www-client/torbrowser: Version bump

svn path=/sunrise/; revision=12848
author: hasufell <julian.ospald@googlemail.com> 2012-03-27 23:20:10 +0000
committer: hasufell <julian.ospald@googlemail.com> 2012-03-27 23:20:10 +0000
commit: a4153e297b584abb4d950fa3bcceda4029cf6e83 (patch)
tree: 6a65671a0fb1320af5751faff5435aa0787e7431
parent: www-client/torbrowser: patches into subdirs (diff)
download: sunrise-a4153e297b584abb4d950fa3bcceda4029cf6e83.tar.gz
sunrise-a4153e297b584abb4d950fa3bcceda4029cf6e83.tar.bz2
sunrise-a4153e297b584abb4d950fa3bcceda4029cf6e83.zip
15 files changed, 1285 insertions, 1 deletions
diff --git a/www-client/torbrowser/ChangeLog b/www-client/torbrowser/ChangeLog
index ae8339962..627350f77 100644
--- a/www-client/torbrowser/ChangeLog
+++ b/www-client/torbrowser/ChangeLog
@@ -2,6 +2,24 @@
 # Copyright 1999-2012 Gentoo Foundation; Distributed under the GPL v2
 # $Header: $
 
+*torbrowser-11.0 (27 Mar 2012)
+
+  27 Mar 2012; hasufell <julian.ospald@googlemail.com>
+  +files/11.0/0001-Block-Components.interfaces-lookupMethod-from-conten.patch,
+  +files/11.0/0008-Make-content-pref-service-memory-only-clearable.patch,
+  +torbrowser-11.0.ebuild,
+  +files/11.0/0002-Make-Permissions-Manager-memory-only.patch,
+  +files/11.0/0003-Make-Intermediate-Cert-Store-memory-only.patch,
+  +files/11.0/0004-Add-HTTP-auth-headers-before-the-modify-request-obse.patch,
+  +files/11.0/0005-Add-a-string-based-cacheKey.patch,
+  +files/11.0/0006-Randomize-HTTP-pipeline-order-and-depth.patch,
+  +files/11.0/0007-Block-all-plugins-except-flash.patch,
+  +files/11.0/0010-Disable-SSL-Session-ID-tracking.patch,
+  +files/11.0/0011-Provide-an-observer-event-to-close-persistent-connec.patch,
+  +files/11.0/0012-Provide-client-values-only-to-CSS-Media-Queries.patch,
+  +files/11.0/0013-Limit-the-number-of-fonts-per-document.patch:
+  Version bump
+
   27 Mar 2012; hasufell <julian.ospald@googlemail.com>
   +files/10.0.1/0001-Block-Components.interfaces-lookupMethod-from-conten.patch
   , +files/10.0.1/0002-Make-Permissions-Manager-memory-only.patch,
diff --git a/www-client/torbrowser/Manifest b/www-client/torbrowser/Manifest
index 6c8660127..4c44f95fa 100644
--- a/www-client/torbrowser/Manifest
+++ b/www-client/torbrowser/Manifest
@@ -10,12 +10,29 @@ AUX 10.0.1/0010-Disable-SSL-Session-ID-tracking.patch 1165 RMD160 998f444b644f3e
 AUX 10.0.1/0011-Provide-an-observer-event-to-close-persistent-connec.patch 1448 RMD160 02b6e4b943c97e0c75878577aefd96e9e684226e SHA1 80de39474fd21408d56595b7204b20684e1cca8c SHA256 0e59e4e9599f1cb0a62f1a85534b77308b83ce583f4b8bec5422f7007cff9103
 AUX 10.0.1/0012-Provide-client-values-only-to-CSS-Media-Queries.patch 2042 RMD160 effddc0d7b4097c6b2d9a334146eae7ae315264d SHA1 2dcdfe22f9092ac797db689a7e19a802347fec70 SHA256 33172e4cce2136b9005ebde7c2f0f4388aecdc6c1702781fc7481e34ab00d558
 AUX 10.0.1/0013-Limit-the-number-of-fonts-per-document.patch 7318 RMD160 85178f067f3294f20c515cdb71e9b7ff24ba742d SHA1 34c887ff33549f5820479e3d86144114fc1c746e SHA256 91dcd13b99d5378c4966f305b4089a4f6ebee46957ac057f9c0dc42544469b84
+AUX 11.0/0001-Block-Components.interfaces-lookupMethod-from-conten.patch 2341 RMD160 023ab74db2f535bbf55362becdc55e67cad9069d SHA1 2c97d4a7fa43b3e5889ff42753fd52044b7522bb SHA256 a4d9802aa0d65f2b2c685549a085f5ae0c64c49ef3af3ca6fd5a7817e9f4ca02
+AUX 11.0/0002-Make-Permissions-Manager-memory-only.patch 3527 RMD160 ed85f6bd76088b32c0027773410a83d9e990204d SHA1 b3838dc63d82bd18bf1aeecf42d6b0786927d899 SHA256 d7e78336a58d581ccace9c2da364516a763023c1992322a18080a6b0365e9bf5
+AUX 11.0/0003-Make-Intermediate-Cert-Store-memory-only.patch 1759 RMD160 a83236654f985087573647d056b812b2ce4f3563 SHA1 8ec94aac2bb93b8c5bc44e0a89ac2319b444b2d3 SHA256 5c367b98d6031172c4d7d92f7a0f96e53954f4688823eb1438b5b828a9768e82
+AUX 11.0/0004-Add-HTTP-auth-headers-before-the-modify-request-obse.patch 1809 RMD160 4ef3a55eb80abe465541dad435ca4ae73f300cf2 SHA1 aeae43daae6502a8de7ffa94e00937347f718a74 SHA256 c35a9e656ededbc610e9aed8f95c998e90801a1abb77af8634a977cc815419ff
+AUX 11.0/0005-Add-a-string-based-cacheKey.patch 2944 RMD160 8d35b259eac439e6e2a6d9d1790acb33eed9c28d SHA1 187c826af3f6c45fb73fc769c24dcc774474849b SHA256 8dd039ba8608526f21892a77703c68d592fe2257d199c40fbe3e727422b21f7a
+AUX 11.0/0006-Randomize-HTTP-pipeline-order-and-depth.patch 5054 RMD160 93242dd7cfd2293f19cb65d999c309ac149e42e3 SHA1 9c48bcb2f0cb627faba7727281522acbae76e2f8 SHA256 51f48ab44a6c3af186c0dd755f52722fae4363ac83e1759869ed2820cd3450e8
+AUX 11.0/0007-Block-all-plugins-except-flash.patch 2976 RMD160 989b5c04faaa89f1ac5fabae14c0d089bae6052a SHA1 6aeb56243795c66286cf0b393b3738560fb815cb SHA256 0ca6650f0272fb2e1be1bcb791e8b5290752f7cd55af0818e5cacf7c4dce8851
+AUX 11.0/0008-Make-content-pref-service-memory-only-clearable.patch 1357 RMD160 0fd92daca7533dc135b683bb05604eeb47c3e36b SHA1 22fe30b690207a05798480dd430aa5bbcb19cd1c SHA256 75542e213d1a7f51a07d71101223ca4ea1e0a91f7ccdf07505ef6b9409a85339
+AUX 11.0/0010-Disable-SSL-Session-ID-tracking.patch 1165 RMD160 f85c78862bd68def93b70b3feaddb3d3b84ae87a SHA1 8b62490d3f628a012637d8e3a1f9323dbee7e4c5 SHA256 d24f4361b14e9806d1691c125364544991b82debd80554c42d5c3c9d3386b10f
+AUX 11.0/0011-Provide-an-observer-event-to-close-persistent-connec.patch 1448 RMD160 124e2e191b160f88ae46ce5a9e2ca7c1c1e9b13c SHA1 f2f2aa277a3a85b45f003493a521f8a3b48542bb SHA256 7aa62fd654b06610d993a1202a6e7f63ab40f9abf028ede79fa09f705622640c
+AUX 11.0/0012-Provide-client-values-only-to-CSS-Media-Queries.patch 2042 RMD160 ed75f265023568f1cb0227d9f1adda5ecdea5b48 SHA1 babc05665020d78ca4ccc690075d550de7e8cb63 SHA256 b09c41add5d6ebf52117a7169cabcc87024bcee9049dbd1a5c79acc1e758f4cf
+AUX 11.0/0013-Limit-the-number-of-fonts-per-document.patch 7318 RMD160 d8ccf3e0cb21b795dae2f2272020f0681c57d263 SHA1 8b50867268cc0fb6693e208040f9eaab74f8ec4f SHA256 67ff7d48d5faeebc2a7e9e982a40a79547671fbd7ad4dcf5f7e9f17e0558b467
 AUX libvpx-1.0.0.patch 2137 RMD160 f5425c9694d8c668da6fbe4726907579e3e1e1ff SHA1 6ffca3b3672eb97f88b72f14e792c5d02633307a SHA256 49ce639966c6596aaf6f1de4ed77699aaa86d7d14c0fe4b64b99bf2c6450e184
 DIST firefox-10.0-patches-0.5.tar.xz 16708 RMD160 40ccd212e16d4e5dd389db95aa7be0fe68361073 SHA1 3ca7cb54cdc2b704fe468cc26e1818648635b514 SHA256 981f40b1f2f12439d1301a0f7f4171aee4b84b16fe6b926344b63750efb21158
