[tbb-commits] [tor-browser-bundle/maint-7.0] Apply patch for bug 24052
boklm at torproject.org
boklm at torproject.org
Fri Nov 3 15:49:28 UTC 2017
commit f1366de5a2a67dc5fda27718135ee2cff28c344d
Author: Georg Koppen <gk at torproject.org>
Date: Mon Oct 30 08:45:44 2017 +0000
Apply patch for bug 24052
---
gitian/descriptors/linux/gitian-firefox.yml | 2 +
gitian/descriptors/mac/gitian-firefox.yml | 2 +
gitian/patches/24052.patch | 57 +++++++++++++++++++++++++++++
3 files changed, 61 insertions(+)
diff --git a/gitian/descriptors/linux/gitian-firefox.yml b/gitian/descriptors/linux/gitian-firefox.yml
index 1ff66a2..766bf99 100644
--- a/gitian/descriptors/linux/gitian-firefox.yml
+++ b/gitian/descriptors/linux/gitian-firefox.yml
@@ -36,6 +36,7 @@ files:
- "re-dzip.sh"
- "dzip.sh"
- "versions"
+- "24052.patch"
script: |
source versions
INSTDIR="$HOME/install"
@@ -88,6 +89,7 @@ script: |
mkdir -p $INSTDIR/Debug/Browser/
cd tor-browser
+ patch -p1 < ../24052.patch
# run get-moz-build-date before removing .git, which is used to get the year
chmod +x ~/build/get-moz-build-date
eval $(~/build/get-moz-build-date $(cat browser/config/version.txt))
diff --git a/gitian/descriptors/mac/gitian-firefox.yml b/gitian/descriptors/mac/gitian-firefox.yml
index 73c46bf..f47afc8 100644
--- a/gitian/descriptors/mac/gitian-firefox.yml
+++ b/gitian/descriptors/mac/gitian-firefox.yml
@@ -24,6 +24,7 @@ files:
- "dzip.sh"
- "fix-info-plist.py"
- "versions"
+- "24052.patch"
script: |
INSTDIR="$HOME/install/"
source versions
@@ -36,6 +37,7 @@ script: |
mkdir -p $OUTDIR/
cd tor-browser
+ patch -p1 < ../24052.patch
# Extracting all the necessary tools
tar xaf ../MacOSX10.7.sdk.tar.gz
tar xaf ../cctools.tar.gz
diff --git a/gitian/patches/24052.patch b/gitian/patches/24052.patch
new file mode 100644
index 0000000..a418a97
--- /dev/null
+++ b/gitian/patches/24052.patch
@@ -0,0 +1,57 @@
+From c5d1bb91512f9dd20e0f54c6f3e6979588cf9f56 Mon Sep 17 00:00:00 2001
+From: Georg Koppen <gk at torproject.org>
+Date: Fri, 27 Oct 2017 20:40:57 +0000
+Subject: [PATCH] Bug 24052: Streamline handling of file:// resources
+
+We should make sure restrictions regarding loading of file:// resources
+are adhered to more strictly, at least on *nix platforms.
+
+This is a workaround for
+https://bugzilla.mozilla.org/show_bug.cgi?id=1412081.
+
+diff --git a/netwerk/base/nsIOService.cpp b/netwerk/base/nsIOService.cpp
+index 0da79c18ae41..0cc67da7b18f 100644
+--- a/netwerk/base/nsIOService.cpp
++++ b/netwerk/base/nsIOService.cpp
+@@ -789,12 +789,20 @@ nsIOService::NewChannelFromURIWithProxyFlagsInternal(nsIURI* aURI,
+ // if calling newChannel2() fails we try to fall back to
+ // creating a new channel by calling NewChannel().
+ if (NS_FAILED(rv)) {
++#ifdef XP_UNIX
++ if (rv == NS_ERROR_FILE_TARGET_DOES_NOT_EXIST) {
++ return rv;
++ } else {
++#endif
+ rv = handler->NewChannel(aURI, getter_AddRefs(channel));
+ NS_ENSURE_SUCCESS(rv, rv);
+ // The protocol handler does not implement NewChannel2, so
+ // maybe we need to wrap the channel (see comment in MaybeWrap
+ // function).
+ channel = nsSecCheckWrapChannel::MaybeWrap(channel, aLoadInfo);
++#ifdef XP_UNIX
++ }
++#endif
+ }
+ }
+
+diff --git a/netwerk/protocol/file/nsFileProtocolHandler.cpp b/netwerk/protocol/file/nsFileProtocolHandler.cpp
+index e55cb9d47460..c24c928b6f02 100644
+--- a/netwerk/protocol/file/nsFileProtocolHandler.cpp
++++ b/netwerk/protocol/file/nsFileProtocolHandler.cpp
+@@ -188,6 +188,13 @@ nsFileProtocolHandler::NewChannel2(nsIURI* uri,
+ nsILoadInfo* aLoadInfo,
+ nsIChannel** result)
+ {
++#ifdef XP_UNIX
++ if (aLoadInfo && aLoadInfo->TriggeringPrincipal()) {
++ if (aLoadInfo->TriggeringPrincipal()->GetIsCodebasePrincipal()) {
++ return NS_ERROR_FILE_TARGET_DOES_NOT_EXIST;
++ }
++ }
++#endif
+ nsFileChannel *chan = new nsFileChannel(uri);
+ if (!chan)
+ return NS_ERROR_OUT_OF_MEMORY;
+--
+2.14.2
+
More information about the tbb-commits
mailing list