aboutsummaryrefslogtreecommitdiffstats
path: root/www/firefox
diff options
context:
space:
mode:
authormarcus <marcus@FreeBSD.org>2009-03-09 06:16:15 +0800
committermarcus <marcus@FreeBSD.org>2009-03-09 06:16:15 +0800
commit6dad41b16916ffd176e84db36def2c9e50e56d00 (patch)
treef63e1526b4525b5e97c035d3d05b5ce0a58ff557 /www/firefox
parentccccba28f87286d3a9b0ce874a2115fd11757116 (diff)
downloadfreebsd-ports-gnome-6dad41b16916ffd176e84db36def2c9e50e56d00.tar.gz
freebsd-ports-gnome-6dad41b16916ffd176e84db36def2c9e50e56d00.tar.zst
freebsd-ports-gnome-6dad41b16916ffd176e84db36def2c9e50e56d00.zip
Backport patches to fix the following security vulnerabilities:
CVE-2009-0776 CVE-2009-0775 CVE-2009-0772 Obtained from: Mozilla Bugzilla
Diffstat (limited to 'www/firefox')
-rw-r--r--www/firefox/Makefile2
-rw-r--r--www/firefox/files/patch-ff-414540118
-rw-r--r--www/firefox/files/patch-ff-47370929
-rw-r--r--www/firefox/files/patch-ff-475136108
4 files changed, 256 insertions, 1 deletions
diff --git a/www/firefox/Makefile b/www/firefox/Makefile
index a96b8f3b52e8..767a533671dc 100644
--- a/www/firefox/Makefile
+++ b/www/firefox/Makefile
@@ -8,7 +8,7 @@
PORTNAME= firefox
DISTVERSION= 2.0.0.20
-PORTREVISION= 3
+PORTREVISION= 4
PORTEPOCH= 1
CATEGORIES= www ipv6
MASTER_SITES= ${MASTER_SITE_MOZILLA_EXTENDED}
diff --git a/www/firefox/files/patch-ff-414540 b/www/firefox/files/patch-ff-414540
new file mode 100644
index 000000000000..75cbf9b5cf3f
--- /dev/null
+++ b/www/firefox/files/patch-ff-414540
@@ -0,0 +1,118 @@
+diff -up mozilla/rdf/base/src/Makefile.in.414540 mozilla/rdf/base/src/Makefile.in
+--- rdf/base/src/Makefile.in.414540 2005-06-24 09:49:43.000000000 +0200
++++ rdf/base/src/Makefile.in 2009-02-20 22:48:06.000000000 +0100
+@@ -49,6 +49,9 @@ LIBXUL_LIBRARY = 1
+ REQUIRES = xpcom \
+ string \
+ rdfutil \
++ js \
++ caps \
++ xpconnect \
+ necko \
+ content \
+ htmlparser \
+diff -up mozilla/rdf/base/src/nsRDFXMLDataSource.cpp.414540 mozilla/rdf/base/src/nsRDFXMLDataSource.cpp
+--- rdf/base/src/nsRDFXMLDataSource.cpp.414540 2005-06-24 09:49:43.000000000 +0200
++++ rdf/base/src/nsRDFXMLDataSource.cpp 2009-02-20 23:20:55.000000000 +0100
+@@ -122,6 +122,9 @@
+ #include "prlog.h"
+ #include "nsNameSpaceMap.h"
+ #include "nsCRT.h"
++#include "nsIScriptSecurityManager.h"
++#include "nsIChannelEventSink.h"
++#include "nsNetUtil.h"
+
+ #include "rdfIDataSource.h"
