import changes from tenfourfox:

- more hosts for adblock (0558c0179)
- #517: fake out current Rocket Loader (0bbf06ea6)
- #517: a couple tune-ups (5f47da230)
- #512: our own fix for M1412081 (c469554e9)
- #512: M1480092 M1466577 (812d03b96)
- #518: eat our shorts, github (43534dea3)

caps/nsScriptSecurityManager.cpp

@@ -755,6 +755,7 @@ nsScriptSecurityManager::CheckLoadURIWithPrincipal(nsIPrincipal* aPrincipal,
                 BLOK("sb.scorecardresearch.com") ||
 
                 BLOK("ad.doubleclick.net") ||
+                BLOK("cm.g.doubleclick.net") ||
                 BLOK("static.doubleclick.net") ||
                 BLOK("stats.g.doubleclick.net") ||
                 BLOK("pubads.g.doubleclick.net") ||
@@ -809,6 +810,7 @@ nsScriptSecurityManager::CheckLoadURIWithPrincipal(nsIPrincipal* aPrincipal,
                 BLOK("cdn-gl.imrworldwide.com") ||
                 BLOK("secure-us.imrworldwide.com") ||
                 BLOK("secure-dcr.imrworldwide.com") ||
+                BLOK("secure-drm.imrworldwide.com") ||
                 
                 BLOK("labs-cdn.revcontent.com") ||
                 BLOK("trends.revcontent.com") ||
@@ -1139,6 +1141,9 @@ nsScriptSecurityManager::CheckLoadURIWithPrincipal(nsIPrincipal* aPrincipal,
                 BLOK("nervoussummer.com") ||
 
                 BLOK("usasync01.admantx.com") ||
+
+                BLOK("synchrobox.adswizz.com") ||
+                BLOK("delivery-cdn-cf.adswizz.com") ||
                     0) {
 #undef BLOK
                 // Yup.

dom/base/Element.cpp

@@ -1168,6 +1168,17 @@ Element::GetDestinationInsertionPoints()
 void
 Element::GetAttribute(const nsAString& aName, DOMString& aReturn)
 {
+  // Complete the illusion of TenFourFox issue 517 by preventing Rocket Loader
+  // from seeing the data-cf-nonce attribute. This doesn't seem to be used
+  // anywhere else in the Cloudflare stack.
+  if (!IsXULElement() && MOZ_UNLIKELY(aName.LowerCaseEqualsASCII("data-cf-nonce"))) {
+#if DEBUG
+    fprintf(stderr, "TenFourFox: blocked access to proscribed property data-cf-nonce.\n");
+#endif
+    aReturn.SetNull();
+    return;
+  }
+
   const nsAttrValue* val =
     mAttrsAndChildren.GetAttr(aName,
                               IsHTMLElement() && IsInHTMLDocument() ?

dom/base/nsContentUtils.cpp

@@ -7108,9 +7108,6 @@ nsContentUtils::IsForbiddenSystemRequestHeader(const nsACString& aHeader)
   };
   for (uint32_t i = 0; i < ArrayLength(kInvalidHeaders); ++i) {
     if (aHeader.LowerCaseEqualsASCII(kInvalidHeaders[i])) {
-#if DEBUG
-      fprintf(stderr, "offending header was %s\n", kInvalidHeaders[i]);
-#endif
       return true;
     }
   }
@@ -7219,6 +7216,22 @@ nsContentUtils::IsJavascriptMIMEType(const nsAString& aMIMEType)
     }
   }
 
+  // Workaround for Rocket Script; current versions do not load properly.
+  // This version just relaxes the limits on the MIME type so that the
+  // browser loads the scripts for us and RocketScript is not involved.
+  // Old-school Rocket Script that used text/rocketscript is OK; we don't
+  // interfere with that.
+  // (TenFourFox issue 517.)
+  if (StringEndsWith(aMIMEType, NS_LITERAL_STRING("-text/javascript"),
+                     nsCaseInsensitiveStringComparator())) {
+      // Don't use Find(). We really care just if it's at the end.
+      // If we need to look elsewhere, use FindInReadable().
+#if DEBUG
+    fprintf(stderr, "TenFourFox: Rocket Script detected\n");
+#endif
+    return true;
+  }
+
   return false;
 }
 

dom/events/EventStateManager.cpp

@@ -522,11 +522,14 @@ EventStateManager::PreHandleEvent(nsPresContext* aPresContext,
     return NS_ERROR_NULL_POINTER;
   }
 
