From 24f89da8610768aeffdd3e19cefd4344a09d6989 Mon Sep 17 00:00:00 2001 From: marcus Date: Sun, 29 Mar 2009 16:00:48 +0000 Subject: Merge patches from Firefox Bugzilla to fix CVE-2009-1169. --- www/firefox-esr/Makefile | 2 +- www/firefox-esr/files/patch-ff-485217 | 27 +++++++++++++++++++++++ www/firefox-esr/files/patch-ff-485286 | 40 +++++++++++++++++++++++++++++++++++ 3 files changed, 68 insertions(+), 1 deletion(-) create mode 100644 www/firefox-esr/files/patch-ff-485217 create mode 100644 www/firefox-esr/files/patch-ff-485286 (limited to 'www/firefox-esr') diff --git a/www/firefox-esr/Makefile b/www/firefox-esr/Makefile index 98a2ca68ad91..146e7901e2d9 100644 --- a/www/firefox-esr/Makefile +++ b/www/firefox-esr/Makefile @@ -8,7 +8,7 @@ PORTNAME= firefox DISTVERSION= 2.0.0.20 -PORTREVISION= 4 +PORTREVISION= 5 PORTEPOCH= 1 CATEGORIES= www ipv6 MASTER_SITES= ${MASTER_SITE_MOZILLA_EXTENDED} diff --git a/www/firefox-esr/files/patch-ff-485217 b/www/firefox-esr/files/patch-ff-485217 new file mode 100644 index 000000000000..57b368857d9f --- /dev/null +++ b/www/firefox-esr/files/patch-ff-485217 @@ -0,0 +1,27 @@ +Bug 485217 - Pop the eval context before returning. r+sr=peterv + +diff --git a/extensions/transformiix/source/xslt/functions/txKeyFunctionCall.cpp b/extensions/transformiix/source/xslt/functions/txKeyFunctionCall.cpp +--- extensions/transformiix/source/xslt/functions/txKeyFunctionCall.cpp ++++ extensions/transformiix/source/xslt/functions/txKeyFunctionCall.cpp +@@ -408,20 +408,19 @@ nsresult txXSLKey::testNode(const txXPat + if (key->matchPattern->matches(aNode, &aEs)) { + txSingleNodeContext evalContext(aNode, &aEs); + nsresult rv = aEs.pushEvalContext(&evalContext); + NS_ENSURE_SUCCESS(rv, rv); + + nsRefPtr exprResult; + rv = key->useExpr->evaluate(&evalContext, + getter_AddRefs(exprResult)); ++ aEs.popEvalContext(); + NS_ENSURE_SUCCESS(rv, rv); + +- aEs.popEvalContext(); +- + if (exprResult->getResultType() == txAExprResult::NODESET) { + txNodeSet* res = NS_STATIC_CAST(txNodeSet*, + NS_STATIC_CAST(txAExprResult*, + exprResult)); + PRInt32 i; + for (i = 0; i < res->size(); ++i) { + val.Truncate(); + txXPathNodeUtils::appendNodeValue(res->get(i), val); diff --git a/www/firefox-esr/files/patch-ff-485286 b/www/firefox-esr/files/patch-ff-485286 new file mode 100644 index 000000000000..1ec049793617 --- /dev/null +++ b/www/firefox-esr/files/patch-ff-485286 @@ -0,0 +1,40 @@ +Bug 485286 - Allocate all of these consistently. r+sr=peterv/sicking a=ss + +diff --git a/extensions/transformiix/source/xslt/functions/txKeyFunctionCall.cpp b/extensions/transformiix/source/xslt/functions/txKeyFunctionCall.cpp +--- extensions/transformiix/source/xslt/functions/txKeyFunctionCall.cpp ++++ extensions/transformiix/source/xslt/functions/txKeyFunctionCall.cpp +@@ -401,26 +401,30 @@ nsresult txXSLKey::testNode(const txXPat + txExecutionState& aEs) + { + nsAutoString val; + txListIterator iter(&mKeys); + while (iter.hasNext()) + { + Key* key = (Key*)iter.next(); + if (key->matchPattern->matches(aNode, &aEs)) { +- txSingleNodeContext evalContext(aNode, &aEs); +- nsresult rv = aEs.pushEvalContext(&evalContext); ++ txSingleNodeContext *evalContext = ++ new txSingleNodeContext(aNode, &aEs); ++ NS_ENSURE_TRUE(evalContext, NS_ERROR_OUT_OF_MEMORY); ++ ++ nsresult rv = aEs.pushEvalContext(evalContext); + NS_ENSURE_SUCCESS(rv, rv); + + nsRefPtr exprResult; +- rv = key->useExpr->evaluate(&evalContext, ++ rv = key->useExpr->evaluate(evalContext, + getter_AddRefs(exprResult)); +- aEs.popEvalContext(); + NS_ENSURE_SUCCESS(rv, rv); + ++ delete aEs.popEvalContext(); ++ + if (exprResult->getResultType() == txAExprResult::NODESET) { + txNodeSet* res = NS_STATIC_CAST(txNodeSet*, + NS_STATIC_CAST(txAExprResult*, + exprResult)); + PRInt32 i; + for (i = 0; i < res->size(); ++i) { + val.Truncate(); + txXPathNodeUtils::appendNodeValue(res->get(i), val); -- cgit