefService.h"
-+#include "nsIPrefBranch.h"
-+#include "nsIPrefBranch2.h"
- 
- static nsPermissionManager *gPermissionManager = nsnull;
- 
-@@ -233,6 +237,11 @@ nsPermissionManager::Init()
-     mObserverService->AddObserver(this, "profile-do-change", PR_TRUE);
-   }
- 
-+  nsCOMPtr<nsIPrefBranch2> pbi = do_GetService(NS_PREFSERVICE_CONTRACTID);
-+  if (pbi) {
-+    pbi->AddObserver("permissions.", this, PR_FALSE);
-+  }
-+
- #ifdef MOZ_IPC
-   if (IsChildProcess()) {
-     // Get the permissions from the parent process
-@@ -283,8 +292,18 @@ nsPermissionManager::InitDB(PRBool aRemoveFile)
-   if (!storage)
-     return NS_ERROR_UNEXPECTED;
- 
-+  PRBool memory_db = false;
-+  nsCOMPtr<nsIPrefBranch> prefs = do_GetService(NS_PREFSERVICE_CONTRACTID);
-+  if (prefs) {
-+    prefs->GetBoolPref("permissions.memory_only", &memory_db); 
-+  }
-+
-   // cache a connection to the hosts database
--  rv = storage->OpenDatabase(permissionsFile, getter_AddRefs(mDBConn));
-+  if (memory_db) {
-+    rv = storage->OpenSpecialDatabase("memory", getter_AddRefs(mDBConn));
-+  } else {
-+    rv = storage->OpenDatabase(permissionsFile, getter_AddRefs(mDBConn));
-+  }
-   NS_ENSURE_SUCCESS(rv, rv);
- 
-   PRBool ready;
-@@ -294,7 +313,11 @@ nsPermissionManager::InitDB(PRBool aRemoveFile)
-     rv = permissionsFile->Remove(PR_FALSE);
-     NS_ENSURE_SUCCESS(rv, rv);
- 
--    rv = storage->OpenDatabase(permissionsFile, getter_AddRefs(mDBConn));
-+    if (memory_db) {
-+      rv = storage->OpenSpecialDatabase("memory", getter_AddRefs(mDBConn));
-+    } else {
-+      rv = storage->OpenDatabase(permissionsFile, getter_AddRefs(mDBConn));
-+    }
-     NS_ENSURE_SUCCESS(rv, rv);
- 
-     mDBConn->GetConnectionReady(&ready);
-@@ -825,7 +848,12 @@ NS_IMETHODIMP nsPermissionManager::Observe(nsISupports *aSubject, const char *aT
-   ENSURE_NOT_CHILD_PROCESS;
- #endif
- 
--  if (!nsCRT::strcmp(aTopic, "profile-before-change")) {
-+  if (nsCRT::strcmp(aTopic, NS_PREFBRANCH_PREFCHANGE_TOPIC_ID) == 0) {
-+    if (!nsCRT::strcmp(someData, NS_LITERAL_STRING("permissions.memory_only").get())) {
-+      // XXX: Should we remove the file? Probably not..
-+      InitDB(PR_FALSE);
-+    }
-+  } else if (!nsCRT::strcmp(aTopic, "profile-before-change")) {
-     // The profile is about to change,
-     // or is going away because the application is shutting down.
-     if (!nsCRT::strcmp(someData, NS_LITERAL_STRING("shutdown-cleanse").get())) {
--- 
-1.7.3.4
-
diff --git a/src/archived-patches/0005-Smash-the-state.patch b/src/archived-patches/0005-Smash-the-state.patch
deleted file mode 100644
index 16b03ea..0000000
--- a/src/archived-patches/0005-Smash-the-state.patch
+++ /dev/null
@@ -1,37 +0,0 @@
-From b6b74cdac09ed294ea1b965e39e4e9ae64c5cbd8 Mon Sep 17 00:00:00 2001
-From: Mike Perry <mikeperry-git@xxxxxxxxxx>
-Date: Sat, 3 Sep 2011 03:00:26 -0700
-Subject: [PATCH 7/7] Smash the state.
-
-What happened to you, Nederlanden? You used to be cool.
-
-This exemption is insecure as-is anyway, because we have no way of verifying
-that DigiNotar wasn't compromised enough to allow the attacker to sign
-certificates with an issuer string matching this exemption. The adversary
-would then be able to create a chain of Entrust -> DigiNotar -> "Staat der
-Nederlanden" -> *.torproject.org or *.google.com.
----
- security/manager/ssl/src/nsNSSCallbacks.cpp |    7 -------
- 1 files changed, 0 insertions(+), 7 deletions(-)
-
-diff --git a/security/manager/ssl/src/nsNSSCallbacks.cpp b/security/manager/ssl/src/nsNSSCallbacks.cpp
-index 5e3a888..43e1c19 100644
---- a/security/manager/ssl/src/nsNSSCallbacks.cpp
-+++ b/security/manager/ssl/src/nsNSSCallbacks.cpp
-@@ -1065,13 +1065,6 @@ PSM_SSL_BlacklistDigiNotar(CERTCertificate * serverCert,
-         }
-       }
-     }
--
--    // By request of the Dutch government
--    if (!strcmp(node->cert->issuerName,
--                "CN=Staat der Nederlanden Root CA,O=Staat der Nederlanden,C=NL") &&
--        CERT_LIST_END(CERT_LIST_NEXT(node), serverCertChain)) {
--      return 0;
--    }
-   }
- 
-   if (isDigiNotarIssuedCert)
--- 
-1.7.3.4
-
diff --git a/src/archived-patches/vidalia-altlauncher.patch b/src/archived-patches/vidalia-altlauncher.patch
deleted file mode 100755
index f5e8f79..0000000
--- a/src/archived-patches/vidalia-altlauncher.patch
+++ /dev/null
@@ -1,185 +0,0 @@
-Index: src/common/file.cpp
-===================================================================
---- src/common/file.cpp	(revision 3023)
-+++ src/common/file.cpp	(working copy)
-@@ -64,6 +64,43 @@
-   return true;
- }
- 
-+/** Recursively copy the contents of one directory to another. The
-+ * destination must already exist. Returns true on success, and false
-+ * otherwise. */
-+bool
-+copy_dir(QString source, QString dest)
-+{
-+  /* Source and destination as QDir's */
-+  QDir src(source);
-+  QDir dst(dest);
-+  
-+  /* Get contents of the directory */
-+  QFileInfoList contents = src.entryInfoList(QDir::Files | QDir::Dirs | QDir::NoDotAndDotDot);
-+
-+  /* Copy each entry in src to dst */
-+  foreach (QFileInfo fileInfo, contents) {
-+    /* Get absolute path of source and destination */
-+    QString fileName = fileInfo.fileName();
-+    QString srcFilePath = src.absoluteFilePath(fileName);
-+    QString dstFilePath = dst.absoluteFilePath(fileName);
-+
-+    if (fileInfo.isDir()) {
-+      /* This is a directory, make it and recurse */
-+      if (!dst.mkdir(fileName))
-+	return false;
-+      if (!copy_dir(srcFilePath, dstFilePath))
-+	return false;
-+    } else if (fileInfo.isFile()) {
-+      /* This is a file, copy it */
-+      if (!QFile::copy(srcFilePath, dstFilePath))
-+	return false;
-+    } 
-+    /* Ignore special files (e.g. symlinks, devices) */
-+
-+  }
-+  return true;
-+}
-+
- /** Expands <b>filename</b> if it starts with "~/". On Windows, this will
-  * expand "%APPDATA%" and "%PROGRAMFILES%". If <b>filename</b> does not
-  * start with a shortcut, <b>filename</b> will be returned unmodified. */
-Index: src/common/file.h
-===================================================================
---- src/common/file.h	(revision 3023)
-+++ src/common/file.h	(working copy)
-@@ -32,6 +32,11 @@
-  * expand "%APPDATA%" and "%PROGRAMFILES%". If <b>filename</b> does not
-  * start with a shortcut, <b>filename</b> will be returned unmodified. */
- QString expand_filename(QString filename);
-+    
-+/** Recursively copy the contents of one directory to another. The
-+ * destination must already exist. Returns true on success, and false
-+ * otherwise. */
-+bool copy_dir(QString source, QString dest);
- 
- #endif
- 
-Index: src/vidalia/mainwindow.cpp
-===================================================================
---- src/vidalia/mainwindow.cpp	(revision 3024)
-+++ src/vidalia/mainwindow.cpp	(working copy)
-@@ -29,6 +29,8 @@
- #include <dangerousversionevent.h>
- #include <vmessagebox.h>
- 
-+#include "procutil.h"
-+
- #include "mainwindow.h"
- 
