head	1.3;
access;
symbols
	RELEASE_8_0_0:1.2
	RELEASE_7_2_0:1.2;
locks; strict;
comment	@# @;


1.3
date	2010.02.07.21.48.43;	author beat;	state dead;
branches;
next	1.2;

1.2
date	2009.02.15.18.20.47;	author marcus;	state Exp;
branches;
next	1.1;

1.1
date	2009.02.15.18.20.11;	author marcus;	state Exp;
branches;
next	;


desc
@@


1.3
log
@- Update to 3.6

What's new in Firefox 3.6:

  * Support for the HTML5 File API
  * A change to how third-party software integrates with Firefox to
    increase stability.
  * The ability to run scripts asynchronously to speed up page load times.
  * A mechanism to prevent incompatible software from crashing Firefox.
  * Users can now change their browser's appearance with a single click,
    with built in support for Personas.
  * Firefox 3.6 will alert users about out of date plugins to keep them
    safe.
  * Open, native video can now be displayed full screen, and supports
    poster frames.
  * Support for the WOFF font format.
  * Improved JavaScript performance, overall browser responsiveness and
    startup time.
  * Support for new CSS, DOM and HTML5 web technologies.

Thanks to:	Andreas Tobler, Florian Smeets, nox@@, miwi@@ and all testers
@
text
@--- .pc/460425_att352061-backport2.patch/content/base/src/nsSyncLoadService.cpp	2006-06-10 00:48:43.000000000 +0200
+++ content/base/src/nsSyncLoadService.cpp	2009-01-30 12:39:37.000000000 +0100
@@@@ -424,19 +424,28 @@@@ nsSyncLoader::OnChannelRedirect(nsIChann
     nsresult rv = aOldChannel->GetURI(getter_AddRefs(oldURI)); // The original URI
     NS_ENSURE_SUCCESS(rv, rv);
 
     nsCOMPtr<nsIURI> newURI;
     rv = aNewChannel->GetURI(getter_AddRefs(newURI)); // The new URI
     NS_ENSURE_SUCCESS(rv, rv);
 
     rv = nsContentUtils::GetSecurityManager()->CheckSameOriginURI(oldURI, newURI);
+    NS_ENSURE_SUCCESS(rv, rv);
 
+    nsCOMPtr<nsIURI> newOrigURI;
+    rv = aNewChannel->GetOriginalURI(getter_AddRefs(newOrigURI));
     NS_ENSURE_SUCCESS(rv, rv);
 
+    if (newOrigURI != newURI) {
+        rv = nsContentUtils::GetSecurityManager()->
+            CheckSameOriginURI(oldURI, newOrigURI);
+        NS_ENSURE_SUCCESS(rv, rv);
+    }
+
     mChannel = aNewChannel;
 
     return NS_OK;
 }
 
 NS_IMETHODIMP
 nsSyncLoader::GetInterface(const nsIID & aIID,
                            void **aResult)
--- .pc/460425_att352061-backport2.patch/content/base/src/nsXMLHttpRequest.cpp	2009-01-28 17:30:42.000000000 +0100
+++ content/base/src/nsXMLHttpRequest.cpp	2009-01-30 12:39:37.000000000 +0100
@@@@ -2058,16 +2058,27 @@@@ nsXMLHttpRequest::OnChannelRedirect(nsIC
       return rv;
 
     nsCOMPtr<nsIScriptSecurityManager> secMan =
              do_GetService(NS_SCRIPTSECURITYMANAGER_CONTRACTID, &rv);
     if (NS_FAILED(rv))
       return rv;
 
     rv = secMan->CheckSameOriginURI(oldURI, newURI);
+
+    if (NS_SUCCEEDED(rv)) {
+      nsCOMPtr<nsIURI> newOrigURI;
+      rv = aNewChannel->GetOriginalURI(getter_AddRefs(newOrigURI));
+      NS_ENSURE_SUCCESS(rv, rv);
+
+      if (newOrigURI != newURI) {
+        rv = secMan->CheckSameOriginURI(oldURI, newOrigURI);
+      }
+    }
+
     if (NS_FAILED(rv)) {
       mDenyResponseDataAccess = PR_TRUE;
       return rv;
     }
   }
 
