From c3499ad6b8cfdf1c6b09aa51f9f681a5be6c8962 Mon Sep 17 00:00:00 2001 From: Mark H Weaver Date: Thu, 10 Mar 2016 02:57:05 -0500 Subject: gnu: icecat: Add several security fixes. * gnu/packages/patches/icecat-CVE-2015-4477.patch, gnu/packages/patches/icecat-CVE-2015-7207.patch, gnu/packages/patches/icecat-CVE-2016-1952-pt01.patch, gnu/packages/patches/icecat-CVE-2016-1952-pt02.patch, gnu/packages/patches/icecat-CVE-2016-1952-pt03.patch, gnu/packages/patches/icecat-CVE-2016-1952-pt04.patch, gnu/packages/patches/icecat-CVE-2016-1952-pt05.patch, gnu/packages/patches/icecat-CVE-2016-1952-pt06.patch, gnu/packages/patches/icecat-CVE-2016-1954.patch, gnu/packages/patches/icecat-CVE-2016-1960.patch, gnu/packages/patches/icecat-CVE-2016-1961.patch, gnu/packages/patches/icecat-CVE-2016-1962.patch, gnu/packages/patches/icecat-CVE-2016-1964.patch, gnu/packages/patches/icecat-CVE-2016-1965.patch, gnu/packages/patches/icecat-CVE-2016-1966.patch, gnu/packages/patches/icecat-CVE-2016-1974.patch, gnu/packages/patches/icecat-bug-1248851.patch: New files. * gnu-system.am (dist_patch_DATA): Add them. * gnu/packages/gnuzilla.scm (icecat)[source]: Add patches. --- gnu/packages/patches/icecat-bug-1248851.patch | 37 +++++++++++++++++++++++++++ 1 file changed, 37 insertions(+) create mode 100644 gnu/packages/patches/icecat-bug-1248851.patch (limited to 'gnu/packages/patches/icecat-bug-1248851.patch') diff --git a/gnu/packages/patches/icecat-bug-1248851.patch b/gnu/packages/patches/icecat-bug-1248851.patch new file mode 100644 index 0000000000..ea4d6831b5 --- /dev/null +++ b/gnu/packages/patches/icecat-bug-1248851.patch @@ -0,0 +1,37 @@ +Copied from upstream: +https://hg.mozilla.org/releases/mozilla-esr38/raw-rev/8c1d40e45a72 + +# HG changeset patch +# User Xidorn Quan +# Date 1456199544 -28800 +# Node ID 8c1d40e45a72c6432e879137a0afa519dc6c9841 +# Parent 1dd0ca8e70bd77b6fd93f36cc4e9c2cebfe8ba0a +Bug 1248851 - r=sicking, a=ritu + +diff --git a/dom/indexedDB/ActorsParent.cpp b/dom/indexedDB/ActorsParent.cpp +--- a/dom/indexedDB/ActorsParent.cpp ++++ b/dom/indexedDB/ActorsParent.cpp +@@ -14823,22 +14823,19 @@ ObjectStoreAddOrPutRequestOp::DoDatabase + } + + snappy::RawCompress(uncompressed, uncompressedLength, compressed, + &compressedLength); + + uint8_t* dataBuffer = reinterpret_cast(compressed); + size_t dataBufferLength = compressedLength; + +- // If this call succeeds, | compressed | is now owned by the statement, and +- // we are no longer responsible for it. + rv = stmt->BindAdoptedBlobByName(NS_LITERAL_CSTRING("data"), dataBuffer, + dataBufferLength); + if (NS_WARN_IF(NS_FAILED(rv))) { +- moz_free(compressed); + return rv; + } + } + + nsCOMPtr fileDirectory; + nsCOMPtr journalDirectory; + + if (mFileManager) { + -- cgit v1.2.3