head	1.3;
access;
symbols
	pkgsrc-2018Q4:1.2.0.18
	pkgsrc-2018Q4-base:1.2
	pkgsrc-2018Q3:1.2.0.16
	pkgsrc-2018Q3-base:1.2
	pkgsrc-2018Q2:1.2.0.14
	pkgsrc-2018Q2-base:1.2
	pkgsrc-2018Q1:1.2.0.12
	pkgsrc-2018Q1-base:1.2
	pkgsrc-2017Q4:1.2.0.10
	pkgsrc-2017Q4-base:1.2
	pkgsrc-2017Q3:1.2.0.8
	pkgsrc-2017Q3-base:1.2
	pkgsrc-2017Q2:1.2.0.4
	pkgsrc-2017Q2-base:1.2
	pkgsrc-2017Q1:1.2.0.2
	pkgsrc-2017Q1-base:1.2
	pkgsrc-2016Q4:1.1.0.8
	pkgsrc-2016Q4-base:1.1
	pkgsrc-2016Q3:1.1.0.6
	pkgsrc-2016Q3-base:1.1
	pkgsrc-2016Q2:1.1.0.4
	pkgsrc-2016Q2-base:1.1
	pkgsrc-2016Q1:1.1.0.2
	pkgsrc-2016Q1-base:1.1;
locks; strict;
comment	@// @;


1.3
date	2019.02.25.15.32.24;	author wiz;	state dead;
branches;
next	1.2;
commitid	s4OVmwbTk8HL6adB;

1.2
date	2017.01.22.12.27.22;	author ryoon;	state Exp;
branches;
next	1.1;
commitid	5VJ6CZyEDNPmEXCz;

1.1
date	2016.02.14.07.30.54;	author ryoon;	state Exp;
branches;
next	;
commitid	sEk8ICglPZQf2RUy;


desc
@@


1.3
log
@tor-browser: update to 8.5.

This is based on a git checkout from a couple days ago; not completely
sure about the version number.

The Makefile now contains a short how-to for updating this package.

Many thanks for the www/firefox60 patches!

Use at your own risk!
Survives basic browsing and check.torproject.org claims it connects via tor.

Changes: too many to document.
@
text
@$NetBSD: patch-netwerk_protocol_http_Http2Session.cpp,v 1.2 2017/01/22 12:27:22 ryoon Exp $

--- netwerk/protocol/http/Http2Session.cpp.orig	2016-07-25 12:12:07.000000000 +0000
+++ netwerk/protocol/http/Http2Session.cpp
@@@@ -3521,8 +3521,8 @@@@ Http2Session::ConfirmTLSProfile()
     LOG3(("Http2Session::ConfirmTLSProfile %p FAILED due to DH %d < 2048\n",
           this, keybits));
     RETURN_SESSION_ERROR(this, INADEQUATE_SECURITY);
-  } else if (kea == ssl_kea_ecdh && keybits < 256) { // 256 bits is "security level" of 128
-    LOG3(("Http2Session::ConfirmTLSProfile %p FAILED due to ECDH %d < 256\n",
+  } else if (kea == ssl_kea_ecdh && keybits < 224) { // see rfc7540 9.2.1.
+    LOG3(("Http2Session::ConfirmTLSProfile %p FAILED due to ECDH %d < 224\n",
           this, keybits));
     RETURN_SESSION_ERROR(this, INADEQUATE_SECURITY);
   }
@


1.2
log
@Update to 6.0.8

* Use OpenBSD Ports distfile
* Profile directory has changed to $HOME/TorBrowser-Data
* Besed on Firefox 45.6.0
@
text
@d1 1
a1 1
$NetBSD: patch-netwerk_protocol_http_Http2Session.cpp,v 1.1 2017/01/20 15:03:37 ryoon Exp $
@


1.1
log
@Import tor-browser-5.5.2 as security/tor-browser.

What is the Tor Browser?

The Tor software protects you by bouncing your communications around
a distributed network of relays run by volunteers all around the
world: it prevents somebody watching your Internet connection from
learning what sites you visit, it prevents the sites you visit from
learning your physical location, and it lets you access sites which
are blocked.
@
text
@d1 1
a1 1
$NetBSD: patch-netwerk_protocol_http_Http2Session.cpp,v 1.1 2015/07/09 14:13:52 ryoon Exp $
d3 1
a3 4
https://bugzilla.mozilla.org/show_bug.cgi?id=1130822
Fix obivous alignment issues (causing crashes on some architectures).

