mirror/freebsd-ports
1
0
Fork 0
mirror of https://git.FreeBSD.org/ports.git synced 2025-01-03 06:04:53 +00:00
Code Issues Releases Activity

- Backport patches to fix the following security vulnerabilities:

Browse Source 
CVE-2009-1834
  CVE-2009-1835
  CVE-2009-1836
  CVE-2009-1838
  CVE-2009-1841

Obtained from:	Mozilla Bugzilla
Security:	http://www.vuxml.org/freebsd/da185955-5738-11de-b857-000f20797ede.html
With hat:	Gecko gang
This commit is contained in:
Beat Gaetzi 2009-06-13 07:05:48 +00:00
parent ac4f62e45f
commit e33b416ed3
Notes: svn2git 2021-03-31 03:12:20 +00:00 
svn path=/head/; revision=235674
18 changed files with 4557 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
www/firefox-esr/Makefile
View File

@ -8,7 +8,7 @@
PORTNAME= firefox
DISTVERSION= 2.0.0.20
PORTREVISION= 7
PORTREVISION= 8
PORTEPOCH= 1
CATEGORIES= www ipv6
MASTER_SITES= ${MASTER_SITE_MOZILLA_EXTENDED}

1184
www/firefox-esr/files/patch-ff-479413 Normal file
View File

File diff suppressed because it is too large Load Diff

69
www/firefox-esr/files/patch-ff-479560 Normal file
View File

@ -0,0 +1,69 @@
diff -up mozilla/js/src/xpconnect/src/xpcprivate.h.479560 mozilla/js/src/xpconnect/src/xpcprivate.h
--- js/src/xpconnect/src/xpcprivate.h.479560 2008-03-22 09:04:17.000000000 +0100
+++ js/src/xpconnect/src/xpcprivate.h 2009-05-13 14:56:10.000000000 +0200
@@ -2167,7 +2167,7 @@ private:
nsXPCWrappedJSClass(XPCCallContext& ccx, REFNSIID aIID,
nsIInterfaceInfo* aInfo);
- JSObject* NewOutObject(JSContext* cx);
+ JSObject* NewOutObject(JSContext* cx, JSObject* scope);
JSBool IsReflectable(uint16 i) const
{return (JSBool)(mDescriptors[i/32] & (1 << (i%32)));}
diff -up mozilla/js/src/xpconnect/src/xpcwrappedjsclass.cpp.479560 mozilla/js/src/xpconnect/src/xpcwrappedjsclass.cpp
--- js/src/xpconnect/src/xpcwrappedjsclass.cpp.479560 2007-06-30 01:21:28.000000000 +0200
+++ js/src/xpconnect/src/xpcwrappedjsclass.cpp 2009-05-13 14:51:35.000000000 +0200
@@ -1338,7 +1338,7 @@ nsXPCWrappedJSClass::CallMethod(nsXPCWra
if(param.IsOut())
{
// create an 'out' object
- JSObject* out_obj = NewOutObject(cx);
+ JSObject* out_obj = NewOutObject(cx, obj);
if(!out_obj)
{
retval = NS_ERROR_OUT_OF_MEMORY;
@@ -1706,9 +1706,9 @@ nsXPCWrappedJSClass::GetInterfaceName()
}
JSObject*
-nsXPCWrappedJSClass::NewOutObject(JSContext* cx)
+nsXPCWrappedJSClass::NewOutObject(JSContext* cx, JSObject* scope)
{
- return JS_NewObject(cx, nsnull, nsnull, nsnull);
+ return JS_NewObject(cx, nsnull, nsnull, JS_GetGlobalForObject(cx, scope));
}
diff -up mozilla/js/src/jsapi.c.old mozilla/js/src/jsapi.c
--- js/src/jsapi.c.old 2009-05-13 15:13:20.000000000 +0200
+++ js/src/jsapi.c 2009-05-13 15:13:32.000000000 +0200
@@ -122,6 +122,16 @@ JS_GetPositiveInfinityValue(JSContext *c
return DOUBLE_TO_JSVAL(cx->runtime->jsPositiveInfinity);
}
+JS_PUBLIC_API(JSObject *)
+JS_GetGlobalForObject(JSContext *cx, JSObject *obj)
+{
+ JSObject *parent;
+
+ while ((parent = OBJ_GET_PARENT(cx, obj)) != NULL)
+ obj = parent;
+ return obj;
+}
+
JS_PUBLIC_API(jsval)
JS_GetEmptyStringValue(JSContext *cx)
{
diff -up mozilla/js/src/jsapi.h.old mozilla/js/src/jsapi.h
--- js/src/jsapi.h.old 2009-05-13 15:13:20.000000000 +0200
+++ js/src/jsapi.h 2009-05-13 15:13:32.000000000 +0200
@@ -668,6 +668,9 @@ JS_DumpNamedRoots(JSRuntime *rt,
void *data);
#endif
+extern JS_PUBLIC_API(JSObject *)
+JS_GetGlobalForObject(JSContext *cx, JSObject *obj);
+
/*
* Call JS_MapGCRoots to map the GC's roots table using map(rp, name, data).
* The root is pointed at by rp; if the root is unnamed, name is null; data is