 DIST firefox-10.0.1.source.tar.bz2 75537947 RMD160 853c76ee98b25664daee8ee3ad881f45010767e1 SHA1 8613957db84e6722ccf1ebf74fab927139614bfc SHA256 d06dc35607e354d4c1524ca3344cd316a6d7a38c8c0578a52caee6a3adb054f5
+DIST firefox-11.0-patches-0.4.tar.xz 16876 RMD160 2edf20116eee6c01153332cbcda2655860f53d9b SHA1 9a34c6e76b2590b1fa1791477b92cd054fa6bece SHA256 543cdba1fd9a75f41183b817b2fae44099bde52e503e34e130566d3ca51b3f49
+DIST firefox-11.0.source.tar.bz2 78548401 RMD160 13b7c7327063625904d00b58a6d6f15c04918e92 SHA1 0b05f91b81803010502cf89f54c3d0187fb63d7e SHA256 2fda6bcfe455c2449a8a69bc16bf13f6ea6006badb0657dae63107e52f051701
 DIST tor-browser-gnu-linux-i686-2.2.35-7.2-dev-en-US.tar.gz 30489710 RMD160 fca09ea9a5f7778a8179f274040561287f206da0 SHA1 b83c21d1f7965df69ec0a71cef22abc8f3024d14 SHA256 5b657ffa3724658c4225493c868fbe8938eec8f3db3017988857c416d075af10
+DIST tor-browser-gnu-linux-i686-2.2.35-9-dev-en-US.tar.gz 30969314 RMD160 9528c3294a9bad1fe1508938490c1f3adfc0bdfb SHA1 6af9a359319f96052d1b3f483408bac35c468c68 SHA256 35e335c2b1cbfae1dd13e9f000d19c2d165371fbe121f7029daae6bd48cfe4e6
 DIST tor-browser-gnu-linux-x86_64-2.2.35-7.2-dev-en-US.tar.gz 31430945 RMD160 fbc930b08509abac9f5d11d67bfa84dce16639d9 SHA1 18ce8a31287e712c3b34a175d4179ee479bb8cd9 SHA256 45cba289d2b97639bea7910e86684614d7defca377d6c0a41af3f20ad267a720
+DIST tor-browser-gnu-linux-x86_64-2.2.35-9-dev-en-US.tar.gz 31898894 RMD160 bc6014bfaf781c7efbd2526fff2421aa576b22ee SHA1 9ce091956c527a20197bd194042e1d3ec96f6709 SHA256 5b3424e396ca240cd284e02cc0fe9df13de6a3bcd7f7da72c48bb6f09c46362a
 DIST torbrowser.png 1383 RMD160 fb32cdee9dfb09a5341c5f96aff540ac122ee46a SHA1 c5bc62339515de7c0ff0691db086eec8a7fe18a1 SHA256 36af7b3f72fab03d478f08416df7832bf146ebdb2fa1f2ed0ac398d75c7f9284
 EBUILD torbrowser-10.0.1.ebuild 9591 RMD160 f52fd8f8310a6b76bcdef87ff0c8e830a3fc49a8 SHA1 5acba33f336070ffdfeed0c75e181151954ce0fa SHA256 218d4dae4c97998e43575f7fbdba7c9d45ae81aaec42a27dde4ab8a2d91818bc
-MISC ChangeLog 2922 RMD160 6d354796d19f6736a09295b4d45369789c13e879 SHA1 fa6399d41b7679d65e0e1799cad736e97eebb346 SHA256 57094f01822839b2f56335b58c6c2defa6cbdde44d83eb31ac272fa7c3a25c6b
+EBUILD torbrowser-11.0.ebuild 9452 RMD160 94317221fcc7173207ffa31a80f301a925ae29fb SHA1 8e941ef83c0f837acacf00a427ac6b878b821f02 SHA256 e8de16b37346717f63692b918621a178344f13de24c1d335d9d0ffed609b3970
+MISC ChangeLog 3867 RMD160 63cb0750acdc07268d9fe69569cadaba62d331bf SHA1 e3c911130b720b34413d8b3ae48123657e5f26dd SHA256 8c9a93e9d7e346d907b0f1ee30e48987cabf3c57ffd8d4d84e062c1b5fd483ce
 MISC metadata.xml 1479 RMD160 9be44a70554adc58388f1b4246ddafad36b993f5 SHA1 2f64542c16cbf163be8a0f6dccf82d4c4402a798 SHA256 8ccb5d4c7687f71250c54418f69bbdf1e84d1d81ea67472faf8964f4190427e0
diff --git a/www-client/torbrowser/files/11.0/0001-Block-Components.interfaces-lookupMethod-from-conten.patch b/www-client/torbrowser/files/11.0/0001-Block-Components.interfaces-lookupMethod-from-conten.patch
new file mode 100644
index 000000000..bdc2f8d86
--- /dev/null
+++ b/www-client/torbrowser/files/11.0/0001-Block-Components.interfaces-lookupMethod-from-conten.patch
@@ -0,0 +1,50 @@
+From 7b56d6e4ae963f13bb7469d803be823e366ec00c Mon Sep 17 00:00:00 2001
+From: Mike Perry <mikeperry-git@torproject.org>
+Date: Wed, 1 Feb 2012 15:40:40 -0800
+Subject: [PATCH 01/13] Block Components.interfaces,lookupMethod from content
+
+This patch removes the ability of content script to access
+Components.interfaces.* as well as call or access Components.lookupMethod.
+
+These two interfaces seem to be exposed to content script only to make our
+lives difficult. Components.lookupMethod can undo our JS hooks, and
+Components.interfaces is useful for fingerprinting the platform, OS, and
+Firebox version.
+
+They appear to have no other legitimate use. See also:
+https://bugzilla.mozilla.org/show_bug.cgi?id=429070
+https://trac.torproject.org/projects/tor/ticket/2873
+https://trac.torproject.org/projects/tor/ticket/2874
+---
+ js/xpconnect/src/XPCComponents.cpp |    8 ++++++--
+ 1 files changed, 6 insertions(+), 2 deletions(-)
+
+diff --git a/js/xpconnect/src/XPCComponents.cpp b/js/xpconnect/src/XPCComponents.cpp
+index ef3e5ac..e986db4 100644
+--- a/js/xpconnect/src/XPCComponents.cpp
++++ b/js/xpconnect/src/XPCComponents.cpp
+@@ -4236,7 +4236,9 @@ nsXPCComponents::CanCreateWrapper(const nsIID * iid, char **_retval)
+ NS_IMETHODIMP
+ nsXPCComponents::CanCallMethod(const nsIID * iid, const PRUnichar *methodName, char **_retval)
+ {
+-    static const char* allowed[] = { "isSuccessCode", "lookupMethod", nsnull };
++    // XXX: Pref observer? Also, is this what we want? Seems like a plan
++    //static const char* allowed[] = { "isSuccessCode", "lookupMethod", nsnull };
++    static const char* allowed[] = { "isSuccessCode", nsnull };
+     *_retval = xpc_CheckAccessList(methodName, allowed);
+     return NS_OK;
+ }
+@@ -4245,7 +4247,9 @@ nsXPCComponents::CanCallMethod(const nsIID * iid, const PRUnichar *methodName, c
+ NS_IMETHODIMP
+ nsXPCComponents::CanGetProperty(const nsIID * iid, const PRUnichar *propertyName, char **_retval)
+ {
+-    static const char* allowed[] = { "interfaces", "interfacesByID", "results", nsnull};
++    // XXX: Pref observer? Also, is this what we want? Seems like a plan
++    //    static const char* allowed[] = { "interfaces", "interfacesByID", "results", nsnull};
++    static const char* allowed[] = { "results", nsnull};
+     *_retval = xpc_CheckAccessList(propertyName, allowed);
+     return NS_OK;
+ }
+-- 
+1.7.5.4
+
diff --git a/www-client/torbrowser/files/11.0/0002-Make-Permissions-Manager-memory-only.patch b/www-client/torbrowser/files/11.0/0002-Make-Permissions-Manager-memory-only.patch
new file mode 100644
index 000000000..1ff64e35a
--- /dev/null
+++ b/www-client/torbrowser/files/11.0/0002-Make-Permissions-Manager-memory-only.patch
@@ -0,0 +1,94 @@
+From 4640f62becabf5adefd190ae119c93e486be9aed Mon Sep 17 00:00:00 2001
+From: Mike Perry <mikeperry-git@torproject.org>
+Date: Wed, 1 Feb 2012 15:45:16 -0800
+Subject: [PATCH 02/13] Make Permissions Manager memory-only
+
+This patch exposes a pref 'permissions.memory_only' that properly isolates the
+permissions manager to memory, which is responsible for all user specified
+site permissions, as well as stored STS policy.
+
+The pref does successfully clear the permissions manager memory if toggled. It
+does not need to be set in prefs.js, and can be handled by Torbutton.
