summaryrefslogtreecommitdiff
path: root/mozilla-1348168.patch
diff options
context:
space:
mode:
authorMartin Stransky <stransky@redhat.com>2017-03-22 10:12:21 +0100
committerMartin Stransky <stransky@redhat.com>2017-03-22 10:12:21 +0100
commit73321592e7455cf23e31284292b638ebc5c1481e (patch)
tree3232c496d20287232d5bd4ff754dfea7a68e8c64 /mozilla-1348168.patch
parentUpdated nss patch ordering (diff)
downloadlibrewolf-fedora-ff-73321592e7455cf23e31284292b638ebc5c1481e.tar.gz
librewolf-fedora-ff-73321592e7455cf23e31284292b638ebc5c1481e.tar.bz2
librewolf-fedora-ff-73321592e7455cf23e31284292b638ebc5c1481e.zip
Added fix for CVE-2017-5428, Added fix for mozbz#1158076
Diffstat (limited to 'mozilla-1348168.patch')
-rw-r--r--mozilla-1348168.patch88
1 files changed, 88 insertions, 0 deletions
diff --git a/mozilla-1348168.patch b/mozilla-1348168.patch
new file mode 100644
index 0000000..e0627d2
--- /dev/null
+++ b/mozilla-1348168.patch
@@ -0,0 +1,88 @@
+
+# HG changeset patch
+# User Ehsan Akhgari <ehsan@mozilla.com>
+# Date 1489719163 14400
+# Node ID 4af7cd795eeef3bce2dd40d5a6e92d21304eaea1
+# Parent dac467924a46c4bbff97c948bf4a7143dada2b19
+Bug 1348168 - Disable Mozilla custom ImageBitmap extensions that didn't go through proper API review; r=bzbarsky a=dveditz
+
+diff --git a/dom/base/nsGlobalWindow.cpp b/dom/base/nsGlobalWindow.cpp
+--- a/dom/base/nsGlobalWindow.cpp
++++ b/dom/base/nsGlobalWindow.cpp
+@@ -14993,16 +14993,20 @@ nsGlobalWindow::CreateImageBitmap(const
+
+ already_AddRefed<mozilla::dom::Promise>
+ nsGlobalWindow::CreateImageBitmap(const ImageBitmapSource& aImage,
+ int32_t aOffset, int32_t aLength,
+ ImageBitmapFormat aFormat,
+ const Sequence<ChannelPixelLayout>& aLayout,
+ ErrorResult& aRv)
+ {
++ if (!ImageBitmap::ExtensionsEnabled(nullptr, nullptr)) {
++ aRv.Throw(NS_ERROR_TYPE_ERR);
++ return nullptr;
++ }
+ if (aImage.IsArrayBuffer() || aImage.IsArrayBufferView()) {
+ return ImageBitmap::Create(this, aImage, aOffset, aLength, aFormat, aLayout,
+ aRv);
+ } else {
+ aRv.Throw(NS_ERROR_TYPE_ERR);
+ return nullptr;
+ }
+ }
+diff --git a/dom/workers/WorkerScope.cpp b/dom/workers/WorkerScope.cpp
+--- a/dom/workers/WorkerScope.cpp
++++ b/dom/workers/WorkerScope.cpp
+@@ -471,16 +471,24 @@ WorkerGlobalScope::CreateImageBitmap(con
+
+ already_AddRefed<mozilla::dom::Promise>
+ WorkerGlobalScope::CreateImageBitmap(const ImageBitmapSource& aImage,
+ int32_t aOffset, int32_t aLength,
+ ImageBitmapFormat aFormat,
+ const Sequence<ChannelPixelLayout>& aLayout,
+ ErrorResult& aRv)
+ {
++ JSContext* cx = GetCurrentThreadJSContext();
++ MOZ_ASSERT(cx);
++
++ if (!ImageBitmap::ExtensionsEnabled(cx, nullptr)) {
++ aRv.Throw(NS_ERROR_TYPE_ERR);
++ return nullptr;
++ }
++
+ if (aImage.IsArrayBuffer() || aImage.IsArrayBufferView()) {
+ return ImageBitmap::Create(this, aImage, aOffset, aLength, aFormat, aLayout,
+ aRv);
+ } else {
+ aRv.Throw(NS_ERROR_TYPE_ERR);
+ return nullptr;
+ }
+ }
+diff --git a/modules/libpref/init/all.js b/modules/libpref/init/all.js
+--- a/modules/libpref/init/all.js
++++ b/modules/libpref/init/all.js
+@@ -831,22 +831,18 @@ pref("ui.scrollToClick", 0);
+ pref("canvas.focusring.enabled", true);
+ pref("canvas.customfocusring.enabled", false);
+ pref("canvas.hitregions.enabled", false);
+ pref("canvas.filters.enabled", true);
+ // Add support for canvas path objects
+ pref("canvas.path.enabled", true);
+ pref("canvas.capturestream.enabled", true);
+
+-// Disable the ImageBitmap-extensions in the release build.
+-#ifdef RELEASE_OR_BETA
++// Disable the ImageBitmap-extensions for now.
+ pref("canvas.imagebitmap_extensions.enabled", false);
+-#else
+-pref("canvas.imagebitmap_extensions.enabled", true);
+-#endif
+
+ // We want the ability to forcibly disable platform a11y, because
+ // some non-a11y-related components attempt to bring it up. See bug
+ // 538530 for details about Windows; we have a pref here that allows it
+ // to be disabled for performance and testing resons.
+ // See bug 761589 for the crossplatform aspect.
+ //
+ // This pref is checked only once, and the browser needs a restart to
+
bgstack15