aboutsummaryrefslogtreecommitdiffstats
path: root/www/firefox35
diff options
context:
space:
mode:
authormarcus <marcus@FreeBSD.org>2004-09-28 11:24:41 +0800
committermarcus <marcus@FreeBSD.org>2004-09-28 11:24:41 +0800
commit96a3409ec6eed567bae672212be23c3bf33098a3 (patch)
tree62e98a03f20461255142fa5b35f487b0317be417 /www/firefox35
parent9b18abdd9decadf1fc576e32dea38aa0cd43a76c (diff)
downloadfreebsd-ports-gnome-96a3409ec6eed567bae672212be23c3bf33098a3.tar.gz
freebsd-ports-gnome-96a3409ec6eed567bae672212be23c3bf33098a3.tar.zst
freebsd-ports-gnome-96a3409ec6eed567bae672212be23c3bf33098a3.zip
Patch the various recently reported security vulnerabilities in Mozilla.
This is being done instead of the update to 1.0 PR 1 since we're in a ports freeze, and too many big changes is not a good idea. This update covers the following Mozilla bugs: 250862 255067 256316 Thanks to nectar for scraping all of these patches together. Obtained from: Mozilla CVS Approved by: portmgr (implicit)
Diffstat (limited to 'www/firefox35')
-rw-r--r--www/firefox35/Makefile1
-rw-r--r--www/firefox35/files/patch-25086222
-rw-r--r--www/firefox35/files/patch-25506760
-rw-r--r--www/firefox35/files/patch-25631618
4 files changed, 101 insertions, 0 deletions
diff --git a/www/firefox35/Makefile b/www/firefox35/Makefile
index 4cf8da901bc2..1168c9a59e8f 100644
--- a/www/firefox35/Makefile
+++ b/www/firefox35/Makefile
@@ -7,6 +7,7 @@
PORTNAME= firefox
PORTVERSION= 0.9.3
+PORTREVISION= 1
CATEGORIES= www
MASTER_SITES= ${MASTER_SITE_MOZILLA}
MASTER_SITE_SUBDIR= ${PORTNAME}/releases/${PORTVERSION}
diff --git a/www/firefox35/files/patch-250862 b/www/firefox35/files/patch-250862
new file mode 100644
index 000000000000..05423dc84195
--- /dev/null
+++ b/www/firefox35/files/patch-250862
@@ -0,0 +1,22 @@
+Index: mozilla/xpfe/communicator/resources/content/contentAreaDD.js
+===================================================================
+RCS file: /cvsroot/mozilla/xpfe/communicator/resources/content/contentAreaDD.js,v
+retrieving revision 1.32
+retrieving revision 1.32.88.1
+diff -u -r1.32 -r1.32.88.1
+--- xpfe/communicator/resources/content/contentAreaDD.js 10 Jul 2002 01:23:50 -0000 1.32
++++ xpfe/communicator/resources/content/contentAreaDD.js 27 Aug 2004 01:13:39 -0000 1.32.88.1
+@@ -53,8 +53,11 @@
+ {
+ var url = transferUtils.retrieveURLFromData(aXferData.data, aXferData.flavour.contentType);
+
+- // valid urls don't contain spaces ' '; if we have a space it isn't a valid url so bail out
+- if (!url || !url.length || url.indexOf(" ", 0) != -1)
++ // valid urls don't contain spaces ' '; if we have a space it
++ // isn't a valid url, or if it's a javascript: or data: url,
++ // bail out
++ if (!url || !url.length || url.indexOf(" ", 0) != -1 ||
++ /^\s*(javascript|data):/.test(url))
+ return;
+
+ switch (document.firstChild.getAttribute('windowtype')) {
diff --git a/www/firefox35/files/patch-255067 b/www/firefox35/files/patch-255067
new file mode 100644
index 000000000000..cddf17ca8328
--- /dev/null
+++ b/www/firefox35/files/patch-255067
@@ -0,0 +1,60 @@
+Index: mozilla/gfx/src/shared/gfxImageFrame.cpp
