[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[tor-commits] [torbrowser/maint-2.4] Update Firefox patches for 17.0.10ESR.
commit d35038d0a6af7e6033cd8a9f8a5853f116c40319
Author: Mike Perry <mikeperry-git@xxxxxxxxxxxxxx>
Date: Tue Oct 29 18:53:04 2013 -0700
Update Firefox patches for 17.0.10ESR.
This is the subset from TBB 3.0beta1 that are relevant to TBB 2.x.
---
...-Block-Components.interfaces-from-content.patch | 14 +-
...0002-Make-Permissions-Manager-memory-only.patch | 10 +-
...-Make-Intermediate-Cert-Store-memory-only.patch | 10 +-
.../firefox/0004-Add-a-string-based-cacheKey.patch | 14 +-
.../0005-Block-all-plugins-except-flash.patch | 14 +-
...ontent-pref-service-memory-only-clearable.patch | 10 +-
...owser-exit-when-not-launched-from-Vidalia.patch | 45 -
.../0008-Disable-SSL-Session-ID-tracking.patch | 28 -
...observer-event-to-close-persistent-connec.patch | 40 -
...ice-and-system-specific-CSS-Media-Queries.patch | 147 ----
...11-Limit-the-number-of-fonts-per-document.patch | 451 ----------
.../0012-Rebrand-Firefox-to-TorBrowser.patch | 59 --
.../0013-Make-Download-manager-memory-only.patch | 57 --
.../0014-Add-DDG-and-StartPage-to-Omnibox.patch | 103 ---
...-nsICacheService.EvictEntries-synchronous.patch | 43 -
.../firefox/0016-Prevent-WebSocket-DNS-leak.patch | 133 ---
...ize-HTTP-request-order-and-pipeline-depth.patch | 791 -----------------
...er-event-to-filter-the-Drag-Drop-url-list.patch | 74 --
...d-mozIThirdPartyUtil.getFirstPartyURI-API.patch | 164 ----
.../0020-Add-canvas-image-extraction-prompt.patch | 548 ------------
...nt-window-coordinates-for-mouse-event-scr.patch | 77 --
...se-physical-screen-info.-via-window-and-w.patch | 310 -------
...not-expose-system-colors-to-CSS-or-canvas.patch | 631 --------------
...solate-the-Image-Cache-per-url-bar-domain.patch | 922 --------------------
.../0025-nsIHTTPChannel.redirectTo-API.patch | 474 ----------
...26-Isolate-DOM-storage-to-first-party-URI.patch | 776 ----------------
...27-Remove-This-plugin-is-disabled-barrier.patch | 46 -
.../0028-Use-Optimistic-Data-SOCKS-variant.patch | 82 --
.../0029-Disable-library-timestamping.patch | 27 -
29 files changed, 36 insertions(+), 6064 deletions(-)
diff --git a/src/current-patches/firefox/0001-Block-Components.interfaces-from-content.patch b/src/current-patches/firefox/0001-Block-Components.interfaces-from-content.patch
index a1ed5a8..035bfcd 100644
--- a/src/current-patches/firefox/0001-Block-Components.interfaces-from-content.patch
+++ b/src/current-patches/firefox/0001-Block-Components.interfaces-from-content.patch
@@ -1,7 +1,7 @@
-From 26ab2cbf5b925a3f1251bd536728a7e222b4f9e4 Mon Sep 17 00:00:00 2001
+From b3ea41baf4c3ff455ab9c40ab090f8f77e34924d Mon Sep 17 00:00:00 2001
From: Mike Perry <mikeperry-git@xxxxxxxxxxxxxx>
Date: Tue, 4 Dec 2012 15:41:09 -0800
-Subject: [PATCH 01/27] Block Components.interfaces from content
+Subject: [PATCH 01/41] Block Components.interfaces from content
This patch removes the ability of content script to access
Components.interfaces.*.
@@ -16,14 +16,14 @@ https://trac.torproject.org/projects/tor/ticket/2874
Note: We no longer block Components.lookupMethod, because we no longer rely on
JS hooks for fingerprinting defenses.
---
- js/xpconnect/src/XPCComponents.cpp | 2 +-
- 1 files changed, 1 insertions(+), 1 deletions(-)
+ js/xpconnect/src/XPCComponents.cpp | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/js/xpconnect/src/XPCComponents.cpp b/js/xpconnect/src/XPCComponents.cpp
-index 3a14254..4040349 100644
+index e0b03fc..aa83318 100644
--- a/js/xpconnect/src/XPCComponents.cpp
+++ b/js/xpconnect/src/XPCComponents.cpp
-@@ -4838,7 +4838,7 @@ nsXPCComponents::CanCallMethod(const nsIID * iid, const PRUnichar *methodName, c
+@@ -4837,7 +4837,7 @@ nsXPCComponents::CanCallMethod(const nsIID * iid, const PRUnichar *methodName, c
NS_IMETHODIMP
nsXPCComponents::CanGetProperty(const nsIID * iid, const PRUnichar *propertyName, char **_retval)
{
@@ -33,5 +33,5 @@ index 3a14254..4040349 100644
return NS_OK;
}
--
-1.7.5.4
+1.8.1.2
diff --git a/src/current-patches/firefox/0002-Make-Permissions-Manager-memory-only.patch b/src/current-patches/firefox/0002-Make-Permissions-Manager-memory-only.patch
index 4a2b515..bf38d04 100644
--- a/src/current-patches/firefox/0002-Make-Permissions-Manager-memory-only.patch
+++ b/src/current-patches/firefox/0002-Make-Permissions-Manager-memory-only.patch
@@ -1,7 +1,7 @@
-From 2391ce37afd5da908fc986cec6018795cb06fa63 Mon Sep 17 00:00:00 2001
+From c3c1d5555672c8348feb8f545aad7241a2f81a0a Mon Sep 17 00:00:00 2001
From: Mike Perry <mikeperry-git@xxxxxxxxxxxxxx>
Date: Tue, 4 Dec 2012 15:45:59 -0800
-Subject: [PATCH 02/27] Make Permissions Manager memory-only
+Subject: [PATCH 02/41] Make Permissions Manager memory-only
This patch exposes a pref 'permissions.memory_only' that properly isolates the
permissions manager to memory, which is responsible for all user specified
@@ -12,8 +12,8 @@ does not need to be set in prefs.js, and can be handled by Torbutton.
https://trac.torproject.org/projects/tor/ticket/2950
---
- extensions/cookie/nsPermissionManager.cpp | 34 ++++++++++++++++++++++++++--
- 1 files changed, 31 insertions(+), 3 deletions(-)
+ extensions/cookie/nsPermissionManager.cpp | 34 ++++++++++++++++++++++++++++---
+ 1 file changed, 31 insertions(+), 3 deletions(-)
diff --git a/extensions/cookie/nsPermissionManager.cpp b/extensions/cookie/nsPermissionManager.cpp
index 9c50080..4102408 100644
@@ -90,5 +90,5 @@ index 9c50080..4102408 100644
// or is going away because the application is shutting down.
mIsShuttingDown = true;
--
-1.7.5.4
+1.8.1.2
diff --git a/src/current-patches/firefox/0003-Make-Intermediate-Cert-Store-memory-only.patch b/src/current-patches/firefox/0003-Make-Intermediate-Cert-Store-memory-only.patch
index 37daf66..23c99f7 100644
--- a/src/current-patches/firefox/0003-Make-Intermediate-Cert-Store-memory-only.patch
+++ b/src/current-patches/firefox/0003-Make-Intermediate-Cert-Store-memory-only.patch
@@ -1,15 +1,15 @@
-From 5130a82dcc2dd7385d7d1cd2b15daa1dc4577f5b Mon Sep 17 00:00:00 2001
+From e10d253e44e4541a0030b041bdc430f416defcb3 Mon Sep 17 00:00:00 2001
From: Mike Perry <mikeperry-git@xxxxxxxxxxxxxx>
Date: Tue, 4 Dec 2012 15:51:07 -0800
-Subject: [PATCH 03/27] Make Intermediate Cert Store memory-only.
+Subject: [PATCH 03/41] Make Intermediate Cert Store memory-only.
This patch makes the intermediate SSL cert store exist in memory only.
The pref must be set before startup in prefs.js.
https://trac.torproject.org/projects/tor/ticket/2949
---
- security/manager/ssl/src/nsNSSComponent.cpp | 17 +++++++++++++++--
- 1 files changed, 15 insertions(+), 2 deletions(-)
+ security/manager/ssl/src/nsNSSComponent.cpp | 17 +++++++++++++++--
+ 1 file changed, 15 insertions(+), 2 deletions(-)
diff --git a/security/manager/ssl/src/nsNSSComponent.cpp b/security/manager/ssl/src/nsNSSComponent.cpp
index c9205bc..159985c 100644
@@ -40,5 +40,5 @@ index c9205bc..159985c 100644
if (init_rv != SECSuccess) {
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("can not init NSS r/w in %s\n", profileStr.get()));
--
-1.7.5.4
+1.8.1.2
diff --git a/src/current-patches/firefox/0004-Add-a-string-based-cacheKey.patch b/src/current-patches/firefox/0004-Add-a-string-based-cacheKey.patch
index b9f4572..c8c3bea 100644
--- a/src/current-patches/firefox/0004-Add-a-string-based-cacheKey.patch
+++ b/src/current-patches/firefox/0004-Add-a-string-based-cacheKey.patch
@@ -1,14 +1,14 @@
-From 0d1a840e58117d83d910d3eb09e9f7deaaeabbff Mon Sep 17 00:00:00 2001
+From 7cdd6f0ac4b4b236ca5177e0fc5e7621fd012878 Mon Sep 17 00:00:00 2001
From: Mike Perry <mikeperry-git@xxxxxxxxxxxxxx>
Date: Tue, 4 Dec 2012 16:01:42 -0800
-Subject: [PATCH 04/27] Add a string-based cacheKey.
+Subject: [PATCH 04/41] Add a string-based cacheKey.
Used for isolating cache according to same-origin policy.
---
- netwerk/base/public/nsICachingChannel.idl | 7 +++++++
- netwerk/protocol/http/nsHttpChannel.cpp | 22 ++++++++++++++++++++++
- netwerk/protocol/http/nsHttpChannel.h | 1 +
- 3 files changed, 30 insertions(+), 0 deletions(-)
+ netwerk/base/public/nsICachingChannel.idl | 7 +++++++
+ netwerk/protocol/http/nsHttpChannel.cpp | 22 ++++++++++++++++++++++
+ netwerk/protocol/http/nsHttpChannel.h | 1 +
+ 3 files changed, 30 insertions(+)
diff --git a/netwerk/base/public/nsICachingChannel.idl b/netwerk/base/public/nsICachingChannel.idl
index 3119dd9..fd2ec89 100644
@@ -81,5 +81,5 @@ index d66415f..b1f0848 100644
// auth specific data
nsCOMPtr<nsIHttpChannelAuthProvider> mAuthProvider;
--
-1.7.5.4
+1.8.1.2
diff --git a/src/current-patches/firefox/0005-Block-all-plugins-except-flash.patch b/src/current-patches/firefox/0005-Block-all-plugins-except-flash.patch
index 6f70b29..976c707 100644
--- a/src/current-patches/firefox/0005-Block-all-plugins-except-flash.patch
+++ b/src/current-patches/firefox/0005-Block-all-plugins-except-flash.patch
@@ -1,7 +1,7 @@
-From 7c95e69c73f64e45f9a1f5821a1e96457f9ae83a Mon Sep 17 00:00:00 2001
+From df78c79c083df8116e4312806ca3a875295e35bd Mon Sep 17 00:00:00 2001
From: Mike Perry <mikeperry-git@xxxxxxxxxxxxxx>
Date: Tue, 4 Dec 2012 16:03:13 -0800
-Subject: [PATCH 05/27] Block all plugins except flash.
+Subject: [PATCH 05/41] Block all plugins except flash.
We cannot use the @mozilla.org/extensions/blocklist;1 service, because we
actually want to stop plugins from ever entering the browser's process space
@@ -12,12 +12,12 @@ ruin our day, and censorship filters). Hence we rolled our own.
See https://trac.torproject.org/projects/tor/ticket/3547#comment:6 for musings
on a better way. Until then, it is delta-darwinism for us.
---
- dom/plugins/base/nsPluginHost.cpp | 33 +++++++++++++++++++++++++++++++++
- dom/plugins/base/nsPluginHost.h | 2 ++
- 2 files changed, 35 insertions(+), 0 deletions(-)
+ dom/plugins/base/nsPluginHost.cpp | 33 +++++++++++++++++++++++++++++++++
+ dom/plugins/base/nsPluginHost.h | 2 ++
+ 2 files changed, 35 insertions(+)
diff --git a/dom/plugins/base/nsPluginHost.cpp b/dom/plugins/base/nsPluginHost.cpp
-index 858b428..c7ae680 100644
+index 858b4284..c7ae680 100644
--- a/dom/plugins/base/nsPluginHost.cpp
+++ b/dom/plugins/base/nsPluginHost.cpp
@@ -2052,6 +2052,35 @@ struct CompareFilesByTime
@@ -81,5 +81,5 @@ index 3c48eec..2cba11d 100644
// and removes it from the cache.
void RemoveCachedPluginsInfo(const char *filePath,
--
-1.7.5.4
+1.8.1.2
diff --git a/src/current-patches/firefox/0006-Make-content-pref-service-memory-only-clearable.patch b/src/current-patches/firefox/0006-Make-content-pref-service-memory-only-clearable.patch
index ac514c1..81d8bea 100644
--- a/src/current-patches/firefox/0006-Make-content-pref-service-memory-only-clearable.patch
+++ b/src/current-patches/firefox/0006-Make-content-pref-service-memory-only-clearable.patch
@@ -1,14 +1,14 @@
-From 50293cf7c107df2d76492890b945d17f63536f90 Mon Sep 17 00:00:00 2001
+From 98fb4263ec8b9f530336cbdf961323bf3380a386 Mon Sep 17 00:00:00 2001
From: Mike Perry <mikeperry-git@xxxxxxxxxx>
Date: Thu, 8 Sep 2011 08:40:17 -0700
-Subject: [PATCH 06/27] Make content pref service memory-only + clearable
+Subject: [PATCH 06/41] Make content pref service memory-only + clearable
This prevents random urls from being inserted into content-prefs.sqllite in
the profile directory as content prefs change (includes site-zoom and perhaps
other site prefs?).
---
- .../contentprefs/nsContentPrefService.js | 4 ++--
- 1 files changed, 2 insertions(+), 2 deletions(-)
+ toolkit/components/contentprefs/nsContentPrefService.js | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/toolkit/components/contentprefs/nsContentPrefService.js b/toolkit/components/contentprefs/nsContentPrefService.js
index ed8ad2e..794c9f3 100644
@@ -33,5 +33,5 @@ index ed8ad2e..794c9f3 100644
try {
this._dbCreateSchema(dbConnection);
--
-1.7.5.4
+1.8.1.2
diff --git a/src/current-patches/firefox/0007-Make-Tor-Browser-exit-when-not-launched-from-Vidalia.patch b/src/current-patches/firefox/0007-Make-Tor-Browser-exit-when-not-launched-from-Vidalia.patch
deleted file mode 100644
index 5304a1a..0000000
--- a/src/current-patches/firefox/0007-Make-Tor-Browser-exit-when-not-launched-from-Vidalia.patch
+++ /dev/null
@@ -1,45 +0,0 @@
-From b2c1cd58fda04daa92b6f69253fd2ff8bc7ce8f4 Mon Sep 17 00:00:00 2001
-From: Mike Perry <mikeperry-git@xxxxxxxxxxxxxx>
-Date: Tue, 4 Dec 2012 16:29:24 -0800
-Subject: [PATCH 07/27] Make Tor Browser exit when not launched from Vidalia
-
-Turns out the Windows 7 UI encourages users to "dock" their Tor Browser app
-for easy relaunch. If they manage to do this, we should fail closed rather
-than opened. Hopefully they will get the hint and dock Vidalia instead.
-
-This is an emergency fix for
-https://trac.torproject.org/projects/tor/ticket/4192. We can do a better
-localized fix w/ a translated alert menu later, if it seems like this might
-actually be common.
----
- browser/base/content/browser.js | 14 ++++++++++++++
- 1 files changed, 14 insertions(+), 0 deletions(-)
-
-diff --git a/browser/base/content/browser.js b/browser/base/content/browser.js
-index 35664ec..bd2feed 100644
---- a/browser/base/content/browser.js
-+++ b/browser/base/content/browser.js
-@@ -1093,6 +1093,20 @@ var gBrowserInit = {
- // setup simple gestures support
- gGestureSupport.init(true);
-
-+ // If this is not a TBB profile, exit.
-+ // Solves https://trac.torproject.org/projects/tor/ticket/4192
-+ var foundPref = false;
-+ try {
-+ var ignored = gPrefService.getCharPref("torbrowser.version");
-+ foundPref = true;
-+ } catch(e) {
-+ //dump("No pref: "+e);
-+ }
-+ if(!foundPref) {
-+ var appStartup = Components.classes["@mozilla.org/toolkit/app-startup;1"]
-+ .getService(Components.interfaces.nsIAppStartup);
-+ appStartup.quit(3); // Force all windows to close, and then quit.
-+ }
-
- if (uriToLoad && uriToLoad != "about:blank") {
- if (uriToLoad instanceof Ci.nsISupportsArray) {
---
-1.7.5.4
-
diff --git a/src/current-patches/firefox/0008-Disable-SSL-Session-ID-tracking.patch b/src/current-patches/firefox/0008-Disable-SSL-Session-ID-tracking.patch
deleted file mode 100644
index 494c765..0000000
--- a/src/current-patches/firefox/0008-Disable-SSL-Session-ID-tracking.patch
+++ /dev/null
@@ -1,28 +0,0 @@
-From e700063f5d18e86077af8ecf7fb3f4d92f2d0ef4 Mon Sep 17 00:00:00 2001
-From: Mike Perry <mikeperry-git@xxxxxxxxxxxxxx>
-Date: Sun, 31 Mar 2013 22:48:00 -0700
-Subject: [PATCH 08/27] Disable SSL Session ID tracking.
-
-We can't easily bind SSL Session ID tracking to url bar domain,
-so we have to disable them to satisfy
-https://www.torproject.org/projects/torbrowser/design/#identifier-linkability.
----
- security/nss/lib/ssl/sslsock.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/security/nss/lib/ssl/sslsock.c b/security/nss/lib/ssl/sslsock.c
-index 4f4b034..6ce5d11 100644
---- a/security/nss/lib/ssl/sslsock.c
-+++ b/security/nss/lib/ssl/sslsock.c
-@@ -141,7 +141,7 @@ static sslOptions ssl_defaults = {
- PR_FALSE, /* enableSSL2 */ /* now defaults to off in NSS 3.13 */
- PR_FALSE, /* unusedBit9 */
- PR_FALSE, /* unusedBit10 */
-- PR_FALSE, /* noCache */
-+ PR_TRUE, /* noCache */
- PR_FALSE, /* fdx */
- PR_FALSE, /* v2CompatibleHello */ /* now defaults to off in NSS 3.13 */
- PR_TRUE, /* detectRollBack */
---
-1.7.9.5
-
diff --git a/src/current-patches/firefox/0009-Provide-an-observer-event-to-close-persistent-connec.patch b/src/current-patches/firefox/0009-Provide-an-observer-event-to-close-persistent-connec.patch
deleted file mode 100644
index 1457815..0000000
--- a/src/current-patches/firefox/0009-Provide-an-observer-event-to-close-persistent-connec.patch
+++ /dev/null
@@ -1,40 +0,0 @@
-From 41c163c0497ef16faaf103debf5bf7ef8244849a Mon Sep 17 00:00:00 2001
-From: Mike Perry <mikeperry-git@xxxxxxxxxxxxxx>
-Date: Fri, 7 Sep 2012 16:18:26 -0700
-Subject: [PATCH 09/27] Provide an observer event to close persistent
- connections
-
-We need to prevent linkability across "New Identity", which includes closing
-keep-alive connections.
----
- netwerk/protocol/http/nsHttpHandler.cpp | 7 +++++++
- 1 files changed, 7 insertions(+), 0 deletions(-)
-
-diff --git a/netwerk/protocol/http/nsHttpHandler.cpp b/netwerk/protocol/http/nsHttpHandler.cpp
-index d897a2c..e33ff08 100644
---- a/netwerk/protocol/http/nsHttpHandler.cpp
-+++ b/netwerk/protocol/http/nsHttpHandler.cpp
-@@ -312,6 +312,7 @@ nsHttpHandler::Init()
- mObserverService->AddObserver(this, "net:clear-active-logins", true);
- mObserverService->AddObserver(this, NS_PRIVATE_BROWSING_SWITCH_TOPIC, true);
- mObserverService->AddObserver(this, "net:prune-dead-connections", true);
-+ mObserverService->AddObserver(this, "net:prune-all-connections", true);
- mObserverService->AddObserver(this, "net:failed-to-process-uri-content", true);
- }
-
-@@ -1576,6 +1577,12 @@ nsHttpHandler::Observe(nsISupports *subject,
- if (uri && mConnMgr)
- mConnMgr->ReportFailedToProcess(uri);
- }
-+ else if (strcmp(topic, "net:prune-all-connections") == 0) {
-+ if (mConnMgr) {
-+ mConnMgr->ClosePersistentConnections();
-+ mConnMgr->PruneDeadConnections();
-+ }
-+ }
-
- return NS_OK;
- }
---
-1.7.5.4
-
diff --git a/src/current-patches/firefox/0010-Limit-device-and-system-specific-CSS-Media-Queries.patch b/src/current-patches/firefox/0010-Limit-device-and-system-specific-CSS-Media-Queries.patch
deleted file mode 100644
index e2876b3..0000000
--- a/src/current-patches/firefox/0010-Limit-device-and-system-specific-CSS-Media-Queries.patch
+++ /dev/null
@@ -1,147 +0,0 @@
-From 0c006870b9d96a8093ca66751e9738b4237c9251 Mon Sep 17 00:00:00 2001
-From: Kathleen Brade <brade@xxxxxxxxxxxxxxxxx>
-Date: Wed, 28 Nov 2012 09:49:40 -0500
-Subject: [PATCH 10/27] Limit device and system specific CSS Media Queries.
-
----
- layout/style/nsMediaFeatures.cpp | 68 +++++++++++++++++++++++++-------------
- 1 files changed, 45 insertions(+), 23 deletions(-)
-
-diff --git a/layout/style/nsMediaFeatures.cpp b/layout/style/nsMediaFeatures.cpp
-index d5741ea..5f2e6dd 100644
---- a/layout/style/nsMediaFeatures.cpp
-+++ b/layout/style/nsMediaFeatures.cpp
-@@ -98,6 +98,9 @@ GetDeviceContextFor(nsPresContext* aPresContext)
- static nsSize
- GetDeviceSize(nsPresContext* aPresContext)
- {
-+ if (!aPresContext->IsChrome()) {
-+ return GetSize(aPresContext);
-+ } else {
- nsSize size;
- if (aPresContext->IsRootPaginatedDocument())
- // We want the page size, including unprintable areas and margins.
-@@ -108,6 +111,7 @@ GetDeviceSize(nsPresContext* aPresContext)
- GetDeviceContextFor(aPresContext)->
- GetDeviceSurfaceDimensions(size.width, size.height);
- return size;
-+ }
- }
-
- static nsresult
-@@ -204,13 +208,17 @@ static nsresult
- GetColor(nsPresContext* aPresContext, const nsMediaFeature*,
- nsCSSValue& aResult)
- {
-- // FIXME: This implementation is bogus. nsDeviceContext
-- // doesn't provide reliable information (should be fixed in bug
-- // 424386).
-- // FIXME: On a monochrome device, return 0!
-- nsDeviceContext *dx = GetDeviceContextFor(aPresContext);
-- uint32_t depth;
-- dx->GetDepth(depth);
-+ uint32_t depth = 24; // Always return 24 to non-chrome callers.
-+
-+ if (aPresContext->IsChrome()) {
-+ // FIXME: This implementation is bogus. nsDeviceContext
-+ // doesn't provide reliable information (should be fixed in bug
-+ // 424386).
-+ // FIXME: On a monochrome device, return 0!
-+ nsDeviceContext *dx = GetDeviceContextFor(aPresContext);
-+ dx->GetDepth(depth);
-+ }
-+
- // The spec says to use bits *per color component*, so divide by 3,
- // and round down, since the spec says to use the smallest when the
- // color components differ.
-@@ -248,18 +256,23 @@ static nsresult
- GetResolution(nsPresContext* aPresContext, const nsMediaFeature*,
- nsCSSValue& aResult)
- {
-- // Resolution measures device pixels per CSS (inch/cm/pixel). We
-- // return it in device pixels per CSS inches.
-- //
-- // However, on platforms where the CSS viewport is not fixed to the
-- // screen viewport, use the device resolution instead (bug 779527).
-- nsIPresShell *shell = aPresContext->PresShell();
-- float appUnitsPerInch = shell->GetIsViewportOverridden() ?
-- GetDeviceContextFor(aPresContext)->AppUnitsPerPhysicalInch() :
-- nsPresContext::AppUnitsPerCSSInch();
--
-- float dpi = appUnitsPerInch /
-+ float dpi = 96; // Always return 96 to non-chrome callers.
-+
-+ if (aPresContext->IsChrome()) {
-+ // Resolution measures device pixels per CSS (inch/cm/pixel). We
-+ // return it in device pixels per CSS inches.
-+ //
-+ // However, on platforms where the CSS viewport is not fixed to the
-+ // screen viewport, use the device resolution instead (bug 779527).
-+ nsIPresShell *shell = aPresContext->PresShell();
-+ float appUnitsPerInch = shell->GetIsViewportOverridden() ?
-+ GetDeviceContextFor(aPresContext)->AppUnitsPerPhysicalInch() :
-+ nsPresContext::AppUnitsPerCSSInch();
-+
-+ dpi = appUnitsPerInch /
- float(aPresContext->AppUnitsPerDevPixel());
-+ }
-+
- aResult.SetFloatValue(dpi, eCSSUnit_Inch);
- return NS_OK;
- }
-@@ -288,8 +301,12 @@ static nsresult
- GetDevicePixelRatio(nsPresContext* aPresContext, const nsMediaFeature*,
- nsCSSValue& aResult)
- {
-- float ratio = aPresContext->CSSPixelsToDevPixels(1.0f);
-- aResult.SetFloatValue(ratio, eCSSUnit_Number);
-+ if (aPresContext->IsChrome()) {
-+ float ratio = aPresContext->CSSPixelsToDevPixels(1.0f);
-+ aResult.SetFloatValue(ratio, eCSSUnit_Number);
-+ } else {
-+ aResult.SetFloatValue(1.0, eCSSUnit_Number);
-+ }
- return NS_OK;
- }
-
-@@ -297,20 +314,24 @@ static nsresult
- GetSystemMetric(nsPresContext* aPresContext, const nsMediaFeature* aFeature,
- nsCSSValue& aResult)
- {
-+ aResult.Reset();
-+ if (aPresContext->IsChrome()) {
- NS_ABORT_IF_FALSE(aFeature->mValueType == nsMediaFeature::eBoolInteger,
- "unexpected type");
- nsIAtom *metricAtom = *aFeature->mData.mMetric;
- bool hasMetric = nsCSSRuleProcessor::HasSystemMetric(metricAtom);
- aResult.SetIntValue(hasMetric ? 1 : 0, eCSSUnit_Integer);
-- return NS_OK;
-+ }
-+ return NS_OK;
- }
-
- static nsresult
- GetWindowsTheme(nsPresContext* aPresContext, const nsMediaFeature* aFeature,
- nsCSSValue& aResult)
- {
-- aResult.Reset();
-+ aResult.Reset();
- #ifdef XP_WIN
-+ if (aPresContext->IsChrome()) {
- uint8_t windowsThemeId =
- nsCSSRuleProcessor::GetWindowsThemeIdentifier();
-
-@@ -326,8 +347,9 @@ GetWindowsTheme(nsPresContext* aPresContext, const nsMediaFeature* aFeature,
- break;
- }
- }
-+ }
- #endif
-- return NS_OK;
-+ return NS_OK;
- }
-
- /*
---
-1.7.5.4
-
diff --git a/src/current-patches/firefox/0011-Limit-the-number-of-fonts-per-document.patch b/src/current-patches/firefox/0011-Limit-the-number-of-fonts-per-document.patch
deleted file mode 100644
index 163968a..0000000
--- a/src/current-patches/firefox/0011-Limit-the-number-of-fonts-per-document.patch
+++ /dev/null
@@ -1,451 +0,0 @@
-From 81fde0b8f4af7bae20c49ac0ce0ea4df046a6701 Mon Sep 17 00:00:00 2001
-From: Mike Perry <mikeperry-git@xxxxxxxxxxxxxx>
-Date: Wed, 5 Dec 2012 12:25:21 -0800
-Subject: [PATCH 11/28] Limit the number of fonts per document.
-
-We create two prefs:
-browser.display.max_font_count and browser.display.max_font_attempts.
-max_font_count sets a limit on the number of fonts actually used in the
-document, and max_font_attempts sets a limit on the total number of CSS
-queries that a document is allowed to perform.
-
-Once either limit is reached, the browser behaves as if
-browser.display.use_document_fonts was set to 0 for subsequent font queries.
-
-If a pref is not set or is negative, that limit does not apply.
-
-The use of "User Fonts" (aka WebFonts, aka @font-face fonts) are exempt from
-both of these limits. The patch also makes such fonts take precedence over
-local fonts. This vastly improves typography on many sites that would
-otherwise hit these limits.
-
-This is done to address:
-https://www.torproject.org/projects/torbrowser/design/#fingerprinting-linkability
----
- gfx/thebes/gfxFont.cpp | 2 +
- gfx/thebes/gfxPangoFonts.cpp | 1 +
- gfx/thebes/gfxUserFontSet.cpp | 28 ++++++++++-
- gfx/thebes/gfxUserFontSet.h | 3 ++
- layout/base/nsPresContext.cpp | 100 +++++++++++++++++++++++++++++++++++++
- layout/base/nsPresContext.h | 9 ++++
- layout/style/nsCSSParser.cpp | 1 +
- layout/style/nsFontFaceLoader.cpp | 4 +-
- layout/style/nsFontFaceLoader.h | 2 +-
- layout/style/nsRuleNode.cpp | 56 +++++++++++++++++++--
- 10 files changed, 198 insertions(+), 8 deletions(-)
-
-diff --git a/gfx/thebes/gfxFont.cpp b/gfx/thebes/gfxFont.cpp
-index e8392e0..af5c1c8 100644
---- a/gfx/thebes/gfxFont.cpp
-+++ b/gfx/thebes/gfxFont.cpp
-@@ -3045,6 +3045,7 @@ gfxFontGroup::FindPlatformFont(const nsAString& aName,
- }
-
- // Not known in the user font set ==> check system fonts
-+ // XXX: Fallback is bad..
- if (!foundFamily) {
- fe = gfxPlatformFontList::PlatformFontList()->
- FindFontForFamily(aName, fontStyle, needsBold);
-@@ -3260,6 +3261,7 @@ gfxFontGroup::ForEachFontInternal(const nsAString& aFamilies,
- }
- if (!foundFamily) {
- gfxPlatform *pf = gfxPlatform::GetPlatform();
-+ // XXX: Fallback is bad
- rv = pf->ResolveFontName(family,
- gfxFontGroup::FontResolverProc,
- &data, aborted);
-diff --git a/gfx/thebes/gfxPangoFonts.cpp b/gfx/thebes/gfxPangoFonts.cpp
-index c94a299..88c8b8e 100644
---- a/gfx/thebes/gfxPangoFonts.cpp
-+++ b/gfx/thebes/gfxPangoFonts.cpp
-@@ -1408,6 +1408,7 @@ gfxFcFontSet::SortPreferredFonts(bool &aWaitForUserFont)
- const nsTArray< nsCountedRef<FcPattern> > *familyFonts = nullptr;
-
- // Is this an @font-face family?
-+ // XXX: Make use of this + pass to nsFont??
- bool isUserFont = false;
- if (mUserFontSet) {
- // Have some @font-face definitions
-diff --git a/gfx/thebes/gfxUserFontSet.cpp b/gfx/thebes/gfxUserFontSet.cpp
-index 020c35a..161b52f 100644
---- a/gfx/thebes/gfxUserFontSet.cpp
-+++ b/gfx/thebes/gfxUserFontSet.cpp
-@@ -15,6 +15,7 @@
- #include "prlong.h"
- #include "nsNetUtil.h"
- #include "nsIProtocolHandler.h"
-+#include "nsFont.h"
-
- #include "woff.h"
-
-@@ -517,18 +518,41 @@ gfxUserFontSet::LoadNext(gfxProxyFontEntry *aProxyEntry)
- aProxyEntry->mSrcIndex++;
- }
-
-+ /* If there are any urls, prefer them to local */
-+ bool listHasURL = false;
-+ for (uint32_t i = aProxyEntry->mSrcIndex; i < numSrc; i++) {
-+ const gfxFontFaceSrc& currSrc = aProxyEntry->mSrcList[i];
-+ if (!currSrc.mIsLocal) {
-+ listHasURL = true;
-+ break;
-+ }
-+ }
-+ nsPresContext *pres = GetPresContext();
-+ /* If we have no pres context, simply fail this load */
-+ if (!pres) listHasURL = true;
-+
- // load each src entry in turn, until a local face is found
- // or a download begins successfully
- while (aProxyEntry->mSrcIndex < numSrc) {
- const gfxFontFaceSrc& currSrc = aProxyEntry->mSrcList[aProxyEntry->mSrcIndex];
-
- // src local ==> lookup and load immediately
--
-- if (currSrc.mIsLocal) {
-+ if (!listHasURL && currSrc.mIsLocal) {
-+ nsFont font;
-+ font.name = currSrc.mLocalName;
- gfxFontEntry *fe =
- gfxPlatform::GetPlatform()->LookupLocalFont(aProxyEntry,
- currSrc.mLocalName);
-+ pres->AddFontAttempt(font);
-+
-+ /* No more fonts for you */
-+ if (pres->FontAttemptCountReached(font) ||
-+ pres->FontUseCountReached(font)) {
-+ break;
-+ }
-+
- if (fe) {
-+ pres->AddFontUse(font);
- LOG(("userfonts (%p) [src %d] loaded local: (%s) for (%s) gen: %8.8x\n",
- this, aProxyEntry->mSrcIndex,
- NS_ConvertUTF16toUTF8(currSrc.mLocalName).get(),
-diff --git a/gfx/thebes/gfxUserFontSet.h b/gfx/thebes/gfxUserFontSet.h
-index 1781a37..d6f7292 100644
---- a/gfx/thebes/gfxUserFontSet.h
-+++ b/gfx/thebes/gfxUserFontSet.h
-@@ -9,6 +9,7 @@
- #include "gfxTypes.h"
- #include "gfxFont.h"
- #include "gfxFontUtils.h"
-+#include "nsPresContext.h"
- #include "nsRefPtrHashtable.h"
- #include "nsAutoPtr.h"
- #include "nsCOMPtr.h"
-@@ -230,6 +231,8 @@ public:
-
- // increment the generation on font load
- void IncrementGeneration();
-+
-+ virtual nsPresContext *GetPresContext() { return NULL; }
-
- protected:
- // for a given proxy font entry, attempt to load the next resource
-diff --git a/layout/base/nsPresContext.cpp b/layout/base/nsPresContext.cpp
-index d47460a..8064fb4 100644
---- a/layout/base/nsPresContext.cpp
-+++ b/layout/base/nsPresContext.cpp
-@@ -63,6 +63,8 @@
- #include "nsDOMMediaQueryList.h"
- #include "nsSMILAnimationController.h"
- #include "mozilla/css/ImageLoader.h"
-+#include "nsString.h"
-+#include "nsUnicharUtils.h"
-
- #ifdef IBMBIDI
- #include "nsBidiPresUtils.h"
-@@ -712,6 +714,10 @@ nsPresContext::GetUserPreferences()
- // * use fonts?
- mUseDocumentFonts =
- Preferences::GetInt("browser.display.use_document_fonts") != 0;
-+ mMaxFonts =
-+ Preferences::GetInt("browser.display.max_font_count", -1);
-+ mMaxFontAttempts =
-+ Preferences::GetInt("browser.display.max_font_attempts", -1);
-
- // * replace backslashes with Yen signs? (bug 245770)
- mEnableJapaneseTransform =
-@@ -1328,6 +1334,100 @@ nsPresContext::GetDefaultFont(uint8_t aFontID, nsIAtom *aLanguage) const
- return font;
- }
-
-+PRBool
-+nsPresContext::FontUseCountReached(const nsFont &font) {
-+ if (mMaxFonts < 0) {
-+ return PR_FALSE;
-+ }
-+
-+ for (PRUint32 i = 0; i < mFontsUsed.Length(); i++) {
-+ if (mFontsUsed[i].name.Equals(font.name,
-+ nsCaseInsensitiveStringComparator())
-+ // XXX: Style is sometimes filled with garbage??
-+ /*&& mFontsUsed[i].style == font.style*/) {
-+ // seen it before: OK
-+ return PR_FALSE;
-+ }
-+ }
-+
-+ if (mFontsUsed.Length() >= mMaxFonts) {
-+ return PR_TRUE;
-+ }
-+
-+ return PR_FALSE;
-+}
-+
-+PRBool
-+nsPresContext::FontAttemptCountReached(const nsFont &font) {
-+ if (mMaxFontAttempts < 0) {
-+ return PR_FALSE;
-+ }
-+
-+ for (PRUint32 i = 0; i < mFontsTried.Length(); i++) {
-+ if (mFontsTried[i].name.Equals(font.name,
-+ nsCaseInsensitiveStringComparator())
-+ // XXX: Style is sometimes filled with garbage??
-+ /*&& mFontsTried[i].style == font.style*/) {
-+ // seen it before: OK
-+ return PR_FALSE;
-+ }
-+ }
-+
-+ if (mFontsTried.Length() >= mMaxFontAttempts) {
-+ return PR_TRUE;
-+ }
-+
-+ return PR_FALSE;
-+}
-+
-+void
-+nsPresContext::AddFontUse(const nsFont &font) {
-+ if (mMaxFonts < 0) {
-+ return;
-+ }
-+
-+ for (PRUint32 i = 0; i < mFontsUsed.Length(); i++) {
-+ if (mFontsUsed[i].name.Equals(font.name,
-+ nsCaseInsensitiveStringComparator())
-+ // XXX: Style is sometimes filled with garbage??
-+ /*&& mFontsUsed[i].style == font.style*/) {
-+ // seen it before: OK
-+ return;
-+ }
-+ }
-+
-+ if (mFontsUsed.Length() >= mMaxFonts) {
-+ return;
-+ }
-+
-+ mFontsUsed.AppendElement(font);
-+ return;
-+}
-+
-+void
-+nsPresContext::AddFontAttempt(const nsFont &font) {
-+ if (mMaxFontAttempts < 0) {
-+ return;
-+ }
-+
-+ for (PRUint32 i = 0; i < mFontsTried.Length(); i++) {
-+ if (mFontsTried[i].name.Equals(font.name,
-+ nsCaseInsensitiveStringComparator())
-+ // XXX: Style is sometimes filled with garbage??