145
www/firefox-esr/files/patch-ff-479880 Normal file
View File

@ -0,0 +1,145 @@
? 1.8.patch
Index: nsHttpChannel.cpp
===================================================================
RCS file: /cvsroot/mozilla/netwerk/protocol/http/src/nsHttpChannel.cpp,v
retrieving revision 1.256.2.22
diff -U 8 -p -p -r1.256.2.22 nsHttpChannel.cpp
--- netwerk/protocol/http/src/nsHttpChannel.cpp 20 Jul 2006 22:59:31 -0000 1.256.2.22
+++ netwerk/protocol/http/src/nsHttpChannel.cpp 28 May 2009 20:20:06 -0000
@@ -755,24 +755,92 @@ nsHttpChannel::CallOnStartRequest()
// install stream converter if required
ApplyContentConversions();
return rv;
}
nsresult
+nsHttpChannel::ProcessFailedSSLConnect(PRUint32 httpStatus)
+{
+ // Failure to set up SSL proxy tunnel means one of the following:
+ // 1) Proxy wants authorization, or forbids.
+ // 2) DNS at proxy couldn't resolve target URL.
+ // 3) Proxy connection to target failed or timed out.
+ // 4) Eve noticed our proxy CONNECT, and is replying with malicious HTML.
+ //
+ // Our current architecture will parse response content with the
+ // permission of the target URL! Given #4, we must avoid rendering the
+ // body of the reply, and instead give the user a (hopefully helpful)
+ // boilerplate error page, based on just the HTTP status of the reply.
+
+ NS_ABORT_IF_FALSE(mConnectionInfo->UsingSSL(),
+ "SSL connect failed but not using SSL?");
+ nsresult rv;
+ switch (httpStatus)
+ {
+ case 403: // HTTP/1.1: "Forbidden"
+ case 407: // ProcessAuthentication() failed
+ case 501: // HTTP/1.1: "Not Implemented"
+ // user sees boilerplate Mozilla "Proxy Refused Connection" page.
+ rv = NS_ERROR_PROXY_CONNECTION_REFUSED;
+ break;
+ // Squid sends 404 if DNS fails (regular 404 from target is tunneled)
+ case 404: // HTTP/1.1: "Not Found"
+ // RFC 2616: "some deployed proxies are known to return 400 or 500 when
+ // DNS lookups time out." (Squid uses 500 if it runs out of sockets: so
+ // we have a conflict here).
+ case 400: // HTTP/1.1 "Bad Request"
+ case 500: // HTTP/1.1: "Internal Server Error"
+ /* User sees: "Address Not Found: Firefox can't find the server at
+ * www.foo.com."
+ */
+ rv = NS_ERROR_UNKNOWN_HOST;
+ break;
+ case 502: // HTTP/1.1: "Bad Gateway" (invalid resp from target server)
+ // Squid returns 503 if target request fails for anything but DNS.
+ case 503: // HTTP/1.1: "Service Unavailable"
+ /* User sees: "Failed to Connect:
+ * Firefox can't establish a connection to the server at
+ * www.foo.com. Though the site seems valid, the browser
+ * was unable to establish a connection."
+ */
+ rv = NS_ERROR_CONNECTION_REFUSED;
+ break;
+ // RFC 2616 uses 504 for both DNS and target timeout, so not clear what to
+ // do here: picking target timeout, as DNS covered by 400/404/500
+ case 504: // HTTP/1.1: "Gateway Timeout"
+ // user sees: "Network Timeout: The server at www.foo.com
+ // is taking too long to respond."
+ rv = NS_ERROR_NET_TIMEOUT;
+ break;
+ // Confused proxy server or malicious response
+ default:
+ rv = NS_ERROR_PROXY_CONNECTION_REFUSED;
+ break;
+ }
+ LOG(("Cancelling failed SSL proxy connection [this=%x httpStatus=%u]\n",
+ this, httpStatus));
+ Cancel(rv);
+ return rv;
+}
+
+nsresult
nsHttpChannel::ProcessResponse()
{
nsresult rv;
PRUint32 httpStatus = mResponseHead->Status();
LOG(("nsHttpChannel::ProcessResponse [this=%x httpStatus=%u]\n",
this, httpStatus));
+ if (mTransaction->SSLConnectFailed() && httpStatus != 407)
+ return ProcessFailedSSLConnect(httpStatus);
+
// notify "http-on-examine-response" observers
gHttpHandler->OnExamineResponse(this);
// set cookies, if any exist; done after OnExamineResponse to allow those
// observers to modify the cookie response headers
SetCookie(mResponseHead->PeekHeader(nsHttp::Set_Cookie));
// handle unused username and password in url (see bug 232567)
@@ -837,16 +905,18 @@ nsHttpChannel::ProcessResponse()
rv = ProcessNormal();
}
break;
case 401:
case 407:
rv = ProcessAuthentication(httpStatus);
if (NS_FAILED(rv)) {
LOG(("ProcessAuthentication failed [rv=%x]\n", rv));
+ if (mTransaction->SSLConnectFailed())
+ return ProcessFailedSSLConnect(httpStatus);
CheckForSuperfluousAuth();
rv = ProcessNormal();
}
break;
case 412: // Precondition failed
case 416: // Invalid range
if (mResuming) {
Cancel(NS_ERROR_ENTITY_CHANGED);
Index: nsHttpChannel.h
===================================================================
RCS file: /cvsroot/mozilla/netwerk/protocol/http/src/nsHttpChannel.h,v
retrieving revision 1.70.4.5
diff -U 8 -p -p -r1.70.4.5 nsHttpChannel.h
--- netwerk/protocol/http/src/nsHttpChannel.h 27 Jun 2006 20:27:29 -0000 1.70.4.5
+++ netwerk/protocol/http/src/nsHttpChannel.h 28 May 2009 20:20:06 -0000
@@ -155,16 +155,17 @@ private:
nsresult SetupTransaction();
void AddCookiesToRequest();
void ApplyContentConversions();
nsresult CallOnStartRequest();
nsresult ProcessResponse();
nsresult ProcessNormal();
nsresult ProcessNotModified();
nsresult ProcessRedirection(PRUint32 httpStatus);
+ nsresult ProcessFailedSSLConnect(PRUint32 httpStatus);
nsresult ProcessAuthentication(PRUint32 httpStatus);
PRBool ResponseWouldVary();
// redirection specific methods
void HandleAsyncRedirect();
void HandleAsyncNotModified();
nsresult PromptTempRedirect();
nsresult SetupReplacementChannel(nsIURI *, nsIChannel *, PRBool preserveMethod);

29
www/firefox-esr/files/patch-ff-489131 Normal file
View File

@ -0,0 +1,29 @@
diff -U12 -up mozilla/content/base/src/nsContentUtils.cpp.489131 mozilla/content/base/src/nsContentUtils.cpp
--- content/base/src/nsContentUtils.cpp.489131 2009-05-14 13:30:53.000000000 +0200
+++ content/base/src/nsContentUtils.cpp 2009-05-14 13:30:53.000000000 +0200
@@ -2310,24 +2310,25 @@ nsCxPusher::Push(nsISupports *aCurrentTa
if (mScx) {
NS_ERROR("Whaaa! No double pushing with nsCxPusher::Push()!");
return PR_FALSE;
}
nsCOMPtr<nsIScriptGlobalObject> sgo;
nsCOMPtr<nsIContent> content(do_QueryInterface(aCurrentTarget));
nsCOMPtr<nsIDocument> document;
if (content) {
document = content->GetOwnerDoc();
+ NS_ENSURE_TRUE(document, PR_FALSE);
}
if (!document) {
document = do_QueryInterface(aCurrentTarget);
}
if (document) {
nsCOMPtr<nsIDocument_MOZILLA_1_8_BRANCH3> branch3doc =
do_QueryInterface(document);
NS_ASSERTION(branch3doc,
"Document must implement nsIDocument_MOZILLA_1_8_BRANCH3!!!");
PRBool hasHadScriptObject = PR_TRUE;

