[pkgsrc/trunk]: pkgsrc/www/seamonkey Add fix for CVE-2016-9079 remote code ex...

To: pkgsrc-changes-hg%NetBSD.org@localhost
Subject: [pkgsrc/trunk]: pkgsrc/www/seamonkey Add fix for CVE-2016-9079 remote code ex...
From: dholland <dholland%pkgsrc.org@localhost>
Date: Wed, 15 Jan 2020 06:24:11 +0000

details:   https://anonhg.NetBSD.org/pkgsrc/rev/b9723d8864fa
branches:  trunk
changeset: 355869:b9723d8864fa
user:      dholland <dholland%pkgsrc.org@localhost>
date:      Thu Dec 15 07:48:19 2016 +0000

description:
Add fix for CVE-2016-9079 remote code execution, aka mfsa2016-92,
taken from firefox.

PKGREVISION -> 7.

diffstat:

 www/seamonkey/Makefile                                               |   4 +-
 www/seamonkey/distinfo                                               |   4 +-
 www/seamonkey/patches/patch-mozilla_dom_smil_nsSMILTimeContainer.cpp |  78 ++++++++++
 www/seamonkey/patches/patch-mozilla_dom_smil_nsSMILTimeContainer.h   |  20 ++
 4 files changed, 103 insertions(+), 3 deletions(-)

diffs (138 lines):

diff -r 2aa3f824c54c -r b9723d8864fa www/seamonkey/Makefile
--- a/www/seamonkey/Makefile    Thu Dec 15 01:53:34 2016 +0000
+++ b/www/seamonkey/Makefile    Thu Dec 15 07:48:19 2016 +0000
@@ -1,8 +1,8 @@
-# $NetBSD: Makefile,v 1.149 2016/12/04 05:17:44 ryoon Exp $
+# $NetBSD: Makefile,v 1.150 2016/12/15 07:48:19 dholland Exp $
 
 DISTNAME=      seamonkey-${SM_VER}.source
 PKGNAME=       seamonkey-${SM_VER:S/b/beta/}
-PKGREVISION=   6
+PKGREVISION=   7
 SM_VER=                2.40
 CATEGORIES=    www
 MASTER_SITES=  ${MASTER_SITE_MOZILLA:=seamonkey/releases/${SM_VER}/source/}
diff -r 2aa3f824c54c -r b9723d8864fa www/seamonkey/distinfo
--- a/www/seamonkey/distinfo    Thu Dec 15 01:53:34 2016 +0000
+++ b/www/seamonkey/distinfo    Thu Dec 15 07:48:19 2016 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.140 2016/12/07 22:01:28 maya Exp $
+$NetBSD: distinfo,v 1.141 2016/12/15 07:48:19 dholland Exp $
 
