gnu: icecat: Fix CVE-2015-{2722,2724,2728,2733,2735,2736,2738,2739,2740,2743}.

* gnu/packages/patches/icecat-CVE-2015-2722-pt1.patch, gnu/packages/patches/icecat-CVE-2015-2722-pt2.patch, gnu/packages/patches/icecat-CVE-2015-2724-pt1.patch, gnu/packages/patches/icecat-CVE-2015-2724-pt2.patch, gnu/packages/patches/icecat-CVE-2015-2724-pt3.patch, gnu/packages/patches/icecat-CVE-2015-2724-pt4.patch, gnu/packages/patches/icecat-CVE-2015-2728-pt1.patch, gnu/packages/patches/icecat-CVE-2015-2728-pt2.patch, gnu/packages/patches/icecat-CVE-2015-2733-pt1.patch, gnu/packages/patches/icecat-CVE-2015-2733-pt2.patch, gnu/packages/patches/icecat-CVE-2015-2735.patch, gnu/packages/patches/icecat-CVE-2015-2736.patch, gnu/packages/patches/icecat-CVE-2015-2738.patch, gnu/packages/patches/icecat-CVE-2015-2739.patch, gnu/packages/patches/icecat-CVE-2015-2740.patch, gnu/packages/patches/icecat-CVE-2015-2743.patch: New files. * gnu-system.am (dist_patch_DATA): Add them. * gnu/packages/gnuzilla.scm (icecat)[source]: Add patches.
author: Mark H Weaver <mhw@netris.org> 2015-07-04 05:22:49 -0400
committer: Mark H Weaver <mhw@netris.org> 2015-07-04 05:44:10 -0400
commit: 4463c0d2161f66c4ff0d52c50ff0a3a030686f1b (patch)
tree: 3f1aba42fd040420a2ee6964d6a5ec134adeb8be /gnu/packages/patches/icecat-CVE-2015-2728-pt1.patch
parent: 4cd86f5d52d6faac6668dc9853a5e5ecc9236ba9 (diff)
download: guix-4463c0d2161f66c4ff0d52c50ff0a3a030686f1b.tar.gz
1 files changed, 95 insertions, 0 deletions
diff --git a/gnu/packages/patches/icecat-CVE-2015-2728-pt1.patch b/gnu/packages/patches/icecat-CVE-2015-2728-pt1.patch
new file mode 100644
index 0000000000..8bcae6177a
--- /dev/null
+++ b/gnu/packages/patches/icecat-CVE-2015-2728-pt1.patch
@@ -0,0 +1,95 @@
+From 81ce99255a0ef65c98eaac300d90c1dc161efc54 Mon Sep 17 00:00:00 2001
+From: Ben Turner <bent.mozilla@gmail.com>
+Date: Tue, 9 Jun 2015 09:46:58 -0400
+Subject: [PATCH] Bug 1142210. r=khuey, a=dveditz CLOSED TREE
+
+--HG--
+extra : amend_source : 5626188ba4b79f7c25286d4f29c63dc387e63c75
+extra : transplant_source : %F0%A1%D6F%E6%1B%1FJO%BFH%29%FFo%97%2A%89%03%ECm
+---
+ dom/indexedDB/IDBRequest.cpp             |  5 +++++
+ dom/indexedDB/IDBRequest.h               |  3 +++
+ dom/indexedDB/IndexedDatabaseManager.cpp | 22 +++++++++++++++++-----
+ 3 files changed, 25 insertions(+), 5 deletions(-)
+
+diff --git a/dom/indexedDB/IDBRequest.cpp b/dom/indexedDB/IDBRequest.cpp
+index 36e8a96..695f2ee 100644
+--- a/dom/indexedDB/IDBRequest.cpp
++++ b/dom/indexedDB/IDBRequest.cpp
+@@ -35,6 +35,8 @@
+ 
+ namespace {
+ 
++NS_DEFINE_IID(kIDBRequestIID, PRIVATE_IDBREQUEST_IID);
++
+ #ifdef MOZ_ENABLE_PROFILER_SPS
+ uint64_t gNextRequestSerialNumber = 1;