+
+https://trac.torproject.org/projects/tor/ticket/2950
+---
+ extensions/cookie/nsPermissionManager.cpp |   34 ++++++++++++++++++++++++++--
+ 1 files changed, 31 insertions(+), 3 deletions(-)
+
+diff --git a/extensions/cookie/nsPermissionManager.cpp b/extensions/cookie/nsPermissionManager.cpp
+index 67eb216..12cc7cf 100644
+--- a/extensions/cookie/nsPermissionManager.cpp
++++ b/extensions/cookie/nsPermissionManager.cpp
+@@ -58,6 +58,10 @@
+ #include "mozStorageHelper.h"
+ #include "mozStorageCID.h"
+ #include "nsXULAppAPI.h"
++#include "nsCOMPtr.h"
++#include "nsIPrefService.h"
++#include "nsIPrefBranch.h"
++#include "nsIPrefBranch2.h"
+ 
+ static nsPermissionManager *gPermissionManager = nsnull;
+ 
+@@ -203,6 +207,11 @@ nsPermissionManager::Init()
+     mObserverService->AddObserver(this, "profile-do-change", true);
+   }
+ 
++  nsCOMPtr<nsIPrefBranch2> pbi = do_GetService(NS_PREFSERVICE_CONTRACTID);
++  if (pbi) {
++    pbi->AddObserver("permissions.", this, PR_FALSE);
++  }
++
+   if (IsChildProcess()) {
+     // Get the permissions from the parent process
+     InfallibleTArray<IPC::Permission> perms;
+@@ -251,8 +260,18 @@ nsPermissionManager::InitDB(bool aRemoveFile)
+   if (!storage)
+     return NS_ERROR_UNEXPECTED;
+ 
++  bool memory_db = false;
++  nsCOMPtr<nsIPrefBranch> prefs = do_GetService(NS_PREFSERVICE_CONTRACTID);
++  if (prefs) {
++    prefs->GetBoolPref("permissions.memory_only", &memory_db); 
++  }
++
+   // cache a connection to the hosts database
+-  rv = storage->OpenDatabase(permissionsFile, getter_AddRefs(mDBConn));
++  if (memory_db) {
++    rv = storage->OpenSpecialDatabase("memory", getter_AddRefs(mDBConn));
++  } else {
++    rv = storage->OpenDatabase(permissionsFile, getter_AddRefs(mDBConn));
++  }
+   NS_ENSURE_SUCCESS(rv, rv);
+ 
+   bool ready;
+@@ -262,7 +281,11 @@ nsPermissionManager::InitDB(bool aRemoveFile)
+     rv = permissionsFile->Remove(false);
+     NS_ENSURE_SUCCESS(rv, rv);
+ 
+-    rv = storage->OpenDatabase(permissionsFile, getter_AddRefs(mDBConn));
++    if (memory_db) {
++      rv = storage->OpenSpecialDatabase("memory", getter_AddRefs(mDBConn));
++    } else {
++      rv = storage->OpenDatabase(permissionsFile, getter_AddRefs(mDBConn));
++    }
+     NS_ENSURE_SUCCESS(rv, rv);
+ 
+     mDBConn->GetConnectionReady(&ready);
+@@ -783,7 +806,12 @@ NS_IMETHODIMP nsPermissionManager::Observe(nsISupports *aSubject, const char *aT
+ {
+   ENSURE_NOT_CHILD_PROCESS;
+ 
+-  if (!nsCRT::strcmp(aTopic, "profile-before-change")) {
++  if (nsCRT::strcmp(aTopic, NS_PREFBRANCH_PREFCHANGE_TOPIC_ID) == 0) {
++    if (!nsCRT::strcmp(someData, NS_LITERAL_STRING("permissions.memory_only").get())) {
++      // XXX: Should we remove the file? Probably not..
++      InitDB(PR_FALSE);
++    }
++  } else if (!nsCRT::strcmp(aTopic, "profile-before-change")) {
+     // The profile is about to change,
+     // or is going away because the application is shutting down.
+     if (!nsCRT::strcmp(someData, NS_LITERAL_STRING("shutdown-cleanse").get())) {
+-- 
+1.7.5.4
+
diff --git a/www-client/torbrowser/files/11.0/0003-Make-Intermediate-Cert-Store-memory-only.patch b/www-client/torbrowser/files/11.0/0003-Make-Intermediate-Cert-Store-memory-only.patch
new file mode 100644
index 000000000..49ca58e0f
--- /dev/null
+++ b/www-client/torbrowser/files/11.0/0003-Make-Intermediate-Cert-Store-memory-only.patch
@@ -0,0 +1,43 @@
+From b24b0d0fdddb77692a1609109f4c7cfb4b6f11f8 Mon Sep 17 00:00:00 2001
+From: Mike Perry <mikeperry-git@fscked.org>
+Date: Fri, 19 Aug 2011 17:58:23 -0700
+Subject: [PATCH 03/13] Make Intermediate Cert Store memory-only.
+
+This patch makes the intermediate SSL cert store exist in memory only.
+
+The pref must be set before startup in prefs.js.
+https://trac.torproject.org/projects/tor/ticket/2949
+---
+ security/manager/ssl/src/nsNSSComponent.cpp |   15 ++++++++++++++-
+ 1 files changed, 14 insertions(+), 1 deletions(-)
+
+diff --git a/security/manager/ssl/src/nsNSSComponent.cpp b/security/manager/ssl/src/nsNSSComponent.cpp
+index 5abc0a5..22becca 100644
+--- a/security/manager/ssl/src/nsNSSComponent.cpp
++++ b/security/manager/ssl/src/nsNSSComponent.cpp
+@@ -1738,8 +1738,21 @@ nsNSSComponent::InitializeNSS(bool showWarningBox)
+     // Ubuntu 8.04, which loads any nonexistent "<configdir>/libnssckbi.so" as
+     // "/usr/lib/nss/libnssckbi.so".
+     PRUint32 init_flags = NSS_INIT_NOROOTINIT | NSS_INIT_OPTIMIZESPACE;
+-    SECStatus init_rv = ::NSS_Initialize(profileStr.get(), "", "",
++    bool nocertdb = false;
++    mPrefBranch->GetBoolPref("security.nocertdb", &nocertdb);
++
++    // XXX: We can also do the the following to only disable the certdb.
++    // Leaving this codepath in as a fallback in case InitNODB fails
++    if (nocertdb)
++      init_flags |= NSS_INIT_NOCERTDB;
++
++    SECStatus init_rv;
++    if (nocertdb) {
++        init_rv = ::NSS_NoDB_Init(NULL);
++    } else {
++        init_rv = ::NSS_Initialize(profileStr.get(), "", "",
+                                          SECMOD_DB, init_flags);
++    }
+ 
+     if (init_rv != SECSuccess) {
+       PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("can not init NSS r/w in %s\n", profileStr.get()));
+-- 
+1.7.5.4
+
diff --git a/www-client/torbrowser/files/11.0/0004-Add-HTTP-auth-headers-before-the-modify-request-obse.patch b/www-client/torbrowser/files/11.0/0004-Add-HTTP-auth-headers-before-the-modify-request-obse.patch
new file mode 100644
index 000000000..2f0ef8348
--- /dev/null
+++ b/www-client/torbrowser/files/11.0/0004-Add-HTTP-auth-headers-before-the-modify-request-obse.patch
@@ -0,0 +1,52 @@
+From d09a2b089ef401b08a8668b55b42233c81cbc198 Mon Sep 17 00:00:00 2001
+From: Mike Perry <mikeperry-git@fscked.org>
+Date: Fri, 2 Sep 2011 15:33:20 -0700
+Subject: [PATCH 04/13] Add HTTP auth headers before the modify-request
+ observer.
+
+Otherwise, how are we supposed to modify them?
+
+Thanks to Georg Koppen for spotting both the problem and this fix.
+---
+ netwerk/protocol/http/nsHttpChannel.cpp |   11 +++++++----
+ 1 files changed, 7 insertions(+), 4 deletions(-)
+
+diff --git a/netwerk/protocol/http/nsHttpChannel.cpp b/netwerk/protocol/http/nsHttpChannel.cpp
+index 7c88d41..0cab7a4 100644
+--- a/netwerk/protocol/http/nsHttpChannel.cpp
++++ b/netwerk/protocol/http/nsHttpChannel.cpp
+@@ -328,9 +328,6 @@ nsHttpChannel::Connect(bool firstTime)
+         return NS_ERROR_DOCUMENT_NOT_CACHED;
+     }
+ 
+-    // check to see if authorization headers should be included
+-    mAuthProvider->AddAuthorizationHeaders();
+-
+     if (mLoadFlags & LOAD_NO_NETWORK_IO) {
+         return NS_ERROR_DOCUMENT_NOT_CACHED;
+     }
+@@ -3743,6 +3740,9 @@ nsHttpChannel::AsyncOpen(nsIStreamListener *listener, nsISupports *context)
+ 
+     AddCookiesToRequest();
+ 
++    // check to see if authorization headers should be included
++    mAuthProvider->AddAuthorizationHeaders();
++
+     // notify "http-on-modify-request" observers
+     gHttpHandler->OnModifyRequest(this);
+ 
+@@ -4847,7 +4847,10 @@ nsHttpChannel::DoAuthRetry(nsAHttpConnection *conn)
+     // this authentication attempt (bug 84794).
+     // TODO: save cookies from auth response and send them here (bug 572151).
+     AddCookiesToRequest();
+-    
++   
++    // check to see if authorization headers should be included
++    mAuthProvider->AddAuthorizationHeaders();
++ 
+     // notify "http-on-modify-request" observers
+     gHttpHandler->OnModifyRequest(this);
+ 
+-- 
+1.7.5.4
+
diff --git a/www-client/torbrowser/files/11.0/0005-Add-a-string-based-cacheKey.patch b/www-client/torbrowser/files/11.0/0005-Add-a-string-based-cacheKey.patch
new file mode 100644
index 000000000..c0b8be52e
--- /dev/null
+++ b/www-client/torbrowser/files/11.0/0005-Add-a-string-based-cacheKey.patch
@@ -0,0 +1,85 @@
+From 76dfe3891b66f4a6ba352cf543ca52ff59aa65cd Mon Sep 17 00:00:00 2001
+From: Mike Perry <mikeperry-git@fscked.org>
+Date: Fri, 2 Sep 2011 20:47:02 -0700
+Subject: [PATCH 05/13] Add a string-based cacheKey.
+
+Used for isolating cache according to same-origin policy.
