From 1f9ab3a6e6e3f1e79b482c0540c98859bbc71350 Mon Sep 17 00:00:00 2001
From: wolfbeast <mcwerewolf@wolfbeast.com>
Date: Fri, 18 Jan 2019 22:43:29 +0100
Subject: Remove NS_IMPL_CYCLE_COLLECTION_TRAVERSE_SCRIPT_OBJECTS

---
 netwerk/base/nsUDPSocket.cpp | 1 -
 1 file changed, 1 deletion(-)

(limited to 'netwerk/base')

diff --git a/netwerk/base/nsUDPSocket.cpp b/netwerk/base/nsUDPSocket.cpp
index 06ecbf9ee..8b6a81bf5 100644
--- a/netwerk/base/nsUDPSocket.cpp
+++ b/netwerk/base/nsUDPSocket.cpp
@@ -172,7 +172,6 @@ NS_IMPL_CYCLE_COLLECTION_TRACE_BEGIN(nsUDPMessage)
 NS_IMPL_CYCLE_COLLECTION_TRACE_END
 
 NS_IMPL_CYCLE_COLLECTION_TRAVERSE_BEGIN(nsUDPMessage)
-  NS_IMPL_CYCLE_COLLECTION_TRAVERSE_SCRIPT_OBJECTS
 NS_IMPL_CYCLE_COLLECTION_TRAVERSE_END
 
 NS_IMPL_CYCLE_COLLECTION_UNLINK_BEGIN(nsUDPMessage)
-- 
cgit v1.2.3


From 6567bb631a78033b6b4cc32bc93e07d837652276 Mon Sep 17 00:00:00 2001
From: wolfbeast <mcwerewolf@wolfbeast.com>
Date: Thu, 7 Feb 2019 12:58:13 +0100
Subject: Never let "localhost" get sent to a proxy.

Also make "No proxy for" editable always when usable.
---
 netwerk/base/nsProtocolProxyService.cpp | 7 +++++++
 1 file changed, 7 insertions(+)

(limited to 'netwerk/base')

diff --git a/netwerk/base/nsProtocolProxyService.cpp b/netwerk/base/nsProtocolProxyService.cpp
index 26eca0e88..237a2a3bd 100644
--- a/netwerk/base/nsProtocolProxyService.cpp
+++ b/netwerk/base/nsProtocolProxyService.cpp
@@ -1841,6 +1841,13 @@ nsProtocolProxyService::Resolve_Internal(nsIChannel *channel,
     if (mPACMan && mPACMan->IsPACURI(uri))
         return NS_OK;
 
+    // If proxies are enabled and this host:port combo is supposed to use a
+    // proxy, check for a proxy.
+    if ((mProxyConfig == PROXYCONFIG_DIRECT) ||
+        !CanUseProxy(uri, info.defaultPort)) {
+        return NS_OK;
+    }
+
     bool mainThreadOnly;
     if (mSystemProxySettings &&
         mProxyConfig == PROXYCONFIG_SYSTEM &&
-- 
cgit v1.2.3


From 8beab28bfff78ccefc8677c5bdddd6f60c544600 Mon Sep 17 00:00:00 2001
From: wolfbeast <mcwerewolf@wolfbeast.com>
Date: Sun, 10 Feb 2019 08:51:40 +0100
Subject: Expose TLS 1.3 cipher suite prefs.

---
 netwerk/base/security-prefs.js | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

(limited to 'netwerk/base')

diff --git a/netwerk/base/security-prefs.js b/netwerk/base/security-prefs.js
index 7d63267a6..ea0b2236d 100644
--- a/netwerk/base/security-prefs.js
+++ b/netwerk/base/security-prefs.js
@@ -17,6 +17,11 @@ pref("security.ssl.false_start.require-npn", false);
 pref("security.ssl.enable_npn", true);
 pref("security.ssl.enable_alpn", true);
 
+// TLS 1.3 cipher suites
+pref("security.tls13.aes_128_gcm_sha256", true);
+pref("security.tls13.chacha20_poly1305_sha256", true);
+pref("security.tls13.aes_256_gcm_sha384", true);
+
 // TLS 1.0-1.2 cipher suites
 pref("security.ssl3.ecdhe_rsa_aes_128_gcm_sha256", true);
 pref("security.ssl3.ecdhe_ecdsa_aes_128_gcm_sha256", true);
@@ -36,11 +41,14 @@ pref("security.ssl3.rsa_camellia_128_sha", true);
 pref("security.ssl3.rsa_camellia_256_sha", true);
 pref("security.ssl3.rsa_aes_128_sha", true);
 pref("security.ssl3.rsa_aes_256_sha", true);
-// Weak / deprecated
+
+// Deprecated
 pref("security.ssl3.dhe_rsa_aes_256_sha", false);
 pref("security.ssl3.dhe_rsa_aes_128_sha", false);
 pref("security.ssl3.rsa_aes_128_gcm_sha256", false);
 pref("security.ssl3.rsa_aes_128_sha256", false);
+
+// Weak/broken (requires fallback_hosts)
 pref("security.ssl3.rsa_des_ede3_sha", false);
 pref("security.ssl3.rsa_rc4_128_sha", false);
 pref("security.ssl3.rsa_rc4_128_md5", false);
-- 
cgit v1.2.3


From d791dfed61bbc963351e5965657a3b13d4e6dceb Mon Sep 17 00:00:00 2001
From: wolfbeast <mcwerewolf@wolfbeast.com>
Date: Thu, 14 Mar 2019 13:07:00 +0100
Subject: Remove unused SSL errorReporting prefs

Resolves #1003.
---
 netwerk/base/security-prefs.js | 4 ----
 1 file changed, 4 deletions(-)

(limited to 'netwerk/base')

diff --git a/netwerk/base/security-prefs.js b/netwerk/base/security-prefs.js
index ea0b2236d..ef78ddccb 100644
--- a/netwerk/base/security-prefs.js
+++ b/netwerk/base/security-prefs.js
@@ -117,10 +117,6 @@ pref("security.webauth.u2f", false);
 pref("security.webauth.u2f_enable_softtoken", false);
 pref("security.webauth.u2f_enable_usbtoken", false);
 
-pref("security.ssl.errorReporting.enabled", true);
-pref("security.ssl.errorReporting.url", "https://incoming.telemetry.mozilla.org/submit/sslreports/");
-pref("security.ssl.errorReporting.automatic", false);
-
 // OCSP must-staple
 pref("security.ssl.enable_ocsp_must_staple", true);
 
-- 
cgit v1.2.3


From b9a8bca64d7a9ae1f950a953ac2985bf7dcc4eff Mon Sep 17 00:00:00 2001
From: wolfbeast <mcwerewolf@wolfbeast.com>
Date: Mon, 1 Apr 2019 00:09:12 +0200
Subject: Remove some HPUX leftovers.

Resolves #185
---
 netwerk/base/nsStandardURL.h | 1 -
 1 file changed, 1 deletion(-)

(limited to 'netwerk/base')

diff --git a/netwerk/base/nsStandardURL.h b/netwerk/base/nsStandardURL.h
index 0ca345572..eba85528c 100644
--- a/netwerk/base/nsStandardURL.h
+++ b/netwerk/base/nsStandardURL.h
@@ -72,7 +72,6 @@ public:
     static void InitGlobalObjects();
     static void ShutdownGlobalObjects();
 
-public: /* internal -- HPUX compiler can't handle this being private */
     //
     // location and length of an url segment relative to mSpec
     //
-- 
cgit v1.2.3