From 16f2defa530b36cae7da5e28b5eafef9138adba5 Mon Sep 17 00:00:00 2001
From: Ruben Rodriguez <ruben@gnu.org>
Date: Wed, 28 Jan 2015 22:16:14 +0100
Subject: Updated to v31.4.0ESR  * Search form in about:icecat now searches in
 default search engine  * Disabled accessibility.blockautorefresh  * Replaced
 references to Open Source with Free Software where applicable  * Added
 html5-video-everywhere v0.1.1 extension:
 https://github.com/lejenome/html5-video-everywhere  * Updated LibreJS to
 6.0.8

Build scripts updated to use pbuilder
---
 data/extensions/https-everywhere@eff.org/Changelog |   5 +++++
 .../chrome/content/about.xul                       |   2 +-
 .../chrome/content/code/ApplicableList.js          |   4 ++--
 .../chrome/content/code/ChannelReplacement.js      |  10 +++++----
 .../chrome/content/code/Cookie.js                  |   4 +++-
 .../chrome/content/code/IOUtil.js                  |   4 +++-
 .../chrome/content/code/Root-CAs.js                |   2 +-
 .../chrome/content/fetch-source.js                 |   4 ++--
 .../components/https-everywhere.js                 |  16 --------------
 .../components/ssl-observatory.js                  |  24 ++++++++++++++++++++-
 .../defaults/rulesets.sqlite                       | Bin 1473536 -> 1479680 bytes
 .../https-everywhere@eff.org/install.rdf           |   4 ++--
 12 files changed, 48 insertions(+), 31 deletions(-)

(limited to 'data/extensions/https-everywhere@eff.org')

diff --git a/data/extensions/https-everywhere@eff.org/Changelog b/data/extensions/https-everywhere@eff.org/Changelog
index e846210..dfff155 100644
--- a/data/extensions/https-everywhere@eff.org/Changelog
+++ b/data/extensions/https-everywhere@eff.org/Changelog
@@ -1,3 +1,8 @@
+Firefox 4.0.3 / Chrome-2015.01.22 (2015-01-22)
+  * Ruleset updates.
+  * Update SSL Observatory code to match Firefox API changes in hashing.
+  * Bring code in line with guidelines for addons.mozilla.org.
+
 4.0.2		  (2014-10-15)
   * Disable SSL 3 to Prevent POODLE attack:
     https://github.com/EFForg/https-everywhere/pull/674
diff --git a/data/extensions/https-everywhere@eff.org/chrome/content/about.xul b/data/extensions/https-everywhere@eff.org/chrome/content/about.xul
index 6bf5e40..9b6dce6 100644
--- a/data/extensions/https-everywhere@eff.org/chrome/content/about.xul
+++ b/data/extensions/https-everywhere@eff.org/chrome/content/about.xul
@@ -21,7 +21,7 @@
 
     <groupbox>
       <caption label="&https-everywhere.about.version;" />
-      <label>4.0.2</label>
+      <label>4.0.3</label>
     </groupbox>
     
     <groupbox>
diff --git a/data/extensions/https-everywhere@eff.org/chrome/content/code/ApplicableList.js b/data/extensions/https-everywhere@eff.org/chrome/content/code/ApplicableList.js
index 6949167..247f5b7 100644
--- a/data/extensions/https-everywhere@eff.org/chrome/content/code/ApplicableList.js
+++ b/data/extensions/https-everywhere@eff.org/chrome/content/code/ApplicableList.js
@@ -212,9 +212,9 @@ ApplicableList.prototype = {
 
   add_command: function(rule) {
       var command = this.document.createElement("command");
-      command.setAttribute('id', rule.id+'-command');
+      command.setAttribute('id', JSON.stringify(rule.id)+'-command');
       command.setAttribute('label', rule.name);
-      command.setAttribute('oncommand', 'toggle_rule("'+rule.id+'")');
+      command.setAttribute('oncommand', 'toggle_rule("'+JSON.stringify(rule.id)+'")');
       this.commandset.appendChild(command);
   },
 
