commit e0e6bfd780cdbb529aecc57699a8f410f667c62f Author: Georg Koppen gk@torproject.org Date: Mon Oct 30 09:44:58 2017 +0000
Applying patch for bug 24052 --- projects/firefox/24052.patch | 57 ++++++++++++++++++++++++++++++++++++++++++++ projects/firefox/build | 4 ++++ projects/firefox/config | 2 ++ 3 files changed, 63 insertions(+)
diff --git a/projects/firefox/24052.patch b/projects/firefox/24052.patch new file mode 100644 index 0000000..a418a97 --- /dev/null +++ b/projects/firefox/24052.patch @@ -0,0 +1,57 @@ +From c5d1bb91512f9dd20e0f54c6f3e6979588cf9f56 Mon Sep 17 00:00:00 2001 +From: Georg Koppen gk@torproject.org +Date: Fri, 27 Oct 2017 20:40:57 +0000 +Subject: [PATCH] Bug 24052: Streamline handling of file:// resources + +We should make sure restrictions regarding loading of file:// resources +are adhered to more strictly, at least on *nix platforms. + +This is a workaround for +https://bugzilla.mozilla.org/show_bug.cgi?id=1412081. + +diff --git a/netwerk/base/nsIOService.cpp b/netwerk/base/nsIOService.cpp +index 0da79c18ae41..0cc67da7b18f 100644 +--- a/netwerk/base/nsIOService.cpp ++++ b/netwerk/base/nsIOService.cpp +@@ -789,12 +789,20 @@ nsIOService::NewChannelFromURIWithProxyFlagsInternal(nsIURI* aURI, + // if calling newChannel2() fails we try to fall back to + // creating a new channel by calling NewChannel(). + if (NS_FAILED(rv)) { ++#ifdef XP_UNIX ++ if (rv == NS_ERROR_FILE_TARGET_DOES_NOT_EXIST) { ++ return rv; ++ } else { ++#endif + rv = handler->NewChannel(aURI, getter_AddRefs(channel)); + NS_ENSURE_SUCCESS(rv, rv); + // The protocol handler does not implement NewChannel2, so + // maybe we need to wrap the channel (see comment in MaybeWrap + // function). + channel = nsSecCheckWrapChannel::MaybeWrap(channel, aLoadInfo); ++#ifdef XP_UNIX ++ } ++#endif + } + } + +diff --git a/netwerk/protocol/file/nsFileProtocolHandler.cpp b/netwerk/protocol/file/nsFileProtocolHandler.cpp +index e55cb9d47460..c24c928b6f02 100644 +--- a/netwerk/protocol/file/nsFileProtocolHandler.cpp ++++ b/netwerk/protocol/file/nsFileProtocolHandler.cpp +@@ -188,6 +188,13 @@ nsFileProtocolHandler::NewChannel2(nsIURI* uri, + nsILoadInfo* aLoadInfo, + nsIChannel** result) + { ++#ifdef XP_UNIX ++ if (aLoadInfo && aLoadInfo->TriggeringPrincipal()) { ++ if (aLoadInfo->TriggeringPrincipal()->GetIsCodebasePrincipal()) { ++ return NS_ERROR_FILE_TARGET_DOES_NOT_EXIST; ++ } ++ } ++#endif + nsFileChannel *chan = new nsFileChannel(uri); + if (!chan) + return NS_ERROR_OUT_OF_MEMORY; +-- +2.14.2 + diff --git a/projects/firefox/build b/projects/firefox/build index 8ff265d..97b148d 100644 --- a/projects/firefox/build +++ b/projects/firefox/build @@ -86,6 +86,10 @@ fi export CC='gcc -m32' [% END -%]
+[% IF c("var/linux") || c("var/osx") %] + patch -p1 < $rootdir/24052.patch +[% END -%] + rm -f configure rm -f js/src/configure make -f client.mk configure CONFIGURE_ARGS="--with-tor-browser-version=[% c("var/torbrowser_version") %] --with-distribution-id=org.torproject --enable-update-channel=[% c("var/torbrowser_update_channel") %] --enable-bundled-fonts" diff --git a/projects/firefox/config b/projects/firefox/config index 85a4f00..c0c620f 100644 --- a/projects/firefox/config +++ b/projects/firefox/config @@ -81,6 +81,8 @@ input_files: enable: '[% c("var/linux") %]' - filename: fix-info-plist.py enable: '[% c("var/osx") %]' + - filename: 24052.patch + enable: '[% c("var/linux") || c("var/osx") %]' - URL: https://people.torproject.org/~gk/mirrors/sources/msvcr100.dll sha256sum: 8793353461826fbd48f25ea8b835be204b758ce7510db2af631b28850355bd18 enable: '[% c("var/windows") %]'