-+ /*&& mFontsTried[i].style == font.style*/) {
-+ // seen it before: OK
-+ return;
-+ }
-+ }
-+
-+ if (mFontsTried.Length() >= mMaxFontAttempts) {
-+ return;
-+ }
-+
-+ mFontsTried.AppendElement(font);
-+ return;
-+}
-+
- void
- nsPresContext::SetFullZoom(float aZoom)
- {
-diff --git a/layout/base/nsPresContext.h b/layout/base/nsPresContext.h
-index 5f0f528..ffe4766 100644
---- a/layout/base/nsPresContext.h
-+++ b/layout/base/nsPresContext.h
-@@ -467,6 +467,13 @@ public:
- }
- }
-
-+ nsTArray<nsFont> mFontsUsed; // currently for font-count limiting only
-+ nsTArray<nsFont> mFontsTried; // currently for font-count limiting only
-+ void AddFontUse(const nsFont &font);
-+ void AddFontAttempt(const nsFont &font);
-+ PRBool FontUseCountReached(const nsFont &font);
-+ PRBool FontAttemptCountReached(const nsFont &font);
-+
- /**
- * Get the minimum font size for the specified language. If aLanguage
- * is nullptr, then the document's language is used.
-@@ -1104,6 +1111,8 @@ protected:
- uint32_t mInterruptChecksToSkip;
-
- mozilla::TimeStamp mReflowStartTime;
-+ PRInt32 mMaxFontAttempts;
-+ PRInt32 mMaxFonts;
-
- unsigned mHasPendingInterrupt : 1;
- unsigned mInterruptsEnabled : 1;
-diff --git a/layout/style/nsCSSParser.cpp b/layout/style/nsCSSParser.cpp
-index 37a19c4..30fd021 100644
---- a/layout/style/nsCSSParser.cpp
-+++ b/layout/style/nsCSSParser.cpp
-@@ -8719,6 +8719,7 @@ CSSParserImpl::ParseFontSrc(nsCSSValue& aValue)
- return false;
- }
-
-+ // XXX: Getting closer...
- // the style parameters to the nsFont constructor are ignored,
- // because it's only being used to call EnumerateFamilies
- nsFont font(family, 0, 0, 0, 0, 0, 0);
-diff --git a/layout/style/nsFontFaceLoader.cpp b/layout/style/nsFontFaceLoader.cpp
-index 26c8a8d..2a803ae 100644
---- a/layout/style/nsFontFaceLoader.cpp
-+++ b/layout/style/nsFontFaceLoader.cpp
-@@ -86,9 +86,9 @@ nsFontFaceLoader::StartedLoading(nsIStreamLoader *aStreamLoader)
- loadTimeout,
- nsITimer::TYPE_ONE_SHOT);
- }
-- } else {
-+ } else if (loadTimeout == 0) {
- mFontEntry->mLoadingState = gfxProxyFontEntry::LOADING_SLOWLY;
-- }
-+ } // -1 disables fallback
- mStreamLoader = aStreamLoader;
- }
-
-diff --git a/layout/style/nsFontFaceLoader.h b/layout/style/nsFontFaceLoader.h
-index 9cd218d..0c7473d 100644
---- a/layout/style/nsFontFaceLoader.h
-+++ b/layout/style/nsFontFaceLoader.h
-@@ -48,7 +48,7 @@ public:
-
- bool UpdateRules(const nsTArray<nsFontFaceRuleContainer>& aRules);
-
-- nsPresContext *GetPresContext() { return mPresContext; }
-+ virtual nsPresContext *GetPresContext() { return mPresContext; }
-
- virtual void ReplaceFontEntry(gfxProxyFontEntry *aProxy,
- gfxFontEntry *aFontEntry);
-diff --git a/layout/style/nsRuleNode.cpp b/layout/style/nsRuleNode.cpp
-index 64504fb..86eff1f 100644
---- a/layout/style/nsRuleNode.cpp
-+++ b/layout/style/nsRuleNode.cpp
-@@ -42,6 +42,7 @@
- #include "mozilla/dom/Element.h"
- #include "mozilla/LookAndFeel.h"
- #include "mozilla/Util.h"
-+#include "gfxUserFontSet.h"
-
- #if defined(_MSC_VER) || defined(__MINGW32__)
- #include <malloc.h>
-@@ -2954,6 +2955,7 @@ nsRuleNode::SetFont(nsPresContext* aPresContext, nsStyleContext* aContext,
- aPresContext->GetDefaultFont(kPresContext_DefaultVariableFont_ID,
- aFont->mLanguage);
-
-+ // XXX: Bleh. Disable these somehow?
- // -moz-system-font: enum (never inherit!)
- MOZ_STATIC_ASSERT(
- NS_STYLE_FONT_CAPTION == LookAndFeel::eFont_Caption &&
-@@ -3416,6 +3418,31 @@ static bool ExtractGeneric(const nsString& aFamily, bool aGeneric,
- return true;
- }
-
-+struct smugglerStruct {
-+ nsStyleFont *font;
-+ gfxUserFontSet *userFonts;
-+};
-+
-+/* This function forces the use of the first @font-face font we find */
-+static bool ForceFirstWebFont(const nsString& aFamily, bool aGeneric,
-+ void *smuggled)
-+{
-+ smugglerStruct *sm = static_cast<smugglerStruct*>(smuggled);
-+
-+ if (aGeneric) {
-+ return true;
-+ }
-+
-+ if (sm->userFonts->HasFamily(aFamily)) {
-+ // Force use of this exact @font-face font since we have it.
-+ sm->font->mFont.name = aFamily;
-+
-+ return false; // Stop enumeration.
-+ }
-+
-+ return true;
-+}
-+
- const void*
- nsRuleNode::ComputeFontData(void* aStartStruct,
- const nsRuleData* aRuleData,
-@@ -3439,14 +3466,16 @@ nsRuleNode::ComputeFontData(void* aStartStruct,
-
- bool useDocumentFonts =
- mPresContext->GetCachedBoolPref(kPresContext_UseDocumentFonts);
-+ bool isXUL = PR_FALSE;
-+ bool forcedWebFont = false;
-
- // See if we are in the chrome
- // We only need to know this to determine if we have to use the
- // document fonts (overriding the useDocumentFonts flag).
-- if (!useDocumentFonts && mPresContext->IsChrome()) {
-+ if (mPresContext->IsChrome()) {
- // if we are not using document fonts, but this is a XUL document,
- // then we use the document fonts anyway
-- useDocumentFonts = true;
-+ isXUL = true;
- }
-
- // Figure out if we are a generic font
-@@ -3460,9 +3489,28 @@ nsRuleNode::ComputeFontData(void* aStartStruct,
- // generic?
- nsFont::GetGenericID(font->mFont.name, &generic);
-
-+ if (!isXUL) {
-+ gfxUserFontSet *userFonts = mPresContext->GetUserFontSet();
-+ if (userFonts) {
-+ smugglerStruct sm;
-+ sm.userFonts = userFonts;
-+ sm.font = font;
-+
-+ if (!sm.font->mFont.EnumerateFamilies(ForceFirstWebFont, &sm)) {
-+ isXUL = true; // Always allow WebFont use.
-+ forcedWebFont = true;
-+ }
-+ }
-+ }
-+
-+ if (!forcedWebFont && generic == kGenericFont_NONE)
-+ mPresContext->AddFontAttempt(font->mFont);
-+
- // If we aren't allowed to use document fonts, then we are only entitled
- // to use the user's default variable-width font and fixed-width font
-- if (!useDocumentFonts) {
-+ if (!isXUL && (!useDocumentFonts ||
-+ mPresContext->FontAttemptCountReached(font->mFont) ||
-+ mPresContext->FontUseCountReached(font->mFont))) {
- // Extract the generic from the specified font family...
- nsAutoString genericName;
- if (!font->mFont.EnumerateFamilies(ExtractGeneric, &genericName)) {
-@@ -3498,6 +3546,8 @@ nsRuleNode::ComputeFontData(void* aStartStruct,
- font);
- }
-
-+ if (!forcedWebFont && font->mGenericID == kGenericFont_NONE)
-+ mPresContext->AddFontUse(font->mFont);
- COMPUTE_END_INHERITED(Font, font)
- }
-
---
-1.7.9.5
-
diff --git a/src/current-patches/firefox/0012-Rebrand-Firefox-to-TorBrowser.patch b/src/current-patches/firefox/0012-Rebrand-Firefox-to-TorBrowser.patch
deleted file mode 100644
index 38097b2..0000000
--- a/src/current-patches/firefox/0012-Rebrand-Firefox-to-TorBrowser.patch
+++ /dev/null
@@ -1,59 +0,0 @@
-From e04a04b7d3837b12c728a04b48be3748248e8342 Mon Sep 17 00:00:00 2001
-From: Mike Perry <mikeperry-git@xxxxxxxxxxxxxx>
-Date: Tue, 28 Aug 2012 18:05:11 -0700
-Subject: [PATCH 12/27] Rebrand Firefox to TorBrowser
-
-This patch does some basic renaming of Firefox to TorBrowser. The rest of the
-branding is done by images and icons.
----
- browser/branding/official/configure.sh | 2 +-
- browser/branding/official/locales/en-US/brand.dtd | 6 +++---
- .../official/locales/en-US/brand.properties | 6 +++---
- 3 files changed, 7 insertions(+), 7 deletions(-)
-
-diff --git a/browser/branding/official/configure.sh b/browser/branding/official/configure.sh
-index 55f3f18..33102b0 100644
---- a/browser/branding/official/configure.sh
-+++ b/browser/branding/official/configure.sh
-@@ -2,5 +2,5 @@
- # License, v. 2.0. If a copy of the MPL was not distributed with this
- # file, You can obtain one at http://mozilla.org/MPL/2.0/.
-
--MOZ_APP_DISPLAYNAME=Firefox
-+MOZ_APP_DISPLAYNAME=TorBrowser
- MOZ_UA_BUILDID=20100101
-diff --git a/browser/branding/official/locales/en-US/brand.dtd b/browser/branding/official/locales/en-US/brand.dtd
-index 8e7f6c9..76e405d 100644
---- a/browser/branding/official/locales/en-US/brand.dtd
-+++ b/browser/branding/official/locales/en-US/brand.dtd
-@@ -2,7 +2,7 @@
- - License, v. 2.0. If a copy of the MPL was not distributed with this
- - file, You can obtain one at http://mozilla.org/MPL/2.0/. -->
-
--<!ENTITY brandShortName "Firefox">
--<!ENTITY brandFullName "Mozilla Firefox">
--<!ENTITY vendorShortName "Mozilla">
-+<!ENTITY brandShortName "TorBrowser">
-+<!ENTITY brandFullName "Tor Browser">
-+<!ENTITY vendorShortName "Tor Project">
- <!ENTITY trademarkInfo.part1 "Firefox and the Firefox logos are trademarks of the Mozilla Foundation.">
-diff --git a/browser/branding/official/locales/en-US/brand.properties b/browser/branding/official/locales/en-US/brand.properties
-index 4a67c55..9ae168e 100644
---- a/browser/branding/official/locales/en-US/brand.properties
-+++ b/browser/branding/official/locales/en-US/brand.properties
-@@ -2,9 +2,9 @@
- # License, v. 2.0. If a copy of the MPL was not distributed with this
- # file, You can obtain one at http://mozilla.org/MPL/2.0/.
-
--brandShortName=Firefox
--brandFullName=Mozilla Firefox
--vendorShortName=Mozilla
-+brandShortName=TorBrowser
-+brandFullName=Tor Browser
-+vendorShortName=Tor Project
-
- homePageSingleStartMain=Firefox Start, a fast home page with built-in search
- homePageImport=Import your home page from %S
---
-1.7.5.4
-
diff --git a/src/current-patches/firefox/0013-Make-Download-manager-memory-only.patch b/src/current-patches/firefox/0013-Make-Download-manager-memory-only.patch
deleted file mode 100644
index 4959935..0000000
--- a/src/current-patches/firefox/0013-Make-Download-manager-memory-only.patch
+++ /dev/null
@@ -1,57 +0,0 @@
-From 5f9d765db5e0f09fd64c710644dfed872cec3942 Mon Sep 17 00:00:00 2001
-From: Mike Perry <mikeperry-git@xxxxxxxxxxxxxx>
-Date: Tue, 4 Dec 2012 16:05:55 -0800
-Subject: [PATCH 13/27] Make Download manager memory only.
-
-Solves https://trac.torproject.org/projects/tor/ticket/4017.
-
-Yes, this is an ugly hack. We *could* send the observer notification from
-Torbutton to tell the download manager to switch to memory, but then we have
-to dance around and tell it again if the user switches in and out of private
-browsing mode..
-
-The right way to do this is with a pref. Maybe I'll get to that someday, if
-this breaks enough times in conflict.
----
- toolkit/components/downloads/nsDownloadManager.cpp | 4 ++--
- toolkit/components/downloads/nsDownloadManager.h | 2 +-
- 2 files changed, 3 insertions(+), 3 deletions(-)
-
-diff --git a/toolkit/components/downloads/nsDownloadManager.cpp b/toolkit/components/downloads/nsDownloadManager.cpp
-index 024686f..7845544 100644
---- a/toolkit/components/downloads/nsDownloadManager.cpp
-+++ b/toolkit/components/downloads/nsDownloadManager.cpp
-@@ -2002,7 +2002,7 @@ nsDownloadManager::Observe(nsISupports *aSubject,
- if (NS_LITERAL_STRING("memory").Equals(aData))
- return SwitchDatabaseTypeTo(DATABASE_MEMORY);
- else if (NS_LITERAL_STRING("disk").Equals(aData))
-- return SwitchDatabaseTypeTo(DATABASE_DISK);
-+ return SwitchDatabaseTypeTo(DATABASE_MEMORY);
- }
- else if (strcmp(aTopic, "alertclickcallback") == 0) {
- nsCOMPtr<nsIDownloadManagerUI> dmui =
-@@ -2079,7 +2079,7 @@ nsDownloadManager::OnLeavePrivateBrowsingMode()
- (void)ResumeAllDownloads(false);
-
- // Switch back to the on-disk DB again
-- (void)SwitchDatabaseTypeTo(DATABASE_DISK);
-+ //(void)SwitchDatabaseTypeTo(DATABASE_DISK);
-
- mInPrivateBrowsing = false;
- }
-diff --git a/toolkit/components/downloads/nsDownloadManager.h b/toolkit/components/downloads/nsDownloadManager.h
-index bbe7f39..6bdad89 100644
---- a/toolkit/components/downloads/nsDownloadManager.h
-+++ b/toolkit/components/downloads/nsDownloadManager.h
-@@ -54,7 +54,7 @@ public:
-
- virtual ~nsDownloadManager();
- nsDownloadManager() :
-- mDBType(DATABASE_DISK)
-+ mDBType(DATABASE_MEMORY)
- , mInPrivateBrowsing(false)
- #ifdef DOWNLOAD_SCANNER
- , mScanner(nullptr)
---
-1.7.5.4
-
diff --git a/src/current-patches/firefox/0014-Add-DDG-and-StartPage-to-Omnibox.patch b/src/current-patches/firefox/0014-Add-DDG-and-StartPage-to-Omnibox.patch
deleted file mode 100644
index e97642e..0000000
--- a/src/current-patches/firefox/0014-Add-DDG-and-StartPage-to-Omnibox.patch
+++ /dev/null
@@ -1,103 +0,0 @@
-From 9e6ade2c9a98d97536cbda15be33432ca8ef8215 Mon Sep 17 00:00:00 2001
-From: Mike Perry <mikeperry-git@xxxxxxxxxxxxxx>
-Date: Wed, 25 Apr 2012 15:03:46 -0700
-Subject: [PATCH 11/38] Add DDG and StartPage to Omnibox.
-
-You mean there are search engines that don't require captchas if you don't
-have a cookie? Holy crap. Get those in there now.
----
- .../en-US/chrome/browser-region/region.properties | 8 +++---
- browser/locales/en-US/searchplugins/duckduckgo.xml | 29 ++++++++++++++++++++++
- browser/locales/en-US/searchplugins/list.txt | 2 ++
- browser/locales/en-US/searchplugins/startpage.xml | 11 ++++++++
- 4 files changed, 46 insertions(+), 4 deletions(-)
- create mode 100644 browser/locales/en-US/searchplugins/duckduckgo.xml
- create mode 100644 browser/locales/en-US/searchplugins/startpage.xml
-
-diff --git a/browser/locales/en-US/chrome/browser-region/region.properties b/browser/locales/en-US/chrome/browser-region/region.properties
-index c3a980c..9c21f04 100644
---- a/browser/locales/en-US/chrome/browser-region/region.properties
-+++ b/browser/locales/en-US/chrome/browser-region/region.properties
-@@ -3,12 +3,12 @@
- # file, You can obtain one at http://mozilla.org/MPL/2.0/.
-
- # Default search engine
--browser.search.defaultenginename=Google
-+browser.search.defaultenginename=Startpage
-
- # Search engine order (order displayed in the search bar dropdown)s
--browser.search.order.1=Google
--browser.search.order.2=Yahoo
--browser.search.order.3=Bing
-+browser.search.order.1=Startpage
-+browser.search.order.2=DuckDuckGo
-+browser.search.order.3=Google
-
- # This is the default set of web based feed handlers shown in the reader
- # selection UI
-diff --git a/browser/locales/en-US/searchplugins/duckduckgo.xml b/browser/locales/en-US/searchplugins/duckduckgo.xml
-new file mode 100644
-index 0000000..4f00b4d
---- /dev/null
-+++ b/browser/locales/en-US/searchplugins/duckduckgo.xml
-@@ -0,0 +1,29 @@
-+<SearchPlugin xmlns="http://www.mozilla.org/2006/browser/search/">
-+<ShortName>DuckDuckGo</ShortName>
-+<Description>Duck Duck Go</Description>
-+<InputEncoding>UTF-8</InputEncoding>
-+<Image width="16" height="16">data:image/png;base64,AAABAAEAEBAAAAEAIABoBAAAFgAAACgAAAAQAAAAIAAAAAEAIAAAAAAAAAAAANcNAADXDQAAAAAA
-+AAAAAAAAAAAAAAAAAAAAAAAAAAAAJyDsJmlk8pf6+v3s/v7+++zr/fcnIOyzJyDsgCcg7CYAAAAA
-+AAAAAAAAAAAAAAAAAAAAAAAAAAAnIOwBJyDscCcg7PZttJ7/7Pfs//////++xO7/S5GA/ycg7P8n
-+IOz2JyDscCcg7AEAAAAAAAAAAAAAAAAnIOwBJyDstScg7P8nIOz/Y8p5/2fHZf9Yv0z/YcF2/1rB
-+Uv8nIOz/JyDs/ycg7P8nIOy1JyDsAQAAAAAAAAAAJyDscCcg7P8nIOz/JyDs/4jQoP/p9+n/////
-+/05X3v9LkYD/JyDs/ycg7P8nIOz/JyDs/ycg7HAAAAAAJyDsJicg7PYnIOz/JyDs/zUu7f/+/v//
-+//////////89N+7/JyDs/yUo7f8nIOz/JyDs/ycg7P8nIOz2JyDsJicg7IAnIOz/JyDs/ycg7P9h
-+XPH////////////t/P//GIr2/wfD+/8Gyfz/DKv5/yM57/8nIOz/JyDs/ycg7H8nIOyzJyDs/ycg
-+7P8nIOz/jov1////////////Otz9/w3G/P8cWfH/JSvt/ycg7P8nIOz/JyDs/ycg7P8nIOyzJyDs
-+5icg7P8nIOz/JyDs/7u5+f///////////27l/v8E0v3/BNL9/wTQ/f8Oofn/IT7v/ycg7P8nIOz/
-+JyDs5icg7OYnIOz/JyDs/ycg7P/p6P3/uWsC////////////5fr//6Po/f8Thfb/DKv5/w6f+f8n IOz/JyDs/ycg7OYnIOyzJyDs/ycg7P8nIOz/9/b+/////////////////7lrAv/V1Pv/JyDs/ycg
-+7P8nIOz/JyDs/ycg7P8nIOyzJyDsgCcg7P8nIOz/JyDs/8/N+///////////////////////iIX1
-+/ycg7P8nIOz/JyDs/ycg7P8nIOz/JyDsfycg7CYnIOz2JyDs/ycg7P9FP+7/q6n4/+7u/f/n5v3/
-+fXn0/yoj7P8nIOz/JyDs/ycg7P8nIOz/JyDs9icg7CYAAAAAJyDscCcg7P8nIOz/wsD6/+no/f/Y
-+1/z/eHTz/ycg7P8nIOz/JyDs/ycg7P8nIOz/JyDs/ycg7HAAAAAAAAAAACcg7AEnIOy1JyDs/ycg
-+7P8nIOz/JyDs/ycg7P8nIOz/JyDs/ycg7P8nIOz/JyDs/ycg7LUnIOwBAAAAAAAAAAAAAAAAJyDs
-+AScg7HAnIOz2JyDs/ycg7P8nIOz/JyDs/ycg7P8nIOz/JyDs9icg7HAnIOwBAAAAAAAAAAAAAAAA
-+AAAAAAAAAAAAAAAAJyDsJicg7IAnIOyzJyDs5icg7OYnIOyzJyDsgCcg7CYAAAAAAAAAAAAAAAAA
-+AAAA+B8AAPAPAADAAwAAwAMAAIABAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAABAACAAQAAwAMAAMAD
-+AADwDwAA+B8AAA==</Image>
-+<Url type="text/html" method="POST" template="https://duckduckgo.com/html/">
-+ <Param name="q" value="{searchTerms}"/>
-+</Url>
-+<SearchForm>https://duckduckgo.com/html/</SearchForm>
-+</SearchPlugin>
-diff --git a/browser/locales/en-US/searchplugins/list.txt b/browser/locales/en-US/searchplugins/list.txt
-index 2a1141a..0466f4e 100644
---- a/browser/locales/en-US/searchplugins/list.txt
-+++ b/browser/locales/en-US/searchplugins/list.txt
-@@ -1,7 +1,9 @@
- amazondotcom
- bing
-+duckduckgo
- eBay
- google
-+startpage
- twitter
- wikipedia
- yahoo
-diff --git a/browser/locales/en-US/searchplugins/startpage.xml b/browser/locales/en-US/searchplugins/startpage.xml
-new file mode 100644
-index 0000000..a323fdf
---- /dev/null
-+++ b/browser/locales/en-US/searchplugins/startpage.xml
-@@ -0,0 +1,11 @@
-+<SearchPlugin xmlns="http://www.mozilla.org/2006/browser/search/">
-+<ShortName>Startpage</ShortName>
-+<Description>Start Page</Description>
-+<InputEncoding>UTF-8</InputEncoding>
-+<Image width="16" height="16">data:image/png;base64,AAABAAEAEBAAAAEAIABoBAAAFgAAACgAAAAQAAAAIAAAAAEAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD2jkj+9YtD/vWLQ/71i0P+9otD/vaLRP72i0T+9YtE/vWLRP72i0T+9otD/vaNRP72jUT+9otF/vaLRf73kkv+9Yc///WJP//1iT//9Yk///rAmf/94Mz/+sCa//aRTv/1iUH/9ok///aJP//2i0H/9otB//aJQv/2iUL/9otC//aNRP/2jUT/9o1E//aNRP/6wpv////////////96dr/95dQ//aNRP/2kET/9pBG//aQRv/2kEb/9pBG//aRR//3lEz/95BH//mueP/7xJ3/959g//efYf/4p23//vDm//3p2//3kEr/95FJ//aRSf/niFH/95FK//aRSv/2mE//95hS/vq4iP/////////////////81bj/95xZ//q4iP//////+bF+//eZT//njFT/PSqi/2xGjv/2mVD/951V/vedVv783cX///////vQrf/++PP///////748//+8uj///////m3gf/olFr/PSuj/w8Pt/9sSJD/951V//eeWf73oVv++8ul///////5sXf/+KRi//vRsf////////////3r3v/olF//Piyk/w8Pt/9sSJH/+J5Z//ieWv/3oV/++KZf/vihXP/97N7//vn0//zTs//6wJP/+bBy//q6iP/onW//Piyl/w8Pt/8fGbH/m2iB/+icY//4pGD/96hl/viqZf74pmD/+Kxr//3iy/////////n1//ivbP/onGj/Pi2m/w8Pt/8uJKz/fFeQ/x8Zsf8+Lqb/6J9r//ivbP74rm3++Klm//mpZv/5q2f/+bR9//m0e//poW7/Pi6n/w8Pt/9sTZj/+Ktp//ira/+rd4P/Dw+3/4xijv/5snH++LN1/vmv
bf/5r23/+a5t//mvb//4r2//TTuk/w8Pt/8fGrL/6ah1//ivcP/4r3P/q3yI/w8Pt/+MZpP/+bN5/vm4ev75t3X/+bV1//m1df/5t3X/+Ld3/8qUhP98XZn/Hxqz/+mse//5t3f/2p+B/x8as/8PD7f/u4qK//m7fv76u4D++bl7//m3fP/5uXz/+bl8//m5fP/5t3z/+bl//x8as/9NPKf/fWCb/x8as/8PD7f/bVOh//q5f//6v4X++sGI/vm9g//5voX/+b6F//m9hf/6vYX/+r6F//nCh/+bepr/Hxu0/w8Pt/8PD7f/fWOh//q+hf/6wof/+saN/vrGjf75xIv/+ceL//nEi//5xIv/+sSL//rHi//6x43/+ceN/+m7kP+7lpj/6ruQ//rHkP/6x43/+seQ//rLlf76ypT++seR//rJkf/6yZH/+seR//rJkf/6yZH/+8mR//vJlP/7yZT/+smU//rJlP/6yZT/+8yV//rJlf/6zpn+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==</Image>
-+
-+<Url type="text/html" method="POST" template="https://startpage.com/rto/search">
-+ <Param name="q" value="{searchTerms}"/>
-+</Url>
-+<SearchForm>https://startpage.com/rto/search/</SearchForm>
-+</SearchPlugin>
diff --git a/src/current-patches/firefox/0015-Make-nsICacheService.EvictEntries-synchronous.patch b/src/current-patches/firefox/0015-Make-nsICacheService.EvictEntries-synchronous.patch
deleted file mode 100644
index f16e57b..0000000
--- a/src/current-patches/firefox/0015-Make-nsICacheService.EvictEntries-synchronous.patch
+++ /dev/null
@@ -1,43 +0,0 @@
-From 865601ec4faab63762f896c39fac69ee133d8023 Mon Sep 17 00:00:00 2001
-From: Mike Perry <mikeperry-git@xxxxxxxxxxxxxx>
-Date: Tue, 4 Dec 2012 16:25:52 -0800
-Subject: [PATCH 15/27] Make nsICacheService.EvictEntries synchronous
-
-This fixes a race condition that allows cache-based EverCookies to persist for
-a brief time (on the order of minutes?) after cache clearing/"New Identity".
-
-https://trac.torproject.org/projects/tor/ticket/5715
----
- netwerk/cache/nsCacheService.cpp | 16 +++++++++++++++-
- 1 files changed, 15 insertions(+), 1 deletions(-)
-
-diff --git a/netwerk/cache/nsCacheService.cpp b/netwerk/cache/nsCacheService.cpp
-index e88de40..5035f68 100644
---- a/netwerk/cache/nsCacheService.cpp
-+++ b/netwerk/cache/nsCacheService.cpp
-@@ -1555,7 +1555,21 @@ NS_IMETHODIMP nsCacheService::VisitEntries(nsICacheVisitor *visitor)
-
- NS_IMETHODIMP nsCacheService::EvictEntries(nsCacheStoragePolicy storagePolicy)
- {
-- return EvictEntriesForClient(nullptr, storagePolicy);
-+ NS_IMETHODIMP r;
-+ r = EvictEntriesForClient(nullptr, storagePolicy);
-+
-+ // XXX: Bloody hack until we get this notifier in FF14.0:
-+ // https://developer.mozilla.org/en/XPCOM_Interface_Reference/nsICacheListener#onCacheEntryDoomed%28%29
-+ if (storagePolicy == nsICache::STORE_ANYWHERE &&
-+ NS_IsMainThread() && gService && gService->mInitialized) {
-+ nsCacheServiceAutoLock lock(LOCK_TELEM(NSCACHESERVICE_EVICTENTRIESFORCLIENT));
-+ gService->mClearingEntries = true;
-+ gService->DoomActiveEntries();
-+ gService->ClearDoomList();
-+ (void) SyncWithCacheIOThread();
-+ gService->mClearingEntries = false;
-+ }
-+ return r;
- }
-
- NS_IMETHODIMP nsCacheService::GetCacheIOTarget(nsIEventTarget * *aCacheIOTarget)
---
-1.7.5.4
-
diff --git a/src/current-patches/firefox/0016-Prevent-WebSocket-DNS-leak.patch b/src/current-patches/firefox/0016-Prevent-WebSocket-DNS-leak.patch
deleted file mode 100644
index 68cad05..0000000
--- a/src/current-patches/firefox/0016-Prevent-WebSocket-DNS-leak.patch
+++ /dev/null
@@ -1,133 +0,0 @@
-From 1c0ac4187521b5ee7f6de1a11df3bbc400fa1b53 Mon Sep 17 00:00:00 2001
-From: Mike Perry <mikeperry-git@xxxxxxxxxxxxxx>
-Date: Tue, 28 Aug 2012 18:07:37 -0700
-Subject: [PATCH 16/27] Prevent WebSocket DNS leak.
-
-This is due to an improper implementation of the WebSocket spec by Mozilla.
-
-"There MUST be no more than one connection in a CONNECTING state. If multiple
-connections to the same IP address are attempted simultaneously, the client
-MUST serialize them so that there is no more than one connection at a time
-running through the following steps.
-
-If the client cannot determine the IP address of the remote host (for
-example, because all communication is being done through a proxy server that
-performs DNS queries itself), then the client MUST assume for the purposes of
-this step that each host name refers to a distinct remote host,"
-
-https://tools.ietf.org/html/rfc6455#page-15
-
-They implmented the first paragraph, but not the second...
-
-While we're at it, we also prevent the DNS service from being used to look up
-anything other than IP addresses if socks_remote_dns is set to true, so this
-bug can't turn up in other components or due to 3rd party addons.
----
- netwerk/dns/nsDNSService2.cpp | 24 ++++++++++++++++++++++-
- netwerk/dns/nsDNSService2.h | 1 +
- netwerk/protocol/websocket/WebSocketChannel.cpp | 8 +++++-
- 3 files changed, 30 insertions(+), 3 deletions(-)
-
-diff --git a/netwerk/dns/nsDNSService2.cpp b/netwerk/dns/nsDNSService2.cpp
-index 114af2e..4d66dc5 100644
---- a/netwerk/dns/nsDNSService2.cpp
-+++ b/netwerk/dns/nsDNSService2.cpp
-@@ -374,6 +374,7 @@ nsDNSService::Init()
- bool enableIDN = true;
- bool disableIPv6 = false;
- bool disablePrefetch = false;
-+ bool disableDNS = false;
- int proxyType = nsIProtocolProxyService::PROXYCONFIG_DIRECT;
-
- nsAdoptingCString ipv4OnlyDomains;
-@@ -399,6 +400,10 @@ nsDNSService::Init()
-
- // If a manual proxy is in use, disable prefetch implicitly
- prefs->GetIntPref("network.proxy.type", &proxyType);
-+
-+ // If the user wants remote DNS, we should fail any lookups that still
-+ // make it here.
-+ prefs->GetBoolPref("network.proxy.socks_remote_dns", &disableDNS);
- }
-
- if (mFirstTime) {
-@@ -419,7 +424,7 @@ nsDNSService::Init()
-
- // Monitor these to see if there is a change in proxy configuration
- // If a manual proxy is in use, disable prefetch implicitly
-- prefs->AddObserver("network.proxy.type", this, false);
-+ prefs->AddObserver("network.proxy.", this, false);
- }
- }
-
-@@ -448,6 +453,7 @@ nsDNSService::Init()
- mIDN = idn;
- mIPv4OnlyDomains = ipv4OnlyDomains; // exchanges buffer ownership
- mDisableIPv6 = disableIPv6;
-+ mDisableDNS = disableDNS;
-
- // Disable prefetching either by explicit preference or if a manual proxy is configured
- mDisablePrefetch = disablePrefetch || (proxyType == nsIProtocolProxyService::PROXYCONFIG_MANUAL);
-@@ -573,6 +579,14 @@ nsDNSService::AsyncResolve(const nsACString &hostname,
- if (mDisablePrefetch && (flags & RESOLVE_SPECULATE))
- return NS_ERROR_DNS_LOOKUP_QUEUE_FULL;
-
-+ PRNetAddr tempAddr;
-+ if (mDisableDNS) {
-+ // Allow IP lookups through, but nothing else.
-+ if (PR_StringToNetAddr(hostname.BeginReading(), &tempAddr) != PR_SUCCESS) {
-+ return NS_ERROR_UNKNOWN_PROXY_HOST; // XXX: NS_ERROR_NOT_IMPLEMENTED?
-+ }
-+ }
-+
- res = mResolver;
- idn = mIDN;
- localDomain = mLocalDomains.GetEntry(hostname);
-@@ -669,6 +683,14 @@ nsDNSService::Resolve(const nsACString &hostname,
- }
- NS_ENSURE_TRUE(res, NS_ERROR_OFFLINE);
-
-+ PRNetAddr tempAddr;
-+ if (mDisableDNS) {
-+ // Allow IP lookups through, but nothing else.
-+ if (PR_StringToNetAddr(hostname.BeginReading(), &tempAddr) != PR_SUCCESS) {
-+ return NS_ERROR_UNKNOWN_PROXY_HOST; // XXX: NS_ERROR_NOT_IMPLEMENTED?
-+ }
-+ }
-+
- const nsACString *hostPtr = &hostname;
-
- if (localDomain) {
-diff --git a/netwerk/dns/nsDNSService2.h b/netwerk/dns/nsDNSService2.h
-index 26d0939..c62c9dd 100644
---- a/netwerk/dns/nsDNSService2.h
-+++ b/netwerk/dns/nsDNSService2.h
-@@ -41,5 +41,6 @@ private:
- bool mDisableIPv6;
- bool mDisablePrefetch;
- bool mFirstTime;
-+ bool mDisableDNS;
- nsTHashtable<nsCStringHashKey> mLocalDomains;
- };
-diff --git a/netwerk/protocol/websocket/WebSocketChannel.cpp b/netwerk/protocol/websocket/WebSocketChannel.cpp
-index 56a71ab..345df6e 100644
---- a/netwerk/protocol/websocket/WebSocketChannel.cpp
-+++ b/netwerk/protocol/websocket/WebSocketChannel.cpp
-@@ -2157,8 +2157,12 @@ WebSocketChannel::ApplyForAdmission()
- LOG(("WebSocketChannel::ApplyForAdmission: checking for concurrent open\n"));
- nsCOMPtr<nsIThread> mainThread;
- NS_GetMainThread(getter_AddRefs(mainThread));
-- dns->AsyncResolve(hostName, 0, this, mainThread, getter_AddRefs(mDNSRequest));
-- NS_ENSURE_SUCCESS(rv, rv);
-+ rv = dns->AsyncResolve(hostName, 0, this, mainThread, getter_AddRefs(mDNSRequest));
-+ if (NS_FAILED(rv)) {
-+ // Fall back to hostname on dispatch failure
-+ mDNSRequest = nullptr;
-+ OnLookupComplete(nullptr, nullptr, rv);
-+ }
-
- return NS_OK;
- }
---
-1.7.5.4
-
diff --git a/src/current-patches/firefox/0017-Randomize-HTTP-request-order-and-pipeline-depth.patch b/src/current-patches/firefox/0017-Randomize-HTTP-request-order-and-pipeline-depth.patch
deleted file mode 100644
index 11d0e47..0000000
--- a/src/current-patches/firefox/0017-Randomize-HTTP-request-order-and-pipeline-depth.patch
+++ /dev/null
@@ -1,791 +0,0 @@
-From aa6534432718dae0e3810dc441fc797ecf809c6e Mon Sep 17 00:00:00 2001
-From: Mike Perry <mikeperry-git@xxxxxxxxxxxxxx>
-Date: Tue, 4 Dec 2012 17:38:51 -0800
-Subject: [PATCH 17/28] Randomize HTTP request order and pipeline depth.
-
-This is an experimental defense against Website Traffic Fingerprinting:
-http://lorre.uni.lu/~andriy/papers/acmccs-wpes11-fingerprinting.pdf
-
-See:
-https://blog.torproject.org/blog/experimental-defense-website-traffic-fingerprinting
-
-This patch is different from the approach described in that post, as well as
-the 10.x ESR patch, as the pipelining code has changed significantly between
-the time of writing of that post and Firefox 17.
-
-The main control nob for this patch is now the about:config pref
-"network.http.pipelining.max-optimistic-requests". The value of that pref
-represents the minimum number of pipelined requests we will attempt to batch
-together.
-
-The total outstanding pipeline size is randomized between that value and
-"network.http.pipelining.maxrequests" on a per-host basis.
-
-Care must be taken when evaluating this defense, as pipeline behavior is
-extremely sensitive to browser performance. In fact, a debug build alone is
-enough to significantly impair request availability to the pipeline (due
-slower document parsing and rendering). For this reason, we provide two
-separate debug log defines. For most evaluation circumstances, you want to
-define only WTF_TEST in an optimized build to only log request order,
-combination behavior, and cases where the pipeline is forcibly disabled.
-
-This patch may also have some minor impact on SPDY request order, but the SPDY
-implementation has not been altered directly. It has several stream queues
-that may also benefit from reordering and batching, as well as a more compact
-request representation that will allow more requests to be packed inside Tor
-cells. If you have interest in evaluating SPDY in a study of Website Traffic
-Fingerprinting, please contact me.
----
- netwerk/protocol/http/nsHttpConnectionMgr.cpp | 351 +++++++++++++++++--------
- netwerk/protocol/http/nsHttpConnectionMgr.h | 15 +-
- netwerk/protocol/http/nsHttpHandler.h | 2 +
- netwerk/protocol/http/nsHttpPipeline.cpp | 62 ++++-
- netwerk/protocol/http/nsHttpPipeline.h | 3 +
- 5 files changed, 327 insertions(+), 106 deletions(-)
-
-diff --git a/netwerk/protocol/http/nsHttpConnectionMgr.cpp b/netwerk/protocol/http/nsHttpConnectionMgr.cpp
-index 133c301..c98894c 100644
---- a/netwerk/protocol/http/nsHttpConnectionMgr.cpp
-+++ b/netwerk/protocol/http/nsHttpConnectionMgr.cpp
-@@ -20,6 +20,8 @@
- #include "prnetdb.h"
- #include "mozilla/Telemetry.h"
-
-+#include <stdlib.h>
-+
- using namespace mozilla;
- using namespace mozilla::net;
-
-@@ -39,15 +41,26 @@ InsertTransactionSorted(nsTArray<nsHttpTransaction*> &pendingQ, nsHttpTransactio
- // insert into queue with smallest valued number first. search in reverse
- // order under the assumption that many of the existing transactions will
- // have the same priority (usually 0).
-+ uint32_t len = pendingQ.Length();
-
-- for (int32_t i=pendingQ.Length()-1; i>=0; --i) {
-- nsHttpTransaction *t = pendingQ[i];
-- if (trans->Priority() >= t->Priority()) {
-- pendingQ.InsertElementAt(i+1, trans);
-- return;
-- }
-+ if (pendingQ.IsEmpty()) {
-+ pendingQ.InsertElementAt(0, trans);
-+ return;
- }
-+
- pendingQ.InsertElementAt(0, trans);
-+
-+ // FIXME: Refactor into standalone helper (for nsHttpPipeline)
-+ // Or at least simplify this function if this shuffle ends up
-+ // being an improvement.
