[tbb-commits] [tor-browser-build/master] Applying patch for bug 24052

Fri Nov 3 22:06:44 UTC 2017

commit e0e6bfd780cdbb529aecc57699a8f410f667c62f
Author: Georg Koppen <gk at torproject.org>
Date:   Mon Oct 30 09:44:58 2017 +0000

    Applying patch for bug 24052
---
 projects/firefox/24052.patch | 57 ++++++++++++++++++++++++++++++++++++++++++++
 projects/firefox/build       |  4 ++++
 projects/firefox/config      |  2 ++
 3 files changed, 63 insertions(+)

diff --git a/projects/firefox/24052.patch b/projects/firefox/24052.patch
new file mode 100644
index 0000000..a418a97
--- /dev/null
+++ b/projects/firefox/24052.patch
@@ -0,0 +1,57 @@
+From c5d1bb91512f9dd20e0f54c6f3e6979588cf9f56 Mon Sep 17 00:00:00 2001
+From: Georg Koppen <gk at torproject.org>
+Date: Fri, 27 Oct 2017 20:40:57 +0000
+Subject: [PATCH] Bug 24052: Streamline handling of file:// resources
+
+We should make sure restrictions regarding loading of file:// resources
+are adhered to more strictly, at least on *nix platforms.
+
+This is a workaround for
+https://bugzilla.mozilla.org/show_bug.cgi?id=1412081.
+
+diff --git a/netwerk/base/nsIOService.cpp b/netwerk/base/nsIOService.cpp
+index 0da79c18ae41..0cc67da7b18f 100644
+--- a/netwerk/base/nsIOService.cpp
++++ b/netwerk/base/nsIOService.cpp
+@@ -789,12 +789,20 @@ nsIOService::NewChannelFromURIWithProxyFlagsInternal(nsIURI* aURI,
+         // if calling newChannel2() fails we try to fall back to
+         // creating a new channel by calling NewChannel().
+         if (NS_FAILED(rv)) {
++#ifdef XP_UNIX
++        if (rv == NS_ERROR_FILE_TARGET_DOES_NOT_EXIST) {
++            return rv;
++        } else {
++#endif
+             rv = handler->NewChannel(aURI, getter_AddRefs(channel));
+             NS_ENSURE_SUCCESS(rv, rv);
+             // The protocol handler does not implement NewChannel2, so
+             // maybe we need to wrap the channel (see comment in MaybeWrap
+             // function).
+             channel = nsSecCheckWrapChannel::MaybeWrap(channel, aLoadInfo);
++#ifdef XP_UNIX
++        }
++#endif
+         }
+     }
+ 
+diff --git a/netwerk/protocol/file/nsFileProtocolHandler.cpp b/netwerk/protocol/file/nsFileProtocolHandler.cpp
+index e55cb9d47460..c24c928b6f02 100644
+--- a/netwerk/protocol/file/nsFileProtocolHandler.cpp
++++ b/netwerk/protocol/file/nsFileProtocolHandler.cpp
+@@ -188,6 +188,13 @@ nsFileProtocolHandler::NewChannel2(nsIURI* uri,
+                                    nsILoadInfo* aLoadInfo,
+                                    nsIChannel** result)
+ {
++#ifdef XP_UNIX
++    if (aLoadInfo && aLoadInfo->TriggeringPrincipal()) {
++      if (aLoadInfo->TriggeringPrincipal()->GetIsCodebasePrincipal()) {
++        return NS_ERROR_FILE_TARGET_DOES_NOT_EXIST;
++      }
++    }
++#endif
+     nsFileChannel *chan = new nsFileChannel(uri);
+     if (!chan)
+         return NS_ERROR_OUT_OF_MEMORY;
+-- 
+2.14.2
+
diff --git a/projects/firefox/build b/projects/firefox/build
index 8ff265d..97b148d 100644
--- a/projects/firefox/build
+++ b/projects/firefox/build
@@ -86,6 +86,10 @@ fi
   export CC='gcc -m32'
 [% END -%]
 
+[% IF c("var/linux") || c("var/osx") %]
+  patch -p1 < $rootdir/24052.patch
+[% END -%]
+
 rm -f configure
 rm -f js/src/configure
 make -f client.mk configure CONFIGURE_ARGS="--with-tor-browser-version=[% c("var/torbrowser_version") %] --with-distribution-id=org.torproject --enable-update-channel=[% c("var/torbrowser_update_channel") %] --enable-bundled-fonts"
diff --git a/projects/firefox/config b/projects/firefox/config
index 85a4f00..c0c620f 100644
--- a/projects/firefox/config
+++ b/projects/firefox/config
@@ -81,6 +81,8 @@ input_files:
     enable: '[% c("var/linux") %]'
   - filename: fix-info-plist.py
     enable: '[% c("var/osx") %]'
+  - filename: 24052.patch
+    enable: '[% c("var/linux") || c("var/osx") %]'
   - URL: https://people.torproject.org/~gk/mirrors/sources/msvcr100.dll
     sha256sum: 8793353461826fbd48f25ea8b835be204b758ce7510db2af631b28850355bd18
     enable: '[% c("var/windows") %]'