+===================================================================
+RCS file: /cvsroot/mozilla/gfx/src/shared/gfxImageFrame.cpp,v
+retrieving revision 1.26
+retrieving revision 1.26.12.1
+diff -u -r1.26 -r1.26.12.1
+--- gfx/src/shared/gfxImageFrame.cpp 16 Jan 2004 23:28:48 -0000 1.26
++++ gfx/src/shared/gfxImageFrame.cpp 27 Aug 2004 11:02:58 -0000 1.26.12.1
+@@ -72,6 +72,13 @@
+ return NS_ERROR_FAILURE;
+ }
+
++ /* reject over-wide or over-tall images */
++ const PRInt32 k64KLimit = 0x0000FFFF;
++ if ( aWidth > k64KLimit || aHeight > k64KLimit ){
++ NS_ERROR("image too big");
++ return NS_ERROR_FAILURE;
++ }
++
+ nsresult rv;
+
+ mOffset.MoveTo(aX, aY);
+Index: mozilla/gfx/src/windows/nsImageWin.cpp
+===================================================================
+RCS file: /cvsroot/mozilla/gfx/src/windows/nsImageWin.cpp,v
+retrieving revision 3.130.2.1
+retrieving revision 3.130.2.1.6.1
+diff -u -r3.130.2.1 -r3.130.2.1.6.1
+--- gfx/src/windows/nsImageWin.cpp 11 May 2004 21:53:49 -0000 3.130.2.1
++++ gfx/src/windows/nsImageWin.cpp 27 Aug 2004 11:02:58 -0000 3.130.2.1.6.1
+@@ -131,6 +131,10 @@
+ return NS_ERROR_UNEXPECTED;
+ }
+
++ // limit images to 64k pixels on a side (~55 feet on a 100dpi monitor)
++ const PRInt32 k64KLimit = 0x0000FFFF;
++ if (aWidth > k64KLimit || aHeight > k64KLimit)
++ return NS_ERROR_FAILURE;
+
+ if (mNumPaletteColors >= 0){
+ // If we have a palette
+Index: mozilla/modules/libpr0n/decoders/bmp/nsBMPDecoder.cpp
+===================================================================
+RCS file: /cvsroot/mozilla/modules/libpr0n/decoders/bmp/nsBMPDecoder.cpp,v
+retrieving revision 1.24.2.1
+retrieving revision 1.24.2.1.6.1
+diff -u -r1.24.2.1 -r1.24.2.1.6.1
+--- modules/libpr0n/decoders/bmp/nsBMPDecoder.cpp 13 May 2004 22:27:35 -0000 1.24.2.1
++++ modules/libpr0n/decoders/bmp/nsBMPDecoder.cpp 27 Aug 2004 11:02:58 -0000 1.24.2.1.6.1
+@@ -274,7 +274,9 @@
+ CalcBitShift();
+ }
+ // BMPs with negative width are invalid
+- if (mBIH.width < 0)
++ // Reject extremely wide images to keep the math sane
++ const PRInt32 k64KWidth = 0x0000FFFF;
++ if (mBIH.width < 0 || mBIH.width > k64KWidth)
+ return NS_ERROR_FAILURE;
+
+ PRUint32 real_height = (mBIH.height > 0) ? mBIH.height : -mBIH.height;
diff --git a/www/firefox35/files/patch-256316 b/www/firefox35/files/patch-256316
new file mode 100644
index 000000000000..147d15e5303d
--- /dev/null
+++ b/www/firefox35/files/patch-256316
@@ -0,0 +1,18 @@
+Index: mozilla/netwerk/dns/src/nsIDNService.cpp
+===================================================================
+RCS file: /cvsroot/mozilla/netwerk/dns/src/nsIDNService.cpp,v
+retrieving revision 1.18
+retrieving revision 1.18.10.1
+diff -u -r1.18 -r1.18.10.1
+--- netwerk/dns/src/nsIDNService.cpp 3 Apr 2004 07:32:18 -0000 1.18
++++ netwerk/dns/src/nsIDNService.cpp 27 Aug 2004 11:23:21 -0000 1.18.10.1
+@@ -242,6 +242,9 @@
+
+ NS_IMETHODIMP nsIDNService::Normalize(const nsACString & input, nsACString & output)
+ {
++ // protect against bogus input
++ NS_ENSURE_TRUE(IsUTF8(input), NS_ERROR_UNEXPECTED);
++
+ nsAutoString outUTF16;
+ nsresult rv = stringPrep(NS_ConvertUTF8toUTF16(input), outUTF16);
+ if (NS_SUCCEEDED(rv))