From c3499ad6b8cfdf1c6b09aa51f9f681a5be6c8962 Mon Sep 17 00:00:00 2001 From: Mark H Weaver Date: Thu, 10 Mar 2016 02:57:05 -0500 Subject: gnu: icecat: Add several security fixes. * gnu/packages/patches/icecat-CVE-2015-4477.patch, gnu/packages/patches/icecat-CVE-2015-7207.patch, gnu/packages/patches/icecat-CVE-2016-1952-pt01.patch, gnu/packages/patches/icecat-CVE-2016-1952-pt02.patch, gnu/packages/patches/icecat-CVE-2016-1952-pt03.patch, gnu/packages/patches/icecat-CVE-2016-1952-pt04.patch, gnu/packages/patches/icecat-CVE-2016-1952-pt05.patch, gnu/packages/patches/icecat-CVE-2016-1952-pt06.patch, gnu/packages/patches/icecat-CVE-2016-1954.patch, gnu/packages/patches/icecat-CVE-2016-1960.patch, gnu/packages/patches/icecat-CVE-2016-1961.patch, gnu/packages/patches/icecat-CVE-2016-1962.patch, gnu/packages/patches/icecat-CVE-2016-1964.patch, gnu/packages/patches/icecat-CVE-2016-1965.patch, gnu/packages/patches/icecat-CVE-2016-1966.patch, gnu/packages/patches/icecat-CVE-2016-1974.patch, gnu/packages/patches/icecat-bug-1248851.patch: New files. * gnu-system.am (dist_patch_DATA): Add them. * gnu/packages/gnuzilla.scm (icecat)[source]: Add patches. --- gnu/packages/patches/icecat-CVE-2016-1966.patch | 36 +++++++++++++++++++++++++ 1 file changed, 36 insertions(+) create mode 100644 gnu/packages/patches/icecat-CVE-2016-1966.patch (limited to 'gnu/packages/patches/icecat-CVE-2016-1966.patch') diff --git a/gnu/packages/patches/icecat-CVE-2016-1966.patch b/gnu/packages/patches/icecat-CVE-2016-1966.patch new file mode 100644 index 0000000000..6bf5f9f95e --- /dev/null +++ b/gnu/packages/patches/icecat-CVE-2016-1966.patch @@ -0,0 +1,36 @@ +Copied from upstream: +https://hg.mozilla.org/releases/mozilla-esr38/raw-rev/291c2f31c48c + +# HG changeset patch +# User Nicholas Nethercote +# Date 1454650565 -39600 +# Node ID 291c2f31c48c7e96b1884b55273355970fa0fc30 +# Parent 11e6614756551cfd7291e73eefb90c52873a8480 +Bug 1246054 - Fix an erroneous nsNPObjWrapper assertion. r=froydnj. a=ritu + +diff --git a/dom/plugins/base/nsJSNPRuntime.cpp b/dom/plugins/base/nsJSNPRuntime.cpp +--- a/dom/plugins/base/nsJSNPRuntime.cpp ++++ b/dom/plugins/base/nsJSNPRuntime.cpp +@@ -1915,18 +1915,19 @@ nsNPObjWrapper::GetNewOrUsed(NPP npp, JS + // No existing JSObject, create one. + + JS::Rooted obj(cx, ::JS_NewObject(cx, js::Jsvalify(&sNPObjectJSWrapperClass))); + + if (generation != sNPObjWrappers.Generation()) { + // Reload entry if the JS_NewObject call caused a GC and reallocated + // the table (see bug 445229). This is guaranteed to succeed. + +- NS_ASSERTION(PL_DHashTableSearch(&sNPObjWrappers, npobj), +- "Hashtable didn't find what we just added?"); ++ entry = static_cast ++ (PL_DHashTableSearch(&sNPObjWrappers, npobj)); ++ NS_ASSERTION(entry, "Hashtable didn't find what we just added?"); + } + + if (!obj) { + // OOM? Remove the stale entry from the hash. + + PL_DHashTableRawRemove(&sNPObjWrappers, entry); + + return nullptr; + -- cgit 1.4.1