+---
+ netwerk/base/public/nsICachingChannel.idl |    7 +++++++
+ netwerk/protocol/http/nsHttpChannel.cpp   |   22 ++++++++++++++++++++++
+ netwerk/protocol/http/nsHttpChannel.h     |    1 +
+ 3 files changed, 30 insertions(+), 0 deletions(-)
+
+diff --git a/netwerk/base/public/nsICachingChannel.idl b/netwerk/base/public/nsICachingChannel.idl
+index 2da46d6..4ee5774 100644
+--- a/netwerk/base/public/nsICachingChannel.idl
++++ b/netwerk/base/public/nsICachingChannel.idl
+@@ -98,6 +98,13 @@ interface nsICachingChannel : nsICacheInfoChannel
+     attribute nsISupports cacheKey;
+ 
+     /**
++     * Set/get the cache domain... uniquely identifies the data in the cache
++     * for this channel.  Holding a reference to this key does NOT prevent
++     * the cached data from being removed.
++     */
++    attribute AUTF8String cacheDomain;
++
++    /**
+      * Specifies whether or not the data should be cached to a file.  This
+      * may fail if the disk cache is not present.  The value of this attribute
+      * is usually only settable during the processing of a channel's
+diff --git a/netwerk/protocol/http/nsHttpChannel.cpp b/netwerk/protocol/http/nsHttpChannel.cpp
+index 0cab7a4..2c2803f 100644
+--- a/netwerk/protocol/http/nsHttpChannel.cpp
++++ b/netwerk/protocol/http/nsHttpChannel.cpp
+@@ -2408,6 +2408,12 @@ nsHttpChannel::AssembleCacheKey(const char *spec, PRUint32 postID,
+         cacheKey.Append(buf);
+     }
+ 
++    if (strlen(mCacheDomain.get()) > 0) {
++        cacheKey.AppendLiteral("domain=");
++        cacheKey.Append(mCacheDomain.get());
++        cacheKey.AppendLiteral("&");
++    }
++
+     if (!cacheKey.IsEmpty()) {
+         cacheKey.AppendLiteral("uri=");
+     }
+@@ -4747,6 +4753,22 @@ nsHttpChannel::SetCacheForOfflineUse(bool value)
+ }
+ 
+ NS_IMETHODIMP
++nsHttpChannel::GetCacheDomain(nsACString &value)
++{
++    value = mCacheDomain;
++
++    return NS_OK;
++}
++
++NS_IMETHODIMP
++nsHttpChannel::SetCacheDomain(const nsACString &value)
++{
++    mCacheDomain = value;
++
++    return NS_OK;
++}
++
++NS_IMETHODIMP
+ nsHttpChannel::GetOfflineCacheClientID(nsACString &value)
+ {
+     value = mOfflineCacheClientID;
+diff --git a/netwerk/protocol/http/nsHttpChannel.h b/netwerk/protocol/http/nsHttpChannel.h
+index 88ce469..53538cf 100644
+--- a/netwerk/protocol/http/nsHttpChannel.h
++++ b/netwerk/protocol/http/nsHttpChannel.h
+@@ -303,6 +303,7 @@ private:
+     nsCOMPtr<nsICacheEntryDescriptor> mOfflineCacheEntry;
+     nsCacheAccessMode                 mOfflineCacheAccess;
+     nsCString                         mOfflineCacheClientID;
++    nsCString                         mCacheDomain;
+ 
+     // auth specific data
+     nsCOMPtr<nsIHttpChannelAuthProvider> mAuthProvider;
+-- 
+1.7.5.4
+
diff --git a/www-client/torbrowser/files/11.0/0006-Randomize-HTTP-pipeline-order-and-depth.patch b/www-client/torbrowser/files/11.0/0006-Randomize-HTTP-pipeline-order-and-depth.patch
new file mode 100644
index 000000000..04a34ea19
--- /dev/null
+++ b/www-client/torbrowser/files/11.0/0006-Randomize-HTTP-pipeline-order-and-depth.patch
@@ -0,0 +1,151 @@
+From 39a9dab25c4ed3acc95009c0f44f4f6f2f1c5086 Mon Sep 17 00:00:00 2001
+From: Mike Perry <mikeperry-git@torproject.org>
+Date: Thu, 15 Mar 2012 20:05:07 -0700
+Subject: [PATCH 06/13] Randomize HTTP pipeline order and depth.
+
+This is an experimental defense against
+http://lorre.uni.lu/~andriy/papers/acmccs-wpes11-fingerprinting.pdf
+
+See also:
+https://blog.torproject.org/blog/experimental-defense-website-traffic-fingerprinting
+---
+ netwerk/protocol/http/nsHttpConnectionMgr.cpp |   79 ++++++++++++++++++++++++-
+ netwerk/protocol/http/nsHttpConnectionMgr.h   |    4 +
+ 2 files changed, 82 insertions(+), 1 deletions(-)
+
+diff --git a/netwerk/protocol/http/nsHttpConnectionMgr.cpp b/netwerk/protocol/http/nsHttpConnectionMgr.cpp
+index 17d897f..3200638 100644
+--- a/netwerk/protocol/http/nsHttpConnectionMgr.cpp
++++ b/netwerk/protocol/http/nsHttpConnectionMgr.cpp
+@@ -99,6 +99,12 @@ nsHttpConnectionMgr::nsHttpConnectionMgr()
+     LOG(("Creating nsHttpConnectionMgr @%x\n", this));
+     mCT.Init();
+     mAlternateProtocolHash.Init(16);
++
++    nsresult rv;
++    mRandomGenerator = do_GetService("@mozilla.org/security/random-generator;1", &rv);
++    if (NS_FAILED(rv)) {
++        mRandomGenerator = nsnull;
++    }
+ }
+ 
+ nsHttpConnectionMgr::~nsHttpConnectionMgr()
+@@ -1227,7 +1233,7 @@ nsHttpConnectionMgr::DispatchTransaction(nsConnectionEntry *ent,
+ 
+     if (conn->SupportsPipelining() && (caps & NS_HTTP_ALLOW_PIPELINING)) {
+         LOG(("  looking to build pipeline...\n"));
+-        if (BuildPipeline(ent, trans, &pipeline))
++        if (BuildRandomizedPipeline(ent, trans, &pipeline))
+             trans = pipeline;
+     }
+ 
+@@ -1300,6 +1306,77 @@ nsHttpConnectionMgr::BuildPipeline(nsConnectionEntry *ent,
+     return true;
+ }
+ 
++bool
++nsHttpConnectionMgr::BuildRandomizedPipeline(nsConnectionEntry *ent,
++                                   nsAHttpTransaction *firstTrans,
++                                   nsHttpPipeline **result)
++{
++    if (mRandomGenerator == nsnull)
++        return BuildPipeline(ent, firstTrans, result);
++    if (mMaxPipelinedRequests < 2)
++        return PR_FALSE;
++
++    nsresult rv;
++    PRUint8 *bytes = nsnull;
++
++    nsHttpPipeline *pipeline = nsnull;
++    nsHttpTransaction *trans;
++
++    PRUint32 i = 0, numAdded = 0, numAllowed = 0;
++    PRUint32 max = 0;
++
++    while (i < ent->mPendingQ.Length()) {
++        if (ent->mPendingQ[i]->Caps() & NS_HTTP_ALLOW_PIPELINING)
++            numAllowed++;
++        i++;
++    }
++
++    rv = mRandomGenerator->GenerateRandomBytes(1, &bytes);
++    NS_ENSURE_SUCCESS(rv, rv);
++    // 4...12
++    max = 4 + (bytes[0] % (mMaxPipelinedRequests + 1));
++    NS_Free(bytes);
++
++    while (numAllowed > 0) {
++        rv = mRandomGenerator->GenerateRandomBytes(1, &bytes);
++        NS_ENSURE_SUCCESS(rv, rv);
++        i = bytes[0] % ent->mPendingQ.Length();
++        NS_Free(bytes);
++
++        trans = ent->mPendingQ[i];
++
++        if (!(ent->mPendingQ[i]->Caps() & NS_HTTP_ALLOW_PIPELINING))
++            continue;
++
++        if (numAdded == 0) {
++            pipeline = new nsHttpPipeline;
++            if (!pipeline)
++                return PR_FALSE;
++            pipeline->AddTransaction(firstTrans);
++            numAdded = 1;
++        }
++        pipeline->AddTransaction(trans);
++
++        // remove transaction from pending queue
++        ent->mPendingQ.RemoveElementAt(i);
++        NS_RELEASE(trans);
++
++        numAllowed--;
++
++        if (++numAdded == max)
++            break;
++    }
++
++    //fprintf(stderr, "Yay!!! pipelined %u/%u transactions\n", numAdded, max);
++    LOG(("  pipelined %u/%u transactions\n", numAdded, max));
++
++    if (numAdded == 0)
++        return PR_FALSE;
++
++    NS_ADDREF(*result = pipeline);
++    return PR_TRUE;
++}
++
+ nsresult
+ nsHttpConnectionMgr::ProcessNewTransaction(nsHttpTransaction *trans)
+ {
+diff --git a/netwerk/protocol/http/nsHttpConnectionMgr.h b/netwerk/protocol/http/nsHttpConnectionMgr.h
+index bb605a1..47d01f6 100644
+--- a/netwerk/protocol/http/nsHttpConnectionMgr.h
++++ b/netwerk/protocol/http/nsHttpConnectionMgr.h
+@@ -54,6 +54,7 @@
+ #include "nsIObserver.h"
+ #include "nsITimer.h"
+ #include "nsIX509Cert3.h"
++#include "nsIRandomGenerator.h"
+ 
+ class nsHttpPipeline;
+ 
+@@ -312,6 +313,7 @@ private:
+     nsresult DispatchTransaction(nsConnectionEntry *, nsHttpTransaction *,
+                                  PRUint8 caps, nsHttpConnection *);
+     bool     BuildPipeline(nsConnectionEntry *, nsAHttpTransaction *, nsHttpPipeline **);
++    bool     BuildRandomizedPipeline(nsConnectionEntry *, nsAHttpTransaction *, nsHttpPipeline **);
+     nsresult ProcessNewTransaction(nsHttpTransaction *);
+     nsresult EnsureSocketThreadTargetIfOnline();
+     void     ClosePersistentConnections(nsConnectionEntry *ent);
+@@ -405,6 +407,8 @@ private:
+     PRUint64 mTimeOfNextWakeUp;
+     // Timer for next pruning of dead connections.