 SHA1 (seamonkey-2.40.source.tar.xz) = ecf99bc7478319835a0e19f35ed5b7b1aa2c0046
 RMD160 (seamonkey-2.40.source.tar.xz) = 4030688f145fdf35a6d2728d097cf7cda8e50231
@@ -31,6 +31,8 @@
 SHA1 (patch-mozilla_dom_plugins_ipc_PluginModuleChild.cpp) = 005a611073f3a8b865d19e7204df9d40e5e1c3ff
 SHA1 (patch-mozilla_dom_plugins_ipc_PluginModuleChild.h) = 14038ce0ee2b38db6c7952056a97a65839a2c1a9
 SHA1 (patch-mozilla_dom_plugins_ipc_PluginProcessChild.cpp) = ef2b3f3c134be64c9dbb688e36a8b767c25a008a
+SHA1 (patch-mozilla_dom_smil_nsSMILTimeContainer.cpp) = 8040334532157965086a6926aea2cb42707c9be3
+SHA1 (patch-mozilla_dom_smil_nsSMILTimeContainer.h) = ca80d3991d3025bc9ebe7091be4fd01ffcf75839
 SHA1 (patch-mozilla_dom_system_OSFileConstants.cpp) = f78d502489013f855c1616d8941b960aa73760a2
 SHA1 (patch-mozilla_extensions_spellcheck_hunspell_glue_mozHunspell.cpp) = 5c7d5429bd9a84fd2fffa86c3bd1d34d67f66681
 SHA1 (patch-mozilla_gfx_cairo_libpixman_src_pixman-arm-neon-asm.S) = 818a1b1cb48bc04e91581709065948cef362aebe
diff -r 2aa3f824c54c -r b9723d8864fa www/seamonkey/patches/patch-mozilla_dom_smil_nsSMILTimeContainer.cpp
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/www/seamonkey/patches/patch-mozilla_dom_smil_nsSMILTimeContainer.cpp      Thu Dec 15 07:48:19 2016 +0000
@@ -0,0 +1,78 @@
+$NetBSD: patch-mozilla_dom_smil_nsSMILTimeContainer.cpp,v 1.1 2016/12/15 07:48:19 dholland Exp $
+
+Fix for CVE-2016-9079, aka
+https://www.mozilla.org/en-US/security/advisories/mfsa2016-92/
+from the firefox 45.5.1esr distfile,
+which is the same as
+https://hg.mozilla.org/integration/mozilla-inbound/rev/9271347b07d201df26cdffde75483c0b0001528c
+linked from https://bugzilla.mozilla.org/show_bug.cgi?id=1321066
+
+--- mozilla/dom/smil/nsSMILTimeContainer.cpp.orig      2016-01-19 02:48:35.000000000 +0000
++++ mozilla/dom/smil/nsSMILTimeContainer.cpp
+@@ -9,6 +9,8 @@
+ #include "nsSMILTimedElement.h"
+ #include <algorithm>
+ 
++#include "mozilla/AutoRestore.h"
++
+ nsSMILTimeContainer::nsSMILTimeContainer()
+ :
+   mParent(nullptr),
+@@ -18,6 +20,7 @@ nsSMILTimeContainer::nsSMILTimeContainer
+   mNeedsPauseSample(false),
+   mNeedsRewind(false),
+   mIsSeeking(false),
++  mHoldingEntries(false),
+   mPauseState(PAUSE_BEGIN)
+ {
+ }
+@@ -213,12 +216,14 @@ nsSMILTimeContainer::AddMilestone(const 
+   // time may change (e.g. if attributes are changed on the timed element in
+   // between samples). If this happens, then we may do an unecessary sample
+   // but that's pretty cheap.
++  MOZ_RELEASE_ASSERT(!mHoldingEntries);
+   return mMilestoneEntries.Push(MilestoneEntry(aMilestone, aElement));
+ }
+ 
+ void
+ nsSMILTimeContainer::ClearMilestones()
+ {
++  MOZ_RELEASE_ASSERT(!mHoldingEntries);
+   mMilestoneEntries.Clear();
+ }
+ 
+@@ -259,6 +264,8 @@ nsSMILTimeContainer::PopMilestoneElement
+              "Trying to pop off earliest times but we have earlier ones that "
+              "were overlooked");
+ 
++  MOZ_RELEASE_ASSERT(!mHoldingEntries);
++
+   bool gotOne = false;
+   while (!mMilestoneEntries.IsEmpty() &&
+       mMilestoneEntries.Top().mMilestone == containerMilestone)
+@@ -273,6 +280,8 @@ nsSMILTimeContainer::PopMilestoneElement
+ void
+ nsSMILTimeContainer::Traverse(nsCycleCollectionTraversalCallback* aCallback)
+ {
++  AutoRestore<bool> saveHolding(mHoldingEntries);
++  mHoldingEntries = true;
+   const MilestoneEntry* p = mMilestoneEntries.Elements();
+   while (p < mMilestoneEntries.Elements() + mMilestoneEntries.Length()) {
+     NS_CYCLE_COLLECTION_NOTE_EDGE_NAME(*aCallback, "mTimebase");
+@@ -284,6 +293,7 @@ nsSMILTimeContainer::Traverse(nsCycleCol
+ void
+ nsSMILTimeContainer::Unlink()
+ {
++  MOZ_RELEASE_ASSERT(!mHoldingEntries);
+   mMilestoneEntries.Clear();
+ }
+ 
+@@ -307,6 +317,8 @@ nsSMILTimeContainer::NotifyTimeChange()
+   // milestone elements. This is because any timed element with dependents and
+   // with significant transitions yet to fire should have their next milestone
+   // registered. Other timed elements don't matter.
++  AutoRestore<bool> saveHolding(mHoldingEntries);
++  mHoldingEntries = true;
+   const MilestoneEntry* p = mMilestoneEntries.Elements();
+ #if DEBUG
+   uint32_t queueLength = mMilestoneEntries.Length();
diff -r 2aa3f824c54c -r b9723d8864fa www/seamonkey/patches/patch-mozilla_dom_smil_nsSMILTimeContainer.h
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/www/seamonkey/patches/patch-mozilla_dom_smil_nsSMILTimeContainer.h        Thu Dec 15 07:48:19 2016 +0000
@@ -0,0 +1,20 @@
+$NetBSD: patch-mozilla_dom_smil_nsSMILTimeContainer.h,v 1.1 2016/12/15 07:48:19 dholland Exp $
+
+Fix for CVE-2016-9079, aka
+https://www.mozilla.org/en-US/security/advisories/mfsa2016-92/
+from the firefox 45.5.1esr distfile,
+which is the same as
+https://hg.mozilla.org/integration/mozilla-inbound/rev/9271347b07d201df26cdffde75483c0b0001528c
+linked from https://bugzilla.mozilla.org/show_bug.cgi?id=1321066
+
+--- mozilla/dom/smil/nsSMILTimeContainer.h.orig        2016-01-19 02:49:17.000000000 +0000
++++ mozilla/dom/smil/nsSMILTimeContainer.h
+@@ -267,6 +267,8 @@ protected:
+   bool mNeedsRewind; // Backwards seek performed
+   bool mIsSeeking; // Currently in the middle of a seek operation
+ 
++  bool mHoldingEntries; // True if there's a raw pointer to mMilestoneEntries on the stack.
++
+   // A bitfield of the pause state for all pause requests
+   uint32_t mPauseState;
+

Prev by Date: [pkgsrc/trunk]: pkgsrc/converters/p5-Sereal-Encoder use a patch just like wit...
Next by Date: [pkgsrc/trunk]: pkgsrc/security/py-cryptkit fix up integer types and BYTE_ORD...
Previous by Thread: [pkgsrc/trunk]: pkgsrc/converters/p5-Sereal-Encoder use a patch just like wit...
Next by Thread: [pkgsrc/trunk]: pkgsrc/security/py-cryptkit fix up integer types and BYTE_ORD...
Indexes:

Home | Main Index | Thread Index | Old Index