- #define IMG_BWGRAPH        ":/images/16x16/utilities-system-monitor.png"
-@@ -459,15 +461,32 @@
-   env << "MOZ_NO_REMOTE=1";
-   _browserProcess->setEnvironment(env);
- 
--  /* The browser is in DIR/App/Firefox/firefox.exe */
-+  /* The browser is in DIR/App/Firefox/tbb-firefox.exe */
-   QString browserExecutable =
--    QDir::toNativeSeparators(browserDirectory + "/App/Firefox/firefox.exe");
--  /* The profile is in DIR/Data/Firefox/profile */
-+    QDir::toNativeSeparators(browserDirectory + "/App/Firefox/tbb-firefox.exe");
-+  /* The profile is in DIR/Data/profile */
-   QString profileDir =
--    QDir::toNativeSeparators(browserDirectory + "/Data/Firefox/profile");
-+    QDir::toNativeSeparators(browserDirectory + "/Data/profile");
- 
-+  /* Copy the profile directory if it's not already there */
-+  QDir browserDirObj = QDir(browserDirectory);
-+
-+  /* Copy the profile directory if it's not already there */
-+  if (!browserDirObj.exists("Data/profile")) {
-+    browserDirObj.mkdir("Data/profile");
-+    copy_dir(browserDirectory + "/App/DefaultData/profile", browserDirectory + "/Data/profile");
-+  }
-+
-+  /* Copy the plugins directory if it's not already there */
-+  if (!browserDirObj.exists("Data/plugins")) {
-+    browserDirObj.mkdir("Data/plugins");
-+    copy_dir(browserDirectory + "/App/DefaultData/plugins", browserDirectory + "/Data/plugins");
-+  }
-+
-   /* Build the command line arguments */
-   QStringList commandLine;
-+  // Is this better or worse than MOZ_NO_REMOTE?
-+  //commandLine << "-no-remote";
-   commandLine << "-profile";
-   commandLine << profileDir;
- 
-@@ -510,17 +529,53 @@
-   /* Get path to browser and IM client */
-   VidaliaSettings settings;
-   QString browserExecutable = settings.getBrowserExecutable();
-+  QString browserDirectory = settings.getBrowserDirectory();
-   QString imExecutable = settings.getIMExecutable();
- 
-   /* A subprocess is finished if it successfully exited or was never asked to start */
--  bool browserDone = browserExecutable.isEmpty() || _browserProcess->isDone();
-+  bool browserDone = (browserExecutable.isEmpty() && browserDirectory.isEmpty()) || _browserProcess->isDone();
-   bool imDone = imExecutable.isEmpty() || _imProcess->isDone();
- 
-   /* Exit if both subprocesses are finished */
--  if (browserDone && imDone)
--    shutdown();
-+  if (browserDone && imDone) {
-+    if (browserDirectory.isEmpty()) {
-+      /* We are using the standard launcher, exit immediately */
-+      shutdown();
-+    } else {
-+      /* We are using the alternate launcher, wait until the browser has really died */
-+      QTimer *browserWatcher = new QTimer(this);
-+      connect(browserWatcher, SIGNAL(timeout()), this, SLOT(onCheckForBrowser()));
-+      browserWatcher->start(2000);
-+    }
-+  }
- }
- 
-+/** Called periodically to check if the browser is running. If it is not,
-+ * exit Vidalia cleanly */
-+void
-+MainWindow::onCheckForBrowser()
-+{
-+/* This only works on Windows for now */
-+#if defined(Q_OS_WIN)
-+
-+  /* Get list of running processes */
-+  QHash<qint64, QString> procList = win32_process_list();
-+  QHashIterator<qint64, QString> i(procList);
-+      
-+  /* Loop over all processes or until we find tbb-firefox.exe */
-+  while (i.hasNext()) {
-+    i.next();
-+    if (i.value().toLower() == "tbb-firefox.exe") {
-+      /* The browser is still running, so Vidalia should keep running too */
-+      return;
-+    }
-+  }
-+
-+  /* The browser isn't running, exit Vidalia */
-+  shutdown();
-+#endif  
-+}
-+
- /** Called when the web browser failed to start, for example, because the path
-  * specified to the web browser executable didn't lead to an executable. */
- void
-Index: src/vidalia/mainwindow.h
-===================================================================
---- src/vidalia/mainwindow.h	(revision 3024)
-+++ src/vidalia/mainwindow.h	(working copy)
-@@ -104,6 +104,9 @@
-   void toggleShowOnStartup(bool checked);
-   /** Called when the web browser or IM client have stopped */
-   void onSubprocessFinished(int exitCode, QProcess::ExitStatus exitStatus);
-+  /** Called periodically to check if the browser is running. If it is not,
-+   * exit Vidalia cleanly */
-+  void onCheckForBrowser();
-   /** Called web the web browser failed to start */
-   void onBrowserFailed(QString errmsg);
-   /** Called web the IM client failed to start */
diff --git a/src/archived-patches/vidalia-miniupnp.patch b/src/archived-patches/vidalia-miniupnp.patch
deleted file mode 100644
index 8f535de..0000000
--- a/src/archived-patches/vidalia-miniupnp.patch
+++ /dev/null
@@ -1,185 +0,0 @@
-Index: src/vidalia/config/serversettings.cpp
-===================================================================
---- src/vidalia/config/serversettings.cpp	(revision 2498)
-+++ src/vidalia/config/serversettings.cpp	(working copy)
-@@ -137,7 +137,7 @@
-   if (isServerEnabled()) {
-     /* Configure UPnP device to forward DirPort and OrPort */
-     /* TODO: does isServerEnabled() return true when a server is just set up? */
--    configurePortForwarding();
-+    configurePortForwarding(true);
-     rc = torControl()->setConf(confValues(), errmsg);
-   } else { 
-     QStringList resetKeys;
-@@ -156,6 +156,7 @@
-                 << SETTING_BANDWIDTH_BURST;
-     }
-     rc = torControl()->resetConf(resetKeys, errmsg);
-+    configurePortForwarding(false);
-   }
-   return rc;
- }
-@@ -165,11 +166,16 @@
- /* TODO: init_upnp() will block for up to 2 seconds. We should fire off a thread */
- /** Configure UPnP device to forward DirPort and ORPort */
- void
--ServerSettings::configurePortForwarding()
-+ServerSettings::configurePortForwarding(boolean enable)
- {
- #ifdef USE_MINIUPNPC
-   UPNPControl *pUNPControl = UPNPControl::Instance();
--  pUNPControl->forwardPort(getORPort());
-+
-+  if (enable) {
-+    pUNPControl->forwardPort(getORPort());
-+  } else {
-+    pUNPControl->disableForwarding();
-+  }
- #endif
- }
- 
-Index: src/vidalia/config/serversettings.h
-===================================================================
---- src/vidalia/config/serversettings.h	(revision 2498)
-+++ src/vidalia/config/serversettings.h	(working copy)
-@@ -93,7 +93,7 @@
-   QHash<QString,QString> confValues();
- 
-   /** Configure UPnP device to forward DirPort and ORPort */
--  void configurePortForwarding();
-+  void configurePortForwarding(boolean enable);
- };
- 
- #endif
-Index: src/vidalia/config/upnpcontrol.cpp
-===================================================================
---- src/vidalia/config/upnpcontrol.cpp	(revision 2498)
-+++ src/vidalia/config/upnpcontrol.cpp	(working copy)
-@@ -27,6 +27,7 @@
- UPNPControl::UPNPControl()
- {
-   init_upnp();
-+  forwardedPort = 0;
- }
- 
- int
-@@ -68,9 +69,42 @@
-   
-   // Output the mapping
-   printf("(external):%s -> %s:%s\n", sPort, intClient, intPort);
-+  fflush(stdout);
-+
-+  // Save the mapping
-+  forwardedPort = port;
-+
-   return 0;
- }
- 
-+int