+     nsCOMPtr<nsITimer> mTimer;
++    // Random number generator for reordering HTTP pipeline
++    nsCOMPtr<nsIRandomGenerator>             mRandomGenerator;
+ 
+     //
+     // the connection table
+-- 
+1.7.5.4
+
diff --git a/www-client/torbrowser/files/11.0/0007-Block-all-plugins-except-flash.patch b/www-client/torbrowser/files/11.0/0007-Block-all-plugins-except-flash.patch
new file mode 100644
index 000000000..b850f62a0
--- /dev/null
+++ b/www-client/torbrowser/files/11.0/0007-Block-all-plugins-except-flash.patch
@@ -0,0 +1,85 @@
+From 10873c626d038b520853539d45a170919d6d0361 Mon Sep 17 00:00:00 2001
+From: Mike Perry <mikeperry-git@torproject.org>
+Date: Wed, 1 Feb 2012 15:50:15 -0800
+Subject: [PATCH 07/13] Block all plugins except flash.
+
+We cannot use the @mozilla.org/extensions/blocklist;1 service, because we
+actually want to stop plugins from ever entering the browser's process space
+and/or executing code (for example, AV plugins that collect statistics/analyse
+urls, magical toolbars that phone home or "help" the user, skype buttons that
+ruin our day, and censorship filters). Hence we rolled our own.
+
+See https://trac.torproject.org/projects/tor/ticket/3547#comment:6 for musings
+on a better way. Until then, it is delta-darwinism for us.
+---
+ dom/plugins/base/nsPluginHost.cpp |   33 +++++++++++++++++++++++++++++++++
+ dom/plugins/base/nsPluginHost.h   |    2 ++
+ 2 files changed, 35 insertions(+), 0 deletions(-)
+
+diff --git a/dom/plugins/base/nsPluginHost.cpp b/dom/plugins/base/nsPluginHost.cpp
+index 7fe18b2..d76c4ca 100644
+--- a/dom/plugins/base/nsPluginHost.cpp
++++ b/dom/plugins/base/nsPluginHost.cpp
+@@ -1982,6 +1982,35 @@ bool nsPluginHost::IsDuplicatePlugin(nsPluginTag * aPluginTag)
+   return false;
+ }
+ 
++PRBool nsPluginHost::GhettoBlacklist(nsIFile *pluginFile)
++{
++    nsCString leaf;
++    const char *leafStr;
++    nsresult rv;
++    
++    rv = pluginFile->GetNativeLeafName(leaf);
++    if (NS_FAILED(rv)) {
++        return PR_TRUE; // fuck 'em. blacklist.
++    }
++
++    leafStr = leaf.get();
++
++    if (!leafStr) {
++        return PR_TRUE; // fuck 'em. blacklist.
++    }
++
++    // libgnashplugin.so, libflashplayer.so, Flash Player-10.4-10.5.plugin,
++    // NPSWF32.dll, NPSWF64.dll
++    if (strstr(leafStr, "libgnashplugin") == leafStr ||
++        strstr(leafStr, "libflashplayer") == leafStr ||
++        strstr(leafStr, "Flash Player") == leafStr ||
++        strstr(leafStr, "NPSWF") == leafStr) {
++        return PR_FALSE;
++    }
++
++    return PR_TRUE; // fuck 'em. blacklist.
++}
++
+ typedef NS_NPAPIPLUGIN_CALLBACK(char *, NP_GETMIMEDESCRIPTION)(void);
+ 
+ nsresult nsPluginHost::ScanPluginsDirectory(nsIFile *pluginsDir,
+@@ -2103,6 +2132,10 @@ nsresult nsPluginHost::ScanPluginsDirectory(nsIFile *pluginsDir,
+       continue;
+     }
+ 
++    if (GhettoBlacklist(localfile)) {
++        continue;
++    }
++
+     // if it is not found in cache info list or has been changed, create a new one
+     if (!pluginTag) {
+       nsPluginFile pluginFile(localfile);
+diff --git a/dom/plugins/base/nsPluginHost.h b/dom/plugins/base/nsPluginHost.h
+index 5630b8d..f54bd32 100644
+--- a/dom/plugins/base/nsPluginHost.h
++++ b/dom/plugins/base/nsPluginHost.h
+@@ -285,6 +285,8 @@ private:
+   // Loads all cached plugins info into mCachedPlugins
+   nsresult ReadPluginInfo();
+ 
++  PRBool GhettoBlacklist(nsIFile *pluginFile);
++
+   // Given a file path, returns the plugins info from our cache
+   // and removes it from the cache.
+   void RemoveCachedPluginsInfo(const char *filePath,
+-- 
+1.7.5.4
+
diff --git a/www-client/torbrowser/files/11.0/0008-Make-content-pref-service-memory-only-clearable.patch b/www-client/torbrowser/files/11.0/0008-Make-content-pref-service-memory-only-clearable.patch
new file mode 100644
index 000000000..b1233217a
--- /dev/null
+++ b/www-client/torbrowser/files/11.0/0008-Make-content-pref-service-memory-only-clearable.patch
@@ -0,0 +1,37 @@
+From 9a406718f9cb98f57de4649def8ef501ddbb9775 Mon Sep 17 00:00:00 2001
+From: Mike Perry <mikeperry-git@fscked.org>
+Date: Thu, 8 Sep 2011 08:40:17 -0700
+Subject: [PATCH 08/13] Make content pref service memory-only + clearable
+
+This prevents random urls from being inserted into content-prefs.sqllite in
+the profile directory as content prefs change (includes site-zoom and perhaps
+other site prefs?).
+---
+ .../contentprefs/nsContentPrefService.js           |    4 ++--
+ 1 files changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/toolkit/components/contentprefs/nsContentPrefService.js b/toolkit/components/contentprefs/nsContentPrefService.js
+index 17cac93..1f12609 100644
+--- a/toolkit/components/contentprefs/nsContentPrefService.js
++++ b/toolkit/components/contentprefs/nsContentPrefService.js
+@@ -1242,7 +1242,7 @@ ContentPrefService.prototype = {
+ 
+     var dbConnection;
+ 
+-    if (!dbFile.exists())
++    if (true || !dbFile.exists())
+       dbConnection = this._dbCreate(dbService, dbFile);
+     else {
+       try {
+@@ -1290,7 +1290,7 @@ ContentPrefService.prototype = {
+   },
+ 
+   _dbCreate: function ContentPrefService__dbCreate(aDBService, aDBFile) {
+-    var dbConnection = aDBService.openDatabase(aDBFile);
++    var dbConnection = aDBService.openSpecialDatabase("memory");
+ 
+     try {
+       this._dbCreateSchema(dbConnection);
+-- 
+1.7.5.4
+
diff --git a/www-client/torbrowser/files/11.0/0010-Disable-SSL-Session-ID-tracking.patch b/www-client/torbrowser/files/11.0/0010-Disable-SSL-Session-ID-tracking.patch
new file mode 100644
index 000000000..76ce1b6db
--- /dev/null
+++ b/www-client/torbrowser/files/11.0/0010-Disable-SSL-Session-ID-tracking.patch
@@ -0,0 +1,28 @@
+From 33198fdb4467637fabf292e18530c89e8b6bad4e Mon Sep 17 00:00:00 2001
+From: Mike Perry <mikeperry-git@fscked.org>
+Date: Wed, 7 Dec 2011 19:36:38 -0800
+Subject: [PATCH 10/13] Disable SSL Session ID tracking.
+
+We can't easily bind SSL Session ID tracking to url bar domain,
+so we have to disable them to satisfy
+https://www.torproject.org/projects/torbrowser/design/#identifier-linkability.
+---
+ security/nss/lib/ssl/sslsock.c |    2 +-
+ 1 files changed, 1 insertions(+), 1 deletions(-)
+
+diff --git a/security/nss/lib/ssl/sslsock.c b/security/nss/lib/ssl/sslsock.c
+index 22206f7..31086db 100644
+--- a/security/nss/lib/ssl/sslsock.c
++++ b/security/nss/lib/ssl/sslsock.c
+@@ -173,7 +173,7 @@ static sslOptions ssl_defaults = {
+     PR_FALSE,	/* enableSSL2         */ /* now defaults to off in NSS 3.13 */
+     PR_TRUE,	/* enableSSL3         */
+     PR_TRUE, 	/* enableTLS          */ /* now defaults to on in NSS 3.0 */
+-    PR_FALSE,	/* noCache            */
++    PR_TRUE,	/* noCache            */
+     PR_FALSE,	/* fdx                */
+     PR_FALSE,	/* v2CompatibleHello  */ /* now defaults to off in NSS 3.13 */
+     PR_TRUE,	/* detectRollBack     */
+-- 
+1.7.5.4
+
diff --git a/www-client/torbrowser/files/11.0/0011-Provide-an-observer-event-to-close-persistent-connec.patch b/www-client/torbrowser/files/11.0/0011-Provide-an-observer-event-to-close-persistent-connec.patch
new file mode 100644
index 000000000..f44298274
--- /dev/null
+++ b/www-client/torbrowser/files/11.0/0011-Provide-an-observer-event-to-close-persistent-connec.patch
@@ -0,0 +1,40 @@
+From a0c84e27f2c40d043c85ba3b794d3578e909f558 Mon Sep 17 00:00:00 2001
+From: Mike Perry <mikeperry-git@torproject.org>
+Date: Wed, 1 Feb 2012 15:53:28 -0800
+Subject: [PATCH 11/13] Provide an observer event to close persistent
+ connections
+
+We need to prevent linkability across "New Identity", which includes closing
+keep-alive connections.
