head 1.8;
access;
symbols
pkgsrc-2017Q3:1.7.0.4
pkgsrc-2017Q3-base:1.7
pkgsrc-2016Q1:1.5.0.10
pkgsrc-2016Q1-base:1.5
pkgsrc-2015Q4:1.5.0.8
pkgsrc-2015Q4-base:1.5
pkgsrc-2015Q3:1.5.0.6
pkgsrc-2015Q3-base:1.5
pkgsrc-2015Q2:1.5.0.4
pkgsrc-2015Q2-base:1.5
pkgsrc-2015Q1:1.5.0.2
pkgsrc-2015Q1-base:1.5;
locks; strict;
comment @// @;
1.8
date 2017.09.30.05.34.12; author ryoon; state dead;
branches;
next 1.7;
commitid FvJcfB7R3sEnib9A;
1.7
date 2017.08.10.14.46.15; author ryoon; state Exp;
branches;
next 1.6;
commitid rDI4h24RNI2oZF2A;
1.6
date 2016.06.16.12.08.21; author ryoon; state dead;
branches;
next 1.5;
commitid LAwegbTYgLLjCGaz;
1.5
date 2015.01.30.07.32.24; author pho; state Exp;
branches;
next 1.4;
commitid yHqPF30VdLz6g18y;
1.4
date 2014.06.11.00.40.59; author ryoon; state dead;
branches;
next 1.3;
commitid QTw894DEf2Let2Ex;
1.3
date 2014.06.06.01.05.50; author pho; state Exp;
branches;
next 1.2;
commitid dIAvQvZYxXupLoDx;
1.2
date 2014.05.30.10.22.06; author pho; state dead;
branches;
next 1.1;
commitid pujOAy5YvcBW3yCx;
1.1
date 2014.05.29.15.38.19; author pho; state Exp;
branches;
next ;
commitid xGrR6Q92PtaXQrCx;
desc
@@
1.8
log
@Update to 56.0
New
Launched Firefox Screenshots, a feature that lets users take, save, and share screenshots without leaving the browser
Added support for address form autofill (en-US only)
Updated Preferences
Added search tool so users can find a specific setting quickly
Reorganized preferences so users can more easily scan settings
Rewrote descriptions so users can better understand choices and how they affect browsing
Revised data collection choices so they align with updated Privacy Notice and data collection strategy
Media opened in a background tab will not play until the tab is selected
Improved Send Tabs feature of Sync for iOS and Android, and Send Tabs can be discovered even by users without a Firefox Account
Changed
Replaced character encoding converters with a new Encoding Standard-compliant implementation written in Rust
Added hardware acceleration for AES-GCM
Updated the Safe Browsing protocol to version 4
Reduced update download file size by approximately 20 percent
Improved security for verifying update downloads
Developer
Added Layout Panel to CSS Grid DevTools
@
text
@$NetBSD: patch-toolkit_xre_nsAppRunner.cpp,v 1.7 2017/08/10 14:46:15 ryoon Exp $
--- toolkit/xre/nsAppRunner.cpp.orig 2017-07-31 16:20:53.000000000 +0000
+++ toolkit/xre/nsAppRunner.cpp
@@@@ -227,11 +227,13 @@@@
extern uint32_t gRestartMode;
extern void InstallSignalHandlers(const char *ProgramName);
+#ifdef MOZ_RUST
// This workaround is fixed in Rust 1.19. For details, see bug 1358151.
// Implementation in toolkit/library/rust/shared/lib.rs
extern "C" {
void rust_init_please_remove_this_after_updating_rust_1_19();
}
+#endif
#define FILE_COMPATIBILITY_INFO NS_LITERAL_CSTRING("compatibility.ini")
#define FILE_INVALIDATE_CACHES NS_LITERAL_CSTRING(".purgecaches")
@@@@ -3120,8 +3122,10 @@@@ XREMain::XRE_mainInit(bool* aExitFlag)
return 1;
*aExitFlag = false;
+#ifdef MOZ_RUST
// This workaround is fixed in Rust 1.19. For details, see bug 1358151.
rust_init_please_remove_this_after_updating_rust_1_19();
+#endif
atexit(UnexpectedExit);
auto expectedShutdown = mozilla::MakeScopeExit([&] {
@
1.7
log
@Update to 55.0
Changelog:
New
Launched Windows support for WebVR, bringing immersive experiences to the web. See examples and try working demos at Mozilla VR.
