[tor-commits] [torbrowser/master] Clean up branch after accidental double-merge.
erinn at torproject.org
erinn at torproject.org
Sun Oct 23 23:18:31 UTC 2011
commit 0fb22986acb9e3f63296bbca0cba67964cbe71a0
Author: Mike Perry <mikeperry-git at fscked.org>
Date: Sun Sep 4 14:55:24 2011 -0700
Clean up branch after accidental double-merge.
I knew I should have deleted those old branches :/.
---
...th-headers-before-the-modify-request-obse.patch | 51 ------------
.../0007-Add-a-string-based-cacheKey.patch | 85 --------------------
src/current-patches/0007-Smash-the-state.patch | 37 ---------
3 files changed, 0 insertions(+), 173 deletions(-)
diff --git a/src/current-patches/0006-Add-HTTP-auth-headers-before-the-modify-request-obse.patch b/src/current-patches/0006-Add-HTTP-auth-headers-before-the-modify-request-obse.patch
deleted file mode 100644
index 3f270d6..0000000
--- a/src/current-patches/0006-Add-HTTP-auth-headers-before-the-modify-request-obse.patch
+++ /dev/null
@@ -1,51 +0,0 @@
-From 8c2bf692deecb4efbfd2e9c4eba1d702b89a0f05 Mon Sep 17 00:00:00 2001
-From: Mike Perry <mikeperry-git at fscked.org>
-Date: Fri, 2 Sep 2011 15:33:20 -0700
-Subject: [PATCH 6/6] Add HTTP auth headers before the modify-request observer.
-
-Otherwise, how are we supposed to modify them?
-
-Thanks to Georg Koppen for spotting both the problem and this fix.
----
- netwerk/protocol/http/nsHttpChannel.cpp | 11 +++++++----
- 1 files changed, 7 insertions(+), 4 deletions(-)
-
-diff --git a/netwerk/protocol/http/nsHttpChannel.cpp b/netwerk/protocol/http/nsHttpChannel.cpp
-index 7038338..7a3254e 100644
---- a/netwerk/protocol/http/nsHttpChannel.cpp
-+++ b/netwerk/protocol/http/nsHttpChannel.cpp
-@@ -311,9 +311,6 @@ nsHttpChannel::Connect(PRBool firstTime)
- return NS_ERROR_DOCUMENT_NOT_CACHED;
- }
-
-- // check to see if authorization headers should be included
-- mAuthProvider->AddAuthorizationHeaders();
--
- if (mLoadFlags & LOAD_NO_NETWORK_IO) {
- return NS_ERROR_DOCUMENT_NOT_CACHED;
- }
-@@ -3687,6 +3684,9 @@ nsHttpChannel::AsyncOpen(nsIStreamListener *listener, nsISupports *context)
-
- AddCookiesToRequest();
-
-+ // check to see if authorization headers should be included
-+ mAuthProvider->AddAuthorizationHeaders();
-+
- // notify "http-on-modify-request" observers
- gHttpHandler->OnModifyRequest(this);
-
-@@ -4758,7 +4758,10 @@ nsHttpChannel::DoAuthRetry(nsAHttpConnection *conn)
- // this authentication attempt (bug 84794).
- // TODO: save cookies from auth response and send them here (bug 572151).
- AddCookiesToRequest();
--
-+
-+ // check to see if authorization headers should be included
-+ mAuthProvider->AddAuthorizationHeaders();
-+
- // notify "http-on-modify-request" observers
- gHttpHandler->OnModifyRequest(this);
-
---
-1.7.3.4
-
diff --git a/src/current-patches/0007-Add-a-string-based-cacheKey.patch b/src/current-patches/0007-Add-a-string-based-cacheKey.patch
deleted file mode 100644
index 1e0dd0e..0000000
--- a/src/current-patches/0007-Add-a-string-based-cacheKey.patch
+++ /dev/null
@@ -1,85 +0,0 @@
-From 62e7c05519aae2d515d8872525411b8fb4ff02a6 Mon Sep 17 00:00:00 2001
-From: Mike Perry <mikeperry-git at fscked.org>
-Date: Fri, 2 Sep 2011 20:47:02 -0700
-Subject: [PATCH 7/7] Add a string-based cacheKey.
-
-Used for isolating cache according to same-origin policy.
----
- netwerk/base/public/nsICachingChannel.idl | 7 +++++++
- netwerk/protocol/http/nsHttpChannel.cpp | 22 ++++++++++++++++++++++
- netwerk/protocol/http/nsHttpChannel.h | 1 +
- 3 files changed, 30 insertions(+), 0 deletions(-)
-
-diff --git a/netwerk/base/public/nsICachingChannel.idl b/netwerk/base/public/nsICachingChannel.idl
-index 2da46d6..4ee5774 100644
---- a/netwerk/base/public/nsICachingChannel.idl
-+++ b/netwerk/base/public/nsICachingChannel.idl
-@@ -98,6 +98,13 @@ interface nsICachingChannel : nsICacheInfoChannel
- attribute nsISupports cacheKey;
-
- /**
-+ * Set/get the cache domain... uniquely identifies the data in the cache
-+ * for this channel. Holding a reference to this key does NOT prevent
-+ * the cached data from being removed.