+---
+ netwerk/protocol/http/nsHttpHandler.cpp |    7 +++++++
+ 1 files changed, 7 insertions(+), 0 deletions(-)
+
+diff --git a/netwerk/protocol/http/nsHttpHandler.cpp b/netwerk/protocol/http/nsHttpHandler.cpp
+index 727b5d6..87b55bc 100644
+--- a/netwerk/protocol/http/nsHttpHandler.cpp
++++ b/netwerk/protocol/http/nsHttpHandler.cpp
+@@ -329,6 +329,7 @@ nsHttpHandler::Init()
+         mObserverService->AddObserver(this, "net:clear-active-logins", true);
+         mObserverService->AddObserver(this, NS_PRIVATE_BROWSING_SWITCH_TOPIC, true);
+         mObserverService->AddObserver(this, "net:prune-dead-connections", true);
++        mObserverService->AddObserver(this, "net:prune-all-connections", PR_TRUE);
+     }
+  
+     return NS_OK;
+@@ -1533,6 +1534,12 @@ nsHttpHandler::Observe(nsISupports *subject,
+             mConnMgr->PruneDeadConnections();
+         }
+     }
++    else if (strcmp(topic, "net:prune-all-connections") == 0) {
++        if (mConnMgr) {
++           mConnMgr->ClosePersistentConnections();
++           mConnMgr->PruneDeadConnections();
++        }
++    }
+   
+     return NS_OK;
+ }
+-- 
+1.7.5.4
+
diff --git a/www-client/torbrowser/files/11.0/0012-Provide-client-values-only-to-CSS-Media-Queries.patch b/www-client/torbrowser/files/11.0/0012-Provide-client-values-only-to-CSS-Media-Queries.patch
new file mode 100644
index 000000000..abed41466
--- /dev/null
+++ b/www-client/torbrowser/files/11.0/0012-Provide-client-values-only-to-CSS-Media-Queries.patch
@@ -0,0 +1,72 @@
+From 10f26d027ba5413d7e26aaccd92cbc1c12b42d86 Mon Sep 17 00:00:00 2001
+From: Mike Perry <mikeperry-git@fscked.org>
+Date: Tue, 20 Dec 2011 21:02:49 -0800
+Subject: [PATCH 12/13] Provide client values only to CSS Media Queries
+
+Also disable a bunch of Mozilla extensions that smell like they are
+fingerprintable.
+
+This is done to address
+https://www.torproject.org/projects/torbrowser/design/#fingerprinting-linkability
+---
+ layout/style/nsMediaFeatures.cpp |   10 ++++++----
+ 1 files changed, 6 insertions(+), 4 deletions(-)
+
+diff --git a/layout/style/nsMediaFeatures.cpp b/layout/style/nsMediaFeatures.cpp
+index 6eca06e..c68f191 100644
+--- a/layout/style/nsMediaFeatures.cpp
++++ b/layout/style/nsMediaFeatures.cpp
+@@ -383,14 +383,14 @@ nsMediaFeatures::features[] = {
+         nsMediaFeature::eMinMaxAllowed,
+         nsMediaFeature::eLength,
+         { nsnull },
+-        GetDeviceWidth
++        GetWidth
+     },
+     {
+         &nsGkAtoms::deviceHeight,
+         nsMediaFeature::eMinMaxAllowed,
+         nsMediaFeature::eLength,
+         { nsnull },
+-        GetDeviceHeight
++        GetHeight
+     },
+     {
+         &nsGkAtoms::orientation,
+@@ -411,7 +411,7 @@ nsMediaFeatures::features[] = {
+         nsMediaFeature::eMinMaxAllowed,
+         nsMediaFeature::eIntRatio,
+         { nsnull },
+-        GetDeviceAspectRatio
++        GetAspectRatio
+     },
+     {
+         &nsGkAtoms::color,
+@@ -457,6 +457,7 @@ nsMediaFeatures::features[] = {
+     },
+ 
+     // Mozilla extensions
++/*
+     {
+         &nsGkAtoms::_moz_device_pixel_ratio,
+         nsMediaFeature::eMinMaxAllowed,
+@@ -469,7 +470,7 @@ nsMediaFeatures::features[] = {
+         nsMediaFeature::eMinMaxNotAllowed,
+         nsMediaFeature::eEnumerated,
+         { kOrientationKeywords },
+-        GetDeviceOrientation
++        GetOrientation
+     },
+     {
+         &nsGkAtoms::_moz_is_resource_document,
+@@ -590,6 +591,7 @@ nsMediaFeatures::features[] = {
+         { nsnull },
+         GetWindowsTheme
+     },
++*/
+     // Null-mName terminator:
+     {
+         nsnull,
+-- 
+1.7.5.4
+
diff --git a/www-client/torbrowser/files/11.0/0013-Limit-the-number-of-fonts-per-document.patch b/www-client/torbrowser/files/11.0/0013-Limit-the-number-of-fonts-per-document.patch
new file mode 100644
index 000000000..7f0f2483c
--- /dev/null
+++ b/www-client/torbrowser/files/11.0/0013-Limit-the-number-of-fonts-per-document.patch
@@ -0,0 +1,228 @@
+From 215f7088f53e25309ec5037c05a25ed9048a625b Mon Sep 17 00:00:00 2001
+From: Mike Perry <mikeperry-git@torproject.org>
+Date: Wed, 1 Feb 2012 16:01:21 -0800
+Subject: [PATCH 13/13] Limit the number of fonts per document.
+
+We create two prefs:
+browser.display.max_font_count and browser.display.max_font_attempts.
+max_font_count sets a limit on the number of fonts actually used in the
+document, and max_font_attempts sets a limit on the total number of CSS
+queries that a document is allowed to perform.
+
+Once either limit is reached, the browser behaves as if
+browser.display.use_document_fonts was set to 0 for subsequent font queries.
+
+If a pref is not set or is negative, that limit does not apply.
+
+This is done to address:
+https://www.torproject.org/projects/torbrowser/design/#fingerprinting-linkability
+---
+ layout/base/nsPresContext.cpp |  100 +++++++++++++++++++++++++++++++++++++++++
+ layout/base/nsPresContext.h   |    9 ++++
+ layout/style/nsRuleNode.cpp   |   13 ++++-
+ 3 files changed, 119 insertions(+), 3 deletions(-)
+
+diff --git a/layout/base/nsPresContext.cpp b/layout/base/nsPresContext.cpp
+index c7ad359..ac12dff 100644
+--- a/layout/base/nsPresContext.cpp
++++ b/layout/base/nsPresContext.cpp
+@@ -98,6 +98,8 @@
+ #include "FrameLayerBuilder.h"
+ #include "nsDOMMediaQueryList.h"
+ #include "nsSMILAnimationController.h"
++#include "nsString.h"
++#include "nsUnicharUtils.h"
+ 
+ #ifdef IBMBIDI
+ #include "nsBidiPresUtils.h"
+@@ -731,6 +733,10 @@ nsPresContext::GetUserPreferences()
+   // * use fonts?
+   mUseDocumentFonts =
+     Preferences::GetInt("browser.display.use_document_fonts") != 0;
++  mMaxFonts =
++    Preferences::GetInt("browser.display.max_font_count", -1);
++  mMaxFontAttempts =
++    Preferences::GetInt("browser.display.max_font_attempts", -1);
+ 
+   // * replace backslashes with Yen signs? (bug 245770)
+   mEnableJapaneseTransform =
+@@ -1332,6 +1338,100 @@ nsPresContext::GetDefaultFont(PRUint8 aFontID) const
+   return font;
+ }
+ 
++PRBool
++nsPresContext::FontUseCountReached(const nsFont &font) {
++  if (mMaxFonts < 0) {
++    return PR_FALSE;
++  }
++
++  for (PRUint32 i = 0; i < mFontsUsed.Length(); i++) {
++    if (mFontsUsed[i].name.Equals(font.name,
++                                  nsCaseInsensitiveStringComparator())
++        // XXX: Style is sometimes filled with garbage??
++        /*&& mFontsUsed[i].style == font.style*/) {
++      // seen it before: OK
++      return PR_FALSE;
++    }
++  }
++
++  if (mFontsUsed.Length() >= mMaxFonts) {
++    return PR_TRUE;
++  }
++
++  return PR_FALSE;
++}
++
++PRBool
++nsPresContext::FontAttemptCountReached(const nsFont &font) {
++  if (mMaxFontAttempts < 0) {
++    return PR_FALSE;
++  }
++
++  for (PRUint32 i = 0; i < mFontsTried.Length(); i++) {
++    if (mFontsTried[i].name.Equals(font.name,
++                                  nsCaseInsensitiveStringComparator())
++        // XXX: Style is sometimes filled with garbage??
++        /*&& mFontsTried[i].style == font.style*/) {
++      // seen it before: OK
++      return PR_FALSE;
++    }
++  }
++
++  if (mFontsTried.Length() >= mMaxFontAttempts) {
++    return PR_TRUE;
++  }
++
++  return PR_FALSE;
++}
++
++void
++nsPresContext::AddFontUse(const nsFont &font) {
++  if (mMaxFonts < 0) {
++    return;
++  }
++
++  for (PRUint32 i = 0; i < mFontsUsed.Length(); i++) {
++    if (mFontsUsed[i].name.Equals(font.name,
++                                  nsCaseInsensitiveStringComparator())
++        // XXX: Style is sometimes filled with garbage??
