patch for history DoS

Package-Manager: portage-2.0.53

5 files changed, 352 insertions, 2 deletions

diff --git a/www-client/mozilla-firefox/ChangeLog b/www-client/mozilla-firefox/ChangeLog
index 7f0b5bc557ca..d60da39d1cc7 100644
--- a/www-client/mozilla-firefox/ChangeLog
+++ b/www-client/mozilla-firefox/ChangeLog
@@ -1,6 +1,13 @@
 # ChangeLog for www-client/mozilla-firefox
 # Copyright 2000-2005 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/www-client/mozilla-firefox/ChangeLog,v 1.112 2005/12/06 01:51:52 anarchy Exp $
+# $Header: /var/cvsroot/gentoo-x86/www-client/mozilla-firefox/ChangeLog,v 1.113 2005/12/08 22:52:34 anarchy Exp $
+
+*mozilla-firefox-1.5-r1 (08 Dec 2005)
+
+  08 Dec 2005; Jory A. Pratt <anarchy@gentoo.org>
+  +files/1.5/mozilla-firefox-1.5-history.patch,
+  +mozilla-firefox-1.5-r1.ebuild:
+  patch to fix history DoS
 
   06 Dec 2005; Jory A. Pratt <anarchy@gentoo.org>
   mozilla-firefox-1.5.ebuild:
diff --git a/www-client/mozilla-firefox/Manifest b/www-client/mozilla-firefox/Manifest
index c3f7f5966a56..1b3b6210c405 100644
--- a/www-client/mozilla-firefox/Manifest
+++ b/www-client/mozilla-firefox/Manifest
@@ -1,4 +1,4 @@
-MD5 e842ef42f1237b8a6215285b27d26533 ChangeLog 37644
+MD5 e3a2a0a32a0caf83f6f5317f6c5dd724 ChangeLog 37843
 MD5 cc5756b8c7af5c88b248b86c73fc5c8d files/1.5/firefox-1.1-visibility.patch 930
 MD5 7847d262e628dcac303586fe02f2e8c4 files/1.5/firefox-cairo-canvas.patch 446
 MD5 91661761f2f232b08b74f5adc4f1eff0 files/1.5/firefox-nopangoxft.patch 839
@@ -6,11 +6,13 @@ MD5 362f9e0b0f25b964f7120b68fb629ee0 files/1.5/firefox-visibility.patch 689
 MD5 23d1fbd03cc6dd346a4e4ce8f2d88ebf files/1.5/mozilla-1.3-alpha-stubs.patch 4646
 MD5 ff2980bf169954f9b255029e4312b6f8 files/1.5/mozilla-firefox-1.1a2-ia64.patch 2864
 MD5 79c1e7c219dedb67d4e39ca753059b03 files/1.5/mozilla-firefox-1.5-gtk.patch 2621
+MD5 328c58524dbe1f58eea781194cc7de94 files/1.5/mozilla-firefox-1.5-history.patch 2376
 MD5 8f8d70da6eb8cf07acbbb85fb0f08636 files/1.5/mozilla-hppa.patch 7863
 MD5 1652483bf7e1d08241cd5e0436bea2ae files/10MozillaFirefox 32
 MD5 1d1a1fe09e04d58a8d9faa9f14ffd0c6 files/digest-mozilla-firefox-1.0.7-r2 231
 MD5 1d1a1fe09e04d58a8d9faa9f14ffd0c6 files/digest-mozilla-firefox-1.0.7-r3 231
 MD5 6cb9f61cd0ea68e525a6f3537a5c5563 files/digest-mozilla-firefox-1.5 291
+MD5 6cb9f61cd0ea68e525a6f3537a5c5563 files/digest-mozilla-firefox-1.5-r1 291
 MD5 8e7d6f3220336cd4467d20bbe402e09a files/embedprompter-modal.patch 1548
 MD5 48baf2f328e6478812c24e59037ff99c files/firefox-0.9-init.tar.bz2 3322
 MD5 2bd0dd9035dcb875b8340be358347e8d files/firefox-1.1-uriloader.patch 15300
@@ -43,4 +45,5 @@ MD5 f48be110754a5106f06cd313c22c4337 files/svg-cairo-0.3.0-fix.patch 1063
 MD5 ce23390351fe8020387d93ee29e09a3d metadata.xml 160
 MD5 7ec6e77c0014718ffae4a55c76acd1db mozilla-firefox-1.0.7-r2.ebuild 8564
 MD5 b686423c9050edfcfd7ff72ea4081f09 mozilla-firefox-1.0.7-r3.ebuild 9734
+MD5 a3626a3b65708e8afdd44d21c1125b2a mozilla-firefox-1.5-r1.ebuild 8931
 MD5 af83c78f670aa82820729e6065fec316 mozilla-firefox-1.5.ebuild 8847
diff --git a/www-client/mozilla-firefox/files/1.5/mozilla-firefox-1.5-history.patch b/www-client/mozilla-firefox/files/1.5/mozilla-firefox-1.5-history.patch
new file mode 100644
index 000000000000..493b5e068c8c
--- /dev/null
+++ b/www-client/mozilla-firefox/files/1.5/mozilla-firefox-1.5-history.patch
@@ -0,0 +1,63 @@
+diff -u -8 -p -r1.58.2.2 nsGlobalHistory.cpp
+--- toolkit/components/history/src/nsGlobalHistory.cpp	23 Oct 2005 18:55:54 -0000	1.58.2.2
++++ toolkit/components/history/src/nsGlobalHistory.cpp	8 Dec 2005 19:46:10 -0000
+@@ -108,16 +108,20 @@ nsIPrefBranch* nsGlobalHistory::gPrefBra
+ 
+ #define PREF_BRANCH_BASE                        "browser."