-+UPNPControl::disableForwarding()
-+{
-+  char sPort[6];
-+
-+  if (0 == forwardedPort)
-+    return 0;
-+
-+  // Convert the port number to a string
-+  snprintf(sPort, sizeof(sPort), "%d", forwardedPort);
-+
-+  int retval = UPNP_DeletePortMapping(urls.controlURL, data.servicetype, sPort, "TCP");
-+  if(UPNPCOMMAND_SUCCESS != retval) {
-+    printf("DeletePortMapping() failed with code %d\n", retval);
-+    return 1;
-+  }
-+
-+  // Output the cancelled mapping
-+  printf("(external):%s -> <>\n", sPort);
-+  fflush(stdout);
-+
-+  // Save the mapping
-+  forwardedPort = 0;
-+
-+  return 0;
-+}
-+
-+
- /** Based on http://miniupnp.free.fr/files/download.php?file=xchat-upnp20061022.patch */
- void
- UPNPControl::init_upnp()
-@@ -78,52 +112,13 @@
-   struct UPNPDev * devlist;
-   int retval;
- 
--  printf("TB : init_upnp()\n");
--
-   memset(&urls, 0, sizeof(struct UPNPUrls));
-   memset(&data, 0, sizeof(struct IGDdatas));
- 
-   devlist = upnpDiscover(2000, NULL, NULL);
-   retval = UPNP_GetValidIGD(devlist, &urls, &data, lanaddr, sizeof(lanaddr));
--  printf("UPNP: %d", retval);
-+  printf("GetValidIGD returned: %d\n", retval);
-+  fflush(stdout);
- 
-   freeUPNPDevlist(devlist);
- }
--
--/** Based on http://miniupnp.free.fr/files/download.php?file=xchat-upnp20061022.patch */
--void
--UPNPControl::upnp_add_redir(const char * addr, int port)
--{
--	char port_str[16];
--	int r;
--	printf("TB : upnp_add_redir (%s, %d)\n", addr, port);
--	if(urls.controlURL[0] == '\0')
--	{
--		printf("TB : the init was not done !\n");
--		fflush(stdout);
--		return;
--	}
--	
--	r = UPNP_AddPortMapping(urls.controlURL, data.servicetype,
--	                        port_str, port_str, addr, 0, "TCP");
--	if(r==0)
--		printf("AddPortMapping(%s, %s, %s) failed\n", port_str, port_str, addr);
--	fflush(stdout);
--}
--
--/** Based on http://miniupnp.free.fr/files/download.php?file=xchat-upnp20061022.patch */
--void
--UPNPControl::upnp_rem_redir(int port)
--{
--	char port_str[16];
--	int t;
--	printf("TB : upnp_rem_redir (%d)\n", port);
--	if(urls.controlURL[0] == '\0')
--	{
--		printf("TB : the init was not done !\n");
--		fflush(stdout);
--		return;
--	}
--	sprintf(port_str, "%d", port);
--	UPNP_DeletePortMapping(urls.controlURL, data.servicetype, port_str, "TCP");
--}
-Index: src/vidalia/config/upnpcontrol.h
-===================================================================
---- src/vidalia/config/upnpcontrol.h	(revision 2498)
-+++ src/vidalia/config/upnpcontrol.h	(working copy)
-@@ -31,6 +31,7 @@
- public:
-   static UPNPControl* Instance();
-   int forwardPort(quint16 port);
-+  int disableForwarding();
- protected:
-   UPNPControl();
- private:
-@@ -43,6 +44,9 @@
-   void init_upnp();
-   void upnp_add_redir (const char * addr, int port);
-   void upnp_rem_redir(int port);
-+
-+  /* Currently forwarded port */
-+  quint16 forwardedPort;
- };
- 
- #endif 
diff --git a/src/archived-patches/vidalia-startbrowser.patch b/src/archived-patches/vidalia-startbrowser.patch
deleted file mode 100644
index b7cfc2b..0000000
--- a/src/archived-patches/vidalia-startbrowser.patch
+++ /dev/null
@@ -1,254 +0,0 @@
-Index: src/vidalia/browserprocess.cpp
-===================================================================
---- src/vidalia/browserprocess.cpp	(revision 0)
-+++ src/vidalia/browserprocess.cpp	(revision 0)
-@@ -0,0 +1,32 @@
-+/**
-+ ** Test invoking Firefox from Qt
-+ ** Steven J. Murdoch <http://www.cl.cam.ac.uk/users/sjm217/>
-+ ** $Id: browserprocess.cpp 12682 2007-12-05 17:02:21Z sjm217 $
-+ **/
-+
-+#include <QString>
-+  
-+#include "browserprocess.h"
-+
-+BrowserProcess::BrowserProcess(QObject *parent)
-+: QProcess(parent)
-+{
-+  // Call error handling routine on errors
-+  QObject::connect(this, SIGNAL(error(QProcess::ProcessError)), this, SLOT(onError(QProcess::ProcessError)));
-+}
-+
-+void
-+BrowserProcess::start(QString app, QStringList args) 
-+{
-+  // Start the specified application
-+  QProcess::start(app, args, QIODevice::ReadOnly | QIODevice::Text);
-+}
-+
-+void
-+BrowserProcess::onError(QProcess::ProcessError error)
-+{
-+  // Pass up error messages on startup, but ignore the rest
-+  if (error == QProcess::FailedToStart) {
-+    emit startFailed(errorString());
-+  }
-+}
-Index: src/vidalia/browserprocess.h
-===================================================================
---- src/vidalia/browserprocess.h	(revision 0)
-+++ src/vidalia/browserprocess.h	(revision 0)
-@@ -0,0 +1,31 @@
-+/**
-+ ** Test invoking Firefox from Qt
-+ ** Steven J. Murdoch <http://www.cl.cam.ac.uk/users/sjm217/>
-+ ** $Id: browserprocess.h 12682 2007-12-05 17:02:21Z sjm217 $
-+ **/
-+
-+#ifndef _BROWSERPROCESS_H
-+#define _BROWSERPROCESS_H
-+
-+#include <QProcess>
-+
-+class BrowserProcess : public QProcess
-+{
-+  Q_OBJECT
-+
-+public:
-+  // Default constructor
-+  BrowserProcess(QObject *parent = 0);
-+  // Start the specified application
-+  void start(QString app, QStringList args);
-+
-+private slots:
-+  // Invoked when underlying QProcess fails
-+  void onError(QProcess::ProcessError error);
-+
-+signals:
-+  // Invoked when start() fails
-+  void startFailed(QString errorMessage);
-+};
-+
-+#endif
-Index: src/vidalia/CMakeLists.txt
-===================================================================
---- src/vidalia/CMakeLists.txt	(revision 2205)
-+++ src/vidalia/CMakeLists.txt	(working copy)
-@@ -176,6 +176,7 @@
-   vclicklabel.cpp
-   vidaliawindow.cpp
-   vmessagebox.cpp
-+  browserprocess.cpp
- )
- qt4_wrap_cpp(vidalia_SRCS
-   vidalia.h
-@@ -184,6 +185,7 @@
-   vclicklabel.h
-   vidaliawindow.h
-   vmessagebox.h
-+  browserprocess.h
- )
- 
- ## Specify all the Qt Designer .ui files
-Index: src/vidalia/config/vidaliasettings.cpp
-===================================================================
---- src/vidalia/config/vidaliasettings.cpp	(revision 2205)
-+++ src/vidalia/config/vidaliasettings.cpp	(working copy)
-@@ -42,6 +42,7 @@
- #define SETTING_RUN_TOR_AT_START    "RunTorAtStart"
- #define SETTING_DATA_DIRECTORY      "DataDirectory"
- #define SETTING_SHOW_MAINWINDOW_AT_START  "ShowMainWindowAtStart"
-+#define SETTING_BROWSER_EXECUTABLE  "BrowserExecutable"
- 
- #if defined(Q_OS_WIN32)
- #define STARTUP_REG_KEY        "Software\\Microsoft\\Windows\\CurrentVersion\\Run"
-@@ -72,6 +73,7 @@
-   setDefault(SETTING_LANGUAGE, LanguageSupport::defaultLanguageCode());
-   setDefault(SETTING_RUN_TOR_AT_START, true);
-   setDefault(SETTING_SHOW_MAINWINDOW_AT_START, true);
-+  setDefault(SETTING_BROWSER_EXECUTABLE, "");
- }
- 
- /** Gets the currently preferred language code for Vidalia. */
-@@ -168,3 +170,19 @@
- #endif
- }
- 
-+/** Returns a fully-qualified path to the web browser, including the
-+ * executable name. */
-+QString
-+VidaliaSettings::getBrowserExecutable() const
-+{
-+  return QDir::convertSeparators(value(SETTING_BROWSER_EXECUTABLE).toString());
-+}
-+
-+/** Sets the location and name of the web browser executable to the given string.
