[pkgsrc/pkgsrc-2005Q1]: pkgsrc/www Pullup ticket 435 - requested by Shin'ichi...

[salo <salo%pkgsrc.org@localhost>]

details:   https://anonhg.NetBSD.org/pkgsrc/rev/a231ed42ef48
branches:  pkgsrc-2005Q1
changeset: 490935:a231ed42ef48
user:      salo <salo%pkgsrc.org@localhost>
date:      Fri Apr 08 10:53:14 2005 +0000

description:
Pullup ticket 435 - requested by Shin'ichiro TAYA
security fix for mozilla

Revisions pulled up:
- pkgsrc/www/mozilla/Makefile                           1.143
- pkgsrc/www/mozilla/distinfo                           1.74
- pkgsrc/www/mozilla-gtk2/Makefile                      1.20
- pkgsrc/www/mozilla/patches/patch-bugzilla288688       1.1

   Module Name:         pkgsrc
   Committed By:        taya
   Date:                Thu Apr  7 23:48:36 UTC 2005

   Modified Files:
        pkgsrc/www/mozilla: Makefile distinfo
        pkgsrc/www/mozilla-gtk2: Makefile
   Added Files:
        pkgsrc/www/mozilla/patches: patch-bugzilla288688

   Log Message:
   Add security fix to mozilla & mozilla-gtk2.
   fixes "Mozilla Firefox JavaScript Engine Information Disclosure
   Vulnerability"
   See following pages for detail.

   http://secunia.com/advisories/14820/
   https://bugzilla.mozilla.org/show_bug.cgi?id=288688

   Bump PKGREVISION.

diffstat:

 www/mozilla-gtk2/Makefile                |   3 +-
 www/mozilla/Makefile                     |   3 +-
 www/mozilla/distinfo                     |   3 +-
 www/mozilla/patches/patch-bugzilla288688 |  38 ++++++++++++++++++++++++++++++++
 4 files changed, 44 insertions(+), 3 deletions(-)

diffs (87 lines):

diff -r e1d5c5b400c3 -r a231ed42ef48 www/mozilla-gtk2/Makefile
--- a/www/mozilla-gtk2/Makefile Thu Apr 07 18:36:59 2005 +0000
+++ b/www/mozilla-gtk2/Makefile Fri Apr 08 10:53:14 2005 +0000
@@ -1,8 +1,9 @@
-# $NetBSD: Makefile,v 1.16.2.1 2005/03/27 05:32:19 snj Exp $
+# $NetBSD: Makefile,v 1.16.2.2 2005/04/08 10:53:14 salo Exp $
 
 MOZILLA=       mozilla-gtk2
 MOZILLA_BIN=   mozilla-bin
 MOZ_VER=       1.7.6
+PKGREVISION=   1
 EXTRACT_SUFX=  .tar.bz2
 
 DISTFILES=     ${DISTNAME}${EXTRACT_SUFX}
diff -r e1d5c5b400c3 -r a231ed42ef48 www/mozilla/Makefile
--- a/www/mozilla/Makefile      Thu Apr 07 18:36:59 2005 +0000
+++ b/www/mozilla/Makefile      Fri Apr 08 10:53:14 2005 +0000
@@ -1,8 +1,9 @@
-# $NetBSD: Makefile,v 1.141.2.1 2005/03/27 05:32:19 snj Exp $
+# $NetBSD: Makefile,v 1.141.2.2 2005/04/08 10:53:14 salo Exp $
 
 MOZILLA=       mozilla
 MOZILLA_BIN=   mozilla-bin
 MOZ_VER=       1.7.6
+PKGREVISION=   1
 EXTRACT_SUFX=  .tar.bz2
 
 DISTFILES=     ${DISTNAME}${EXTRACT_SUFX}
diff -r e1d5c5b400c3 -r a231ed42ef48 www/mozilla/distinfo
--- a/www/mozilla/distinfo      Thu Apr 07 18:36:59 2005 +0000
+++ b/www/mozilla/distinfo      Fri Apr 08 10:53:14 2005 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.72.2.1 2005/03/27 05:32:19 snj Exp $
+$NetBSD: distinfo,v 1.72.2.2 2005/04/08 10:53:14 salo Exp $
 
 SHA1 (mozilla-source-1.7.6.tar.bz2) = 3c47a28173c912098ab37d3fc844451320463d00
 RMD160 (mozilla-source-1.7.6.tar.bz2) = 3352d9a67213664bbe72bf1075420837028b3db4
@@ -28,6 +28,7 @@
 SHA1 (patch-bs) = fb9f8f13ce481c04a0f7ecfd0ad4d8016cddc2e4
 SHA1 (patch-bt) = 70746626648624b38cc6e8795eb9c061be992342
 SHA1 (patch-bu) = db33b8651e3cb1fbf9a18dbe78e1e8288cfda0ee
+SHA1 (patch-bugzilla288688) = cebe5ad483a4cfcd55c6be0f0823b75ed1bd4aba
 SHA1 (patch-bv) = 4f23dfd885131ea866f31370f1421e7c19706860
 SHA1 (patch-bw) = fc3a518d3762be6e85104a6dc7fffd5ae1a463c8
 SHA1 (patch-bx) = 046e19c9c4b431369411658373b14c1822841d85
diff -r e1d5c5b400c3 -r a231ed42ef48 www/mozilla/patches/patch-bugzilla288688
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/www/mozilla/patches/patch-bugzilla288688  Fri Apr 08 10:53:14 2005 +0000
@@ -0,0 +1,38 @@
+$NetBSD: patch-bugzilla288688,v 1.1.2.2 2005/04/08 10:53:14 salo Exp $
+
+diff -ru ../Orig/mozilla/js/src/jsstr.c ./js/src/jsstr.c
+--- ../Orig/mozilla/js/src/jsstr.c     2003-12-22 15:13:07.000000000 +0900
++++ ./js/src/jsstr.c   2005-04-06 23:33:09.000000000 +0900
+@@ -1378,11 +1378,17 @@
+         JSBool ok;
+ 
+         /*
+-         * Save the rightContext from the current regexp, since it
+-         * gets stuck at the end of the replacement string and may
+-         * be clobbered by a RegExp usage in the lambda function.
++         * Save the regExpStatics from the current regexp, since they may be
++         * clobbered by a RegExp usage in the lambda function.  Note that all
++         * members of JSRegExpStatics are JSSubStrings, so not GC roots, save
++         * input, which is rooted otherwise via argv[-1] in str_replace.
++         *
++         * We need to clear moreParens in the top-of-stack cx->regExpStatics
++         * to it won't be possibly realloc'ed, leaving the bottom-of-stack
++         * moreParens pointing to freed memory.
+          */
+-        JSSubString saveRightContext = cx->regExpStatics.rightContext;
++        JSRegExpStatics save = cx->regExpStatics;
++        cx->regExpStatics.moreParens = NULL;
+ 
+         /*
+          * In the lambda case, not only do we find the replacement string's
+@@ -1460,7 +1466,9 @@
+ 
+       lambda_out:
+         js_FreeStack(cx, mark);
+-        cx->regExpStatics.rightContext = saveRightContext;
++        if (cx->regExpStatics.moreParens)
++            JS_free(cx, cx->regExpStatics.moreParens);
++        cx->regExpStatics = save;
+         return ok;
+     }
+ #endif /* JS_HAS_REPLACE_LAMBDA */