aboutsummaryrefslogtreecommitdiffstats
path: root/www/firefox/files
diff options
context:
space:
mode:
authormiwi <miwi@FreeBSD.org>2009-04-22 16:49:19 +0800
committermiwi <miwi@FreeBSD.org>2009-04-22 16:49:19 +0800
commitff431a81975881f1c9c5cec9804104d544915050 (patch)
tree179d4fc48370dee0a85bc3b7e1ce7ad843014666 /www/firefox/files
parentd7fe3084cade4ed1f8b9bcf781860fd52596af9f (diff)
downloadfreebsd-ports-gnome-ff431a81975881f1c9c5cec9804104d544915050.tar.gz
freebsd-ports-gnome-ff431a81975881f1c9c5cec9804104d544915050.tar.zst
freebsd-ports-gnome-ff431a81975881f1c9c5cec9804104d544915050.zip
Backport patches to fix the following security vulnerabilities:
CVE-2009-1312 CVE-2009-0652 CVE-2009-1302 CVE-2009-1303 Obtained from: Mozilla Bugzilla Security: http://www.vuxml.org/freebsd/3b18e237-2f15-11de-9672-0030843d3802.html
Diffstat (limited to 'www/firefox/files')
-rw-r--r--www/firefox/files/patch-ff-45373646
-rw-r--r--www/firefox/files/patch-ff-47453628
-rw-r--r--www/firefox/files/patch-ff-47933613
3 files changed, 87 insertions, 0 deletions
diff --git a/www/firefox/files/patch-ff-453736 b/www/firefox/files/patch-ff-453736
new file mode 100644
index 000000000000..ba4f89f92981
--- /dev/null
+++ b/www/firefox/files/patch-ff-453736
@@ -0,0 +1,46 @@
+diff -p -U 8 -r1.15 nsSVGScriptElement.cpp
+--- content/svg/content/src/nsSVGScriptElement.cpp 28 Apr 2005 23:47:55 -0000 1.15
++++ content/svg/content/src/nsSVGScriptElement.cpp 26 Feb 2009 21:03:08 -0000
+@@ -177,17 +177,40 @@ nsSVGScriptElement::Init()
+ }
+
+ return NS_OK;
+ }
+
+ //----------------------------------------------------------------------
+ // nsIDOMNode methods
+
+-NS_IMPL_DOM_CLONENODE_WITH_INIT(nsSVGScriptElement)
++nsresult
++nsSVGScriptElement::CloneNode(PRBool aDeep, nsIDOMNode** aReturn)
++{
++ *aReturn = nsnull;
++
++ nsSVGScriptElement* it = new nsSVGScriptElement(mNodeInfo);
++ if (!it) {
++ return NS_ERROR_OUT_OF_MEMORY;
++ }
++
++ nsCOMPtr<nsIDOMNode> kungFuDeathGrip(it);
++
++ CopyInnerTo(it, aDeep);
++
++ // The clone should be marked evaluated if we are. It should also be marked
++ // evaluated if we're evaluating, to handle the case when this script node's
++ // script clones the node.
++ it->mIsEvaluated = mIsEvaluated || mEvaluating;
++ it->mLineNumber = mLineNumber;
++
++ kungFuDeathGrip.swap(*aReturn);
++
++ return NS_OK;
++}
+
+ //----------------------------------------------------------------------
+ // nsIDOMSVGScriptElement methods
+
+ /* attribute DOMString type; */
+ NS_IMETHODIMP
+ nsSVGScriptElement::GetType(nsAString & aType)
+ {
+
diff --git a/www/firefox/files/patch-ff-474536 b/www/firefox/files/patch-ff-474536
new file mode 100644
index 000000000000..7c9bb70ee2d6
--- /dev/null
+++ b/www/firefox/files/patch-ff-474536
@@ -0,0 +1,28 @@
+diff -U 8 -p -r3.181.2.104 jsinterp.c
+--- js/src/jsinterp.c 20 Oct 2008 15:43:57 -0000 3.181.2.104
++++ js/src/jsinterp.c 2 Apr 2009 14:44:48 -0000
+@@ -4722,21 +4722,21 @@ interrupt:
+
+ /*
+ * Try to optimize a property we either just created, or found
+ * directly in the global object, that is permanent, has a slot,
+ * and has stub getter and setter, into a "fast global" accessed
+ * by the JSOP_*GVAR opcodes.
