commit f1366de5a2a67dc5fda27718135ee2cff28c344d Author: Georg Koppen gk@torproject.org Date: Mon Oct 30 08:45:44 2017 +0000
Apply patch for bug 24052 --- gitian/descriptors/linux/gitian-firefox.yml | 2 + gitian/descriptors/mac/gitian-firefox.yml | 2 + gitian/patches/24052.patch | 57 +++++++++++++++++++++++++++++ 3 files changed, 61 insertions(+)
diff --git a/gitian/descriptors/linux/gitian-firefox.yml b/gitian/descriptors/linux/gitian-firefox.yml index 1ff66a2..766bf99 100644 --- a/gitian/descriptors/linux/gitian-firefox.yml +++ b/gitian/descriptors/linux/gitian-firefox.yml @@ -36,6 +36,7 @@ files: - "re-dzip.sh" - "dzip.sh" - "versions" +- "24052.patch" script: | source versions INSTDIR="$HOME/install" @@ -88,6 +89,7 @@ script: | mkdir -p $INSTDIR/Debug/Browser/
cd tor-browser + patch -p1 < ../24052.patch # run get-moz-build-date before removing .git, which is used to get the year chmod +x ~/build/get-moz-build-date eval $(~/build/get-moz-build-date $(cat browser/config/version.txt)) diff --git a/gitian/descriptors/mac/gitian-firefox.yml b/gitian/descriptors/mac/gitian-firefox.yml index 73c46bf..f47afc8 100644 --- a/gitian/descriptors/mac/gitian-firefox.yml +++ b/gitian/descriptors/mac/gitian-firefox.yml @@ -24,6 +24,7 @@ files: - "dzip.sh" - "fix-info-plist.py" - "versions" +- "24052.patch" script: | INSTDIR="$HOME/install/" source versions @@ -36,6 +37,7 @@ script: | mkdir -p $OUTDIR/
cd tor-browser + patch -p1 < ../24052.patch # Extracting all the necessary tools tar xaf ../MacOSX10.7.sdk.tar.gz tar xaf ../cctools.tar.gz diff --git a/gitian/patches/24052.patch b/gitian/patches/24052.patch new file mode 100644 index 0000000..a418a97 --- /dev/null +++ b/gitian/patches/24052.patch @@ -0,0 +1,57 @@ +From c5d1bb91512f9dd20e0f54c6f3e6979588cf9f56 Mon Sep 17 00:00:00 2001 +From: Georg Koppen gk@torproject.org +Date: Fri, 27 Oct 2017 20:40:57 +0000 +Subject: [PATCH] Bug 24052: Streamline handling of file:// resources + +We should make sure restrictions regarding loading of file:// resources +are adhered to more strictly, at least on *nix platforms. + +This is a workaround for +https://bugzilla.mozilla.org/show_bug.cgi?id=1412081. + +diff --git a/netwerk/base/nsIOService.cpp b/netwerk/base/nsIOService.cpp +index 0da79c18ae41..0cc67da7b18f 100644 +--- a/netwerk/base/nsIOService.cpp ++++ b/netwerk/base/nsIOService.cpp +@@ -789,12 +789,20 @@ nsIOService::NewChannelFromURIWithProxyFlagsInternal(nsIURI* aURI, + // if calling newChannel2() fails we try to fall back to + // creating a new channel by calling NewChannel(). + if (NS_FAILED(rv)) { ++#ifdef XP_UNIX ++ if (rv == NS_ERROR_FILE_TARGET_DOES_NOT_EXIST) { ++ return rv; ++ } else { ++#endif + rv = handler->NewChannel(aURI, getter_AddRefs(channel)); + NS_ENSURE_SUCCESS(rv, rv); + // The protocol handler does not implement NewChannel2, so + // maybe we need to wrap the channel (see comment in MaybeWrap + // function). + channel = nsSecCheckWrapChannel::MaybeWrap(channel, aLoadInfo); ++#ifdef XP_UNIX ++ } ++#endif + } + } + +diff --git a/netwerk/protocol/file/nsFileProtocolHandler.cpp b/netwerk/protocol/file/nsFileProtocolHandler.cpp +index e55cb9d47460..c24c928b6f02 100644 +--- a/netwerk/protocol/file/nsFileProtocolHandler.cpp ++++ b/netwerk/protocol/file/nsFileProtocolHandler.cpp +@@ -188,6 +188,13 @@ nsFileProtocolHandler::NewChannel2(nsIURI* uri, + nsILoadInfo* aLoadInfo, + nsIChannel** result) + { ++#ifdef XP_UNIX ++ if (aLoadInfo && aLoadInfo->TriggeringPrincipal()) { ++ if (aLoadInfo->TriggeringPrincipal()->GetIsCodebasePrincipal()) { ++ return NS_ERROR_FILE_TARGET_DOES_NOT_EXIST; ++ } ++ } ++#endif + nsFileChannel *chan = new nsFileChannel(uri); + if (!chan) + return NS_ERROR_OUT_OF_MEMORY; +-- +2.14.2 +