Added options that let users optimize recent performance improvements
Setting to enable Hardware VP9 acceleration on Windows 10 Anniversary Edition for better battery life and lower CPU usage while watching videos
Setting to modify the number of concurrent content processes for faster page loading and more responsive tab switching
Simplified installation process with a streamlined Windows stub installer
Firefox for Windows 64-bit is now installed by default on 64-bit systems with at least 2GB of RAM
Full installers with advanced installation options are still available
Improved address bar functionality
Search with any installed one-click search engine directly from the address bar
Search suggestions appear by default
When entering a hostname (like pinterest.com) in the URL bar, Firefox resolves to the secure version of the site (https://www.pinterest.com) instead of the insecure version (http://www.pinterest.com) when possible
Updated Sidebar for bookmarks, history, and synced tabs so it can appear at the right edge of the window as well as the left
Added support for stereo microphones with WebRTC
Pages can be simplified before printing from within Print Preview
Updated Firefox for OSX and macOS to allow users to assign custom keyboard shortcuts to Firefox menu items via System Preferences
Browsing sessions with a high number of tabs are now restored in an instant
Make screenshots of webpages, and save them locally or upload them to the cloud. This feature will undergo A/B testing and will not be visible for some users.
Added Belarusian (be) locale
Fixed
Various security fixes
Changed
Made the Adobe Flash plugin click-to-activate by default and allowed only on http:// and https:// URL schemes. (This change will not be visible to all users immediately. For more information see the Firefox plugin roadmap)
Firefox does not support downgrades, even though this may have worked in past versions. Users who install Firefox 55+ and later downgrade to an earlier version may experience issues with Firefox.
Modernized application update UI to be less intrusive and more aligned with the rest of the browser. Only users who have not restarted their browser 8 days after downloading an update or users who opted out of automatic updates will see this change.
Security fixes:
CVE-2017-7798: XUL injection in the style editor in devtools
Reporter
Frederik Braun
Impact
critical
Description
The Developer Tools feature suffers from a XUL injection vulnerability due to improper sanitization of the web page source code. In the worst case, this could allow arbitrary code execution when opening a malicious page with the style editor tool.
References
Bug 1371586, 1372112
#CVE-2017-7800: Use-after-free in WebSockets during disconnection
Reporter
Looben Yang
Impact
critical
Description
A use-after-free vulnerability can occur in WebSockets when the object holding the connection is freed before the disconnection operation is finished. This results in an exploitable crash.
References
Bug 1374047
#CVE-2017-7801: Use-after-free with marquee during window resizing
Reporter
Nils
Impact
critical
Description
A use-after-free vulnerability can occur while re-computing layout for a marquee element during window resizing where the updated style object is freed while still in use. This results in a potentially exploitable crash.
References
Bug 1371259
#CVE-2017-7809: Use-after-free while deleting attached editor DOM node
Reporter
Nils
Impact
high
Description
A use-after-free vulnerability can occur when an editor DOM node is deleted prematurely during tree traversal while still bound to the document. This results in a potentially exploitable crash.
References
Bug 1380284
#CVE-2017-7784: Use-after-free with image observers
Reporter
Nils
Impact
high
Description
A use-after-free vulnerability can occur when reading an image observer during frame reconstruction after the observer has been freed. This results in a potentially exploitable crash.
References
Bug 1376087
#CVE-2017-7802: Use-after-free resizing image elements
Reporter
Nils
Impact
high
Description
A use-after-free vulnerability can occur when manipulating the DOM during the resize event of an image element. If these elements have been freed due to a lack of strong references, a potentially exploitable crash may occur when the freed elements are accessed.
References
Bug 1378147
#CVE-2017-7785: Buffer overflow manipulating ARIA attributes in DOM
Reporter
Nils
Impact
high
Description
A buffer overflow can occur when manipulating Accessible Rich Internet Applications (ARIA) attributes within the DOM. This results in a potentially exploitable crash.