91
www/firefox-esr/files/patch-ff-491801 Normal file
View File

@ -0,0 +1,91 @@
Index: netwerk/base/src/nsURLParsers.cpp
===================================================================
RCS file: /cvsroot/mozilla/netwerk/base/src/nsURLParsers.cpp,v
retrieving revision 1.32
diff -p -u -6 -r1.32 nsURLParsers.cpp
--- netwerk/base/src/nsURLParsers.cpp 24 Nov 2008 22:46:16 -0000 1.32
+++ netwerk/base/src/nsURLParsers.cpp 8 May 2009 01:31:15 -0000
@@ -385,12 +385,23 @@ nsBaseURLParser::ParseFileName(const cha
}
//----------------------------------------------------------------------------
// nsNoAuthURLParser implementation
//----------------------------------------------------------------------------
+NS_IMETHODIMP
+nsNoAuthURLParser::ParseAuthority(const char *auth, PRInt32 authLen,
+ PRUint32 *usernamePos, PRInt32 *usernameLen,
+ PRUint32 *passwordPos, PRInt32 *passwordLen,
+ PRUint32 *hostnamePos, PRInt32 *hostnameLen,
+ PRInt32 *port)
+{
+ NS_NOTREACHED("Shouldn't parse auth in a NoAuthURL!");
+ return NS_ERROR_UNEXPECTED;
+}
+
void
nsNoAuthURLParser::ParseAfterScheme(const char *spec, PRInt32 specLen,
PRUint32 *authPos, PRInt32 *authLen,
PRUint32 *pathPos, PRInt32 *pathLen)
{
NS_PRECONDITION(specLen >= 0, "unexpected");
@@ -416,17 +427,17 @@ nsNoAuthURLParser::ParseAfterScheme(cons
break;
}
#endif
p = (const char *) memchr(spec + 2, '/', specLen - 2);
}
if (p) {
- SET_RESULT(auth, 2, p - (spec + 2));
+ SET_RESULT(auth, 0, -1);
SET_RESULT(path, p - spec, specLen - (p - spec));
}
else {
- SET_RESULT(auth, 2, specLen - 2);
+ SET_RESULT(auth, 0, -1);
SET_RESULT(path, 0, -1);
}
return;
}
default:
pos = 2;
Index: netwerk/base/src/nsURLParsers.h
===================================================================
RCS file: /cvsroot/mozilla/netwerk/base/src/nsURLParsers.h,v
retrieving revision 1.4
diff -p -u -6 -r1.4 nsURLParsers.h
--- netwerk/base/src/nsURLParsers.h 18 Apr 2004 21:59:09 -0000 1.4
+++ netwerk/base/src/nsURLParsers.h 8 May 2009 01:31:15 -0000
@@ -67,25 +67,31 @@ protected:
// file:/foo/bar.txt (treated equivalently)
// file:///foo/bar.txt
//
// eg. file:////foo/bar.txt (UNC-filepath = \\foo\bar.txt)
//
// XXX except in this case:
-// file://foo/bar.txt (foo is authority)
+// file://foo/bar.txt (the authority "foo" is ignored)
//----------------------------------------------------------------------------
class nsNoAuthURLParser : public nsBaseURLParser
{
public:
#if defined(XP_WIN) || defined(XP_OS2)
NS_IMETHOD ParseFilePath(const char *, PRInt32,
PRUint32 *, PRInt32 *,
PRUint32 *, PRInt32 *,
PRUint32 *, PRInt32 *);
#endif
+ NS_IMETHOD ParseAuthority(const char *auth, PRInt32 authLen,
+ PRUint32 *usernamePos, PRInt32 *usernameLen,
+ PRUint32 *passwordPos, PRInt32 *passwordLen,
+ PRUint32 *hostnamePos, PRInt32 *hostnameLen,
+ PRInt32 *port);
+
void ParseAfterScheme(const char *spec, PRInt32 specLen,
PRUint32 *authPos, PRInt32 *authLen,
PRUint32 *pathPos, PRInt32 *pathLen);
};
//----------------------------------------------------------------------------

2
www/firefox/Makefile
View File

@ -8,7 +8,7 @@
PORTNAME= firefox
DISTVERSION= 2.0.0.20
PORTREVISION= 7
PORTREVISION= 8
PORTEPOCH= 1
CATEGORIES= www ipv6
MASTER_SITES= ${MASTER_SITE_MOZILLA_EXTENDED}