-+ uint32_t i = 0;
-+ for (i=0; i < len; ++i) {
-+ uint32_t ridx = rand() % len;
-+
-+ nsHttpTransaction *tmp = pendingQ[i];
-+ pendingQ[i] = pendingQ[ridx];
-+ pendingQ[ridx] = tmp;
-+ }
- }
-
- //-----------------------------------------------------------------------------
-@@ -919,22 +932,27 @@ nsHttpConnectionMgr::ProcessPendingQForEntry(nsConnectionEntry *ent)
- nsHttpTransaction *trans;
- nsresult rv;
- bool dispatchedSuccessfully = false;
-+ int dispatchCount = 0;
-+ int total = count;
-
- // iterate the pending list until one is dispatched successfully. Keep
- // iterating afterwards only until a transaction fails to dispatch.
- for (uint32_t i = 0; i < count; ++i) {
- trans = ent->mPendingQ[i];
-
-- // When this transaction has already established a half-open
-+ // When this entry has already established a half-open
- // connection, we want to prevent any duplicate half-open
- // connections from being established and bound to this
-- // transaction. Allow only use of an idle persistent connection
-- // (if found) for transactions referred by a half-open connection.
-+ // transaction.
- bool alreadyHalfOpen = false;
-- for (int32_t j = 0; j < ((int32_t) ent->mHalfOpens.Length()); ++j) {
-- if (ent->mHalfOpens[j]->Transaction() == trans) {
-- alreadyHalfOpen = true;
-- break;
-+ if (ent->SupportsPipelining()) {
-+ alreadyHalfOpen = (ent->UnconnectedHalfOpens() > 0);
-+ } else {
-+ for (int32_t j = 0; j < ((int32_t) ent->mHalfOpens.Length()); ++j) {
-+ if (ent->mHalfOpens[j]->Transaction() == trans) {
-+ alreadyHalfOpen = true;
-+ break;
-+ }
- }
- }
-
-@@ -953,16 +971,29 @@ nsHttpConnectionMgr::ProcessPendingQForEntry(nsConnectionEntry *ent)
- dispatchedSuccessfully = true;
- count = ent->mPendingQ.Length();
- --i;
-+ dispatchCount++;
- continue;
- }
-
-- if (dispatchedSuccessfully)
-- return true;
-+ // We want to keep walking the dispatch table to ensure requests
-+ // get combined properly.
-+ //if (dispatchedSuccessfully) {
-+ // return true;
-+ //}
-
- NS_ABORT_IF_FALSE(count == ((int32_t) ent->mPendingQ.Length()),
- "something mutated pending queue from "
- "GetConnection()");
- }
-+
-+#ifdef WTF_DEBUG
-+ if (dispatchedSuccessfully) {
-+ fprintf(stderr, "WTF-queue: Dispatched %d/%d pending transactions for %s\n",
-+ dispatchCount, total, ent->mConnInfo->Host());
-+ return true;
-+ }
-+#endif
-+
- return false;
- }
-
-@@ -1247,6 +1278,10 @@ nsHttpConnectionMgr::MakeNewConnection(nsConnectionEntry *ent,
- if (AtActiveConnectionLimit(ent, trans->Caps()))
- return NS_ERROR_NOT_AVAILABLE;
-
-+#ifdef WTF_DEBUG
-+ fprintf(stderr, "WTF: MakeNewConnection() is creating a transport (pipelines %d) for host %s\n",
-+ ent->SupportsPipelining(), ent->mConnInfo->Host());
-+#endif
- nsresult rv = CreateTransport(ent, trans, trans->Caps(), false);
- if (NS_FAILED(rv)) {
- /* hard failure */
-@@ -1263,7 +1298,7 @@ nsHttpConnectionMgr::MakeNewConnection(nsConnectionEntry *ent,
- }
-
- bool
--nsHttpConnectionMgr::AddToShortestPipeline(nsConnectionEntry *ent,
-+nsHttpConnectionMgr::AddToBestPipeline(nsConnectionEntry *ent,
- nsHttpTransaction *trans,
- nsHttpTransaction::Classifier classification,
- uint16_t depthLimit)
-@@ -1300,40 +1335,100 @@ nsHttpConnectionMgr::AddToShortestPipeline(nsConnectionEntry *ent,
- if (maxdepth < 2)
- return false;
-
-- nsAHttpTransaction *activeTrans;
-+ // Find out how many requests of this class we have
-+ uint32_t sameClass = 0;
-+ uint32_t allClasses = ent->mPendingQ.Length();
-+ for (uint32_t i = 0; i < allClasses; ++i) {
-+ if (trans != ent->mPendingQ[i] &&
-+ classification == ent->mPendingQ[i]->Classification()) {
-+ sameClass++;
-+ }
-+ }
-
-+ nsAHttpTransaction *activeTrans;
-+ nsHttpPipeline *pipeline;
- nsHttpConnection *bestConn = nullptr;
- uint32_t activeCount = ent->mActiveConns.Length();
-- uint32_t bestConnLength = 0;
-- uint32_t connLength;
-+ uint32_t pipelineDepth;
-+ uint32_t requestLen;
-+ uint32_t totalDepth = 0;
-+
-+ // Now, try to find the best pipeline
-+ nsTArray<nsHttpConnection *> validConns;
-+ nsTArray<nsHttpConnection *> betterConns;
-+ nsTArray<nsHttpConnection *> bestConns;
-+ uint32_t numPipelines = 0;
-
- for (uint32_t i = 0; i < activeCount; ++i) {
- nsHttpConnection *conn = ent->mActiveConns[i];
-- if (!conn->SupportsPipelining())
-- continue;
-
-- if (conn->Classification() != classification)
-+ if (!conn->SupportsPipelining())
- continue;
-
- activeTrans = conn->Transaction();
-+
- if (!activeTrans ||
- activeTrans->IsDone() ||
- NS_FAILED(activeTrans->Status()))
- continue;
-
-- connLength = activeTrans->PipelineDepth();
-+ pipeline = activeTrans->QueryPipeline();
-+ if (!pipeline)
-+ continue;
-+
-+ numPipelines++;
-
-- if (maxdepth <= connLength)
-+ pipelineDepth = activeTrans->PipelineDepth();
-+ requestLen = pipeline->RequestDepth();
-+
-+ totalDepth += pipelineDepth;
-+
-+ // If we're within striking distance of our pipeline
-+ // packaging goal, give a little slack on the depth
-+ // limit to allow us to try to get there. Don't give
-+ // too much slack, though, or we'll tend to have
-+ // request packages of the same size when we have
-+ // many content elements appear at once.
-+ if (maxdepth +
-+ PR_MIN(mMaxOptimisticPipelinedRequests,
-+ requestLen + allClasses)
-+ <= pipelineDepth)
- continue;
-
-- if (!bestConn || (connLength < bestConnLength)) {
-- bestConn = conn;
-- bestConnLength = connLength;
-- }
-- }
-+ validConns.AppendElement(conn);
-+
-+ // Prefer a pipeline that either has at least two requests
-+ // queued already, or for which we can add multiple requests
-+ if (requestLen + allClasses < mMaxOptimisticPipelinedRequests)
-+ continue;
-+
-+ betterConns.AppendElement(conn);
-+
-+ // Prefer a pipeline with the same classification if
-+ // our current classes will put it over the line
-+ if (conn->Classification() != classification)
-+ continue;
-+ if (requestLen + sameClass < mMaxOptimisticPipelinedRequests)
-+ continue;
-
-- if (!bestConn)
-+ bestConns.AppendElement(conn);
-+ }
-+
-+ const char *type;
-+ if (bestConns.Length()) {
-+ type = "best";
-+ bestConn = bestConns[rand()%bestConns.Length()];
-+ } else if (betterConns.Length()) {
-+ type = "better";
-+ bestConn = betterConns[rand()%betterConns.Length()];
-+ } else if (validConns.Length() && totalDepth == 0) {
-+ // We only use valid conns if it's a last resort
-+ // (No other requests are pending or in flight)
-+ type = "valid";
-+ bestConn = validConns[rand()%validConns.Length()];
-+ } else {
- return false;
-+ }
-
- activeTrans = bestConn->Transaction();
- nsresult rv = activeTrans->AddTransaction(trans);
-@@ -1343,6 +1438,15 @@ nsHttpConnectionMgr::AddToShortestPipeline(nsConnectionEntry *ent,
- LOG((" scheduling trans %p on pipeline at position %d\n",
- trans, trans->PipelinePosition()));
-
-+#ifdef WTF_DEBUG
-+ pipeline = activeTrans->QueryPipeline();
-+ fprintf(stderr,
-+ "WTF-depth: Added trans to %s of %d/%d/%d/%d pipelines. Request len %d/%d/%d for %s\n",
-+ type, bestConns.Length(), betterConns.Length(), validConns.Length(),
-+ numPipelines, pipeline->RequestDepth(), activeTrans->PipelineDepth(),
-+ maxdepth, ent->mConnInfo->Host());
-+#endif
-+
- if ((ent->PipelineState() == PS_YELLOW) && (trans->PipelinePosition() > 1))
- ent->SetYellowConnection(bestConn);
- return true;
-@@ -1403,26 +1507,12 @@ nsHttpConnectionMgr::TryDispatchTransaction(nsConnectionEntry *ent,
- nsHttpTransaction::Classifier classification = trans->Classification();
- uint8_t caps = trans->Caps();
-
-+ bool allowNewPipelines = true;
-+
- // no keep-alive means no pipelines either
- if (!(caps & NS_HTTP_ALLOW_KEEPALIVE))
- caps = caps & ~NS_HTTP_ALLOW_PIPELINING;
-
-- // 0 - If this should use spdy then dispatch it post haste.
-- // 1 - If there is connection pressure then see if we can pipeline this on
-- // a connection of a matching type instead of using a new conn
-- // 2 - If there is an idle connection, use it!
-- // 3 - if class == reval or script and there is an open conn of that type
-- // then pipeline onto shortest pipeline of that class if limits allow
-- // 4 - If we aren't up against our connection limit,
-- // then open a new one
-- // 5 - Try a pipeline if we haven't already - this will be unusual because
-- // it implies a low connection pressure situation where
-- // MakeNewConnection() failed.. that is possible, but unlikely, due to
-- // global limits
-- // 6 - no connection is available - queue it
--
-- bool attemptedOptimisticPipeline = !(caps & NS_HTTP_ALLOW_PIPELINING);
--
- // step 0
- // look for existing spdy connection - that's always best because it is
- // essentially pipelining without head of line blocking
-@@ -1436,20 +1526,27 @@ nsHttpConnectionMgr::TryDispatchTransaction(nsConnectionEntry *ent,
- }
- }
-
-- // step 1
-- // If connection pressure, then we want to favor pipelining of any kind
-- if (IsUnderPressure(ent, classification) && !attemptedOptimisticPipeline) {
-- attemptedOptimisticPipeline = true;
-- if (AddToShortestPipeline(ent, trans,
-- classification,
-- mMaxOptimisticPipelinedRequests)) {
-- return NS_OK;
-- }
-+ // step 1: Try a pipeline
-+ if (caps & NS_HTTP_ALLOW_PIPELINING &&
-+ AddToBestPipeline(ent, trans, classification,
-+ mMaxPipelinedRequests)) {
-+ return NS_OK;
- }
-
-- // step 2
-- // consider an idle persistent connection
-- if (caps & NS_HTTP_ALLOW_KEEPALIVE) {
-+ // Step 2: Decide if we should forbid new pipeline creation.
-+ //
-+ // FIXME: We repurposed mMaxOptimisticPipelinedRequests here to mean:
-+ // "Don't make a new pipeline until you have this many requests pending and
-+ // no potential connections to put them on". It might be nice to give this
-+ // its own pref..
-+ if (HasPipelines(ent) &&
-+ ent->mPendingQ.Length() < mMaxOptimisticPipelinedRequests &&
-+ trans->Classification() != nsAHttpTransaction::CLASS_SOLO &&
-+ caps & NS_HTTP_ALLOW_PIPELINING)
-+ allowNewPipelines = false;
-+
-+ // step 3: consider an idle persistent connection
-+ if (allowNewPipelines && (caps & NS_HTTP_ALLOW_KEEPALIVE)) {
- nsRefPtr<nsHttpConnection> conn;
- while (!conn && (ent->mIdleConns.Length() > 0)) {
- conn = ent->mIdleConns[0];
-@@ -1483,21 +1580,8 @@ nsHttpConnectionMgr::TryDispatchTransaction(nsConnectionEntry *ent,
- }
- }
-
-- // step 3
-- // consider pipelining scripts and revalidations
-- if (!attemptedOptimisticPipeline &&
-- (classification == nsHttpTransaction::CLASS_REVALIDATION ||
-- classification == nsHttpTransaction::CLASS_SCRIPT)) {
-- attemptedOptimisticPipeline = true;
-- if (AddToShortestPipeline(ent, trans,
-- classification,
-- mMaxOptimisticPipelinedRequests)) {
-- return NS_OK;
-- }
-- }
--
-- // step 4
-- if (!onlyReusedConnection) {
-+ // step 4: Maybe make a connection?
-+ if (!onlyReusedConnection && allowNewPipelines) {
- nsresult rv = MakeNewConnection(ent, trans);
- if (NS_SUCCEEDED(rv)) {
- // this function returns NOT_AVAILABLE for asynchronous connects
-@@ -1510,17 +1594,16 @@ nsHttpConnectionMgr::TryDispatchTransaction(nsConnectionEntry *ent,
- return rv;
- }
- }
-+
-+ // XXX: We dequeue and queue the same url here sometimes..
-+#ifdef WTF_DEBUG
-+ nsHttpRequestHead *head = trans->RequestHead();
-+ fprintf(stderr, "WTF: Queuing url %s%s\n",
-+ ent->mConnInfo->Host(),
-+ head ? head->RequestURI().BeginReading() : "<unknown?>");
-+#endif
-
-- // step 5
-- if (caps & NS_HTTP_ALLOW_PIPELINING) {
-- if (AddToShortestPipeline(ent, trans,
-- classification,
-- mMaxPipelinedRequests)) {
-- return NS_OK;
-- }
-- }
--
-- // step 6
-+ // step 5: Queue it
- return NS_ERROR_NOT_AVAILABLE; /* queue it */
- }
-
-@@ -1590,10 +1673,28 @@ nsHttpConnectionMgr::DispatchAbstractTransaction(nsConnectionEntry *ent,
- if (!NS_SUCCEEDED(rv))
- return rv;
- transaction = pipeline;
-+#ifdef WTF_DEBUG
-+ if (HasPipelines(ent) &&
-+ ent->mPendingQ.Length()+1 < mMaxOptimisticPipelinedRequests) {
-+ fprintf(stderr, "WTF-new-bug: New pipeline created from %d idle conns for host %s with %d/%d pending\n",
-+ ent->mIdleConns.Length(), ent->mConnInfo->Host(), ent->mPendingQ.Length(),
-+ mMaxOptimisticPipelinedRequests);
-+ } else {
-+ fprintf(stderr, "WTF-new: New pipeline created from %d idle conns for host %s with %d/%d pending\n",
-+ ent->mIdleConns.Length(), ent->mConnInfo->Host(), ent->mPendingQ.Length(),
-+ mMaxOptimisticPipelinedRequests);
-+ }
-+#endif
- }
- else {
- LOG((" not using pipeline datastructure due to class solo.\n"));
- transaction = aTrans;
-+#ifdef WTF_TEST
-+ nsHttpRequestHead *head = transaction->RequestHead();
-+ fprintf(stderr, "WTF-order: Pipeline forbidden for url %s%s\n",
-+ ent->mConnInfo->Host(),
-+ head ? head->RequestURI().BeginReading() : "<unknown?>");
-+#endif
- }
-
- nsRefPtr<nsConnectionHandle> handle = new nsConnectionHandle(conn);
-@@ -1691,28 +1792,20 @@ nsHttpConnectionMgr::ProcessNewTransaction(nsHttpTransaction *trans)
- NS_ABORT_IF_FALSE(((int32_t)ent->mActiveConns.IndexOf(conn)) != -1,
- "Sticky Connection Not In Active List");
- trans->SetConnection(nullptr);
-+#ifdef WTF_TEST
-+ fprintf(stderr, "WTF-bad: Sticky connection status on 1 transaction to host %s\n",
-+ ent->mConnInfo->Host());
-+#endif
- rv = DispatchTransaction(ent, trans, conn);
-- }
-- else
-- rv = TryDispatchTransaction(ent, false, trans);
--
-- if (NS_SUCCEEDED(rv)) {
-- LOG((" ProcessNewTransaction Dispatch Immediately trans=%p\n", trans));
- return rv;
- }
--
-- if (rv == NS_ERROR_NOT_AVAILABLE) {
-- LOG((" adding transaction to pending queue "
-- "[trans=%p pending-count=%u]\n",
-- trans, ent->mPendingQ.Length()+1));
-- // put this transaction on the pending queue...
-+ else {
-+ // XXX: maybe check the queue first and directly call TryDispatch?
- InsertTransactionSorted(ent->mPendingQ, trans);
- NS_ADDREF(trans);
-+ ProcessPendingQForEntry(ent);
- return NS_OK;
- }
--
-- LOG((" ProcessNewTransaction Hard Error trans=%p rv=%x\n", trans, rv));
-- return rv;
- }
-
-
-@@ -2311,10 +2404,48 @@ nsHttpConnectionMgr::OnMsgSpeculativeConnect(int32_t, void *param)
- if (preferredEntry)
- ent = preferredEntry;
-
-- if (!ent->mIdleConns.Length() && !RestrictConnections(ent) &&
-- !AtActiveConnectionLimit(ent, trans->Caps())) {
-+ if (ent->SupportsPipelining()) {
-+ /* Only speculative connect if we're not pipelining and have no other pending
-+ * unconnected half-opens.. */
-+ if (ent->UnconnectedHalfOpens() == 0 && ent->mIdleConns.Length() == 0
-+ && !RestrictConnections(ent) && !HasPipelines(ent)
-+ && !AtActiveConnectionLimit(ent, trans->Caps())) {
-+#ifdef WTF_DEBUG
-+ fprintf(stderr, "WTF: Creating speculative connection because we have no pipelines\n");
-+#endif
-+ CreateTransport(ent, trans, trans->Caps(), true);
-+ }
-+ } else if (!ent->mIdleConns.Length() && !RestrictConnections(ent) &&
-+ !AtActiveConnectionLimit(ent, trans->Caps())) {
-+#ifdef WTF_DEBUG
-+ fprintf(stderr, "WTF: Creating speculative connection because we can't pipeline\n");
-+#endif
- CreateTransport(ent, trans, trans->Caps(), true);
- }
-+
-+}
-+
-+bool
-+nsHttpConnectionMgr::HasPipelines(nsConnectionEntry *ent)
-+{
-+ uint32_t activeCount = ent->mActiveConns.Length();
-+
-+ if (!ent->SupportsPipelining()) {
-+ return false;
-+ }
-+
-+ for (uint32_t i = 0; i < activeCount; ++i) {
-+ nsHttpConnection *conn = ent->mActiveConns[i];
-+ if (!conn->SupportsPipelining())
-+ continue;
-+
-+ nsAHttpTransaction *activeTrans = conn->Transaction();
-+
-+ if (activeTrans && !activeTrans->IsDone() &&
-+ !NS_FAILED(activeTrans->Status()))
-+ return true;
-+ }
-+ return false;
- }
-
- bool
-@@ -2661,6 +2792,10 @@ nsHalfOpenSocket::OnOutputStreamReady(nsIAsyncOutputStream *out)
- nsRefPtr<nsHttpTransaction> temp = dont_AddRef(mEnt->mPendingQ[index]);
- mEnt->mPendingQ.RemoveElementAt(index);
- gHttpHandler->ConnMgr()->AddActiveConn(conn, mEnt);
-+#ifdef WTF_DEBUG
-+ fprintf(stderr, "WTF: Speculative half-opened connection is now ready for %s (pipelines %d)\n",
-+ mEnt->mConnInfo->Host(), mEnt->SupportsPipelining());
-+#endif
- rv = gHttpHandler->ConnMgr()->DispatchTransaction(mEnt, temp, conn);
- }
- else {
-@@ -2852,9 +2987,13 @@ nsConnectionEntry::nsConnectionEntry(nsHttpConnectionInfo *ci)
- {
- NS_ADDREF(mConnInfo);
- if (gHttpHandler->GetPipelineAggressive()) {
-- mGreenDepth = kPipelineUnlimited;
-+ // Randomize the pipeline depth (3..12)
-+ mGreenDepth = gHttpHandler->GetMaxOptimisticPipelinedRequests()
-+ + rand() % (gHttpHandler->GetMaxPipelinedRequests()
-+ - gHttpHandler->GetMaxOptimisticPipelinedRequests());
- mPipelineState = PS_GREEN;
- }
-+
- mInitialGreenDepth = mGreenDepth;
- memset(mPipeliningClassPenalty, 0, sizeof(int16_t) * nsAHttpTransaction::CLASS_MAX);
- }
-@@ -2892,8 +3031,9 @@ nsConnectionEntry::OnPipelineFeedbackInfo(
- LOG(("Transaction completed at pipeline depth of %d. Host = %s\n",
- depth, mConnInfo->Host()));
-
-- if (depth >= 3)
-- mGreenDepth = kPipelineUnlimited;
-+ // Don't set this. We want to keep our initial random value..
-+ //if (depth >= 3)
-+ // mGreenDepth = kPipelineUnlimited;
- }
-
- nsAHttpTransaction::Classifier classification;
-@@ -2921,6 +3061,11 @@ nsConnectionEntry::OnPipelineFeedbackInfo(
- mPipelineState, mConnInfo->Host()));
- mPipelineState = PS_RED;
- mPipeliningPenalty = 0;
-+#ifdef WTF_TEST
-+ fprintf(stderr, "WTF-bad: Red pipeline status disabled host %s\n",
-+ mConnInfo->Host());
-+#endif
-+
- }
-
- if (mLastCreditTime.IsNull())
-diff --git a/netwerk/protocol/http/nsHttpConnectionMgr.h b/netwerk/protocol/http/nsHttpConnectionMgr.h
-index 580710a..7aecb68 100644
---- a/netwerk/protocol/http/nsHttpConnectionMgr.h
-+++ b/netwerk/protocol/http/nsHttpConnectionMgr.h
-@@ -23,11 +23,23 @@
- #include "nsIObserver.h"
- #include "nsITimer.h"
- #include "nsIX509Cert3.h"
-+#include "nsIRandomGenerator.h"
-
- class nsHttpPipeline;
-
- class nsIHttpUpgradeListener;
-
-+// We need our own optional debug define because pipelining behavior
-+// is significantly altered by rendering speed (which is abysmal on
-+// debug builds)
-+#ifdef DEBUG
-+# define WTF_DEBUG
-+#endif
-+
-+#ifdef WTF_DEBUG
-+# define WTF_TEST
-+#endif
-+
- //-----------------------------------------------------------------------------
-
- class nsHttpConnectionMgr : public nsIObserver
-@@ -478,6 +490,7 @@ private:
- nsresult BuildPipeline(nsConnectionEntry *,
- nsAHttpTransaction *,
- nsHttpPipeline **);
-+ bool HasPipelines(nsConnectionEntry *);
- bool RestrictConnections(nsConnectionEntry *);
- nsresult ProcessNewTransaction(nsHttpTransaction *);
- nsresult EnsureSocketThreadTargetIfOnline();
-@@ -492,7 +505,7 @@ private:
-
- nsresult MakeNewConnection(nsConnectionEntry *ent,
- nsHttpTransaction *trans);
-- bool AddToShortestPipeline(nsConnectionEntry *ent,
-+ bool AddToBestPipeline(nsConnectionEntry *ent,
- nsHttpTransaction *trans,
- nsHttpTransaction::Classifier classification,
- uint16_t depthLimit);
-diff --git a/netwerk/protocol/http/nsHttpHandler.h b/netwerk/protocol/http/nsHttpHandler.h
-index 2963195..cd79069 100644
---- a/netwerk/protocol/http/nsHttpHandler.h
-+++ b/netwerk/protocol/http/nsHttpHandler.h
-@@ -215,6 +215,8 @@ public:
- nsCString& hostLine);
-
- bool GetPipelineAggressive() { return mPipelineAggressive; }
-+ uint32_t GetMaxPipelinedRequests() { return mMaxPipelinedRequests; }
-+ uint32_t GetMaxOptimisticPipelinedRequests() { return mMaxOptimisticPipelinedRequests; }
- void GetMaxPipelineObjectSize(int64_t *outVal)
- {
- *outVal = mMaxPipelineObjectSize;
-diff --git a/netwerk/protocol/http/nsHttpPipeline.cpp b/netwerk/protocol/http/nsHttpPipeline.cpp
-index 9e59878..a9e9911 100644
---- a/netwerk/protocol/http/nsHttpPipeline.cpp
-+++ b/netwerk/protocol/http/nsHttpPipeline.cpp
-@@ -87,6 +87,32 @@ nsHttpPipeline::~nsHttpPipeline()
- free(mPushBackBuf);
- }
-
-+// Generate a shuffled request ordering sequence
-+void
-+nsHttpPipeline::ShuffleTransOrder(uint32_t count)
-+{
-+ if (count < 2)
-+ return;
-+
-+ uint32_t pos = mRequestQ[0]->PipelinePosition();
-+ uint32_t i = 0;
-+
-+ for (i=0; i < count; ++i) {
-+ uint32_t ridx = rand() % count;
-+
-+ nsAHttpTransaction *tmp = mRequestQ[i];
-+ mRequestQ[i] = mRequestQ[ridx];
-+ mRequestQ[ridx] = tmp;
-+ }
-+
-+ for (i=0; i < count; ++i) {
-+ mRequestQ[i]->SetPipelinePosition(pos);
-+ pos++;
-+ }
-+
-+ LOG(("nsHttpPipeline::ShuffleTransOrder: Shuffled %d transactions.\n", count));
-+}
-+
- nsresult
- nsHttpPipeline::AddTransaction(nsAHttpTransaction *trans)
- {
-@@ -112,6 +138,8 @@ nsHttpPipeline::AddTransaction(nsAHttpTransaction *trans)
- // the pipeline object.
- trans->SetConnection(this);
-
-+ ShuffleTransOrder(mRequestQ.Length());
-+
- if (mConnection && !mClosed && mRequestQ.Length() == 1)
- mConnection->ResumeSend();
-
-@@ -760,8 +788,11 @@ nsHttpPipeline::CancelPipeline(nsresult originalReason)
- if (respLen > 1)
- mResponseQ.TruncateLength(1);
-
-- DontReuse();
-- Classify(nsAHttpTransaction::CLASS_SOLO);
-+ /* Don't flag timed out connections as unreusable.. Tor is just slow :( */
-+ if (originalReason != NS_ERROR_NET_TIMEOUT) {
-+ DontReuse();
-+ Classify(nsAHttpTransaction::CLASS_SOLO);
-+ }
-
- return total;
- }
-@@ -842,8 +873,19 @@ nsHttpPipeline::FillSendBuf()
-
- uint32_t n;
- uint64_t avail;
-+ uint64_t totalAvailable = Available();
-+ uint64_t totalSent = 0;
-+ uint64_t reqsSent = 0;
-+ uint64_t alreadyPending = 0;
-+
-+ mSendBufIn->Available(&alreadyPending);
-+
- nsAHttpTransaction *trans;
- nsITransport *transport = Transport();
-+#ifdef WTF_TEST
-+ nsRefPtr<nsHttpConnectionInfo> ci;
-+ GetConnectionInfo(getter_AddRefs(ci));
-+#endif
-
- while ((trans = Request(0)) != nullptr) {
- avail = trans->Available();
-@@ -864,6 +906,7 @@ nsHttpPipeline::FillSendBuf()
- }
-
- mSendingToProgress += n;
-+ totalSent += n;
- if (!mSuppressSendEvents && transport) {
- // Simulate a SENDING_TO event
- trans->OnTransportStatus(transport,
-@@ -874,6 +917,14 @@ nsHttpPipeline::FillSendBuf()
-
- avail = trans->Available();
- if (avail == 0) {
-+#ifdef WTF_TEST
-+ nsHttpRequestHead *head = trans->RequestHead();
-+ fprintf(stderr, "WTF-order: Pipelined req %d/%d (%dB). Url: %s%s\n",
-+ trans->PipelinePosition(), PipelineDepth(), n,
-+ ci->Host(), head ? head->RequestURI().BeginReading() : "<unknown?>");
-+#endif
-+ reqsSent++;
-+
- // move transaction from request queue to response queue
- mRequestQ.RemoveElementAt(0);
- mResponseQ.AppendElement(trans);
-@@ -893,5 +944,12 @@ nsHttpPipeline::FillSendBuf()
- else
- mRequestIsPartial = true;
- }
-+
-+#ifdef WTF_TEST
-+ if (totalSent)
-+ fprintf(stderr, "WTF-combine: Sent %d/%d bytes of %d combined pipelined requests for host %s\n",
-+ alreadyPending+totalSent, totalAvailable, reqsSent, ci->Host());
-+#endif
-+
- return NS_OK;
- }
-diff --git a/netwerk/protocol/http/nsHttpPipeline.h b/netwerk/protocol/http/nsHttpPipeline.h
-index 746a196..4dc06c1 100644
---- a/netwerk/protocol/http/nsHttpPipeline.h
-+++ b/netwerk/protocol/http/nsHttpPipeline.h
-@@ -27,11 +27,14 @@ public:
- nsHttpPipeline();
- virtual ~nsHttpPipeline();
-
-+ uint32_t RequestDepth() { return mRequestQ.Length(); }
-+
- private:
- nsresult FillSendBuf();
-
- static NS_METHOD ReadFromPipe(nsIInputStream *, void *, const char *,
- uint32_t, uint32_t, uint32_t *);
-+ void ShuffleTransOrder(uint32_t);
-
- // convenience functions
- nsAHttpTransaction *Request(int32_t i)
---
-1.7.9.5
-
diff --git a/src/current-patches/firefox/0018-Emit-observer-event-to-filter-the-Drag-Drop-url-list.patch b/src/current-patches/firefox/0018-Emit-observer-event-to-filter-the-Drag-Drop-url-list.patch
deleted file mode 100644
index 437329b..0000000
--- a/src/current-patches/firefox/0018-Emit-observer-event-to-filter-the-Drag-Drop-url-list.patch
+++ /dev/null
@@ -1,74 +0,0 @@
-From 5e505dec0ee00899a1fa22e1759e856bb5381468 Mon Sep 17 00:00:00 2001
-From: Mike Perry <mikeperry-git@xxxxxxxxxxxxxx>
-Date: Thu, 28 Feb 2013 18:10:16 -0800
-Subject: [PATCH 18/27] Emit observer event to filter the Drag+Drop url list
-
-This patch creates an "on-modify-drag-list" observer that addons can listen
-to. For us, it supports Torbutton code that filters out Drag+Drop mime types
-that the OS Desktop sniffs and attempts to load without Tor.
-
-Such proxy bypass behavior is immediate on Mac and Ubuntu: you don't even have
-to release the object for it to get sniffed and cause the OS to load it
-without Tor. In fact, accidentally clicking for too long on an image is enough
-to cause proxy bypass on those systems.
----
- widget/xpwidgets/nsBaseDragService.cpp | 8 ++++++++
- widget/xpwidgets/nsBaseDragService.h | 2 ++
- 2 files changed, 10 insertions(+), 0 deletions(-)
-
-diff --git a/widget/xpwidgets/nsBaseDragService.cpp b/widget/xpwidgets/nsBaseDragService.cpp
-index 805d83f..4c99b9c 100644
---- a/widget/xpwidgets/nsBaseDragService.cpp
-+++ b/widget/xpwidgets/nsBaseDragService.cpp
-@@ -34,6 +34,7 @@
- #include "nsXULPopupManager.h"
- #include "nsMenuPopupFrame.h"
- #include "mozilla/Preferences.h"
-+#include "mozilla/Services.h"
-
- #include "gfxContext.h"
- #include "gfxPlatform.h"
-@@ -49,6 +50,7 @@ nsBaseDragService::nsBaseDragService()
- mImageX(0), mImageY(0), mScreenX(-1), mScreenY(-1), mSuppressLevel(0),
- mInputSource(nsIDOMMouseEvent::MOZ_SOURCE_MOUSE)
- {
-+ mObserverService = mozilla::services::GetObserverService();
- }
-
- nsBaseDragService::~nsBaseDragService()
-@@ -203,6 +205,12 @@ nsBaseDragService::InvokeDragSession(nsIDOMNode *aDOMNode,
- NS_ENSURE_TRUE(aDOMNode, NS_ERROR_INVALID_ARG);
- NS_ENSURE_TRUE(mSuppressLevel == 0, NS_ERROR_FAILURE);
-
-+ // Emit observer event to allow addons to modify the transfer array.
-+ if (mObserverService)
-+ mObserverService->NotifyObservers(aTransferableArray,
-+ "on-modify-drag-list",
-+ nullptr);
-+
- // stash the document of the dom node
- aDOMNode->GetOwnerDocument(getter_AddRefs(mSourceDocument));
- mSourceNode = aDOMNode;
-diff --git a/widget/xpwidgets/nsBaseDragService.h b/widget/xpwidgets/nsBaseDragService.h
-index cb00f8e..8b91899 100644
---- a/widget/xpwidgets/nsBaseDragService.h
-+++ b/widget/xpwidgets/nsBaseDragService.h
-@@ -6,6 +6,7 @@
- #ifndef nsBaseDragService_h__
- #define nsBaseDragService_h__
-
-+#include "nsIObserverService.h"
- #include "nsIDragService.h"
- #include "nsIDragSession.h"
- #include "nsITransferable.h"
-@@ -113,6 +114,7 @@ protected:
-
- uint32_t mDragAction;
- nsSize mTargetSize;
-+ nsCOMPtr<nsIObserverService> mObserverService;
- nsCOMPtr<nsIDOMNode> mSourceNode;
- nsCOMPtr<nsIDOMDocument> mSourceDocument; // the document at the drag source. will be null
- // if it came from outside the app.
---
-1.7.5.4
-
diff --git a/src/current-patches/firefox/0019-Add-mozIThirdPartyUtil.getFirstPartyURI-API.patch b/src/current-patches/firefox/0019-Add-mozIThirdPartyUtil.getFirstPartyURI-API.patch
deleted file mode 100644
index 4baf190..0000000
--- a/src/current-patches/firefox/0019-Add-mozIThirdPartyUtil.getFirstPartyURI-API.patch
+++ /dev/null
@@ -1,164 +0,0 @@
-From f98cbea138095a46570912a2f624b82dff109d55 Mon Sep 17 00:00:00 2001
-From: Mike Perry <mikeperry-git@xxxxxxxxxxxxxx>
-Date: Wed, 28 Nov 2012 17:08:29 -0500
-Subject: [PATCH 19/27] Add mozIThirdPartyUtil.getFirstPartyURI API
-
-API allows you to get the url bar URI for a channel or nsIDocument.
----
- content/base/src/ThirdPartyUtil.cpp | 68 ++++++++++++++++++++++++++++
- content/base/src/ThirdPartyUtil.h | 2 +
- netwerk/base/public/mozIThirdPartyUtil.idl | 21 +++++++++
- 3 files changed, 91 insertions(+), 0 deletions(-)
-
-diff --git a/content/base/src/ThirdPartyUtil.cpp b/content/base/src/ThirdPartyUtil.cpp
-index 97a000e..ad1b0fa 100644
---- a/content/base/src/ThirdPartyUtil.cpp
-+++ b/content/base/src/ThirdPartyUtil.cpp
-@@ -7,6 +7,9 @@
- #include "nsIServiceManager.h"
- #include "nsIHttpChannelInternal.h"
- #include "nsIDOMWindow.h"
-+#include "nsICookiePermission.h"
-+#include "nsIDOMDocument.h"
-+#include "nsIDocument.h"
- #include "nsILoadContext.h"
- #include "nsIPrincipal.h"
- #include "nsIScriptObjectPrincipal.h"
-@@ -21,6 +24,7 @@ ThirdPartyUtil::Init()
-
- nsresult rv;
- mTLDService = do_GetService(NS_EFFECTIVETLDSERVICE_CONTRACTID, &rv);
-+ mCookiePermissions = do_GetService(NS_COOKIEPERMISSION_CONTRACTID);
- return rv;
- }
-
-@@ -282,3 +286,67 @@ ThirdPartyUtil::GetBaseDomain(nsIURI* aHostURI,
-
- return NS_OK;
- }
-+
-+NS_IMETHODIMP
-+ThirdPartyUtil::GetFirstPartyURI(nsIChannel *aChannel,
-+ nsIDocument *aDoc,
-+ nsIURI **aOutput)
-+{
-+ nsresult rv = NS_ERROR_NULL_POINTER;
-+
-+ if (!aOutput)
-+ return rv;
-+
-+ *aOutput = nullptr;
-+
-+ if (!aChannel && aDoc) {
-+ aChannel = aDoc->GetChannel();
-+ }
-+
-+ // If aChannel is specified or available, use the official route
-+ // for sure
-+ if (aChannel) {
-+ rv = mCookiePermissions->GetOriginatingURI(aChannel, aOutput);
-+ }
-+
-+ // If the channel was missing, closed or broken, try the
-+ // window hierarchy directly.
-+ //
-+ // This might fail to work for first-party loads themselves, but
-+ // we don't need this codepath for that case.
-+ if (NS_FAILED(rv) && aDoc) {
-+ nsCOMPtr<nsIDOMWindow> top;
-+ nsCOMPtr<nsIDOMDocument> topDDoc;
-+ nsIURI *docURI = nullptr;
-+
-+ if (aDoc->GetWindow()) {
-+ aDoc->GetWindow()->GetTop(getter_AddRefs(top));
-+ top->GetDocument(getter_AddRefs(topDDoc));
-+
-+ nsCOMPtr<nsIDocument> topDoc(do_QueryInterface(topDDoc));
-+ docURI = topDoc->GetOriginalURI();
-+ if (docURI) {
-+ // Give us a mutable URI and also addref
-+ rv = NS_EnsureSafeToReturn(docURI, aOutput);
-+ }
-+ } else {
-+ // XXX: Chrome callers (such as NoScript) can end up here
-+ // through getImageData/canvas usage with no document state
-+ // (no Window and a document URI of about:blank). Propogate
-+ // rv fail (by doing nothing), and hope caller recovers.
-+ }
-+
-+ if (*aOutput)
-+ rv = NS_OK;
-+ }
-+
-+ // TODO: We could provide a route through the loadgroup + notification
-+ // callbacks too, but either channel or document was always available
-+ // in the cases where this function was originally needed (the image cache).
-+ // The notification callbacks also appear to suffers from the same limitation
-+ // as the document path. See nsICookiePermissions.GetOriginatingURI() for
-+ // details.
-+
-+ return rv;
-+}
-+
-diff --git a/content/base/src/ThirdPartyUtil.h b/content/base/src/ThirdPartyUtil.h
-index 3f50ac3..fe7b214 100644
---- a/content/base/src/ThirdPartyUtil.h
-+++ b/content/base/src/ThirdPartyUtil.h
-@@ -9,6 +9,7 @@
- #include "nsString.h"
- #include "mozIThirdPartyUtil.h"
- #include "nsIEffectiveTLDService.h"
-+#include "nsICookiePermission.h"
- #include "mozilla/Attributes.h"
-
- class nsIURI;
-@@ -29,6 +30,7 @@ private:
- static already_AddRefed<nsIURI> GetURIFromWindow(nsIDOMWindow* aWin);
-
- nsCOMPtr<nsIEffectiveTLDService> mTLDService;
-+ nsCOMPtr<nsICookiePermission> mCookiePermissions;
- };
-
- #endif
-diff --git a/netwerk/base/public/mozIThirdPartyUtil.idl b/netwerk/base/public/mozIThirdPartyUtil.idl
-index 578d8db..963385c 100644
---- a/netwerk/base/public/mozIThirdPartyUtil.idl
-+++ b/netwerk/base/public/mozIThirdPartyUtil.idl
-@@ -7,6 +7,7 @@
- interface nsIURI;
- interface nsIDOMWindow;
- interface nsIChannel;
-+interface nsIDocument;
-
- /**
- * Utility functions for determining whether a given URI, channel, or window
-@@ -140,6 +141,26 @@ interface mozIThirdPartyUtil : nsISupports
- * @return the base domain.
