aboutsummaryrefslogtreecommitdiff
path: root/gnu/packages/patches/icecat-CVE-2015-2743.patch
diff options
context:
space:
mode:
Diffstat (limited to 'gnu/packages/patches/icecat-CVE-2015-2743.patch')
-rw-r--r--gnu/packages/patches/icecat-CVE-2015-2743.patch73
1 files changed, 0 insertions, 73 deletions
diff --git a/gnu/packages/patches/icecat-CVE-2015-2743.patch b/gnu/packages/patches/icecat-CVE-2015-2743.patch
deleted file mode 100644
index a74fe7b270..0000000000
--- a/gnu/packages/patches/icecat-CVE-2015-2743.patch
+++ /dev/null
@@ -1,73 +0,0 @@
-From 9ed97d606aaaf79776b0e19a73ba30d8ad0685b5 Mon Sep 17 00:00:00 2001
-From: Ben Turner <bent.mozilla@gmail.com>
-Date: Tue, 26 May 2015 17:27:01 -0400
-Subject: [PATCH] Bug 1163109 - Restrict the resource:// weirdness in workers
- to loads from a system principal. r=bzbarsky, a=lizzard
-
---HG--
-extra : transplant_source : sQUdu%7C%ED%84%CA%5B%91%89/%1B2%25%CFY%B0%C3
----
- dom/workers/ScriptLoader.cpp | 37 ++++++++++++++++---------------------
- 1 file changed, 16 insertions(+), 21 deletions(-)
-
-diff --git a/dom/workers/ScriptLoader.cpp b/dom/workers/ScriptLoader.cpp
-index 0dfe625..3335c3e 100644
---- a/dom/workers/ScriptLoader.cpp
-+++ b/dom/workers/ScriptLoader.cpp
-@@ -509,22 +509,6 @@ private:
- rv = ssm->GetChannelPrincipal(channel, getter_AddRefs(channelPrincipal));
- NS_ENSURE_SUCCESS(rv, rv);
-
-- // See if this is a resource URI. Since JSMs usually come from resource://
-- // URIs we're currently considering all URIs with the URI_IS_UI_RESOURCE
-- // flag as valid for creating privileged workers.
-- if (!nsContentUtils::IsSystemPrincipal(channelPrincipal)) {
-- bool isResource;
-- rv = NS_URIChainHasFlags(finalURI,
-- nsIProtocolHandler::URI_IS_UI_RESOURCE,
-- &isResource);
-- NS_ENSURE_SUCCESS(rv, rv);
--
-- if (isResource) {
-- rv = ssm->GetSystemPrincipal(getter_AddRefs(channelPrincipal));
-- NS_ENSURE_SUCCESS(rv, rv);
-- }
-- }
--
- // If the load principal is the system principal then the channel
- // principal must also be the system principal (we do not allow chrome
- // code to create workers with non-chrome scripts). Otherwise this channel
-@@ -532,14 +516,25 @@ private:
- // here in case redirects changed the location of the script).
- if (nsContentUtils::IsSystemPrincipal(loadPrincipal)) {
- if (!nsContentUtils::IsSystemPrincipal(channelPrincipal)) {
-- return NS_ERROR_DOM_BAD_URI;
-+ // See if this is a resource URI. Since JSMs usually come from
-+ // resource:// URIs we're currently considering all URIs with the
-+ // URI_IS_UI_RESOURCE flag as valid for creating privileged workers.
-+ bool isResource;
-+ rv = NS_URIChainHasFlags(finalURI,
-+ nsIProtocolHandler::URI_IS_UI_RESOURCE,
-+ &isResource);
-+ NS_ENSURE_SUCCESS(rv, rv);
-+
-+ if (isResource) {
-+ // Assign the system principal to the resource:// worker only if it
-+ // was loaded from code using the system principal.
-+ channelPrincipal = loadPrincipal;
-+ } else {
-+ return NS_ERROR_DOM_BAD_URI;
-+ }
- }
- }
- else {
-- nsCString scheme;
-- rv = finalURI->GetScheme(scheme);
-- NS_ENSURE_SUCCESS(rv, rv);
--
- // We exempt data urls and other URI's that inherit their
- // principal again.
- if (NS_FAILED(loadPrincipal->CheckMayLoad(finalURI, false, true))) {
---
-2.4.3
-