1184
www/firefox/files/patch-ff-479413 Normal file
View File

File diff suppressed because it is too large Load Diff

69
www/firefox/files/patch-ff-479560 Normal file
View File

@ -0,0 +1,69 @@
diff -up mozilla/js/src/xpconnect/src/xpcprivate.h.479560 mozilla/js/src/xpconnect/src/xpcprivate.h
--- js/src/xpconnect/src/xpcprivate.h.479560 2008-03-22 09:04:17.000000000 +0100
+++ js/src/xpconnect/src/xpcprivate.h 2009-05-13 14:56:10.000000000 +0200
@@ -2167,7 +2167,7 @@ private:
nsXPCWrappedJSClass(XPCCallContext& ccx, REFNSIID aIID,
nsIInterfaceInfo* aInfo);
- JSObject* NewOutObject(JSContext* cx);
+ JSObject* NewOutObject(JSContext* cx, JSObject* scope);
JSBool IsReflectable(uint16 i) const
{return (JSBool)(mDescriptors[i/32] & (1 << (i%32)));}
diff -up mozilla/js/src/xpconnect/src/xpcwrappedjsclass.cpp.479560 mozilla/js/src/xpconnect/src/xpcwrappedjsclass.cpp
--- js/src/xpconnect/src/xpcwrappedjsclass.cpp.479560 2007-06-30 01:21:28.000000000 +0200
+++ js/src/xpconnect/src/xpcwrappedjsclass.cpp 2009-05-13 14:51:35.000000000 +0200
@@ -1338,7 +1338,7 @@ nsXPCWrappedJSClass::CallMethod(nsXPCWra
if(param.IsOut())
{
// create an 'out' object
- JSObject* out_obj = NewOutObject(cx);
+ JSObject* out_obj = NewOutObject(cx, obj);
if(!out_obj)
{
retval = NS_ERROR_OUT_OF_MEMORY;
@@ -1706,9 +1706,9 @@ nsXPCWrappedJSClass::GetInterfaceName()
}
JSObject*
-nsXPCWrappedJSClass::NewOutObject(JSContext* cx)
+nsXPCWrappedJSClass::NewOutObject(JSContext* cx, JSObject* scope)
{
- return JS_NewObject(cx, nsnull, nsnull, nsnull);
+ return JS_NewObject(cx, nsnull, nsnull, JS_GetGlobalForObject(cx, scope));
}
diff -up mozilla/js/src/jsapi.c.old mozilla/js/src/jsapi.c
--- js/src/jsapi.c.old 2009-05-13 15:13:20.000000000 +0200
+++ js/src/jsapi.c 2009-05-13 15:13:32.000000000 +0200
@@ -122,6 +122,16 @@ JS_GetPositiveInfinityValue(JSContext *c
return DOUBLE_TO_JSVAL(cx->runtime->jsPositiveInfinity);
}
+JS_PUBLIC_API(JSObject *)
+JS_GetGlobalForObject(JSContext *cx, JSObject *obj)
+{
+ JSObject *parent;
+
+ while ((parent = OBJ_GET_PARENT(cx, obj)) != NULL)
+ obj = parent;
+ return obj;
+}
+
JS_PUBLIC_API(jsval)
JS_GetEmptyStringValue(JSContext *cx)
{
diff -up mozilla/js/src/jsapi.h.old mozilla/js/src/jsapi.h
--- js/src/jsapi.h.old 2009-05-13 15:13:20.000000000 +0200
+++ js/src/jsapi.h 2009-05-13 15:13:32.000000000 +0200
@@ -668,6 +668,9 @@ JS_DumpNamedRoots(JSRuntime *rt,
void *data);
#endif
+extern JS_PUBLIC_API(JSObject *)
+JS_GetGlobalForObject(JSContext *cx, JSObject *obj);
+
/*
* Call JS_MapGCRoots to map the GC's roots table using map(rp, name, data).
* The root is pointed at by rp; if the root is unnamed, name is null; data is

145
www/firefox/files/patch-ff-479880 Normal file
View File

@ -0,0 +1,145 @@
? 1.8.patch
Index: nsHttpChannel.cpp
===================================================================
RCS file: /cvsroot/mozilla/netwerk/protocol/http/src/nsHttpChannel.cpp,v
retrieving revision 1.256.2.22
diff -U 8 -p -p -r1.256.2.22 nsHttpChannel.cpp
--- netwerk/protocol/http/src/nsHttpChannel.cpp 20 Jul 2006 22:59:31 -0000 1.256.2.22
+++ netwerk/protocol/http/src/nsHttpChannel.cpp 28 May 2009 20:20:06 -0000
@@ -755,24 +755,92 @@ nsHttpChannel::CallOnStartRequest()
// install stream converter if required
ApplyContentConversions();
return rv;
}
nsresult
+nsHttpChannel::ProcessFailedSSLConnect(PRUint32 httpStatus)
+{
+ // Failure to set up SSL proxy tunnel means one of the following:
+ // 1) Proxy wants authorization, or forbids.
+ // 2) DNS at proxy couldn't resolve target URL.
+ // 3) Proxy connection to target failed or timed out.
+ // 4) Eve noticed our proxy CONNECT, and is replying with malicious HTML.
+ //
+ // Our current architecture will parse response content with the
+ // permission of the target URL! Given #4, we must avoid rendering the
+ // body of the reply, and instead give the user a (hopefully helpful)
+ // boilerplate error page, based on just the HTTP status of the reply.
+
+ NS_ABORT_IF_FALSE(mConnectionInfo->UsingSSL(),
+ "SSL connect failed but not using SSL?");
+ nsresult rv;
+ switch (httpStatus)
+ {
+ case 403: // HTTP/1.1: "Forbidden"
+ case 407: // ProcessAuthentication() failed
+ case 501: // HTTP/1.1: "Not Implemented"
+ // user sees boilerplate Mozilla "Proxy Refused Connection" page.
+ rv = NS_ERROR_PROXY_CONNECTION_REFUSED;
+ break;
+ // Squid sends 404 if DNS fails (regular 404 from target is tunneled)
+ case 404: // HTTP/1.1: "Not Found"
+ // RFC 2616: "some deployed proxies are known to return 400 or 500 when
+ // DNS lookups time out." (Squid uses 500 if it runs out of sockets: so
+ // we have a conflict here).
+ case 400: // HTTP/1.1 "Bad Request"
+ case 500: // HTTP/1.1: "Internal Server Error"
+ /* User sees: "Address Not Found: Firefox can't find the server at
+ * www.foo.com."
+ */
+ rv = NS_ERROR_UNKNOWN_HOST;
+ break;
+ case 502: // HTTP/1.1: "Bad Gateway" (invalid resp from target server)
+ // Squid returns 503 if target request fails for anything but DNS.
+ case 503: // HTTP/1.1: "Service Unavailable"
+ /* User sees: "Failed to Connect:
+ * Firefox can't establish a connection to the server at
+ * www.foo.com. Though the site seems valid, the browser
+ * was unable to establish a connection."
+ */
+ rv = NS_ERROR_CONNECTION_REFUSED;
+ break;
+ // RFC 2616 uses 504 for both DNS and target timeout, so not clear what to
+ // do here: picking target timeout, as DNS covered by 400/404/500
+ case 504: // HTTP/1.1: "Gateway Timeout"
+ // user sees: "Network Timeout: The server at www.foo.com
+ // is taking too long to respond."
+ rv = NS_ERROR_NET_TIMEOUT;
+ break;
+ // Confused proxy server or malicious response
+ default:
+ rv = NS_ERROR_PROXY_CONNECTION_REFUSED;
+ break;
+ }
+ LOG(("Cancelling failed SSL proxy connection [this=%x httpStatus=%u]\n",
+ this, httpStatus));
+ Cancel(rv);
+ return rv;
+}
+
+nsresult
nsHttpChannel::ProcessResponse()
{
nsresult rv;
PRUint32 httpStatus = mResponseHead->Status();
LOG(("nsHttpChannel::ProcessResponse [this=%x httpStatus=%u]\n",
this, httpStatus));
+ if (mTransaction->SSLConnectFailed() && httpStatus != 407)
+ return ProcessFailedSSLConnect(httpStatus);
+
// notify "http-on-examine-response" observers
gHttpHandler->OnExamineResponse(this);
// set cookies, if any exist; done after OnExamineResponse to allow those
// observers to modify the cookie response headers
SetCookie(mResponseHead->PeekHeader(nsHttp::Set_Cookie));
// handle unused username and password in url (see bug 232567)
@@ -837,16 +905,18 @@ nsHttpChannel::ProcessResponse()
rv = ProcessNormal();
}
break;
case 401:
case 407:
rv = ProcessAuthentication(httpStatus);
if (NS_FAILED(rv)) {
LOG(("ProcessAuthentication failed [rv=%x]\n", rv));
+ if (mTransaction->SSLConnectFailed())
+ return ProcessFailedSSLConnect(httpStatus);
CheckForSuperfluousAuth();
rv = ProcessNormal();
}
break;
case 412: // Precondition failed
case 416: // Invalid range
if (mResuming) {
Cancel(NS_ERROR_ENTITY_CHANGED);
Index: nsHttpChannel.h
===================================================================
RCS file: /cvsroot/mozilla/netwerk/protocol/http/src/nsHttpChannel.h,v
retrieving revision 1.70.4.5
diff -U 8 -p -p -r1.70.4.5 nsHttpChannel.h
--- netwerk/protocol/http/src/nsHttpChannel.h 27 Jun 2006 20:27:29 -0000 1.70.4.5
+++ netwerk/protocol/http/src/nsHttpChannel.h 28 May 2009 20:20:06 -0000
@@ -155,16 +155,17 @@ private:
nsresult SetupTransaction();
void AddCookiesToRequest();
void ApplyContentConversions();
nsresult CallOnStartRequest();
nsresult ProcessResponse();
nsresult ProcessNormal();
nsresult ProcessNotModified();
nsresult ProcessRedirection(PRUint32 httpStatus);
+ nsresult ProcessFailedSSLConnect(PRUint32 httpStatus);
nsresult ProcessAuthentication(PRUint32 httpStatus);
PRBool ResponseWouldVary();
// redirection specific methods
void HandleAsyncRedirect();
void HandleAsyncNotModified();
nsresult PromptTempRedirect();
nsresult SetupReplacementChannel(nsIURI *, nsIChannel *, PRBool preserveMethod);