- */
- AUTF8String getBaseDomain(in nsIURI aHostURI);
-+
-+
-+ /**
-+ * getFirstPartyURI
-+ *
-+ * Obtain the top-level url bar URI for either a channel or a document.
-+ * Either parameter may be null (but not both).
-+ *
-+ * @param aChannel
-+ * An arbitrary channel for some content element of a first party
-+ * load. Can be null.
-+ *
-+ * @param aDoc
-+ * An arbitrary third party document. Can be null.
-+ *
-+ * @return the first party url bar URI for the load.
-+ */
-+ nsIURI getFirstPartyURI(in nsIChannel aChannel,
-+ in nsIDocument aDoc);
-+
- };
-
- %{ C++
---
-1.7.5.4
-
diff --git a/src/current-patches/firefox/0020-Add-canvas-image-extraction-prompt.patch b/src/current-patches/firefox/0020-Add-canvas-image-extraction-prompt.patch
deleted file mode 100644
index b5d2f93..0000000
--- a/src/current-patches/firefox/0020-Add-canvas-image-extraction-prompt.patch
+++ /dev/null
@@ -1,548 +0,0 @@
-From 43871b07e1ae9a55136f5a4d4454011eae5569f8 Mon Sep 17 00:00:00 2001
-From: Kathleen Brade <brade@xxxxxxxxxxxxxxxxx>
-Date: Tue, 27 Nov 2012 13:13:40 -0500
-Subject: [PATCH 20/27] Add canvas image extraction prompt.
-
----
- browser/base/content/browser.js | 102 ++++++++++++++++++++
- browser/base/content/browser.xul | 1 +
- .../en-US/chrome/browser/browser.properties | 7 ++
- browser/themes/gnomestripe/browser.css | 2 +
- browser/themes/pinstripe/browser.css | 2 +
- browser/themes/winstripe/browser.css | 2 +
- content/canvas/src/CanvasUtils.cpp | 65 +++++++++++++
- content/canvas/src/CanvasUtils.h | 2 +
- content/canvas/src/nsCanvasRenderingContext2D.cpp | 16 +++
- .../canvas/src/nsCanvasRenderingContext2DAzure.cpp | 16 +++
- content/html/content/public/nsHTMLCanvasElement.h | 3 +
- content/html/content/src/Makefile.in | 1 +
- content/html/content/src/nsHTMLCanvasElement.cpp | 40 ++++++--
- 13 files changed, 249 insertions(+), 10 deletions(-)
-
-diff --git a/browser/base/content/browser.js b/browser/base/content/browser.js
-index bd2feed..50054e7 100644
---- a/browser/base/content/browser.js
-+++ b/browser/base/content/browser.js
-@@ -1280,6 +1280,7 @@ var gBrowserInit = {
- BrowserOffline.init();
- OfflineApps.init();
- IndexedDBPromptHelper.init();
-+ CanvasPermissionPromptHelper.init();
- gFormSubmitObserver.init();
- SocialUI.init();
- AddonManager.addAddonListener(AddonsMgrListener);
-@@ -1637,6 +1638,7 @@ var gBrowserInit = {
- BrowserOffline.uninit();
- OfflineApps.uninit();
- IndexedDBPromptHelper.uninit();
-+ CanvasPermissionPromptHelper.uninit();
- AddonManager.removeAddonListener(AddonsMgrListener);
- SocialUI.uninit();
- }
-@@ -6127,6 +6129,106 @@ var IndexedDBPromptHelper = {
- }
- };
-
-+var CanvasPermissionPromptHelper = {
-+ _permissionsPrompt: "canvas-permissions-prompt",
-+ _notificationIcon: "canvas-notification-icon",
-+
-+ init:
-+ function CanvasPermissionPromptHelper_init() {
-+ Services.obs.addObserver(this, this._permissionsPrompt, false);
-+ },
-+
-+ uninit:
-+ function CanvasPermissionPromptHelper_uninit() {
-+ Services.obs.removeObserver(this, this._permissionsPrompt, false);
-+ },
-+
-+ // aSubject is an nsIDOMWindow.
-+ // aData is an URL string.
-+ observe:
-+ function CanvasPermissionPromptHelper_observe(aSubject, aTopic, aData) {
-+ if ((aTopic != this._permissionsPrompt) || !aData)
-+ throw new Error("Unexpected topic or missing URL");
-+
-+ var uri = makeURI(aData);
-+ var contentWindow = aSubject.QueryInterface(Ci.nsIDOMWindow);
-+ var contentDocument = contentWindow.document;
-+ var browserWindow =
-+ OfflineApps._getBrowserWindowForContentWindow(contentWindow);
-+
-+ if (browserWindow != window) {
-+ // Must belong to some other window.
-+ return;
-+ }
-+
-+ // If canvas prompt is already displayed, just return. This is OK (and
-+ // more efficient) since this permission is associated with the top
-+ // browser's URL.
-+ if (PopupNotifications.getNotification(aTopic, browser))
-+ return;
-+
-+ var bundleSvc = Cc["@mozilla.org/intl/stringbundle;1"].
-+ getService(Ci.nsIStringBundleService);
-+ var torBtnBundle;
-+ try {
-+ torBtnBundle = bundleSvc.createBundle(
-+ "chrome://torbutton/locale/torbutton.properties");
-+ } catch (e) {}
-+
-+ var message = getLocalizedString("canvas.siteprompt", [ uri.asciiHost ]);
-+
-+ var mainAction = {
-+ label: getLocalizedString("canvas.allow"),
-+ accessKey: getLocalizedString("canvas.allowAccessKey"),
-+ callback: function() {
-+ setCanvasPermission(uri, Ci.nsIPermissionManager.ALLOW_ACTION);
-+ }
-+ };
-+
-+ var secondaryActions = [
-+ {
-+ label: getLocalizedString("canvas.never"),
-+ accessKey: getLocalizedString("canvas.neverAccessKey"),
-+ callback: function() {
-+ setCanvasPermission(uri, Ci.nsIPermissionManager.DENY_ACTION);
-+ }
-+ }
-+ ];
-+
-+ // Since we have a process in place to perform localization for the
-+ // Torbutton extension, get our strings from the extension if possible.
-+ function getLocalizedString(aID, aParams) {
-+ var s;
-+ if (torBtnBundle) try {
-+ if (aParams)
-+ s = torBtnBundle.formatStringFromName(aID, aParams, aParams.length);
-+ else
-+ s = torBtnBundle.GetStringFromName(aID);
-+ } catch (e) {}
-+
-+ if (!s) {
-+ if (aParams)
-+ s = gNavigatorBundle.getFormattedString(aID, aParams);
-+ else
-+ s = gNavigatorBundle.getString(aID);
-+ }
-+
-+ return s;
-+ }
-+
-+ function setCanvasPermission(aURI, aPerm) {
-+ Services.perms.add(aURI, "canvas/extractData", aPerm,
-+ Ci.nsIPermissionManager.EXPIRE_NEVER);
-+ }
-+
-+ var browser = OfflineApps._getBrowserForContentWindow(browserWindow,
-+ contentWindow);
-+ notification = PopupNotifications.show(browser, aTopic, message,
-+ this._notificationIcon, mainAction,
-+ secondaryActions, null);
-+ }
-+};
-+
- function WindowIsClosing()
- {
- if (TabView.isVisible()) {
-diff --git a/browser/base/content/browser.xul b/browser/base/content/browser.xul
-index 1982eb1..d4a20cd 100644
---- a/browser/base/content/browser.xul
-+++ b/browser/base/content/browser.xul
-@@ -573,6 +573,7 @@
- <image id="identity-notification-icon" class="notification-anchor-icon" role="button"/>
- <image id="geo-notification-icon" class="notification-anchor-icon" role="button"/>
- <image id="addons-notification-icon" class="notification-anchor-icon" role="button"/>
-+ <image id="canvas-notification-icon" class="notification-anchor-icon" role="button"/>
- <image id="indexedDB-notification-icon" class="notification-anchor-icon" role="button"/>
- <image id="password-notification-icon" class="notification-anchor-icon" role="button"/>
- <image id="webapps-notification-icon" class="notification-anchor-icon" role="button"/>
-diff --git a/browser/locales/en-US/chrome/browser/browser.properties b/browser/locales/en-US/chrome/browser/browser.properties
-index 1a9f457..4e61cb9 100644
---- a/browser/locales/en-US/chrome/browser/browser.properties
-+++ b/browser/locales/en-US/chrome/browser/browser.properties
-@@ -218,6 +218,13 @@ offlineApps.usage=This website (%S) is now storing more than %SMB of data on you
- offlineApps.manageUsage=Show settings
- offlineApps.manageUsageAccessKey=S
-
-+# Canvas permission prompt
-+canvas.siteprompt=This website (%S) attempted to access image data on a canvas. Since canvas image data can be used to discover information about your computer, blank image data was returned this time.
-+canvas.allow=Allow in the Future
-+canvas.allowAccessKey=A
-+canvas.never=Never for This Site
-+canvas.neverAccessKey=e
-+
- # LOCALIZATION NOTE (indexedDB.usage): %1$S is the website host name
- # %2$S a number of megabytes.
- indexedDB.usage=This website (%1$S) is attempting to store more than %2$S MB of data on your computer for offline use.
-diff --git a/browser/themes/gnomestripe/browser.css b/browser/themes/gnomestripe/browser.css
-index a90d500..fd5d042 100644
---- a/browser/themes/gnomestripe/browser.css
-+++ b/browser/themes/gnomestripe/browser.css
-@@ -1185,6 +1185,7 @@ toolbar[iconsize="small"] #feed-button {
- list-style-image: url("moz-icon://stock/gtk-cancel?size=menu");
- }
-
-+.popup-notification-icon[popupid="canvas-permissions-prompt"],
- .popup-notification-icon[popupid="indexedDB-permissions-prompt"],
- .popup-notification-icon[popupid="indexedDB-quota-prompt"] {
- list-style-image: url(chrome://global/skin/icons/question-64.png);
-@@ -1250,6 +1251,7 @@ toolbar[iconsize="small"] #feed-button {
- list-style-image: url(chrome://mozapps/skin/extensions/extensionGeneric-16.png);
- }
-
-+#canvas-notification-icon,
- #indexedDB-notification-icon {
- list-style-image: url(chrome://global/skin/icons/question-16.png);
- }
-diff --git a/browser/themes/pinstripe/browser.css b/browser/themes/pinstripe/browser.css
-index cb98808..69b908f 100644
---- a/browser/themes/pinstripe/browser.css
-+++ b/browser/themes/pinstripe/browser.css
-@@ -2433,10 +2433,12 @@ toolbarbutton.chevron > .toolbarbutton-menu-dropmarker {
- -moz-image-region: rect(0px, 48px, 16px, 32px);
- }
-
-+#canvas-notification-icon,
- #indexedDB-notification-icon {
- list-style-image: url(chrome://global/skin/icons/question-16.png);
- }
-
-+.popup-notification-icon[popupid="canvas-permissions-prompt"],
- .popup-notification-icon[popupid="indexedDB-permissions-prompt"],
- .popup-notification-icon[popupid="indexedDB-quota-prompt"] {
- list-style-image: url(chrome://global/skin/icons/question-64.png);
-diff --git a/browser/themes/winstripe/browser.css b/browser/themes/winstripe/browser.css
-index d02eed6..70aab91 100644
---- a/browser/themes/winstripe/browser.css
-+++ b/browser/themes/winstripe/browser.css
-@@ -2319,6 +2319,7 @@ toolbarbutton.bookmark-item[dragover="true"][open="true"] {
- -moz-image-region: rect(32px, 32px, 48px, 16px);
- }
-
-+.popup-notification-icon[popupid="canvas-permissions-prompt"],
- .popup-notification-icon[popupid="indexedDB-permissions-prompt"],
- .popup-notification-icon[popupid="indexedDB-quota-prompt"] {
- list-style-image: url(chrome://global/skin/icons/question-64.png);
-@@ -2382,6 +2383,7 @@ toolbarbutton.bookmark-item[dragover="true"][open="true"] {
- list-style-image: url(chrome://mozapps/skin/extensions/extensionGeneric-16.png);
- }
-
-+#canvas-notification-icon,
- #indexedDB-notification-icon {
- list-style-image: url(chrome://global/skin/icons/question-16.png);
- }
-diff --git a/content/canvas/src/CanvasUtils.cpp b/content/canvas/src/CanvasUtils.cpp
-index 4173891..2ec463f 100644
---- a/content/canvas/src/CanvasUtils.cpp
-+++ b/content/canvas/src/CanvasUtils.cpp
-@@ -24,9 +24,74 @@
- #include "CanvasUtils.h"
- #include "mozilla/gfx/Matrix.h"
-
-+#include "nsIScriptObjectPrincipal.h"
-+#include "nsIPermissionManager.h"
-+#include "nsIObserverService.h"
-+#include "mozilla/Services.h"
-+#include "mozIThirdPartyUtil.h"
-+#include "nsContentUtils.h"
-+#include "nsUnicharUtils.h"
-+
-+#define TOPIC_CANVAS_PERMISSIONS_PROMPT "canvas-permissions-prompt"
-+#define PERMISSION_CANVAS_EXTRACT_DATA "canvas/extractData"
-+
- namespace mozilla {
- namespace CanvasUtils {
-
-+// Check site-specific permission and display prompt if appropriate.
-+bool
-+IsImageExtractionAllowed(nsIDocument *aDocument)
-+{
-+ if (!aDocument)
-+ return false;
-+
-+ nsPIDOMWindow *win = aDocument->GetWindow();
-+ nsCOMPtr<nsIScriptObjectPrincipal> sop(do_QueryInterface(win));
-+ if (sop && nsContentUtils::IsSystemPrincipal(sop->GetPrincipal()))
-+ return true;
-+
-+ bool isAllowed = false;
-+ nsCOMPtr<mozIThirdPartyUtil> thirdPartyUtil =
-+ do_GetService(THIRDPARTYUTIL_CONTRACTID);
-+ nsCOMPtr<nsIPermissionManager> permissionManager =
-+ do_GetService(NS_PERMISSIONMANAGER_CONTRACTID);
-+ if (thirdPartyUtil && permissionManager) {
-+ nsCOMPtr<nsIURI> uri;
-+ nsresult rv = thirdPartyUtil->GetFirstPartyURI(NULL, aDocument,
-+ getter_AddRefs(uri));
-+ uint32_t permission = nsIPermissionManager::UNKNOWN_ACTION;
-+ if (NS_SUCCEEDED(rv)) {
-+ // Allow local files to access canvas data; check content permissions
-+ // for remote pages.
-+ bool isFileURL = false;
-+ (void)uri->SchemeIs("file", &isFileURL);
-+ if (isFileURL)
-+ permission = nsIPermissionManager::ALLOW_ACTION;
-+ else {
-+ rv = permissionManager->TestPermission(uri,
-+ PERMISSION_CANVAS_EXTRACT_DATA, &permission);
-+ }
-+ }
-+
-+ if (NS_SUCCEEDED(rv)) {
-+ isAllowed = (permission == nsIPermissionManager::ALLOW_ACTION);
-+
-+ if (!isAllowed && (permission != nsIPermissionManager::DENY_ACTION)) {
-+ // Send notification so that a prompt is displayed.
-+ nsCString spec;
-+ rv = uri->GetSpec(spec);
-+ NS_ENSURE_SUCCESS(rv, rv);
-+ nsCOMPtr<nsIObserverService> obs =
-+ mozilla::services::GetObserverService();
-+ obs->NotifyObservers(win, TOPIC_CANVAS_PERMISSIONS_PROMPT,
-+ NS_ConvertUTF8toUTF16(spec).get());
-+ }
-+ }
-+ }
-+
-+ return isAllowed;
-+}
-+
- void
- DoDrawImageSecurityCheck(nsHTMLCanvasElement *aCanvasElement,
- nsIPrincipal *aPrincipal,
-diff --git a/content/canvas/src/CanvasUtils.h b/content/canvas/src/CanvasUtils.h
-index d464d0b..f266de6 100644
---- a/content/canvas/src/CanvasUtils.h
-+++ b/content/canvas/src/CanvasUtils.h
-@@ -45,6 +45,8 @@ void DoDrawImageSecurityCheck(nsHTMLCanvasElement *aCanvasElement,
- bool forceWriteOnly,
- bool CORSUsed);
-
-+bool IsImageExtractionAllowed(nsIDocument *aDocument);
-+
- // Make a double out of |v|, treating undefined values as 0.0 (for
- // the sake of sparse arrays). Return true iff coercion
- // succeeded.
-diff --git a/content/canvas/src/nsCanvasRenderingContext2D.cpp b/content/canvas/src/nsCanvasRenderingContext2D.cpp
-index 1ee7a02..0dec654 100644
---- a/content/canvas/src/nsCanvasRenderingContext2D.cpp
-+++ b/content/canvas/src/nsCanvasRenderingContext2D.cpp
-@@ -3946,6 +3946,22 @@ nsCanvasRenderingContext2D::GetImageDataArray(JSContext* aCx,
-
- uint8_t* data = JS_GetUint8ClampedArrayData(darray, aCx);
-
-+ // Check for site-specific permission and return all-white, opaque pixel
-+ // data if no permission. This check is not needed if the canvas was
-+ // created with a docshell (that is only done for special internal uses).
-+ bool usePlaceholder = false;
-+ if (mCanvasElement) {
-+ nsCOMPtr<nsIDocument> ownerDoc = mCanvasElement->OwnerDoc();
-+ usePlaceholder = !ownerDoc ||
-+ !CanvasUtils::IsImageExtractionAllowed(ownerDoc);
-+ }
-+
-+ if (usePlaceholder) {
-+ memset(data, 0xFF, len.value());
-+ *aRetval = darray;
-+ return NS_OK;
-+ }
-+
- /* Copy the surface contents to the buffer */
- nsRefPtr<gfxImageSurface> tmpsurf =
- new gfxImageSurface(data,
-diff --git a/content/canvas/src/nsCanvasRenderingContext2DAzure.cpp b/content/canvas/src/nsCanvasRenderingContext2DAzure.cpp
-index 07b5236..d86ba32 100644
---- a/content/canvas/src/nsCanvasRenderingContext2DAzure.cpp
-+++ b/content/canvas/src/nsCanvasRenderingContext2DAzure.cpp
-@@ -4251,6 +4251,22 @@ nsCanvasRenderingContext2DAzure::GetImageDataArray(JSContext* aCx,
-
- uint8_t* data = JS_GetUint8ClampedArrayData(darray, aCx);
-
-+ // Check for site-specific permission and return all-white, opaque pixel
-+ // data if no permission. This check is not needed if the canvas was
-+ // created with a docshell (that is only done for special internal uses).
-+ bool usePlaceholder = false;
-+ if (mCanvasElement) {
-+ nsCOMPtr<nsIDocument> ownerDoc = mCanvasElement->OwnerDoc();
-+ usePlaceholder = !ownerDoc ||
-+ !CanvasUtils::IsImageExtractionAllowed(ownerDoc);
-+ }
-+
-+ if (usePlaceholder) {
-+ memset(data, 0xFF, len.value());
-+ *aRetval = darray;
-+ return NS_OK;
-+ }
-+
- IntRect srcRect(0, 0, mWidth, mHeight);
- IntRect destRect(aX, aY, aWidth, aHeight);
-
-diff --git a/content/html/content/public/nsHTMLCanvasElement.h b/content/html/content/public/nsHTMLCanvasElement.h
-index 2c11600..65da344 100644
---- a/content/html/content/public/nsHTMLCanvasElement.h
-+++ b/content/html/content/public/nsHTMLCanvasElement.h
-@@ -157,13 +157,16 @@ protected:
- nsresult UpdateContext(nsIPropertyBag *aNewContextOptions = nullptr);
- nsresult ExtractData(const nsAString& aType,
- const nsAString& aOptions,
-+ bool aUsePlaceholder,
- nsIInputStream** aStream,
- bool& aFellBackToPNG);
- nsresult ToDataURLImpl(const nsAString& aMimeType,
- nsIVariant* aEncoderOptions,
-+ bool aUsePlaceholder,
- nsAString& aDataURL);
- nsresult MozGetAsFileImpl(const nsAString& aName,
- const nsAString& aType,
-+ bool aUsePlaceholder,
- nsIDOMFile** aResult);
- nsresult GetContextHelper(const nsAString& aContextId,
- bool aForceThebes,
-diff --git a/content/html/content/src/Makefile.in b/content/html/content/src/Makefile.in
-index 9466587..86368a2 100644
---- a/content/html/content/src/Makefile.in
-+++ b/content/html/content/src/Makefile.in
-@@ -113,6 +113,7 @@ INCLUDES += \
- -I$(srcdir)/../../../events/src \
- -I$(srcdir)/../../../xbl/src \
- -I$(srcdir)/../../../xul/content/src \
-+ -I$(srcdir)/../../../canvas/src/ \
- -I$(srcdir)/../../../../layout/forms \
- -I$(srcdir)/../../../../layout/style \
- -I$(srcdir)/../../../../layout/tables \
-diff --git a/content/html/content/src/nsHTMLCanvasElement.cpp b/content/html/content/src/nsHTMLCanvasElement.cpp
-index 961ebf1..13a6910 100644
---- a/content/html/content/src/nsHTMLCanvasElement.cpp
-+++ b/content/html/content/src/nsHTMLCanvasElement.cpp
-@@ -31,6 +31,8 @@
-
- #include "nsIWritablePropertyBag2.h"
-
-+#include "CanvasUtils.h"
-+
- #define DEFAULT_CANVAS_WIDTH 300
- #define DEFAULT_CANVAS_HEIGHT 150
-
-@@ -184,7 +186,10 @@ nsHTMLCanvasElement::ToDataURL(const nsAString& aType, nsIVariant* aParams,
- return NS_ERROR_DOM_SECURITY_ERR;
- }
-
-- return ToDataURLImpl(aType, aParams, aDataURL);
-+ // Check site-specific permission and display prompt if appropriate.
-+ // If no permission, return all-white, opaque image data.
-+ bool usePlaceholder = !CanvasUtils::IsImageExtractionAllowed(OwnerDoc());
-+ return ToDataURLImpl(aType, aParams, usePlaceholder, aDataURL);
- }
-
- // nsHTMLCanvasElement::mozFetchAsStream
-@@ -200,7 +205,7 @@ nsHTMLCanvasElement::MozFetchAsStream(nsIInputStreamCallback *aCallback,
- bool fellBackToPNG = false;
- nsCOMPtr<nsIInputStream> inputData;
-
-- rv = ExtractData(aType, EmptyString(), getter_AddRefs(inputData), fellBackToPNG);
-+ rv = ExtractData(aType, EmptyString(), false, getter_AddRefs(inputData), fellBackToPNG);
- NS_ENSURE_SUCCESS(rv, rv);
-
- nsCOMPtr<nsIAsyncInputStream> asyncData = do_QueryInterface(inputData, &rv);
-@@ -220,19 +225,26 @@ nsHTMLCanvasElement::MozFetchAsStream(nsIInputStreamCallback *aCallback,
- nsresult
- nsHTMLCanvasElement::ExtractData(const nsAString& aType,
- const nsAString& aOptions,
-+ bool aUsePlaceholder,
- nsIInputStream** aStream,
- bool& aFellBackToPNG)
- {
- // note that if we don't have a current context, the spec says we're
- // supposed to just return transparent black pixels of the canvas
- // dimensions.
-+ // If placeholder data was requested, return all-white, opaque image data.
- nsRefPtr<gfxImageSurface> emptyCanvas;
- nsIntSize size = GetWidthHeight();
-- if (!mCurrentContext) {
-+ if (aUsePlaceholder || !mCurrentContext) {
- emptyCanvas = new gfxImageSurface(gfxIntSize(size.width, size.height), gfxASurface::ImageFormatARGB32);
- if (emptyCanvas->CairoStatus()) {
- return NS_ERROR_INVALID_ARG;
- }
-+
-+ if (aUsePlaceholder) {
-+ int32_t dataSize = emptyCanvas->GetDataSize();
-+ memset(emptyCanvas->Data(), 0xFF, dataSize);
-+ }
- }
-
- nsresult rv;
-@@ -242,12 +254,13 @@ nsHTMLCanvasElement::ExtractData(const nsAString& aType,
- NS_ConvertUTF16toUTF8 encoderType(aType);
-
- try_again:
-- if (mCurrentContext) {
-+ if (!aUsePlaceholder && mCurrentContext) {
- rv = mCurrentContext->GetInputStream(encoderType.get(),
- nsPromiseFlatString(aOptions).get(),
- getter_AddRefs(imgStream));
- } else {
-- // no context, so we have to encode the empty image we created above
-+ // Using placeholder or we have no context: encode the empty/white image
-+ // we created above.
- nsCString enccid("@mozilla.org/image/encoder;2?type=");
- enccid += encoderType;
-
-@@ -285,6 +298,7 @@ nsHTMLCanvasElement::ExtractData(const nsAString& aType,
- nsresult
- nsHTMLCanvasElement::ToDataURLImpl(const nsAString& aMimeType,
- nsIVariant* aEncoderOptions,
-+ bool aUsePlaceholder,
- nsAString& aDataURL)
- {
- bool fallbackToPNG = false;
-@@ -340,13 +354,15 @@ nsHTMLCanvasElement::ToDataURLImpl(const nsAString& aMimeType,
- }
-
- nsCOMPtr<nsIInputStream> stream;
-- rv = ExtractData(type, params, getter_AddRefs(stream), fallbackToPNG);
-+ rv = ExtractData(type, params, aUsePlaceholder,
-+ getter_AddRefs(stream), fallbackToPNG);
-
- // If there are unrecognized custom parse options, we should fall back to
- // the default values for the encoder without any options at all.
- if (rv == NS_ERROR_INVALID_ARG && usingCustomParseOptions) {
- fallbackToPNG = false;
-- rv = ExtractData(type, EmptyString(), getter_AddRefs(stream), fallbackToPNG);
-+ rv = ExtractData(type, EmptyString(), aUsePlaceholder,
-+ getter_AddRefs(stream), fallbackToPNG);
- }
-
- NS_ENSURE_SUCCESS(rv, rv);
-@@ -378,19 +394,23 @@ nsHTMLCanvasElement::MozGetAsFile(const nsAString& aName,
- return NS_ERROR_DOM_SECURITY_ERR;
- }
-
-- return MozGetAsFileImpl(aName, aType, aResult);
-+ // Check site-speciifc permission and display prompt if appropriate.
-+ // If no permission, return all-white, opaque image data.
-+ bool usePlaceholder = !CanvasUtils::IsImageExtractionAllowed(OwnerDoc());
-+ return MozGetAsFileImpl(aName, aType, usePlaceholder, aResult);
- }
-
- nsresult
- nsHTMLCanvasElement::MozGetAsFileImpl(const nsAString& aName,
- const nsAString& aType,
-+ bool aUsePlaceholder,
- nsIDOMFile** aResult)
- {
- bool fallbackToPNG = false;
-
- nsCOMPtr<nsIInputStream> stream;
-- nsresult rv = ExtractData(aType, EmptyString(), getter_AddRefs(stream),
-- fallbackToPNG);
-+ nsresult rv = ExtractData(aType, EmptyString(), aUsePlaceholder,
-+ getter_AddRefs(stream), fallbackToPNG);
- NS_ENSURE_SUCCESS(rv, rv);
-
- nsAutoString type(aType);
---
-1.7.5.4
-
diff --git a/src/current-patches/firefox/0021-Return-client-window-coordinates-for-mouse-event-scr.patch b/src/current-patches/firefox/0021-Return-client-window-coordinates-for-mouse-event-scr.patch
deleted file mode 100644
index 0cee032..0000000
--- a/src/current-patches/firefox/0021-Return-client-window-coordinates-for-mouse-event-scr.patch
+++ /dev/null
@@ -1,77 +0,0 @@
-From b0696055ca1d34426ae1c8ce2761404d3261525e Mon Sep 17 00:00:00 2001
-From: Kathleen Brade <brade@xxxxxxxxxxxxxxxxx>
-Date: Wed, 28 Nov 2012 10:49:09 -0500
-Subject: [PATCH 21/27] Return client window coordinates for mouse event
- screenX/Y (for dragend, 0,0 is returned).
-
----
- content/events/src/nsDOMMouseEvent.cpp | 22 ++++++++++++++++++++++
- content/events/src/nsDOMTouchEvent.cpp | 6 ++++--
- 2 files changed, 26 insertions(+), 2 deletions(-)
-
-diff --git a/content/events/src/nsDOMMouseEvent.cpp b/content/events/src/nsDOMMouseEvent.cpp
-index 0817397..3d8b26a 100644
---- a/content/events/src/nsDOMMouseEvent.cpp
-+++ b/content/events/src/nsDOMMouseEvent.cpp
-@@ -301,6 +301,20 @@ nsDOMMouseEvent::GetMozMovementY(int32_t* aMovementY)
- NS_METHOD nsDOMMouseEvent::GetScreenX(int32_t* aScreenX)
- {
- NS_ENSURE_ARG_POINTER(aScreenX);
-+ bool isChrome = nsContentUtils::IsCallerChrome();
-+ if (!isChrome)
-+ {
-+ // For non-chrome callers, return client coordinates instead.
-+ // For some events, the result will be zero; specifically, for dragend
-+ // events (there is no widget associated with dragend events, which
-+ // causes GetClientX() to return zero). Since dragend is for the drag
-+ // originator and not for the receiver, it is probably not widely used
-+ // (receivers get a drop event). Therefore, returning 0 should not break
-+ // many web pages. Also, a few years ago Firefox returned 0.
-+ // See: https://bugzilla.mozilla.org/show_bug.cgi?id=466379
-+ return GetClientX(aScreenX);
-+ }
-+
- *aScreenX = nsDOMEvent::GetScreenCoords(mPresContext,
- mEvent,
- mEvent->refPoint).x;
-@@ -311,6 +325,14 @@ NS_IMETHODIMP
- nsDOMMouseEvent::GetScreenY(int32_t* aScreenY)
- {
- NS_ENSURE_ARG_POINTER(aScreenY);
-+ bool isChrome = nsContentUtils::IsCallerChrome();
-+ if (!isChrome)
-+ {
-+ // For non-chrome callers, return client coordinates instead.
-+ // See also the comment in nsDOMMouseEvent::GetScreenX().
-+ return GetClientY(aScreenY);
-+ }
-+
- *aScreenY = nsDOMEvent::GetScreenCoords(mPresContext,
- mEvent,
- mEvent->refPoint).y;
-diff --git a/content/events/src/nsDOMTouchEvent.cpp b/content/events/src/nsDOMTouchEvent.cpp
-index ccf4864..64ab0e8 100644
---- a/content/events/src/nsDOMTouchEvent.cpp
-+++ b/content/events/src/nsDOMTouchEvent.cpp
-@@ -44,14 +44,16 @@ nsDOMTouch::GetTarget(nsIDOMEventTarget** aTarget)
- NS_IMETHODIMP
- nsDOMTouch::GetScreenX(int32_t* aScreenX)
- {
-- *aScreenX = mScreenPoint.x;
-+ bool isChrome = nsContentUtils::IsCallerChrome();
-+ *aScreenX = isChrome ? mScreenPoint.x : mClientPoint.x;
- return NS_OK;
- }
-
- NS_IMETHODIMP
- nsDOMTouch::GetScreenY(int32_t* aScreenY)
- {
-- *aScreenY = mScreenPoint.y;
-+ bool isChrome = nsContentUtils::IsCallerChrome();
-+ *aScreenY = isChrome ? mScreenPoint.y : mClientPoint.y;
- return NS_OK;
- }
-
---
-1.7.5.4
-
diff --git a/src/current-patches/firefox/0022-Do-not-expose-physical-screen-info.-via-window-and-w.patch b/src/current-patches/firefox/0022-Do-not-expose-physical-screen-info.-via-window-and-w.patch
deleted file mode 100644
index 621d2a8..0000000
--- a/src/current-patches/firefox/0022-Do-not-expose-physical-screen-info.-via-window-and-w.patch
+++ /dev/null
@@ -1,310 +0,0 @@
-From 73dd7935b3e9a226e868844bf9a92b257416c5ec Mon Sep 17 00:00:00 2001
-From: Kathleen Brade <brade@xxxxxxxxxxxxxxxxx>
-Date: Wed, 28 Nov 2012 11:25:14 -0500
-Subject: [PATCH 22/27] Do not expose physical screen info. via window and
- window.screen.
-
----
- dom/base/nsGlobalWindow.cpp | 46 ++++++++++++++++++++++
- dom/base/nsGlobalWindow.h | 2 +
- dom/base/nsScreen.cpp | 90 +++++++++++++++++++++++++++++++++++++++++++
- dom/base/nsScreen.h | 3 +
- 4 files changed, 141 insertions(+), 0 deletions(-)
-
-diff --git a/dom/base/nsGlobalWindow.cpp b/dom/base/nsGlobalWindow.cpp
-index f675f87..48bd71d 100644
---- a/dom/base/nsGlobalWindow.cpp
-+++ b/dom/base/nsGlobalWindow.cpp
-@@ -3745,6 +3745,10 @@ nsGlobalWindow::GetOuterWidth(int32_t* aOuterWidth)
- {
- FORWARD_TO_OUTER(GetOuterWidth, (aOuterWidth), NS_ERROR_NOT_INITIALIZED);
-
-+ // For non-chrome callers, return inner width to prevent fingerprinting.
-+ if (!IsChrome())
-+ return GetInnerWidth(aOuterWidth);
-+
- nsIntSize sizeCSSPixels;
- nsresult rv = GetOuterSize(&sizeCSSPixels);
- NS_ENSURE_SUCCESS(rv, rv);
-@@ -3758,6 +3762,10 @@ nsGlobalWindow::GetOuterHeight(int32_t* aOuterHeight)
- {
- FORWARD_TO_OUTER(GetOuterHeight, (aOuterHeight), NS_ERROR_NOT_INITIALIZED);
-
-+ // For non-chrome callers, return inner height to prevent fingerprinting.
-+ if (!IsChrome())
-+ return GetInnerHeight(aOuterHeight);
-+
- nsIntSize sizeCSSPixels;
- nsresult rv = GetOuterSize(&sizeCSSPixels);
- NS_ENSURE_SUCCESS(rv, rv);
-@@ -3820,6 +3828,12 @@ nsGlobalWindow::GetScreenX(int32_t* aScreenX)
- {
- FORWARD_TO_OUTER(GetScreenX, (aScreenX), NS_ERROR_NOT_INITIALIZED);
-
-+ // For non-chrome callers, always return 0 to prevent fingerprinting.
-+ if (!IsChrome()) {
-+ *aScreenX = 0;
-+ return NS_OK;
-+ }
-+
- nsCOMPtr<nsIBaseWindow> treeOwnerAsWin;
- GetTreeOwner(getter_AddRefs(treeOwnerAsWin));
- NS_ENSURE_TRUE(treeOwnerAsWin, NS_ERROR_FAILURE);
-@@ -3861,6 +3875,12 @@ nsGlobalWindow::GetMozInnerScreenX(float* aScreenX)
- {
- FORWARD_TO_OUTER(GetMozInnerScreenX, (aScreenX), NS_ERROR_NOT_INITIALIZED);
-
-+ // For non-chrome callers, always return 0 to prevent fingerprinting.
-+ if (!IsChrome()) {
-+ *aScreenX = 0;
-+ return NS_OK;
-+ }
-+
- nsRect r = GetInnerScreenRect();
- *aScreenX = nsPresContext::AppUnitsToFloatCSSPixels(r.x);
- return NS_OK;
-@@ -3871,6 +3891,12 @@ nsGlobalWindow::GetMozInnerScreenY(float* aScreenY)
- {
- FORWARD_TO_OUTER(GetMozInnerScreenY, (aScreenY), NS_ERROR_NOT_INITIALIZED);
-
-+ // For non-chrome callers, always return 0 to prevent fingerprinting.
-+ if (!IsChrome()) {
-+ *aScreenY = 0;
-+ return NS_OK;
-+ }
-+
- nsRect r = GetInnerScreenRect();
- *aScreenY = nsPresContext::AppUnitsToFloatCSSPixels(r.y);
- return NS_OK;
-@@ -4028,6 +4054,12 @@ nsGlobalWindow::GetScreenY(int32_t* aScreenY)
- {
- FORWARD_TO_OUTER(GetScreenY, (aScreenY), NS_ERROR_NOT_INITIALIZED);
-
-+ // For non-chrome callers, always return 0 to prevent fingerprinting.
-+ if (!IsChrome()) {
-+ *aScreenY = 0;
-+ return NS_OK;
-+ }
-+
- nsCOMPtr<nsIBaseWindow> treeOwnerAsWin;
- GetTreeOwner(getter_AddRefs(treeOwnerAsWin));
- NS_ENSURE_TRUE(treeOwnerAsWin, NS_ERROR_FAILURE);
-@@ -4074,6 +4106,20 @@ nsGlobalWindow::SetScreenY(int32_t aScreenY)
- return NS_OK;
- }
-
-+bool
-+nsGlobalWindow::IsChrome()
-+{
-+ bool isChrome = false;
-+
-+ if (mDocShell) {
-+ nsRefPtr<nsPresContext> presContext;
-+ mDocShell->GetPresContext(getter_AddRefs(presContext));
-+ isChrome = (presContext && presContext->IsChrome());
-+ }
-+
-+ return isChrome;
-+}
-+
- // NOTE: Arguments to this function should have values scaled to
- // CSS pixels, not device pixels.
- nsresult
-diff --git a/dom/base/nsGlobalWindow.h b/dom/base/nsGlobalWindow.h
-index 9acc1ea..4cb6938 100644
---- a/dom/base/nsGlobalWindow.h
-+++ b/dom/base/nsGlobalWindow.h
-@@ -827,6 +827,8 @@ protected:
- nsresult SetOuterSize(int32_t aLengthCSSPixels, bool aIsWidth);
- nsRect GetInnerScreenRect();
-
-+ bool IsChrome();
-+
- bool IsFrame()
- {
- return GetParentInternal() != nullptr;
-diff --git a/dom/base/nsScreen.cpp b/dom/base/nsScreen.cpp
-index 41c32ad..4f3904d 100644
---- a/dom/base/nsScreen.cpp
-+++ b/dom/base/nsScreen.cpp
-@@ -115,6 +115,12 @@ NS_IMPL_EVENT_HANDLER(nsScreen, mozorientationchange)
- NS_IMETHODIMP
- nsScreen::GetTop(int32_t* aTop)
- {
-+ // For non-chrome callers, always return 0 to prevent fingerprinting.
-+ if (!IsChrome()) {
-+ *aTop = 0;
-+ return NS_OK;
-+ }
-+
- nsRect rect;
- nsresult rv = GetRect(rect);
-
-@@ -127,6 +133,12 @@ nsScreen::GetTop(int32_t* aTop)
- NS_IMETHODIMP
- nsScreen::GetLeft(int32_t* aLeft)
- {
-+ // For non-chrome callers, always return 0 to prevent fingerprinting.