+
+@@ -218,7 +221,9 @@ class RDFXMLDataSourceImpl : public nsIR
+ public nsIRDFXMLSink,
+ public nsIRDFXMLSource,
+ public nsIStreamListener,
+- public rdfIDataSource
++ public rdfIDataSource,
++ public nsIInterfaceRequestor,
++ public nsIChannelEventSink
+ {
+ protected:
+ enum LoadState {
+@@ -389,6 +394,12 @@ public:
+ // nsIStreamListener
+ NS_DECL_NSISTREAMLISTENER
+
++ // nsIInterfaceRequestor
++ NS_DECL_NSIINTERFACEREQUESTOR
++
++ // nsIChannelEventSink
++ NS_DECL_NSICHANNELEVENTSINK
++
+ // rdfIDataSource
+ NS_IMETHOD VisitAllSubjects(rdfITripleVisitor *aVisitor) {
+ nsresult rv;
+@@ -537,15 +548,23 @@ RDFXMLDataSourceImpl::~RDFXMLDataSourceI
+ }
+
+
+-NS_IMPL_ISUPPORTS7(RDFXMLDataSourceImpl,
++NS_IMPL_ISUPPORTS9(RDFXMLDataSourceImpl,
+ nsIRDFDataSource,
+ nsIRDFRemoteDataSource,
+ nsIRDFXMLSink,
+ nsIRDFXMLSource,
+ nsIRequestObserver,
+ nsIStreamListener,
+- rdfIDataSource)
+-
++ rdfIDataSource,
++ nsIInterfaceRequestor,
++ nsIChannelEventSink)
++
++// nsIInterfaceRequestor
++NS_IMETHODIMP
++RDFXMLDataSourceImpl::GetInterface(const nsIID& aIID, void** aSink)
++{
++ return QueryInterface(aIID, aSink);
++}
+
+ nsresult
+ RDFXMLDataSourceImpl::BlockingParse(nsIURI* aURL, nsIStreamListener* aConsumer)
+@@ -924,6 +943,31 @@ RDFXMLDataSourceImpl::SetReadOnly(PRBool
+
+ #include "nsITimelineService.h"
+
++// nsIChannelEventSink
++
++NS_IMETHODIMP
++RDFXMLDataSourceImpl::OnChannelRedirect(nsIChannel *aOldChannel,
++ nsIChannel *aNewChannel,
++ PRUint32 aFlags)
++{
++ NS_PRECONDITION(aNewChannel, "Redirecting to null channel?");
++
++ nsresult rv;
++ nsCOMPtr<nsIScriptSecurityManager> secMan =
++ do_GetService(NS_SCRIPTSECURITYMANAGER_CONTRACTID, &rv);
++ NS_ENSURE_SUCCESS(rv, rv);
++
++ nsCOMPtr<nsIURI> oldURI;
++ rv = aOldChannel->GetURI(getter_AddRefs(oldURI));
++ NS_ENSURE_SUCCESS(rv, rv);
++
++ nsCOMPtr<nsIURI> newURI;
++ rv = aNewChannel->GetURI(getter_AddRefs(newURI));
++ NS_ENSURE_SUCCESS(rv, rv);
++
++ return secMan->CheckSameOriginURI(oldURI, newURI);
++}
++
+ NS_IMETHODIMP
+ RDFXMLDataSourceImpl::Refresh(PRBool aBlocking)
+ {
+@@ -972,7 +1016,7 @@ RDFXMLDataSourceImpl::Refresh(PRBool aBl
+ }
+ else {
+ // Null LoadGroup ?
+- rv = NS_OpenURI(this, nsnull, mURL, nsnull);
++ rv = NS_OpenURI(this, nsnull, mURL, nsnull, nsnull, this);
+ if (NS_FAILED(rv)) return rv;
+
+ // So we don't try to issue two asynchronous loads at once.
