www/firefox: backport privacy.resistFingerprinting fix for User-Agent

If users are going to "pkg lock" due to addons better pretend to be an
ESR on the off chance JS malware is stupid enough to only check
User-Agent to filter out non-vulnerable Firefox versions.

Obtained from:	upstream (Firefox 57)
MFH:		2017Q4

2 files changed, 145 insertions, 0 deletions

diff --git a/www/firefox/Makefile b/www/firefox/Makefile
index 35336d8b3cc2..cd9e7d35a9c8 100644
--- a/www/firefox/Makefile
+++ b/www/firefox/Makefile
@@ -4,6 +4,7 @@
 PORTNAME=	firefox
 DISTVERSION=	56.0.2
 DISTVERSIONSUFFIX=.source
+PORTREVISION=	1
 PORTEPOCH=	1
 CATEGORIES=	www ipv6
 MASTER_SITES=	MOZILLA/${PORTNAME}/releases/${DISTVERSION}/source \
diff --git a/www/firefox/files/patch-bug1393283 b/www/firefox/files/patch-bug1393283
new file mode 100644
index 000000000000..0a4b9327ea2b
--- /dev/null
+++ b/www/firefox/files/patch-bug1393283
@@ -0,0 +1,144 @@
+commit d20c7d929c84
+Author: Ethan <ettseng@mozilla.com>
+Date:   Fri Sep 1 17:29:44 2017 +0800
+
+    Bug 1393283 - Use the last ESR version as the spoofed Firefox version. r=tihuang, r=mcmanus
+---
+ .../test/browser/browser_navigator.js              |  2 +-
+ netwerk/protocol/http/nsHttpHandler.cpp            | 16 +++----
+ .../resistfingerprinting/nsRFPService.cpp          | 56 ++++++++++++++++++++++
+ .../components/resistfingerprinting/nsRFPService.h |  3 ++
+ 4 files changed, 66 insertions(+), 11 deletions(-)
+
+diff --git browser/components/resistfingerprinting/test/browser/browser_navigator.js browser/components/resistfingerprinting/test/browser/browser_navigator.js
+index 25c393d8bb2a..9f52e34a9451 100644
+--- browser/components/resistfingerprinting/test/browser/browser_navigator.js
++++ browser/components/resistfingerprinting/test/browser/browser_navigator.js
+@@ -91,7 +91,7 @@ add_task(async function setup() {
+ 
+   let appInfo = Cc["@mozilla.org/xre/app-info;1"].getService(Ci.nsIXULAppInfo);
+   let appVersion = parseInt(appInfo.version);
+-  let spoofedVersion = appVersion - (appVersion % 10);
++  let spoofedVersion = appVersion - ((appVersion - 3) % 7);
+   spoofedUserAgent = `Mozilla/5.0 (${SPOOFED_OSCPU}; rv:${spoofedVersion}.0) Gecko/20100101 Firefox/${spoofedVersion}.0`;
+ });
+ 
+diff --git netwerk/protocol/http/nsHttpHandler.cpp netwerk/protocol/http/nsHttpHandler.cpp
+index 31d0f8832732..b957d835b52f 100644
+--- netwerk/protocol/http/nsHttpHandler.cpp
++++ netwerk/protocol/http/nsHttpHandler.cpp
+@@ -461,16 +461,12 @@ nsHttpHandler::Init()
+         mAppVersion.AssignLiteral(MOZ_APP_UA_VERSION);
+     }
+ 
+-    // Generating the spoofed userAgent for fingerprinting resistance.
+-    // The browser version will be rounded down to a multiple of 10.
+-    // By doing so, the anonymity group will cover more versions instead of one
+-    // version.
+-    uint32_t spoofedVersion = mAppVersion.ToInteger(&rv);
+-    if (NS_SUCCEEDED(rv)) {
+-        spoofedVersion = spoofedVersion - (spoofedVersion % 10);
+-        mSpoofedUserAgent.Assign(nsPrintfCString(
+-            "Mozilla/5.0 (%s; rv:%d.0) Gecko/%s Firefox/%d.0",
+-            SPOOFED_OSCPU, spoofedVersion, LEGACY_BUILD_ID, spoofedVersion));
++    // Generating the spoofed User Agent for fingerprinting resistance.
++    rv = nsRFPService::GetSpoofedUserAgent(mSpoofedUserAgent);
++    if (NS_FAILED(rv)) {
++      // Empty mSpoofedUserAgent to make sure the unsuccessful spoofed UA string
++      // will not be used anywhere.
++      mSpoofedUserAgent.Truncate();
+     }
+ 
+     mSessionStartTime = NowInSeconds();