-+ if (!IsChrome()) {
-+ *aLeft = 0;
-+ return NS_OK;
-+ }
-+
- nsRect rect;
- nsresult rv = GetRect(rect);
-
-@@ -139,6 +151,14 @@ nsScreen::GetLeft(int32_t* aLeft)
- NS_IMETHODIMP
- nsScreen::GetWidth(int32_t* aWidth)
- {
-+ // For non-chrome callers, return content width to prevent fingerprinting.
-+ if (!IsChrome()) {
-+ nsCOMPtr<nsIDOMWindow> win;
-+ nsresult rv = GetDOMWindow(getter_AddRefs(win));
-+ NS_ENSURE_SUCCESS(rv, rv);
-+ return win->GetInnerWidth(aWidth);
-+ }
-+
- nsRect rect;
- nsresult rv = GetRect(rect);
-
-@@ -150,6 +170,14 @@ nsScreen::GetWidth(int32_t* aWidth)
- NS_IMETHODIMP
- nsScreen::GetHeight(int32_t* aHeight)
- {
-+ // For non-chrome callers, return content height to prevent fingerprinting.
-+ if (!IsChrome()) {
-+ nsCOMPtr<nsIDOMWindow> win;
-+ nsresult rv = GetDOMWindow(getter_AddRefs(win));
-+ NS_ENSURE_SUCCESS(rv, rv);
-+ return win->GetInnerHeight(aHeight);
-+ }
-+
- nsRect rect;
- nsresult rv = GetRect(rect);
-
-@@ -161,6 +189,12 @@ nsScreen::GetHeight(int32_t* aHeight)
- NS_IMETHODIMP
- nsScreen::GetPixelDepth(int32_t* aPixelDepth)
- {
-+ // For non-chrome callers, always return 24 to prevent fingerprinting.
-+ if (!IsChrome()) {
-+ *aPixelDepth = 24;
-+ return NS_OK;
-+ }
-+
- nsDeviceContext* context = GetDeviceContext();
-
- if (!context) {
-@@ -186,6 +220,14 @@ nsScreen::GetColorDepth(int32_t* aColorDepth)
- NS_IMETHODIMP
- nsScreen::GetAvailWidth(int32_t* aAvailWidth)
- {
-+ // For non-chrome callers, return content width to prevent fingerprinting.
-+ if (!IsChrome()) {
-+ nsCOMPtr<nsIDOMWindow> win;
-+ nsresult rv = GetDOMWindow(getter_AddRefs(win));
-+ NS_ENSURE_SUCCESS(rv, rv);
-+ return win->GetInnerWidth(aAvailWidth);
-+ }
-+
- nsRect rect;
- nsresult rv = GetAvailRect(rect);
-
-@@ -197,6 +239,14 @@ nsScreen::GetAvailWidth(int32_t* aAvailWidth)
- NS_IMETHODIMP
- nsScreen::GetAvailHeight(int32_t* aAvailHeight)
- {
-+ // For non-chrome callers, return content height to prevent fingerprinting.
-+ if (!IsChrome()) {
-+ nsCOMPtr<nsIDOMWindow> win;
-+ nsresult rv = GetDOMWindow(getter_AddRefs(win));
-+ NS_ENSURE_SUCCESS(rv, rv);
-+ return win->GetInnerHeight(aAvailHeight);
-+ }
-+
- nsRect rect;
- nsresult rv = GetAvailRect(rect);
-
-@@ -208,6 +258,12 @@ nsScreen::GetAvailHeight(int32_t* aAvailHeight)
- NS_IMETHODIMP
- nsScreen::GetAvailLeft(int32_t* aAvailLeft)
- {
-+ // For non-chrome callers, always return 0 to prevent fingerprinting.
-+ if (!IsChrome()) {
-+ *aAvailLeft = 0;
-+ return NS_OK;
-+ }
-+
- nsRect rect;
- nsresult rv = GetAvailRect(rect);
-
-@@ -219,6 +275,12 @@ nsScreen::GetAvailLeft(int32_t* aAvailLeft)
- NS_IMETHODIMP
- nsScreen::GetAvailTop(int32_t* aAvailTop)
- {
-+ // For non-chrome callers, always return 0 to prevent fingerprinting.
-+ if (!IsChrome()) {
-+ *aAvailTop = 0;
-+ return NS_OK;
-+ }
-+
- nsRect rect;
- nsresult rv = GetAvailRect(rect);
-
-@@ -458,3 +520,31 @@ nsScreen::FullScreenEventListener::HandleEvent(nsIDOMEvent* aEvent)
-
- return NS_OK;
- }
-+
-+bool
-+nsScreen::IsChrome()
-+{
-+ bool isChrome = false;
-+ nsCOMPtr<nsPIDOMWindow> owner = GetOwner();
-+ if (owner)
-+ isChrome = IsChromeType(owner->GetDocShell());
-+
-+ return isChrome;
-+}
-+
-+nsresult
-+nsScreen::GetDOMWindow(nsIDOMWindow **aResult)
-+{
-+ NS_ENSURE_ARG_POINTER(aResult);
-+ *aResult = NULL;
-+
-+ nsCOMPtr<nsPIDOMWindow> owner = GetOwner();
-+ if (!owner)
-+ return NS_ERROR_FAILURE;
-+
-+ nsCOMPtr<nsIDOMWindow> win = do_QueryInterface(owner);
-+ NS_ENSURE_STATE(win);
-+ win.swap(*aResult);
-+
-+ return NS_OK;
-+}
-diff --git a/dom/base/nsScreen.h b/dom/base/nsScreen.h
-index 869d4fd..de18504 100644
---- a/dom/base/nsScreen.h
-+++ b/dom/base/nsScreen.h
-@@ -16,6 +16,7 @@
-
- class nsIDocShell;
- class nsDeviceContext;
-+class nsIDOMWindow;
- struct nsRect;
-
- // Script "screen" object
-@@ -41,6 +42,8 @@ protected:
- nsDeviceContext* GetDeviceContext();
- nsresult GetRect(nsRect& aRect);
- nsresult GetAvailRect(nsRect& aRect);
-+ bool IsChrome();
-+ nsresult GetDOMWindow(nsIDOMWindow **aResult);
-
- mozilla::dom::ScreenOrientation mOrientation;
-
---
-1.7.5.4
-
diff --git a/src/current-patches/firefox/0023-Do-not-expose-system-colors-to-CSS-or-canvas.patch b/src/current-patches/firefox/0023-Do-not-expose-system-colors-to-CSS-or-canvas.patch
deleted file mode 100644
index 2bd9ffc..0000000
--- a/src/current-patches/firefox/0023-Do-not-expose-system-colors-to-CSS-or-canvas.patch
+++ /dev/null
@@ -1,631 +0,0 @@
-From 6f70c68258eb81dc898622f1f2629d71441fb1d3 Mon Sep 17 00:00:00 2001
-From: Kathleen Brade <brade@xxxxxxxxxxxxxxxxx>
-Date: Wed, 28 Nov 2012 15:08:40 -0500
-Subject: [PATCH 23/28] Do not expose system colors to CSS or canvas.
-
-This patch also contains a hack to use properly contrasting colors if the
-desktop theme specifies white on black for text colors (see
-https://trac.torproject.org/projects/tor/ticket/7920). These color choices are
-also not exposed to content.
----
- content/canvas/src/nsCanvasRenderingContext2D.cpp | 28 ++-
- .../canvas/src/nsCanvasRenderingContext2DAzure.cpp | 34 +++-
- .../canvas/src/nsCanvasRenderingContext2DAzure.h | 5 +-
- layout/base/nsLayoutUtils.cpp | 50 +++++
- layout/base/nsLayoutUtils.h | 4 +
- layout/generic/nsFrame.cpp | 6 +-
- layout/style/nsRuleNode.cpp | 5 +-
- widget/LookAndFeel.h | 12 ++
- widget/xpwidgets/nsXPLookAndFeel.cpp | 214 +++++++++++++++++++-
- widget/xpwidgets/nsXPLookAndFeel.h | 5 +-
- 10 files changed, 342 insertions(+), 21 deletions(-)
-
-diff --git a/content/canvas/src/nsCanvasRenderingContext2D.cpp b/content/canvas/src/nsCanvasRenderingContext2D.cpp
-index 0dec654..7132e4f 100644
---- a/content/canvas/src/nsCanvasRenderingContext2D.cpp
-+++ b/content/canvas/src/nsCanvasRenderingContext2D.cpp
-@@ -32,6 +32,7 @@
- #include "nsCSSParser.h"
- #include "mozilla/css/StyleRule.h"
- #include "mozilla/css/Declaration.h"
-+#include "mozilla/css/Loader.h"
- #include "nsComputedDOMStyle.h"
- #include "nsStyleSet.h"
-
-@@ -159,8 +160,9 @@ class nsCanvasGradient MOZ_FINAL : public nsIDOMCanvasGradient
- public:
- NS_DECLARE_STATIC_IID_ACCESSOR(NS_CANVASGRADIENT_PRIVATE_IID)
-
-- nsCanvasGradient(gfxPattern* pat)
-- : mPattern(pat)
-+ nsCanvasGradient(mozilla::css::Loader* aLoader, gfxPattern* pat)
-+ : mCSSLoader(aLoader)
-+ , mPattern(pat)
- {
- }
-
-@@ -181,8 +183,17 @@ public:
- return NS_ERROR_DOM_SYNTAX_ERR;
- }
-
-+ nsIPresShell* presShell = nullptr;
-+ if (mCSSLoader) {
-+ nsIDocument *doc = mCSSLoader->GetDocument();
-+ if (doc)
-+ presShell = doc->GetShell();
-+ }
-+
- nscolor color;
-- if (!nsRuleNode::ComputeColor(value, nullptr, nullptr, color)) {
-+ if (!nsRuleNode::ComputeColor(value,
-+ presShell ? presShell->GetPresContext() : nullptr,
-+ nullptr, color)) {
- return NS_ERROR_DOM_SYNTAX_ERR;
- }
-
-@@ -194,6 +205,7 @@ public:
- NS_DECL_ISUPPORTS
-
- protected:
-+ mozilla::css::Loader* mCSSLoader; // not ref counted, it owns us
- nsRefPtr<gfxPattern> mPattern;
- };
-
-@@ -1814,7 +1826,10 @@ nsCanvasRenderingContext2D::CreateLinearGradient(float x0, float y0, float x1, f
- if (!gradpat)
- return NS_ERROR_OUT_OF_MEMORY;
-
-- nsRefPtr<nsIDOMCanvasGradient> grad = new nsCanvasGradient(gradpat);
-+ nsIDocument* doc = mCanvasElement ? mCanvasElement->OwnerDoc() : nullptr;
-+ mozilla::css::Loader* cssLoader = doc ? doc->CSSLoader() : nullptr;
-+ nsRefPtr<nsIDOMCanvasGradient> grad = new nsCanvasGradient(cssLoader,
-+ gradpat);
- if (!grad)
- return NS_ERROR_OUT_OF_MEMORY;
-
-@@ -1836,7 +1851,10 @@ nsCanvasRenderingContext2D::CreateRadialGradient(float x0, float y0, float r0, f
- if (!gradpat)
- return NS_ERROR_OUT_OF_MEMORY;
-
-- nsRefPtr<nsIDOMCanvasGradient> grad = new nsCanvasGradient(gradpat);
-+ nsIDocument* doc = mCanvasElement ? mCanvasElement->OwnerDoc() : nullptr;
-+ mozilla::css::Loader* cssLoader = doc ? doc->CSSLoader() : nullptr;
-+ nsRefPtr<nsIDOMCanvasGradient> grad = new nsCanvasGradient(cssLoader,
-+ gradpat);
- if (!grad)
- return NS_ERROR_OUT_OF_MEMORY;
-
-diff --git a/content/canvas/src/nsCanvasRenderingContext2DAzure.cpp b/content/canvas/src/nsCanvasRenderingContext2DAzure.cpp
-index d86ba32..84c1927 100644
---- a/content/canvas/src/nsCanvasRenderingContext2DAzure.cpp
-+++ b/content/canvas/src/nsCanvasRenderingContext2DAzure.cpp
-@@ -31,6 +31,7 @@
- #include "nsCSSParser.h"
- #include "mozilla/css/StyleRule.h"
- #include "mozilla/css/Declaration.h"
-+#include "mozilla/css/Loader.h"
- #include "nsComputedDOMStyle.h"
- #include "nsStyleSet.h"
-
-@@ -140,9 +141,10 @@ NS_MEMORY_REPORTER_IMPLEMENT(CanvasAzureMemory,
- class nsCanvasRadialGradientAzure : public nsCanvasGradientAzure
- {
- public:
-- nsCanvasRadialGradientAzure(const Point &aBeginOrigin, Float aBeginRadius,
-+ nsCanvasRadialGradientAzure(mozilla::css::Loader* aLoader,
-+ const Point &aBeginOrigin, Float aBeginRadius,
- const Point &aEndOrigin, Float aEndRadius)
-- : nsCanvasGradientAzure(RADIAL)
-+ : nsCanvasGradientAzure(aLoader, RADIAL)
- , mCenter1(aBeginOrigin)
- , mCenter2(aEndOrigin)
- , mRadius1(aBeginRadius)
-@@ -159,8 +161,9 @@ public:
- class nsCanvasLinearGradientAzure : public nsCanvasGradientAzure
- {
- public:
-- nsCanvasLinearGradientAzure(const Point &aBegin, const Point &aEnd)
-- : nsCanvasGradientAzure(LINEAR)
-+ nsCanvasLinearGradientAzure(mozilla::css::Loader* aLoader,
-+ const Point &aBegin, const Point &aEnd)
-+ : nsCanvasGradientAzure(aLoader, LINEAR)
- , mBegin(aBegin)
- , mEnd(aEnd)
- {
-@@ -363,8 +366,17 @@ nsCanvasGradientAzure::AddColorStop(float offset, const nsAString& colorstr)
- return NS_ERROR_DOM_SYNTAX_ERR;
- }
-
-+ nsIPresShell* presShell = nullptr;
-+ if (mCSSLoader) {
-+ nsIDocument *doc = mCSSLoader->GetDocument();
-+ if (doc)
-+ presShell = doc->GetShell();
-+ }
-+
- nscolor color;
-- if (!nsRuleNode::ComputeColor(value, nullptr, nullptr, color)) {
-+ if (!nsRuleNode::ComputeColor(value,
-+ presShell ? presShell->GetPresContext() : nullptr,
-+ nullptr, color)) {
- return NS_ERROR_DOM_SYNTAX_ERR;
- }
-
-@@ -1788,8 +1800,10 @@ nsCanvasRenderingContext2DAzure::CreateLinearGradient(double x0, double y0, doub
- return nullptr;
- }
-
-- nsRefPtr<nsIDOMCanvasGradient> grad =
-- new nsCanvasLinearGradientAzure(Point(x0, y0), Point(x1, y1));
-+ nsIDocument* doc = mCanvasElement ? mCanvasElement->OwnerDoc() : nullptr;
-+ mozilla::css::Loader* cssLoader = doc ? doc->CSSLoader() : nullptr;
-+ nsRefPtr<nsIDOMCanvasGradient> grad = new nsCanvasLinearGradientAzure(
-+ cssLoader, Point(x0, y0), Point(x1, y1));
-
- return grad.forget();
- }
-@@ -1818,8 +1832,10 @@ nsCanvasRenderingContext2DAzure::CreateRadialGradient(double x0, double y0, doub
- return nullptr;
- }
-
-- nsRefPtr<nsIDOMCanvasGradient> grad =
-- new nsCanvasRadialGradientAzure(Point(x0, y0), r0, Point(x1, y1), r1);
-+ nsIDocument* doc = mCanvasElement ? mCanvasElement->OwnerDoc() : nullptr;
-+ mozilla::css::Loader* cssLoader = doc ? doc->CSSLoader() : nullptr;
-+ nsRefPtr<nsIDOMCanvasGradient> grad = new nsCanvasRadialGradientAzure(
-+ cssLoader, Point(x0, y0), r0, Point(x1, y1), r1);
-
- return grad.forget();
- }
-diff --git a/content/canvas/src/nsCanvasRenderingContext2DAzure.h b/content/canvas/src/nsCanvasRenderingContext2DAzure.h
-index 05ccf61..629d78a 100644
---- a/content/canvas/src/nsCanvasRenderingContext2DAzure.h
-+++ b/content/canvas/src/nsCanvasRenderingContext2DAzure.h
-@@ -71,11 +71,14 @@ public:
- NS_IMETHOD AddColorStop(float offset, const nsAString& colorstr);
-
- protected:
-- nsCanvasGradientAzure(Type aType) : mType(aType)
-+ nsCanvasGradientAzure(mozilla::css::Loader* aLoader, Type aType)
-+ : mCSSLoader(aLoader)
-+ , mType(aType)
- {}
-
- nsTArray<mozilla::gfx::GradientStop> mRawStops;
- mozilla::RefPtr<mozilla::gfx::GradientStops> mStops;
-+ mozilla::css::Loader* mCSSLoader; // not ref counted, it owns us
- Type mType;
- virtual ~nsCanvasGradientAzure() {}
- };
-diff --git a/layout/base/nsLayoutUtils.cpp b/layout/base/nsLayoutUtils.cpp
-index 87b0d34..65515d9 100644
---- a/layout/base/nsLayoutUtils.cpp
-+++ b/layout/base/nsLayoutUtils.cpp
-@@ -76,6 +76,7 @@
- #include "nsSVGForeignObjectFrame.h"
- #include "nsSVGOuterSVGFrame.h"
- #include "nsStyleStructInlines.h"
-+#include "mozilla/LookAndFeel.h"
-
- #include "mozilla/Preferences.h"
-
-@@ -3134,13 +3135,62 @@ ShouldDarkenColors(nsPresContext* aPresContext)
- nscolor
- nsLayoutUtils::GetColor(nsIFrame* aFrame, nsCSSProperty aProperty)
- {
-+ if (aProperty == eCSSProperty_color)
-+ {
-+ nscolor nativeColor = NS_RGB(0, 0, 0);
-+ if (GetNativeTextColor(aFrame, nativeColor))
-+ return nativeColor;
-+ }
-+
- nscolor color = aFrame->GetVisitedDependentColor(aProperty);
- if (ShouldDarkenColors(aFrame->PresContext())) {
- color = DarkenColor(color);
- }
-+
- return color;
- }
-
-+bool
-+nsLayoutUtils::GetNativeTextColor(nsIFrame* aFrame, nscolor& aColor)
-+{
-+ nsPresContext *presContext = aFrame->PresContext();
-+ if (!presContext->IsChrome()) {
-+ // If native appearance was used to draw the background of the containing
-+ // frame, return a contrasting native foreground color instead of the
-+ // color from the element's style. This avoids a problem where black
-+ // text was displayed on a black background when a Windows theme such as
-+ // "High Contrast Black" was used. The background is drawn inside
-+ // nsNativeThemeWin::ClassicDrawWidgetBackground().
-+ //
-+ // Because both the background color and this foreground color are used
-+ // directly without exposing the colors via CSS computed styles, the
-+ // native colors are not leaked to content.
-+ nsIFrame* bgFrame =
-+ nsCSSRendering::FindNonTransparentBackgroundFrame(aFrame);
-+ if (bgFrame) {
-+ const nsStyleDisplay* displayData = bgFrame->GetStyleDisplay();
-+ uint8_t widgetType = displayData->mAppearance;
-+ nsITheme *theme = presContext->GetTheme();
-+ if (widgetType && theme->ThemeSupportsWidget(presContext, bgFrame,
-+ widgetType)) {
-+ bool isDisabled = false;
-+ nsIContent* frameContent = bgFrame->GetContent();
-+ if (frameContent && frameContent->IsElement()) {
-+ nsEventStates es = frameContent->AsElement()->State();
-+ isDisabled = es.HasState(NS_EVENT_STATE_DISABLED);
-+ }
-+
-+ if (NS_SUCCEEDED(LookAndFeel::GetColorForNativeAppearance(widgetType,
-+ isDisabled, &aColor))) {
-+ return true;
-+ }
-+ }
-+ }
-+ }
-+
-+ return false;
-+}
-+
- gfxFloat
- nsLayoutUtils::GetSnappedBaselineY(nsIFrame* aFrame, gfxContext* aContext,
- nscoord aY, nscoord aAscent)
-diff --git a/layout/base/nsLayoutUtils.h b/layout/base/nsLayoutUtils.h
-index 4fb1f93..6552f04 100644
---- a/layout/base/nsLayoutUtils.h
-+++ b/layout/base/nsLayoutUtils.h
-@@ -989,6 +989,10 @@ public:
- // Get a suitable foreground color for painting aProperty for aFrame.
- static nscolor GetColor(nsIFrame* aFrame, nsCSSProperty aProperty);
-
-+ // Get the native text color if appropriate. If false is returned, callers
-+ // should fallback to the CSS color.
-+ static bool GetNativeTextColor(nsIFrame* aFrame, nscolor& aColor);
-+
- // Get a baseline y position in app units that is snapped to device pixels.
- static gfxFloat GetSnappedBaselineY(nsIFrame* aFrame, gfxContext* aContext,
- nscoord aY, nscoord aAscent);
-diff --git a/layout/generic/nsFrame.cpp b/layout/generic/nsFrame.cpp
-index 75a2bb9..d684a62 100644
---- a/layout/generic/nsFrame.cpp
-+++ b/layout/generic/nsFrame.cpp
-@@ -1446,7 +1446,11 @@ nsIFrame::DisplayCaret(nsDisplayListBuilder* aBuilder,
- nscolor
- nsIFrame::GetCaretColorAt(int32_t aOffset)
- {
-- // Use text color.
-+ nscolor color = NS_RGB(0, 0, 0);
-+ if (nsLayoutUtils::GetNativeTextColor(this, color))
-+ return color;
-+
-+ // Use CSS text color.
- return GetStyleColor()->mColor;
- }
-
-diff --git a/layout/style/nsRuleNode.cpp b/layout/style/nsRuleNode.cpp
-index 86eff1f..732b1fe 100644
---- a/layout/style/nsRuleNode.cpp
-+++ b/layout/style/nsRuleNode.cpp
-@@ -747,7 +747,10 @@ static bool SetColor(const nsCSSValue& aValue, const nscolor aParentColor,
- int32_t intValue = aValue.GetIntValue();
- if (0 <= intValue) {
- LookAndFeel::ColorID colorID = (LookAndFeel::ColorID) intValue;
-- if (NS_SUCCEEDED(LookAndFeel::GetColor(colorID, &aResult))) {
-+ bool useStandinsForNativeColors = aPresContext &&
-+ !aPresContext->IsChrome();
-+ if (NS_SUCCEEDED(LookAndFeel::GetColor(colorID,
-+ useStandinsForNativeColors, &aResult))) {
- result = true;
- }
- }
-diff --git a/widget/LookAndFeel.h b/widget/LookAndFeel.h
-index e46bb13..f947084 100644
---- a/widget/LookAndFeel.h
-+++ b/widget/LookAndFeel.h
-@@ -446,6 +446,18 @@ public:
- static nsresult GetColor(ColorID aID, nscolor* aResult);
-
- /**
-+ * This variant of GetColor() take an extra Boolean parameter that allows
-+ * the caller to ask that hard-coded color values be substituted for
-+ * native colors (used when it is desireable to hide system colors to
-+ * avoid system fingerprinting).
-+ */
-+ static nsresult GetColor(ColorID aID, bool aUseStandinsForNativeColors,
-+ nscolor* aResult);
-+
-+ static nsresult GetColorForNativeAppearance(uint8_t aWidgetType,
-+ bool aIsDisabled, nscolor* aResult);
-+
-+ /**
- * GetInt() and GetFloat() return a int or float value for aID. The result
- * might be distance, time, some flags or a int value which has particular
- * meaning. See each document at definition of each ID for the detail.
-diff --git a/widget/xpwidgets/nsXPLookAndFeel.cpp b/widget/xpwidgets/nsXPLookAndFeel.cpp
-index 50c2c86..704963a 100644
---- a/widget/xpwidgets/nsXPLookAndFeel.cpp
-+++ b/widget/xpwidgets/nsXPLookAndFeel.cpp
-@@ -11,6 +11,7 @@
- #include "nsLookAndFeel.h"
- #include "nsCRT.h"
- #include "nsFont.h"
-+#include "nsThemeConstants.h"
- #include "mozilla/Preferences.h"
-
- #include "gfxPlatform.h"
-@@ -476,6 +477,155 @@ nsXPLookAndFeel::IsSpecialColor(ColorID aID, nscolor &aColor)
- return false;
- }
-
-+bool
-+nsXPLookAndFeel::ColorIsNotCSSAccessible(ColorID aID)
-+{
-+ bool result = false;
-+
-+ switch (aID) {
-+ case eColorID_WindowBackground:
-+ case eColorID_WindowForeground:
-+ case eColorID_WidgetBackground:
-+ case eColorID_WidgetForeground:
-+ case eColorID_WidgetSelectBackground:
-+ case eColorID_WidgetSelectForeground:
-+ case eColorID_Widget3DHighlight:
-+ case eColorID_Widget3DShadow:
-+ case eColorID_TextBackground:
-+ case eColorID_TextForeground:
-+ case eColorID_TextSelectBackground:
-+ case eColorID_TextSelectForeground:
-+ case eColorID_TextSelectBackgroundDisabled:
-+ case eColorID_TextSelectBackgroundAttention:
-+ case eColorID_TextHighlightBackground:
-+ case eColorID_TextHighlightForeground:
-+ case eColorID_IMERawInputBackground:
-+ case eColorID_IMERawInputForeground:
-+ case eColorID_IMERawInputUnderline:
-+ case eColorID_IMESelectedRawTextBackground:
-+ case eColorID_IMESelectedRawTextForeground:
-+ case eColorID_IMESelectedRawTextUnderline:
-+ case eColorID_IMEConvertedTextBackground:
-+ case eColorID_IMEConvertedTextForeground:
-+ case eColorID_IMEConvertedTextUnderline:
-+ case eColorID_IMESelectedConvertedTextBackground:
-+ case eColorID_IMESelectedConvertedTextForeground:
-+ case eColorID_IMESelectedConvertedTextUnderline:
-+ case eColorID_SpellCheckerUnderline:
-+ result = true;
-+ break;
-+ default:
-+ break;
-+ }
-+
-+ return result;
-+}
-+
-+nscolor
-+nsXPLookAndFeel::GetStandinForNativeColor(ColorID aID)
-+{
-+ nscolor result = NS_RGB(0xFF, 0xFF, 0xFF);
-+
-+ // The stand-in colors are taken from the Windows 7 Aero theme
-+ // except Mac-specific colors which are taken from Mac OS 10.7.
-+ switch (aID) {
-+ // CSS 2 colors:
-+ case eColorID_activeborder: result = NS_RGB(0xB4, 0xB4, 0xB4); break;
-+ case eColorID_activecaption: result = NS_RGB(0x99, 0xB4, 0xD1); break;
-+ case eColorID_appworkspace: result = NS_RGB(0xAB, 0xAB, 0xAB); break;
-+ case eColorID_background: result = NS_RGB(0x00, 0x00, 0x00); break;
-+ case eColorID_buttonface: result = NS_RGB(0xF0, 0xF0, 0xF0); break;
-+ case eColorID_buttonhighlight: result = NS_RGB(0xFF, 0xFF, 0xFF); break;
-+ case eColorID_buttonshadow: result = NS_RGB(0xA0, 0xA0, 0xA0); break;
-+ case eColorID_buttontext: result = NS_RGB(0x00, 0x00, 0x00); break;
-+ case eColorID_captiontext: result = NS_RGB(0x00, 0x00, 0x00); break;
-+ case eColorID_graytext: result = NS_RGB(0x6D, 0x6D, 0x6D); break;
-+ case eColorID_highlight: result = NS_RGB(0x33, 0x99, 0xFF); break;
-+ case eColorID_highlighttext: result = NS_RGB(0xFF, 0xFF, 0xFF); break;
-+ case eColorID_inactiveborder: result = NS_RGB(0xF4, 0xF7, 0xFC); break;
-+ case eColorID_inactivecaption: result = NS_RGB(0xBF, 0xCD, 0xDB); break;
-+ case eColorID_inactivecaptiontext:
-+ result = NS_RGB(0x43, 0x4E, 0x54); break;
-+ case eColorID_infobackground: result = NS_RGB(0xFF, 0xFF, 0xE1); break;
-+ case eColorID_infotext: result = NS_RGB(0x00, 0x00, 0x00); break;
-+ case eColorID_menu: result = NS_RGB(0xF0, 0xF0, 0xF0); break;
-+ case eColorID_menutext: result = NS_RGB(0x00, 0x00, 0x00); break;
-+ case eColorID_scrollbar: result = NS_RGB(0xC8, 0xC8, 0xC8); break;
-+ case eColorID_threeddarkshadow: result = NS_RGB(0x69, 0x69, 0x69); break;
-+ case eColorID_threedface: result = NS_RGB(0xF0, 0xF0, 0xF0); break;
-+ case eColorID_threedhighlight: result = NS_RGB(0xFF, 0xFF, 0xFF); break;
-+ case eColorID_threedlightshadow: result = NS_RGB(0xE3, 0xE3, 0xE3); break;
-+ case eColorID_threedshadow: result = NS_RGB(0xA0, 0xA0, 0xA0); break;
-+ case eColorID_window: result = NS_RGB(0xFF, 0xFF, 0xFF); break;
-+ case eColorID_windowframe: result = NS_RGB(0x64, 0x64, 0x64); break;
-+ case eColorID_windowtext: result = NS_RGB(0x00, 0x00, 0x00); break;
-+ case eColorID__moz_buttondefault:
-+ result = NS_RGB(0x69, 0x69, 0x69); break;
-+ case eColorID__moz_field: result = NS_RGB(0xFF, 0xFF, 0xFF); break;
-+ case eColorID__moz_fieldtext: result = NS_RGB(0x00, 0x00, 0x00); break;
-+ case eColorID__moz_dialog: result = NS_RGB(0xF0, 0xF0, 0xF0); break;
-+ case eColorID__moz_dialogtext: result = NS_RGB(0x00, 0x00, 0x00); break;
-+ case eColorID__moz_dragtargetzone:
-+ result = NS_RGB(0xFF, 0xFF, 0xFF); break;
-+ case eColorID__moz_cellhighlight:
-+ result = NS_RGB(0xF0, 0xF0, 0xF0); break;
-+ case eColorID__moz_cellhighlighttext:
-+ result = NS_RGB(0x00, 0x00, 0x00); break;
-+ case eColorID__moz_html_cellhighlight:
-+ result = NS_RGB(0x33, 0x99, 0xFF); break;
-+ case eColorID__moz_html_cellhighlighttext:
-+ result = NS_RGB(0xFF, 0xFF, 0xFF); break;
-+ case eColorID__moz_buttonhoverface:
-+ result = NS_RGB(0xF0, 0xF0, 0xF0); break;
-+ case eColorID__moz_buttonhovertext:
-+ result = NS_RGB(0x00, 0x00, 0x00); break;
-+ case eColorID__moz_menuhover:
-+ result = NS_RGB(0x33, 0x99, 0xFF); break;
-+ case eColorID__moz_menuhovertext:
-+ result = NS_RGB(0x00, 0x00, 0x00); break;
-+ case eColorID__moz_menubartext:
-+ result = NS_RGB(0x00, 0x00, 0x00); break;
-+ case eColorID__moz_menubarhovertext:
-+ result = NS_RGB(0x00, 0x00, 0x00); break;
-+ case eColorID__moz_oddtreerow:
-+ result = NS_RGB(0xFF, 0xFF, 0xFF); break;
-+ case eColorID__moz_mac_chrome_active:
-+ result = NS_RGB(0xB2, 0xB2, 0xB2); break;
-+ case eColorID__moz_mac_chrome_inactive:
-+ result = NS_RGB(0xE1, 0xE1, 0xE1); break;
-+ case eColorID__moz_mac_focusring:
-+ result = NS_RGB(0x60, 0x9D, 0xD7); break;
-+ case eColorID__moz_mac_menuselect:
-+ result = NS_RGB(0x38, 0x75, 0xD7); break;
-+ case eColorID__moz_mac_menushadow:
-+ result = NS_RGB(0xA3, 0xA3, 0xA3); break;
-+ case eColorID__moz_mac_menutextdisable:
-+ result = NS_RGB(0x88, 0x88, 0x88); break;
-+ case eColorID__moz_mac_menutextselect:
-+ result = NS_RGB(0xFF, 0xFF, 0xFF); break;
-+ case eColorID__moz_mac_disabledtoolbartext:
-+ result = NS_RGB(0x3F, 0x3F, 0x3F); break;
-+ case eColorID__moz_mac_alternateprimaryhighlight:
-+ result = NS_RGB(0x38, 0x75, 0xD7); break;
-+ case eColorID__moz_mac_secondaryhighlight:
-+ result = NS_RGB(0xD4, 0xD4, 0xD4); break;
-+ case eColorID__moz_win_mediatext:
-+ result = NS_RGB(0xFF, 0xFF, 0xFF); break;
-+ case eColorID__moz_win_communicationstext:
-+ result = NS_RGB(0xFF, 0xFF, 0xFF); break;
-+ case eColorID__moz_nativehyperlinktext:
-+ result = NS_RGB(0x00, 0x66, 0xCC); break;
-+ case eColorID__moz_comboboxtext:
-+ result = NS_RGB(0x00, 0x00, 0x00); break;
-+ case eColorID__moz_combobox:
-+ result = NS_RGB(0xFF, 0xFF, 0xFF); break;
-+ default:
-+ break;
-+ }
-+
-+ return result;
-+}
-+
- //
- // All these routines will return NS_OK if they have a value,
- // in which case the nsLookAndFeel should use that value;
-@@ -483,7 +633,8 @@ nsXPLookAndFeel::IsSpecialColor(ColorID aID, nscolor &aColor)
- // platform-specific nsLookAndFeel should use its own values instead.
- //
- nsresult
--nsXPLookAndFeel::GetColorImpl(ColorID aID, nscolor &aResult)
-+nsXPLookAndFeel::GetColorImpl(ColorID aID, bool aUseStandinsForNativeColors,
-+ nscolor &aResult)
- {
- if (!sInitialized)
- Init();
-@@ -569,7 +720,10 @@ nsXPLookAndFeel::GetColorImpl(ColorID aID, nscolor &aResult)
- }
- #endif // DEBUG_SYSTEM_COLOR_USE
-
-- if (IS_COLOR_CACHED(aID)) {
-+ if (aUseStandinsForNativeColors && ColorIsNotCSSAccessible(aID))
-+ aUseStandinsForNativeColors = false;
-+
-+ if (!aUseStandinsForNativeColors && IS_COLOR_CACHED(aID)) {
- aResult = sCachedColors[aID];
- return NS_OK;
- }
-@@ -603,6 +757,12 @@ nsXPLookAndFeel::GetColorImpl(ColorID aID, nscolor &aResult)
- return NS_OK;
- }
-
-+ if (sUseNativeColors && aUseStandinsForNativeColors)
-+ {
-+ aResult = GetStandinForNativeColor(aID);
-+ return NS_OK;
-+ }
-+
- if (sUseNativeColors && NS_SUCCEEDED(NativeGetColor(aID, aResult))) {
- if ((gfxPlatform::GetCMSMode() == eCMSMode_All) &&
- !IsSpecialColor(aID, aResult)) {
-@@ -693,7 +853,55 @@ namespace mozilla {
- nsresult
- LookAndFeel::GetColor(ColorID aID, nscolor* aResult)
- {
-- return nsLookAndFeel::GetInstance()->GetColorImpl(aID, *aResult);
-+ return nsLookAndFeel::GetInstance()->GetColorImpl(aID, false, *aResult);
-+}
-+
-+nsresult
-+LookAndFeel::GetColor(ColorID aID, bool aUseStandinsForNativeColors,
-+ nscolor* aResult)
-+{
-+ return nsLookAndFeel::GetInstance()->GetColorImpl(aID,
-+ aUseStandinsForNativeColors, *aResult);
-+}
-+
-+// static
-+nsresult
-+LookAndFeel::GetColorForNativeAppearance(uint8_t aWidgetType, bool aIsDisabled,
-+ nscolor* aResult)
-+{
-+ NS_ENSURE_ARG_POINTER(aResult);
-+
-+ ColorID colorID = eColorID_LAST_COLOR;
-+ switch (aWidgetType) {
-+ case NS_THEME_TEXTFIELD:
-+ case NS_THEME_TEXTFIELD_MULTILINE:
-+ case NS_THEME_LISTBOX:
-+ case NS_THEME_DROPDOWN:
-+ case NS_THEME_DROPDOWN_TEXTFIELD:
-+ case NS_THEME_TREEVIEW:
-+ colorID = (aIsDisabled) ? eColorID_graytext : eColorID__moz_fieldtext;
-+ break;
-+
-+ case NS_THEME_TOOLTIP:
-+ colorID = eColorID_infotext;
-+ break;
-+
-+ case NS_THEME_BUTTON:
-+ case NS_THEME_GROUPBOX:
-+ case NS_THEME_PROGRESSBAR:
-+ case NS_THEME_PROGRESSBAR_VERTICAL:
-+ case NS_THEME_TAB_PANEL:
-+ case NS_THEME_STATUSBAR:
-+ case NS_THEME_STATUSBAR_RESIZER_PANEL:
-+ colorID = (aIsDisabled) ? eColorID_graytext : eColorID_buttontext;
-+ break;
-+ }
-+
-+ if (LookAndFeel::eColorID_LAST_COLOR == colorID)
-+ return NS_ERROR_FAILURE;
-+
-+ *aResult = NS_RGB(0, 0, 0);
-+ return nsLookAndFeel::GetInstance()->NativeGetColor(colorID, *aResult);
- }
-
- // static
-diff --git a/widget/xpwidgets/nsXPLookAndFeel.h b/widget/xpwidgets/nsXPLookAndFeel.h
-index 69627d2..2729803 100644
---- a/widget/xpwidgets/nsXPLookAndFeel.h
-+++ b/widget/xpwidgets/nsXPLookAndFeel.h
-@@ -52,7 +52,8 @@ public:
- // otherwise we'll return NS_ERROR_NOT_AVAILABLE, in which case, the
- // platform-specific nsLookAndFeel should use its own values instead.
- //
-- nsresult GetColorImpl(ColorID aID, nscolor &aResult);
-+ nsresult GetColorImpl(ColorID aID, bool aUseStandinsForNativeColors,
-+ nscolor &aResult);
- virtual nsresult GetIntImpl(IntID aID, int32_t &aResult);
- virtual nsresult GetFloatImpl(FloatID aID, float &aResult);
-
-@@ -89,6 +90,8 @@ protected:
- void InitColorFromPref(int32_t aIndex);
- virtual nsresult NativeGetColor(ColorID aID, nscolor &aResult) = 0;
- bool IsSpecialColor(ColorID aID, nscolor &aColor);
-+ bool ColorIsNotCSSAccessible(ColorID aID);
-+ nscolor GetStandinForNativeColor(ColorID aID);
-
- static int OnPrefChanged(const char* aPref, void* aClosure);
-
---
-1.7.9.5
-
diff --git a/src/current-patches/firefox/0024-Isolate-the-Image-Cache-per-url-bar-domain.patch b/src/current-patches/firefox/0024-Isolate-the-Image-Cache-per-url-bar-domain.patch
deleted file mode 100644
index a6e9c61..0000000
--- a/src/current-patches/firefox/0024-Isolate-the-Image-Cache-per-url-bar-domain.patch
+++ /dev/null
@@ -1,922 +0,0 @@
-From f097490e5043195bb0dfc27b288ff8b485b148e6 Mon Sep 17 00:00:00 2001
-From: Mike Perry <mikeperry-git@xxxxxxxxxxxxxx>
-Date: Thu, 6 Dec 2012 14:19:34 -0800
-Subject: [PATCH 24/27] Isolate the Image Cache per url bar domain.