29
www/firefox/files/patch-ff-489131 Normal file
View File

@ -0,0 +1,29 @@
diff -U12 -up mozilla/content/base/src/nsContentUtils.cpp.489131 mozilla/content/base/src/nsContentUtils.cpp
--- content/base/src/nsContentUtils.cpp.489131 2009-05-14 13:30:53.000000000 +0200
+++ content/base/src/nsContentUtils.cpp 2009-05-14 13:30:53.000000000 +0200
@@ -2310,24 +2310,25 @@ nsCxPusher::Push(nsISupports *aCurrentTa
if (mScx) {
NS_ERROR("Whaaa! No double pushing with nsCxPusher::Push()!");
return PR_FALSE;
}
nsCOMPtr<nsIScriptGlobalObject> sgo;
nsCOMPtr<nsIContent> content(do_QueryInterface(aCurrentTarget));
nsCOMPtr<nsIDocument> document;
if (content) {
document = content->GetOwnerDoc();
+ NS_ENSURE_TRUE(document, PR_FALSE);
}
if (!document) {
document = do_QueryInterface(aCurrentTarget);
}
if (document) {
nsCOMPtr<nsIDocument_MOZILLA_1_8_BRANCH3> branch3doc =
do_QueryInterface(document);
NS_ASSERTION(branch3doc,
"Document must implement nsIDocument_MOZILLA_1_8_BRANCH3!!!");
PRBool hasHadScriptObject = PR_TRUE;