+ #define PREF_BROWSER_HISTORY_EXPIRE_DAYS        "history_expire_days"
+ #define PREF_AUTOCOMPLETE_ONLY_TYPED            "urlbar.matchOnlyTyped"
+ #define PREF_AUTOCOMPLETE_ENABLED               "urlbar.autocomplete.enabled"
+ 
+ #define FIND_BY_AGEINDAYS_PREFIX "find:datasource=history&match=AgeInDays&method="
+ 
++// see bug #319004 -- clamp title and URL to generously-large but not too large
++// length
++#define HISTORY_STRING_LENGTH_MAX 65536
++
+ // sync history every 10 seconds
+ #define HISTORY_SYNC_TIMEOUT (10 * PR_MSEC_PER_SEC)
+ //#define HISTORY_SYNC_TIMEOUT 3000 // every 3 seconds - testing only!
+ 
+ // the value of mLastNow expires every 3 seconds
+ #define HISTORY_EXPIRE_NOW_TIMEOUT (3 * PR_MSEC_PER_SEC)
+ 
+ #define MSECS_PER_DAY (PR_MSEC_PER_SEC * 60 * 60 * 24)
+@@ -1105,30 +1109,37 @@ nsGlobalHistory::GetCount(PRUint32* aCou
+ }
+ 
+ NS_IMETHODIMP
+ nsGlobalHistory::SetPageTitle(nsIURI *aURI, const nsAString& aTitle)
+ {
+   nsresult rv;
+   NS_ENSURE_ARG_POINTER(aURI);
+ 
+-  const nsAFlatString& titleString = PromiseFlatString(aTitle);
++  nsString realTitleString(aTitle);
++  if (realTitleString.Length() > HISTORY_STRING_LENGTH_MAX)
++    realTitleString.Left(realTitleString, HISTORY_STRING_LENGTH_MAX);
++
++  const nsAFlatString& titleString = PromiseFlatString(realTitleString);
+ 
+   // skip about: URIs to avoid reading in the db (about:blank, especially)
+   PRBool isAbout;
+   rv = aURI->SchemeIs("about", &isAbout);
+   NS_ENSURE_SUCCESS(rv, rv);
+   if (isAbout) return NS_OK;
+ 
+   NS_ENSURE_SUCCESS(OpenDB(), NS_ERROR_FAILURE);
+   
+   nsCAutoString URISpec;
+   rv = aURI->GetSpec(URISpec);
+   NS_ENSURE_SUCCESS(rv, rv);
+ 
++  if (URISpec.Length() > HISTORY_STRING_LENGTH_MAX)
++    URISpec.Left(URISpec, HISTORY_STRING_LENGTH_MAX);
++
+   nsCOMPtr<nsIMdbRow> row;
+   rv = FindRow(kToken_URLColumn, URISpec.get(), getter_AddRefs(row));
+ 
+   // if the row doesn't exist, we silently succeed
+   if (rv == NS_ERROR_NOT_AVAILABLE) return NS_OK;
+   NS_ENSURE_SUCCESS(rv, rv);
+ 
+   // Get the old title so we can notify observers
diff --git a/www-client/mozilla-firefox/files/digest-mozilla-firefox-1.5-r1 b/www-client/mozilla-firefox/files/digest-mozilla-firefox-1.5-r1
new file mode 100644
index 000000000000..394bdc1235e2
--- /dev/null
+++ b/www-client/mozilla-firefox/files/digest-mozilla-firefox-1.5-r1
@@ -0,0 +1,4 @@
+MD5 cb90e9f6097b975187892682ed286544 embed-typeaheadfind-1.patch 41361
+MD5 fa915ddcadecda30ed3e13694f26a779 firefox-1.5-source.tar.bz2 34491496
+MD5 a120cd14ade242622387f76875ca9c39 mozilla-1.7.10-nsplugins-v2.patch 1968
+MD5 7960994910bda4c14a52bc119f9ceefc mozilla-jslibmath-alpha.patch 625