++        /*&& mFontsUsed[i].style == font.style*/) {
++      // seen it before: OK
++      return;
++    }
++  }
++
++  if (mFontsUsed.Length() >= mMaxFonts) {
++    return;
++  }
++   
++  mFontsUsed.AppendElement(font);
++  return;
++}
++
++void
++nsPresContext::AddFontAttempt(const nsFont &font) {
++  if (mMaxFontAttempts < 0) {
++    return;
++  }
++
++  for (PRUint32 i = 0; i < mFontsTried.Length(); i++) {
++    if (mFontsTried[i].name.Equals(font.name,
++                                  nsCaseInsensitiveStringComparator())
++        // XXX: Style is sometimes filled with garbage??
++        /*&& mFontsTried[i].style == font.style*/) {
++      // seen it before: OK
++      return;
++    }
++  }
++
++  if (mFontsTried.Length() >= mMaxFontAttempts) {
++    return;
++  }
++   
++  mFontsTried.AppendElement(font);
++  return;
++}
++
+ void
+ nsPresContext::SetFullZoom(float aZoom)
+ {
+diff --git a/layout/base/nsPresContext.h b/layout/base/nsPresContext.h
+index 39f5b4a..a72d12e 100644
+--- a/layout/base/nsPresContext.h
++++ b/layout/base/nsPresContext.h
+@@ -548,6 +548,13 @@ public:
+     }
+   }
+ 
++  nsTArray<nsFont> mFontsUsed; // currently for font-count limiting only
++  nsTArray<nsFont> mFontsTried; // currently for font-count limiting only
++  void AddFontUse(const nsFont &font);
++  void AddFontAttempt(const nsFont &font);
++  PRBool FontUseCountReached(const nsFont &font);
++  PRBool FontAttemptCountReached(const nsFont &font);
++
+   PRInt32 MinFontSize() const {
+     return NS_MAX(mMinFontSize, mMinimumFontSizePref);
+   }
+@@ -1125,6 +1132,8 @@ protected:
+   PRUint32              mInterruptChecksToSkip;
+ 
+   mozilla::TimeStamp    mReflowStartTime;
++  PRInt32               mMaxFontAttempts;
++  PRInt32               mMaxFonts;
+ 
+   unsigned              mHasPendingInterrupt : 1;
+   unsigned              mInterruptsEnabled : 1;
+diff --git a/layout/style/nsRuleNode.cpp b/layout/style/nsRuleNode.cpp
+index 2918a54..5870693 100644
+--- a/layout/style/nsRuleNode.cpp
++++ b/layout/style/nsRuleNode.cpp
+@@ -3091,6 +3091,7 @@ nsRuleNode::ComputeFontData(void* aStartStruct,
+ 
+   // See if there is a minimum font-size constraint to honor
+   nscoord minimumFontSize = mPresContext->MinFontSize();
++  PRBool isXUL = PR_FALSE;
+ 
+   if (minimumFontSize < 0)
+     minimumFontSize = 0;
+@@ -3102,10 +3103,10 @@ nsRuleNode::ComputeFontData(void* aStartStruct,
+   // We only need to know this to determine if we have to use the
+   // document fonts (overriding the useDocumentFonts flag), or to
+   // determine if we have to override the minimum font-size constraint.
+-  if ((!useDocumentFonts || minimumFontSize > 0) && mPresContext->IsChrome()) {
++  if (mPresContext->IsChrome()) {
+     // if we are not using document fonts, but this is a XUL document,
+     // then we use the document fonts anyway
+-    useDocumentFonts = true;
++    isXUL = PR_TRUE;
+     minimumFontSize = 0;
+   }
+ 
+@@ -3120,9 +3121,13 @@ nsRuleNode::ComputeFontData(void* aStartStruct,
+     // generic?
+     nsFont::GetGenericID(font->mFont.name, &generic);
+ 
++    mPresContext->AddFontAttempt(font->mFont);
++
+     // If we aren't allowed to use document fonts, then we are only entitled
+     // to use the user's default variable-width font and fixed-width font
+-    if (!useDocumentFonts) {
++    if (!isXUL && (!useDocumentFonts ||
++                    mPresContext->FontAttemptCountReached(font->mFont) ||
++                    mPresContext->FontUseCountReached(font->mFont))) {
+       // Extract the generic from the specified font family...
+       nsAutoString genericName;
+       if (!font->mFont.EnumerateFamilies(ExtractGeneric, &genericName)) {
+@@ -3158,6 +3163,8 @@ nsRuleNode::ComputeFontData(void* aStartStruct,
+                                minimumFontSize, font);
+   }
+ 
++  if (font->mGenericID == kGenericFont_NONE)
++    mPresContext->AddFontUse(font->mFont);
+   COMPUTE_END_INHERITED(Font, font)
+ }
+ 
+-- 
+1.7.5.4
+
diff --git a/www-client/torbrowser/torbrowser-11.0.ebuild b/www-client/torbrowser/torbrowser-11.0.ebuild
new file mode 100644
index 000000000..81b5877c0
--- /dev/null
+++ b/www-client/torbrowser/torbrowser-11.0.ebuild
@@ -0,0 +1,284 @@
+# Copyright 1999-2012 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: $
+
+EAPI="3"
+VIRTUALX_REQUIRED="pgo"
+WANT_AUTOCONF="2.1"
+
+MY_PN="firefox"
+# latest version of the torbrowser-bundle we use the profile-folder from
+# https://www.torproject.org/dist/torbrowser/linux/
+TB_V="2.2.35-9"
+
+# Patch version
+PATCH="${MY_PN}-11.0-patches-0.4"
+# Upstream ftp release URI that's used by mozlinguas.eclass
+# We don't use the http mirror because it deletes old tarballs.
+MOZ_FTP_URI="ftp://ftp.mozilla.org/pub/${MY_PN}/releases/"
+
+inherit check-reqs flag-o-matic toolchain-funcs eutils gnome2-utils mozconfig-3 multilib pax-utils autotools python virtualx nsplugins
+
+DESCRIPTION="Torbrowser without vidalia or tor, includes profile and extensions"
+HOMEPAGE="https://www.torproject.org/projects/torbrowser.html.en"
+
+# may work on other arches, but untested
+KEYWORDS="~amd64 ~x86"
+SLOT="0"
+# BSD license applies to torproject-related code like the patches 
+# GPL-2 and MIT applies to the extensions
+# icons are under CCPL-Attribution-3.0
+LICENSE="|| ( MPL-1.1 GPL-2 LGPL-2.1 )
+	BSD
+	GPL-2
+	MIT
+	CCPL-Attribution-3.0"
+IUSE="bindist +crashreporter +ipc pgo selinux system-sqlite +webm"
+
+SRC_URI="${SRC_URI}
+	http://dev.gentoo.org/~anarchy/mozilla/patchsets/${PATCH}.tar.xz
+	${MOZ_FTP_URI}/${PV}/source/${MY_PN}-${PV}.source.tar.bz2
+	https://gitweb.torproject.org/user/ioerror/torbrowser.git/blob_plain/branding:/build-scripts/branding/torbrowser/default48.png -> torbrowser.png
+	amd64? ( https://www.torproject.org/dist/${PN}/linux/tor-browser-gnu-linux-x86_64-${TB_V}-dev-en-US.tar.gz )
+	x86? ( https://www.torproject.org/dist/${PN}/linux/tor-browser-gnu-linux-i686-${TB_V}-dev-en-US.tar.gz )"
+
+# Mesa 7.10 needed for WebGL + bugfixes
+RDEPEND="
+	>=sys-devel/binutils-2.16.1
+	>=dev-libs/nss-3.13.1
+	>=dev-libs/nspr-4.8.8
+	>=dev-libs/glib-2.26:2
+	>=media-libs/mesa-7.10
+	media-libs/libpng[apng]
+	virtual/libffi
+	system-sqlite? ( >=dev-db/sqlite-3.7.7.1[fts3,secure-delete,threadsafe,unlock-notify,debug=] )
+	webm? ( >=media-libs/libvpx-1.0.0
+		media-libs/alsa-lib )
+	crashreporter? ( net-misc/curl )
+	selinux? ( sec-policy/selinux-mozilla )"
+# We don't use PYTHON_DEPEND/PYTHON_USE_WITH for some silly reason
+DEPEND="${RDEPEND}
+	dev-util/pkgconfig
+	pgo? (
+		=dev-lang/python-2*[sqlite]
+		>=sys-devel/gcc-4.5 )
+	webm? ( >=dev-lang/yasm-1.1 )"
+
+S="${WORKDIR}/mozilla-release"
+
+QA_PRESTRIPPED="usr/$(get_libdir)/${PN}/${MY_PN}/firefox"
+
+pkg_setup() {
+	moz_pkgsetup
+
+	# Avoid PGO profiling problems due to enviroment leakage
+	# These should *always* be cleaned up anyway
+	unset DBUS_SESSION_BUS_ADDRESS \
+		DISPLAY \
+		ORBIT_SOCKETDIR \
+		SESSION_MANAGER \
+		XDG_SESSION_COOKIE \
+		XAUTHORITY
+
+	if ! use bindist; then
+		einfo
+		elog "You are enabling official branding. You may not redistribute this build"
+		elog "to any users on your network or the internet. Doing so puts yourself into"
+		elog "a legal problem with Mozilla Foundation"
+		elog "You can disable it by emerging ${PN} _with_ the bindist USE-flag"
+	fi
+
+	if use pgo; then
+		einfo
+		ewarn "You will do a double build for profile guided optimization."