+#if(0)
+// This is obnoxious, and seems to no longer be relevant.
   NS_WARN_IF_FALSE(!aTargetFrame ||
                    !aTargetFrame->GetContent() ||
                    aTargetFrame->GetContent() == aTargetContent ||
                    aTargetFrame->GetContent()->GetFlattenedTreeParent() == aTargetContent,
                    "aTargetFrame should be related with aTargetContent");
+#endif
 
   mCurrentTarget = aTargetFrame;
   mCurrentTargetContent = nullptr;

media/libvpx/vp8/common/postproc.c

@@ -330,7 +330,7 @@ void vp8_deblock(VP8_COMMON                 *cm,
     double level = 6.0e-05 * q * q * q - .0067 * q * q + .306 * q + .0065;
     int ppl = (int)(level + .5);
 
-    const MODE_INFO *mode_info_context = cm->show_frame_mi;
+    const MODE_INFO *mode_info_context = cm->mi;
     int mbr, mbc;
 
     /* The pixel thresholds are adjusted according to if or not the macroblock

netwerk/base/nsURLHelperOSX.cpp

@@ -206,6 +206,17 @@ net_GetFileFromURLSpec(const nsACString &aURL, nsIFile **result)
   if (bHFSPath)
     convertHFSPathtoPOSIX(path, path);
 
+  // TenFourFox issue 512 (our own fix for M1412081). Just disallow anything
+  // where path starts with /net/ since it looks like ../ paths have already
+  // been parsed. Not needed for Tiger, but doesn't hurt.
+  nsAutoCString lcPath;
+  lcPath.Append(path);
+  ToLowerCase(lcPath);
+  if (StringBeginsWith(lcPath, NS_LITERAL_CSTRING("/net/"))) {
+    fprintf(stderr, "Warning: TenFourFox blocking file:// access to potentially dangerous path %s.\n", path.get());
+    return NS_ERROR_FILE_INVALID_PATH;
+  }
+
   // assuming path is encoded in the native charset
   rv = localFile->InitWithNativePath(path);
   if (NS_FAILED(rv))

netwerk/protocol/http/nsHttpHandler.cpp

@@ -428,10 +428,11 @@ nsHttpHandler::AddStandardRequestHeaders(nsHttpHeaderArray *request,
     nsresult rv;
 
     // Add the "User-Agent" header (unless we have blacklisted this site and
-    // we aren't using a custom user agent; see TenFourFox issue 422).
+    // we aren't using a custom user agent; see TenFourFox issues 422 and 518).
     if (mUserAgentOverride || (
             !hostLine.EqualsLiteral("i.imgur.com") &&
             !hostLine.EqualsLiteral("imgur.com") &&
+            !hostLine.EqualsLiteral("github.com") &&
     1)) {
         rv = request->SetHeader(nsHttp::User_Agent, UserAgent(),
                                 false, nsHttpHeaderArray::eVarietyDefault);

netwerk/protocol/websocket/WebSocketChannel.cpp

@@ -1173,6 +1173,7 @@ WebSocketChannel::WebSocketChannel() :
   mDynamicOutput(nullptr),
   mPrivateBrowsing(false),
   mConnectionLogService(nullptr),
+  mMutex("WebSocketChannel::mMutex"),
   mCountRecv(0),
   mCountSent(0),
   mAppId(NECKO_NO_APP_ID),
@@ -2158,7 +2159,7 @@ WebSocketChannel::PrimeNewOutgoingMessage()
     if (NS_FAILED(rv)) {
       LOG(("WebSocketChannel::PrimeNewOutgoingMessage(): "
            "GenerateRandomBytes failure %x\n", rv));
-      StopSession(rv);
+      AbortSession(rv);
       return;
     }
     mask = * reinterpret_cast<uint32_t *>(buffer);
@@ -2308,10 +2309,26 @@ WebSocketChannel::StopSession(nsresult reason)
 {
   LOG(("WebSocketChannel::StopSession() %p [%x]\n", this, reason));
 