diff --git a/www-client/mozilla-firefox/mozilla-firefox-1.5-r1.ebuild b/www-client/mozilla-firefox/mozilla-firefox-1.5-r1.ebuild
new file mode 100644
index 000000000000..abf2647acaae
--- /dev/null
+++ b/www-client/mozilla-firefox/mozilla-firefox-1.5-r1.ebuild
@@ -0,0 +1,273 @@
+# Copyright 1999-2005 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/www-client/mozilla-firefox/mozilla-firefox-1.5-r1.ebuild,v 1.1 2005/12/08 22:52:35 anarchy Exp ${PV}_rc3-r2.ebuild,v 1.1 2005/11/26 04:20:32 anarchy Exp $
+
+unset ALLOWED_FLAGS  # stupid extra-functions.sh ... bug 49179
+MOZ_FREETYPE2="no"   # Need to disable for newer .. remove here and in mozconfig
+	                 # when older is removed from tree.
+MOZ_PANGO="yes"      # Need to enable for newer .. remove here and in mozconfig
+	                 # when older is removed from tree.
+
+inherit flag-o-matic toolchain-funcs eutils mozconfig-2 mozilla-launcher makeedit multilib fdo-mime versionator
+
+DESCRIPTION="Firefox Web Browser"
+HOMEPAGE="http://www.mozilla.org/projects/firefox/"
+SRC_URI="ftp://ftp.mozilla.org/pub/mozilla.org/firefox/releases/${PV}/source/firefox-${PV}-source.tar.bz2
+	mirror://gentoo/mozilla-jslibmath-alpha.patch
+	mirror://gentoo/embed-typeaheadfind-1.patch
+	http://dev.gentoo.org/~agriffis/dist/mozilla-1.7.10-nsplugins-v2.patch"
+
+KEYWORDS="-* ~amd64 ~ppc ~x86"
+SLOT="0"
+LICENSE="MPL-1.1 NPL-1.1"
+IUSE="java mozdevelop canvas"
+
+RDEPEND="java? ( virtual/jre )
+	>=www-client/mozilla-launcher-1.39"
+
+DEPEND="${RDEPEND}
+	java? ( >=dev-java/java-config-0.2.0 )"
+
+S=${WORKDIR}/mozilla
+
+# Needed by src_compile() and src_install().
+# Would do in pkg_setup but that loses the export attribute, they
+# become pure shell variables.
+export MOZ_CO_PROJECT=browser
+export BUILD_OFFICIAL=1
+export MOZILLA_OFFICIAL=1
+
+src_unpack() {
+	unpack firefox-${PV}-source.tar.bz2
+	cd ${S} || die "cd failed"
+
+	####################################
+	#
+	# architecture patches
+	#
+	####################################
+
+	# alpha stubs patch from lfs project.
+	# <taviso@gentoo.org> (26 Jun 2003)
+	use alpha && epatch ${FILESDIR}/${PV}/mozilla-1.3-alpha-stubs.patch
+
+	# addresses visibility issues on ppc and amd64
+	# will not hurt to apply on other archs as well.
+	epatch ${FILESDIR}/${PV}/firefox-1.1-visibility.patch
+
+	# hppa patches from Ivar <orskaug@stud.ntnu.no>
+	# <gmsoft@gentoo.org> (22 Dec 2004)
+	epatch ${FILESDIR}/${PV}/mozilla-hppa.patch
+
+	# patch to solve segfaults on ia64, from Debian, originally from David
+	# Mosberger
+	epatch ${FILESDIR}/${PV}/mozilla-firefox-1.1a2-ia64.patch
+
+	# patch to fix math operations on alpha, makes maps.google.com work!
