gnu: icecat: Apply fixes for CVE-2015-{0801,0807,0815,0816}.

Actually, CVE-2015-0801 and CVE-2015-0816 were already patched in
4c153a9125fa0913077b06b5ed537958ae4ca163, but the corresponding CVEs
were not yet announced.

* gnu/packages/patches/icecat-bug-1146339.patch: Rename to ...
* gnu/packages/patches/icecat-CVE-2015-0801.patch: ... this.
* gnu/packages/patches/icecat-bug-1144991.patch: Rename to ...
* gnu/packages/patches/icecat-CVE-2015-0816.patch: ... this.
* gnu/packages/patches/icecat-CVE-2015-0807.patch,
  gnu/packages/patches/icecat-CVE-2015-0815-pt1.patch,
  gnu/packages/patches/icecat-CVE-2015-0815-pt2.patch,
  gnu/packages/patches/icecat-CVE-2015-0815-pt3.patch: New files.
* gnu-system.am (dist_patch_DATA): Add them, and adapt to renamed files.
* gnu/packages/gnuzilla.scm (icecat): Add patches, and adapt to renamed files.

1 files changed, 0 insertions, 76 deletions

diff --git a/gnu/packages/patches/icecat-bug-1144991.patch b/gnu/packages/patches/icecat-bug-1144991.patch
deleted file mode 100644
index 5632e37eb3..0000000000
--- a/gnu/packages/patches/icecat-bug-1144991.patch
+++ /dev/null
@@ -1,76 +0,0 @@
-From ae49ed04f54c2f78d6ba7e545e0099602a3270fa Mon Sep 17 00:00:00 2001
-From: Boris Zbarsky <bzbarsky@mit.edu>
-Date: Thu, 19 Mar 2015 18:58:44 -0400
-Subject: [PATCH] Bug 1144991 - Be a bit more restrictive about when a
- URI_IS_UI_RESOURCE source is allowed to link to a URI_IS_UI_RESOURCE URI that
- doesn't have the same scheme. r=bholley, a=abillings
-
----
- caps/src/nsScriptSecurityManager.cpp | 38 +++++++++++++++++++++++++-----------
- 1 file changed, 27 insertions(+), 11 deletions(-)
-
-diff --git a/caps/src/nsScriptSecurityManager.cpp b/caps/src/nsScriptSecurityManager.cpp
-index 3587358..6577b95 100644
---- a/caps/src/nsScriptSecurityManager.cpp
-+++ b/caps/src/nsScriptSecurityManager.cpp
-@@ -770,12 +770,31 @@ nsScriptSecurityManager::CheckLoadURIWithPrincipal(nsIPrincipal* aPrincipal,
-     NS_ENSURE_SUCCESS(rv, rv);
-     if (hasFlags) {
-         if (aFlags & nsIScriptSecurityManager::ALLOW_CHROME) {
-+
-+            // For now, don't change behavior for resource:// or moz-icon:// and
-+            // just allow them.
-             if (!targetScheme.EqualsLiteral("chrome")) {
--                // for now don't change behavior for resource: or moz-icon:
-                 return NS_OK;
-             }
- 
--            // allow load only if chrome package is whitelisted
-+            // Allow a URI_IS_UI_RESOURCE source to link to a URI_IS_UI_RESOURCE
-+            // target if ALLOW_CHROME is set.
-+            //
-+            // ALLOW_CHROME is a flag that we pass on all loads _except_ docshell
-+            // loads (since docshell loads run the loaded content with its origin
-+            // principal). So we're effectively allowing resource://, chrome://,
-+            // and moz-icon:// source URIs to load resource://, chrome://, and
-+            // moz-icon:// files, so long as they're not loading it as a document.
-+            bool sourceIsUIResource;
-+            rv = NS_URIChainHasFlags(sourceBaseURI,
-+                                     nsIProtocolHandler::URI_IS_UI_RESOURCE,
-+                                     &sourceIsUIResource);
-+            NS_ENSURE_SUCCESS(rv, rv);
-+            if (sourceIsUIResource) {
-+                return NS_OK;
-+            }
-+
-+            // Allow the load only if the chrome package is whitelisted.
-             nsCOMPtr<nsIXULChromeRegistry> reg(do_GetService(
-                                                  NS_CHROMEREGISTRY_CONTRACTID));
-             if (reg) {
-@@ -787,17 +806,14 @@ nsScriptSecurityManager::CheckLoadURIWithPrincipal(nsIPrincipal* aPrincipal,
-             }
-         }
- 
--        // resource: and chrome: are equivalent, securitywise
--        // That's bogus!!  Fix this.  But watch out for
--        // the view-source stylesheet?
--        bool sourceIsChrome;
--        rv = NS_URIChainHasFlags(sourceBaseURI,
--                                 nsIProtocolHandler::URI_IS_UI_RESOURCE,
--                                 &sourceIsChrome);
--        NS_ENSURE_SUCCESS(rv, rv);
--        if (sourceIsChrome) {
-+        // Special-case the hidden window: it's allowed to load
-+        // URI_IS_UI_RESOURCE no matter what.  Bug 1145470 tracks removing this.
-+        nsAutoCString sourceSpec;
-+        if (NS_SUCCEEDED(sourceBaseURI->GetSpec(sourceSpec)) &&
-+            sourceSpec.EqualsLiteral("resource://gre-resources/hiddenWindow.html")) {
-             return NS_OK;
-         }
-+
-         if (reportErrors) {
-             ReportError(nullptr, errorTag, sourceURI, aTargetURI);
-         }
--- 
-2.2.1
-