diff options
author | Mark H Weaver <mhw@netris.org> | 2016-01-28 00:22:49 -0500 |
---|---|---|
committer | Mark H Weaver <mhw@netris.org> | 2016-01-28 00:34:20 -0500 |
commit | 29a780147d066d5ce218d1fa2678a0a36a1145e3 (patch) | |
tree | 447a0dd62011ec61c4fb5b39a72612e24ae3bdf6 /gnu/packages/patches/icecat-CVE-2016-1930-pt07.patch | |
parent | a394c60aa381d2284e382b48af990b6bdc5f33b4 (diff) | |
download | guix-29a780147d066d5ce218d1fa2678a0a36a1145e3.tar.gz |
gnu: icecat: Add fixes for CVE-2016-{1930,1935} and other bugs.
* gnu/packages/patches/icecat-CVE-2016-1930-pt01.patch, gnu/packages/patches/icecat-CVE-2016-1930-pt02.patch, gnu/packages/patches/icecat-CVE-2016-1930-pt03.patch, gnu/packages/patches/icecat-CVE-2016-1930-pt04.patch, gnu/packages/patches/icecat-CVE-2016-1930-pt05.patch, gnu/packages/patches/icecat-CVE-2016-1930-pt06.patch, gnu/packages/patches/icecat-CVE-2016-1930-pt07.patch, gnu/packages/patches/icecat-CVE-2016-1930-pt08.patch, gnu/packages/patches/icecat-CVE-2016-1930-pt09.patch, gnu/packages/patches/icecat-CVE-2016-1930-pt10.patch, gnu/packages/patches/icecat-CVE-2016-1930-pt11.patch, gnu/packages/patches/icecat-CVE-2016-1930-pt12.patch, gnu/packages/patches/icecat-CVE-2016-1930-pt13.patch, gnu/packages/patches/icecat-CVE-2016-1930-pt14.patch, gnu/packages/patches/icecat-CVE-2016-1930-pt15.patch, gnu/packages/patches/icecat-CVE-2016-1935.patch, gnu/packages/patches/icecat-bug-1146335-pt1.patch, gnu/packages/patches/icecat-bug-1146335-pt2.patch, gnu/packages/patches/icecat-limit-max-buffers-size-for-ANGLE.patch: New files. * gnu-system.am (dist_patch_DATA): Add them. * gnu/packages/gnuzilla.scm (icecat)[source]: Add patches.
Diffstat (limited to 'gnu/packages/patches/icecat-CVE-2016-1930-pt07.patch')
-rw-r--r-- | gnu/packages/patches/icecat-CVE-2016-1930-pt07.patch | 56 |
1 files changed, 56 insertions, 0 deletions
diff --git a/gnu/packages/patches/icecat-CVE-2016-1930-pt07.patch b/gnu/packages/patches/icecat-CVE-2016-1930-pt07.patch new file mode 100644 index 0000000000..4f349747c0 --- /dev/null +++ b/gnu/packages/patches/icecat-CVE-2016-1930-pt07.patch @@ -0,0 +1,56 @@ +Copied from: https://hg.mozilla.org/releases/mozilla-esr38/rev/750e4cfc90f8 +Security advisory: https://www.mozilla.org/en-US/security/advisories/mfsa2016-01/ +Mozilla Bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1233152 + +# HG changeset patch +# User Jan de Mooij <jdemooij@mozilla.com> +# Date 1451478493 -3600 +# Node ID 750e4cfc90f80df657e44c9c63b1865023d88682 +# Parent 93617c30c0df35f719dead526b78649d564f5ac3 +Bug 1233152 - Use PersistentRooted for ParseTask script and sourceObject. r=terrence a=abillings + +diff --git a/js/src/vm/HelperThreads.cpp b/js/src/vm/HelperThreads.cpp +--- a/js/src/vm/HelperThreads.cpp ++++ b/js/src/vm/HelperThreads.cpp +@@ -198,17 +198,17 @@ static const JSClass parseTaskGlobalClas + + ParseTask::ParseTask(ExclusiveContext* cx, JSObject* exclusiveContextGlobal, JSContext* initCx, + const char16_t* chars, size_t length, + JS::OffThreadCompileCallback callback, void* callbackData) + : cx(cx), options(initCx), chars(chars), length(length), + alloc(JSRuntime::TEMP_LIFO_ALLOC_PRIMARY_CHUNK_SIZE), + exclusiveContextGlobal(initCx, exclusiveContextGlobal), + callback(callback), callbackData(callbackData), +- script(nullptr), errors(cx), overRecursed(false) ++ script(initCx->runtime(), nullptr), errors(cx), overRecursed(false) + { + } + + bool + ParseTask::init(JSContext* cx, const ReadOnlyCompileOptions& options) + { + if (!this->options.copy(cx, options)) + return false; +diff --git a/js/src/vm/HelperThreads.h b/js/src/vm/HelperThreads.h +--- a/js/src/vm/HelperThreads.h ++++ b/js/src/vm/HelperThreads.h +@@ -472,17 +472,17 @@ struct ParseTask + + // Callback invoked off the main thread when the parse finishes. + JS::OffThreadCompileCallback callback; + void* callbackData; + + // Holds the final script between the invocation of the callback and the + // point where FinishOffThreadScript is called, which will destroy the + // ParseTask. +- JSScript* script; ++ PersistentRootedScript script; + + // Any errors or warnings produced during compilation. These are reported + // when finishing the script. + Vector<frontend::CompileError*> errors; + bool overRecursed; + + ParseTask(ExclusiveContext* cx, JSObject* exclusiveContextGlobal, + JSContext* initCx, const char16_t* chars, size_t length, + |