[pkgsrc/trunk]: pkgsrc/www/firefox Fix a memory management / refcount problem...

[drochner <drochner%pkgsrc.org@localhost>]

details:   https://anonhg.NetBSD.org/pkgsrc/rev/d8e2cbf0f39a
branches:  trunk
changeset: 511993:d8e2cbf0f39a
user:      drochner <drochner%pkgsrc.org@localhost>
date:      Fri Apr 28 16:11:31 2006 +0000

description:
Fix a memory management / refcount problem which can lead to a DOS or
possible code injection, affecting nested iframes.
See https://bugzilla.mozilla.org/show_bug.cgi?id=334515 and
http://www.securident.com/vuln/ff.txt
bump PKGREVISION

diffstat:

 www/firefox/Makefile         |   4 +-
 www/firefox/distinfo         |   4 +-
 www/firefox/patches/patch-fa |  22 +++++++++++++
 www/firefox/patches/patch-fb |  70 ++++++++++++++++++++++++++++++++++++++++++++
 4 files changed, 97 insertions(+), 3 deletions(-)

diffs (128 lines):

diff -r 1322c27058bc -r d8e2cbf0f39a www/firefox/Makefile
--- a/www/firefox/Makefile      Fri Apr 28 16:08:58 2006 +0000
+++ b/www/firefox/Makefile      Fri Apr 28 16:11:31 2006 +0000
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.33 2006/04/17 14:52:12 wiz Exp $
+# $NetBSD: Makefile,v 1.34 2006/04/28 16:11:31 drochner Exp $
 
 MOZILLA=               firefox
-PKGREVISION=           1
+PKGREVISION=           2
 EXTRACT_SUFX=          .tar.bz2
 COMMENT=               Lightweight gecko-based web browser
 
diff -r 1322c27058bc -r d8e2cbf0f39a www/firefox/distinfo
--- a/www/firefox/distinfo      Fri Apr 28 16:08:58 2006 +0000
+++ b/www/firefox/distinfo      Fri Apr 28 16:11:31 2006 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.47 2006/04/15 14:20:31 ghen Exp $
+$NetBSD: distinfo,v 1.48 2006/04/28 16:11:31 drochner Exp $
 
