gnu: icecat: Add several security fixes.

* gnu/packages/patches/icecat-CVE-2015-4477.patch, gnu/packages/patches/icecat-CVE-2015-7207.patch, gnu/packages/patches/icecat-CVE-2016-1952-pt01.patch, gnu/packages/patches/icecat-CVE-2016-1952-pt02.patch, gnu/packages/patches/icecat-CVE-2016-1952-pt03.patch, gnu/packages/patches/icecat-CVE-2016-1952-pt04.patch, gnu/packages/patches/icecat-CVE-2016-1952-pt05.patch, gnu/packages/patches/icecat-CVE-2016-1952-pt06.patch, gnu/packages/patches/icecat-CVE-2016-1954.patch, gnu/packages/patches/icecat-CVE-2016-1960.patch, gnu/packages/patches/icecat-CVE-2016-1961.patch, gnu/packages/patches/icecat-CVE-2016-1962.patch, gnu/packages/patches/icecat-CVE-2016-1964.patch, gnu/packages/patches/icecat-CVE-2016-1965.patch, gnu/packages/patches/icecat-CVE-2016-1966.patch, gnu/packages/patches/icecat-CVE-2016-1974.patch, gnu/packages/patches/icecat-bug-1248851.patch: New files. * gnu-system.am (dist_patch_DATA): Add them. * gnu/packages/gnuzilla.scm (icecat)[source]: Add patches.
author: Mark H Weaver <mhw@netris.org> 2016-03-10 02:57:05 -0500
committer: Mark H Weaver <mhw@netris.org> 2016-03-10 10:52:41 -0500
commit: c3499ad6b8cfdf1c6b09aa51f9f681a5be6c8962 (patch)
tree: 5013ce433bb697afc6086c4c4b1532cf57ea8bd5 /gnu/packages/patches/icecat-CVE-2016-1954.patch
parent: ec278439f3ff5dcd3d02c05099ba1724cc2459f1 (diff)
download: guix-c3499ad6b8cfdf1c6b09aa51f9f681a5be6c8962.tar.gz
1 files changed, 32 insertions, 0 deletions
diff --git a/gnu/packages/patches/icecat-CVE-2016-1954.patch b/gnu/packages/patches/icecat-CVE-2016-1954.patch
new file mode 100644
index 0000000000..bbb4b3217c
--- /dev/null
+++ b/gnu/packages/patches/icecat-CVE-2016-1954.patch
@@ -0,0 +1,32 @@
+Copied from upstream:
+https://hg.mozilla.org/releases/mozilla-esr38/raw-rev/a5c4c18849b4
+
+# HG changeset patch
+# User Christoph Kerschbaumer <mozilla@christophkerschbaumer.com>
+# Date 1456157874 28800
+# Node ID a5c4c18849b486ef8693e20421b69239a2cbe574
+# Parent  e93aeb25e2a44df8d22f5a065b4410620e2c8730
+Bug 1243178: CSP - Skip sending reports for non http schemes (r=dveditz) a=ritu
+
+diff --git a/dom/security/nsCSPContext.cpp b/dom/security/nsCSPContext.cpp
+--- a/dom/security/nsCSPContext.cpp
++++ b/dom/security/nsCSPContext.cpp
+@@ -798,16 +798,17 @@ nsCSPContext::SendReports(nsISupports* a
+       (NS_SUCCEEDED(reportURI->SchemeIs("https", &isHttpScheme)) && isHttpScheme);
+ 
+     if (!isHttpScheme) {
+       const char16_t* params[] = { reportURIs[r].get() };
+       CSP_LogLocalizedStr(NS_LITERAL_STRING("reportURInotHttpsOrHttp2").get(),
+                           params, ArrayLength(params),
+                           aSourceFile, aScriptSample, aLineNum, 0,
+                           nsIScriptError::errorFlag, "CSP", mInnerWindowID);
++      continue;
+     }
+ 
+     // make sure this is an anonymous request (no cookies) so in case the
+     // policy URI is injected, it can't be abused for CSRF.
+     nsLoadFlags flags;
+     rv = reportChannel->GetLoadFlags(&flags);
+     NS_ENSURE_SUCCESS(rv, rv);
+     flags |= nsIRequest::LOAD_ANONYMOUS;
+
author	Mark H Weaver <mhw@netris.org>	2016-03-10 02:57:05 -0500
committer	Mark H Weaver <mhw@netris.org>	2016-03-10 10:52:41 -0500
commit	c3499ad6b8cfdf1c6b09aa51f9f681a5be6c8962 (patch)
tree	5013ce433bb697afc6086c4c4b1532cf57ea8bd5 /gnu/packages/patches/icecat-CVE-2016-1954.patch
parent	ec278439f3ff5dcd3d02c05099ba1724cc2459f1 (diff)
download	guix-c3499ad6b8cfdf1c6b09aa51f9f681a5be6c8962.tar.gz