diff options
author | Mark H Weaver <mhw@netris.org> | 2015-07-04 05:22:49 -0400 |
---|---|---|
committer | Mark H Weaver <mhw@netris.org> | 2015-07-04 05:44:10 -0400 |
commit | 4463c0d2161f66c4ff0d52c50ff0a3a030686f1b (patch) | |
tree | 3f1aba42fd040420a2ee6964d6a5ec134adeb8be /gnu/packages/patches/icecat-CVE-2015-2722-pt1.patch | |
parent | 4cd86f5d52d6faac6668dc9853a5e5ecc9236ba9 (diff) | |
download | guix-4463c0d2161f66c4ff0d52c50ff0a3a030686f1b.tar.gz guix-4463c0d2161f66c4ff0d52c50ff0a3a030686f1b.zip |
gnu: icecat: Fix CVE-2015-{2722,2724,2728,2733,2735,2736,2738,2739,2740,2743}.
* gnu/packages/patches/icecat-CVE-2015-2722-pt1.patch,
gnu/packages/patches/icecat-CVE-2015-2722-pt2.patch,
gnu/packages/patches/icecat-CVE-2015-2724-pt1.patch,
gnu/packages/patches/icecat-CVE-2015-2724-pt2.patch,
gnu/packages/patches/icecat-CVE-2015-2724-pt3.patch,
gnu/packages/patches/icecat-CVE-2015-2724-pt4.patch,
gnu/packages/patches/icecat-CVE-2015-2728-pt1.patch,
gnu/packages/patches/icecat-CVE-2015-2728-pt2.patch,
gnu/packages/patches/icecat-CVE-2015-2733-pt1.patch,
gnu/packages/patches/icecat-CVE-2015-2733-pt2.patch,
gnu/packages/patches/icecat-CVE-2015-2735.patch,
gnu/packages/patches/icecat-CVE-2015-2736.patch,
gnu/packages/patches/icecat-CVE-2015-2738.patch,
gnu/packages/patches/icecat-CVE-2015-2739.patch,
gnu/packages/patches/icecat-CVE-2015-2740.patch,
gnu/packages/patches/icecat-CVE-2015-2743.patch: New files.
* gnu-system.am (dist_patch_DATA): Add them.
* gnu/packages/gnuzilla.scm (icecat)[source]: Add patches.
Diffstat (limited to 'gnu/packages/patches/icecat-CVE-2015-2722-pt1.patch')
-rw-r--r-- | gnu/packages/patches/icecat-CVE-2015-2722-pt1.patch | 77 |
1 files changed, 77 insertions, 0 deletions
diff --git a/gnu/packages/patches/icecat-CVE-2015-2722-pt1.patch b/gnu/packages/patches/icecat-CVE-2015-2722-pt1.patch new file mode 100644 index 0000000000..e2c44ccaf8 --- /dev/null +++ b/gnu/packages/patches/icecat-CVE-2015-2722-pt1.patch @@ -0,0 +1,77 @@ +From 7805485b75d06915bcb018b8fe5cb7de4ddebddb Mon Sep 17 00:00:00 2001 +From: Andrea Marchesini <amarchesini@mozilla.com> +Date: Wed, 27 May 2015 14:21:44 -0700 +Subject: [PATCH] Bug 1166924 part 0 r=bent a=lizzard + +--HG-- +extra : source : 36bf5bcceb272fc9e303996f8dfe7350984a5e96 +--- + dom/workers/XMLHttpRequest.cpp | 18 ++++++++++++++++-- + 1 file changed, 16 insertions(+), 2 deletions(-) + +diff --git a/dom/workers/XMLHttpRequest.cpp b/dom/workers/XMLHttpRequest.cpp +index 748fd39..8e4200a 100644 +--- a/dom/workers/XMLHttpRequest.cpp ++++ b/dom/workers/XMLHttpRequest.cpp +@@ -113,6 +113,7 @@ public: + bool mLastUploadLengthComputable; + bool mSeenLoadStart; + bool mSeenUploadLoadStart; ++ bool mOpening; + + // Only touched on the main thread. + bool mUploadEventListenersAttached; +@@ -127,7 +128,7 @@ public: + mOuterEventStreamId(0), mOuterChannelId(0), mLastLoaded(0), mLastTotal(0), + mLastUploadLoaded(0), mLastUploadTotal(0), mIsSyncXHR(false), + mLastLengthComputable(false), mLastUploadLengthComputable(false), +- mSeenLoadStart(false), mSeenUploadLoadStart(false), ++ mSeenLoadStart(false), mSeenUploadLoadStart(false), mOpening(false), + mUploadEventListenersAttached(false), mMainThreadSeenLoadStart(false), + mInOpen(false) + { } +@@ -1498,7 +1499,11 @@ SendRunnable::MainThreadRun() + variant = wvariant; + } + +- MOZ_ASSERT(!mProxy->mWorkerPrivate); ++ // Send() has been already called. ++ if (mProxy->mWorkerPrivate) { ++ return NS_ERROR_FAILURE; ++ } ++ + mProxy->mWorkerPrivate = mWorkerPrivate; + + MOZ_ASSERT(!mProxy->mSyncLoopTarget); +@@ -1789,6 +1794,12 @@ XMLHttpRequest::SendInternal(const nsAString& aStringBody, + { + mWorkerPrivate->AssertIsOnWorkerThread(); + ++ // No send() calls when open is running. ++ if (mProxy->mOpening) { ++ aRv.Throw(NS_ERROR_FAILURE); ++ return; ++ } ++ + bool hasUploadListeners = mUpload ? mUpload->HasListeners() : false; + + MaybePin(aRv); +@@ -1874,12 +1885,15 @@ XMLHttpRequest::Open(const nsACString& aMethod, const nsAString& aUrl, + mBackgroundRequest, mWithCredentials, + mTimeout); + ++ mProxy->mOpening = true; + if (!runnable->Dispatch(mWorkerPrivate->GetJSContext())) { + ReleaseProxy(); ++ mProxy->mOpening = false; + aRv.Throw(NS_ERROR_FAILURE); + return; + } + ++ mProxy->mOpening = false; + mProxy->mIsSyncXHR = !aAsync; + } + +-- +2.4.3 + |