roytam1/palemoon27
1
0
Fork 0
mirror of https://github.com/roytam1/palemoon27.git synced 2026-06-09 09:58:57 +00:00
Code Issues Projects Releases Wiki Activity
1,618 Commits 9 Branches 1 Tag
9c1bc3096594de84b6847d3edcfcda3462457d8a
Commit Graph

56 Commits

Author SHA1 Message Date
Pale Moon 7a9da4168c Allocate more memory for processing (stupidly) large PAC files. 2018-07-25 07:03:17 +08:00
janekptacijarabaci 68c5139b0d A channel suspend()-ed in http-on-modify-request shouldn't send out any traffic until resume()-d 2018-07-25 07:02:45 +08:00
janekptacijarabaci f20d42357a The referrer policy specification where origin-when-crossorigin should actually be origin-when-cross-origin (fix typo) 2018-07-25 06:59:55 +08:00
Nicholas Hurley e2eeafaacd Bug 1343505 r=mcmanus a=abillings 
MozReview-Commit-ID: 7OPJQfzW4FU
 2018-07-25 06:59:37 +08:00
Pale Moon 2a7cc300c0 Reconfigure network security: 
- Enable 128-bit RSA+AES+SHA256 suites
- Disable all static DHE suites because:
  * There's no way to negotiate DH key sizes.
  * It's barely in use and when it is, it can fall back to RSA
  * We now have broader RSA/AES support with stronger SHA-HMAC
 2018-07-25 06:59:35 +08:00
Pale Moon 3af91e4b80 Implement optional parameters of WebSocket permessage compression. 
This works around a spec conflict in RFC7692, avoiding socket closure when allowed but unknown parameters are sent back by the server.

Added parameters:
- server_no_context_takeover
- server_max_window_bits
- client_max_window_bits
 2018-07-25 06:59:33 +08:00
Pale Moon c9ad97a8f5 Add support for RSA+AES+SHA256/384 suites for web compatibility. 
This adds the following suites for web compatibility despite the
deprecated RSA key exchange that makes little sense with a
very strong HMAC or GCM:

TLS_RSA_WITH_AES_256_GCM_SHA384
TLS_RSA_WITH_AES_256_CBC_SHA256
TLS_RSA_WITH_AES_128_GCM_SHA256
TLS_RSA_WITH_AES_128_CBC_SHA256

Only the 256-bit ones are enabled by default.
 2018-07-25 06:58:58 +08:00
Pale Moon 000c3a1f28 Don't assume whitespace is always present for www auth challenges. 2018-07-25 06:57:31 +08:00
Pale Moon 418c035c1e Match proper type for PR_sscanf which has a signed return value. 2018-07-25 06:57:11 +08:00
Pale Moon 5c06f6d5e9 Bug 1321612 2018-07-25 06:56:52 +08:00
Pale Moon 141293f5f3 Hold a reference to OnStartRequest() 2018-07-25 06:56:29 +08:00
Pale Moon e4f0d12b2c Enable AES256-GCM for accessibility to overly-strict sites that do not offer ChaCha20. 2018-07-25 06:50:59 +08:00
Pale Moon 36fc143339 Add AES256-GCM suites to secmanager. 
Disabled by default for known wasted performance (40%) on a suite weaker to key attacks than AES128.
 2018-07-25 06:50:51 +08:00
Pale Moon 8df1603dfd Enable ChaCha20-Poly1305 suites. 2018-07-25 06:50:49 +08:00
Pale Moon 5546cc421e Temporarily disable Camellia-GCM suites in secmanager. 2018-07-25 06:50:45 +08:00
janekptacijarabaci 5a0265ef97 Crypto Services (utils): Support for SHA256-512 (+ 224) 2018-07-25 06:47:57 +08:00
rhinoduck 7b7ccd5dce Add JXR support to the browser 
Can be enabled/disabled at runtime by toggling the 'media.jxr.enabled'
pref (disabled by default).

Two additional prefs are provided for testing purposes:
'media.jxr.autoaccept', and 'media.jxr.advertised_mime_type'
See comments in all.js for information on what these do.