 SHA1 (firefox-1.5.0.2/firefox-1.5.0.2-source.tar.bz2) = 21f5497a4cdd4b142bdcb9c3fbdfea43cae1455f
 RMD160 (firefox-1.5.0.2/firefox-1.5.0.2-source.tar.bz2) = a3128798930d069a175d278b5522cdc8e43dc352
@@ -59,3 +59,5 @@
 SHA1 (patch-dv) = a380d261d4c2771a672d2b0f4f1f23821e3e5266
 SHA1 (patch-ea) = 14e31d17c2493e468cd01f99abfc996853a11032
 SHA1 (patch-eb) = dc9232b10075d17f7ed742e7be8ea036db2f0241
+SHA1 (patch-fa) = 64f09a71d4d3c36a42e8ccf28b2d3e43dbf8f202
+SHA1 (patch-fb) = fb32614d012565c4cb97e489ef05f3f76d75c841
diff -r 1322c27058bc -r d8e2cbf0f39a www/firefox/patches/patch-fa
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/www/firefox/patches/patch-fa      Fri Apr 28 16:11:31 2006 +0000
@@ -0,0 +1,22 @@
+$NetBSD: patch-fa,v 1.1 2006/04/28 16:11:31 drochner Exp $
+
+--- embedding/components/commandhandler/src/nsBaseCommandController.h.orig     2006-04-28 12:43:57.000000000 +0200
++++ embedding/components/commandhandler/src/nsBaseCommandController.h
+@@ -49,6 +49,8 @@
+ #include "nsIControllerContext.h"
+ #include "nsIControllerCommandTable.h"
+ #include "nsIInterfaceRequestor.h"
++#include "nsIWeakReference.h"
++#include "nsIWeakReferenceUtils.h"
+ 
+ // The base editor controller is used for both text widgets, 
+ //   and all other text and html editing
+@@ -79,7 +81,7 @@ public:
+   
+ private:
+ 
+-   nsISupports *mCommandContext;
++   nsWeakPtr mCommandContext;
+    
+    // Our reference to the command manager
+    nsCOMPtr<nsIControllerCommandTable> mCommandTable;     
diff -r 1322c27058bc -r d8e2cbf0f39a www/firefox/patches/patch-fb
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/www/firefox/patches/patch-fb      Fri Apr 28 16:11:31 2006 +0000
@@ -0,0 +1,70 @@
+$NetBSD: patch-fb,v 1.1 2006/04/28 16:11:31 drochner Exp $
+
+--- embedding/components/commandhandler/src/nsBaseCommandController.cpp.orig   2006-04-28 12:43:57.000000000 +0200
++++ embedding/components/commandhandler/src/nsBaseCommandController.cpp
+@@ -55,7 +55,6 @@ NS_INTERFACE_MAP_BEGIN(nsBaseCommandCont
+ NS_INTERFACE_MAP_END
+ 
+ nsBaseCommandController::nsBaseCommandController()
+-: mCommandContext(nsnull)
+ {
+ }
+ 
+@@ -79,7 +78,7 @@ nsBaseCommandController::Init(nsIControl
+ NS_IMETHODIMP
+ nsBaseCommandController::SetCommandContext(nsISupports *aCommandContext)
+ {
+-  mCommandContext = aCommandContext;     // no addref  
++  mCommandContext = do_GetWeakReference(aCommandContext);
+   return NS_OK;
+ }
+ 
+@@ -113,7 +112,8 @@ nsBaseCommandController::IsCommandEnable
+ {
+   NS_ENSURE_ARG_POINTER(aCommand);
+   NS_ENSURE_ARG_POINTER(aResult);
+-  return mCommandTable->IsCommandEnabled(aCommand, mCommandContext, aResult);
++  nsCOMPtr<nsISupports> context = do_QueryReferent(mCommandContext);
++  return mCommandTable->IsCommandEnabled(aCommand, context, aResult);
+ }
+ 
+ NS_IMETHODIMP
+@@ -121,14 +121,16 @@ nsBaseCommandController::SupportsCommand
+ {
+   NS_ENSURE_ARG_POINTER(aCommand);
+   NS_ENSURE_ARG_POINTER(aResult);
+-  return mCommandTable->SupportsCommand(aCommand, mCommandContext, aResult);
++  nsCOMPtr<nsISupports> context = do_QueryReferent(mCommandContext);
++  return mCommandTable->SupportsCommand(aCommand, context, aResult);
+ }
+ 
+ NS_IMETHODIMP
+ nsBaseCommandController::DoCommand(const char *aCommand)
+ {
+   NS_ENSURE_ARG_POINTER(aCommand);
+-  return mCommandTable->DoCommand(aCommand, mCommandContext);
++  nsCOMPtr<nsISupports> context = do_QueryReferent(mCommandContext);
++  return mCommandTable->DoCommand(aCommand, context);
+ }
+ 
+ NS_IMETHODIMP
+@@ -136,7 +138,8 @@ nsBaseCommandController::DoCommandWithPa
+                                              nsICommandParams *aParams)
+ {
+   NS_ENSURE_ARG_POINTER(aCommand);
+-  return mCommandTable->DoCommandParams(aCommand, aParams, mCommandContext);
++  nsCOMPtr<nsISupports> context = do_QueryReferent(mCommandContext);
++  return mCommandTable->DoCommandParams(aCommand, aParams, context);
+ }
+ 
+ NS_IMETHODIMP
+@@ -144,7 +147,8 @@ nsBaseCommandController::GetCommandState
+                                                    nsICommandParams *aParams)
+ {
+   NS_ENSURE_ARG_POINTER(aCommand);
+-  return mCommandTable->GetCommandState(aCommand, aParams, mCommandContext);
++  nsCOMPtr<nsISupports> context = do_QueryReferent(mCommandContext);
++  return mCommandTable->GetCommandState(aCommand, aParams, context);
+ }
+ 
+ NS_IMETHODIMP