[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-commits] [torbrowser/master] Merge branches 'bug3907+3666' and 'maint-2.2' into maint-2.2

To: tor-commits@xxxxxxxxxxxxxxxxxxxx
Subject: [tor-commits] [torbrowser/master] Merge branches 'bug3907+3666' and 'maint-2.2' into maint-2.2
From: erinn@xxxxxxxxxxxxxx
Date: Sun, 23 Oct 2011 23:18:31 +0000 (UTC)
Delivered-to: archiver@xxxxxxxx
Delivery-date: Sun, 23 Oct 2011 19:37:54 -0400
List-archive: <http://lists.torproject.org/pipermail/tor-commits>
List-help: <mailto:tor-commits-request@lists.torproject.org?subject=help>
List-id: code repository commits <tor-commits.lists.torproject.org>
List-post: <mailto:tor-commits@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits>, <mailto:tor-commits-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-commits>, <mailto:tor-commits-request@lists.torproject.org?subject=unsubscribe>
Patch-author: Erinn Clark <erinn@xxxxxxxxxxxxxx>
Sender: tor-commits-bounces@xxxxxxxxxxxxxxxxxxxx

commit 85e212a588510ae80435096b0c95cdf03a924ab8
Merge: a969596 9e3fe9a
Author: Erinn Clark <erinn@xxxxxxxxxxxxxx>
Date:   Sun Sep 4 22:12:45 2011 +0100

    Merge branches 'bug3907+3666' and 'maint-2.2' into maint-2.2

 src/archived-patches/0005-Smash-the-state.patch    |   37 +++++++++
 ...th-headers-before-the-modify-request-obse.patch |   51 ++++++++++++
 .../0007-Add-a-string-based-cacheKey.patch         |   85 ++++++++++++++++++++
 3 files changed, 173 insertions(+), 0 deletions(-)

diff --cc src/archived-patches/0005-Smash-the-state.patch
index 0000000,0000000..16b03ea
new file mode 100644
--- /dev/null
+++ b/src/archived-patches/0005-Smash-the-state.patch
@@@ -1,0 -1,0 +1,37 @@@
++From b6b74cdac09ed294ea1b965e39e4e9ae64c5cbd8 Mon Sep 17 00:00:00 2001
++From: Mike Perry <mikeperry-git@xxxxxxxxxx>
++Date: Sat, 3 Sep 2011 03:00:26 -0700
++Subject: [PATCH 7/7] Smash the state.
++
++What happened to you, Nederlanden? You used to be cool.
++
++This exemption is insecure as-is anyway, because we have no way of verifying
++that DigiNotar wasn't compromised enough to allow the attacker to sign
++certificates with an issuer string matching this exemption. The adversary
++would then be able to create a chain of Entrust -> DigiNotar -> "Staat der
++Nederlanden" -> *.torproject.org or *.google.com.
++---
++ security/manager/ssl/src/nsNSSCallbacks.cpp |    7 -------
++ 1 files changed, 0 insertions(+), 7 deletions(-)
++
++diff --git a/security/manager/ssl/src/nsNSSCallbacks.cpp b/security/manager/ssl/src/nsNSSCallbacks.cpp
++index 5e3a888..43e1c19 100644
++--- a/security/manager/ssl/src/nsNSSCallbacks.cpp
+++++ b/security/manager/ssl/src/nsNSSCallbacks.cpp
++@@ -1065,13 +1065,6 @@ PSM_SSL_BlacklistDigiNotar(CERTCertificate * serverCert,
++         }
++       }
++     }
++-
++-    // By request of the Dutch government
++-    if (!strcmp(node->cert->issuerName,
++-                "CN=Staat der Nederlanden Root CA,O=Staat der Nederlanden,C=NL") &&
++-        CERT_LIST_END(CERT_LIST_NEXT(node), serverCertChain)) {
++-      return 0;
++-    }
++   }
++ 
++   if (isDigiNotarIssuedCert)
++-- 
++1.7.3.4
++



_______________________________________________
tor-commits mailing list
tor-commits@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

Prev by Author: [tor-commits] [torbrowser/master] Merge branch 'bug2525' into maint-2.2
Next by Author: [tor-commits] [torbrowser/master] update #3666 description courtesy of mikeperry
Previous by thread: [tor-commits] [torbrowser/master] Merge branch 'bug2525' into maint-2.2
Next by thread: [tor-commits] [torbrowser/master] update #3666 description courtesy of mikeperry
Index(es):
- Author
- Thread