diff --git a/www/firefox/files/patch-ff-473709 b/www/firefox/files/patch-ff-473709
new file mode 100644
index 000000000000..71a89f501b4c
--- /dev/null
+++ b/www/firefox/files/patch-ff-473709
@@ -0,0 +1,29 @@
+diff --git a/js/src/jsregexp.c b/js/src/jsregexp.c
+--- js/src/jsregexp.c
++++ js/src/jsregexp.c
+@@ -4148,20 +4148,22 @@ js_NewRegExpObject(JSContext *cx, JSToke
+ JSString *str;
+ JSObject *obj;
+ JSRegExp *re;
+ JSTempValueRooter tvr;
+
+ str = js_NewStringCopyN(cx, chars, length, 0);
+ if (!str)
+ return NULL;
++ JS_PUSH_TEMP_ROOT_STRING(cx, str, &tvr);
+ re = js_NewRegExp(cx, ts, str, flags, JS_FALSE);
+- if (!re)
+- return NULL;
+- JS_PUSH_TEMP_ROOT_STRING(cx, str, &tvr);
++ if (!re) {
++ JS_POP_TEMP_ROOT(cx, &tvr);
++ return NULL;
++ }
+ obj = js_NewObject(cx, &js_RegExpClass, NULL, NULL);
+ if (!obj || !JS_SetPrivate(cx, obj, re)) {
+ js_DestroyRegExp(cx, re);
+ obj = NULL;
+ }
+ if (obj && !js_SetLastIndex(cx, obj, 0))
+ obj = NULL;
+ JS_POP_TEMP_ROOT(cx, &tvr);
diff --git a/www/firefox/files/patch-ff-475136 b/www/firefox/files/patch-ff-475136
new file mode 100644
index 000000000000..67994f9c9b8a
--- /dev/null
+++ b/www/firefox/files/patch-ff-475136
@@ -0,0 +1,108 @@
+diff -up mozilla/content/base/src/nsStyleLinkElement.cpp.475136 mozilla/content/base/src/nsStyleLinkElement.cpp
+--- content/base/src/nsStyleLinkElement.cpp.475136 2005-04-19 03:27:09.000000000 +0200
++++ content/base/src/nsStyleLinkElement.cpp 2009-02-17 18:01:21.000000000 +0100
+@@ -63,10 +63,7 @@ nsStyleLinkElement::nsStyleLinkElement()
+
+ nsStyleLinkElement::~nsStyleLinkElement()
+ {
+- nsCOMPtr<nsICSSStyleSheet> cssSheet = do_QueryInterface(mStyleSheet);
+- if (cssSheet) {
+- cssSheet->SetOwningNode(nsnull);
+- }
++ nsStyleLinkElement::SetStyleSheet(nsnull);
+ }
+
+ NS_IMETHODIMP
+@@ -199,7 +196,7 @@ nsStyleLinkElement::UpdateStyleSheet(nsI
+ aOldDocument->BeginUpdate(UPDATE_STYLE);
+ aOldDocument->RemoveStyleSheet(mStyleSheet);
+ aOldDocument->EndUpdate(UPDATE_STYLE);
+- mStyleSheet = nsnull;
++ nsStyleLinkElement::SetStyleSheet(nsnull);
+ }
+
+ if (mDontLoadStyle || !mUpdatesEnabled) {
+@@ -245,7 +242,7 @@ nsStyleLinkElement::UpdateStyleSheet(nsI
+ doc->BeginUpdate(UPDATE_STYLE);
+ doc->RemoveStyleSheet(mStyleSheet);
+ doc->EndUpdate(UPDATE_STYLE);
+- mStyleSheet = nsnull;
++ nsStyleLinkElement::SetStyleSheet(nsnull);
+ }
+
+ if (!uri && !isInline) {
+diff -up mozilla/content/base/src/nsStyleLinkElement.h.475136 mozilla/content/base/src/nsStyleLinkElement.h
+--- content/base/src/nsStyleLinkElement.h.475136 2004-09-09 19:32:34.000000000 +0200