+  {
+    MutexAutoLock lock(mMutex);
+    if (mStopped) {
+      return;
+    }
+    mStopped = 1;
+  }
+
+  DoStopSession(reason);
+}
+
+void
+WebSocketChannel::DoStopSession(nsresult reason)
+{
+  LOG(("WebSocketChannel::DoStopSession() %p [%x]\n", this, reason));
+
   // normally this should be called on socket thread, but it is ok to call it
   // from OnStartRequest before the socket thread machine has gotten underway
 
-  mStopped = 1;
+  MOZ_ASSERT(mStopped);
 
   if (!mOpenedHttpChannel) {
     // The HTTP channel information will never be used in this case
@@ -2378,7 +2395,7 @@ WebSocketChannel::StopSession(nsresult reason)
     // is set when the server close arrives without waiting for the timeout to
     // expire.
 
-    LOG(("WebSocketChannel::StopSession: Wait for Server TCP close"));
+    LOG(("WebSocketChannel::DoStopSession: Wait for Server TCP close"));
 
     nsresult rv;
     mLingeringCloseTimer = do_CreateInstance("@mozilla.org/timer;1", &rv);
@@ -2414,6 +2431,8 @@ WebSocketChannel::AbortSession(nsresult reason)
   LOG(("WebSocketChannel::AbortSession() %p [reason %x] stopped = %d\n",
        this, reason, !!mStopped));
 
+  MOZ_ASSERT(NS_FAILED(reason), "reason must be a failure!");
+
   // normally this should be called on socket thread, but it is ok to call it
   // from the main thread before StartWebsocketData() has completed
 
@@ -2428,20 +2447,26 @@ WebSocketChannel::AbortSession(nsresult reason)
     return;
   }
 
-  if (mStopped)
-    return;
-  mStopped = 1;
+  {
+    MutexAutoLock lock(mMutex);
+    if (mStopped) {
+      return;
+    }
 
-  if (mTransport && reason != NS_BASE_STREAM_CLOSED && !mRequestedClose &&
-      !mClientClosed && !mServerClosed && mConnecting == NOT_CONNECTING) {
-    mRequestedClose = 1;
-    mStopOnClose = reason;
-    mSocketThread->Dispatch(
-      new OutboundEnqueuer(this, new OutboundMessage(kMsgTypeFin, nullptr)),
-                           nsIEventTarget::DISPATCH_NORMAL);
-  } else {
-    StopSession(reason);
+    if (mTransport && reason != NS_BASE_STREAM_CLOSED && !mRequestedClose &&
+        !mClientClosed && !mServerClosed && mDataStarted) {
+      mRequestedClose = 1;
+      mStopOnClose = reason;
+      mSocketThread->Dispatch(
+        new OutboundEnqueuer(this, new OutboundMessage(kMsgTypeFin, nullptr)),
+                             nsIEventTarget::DISPATCH_NORMAL);
+      return;
+    }
+
+    mStopped = 1;
   }
+
+  DoStopSession(reason);
 }
 
 // ReleaseSession is called on orderly shutdown
@@ -2452,8 +2477,6 @@ WebSocketChannel::ReleaseSession()
        this, !!mStopped));
   MOZ_ASSERT(PR_GetCurrentThread() == gSocketThread, "not socket thread");
 
-  if (mStopped)
-    return;
   StopSession(NS_OK);
 }
 
@@ -2802,9 +2825,19 @@ WebSocketChannel::StartWebsocketData()
       NS_DISPATCH_NORMAL);
   }
 
-  LOG(("WebSocketChannel::StartWebsocketData() %p", this));
-  MOZ_ASSERT(!mDataStarted, "StartWebsocketData twice");
-  mDataStarted = 1;
+  {
+    MutexAutoLock lock(mMutex);
+    LOG(("WebSocketChannel::StartWebsocketData() %p", this));
+    MOZ_ASSERT(!mDataStarted, "StartWebsocketData twice");
+
+    if (mStopped) {
+      LOG(("WebSocketChannel::StartWebsocketData channel already closed, not "
+           "starting data"));
+      return NS_ERROR_NOT_AVAILABLE;
+    }
+
+    mDataStarted = 1;
+  }
 
