From 456f4abfd3a0d7f14646538f9b8306c9ce5dbf85 Mon Sep 17 00:00:00 2001 From: tnn Date: Mon, 5 Sep 2011 11:05:21 +0000 Subject: Update legacy firefox36 package to 3.6.21. Fixes some security issues: MFSA 2011-34 Protection against fraudulent DigiNotar certificates MFSA 2011-30 Security issues addressed in Firefox 3.6.20 MFSA 2011-24 Cookie isolation error MFSA 2011-23 Multiple dangling pointer vulnerabilities MFSA 2011-22 Integer overflow and arbitrary code execution in Array.reduceRight() MFSA 2011-21 Memory corruption due to multipart/x-mixed-replace images MFSA 2011-20 Use-after-free vulnerability when viewing XUL document with script disabled MFSA 2011-19 Miscellaneous memory safety hazards (rv:3.0/1.9.2.18) --- devel/xulrunner192/patches/patch-nd | 37 ------------------------------------- 1 file changed, 37 deletions(-) delete mode 100644 devel/xulrunner192/patches/patch-nd (limited to 'devel/xulrunner192/patches') diff --git a/devel/xulrunner192/patches/patch-nd b/devel/xulrunner192/patches/patch-nd deleted file mode 100644 index 43ef0bd6687..00000000000 --- a/devel/xulrunner192/patches/patch-nd +++ /dev/null @@ -1,37 +0,0 @@ -$NetBSD: patch-nd,v 1.1.1.1 2011/04/19 11:16:08 tnn Exp $ - -# reported upstream as -# https://bugzilla.mozilla.org/show_bug.cgi?id=514002 - ---- gfx/qcms/iccread.c.orig 2009-07-30 17:30:16.000000000 +0200 -+++ gfx/qcms/iccread.c 2009-09-01 21:29:29.000000000 +0200 -@@ -23,6 +23,7 @@ - #include - #include - #include -+#include - #include "qcmsint.h" - - //XXX: use a better typename -@@ -84,7 +85,9 @@ static uint32_t read_u32(struct mem_sour - invalid_source(mem, "Invalid offset"); - return 0; - } else { -- return be32_to_cpu(*(__be32*)(mem->buf + offset)); -+ uint32_t v; -+ memcpy(&v, mem->buf + offset, 4); -+ return be32_to_cpu(v); - } - } - -@@ -94,7 +97,9 @@ static uint16_t read_u16(struct mem_sour - invalid_source(mem, "Invalid offset"); - return 0; - } else { -- return be16_to_cpu(*(__be16*)(mem->buf + offset)); -+ uint16_t v; -+ memcpy(&v, mem->buf + offset, 2); -+ return be16_to_cpu(v); - } - } - -- cgit v1.2.3