Apply patch for bug 23044

a11a8b30 · Georg Koppen · fb678ac1 · a11a8b30 · a11a8b30
Commit a11a8b30 authored 7 years ago by Georg Koppen
--- a/gitian/descriptors/linux/gitian-firefox.yml
+++ b/gitian/descriptors/linux/gitian-firefox.yml
@@ -33,6 +33,7 @@ files:
 - "gcc-linux32-utils.zip"
 - "gcc-linux64-utils.zip"
 - "get-moz-build-date"
+- "gio.patch"
 - "re-dzip.sh"
 - "dzip.sh"
 - "versions"
@@ -88,6 +89,7 @@ script: |
  mkdir -p $INSTDIR/Debug/Browser/
  cd tor-browser
+  patch -p1 < ../gio.patch
  # run get-moz-build-date before removing .git, which is used to get the year
  chmod +x ~/build/get-moz-build-date
  eval $(~/build/get-moz-build-date $(cat browser/config/version.txt))

--- a/gitian/patches/gio.patch
+++ b/gitian/patches/gio.patch
+From a96f898e0da42de751a5e1367a9899cc96fadb1f Mon Sep 17 00:00:00 2001
+From: Georg Koppen <gk@torproject.org>
+Date: Thu, 27 Jul 2017 07:31:38 +0000
+Subject: [PATCH] Bug 23044: Don't allow GIO supported protocols by default
+diff --git a/browser/app/profile/000-tor-browser.js b/browser/app/profile/000-tor-browser.js
+index aaeba630422d..3edaad88f59e 100644
+--- a/browser/app/profile/000-tor-browser.js
+++ b/browser/app/profile/000-tor-browser.js
+@@ -210,6 +210,9 @@ pref("network.protocol-handler.warn-external.mailto", true);
+ pref("network.protocol-handler.warn-external.news", true);
+ pref("network.protocol-handler.warn-external.nntp", true);
+ pref("network.protocol-handler.warn-external.snews", true);
+// Make sure we don't have any GIO supported protocols (defense in depth
+// measure)
+pref("network.gio.supported-protocols", "");
+ pref("plugin.disable", true); // Disable to search plugins on first start
+ pref("plugins.click_to_play", true);
+ pref("plugin.state.flash", 1);
+diff --git a/extensions/gio/nsGIOProtocolHandler.cpp b/extensions/gio/nsGIOProtocolHandler.cpp
+index a378e8700821..5f6b2a0a2a57 100644
+--- a/extensions/gio/nsGIOProtocolHandler.cpp
+++ b/extensions/gio/nsGIOProtocolHandler.cpp
+@@ -922,16 +922,16 @@ nsGIOProtocolHandler::InitSupportedProtocolsPref(nsIPrefBranch *prefs)
+   // Get user preferences to determine which protocol is supported.
+   // Gvfs/GIO has a set of supported protocols like obex, network, archive,
+   // computer, dav, cdda, gphoto2, trash, etc. Some of these seems to be
+-  // irrelevant to process by browser. By default accept only smb and sftp
+-  // protocols so far.
+  // irrelevant to process by browser. By default accept none.
+   nsresult rv = prefs->GetCharPref(MOZ_GIO_SUPPORTED_PROTOCOLS,
+                                    getter_Copies(mSupportedProtocols));
+   if (NS_SUCCEEDED(rv)) {
+     mSupportedProtocols.StripWhitespace();
+     ToLowerCase(mSupportedProtocols);
+   }
+-  else
+-    mSupportedProtocols.AssignLiteral("smb:,sftp:"); // use defaults
+  else {
+    mSupportedProtocols.AssignLiteral(""); // use none by default
+  }
+   LOG(("gio: supported protocols \"%s\"\n", mSupportedProtocols.get()));
+ }
+-- 
+2.13.2