diff options
| author | taya <taya@pkgsrc.org> | 2002-05-07 23:45:49 +0000 |
|---|---|---|
| committer | taya <taya@pkgsrc.org> | 2002-05-07 23:45:49 +0000 |
| commit | ecd1633354a92f90ad5a4e2474a677338d790663 (patch) | |
| tree | 7b9723dfecfcbedf0e347802a8593368069e08f7 /www/mozilla | |
| parent | 20f764fc52d3faceac700c230df7b96ece96e4b9 (diff) | |
| download | pkgsrc-ecd1633354a92f90ad5a4e2474a677338d790663.tar.gz | |
Add security fix for " Bugzilla Bug 141061 XMLHttpRequest allows reading of local files"
See bugzilla for detail:
http://bugzilla.mozilla.org/show_bug.cgi?id=141061
Demo of this vulnerability:
http://sec.greymagic.com/adv/gm001-ns/
Diffstat (limited to 'www/mozilla')
| -rw-r--r-- | www/mozilla/Makefile | 3 | ||||
| -rw-r--r-- | www/mozilla/distinfo | 3 | ||||
| -rw-r--r-- | www/mozilla/patches/patch-security_fix | 99 |
3 files changed, 103 insertions, 2 deletions
diff --git a/www/mozilla/Makefile b/www/mozilla/Makefile index bb2ddc76dcd..1f0bb17b45d 100644 --- a/www/mozilla/Makefile +++ b/www/mozilla/Makefile @@ -1,8 +1,9 @@ -# $NetBSD: Makefile,v 1.83 2002/04/25 15:52:44 taya Exp $ +# $NetBSD: Makefile,v 1.84 2002/05/07 23:45:49 taya Exp $ MOZ_VER= 1.0rc1 DISTNAME= mozilla-source-1.0.rc1 PKGNAME= mozilla-${MOZ_VER} +PKGREVISION= 1 WRKSRC= ${WRKDIR}/mozilla CATEGORIES= www MASTER_SITES= ftp://ftp.mozilla.org/pub/mozilla/releases/mozilla${MOZ_VER}/src/ \ diff --git a/www/mozilla/distinfo b/www/mozilla/distinfo index efa3e59b2ac..ad0c0a4e67f 100644 --- a/www/mozilla/distinfo +++ b/www/mozilla/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.17 2002/04/25 15:52:45 taya Exp $ +$NetBSD: distinfo,v 1.18 2002/05/07 23:45:49 taya Exp $ SHA1 (mozilla-source-1.0.rc1.tar.bz2) = ae20fe87f9d7fe33e97897525e21be9580949cee Size (mozilla-source-1.0.rc1.tar.bz2) = 29528701 bytes @@ -15,3 +15,4 @@ SHA1 (patch-bh) = f6b22f6df0c330ca807926263fdf48ed89106df1 SHA1 (patch-bi) = 9fe409b736dc98eded947d3b7ee1792b174ef9e9 SHA1 (patch-bj) = 5693349418802026d861c1f10b1addfc4f71cc7f SHA1 (patch-bk) = e45a7a1a42283cbc774c525dd0853863ccbc66f1 +SHA1 (patch-security_fix) = c8c75e6ebd1ebe38857363bed247268b53340d12 diff --git a/www/mozilla/patches/patch-security_fix b/www/mozilla/patches/patch-security_fix new file mode 100644 index 00000000000..51f9ac2db5a --- /dev/null +++ b/www/mozilla/patches/patch-security_fix @@ -0,0 +1,99 @@ +$NetBSD: patch-security_fix,v 1.1 2002/05/07 23:45:50 taya Exp $ + +Index: uriloader/base/nsDocLoader.cpp +=================================================================== +RCS file: /cvsroot/mozilla/uriloader/base/nsDocLoader.cpp,v +retrieving revision 3.251 +diff -u -r3.251 nsDocLoader.cpp +--- uriloader/base/nsDocLoader.cpp 17 Apr 2002 03:48:37 -0000 3.251 ++++ uriloader/base/nsDocLoader.cpp 30 Apr 2002 19:02:19 -0000 +@@ -1263,6 +1263,7 @@ + rv = aNewChannel->GetURI(getter_AddRefs(newURI)); + if (NS_FAILED(rv)) return rv; + ++#ifdef HTTP_DOESNT_CALL_CHECKLOADURI + // verify that this is a legal redirect + nsCOMPtr<nsIScriptSecurityManager> securityManager = + do_GetService(NS_SCRIPTSECURITYMANAGER_CONTRACTID, &rv); +@@ -1270,6 +1271,7 @@ + rv = securityManager->CheckLoadURI(oldURI, newURI, + nsIScriptSecurityManager::DISALLOW_FROM_MAIL); + if (NS_FAILED(rv)) return rv; ++#endif + + nsLoadFlags loadFlags = 0; + PRInt32 stateFlags = nsIWebProgressListener::STATE_REDIRECTING | +Index: netwerk/protocol/http/src/Makefile.in +=================================================================== +RCS file: /cvsroot/mozilla/netwerk/protocol/http/src/Makefile.in,v +retrieving revision 1.56 +diff -u -r1.56 Makefile.in +--- netwerk/protocol/http/src/Makefile.in 19 Apr 2002 22:25:18 -0000 1.56 ++++ netwerk/protocol/http/src/Makefile.in 30 Apr 2002 19:02:19 -0000 +@@ -36,6 +36,8 @@ + intl \ + exthandler \ + caps \ ++ xpconnect \ ++ js \ + $(NULL) + + CPPSRCS = \ +Index: netwerk/protocol/http/src/nsHttpChannel.cpp +=================================================================== +RCS file: /cvsroot/mozilla/netwerk/protocol/http/src/nsHttpChannel.cpp,v +retrieving revision 1.114 +diff -u -r1.114 nsHttpChannel.cpp +--- netwerk/protocol/http/src/nsHttpChannel.cpp 26 Apr 2002 22:50:50 -0000 1.114 ++++ netwerk/protocol/http/src/nsHttpChannel.cpp 30 Apr 2002 19:02:19 -0000 +@@ -34,6 +34,7 @@ + #include "nsISupportsPrimitives.h" + #include "nsIURL.h" + #include "nsIMIMEService.h" ++#include "nsIScriptSecurityManager.h" + #include "nsCExternalHandlerService.h" + #include "nsMimeTypes.h" + #include "nsNetUtil.h" +@@ -1465,6 +1466,15 @@ + rv = ioService->NewURI(nsDependentCString(location), nsnull, mURI, + getter_AddRefs(newURI)); + if (NS_FAILED(rv)) return rv; ++ ++ // verify that this is a legal redirect ++ nsCOMPtr<nsIScriptSecurityManager> securityManager = ++ do_GetService(NS_SCRIPTSECURITYMANAGER_CONTRACTID); ++ if (securityManager) { ++ rv = securityManager->CheckLoadURI(mURI, newURI, ++ nsIScriptSecurityManager::DISALLOW_FROM_MAIL); ++ if (NS_FAILED(rv)) return rv; ++ } + + // Kill the current cache entry if we are redirecting + // back to ourself. +--- htmlparser/src/CNavDTD.cpp.orig Sat May 4 00:32:17 2002 ++++ htmlparser/src/CNavDTD.cpp Sat May 4 01:14:59 2002 +@@ -473,14 +473,14 @@ + + nsresult result = NS_OK; + +- if (aTokenizer && mSink && aParser) { ++ if (aTokenizer && aParser) { + nsITokenizer* oldTokenizer = mTokenizer; + + mTokenizer = aTokenizer; + mParser = (nsParser*)aParser; + mTokenAllocator = mTokenizer->GetTokenAllocator(); + +- ++ if (mSink) { + if (mBodyContext->GetCount() == 0) { + CStartToken* theToken=nsnull; + if(ePlainText==mDocType) { +@@ -537,6 +537,7 @@ + } + }//while + mTokenizer = oldTokenizer; ++ } + } + + return result; |