head	1.2;
access;
symbols
	pkgsrc-2013Q2:1.2.0.6
	pkgsrc-2013Q2-base:1.2
	pkgsrc-2012Q4:1.2.0.4
	pkgsrc-2012Q4-base:1.2
	pkgsrc-2011Q4:1.2.0.2
	pkgsrc-2011Q4-base:1.2
	pkgsrc-2011Q2:1.1.1.1.0.2
	pkgsrc-2011Q2-base:1.1.1.1
	pkgsrc-base:1.1.1.1
	TNF:1.1.1;
locks; strict;
comment	@# @;


1.2
date	2011.09.05.11.05.21;	author tnn;	state dead;
branches;
next	1.1;

1.1
date	2011.04.19.11.16.08;	author tnn;	state Exp;
branches
	1.1.1.1;
next	;

1.1.1.1
date	2011.04.19.11.16.08;	author tnn;	state Exp;
branches;
next	;


desc
@@


1.2
log
@Update legacy firefox36 package to 3.6.21.
Fixes some security issues:

MFSA 2011-34 Protection against fraudulent DigiNotar certificates
MFSA 2011-30 Security issues addressed in Firefox 3.6.20
MFSA 2011-24 Cookie isolation error
MFSA 2011-23 Multiple dangling pointer vulnerabilities
MFSA 2011-22 Integer overflow and arbitrary code execution in Array.reduceRight()
MFSA 2011-21 Memory corruption due to multipart/x-mixed-replace images
MFSA 2011-20 Use-after-free vulnerability when viewing XUL document with script disabled
MFSA 2011-19 Miscellaneous memory safety hazards (rv:3.0/1.9.2.18)
@
text
@$NetBSD: patch-nd,v 1.1 2011/04/19 11:16:08 tnn Exp $

# reported upstream as
#   https://bugzilla.mozilla.org/show_bug.cgi?id=514002

--- gfx/qcms/iccread.c.orig	2009-07-30 17:30:16.000000000 +0200
+++ gfx/qcms/iccread.c	2009-09-01 21:29:29.000000000 +0200
@@@@ -23,6 +23,7 @@@@
 #include <math.h>
 #include <assert.h>
 #include <stdlib.h>
+#include <string.h>
 #include "qcmsint.h"
 
 //XXX: use a better typename
@@@@ -84,7 +85,9 @@@@ static uint32_t read_u32(struct mem_sour
 		invalid_source(mem, "Invalid offset");
 		return 0;
 	} else {
-		return be32_to_cpu(*(__be32*)(mem->buf + offset));
+		uint32_t v;
+		memcpy(&v, mem->buf + offset, 4);
+		return be32_to_cpu(v);
 	}
 }
 
@@@@ -94,7 +97,9 @@@@ static uint16_t read_u16(struct mem_sour
 		invalid_source(mem, "Invalid offset");
 		return 0;
 	} else {
-		return be16_to_cpu(*(__be16*)(mem->buf + offset));
+		uint16_t v;
+		memcpy(&v, mem->buf + offset, 2);
+		return be16_to_cpu(v);
 	}
 }
 
@


1.1
log
@Initial revision
@
text
@d1 1
a1 1
$NetBSD: patch-nd,v 1.1 2009/09/09 17:01:07 tnn Exp $
@


1.1.1.1
log
@Re-import previous version of Firefox, because firefox-4.0 won't
work for some users (sparc64 support, for example, is busted and
won't appear again until firefox-5.0).
@
text
@@