This commit includes the MS OpenTech implementation of the decoder on
the browser side with some fixes applied; see the development in Pale
Moon GitGub issue #105 or my comments in the source code for more
information.
 2018-07-25 06:44:47 +08:00
Thomas Nguyen a7727df056 Fix crash in SetReferrerWithPolicy, add null check the triggeringPrincipal. 2018-07-25 06:22:50 +08:00
Pale Moon 3d71c559aa Make ArrayBufferInputStream copy its input buffer. 2018-07-25 06:22:26 +08:00
Pale Moon 01d1a30142 Fix buffer logic in http chunked decoder. 2018-07-25 06:22:20 +08:00
Pale Moon 24bd4ab27a Disable caching for ftp browsing sessions. 
All this does is make things stale - there's no real advantage to doing this for FTP in the browser.
 2018-07-25 01:31:13 +08:00
Pale Moon 71b0c81d72 Make the (Offline) application cache work properly with http cache v2. 
- Hand out CacheEntry to read-only callback demanding re-validation.
 2018-07-25 01:21:03 +08:00
Pale Moon 7be6f3a9d6 Remove pref confusion around cache v2 
- Renames browser.cache.use_new_backend to browser.cache.backend
- Sets browser.cache.backend to 1 (use cache v2)
- Removes browser.cache.use_new_backend_temp
 2018-07-25 01:21:01 +08:00
Pale Moon f20e3b1b89 WebRTC: Move the set/unset of |cur_it| to a better place. 2018-07-25 01:05:02 +08:00
Pale Moon 422cae571a WebRTC: Swap order of notifications on association failure. 
Import of d1208ae from upstream git
 2018-07-25 01:04:43 +08:00
Pale Moon 5f09883da3 Don't accept HTTP/2 pseudo headers that are invalid according to RFC 7540. 2018-07-25 01:04:25 +08:00
Pale Moon 62cbc3f0c6 Part 1: Revert Bug 1125784 2018-07-25 01:03:30 +08:00
wolfbeast d763ec74de Import the rest of the file changes needed. 2018-07-25 00:55:29 +08:00
wolfbeast 131363dc30 Fix SSL status ambiguity. 
- Adds CipherSuite string with the full suite
- Changes CipherName to be the actual cipher name instead of the (erroneous) full suite like Firefox does.

This is a reimplementation of 811ce3ff4939b7ece26ad5f99878fc58b92edf7c for Tycho.
 2018-07-25 00:55:11 +08:00
wolfbeast 5e29f52d56 Re-implement cookie-gating. 
This resolves #501.
 2018-07-25 00:54:39 +08:00
wolfbeast 4b901b8210 Update security prefs for SWEET32. 
This also re-organizes the pref blocks and adds comments supplying reason(s) for disabled suites.
 2018-07-24 23:39:42 +08:00
wolfbeast b3956f3b4d Add integer overflow check in WebSocketChannel::ProcessInput. 2018-07-24 23:31:35 +08:00
wolfbeast 42c94972e8 Revert "Add integer overflow check in WebSocketChannel::ProcessInput." 
This reverts commit acb24afd3a8630e44bdb45bd58797c603eb41a23.
 2018-07-24 23:31:27 +08:00
wolfbeast bacabd83d0 Add integer overflow check in WebSocketChannel::ProcessInput. 2018-07-24 23:31:24 +08:00
wolfbeast e89b19a584 Crash fix: Add SPDY/HTTPv2 safety check after h2 Shutdown() 2018-07-24 23:30:56 +08:00
wolfbeast 482b170ac7 Tighten content access to about: pages 2018-07-24 23:30:48 +08:00
wolfbeast 91d64e3cc0 Change UA compatibility mode to a 3-state. 
- Default Gecko Compatibility which is Gecko slice added to Native (for web compat)
- other modes pure native (no gecko slice) and Firefox compatibility (Gecko+Firefox+rv: changed to Firefox compat version)

This removes `general.useragent.compatMode.firefox` and `.gecko` in favor of an int pref.

See also: MoonchildProductions/Pale-Moon#466
 2018-07-24 23:28:32 +08:00
wolfbeast fd5caf4a2d Bump Firefox compatmode version to 45.9 2018-07-24 23:26:16 +08:00
wolfbeast 1a206566ea Fix netaddr deserialization for AF_UNSPEC and AF_LOCAL. 2018-07-24 23:17:13 +08:00
wolfbeast 311d718dbd Fix path typo. 2018-07-24 23:17:02 +08:00
wolfbeast f23858143d Limit number of tries to find unused trash directory 2018-07-24 23:17:00 +08:00
wolfbeast fcaf3dfff6 Don't insist on removal of cache2/doomed directory, causing cache responsiveness slowdown 2018-07-24 23:16:58 +08:00
trav90 052e58f015 Remove GnomeVFS extension 2018-07-24 23:12:24 +08:00
wolfbeast 78964b42e3 Potential crash fix for bogus URLs 2018-07-24 23:12:13 +08:00
trav90 2f6b96ce9a Set execute attributes on all .sh files in tree 2018-07-24 23:12:12 +08:00
Pale Moon 5d9a6104c6 Crash fix for losing our cache entry while finishing up compression. 
(re-apply after unintentional back-out switching to Goanna)
 2018-07-24 23:11:58 +08:00
wolfbeast edcc56de80 Hook up less common cipher suites + move RC4 to disabled section. 2018-07-24 23:11:55 +08:00
wolfbeast f1ad132236 Update TLS intolerant fallback handling: 
- Disable false starts
- Disable fallback to RC4
- Update whitelist that should override the default for insecure fallbacks
 2018-07-24 23:11:55 +08:00
wolfbeast e52817d90a Security: Hook up Camellia ciphers, disable RC4. 2018-07-24 23:11:54 +08:00
wolfbeast 42030102ac Allow BuildID overrides with MOZ_UA_BUILDID again. 2018-07-24 23:11:47 +08:00