From d2264d1d39ab029314c2868a4089991eaeec65a9 Mon Sep 17 00:00:00 2001
From: landry <landry@openbsd.org>
Date: Thu, 24 Mar 2011 11:41:11 +0000
Subject: [PATCH] Assorted fixes for:
 https://bugzilla.mozilla.org/show_bug.cgi?id=643137 (crash on sparc64 when
 displaying opentypes fonts, fix from tobias ulmer)
 https://bugzilla.mozilla.org/show_bug.cgi?id=644012 (crash on ssl certs with
 empty issuer name, pointed our by roberth at openbsd dot pap dot st and
 mikolaj kucharski)

---
 www/firefox35/Makefile                        |  4 +--
 ...patch-gfx_ots_include_opentype-sanitiser_h | 17 +++++++++++++
 ...ecurity_manager_ssl_src_nsNSSCallbacks_cpp | 25 +++++++++++++++++++
 www/mozilla-firefox/Makefile                  |  3 ++-
 ...patch-gfx_ots_include_opentype-sanitiser_h | 17 +++++++++++++
 ...ecurity_manager_ssl_src_nsNSSCallbacks_cpp | 25 +++++++++++++++++++
 www/seamonkey/Makefile                        |  3 ++-
 ...zilla_gfx_ots_include_opentype-sanitiser_h | 17 +++++++++++++
 ...ecurity_manager_ssl_src_nsNSSCallbacks_cpp | 25 +++++++++++++++++++
 9 files changed, 132 insertions(+), 4 deletions(-)
 create mode 100644 www/firefox35/patches/patch-gfx_ots_include_opentype-sanitiser_h
 create mode 100644 www/firefox35/patches/patch-security_manager_ssl_src_nsNSSCallbacks_cpp
 create mode 100644 www/mozilla-firefox/patches/patch-gfx_ots_include_opentype-sanitiser_h
 create mode 100644 www/mozilla-firefox/patches/patch-security_manager_ssl_src_nsNSSCallbacks_cpp
 create mode 100644 www/seamonkey/patches/patch-mozilla_gfx_ots_include_opentype-sanitiser_h
 create mode 100644 www/seamonkey/patches/patch-mozilla_security_manager_ssl_src_nsNSSCallbacks_cpp

diff --git a/www/firefox35/Makefile b/www/firefox35/Makefile
index 08189bb3e02..d2627d14f6f 100644
--- a/www/firefox35/Makefile
+++ b/www/firefox35/Makefile
@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.62 2011/03/23 15:27:04 landry Exp $
+# $OpenBSD: Makefile,v 1.63 2011/03/24 11:41:11 landry Exp $
 
 COMMENT =	Mozilla web browser
 
@@ -6,7 +6,7 @@ MOZILLA_VERSION =	3.5.18
 MOZILLA_BRANCH =	1.9.1
 MOZILLA_PROJECT =	firefox35
 MOZILLA_CODENAME =	browser
-REVISION =	0
+REVISION =	1
 
 SO_VERSION =	24.0
 # NOTE: Must bump minor version if any shlib's are removed from the
diff --git a/www/firefox35/patches/patch-gfx_ots_include_opentype-sanitiser_h b/www/firefox35/patches/patch-gfx_ots_include_opentype-sanitiser_h
new file mode 100644
index 00000000000..c3e7d2150d4
--- /dev/null
+++ b/www/firefox35/patches/patch-gfx_ots_include_opentype-sanitiser_h
@@ -0,0 +1,17 @@
+$OpenBSD: patch-gfx_ots_include_opentype-sanitiser_h,v 1.1 2011/03/24 11:41:11 landry Exp $
+https://bugzilla.mozilla.org/show_bug.cgi?id=643137
+--- gfx/ots/include/opentype-sanitiser.h.orig	Fri Mar 18 00:02:27 2011
++++ gfx/ots/include/opentype-sanitiser.h	Fri Mar 18 00:02:35 2011
+@@ -64,8 +64,10 @@ class OTSStream {
+     }
+ 
+     while (length >= 4) {
+-      chksum_ += ntohl(*reinterpret_cast<const uint32_t*>(
+-          reinterpret_cast<const uint8_t*>(data) + offset));
++      uint32_t tmp;
++      std::memcpy(&tmp, reinterpret_cast<const uint8_t *>(data) + offset,
++        sizeof(uint32_t));
++      chksum_ += ntohl(tmp);
+       length -= 4;
+       offset += 4;
+     }
diff --git a/www/firefox35/patches/patch-security_manager_ssl_src_nsNSSCallbacks_cpp b/www/firefox35/patches/patch-security_manager_ssl_src_nsNSSCallbacks_cpp
new file mode 100644
index 00000000000..123734607dd
--- /dev/null
+++ b/www/firefox35/patches/patch-security_manager_ssl_src_nsNSSCallbacks_cpp
@@ -0,0 +1,25 @@
+$OpenBSD: patch-security_manager_ssl_src_nsNSSCallbacks_cpp,v 1.1 2011/03/24 11:41:11 landry Exp $
+https://bugzilla.mozilla.org/show_bug.cgi?id=644012
+--- security/manager/ssl/src/nsNSSCallbacks.cpp.orig	Sat Mar 19 20:02:41 2011
++++ security/manager/ssl/src/nsNSSCallbacks.cpp	Thu Mar 24 10:53:49 2011
+@@ -1005,8 +1005,11 @@ SECStatus PR_CALLBACK AuthCertificateCallback(void* cl
+   nsNSSShutDownPreventionLock locker;
+ 
+   CERTCertificate *serverCert = SSL_PeerCertificate(fd);
++  CERTCertificateCleaner serverCertCleaner(serverCert);
++
+   if (serverCert && 
+       serverCert->serialNumber.data &&
++      serverCert->issuerName &&
+       !strcmp(serverCert->issuerName, 
+         "CN=UTN-USERFirst-Hardware,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US")) {
+ 
+@@ -1049,8 +1052,6 @@ SECStatus PR_CALLBACK AuthCertificateCallback(void* cl
+   // We want to remember the CA certs in the temp db, so that the application can find the
+   // complete chain at any time it might need it.
+   // But we keep only those CA certs in the temp db, that we didn't already know.
+-  
+-  CERTCertificateCleaner serverCertCleaner(serverCert);
+ 
+   if (serverCert) {
+     nsNSSSocketInfo* infoObject = (nsNSSSocketInfo*) fd->higher->secret;
diff --git a/www/mozilla-firefox/Makefile b/www/mozilla-firefox/Makefile
index ec83cf9a74f..bfe0278ede1 100644
--- a/www/mozilla-firefox/Makefile
+++ b/www/mozilla-firefox/Makefile
@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.171 2011/03/23 15:27:04 landry Exp $
+# $OpenBSD: Makefile,v 1.172 2011/03/24 11:41:11 landry Exp $
 
