[tor-commits] [torbrowser/master] Clean up branch after accidental double-merge.

erinn at torproject.org erinn at torproject.org
Sun Oct 23 23:18:31 UTC 2011


commit 0fb22986acb9e3f63296bbca0cba67964cbe71a0
Author: Mike Perry <mikeperry-git at fscked.org>
Date:   Sun Sep 4 14:55:24 2011 -0700

    Clean up branch after accidental double-merge.
    
    I knew I should have deleted those old branches :/.
---
 ...th-headers-before-the-modify-request-obse.patch |   51 ------------
 .../0007-Add-a-string-based-cacheKey.patch         |   85 --------------------
 src/current-patches/0007-Smash-the-state.patch     |   37 ---------
 3 files changed, 0 insertions(+), 173 deletions(-)

diff --git a/src/current-patches/0006-Add-HTTP-auth-headers-before-the-modify-request-obse.patch b/src/current-patches/0006-Add-HTTP-auth-headers-before-the-modify-request-obse.patch
deleted file mode 100644
index 3f270d6..0000000
--- a/src/current-patches/0006-Add-HTTP-auth-headers-before-the-modify-request-obse.patch
+++ /dev/null
@@ -1,51 +0,0 @@
-From 8c2bf692deecb4efbfd2e9c4eba1d702b89a0f05 Mon Sep 17 00:00:00 2001
-From: Mike Perry <mikeperry-git at fscked.org>
-Date: Fri, 2 Sep 2011 15:33:20 -0700
-Subject: [PATCH 6/6] Add HTTP auth headers before the modify-request observer.
-
-Otherwise, how are we supposed to modify them?
-
-Thanks to Georg Koppen for spotting both the problem and this fix.
----
- netwerk/protocol/http/nsHttpChannel.cpp |   11 +++++++----
- 1 files changed, 7 insertions(+), 4 deletions(-)
-
-diff --git a/netwerk/protocol/http/nsHttpChannel.cpp b/netwerk/protocol/http/nsHttpChannel.cpp
-index 7038338..7a3254e 100644
---- a/netwerk/protocol/http/nsHttpChannel.cpp
-+++ b/netwerk/protocol/http/nsHttpChannel.cpp
-@@ -311,9 +311,6 @@ nsHttpChannel::Connect(PRBool firstTime)
-         return NS_ERROR_DOCUMENT_NOT_CACHED;
-     }
- 
--    // check to see if authorization headers should be included
--    mAuthProvider->AddAuthorizationHeaders();
--
-     if (mLoadFlags & LOAD_NO_NETWORK_IO) {
-         return NS_ERROR_DOCUMENT_NOT_CACHED;
-     }
-@@ -3687,6 +3684,9 @@ nsHttpChannel::AsyncOpen(nsIStreamListener *listener, nsISupports *context)
- 
-     AddCookiesToRequest();
- 
-+    // check to see if authorization headers should be included
-+    mAuthProvider->AddAuthorizationHeaders();
-+
-     // notify "http-on-modify-request" observers
-     gHttpHandler->OnModifyRequest(this);
- 
-@@ -4758,7 +4758,10 @@ nsHttpChannel::DoAuthRetry(nsAHttpConnection *conn)
-     // this authentication attempt (bug 84794).
-     // TODO: save cookies from auth response and send them here (bug 572151).
-     AddCookiesToRequest();
--    
-+   
-+    // check to see if authorization headers should be included
-+    mAuthProvider->AddAuthorizationHeaders();
-+ 
-     // notify "http-on-modify-request" observers
-     gHttpHandler->OnModifyRequest(this);
- 
--- 
-1.7.3.4
-
diff --git a/src/current-patches/0007-Add-a-string-based-cacheKey.patch b/src/current-patches/0007-Add-a-string-based-cacheKey.patch
deleted file mode 100644
index 1e0dd0e..0000000
--- a/src/current-patches/0007-Add-a-string-based-cacheKey.patch
+++ /dev/null
@@ -1,85 +0,0 @@
-From 62e7c05519aae2d515d8872525411b8fb4ff02a6 Mon Sep 17 00:00:00 2001
-From: Mike Perry <mikeperry-git at fscked.org>
-Date: Fri, 2 Sep 2011 20:47:02 -0700
-Subject: [PATCH 7/7] Add a string-based cacheKey.
-
-Used for isolating cache according to same-origin policy.
----
- netwerk/base/public/nsICachingChannel.idl |    7 +++++++
- netwerk/protocol/http/nsHttpChannel.cpp   |   22 ++++++++++++++++++++++
- netwerk/protocol/http/nsHttpChannel.h     |    1 +
- 3 files changed, 30 insertions(+), 0 deletions(-)
-
-diff --git a/netwerk/base/public/nsICachingChannel.idl b/netwerk/base/public/nsICachingChannel.idl
-index 2da46d6..4ee5774 100644
---- a/netwerk/base/public/nsICachingChannel.idl
-+++ b/netwerk/base/public/nsICachingChannel.idl
