cpet/openbsd-ports
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

update to 1.5.0.2

Browse Source 
fixes multiple critical vulnerabilities
This commit is contained in:
wilfried 2006-05-02 07:25:20 +00:00
parent 4a4a37a5b6
commit cc76f5c22f
4 changed files with 8 additions and 118 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
mail/mozilla-thunderbird/Makefile
View File

@ -1,13 +1,13 @@
# $OpenBSD: Makefile,v 1.37 2006/02/12 19:31:36 david Exp $
# $OpenBSD: Makefile,v 1.38 2006/05/02 07:25:20 wilfried Exp $
ONLY_FOR_ARCHS= alpha amd64 i386 powerpc sparc sparc64
COMMENT= "redesign of the integrated Mozilla App-Suite mail component"
VER= 1.5
VER= 1.5.0.2
DISTNAME= mozilla
PKGNAME= mozilla-thunderbird-${VER}p2
SO_VERSION= 6.0
PKGNAME= mozilla-thunderbird-${VER}
SO_VERSION= 7.0
# NOTE: Must bump minor version if any shlib's are removed from the
# components dir to avoid pkg_add -r issues.
.for _lib in accessibility appcomps auth autoconfig caps chrome commandlines \

8
mail/mozilla-thunderbird/distinfo
View File

@ -1,4 +1,4 @@
MD5 (thunderbird-1.5-source.tar.bz2) = 781c1cd1a01583d9b666d8c2fe4288e6
RMD160 (thunderbird-1.5-source.tar.bz2) = 5c3a8c42c1239144c8498a81a791a534345cda3c
SHA1 (thunderbird-1.5-source.tar.bz2) = b0ac4efc42b9faab6c95d9aadad03d8b61ee686a
SIZE (thunderbird-1.5-source.tar.bz2) = 35028308
MD5 (thunderbird-1.5.0.2-source.tar.bz2) = 3f32b847330c9d58297147be19714962
RMD160 (thunderbird-1.5.0.2-source.tar.bz2) = 8aaf02c205b131a38fa0384fe6126eec325c3e9e
SHA1 (thunderbird-1.5.0.2-source.tar.bz2) = 6805470f93871916909e4fb4fea9c1354a76ec25
SIZE (thunderbird-1.5.0.2-source.tar.bz2) = 35880369

56
mail/mozilla-thunderbird/patches/patch-toolkit_components_history_src_nsGlobalHistory_cpp
View File

@ -1,56 +0,0 @@
$OpenBSD: patch-toolkit_components_history_src_nsGlobalHistory_cpp,v 1.1 2006/01/23 12:34:06 wilfried Exp $
--- toolkit/components/history/src/nsGlobalHistory.cpp.orig Sun Oct 23 14:55:54 2005
+++ toolkit/components/history/src/nsGlobalHistory.cpp Tue Dec 20 21:45:57 2005
@@ -113,6 +113,11 @@ nsIPrefBranch* nsGlobalHistory::gPrefBra
#define FIND_BY_AGEINDAYS_PREFIX "find:datasource=history&match=AgeInDays&method="
+// see bug #319004 -- clamp title and URL to generously-large but not too large
+// length
+#define HISTORY_URI_LENGTH_MAX 65536
+#define HISTORY_TITLE_LENGTH_MAX 4096
+
// sync history every 10 seconds
#define HISTORY_SYNC_TIMEOUT (10 * PR_MSEC_PER_SEC)
//#define HISTORY_SYNC_TIMEOUT 3000 // every 3 seconds - testing only!
@@ -618,6 +623,9 @@ nsGlobalHistory::AddPageToDatabase(nsIUR
rv = aURI->GetSpec(URISpec);
NS_ENSURE_SUCCESS(rv, rv);
+ if (URISpec.Length() > HISTORY_URI_LENGTH_MAX)
+ return NS_OK;
+
#ifdef DEBUG_bsmedberg
printf("AddURI: %s%s%s",
URISpec.get(),
@@ -1110,7 +1118,7 @@ nsGlobalHistory::SetPageTitle(nsIURI *aU
nsresult rv;
NS_ENSURE_ARG_POINTER(aURI);
- const nsAFlatString& titleString = PromiseFlatString(aTitle);
+ nsAutoString titleString(StringHead(aTitle, HISTORY_TITLE_LENGTH_MAX));
// skip about: URIs to avoid reading in the db (about:blank, especially)
PRBool isAbout;
@@ -1411,6 +1419,9 @@ nsGlobalHistory::HidePage(nsIURI *aURI)
rv = aURI->GetSpec(URISpec);
NS_ENSURE_SUCCESS(rv, rv);
+ if (URISpec.Length() > HISTORY_URI_LENGTH_MAX)
+ return NS_OK;
+
#ifdef DEBUG_bsmedberg
printf("nsGlobalHistory::HidePage: %s\n", URISpec.get());
#endif
@@ -1447,7 +1458,10 @@ nsGlobalHistory::MarkPageAsTyped(nsIURI
nsCAutoString spec;
nsresult rv = aURI->GetSpec(spec);
if (NS_FAILED(rv)) return rv;
-
+
+ if (spec.Length() > HISTORY_URI_LENGTH_MAX)
+ return NS_OK;
+
nsCOMPtr<nsIMdbRow> row;
rv = FindRow(kToken_URLColumn, spec.get(), getter_AddRefs(row));
if (NS_FAILED(rv)) {

