diff options
author | Martin Stransky <stransky@redhat.com> | 2017-03-22 10:12:21 +0100 |
---|---|---|
committer | Martin Stransky <stransky@redhat.com> | 2017-03-22 10:12:21 +0100 |
commit | 73321592e7455cf23e31284292b638ebc5c1481e (patch) | |
tree | 3232c496d20287232d5bd4ff754dfea7a68e8c64 /mozilla-1348168.patch | |
parent | Updated nss patch ordering (diff) | |
download | librewolf-fedora-ff-73321592e7455cf23e31284292b638ebc5c1481e.tar.gz librewolf-fedora-ff-73321592e7455cf23e31284292b638ebc5c1481e.tar.bz2 librewolf-fedora-ff-73321592e7455cf23e31284292b638ebc5c1481e.zip |
Added fix for CVE-2017-5428, Added fix for mozbz#1158076
Diffstat (limited to 'mozilla-1348168.patch')
-rw-r--r-- | mozilla-1348168.patch | 88 |
1 files changed, 88 insertions, 0 deletions
diff --git a/mozilla-1348168.patch b/mozilla-1348168.patch new file mode 100644 index 0000000..e0627d2 --- /dev/null +++ b/mozilla-1348168.patch @@ -0,0 +1,88 @@ + +# HG changeset patch +# User Ehsan Akhgari <ehsan@mozilla.com> +# Date 1489719163 14400 +# Node ID 4af7cd795eeef3bce2dd40d5a6e92d21304eaea1 +# Parent dac467924a46c4bbff97c948bf4a7143dada2b19 +Bug 1348168 - Disable Mozilla custom ImageBitmap extensions that didn't go through proper API review; r=bzbarsky a=dveditz + +diff --git a/dom/base/nsGlobalWindow.cpp b/dom/base/nsGlobalWindow.cpp +--- a/dom/base/nsGlobalWindow.cpp ++++ b/dom/base/nsGlobalWindow.cpp +@@ -14993,16 +14993,20 @@ nsGlobalWindow::CreateImageBitmap(const + + already_AddRefed<mozilla::dom::Promise> + nsGlobalWindow::CreateImageBitmap(const ImageBitmapSource& aImage, + int32_t aOffset, int32_t aLength, + ImageBitmapFormat aFormat, + const Sequence<ChannelPixelLayout>& aLayout, + ErrorResult& aRv) + { ++ if (!ImageBitmap::ExtensionsEnabled(nullptr, nullptr)) { ++ aRv.Throw(NS_ERROR_TYPE_ERR); ++ return nullptr; ++ } + if (aImage.IsArrayBuffer() || aImage.IsArrayBufferView()) { + return ImageBitmap::Create(this, aImage, aOffset, aLength, aFormat, aLayout, + aRv); + } else { + aRv.Throw(NS_ERROR_TYPE_ERR); + return nullptr; + } + } +diff --git a/dom/workers/WorkerScope.cpp b/dom/workers/WorkerScope.cpp +--- a/dom/workers/WorkerScope.cpp ++++ b/dom/workers/WorkerScope.cpp +@@ -471,16 +471,24 @@ WorkerGlobalScope::CreateImageBitmap(con + + already_AddRefed<mozilla::dom::Promise> + WorkerGlobalScope::CreateImageBitmap(const ImageBitmapSource& aImage, + int32_t aOffset, int32_t aLength, + ImageBitmapFormat aFormat, + const Sequence<ChannelPixelLayout>& aLayout, + ErrorResult& aRv) + { ++ JSContext* cx = GetCurrentThreadJSContext(); ++ MOZ_ASSERT(cx); ++ ++ if (!ImageBitmap::ExtensionsEnabled(cx, nullptr)) { ++ aRv.Throw(NS_ERROR_TYPE_ERR); ++ return nullptr; ++ } ++ + if (aImage.IsArrayBuffer() || aImage.IsArrayBufferView()) { + return ImageBitmap::Create(this, aImage, aOffset, aLength, aFormat, aLayout, + aRv); + } else { + aRv.Throw(NS_ERROR_TYPE_ERR); + return nullptr; + } + } +diff --git a/modules/libpref/init/all.js b/modules/libpref/init/all.js +--- a/modules/libpref/init/all.js ++++ b/modules/libpref/init/all.js +@@ -831,22 +831,18 @@ pref("ui.scrollToClick", 0); + pref("canvas.focusring.enabled", true); + pref("canvas.customfocusring.enabled", false); + pref("canvas.hitregions.enabled", false); + pref("canvas.filters.enabled", true); + // Add support for canvas path objects + pref("canvas.path.enabled", true); + pref("canvas.capturestream.enabled", true); + +-// Disable the ImageBitmap-extensions in the release build. +-#ifdef RELEASE_OR_BETA ++// Disable the ImageBitmap-extensions for now. + pref("canvas.imagebitmap_extensions.enabled", false); +-#else +-pref("canvas.imagebitmap_extensions.enabled", true); +-#endif + + // We want the ability to forcibly disable platform a11y, because + // some non-a11y-related components attempt to bring it up. See bug + // 538530 for details about Windows; we have a pref here that allows it + // to be disabled for performance and testing resons. + // See bug 761589 for the crossplatform aspect. + // + // This pref is checked only once, and the browser needs a restart to + |