diff options
| author | Mark H Weaver <mhw@netris.org> | 2016-03-10 02:57:05 -0500 |
|---|---|---|
| committer | Mark H Weaver <mhw@netris.org> | 2016-03-10 10:52:41 -0500 |
| commit | c3499ad6b8cfdf1c6b09aa51f9f681a5be6c8962 (patch) | |
| tree | 5013ce433bb697afc6086c4c4b1532cf57ea8bd5 /gnu/packages/patches/icecat-CVE-2016-1966.patch | |
| parent | ec278439f3ff5dcd3d02c05099ba1724cc2459f1 (diff) | |
gnu: icecat: Add several security fixes.
* gnu/packages/patches/icecat-CVE-2015-4477.patch,
gnu/packages/patches/icecat-CVE-2015-7207.patch,
gnu/packages/patches/icecat-CVE-2016-1952-pt01.patch,
gnu/packages/patches/icecat-CVE-2016-1952-pt02.patch,
gnu/packages/patches/icecat-CVE-2016-1952-pt03.patch,
gnu/packages/patches/icecat-CVE-2016-1952-pt04.patch,
gnu/packages/patches/icecat-CVE-2016-1952-pt05.patch,
gnu/packages/patches/icecat-CVE-2016-1952-pt06.patch,
gnu/packages/patches/icecat-CVE-2016-1954.patch,
gnu/packages/patches/icecat-CVE-2016-1960.patch,
gnu/packages/patches/icecat-CVE-2016-1961.patch,
gnu/packages/patches/icecat-CVE-2016-1962.patch,
gnu/packages/patches/icecat-CVE-2016-1964.patch,
gnu/packages/patches/icecat-CVE-2016-1965.patch,
gnu/packages/patches/icecat-CVE-2016-1966.patch,
gnu/packages/patches/icecat-CVE-2016-1974.patch,
gnu/packages/patches/icecat-bug-1248851.patch: New files.
* gnu-system.am (dist_patch_DATA): Add them.
* gnu/packages/gnuzilla.scm (icecat)[source]: Add patches.
Diffstat (limited to 'gnu/packages/patches/icecat-CVE-2016-1966.patch')
| -rw-r--r-- | gnu/packages/patches/icecat-CVE-2016-1966.patch | 36 |
1 files changed, 36 insertions, 0 deletions
diff --git a/gnu/packages/patches/icecat-CVE-2016-1966.patch b/gnu/packages/patches/icecat-CVE-2016-1966.patch new file mode 100644 index 0000000000..6bf5f9f95e --- /dev/null +++ b/gnu/packages/patches/icecat-CVE-2016-1966.patch @@ -0,0 +1,36 @@ +Copied from upstream: +https://hg.mozilla.org/releases/mozilla-esr38/raw-rev/291c2f31c48c + +# HG changeset patch +# User Nicholas Nethercote <nnethercote@mozilla.com> +# Date 1454650565 -39600 +# Node ID 291c2f31c48c7e96b1884b55273355970fa0fc30 +# Parent 11e6614756551cfd7291e73eefb90c52873a8480 +Bug 1246054 - Fix an erroneous nsNPObjWrapper assertion. r=froydnj. a=ritu + +diff --git a/dom/plugins/base/nsJSNPRuntime.cpp b/dom/plugins/base/nsJSNPRuntime.cpp +--- a/dom/plugins/base/nsJSNPRuntime.cpp ++++ b/dom/plugins/base/nsJSNPRuntime.cpp +@@ -1915,18 +1915,19 @@ nsNPObjWrapper::GetNewOrUsed(NPP npp, JS + // No existing JSObject, create one. + + JS::Rooted<JSObject*> obj(cx, ::JS_NewObject(cx, js::Jsvalify(&sNPObjectJSWrapperClass))); + + if (generation != sNPObjWrappers.Generation()) { + // Reload entry if the JS_NewObject call caused a GC and reallocated + // the table (see bug 445229). This is guaranteed to succeed. + +- NS_ASSERTION(PL_DHashTableSearch(&sNPObjWrappers, npobj), +- "Hashtable didn't find what we just added?"); ++ entry = static_cast<NPObjWrapperHashEntry*> ++ (PL_DHashTableSearch(&sNPObjWrappers, npobj)); ++ NS_ASSERTION(entry, "Hashtable didn't find what we just added?"); + } + + if (!obj) { + // OOM? Remove the stale entry from the hash. + + PL_DHashTableRawRemove(&sNPObjWrappers, entry); + + return nullptr; + |