References
Bug 1356985
#CVE-2017-7786: Buffer overflow while painting non-displayable SVG
Reporter
Nils
Impact
high
Description
A buffer overflow can occur when the image renderer attempts to paint non-displayable SVG elements. This results in a potentially exploitable crash.
References
Bug 1365189
#CVE-2017-7806: Use-after-free in layer manager with SVG
Reporter
Nils
Impact
high
Description
A use-after-free vulnerability can occur when the layer manager is freed too early when rendering specific SVG content, resulting in a potentially exploitable crash.
References
Bug 1378113
#CVE-2017-7753: Out-of-bounds read with cached style data and pseudo-elements
Reporter
SkyLined
Impact
high
Description
An out-of-bounds read occurs when applying style rules to pseudo-elements, such as ::first-line, using cached style data.
References
Bug 1353312
#CVE-2017-7787: Same-origin policy bypass with iframes through page reloads
Reporter
Oliver Wagner
Impact
high
Description
Same-origin policy protections can be bypassed on pages with embedded iframes during page reloads, allowing the iframes to access content on the top level page, leading to information disclosure.
References
Bug 1322896
#CVE-2017-7807: Domain hijacking through AppCache fallback
Reporter
Mathias Karlsson
Impact
high
Description
A mechanism that uses AppCache to hijack a URL in a domain using fallback by serving the files from a sub-path on the domain. This has been addressed by requiring fallback files be inside the manifest directory.
References
Bug 1376459
#CVE-2017-7792: Buffer overflow viewing certificates with an extremely long OID
Reporter
Fraser Tweedale
Impact
high
Description
A buffer overflow will occur when viewing a certificate in the certificate manager if the certificate has an extremely long object identifier (OID). This results in a potentially exploitable crash.
References
Bug 1368652
#CVE-2017-7804: Memory protection bypass through WindowsDllDetourPatcher
Reporter
Stephen Fewer
Impact
high
Description
The destructor function for the WindowsDllDetourPatcher class can be re-purposed by malicious code in concert with another vulnerability to write arbitrary data to an attacker controlled location in memory. This can be used to bypass existing memory protections in this situation.
Note: This attack only affects Windows operating systems. Other operating systems are not affected.
References
Bug 1372849
#CVE-2017-7791: Spoofing following page navigation with data: protocol and modal alerts
Reporter
Jose María Acuña
Impact
moderate
Description
On pages containing an iframe, the data: protocol can be used to create a modal alert that will render over arbitrary domains following page navigation, spoofing of the origin of the modal alert from the iframe content.
References
Bug 1365875
#CVE-2017-7808: CSP information leak with frame-ancestors containing paths
Reporter
Jun Kokatsu
Impact
moderate
Description
A content security policy (CSP) frame-ancestors directive containing origins with paths allows for comparisons against those paths instead of the origin. This results in a cross-origin information leak of this path information.
References
Bug 1367531
#CVE-2017-7782: WindowsDllDetourPatcher allocates memory without DEP protections
Reporter
Arthur Edelstein
Impact
moderate
Description
An error in the WindowsDllDetourPatcher where a RWX ("Read/Write/Execute") 4k block is allocated but never protected, violating DEP protections.
Note: This attack only affects Windows operating systems. Other operating systems are not affected.
References
Bug 1344034
#CVE-2017-7781: Elliptic curve point addition error when using mixed Jacobian-affine coordinates
Reporter
Antonio Sanso
Impact
moderate
Description
An error occurs in the elliptic curve point addition algorithm that uses mixed Jacobian-affine coordinates where it can yield a result POINT_AT_INFINITY when it should not. A man-in-the-middle attacker could use this to interfere with a connection, resulting in an attacked party computing an incorrect shared secret.
References
Bug 1352039
#CVE-2017-7794: Linux file truncation via sandbox broker
Reporter
Jann Horn
Impact
moderate
Description
On Linux systems, if the content process is compromised, the sandbox broker will allow files to be truncated even though the sandbox explicitly only has read access to the local file system and no write permissions.
