aboutsummaryrefslogtreecommitdiff
path: root/gnu/packages/patches/icecat-CVE-2015-2722-pt1.patch
diff options
context:
space:
mode:
authorMark H Weaver <mhw@netris.org>2015-07-04 05:22:49 -0400
committerMark H Weaver <mhw@netris.org>2015-07-04 05:44:10 -0400
commit4463c0d2161f66c4ff0d52c50ff0a3a030686f1b (patch)
tree3f1aba42fd040420a2ee6964d6a5ec134adeb8be /gnu/packages/patches/icecat-CVE-2015-2722-pt1.patch
parent4cd86f5d52d6faac6668dc9853a5e5ecc9236ba9 (diff)
downloadguix-4463c0d2161f66c4ff0d52c50ff0a3a030686f1b.tar.gz
guix-4463c0d2161f66c4ff0d52c50ff0a3a030686f1b.zip
gnu: icecat: Fix CVE-2015-{2722,2724,2728,2733,2735,2736,2738,2739,2740,2743}.
* gnu/packages/patches/icecat-CVE-2015-2722-pt1.patch, gnu/packages/patches/icecat-CVE-2015-2722-pt2.patch, gnu/packages/patches/icecat-CVE-2015-2724-pt1.patch, gnu/packages/patches/icecat-CVE-2015-2724-pt2.patch, gnu/packages/patches/icecat-CVE-2015-2724-pt3.patch, gnu/packages/patches/icecat-CVE-2015-2724-pt4.patch, gnu/packages/patches/icecat-CVE-2015-2728-pt1.patch, gnu/packages/patches/icecat-CVE-2015-2728-pt2.patch, gnu/packages/patches/icecat-CVE-2015-2733-pt1.patch, gnu/packages/patches/icecat-CVE-2015-2733-pt2.patch, gnu/packages/patches/icecat-CVE-2015-2735.patch, gnu/packages/patches/icecat-CVE-2015-2736.patch, gnu/packages/patches/icecat-CVE-2015-2738.patch, gnu/packages/patches/icecat-CVE-2015-2739.patch, gnu/packages/patches/icecat-CVE-2015-2740.patch, gnu/packages/patches/icecat-CVE-2015-2743.patch: New files. * gnu-system.am (dist_patch_DATA): Add them. * gnu/packages/gnuzilla.scm (icecat)[source]: Add patches.
Diffstat (limited to 'gnu/packages/patches/icecat-CVE-2015-2722-pt1.patch')
-rw-r--r--gnu/packages/patches/icecat-CVE-2015-2722-pt1.patch77
1 files changed, 77 insertions, 0 deletions
diff --git a/gnu/packages/patches/icecat-CVE-2015-2722-pt1.patch b/gnu/packages/patches/icecat-CVE-2015-2722-pt1.patch
new file mode 100644
index 0000000000..e2c44ccaf8
--- /dev/null
+++ b/gnu/packages/patches/icecat-CVE-2015-2722-pt1.patch
@@ -0,0 +1,77 @@
+From 7805485b75d06915bcb018b8fe5cb7de4ddebddb Mon Sep 17 00:00:00 2001
+From: Andrea Marchesini <amarchesini@mozilla.com>
+Date: Wed, 27 May 2015 14:21:44 -0700
+Subject: [PATCH] Bug 1166924 part 0 r=bent a=lizzard
+
+--HG--
+extra : source : 36bf5bcceb272fc9e303996f8dfe7350984a5e96
+---
+ dom/workers/XMLHttpRequest.cpp | 18 ++++++++++++++++--
+ 1 file changed, 16 insertions(+), 2 deletions(-)
+
+diff --git a/dom/workers/XMLHttpRequest.cpp b/dom/workers/XMLHttpRequest.cpp
+index 748fd39..8e4200a 100644
+--- a/dom/workers/XMLHttpRequest.cpp
++++ b/dom/workers/XMLHttpRequest.cpp
+@@ -113,6 +113,7 @@ public:
+ bool mLastUploadLengthComputable;
+ bool mSeenLoadStart;
+ bool mSeenUploadLoadStart;
++ bool mOpening;
+
+ // Only touched on the main thread.
+ bool mUploadEventListenersAttached;
+@@ -127,7 +128,7 @@ public:
+ mOuterEventStreamId(0), mOuterChannelId(0), mLastLoaded(0), mLastTotal(0),
+ mLastUploadLoaded(0), mLastUploadTotal(0), mIsSyncXHR(false),
+ mLastLengthComputable(false), mLastUploadLengthComputable(false),
+- mSeenLoadStart(false), mSeenUploadLoadStart(false),
++ mSeenLoadStart(false), mSeenUploadLoadStart(false), mOpening(false),
+ mUploadEventListenersAttached(false), mMainThreadSeenLoadStart(false),
+ mInOpen(false)
+ { }
+@@ -1498,7 +1499,11 @@ SendRunnable::MainThreadRun()
+ variant = wvariant;
+ }
+
+- MOZ_ASSERT(!mProxy->mWorkerPrivate);
++ // Send() has been already called.
++ if (mProxy->mWorkerPrivate) {
++ return NS_ERROR_FAILURE;
++ }
++
+ mProxy->mWorkerPrivate = mWorkerPrivate;
+
+ MOZ_ASSERT(!mProxy->mSyncLoopTarget);
+@@ -1789,6 +1794,12 @@ XMLHttpRequest::SendInternal(const nsAString& aStringBody,
+ {
+ mWorkerPrivate->AssertIsOnWorkerThread();
+
++ // No send() calls when open is running.
++ if (mProxy->mOpening) {
++ aRv.Throw(NS_ERROR_FAILURE);
++ return;
++ }
++
+ bool hasUploadListeners = mUpload ? mUpload->HasListeners() : false;
+
+ MaybePin(aRv);
+@@ -1874,12 +1885,15 @@ XMLHttpRequest::Open(const nsACString& aMethod, const nsAString& aUrl,
+ mBackgroundRequest, mWithCredentials,
+ mTimeout);
+
++ mProxy->mOpening = true;
+ if (!runnable->Dispatch(mWorkerPrivate->GetJSContext())) {
+ ReleaseProxy();
++ mProxy->mOpening = false;
+ aRv.Throw(NS_ERROR_FAILURE);
+ return;
+ }
+
++ mProxy->mOpening = false;
+ mProxy->mIsSyncXHR = !aAsync;
+ }
+
+--
+2.4.3
+