From c3499ad6b8cfdf1c6b09aa51f9f681a5be6c8962 Mon Sep 17 00:00:00 2001 From: Mark H Weaver Date: Thu, 10 Mar 2016 02:57:05 -0500 Subject: gnu: icecat: Add several security fixes. * gnu/packages/patches/icecat-CVE-2015-4477.patch, gnu/packages/patches/icecat-CVE-2015-7207.patch, gnu/packages/patches/icecat-CVE-2016-1952-pt01.patch, gnu/packages/patches/icecat-CVE-2016-1952-pt02.patch, gnu/packages/patches/icecat-CVE-2016-1952-pt03.patch, gnu/packages/patches/icecat-CVE-2016-1952-pt04.patch, gnu/packages/patches/icecat-CVE-2016-1952-pt05.patch, gnu/packages/patches/icecat-CVE-2016-1952-pt06.patch, gnu/packages/patches/icecat-CVE-2016-1954.patch, gnu/packages/patches/icecat-CVE-2016-1960.patch, gnu/packages/patches/icecat-CVE-2016-1961.patch, gnu/packages/patches/icecat-CVE-2016-1962.patch, gnu/packages/patches/icecat-CVE-2016-1964.patch, gnu/packages/patches/icecat-CVE-2016-1965.patch, gnu/packages/patches/icecat-CVE-2016-1966.patch, gnu/packages/patches/icecat-CVE-2016-1974.patch, gnu/packages/patches/icecat-bug-1248851.patch: New files. * gnu-system.am (dist_patch_DATA): Add them. * gnu/packages/gnuzilla.scm (icecat)[source]: Add patches. --- gnu/packages/patches/icecat-CVE-2016-1960.patch | 55 +++++++++++++++++++++++++ 1 file changed, 55 insertions(+) create mode 100644 gnu/packages/patches/icecat-CVE-2016-1960.patch (limited to 'gnu/packages/patches/icecat-CVE-2016-1960.patch') diff --git a/gnu/packages/patches/icecat-CVE-2016-1960.patch b/gnu/packages/patches/icecat-CVE-2016-1960.patch new file mode 100644 index 0000000000..6c5c885e8b --- /dev/null +++ b/gnu/packages/patches/icecat-CVE-2016-1960.patch @@ -0,0 +1,55 @@ +Copied from upstream: +https://hg.mozilla.org/releases/mozilla-esr38/raw-rev/185b233ea03f + +# HG changeset patch +# User Henri Sivonen +# Date 1455100746 -7200 +# Node ID 185b233ea03f3811404e3979b65ec86b29d13555 +# Parent 271e3a5a53d96871141e89271f611033b512e3e4 +Bug 1246014. r=wchen. a=sylvestre + +diff --git a/parser/html/javasrc/TreeBuilder.java b/parser/html/javasrc/TreeBuilder.java +--- a/parser/html/javasrc/TreeBuilder.java ++++ b/parser/html/javasrc/TreeBuilder.java +@@ -4437,17 +4437,17 @@ public abstract class TreeBuilder imp + return TreeBuilder.NOT_FOUND_ON_STACK; + } + + private void clearStackBackTo(int eltPos) throws SAXException { + int eltGroup = stack[eltPos].getGroup(); + while (currentPtr > eltPos) { // > not >= intentional + if (stack[currentPtr].ns == "http://www.w3.org/1999/xhtml" + && stack[currentPtr].getGroup() == TEMPLATE +- && (eltGroup == TABLE || eltGroup == TBODY_OR_THEAD_OR_TFOOT|| eltGroup == TR || eltGroup == HTML)) { ++ && (eltGroup == TABLE || eltGroup == TBODY_OR_THEAD_OR_TFOOT|| eltGroup == TR || eltPos == 0)) { + return; + } + pop(); + } + } + + private void resetTheInsertionMode() { + StackNode node; +diff --git a/parser/html/nsHtml5TreeBuilder.cpp b/parser/html/nsHtml5TreeBuilder.cpp +--- a/parser/html/nsHtml5TreeBuilder.cpp ++++ b/parser/html/nsHtml5TreeBuilder.cpp +@@ -3301,17 +3301,17 @@ nsHtml5TreeBuilder::findLastInTableScope + return NS_HTML5TREE_BUILDER_NOT_FOUND_ON_STACK; + } + + void + nsHtml5TreeBuilder::clearStackBackTo(int32_t eltPos) + { + int32_t eltGroup = stack[eltPos]->getGroup(); + while (currentPtr > eltPos) { +- if (stack[currentPtr]->ns == kNameSpaceID_XHTML && stack[currentPtr]->getGroup() == NS_HTML5TREE_BUILDER_TEMPLATE && (eltGroup == NS_HTML5TREE_BUILDER_TABLE || eltGroup == NS_HTML5TREE_BUILDER_TBODY_OR_THEAD_OR_TFOOT || eltGroup == NS_HTML5TREE_BUILDER_TR || eltGroup == NS_HTML5TREE_BUILDER_HTML)) { ++ if (stack[currentPtr]->ns == kNameSpaceID_XHTML && stack[currentPtr]->getGroup() == NS_HTML5TREE_BUILDER_TEMPLATE && (eltGroup == NS_HTML5TREE_BUILDER_TABLE || eltGroup == NS_HTML5TREE_BUILDER_TBODY_OR_THEAD_OR_TFOOT || eltGroup == NS_HTML5TREE_BUILDER_TR || !eltPos)) { + return; + } + pop(); + } + } + + void + nsHtml5TreeBuilder::resetTheInsertionMode() + -- cgit v1.2.3