-@@ -98,6 +98,13 @@ interface nsICachingChannel : nsICacheInfoChannel
-     attribute nsISupports cacheKey;
- 
-     /**
-+     * Set/get the cache domain... uniquely identifies the data in the cache
-+     * for this channel.  Holding a reference to this key does NOT prevent
-+     * the cached data from being removed.
-+     */
-+    attribute AUTF8String cacheDomain;
-+
-+    /**
-      * Specifies whether or not the data should be cached to a file.  This
-      * may fail if the disk cache is not present.  The value of this attribute
-      * is usually only settable during the processing of a channel's
-diff --git a/netwerk/protocol/http/nsHttpChannel.cpp b/netwerk/protocol/http/nsHttpChannel.cpp
-index 7a3254e..cef5eaa 100644
---- a/netwerk/protocol/http/nsHttpChannel.cpp
-+++ b/netwerk/protocol/http/nsHttpChannel.cpp
-@@ -2379,6 +2379,12 @@ nsHttpChannel::AssembleCacheKey(const char *spec, PRUint32 postID,
-         cacheKey.Append(buf);
-     }
- 
-+    if (strlen(mCacheDomain.get()) > 0) {
-+        cacheKey.AppendLiteral("domain=");
-+        cacheKey.Append(mCacheDomain.get());
-+        cacheKey.AppendLiteral("&");
-+    }
-+
-     if (!cacheKey.IsEmpty()) {
-         cacheKey.AppendLiteral("uri=");
-     }
-@@ -4658,6 +4664,22 @@ nsHttpChannel::SetCacheForOfflineUse(PRBool value)
- }
- 
- NS_IMETHODIMP
-+nsHttpChannel::GetCacheDomain(nsACString &value)
-+{
-+    value = mCacheDomain;
-+
-+    return NS_OK;
-+}
-+
-+NS_IMETHODIMP
-+nsHttpChannel::SetCacheDomain(const nsACString &value)
-+{
-+    mCacheDomain = value;
-+
-+    return NS_OK;
-+}
-+
-+NS_IMETHODIMP
- nsHttpChannel::GetOfflineCacheClientID(nsACString &value)
- {
-     value = mOfflineCacheClientID;
-diff --git a/netwerk/protocol/http/nsHttpChannel.h b/netwerk/protocol/http/nsHttpChannel.h
-index dd0d7f4..f5016a8 100644
---- a/netwerk/protocol/http/nsHttpChannel.h
-+++ b/netwerk/protocol/http/nsHttpChannel.h
-@@ -312,6 +312,7 @@ private:
-     nsCOMPtr<nsICacheEntryDescriptor> mOfflineCacheEntry;
-     nsCacheAccessMode                 mOfflineCacheAccess;
-     nsCString                         mOfflineCacheClientID;
-+    nsCString                         mCacheDomain;
- 
-     // auth specific data
-     nsCOMPtr<nsIHttpChannelAuthProvider> mAuthProvider;
--- 
-1.7.3.4
-
diff --git a/src/current-patches/0007-Smash-the-state.patch b/src/current-patches/0007-Smash-the-state.patch
deleted file mode 100644
index 16b03ea..0000000
--- a/src/current-patches/0007-Smash-the-state.patch
+++ /dev/null
@@ -1,37 +0,0 @@
-From b6b74cdac09ed294ea1b965e39e4e9ae64c5cbd8 Mon Sep 17 00:00:00 2001
-From: Mike Perry <mikeperry-git at fscked.org>
-Date: Sat, 3 Sep 2011 03:00:26 -0700
-Subject: [PATCH 7/7] Smash the state.
-
-What happened to you, Nederlanden? You used to be cool.
-
-This exemption is insecure as-is anyway, because we have no way of verifying
-that DigiNotar wasn't compromised enough to allow the attacker to sign
-certificates with an issuer string matching this exemption. The adversary
-would then be able to create a chain of Entrust -> DigiNotar -> "Staat der
-Nederlanden" -> *.torproject.org or *.google.com.
----
- security/manager/ssl/src/nsNSSCallbacks.cpp |    7 -------
- 1 files changed, 0 insertions(+), 7 deletions(-)
-
-diff --git a/security/manager/ssl/src/nsNSSCallbacks.cpp b/security/manager/ssl/src/nsNSSCallbacks.cpp
-index 5e3a888..43e1c19 100644
---- a/security/manager/ssl/src/nsNSSCallbacks.cpp
-+++ b/security/manager/ssl/src/nsNSSCallbacks.cpp
-@@ -1065,13 +1065,6 @@ PSM_SSL_BlacklistDigiNotar(CERTCertificate * serverCert,
-         }
-       }
-     }
--
--    // By request of the Dutch government
--    if (!strcmp(node->cert->issuerName,
--                "CN=Staat der Nederlanden Root CA,O=Staat der Nederlanden,C=NL") &&
--        CERT_LIST_END(CERT_LIST_NEXT(node), serverCertChain)) {
--      return 0;
--    }
-   }
- 
-   if (isDigiNotarIssuedCert)
--- 
-1.7.3.4
-





More information about the tor-commits mailing list