diff options
author | Mark H Weaver <mhw@netris.org> | 2016-03-10 02:57:05 -0500 |
---|---|---|
committer | Mark H Weaver <mhw@netris.org> | 2016-03-10 10:52:41 -0500 |
commit | c3499ad6b8cfdf1c6b09aa51f9f681a5be6c8962 (patch) | |
tree | 5013ce433bb697afc6086c4c4b1532cf57ea8bd5 /gnu/packages/patches/icecat-CVE-2016-1954.patch | |
parent | ec278439f3ff5dcd3d02c05099ba1724cc2459f1 (diff) | |
download | guix-c3499ad6b8cfdf1c6b09aa51f9f681a5be6c8962.tar guix-c3499ad6b8cfdf1c6b09aa51f9f681a5be6c8962.tar.gz |
gnu: icecat: Add several security fixes.
* gnu/packages/patches/icecat-CVE-2015-4477.patch,
gnu/packages/patches/icecat-CVE-2015-7207.patch,
gnu/packages/patches/icecat-CVE-2016-1952-pt01.patch,
gnu/packages/patches/icecat-CVE-2016-1952-pt02.patch,
gnu/packages/patches/icecat-CVE-2016-1952-pt03.patch,
gnu/packages/patches/icecat-CVE-2016-1952-pt04.patch,
gnu/packages/patches/icecat-CVE-2016-1952-pt05.patch,
gnu/packages/patches/icecat-CVE-2016-1952-pt06.patch,
gnu/packages/patches/icecat-CVE-2016-1954.patch,
gnu/packages/patches/icecat-CVE-2016-1960.patch,
gnu/packages/patches/icecat-CVE-2016-1961.patch,
gnu/packages/patches/icecat-CVE-2016-1962.patch,
gnu/packages/patches/icecat-CVE-2016-1964.patch,
gnu/packages/patches/icecat-CVE-2016-1965.patch,
gnu/packages/patches/icecat-CVE-2016-1966.patch,
gnu/packages/patches/icecat-CVE-2016-1974.patch,
gnu/packages/patches/icecat-bug-1248851.patch: New files.
* gnu-system.am (dist_patch_DATA): Add them.
* gnu/packages/gnuzilla.scm (icecat)[source]: Add patches.
Diffstat (limited to 'gnu/packages/patches/icecat-CVE-2016-1954.patch')
-rw-r--r-- | gnu/packages/patches/icecat-CVE-2016-1954.patch | 32 |
1 files changed, 32 insertions, 0 deletions
diff --git a/gnu/packages/patches/icecat-CVE-2016-1954.patch b/gnu/packages/patches/icecat-CVE-2016-1954.patch new file mode 100644 index 0000000000..bbb4b3217c --- /dev/null +++ b/gnu/packages/patches/icecat-CVE-2016-1954.patch @@ -0,0 +1,32 @@ +Copied from upstream: +https://hg.mozilla.org/releases/mozilla-esr38/raw-rev/a5c4c18849b4 + +# HG changeset patch +# User Christoph Kerschbaumer <mozilla@christophkerschbaumer.com> +# Date 1456157874 28800 +# Node ID a5c4c18849b486ef8693e20421b69239a2cbe574 +# Parent e93aeb25e2a44df8d22f5a065b4410620e2c8730 +Bug 1243178: CSP - Skip sending reports for non http schemes (r=dveditz) a=ritu + +diff --git a/dom/security/nsCSPContext.cpp b/dom/security/nsCSPContext.cpp +--- a/dom/security/nsCSPContext.cpp ++++ b/dom/security/nsCSPContext.cpp +@@ -798,16 +798,17 @@ nsCSPContext::SendReports(nsISupports* a + (NS_SUCCEEDED(reportURI->SchemeIs("https", &isHttpScheme)) && isHttpScheme); + + if (!isHttpScheme) { + const char16_t* params[] = { reportURIs[r].get() }; + CSP_LogLocalizedStr(NS_LITERAL_STRING("reportURInotHttpsOrHttp2").get(), + params, ArrayLength(params), + aSourceFile, aScriptSample, aLineNum, 0, + nsIScriptError::errorFlag, "CSP", mInnerWindowID); ++ continue; + } + + // make sure this is an anonymous request (no cookies) so in case the + // policy URI is injected, it can't be abused for CSRF. + nsLoadFlags flags; + rv = reportChannel->GetLoadFlags(&flags); + NS_ENSURE_SUCCESS(rv, rv); + flags |= nsIRequest::LOAD_ANONYMOUS; + |