54
mail/mozilla-thunderbird/patches/patch-xpfe_components_history_src_nsGlobalHistory_cpp
View File

@ -1,54 +0,0 @@
$OpenBSD: patch-xpfe_components_history_src_nsGlobalHistory_cpp,v 1.1 2006/01/23 12:34:06 wilfried Exp $
--- xpfe/components/history/src/nsGlobalHistory.cpp.orig Wed Oct 26 15:58:33 2005
+++ xpfe/components/history/src/nsGlobalHistory.cpp Tue Dec 20 21:43:18 2005
@@ -111,6 +111,11 @@ nsIPrefBranch* nsGlobalHistory::gPrefBra
#define FIND_BY_AGEINDAYS_PREFIX "find:datasource=history&match=AgeInDays&method="
+// see bug #319004 -- clamp title and URL to generously-large but not too large
+// length
+#define HISTORY_URI_LENGTH_MAX 65536
+#define HISTORY_TITLE_LENGTH_MAX 4096
+
// sync history every 10 seconds
#define HISTORY_SYNC_TIMEOUT (10 * PR_MSEC_PER_SEC)
//#define HISTORY_SYNC_TIMEOUT 3000 // every 3 seconds - testing only!
@@ -589,6 +594,9 @@ nsGlobalHistory::AddURI(nsIURI *aURI, PR
rv = aURI->GetSpec(URISpec);
NS_ENSURE_SUCCESS(rv, rv);
+ if (URISpec.Length() > HISTORY_URI_LENGTH_MAX)
+ return NS_OK;
+
nsCAutoString referrerSpec;
if (aReferrer) {
rv = aReferrer->GetSpec(referrerSpec);
@@ -1033,7 +1041,7 @@ nsGlobalHistory::SetPageTitle(nsIURI *aU
nsresult rv;
NS_ENSURE_ARG_POINTER(aURI);
- const nsAFlatString& titleString = PromiseFlatString(aTitle);
+ nsAutoString titleString(StringHead(aTitle, HISTORY_TITLE_LENGTH_MAX));
// skip about: URIs to avoid reading in the db (about:blank, especially)
PRBool isAbout;
@@ -1333,6 +1341,9 @@ nsGlobalHistory::HidePage(nsIURI *aURI)
rv = aURI->GetSpec(URISpec);
NS_ENSURE_SUCCESS(rv, rv);
+ if (URISpec.Length() > HISTORY_URI_LENGTH_MAX)
+ return NS_OK;
+
nsCOMPtr<nsIMdbRow> row;
rv = FindRow(kToken_URLColumn, URISpec.get(), getter_AddRefs(row));
@@ -1365,6 +1376,9 @@ nsGlobalHistory::MarkPageAsTyped(nsIURI
nsCAutoString spec;
nsresult rv = aURI->GetSpec(spec);
if (NS_FAILED(rv)) return rv;
+
+ if (spec.Length() > HISTORY_URI_LENGTH_MAX)
+ return NS_OK;
nsCOMPtr<nsIMdbRow> row;
rv = FindRow(kToken_URLColumn, spec.get(), getter_AddRefs(row));