CVS commit: pkgsrc/www/seamonkey

To: pkgsrc-changes%NetBSD.org@localhost
Subject: CVS commit: pkgsrc/www/seamonkey
From: "David A. Holland" <dholland%netbsd.org@localhost>
Date: Thu, 15 Dec 2016 07:48:19 +0000

Module Name:    pkgsrc
Committed By:   dholland
Date:           Thu Dec 15 07:48:19 UTC 2016

Modified Files:
        pkgsrc/www/seamonkey: Makefile distinfo
Added Files:
        pkgsrc/www/seamonkey/patches:
            patch-mozilla_dom_smil_nsSMILTimeContainer.cpp
            patch-mozilla_dom_smil_nsSMILTimeContainer.h

Log Message:
Add fix for CVE-2016-9079 remote code execution, aka mfsa2016-92,
taken from firefox.

PKGREVISION -> 7.


To generate a diff of this commit:
cvs rdiff -u -r1.149 -r1.150 pkgsrc/www/seamonkey/Makefile
cvs rdiff -u -r1.140 -r1.141 pkgsrc/www/seamonkey/distinfo
cvs rdiff -u -r0 -r1.1 \
    pkgsrc/www/seamonkey/patches/patch-mozilla_dom_smil_nsSMILTimeContainer.cpp \
    pkgsrc/www/seamonkey/patches/patch-mozilla_dom_smil_nsSMILTimeContainer.h

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/www/seamonkey/Makefile
diff -u pkgsrc/www/seamonkey/Makefile:1.149 pkgsrc/www/seamonkey/Makefile:1.150
--- pkgsrc/www/seamonkey/Makefile:1.149 Sun Dec  4 05:17:44 2016
+++ pkgsrc/www/seamonkey/Makefile       Thu Dec 15 07:48:19 2016
@@ -1,8 +1,8 @@
-# $NetBSD: Makefile,v 1.149 2016/12/04 05:17:44 ryoon Exp $
+# $NetBSD: Makefile,v 1.150 2016/12/15 07:48:19 dholland Exp $
 
 DISTNAME=      seamonkey-${SM_VER}.source
 PKGNAME=       seamonkey-${SM_VER:S/b/beta/}
-PKGREVISION=   6
+PKGREVISION=   7
 SM_VER=                2.40
 CATEGORIES=    www
 MASTER_SITES=  ${MASTER_SITE_MOZILLA:=seamonkey/releases/${SM_VER}/source/}

Index: pkgsrc/www/seamonkey/distinfo
diff -u pkgsrc/www/seamonkey/distinfo:1.140 pkgsrc/www/seamonkey/distinfo:1.141
--- pkgsrc/www/seamonkey/distinfo:1.140 Wed Dec  7 22:01:28 2016
+++ pkgsrc/www/seamonkey/distinfo       Thu Dec 15 07:48:19 2016
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.140 2016/12/07 22:01:28 maya Exp $
+$NetBSD: distinfo,v 1.141 2016/12/15 07:48:19 dholland Exp $
 
 SHA1 (seamonkey-2.40.source.tar.xz) = ecf99bc7478319835a0e19f35ed5b7b1aa2c0046
 RMD160 (seamonkey-2.40.source.tar.xz) = 4030688f145fdf35a6d2728d097cf7cda8e50231
@@ -31,6 +31,8 @@ SHA1 (patch-mozilla_dom_media_moz.build)
 SHA1 (patch-mozilla_dom_plugins_ipc_PluginModuleChild.cpp) = 005a611073f3a8b865d19e7204df9d40e5e1c3ff
 SHA1 (patch-mozilla_dom_plugins_ipc_PluginModuleChild.h) = 14038ce0ee2b38db6c7952056a97a65839a2c1a9
 SHA1 (patch-mozilla_dom_plugins_ipc_PluginProcessChild.cpp) = ef2b3f3c134be64c9dbb688e36a8b767c25a008a
+SHA1 (patch-mozilla_dom_smil_nsSMILTimeContainer.cpp) = 8040334532157965086a6926aea2cb42707c9be3
+SHA1 (patch-mozilla_dom_smil_nsSMILTimeContainer.h) = ca80d3991d3025bc9ebe7091be4fd01ffcf75839
 SHA1 (patch-mozilla_dom_system_OSFileConstants.cpp) = f78d502489013f855c1616d8941b960aa73760a2
 SHA1 (patch-mozilla_extensions_spellcheck_hunspell_glue_mozHunspell.cpp) = 5c7d5429bd9a84fd2fffa86c3bd1d34d67f66681
 SHA1 (patch-mozilla_gfx_cairo_libpixman_src_pixman-arm-neon-asm.S) = 818a1b1cb48bc04e91581709065948cef362aebe

Added files:

Index: pkgsrc/www/seamonkey/patches/patch-mozilla_dom_smil_nsSMILTimeContainer.cpp
diff -u /dev/null pkgsrc/www/seamonkey/patches/patch-mozilla_dom_smil_nsSMILTimeContainer.cpp:1.1
--- /dev/null   Thu Dec 15 07:48:19 2016
+++ pkgsrc/www/seamonkey/patches/patch-mozilla_dom_smil_nsSMILTimeContainer.cpp Thu Dec 15 07:48:19 2016
@@ -0,0 +1,78 @@
+$NetBSD: patch-mozilla_dom_smil_nsSMILTimeContainer.cpp,v 1.1 2016/12/15 07:48:19 dholland Exp $
+
+Fix for CVE-2016-9079, aka
+https://www.mozilla.org/en-US/security/advisories/mfsa2016-92/
+from the firefox 45.5.1esr distfile,
+which is the same as
+https://hg.mozilla.org/integration/mozilla-inbound/rev/9271347b07d201df26cdffde75483c0b0001528c
+linked from https://bugzilla.mozilla.org/show_bug.cgi?id=1321066
+
+--- mozilla/dom/smil/nsSMILTimeContainer.cpp.orig      2016-01-19 02:48:35.000000000 +0000
++++ mozilla/dom/smil/nsSMILTimeContainer.cpp
+@@ -9,6 +9,8 @@
+ #include "nsSMILTimedElement.h"
+ #include <algorithm>
+ 
++#include "mozilla/AutoRestore.h"
++
+ nsSMILTimeContainer::nsSMILTimeContainer()
+ :
+   mParent(nullptr),
+@@ -18,6 +20,7 @@ nsSMILTimeContainer::nsSMILTimeContainer
+   mNeedsPauseSample(false),
+   mNeedsRewind(false),
+   mIsSeeking(false),
++  mHoldingEntries(false),
+   mPauseState(PAUSE_BEGIN)
+ {
+ }
+@@ -213,12 +216,14 @@ nsSMILTimeContainer::AddMilestone(const 
+   // time may change (e.g. if attributes are changed on the timed element in
+   // between samples). If this happens, then we may do an unecessary sample
+   // but that's pretty cheap.
++  MOZ_RELEASE_ASSERT(!mHoldingEntries);
+   return mMilestoneEntries.Push(MilestoneEntry(aMilestone, aElement));
+ }
+ 
+ void
+ nsSMILTimeContainer::ClearMilestones()
+ {
++  MOZ_RELEASE_ASSERT(!mHoldingEntries);
+   mMilestoneEntries.Clear();
+ }
+ 
+@@ -259,6 +264,8 @@ nsSMILTimeContainer::PopMilestoneElement
+              "Trying to pop off earliest times but we have earlier ones that "
+              "were overlooked");
+ 
++  MOZ_RELEASE_ASSERT(!mHoldingEntries);
++
+   bool gotOne = false;
+   while (!mMilestoneEntries.IsEmpty() &&
+       mMilestoneEntries.Top().mMilestone == containerMilestone)
+@@ -273,6 +280,8 @@ nsSMILTimeContainer::PopMilestoneElement
+ void
+ nsSMILTimeContainer::Traverse(nsCycleCollectionTraversalCallback* aCallback)
+ {
++  AutoRestore<bool> saveHolding(mHoldingEntries);
++  mHoldingEntries = true;
+   const MilestoneEntry* p = mMilestoneEntries.Elements();
+   while (p < mMilestoneEntries.Elements() + mMilestoneEntries.Length()) {
+     NS_CYCLE_COLLECTION_NOTE_EDGE_NAME(*aCallback, "mTimebase");
+@@ -284,6 +293,7 @@ nsSMILTimeContainer::Traverse(nsCycleCol
+ void
+ nsSMILTimeContainer::Unlink()
+ {
++  MOZ_RELEASE_ASSERT(!mHoldingEntries);
+   mMilestoneEntries.Clear();
+ }
+ 
+@@ -307,6 +317,8 @@ nsSMILTimeContainer::NotifyTimeChange()
+   // milestone elements. This is because any timed element with dependents and
+   // with significant transitions yet to fire should have their next milestone
+   // registered. Other timed elements don't matter.
++  AutoRestore<bool> saveHolding(mHoldingEntries);
++  mHoldingEntries = true;
+   const MilestoneEntry* p = mMilestoneEntries.Elements();
+ #if DEBUG
+   uint32_t queueLength = mMilestoneEntries.Length();
Index: pkgsrc/www/seamonkey/patches/patch-mozilla_dom_smil_nsSMILTimeContainer.h
diff -u /dev/null pkgsrc/www/seamonkey/patches/patch-mozilla_dom_smil_nsSMILTimeContainer.h:1.1
--- /dev/null   Thu Dec 15 07:48:19 2016
+++ pkgsrc/www/seamonkey/patches/patch-mozilla_dom_smil_nsSMILTimeContainer.h   Thu Dec 15 07:48:19 2016
@@ -0,0 +1,20 @@
+$NetBSD: patch-mozilla_dom_smil_nsSMILTimeContainer.h,v 1.1 2016/12/15 07:48:19 dholland Exp $
+
+Fix for CVE-2016-9079, aka
+https://www.mozilla.org/en-US/security/advisories/mfsa2016-92/
+from the firefox 45.5.1esr distfile,
+which is the same as
+https://hg.mozilla.org/integration/mozilla-inbound/rev/9271347b07d201df26cdffde75483c0b0001528c
+linked from https://bugzilla.mozilla.org/show_bug.cgi?id=1321066
+
+--- mozilla/dom/smil/nsSMILTimeContainer.h.orig        2016-01-19 02:49:17.000000000 +0000
++++ mozilla/dom/smil/nsSMILTimeContainer.h
+@@ -267,6 +267,8 @@ protected:
+   bool mNeedsRewind; // Backwards seek performed
+   bool mIsSeeking; // Currently in the middle of a seek operation
+ 
++  bool mHoldingEntries; // True if there's a raw pointer to mMilestoneEntries on the stack.
++
+   // A bitfield of the pause state for all pause requests
+   uint32_t mPauseState;
+

Prev by Date: CVS commit: pkgsrc/converters/p5-Sereal-Encoder
Next by Date: CVS commit: pkgsrc/devel/jemalloc
Previous by Thread: CVS commit: pkgsrc/converters/p5-Sereal-Encoder
Next by Thread: CVS commit: pkgsrc/devel/jemalloc
Indexes:

Home | Main Index | Thread Index | Old Index