 COMMENT =	Mozilla web browser
 
@@ -9,6 +9,7 @@ MOZILLA_VERSION =	3.6.16
 MOZILLA_BRANCH =	1.9.2
 MOZILLA_PROJECT =	mozilla-firefox
 MOZILLA_CODENAME =	browser
+REVISION =	0
 
 SO_VERSION =	22.2
 # NOTE: Must bump minor version if any shlib's are removed from the
diff --git a/www/mozilla-firefox/patches/patch-gfx_ots_include_opentype-sanitiser_h b/www/mozilla-firefox/patches/patch-gfx_ots_include_opentype-sanitiser_h
new file mode 100644
index 00000000000..c3e7d2150d4
--- /dev/null
+++ b/www/mozilla-firefox/patches/patch-gfx_ots_include_opentype-sanitiser_h
@@ -0,0 +1,17 @@
+$OpenBSD: patch-gfx_ots_include_opentype-sanitiser_h,v 1.1 2011/03/24 11:41:11 landry Exp $
+https://bugzilla.mozilla.org/show_bug.cgi?id=643137
+--- gfx/ots/include/opentype-sanitiser.h.orig	Fri Mar 18 00:02:27 2011
++++ gfx/ots/include/opentype-sanitiser.h	Fri Mar 18 00:02:35 2011
+@@ -64,8 +64,10 @@ class OTSStream {
+     }
+ 
+     while (length >= 4) {
+-      chksum_ += ntohl(*reinterpret_cast<const uint32_t*>(
+-          reinterpret_cast<const uint8_t*>(data) + offset));
++      uint32_t tmp;
++      std::memcpy(&tmp, reinterpret_cast<const uint8_t *>(data) + offset,
++        sizeof(uint32_t));
++      chksum_ += ntohl(tmp);
+       length -= 4;
+       offset += 4;
+     }
diff --git a/www/mozilla-firefox/patches/patch-security_manager_ssl_src_nsNSSCallbacks_cpp b/www/mozilla-firefox/patches/patch-security_manager_ssl_src_nsNSSCallbacks_cpp
new file mode 100644
index 00000000000..ce4d0ea2ea3
--- /dev/null
+++ b/www/mozilla-firefox/patches/patch-security_manager_ssl_src_nsNSSCallbacks_cpp
@@ -0,0 +1,25 @@
+$OpenBSD: patch-security_manager_ssl_src_nsNSSCallbacks_cpp,v 1.1 2011/03/24 11:41:11 landry Exp $
+https://bugzilla.mozilla.org/show_bug.cgi?id=644012
+--- security/manager/ssl/src/nsNSSCallbacks.cpp.orig	Thu Mar 24 01:18:45 2011
++++ security/manager/ssl/src/nsNSSCallbacks.cpp	Thu Mar 24 01:20:00 2011
+@@ -1007,8 +1007,11 @@ SECStatus PR_CALLBACK AuthCertificateCallback(void* cl
+   nsNSSShutDownPreventionLock locker;
+ 
+   CERTCertificate *serverCert = SSL_PeerCertificate(fd);
++  CERTCertificateCleaner serverCertCleaner(serverCert);
++
+   if (serverCert && 
+       serverCert->serialNumber.data &&
++      serverCert->issuerName &&
+       !strcmp(serverCert->issuerName, 
+         "CN=UTN-USERFirst-Hardware,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US")) {
+ 
+@@ -1051,8 +1054,6 @@ SECStatus PR_CALLBACK AuthCertificateCallback(void* cl
+   // We want to remember the CA certs in the temp db, so that the application can find the
+   // complete chain at any time it might need it.
+   // But we keep only those CA certs in the temp db, that we didn't already know.
+-  
+-  CERTCertificateCleaner serverCertCleaner(serverCert);
+ 
+   if (serverCert) {
+     nsNSSSocketInfo* infoObject = (nsNSSSocketInfo*) fd->higher->secret;
diff --git a/www/seamonkey/Makefile b/www/seamonkey/Makefile
index 351c24a6cec..60971005c58 100644
--- a/www/seamonkey/Makefile
+++ b/www/seamonkey/Makefile
@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.76 2011/03/23 15:27:04 landry Exp $
+# $OpenBSD: Makefile,v 1.77 2011/03/24 11:41:11 landry Exp $
 
