pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/www/seamonkey Add fix for CVE-2016-9079 remote code ex...
details: https://anonhg.NetBSD.org/pkgsrc/rev/b9723d8864fa
branches: trunk
changeset: 355869:b9723d8864fa
user: dholland <dholland%pkgsrc.org@localhost>
date: Thu Dec 15 07:48:19 2016 +0000
description:
Add fix for CVE-2016-9079 remote code execution, aka mfsa2016-92,
taken from firefox.
PKGREVISION -> 7.
diffstat:
www/seamonkey/Makefile | 4 +-
www/seamonkey/distinfo | 4 +-
www/seamonkey/patches/patch-mozilla_dom_smil_nsSMILTimeContainer.cpp | 78 ++++++++++
www/seamonkey/patches/patch-mozilla_dom_smil_nsSMILTimeContainer.h | 20 ++
4 files changed, 103 insertions(+), 3 deletions(-)
diffs (138 lines):
diff -r 2aa3f824c54c -r b9723d8864fa www/seamonkey/Makefile
--- a/www/seamonkey/Makefile Thu Dec 15 01:53:34 2016 +0000
+++ b/www/seamonkey/Makefile Thu Dec 15 07:48:19 2016 +0000
@@ -1,8 +1,8 @@
-# $NetBSD: Makefile,v 1.149 2016/12/04 05:17:44 ryoon Exp $
+# $NetBSD: Makefile,v 1.150 2016/12/15 07:48:19 dholland Exp $
DISTNAME= seamonkey-${SM_VER}.source
PKGNAME= seamonkey-${SM_VER:S/b/beta/}
-PKGREVISION= 6
+PKGREVISION= 7
SM_VER= 2.40
CATEGORIES= www
MASTER_SITES= ${MASTER_SITE_MOZILLA:=seamonkey/releases/${SM_VER}/source/}
diff -r 2aa3f824c54c -r b9723d8864fa www/seamonkey/distinfo
--- a/www/seamonkey/distinfo Thu Dec 15 01:53:34 2016 +0000
+++ b/www/seamonkey/distinfo Thu Dec 15 07:48:19 2016 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.140 2016/12/07 22:01:28 maya Exp $
+$NetBSD: distinfo,v 1.141 2016/12/15 07:48:19 dholland Exp $
SHA1 (seamonkey-2.40.source.tar.xz) = ecf99bc7478319835a0e19f35ed5b7b1aa2c0046
RMD160 (seamonkey-2.40.source.tar.xz) = 4030688f145fdf35a6d2728d097cf7cda8e50231
@@ -31,6 +31,8 @@
SHA1 (patch-mozilla_dom_plugins_ipc_PluginModuleChild.cpp) = 005a611073f3a8b865d19e7204df9d40e5e1c3ff
SHA1 (patch-mozilla_dom_plugins_ipc_PluginModuleChild.h) = 14038ce0ee2b38db6c7952056a97a65839a2c1a9
SHA1 (patch-mozilla_dom_plugins_ipc_PluginProcessChild.cpp) = ef2b3f3c134be64c9dbb688e36a8b767c25a008a
+SHA1 (patch-mozilla_dom_smil_nsSMILTimeContainer.cpp) = 8040334532157965086a6926aea2cb42707c9be3
+SHA1 (patch-mozilla_dom_smil_nsSMILTimeContainer.h) = ca80d3991d3025bc9ebe7091be4fd01ffcf75839
SHA1 (patch-mozilla_dom_system_OSFileConstants.cpp) = f78d502489013f855c1616d8941b960aa73760a2
SHA1 (patch-mozilla_extensions_spellcheck_hunspell_glue_mozHunspell.cpp) = 5c7d5429bd9a84fd2fffa86c3bd1d34d67f66681
SHA1 (patch-mozilla_gfx_cairo_libpixman_src_pixman-arm-neon-asm.S) = 818a1b1cb48bc04e91581709065948cef362aebe
diff -r 2aa3f824c54c -r b9723d8864fa www/seamonkey/patches/patch-mozilla_dom_smil_nsSMILTimeContainer.cpp
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/www/seamonkey/patches/patch-mozilla_dom_smil_nsSMILTimeContainer.cpp Thu Dec 15 07:48:19 2016 +0000
@@ -0,0 +1,78 @@
+$NetBSD: patch-mozilla_dom_smil_nsSMILTimeContainer.cpp,v 1.1 2016/12/15 07:48:19 dholland Exp $
+
+Fix for CVE-2016-9079, aka
+https://www.mozilla.org/en-US/security/advisories/mfsa2016-92/
+from the firefox 45.5.1esr distfile,
+which is the same as
+https://hg.mozilla.org/integration/mozilla-inbound/rev/9271347b07d201df26cdffde75483c0b0001528c
+linked from https://bugzilla.mozilla.org/show_bug.cgi?id=1321066
+
+--- mozilla/dom/smil/nsSMILTimeContainer.cpp.orig 2016-01-19 02:48:35.000000000 +0000
++++ mozilla/dom/smil/nsSMILTimeContainer.cpp
+@@ -9,6 +9,8 @@
+ #include "nsSMILTimedElement.h"
+ #include <algorithm>
+
++#include "mozilla/AutoRestore.h"
++
+ nsSMILTimeContainer::nsSMILTimeContainer()
+ :
+ mParent(nullptr),
+@@ -18,6 +20,7 @@ nsSMILTimeContainer::nsSMILTimeContainer
+ mNeedsPauseSample(false),
+ mNeedsRewind(false),
+ mIsSeeking(false),
++ mHoldingEntries(false),
+ mPauseState(PAUSE_BEGIN)
+ {
+ }
+@@ -213,12 +216,14 @@ nsSMILTimeContainer::AddMilestone(const
+ // time may change (e.g. if attributes are changed on the timed element in
+ // between samples). If this happens, then we may do an unecessary sample
+ // but that's pretty cheap.