-
-The image cache maintains its own table outside of the main cache, and does
-not obey cacheKeys by default.
----
- content/base/src/nsContentUtils.cpp | 13 +-
- embedding/browser/webBrowser/nsContextMenuInfo.cpp | 27 +-
- extensions/cookie/nsCookiePermission.cpp | 3 +
- image/public/imgILoader.idl | 4 +-
- image/src/imgLoader.cpp | 262 +++++++++++++-------
- image/src/imgLoader.h | 20 +-
- image/src/imgRequest.cpp | 11 +-
- image/src/imgRequest.h | 3 +
- layout/generic/nsImageFrame.cpp | 14 +-
- netwerk/cookie/nsICookiePermission.idl | 1 +
- toolkit/system/gnome/nsAlertsIconListener.cpp | 3 +-
- widget/cocoa/nsMenuItemIconX.mm | 9 +-
- 12 files changed, 250 insertions(+), 120 deletions(-)
-
-diff --git a/content/base/src/nsContentUtils.cpp b/content/base/src/nsContentUtils.cpp
-index 8d58d8b..6a9c87c 100644
---- a/content/base/src/nsContentUtils.cpp
-+++ b/content/base/src/nsContentUtils.cpp
-@@ -121,6 +121,7 @@ static NS_DEFINE_CID(kXTFServiceCID, NS_XTFSERVICE_CID);
- #include "nsIWebNavigation.h"
- #include "nsTextFragment.h"
- #include "mozilla/Selection.h"
-+#include "mozIThirdPartyUtil.h"
-
- #ifdef IBMBIDI
- #include "nsIBidiKeyboard.h"
-@@ -2743,8 +2744,6 @@ nsContentUtils::LoadImage(nsIURI* aURI, nsIDocument* aLoadingDocument,
- nsCOMPtr<nsILoadGroup> loadGroup = aLoadingDocument->GetDocumentLoadGroup();
- NS_ASSERTION(loadGroup, "Could not get loadgroup; onload may fire too early");
-
-- nsIURI *documentURI = aLoadingDocument->GetDocumentURI();
--
- // check for a Content Security Policy to pass down to the channel that
- // will get created to load the image
- nsCOMPtr<nsIChannelPolicy> channelPolicy;
-@@ -2761,11 +2760,15 @@ nsContentUtils::LoadImage(nsIURI* aURI, nsIDocument* aLoadingDocument,
-
- // Make the URI immutable so people won't change it under us
- NS_TryToSetImmutable(aURI);
-+
-+ nsCOMPtr<nsIURI> firstPartyURI;
-+ nsCOMPtr<mozIThirdPartyUtil> thirdPartySvc
-+ = do_GetService(THIRDPARTYUTIL_CONTRACTID);
-+ thirdPartySvc->GetFirstPartyURI(nullptr, aLoadingDocument,
-+ getter_AddRefs(firstPartyURI));
-
-- // XXXbz using "documentURI" for the initialDocumentURI is not quite
-- // right, but the best we can do here...
- return imgLoader->LoadImage(aURI, /* uri to load */
-- documentURI, /* initialDocumentURI */
-+ firstPartyURI, /* firstPartyURI */
- aReferrer, /* referrer */
- aLoadingPrincipal, /* loading principal */
- loadGroup, /* loadgroup */
-diff --git a/embedding/browser/webBrowser/nsContextMenuInfo.cpp b/embedding/browser/webBrowser/nsContextMenuInfo.cpp
-index 0a99427..02cd634 100644
---- a/embedding/browser/webBrowser/nsContextMenuInfo.cpp
-+++ b/embedding/browser/webBrowser/nsContextMenuInfo.cpp
-@@ -26,6 +26,7 @@
- #include "nsIChannelPolicy.h"
- #include "nsIContentSecurityPolicy.h"
- #include "nsIContentPolicy.h"
-+#include "mozIThirdPartyUtil.h"
-
- //*****************************************************************************
- // class nsContextMenuInfo
-@@ -269,15 +270,15 @@ nsContextMenuInfo::GetBackgroundImageRequestInternal(nsIDOMNode *aDOMNode, imgIR
- nsCOMPtr<nsIPrincipal> principal;
- nsCOMPtr<nsIChannelPolicy> channelPolicy;
- nsCOMPtr<nsIContentSecurityPolicy> csp;
-- if (doc) {
-- principal = doc->NodePrincipal();
-- nsresult rv = principal->GetCsp(getter_AddRefs(csp));
-- NS_ENSURE_SUCCESS(rv, rv);
-- if (csp) {
-- channelPolicy = do_CreateInstance("@mozilla.org/nschannelpolicy;1");
-- channelPolicy->SetContentSecurityPolicy(csp);
-- channelPolicy->SetLoadType(nsIContentPolicy::TYPE_IMAGE);
-- }
-+ NS_ENSURE_TRUE(doc, NS_ERROR_FAILURE);
-+
-+ principal = doc->NodePrincipal();
-+ nsresult rv = principal->GetCsp(getter_AddRefs(csp));
-+ NS_ENSURE_SUCCESS(rv, rv);
-+ if (csp) {
-+ channelPolicy = do_CreateInstance("@mozilla.org/nschannelpolicy;1");
-+ channelPolicy->SetContentSecurityPolicy(csp);
-+ channelPolicy->SetLoadType(nsIContentPolicy::TYPE_IMAGE);
- }
-
- while (true) {
-@@ -305,7 +306,13 @@ nsContextMenuInfo::GetBackgroundImageRequestInternal(nsIDOMNode *aDOMNode, imgIR
- "@mozilla.org/image/loader;1"));
- NS_ENSURE_TRUE(il, NS_ERROR_FAILURE);
-
-- return il->LoadImage(bgUri, nullptr, nullptr, principal, nullptr,
-+ nsCOMPtr<nsIURI> firstPartyURI;
-+ nsCOMPtr<mozIThirdPartyUtil> thirdPartySvc
-+ = do_GetService(THIRDPARTYUTIL_CONTRACTID);
-+ thirdPartySvc->GetFirstPartyURI(nullptr, doc,
-+ getter_AddRefs(firstPartyURI));
-+
-+ return il->LoadImage(bgUri, firstPartyURI, nullptr, principal, nullptr,
- nullptr, nullptr, nsIRequest::LOAD_NORMAL, nullptr,
- nullptr, channelPolicy, aRequest);
- }
-diff --git a/extensions/cookie/nsCookiePermission.cpp b/extensions/cookie/nsCookiePermission.cpp
-index befa81a..e0b6e12 100644
---- a/extensions/cookie/nsCookiePermission.cpp
-+++ b/extensions/cookie/nsCookiePermission.cpp
-@@ -407,6 +407,9 @@ nsCookiePermission::GetOriginatingURI(nsIChannel *aChannel,
-
- return NS_OK;
- }
-+
-+ // TODO: Why don't we just use this here:
-+ // httpChannelInternal->GetDocumentURI(aURI);
- }
-
- // find the associated window and its top window
-diff --git a/image/public/imgILoader.idl b/image/public/imgILoader.idl
-index da26463..ecff309 100644
---- a/image/public/imgILoader.idl
-+++ b/image/public/imgILoader.idl
-@@ -38,7 +38,7 @@ interface imgILoader : nsISupports
- /**
- * Start the load and decode of an image.
- * @param aURI the URI to load
-- * @param aInitialDocumentURI the URI that 'initiated' the load -- used for 3rd party cookie blocking
-+ * @param aFirstPartyURI the urlbar URI that 'initiated' the load -- used for 3rd party blocking
- * @param aReferrerURI the 'referring' URI
- * @param aLoadingPrincipal the principal of the loading document
- * @param aLoadGroup Loadgroup to put the image load into
-@@ -57,7 +57,7 @@ interface imgILoader : nsISupports
- * goes away.
- */
- imgIRequest loadImage(in nsIURI aURI,
-- in nsIURI aInitialDocumentURL,
-+ in nsIURI aFirstPartyURI,
- in nsIURI aReferrerURI,
- in nsIPrincipal aLoadingPrincipal,
- in nsILoadGroup aLoadGroup,
-diff --git a/image/src/imgLoader.cpp b/image/src/imgLoader.cpp
-index ea51e8d..8e52af8 100644
---- a/image/src/imgLoader.cpp
-+++ b/image/src/imgLoader.cpp
-@@ -39,6 +39,7 @@
- #include "nsCRT.h"
- #include "nsIDocument.h"
- #include "nsPIDOMWindow.h"
-+#include "nsIConsoleService.h"
-
- #include "netCore.h"
-
-@@ -58,6 +59,7 @@
- #include "nsIHttpChannelInternal.h"
- #include "nsIContentSecurityPolicy.h"
- #include "nsIChannelPolicy.h"
-+#include "mozIThirdPartyUtil.h"
-
- #include "nsContentUtils.h"
-
-@@ -432,7 +434,7 @@ static nsresult NewImageChannel(nsIChannel **aResult,
- // aLoadingPrincipal and false otherwise.
- bool *aForcePrincipalCheckForCacheEntry,
- nsIURI *aURI,
-- nsIURI *aInitialDocumentURI,
-+ nsIURI *aFirstPartyURI,
- nsIURI *aReferringURI,
- nsILoadGroup *aLoadGroup,
- const nsCString& aAcceptHeader,
-@@ -484,7 +486,7 @@ static nsresult NewImageChannel(nsIChannel **aResult,
-
- nsCOMPtr<nsIHttpChannelInternal> httpChannelInternal = do_QueryInterface(newHttpChannel);
- NS_ENSURE_TRUE(httpChannelInternal, NS_ERROR_UNEXPECTED);
-- httpChannelInternal->SetDocumentURI(aInitialDocumentURI);
-+ httpChannelInternal->SetDocumentURI(aFirstPartyURI);
- newHttpChannel->SetReferrer(aReferringURI);
- }
-
-@@ -925,34 +927,62 @@ NS_IMETHODIMP imgLoader::ClearCache(bool chrome)
- /* void removeEntry(in nsIURI uri); */
- NS_IMETHODIMP imgLoader::RemoveEntry(nsIURI *uri)
- {
-- if (RemoveFromCache(uri))
-+ if (RemoveMatchingUrlsFromCache(uri))
- return NS_OK;
-
- return NS_ERROR_NOT_AVAILABLE;
- }
-
-+static PLDHashOperator EnumAllEntries(const nsACString&,
-+ nsRefPtr<imgCacheEntry> &aData,
-+ void *data)
-+{
-+ nsTArray<nsRefPtr<imgCacheEntry> > *entries =
-+ reinterpret_cast<nsTArray<nsRefPtr<imgCacheEntry> > *>(data);
-+
-+ entries->AppendElement(aData);
-+
-+ return PL_DHASH_NEXT;
-+}
-+
- /* imgIRequest findEntry(in nsIURI uri); */
- NS_IMETHODIMP imgLoader::FindEntryProperties(nsIURI *uri, nsIProperties **_retval)
- {
- nsRefPtr<imgCacheEntry> entry;
-- nsCAutoString spec;
- imgCacheTable &cache = GetCache(uri);
--
-- uri->GetSpec(spec);
- *_retval = nullptr;
-
-- if (cache.Get(spec, getter_AddRefs(entry)) && entry) {
-- if (gCacheTracker && entry->HasNoProxies())
-- gCacheTracker->MarkUsed(entry);
-+ // We must traverse the whole cache in O(N) looking for the first
-+ // matching URI.
-+ //
-+ // TODO: For now, it's ok to pick at random here. The images should be
-+ // identical unless there is a cache-tracking attack. And even if they
-+ // are not identical due to attack, this code is only used for save
-+ // dialogs at this point, so no differentiating info is leaked to
-+ // content.
-+ nsTArray<nsRefPtr<imgCacheEntry> > entries;
-+ cache.Enumerate(EnumAllEntries, &entries);
-+
-+ for (uint32_t i = 0; i < entries.Length(); ++i) {
-+ bool isEqual = false;
-
-- nsRefPtr<imgRequest> request = getter_AddRefs(entry->GetRequest());
-+ nsRefPtr<imgRequest> request = getter_AddRefs(entries[i]->GetRequest());
- if (request) {
-- *_retval = request->Properties();
-- NS_ADDREF(*_retval);
-+ request->mURI->Equals(uri, &isEqual);
-+ if (isEqual) {
-+ if (gCacheTracker && entries[i]->HasNoProxies())
-+ gCacheTracker->MarkUsed(entries[i]);
-+
-+ *_retval = request->Properties();
-+ NS_ADDREF(*_retval);
-+ }
- }
- }
-
-- return NS_OK;
-+ if (*_retval)
-+ return NS_OK;
-+
-+ return NS_ERROR_NOT_AVAILABLE;
- }
-
- void imgLoader::Shutdown()
-@@ -980,20 +1010,18 @@ void imgLoader::MinimizeCaches()
- EvictEntries(sChromeCacheQueue);
- }
-
--bool imgLoader::PutIntoCache(nsIURI *key, imgCacheEntry *entry)
-+bool imgLoader::PutIntoCache(nsCAutoString key,
-+ imgCacheEntry *entry)
- {
-- imgCacheTable &cache = GetCache(key);
--
-- nsCAutoString spec;
-- key->GetSpec(spec);
--
-- LOG_STATIC_FUNC_WITH_PARAM(gImgLog, "imgLoader::PutIntoCache", "uri", spec.get());
-+ LOG_STATIC_FUNC_WITH_PARAM(gImgLog, "imgLoader::PutIntoCache", "uri", key.get());
-+ imgCacheTable &cache = GetCache(entry->mRequest->mURI);
-+ imgCacheQueue &queue = GetCacheQueue(entry->mRequest->mURI);
-
- // Check to see if this request already exists in the cache and is being
- // loaded on a different thread. If so, don't allow this entry to be added to
- // the cache.
- nsRefPtr<imgCacheEntry> tmpCacheEntry;
-- if (cache.Get(spec, getter_AddRefs(tmpCacheEntry)) && tmpCacheEntry) {
-+ if (cache.Get(key, getter_AddRefs(tmpCacheEntry)) && tmpCacheEntry) {
- PR_LOG(gImgLog, PR_LOG_DEBUG,
- ("[this=%p] imgLoader::PutIntoCache -- Element already in the cache", nullptr));
- nsRefPtr<imgRequest> tmpRequest = getter_AddRefs(tmpCacheEntry->GetRequest());
-@@ -1003,13 +1031,13 @@ bool imgLoader::PutIntoCache(nsIURI *key, imgCacheEntry *entry)
- PR_LOG(gImgLog, PR_LOG_DEBUG,
- ("[this=%p] imgLoader::PutIntoCache -- Replacing cached element", nullptr));
-
-- RemoveFromCache(key);
-+ RemoveKeyFromCache(cache, queue, key);
- } else {
- PR_LOG(gImgLog, PR_LOG_DEBUG,
- ("[this=%p] imgLoader::PutIntoCache -- Element NOT already in the cache", nullptr));
- }
-
-- cache.Put(spec, entry);
-+ cache.Put(key, entry);
-
- // We can be called to resurrect an evicted entry.
- if (entry->Evicted())
-@@ -1024,7 +1052,6 @@ bool imgLoader::PutIntoCache(nsIURI *key, imgCacheEntry *entry)
- addrv = gCacheTracker->AddObject(entry);
-
- if (NS_SUCCEEDED(addrv)) {
-- imgCacheQueue &queue = GetCacheQueue(key);
- queue.Push(entry);
- }
- }
-@@ -1035,11 +1062,11 @@ bool imgLoader::PutIntoCache(nsIURI *key, imgCacheEntry *entry)
- return true;
- }
-
--bool imgLoader::SetHasNoProxies(nsIURI *key, imgCacheEntry *entry)
-+bool imgLoader::SetHasNoProxies(nsIURI *imgURI, imgCacheEntry *entry)
- {
- #if defined(PR_LOGGING)
- nsCAutoString spec;
-- key->GetSpec(spec);
-+ imgURI->GetSpec(spec);
-
- LOG_STATIC_FUNC_WITH_PARAM(gImgLog, "imgLoader::SetHasNoProxies", "uri", spec.get());
- #endif
-@@ -1047,7 +1074,7 @@ bool imgLoader::SetHasNoProxies(nsIURI *key, imgCacheEntry *entry)
- if (entry->Evicted())
- return false;
-
-- imgCacheQueue &queue = GetCacheQueue(key);
-+ imgCacheQueue &queue = GetCacheQueue(imgURI);
-
- nsresult addrv = NS_OK;
-
-@@ -1059,26 +1086,27 @@ bool imgLoader::SetHasNoProxies(nsIURI *key, imgCacheEntry *entry)
- entry->SetHasNoProxies(true);
- }
-
-- imgCacheTable &cache = GetCache(key);
-+ imgCacheTable &cache = GetCache(imgURI);
- CheckCacheLimits(cache, queue);
-
- return true;
- }
-
--bool imgLoader::SetHasProxies(nsIURI *key)
-+bool imgLoader::SetHasProxies(nsIURI *firstPartyURI, nsIURI *imgURI)
- {
- VerifyCacheSizes();
-
-- imgCacheTable &cache = GetCache(key);
-+ imgCacheTable &cache = GetCache(imgURI);
-
- nsCAutoString spec;
-- key->GetSpec(spec);
-+ imgURI->GetSpec(spec);
-
- LOG_STATIC_FUNC_WITH_PARAM(gImgLog, "imgLoader::SetHasProxies", "uri", spec.get());
-
-+ nsCAutoString key = GetCacheKey(firstPartyURI, imgURI);
- nsRefPtr<imgCacheEntry> entry;
-- if (cache.Get(spec, getter_AddRefs(entry)) && entry && entry->HasNoProxies()) {
-- imgCacheQueue &queue = GetCacheQueue(key);
-+ if (cache.Get(key, getter_AddRefs(entry)) && entry && entry->HasNoProxies()) {
-+ imgCacheQueue &queue = GetCacheQueue(imgURI);
- queue.Remove(entry);
-
- if (gCacheTracker)
-@@ -1130,7 +1158,7 @@ void imgLoader::CheckCacheLimits(imgCacheTable &cache, imgCacheQueue &queue)
-
- bool imgLoader::ValidateRequestWithNewChannel(imgRequest *request,
- nsIURI *aURI,
-- nsIURI *aInitialDocumentURI,
-+ nsIURI *aFirstPartyURI,
- nsIURI *aReferrerURI,
- nsILoadGroup *aLoadGroup,
- imgIDecoderObserver *aObserver,
-@@ -1182,7 +1210,7 @@ bool imgLoader::ValidateRequestWithNewChannel(imgRequest *request,
- rv = NewImageChannel(getter_AddRefs(newChannel),
- &forcePrincipalCheck,
- aURI,
-- aInitialDocumentURI,
-+ aFirstPartyURI,
- aReferrerURI,
- aLoadGroup,
- mAcceptHeader,
-@@ -1251,7 +1279,7 @@ bool imgLoader::ValidateRequestWithNewChannel(imgRequest *request,
-
- bool imgLoader::ValidateEntry(imgCacheEntry *aEntry,
- nsIURI *aURI,
-- nsIURI *aInitialDocumentURI,
-+ nsIURI *aFirstPartyURI,
- nsIURI *aReferrerURI,
- nsILoadGroup *aLoadGroup,
- imgIDecoderObserver *aObserver,
-@@ -1357,7 +1385,7 @@ bool imgLoader::ValidateEntry(imgCacheEntry *aEntry,
- if (validateRequest && aCanMakeNewChannel) {
- LOG_SCOPE(gImgLog, "imgLoader::ValidateRequest |cache hit| must validate");
-
-- return ValidateRequestWithNewChannel(request, aURI, aInitialDocumentURI,
-+ return ValidateRequestWithNewChannel(request, aURI, aFirstPartyURI,
- aReferrerURI, aLoadGroup, aObserver,
- aCX, aLoadFlags, aExistingRequest,
- aProxyRequest, aPolicy,
-@@ -1367,22 +1395,40 @@ bool imgLoader::ValidateEntry(imgCacheEntry *aEntry,
- return !validateRequest;
- }
-
--
--bool imgLoader::RemoveFromCache(nsIURI *aKey)
-+bool imgLoader::RemoveMatchingUrlsFromCache(nsIURI *aImgURI)
- {
-- if (!aKey) return false;
-+ if (!aImgURI) return false;
-
-- imgCacheTable &cache = GetCache(aKey);
-- imgCacheQueue &queue = GetCacheQueue(aKey);
-+ bool rv = true;
-+ imgCacheTable &cache = GetCache(aImgURI);
-
-- nsCAutoString spec;
-- aKey->GetSpec(spec);
-+ // We have to make a temporary, since RemoveFromCache removes the element
-+ // from the queue, invalidating iterators.
-+ nsTArray<nsRefPtr<imgCacheEntry> > entries;
-+ cache.Enumerate(EnumAllEntries, &entries);
-+
-+ for (uint32_t i = 0; i < entries.Length(); ++i) {
-+ bool isEqual = false;
-+
-+ entries[i]->mRequest->mURI->Equals(aImgURI, &isEqual);
-+ if (isEqual && !RemoveFromCache(entries[i]))
-+ rv = false;
-+ }
-+
-+ return rv;
-+}
-+
-+bool imgLoader::RemoveKeyFromCache(imgCacheTable &cache,
-+ imgCacheQueue &queue,
-+ nsCAutoString key)
-+{
-+ if (key.IsEmpty()) return false;
-
-- LOG_STATIC_FUNC_WITH_PARAM(gImgLog, "imgLoader::RemoveFromCache", "uri", spec.get());
-+ LOG_STATIC_FUNC_WITH_PARAM(gImgLog, "imgLoader::RemoveKeyFromCache", "uri", key.get());
-
- nsRefPtr<imgCacheEntry> entry;
-- if (cache.Get(spec, getter_AddRefs(entry)) && entry) {
-- cache.Remove(spec);
-+ if (cache.Get(key, getter_AddRefs(entry)) && entry) {
-+ cache.Remove(key);
-
- NS_ABORT_IF_FALSE(!entry->Evicted(), "Evicting an already-evicted cache entry!");
-
-@@ -1410,12 +1456,13 @@ bool imgLoader::RemoveFromCache(imgCacheEntry *entry)
-
- nsRefPtr<imgRequest> request(getter_AddRefs(entry->GetRequest()));
- if (request) {
-- nsCOMPtr<nsIURI> key;
-- if (NS_SUCCEEDED(request->GetURI(getter_AddRefs(key))) && key) {
-- imgCacheTable &cache = GetCache(key);
-- imgCacheQueue &queue = GetCacheQueue(key);
-- nsCAutoString spec;
-- key->GetSpec(spec);
-+ nsCOMPtr<nsIURI> imgURI = request->mURI;
-+ nsCOMPtr<nsIURI> firstPartyURI = request->mFirstPartyURI;
-+
-+ if (imgURI) {
-+ imgCacheTable &cache = GetCache(imgURI);
-+ imgCacheQueue &queue = GetCacheQueue(imgURI);
-+ nsCAutoString spec = GetCacheKey(firstPartyURI, imgURI);
-
- LOG_STATIC_FUNC_WITH_PARAM(gImgLog, "imgLoader::RemoveFromCache", "entry's uri", spec.get());
-
-@@ -1438,32 +1485,21 @@ bool imgLoader::RemoveFromCache(imgCacheEntry *entry)
- return false;
- }
-
--static PLDHashOperator EnumEvictEntries(const nsACString&,
-- nsRefPtr<imgCacheEntry> &aData,
-- void *data)
--{
-- nsTArray<nsRefPtr<imgCacheEntry> > *entries =
-- reinterpret_cast<nsTArray<nsRefPtr<imgCacheEntry> > *>(data);
--
-- entries->AppendElement(aData);
--
-- return PL_DHASH_NEXT;
--}
--
- nsresult imgLoader::EvictEntries(imgCacheTable &aCacheToClear)
- {
-+ nsresult rv = NS_OK;
- LOG_STATIC_FUNC(gImgLog, "imgLoader::EvictEntries table");
-
- // We have to make a temporary, since RemoveFromCache removes the element
- // from the queue, invalidating iterators.
- nsTArray<nsRefPtr<imgCacheEntry> > entries;
-- aCacheToClear.Enumerate(EnumEvictEntries, &entries);
-+ aCacheToClear.Enumerate(EnumAllEntries, &entries);
-
- for (uint32_t i = 0; i < entries.Length(); ++i)
- if (!RemoveFromCache(entries[i]))
-- return NS_ERROR_FAILURE;
-+ rv = NS_ERROR_FAILURE;
-
-- return NS_OK;
-+ return rv;
- }
-
- nsresult imgLoader::EvictEntries(imgCacheQueue &aQueueToClear)
-@@ -1490,11 +1526,10 @@ nsresult imgLoader::EvictEntries(imgCacheQueue &aQueueToClear)
- nsIRequest::VALIDATE_NEVER | \
- nsIRequest::VALIDATE_ONCE_PER_SESSION)
-
--
--/* imgIRequest loadImage (in nsIURI aURI, in nsIURI initialDocumentURI, in nsIPrincipal loadingPrincipal, in nsILoadGroup aLoadGroup, in imgIDecoderObserver aObserver, in nsISupports aCX, in nsLoadFlags aLoadFlags, in nsISupports cacheKey, in imgIRequest aRequest); */
-+/* imgIRequest loadImage (in nsIURI aURI, in nsIURI aUrlBarURI, in nsIPrincipal loadingPrincipal, in nsILoadGroup aLoadGroup, in imgIDecoderObserver aObserver, in nsISupports aCX, in nsLoadFlags aLoadFlags, in nsISupports cacheKey, in imgIRequest aRequest); */
-
- NS_IMETHODIMP imgLoader::LoadImage(nsIURI *aURI,
-- nsIURI *aInitialDocumentURI,
-+ nsIURI *aFirstPartyURI,
- nsIURI *aReferrerURI,
- nsIPrincipal* aLoadingPrincipal,
- nsILoadGroup *aLoadGroup,
-@@ -1513,8 +1548,8 @@ NS_IMETHODIMP imgLoader::LoadImage(nsIURI *aURI,
- if (!aURI)
- return NS_ERROR_NULL_POINTER;
-
-- nsCAutoString spec;
-- aURI->GetSpec(spec);
-+ nsCAutoString spec = GetCacheKey(aFirstPartyURI, aURI);
-+
- LOG_SCOPE_WITH_PARAM(gImgLog, "imgLoader::LoadImage", "aURI", spec.get());
-
- *_retval = nullptr;
-@@ -1566,7 +1601,7 @@ NS_IMETHODIMP imgLoader::LoadImage(nsIURI *aURI,
- imgCacheTable &cache = GetCache(aURI);
-
- if (cache.Get(spec, getter_AddRefs(entry)) && entry) {
-- if (ValidateEntry(entry, aURI, aInitialDocumentURI, aReferrerURI,
-+ if (ValidateEntry(entry, aURI, aFirstPartyURI, aReferrerURI,
- aLoadGroup, aObserver, aCX, requestFlags, true,
- aRequest, _retval, aPolicy, aLoadingPrincipal, corsmode)) {
- request = getter_AddRefs(entry->GetRequest());
-@@ -1605,7 +1640,7 @@ NS_IMETHODIMP imgLoader::LoadImage(nsIURI *aURI,
- rv = NewImageChannel(getter_AddRefs(newChannel),
- &forcePrincipalCheck,
- aURI,
-- aInitialDocumentURI,
-+ aFirstPartyURI,
- aReferrerURI,
- aLoadGroup,
- mAcceptHeader,
-@@ -1627,8 +1662,8 @@ NS_IMETHODIMP imgLoader::LoadImage(nsIURI *aURI,
- do_CreateInstance(NS_LOADGROUP_CONTRACTID);
- newChannel->SetLoadGroup(loadGroup);
-
-- request->Init(aURI, aURI, loadGroup, newChannel, entry, aCX,
-- aLoadingPrincipal, corsmode);
-+ request->Init(aURI, aURI, aFirstPartyURI, loadGroup, newChannel, entry,
-+ aCX, aLoadingPrincipal, corsmode);
-
- // Pass the inner window ID of the loading document, if possible.
- nsCOMPtr<nsIDocument> doc = do_QueryInterface(aCX);
-@@ -1676,7 +1711,7 @@ NS_IMETHODIMP imgLoader::LoadImage(nsIURI *aURI,
- }
-
- // Try to add the new request into the cache.
-- PutIntoCache(aURI, entry);
-+ PutIntoCache(spec, entry);
- } else {
- LOG_MSG_WITH_PARAM(gImgLog,
- "imgLoader::LoadImage |cache hit|", "request", request);
-@@ -1736,6 +1771,49 @@ NS_IMETHODIMP imgLoader::LoadImage(nsIURI *aURI,
- return NS_OK;
- }
-
-+nsCAutoString imgLoader::GetCacheKey(nsIURI *firstPartyURI, nsIURI *imgURI)
-+{
-+ NS_ASSERTION(imgURI, "imgLoader::GetCacheKey -- NULL imgURI");
-+
-+ nsCAutoString spec, hostKey;
-+ if (imgURI)
-+ imgURI->GetSpec(spec);
-+
-+#if 0
-+ bool isChrome = false;
-+ if (imgURI)
-+ imgURI->SchemeIs("chrome", &isChrome);
-+ if (isChrome)
-+ return spec; // No partitioning needed for chrome; just use a simple key.
-+#endif
-+
-+ // FIXME: Should we use mozIThirdPartyUtil to get a domain from this?
-+ if (firstPartyURI)
-+ firstPartyURI->GetHost(hostKey);
-+ else {
-+ hostKey = "--NoFirstParty--";
-+ nsCOMPtr<nsIConsoleService> consoleSvc =
-+ do_GetService(NS_CONSOLESERVICE_CONTRACTID);
-+ if (consoleSvc) {
-+ nsAutoString msg(NS_LITERAL_STRING(
-+ "imgLoader::GetCacheKey: NULL firstPartyURI for ")
-+ .get());
-+ msg.AppendASCII(spec.get());
-+ consoleSvc->LogStringMessage(msg.get());
-+ }
-+
-+#ifdef DEBUG
-+ printf("imgLoader::GetCacheKey: NULL firstPartyURI for %s\n", spec.get());
-+#endif
-+ }
-+
-+ // Make a new key using host
-+ // FIXME: This might involve a couple more copies than necessary..
-+ // But man, 18 string types? Who knows which one I need to use to do
-+ // this cheaply..
-+ return hostKey + nsCAutoString("&") + spec;
-+}
-+
- /* imgIRequest loadImageWithChannel(in nsIChannel channel, in imgIDecoderObserver aObserver, in nsISupports cx, out nsIStreamListener); */
- NS_IMETHODIMP imgLoader::LoadImageWithChannel(nsIChannel *channel, imgIDecoderObserver *aObserver, nsISupports *aCX, nsIStreamListener **listener, imgIRequest **_retval)
- {
-@@ -1746,22 +1824,27 @@ NS_IMETHODIMP imgLoader::LoadImageWithChannel(nsIChannel *channel, imgIDecoderOb
- nsCOMPtr<nsIURI> uri;
- channel->GetURI(getter_AddRefs(uri));
-
-+ nsCOMPtr<nsIURI> firstPartyURI;
-+ nsCOMPtr<mozIThirdPartyUtil> thirdPartySvc
-+ = do_GetService(THIRDPARTYUTIL_CONTRACTID);
-+ thirdPartySvc->GetFirstPartyURI(channel, nullptr,
-+ getter_AddRefs(firstPartyURI));
-+
- nsLoadFlags requestFlags = nsIRequest::LOAD_NORMAL;
- channel->GetLoadFlags(&requestFlags);
-
- nsRefPtr<imgCacheEntry> entry;
-+ imgCacheTable &cache = GetCache(uri);
-+ nsCAutoString spec = GetCacheKey(firstPartyURI, uri);
-
- if (requestFlags & nsIRequest::LOAD_BYPASS_CACHE) {
-- RemoveFromCache(uri);
-+ imgCacheQueue &queue = GetCacheQueue(uri);
-+ RemoveKeyFromCache(cache, queue, spec);
- } else {
- // Look in the cache for our URI, and then validate it.
- // XXX For now ignore aCacheKey. We will need it in the future
- // for correctly dealing with image load requests that are a result
- // of post data.
-- imgCacheTable &cache = GetCache(uri);
-- nsCAutoString spec;
--
-- uri->GetSpec(spec);
-
- if (cache.Get(spec, getter_AddRefs(entry)) && entry) {
- // We don't want to kick off another network load. So we ask
-@@ -1833,7 +1916,7 @@ NS_IMETHODIMP imgLoader::LoadImageWithChannel(nsIChannel *channel, imgIDecoderOb
- channel->GetOriginalURI(getter_AddRefs(originalURI));
-
- // No principal specified here, because we're not passed one.
-- request->Init(originalURI, uri, channel, channel, entry,
-+ request->Init(originalURI, uri, firstPartyURI, channel, channel, entry,
- aCX, nullptr, imgIRequest::CORS_NONE);
-
- ProxyListener *pl = new ProxyListener(static_cast<nsIStreamListener *>(request.get()));
-@@ -1845,7 +1928,7 @@ NS_IMETHODIMP imgLoader::LoadImageWithChannel(nsIChannel *channel, imgIDecoderOb
- NS_RELEASE(pl);
-
- // Try to add the new request into the cache.
-- PutIntoCache(originalURI, entry);
-+ PutIntoCache(GetCacheKey(firstPartyURI, originalURI), entry);
-
- rv = CreateNewProxyForRequest(request, loadGroup, aObserver,
- requestFlags, nullptr, _retval);
-@@ -2132,6 +2215,7 @@ NS_IMETHODIMP imgCacheValidator::OnStartRequest(nsIRequest *aRequest, nsISupport
-
- int32_t corsmode = mRequest->GetCORSMode();
- nsCOMPtr<nsIPrincipal> loadingPrincipal = mRequest->GetLoadingPrincipal();
-+ nsCOMPtr<nsIURI> firstPartyURI = mRequest->mFirstPartyURI;
-
- // Doom the old request's cache entry
- mRequest->RemoveFromCache();
-@@ -2142,16 +2226,16 @@ NS_IMETHODIMP imgCacheValidator::OnStartRequest(nsIRequest *aRequest, nsISupport
- // We use originalURI here to fulfil the imgIRequest contract on GetURI.
- nsCOMPtr<nsIURI> originalURI;
- channel->GetOriginalURI(getter_AddRefs(originalURI));
-- mNewRequest->Init(originalURI, uri, aRequest, channel, mNewEntry,
-- mContext, loadingPrincipal,
-- corsmode);
-+ mNewRequest->Init(originalURI, uri, firstPartyURI, aRequest, channel,
-+ mNewEntry, mContext, loadingPrincipal, corsmode);
-
- mDestListener = new ProxyListener(mNewRequest);
-
- // Try to add the new request into the cache. Note that the entry must be in
- // the cache before the proxies' ownership changes, because adding a proxy
- // changes the caching behaviour for imgRequests.
-- sImgLoader.PutIntoCache(originalURI, mNewEntry);
-+ sImgLoader.PutIntoCache(imgLoader::GetCacheKey(firstPartyURI, originalURI),
-+ mNewEntry);
-
- uint32_t count = mProxies.Count();
- for (int32_t i = count-1; i>=0; i--) {
-diff --git a/image/src/imgLoader.h b/image/src/imgLoader.h
-index 64d3563..c275d83 100644
---- a/image/src/imgLoader.h
-+++ b/image/src/imgLoader.h
-@@ -227,10 +227,11 @@ public:
-
- static nsresult InitCache();
-
-- static bool RemoveFromCache(nsIURI *aKey);
-+ static nsCAutoString GetCacheKey(nsIURI *firstPartyURI,
-+ nsIURI *imgURI);
- static bool RemoveFromCache(imgCacheEntry *entry);
--
-- static bool PutIntoCache(nsIURI *key, imgCacheEntry *entry);
-+ static bool PutIntoCache(nsCAutoString key, imgCacheEntry *entry);
-+ static bool RemoveMatchingUrlsFromCache(nsIURI *aKey);
-
- // Returns true if we should prefer evicting cache entry |two| over cache
- // entry |one|.
-@@ -269,14 +270,14 @@ public:
- // HasObservers(). The request's cache entry will be re-set before this
- // happens, by calling imgRequest::SetCacheEntry() when an entry with no
- // observers is re-requested.
-- static bool SetHasNoProxies(nsIURI *key, imgCacheEntry *entry);
-- static bool SetHasProxies(nsIURI *key);
-+ static bool SetHasProxies(nsIURI *firstPartyURI, nsIURI *imgURI);
-+ static bool SetHasNoProxies(nsIURI *imgURI, imgCacheEntry *entry);
-
- private: // methods
-
-
-- bool ValidateEntry(imgCacheEntry *aEntry, nsIURI *aKey,
-- nsIURI *aInitialDocumentURI, nsIURI *aReferrerURI,
-+ bool ValidateEntry(imgCacheEntry *aEntry, nsIURI *aURI,
-+ nsIURI *aFirstPartyURI, nsIURI *aReferrerURI,
- nsILoadGroup *aLoadGroup,
- imgIDecoderObserver *aObserver, nsISupports *aCX,
- nsLoadFlags aLoadFlags, bool aCanMakeNewChannel,
-@@ -315,9 +316,14 @@ private: // methods
- static void CacheEntriesChanged(nsIURI *aURI, int32_t sizediff = 0);
- static void CheckCacheLimits(imgCacheTable &cache, imgCacheQueue &queue);
-
-+ static bool RemoveKeyFromCache(imgCacheTable &cache,
-+ imgCacheQueue &queue,
-+ nsCAutoString key);
-+
- private: // data
- friend class imgCacheEntry;
- friend class imgMemoryReporter;
-+ friend class imgRequest;
-
- static imgCacheTable sCache;
- static imgCacheQueue sCacheQueue;
-diff --git a/image/src/imgRequest.cpp b/image/src/imgRequest.cpp
-index e89e05a..71afe2c 100644
---- a/image/src/imgRequest.cpp
-+++ b/image/src/imgRequest.cpp
-@@ -103,6 +103,7 @@ imgRequest::~imgRequest()
-
- nsresult imgRequest::Init(nsIURI *aURI,
- nsIURI *aCurrentURI,
-+ nsIURI *aFirstPartyURI,
- nsIRequest *aRequest,
- nsIChannel *aChannel,
- imgCacheEntry *aCacheEntry,
-@@ -124,6 +125,7 @@ nsresult imgRequest::Init(nsIURI *aURI,
-
- mURI = aURI;
- mCurrentURI = aCurrentURI;
-+ mFirstPartyURI = aFirstPartyURI;
- mRequest = aRequest;
- mChannel = aChannel;
- mTimedChannel = do_QueryInterface(mChannel);
-@@ -178,7 +180,7 @@ nsresult imgRequest::AddProxy(imgRequestProxy *proxy)
- // proxies.
- if (mObservers.IsEmpty()) {
- NS_ABORT_IF_FALSE(mURI, "Trying to SetHasProxies without key uri.");
-- imgLoader::SetHasProxies(mURI);
-+ imgLoader::SetHasProxies(mFirstPartyURI, mURI);
- }
-
- // If we don't have any current observers, we should restart any animation.