+	epatch ${DISTDIR}/mozilla-jslibmath-alpha.patch
+
+	# fix pkgconfig files properly to contain gentoo-locations
+	epatch ${FILESDIR}/firefox-gentoo-pkgconfig.patch
+
+	####################################
+	#
+	# general compilation and run-time fixes
+	#
+	####################################
+
+	# patch from fedora to remove the pangoxft things
+	epatch ${FILESDIR}/${PV}/firefox-nopangoxft.patch
+	# cairo-canvas patch, only needed to build against system cairo
+	# epatch ${FILESDIR}/${PV}/firefox-cairo-canvas.patch
+
+	# patch from fedora to stop crashing with gnome-vfs
+	epatch ${FILESDIR}/firefox-1.1-uriloader.patch
+
+	####################################
+	#
+	# behavioral fixes
+	#
+	####################################
+
+	# patch to fix typeahead find for browsers which embed Firefox
+	# http://bugzilla.gnome.org/show_bug.cgi?id=157435
+	epatch ${DISTDIR}/embed-typeaheadfind-1.patch
+	epatch ${FILESDIR}/${PV}/${P}-gtk.patch
+
+	# rpath fix
+	epatch ${FILESDIR}/mozilla-rpath-1.patch
+	epatch ${DISTDIR}/mozilla-1.7.10-nsplugins-v2.patch
+
+	# Fix scripts that call for /usr/local/bin/perl #51916
+	ebegin "Patching smime to call perl from /usr/bin"
+	sed -i -e '1s,usr/local/bin,usr/bin,' ${S}/security/nss/cmd/smimetools/smime
+	eend $? || die "sed failed"
+
+	#security fix in history
+	cd ${S}
+	epatch ${FILESDIR}/${PV}/${P}-history.patch
+}
+
+src_compile() {
+	declare MOZILLA_FIVE_HOME=/usr/$(get_libdir)/${PN}
+
+	####################################
+	#
+	# mozconfig, CFLAGS and CXXFLAGS setup
+	#
+	####################################
+
+	mozconfig_init
+	mozconfig_config
+
+	mozconfig_annotate '' --enable-extensions=default,typeaheadfind
+	mozconfig_annotate '' --disable-mailnews
+	#mozconfig_annotate '' --enable-native-uconv
+	mozconfig_annotate '' --enable-image-encoder=all
+
+	# Bug 60668: Galeon doesn't build without oji enabled, so enable it
+	# regardless of java setting.
+	mozconfig_annotate '' --enable-oji --enable-mathml
+
+	# Other ff-specific settings
+	mozconfig_use_enable  canvas
+	mozconfig_use_enable mozdevelop jsd
+	mozconfig_use_enable mozdevelop xpctools
+	mozconfig_use_extension mozdevelop venkman
+	mozconfig_annotate '' --with-default-mozilla-five-home=${MOZILLA_FIVE_HOME}
+
+	# Finalize and report settings
+	mozconfig_final
+
+	# hardened GCC uses -fstack-protector-all by default, which breaks us
+	has_hardened && append-flags -fno-stack-protector-all
+	# remove -fstack-protector because now it borks firefox
+	CFLAGS=${CFLAGS/-fstack-protector-all/}
+	CFLAGS=${CFLAGS/-fstack-protector/}
+	CXXFLAGS=${CXXFLAGS/-fstack-protector-all/}
+	CXXFLAGS=${CXXFLAGS/-fstack-protector/}
+
+	####################################
+	#
+	#  Configure and build
+	#
+	####################################
+
+	CPPFLAGS="${CPPFLAGS} -DARON_WAS_HERE" \
+	CC="$(tc-getCC)" CXX="$(tc-getCXX)" LD="$(tc-getLD)" \
+	econf || die
+
+	# It would be great if we could pass these in via CPPFLAGS or CFLAGS prior
+	# to econf, but the quotes cause configure to fail.
+	sed -i -e \
+		's|-DARON_WAS_HERE|-DGENTOO_NSPLUGINS_DIR=\\\"/usr/'"$(get_libdir)"'/nsplugins\\\" -DGENTOO_NSBROWSER_PLUGINS_DIR=\\\"/usr/'"$(get_libdir)"'/nsbrowser/plugins\\\"|' \
+		${S}/config/autoconf.mk \
+		${S}/nsprpub/config/autoconf.mk \
+		${S}/xpfe/global/buildconfig.html
+
+	# Fixup the RPATH
+	sed -i -e \
+		's|#RPATH_FIXER|'"${MOZILLA_FIVE_HOME}"'|' \
+		${S}/config/rules.mk \
+		${S}/nsprpub/config/rules.mk \
+		${S}/security/coreconf/rules.mk
+
+	# This removes extraneous CFLAGS from the Makefiles to reduce RAM
+	# requirements while compiling
+	edit_makefiles
+
+	emake || die
+}
+
+src_install() {
+	declare MOZILLA_FIVE_HOME=/usr/$(get_libdir)/${PN}
+
+	# Most of the installation happens here
+	dodir ${MOZILLA_FIVE_HOME}
+	cp -RL ${S}/dist/bin/* ${D}${MOZILLA_FIVE_HOME}
+
+	# Create directory structure to support portage-installed extensions.