Note: This attack only affects the Linux operating system. Other operating systems are not affected.
References
Bug 1374281
#CVE-2017-7803: CSP containing 'sandbox' improperly applied
Reporter
Rhys Enniks
Impact
moderate
Description
When a page’s content security policy (CSP) header contains a sandbox directive, other directives are ignored. This results in the incorrect enforcement of CSP.
References
Bug 1377426
#CVE-2017-7799: Self-XSS XUL injection in about:webrtc
Reporter
Frederik Braun
Impact
moderate
Description
JavaScript in the about:webrtc page is not sanitized properly being being assigned to innerHTML. Data on this page is supplied by WebRTC usage and is not under third-party control, making this difficult to exploit, but the vulnerability could possibly be used for a cross-site scripting (XSS) attack.
References
Bug 1372509
#CVE-2017-7783: DOS attack through long username in URL
Reporter
Amit Sangra
Impact
low
Description
If a long user name is used in a username/password combination in a site URL (such as http://UserName:Password@@example.com), the resulting modal prompt will hang in a non-responsive state or crash, causing a denial of service.
References
Bug 1360842
#CVE-2017-7788: Sandboxed about:srcdoc iframes do not inherit CSP directives
Reporter
Muneaki Nishimura
Impact
low
Description
When an iframe has a sandbox attribute and its content is specified using srcdoc, that content does not inherit the containing page's Content Security Policy (CSP) as it should unless the sandbox attribute included allow-same-origin.
References
Bug 1073952
#CVE-2017-7789: Failure to enable HSTS when two STS headers are sent for a connection
Reporter
Muneaki Nishimura
Impact
low
Description
If a server sends two Strict-Transport-Security (STS) headers for a single connection, they will be rejected as invalid and HTTP Strict Transport Security (HSTS) will not be enabled for the connection.
References
Bug 1074642
#CVE-2017-7790: Windows crash reporter reads extra memory for some non-null-terminated registry values
Reporter
Xiaoyin Liu
Impact
low
Description
On Windows systems, if non-null-terminated strings are copied into the crash reporter for some specific registry keys, stack memory data can be copied until a null is found. This can potentially contain private data from the local system.
Note: This attack only affects Windows operating systems. Other operating systems are not affected.
References
Bug 1350460
#CVE-2017-7796: Windows updater can delete any file named update.log
Reporter
Matt Howell
Impact
low
Description
On Windows systems, the logger run by the Windows updater deletes the file "update.log" before it runs in order to write a new log of that name. The path to this file is supplied at the command line to the updater and could be used in concert with another local exploit to delete a different file named "update.log" instead of the one intended.
Note: This attack only affects Windows operating systems. Other operating systems are not affected.
References
Bug 1234401
#CVE-2017-7797: Response header name interning leaks across origins
Reporter
Anne van Kesteren
Impact
low
Description
Response header name interning does not have same-origin protections and these headers are stored in a global registry. This allows stored header names to be available cross-origin.
References
Bug 1334776
#CVE-2017-7780: Memory safety bugs fixed in Firefox 55
Reporter
Mozilla developers and community
Impact
critical
Description
Mozilla developers and community members Gary Kwong, Christian Holler, André Bargull, Bob Clary, Carsten Book, Emilio Cobos Álvarez, Masayuki Nakano, Sebastian Hengst, Franziskus Kiefer, Tyson Smith, and Ronald Crane reported memory safety bugs present in Firefox 54. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code.
References
Memory safety bugs fixed in Firefox 55
#CVE-2017-7779: Memory safety bugs fixed in Firefox 55 and Firefox ESR 52.3
Reporter
Mozilla developers and community
Impact
critical
Description
Mozilla developers and community members Masayuki Nakano, Gary Kwong, Ronald Crane, Andrew McCreight, Tyson Smith, Bevis Tseng, Christian Holler, Bryce Van Dyk, Dragana Damjanovic, Kartikaya Gupta, Philipp, Tristan Bourvon, and Andi-Bogdan Postelnicu reported memory safety bugs present in Firefox 54 and Firefox ESR 52.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code.