++ MOZ_RELEASE_ASSERT(!mHoldingEntries);
+ return mMilestoneEntries.Push(MilestoneEntry(aMilestone, aElement));
+ }
+
+ void
+ nsSMILTimeContainer::ClearMilestones()
+ {
++ MOZ_RELEASE_ASSERT(!mHoldingEntries);
+ mMilestoneEntries.Clear();
+ }
+
+@@ -259,6 +264,8 @@ nsSMILTimeContainer::PopMilestoneElement
+ "Trying to pop off earliest times but we have earlier ones that "
+ "were overlooked");
+
++ MOZ_RELEASE_ASSERT(!mHoldingEntries);
++
+ bool gotOne = false;
+ while (!mMilestoneEntries.IsEmpty() &&
+ mMilestoneEntries.Top().mMilestone == containerMilestone)
+@@ -273,6 +280,8 @@ nsSMILTimeContainer::PopMilestoneElement
+ void
+ nsSMILTimeContainer::Traverse(nsCycleCollectionTraversalCallback* aCallback)
+ {
++ AutoRestore<bool> saveHolding(mHoldingEntries);
++ mHoldingEntries = true;
+ const MilestoneEntry* p = mMilestoneEntries.Elements();
+ while (p < mMilestoneEntries.Elements() + mMilestoneEntries.Length()) {
+ NS_CYCLE_COLLECTION_NOTE_EDGE_NAME(*aCallback, "mTimebase");
+@@ -284,6 +293,7 @@ nsSMILTimeContainer::Traverse(nsCycleCol
+ void
+ nsSMILTimeContainer::Unlink()
+ {
++ MOZ_RELEASE_ASSERT(!mHoldingEntries);
+ mMilestoneEntries.Clear();
+ }
+
+@@ -307,6 +317,8 @@ nsSMILTimeContainer::NotifyTimeChange()
+ // milestone elements. This is because any timed element with dependents and
+ // with significant transitions yet to fire should have their next milestone
+ // registered. Other timed elements don't matter.
++ AutoRestore<bool> saveHolding(mHoldingEntries);
++ mHoldingEntries = true;
+ const MilestoneEntry* p = mMilestoneEntries.Elements();
+ #if DEBUG
+ uint32_t queueLength = mMilestoneEntries.Length();
diff -r 2aa3f824c54c -r b9723d8864fa www/seamonkey/patches/patch-mozilla_dom_smil_nsSMILTimeContainer.h
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/www/seamonkey/patches/patch-mozilla_dom_smil_nsSMILTimeContainer.h Thu Dec 15 07:48:19 2016 +0000
@@ -0,0 +1,20 @@
+$NetBSD: patch-mozilla_dom_smil_nsSMILTimeContainer.h,v 1.1 2016/12/15 07:48:19 dholland Exp $
+
+Fix for CVE-2016-9079, aka
+https://www.mozilla.org/en-US/security/advisories/mfsa2016-92/
+from the firefox 45.5.1esr distfile,
+which is the same as
+https://hg.mozilla.org/integration/mozilla-inbound/rev/9271347b07d201df26cdffde75483c0b0001528c
+linked from https://bugzilla.mozilla.org/show_bug.cgi?id=1321066
+
+--- mozilla/dom/smil/nsSMILTimeContainer.h.orig 2016-01-19 02:49:17.000000000 +0000
++++ mozilla/dom/smil/nsSMILTimeContainer.h
+@@ -267,6 +267,8 @@ protected:
+ bool mNeedsRewind; // Backwards seek performed
+ bool mIsSeeking; // Currently in the middle of a seek operation
+
++ bool mHoldingEntries; // True if there's a raw pointer to mMilestoneEntries on the stack.
++
+ // A bitfield of the pause state for all pause requests
+ uint32_t mPauseState;
+
Home |
Main Index |
Thread Index |
Old Index