   if (mChannelEventSink) {
     nsresult rv =
--- .pc/460425_att352061-backport2.patch/content/xml/document/src/nsXMLDocument.cpp	2008-08-15 23:57:22.000000000 +0200
+++ content/xml/document/src/nsXMLDocument.cpp	2009-01-30 12:39:37.000000000 +0100
@@@@ -297,18 +297,34 @@@@ nsXMLDocument::OnChannelRedirect(nsIChan
   nsCOMPtr<nsIURI> oldURI;
   nsresult rv = aOldChannel->GetURI(getter_AddRefs(oldURI));
   NS_ENSURE_SUCCESS(rv, rv);
 
   nsCOMPtr<nsIURI> newURI;
   rv = aNewChannel->GetURI(getter_AddRefs(newURI));
   NS_ENSURE_SUCCESS(rv, rv);
 
-  return nsContentUtils::GetSecurityManager()->
+  rv = nsContentUtils::GetSecurityManager()->
     CheckSameOriginURI(oldURI, newURI);
+  NS_ENSURE_SUCCESS(rv, rv);
+
+  nsCOMPtr<nsIURI> newOrigURI;
+  rv = aNewChannel->GetOriginalURI(getter_AddRefs(newOrigURI));
+  NS_ENSURE_SUCCESS(rv, rv);
+
+  if (newOrigURI != newURI) {
+    rv = nsContentUtils::GetSecurityManager()->
+    CheckSameOriginURI(oldURI, newOrigURI);
+  }
+
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  return NS_OK;
 }
 
 NS_IMETHODIMP
 nsXMLDocument::EvaluateFIXptr(const nsAString& aExpression, nsIDOMRange **aRange)
 {
   nsresult rv;
   nsCOMPtr<nsIFIXptrEvaluator> e =
     do_CreateInstance("@@mozilla.org/xmlextras/fixptrevaluator;1", &rv);
--- .pc/460425_att352061-backport2.patch/extensions/transformiix/source/xslt/txMozillaStylesheetCompiler.cpp	2006-07-07 03:06:03.000000000 +0200
+++ extensions/transformiix/source/xslt/txMozillaStylesheetCompiler.cpp	2009-01-30 12:39:37.000000000 +0100
@@@@ -383,17 +383,29 @@@@ txStylesheetSink::OnChannelRedirect(nsIC
     nsCOMPtr<nsIURI> oldURI;
     rv = aOldChannel->GetURI(getter_AddRefs(oldURI)); // The original URI
     NS_ENSURE_SUCCESS(rv, rv);
 
     nsCOMPtr<nsIURI> newURI;
     rv = aNewChannel->GetURI(getter_AddRefs(newURI)); // The new URI
     NS_ENSURE_SUCCESS(rv, rv);
 
-    return secMan->CheckSameOriginURI(oldURI, newURI);
+    rv = secMan->CheckSameOriginURI(oldURI, newURI);
+    NS_ENSURE_SUCCESS(rv, rv);
+
+    nsCOMPtr<nsIURI> newOrigURI;
+    rv = aNewChannel->GetOriginalURI(getter_AddRefs(newOrigURI));
+    NS_ENSURE_SUCCESS(rv, rv);
+
+    if (newOrigURI != newURI) {
+        rv = secMan->CheckSameOriginURI(oldURI, newOrigURI);
+        NS_ENSURE_SUCCESS(rv, rv);
+    }
+
+    return NS_OK;
 }
 
