diff options
author | marcus <marcus@FreeBSD.org> | 2009-03-09 06:16:15 +0800 |
---|---|---|
committer | marcus <marcus@FreeBSD.org> | 2009-03-09 06:16:15 +0800 |
commit | 6dad41b16916ffd176e84db36def2c9e50e56d00 (patch) | |
tree | f63e1526b4525b5e97c035d3d05b5ce0a58ff557 /www/firefox | |
parent | ccccba28f87286d3a9b0ce874a2115fd11757116 (diff) | |
download | freebsd-ports-gnome-6dad41b16916ffd176e84db36def2c9e50e56d00.tar.gz freebsd-ports-gnome-6dad41b16916ffd176e84db36def2c9e50e56d00.tar.zst freebsd-ports-gnome-6dad41b16916ffd176e84db36def2c9e50e56d00.zip |
Backport patches to fix the following security vulnerabilities:
CVE-2009-0776
CVE-2009-0775
CVE-2009-0772
Obtained from: Mozilla Bugzilla
Diffstat (limited to 'www/firefox')
-rw-r--r-- | www/firefox/Makefile | 2 | ||||
-rw-r--r-- | www/firefox/files/patch-ff-414540 | 118 | ||||
-rw-r--r-- | www/firefox/files/patch-ff-473709 | 29 | ||||
-rw-r--r-- | www/firefox/files/patch-ff-475136 | 108 |
4 files changed, 256 insertions, 1 deletions
diff --git a/www/firefox/Makefile b/www/firefox/Makefile index a96b8f3b52e8..767a533671dc 100644 --- a/www/firefox/Makefile +++ b/www/firefox/Makefile @@ -8,7 +8,7 @@ PORTNAME= firefox DISTVERSION= 2.0.0.20 -PORTREVISION= 3 +PORTREVISION= 4 PORTEPOCH= 1 CATEGORIES= www ipv6 MASTER_SITES= ${MASTER_SITE_MOZILLA_EXTENDED} diff --git a/www/firefox/files/patch-ff-414540 b/www/firefox/files/patch-ff-414540 new file mode 100644 index 000000000000..75cbf9b5cf3f --- /dev/null +++ b/www/firefox/files/patch-ff-414540 @@ -0,0 +1,118 @@ +diff -up mozilla/rdf/base/src/Makefile.in.414540 mozilla/rdf/base/src/Makefile.in +--- rdf/base/src/Makefile.in.414540 2005-06-24 09:49:43.000000000 +0200 ++++ rdf/base/src/Makefile.in 2009-02-20 22:48:06.000000000 +0100 +@@ -49,6 +49,9 @@ LIBXUL_LIBRARY = 1 + REQUIRES = xpcom \ + string \ + rdfutil \ ++ js \ ++ caps \ ++ xpconnect \ + necko \ + content \ + htmlparser \ +diff -up mozilla/rdf/base/src/nsRDFXMLDataSource.cpp.414540 mozilla/rdf/base/src/nsRDFXMLDataSource.cpp +--- rdf/base/src/nsRDFXMLDataSource.cpp.414540 2005-06-24 09:49:43.000000000 +0200 ++++ rdf/base/src/nsRDFXMLDataSource.cpp 2009-02-20 23:20:55.000000000 +0100 +@@ -122,6 +122,9 @@ + #include "prlog.h" + #include "nsNameSpaceMap.h" + #include "nsCRT.h" ++#include "nsIScriptSecurityManager.h" ++#include "nsIChannelEventSink.h" ++#include "nsNetUtil.h" + + #include "rdfIDataSource.h" + +@@ -218,7 +221,9 @@ class RDFXMLDataSourceImpl : public nsIR + public nsIRDFXMLSink, + public nsIRDFXMLSource, + public nsIStreamListener, +- public rdfIDataSource ++ public rdfIDataSource, ++ public nsIInterfaceRequestor, ++ public nsIChannelEventSink + { + protected: + enum LoadState { +@@ -389,6 +394,12 @@ public: + // nsIStreamListener + NS_DECL_NSISTREAMLISTENER + ++ // nsIInterfaceRequestor ++ NS_DECL_NSIINTERFACEREQUESTOR ++ ++ // nsIChannelEventSink ++ NS_DECL_NSICHANNELEVENTSINK ++ + // rdfIDataSource + NS_IMETHOD VisitAllSubjects(rdfITripleVisitor *aVisitor) { + nsresult rv; +@@ -537,15 +548,23 @@ RDFXMLDataSourceImpl::~RDFXMLDataSourceI + } + + +-NS_IMPL_ISUPPORTS7(RDFXMLDataSourceImpl, ++NS_IMPL_ISUPPORTS9(RDFXMLDataSourceImpl, + nsIRDFDataSource, + nsIRDFRemoteDataSource, + nsIRDFXMLSink, + nsIRDFXMLSource, + nsIRequestObserver, + nsIStreamListener, +- rdfIDataSource) +- ++ rdfIDataSource, ++ nsIInterfaceRequestor, ++ nsIChannelEventSink) ++ ++// nsIInterfaceRequestor ++NS_IMETHODIMP ++RDFXMLDataSourceImpl::GetInterface(const nsIID& aIID, void** aSink) ++{ ++ return QueryInterface(aIID, aSink); ++} + + nsresult + RDFXMLDataSourceImpl::BlockingParse(nsIURI* aURL, nsIStreamListener* aConsumer) +@@ -924,6 +943,31 @@ RDFXMLDataSourceImpl::SetReadOnly(PRBool + + #include "nsITimelineService.h" + ++// nsIChannelEventSink ++ ++NS_IMETHODIMP ++RDFXMLDataSourceImpl::OnChannelRedirect(nsIChannel *aOldChannel, ++ nsIChannel *aNewChannel, ++ PRUint32 aFlags) ++{ ++ NS_PRECONDITION(aNewChannel, "Redirecting to null channel?"); ++ ++ nsresult rv; ++ nsCOMPtr<nsIScriptSecurityManager> secMan = ++ do_GetService(NS_SCRIPTSECURITYMANAGER_CONTRACTID, &rv); ++ NS_ENSURE_SUCCESS(rv, rv); ++ ++ nsCOMPtr<nsIURI> oldURI; ++ rv = aOldChannel->GetURI(getter_AddRefs(oldURI)); ++ NS_ENSURE_SUCCESS(rv, rv); ++ ++ nsCOMPtr<nsIURI> newURI; ++ rv = aNewChannel->GetURI(getter_AddRefs(newURI)); ++ NS_ENSURE_SUCCESS(rv, rv); ++ ++ return secMan->CheckSameOriginURI(oldURI, newURI); ++} ++ + NS_IMETHODIMP + RDFXMLDataSourceImpl::Refresh(PRBool aBlocking) + { +@@ -972,7 +1016,7 @@ RDFXMLDataSourceImpl::Refresh(PRBool aBl + } + else { + // Null LoadGroup ? +- rv = NS_OpenURI(this, nsnull, mURL, nsnull); ++ rv = NS_OpenURI(this, nsnull, mURL, nsnull, nsnull, this); + if (NS_FAILED(rv)) return rv; + + // So we don't try to issue two asynchronous loads at once. diff --git a/www/firefox/files/patch-ff-473709 b/www/firefox/files/patch-ff-473709 new file mode 100644 index 000000000000..71a89f501b4c --- /dev/null +++ b/www/firefox/files/patch-ff-473709 @@ -0,0 +1,29 @@ +diff --git a/js/src/jsregexp.c b/js/src/jsregexp.c +--- js/src/jsregexp.c ++++ js/src/jsregexp.c +@@ -4148,20 +4148,22 @@ js_NewRegExpObject(JSContext *cx, JSToke + JSString *str; + JSObject *obj; + JSRegExp *re; + JSTempValueRooter tvr; + + str = js_NewStringCopyN(cx, chars, length, 0); + if (!str) + return NULL; ++ JS_PUSH_TEMP_ROOT_STRING(cx, str, &tvr); + re = js_NewRegExp(cx, ts, str, flags, JS_FALSE); +- if (!re) +- return NULL; +- JS_PUSH_TEMP_ROOT_STRING(cx, str, &tvr); ++ if (!re) { ++ JS_POP_TEMP_ROOT(cx, &tvr); ++ return NULL; ++ } + obj = js_NewObject(cx, &js_RegExpClass, NULL, NULL); + if (!obj || !JS_SetPrivate(cx, obj, re)) { + js_DestroyRegExp(cx, re); + obj = NULL; + } + if (obj && !js_SetLastIndex(cx, obj, 0)) + obj = NULL; + JS_POP_TEMP_ROOT(cx, &tvr); diff --git a/www/firefox/files/patch-ff-475136 b/www/firefox/files/patch-ff-475136 new file mode 100644 index 000000000000..67994f9c9b8a --- /dev/null +++ b/www/firefox/files/patch-ff-475136 @@ -0,0 +1,108 @@ +diff -up mozilla/content/base/src/nsStyleLinkElement.cpp.475136 mozilla/content/base/src/nsStyleLinkElement.cpp +--- content/base/src/nsStyleLinkElement.cpp.475136 2005-04-19 03:27:09.000000000 +0200 ++++ content/base/src/nsStyleLinkElement.cpp 2009-02-17 18:01:21.000000000 +0100 +@@ -63,10 +63,7 @@ nsStyleLinkElement::nsStyleLinkElement() + + nsStyleLinkElement::~nsStyleLinkElement() + { +- nsCOMPtr<nsICSSStyleSheet> cssSheet = do_QueryInterface(mStyleSheet); +- if (cssSheet) { +- cssSheet->SetOwningNode(nsnull); +- } ++ nsStyleLinkElement::SetStyleSheet(nsnull); + } + + NS_IMETHODIMP +@@ -199,7 +196,7 @@ nsStyleLinkElement::UpdateStyleSheet(nsI + aOldDocument->BeginUpdate(UPDATE_STYLE); + aOldDocument->RemoveStyleSheet(mStyleSheet); + aOldDocument->EndUpdate(UPDATE_STYLE); +- mStyleSheet = nsnull; ++ nsStyleLinkElement::SetStyleSheet(nsnull); + } + + if (mDontLoadStyle || !mUpdatesEnabled) { +@@ -245,7 +242,7 @@ nsStyleLinkElement::UpdateStyleSheet(nsI + doc->BeginUpdate(UPDATE_STYLE); + doc->RemoveStyleSheet(mStyleSheet); + doc->EndUpdate(UPDATE_STYLE); +- mStyleSheet = nsnull; ++ nsStyleLinkElement::SetStyleSheet(nsnull); + } + + if (!uri && !isInline) { +diff -up mozilla/content/base/src/nsStyleLinkElement.h.475136 mozilla/content/base/src/nsStyleLinkElement.h +--- content/base/src/nsStyleLinkElement.h.475136 2004-09-09 19:32:34.000000000 +0200 ++++ content/base/src/nsStyleLinkElement.h 2009-02-17 18:12:08.000000000 +0100 +@@ -72,6 +72,7 @@ public: + + static void ParseLinkTypes(const nsAString& aTypes, nsStringArray& aResult); + ++ + protected: + virtual void GetStyleSheetURL(PRBool* aIsInline, + nsIURI** aURI) = 0; +@@ -79,13 +80,16 @@ protected: + nsAString& aType, + nsAString& aMedia, + PRBool* aIsAlternate) = 0; ++ nsIStyleSheet* GetStyleSheet() { return mStyleSheet; } + + +- nsCOMPtr<nsIStyleSheet> mStyleSheet; + nsCOMPtr<nsIParser> mParser; + PRPackedBool mDontLoadStyle; + PRPackedBool mUpdatesEnabled; + PRUint32 mLineNumber; ++ ++private: ++ nsCOMPtr<nsIStyleSheet> mStyleSheet; + }; + + #endif /* nsStyleLinkElement_h___ */ +diff -up mozilla/content/html/content/src/nsHTMLLinkElement.cpp.475136 mozilla/content/html/content/src/nsHTMLLinkElement.cpp +--- content/html/content/src/nsHTMLLinkElement.cpp.475136 2005-08-10 22:21:42.000000000 +0200 ++++ content/html/content/src/nsHTMLLinkElement.cpp 2009-02-17 18:14:51.000000000 +0100 +@@ -159,7 +159,7 @@ NS_IMPL_DOM_CLONENODE(nsHTMLLinkElement) + NS_IMETHODIMP + nsHTMLLinkElement::GetDisabled(PRBool* aDisabled) + { +- nsCOMPtr<nsIDOMStyleSheet> ss(do_QueryInterface(mStyleSheet)); ++ nsCOMPtr<nsIDOMStyleSheet> ss(do_QueryInterface(GetStyleSheet())); + nsresult result = NS_OK; + + if (ss) { +@@ -174,7 +174,7 @@ nsHTMLLinkElement::GetDisabled(PRBool* a + NS_IMETHODIMP + nsHTMLLinkElement::SetDisabled(PRBool aDisabled) + { +- nsCOMPtr<nsIDOMStyleSheet> ss(do_QueryInterface(mStyleSheet)); ++ nsCOMPtr<nsIDOMStyleSheet> ss(do_QueryInterface(GetStyleSheet())); + nsresult result = NS_OK; + + if (ss) { +diff -up mozilla/content/html/content/src/nsHTMLStyleElement.cpp.475136 mozilla/content/html/content/src/nsHTMLStyleElement.cpp +--- content/html/content/src/nsHTMLStyleElement.cpp.475136 2005-04-19 00:58:30.000000000 +0200 ++++ content/html/content/src/nsHTMLStyleElement.cpp 2009-02-17 18:01:21.000000000 +0100 +@@ -141,8 +141,8 @@ nsHTMLStyleElement::GetDisabled(PRBool* + { + nsresult result = NS_OK; + +- if (mStyleSheet) { +- nsCOMPtr<nsIDOMStyleSheet> ss(do_QueryInterface(mStyleSheet)); ++ if (GetStyleSheet()) { ++ nsCOMPtr<nsIDOMStyleSheet> ss(do_QueryInterface(GetStyleSheet())); + + if (ss) { + result = ss->GetDisabled(aDisabled); +@@ -160,8 +160,8 @@ nsHTMLStyleElement::SetDisabled(PRBool a + { + nsresult result = NS_OK; + +- if (mStyleSheet) { +- nsCOMPtr<nsIDOMStyleSheet> ss(do_QueryInterface(mStyleSheet)); ++ if (GetStyleSheet()) { ++ nsCOMPtr<nsIDOMStyleSheet> ss(do_QueryInterface(GetStyleSheet())); + + if (ss) { + result = ss->SetDisabled(aDisabled); |