-+ * If set to the empty string, the browser will not be started. */
-+void
-+VidaliaSettings::setBrowserExecutable(const QString &browserExecutable)
-+{
-+  setValue(SETTING_BROWSER_EXECUTABLE, browserExecutable);
-+}
-+
-Index: src/vidalia/config/vidaliasettings.h
-===================================================================
---- src/vidalia/config/vidaliasettings.h	(revision 2205)
-+++ src/vidalia/config/vidaliasettings.h	(working copy)
-@@ -71,6 +71,13 @@
-   bool runVidaliaOnBoot();
-   /** Set whether to run Vidalia on system boot. */
-   void setRunVidaliaOnBoot(bool run);
-+
-+  /** Returns a fully-qualified path to the web browser, including the
-+   * executable name. */
-+  QString getBrowserExecutable() const;
-+  /** Sets the location and name of the web browser executable to the given string.
-+   * If set to the empty string, the browser will not be started. */
-+  void setBrowserExecutable(const QString &browserExecutable);
- };
- 
- #endif
-Index: src/vidalia/mainwindow.cpp
-===================================================================
---- src/vidalia/mainwindow.cpp	(revision 2205)
-+++ src/vidalia/mainwindow.cpp	(working copy)
-@@ -152,6 +152,13 @@
-   _torControl->setEvent(TorEvents::ClientStatus,  this, true);
-   _torControl->setEvent(TorEvents::GeneralStatus, this, true);
- 
-+  /* Create a new BrowserProcess object, used to start the web browser */
-+  _browserProcess = new BrowserProcess(this);
-+  connect(_browserProcess, SIGNAL(finished(int, QProcess::ExitStatus)),
-+	         this, SLOT(onBrowserFinished(int, QProcess::ExitStatus)));
-+  connect(_browserProcess, SIGNAL(startFailed(QString)),
-+	         this, SLOT(onBrowserFailed(QString)));
-+
-   /* Catch signals when the application is running or shutting down */
-   connect(vApp, SIGNAL(running()), this, SLOT(running()));
-   connect(vApp, SIGNAL(shutdown()), this, SLOT(shutdown()));
-@@ -427,6 +434,35 @@
- #endif
- }
- 
-+/** Starts the web browser, if appropriately configured */
-+void MainWindow::startBrowser(TorStatus status)
-+{
-+  VidaliaSettings settings;
-+  QString executable = settings.getBrowserExecutable();
-+  
-+  if (!executable.isEmpty())
-+    _browserProcess->start(executable, QStringList());
-+}
-+
-+/** Called when browser has exited */
-+void MainWindow::onBrowserFinished(int exitCode, QProcess::ExitStatus exitStatus)
-+{
-+  shutdown();
-+}
-+
-+/** Called when the web browser, for example, because the path
-+ * specified to the web browser executable didn't lead to an executable. */
-+void
-+MainWindow::onBrowserFailed(QString errmsg)
-+{
-+  Q_UNUSED(errmsg);
-+ 
-+  /* Display an error message and see if the user wants some help */
-+  int response = VMessageBox::warning(this, tr("Error starting web browser"),
-+				      tr("Vidalia was unable to start the configured web browser"),
-+				      VMessageBox::Ok|VMessageBox::Default|VMessageBox::Escape);
-+}
-+
- /** Updates the UI to reflect Tor's current <b>status</b>. Returns the
-  * previously set TorStatus value.*/
- MainWindow::TorStatus
-@@ -1006,6 +1042,7 @@
- MainWindow::circuitEstablished()
- {
-   updateTorStatus(CircuitEstablished);
-+  startBrowser(CircuitEstablished);
- }
- 
- /** Checks the status of the current version of Tor to see if it's old,
-Index: src/vidalia/mainwindow.h
-===================================================================
---- src/vidalia/mainwindow.h	(revision 2205)
-+++ src/vidalia/mainwindow.h	(working copy)
-@@ -49,6 +49,7 @@
- #include "help/browser/helpbrowser.h"
- #include "network/netviewer.h"
- #include "ui_mainwindow.h"
-+#include "browserprocess.h"
- 
- 
- class MainWindow : public VidaliaWindow
-@@ -116,6 +117,10 @@
-   void showServerConfigDialog();
-   /** Called when the "show on startup" checkbox is toggled. */
-   void toggleShowOnStartup(bool checked);
-+  /** Called when the web browser has stopped */
-+  void onBrowserFinished(int exitCode, QProcess::ExitStatus exitStatus);
-+  /** Called web the web browser failed to start */
-+  void onBrowserFailed(QString errmsg);
-   
- #if QT_VERSION >= 0x040200 && !defined(Q_WS_MAC)
-   /** Displays the main window if <b>reason</b> is DoubleClick. */
-@@ -147,6 +152,8 @@
-   /** Updates the UI to reflect Tor's current <b>status</b>. Returns the
-    * previously set TorStatus value. */
-   TorStatus updateTorStatus(TorStatus status);
-+  /** Starts the web browser, if appropriately configured */
-+  void startBrowser(TorStatus status);
-   /** Converts a TorStatus enum value to a string for debug logging purposes. */
-   QString toString(TorStatus status);
-   /** Authenticates Vidalia to Tor's control port. */
-@@ -184,6 +191,8 @@
-   ConfigDialog* _configDialog;
-   /** A TorControl object that handles communication with Tor */
-   TorControl* _torControl;
-+  /** A BrowserProcess object that manages the web browser */
-+  BrowserProcess* _browserProcess;
-   /** Remembers the control password between when we start Tor with a hash of
-    * the password and when we need to provide the password itself. */
-   QString _controlPassword;
diff --git a/src/archived-patches/vidalia-startim.patch b/src/archived-patches/vidalia-startim.patch
deleted file mode 100644
index 09e1774..0000000
--- a/src/archived-patches/vidalia-startim.patch
+++ /dev/null
@@ -1,257 +0,0 @@
-Index: src/vidalia/config/vidaliasettings.cpp
-===================================================================
---- src/vidalia/config/vidaliasettings.cpp	(revision 2665)
-+++ src/vidalia/config/vidaliasettings.cpp	(working copy)
-@@ -32,6 +32,7 @@
- #define SETTING_DATA_DIRECTORY      "DataDirectory"
- #define SETTING_SHOW_MAINWINDOW_AT_START  "ShowMainWindowAtStart"
- #define SETTING_BROWSER_EXECUTABLE  "BrowserExecutable"
-+#define SETTING_IM_EXECUTABLE       "IMExecutable"
- #define SETTING_RUN_PROXY_AT_START  "RunProxyAtStart"
- #define SETTING_PROXY_EXECUTABLE    "ProxyExecutable"
- #define SETTING_PROXY_EXECUTABLE_ARGUMENTS  "ProxyExecutableArguments"
-@@ -66,6 +67,7 @@
-   setDefault(SETTING_RUN_TOR_AT_START, true);
-   setDefault(SETTING_SHOW_MAINWINDOW_AT_START, true);
-   setDefault(SETTING_BROWSER_EXECUTABLE, "");
-+  setDefault(SETTING_IM_EXECUTABLE, "");
-   setDefault(SETTING_RUN_PROXY_AT_START, false);
-   setDefault(SETTING_PROXY_EXECUTABLE, "");
-   setDefault(SETTING_PROXY_EXECUTABLE_ARGUMENTS, QStringList());
-@@ -181,6 +183,22 @@
-   setValue(SETTING_BROWSER_EXECUTABLE, browserExecutable);
- }
- 
-+/** Returns a fully-qualified path to the IM client, including the
-+ * executable name. */
-+QString
-+VidaliaSettings::getIMExecutable() const
-+{
-+  return QDir::convertSeparators(value(SETTING_IM_EXECUTABLE).toString());
-+}
-+
-+/** Sets the location and name of the IM client executable to the given string.