-@@ -329,8 +331,11 @@ void imgRequest::RemoveFromCache()
- // mCacheEntry is nulled out when we have no more observers.
- if (mCacheEntry)
- imgLoader::RemoveFromCache(mCacheEntry);
-- else
-- imgLoader::RemoveFromCache(mURI);
-+ else {
-+ imgLoader::RemoveKeyFromCache(imgLoader::GetCache(mURI),
-+ imgLoader::GetCacheQueue(mURI),
-+ imgLoader::GetCacheKey(mFirstPartyURI, mURI));
-+ }
- }
-
- mCacheEntry = nullptr;
-diff --git a/image/src/imgRequest.h b/image/src/imgRequest.h
-index 424631b..7e1180f 100644
---- a/image/src/imgRequest.h
-+++ b/image/src/imgRequest.h
-@@ -57,6 +57,7 @@ public:
-
- nsresult Init(nsIURI *aURI,
- nsIURI *aCurrentURI,
-+ nsIURI *aFirstPartyURI,
- nsIRequest *aRequest,
- nsIChannel *aChannel,
- imgCacheEntry *aCacheEntry,
-@@ -189,6 +190,8 @@ private:
- nsCOMPtr<nsIURI> mURI;
- // The URI of the resource we ended up loading after all redirects, etc.
- nsCOMPtr<nsIURI> mCurrentURI;
-+ // The first party that triggered the load -- for cookie + cache isolation
-+ nsCOMPtr<nsIURI> mFirstPartyURI;
- // The principal of the document which loaded this image. Used when validating for CORS.
- nsCOMPtr<nsIPrincipal> mLoadingPrincipal;
- // The principal of this image.
-diff --git a/layout/generic/nsImageFrame.cpp b/layout/generic/nsImageFrame.cpp
-index 748107d..3ecb1e9 100644
---- a/layout/generic/nsImageFrame.cpp
-+++ b/layout/generic/nsImageFrame.cpp
-@@ -63,6 +63,7 @@
- #include "nsError.h"
- #include "nsBidiUtils.h"
- #include "nsBidiPresUtils.h"
-+#include "mozIThirdPartyUtil.h"
-
- #include "gfxRect.h"
- #include "ImageLayers.h"
-@@ -1777,6 +1778,7 @@ nsImageFrame::LoadIcon(const nsAString& aSpec,
- {
- nsresult rv = NS_OK;
- NS_PRECONDITION(!aSpec.IsEmpty(), "What happened??");
-+ NS_PRECONDITION(aPresContext, "NULL PresContext");
-
- if (!sIOService) {
- rv = CallGetService(NS_IOSERVICE_CONTRACTID, &sIOService);
-@@ -1794,9 +1796,17 @@ nsImageFrame::LoadIcon(const nsAString& aSpec,
-
- // For icon loads, we don't need to merge with the loadgroup flags
- nsLoadFlags loadFlags = nsIRequest::LOAD_NORMAL;
--
-+
-+ nsCOMPtr<nsIURI> firstPartyURI;
-+ nsCOMPtr<mozIThirdPartyUtil> thirdPartySvc
-+ = do_GetService(THIRDPARTYUTIL_CONTRACTID);
-+ // XXX: Should we pass the loadgroup, too? Is document ever likely
-+ // to be unset?
-+ thirdPartySvc->GetFirstPartyURI(nullptr, aPresContext->Document(),
-+ getter_AddRefs(firstPartyURI));
-+
- return il->LoadImage(realURI, /* icon URI */
-- nullptr, /* initial document URI; this is only
-+ firstPartyURI, /* initial document URI; this is only
- relevant for cookies, so does not
- apply to icons. */
- nullptr, /* referrer (not relevant for icons) */
-diff --git a/netwerk/cookie/nsICookiePermission.idl b/netwerk/cookie/nsICookiePermission.idl
-index 379695c..7ad3f3b 100644
---- a/netwerk/cookie/nsICookiePermission.idl
-+++ b/netwerk/cookie/nsICookiePermission.idl
-@@ -7,6 +7,7 @@
- interface nsICookie2;
- interface nsIURI;
- interface nsIChannel;
-+interface nsIDocument;
-
- typedef long nsCookieAccess;
-
-diff --git a/toolkit/system/gnome/nsAlertsIconListener.cpp b/toolkit/system/gnome/nsAlertsIconListener.cpp
-index bfc43d1..37e93c3 100644
---- a/toolkit/system/gnome/nsAlertsIconListener.cpp
-+++ b/toolkit/system/gnome/nsAlertsIconListener.cpp
-@@ -261,7 +261,8 @@ nsAlertsIconListener::StartRequest(const nsAString & aImageUrl)
- if (!il)
- return ShowAlert(NULL);
-
-- return il->LoadImage(imageUri, nullptr, nullptr, nullptr, nullptr, this,
-+ // XXX: Hrmm.... Bypass cache, or isolate to imageUrl?
-+ return il->LoadImage(imageUri, imageUri, nullptr, nullptr, nullptr, this,
- nullptr, nsIRequest::LOAD_NORMAL, nullptr, nullptr,
- nullptr, getter_AddRefs(mIconRequest));
- }
-diff --git a/widget/cocoa/nsMenuItemIconX.mm b/widget/cocoa/nsMenuItemIconX.mm
-index e0c07c4..368df5f 100644
---- a/widget/cocoa/nsMenuItemIconX.mm
-+++ b/widget/cocoa/nsMenuItemIconX.mm
-@@ -29,6 +29,7 @@
- #include "gfxImageSurface.h"
- #include "imgIContainer.h"
- #include "nsCocoaUtils.h"
-+#include "mozIThirdPartyUtil.h"
-
- static const uint32_t kIconWidth = 16;
- static const uint32_t kIconHeight = 16;
-@@ -304,9 +305,15 @@ nsMenuItemIconX::LoadIcon(nsIURI* aIconURI)
- [mNativeMenuItem setImage:sPlaceholderIconImage];
- }
-
-+ nsCOMPtr<nsIURI> firstPartyURI;
-+ nsCOMPtr<mozIThirdPartyUtil> thirdPartySvc
-+ = do_GetService(THIRDPARTYUTIL_CONTRACTID);
-+ thirdPartySvc->GetFirstPartyURI(nullptr, document,
-+ getter_AddRefs(firstPartyURI));
-+
- // Passing in null for channelPolicy here since nsMenuItemIconX::LoadIcon is
- // not exposed to web content
-- rv = loader->LoadImage(aIconURI, nullptr, nullptr, nullptr, loadGroup, this,
-+ rv = loader->LoadImage(aIconURI, firstPartyURI, nullptr, nullptr, loadGroup, this,
- nullptr, nsIRequest::LOAD_NORMAL, nullptr, nullptr,
- nullptr, getter_AddRefs(mIconRequest));
- if (NS_FAILED(rv)) return rv;
---
-1.7.9.5
-
diff --git a/src/current-patches/firefox/0025-nsIHTTPChannel.redirectTo-API.patch b/src/current-patches/firefox/0025-nsIHTTPChannel.redirectTo-API.patch
deleted file mode 100644
index dfcf8ba..0000000
--- a/src/current-patches/firefox/0025-nsIHTTPChannel.redirectTo-API.patch
+++ /dev/null
@@ -1,474 +0,0 @@
-From 27633d970ddfa360c553aaf3e8697354309f0839 Mon Sep 17 00:00:00 2001
-From: Mike Perry <mikeperry-git@xxxxxxxxxxxxxx>
-Date: Mon, 14 Jan 2013 19:36:14 -0800
-Subject: [PATCH 25/27] nsIHTTPChannel.redirectTo API.
-
-Provides an API for HTTPS-Everywhere to perform redirects to https
-in a more secure and reliable way.
----
- netwerk/protocol/http/HttpBaseChannel.cpp | 13 +++++
- netwerk/protocol/http/HttpBaseChannel.h | 10 ++++
- netwerk/protocol/http/HttpChannelChild.cpp | 34 ++++++++----
- netwerk/protocol/http/HttpChannelParent.cpp | 12 ++++-
- netwerk/protocol/http/HttpChannelParent.h | 4 +-
- netwerk/protocol/http/PHttpChannel.ipdl | 4 +-
- netwerk/protocol/http/nsHttpChannel.cpp | 57 ++++++++++++++++---
- netwerk/protocol/http/nsHttpChannel.h | 8 ++-
- netwerk/protocol/http/nsIHttpChannel.idl | 14 +++++-
- .../protocol/viewsource/nsViewSourceChannel.cpp | 10 +++-
- 10 files changed, 139 insertions(+), 27 deletions(-)
-
-diff --git a/netwerk/protocol/http/HttpBaseChannel.cpp b/netwerk/protocol/http/HttpBaseChannel.cpp
-index ec58de6..2926428 100644
---- a/netwerk/protocol/http/HttpBaseChannel.cpp
-+++ b/netwerk/protocol/http/HttpBaseChannel.cpp
-@@ -37,6 +37,7 @@ HttpBaseChannel::HttpBaseChannel()
- , mIsPending(false)
- , mWasOpened(false)
- , mResponseHeadersModified(false)
-+ , mRequestObserversCalled(false)
- , mAllowPipelining(true)
- , mForceAllowThirdPartyCookie(false)
- , mUploadStreamHasHeaders(false)
-@@ -1119,6 +1120,18 @@ HttpBaseChannel::GetRequestSucceeded(bool *aValue)
- return NS_OK;
- }
-
-+NS_IMETHODIMP
-+HttpBaseChannel::RedirectTo(nsIURI *newURI)
-+{
-+ // We can only redirect unopened channels
-+ ENSURE_CALLED_BEFORE_ASYNC_OPEN();
-+
-+ // The redirect is stored internally for use in AsyncOpen
-+ mAPIRedirectToURI = newURI;
-+
-+ return NS_OK;
-+}
-+
- //-----------------------------------------------------------------------------
- // HttpBaseChannel::nsIHttpChannelInternal
- //-----------------------------------------------------------------------------
-diff --git a/netwerk/protocol/http/HttpBaseChannel.h b/netwerk/protocol/http/HttpBaseChannel.h
-index 971958c..125734d 100644
---- a/netwerk/protocol/http/HttpBaseChannel.h
-+++ b/netwerk/protocol/http/HttpBaseChannel.h
-@@ -17,6 +17,7 @@
- #include "nsHttpConnectionInfo.h"
- #include "nsIEncodedChannel.h"
- #include "nsIHttpChannel.h"
-+#include "nsHttpHandler.h"
- #include "nsIHttpChannelInternal.h"
- #include "nsIUploadChannel.h"
- #include "nsIUploadChannel2.h"
-@@ -117,6 +118,7 @@ public:
- NS_IMETHOD GetResponseStatus(uint32_t *aValue);
- NS_IMETHOD GetResponseStatusText(nsACString& aValue);
- NS_IMETHOD GetRequestSucceeded(bool *aValue);
-+ NS_IMETHOD RedirectTo(nsIURI *newURI);
-
- // nsIHttpChannelInternal
- NS_IMETHOD GetDocumentURI(nsIURI **aDocumentURI);
-@@ -199,6 +201,12 @@ protected:
- nsIChannel *,
- bool preserveMethod);
-
-+ // bundle calling OMR observers and marking flag into one function
-+ inline void CallOnModifyRequestObservers() {
-+ gHttpHandler->OnModifyRequest(this);
-+ mRequestObserversCalled = true;
-+ }
-+
- // Helper function to simplify getting notification callbacks.
- template <class T>
- void GetCallback(nsCOMPtr<T> &aResult)
-@@ -252,6 +260,7 @@ protected:
- uint32_t mIsPending : 1;
- uint32_t mWasOpened : 1;
- uint32_t mResponseHeadersModified : 1;
-+ uint32_t mRequestObserversCalled : 1;
- uint32_t mAllowPipelining : 1;
- uint32_t mForceAllowThirdPartyCookie : 1;
- uint32_t mUploadStreamHasHeaders : 1;
-@@ -268,6 +277,7 @@ protected:
- // Current suspension depth for this channel object
- uint32_t mSuspendCount;
-
-+ nsCOMPtr<nsIURI> mAPIRedirectToURI;
- nsAutoPtr<nsTArray<nsCString> > mRedirectedCachekeys;
- };
-
-diff --git a/netwerk/protocol/http/HttpChannelChild.cpp b/netwerk/protocol/http/HttpChannelChild.cpp
-index 5d82f7e..35697be 100644
---- a/netwerk/protocol/http/HttpChannelChild.cpp
-+++ b/netwerk/protocol/http/HttpChannelChild.cpp
-@@ -854,6 +854,7 @@ HttpChannelChild::CompleteRedirectSetup(nsIStreamListener *listener,
- NS_IMETHODIMP
- HttpChannelChild::OnRedirectVerifyCallback(nsresult result)
- {
-+ OptionalURIParams redirectURI;
- nsCOMPtr<nsIHttpChannel> newHttpChannel =
- do_QueryInterface(mRedirectChannelChild);
-
-@@ -872,13 +873,25 @@ HttpChannelChild::OnRedirectVerifyCallback(nsresult result)
- newHttpChannelChild->GetClientSetRequestHeaders(&headerTuples);
- }
-
-- // After we verify redirect, nsHttpChannel may hit the network: must give
-- // "http-on-modify-request" observers the chance to cancel before that.
-- if (NS_SUCCEEDED(result))
-- gHttpHandler->OnModifyRequest(newHttpChannel);
--
-- if (mIPCOpen)
-- SendRedirect2Verify(result, *headerTuples);
-+ if (NS_SUCCEEDED(result)) {
-+ // we know this is an HttpChannelChild
-+ HttpChannelChild* base =
-+ static_cast<HttpChannelChild*>(mRedirectChannelChild.get());
-+ // After we verify redirect, nsHttpChannel may hit the network: must give
-+ // "http-on-modify-request" observers the chance to cancel before that.
-+ base->CallOnModifyRequestObservers();
-+
-+ /* If there was an API redirect of this redirect, we need to send it
-+ * down here, since it can't get sent via SendAsyncOpen. */
-+ SerializeURI(base->mAPIRedirectToURI, redirectURI);
-+ } else {
-+ /* If the redirect was canceled, bypass OMR and send an empty API
-+ * redirect URI */
-+ SerializeURI(nullptr, redirectURI);
-+ }
-+
-+ if (mIPCOpen)
-+ SendRedirect2Verify(result, *headerTuples, redirectURI);
-
- return NS_OK;
- }
-@@ -985,7 +998,7 @@ HttpChannelChild::AsyncOpen(nsIStreamListener *listener, nsISupports *aContext)
- //
-
- // notify "http-on-modify-request" observers
-- gHttpHandler->OnModifyRequest(this);
-+ CallOnModifyRequestObservers();
-
- mIsPending = true;
- mWasOpened = true;
-@@ -1042,15 +1055,16 @@ HttpChannelChild::AsyncOpen(nsIStreamListener *listener, nsISupports *aContext)
- URIParams uri;
- SerializeURI(mURI, uri);
-
-- OptionalURIParams originalURI, documentURI, referrer;
-+ OptionalURIParams originalURI, documentURI, referrer, redirectURI;
- SerializeURI(mOriginalURI, originalURI);
- SerializeURI(mDocumentURI, documentURI);
- SerializeURI(mReferrer, referrer);
-+ SerializeURI(mAPIRedirectToURI, redirectURI);
-
- OptionalInputStreamParams uploadStream;
- SerializeInputStream(mUploadStream, uploadStream);
-
-- SendAsyncOpen(uri, originalURI, documentURI, referrer, mLoadFlags,
-+ SendAsyncOpen(uri, originalURI, documentURI, referrer, redirectURI, mLoadFlags,
- mClientSetRequestHeaders, mRequestHead.Method(), uploadStream,
- mUploadStreamHasHeaders, mPriority, mRedirectionLimit,
- mAllowPipelining, mForceAllowThirdPartyCookie, mSendResumeAt,
-diff --git a/netwerk/protocol/http/HttpChannelParent.cpp b/netwerk/protocol/http/HttpChannelParent.cpp
-index 0a9ccc4..d01f162 100644
---- a/netwerk/protocol/http/HttpChannelParent.cpp
-+++ b/netwerk/protocol/http/HttpChannelParent.cpp
-@@ -110,6 +110,7 @@ HttpChannelParent::RecvAsyncOpen(const URIParams& aURI,
- const OptionalURIParams& aOriginalURI,
- const OptionalURIParams& aDocURI,
- const OptionalURIParams& aReferrerURI,
-+ const OptionalURIParams& aAPIRedirectToURI,
- const uint32_t& loadFlags,
- const RequestHeaderTuples& requestHeaders,
- const nsHttpAtom& requestMethod,
-@@ -131,6 +132,7 @@ HttpChannelParent::RecvAsyncOpen(const URIParams& aURI,
- nsCOMPtr<nsIURI> originalUri = DeserializeURI(aOriginalURI);
- nsCOMPtr<nsIURI> docUri = DeserializeURI(aDocURI);
- nsCOMPtr<nsIURI> referrerUri = DeserializeURI(aReferrerURI);
-+ nsCOMPtr<nsIURI> apiRedirectToUri = DeserializeURI(aAPIRedirectToURI);
-
- nsCString uriSpec;
- uri->GetSpec(uriSpec);
-@@ -161,6 +163,8 @@ HttpChannelParent::RecvAsyncOpen(const URIParams& aURI,
- httpChan->SetDocumentURI(docUri);
- if (referrerUri)
- httpChan->SetReferrerInternal(referrerUri);
-+ if (apiRedirectToUri)
-+ httpChan->RedirectTo(apiRedirectToUri);
- if (loadFlags != nsIRequest::LOAD_NORMAL)
- httpChan->SetLoadFlags(loadFlags);
-
-@@ -315,13 +319,19 @@ HttpChannelParent::RecvUpdateAssociatedContentSecurity(const int32_t& high,
-
- bool
- HttpChannelParent::RecvRedirect2Verify(const nsresult& result,
-- const RequestHeaderTuples& changedHeaders)
-+ const RequestHeaderTuples& changedHeaders,
-+ const OptionalURIParams& aAPIRedirectURI)
- {
- if (NS_SUCCEEDED(result)) {
- nsCOMPtr<nsIHttpChannel> newHttpChannel =
- do_QueryInterface(mRedirectChannel);
-
- if (newHttpChannel) {
-+ nsCOMPtr<nsIURI> apiRedirectUri = DeserializeURI(aAPIRedirectURI);
-+
-+ if (apiRedirectUri)
-+ newHttpChannel->RedirectTo(apiRedirectUri);
-+
- for (uint32_t i = 0; i < changedHeaders.Length(); i++) {
- newHttpChannel->SetRequestHeader(changedHeaders[i].mHeader,
- changedHeaders[i].mValue,
-diff --git a/netwerk/protocol/http/HttpChannelParent.h b/netwerk/protocol/http/HttpChannelParent.h
-index e869d63..96f3f3c 100644
---- a/netwerk/protocol/http/HttpChannelParent.h
-+++ b/netwerk/protocol/http/HttpChannelParent.h
-@@ -47,6 +47,7 @@ protected:
- const OptionalURIParams& originalUri,
- const OptionalURIParams& docUri,
- const OptionalURIParams& referrerUri,
-+ const OptionalURIParams& internalRedirectUri,
- const uint32_t& loadFlags,
- const RequestHeaderTuples& requestHeaders,
- const nsHttpAtom& requestMethod,
-@@ -71,7 +72,8 @@ protected:
- virtual bool RecvResume();
- virtual bool RecvCancel(const nsresult& status);
- virtual bool RecvRedirect2Verify(const nsresult& result,
-- const RequestHeaderTuples& changedHeaders);
-+ const RequestHeaderTuples& changedHeaders,
-+ const OptionalURIParams& apiRedirectUri);
- virtual bool RecvUpdateAssociatedContentSecurity(const int32_t& high,
- const int32_t& low,
- const int32_t& broken,
-diff --git a/netwerk/protocol/http/PHttpChannel.ipdl b/netwerk/protocol/http/PHttpChannel.ipdl
-index c13c969..e16afd6 100644
---- a/netwerk/protocol/http/PHttpChannel.ipdl
-+++ b/netwerk/protocol/http/PHttpChannel.ipdl
-@@ -37,6 +37,7 @@ parent:
- OptionalURIParams original,
- OptionalURIParams doc,
- OptionalURIParams referrer,
-+ OptionalURIParams apiRedirectTo,
- uint32_t loadFlags,
- RequestHeaderTuples requestHeaders,
- nsHttpAtom requestMethod,
-@@ -72,7 +73,8 @@ parent:
- Cancel(nsresult status);
-
- // Reports approval/veto of redirect by child process redirect observers
-- Redirect2Verify(nsresult result, RequestHeaderTuples changedHeaders);
-+ Redirect2Verify(nsresult result, RequestHeaderTuples changedHeaders,
-+ OptionalURIParams apiRedirectTo);
-
- // For document loads we keep this protocol open after child's
- // OnStopRequest, and send this msg (instead of __delete__) to allow
-diff --git a/netwerk/protocol/http/nsHttpChannel.cpp b/netwerk/protocol/http/nsHttpChannel.cpp
-index 6242ddc..bcfa0c9 100644
---- a/netwerk/protocol/http/nsHttpChannel.cpp
-+++ b/netwerk/protocol/http/nsHttpChannel.cpp
-@@ -1584,18 +1584,17 @@ nsHttpChannel::HandleAsyncRedirectChannelToHttps()
- return;
- }
-
-- nsresult rv = AsyncRedirectChannelToHttps();
-+ nsresult rv = StartRedirectChannelToHttps();
- if (NS_FAILED(rv))
-- ContinueAsyncRedirectChannelToHttps(rv);
-+ ContinueAsyncRedirectChannelToURI(rv);
- }
-
- nsresult
--nsHttpChannel::AsyncRedirectChannelToHttps()
-+nsHttpChannel::StartRedirectChannelToHttps()
- {
- nsresult rv = NS_OK;
- LOG(("nsHttpChannel::HandleAsyncRedirectChannelToHttps() [STS]\n"));
-
-- nsCOMPtr<nsIChannel> newChannel;
- nsCOMPtr<nsIURI> upgradedURI;
-
- rv = mURI->Clone(getter_AddRefs(upgradedURI));
-@@ -1617,6 +1616,36 @@ nsHttpChannel::AsyncRedirectChannelToHttps()
- else
- upgradedURI->SetPort(oldPort);
-
-+ return StartRedirectChannelToURI(upgradedURI);
-+}
-+
-+void
-+nsHttpChannel::HandleAsyncAPIRedirect()
-+{
-+ NS_PRECONDITION(!mCallOnResume, "How did that happen?");
-+ NS_PRECONDITION(mAPIRedirectToURI, "How did that happen?");
-+
-+ if (mSuspendCount) {
-+ LOG(("Waiting until resume to do async API redirect [this=%p]\n", this));
-+ mCallOnResume = &nsHttpChannel::HandleAsyncAPIRedirect;
-+ return;
-+ }
-+
-+ nsresult rv = StartRedirectChannelToURI(mAPIRedirectToURI);
-+ if (NS_FAILED(rv))
-+ ContinueAsyncRedirectChannelToURI(rv);
-+
-+ return;
-+}
-+
-+nsresult
-+nsHttpChannel::StartRedirectChannelToURI(nsIURI *upgradedURI)
-+{
-+ nsresult rv = NS_OK;
-+ LOG(("nsHttpChannel::StartRedirectChannelToURI()\n"));
-+
-+ nsCOMPtr<nsIChannel> newChannel;
-+
- nsCOMPtr<nsIIOService> ioService;
- rv = gHttpHandler->GetIOService(getter_AddRefs(ioService));
- NS_ENSURE_SUCCESS(rv, rv);
-@@ -1632,7 +1661,7 @@ nsHttpChannel::AsyncRedirectChannelToHttps()
- uint32_t flags = nsIChannelEventSink::REDIRECT_PERMANENT;
-
- PushRedirectAsyncFunc(
-- &nsHttpChannel::ContinueAsyncRedirectChannelToHttps);
-+ &nsHttpChannel::ContinueAsyncRedirectChannelToURI);
- rv = gHttpHandler->AsyncOnChannelRedirect(this, newChannel, flags);
-
- if (NS_SUCCEEDED(rv))
-@@ -1640,15 +1669,19 @@ nsHttpChannel::AsyncRedirectChannelToHttps()
-
- if (NS_FAILED(rv)) {
- AutoRedirectVetoNotifier notifier(this);
-+
-+ /* Remove the async call to ContinueAsyncRedirectChannelToURI().
-+ * It is called directly by our callers upon return (to clean up
-+ * the failed redirect). */
- PopRedirectAsyncFunc(
-- &nsHttpChannel::ContinueAsyncRedirectChannelToHttps);
-+ &nsHttpChannel::ContinueAsyncRedirectChannelToURI);
- }
-
- return rv;
- }
-
- nsresult
--nsHttpChannel::ContinueAsyncRedirectChannelToHttps(nsresult rv)
-+nsHttpChannel::ContinueAsyncRedirectChannelToURI(nsresult rv)
- {
- AutoRedirectVetoNotifier notifier(this);
-
-@@ -4399,7 +4432,7 @@ nsHttpChannel::AsyncOpen(nsIStreamListener *listener, nsISupports *context)
- mAuthProvider->AddAuthorizationHeaders();
-
- // notify "http-on-modify-request" observers
-- gHttpHandler->OnModifyRequest(this);
-+ CallOnModifyRequestObservers();
-
- // Adjust mCaps according to our request headers:
- // - If "Connection: close" is set as a request header, then do not bother
-@@ -4431,6 +4464,12 @@ nsHttpChannel::AsyncOpen(nsIStreamListener *listener, nsISupports *context)
- if (mLoadGroup)
- mLoadGroup->AddRequest(this, nullptr);
-
-+ // Check to see if we should redirect this channel elsewhere by
-+ // nsIHttpChannel.redirectTo API request
-+ if (mAPIRedirectToURI) {
-+ return AsyncCall(&nsHttpChannel::HandleAsyncAPIRedirect);
-+ }
-+
- // Collect mAsyncOpenTime after we have called all obsrevers like
- // "http-on-modify-request" and load group observers that may set
- // mTimingEnabled flag.
-@@ -5561,7 +5600,7 @@ nsHttpChannel::DoAuthRetry(nsAHttpConnection *conn)
- AddCookiesToRequest();
-
- // notify "http-on-modify-request" observers
-- gHttpHandler->OnModifyRequest(this);
-+ CallOnModifyRequestObservers();
-
- mIsPending = true;
-
-diff --git a/netwerk/protocol/http/nsHttpChannel.h b/netwerk/protocol/http/nsHttpChannel.h
-index b1f0848..a05e70d 100644
---- a/netwerk/protocol/http/nsHttpChannel.h
-+++ b/netwerk/protocol/http/nsHttpChannel.h
-@@ -174,12 +174,14 @@ private:
-
- // redirection specific methods
- void HandleAsyncRedirect();
-+ void HandleAsyncAPIRedirect();
- nsresult ContinueHandleAsyncRedirect(nsresult);
- void HandleAsyncNotModified();
- void HandleAsyncFallback();
- nsresult ContinueHandleAsyncFallback(nsresult);
- nsresult PromptTempRedirect();
-- virtual nsresult SetupReplacementChannel(nsIURI *, nsIChannel *, bool preserveMethod);
-+ nsresult StartRedirectChannelToURI(nsIURI *);
-+ virtual nsresult SetupReplacementChannel(nsIURI *, nsIChannel *, bool preserveMethod);
-
- // proxy specific methods
- nsresult ProxyFailover();
-@@ -236,8 +238,8 @@ private:
- nsresult DoAuthRetry(nsAHttpConnection *);
-
- void HandleAsyncRedirectChannelToHttps();
-- nsresult AsyncRedirectChannelToHttps();
-- nsresult ContinueAsyncRedirectChannelToHttps(nsresult rv);
-+ nsresult StartRedirectChannelToHttps();
-+ nsresult ContinueAsyncRedirectChannelToURI(nsresult rv);
-
- /**
- * A function that takes care of reading STS headers and enforcing STS
-diff --git a/netwerk/protocol/http/nsIHttpChannel.idl b/netwerk/protocol/http/nsIHttpChannel.idl
-index c541df1..7037f95 100644
---- a/netwerk/protocol/http/nsIHttpChannel.idl
-+++ b/netwerk/protocol/http/nsIHttpChannel.idl
-@@ -14,7 +14,7 @@ interface nsIHttpHeaderVisitor;
- * the inspection of the resulting HTTP response status and headers when they
- * become available.
- */
--[scriptable, uuid(9277fe09-f0cc-4cd9-bbce-581dd94b0260)]
-+[scriptable, uuid(a01362a0-5c45-11e2-bcfd-0800200c9a66)]
- interface nsIHttpChannel : nsIChannel
- {
- /**************************************************************************
-@@ -257,4 +257,16 @@ interface nsIHttpChannel : nsIChannel
- * has been received (before onStartRequest).
- */
- boolean isNoCacheResponse();
-+
-+ /**
-+ * Instructs the channel to immediately redirect to a new destination.
-+ * Can only be called on channels not yet opened.
-+ *
-+ * This method provides no explicit conflict resolution. The last
-+ * caller to call it wins.
-+ *
-+ * @throws NS_ERROR_ALREADY_OPENED if called after the channel
-+ * has been opened.
-+ */
-+ void redirectTo(in nsIURI aNewURI);
- };
-diff --git a/netwerk/protocol/viewsource/nsViewSourceChannel.cpp b/netwerk/protocol/viewsource/nsViewSourceChannel.cpp
-index 643ed0e..c63c2a5 100644
---- a/netwerk/protocol/viewsource/nsViewSourceChannel.cpp
-+++ b/netwerk/protocol/viewsource/nsViewSourceChannel.cpp
-@@ -671,4 +671,12 @@ nsViewSourceChannel::IsNoCacheResponse(bool *_retval)
- {
- return !mHttpChannel ? NS_ERROR_NULL_POINTER :
- mHttpChannel->IsNoCacheResponse(_retval);
--}
-+}
-+
-+NS_IMETHODIMP
-+nsViewSourceChannel::RedirectTo(nsIURI *uri)
-+{
-+ return !mHttpChannel ? NS_ERROR_NULL_POINTER :
-+ mHttpChannel->RedirectTo(uri);
-+}
-+
---
-1.7.5.4
-
diff --git a/src/current-patches/firefox/0026-Isolate-DOM-storage-to-first-party-URI.patch b/src/current-patches/firefox/0026-Isolate-DOM-storage-to-first-party-URI.patch
deleted file mode 100644
index 6a08d8b..0000000
--- a/src/current-patches/firefox/0026-Isolate-DOM-storage-to-first-party-URI.patch
+++ /dev/null
@@ -1,776 +0,0 @@
-From caf469aa331ab9d92cc83b378cf554f087625dc8 Mon Sep 17 00:00:00 2001
-From: Kathleen Brade <brade@xxxxxxxxxxxxxxxxx>
-Date: Thu, 28 Feb 2013 18:02:34 -0800
-Subject: [PATCH 26/27] Isolate DOM storage to first party URI
-
-Also prevents DOM storage from writing to disk (hardcoded).
----
- docshell/base/nsDocShell.cpp | 78 ++++++++++++++++++-
- docshell/base/nsDocShell.h | 6 +-
- docshell/base/nsIDocShell.idl | 33 ++++++++-
- dom/base/nsGlobalWindow.cpp | 13 +++-
- dom/interfaces/storage/nsIDOMStorageManager.idl | 11 +++-
- dom/interfaces/storage/nsPIDOMStorage.h | 8 +-
- dom/src/storage/StorageChild.cpp | 6 +-
- dom/src/storage/StorageChild.h | 3 +-
- dom/src/storage/nsDOMStorage.cpp | 44 ++++++++---
- dom/src/storage/nsDOMStorage.h | 14 +++-
- dom/src/storage/nsDOMStorageDBWrapper.cpp | 41 ++++++++---
- dom/src/storage/nsDOMStorageDBWrapper.h | 14 ++-
- dom/src/storage/nsDOMStorageMemoryDB.cpp | 21 +++++-
- dom/src/storage/nsDOMStoragePersistentDB.cpp | 8 ++-
- .../windowwatcher/src/nsWindowWatcher.cpp | 5 +-
- 15 files changed, 255 insertions(+), 50 deletions(-)
-
-diff --git a/docshell/base/nsDocShell.cpp b/docshell/base/nsDocShell.cpp
-index 0d56d9e..0726c07 100644
---- a/docshell/base/nsDocShell.cpp
-+++ b/docshell/base/nsDocShell.cpp
-@@ -184,6 +184,7 @@
- #include "nsIChannelPolicy.h"
- #include "nsIContentSecurityPolicy.h"
- #include "nsSandboxFlags.h"
-+#include "mozIThirdPartyUtil.h"
-
- #include "nsXULAppAPI.h"
-
-@@ -2395,6 +2396,17 @@ nsDocShell::GetSessionStorageForPrincipal(nsIPrincipal* aPrincipal,
- bool aCreate,
- nsIDOMStorage** aStorage)
- {
-+ return GetSessionStorageForFirstParty(nullptr, aPrincipal, aDocumentURI,
-+ aCreate, aStorage);
-+}
-+
-+NS_IMETHODIMP
-+nsDocShell::GetSessionStorageForFirstParty(nsIURI *aFirstPartyURI,
-+ nsIPrincipal* aPrincipal,
-+ const nsAString& aDocumentURI,
-+ bool aCreate,
-+ nsIDOMStorage** aStorage)
-+{
- NS_ENSURE_ARG_POINTER(aStorage);
- *aStorage = nullptr;
-
-@@ -2426,7 +2438,11 @@ nsDocShell::GetSessionStorageForPrincipal(nsIPrincipal* aPrincipal,
- if (origin.IsEmpty())
- return NS_OK;
-
-- if (!mStorages.Get(origin, aStorage) && aCreate) {
-+ nsXPIDLCString key;
-+ rv = GetSessionStorageKey(aFirstPartyURI, origin, key);
-+ NS_ENSURE_SUCCESS(rv, rv);
-+
-+ if (!mStorages.Get(key, aStorage) && aCreate) {
- nsCOMPtr<nsIDOMStorage> newstorage =
- do_CreateInstance("@mozilla.org/dom/storage;2");
- if (!newstorage)
-@@ -2440,7 +2456,7 @@ nsDocShell::GetSessionStorageForPrincipal(nsIPrincipal* aPrincipal,
- if (NS_FAILED(rv))
- return rv;
-
-- mStorages.Put(origin, newstorage);
-+ mStorages.Put(key, newstorage);
-
- newstorage.swap(*aStorage);
- #if defined(PR_LOGGING) && defined(DEBUG)
-@@ -2454,7 +2470,7 @@ nsDocShell::GetSessionStorageForPrincipal(nsIPrincipal* aPrincipal,
- if (piStorage) {
- nsCOMPtr<nsIPrincipal> storagePrincipal = piStorage->Principal();
-
-- // The origin string used to map items in the hash table is
-+ // The key string used to map items in the hash table is
- // an implicit security check. That check is double-confirmed
- // by checking the principal a storage was demanded for
- // really is the principal for which that storage was originally
-@@ -2513,6 +2529,14 @@ nsresult
- nsDocShell::AddSessionStorage(nsIPrincipal* aPrincipal,
- nsIDOMStorage* aStorage)
- {
-+ return AddSessionStorageForFirstParty(nullptr, aPrincipal, aStorage);
-+}
-+
-+nsresult
-+nsDocShell::AddSessionStorageForFirstParty(nsIURI* aFirstPartyURI,
-+ nsIPrincipal* aPrincipal,
-+ nsIDOMStorage* aStorage)
-+{
- NS_ENSURE_ARG_POINTER(aStorage);
-
- if (!aPrincipal)
-@@ -2534,8 +2558,12 @@ nsDocShell::AddSessionStorage(nsIPrincipal* aPrincipal,
- if (origin.IsEmpty())
- return NS_ERROR_FAILURE;
-
-+ nsXPIDLCString key;
-+ rv = GetSessionStorageKey(aFirstPartyURI, origin, key);
-+ NS_ENSURE_SUCCESS(rv, rv);
-+
- // Do not replace an existing session storage.
-- if (mStorages.GetWeak(origin))
-+ if (mStorages.GetWeak(key))
- return NS_ERROR_NOT_AVAILABLE;
-
- #if defined(PR_LOGGING) && defined(DEBUG)
-@@ -2543,7 +2571,7 @@ nsDocShell::AddSessionStorage(nsIPrincipal* aPrincipal,
- ("nsDocShell[%p]: was added a sessionStorage %p",
- this, aStorage));
- #endif
-- mStorages.Put(origin, aStorage);
-+ mStorages.Put(key, aStorage);
- }
- else {
- return topDocShell->AddSessionStorage(aPrincipal, aStorage);
-@@ -2568,6 +2596,10 @@ CloneSessionStorages(nsCStringHashKey::KeyType aKey, nsIDOMStorage* aStorage,
- return PL_DHASH_NEXT;
- }
-
-+// CloneSessionStoragesTo() copies all session storage data from aDocShell to
-+// this doc shell. It does not check if that is an appropriate thing to do,
-+// e.g., by verifying that the first party URIs are the same. For now that is
-+// okay because no Firefox code uses this method.
- NS_IMETHODIMP
- nsDocShell::CloneSessionStoragesTo(nsIDocShell* aDocShell)
- {
-@@ -12411,3 +12443,39 @@ nsDocShell::HasUnloadedParent()
- }
- return false;
- }
-+
-+nsresult
-+nsDocShell::GetSessionStorageKey(nsIURI *aFirstPartyURI,
-+ nsXPIDLCString& aOrigin,
-+ nsXPIDLCString& aResult)
-+{
-+ aResult.Truncate();
-+
-+ if (!aOrigin)
-+ return NS_ERROR_FAILURE;
-+
-+ aResult.Append(aOrigin);
-+
-+ nsCOMPtr<nsIURI> firstPartyURI = aFirstPartyURI;
-+ if (!firstPartyURI) {
-+ nsCOMPtr<mozIThirdPartyUtil> thirdPartyUtil =
-+ do_GetService(THIRDPARTYUTIL_CONTRACTID);
-+ if (!thirdPartyUtil)
-+ return NS_ERROR_FAILURE;
-+
-+ nsCOMPtr<nsIDocument> doc(do_GetInterface(GetAsSupports(this)));
-+ nsresult rv = thirdPartyUtil->GetFirstPartyURI(nullptr, doc,
-+ getter_AddRefs(firstPartyURI));
-+ NS_ENSURE_SUCCESS(rv, rv);
-+ }
-+
-+ nsCAutoString host;
-+ nsresult rv = firstPartyURI->GetHost(host);
-+ if (NS_SUCCEEDED(rv) && (host.Length() > 0)) {
-+ aResult.AppendLiteral("&");
-+ aResult.Append(host);
-+ }
-+
-+ return NS_OK;
-+}
-+
-diff --git a/docshell/base/nsDocShell.h b/docshell/base/nsDocShell.h
-index 427630a..4bcd341 100644
---- a/docshell/base/nsDocShell.h
-+++ b/docshell/base/nsDocShell.h
-@@ -681,7 +681,7 @@ protected:
-
- bool HasUnloadedParent();
-
-- // hash of session storages, keyed by domain
-+ // hash of session storages, keyed by domain&firstPartyHost
- nsInterfaceHashtable<nsCStringHashKey, nsIDOMStorage> mStorages;
-
- // Dimensions of the docshell
-@@ -848,6 +848,10 @@ private:
- static unsigned long gNumberOfDocShells;
- #endif /* DEBUG */
-
-+ nsresult GetSessionStorageKey(nsIURI *aFirstPartyURI,
-+ nsXPIDLCString& aOrigin,
-+ nsXPIDLCString& aResult);
-+
- public:
- class InterfaceRequestorProxy : public nsIInterfaceRequestor {
- public:
-diff --git a/docshell/base/nsIDocShell.idl b/docshell/base/nsIDocShell.idl
-index 986f4b4..4f26a04 100644
---- a/docshell/base/nsIDocShell.idl
-+++ b/docshell/base/nsIDocShell.idl
-@@ -39,7 +39,7 @@ interface nsIWebBrowserPrint;
- interface nsIVariant;
- interface nsIPrivacyTransitionObserver;
-
--[scriptable, builtinclass, uuid(9b283337-097d-4fa8-a2da-916318eaf828)]
-+[scriptable, builtinclass, uuid(5289f25a-1175-4b01-bc56-b1628ef097b9)]
- interface nsIDocShell : nsISupports
- {
- /**
-@@ -416,6 +416,24 @@ interface nsIDocShell : nsISupports
- in boolean create);
-
- /*
-+ * A variant of getSessionStorageForPrincipal that is used when cloning
-+ * session storage during creation of new windows/tabs (the first party URI
-+ * of the new window/tab must be used to generate the key that is used to
-+ * access the session data).