91
www/firefox/files/patch-ff-491801 Normal file
View File

@ -0,0 +1,91 @@
Index: netwerk/base/src/nsURLParsers.cpp
===================================================================
RCS file: /cvsroot/mozilla/netwerk/base/src/nsURLParsers.cpp,v
retrieving revision 1.32
diff -p -u -6 -r1.32 nsURLParsers.cpp
--- netwerk/base/src/nsURLParsers.cpp 24 Nov 2008 22:46:16 -0000 1.32
+++ netwerk/base/src/nsURLParsers.cpp 8 May 2009 01:31:15 -0000
@@ -385,12 +385,23 @@ nsBaseURLParser::ParseFileName(const cha
}
//----------------------------------------------------------------------------
// nsNoAuthURLParser implementation
//----------------------------------------------------------------------------
+NS_IMETHODIMP
+nsNoAuthURLParser::ParseAuthority(const char *auth, PRInt32 authLen,
+ PRUint32 *usernamePos, PRInt32 *usernameLen,
+ PRUint32 *passwordPos, PRInt32 *passwordLen,
+ PRUint32 *hostnamePos, PRInt32 *hostnameLen,
+ PRInt32 *port)
+{
+ NS_NOTREACHED("Shouldn't parse auth in a NoAuthURL!");
+ return NS_ERROR_UNEXPECTED;
+}
+
void
nsNoAuthURLParser::ParseAfterScheme(const char *spec, PRInt32 specLen,
PRUint32 *authPos, PRInt32 *authLen,
PRUint32 *pathPos, PRInt32 *pathLen)
{
NS_PRECONDITION(specLen >= 0, "unexpected");
@@ -416,17 +427,17 @@ nsNoAuthURLParser::ParseAfterScheme(cons
break;
}
#endif
p = (const char *) memchr(spec + 2, '/', specLen - 2);
}
if (p) {
- SET_RESULT(auth, 2, p - (spec + 2));
+ SET_RESULT(auth, 0, -1);
SET_RESULT(path, p - spec, specLen - (p - spec));
}
else {
- SET_RESULT(auth, 2, specLen - 2);
+ SET_RESULT(auth, 0, -1);
SET_RESULT(path, 0, -1);
}
return;
}
default:
pos = 2;
Index: netwerk/base/src/nsURLParsers.h
===================================================================
RCS file: /cvsroot/mozilla/netwerk/base/src/nsURLParsers.h,v
retrieving revision 1.4
diff -p -u -6 -r1.4 nsURLParsers.h
--- netwerk/base/src/nsURLParsers.h 18 Apr 2004 21:59:09 -0000 1.4
+++ netwerk/base/src/nsURLParsers.h 8 May 2009 01:31:15 -0000
@@ -67,25 +67,31 @@ protected:
// file:/foo/bar.txt (treated equivalently)
// file:///foo/bar.txt
//
// eg. file:////foo/bar.txt (UNC-filepath = \\foo\bar.txt)
//
// XXX except in this case:
-// file://foo/bar.txt (foo is authority)
+// file://foo/bar.txt (the authority "foo" is ignored)
//----------------------------------------------------------------------------
class nsNoAuthURLParser : public nsBaseURLParser
{
public:
#if defined(XP_WIN) || defined(XP_OS2)
NS_IMETHOD ParseFilePath(const char *, PRInt32,
PRUint32 *, PRInt32 *,
PRUint32 *, PRInt32 *,
PRUint32 *, PRInt32 *);
#endif
+ NS_IMETHOD ParseAuthority(const char *auth, PRInt32 authLen,
+ PRUint32 *usernamePos, PRInt32 *usernameLen,
+ PRUint32 *passwordPos, PRInt32 *passwordLen,
+ PRUint32 *hostnamePos, PRInt32 *hostnameLen,
+ PRInt32 *port);
+
void ParseAfterScheme(const char *spec, PRInt32 specLen,
PRUint32 *authPos, PRInt32 *authLen,
PRUint32 *pathPos, PRInt32 *pathLen);
};
//----------------------------------------------------------------------------

2
www/firefox36/Makefile
View File

@ -8,7 +8,7 @@
PORTNAME= firefox
DISTVERSION= 2.0.0.20
PORTREVISION= 7
PORTREVISION= 8
PORTEPOCH= 1
CATEGORIES= www ipv6
MASTER_SITES= ${MASTER_SITE_MOZILLA_EXTENDED}

1184
www/firefox36/files/patch-ff-479413 Normal file
View File

File diff suppressed because it is too large Load Diff

69
www/firefox36/files/patch-ff-479560 Normal file
View File

@ -0,0 +1,69 @@
diff -up mozilla/js/src/xpconnect/src/xpcprivate.h.479560 mozilla/js/src/xpconnect/src/xpcprivate.h
--- js/src/xpconnect/src/xpcprivate.h.479560 2008-03-22 09:04:17.000000000 +0100
+++ js/src/xpconnect/src/xpcprivate.h 2009-05-13 14:56:10.000000000 +0200
@@ -2167,7 +2167,7 @@ private:
nsXPCWrappedJSClass(XPCCallContext& ccx, REFNSIID aIID,
nsIInterfaceInfo* aInfo);
- JSObject* NewOutObject(JSContext* cx);
+ JSObject* NewOutObject(JSContext* cx, JSObject* scope);
JSBool IsReflectable(uint16 i) const
{return (JSBool)(mDescriptors[i/32] & (1 << (i%32)));}
diff -up mozilla/js/src/xpconnect/src/xpcwrappedjsclass.cpp.479560 mozilla/js/src/xpconnect/src/xpcwrappedjsclass.cpp
--- js/src/xpconnect/src/xpcwrappedjsclass.cpp.479560 2007-06-30 01:21:28.000000000 +0200
+++ js/src/xpconnect/src/xpcwrappedjsclass.cpp 2009-05-13 14:51:35.000000000 +0200
@@ -1338,7 +1338,7 @@ nsXPCWrappedJSClass::CallMethod(nsXPCWra
if(param.IsOut())
{
// create an 'out' object
- JSObject* out_obj = NewOutObject(cx);
+ JSObject* out_obj = NewOutObject(cx, obj);
if(!out_obj)
{
retval = NS_ERROR_OUT_OF_MEMORY;
@@ -1706,9 +1706,9 @@ nsXPCWrappedJSClass::GetInterfaceName()
}
JSObject*
-nsXPCWrappedJSClass::NewOutObject(JSContext* cx)
+nsXPCWrappedJSClass::NewOutObject(JSContext* cx, JSObject* scope)
{
- return JS_NewObject(cx, nsnull, nsnull, nsnull);
+ return JS_NewObject(cx, nsnull, nsnull, JS_GetGlobalForObject(cx, scope));
}
diff -up mozilla/js/src/jsapi.c.old mozilla/js/src/jsapi.c
--- js/src/jsapi.c.old 2009-05-13 15:13:20.000000000 +0200
+++ js/src/jsapi.c 2009-05-13 15:13:32.000000000 +0200
@@ -122,6 +122,16 @@ JS_GetPositiveInfinityValue(JSContext *c
return DOUBLE_TO_JSVAL(cx->runtime->jsPositiveInfinity);
}
+JS_PUBLIC_API(JSObject *)
+JS_GetGlobalForObject(JSContext *cx, JSObject *obj)
+{
+ JSObject *parent;
+
+ while ((parent = OBJ_GET_PARENT(cx, obj)) != NULL)
+ obj = parent;
+ return obj;
+}
+
JS_PUBLIC_API(jsval)
JS_GetEmptyStringValue(JSContext *cx)
{
diff -up mozilla/js/src/jsapi.h.old mozilla/js/src/jsapi.h
--- js/src/jsapi.h.old 2009-05-13 15:13:20.000000000 +0200
+++ js/src/jsapi.h 2009-05-13 15:13:32.000000000 +0200
@@ -668,6 +668,9 @@ JS_DumpNamedRoots(JSRuntime *rt,
void *data);
#endif
+extern JS_PUBLIC_API(JSObject *)
+JS_GetGlobalForObject(JSContext *cx, JSObject *obj);
+
/*
* Call JS_MapGCRoots to map the GC's roots table using map(rp, name, data).
* The root is pointed at by rp; if the root is unnamed, name is null; data is