-+ * If set to the empty string, the client will not be started. */
-+void
-+VidaliaSettings::setIMExecutable(const QString &IMExecutable)
-+{
-+  setValue(SETTING_IM_EXECUTABLE, IMExecutable);
-+}
-+
- /** Returns true if Vidalia should start a proxy application when it
-  * starts. */
- bool
-Index: src/vidalia/config/vidaliasettings.h
-===================================================================
---- src/vidalia/config/vidaliasettings.h	(revision 2665)
-+++ src/vidalia/config/vidaliasettings.h	(working copy)
-@@ -68,6 +68,13 @@
-    * string. If set to the empty string, the browser will not be started. */
-   void setBrowserExecutable(const QString &browserExecutable);
- 
-+  /** Returns a fully-qualified path to the IM client, including the
-+   * executable name. */
-+  QString getIMExecutable() const;
-+  /** Sets the location and name of the IM client executable to the given
-+   * string. If set to the empty string, the client will not be started. */
-+  void setIMExecutable(const QString &IMExecutable);
-+
-   /** Returns true if Vidalia should start a proxy application when it
-    * starts. */
-   bool runProxyAtStart();
-Index: src/vidalia/helperprocess.cpp
-===================================================================
---- src/vidalia/helperprocess.cpp	(revision 2665)
-+++ src/vidalia/helperprocess.cpp	(working copy)
-@@ -50,6 +50,12 @@
-   // Call error handling routine on errors
-   QObject::connect(this, SIGNAL(error(QProcess::ProcessError)),
-                    this, SLOT(onError(QProcess::ProcessError)));
-+  // Call started handler on successful startup
-+  QObject::connect(this, SIGNAL(started()),
-+                   this, SLOT(onStart()));
-+
-+  // Mark as not having started
-+  _okStart = false;
- }
- 
- /** Start the specified application. */
-@@ -70,4 +76,16 @@
-   }
- }
- 
-+/** Invoked when underlying QProcess starts. */
-+void
-+HelperProcess::onStart()
-+{
-+  _okStart = true;
-+}
- 
-+/** Returns true iff process is not running. */
-+bool
-+HelperProcess::isDone() const
-+{
-+  return state() == NotRunning;
-+}
-Index: src/vidalia/helperprocess.h
-===================================================================
---- src/vidalia/helperprocess.h	(revision 2665)
-+++ src/vidalia/helperprocess.h	(working copy)
-@@ -53,10 +53,18 @@
-   HelperProcess(QObject *parent = 0);
-   /** Start the specified application. */
-   void start(const QString &app, const QStringList &args);
-+  /** Returns true iff process is not running. */
-+  bool isDone() const;
- 
-+private:
-+  /** True iff the underlying QProcess has sucessfully started */
-+  bool _okStart;
-+
- private slots:
-   /** Invoked when underlying QProcess fails. */
-   void onError(QProcess::ProcessError error);
-+  /** Invoked when underlying QProcess starts. */
-+  void onStart();
- 
- signals:
-   /** Invoked when start() fails. */
-Index: src/vidalia/mainwindow.cpp
-===================================================================
---- src/vidalia/mainwindow.cpp	(revision 2665)
-+++ src/vidalia/mainwindow.cpp	(working copy)
-@@ -128,10 +128,17 @@
-   /* Create a new HelperProcess object, used to start the web browser */
-   _browserProcess = new HelperProcess(this);
-   connect(_browserProcess, SIGNAL(finished(int, QProcess::ExitStatus)),
--           this, SLOT(onBrowserFinished(int, QProcess::ExitStatus)));
-+           this, SLOT(onSubprocessFinished(int, QProcess::ExitStatus)));
-   connect(_browserProcess, SIGNAL(startFailed(QString)),
-            this, SLOT(onBrowserFailed(QString)));
- 
-+  /* Create a new HelperProcess object, used to start the web browser */
-+  _imProcess = new HelperProcess(this);
-+  connect(_imProcess, SIGNAL(finished(int, QProcess::ExitStatus)),
-+           this, SLOT(onSubprocessFinished(int, QProcess::ExitStatus)));
-+  connect(_imProcess, SIGNAL(startFailed(QString)),
-+           this, SLOT(onIMFailed(QString)));
-+
-   /* Create a new HelperProcess object, used to start the proxy server */
-   _proxyProcess = new HelperProcess(this);
-   connect(_proxyProcess, SIGNAL(startFailed(QString)),
-@@ -409,26 +416,43 @@
- #endif
- }
- 
--/** Starts the web browser, if appropriately configured */
--void MainWindow::startBrowser()
-+/** Starts the web browser and IM client, if appropriately configured */
-+void MainWindow::startSubprocesses()
- {
-   VidaliaSettings settings;
-   QString executable = settings.getBrowserExecutable();
-   
-   if (!executable.isEmpty())
-     _browserProcess->start(executable, QStringList());
-+
-+  executable = settings.getIMExecutable();
-+
-+  if (!executable.isEmpty())
-+    _imProcess->start(executable, QStringList());
-+  
- }
- 
--/** Called when browser has exited */
--void MainWindow::onBrowserFinished(int exitCode, QProcess::ExitStatus exitStatus)
-+/** Called when browser or IM client have exited */
-+void MainWindow::onSubprocessFinished(int exitCode, QProcess::ExitStatus exitStatus)
- {
-   Q_UNUSED(exitCode)
-   Q_UNUSED(exitStatus)
- 
--  shutdown();
-+  /* Get path to browser and IM client */
-+  VidaliaSettings settings;
-+  QString browserExecutable = settings.getBrowserExecutable();
-+  QString imExecutable = settings.getIMExecutable();
-+
-+  /* A subprocess is finished if it successfully exited or was never asked to start */
-+  bool browserDone = browserExecutable.isEmpty() || _browserProcess->isDone();
-+  bool imDone = imExecutable.isEmpty() || _imProcess->isDone();
-+
-+  /* Exit if both subprocesses are finished */
-+  if (browserDone && imDone)
-+    shutdown();
- }
- 
--/** Called when the web browser, for example, because the path
-+/** Called when the web browser failed to start, for example, because the path
-  * specified to the web browser executable didn't lead to an executable. */
- void
- MainWindow::onBrowserFailed(QString errmsg)
-@@ -441,6 +465,19 @@
-               VMessageBox::Ok|VMessageBox::Default|VMessageBox::Escape);
- }
- 
-+/** Called when the IM client failed to start, for example, because the path
-+ * specified to the IM client executable didn't lead to an executable. */
-+void
-+MainWindow::onIMFailed(QString errmsg)
-+{
-+  Q_UNUSED(errmsg);
-+ 
-+  /* Display an error message and see if the user wants some help */