References
Memory safety bugs fixed in Firefox 55 and Firefox ESR 52.3
@
text
@d1 1
a1 1
$NetBSD$
@
1.6
log
@Update to 47.0
* Remove macOS patches, because I cannot confirm them sadly
Changelog:
New
Support for Google’s Widevine CDM on Windows and Mac OS X so streaming services like Amazon Video can switch from Silverlight to encrypted HTML5 video.
Enable VP9 video codec for users with fast machines
Embedded YouTube videos now play with HTML5 video if Flash is not installed.
View and search open tabs from your smartphone or another computer in a sidebar
Allow no-cache on back/forward navigations for https resources
Latgalu [ltg] locale added. Wikipedia tells us there are 164,500 daily speakers.
Fixed
Various security fixes
Changed
FUEL (Firefox User Extension Library) has been removed. Add-ons relying on it will stop working.
The browser.sessionstore.restore_on_demand preference has been reset to its default value (true) to avoid e10s performance problems. Because faster is better!
The Firefox click-to-activate plugin whitelist has been removed.
XRender is no longer used for rendering web content on Linux as this may cause a regression in remote X performance
Developer
Web platform changes
View, start,and debug registered Service Workers in the Service Workers developer tool
Simulate Push messages in the Service Workers developer tool
'Start' button for service workers in about:debugging to start registered Service Workers
Changes that can affect add-on compatibility
Added support for ChaCha20/Poly1305 cipher suites
Custom user agents supported in Responsive Design Mode
Smart multi-line input in the Web Console
Developer Information
HTML5
cuechange events are now available on TextTrack objects
WebCrypto: PBKDF2 supports SHA-2 hash algorithms
WebCrypto: RSA-PSS signature support
Fixed in Firefox 47
2016-61 Network Security Services (NSS) vulnerabilities
2016-60 Java applets bypass CSP protections
2016-59 Information disclosure of disabled plugins through CSS pseudo-classes
2016-58 Entering fullscreen and persistent pointerlock without user permission
2016-57 Incorrect icon displayed on permissions notifications
2016-56 Use-after-free when textures are used in WebGL operations after recycle pool destruction
2016-55 File overwrite and privilege escalation through Mozilla Windows updater
2016-54 Partial same-origin-policy through setting location.host through data URI
2016-53 Out-of-bounds write with WebGL shader
2016-52 Addressbar spoofing though the SELECT element
2016-51 Use-after-free deleting tables from a contenteditable document
2016-50 Buffer overflow parsing HTML5 fragments
2016-49 Miscellaneous memory safety hazards (rv:47.0 / rv:45.2)
@
text
@d1 1
a1 1
$NetBSD: patch-toolkit_xre_nsAppRunner.cpp,v 1.5 2015/01/30 07:32:24 pho Exp $
d3 1
a3 16
MacOS X < 10.6 had an undocumented behavior concerning execve(2)
inside a threaded process. If a process tried to call execve(2) and
had more than one active thread, the kernel returned ENOTSUP. So we
have to either fork(2) or vfork(2) before calling execve(2) to make
sure the caller is single-threaded as otherwise the application fails
to restart itself.
__mac_execve() in XNU 1228 (Darwin 9, MacOS X 10.5) had the
restriction:
http://www.opensource.apple.com/source/xnu/xnu-1228.15.4/bsd/kern/kern_exec.c
In XNU 1456 (Darwin 10, MacOS X 10.6) the multi-threaded check
disappeared:
http://www.opensource.apple.com/source/xnu/xnu-1456.1.26/bsd/kern/kern_exec.c
--- toolkit/xre/nsAppRunner.cpp.orig 2015-01-30 04:06:22.000000000 +0000
d5 22
a26 3
@@@@ -1768,6 +1768,18 @@@@ static nsresult LaunchChild(nsINativeApp
if (NS_FAILED(rv))
return rv;
d28 2
a29 23
+#if defined(XP_DARWIN)
+ pid_t pid = vfork();
+ if (pid == 0) { // child
+ if (execv(exePath.get(), gRestartArgv) == -1) {
+ _exit(1);
+ }
+ }
+ else if (pid == -1) {
+ return NS_ERROR_FAILURE;
+ }
+#else
+
#if defined(XP_UNIX)
if (execv(exePath.get(), gRestartArgv) == -1)
return NS_ERROR_FAILURE;
@@@@ -1781,6 +1793,7 @@@@ static nsresult LaunchChild(nsINativeApp
if (failed || exitCode)
return NS_ERROR_FAILURE;
#endif // XP_UNIX
+#endif // XP_DARWIN
#endif // WP_WIN
#endif // WP_MACOSX
#endif // MOZ_WIDGET_ANDROID
@
1.5
log
@Fix many issues on Darwin
PLIST:
* lib/firefox/libmozglue.so is built and installed as a shared
library on some platforms including Darwin.