 COMMENT-main =		Mozilla application suite
 COMMENT-lightning =	Mozilla Seamonkey calendar extension
@@ -12,6 +12,7 @@ MULTI_PACKAGES =	-main -lightning
 PKGNAME-main =		${PKGNAME}
 PKGNAME-lightning =	lightning-seamonkey-1.0beta1
 REVISION-lightning =	16
+REVISION-main =		0
 EPOCH-lightning =	0
 
 # must be in sync with SO_VERSION in main/enigmail/seamonkey
diff --git a/www/seamonkey/patches/patch-mozilla_gfx_ots_include_opentype-sanitiser_h b/www/seamonkey/patches/patch-mozilla_gfx_ots_include_opentype-sanitiser_h
new file mode 100644
index 00000000000..3d884c7b1cb
--- /dev/null
+++ b/www/seamonkey/patches/patch-mozilla_gfx_ots_include_opentype-sanitiser_h
@@ -0,0 +1,17 @@
+$OpenBSD: patch-mozilla_gfx_ots_include_opentype-sanitiser_h,v 1.1 2011/03/24 11:41:11 landry Exp $
+https://bugzilla.mozilla.org/show_bug.cgi?id=643137
+--- mozilla/gfx/ots/include/opentype-sanitiser.h.orig	Thu Mar 24 09:44:17 2011
++++ mozilla/gfx/ots/include/opentype-sanitiser.h	Thu Mar 24 09:44:47 2011
+@@ -64,8 +64,10 @@ class OTSStream {
+     }
+ 
+     while (length >= 4) {
+-      chksum_ += ntohl(*reinterpret_cast<const uint32_t*>(
+-          reinterpret_cast<const uint8_t*>(data) + offset));
++      uint32_t tmp;
++      std::memcpy(&tmp, reinterpret_cast<const uint8_t *>(data) + offset,
++        sizeof(uint32_t));
++      chksum_ += ntohl(tmp);
+       length -= 4;
+       offset += 4;
+     }
diff --git a/www/seamonkey/patches/patch-mozilla_security_manager_ssl_src_nsNSSCallbacks_cpp b/www/seamonkey/patches/patch-mozilla_security_manager_ssl_src_nsNSSCallbacks_cpp
new file mode 100644
index 00000000000..7d28396ef4e
--- /dev/null
+++ b/www/seamonkey/patches/patch-mozilla_security_manager_ssl_src_nsNSSCallbacks_cpp
@@ -0,0 +1,25 @@
+$OpenBSD: patch-mozilla_security_manager_ssl_src_nsNSSCallbacks_cpp,v 1.1 2011/03/24 11:41:11 landry Exp $
+https://bugzilla.mozilla.org/show_bug.cgi?id=644012
+--- mozilla/security/manager/ssl/src/nsNSSCallbacks.cpp.orig	Sun Mar 20 21:56:57 2011
++++ mozilla/security/manager/ssl/src/nsNSSCallbacks.cpp	Thu Mar 24 11:03:50 2011
+@@ -1005,8 +1005,11 @@ SECStatus PR_CALLBACK AuthCertificateCallback(void* cl
+   nsNSSShutDownPreventionLock locker;
+ 
+   CERTCertificate *serverCert = SSL_PeerCertificate(fd);
++  CERTCertificateCleaner serverCertCleaner(serverCert);
++
+   if (serverCert && 
+       serverCert->serialNumber.data &&
++      serverCert->issuerName &&
+       !strcmp(serverCert->issuerName, 
+         "CN=UTN-USERFirst-Hardware,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US")) {
+ 
+@@ -1049,8 +1052,6 @@ SECStatus PR_CALLBACK AuthCertificateCallback(void* cl
+   // We want to remember the CA certs in the temp db, so that the application can find the
+   // complete chain at any time it might need it.
+   // But we keep only those CA certs in the temp db, that we didn't already know.
+-  
+-  CERTCertificateCleaner serverCertCleaner(serverCert);
+ 
+   if (serverCert) {
+     nsNSSSocketInfo* infoObject = (nsNSSSocketInfo*) fd->higher->secret;