-+  VMessageBox::warning(this, tr("Error starting IM client"),
-+              tr("Vidalia was unable to start the configured IM client"),
-+              VMessageBox::Ok|VMessageBox::Default|VMessageBox::Escape);
-+}
-+
- /** Starts the proxy server, if appropriately configured */
- void MainWindow::startProxy()
- {
-@@ -1032,7 +1069,7 @@
- MainWindow::circuitEstablished()
- {
-   updateTorStatus(CircuitEstablished);
--  startBrowser();
-+  startSubprocesses();
- }
- 
- /** Checks the status of the current version of Tor to see if it's old,
-Index: src/vidalia/mainwindow.h
-===================================================================
---- src/vidalia/mainwindow.h	(revision 2665)
-+++ src/vidalia/mainwindow.h	(working copy)
-@@ -101,10 +101,12 @@
-   void showServerConfigDialog();
-   /** Called when the "show on startup" checkbox is toggled. */
-   void toggleShowOnStartup(bool checked);
--  /** Called when the web browser has stopped */
--  void onBrowserFinished(int exitCode, QProcess::ExitStatus exitStatus);
-+  /** Called when the web browser or IM client have stopped */
-+  void onSubprocessFinished(int exitCode, QProcess::ExitStatus exitStatus);
-   /** Called web the web browser failed to start */
-   void onBrowserFailed(QString errmsg);
-+  /** Called web the IM client failed to start */
-+  void onIMFailed(QString errmsg);
-   /** Called when the proxy server fails to start */
-   void onProxyFailed(QString errmsg);
- 
-@@ -137,7 +139,7 @@
-    * previously set TorStatus value. */
-   TorStatus updateTorStatus(TorStatus status);
-   /** Starts the web browser, if appropriately configured */
--  void startBrowser();
-+  void startSubprocesses();
-   /** Starts the proxy server, if appropriately configured */
-   void startProxy();
-   /** Converts a TorStatus enum value to a string for debug logging purposes. */
-@@ -179,6 +181,8 @@
-   TorControl* _torControl;
-   /** A HelperProcess object that manages the web browser */
-   HelperProcess* _browserProcess;
-+  /** A HelperProcess object that manages the IM client */
-+  HelperProcess* _imProcess;
-   /** A HelperProcess object that manages the proxy server */
-   HelperProcess* _proxyProcess;
-   /** Remembers the control password between when we start Tor with a hash of
diff --git a/src/archived-patches/vidalia-startproxy.patch b/src/archived-patches/vidalia-startproxy.patch
deleted file mode 100644
index a4a2929..0000000
--- a/src/archived-patches/vidalia-startproxy.patch
+++ /dev/null
@@ -1,429 +0,0 @@
-Index: src/vidalia/browserprocess.cpp
-===================================================================
---- src/vidalia/browserprocess.cpp	(revision 2320)
-+++ src/vidalia/browserprocess.cpp	(working copy)
-@@ -1,63 +0,0 @@
--/****************************************************************
-- *  This file was originally written by Steven J. Murdoch, and 
-- *  modified by Matt Edman. It is distributed under the following
-- *  license:
-- *
-- *  Copyright (C) 2007, Matt Edman
-- *  Copyright (C) 2007, Steven J. Murdoch 
-- *                      <http://www.cl.cam.ac.uk/users/sjm217/>
-- *
-- *  This program is free software; you can redistribute it and/or
-- *  modify it under the terms of the GNU General Public License
-- *  as published by the Free Software Foundation; either version 2
-- *  of the License, or (at your option) any later version.
-- *
-- *  This program is distributed in the hope that it will be useful,
-- *  but WITHOUT ANY WARRANTY; without even the implied warranty of
-- *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-- *  GNU General Public License for more details.
-- *
-- *  You should have received a copy of the GNU General Public License
-- *  along with this program; if not, write to the Free Software
-- *  Foundation, Inc., 51 Franklin Street, Fifth Floor, 
-- *  Boston, MA  02110-1301, USA.
-- ****************************************************************/
--
--/**
-- * \file browserprocess.cpp
-- * \version $Id$
-- * \brief Invokes a web browser process (originally by Steven. J. Murdoch)
-- */
--
--#include <QString>
--  
--#include "browserprocess.h"
--
--
--/** Default constructor */
--BrowserProcess::BrowserProcess(QObject *parent)
--: QProcess(parent)
--{
--  // Call error handling routine on errors
--  QObject::connect(this, SIGNAL(error(QProcess::ProcessError)),
--                   this, SLOT(onError(QProcess::ProcessError)));
--}
--
--/** Start the specified application. */
--void
--BrowserProcess::start(const QString &app, const QStringList &args) 
--{
--  // Start the specified application
--  QProcess::start(app, args, QIODevice::ReadOnly | QIODevice::Text);
--}
--
--/** Invoked when underlying QProcess fails. */
--void
--BrowserProcess::onError(QProcess::ProcessError error)
--{
--  // Pass up error messages on startup, but ignore the rest
--  if (error == QProcess::FailedToStart) {
--    emit startFailed(errorString());
--  }
--}
--
-Index: src/vidalia/browserprocess.h
-===================================================================
---- src/vidalia/browserprocess.h	(revision 2320)
-+++ src/vidalia/browserprocess.h	(working copy)
-@@ -1,57 +0,0 @@
--/****************************************************************
-- *  This file was originally written by Steven J. Murdoch, and 
-- *  modified by Matt Edman. It is distributed under the following
-- *  license:
-- * 
-- *  Copyright (C) 2007, Matt Edman
-- *  Copyright (C) 2007, Steven J. Murdoch 
-- *                      <http://www.cl.cam.ac.uk/users/sjm217/>
-- *
-- *  This program is free software; you can redistribute it and/or
-- *  modify it under the terms of the GNU General Public License
-- *  as published by the Free Software Foundation; either version 2
-- *  of the License, or (at your option) any later version.
-- *
-- *  This program is distributed in the hope that it will be useful,
-- *  but WITHOUT ANY WARRANTY; without even the implied warranty of
-- *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-- *  GNU General Public License for more details.
-- *
-- *  You should have received a copy of the GNU General Public License
-- *  along with this program; if not, write to the Free Software
-- *  Foundation, Inc., 51 Franklin Street, Fifth Floor, 
-- *  Boston, MA  02110-1301, USA.