-+ */
-+ attribute AUTF8String cacheDomain;
-+
-+ /**
- * Specifies whether or not the data should be cached to a file. This
- * may fail if the disk cache is not present. The value of this attribute
- * is usually only settable during the processing of a channel's
-diff --git a/netwerk/protocol/http/nsHttpChannel.cpp b/netwerk/protocol/http/nsHttpChannel.cpp
-index 7a3254e..cef5eaa 100644
---- a/netwerk/protocol/http/nsHttpChannel.cpp
-+++ b/netwerk/protocol/http/nsHttpChannel.cpp
-@@ -2379,6 +2379,12 @@ nsHttpChannel::AssembleCacheKey(const char *spec, PRUint32 postID,
- cacheKey.Append(buf);
- }
-
-+ if (strlen(mCacheDomain.get()) > 0) {
-+ cacheKey.AppendLiteral("domain=");
-+ cacheKey.Append(mCacheDomain.get());
-+ cacheKey.AppendLiteral("&");
-+ }
-+
- if (!cacheKey.IsEmpty()) {
- cacheKey.AppendLiteral("uri=");
- }
-@@ -4658,6 +4664,22 @@ nsHttpChannel::SetCacheForOfflineUse(PRBool value)
- }
-
- NS_IMETHODIMP
-+nsHttpChannel::GetCacheDomain(nsACString &value)
-+{
-+ value = mCacheDomain;
-+
-+ return NS_OK;
-+}
-+
-+NS_IMETHODIMP
-+nsHttpChannel::SetCacheDomain(const nsACString &value)
-+{
-+ mCacheDomain = value;
-+
-+ return NS_OK;
-+}
-+
-+NS_IMETHODIMP
- nsHttpChannel::GetOfflineCacheClientID(nsACString &value)
- {
- value = mOfflineCacheClientID;
-diff --git a/netwerk/protocol/http/nsHttpChannel.h b/netwerk/protocol/http/nsHttpChannel.h
-index dd0d7f4..f5016a8 100644
---- a/netwerk/protocol/http/nsHttpChannel.h
-+++ b/netwerk/protocol/http/nsHttpChannel.h
-@@ -312,6 +312,7 @@ private:
- nsCOMPtr<nsICacheEntryDescriptor> mOfflineCacheEntry;
- nsCacheAccessMode mOfflineCacheAccess;
- nsCString mOfflineCacheClientID;
-+ nsCString mCacheDomain;
-
- // auth specific data
- nsCOMPtr<nsIHttpChannelAuthProvider> mAuthProvider;
---
-1.7.3.4
-
diff --git a/src/current-patches/0007-Smash-the-state.patch b/src/current-patches/0007-Smash-the-state.patch
deleted file mode 100644
index 16b03ea..0000000
--- a/src/current-patches/0007-Smash-the-state.patch
+++ /dev/null
@@ -1,37 +0,0 @@
-From b6b74cdac09ed294ea1b965e39e4e9ae64c5cbd8 Mon Sep 17 00:00:00 2001
-From: Mike Perry <mikeperry-git at fscked.org>
-Date: Sat, 3 Sep 2011 03:00:26 -0700
-Subject: [PATCH 7/7] Smash the state.
-
-What happened to you, Nederlanden? You used to be cool.
-
-This exemption is insecure as-is anyway, because we have no way of verifying
-that DigiNotar wasn't compromised enough to allow the attacker to sign
-certificates with an issuer string matching this exemption. The adversary
-would then be able to create a chain of Entrust -> DigiNotar -> "Staat der
-Nederlanden" -> *.torproject.org or *.google.com.
----
- security/manager/ssl/src/nsNSSCallbacks.cpp | 7 -------
- 1 files changed, 0 insertions(+), 7 deletions(-)
-
-diff --git a/security/manager/ssl/src/nsNSSCallbacks.cpp b/security/manager/ssl/src/nsNSSCallbacks.cpp
-index 5e3a888..43e1c19 100644
---- a/security/manager/ssl/src/nsNSSCallbacks.cpp
-+++ b/security/manager/ssl/src/nsNSSCallbacks.cpp
-@@ -1065,13 +1065,6 @@ PSM_SSL_BlacklistDigiNotar(CERTCertificate * serverCert,
- }
- }
- }
--
-- // By request of the Dutch government
-- if (!strcmp(node->cert->issuerName,
-- "CN=Staat der Nederlanden Root CA,O=Staat der Nederlanden,C=NL") &&
-- CERT_LIST_END(CERT_LIST_NEXT(node), serverCertChain)) {
-- return 0;
-- }
- }
-
- if (isDigiNotarIssuedCert)
---
-1.7.3.4
-
More information about the tor-commits
mailing list