mozilla-common.mk:
* Sandboxing support is only available when the toolkit is
cairo-cocoa.
* It tries to use MacOS X 10.6 SDK by default, which is not always
possible.
patches/patch-build_gyp.mozbuild:
* Don't assume iOS just because the toolkit is not cocoa. Ideally
there should be an AC_SUBST just like 'ARM_ARCH' but nothing
exists currently.
* MacOS X SDK version should be able to configure with ./configure
--enable-macos-target=VER
patches/patch-extensions_spellcheck_hunspell_src_mozHunspell.cpp:
* NS_NewNativeLocalFile() can fail and leave hunDir null, so we must
check if it succeeded. This is not Darwin specific though.
* "%%LOCALBASE%%" in the hunspell path is currently not substituted,
which looks very erroneous to me. But since I don't know why
ryoon@@ changed it from "@@PREFIX@@" to "%%LOCALBASE%%" I leave it as
it is.
patches/patch-ipc_glue_moz.build:
* Don't assume cocoa toolkit just because OS_ARCH is Darwin.
patches/patch-js_src_asmjs_AsmJSSignalHandlers.cpp:
* Increase portability for non-x86 Darwin by not hardwiring
x86_THREAD_STATE.
patches/patch-js_xpconnect_src_xpcprivate.h:
* The declaration has to be C++11 'extern template', otherwise
non-weak symbol collision will occur between libmozjs and
libxul. We can't easily test if the feature is supported by
compiler due to GCC bug #1773:
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=1773
patches/patch-memory_mozalloc_VolatileBufferOSX.cpp:
* Try to fallback to valloc(3) if posix_memalign(3) is not
avialble. It has been added since MacOS 10.6.
patches/patch-toolkit_library_moz.build:
* GSTREAMER_LIBS are linked to libxul on Darwin, while they are
dlopen(3)'ed at runtime on other platforms. The problem is that
the toolkit being cocoa isn't relevant at all. It's Darwin that
needs the special handling, not Cocoa.
patches/patch-toolkit_xre_nsAppRunner.cpp:
* MacOS X < 10.6 had an undocumented behavior concerning execve(2)
inside a threaded process. If a process tried to call execve(2)
and had more than one active thread, the kernel returned
ENOTSUP. So we have to either fork(2) or vfork(2) before calling
execve(2) to make sure the caller is single-threaded as otherwise
the application fails to restart itself.
patches/patch-xpcom_base_nsStackWalk.cpp,
patches/patch-xpcom_build_PoisonIOInterposer.h:
* Replace XP_MACOSX with XP_DARWIN as the former is not defined when
the toolkit is not cocoa.
patches/patch-xpcom_glue_standalone_nsXPCOMGlue.cpp:
* Fix inconsistent use of XP_DARWIN and XP_MACOSX:
LEADING_UNDERSCORE should be empty when we are going to load XPCOM
using dlopen(3), not NSAddImage().