-- ****************************************************************/
--
--/**
-- * \file browserprocess.cpp
-- * \version $Id$ 
-- * \brief Invokes a web browser process (originally by Steven. J. Murdoch)
-- */
--
--#ifndef _BROWSERPROCESS_H
--#define _BROWSERPROCESS_H
--
--#include <QProcess>
--
--
--class BrowserProcess : public QProcess
--{
--  Q_OBJECT
--
--public:
--  /** Default constructor */
--  BrowserProcess(QObject *parent = 0);
--  /** Start the specified application. */
--  void start(const QString &app, const QStringList &args);
--
--private slots:
--  /** Invoked when underlying QProcess fails. */
--  void onError(QProcess::ProcessError error);
--
--signals:
--  /** Invoked when start() fails. */
--  void startFailed(const QString &errorMessage);
--};
--
--#endif
-Index: src/vidalia/CMakeLists.txt
-===================================================================
---- src/vidalia/CMakeLists.txt	(revision 2320)
-+++ src/vidalia/CMakeLists.txt	(working copy)
-@@ -182,7 +182,7 @@
-   vclicklabel.cpp
-   vidaliawindow.cpp
-   vmessagebox.cpp
--  browserprocess.cpp
-+  helperprocess.cpp
- )
- qt4_wrap_cpp(vidalia_SRCS
-   vidalia.h
-@@ -191,7 +191,7 @@
-   vclicklabel.h
-   vidaliawindow.h
-   vmessagebox.h
--  browserprocess.h
-+  helperprocess.h
- )
- 
- ## Specify all the Qt Designer .ui files
-@@ -288,3 +288,4 @@
-   install(FILES vidalia.desktop DESTINATION share/applications)
- endif(NOT WIN32 AND NOT APPLE)
- 
-+
-Index: src/vidalia/config/vidaliasettings.cpp
-===================================================================
---- src/vidalia/config/vidaliasettings.cpp	(revision 2320)
-+++ src/vidalia/config/vidaliasettings.cpp	(working copy)
-@@ -43,6 +43,7 @@
- #define SETTING_DATA_DIRECTORY      "DataDirectory"
- #define SETTING_SHOW_MAINWINDOW_AT_START  "ShowMainWindowAtStart"
- #define SETTING_BROWSER_EXECUTABLE  "BrowserExecutable"
-+#define SETTING_PROXY_EXECUTABLE  "ProxyExecutable"
- 
- #if defined(Q_OS_WIN32)
- #define STARTUP_REG_KEY        "Software\\Microsoft\\Windows\\CurrentVersion\\Run"
-@@ -74,6 +75,7 @@
-   setDefault(SETTING_RUN_TOR_AT_START, true);
-   setDefault(SETTING_SHOW_MAINWINDOW_AT_START, true);
-   setDefault(SETTING_BROWSER_EXECUTABLE, "");
-+  setDefault(SETTING_PROXY_EXECUTABLE, "");
- }
- 
- /** Gets the currently preferred language code for Vidalia. */
-@@ -186,3 +188,18 @@
-   setValue(SETTING_BROWSER_EXECUTABLE, browserExecutable);
- }
- 
-+/** Returns a fully-qualified path to the proxy server, including the
-+ * executable name. */
-+QString
-+VidaliaSettings::getProxyExecutable() const
-+{
-+  return QDir::convertSeparators(value(SETTING_PROXY_EXECUTABLE).toString());
-+}
-+
-+/** Sets the location and name of the proxy server executable to the given string.
-+ * If set to the empty string, the proxy will not be started. */
-+void
-+VidaliaSettings::setProxyExecutable(const QString &proxyExecutable)
-+{
-+  setValue(SETTING_PROXY_EXECUTABLE, proxyExecutable);
-+}
-Index: src/vidalia/config/vidaliasettings.h
-===================================================================
---- src/vidalia/config/vidaliasettings.h	(revision 2320)
-+++ src/vidalia/config/vidaliasettings.h	(working copy)
-@@ -78,6 +78,14 @@
-   /** Sets the location and name of the web browser executable to the given string.
-    * If set to the empty string, the browser will not be started. */
-   void setBrowserExecutable(const QString &browserExecutable);
-+
-+  /** Returns a fully-qualified path to the proxy server, including the
-+   * executable name. */
-+  QString getProxyExecutable() const;
-+
-+  /** Sets the location and name of the proxy server executable to the given string.
-+   * If set to the empty string, the proxy will not be started. */
-+  void setProxyExecutable(const QString &proxyExecutable);
- };
- 
- #endif
-Index: src/vidalia/helperprocess.cpp
-===================================================================
---- src/vidalia/helperprocess.cpp	(revision 2320)
-+++ src/vidalia/helperprocess.cpp	(working copy)
-@@ -24,18 +24,18 @@
-  ****************************************************************/
- 
- /**
-- * \file browserprocess.cpp
-+ * \file helperprocess.cpp
-  * \version $Id$
-  * \brief Invokes a web browser process (originally by Steven. J. Murdoch)
-  */
- 
- #include <QString>
-   
--#include "browserprocess.h"
-+#include "helperprocess.h"
- 
- 
- /** Default constructor */
--BrowserProcess::BrowserProcess(QObject *parent)
-+HelperProcess::HelperProcess(QObject *parent)
- : QProcess(parent)
- {
-   // Call error handling routine on errors
-@@ -45,7 +45,7 @@
- 
- /** Start the specified application. */
- void
--BrowserProcess::start(const QString &app, const QStringList &args) 
-+HelperProcess::start(const QString &app, const QStringList &args) 
- {
-   // Start the specified application
-   QProcess::start(app, args, QIODevice::ReadOnly | QIODevice::Text);
-@@ -53,7 +53,7 @@
- 
- /** Invoked when underlying QProcess fails. */
- void
--BrowserProcess::onError(QProcess::ProcessError error)
-+HelperProcess::onError(QProcess::ProcessError error)
- {
-   // Pass up error messages on startup, but ignore the rest
-   if (error == QProcess::FailedToStart) {
-@@ -61,3 +61,4 @@
-   }
- }
- 
-+
-Index: src/vidalia/helperprocess.h
-===================================================================
---- src/vidalia/helperprocess.h	(revision 2320)
-+++ src/vidalia/helperprocess.h	(working copy)
-@@ -24,24 +24,24 @@
-  ****************************************************************/
- 
- /**
-- * \file browserprocess.cpp
-+ * \file helperprocess.cpp
-  * \version $Id$ 
-  * \brief Invokes a web browser process (originally by Steven. J. Murdoch)
-  */
- 
--#ifndef _BROWSERPROCESS_H
--#define _BROWSERPROCESS_H
-+#ifndef _HELPERPROCESS_H
-+#define _HELPERPROCESS_H
- 
- #include <QProcess>
- 
- 
--class BrowserProcess : public QProcess
-+class HelperProcess : public QProcess
- {
-   Q_OBJECT
- 
- public:
-   /** Default constructor */
--  BrowserProcess(QObject *parent = 0);
-+  HelperProcess(QObject *parent = 0);
-   /** Start the specified application. */
-   void start(const QString &app, const QStringList &args);
- 
-Index: src/vidalia/mainwindow.cpp
-===================================================================
---- src/vidalia/mainwindow.cpp	(revision 2320)
-+++ src/vidalia/mainwindow.cpp	(working copy)
-@@ -147,13 +147,18 @@
-   _torControl->setEvent(TorEvents::ClientStatus,  this, true);
-   _torControl->setEvent(TorEvents::GeneralStatus, this, true);
- 
--  /* Create a new BrowserProcess object, used to start the web browser */
--  _browserProcess = new BrowserProcess(this);
-+  /* Create a new HelperProcess object, used to start the web browser */
-+  _browserProcess = new HelperProcess(this);
-   connect(_browserProcess, SIGNAL(finished(int, QProcess::ExitStatus)),
-            this, SLOT(onBrowserFinished(int, QProcess::ExitStatus)));
-   connect(_browserProcess, SIGNAL(startFailed(QString)),
-            this, SLOT(onBrowserFailed(QString)));
- 
-+  /* Create a new HelperProcess object, used to start the proxy server */
-+  _proxyProcess = new HelperProcess(this);