diff --git a/data/extensions/https-everywhere@eff.org/chrome/content/code/ChannelReplacement.js b/data/extensions/https-everywhere@eff.org/chrome/content/code/ChannelReplacement.js
index 551bcab..ca70939 100644
--- a/data/extensions/https-everywhere@eff.org/chrome/content/code/ChannelReplacement.js
+++ b/data/extensions/https-everywhere@eff.org/chrome/content/code/ChannelReplacement.js
@@ -1,3 +1,5 @@
+Components.utils.import("resource://gre/modules/XPCOMUtils.jsm");
+
 function CtxCapturingListener(tracingChannel, captureObserver) {
   this.originalListener = tracingChannel.setNewListener(this);
   this.captureObserver = captureObserver;
@@ -13,7 +15,7 @@ CtxCapturingListener.prototype = {
   },
   onDataAvailable: function(request, ctx, inputStream, offset, count) {},
   onStopRequest: function(request, ctx, statusCode) {},
-  QueryInterface: xpcom_generateQI([Ci.nsIStreamListener])
+  QueryInterface: XPCOMUtils.generateQI([Ci.nsIStreamListener])
 };
 
 function ChannelReplacement(chan, newURI, newMethod) {
@@ -211,7 +213,7 @@ ChannelReplacement.prototype = {
   
   _redirectCallback: ("nsIAsyncVerifyRedirectCallback" in Ci)
     ? {
-        QueryInterface: xpcom_generateQI([Ci.nsIAsyncVerifyRedirectCallback]),
+        QueryInterface: XPCOMUtils.generateQI([Ci.nsIAsyncVerifyRedirectCallback]),
         onRedirectVerifyCallback: function(result) {}
       }
     : null
@@ -332,7 +334,7 @@ function LoadGroupWrapper(channel, callback) {
   channel.loadGroup = this;
 }
 LoadGroupWrapper.prototype = {
-  QueryInterface: xpcom_generateQI([Ci.nsILoadGroup]),
+  QueryInterface: XPCOMUtils.generateQI([Ci.nsILoadGroup]),
   
   get activeCount() {
     return this._inner ? this._inner.activeCount : 0;
@@ -380,7 +382,7 @@ LoadGroupWrapper.prototype = {
     if (this._channel.loadGroup) this._channel.loadGroup = this._inner;
   },
   _emptyEnum: {
-    QueryInterface: xpcom_generateQI([Ci.nsISimpleEnumerator]),
+    QueryInterface: XPCOMUtils.generateQI([Ci.nsISimpleEnumerator]),
     getNext: function() { return null; },
     hasMoreElements: function() { return false; }
   }
diff --git a/data/extensions/https-everywhere@eff.org/chrome/content/code/Cookie.js b/data/extensions/https-everywhere@eff.org/chrome/content/code/Cookie.js
index 9afe0a8..f9134bc 100644
--- a/data/extensions/https-everywhere@eff.org/chrome/content/code/Cookie.js
+++ b/data/extensions/https-everywhere@eff.org/chrome/content/code/Cookie.js
@@ -1,3 +1,5 @@
+Components.utils.import("resource://gre/modules/XPCOMUtils.jsm");
+
 function Cookie(s, host) {
   this.parse(s, host);
 }
@@ -143,6 +145,6 @@ Cookie.prototype = {
   get isDomain() { return this.domain && this.domain[0] == '.'; },
   policy: 0,
   status: 0,
-  QueryInterface: xpcom_generateQI([Ci.nsICookie, Ci.nsICookie2])
+  QueryInterface: XPCOMUtils.generateQI([Ci.nsICookie, Ci.nsICookie2])
   
 };
diff --git a/data/extensions/https-everywhere@eff.org/chrome/content/code/IOUtil.js b/data/extensions/https-everywhere@eff.org/chrome/content/code/IOUtil.js
index 96c2500..7e1ff8f 100644
--- a/data/extensions/https-everywhere@eff.org/chrome/content/code/IOUtil.js
+++ b/data/extensions/https-everywhere@eff.org/chrome/content/code/IOUtil.js
@@ -1,3 +1,5 @@
+Components.utils.import("resource://gre/modules/XPCOMUtils.jsm");
+
 const IO = {
   readFile: function(file, charset) {
     var res;
@@ -57,7 +59,7 @@ function nsISupportsWrapper(wrapped) {
   this.wrappedJSObject = wrapped;
 }
 nsISupportsWrapper.prototype = {
-  QueryInterface: xpcom_generateQI([])
+  QueryInterface: XPCOMUtils.generateQI([])
 };
 
 const IOUtil = {
diff --git a/data/extensions/https-everywhere@eff.org/chrome/content/code/Root-CAs.js b/data/extensions/https-everywhere@eff.org/chrome/content/code/Root-CAs.js
index 49777fa..15372bc 100644
--- a/data/extensions/https-everywhere@eff.org/chrome/content/code/Root-CAs.js
+++ b/data/extensions/https-everywhere@eff.org/chrome/content/code/Root-CAs.js
@@ -1,7 +1,7 @@
 // These are concatenated md5 and sha1 fingerprints for the Firefox and
 // Microsoft root CAs as of Aug 2010
 
-root_ca_hashes = {
+var root_ca_hashes = {
   '00531D1D7201D423C820D00B6088C5D143DDB1FFF3B49B73831407F6BC8B975023D07C50' : true,
   '015A99C3D64FA94B3C3BB1A3AB274CBFFC219A76112F76C1C508833C9A2FA2BA84AC087A' : true,
   '019408DE857F8D806CE602CA89522848750251B2C632536F9D917279543C137CD721C6E0' : true,
diff --git a/data/extensions/https-everywhere@eff.org/chrome/content/fetch-source.js b/data/extensions/https-everywhere@eff.org/chrome/content/fetch-source.js
index a0220c8..0ae2d05 100644
--- a/data/extensions/https-everywhere@eff.org/chrome/content/fetch-source.js
+++ b/data/extensions/https-everywhere@eff.org/chrome/content/fetch-source.js
@@ -27,7 +27,7 @@ httpsEverywhere.fetchSource = {
   CI: Components.interfaces,
 
   // Constants for generating URL from which source will be fetched 
-  BASE_SITE: 'https://gitweb.torproject.org/https-everywhere.git/blob_plain/',
+  BASE_SITE: 'https://gitweb.torproject.org/https-everywhere.git/plain/',
   DIRECTORY: '/src/chrome/content/rules/',
   HEAD_STRING: 'HEAD',
 
@@ -58,7 +58,7 @@ httpsEverywhere.fetchSource = {
    */
   getURL: function(filename, GITCommitID) {
     var fs = httpsEverywhere.fetchSource;
-    return fs.BASE_SITE + GITCommitID + ":" + fs.DIRECTORY + filename;
+    return fs.BASE_SITE + fs.DIRECTORY + filename + "?h=" + GITCommitID;
   },
 
   /**
diff --git a/data/extensions/https-everywhere@eff.org/components/https-everywhere.js b/data/extensions/https-everywhere@eff.org/components/https-everywhere.js
index 72788ef..c248139 100644
--- a/data/extensions/https-everywhere@eff.org/components/https-everywhere.js
+++ b/data/extensions/https-everywhere@eff.org/components/https-everywhere.js
@@ -125,17 +125,6 @@ var ABE = {
   }
 };
 
-function xpcom_generateQI(iids) {
-  var checks = [];
-  for each (var iid in iids) {
-    checks.push("CI." + iid.name + ".equals(iid)");
-  }
-  var src = checks.length
-    ? "if (" + checks.join(" || ") + ") return this;\n"
-    : "";
-  return new Function("iid", src + "throw Components.results.NS_ERROR_NO_INTERFACE;");
-}
-
 function xpcom_checkInterfaces(iid,iids,ex) {
   for (var j = iids.length; j-- >0;) {
     if (iid.equals(iids[j])) return true;
@@ -195,11 +184,6 @@ function HTTPSEverywhere() {
   this.httpNowhereEnabled = this.prefs.getBoolPref("http_nowhere.enabled");
   this.isMobile = this.doMobileCheck();
 