@
text
@d1 1
a1 1
$NetBSD$
@
1.4
log
@Update to 30.0
* debug build is broken
Changelog:
New
Sidebars button in browser chrome enables faster access to social, bookmark, & history sidebars
New
Mac OS X command-E sets find term to selected text
New
Support for GStreamer 1.0
Changed
Disallow calling WebIDL constructors as functions on the web
Developer
With the exception of those bundled inside an extension or ones that are whitelisted, plugins will no longer be activated by default (see blog post)
Developer
Fixes to box-shadow and other visual overflow (see bug 480888)
Developer
Mute and volume available per window when using WebAudio
Developer
background-blend-mode enabled by default
Developer
Use of line-height allowed for
Developer
ES6 array and generator comprehensions implemented (read docs for more details)
Developer
Error stack now contains column number
Developer
Support for alpha option in canvas context options (feature description)
Fixed
Ignore autocomplete="off" when offering to save passwords via the password manager (see 956906)
Fixed
TypedArrays don't support new named properties (see 695438)
Fixed
Various security fixes
Fixed in Firefox 30
MFSA 2014-54 Buffer overflow in Gamepad API
MFSA 2014-53 Buffer overflow in Web Audio Speex resampler
MFSA 2014-52 Use-after-free with SMIL Animation Controller
MFSA 2014-51 Use-after-free in Event Listener Manager
MFSA 2014-50 Clickjacking through cursor invisability after Flash interaction
MFSA 2014-49 Use-after-free and out of bounds issues found using Address Sanitizer
MFSA 2014-48 Miscellaneous memory safety hazards (rv:30.0 / rv:24.6)
@
text
@d1 1
a1 1
$NetBSD: patch-toolkit_xre_nsAppRunner.cpp,v 1.3 2014/06/06 01:05:50 pho Exp $
d18 1
a18 1
--- toolkit/xre/nsAppRunner.cpp.orig 2014-05-06 22:56:36.000000000 +0000
d20 6
a25 6
@@@@ -1715,6 +1715,16 @@@@ static nsresult LaunchChild(nsINativeApp
#elif defined(XP_OS2)
if (_execv(exePath.get(), gRestartArgv) == -1)
return NS_ERROR_FAILURE;
+#elif defined(XP_DARWIN)
+ pid_t pid = fork();
d27 3
a29 3
+ if (execv(exePath.get(), gRestartArgv) == -1) {
+ _exit(1);
+ }
d32 1
a32 1
+ return NS_ERROR_FAILURE;
d34 3
a36 1
#elif defined(XP_UNIX)
d39 8
@
1.3
log
@Let application restart work on MacOS X < 10.6
MacOS X < 10.6 had an undocumented behavior concerning execve(2)
inside a threaded process. If a process tried to call execve(2) and
had more than one active thread, the kernel returned ENOTSUP. So we
have to either fork(2) or vfork(2) before calling execve(2) to make
sure the caller is single-threaded as otherwise the application fails
to restart itself.
@
text
@d1 1
a1 1
$NetBSD$
@
1.2
log
@PR pkg/48840: Remove most patches that I have recently added
The preprocessor macro XP_MACOSX is misused everywhere. They tend to
say "#if defined(XP_MACOSX)" to actually mean
"#if defined(MOZ_WIDGET_COCOA)". It's okay to equate XP_MACOSX with
XP_DARWIN but equating it with MOZ_WIDGET_COCOA is just wrong. As a
result, cairo-gtk2 build on Darwin is completely broken and needs
heavy patching. Ideally they should be fixed individually but that
will be an extremely hard work, so don't define XP_MACOSX for now.
@
text
@d1 1
a1 1
$NetBSD: patch-toolkit_xre_nsAppRunner.cpp,v 1.1 2014/05/29 15:38:19 pho Exp $
d3 14
a16 1
Don't assume cocoa toolkit just because OS_ARCH is Darwin.
