From owner-freebsd-gecko@FreeBSD.ORG Wed Apr 22 08:46:34 2009 Return-Path: Delivered-To: freebsd-gecko@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id A2DC310656A4 for ; Wed, 22 Apr 2009 08:46:34 +0000 (UTC) (envelope-from svn-freebsd-gecko@chruetertee.ch) Received: from trillian.chruetertee.ch (trillian.chruetertee.ch [217.150.245.56]) by mx1.freebsd.org (Postfix) with ESMTP id 4C8718FC16 for ; Wed, 22 Apr 2009 08:46:33 +0000 (UTC) (envelope-from svn-freebsd-gecko@chruetertee.ch) Received: from trillian.chruetertee.ch (trillian [217.150.245.56]) by trillian.chruetertee.ch (8.14.3/8.14.3) with ESMTP id n3M8kXBf083620 for ; Wed, 22 Apr 2009 08:46:33 GMT (envelope-from svn-freebsd-gecko@chruetertee.ch) Received: (from www@localhost) by trillian.chruetertee.ch (8.14.3/8.14.3/Submit) id n3M8kRaW082399 for freebsd-gecko@freebsd.org; Wed, 22 Apr 2009 08:46:27 GMT (envelope-from svn-freebsd-gecko@chruetertee.ch) Date: Wed, 22 Apr 2009 08:46:27 GMT Message-Id: <200904220846.n3M8kRaW082399@trillian.chruetertee.ch> X-Authentication-Warning: trillian.chruetertee.ch: www set sender to svn-freebsd-gecko@chruetertee.ch using -f From: svn-freebsd-gecko@chruetertee.ch To: freebsd-gecko@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Subject: [SVN-Commit] r11 - in trunk/www/firefox: . files X-BeenThere: freebsd-gecko@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: freebsd-gecko@freebsd.org List-Id: Gecko Rendering Engine issues List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 22 Apr 2009 08:46:35 -0000 Author: miwi Date: Wed Apr 22 08:46:27 2009 New Revision: 11 Log: - Fix CVE-2009-1312 CVE-2009-0652 CVE-2009-1302 CVE-2009-1303 Obtained from: Mozilla Bugzilla Security: http://www.vuxml.org/freebsd/3b18e237-2f15-11de-9672-0030843d3802.html Added: trunk/www/firefox/files/patch-ff-453736 trunk/www/firefox/files/patch-ff-474536 trunk/www/firefox/files/patch-ff-479336 Modified: trunk/www/firefox/Makefile Modified: trunk/www/firefox/Makefile ============================================================================== --- trunk/www/firefox/Makefile Tue Apr 21 21:21:15 2009 (r10) +++ trunk/www/firefox/Makefile Wed Apr 22 08:46:27 2009 (r11) @@ -8,7 +8,7 @@ PORTNAME= firefox DISTVERSION= 2.0.0.20 -PORTREVISION= 6 +PORTREVISION= 7 PORTEPOCH= 1 CATEGORIES= www ipv6 MASTER_SITES= ${MASTER_SITE_MOZILLA_EXTENDED} Added: trunk/www/firefox/files/patch-ff-453736 ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ trunk/www/firefox/files/patch-ff-453736 Wed Apr 22 08:46:27 2009 (r11) @@ -0,0 +1,46 @@ +diff -p -U 8 -r1.15 nsSVGScriptElement.cpp +--- content/svg/content/src/nsSVGScriptElement.cpp 28 Apr 2005 23:47:55 -0000 1.15 ++++ content/svg/content/src/nsSVGScriptElement.cpp 26 Feb 2009 21:03:08 -0000 +@@ -177,17 +177,40 @@ nsSVGScriptElement::Init() + } + + return NS_OK; + } + + //---------------------------------------------------------------------- + // nsIDOMNode methods + +-NS_IMPL_DOM_CLONENODE_WITH_INIT(nsSVGScriptElement) ++nsresult ++nsSVGScriptElement::CloneNode(PRBool aDeep, nsIDOMNode** aReturn) ++{ ++ *aReturn = nsnull; ++ ++ nsSVGScriptElement* it = new nsSVGScriptElement(mNodeInfo); ++ if (!it) { ++ return NS_ERROR_OUT_OF_MEMORY; ++ } ++ ++ nsCOMPtr kungFuDeathGrip(it); ++ ++ CopyInnerTo(it, aDeep); ++ ++ // The clone should be marked evaluated if we are. It should also be marked ++ // evaluated if we're evaluating, to handle the case when this script node's ++ // script clones the node. ++ it->mIsEvaluated = mIsEvaluated || mEvaluating; ++ it->mLineNumber = mLineNumber; ++ ++ kungFuDeathGrip.swap(*aReturn); ++ ++ return NS_OK; ++} + + //---------------------------------------------------------------------- + // nsIDOMSVGScriptElement methods + + /* attribute DOMString type; */ + NS_IMETHODIMP + nsSVGScriptElement::GetType(nsAString & aType) + { + Added: trunk/www/firefox/files/patch-ff-474536 ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ trunk/www/firefox/files/patch-ff-474536 Wed Apr 22 08:46:27 2009 (r11) @@ -0,0 +1,28 @@ +diff -U 8 -p -r3.181.2.104 jsinterp.c +--- js/src/jsinterp.c 20 Oct 2008 15:43:57 -0000 3.181.2.104 ++++ js/src/jsinterp.c 2 Apr 2009 14:44:48 -0000 +@@ -4722,21 +4722,21 @@ interrupt: + + /* + * Try to optimize a property we either just created, or found + * directly in the global object, that is permanent, has a slot, + * and has stub getter and setter, into a "fast global" accessed + * by the JSOP_*GVAR opcodes. + */ + if (atomIndex < script->numGlobalVars && +- (attrs & JSPROP_PERMANENT) && + obj2 == obj && + OBJ_IS_NATIVE(obj)) { + sprop = (JSScopeProperty *) prop; +- if (SPROP_HAS_VALID_SLOT(sprop, OBJ_SCOPE(obj)) && ++ if ((sprop->attrs & JSPROP_PERMANENT) && ++ SPROP_HAS_VALID_SLOT(sprop, OBJ_SCOPE(obj)) && + SPROP_HAS_STUB_GETTER(sprop) && + SPROP_HAS_STUB_SETTER(sprop)) { + /* + * Fast globals use fp->vars to map the global name's + * atomIndex to the permanent fp->varobj slot number, + * tagged as a jsval. The atomIndex for the global's + * name literal is identical to its fp->vars index. + */ + Added: trunk/www/firefox/files/patch-ff-479336 ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ trunk/www/firefox/files/patch-ff-479336 Wed Apr 22 08:46:27 2009 (r11) @@ -0,0 +1,13 @@ +diff -up mozilla/modules/libpref/src/init/all.js.479336 mozilla/modules/libpref/src/init/all.js +--- modules/libpref/src/init/all.js.479336 2009-04-09 15:57:27.000000000 +0200 ++++ modules/libpref/src/init/all.js 2009-04-09 15:59:56.000000000 +0200 +@@ -631,7 +631,7 @@ pref("network.IDN.whitelist.org", true); + // attempt and so we always display the domain name as punycode. This would + // override the settings "network.IDN_show_punycode" and + // "network.IDN.whitelist.*". +-pref("network.IDN.blacklist_chars", "\u0020\u00A0\u00BC\u00BD\u01C3\u0337\u0338\u05C3\u05F4\u06D4\u0702\u115F\u1160\u2000\u2001\u2002\u2003\u2004\u2005\u2006\u2007\u2008\u2009\u200A\u200B\u2024\u2027\u2028\u2029\u202F\u2039\u203A\u2044\u205F\u2154\u2155\u2156\u2159\u215A\u215B\u215F\u2215\u23AE\u29F6\u29F8\u2AFB\u2AFD\u2FF0\u2FF1\u2FF2\u2FF3\u2FF4\u2FF5\u2FF6\u2FF7\u2FF8\u2FF9\u2FFA\u2FFB\u3000\u3002\u3014\u3015\u3033\u3164\u321D\u321E\u33AE\u33AF\u33C6\u33DF\uFE14\uFE15\uFE3F\uFE5D\uFE5E\uFEFF\uFF0E\uFF0F\uFF61\uFFA0\uFFF9\uFFFA\uFFFB\uFFFC\uFFFD"); ++pref("network.IDN.blacklist_chars", "\u0020\u00A0\u00BC\u00BD\u00BE\u01C3\u02D0\u0337\u0338\u0589\u05C3\u05F4\u0609\u060A\u066A\u06D4\u0701\u0702\u0703\u0704\u115F\u1160\u1735\u2000\u2001\u2002\u2003\u2004\u2005\u2006\u2007\u2008\u2009\u200A\u200B\u2024\u2027\u2028\u2029\u202F\u2039\u203A\u2041\u2044\u2052\u205F\u2153\u2154\u2155\u2156\u2157\u2158\u2159\u215A\u215B\u215C\u215D\u215E\u215F\u2215\u2236\u23AE\u2571\u29F6\u29F8\u2AFB\u2AFD\u2FF0\u2FF1\u2FF2\u2FF3\u2FF4\u2FF5\u2FF6\u2FF7\u2FF8\u2FF9\u2FFA\u2FFB\u3000\u3002\u3014\u3015\u3033\u3164\u321D\u321E\u33AE\u33AF\u33C6\u33DF\uA789\uFE14\uFE15\uFE3F\uFE5D\uFE5E\uFEFF\uFF0E\uFF0F\uFF61\uFFA0\uFFF9\uFFFA\uFFFB\uFFFC\uFFFD"); + + // This preference specifies a list of domains for which DNS lookups will be + // IPv4 only. Works around broken DNS servers which can't handle IPv6 lookups +