++++ content/base/src/nsStyleLinkElement.h 2009-02-17 18:12:08.000000000 +0100
+@@ -72,6 +72,7 @@ public:
+
+ static void ParseLinkTypes(const nsAString& aTypes, nsStringArray& aResult);
+
++
+ protected:
+ virtual void GetStyleSheetURL(PRBool* aIsInline,
+ nsIURI** aURI) = 0;
+@@ -79,13 +80,16 @@ protected:
+ nsAString& aType,
+ nsAString& aMedia,
+ PRBool* aIsAlternate) = 0;
++ nsIStyleSheet* GetStyleSheet() { return mStyleSheet; }
+
+
+- nsCOMPtr<nsIStyleSheet> mStyleSheet;
+ nsCOMPtr<nsIParser> mParser;
+ PRPackedBool mDontLoadStyle;
+ PRPackedBool mUpdatesEnabled;
+ PRUint32 mLineNumber;
++
++private:
++ nsCOMPtr<nsIStyleSheet> mStyleSheet;
+ };
+
+ #endif /* nsStyleLinkElement_h___ */
+diff -up mozilla/content/html/content/src/nsHTMLLinkElement.cpp.475136 mozilla/content/html/content/src/nsHTMLLinkElement.cpp
+--- content/html/content/src/nsHTMLLinkElement.cpp.475136 2005-08-10 22:21:42.000000000 +0200
++++ content/html/content/src/nsHTMLLinkElement.cpp 2009-02-17 18:14:51.000000000 +0100
+@@ -159,7 +159,7 @@ NS_IMPL_DOM_CLONENODE(nsHTMLLinkElement)
+ NS_IMETHODIMP
+ nsHTMLLinkElement::GetDisabled(PRBool* aDisabled)
+ {
+- nsCOMPtr<nsIDOMStyleSheet> ss(do_QueryInterface(mStyleSheet));
++ nsCOMPtr<nsIDOMStyleSheet> ss(do_QueryInterface(GetStyleSheet()));
+ nsresult result = NS_OK;
+
+ if (ss) {
+@@ -174,7 +174,7 @@ nsHTMLLinkElement::GetDisabled(PRBool* a
+ NS_IMETHODIMP
+ nsHTMLLinkElement::SetDisabled(PRBool aDisabled)
+ {
+- nsCOMPtr<nsIDOMStyleSheet> ss(do_QueryInterface(mStyleSheet));
++ nsCOMPtr<nsIDOMStyleSheet> ss(do_QueryInterface(GetStyleSheet()));
+ nsresult result = NS_OK;
+
+ if (ss) {
+diff -up mozilla/content/html/content/src/nsHTMLStyleElement.cpp.475136 mozilla/content/html/content/src/nsHTMLStyleElement.cpp
+--- content/html/content/src/nsHTMLStyleElement.cpp.475136 2005-04-19 00:58:30.000000000 +0200
++++ content/html/content/src/nsHTMLStyleElement.cpp 2009-02-17 18:01:21.000000000 +0100
+@@ -141,8 +141,8 @@ nsHTMLStyleElement::GetDisabled(PRBool*
+ {
+ nsresult result = NS_OK;
+
+- if (mStyleSheet) {
+- nsCOMPtr<nsIDOMStyleSheet> ss(do_QueryInterface(mStyleSheet));
++ if (GetStyleSheet()) {
++ nsCOMPtr<nsIDOMStyleSheet> ss(do_QueryInterface(GetStyleSheet()));
+
+ if (ss) {
+ result = ss->GetDisabled(aDisabled);
+@@ -160,8 +160,8 @@ nsHTMLStyleElement::SetDisabled(PRBool a
+ {
+ nsresult result = NS_OK;
+
+- if (mStyleSheet) {
+- nsCOMPtr<nsIDOMStyleSheet> ss(do_QueryInterface(mStyleSheet));
++ if (GetStyleSheet()) {
++ nsCOMPtr<nsIDOMStyleSheet> ss(do_QueryInterface(GetStyleSheet()));
+
+ if (ss) {
+ result = ss->SetDisabled(aDisabled);