d20 17
a36 99
@@@@ -37,7 +37,7 @@@@
#include "EventTracer.h"
#endif
-#ifdef XP_MACOSX
+#ifdef MOZ_WIDGET_COCOA
#include "nsVersionComparator.h"
#include "MacLaunchHelper.h"
#include "MacApplicationDelegate.h"
@@@@ -158,7 +158,7 @@@@
#include
#endif
-#ifdef XP_MACOSX
+#ifdef MOZ_WIDGET_COCOA
#include "nsILocalFileMac.h"
#include "nsCommandLineServiceMac.h"
#endif
@@@@ -177,7 +177,7 @@@@
#include
#endif
-#if defined (XP_MACOSX)
+#if defined (MOZ_WIDGET_COCOA)
#include
#endif
@@@@ -1072,7 +1072,7 @@@@ nsXULAppInfo::WriteMinidumpForException(
NS_IMETHODIMP
nsXULAppInfo::AppendObjCExceptionInfoToAppNotes(void* aException)
{
-#ifdef XP_MACOSX
+#ifdef MOZ_WIDGET_COCOA
return CrashReporter::AppendObjCExceptionInfoToAppNotes(aException);
#else
return NS_ERROR_NOT_IMPLEMENTED;
@@@@ -1145,7 +1145,7 @@@@ ScopedXPCOMStartup::~ScopedXPCOMStartup(
NS_IF_RELEASE(gNativeAppSupport);
if (mServiceManager) {
-#ifdef XP_MACOSX
+#ifdef MOZ_WIDGET_COCOA
// On OS X, we need a pool to catch cocoa objects that are autoreleased
// during teardown.
mozilla::MacAutoreleasePool pool;
@@@@ -1682,7 +1682,7 @@@@ static nsresult LaunchChild(nsINativeApp
#if defined(MOZ_WIDGET_ANDROID)
mozilla::widget::android::GeckoAppShell::ScheduleRestart();
#else
-#if defined(XP_MACOSX)
+#if defined(MOZ_WIDGET_COCOA)
CommandLineServiceMac::SetupMacCommandLine(gRestartArgc, gRestartArgv, true);
uint32_t restartMode = 0;
restartMode = gRestartMode;
@@@@ -1767,7 +1767,7 @@@@ ProfileLockedDialog(nsIFile* aProfileDir
const char16_t* params[] = {appName.get(), appName.get()};
nsXPIDLString killMessage;
-#ifndef XP_MACOSX
+#ifndef MOZ_WIDGET_COCOA
static const char16_t kRestartNoUnlocker[] = {'r','e','s','t','a','r','t','M','e','s','s','a','g','e','N','o','U','n','l','o','c','k','e','r','\0'}; // "restartMessageNoUnlocker"
static const char16_t kRestartUnlocker[] = {'r','e','s','t','a','r','t','M','e','s','s','a','g','e','U','n','l','o','c','k','e','r','\0'}; // "restartMessageUnlocker"
#else
@@@@ -1927,7 +1927,7 @@@@ ShowProfileManager(nsIToolkitProfileServ
rv = xpcom.SetWindowCreator(aNative);
NS_ENSURE_SUCCESS(rv, NS_ERROR_FAILURE);
-#ifdef XP_MACOSX
+#ifdef MOZ_WIDGET_COCOA
CommandLineServiceMac::SetupMacCommandLine(gRestartArgc, gRestartArgv, true);
#endif
@@@@ -3142,7 +3142,7 @@@@ XREMain::XRE_mainInit(bool* aExitFlag)
}
#endif
-#ifdef XP_MACOSX
+#ifdef MOZ_WIDGET_COCOA
if (EnvHasValue("MOZ_LAUNCHED_CHILD")) {
// This is needed, on relaunch, to force the OS to use the "Cocoa Dock
// API". Otherwise the call to ReceiveNextEvent() below will make it
@@@@ -3226,7 +3226,7 @@@@ XREMain::XRE_mainInit(bool* aExitFlag)
}
#endif
-#ifdef XP_MACOSX
+#ifdef MOZ_WIDGET_COCOA
if (GetCurrentEventKeyModifiers() & optionKey)
gSafeMode = true;
#endif
@@@@ -4033,7 +4033,7 @@@@ XREMain::XRE_mainRun()
g_unsetenv ("DESKTOP_STARTUP_ID");
#endif
-#ifdef XP_MACOSX
+#ifdef MOZ_WIDGET_COCOA
// Set up ability to respond to system (Apple) events. This must be
// done before setting up the command line service.
SetupMacApplicationDelegate();
@
1.1
log
@PR pkg/48840: Don't assume cocoa toolkit just because OS_ARCH is Darwin
@
text
@d1 1
a1 1
$NetBSD$
@