diff options
Diffstat (limited to 'data/extensions/https-everywhere@eff.org')
12 files changed, 48 insertions, 31 deletions
diff --git a/data/extensions/https-everywhere@eff.org/Changelog b/data/extensions/https-everywhere@eff.org/Changelog index e846210..dfff155 100644 --- a/data/extensions/https-everywhere@eff.org/Changelog +++ b/data/extensions/https-everywhere@eff.org/Changelog @@ -1,3 +1,8 @@ +Firefox 4.0.3 / Chrome-2015.01.22 (2015-01-22) + * Ruleset updates. + * Update SSL Observatory code to match Firefox API changes in hashing. + * Bring code in line with guidelines for addons.mozilla.org. + 4.0.2 (2014-10-15) * Disable SSL 3 to Prevent POODLE attack: https://github.com/EFForg/https-everywhere/pull/674 diff --git a/data/extensions/https-everywhere@eff.org/chrome/content/about.xul b/data/extensions/https-everywhere@eff.org/chrome/content/about.xul index 6bf5e40..9b6dce6 100644 --- a/data/extensions/https-everywhere@eff.org/chrome/content/about.xul +++ b/data/extensions/https-everywhere@eff.org/chrome/content/about.xul @@ -21,7 +21,7 @@ <groupbox> <caption label="&https-everywhere.about.version;" /> - <label>4.0.2</label> + <label>4.0.3</label> </groupbox> <groupbox> diff --git a/data/extensions/https-everywhere@eff.org/chrome/content/code/ApplicableList.js b/data/extensions/https-everywhere@eff.org/chrome/content/code/ApplicableList.js index 6949167..247f5b7 100644 --- a/data/extensions/https-everywhere@eff.org/chrome/content/code/ApplicableList.js +++ b/data/extensions/https-everywhere@eff.org/chrome/content/code/ApplicableList.js @@ -212,9 +212,9 @@ ApplicableList.prototype = { add_command: function(rule) { var command = this.document.createElement("command"); - command.setAttribute('id', rule.id+'-command'); + command.setAttribute('id', JSON.stringify(rule.id)+'-command'); command.setAttribute('label', rule.name); - command.setAttribute('oncommand', 'toggle_rule("'+rule.id+'")'); + command.setAttribute('oncommand', 'toggle_rule("'+JSON.stringify(rule.id)+'")'); this.commandset.appendChild(command); }, diff --git a/data/extensions/https-everywhere@eff.org/chrome/content/code/ChannelReplacement.js b/data/extensions/https-everywhere@eff.org/chrome/content/code/ChannelReplacement.js index 551bcab..ca70939 100644 --- a/data/extensions/https-everywhere@eff.org/chrome/content/code/ChannelReplacement.js +++ b/data/extensions/https-everywhere@eff.org/chrome/content/code/ChannelReplacement.js @@ -1,3 +1,5 @@ +Components.utils.import("resource://gre/modules/XPCOMUtils.jsm"); + function CtxCapturingListener(tracingChannel, captureObserver) {
this.originalListener = tracingChannel.setNewListener(this);
this.captureObserver = captureObserver;
@@ -13,7 +15,7 @@ CtxCapturingListener.prototype = { },
onDataAvailable: function(request, ctx, inputStream, offset, count) {},
onStopRequest: function(request, ctx, statusCode) {},
- QueryInterface: xpcom_generateQI([Ci.nsIStreamListener])
+ QueryInterface: XPCOMUtils.generateQI([Ci.nsIStreamListener])
};
function ChannelReplacement(chan, newURI, newMethod) {
@@ -211,7 +213,7 @@ ChannelReplacement.prototype = { _redirectCallback: ("nsIAsyncVerifyRedirectCallback" in Ci)
? {
- QueryInterface: xpcom_generateQI([Ci.nsIAsyncVerifyRedirectCallback]),
+ QueryInterface: XPCOMUtils.generateQI([Ci.nsIAsyncVerifyRedirectCallback]),
onRedirectVerifyCallback: function(result) {}
}
: null
@@ -332,7 +334,7 @@ function LoadGroupWrapper(channel, callback) { channel.loadGroup = this;
}
LoadGroupWrapper.prototype = {
- QueryInterface: xpcom_generateQI([Ci.nsILoadGroup]),
+ QueryInterface: XPCOMUtils.generateQI([Ci.nsILoadGroup]),
get activeCount() {
return this._inner ? this._inner.activeCount : 0;
@@ -380,7 +382,7 @@ LoadGroupWrapper.prototype = { if (this._channel.loadGroup) this._channel.loadGroup = this._inner;
},
_emptyEnum: {
- QueryInterface: xpcom_generateQI([Ci.nsISimpleEnumerator]),