 NS_IMETHODIMP
 txStylesheetSink::GetInterface(const nsIID& aIID, void** aResult)
 {
     if (aIID.Equals(NS_GET_IID(nsIAuthPrompt))) {
         NS_ENSURE_ARG(aResult);
         *aResult = nsnull;
--- .pc/460425_att352061-backport2.patch/extensions/xforms/nsXFormsInstanceElement.cpp	2008-07-27 02:35:16.000000000 +0200
+++ extensions/xforms/nsXFormsInstanceElement.cpp	2009-01-30 12:39:37.000000000 +0100
@@@@ -203,21 +203,25 @@@@ nsXFormsInstanceElement::GetInterface(co
 NS_IMETHODIMP
 nsXFormsInstanceElement::OnChannelRedirect(nsIChannel *OldChannel,
                                            nsIChannel *aNewChannel,
                                            PRUint32    aFlags)
 {
   NS_PRECONDITION(aNewChannel, "Redirect without a channel?");
   NS_PRECONDITION(!mLazy, "Loading an instance document for a lazy instance?");
 
-  nsCOMPtr<nsIURI> newURI;
+  nsCOMPtr<nsIURI> newURI, newOrigURI;
   nsresult rv = aNewChannel->GetURI(getter_AddRefs(newURI));
   NS_ENSURE_SUCCESS(rv, rv);
+  rv = aNewChannel->GetOriginalURI(getter_AddRefs(newOrigURI));
+  NS_ENSURE_SUCCESS(rv, rv);
 
-  if (!nsXFormsUtils::CheckConnectionAllowed(mElement, newURI)) {
+  if (!nsXFormsUtils::CheckConnectionAllowed(mElement, newURI) ||
+      (newOrigURI != newURI &&
+       !nsXFormsUtils::CheckConnectionAllowed(mElement, newOrigURI))) {
     const PRUnichar *strings[] = { NS_LITERAL_STRING("instance").get() };
     nsXFormsUtils::ReportError(NS_LITERAL_STRING("externalLinkLoadOrigin"),
                                strings, 1, mElement, mElement);
     return NS_ERROR_ABORT;
   }
 
   return NS_OK;
 }
--- .pc/460425_att352061-backport2.patch/extensions/xforms/nsXFormsMessageElement.cpp	2008-03-04 23:47:45.000000000 +0100
+++ extensions/xforms/nsXFormsMessageElement.cpp	2009-01-30 12:39:37.000000000 +0100
@@@@ -1062,21 +1062,25 @@@@ nsXFormsMessageElement::GetInterface(con
 
 NS_IMETHODIMP
 nsXFormsMessageElement::OnChannelRedirect(nsIChannel *OldChannel,
                                           nsIChannel *aNewChannel,
                                           PRUint32    aFlags)
 {
   NS_PRECONDITION(aNewChannel, "Redirect without a channel?");
 
-  nsCOMPtr<nsIURI> newURI;
+  nsCOMPtr<nsIURI> newURI, newOrigURI;
   nsresult rv = aNewChannel->GetURI(getter_AddRefs(newURI));
   NS_ENSURE_SUCCESS(rv, rv);
-  
-  if (!nsXFormsUtils::CheckConnectionAllowed(mElement, newURI)) {
+  rv = aNewChannel->GetOriginalURI(getter_AddRefs(newOrigURI));
+  NS_ENSURE_SUCCESS(rv, rv);
+
+  if (!nsXFormsUtils::CheckConnectionAllowed(mElement, newURI) ||
+      (newOrigURI != newURI &&
+       !nsXFormsUtils::CheckConnectionAllowed(mElement, newOrigURI))) {
     nsAutoString tagName;
     mElement->GetLocalName(tagName);
     const PRUnichar *strings[] = { tagName.get() };
     nsXFormsUtils::ReportError(NS_LITERAL_STRING("externalLinkLoadOrigin"),
                                strings, 1, mElement, mElement);
     mStopType = eStopType_Security;
     return NS_ERROR_ABORT;
   }
--- .pc/460425_att352061-backport2.patch/extensions/xforms/nsXFormsSubmissionElement.cpp	2008-08-07 23:03:52.000000000 +0200
+++ extensions/xforms/nsXFormsSubmissionElement.cpp	2009-01-30 12:39:37.000000000 +0100
@@@@ -400,27 +400,30 @@@@ nsXFormsSubmissionElement::OnChannelRedi
                                              nsIChannel *aNewChannel,
                                              PRUint32    aFlags)
 {
   if (!mElement) {
     return NS_OK;
   }
 