+	# See update_chrome() in mozilla-launcher
+	keepdir ${MOZILLA_FIVE_HOME}/chrome.d
+	keepdir ${MOZILLA_FIVE_HOME}/extensions.d
+	cp ${D}${MOZILLA_FIVE_HOME}/chrome/installed-chrome.txt \
+		${D}${MOZILLA_FIVE_HOME}/chrome.d/0_base-chrome.txt
+
+	# Create /usr/bin/firefox
+	install_mozilla_launcher_stub firefox ${MOZILLA_FIVE_HOME}
+
+	# Install icon and .desktop for menu entry
+	doicon ${FILESDIR}/icon/firefox-icon.png
+	domenu ${FILESDIR}/icon/mozillafirefox.desktop
+
+	# Fix icons to look the same everywhere
+	insinto ${MOZILLA_FIVE_HOME}/icons
+	doins ${S}/dist/branding/mozicon16.xpm
+	doins ${S}/dist/branding/mozicon50.xpm
+
+	####################################
+	#
+	# Install files necessary for applications to build against firefox
+	#
+	####################################
+
+	ewarn "Installing includes and idl files..."
+	dodir ${MOZILLA_FIVE_HOME}/idl ${MOZILLA_FIVE_HOME}/include
+	cd ${S}/dist
+	cp -LfR include/* ${D}${MOZILLA_FIVE_HOME}/include || die "failed to copy"
+	cp -LfR idl/* ${D}${MOZILLA_FIVE_HOME}/idl || die "failed to copy"
+
+	# Dirty hack to get some applications using this header running
+	dosym ${MOZILLA_FIVE_HOME}/include/necko/nsIURI.h \
+		/usr/$(get_libdir)/${MOZILLA_FIVE_HOME##*/}/include/nsIURI.h
+
+
+	# Fix pkgconfig files and install them
+	insinto /usr/$(get_libdir)/pkgconfig
+	for x in ${S}/build/unix/*.pc; do
+		doins ${x}
+	done
+
+	####################################
+	# 
+	# Some preferences, probably gentoo.org as start-page also
+	#
+	####################################
+
+	dodir ${MOZILLA_FIVE_HOME}/greprefs
+	cp ${FILESDIR}/gentoo-default-prefs.js ${D}/${MOZILLA_FIVE_HOME}/greprefs/all-gentoo.js
+	dodir ${MOZILLA_FIVE_HOME}/defaults/pref
+	cp ${FILESDIR}/gentoo-default-prefs.js ${D}/${MOZILLA_FIVE_HOME}/defaults/pref/all-gentoo.js
+
+	# Install docs
+	dodoc LEGAL
+}
+
+pkg_postinst() {
+	declare MOZILLA_FIVE_HOME=/usr/$(get_libdir)/${PN}
+
+	# This should be called in the postinst and postrm of all the
+	# mozilla, mozilla-bin, firefox, firefox-bin, thunderbird and
+	# thunderbird-bin ebuilds.
+	update_mozilla_launcher_symlinks
+
+	# Update mimedb for the new .desktop file
+	fdo-mime_desktop_database_update
+
+	echo  ""
+	ewarn "Please remember to rebuild any packages that you have built"
+	ewarn "against firefox. Some packages might be busted please search"
+	ewarn "http://bugs.gentoo.org if no bug is open, then please open a new"
+	ewarn "bug report so these can be fixed."
+	ewarn "Thank you! anarchy@gentoo.org."
+	echo     ""
+	einfo "I am unable to brand firefox or thunderbird officially yet."
+	einfo "You will see that everything says Deer Park cause of this."
+	einfo "As soon as I can brand it I will commit a -r1 release."
+}
+
+pkg_postrm() {
+	declare MOZILLA_FIVE_HOME=/usr/$(get_libdir)/${PN}
+
+	update_mozilla_launcher_symlinks
+}