diff options
author | Mark H Weaver <mhw@netris.org> | 2015-08-12 17:41:15 -0400 |
---|---|---|
committer | Mark H Weaver <mhw@netris.org> | 2015-08-12 20:37:44 -0400 |
commit | c037a0f7ce79d8d67e08694ae20e407b1280d84e (patch) | |
tree | 60e6810db94ef46a96682ed2bd80acdec23b5fff /gnu/packages/patches/icecat-CVE-2015-4492.patch | |
parent | f74c577ce08399106a7ed4abe1b7d26e82fefd10 (diff) |
gnu: icecat: Add fixes for CVE-2015-{4473,4482,4488,4489,4491,4492}.
WARNING: CVE-2015-4473 may not be fully addressed here, because I was unable
to backport some of the patches (for upstream bugs 1182711 and 1146213). I
was also unable to backport CVE-2015-4484 (upstream bug 1171540) and
CVE-2015-4487 (upstream bug 1171603). I was unable to find any commit in the
upstream repository that claims to address bug 1105914 (CVE-2015-4478).
* gnu/packages/patches/icecat-CVE-2015-4473-partial.patch,
gnu/packages/patches/icecat-CVE-2015-4482.patch,
gnu/packages/patches/icecat-CVE-2015-4488.patch,
gnu/packages/patches/icecat-CVE-2015-4489.patch,
gnu/packages/patches/icecat-CVE-2015-4491.patch,
gnu/packages/patches/icecat-CVE-2015-4492.patch: New files.
* gnu-system.am (dist_patch_DATA): Add them.
* gnu/packages/gnuzilla.scm (icecat)[source]: Add patches.
Diffstat (limited to 'gnu/packages/patches/icecat-CVE-2015-4492.patch')
-rw-r--r-- | gnu/packages/patches/icecat-CVE-2015-4492.patch | 81 |
1 files changed, 81 insertions, 0 deletions
diff --git a/gnu/packages/patches/icecat-CVE-2015-4492.patch b/gnu/packages/patches/icecat-CVE-2015-4492.patch new file mode 100644 index 0000000000..5d401f5a32 --- /dev/null +++ b/gnu/packages/patches/icecat-CVE-2015-4492.patch @@ -0,0 +1,81 @@ +From 9d5f21ee3a754d20bca4513f55553ea6694a7b25 Mon Sep 17 00:00:00 2001 +From: Andrea Marchesini <amarchesini@mozilla.com> +Date: Wed, 29 Jul 2015 16:10:15 -0400 +Subject: [PATCH] Bug 1185820 - XMLHttpRequest::Open() in worker should count + the recursion using a uint32_t and not a boolean. r=khuey, a=lmandel + +--HG-- +extra : transplant_source : %8F%89%24%FF%A1%F7d%5B%BE%E9%FC3%C6%E1%AC%27r%5Eq%16 +extra : histedit_source : 5857f0cedf1cfb5361e6f404a094719814a2b415 +--- + dom/workers/XMLHttpRequest.cpp | 20 +++++++++++--------- + 1 file changed, 11 insertions(+), 9 deletions(-) + +diff --git a/dom/workers/XMLHttpRequest.cpp b/dom/workers/XMLHttpRequest.cpp +index aac97ab..7099279 100644 +--- a/dom/workers/XMLHttpRequest.cpp ++++ b/dom/workers/XMLHttpRequest.cpp +@@ -100,6 +100,7 @@ public: + // Only touched on the worker thread. + uint32_t mOuterEventStreamId; + uint32_t mOuterChannelId; ++ uint32_t mOpenCount; + uint64_t mLastLoaded; + uint64_t mLastTotal; + uint64_t mLastUploadLoaded; +@@ -109,7 +110,6 @@ public: + bool mLastUploadLengthComputable; + bool mSeenLoadStart; + bool mSeenUploadLoadStart; +- bool mOpening; + + // Only touched on the main thread. + bool mUploadEventListenersAttached; +@@ -122,10 +122,10 @@ public: + : mWorkerPrivate(nullptr), mXMLHttpRequestPrivate(aXHRPrivate), + mMozAnon(aMozAnon), mMozSystem(aMozSystem), + mInnerEventStreamId(0), mInnerChannelId(0), mOutstandingSendCount(0), +- mOuterEventStreamId(0), mOuterChannelId(0), mLastLoaded(0), mLastTotal(0), +- mLastUploadLoaded(0), mLastUploadTotal(0), mIsSyncXHR(false), ++ mOuterEventStreamId(0), mOuterChannelId(0), mOpenCount(0), mLastLoaded(0), ++ mLastTotal(0), mLastUploadLoaded(0), mLastUploadTotal(0), mIsSyncXHR(false), + mLastLengthComputable(false), mLastUploadLengthComputable(false), +- mSeenLoadStart(false), mSeenUploadLoadStart(false), mOpening(false), ++ mSeenLoadStart(false), mSeenUploadLoadStart(false), + mUploadEventListenersAttached(false), mMainThreadSeenLoadStart(false), + mInOpen(false), mArrayBufferResponseWasTransferred(false) + { } +@@ -1850,7 +1850,7 @@ XMLHttpRequest::SendInternal(const nsAString& aStringBody, + mWorkerPrivate->AssertIsOnWorkerThread(); + + // No send() calls when open is running. +- if (mProxy->mOpening) { ++ if (mProxy->mOpenCount) { + aRv.Throw(NS_ERROR_FAILURE); + return; + } +@@ -1945,15 +1945,17 @@ XMLHttpRequest::Open(const nsACString& aMethod, const nsAString& aUrl, + mBackgroundRequest, mWithCredentials, + mTimeout); + +- mProxy->mOpening = true; ++ ++mProxy->mOpenCount; + if (!runnable->Dispatch(mWorkerPrivate->GetJSContext())) { +- mProxy->mOpening = false; +- ReleaseProxy(); ++ if (!--mProxy->mOpenCount) { ++ ReleaseProxy(); ++ } ++ + aRv.Throw(NS_ERROR_FAILURE); + return; + } + +- mProxy->mOpening = false; ++ --mProxy->mOpenCount; + mProxy->mIsSyncXHR = !aAsync; + } + +-- +2.4.3 + |