   NS_PRECONDITION(aNewChannel, "Redirect without a channel?");
-  nsCOMPtr<nsIURI> newURI;
+  nsCOMPtr<nsIURI> newURI, newOrigURI;
   nsresult rv = aNewChannel->GetURI(getter_AddRefs(newURI));
   NS_ENSURE_SUCCESS(rv, rv);
+  rv = aNewChannel->GetOriginalURI(getter_AddRefs(newOrigURI));
+  NS_ENSURE_SUCCESS(rv, rv);
 
   NS_ENSURE_STATE(mElement);
   nsCOMPtr<nsIDOMDocument> domDoc;
   mElement->GetOwnerDocument(getter_AddRefs(domDoc));
   nsCOMPtr<nsIDocument> doc(do_QueryInterface(domDoc));
   NS_ENSURE_STATE(doc);
 
-  if (!CheckSameOrigin(doc, newURI)) {
+  if (!CheckSameOrigin(doc, newURI) ||
+      (newOrigURI != newURI && !CheckSameOrigin(doc, newOrigURI))) {
     nsXFormsUtils::ReportError(NS_LITERAL_STRING("submitSendOrigin"),
                                mElement);
     return NS_ERROR_ABORT;
   }
 
   return NS_OK;
 }
 
--- .pc/460425_att352061-backport2.patch/netwerk/protocol/file/src/nsFileChannel.cpp	2008-10-29 06:22:55.000000000 +0100
+++ netwerk/protocol/file/src/nsFileChannel.cpp	2009-01-30 12:44:19.000000000 +0100
@@@@ -94,17 +94,16 @@@@ CopyProperties(const nsAString &key, nsI
 void
 nsFileChannel::HandleRedirect(nsIChannel* newChannel)
 {
     if (NS_SUCCEEDED(mStatus)) {
         nsIURI* originalURI = mOriginalURI;
         if (!originalURI)
             originalURI = mURL;
     
-        newChannel->SetOriginalURI(originalURI);
         newChannel->SetLoadGroup(mLoadGroup);
         newChannel->SetNotificationCallbacks(mCallbacks);
         newChannel->SetLoadFlags(mLoadFlags | LOAD_REPLACE);
 
         nsCOMPtr<nsIWritablePropertyBag> bag = do_QueryInterface(newChannel);
         if (bag)
             mPropertyHash.EnumerateRead(CopyProperties, bag.get());
 
@@@@ -119,17 +118,21 @@@@ nsFileChannel::HandleRedirect(nsIChannel
             nsCOMPtr<nsIChannelEventSink> channelEventSink;
             // Give our consumer a chance to observe/block this redirect.
             NS_QueryNotificationCallbacks(mCallbacks, mLoadGroup,
                                           channelEventSink);
             if (channelEventSink) {
                 rv = channelEventSink->OnChannelRedirect(this, newChannel,
                                                          redirectFlags);
                 if (NS_SUCCEEDED(rv)) {
-                    rv = newChannel->AsyncOpen(mListener, mListenerContext);
+                   // Make sure to do this _after_ making all the  OnChannelRedirect calls
+                   nsCOMPtr<nsIURI> origURI;
+                   GetOriginalURI(getter_AddRefs(origURI));
+                   newChannel->SetOriginalURI(origURI);
+                   rv = newChannel->AsyncOpen(mListener, mListenerContext);
                 }
             }
         }
 
         if (NS_FAILED(rv))
             Cancel(rv);
     }
 
--- .pc/460425_att352061-backport2.patch/netwerk/protocol/http/src/nsHttpChannel.cpp	2006-07-21 00:59:31.000000000 +0200
+++ netwerk/protocol/http/src/nsHttpChannel.cpp	2009-01-30 12:39:37.000000000 +0100
@@@@ -997,16 +997,19 @@@@ nsHttpChannel::ReplaceWithProxy(nsIProxy
         return rv;
 