-  // Disable SSLv3 to prevent POODLE attack.
-  // https://www.imperialviolet.org/2014/10/14/poodle.html
-  var root_prefs = this.get_prefs(PREFBRANCH_NONE);
-  root_prefs.setIntPref("security.tls.version.min", 1);
-  
   // We need to use observers instead of categories for FF3.0 for these:
   // https://developer.mozilla.org/en/Observer_Notifications
   // https://developer.mozilla.org/en/nsIObserverService.
diff --git a/data/extensions/https-everywhere@eff.org/components/ssl-observatory.js b/data/extensions/https-everywhere@eff.org/components/ssl-observatory.js
index 15df1db..a783a72 100644
--- a/data/extensions/https-everywhere@eff.org/components/ssl-observatory.js
+++ b/data/extensions/https-everywhere@eff.org/components/ssl-observatory.js
@@ -285,9 +285,31 @@ SSLObservatory.prototype = {
   },
   */
 
+  // Calculate the MD5 fingerprint for a cert. This is the fingerprint of the
+  // DER-encoded form, same as the result of
+  // openssl x509 -md5 -fingerprint -noout
+  // We use this because the SSL Observatory depends in many places on a special
+  // fingerprint which is the concatenation of MD5+SHA1, and the MD5 fingerprint
+  // is no longer available on the cert object.
+  // Implementation cribbed from
+  // https://developer.mozilla.org/en-US/docs/Mozilla/Tech/XPCOM/Reference/Interface/nsICryptoHash
+  md5Fingerprint: function(cert) {
+    var len = new Object();
+    var derData = cert.getRawDER(len);
+    var ch = CC["@mozilla.org/security/hash;1"].createInstance(CI.nsICryptoHash);
+    ch.init(ch.MD5);
+    ch.update(derData,derData.length);
+    var h = ch.finish(false);
+
+    function toHexString(charCode) {
+      return ("0" + charCode.toString(16)).slice(-2);
+    }
+    return [toHexString(h.charCodeAt(i)) for (i in h)].join("").toUpperCase();
+  },
+
   ourFingerprint: function(cert) {
     // Calculate our custom fingerprint from an nsIX509Cert
-    return (cert.md5Fingerprint+cert.sha1Fingerprint).replace(":", "", "g");
+    return (this.md5Fingerprint(cert)+cert.sha1Fingerprint).replace(":", "", "g");
   },
 
   observe: function(subject, topic, data) {
diff --git a/data/extensions/https-everywhere@eff.org/defaults/rulesets.sqlite b/data/extensions/https-everywhere@eff.org/defaults/rulesets.sqlite
index c8e52c7..b89ff55 100644
Binary files a/data/extensions/https-everywhere@eff.org/defaults/rulesets.sqlite and b/data/extensions/https-everywhere@eff.org/defaults/rulesets.sqlite differ
diff --git a/data/extensions/https-everywhere@eff.org/install.rdf b/data/extensions/https-everywhere@eff.org/install.rdf
index af8bea3..956c5ac 100644
--- a/data/extensions/https-everywhere@eff.org/install.rdf
+++ b/data/extensions/https-everywhere@eff.org/install.rdf
@@ -9,7 +9,7 @@
         <em:id>https-everywhere@eff.org</em:id>
         <em:type>2</em:type> <!-- type: Extension -->
         <em:description>Encrypt the Web! Automatically use HTTPS security on many sites.</em:description>
-        <em:version>4.0.2</em:version>
+        <em:version>4.0.3</em:version>
         <em:homepageURL>https://www.eff.org/https-everywhere</em:homepageURL>
         <em:optionsURL>chrome://https-everywhere/content/meta-preferences.xul</em:optionsURL>
         <em:iconURL>chrome://https-everywhere/skin/https-everywhere.png</em:iconURL>
@@ -22,7 +22,7 @@
             <Description>
                 <em:id>{ec8030f7-c20a-464f-9b0e-13a3a9e97384}</em:id>
                 <em:minVersion>20.0</em:minVersion>
-                <em:maxVersion>37.0</em:maxVersion>
+                <em:maxVersion>99.*</em:maxVersion>
             </Description>
         </em:targetApplication>
         <!-- Seamonkey -->
-- 
cgit v1.2.3