+ #endif
+@@ -382,6 +384,9 @@ NS_IMPL_CYCLE_COLLECTION_TRACE_BEGIN_INHERITED(IDBRequest, IDBWrapperCache)
+ NS_IMPL_CYCLE_COLLECTION_TRACE_END
+ 
+ NS_INTERFACE_MAP_BEGIN_CYCLE_COLLECTION_INHERITED(IDBRequest)
++  if (aIID.Equals(kIDBRequestIID)) {
++    foundInterface = this;
++  } else
+ NS_INTERFACE_MAP_END_INHERITING(IDBWrapperCache)
+ 
+ NS_IMPL_ADDREF_INHERITED(IDBRequest, IDBWrapperCache)
+diff --git a/dom/indexedDB/IDBRequest.h b/dom/indexedDB/IDBRequest.h
+index c835ae8..c8d1081 100644
+--- a/dom/indexedDB/IDBRequest.h
++++ b/dom/indexedDB/IDBRequest.h
+@@ -19,6 +19,9 @@
+ 
+ #include "mozilla/dom/indexedDB/IDBWrapperCache.h"
+ 
++#define PRIVATE_IDBREQUEST_IID \
++  {0xe68901e5, 0x1d50, 0x4ee9, {0xaf, 0x49, 0x90, 0x99, 0x4a, 0xff, 0xc8, 0x39}}
++
+ class nsIScriptContext;
+ class nsPIDOMWindow;
+ 
+diff --git a/dom/indexedDB/IndexedDatabaseManager.cpp b/dom/indexedDB/IndexedDatabaseManager.cpp
+index 466d0ff..820dfa6 100644
+--- a/dom/indexedDB/IndexedDatabaseManager.cpp
++++ b/dom/indexedDB/IndexedDatabaseManager.cpp
+@@ -318,19 +318,31 @@ IndexedDatabaseManager::FireWindowOnError(nsPIDOMWindow* aOwner,
+     return NS_OK;
+   }
+ 
++  Event* internalEvent = aVisitor.mDOMEvent->InternalDOMEvent();
++  MOZ_ASSERT(internalEvent);
++
++  if (!internalEvent->IsTrusted()) {
++    return NS_OK;
++  }
++
+   nsString type;
+-  nsresult rv = aVisitor.mDOMEvent->GetType(type);
++  nsresult rv = internalEvent->GetType(type);
+   NS_ENSURE_SUCCESS(rv, rv);
+ 
+   if (!type.EqualsLiteral(ERROR_EVT_STR)) {
+     return NS_OK;
+   }
+ 
+-  nsCOMPtr<EventTarget> eventTarget =
+-    aVisitor.mDOMEvent->InternalDOMEvent()->GetTarget();
++  nsCOMPtr<EventTarget> eventTarget = internalEvent->GetTarget();
++  MOZ_ASSERT(eventTarget);
+ 
+-  IDBRequest* request = static_cast<IDBRequest*>(eventTarget.get());
+-  NS_ENSURE_TRUE(request, NS_ERROR_UNEXPECTED);
++  // Only mess with events that were originally targeted to an IDBRequest.
++  nsRefPtr<IDBRequest> request;
++  if (NS_FAILED(eventTarget->QueryInterface(kIDBRequestIID,
++                                            getter_AddRefs(request))) ||
++      !request) {
++    return NS_OK;
++  }
+ 
+   ErrorResult ret;
+   nsRefPtr<DOMError> error = request->GetError(ret);
+-- 
+2.4.3
+
author	Mark H Weaver <mhw@netris.org>	2015-07-04 05:22:49 -0400
committer	Mark H Weaver <mhw@netris.org>	2015-07-04 05:44:10 -0400
commit	4463c0d2161f66c4ff0d52c50ff0a3a030686f1b (patch)
tree	3f1aba42fd040420a2ee6964d6a5ec134adeb8be /gnu/packages/patches/icecat-CVE-2015-2728-pt1.patch
parent	4cd86f5d52d6faac6668dc9853a5e5ecc9236ba9 (diff)
download	guix-4463c0d2161f66c4ff0d52c50ff0a3a030686f1b.tar.gz