+ QueryInterface: XPCOMUtils.generateQI([Ci.nsISimpleEnumerator]),
getNext: function() { return null; },
hasMoreElements: function() { return false; }
}
diff --git a/data/extensions/https-everywhere@eff.org/chrome/content/code/Cookie.js b/data/extensions/https-everywhere@eff.org/chrome/content/code/Cookie.js index 9afe0a8..f9134bc 100644 --- a/data/extensions/https-everywhere@eff.org/chrome/content/code/Cookie.js +++ b/data/extensions/https-everywhere@eff.org/chrome/content/code/Cookie.js @@ -1,3 +1,5 @@ +Components.utils.import("resource://gre/modules/XPCOMUtils.jsm");
+
function Cookie(s, host) {
this.parse(s, host);
}
@@ -143,6 +145,6 @@ Cookie.prototype = { get isDomain() { return this.domain && this.domain[0] == '.'; },
policy: 0,
status: 0,
- QueryInterface: xpcom_generateQI([Ci.nsICookie, Ci.nsICookie2])
+ QueryInterface: XPCOMUtils.generateQI([Ci.nsICookie, Ci.nsICookie2])
};
diff --git a/data/extensions/https-everywhere@eff.org/chrome/content/code/IOUtil.js b/data/extensions/https-everywhere@eff.org/chrome/content/code/IOUtil.js index 96c2500..7e1ff8f 100644 --- a/data/extensions/https-everywhere@eff.org/chrome/content/code/IOUtil.js +++ b/data/extensions/https-everywhere@eff.org/chrome/content/code/IOUtil.js @@ -1,3 +1,5 @@ +Components.utils.import("resource://gre/modules/XPCOMUtils.jsm"); + const IO = { readFile: function(file, charset) { var res; @@ -57,7 +59,7 @@ function nsISupportsWrapper(wrapped) { this.wrappedJSObject = wrapped; } nsISupportsWrapper.prototype = { - QueryInterface: xpcom_generateQI([]) + QueryInterface: XPCOMUtils.generateQI([]) }; const IOUtil = { diff --git a/data/extensions/https-everywhere@eff.org/chrome/content/code/Root-CAs.js b/data/extensions/https-everywhere@eff.org/chrome/content/code/Root-CAs.js index 49777fa..15372bc 100644 --- a/data/extensions/https-everywhere@eff.org/chrome/content/code/Root-CAs.js +++ b/data/extensions/https-everywhere@eff.org/chrome/content/code/Root-CAs.js @@ -1,7 +1,7 @@ // These are concatenated md5 and sha1 fingerprints for the Firefox and // Microsoft root CAs as of Aug 2010 -root_ca_hashes = { +var root_ca_hashes = { '00531D1D7201D423C820D00B6088C5D143DDB1FFF3B49B73831407F6BC8B975023D07C50' : true, '015A99C3D64FA94B3C3BB1A3AB274CBFFC219A76112F76C1C508833C9A2FA2BA84AC087A' : true, '019408DE857F8D806CE602CA89522848750251B2C632536F9D917279543C137CD721C6E0' : true, diff --git a/data/extensions/https-everywhere@eff.org/chrome/content/fetch-source.js b/data/extensions/https-everywhere@eff.org/chrome/content/fetch-source.js index a0220c8..0ae2d05 100644 --- a/data/extensions/https-everywhere@eff.org/chrome/content/fetch-source.js +++ b/data/extensions/https-everywhere@eff.org/chrome/content/fetch-source.js @@ -27,7 +27,7 @@ httpsEverywhere.fetchSource = { CI: Components.interfaces, // Constants for generating URL from which source will be fetched - BASE_SITE: 'https://gitweb.torproject.org/https-everywhere.git/blob_plain/', + BASE_SITE: 'https://gitweb.torproject.org/https-everywhere.git/plain/', DIRECTORY: '/src/chrome/content/rules/', HEAD_STRING: 'HEAD', @@ -58,7 +58,7 @@ httpsEverywhere.fetchSource = { */ getURL: function(filename, GITCommitID) { var fs = httpsEverywhere.fetchSource; - return fs.BASE_SITE + GITCommitID + ":" + fs.DIRECTORY + filename; + return fs.BASE_SITE + fs.DIRECTORY + filename + "?h=" + GITCommitID; }, /** diff --git a/data/extensions/https-everywhere@eff.org/components/https-everywhere.js b/data/extensions/https-everywhere@eff.org/components/https-everywhere.js index 72788ef..c248139 100644 --- a/data/extensions/https-everywhere@eff.org/components/https-everywhere.js +++ b/data/extensions/https-everywhere@eff.org/components/https-everywhere.js @@ -125,17 +125,6 @@ var ABE = { } }; -function xpcom_generateQI(iids) { - var checks = []; - for each (var iid in iids) { - checks.push("CI." + iid.name + ".equals(iid)"); - } - var src = checks.length - ? "if (" + checks.join(" || ") + ") return this;\n" - : ""; - return new Function("iid", src + "throw Components.results.NS_ERROR_NO_INTERFACE;"); -} - function xpcom_checkInterfaces(iid,iids,ex) { for (var j = iids.length; j-- >0;) { if (iid.equals(iids[j])) return true; @@ -195,11 +184,6 @@ function HTTPSEverywhere() { this.httpNowhereEnabled = this.prefs.getBoolPref("http_nowhere.enabled"); this.isMobile = this.doMobileCheck(); - // Disable SSLv3 to prevent POODLE attack. - // https://www.imperialviolet.org/2014/10/14/poodle.html - var root_prefs = this.get_prefs(PREFBRANCH_NONE); - root_prefs.setIntPref("security.tls.version.min", 1); - // We need to use observers instead of categories for FF3.0 for these: // https://developer.mozilla.org/en/Observer_Notifications // https://developer.mozilla.org/en/nsIObserverService. diff --git a/data/extensions/https-everywhere@eff.org/components/ssl-observatory.js b/data/extensions/https-everywhere@eff.org/components/ssl-observatory.js index 15df1db..a783a72 100644 --- a/data/extensions/https-everywhere@eff.org/components/ssl-observatory.js +++ b/data/extensions/https-everywhere@eff.org/components/ssl-observatory.js @@ -285,9 +285,31 @@ SSLObservatory.prototype = { }, */ + // Calculate the MD5 fingerprint for a cert. This is the fingerprint of the + // DER-encoded form, same as the result of + // openssl x509 -md5 -fingerprint -noout + // We use this because the SSL Observatory depends in many places on a special + // fingerprint which is the concatenation of MD5+SHA1, and the MD5 fingerprint + // is no longer available on the cert object. + // Implementation cribbed from + // https://developer.mozilla.org/en-US/docs/Mozilla/Tech/XPCOM/Reference/Interface/nsICryptoHash + md5Fingerprint: function(cert) { + var len = new Object(); + var derData = cert.getRawDER(len); + var ch = CC["@mozilla.org/security/hash;1"].createInstance(CI.nsICryptoHash); + ch.init(ch.MD5); + ch.update(derData,derData.length); + var h = ch.finish(false); + + function toHexString(charCode) { + return ("0" + charCode.toString(16)).slice(-2); + } + return [toHexString(h.charCodeAt(i)) for (i in h)].join("").toUpperCase(); + }, + ourFingerprint: function(cert) { // Calculate our custom fingerprint from an nsIX509Cert - return (cert.md5Fingerprint+cert.sha1Fingerprint).replace(":", "", "g"); + return (this.md5Fingerprint(cert)+cert.sha1Fingerprint).replace(":", "", "g"); }, observe: function(subject, topic, data) { diff --git a/data/extensions/https-everywhere@eff.org/defaults/rulesets.sqlite b/data/extensions/https-everywhere@eff.org/defaults/rulesets.sqlite Binary files differindex c8e52c7..b89ff55 100644 --- a/data/extensions/https-everywhere@eff.org/defaults/rulesets.sqlite +++ b/data/extensions/https-everywhere@eff.org/defaults/rulesets.sqlite diff --git a/data/extensions/https-everywhere@eff.org/install.rdf b/data/extensions/https-everywhere@eff.org/install.rdf index af8bea3..956c5ac 100644 --- a/data/extensions/https-everywhere@eff.org/install.rdf +++ b/data/extensions/https-everywhere@eff.org/install.rdf @@ -9,7 +9,7 @@ <em:id>https-everywhere@eff.org</em:id> <em:type>2</em:type> <!-- type: Extension --> <em:description>Encrypt the Web! Automatically use HTTPS security on many sites.</em:description> - <em:version>4.0.2</em:version> + <em:version>4.0.3</em:version> <em:homepageURL>https://www.eff.org/https-everywhere</em:homepageURL> <em:optionsURL>chrome://https-everywhere/content/meta-preferences.xul</em:optionsURL> <em:iconURL>chrome://https-everywhere/skin/https-everywhere.png</em:iconURL> @@ -22,7 +22,7 @@ <Description> <em:id>{ec8030f7-c20a-464f-9b0e-13a3a9e97384}</em:id> <em:minVersion>20.0</em:minVersion> - <em:maxVersion>37.0</em:maxVersion> + <em:maxVersion>99.*</em:maxVersion> </Description> </em:targetApplication> <!-- Seamonkey --> |