+diff --git toolkit/components/resistfingerprinting/nsRFPService.cpp toolkit/components/resistfingerprinting/nsRFPService.cpp
+index 94554200c3b8..96a2940c04a0 100644
+--- toolkit/components/resistfingerprinting/nsRFPService.cpp
++++ toolkit/components/resistfingerprinting/nsRFPService.cpp
+@@ -18,10 +18,13 @@
+ #include "nsServiceManagerUtils.h"
+ #include "nsString.h"
+ #include "nsXULAppAPI.h"
++#include "nsPrintfCString.h"
+ 
+ #include "nsIObserverService.h"
+ #include "nsIPrefBranch.h"
+ #include "nsIPrefService.h"
++#include "nsIXULAppInfo.h"
++#include "nsIXULRuntime.h"
+ #include "nsJSUtils.h"
+ 
+ #include "prenv.h"
+@@ -162,6 +165,59 @@ nsRFPService::GetSpoofedPresentedFrames(double aTime, uint32_t aWidth, uint32_t
+   return NSToIntFloor(time * sVideoFramesPerSec * ((100 - boundedDroppedRatio) / 100.0));
+ }
+ 
++/* static */
++nsresult
++nsRFPService::GetSpoofedUserAgent(nsACString &userAgent)
++{
++  // This function generates the spoofed value of User Agent.
++  // We spoof the values of the platform and Firefox version, which could be
++  // used as fingerprinting sources to identify individuals.
++  // Reference of the format of User Agent:
++  // https://developer.mozilla.org/en-US/docs/Web/API/NavigatorID/userAgent
++  // https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/User-Agent
++
++  nsresult rv;
++  nsCOMPtr<nsIXULAppInfo> appInfo =
++    do_GetService("@mozilla.org/xre/app-info;1", &rv);
++  NS_ENSURE_SUCCESS(rv, rv);
++
++  nsAutoCString appVersion;
++  rv = appInfo->GetVersion(appVersion);
++  NS_ENSURE_SUCCESS(rv, rv);
++
++  // The browser version will be spoofed as the last ESR version.
++  // By doing so, the anonymity group will cover more versions instead of one
++  // version.
++  uint32_t firefoxVersion = appVersion.ToInteger(&rv);
++  NS_ENSURE_SUCCESS(rv, rv);
++
++  // Starting from Firefox 10, Firefox ESR was released once every seven
++  // Firefox releases, e.g. Firefox 10, 17, 24, 31, and so on.
++  // We infer the last and closest ESR version based on this rule.
++  nsCOMPtr<nsIXULRuntime> runtime =
++    do_GetService("@mozilla.org/xre/runtime;1", &rv);
++  NS_ENSURE_SUCCESS(rv, rv);
++
++  nsAutoCString updateChannel;
++  rv = runtime->GetDefaultUpdateChannel(updateChannel);
++  NS_ENSURE_SUCCESS(rv, rv);
++
++  // If we are running in Firefox ESR, determine whether the formula of ESR
++  // version has changed.  Once changed, we must update the formula in this
++  // function.
++  if (updateChannel.Equals("esr")) {
++    MOZ_ASSERT(((firefoxVersion % 7) == 3),
++      "Please udpate ESR version formula in nsRFPService.cpp");
++  }
++
++  uint32_t spoofedVersion = firefoxVersion - ((firefoxVersion - 3) % 7);
++  userAgent.Assign(nsPrintfCString(
++    "Mozilla/5.0 (%s; rv:%d.0) Gecko/%s Firefox/%d.0",
++    SPOOFED_OSCPU, spoofedVersion, LEGACY_BUILD_ID, spoofedVersion));
++
++  return rv;
++}
++
+ nsresult
+ nsRFPService::Init()
+ {
+diff --git toolkit/components/resistfingerprinting/nsRFPService.h toolkit/components/resistfingerprinting/nsRFPService.h
+index cf1f688bb992..bad80383883b 100644
+--- toolkit/components/resistfingerprinting/nsRFPService.h
++++ toolkit/components/resistfingerprinting/nsRFPService.h
+@@ -49,6 +49,9 @@ public:
+   static uint32_t GetSpoofedDroppedFrames(double aTime, uint32_t aWidth, uint32_t aHeight);
+   static uint32_t GetSpoofedPresentedFrames(double aTime, uint32_t aWidth, uint32_t aHeight);
+ 
++  // This method generates the spoofed value of User Agent.
++  static nsresult GetSpoofedUserAgent(nsACString &userAgent);
++
+ private:
+   nsresult Init();
+