     // Inform consumers about this fake redirect
     PRUint32 flags = nsIChannelEventSink::REDIRECT_INTERNAL;
     rv = gHttpHandler->OnChannelRedirect(this, newChannel, flags);
     if (NS_FAILED(rv))
         return rv;
 
+    // Make sure to do this _after_ calling OnChannelRedirect
+    newChannel->SetOriginalURI(mOriginalURI);
+
     // open new channel
     rv = newChannel->AsyncOpen(mListener, mListenerContext);
     if (NS_FAILED(rv))
         return rv;
 
     mStatus = NS_BINDING_REDIRECTED;
     mListener = nsnull;
     mListenerContext = nsnull;
@@@@ -1906,17 +1909,16 @@@@ nsHttpChannel::SetupReplacementChannel(n
     // SSL, then no need to inhibit persistent caching.  however, if the
     // original channel was not using SSL and has INHIBIT_PERSISTENT_CACHING
     // set, then allow the flag to apply to the redirected channel as well.
     // since we force set INHIBIT_PERSISTENT_CACHING on all HTTPS channels,
     // we only need to check if the original channel was using SSL.
     if (mConnectionInfo->UsingSSL())
         newLoadFlags &= ~INHIBIT_PERSISTENT_CACHING;
 
-    newChannel->SetOriginalURI(mOriginalURI);
     newChannel->SetLoadGroup(mLoadGroup); 
     newChannel->SetNotificationCallbacks(mCallbacks);
     newChannel->SetLoadFlags(newLoadFlags);
 
     nsCOMPtr<nsIHttpChannel> httpChannel = do_QueryInterface(newChannel);
     if (!httpChannel)
         return NS_OK; // no other options to set
 
@@@@ -2087,16 +2089,19 @@@@ nsHttpChannel::ProcessRedirection(PRUint
     if (redirectType == 301) // Moved Permanently
         redirectFlags = nsIChannelEventSink::REDIRECT_PERMANENT;
     else
         redirectFlags = nsIChannelEventSink::REDIRECT_TEMPORARY;
     rv = gHttpHandler->OnChannelRedirect(this, newChannel, redirectFlags);
     if (NS_FAILED(rv))
         return rv;
 
+    // Make sure to do this _after_ calling OnChannelRedirect
+    newChannel->SetOriginalURI(mOriginalURI);
+
     // And now, the deprecated way
     nsCOMPtr<nsIHttpEventSink> httpEventSink;
     GetCallback(httpEventSink);
     if (httpEventSink) {
         // NOTE: nsIHttpEventSink is only used for compatibility with pre-1.8
         // versions.
         rv = httpEventSink->OnRedirect(this, newChannel);
         if (NS_FAILED(rv)) return rv;
--- .pc/460425_att352061-backport2.patch/uriloader/base/nsDocLoader.cpp	2006-02-06 20:52:11.000000000 +0100
+++ uriloader/base/nsDocLoader.cpp	2009-01-30 12:39:37.000000000 +0100
@@@@ -1397,25 +1397,16 @@@@ PRInt64 nsDocLoader::CalculateMaxProgres
 }
 
 NS_IMETHODIMP nsDocLoader::OnChannelRedirect(nsIChannel *aOldChannel,
                                              nsIChannel *aNewChannel,
                                              PRUint32    aFlags)
 {
   if (aOldChannel)
   {
-    nsresult rv;
-    nsCOMPtr<nsIURI> oldURI, newURI;
-
-    rv = aOldChannel->GetOriginalURI(getter_AddRefs(oldURI));
-    if (NS_FAILED(rv)) return rv;
-
-    rv = aNewChannel->GetURI(getter_AddRefs(newURI));
-    if (NS_FAILED(rv)) return rv;
-
     nsLoadFlags loadFlags = 0;
     PRInt32 stateFlags = nsIWebProgressListener::STATE_REDIRECTING |
                          nsIWebProgressListener::STATE_IS_REQUEST;
 
     aOldChannel->GetLoadFlags(&loadFlags);
     // If the document channel is being redirected, then indicate that the
     // document is being redirected in the notification...
     if (loadFlags & nsIChannel::LOAD_DOCUMENT_URI)
--- .pc/460425_att352061-backport2.patch/xpcom/io/nsLocalFileUnix.cpp	2008-10-29 06:06:16.000000000 +0100
+++ xpcom/io/nsLocalFileUnix.cpp	2009-01-30 12:58:52.000000000 +0100
@@@@ -1295,21 +1295,16 @@@@ nsLocalFile::IsReadable(PRBool *_retval)
 
 NS_IMETHODIMP
 nsLocalFile::IsExecutable(PRBool *_retval)
 {
     CHECK_mPath();
     NS_ENSURE_ARG_POINTER(_retval);
     struct stat buf;
 
-    if (IsDesktopFile()) {
-        *_retval = PR_TRUE;
-        return NS_OK;
-    }
-    
     *_retval = (stat(mPath.get(), &buf) == 0);
     if (*_retval || errno == EACCES) {
         *_retval = *_retval && (buf.st_mode & (S_IXUSR | S_IXGRP | S_IXOTH ));
         return NS_OK;
     }
     return NSRESULT_FOR_ERRNO();
 }
 #else
@@@@ -1350,21 +1345,16 @@@@ nsLocalFile::IsReadable(PRBool *_retval)
 }
 
 NS_IMETHODIMP
 nsLocalFile::IsExecutable(PRBool *_retval)
 {
     CHECK_mPath();
     NS_ENSURE_ARG_POINTER(_retval);
 
-    if (IsDesktopFile()) {
-        *_retval = PR_TRUE;
-        return NS_OK;
-    }
-    
     *_retval = (access(mPath.get(), X_OK) == 0);
     if (*_retval || errno == EACCES)
         return NS_OK;
     return NSRESULT_FOR_ERRNO();
 }
 #endif
 NS_IMETHODIMP
 nsLocalFile::IsDirectory(PRBool *_retval)
@@@@ -1780,18 +1770,8 @@@@ void
 nsLocalFile::GlobalInit()
 {
 }
 
 void
 nsLocalFile::GlobalShutdown()
 {
 }
-
-PRBool
-nsLocalFile::IsDesktopFile()
-{
-    // Just needs to be good enough to match nsFileProtocolHandler::ReadURLFile
-    nsCAutoString leafName;
-    nsresult rv = GetNativeLeafName(leafName);
-    return NS_FAILED(rv) ||
-        StringEndsWith(leafName, NS_LITERAL_CSTRING(".desktop"));
-}
--- .pc/460425_att352061-backport2.patch/xpcom/io/nsLocalFileUnix.h	2009-01-30 12:58:27.000000000 +0100
+++ xpcom/io/nsLocalFileUnix.h	2009-01-30 12:58:57.000000000 +0100
@@@@ -122,13 +122,11 @@@@ protected:
 
     void InvalidateCache() {
         mHaveCachedStat = PR_FALSE;
     }
     nsresult FillStatCache();
 
     nsresult CreateAndKeepOpen(PRUint32 type, PRIntn flags,
                                PRUint32 permissions, PRFileDesc **_retval);
-
-    PRBool IsDesktopFile();
 };
 
 #endif /* _nsLocalFileUNIX_H_ */
@


1.2
log
@Forced commit to note these patches were obtained from Mozilla Bugzilla.
@
text
@@


1.1
log
@Backport patches for the following security bugs:

CVE-2009-0355
CVE-2009-0356
CVE-2009-0357

This allows Firefox 2 to be unforbidden for the time being.
@
text
@@