+ */
+ if (atomIndex < script->numGlobalVars &&
+- (attrs & JSPROP_PERMANENT) &&
+ obj2 == obj &&
+ OBJ_IS_NATIVE(obj)) {
+ sprop = (JSScopeProperty *) prop;
+- if (SPROP_HAS_VALID_SLOT(sprop, OBJ_SCOPE(obj)) &&
++ if ((sprop->attrs & JSPROP_PERMANENT) &&
++ SPROP_HAS_VALID_SLOT(sprop, OBJ_SCOPE(obj)) &&
+ SPROP_HAS_STUB_GETTER(sprop) &&
+ SPROP_HAS_STUB_SETTER(sprop)) {
+ /*
+ * Fast globals use fp->vars to map the global name's
+ * atomIndex to the permanent fp->varobj slot number,
+ * tagged as a jsval. The atomIndex for the global's
+ * name literal is identical to its fp->vars index.
+ */
+
diff --git a/www/firefox/files/patch-ff-479336 b/www/firefox/files/patch-ff-479336
new file mode 100644
index 000000000000..1b279a8655ce
--- /dev/null
+++ b/www/firefox/files/patch-ff-479336
@@ -0,0 +1,13 @@
+diff -up mozilla/modules/libpref/src/init/all.js.479336 mozilla/modules/libpref/src/init/all.js
+--- modules/libpref/src/init/all.js.479336 2009-04-09 15:57:27.000000000 +0200
++++ modules/libpref/src/init/all.js 2009-04-09 15:59:56.000000000 +0200
+@@ -631,7 +631,7 @@ pref("network.IDN.whitelist.org", true);
+ // attempt and so we always display the domain name as punycode. This would
+ // override the settings "network.IDN_show_punycode" and
+ // "network.IDN.whitelist.*".
+-pref("network.IDN.blacklist_chars", "\u0020\u00A0\u00BC\u00BD\u01C3\u0337\u0338\u05C3\u05F4\u06D4\u0702\u115F\u1160\u2000\u2001\u2002\u2003\u2004\u2005\u2006\u2007\u2008\u2009\u200A\u200B\u2024\u2027\u2028\u2029\u202F\u2039\u203A\u2044\u205F\u2154\u2155\u2156\u2159\u215A\u215B\u215F\u2215\u23AE\u29F6\u29F8\u2AFB\u2AFD\u2FF0\u2FF1\u2FF2\u2FF3\u2FF4\u2FF5\u2FF6\u2FF7\u2FF8\u2FF9\u2FFA\u2FFB\u3000\u3002\u3014\u3015\u3033\u3164\u321D\u321E\u33AE\u33AF\u33C6\u33DF\uFE14\uFE15\uFE3F\uFE5D\uFE5E\uFEFF\uFF0E\uFF0F\uFF61\uFFA0\uFFF9\uFFFA\uFFFB\uFFFC\uFFFD");
++pref("network.IDN.blacklist_chars", "\u0020\u00A0\u00BC\u00BD\u00BE\u01C3\u02D0\u0337\u0338\u0589\u05C3\u05F4\u0609\u060A\u066A\u06D4\u0701\u0702\u0703\u0704\u115F\u1160\u1735\u2000\u2001\u2002\u2003\u2004\u2005\u2006\u2007\u2008\u2009\u200A\u200B\u2024\u2027\u2028\u2029\u202F\u2039\u203A\u2041\u2044\u2052\u205F\u2153\u2154\u2155\u2156\u2157\u2158\u2159\u215A\u215B\u215C\u215D\u215E\u215F\u2215\u2236\u23AE\u2571\u29F6\u29F8\u2AFB\u2AFD\u2FF0\u2FF1\u2FF2\u2FF3\u2FF4\u2FF5\u2FF6\u2FF7\u2FF8\u2FF9\u2FFA\u2FFB\u3000\u3002\u3014\u3015\u3033\u3164\u321D\u321E\u33AE\u33AF\u33C6\u33DF\uA789\uFE14\uFE15\uFE3F\uFE5D\uFE5E\uFEFF\uFF0E\uFF0F\uFF61\uFFA0\uFFF9\uFFFA\uFFFB\uFFFC\uFFFD");
+
+ // This preference specifies a list of domains for which DNS lookups will be
+ // IPv4 only. Works around broken DNS servers which can't handle IPv6 lookups
+