145
www/firefox36/files/patch-ff-479880 Normal file
View File

@ -0,0 +1,145 @@
? 1.8.patch
Index: nsHttpChannel.cpp
===================================================================
RCS file: /cvsroot/mozilla/netwerk/protocol/http/src/nsHttpChannel.cpp,v
retrieving revision 1.256.2.22
diff -U 8 -p -p -r1.256.2.22 nsHttpChannel.cpp
--- netwerk/protocol/http/src/nsHttpChannel.cpp 20 Jul 2006 22:59:31 -0000 1.256.2.22
+++ netwerk/protocol/http/src/nsHttpChannel.cpp 28 May 2009 20:20:06 -0000
@@ -755,24 +755,92 @@ nsHttpChannel::CallOnStartRequest()
// install stream converter if required
ApplyContentConversions();
return rv;
}
nsresult
+nsHttpChannel::ProcessFailedSSLConnect(PRUint32 httpStatus)
+{
+ // Failure to set up SSL proxy tunnel means one of the following:
+ // 1) Proxy wants authorization, or forbids.
+ // 2) DNS at proxy couldn't resolve target URL.
+ // 3) Proxy connection to target failed or timed out.
+ // 4) Eve noticed our proxy CONNECT, and is replying with malicious HTML.
+ //
+ // Our current architecture will parse response content with the
+ // permission of the target URL! Given #4, we must avoid rendering the
+ // body of the reply, and instead give the user a (hopefully helpful)
+ // boilerplate error page, based on just the HTTP status of the reply.
+
+ NS_ABORT_IF_FALSE(mConnectionInfo->UsingSSL(),
+ "SSL connect failed but not using SSL?");
+ nsresult rv;
+ switch (httpStatus)
+ {
+ case 403: // HTTP/1.1: "Forbidden"
+ case 407: // ProcessAuthentication() failed
+ case 501: // HTTP/1.1: "Not Implemented"
+ // user sees boilerplate Mozilla "Proxy Refused Connection" page.
+ rv = NS_ERROR_PROXY_CONNECTION_REFUSED;
+ break;
+ // Squid sends 404 if DNS fails (regular 404 from target is tunneled)
+ case 404: // HTTP/1.1: "Not Found"
+ // RFC 2616: "some deployed proxies are known to return 400 or 500 when
+ // DNS lookups time out." (Squid uses 500 if it runs out of sockets: so
+ // we have a conflict here).
+ case 400: // HTTP/1.1 "Bad Request"
+ case 500: // HTTP/1.1: "Internal Server Error"
+ /* User sees: "Address Not Found: Firefox can't find the server at
+ * www.foo.com."
+ */
+ rv = NS_ERROR_UNKNOWN_HOST;
+ break;
+ case 502: // HTTP/1.1: "Bad Gateway" (invalid resp from target server)
+ // Squid returns 503 if target request fails for anything but DNS.
+ case 503: // HTTP/1.1: "Service Unavailable"
+ /* User sees: "Failed to Connect:
+ * Firefox can't establish a connection to the server at
+ * www.foo.com. Though the site seems valid, the browser
+ * was unable to establish a connection."
+ */
+ rv = NS_ERROR_CONNECTION_REFUSED;
+ break;
+ // RFC 2616 uses 504 for both DNS and target timeout, so not clear what to
+ // do here: picking target timeout, as DNS covered by 400/404/500
+ case 504: // HTTP/1.1: "Gateway Timeout"
+ // user sees: "Network Timeout: The server at www.foo.com
+ // is taking too long to respond."
+ rv = NS_ERROR_NET_TIMEOUT;
+ break;
+ // Confused proxy server or malicious response
+ default:
+ rv = NS_ERROR_PROXY_CONNECTION_REFUSED;
+ break;
+ }
+ LOG(("Cancelling failed SSL proxy connection [this=%x httpStatus=%u]\n",
+ this, httpStatus));
+ Cancel(rv);
+ return rv;
+}
+
+nsresult
nsHttpChannel::ProcessResponse()
{
nsresult rv;
PRUint32 httpStatus = mResponseHead->Status();
LOG(("nsHttpChannel::ProcessResponse [this=%x httpStatus=%u]\n",
this, httpStatus));
+ if (mTransaction->SSLConnectFailed() && httpStatus != 407)
+ return ProcessFailedSSLConnect(httpStatus);
+
// notify "http-on-examine-response" observers
gHttpHandler->OnExamineResponse(this);
// set cookies, if any exist; done after OnExamineResponse to allow those
// observers to modify the cookie response headers
SetCookie(mResponseHead->PeekHeader(nsHttp::Set_Cookie));
// handle unused username and password in url (see bug 232567)
@@ -837,16 +905,18 @@ nsHttpChannel::ProcessResponse()
rv = ProcessNormal();
}
break;
case 401:
case 407:
rv = ProcessAuthentication(httpStatus);
if (NS_FAILED(rv)) {
LOG(("ProcessAuthentication failed [rv=%x]\n", rv));
+ if (mTransaction->SSLConnectFailed())
+ return ProcessFailedSSLConnect(httpStatus);
CheckForSuperfluousAuth();
rv = ProcessNormal();
}
break;
case 412: // Precondition failed
case 416: // Invalid range
if (mResuming) {
Cancel(NS_ERROR_ENTITY_CHANGED);
Index: nsHttpChannel.h
===================================================================
RCS file: /cvsroot/mozilla/netwerk/protocol/http/src/nsHttpChannel.h,v
retrieving revision 1.70.4.5
diff -U 8 -p -p -r1.70.4.5 nsHttpChannel.h
--- netwerk/protocol/http/src/nsHttpChannel.h 27 Jun 2006 20:27:29 -0000 1.70.4.5
+++ netwerk/protocol/http/src/nsHttpChannel.h 28 May 2009 20:20:06 -0000
@@ -155,16 +155,17 @@ private:
nsresult SetupTransaction();
void AddCookiesToRequest();
void ApplyContentConversions();
nsresult CallOnStartRequest();
nsresult ProcessResponse();
nsresult ProcessNormal();
nsresult ProcessNotModified();
nsresult ProcessRedirection(PRUint32 httpStatus);
+ nsresult ProcessFailedSSLConnect(PRUint32 httpStatus);
nsresult ProcessAuthentication(PRUint32 httpStatus);
PRBool ResponseWouldVary();
// redirection specific methods
void HandleAsyncRedirect();
void HandleAsyncNotModified();
nsresult PromptTempRedirect();
nsresult SetupReplacementChannel(nsIURI *, nsIChannel *, PRBool preserveMethod);

