summary refs log tree commit diff
path: root/gnu/packages/patches/icecat-CVE-2015-0816.patch
diff options
context:
space:
mode:
Diffstat (limited to 'gnu/packages/patches/icecat-CVE-2015-0816.patch')
-rw-r--r--gnu/packages/patches/icecat-CVE-2015-0816.patch76
1 files changed, 0 insertions, 76 deletions
diff --git a/gnu/packages/patches/icecat-CVE-2015-0816.patch b/gnu/packages/patches/icecat-CVE-2015-0816.patch
deleted file mode 100644
index 5632e37eb3..0000000000
--- a/gnu/packages/patches/icecat-CVE-2015-0816.patch
+++ /dev/null
@@ -1,76 +0,0 @@
-From ae49ed04f54c2f78d6ba7e545e0099602a3270fa Mon Sep 17 00:00:00 2001
-From: Boris Zbarsky <bzbarsky@mit.edu>
-Date: Thu, 19 Mar 2015 18:58:44 -0400
-Subject: [PATCH] Bug 1144991 - Be a bit more restrictive about when a
- URI_IS_UI_RESOURCE source is allowed to link to a URI_IS_UI_RESOURCE URI that
- doesn't have the same scheme. r=bholley, a=abillings
-
----
- caps/src/nsScriptSecurityManager.cpp | 38 +++++++++++++++++++++++++-----------
- 1 file changed, 27 insertions(+), 11 deletions(-)
-
-diff --git a/caps/src/nsScriptSecurityManager.cpp b/caps/src/nsScriptSecurityManager.cpp
-index 3587358..6577b95 100644
---- a/caps/src/nsScriptSecurityManager.cpp
-+++ b/caps/src/nsScriptSecurityManager.cpp
-@@ -770,12 +770,31 @@ nsScriptSecurityManager::CheckLoadURIWithPrincipal(nsIPrincipal* aPrincipal,
-     NS_ENSURE_SUCCESS(rv, rv);
-     if (hasFlags) {
-         if (aFlags & nsIScriptSecurityManager::ALLOW_CHROME) {
-+
-+            // For now, don't change behavior for resource:// or moz-icon:// and
-+            // just allow them.
-             if (!targetScheme.EqualsLiteral("chrome")) {
--                // for now don't change behavior for resource: or moz-icon:
-                 return NS_OK;
-             }
- 
--            // allow load only if chrome package is whitelisted
-+            // Allow a URI_IS_UI_RESOURCE source to link to a URI_IS_UI_RESOURCE
-+            // target if ALLOW_CHROME is set.
-+            //
-+            // ALLOW_CHROME is a flag that we pass on all loads _except_ docshell
-+            // loads (since docshell loads run the loaded content with its origin
-+            // principal). So we're effectively allowing resource://, chrome://,
-+            // and moz-icon:// source URIs to load resource://, chrome://, and
-+            // moz-icon:// files, so long as they're not loading it as a document.
-+            bool sourceIsUIResource;
-+            rv = NS_URIChainHasFlags(sourceBaseURI,
-+                                     nsIProtocolHandler::URI_IS_UI_RESOURCE,
-+                                     &sourceIsUIResource);
-+            NS_ENSURE_SUCCESS(rv, rv);
-+            if (sourceIsUIResource) {
-+                return NS_OK;
-+            }
-+
-+            // Allow the load only if the chrome package is whitelisted.
-             nsCOMPtr<nsIXULChromeRegistry> reg(do_GetService(
-                                                  NS_CHROMEREGISTRY_CONTRACTID));
-             if (reg) {
-@@ -787,17 +806,14 @@ nsScriptSecurityManager::CheckLoadURIWithPrincipal(nsIPrincipal* aPrincipal,
-             }
-         }
- 
--        // resource: and chrome: are equivalent, securitywise
--        // That's bogus!!  Fix this.  But watch out for
--        // the view-source stylesheet?
--        bool sourceIsChrome;
--        rv = NS_URIChainHasFlags(sourceBaseURI,
--                                 nsIProtocolHandler::URI_IS_UI_RESOURCE,
--                                 &sourceIsChrome);
--        NS_ENSURE_SUCCESS(rv, rv);
--        if (sourceIsChrome) {
-+        // Special-case the hidden window: it's allowed to load
-+        // URI_IS_UI_RESOURCE no matter what.  Bug 1145470 tracks removing this.
-+        nsAutoCString sourceSpec;
-+        if (NS_SUCCEEDED(sourceBaseURI->GetSpec(sourceSpec)) &&
-+            sourceSpec.EqualsLiteral("resource://gre-resources/hiddenWindow.html")) {
-             return NS_OK;
-         }
-+
-         if (reportErrors) {
-             ReportError(nullptr, errorTag, sourceURI, aTargetURI);
-         }
--- 
-2.2.1
-