   LOG(("WebSocketChannel::StartWebsocketData Notifying Listener %p\n",
        mListenerMT ? mListenerMT->mListener.get() : nullptr));
@@ -3416,35 +3449,46 @@ WebSocketChannel::Close(uint16_t code, const nsACString & reason)
   // save the networkstats (bug 855949)
   SaveNetworkStats(true);
 
-  if (mRequestedClose) {
-    return NS_OK;
-  }
+  {
+    MutexAutoLock lock(mMutex);
 
-  // The API requires the UTF-8 string to be 123 or less bytes
-  if (reason.Length() > 123)
-    return NS_ERROR_ILLEGAL_VALUE;
-
-  mRequestedClose = 1;
-  mScriptCloseReason = reason;
-  mScriptCloseCode = code;
-
-  if (!mTransport || mConnecting != NOT_CONNECTING) {
-    nsresult rv;
-    if (code == CLOSE_GOING_AWAY) {
-      // Not an error: for example, tab has closed or navigated away
-      LOG(("WebSocketChannel::Close() GOING_AWAY without transport."));
-      rv = NS_OK;
-    } else {
-      LOG(("WebSocketChannel::Close() without transport - error."));
-      rv = NS_ERROR_NOT_CONNECTED;
+    if (mRequestedClose) {
+      return NS_OK;
     }
-    StopSession(rv);
-    return rv;
+
+    if (mStopped) {
+      return NS_ERROR_NOT_AVAILABLE;
+    }
+
+    // The API requires the UTF-8 string to be 123 or less bytes
+    if (reason.Length() > 123)
+      return NS_ERROR_ILLEGAL_VALUE;
+
+    mRequestedClose = 1;
+    mScriptCloseReason = reason;
+    mScriptCloseCode = code;
+
+    if (mDataStarted) {
+      return mSocketThread->Dispatch(
+        new OutboundEnqueuer(this, new OutboundMessage(kMsgTypeFin, nullptr)),
+                             nsIEventTarget::DISPATCH_NORMAL);
+    }
+
+    mStopped = 1;
   }
 
-  return mSocketThread->Dispatch(
-      new OutboundEnqueuer(this, new OutboundMessage(kMsgTypeFin, nullptr)),
-                           nsIEventTarget::DISPATCH_NORMAL);
+  nsresult rv;
+  if (code == CLOSE_GOING_AWAY) {
+    // Not an error: for example, tab has closed or navigated away
+    LOG(("WebSocketChannel::Close() GOING_AWAY without transport."));
+    rv = NS_OK;
+  } else {
+    LOG(("WebSocketChannel::Close() without transport - error."));
+    rv = NS_ERROR_NOT_CONNECTED;
+  }
+
+  DoStopSession(rv);
+  return rv;
 }
 
 NS_IMETHODIMP
@@ -3773,13 +3817,11 @@ WebSocketChannel::OnInputStreamReady(nsIAsyncInputStream *aStream)
     }
 
     if (NS_FAILED(rv)) {
-      mTCPClosed = true;
       AbortSession(rv);
       return rv;
     }
 
     if (count == 0) {
-      mTCPClosed = true;
       AbortSession(NS_BASE_STREAM_CLOSED);
       return NS_OK;
     }

netwerk/protocol/websocket/WebSocketChannel.h

@@ -160,6 +160,7 @@ private:
   void     ReportConnectionTelemetry();
 
   void StopSession(nsresult reason);
+  void DoStopSession(nsresult reason);
   void AbortSession(nsresult reason);
   void ReleaseSession();
   void CleanupConnection();
@@ -295,6 +296,8 @@ private:
 
   nsCOMPtr<nsIDashboardEventNotifier> mConnectionLogService;
 
+  mozilla::Mutex mMutex;
+
 // These members are used for network per-app metering (bug 855949)
 // Currently, they are only available on gonk.
   Atomic<uint64_t, Relaxed>       mCountRecv;