--- netwerk/protocol/http/Http2Session.cpp.orig	2015-02-17 21:40:50.000000000 +0000
d5 10
a14 61
@@@@ -32,7 +32,6 @@@@
 #include "nsStandardURL.h"
 #include "nsURLHelper.h"
 #include "prprf.h"
-#include "prnetdb.h"
 #include "sslt.h"
 
 #ifdef DEBUG
@@@@ -1295,7 +1294,7 @@@@ Http2Session::RecvPriority(Http2Session 
     return rv;
 
   uint32_t newPriorityDependency =
-    PR_ntohl(*reinterpret_cast<uint32_t *>(self->mInputFrameBuffer.get() + kFrameHeaderBytes));
+    NS_decodeN32(self->mInputFrameBuffer.get() + kFrameHeaderBytes);
   bool exclusive = !!(newPriorityDependency & 0x80000000);
   newPriorityDependency &= 0x7fffffff;
   uint8_t newPriorityWeight = *(self->mInputFrameBuffer.get() + kFrameHeaderBytes + 4);
@@@@ -1326,7 +1325,7 @@@@ Http2Session::RecvRstStream(Http2Session
   }
 
   self->mDownstreamRstReason =
-    PR_ntohl(*reinterpret_cast<uint32_t *>(self->mInputFrameBuffer.get() + kFrameHeaderBytes));
+    NS_decodeN32(self->mInputFrameBuffer.get() + kFrameHeaderBytes);
 
   LOG3(("Http2Session::RecvRstStream %p RST_STREAM Reason Code %u ID %x\n",
         self, self->mDownstreamRstReason, self->mInputFrameID));
@@@@ -1387,8 +1386,8 @@@@ Http2Session::RecvSettings(Http2Session 
     uint8_t *setting = reinterpret_cast<uint8_t *>
       (self->mInputFrameBuffer.get()) + kFrameHeaderBytes + index * 6;
 
-    uint16_t id = PR_ntohs(*reinterpret_cast<uint16_t *>(setting));
-    uint32_t value = PR_ntohl(*reinterpret_cast<uint32_t *>(setting + 2));
+    uint16_t id = NS_decodeN16(setting);
+    uint32_t value = NS_decodeN32(setting + 2);
     LOG3(("Settings ID %u, Value %u", id, value));
 
     switch (id)
@@@@ -1473,7 +1472,7 @@@@ Http2Session::RecvPushPromise(Http2Sessi
     }
     promiseLen = 4;
     promisedID =
-      PR_ntohl(*reinterpret_cast<uint32_t *>(self->mInputFrameBuffer.get() + kFrameHeaderBytes + paddingControlBytes));
+      NS_decodeN32(self->mInputFrameBuffer.get() + kFrameHeaderBytes + paddingControlBytes);
     promisedID &= 0x7fffffff;
   }
 
@@@@ -1733,11 +1732,11 @@@@ Http2Session::RecvGoAway(Http2Session *s
 
   self->mShouldGoAway = true;
   self->mGoAwayID =
-    PR_ntohl(*reinterpret_cast<uint32_t *>(self->mInputFrameBuffer.get() + kFrameHeaderBytes));
+    NS_decodeN32(self->mInputFrameBuffer.get() + kFrameHeaderBytes);
   self->mGoAwayID &= 0x7fffffff;
   self->mCleanShutdown = true;
   uint32_t statusCode =
-    PR_ntohl(*reinterpret_cast<uint32_t *>(self->mInputFrameBuffer.get() + kFrameHeaderBytes + 4));
+    NS_decodeN32(self->mInputFrameBuffer.get() + kFrameHeaderBytes + 4);
 
   // Find streams greater than the last-good ID and mark them for deletion
   // in the mGoAwayStreamsToRestart queue with the GoAwayEnumerator. The
@@@@ -1809,7 +1808,7 @@@@ Http2Session::RecvWindowUpdate(Http2Sess
a15 25
 
   uint32_t delta =
-    PR_ntohl(*reinterpret_cast<uint32_t *>(self->mInputFrameBuffer.get() + kFrameHeaderBytes));
+    NS_decodeN32(self->mInputFrameBuffer.get() + kFrameHeaderBytes);
   delta &= 0x7fffffff;
 
   LOG3(("Http2Session::RecvWindowUpdate %p len=%d Stream 0x%X.\n",
@@@@ -2453,7 +2452,7 @@@@ Http2Session::WriteSegments(nsAHttpSegme
 
     // 3 bytes of length, 1 type byte, 1 flag byte, 1 unused bit, 31 bits of ID
     uint8_t totallyWastedByte = mInputFrameBuffer.get()[0];
-    mInputFrameDataSize = PR_ntohs(*reinterpret_cast<uint16_t *>(mInputFrameBuffer.get() + 1));
+    mInputFrameDataSize = NS_decodeN16(mInputFrameBuffer.get() + 1);
     if (totallyWastedByte || (mInputFrameDataSize > kMaxFrameData)) {
       LOG3(("Got frame too large 0x%02X%04X", totallyWastedByte, mInputFrameDataSize));
       RETURN_SESSION_ERROR(this, PROTOCOL_ERROR);
@@@@ -2461,7 +2460,7 @@@@ Http2Session::WriteSegments(nsAHttpSegme
     mInputFrameType = *reinterpret_cast<uint8_t *>(mInputFrameBuffer.get() + kFrameLengthBytes);
     mInputFrameFlags = *reinterpret_cast<uint8_t *>(mInputFrameBuffer.get() + kFrameLengthBytes + kFrameTypeBytes);
     mInputFrameID =
-      PR_ntohl(*reinterpret_cast<uint32_t *>(mInputFrameBuffer.get() + kFrameLengthBytes + kFrameTypeBytes + kFrameFlagBytes));
+      NS_decodeN32(mInputFrameBuffer.get() + kFrameLengthBytes + kFrameTypeBytes + kFrameFlagBytes);
     mInputFrameID &= 0x7fffffff;
     mInputFrameDataRead = 0;
 
@