-+ *
-+ * @param firstPartyURI the URL bar URI
-+ * @param principal returns a storage for this principal
-+ * @param documentURI new storage will be created with reference to this
-+ * document.documentURI that will appear in storage event
-+ * @param create If true and a session storage object doesn't
-+ * already exist, a new one will be created.
-+ */
-+ nsIDOMStorage getSessionStorageForFirstParty(in nsIURI firstPartyURI,
-+ in nsIPrincipal principal,
-+ in DOMString documentURI,
-+ in boolean create);
-+
-+ /*
- * Add a WebApps session storage object to the docshell.
- *
- * @param principal the principal the storage object is associated with
-@@ -423,6 +441,19 @@ interface nsIDocShell : nsISupports
- */
- void addSessionStorage(in nsIPrincipal principal, in nsIDOMStorage storage);
-
-+ /*
-+ * A variant of addSessionStorage that is used when cloning session storage
-+ * during creation of new windows/tabs (the cloning must occur before the
-+ * document load begins).
-+ *
-+ * @param firstPartyURI the URL bar URI
-+ * @param principal the principal the storage object is associated with
-+ * @param storage the storage object to add
-+ */
-+ void addSessionStorageForFirstParty(in nsIURI firstPartyURI,
-+ in nsIPrincipal principal,
-+ in nsIDOMStorage storage);
-+
- /**
- * Clones all session storage objects and attaches them to the given docshell.
- * Useful when duplicating tabs and their states.
-diff --git a/dom/base/nsGlobalWindow.cpp b/dom/base/nsGlobalWindow.cpp
-index 48bd71d..1e16c03 100644
---- a/dom/base/nsGlobalWindow.cpp
-+++ b/dom/base/nsGlobalWindow.cpp
-@@ -8385,7 +8385,18 @@ nsGlobalWindow::GetLocalStorage(nsIDOMStorage ** aLocalStorage)
- nsIDocShell* docShell = GetDocShell();
- nsCOMPtr<nsILoadContext> loadContext = do_QueryInterface(docShell);
-
-- rv = storageManager->GetLocalStorageForPrincipal(principal,
-+ nsCOMPtr<mozIThirdPartyUtil> thirdPartyUtil =
-+ do_GetService(THIRDPARTYUTIL_CONTRACTID);
-+ if (!thirdPartyUtil)
-+ return NS_ERROR_FAILURE;
-+
-+ nsCOMPtr<nsIURI> firstPartyURI;
-+ nsCOMPtr<nsIDocument> doc = do_QueryInterface(mDocument);
-+ rv = thirdPartyUtil->GetFirstPartyURI(NULL, doc,
-+ getter_AddRefs(firstPartyURI));
-+ NS_ENSURE_SUCCESS(rv, rv);
-+
-+ rv = storageManager->GetLocalStorageForFirstParty(firstPartyURI, principal,
- documentURI,
- loadContext && loadContext->UsePrivateBrowsing(),
- getter_AddRefs(mLocalStorage));
-diff --git a/dom/interfaces/storage/nsIDOMStorageManager.idl b/dom/interfaces/storage/nsIDOMStorageManager.idl
-index 94b8789..21bedf0 100644
---- a/dom/interfaces/storage/nsIDOMStorageManager.idl
-+++ b/dom/interfaces/storage/nsIDOMStorageManager.idl
-@@ -7,8 +7,9 @@
-
- interface nsIDOMStorage;
- interface nsIPrincipal;
-+interface nsIURI;
-
--[scriptable, uuid(1541da6c-a9fb-4a8f-af9d-4493c981491d)]
-+[scriptable, uuid(682edebf-7bbe-4b4b-b5f8-752cacfb2afa)]
- interface nsIDOMStorageManager : nsISupports
- {
- /**
-@@ -35,4 +36,12 @@ interface nsIDOMStorageManager : nsISupports
- nsIDOMStorage getLocalStorageForPrincipal(in nsIPrincipal aPrincipal,
- in DOMString aDocumentURI,
- [optional] in bool aPrivate);
-+
-+ /**
-+ * Returns instance of localStorage object.
-+ */
-+ nsIDOMStorage getLocalStorageForFirstParty(in nsIURI aFirstPartyURI,
-+ in nsIPrincipal aPrincipal,
-+ in DOMString aDocumentURI,
-+ [optional] in bool aPrivate);
- };
-diff --git a/dom/interfaces/storage/nsPIDOMStorage.h b/dom/interfaces/storage/nsPIDOMStorage.h
-index fabb5cc..9f8de6b 100644
---- a/dom/interfaces/storage/nsPIDOMStorage.h
-+++ b/dom/interfaces/storage/nsPIDOMStorage.h
-@@ -15,8 +15,8 @@ class nsIURI;
- class nsIPrincipal;
-
- #define NS_PIDOMSTORAGE_IID \
--{ 0x86dfe3c4, 0x4286, 0x4648, \
-- { 0xb2, 0x09, 0x55, 0x27, 0x50, 0x59, 0x26, 0xac } }
-+{ 0x0db5e488, 0x08f4, 0x4155, \
-+ { 0x81, 0x9b, 0x2b, 0x5a, 0x44, 0xaa, 0xa2, 0x45 } }
-
- class nsPIDOMStorage : public nsISupports
- {
-@@ -31,7 +31,9 @@ public:
-
- virtual nsresult InitAsSessionStorage(nsIPrincipal *aPrincipal, const nsSubstring &aDocumentURI,
- bool aPrivate) = 0;
-- virtual nsresult InitAsLocalStorage(nsIPrincipal *aPrincipal, const nsSubstring &aDocumentURI,
-+ virtual nsresult InitAsLocalStorage(nsIURI *aFirstPartyURI,
-+ nsIPrincipal *aPrincipal,
-+ const nsSubstring &aDocumentURI,
- bool aPrivate) = 0;
-
- virtual already_AddRefed<nsIDOMStorage> Clone() = 0;
-diff --git a/dom/src/storage/StorageChild.cpp b/dom/src/storage/StorageChild.cpp
-index 6754fde..5d24973 100644
---- a/dom/src/storage/StorageChild.cpp
-+++ b/dom/src/storage/StorageChild.cpp
-@@ -95,9 +95,11 @@ StorageChild::InitAsSessionStorage(nsIURI* aDomainURI, bool aPrivate)
- }
-
- void
--StorageChild::InitAsLocalStorage(nsIURI* aDomainURI, bool aCanUseChromePersist, bool aPrivate)
-+StorageChild::InitAsLocalStorage(nsIURI* aFirstPartyURI, nsIURI* aDomainURI,
-+ bool aCanUseChromePersist, bool aPrivate)
- {
-- DOMStorageBase::InitAsLocalStorage(aDomainURI, aCanUseChromePersist, aPrivate);
-+ DOMStorageBase::InitAsLocalStorage(aFirstPartyURI, aDomainURI,
-+ aCanUseChromePersist, aPrivate);
- InitRemote();
- }
-
-diff --git a/dom/src/storage/StorageChild.h b/dom/src/storage/StorageChild.h
-index 297f093..81ddabe 100644
---- a/dom/src/storage/StorageChild.h
-+++ b/dom/src/storage/StorageChild.h
-@@ -27,7 +27,8 @@ public:
- StorageChild(nsDOMStorage* aOwner, StorageChild& aOther);
-
- virtual void InitAsSessionStorage(nsIURI* aDomainURI, bool aPrivate);
-- virtual void InitAsLocalStorage(nsIURI* aDomainURI, bool aCanUseChromePersist, bool aPrivate);
-+ virtual void InitAsLocalStorage(nsIURI* aFirstPartyURI, nsIURI* aDomainURI,
-+ bool aCanUseChromePersist, bool aPrivate);
-
- virtual bool CacheStoragePermissions();
-
-diff --git a/dom/src/storage/nsDOMStorage.cpp b/dom/src/storage/nsDOMStorage.cpp
-index 2dd0fbc..23e8739 100644
---- a/dom/src/storage/nsDOMStorage.cpp
-+++ b/dom/src/storage/nsDOMStorage.cpp
-@@ -496,6 +496,17 @@ nsDOMStorageManager::GetLocalStorageForPrincipal(nsIPrincipal *aPrincipal,
- bool aPrivate,
- nsIDOMStorage **aResult)
- {
-+ return GetLocalStorageForFirstParty(nullptr, aPrincipal, aDocumentURI,
-+ aPrivate, aResult);
-+}
-+
-+NS_IMETHODIMP
-+nsDOMStorageManager::GetLocalStorageForFirstParty(nsIURI *aFirstPartyURI,
-+ nsIPrincipal *aPrincipal,
-+ const nsSubstring &aDocumentURI,
-+ bool aPrivate,
-+ nsIDOMStorage **aResult)
-+{
- NS_ENSURE_ARG_POINTER(aPrincipal);
- *aResult = nullptr;
-
-@@ -505,7 +516,8 @@ nsDOMStorageManager::GetLocalStorageForPrincipal(nsIPrincipal *aPrincipal,
- if (!storage)
- return NS_ERROR_OUT_OF_MEMORY;
-
-- rv = storage->InitAsLocalStorage(aPrincipal, aDocumentURI, aPrivate);
-+ rv = storage->InitAsLocalStorage(aFirstPartyURI, aPrincipal, aDocumentURI,
-+ aPrivate);
- if (NS_FAILED(rv))
- return rv;
-
-@@ -622,7 +634,8 @@ DOMStorageBase::InitAsSessionStorage(nsIURI* aDomainURI, bool aPrivate)
- }
-
- void
--DOMStorageBase::InitAsLocalStorage(nsIURI* aDomainURI,
-+DOMStorageBase::InitAsLocalStorage(nsIURI* aFirstPartyURI,
-+ nsIURI* aDomainURI,
- bool aCanUseChromePersist,
- bool aPrivate)
- {
-@@ -634,7 +647,8 @@ DOMStorageBase::InitAsLocalStorage(nsIURI* aDomainURI,
- // mPrincipal in bug 455070. It is not even used for localStorage.
- aDomainURI->GetAsciiHost(mDomain);
-
-- nsDOMStorageDBWrapper::CreateOriginScopeDBKey(aDomainURI, mScopeDBKey);
-+ nsDOMStorageDBWrapper::CreateOriginScopeDBKey(aFirstPartyURI, aDomainURI,
-+ mScopeDBKey);
-
- // XXX Bug 357323, we have to solve the issue how to define
- // origin for file URLs. In that case CreateOriginScopeDBKey
-@@ -642,9 +656,9 @@ DOMStorageBase::InitAsLocalStorage(nsIURI* aDomainURI,
- // in that case because it produces broken entries w/o owner.
- mUseDB = !mScopeDBKey.IsEmpty();
-
-- nsDOMStorageDBWrapper::CreateQuotaDomainDBKey(mDomain,
-+ nsDOMStorageDBWrapper::CreateQuotaDomainDBKey(aFirstPartyURI, mDomain,
- true, false, mQuotaDomainDBKey);
-- nsDOMStorageDBWrapper::CreateQuotaDomainDBKey(mDomain,
-+ nsDOMStorageDBWrapper::CreateQuotaDomainDBKey(aFirstPartyURI, mDomain,
- true, true, mQuotaETLDplus1DomainDBKey);
- mCanUseChromePersist = aCanUseChromePersist;
- mStorageType = nsPIDOMStorage::LocalStorage;
-@@ -763,11 +777,13 @@ DOMStorageImpl::InitAsSessionStorage(nsIURI* aDomainURI, bool aPrivate)
- }
-
- void
--DOMStorageImpl::InitAsLocalStorage(nsIURI* aDomainURI,
-+DOMStorageImpl::InitAsLocalStorage(nsIURI *aFirstPartyURI,
-+ nsIURI* aDomainURI,
- bool aCanUseChromePersist,
- bool aPrivate)
- {
-- DOMStorageBase::InitAsLocalStorage(aDomainURI, aCanUseChromePersist, aPrivate);
-+ DOMStorageBase::InitAsLocalStorage(aFirstPartyURI, aDomainURI,
-+ aCanUseChromePersist, aPrivate);
- }
-
- bool
-@@ -1352,7 +1368,9 @@ nsDOMStorage::InitAsSessionStorage(nsIPrincipal *aPrincipal, const nsSubstring &
- }
-
- nsresult
--nsDOMStorage::InitAsLocalStorage(nsIPrincipal *aPrincipal, const nsSubstring &aDocumentURI,
-+nsDOMStorage::InitAsLocalStorage(nsIURI *aFirstPartyURI,
-+ nsIPrincipal *aPrincipal,
-+ const nsSubstring &aDocumentURI,
- bool aPrivate)
- {
- nsCOMPtr<nsIURI> domainURI;
-@@ -1370,7 +1388,8 @@ nsDOMStorage::InitAsLocalStorage(nsIPrincipal *aPrincipal, const nsSubstring &aD
- canUseChromePersist = URICanUseChromePersist(URI);
- }
-
-- mStorageImpl->InitAsLocalStorage(domainURI, canUseChromePersist, aPrivate);
-+ mStorageImpl->InitAsLocalStorage(aFirstPartyURI, domainURI,
-+ canUseChromePersist, aPrivate);
- return NS_OK;
- }
-
-@@ -1782,7 +1801,9 @@ nsDOMStorage2::InitAsSessionStorage(nsIPrincipal *aPrincipal, const nsSubstring
- }
-
- nsresult
--nsDOMStorage2::InitAsLocalStorage(nsIPrincipal *aPrincipal, const nsSubstring &aDocumentURI,
-+nsDOMStorage2::InitAsLocalStorage(nsIURI *aFirstPartyURI,
-+ nsIPrincipal *aPrincipal,
-+ const nsSubstring &aDocumentURI,
- bool aPrivate)
- {
- mStorage = new nsDOMStorage();
-@@ -1792,7 +1813,8 @@ nsDOMStorage2::InitAsLocalStorage(nsIPrincipal *aPrincipal, const nsSubstring &a
- mPrincipal = aPrincipal;
- mDocumentURI = aDocumentURI;
-
-- return mStorage->InitAsLocalStorage(aPrincipal, aDocumentURI, aPrivate);
-+ return mStorage->InitAsLocalStorage(aFirstPartyURI, aPrincipal,
-+ aDocumentURI, aPrivate);
- }
-
- already_AddRefed<nsIDOMStorage>
-diff --git a/dom/src/storage/nsDOMStorage.h b/dom/src/storage/nsDOMStorage.h
-index 7add846..b795397 100644
---- a/dom/src/storage/nsDOMStorage.h
-+++ b/dom/src/storage/nsDOMStorage.h
-@@ -114,7 +114,8 @@ public:
- DOMStorageBase(DOMStorageBase&);
-
- virtual void InitAsSessionStorage(nsIURI* aDomainURI, bool aPrivate);
-- virtual void InitAsLocalStorage(nsIURI* aDomainURI, bool aCanUseChromePersist, bool aPrivate);
-+ virtual void InitAsLocalStorage(nsIURI* aFirstPartyURI, nsIURI* aDomainURI,
-+ bool aCanUseChromePersist, bool aPrivate);
-
- virtual nsTArray<nsString>* GetKeys(bool aCallerSecure) = 0;
- virtual nsresult GetLength(bool aCallerSecure, uint32_t* aLength) = 0;
-@@ -221,7 +222,8 @@ public:
- ~DOMStorageImpl();
-
- virtual void InitAsSessionStorage(nsIURI* aDomainURI, bool aPrivate);
-- virtual void InitAsLocalStorage(nsIURI* aDomainURI, bool aCanUseChromePersist, bool aPrivate);
-+ virtual void InitAsLocalStorage(nsIURI *aFirstPartyURI, nsIURI* aDomainURI,
-+ bool aCanUseChromePersist, bool aPrivate);
-
- bool SessionOnly() {
- return mSessionOnly;
-@@ -336,7 +338,9 @@ public:
- // nsPIDOMStorage
- virtual nsresult InitAsSessionStorage(nsIPrincipal *aPrincipal, const nsSubstring &aDocumentURI,
- bool aPrivate);
-- virtual nsresult InitAsLocalStorage(nsIPrincipal *aPrincipal, const nsSubstring &aDocumentURI,
-+ virtual nsresult InitAsLocalStorage(nsIURI *aFirstPartyURI,
-+ nsIPrincipal *aPrincipal,
-+ const nsSubstring &aDocumentURI,
- bool aPrivate);
- virtual already_AddRefed<nsIDOMStorage> Clone();
- virtual already_AddRefed<nsIDOMStorage> Fork(const nsSubstring &aDocumentURI);
-@@ -411,7 +415,9 @@ public:
- // nsPIDOMStorage
- virtual nsresult InitAsSessionStorage(nsIPrincipal *aPrincipal, const nsSubstring &aDocumentURI,
- bool aPrivate);
-- virtual nsresult InitAsLocalStorage(nsIPrincipal *aPrincipal, const nsSubstring &aDocumentURI,
-+ virtual nsresult InitAsLocalStorage(nsIURI *aFirstPartyURI,
-+ nsIPrincipal *aPrincipal,
-+ const nsSubstring &aDocumentURI,
- bool aPrivate);
- virtual already_AddRefed<nsIDOMStorage> Clone();
- virtual already_AddRefed<nsIDOMStorage> Fork(const nsSubstring &aDocumentURI);
-diff --git a/dom/src/storage/nsDOMStorageDBWrapper.cpp b/dom/src/storage/nsDOMStorageDBWrapper.cpp
-index bd2581b..048738a 100644
---- a/dom/src/storage/nsDOMStorageDBWrapper.cpp
-+++ b/dom/src/storage/nsDOMStorageDBWrapper.cpp
-@@ -47,7 +47,6 @@ nsDOMStorageDBWrapper::~nsDOMStorageDBWrapper()
- void
- nsDOMStorageDBWrapper::Close()
- {
-- mPersistentDB.Close();
- mChromePersistentDB.Close();
- }
-
-@@ -56,13 +55,13 @@ nsDOMStorageDBWrapper::Init()
- {
- nsresult rv;
-
-- rv = mPersistentDB.Init(NS_LITERAL_STRING("webappsstore.sqlite"));
-+ rv = mPersistentDB.Init();
- NS_ENSURE_SUCCESS(rv, rv);
-
- rv = mChromePersistentDB.Init(NS_LITERAL_STRING("chromeappsstore.sqlite"));
- NS_ENSURE_SUCCESS(rv, rv);
-
-- rv = mSessionOnlyDB.Init(&mPersistentDB);
-+ rv = mSessionOnlyDB.Init();
- NS_ENSURE_SUCCESS(rv, rv);
-
- rv = mPrivateBrowsingDB.Init();
-@@ -74,16 +73,14 @@ nsDOMStorageDBWrapper::Init()
- nsresult
- nsDOMStorageDBWrapper::FlushAndDeleteTemporaryTables(bool force)
- {
-- nsresult rv1, rv2;
-+ nsresult rv1;
- rv1 = mChromePersistentDB.FlushTemporaryTables(force);
-- rv2 = mPersistentDB.FlushTemporaryTables(force);
-
- // Everything flushed? Then no need for a timer.
-- if (!mChromePersistentDB.mTempTableLoads.Count() &&
-- !mPersistentDB.mTempTableLoads.Count())
-+ if (!mChromePersistentDB.mTempTableLoads.Count())
- StopTempTableFlushTimer();
-
-- return NS_FAILED(rv1) ? rv1 : rv2;
-+ return rv1;
- }
-
- #define IMPL_FORWARDER_GUTS(_return, _code) \
-@@ -243,7 +240,8 @@ nsDOMStorageDBWrapper::GetUsage(const nsACString& aDomain,
- }
-
- nsresult
--nsDOMStorageDBWrapper::CreateOriginScopeDBKey(nsIURI* aUri, nsACString& aKey)
-+nsDOMStorageDBWrapper::CreateOriginScopeDBKey(nsIURI *aFirstPartyURI,
-+ nsIURI* aUri, nsACString& aKey)
- {
- nsresult rv;
-
-@@ -264,6 +262,17 @@ nsDOMStorageDBWrapper::CreateOriginScopeDBKey(nsIURI* aUri, nsACString& aKey)
- aKey.Append(nsPrintfCString("%d", port));
- }
-
-+ // Isolate scope keys to the URL bar domain by appending &firstPartyHost
-+ // if available.
-+ if (aFirstPartyURI) {
-+ nsCAutoString host;
-+ rv = aFirstPartyURI->GetHost(host);
-+ if (NS_SUCCEEDED(rv) && (host.Length() > 0)) {
-+ aKey.AppendLiteral("&");
-+ aKey.Append(host);
-+ }
-+ }
-+
- return NS_OK;
- }
-
-@@ -317,7 +326,8 @@ nsDOMStorageDBWrapper::CreateDomainScopeDBKey(const nsACString& aAsciiDomain,
- }
-
- nsresult
--nsDOMStorageDBWrapper::CreateQuotaDomainDBKey(const nsACString& aAsciiDomain,
-+nsDOMStorageDBWrapper::CreateQuotaDomainDBKey(nsIURI *aFirstPartyURI,
-+ const nsACString& aAsciiDomain,
- bool aIncludeSubDomains,
- bool aEffectiveTLDplus1Only,
- nsACString& aKey)
-@@ -351,6 +361,17 @@ nsDOMStorageDBWrapper::CreateQuotaDomainDBKey(const nsACString& aAsciiDomain,
- if (!aIncludeSubDomains)
- subdomainsDBKey.AppendLiteral(":");
-
-+ // Isolate quota keys to the URL bar domain by appending &firstPartyHost
-+ // if available.
-+ if (aFirstPartyURI) {
-+ nsCAutoString host;
-+ rv = aFirstPartyURI->GetHost(host);
-+ if (NS_SUCCEEDED(rv) && (host.Length() > 0)) {
-+ subdomainsDBKey.AppendLiteral("&");
-+ subdomainsDBKey.Append(host);
-+ }
-+ }
-+
- aKey.Assign(subdomainsDBKey);
- return NS_OK;
- }
-diff --git a/dom/src/storage/nsDOMStorageDBWrapper.h b/dom/src/storage/nsDOMStorageDBWrapper.h
-index 94d28af..60a4f91 100644
---- a/dom/src/storage/nsDOMStorageDBWrapper.h
-+++ b/dom/src/storage/nsDOMStorageDBWrapper.h
-@@ -178,9 +178,11 @@ public:
- /**
- * Turns "http://foo.bar.com:80" to "moc.rab.oof.:http:80",
- * i.e. reverses the host, appends a dot, appends the schema
-- * and a port number.
-+ * and a port number. If aFirstPartyURI is present, the first party
-+ * host is appended, e.g., "moc.rab.oof.:http:80:example.com"
- */
-- static nsresult CreateOriginScopeDBKey(nsIURI* aUri, nsACString& aKey);
-+ static nsresult CreateOriginScopeDBKey(nsIURI *aFirstPartyURI,
-+ nsIURI* aUri, nsACString& aKey);
-
- /**
- * Turns "http://foo.bar.com" to "moc.rab.oof.",
-@@ -192,9 +194,11 @@ public:
- /**
- * Turns "foo.bar.com" to "moc.rab.",
- * i.e. extracts eTLD+1 from the host, reverses the result
-- * and appends a dot.
-+ * and appends a dot. If aFirstPartyURI is present, the first party
-+ * host is appended, e.g., "moc.rab.:example.com"
- */
-- static nsresult CreateQuotaDomainDBKey(const nsACString& aAsciiDomain,
-+ static nsresult CreateQuotaDomainDBKey(nsIURI *aFirstPartyURI,
-+ const nsACString& aAsciiDomain,
- bool aIncludeSubDomains, bool aETLDplus1Only,
- nsACString& aKey);
-
-@@ -222,7 +226,7 @@ public:
-
- protected:
- nsDOMStoragePersistentDB mChromePersistentDB;
-- nsDOMStoragePersistentDB mPersistentDB;
-+ nsDOMStorageMemoryDB mPersistentDB; // No longer an nsDOMStoragePersistentDB
- nsDOMStorageMemoryDB mSessionOnlyDB;
- nsDOMStorageMemoryDB mPrivateBrowsingDB;
-
-diff --git a/dom/src/storage/nsDOMStorageMemoryDB.cpp b/dom/src/storage/nsDOMStorageMemoryDB.cpp
-index 5cc2e5d..639f516 100644
---- a/dom/src/storage/nsDOMStorageMemoryDB.cpp
-+++ b/dom/src/storage/nsDOMStorageMemoryDB.cpp
-@@ -382,7 +382,12 @@ nsDOMStorageMemoryDB::GetUsage(const nsACString& aDomain,
- nsresult rv;
-
- nsCAutoString quotadomainDBKey;
-- rv = nsDOMStorageDBWrapper::CreateQuotaDomainDBKey(aDomain,
-+ // This GetUsage() call is only used to report usage totals in the
-+ // preferences and page info. UI, and only for sites that have been
-+ // granted "offline application" permission. Since we pass nullptr
-+ // for the firstPartURI, the usage total returned will not be
-+ // partitioned by first party, which is OK for the UI.
-+ rv = nsDOMStorageDBWrapper::CreateQuotaDomainDBKey(nullptr, aDomain,
- aIncludeSubDomains,
- false,
- quotadomainDBKey);
-@@ -395,6 +400,7 @@ struct GetUsageEnumStruc
- {
- int32_t mUsage;
- int32_t mExcludeOfflineFromUsage;
-+ nsCString mFirstPartyHostSuffix; // e.g., &example.com
- nsCString mSubdomain;
- };
-
-@@ -405,7 +411,9 @@ GetUsageEnum(const nsACString& key,
- {
- GetUsageEnumStruc* struc = (GetUsageEnumStruc*)closure;
-
-- if (StringBeginsWith(key, struc->mSubdomain)) {
-+ if (StringBeginsWith(key, struc->mSubdomain) &&
-+ ((0 == struc->mFirstPartyHostSuffix.Length()) ||
-+ StringEndsWith(key, struc->mFirstPartyHostSuffix))) {
- if (struc->mExcludeOfflineFromUsage) {
- nsCAutoString domain;
- nsresult rv = nsDOMStorageDBWrapper::GetDomainFromScopeKey(key, domain);
-@@ -428,6 +436,15 @@ nsDOMStorageMemoryDB::GetUsageInternal(const nsACString& aQuotaDomainDBKey,
- struc.mUsage = 0;
- struc.mExcludeOfflineFromUsage = aExcludeOfflineFromUsage;
- struc.mSubdomain = aQuotaDomainDBKey;
-+ nsCAutoString tmpQuotaKey(aQuotaDomainDBKey);
-+ int32_t idx = tmpQuotaKey.RFindChar('&');
-+ if (idx > 0) {
-+ const nsDependentCSubstring& tmpStr = Substring(tmpQuotaKey, idx);
-+ if (tmpStr.Length() > 1) {
-+ struc.mFirstPartyHostSuffix = tmpStr;
-+ struc.mSubdomain = Substring(tmpQuotaKey, 0, idx - 1);
-+ }
-+ }
-
- if (mPreloadDB) {
- nsresult rv;
-diff --git a/dom/src/storage/nsDOMStoragePersistentDB.cpp b/dom/src/storage/nsDOMStoragePersistentDB.cpp
-index 93ad303..7814a60 100644
---- a/dom/src/storage/nsDOMStoragePersistentDB.cpp
-+++ b/dom/src/storage/nsDOMStoragePersistentDB.cpp
-@@ -813,7 +813,13 @@ nsDOMStoragePersistentDB::GetUsage(const nsACString& aDomain,
- nsresult rv;
-
- nsCAutoString quotadomainDBKey;
-- rv = nsDOMStorageDBWrapper::CreateQuotaDomainDBKey(aDomain,
-+ // This GetUsage() call is only used to report usage totals in the
-+ // preferences and page info. UI, and only for sites that have been
-+ // granted "offline application" permission. Since we pass nullptr
-+ // for the firstPartURI, the usage total returned will not be
-+ // partitioned by first party, which is OK for the UI.
-+ // Also, Tor does not use currently use nsDOMStoragePersistentDB.
-+ rv = nsDOMStorageDBWrapper::CreateQuotaDomainDBKey(nullptr, aDomain,
- aIncludeSubDomains,
- false,
- quotadomainDBKey);
-diff --git a/embedding/components/windowwatcher/src/nsWindowWatcher.cpp b/embedding/components/windowwatcher/src/nsWindowWatcher.cpp
-index 6abbed7..0bad9ed 100644
---- a/embedding/components/windowwatcher/src/nsWindowWatcher.cpp
-+++ b/embedding/components/windowwatcher/src/nsWindowWatcher.cpp
-@@ -963,14 +963,15 @@ nsWindowWatcher::OpenWindowInternal(nsIDOMWindow *aParent,
-
- if (subjectPrincipal && parentDocShell) {
- nsCOMPtr<nsIDOMStorage> storage;
-- parentDocShell->GetSessionStorageForPrincipal(subjectPrincipal,
-+ parentDocShell->GetSessionStorageForFirstParty(uriToLoad, subjectPrincipal,
- EmptyString(), false,
- getter_AddRefs(storage));
- nsCOMPtr<nsPIDOMStorage> piStorage =
- do_QueryInterface(storage);
- if (piStorage){
- storage = piStorage->Clone();
-- newDocShell->AddSessionStorage(
-+ newDocShell->AddSessionStorageForFirstParty(
-+ uriToLoad,
- piStorage->Principal(),
- storage);
- }
---
-1.7.5.4
-
diff --git a/src/current-patches/firefox/0027-Remove-This-plugin-is-disabled-barrier.patch b/src/current-patches/firefox/0027-Remove-This-plugin-is-disabled-barrier.patch
deleted file mode 100644
index 53ecfba..0000000
--- a/src/current-patches/firefox/0027-Remove-This-plugin-is-disabled-barrier.patch
+++ /dev/null
@@ -1,46 +0,0 @@
-From cc9807d0dc7907cddfcd4053f26ca6ad01b5a070 Mon Sep 17 00:00:00 2001
-From: Mike Perry <mikeperry-git@xxxxxxxxxxxxxx>
-Date: Thu, 28 Feb 2013 17:41:57 -0800
-Subject: [PATCH 27/27] Remove "This plugin is disabled" barrier.
-
-We do not want to encourage our users to enable plugins at this point.
-
-The barrier also causes bad UX for HTML5 video fallback on YouTube.
----
- browser/base/content/browser-plugins.js | 6 ++++--
- toolkit/mozapps/plugins/content/pluginProblem.xml | 2 +-
- 2 files changed, 5 insertions(+), 3 deletions(-)
-
-diff --git a/browser/base/content/browser-plugins.js b/browser/base/content/browser-plugins.js
-index c2abebf..655c2bf 100644
---- a/browser/base/content/browser-plugins.js
-+++ b/browser/base/content/browser-plugins.js
-@@ -228,8 +228,10 @@ var gPluginHandler = {
- break;
-
- case "PluginDisabled":
-- let manageLink = doc.getAnonymousElementByAttribute(plugin, "class", "managePluginsLink");
-- self.addLinkClickCallback(manageLink, "managePlugins");
-+ // Screw the disabled message. It messes with HTML5 fallback on YouTube
-+ let plugin_overlay = doc.getAnonymousElementByAttribute(plugin, "class", "mainBox");
-+ if (plugin_overlay != null)
-+ plugin_overlay.style.visibility = "hidden";
- break;
-
- case "PluginScripted":
-diff --git a/toolkit/mozapps/plugins/content/pluginProblem.xml b/toolkit/mozapps/plugins/content/pluginProblem.xml
-index f61cb48..ed83569 100644
---- a/toolkit/mozapps/plugins/content/pluginProblem.xml
-+++ b/toolkit/mozapps/plugins/content/pluginProblem.xml
-@@ -38,7 +38,7 @@
- <html:div class="installStatus">
- <html:div class="msg msgInstallPlugin"><html:a class="installPluginLink" href="">&installPlugin;</html:a></html:div>
- </html:div>
-- <html:div class="msg msgManagePlugins"><html:a class="managePluginsLink" href="">&managePlugins;</html:a></html:div>
-+ <html:div class="msg msgManagePlugins"><html:a class="managePluginsLink" href=""></html:a></html:div>
- <html:div class="submitStatus">
- <!-- links set at runtime -->
- <html:div class="msg msgPleaseSubmit"><html:a class="pleaseSubmitLink" href="">&report.please;</html:a></html:div>
---
-1.7.5.4
-
diff --git a/src/current-patches/firefox/0028-Use-Optimistic-Data-SOCKS-variant.patch b/src/current-patches/firefox/0028-Use-Optimistic-Data-SOCKS-variant.patch
deleted file mode 100644
index b6d43c1..0000000
--- a/src/current-patches/firefox/0028-Use-Optimistic-Data-SOCKS-variant.patch
+++ /dev/null
@@ -1,82 +0,0 @@
-From 64548e75e1cb68a2449b001629c0ee0d10636d90 Mon Sep 17 00:00:00 2001
-From: Tao Wang <t55wang@xxxxxxxxxxxx>
-Date: Tue, 2 Apr 2013 15:56:49 -0700
-Subject: [PATCH 28/28] Use Optimistic Data SOCKS variant.
-
-This patch alters Firefox's SOCKS handshake to preemptively send data before
-it is actually connected. This allows us to save a round trip during
-connection setup.
-
-See:
-https://gitweb.torproject.org/torspec.git/blob/HEAD:/proposals/181-optimistic-data-client.txt
----
- netwerk/base/src/nsSocketTransport2.cpp | 20 ++++++++++++++++++--
- netwerk/base/src/nsSocketTransport2.h | 4 +++-
- netwerk/socket/nsSOCKSIOLayer.cpp | 4 +++-
- 3 files changed, 24 insertions(+), 4 deletions(-)
-
-diff --git a/netwerk/base/src/nsSocketTransport2.cpp b/netwerk/base/src/nsSocketTransport2.cpp
-index 15870bb..668d18f 100644
---- a/netwerk/base/src/nsSocketTransport2.cpp
-+++ b/netwerk/base/src/nsSocketTransport2.cpp
-@@ -1543,9 +1543,25 @@ nsSocketTransport::OnSocketReady(PRFileDesc *fd, int16_t outFlags)
- // Update poll timeout in case it was changed
- mPollTimeout = mTimeouts[TIMEOUT_READ_WRITE];
- }
-- else if (mState == STATE_CONNECTING) {
-+
-+//STATE_SENDINGGET: handshake proceeded to state "sent connect"
-+//one more poll to OnSocketReady will trigger the get request, and state STATE_SENTGET
-+//STATE_SENTGET: continue and finish handshake
-+ else if (mState == STATE_SENDINGGET) {
-+ if ((mPollFlags & PR_POLL_WRITE) && (outFlags & ~PR_POLL_READ)) {
-+ mOutput.OnSocketReady(NS_OK);
-+ }
-+ mPollTimeout = mTimeouts[TIMEOUT_READ_WRITE];
-+ mState = STATE_SENTGET;
-+ }
-+
-+ else if (mState == STATE_CONNECTING || mState == STATE_SENTGET) {
- PRStatus status = PR_ConnectContinue(fd, outFlags);
-- if (status == PR_SUCCESS) {
-+ if (status == PR_SUCCESS && mState == STATE_CONNECTING) {
-+ OnSocketConnected();
-+ mState = STATE_SENDINGGET;
-+ }
-+ else if (status == PR_SUCCESS && mState == STATE_SENTGET) {
- //
- // we are connected!
- //
-diff --git a/netwerk/base/src/nsSocketTransport2.h b/netwerk/base/src/nsSocketTransport2.h
-index d9ac3d3..0c92d0a 100644
---- a/netwerk/base/src/nsSocketTransport2.h
-+++ b/netwerk/base/src/nsSocketTransport2.h
-@@ -154,7 +154,9 @@ private:
- STATE_IDLE,
- STATE_RESOLVING,
- STATE_CONNECTING,
-- STATE_TRANSFERRING
-+ STATE_TRANSFERRING,
-+ STATE_SENDINGGET,
-+ STATE_SENTGET
- };
-
- //-------------------------------------------------------------------------
-diff --git a/netwerk/socket/nsSOCKSIOLayer.cpp b/netwerk/socket/nsSOCKSIOLayer.cpp
-index 24edc78..64f6001 100644
---- a/netwerk/socket/nsSOCKSIOLayer.cpp
-+++ b/netwerk/socket/nsSOCKSIOLayer.cpp
-@@ -77,7 +77,9 @@ public:
- void SetConnectTimeout(PRIntervalTime to);
- PRStatus DoHandshake(PRFileDesc *fd, int16_t oflags = -1);
- int16_t GetPollFlags() const;
-- bool IsConnected() const { return mState == SOCKS_CONNECTED; }
-+ bool IsConnected() const { return (mState == SOCKS_CONNECTED ||
-+ mState == SOCKS5_READ_CONNECT_RESPONSE_TOP); }
-+
- void ForgetFD() { mFD = nullptr; }
-
- private:
---
-1.7.9.5
-
diff --git a/src/current-patches/firefox/0029-Disable-library-timestamping.patch b/src/current-patches/firefox/0029-Disable-library-timestamping.patch
deleted file mode 100644
index 8a37556..0000000
--- a/src/current-patches/firefox/0029-Disable-library-timestamping.patch
+++ /dev/null
@@ -1,27 +0,0 @@
-From 756c1673881ae104e20305fadad41cfea5f04608 Mon Sep 17 00:00:00 2001
-From: Mike Perry <mikeperry-git@xxxxxxxxxxxxxx>
-Date: Thu, 1 Jan 1970 00:00:00 +0000
-Subject: [PATCH 29/29] Disable library timestamping.
-
-This timestamp prevents deterministic builds, and is set in a way that
-libfaketime can't correct.
----
- nsprpub/config/now.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/nsprpub/config/now.c b/nsprpub/config/now.c
-index 165b924..5e07a72 100644
---- a/nsprpub/config/now.c
-+++ b/nsprpub/config/now.c
-@@ -14,7 +14,7 @@
- #error "Architecture not supported"
- #endif
-
--
-+#define OMIT_LIB_BUILD_TIME
- int main(int argc, char **argv)
- {
- #if defined(OMIT_LIB_BUILD_TIME)
---
-1.7.9.5
-
_______________________________________________
tor-commits mailing list
tor-commits@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits