diff options
author | marcus <marcus@FreeBSD.org> | 2002-05-06 04:00:22 +0800 |
---|---|---|
committer | marcus <marcus@FreeBSD.org> | 2002-05-06 04:00:22 +0800 |
commit | 09930df9986bfd3b84ee402627e636d45953efd1 (patch) | |
tree | b9acdd2c2be1b80da3dc1db661eb8b68f5c1c3b4 /www/mozilla-devel | |
parent | 21bda79932d3b03233f6da5650e7c313735df78c (diff) | |
download | freebsd-ports-gnome-09930df9986bfd3b84ee402627e636d45953efd1.tar.gz freebsd-ports-gnome-09930df9986bfd3b84ee402627e636d45953efd1.tar.zst freebsd-ports-gnome-09930df9986bfd3b84ee402627e636d45953efd1.zip |
Fix recent security vulnerability in Mozilla, as well as the resulting
segmentation fault after the initial patch was applied.
See http://sec.greymagic.com/adv/gm001-ns/ for more details on the
vulnerability.
Obtained from: Mozilla's Bugzilla database (bugs 141061 and 137644)
Diffstat (limited to 'www/mozilla-devel')
-rw-r--r-- | www/mozilla-devel/Makefile | 3 | ||||
-rw-r--r-- | www/mozilla-devel/files/patch-security_fix | 97 |
2 files changed, 98 insertions, 2 deletions
diff --git a/www/mozilla-devel/Makefile b/www/mozilla-devel/Makefile index 3fcb53b5a569..5a6c4e5cc1ce 100644 --- a/www/mozilla-devel/Makefile +++ b/www/mozilla-devel/Makefile @@ -7,6 +7,7 @@ PORTNAME= mozilla PORTVERSION= 1.0.rc1 +PORTREVISION= 1 PORTEPOCH= 1 CATEGORIES= www MASTER_SITES= ${MASTER_SITE_MOZILLA} \ @@ -18,8 +19,6 @@ DISTFILES= ${PORTNAME}-source-${PORTVERSION}${EXTRACT_SUFX} \ MAINTAINER= gnome@FreeBSD.org -FORBIDDEN= "malicious Web servers can upload files--see http://sec.greymagic.com/adv/gm001-ns/ or http://www.heise.de/ct/browsercheck/n6demo1.shtml " - BUILD_DEPENDS= zip:${PORTSDIR}/archivers/zip \ freetype-config:${PORTSDIR}/print/freetype2 LIB_DEPENDS= ORBit.2:${PORTSDIR}/devel/ORBit \ diff --git a/www/mozilla-devel/files/patch-security_fix b/www/mozilla-devel/files/patch-security_fix new file mode 100644 index 000000000000..0642799d0784 --- /dev/null +++ b/www/mozilla-devel/files/patch-security_fix @@ -0,0 +1,97 @@ +Index: uriloader/base/nsDocLoader.cpp +=================================================================== +RCS file: /cvsroot/mozilla/uriloader/base/nsDocLoader.cpp,v +retrieving revision 3.251 +diff -u -r3.251 nsDocLoader.cpp +--- uriloader/base/nsDocLoader.cpp 17 Apr 2002 03:48:37 -0000 3.251 ++++ uriloader/base/nsDocLoader.cpp 30 Apr 2002 19:02:19 -0000 +@@ -1263,6 +1263,7 @@ + rv = aNewChannel->GetURI(getter_AddRefs(newURI)); + if (NS_FAILED(rv)) return rv; + ++#ifdef HTTP_DOESNT_CALL_CHECKLOADURI + // verify that this is a legal redirect + nsCOMPtr<nsIScriptSecurityManager> securityManager = + do_GetService(NS_SCRIPTSECURITYMANAGER_CONTRACTID, &rv); +@@ -1270,6 +1271,7 @@ + rv = securityManager->CheckLoadURI(oldURI, newURI, + nsIScriptSecurityManager::DISALLOW_FROM_MAIL); + if (NS_FAILED(rv)) return rv; ++#endif + + nsLoadFlags loadFlags = 0; + PRInt32 stateFlags = nsIWebProgressListener::STATE_REDIRECTING | +Index: netwerk/protocol/http/src/Makefile.in +=================================================================== +RCS file: /cvsroot/mozilla/netwerk/protocol/http/src/Makefile.in,v +retrieving revision 1.56 +diff -u -r1.56 Makefile.in +--- netwerk/protocol/http/src/Makefile.in 19 Apr 2002 22:25:18 -0000 1.56 ++++ netwerk/protocol/http/src/Makefile.in 30 Apr 2002 19:02:19 -0000 +@@ -36,6 +36,8 @@ + intl \ + exthandler \ + caps \ ++ xpconnect \ ++ js \ + $(NULL) + + CPPSRCS = \ +Index: netwerk/protocol/http/src/nsHttpChannel.cpp +=================================================================== +RCS file: /cvsroot/mozilla/netwerk/protocol/http/src/nsHttpChannel.cpp,v +retrieving revision 1.114 +diff -u -r1.114 nsHttpChannel.cpp +--- netwerk/protocol/http/src/nsHttpChannel.cpp 26 Apr 2002 22:50:50 -0000 1.114 ++++ netwerk/protocol/http/src/nsHttpChannel.cpp 30 Apr 2002 19:02:19 -0000 +@@ -34,6 +34,7 @@ + #include "nsISupportsPrimitives.h" + #include "nsIURL.h" + #include "nsIMIMEService.h" ++#include "nsIScriptSecurityManager.h" + #include "nsCExternalHandlerService.h" + #include "nsMimeTypes.h" + #include "nsNetUtil.h" +@@ -1465,6 +1466,15 @@ + rv = ioService->NewURI(nsDependentCString(location), nsnull, mURI, + getter_AddRefs(newURI)); + if (NS_FAILED(rv)) return rv; ++ ++ // verify that this is a legal redirect ++ nsCOMPtr<nsIScriptSecurityManager> securityManager = ++ do_GetService(NS_SCRIPTSECURITYMANAGER_CONTRACTID); ++ if (securityManager) { ++ rv = securityManager->CheckLoadURI(mURI, newURI, ++ nsIScriptSecurityManager::DISALLOW_FROM_MAIL); ++ if (NS_FAILED(rv)) return rv; ++ } + + // Kill the current cache entry if we are redirecting + // back to ourself. +--- htmlparser/src/CNavDTD.cpp.orig Sat May 4 00:32:17 2002 ++++ htmlparser/src/CNavDTD.cpp Sat May 4 01:14:59 2002 +@@ -473,14 +473,14 @@ + + nsresult result = NS_OK; + +- if (aTokenizer && mSink && aParser) { ++ if (aTokenizer && aParser) { + nsITokenizer* oldTokenizer = mTokenizer; + + mTokenizer = aTokenizer; + mParser = (nsParser*)aParser; + mTokenAllocator = mTokenizer->GetTokenAllocator(); + +- ++ if (mSink) { + if (mBodyContext->GetCount() == 0) { + CStartToken* theToken=nsnull; + if(ePlainText==mDocType) { +@@ -537,6 +537,7 @@ + } + }//while + mTokenizer = oldTokenizer; ++ } + } + + return result; |