From owner-svn-ports-all@freebsd.org  Wed Oct 25 09:53:42 2017
Return-Path: <owner-svn-ports-all@freebsd.org>
Delivered-To: svn-ports-all@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 918D2E44C55;
 Wed, 25 Oct 2017 09:53:42 +0000 (UTC)
 (envelope-from jbeich@FreeBSD.org)
Received: from repo.freebsd.org (repo.freebsd.org
 [IPv6:2610:1c1:1:6068::e6a:0])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 6E19465281;
 Wed, 25 Oct 2017 09:53:42 +0000 (UTC)
 (envelope-from jbeich@FreeBSD.org)
Received: from repo.freebsd.org ([127.0.1.37])
 by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id v9P9rfbE077427;
 Wed, 25 Oct 2017 09:53:41 GMT (envelope-from jbeich@FreeBSD.org)
Received: (from jbeich@localhost)
 by repo.freebsd.org (8.15.2/8.15.2/Submit) id v9P9rf3b077425;
 Wed, 25 Oct 2017 09:53:41 GMT (envelope-from jbeich@FreeBSD.org)
Message-Id: <201710250953.v9P9rf3b077425@repo.freebsd.org>
X-Authentication-Warning: repo.freebsd.org: jbeich set sender to
 jbeich@FreeBSD.org using -f
From: Jan Beich <jbeich@FreeBSD.org>
Date: Wed, 25 Oct 2017 09:53:41 +0000 (UTC)
To: ports-committers@freebsd.org, svn-ports-all@freebsd.org,
 svn-ports-head@freebsd.org
Subject: svn commit: r452837 - in head/www/firefox: . files
X-SVN-Group: ports-head
X-SVN-Commit-Author: jbeich
X-SVN-Commit-Paths: in head/www/firefox: . files
X-SVN-Commit-Revision: 452837
X-SVN-Commit-Repository: ports
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-ports-all@freebsd.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: SVN commit messages for the ports tree <svn-ports-all.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-ports-all>,
 <mailto:svn-ports-all-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-ports-all/>
List-Post: <mailto:svn-ports-all@freebsd.org>
List-Help: <mailto:svn-ports-all-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-ports-all>,
 <mailto:svn-ports-all-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 25 Oct 2017 09:53:42 -0000

Author: jbeich
Date: Wed Oct 25 09:53:41 2017
New Revision: 452837
URL: https://svnweb.freebsd.org/changeset/ports/452837

Log:
  www/firefox: backport privacy.resistFingerprinting fix for User-Agent
  
  If users are going to "pkg lock" due to addons better pretend to be an
  ESR on the off chance JS malware is stupid enough to only check
  User-Agent to filter out non-vulnerable Firefox versions.
  
  Obtained from:	upstream (Firefox 57)
  MFH:		2017Q4

Added:
  head/www/firefox/files/patch-bug1393283   (contents, props changed)
Modified:
  head/www/firefox/Makefile   (contents, props changed)

Modified: head/www/firefox/Makefile
==============================================================================
--- head/www/firefox/Makefile	Wed Oct 25 09:18:26 2017	(r452836)
+++ head/www/firefox/Makefile	Wed Oct 25 09:53:41 2017	(r452837)
@@ -4,6 +4,7 @@
 PORTNAME=	firefox
 DISTVERSION=	56.0.2
 DISTVERSIONSUFFIX=.source
+PORTREVISION=	1
 PORTEPOCH=	1
 CATEGORIES=	www ipv6
 MASTER_SITES=	MOZILLA/${PORTNAME}/releases/${DISTVERSION}/source \

Added: head/www/firefox/files/patch-bug1393283
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/www/firefox/files/patch-bug1393283	Wed Oct 25 09:53:41 2017	(r452837)
@@ -0,0 +1,144 @@
+commit d20c7d929c84
+Author: Ethan <ettseng@mozilla.com>
+Date:   Fri Sep 1 17:29:44 2017 +0800
+
+    Bug 1393283 - Use the last ESR version as the spoofed Firefox version. r=tihuang, r=mcmanus
+---
+ .../test/browser/browser_navigator.js              |  2 +-
+ netwerk/protocol/http/nsHttpHandler.cpp            | 16 +++----
+ .../resistfingerprinting/nsRFPService.cpp          | 56 ++++++++++++++++++++++
+ .../components/resistfingerprinting/nsRFPService.h |  3 ++
+ 4 files changed, 66 insertions(+), 11 deletions(-)
+
+diff --git browser/components/resistfingerprinting/test/browser/browser_navigator.js browser/components/resistfingerprinting/test/browser/browser_navigator.js
+index 25c393d8bb2a..9f52e34a9451 100644
+--- browser/components/resistfingerprinting/test/browser/browser_navigator.js
++++ browser/components/resistfingerprinting/test/browser/browser_navigator.js
+@@ -91,7 +91,7 @@ add_task(async function setup() {
+ 
+   let appInfo = Cc["@mozilla.org/xre/app-info;1"].getService(Ci.nsIXULAppInfo);
+   let appVersion = parseInt(appInfo.version);
+-  let spoofedVersion = appVersion - (appVersion % 10);
++  let spoofedVersion = appVersion - ((appVersion - 3) % 7);
+   spoofedUserAgent = `Mozilla/5.0 (${SPOOFED_OSCPU}; rv:${spoofedVersion}.0) Gecko/20100101 Firefox/${spoofedVersion}.0`;
+ });
+ 
+diff --git netwerk/protocol/http/nsHttpHandler.cpp netwerk/protocol/http/nsHttpHandler.cpp
+index 31d0f8832732..b957d835b52f 100644
+--- netwerk/protocol/http/nsHttpHandler.cpp
++++ netwerk/protocol/http/nsHttpHandler.cpp
+@@ -461,16 +461,12 @@ nsHttpHandler::Init()
+         mAppVersion.AssignLiteral(MOZ_APP_UA_VERSION);
+     }
+ 
+-    // Generating the spoofed userAgent for fingerprinting resistance.
+-    // The browser version will be rounded down to a multiple of 10.
+-    // By doing so, the anonymity group will cover more versions instead of one
+-    // version.
+-    uint32_t spoofedVersion = mAppVersion.ToInteger(&rv);
+-    if (NS_SUCCEEDED(rv)) {
+-        spoofedVersion = spoofedVersion - (spoofedVersion % 10);
+-        mSpoofedUserAgent.Assign(nsPrintfCString(
+-            "Mozilla/5.0 (%s; rv:%d.0) Gecko/%s Firefox/%d.0",
+-            SPOOFED_OSCPU, spoofedVersion, LEGACY_BUILD_ID, spoofedVersion));
++    // Generating the spoofed User Agent for fingerprinting resistance.
++    rv = nsRFPService::GetSpoofedUserAgent(mSpoofedUserAgent);
++    if (NS_FAILED(rv)) {
++      // Empty mSpoofedUserAgent to make sure the unsuccessful spoofed UA string
++      // will not be used anywhere.
++      mSpoofedUserAgent.Truncate();
+     }
+ 
+     mSessionStartTime = NowInSeconds();
+diff --git toolkit/components/resistfingerprinting/nsRFPService.cpp toolkit/components/resistfingerprinting/nsRFPService.cpp
+index 94554200c3b8..96a2940c04a0 100644
+--- toolkit/components/resistfingerprinting/nsRFPService.cpp
++++ toolkit/components/resistfingerprinting/nsRFPService.cpp
+@@ -18,10 +18,13 @@
+ #include "nsServiceManagerUtils.h"
+ #include "nsString.h"
+ #include "nsXULAppAPI.h"
++#include "nsPrintfCString.h"
+ 
+ #include "nsIObserverService.h"
+ #include "nsIPrefBranch.h"
+ #include "nsIPrefService.h"
++#include "nsIXULAppInfo.h"
++#include "nsIXULRuntime.h"
+ #include "nsJSUtils.h"
+ 
+ #include "prenv.h"
+@@ -162,6 +165,59 @@ nsRFPService::GetSpoofedPresentedFrames(double aTime, uint32_t aWidth, uint32_t
+   return NSToIntFloor(time * sVideoFramesPerSec * ((100 - boundedDroppedRatio) / 100.0));
+ }
+ 
++/* static */
++nsresult
++nsRFPService::GetSpoofedUserAgent(nsACString &userAgent)
++{
++  // This function generates the spoofed value of User Agent.
++  // We spoof the values of the platform and Firefox version, which could be
++  // used as fingerprinting sources to identify individuals.
++  // Reference of the format of User Agent:
++  // https://developer.mozilla.org/en-US/docs/Web/API/NavigatorID/userAgent
++  // https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/User-Agent
++
++  nsresult rv;
++  nsCOMPtr<nsIXULAppInfo> appInfo =
++    do_GetService("@mozilla.org/xre/app-info;1", &rv);
++  NS_ENSURE_SUCCESS(rv, rv);
++
++  nsAutoCString appVersion;
++  rv = appInfo->GetVersion(appVersion);
++  NS_ENSURE_SUCCESS(rv, rv);
++
++  // The browser version will be spoofed as the last ESR version.
++  // By doing so, the anonymity group will cover more versions instead of one
++  // version.
++  uint32_t firefoxVersion = appVersion.ToInteger(&rv);
++  NS_ENSURE_SUCCESS(rv, rv);
++
++  // Starting from Firefox 10, Firefox ESR was released once every seven
++  // Firefox releases, e.g. Firefox 10, 17, 24, 31, and so on.
++  // We infer the last and closest ESR version based on this rule.
++  nsCOMPtr<nsIXULRuntime> runtime =
++    do_GetService("@mozilla.org/xre/runtime;1", &rv);
++  NS_ENSURE_SUCCESS(rv, rv);
++
++  nsAutoCString updateChannel;
++  rv = runtime->GetDefaultUpdateChannel(updateChannel);
++  NS_ENSURE_SUCCESS(rv, rv);
++
++  // If we are running in Firefox ESR, determine whether the formula of ESR
++  // version has changed.  Once changed, we must update the formula in this
++  // function.
++  if (updateChannel.Equals("esr")) {
++    MOZ_ASSERT(((firefoxVersion % 7) == 3),
++      "Please udpate ESR version formula in nsRFPService.cpp");
++  }
++
++  uint32_t spoofedVersion = firefoxVersion - ((firefoxVersion - 3) % 7);
++  userAgent.Assign(nsPrintfCString(
++    "Mozilla/5.0 (%s; rv:%d.0) Gecko/%s Firefox/%d.0",
++    SPOOFED_OSCPU, spoofedVersion, LEGACY_BUILD_ID, spoofedVersion));
++
++  return rv;
++}
++
+ nsresult
+ nsRFPService::Init()
+ {
+diff --git toolkit/components/resistfingerprinting/nsRFPService.h toolkit/components/resistfingerprinting/nsRFPService.h
+index cf1f688bb992..bad80383883b 100644
+--- toolkit/components/resistfingerprinting/nsRFPService.h
++++ toolkit/components/resistfingerprinting/nsRFPService.h
+@@ -49,6 +49,9 @@ public:
+   static uint32_t GetSpoofedDroppedFrames(double aTime, uint32_t aWidth, uint32_t aHeight);
+   static uint32_t GetSpoofedPresentedFrames(double aTime, uint32_t aWidth, uint32_t aHeight);
+ 
++  // This method generates the spoofed value of User Agent.
++  static nsresult GetSpoofedUserAgent(nsACString &userAgent);
++
+ private:
+   nsresult Init();
+