29
www/firefox36/files/patch-ff-489131 Normal file
View File

@ -0,0 +1,29 @@
diff -U12 -up mozilla/content/base/src/nsContentUtils.cpp.489131 mozilla/content/base/src/nsContentUtils.cpp
--- content/base/src/nsContentUtils.cpp.489131 2009-05-14 13:30:53.000000000 +0200
+++ content/base/src/nsContentUtils.cpp 2009-05-14 13:30:53.000000000 +0200
@@ -2310,24 +2310,25 @@ nsCxPusher::Push(nsISupports *aCurrentTa
if (mScx) {
NS_ERROR("Whaaa! No double pushing with nsCxPusher::Push()!");
return PR_FALSE;
}
nsCOMPtr<nsIScriptGlobalObject> sgo;
nsCOMPtr<nsIContent> content(do_QueryInterface(aCurrentTarget));
nsCOMPtr<nsIDocument> document;
if (content) {
document = content->GetOwnerDoc();
+ NS_ENSURE_TRUE(document, PR_FALSE);
}
if (!document) {
document = do_QueryInterface(aCurrentTarget);
}
if (document) {
nsCOMPtr<nsIDocument_MOZILLA_1_8_BRANCH3> branch3doc =
do_QueryInterface(document);
NS_ASSERTION(branch3doc,
"Document must implement nsIDocument_MOZILLA_1_8_BRANCH3!!!");
PRBool hasHadScriptObject = PR_TRUE;

91
www/firefox36/files/patch-ff-491801 Normal file
View File

@ -0,0 +1,91 @@
Index: netwerk/base/src/nsURLParsers.cpp
===================================================================
RCS file: /cvsroot/mozilla/netwerk/base/src/nsURLParsers.cpp,v
retrieving revision 1.32
diff -p -u -6 -r1.32 nsURLParsers.cpp
--- netwerk/base/src/nsURLParsers.cpp 24 Nov 2008 22:46:16 -0000 1.32
+++ netwerk/base/src/nsURLParsers.cpp 8 May 2009 01:31:15 -0000
@@ -385,12 +385,23 @@ nsBaseURLParser::ParseFileName(const cha
}
//----------------------------------------------------------------------------
// nsNoAuthURLParser implementation
//----------------------------------------------------------------------------
+NS_IMETHODIMP
+nsNoAuthURLParser::ParseAuthority(const char *auth, PRInt32 authLen,
+ PRUint32 *usernamePos, PRInt32 *usernameLen,
+ PRUint32 *passwordPos, PRInt32 *passwordLen,
+ PRUint32 *hostnamePos, PRInt32 *hostnameLen,
+ PRInt32 *port)
+{
+ NS_NOTREACHED("Shouldn't parse auth in a NoAuthURL!");
+ return NS_ERROR_UNEXPECTED;
+}
+
void
nsNoAuthURLParser::ParseAfterScheme(const char *spec, PRInt32 specLen,
PRUint32 *authPos, PRInt32 *authLen,
PRUint32 *pathPos, PRInt32 *pathLen)
{
NS_PRECONDITION(specLen >= 0, "unexpected");
@@ -416,17 +427,17 @@ nsNoAuthURLParser::ParseAfterScheme(cons
break;
}
#endif
p = (const char *) memchr(spec + 2, '/', specLen - 2);
}
if (p) {
- SET_RESULT(auth, 2, p - (spec + 2));
+ SET_RESULT(auth, 0, -1);
SET_RESULT(path, p - spec, specLen - (p - spec));
}
else {
- SET_RESULT(auth, 2, specLen - 2);
+ SET_RESULT(auth, 0, -1);
SET_RESULT(path, 0, -1);
}
return;
}
default:
pos = 2;
Index: netwerk/base/src/nsURLParsers.h
===================================================================
RCS file: /cvsroot/mozilla/netwerk/base/src/nsURLParsers.h,v
retrieving revision 1.4
diff -p -u -6 -r1.4 nsURLParsers.h
--- netwerk/base/src/nsURLParsers.h 18 Apr 2004 21:59:09 -0000 1.4
+++ netwerk/base/src/nsURLParsers.h 8 May 2009 01:31:15 -0000
@@ -67,25 +67,31 @@ protected:
// file:/foo/bar.txt (treated equivalently)
// file:///foo/bar.txt
//
// eg. file:////foo/bar.txt (UNC-filepath = \\foo\bar.txt)
//
// XXX except in this case:
-// file://foo/bar.txt (foo is authority)
+// file://foo/bar.txt (the authority "foo" is ignored)
//----------------------------------------------------------------------------
class nsNoAuthURLParser : public nsBaseURLParser
{
public:
#if defined(XP_WIN) || defined(XP_OS2)
NS_IMETHOD ParseFilePath(const char *, PRInt32,
PRUint32 *, PRInt32 *,
PRUint32 *, PRInt32 *,
PRUint32 *, PRInt32 *);
#endif
+ NS_IMETHOD ParseAuthority(const char *auth, PRInt32 authLen,
+ PRUint32 *usernamePos, PRInt32 *usernameLen,
+ PRUint32 *passwordPos, PRInt32 *passwordLen,
+ PRUint32 *hostnamePos, PRInt32 *hostnameLen,
+ PRInt32 *port);
+
void ParseAfterScheme(const char *spec, PRInt32 specLen,
PRUint32 *authPos, PRInt32 *authLen,
PRUint32 *pathPos, PRInt32 *pathLen);
};
//----------------------------------------------------------------------------