+		ewarn "This will result in your build taking at least twice as long as before."
+	fi
+
+	# Ensure we have enough disk space to compile
+	if use pgo || use debug || use test ; then
+		CHECKREQS_DISK_BUILD="8G"
+	else
+		CHECKREQS_DISK_BUILD="4G"
+	fi
+	check-reqs_pkg_setup
+}
+
+src_prepare() {
+	# Apply our patches
+	EPATCH_SUFFIX="patch" \
+	EPATCH_FORCE="yes" \
+	epatch "${WORKDIR}/firefox"
+
+	# Torbrowser patches for firefox 11, check regularly/for every version-bump
+	# https://gitweb.torproject.org/torbrowser.git/history/HEAD:/src/current-patches
+	EPATCH_SUFFIX="patch" \
+	EPATCH_FORCE="yes" \
+	epatch "${FILESDIR}/${PV}"
+
+	# Allow user to apply any additional patches without modifing ebuild
+	epatch_user
+
+	# Enable gnomebreakpad
+	if use debug ; then
+		sed -i -e "s:GNOME_DISABLE_CRASH_DIALOG=1:GNOME_DISABLE_CRASH_DIALOG=0:g" \
+			"${S}"/build/unix/run-mozilla.sh || die "sed failed!"
+	fi
+
+	# Disable gnomevfs extension
+	sed -i -e "s:gnomevfs::" "${S}/"browser/confvars.sh \
+		-e "s:gnomevfs::" "${S}/"xulrunner/confvars.sh \
+		|| die "Failed to remove gnomevfs extension"
+
+	# Ensure that plugins dir is enabled as default
+	# and is different from firefox-location
+	sed -i -e "s:/usr/lib/mozilla/plugins:/usr/$(get_libdir)/${PN}/${MY_PN}/plugins:" \
+		"${S}"/xpcom/io/nsAppFileLocationProvider.cpp || die "sed failed to replace plugin path!"
+
+	# Fix sandbox violations during make clean, bug 372817
+	sed -e "s:\(/no-such-file\):${T}\1:g" \
+		-i "${S}"/config/rules.mk \
+		-i "${S}"/js/src/config/rules.mk \
+		-i "${S}"/nsprpub/configure{.in,} \
+		|| die
+
+	#Fix compilation with curl-7.21.7 bug 376027
+	sed -e '/#include <curl\/types.h>/d'  \
+		-i "${S}"/toolkit/crashreporter/google-breakpad/src/common/linux/http_upload.cc \
+		-i "${S}"/toolkit/crashreporter/google-breakpad/src/common/linux/libcurl_wrapper.cc \
+		-i "${S}"/config/system-headers \
+		-i "${S}"/js/src/config/system-headers || die "Sed failed"
+
+	eautoreconf
+}
+
+src_configure() {
+	MOZILLA_FIVE_HOME="/usr/$(get_libdir)/${PN}/${MY_PN}"
+	MEXTENSIONS="default"
+
+	####################################
+	#
+	# mozconfig, CFLAGS and CXXFLAGS setup
+	#
+	####################################
+
+	mozconfig_init
+	mozconfig_config
+
+	mozconfig_annotate '' --prefix="${EPREFIX}"/usr
+	mozconfig_annotate '' --libdir="${EPREFIX}"/usr/$(get_libdir)/${PN}
+	mozconfig_annotate '' --enable-extensions="${MEXTENSIONS}"
+	mozconfig_annotate '' --disable-gconf
+	mozconfig_annotate '' --disable-mailnews
+	mozconfig_annotate '' --enable-canvas
+	mozconfig_annotate '' --enable-safe-browsing
+	mozconfig_annotate '' --with-system-png
+	mozconfig_annotate '' --enable-system-ffi
+
+	# Other ff-specific settings
+	mozconfig_annotate '' --with-default-mozilla-five-home=${MOZILLA_FIVE_HOME}
+	mozconfig_annotate '' --target="${CTARGET:-${CHOST}}"
+
+	# Allow for a proper pgo build
+	if use pgo; then
+		echo "mk_add_options PROFILE_GEN_SCRIPT='\$(PYTHON) \$(OBJDIR)/_profile/pgo/profileserver.py'" >> "${S}"/.mozconfig
+	fi
+
+	# Finalize and report settings
+	mozconfig_final
+
+	if [[ $(gcc-major-version) -lt 4 ]]; then
+		append-cxxflags -fno-stack-protector
+	elif [[ $(gcc-major-version) -gt 4 || $(gcc-minor-version) -gt 3 ]]; then
+		if use amd64 || use x86; then
+			append-flags -mno-avx
+		fi
+	fi
+}
+
+src_compile() {
+	if use pgo; then
+		addpredict /root
+		addpredict /etc/gconf
+		# Reset and cleanup environment variables used by GNOME/XDG
+		gnome2_environment_reset
+
+		# Firefox tries to use dri stuff when it's run, see bug 380283
+		shopt -s nullglob
+		cards=$(echo -n /dev/dri/card* | sed 's/ /:/g')
+		if test -n "${cards}"; then
+			# FOSS drivers are fine
+			addpredict "${cards}"
+		else
+			cards=$(echo -n /dev/ati/card* /dev/nvidiactl* | sed 's/ /:/g')
+			if test -n "${cards}"; then
+				# Binary drivers seem to cause access violations anyway, so
+				# let's use indirect rendering so that the device files aren't
+				# touched at all. See bug 394715.
+				export LIBGL_ALWAYS_INDIRECT=1
+				addpredict "${cards}"
+			fi
+		fi
+		shopt -u nullglob
+
+		CC="$(tc-getCC)" CXX="$(tc-getCXX)" LD="$(tc-getLD)" \
+		MOZ_MAKE_FLAGS="${MAKEOPTS}" \
+		Xemake -f client.mk profiledbuild || die "Xemake failed"
+	else
+		CC="$(tc-getCC)" CXX="$(tc-getCXX)" LD="$(tc-getLD)" \
+		MOZ_MAKE_FLAGS="${MAKEOPTS}" \
+		emake -f client.mk || die "emake failed"
+	fi
+}
+
+src_install() {
+	MOZILLA_FIVE_HOME="/usr/$(get_libdir)/${PN}/${MY_PN}"
+
+	# MOZ_BUILD_ROOT, and hence OBJ_DIR change depending on arch, compiler, pgo, etc.
+	local obj_dir="$(echo */config.log)"
+	obj_dir="${obj_dir%/*}"
+	cd "${S}/${obj_dir}"
+
+	# Pax mark xpcshell for hardened support, only used for startupcache creation.
+	pax-mark m "${S}/${obj_dir}"/dist/bin/xpcshell
+
+	MOZ_MAKE_FLAGS="${MAKEOPTS}" \
+	emake DESTDIR="${D}" install || die "emake install failed"
+
+	# remove default symlink in /usr/bin, because we add a proper wrapper-script later
+	rm "${ED}"/usr/bin/${MY_PN} || die "Failed to remove binary-symlink"
+	# we dont want development stuff for this kind of build, might as well
+	# conflict with other firefox-builds
+	rm -rf "${ED}"/usr/include "${ED}${MOZILLA_FIVE_HOME}"/{idl,include,lib,sdk} || \
+		die "Failed to remove sdk and headers"
+
+	# Required in order to use plugins and even run firefox on hardened.
+	pax-mark m "${ED}"${MOZILLA_FIVE_HOME}/{firefox,firefox-bin,plugin-container}
+
+	# Plugins dir
+	share_plugins_dir
+	dodir /usr/$(get_libdir)/${PN}/nsbrowser/plugins || die
+
+	# Install pre-configured Torbrowser-profile
+	insinto /usr/share/${PN}
+	doins -r "${WORKDIR}"/tor-browser_en-US/Data/profile || die
+
+	# create wrapper to start torbrowser
+	make_wrapper ${PN} "/usr/$(get_libdir)/${PN}/${MY_PN}/${MY_PN} -no-remote -profile ~/.${PN}/profile"
+
+	doicon "${DISTDIR}"/torbrowser.png
+	make_desktop_entry ${PN} "Torbrowser" torbrowser.png "Network;WebBrowser"
+	dodoc "${WORKDIR}"/tor-browser_en-US/Docs/changelog || die
+}
+
+pkg_postinst() {
+	einfo ""
+	elog "Copy the folder /usr/share/${PN}/profile into ~/.${PN} and run '${PN}'."
+	elog ""
+	elog "This profile folder includes pre-configuration recommended by upstream,"
+	elog "as well as the _extensions_ Torbutton, NoScript and HTTPS-Everywhere."
+	elog "If you want to start from scratch just create the directories ~/.${PN}/profile."
+	elog ""
+	elog "Note that torbrowser uses a different _plugins_ folder too:"
+	elog "/usr/$(get_libdir)/${PN}/nsbrowser/plugins"
+	einfo ""
+}
author	hasufell <julian.ospald@googlemail.com>	2012-03-27 23:20:10 +0000
committer	hasufell <julian.ospald@googlemail.com>	2012-03-27 23:20:10 +0000
commit	a4153e297b584abb4d950fa3bcceda4029cf6e83 (patch)
tree	6a65671a0fb1320af5751faff5435aa0787e7431
parent	www-client/torbrowser: patches into subdirs (diff)
download	sunrise-a4153e297b584abb4d950fa3bcceda4029cf6e83.tar.gz sunrise-a4153e297b584abb4d950fa3bcceda4029cf6e83.tar.bz2 sunrise-a4153e297b584abb4d950fa3bcceda4029cf6e83.zip