-+  connect(_proxyProcess, SIGNAL(startFailed(QString)),
-+           this, SLOT(onProxyFailed(QString)));
-+
-   /* Catch signals when the application is running or shutting down */
-   connect(vApp, SIGNAL(running()), this, SLOT(running()));
-   connect(vApp, SIGNAL(shutdown()), this, SLOT(shutdown()));
-@@ -226,6 +231,9 @@
-     /* If we're supposed to start Tor when Vidalia starts, then do it now */
-     start();
-   }
-+
-+  /* Start the proxy server, if configured */
-+  startProxy();
- }
- 
- /** Terminate the Tor process if it is being run under Vidalia, disconnect all
-@@ -238,6 +246,11 @@
-     _torControl->stop();
-   }
- 
-+  if (_proxyProcess->state() != QProcess::NotRunning) {
-+    /* Close the proxy server (Polipo ignores the WM_CLOSE event sent by terminate() so we have to kill() it) */
-+    _proxyProcess->kill();
-+  }
-+
-   /* Disconnect all of the TorControl object's signals */
-   QObject::disconnect(_torControl, 0, 0, 0);
- 
-@@ -438,6 +451,29 @@
-               VMessageBox::Ok|VMessageBox::Default|VMessageBox::Escape);
- }
- 
-+/** Starts the proxy server, if appropriately configured */
-+void MainWindow::startProxy()
-+{
-+  VidaliaSettings settings;
-+  QString executable = settings.getProxyExecutable();
-+  
-+  if (!executable.isEmpty())
-+    _proxyProcess->start(executable, QStringList());
-+}
-+
-+/** Called when the proxy server fails to start, for example, because
-+ * the path specified didn't lead to an executable. */
-+void
-+MainWindow::onProxyFailed(QString errmsg)
-+{
-+  Q_UNUSED(errmsg);
-+ 
-+  /* Display an error message and see if the user wants some help */
-+  VMessageBox::warning(this, tr("Error starting proxy server"),
-+              tr("Vidalia was unable to start the configured proxy server"),
-+              VMessageBox::Ok|VMessageBox::Default|VMessageBox::Escape);
-+}
-+
- /** Updates the UI to reflect Tor's current <b>status</b>. Returns the
-  * previously set TorStatus value.*/
- MainWindow::TorStatus
-@@ -1151,3 +1187,4 @@
-   return "Unknown";
- }
- 
-+
-Index: src/vidalia/mainwindow.h
-===================================================================
---- src/vidalia/mainwindow.h	(revision 2320)
-+++ src/vidalia/mainwindow.h	(working copy)
-@@ -40,7 +40,7 @@
- #include "help/browser/helpbrowser.h"
- #include "network/netviewer.h"
- #include "ui_mainwindow.h"
--#include "browserprocess.h"
-+#include "helperprocess.h"
- 
- 
- class MainWindow : public VidaliaWindow
-@@ -112,6 +112,8 @@
-   void onBrowserFinished(int exitCode, QProcess::ExitStatus exitStatus);
-   /** Called web the web browser failed to start */
-   void onBrowserFailed(QString errmsg);
-+  /** Called when the proxy server fails to start */
-+  void onProxyFailed(QString errmsg);
-   
- private:
-   enum TorStatus {
-@@ -138,6 +140,8 @@
-   TorStatus updateTorStatus(TorStatus status);
-   /** Starts the web browser, if appropriately configured */
-   void startBrowser();
-+  /** Starts the proxy server, if appropriately configured */
-+  void startProxy();
-   /** Converts a TorStatus enum value to a string for debug logging purposes. */
-   QString toString(TorStatus status);
-   /** Authenticates Vidalia to Tor's control port. */
-@@ -175,8 +179,10 @@
-   ConfigDialog* _configDialog;
-   /** A TorControl object that handles communication with Tor */
-   TorControl* _torControl;
--  /** A BrowserProcess object that manages the web browser */
--  BrowserProcess* _browserProcess;
-+  /** A HelperProcess object that manages the web browser */
-+  HelperProcess* _browserProcess;
-+  /** A HelperProcess object that manages the proxy server */
-+  HelperProcess* _proxyProcess;
-   /** Remembers the control password between when we start Tor with a hash of
-    * the password and when we need to provide the password itself. */
-   QString _controlPassword;
-@@ -200,3 +206,4 @@
- 
- #endif
- 
-+
diff --git a/src/archived-patches/vidalia-startproxyarguments.patch b/src/archived-patches/vidalia-startproxyarguments.patch
deleted file mode 100644
index d92ee34..0000000
--- a/src/archived-patches/vidalia-startproxyarguments.patch
+++ /dev/null
@@ -1,69 +0,0 @@
-Index: src/vidalia/config/vidaliasettings.cpp
-===================================================================
---- src/vidalia/config/vidaliasettings.cpp	(revision 2326)
-+++ src/vidalia/config/vidaliasettings.cpp	(working copy)
-@@ -44,6 +44,7 @@
- #define SETTING_SHOW_MAINWINDOW_AT_START  "ShowMainWindowAtStart"
- #define SETTING_BROWSER_EXECUTABLE  "BrowserExecutable"
- #define SETTING_PROXY_EXECUTABLE  "ProxyExecutable"
-+#define SETTING_PROXY_EXECUTABLE_ARGUMENTS  "ProxyExecutableArguments"
- 
- #if defined(Q_OS_WIN32)
- #define STARTUP_REG_KEY        "Software\\Microsoft\\Windows\\CurrentVersion\\Run"
-@@ -76,6 +77,7 @@
-   setDefault(SETTING_SHOW_MAINWINDOW_AT_START, true);
-   setDefault(SETTING_BROWSER_EXECUTABLE, "");
-   setDefault(SETTING_PROXY_EXECUTABLE, "");
-+  setDefault(SETTING_PROXY_EXECUTABLE_ARGUMENTS, QStringList());
- }
- 
- /** Gets the currently preferred language code for Vidalia. */
-@@ -203,3 +205,17 @@
- {
-   setValue(SETTING_PROXY_EXECUTABLE, proxyExecutable);
- }
-+
-+/** Returns a list containing additional command line arguments to be passed to ProxyExecutable */
-+QStringList
-+VidaliaSettings::getProxyExecutableArguments() const
-+{
-+  return value(SETTING_PROXY_EXECUTABLE_ARGUMENTS).toStringList();
-+}
-+
-+/** Sets the additional arguments to be passed to Proxy Executable */
-+void
-+VidaliaSettings::setProxyExecutableArguments(const QStringList &proxyExecutableArguments)
-+{
-+  setValue(SETTING_PROXY_EXECUTABLE_ARGUMENTS, proxyExecutableArguments);
-+}
-Index: src/vidalia/config/vidaliasettings.h
-===================================================================
---- src/vidalia/config/vidaliasettings.h	(revision 2326)
-+++ src/vidalia/config/vidaliasettings.h	(working copy)
-@@ -86,7 +86,12 @@
-   /** Sets the location and name of the proxy server executable to the given string.
-    * If set to the empty string, the proxy will not be started. */
-   void setProxyExecutable(const QString &proxyExecutable);
-+
-+  /** Returns a list containing additional command line arguments to be passed to ProxyExecutable */
-+  QStringList getProxyExecutableArguments() const;
-+
-+  /** Sets the additional arguments to be passed to Proxy Executable */
-+  void setProxyExecutableArguments(const QStringList &proxyExecutableArguments);
- };
- 
- #endif
--
-Index: src/vidalia/mainwindow.cpp
-===================================================================
---- src/vidalia/mainwindow.cpp	(revision 2326)
-+++ src/vidalia/mainwindow.cpp	(working copy)
-@@ -459,7 +459,7 @@
-   QString executable = settings.getProxyExecutable();
-   
-   if (!executable.isEmpty())
--    _proxyProcess->start(executable, QStringList());
-+    _proxyProcess->start(executable, settings.getProxyExecutableArguments());
- }
- 
- /** Called when the proxy server fails to start, for example, because



_______________________________________________
tor-commits mailing list
tor-commits@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits