From fedora-cvs-commits at redhat.com Tue Oct 2 13:34:48 2007 From: fedora-cvs-commits at redhat.com (fedora-cvs-commits at redhat.com) Date: Tue, 2 Oct 2007 09:34:48 -0400 Subject: rpms/openssh/FC-6 openssh-4.3p2-cve-2007-3102.patch, NONE, 1.1 openssh-4.3p2-cve-2007-4752.patch, NONE, 1.1 openssh-4.3p2-nss-keys.patch, NONE, 1.1 openssh-4.3p2-selinux-rolechg.patch, 1.1, 1.2 openssh.spec, 1.101, 1.102 Message-ID: <200710021334.l92DYmji002339@cvs.devel.redhat.com> Author: tmraz Update of /cvs/dist/rpms/openssh/FC-6 In directory cvs.devel.redhat.com:/tmp/cvs-serv2292 Modified Files: openssh-4.3p2-selinux-rolechg.patch openssh.spec Added Files: openssh-4.3p2-cve-2007-3102.patch openssh-4.3p2-cve-2007-4752.patch openssh-4.3p2-nss-keys.patch Log Message: * Tue Oct 2 2007 Tomas Mraz - 4.3p2-25 - do not fall back on trusted X11 cookies (CVE-2007-4752) (#280471) * Fri Jul 13 2007 Tomas Mraz - 4.3p2-24 - fixed audit log injection problem (CVE-2007-3102) (#248059) * Thu Jun 21 2007 Tomas Mraz - 4.3p2-23 - document where the nss certificate and token dbs are looked for * Wed Jun 20 2007 Tomas Mraz - 4.3p2-22 - experimental support for PKCS#11 tokens through libnss3 (#183423) * Tue Apr 03 2007 Tomas Mraz - 4.3p2-21 - correctly setup context when empty level requested (#234951) - and always request default level as returned by getseuserbyname (#231695) openssh-4.3p2-cve-2007-3102.patch: loginrec.c | 42 +++++++++++++++++++++++++++++++++++++++--- 1 files changed, 39 insertions(+), 3 deletions(-) --- NEW FILE openssh-4.3p2-cve-2007-3102.patch --- --- openssh-4.3p2/loginrec.c.inject-fix 2007-06-20 21:18:00.000000000 +0200 +++ openssh-4.3p2/loginrec.c 2007-07-13 15:25:35.000000000 +0200 @@ -1389,11 +1389,44 @@ #endif /* USE_WTMPX */ #ifdef HAVE_LINUX_AUDIT +static void +_audit_hexscape(const char *what, char *where, unsigned int size) +{ + const char *ptr = what; + const char *hex = "0123456789ABCDEF"; + + while (*ptr) { + if (*ptr == '"' || *ptr < 0x21 || *ptr > 0x7E) { + unsigned int i; + ptr = what; + for (i = 0; *ptr && i+2 < size; i += 2) { + where[i] = hex[((unsigned)*ptr & 0xF0)>>4]; /* Upper nibble */ + where[i+1] = hex[(unsigned)*ptr & 0x0F]; /* Lower nibble */ + ptr++; + } + where[i] = '\0'; + return; + } + ptr++; + } + where[0] = '"'; + if ((unsigned)(ptr - what) < size - 3) + { + size = ptr - what + 3; + } + strncpy(where + 1, what, size - 3); + where[size-2] = '"'; + where[size-1] = '\0'; +} + +#define AUDIT_LOG_SIZE 128 +#define AUDIT_ACCT_SIZE (AUDIT_LOG_SIZE - 8) + int linux_audit_record_event(int uid, const char *username, const char *hostname, const char *ip, const char *ttyn, int success) { - char buf[64]; + char buf[AUDIT_LOG_SIZE]; int audit_fd, rc; audit_fd = audit_open(); @@ -1406,8 +1439,11 @@ } if (username == NULL) snprintf(buf, sizeof(buf), "uid=%d", uid); - else - snprintf(buf, sizeof(buf), "acct=%s", username); + else { + char encoded[AUDIT_ACCT_SIZE]; + _audit_hexscape(username, encoded, sizeof(encoded)); + snprintf(buf, sizeof(buf), "acct=%s", encoded); + } rc = audit_log_user_message(audit_fd, AUDIT_USER_LOGIN, buf, hostname, ip, ttyn, success); close(audit_fd); openssh-4.3p2-cve-2007-4752.patch: clientloop.c | 36 +++++++++++++++++++++++------------- 1 files changed, 23 insertions(+), 13 deletions(-) --- NEW FILE openssh-4.3p2-cve-2007-4752.patch --- Do not fall back on trusted X11 cookies when untrusted cookie generation fails. --- ssh/clientloop.c 2007/08/07 07:32:53 1.180 +++ ssh/clientloop.c 2007/08/15 08:14:46 1.181 @@ -282,19 +282,29 @@ generated = 1; } } - snprintf(cmd, sizeof(cmd), - "%s %s%s list %s 2>" _PATH_DEVNULL, - xauth_path, - generated ? "-f " : "" , - generated ? xauthfile : "", - display); - debug2("x11_get_proto: %s", cmd); - f = popen(cmd, "r"); - if (f && fgets(line, sizeof(line), f) && - sscanf(line, "%*s %511s %511s", proto, data) == 2) - got_data = 1; - if (f) - pclose(f); + + /* + * When in untrusted mode, we read the cookie only if it was + * successfully generated as an untrusted one in the step + * above. + */ + if (trusted || generated) { + snprintf(cmd, sizeof(cmd), + "%s %s%s list %s 2>" _PATH_DEVNULL, + xauth_path, + generated ? "-f " : "" , + generated ? xauthfile : "", + display); + debug2("x11_get_proto: %s", cmd); + f = popen(cmd, "r"); + if (f && fgets(line, sizeof(line), f) && + sscanf(line, "%*s %511s %511s", proto, data) == 2) + got_data = 1; + if (f) + pclose(f); + } else + error("Warning: untrusted X11 forwarding setup failed: " + "xauth key data not generated"); } if (do_unlink) { openssh-4.3p2-nss-keys.patch: Makefile.in | 4 README.nss | 38 ++++++ authfd.c | 39 +++++++ authfd.h | 8 + configure.ac | 16 ++ key.c | 62 +++++++++++ key.h | 20 +++ nsskeys.c | 327 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ nsskeys.h | 39 +++++++ readconf.c | 20 +++ readconf.h | 2 ssh-add.c | 168 ++++++++++++++++++++++++++++++ ssh-agent.c | 121 +++++++++++++++++++++ ssh-dss.c | 36 ++++++ ssh-keygen.c | 50 ++++++++- ssh-rsa.c | 42 +++++++ ssh.c | 28 +++++ 17 files changed, 1009 insertions(+), 11 deletions(-) --- NEW FILE openssh-4.3p2-nss-keys.patch --- --- openssh-4.3p2/ssh-rsa.c.nss-keys 2005-06-17 04:59:35.000000000 +0200 +++ openssh-4.3p2/ssh-rsa.c 2007-06-20 20:09:35.000000000 +0200 @@ -27,6 +27,10 @@ #include "compat.h" #include "ssh.h" +#ifdef HAVE_LIBNSS +#include +#endif + static int openssh_RSA_verify(int, u_char *, u_int, u_char *, u_int, RSA *); /* RSASSA-PKCS1-v1_5 (PKCS #1 v2.0 signature) with SHA1 */ @@ -45,6 +49,38 @@ error("ssh_rsa_sign: no RSA key"); return -1; } + + slen = RSA_size(key->rsa); + sig = xmalloc(slen); + +#ifdef HAVE_LIBNSS + if (key->flags & KEY_FLAG_NSS) { + SECItem sigitem; + SECOidTag alg; + + memset(&sigitem, 0, sizeof(sigitem)); + alg = (datafellows & SSH_BUG_RSASIGMD5) ? + SEC_OID_PKCS1_MD5_WITH_RSA_ENCRYPTION : + SEC_OID_PKCS1_SHA1_WITH_RSA_ENCRYPTION; + + if (SEC_SignData(&sigitem, (u_char *)data, datalen, key->nss->privk, + alg) != SECSuccess) { + error("ssh_rsa_sign: sign failed"); + return -1; + } + if (sigitem.len > slen) { + error("ssh_rsa_sign: slen %u slen2 %u", slen, sigitem.len); + xfree(sig); + SECITEM_ZfreeItem(&sigitem, PR_FALSE); + return -1; + } + if (sigitem.len < slen) { + memset(sig, 0, slen - sigitem.len); + } + memcpy(sig+slen-sigitem.len, sigitem.data, sigitem.len); + SECITEM_ZfreeItem(&sigitem, PR_FALSE); + } else { +#endif nid = (datafellows & SSH_BUG_RSASIGMD5) ? NID_md5 : NID_sha1; if ((evp_md = EVP_get_digestbynid(nid)) == NULL) { error("ssh_rsa_sign: EVP_get_digestbynid %d failed", nid); @@ -54,9 +90,6 @@ EVP_DigestUpdate(&md, data, datalen); EVP_DigestFinal(&md, digest, &dlen); - slen = RSA_size(key->rsa); - sig = xmalloc(slen); - ok = RSA_sign(nid, digest, dlen, sig, &len, key->rsa); memset(digest, 'd', sizeof(digest)); @@ -77,6 +110,9 @@ xfree(sig); return -1; } +#ifdef HAVE_LIBNSS + } +#endif /* encode signature */ buffer_init(&b); buffer_put_cstring(&b, "ssh-rsa"); --- /dev/null 2007-06-20 14:56:05.942081985 +0200 +++ openssh-4.3p2/README.nss 2007-06-20 20:09:35.000000000 +0200 @@ -0,0 +1,38 @@ +How to use NSS tokens with OpenSSH? + +This version of OpenSSH contains experimental support for authentication using +keys stored in tokens stored in NSS database. This for example includes any +PKCS#11 tokens which are installed in your NSS database. + +As the code is experimental and preliminary only SSH protocol 2 is supported. +The NSS certificate and token databases are looked for in the ~/.ssh +directory or in a directory specified by environment variable NSS_DB_PATH. + +Common operations: + +(1) tell the ssh client to use the NSS keys: + + $ ssh -o 'UseNSS yes' otherhost + + if you want to use a specific token: + + $ ssh -o 'UseNSS yes' -o 'NSS Token My PKCS11 Token' otherhost + +(2) or tell the agent to use the NSS keys: + + $ ssh-add -n + + if you want to use a specific token: + + $ ssh-add -n -T 'My PKCS11 Token' + +(3) extract the public key from token so it can be added to the +server: + + $ ssh-keygen -n + + if you want to use a specific token and/or key: + + $ ssh-keygen -n -D 'My PKCS11 Token' 'My Key ID' + +Tomas Mraz, Red Hat, Inc. --- openssh-4.3p2/Makefile.in.nss-keys 2007-04-03 11:01:04.000000000 +0200 +++ openssh-4.3p2/Makefile.in 2007-06-20 20:09:35.000000000 +0200 @@ -42,7 +42,7 @@ LD=@LD@ CFLAGS=@CFLAGS@ CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ $(PATHS) @DEFS@ -LIBS=@LIBS@ +LIBS=@LIBS@ @LIBNSS@ LIBSELINUX=@LIBSELINUX@ LIBAUDIT=@LIBAUDIT@ LIBEDIT=@LIBEDIT@ @@ -73,7 +73,7 @@ atomicio.o key.o dispatch.o kex.o mac.o uidswap.o uuencode.o misc.o \ monitor_fdpass.o rijndael.o ssh-dss.o ssh-rsa.o dh.o kexdh.o \ kexgex.o kexdhc.o kexgexc.o scard.o msg.o progressmeter.o dns.o \ - entropy.o scard-opensc.o gss-genr.o + entropy.o scard-opensc.o gss-genr.o nsskeys.o SSHOBJS= ssh.o readconf.o clientloop.o sshtty.o \ sshconnect.o sshconnect1.o sshconnect2.o --- openssh-4.3p2/ssh.c.nss-keys 2005-12-31 06:33:37.000000000 +0100 +++ openssh-4.3p2/ssh.c 2007-06-20 20:19:28.000000000 +0200 @@ -76,6 +76,9 @@ #ifdef SMARTCARD #include "scard.h" #endif +#ifdef HAVE_LIBNSS +#include "nsskeys.h" +#endif extern char *__progname; @@ -1179,6 +1182,10 @@ char *filename; int i = 0; Key *public; +#if defined(SMARTCARD) || defined(HAVE_LIBNSS) + Key **keys; +#endif + #ifdef SMARTCARD Key **keys; @@ -1202,6 +1209,26 @@ xfree(keys); } #endif /* SMARTCARD */ +#ifdef HAVE_LIBNSS + if (options.use_nss && + options.num_identity_files < SSH_MAX_IDENTITY_FILES && + (keys = nss_get_keys(options.nss_token, NULL, NULL)) != NULL) { + int count; + for (count = 0; keys[count] != NULL; count++) { + memmove(&options.identity_files[1], &options.identity_files[0], + sizeof(char *) * (SSH_MAX_IDENTITY_FILES - 1)); + memmove(&options.identity_keys[1], &options.identity_keys[0], + sizeof(Key *) * (SSH_MAX_IDENTITY_FILES - 1)); + options.num_identity_files++; + options.identity_keys[0] = keys[count]; + options.identity_files[0] = nss_get_key_label(keys[count]); + } + if (options.num_identity_files > SSH_MAX_IDENTITY_FILES) + options.num_identity_files = SSH_MAX_IDENTITY_FILES; + i += count; + xfree(keys); + } +#endif /* HAVE_LIBNSS */ for (; i < options.num_identity_files; i++) { filename = tilde_expand_filename(options.identity_files[i], original_real_uid); @@ -1212,6 +1239,7 @@ options.identity_files[i] = filename; options.identity_keys[i] = public; } + debug("loaded %d keys", options.num_identity_files); } static void --- openssh-4.3p2/ssh-agent.c.nss-keys 2005-11-05 05:15:00.000000000 +0100 +++ openssh-4.3p2/ssh-agent.c 2007-06-20 20:09:35.000000000 +0200 @@ -56,6 +56,10 @@ #include "scard.h" #endif +#ifdef HAVE_LIBNSS +#include "nsskeys.h" +#endif + #if defined(HAVE_SYS_PRCTL_H) #include /* For prctl() and PR_SET_DUMPABLE */ #endif @@ -667,6 +671,114 @@ } #endif /* SMARTCARD */ +#ifdef HAVE_LIBNSS +static void +process_add_nss_key (SocketEntry *e) +{ + char *tokenname = NULL, *keyname = NULL, *password = NULL; + int i, version, success = 0, death = 0, confirm = 0; + Key **keys, *k; + Identity *id; + Idtab *tab; + + tokenname = buffer_get_string(&e->request, NULL); + keyname = buffer_get_string(&e->request, NULL); + password = buffer_get_string(&e->request, NULL); + + while (buffer_len(&e->request)) { + switch (buffer_get_char(&e->request)) { + case SSH_AGENT_CONSTRAIN_LIFETIME: + death = time(NULL) + buffer_get_int(&e->request); + break; + case SSH_AGENT_CONSTRAIN_CONFIRM: + confirm = 1; + break; + default: + break; + } + } + if (lifetime && !death) + death = time(NULL) + lifetime; + + keys = nss_get_keys(tokenname, keyname, password); + /* password is owned by keys[0] now */ + xfree(tokenname); + xfree(keyname); + + if (keys == NULL) { + memset(password, 0, strlen(password)); + xfree(password); + error("nss_get_keys failed"); + goto send; + } + for (i = 0; keys[i] != NULL; i++) { + k = keys[i]; + version = k->type == KEY_RSA1 ? 1 : 2; + tab = idtab_lookup(version); + if (lookup_identity(k, version) == NULL) { + id = xmalloc(sizeof(Identity)); + id->key = k; + id->comment = nss_get_key_label(k); + id->death = death; + id->confirm = confirm; + TAILQ_INSERT_TAIL(&tab->idlist, id, next); + tab->nentries++; + success = 1; + } else { + key_free(k); + } + keys[i] = NULL; + } + xfree(keys); +send: + buffer_put_int(&e->output, 1); + buffer_put_char(&e->output, + success ? SSH_AGENT_SUCCESS : SSH_AGENT_FAILURE); +} + +static void +process_remove_nss_key(SocketEntry *e) +{ + char *tokenname = NULL, *keyname = NULL, *password = NULL; + int i, version, success = 0; + Key **keys, *k = NULL; + Identity *id; + Idtab *tab; + + tokenname = buffer_get_string(&e->request, NULL); + keyname = buffer_get_string(&e->request, NULL); + password = buffer_get_string(&e->request, NULL); + + keys = nss_get_keys(tokenname, keyname, password); + xfree(tokenname); + xfree(keyname); + xfree(password); + + if (keys == NULL || keys[0] == NULL) { + error("nss_get_keys failed"); + goto send; + } + for (i = 0; keys[i] != NULL; i++) { + k = keys[i]; + version = k->type == KEY_RSA1 ? 1 : 2; + if ((id = lookup_identity(k, version)) != NULL) { + tab = idtab_lookup(version); + TAILQ_REMOVE(&tab->idlist, id, next); + tab->nentries--; + free_identity(id); + success = 1; + } + key_free(k); + keys[i] = NULL; + } + xfree(keys); +send: + buffer_put_int(&e->output, 1); + buffer_put_char(&e->output, + success ? SSH_AGENT_SUCCESS : SSH_AGENT_FAILURE); +} +#endif /* HAVE_LIBNSS */ + /* dispatch incoming messages */ static void @@ -762,6 +874,15 @@ process_remove_smartcard_key(e); break; #endif /* SMARTCARD */ +#ifdef HAVE_LIBNSS + case SSH_AGENTC_ADD_NSS_KEY: + case SSH_AGENTC_ADD_NSS_KEY_CONSTRAINED: + process_add_nss_key(e); + break; + case SSH_AGENTC_REMOVE_NSS_KEY: + process_remove_nss_key(e); + break; +#endif /* SMARTCARD */ default: /* Unknown message. Respond with failure. */ error("Unknown message %d", type); --- openssh-4.3p2/readconf.c.nss-keys 2005-12-13 09:33:20.000000000 +0100 +++ openssh-4.3p2/readconf.c 2007-06-20 20:09:35.000000000 +0200 @@ -106,6 +106,7 @@ oKbdInteractiveAuthentication, oKbdInteractiveDevices, oHostKeyAlias, oDynamicForward, oPreferredAuthentications, oHostbasedAuthentication, oHostKeyAlgorithms, oBindAddress, oSmartcardDevice, + oUseNSS, oNSSToken, oClearAllForwardings, oNoHostAuthenticationForLocalhost, oEnableSSHKeysign, oRekeyLimit, oVerifyHostKeyDNS, oConnectTimeout, oAddressFamily, oGssAuthentication, oGssDelegateCreds, @@ -190,6 +191,13 @@ #else { "smartcarddevice", oUnsupported }, #endif +#ifdef HAVE_LIBNSS + { "usenss", oUseNSS }, + { "nsstoken", oNSSToken }, +#else + { "usenss", oUnsupported }, + { "nsstoken", oNSSToken }, +#endif { "clearallforwardings", oClearAllForwardings }, { "enablesshkeysign", oEnableSSHKeysign }, { "verifyhostkeydns", oVerifyHostKeyDNS }, @@ -562,6 +570,14 @@ charptr = &options->smartcard_device; goto parse_string; + case oUseNSS: + intptr = &options->use_nss; + goto parse_flag; + + case oNSSToken: + charptr = &options->nss_token; + goto parse_command; + case oProxyCommand: charptr = &options->proxy_command; parse_command: @@ -1009,6 +1025,8 @@ options->preferred_authentications = NULL; options->bind_address = NULL; options->smartcard_device = NULL; + options->use_nss = -1; + options->nss_token = NULL; options->enable_ssh_keysign = - 1; options->no_host_authentication_for_localhost = - 1; options->identities_only = - 1; @@ -1135,6 +1153,8 @@ options->no_host_authentication_for_localhost = 0; if (options->identities_only == -1) options->identities_only = 0; + if (options->use_nss == -1) + options->use_nss = 0; if (options->enable_ssh_keysign == -1) options->enable_ssh_keysign = 0; if (options->rekey_limit == -1) --- openssh-4.3p2/configure.ac.nss-keys 2007-04-03 11:01:04.000000000 +0200 +++ openssh-4.3p2/configure.ac 2007-06-20 20:09:35.000000000 +0200 @@ -2989,6 +2989,21 @@ ]) AC_SUBST(LIBAUDIT) +# Check whether user wants NSS support +LIBNSS_MSG="no" +LIBNSS="" +AC_ARG_WITH(nss, + [ --with-nss Enable NSS support], + [ if test "x$withval" != "xno" ; then + AC_DEFINE(HAVE_LIBNSS,1,[Define if you want NSS support.]) + LIBNSS_MSG="yes" + CPPFLAGS="$CPPFLAGS -I/usr/include/nss3 -I/usr/include/nspr4" + AC_CHECK_HEADERS(pk11pub.h) + LIBNSS="-lnss3" + fi + ]) +AC_SUBST(LIBNSS) + # Check whether user wants Kerberos 5 support KRB5_MSG="no" AC_ARG_WITH(kerberos5, @@ -3817,6 +3832,7 @@ echo " KerberosV support: $KRB5_MSG" echo " SELinux support: $SELINUX_MSG" echo " Linux audit support: $LINUX_AUDIT_MSG" +echo " NSS support: $LIBNSS_MSG" echo " Smartcard support: $SCARD_MSG" echo " S/KEY support: $SKEY_MSG" echo " TCP Wrappers support: $TCPW_MSG" --- openssh-4.3p2/key.h.nss-keys 2003-11-17 11:18:23.000000000 +0100 +++ openssh-4.3p2/key.h 2007-06-20 20:09:35.000000000 +0200 @@ -29,11 +29,17 @@ #include #include +#ifdef HAVE_LIBNSS +#include +#include +#endif + typedef struct Key Key; enum types { KEY_RSA1, KEY_RSA, KEY_DSA, + KEY_NSS, KEY_UNSPEC }; enum fp_type { @@ -47,16 +53,30 @@ /* key is stored in external hardware */ #define KEY_FLAG_EXT 0x0001 +#define KEY_FLAG_NSS 0x0002 + +#ifdef HAVE_LIBNSS +typedef struct NSSKey NSSKey; +struct NSSKey { + SECKEYPrivateKey *privk; + SECKEYPublicKey *pubk; +}; +#endif struct Key { int type; int flags; RSA *rsa; DSA *dsa; +#ifdef HAVE_LIBNSS + NSSKey *nss; +#endif }; Key *key_new(int); Key *key_new_private(int); +Key *key_new_nss(int); +Key *key_new_nss_copy(int, const Key *); void key_free(Key *); Key *key_demote(const Key *); int key_equal(const Key *, const Key *); --- openssh-4.3p2/ssh-add.c.nss-keys 2005-11-22 09:37:09.000000000 +0100 +++ openssh-4.3p2/ssh-add.c 2007-06-20 20:15:26.000000000 +0200 @@ -39,11 +39,19 @@ #include +#ifdef HAVE_LIBNSS +#include +#include +#include +#include +#include +#endif #include "ssh.h" #include "rsa.h" #include "log.h" #include "xmalloc.h" #include "key.h" +#include "nsskeys.h" #include "authfd.h" #include "authfile.h" #include "pathnames.h" @@ -284,6 +292,117 @@ return 0; } +#ifdef HAVE_LIBNSS +static char * +password_cb(PK11SlotInfo *slot, PRBool retry, void *arg) +{ + char **passcache = arg; + char *password, *p2 = NULL; + char *prompt; + + if (retry) + return NULL; + + if (asprintf(&prompt, "Enter passphrase for token %s: ", + PK11_GetTokenName(slot)) < 0) + fatal("password_cb: asprintf failed"); + + password = read_passphrase(prompt, RP_ALLOW_STDIN); + + if (password != NULL && (p2=PL_strdup(password)) == NULL) { + memset(password, 0, strlen(password)); + fatal("password_cb: PL_strdup failed"); + } + + if (passcache != NULL) { + if (*passcache != NULL) { + memset(*passcache, 0, strlen(*passcache)); + xfree(*passcache); + } + *passcache = password; + } else { + memset(password, 0, strlen(password)); + xfree(password); + } + + return p2; +} + +static int +add_slot_keys(AuthenticationConnection *ac, PK11SlotInfo *slot, int add) +{ + SECKEYPrivateKeyList *list; + SECKEYPrivateKeyListNode *node; + char *passcache = NULL; + char *tokenname; + + int count = 0; + + if (PK11_NeedLogin(slot)) + PK11_Authenticate(slot, PR_TRUE, &passcache); + + if ((list=PK11_ListPrivKeysInSlot(slot, NULL, NULL)) == NULL) { + return 0; + } + + tokenname = PK11_GetTokenName(slot); + + for (node=PRIVKEY_LIST_HEAD(list); !PRIVKEY_LIST_END(node, list); + node=PRIVKEY_LIST_NEXT(node)) { + char *keyname; + SECKEYPublicKey *pub; + + keyname = PK11_GetPrivateKeyNickname(node->key); + if (keyname == NULL || *keyname == '\0') { + /* no nickname to refer to */ + CERTCertificate *cert; + char *kn; + cert = PK11_GetCertFromPrivateKey(node->key); + if (cert == NULL) + continue; + kn = strchr(cert->nickname, ':'); + if (kn == NULL) + kn = cert->nickname; + else + kn++; + keyname = PORT_Strdup(kn); + CERT_DestroyCertificate(cert); + if (keyname == NULL) + continue; + } + pub = SECKEY_ConvertToPublicKey(node->key); + if (pub == NULL) { + fprintf(stderr, "No public key for: %s:%s\n", + tokenname, keyname); + continue; /* not possible to obtain public key */ + } + SECKEY_DestroyPublicKey(pub); + + if (ssh_update_nss_key(ac, add, tokenname, keyname, + passcache?passcache:"", lifetime, confirm)) { + fprintf(stderr, "Key %s: %s:%s\n", + add?"added":"removed", tokenname, keyname); + count++; + } else { + fprintf(stderr, "Could not %s key: %s:%s\n", + add?"add":"remove", tokenname, keyname); + } + + PORT_Free(keyname); + count++; + } + + if (passcache != NULL) { + memset(passcache, 0, strlen(passcache)); + xfree(passcache); + } + + SECKEY_DestroyPrivateKeyList(list); + + return count; +} +#endif + static void usage(void) { @@ -311,6 +430,10 @@ AuthenticationConnection *ac = NULL; char *sc_reader_id = NULL; int i, ch, deleting = 0, ret = 0; +#ifdef HAVE_LIBNSS + char *token_id = NULL; + int use_nss = 0; +#endif /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */ sanitise_stdfd(); @@ -328,7 +451,7 @@ "Could not open a connection to your authentication agent.\n"); exit(2); } - while ((ch = getopt(argc, argv, "lLcdDxXe:s:t:")) != -1) { + while ((ch = getopt(argc, argv, "lLcdDnxXe:s:t:T:")) != -1) { switch (ch) { case 'l': case 'L': @@ -352,7 +475,11 @@ if (delete_all(ac) == -1) ret = 1; goto done; +#ifdef HAVE_LIBNSS + case 'n': + use_nss = 1; break; +#endif case 's': sc_reader_id = optarg; break; @@ -367,6 +494,11 @@ goto done; } break; +#ifdef HAVE_LIBNSS + case 'T': + token_id = optarg; + break; +#endif default: usage(); ret = 1; @@ -380,6 +512,40 @@ ret = 1; goto done; } +#ifdef HAVE_LIBNSS + if (use_nss) { + PK11SlotList *slots; + PK11SlotListElement *sle; + int count = 0; + if (nss_init(password_cb) == -1) { + fprintf(stderr, "Failed to initialize NSS library\n"); + ret = 1; + goto done; + } + + if ((slots=PK11_GetAllTokens(CKM_INVALID_MECHANISM, PR_FALSE, PR_FALSE, + NULL)) == NULL) { + fprintf(stderr, "No tokens found\n"); + ret = 1; + goto nss_done; + } + + for (sle = slots->head; sle; sle = sle->next) { + int rv; + if ((rv=add_slot_keys(ac, sle->slot, !deleting)) == -1) { + ret = 1; + } + count += rv; + } + if (count == 0) { + ret = 1; + } +nss_done: + NSS_Shutdown(); + clear_pass(); + goto done; + } +#endif if (argc == 0) { char buf[MAXPATHLEN]; struct passwd *pw; --- openssh-4.3p2/readconf.h.nss-keys 2005-12-13 09:29:02.000000000 +0100 +++ openssh-4.3p2/readconf.h 2007-06-20 20:09:35.000000000 +0200 @@ -85,6 +85,8 @@ char *preferred_authentications; char *bind_address; /* local socket address for connection to sshd */ char *smartcard_device; /* Smartcard reader device */ + int use_nss; /* Use NSS library for keys */ + char *nss_token; /* Look for NSS keys on token */ int verify_host_key_dns; /* Verify host key using DNS */ int num_identity_files; /* Number of files for RSA/DSA identities. */ --- /dev/null 2007-06-20 14:56:05.942081985 +0200 +++ openssh-4.3p2/nsskeys.h 2007-06-20 20:09:35.000000000 +0200 @@ -0,0 +1,39 @@ +/* + * Copyright (c) 2001 Markus Friedl. All rights reserved. + * Copyright (c) 2007 Red Hat, Inc. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#ifndef NSSKEYS_H +#define NSSKEYS_H +#ifdef HAVE_LIBNSS +#include +#include + +int nss_init(PK11PasswordFunc); +Key **nss_get_keys(const char *, const char *, char *); +char *nss_get_key_label(Key *); +/*void sc_close(void);*/ +/*int sc_put_key(Key *, const char *);*/ + +#endif +#endif --- openssh-4.3p2/authfd.h.nss-keys 2003-11-21 13:48:55.000000000 +0100 +++ openssh-4.3p2/authfd.h 2007-06-20 20:09:35.000000000 +0200 @@ -51,6 +51,12 @@ #define SSH2_AGENTC_ADD_ID_CONSTRAINED 25 #define SSH_AGENTC_ADD_SMARTCARD_KEY_CONSTRAINED 26 +/* nss */ +#define SSH_AGENTC_ADD_NSS_KEY 30 +#define SSH_AGENTC_REMOVE_NSS_KEY 31 +#define SSH_AGENTC_ADD_NSS_KEY_CONSTRAINED 32 + + #define SSH_AGENT_CONSTRAIN_LIFETIME 1 #define SSH_AGENT_CONSTRAIN_CONFIRM 2 @@ -85,6 +91,8 @@ int ssh_lock_agent(AuthenticationConnection *, int, const char *); int ssh_update_card(AuthenticationConnection *, int, const char *, const char *, u_int, u_int); +int ssh_update_nss_key(AuthenticationConnection *, int, const char *, + const char *, const char *, u_int, u_int); int ssh_decrypt_challenge(AuthenticationConnection *, Key *, BIGNUM *, u_char[16], --- openssh-4.3p2/authfd.c.nss-keys 2005-06-17 04:59:35.000000000 +0200 +++ openssh-4.3p2/authfd.c 2007-06-20 20:09:35.000000000 +0200 @@ -617,6 +617,45 @@ return decode_reply(type); } +int +ssh_update_nss_key(AuthenticationConnection *auth, int add, + const char *tokenname, const char *keyname, + const char *pass, u_int life, u_int confirm) +{ + Buffer msg; + int type, constrained = (life || confirm); + + if (add) { + type = constrained ? + SSH_AGENTC_ADD_NSS_KEY_CONSTRAINED : + SSH_AGENTC_ADD_NSS_KEY; + } else + type = SSH_AGENTC_REMOVE_NSS_KEY; + + buffer_init(&msg); + buffer_put_char(&msg, type); + buffer_put_cstring(&msg, tokenname); + buffer_put_cstring(&msg, keyname); + buffer_put_cstring(&msg, pass); + + if (constrained) { + if (life != 0) { + buffer_put_char(&msg, SSH_AGENT_CONSTRAIN_LIFETIME); + buffer_put_int(&msg, life); + } + if (confirm != 0) + buffer_put_char(&msg, SSH_AGENT_CONSTRAIN_CONFIRM); + } + + if (ssh_request_reply(auth, &msg, &msg) == 0) { + buffer_free(&msg); + return 0; + } + type = buffer_get_char(&msg); + buffer_free(&msg); + return decode_reply(type); +} + /* * Removes all identities from the agent. This call is not meant to be used * by normal applications. --- openssh-4.3p2/ssh-dss.c.nss-keys 2003-11-17 11:18:23.000000000 +0100 +++ openssh-4.3p2/ssh-dss.c 2007-06-20 20:09:35.000000000 +0200 @@ -35,6 +35,10 @@ #include "log.h" #include "key.h" +#ifdef HAVE_LIBNSS +#include +#endif + #define INTBLOB_LEN 20 #define SIGBLOB_LEN (2*INTBLOB_LEN) @@ -53,6 +57,34 @@ error("ssh_dss_sign: no DSA key"); return -1; } +#ifdef HAVE_LIBNSS + if (key->flags & KEY_FLAG_NSS) { + SECItem sigitem; + SECItem *rawsig; + + memset(&sigitem, 0, sizeof(sigitem)); + if (SEC_SignData(&sigitem, (u_char *)data, datalen, key->nss->privk, + SEC_OID_ANSIX9_DSA_SIGNATURE_WITH_SHA1_DIGEST) != SECSuccess) { + error("ssh_dss_sign: sign failed"); + return -1; + } + + if ((rawsig=DSAU_DecodeDerSig(&sigitem)) == NULL) { + error("ssh_dss_sign: der decode failed"); + SECITEM_ZfreeItem(&sigitem, PR_FALSE); + return -1; + } + SECITEM_ZfreeItem(&sigitem, PR_FALSE); + if (rawsig->len != SIGBLOB_LEN) { + error("ssh_dss_sign: unsupported signature length %d", + rawsig->len); + SECITEM_ZfreeItem(rawsig, PR_TRUE); + return -1; + } + memcpy(sigblob, rawsig->data, SIGBLOB_LEN); + SECITEM_ZfreeItem(rawsig, PR_TRUE); + } else { +#endif EVP_DigestInit(&md, evp_md); EVP_DigestUpdate(&md, data, datalen); EVP_DigestFinal(&md, digest, &dlen); @@ -76,7 +108,9 @@ BN_bn2bin(sig->r, sigblob+ SIGBLOB_LEN - INTBLOB_LEN - rlen); BN_bn2bin(sig->s, sigblob+ SIGBLOB_LEN - slen); DSA_SIG_free(sig); - +#ifdef HAVE_LIBNSS + } +#endif if (datafellows & SSH_BUG_SIGBLOB) { if (lenp != NULL) *lenp = SIGBLOB_LEN; --- openssh-4.3p2/key.c.nss-keys 2005-06-17 04:59:35.000000000 +0200 +++ openssh-4.3p2/key.c 2007-06-20 20:09:35.000000000 +0200 @@ -88,6 +88,55 @@ return k; } +#ifdef HAVE_LIBNSS +Key * +key_new_nss(int type) +{ + Key *k = key_new(type); + + k->nss = xmalloc(sizeof(*k->nss)); + memset(k->nss, 0, sizeof(*k->nss)); + k->flags = KEY_FLAG_EXT | KEY_FLAG_NSS; + + return k; +} + +Key * +key_new_nss_copy(int type, const Key *c) +{ + Key *k = key_new_nss(type); + + switch (k->type) { + case KEY_RSA: + if ((BN_copy(k->rsa->n, c->rsa->n) == NULL) || + (BN_copy(k->rsa->e, c->rsa->e) == NULL)) + fatal("key_new_nss_copy: BN_copy failed"); + break; + case KEY_DSA: + if ((BN_copy(k->dsa->p, c->rsa->p) == NULL) || + (BN_copy(k->dsa->q, c->dsa->q) == NULL) || + (BN_copy(k->dsa->g, c->dsa->g) == NULL) || + (BN_copy(k->dsa->pub_key, c->dsa->pub_key) == NULL)) + fatal("key_new_nss_copy: BN_copy failed"); + break; + } + + k->nss->privk = SECKEY_CopyPrivateKey(c->nss->privk); + if (k->nss->privk == NULL) + fatal("key_new_nss_copy: SECKEY_CopyPrivateKey failed"); + + k->nss->pubk = SECKEY_CopyPublicKey(c->nss->pubk); + if (k->nss->pubk == NULL) + fatal("key_new_nss_copy: SECKEY_CopyPublicKey failed"); + + if (c->nss->privk->wincx) + k->nss->privk->wincx = xstrdup(c->nss->privk->wincx); + + return k; +} +#endif + + Key * key_new_private(int type) { @@ -141,6 +190,19 @@ fatal("key_free: bad key type %d", k->type); break; } +#ifdef HAVE_LIBNSS + if (k->flags & KEY_FLAG_NSS) { + if (k->nss->privk->wincx != NULL) { + memset(k->nss->privk->wincx, 0, + strlen(k->nss->privk->wincx)); + xfree(k->nss->privk->wincx); + k->nss->privk->wincx = NULL; + } + SECKEY_DestroyPrivateKey(k->nss->privk); + SECKEY_DestroyPublicKey(k->nss->pubk); + xfree(k->nss); + } +#endif xfree(k); } --- /dev/null 2007-06-20 14:56:05.942081985 +0200 +++ openssh-4.3p2/nsskeys.c 2007-06-20 20:09:35.000000000 +0200 @@ -0,0 +1,327 @@ +/* + * Copyright (c) 2001 Markus Friedl. All rights reserved. + * Copyright (c) 2007 Red Hat, Inc. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#include "includes.h" +#ifdef HAVE_LIBNSS + +#include + +#include +#include +#include + +#include + +#include +#include +#include +#include + +#include "xmalloc.h" +#include "key.h" +#include "log.h" +#include "misc.h" +#include "nsskeys.h" +#include "pathnames.h" + +static char * +password_cb(PK11SlotInfo *slot, PRBool retry, void *arg) +{ + char *password = arg; + if (retry || password == NULL) + return NULL; + + return PL_strdup(password); +} + +int +nss_init(PK11PasswordFunc pwfn) +{ + char *dbpath; + char buf[MAXPATHLEN]; + + if (NSS_IsInitialized()) + return 0; + + if ((dbpath=getenv("NSS_DB_PATH")) == NULL) { + struct passwd *pw; + if ((pw = getpwuid(getuid())) == NULL || + pw->pw_dir == NULL) { + return -1; + } + snprintf(buf, sizeof(buf), "%s/%s", pw->pw_dir, + _PATH_SSH_USER_DIR); + dbpath = buf; + } + + if (NSS_Init(dbpath) != SECSuccess) + return -1; + + if (pwfn == NULL) { + pwfn = password_cb; + } + + PK11_SetPasswordFunc(pwfn); + + return 0; +} + +static Key * +make_key_from_privkey(SECKEYPrivateKey *privk, char *password) +{ + Key *k; + switch (SECKEY_GetPrivateKeyType(privk)) { + case rsaKey: + k = key_new_nss(KEY_RSA); + break; + case dsaKey: + k = key_new_nss(KEY_DSA); + break; + default: + return NULL; + } + k->nss->pubk = SECKEY_ConvertToPublicKey(privk); + if (k->nss->pubk != NULL) { + k->nss->privk = SECKEY_CopyPrivateKey(privk); + } + if (k->nss->privk != NULL) { + if (password != NULL) { + k->nss->privk->wincx = xstrdup(password); + } + return k; + } + key_free(k); + return NULL; +} + +static Key ** +add_key_to_list(Key *k, Key **keys, size_t *i, size_t *allocated) +{ + if (*allocated < *i + 2) { + *allocated += 16; + keys = xrealloc(keys, *allocated * sizeof(k)); + } + keys[*i] = k; + (*i)++; + keys[*i] = NULL; + return keys; +} + +static int +nss_convert_pubkey(Key *k) +{ + u_char *n; + unsigned int len; + char *p; + + switch (k->type) { + case KEY_RSA: + n = k->nss->pubk->u.rsa.modulus.data; + len = k->nss->pubk->u.rsa.modulus.len; + + if (BN_bin2bn(n, len, k->rsa->n) == NULL) { + fatal("nss_convert_pubkey: BN_bin2bn failed"); + } + + n = k->nss->pubk->u.rsa.publicExponent.data; + len = k->nss->pubk->u.rsa.publicExponent.len; + + if (BN_bin2bn(n, len, k->rsa->e) == NULL) { + fatal("nss_convert_pubkey: BN_bin2bn failed"); + } + break; + case KEY_DSA: + n = k->nss->pubk->u.dsa.params.prime.data; + len = k->nss->pubk->u.dsa.params.prime.len; + + if (BN_bin2bn(n, len, k->dsa->p) == NULL) { + fatal("nss_convert_pubkey: BN_bin2bn failed"); + } + + n = k->nss->pubk->u.dsa.params.subPrime.data; + len = k->nss->pubk->u.dsa.params.subPrime.len; + + if (BN_bin2bn(n, len, k->dsa->q) == NULL) { + fatal("nss_convert_pubkey: BN_bin2bn failed"); + } + + n = k->nss->pubk->u.dsa.params.base.data; + len = k->nss->pubk->u.dsa.params.base.len; + + if (BN_bin2bn(n, len, k->dsa->g) == NULL) { + fatal("nss_convert_pubkey: BN_bin2bn failed"); + } + + n = k->nss->pubk->u.dsa.publicValue.data; + len = k->nss->pubk->u.dsa.publicValue.len; + + if (BN_bin2bn(n, len, k->dsa->pub_key) == NULL) { + fatal("nss_convert_pubkey: BN_bin2bn failed"); + } + break; + } + + p = key_fingerprint(k, SSH_FP_MD5, SSH_FP_HEX); + debug("fingerprint %u %s", key_size(k), p); + xfree(p); + + return 0; +} + +static Key ** +nss_find_privkeys(const char *tokenname, const char *keyname, + char *password) +{ + Key *k = NULL; + Key **keys = NULL; + PK11SlotList *slots; + PK11SlotListElement *sle; + size_t allocated = 0; + size_t i = 0; + + if ((slots=PK11_FindSlotsByNames(NULL, NULL, tokenname, PR_TRUE)) == NULL) { + if (tokenname == NULL) { + debug("No NSS token found"); + } else { + debug("NSS token not found: %s", tokenname); + } + return NULL; + } + + for (sle = slots->head; sle; sle = sle->next) { + SECKEYPrivateKeyList *list; + SECKEYPrivateKeyListNode *node; + char *tmppass = password; + + if (PK11_NeedLogin(sle->slot)) { + if (password == NULL) { + char *prompt; + if (asprintf(&prompt, "Enter passphrase for token %s: ", + PK11_GetTokenName(sle->slot)) < 0) + fatal("password_cb: asprintf failed"); + tmppass = read_passphrase(prompt, RP_ALLOW_STDIN); + } + PK11_Authenticate(sle->slot, PR_TRUE, tmppass); + } + + debug("Looking for: %s:%s", tokenname, keyname); + list = PK11_ListPrivKeysInSlot(sle->slot, (char *)keyname, + tmppass); + if (list == NULL && keyname != NULL) { + char *fooname; + /* NSS bug workaround */ + if (asprintf(&fooname, "%s~", keyname) < 0) { + error("nss_find_privkey: asprintf failed"); + PK11_FreeSlotList(slots); + return NULL; + } + list = PK11_ListPrivKeysInSlot(sle->slot, fooname, + tmppass); + free(fooname); + } + if (list == NULL && keyname != NULL) { + CERTCertificate *cert; + SECKEYPrivateKey *privk; + cert = CERT_FindCertByNickname(CERT_GetDefaultCertDB(), + (char *)keyname); + if (cert == NULL) + goto cleanup; + privk = PK11_FindPrivateKeyFromCert(sle->slot, cert, tmppass); + CERT_DestroyCertificate(cert); + if (privk == NULL) + goto cleanup; + if ((k=make_key_from_privkey(privk, tmppass)) != NULL) { + nss_convert_pubkey(k); + keys = add_key_to_list(k, keys, &i, &allocated); + } + SECKEY_DestroyPrivateKey(privk); + } else { + if (list == NULL) + goto cleanup; + for (node=PRIVKEY_LIST_HEAD(list); !PRIVKEY_LIST_END(node, list); + node=PRIVKEY_LIST_NEXT(node)) + if ((k=make_key_from_privkey(node->key, tmppass)) != NULL) { + nss_convert_pubkey(k); + keys = add_key_to_list(k, keys, &i, &allocated); + } + SECKEY_DestroyPrivateKeyList(list); + } +cleanup: + if (password == NULL && tmppass != NULL) { + memset(tmppass, 0, strlen(tmppass)); + xfree(tmppass); + } + } + PK11_FreeSlotList(slots); + + return keys; +} + +Key ** +nss_get_keys(const char *tokenname, const char *keyname, + char *password) +{ + Key **keys; + + if (nss_init(NULL) == -1) { + error("Failed to initialize NSS library"); + return NULL; + } + + keys = nss_find_privkeys(tokenname, keyname, password); + if (keys == NULL && keyname != NULL) { + error("Cannot find key in nss, token removed"); + return NULL; + } +#if 0 + keys = xcalloc(3, sizeof(Key *)); + + if (k->type == KEY_RSA) { + n = key_new_nss_copy(KEY_RSA1, k); + + keys[0] = n; + keys[1] = k; + keys[2] = NULL; + } else { + keys[0] = k; + keys[1] = NULL; + } +#endif + return keys; +} + +char * +nss_get_key_label(Key *key) +{ + char *label, *nickname; + + nickname = PK11_GetPrivateKeyNickname(key->nss->privk); + label = xstrdup(nickname); + PORT_Free(nickname); + + return label; +} + +#endif /* HAVE_LIBNSS */ --- openssh-4.3p2/ssh-keygen.c.nss-keys 2005-11-29 03:10:25.000000000 +0100 +++ openssh-4.3p2/ssh-keygen.c 2007-06-20 20:22:11.000000000 +0200 @@ -35,6 +35,11 @@ #endif #include "dns.h" +#ifdef HAVE_LIBNSS +#include +#include "nsskeys.h" +#endif + /* Number of bits in the RSA/DSA key. This value can be set on the command line. */ #define DEFAULT_BITS 2048 #define DEFAULT_BITS_DSA 1024 @@ -456,6 +461,26 @@ } #endif /* SMARTCARD */ +#ifdef HAVE_LIBNSS +static void +do_nss_download(struct passwd *pw, const char *tokenname, const char *keyname) +{ + Key **keys = NULL; + int i; + + keys = nss_get_keys(tokenname, keyname, NULL); + if (keys == NULL) + fatal("cannot find public key in NSS"); + for (i = 0; keys[i]; i++) { + key_write(keys[i], stdout); + key_free(keys[i]); + fprintf(stdout, "\n"); + } + xfree(keys); + exit(0); +} +#endif /* HAVE_LIBNSS */ + static void do_fingerprint(struct passwd *pw) { @@ -1009,7 +1034,8 @@ Key *private, *public; struct passwd *pw; struct stat st; - int opt, type, fd, download = 0; + int opt, type, fd, download = 1; + int use_nss = 0; u_int32_t memory = 0, generator_wanted = 0, trials = 100; int do_gen_candidates = 0, do_screen_candidates = 0; int log_level = SYSLOG_LEVEL_INFO; @@ -1043,7 +1069,7 @@ } while ((opt = getopt(ac, av, - "degiqpclBHvxXyF:b:f:t:U:D:P:N:C:r:g:R:T:G:M:S:a:W:")) != -1) { + "degiqpclnBHvxXyF:b:f:t:U:D:P:N:C:r:g:R:T:G:M:S:a:W:")) != -1) { switch (opt) { case 'b': bits = strtonum(optarg, 768, 32768, &errstr); @@ -1083,6 +1109,10 @@ case 'g': print_generic = 1; break; + case 'n': + use_nss = 1; + download = 1; + break; case 'P': identity_passphrase = optarg; break; @@ -1114,9 +1144,10 @@ case 't': key_type_name = optarg; break; - case 'D': - download = 1; case 'U': + download = 0; + /*FALLTHROUGH*/ + case 'D': reader_id = optarg; break; case 'v': @@ -1200,6 +1231,17 @@ if (rr_hostname != NULL) { do_print_resource_record(pw, rr_hostname); } + + if (use_nss) { +#ifdef HAVE_LIBNSS + if (download) + do_nss_download(pw, reader_id, identity_file); + else + fatal("no support for NSS key upload."); +#else + fatal("no support for NSS keys."); +#endif + } if (reader_id != NULL) { #ifdef SMARTCARD if (download) openssh-4.3p2-selinux-rolechg.patch: selinux.c | 168 +++++++++++++++++++++++++++++++++++++++++++++++--------------- 1 files changed, 129 insertions(+), 39 deletions(-) Index: openssh-4.3p2-selinux-rolechg.patch =================================================================== RCS file: /cvs/dist/rpms/openssh/FC-6/openssh-4.3p2-selinux-rolechg.patch,v retrieving revision 1.1 retrieving revision 1.2 diff -u -r1.1 -r1.2 --- openssh-4.3p2-selinux-rolechg.patch 1 Mar 2007 12:09:39 -0000 1.1 +++ openssh-4.3p2-selinux-rolechg.patch 2 Oct 2007 13:34:45 -0000 1.2 @@ -1,6 +1,34 @@ ---- openssh-4.3p2/selinux.c.rolechg 2007-02-27 20:56:16.000000000 +0100 -+++ openssh-4.3p2/selinux.c 2007-02-27 21:42:09.000000000 +0100 -@@ -82,16 +82,80 @@ +--- openssh-4.3p2/selinux.c.rolechg 2007-04-03 11:01:05.000000000 +0200 ++++ openssh-4.3p2/selinux.c 2007-04-03 16:09:49.000000000 +0200 +@@ -41,15 +41,15 @@ + } + if (selinux_trans_to_raw_context(default_context, &default_raw) < 0) { + error("Error translating default context."); +- goto out; ++ default_raw = NULL; + } + if (selinux_trans_to_raw_context(selected_context, &selected_raw) < 0) { + error("Error translating selected context."); +- goto out; ++ selected_raw = NULL; + } + if (asprintf(&msg, "sshd: default-context=%s selected-context=%s", +- default_context ? default_raw : "?", +- selected_context ? selected_raw : "?") < 0) { ++ default_raw ? default_raw : (default_context ? default_context : "?"), ++ selected_raw ? selected_raw : (selected_context ? selected_context : "?")) < 0) { + error("Error allocating memory."); + goto out; + } +@@ -74,6 +74,7 @@ + int retval; + unsigned int bit = CONTEXT__CONTAINS; + ++ debug("mls_range_allowed: src:%s dst:%s", src, dst); + retval = security_compute_av(src, dst, SECCLASS_CONTEXT, bit, &avd); + if (retval || ((bit & avd.allowed) != bit)) + return 0; +@@ -82,16 +83,81 @@ } static int get_user_context(const char *user, const char *role, const char *level, @@ -10,7 +38,8 @@ - else - return get_default_context_with_level(user, level, NULL, context); + security_context_t *context) { -+ if (get_default_context_with_level(user, level, NULL, context) != 0) { ++ if (level == NULL || level[0] == '\0' || ++ get_default_context_with_level(user, level, NULL, context) != 0) { + /* User may have requested a level completely outside of his + allowed range. We get a context just for auditing as the + range check below will certainly fail for default context. */ @@ -89,7 +118,7 @@ char *seuser=NULL; char *role=NULL; int ret=-1; -@@ -99,6 +163,8 @@ +@@ -99,6 +165,8 @@ const char *rlevel=NULL; context_t con=NULL; @@ -98,7 +127,7 @@ if (the_authctxt) { if (the_authctxt->role != NULL) { char *slash; -@@ -113,7 +179,7 @@ +@@ -113,7 +181,7 @@ ret = getseuserbyname(name, &seuser, &dlevel); if (ret >= 0) { @@ -107,7 +136,7 @@ } if (ret >= 0) { -@@ -121,42 +187,38 @@ +@@ -121,42 +189,45 @@ if (inetd_flag && !rexeced_flag) { security_context_t sshd_context=NULL; @@ -135,8 +164,13 @@ - if (mls_range_allowed(default_context, user_context)) { - send_audit_message(1, default_context, user_context); + if (ret >= 0 && rlevel != NULL && rlevel[0]) { ++ security_context_t default_level_context = *default_context; ++ if (role != NULL && role[0]) { ++ if (get_user_context(seuser, role, dlevel, &default_level_context) < 0) ++ default_level_context = *default_context; ++ } + /* verify that the requested range is contained in the user range */ -+ if (mls_range_allowed(*default_context, *user_context)) { ++ if (mls_range_allowed(default_level_context, *user_context)) { logit("permit MLS level %s (user range %s)", rlevel, dlevel); } else { - send_audit_message(0, default_context, user_context); @@ -147,6 +181,8 @@ + ret = -1; + error("deny MLS level %s (user range %s)", rlevel, dlevel); } ++ if (default_level_context != *default_context) ++ freecon(default_level_context); } - freecon(default_context); } else { @@ -164,7 +200,7 @@ } if (con) -@@ -164,7 +226,7 @@ +@@ -164,7 +235,7 @@ free(role); free(seuser); free(dlevel); @@ -173,7 +209,7 @@ } void setup_selinux_pty(const char *name, const char *tty) { -@@ -201,18 +263,37 @@ +@@ -201,18 +272,37 @@ } void setup_selinux_exec_context(char *name) { Index: openssh.spec =================================================================== RCS file: /cvs/dist/rpms/openssh/FC-6/openssh.spec,v retrieving revision 1.101 retrieving revision 1.102 diff -u -r1.101 -r1.102 --- openssh.spec 30 Mar 2007 20:02:49 -0000 1.101 +++ openssh.spec 2 Oct 2007 13:34:45 -0000 1.102 @@ -28,6 +28,9 @@ # Do we want kerberos5 support (1=yes 0=no) %define kerberos5 1 +# Do we want NSS tokens support +%define nss 1 + # Whether or not /sbin/nologin exists. %define nologin 1 @@ -61,7 +64,7 @@ Summary: The OpenSSH implementation of SSH protocol versions 1 and 2 Name: openssh Version: 4.3p2 -Release: 19%{?dist}%{?rescue_rel} +Release: 24%{?dist}%{?rescue_rel} URL: http://www.openssh.com/portable.html #Source0: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz #Source1: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz.sig @@ -105,6 +108,9 @@ Patch51: openssh-4.3p2-mls.patch Patch52: openssh-4.3p2-selinux-rolechg.patch Patch53: openssh-4.3p2-cve-2006-5052.patch +Patch54: openssh-4.3p2-nss-keys.patch +Patch55: openssh-4.3p2-cve-2007-3102.patch +Patch56: openssh-4.3p2-cve-2007-4752.patch License: BSD Group: Applications/Internet BuildRoot: %{_tmppath}/%{name}-%{version}-buildroot @@ -135,6 +141,10 @@ BuildRequires: krb5-devel %endif +%if %{nss} +BuildRequires: nss-devel +%endif + %if %{WITH_SELINUX} Requires: libselinux >= 1.27.7 BuildRequires: libselinux-devel >= 1.27.7 @@ -247,6 +257,9 @@ %patch51 -p1 -b .mls %patch52 -p1 -b .rolechg %patch53 -p1 -b .cve-2006-5052 +%patch54 -p1 -b .nss-keys +%patch55 -p1 -b .inject-fix +%patch56 -p1 -b .untrusted-only autoreconf @@ -289,6 +302,9 @@ --enable-vendor-patchlevel="FC-%{version}-%{release}" \ --disable-strip \ --without-zlib-version-check \ +%if %{nss} + --with-nss \ +%endif %if %{scard} --with-smartcard \ %endif @@ -372,6 +388,10 @@ perl -pi -e "s|$RPM_BUILD_ROOT||g" $RPM_BUILD_ROOT%{_mandir}/man*/* +rm -f README.nss.nss-keys +%if ! %{nss} +rm -f README.nss +%endif %clean rm -rf $RPM_BUILD_ROOT @@ -491,6 +511,22 @@ %endif %changelog +* Tue Oct 2 2007 Tomas Mraz - 4.3p2-25 +- do not fall back on trusted X11 cookies (CVE-2007-4752) (#280471) + +* Fri Jul 13 2007 Tomas Mraz - 4.3p2-24 +- fixed audit log injection problem (CVE-2007-3102) (#248059) + +* Thu Jun 21 2007 Tomas Mraz - 4.3p2-23 +- document where the nss certificate and token dbs are looked for + +* Wed Jun 20 2007 Tomas Mraz - 4.3p2-22 +- experimental support for PKCS#11 tokens through libnss3 (#183423) + +* Tue Apr 03 2007 Tomas Mraz - 4.3p2-21 +- correctly setup context when empty level requested (#234951) +- and always request default level as returned by getseuserbyname (#231695) + * Fri Mar 30 2007 Miloslav Trmac - 4.3p2-19 - Fix an information leak in Kerberos password authentication (CVE-2006-5052) Resolves: #234640 From fedora-cvs-commits at redhat.com Tue Oct 2 13:48:27 2007 From: fedora-cvs-commits at redhat.com (fedora-cvs-commits at redhat.com) Date: Tue, 2 Oct 2007 09:48:27 -0400 Subject: rpms/openssh/FC-6 openssh.spec,1.102,1.103 Message-ID: <200710021348.l92DmRiP003418@cvs.devel.redhat.com> Author: tmraz Update of /cvs/dist/rpms/openssh/FC-6 In directory cvs.devel.redhat.com:/tmp/cvs-serv3402 Modified Files: openssh.spec Log Message: - sync release with changelog Index: openssh.spec =================================================================== RCS file: /cvs/dist/rpms/openssh/FC-6/openssh.spec,v retrieving revision 1.102 retrieving revision 1.103 diff -u -r1.102 -r1.103 --- openssh.spec 2 Oct 2007 13:34:45 -0000 1.102 +++ openssh.spec 2 Oct 2007 13:48:24 -0000 1.103 @@ -64,7 +64,7 @@ Summary: The OpenSSH implementation of SSH protocol versions 1 and 2 Name: openssh Version: 4.3p2 -Release: 24%{?dist}%{?rescue_rel} +Release: 25%{?dist}%{?rescue_rel} URL: http://www.openssh.com/portable.html #Source0: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz #Source1: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz.sig From fedora-cvs-commits at redhat.com Tue Oct 2 13:50:42 2007 From: fedora-cvs-commits at redhat.com (fedora-cvs-commits at redhat.com) Date: Tue, 2 Oct 2007 09:50:42 -0400 Subject: rpms/kdebase/FC-6 post-3.5.7-kdebase-kdm.diff, NONE, 1.1 post-3.5.7-kdebase-konqueror-2.diff, NONE, 1.1 kdebase.spec, 1.249, 1.250 Message-ID: <200710021350.l92DogQr003550@cvs.devel.redhat.com> Author: than Update of /cvs/dist/rpms/kdebase/FC-6 In directory cvs.devel.redhat.com:/tmp/cvs-serv3533 Modified Files: kdebase.spec Added Files: post-3.5.7-kdebase-kdm.diff post-3.5.7-kdebase-konqueror-2.diff Log Message: - CVE-2007-4224, CVE-2007-4225, CVE-2007-3820 - rh#299741, CVE-2007-4569 post-3.5.7-kdebase-kdm.diff: session.c | 17 +++++++++-------- 1 files changed, 9 insertions(+), 8 deletions(-) --- NEW FILE post-3.5.7-kdebase-kdm.diff --- --- kdm/backend/session.c +++ kdm/bakcend/session.c @@ -121,8 +121,9 @@ static void DoAutoLogon( void ) { - StrDup( &curuser, td->autoUser ); - StrDup( &curpass, td->autoPass ); + ReStr( &curuser, td->autoUser ); + ReStr( &curpass, td->autoPass ); + ReStr( &curtype, "classic" ); cursource = PWSRC_AUTOLOGIN; } @@ -141,7 +142,9 @@ td->hstent->npass = 0; newdmrc = td->hstent->nargs; td->hstent->nargs = 0; + ReStr( &curtype, "classic" ); cursource = (td->hstent->rLogin == 1) ? PWSRC_RELOGIN : PWSRC_MANUAL; + return 1; } else if (*td->autoUser && !td->autoDelay && (tdiff > 0 || td->autoAgain)) { unsigned int lmask; @@ -153,11 +156,9 @@ if (lmask & ShiftMask) return 0; DoAutoLogon(); - } else { - cursource = PWSRC_MANUAL; - return 0; + return 1; } - return 1; + return 0; } @@ -369,6 +370,7 @@ if (curtype) free( curtype ); curtype = GRecvStr(); Debug( " type %\"s\n", curtype ); + cursource = PWSRC_MANUAL; if (Verify( conv_interact, rootok )) { Debug( " -> return success\n" ); GSendInt( V_OK ); @@ -378,7 +380,6 @@ case G_AutoLogin: Debug( "G_AutoLogin\n" ); DoAutoLogon(); - StrDup( &curtype, "classic" ); if (Verify( conv_auto, FALSE )) { Debug( " -> return success\n" ); GSendInt( V_OK ); @@ -565,7 +566,7 @@ tdiff = td->autoAgain ? 1 : time( 0 ) - td->hstent->lastExit - td->openDelay; if (AutoLogon( tdiff )) { - if (!StrDup( &curtype, "classic" ) || !Verify( conv_auto, FALSE )) + if (!Verify( conv_auto, FALSE )) goto gcont; if (greeter) GSendInt( V_OK ); post-3.5.7-kdebase-konqueror-2.diff: konq_combo.cc | 3 +++ konq_mainwindow.cc | 7 ++----- konq_viewmgr.cc | 2 ++ 3 files changed, 7 insertions(+), 5 deletions(-) --- NEW FILE post-3.5.7-kdebase-konqueror-2.diff --- --- konqueror/konq_combo.cc +++ konqueror/konq_combo.cc @@ -158,6 +158,9 @@ void KonqCombo::setURL( const QString& u kapp->dcopClient()->send( "konqueror*", "KonquerorIface", "addToCombo(QString,QCString)", data); } + // important security consideration: always display the beginning + // of the url rather than its end to prevent spoofing attempts. + lineEdit()->setCursorPosition( 0 ); } void KonqCombo::setTemporary( const QString& text ) --- konqueror/konq_mainwindow.cc +++ konqueror/konq_mainwindow.cc @@ -611,12 +611,11 @@ void KonqMainWindow::openURL( KonqView * } else // no known serviceType, use KonqRun { - if ( ( view && view == m_currentView ) || - ( !view && !req.newTab ) ) // startup with argument + if ( ( !view || view->url().isEmpty() ) && !req.newTab ) // startup with argument { // Show it for now in the location bar, but we'll need to store it in the view // later on (can't do it yet since either view == 0 or updateHistoryEntry will be called). - kdDebug(1202) << "setLocationBarURL : url = " << url << endl; + kdDebug(1202) << "setLocationBarURL (startup) : url = " << url << endl; setLocationBarURL( url ); } @@ -819,8 +818,6 @@ bool KonqMainWindow::openView( QString s if ( childView ) { enableAllActions( true ); - - m_pViewManager->setActivePart( childView->part() ); m_currentView = childView; } } --- konqueror/konq_viewmgr.cc +++ konqueror/konq_viewmgr.cc @@ -1395,6 +1395,8 @@ void KonqViewManager::slotActivePartChan void KonqViewManager::emitActivePartChanged() { + // prevent unnecessary multiple calls to slotPartActivated: + m_activePartChangedTimer->stop(); m_pMainWindow->slotPartActivated( activePart() ); } Index: kdebase.spec =================================================================== RCS file: /cvs/dist/rpms/kdebase/FC-6/kdebase.spec,v retrieving revision 1.249 retrieving revision 1.250 diff -u -r1.249 -r1.250 --- kdebase.spec 2 Jul 2007 13:11:04 -0000 1.249 +++ kdebase.spec 2 Oct 2007 13:50:40 -0000 1.250 @@ -18,7 +18,7 @@ Summary: K Desktop Environment - core files Name: kdebase Version: 3.5.7 -Release: 0.2%{?dist} +Release: 1%{?dist} Epoch: 6 Url: http://www.kde.org Group: User Interface/Desktops @@ -60,6 +60,12 @@ Patch26: kdebase-3.5.5-suspend.patch Patch27: kdebase-3.5.7-bz#244906.patch +# security fixes +# CVE-2007-4224, CVE-2007-4225, CVE-2007-3820, Konqueror address bar spoofing +Patch500: post-3.5.7-kdebase-konqueror-2.diff +# CVE-2007-4569, kdm password-less login vulnerability +Patch501: post-3.5.7-kdebase-kdm.diff + Provides: %{name} = %{epoch}:%{version}-%{release}.%{_arch} Requires(post): /sbin/ldconfig @@ -179,6 +185,10 @@ %patch26 -p1 -b .suspend %patch27 -p1 -b .bz#244906 +# security fixes +%patch500 -p0 -b .CVE-2007-4224-CVE-2007-4225-CVE-2007-3820 +%patch501 -p0 -b .CVE-2007-4569 + %if %{rhel} rm -rf kdeprint/kdeprintfax perl -pi -e "s,kdeprintfax,," kdeprint/Makefile.am @@ -552,6 +562,10 @@ %exclude %{_libdir}/libkdeinit_*.so %changelog +* Tue Oct 02 2007 Than Ngo - 6:3.5.7-1.fc6 +- CVE-2007-4224, CVE-2007-4225, CVE-2007-3820 +- rh#299741, CVE-2007-4569 + * Mon Jul 02 2007 Than Ngo - 6:3.5.7-0.fc6.2 - fix #244906 From fedora-cvs-commits at redhat.com Tue Oct 2 14:34:26 2007 From: fedora-cvs-commits at redhat.com (fedora-cvs-commits at redhat.com) Date: Tue, 2 Oct 2007 10:34:26 -0400 Subject: rpms/kdelibs/FC-6 post-3.5.7-kdelibs-kdecore.diff, NONE, 1.1 kdelibs.spec, 1.208, 1.209 Message-ID: <200710021434.l92EYQp5005640@cvs.devel.redhat.com> Author: than Update of /cvs/dist/rpms/kdelibs/FC-6 In directory cvs.devel.redhat.com:/tmp/cvs-serv5623 Modified Files: kdelibs.spec Added Files: post-3.5.7-kdelibs-kdecore.diff Log Message: CVE-2007-4224, CVE-2007-3820 konqueror address bar spoofing post-3.5.7-kdelibs-kdecore.diff: kurl.cpp | 4 ++-- tests/kurltest.cpp | 19 +++++++++++++++++++ 2 files changed, 21 insertions(+), 2 deletions(-) --- NEW FILE post-3.5.7-kdelibs-kdecore.diff --- ------------------------------------------------------------------------ r700053 | mueller | 2007-08-14 18:37:30 +0200 (Tue, 14 Aug 2007) | 2 lines be more robust against addressbar spoofing (CVE-2007-4225) ------------------------------------------------------------------------ --- kdecore/tests/kurltest.cpp +++ kdecore/tests/kurltest.cpp @@ -288,6 +288,16 @@ int main(int argc, char *argv[]) check("KURL::prettyURL()", url15582.prettyURL(), "http://alain.knaff.linux.lu/bug-reports/kde/percentage%in%url.html"); check("KURL::url()", url15582.url(), "http://alain.knaff.linux.lu/bug-reports/kde/percentage%25in%25url.html"); + KURL whitespaceInUser("http://www.google.com%20%20%20%20%20 at foobar.com/"); + check("KURL::prettyURL()", whitespaceInUser.prettyURL(), "http://www.google.com%20%20%20%20%20 at foobar.com/"); + + KURL whitespaceInPath("http://www.google.com/foo%20bar/"); + check("KURL::prettyURL()", whitespaceInPath.prettyURL(), "http://www.google.com/foo bar/"); + + KURL whitespaceInPath2("http://www.google.com/foo%20%20%20%20%20%20%20bar/"); + check("KURL::prettyURL()", whitespaceInPath2.prettyURL(), + "http://www.google.com/foo%20%20%20%20%20%20 bar/"); + KURL carsten; carsten.setPath("/home/gis/src/kde/kdelibs/kfile/.#kfiledetailview.cpp.1.18"); check("KURL::path()", carsten.path(), "/home/gis/src/kde/kdelibs/kfile/.#kfiledetailview.cpp.1.18"); @@ -594,6 +604,15 @@ int main(int argc, char *argv[]) check("http: URL with empty path string path", waba1.path(), ""); + waba1 = "http://www.meinestadt.de&url_plain=http"; + check("http: URL with empty path string", waba1.host(), + "www.meinestadt.de&url_plain=http"); + check("http: URL with empty path string", waba1.htmlURL(), + "http://www.meinestadt.de&url_plain=http"); + + check("http: URL with empty path string", waba1.path(), + ""); + waba1 = "http://a:389#b=c"; check( "http: URL with port, ref, and empty path; url", waba1.url(), "http://a:389#b=c" ); check( "http: URL with port, ref, and empty path; host", waba1.host(), "a" ); --- kdecore/kurl.cpp +++ kdecore/kurl.cpp @@ -183,7 +183,7 @@ static QString lazy_encode( const QStrin (character == '?') || // Start of query delimiter ((character == '@') && encodeAt) || // Username delimiter (character == '#') || // Start of reference delimiter - ((character == 32) && (i+1 == old_length))) // A trailing space + ((character == 32) && (i+1 == old_length || segment[i+1] == ' '))) // A trailing space { new_segment[ new_length++ ] = '%'; @@ -1540,7 +1540,7 @@ QString KURL::prettyURL( int _trailing ) u += "//"; if ( hasUser() ) { - u += lazy_encode(m_strUser); + u += encode(m_strUser, 0, 0); // Don't show password! u += "@"; } Index: kdelibs.spec =================================================================== RCS file: /cvs/dist/rpms/kdelibs/FC-6/kdelibs.spec,v retrieving revision 1.208 retrieving revision 1.209 diff -u -r1.208 -r1.209 --- kdelibs.spec 6 Jun 2007 14:21:34 -0000 1.208 +++ kdelibs.spec 2 Oct 2007 14:34:24 -0000 1.209 @@ -17,7 +17,7 @@ %define arts 1 Version: 3.5.7 -Release: 0.1%{?dist} +Release: 1%{?dist} Summary: K Desktop Environment - Libraries Name: kdelibs Url: http://www.kde.org/ @@ -50,7 +50,11 @@ Patch43: kdelibs-3.5.6-lang.patch # upstream patches -Patch505: kdelibs-3.5.7-kde#146105.patch +Patch100: kdelibs-3.5.7-kde#146105.patch + +# security patches +# CVE-2007-4224, CVE-2007-3820 konqueror address bar spoofing +Patch500: post-3.5.7-kdelibs-kdecore.diff Requires: arts >= %{arts_epoch}:%{arts_version} Requires: qt >= %{qt_epoch}:%{qt_version} @@ -179,7 +183,11 @@ %patch43 -p1 -b .lang # upstream patches -%patch505 -p0 -b .kde#146105 +%patch100 -p0 -b .kde#146105 + +# security patches +%patch500 -p0 -b .CVE-2007-4224-CVE-2007-3820 + perl -pi -e "s,^#define KDE_VERSION_STRING .*,#define KDE_VERSION_STRING \"%{version}-%{release} %{distname}\"," kdecore/kdeversion.h @@ -396,6 +404,9 @@ %doc %{_docdir}/HTML/en/kdelibs* %changelog +* Tue Oct 02 2007 Than Ngo - 6:3.5.7-1.fc6 +- CVE-2007-4224, CVE-2007-3820 konqueror address bar spoofing + * Tue Jun 05 2007 Than Ngo - 6:3.5.7-0.1.fc6 - 3.5.7 From fedora-cvs-commits at redhat.com Tue Oct 2 15:32:27 2007 From: fedora-cvs-commits at redhat.com (fedora-cvs-commits at redhat.com) Date: Tue, 2 Oct 2007 11:32:27 -0400 Subject: rpms/tzdata/FC-6 .cvsignore, 1.34, 1.35 sources, 1.36, 1.37 tzdata.spec, 1.44, 1.45 Message-ID: <200710021532.l92FWR2B008996@cvs.devel.redhat.com> Author: pmachata Update of /cvs/dist/rpms/tzdata/FC-6 In directory cvs.devel.redhat.com:/tmp/cvs-serv8978 Modified Files: .cvsignore sources tzdata.spec Log Message: - Upstream 2007h - Brazil will observe DST from 2007-10-14 to 2008-02-17 - Egypt and Gaza switched earlier than we expected - Iran will resume DST next year - Venezuela is scheduled to change TZ to -4:30 on January 1 Index: .cvsignore =================================================================== RCS file: /cvs/dist/rpms/tzdata/FC-6/.cvsignore,v retrieving revision 1.34 retrieving revision 1.35 diff -u -r1.34 -r1.35 --- .cvsignore 23 Aug 2007 11:19:38 -0000 1.34 +++ .cvsignore 2 Oct 2007 15:32:25 -0000 1.35 @@ -1,3 +1,3 @@ -tzcode2007g.tar.gz -tzdata2007g.tar.gz tzdata-base-0.tar.bz2 +tzdata2007h.tar.gz +tzcode2007h.tar.gz Index: sources =================================================================== RCS file: /cvs/dist/rpms/tzdata/FC-6/sources,v retrieving revision 1.36 retrieving revision 1.37 diff -u -r1.36 -r1.37 --- sources 23 Aug 2007 11:19:38 -0000 1.36 +++ sources 2 Oct 2007 15:32:25 -0000 1.37 @@ -1,3 +1,3 @@ -a5da1f7650c541fa61f9ddd0c10b5332 tzcode2007g.tar.gz -04152531a69c07b6cb08bacfd425aae1 tzdata2007g.tar.gz 906a4c98cc5240f416524a256b039c42 tzdata-base-0.tar.bz2 +da8b4fb3abd4f1403b0bd2a4675a91ab tzdata2007h.tar.gz +e3d9b770e2a74bcddb6aac57f699c961 tzcode2007h.tar.gz Index: tzdata.spec =================================================================== RCS file: /cvs/dist/rpms/tzdata/FC-6/tzdata.spec,v retrieving revision 1.44 retrieving revision 1.45 diff -u -r1.44 -r1.45 --- tzdata.spec 23 Aug 2007 11:19:38 -0000 1.44 +++ tzdata.spec 2 Oct 2007 15:32:25 -0000 1.45 @@ -1,6 +1,6 @@ Summary: Timezone data Name: tzdata -Version: 2007g +Version: 2007h %define tzdata_version %{version} %define tzcode_version %{version} Release: 1%{?dist} @@ -52,6 +52,13 @@ %doc tzcode%{tzcode_version}/tz-link.html %changelog +* Tue Oct 2 2007 Petr Machata - 2007h-1 +- Upstream 2007h + - Brazil will observe DST from 2007-10-14 to 2008-02-17 + - Egypt and Gaza switched earlier than we expected + - Iran will resume DST next year + - Venezuela is scheduled to change TZ to -4:30 on January 1 + * Thu Aug 23 2007 Petr Machata - 2007g-1 - Fix licensing tag. - Upstream 2007g From fedora-cvs-commits at redhat.com Tue Oct 2 17:21:19 2007 From: fedora-cvs-commits at redhat.com (fedora-cvs-commits at redhat.com) Date: Tue, 2 Oct 2007 13:21:19 -0400 Subject: rpms/openais/FC-6 revision-1426.patch, NONE, 1.1 revision-1446.patch, NONE, 1.1 revision-1449.patch, NONE, 1.1 revision-1450.patch, NONE, 1.1 revision-1453.patch, NONE, 1.1 revision-1455.patch, NONE, 1.1 revision-1464.patch, NONE, 1.1 openais.spec, 1.27, 1.28 Message-ID: <200710021721.l92HLJo8014236@cvs.devel.redhat.com> Author: sdake Update of /cvs/dist/rpms/openais/FC-6 In directory cvs.devel.redhat.com:/tmp/cvs-serv14200/FC-6 Modified Files: openais.spec Added Files: revision-1426.patch revision-1446.patch revision-1449.patch revision-1450.patch revision-1453.patch revision-1455.patch revision-1464.patch Log Message: auto-import openais-0.80.3-6.fc6 on branch FC-6 from openais-0.80.3-6.fc6.src.rpm revision-1426.patch: totemsrp.c | 59 ++++++++++++++++++++++++++++++++++------------------------- 1 files changed, 34 insertions(+), 25 deletions(-) --- NEW FILE revision-1426.patch --- Index: exec/totemsrp.c =================================================================== --- exec/totemsrp.c (revision 1423) +++ exec/totemsrp.c (revision 1426) @@ -138,6 +138,11 @@ MESSAGE_TYPE_TOKEN_HOLD_CANCEL = 5, /* cancel the holding of the token */ }; +enum encapsulation_type { + MESSAGE_ENCAPSULATED = 1, + MESSAGE_NOT_ENCAPSULATED = 2 +}; + /* * New membership algorithm local variables */ @@ -673,7 +678,10 @@ { struct totemsrp_instance *instance; unsigned int res; +struct orf_token suck; +printf ("%p %p size is %d %d\n", &suck, &suck.rtr_list[0], sizeof (struct orf_token), (sizeof (struct rtr_item) * RETRANSMIT_ENTRIES_MAX)); +exit (1); res = hdb_handle_create (&totemsrp_instance_database, sizeof (struct totemsrp_instance), handle); if (res != 0) { @@ -1891,8 +1899,9 @@ sizeof (struct mcast)); memcpy (&message_item.mcast->ring_id, &instance->my_ring_id, sizeof (struct memb_ring_id)); - message_item.mcast->header.encapsulated = 1; + message_item.mcast->header.encapsulated = MESSAGE_ENCAPSULATED; message_item.mcast->header.nodeid = instance->my_id.addr[0].nodeid; + message_item.mcast->header.endian_detector = ENDIAN_LOCAL; assert (message_item.mcast->header.nodeid); message_item.iov_len = sort_queue_item->iov_len; memcpy (&message_item.iovec, &sort_queue_item->iovec, @@ -1987,7 +1996,7 @@ */ message_item.mcast->header.type = MESSAGE_TYPE_MCAST; message_item.mcast->header.endian_detector = ENDIAN_LOCAL; - message_item.mcast->header.encapsulated = 2; + message_item.mcast->header.encapsulated = MESSAGE_NOT_ENCAPSULATED; message_item.mcast->header.nodeid = instance->my_id.addr[0].nodeid; assert (message_item.mcast->header.nodeid); @@ -2558,14 +2567,14 @@ orf_token.token_seq = SEQNO_START_TOKEN; orf_token.retrans_flg = 1; instance->my_set_retrans_flg = 1; -/* + if (queue_is_empty (&instance->retrans_message_queue) == 1) { orf_token.retrans_flg = 0; + instance->my_set_retrans_flg = 0; } else { orf_token.retrans_flg = 1; instance->my_set_retrans_flg = 1; } -*/ orf_token.aru = 0; orf_token.aru = SEQNO_START_MSG - 1; @@ -2601,6 +2610,9 @@ * TODO high delivered is really instance->my_aru, but with safe this * could change? */ + instance->my_received_flg = + (instance->my_aru == instance->my_high_seq_received); + memb_list[commit_token->memb_index].high_delivered = instance->my_high_delivered; memb_list[commit_token->memb_index].received_flg = instance->my_received_flg; @@ -3084,7 +3096,6 @@ unsigned int mcasted_retransmit; unsigned int mcasted_regular; unsigned int last_aru; - unsigned int low_water; #ifdef GIVEINFO struct timeval tv_current; @@ -3278,13 +3289,7 @@ * has recovered all messages it can recover * (ie: its retrans queue is empty) */ - low_water = instance->my_aru; - if (sq_lt_compare (last_aru, low_water)) { - low_water = last_aru; - } -// TODO is this code right - if (queue_is_empty (&instance->retrans_message_queue) == 0 || - low_water != instance->my_high_seq_received) { + if (queue_is_empty (&instance->retrans_message_queue) == 0) { if (token->retrans_flg == 0) { token->retrans_flg = 1; @@ -3295,10 +3300,10 @@ token->retrans_flg = 0; } log_printf (instance->totemsrp_log_level_debug, - "token retrans flag is %d my set retrans flag%d retrans queue empty %d count %d, low_water %x aru %x\n", + "token retrans flag is %d my set retrans flag%d retrans queue empty %d count %d, aru %x\n", token->retrans_flg, instance->my_set_retrans_flg, queue_is_empty (&instance->retrans_message_queue), - instance->my_retrans_flg_count, low_water, token->aru); + instance->my_retrans_flg_count, token->aru); if (token->retrans_flg == 0) { instance->my_retrans_flg_count += 1; } else { @@ -3310,13 +3315,16 @@ log_printf (instance->totemsrp_log_level_debug, "install seq %x aru %x high seq received %x\n", instance->my_install_seq, instance->my_aru, instance->my_high_seq_received); - if (instance->my_retrans_flg_count >= 2 && instance->my_aru >= instance->my_install_seq && instance->my_received_flg == 0) { + if (instance->my_retrans_flg_count >= 2 && + instance->my_received_flg == 0 && + sq_lte_compare (instance->my_install_seq, instance->my_aru)) { instance->my_received_flg = 1; instance->my_deliver_memb_entries = instance->my_trans_memb_entries; memcpy (instance->my_deliver_memb_list, instance->my_trans_memb_list, sizeof (struct totem_ip_address) * instance->my_trans_memb_entries); } - if (instance->my_retrans_flg_count >= 3 && token->aru >= instance->my_install_seq) { + if (instance->my_retrans_flg_count >= 3 && + sq_lte_compare (instance->my_install_seq, token->aru)) { instance->my_rotation_counter += 1; } else { instance->my_rotation_counter = 0; @@ -3515,18 +3523,12 @@ memcpy (&mcast_header, msg, sizeof (struct mcast)); } -/* - if (mcast_header.header.encapsulated == 1) { + if (mcast_header.header.encapsulated == MESSAGE_ENCAPSULATED) { sort_queue = &instance->recovery_sort_queue; } else { sort_queue = &instance->regular_sort_queue; } -*/ - if (instance->memb_state == MEMB_STATE_RECOVERY) { - sort_queue = &instance->recovery_sort_queue; - } else { - sort_queue = &instance->regular_sort_queue; - } + assert (msg_len < FRAME_SIZE_MAX); #ifdef TEST_DROP_MCAST_PERCENTAGE @@ -3853,6 +3855,8 @@ out->header.type = in->header.type; out->header.endian_detector = ENDIAN_LOCAL; out->header.nodeid = swab32 (in->header.nodeid); + out->header.encapsulated = in->header.encapsulated; + out->seq = swab32 (in->seq); out->this_seqno = swab32 (in->this_seqno); totemip_copy_endian_convert(&out->ring_id.rep, &in->ring_id.rep); @@ -4051,7 +4055,12 @@ log_printf (instance->totemsrp_log_level_security, "Received message is too short... ignoring %d.\n", msg_len); return; } - + + if ((int)message_header->type >= totemsrp_message_handlers.count) { + log_printf (instance->totemsrp_log_level_security, "Type of received message is wrong... ignoring %d.\n", (int)message_header->type); + return; + } + /* * Handle incoming message */ revision-1446.patch: totemsrp.c | 3 --- 1 files changed, 3 deletions(-) --- NEW FILE revision-1446.patch --- Index: exec/totemsrp.c =================================================================== --- exec/totemsrp.c (revision 1426) +++ exec/totemsrp.c (revision 1446) @@ -678,10 +678,7 @@ { struct totemsrp_instance *instance; unsigned int res; -struct orf_token suck; -printf ("%p %p size is %d %d\n", &suck, &suck.rtr_list[0], sizeof (struct orf_token), (sizeof (struct rtr_item) * RETRANSMIT_ENTRIES_MAX)); -exit (1); res = hdb_handle_create (&totemsrp_instance_database, sizeof (struct totemsrp_instance), handle); if (res != 0) { revision-1449.patch: main.c | 26 ++++++++++++++++++++------ service.c | 2 +- service.h | 1 + sync.c | 6 +++--- 4 files changed, 25 insertions(+), 10 deletions(-) --- NEW FILE revision-1449.patch --- Index: exec/service.c =================================================================== --- exec/service.c (revision 1446) +++ exec/service.c (revision 1449) @@ -87,7 +87,7 @@ } }; -struct openais_service_handler *ais_service[128]; +struct openais_service_handler *ais_service[SERVICE_HANDLER_MAXIMUM_COUNT]; /* * Adds a service handler to the object database Index: exec/service.h =================================================================== --- exec/service.h (revision 1446) +++ exec/service.h (revision 1449) @@ -44,6 +44,7 @@ #endif #define SERVICE_ID_MAKE(a,b) ( ((a)<<16) | (b) ) +#define SERVICE_HANDLER_MAXIMUM_COUNT 64 enum openais_flow_control { OPENAIS_FLOW_CONTROL_REQUIRED = 1, Index: exec/sync.c =================================================================== --- exec/sync.c (revision 1446) +++ exec/sync.c (revision 1449) @@ -198,9 +198,10 @@ { int res; -// TODO rewrite this to get rid of the for (;;) for (;;) { - res = sync_callbacks_retrieve (sync_recovery_index, &sync_callbacks); + res = sync_callbacks_retrieve (sync_recovery_index, + &sync_callbacks); + /* * No more service handlers have sync callbacks at this time ` */ @@ -418,7 +419,6 @@ log_printf (LOG_LEVEL_DEBUG, "Committing synchronization for (%s)\n", sync_callbacks.name); - } /* Index: exec/main.c =================================================================== --- exec/main.c (revision 1446) +++ exec/main.c (revision 1449) @@ -175,15 +175,29 @@ static int openais_sync_callbacks_retrieve (int sync_id, struct sync_callbacks *callbacks) { - if (ais_service[sync_id] == NULL) { + unsigned int ais_service_index; + unsigned int ais_services_found = 0; + + for (ais_service_index = 0; + ais_service_index < SERVICE_HANDLER_MAXIMUM_COUNT; + ais_service_index++) { + + if (ais_service[ais_service_index] != NULL) { + if (ais_services_found == sync_id) { + break; + } + ais_services_found += 1; + } + } + if (ais_service_index == SERVICE_HANDLER_MAXIMUM_COUNT) { memset (callbacks, 0, sizeof (struct sync_callbacks)); return (-1); } - callbacks->name = ais_service[sync_id]->name; - callbacks->sync_init = ais_service[sync_id]->sync_init; - callbacks->sync_process = ais_service[sync_id]->sync_process; - callbacks->sync_activate = ais_service[sync_id]->sync_activate; - callbacks->sync_abort = ais_service[sync_id]->sync_abort; + callbacks->name = ais_service[ais_service_index]->name; + callbacks->sync_init = ais_service[ais_service_index]->sync_init; + callbacks->sync_process = ais_service[ais_service_index]->sync_process; + callbacks->sync_activate = ais_service[ais_service_index]->sync_activate; + callbacks->sync_abort = ais_service[ais_service_index]->sync_abort; return (0); } revision-1450.patch: Makefile | 10 ++++++++-- lcr_ifact.c | 43 +++++++++++++++++++++++++------------------ test.c | 4 ++-- 3 files changed, 35 insertions(+), 22 deletions(-) --- NEW FILE revision-1450.patch --- Index: lcr/test.c =================================================================== --- lcr/test.c (revision 1449) +++ lcr/test.c (revision 1450) @@ -87,7 +87,7 @@ (void *)0xaaaa1111); assert (res == 0); - a_iface_ver1 = (struct iface *)a_iface_ver0_p; + a_iface_ver1 = (struct iface *)a_iface_ver1_p; res = lcr_ifact_reference ( &b_ifact_handle_ver1, @@ -97,7 +97,7 @@ (void *)0xbbbb1111); assert (res == 0); - b_iface_ver1 = (struct iface *)b_iface_ver0_p; + b_iface_ver1 = (struct iface *)b_iface_ver1_p; a_iface_ver0->func1(); a_iface_ver0->func2(); Index: lcr/lcr_ifact.c =================================================================== --- lcr/lcr_ifact.c (revision 1449) +++ lcr/lcr_ifact.c (revision 1450) @@ -45,6 +45,7 @@ struct lcr_component_instance { struct lcr_iface *ifaces; int iface_count; + unsigned int comp_handle; void *dl_handle; int refcount; char library_name[256]; @@ -68,7 +69,7 @@ .iterator = 0 }; -static unsigned int g_component_handle; +static unsigned int g_component_handle = 0xFFFFFFFF; #ifdef OPENAIS_LINUX static int lcr_select_so (const struct dirent *dirent) @@ -170,7 +171,6 @@ res = getcwd (cwd, sizeof (cwd)); if (res != NULL) { - strcat (cwd, "/"); path_list[0] = strdup (cwd); path_list_entries++; } @@ -291,6 +291,8 @@ } dl_handle = dlopen (dl_name, RTLD_LAZY); if (dl_handle == NULL) { + fprintf (stderr, "LCR error loading plugin: %s\n", + dlerror()); continue; } instance = lcr_comp_find (iface_name, version, iface_number); @@ -301,8 +303,8 @@ } /* - * No matching interfaces found, try next shared object - */ + * No matching interfaces found, try next shared object + */ if (g_component_handle != 0xFFFFFFFF) { hdb_handle_destroy (&lcr_component_instance_database, g_component_handle); @@ -349,20 +351,20 @@ // TODO error checking in this code is weak /* - * Find all *.lcrso files in search paths + * Search through all lcrso files for desired interface */ for (i = 0; i < path_list_entries; i++) { - res = interface_find_and_load ( - path_list[i], - iface_name, - version, - &instance, - &iface_number); + res = interface_find_and_load ( + path_list[i], + iface_name, + version, + &instance, + &iface_number); - if (res == 0) { - goto found; + if (res == 0) { + goto found; + } } - } /* * No matching interfaces found in all shared objects @@ -379,9 +381,10 @@ iface_handle); hdb_handle_get (&lcr_iface_instance_database, *iface_handle, (void *)&iface_instance); - iface_instance->component_handle = g_component_handle; + iface_instance->component_handle = instance->comp_handle; iface_instance->context = context; iface_instance->destructor = instance->ifaces[iface_number].destructor; + hdb_handle_put (&lcr_iface_instance_database, *iface_handle); return (0); } @@ -408,17 +411,21 @@ void lcr_component_register (struct lcr_comp *comp) { struct lcr_component_instance *instance; + static unsigned int comp_handle; hdb_handle_create (&lcr_component_instance_database, sizeof (struct lcr_component_instance), - &g_component_handle); + &comp_handle); hdb_handle_get (&lcr_component_instance_database, - g_component_handle, (void *)&instance); + comp_handle, (void *)&instance); instance->ifaces = comp->ifaces; instance->iface_count = comp->iface_count; + instance->comp_handle = comp_handle; instance->dl_handle = NULL; hdb_handle_put (&lcr_component_instance_database, - g_component_handle); + comp_handle); + + g_component_handle = comp_handle; } Index: lcr/Makefile =================================================================== --- lcr/Makefile (revision 1449) +++ lcr/Makefile (revision 1450) @@ -27,7 +27,7 @@ include ../Makefile.inc CFLAGS += -I../include -LDFLAGS += -L./ ${DYFLAGS} +override LDFLAGS += ${DYFLAGS} ifeq (${OPENAIS_COMPAT}, LINUX) LDFLAGS += -ldl @@ -57,7 +57,7 @@ endif test: test.o uis.o lcr_ifact.o - $(CC) $(LDFLAGS) test.o lcr_ifact.o uis.o -lpthread -o test + $(CC) $(LDFLAGS) -fPIC test.o lcr_ifact.o uis.o -lpthread -o test test_static: test.o libtest_a.o libtest_b.o uis.o lcr_ifact.o $(CC) $(LDFLAGS) test.o libtest_a.o libtest_b.o lcr_ifact.o -o test_static @@ -71,6 +71,12 @@ libtest_b.o: libtest_b.c $(CC) $(CFLAGS) $(CPPFLAGS) -fPIC -c -o $@ $(*F).c +lcr_ifact.o: lcr_ifact.c + $(CC) $(CFLAGS) $(CPPFLAGS) -fPIC -c -o $@ $(*F).c + +test.o: test.c + $(CC) $(CFLAGS) $(CPPFLAGS) -fPIC -c -o $@ $(*F).c + clean: rm -f test libtest.so* *.o uic liblcr.so* liblcr.a *.lcrso *.da *.ba *.bb *.bbg \ test_static revision-1453.patch: amfcomp.c | 9 ++++++--- 1 files changed, 6 insertions(+), 3 deletions(-) --- NEW FILE revision-1453.patch --- Index: exec/amfcomp.c =================================================================== --- exec/amfcomp.c (revision 1450) +++ exec/amfcomp.c (revision 1453) @@ -1129,11 +1129,14 @@ if (comp->saAmfCompPresenceState == SA_AMF_PRESENCE_RESTARTING) { comp_presence_state_set (comp, SA_AMF_PRESENCE_INSTANTIATED); - } else if (comp->saAmfCompPresenceState == SA_AMF_PRESENCE_INSTANTIATING) { + } else + if (comp->saAmfCompPresenceState == SA_AMF_PRESENCE_INSTANTIATING) { amf_comp_operational_state_set (comp, SA_AMF_OPERATIONAL_ENABLED); comp_presence_state_set (comp, SA_AMF_PRESENCE_INSTANTIATED); - } - else { + } else + if (comp->saAmfCompPresenceState == SA_AMF_PRESENCE_UNINSTANTIATED) { + return SA_AIS_ERR_INVALID_PARAM; + } else { assert (0); } revision-1455.patch: totemsrp.c | 10 +++++----- 1 files changed, 5 insertions(+), 5 deletions(-) --- NEW FILE revision-1455.patch --- Index: exec/totemsrp.c =================================================================== --- exec/totemsrp.c (revision 1453) +++ exec/totemsrp.c (revision 1455) @@ -1779,15 +1779,10 @@ /* * Build regular configuration */ - instance->my_new_memb_entries = commit_token->addr_entries; - totemrrp_processor_count_set ( instance->totemrrp_handle, commit_token->addr_entries); - memcpy (instance->my_new_memb_list, addr, - sizeof (struct srp_addr) * instance->my_new_memb_entries); - /* * Build transitional configuration */ @@ -2598,6 +2593,11 @@ addr = (struct srp_addr *)commit_token->end_of_commit_token; memb_list = (struct memb_commit_token_memb_entry *)(addr + commit_token->addr_entries); + memcpy (instance->my_new_memb_list, addr, + sizeof (struct srp_addr) * commit_token->addr_entries); + + instance->my_new_memb_entries = commit_token->addr_entries; + memcpy (&memb_list[commit_token->memb_index].ring_id, &instance->my_old_ring_id, sizeof (struct memb_ring_id)); assert (!totemip_zero_check(&instance->my_old_ring_id.rep)); revision-1464.patch: timer.c | 4 ++-- 1 files changed, 2 insertions(+), 2 deletions(-) --- NEW FILE revision-1464.patch --- Index: exec/timer.c =================================================================== --- exec/timer.c (revision 1455) +++ exec/timer.c (revision 1464) @@ -177,7 +177,7 @@ int res; int unlock; - if (pthread_equal (pthread_self(), expiry_thread) == 0) { + if (pthread_equal (pthread_self(), expiry_thread) != 0) { unlock = 0; } else { unlock = 1; @@ -209,7 +209,7 @@ int res; int unlock; - if (pthread_equal (pthread_self(), expiry_thread) == 0) { + if (pthread_equal (pthread_self(), expiry_thread) != 0) { unlock = 0; } else { unlock = 1; Index: openais.spec =================================================================== RCS file: /cvs/dist/rpms/openais/FC-6/openais.spec,v retrieving revision 1.27 retrieving revision 1.28 diff -u -r1.27 -r1.28 --- openais.spec 28 Aug 2007 16:05:25 -0000 1.27 +++ openais.spec 2 Oct 2007 17:21:17 -0000 1.28 @@ -1,7 +1,7 @@ Name: openais Summary: The openais Standards-Based Cluster Framework executive and APIs Version: 0.80.3 -Release: 4%{?dist} +Release: 6%{?dist} License: BSD Group: System Environment/Base URL: http://developer.osdl.org/dev/openais/ @@ -12,6 +12,13 @@ Patch3: revision-1408.patch Patch4: revision-1409.patch Patch5: revision-1423.patch +Patch6: revision-1426.patch +Patch7: revision-1446.patch +Patch8: revision-1449.patch +Patch9: revision-1450.patch +Patch9: revision-1453.patch +Patch10: revision-1455.patch +Patch11: revision-1464.patch BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) ExclusiveArch: i386 ppc x86_64 ppc64 ia64 s390 s390x alpha @@ -42,6 +49,12 @@ %patch3 %patch4 %patch5 +%patch6 +%patch7 +%patch8 +%patch9 +%patch10 +%patch11 %build # -O3 required for performance reasons @@ -180,6 +193,19 @@ %{_mandir}/man3/evs_membership_get.3* %changelog +* Tue Oct 2 2007 Steven Dake - 0.80.3-6 +- Resolved: rhbz#314641 +- Add upstream revision 1464 - Fix schedule of timer within the same thread to prevent deadlock + +* Mon Sep 24 2007 Steven Dake - 0.80.3-5 +- Resolves: rhbz#302341 +- Add upstream revision 1455 - Fix loss of node joins in commit state resulting in looping of membership protocol. +- Add upstream revision 1453 - Fix assertion if component registration occurs during certain phases of instantation. +- Add upstream revision 1450 - Fix reference counting in lcr code so that lcr_ifact_release works properly. +- Add upstream revision 1449 - Allow missing services in synchronization to not cause a segfault.k +- Add upstream revision 1446 - Remove inadvertant commit of changes to totemsrp which happened when security changes were patched in revision 1426. +- Add upstream revision 1426 - Patch to log security warnings when invalid identifier is used in message header for a totem header. + * Tue Aug 28 2007 Steven Dake - 0.80.3-4 - Resolves: rhbz#251082 - Add upstream revision 1423 - Fix synchronization defect resulting in segfault. From fedora-cvs-commits at redhat.com Thu Oct 4 13:55:45 2007 From: fedora-cvs-commits at redhat.com (fedora-cvs-commits at redhat.com) Date: Thu, 4 Oct 2007 09:55:45 -0400 Subject: rpms/postfix/FC-6 postfix-2.4.0-cyrus.patch, NONE, 1.1 .cvsignore, 1.22, 1.23 postfix-etc-init.d-postfix, 1.9, 1.10 postfix-sasl.conf, 1.1, 1.2 postfix.spec, 1.48, 1.49 sources, 1.22, 1.23 Message-ID: <200710041355.l94DtjuW007218@cvs.devel.redhat.com> Author: twoerner Update of /cvs/dist/rpms/postfix/FC-6 In directory cvs.devel.redhat.com:/tmp/cvs-serv7123 Modified Files: .cvsignore postfix-etc-init.d-postfix postfix-sasl.conf postfix.spec sources Added Files: postfix-2.4.0-cyrus.patch Log Message: - FC-6 version of postfix-2.4.5-2.fc8 without glibc-2.6.90+ fixes and lsb header postfix-2.4.0-cyrus.patch: main.cf | 27 ++++++++++++++++++++++++--- 1 files changed, 24 insertions(+), 3 deletions(-) --- NEW FILE postfix-2.4.0-cyrus.patch --- --- postfix-2.2.5/conf/main.cf.cyrus 2005-11-11 14:57:34.000000000 +0100 +++ postfix-2.2.5/conf/main.cf 2005-11-11 14:58:09.000000000 +0100 @@ -452,7 +452,29 @@ # the main.cf file, otherwise the SMTP server will reject mail for # non-UNIX accounts with "User unknown in local recipient table". # -#mailbox_transport = lmtp:unix:/file/name +#mailbox_transport = lmtp:unix:/var/lib/imap/socket/lmtp + +# If using the cyrus-imapd IMAP server deliver local mail to the IMAP +# server using LMTP (Local Mail Transport Protocol), this is prefered +# over the older cyrus deliver program by setting the +# mailbox_transport as below: +# +# mailbox_transport = lmtp:unix:/var/lib/imap/socket/lmtp +# +# The efficiency of LMTP delivery for cyrus-imapd can be enhanced via +# these settings. +# +# local_destination_recipient_limit = 300 +# local_destination_concurrency_limit = 5 +# +# Of course you should adjust these settings as appropriate for the +# capacity of the hardware you are using. The recipient limit setting +# can be used to take advantage of the single instance message store +# capability of Cyrus. The concurrency limit can be used to control +# how many simultaneous LMTP sessions will be permitted to the Cyrus +# message store. +# +# To use the old cyrus deliver program you have to set: #mailbox_transport = cyrus # The fallback_transport specifies the optional transport in master.cf @@ -469,8 +491,7 @@ # the main.cf file, otherwise the SMTP server will reject mail for # non-UNIX accounts with "User unknown in local recipient table". # -#fallback_transport = lmtp:unix:/file/name -#fallback_transport = cyrus +#fallback_transport = lmtp:unix:/var/lib/imap/socket/lmtp #fallback_transport = # The luser_relay parameter specifies an optional destination address Index: .cvsignore =================================================================== RCS file: /cvs/dist/rpms/postfix/FC-6/.cvsignore,v retrieving revision 1.22 retrieving revision 1.23 diff -u -r1.22 -r1.23 --- .cvsignore 1 Sep 2006 15:01:30 -0000 1.22 +++ .cvsignore 4 Oct 2007 13:55:43 -0000 1.23 @@ -4,3 +4,4 @@ postfix-2.3.1.tar.gz postfix-2.3.2.tar.gz postfix-2.3.3.tar.gz +postfix-2.4.5.tar.gz Index: postfix-etc-init.d-postfix =================================================================== RCS file: /cvs/dist/rpms/postfix/FC-6/postfix-etc-init.d-postfix,v retrieving revision 1.9 retrieving revision 1.10 diff -u -r1.9 -r1.10 --- postfix-etc-init.d-postfix 11 Nov 2005 14:06:11 -0000 1.9 +++ postfix-etc-init.d-postfix 4 Oct 2007 13:55:43 -0000 1.10 @@ -2,7 +2,7 @@ # # postfix Postfix Mail Transfer Agent # -# chkconfig: 2345 80 30 +# chkconfig: - 80 30 # description: Postfix is a Mail Transport Agent, which is the program \ # that moves mail from one machine to another. # processname: master @@ -22,17 +22,22 @@ # Source networking configuration. . /etc/sysconfig/network -# Check that networking is up. -[ ${NETWORKING} = "no" ] && exit 0 - -[ -x /usr/sbin/postfix ] || exit 0 -[ -d /etc/postfix ] || exit 0 -[ -d /var/spool/postfix ] || exit 0 - RETVAL=0 prog="postfix" +status master >/dev/null 2>&1 +running=$? + +conf_check() { + [ -x /usr/sbin/postfix ] || exit 5 + [ -d /etc/postfix ] || exit 6 + [ -d /var/spool/postfix ] || exit 5 +} + start() { + # Check that networking is up. + [ ${NETWORKING} = "no" ] && exit 1 + conf_check # Start daemons. echo -n $"Starting postfix: " /usr/bin/newaliases >/dev/null 2>&1 @@ -44,6 +49,7 @@ } stop() { + conf_check # Stop daemons. echo -n $"Shutting down postfix: " /usr/sbin/postfix stop 2>/dev/null 1>&2 && success || failure $"$prog stop" @@ -54,6 +60,7 @@ } reload() { + conf_check echo -n $"Reloading postfix: " /usr/sbin/postfix reload 2>/dev/null 1>&2 && success || failure $"$prog reload" RETVAL=$? @@ -62,38 +69,39 @@ } abort() { + conf_check /usr/sbin/postfix abort 2>/dev/null 1>&2 && success || failure $"$prog abort" return $? } flush() { + conf_check /usr/sbin/postfix flush 2>/dev/null 1>&2 && success || failure $"$prog flush" return $? } check() { + conf_check /usr/sbin/postfix check 2>/dev/null 1>&2 && success || failure $"$prog check" return $? } -restart() { - stop - start -} - # See how we were called. case "$1" in start) + [ $running -eq 0 ] && exit 0 start ;; stop) + [ $running -eq 0 ] || exit 0 stop ;; - restart) + restart|force-reload) stop start ;; reload) + [ $running -eq 0 ] || exit 7 reload ;; abort) @@ -109,11 +117,13 @@ status master ;; condrestart) - [ -f /var/lock/subsys/postfix ] && restart || : + [ $running -eq 0 ] || exit 0 + stop + start ;; *) echo $"Usage: $0 {start|stop|restart|reload|abort|flush|check|status|condrestart}" - exit 1 + exit 2 esac exit $? Index: postfix-sasl.conf =================================================================== RCS file: /cvs/dist/rpms/postfix/FC-6/postfix-sasl.conf,v retrieving revision 1.1 retrieving revision 1.2 diff -u -r1.1 -r1.2 --- postfix-sasl.conf 9 Sep 2004 10:37:31 -0000 1.1 +++ postfix-sasl.conf 4 Oct 2007 13:55:43 -0000 1.2 @@ -1 +1,2 @@ pwcheck_method: saslauthd +mech_list: plain login Index: postfix.spec =================================================================== RCS file: /cvs/dist/rpms/postfix/FC-6/postfix.spec,v retrieving revision 1.48 retrieving revision 1.49 diff -u -r1.48 -r1.49 --- postfix.spec 1 Sep 2006 16:29:14 -0000 1.48 +++ postfix.spec 4 Oct 2007 13:55:43 -0000 1.49 @@ -1,5 +1,6 @@ %define LDAP 2 %define MYSQL 0 +%define PGSQL 0 %define PCRE 1 %define SASL 2 %define TLS 1 @@ -7,12 +8,7 @@ %define POSTDROP_GID 90 %define PFLOGSUMM 1 -# On Redhat 8.0.1 and earlier, LDAP is compiled with SASL V1 and won't work -# if postfix is compiled with SASL V2. So we drop to SASL V1 if LDAP is -# requested but use the preferred SASL V2 if LDAP is not requested. -# Sometime soon LDAP will build agains SASL V2 and this won't be needed. - -%if %{LDAP} <= 1 && %{SASL} >= 2 +%if %{LDAP} == 1 && %{SASL} >= 2 %undefine SASL %define SASL 1 %endif @@ -24,35 +20,38 @@ # Postfix requires one exlusive uid/gid and a 2nd exclusive gid for its own # use. Let me know if the second gid collides with another package. # Be careful: Redhat's 'mail' user & group isn't unique! -%define postfix_uid 89 -%define postfix_user postfix -%define postfix_gid 89 -%define postfix_group postfix -%define postdrop_group postdrop -%define maildrop_group %{postdrop_group} -%define maildrop_gid %{POSTDROP_GID} - -%define postfix_config_dir %{_sysconfdir}/postfix -%define postfix_daemon_dir %{_libexecdir}/postfix -%define postfix_command_dir %{_sbindir} -%define postfix_queue_dir %{_var}/spool/postfix -%define postfix_doc_dir %{_docdir}/%{name}-%{version} -%define postfix_sample_dir %{postfix_doc_dir}/samples -%define postfix_readme_dir %{postfix_doc_dir}/README_FILES +%define postfix_uid 89 +%define postfix_user postfix +%define postfix_gid 89 +%define postfix_group postfix +%define postdrop_group postdrop +%define maildrop_group %{postdrop_group} +%define maildrop_gid %{POSTDROP_GID} + +%define postfix_config_dir %{_sysconfdir}/postfix +%define postfix_daemon_dir %{_libexecdir}/postfix +%define postfix_command_dir %{_sbindir} +%define postfix_queue_dir %{_var}/spool/postfix +%define postfix_doc_dir %{_docdir}/%{name}-%{version} +%define postfix_sample_dir %{postfix_doc_dir}/samples +%define postfix_readme_dir %{postfix_doc_dir}/README_FILES Name: postfix Summary: Postfix Mail Transport Agent -Version: 2.3.3 -Release: 2 +Version: 2.4.5 +Release: 2%{?dist} Epoch: 2 Group: System Environment/Daemons URL: http://www.postfix.org License: IBM Public License -PreReq: /sbin/chkconfig, /sbin/service, sh-utils -PreReq: fileutils, textutils, -PreReq: /usr/sbin/alternatives - -PreReq: %{_sbindir}/groupadd, %{_sbindir}/useradd +Requires(post): /sbin/chkconfig +Requires(post): %{_sbindir}/alternatives +Requires(pre): %{_sbindir}/groupadd +Requires(pre): %{_sbindir}/useradd +Requires(preun): /sbin/chkconfig +Requires(preun): /sbin/service +Requires(preun): %{_sbindir}/alternatives +Requires(postun): /sbin/service Provides: MTA smtpd smtpdaemon /usr/bin/newaliases @@ -79,15 +78,15 @@ Patch6: postfix-2.1.1-obsolete.patch Patch7: postfix-2.1.5-aliases.patch Patch8: postfix-large-fs.patch -Patch9: postfix-2.2.5-cyrus.patch +Patch9: postfix-2.4.0-cyrus.patch # Optional patches - set the appropriate environment variables to include # them when building the package/spec file -BuildRoot: %{_tmppath}/%{name}-buildroot +BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) # Determine the different packages required for building postfix -BuildRequires: gawk, perl, sed, ed, db4-devel, pkgconfig, zlib-devel +BuildRequires: db4-devel, pkgconfig, zlib-devel Requires: setup >= 2.5.36-1 BuildRequires: setup >= 2.5.36-1 @@ -112,6 +111,11 @@ BuildRequires: mysql, mysql-devel %endif +%if %{PGSQL} +Requires: postgresql-libs +BuildRequires: postgresql-devel +%endif + %if %{TLS} Requires: openssl BuildRequires: openssl-devel >= 0.9.6 @@ -124,8 +128,6 @@ TLS %prep -umask 022 - %setup -q # Apply obligatory patches %patch1 -p1 -b .config @@ -147,7 +149,7 @@ %package pflogsumm Group: System Environment/Daemons Summary: A Log Summarizer/Analyzer for the Postfix MTA -Requires: perl-Date-Calc +Requires: postfix = %{epoch}:%{version}-%{release} %description pflogsumm Pflogsumm is a log analyzer/summarizer for the Postfix MTA. It is designed to provide an over-view of Postfix activity. Pflogsumm @@ -158,8 +160,6 @@ %endif %build -umask 022 - CCARGS=-fPIC AUXLIBS= @@ -180,6 +180,10 @@ CCARGS="${CCARGS} -DHAS_MYSQL -I/usr/include/mysql" AUXLIBS="${AUXLIBS} -L%{_libdir}/mysql -lmysqlclient -lm" %endif +%if %{PGSQL} + CCARGS="${CCARGS} -DHAS_PGSQL -I/usr/include/pgsql" + AUXLIBS="${AUXLIBS} -lpq" +%endif %if %{SASL} %define sasl_v1_lib_dir %{_libdir}/sasl %define sasl_v2_lib_dir %{_libdir}/sasl2 @@ -212,10 +216,9 @@ make -f Makefile.init makefiles unset CCARGS AUXLIBS -make DEBUG="" OPT="$RPM_OPT_FLAGS" +make %{?_smp_mflags} DEBUG="" OPT="$RPM_OPT_FLAGS" %install -umask 022 /bin/rm -rf $RPM_BUILD_ROOT /bin/mkdir -p $RPM_BUILD_ROOT @@ -244,8 +247,7 @@ # This installs into the /etc/rc.d/init.d directory /bin/mkdir -p $RPM_BUILD_ROOT/etc/rc.d/init.d -install -c %{_sourcedir}/postfix-etc-init.d-postfix \ - $RPM_BUILD_ROOT/etc/rc.d/init.d/postfix +install -c %{SOURCE1} $RPM_BUILD_ROOT/etc/rc.d/init.d/postfix install -c auxiliary/rmail/rmail $RPM_BUILD_ROOT%{_bindir}/rmail.postfix @@ -259,15 +261,11 @@ install -c -m 755 man/man1/$i.1 $RPM_BUILD_ROOT%{_mandir}/man1/ done -# RPM compresses man pages automatically. -# - Edit postfix-files to reflect this, so post-install won't get confused -# when called during package installation. -ed $RPM_BUILD_ROOT%{postfix_config_dir}/postfix-files </dev/null /sbin/chkconfig --del postfix - /usr/sbin/alternatives --remove mta %{postfix_command_dir}/sendmail.postfix + %{_sbindir}/alternatives --remove mta %{postfix_command_dir}/sendmail.postfix fi exit 0 @@ -385,7 +379,7 @@ %config(noreplace) %{sasl_v2_lib_dir}/smtpd.conf %endif %config(noreplace) %{_sysconfdir}/pam.d/smtp.postfix -%attr(0755, root, root) %config /etc/rc.d/init.d/postfix +%attr(0755, root, root) /etc/rc.d/init.d/postfix # Misc files @@ -470,6 +464,39 @@ %changelog +* Thu Oct 4 2007 Thomas Woerner 2:2.4.5-2 +- made init script lsb conform (#243286) + but without lsb header +- added link to postfix sasl readme into Postfix-SASL-RedHat readme + +* Mon Aug 13 2007 Thomas Woerner 2:2.4.5-1 +- new version 2.4.5 + +* Fri Jun 15 2007 Thomas Woerner 2:2.4.3-3 +- added missing epoch in requirement of pflogsumm sub package + +* Thu Jun 14 2007 Thomas Woerner 2:2.4.3-2 +- diabled mysql support again (rhbz#185515) +- added support flag for PostgreSQL build (rhbz#180579) + Ben: Thanks for the patch +- Fixed remaining rewiew problems (rhbz#226307) + +* Tue Jun 5 2007 Thomas Woerner 2:2.4.3-1 +- allow to build without LDAP but SASL2 support (rhbz#216792) + +* Tue Jun 5 2007 Thomas Woerner 2:2.4.3-1 +- new stable version 2.4.3 +- enabled mysql support (rhbz#185515) +- dropped build requirements for gawk, ed and sed + +* Tue Jan 23 2007 Thomas Woerner 2:2.3.6-1 +- new version 2.3.6 +- limiting SASL mechanisms to plain login for sasl with saslauthd (#175259) +- dropped usage of ed in the install stage + +* Tue Nov 7 2006 Thomas Woerner 2:2.3.4-1 +- new version 2.3.4 + * Fri Sep 1 2006 Thomas Woerner 2:2.3.3-2 - fixed upgrade procedure (#202357) @@ -823,7 +850,7 @@ * Wed Feb 20 2002 Bernhard Rosenkraenzer 1.1.3-2 - listen on 127.0.0.1 only by default (#60071) -- Put config samples in %{_docdir}/%{name}-%{version} rather than +- Put config samples in %%{_docdir}/%%{name}-%%{version} rather than /etc/postfix (#60072) - Some spec file cleanups Index: sources =================================================================== RCS file: /cvs/dist/rpms/postfix/FC-6/sources,v retrieving revision 1.22 retrieving revision 1.23 diff -u -r1.22 -r1.23 --- sources 1 Sep 2006 15:01:31 -0000 1.22 +++ sources 4 Oct 2007 13:55:43 -0000 1.23 @@ -1,2 +1,2 @@ 1f78fcaf2a36ec3520ecff286a45251a pflogsumm-1.1.0.tar.gz -f957e9319428be81c724b606fe060cc7 postfix-2.3.3.tar.gz +ceba0cde05d12baa0ba2ed69fbb96b42 postfix-2.4.5.tar.gz From fedora-cvs-commits at redhat.com Thu Oct 4 14:08:17 2007 From: fedora-cvs-commits at redhat.com (fedora-cvs-commits at redhat.com) Date: Thu, 4 Oct 2007 10:08:17 -0400 Subject: rpms/ruby/FC-6 ruby-1.8.5-CVE-2007-5162.patch, NONE, 1.1 .cvsignore, 1.20, 1.21 ruby-deprecated-search-path.patch, 1.3, 1.4 ruby-deprecated-sitelib-search-path.patch, 1.2, 1.3 ruby.spec, 1.93, 1.94 sources, 1.19, 1.20 Message-ID: <200710041408.l94E8Hjg008006@cvs.devel.redhat.com> Author: tagoh Update of /cvs/dist/rpms/ruby/FC-6 In directory cvs.devel.redhat.com:/tmp/cvs-serv7990 Modified Files: .cvsignore ruby-deprecated-search-path.patch ruby-deprecated-sitelib-search-path.patch ruby.spec sources Added Files: ruby-1.8.5-CVE-2007-5162.patch Log Message: * Thu Oct 4 2007 Akira TAGOH - 1.8.5.113-1 - New upstream release. - ruby-1.8.5-CVE-2007-5162.patch: security fix for Net::HTTP that is insufficient verification of SSL certificate. (#313801) ruby-1.8.5-CVE-2007-5162.patch: ext/openssl/lib/openssl/ssl.rb | 2 +- lib/net/http.rb | 12 ++++++++++++ lib/open-uri.rb | 11 +---------- version.h | 8 ++++---- 4 files changed, 18 insertions(+), 15 deletions(-) --- NEW FILE ruby-1.8.5-CVE-2007-5162.patch --- diff -ruN ruby-1.8.5-p113.orig/ext/openssl/lib/openssl/ssl.rb ruby-1.8.5-p113/ext/openssl/lib/openssl/ssl.rb --- ruby-1.8.5-p113.orig/ext/openssl/lib/openssl/ssl.rb 2007-02-13 08:01:19.000000000 +0900 +++ ruby-1.8.5-p113/ext/openssl/lib/openssl/ssl.rb 2007-10-04 19:04:41.000000000 +0900 @@ -88,7 +88,7 @@ end } end - raise SSLError, "hostname not match" + raise SSLError, "hostname not match with the server certificate" end end diff -ruN ruby-1.8.5-p113.orig/lib/net/http.rb ruby-1.8.5-p113/lib/net/http.rb --- ruby-1.8.5-p113.orig/lib/net/http.rb 2007-02-13 08:01:19.000000000 +0900 +++ ruby-1.8.5-p113/lib/net/http.rb 2007-10-04 19:09:02.000000000 +0900 @@ -470,6 +470,7 @@ @debug_output = nil @use_ssl = false @ssl_context = nil + @enable_post_connection_check = true end def inspect @@ -526,6 +527,9 @@ false # redefined in net/https end + # specify enabling SSL server certificate and hostname checking. + attr_accessor :enable_post_connection_check + # Opens TCP connection and HTTP session. # # When this method is called with block, gives a HTTP object @@ -584,6 +588,14 @@ HTTPResponse.read_new(@socket).value end s.connect + if @ssl_context.verify_mode != OpenSSL::SSL::VERIFY_NONE + begin + s.post_connection_check(@address) + rescue OpenSSL::SSL::SSLError => ex + raise ex if @enable_post_connection_check + warn ex.message + end + end end on_connect end diff -ruN ruby-1.8.5-p113.orig/lib/open-uri.rb ruby-1.8.5-p113/lib/open-uri.rb --- ruby-1.8.5-p113.orig/lib/open-uri.rb 2007-02-13 08:01:19.000000000 +0900 +++ ruby-1.8.5-p113/lib/open-uri.rb 2007-10-04 19:10:12.000000000 +0900 @@ -229,6 +229,7 @@ if target.class == URI::HTTPS require 'net/https' http.use_ssl = true + http.enable_post_connection_check = true http.verify_mode = OpenSSL::SSL::VERIFY_PEER store = OpenSSL::X509::Store.new store.set_default_paths @@ -240,16 +241,6 @@ resp = nil http.start { - if target.class == URI::HTTPS - # xxx: information hiding violation - sock = http.instance_variable_get(:@socket) - if sock.respond_to?(:io) - sock = sock.io # 1.9 - else - sock = sock.instance_variable_get(:@socket) # 1.8 - end - sock.post_connection_check(target_host) - end req = Net::HTTP::Get.new(request_uri, header) if options.include? :http_basic_authentication user, pass = options[:http_basic_authentication] diff -ruN ruby-1.8.5-p113.orig/version.h ruby-1.8.5-p113/version.h --- ruby-1.8.5-p113.orig/version.h 2007-09-23 06:09:23.000000000 +0900 +++ ruby-1.8.5-p113/version.h 2007-10-04 19:10:57.000000000 +0900 @@ -1,15 +1,15 @@ #define RUBY_VERSION "1.8.5" -#define RUBY_RELEASE_DATE "2007-09-23" +#define RUBY_RELEASE_DATE "2007-09-24" #define RUBY_VERSION_CODE 185 -#define RUBY_RELEASE_CODE 20070923 -#define RUBY_PATCHLEVEL 113 +#define RUBY_RELEASE_CODE 20070924 +#define RUBY_PATCHLEVEL 114 #define RUBY_VERSION_MAJOR 1 #define RUBY_VERSION_MINOR 8 #define RUBY_VERSION_TEENY 5 #define RUBY_RELEASE_YEAR 2007 #define RUBY_RELEASE_MONTH 9 -#define RUBY_RELEASE_DAY 23 +#define RUBY_RELEASE_DAY 24 #ifdef RUBY_EXTERN RUBY_EXTERN const char ruby_version[]; Index: .cvsignore =================================================================== RCS file: /cvs/dist/rpms/ruby/FC-6/.cvsignore,v retrieving revision 1.20 retrieving revision 1.21 diff -u -r1.20 -r1.21 --- .cvsignore 20 Jun 2007 14:48:39 -0000 1.20 +++ .cvsignore 4 Oct 2007 14:08:14 -0000 1.21 @@ -14,3 +14,4 @@ ruby-1.8.5-p12.tar.gz ruby-1.8.5-p35.tar.gz ruby-1.8.5-p52.tar.bz2 +ruby-1.8.5-p113.tar.bz2 ruby-deprecated-search-path.patch: configure.in | 4 ++++ ruby.c | 9 +++++++++ 2 files changed, 13 insertions(+) Index: ruby-deprecated-search-path.patch =================================================================== RCS file: /cvs/dist/rpms/ruby/FC-6/ruby-deprecated-search-path.patch,v retrieving revision 1.3 retrieving revision 1.4 diff -u -r1.3 -r1.4 --- ruby-deprecated-search-path.patch 8 Jun 2006 07:53:37 -0000 1.3 +++ ruby-deprecated-search-path.patch 4 Oct 2007 14:08:15 -0000 1.4 @@ -1,7 +1,7 @@ -diff -ruN ruby-1.8.4.orig/configure.in ruby-1.8.4/configure.in ---- ruby-1.8.4.orig/configure.in 2006-04-20 12:53:38.000000000 +0900 -+++ ruby-1.8.4/configure.in 2006-04-20 13:06:07.000000000 +0900 -@@ -1472,12 +1472,16 @@ +diff -ruN ruby-1.8.5-p113.orig/configure.in ruby-1.8.5-p113/configure.in +--- ruby-1.8.5-p113.orig/configure.in 2007-10-04 18:54:45.000000000 +0900 ++++ ruby-1.8.5-p113/configure.in 2007-10-04 18:59:31.000000000 +0900 +@@ -1547,12 +1547,16 @@ esac RUBY_SITE_LIB_PATH3="${RUBY_SITE_LIB_PATH2}/${MAJOR}.${MINOR}" RUBY_SITE_LIB_PATH2="${RUBY_SITE_LIB_PATH}/${MAJOR}.${MINOR}" @@ -18,34 +18,34 @@ AC_SUBST(arch)dnl AC_SUBST(sitearch)dnl -diff -ruN ruby-1.8.4.orig/ruby.c ruby-1.8.4/ruby.c ---- ruby-1.8.4.orig/ruby.c 2005-12-12 09:36:52.000000000 +0900 -+++ ruby-1.8.4/ruby.c 2006-04-20 12:59:50.000000000 +0900 -@@ -292,11 +292,17 @@ +diff -ruN ruby-1.8.5-p113.orig/ruby.c ruby-1.8.5-p113/ruby.c +--- ruby-1.8.5-p113.orig/ruby.c 2007-10-04 18:54:45.000000000 +0900 ++++ ruby-1.8.5-p113/ruby.c 2007-10-04 19:01:16.000000000 +0900 +@@ -316,11 +316,17 @@ #endif - ruby_incpush(RUBY_RELATIVE(RUBY_SITE_LIB2)); + incpush(RUBY_RELATIVE(RUBY_SITE_LIB2)); +#ifdef RUBY_DEPRECATED_SITE_LIB -+ ruby_incpush(RUBY_RELATIVE(RUBY_DEPRECATED_SITE_LIB2)); ++ incpush(RUBY_RELATIVE(RUBY_DEPRECATED_SITE_LIB2)); +#endif #ifdef RUBY_SITE_THIN_ARCHLIB - ruby_incpush(RUBY_RELATIVE(RUBY_SITE_THIN_ARCHLIB)); + incpush(RUBY_RELATIVE(RUBY_SITE_THIN_ARCHLIB)); #endif - ruby_incpush(RUBY_RELATIVE(RUBY_SITE_ARCHLIB)); - ruby_incpush(RUBY_RELATIVE(RUBY_SITE_LIB)); + incpush(RUBY_RELATIVE(RUBY_SITE_ARCHLIB)); + incpush(RUBY_RELATIVE(RUBY_SITE_LIB)); +#ifdef RUBY_DEPRECATED_SITE_LIB -+ ruby_incpush(RUBY_RELATIVE(RUBY_DEPRECATED_SITE_LIB)); ++ incpush(RUBY_RELATIVE(RUBY_DEPRECATED_SITE_LIB)); +#endif #ifdef RUBY_DEPRECATED_OLD_SITE_LIB2 - ruby_incpush(RUBY_RELATIVE(RUBY_DEPRECATED_OLD_SITE_LIB2)); + incpush(RUBY_RELATIVE(RUBY_DEPRECATED_OLD_SITE_LIB2)); #endif -@@ -308,6 +314,9 @@ +@@ -332,6 +338,9 @@ #endif - ruby_incpush(RUBY_RELATIVE(RUBY_LIB)); + incpush(RUBY_RELATIVE(RUBY_LIB)); +#ifdef RUBY_DEPRECATED_LIB -+ ruby_incpush(RUBY_RELATIVE(RUBY_DEPRECATED_LIB)); ++ incpush(RUBY_RELATIVE(RUBY_DEPRECATED_LIB)); +#endif #ifdef RUBY_THIN_ARCHLIB - ruby_incpush(RUBY_RELATIVE(RUBY_THIN_ARCHLIB)); + incpush(RUBY_RELATIVE(RUBY_THIN_ARCHLIB)); #endif ruby-deprecated-sitelib-search-path.patch: configure.in | 3 +++ ruby.c | 9 +++++++++ 2 files changed, 12 insertions(+) Index: ruby-deprecated-sitelib-search-path.patch =================================================================== RCS file: /cvs/dist/rpms/ruby/FC-6/ruby-deprecated-sitelib-search-path.patch,v retrieving revision 1.2 retrieving revision 1.3 diff -u -r1.2 -r1.3 --- ruby-deprecated-sitelib-search-path.patch 8 Jun 2006 07:53:37 -0000 1.2 +++ ruby-deprecated-sitelib-search-path.patch 4 Oct 2007 14:08:15 -0000 1.3 @@ -1,7 +1,7 @@ -diff -ruN ruby-1.8.4.orig/configure.in ruby-1.8.4/configure.in ---- ruby-1.8.4.orig/configure.in 2006-06-07 13:58:03.000000000 +0900 -+++ ruby-1.8.4/configure.in 2006-06-07 15:54:36.000000000 +0900 -@@ -1476,6 +1476,8 @@ +diff -ruN ruby-1.8.5-p113.orig/configure.in ruby-1.8.5-p113/configure.in +--- ruby-1.8.5-p113.orig/configure.in 2007-10-04 17:28:26.000000000 +0900 ++++ ruby-1.8.5-p113/configure.in 2007-10-04 17:31:14.000000000 +0900 +@@ -1551,6 +1551,8 @@ AC_DEFINE_UNQUOTED(RUBY_LIB, "${RUBY_LIB_PATH}") AC_DEFINE_UNQUOTED(RUBY_SITE_LIB, "${RUBY_SITE_LIB_PATH}") AC_DEFINE_UNQUOTED(RUBY_SITE_LIB2, "${RUBY_SITE_LIB_PATH2}") @@ -10,7 +10,7 @@ AC_SUBST(arch)dnl AC_SUBST(sitearch)dnl -@@ -1506,6 +1508,7 @@ +@@ -1581,6 +1583,7 @@ AC_DEFINE_UNQUOTED(RUBY_ARCHLIB, "${RUBY_LIB_PATH2}/${arch}") AC_DEFINE_UNQUOTED(RUBY_SITE_ARCHLIB, "${RUBY_SITE_LIB_PATH3}/${sitearch}") @@ -18,22 +18,22 @@ AC_ARG_WITH(search-path, [ --with-search-path=DIR specify the additional search path], -diff -ruN ruby-1.8.4.orig/ruby.c ruby-1.8.4/ruby.c ---- ruby-1.8.4.orig/ruby.c 2005-12-12 09:36:52.000000000 +0900 -+++ ruby-1.8.4/ruby.c 2006-06-07 15:56:14.000000000 +0900 -@@ -297,6 +297,15 @@ +diff -ruN ruby-1.8.5-p113.orig/ruby.c ruby-1.8.5-p113/ruby.c +--- ruby-1.8.5-p113.orig/ruby.c 2007-09-17 04:51:38.000000000 +0900 ++++ ruby-1.8.5-p113/ruby.c 2007-10-04 17:33:07.000000000 +0900 +@@ -321,6 +321,15 @@ #endif - ruby_incpush(RUBY_RELATIVE(RUBY_SITE_ARCHLIB)); - ruby_incpush(RUBY_RELATIVE(RUBY_SITE_LIB)); + incpush(RUBY_RELATIVE(RUBY_SITE_ARCHLIB)); + incpush(RUBY_RELATIVE(RUBY_SITE_LIB)); +#ifdef RUBY_DEPRECATED_OLD_SITE_LIB2 -+ ruby_incpush(RUBY_RELATIVE(RUBY_DEPRECATED_OLD_SITE_LIB2)); ++ incpush(RUBY_RELATIVE(RUBY_DEPRECATED_OLD_SITE_LIB2)); +#endif +#ifdef RUBY_DEPRECATED_OLD_SITE_ARCHLIB -+ ruby_incpush(RUBY_RELATIVE(RUBY_DEPRECATED_OLD_SITE_ARCHLIB)); ++ incpush(RUBY_RELATIVE(RUBY_DEPRECATED_OLD_SITE_ARCHLIB)); +#endif +#ifdef RUBY_DEPRECATED_OLD_SITE_LIB -+ ruby_incpush(RUBY_RELATIVE(RUBY_DEPRECATED_OLD_SITE_LIB)); ++ incpush(RUBY_RELATIVE(RUBY_DEPRECATED_OLD_SITE_LIB)); +#endif - ruby_incpush(RUBY_RELATIVE(RUBY_LIB)); + incpush(RUBY_RELATIVE(RUBY_LIB)); #ifdef RUBY_THIN_ARCHLIB Index: ruby.spec =================================================================== RCS file: /cvs/dist/rpms/ruby/FC-6/ruby.spec,v retrieving revision 1.93 retrieving revision 1.94 diff -u -r1.93 -r1.94 --- ruby.spec 20 Jun 2007 14:48:39 -0000 1.93 +++ ruby.spec 4 Oct 2007 14:08:15 -0000 1.94 @@ -1,7 +1,7 @@ %define manver 1.4.6 %define rubyxver 1.8 %define rubyver 1.8.5 -%define _patchlevel 52 +%define _patchlevel 113 %define dotpatchlevel %{?_patchlevel:.%{_patchlevel}} %define patchlevel %{?_patchlevel:-p%{_patchlevel}} %define sitedir %{_libdir}/ruby/site_ruby @@ -12,7 +12,7 @@ Name: ruby Version: %{rubyver}%{?dotpatchlevel} Release: 1%{?dist} -License: Ruby License/GPL - see COPYING +License: Ruby or GPL+ URL: http://www.ruby-lang.org/ BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) BuildRequires: readline readline-devel ncurses ncurses-devel gdbm gdbm-devel glibc-devel tcl-devel tk-devel libX11-devel autoconf gcc unzip openssl-devel db4-devel byacc @@ -38,6 +38,7 @@ Patch23: ruby-multilib.patch Patch24: ruby-tcltk-multilib.patch Patch25: ruby-fix-autoconf-magic-code.patch +Patch26: ruby-1.8.5-CVE-2007-5162.patch Summary: An interpreter of object-oriented scripting language Group: Development/Languages @@ -156,6 +157,7 @@ %patch24 -p1 %endif #%%patch25 -p1 +%patch26 -p1 popd %build @@ -467,6 +469,11 @@ %endif %changelog +* Thu Oct 4 2007 Akira TAGOH - 1.8.5.113-1 +- New upstream release. +- ruby-1.8.5-CVE-2007-5162.patch: security fix for Net::HTTP that is + insufficient verification of SSL certificate. (#313801) + * Wed Jul 20 2007 Akira TAGOH - 1.8.5.52-1 - New upstream release. Index: sources =================================================================== RCS file: /cvs/dist/rpms/ruby/FC-6/sources,v retrieving revision 1.19 retrieving revision 1.20 diff -u -r1.19 -r1.20 --- sources 20 Jun 2007 14:48:39 -0000 1.19 +++ sources 4 Oct 2007 14:08:15 -0000 1.20 @@ -2,4 +2,4 @@ d65e3a216d6d345a2a6f1aa8758c2f75 ruby-refm-rdp-1.8.1-ja-html.tar.gz 7f3e181c0be9a1579e43a5a8b26372d6 rubyfaq-990927.tar.bz2 8aa2e2da327dc43ff6e46e634eb657b6 rubyfaq-jp-990927.tar.bz2 -bc19ddcca90a54692306b45c43f8e1a9 ruby-1.8.5-p52.tar.bz2 +682117fbca4cd2ceac6beb6a403eef59 ruby-1.8.5-p113.tar.bz2 From fedora-cvs-commits at redhat.com Fri Oct 5 04:24:40 2007 From: fedora-cvs-commits at redhat.com (fedora-cvs-commits at redhat.com) Date: Fri, 5 Oct 2007 00:24:40 -0400 Subject: October 71% OFF Message-ID: <20071005154136.20526.qmail@relay.kbumb.ru> An HTML attachment was scrubbed... URL: From fedora-cvs-commits at redhat.com Mon Oct 8 19:19:12 2007 From: fedora-cvs-commits at redhat.com (fedora-cvs-commits at redhat.com) Date: Mon, 8 Oct 2007 15:19:12 -0400 Subject: rpms/util-linux/FC-6 util-linux-2.13-mount-setuid.patch, NONE, 1.1 util-linux.spec, 1.155, 1.156 Message-ID: <200710081919.l98JJCh5013312@cvs.devel.redhat.com> Author: kzak Update of /cvs/dist/rpms/util-linux/FC-6 In directory cvs.devel.redhat.com:/tmp/cvs-serv13263 Modified Files: util-linux.spec Added Files: util-linux-2.13-mount-setuid.patch Log Message: * Mon Oct 8 2007 Karel Zak 2.13-0.49 - fix #320141 - CVE-2007-5191 util-linux (u)mount doesn't drop privileges properly when calling helpers [FC6] util-linux-2.13-mount-setuid.patch: mount.c | 8 ++++++-- umount.c | 8 ++++++-- 2 files changed, 12 insertions(+), 4 deletions(-) --- NEW FILE util-linux-2.13-mount-setuid.patch --- diff -up util-linux-2.13-pre7/mount/umount.c.kzak util-linux-2.13-pre7/mount/umount.c --- util-linux-2.13-pre7/mount/umount.c.kzak 2007-10-08 15:22:38.000000000 +0200 +++ util-linux-2.13-pre7/mount/umount.c 2007-10-08 15:24:01.000000000 +0200 @@ -102,8 +102,12 @@ check_special_umountprog(const char *spe char *umountargs[8]; int i = 0; - setuid(getuid()); - setgid(getgid()); + if(setgid(getgid()) < 0) + die(EX_FAIL, _("umount: cannot set group id: %s"), strerror(errno)); + + if(setuid(getuid()) < 0) + die(EX_FAIL, _("umount: cannot set user id: %s"), strerror(errno)); + umountargs[i++] = umountprog; umountargs[i++] = xstrdup(node); if (nomtab) diff -up util-linux-2.13-pre7/mount/mount.c.kzak util-linux-2.13-pre7/mount/mount.c --- util-linux-2.13-pre7/mount/mount.c.kzak 2007-10-08 15:22:38.000000000 +0200 +++ util-linux-2.13-pre7/mount/mount.c 2007-10-08 15:24:01.000000000 +0200 @@ -600,8 +600,12 @@ check_special_mountprog(const char *spec char *oo, *mountargs[11]; int i = 0; - setuid(getuid()); - setgid(getgid()); + if(setgid(getgid()) < 0) + die(EX_FAIL, _("mount: cannot set group id: %s"), strerror(errno)); + + if(setuid(getuid()) < 0) + die(EX_FAIL, _("mount: cannot set user id: %s"), strerror(errno)); + oo = fix_opts_string (flags, extra_opts, NULL); mountargs[i++] = mountprog; mountargs[i++] = spec; Index: util-linux.spec =================================================================== RCS file: /cvs/dist/rpms/util-linux/FC-6/util-linux.spec,v retrieving revision 1.155 retrieving revision 1.156 diff -u -r1.155 -r1.156 --- util-linux.spec 2 Aug 2007 11:53:10 -0000 1.155 +++ util-linux.spec 8 Oct 2007 19:19:09 -0000 1.156 @@ -9,7 +9,7 @@ Summary: A collection of basic system utilities. Name: util-linux Version: 2.13 -Release: 0.48%{?dist} +Release: 0.49%{?dist} License: distributable Group: System Environment/Base @@ -237,6 +237,8 @@ # 238918 - blockdev --getsize does not work properly on devices with more than 2^31 sectors Patch268: util-linux-2.13-blockdev-errno.patch Patch269: util-linux-2.13-blockdev-unsigned.patch +# 320141: CVE-2007-5191 util-linux (u)mount doesn't drop privileges properly when calling helpers [FC6] +Patch270: util-linux-2.13-mount-setuid.patch %description The util-linux package contains a large variety of low-level system @@ -335,6 +337,7 @@ %patch267 -p1 %patch268 -p1 %patch269 -p1 +%patch270 -p1 %build unset LINGUAS || : @@ -726,6 +729,9 @@ /sbin/losetup %changelog +* Mon Oct 8 2007 Karel Zak 2.13-0.49 +- fix #320141 - CVE-2007-5191 util-linux (u)mount doesn't drop privileges properly when calling helpers [FC6] + * Thu Aug 2 2007 Karel Zak 2.13-0.48 - fix #238918 - blockdev --getsize does not work properly on devices with more than 2^31 sectors From fedora-cvs-commits at redhat.com Tue Oct 9 20:56:26 2007 From: fedora-cvs-commits at redhat.com (fedora-cvs-commits at redhat.com) Date: Tue, 9 Oct 2007 16:56:26 -0400 Subject: rpms/selinux-policy/FC-6 policy-20061106.patch, 1.57, 1.58 selinux-policy.spec, 1.376, 1.377 Message-ID: <200710092056.l99KuQSd028573@cvs.devel.redhat.com> Author: dwalsh Update of /cvs/dist/rpms/selinux-policy/FC-6 In directory cvs.devel.redhat.com:/tmp/cvs-serv28552 Modified Files: policy-20061106.patch selinux-policy.spec Log Message: * Tue Oct 9 2007 Dan Walsh 2.4.6-107 - Remove badly labeled pegasus directory policy-20061106.patch: Rules.modular | 10 config/appconfig-strict-mcs/seusers | 1 config/appconfig-strict-mls/default_contexts | 6 config/appconfig-strict-mls/seusers | 1 config/appconfig-strict/seusers | 1 man/man8/kerberos_selinux.8 | 2 policy/flask/access_vectors | 21 policy/flask/security_classes | 8 policy/global_tunables | 94 +++ policy/mls | 31 + policy/modules/admin/acct.te | 1 policy/modules/admin/alsa.fc | 6 policy/modules/admin/alsa.te | 19 policy/modules/admin/amanda.if | 37 + policy/modules/admin/amanda.te | 29 - policy/modules/admin/amtu.fc | 3 policy/modules/admin/amtu.if | 57 ++ policy/modules/admin/amtu.te | 56 ++ policy/modules/admin/backup.te | 5 policy/modules/admin/bootloader.fc | 5 policy/modules/admin/bootloader.te | 15 policy/modules/admin/consoletype.te | 21 policy/modules/admin/ddcprobe.te | 10 policy/modules/admin/dmesg.te | 7 policy/modules/admin/dmidecode.te | 6 policy/modules/admin/firstboot.if | 24 - policy/modules/admin/kudzu.te | 14 policy/modules/admin/logrotate.te | 5 policy/modules/admin/logwatch.te | 22 policy/modules/admin/netutils.te | 19 policy/modules/admin/portage.te | 5 policy/modules/admin/prelink.te | 25 - policy/modules/admin/quota.fc | 7 policy/modules/admin/quota.te | 24 - policy/modules/admin/readahead.te | 2 policy/modules/admin/rpm.fc | 3 policy/modules/admin/rpm.if | 104 ++++ policy/modules/admin/rpm.te | 49 -- policy/modules/admin/su.if | 38 + policy/modules/admin/su.te | 2 policy/modules/admin/sudo.if | 13 policy/modules/admin/tripwire.te | 11 policy/modules/admin/usbmodules.te | 5 policy/modules/admin/usermanage.if | 2 policy/modules/admin/usermanage.te | 58 +- policy/modules/admin/vbetool.te | 2 policy/modules/admin/vpn.te | 1 policy/modules/apps/ethereal.te | 5 policy/modules/apps/evolution.if | 107 ++++ policy/modules/apps/evolution.te | 1 policy/modules/apps/games.fc | 1 policy/modules/apps/gnome.fc | 2 policy/modules/apps/gnome.if | 108 ++++ policy/modules/apps/gnome.te | 5 policy/modules/apps/gpg.if | 1 policy/modules/apps/java.fc | 2 policy/modules/apps/java.if | 70 ++ policy/modules/apps/java.te | 2 policy/modules/apps/loadkeys.if | 39 - policy/modules/apps/mozilla.if | 208 +++++++- policy/modules/apps/mplayer.if | 84 +++ policy/modules/apps/mplayer.te | 1 policy/modules/apps/slocate.te | 7 policy/modules/apps/thunderbird.if | 81 +++ policy/modules/apps/userhelper.if | 20 policy/modules/apps/webalizer.te | 6 policy/modules/apps/wine.fc | 1 policy/modules/apps/yam.te | 5 policy/modules/kernel/corecommands.fc | 33 + policy/modules/kernel/corecommands.if | 77 +++ policy/modules/kernel/corenetwork.if.in | 177 +++++++ policy/modules/kernel/corenetwork.te.in | 18 policy/modules/kernel/devices.fc | 12 policy/modules/kernel/devices.if | 94 +++ policy/modules/kernel/devices.te | 8 policy/modules/kernel/domain.if | 80 +++ policy/modules/kernel/domain.te | 26 + policy/modules/kernel/files.fc | 3 policy/modules/kernel/files.if | 337 +++++++++++++- policy/modules/kernel/filesystem.if | 100 ++++ policy/modules/kernel/filesystem.te | 50 ++ policy/modules/kernel/kernel.if | 84 +++ policy/modules/kernel/kernel.te | 22 policy/modules/kernel/mls.if | 28 + policy/modules/kernel/mls.te | 6 policy/modules/kernel/storage.fc | 4 policy/modules/kernel/storage.if | 2 policy/modules/kernel/terminal.fc | 2 policy/modules/kernel/terminal.if | 21 policy/modules/kernel/terminal.te | 1 policy/modules/services/aide.fc | 3 policy/modules/services/aide.te | 11 policy/modules/services/amavis.if | 19 policy/modules/services/amavis.te | 4 policy/modules/services/apache.fc | 18 policy/modules/services/apache.if | 157 ++++++ policy/modules/services/apache.te | 66 ++ policy/modules/services/apm.te | 3 policy/modules/services/arpwatch.te | 5 policy/modules/services/audioentropy.te | 4 policy/modules/services/automount.fc | 1 policy/modules/services/automount.te | 15 policy/modules/services/avahi.if | 40 + policy/modules/services/avahi.te | 10 policy/modules/services/bind.fc | 1 policy/modules/services/bind.te | 12 policy/modules/services/bluetooth.te | 10 policy/modules/services/ccs.fc | 1 policy/modules/services/ccs.te | 25 - policy/modules/services/clamav.te | 3 policy/modules/services/courier.te | 1 policy/modules/services/cron.fc | 6 policy/modules/services/cron.if | 105 ++-- policy/modules/services/cron.te | 62 ++ policy/modules/services/cups.fc | 5 policy/modules/services/cups.te | 23 policy/modules/services/cvs.te | 2 policy/modules/services/cyrus.te | 6 policy/modules/services/dbus.fc | 1 policy/modules/services/dbus.if | 66 ++ policy/modules/services/dbus.te | 4 policy/modules/services/dcc.te | 9 policy/modules/services/dhcp.te | 3 policy/modules/services/dovecot.fc | 2 policy/modules/services/dovecot.if | 44 + policy/modules/services/dovecot.te | 77 ++- policy/modules/services/fail2ban.fc | 3 policy/modules/services/fail2ban.if | 80 +++ policy/modules/services/fail2ban.te | 74 +++ policy/modules/services/ftp.te | 31 + policy/modules/services/hal.fc | 20 policy/modules/services/hal.if | 159 ++++++ policy/modules/services/hal.te | 180 ++++++- policy/modules/services/inetd.te | 34 + policy/modules/services/irqbalance.te | 4 policy/modules/services/kerberos.fc | 1 policy/modules/services/kerberos.if | 82 +++ policy/modules/services/kerberos.te | 48 +- policy/modules/services/ktalk.fc | 3 policy/modules/services/ktalk.te | 13 policy/modules/services/lpd.if | 75 ++- policy/modules/services/lpd.te | 5 policy/modules/services/mailman.if | 20 policy/modules/services/mailman.te | 1 policy/modules/services/mta.fc | 1 policy/modules/services/mta.if | 30 + policy/modules/services/mta.te | 3 policy/modules/services/munin.te | 5 policy/modules/services/nagios.fc | 8 policy/modules/services/nagios.if | 22 policy/modules/services/nagios.te | 70 +- policy/modules/services/networkmanager.fc | 2 policy/modules/services/networkmanager.te | 2 policy/modules/services/nis.fc | 7 policy/modules/services/nis.if | 30 + policy/modules/services/nis.te | 39 + policy/modules/services/nscd.if | 20 policy/modules/services/nscd.te | 31 - policy/modules/services/ntp.te | 10 policy/modules/services/oav.te | 5 policy/modules/services/oddjob.te | 5 policy/modules/services/openca.if | 4 policy/modules/services/openca.te | 2 policy/modules/services/openct.te | 2 policy/modules/services/openvpn.te | 20 policy/modules/services/pcscd.fc | 9 policy/modules/services/pcscd.if | 62 ++ policy/modules/services/pcscd.te | 79 +++ policy/modules/services/pegasus.if | 31 + policy/modules/services/pegasus.te | 13 policy/modules/services/portmap.te | 5 policy/modules/services/portslave.te | 1 policy/modules/services/postfix.fc | 2 policy/modules/services/postfix.if | 49 +- policy/modules/services/postfix.te | 111 ++++ policy/modules/services/ppp.te | 2 policy/modules/services/procmail.te | 32 + policy/modules/services/pyzor.if | 18 policy/modules/services/pyzor.te | 13 policy/modules/services/radius.te | 3 policy/modules/services/radvd.te | 2 policy/modules/services/remotelogin.if | 18 policy/modules/services/rhgb.if | 76 +++ policy/modules/services/rhgb.te | 3 policy/modules/services/ricci.te | 66 +- policy/modules/services/rlogin.te | 23 policy/modules/services/rpc.fc | 1 policy/modules/services/rpc.if | 3 policy/modules/services/rpc.te | 28 - policy/modules/services/rshd.te | 22 policy/modules/services/rsync.te | 1 policy/modules/services/samba.fc | 6 policy/modules/services/samba.if | 151 ++++++ policy/modules/services/samba.te | 217 ++++++--- policy/modules/services/sasl.te | 14 policy/modules/services/sendmail.if | 41 + policy/modules/services/sendmail.te | 22 policy/modules/services/setroubleshoot.if | 20 policy/modules/services/setroubleshoot.te | 2 policy/modules/services/smartmon.te | 1 policy/modules/services/snmp.if | 17 policy/modules/services/snmp.te | 20 policy/modules/services/soundserver.te | 4 policy/modules/services/spamassassin.fc | 5 policy/modules/services/spamassassin.if | 42 + policy/modules/services/spamassassin.te | 26 - policy/modules/services/squid.fc | 2 policy/modules/services/squid.if | 21 policy/modules/services/squid.te | 17 policy/modules/services/ssh.if | 84 +++ policy/modules/services/ssh.te | 14 policy/modules/services/telnet.te | 28 - policy/modules/services/tftp.te | 3 policy/modules/services/uucp.fc | 1 policy/modules/services/uucp.if | 67 ++ policy/modules/services/uucp.te | 44 + policy/modules/services/uwimap.te | 1 policy/modules/services/xfs.te | 8 policy/modules/services/xserver.fc | 4 policy/modules/services/xserver.if | 212 ++++++++ policy/modules/services/xserver.te | 12 policy/modules/system/authlogin.fc | 3 policy/modules/system/authlogin.if | 202 ++++++++ policy/modules/system/authlogin.te | 50 +- policy/modules/system/clock.te | 18 policy/modules/system/fstools.fc | 1 policy/modules/system/fstools.if | 19 policy/modules/system/fstools.te | 20 policy/modules/system/getty.te | 14 policy/modules/system/hostname.te | 19 policy/modules/system/init.if | 75 +++ policy/modules/system/init.te | 51 ++ policy/modules/system/ipsec.fc | 5 policy/modules/system/ipsec.if | 99 ++++ policy/modules/system/ipsec.te | 121 ++++- policy/modules/system/iptables.te | 28 - policy/modules/system/iscsi.te | 2 policy/modules/system/libraries.fc | 44 + policy/modules/system/libraries.te | 11 policy/modules/system/locallogin.if | 37 + policy/modules/system/locallogin.te | 11 policy/modules/system/logging.fc | 5 policy/modules/system/logging.if | 61 ++ policy/modules/system/logging.te | 36 + policy/modules/system/lvm.fc | 2 policy/modules/system/lvm.if | 26 - policy/modules/system/lvm.te | 132 ++++- policy/modules/system/miscfiles.fc | 3 policy/modules/system/miscfiles.if | 79 +++ policy/modules/system/modutils.te | 38 + policy/modules/system/mount.te | 37 + policy/modules/system/netlabel.te | 10 policy/modules/system/pcmcia.te | 5 policy/modules/system/raid.te | 16 policy/modules/system/selinuxutil.fc | 10 policy/modules/system/selinuxutil.if | 153 ++++++ policy/modules/system/selinuxutil.te | 157 ++---- policy/modules/system/sysnetwork.if | 2 policy/modules/system/sysnetwork.te | 14 policy/modules/system/tzdata.fc | 3 policy/modules/system/tzdata.if | 23 policy/modules/system/tzdata.te | 51 ++ policy/modules/system/udev.te | 22 policy/modules/system/unconfined.fc | 4 policy/modules/system/unconfined.if | 42 + policy/modules/system/unconfined.te | 25 + policy/modules/system/userdomain.if | 640 +++++++++++++++++++++++---- policy/modules/system/userdomain.te | 117 ++-- policy/modules/system/xen.fc | 2 policy/modules/system/xen.if | 64 ++ policy/modules/system/xen.te | 76 ++- policy/support/*Warnings* | 189 +++++++ policy/support/file_patterns.spt | 534 ++++++++++++++++++++++ policy/support/misc_macros.spt | 8 policy/support/obj_perm_sets.spt | 144 ++++++ 275 files changed, 9053 insertions(+), 1089 deletions(-) View full diff with command: /usr/bin/cvs -f diff -kk -u -N -r 1.57 -r 1.58 policy-20061106.patch Index: policy-20061106.patch =================================================================== RCS file: /cvs/dist/rpms/selinux-policy/FC-6/policy-20061106.patch,v retrieving revision 1.57 retrieving revision 1.58 diff -u -r1.57 -r1.58 --- policy-20061106.patch 21 Sep 2007 19:13:41 -0000 1.57 +++ policy-20061106.patch 9 Oct 2007 20:56:23 -0000 1.58 @@ -1,20 +1,20 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-strict/seusers serefpolicy-2.4.6/config/appconfig-strict/seusers --- nsaserefpolicy/config/appconfig-strict/seusers 2006-11-29 12:04:52.000000000 -0500 -+++ serefpolicy-2.4.6/config/appconfig-strict/seusers 2007-05-22 12:40:26.000000000 -0400 ++++ serefpolicy-2.4.6/config/appconfig-strict/seusers 2007-09-24 15:46:29.000000000 -0400 @@ -1,2 +1,3 @@ +system_u:system_u root:root __default__:user_u diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-strict-mcs/seusers serefpolicy-2.4.6/config/appconfig-strict-mcs/seusers --- nsaserefpolicy/config/appconfig-strict-mcs/seusers 2006-11-29 12:04:52.000000000 -0500 -+++ serefpolicy-2.4.6/config/appconfig-strict-mcs/seusers 2007-05-22 12:40:26.000000000 -0400 ++++ serefpolicy-2.4.6/config/appconfig-strict-mcs/seusers 2007-09-24 15:46:29.000000000 -0400 @@ -1,2 +1,3 @@ +system_u:system_u:s0-mcs_systemhigh root:root:s0-mcs_systemhigh __default__:user_u:s0 diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-strict-mls/default_contexts serefpolicy-2.4.6/config/appconfig-strict-mls/default_contexts --- nsaserefpolicy/config/appconfig-strict-mls/default_contexts 2006-11-29 12:04:52.000000000 -0500 -+++ serefpolicy-2.4.6/config/appconfig-strict-mls/default_contexts 2007-05-22 12:40:26.000000000 -0400 ++++ serefpolicy-2.4.6/config/appconfig-strict-mls/default_contexts 2007-09-24 15:46:29.000000000 -0400 @@ -1,7 +1,7 @@ system_r:sulogin_t:s0 sysadm_r:sysadm_t:s0 -system_r:local_login_t:s0 staff_r:staff_t:s0 user_r:user_t:s0 sysadm_r:sysadm_t:s0 @@ -28,14 +28,14 @@ staff_r:staff_su_t:s0 staff_r:staff_t:s0 user_r:user_t:s0 sysadm_r:sysadm_t:s0 diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-strict-mls/seusers serefpolicy-2.4.6/config/appconfig-strict-mls/seusers --- nsaserefpolicy/config/appconfig-strict-mls/seusers 2006-11-29 12:04:52.000000000 -0500 -+++ serefpolicy-2.4.6/config/appconfig-strict-mls/seusers 2007-05-22 12:40:26.000000000 -0400 ++++ serefpolicy-2.4.6/config/appconfig-strict-mls/seusers 2007-09-24 15:46:29.000000000 -0400 @@ -1,2 +1,3 @@ +system_u:system_u:s0-mls_systemhigh root:root:s0-mls_systemhigh __default__:user_u:s0 diff --exclude-from=exclude -N -u -r nsaserefpolicy/man/man8/kerberos_selinux.8 serefpolicy-2.4.6/man/man8/kerberos_selinux.8 --- nsaserefpolicy/man/man8/kerberos_selinux.8 2006-11-29 12:04:48.000000000 -0500 -+++ serefpolicy-2.4.6/man/man8/kerberos_selinux.8 2007-05-22 12:40:26.000000000 -0400 ++++ serefpolicy-2.4.6/man/man8/kerberos_selinux.8 2007-09-24 15:46:29.000000000 -0400 @@ -18,7 +18,7 @@ .br service krb5kdc restart @@ -47,7 +47,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/flask/access_vectors serefpolicy-2.4.6/policy/flask/access_vectors --- nsaserefpolicy/policy/flask/access_vectors 2006-11-29 12:04:48.000000000 -0500 -+++ serefpolicy-2.4.6/policy/flask/access_vectors 2007-06-26 16:22:26.000000000 -0400 ++++ serefpolicy-2.4.6/policy/flask/access_vectors 2007-09-24 15:46:29.000000000 -0400 @@ -185,6 +185,8 @@ rawip_recv rawip_send @@ -103,7 +103,7 @@ + diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/flask/security_classes serefpolicy-2.4.6/policy/flask/security_classes --- nsaserefpolicy/policy/flask/security_classes 2006-11-29 12:04:48.000000000 -0500 -+++ serefpolicy-2.4.6/policy/flask/security_classes 2007-06-26 16:21:45.000000000 -0400 ++++ serefpolicy-2.4.6/policy/flask/security_classes 2007-09-24 15:46:29.000000000 -0400 @@ -63,8 +63,8 @@ class xserver # userspace class xextension # userspace @@ -126,7 +126,7 @@ # FLASK diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/global_tunables serefpolicy-2.4.6/policy/global_tunables --- nsaserefpolicy/policy/global_tunables 2006-11-29 12:04:51.000000000 -0500 -+++ serefpolicy-2.4.6/policy/global_tunables 2007-05-22 12:40:26.000000000 -0400 ++++ serefpolicy-2.4.6/policy/global_tunables 2007-09-24 15:46:29.000000000 -0400 @@ -82,6 +82,14 @@ ## @@ -280,7 +280,7 @@ +gen_tunable(allow_console_login,false) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/mls serefpolicy-2.4.6/policy/mls --- nsaserefpolicy/policy/mls 2006-11-29 12:04:48.000000000 -0500 -+++ serefpolicy-2.4.6/policy/mls 2007-05-22 12:40:26.000000000 -0400 ++++ serefpolicy-2.4.6/policy/mls 2007-09-24 15:46:29.000000000 -0400 @@ -89,12 +89,14 @@ mlsconstrain { file lnk_file fifo_file dir chr_file blk_file sock_file } { write create setattr relabelfrom append unlink link rename mounton } (( l1 eq l2 ) or @@ -354,7 +354,7 @@ mlsconstrain association { polmatch } diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/acct.te serefpolicy-2.4.6/policy/modules/admin/acct.te --- nsaserefpolicy/policy/modules/admin/acct.te 2006-11-29 12:04:48.000000000 -0500 -+++ serefpolicy-2.4.6/policy/modules/admin/acct.te 2007-05-22 12:40:26.000000000 -0400 ++++ serefpolicy-2.4.6/policy/modules/admin/acct.te 2007-09-24 15:46:29.000000000 -0400 @@ -9,6 +9,7 @@ type acct_t; type acct_exec_t; @@ -365,19 +365,31 @@ logging_log_file(acct_data_t) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/alsa.fc serefpolicy-2.4.6/policy/modules/admin/alsa.fc --- nsaserefpolicy/policy/modules/admin/alsa.fc 2006-11-29 12:04:48.000000000 -0500 -+++ serefpolicy-2.4.6/policy/modules/admin/alsa.fc 2007-08-24 16:06:30.000000000 -0400 -@@ -1,4 +1,7 @@ ++++ serefpolicy-2.4.6/policy/modules/admin/alsa.fc 2007-10-02 11:59:47.000000000 -0400 +@@ -1,4 +1,10 @@ ++/etc/alsa/asound.state -- gen_context(system_u:object_r:alsa_etc_rw_t,s0) /etc/alsa/pcm(/.*)? gen_context(system_u:object_r:alsa_etc_rw_t,s0) +/etc/asound(/.*)? gen_context(system_u:object_r:alsa_etc_rw_t,s0) -+/etc/asound\.state gen_context(system_u:object_r:alsa_etc_rw_t,s0) ++/etc/asound\.state -- gen_context(system_u:object_r:alsa_etc_rw_t,s0) /usr/bin/ainit -- gen_context(system_u:object_r:alsa_exec_t,s0) +/sbin/alsactl -- gen_context(system_u:object_r:alsa_exec_t,s0) ++/sbin/salsa -- gen_context(system_u:object_r:alsa_exec_t,s0) ++ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/alsa.te serefpolicy-2.4.6/policy/modules/admin/alsa.te --- nsaserefpolicy/policy/modules/admin/alsa.te 2006-11-29 12:04:48.000000000 -0500 -+++ serefpolicy-2.4.6/policy/modules/admin/alsa.te 2007-08-24 16:05:49.000000000 -0400 -@@ -20,19 +20,26 @@ ++++ serefpolicy-2.4.6/policy/modules/admin/alsa.te 2007-10-04 10:29:57.000000000 -0400 +@@ -9,7 +9,7 @@ + type alsa_t; + type alsa_exec_t; + domain_type(alsa_t) +-domain_entry_file(alsa_t, alsa_exec_t) ++init_system_domain(alsa_t, alsa_exec_t) + role system_r types alsa_t; + + type alsa_etc_rw_t; +@@ -20,19 +20,28 @@ # Local policy # @@ -400,12 +412,14 @@ +files_search_home(alsa_t) files_read_etc_files(alsa_t) ++init_dontaudit_use_fds(alsa_t) ++ +kernel_read_system_state(alsa_t) + term_use_generic_ptys(alsa_t) term_dontaudit_use_unallocated_ttys(alsa_t) -@@ -45,7 +52,13 @@ +@@ -45,7 +54,13 @@ userdom_manage_unpriv_user_semaphores(alsa_t) userdom_manage_unpriv_user_shared_mem(alsa_t) @@ -421,7 +435,7 @@ +') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/amanda.if serefpolicy-2.4.6/policy/modules/admin/amanda.if --- nsaserefpolicy/policy/modules/admin/amanda.if 2006-11-29 12:04:48.000000000 -0500 -+++ serefpolicy-2.4.6/policy/modules/admin/amanda.if 2007-09-11 08:55:14.000000000 -0400 ++++ serefpolicy-2.4.6/policy/modules/admin/amanda.if 2007-09-24 15:46:29.000000000 -0400 @@ -76,6 +76,26 @@ ######################################## @@ -473,7 +487,7 @@ +') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/amanda.te serefpolicy-2.4.6/policy/modules/admin/amanda.te --- nsaserefpolicy/policy/modules/admin/amanda.te 2006-11-29 12:04:48.000000000 -0500 -+++ serefpolicy-2.4.6/policy/modules/admin/amanda.te 2007-09-11 08:54:01.000000000 -0400 ++++ serefpolicy-2.4.6/policy/modules/admin/amanda.te 2007-09-24 15:46:29.000000000 -0400 @@ -84,18 +84,22 @@ # access to amandas data structure @@ -559,14 +573,14 @@ ') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/amtu.fc serefpolicy-2.4.6/policy/modules/admin/amtu.fc --- nsaserefpolicy/policy/modules/admin/amtu.fc 1969-12-31 19:00:00.000000000 -0500 -+++ serefpolicy-2.4.6/policy/modules/admin/amtu.fc 2007-05-22 12:40:26.000000000 -0400 ++++ serefpolicy-2.4.6/policy/modules/admin/amtu.fc 2007-09-24 15:46:29.000000000 -0400 @@ -0,0 +1,3 @@ + +/usr/bin/amtu -- gen_context(system_u:object_r:amtu_exec_t,s0) + diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/amtu.if serefpolicy-2.4.6/policy/modules/admin/amtu.if --- nsaserefpolicy/policy/modules/admin/amtu.if 1969-12-31 19:00:00.000000000 -0500 -+++ serefpolicy-2.4.6/policy/modules/admin/amtu.if 2007-05-22 12:40:26.000000000 -0400 ++++ serefpolicy-2.4.6/policy/modules/admin/amtu.if 2007-09-24 15:46:29.000000000 -0400 @@ -0,0 +1,57 @@ +## +## abstract Machine Test Utility @@ -627,7 +641,7 @@ +') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/amtu.te serefpolicy-2.4.6/policy/modules/admin/amtu.te --- nsaserefpolicy/policy/modules/admin/amtu.te 1969-12-31 19:00:00.000000000 -0500 -+++ serefpolicy-2.4.6/policy/modules/admin/amtu.te 2007-05-22 12:40:26.000000000 -0400 ++++ serefpolicy-2.4.6/policy/modules/admin/amtu.te 2007-09-24 15:46:29.000000000 -0400 @@ -0,0 +1,56 @@ +policy_module(amtu,1.0.23) + @@ -687,7 +701,7 @@ + diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/backup.te serefpolicy-2.4.6/policy/modules/admin/backup.te --- nsaserefpolicy/policy/modules/admin/backup.te 2006-11-29 12:04:48.000000000 -0500 -+++ serefpolicy-2.4.6/policy/modules/admin/backup.te 2007-05-22 12:40:26.000000000 -0400 ++++ serefpolicy-2.4.6/policy/modules/admin/backup.te 2007-09-24 15:46:29.000000000 -0400 @@ -82,3 +82,8 @@ optional_policy(` nis_use_ypbind(backup_t) [...4333 lines suppressed...] ######################################## -@@ -4343,7 +4420,7 @@ +@@ -4343,7 +4421,7 @@ type sysadm_home_dir_t; ') @@ -15968,7 +16493,7 @@ ') ######################################## -@@ -4501,41 +4578,13 @@ +@@ -4501,41 +4579,13 @@ ## # interface(`userdom_read_sysadm_home_content_files',` @@ -15986,7 +16511,7 @@ + type sysadm_home_dir_t, sysadm_home_t; ') -') - +- -######################################## -## -## Read files in the sysadm users home directory. @@ -16002,7 +16527,7 @@ - gen_require(` - type sysadm_tmp_t; - ') -- + - files_search_tmp($1) - allow $1 sysadm_tmp_t:dir list_dir_perms; - allow $1 sysadm_tmp_t:{ file lnk_file } r_file_perms; @@ -16015,7 +16540,7 @@ ') ######################################## -@@ -4858,7 +4907,7 @@ +@@ -4858,7 +4908,7 @@ type user_home_t; ') @@ -16024,7 +16549,7 @@ ') ######################################## -@@ -4905,6 +4954,28 @@ +@@ -4905,6 +4955,28 @@ ######################################## ## @@ -16053,7 +16578,7 @@ ## Read files in generic user home directories. ## ## -@@ -5497,3 +5568,410 @@ +@@ -5497,3 +5569,427 @@ allow $1 user_home_dir_t:dir create_dir_perms; files_home_filetrans($1,user_home_dir_t,dir) ') @@ -16464,9 +16989,26 @@ + + + ++######################################## ++## ++## Allow apps to set rlimits on userdomain ++## ++## ++## ++## Domain allowed access. ++## ++## ++# ++interface(`userdom_set_rlimitnh',` ++ gen_require(` ++ attribute userdomain; ++ ') ++ allow $1 userdomain:process rlimitinh; ++') ++ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.te serefpolicy-2.4.6/policy/modules/system/userdomain.te --- nsaserefpolicy/policy/modules/system/userdomain.te 2006-11-29 12:04:51.000000000 -0500 -+++ serefpolicy-2.4.6/policy/modules/system/userdomain.te 2007-06-11 10:22:56.000000000 -0400 ++++ serefpolicy-2.4.6/policy/modules/system/userdomain.te 2007-09-24 15:46:29.000000000 -0400 @@ -24,6 +24,9 @@ # users home directory contents attribute home_type; @@ -16688,7 +17230,7 @@ +') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.fc serefpolicy-2.4.6/policy/modules/system/xen.fc --- nsaserefpolicy/policy/modules/system/xen.fc 2006-11-29 12:04:51.000000000 -0500 -+++ serefpolicy-2.4.6/policy/modules/system/xen.fc 2007-08-29 23:03:13.000000000 -0400 ++++ serefpolicy-2.4.6/policy/modules/system/xen.fc 2007-09-24 15:46:29.000000000 -0400 @@ -8,6 +8,7 @@ /usr/sbin/xm -- gen_context(system_u:object_r:xm_exec_t,s0) @@ -16707,7 +17249,7 @@ /var/run/xenstore\.pid -- gen_context(system_u:object_r:xenstored_var_run_t,s0) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.if serefpolicy-2.4.6/policy/modules/system/xen.if --- nsaserefpolicy/policy/modules/system/xen.if 2006-11-29 12:04:51.000000000 -0500 -+++ serefpolicy-2.4.6/policy/modules/system/xen.if 2007-07-25 10:36:53.000000000 -0400 ++++ serefpolicy-2.4.6/policy/modules/system/xen.if 2007-09-24 15:46:29.000000000 -0400 @@ -77,6 +77,7 @@ ') @@ -16785,7 +17327,7 @@ +') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.te serefpolicy-2.4.6/policy/modules/system/xen.te --- nsaserefpolicy/policy/modules/system/xen.te 2006-11-29 12:04:51.000000000 -0500 -+++ serefpolicy-2.4.6/policy/modules/system/xen.te 2007-09-07 12:00:31.000000000 -0400 ++++ serefpolicy-2.4.6/policy/modules/system/xen.te 2007-09-25 16:32:35.000000000 -0400 @@ -20,12 +20,15 @@ type xenctl_t; files_type(xenctl_t) @@ -16958,7 +17500,7 @@ kernel_read_system_state(xm_t) kernel_read_kernel_sysctls(xm_t) -@@ -325,7 +361,10 @@ +@@ -325,21 +361,29 @@ corecmd_exec_bin(xm_t) corecmd_exec_sbin(xm_t) @@ -16969,11 +17511,18 @@ corenet_tcp_sendrecv_generic_if(xm_t) corenet_tcp_sendrecv_all_nodes(xm_t) corenet_tcp_connect_soundd_port(xm_t) -@@ -338,8 +377,11 @@ + + dev_read_urand(xm_t) + ++userdom_dontaudit_search_sysadm_home_dirs(xm_t) ++ + files_read_etc_runtime_files(xm_t) + files_read_usr_files(xm_t) + files_list_mnt(xm_t) # Some common macros (you might be able to remove some) files_read_etc_files(xm_t) -+fs_getattr_all_fs(xend_t) ++fs_getattr_all_fs(xm_t) + term_use_all_terms(xm_t) @@ -16981,7 +17530,7 @@ init_rw_script_stream_sockets(xm_t) init_use_fds(xm_t) -@@ -353,3 +395,17 @@ +@@ -353,3 +397,17 @@ xen_append_log(xm_t) xen_stream_connect(xm_t) xen_stream_connect_xenstore(xm_t) @@ -17001,7 +17550,7 @@ +') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/support/file_patterns.spt serefpolicy-2.4.6/policy/support/file_patterns.spt --- nsaserefpolicy/policy/support/file_patterns.spt 1969-12-31 19:00:00.000000000 -0500 -+++ serefpolicy-2.4.6/policy/support/file_patterns.spt 2007-05-22 12:40:26.000000000 -0400 ++++ serefpolicy-2.4.6/policy/support/file_patterns.spt 2007-09-24 15:46:29.000000000 -0400 @@ -0,0 +1,534 @@ +# +# Directory patterns (dir) @@ -17539,7 +18088,7 @@ +') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/support/misc_macros.spt serefpolicy-2.4.6/policy/support/misc_macros.spt --- nsaserefpolicy/policy/support/misc_macros.spt 2006-11-29 12:04:51.000000000 -0500 -+++ serefpolicy-2.4.6/policy/support/misc_macros.spt 2007-07-11 13:55:12.000000000 -0400 ++++ serefpolicy-2.4.6/policy/support/misc_macros.spt 2007-09-24 15:46:29.000000000 -0400 @@ -76,3 +76,11 @@ define(`gen_bool',` bool $1 dflt_or_overr(`$1'_conf,$2); @@ -17554,7 +18103,7 @@ +') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/support/obj_perm_sets.spt serefpolicy-2.4.6/policy/support/obj_perm_sets.spt --- nsaserefpolicy/policy/support/obj_perm_sets.spt 2006-11-29 12:04:51.000000000 -0500 -+++ serefpolicy-2.4.6/policy/support/obj_perm_sets.spt 2007-05-22 12:40:26.000000000 -0400 ++++ serefpolicy-2.4.6/policy/support/obj_perm_sets.spt 2007-09-24 15:46:29.000000000 -0400 @@ -224,3 +224,147 @@ # define(`client_stream_socket_perms', `{ create ioctl read getattr write setattr append bind getopt setopt shutdown }') @@ -17705,7 +18254,7 @@ + diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/support/*Warnings* serefpolicy-2.4.6/policy/support/*Warnings* --- nsaserefpolicy/policy/support/*Warnings* 1969-12-31 19:00:00.000000000 -0500 -+++ serefpolicy-2.4.6/policy/support/*Warnings* 2007-05-22 12:40:26.000000000 -0400 ++++ serefpolicy-2.4.6/policy/support/*Warnings* 2007-09-24 15:46:29.000000000 -0400 @@ -0,0 +1,189 @@ +(1) (initialization/error) An error has occurred while loading /home/devel/dwalsh/.xemacs/init.el: + @@ -17898,7 +18447,7 @@ + diff --exclude-from=exclude -N -u -r nsaserefpolicy/Rules.modular serefpolicy-2.4.6/Rules.modular --- nsaserefpolicy/Rules.modular 2006-11-29 12:04:51.000000000 -0500 -+++ serefpolicy-2.4.6/Rules.modular 2007-05-22 12:40:26.000000000 -0400 ++++ serefpolicy-2.4.6/Rules.modular 2007-09-24 15:46:29.000000000 -0400 @@ -219,6 +219,16 @@ ######################################## Index: selinux-policy.spec =================================================================== RCS file: /cvs/dist/rpms/selinux-policy/FC-6/selinux-policy.spec,v retrieving revision 1.376 retrieving revision 1.377 diff -u -r1.376 -r1.377 --- selinux-policy.spec 21 Sep 2007 20:21:56 -0000 1.376 +++ selinux-policy.spec 9 Oct 2007 20:56:23 -0000 1.377 @@ -17,7 +17,7 @@ Summary: SELinux policy configuration Name: selinux-policy Version: 2.4.6 -Release: 94%{?dist} +Release: 107%{?dist} License: GPL Group: System Environment/Base Source: serefpolicy-%{version}.tgz @@ -358,6 +358,37 @@ %endif %changelog +* Tue Oct 9 2007 Dan Walsh 2.4.6-107 +- Remove badly labeled pegasus directory + +* Tue Oct 2 2007 Dan Walsh 2.4.6-106 +- Remove additional avc's caused by pm-tools +Resolves: #282421 + +* Tue Oct 2 2007 Dan Walsh 2.4.6-104 +- Fix salsa context to create alsa.sound correctly +Resolves: #315341 + +* Mon Oct 1 2007 Dan Walsh 2.4.6-102 +- Allow multipathd to connect to itself +#Resolves: #311741 +Resolves: #245268 + +* Thu Sep 27 2007 Dan Walsh 2.4.6-101 +- Dontaudit postfix_smtpd_t getattr on /home +- Fix ftp +Resolves: #245268 + +* Tue Sep 25 2007 Dan Walsh 2.4.6-99 +- Introduced a minor bug when fixing replay cache, blowing up strict policy +Resolves: #284831 + +* Mon Sep 24 2007 Dan Walsh 2.4.6-97 +- Fixup clmvd to allow creation of fixed devices +- Fixes telnet/rlogin using replay cache +Resolves: #284831 +#Resolves: #300391 + * Fri Sep 14 2007 Dan Walsh 2.4.6-94 - Fixup clmvd to allow creation of fixed devices Resolves: # From fedora-cvs-commits at redhat.com Tue Oct 9 21:09:30 2007 From: fedora-cvs-commits at redhat.com (fedora-cvs-commits at redhat.com) Date: Tue, 9 Oct 2007 17:09:30 -0400 Subject: rpms/selinux-policy/FC-6 policy-fusermount.patch,1.6,1.7 Message-ID: <200710092109.l99L9UQp030175@cvs.devel.redhat.com> Author: dwalsh Update of /cvs/dist/rpms/selinux-policy/FC-6 In directory cvs.devel.redhat.com:/tmp/cvs-serv30138 Modified Files: policy-fusermount.patch Log Message: * Tue Oct 9 2007 Dan Walsh 2.4.6-107 - Remove badly labeled pegasus directory policy-fusermount.patch: kernel/files.fc | 1 + kernel/filesystem.te | 6 ++++++ system/fusermount.fc | 6 ++++++ system/fusermount.if | 41 +++++++++++++++++++++++++++++++++++++++++ system/fusermount.te | 46 ++++++++++++++++++++++++++++++++++++++++++++++ system/mount.fc | 2 -- system/mount.if | 1 + system/mount.te | 46 ++++++++++++++++++++++++++++++++++------------ 8 files changed, 135 insertions(+), 14 deletions(-) Index: policy-fusermount.patch =================================================================== RCS file: /cvs/dist/rpms/selinux-policy/FC-6/policy-fusermount.patch,v retrieving revision 1.6 retrieving revision 1.7 diff -u -r1.6 -r1.7 --- policy-fusermount.patch 5 Sep 2007 03:30:28 -0000 1.6 +++ policy-fusermount.patch 9 Oct 2007 21:09:28 -0000 1.7 @@ -1,6 +1,6 @@ diff -up /dev/null serefpolicy-2.4.6/policy/modules/system/fusermount.fc ---- /dev/null 2007-09-02 13:37:21.567001794 -0400 -+++ serefpolicy-2.4.6/policy/modules/system/fusermount.fc 2007-08-10 09:53:24.000000000 -0400 +--- /dev/null 2007-10-09 14:08:21.545011848 -0400 ++++ serefpolicy-2.4.6/policy/modules/system/fusermount.fc 2007-10-09 17:08:25.000000000 -0400 @@ -0,0 +1,6 @@ +# fusermount executable will have: +# label: system_u:object_r:fusermount_exec_t @@ -9,8 +9,8 @@ + +/usr/bin/fusermount -- gen_context(system_u:object_r:fusermount_exec_t,s0) diff -up serefpolicy-2.4.6/policy/modules/system/mount.te.fusermount serefpolicy-2.4.6/policy/modules/system/mount.te ---- serefpolicy-2.4.6/policy/modules/system/mount.te.fusermount 2007-08-10 09:53:24.000000000 -0400 -+++ serefpolicy-2.4.6/policy/modules/system/mount.te 2007-09-04 23:29:48.000000000 -0400 +--- serefpolicy-2.4.6/policy/modules/system/mount.te.fusermount 2007-10-09 17:08:25.000000000 -0400 ++++ serefpolicy-2.4.6/policy/modules/system/mount.te 2007-10-09 17:08:25.000000000 -0400 @@ -12,6 +12,9 @@ init_system_domain(mount_t,mount_exec_t) userdom_executable_file(mount_exec_t) role system_r types mount_t; @@ -75,7 +75,7 @@ ssh_sigchld(mount_t) ssh_rw_stream_sockets(mount_t) ') -@@ -201,4 +197,30 @@ optional_policy(` +@@ -201,6 +197,32 @@ optional_policy(` ifdef(`targeted_policy',` files_etc_filetrans_etc_runtime(unconfined_mount_t,file) unconfined_domain(unconfined_mount_t) @@ -106,17 +106,19 @@ + hal_use_fds(mount_t) + hal_rw_pipes(mount_t) ') + + optional_policy(` diff -up serefpolicy-2.4.6/policy/modules/system/mount.if.fusermount serefpolicy-2.4.6/policy/modules/system/mount.if --- serefpolicy-2.4.6/policy/modules/system/mount.if.fusermount 2006-11-29 12:04:51.000000000 -0500 -+++ serefpolicy-2.4.6/policy/modules/system/mount.if 2007-09-04 09:56:01.000000000 -0400 ++++ serefpolicy-2.4.6/policy/modules/system/mount.if 2007-10-09 17:08:25.000000000 -0400 @@ -147,3 +147,4 @@ interface(`mount_domtrans_unconfined',` refpolicywarn(`$0($1) has no effect in strict policy.') ') ') + diff -up /dev/null serefpolicy-2.4.6/policy/modules/system/fusermount.te ---- /dev/null 2007-09-02 13:37:21.567001794 -0400 -+++ serefpolicy-2.4.6/policy/modules/system/fusermount.te 2007-09-04 09:46:40.000000000 -0400 +--- /dev/null 2007-10-09 14:08:21.545011848 -0400 ++++ serefpolicy-2.4.6/policy/modules/system/fusermount.te 2007-10-09 17:08:25.000000000 -0400 @@ -0,0 +1,46 @@ +policy_module(fusermount,1.0.0) + @@ -165,8 +167,8 @@ + hal_rw_pipes(fusermount_t) +') diff -up /dev/null serefpolicy-2.4.6/policy/modules/system/fusermount.if ---- /dev/null 2007-09-02 13:37:21.567001794 -0400 -+++ serefpolicy-2.4.6/policy/modules/system/fusermount.if 2007-08-10 09:53:24.000000000 -0400 +--- /dev/null 2007-10-09 14:08:21.545011848 -0400 ++++ serefpolicy-2.4.6/policy/modules/system/fusermount.if 2007-10-09 17:08:25.000000000 -0400 @@ -0,0 +1,41 @@ +## policy for fusermount + @@ -211,18 +213,18 @@ +') diff -up serefpolicy-2.4.6/policy/modules/system/mount.fc.fusermount serefpolicy-2.4.6/policy/modules/system/mount.fc --- serefpolicy-2.4.6/policy/modules/system/mount.fc.fusermount 2006-11-29 12:04:51.000000000 -0500 -+++ serefpolicy-2.4.6/policy/modules/system/mount.fc 2007-09-04 09:48:11.000000000 -0400 ++++ serefpolicy-2.4.6/policy/modules/system/mount.fc 2007-10-09 17:08:25.000000000 -0400 @@ -1,4 +1,2 @@ /bin/mount.* -- gen_context(system_u:object_r:mount_exec_t,s0) /bin/umount.* -- gen_context(system_u:object_r:mount_exec_t,s0) - -/usr/bin/fusermount -- gen_context(system_u:object_r:mount_exec_t,s0) diff -up serefpolicy-2.4.6/policy/modules/kernel/filesystem.te.fusermount serefpolicy-2.4.6/policy/modules/kernel/filesystem.te ---- serefpolicy-2.4.6/policy/modules/kernel/filesystem.te.fusermount 2007-08-10 09:53:24.000000000 -0400 -+++ serefpolicy-2.4.6/policy/modules/kernel/filesystem.te 2007-08-10 09:53:24.000000000 -0400 -@@ -61,6 +61,11 @@ type configfs_t; - fs_type(configfs_t) - genfscon configfs / gen_context(system_u:object_r:configfs_t,s0) +--- serefpolicy-2.4.6/policy/modules/kernel/filesystem.te.fusermount 2007-10-09 17:08:25.000000000 -0400 ++++ serefpolicy-2.4.6/policy/modules/kernel/filesystem.te 2007-10-09 17:08:39.000000000 -0400 +@@ -71,6 +71,11 @@ fs_type(cpusetfs_t) + allow cpusetfs_t self:filesystem associate; + genfscon cpuset / gen_context(system_u:object_r:cpusetfs_t,s0) +type cpusetfs_t; +fs_type(cpusetfs_t) @@ -232,7 +234,7 @@ type eventpollfs_t; fs_type(eventpollfs_t) # change to task SID 20060628 -@@ -71,6 +76,7 @@ fs_type(fusefs_t) +@@ -81,6 +86,7 @@ fs_type(fusefs_t) allow fusefs_t self:filesystem associate; fs_noxattr_type(fusefs_t) genfscon fuse / gen_context(system_u:object_r:fusefs_t,s0) @@ -241,9 +243,9 @@ type futexfs_t; fs_type(futexfs_t) diff -up serefpolicy-2.4.6/policy/modules/kernel/files.fc.fusermount serefpolicy-2.4.6/policy/modules/kernel/files.fc ---- serefpolicy-2.4.6/policy/modules/kernel/files.fc.fusermount 2007-08-10 09:53:24.000000000 -0400 -+++ serefpolicy-2.4.6/policy/modules/kernel/files.fc 2007-08-10 09:53:24.000000000 -0400 -@@ -54,6 +54,7 @@ ifdef(`distro_suse',` +--- serefpolicy-2.4.6/policy/modules/kernel/files.fc.fusermount 2007-10-09 17:08:25.000000000 -0400 ++++ serefpolicy-2.4.6/policy/modules/kernel/files.fc 2007-10-09 17:08:39.000000000 -0400 +@@ -53,6 +53,7 @@ ifdef(`distro_suse',` /etc/issue\.net -- gen_context(system_u:object_r:etc_runtime_t,s0) /etc/localtime -l gen_context(system_u:object_r:etc_t,s0) /etc/mtab -- gen_context(system_u:object_r:etc_runtime_t,s0) From fedora-cvs-commits at redhat.com Tue Oct 9 21:17:07 2007 From: fedora-cvs-commits at redhat.com (fedora-cvs-commits at redhat.com) Date: Tue, 9 Oct 2007 17:17:07 -0400 Subject: rpms/selinux-policy/FC-6 policy-fusermount.patch,1.7,1.8 Message-ID: <200710092117.l99LH7Lu031034@cvs.devel.redhat.com> Author: dwalsh Update of /cvs/dist/rpms/selinux-policy/FC-6 In directory cvs.devel.redhat.com:/tmp/cvs-serv31016 Modified Files: policy-fusermount.patch Log Message: * Tue Oct 9 2007 Dan Walsh 2.4.6-107 - Remove badly labeled pegasus directory policy-fusermount.patch: kernel/files.fc | 1 + kernel/filesystem.te | 1 + system/fusermount.fc | 6 ++++++ system/fusermount.if | 41 +++++++++++++++++++++++++++++++++++++++++ system/fusermount.te | 46 ++++++++++++++++++++++++++++++++++++++++++++++ system/mount.fc | 2 -- system/mount.if | 1 + system/mount.te | 46 ++++++++++++++++++++++++++++++++++------------ 8 files changed, 130 insertions(+), 14 deletions(-) Index: policy-fusermount.patch =================================================================== RCS file: /cvs/dist/rpms/selinux-policy/FC-6/policy-fusermount.patch,v retrieving revision 1.7 retrieving revision 1.8 diff -u -r1.7 -r1.8 --- policy-fusermount.patch 9 Oct 2007 21:09:28 -0000 1.7 +++ policy-fusermount.patch 9 Oct 2007 21:17:04 -0000 1.8 @@ -222,18 +222,6 @@ diff -up serefpolicy-2.4.6/policy/modules/kernel/filesystem.te.fusermount serefpolicy-2.4.6/policy/modules/kernel/filesystem.te --- serefpolicy-2.4.6/policy/modules/kernel/filesystem.te.fusermount 2007-10-09 17:08:25.000000000 -0400 +++ serefpolicy-2.4.6/policy/modules/kernel/filesystem.te 2007-10-09 17:08:39.000000000 -0400 -@@ -71,6 +71,11 @@ fs_type(cpusetfs_t) - allow cpusetfs_t self:filesystem associate; - genfscon cpuset / gen_context(system_u:object_r:cpusetfs_t,s0) - -+type cpusetfs_t; -+fs_type(cpusetfs_t) -+allow cpusetfs_t self:filesystem associate; -+genfscon cpuset / gen_context(system_u:object_r:cpusetfs_t,s0) -+ - type eventpollfs_t; - fs_type(eventpollfs_t) - # change to task SID 20060628 @@ -81,6 +86,7 @@ fs_type(fusefs_t) allow fusefs_t self:filesystem associate; fs_noxattr_type(fusefs_t) From fedora-cvs-commits at redhat.com Fri Oct 12 08:08:57 2007 From: fedora-cvs-commits at redhat.com (fedora-cvs-commits at redhat.com) Date: Fri, 12 Oct 2007 04:08:57 -0400 Subject: rpms/hplip/FC-6 hplip-subprocess-replacement.patch, NONE, 1.1 hplip.spec, 1.113, 1.114 Message-ID: <200710120808.l9C88vWA013322@cvs.devel.redhat.com> Author: twaugh Update of /cvs/dist/rpms/hplip/FC-6 In directory cvs.devel.redhat.com:/tmp/cvs-serv13306 Modified Files: hplip.spec Added Files: hplip-subprocess-replacement.patch Log Message: * Fri Oct 12 2007 Tim Waugh 1.7.4a-3 - Build requires openssl-devel. - Applied patch to fix CVE-2007-5208 (bug #320021). - Resolves: rhbz#320021 hplip-subprocess-replacement.patch: hpssd.py | 34 ++++++++++++++++++---------------- 1 files changed, 18 insertions(+), 16 deletions(-) --- NEW FILE hplip-subprocess-replacement.patch --- diff -up hplip-1.7.4a/hpssd.py.subprocess-replacement hplip-1.7.4a/hpssd.py --- hplip-1.7.4a/hpssd.py.subprocess-replacement 2007-10-12 09:01:43.000000000 +0100 +++ hplip-1.7.4a/hpssd.py 2007-10-12 09:03:23.000000000 +0100 @@ -53,7 +53,7 @@ __doc__ = "Provides persistent data and # Std Lib import sys, socket, os, os.path, signal, getopt, glob, time, select -import popen2, threading, re, fcntl, pwd, tempfile +import subprocess, threading, re, fcntl, pwd, tempfile #from asyncore import dispatcher, loop from errno import EALREADY, EINPROGRESS, EWOULDBLOCK, ECONNRESET, \ @@ -562,21 +562,23 @@ class MailThread(threading.Thread): if sendmail: sendmail = os.path.join(sendmail, 'sendmail') - sendmail += ' -t -r %s' % self.from_address - - log.debug(sendmail) - std_out, std_in, std_err = popen2.popen3(sendmail) - log.debug(repr(self.message)) - std_in.write(self.message) - std_in.close() - - r, w, e = select.select([std_err], [], [], 2.0) - - if r: - err = std_err.read() - if err: - log.error(repr(err)) - self.result = ERROR_TEST_EMAIL_FAILED + cmd = [sendmail,'-t','-r',self.from_address] + + log.debug(repr(cmd)) + err = None + try: + sp = subprocess.Popen(cmd, stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE) + std_out, std_err = sp.communicate(self.message) + log.debug(repr(self.message)) + if std_err != '': + err = std_err + + except OSError, e: + err = str(e) + + if err: + log.error(repr(err)) + self.result = ERROR_TEST_EMAIL_FAILED else: log.error("Mail send failed. sendmail not found.") Index: hplip.spec =================================================================== RCS file: /cvs/dist/rpms/hplip/FC-6/hplip.spec,v retrieving revision 1.113 retrieving revision 1.114 diff -u -r1.113 -r1.114 --- hplip.spec 16 Jul 2007 17:26:11 -0000 1.113 +++ hplip.spec 12 Oct 2007 08:08:55 -0000 1.114 @@ -23,6 +23,7 @@ Patch8: hplip-unload-traceback.patch Patch9: hplip-no-root-config.patch Patch10: hplip-marker-supply.patch +Patch11: hplip-subprocess-replacement.patch BuildRoot: %{_tmppath}/%{name}-%{version}-buildroot Requires: desktop-file-utils >= 0.2.92 @@ -41,6 +42,7 @@ BuildRequires: libjpeg-devel BuildRequires: desktop-file-utils BuildRequires: libusb-devel +BuildRequires: openssl-devel BuildRequires: autoconf BuildRequires: sane-backends-devel @@ -105,6 +107,9 @@ # Low ink is a warning condition, not an error. %patch10 -p1 -b .marker-supply +# Applied patch to fix CVE-2007-5208 (bug #320021). +%patch11 -p1 -b .subprocess-replacement + autoconf # for patch4 %build @@ -207,6 +212,10 @@ exit 0 %changelog +* Fri Oct 12 2007 Tim Waugh 1.7.4a-3 +- Build requires openssl-devel. +- Applied patch to fix CVE-2007-5208 (bug #320021). + * Mon Jul 16 2007 Tim Waugh 1.7.4a-2 - Low ink is a warning condition, not an error. From fedora-cvs-commits at redhat.com Fri Oct 12 08:09:21 2007 From: fedora-cvs-commits at redhat.com (fedora-cvs-commits at redhat.com) Date: Fri, 12 Oct 2007 04:09:21 -0400 Subject: rpms/hplip/FC-6 hplip.spec,1.114,1.115 Message-ID: <200710120809.l9C89LJA013415@cvs.devel.redhat.com> Author: twaugh Update of /cvs/dist/rpms/hplip/FC-6 In directory cvs.devel.redhat.com:/tmp/cvs-serv13401 Modified Files: hplip.spec Log Message: 1.7.4a-3 Index: hplip.spec =================================================================== RCS file: /cvs/dist/rpms/hplip/FC-6/hplip.spec,v retrieving revision 1.114 retrieving revision 1.115 diff -u -r1.114 -r1.115 --- hplip.spec 12 Oct 2007 08:08:55 -0000 1.114 +++ hplip.spec 12 Oct 2007 08:09:19 -0000 1.115 @@ -1,7 +1,7 @@ Summary: HP Linux Imaging and Printing Project Name: hplip Version: 1.7.4a -Release: 2%{?dist} +Release: 3%{?dist} License: GPL/MIT/BSD Group: System Environment/Daemons Conflicts: system-config-printer < 0.6.132 From fedora-cvs-commits at redhat.com Fri Oct 12 08:13:43 2007 From: fedora-cvs-commits at redhat.com (fedora-cvs-commits at redhat.com) Date: Fri, 12 Oct 2007 04:13:43 -0400 Subject: rpms/hplip/FC-6 hplip.spec,1.115,1.116 Message-ID: <200710120813.l9C8DhEB013700@cvs.devel.redhat.com> Author: twaugh Update of /cvs/dist/rpms/hplip/FC-6 In directory cvs.devel.redhat.com:/tmp/cvs-serv13686 Modified Files: hplip.spec Log Message: FC-6 bug ID Index: hplip.spec =================================================================== RCS file: /cvs/dist/rpms/hplip/FC-6/hplip.spec,v retrieving revision 1.115 retrieving revision 1.116 diff -u -r1.115 -r1.116 --- hplip.spec 12 Oct 2007 08:09:19 -0000 1.115 +++ hplip.spec 12 Oct 2007 08:13:40 -0000 1.116 @@ -107,7 +107,7 @@ # Low ink is a warning condition, not an error. %patch10 -p1 -b .marker-supply -# Applied patch to fix CVE-2007-5208 (bug #320021). +# Applied patch to fix CVE-2007-5208 (bug #329121). %patch11 -p1 -b .subprocess-replacement autoconf # for patch4 @@ -214,7 +214,7 @@ %changelog * Fri Oct 12 2007 Tim Waugh 1.7.4a-3 - Build requires openssl-devel. -- Applied patch to fix CVE-2007-5208 (bug #320021). +- Applied patch to fix CVE-2007-5208 (bug #329121). * Mon Jul 16 2007 Tim Waugh 1.7.4a-2 - Low ink is a warning condition, not an error. From fedora-cvs-commits at redhat.com Fri Oct 12 11:35:01 2007 From: fedora-cvs-commits at redhat.com (fedora-cvs-commits at redhat.com) Date: Fri, 12 Oct 2007 07:35:01 -0400 Subject: rpms/openssl/FC-6 openssl-0.9.8b-cve-2007-4995.patch, NONE, 1.1 openssl-0.9.8b-cve-2007-5135.patch, NONE, 1.1 openssl-0.9.8b-cve-2007-3108.patch, 1.1, 1.2 openssl.spec, 1.89, 1.90 Message-ID: <200710121135.l9CBZ18K023015@cvs.devel.redhat.com> Author: tmraz Update of /cvs/dist/rpms/openssl/FC-6 In directory cvs.devel.redhat.com:/tmp/cvs-serv22981 Modified Files: openssl-0.9.8b-cve-2007-3108.patch openssl.spec Added Files: openssl-0.9.8b-cve-2007-4995.patch openssl-0.9.8b-cve-2007-5135.patch Log Message: * Fri Oct 12 2007 Tomas Mraz 0.9.8b-15 - fix CVE-2007-5135 - off-by-one in SSL_get_shared_ciphers (#309801) - fix CVE-2007-4995 - out of order DTLS fragments buffer overflow (#321191) openssl-0.9.8b-cve-2007-4995.patch: d1_both.c | 618 ++++++++++++++++++++++++++++--------------------------------- d1_clnt.c | 23 +- d1_lib.c | 20 + d1_pkt.c | 111 +++++----- d1_srvr.c | 27 ++ dtls1.h | 7 s23_clnt.c | 1 s23_srvr.c | 1 s2_lib.c | 2 s3_lib.c | 4 s3_pkt.c | 6 s3_srvr.c | 13 - ssl.h | 3 ssl_err.c | 1 ssl_locl.h | 4 t1_enc.c | 30 ++ 16 files changed, 458 insertions(+), 413 deletions(-) --- NEW FILE openssl-0.9.8b-cve-2007-4995.patch --- Fix DTLS implementation to be RFC 4347 compliant. This makes the new client incompatible with the old openssl DTLS servers. However the older openssl client will still be able to connect to the new server code. This change also resolves buffer overrun when out-of-order fragments are received during the handshake. CVE-2007-4995 diff -up openssl-0.9.8b/ssl/dtls1.h.dtls-fixes openssl-0.9.8b/ssl/dtls1.h --- openssl-0.9.8b/ssl/dtls1.h.dtls-fixes 2007-10-08 17:55:22.000000000 +0200 +++ openssl-0.9.8b/ssl/dtls1.h 2007-10-08 17:55:22.000000000 +0200 @@ -67,9 +67,8 @@ extern "C" { #endif -#define DTLS1_VERSION 0x0100 -#define DTLS1_VERSION_MAJOR 0x01 -#define DTLS1_VERSION_MINOR 0x00 +#define DTLS1_VERSION 0xFEFF +#define DTLS1_BAD_VER 0x0100 #define DTLS1_AD_MISSING_HANDSHAKE_MESSAGE 110 @@ -83,7 +82,7 @@ extern "C" { #define DTLS1_HM_BAD_FRAGMENT -2 #define DTLS1_HM_FRAGMENT_RETRY -3 -#define DTLS1_CCS_HEADER_LENGTH 3 +#define DTLS1_CCS_HEADER_LENGTH 1 #define DTLS1_AL_HEADER_LENGTH 7 diff -up openssl-0.9.8b/ssl/d1_lib.c.dtls-fixes openssl-0.9.8b/ssl/d1_lib.c --- openssl-0.9.8b/ssl/d1_lib.c.dtls-fixes 2005-08-08 21:26:35.000000000 +0200 +++ openssl-0.9.8b/ssl/d1_lib.c 2007-10-08 17:55:22.000000000 +0200 @@ -188,3 +188,23 @@ void dtls1_clear(SSL *s) ssl3_clear(s); s->version=DTLS1_VERSION; } + +/* + * As it's impossible to use stream ciphers in "datagram" mode, this + * simple filter is designed to disengage them in DTLS. Unfortunately + * there is no universal way to identify stream SSL_CIPHER, so we have + * to explicitly list their SSL_* codes. Currently RC4 is the only one + * available, but if new ones emerge, they will have to be added... + */ +SSL_CIPHER *dtls1_get_cipher(unsigned int u) + { + SSL_CIPHER *ciph = ssl3_get_cipher(u); + + if (ciph != NULL) + { + if ((ciph->algorithms&SSL_ENC_MASK) == SSL_RC4) + return NULL; + } + + return ciph; + } diff -up openssl-0.9.8b/ssl/d1_srvr.c.dtls-fixes openssl-0.9.8b/ssl/d1_srvr.c --- openssl-0.9.8b/ssl/d1_srvr.c.dtls-fixes 2005-12-05 18:32:19.000000000 +0100 +++ openssl-0.9.8b/ssl/d1_srvr.c 2007-10-10 14:21:49.000000000 +0200 @@ -285,6 +285,10 @@ int dtls1_accept(SSL *s) s->d1->send_cookie = 0; s->state=SSL3_ST_SW_FLUSH; s->s3->tmp.next_state=SSL3_ST_SR_CLNT_HELLO_A; + + /* HelloVerifyRequests resets Finished MAC */ + if (s->client_version != DTLS1_BAD_VER) + ssl3_init_finished_mac(s); break; case SSL3_ST_SW_SRVR_HELLO_A: @@ -620,10 +624,13 @@ int dtls1_send_hello_verify_request(SSL buf = (unsigned char *)s->init_buf->data; msg = p = &(buf[DTLS1_HM_HEADER_LENGTH]); - *(p++) = s->version >> 8; - *(p++) = s->version & 0xFF; + if (s->client_version == DTLS1_BAD_VER) + *(p++) = DTLS1_BAD_VER>>8, + *(p++) = DTLS1_BAD_VER&0xff; + else + *(p++) = s->version >> 8, + *(p++) = s->version & 0xFF; - *(p++) = (unsigned char) s->d1->cookie_len; if ( s->ctx->app_gen_cookie_cb != NULL && s->ctx->app_gen_cookie_cb(s, s->d1->cookie, &(s->d1->cookie_len)) == 0) @@ -634,6 +641,7 @@ int dtls1_send_hello_verify_request(SSL /* else the cookie is assumed to have * been initialized by the application */ + *(p++) = (unsigned char) s->d1->cookie_len; memcpy(p, s->d1->cookie, s->d1->cookie_len); p += s->d1->cookie_len; msg_len = p - msg; @@ -672,8 +680,12 @@ int dtls1_send_server_hello(SSL *s) /* Do the message type and length last */ d=p= &(buf[DTLS1_HM_HEADER_LENGTH]); - *(p++)=s->version>>8; - *(p++)=s->version&0xff; + if (s->client_version == DTLS1_BAD_VER) + *(p++)=DTLS1_BAD_VER>>8, + *(p++)=DTLS1_BAD_VER&0xff; + else + *(p++)=s->version>>8, + *(p++)=s->version&0xff; /* Random stuff */ memcpy(p,s->s3->server_random,SSL3_RANDOM_SIZE); @@ -1009,6 +1021,7 @@ int dtls1_send_certificate_request(SSL * STACK_OF(X509_NAME) *sk=NULL; X509_NAME *name; BUF_MEM *buf; + unsigned int msg_len; if (s->state == SSL3_ST_SW_CERT_REQ_A) { @@ -1086,6 +1099,10 @@ int dtls1_send_certificate_request(SSL * #endif /* XDTLS: set message header ? */ + msg_len = s->init_num - DTLS1_HM_HEADER_LENGTH; + dtls1_set_message_header(s, (void *)s->init_buf->data, + SSL3_MT_CERTIFICATE_REQUEST, msg_len, 0, msg_len); + /* buffer the message to handle re-xmits */ dtls1_buffer_message(s, 0); diff -up openssl-0.9.8b/ssl/s3_srvr.c.dtls-fixes openssl-0.9.8b/ssl/s3_srvr.c --- openssl-0.9.8b/ssl/s3_srvr.c.dtls-fixes 2007-10-08 17:55:22.000000000 +0200 +++ openssl-0.9.8b/ssl/s3_srvr.c 2007-10-08 17:55:22.000000000 +0200 @@ -679,9 +679,9 @@ int ssl3_get_client_hello(SSL *s) */ if (s->state == SSL3_ST_SR_CLNT_HELLO_A) { - s->first_packet=1; s->state=SSL3_ST_SR_CLNT_HELLO_B; } + s->first_packet=1; n=s->method->ssl_get_message(s, SSL3_ST_SR_CLNT_HELLO_B, SSL3_ST_SR_CLNT_HELLO_C, @@ -690,6 +690,7 @@ int ssl3_get_client_hello(SSL *s) &ok); if (!ok) return((int)n); + s->first_packet=0; d=p=(unsigned char *)s->init_msg; /* use version from inside client hello, not from record header @@ -697,7 +698,8 @@ int ssl3_get_client_hello(SSL *s) s->client_version=(((int)p[0])<<8)|(int)p[1]; p+=2; - if (s->client_version < s->version) + if ((s->version == DTLS1_VERSION && s->client_version > s->version) || + (s->version != DTLS1_VERSION && s->client_version < s->version)) { SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_WRONG_VERSION_NUMBER); if ((s->client_version>>8) == SSL3_VERSION_MAJOR) @@ -748,7 +750,7 @@ int ssl3_get_client_hello(SSL *s) p+=j; - if (SSL_version(s) == DTLS1_VERSION) + if (s->version == DTLS1_VERSION) { /* cookie stuff */ cookie_len = *(p++); @@ -1709,8 +1711,9 @@ int ssl3_get_client_key_exchange(SSL *s) rsa=pkey->pkey.rsa; } - /* TLS */ - if (s->version > SSL3_VERSION) + /* TLS and [incidentally] DTLS, including pre-0.9.8f */ + if (s->version > SSL3_VERSION && + s->client_version != DTLS1_BAD_VER) { n2s(p,i); if (n != i+2) diff -up openssl-0.9.8b/ssl/ssl_locl.h.dtls-fixes openssl-0.9.8b/ssl/ssl_locl.h --- openssl-0.9.8b/ssl/ssl_locl.h.dtls-fixes 2007-10-08 17:55:22.000000000 +0200 +++ openssl-0.9.8b/ssl/ssl_locl.h 2007-10-08 17:55:22.000000000 +0200 @@ -677,7 +677,7 @@ SSL_METHOD *func_name(void) \ ssl3_put_cipher_by_char, \ ssl3_pending, \ ssl3_num_ciphers, \ - ssl3_get_cipher, \ + dtls1_get_cipher, \ s_get_meth, \ dtls1_default_timeout, \ &DTLSv1_enc_data, \ @@ -842,6 +842,8 @@ void dtls1_get_message_header(unsigned c void dtls1_get_ccs_header(unsigned char *data, struct ccs_header_st *ccs_hdr); void dtls1_reset_seq_numbers(SSL *s, int rw); long dtls1_default_timeout(void); +SSL_CIPHER *dtls1_get_cipher(unsigned int u); + /* some client-only functions */ diff -up openssl-0.9.8b/ssl/t1_enc.c.dtls-fixes openssl-0.9.8b/ssl/t1_enc.c --- openssl-0.9.8b/ssl/t1_enc.c.dtls-fixes 2007-10-08 17:55:22.000000000 +0200 +++ openssl-0.9.8b/ssl/t1_enc.c 2007-10-10 14:24:52.000000000 +0200 @@ -737,15 +737,35 @@ int tls1_mac(SSL *ssl, unsigned char *md md_size=EVP_MD_size(hash); buf[0]=rec->type; - buf[1]=TLS1_VERSION_MAJOR; - buf[2]=TLS1_VERSION_MINOR; + if (ssl->version == DTLS1_VERSION && ssl->client_version == DTLS1_BAD_VER) + { + buf[1]=TLS1_VERSION_MAJOR; + buf[2]=TLS1_VERSION_MINOR; + } + else { + buf[1]=(unsigned char)(ssl->version>>8); + buf[2]=(unsigned char)(ssl->version); + } + buf[3]=rec->length>>8; buf[4]=rec->length&0xff; /* I should fix this up TLS TLS TLS TLS TLS XXXXXXXX */ HMAC_CTX_init(&hmac); HMAC_Init_ex(&hmac,mac_sec,EVP_MD_size(hash),hash,NULL); - HMAC_Update(&hmac,seq,8); + + if (ssl->version == DTLS1_VERSION && ssl->client_version != DTLS1_BAD_VER) + { + unsigned char dtlsseq[8],*p=dtlsseq; + + s2n(send?ssl->d1->w_epoch:ssl->d1->r_epoch, p); + memcpy (p,&seq[2],6); + + HMAC_Update(&hmac,dtlsseq,8); + } + else + HMAC_Update(&hmac,seq,8); + HMAC_Update(&hmac,buf,5); HMAC_Update(&hmac,rec->input,rec->length); HMAC_Final(&hmac,md,&md_size); @@ -762,8 +782,8 @@ printf("rec="); {unsigned int z; for (z=0; zlength; z++) printf("%02X ",buf[z]); printf("\n"); } #endif - if ( SSL_version(ssl) != DTLS1_VERSION) - { + if ( SSL_version(ssl) != DTLS1_VERSION) + { for (i=7; i>=0; i--) { ++seq[i]; diff -up openssl-0.9.8b/ssl/ssl.h.dtls-fixes openssl-0.9.8b/ssl/ssl.h --- openssl-0.9.8b/ssl/ssl.h.dtls-fixes 2007-10-08 17:55:22.000000000 +0200 +++ openssl-0.9.8b/ssl/ssl.h 2007-10-08 17:55:22.000000000 +0200 @@ -315,7 +315,7 @@ extern "C" { /* The following cipher list is used by default. * It also is substituted when an application-defined cipher list string * starts with 'DEFAULT'. */ -#define SSL_DEFAULT_CIPHER_LIST "ALL:!ADH:+RC4:@STRENGTH" /* low priority for RC4 */ +#define SSL_DEFAULT_CIPHER_LIST "AES:ALL:!aNULL:!eNULL:+RC4:@STRENGTH" /* low priority for RC4 */ /* Used in SSL_set_shutdown()/SSL_get_shutdown(); */ #define SSL_SENT_SHUTDOWN 1 @@ -1551,6 +1551,7 @@ void ERR_load_SSL_strings(void); #define SSL_F_DTLS1_GET_MESSAGE_FRAGMENT 253 #define SSL_F_DTLS1_GET_RECORD 254 #define SSL_F_DTLS1_OUTPUT_CERT_CHAIN 255 +#define SSL_F_DTLS1_PREPROCESS_FRAGMENT 277 #define SSL_F_DTLS1_PROCESS_OUT_OF_SEQ_MESSAGE 256 #define SSL_F_DTLS1_PROCESS_RECORD 257 #define SSL_F_DTLS1_READ_BYTES 258 diff -up openssl-0.9.8b/ssl/d1_pkt.c.dtls-fixes openssl-0.9.8b/ssl/d1_pkt.c --- openssl-0.9.8b/ssl/d1_pkt.c.dtls-fixes 2006-02-08 20:16:32.000000000 +0100 +++ openssl-0.9.8b/ssl/d1_pkt.c 2007-10-08 17:55:22.000000000 +0200 @@ -120,6 +120,7 @@ #include #include #include +#include static int have_handshake_fragment(SSL *s, int type, unsigned char *buf, int len, int peek); @@ -486,9 +487,9 @@ int dtls1_get_record(SSL *s) SSL3_RECORD *rr; SSL_SESSION *sess; unsigned char *p; - short version; + unsigned short version; DTLS1_BITMAP *bitmap; - unsigned int is_next_epoch; + unsigned int is_next_epoch; rr= &(s->s3->rrec); sess=s->session; @@ -524,7 +525,7 @@ again: ssl_minor= *(p++); version=(ssl_major<<8)|ssl_minor; - /* sequence number is 64 bits, with top 2 bytes = epoch */ + /* sequence number is 64 bits, with top 2 bytes = epoch */ n2s(p,rr->epoch); memcpy(&(s->s3->read_sequence[2]), p, 6); @@ -533,13 +534,9 @@ again: n2s(p,rr->length); /* Lets check version */ - if (s->first_packet) + if (!s->first_packet) { - s->first_packet=0; - } - else - { - if (version != s->version) + if (version != s->version && version != DTLS1_BAD_VER) { SSLerr(SSL_F_DTLS1_GET_RECORD,SSL_R_WRONG_VERSION_NUMBER); /* Send back error using their @@ -550,7 +547,8 @@ again: } } - if ((version & 0xff00) != (DTLS1_VERSION & 0xff00)) + if ((version & 0xff00) != (DTLS1_VERSION & 0xff00) && + (version & 0xff00) != (DTLS1_BAD_VER & 0xff00)) { SSLerr(SSL_F_DTLS1_GET_RECORD,SSL_R_WRONG_VERSION_NUMBER); goto err; @@ -796,8 +794,14 @@ start: dest = s->d1->alert_fragment; dest_len = &s->d1->alert_fragment_len; } - else /* else it's a CCS message */ - OPENSSL_assert(rr->type == SSL3_RT_CHANGE_CIPHER_SPEC); + /* else it's a CCS message, or it's wrong */ + else if (rr->type != SSL3_RT_CHANGE_CIPHER_SPEC) + { + /* Not certain if this is the right error handling */ + al=SSL_AD_UNEXPECTED_MESSAGE; + SSLerr(SSL_F_DTLS1_READ_BYTES,SSL_R_UNEXPECTED_RECORD); + goto f_err; + } if (dest_maxlen > 0) @@ -971,47 +975,40 @@ start: } if (rr->type == SSL3_RT_CHANGE_CIPHER_SPEC) - { - struct ccs_header_st ccs_hdr; + { + struct ccs_header_st ccs_hdr; dtls1_get_ccs_header(rr->data, &ccs_hdr); - if ( ccs_hdr.seq == s->d1->handshake_read_seq) + /* 'Change Cipher Spec' is just a single byte, so we know + * exactly what the record payload has to look like */ + /* XDTLS: check that epoch is consistent */ + if ( (s->client_version == DTLS1_BAD_VER && rr->length != 3) || + (s->client_version != DTLS1_BAD_VER && rr->length != DTLS1_CCS_HEADER_LENGTH) || + (rr->off != 0) || (rr->data[0] != SSL3_MT_CCS)) { - /* 'Change Cipher Spec' is just a single byte, so we know - * exactly what the record payload has to look like */ - /* XDTLS: check that epoch is consistent */ - if ( (rr->length != DTLS1_CCS_HEADER_LENGTH) || - (rr->off != 0) || (rr->data[0] != SSL3_MT_CCS)) - { - i=SSL_AD_ILLEGAL_PARAMETER; - SSLerr(SSL_F_DTLS1_READ_BYTES,SSL_R_BAD_CHANGE_CIPHER_SPEC); - goto err; - } - - rr->length=0; - - if (s->msg_callback) - s->msg_callback(0, s->version, SSL3_RT_CHANGE_CIPHER_SPEC, - rr->data, 1, s, s->msg_callback_arg); - - s->s3->change_cipher_spec=1; - if (!ssl3_do_change_cipher_spec(s)) - goto err; - - /* do this whenever CCS is processed */ - dtls1_reset_seq_numbers(s, SSL3_CC_READ); - - /* handshake read seq is reset upon handshake completion */ - s->d1->handshake_read_seq++; - - goto start; - } - else - { - rr->length = 0; - goto start; + i=SSL_AD_ILLEGAL_PARAMETER; + SSLerr(SSL_F_DTLS1_READ_BYTES,SSL_R_BAD_CHANGE_CIPHER_SPEC); + goto err; } + + rr->length=0; + + if (s->msg_callback) + s->msg_callback(0, s->version, SSL3_RT_CHANGE_CIPHER_SPEC, + rr->data, 1, s, s->msg_callback_arg); + + s->s3->change_cipher_spec=1; + if (!ssl3_do_change_cipher_spec(s)) + goto err; + + /* do this whenever CCS is processed */ + dtls1_reset_seq_numbers(s, SSL3_CC_READ); + + /* handshake read seq is reset upon handshake completion */ + s->d1->handshake_read_seq++; + + goto start; } /* Unexpected handshake message (Client Hello, or protocol violation) */ @@ -1339,8 +1336,12 @@ int do_dtls1_write(SSL *s, int type, con *(p++)=type&0xff; wr->type=type; - *(p++)=(s->version>>8); - *(p++)=s->version&0xff; + if (s->client_version == DTLS1_BAD_VER) + *(p++) = DTLS1_BAD_VER>>8, + *(p++) = DTLS1_BAD_VER&0xff; + else + *(p++)=(s->version>>8), + *(p++)=s->version&0xff; /* field where we are to write out packet epoch, seq num and len */ pseq=p; @@ -1395,8 +1396,14 @@ int do_dtls1_write(SSL *s, int type, con /* ssl3_enc can only have an error on read */ - wr->length += bs; /* bs != 0 in case of CBC. The enc fn provides - * the randomness */ + if (bs) /* bs != 0 in case of CBC */ + { + RAND_pseudo_bytes(p,bs); + /* master IV and last CBC residue stand for + * the rest of randomness */ + wr->length += bs; + } + s->method->ssl3_enc->enc(s,1); /* record length after mac and block padding */ diff -up openssl-0.9.8b/ssl/ssl_err.c.dtls-fixes openssl-0.9.8b/ssl/ssl_err.c --- openssl-0.9.8b/ssl/ssl_err.c.dtls-fixes 2006-01-08 22:52:46.000000000 +0100 +++ openssl-0.9.8b/ssl/ssl_err.c 2007-10-08 17:55:22.000000000 +0200 @@ -87,6 +87,7 @@ static ERR_STRING_DATA SSL_str_functs[]= {ERR_FUNC(SSL_F_DTLS1_GET_MESSAGE_FRAGMENT), "DTLS1_GET_MESSAGE_FRAGMENT"}, {ERR_FUNC(SSL_F_DTLS1_GET_RECORD), "DTLS1_GET_RECORD"}, {ERR_FUNC(SSL_F_DTLS1_OUTPUT_CERT_CHAIN), "DTLS1_OUTPUT_CERT_CHAIN"}, +{ERR_FUNC(SSL_F_DTLS1_PREPROCESS_FRAGMENT), "DTLS1_PREPROCESS_FRAGMENT"}, {ERR_FUNC(SSL_F_DTLS1_PROCESS_OUT_OF_SEQ_MESSAGE), "DTLS1_PROCESS_OUT_OF_SEQ_MESSAGE"}, {ERR_FUNC(SSL_F_DTLS1_PROCESS_RECORD), "DTLS1_PROCESS_RECORD"}, {ERR_FUNC(SSL_F_DTLS1_READ_BYTES), "DTLS1_READ_BYTES"}, diff -up openssl-0.9.8b/ssl/s3_pkt.c.dtls-fixes openssl-0.9.8b/ssl/s3_pkt.c --- openssl-0.9.8b/ssl/s3_pkt.c.dtls-fixes 2005-10-01 01:38:20.000000000 +0200 +++ openssl-0.9.8b/ssl/s3_pkt.c 2007-10-08 17:55:22.000000000 +0200 @@ -277,11 +277,7 @@ again: n2s(p,rr->length); /* Lets check version */ - if (s->first_packet) - { - s->first_packet=0; - } - else + if (!s->first_packet) { if (version != s->version) { diff -up openssl-0.9.8b/ssl/s23_srvr.c.dtls-fixes openssl-0.9.8b/ssl/s23_srvr.c --- openssl-0.9.8b/ssl/s23_srvr.c.dtls-fixes 2005-12-05 18:32:19.000000000 +0100 +++ openssl-0.9.8b/ssl/s23_srvr.c 2007-10-08 17:55:22.000000000 +0200 @@ -565,7 +565,6 @@ int ssl23_get_client_hello(SSL *s) s->init_num=0; if (buf != buf_space) OPENSSL_free(buf); - s->first_packet=1; return(SSL_accept(s)); err: if (buf != buf_space) OPENSSL_free(buf); diff -up openssl-0.9.8b/ssl/s23_clnt.c.dtls-fixes openssl-0.9.8b/ssl/s23_clnt.c --- openssl-0.9.8b/ssl/s23_clnt.c.dtls-fixes 2005-12-05 18:32:19.000000000 +0100 +++ openssl-0.9.8b/ssl/s23_clnt.c 2007-10-08 17:55:22.000000000 +0200 @@ -574,7 +574,6 @@ static int ssl23_get_server_hello(SSL *s if (!ssl_get_new_session(s,0)) goto err; - s->first_packet=1; return(SSL_connect(s)); err: return(-1); diff -up openssl-0.9.8b/ssl/s3_lib.c.dtls-fixes openssl-0.9.8b/ssl/s3_lib.c --- openssl-0.9.8b/ssl/s3_lib.c.dtls-fixes 2006-01-15 08:14:38.000000000 +0100 +++ openssl-0.9.8b/ssl/s3_lib.c 2007-10-08 17:55:22.000000000 +0200 @@ -903,7 +903,8 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] }, #if TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES - /* New TLS Export CipherSuites */ + /* New TLS Export CipherSuites from expired ID */ +#if 0 /* Cipher 60 */ { 1, @@ -930,6 +931,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] SSL_ALL_CIPHERS, SSL_ALL_STRENGTHS, }, +#endif /* Cipher 62 */ { 1, diff -up openssl-0.9.8b/ssl/s2_lib.c.dtls-fixes openssl-0.9.8b/ssl/s2_lib.c --- openssl-0.9.8b/ssl/s2_lib.c.dtls-fixes 2005-08-27 14:05:23.000000000 +0200 +++ openssl-0.9.8b/ssl/s2_lib.c 2007-10-08 17:55:22.000000000 +0200 @@ -178,7 +178,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl2_ciphers[] SSL_ALL_STRENGTHS, }, /* RC4_64_WITH_MD5 */ -#if 1 +#if 0 { 1, SSL2_TXT_RC4_64_WITH_MD5, diff -up openssl-0.9.8b/ssl/d1_both.c.dtls-fixes openssl-0.9.8b/ssl/d1_both.c --- openssl-0.9.8b/ssl/d1_both.c.dtls-fixes 2005-08-29 01:20:52.000000000 +0200 +++ openssl-0.9.8b/ssl/d1_both.c 2007-10-08 17:55:22.000000000 +0200 @@ -138,38 +138,40 @@ static void dtls1_set_message_header_int unsigned long frag_len); static int dtls1_retransmit_buffered_messages(SSL *s); static long dtls1_get_message_fragment(SSL *s, int st1, int stn, - long max, int *ok); -static void dtls1_process_handshake_fragment(SSL *s, int frag_len); + long max, int *ok); static hm_fragment * dtls1_hm_fragment_new(unsigned long frag_len) - { - hm_fragment *frag = NULL; - unsigned char *buf = NULL; + { + hm_fragment *frag = NULL; + unsigned char *buf = NULL; - frag = (hm_fragment *)OPENSSL_malloc(sizeof(hm_fragment)); - if ( frag == NULL) - return NULL; + frag = (hm_fragment *)OPENSSL_malloc(sizeof(hm_fragment)); + if ( frag == NULL) + return NULL; - buf = (unsigned char *)OPENSSL_malloc(frag_len - + DTLS1_HM_HEADER_LENGTH); - if ( buf == NULL) - { - OPENSSL_free(frag); - return NULL; - } - - frag->fragment = buf; + if (frag_len) + { + buf = (unsigned char *)OPENSSL_malloc(frag_len); + if ( buf == NULL) + { + OPENSSL_free(frag); + return NULL; + } + } - return frag; - } + /* zero length fragment gets zero frag->fragment */ + frag->fragment = buf; + + return frag; + } static void dtls1_hm_fragment_free(hm_fragment *frag) - { - OPENSSL_free(frag->fragment); - OPENSSL_free(frag); - } + { + if (frag->fragment) OPENSSL_free(frag->fragment); + OPENSSL_free(frag); + } /* send s->init_buf in records of type 'type' (SSL3_RT_HANDSHAKE or SSL3_RT_CHANGE_CIPHER_SPEC) */ int dtls1_do_write(SSL *s, int type) @@ -180,7 +182,7 @@ int dtls1_do_write(SSL *s, int type) /* AHA! Figure out the MTU, and stick to the right size */ if ( ! (SSL_get_options(s) & SSL_OP_NO_QUERY_MTU)) - { + { s->d1->mtu = BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_QUERY_MTU, 0, NULL); @@ -207,7 +209,7 @@ int dtls1_do_write(SSL *s, int type) mtu = curr_mtu; else if ( ( ret = BIO_flush(SSL_get_wbio(s))) <= 0) return ret; - + if ( BIO_wpending(SSL_get_wbio(s)) + s->init_num >= mtu) { ret = BIO_flush(SSL_get_wbio(s)); @@ -254,11 +256,11 @@ int dtls1_do_write(SSL *s, int type) s->init_off -= DTLS1_HM_HEADER_LENGTH; s->init_num += DTLS1_HM_HEADER_LENGTH; - /* write atleast DTLS1_HM_HEADER_LENGTH bytes */ + /* write atleast DTLS1_HM_HEADER_LENGTH bytes */ if ( len <= DTLS1_HM_HEADER_LENGTH) len += DTLS1_HM_HEADER_LENGTH; } - + dtls1_fix_message_header(s, frag_off, len - DTLS1_HM_HEADER_LENGTH); @@ -286,18 +288,40 @@ int dtls1_do_write(SSL *s, int type) } else { - + /* bad if this assert fails, only part of the handshake * message got sent. but why would this happen? */ - OPENSSL_assert(len == (unsigned int)ret); - + OPENSSL_assert(len == (unsigned int)ret); + if (type == SSL3_RT_HANDSHAKE && ! s->d1->retransmitting) + { /* should not be done for 'Hello Request's, but in that case * we'll ignore the result anyway */ - ssl3_finish_mac(s, - (unsigned char *)&s->init_buf->data[s->init_off + - DTLS1_HM_HEADER_LENGTH], ret - DTLS1_HM_HEADER_LENGTH); - + unsigned char *p = &s->init_buf->data[s->init_off]; + const struct hm_header_st *msg_hdr = &s->d1->w_msg_hdr; + int len; + + if (frag_off == 0 && s->client_version != DTLS1_BAD_VER) + { + /* reconstruct message header is if it + * is being sent in single fragment */ + *p++ = msg_hdr->type; + l2n3(msg_hdr->msg_len,p); + s2n (msg_hdr->seq,p); + l2n3(0,p); + l2n3(msg_hdr->msg_len,p); + p -= DTLS1_HM_HEADER_LENGTH; + len = ret; + } + else + { + p += DTLS1_HM_HEADER_LENGTH; + len = ret - DTLS1_HM_HEADER_LENGTH; + } + + ssl3_finish_mac(s, p, len); + } + if (ret == s->init_num) { if (s->msg_callback) @@ -307,7 +331,7 @@ int dtls1_do_write(SSL *s, int type) s->init_off = 0; /* done writing this message */ s->init_num = 0; - + return(1); } s->init_off+=ret; @@ -327,6 +351,7 @@ int dtls1_do_write(SSL *s, int type) long dtls1_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok) { int i, al; + struct hm_header_st *msg_hdr; /* s3->tmp is used to store messages that are unexpected, caused * by the absence of an optional handshake message */ @@ -344,25 +369,56 @@ long dtls1_get_message(SSL *s, int st1, s->init_num = (int)s->s3->tmp.message_size; return s->init_num; } - + + msg_hdr = &s->d1->r_msg_hdr; do { - if ( s->d1->r_msg_hdr.frag_off == 0) + if ( msg_hdr->frag_off == 0) { /* s->d1->r_message_header.msg_len = 0; */ - memset(&(s->d1->r_msg_hdr), 0x00, sizeof(struct hm_header_st)); + memset(msg_hdr, 0x00, sizeof(struct hm_header_st)); } i = dtls1_get_message_fragment(s, st1, stn, max, ok); if ( i == DTLS1_HM_BAD_FRAGMENT || - i == DTLS1_HM_FRAGMENT_RETRY) /* bad fragment received */ + i == DTLS1_HM_FRAGMENT_RETRY) /* bad fragment received */ continue; else if ( i <= 0 && !*ok) return i; - if (s->d1->r_msg_hdr.msg_len == (unsigned int)s->init_num - DTLS1_HM_HEADER_LENGTH) + /* Note that s->init_sum is used as a counter summing + * up fragments' lengths: as soon as they sum up to + * handshake packet length, we assume we have got all + * the fragments. Overlapping fragments would cause + * premature termination, so we don't expect overlaps. + * Well, handling overlaps would require something more + * drastic. Indeed, as it is now there is no way to + * tell if out-of-order fragment from the middle was + * the last. '>=' is the best/least we can do to control + * the potential damage caused by malformed overlaps. */ + if ((unsigned int)s->init_num >= msg_hdr->msg_len) { - memset(&(s->d1->r_msg_hdr), 0x00, sizeof(struct hm_header_st)); + unsigned char *p = s->init_buf->data; + unsigned long msg_len = msg_hdr->msg_len; + + /* reconstruct message header as if it was + * sent in single fragment */ + *(p++) = msg_hdr->type; + l2n3(msg_len,p); + s2n (msg_hdr->seq,p); + l2n3(0,p); + l2n3(msg_len,p); + if (s->client_version != DTLS1_BAD_VER) + p -= DTLS1_HM_HEADER_LENGTH, + msg_len += DTLS1_HM_HEADER_LENGTH; + + ssl3_finish_mac(s, p, msg_len); + if (s->msg_callback) + s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, + p, msg_len, + s, s->msg_callback_arg); + + memset(msg_hdr, 0x00, sizeof(struct hm_header_st)); s->d1->handshake_read_seq++; /* we just read a handshake message from the other side: @@ -379,11 +435,11 @@ long dtls1_get_message(SSL *s, int st1, * first data segment, but is there a better way? */ dtls1_clear_record_buffer(s); - s->init_msg = s->init_buf->data + DTLS1_HM_HEADER_LENGTH; - return s->init_num - DTLS1_HM_HEADER_LENGTH; + s->init_msg = s->init_buf->data + DTLS1_HM_HEADER_LENGTH; + return s->init_num; } else - s->d1->r_msg_hdr.frag_off = i; + msg_hdr->frag_off = i; } while(1) ; f_err: @@ -393,161 +449,183 @@ f_err: } -static int -dtls1_retrieve_buffered_fragment(SSL *s, unsigned long *copied) - { - /* (0) check whether the desired fragment is available - * if so: - * (1) copy over the fragment to s->init_buf->data[] - * (2) update s->init_num - */ - pitem *item; - hm_fragment *frag; - unsigned long overlap; - unsigned char *p; - - item = pqueue_peek(s->d1->buffered_messages); - if ( item == NULL) - return 0; +static int dtls1_preprocess_fragment(SSL *s,struct hm_header_st *msg_hdr,int max) + { + size_t frag_off,frag_len,msg_len; - frag = (hm_fragment *)item->data; - - if ( s->d1->handshake_read_seq == frag->msg_header.seq && - frag->msg_header.frag_off <= (unsigned int)s->init_num - DTLS1_HM_HEADER_LENGTH) - { - pqueue_pop(s->d1->buffered_messages); - overlap = s->init_num - DTLS1_HM_HEADER_LENGTH - - frag->msg_header.frag_off; - - p = frag->fragment; - - memcpy(&s->init_buf->data[s->init_num], - p + DTLS1_HM_HEADER_LENGTH + overlap, - frag->msg_header.frag_len - overlap); - - OPENSSL_free(frag->fragment); - OPENSSL_free(frag); - pitem_free(item); + msg_len = msg_hdr->msg_len; + frag_off = msg_hdr->frag_off; + frag_len = msg_hdr->frag_len; - *copied = frag->msg_header.frag_len - overlap; - return *copied; - } - else - return 0; - } + /* sanity checking */ + if ( (frag_off+frag_len) > msg_len) + { + SSLerr(SSL_F_DTLS1_PREPROCESS_FRAGMENT,SSL_R_EXCESSIVE_MESSAGE_SIZE); + return SSL_AD_ILLEGAL_PARAMETER; + } + if ( (frag_off+frag_len) > (unsigned long)max) + { + SSLerr(SSL_F_DTLS1_PREPROCESS_FRAGMENT,SSL_R_EXCESSIVE_MESSAGE_SIZE); + return SSL_AD_ILLEGAL_PARAMETER; + } -static int -dtls1_buffer_handshake_fragment(SSL *s, struct hm_header_st* msg_hdr) -{ - hm_fragment *frag = NULL; - pitem *item = NULL; - PQ_64BIT seq64; + if ( s->d1->r_msg_hdr.frag_off == 0) /* first fragment */ + { + /* msg_len is limited to 2^24, but is effectively checked + * against max above */ + if (!BUF_MEM_grow_clean(s->init_buf,(int)msg_len+DTLS1_HM_HEADER_LENGTH)) + { + SSLerr(SSL_F_DTLS1_PREPROCESS_FRAGMENT,ERR_R_BUF_LIB); + return SSL_AD_INTERNAL_ERROR; + } - frag = dtls1_hm_fragment_new(msg_hdr->frag_len); - if ( frag == NULL) - goto err; + s->s3->tmp.message_size = msg_len; + s->d1->r_msg_hdr.msg_len = msg_len; + s->s3->tmp.message_type = msg_hdr->type; + s->d1->r_msg_hdr.type = msg_hdr->type; + s->d1->r_msg_hdr.seq = msg_hdr->seq; + } + else if (msg_len != s->d1->r_msg_hdr.msg_len) + { + /* They must be playing with us! BTW, failure to enforce + * upper limit would open possibility for buffer overrun. */ + SSLerr(SSL_F_DTLS1_PREPROCESS_FRAGMENT,SSL_R_EXCESSIVE_MESSAGE_SIZE); + return SSL_AD_ILLEGAL_PARAMETER; + } - memcpy(frag->fragment, &(s->init_buf->data[s->init_num]), - msg_hdr->frag_len + DTLS1_HM_HEADER_LENGTH); + return 0; /* no error */ + } - memcpy(&(frag->msg_header), msg_hdr, sizeof(*msg_hdr)); - pq_64bit_init(&seq64); - pq_64bit_assign_word(&seq64, msg_hdr->seq); +static int +dtls1_retrieve_buffered_fragment(SSL *s, long max, int *ok) + { + /* (0) check whether the desired fragment is available + * if so: + * (1) copy over the fragment to s->init_buf->data[] + * (2) update s->init_num + */ + pitem *item; + hm_fragment *frag; + int al; - item = pitem_new(seq64, frag); - if ( item == NULL) - goto err; + *ok = 0; + item = pqueue_peek(s->d1->buffered_messages); + if ( item == NULL) + return 0; - pq_64bit_free(&seq64); + frag = (hm_fragment *)item->data; - pqueue_insert(s->d1->buffered_messages, item); - return 1; + if ( s->d1->handshake_read_seq == frag->msg_header.seq) + { + pqueue_pop(s->d1->buffered_messages); -err: - if ( frag != NULL) dtls1_hm_fragment_free(frag); - if ( item != NULL) OPENSSL_free(item); - return 0; -} + al=dtls1_preprocess_fragment(s,&frag->msg_header,max); + if (al==0) /* no alert */ + { + unsigned char *p = s->init_buf->data+DTLS1_HM_HEADER_LENGTH; + memcpy(&p[frag->msg_header.frag_off], + frag->fragment,frag->msg_header.frag_len); + } -static void -dtls1_process_handshake_fragment(SSL *s, int frag_len) - { - unsigned char *p; + dtls1_hm_fragment_free(frag); + pitem_free(item); - p = (unsigned char *)s->init_buf->data; + if (al==0) + { + *ok = 1; + return frag->msg_header.frag_len; + } - ssl3_finish_mac(s, &p[s->init_num - frag_len], frag_len); - } + ssl3_send_alert(s,SSL3_AL_FATAL,al); + s->init_num = 0; + *ok = 0; + return -1; + } + else + return 0; + } static int -dtls1_process_out_of_seq_message(SSL *s, struct hm_header_st *msg_hdr, int *ok) - { - int i; - unsigned char *p; - - /* make sure there's enough room to read this fragment */ - if ( (int)msg_hdr->frag_len && !BUF_MEM_grow_clean(s->init_buf, - (int)msg_hdr->frag_len + DTLS1_HM_HEADER_LENGTH + s->init_num)) - { - SSLerr(SSL_F_DTLS1_PROCESS_OUT_OF_SEQ_MESSAGE,ERR_R_BUF_LIB); - goto err; - } +dtls1_process_out_of_seq_message(SSL *s, struct hm_header_st* msg_hdr, int *ok) +{ + int i=-1; + hm_fragment *frag = NULL; + pitem *item = NULL; + PQ_64BIT seq64; + unsigned long frag_len = msg_hdr->frag_len; - p = (unsigned char *)s->init_buf->data; + if ((msg_hdr->frag_off+frag_len) > msg_hdr->msg_len) + goto err; - /* read the body of the fragment (header has already been read */ - if ( msg_hdr->frag_len > 0) + if (msg_hdr->seq <= s->d1->handshake_read_seq) { - i=s->method->ssl_read_bytes(s,SSL3_RT_HANDSHAKE, - &p[s->init_num], - msg_hdr->frag_len,0); - if (i <= 0) + unsigned char devnull [256]; + + while (frag_len) { - *ok = 0; - return i; + i = s->method->ssl_read_bytes(s,SSL3_RT_HANDSHAKE, + devnull, + frag_len>sizeof(devnull)?sizeof(devnull):frag_len,0); + if (i<=0) goto err; + frag_len -= i; } } - if ( msg_hdr->seq > s->d1->handshake_read_seq) - dtls1_buffer_handshake_fragment(s, msg_hdr); - else - OPENSSL_assert(msg_hdr->seq < s->d1->handshake_read_seq); + frag = dtls1_hm_fragment_new(frag_len); + if ( frag == NULL) + goto err; + + memcpy(&(frag->msg_header), msg_hdr, sizeof(*msg_hdr)); + + if (frag_len) + { + /* read the body of the fragment (header has already been read */ + i = s->method->ssl_read_bytes(s,SSL3_RT_HANDSHAKE, + frag->fragment,frag_len,0); + if (i<=0 || i!=frag_len) + goto err; + } + + pq_64bit_init(&seq64); + pq_64bit_assign_word(&seq64, msg_hdr->seq); + + item = pitem_new(seq64, frag); + pq_64bit_free(&seq64); + if ( item == NULL) + goto err; + + pqueue_insert(s->d1->buffered_messages, item); + return DTLS1_HM_FRAGMENT_RETRY; - return DTLS1_HM_FRAGMENT_RETRY; err: - *ok = 0; - return -1; - } + if ( frag != NULL) dtls1_hm_fragment_free(frag); + if ( item != NULL) OPENSSL_free(item); + *ok = 0; + return i; + } static long dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, int *ok) { - unsigned char *p; + unsigned char wire[DTLS1_HM_HEADER_LENGTH]; unsigned long l, frag_off, frag_len; int i,al; struct hm_header_st msg_hdr; - unsigned long overlap; - - /* see if we have the required fragment already */ - if (dtls1_retrieve_buffered_fragment(s, &l)) - { - /* compute MAC, remove fragment headers */ - dtls1_process_handshake_fragment(s, l); - s->init_msg = s->init_buf->data + DTLS1_HM_HEADER_LENGTH; - s->state = stn; - return 1; - } - /* get a handshake fragment from the record layer */ - p = (unsigned char *)s->init_buf->data; + /* see if we have the required fragment already */ + if ((frag_len = dtls1_retrieve_buffered_fragment(s,max,ok)) || *ok) + { + if (*ok) s->init_num += frag_len; + return frag_len; + } - /* read handshake message header */ - i=s->method->ssl_read_bytes(s,SSL3_RT_HANDSHAKE,&p[s->init_num], + /* read handshake message header */ + i=s->method->ssl_read_bytes(s,SSL3_RT_HANDSHAKE,wire, DTLS1_HM_HEADER_LENGTH, 0); if (i <= 0) /* nbio, or an error */ { @@ -555,130 +633,61 @@ dtls1_get_message_fragment(SSL *s, int s *ok = 0; return i; } - OPENSSL_assert(i == DTLS1_HM_HEADER_LENGTH); - p += s->init_num; - /* parse the message fragment header */ - - dtls1_get_message_header(p, &msg_hdr); + /* parse the message fragment header */ + dtls1_get_message_header(wire, &msg_hdr); - /* - * if this is a future (or stale) message it gets buffered - * (or dropped)--no further processing at this time - */ - if ( msg_hdr.seq != s->d1->handshake_read_seq) - return dtls1_process_out_of_seq_message(s, &msg_hdr, ok); + /* + * if this is a future (or stale) message it gets buffered + * (or dropped)--no further processing at this time + */ + if ( msg_hdr.seq != s->d1->handshake_read_seq) + return dtls1_process_out_of_seq_message(s, &msg_hdr, ok); - l = msg_hdr.msg_len; - frag_off = msg_hdr.frag_off; + l = msg_hdr.msg_len; + frag_off = msg_hdr.frag_off; frag_len = msg_hdr.frag_len; - /* sanity checking */ - if ( frag_off + frag_len > l) - { - al=SSL_AD_ILLEGAL_PARAMETER; - SSLerr(SSL_F_DTLS1_GET_MESSAGE_FRAGMENT,SSL_R_EXCESSIVE_MESSAGE_SIZE); - goto f_err; - } - if (!s->server && s->d1->r_msg_hdr.frag_off == 0 && - p[0] == SSL3_MT_HELLO_REQUEST) - { - /* The server may always send 'Hello Request' messages -- - * we are doing a handshake anyway now, so ignore them - * if their format is correct. Does not count for - * 'Finished' MAC. */ - if (p[1] == 0 && p[2] == 0 &&p[3] == 0) - { - if (s->msg_callback) - s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, - p, DTLS1_HM_HEADER_LENGTH, s, - s->msg_callback_arg); - - s->init_num = 0; - return dtls1_get_message_fragment(s, st1, stn, - max, ok); - } - else /* Incorrectly formated Hello request */ - { - al=SSL_AD_UNEXPECTED_MESSAGE; - SSLerr(SSL_F_DTLS1_GET_MESSAGE_FRAGMENT,SSL_R_UNEXPECTED_MESSAGE); - goto f_err; - } - } - - /* XDTLS: do a sanity check on the fragment */ - - s->init_num += i; - - if ( s->d1->r_msg_hdr.frag_off == 0) /* first fragment */ + wire[0] == SSL3_MT_HELLO_REQUEST) { - /* BUF_MEM_grow takes an 'int' parameter */ - if (l > (INT_MAX-DTLS1_HM_HEADER_LENGTH)) + /* The server may always send 'Hello Request' messages -- + * we are doing a handshake anyway now, so ignore them + * if their format is correct. Does not count for + * 'Finished' MAC. */ + if (wire[1] == 0 && wire[2] == 0 && wire[3] == 0) { - al=SSL_AD_ILLEGAL_PARAMETER; - SSLerr(SSL_F_DTLS1_GET_MESSAGE_FRAGMENT,SSL_R_EXCESSIVE_MESSAGE_SIZE); - goto f_err; - } - if (l && !BUF_MEM_grow_clean(s->init_buf,(int)l - + DTLS1_HM_HEADER_LENGTH)) - { - SSLerr(SSL_F_DTLS1_GET_MESSAGE_FRAGMENT,ERR_R_BUF_LIB); - goto err; + if (s->msg_callback) + s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, + wire, DTLS1_HM_HEADER_LENGTH, s, + s->msg_callback_arg); + + s->init_num = 0; + return dtls1_get_message_fragment(s, st1, stn, + max, ok); } - /* Only do this test when we're reading the expected message. - * Stale messages will be dropped and future messages will be buffered */ - if ( l > (unsigned long)max) + else /* Incorrectly formated Hello request */ { - al=SSL_AD_ILLEGAL_PARAMETER; - SSLerr(SSL_F_DTLS1_GET_MESSAGE_FRAGMENT,SSL_R_EXCESSIVE_MESSAGE_SIZE); + al=SSL_AD_UNEXPECTED_MESSAGE; + SSLerr(SSL_F_DTLS1_GET_MESSAGE_FRAGMENT,SSL_R_UNEXPECTED_MESSAGE); goto f_err; } - - s->s3->tmp.message_size=l; } - if ( frag_len > (unsigned long)max) - { - al=SSL_AD_ILLEGAL_PARAMETER; - SSLerr(SSL_F_DTLS1_GET_MESSAGE_FRAGMENT,SSL_R_EXCESSIVE_MESSAGE_SIZE); - goto f_err; - } - if ( frag_len + s->init_num > (INT_MAX - DTLS1_HM_HEADER_LENGTH)) - { - al=SSL_AD_ILLEGAL_PARAMETER; - SSLerr(SSL_F_DTLS1_GET_MESSAGE_FRAGMENT,SSL_R_EXCESSIVE_MESSAGE_SIZE); - goto f_err; - } - - if ( frag_len & !BUF_MEM_grow_clean(s->init_buf, (int)frag_len - + DTLS1_HM_HEADER_LENGTH + s->init_num)) - { - SSLerr(SSL_F_DTLS1_GET_MESSAGE_FRAGMENT,ERR_R_BUF_LIB); - goto err; - } - - if ( s->d1->r_msg_hdr.frag_off == 0) - { - s->s3->tmp.message_type = msg_hdr.type; - s->d1->r_msg_hdr.type = msg_hdr.type; - s->d1->r_msg_hdr.msg_len = l; - /* s->d1->r_msg_hdr.seq = seq_num; */ - } + if ((al=dtls1_preprocess_fragment(s,&msg_hdr,max))) + goto f_err; /* XDTLS: ressurect this when restart is in place */ s->state=stn; - - /* next state (stn) */ - p = (unsigned char *)s->init_buf->data; if ( frag_len > 0) { + unsigned char *p=s->init_buf->data+DTLS1_HM_HEADER_LENGTH; + i=s->method->ssl_read_bytes(s,SSL3_RT_HANDSHAKE, - &p[s->init_num], - frag_len,0); - /* XDTLS: fix this--message fragments cannot span multiple packets */ + &p[frag_off],frag_len,0); + /* XDTLS: fix this--message fragments cannot span multiple packets */ if (i <= 0) { s->rwstate=SSL_READING; @@ -689,70 +698,23 @@ dtls1_get_message_fragment(SSL *s, int s else i = 0; - /* XDTLS: an incorrectly formatted fragment should cause the - * handshake to fail */ + /* XDTLS: an incorrectly formatted fragment should cause the + * handshake to fail */ OPENSSL_assert(i == (int)frag_len); -#if 0 - /* Successfully read a fragment. - * It may be (1) out of order, or - * (2) it's a repeat, in which case we dump it - * (3) the one we are expecting next (maybe with overlap) - * If it is next one, it may overlap with previously read bytes - */ + *ok = 1; - /* case (1): buffer the future fragment - * (we can treat fragments from a future message the same - * as future fragments from the message being currently read, since - * they are sematically simply out of order. - */ - if ( msg_hdr.seq > s->d1->handshake_read_seq || - frag_off > s->init_num - DTLS1_HM_HEADER_LENGTH) - { - dtls1_buffer_handshake_fragment(s, &msg_hdr); - return DTLS1_HM_FRAGMENT_RETRY; - } - - /* case (2): drop the entire fragment, and try again */ - if ( msg_hdr.seq < s->d1->handshake_read_seq || - frag_off + frag_len < s->init_num - DTLS1_HM_HEADER_LENGTH) - { - s->init_num -= DTLS1_HM_HEADER_LENGTH; - return DTLS1_HM_FRAGMENT_RETRY; - } -#endif - - /* case (3): received a immediately useful fragment. Determine the - * possible overlap and copy the fragment. - */ - overlap = (s->init_num - DTLS1_HM_HEADER_LENGTH) - frag_off; - - /* retain the header for the first fragment */ - if ( s->init_num > DTLS1_HM_HEADER_LENGTH) - { - memmove(&(s->init_buf->data[s->init_num]), - &(s->init_buf->data[s->init_num + DTLS1_HM_HEADER_LENGTH + overlap]), - frag_len - overlap); - - s->init_num += frag_len - overlap; - } - else - s->init_num += frag_len; - - dtls1_process_handshake_fragment(s, frag_len - overlap); - - if (s->msg_callback) - s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, s->init_buf->data, - (size_t)s->init_num, s, - s->msg_callback_arg); - *ok=1; - - return s->init_num; + /* Note that s->init_num is *not* used as current offset in + * s->init_buf->data, but as a counter summing up fragments' + * lengths: as soon as they sum up to handshake packet + * length, we assume we have got all the fragments. */ + s->init_num += frag_len; + return frag_len; f_err: ssl3_send_alert(s,SSL3_AL_FATAL,al); - s->init_num = 0; -err: + s->init_num = 0; + *ok=0; return(-1); } @@ -790,7 +752,7 @@ int dtls1_send_finished(SSL *s, int a, i /* buffer the message to handle re-xmits */ dtls1_buffer_message(s, 0); - + s->state=b; } @@ -816,9 +778,14 @@ int dtls1_send_change_cipher_spec(SSL *s *p++=SSL3_MT_CCS; s->d1->handshake_write_seq = s->d1->next_handshake_write_seq; s->d1->next_handshake_write_seq++; - s2n(s->d1->handshake_write_seq,p); - s->init_num=DTLS1_CCS_HEADER_LENGTH; + + if (s->client_version == DTLS1_BAD_VER) + { + s2n(s->d1->handshake_write_seq,p); + s->init_num+=2; + } + s->init_off=0; dtls1_set_message_header_int(s, SSL3_MT_CCS, 0, @@ -1056,7 +1023,7 @@ dtls1_buffer_message(SSL *s, int is_ccs) if ( is_ccs) { OPENSSL_assert(s->d1->w_msg_hdr.msg_len + - DTLS1_CCS_HEADER_LENGTH == (unsigned int)s->init_num); + DTLS1_CCS_HEADER_LENGTH <= (unsigned int)s->init_num); } else { @@ -1259,5 +1226,4 @@ dtls1_get_ccs_header(unsigned char *data memset(ccs_hdr, 0x00, sizeof(struct ccs_header_st)); ccs_hdr->type = *(data++); - n2s(data, ccs_hdr->seq); } diff -up openssl-0.9.8b/ssl/d1_clnt.c.dtls-fixes openssl-0.9.8b/ssl/d1_clnt.c --- openssl-0.9.8b/ssl/d1_clnt.c.dtls-fixes 2005-12-05 18:32:19.000000000 +0100 +++ openssl-0.9.8b/ssl/d1_clnt.c 2007-10-08 17:55:22.000000000 +0200 @@ -214,17 +214,21 @@ int dtls1_connect(SSL *s) /* don't push the buffering BIO quite yet */ - ssl3_init_finished_mac(s); - s->state=SSL3_ST_CW_CLNT_HELLO_A; s->ctx->stats.sess_connect++; s->init_num=0; + /* mark client_random uninitialized */ + memset(s->s3->client_random,0,sizeof(s->s3->client_random)); break; case SSL3_ST_CW_CLNT_HELLO_A: case SSL3_ST_CW_CLNT_HELLO_B: s->shutdown=0; + + /* every DTLS ClientHello resets Finished MAC */ + ssl3_init_finished_mac(s); + ret=dtls1_client_hello(s); if (ret <= 0) goto end; @@ -422,6 +426,9 @@ int dtls1_connect(SSL *s) s->s3->tmp.next_state=SSL3_ST_CR_FINISHED_A; } s->init_num=0; + /* mark client_random uninitialized */ + memset (s->s3->client_random,0,sizeof(s->s3->client_random)); + break; case SSL3_ST_CR_FINISHED_A: @@ -544,9 +551,15 @@ int dtls1_client_hello(SSL *s) /* else use the pre-loaded session */ p=s->s3->client_random; - Time=(unsigned long)time(NULL); /* Time */ - l2n(Time,p); - RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-sizeof(Time)); + /* if client_random is initialized, reuse it, we are + * required to use same upon reply to HelloVerify */ + for (i=0;p[i]=='\0' && is3->client_random);i++) ; + if (i==sizeof(s->s3->client_random)) + { + Time=(unsigned long)time(NULL); /* Time */ + l2n(Time,p); + RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-4); + } /* Do the message type and length last */ d=p= &(buf[DTLS1_HM_HEADER_LENGTH]); openssl-0.9.8b-cve-2007-5135.patch: ssl_lib.c | 22 +++++++++++----------- 1 files changed, 11 insertions(+), 11 deletions(-) --- NEW FILE openssl-0.9.8b-cve-2007-5135.patch --- Possible one byte buffer overflow in SSL_get_shared_ciphers. CVE-2007-5135 diff -up openssl-0.9.8b/ssl/ssl_lib.c.orig openssl-0.9.8b/ssl/ssl_lib.c --- openssl-0.9.8b/ssl/ssl_lib.c.orig 2007-10-08 10:20:42.000000000 +0200 +++ openssl-0.9.8b/ssl/ssl_lib.c 2007-10-08 17:32:29.000000000 +0200 @@ -1201,7 +1201,6 @@ int SSL_set_cipher_list(SSL *s,const cha char *SSL_get_shared_ciphers(const SSL *s,char *buf,int len) { char *p; - const char *cp; STACK_OF(SSL_CIPHER) *sk; SSL_CIPHER *c; int i; @@ -1214,20 +1213,21 @@ char *SSL_get_shared_ciphers(const SSL * sk=s->session->ciphers; for (i=0; iname; *cp; ) + n=strlen(c->name); + if (n+1 > len) { - if (len-- <= 0) - { - *p='\0'; - return(buf); - } - else - *(p++)= *(cp++); + if (p != buf) + --p; + *p='\0'; + return buf; } + strcpy(p,c->name); + p+=n; *(p++)=':'; + len-=n+1; } p[-1]='\0'; return(buf); openssl-0.9.8b-cve-2007-3108.patch: bn/bn.h | 15 ++- bn/bn_blind.c | 12 ++ bn/bn_div.c | 236 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++- bn/bn_gcd.c | 161 ++++++++++++++++++++++++++++++++++++++ bn/bn_lib.c | 2 bn/bn_mont.c | 71 +++++++++++------ rsa/rsa.h | 18 ++-- rsa/rsa_eay.c | 87 +++++++++++++++++---- rsa/rsa_gen.c | 33 +++++++ rsa/rsa_lib.c | 14 ++- rsa/rsa_test.c | 2 11 files changed, 587 insertions(+), 64 deletions(-) Index: openssl-0.9.8b-cve-2007-3108.patch =================================================================== RCS file: /cvs/dist/rpms/openssl/FC-6/openssl-0.9.8b-cve-2007-3108.patch,v retrieving revision 1.1 retrieving revision 1.2 diff -u -r1.1 -r1.2 --- openssl-0.9.8b-cve-2007-3108.patch 3 Aug 2007 13:01:01 -0000 1.1 +++ openssl-0.9.8b-cve-2007-3108.patch 12 Oct 2007 11:34:59 -0000 1.2 @@ -336,7 +336,7 @@ r->neg=a->neg^n->neg; np=n->d; -@@ -228,37 +228,56 @@ int BN_from_montgomery(BIGNUM *ret, cons +@@ -228,37 +228,58 @@ int BN_from_montgomery(BIGNUM *ret, cons } bn_correct_top(r); @@ -413,10 +413,12 @@ -#endif + for (ri+=4; iN,ctx)) goto err; if (!BN_add(t2,a,t1)) goto err; if (!BN_rshift(ret,t2,mont->ri)) goto err; Index: openssl.spec =================================================================== RCS file: /cvs/dist/rpms/openssl/FC-6/openssl.spec,v retrieving revision 1.89 retrieving revision 1.90 diff -u -r1.89 -r1.90 --- openssl.spec 3 Aug 2007 13:01:01 -0000 1.89 +++ openssl.spec 12 Oct 2007 11:34:59 -0000 1.90 @@ -21,7 +21,7 @@ Summary: The OpenSSL toolkit Name: openssl Version: 0.9.8b -Release: 14%{?dist} +Release: 15%{?dist} Source: openssl-%{version}-usa.tar.bz2 Source1: hobble-openssl Source2: Makefile.certificate @@ -66,6 +66,8 @@ Patch64: openssl-0.9.8b-test-use-localhost.patch Patch65: openssl-0.9.8b-cve-2007-3108.patch Patch66: openssl-0.9.7a-ssl-strict-matching.patch +Patch67: openssl-0.9.8b-cve-2007-4995.patch +Patch68: openssl-0.9.8b-cve-2007-5135.patch License: OpenSSL Group: System Environment/Libraries @@ -142,6 +144,8 @@ %patch64 -p1 -b .use-localhost %patch65 -p1 -b .no-branch %patch66 -p1 -b .strict-matching +%patch67 -p1 -b .dtls-fixes +%patch68 -p1 -b .shciphers # Modify the various perl scripts to reference perl in the right location. perl util/perlpath.pl `dirname %{__perl}` @@ -382,6 +386,10 @@ %postun -p /sbin/ldconfig %changelog +* Fri Oct 12 2007 Tomas Mraz 0.9.8b-15 +- fix CVE-2007-5135 - off-by-one in SSL_get_shared_ciphers (#309801) +- fix CVE-2007-4995 - out of order DTLS fragments buffer overflow (#321191) + * Fri Aug 3 2007 Tomas Mraz 0.9.8b-14 - use localhost in testsuite, hopefully fixes slow build in koji - CVE-2007-3108 - fix side channel attack on private keys (#250577) From fedora-cvs-commits at redhat.com Mon Oct 15 12:51:28 2007 From: fedora-cvs-commits at redhat.com (fedora-cvs-commits at redhat.com) Date: Mon, 15 Oct 2007 08:51:28 -0400 Subject: rpms/ruby/FC-6 ruby.spec,1.94,1.95 Message-ID: <200710151251.l9FCpSQQ023912@cvs.devel.redhat.com> Author: tagoh Update of /cvs/dist/rpms/ruby/FC-6 In directory cvs.devel.redhat.com:/tmp/cvs-serv23898 Modified Files: ruby.spec Log Message: * Mon Oct 15 2007 Akira TAGOH - 1.8.5.113-2 - Enable pthread support for ppc too. (#201452) - Fix unexpected dependencies appears in ruby-libs. (#253325) Index: ruby.spec =================================================================== RCS file: /cvs/dist/rpms/ruby/FC-6/ruby.spec,v retrieving revision 1.94 retrieving revision 1.95 diff -u -r1.94 -r1.95 --- ruby.spec 4 Oct 2007 14:08:15 -0000 1.94 +++ ruby.spec 15 Oct 2007 12:51:25 -0000 1.95 @@ -11,7 +11,7 @@ Name: ruby Version: %{rubyver}%{?dotpatchlevel} -Release: 1%{?dist} +Release: 2%{?dist} License: Ruby or GPL+ URL: http://www.ruby-lang.org/ BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) @@ -179,11 +179,7 @@ --with-bundled-rmd160 \ --enable-shared \ --enable-ipv6 \ -%ifarch ppc - --disable-pthread \ -%else --enable-pthread \ -%endif --with-lookup-order-hack=INET \ --disable-rpath \ --with-ruby-prefix=%{_prefix}/lib @@ -469,6 +465,10 @@ %endif %changelog +* Mon Oct 15 2007 Akira TAGOH - 1.8.5.113-2 +- Enable pthread support for ppc too. (#201452) +- Fix unexpected dependencies appears in ruby-libs. (#253325) + * Thu Oct 4 2007 Akira TAGOH - 1.8.5.113-1 - New upstream release. - ruby-1.8.5-CVE-2007-5162.patch: security fix for Net::HTTP that is From fedora-cvs-commits at redhat.com Tue Oct 16 08:38:55 2007 From: fedora-cvs-commits at redhat.com (fedora-cvs-commits at redhat.com) Date: Tue, 16 Oct 2007 04:38:55 -0400 Subject: rpms/elfutils/FC-6 .cvsignore, 1.37, 1.38 Makefile, 1.18, 1.19 elfutils-portability.patch, 1.30, 1.31 elfutils-robustify.patch, 1.8, 1.9 elfutils.spec, 1.82, 1.83 sources, 1.38, 1.39 Message-ID: <200710160838.l9G8cth1026208@cvs.devel.redhat.com> Author: roland Update of /cvs/dist/rpms/elfutils/FC-6 In directory cvs.devel.redhat.com:/tmp/cvs-serv26189 Modified Files: .cvsignore Makefile elfutils-portability.patch elfutils-robustify.patch elfutils.spec sources Log Message: New upstream version 0.130 Index: .cvsignore =================================================================== RCS file: /cvs/dist/rpms/elfutils/FC-6/.cvsignore,v retrieving revision 1.37 retrieving revision 1.38 diff -u -r1.37 -r1.38 --- .cvsignore 19 Aug 2007 21:43:44 -0000 1.37 +++ .cvsignore 16 Oct 2007 08:38:52 -0000 1.38 @@ -1,3 +1,3 @@ testfile16.symtab.bz2 testfile16.symtab.debug.bz2 -elfutils-0.129.tar.gz +elfutils-0.130.tar.gz elfutils-portability.patch: ChangeLog | 15 ++++++++ Makefile.in | 2 + backends/ChangeLog | 8 ++++ backends/Makefile.am | 6 ++- backends/Makefile.in | 8 ++-- config/Makefile.in | 2 + configure | 92 +++++++++++++++++++++++++++++++++++++++++++++++++-- configure.ac | 28 +++++++++++++++ lib/ChangeLog | 5 ++ lib/Makefile.am | 3 + lib/Makefile.in | 6 ++- libasm/ChangeLog | 5 ++ libasm/Makefile.am | 3 + libasm/Makefile.in | 6 ++- libcpu/ChangeLog | 5 ++ libcpu/Makefile.am | 3 + libcpu/Makefile.in | 4 +- libdw/ChangeLog | 5 ++ libdw/Makefile.am | 3 + libdw/Makefile.in | 7 ++- libdwfl/ChangeLog | 5 ++ libdwfl/Makefile.am | 3 + libdwfl/Makefile.in | 6 ++- libebl/ChangeLog | 5 ++ libebl/Makefile.am | 3 + libebl/Makefile.in | 6 ++- libelf/ChangeLog | 5 ++ libelf/Makefile.am | 6 ++- libelf/Makefile.in | 8 ++-- libelf/common.h | 4 +- m4/Makefile.in | 2 + src/ChangeLog | 17 +++++++++ src/Makefile.am | 6 ++- src/Makefile.in | 9 +++- src/findtextrel.c | 6 ++- src/strings.c | 9 ++++ src/strip.c | 20 +++++++++-- tests/ChangeLog | 5 ++ tests/Makefile.am | 5 +- tests/Makefile.in | 6 ++- 40 files changed, 311 insertions(+), 41 deletions(-) Index: elfutils-portability.patch =================================================================== RCS file: /cvs/dist/rpms/elfutils/FC-6/elfutils-portability.patch,v retrieving revision 1.30 retrieving revision 1.31 diff -u -r1.30 -r1.31 --- elfutils-portability.patch 19 Aug 2007 21:43:44 -0000 1.30 +++ elfutils-portability.patch 16 Oct 2007 08:38:52 -0000 1.31 @@ -1,6 +1,6 @@ --- elfutils/backends/ChangeLog +++ elfutils/backends/ChangeLog -@@ -157,6 +157,11 @@ +@@ -229,6 +229,11 @@ * sparc_init.c: Likewise. * x86_64_init.c: Likewise. @@ -12,7 +12,7 @@ 2005-11-19 Roland McGrath * ppc64_reloc.def: REL30 -> ADDR30. -@@ -179,6 +184,9 @@ +@@ -251,6 +256,9 @@ * Makefile.am (uninstall): Don't try to remove $(pkgincludedir). (CLEANFILES): Add libebl_$(m).so. @@ -51,7 +51,7 @@ libebl_%.map: Makefile --- elfutils/backends/Makefile.in +++ elfutils/backends/Makefile.in -@@ -147,6 +147,7 @@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ +@@ -152,6 +152,7 @@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ LDFLAGS = @LDFLAGS@ @@ -59,7 +59,7 @@ LEX = @LEX@ LEXLIB = @LEXLIB@ LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ -@@ -176,6 +177,7 @@ SHELL = @SHELL@ +@@ -181,6 +182,7 @@ SHELL = @SHELL@ STRIP = @STRIP@ USE_NLS = @USE_NLS@ VERSION = @VERSION@ @@ -67,7 +67,7 @@ XGETTEXT = @XGETTEXT@ XGETTEXT_015 = @XGETTEXT_015@ YACC = @YACC@ -@@ -231,9 +233,9 @@ target_alias = @target_alias@ +@@ -236,9 +238,9 @@ target_alias = @target_alias@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ @MUDFLAP_FALSE at AM_CFLAGS = -fpic -Wall -Wshadow -Werror -Wunused \ @@ -79,7 +79,7 @@ INCLUDES = -I$(srcdir) -I$(top_srcdir)/libebl \ -I$(top_srcdir)/libelf -I$(top_srcdir)/libdw \ -I$(top_srcdir)/lib -I.. -@@ -605,7 +607,7 @@ uninstall-am: +@@ -626,7 +628,7 @@ uninstall-am: libebl_%.so: libebl_%_pic.a libebl_%.map $(libelf) $(libdw) $(LINK) -shared -o $@ -Wl,--whole-archive,$<,--no-whole-archive \ -Wl,--version-script,$(word 2,$^) \ @@ -479,7 +479,7 @@ libcpu_i386_a_SOURCES = i386_dis.c --- elfutils/libdw/ChangeLog +++ elfutils/libdw/ChangeLog -@@ -386,6 +386,11 @@ +@@ -406,6 +406,11 @@ 2005-05-31 Roland McGrath @@ -543,7 +543,7 @@ $(COMPILE))) --- elfutils/libdwfl/ChangeLog +++ elfutils/libdwfl/ChangeLog -@@ -531,6 +531,11 @@ +@@ -647,6 +647,11 @@ 2005-07-21 Roland McGrath @@ -574,7 +574,7 @@ VERSION = 1 --- elfutils/libdwfl/Makefile.in +++ elfutils/libdwfl/Makefile.in -@@ -124,6 +124,7 @@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ +@@ -128,6 +128,7 @@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ LDFLAGS = @LDFLAGS@ @@ -582,7 +582,7 @@ LEX = @LEX@ LEXLIB = @LEXLIB@ LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ -@@ -153,6 +154,7 @@ SHELL = @SHELL@ +@@ -157,6 +158,7 @@ SHELL = @SHELL@ STRIP = @STRIP@ USE_NLS = @USE_NLS@ VERSION = 1 @@ -590,7 +590,7 @@ XGETTEXT = @XGETTEXT@ XGETTEXT_015 = @XGETTEXT_015@ YACC = @YACC@ -@@ -208,9 +210,9 @@ target_alias = @target_alias@ +@@ -212,9 +214,9 @@ target_alias = @target_alias@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ @MUDFLAP_FALSE at AM_CFLAGS = -Wall -Werror -Wshadow -Wunused -Wformat=2 \ @@ -604,7 +604,7 @@ --- elfutils/libebl/ChangeLog +++ elfutils/libebl/ChangeLog -@@ -476,6 +476,11 @@ +@@ -501,6 +501,11 @@ * Makefile.am (libebl_*_so_SOURCES): Set to $(*_SRCS) so dependency tracking works right. @@ -665,7 +665,7 @@ --- elfutils/libelf/ChangeLog +++ elfutils/libelf/ChangeLog -@@ -234,6 +234,11 @@ +@@ -295,6 +295,11 @@ If section content hasn't been read yet, do it before looking for the block size. If no section data present, infer size of section header. @@ -730,7 +730,7 @@ @MUDFLAP_FALSE at noinst_PROGRAMS = $(am__EXEEXT_1) @MUDFLAP_TRUE at am_libelf_pic_a_OBJECTS = subdir = libelf -@@ -167,6 +167,7 @@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ +@@ -168,6 +168,7 @@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ LDFLAGS = @LDFLAGS@ @@ -738,7 +738,7 @@ LEX = @LEX@ LEXLIB = @LEXLIB@ LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ -@@ -196,6 +197,7 @@ SHELL = @SHELL@ +@@ -197,6 +198,7 @@ SHELL = @SHELL@ STRIP = @STRIP@ USE_NLS = @USE_NLS@ VERSION = 1 @@ -746,7 +746,7 @@ XGETTEXT = @XGETTEXT@ XGETTEXT_015 = @XGETTEXT_015@ YACC = @YACC@ -@@ -251,10 +253,10 @@ target_alias = @target_alias@ +@@ -252,10 +254,10 @@ target_alias = @target_alias@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ @MUDFLAP_FALSE at AM_CFLAGS = $(am__append_1) -Wall -Wshadow -Werror \ @@ -797,7 +797,15 @@ YACC = @YACC@ --- elfutils/src/ChangeLog +++ elfutils/src/ChangeLog -@@ -220,6 +220,10 @@ +@@ -1,3 +1,7 @@ ++2007-10-16 Roland McGrath ++ ++ * Makefile.am (readelf_no_Werror): New variable. ++ + 2007-10-15 Roland McGrath + + * make-debug-archive.in: New file. +@@ -437,6 +441,10 @@ * elflint.c (valid_e_machine): Add EM_ALPHA. Reported by Christian Aichinger . @@ -808,7 +816,7 @@ 2006-08-08 Ulrich Drepper * elflint.c (check_dynamic): Don't require DT_HASH for DT_SYMTAB. -@@ -296,6 +300,10 @@ +@@ -513,6 +521,10 @@ * Makefile.am: Add hacks to create dependency files for non-generic linker. @@ -819,7 +827,7 @@ 2006-06-12 Ulrich Drepper * ldgeneric.c (ld_generic_generate_sections): Don't create .interp -@@ -644,6 +652,11 @@ +@@ -861,6 +873,11 @@ * readelf.c (print_debug_loc_section): Fix indentation for larger address size. @@ -865,9 +873,19 @@ $(if $($(*F)_no_Wformat),,-Wformat=2) $(CFLAGS_$(*F)) INCLUDES = -I$(srcdir) -I$(srcdir)/../libelf -I$(srcdir)/../libebl \ +@@ -108,6 +109,9 @@ strings_no_Wformat = yes + # XXX While the file is not finished, don't warn about this + ldgeneric_no_Wunused = yes + ++# Buggy old compilers. ++readelf_no_Werror = yes ++ + readelf_LDADD = $(libdw) $(libebl) $(libelf) $(libeu) $(libmudflap) -ldl + nm_LDADD = $(libdw) $(libebl) $(libelf) $(libeu) $(libmudflap) -ldl + size_LDADD = $(libelf) $(libeu) $(libmudflap) --- elfutils/src/Makefile.in +++ elfutils/src/Makefile.in -@@ -197,6 +197,7 @@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ +@@ -200,6 +200,7 @@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ LDFLAGS = @LDFLAGS@ @@ -875,7 +893,7 @@ LEX = @LEX@ LEXLIB = @LEXLIB@ LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ -@@ -226,6 +227,7 @@ SHELL = @SHELL@ +@@ -229,6 +230,7 @@ SHELL = @SHELL@ STRIP = @STRIP@ USE_NLS = @USE_NLS@ VERSION = @VERSION@ @@ -883,7 +901,7 @@ XGETTEXT = @XGETTEXT@ XGETTEXT_015 = @XGETTEXT_015@ YACC = @YACC@ -d -@@ -283,13 +285,13 @@ top_srcdir = @top_srcdir@ +@@ -286,13 +288,13 @@ top_srcdir = @top_srcdir@ @MUDFLAP_FALSE at AM_CFLAGS = -Wall -Wshadow -std=gnu99 \ @MUDFLAP_FALSE@ $(native_ld_cflags) $(if \ @MUDFLAP_FALSE@ $($(*F)_no_Werror),,-Werror) $(if \ @@ -899,6 +917,16 @@ @MUDFLAP_TRUE@ $($(*F)_no_Wformat),,-Wformat=2) $(CFLAGS_$(*F)) INCLUDES = -I$(srcdir) -I$(srcdir)/../libelf -I$(srcdir)/../libebl \ -I$(srcdir)/../libdw -I$(srcdir)/../libdwfl \ +@@ -334,6 +336,9 @@ size_no_Wformat = yes + strings_no_Wformat = yes + # XXX While the file is not finished, don't warn about this + ldgeneric_no_Wunused = yes ++ ++# Buggy old compilers. ++readelf_no_Werror = yes + readelf_LDADD = $(libdw) $(libebl) $(libelf) $(libeu) $(libmudflap) -ldl + nm_LDADD = $(libdw) $(libebl) $(libelf) $(libeu) $(libmudflap) -ldl + size_LDADD = $(libelf) $(libeu) $(libmudflap) --- elfutils/src/strings.c +++ elfutils/src/strings.c @@ -51,6 +51,10 @@ @@ -980,7 +1008,7 @@ cannot set access and modification date of '%s'"), fname); --- elfutils/tests/ChangeLog +++ elfutils/tests/ChangeLog -@@ -549,6 +549,11 @@ +@@ -585,6 +585,11 @@ * Makefile.am (TESTS): Add run-elflint-test.sh. (EXTRA_DIST): Add run-elflint-test.sh and testfile18.bz2. @@ -1012,7 +1040,7 @@ endif --- elfutils/tests/Makefile.in +++ elfutils/tests/Makefile.in -@@ -322,6 +322,7 @@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ +@@ -323,6 +323,7 @@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ LDFLAGS = @LDFLAGS@ @@ -1020,7 +1048,7 @@ LEX = @LEX@ LEXLIB = @LEXLIB@ LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ -@@ -351,6 +352,7 @@ SHELL = @SHELL@ +@@ -352,6 +353,7 @@ SHELL = @SHELL@ STRIP = @STRIP@ USE_NLS = @USE_NLS@ VERSION = @VERSION@ @@ -1028,7 +1056,7 @@ XGETTEXT = @XGETTEXT@ XGETTEXT_015 = @XGETTEXT_015@ YACC = @YACC@ -@@ -405,10 +407,10 @@ sysconfdir = @sysconfdir@ +@@ -406,10 +408,10 @@ sysconfdir = @sysconfdir@ target_alias = @target_alias@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ elfutils-robustify.patch: elfutils-0.127/libelf/elf32_getphdr.c | 10 ++ elfutils-0.127/libelf/elf32_getshdr.c | 13 +++ elfutils-0.127/libelf/elf32_newphdr.c | 6 + elfutils-0.127/libelf/elf32_updatefile.c | 7 + elfutils-0.127/libelf/elf_begin.c | 46 +++++++++++- elfutils-0.127/libelf/elf_getarsym.c | 3 elfutils-0.127/libelf/elf_getshstrndx.c | 38 +++++++++- elfutils-0.127/libelf/elf_newscn.c | 10 ++ elfutils-0.127/libelf/gelf_getdyn.c | 6 + elfutils-0.127/libelf/gelf_getlib.c | 3 elfutils-0.127/libelf/gelf_getmove.c | 3 elfutils-0.127/libelf/gelf_getrel.c | 12 +-- elfutils-0.127/libelf/gelf_getrela.c | 12 +-- elfutils-0.127/libelf/gelf_getsym.c | 6 + elfutils-0.127/libelf/gelf_getsyminfo.c | 3 elfutils-0.127/libelf/gelf_getsymshndx.c | 10 +- elfutils-0.127/libelf/gelf_getversym.c | 3 elfutils-0.127/libelf/gelf_update_dyn.c | 12 +-- elfutils-0.127/libelf/gelf_update_lib.c | 9 -- elfutils-0.127/libelf/gelf_update_move.c | 2 elfutils-0.127/libelf/gelf_update_rel.c | 12 +-- elfutils-0.127/libelf/gelf_update_rela.c | 12 +-- elfutils-0.127/libelf/gelf_update_sym.c | 12 +-- elfutils-0.127/libelf/gelf_update_syminfo.c | 9 -- elfutils-0.127/libelf/gelf_update_symshndx.c | 12 +-- elfutils-0.127/libelf/gelf_update_versym.c | 2 elfutils-0.127/libelf/libelfP.h | 9 ++ elfutils-0.128/src/strip.c | 73 +++++++++++++------ elfutils-0.130/src/elflint.c | 101 ++++++++++++++++++++------- elfutils-0.130/src/readelf.c | 92 +++++++++++++++++------- 30 files changed, 381 insertions(+), 167 deletions(-) Index: elfutils-robustify.patch =================================================================== RCS file: /cvs/dist/rpms/elfutils/FC-6/elfutils-robustify.patch,v retrieving revision 1.8 retrieving revision 1.9 diff -u -r1.8 -r1.9 --- elfutils-robustify.patch 8 Jun 2007 22:55:02 -0000 1.8 +++ elfutils-robustify.patch 16 Oct 2007 08:38:52 -0000 1.9 @@ -65,9 +65,9 @@ (check_symtab, is_rel_dyn, check_rela, check_rel, check_dynamic, check_symtab_shndx, check_hash, check_versym): Robustify. ---- elfutils-0.127/src/readelf.c.robustify -+++ elfutils-0.127/src/readelf.c -@@ -958,6 +958,8 @@ handle_scngrp (Ebl *ebl, Elf_Scn *scn, G +--- elfutils-0.130/src/readelf.c.robustify ++++ elfutils-0.130/src/readelf.c +@@ -1053,6 +1053,8 @@ handle_scngrp (Ebl *ebl, Elf_Scn *scn, G Elf32_Word *grpref = (Elf32_Word *) data->d_buf; GElf_Sym sym_mem; @@ -76,7 +76,7 @@ printf ((grpref[0] & GRP_COMDAT) ? ngettext ("\ \nCOMDAT section group [%2zu] '%s' with signature '%s' contains %zu entry:\n", -@@ -970,8 +972,8 @@ handle_scngrp (Ebl *ebl, Elf_Scn *scn, G +@@ -1065,8 +1067,8 @@ handle_scngrp (Ebl *ebl, Elf_Scn *scn, G data->d_size / sizeof (Elf32_Word) - 1), elf_ndxscn (scn), elf_strptr (ebl->elf, shstrndx, shdr->sh_name), @@ -87,7 +87,7 @@ ?: gettext (""), data->d_size / sizeof (Elf32_Word) - 1); -@@ -1122,7 +1124,8 @@ static void +@@ -1217,7 +1219,8 @@ static void handle_dynamic (Ebl *ebl, Elf_Scn *scn, GElf_Shdr *shdr) { int class = gelf_getclass (ebl->elf); @@ -97,7 +97,7 @@ Elf_Data *data; size_t cnt; size_t shstrndx; -@@ -1137,6 +1140,11 @@ handle_dynamic (Ebl *ebl, Elf_Scn *scn, +@@ -1232,6 +1235,11 @@ handle_dynamic (Ebl *ebl, Elf_Scn *scn, error (EXIT_FAILURE, 0, gettext ("cannot get section header string table index")); @@ -109,7 +109,7 @@ printf (ngettext ("\ \nDynamic segment contains %lu entry:\n Addr: %#0*" PRIx64 " Offset: %#08" PRIx64 " Link to section: [%2u] '%s'\n", "\ -@@ -1146,9 +1154,7 @@ handle_dynamic (Ebl *ebl, Elf_Scn *scn, +@@ -1241,9 +1249,7 @@ handle_dynamic (Ebl *ebl, Elf_Scn *scn, class == ELFCLASS32 ? 10 : 18, shdr->sh_addr, shdr->sh_offset, (int) shdr->sh_link, @@ -120,7 +120,7 @@ fputs_unlocked (gettext (" Type Value\n"), stdout); for (cnt = 0; cnt < shdr->sh_size / shdr->sh_entsize; ++cnt) -@@ -1666,6 +1672,13 @@ handle_symtab (Ebl *ebl, Elf_Scn *scn, G +@@ -1761,6 +1767,13 @@ handle_symtab (Ebl *ebl, Elf_Scn *scn, G error (EXIT_FAILURE, 0, gettext ("cannot get section header string table index")); @@ -134,7 +134,7 @@ /* Now we can compute the number of entries in the section. */ unsigned int nsyms = data->d_size / (class == ELFCLASS32 ? sizeof (Elf32_Sym) -@@ -1676,15 +1689,12 @@ handle_symtab (Ebl *ebl, Elf_Scn *scn, G +@@ -1771,15 +1784,12 @@ handle_symtab (Ebl *ebl, Elf_Scn *scn, G nsyms), (unsigned int) elf_ndxscn (scn), elf_strptr (ebl->elf, shstrndx, shdr->sh_name), nsyms); @@ -151,7 +151,7 @@ fputs_unlocked (class == ELFCLASS32 ? gettext ("\ -@@ -1920,7 +1930,13 @@ handle_verneed (Ebl *ebl, Elf_Scn *scn, +@@ -2015,7 +2025,13 @@ handle_verneed (Ebl *ebl, Elf_Scn *scn, error (EXIT_FAILURE, 0, gettext ("cannot get section header string table index")); @@ -166,7 +166,7 @@ printf (ngettext ("\ \nVersion needs section [%2u] '%s' contains %d entry:\n Addr: %#0*" PRIx64 " Offset: %#08" PRIx64 " Link to section: [%2u] '%s'\n", "\ -@@ -1931,9 +1947,7 @@ handle_verneed (Ebl *ebl, Elf_Scn *scn, +@@ -2026,9 +2042,7 @@ handle_verneed (Ebl *ebl, Elf_Scn *scn, class == ELFCLASS32 ? 10 : 18, shdr->sh_addr, shdr->sh_offset, (unsigned int) shdr->sh_link, @@ -177,7 +177,7 @@ unsigned int offset = 0; for (int cnt = shdr->sh_info; --cnt >= 0; ) -@@ -1986,8 +2000,14 @@ handle_verdef (Ebl *ebl, Elf_Scn *scn, G +@@ -2081,8 +2095,14 @@ handle_verdef (Ebl *ebl, Elf_Scn *scn, G error (EXIT_FAILURE, 0, gettext ("cannot get section header string table index")); @@ -193,7 +193,7 @@ printf (ngettext ("\ \nVersion definition section [%2u] '%s' contains %d entry:\n Addr: %#0*" PRIx64 " Offset: %#08" PRIx64 " Link to section: [%2u] '%s'\n", "\ -@@ -1999,9 +2019,7 @@ handle_verdef (Ebl *ebl, Elf_Scn *scn, G +@@ -2094,9 +2114,7 @@ handle_verdef (Ebl *ebl, Elf_Scn *scn, G class == ELFCLASS32 ? 10 : 18, shdr->sh_addr, shdr->sh_offset, (unsigned int) shdr->sh_link, @@ -204,7 +204,7 @@ unsigned int offset = 0; for (int cnt = shdr->sh_info; --cnt >= 0; ) -@@ -2263,8 +2281,14 @@ handle_versym (Ebl *ebl, Elf_Scn *scn, G +@@ -2358,8 +2376,14 @@ handle_versym (Ebl *ebl, Elf_Scn *scn, G filename = NULL; } @@ -220,7 +220,7 @@ printf (ngettext ("\ \nVersion symbols section [%2u] '%s' contains %d entry:\n Addr: %#0*" PRIx64 " Offset: %#08" PRIx64 " Link to section: [%2u] '%s'", "\ -@@ -2276,9 +2300,7 @@ handle_versym (Ebl *ebl, Elf_Scn *scn, G +@@ -2371,9 +2395,7 @@ handle_versym (Ebl *ebl, Elf_Scn *scn, G class == ELFCLASS32 ? 10 : 18, shdr->sh_addr, shdr->sh_offset, (unsigned int) shdr->sh_link, @@ -231,7 +231,7 @@ /* Now we can finally look at the actual contents of this section. */ for (unsigned int cnt = 0; cnt < shdr->sh_size / shdr->sh_entsize; ++cnt) -@@ -2330,7 +2352,17 @@ print_hash_info (Ebl *ebl, Elf_Scn *scn, +@@ -2425,7 +2447,17 @@ print_hash_info (Ebl *ebl, Elf_Scn *scn, for (Elf32_Word cnt = 0; cnt < nbucket; ++cnt) ++counts[lengths[cnt]]; @@ -250,7 +250,7 @@ printf (ngettext ("\ \nHistogram for bucket list length in section [%2u] '%s' (total of %d bucket):\n Addr: %#0*" PRIx64 " Offset: %#08" PRIx64 " Link to section: [%2u] '%s'\n", "\ -@@ -2343,9 +2375,7 @@ print_hash_info (Ebl *ebl, Elf_Scn *scn, +@@ -2438,9 +2470,7 @@ print_hash_info (Ebl *ebl, Elf_Scn *scn, shdr->sh_addr, shdr->sh_offset, (unsigned int) shdr->sh_link, @@ -261,7 +261,7 @@ if (extrastr != NULL) fputs (extrastr, stdout); -@@ -3655,6 +3685,16 @@ print_debug_aranges_section (Ebl *ebl __ +@@ -3834,6 +3864,16 @@ print_debug_aranges_section (Dwfl_Module return; } @@ -546,9 +546,9 @@ size_t hidx = elf_hash (name) % nbucket; if (bucket[hidx] == 0) ---- elfutils-0.127/src/elflint.c.robustify -+++ elfutils-0.127/src/elflint.c -@@ -123,6 +123,9 @@ static uint32_t shstrndx; +--- elfutils-0.130/src/elflint.c.robustify ++++ elfutils-0.130/src/elflint.c +@@ -126,6 +126,9 @@ static uint32_t shstrndx; /* Array to count references in section groups. */ static int *scnref; @@ -558,7 +558,7 @@ int main (int argc, char *argv[]) -@@ -312,10 +315,19 @@ section_name (Ebl *ebl, int idx) +@@ -315,10 +318,19 @@ section_name (Ebl *ebl, int idx) { GElf_Shdr shdr_mem; GElf_Shdr *shdr; @@ -579,7 +579,7 @@ } -@@ -337,10 +349,6 @@ static const int valid_e_machine[] = +@@ -340,10 +352,6 @@ static const int valid_e_machine[] = (sizeof (valid_e_machine) / sizeof (valid_e_machine[0])) @@ -590,7 +590,7 @@ static void check_elf_header (Ebl *ebl, GElf_Ehdr *ehdr, size_t size) { -@@ -603,7 +611,8 @@ section [%2d] '%s': symbol table cannot +@@ -606,7 +614,8 @@ section [%2d] '%s': symbol table cannot } } @@ -600,7 +600,7 @@ ERROR (gettext ("\ section [%2zu] '%s': entry size is does not match ElfXX_Sym\n"), cnt, section_name (ebl, cnt)); -@@ -641,7 +650,7 @@ section [%2d] '%s': XINDEX for zeroth en +@@ -644,7 +653,7 @@ section [%2d] '%s': XINDEX for zeroth en xndxscnidx, section_name (ebl, xndxscnidx)); } @@ -609,7 +609,7 @@ { sym = gelf_getsymshndx (data, xndxdata, cnt, &sym_mem, &xndx); if (sym == NULL) -@@ -659,7 +668,8 @@ section [%2d] '%s': symbol %zu: invalid +@@ -662,7 +671,8 @@ section [%2d] '%s': symbol %zu: invalid else { name = elf_strptr (ebl->elf, shdr->sh_link, sym->st_name); @@ -619,7 +619,7 @@ } if (sym->st_shndx == SHN_XINDEX) -@@ -981,9 +991,11 @@ is_rel_dyn (Ebl *ebl, const GElf_Ehdr *e +@@ -992,9 +1002,11 @@ is_rel_dyn (Ebl *ebl, const GElf_Ehdr *e { GElf_Shdr rcshdr_mem; const GElf_Shdr *rcshdr = gelf_getshdr (scn, &rcshdr_mem); @@ -633,7 +633,7 @@ { /* Found the dynamic section. Look through it. */ Elf_Data *d = elf_getdata (scn, NULL); -@@ -993,7 +1005,9 @@ is_rel_dyn (Ebl *ebl, const GElf_Ehdr *e +@@ -1004,7 +1016,9 @@ is_rel_dyn (Ebl *ebl, const GElf_Ehdr *e { GElf_Dyn dyn_mem; GElf_Dyn *dyn = gelf_getdyn (d, cnt, &dyn_mem); @@ -644,7 +644,7 @@ if (dyn->d_tag == DT_RELCOUNT) { -@@ -1007,7 +1021,9 @@ section [%2d] '%s': DT_RELCOUNT used for +@@ -1018,7 +1032,9 @@ section [%2d] '%s': DT_RELCOUNT used for /* Does the number specified number of relative relocations exceed the total number of relocations? */ @@ -655,7 +655,7 @@ ERROR (gettext ("\ section [%2d] '%s': DT_RELCOUNT value %d too high for this section\n"), idx, section_name (ebl, idx), -@@ -1167,7 +1183,8 @@ section [%2d] '%s': no relocations for m +@@ -1178,7 +1194,8 @@ section [%2d] '%s': no relocations for m } } @@ -665,7 +665,7 @@ ERROR (gettext (reltype == ELF_T_RELA ? "\ section [%2d] '%s': section entry size does not match ElfXX_Rela\n" : "\ section [%2d] '%s': section entry size does not match ElfXX_Rel\n"), -@@ -1389,7 +1406,8 @@ check_rela (Ebl *ebl, GElf_Ehdr *ehdr, G +@@ -1401,7 +1418,8 @@ check_rela (Ebl *ebl, GElf_Ehdr *ehdr, G Elf_Data *symdata = elf_getdata (symscn, NULL); enum load_state state = state_undecided; @@ -675,7 +675,7 @@ { GElf_Rela rela_mem; GElf_Rela *rela = gelf_getrela (data, cnt, &rela_mem); -@@ -1439,7 +1457,8 @@ check_rel (Ebl *ebl, GElf_Ehdr *ehdr, GE +@@ -1451,7 +1469,8 @@ check_rel (Ebl *ebl, GElf_Ehdr *ehdr, GE Elf_Data *symdata = elf_getdata (symscn, NULL); enum load_state state = state_undecided; @@ -685,7 +685,7 @@ { GElf_Rel rel_mem; GElf_Rel *rel = gelf_getrel (data, cnt, &rel_mem); -@@ -1543,7 +1562,8 @@ section [%2d] '%s': referenced as string +@@ -1555,7 +1574,8 @@ section [%2d] '%s': referenced as string shdr->sh_link, section_name (ebl, shdr->sh_link), idx, section_name (ebl, idx)); @@ -695,7 +695,7 @@ ERROR (gettext ("\ section [%2d] '%s': section entry size does not match ElfXX_Dyn\n"), idx, section_name (ebl, idx)); -@@ -1553,7 +1573,7 @@ section [%2d] '%s': section entry size d +@@ -1565,7 +1585,7 @@ section [%2d] '%s': section entry size d idx, section_name (ebl, idx)); bool non_null_warned = false; @@ -704,7 +704,7 @@ { GElf_Dyn dyn_mem; GElf_Dyn *dyn = gelf_getdyn (data, cnt, &dyn_mem); -@@ -1834,6 +1854,8 @@ section [%2d] '%s': entry size does not +@@ -1846,6 +1866,8 @@ section [%2d] '%s': entry size does not idx, section_name (ebl, idx)); if (symshdr != NULL @@ -713,7 +713,7 @@ && (shdr->sh_size / shdr->sh_entsize < symshdr->sh_size / symshdr->sh_entsize)) ERROR (gettext ("\ -@@ -1860,6 +1882,12 @@ section [%2d] '%s': extended section ind +@@ -1872,6 +1894,12 @@ section [%2d] '%s': extended section ind } Elf_Data *data = elf_getdata (elf_getscn (ebl->elf, idx), NULL); @@ -726,7 +726,7 @@ if (*((Elf32_Word *) data->d_buf) != 0) ERROR (gettext ("symbol 0 should have zero extended section index\n")); -@@ -1902,7 +1930,7 @@ section [%2d] '%s': hash table section i +@@ -1914,7 +1942,7 @@ section [%2d] '%s': hash table section i size_t maxidx = nchain; @@ -735,7 +735,7 @@ { size_t symsize = symshdr->sh_size / symshdr->sh_entsize; -@@ -1913,18 +1941,28 @@ section [%2d] '%s': hash table section i +@@ -1925,18 +1953,28 @@ section [%2d] '%s': hash table section i maxidx = symsize; } @@ -766,7 +766,7 @@ } -@@ -1954,18 +1992,28 @@ section [%2d] '%s': hash table section i +@@ -1966,18 +2004,28 @@ section [%2d] '%s': hash table section i maxidx = symsize; } @@ -798,7 +798,7 @@ } -@@ -1990,7 +2038,7 @@ section [%2d] '%s': bitmask size not pow +@@ -2002,7 +2050,7 @@ section [%2d] '%s': bitmask size not pow if (shdr->sh_size < (4 + bitmask_words + nbuckets) * sizeof (Elf32_Word)) { ERROR (gettext ("\ @@ -807,7 +807,7 @@ idx, section_name (ebl, idx), (long int) shdr->sh_size, (long int) ((4 + bitmask_words + nbuckets) * sizeof (Elf32_Word))); return; -@@ -2644,8 +2692,9 @@ section [%2d] '%s' refers in sh_link to +@@ -2659,8 +2707,9 @@ section [%2d] '%s' refers in sh_link to /* The number of elements in the version symbol table must be the same as the number of symbols. */ @@ -819,15 +819,6 @@ ERROR (gettext ("\ section [%2d] '%s' has different number of entries than symbol table [%2d] '%s'\n"), idx, section_name (ebl, idx), -@@ -3574,6 +3623,8 @@ phdr[%d]: no note entries defined for th - return; - - char *notemem = gelf_rawchunk (ebl->elf, phdr->p_offset, phdr->p_filesz); -+ if (notemem == NULL) -+ return; - - /* ELF64 files often use note section entries in the 32-bit format. - The p_align field is set to 8 in case the 64-bit format is used. --- elfutils-0.127/libelf/elf_begin.c.robustify +++ elfutils-0.127/libelf/elf_begin.c @@ -155,7 +155,8 @@ get_shnum (void *map_address, unsigned c Index: elfutils.spec =================================================================== RCS file: /cvs/dist/rpms/elfutils/FC-6/elfutils.spec,v retrieving revision 1.82 retrieving revision 1.83 diff -u -r1.82 -r1.83 --- elfutils.spec 19 Aug 2007 21:43:44 -0000 1.82 +++ elfutils.spec 16 Oct 2007 08:38:52 -0000 1.83 @@ -1,4 +1,4 @@ -%define eu_version 0.129 +%define eu_version 0.130 %define eu_release 1 %if %{?_with_compat:1}%{!?_with_compat:0} @@ -35,6 +35,7 @@ Source2: testfile16.symtab.bz2 Source3: testfile16.symtab.debug.bz2 + BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) BuildRequires: bison >= 1.875 BuildRequires: flex >= 2.5.4a @@ -216,6 +217,7 @@ %{_bindir}/eu-strip #%{_bindir}/eu-ld %{_bindir}/eu-unstrip +%{_bindir}/eu-make-debug-archive %files libs %defattr(-,root,root) @@ -259,6 +261,25 @@ %{_libdir}/libelf.a %changelog +* Tue Oct 16 2007 Roland McGrath - 0.130-1 +- Update to 0.130 + - eu-readelf -p option can take an argument like -x for one section + - eu-readelf --archive-index (or -c) + - eu-readelf -n improved output for core dumps + - eu-readelf: handle SHT_NOTE sections without requiring phdrs (#249467) + - eu-elflint: ditto + - eu-elflint: stricter checks on debug sections + - eu-unstrip: new options, --list (or -n), --relocate (or -R) + - libelf: new function elf_getdata_rawchunk, replaces gelf_rawchunk; + new functions gelf_getnote, gelf_getauxv, gelf_update_auxv + - libebl: backend improvements (#324031) + - libdwfl: build_id support, new functions for it + - libdwfl: dwfl_module_addrsym fixes (#268761, #268981) + - libdwfl offline archive support, new script eu-make-debug-archive + +* Mon Aug 20 2007 Roland McGrath - 0.129-2 +- Fix false-positive eu-elflint failure on ppc -mbss-plt binaries. + * Tue Aug 14 2007 Roland McGrath - 0.129-1 - Update to 0.129 - readelf: new options --hex-dump (or -x), --strings (or -p) (#250973) Index: sources =================================================================== RCS file: /cvs/dist/rpms/elfutils/FC-6/sources,v retrieving revision 1.38 retrieving revision 1.39 diff -u -r1.38 -r1.39 --- sources 19 Aug 2007 21:43:44 -0000 1.38 +++ sources 16 Oct 2007 08:38:52 -0000 1.39 @@ -1,3 +1,3 @@ 07a924423a05b1bf6d0f9fe8b35dbe6b testfile16.symtab.bz2 bd40d1aaca8eaf1c7aea54bf4b29bda2 testfile16.symtab.debug.bz2 -237bb2ea0c37b41e69c5a50b956a56c1 elfutils-0.129.tar.gz +8111e6ea9f237567cbe086fb10c29fa1 elfutils-0.130.tar.gz From fedora-cvs-commits at redhat.com Tue Oct 16 18:13:47 2007 From: fedora-cvs-commits at redhat.com (fedora-cvs-commits at redhat.com) Date: Tue, 16 Oct 2007 14:13:47 -0400 Subject: rpms/kernel/FC-6 patch-2.6.22.10.bz2.sign, NONE, 1.1 .cvsignore, 1.574, 1.575 kernel-2.6.spec, 1.3029, 1.3030 sources, 1.538, 1.539 upstream, 1.458, 1.459 linux-2.6-aacraid-ioctl-security.patch, 1.1, NONE linux-2.6-amd-fix-broken-lapic-timer-detect.patch, 1.1, NONE linux-2.6-ata-update-noncq.patch, 1.1, NONE linux-2.6-libata-2.6.23-rc8-noncq.patch, 1.1, NONE patch-2.6.22.9.bz2.sign, 1.1, NONE Message-ID: <200710161813.l9GIDlNl001226@cvs.devel.redhat.com> Author: cebbert Update of /cvs/dist/rpms/kernel/FC-6 In directory cvs.devel.redhat.com:/tmp/cvs-serv1205 Modified Files: .cvsignore kernel-2.6.spec sources upstream Added Files: patch-2.6.22.10.bz2.sign Removed Files: linux-2.6-aacraid-ioctl-security.patch linux-2.6-amd-fix-broken-lapic-timer-detect.patch linux-2.6-ata-update-noncq.patch linux-2.6-libata-2.6.23-rc8-noncq.patch patch-2.6.22.9.bz2.sign Log Message: * Tue Oct 16 2007 Chuck Ebbert - Linux 2.6.22.10 --- NEW FILE patch-2.6.22.10.bz2.sign --- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) Comment: See http://www.kernel.org/signature.html for info iD8DBQBHDRLoyGugalF9Dw4RAmC1AJ0ZoqJRK7f7ETwWWxpGtnM+OGX4YgCfZcqf szMDE7aPglyecTuGJQ+MGD4= =Oho2 -----END PGP SIGNATURE----- Index: .cvsignore =================================================================== RCS file: /cvs/dist/rpms/kernel/FC-6/.cvsignore,v retrieving revision 1.574 retrieving revision 1.575 diff -u -r1.574 -r1.575 --- .cvsignore 26 Sep 2007 18:58:49 -0000 1.574 +++ .cvsignore 16 Oct 2007 18:13:44 -0000 1.575 @@ -3,4 +3,4 @@ temp-* kernel-2.6.22 linux-2.6.22.tar.bz2 -patch-2.6.22.9.bz2 +patch-2.6.22.10.bz2 Index: kernel-2.6.spec =================================================================== RCS file: /cvs/dist/rpms/kernel/FC-6/kernel-2.6.spec,v retrieving revision 1.3029 retrieving revision 1.3030 diff -u -r1.3029 -r1.3030 --- kernel-2.6.spec 27 Sep 2007 21:36:07 -0000 1.3029 +++ kernel-2.6.spec 16 Oct 2007 18:13:44 -0000 1.3030 @@ -30,7 +30,7 @@ ## If this is a released kernel ## %if 0%{?released_kernel} # Do we have a 2.6.21.y update to apply? -%define stable_update 9 +%define stable_update 10 # Set rpm version accordingly %if 0%{?stable_update} %define stablerev .%{stable_update} @@ -523,7 +523,6 @@ Patch35: linux-2.6-genirq-fixes.patch Patch40: linux-2.6-x86-tune-generic.patch Patch50: linux-2.6-x86-vga-vidfail.patch -Patch52: linux-2.6-amd-fix-broken-lapic-timer-detect.patch Patch90: linux-2.6-kvm-suspend.patch Patch100: linux-2.6-g5-therm-shutdown.patch @@ -556,7 +555,6 @@ Patch390: linux-2.6-dev-get-driver-properly.patch Patch400: linux-2.6-scsi-cpqarray-set-master.patch -Patch401: linux-2.6-aacraid-ioctl-security.patch Patch404: linux-2.6-scsi-mpt-vmware-fix.patch Patch420: linux-2.6-squashfs.patch @@ -590,7 +588,6 @@ Patch650: linux-2.6-lvm-snapshot-deadlock-fix.patch Patch660: linux-2.6-libata-ali-atapi-dma.patch -Patch662: linux-2.6-ata-update-noncq.patch Patch663: linux-2.6-ata-quirk.patch Patch667: linux-2.6-libata-ata_piix_fix_pio-mwdma-programming.patch Patch669: linux-2.6-libata-restore-combined-mode.patch @@ -602,7 +599,6 @@ Patch677: linux-2.6-libata-pata_sis-fix-dma-timing.patch Patch678: linux-2.6-libata-pata_sis-dma-add-missing-entry.patch Patch679: linux-2.6-libata-sata_sil24-fix-irq-clearing-race.patch -Patch680: linux-2.6-libata-2.6.23-rc8-noncq.patch Patch689: git-wireless-dev.patch Patch690: linux-2.6-e1000-ich9.patch @@ -1126,8 +1122,6 @@ # for the installer cd that wants to automatically fall back to textmode # in that case ApplyPatch linux-2.6-x86-vga-vidfail.patch -# check all AMD CPU cores for broken lapic timer -ApplyPatch linux-2.6-amd-fix-broken-lapic-timer-detect.patch # patch to fix suspend with kvm loaded and guests running ApplyPatch linux-2.6-kvm-suspend.patch @@ -1208,8 +1202,6 @@ # # fix cpqarray pci enable ApplyPatch linux-2.6-scsi-cpqarray-set-master.patch -# aacraid: ioctl handler needs permission check -ApplyPatch linux-2.6-aacraid-ioctl-security.patch # fix vmware's broken emulation of SCSI controller ApplyPatch linux-2.6-scsi-mpt-vmware-fix.patch @@ -1278,9 +1270,6 @@ # Disable ATAPI DMA on ALI chipsets. ApplyPatch linux-2.6-libata-ali-atapi-dma.patch -# libata: don't initialize sg in ata_exec_internal() if DMA_NONE -# libata: update the noncq list -ApplyPatch linux-2.6-ata-update-noncq.patch # ia64 ata quirk ApplyPatch linux-2.6-ata-quirk.patch # NSIA @@ -1302,8 +1291,6 @@ ApplyPatch linux-2.6-libata-pata_sis-dma-add-missing-entry.patch # sata_sil24 irq race fix ApplyPatch linux-2.6-libata-sata_sil24-fix-irq-clearing-race.patch -# update the libata NONCQ list -ApplyPatch linux-2.6-libata-2.6.23-rc8-noncq.patch # Add the new wireless stack and drivers from wireless-dev ApplyPatch git-wireless-dev.patch @@ -2291,6 +2278,9 @@ %endif %changelog +* Tue Oct 16 2007 Chuck Ebbert +- Linux 2.6.22.10 + * Thu Sep 27 2007 Chuck Ebbert - Revert to old RTC driver. - Zero fill environment for uevent handlers. Index: sources =================================================================== RCS file: /cvs/dist/rpms/kernel/FC-6/sources,v retrieving revision 1.538 retrieving revision 1.539 diff -u -r1.538 -r1.539 --- sources 26 Sep 2007 18:58:49 -0000 1.538 +++ sources 16 Oct 2007 18:13:44 -0000 1.539 @@ -1,2 +1,2 @@ 2e230d005c002fb3d38a3ca07c0200d0 linux-2.6.22.tar.bz2 -6e2e5112d69af5c8d78cff0479c700cd patch-2.6.22.9.bz2 +8dc6d14fb270d13e8ef670d23387b418 patch-2.6.22.10.bz2 Index: upstream =================================================================== RCS file: /cvs/dist/rpms/kernel/FC-6/upstream,v retrieving revision 1.458 retrieving revision 1.459 diff -u -r1.458 -r1.459 --- upstream 26 Sep 2007 18:58:49 -0000 1.458 +++ upstream 16 Oct 2007 18:13:44 -0000 1.459 @@ -1,2 +1,2 @@ linux-2.6.22.tar.bz2 -patch-2.6.22.9.bz2 +patch-2.6.22.10.bz2 --- linux-2.6-aacraid-ioctl-security.patch DELETED --- --- linux-2.6-amd-fix-broken-lapic-timer-detect.patch DELETED --- --- linux-2.6-ata-update-noncq.patch DELETED --- --- linux-2.6-libata-2.6.23-rc8-noncq.patch DELETED --- --- patch-2.6.22.9.bz2.sign DELETED --- From fedora-cvs-commits at redhat.com Tue Oct 16 18:46:02 2007 From: fedora-cvs-commits at redhat.com (fedora-cvs-commits at redhat.com) Date: Tue, 16 Oct 2007 14:46:02 -0400 Subject: rpms/authconfig/FC-6 .cvsignore, 1.57, 1.58 authconfig.spec, 1.73, 1.74 sources, 1.64, 1.65 Message-ID: <200710161846.l9GIk27h003381@cvs.devel.redhat.com> Author: tmraz Update of /cvs/dist/rpms/authconfig/FC-6 In directory cvs.devel.redhat.com:/tmp/cvs-serv3365 Modified Files: .cvsignore authconfig.spec sources Log Message: * Tue Oct 16 2007 Tomas Mraz - 5.3.18-0.1 - backport to FC6, undoing some changes Index: .cvsignore =================================================================== RCS file: /cvs/dist/rpms/authconfig/FC-6/.cvsignore,v retrieving revision 1.57 retrieving revision 1.58 diff -u -r1.57 -r1.58 --- .cvsignore 30 Nov 2006 09:18:02 -0000 1.57 +++ .cvsignore 16 Oct 2007 18:45:54 -0000 1.58 @@ -1 +1 @@ -authconfig-5.3.12.tar.bz2 +authconfig-5.3.18.tar.bz2 Index: authconfig.spec =================================================================== RCS file: /cvs/dist/rpms/authconfig/FC-6/authconfig.spec,v retrieving revision 1.73 retrieving revision 1.74 diff -u -r1.73 -r1.74 --- authconfig.spec 30 Nov 2006 09:18:02 -0000 1.73 +++ authconfig.spec 16 Oct 2007 18:45:54 -0000 1.74 @@ -1,17 +1,21 @@ Summary: Command line tool for setting up authentication from network services Name: authconfig -Version: 5.3.12 +Version: 5.3.18 # Don't change release in elvis CVS, up version after merging all patches # from dist CVS instead. -Release: 1%{?dist} -License: GPL +Release: 0.1%{?dist} +License: GPLv2+ ExclusiveOS: Linux Group: System Environment/Base -BuildRoot: %{_tmppath}/%{name}-root +BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) +# The upstream project is hosted in CVS on: +URL: http://rhlinux.redhat.com/ +# The project doesn't have http site with downloadable tarballs yet. Source: %{name}-%{version}.tar.bz2 Requires: rhpl, newt, pam >= 0.99.6.2, usermode Requires: python >= %(%{__python} -c "import sys; print sys.version[:3]") Conflicts: pam_krb5 < 1.49, samba-common < 3.0, samba-client < 3.0 +Conflicts: nss_ldap < 254 BuildRequires: glib2-devel, python, python-devel BuildRequires: desktop-file-utils, intltool, gettext, perl-XML-Parser @@ -56,7 +60,7 @@ rm -rf $RPM_BUILD_ROOT %files -f %{name}.lang -%defattr(-,root,root) +%defattr(-,root,root,-) %doc COPYING NOTES TODO README.samba3 %ghost %config(noreplace) %{_sysconfdir}/sysconfig/authconfig %ghost %config(noreplace) %{_sysconfdir}/pam.d/system-auth-ac @@ -80,7 +84,7 @@ %config(noreplace) %{_sysconfdir}/security/console.apps/authconfig-tui %files gtk -%defattr(-,root,root) +%defattr(-,root,root,-) %{_bindir}/authconfig-gtk %{_bindir}/system-config-authentication %{_sbindir}/authconfig-gtk @@ -95,6 +99,57 @@ %{_datadir}/pixmaps/* %changelog +* Tue Oct 16 2007 Tomas Mraz - 5.3.18-0.1 +- backport to FC6, undoing some changes + +* Tue Sep 25 2007 Tomas Mraz - 5.3.18-1 +- improve krb5.conf handling (#238766) + +* Fri Aug 24 2007 Tomas Mraz - 5.3.17-1 +- remove obsolete pam_krb5afs support (#250704) +- add support for pam_access (#251360) +- update translations + +* Tue Aug 21 2007 Tomas Mraz - 5.3.16-3 +- license tag fix + +* Thu Aug 9 2007 Tomas Mraz - 5.3.16-2 +- require newt-python (#251359) + +* Wed Jul 25 2007 Tomas Mraz - 5.3.16-1 +- add support for winbind offline login (#232955) + +* Wed Jul 18 2007 Tomas Mraz - 5.3.15-1 +- dnsclient fixes by Simo Sorce +- add Categories to .desktop file (#245868) +- fixed traceback when calling joinDomain (#245374) +- disable smart card action setting when gnome-screensaver + not installed (#209643) +- do not change protocols and services in nsswitch.conf (#236669) + +* Tue Jun 12 2007 Tomas Mraz - 5.3.14-1 +- authconfig.8 synopsis fixed (patch by Eric Raymond) (#220574) +- drop explicit requirement on python version as it is now + generated automatically +- improve writing /etc/samba/smb.conf (based on patch by + Simo Sorce) +- merge changes upstream + +* Fri May 4 2007 Tomas Mraz - 5.3.13-4 +- local nis domain is obtained from sysconfig/network (#235927) +- set "local authorization is sufficient" on by default + +* Thu Apr 5 2007 Tomas Mraz - 5.3.13-3 +- minor changes and cleanups for merge review (#225293) + +* Mon Mar 19 2007 Tomas Mraz - 5.3.13-2 +- nss_ldap is now in /usr/lib (#232975) + +* Tue Dec 12 2006 Tomas Mraz - 5.3.13-1 +- another traceback in --probe and other fixes (#218874) +- make smbRealm a default realm when appropriate (#219300) +- added missing languages in LINGUAS + * Wed Nov 29 2006 Tomas Mraz - 5.3.12-1 - when pam_krb5 auth fails with smartcard login don't enforce it in the account stack (#214931) @@ -542,314 +597,3 @@ - move post code to the back-end - add a libglade GUI in a -gtk subpackage - set up to use userhelper - -* Tue Nov 27 2001 Nalin Dahyabhai -- remove pam_winbind from the list of session modules, because it doesn't - provide a session-management interface - -* Mon Sep 24 2001 Nalin Dahyabhai 4.1.20-1 -- make pam_localuser sufficient after pam_unix in account management, to allow - local users in even if network connections to the LDAP directory are down (the - network users should fail when pam_ldap returns a system error) - -* Thu Sep 6 2001 Nalin Dahyabhai 4.1.19-1 -- translation refresh - -* Tue Aug 28 2001 Nalin Dahyabhai -- fix assertion error hitting glib (#51798) -- allow multiple ldap servers to be specified (#49864) - -* Fri Aug 24 2001 Nalin Dahyabhai 4.1.18-1 -- pam_ldap shouldn't be a mandatory module (#52531) -- refresh translations - -* Thu Aug 23 2001 Nalin Dahyabhai 4.1.17-1 -- make pam_ldap required for account management when ldapauth is enabled - (this requires pam_ldap 114 or later, but simplifies things) -- more translation updates - -* Wed Aug 22 2001 Nalin Dahyabhai 4.1.16-1 -- warn about nscd the same way we do about nss_ldap and pam_krb5 -- reorder some internal code so that it's easier to maintain -- change help string about the --probe option to make it clearer that using - it doesn't actually set any options -- update translations from CVS - -* Tue Aug 21 2001 Nalin Dahyabhai 4.1.15-1 -- set "pam_password md5" instead of "pam_password crypt" in ldap.conf if MD5 - is enabled - -* Mon Aug 20 2001 Nalin Dahyabhai 4.1.14-1 -- right justify labels, and remove padding - -* Fri Aug 17 2001 Nalin Dahyabhai -- update translations from CVS, fixing #51873 - -* Thu Aug 16 2001 Nalin Dahyabhai -- set "pam_password crypt" in ldap.conf if not previously set -- update translations - -* Mon Aug 6 2001 Nalin Dahyabhai -- don't mess with krb4 config files if we have no realm -- update translations - -* Mon Jul 30 2001 Nalin Dahyabhai -- use USESHADOW, USENIS, USEHESIOD, and USESMBAUTH variables to - /etc/sysconfig/authconfig -- update translations - -* Mon Jul 9 2001 Nalin Dahyabhai -- add "type=" to the list of arguments set up for pam_cracklib -- also modify /etc/krb.conf when configuring Kerberos (for compatibility) -- add --enablecache and --disablecache, which duplicates some of ntsysv's - functionality, but it belongs here, too -- bravely try to carry on if bad options are passed in during kickstart - -* Mon Jun 25 2001 Nalin Dahyabhai -- fix man page reference to file (/etc/sysconfig/authconfig, not auth) (#43344) -- own /etc/sysconfig/authconfig (#43344) -- fix spelling errors in Japanese message files (#15984) - -* Tue Jun 12 2001 Nalin Dahyabhai -- rename --{enable,disable}smb to --{enable,disable}smbauth - -* Thu May 31 2001 Nalin Dahyabhai -- add --probe option to guess at LDAP and Kerberos configuration using DNS -- add preliminary support for SMB authentication - -* Wed Feb 14 2001 Preston Brown -- final translation update. -- langify - -* Mon Feb 12 2001 Nalin Dahyabhai -- errors connecting to LDAP also trigger service_err returns, so ignore on - those as well - -* Fri Feb 9 2001 Nalin Dahyabhai -- handle the case where the user doesn't specify a Kerberos realm, but - enables it anyway -- update translations - -* Wed Feb 7 2001 Nalin Dahyabhai -- remove pam_access from the default configuration -- swat, pop, imap, etc. - don't define a tty and pam_access bails if one isn't set - -* Tue Feb 6 2001 Nalin Dahyabhai -- ignore on errors connecting to LDAP servers when doing LDAP account mgmt - (probably less secure, but it allows root to log in when a wrong server - name has been specified or the server is down) - -* Mon Feb 5 2001 Nalin Dahyabhai -- make account management in system-auth be an AND operation, but ignore - user_unknown status for pam_ldap account management so that local root - can log in (#26029) -- add pam_access and pam_env (#16170) to default configuration - -* Tue Jan 24 2001 Preston Brown -- final translation update before Beta - -* Tue Jan 24 2001 Nalin Dahyabhai -- update translations -- make the entry fields on the second screen just a *little* bit smaller - -* Fri Jan 12 2001 Nalin Dahyabhai -- really fix #23016 this time -- add buildprereqs on pam-devel, newt-devel, and glib-devel - -* Wed Jan 10 2001 Nalin Dahyabhai -- match nss_ldap change of flag definitions for "ssl" flag ("on"=>"start_tls") -- change the "nothing-enabled" default so that we don't mistakenly think that - NIS is enabled later on when it isn't supposed to be (#23327) -- only enable LDAP-related entry stuff on the appropriate screens (#23328) - -* Sat Dec 30 2000 Nalin Dahyabhai -- make the copyright message translateable (#23016) - -* Fri Dec 29 2000 Nalin Dahyabhai -- split the one big help message into multiple help messages (#23017) - -* Wed Dec 12 2000 Nalin Dahyabhai -- don't write out configuration files for NIS, LDAP, Kerberos, Hesiod unless - they're enabled when the user quits (we always write NSS, PAM, network) - -* Fri Dec 8 2000 Nalin Dahyabhai -- make the internal code reflect the external use of "tls" instead of "ssl" - -* Thu Dec 7 2000 Nalin Dahyabhai -- add support for toggling TLS on and off in /etc/ldap.conf - -* Wed Nov 29 2000 Nalin Dahyabhai -- don't bother with USESHADOW; testing for /etc/shadow is sufficient -- use newtGrids to make NLS text fit (mostly) -- also edit "hosts:" to make sure it's there if nsswitch.conf is gone or broken -- preserve use of "db" and "nisplus" sources, even though we don't set them up - -* Mon Nov 27 2000 Nalin Dahyabhai -- add the "nis" flag to pam_unix when NIS is enabled - -* Wed Oct 4 2000 Nalin Dahyabhai -- read/write to /etc/syconfig/authconfig for PAM setup information - -* Tue Aug 29 2000 Nalin Dahyabhai -- don't set "shadow" or "md5" for authentication with pam_unix, they're - not needed (remove for clarity) -- add an authInfoCopy() routine to authinfo.c - -* Mon Aug 28 2000 Nalin Dahyabhai -- edit /etc/openldap/ldap.conf in addition to /etc/ldap.conf - -* Thu Aug 24 2000 Erik Troan -- updated it and es translations - -* Sun Aug 20 2000 Matt Wilson -- new translations - -* Wed Aug 9 2000 Nalin Dahyabhai -- merge in new translations - -* Tue Aug 8 2000 Nalin Dahyabhai -- add better error reporting for when Bill runs this on a read-only filesystem - -* Fri Aug 4 2000 Nalin Dahyabhai -- change nss order from (hesiod,ldap,nis) to (nis,ldap,hesiod) in case shadow - is in use -- kick nscd when we quit if it's running (and obey --nostart) - -* Mon Jul 31 2000 Nalin Dahyabhai -- silently support the broken_shadow and bigcrypt flags for pam_unix -- only shut down ypbind if /var/run/ypbind exists - -* Thu Jul 27 2000 Nalin Dahyabhai -- break some translations again - -* Wed Jul 26 2000 Matt Wilson -- new translations for de fr it es - -* Fri Jul 21 2000 Nalin Dahyabhai -- fix bug parsing NIS server names when there aren't any - -* Thu Jul 13 2000 Nalin Dahyabhai -- also modify the services, protocols, and automount in nsswitch.conf -- add netgroups, too (#13824) - -* Tue Jun 27 2000 Nalin Dahyabhai -- add --disable options -- try to not mess with ypbind if it isn't installed - -* Tue Jun 20 2000 Nalin Dahyabhai -- tweak chkconfig magic for ypbind to work better -- turn on portmap when ypbind is enabled - -* Mon Jun 19 2000 Nalin Dahyabhai -- only do chkconfig magic on ypbind if the ypbind init script exists - -* Tue Jun 13 2000 Nalin Dahyabhai -- fix multiple-blank-line problem -- verify that NISDOMAIN is recorded properly in /etc/sysconfig/network - -* Sat Jun 10 2000 Nalin Dahyabhai -- add calls to pam_limits in shared session stack - -* Wed Jun 7 2000 Nalin Dahyabhai -- fix multiple realms section bug -- close all files we open -- bail on errors, even when we can see the file -- use RPM_OPT_FLAGS -- support multiple NIS servers -- warn if needed files aren't there - -* Mon Jun 5 2000 Nalin Dahyabhai -- fix for false-matching beginnings of realm subsections -- FHS fixes - -* Thu Jun 1 2000 Nalin Dahyabhai -- move default system-auth configuration to pam package - -* Wed May 31 2000 Nalin Dahyabhai -- add default system-auth configuration - -* Tue May 30 2000 Nalin Dahyabhai -- fix the uncommented comment problem -- pam_krb5 doesn't provide account management -- base DN can have spaces in it -- use pam_krb5afs for krb5 if /afs is readable -- add the tokens flag to pam_krb5afs -- break (user info and auth setup) into two screens - -* Fri May 26 2000 Nalin Dahyabhai -- finish LDAP support -- add Kerberos 5 support -- add Hesiod support -- migrate PAM config file logic to new method - -* Wed Mar 08 2000 Cristian Gafton -- rebuild for release - -* Wed Feb 16 2000 Preston Brown -- disable LDAP, update man page. - -* Thu Feb 03 2000 Preston Brown -- beginning of /etc/pam.d writing, better man page, broadcast on by default. -- strip man page. - -* Tue Jan 11 2000 Preston Brown -- support for LDAP authentication added. - -* Tue Sep 21 1999 Matt Wilson -- updated man page - -* Mon Sep 20 1999 Matt Wilson -- set up shadowed /etc/group - -* Mon Aug 2 1999 Matt Wilson -- rebuilt against newt 0.50 - -* Mon Apr 19 1999 Cristian Gafton -- release for Red Hat Linux 6.0 - -* Thu Apr 01 1999 Preston Brown -- don't report errors about NIS fields not being filled in if not enabled - -* Fri Mar 26 1999 Preston Brown -- fix typo -- change domainname at nis start and stop - -* Tue Mar 23 1999 Preston Brown -- fixed man page - -* Wed Mar 17 1999 Matt Wilson -- fixed rewriting /etc/yp.conf -- restarts ypbind so that new changes take effect - -* Mon Mar 15 1999 Matt Wilson -- just make the NIS part of configuration grayed out if NIS is not installed - -* Tue Mar 09 1999 Preston Brown -- static buffer sizes increased. - -* Tue Mar 9 1999 Matt Wilson -- removed build opts because of problems on alpha - -* Mon Feb 8 1999 Matt Wilson -- Don't rewrite ypbind.conf if you're not configuring NIS - -* Mon Feb 8 1999 Matt Wilson -- Don't configure NIS if /etc/ypbind.conf does not exist. - -* Sat Feb 6 1999 Matt Wilson -- changed "/sbin/chkconfig --add ypbind" to - "/sbin/chkconfig --level 345 ypbind on" -- added checks for null nis domains and servers if nis is enabled or if - not using broadcast. -- added newt entry filter for spaces in domains - -* Sat Feb 6 1999 Matt Wilson -- changed command line options to match user interface -- added --help - -* Thu Feb 4 1999 Matt Wilson -- Rewrote UI to handle geometry management properly -- MD5 passwords do not require shadow passwords, so made them independent - -* Wed Feb 03 1999 Preston Brown -- initial spec file Index: sources =================================================================== RCS file: /cvs/dist/rpms/authconfig/FC-6/sources,v retrieving revision 1.64 retrieving revision 1.65 diff -u -r1.64 -r1.65 --- sources 30 Nov 2006 09:18:02 -0000 1.64 +++ sources 16 Oct 2007 18:45:54 -0000 1.65 @@ -1 +1 @@ -35f53c5b996d35b26c875ba1df816c45 authconfig-5.3.12.tar.bz2 +1ab30770d66d59c704fd91957edad274 authconfig-5.3.18.tar.bz2 From fedora-cvs-commits at redhat.com Tue Oct 16 20:39:34 2007 From: fedora-cvs-commits at redhat.com (fedora-cvs-commits at redhat.com) Date: Tue, 16 Oct 2007 16:39:34 -0400 Subject: rpms/pango/FC-6 harfbuzz-stuck.patch,NONE,1.1 pango.spec,1.94,1.95 Message-ID: <200710162039.l9GKdYuQ011853@cvs.devel.redhat.com> Author: besfahbo Update of /cvs/dist/rpms/pango/FC-6 In directory cvs.devel.redhat.com:/tmp/cvs-serv11837 Modified Files: pango.spec Added Files: harfbuzz-stuck.patch Log Message: * Tue Oct 16 2007 Behdad Esfahbod - 1.14.10-2 - Add harfbuzz-stuck.patch (GNOME bug #463430) harfbuzz-stuck.patch: harfbuzz-gpos.c | 15 ++++++++++----- harfbuzz-gsub.c | 2 +- 2 files changed, 11 insertions(+), 6 deletions(-) --- NEW FILE harfbuzz-stuck.patch --- Index: pango/pango/opentype/harfbuzz-gpos.c =================================================================== --- pango/pango/opentype/harfbuzz-gpos.c (revision 2404) +++ pango/pango/opentype/harfbuzz-gpos.c (working copy) @@ -1518,7 +1518,7 @@ static void Free_PairPos( HB_GPOS_SubTa static FT_Error Lookup_PairPos1( GPOS_Instance* gpi, HB_PairPosFormat1* ppf1, HB_Buffer buffer, - FT_UShort first_pos, + FT_ULong first_pos, FT_UShort index, FT_UShort format1, FT_UShort format2 ) @@ -1560,7 +1560,7 @@ static FT_Error Lookup_PairPos1( GPOS_I static FT_Error Lookup_PairPos2( GPOS_Instance* gpi, HB_PairPosFormat2* ppf2, HB_Buffer buffer, - FT_UShort first_pos, + FT_ULong first_pos, FT_UShort format1, FT_UShort format2 ) { @@ -1600,7 +1600,8 @@ static FT_Error Lookup_PairPos( GPOS_In int nesting_level ) { FT_Error error; - FT_UShort index, property, first_pos; + FT_UShort index, property; + FT_ULong first_pos; HB_GPOSHeader* gpos = gpi->gpos; HB_PairPos* pp = &st->pair; @@ -1631,8 +1632,12 @@ static FT_Error Lookup_PairPos( GPOS_In return error; if ( buffer->in_pos == buffer->in_length ) - return HB_Err_Not_Covered; + { + buffer->in_pos = first_pos; + return HB_Err_Not_Covered; + } (buffer->in_pos)++; + } switch ( pp->PosFormat ) @@ -3137,7 +3142,7 @@ static FT_Error Do_ContextPos( GPOS_Ins int nesting_level ) { FT_Error error; - FT_UShort i, old_pos; + FT_ULong i, old_pos; i = 0; Index: pango/pango/opentype/harfbuzz-gsub.c =================================================================== --- pango/pango/opentype/harfbuzz-gsub.c (revision 2405) +++ pango/pango/opentype/harfbuzz-gsub.c (working copy) @@ -1130,7 +1130,7 @@ static FT_Error Do_ContextSubst( HB_GSU int nesting_level ) { FT_Error error; - FT_UShort i, old_pos; + FT_ULong i, old_pos; i = 0; Index: pango.spec =================================================================== RCS file: /cvs/dist/rpms/pango/FC-6/pango.spec,v retrieving revision 1.94 retrieving revision 1.95 diff -u -r1.94 -r1.95 --- pango.spec 31 Jan 2007 18:24:08 -0000 1.94 +++ pango.spec 16 Oct 2007 20:39:32 -0000 1.95 @@ -8,7 +8,7 @@ Summary: System for layout and rendering of internationalized text Name: pango Version: 1.14.10 -Release: 1%{?dist} +Release: 2%{?dist} License: LGPL Group: System Environment/Libraries Source: http://download.gnome.org/sources/pango/1.14/pango-%{version}.tar.bz2 @@ -37,6 +37,8 @@ # Look for pango.modules in an arch-specific directory Patch2: pango-1.2.5-lib64.patch +Patch3: harfbuzz-stuck.patch + %description Pango is a system for layout and rendering of internationalized text. @@ -67,6 +69,7 @@ %patch1 -p1 -b .slighthint %patch2 -p1 -b .lib64 +%patch3 -p1 -b .harfbuzz-stuck %build @@ -189,6 +192,9 @@ %changelog +* Tue Oct 16 2007 Behdad Esfahbod - 1.14.10-2 +- Add harfbuzz-stuck.patch (GNOME bug #463430) + * Wed Jan 31 2007 Matthias Clasen - 1.14.10-1 - Update to 1.14.10 From fedora-cvs-commits at redhat.com Wed Oct 17 07:04:39 2007 From: fedora-cvs-commits at redhat.com (fedora-cvs-commits at redhat.com) Date: Wed, 17 Oct 2007 03:04:39 -0400 Subject: rpms/tk/FC-6 tk-gifoverflow.patch,NONE,1.1 tk.spec,1.22,1.23 Message-ID: <200710170704.l9H74d5V024991@cvs.devel.redhat.com> Author: mmaslano Update of /cvs/dist/rpms/tk/FC-6 In directory cvs.devel.redhat.com:/tmp/cvs-serv24974 Modified Files: tk.spec Added Files: tk-gifoverflow.patch Log Message: gif buffer overflow CVE-2007-5137 tk-gifoverflow.patch: tkImgGIF.c | 2 +- 1 files changed, 1 insertion(+), 1 deletion(-) --- NEW FILE tk-gifoverflow.patch --- --- tk8.4.15/generic/tkImgGIF.c.old 2006-03-27 14:13:56.000000000 +0200 +++ tk8.4.15/generic/tkImgGIF.c 2007-09-17 09:28:42.000000000 +0200 @@ -995,7 +995,7 @@ */ if (interlace) { ypos += interlaceStep[pass]; - while (ypos >= height) { + while (ypos >= rows) { pass++; if (pass > 3) { return TCL_OK; Index: tk.spec =================================================================== RCS file: /cvs/dist/rpms/tk/FC-6/tk.spec,v retrieving revision 1.22 retrieving revision 1.23 diff -u -r1.22 -r1.23 --- tk.spec 20 Jul 2006 20:04:17 -0000 1.22 +++ tk.spec 17 Oct 2007 07:04:36 -0000 1.23 @@ -3,7 +3,7 @@ Summary: Tk graphical toolkit for the Tcl scripting language Name: tk Version: %{majorver}.13 -Release: 3%{?dist} +Release: 4%{?dist} License: BSD Group: Development/Languages URL: http://tcl.sourceforge.net/ @@ -20,6 +20,7 @@ Patch3: tk-8.4-no_rpath.patch Patch4: tk-8.4.13-autoconf.patch Patch5: tk-8.4.13-cflags.patch +Patch6: tk-gifoverflow.patch %description When paired with the Tcl scripting language, Tk provides a fast and powerful @@ -47,6 +48,7 @@ %patch3 -p1 -b .3-rpath %patch4 -p1 -b .4-ac213 %patch5 -p1 -b .5-cflags +%patch6 -p1 -b .6-gifoverflow # patch1 touches tcl.m4 cd unix @@ -117,6 +119,10 @@ %{_mandir}/mann/* %changelog +* Wed Oct 17 2007 Marcela Maslanova - 8.4.13-4 +- gif buffer overflow CVE-2007-5137 +- Resolves: rhbz#332071 + * Thu Jul 20 2006 David Cantrell - 8.4.13-3 - Patch from Dennis Gilmore for sparc64 (#199378) From fedora-cvs-commits at redhat.com Wed Oct 17 07:43:39 2007 From: fedora-cvs-commits at redhat.com (fedora-cvs-commits at redhat.com) Date: Wed, 17 Oct 2007 03:43:39 -0400 Subject: rpms/elfutils/FC-6 elfutils-0.130-fixes.patch, NONE, 1.1 elfutils.spec, 1.83, 1.84 Message-ID: <200710170743.l9H7hcLY027597@cvs.devel.redhat.com> Author: roland Update of /cvs/dist/rpms/elfutils/FC-6 In directory cvs.devel.redhat.com:/tmp/cvs-serv27581 Modified Files: elfutils.spec Added Files: elfutils-0.130-fixes.patch Log Message: post-0.130 fixes elfutils-0.130-fixes.patch: 0 files changed --- NEW FILE elfutils-0.130-fixes.patch --- # # # patch "libdwfl/ChangeLog" # from [5323e83f0ba1ae96c326f6d799ffe684e6f90939] # to [e8ac39af4808defcc93f6f4e55f092cbdd1089e0] # # patch "libdwfl/dwfl_module_build_id.c" # from [ae14fc9f3be468ffff14b4f6247ad38898705132] # to [c67b9be68b69c98f6fd1024f521acdab0678ea02] # # patch "libdwfl/dwfl_module_getsym.c" # from [5596a4a3df363bb27759a0c26519b9818475aa80] # to [c1a0448eecebc039393fb884ff7d0684d1d5001f] # # patch "libdwfl/dwfl_report_elf.c" # from [d9db919b103fc3411d240f3a096af5e57a3adce6] # to [ee4a17cd0e3bf27c306b484ab38c34a7de2b7c0e] # # patch "libdwfl/offline.c" # from [1508fb5c96e46f5bf3bbdaa0e18921243cf2ab8b] # to [d8dc43d35ecff3200099ec421a93cfadbd5a2e17] # # patch "libdwfl/relocate.c" # from [5a08921fcd4b957b0d768e7a140eb5187dcaf69e] # to [51258c3bf6a18602dbd3fd2d8b721d4f7a9aef60] # # patch "src/ChangeLog" # from [18c1d13eb93bea8ea545811e1513cfa8fa207fa5] # to [026cfbde5f235e169ca1aa4c5be156090254d137] # # patch "src/readelf.c" # from [a0d9bd8c3fb36429895ee314dd3a874af3f8866e] # to [06970982eff8d85287725619dd9eefc51c1bf1c0] # # patch "tests/ChangeLog" # from [567abc0255271ddf2937bd3ebc5eebd8e0417d12] # to [90ef947259192962a6242fab915f10059bef1b0c] # # patch "tests/test-subr.sh" # from [5ba4008367c39437a8e8d6ed0b6757d54bc10f4d] # to [ea1d0339bca3d875076ed15e114e9d47b2ea96e2] # ============================================================ --- libdwfl/ChangeLog 5323e83f0ba1ae96c326f6d799ffe684e6f90939 +++ libdwfl/ChangeLog e8ac39af4808defcc93f6f4e55f092cbdd1089e0 @@ -1,3 +1,36 @@ +2007-10-17 Roland McGrath + + * dwfl_module_getsym.c (dwfl_module_getsym): Apply MOD->symfile->bias + to relocated st_value. + + * dwfl_report_elf.c (__libdwfl_report_elf): Align initial BASE for + ET_REL to 0x100. + +2007-10-16 Roland McGrath + + * dwfl_report_elf.c (__libdwfl_report_elf): Readjust BASE when a later + section has larger alignment requirements not met by the original BASE, + rather than padding more between sections. + + * dwfl_report_elf.c (__libdwfl_report_elf): Fix bias calculation. + + * dwfl_module_build_id.c (__libdwfl_find_build_id): Apply module bias + to sh_addr value. + + * dwfl_report_elf.c (__libdwfl_report_elf): Don't be confused by BASE + at zero in ET_REL case. Adjust BASE to necessary alignment. + + * dwfl_module_build_id.c (check_notes): Take -1, not 0, as stub value + for DATA_VADDR. + (__libdwfl_find_build_id): Update caller. + + * relocate.c (__libdwfl_relocate_value): Don't use sh_offset. + * dwfl_report_elf.c (__libdwfl_report_elf): Likewise. + * offline.c (dwfl_offline_section_address): Bail early if there is + separate debug file. + + * relocate.c (__libdwfl_relocate): Don't return DWFL_E_NO_DWARF. + 2007-10-09 Roland McGrath * dwfl_report_elf.c (__libdwfl_report_elf): Clear SHDR->sh_offset when ============================================================ --- libdwfl/dwfl_module_build_id.c ae14fc9f3be468ffff14b4f6247ad38898705132 +++ libdwfl/dwfl_module_build_id.c c67b9be68b69c98f6fd1024f521acdab0678ea02 @@ -73,6 +73,8 @@ found_build_id (Dwfl_Module *mod, bool s return len; } +#define NO_VADDR ((GElf_Addr) -1l) + static int check_notes (Dwfl_Module *mod, bool set, Elf_Data *data, GElf_Addr data_vaddr) { @@ -86,7 +88,7 @@ check_notes (Dwfl_Module *mod, bool set, "GNU", sizeof "GNU")) return found_build_id (mod, set, data->d_buf + desc_pos, nhdr.n_descsz, - data_vaddr == 0 ? 0 : data_vaddr + pos); + data_vaddr == NO_VADDR ? 0 : data_vaddr + pos); return 0; } @@ -129,7 +131,7 @@ __libdwfl_find_build_id (Dwfl_Module *mo if (likely (shdr != NULL) && shdr->sh_type == SHT_NOTE) result = check_notes (mod, set, elf_getdata (scn, NULL), (shdr->sh_flags & SHF_ALLOC) - ? shdr->sh_addr : 0); + ? shdr->sh_addr + mod->main.bias : NO_VADDR); } while (result == 0 && (scn = elf_nextscn (elf, scn)) != NULL); ============================================================ --- libdwfl/dwfl_module_getsym.c 5596a4a3df363bb27759a0c26519b9818475aa80 +++ libdwfl/dwfl_module_getsym.c c1a0448eecebc039393fb884ff7d0684d1d5001f @@ -85,10 +85,7 @@ dwfl_module_getsym (Dwfl_Module *mod, in break; default: - if (mod->e_type != ET_REL) - /* Apply the bias to the symbol value. */ - sym->st_value += mod->symfile->bias; - else + if (mod->e_type == ET_REL) { /* In an ET_REL file, the symbol table values are relative to the section, not to the module's load base. */ @@ -102,6 +99,8 @@ dwfl_module_getsym (Dwfl_Module *mod, in return NULL; } } + /* Apply the bias to the symbol value. */ + sym->st_value += mod->symfile->bias; break; } ============================================================ --- libdwfl/dwfl_report_elf.c d9db919b103fc3411d240f3a096af5e57a3adce6 +++ libdwfl/dwfl_report_elf.c ee4a17cd0e3bf27c306b484ab38c34a7de2b7c0e @@ -51,6 +51,14 @@ #include #include + +/* We start every ET_REL module at a moderately aligned boundary. + This keeps the low addresses easy to read compared to a layout + starting at 0 (as when using -e). It also makes it unlikely + that a middle section will have a larger alignment and require + rejiggering (see below). */ +#define REL_MIN_ALIGN ((GElf_Xword) 0x100) + Dwfl_Module * internal_function __libdwfl_report_elf (Dwfl *dwfl, const char *name, const char *file_name, @@ -72,41 +80,91 @@ __libdwfl_report_elf (Dwfl *dwfl, const By updating the section header in place, we leave the layout information to be found by relocation. */ - start = end = base; + start = end = base = (base + REL_MIN_ALIGN - 1) & -REL_MIN_ALIGN; + bool first = true; Elf_Scn *scn = NULL; while ((scn = elf_nextscn (elf, scn)) != NULL) { GElf_Shdr shdr_mem; GElf_Shdr *shdr = gelf_getshdr (scn, &shdr_mem); - if (shdr == NULL) + if (unlikely (shdr == NULL)) goto elf_error; if (shdr->sh_flags & SHF_ALLOC) { const GElf_Xword align = shdr->sh_addralign ?: 1; - if (shdr->sh_addr == 0 || (bias == 0 && end > start)) + const GElf_Addr next = (end + align - 1) & -align; + if (shdr->sh_addr == 0 + /* Once we've started doing layout we have to do it all, + unless we just layed out the first section at 0 when + it already was at 0. */ + || (bias == 0 && end > start && end != next)) { - shdr->sh_addr = (end + align - 1) & -align; + shdr->sh_addr = next; if (end == base) /* This is the first section assigned a location. Use its aligned address as the module's base. */ - start = shdr->sh_addr; + start = base = shdr->sh_addr; + else if (unlikely (base & (align - 1))) + { + /* If BASE has less than the maximum alignment of + any section, we eat more than the optimal amount + of padding and so make the module's apparent + size come out larger than it would when placed + at zero. So reset the layout with a better base. */ + + start = end = base = (base + align - 1) & -align; + Elf_Scn *prev_scn = NULL; + do + { + prev_scn = elf_nextscn (elf, prev_scn); + GElf_Shdr prev_shdr_mem; + GElf_Shdr *prev_shdr = gelf_getshdr (prev_scn, + &prev_shdr_mem); + if (unlikely (prev_shdr == NULL)) + goto elf_error; + if (prev_shdr->sh_flags & SHF_ALLOC) + { + const GElf_Xword prev_align + = prev_shdr->sh_addralign ?: 1; + + prev_shdr->sh_addr + = (end + prev_align - 1) & -prev_align; + end = prev_shdr->sh_addr + prev_shdr->sh_size; + + if (unlikely (! gelf_update_shdr (prev_scn, + prev_shdr))) + goto elf_error; + } + } + while (prev_scn != scn); + continue; + } + end = shdr->sh_addr + shdr->sh_size; - if (shdr->sh_addr == 0) - /* This is a marker that this was resolved to zero, - to prevent a callback. */ - shdr->sh_offset = 0; - if (! gelf_update_shdr (scn, shdr)) + if (likely (shdr->sh_addr != 0) + && unlikely (! gelf_update_shdr (scn, shdr))) goto elf_error; } else { - if (bias == 0 || end < shdr->sh_addr + shdr->sh_size) + /* The address is already assigned. Just track it. */ + if (first || end < shdr->sh_addr + shdr->sh_size) end = shdr->sh_addr + shdr->sh_size; - if (bias == 0 || bias > shdr->sh_addr) + if (first || bias > shdr->sh_addr) + /* This is the lowest address in the module. */ bias = shdr->sh_addr; + + if ((shdr->sh_addr - bias + base) & (align - 1)) + /* This section winds up misaligned using BASE. + Adjust BASE upwards to make it congruent to + the lowest section address in the file modulo ALIGN. */ + base = (((base + align - 1) & -align) + + (bias & (align - 1))); } + + first = false; } } @@ -117,7 +175,7 @@ __libdwfl_report_elf (Dwfl *dwfl, const Now just compute the bias from the requested base. */ start = base; end = end - bias + start; - bias -= start; + bias = start - bias; } break; @@ -133,7 +191,7 @@ __libdwfl_report_elf (Dwfl *dwfl, const for (uint_fast16_t i = 0; i < ehdr->e_phnum; ++i) { GElf_Phdr phdr_mem, *ph = gelf_getphdr (elf, i, &phdr_mem); - if (ph == NULL) + if (unlikely (ph == NULL)) goto elf_error; if (ph->p_type == PT_LOAD) { @@ -148,7 +206,7 @@ __libdwfl_report_elf (Dwfl *dwfl, const for (uint_fast16_t i = ehdr->e_phnum; i-- > 0;) { GElf_Phdr phdr_mem, *ph = gelf_getphdr (elf, i, &phdr_mem); - if (ph == NULL) + if (unlikely (ph == NULL)) goto elf_error; if (ph->p_type == PT_LOAD) { ============================================================ --- libdwfl/offline.c 1508fb5c96e46f5bf3bbdaa0e18921243cf2ab8b +++ libdwfl/offline.c d8dc43d35ecff3200099ec421a93cfadbd5a2e17 @@ -53,8 +53,9 @@ /* Since dwfl_report_elf lays out the sections already, this will only be called when the section headers of the debuginfo file are being - consulted instead. With binutils strip-to-debug, the symbol table is in - the debuginfo file and relocation looks there. */ + consulted instead, or for the section placed at 0. With binutils + strip-to-debug, the symbol table is in the debuginfo file and relocation + looks there. */ int dwfl_offline_section_address (Dwfl_Module *mod, void **userdata __attribute__ ((unused)), @@ -69,6 +70,11 @@ dwfl_offline_section_address (Dwfl_Modul assert (shdr->sh_addr == 0); assert (shdr->sh_flags & SHF_ALLOC); + if (mod->debug.elf == NULL) + /* We are only here because sh_addr is zero even though layout is complete. + The first section in the first file under -e is placed at 0. */ + return 0; + /* The section numbers might not match between the two files. The best we can rely on is the order of SHF_ALLOC sections. */ ============================================================ --- libdwfl/relocate.c 5a08921fcd4b957b0d768e7a140eb5187dcaf69e +++ libdwfl/relocate.c 51258c3bf6a18602dbd3fd2d8b721d4f7a9aef60 @@ -64,9 +64,7 @@ __libdwfl_relocate_value (Dwfl_Module *m if (refshdr == NULL) return DWFL_E_LIBELF; - if (refshdr->sh_addr == 0 - && (refshdr->sh_flags & SHF_ALLOC) - && refshdr->sh_offset != 0) + if (refshdr->sh_addr == 0 && (refshdr->sh_flags & SHF_ALLOC)) { /* This is a loaded section. Find its actual address and update the section header. */ @@ -89,13 +87,11 @@ __libdwfl_relocate_value (Dwfl_Module *m don't really care. */ refshdr->sh_addr = 0; /* Make no adjustment below. */ - /* Mark it so we don't check it again for the next relocation. */ - refshdr->sh_offset = 0; - /* Update the in-core file's section header to show the final load address (or unloadedness). This serves as a cache, so we won't get here again for the same section. */ - if (unlikely (! gelf_update_shdr (refscn, refshdr))) + if (likely (refshdr->sh_addr != 0) + && unlikely (! gelf_update_shdr (refscn, refshdr))) return DWFL_E_LIBELF; } @@ -202,7 +198,7 @@ __libdwfl_relocate (Dwfl_Module *mod, El /* Look at each section in the debuginfo file, and process the relocation sections for debugging sections. */ - Dwfl_Error result = DWFL_E_NO_DWARF; + Dwfl_Error result = DWFL_E_NOERROR; Elf_Scn *scn = NULL; while ((scn = elf_nextscn (debugfile, scn)) != NULL) { @@ -369,7 +365,6 @@ __libdwfl_relocate (Dwfl_Module *mod, El if (reldata == NULL) return DWFL_E_LIBELF; - result = DWFL_E_NOERROR; size_t nrels = shdr->sh_size / shdr->sh_entsize; if (shdr->sh_type == SHT_REL) for (size_t relidx = 0; !result && relidx < nrels; ++relidx) ============================================================ --- src/ChangeLog 18c1d13eb93bea8ea545811e1513cfa8fa207fa5 +++ src/ChangeLog 026cfbde5f235e169ca1aa4c5be156090254d137 @@ -1,3 +1,7 @@ +2007-10-16 Roland McGrath + + * readelf.c (hex_dump): Fix rounding error in whitespace calculation. + 2007-10-15 Roland McGrath * make-debug-archive.in: New file. ============================================================ --- src/readelf.c a0d9bd8c3fb36429895ee314dd3a874af3f8866e +++ src/readelf.c 06970982eff8d85287725619dd9eefc51c1bf1c0 @@ -5888,7 +5888,7 @@ hex_dump (const uint8_t *data, size_t le printf ("%02x", data[pos + i]); if (chunk < 16) - printf ("%*s", (int) ((16 - chunk) * 2 + (16 - chunk) / 4), ""); + printf ("%*s", (int) ((16 - chunk) * 2 + (16 - chunk + 3) / 4), ""); for (size_t i = 0; i < chunk; ++i) { ============================================================ --- tests/ChangeLog 567abc0255271ddf2937bd3ebc5eebd8e0417d12 +++ tests/ChangeLog 90ef947259192962a6242fab915f10059bef1b0c @@ -1,3 +1,7 @@ +2007-10-16 Roland McGrath + + * test-subr.sh (remove_files): Don't pass -Bb to diff. + 2007-10-09 Roland McGrath * dwflmodtest.c (print_module): Don't use %p in output. ============================================================ --- tests/test-subr.sh 5ba4008367c39437a8e8d6ed0b6757d54bc10f4d +++ tests/test-subr.sh ea1d0339bca3d875076ed15e114e9d47b2ea96e2 @@ -1,5 +1,5 @@ #! /bin/sh -# Copyright (C) 2005 Red Hat, Inc. +# Copyright (C) 2005, 2007 Red Hat, Inc. # This file is part of Red Hat elfutils. # # Red Hat elfutils is free software; you can redistribute it and/or modify @@ -58,7 +58,7 @@ testrun_compare() { outfile="${1##*/}.out" testrun_out $outfile "$@" - diff -Bbu $outfile - + diff -u $outfile - # diff's exit status will kill the script. } Index: elfutils.spec =================================================================== RCS file: /cvs/dist/rpms/elfutils/FC-6/elfutils.spec,v retrieving revision 1.83 retrieving revision 1.84 diff -u -r1.83 -r1.84 --- elfutils.spec 16 Oct 2007 08:38:52 -0000 1.83 +++ elfutils.spec 17 Oct 2007 07:43:35 -0000 1.84 @@ -1,5 +1,5 @@ %define eu_version 0.130 -%define eu_release 1 +%define eu_release 2 %if %{?_with_compat:1}%{!?_with_compat:0} %define compat 1 @@ -35,6 +35,8 @@ Source2: testfile16.symtab.bz2 Source3: testfile16.symtab.debug.bz2 +Patch3: elfutils-0.130-fixes.patch + BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) BuildRequires: bison >= 1.875 @@ -154,6 +156,8 @@ %patch2 -p1 +%patch3 -p0 + %build # Remove -Wall from default flags. The makefiles enable enough warnings # themselves, and they use -Werror. Appending -Wall defeats the cases where @@ -261,6 +265,10 @@ %{_libdir}/libelf.a %changelog +* Wed Oct 17 2007 Roland McGrath - 0.130-2 +- Fix ET_REL support. +- Fix odd indentation in eu-readelf -x output. + * Tue Oct 16 2007 Roland McGrath - 0.130-1 - Update to 0.130 - eu-readelf -p option can take an argument like -x for one section From fedora-cvs-commits at redhat.com Wed Oct 17 07:58:42 2007 From: fedora-cvs-commits at redhat.com (fedora-cvs-commits at redhat.com) Date: Wed, 17 Oct 2007 03:58:42 -0400 Subject: rpms/elfutils/FC-6 elfutils-0.130-fixes.patch, 1.1, 1.2 elfutils.spec, 1.84, 1.85 Message-ID: <200710170758.l9H7wg9G028619@cvs.devel.redhat.com> Author: roland Update of /cvs/dist/rpms/elfutils/FC-6 In directory cvs.devel.redhat.com:/tmp/cvs-serv28603 Modified Files: elfutils-0.130-fixes.patch elfutils.spec Log Message: Move log entries out of patch elfutils-0.130-fixes.patch: 0 files changed Index: elfutils-0.130-fixes.patch =================================================================== RCS file: /cvs/dist/rpms/elfutils/FC-6/elfutils-0.130-fixes.patch,v retrieving revision 1.1 retrieving revision 1.2 diff -u -r1.1 -r1.2 --- elfutils-0.130-fixes.patch 17 Oct 2007 07:43:35 -0000 1.1 +++ elfutils-0.130-fixes.patch 17 Oct 2007 07:58:39 -0000 1.2 @@ -1,85 +1,47 @@ -# -# -# patch "libdwfl/ChangeLog" -# from [5323e83f0ba1ae96c326f6d799ffe684e6f90939] -# to [e8ac39af4808defcc93f6f4e55f092cbdd1089e0] -# -# patch "libdwfl/dwfl_module_build_id.c" -# from [ae14fc9f3be468ffff14b4f6247ad38898705132] -# to [c67b9be68b69c98f6fd1024f521acdab0678ea02] -# -# patch "libdwfl/dwfl_module_getsym.c" -# from [5596a4a3df363bb27759a0c26519b9818475aa80] -# to [c1a0448eecebc039393fb884ff7d0684d1d5001f] -# -# patch "libdwfl/dwfl_report_elf.c" -# from [d9db919b103fc3411d240f3a096af5e57a3adce6] -# to [ee4a17cd0e3bf27c306b484ab38c34a7de2b7c0e] -# -# patch "libdwfl/offline.c" -# from [1508fb5c96e46f5bf3bbdaa0e18921243cf2ab8b] -# to [d8dc43d35ecff3200099ec421a93cfadbd5a2e17] -# -# patch "libdwfl/relocate.c" -# from [5a08921fcd4b957b0d768e7a140eb5187dcaf69e] -# to [51258c3bf6a18602dbd3fd2d8b721d4f7a9aef60] -# -# patch "src/ChangeLog" -# from [18c1d13eb93bea8ea545811e1513cfa8fa207fa5] -# to [026cfbde5f235e169ca1aa4c5be156090254d137] -# -# patch "src/readelf.c" -# from [a0d9bd8c3fb36429895ee314dd3a874af3f8866e] -# to [06970982eff8d85287725619dd9eefc51c1bf1c0] -# -# patch "tests/ChangeLog" -# from [567abc0255271ddf2937bd3ebc5eebd8e0417d12] -# to [90ef947259192962a6242fab915f10059bef1b0c] -# -# patch "tests/test-subr.sh" -# from [5ba4008367c39437a8e8d6ed0b6757d54bc10f4d] -# to [ea1d0339bca3d875076ed15e114e9d47b2ea96e2] -# -============================================================ ---- libdwfl/ChangeLog 5323e83f0ba1ae96c326f6d799ffe684e6f90939 -+++ libdwfl/ChangeLog e8ac39af4808defcc93f6f4e55f092cbdd1089e0 -@@ -1,3 +1,36 @@ -+2007-10-17 Roland McGrath -+ -+ * dwfl_module_getsym.c (dwfl_module_getsym): Apply MOD->symfile->bias -+ to relocated st_value. -+ -+ * dwfl_report_elf.c (__libdwfl_report_elf): Align initial BASE for -+ ET_REL to 0x100. -+ -+2007-10-16 Roland McGrath -+ -+ * dwfl_report_elf.c (__libdwfl_report_elf): Readjust BASE when a later -+ section has larger alignment requirements not met by the original BASE, -+ rather than padding more between sections. -+ -+ * dwfl_report_elf.c (__libdwfl_report_elf): Fix bias calculation. -+ -+ * dwfl_module_build_id.c (__libdwfl_find_build_id): Apply module bias -+ to sh_addr value. -+ -+ * dwfl_report_elf.c (__libdwfl_report_elf): Don't be confused by BASE -+ at zero in ET_REL case. Adjust BASE to necessary alignment. -+ -+ * dwfl_module_build_id.c (check_notes): Take -1, not 0, as stub value -+ for DATA_VADDR. -+ (__libdwfl_find_build_id): Update caller. -+ -+ * relocate.c (__libdwfl_relocate_value): Don't use sh_offset. -+ * dwfl_report_elf.c (__libdwfl_report_elf): Likewise. -+ * offline.c (dwfl_offline_section_address): Bail early if there is -+ separate debug file. -+ -+ * relocate.c (__libdwfl_relocate): Don't return DWFL_E_NO_DWARF. -+ - 2007-10-09 Roland McGrath - - * dwfl_report_elf.c (__libdwfl_report_elf): Clear SHDR->sh_offset when +libdwfl/ +2007-10-17 Roland McGrath + + * dwfl_module_getsym.c (dwfl_module_getsym): Apply MOD->symfile->bias + to relocated st_value. + + * dwfl_report_elf.c (__libdwfl_report_elf): Align initial BASE for + ET_REL to 0x100. + +2007-10-16 Roland McGrath + + * dwfl_report_elf.c (__libdwfl_report_elf): Readjust BASE when a later + section has larger alignment requirements not met by the original BASE, + rather than padding more between sections. + + * dwfl_report_elf.c (__libdwfl_report_elf): Fix bias calculation. + + * dwfl_module_build_id.c (__libdwfl_find_build_id): Apply module bias + to sh_addr value. + + * dwfl_report_elf.c (__libdwfl_report_elf): Don't be confused by BASE + at zero in ET_REL case. Adjust BASE to necessary alignment. + + * dwfl_module_build_id.c (check_notes): Take -1, not 0, as stub value + for DATA_VADDR. + (__libdwfl_find_build_id): Update caller. + + * relocate.c (__libdwfl_relocate_value): Don't use sh_offset. + * dwfl_report_elf.c (__libdwfl_report_elf): Likewise. + * offline.c (dwfl_offline_section_address): Bail early if there is + separate debug file. + + * relocate.c (__libdwfl_relocate): Don't return DWFL_E_NO_DWARF. + +src/ +2007-10-16 Roland McGrath + + * readelf.c (hex_dump): Fix rounding error in whitespace calculation. + +tests/ +2007-10-16 Roland McGrath + + * test-subr.sh (remove_files): Don't pass -Bb to diff. + ============================================================ --- libdwfl/dwfl_module_build_id.c ae14fc9f3be468ffff14b4f6247ad38898705132 +++ libdwfl/dwfl_module_build_id.c c67b9be68b69c98f6fd1024f521acdab0678ea02 @@ -358,17 +320,6 @@ if (shdr->sh_type == SHT_REL) for (size_t relidx = 0; !result && relidx < nrels; ++relidx) ============================================================ ---- src/ChangeLog 18c1d13eb93bea8ea545811e1513cfa8fa207fa5 -+++ src/ChangeLog 026cfbde5f235e169ca1aa4c5be156090254d137 -@@ -1,3 +1,7 @@ -+2007-10-16 Roland McGrath -+ -+ * readelf.c (hex_dump): Fix rounding error in whitespace calculation. -+ - 2007-10-15 Roland McGrath - - * make-debug-archive.in: New file. -============================================================ --- src/readelf.c a0d9bd8c3fb36429895ee314dd3a874af3f8866e +++ src/readelf.c 06970982eff8d85287725619dd9eefc51c1bf1c0 @@ -5888,7 +5888,7 @@ hex_dump (const uint8_t *data, size_t le @@ -381,17 +332,6 @@ for (size_t i = 0; i < chunk; ++i) { ============================================================ ---- tests/ChangeLog 567abc0255271ddf2937bd3ebc5eebd8e0417d12 -+++ tests/ChangeLog 90ef947259192962a6242fab915f10059bef1b0c -@@ -1,3 +1,7 @@ -+2007-10-16 Roland McGrath -+ -+ * test-subr.sh (remove_files): Don't pass -Bb to diff. -+ - 2007-10-09 Roland McGrath - - * dwflmodtest.c (print_module): Don't use %p in output. -============================================================ --- tests/test-subr.sh 5ba4008367c39437a8e8d6ed0b6757d54bc10f4d +++ tests/test-subr.sh ea1d0339bca3d875076ed15e114e9d47b2ea96e2 @@ -1,5 +1,5 @@ Index: elfutils.spec =================================================================== RCS file: /cvs/dist/rpms/elfutils/FC-6/elfutils.spec,v retrieving revision 1.84 retrieving revision 1.85 diff -u -r1.84 -r1.85 --- elfutils.spec 17 Oct 2007 07:43:35 -0000 1.84 +++ elfutils.spec 17 Oct 2007 07:58:39 -0000 1.85 @@ -1,5 +1,5 @@ %define eu_version 0.130 -%define eu_release 2 +%define eu_release 3 %if %{?_with_compat:1}%{!?_with_compat:0} %define compat 1 @@ -265,7 +265,7 @@ %{_libdir}/libelf.a %changelog -* Wed Oct 17 2007 Roland McGrath - 0.130-2 +* Wed Oct 17 2007 Roland McGrath - 0.130-3 - Fix ET_REL support. - Fix odd indentation in eu-readelf -x output. From fedora-cvs-commits at redhat.com Wed Oct 17 15:05:05 2007 From: fedora-cvs-commits at redhat.com (fedora-cvs-commits at redhat.com) Date: Wed, 17 Oct 2007 11:05:05 -0400 Subject: rpms/flac/FC-6 flac-1.1.2-bufferoverflow-fix.diff, NONE, 1.1 flac.spec, 1.22, 1.23 Message-ID: <200710171505.l9HF55uO027228@cvs.devel.redhat.com> Author: bnocera Update of /cvs/dist/rpms/flac/FC-6 In directory cvs.devel.redhat.com:/tmp/cvs-serv27187 Modified Files: flac.spec Added Files: flac-1.1.2-bufferoverflow-fix.diff Log Message: * Wed Oct 17 2007 - Bastien Nocera - 1.1.2-28 - Add patch from Takashi Iwai to fix CVE-2007-4619 (#332581) flac-1.1.2-bufferoverflow-fix.diff: include/share/alloc.h | 212 ++++++++++++++++++++++++++++++++++++++ src/libFLAC++/metadata.cpp | 14 +- src/libFLAC/include/private/md5.h | 2 src/libFLAC/md5.c | 8 + src/libFLAC/memory.c | 30 ++++- src/libFLAC/metadata_iterators.c | 18 +-- src/libFLAC/metadata_object.c | 63 +++++++---- src/libFLAC/stream_decoder.c | 32 +++-- src/libFLAC/stream_encoder.c | 3 src/metaflac/operations.c | 5 src/metaflac/options.c | 19 ++- src/metaflac/utils.c | 5 src/plugin_common/charset.c | 6 + src/plugin_common/tags.c | 34 +++--- src/plugin_winamp2/in_flac.c | 3 src/plugin_winamp2/infobox.c | 5 src/plugin_xmms/plugin.c | 9 + src/share/utf8/charset.c | 3 src/share/utf8/iconvert.c | 9 + src/share/utf8/utf8.c | 44 +++++-- 20 files changed, 421 insertions(+), 103 deletions(-) --- NEW FILE flac-1.1.2-bufferoverflow-fix.diff --- --- src/metaflac/operations.c-dist 2007-10-12 15:41:37.000000000 +0200 +++ src/metaflac/operations.c 2007-10-12 15:41:55.000000000 +0200 @@ -21,6 +21,7 @@ #include "utils.h" #include "FLAC/assert.h" #include "FLAC/metadata.h" +#include "share/alloc.h" #include "share/grabbag.h" #include #include @@ -430,8 +431,8 @@ FLAC__bool do_shorthand_operation__add_r } if( - 0 == (title_gains = (float*)malloc(sizeof(float) * num_files)) || - 0 == (title_peaks = (float*)malloc(sizeof(float) * num_files)) + 0 == (title_gains = (float*)safe_malloc_mul_2op_(sizeof(float), /*times*/num_files)) || + 0 == (title_peaks = (float*)safe_malloc_mul_2op_(sizeof(float), /*times*/num_files)) ) die("out of memory allocating space for title gains/peaks"); --- src/metaflac/options.c-dist 2007-10-12 15:41:37.000000000 +0200 +++ src/metaflac/options.c 2007-10-12 18:05:01.000000000 +0200 @@ -20,6 +20,7 @@ #include "usage.h" #include "utils.h" #include "FLAC/assert.h" +#include "share/alloc.h" #include #include #include @@ -183,7 +184,7 @@ FLAC__bool parse_options(int argc, char if(options->num_files > 0) { unsigned i = 0; - if(0 == (options->filenames = (char**)malloc(sizeof(char*) * options->num_files))) + if(0 == (options->filenames = (char**)safe_malloc_mul_2op_(sizeof(char*), /*times*/options->num_files))) die("out of memory allocating space for file names list"); while(share__optind < argc) options->filenames[i++] = local_strdup(argv[share__optind++]); @@ -662,8 +663,10 @@ void append_new_operation(CommandLineOpt } if(options->ops.capacity <= options->ops.num_operations) { unsigned original_capacity = options->ops.capacity; - options->ops.capacity *= 4; - if(0 == (options->ops.operations = (Operation*)realloc(options->ops.operations, sizeof(Operation) * options->ops.capacity))) + if(options->ops.capacity > SIZE_MAX / 2) /* overflow check */ + die("out of memory allocating space for option list"); + options->ops.capacity *= 2; + if(0 == (options->ops.operations = (Operation*)safe_realloc_mul_2op_(options->ops.operations, sizeof(Operation), /*times*/options->ops.capacity))) die("out of memory allocating space for option list"); memset(options->ops.operations + original_capacity, 0, sizeof(Operation) * (options->ops.capacity - original_capacity)); } @@ -681,8 +684,10 @@ void append_new_argument(CommandLineOpti } if(options->args.capacity <= options->args.num_arguments) { unsigned original_capacity = options->args.capacity; - options->args.capacity *= 4; - if(0 == (options->args.arguments = (Argument*)realloc(options->args.arguments, sizeof(Argument) * options->args.capacity))) + if(options->args.capacity > SIZE_MAX / 2) /* overflow check */ + die("out of memory allocating space for option list"); + options->args.capacity *= 2; + if(0 == (options->args.arguments = (Argument*)safe_realloc_mul_2op_(options->args.arguments, sizeof(Argument), /*times*/options->args.capacity))) die("out of memory allocating space for option list"); memset(options->args.arguments + original_capacity, 0, sizeof(Argument) * (options->args.capacity - original_capacity)); } @@ -898,7 +903,7 @@ FLAC__bool parse_block_number(const char /* make space */ FLAC__ASSERT(out->num_entries > 0); - if(0 == (out->entries = (unsigned*)malloc(sizeof(unsigned) * out->num_entries))) + if(0 == (out->entries = (unsigned*)safe_malloc_mul_2op_(sizeof(unsigned), /*times*/out->num_entries))) die("out of memory allocating space for option list"); /* load 'em up */ @@ -937,7 +942,7 @@ FLAC__bool parse_block_type(const char * /* make space */ FLAC__ASSERT(out->num_entries > 0); - if(0 == (out->entries = (Argument_BlockTypeEntry*)malloc(sizeof(Argument_BlockTypeEntry) * out->num_entries))) + if(0 == (out->entries = (Argument_BlockTypeEntry*)safe_malloc_mul_2op_(sizeof(Argument_BlockTypeEntry), /*times*/out->num_entries))) die("out of memory allocating space for option list"); /* load 'em up */ --- src/metaflac/utils.c-dist 2005-01-25 05:17:20.000000000 +0100 +++ src/metaflac/utils.c 2007-10-12 15:41:55.000000000 +0200 @@ -18,6 +18,7 @@ #include "utils.h" #include "FLAC/assert.h" +#include "share/alloc.h" #include "share/utf8.h" #include #include @@ -53,7 +54,7 @@ char *local_strdup(const char *source) void local_strcat(char **dest, const char *source) { - unsigned ndest, nsource; + size_t ndest, nsource; FLAC__ASSERT(0 != dest); FLAC__ASSERT(0 != source); @@ -64,7 +65,7 @@ void local_strcat(char **dest, const cha if(nsource == 0) return; - *dest = (char*)realloc(*dest, ndest + nsource + 1); + *dest = (char*)safe_realloc_add_3op_(*dest, ndest, /*+*/nsource, /*+*/1); if(0 == *dest) die("out of memory growing string"); strcpy((*dest)+ndest, source); --- src/plugin_xmms/plugin.c-dist 2007-10-12 15:41:37.000000000 +0200 +++ src/plugin_xmms/plugin.c 2007-10-12 15:41:55.000000000 +0200 @@ -425,8 +425,13 @@ void FLAC_XMMS__get_song_info(char *file if(title) { if (source_to_decoder_type (filename) == DECODER_FILE) { static const char *errtitle = "Invalid FLAC File: "; - *title = g_malloc(strlen(errtitle) + 1 + strlen(filename) + 1 + 1); - sprintf(*title, "%s\"%s\"", errtitle, filename); + if(strlen(errtitle) + 1 + strlen(filename) + 1 + 1 < strlen(filename)) { /* overflow check */ + *title = NULL; + } + else { + *title = g_malloc(strlen(errtitle) + 1 + strlen(filename) + 1 + 1); + sprintf(*title, "%s\"%s\"", errtitle, filename); + } } else { *title = NULL; } --- src/share/utf8/utf8.c-dist 2002-11-21 09:41:54.000000000 +0100 +++ src/share/utf8/utf8.c 2007-10-12 15:41:55.000000000 +0200 @@ -2,6 +2,8 @@ * Copyright (C) 2001 Peter Harris * Copyright (C) 2001 Edmund Grimley Evans * + * Buffer overflow checking added: Josh Coalson, 9/9/2007 + * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or @@ -28,6 +30,7 @@ #include #endif +#include "share/alloc.h" #include "utf8.h" #include "charset.h" @@ -43,7 +46,8 @@ static unsigned char *make_utf8_string(const wchar_t *unicode) { - int size = 0, index = 0, out_index = 0; + size_t size = 0, n; + int index = 0, out_index = 0; unsigned char *out; unsigned short c; @@ -51,16 +55,19 @@ static unsigned char *make_utf8_string(c c = unicode[index++]; while(c) { if(c < 0x0080) { - size += 1; + n = 1; } else if(c < 0x0800) { - size += 2; + n = 2; } else { - size += 3; + n = 3; } + if(size+n < size) /* overflow check */ + return NULL; + size += n; c = unicode[index++]; - } + } - out = malloc(size + 1); + out = safe_malloc_add_2op_(size, /*+*/1); if (out == NULL) return NULL; index = 0; @@ -87,7 +94,8 @@ static unsigned char *make_utf8_string(c static wchar_t *make_unicode_string(const unsigned char *utf8) { - int size = 0, index = 0, out_index = 0; + size_t size = 0; + int index = 0, out_index = 0; wchar_t *out; unsigned char c; @@ -101,11 +109,15 @@ static wchar_t *make_unicode_string(cons } else { index += 1; } - size += 1; + if(size + 1 == 0) /* overflow check */ + return NULL; + size++; c = utf8[index++]; - } + } - out = malloc((size + 1) * sizeof(wchar_t)); + if(size + 1 == 0) /* overflow check */ + return NULL; + out = safe_malloc_mul_2op_(size+1, /*times*/sizeof(wchar_t)); if (out == NULL) return NULL; index = 0; @@ -147,7 +159,10 @@ int utf8_encode(const char *from, char * return -1; } - unicode = calloc(wchars + 1, sizeof(unsigned short)); + if(wchars < 0) /* underflow check */ + return -1; + + unicode = safe_calloc_((size_t)wchars + 1, sizeof(unsigned short)); if(unicode == NULL) { fprintf(stderr, "Out of memory processing string to UTF8\n"); @@ -190,6 +205,9 @@ int utf8_decode(const char *from, char * chars = WideCharToMultiByte(GetConsoleCP(), WC_COMPOSITECHECK, unicode, -1, NULL, 0, NULL, NULL); + if(chars < 0) /* underflow check */ + return -1; + if(chars == 0) { fprintf(stderr, "Unicode translation error %d\n", GetLastError()); @@ -197,7 +215,7 @@ int utf8_decode(const char *from, char * return -1; } - *to = calloc(chars + 1, sizeof(unsigned char)); + *to = safe_calloc_((size_t)chars + 1, sizeof(unsigned char)); if(*to == NULL) { fprintf(stderr, "Out of memory processing string to local charset\n"); @@ -285,7 +303,7 @@ static int convert_string(const char *fr if (ret != -1) return ret; - s = malloc(fromlen + 1); + s = safe_malloc_add_2op_(fromlen, /*+*/1); if (!s) return -1; strcpy(s, from); --- src/share/utf8/charset.c-dist 2002-12-04 07:41:50.000000000 +0100 +++ src/share/utf8/charset.c 2007-10-12 15:41:55.000000000 +0200 @@ -35,6 +35,7 @@ #include +#include "share/alloc.h" #include "charset.h" #include "charmaps.h" @@ -492,7 +493,7 @@ int charset_convert(const char *fromcode if (!charset1 || !charset2 ) return -1; - tobuf = (char *)malloc(fromlen * charset2->max + 1); + tobuf = (char *)safe_malloc_mul2add_(fromlen, /*times*/charset2->max, /*+*/1); if (!tobuf) return -2; --- src/share/utf8/iconvert.c-dist 2002-12-23 19:41:45.000000000 +0100 +++ src/share/utf8/iconvert.c 2007-10-12 15:41:55.000000000 +0200 @@ -27,6 +27,7 @@ #include #include #include +#include "share/alloc.h" /* * Convert data from one encoding to another. Return: @@ -79,7 +80,7 @@ int iconvert(const char *fromcode, const * This is deliberately not a config option as people often * change their iconv library without rebuilding applications. */ - tocode1 = (char *)malloc(strlen(tocode) + 11); + tocode1 = (char *)safe_malloc_add_2op_(strlen(tocode), /*+*/11); if (!tocode1) goto fail; @@ -117,6 +118,8 @@ int iconvert(const char *fromcode, const break; if (obl < 6) { /* Enlarge the buffer */ + if(utflen*2 < utflen) /* overflow check */ + goto fail; utflen *= 2; newbuf = (char *)realloc(utfbuf, utflen); if (!newbuf) @@ -143,7 +146,7 @@ int iconvert(const char *fromcode, const iconv_close(cd1); return ret; } - newbuf = (char *)realloc(utfbuf, (ob - utfbuf) + 1); + newbuf = (char *)safe_realloc_add_2op_(utfbuf, (ob - utfbuf), /*+*/1); if (!newbuf) goto fail; ob = (ob - utfbuf) + newbuf; @@ -194,7 +197,7 @@ int iconvert(const char *fromcode, const outlen += ob - tbuf; /* Convert from UTF-8 for real */ - outbuf = (char *)malloc(outlen + 1); + outbuf = (char *)safe_malloc_add_2op_(outlen, /*+*/1); if (!outbuf) goto fail; ib = utfbuf; --- src/plugin_winamp2/infobox.c-dist 2005-01-30 16:10:57.000000000 +0100 +++ src/plugin_winamp2/infobox.c 2007-10-12 15:42:00.000000000 +0200 @@ -19,6 +19,7 @@ #include #include #include "FLAC/all.h" +#include "share/alloc.h" #include "plugin_common/all.h" #include "infobox.h" #include "config.h" @@ -70,7 +71,7 @@ static void LoadGenres() hFile = CreateFile(buffer, GENERIC_READ, FILE_SHARE_READ, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL); if (hFile == INVALID_HANDLE_VALUE) return; genresSize = GetFileSize(hFile, 0); - if (genresSize && (genres = (char*)malloc(genresSize+2))) + if (genresSize && (genres = (char*)safe_malloc_add_2op_(genresSize, /*+*/2))) { if (!ReadFile(hFile, genres, genresSize, &spam, NULL) || spam!=genresSize) { @@ -183,7 +184,7 @@ static wchar_t *AnsiToWide(const char *s len = strlen(src) + 1; /* copy */ - dest = (wchar_t*)malloc(len*sizeof(wchar_t)); + dest = (wchar_t*)safe_malloc_mul_2op_(len, /*times*/sizeof(wchar_t)); if (dest) mbstowcs(dest, src, len); return dest; } --- src/plugin_winamp2/in_flac.c-dist 2005-02-02 05:50:00.000000000 +0100 +++ src/plugin_winamp2/in_flac.c 2007-10-12 15:42:00.000000000 +0200 @@ -19,6 +19,7 @@ #include #include +#include "share/alloc.h" #include "winamp2/in2.h" #include "config.h" #include "infobox.h" @@ -274,7 +275,7 @@ static T_CHAR *get_tag(const T_CHAR *tag if (!tag) return 0; /* Vorbis comment names must be ASCII, so convert 'tag' first */ - tagname = malloc(wcslen(tag)+1); + tagname = safe_malloc_add_2op_(wcslen(tag), /*+*/1); for(p=tagname;*tag;) { if(*tag > 0x7d) { free(tagname); --- src/libFLAC/md5.c-dist 2004-07-23 03:13:06.000000000 +0200 +++ src/libFLAC/md5.c 2007-10-12 17:26:20.000000000 +0200 @@ -230,7 +230,13 @@ FLAC__MD5Accumulate(struct FLAC__MD5Cont unsigned channel, sample, a_byte; FLAC__int32 a_word; FLAC__byte *buf_; - const unsigned bytes_needed = channels * samples * bytes_per_sample; + const size_t bytes_needed = (size_t)channels * (size_t)samples * (size_t)bytes_per_sample; + + /* overflow check */ + if((size_t)channels > SIZE_MAX / (size_t)bytes_per_sample) + return false; + if((size_t)channels * (size_t)bytes_per_sample > SIZE_MAX / (size_t)samples) + return false; if(ctx->capacity < bytes_needed) { FLAC__byte *tmp = (FLAC__byte*)realloc(ctx->internal_buf, bytes_needed); --- src/libFLAC/metadata_iterators.c-dist 2007-10-12 15:41:37.000000000 +0200 +++ src/libFLAC/metadata_iterators.c 2007-10-12 17:58:31.000000000 +0200 @@ -48,6 +48,7 @@ #include "FLAC/assert.h" #include "FLAC/file_decoder.h" +#include "share/alloc.h" #ifdef max #undef max @@ -1922,6 +1923,9 @@ FLAC__Metadata_SimpleIteratorStatus read if(read_cb(block->id, 1, id_bytes, handle) != id_bytes) return FLAC__METADATA_SIMPLE_ITERATOR_STATUS_READ_ERROR; + if(block_length < id_bytes) + return FLAC__METADATA_SIMPLE_ITERATOR_STATUS_READ_ERROR; + block_length -= id_bytes; if(block_length == 0) { @@ -1949,7 +1953,7 @@ FLAC__Metadata_SimpleIteratorStatus read if(block->num_points == 0) block->points = 0; - else if(0 == (block->points = (FLAC__StreamMetadata_SeekPoint*)malloc(block->num_points * sizeof(FLAC__StreamMetadata_SeekPoint)))) + else if(0 == (block->points = (FLAC__StreamMetadata_SeekPoint*)safe_malloc_mul_2op_(block->num_points, /*times*/sizeof(FLAC__StreamMetadata_SeekPoint)))) return FLAC__METADATA_SIMPLE_ITERATOR_STATUS_MEMORY_ALLOCATION_ERROR; for(i = 0; i < block->num_points; i++) { @@ -1982,7 +1986,7 @@ FLAC__Metadata_SimpleIteratorStatus read entry->entry = 0; } else { - if(0 == (entry->entry = (FLAC__byte*)malloc(entry->length+1))) + if(0 == (entry->entry = (FLAC__byte*)safe_malloc_add_2op_(entry->length, /*+*/1))) return FLAC__METADATA_SIMPLE_ITERATOR_STATUS_MEMORY_ALLOCATION_ERROR; if(read_cb(entry->entry, 1, entry->length, handle) != entry->length) @@ -2013,7 +2017,7 @@ FLAC__Metadata_SimpleIteratorStatus read if(block->num_comments == 0) { block->comments = 0; } - else if(0 == (block->comments = (FLAC__StreamMetadata_VorbisComment_Entry*)calloc(block->num_comments, sizeof(FLAC__StreamMetadata_VorbisComment_Entry)))) + else if(0 == (block->comments = (FLAC__StreamMetadata_VorbisComment_Entry*)safe_calloc_(block->num_comments, sizeof(FLAC__StreamMetadata_VorbisComment_Entry)))) return FLAC__METADATA_SIMPLE_ITERATOR_STATUS_MEMORY_ALLOCATION_ERROR; for(i = 0; i < block->num_comments; i++) { @@ -2068,7 +2072,7 @@ FLAC__Metadata_SimpleIteratorStatus read if(track->num_indices == 0) { track->indices = 0; } - else if(0 == (track->indices = (FLAC__StreamMetadata_CueSheet_Index*)calloc(track->num_indices, sizeof(FLAC__StreamMetadata_CueSheet_Index)))) + else if(0 == (track->indices = (FLAC__StreamMetadata_CueSheet_Index*)safe_calloc_(track->num_indices, sizeof(FLAC__StreamMetadata_CueSheet_Index)))) return FLAC__METADATA_SIMPLE_ITERATOR_STATUS_MEMORY_ALLOCATION_ERROR; for(i = 0; i < track->num_indices; i++) { @@ -2128,7 +2132,7 @@ FLAC__Metadata_SimpleIteratorStatus read if(block->num_tracks == 0) { block->tracks = 0; } - else if(0 == (block->tracks = (FLAC__StreamMetadata_CueSheet_Track*)calloc(block->num_tracks, sizeof(FLAC__StreamMetadata_CueSheet_Track)))) + else if(0 == (block->tracks = (FLAC__StreamMetadata_CueSheet_Track*)safe_calloc_(block->num_tracks, sizeof(FLAC__StreamMetadata_CueSheet_Track)))) return FLAC__METADATA_SIMPLE_ITERATOR_STATUS_MEMORY_ALLOCATION_ERROR; for(i = 0; i < block->num_tracks; i++) { @@ -2812,7 +2816,7 @@ FLAC__bool open_tempfile_(const char *fi { static const char *tempfile_suffix = ".metadata_edit"; if(0 == tempfile_path_prefix) { - if(0 == (*tempfilename = (char*)malloc(strlen(filename) + strlen(tempfile_suffix) + 1))) { + if(0 == (*tempfilename = (char*)safe_malloc_add_3op_(strlen(filename), /*+*/strlen(tempfile_suffix), /*+*/1))) { *status = FLAC__METADATA_SIMPLE_ITERATOR_STATUS_MEMORY_ALLOCATION_ERROR; return false; } @@ -2826,7 +2830,7 @@ FLAC__bool open_tempfile_(const char *fi else p++; - if(0 == (*tempfilename = (char*)malloc(strlen(tempfile_path_prefix) + 1 + strlen(p) + strlen(tempfile_suffix) + 1))) { + if(0 == (*tempfilename = (char*)safe_malloc_add_4op_(strlen(tempfile_path_prefix), /*+*/strlen(p), /*+*/strlen(tempfile_suffix), /*+*/2))) { *status = FLAC__METADATA_SIMPLE_ITERATOR_STATUS_MEMORY_ALLOCATION_ERROR; return false; } --- src/libFLAC/metadata_object.c-dist 2007-10-12 15:41:37.000000000 +0200 +++ src/libFLAC/metadata_object.c 2007-10-12 17:34:40.000000000 +0200 @@ -35,6 +35,7 @@ #include "private/metadata.h" #include "FLAC/assert.h" +#include "share/alloc.h" /**************************************************************************** @@ -47,7 +48,7 @@ static FLAC__bool copy_bytes_(FLAC__byte { if(bytes > 0 && 0 != from) { FLAC__byte *x; - if(0 == (x = (FLAC__byte*)malloc(bytes))) + if(0 == (x = (FLAC__byte*)safe_malloc_(bytes))) return false; memcpy(x, from, bytes); *to = x; @@ -62,7 +63,7 @@ static FLAC__bool copy_bytes_(FLAC__byte static FLAC__bool ensure_null_terminated_(FLAC__byte **entry, unsigned length) { - FLAC__byte *x = (FLAC__byte*)realloc(*entry, length+1); + FLAC__byte *x = (FLAC__byte*)safe_realloc_add_2op_(*entry, length, /*+*/1); if(0 != x) { x[length] = '\0'; *entry = x; @@ -82,7 +83,7 @@ static FLAC__bool copy_vcentry_(FLAC__St else { FLAC__byte *x; FLAC__ASSERT(from->length > 0); - if(0 == (x = (FLAC__byte*)malloc(from->length+1))) + if(0 == (x = (FLAC__byte*)safe_malloc_add_2op_(from->length, /*+*/1))) return false; memcpy(x, from->entry, from->length); x[from->length] = '\0'; @@ -100,7 +101,7 @@ static FLAC__bool copy_track_(FLAC__Stre else { FLAC__StreamMetadata_CueSheet_Index *x; FLAC__ASSERT(from->num_indices > 0); - if(0 == (x = (FLAC__StreamMetadata_CueSheet_Index*)malloc(from->num_indices * sizeof(FLAC__StreamMetadata_CueSheet_Index)))) + if(0 == (x = (FLAC__StreamMetadata_CueSheet_Index*)safe_malloc_mul_2op_(from->num_indices, /*times*/sizeof(FLAC__StreamMetadata_CueSheet_Index)))) return false; memcpy(x, from->indices, from->num_indices * sizeof(FLAC__StreamMetadata_CueSheet_Index)); to->indices = x; @@ -122,7 +123,7 @@ static FLAC__StreamMetadata_SeekPoint *s FLAC__ASSERT(num_points > 0); - object_array = (FLAC__StreamMetadata_SeekPoint*)malloc(num_points * sizeof(FLAC__StreamMetadata_SeekPoint)); + object_array = (FLAC__StreamMetadata_SeekPoint*)safe_malloc_mul_2op_(num_points, /*times*/sizeof(FLAC__StreamMetadata_SeekPoint)); if(0 != object_array) { unsigned i; @@ -155,7 +156,7 @@ static FLAC__StreamMetadata_VorbisCommen { FLAC__ASSERT(num_comments > 0); - return (FLAC__StreamMetadata_VorbisComment_Entry*)calloc(num_comments, sizeof(FLAC__StreamMetadata_VorbisComment_Entry)); + return (FLAC__StreamMetadata_VorbisComment_Entry*)safe_calloc_(num_comments, sizeof(FLAC__StreamMetadata_VorbisComment_Entry)); } static void vorbiscomment_entry_array_delete_(FLAC__StreamMetadata_VorbisComment_Entry *object_array, unsigned num_comments) @@ -294,14 +295,14 @@ static FLAC__StreamMetadata_CueSheet_Ind { FLAC__ASSERT(num_indices > 0); - return (FLAC__StreamMetadata_CueSheet_Index*)calloc(num_indices, sizeof(FLAC__StreamMetadata_CueSheet_Index)); + return (FLAC__StreamMetadata_CueSheet_Index*)safe_calloc_(num_indices, sizeof(FLAC__StreamMetadata_CueSheet_Index)); } static FLAC__StreamMetadata_CueSheet_Track *cuesheet_track_array_new_(unsigned num_tracks) { FLAC__ASSERT(num_tracks > 0); - return (FLAC__StreamMetadata_CueSheet_Track*)calloc(num_tracks, sizeof(FLAC__StreamMetadata_CueSheet_Track)); + return (FLAC__StreamMetadata_CueSheet_Track*)safe_calloc_(num_tracks, sizeof(FLAC__StreamMetadata_CueSheet_Track)); } static void cuesheet_track_array_delete_(FLAC__StreamMetadata_CueSheet_Track *object_array, unsigned num_tracks) @@ -454,6 +455,10 @@ FLAC_API FLAC__StreamMetadata *FLAC__met case FLAC__METADATA_TYPE_PADDING: break; case FLAC__METADATA_TYPE_APPLICATION: + if(to->length < FLAC__STREAM_METADATA_APPLICATION_ID_LEN / 8) { /* underflow check */ + FLAC__metadata_object_delete(to); + return 0; + } memcpy(&to->data.application.id, &object->data.application.id, FLAC__STREAM_METADATA_APPLICATION_ID_LEN / 8); if(!copy_bytes_(&to->data.application.data, object->data.application.data, object->length - FLAC__STREAM_METADATA_APPLICATION_ID_LEN / 8)) { FLAC__metadata_object_delete(to); @@ -462,6 +467,10 @@ FLAC_API FLAC__StreamMetadata *FLAC__met break; case FLAC__METADATA_TYPE_SEEKTABLE: to->data.seek_table.num_points = object->data.seek_table.num_points; + if(to->data.seek_table.num_points > SIZE_MAX / sizeof(FLAC__StreamMetadata_SeekPoint)) { /* overflow check */ + FLAC__metadata_object_delete(to); + return 0; + } if(!copy_bytes_((FLAC__byte**)&to->data.seek_table.points, (FLAC__byte*)object->data.seek_table.points, object->data.seek_table.num_points * sizeof(FLAC__StreamMetadata_SeekPoint))) { FLAC__metadata_object_delete(to); return 0; @@ -788,8 +797,12 @@ FLAC_API FLAC__bool FLAC__metadata_objec return false; } else { - const unsigned old_size = object->data.seek_table.num_points * sizeof(FLAC__StreamMetadata_SeekPoint); - const unsigned new_size = new_num_points * sizeof(FLAC__StreamMetadata_SeekPoint); + const size_t old_size = object->data.seek_table.num_points * sizeof(FLAC__StreamMetadata_SeekPoint); + const size_t new_size = new_num_points * sizeof(FLAC__StreamMetadata_SeekPoint); + + /* overflow check */ + if((size_t)new_num_points > SIZE_MAX / sizeof(FLAC__StreamMetadata_SeekPoint)) + return false; FLAC__ASSERT(object->data.seek_table.num_points > 0); @@ -982,8 +995,12 @@ FLAC_API FLAC__bool FLAC__metadata_objec return false; } else { - const unsigned old_size = object->data.vorbis_comment.num_comments * sizeof(FLAC__StreamMetadata_VorbisComment_Entry); - const unsigned new_size = new_num_comments * sizeof(FLAC__StreamMetadata_VorbisComment_Entry); + const size_t old_size = object->data.vorbis_comment.num_comments * sizeof(FLAC__StreamMetadata_VorbisComment_Entry); + const size_t new_size = new_num_comments * sizeof(FLAC__StreamMetadata_VorbisComment_Entry); + + /* overflow check */ + if((size_t)new_num_comments > SIZE_MAX / sizeof(FLAC__StreamMetadata_VorbisComment_Entry)) + return false; FLAC__ASSERT(object->data.vorbis_comment.num_comments > 0); @@ -1131,7 +1148,7 @@ FLAC_API FLAC__bool FLAC__metadata_objec const size_t nn = strlen(field_name); const size_t nv = strlen(field_value); entry->length = nn + 1 /*=*/ + nv; - if(0 == (entry->entry = (FLAC__byte*)malloc(entry->length+1))) + if(0 == (entry->entry = (FLAC__byte*)safe_malloc_add_4op_(nn, /*+*/1, /*+*/nv, /*+*/1))) return false; memcpy(entry->entry, field_name, nn); entry->entry[nn] = '='; @@ -1158,9 +1175,9 @@ FLAC_API FLAC__bool FLAC__metadata_objec FLAC__ASSERT(0 != eq); if(0 == eq) return false; /* double protection */ - if(0 == (*field_name = (char*)malloc(nn+1))) + if(0 == (*field_name = (char*)safe_malloc_add_2op_(nn, /*+*/1))) return false; - if(0 == (*field_value = (char*)malloc(nv+1))) { + if(0 == (*field_value = (char*)safe_malloc_add_2op_(nv, /*+*/1))) { free(*field_name); return false; } @@ -1290,8 +1307,12 @@ FLAC_API FLAC__bool FLAC__metadata_objec return false; } else { - const unsigned old_size = track->num_indices * sizeof(FLAC__StreamMetadata_CueSheet_Index); - const unsigned new_size = new_num_indices * sizeof(FLAC__StreamMetadata_CueSheet_Index); + const size_t old_size = track->num_indices * sizeof(FLAC__StreamMetadata_CueSheet_Index); + const size_t new_size = new_num_indices * sizeof(FLAC__StreamMetadata_CueSheet_Index); + + /* overflow check */ + if((size_t)new_num_indices > SIZE_MAX / sizeof(FLAC__StreamMetadata_CueSheet_Index)) + return false; FLAC__ASSERT(track->num_indices > 0); @@ -1374,8 +1395,12 @@ FLAC_API FLAC__bool FLAC__metadata_objec return false; } else { - const unsigned old_size = object->data.cue_sheet.num_tracks * sizeof(FLAC__StreamMetadata_CueSheet_Track); - const unsigned new_size = new_num_tracks * sizeof(FLAC__StreamMetadata_CueSheet_Track); + const size_t old_size = object->data.cue_sheet.num_tracks * sizeof(FLAC__StreamMetadata_CueSheet_Track); + const size_t new_size = new_num_tracks * sizeof(FLAC__StreamMetadata_CueSheet_Track); + + /* overflow check */ + if((size_t)new_num_tracks > SIZE_MAX / sizeof(FLAC__StreamMetadata_CueSheet_Track)) + return false; FLAC__ASSERT(object->data.cue_sheet.num_tracks > 0); --- src/libFLAC/stream_encoder.c-dist 2007-10-12 15:41:37.000000000 +0200 +++ src/libFLAC/stream_encoder.c 2007-10-12 17:34:10.000000000 +0200 @@ -35,6 +35,7 @@ #include /* for memcpy() */ #include "FLAC/assert.h" #include "FLAC/stream_decoder.h" +#include "share/alloc.h" #include "protected/stream_encoder.h" #include "private/bitbuffer.h" #include "private/bitmath.h" @@ -836,7 +837,7 @@ FLAC_API FLAC__StreamEncoderState FLAC__ */ encoder->private_->verify.input_fifo.size = encoder->protected_->blocksize; for(i = 0; i < encoder->protected_->channels; i++) { - if(0 == (encoder->private_->verify.input_fifo.data[i] = (FLAC__int32*)malloc(sizeof(FLAC__int32) * encoder->private_->verify.input_fifo.size))) + if(0 == (encoder->private_->verify.input_fifo.data[i] = (FLAC__int32*)safe_malloc_mul_2op_(sizeof(FLAC__int32), encoder->private_->verify.input_fifo.size))) return encoder->protected_->state = FLAC__STREAM_ENCODER_MEMORY_ALLOCATION_ERROR; } encoder->private_->verify.input_fifo.tail = 0; --- src/libFLAC/stream_decoder.c-dist 2007-10-12 15:41:37.000000000 +0200 +++ src/libFLAC/stream_decoder.c 2007-10-12 17:33:29.000000000 +0200 @@ -33,6 +33,7 @@ #include /* for malloc() */ #include /* for memset/memcpy() */ #include "FLAC/assert.h" +#include "share/alloc.h" #include "protected/stream_decoder.h" #include "private/bitbuffer.h" #include "private/bitmath.h" @@ -128,7 +129,7 @@ typedef struct FLAC__StreamDecoderPrivat FLAC__StreamMetadata seek_table; FLAC__bool metadata_filter[128]; /* MAGIC number 128 == total number of metadata block types == 1 << 7 */ FLAC__byte *metadata_filter_ids; - unsigned metadata_filter_ids_count, metadata_filter_ids_capacity; /* units for both are IDs, not bytes */ + size_t metadata_filter_ids_count, metadata_filter_ids_capacity; /* units for both are IDs, not bytes */ FLAC__Frame frame; FLAC__bool cached; /* true if there is a byte in lookahead */ FLAC__CPUInfo cpuinfo; @@ -214,7 +215,7 @@ FLAC_API FLAC__StreamDecoder *FLAC__stre } decoder->private_->metadata_filter_ids_capacity = 16; - if(0 == (decoder->private_->metadata_filter_ids = (FLAC__byte*)malloc((FLAC__STREAM_METADATA_APPLICATION_ID_LEN/8) * decoder->private_->metadata_filter_ids_capacity))) { + if(0 == (decoder->private_->metadata_filter_ids = (FLAC__byte*)safe_malloc_mul_2op_((FLAC__STREAM_METADATA_APPLICATION_ID_LEN/8), decoder->private_->metadata_filter_ids_capacity))) { FLAC__bitbuffer_delete(decoder->private_->input); free(decoder->private_); free(decoder->protected_); @@ -455,7 +456,7 @@ FLAC_API FLAC__bool FLAC__stream_decoder FLAC__ASSERT(0 != decoder->private_->metadata_filter_ids); if(decoder->private_->metadata_filter_ids_count == decoder->private_->metadata_filter_ids_capacity) { - if(0 == (decoder->private_->metadata_filter_ids = (FLAC__byte*)realloc(decoder->private_->metadata_filter_ids, decoder->private_->metadata_filter_ids_capacity * 2))) + if(0 == (decoder->private_->metadata_filter_ids = (FLAC__byte*)safe_realloc_mul_2op_(decoder->private_->metadata_filter_ids, decoder->private_->metadata_filter_ids_capacity, /*times*/2))) return decoder->protected_->state = FLAC__STREAM_DECODER_MEMORY_ALLOCATION_ERROR; decoder->private_->metadata_filter_ids_capacity *= 2; } @@ -512,7 +513,7 @@ FLAC_API FLAC__bool FLAC__stream_decoder FLAC__ASSERT(0 != decoder->private_->metadata_filter_ids); if(decoder->private_->metadata_filter_ids_count == decoder->private_->metadata_filter_ids_capacity) { - if(0 == (decoder->private_->metadata_filter_ids = (FLAC__byte*)realloc(decoder->private_->metadata_filter_ids, decoder->private_->metadata_filter_ids_capacity * 2))) + if(0 == (decoder->private_->metadata_filter_ids = (FLAC__byte*)safe_realloc_mul_2op_(decoder->private_->metadata_filter_ids, decoder->private_->metadata_filter_ids_capacity, /*times*/2))) return decoder->protected_->state = FLAC__STREAM_DECODER_MEMORY_ALLOCATION_ERROR; decoder->private_->metadata_filter_ids_capacity *= 2; } @@ -804,7 +805,7 @@ FLAC__bool allocate_output_(FLAC__Stream * (at negative indices) for alignment purposes; we use 4 * to keep the data well-aligned. */ - tmp = (FLAC__int32*)malloc(sizeof(FLAC__int32)*(size+4)); + tmp = (FLAC__int32*)safe_malloc_muladd2_(sizeof(FLAC__int32), /*times (*/size, /*+*/4/*)*/); if(tmp == 0) { decoder->protected_->state = FLAC__STREAM_DECODER_MEMORY_ALLOCATION_ERROR; return false; @@ -829,7 +830,7 @@ FLAC__bool allocate_output_(FLAC__Stream FLAC__bool has_id_filtered_(FLAC__StreamDecoder *decoder, FLAC__byte *id) { - unsigned i; + size_t i; FLAC__ASSERT(0 != decoder); FLAC__ASSERT(0 != decoder->private_); @@ -947,6 +948,11 @@ FLAC__bool read_metadata_(FLAC__StreamDe if(!FLAC__bitbuffer_read_byte_block_aligned_no_crc(decoder->private_->input, block.data.application.id, FLAC__STREAM_METADATA_APPLICATION_ID_LEN/8, read_callback_, decoder)) return false; /* the read_callback_ sets the state for us */ + if(real_length < FLAC__STREAM_METADATA_APPLICATION_ID_LEN/8) { /* underflow check */ + decoder->protected_->state = FLAC__STREAM_DECODER_MEMORY_ALLOCATION_ERROR;/*@@@@@@ maybe wrong error? need to resync?*/ + return false; + } + real_length -= FLAC__STREAM_METADATA_APPLICATION_ID_LEN/8; if(decoder->private_->metadata_filter_ids_count > 0 && has_id_filtered_(decoder, block.data.application.id)) @@ -1004,7 +1010,7 @@ FLAC__bool read_metadata_(FLAC__StreamDe } decoder->private_->metadata_callback(decoder, &block, decoder->private_->client_data); - /* now we have to free any malloc'ed data in the block */ + /* now we have to free any malloc()ed data in the block */ switch(type) { case FLAC__METADATA_TYPE_PADDING: break; @@ -1132,7 +1138,7 @@ FLAC__bool read_metadata_seektable_(FLAC decoder->private_->seek_table.data.seek_table.num_points = length / FLAC__STREAM_METADATA_SEEKPOINT_LENGTH; /* use realloc since we may pass through here several times (e.g. after seeking) */ - if(0 == (decoder->private_->seek_table.data.seek_table.points = (FLAC__StreamMetadata_SeekPoint*)realloc(decoder->private_->seek_table.data.seek_table.points, decoder->private_->seek_table.data.seek_table.num_points * sizeof(FLAC__StreamMetadata_SeekPoint)))) { + if(0 == (decoder->private_->seek_table.data.seek_table.points = (FLAC__StreamMetadata_SeekPoint*)safe_realloc_mul_2op_(decoder->private_->seek_table.data.seek_table.points, decoder->private_->seek_table.data.seek_table.num_points, /*times*/sizeof(FLAC__StreamMetadata_SeekPoint)))) { decoder->protected_->state = FLAC__STREAM_DECODER_MEMORY_ALLOCATION_ERROR; return false; } @@ -1171,7 +1177,7 @@ FLAC__bool read_metadata_vorbiscomment_( if(!FLAC__bitbuffer_read_raw_uint32_little_endian(decoder->private_->input, &obj->vendor_string.length, read_callback_, decoder)) return false; /* the read_callback_ sets the state for us */ if(obj->vendor_string.length > 0) { - if(0 == (obj->vendor_string.entry = (FLAC__byte*)malloc(obj->vendor_string.length+1))) { + if(0 == (obj->vendor_string.entry = (FLAC__byte*)safe_malloc_add_2op_(obj->vendor_string.length, /*+*/1))) { decoder->protected_->state = FLAC__STREAM_DECODER_MEMORY_ALLOCATION_ERROR; return false; } @@ -1189,7 +1195,7 @@ FLAC__bool read_metadata_vorbiscomment_( /* read comments */ if(obj->num_comments > 0) { - if(0 == (obj->comments = (FLAC__StreamMetadata_VorbisComment_Entry*)malloc(obj->num_comments * sizeof(FLAC__StreamMetadata_VorbisComment_Entry)))) { + if(0 == (obj->comments = (FLAC__StreamMetadata_VorbisComment_Entry*)safe_malloc_mul_2op_(obj->num_comments, /*times*/sizeof(FLAC__StreamMetadata_VorbisComment_Entry)))) { decoder->protected_->state = FLAC__STREAM_DECODER_MEMORY_ALLOCATION_ERROR; return false; } @@ -1198,7 +1204,7 @@ FLAC__bool read_metadata_vorbiscomment_( if(!FLAC__bitbuffer_read_raw_uint32_little_endian(decoder->private_->input, &obj->comments[i].length, read_callback_, decoder)) return false; /* the read_callback_ sets the state for us */ if(obj->comments[i].length > 0) { - if(0 == (obj->comments[i].entry = (FLAC__byte*)malloc(obj->comments[i].length+1))) { + if(0 == (obj->comments[i].entry = (FLAC__byte*)safe_malloc_add_2op_(obj->comments[i].length, /*+*/1))) { decoder->protected_->state = FLAC__STREAM_DECODER_MEMORY_ALLOCATION_ERROR; return false; } @@ -1244,7 +1250,7 @@ FLAC__bool read_metadata_cuesheet_(FLAC_ obj->num_tracks = x; if(obj->num_tracks > 0) { - if(0 == (obj->tracks = (FLAC__StreamMetadata_CueSheet_Track*)calloc(obj->num_tracks, sizeof(FLAC__StreamMetadata_CueSheet_Track)))) { + if(0 == (obj->tracks = (FLAC__StreamMetadata_CueSheet_Track*)safe_calloc_(obj->num_tracks, sizeof(FLAC__StreamMetadata_CueSheet_Track)))) { decoder->protected_->state = FLAC__STREAM_DECODER_MEMORY_ALLOCATION_ERROR; return false; } @@ -1277,7 +1283,7 @@ FLAC__bool read_metadata_cuesheet_(FLAC_ track->num_indices = (FLAC__byte)x; if(track->num_indices > 0) { - if(0 == (track->indices = (FLAC__StreamMetadata_CueSheet_Index*)calloc(track->num_indices, sizeof(FLAC__StreamMetadata_CueSheet_Index)))) { + if(0 == (track->indices = (FLAC__StreamMetadata_CueSheet_Index*)safe_calloc_(track->num_indices, sizeof(FLAC__StreamMetadata_CueSheet_Index)))) { decoder->protected_->state = FLAC__STREAM_DECODER_MEMORY_ALLOCATION_ERROR; return false; } --- src/libFLAC/memory.c-dist 2005-01-25 05:14:49.000000000 +0100 +++ src/libFLAC/memory.c 2007-10-12 17:27:42.000000000 +0200 @@ -31,6 +31,7 @@ #include "private/memory.h" #include "FLAC/assert.h" +#include "share/alloc.h" #ifdef HAVE_CONFIG_H #include @@ -44,10 +45,10 @@ void *FLAC__memory_alloc_aligned(size_t #ifdef FLAC__ALIGN_MALLOC_DATA /* align on 32-byte (256-bit) boundary */ - x = malloc(bytes+31); + x = safe_malloc_add_2op_(bytes, /*+*/31); *aligned_address = (void*)(((unsigned)x + 31) & -32); #else - x = malloc(bytes); + x = safe_malloc_(bytes); *aligned_address = x; #endif return x; @@ -66,7 +67,10 @@ FLAC__bool FLAC__memory_alloc_aligned_in FLAC__ASSERT(0 != aligned_pointer); FLAC__ASSERT(unaligned_pointer != aligned_pointer); - pu = (FLAC__int32*)FLAC__memory_alloc_aligned(sizeof(FLAC__int32) * elements, &u.pv); + if((size_t)elements > SIZE_MAX / sizeof(*pu)) /* overflow check */ + return false; + + pu = (FLAC__int32*)FLAC__memory_alloc_aligned(sizeof(*pu) * (size_t)elements, &u.pv); if(0 == pu) { return false; } @@ -92,7 +96,10 @@ FLAC__bool FLAC__memory_alloc_aligned_ui FLAC__ASSERT(0 != aligned_pointer); FLAC__ASSERT(unaligned_pointer != aligned_pointer); - pu = (FLAC__uint32*)FLAC__memory_alloc_aligned(sizeof(FLAC__uint32) * elements, &u.pv); + if((size_t)elements > SIZE_MAX / sizeof(*pu)) /* overflow check */ + return false; + + pu = (FLAC__uint32*)FLAC__memory_alloc_aligned(sizeof(*pu) * elements, &u.pv); if(0 == pu) { return false; } @@ -118,7 +125,10 @@ FLAC__bool FLAC__memory_alloc_aligned_ui FLAC__ASSERT(0 != aligned_pointer); FLAC__ASSERT(unaligned_pointer != aligned_pointer); - pu = (FLAC__uint64*)FLAC__memory_alloc_aligned(sizeof(FLAC__uint64) * elements, &u.pv); + if((size_t)elements > SIZE_MAX / sizeof(*pu)) /* overflow check */ + return false; + + pu = (FLAC__uint64*)FLAC__memory_alloc_aligned(sizeof(*pu) * elements, &u.pv); if(0 == pu) { return false; } @@ -144,7 +154,10 @@ FLAC__bool FLAC__memory_alloc_aligned_un FLAC__ASSERT(0 != aligned_pointer); FLAC__ASSERT(unaligned_pointer != aligned_pointer); - pu = (unsigned*)FLAC__memory_alloc_aligned(sizeof(unsigned) * elements, &u.pv); + if((size_t)elements > SIZE_MAX / sizeof(*pu)) /* overflow check */ + return false; + + pu = (unsigned*)FLAC__memory_alloc_aligned(sizeof(*pu) * elements, &u.pv); if(0 == pu) { return false; } @@ -172,7 +185,10 @@ FLAC__bool FLAC__memory_alloc_aligned_re FLAC__ASSERT(0 != aligned_pointer); FLAC__ASSERT(unaligned_pointer != aligned_pointer); - pu = (FLAC__real*)FLAC__memory_alloc_aligned(sizeof(FLAC__real) * elements, &u.pv); + if((size_t)elements > SIZE_MAX / sizeof(*pu)) /* overflow check */ + return false; + + pu = (FLAC__real*)FLAC__memory_alloc_aligned(sizeof(*pu) * elements, &u.pv); if(0 == pu) { return false; } --- src/libFLAC/include/private/md5.h-dist 2004-07-23 03:23:14.000000000 +0200 +++ src/libFLAC/include/private/md5.h 2007-10-12 17:39:03.000000000 +0200 @@ -41,7 +41,7 @@ struct FLAC__MD5Context { FLAC__uint32 bytes[2]; FLAC__uint32 in[16]; FLAC__byte *internal_buf; - unsigned capacity; + size_t capacity; }; FLAC_API void FLAC__MD5Init(struct FLAC__MD5Context *context); --- src/plugin_common/charset.c-dist 2005-01-25 05:20:28.000000000 +0100 +++ src/plugin_common/charset.c 2007-10-12 15:42:02.000000000 +0200 @@ -83,6 +83,8 @@ char* FLAC_plugin__charset_convert_strin /* Due to a GLIBC bug, round outbuf_size up to a multiple of 4 */ /* + 1 for nul in case len == 1 */ outsize = ((length + 3) & ~3) + 1; + if(outsize < length) /* overflow check */ + return NULL; out = (char*)malloc(outsize); outleft = outsize - 1; outptr = out; @@ -95,6 +97,10 @@ retry: { case E2BIG: used = outptr - out; + if((outsize - 1) * 2 + 1 <= outsize) { /* overflow check */ + free(out); + return NULL; + } outsize = (outsize - 1) * 2 + 1; out = realloc(out, outsize); outptr = out + used; --- src/plugin_common/tags.c-dist 2005-02-01 06:12:30.000000000 +0100 +++ src/plugin_common/tags.c 2007-10-12 17:41:23.000000000 +0200 @@ -25,15 +25,15 @@ #include "FLAC/metadata.h" -static __inline unsigned local__wide_strlen(const FLAC__uint16 *s) +static __inline size_t local__wide_strlen(const FLAC__uint16 *s) { - unsigned n = 0; + size_t n = 0; while(*s++) n++; return n; } -static __inline unsigned local__utf8len(const FLAC__byte *utf8) +static __inline size_t local__utf8len(const FLAC__byte *utf8) { FLAC__ASSERT(0 != utf8); if ((utf8[0] & 0x80) == 0) @@ -46,9 +46,9 @@ static __inline unsigned local__utf8len( return 0; } -static __inline unsigned local__utf8_to_ucs2(const FLAC__byte *utf8, FLAC__uint16 *ucs2) +static __inline size_t local__utf8_to_ucs2(const FLAC__byte *utf8, FLAC__uint16 *ucs2) { - const unsigned len = local__utf8len(utf8); + const size_t len = local__utf8len(utf8); FLAC__ASSERT(0 != ucs2); @@ -65,7 +65,7 @@ static __inline unsigned local__utf8_to_ static FLAC__uint16 *local__convert_utf8_to_ucs2(const char *src, unsigned length) { FLAC__uint16 *out; - unsigned chars = 0; + size_t chars = 0; FLAC__ASSERT(0 != src); @@ -73,7 +73,7 @@ static FLAC__uint16 *local__convert_utf8 { const char *s, *end; for (s=src, end=src+length; sentry, entry->length + value_len + separator_len + 1))) + if(0 == (new_entry = (FLAC__byte*)safe_realloc_add_4op_(entry->entry, entry->length, /*+*/value_len, /*+*/separator_len, /*+*/1))) return false; memcpy(new_entry+entry->length, separator, separator_len); entry->length += separator_len; --- src/libFLAC++/metadata.cpp-dist 2005-01-25 05:15:48.000000000 +0100 +++ src/libFLAC++/metadata.cpp 2007-10-12 17:42:02.000000000 +0200 @@ -29,6 +29,8 @@ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +#define __STDC_LIMIT_MACROS 1 /* otherwise SIZE_MAX is not defined for c++ */ +#include "share/alloc.h" #include "FLAC++/metadata.h" #include "FLAC/assert.h" #include // for malloc(), free() @@ -568,7 +570,7 @@ clear_entry(); - if(0 == (entry_.entry = (FLAC__byte*)malloc(field_length+1))) { + if(0 == (entry_.entry = (FLAC__byte*)safe_malloc_add_2op_(field_length, /*+*/1))) { is_valid_ = false; } else { @@ -617,7 +619,7 @@ clear_field_value(); - if(0 == (field_value_ = (char *)malloc(field_value_length+1))) { + if(0 == (field_value_ = (char *)safe_malloc_add_2op_(field_value_length, /*+*/1))) { is_valid_ = false; } else { @@ -707,7 +709,7 @@ { clear_entry(); - if(0 == (entry_.entry = (FLAC__byte*)malloc(field_name_length_ + 1 + field_value_length_ + 1))) { + if(0 == (entry_.entry = (FLAC__byte*)safe_malloc_add_4op_(field_name_length_, /*+*/1, /*+*/field_value_length_, /*+*/1))) { is_valid_ = false; } else { @@ -733,7 +735,7 @@ p = (const char *)entry_.entry + entry_.length; field_name_length_ = p - (const char *)entry_.entry; - if(0 == (field_name_ = (char *)malloc(field_name_length_ + 1))) { // +1 for the trailing \0 + if(0 == (field_name_ = (char *)safe_malloc_add_2op_(field_name_length_, /*+*/1))) { // +1 for the trailing \0 is_valid_ = false; return; } @@ -742,14 +744,14 @@ if(entry_.length - field_name_length_ == 0) { field_value_length_ = 0; - if(0 == (field_value_ = (char *)malloc(0))) { + if(0 == (field_value_ = (char *)safe_malloc_(0))) { is_valid_ = false; return; } } else { field_value_length_ = entry_.length - field_name_length_ - 1; - if(0 == (field_value_ = (char *)malloc(field_value_length_ + 1))) { // +1 for the trailing \0 + if(0 == (field_value_ = (char *)safe_malloc_add_2op_(field_value_length_, /*+*/1))) { // +1 for the trailing \0 is_valid_ = false; return; } --- include/share/alloc.h-dist 2007-10-12 15:42:02.000000000 +0200 +++ include/share/alloc.h 2007-10-12 15:42:02.000000000 +0200 @@ -0,0 +1,212 @@ +/* alloc - Convenience routines for safely allocating memory + * Copyright (C) 2007 Josh Coalson + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + */ + +#ifndef FLAC__SHARE__ALLOC_H +#define FLAC__SHARE__ALLOC_H + +#if HAVE_CONFIG_H +# include +#endif + +/* WATCHOUT: for c++ you may have to #define __STDC_LIMIT_MACROS 1 real early + * before #including this file, otherwise SIZE_MAX might not be defined + */ + +#include /* for SIZE_MAX */ +#if !defined _MSC_VER && !defined __MINGW32__ && !defined __EMX__ +#include /* for SIZE_MAX in case limits.h didn't get it */ +#endif +#include /* for size_t, malloc(), etc */ + +#ifndef SIZE_MAX +# ifndef SIZE_T_MAX +# ifdef _MSC_VER +# define SIZE_T_MAX UINT_MAX +# else +# error +# endif +# endif +# define SIZE_MAX SIZE_T_MAX +#endif + +#ifndef FLaC__INLINE +#define FLaC__INLINE +#endif + +/* avoid malloc()ing 0 bytes, see: + * https://www.securecoding.cert.org/confluence/display/seccode/MEM04-A.+Do+not+make+assumptions+about+the+result+of+allocating+0+bytes?focusedCommentId=5407003 +*/ +static FLaC__INLINE void *safe_malloc_(size_t size) +{ + /* malloc(0) is undefined; FLAC src convention is to always allocate */ + if(!size) + size++; + return malloc(size); +} + +static FLaC__INLINE void *safe_calloc_(size_t nmemb, size_t size) +{ + if(!nmemb || !size) + return malloc(1); /* malloc(0) is undefined; FLAC src convention is to always allocate */ + return calloc(nmemb, size); +} + +/*@@@@ there's probably a better way to prevent overflows when allocating untrusted sums but this works for now */ + +static FLaC__INLINE void *safe_malloc_add_2op_(size_t size1, size_t size2) +{ + size2 += size1; + if(size2 < size1) + return 0; + return safe_malloc_(size2); +} + +static FLaC__INLINE void *safe_malloc_add_3op_(size_t size1, size_t size2, size_t size3) +{ + size2 += size1; + if(size2 < size1) + return 0; + size3 += size2; + if(size3 < size2) + return 0; + return safe_malloc_(size3); +} + +static FLaC__INLINE void *safe_malloc_add_4op_(size_t size1, size_t size2, size_t size3, size_t size4) +{ + size2 += size1; + if(size2 < size1) + return 0; + size3 += size2; + if(size3 < size2) + return 0; + size4 += size3; + if(size4 < size3) + return 0; + return safe_malloc_(size4); +} + +static FLaC__INLINE void *safe_malloc_mul_2op_(size_t size1, size_t size2) +#if 0 +needs support for cases where sizeof(size_t) != 4 +{ + /* could be faster #ifdef'ing off SIZEOF_SIZE_T */ + if(sizeof(size_t) == 4) { + if ((double)size1 * (double)size2 < 4294967296.0) + return malloc(size1*size2); + } + return 0; +} +#else +/* better? */ +{ + if(!size1 || !size2) + return malloc(1); /* malloc(0) is undefined; FLAC src convention is to always allocate */ + if(size1 > SIZE_MAX / size2) + return 0; + return malloc(size1*size2); +} +#endif + +static FLaC__INLINE void *safe_malloc_mul_3op_(size_t size1, size_t size2, size_t size3) +{ + if(!size1 || !size2 || !size3) + return malloc(1); /* malloc(0) is undefined; FLAC src convention is to always allocate */ + if(size1 > SIZE_MAX / size2) + return 0; + size1 *= size2; + if(size1 > SIZE_MAX / size3) + return 0; + return malloc(size1*size3); +} + +/* size1*size2 + size3 */ +static FLaC__INLINE void *safe_malloc_mul2add_(size_t size1, size_t size2, size_t size3) +{ + if(!size1 || !size2) + return safe_malloc_(size3); + if(size1 > SIZE_MAX / size2) + return 0; + return safe_malloc_add_2op_(size1*size2, size3); +} + +/* size1 * (size2 + size3) */ +static FLaC__INLINE void *safe_malloc_muladd2_(size_t size1, size_t size2, size_t size3) +{ + if(!size1 || (!size2 && !size3)) + return malloc(1); /* malloc(0) is undefined; FLAC src convention is to always allocate */ + size2 += size3; + if(size2 < size3) + return 0; + return safe_malloc_mul_2op_(size1, size2); +} + +static FLaC__INLINE void *safe_realloc_add_2op_(void *ptr, size_t size1, size_t size2) +{ + size2 += size1; + if(size2 < size1) + return 0; + return realloc(ptr, size2); +} + +static FLaC__INLINE void *safe_realloc_add_3op_(void *ptr, size_t size1, size_t size2, size_t size3) +{ + size2 += size1; + if(size2 < size1) + return 0; + size3 += size2; + if(size3 < size2) + return 0; + return realloc(ptr, size3); +} + +static FLaC__INLINE void *safe_realloc_add_4op_(void *ptr, size_t size1, size_t size2, size_t size3, size_t size4) +{ + size2 += size1; + if(size2 < size1) + return 0; + size3 += size2; + if(size3 < size2) + return 0; + size4 += size3; + if(size4 < size3) + return 0; + return realloc(ptr, size4); +} + +static FLaC__INLINE void *safe_realloc_mul_2op_(void *ptr, size_t size1, size_t size2) +{ + if(!size1 || !size2) + return realloc(ptr, 0); /* preserve POSIX realloc(ptr, 0) semantics */ + if(size1 > SIZE_MAX / size2) + return 0; + return realloc(ptr, size1*size2); +} + +/* size1 * (size2 + size3) */ +static FLaC__INLINE void *safe_realloc_muladd2_(void *ptr, size_t size1, size_t size2, size_t size3) +{ + if(!size1 || (!size2 && !size3)) + return realloc(ptr, 0); /* preserve POSIX realloc(ptr, 0) semantics */ + size2 += size3; + if(size2 < size3) + return 0; + return safe_realloc_mul_2op_(ptr, size1, size2); +} + +#endif Index: flac.spec =================================================================== RCS file: /cvs/dist/rpms/flac/FC-6/flac.spec,v retrieving revision 1.22 retrieving revision 1.23 diff -u -r1.22 -r1.23 --- flac.spec 12 Jul 2006 21:56:40 -0000 1.22 +++ flac.spec 17 Oct 2007 15:05:03 -0000 1.23 @@ -1,13 +1,14 @@ Summary: An encoder/decoder for the Free Lossless Audio Codec. Name: flac Version: 1.1.2 -Release: 27 +Release: 28 License: LGPL/GPL Group: Applications/Multimedia Source: http://prdownloads.sourceforge.net/flac/flac-%{version}.tar.gz Patch1: flac-1.1.2-libtool.patch Patch3: flac-1.1.0-gnu-stack.patch Patch4: flac-1.1.2-noxmms.patch +Patch5: flac-1.1.2-bufferoverflow-fix.diff URL: http://flac.sourceforge.net/ BuildRoot: %{_tmppath}/%{name}-root BuildRequires: glib2-devel, libogg-devel, doxygen, nasm @@ -37,6 +38,7 @@ %patch1 -p1 -b .libtool %patch3 -p1 -b .gnu-stack %patch4 -p1 -b .noxmms +%patch5 -p0 -b .CVE-2007-4619 autoreconf -i -f @@ -76,6 +78,9 @@ %{_datadir}/aclocal/*.m4 %changelog +* Wed Oct 17 2007 - Bastien Nocera - 1.1.2-28 +- Add patch from Takashi Iwai to fix CVE-2007-4619 (#332581) + * Wed Jul 12 2006 Jesse Keating - 1.1.2-27 - rebuild - Try building w/ glib2-devel From fedora-cvs-commits at redhat.com Wed Oct 17 15:15:37 2007 From: fedora-cvs-commits at redhat.com (fedora-cvs-commits at redhat.com) Date: Wed, 17 Oct 2007 11:15:37 -0400 Subject: rpms/flac/FC-6 flac-1.1.2-bufferoverflow-fix.diff,1.1,1.2 Message-ID: <200710171515.l9HFFbZG028121@cvs.devel.redhat.com> Author: bnocera Update of /cvs/dist/rpms/flac/FC-6 In directory cvs.devel.redhat.com:/tmp/cvs-serv28105 Modified Files: flac-1.1.2-bufferoverflow-fix.diff Log Message: Remove winamp bits from the patch flac-1.1.2-bufferoverflow-fix.diff: include/share/alloc.h | 212 ++++++++++++++++++++++++++++++++++++++ src/libFLAC++/metadata.cpp | 14 +- src/libFLAC/include/private/md5.h | 2 src/libFLAC/md5.c | 8 + src/libFLAC/memory.c | 30 ++++- src/libFLAC/metadata_iterators.c | 18 +-- src/libFLAC/metadata_object.c | 63 +++++++---- src/libFLAC/stream_decoder.c | 32 +++-- src/libFLAC/stream_encoder.c | 3 src/metaflac/operations.c | 5 src/metaflac/options.c | 19 ++- src/metaflac/utils.c | 5 src/plugin_common/charset.c | 6 + src/plugin_common/tags.c | 34 +++--- src/plugin_xmms/plugin.c | 9 + src/share/utf8/charset.c | 3 src/share/utf8/iconvert.c | 9 + src/share/utf8/utf8.c | 44 +++++-- 18 files changed, 416 insertions(+), 100 deletions(-) Index: flac-1.1.2-bufferoverflow-fix.diff =================================================================== RCS file: /cvs/dist/rpms/flac/FC-6/flac-1.1.2-bufferoverflow-fix.diff,v retrieving revision 1.1 retrieving revision 1.2 diff -u -r1.1 -r1.2 --- flac-1.1.2-bufferoverflow-fix.diff 17 Oct 2007 15:05:03 -0000 1.1 +++ flac-1.1.2-bufferoverflow-fix.diff 17 Oct 2007 15:15:34 -0000 1.2 @@ -316,53 +316,6 @@ if (!outbuf) goto fail; ib = utfbuf; ---- src/plugin_winamp2/infobox.c-dist 2005-01-30 16:10:57.000000000 +0100 -+++ src/plugin_winamp2/infobox.c 2007-10-12 15:42:00.000000000 +0200 -@@ -19,6 +19,7 @@ - #include - #include - #include "FLAC/all.h" -+#include "share/alloc.h" - #include "plugin_common/all.h" - #include "infobox.h" - #include "config.h" -@@ -70,7 +71,7 @@ static void LoadGenres() - hFile = CreateFile(buffer, GENERIC_READ, FILE_SHARE_READ, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL); - if (hFile == INVALID_HANDLE_VALUE) return; - genresSize = GetFileSize(hFile, 0); -- if (genresSize && (genres = (char*)malloc(genresSize+2))) -+ if (genresSize && (genres = (char*)safe_malloc_add_2op_(genresSize, /*+*/2))) - { - if (!ReadFile(hFile, genres, genresSize, &spam, NULL) || spam!=genresSize) - { -@@ -183,7 +184,7 @@ static wchar_t *AnsiToWide(const char *s - - len = strlen(src) + 1; - /* copy */ -- dest = (wchar_t*)malloc(len*sizeof(wchar_t)); -+ dest = (wchar_t*)safe_malloc_mul_2op_(len, /*times*/sizeof(wchar_t)); - if (dest) mbstowcs(dest, src, len); - return dest; - } ---- src/plugin_winamp2/in_flac.c-dist 2005-02-02 05:50:00.000000000 +0100 -+++ src/plugin_winamp2/in_flac.c 2007-10-12 15:42:00.000000000 +0200 -@@ -19,6 +19,7 @@ - #include - #include - -+#include "share/alloc.h" - #include "winamp2/in2.h" - #include "config.h" - #include "infobox.h" -@@ -274,7 +275,7 @@ static T_CHAR *get_tag(const T_CHAR *tag - if (!tag) - return 0; - /* Vorbis comment names must be ASCII, so convert 'tag' first */ -- tagname = malloc(wcslen(tag)+1); -+ tagname = safe_malloc_add_2op_(wcslen(tag), /*+*/1); - for(p=tagname;*tag;) { - if(*tag > 0x7d) { - free(tagname); --- src/libFLAC/md5.c-dist 2004-07-23 03:13:06.000000000 +0200 +++ src/libFLAC/md5.c 2007-10-12 17:26:20.000000000 +0200 @@ -230,7 +230,13 @@ FLAC__MD5Accumulate(struct FLAC__MD5Cont From fedora-cvs-commits at redhat.com Wed Oct 17 21:34:26 2007 From: fedora-cvs-commits at redhat.com (fedora-cvs-commits at redhat.com) Date: Wed, 17 Oct 2007 17:34:26 -0400 Subject: rpms/kernel/FC-6 linux-2.6-sysfs-deprecated-fix-nested-devices.patch, NONE, 1.1 linux-2.6-x86_64-fix-boot-speed-on-vt.patch, NONE, 1.1 kernel-2.6.spec, 1.3030, 1.3031 Message-ID: <200710172134.l9HLYQet026486@cvs.devel.redhat.com> Author: cebbert Update of /cvs/dist/rpms/kernel/FC-6 In directory cvs.devel.redhat.com:/tmp/cvs-serv26467 Modified Files: kernel-2.6.spec Added Files: linux-2.6-sysfs-deprecated-fix-nested-devices.patch linux-2.6-x86_64-fix-boot-speed-on-vt.patch Log Message: * Tue Oct 16 2007 Chuck Ebbert - sysfs: fix device links - fix boot speed on VT enabled processors linux-2.6-sysfs-deprecated-fix-nested-devices.patch: core.c | 10 +++++++--- 1 files changed, 7 insertions(+), 3 deletions(-) --- NEW FILE linux-2.6-sysfs-deprecated-fix-nested-devices.patch --- Gitweb: http://git.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=3eb215de26e6e94bf5fed9cb77230c383b30e53b Commit: 3eb215de26e6e94bf5fed9cb77230c383b30e53b Parent: 85923b124624eb49ebef4731bb6b5670e792ff57 Author: Dmitry Torokhov AuthorDate: Sun Oct 7 12:22:21 2007 -0400 Committer: Linus Torvalds CommitDate: Sun Oct 7 16:42:22 2007 -0700 Driver core: fix SYSF_DEPRECATED breakage for nested classdevs We should only reparent to a class former class devices that form the base of class hierarchy. Nested devices should still grow from their real parents. Signed-off-by: Dmitry Torokhov Tested-by: Andrey Borzenkov Tested-by: Anssi Hannula Signed-off-by: Linus Torvalds --- drivers/base/core.c | 10 +++++++--- 1 files changed, 7 insertions(+), 3 deletions(-) diff --git a/drivers/base/core.c b/drivers/base/core.c index 67c9258..ec86d6f 100644 --- a/drivers/base/core.c +++ b/drivers/base/core.c @@ -586,9 +586,13 @@ void device_initialize(struct device *dev) static struct kobject * get_device_parent(struct device *dev, struct device *parent) { - /* Set the parent to the class, not the parent device */ - /* this keeps sysfs from having a symlink to make old udevs happy */ - if (dev->class) + /* + * Set the parent to the class, not the parent device + * for topmost devices in class hierarchy. + * This keeps sysfs from having a symlink to make old + * udevs happy + */ + if (dev->class && (!parent || parent->class != dev->class)) return &dev->class->subsys.kobj; else if (parent) return &parent->kobj; linux-2.6-x86_64-fix-boot-speed-on-vt.patch: head.S | 7 +++++++ 1 files changed, 7 insertions(+) --- NEW FILE linux-2.6-x86_64-fix-boot-speed-on-vt.patch --- # HG changeset patch # User Zachary Amsden # Date 1186873093 25200 # Node ID 860481e231876fdd9075a4eeeb2356a12accf07c # Parent 736343323284c1fd93834e8309ecbc8667ab1b35 x86_64: Early segment setup for VT VT is very picky about when it can enter execution. Get all segments setup and get LDT and TR into valid state to allow VT execution under VMware and KVM (untested). This makes the boot decompression run under VT, which makes it several orders of magnitude faster on 64-bit Intel hardware. Before, I was seeing times up to a minute or more to decompress a 1.3MB kernel on a very fast box. Signed-off-by: Zachary Amsden Signed-off-by: Andi Kleen Signed-off-by: Linus Torvalds committer: Linus Torvalds BZ 320111 --- a/arch/x86_64/boot/compressed/head.S Sat Aug 11 15:58:13 2007 -0700 +++ b/arch/x86_64/boot/compressed/head.S Sat Aug 11 15:58:13 2007 -0700 @@ -195,6 +195,11 @@ ENTRY(startup_64) movl %eax, %ds movl %eax, %es movl %eax, %ss + movl %eax, %fs + movl %eax, %gs + lldt %ax + movl $0x20, %eax + ltr %ax /* Compute the decompressed kernel start address. It is where * we were loaded at aligned to a 2M boundary. %rbp contains the @@ -295,6 +300,8 @@ gdt: .quad 0x0000000000000000 /* NULL descriptor */ .quad 0x00af9a000000ffff /* __KERNEL_CS */ .quad 0x00cf92000000ffff /* __KERNEL_DS */ + .quad 0x0080890000000000 /* TS descriptor */ + .quad 0x0000000000000000 /* TS continued */ gdt_end: .bss /* Stack for uncompression */ Index: kernel-2.6.spec =================================================================== RCS file: /cvs/dist/rpms/kernel/FC-6/kernel-2.6.spec,v retrieving revision 1.3030 retrieving revision 1.3031 diff -u -r1.3030 -r1.3031 --- kernel-2.6.spec 16 Oct 2007 18:13:44 -0000 1.3030 +++ kernel-2.6.spec 17 Oct 2007 21:34:23 -0000 1.3031 @@ -553,6 +553,7 @@ Patch350: linux-2.6-devmem.patch Patch370: linux-2.6-crash-driver.patch Patch390: linux-2.6-dev-get-driver-properly.patch +Patch391: linux-2.6-sysfs-deprecated-fix-nested-devices.patch Patch400: linux-2.6-scsi-cpqarray-set-master.patch Patch404: linux-2.6-scsi-mpt-vmware-fix.patch @@ -576,6 +577,7 @@ Patch600: linux-2.6-vm-silence-atomic-alloc-failures.patch Patch601: linux-2.6-input-ff-create-limit-memory.patch Patch602: linux-2.6-x86_64-e820_hole_size.patch +Patch603: linux-2.6-x86_64-fix-boot-speed-on-vt.patch Patch610: linux-2.6-defaults-fat-utf8.patch Patch620: linux-2.6-defaults-unicode-vt.patch @@ -1196,6 +1198,8 @@ # driver core # ApplyPatch linux-2.6-dev-get-driver-properly.patch +# fix deprecated device links +ApplyPatch linux-2.6-sysfs-deprecated-fix-nested-devices.patch # # SCSI Bits. @@ -1248,6 +1252,8 @@ ApplyPatch linux-2.6-input-ff-create-limit-memory.patch # fix sizing of memory holes on x86_64 ApplyPatch linux-2.6-x86_64-e820_hole_size.patch +# fix boot speed on VT enabled processors +ApplyPatch linux-2.6-x86_64-fix-boot-speed-on-vt.patch # Changes to upstream defaults. # Use UTF-8 by default on VFAT. @@ -2279,6 +2285,10 @@ %changelog * Tue Oct 16 2007 Chuck Ebbert +- sysfs: fix device links +- fix boot speed on VT enabled processors + +* Tue Oct 16 2007 Chuck Ebbert - Linux 2.6.22.10 * Thu Sep 27 2007 Chuck Ebbert From fedora-cvs-commits at redhat.com Thu Oct 18 13:37:27 2007 From: fedora-cvs-commits at redhat.com (fedora-cvs-commits at redhat.com) Date: Thu, 18 Oct 2007 09:37:27 -0400 Subject: rpms/netpbm/FC-6 netpbm-10.35-glibc.patch, NONE, 1.1 netpbm-10.27-bmptopnm.patch, 1.4, 1.5 netpbm.spec, 1.86, 1.87 sources, 1.29, 1.30 netpbm-10.22-cmapsize.patch, 1.1, NONE Message-ID: <200710181337.l9IDbRCu028642@cvs.devel.redhat.com> Author: jnovy Update of /cvs/dist/rpms/netpbm/FC-6 In directory cvs.devel.redhat.com:/tmp/cvs-serv28614 Modified Files: netpbm-10.27-bmptopnm.patch netpbm.spec sources Added Files: netpbm-10.35-glibc.patch Removed Files: netpbm-10.22-cmapsize.patch Log Message: * Thu Oct 18 2007 Jindrich Novy 10.35.32-1 - remove .svn directories from tarball to reduce its size - update fixes rhbz#337181 and others * Thu Oct 18 2007 MATSUURA Takanori - 10.35.32-0 - update to 10.35.32 from svn tree - create man pages from userguide HTML files netpbm-10.35-glibc.patch: pnmtotiffcmyk.c | 4 ++-- 1 files changed, 2 insertions(+), 2 deletions(-) --- NEW FILE netpbm-10.35-glibc.patch --- --- netpbm-10.35/converter/other/pnmtotiffcmyk.c.glibc 2006-09-18 12:20:06.000000000 +0200 +++ netpbm-10.35/converter/other/pnmtotiffcmyk.c 2007-08-23 09:18:30.000000000 +0200 @@ -974,8 +974,8 @@ int main( int argc, char **argv ) { if ( (err = parseOpts( argc, argv, rt )) ) goto exit ; - if ( (err = rt->in->open( rt->in, rt )) ) goto exit ; - if ( (err = rt->out->open( rt->out, rt )) ) goto exit ; + if ( (err = (rt->in->open)( rt->in, rt )) ) goto exit ; + if ( (err = (rt->out->open)( rt->out, rt )) ) goto exit ; while ( rt->in->hasMore( rt->in ) ) { if ( (err = rt->in->next( rt->in, &r, &g, &b )) ) goto exit ; netpbm-10.27-bmptopnm.patch: bmptopnm.c | 2 +- 1 files changed, 1 insertion(+), 1 deletion(-) Index: netpbm-10.27-bmptopnm.patch =================================================================== RCS file: /cvs/dist/rpms/netpbm/FC-6/netpbm-10.27-bmptopnm.patch,v retrieving revision 1.4 retrieving revision 1.5 diff -u -r1.4 -r1.5 --- netpbm-10.27-bmptopnm.patch 29 Jan 2007 13:51:18 -0000 1.4 +++ netpbm-10.27-bmptopnm.patch 18 Oct 2007 13:37:25 -0000 1.5 @@ -9,11 +9,3 @@ unsigned int pos; /* Current byte position in the BMP file */ -@@ -1278,7 +1278,6 @@ readBmp(FILE * const ifP, - BMPreadfileheader(ifP, &bytesRead, &offBits); - pos += bytesRead; - } -- if(BMPheader.cmapsize != 0) - { - unsigned int bytesRead; - BMPreadinfoheader(ifP, &bytesRead, &BMPheader); Index: netpbm.spec =================================================================== RCS file: /cvs/dist/rpms/netpbm/FC-6/netpbm.spec,v retrieving revision 1.86 retrieving revision 1.87 diff -u -r1.86 -r1.87 --- netpbm.spec 16 Jul 2007 11:48:15 -0000 1.86 +++ netpbm.spec 18 Oct 2007 13:37:25 -0000 1.87 @@ -1,17 +1,19 @@ Summary: A library for handling different graphics file formats Name: netpbm -Version: 10.35 -Release: 10%{?dist} +Version: 10.35.32 +Release: 1%{?dist} License: Assorted licenses, see %{_docdir}/%{name}-%{version}/copyright_summary Group: System Environment/Libraries URL: http://netpbm.sourceforge.net/ -Source0: netpbm-%{version}.l1.tar.bz2 -Source1: netpbmdoc-%{version}.l1.tar.bz2 +# Source0 is prepared by +# svn checkout https://netpbm.svn.sourceforge.net/svnroot/netpbm/stable netpbm-%{nersion} +# svn checkout https://netpbm.svn.sourceforge.net/svnroot/netpbm/userguide netpbm-%{nersion}/userguide +# and removing the .svn directories +Source0: netpbm-%{version}.tar.bz2 Patch1: netpbm-10.17-time.patch Patch2: netpbm-9.24-strip.patch Patch3: netpbm-10.19-message.patch Patch4: netpbm-10.22-security2.patch -Patch5: netpbm-10.22-cmapsize.patch Patch6: netpbm-10.23-security.patch Patch7: netpbm-10.24-nodoc.patch Patch8: netpbm-10.28-gcc4.patch @@ -24,9 +26,10 @@ Patch15: netpbm-10.35-ppmquantall.patch Patch16: netpbm-10.35-pbmtog3segfault.patch Patch17: netpbm-10.35-pbmtomacp.patch +Patch18: netpbm-10.35-glibc.patch Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) BuildRequires: libjpeg-devel, libpng-devel, libtiff-devel, flex -BuildRequires: libX11-devel +BuildRequires: libX11-devel xorg-x11-server-utils python %description The netpbm package contains a library of functions which support @@ -69,7 +72,6 @@ %patch2 -p1 -b .strip %patch3 -p1 -b .message %patch4 -p1 -b .security2 -%patch5 -p1 -b .cmapsize %patch6 -p1 -b .security %patch7 -p1 -b .nodoc %patch8 -p1 -b .gcc4 @@ -82,6 +84,7 @@ %patch15 -p1 -b .pqall %patch16 -p1 -b .pbmtog3segfault %patch17 -p1 -b .pbmtomacp +%patch18 -p1 -b .glibc ##mv shhopt/shhopt.h shhopt/pbmshhopt.h ##perl -pi -e 's|shhopt.h|pbmshhopt.h|g' `find -name "*.c" -o -name "*.h"` ./GNUmakefile @@ -125,6 +128,17 @@ X11LIB=%{_libdir}/libX11.so \ XML2LIBS="NONE" +# prepare man files +cd userguide +for i in *.html ; do + ../buildtools/makeman ${i} +done +for i in 1 3 5 ; do + mkdir -p man/man${i} + mv *.${i} man/man${i} +done + + %install rm -rf $RPM_BUILD_ROOT @@ -140,8 +154,8 @@ cp -af lib/libnetpbm.a $RPM_BUILD_ROOT%{_libdir}/libnetpbm.a ln -sf libnetpbm.so.10 $RPM_BUILD_ROOT%{_libdir}/libnetpbm.so -mkdir -p $RPM_BUILD_ROOT%{_mandir} -tar jxvf %{SOURCE1} -C $RPM_BUILD_ROOT%{_mandir} +mkdir -p $RPM_BUILD_ROOT%{_datadir} +mv userguide/man $RPM_BUILD_ROOT%{_mandir} # Get rid of the useless non-ascii character in pgmminkowski.1 sed -i 's/\xa0//' $RPM_BUILD_ROOT%{_mandir}/man1/pgmminkowski.1 @@ -165,6 +179,8 @@ rm -rf $RPM_BUILD_ROOT/usr/pkginfo rm -rf $RPM_BUILD_ROOT/usr/config_template +# Don't ship the static library +rm -f $RPM_BUILD_ROOT/%{_libdir}/lib*.a %clean rm -rf $RPM_BUILD_ROOT @@ -175,13 +191,12 @@ %files %defattr(-,root,root) -%doc doc/copyright_summary doc/COPYRIGHT.PATENT doc/GPL_LICENSE.txt doc/HISTORY README +%doc doc/copyright_summary doc/COPYRIGHT.PATENT doc/GPL_LICENSE.txt doc/HISTORY README userguide %{_libdir}/lib*.so.* %files devel %defattr(-,root,root) %{_includedir}/*.h -%{_libdir}/lib*.a %{_libdir}/lib*.so %{_mandir}/man3/* %files progs @@ -192,6 +207,14 @@ %{_datadir}/netpbm/ %changelog +* Thu Oct 18 2007 Jindrich Novy 10.35.32-1 +- remove .svn directories from tarball to reduce its size +- update fixes rhbz#337181 and others + +* Thu Oct 18 2007 MATSUURA Takanori - 10.35.32-0 +- update to 10.35.32 from svn tree +- create man pages from userguide HTML files + * Mon Jul 16 2007 Jindrich Novy 10.35-10 - package map files needed by pnmtopalm (#244983) - fix pgmminkowski.1 man page Index: sources =================================================================== RCS file: /cvs/dist/rpms/netpbm/FC-6/sources,v retrieving revision 1.29 retrieving revision 1.30 diff -u -r1.29 -r1.30 --- sources 18 Sep 2006 11:55:07 -0000 1.29 +++ sources 18 Oct 2007 13:37:25 -0000 1.30 @@ -1,2 +1 @@ -90a5855e3f08bce4c239ffd205df2a37 netpbm-10.35.l1.tar.bz2 -8a76bd4a10ba0dd122e7fee759a2bdab netpbmdoc-10.35.l1.tar.bz2 +d816dd084194f2e7ccf7ab97ee89b155 netpbm-10.35.32.tar.bz2 --- netpbm-10.22-cmapsize.patch DELETED --- From fedora-cvs-commits at redhat.com Thu Oct 18 18:36:09 2007 From: fedora-cvs-commits at redhat.com (fedora-cvs-commits at redhat.com) Date: Thu, 18 Oct 2007 14:36:09 -0400 Subject: rpms/libpng/FC-6 libpng-1222-fixes.patch, NONE, 1.1 libpng.spec, 1.39, 1.40 libpng-1.2.8-multilib.patch, 1.1, NONE libpng-rhconf.patch, 1.2, NONE libpng-trns-bug.patch, 1.1, NONE Message-ID: <200710181836.l9IIa9co018824@cvs.devel.redhat.com> Author: tgl Update of /cvs/dist/rpms/libpng/FC-6 In directory cvs.devel.redhat.com:/tmp/cvs-serv18808 Modified Files: libpng.spec Added Files: libpng-1222-fixes.patch Removed Files: libpng-1.2.8-multilib.patch libpng-rhconf.patch libpng-trns-bug.patch Log Message: Back-port critical fixes from libpng 1.2.22, primarily to fix CVE-2007-5269 libpng-1222-fixes.patch: pngpread.c | 16 ++++++++++------ pngrtran.c | 37 +++++++++++++++++++++++-------------- pngrutil.c | 61 ++++++++++++++++++++++++++++++++++++++++++++++++------------- 3 files changed, 81 insertions(+), 33 deletions(-) --- NEW FILE libpng-1222-fixes.patch --- This patch back-ports some critical fixes that were made upstream between libpng releases 1.2.16 and 1.2.22. CVE-2007-5269: prevent potential crashes when reading malformed pCAL, sCAL, tEXt, iTXt, and zTXt chunks, by taking more care with tests for end of chunk. CVE-2007-2445: libpng crashes if CRC error is detected in a grayscale tRNS chunk, because png_handle_tRNS leaves inconsistent state which eventually leads to attempting to free() unallocated memory. (Note: this patch supersedes libpng-trns-bug.patch, which fixed only this problem.) Take care to mask off invalid bits of transparency values. (Not a crash risk but seems worth fixing anyway.) diff -Naur libpng-1.2.10.orig/pngpread.c libpng-1.2.10/pngpread.c --- libpng-1.2.10.orig/pngpread.c 2006-04-23 14:45:34.000000000 -0400 +++ libpng-1.2.10/pngpread.c 2007-10-18 13:50:35.000000000 -0400 @@ -1118,7 +1118,7 @@ for (text = key; *text; text++) /* empty loop */ ; - if (text != key + png_ptr->current_text_size) + if (text < key + png_ptr->current_text_size) text++; text_ptr = (png_textp)png_malloc(png_ptr, @@ -1214,7 +1214,7 @@ /* empty loop */ ; /* zTXt can't have zero text */ - if (text == key + png_ptr->current_text_size) + if (text >= key + png_ptr->current_text_size) { png_ptr->current_text = NULL; png_free(png_ptr, key); @@ -1412,7 +1412,7 @@ for (lang = key; *lang; lang++) /* empty loop */ ; - if (lang != key + png_ptr->current_text_size) + if (lang < key + png_ptr->current_text_size - 3) lang++; comp_flag = *lang++; @@ -1422,10 +1422,14 @@ /* empty loop */ ; lang_key++; /* skip NUL separator */ - for (text = lang_key; *text; text++) - /* empty loop */ ; + text=lang_key; + if (lang_key < key + png_ptr->current_text_size - 1) + { + for (; *text; text++) + /* empty loop */ ; + } - if (text != key + png_ptr->current_text_size) + if (text < key + png_ptr->current_text_size) text++; text_ptr = (png_textp)png_malloc(png_ptr, diff -Naur libpng-1.2.10.orig/pngrtran.c libpng-1.2.10/pngrtran.c --- libpng-1.2.10.orig/pngrtran.c 2006-04-23 14:45:34.000000000 -0400 +++ libpng-1.2.10/pngrtran.c 2007-10-18 13:50:35.000000000 -0400 @@ -3671,7 +3671,7 @@ { case 1: { - gray = (png_uint_16)(gray*0xff); + gray = (png_uint_16)((gray&0x01)*0xff); sp = row + (png_size_t)((row_width - 1) >> 3); dp = row + (png_size_t)row_width - 1; shift = 7 - (int)((row_width + 7) & 0x07); @@ -3695,7 +3695,7 @@ } case 2: { - gray = (png_uint_16)(gray*0x55); + gray = (png_uint_16)((gray&0x03)*0x55); sp = row + (png_size_t)((row_width - 1) >> 2); dp = row + (png_size_t)row_width - 1; shift = (int)((3 - ((row_width + 3) & 0x03)) << 1); @@ -3718,7 +3718,7 @@ } case 4: { - gray = (png_uint_16)(gray*0x11); + gray = (png_uint_16)((gray&0x0f)*0x11); sp = row + (png_size_t)((row_width - 1) >> 1); dp = row + (png_size_t)row_width - 1; shift = (int)((1 - ((row_width + 1) & 0x01)) << 2); @@ -3748,6 +3748,7 @@ { if (row_info->bit_depth == 8) { + gray = gray & 0xff; sp = row + (png_size_t)row_width - 1; dp = row + (png_size_t)(row_width << 1) - 1; for (i = 0; i < row_width; i++) @@ -3761,12 +3762,13 @@ } else if (row_info->bit_depth == 16) { + png_byte gray_high = (gray >> 8) & 0xff; + png_byte gray_low = gray & 0xff; sp = row + row_info->rowbytes - 1; dp = row + (row_info->rowbytes << 1) - 1; for (i = 0; i < row_width; i++) { - if (((png_uint_16)*(sp) | - ((png_uint_16)*(sp - 1) << 8)) == gray) + if (*(sp-1) == gray_high && *(sp) == gray_low) { *dp-- = 0; *dp-- = 0; @@ -3791,13 +3793,14 @@ { if (row_info->bit_depth == 8) { + png_byte red = trans_value->red & 0xff; + png_byte green = trans_value->green & 0xff; + png_byte blue = trans_value->blue & 0xff; sp = row + (png_size_t)row_info->rowbytes - 1; dp = row + (png_size_t)(row_width << 2) - 1; for (i = 0; i < row_width; i++) { - if (*(sp - 2) == trans_value->red && - *(sp - 1) == trans_value->green && - *(sp - 0) == trans_value->blue) + if (*(sp - 2) == red && *(sp - 1) == green && *(sp) == blue) *dp-- = 0; else *dp-- = 0xff; @@ -3808,16 +3811,22 @@ } else if (row_info->bit_depth == 16) { + png_byte red_high = (trans_value->red >> 8) & 0xff; + png_byte green_high = (trans_value->green >> 8) & 0xff; + png_byte blue_high = (trans_value->blue >> 8) & 0xff; + png_byte red_low = trans_value->red & 0xff; + png_byte green_low = trans_value->green & 0xff; + png_byte blue_low = trans_value->blue & 0xff; sp = row + row_info->rowbytes - 1; dp = row + (png_size_t)(row_width << 3) - 1; for (i = 0; i < row_width; i++) { - if ((((png_uint_16)*(sp - 4) | - ((png_uint_16)*(sp - 5) << 8)) == trans_value->red) && - (((png_uint_16)*(sp - 2) | - ((png_uint_16)*(sp - 3) << 8)) == trans_value->green) && - (((png_uint_16)*(sp - 0) | - ((png_uint_16)*(sp - 1) << 8)) == trans_value->blue)) + if (*(sp - 5) == red_high && + *(sp - 4) == red_low && + *(sp - 3) == green_high && + *(sp - 2) == green_low && + *(sp - 1) == blue_high && + *(sp ) == blue_low) { *dp-- = 0; *dp-- = 0; diff -Naur libpng-1.2.10.orig/pngrutil.c libpng-1.2.10/pngrutil.c --- libpng-1.2.10.orig/pngrutil.c 2006-04-23 14:45:34.000000000 -0400 +++ libpng-1.2.10/pngrutil.c 2007-10-18 13:50:35.000000000 -0400 @@ -1035,7 +1035,7 @@ /* there should be at least one zero (the compression type byte) following the separator, and we should be on it */ - if ( profile >= chunkdata + slength) + if ( profile >= chunkdata + slength - 1) { png_free(png_ptr, chunkdata); png_warning(png_ptr, "Malformed iCCP chunk"); @@ -1139,7 +1139,7 @@ ++entry_start; /* a sample depth should follow the separator, and we should be on it */ - if (entry_start > chunkdata + slength) + if (entry_start > chunkdata + slength - 2) { png_free(png_ptr, chunkdata); png_warning(png_ptr, "malformed sPLT chunk"); @@ -1232,9 +1232,15 @@ png_handle_tRNS(png_structp png_ptr, png_infop info_ptr, png_uint_32 length) { png_byte readbuf[PNG_MAX_PALETTE_LENGTH]; + int bit_mask; png_debug(1, "in png_handle_tRNS\n"); + /* For non-indexed color, mask off any bits in the tRNS value that + * exceed the bit depth. Some creators were writing extra bits there. + * This is not needed for indexed color. */ + bit_mask = (1 << png_ptr->bit_depth) - 1; + if (!(png_ptr->mode & PNG_HAVE_IHDR)) png_error(png_ptr, "Missing IHDR before tRNS"); else if (png_ptr->mode & PNG_HAVE_IDAT) @@ -1263,7 +1269,7 @@ png_crc_read(png_ptr, buf, 2); png_ptr->num_trans = 1; - png_ptr->trans_values.gray = png_get_uint_16(buf); + png_ptr->trans_values.gray = png_get_uint_16(buf) & bit_mask; } else if (png_ptr->color_type == PNG_COLOR_TYPE_RGB) { @@ -1277,9 +1283,9 @@ } png_crc_read(png_ptr, buf, (png_size_t)length); png_ptr->num_trans = 1; - png_ptr->trans_values.red = png_get_uint_16(buf); - png_ptr->trans_values.green = png_get_uint_16(buf + 2); - png_ptr->trans_values.blue = png_get_uint_16(buf + 4); + png_ptr->trans_values.red = png_get_uint_16(buf) & bit_mask; + png_ptr->trans_values.green = png_get_uint_16(buf + 2) & bit_mask; + png_ptr->trans_values.blue = png_get_uint_16(buf + 4) & bit_mask; } else if (png_ptr->color_type == PNG_COLOR_TYPE_PALETTE) { @@ -1312,7 +1318,10 @@ } if (png_crc_finish(png_ptr, 0)) + { + png_ptr->num_trans = 0; return; + } png_set_tRNS(png_ptr, info_ptr, readbuf, png_ptr->num_trans, &(png_ptr->trans_values)); @@ -1655,7 +1664,7 @@ buf++; /* Skip the null string terminator from previous parameter. */ png_debug1(3, "Reading pCAL parameter %d\n", i); - for (params[i] = buf; *buf != 0x00 && buf <= endptr; buf++) + for (params[i] = buf; buf <= endptr && *buf != 0x00; buf++) /* Empty loop to move past each parameter string */ ; /* Make sure we haven't run out of data yet */ @@ -1753,6 +1762,17 @@ /* empty loop */ ; ep++; + if (buffer + slength < ep) + { + png_warning(png_ptr, "Truncated sCAL chunk"); +#if defined(PNG_FIXED_POINT_SUPPORTED) && \ + !defined(PNG_FLOATING_POINT_SUPPORTED) + png_free(png_ptr, swidth); +#endif + png_free(png_ptr, buffer); + return; + } + #ifdef PNG_FLOATING_POINT_SUPPORTED height = strtod(ep, &vp); if (*vp) @@ -1976,10 +1996,11 @@ /* empty loop */ ; /* zTXt must have some text after the chunkdataword */ - if (text == chunkdata + slength) + if (text >= chunkdata + slength - 2) { - comp_type = PNG_TEXT_COMPRESSION_NONE; - png_warning(png_ptr, "Zero length zTXt chunk"); + png_warning(png_ptr, "Truncated zTXt chunk"); + png_free(png_ptr, chunkdata); + return; } else { @@ -2079,10 +2100,11 @@ translated keyword (possibly empty), and possibly some text after the keyword */ - if (lang >= chunkdata + slength) + if (lang >= chunkdata + slength - 3) { - comp_flag = PNG_TEXT_COMPRESSION_NONE; - png_warning(png_ptr, "Zero length iTXt chunk"); + png_warning(png_ptr, "Truncated iTXt chunk"); + png_free(png_ptr, chunkdata); + return; } else { @@ -2094,9 +2116,22 @@ /* empty loop */ ; lang_key++; /* skip NUL separator */ + if (lang_key >= chunkdata + slength) + { + png_warning(png_ptr, "Truncated iTXt chunk"); + png_free(png_ptr, chunkdata); + return; + } + for (text = lang_key; *text; text++) /* empty loop */ ; text++; /* skip NUL separator */ + if (text >= chunkdata + slength) + { + png_warning(png_ptr, "Malformed iTXt chunk"); + png_free(png_ptr, chunkdata); + return; + } prefix_len = text - chunkdata; Index: libpng.spec =================================================================== RCS file: /cvs/dist/rpms/libpng/FC-6/libpng.spec,v retrieving revision 1.39 retrieving revision 1.40 diff -u -r1.39 -r1.40 --- libpng.spec 23 May 2007 21:38:38 -0000 1.39 +++ libpng.spec 18 Oct 2007 18:36:06 -0000 1.40 @@ -1,21 +1,21 @@ Summary: A library of functions for manipulating PNG image format files Name: libpng +Epoch: 2 Version: 1.2.10 -Release: 9%{?dist} -License: OSI certified +Release: 10%{?dist} +License: zlib Group: System Environment/Libraries -Source: ftp://swrinde.nde.swri.edu/pub/png/src/libpng-%{version}.tar.bz2 +URL: http://www.libpng.org/pub/png/ + +Source: ftp://ftp.simplesystems.org/pub/png/src/libpng-%{version}.tar.bz2 Patch0: libpng-1.2.10-multilib.patch Patch1: libpng-1.2.10-pngconf.patch -Patch2: libpng-trns-bug.patch +Patch2: libpng-1222-fixes.patch Patch3: libpng-splt-bug.patch Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root -BuildPrereq: zlib-devel +BuildRequires: zlib-devel Provides: libpng.so.3 -URL: http://www.libpng.org/pub/png/ -%define LIBVER 3.%{version} -Epoch: 2 Conflicts: qt < 0:2.2.2 %description @@ -84,6 +84,11 @@ rm -rf $RPM_BUILD_ROOT %changelog +* Thu Oct 18 2007 Tom Lane 2:1.2.10-10 +- Back-port critical fixes from libpng 1.2.22, primarily to fix CVE-2007-5269 +Related: #324771 +- Update License tag and some other obsolete bits in specfile + * Wed May 23 2007 Tom Lane 2:1.2.10-9 - Add patch to fix CVE-2006-5793 Related: #215405 --- libpng-1.2.8-multilib.patch DELETED --- --- libpng-rhconf.patch DELETED --- --- libpng-trns-bug.patch DELETED --- From fedora-cvs-commits at redhat.com Fri Oct 19 10:57:32 2007 From: fedora-cvs-commits at redhat.com (fedora-cvs-commits at redhat.com) Date: Fri, 19 Oct 2007 06:57:32 -0400 Subject: rpms/firefox/FC-6 mozilla-199088.mailnews.patch, NONE, 1.1 mozilla-267833.patch, NONE, 1.1 mozilla-309322_180_att283610.patch, NONE, 1.1 mozilla-325761.patch, NONE, 1.1 mozilla-345305_venkmanonly.patch, NONE, 1.1 mozilla-361745.patch, NONE, 1.1 mozilla-362901.patch, NONE, 1.1 mozilla-372309.patch, NONE, 1.1 mozilla-378787.patch, NONE, 1.1 mozilla-384105.patch, NONE, 1.1 mozilla-386914.patch, NONE, 1.1 mozilla-387033.patch, NONE, 1.1 mozilla-387881.patch, NONE, 1.1 mozilla-388121.patch, NONE, 1.1 mozilla-388784.patch, NONE, 1.1 mozilla-390078.patch, NONE, 1.1 mozilla-392149-180.patch, NONE, 1.1 mozilla-393537.patch, NONE, 1.1 mozilla-395942-180.patch, NONE, 1.1 .cvsignore, 1.31, 1.32 firefox.spec, 1.173, 1.174 mozilla-381300.patch, 1.1, 1.2 mozilla-version.patch, 1.1, 1.2 sources, 1.38, 1.39 Message-ID: <200710191057.l9JAvWIC022125@cvs.devel.redhat.com> Author: stransky Update of /cvs/dist/rpms/firefox/FC-6 In directory cvs.devel.redhat.com:/tmp/cvs-serv22106 Modified Files: .cvsignore firefox.spec mozilla-381300.patch mozilla-version.patch sources Added Files: mozilla-199088.mailnews.patch mozilla-267833.patch mozilla-309322_180_att283610.patch mozilla-325761.patch mozilla-345305_venkmanonly.patch mozilla-361745.patch mozilla-362901.patch mozilla-372309.patch mozilla-378787.patch mozilla-384105.patch mozilla-386914.patch mozilla-387033.patch mozilla-387881.patch mozilla-388121.patch mozilla-388784.patch mozilla-390078.patch mozilla-392149-180.patch mozilla-393537.patch mozilla-395942-180.patch Log Message: * Fri Oct 19 2007 Martin Stransky 1.5.0.12-5 - Update to latest snapshot of Mozilla 1.8.0 branch - added pathes for Mozilla bugs 199088,267833,309322,345305,361745, 362901,372309,378787,381300,384105,386914,387033,387881,388121,388784 390078,393537,395942 mozilla-199088.mailnews.patch: nsImapFlagAndUidState.cpp | 3 +++ 1 files changed, 3 insertions(+) --- NEW FILE mozilla-199088.mailnews.patch --- --- mailnews/imap/src/nsImapFlagAndUidState.cpp | 3 +++ 1 file changed, 3 insertions(+) Index: mozilla/mailnews/imap/src/nsImapFlagAndUidState.cpp =================================================================== --- mozilla.orig/mailnews/imap/src/nsImapFlagAndUidState.cpp 2007-07-16 11:06:06.000000000 +0200 +++ mozilla/mailnews/imap/src/nsImapFlagAndUidState.cpp 2007-07-16 11:06:24.000000000 +0200 @@ -211,16 +211,19 @@ } // adds to sorted list. protects against duplicates and going past fNumberOfMessageSlotsAllocated NS_IMETHODIMP nsImapFlagAndUidState::AddUidFlagPair(PRUint32 uid, imapMessageFlagsType flags) { if (uid == nsMsgKey_None) // ignore uid of -1 return NS_OK; + // check for potential overflow in buffer size for uid array + if (zeroBasedIndex > 0x3FFFFFFF) + return NS_ERROR_INVALID_ARG; PR_CEnterMonitor(this); // make sure there is room for this pair if (fNumberOfMessagesAdded >= fNumberOfMessageSlotsAllocated) { fNumberOfMessageSlotsAllocated += kImapFlagAndUidStateSize; fUids.SetSize(fNumberOfMessageSlotsAllocated); fFlags = (imapMessageFlagsType*) PR_REALLOC(fFlags, sizeof(imapMessageFlagsType) * fNumberOfMessageSlotsAllocated); // new imapMessageFlagsType[fNumberOfMessageSlotsAllocated]; } mozilla-267833.patch: content/base/src/nsDocument.cpp | 21 ++++ content/base/src/nsDocument.h | 3 content/html/document/src/nsHTMLContentSink.cpp | 3 content/xbl/src/nsBindingManager.cpp | 98 +++++++++++++++++++++- content/xbl/src/nsBindingManager.h | 36 +++++++- content/xbl/src/nsXBLResourceLoader.cpp | 9 -- content/xul/templates/src/nsXULContentBuilder.cpp | 4 layout/base/nsCSSFrameConstructor.cpp | 18 ---- layout/base/nsCSSFrameConstructor.h | 13 ++ layout/base/nsPresShell.cpp | 20 ++++ 10 files changed, 195 insertions(+), 30 deletions(-) --- NEW FILE mozilla-267833.patch --- --- content/base/src/nsDocument.cpp | 21 ++++ content/base/src/nsDocument.h | 3 content/html/document/src/nsHTMLContentSink.cpp | 3 content/xbl/src/nsBindingManager.cpp | 98 +++++++++++++++++++++- content/xbl/src/nsBindingManager.h | 36 +++++++- content/xbl/src/nsXBLResourceLoader.cpp | 9 -- content/xul/templates/src/nsXULContentBuilder.cpp | 4 layout/base/nsCSSFrameConstructor.cpp | 18 ---- layout/base/nsCSSFrameConstructor.h | 13 ++ layout/base/nsPresShell.cpp | 20 ++++ 10 files changed, 195 insertions(+), 30 deletions(-) Index: mozilla/content/base/src/nsDocument.cpp =================================================================== --- mozilla.orig/content/base/src/nsDocument.cpp 2007-10-09 15:26:43.000000000 +0200 +++ mozilla/content/base/src/nsDocument.cpp 2007-10-09 15:27:15.000000000 +0200 @@ -974,22 +974,24 @@ { if (mBindingManager || mCSSLoader || mNodeInfoManager) { return NS_ERROR_ALREADY_INITIALIZED; } mLinkMap.Init(); // Force initialization. - nsBindingManager *bindingManager = new nsBindingManager(); + nsBindingManager *bindingManager = new nsBindingManager(this); NS_ENSURE_TRUE(bindingManager, NS_ERROR_OUT_OF_MEMORY); mBindingManager = bindingManager; // The binding manager must always be the first observer of the document. - mObservers.PrependElement(bindingManager); + if (!mObservers.PrependElement(bindingManager)) { + return NS_ERROR_OUT_OF_MEMORY; + } mOnloadBlocker = new nsOnloadBlocker(); NS_ENSURE_TRUE(mOnloadBlocker, NS_ERROR_OUT_OF_MEMORY); NS_NewCSSLoader(this, &mCSSLoader); NS_ENSURE_TRUE(mCSSLoader, NS_ERROR_OUT_OF_MEMORY); // Assume we're not HTML and not quirky, until we know otherwise mCSSLoader->SetCaseSensitive(PR_TRUE); @@ -2230,28 +2232,43 @@ } return mObservers.Contains(aObserver); } void nsDocument::BeginUpdate(nsUpdateType aUpdateType) { + if (mUpdateNestLevel == 0) { + nsIBindingManager* bm = mBindingManager; + NS_STATIC_CAST(nsBindingManager*, bm)->BeginOutermostUpdate(); + } + + ++mUpdateNestLevel; if (mScriptLoader) { NS_STATIC_CAST(nsScriptLoader*, NS_STATIC_CAST(nsIScriptLoader*, mScriptLoader))->AddExecuteBlocker(); } NS_DOCUMENT_NOTIFY_OBSERVERS(BeginUpdate, (this, aUpdateType)); } void nsDocument::EndUpdate(nsUpdateType aUpdateType) { NS_DOCUMENT_NOTIFY_OBSERVERS(EndUpdate, (this, aUpdateType)); + + --mUpdateNestLevel; + if (mUpdateNestLevel == 0) { + // This set of updates may have created XBL bindings. Let the + // binding manager know we're done. + nsIBindingManager* bm = mBindingManager; + NS_STATIC_CAST(nsBindingManager*, bm)->EndOutermostUpdate(); + } + if (mScriptLoader) { NS_STATIC_CAST(nsScriptLoader*, NS_STATIC_CAST(nsIScriptLoader*, mScriptLoader))->RemoveExecuteBlocker(); } } void Index: mozilla/content/base/src/nsDocument.h =================================================================== --- mozilla.orig/content/base/src/nsDocument.h 2007-10-09 15:26:43.000000000 +0200 +++ mozilla/content/base/src/nsDocument.h 2007-10-09 15:26:47.000000000 +0200 @@ -889,12 +889,15 @@ PRUint32 mOnloadBlockCount; nsCOMPtr mOnloadBlocker; // A map from unvisited URI hashes to content elements nsTHashtable mLinkMap; // URIs whose visitedness has changed while we were hidden nsCOMArray mVisitednessChangedURIs; + + // Our update nesting level + PRUint32 mUpdateNestLevel; }; #endif /* nsDocument_h___ */ Index: mozilla/content/html/document/src/nsHTMLContentSink.cpp =================================================================== --- mozilla.orig/content/html/document/src/nsHTMLContentSink.cpp 2007-10-09 15:26:44.000000000 +0200 +++ mozilla/content/html/document/src/nsHTMLContentSink.cpp 2007-10-09 15:28:09.000000000 +0200 @@ -1632,16 +1632,19 @@ * they are visible in the tree. Specifically, make sure * that they are all added to their respective parents. * Also, do notification at the top for all content that * has been newly added so that the frame tree is complete. */ nsresult SinkContext::FlushTags(PRBool aNotify) { + // Not starting an update here, unlike trunk. We'll get XBL + // constructors firing async of the stuff we flush right now. + // Don't release last text node in case we need to add to it again FlushText(); if (aNotify) { // Start from the base of the stack (growing upward) and do // a notification from the node that is closest to the root of // tree for any content that has been added. PRInt32 stackPos = 1; Index: mozilla/content/xbl/src/nsBindingManager.cpp =================================================================== --- mozilla.orig/content/xbl/src/nsBindingManager.cpp 2007-10-09 15:26:44.000000000 +0200 +++ mozilla/content/xbl/src/nsBindingManager.cpp 2007-10-09 15:28:06.000000000 +0200 @@ -300,18 +300,21 @@ // Implementation ///////////////////////////////////////////////////////////////// // Static member variable initialization // Implement our nsISupports methods NS_IMPL_ISUPPORTS3(nsBindingManager, nsIBindingManager, nsIStyleRuleSupplier, nsIDocumentObserver) // Constructors/Destructors -nsBindingManager::nsBindingManager(void) -: mProcessingAttachedStack(PR_FALSE) +nsBindingManager::nsBindingManager(nsIDocument* aDocument) + : mProcessingAttachedStack(PR_FALSE), + mProcessOnEndUpdate(PR_FALSE), + mProcessAttachedQueueEvent(nsnull), + mDocument(aDocument) { mContentListTable.ops = nsnull; mAnonymousNodesTable.ops = nsnull; mInsertionParentTable.ops = nsnull; mWrapperTable.ops = nsnull; } static PRBool PR_CALLBACK @@ -781,48 +784,81 @@ NS_IMETHODIMP nsBindingManager::AddToAttachedQueue(nsXBLBinding* aBinding) { if (!mAttachedStack.AppendElement(aBinding)) return NS_ERROR_OUT_OF_MEMORY; NS_ADDREF(aBinding); + + // If we're in the middle of processing our queue already, don't + // bother posting the event. + if (!mProcessingAttachedStack && !mProcessAttachedQueueEvent) { + nsCOMPtr eventQueueService = + do_GetService(NS_EVENTQUEUESERVICE_CONTRACTID); + nsCOMPtr eventQueue; + if (eventQueueService) { + eventQueueService-> + GetSpecialEventQueue(nsIEventQueueService::UI_THREAD_EVENT_QUEUE, + getter_AddRefs(eventQueue)); + } + if (eventQueue) { + ProcessAttachedQueueEvent* ev = new ProcessAttachedQueueEvent(this); + if (ev && NS_FAILED(eventQueue->PostEvent(ev))) { + PL_DestroyEvent(ev); + } else { + mProcessAttachedQueueEvent = ev; + } + } + } + return NS_OK; } NS_IMETHODIMP nsBindingManager::ClearAttachedQueue() { mAttachedStack.EnumerateForwards(ReleaseBindings, nsnull); mAttachedStack.Clear(); return NS_OK; } +void +nsBindingManager::DoProcessAttachedQueue() +{ + ProcessAttachedQueue(); + + NS_ASSERTION(mAttachedStack.Count() == 0, + "Shouldn't have pending bindings!"); + + mProcessAttachedQueueEvent = nsnull; +} + NS_IMETHODIMP nsBindingManager::ProcessAttachedQueue() { - if (mProcessingAttachedStack) + if (mProcessingAttachedStack || mAttachedStack.Count() == 0) return NS_OK; mProcessingAttachedStack = PR_TRUE; PRInt32 lastItem; while ((lastItem = mAttachedStack.Count() - 1) >= 0) { nsXBLBinding *binding = NS_STATIC_CAST(nsXBLBinding*, mAttachedStack.FastElementAt(lastItem)); mAttachedStack.RemoveElementAt(lastItem); NS_ASSERTION(binding, "null item in attached stack?"); binding->ExecuteAttachedHandler(); NS_RELEASE(binding); } mProcessingAttachedStack = PR_FALSE; - ClearAttachedQueue(); + NS_ASSERTION(mAttachedStack.Count() == 0, "How did we get here?"); return NS_OK; } PR_STATIC_CALLBACK(PLDHashOperator) AccumulateBindingsToDetach(nsISupports *aKey, nsXBLBinding *aBinding, void* aVoidArray) { nsVoidArray* arr = NS_STATIC_CAST(nsVoidArray*, aVoidArray); @@ -1304,8 +1340,62 @@ nsXBLInsertionPoint* point = contentList->GetInsertionPointAt(i); if (point->GetInsertionIndex() != -1) { point->RemoveChild(aChild); } } } } } + +void +nsBindingManager::DocumentWillBeDestroyed(nsIDocument* aDocument) +{ + // Make sure to not run any more XBL constructors + mProcessingAttachedStack = PR_TRUE; + + mDocument = nsnull; +} + +void +nsBindingManager::BeginOutermostUpdate() +{ + mProcessOnEndUpdate = (mAttachedStack.Count() == 0); +} + +void +nsBindingManager::EndOutermostUpdate() +{ + if (mProcessOnEndUpdate) { + mProcessOnEndUpdate = PR_FALSE; + ProcessAttachedQueue(); + } +} + +static void PR_CALLBACK +HandlePLEvent(nsBindingManager::ProcessAttachedQueueEvent* aEvent) +{ + aEvent->HandleEvent(); +} + +static void PR_CALLBACK +DestroyPLEvent(nsBindingManager::ProcessAttachedQueueEvent* aEvent) +{ + delete aEvent; +} + +nsBindingManager::ProcessAttachedQueueEvent::ProcessAttachedQueueEvent(nsBindingManager* aBindingManager) + : mBindingManager(aBindingManager) +{ + PL_InitEvent(this, aBindingManager, + (PLHandleEventProc) ::HandlePLEvent, + (PLDestroyEventProc) ::DestroyPLEvent); + if (aBindingManager->mDocument) { + aBindingManager->mDocument->BlockOnload(); + } +} + +nsBindingManager::ProcessAttachedQueueEvent::~ProcessAttachedQueueEvent() +{ + if (mBindingManager->mDocument) { + mBindingManager->mDocument->UnblockOnload(); + } +} Index: mozilla/content/xbl/src/nsBindingManager.h =================================================================== --- mozilla.orig/content/xbl/src/nsBindingManager.h 2007-10-09 15:26:44.000000000 +0200 +++ mozilla/content/xbl/src/nsBindingManager.h 2007-10-09 15:28:02.000000000 +0200 @@ -42,16 +42,17 @@ #include "nsIBindingManager.h" #include "nsIStyleRuleSupplier.h" #include "nsStubDocumentObserver.h" #include "pldhash.h" #include "nsInterfaceHashtable.h" #include "nsRefPtrHashtable.h" #include "nsURIHashKey.h" +#include "plevent.h" class nsIContent; class nsIXPConnectWrappedJS; class nsIAtom; class nsIDOMNodeList; class nsVoidArray; class nsIDocument; class nsIURI; @@ -61,17 +62,17 @@ class nsBindingManager : public nsIBindingManager, public nsIStyleRuleSupplier, public nsStubDocumentObserver { NS_DECL_ISUPPORTS public: - nsBindingManager(); + nsBindingManager(nsIDocument* aDocument); ~nsBindingManager(); virtual nsXBLBinding* GetBinding(nsIContent* aContent); NS_IMETHOD SetBinding(nsIContent* aContent, nsXBLBinding* aBinding); NS_IMETHOD GetInsertionParent(nsIContent* aContent, nsIContent** aResult); NS_IMETHOD SetInsertionParent(nsIContent* aContent, nsIContent* aResult); @@ -136,31 +137,55 @@ virtual void ContentInserted(nsIDocument* aDocument, nsIContent* aContainer, nsIContent* aChild, PRInt32 aIndexInContainer); virtual void ContentRemoved(nsIDocument* aDocument, nsIContent* aContainer, nsIContent* aChild, PRInt32 aIndexInContainer); + virtual void DocumentWillBeDestroyed(nsIDocument* aDocument); + + struct ProcessAttachedQueueEvent; + friend struct ProcessAttachedQueueEvent; + + struct ProcessAttachedQueueEvent : public PLEvent { + ProcessAttachedQueueEvent(nsBindingManager* aBindingManager); + ~ProcessAttachedQueueEvent(); + + void HandleEvent() { + mBindingManager->DoProcessAttachedQueue(); + } + + nsRefPtr mBindingManager; + }; + + // Notify the binding manager when an outermost update begins and + // ends. The end method can execute script. + void BeginOutermostUpdate(); + void EndOutermostUpdate(); protected: nsresult GetXBLChildNodesInternal(nsIContent* aContent, nsIDOMNodeList** aResult, PRBool* aIsAnonymousContentList); nsresult GetAnonymousNodesInternal(nsIContent* aContent, nsIDOMNodeList** aResult, PRBool* aIsAnonymousContentList); nsIContent* GetEnclosingScope(nsIContent* aContent) { return aContent->GetBindingParent(); } nsresult GetNestedInsertionPoint(nsIContent* aParent, nsIContent* aChild, nsIContent** aResult); + // Same as ProcessAttachedQueue, but also nulls out + // mProcessAttachedQueueEvent + void DoProcessAttachedQueue(); + // MEMBER VARIABLES protected: // A mapping from nsIContent* to the nsXBLBinding* that is // installed on that element. nsRefPtrHashtable mBindingTable; // A mapping from nsIContent* to an nsIDOMNodeList* // (nsAnonymousContentList*). This list contains an accurate @@ -198,14 +223,21 @@ // A mapping from a URL (a string) to a nsIStreamListener. This // table is the currently loading binding docs. If they're in this // table, they have not yet finished loading. nsInterfaceHashtable mLoadingDocTable; // A queue of binding attached event handlers that are awaiting execution. nsVoidArray mAttachedStack; - PRBool mProcessingAttachedStack; + PRPackedBool mProcessingAttachedStack; + PRPackedBool mProcessOnEndUpdate; + + // Our posted event to process the attached queue, if any + ProcessAttachedQueueEvent* mProcessAttachedQueueEvent; + + // Our document. This is a weak ref; the document owns us + nsIDocument* mDocument; }; PRBool PR_CALLBACK ReleaseInsertionPoint(void* aElement, void* aData); #endif Index: mozilla/content/xbl/src/nsXBLResourceLoader.cpp =================================================================== --- mozilla.orig/content/xbl/src/nsXBLResourceLoader.cpp 2007-10-09 15:26:44.000000000 +0200 +++ mozilla/content/xbl/src/nsXBLResourceLoader.cpp 2007-10-09 15:27:56.000000000 +0200 @@ -233,22 +233,16 @@ // We need the document to flush out frame construction and // such, so we want to use the current document. nsIDocument* doc = content->GetCurrentDoc(); if (doc) { // Flush first to make sure we can get the frame for content doc->FlushPendingNotifications(Flush_Frames); - // Notify - nsIContent* parent = content->GetParent(); - PRInt32 index = 0; - if (parent) - index = parent->IndexOf(content); - // If |content| is (in addition to having binding |mBinding|) // also a descendant of another element with binding |mBinding|, // then we might have just constructed it due to the // notification of its parent. (We can know about both if the // binding loads were triggered from the DOM rather than frame // construction.) So we have to check both whether the element // has a primary frame and whether it's in the undisplayed map // before sending a ContentInserted notification, or bad things @@ -258,18 +252,17 @@ nsIFrame* childFrame; shell->GetPrimaryFrameFor(content, &childFrame); if (!childFrame) { // Check to see if it's in the undisplayed content map. nsStyleContext* sc = shell->FrameManager()->GetUndisplayedContent(content); if (!sc) { - nsCOMPtr obs(do_QueryInterface(shell)); - obs->ContentInserted(doc, parent, content, index); + shell->RecreateFramesFor(content); } } } // Flush again // XXXbz why is this needed? doc->FlushPendingNotifications(Flush_ContentAndNotify); } Index: mozilla/content/xul/templates/src/nsXULContentBuilder.cpp =================================================================== --- mozilla.orig/content/xul/templates/src/nsXULContentBuilder.cpp 2007-10-09 15:26:44.000000000 +0200 +++ mozilla/content/xul/templates/src/nsXULContentBuilder.cpp 2007-10-09 15:28:12.000000000 +0200 @@ -1768,16 +1768,18 @@ if (container && IsLazyWidgetItem(aElement)) { // The tree widget is special, and has to be spanked every // time we add content to a container. nsCOMPtr doc = mRoot->GetDocument(); NS_ASSERTION(doc, "root element has no document"); if (! doc) return NS_ERROR_UNEXPECTED; + mozAutoDocUpdate upd(container->GetCurrentDoc(), UPDATE_CONTENT_MODEL, + PR_TRUE); doc->ContentAppended(container, newIndex); } return NS_OK; } nsresult nsXULContentBuilder::CloseContainer(nsIContent* aElement) @@ -1902,16 +1904,18 @@ CreateTemplateAndContainerContents(mRoot, getter_AddRefs(container), &newIndex); if (container) { nsCOMPtr doc = mRoot->GetDocument(); NS_ASSERTION(doc, "root element has no document"); if (! doc) return NS_ERROR_UNEXPECTED; + mozAutoDocUpdate upd(container->GetCurrentDoc(), UPDATE_CONTENT_MODEL, + PR_TRUE); doc->ContentAppended(container, newIndex); } return NS_OK; } nsresult nsXULContentBuilder::CompileCondition(nsIAtom* aTag, Index: mozilla/layout/base/nsCSSFrameConstructor.cpp =================================================================== --- mozilla.orig/layout/base/nsCSSFrameConstructor.cpp 2007-10-09 15:26:44.000000000 +0200 +++ mozilla/layout/base/nsCSSFrameConstructor.cpp 2007-10-09 15:27:43.000000000 +0200 @@ -8914,19 +8914,16 @@ // Don't create child frames for iframes/frames, they should not // display any content that they contain. else if (nsLayoutAtoms::subDocumentFrame != frameType) { // Construct a child frame (that does not have a table as parent) ConstructFrame(state, childContent, parentFrame, frameItems); } } - // We built some new frames. Initialize any newly-constructed bindings. - mDocument->BindingManager()->ProcessAttachedQueue(); - // process the current pseudo frame state if (!state.mPseudoFrames.IsEmpty()) { ProcessPseudoFrames(state, frameItems); } if (haveFirstLineStyle) { // It's possible that some of the new frames go into a // first-line frame. Look at them and see... @@ -9348,18 +9345,16 @@ if (fdbg) { printf("nsCSSFrameConstructor::ContentInserted: resulting frame model:\n"); fdbg->List(state.mPresContext, stdout, 0); } } #endif } - mDocument->BindingManager()->ProcessAttachedQueue(); - // otherwise this is not a child of the root element, and we // won't let it have a frame. return NS_OK; } // Otherwise, we've got parent content. Find its frame. nsIFrame* parentFrame = aContainerFrame; if (!parentFrame) { @@ -9574,20 +9569,16 @@ if (nsLayoutAtoms::tableCaptionFrame == frameItems.childList->GetType()) { NS_ASSERTION(frameItems.childList == frameItems.lastChild , "adding a non caption frame to the caption childlist?"); captionItems.AddChild(frameItems.childList); frameItems = nsFrameItems(); } } - // Now that we've created frames, run the attach queue. - //XXXwaterson should we do this after we've processed pseudos, too? - mDocument->BindingManager()->ProcessAttachedQueue(); - // process the current pseudo frame state if (!state.mPseudoFrames.IsEmpty()) ProcessPseudoFrames(state, frameItems); // If the final parent frame (decided by AdjustParentFrame()) is different // from the parent of the insertion point we calculated above then // parentFrame/prevSibling/appendAfterFrame are now invalid and as it is // unknown where to insert correctly we append instead (bug 341858). @@ -13209,18 +13200,16 @@ if (!state.mPseudoFrames.IsEmpty()) { ProcessPseudoFrames(state, frameItems); } nsIFrame* newFrame = frameItems.childList; *aNewFrame = newFrame; if (NS_SUCCEEDED(rv) && (nsnull != newFrame)) { - mDocument->BindingManager()->ProcessAttachedQueue(); - // Notify the parent frame if (aIsAppend) rv = ((nsListBoxBodyFrame*)aParentFrame)->ListBoxAppendFrames(newFrame); else rv = ((nsListBoxBodyFrame*)aParentFrame)->ListBoxInsertFrames(aPrevFrame, newFrame); } } @@ -14227,21 +14216,21 @@ restylesToProcess; currentRestyle != lastRestyle; ++currentRestyle) { ProcessOneRestyle(currentRestyle->mContent, currentRestyle->mRestyleHint, currentRestyle->mChangeHint); } + delete [] restylesToProcess; + EndUpdate(); viewManager->EndUpdateViewBatch(NS_VMREFRESH_NO_SYNC); - - delete [] restylesToProcess; } void nsCSSFrameConstructor::PostRestyleEvent(nsIContent* aContent, nsReStyleHint aRestyleHint, nsChangeHint aMinChangeHint) { if (aRestyleHint == 0 && !aMinChangeHint) { @@ -14276,32 +14265,33 @@ mRestyleEventQueue = eventQueue; } } } void nsCSSFrameConstructor::RestyleEvent::HandleEvent() { nsCSSFrameConstructor* constructor = NS_STATIC_CAST(nsCSSFrameConstructor*, owner); - nsIViewManager* viewManager = + nsCOMPtr viewManager = constructor->mDocument->GetShellAt(0)->GetPresContext()->GetViewManager(); NS_ASSERTION(viewManager, "Must have view manager for update"); viewManager->BeginUpdateViewBatch(); // Force flushing of any pending content notifications that might have queued // up while our event was pending. That will ensure that we don't construct // frames for content right now that's still waiting to be notified on, constructor->mPresShell->GetDocument()-> FlushPendingNotifications(Flush_ContentAndNotify); // Make sure that any restyles that happen from now on will go into // a new event. constructor->mRestyleEventQueue = nsnull; constructor->ProcessPendingRestyles(); + constructor->mDocument->BindingManager()->ProcessAttachedQueue(); viewManager->EndUpdateViewBatch(NS_VMREFRESH_NO_SYNC); } PR_STATIC_CALLBACK(void*) HandleRestyleEvent(PLEvent* aEvent) { nsCSSFrameConstructor::RestyleEvent* evt = NS_STATIC_CAST(nsCSSFrameConstructor::RestyleEvent*, aEvent); Index: mozilla/layout/base/nsCSSFrameConstructor.h =================================================================== --- mozilla.orig/layout/base/nsCSSFrameConstructor.h 2007-10-09 15:26:44.000000000 +0200 +++ mozilla/layout/base/nsCSSFrameConstructor.h 2007-10-09 15:27:18.000000000 +0200 @@ -133,21 +133,34 @@ void BeginUpdate() { ++mUpdateCount; } void EndUpdate(); void RecalcQuotesAndCounters(); void WillDestroyFrameTree(); // Note: It's the caller's responsibility to make sure to wrap a // ProcessRestyledFrames call in a view update batch. + // This function does not call ProcessAttachedQueue() on the binding manager. + // If the caller wants that to happen synchronously, it needs to handle that + // itself. nsresult ProcessRestyledFrames(nsStyleChangeList& aRestyleArray); +private: + // This function does not call ProcessAttachedQueue() on the binding manager. + // If the caller wants that to happen synchronously, it needs to handle that + // itself. void ProcessOneRestyle(nsIContent* aContent, nsReStyleHint aRestyleHint, nsChangeHint aChangeHint); + +public: + // This function does not call ProcessAttachedQueue() on the binding manager. + // If the caller wants that to happen synchronously, it needs to handle that + // itself. void ProcessPendingRestyles(); + void PostRestyleEvent(nsIContent* aContent, nsReStyleHint aRestyleHint, nsChangeHint aMinChangeHint); // Notification that we were unable to render a replaced element. nsresult CantRenderReplacedElement(nsIFrame* aFrame); // Request to create a continuing frame nsresult CreateContinuingFrame(nsPresContext* aPresContext, Index: mozilla/layout/base/nsPresShell.cpp =================================================================== --- mozilla.orig/layout/base/nsPresShell.cpp 2007-10-09 15:26:44.000000000 +0200 +++ mozilla/layout/base/nsPresShell.cpp 2007-10-09 15:27:51.000000000 +0200 @@ -2980,16 +2980,19 @@ ti->SetIdle(PR_FALSE); mPaintSuppressionTimer->InitWithFuncCallback(sPaintSuppressionCallback, this, delay, nsITimer::TYPE_ONE_SHOT); } } + // Run the XBL binding constructors for any new frames we've constructed + mDocument->BindingManager()->ProcessAttachedQueue(); + return NS_OK; //XXX this needs to be real. MMP } void PresShell::sPaintSuppressionCallback(nsITimer *aTimer, void* aPresShell) { PresShell* self = NS_STATIC_CAST(PresShell*, aPresShell); if (self) @@ -5382,17 +5385,34 @@ NS_ASSERTION(!isSafeToFlush || mViewManager, "Must have view manager"); if (isSafeToFlush && mViewManager) { // Style reresolves not in conjunction with reflows can't cause // painting or geometry changes, so don't bother with view update // batching if we only have style reresolve mViewManager->BeginUpdateViewBatch(); if (aType & Flush_StyleReresolves) { + // Processing pending restyles can kill us, and some callers only + // hold weak refs when calling FlushPendingNotifications(). :( + nsCOMPtr kungFuDeathGrip(this); mFrameConstructor->ProcessPendingRestyles(); + if (mIsDestroying) { + // We no longer have a view manager and all that. + // XXX FIXME: Except we're in the middle of a view update batch... We + // need to address that somehow. See bug 369165. + return NS_OK; + } + + mDocument->BindingManager()->ProcessAttachedQueue(); + if (mIsDestroying) { + // We no longer have a view manager and all that. + // XXX FIXME: Except we're in the middle of a view update batch... We + // need to address that somehow. See bug 369165. + return NS_OK; + } } if (aType & Flush_OnlyReflow) { mFrameConstructor->RecalcQuotesAndCounters(); ProcessReflowCommands(PR_FALSE); } PRUint32 updateFlags = NS_VMREFRESH_NO_SYNC; mozilla-309322_180_att283610.patch: base/nsCSSFrameConstructor.cpp | 182 ++++++++++++++++------------------------- tables/nsTableOuterFrame.cpp | 61 +++++++------ tables/nsTableOuterFrame.h | 1 3 files changed, 107 insertions(+), 137 deletions(-) --- NEW FILE mozilla-309322_180_att283610.patch --- --- layout/base/nsCSSFrameConstructor.cpp | 182 +++++++++++++--------------------- layout/tables/nsTableOuterFrame.cpp | 61 +++++------ layout/tables/nsTableOuterFrame.h | 1 3 files changed, 107 insertions(+), 137 deletions(-) Index: mozilla/layout/base/nsCSSFrameConstructor.cpp =================================================================== --- mozilla.orig/layout/base/nsCSSFrameConstructor.cpp 2007-10-09 15:03:00.000000000 +0200 +++ mozilla/layout/base/nsCSSFrameConstructor.cpp 2007-10-09 15:15:19.000000000 +0200 @@ -3468,23 +3468,38 @@ NS_PRECONDITION(aFrameItems, "Must have frame items to work with"); aCreatedPseudo = PR_FALSE; if (!aParentFrame) { // Nothing to do here return NS_OK; } + PRBool childIsSpecialContent = PR_FALSE; // lazy lookup + // Only use the outer table frame as parent if the child is going to use a + // tableCaptionFrame, otherwise the inner table frame is the parent + // (bug 341858). + if (aParentFrame->GetType() == nsLayoutAtoms::tableOuterFrame) { + childIsSpecialContent = IsSpecialContent(aChildContent, aTag, aNameSpaceID, + aChildStyle); + if (childIsSpecialContent || + (aChildStyle->GetStyleDisplay()->mDisplay != + NS_STYLE_DISPLAY_TABLE_CAPTION)) { + aParentFrame = aParentFrame->GetContentInsertionFrame(); + } + } + // If our parent is a table, table-row-group, or table-row, and // we're not table-related in any way, we have to create table // pseudo-frames so that we have a table cell to live in. if (IsTableRelated(aParentFrame->GetType(), PR_FALSE) && (!IsTableRelated(aChildDisplay->mDisplay, PR_TRUE) || // Also need to create a pseudo-parent if the child is going to end up // with a frame based on something other than display. + childIsSpecialContent || // looked it up before IsSpecialContent(aChildContent, aTag, aNameSpaceID, aChildStyle))) { nsTableCreator tableCreator(aState.mPresShell); nsresult rv = GetPseudoCellFrame(tableCreator, aState, *aParentFrame); if (NS_FAILED(rv)) { return rv; } NS_ASSERTION(aState.mPseudoFrames.mCellInner.mFrame, @@ -8389,55 +8404,50 @@ nsCSSFrameConstructor::IsValidSibling(nsIFrame* aParentFrame, const nsIFrame& aSibling, PRUint8 aSiblingDisplay, nsIContent& aContent, PRUint8& aDisplay) { if ((NS_STYLE_DISPLAY_TABLE_COLUMN_GROUP == aSiblingDisplay) || (NS_STYLE_DISPLAY_TABLE_COLUMN == aSiblingDisplay) || + (NS_STYLE_DISPLAY_TABLE_CAPTION == aSiblingDisplay) || (NS_STYLE_DISPLAY_TABLE_HEADER_GROUP == aSiblingDisplay) || (NS_STYLE_DISPLAY_TABLE_ROW_GROUP == aSiblingDisplay) || (NS_STYLE_DISPLAY_TABLE_FOOTER_GROUP == aSiblingDisplay)) { // if we haven't already, construct a style context to find the display type of aContent if (UNSET_DISPLAY == aDisplay) { nsRefPtr styleContext; styleContext = ResolveStyleContext(aSibling.GetParent(), &aContent); if (!styleContext) return PR_FALSE; const nsStyleDisplay* display = styleContext->GetStyleDisplay(); aDisplay = display->mDisplay; } switch (aSiblingDisplay) { case NS_STYLE_DISPLAY_TABLE_COLUMN_GROUP: return (NS_STYLE_DISPLAY_TABLE_COLUMN_GROUP == aDisplay); case NS_STYLE_DISPLAY_TABLE_COLUMN: return (NS_STYLE_DISPLAY_TABLE_COLUMN == aDisplay); + case NS_STYLE_DISPLAY_TABLE_CAPTION: + return (NS_STYLE_DISPLAY_TABLE_CAPTION == aDisplay); default: // all of the row group types return (NS_STYLE_DISPLAY_TABLE_HEADER_GROUP == aDisplay) || (NS_STYLE_DISPLAY_TABLE_ROW_GROUP == aDisplay) || (NS_STYLE_DISPLAY_TABLE_FOOTER_GROUP == aDisplay) || (NS_STYLE_DISPLAY_TABLE_CAPTION == aDisplay); } } - else if (NS_STYLE_DISPLAY_TABLE_CAPTION == aSiblingDisplay) { - // Nothing can be a sibling of a caption since there can only be one caption. - // But this check is necessary since a row group and caption are siblings - // from a content perspective (they share the table content as parent) - return PR_FALSE; - } - else { - if (nsLayoutAtoms::fieldSetFrame == aParentFrame->GetType()) { - // Legends can be sibling of legends but not of other content in the fieldset - nsIAtom* sibType = aSibling.GetType(); - nsCOMPtr legendContent(do_QueryInterface(&aContent)); - - if ((legendContent && (nsLayoutAtoms::legendFrame != sibType)) || - (!legendContent && (nsLayoutAtoms::legendFrame == sibType))) - return PR_FALSE; - } + else if (nsLayoutAtoms::fieldSetFrame == aParentFrame->GetType()) { + // Legends can be sibling of legends but not of other content in the fieldset + nsIAtom* sibType = aSibling.GetType(); + nsCOMPtr legendContent(do_QueryInterface(&aContent)); + + if ((legendContent && (nsLayoutAtoms::legendFrame != sibType)) || + (!legendContent && (nsLayoutAtoms::legendFrame == sibType))) + return PR_FALSE; } return PR_TRUE; } /** * Find the ``rightmost'' frame for the content immediately preceding * aIndexInContainer, following continuations if necessary. @@ -8871,46 +8881,28 @@ RemoveLetterFrames(state.mPresContext, state.mPresShell, state.mFrameManager, containingBlock); } // if the container is a table and a caption was appended, it needs to be put in // the outer table frame's additional child list. nsFrameItems captionItems; - PRBool hasCaption = PR_FALSE; - if (nsLayoutAtoms::tableFrame == frameType) { - nsIFrame* outerTable = parentFrame->GetParent(); - if (outerTable) { - if (outerTable->GetFirstChild(nsLayoutAtoms::captionList)) { - hasCaption = PR_TRUE; - } - } - } PRUint32 i; count = aContainer->GetChildCount(); for (i = aNewIndexInContainer; i < count; i++) { nsIContent *childContent = aContainer->GetChildAt(i); // lookup the table child frame type as it is much more difficult to remove a frame // and all it descendants (abs. pos. for instance) than to prevent the frame creation. if (nsLayoutAtoms::tableFrame == frameType) { - if (hasCaption) { - // Resolve the style context and get its display - nsRefPtr childStyleContext; - childStyleContext = ResolveStyleContext(parentFrame, childContent); - if (childStyleContext->GetStyleDisplay()->mDisplay == NS_STYLE_DISPLAY_TABLE_CAPTION) - continue; //don't create a table caption frame and its descendants - } nsFrameItems tempItems; ConstructFrame(state, childContent, parentFrame, tempItems); if (tempItems.childList) { if (nsLayoutAtoms::tableCaptionFrame == tempItems.childList->GetType()) { - NS_ASSERTION(!captionItems.childList, "don't append twice a caption"); - hasCaption = PR_TRUE; // remember that we have a caption now - captionItems.AddChild(tempItems.childList); + captionItems.AddChild(tempItems.childList); } else { frameItems.AddChild(tempItems.childList); } } } else if (nsLayoutAtoms::tableColGroupFrame == frameType) { nsRefPtr childStyleContext; @@ -9117,17 +9109,18 @@ if (!IsInlineFrame2(aParentFrame)) return PR_FALSE; // find out if aChild is a block or inline PRBool childIsBlock = PR_FALSE; if (aChild->IsContentOfType(nsIContent::eELEMENT)) { nsRefPtr styleContext; styleContext = ResolveStyleContext(aParentFrame, aChild); - childIsBlock = styleContext->GetStyleDisplay()->IsBlockLevel(); + const nsStyleDisplay* display = styleContext->GetStyleDisplay(); + childIsBlock = display->IsBlockLevel() || IsTableRelated(display->mDisplay, PR_TRUE); } nsIFrame* prevParent; // parent of prev sibling nsIFrame* nextParent; // parent of next sibling if (childIsBlock) { if (aPrevSibling) { prevParent = aPrevSibling->GetParent(); NS_ASSERTION(prevParent, "program error - null parent frame"); @@ -9464,31 +9457,21 @@ // if we don't need to reframe then set parentFrame and prevSibling to the correct values if (NeedSpecialFrameReframe(aContainer, container, parentFrame, aChild, aIndexInContainer, prevSibling, nextSibling)) { return ReframeContainingBlock(parentFrame); } } - nsFrameItems frameItems; nsFrameConstructorState state(mPresShell, mFixedContainingBlock, GetAbsoluteContainingBlock(parentFrame), GetFloatContainingBlock(parentFrame), aFrameState); - PRBool hasCaption = PR_FALSE; - if (nsLayoutAtoms::tableFrame == parentFrame->GetType()) { - nsIFrame* outerTable = parentFrame->GetParent(); - if (outerTable) { - if (outerTable->GetFirstChild(nsLayoutAtoms::captionList)) { - hasCaption = PR_TRUE; - } - } - } // Recover state for the containing block - we need to know if // it has :first-letter or :first-line style applied to it. The // reason we care is that the internal structure in these cases // is not the normal structure and requires custom updating // logic. nsIFrame* containingBlock = state.mFloatedItems.containingBlock; nsStyleContext* blockSC; @@ -9575,47 +9558,55 @@ } } else if (NS_STYLE_DISPLAY_TABLE_COLUMN_GROUP == parentDisplay->mDisplay) { nsRefPtr childStyleContext; childStyleContext = ResolveStyleContext(parentFrame, aChild); if (childStyleContext->GetStyleDisplay()->mDisplay != NS_STYLE_DISPLAY_TABLE_COLUMN) return NS_OK; //don't create anything else than columns below a colgroup } - else if (parentFrame->GetType() == nsLayoutAtoms::tableFrame && hasCaption) { - // Resolve the style context and get its display - nsRefPtr childStyleContext; - childStyleContext = ResolveStyleContext(parentFrame, aChild); - if (childStyleContext->GetStyleDisplay()->mDisplay == NS_STYLE_DISPLAY_TABLE_CAPTION) - return NS_OK; //don't create a second table caption frame and its descendants - } // if the container is a table and a caption will be appended, it needs to be // put in the outer table frame's additional child list. - nsFrameItems tempItems, captionItems; + nsFrameItems frameItems, captionItems; - ConstructFrame(state, aChild, parentFrame, tempItems); - if (tempItems.childList) { - if (nsLayoutAtoms::tableCaptionFrame == tempItems.childList->GetType()) { - captionItems.AddChild(tempItems.childList); - } - else { - frameItems.AddChild(tempItems.childList); + ConstructFrame(state, aChild, parentFrame, frameItems); + if (frameItems.childList) { + if (nsLayoutAtoms::tableCaptionFrame == frameItems.childList->GetType()) { + NS_ASSERTION(frameItems.childList == frameItems.lastChild , + "adding a non caption frame to the caption childlist?"); + captionItems.AddChild(frameItems.childList); + frameItems = nsFrameItems(); } } // Now that we've created frames, run the attach queue. //XXXwaterson should we do this after we've processed pseudos, too? mDocument->BindingManager()->ProcessAttachedQueue(); // process the current pseudo frame state if (!state.mPseudoFrames.IsEmpty()) ProcessPseudoFrames(state, frameItems); + // If the final parent frame (decided by AdjustParentFrame()) is different + // from the parent of the insertion point we calculated above then + // parentFrame/prevSibling/appendAfterFrame are now invalid and as it is + // unknown where to insert correctly we append instead (bug 341858). + if (frameItems.childList && + frameItems.childList->GetParent() != parentFrame) { + prevSibling = nsnull; + isAppend = PR_TRUE; + parentFrame = + ::AdjustAppendParentForAfterContent(mPresShell->GetPresContext(), + aContainer, + frameItems.childList->GetParent(), + &appendAfterFrame); + } + // XXX Bug 19949 // Although select frame are inline we do not want to call // WipeContainingBlock because it will throw away the entire select frame and // start over which is something we do not want to do // nsCOMPtr selectContent = do_QueryInterface(aContainer); if (!selectContent) { // Perform special check for diddling around with the frames in @@ -9636,16 +9627,17 @@ // Use more complicated insert logic when inserting InsertFirstLineFrames(state, aContainer, containingBlock, &parentFrame, prevSibling, frameItems); } } nsIFrame* newFrame = frameItems.childList; if (NS_SUCCEEDED(rv) && newFrame) { + NS_ASSERTION(!captionItems.childList, "leaking caption frames"); // Notify the parent frame if (isAppend) { AppendFrames(state, aContainer, parentFrame, newFrame, appendAfterFrame); } else { if (!prevSibling) { // We're inserting the new frame as the first child. See if the // parent has a :before pseudo-element @@ -9674,23 +9666,26 @@ if (NS_SUCCEEDED(rv) && newCaptionFrame) { nsIFrame* outerTableFrame; if (GetCaptionAdjustedParent(parentFrame, newCaptionFrame, &outerTableFrame)) { // If the parent is not a outer table frame we will try to add frames // to a named child list that the parent does not honour and the frames // will get lost NS_ASSERTION(nsLayoutAtoms::tableOuterFrame == outerTableFrame->GetType(), "Pseudo frame construction failure, a caption can be only a child of a outer table frame"); - // the double caption creation was prevented above, so we are sure - // that we can append - NS_ASSERTION(!outerTableFrame->GetFirstChild(nsLayoutAtoms::captionList), - "No double captions please"); - state.mFrameManager->AppendFrames(outerTableFrame, - nsLayoutAtoms::captionList, - newCaptionFrame); + if (isAppend) { + state.mFrameManager->AppendFrames(outerTableFrame, + nsLayoutAtoms::captionList, + newCaptionFrame); + } + else { + state.mFrameManager->InsertFrames(outerTableFrame, + nsLayoutAtoms::captionList, + prevSibling, newCaptionFrame); + } } } } // Here we have been notified that content has been insert // so if the select now has a single item // we need to go in and removed the dummy frame nsCOMPtr selectElement = do_QueryInterface(aContainer); if (selectElement) @@ -11277,57 +11272,28 @@ // XXXbz should we be passing in a non-null aContentParentFrame? nsHTMLContainerFrame::CreateViewForFrame(newFrame, nsnull, PR_FALSE); // Create a continuing inner table frame, and if there's a caption then // replicate the caption nsFrameItems newChildFrames; nsIFrame* childFrame = aFrame->GetFirstChild(nsnull); - while (childFrame) { - // See if it's the inner table frame - if (nsLayoutAtoms::tableFrame == childFrame->GetType()) { - nsIFrame* continuingTableFrame; - - // It's the inner table frame, so create a continuing frame - rv = CreateContinuingFrame(aPresContext, childFrame, newFrame, - &continuingTableFrame); - if (NS_FAILED(rv)) { - newFrame->Destroy(aPresContext); - *aContinuingFrame = nsnull; - return rv; - } - newChildFrames.AddChild(continuingTableFrame); - } else { - // XXX remove this code and the above checks. We don't want to replicate - // the caption (that is what the thead is for). This code is not executed - // anyway, because the caption was put in a different child list. - nsStyleContext* captionStyle = childFrame->GetStyleContext(); - nsIContent* caption = childFrame->GetContent(); - NS_ASSERTION(NS_STYLE_DISPLAY_TABLE_CAPTION == - captionStyle->GetStyleDisplay()->mDisplay, - "expected caption"); - - // Replicate the caption frame - // XXX We have to do it this way instead of calling ConstructFrameByDisplayType(), - // because of a bug in the way ConstructTableFrame() handles the initial child - // list... - nsIFrame* captionFrame; - nsFrameItems childItems; - NS_NewTableCaptionFrame(aPresShell, &captionFrame); - nsFrameConstructorState state(mPresShell, mFixedContainingBlock, - GetAbsoluteContainingBlock(newFrame), - captionFrame); - captionFrame->Init(aPresContext, caption, newFrame, captionStyle, nsnull); - ProcessChildren(state, caption, captionFrame, PR_TRUE, childItems, - PR_TRUE); - captionFrame->SetInitialChildList(aPresContext, nsnull, childItems.childList); - newChildFrames.AddChild(captionFrame); + if (childFrame) { + nsIFrame* continuingTableFrame; + rv = CreateContinuingFrame(aPresContext, childFrame, newFrame, + &continuingTableFrame); + if (NS_FAILED(rv)) { + newFrame->Destroy(aPresContext); + *aContinuingFrame = nsnull; + return rv; } - childFrame = childFrame->GetNextSibling(); + newChildFrames.AddChild(continuingTableFrame); + + NS_ASSERTION(!childFrame->GetNextSibling(),"there can be only one inner table frame"); } // Set the outer table's initial child list newFrame->SetInitialChildList(aPresContext, nsnull, newChildFrames.childList); } *aContinuingFrame = newFrame; return rv; Index: mozilla/layout/tables/nsTableOuterFrame.cpp =================================================================== --- mozilla.orig/layout/tables/nsTableOuterFrame.cpp 2007-10-09 15:03:32.000000000 +0200 +++ mozilla/layout/tables/nsTableOuterFrame.cpp 2007-10-09 15:15:27.000000000 +0200 @@ -69,20 +69,17 @@ nsTableCaptionFrame::~nsTableCaptionFrame() { } NS_IMETHODIMP nsTableOuterFrame::Destroy(nsPresContext* aPresContext) { - if (mCaptionFrame) { - mCaptionFrame->Destroy(aPresContext); - } - + mCaptionFrames.DestroyFrames(aPresContext); return nsHTMLContainerFrame::Destroy(aPresContext); } nsIAtom* nsTableCaptionFrame::GetType() const { return nsLayoutAtoms::tableCaptionFrame; } @@ -173,17 +170,17 @@ return rv; } nsIFrame* nsTableOuterFrame::GetFirstChild(nsIAtom* aListName) const { if (nsLayoutAtoms::captionList == aListName) { - return mCaptionFrame; + return mCaptionFrames.FirstChild(); } if (!aListName) { return mFrames.FirstChild(); } return nsnull; } nsIAtom* @@ -197,17 +194,18 @@ NS_IMETHODIMP nsTableOuterFrame::SetInitialChildList(nsPresContext* aPresContext, nsIAtom* aListName, nsIFrame* aChildList) { if (nsLayoutAtoms::captionList == aListName) { // the frame constructor already checked for table-caption display type - mCaptionFrame = aChildList; + mCaptionFrames.SetFrames(aChildList); + mCaptionFrame = mCaptionFrames.FirstChild(); } else { NS_ASSERTION(!aListName, "wrong childlist"); NS_ASSERTION(mFrames.IsEmpty(), "Frame leak!"); mFrames.SetFrames(aChildList); mInnerTableFrame = nsnull; if (aChildList) { if (nsLayoutAtoms::tableFrame == aChildList->GetType()) { @@ -220,77 +218,82 @@ } NS_IMETHODIMP nsTableOuterFrame::AppendFrames(nsIAtom* aListName, nsIFrame* aFrameList) { nsresult rv; - // We only have two child frames: the inner table and one caption frame. + // We only have two child frames: the inner table and a caption frame. // The inner frame is provided when we're initialized, and it cannot change if (nsLayoutAtoms::captionList == aListName) { - NS_PRECONDITION(!mCaptionFrame, "already have a caption frame"); - // We only support having a single caption frame - if (mCaptionFrame || (LengthOf(aFrameList) > 1)) { - rv = NS_ERROR_UNEXPECTED; - } else { - // Insert the caption frame into the child list - mCaptionFrame = aFrameList; - - // Reflow the new caption frame. It's already marked dirty, so generate a reflow - // command that tells us to reflow our dirty child frames - rv = GetPresContext()-> - PresShell()->AppendReflowCommand(this, eReflowType_ReflowDirty, + mCaptionFrames.AppendFrames(this, aFrameList); + mCaptionFrame = mCaptionFrames.FirstChild(); + + // Reflow the new caption frame. It's already marked dirty, so generate a reflow + // command that tells us to reflow our dirty child frames + rv = GetPresContext()-> + PresShell()->AppendReflowCommand(this, eReflowType_ReflowDirty, nsnull); - } + } else { NS_PRECONDITION(PR_FALSE, "unexpected child frame type"); rv = NS_ERROR_UNEXPECTED; } return rv; } NS_IMETHODIMP nsTableOuterFrame::InsertFrames(nsIAtom* aListName, nsIFrame* aPrevFrame, nsIFrame* aFrameList) { - NS_PRECONDITION(!aPrevFrame, "invalid previous frame"); - return AppendFrames(aListName, aFrameList); + if (nsLayoutAtoms::captionList == aListName) { + mCaptionFrames.InsertFrames(nsnull, aPrevFrame, aFrameList); + mCaptionFrame = mCaptionFrames.FirstChild(); + + // Reflow the new caption frame. It's already marked dirty, so + // just tell the pres shell. + return GetPresContext()-> + PresShell()->AppendReflowCommand(this, eReflowType_ReflowDirty, + nsnull); + } + else { + NS_PRECONDITION(!aPrevFrame, "invalid previous frame"); + return AppendFrames(aListName, aFrameList); + } } NS_IMETHODIMP nsTableOuterFrame::RemoveFrame(nsIAtom* aListName, nsIFrame* aOldFrame) { // We only have two child frames: the inner table and one caption frame. // The inner frame can't be removed so this should be the caption NS_PRECONDITION(nsLayoutAtoms::captionList == aListName, "can't remove inner frame"); - NS_PRECONDITION(aOldFrame == mCaptionFrame, "invalid caption frame"); PRUint8 captionSide = GetCaptionSide(); // See if the (top/bottom) caption's minimum width impacted the inner table or there // is a left/right caption (that likely impacts the inner table) if ((mMinCaptionWidth == mRect.width) || (NS_SIDE_LEFT == captionSide) || (NS_SIDE_RIGHT == captionSide)) { // The old caption width had an effect on the inner table width so // we're going to need to reflow it. Mark it dirty mInnerTableFrame->AddStateBits(NS_FRAME_IS_DIRTY); } - // Remove the caption frame and destroy it - if (mCaptionFrame && (mCaptionFrame == aOldFrame)) { - mCaptionFrame->Destroy(GetPresContext()); - mCaptionFrame = nsnull; - mMinCaptionWidth = 0; - } + // Remove the frame and destroy it + mCaptionFrames.DestroyFrame(GetPresContext(), aOldFrame); + mCaptionFrame = mCaptionFrames.FirstChild(); + + mMinCaptionWidth = 0; // Generate a reflow command so we get reflowed GetPresContext()->PresShell()->AppendReflowCommand(this, eReflowType_ReflowDirty, nsnull); return NS_OK; } Index: mozilla/layout/tables/nsTableOuterFrame.h =================================================================== --- mozilla.orig/layout/tables/nsTableOuterFrame.h 2007-10-09 15:03:47.000000000 +0200 +++ mozilla/layout/tables/nsTableOuterFrame.h 2007-10-09 15:15:29.000000000 +0200 @@ -398,16 +398,17 @@ nscoord aAvailableWidth, nsMargin& aMargin, nsMargin& aMarginNoAuto, nsMargin& aPadding); private: // used to keep track of this frame's children. They are redundant with mFrames, but more convient nsTableFrame* mInnerTableFrame; + nsFrameList mCaptionFrames; nsIFrame* mCaptionFrame; // used to track caption max element size PRInt32 mMinCaptionWidth; nscoord mPriorAvailWidth; #ifdef DEBUG_TABLE_REFLOW_TIMING public: mozilla-325761.patch: nsScriptSecurityManager.cpp | 2 +- 1 files changed, 1 insertion(+), 1 deletion(-) --- NEW FILE mozilla-325761.patch --- --- caps/src/nsScriptSecurityManager.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) Index: mozilla/caps/src/nsScriptSecurityManager.cpp =================================================================== --- mozilla.orig/caps/src/nsScriptSecurityManager.cpp +++ mozilla/caps/src/nsScriptSecurityManager.cpp @@ -1353,17 +1353,17 @@ { "aim", AllowProtocol }, { "data", AllowProtocol }, { "keyword", DenyProtocol }, { "resource", ChromeProtocol }, { "gopher", AllowProtocol }, { "datetime", DenyProtocol }, { "finger", AllowProtocol }, { "res", DenyProtocol }, - { "x-jsd", ChromeProtocol }, + { "x-jsd", DenyProtocol }, { "wyciwyg", DenyProtocol } }; NS_NAMED_LITERAL_STRING(errorTag, "CheckLoadURIError"); for (unsigned i=0; i < sizeof(protocolList)/sizeof(protocolList[0]); i++) { if (targetScheme.LowerCaseEqualsASCII(protocolList[i].name)) { mozilla-345305_venkmanonly.patch: venkman-records.js | 151 ++++++++++++++++++++++++++++++++++++++++++++--------- venkman-utils.js | 2 venkman-views.js | 40 ++++---------- 3 files changed, 142 insertions(+), 51 deletions(-) --- NEW FILE mozilla-345305_venkmanonly.patch --- --- extensions/venkman/resources/content/venkman-records.js | 151 +++++++++++++--- extensions/venkman/resources/content/venkman-utils.js | 2 extensions/venkman/resources/content/venkman-views.js | 40 +--- 3 files changed, 142 insertions(+), 51 deletions(-) Index: mozilla/extensions/venkman/resources/content/venkman-records.js =================================================================== --- mozilla.orig/extensions/venkman/resources/content/venkman-records.js 2007-10-09 16:36:04.000000000 +0200 +++ mozilla/extensions/venkman/resources/content/venkman-records.js 2007-10-09 16:36:36.000000000 +0200 @@ -560,30 +560,31 @@ ValueRecord.prototype.showConstants = e.toggle; console.prefs["valueRecord.showConstants"] = e.toggle; } if ("isInteractive" in e && e.isInteractive) dispatch("pref valueRecord.showConstants", { isInteractive: true }); } -function ValueRecord (value, name, flags) +function ValueRecord (value, name, flags, jsdFrame) { if (!(value instanceof jsdIValue)) throw new BadMojo (ERR_INVALID_PARAM, "value", String(value)); this.setColumnPropertyName ("col-0", "displayName"); this.setColumnPropertyName ("col-1", "displayType"); this.setColumnPropertyName ("col-2", "displayValue"); this.setColumnPropertyName ("col-3", "displayFlags"); this.displayName = name; this.displayFlags = formatFlags(flags); this.name = name; this.flags = flags; this.value = value; + this.jsdFrame = jsdFrame; this.jsType = null; this.onPreRefresh = false; this.refresh(); delete this.onPreRefresh; } ValueRecord.prototype = new XULTreeViewRecord (null); @@ -595,16 +596,59 @@ if ("parentRecord" in this) return this.__share = this.parentRecord._share; ASSERT (0, "ValueRecord cannot be the root of a visible tree."); return null; } +ValueRecord.prototype.__defineGetter__("expression", vr_getexpressionl); +function vr_getexpressionl() +{ + return this.getExpression(); +} + +ValueRecord.prototype.getExpression = +function vr_getexpression(extra) +{ + var items = [this.displayName]; + + if ("value" in this.parentRecord) + { + var cur = this.parentRecord; + while (cur != console.views["locals"].childData && + cur != console.views["locals"].scopeRecord) + { + if ("isECMAProto" in cur) + items.unshift("__proto__"); + else if ("isECMAParent" in cur) + items.unshift("__parent__"); + else + items.unshift(cur.displayName); + cur = cur.parentRecord; + } + } + + if (typeof extra == "string") + items.push(extra); + + return makeExpression(items); +} + +ValueRecord.prototype.evalString = +function vr_evalstring(string) +{ + //dd("ValueRecord(" + this.displayName + ").evalString(" + string + ")"); + var rval = new Object(); + if (this.jsdFrame.eval(string, JSD_URL_SCHEME + "value-record", 1, rval)) + return rval.value; + return undefined; +} + ValueRecord.prototype.showFunctions = false; ValueRecord.prototype.showECMAProps = false; ValueRecord.prototype.showConstants = false; ValueRecord.prototype.getProperties = function vr_getprops (properties) { if ("valueIsException" in this || this.flags & PROP_EXCEPTION) @@ -645,18 +689,20 @@ var prop = value.getProperty (this.name); if (prop) { this.flags = prop.flags; this.value = prop.value; } else { - var jsval = value.getWrappedValue(); - this.value = console.jsds.wrapValue(jsval[this.name]); + ASSERT(this.jsdFrame, "ValueRecord(" + this.displayName + + ").onPreRefresh: no jsdIStackFrame to safely eval on!"); + + this.value = this.evalString(this.expression); this.flags = PROP_ENUMERATE | PROP_HINTED; } } } ValueRecord.prototype.refresh = function vr_refresh () { @@ -817,51 +863,107 @@ default: ASSERT (0, "invalid value"); } } ValueRecord.prototype.countProperties = function vr_countprops () { - var c = 0; - var jsval = this.value.getWrappedValue(); - try - { - for (var p in jsval) - ++c; - } - catch (ex) - { - dd ("caught exception counting properties\n" + ex); - } - - return c; + ASSERT(this.jsdFrame, "ValueRecord(" + this.displayName + + ").countProperties: no jsdIStackFrame to safely eval on!"); + + // Note: uses an inline function to avoid polluting the frame's scope. + var code = "(function(obj){" + + " var count = 0;" + + " for (var prop in obj)" + + " ++count;" + + " return count;" + + "})(" + this.expression + ")"; + + // rv is undefined if an exception occured. + var rv = this.evalString(code); + if (typeof rv == "undefined") + return 0; + + return rv.intValue; } ValueRecord.prototype.listProperties = function vr_listprops () { + function charEscapeReplace(s, c) + { + return String.fromCharCode(parseInt(c, 16)); + }; + // the ":" prefix for keys in the propMap avoid collisions with "real" // pseudo-properties, such as __proto__. If we were to actually assign // to those we would introduce bad side affects. //dd ("listProperties {"); - var i; - var jsval = this.value.getWrappedValue(); + var i, jsval; var propMap = new Object(); /* get the enumerable properties */ - - for (var p in jsval) + + ASSERT(this.jsdFrame, "ValueRecord(" + this.displayName + + ").listProperties: no jsdIStackFrame to safely eval on!"); + + var propList = new Array(); + + // quote() puts double-quotes at either end of the string, + // backspash-escapes double-quotes in the string, and (quite + // importantly) uses \xXX and \uXXXX escapes for non-ASCII + // characters. + + // Note: uses an inline function to avoid polluting the frame's scope. + var code = "(function(obj){" + + " var string = '';" + + " for (var prop in obj) {" + + " if (string)" + + " string += ',';" + + " string += prop.quote();" + + " }" + + " return string;" + + "})(" + this.expression + ")"; + + // list is undefined if an exception occured. + var list = this.evalString(code); + if (typeof list != "undefined") { + list = list.stringValue; + //dd("ValueRecord(" + this.displayName + + // ").listProperties: list: " + list); + if (list) { + list = ('",' + list + ',"').split('","'); + + for (i = 0; i < list.length; i++) + { + if (!list[i]) + continue; + + var prop = list[i]; + prop = prop.replace(/\\x([0-9a-f]{2})/i, charEscapeReplace); + prop = prop.replace(/\\u([0-9a-f]{4})/i, charEscapeReplace); + prop = prop.replace(/\\(.)/, "$1"); + propList.push(prop); + //dd("ValueRecord(" + this.displayName + + // ").listProperties: prop: " + prop); + } + } + } + + for (i = 0; i < propList.length; i++) { + var p = propList[i]; var value; try { - value = console.jsds.wrapValue(jsval[p]); + value = this.evalString(this.getExpression(p)); + if (this.showFunctions || value.jsType != TYPE_FUNCTION) { propMap[":" + p] = { name: p, value: value, flags: PROP_ENUMERATE | PROP_HINTED }; } else { //dd ("not including function " + name); @@ -987,25 +1089,25 @@ this.propertyList = this.listProperties(); if (this.showECMAProps) { var rec; if (this.value.jsPrototype) { rec = new ValueRecord(this.value.jsPrototype, - MSG_VAL_PROTO); + MSG_VAL_PROTO, "", this.jsdFrame); rec.isECMAProto = true; this.appendChild (rec); } if (this.value.jsParent) { rec = new ValueRecord(this.value.jsParent, - MSG_VAL_PARENT); + MSG_VAL_PARENT, "", this.jsdFrame); rec.isECMAParent = true; this.appendChild (rec); } } if (!this.childData.length && !this.propertyList.length) { rec = new XTLabelRecord ("col-0", MSG_VAL_NONE, @@ -1014,17 +1116,18 @@ return; } for (var i = 0; i < this.propertyList.length; ++i) { var prop = this.propertyList[i]; this.appendChild(new ValueRecord(prop.value, prop.name, - prop.flags)); + prop.flags, + this.jsdFrame)); } } catch (ex) { display (getMsg (MSN_ERR_FAILURE, ex), MT_ERROR); } } Index: mozilla/extensions/venkman/resources/content/venkman-utils.js =================================================================== --- mozilla.orig/extensions/venkman/resources/content/venkman-utils.js 2007-10-09 16:36:04.000000000 +0200 +++ mozilla/extensions/venkman/resources/content/venkman-utils.js 2007-10-09 16:36:39.000000000 +0200 @@ -1004,17 +1004,17 @@ function makeExpression (items) { function escapeItem (item, first) { // Numbers. if (item.match(/^[0-9]+$/i)) return "[" + item + "]"; // Words/other items that don't need quoting. - if (item.match(/^[a-z_][a-z0-9_]+$/i)) + if (item.match(/^[a-z_][a-z0-9_]*$/i)) return (!first ? "." : "") + item; // Quote everything else. return "[" + item.quote() + "]"; }; var expression = escapeItem(items[0], true); for (var i = 1; i < items.length; i++) Index: mozilla/extensions/venkman/resources/content/venkman-views.js =================================================================== --- mozilla.orig/extensions/venkman/resources/content/venkman-views.js 2007-10-09 16:36:04.000000000 +0200 +++ mozilla/extensions/venkman/resources/content/venkman-views.js 2007-10-09 16:36:29.000000000 +0200 @@ -607,17 +607,18 @@ { var tag = jsdFrame.script.tag; if (tag in this.savedStates) state = this.savedStates[tag]; } if (jsdFrame.scope) { - this.scopeRecord = new ValueRecord (jsdFrame.scope, MSG_VAL_SCOPE, ""); + this.scopeRecord = new ValueRecord(jsdFrame.scope, MSG_VAL_SCOPE, "", + jsdFrame); this.scopeRecord.onPreRefresh = null; this.childData.appendChild(this.scopeRecord); if (!state && jsdFrame.scope.propertyCount < console.prefs["localsView.autoOpenMax"]) { this.scopeRecord.open(); } @@ -629,17 +630,17 @@ "locals:col-3"]); this.scopeRecord.property = ValueRecord.prototype.atomObject; this.childData.appendChild(this.scopeRecord); } if (jsdFrame.thisValue) { this.thisRecord = new ValueRecord (jsdFrame.thisValue, MSG_VAL_THIS, - ""); + "", jsdFrame); this.thisRecord.onPreRefresh = null; this.childData.appendChild(this.thisRecord); if (!state && jsdFrame.thisValue.propertyCount < console.prefs["localsView.autoOpenMax"]) { this.scopeRecord.open(); } } @@ -794,40 +795,17 @@ cx.jsdValueList = new Array(); function recordContextGetter (cx, rec, i) { if (i == 0) { cx.jsdValue = rec.value; - var items = new Array(); - items.unshift(rec.displayName); - - if ("value" in rec.parentRecord) - { - cx.parentValue = rec.parentRecord.value; - var cur = rec.parentRecord; - while (cur != locals.childData && - cur != locals.scopeRecord) - { - if ("isECMAProto" in cur) - items.unshift("__proto__"); - else if ("isECMAParent" in cur) - items.unshift("__parent__"); - else - items.unshift(cur.displayName); - cur = cur.parentRecord; - } - } - else - { - cx.parentValue = null; - } - cx.expression = makeExpression(items); + cx.expression = rec.expression; cx.propertyName = rec.displayName; } else { cx.jsdValueList.push(rec.value); } return cx; }; @@ -4299,19 +4277,29 @@ if (!("currentEvalObject" in console)) { display (MSG_ERR_NO_EVAL_OBJECT, MT_ERROR); return null; } refresher = function () { if ("frames" in console) + { + this.jsdFrame = getCurrentFrame(); this.value = evalInTargetScope(e.expression, true); + } else + { + /* This is a security protection; leaving the + * object open allows access to child items when + * we have no frame to safely eval them on. + */ + this.close(); throw MSG_VAL_NA; + } }; } else { refresher = function () { var rv = evalInDebuggerScope(e.expression, true); this.value = console.jsds.wrapValue(rv); }; mozilla-361745.patch: nsSVGImageFrame.cpp | 12 ++++++++---- 1 files changed, 8 insertions(+), 4 deletions(-) --- NEW FILE mozilla-361745.patch --- --- layout/svg/base/src/nsSVGImageFrame.cpp | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) Index: mozilla/layout/svg/base/src/nsSVGImageFrame.cpp =================================================================== --- mozilla.orig/layout/svg/base/src/nsSVGImageFrame.cpp 2007-10-09 17:42:44.000000000 +0200 +++ mozilla/layout/svg/base/src/nsSVGImageFrame.cpp 2007-10-09 17:43:02.000000000 +0200 @@ -285,17 +285,17 @@ mX->GetValue(&x); mY->GetValue(&y); mWidth->GetValue(&width); mHeight->GetValue(&height); /* In a perfect world, this would be handled by the DOM, and return a DOM exception. */ - if (width == 0 || height == 0) + if (width <= 0 || height <= 0) return NS_OK; pathBuilder->Moveto(x, y); pathBuilder->Lineto(x+width, y); pathBuilder->Lineto(x+width, y+height); pathBuilder->Lineto(x, y+height); pathBuilder->ClosePath(&x, &y); @@ -305,16 +305,22 @@ //---------------------------------------------------------------------- // nsISVGChildFrame methods: NS_IMETHODIMP nsSVGImageFrame::PaintSVG(nsISVGRendererCanvas* canvas, const nsRect& dirtyRectTwips) { if (!GetStyleVisibility()->IsVisible()) return NS_OK; + float width, height; + mWidth->GetValue(&width); + mHeight->GetValue(&height); + if (width <= 0 || height <= 0) + return NS_OK; + if (mSurfaceInvalid) { nsCOMPtr currentRequest; nsCOMPtr imageLoader = do_QueryInterface(mContent); if (imageLoader) imageLoader->GetRequest(nsIImageLoadingContent::CURRENT_REQUEST, getter_AddRefs(currentRequest)); nsCOMPtr currentContainer; @@ -348,21 +354,19 @@ clip->ClipPaint(canvas, this, matrix); } } if (mSurface) { nsCOMPtr ctm; GetCanvasTM(getter_AddRefs(ctm)); - float x, y, width, height; + float x, y; mX->GetValue(&x); mY->GetValue(&y); - mWidth->GetValue(&width); - mHeight->GetValue(&height); if (GetStyleDisplay()->IsScrollableOverflow()) canvas->SetClipRect(ctm, x, y, width, height); PRUint32 nativeWidth, nativeHeight; mSurface->GetWidth(&nativeWidth); mSurface->GetHeight(&nativeHeight); mozilla-362901.patch: base/nsCSSFrameConstructor.cpp | 122 ++++++++++++++++++++++++++--------------- base/nsCSSFrameConstructor.h | 4 + base/nsStyleChangeList.cpp | 2 generic/nsBlockFrame.cpp | 32 +++++++--- generic/nsBlockFrame.h | 2 generic/nsContainerFrame.cpp | 18 +++--- generic/nsTextFrame.cpp | 4 + 7 files changed, 122 insertions(+), 62 deletions(-) --- NEW FILE mozilla-362901.patch --- --- layout/base/nsCSSFrameConstructor.cpp | 122 +++++++++++++++++++++------------- layout/base/nsCSSFrameConstructor.h | 4 + layout/base/nsStyleChangeList.cpp | 2 layout/generic/nsBlockFrame.cpp | 32 +++++--- layout/generic/nsBlockFrame.h | 2 layout/generic/nsContainerFrame.cpp | 18 +++-- layout/generic/nsTextFrame.cpp | 4 + 7 files changed, 122 insertions(+), 62 deletions(-) Index: mozilla/layout/base/nsCSSFrameConstructor.cpp =================================================================== --- mozilla.orig/layout/base/nsCSSFrameConstructor.cpp 2007-10-09 12:53:36.000000000 +0200 +++ mozilla/layout/base/nsCSSFrameConstructor.cpp 2007-10-09 13:00:22.000000000 +0200 @@ -8855,21 +8855,20 @@ nsFrameConstructorState state(mPresShell, mFixedContainingBlock, GetAbsoluteContainingBlock(parentFrame), GetFloatContainingBlock(parentFrame)); // See if the containing block has :first-letter style applied. PRBool haveFirstLetterStyle = PR_FALSE, haveFirstLineStyle = PR_FALSE; nsIFrame* containingBlock = state.mFloatedItems.containingBlock; if (containingBlock) { - nsIContent* blockContent = containingBlock->GetContent(); - nsStyleContext* blockSC = containingBlock->GetStyleContext(); - HaveSpecialBlockStyle(blockContent, blockSC, - &haveFirstLetterStyle, - &haveFirstLineStyle); + haveFirstLetterStyle = HaveFirstLetterStyle(containingBlock); + haveFirstLineStyle = + HaveFirstLineStyle(containingBlock->GetContent(), + containingBlock->GetStyleContext()); } if (haveFirstLetterStyle) { // Before we get going, remove the current letter frames RemoveLetterFrames(state.mPresContext, state.mPresShell, state.mFrameManager, containingBlock); } @@ -9507,21 +9506,20 @@ // place. If its a certain kind of container then some special // processing is done. if ((NS_STYLE_DISPLAY_BLOCK == parentDisplay->mDisplay) || (NS_STYLE_DISPLAY_LIST_ITEM == parentDisplay->mDisplay) || (NS_STYLE_DISPLAY_INLINE == parentDisplay->mDisplay) || (NS_STYLE_DISPLAY_INLINE_BLOCK == parentDisplay->mDisplay)) { // Recover the special style flags for the containing block if (containingBlock) { - blockSC = containingBlock->GetStyleContext(); - blockContent = containingBlock->GetContent(); - HaveSpecialBlockStyle(blockContent, blockSC, - &haveFirstLetterStyle, - &haveFirstLineStyle); + haveFirstLetterStyle = HaveFirstLetterStyle(containingBlock); + haveFirstLineStyle = + HaveFirstLineStyle(containingBlock->GetContent(), + containingBlock->GetStyleContext()); } if (haveFirstLetterStyle) { // Get the correct parentFrame and prevSibling - if a // letter-frame is present, use its parent. if (parentFrame->GetType() == nsLayoutAtoms::letterFrame) { parentFrame = parentFrame->GetParent(); container = parentFrame->GetContent(); @@ -10011,20 +10009,17 @@ if (parentFrame->GetType() == nsLayoutAtoms::frameSetFrame) { // Just reframe the parent, since framesets are weird like that. return RecreateFramesForContent(parentFrame->GetContent()); } // Examine the containing-block for the removed content and see if // :first-letter style applies. nsIFrame* containingBlock = GetFloatContainingBlock(parentFrame); - PRBool haveFLS = containingBlock ? - HaveFirstLetterStyle(containingBlock->GetContent(), - containingBlock->GetStyleContext()) : - PR_FALSE; + PRBool haveFLS = containingBlock && HaveFirstLetterStyle(containingBlock); if (haveFLS) { // Trap out to special routine that handles adjusting a blocks // frame tree when first-letter style is present. #ifdef NOISY_FIRST_LETTER printf("ContentRemoved: containingBlock="); nsFrame::ListTag(stdout, containingBlock); printf(" parentFrame="); nsFrame::ListTag(stdout, parentFrame); @@ -10428,52 +10423,55 @@ if (nsnull != frame) { #if 0 NS_FRAME_LOG(NS_FRAME_TRACE_CALLS, ("nsCSSFrameConstructor::CharacterDataChanged: content=%p[%s] subcontent=%p frame=%p", aContent, ContentTag(aContent, 0), aSubContent, frame)); #endif - // Special check for text content that is a child of a letter - // frame. There are two interesting cases that we have to handle - // carefully: text content that is going empty (which means we - // should select a new text node as the first-letter text) or text - // content that empty but is no longer empty (it might be the - // first-letter text but isn't currently). - // - // To deal with both of these we make a simple change: map a - // CharacterDataChanged into a ReinsertContent when we are changing text - // that is part of a first-letter situation. - PRBool doCharacterDataChanged = PR_TRUE; + // Special check for text content that is a child of a letter frame. If + // this happens, we should remove the letter frame, do whatever we're + // planning to do with this notification, then put the letter frame back. + // Note that this is basically what ReinsertContent ends up doing; the + // reason we dont' want to call that here is that our text content could be + // native anonymous, in which case ReinsertContent would completely barf on + // it. And reinserting the non-anonymous ancestor would just lead us to + // come back into this notification (e.g. if quotes or counters are + // involved), leading to a loop. + PRBool haveFirstLetterStyle = PR_FALSE; + nsIFrame* block = nsnull; nsCOMPtr textContent(do_QueryInterface(aContent)); if (textContent) { // Ok, it's text content. Now do some real work... - nsIFrame* block = GetFloatContainingBlock(frame); + block = GetFloatContainingBlock(frame); if (block) { // See if the block has first-letter style applied to it. - nsIContent* blockContent = block->GetContent(); - nsStyleContext* blockSC = block->GetStyleContext(); - PRBool haveFirstLetterStyle = - HaveFirstLetterStyle(blockContent, blockSC); + haveFirstLetterStyle = HaveFirstLetterStyle(block); if (haveFirstLetterStyle) { - // The block has first-letter style. Use content-replaced to - // repair the blocks frame structure properly. - nsCOMPtr container = aContent->GetParent(); - if (container) { - doCharacterDataChanged = PR_FALSE; - rv = ReinsertContent(container, aContent); - } + RemoveLetterFrames(mPresShell->GetPresContext(), mPresShell, + mPresShell->FrameManager(), block); + // Reget |frame|, since we might have killed it. Do we + // really need to call CharacterDataChanged in this case, + // though? + mPresShell->GetPrimaryFrameFor(aContent, &frame); + NS_ASSERTION(frame, "Should have frame here!"); } } } - if (doCharacterDataChanged) { - frame->CharacterDataChanged(mPresShell->GetPresContext(), aContent, - aAppend); + frame->CharacterDataChanged(mPresShell->GetPresContext(), aContent, + aAppend); + + if (haveFirstLetterStyle) { + // Note that if we got here |block| is not null + nsFrameConstructorState state(mPresShell, mFixedContainingBlock, + GetAbsoluteContainingBlock(frame), + block, nsnull); + RecoverLetterFrames(state, block); } } return rv; } #ifdef ACCESSIBILITY nsIAtom* @@ -12184,16 +12182,32 @@ nsStyleContext* aStyleContext) { return nsLayoutUtils::HasPseudoStyle(aContent, aStyleContext, nsCSSPseudoElements::firstLetter, mPresShell->GetPresContext()); } PRBool +nsCSSFrameConstructor::HaveFirstLetterStyle(nsIFrame* aBlockFrame) +{ + NS_PRECONDITION(aBlockFrame, "Need a frame"); + +#ifdef DEBUG + nsBlockFrame* block; + NS_ASSERTION(NS_SUCCEEDED(aBlockFrame->QueryInterface(kBlockFrameCID, + (void**)&block)) && + block, + "Not a block frame?"); +#endif + + return (aBlockFrame->GetStateBits() & NS_BLOCK_HAS_FIRST_LETTER_STYLE) != 0; +} + +PRBool nsCSSFrameConstructor::HaveFirstLineStyle(nsIContent* aContent, nsStyleContext* aStyleContext) { return nsLayoutUtils::HasPseudoStyle(aContent, aStyleContext, nsCSSPseudoElements::firstLine, mPresShell->GetPresContext()); } @@ -12694,17 +12708,24 @@ nsFrameItems& aResult) { // Create the first-letter-frame nsresult rv; nsIFrame* letterFrame; nsStyleSet *styleSet = mPresShell->StyleSet(); NS_NewFirstLetterFrame(mPresShell, &letterFrame); - InitAndRestoreFrame(aState, aTextContent, aParentFrame, aStyleContext, + // We don't want to use a text content for a non-text frame (because we want + // its primary frame to be a text frame). So use its parent for the + // first-letter. + nsIContent* letterContent = aTextContent->GetParent(); + NS_ASSERTION(letterContent->GetBindingParent() != letterContent, + "Reframes of this letter frame will mess with the root of a " + "native anonymous content subtree!"); + InitAndRestoreFrame(aState, letterContent, aParentFrame, aStyleContext, nsnull, letterFrame); // Init the text frame to refer to the letter frame. Make sure we // get a proper style context for it (the one passed in is for the // letter frame and will have the float property set on it; the text // frame shouldn't have that set). nsRefPtr textSC; textSC = styleSet->ResolveStyleForNonElement(aStyleContext); @@ -12713,17 +12734,17 @@ // And then give the text frame to the letter frame letterFrame->SetInitialChildList(aState.mPresContext, nsnull, aTextFrame); // Now make the placeholder nsIFrame* placeholderFrame; CreatePlaceholderFrameFor(mPresShell, aState.mPresContext, aState.mFrameManager, - aTextContent, letterFrame, + letterContent, letterFrame, aStyleContext, aParentFrame, &placeholderFrame); // See if we will need to continue the text frame (does it contain // more than just the first-letter text or not?) If it does, then we // create (in advance) a continuation frame for it. nsIFrame* nextTextFrame = nsnull; if (NeedFirstLetterContinuation(aTextContent)) { @@ -12790,18 +12811,24 @@ blockContent, aParentFrame, sc, aResult); } else { // Make an inflow first-letter frame nsIFrame* letterFrame; nsresult rv = NS_NewFirstLetterFrame(mPresShell, &letterFrame); if (NS_SUCCEEDED(rv)) { - // Initialize the first-letter-frame. - letterFrame->Init(aState.mPresContext, aTextContent, aParentFrame, + // Initialize the first-letter-frame. We don't want to use a text + // content for a non-text frame (because we want its primary frame to + // be a text frame). So use its parent for the first-letter. + nsIContent* letterContent = aTextContent->GetParent(); + NS_ASSERTION(letterContent->GetBindingParent() != letterContent, + "Reframes of this letter frame will mess with the root " + "of a native anonymous content subtree!"); + letterFrame->Init(aState.mPresContext, letterContent, aParentFrame, sc, nsnull); nsRefPtr textSC; textSC = mPresShell->StyleSet()->ResolveStyleForNonElement(sc); InitAndRestoreFrame(aState, aTextContent, letterFrame, textSC, nsnull, textFrame); letterFrame->SetInitialChildList(aState.mPresContext, nsnull, @@ -12819,16 +12846,18 @@ nsCSSFrameConstructor::WrapFramesInFirstLetterFrame( nsFrameConstructorState& aState, nsIContent* aBlockContent, nsIFrame* aBlockFrame, nsFrameItems& aBlockFrames) { nsresult rv = NS_OK; + aBlockFrame->AddStateBits(NS_BLOCK_HAS_FIRST_LETTER_STYLE); + nsIFrame* parentFrame = nsnull; nsIFrame* textFrame = nsnull; nsIFrame* prevFrame = nsnull; nsFrameItems letterFrames; PRBool stopLooking = PR_FALSE; rv = WrapFramesInFirstLetterFrame(aState, aBlockFrame, aBlockFrames.childList, &parentFrame, &textFrame, &prevFrame, @@ -13139,16 +13168,18 @@ // Fixup the letter frame situation for the given block nsresult nsCSSFrameConstructor::RecoverLetterFrames(nsFrameConstructorState& aState, nsIFrame* aBlockFrame) { nsresult rv = NS_OK; + aBlockFrame->AddStateBits(NS_BLOCK_HAS_FIRST_LETTER_STYLE); + nsIFrame* blockKids = aBlockFrame->GetFirstChild(nsnull); nsIFrame* parentFrame = nsnull; nsIFrame* textFrame = nsnull; nsIFrame* prevFrame = nsnull; nsFrameItems letterFrames; PRBool stopLooking = PR_FALSE; rv = WrapFramesInFirstLetterFrame(aState, aBlockFrame, blockKids, &parentFrame, &textFrame, &prevFrame, @@ -14246,16 +14277,19 @@ nsCSSFrameConstructor::PostRestyleEvent(nsIContent* aContent, nsReStyleHint aRestyleHint, nsChangeHint aMinChangeHint) { if (aRestyleHint == 0 && !aMinChangeHint) { // Nothing to do here return; } + + NS_ASSERTION(aContent->IsContentOfType(nsIContent::eELEMENT), + "Shouldn't be trying to restyle non-elements directly"); RestyleData existingData; existingData.mRestyleHint = nsReStyleHint(0); existingData.mChangeHint = NS_STYLE_HINT_NONE; mPendingRestyles.Get(aContent, &existingData); existingData.mRestyleHint = nsReStyleHint(existingData.mRestyleHint | aRestyleHint); Index: mozilla/layout/base/nsCSSFrameConstructor.h =================================================================== --- mozilla.orig/layout/base/nsCSSFrameConstructor.h 2007-10-09 12:49:22.000000000 +0200 +++ mozilla/layout/base/nsCSSFrameConstructor.h 2007-10-09 13:00:22.000000000 +0200 @@ -736,16 +736,20 @@ already_AddRefed GetFirstLineStyle(nsIContent* aContent, nsStyleContext* aStyleContext); PRBool HaveFirstLetterStyle(nsIContent* aContent, nsStyleContext* aStyleContext); + // Check whether a given block has first-letter style. Make sure to + // only pass in blocks! And don't pass in null either. + PRBool HaveFirstLetterStyle(nsIFrame* aBlockFrame); + PRBool HaveFirstLineStyle(nsIContent* aContent, nsStyleContext* aStyleContext); void HaveSpecialBlockStyle(nsIContent* aContent, nsStyleContext* aStyleContext, PRBool* aHaveFirstLetterStyle, PRBool* aHaveFirstLineStyle); Index: mozilla/layout/base/nsStyleChangeList.cpp =================================================================== --- mozilla.orig/layout/base/nsStyleChangeList.cpp 2007-10-09 12:49:22.000000000 +0200 +++ mozilla/layout/base/nsStyleChangeList.cpp 2007-10-09 13:00:22.000000000 +0200 @@ -84,16 +84,18 @@ nsresult nsStyleChangeList::AppendChange(nsIFrame* aFrame, nsIContent* aContent, nsChangeHint aHint) { NS_ASSERTION(aFrame || (aHint & nsChangeHint_ReconstructFrame), "must have frame"); NS_ASSERTION(aContent || !(aHint & nsChangeHint_ReconstructFrame), "must have content"); + NS_ASSERTION(!aContent || aContent->IsContentOfType(nsIContent::eELEMENT), + "Shouldn't be trying to restyle non-elements directly"); if ((0 < mCount) && (aHint & nsChangeHint_ReconstructFrame)) { // filter out all other changes for same content if (aContent) { PRInt32 index = mCount; while (0 < index--) { if (aContent == mArray[index].mContent) { // remove this change mCount--; if (index < mCount) { // move later changes down Index: mozilla/layout/generic/nsBlockFrame.cpp =================================================================== --- mozilla.orig/layout/generic/nsBlockFrame.cpp 2007-10-09 12:49:22.000000000 +0200 +++ mozilla/layout/generic/nsBlockFrame.cpp 2007-10-09 13:00:22.000000000 +0200 @@ -76,16 +76,17 @@ #include "nsAutoPtr.h" #include "nsIServiceManager.h" #include "nsIScrollableFrame.h" #ifdef ACCESSIBILITY #include "nsIAccessibilityService.h" #endif #include "nsLayoutUtils.h" #include "nsBoxLayoutState.h" +#include "nsCSSAnonBoxes.h" #ifdef IBMBIDI #include "nsBidiPresUtils.h" #endif // IBMBIDI #include "nsIDOMHTMLBodyElement.h" #include "nsIDOMHTMLHtmlElement.h" @@ -7237,28 +7238,37 @@ if (mAbsoluteContainer.GetChildListName() == aListName) { mAbsoluteContainer.SetInitialChildList(this, aPresContext, aListName, aChildList); } else if (nsLayoutAtoms::floatList == aListName) { mFloats.SetFrames(aChildList); } else { - // Lookup up the two pseudo style contexts - if (nsnull == mPrevInFlow) { - nsRefPtr firstLetterStyle = GetFirstLetterStyle(aPresContext); - if (nsnull != firstLetterStyle) { - mState |= NS_BLOCK_HAS_FIRST_LETTER_STYLE; -#ifdef NOISY_FIRST_LETTER - ListTag(stdout); - printf(": first-letter style found\n"); +#ifdef DEBUG + // The only times a block that is an anonymous box is allowed to have a + // first-letter frame are when it's the block inside a non-anonymous cell, + // the block inside a fieldset, a scrolled content block, or a column + // content block. Also, a block that has a previous continuation can't + // have a first letter frame. + nsIAtom *pseudo = GetStyleContext()->GetPseudoType(); + PRBool haveFirstLetterStyle = + !mPrevInFlow && + (!pseudo || + (pseudo == nsCSSAnonBoxes::cellContent && + mParent->GetStyleContext()->GetPseudoType() == nsnull) || + pseudo == nsCSSAnonBoxes::fieldsetContent || + pseudo == nsCSSAnonBoxes::scrolledContent || + pseudo == nsCSSAnonBoxes::columnContent) && + nsRefPtr(GetFirstLetterStyle(aPresContext)) != nsnull; + NS_ASSERTION(haveFirstLetterStyle == + ((mState & NS_BLOCK_HAS_FIRST_LETTER_STYLE) != 0), + "NS_BLOCK_HAS_FIRST_LETTER_STYLE state out of sync"); #endif - } - } - + rv = AddFrames(aChildList, nsnull); if (NS_FAILED(rv)) { return rv; } // Create list bullet if this is a list-item. Note that this is done // here so that RenumberLists will work (it needs the bullets to // store the bullet numbers). Index: mozilla/layout/generic/nsBlockFrame.h =================================================================== --- mozilla.orig/layout/generic/nsBlockFrame.h 2007-10-09 12:49:22.000000000 +0200 +++ mozilla/layout/generic/nsBlockFrame.h 2007-10-09 13:00:22.000000000 +0200 @@ -291,22 +291,24 @@ PRBool HandleOverflowPlaceholdersOnPulledLine( nsBlockReflowState& aState, nsLineBox* aLine); protected: nsBlockFrame(); virtual ~nsBlockFrame(); +#ifdef DEBUG already_AddRefed GetFirstLetterStyle(nsPresContext* aPresContext) { return aPresContext->StyleSet()-> ProbePseudoStyleFor(mContent, nsCSSPseudoElements::firstLetter, mStyleContext); } +#endif /* * Overides member function of nsHTMLContainerFrame. Needed to handle the * lines in a nsBlockFrame properly. */ virtual void PaintTextDecorationLines(nsIRenderingContext& aRenderingContext, nscolor aColor, nscoord aOffset, Index: mozilla/layout/generic/nsContainerFrame.cpp =================================================================== --- mozilla.orig/layout/generic/nsContainerFrame.cpp 2007-10-09 12:49:22.000000000 +0200 +++ mozilla/layout/generic/nsContainerFrame.cpp 2007-10-09 13:00:22.000000000 +0200 @@ -143,23 +143,27 @@ nsContainerFrame::Destroy(nsPresContext* aPresContext) { // Prevent event dispatch during destruction if (HasView()) { GetView()->SetClientData(nsnull); } if (mState & NS_FRAME_GENERATED_CONTENT) { - // Make sure all the content nodes for the generated content inside - // this frame know it's going away. - // XXXbz would this be better done via a global structure in - // nsCSSFrameConstructor that could key off of - // GeneratedContentFrameRemoved or something? The problem is that - // our kids are gone by the time that's called. - ::CleanupGeneratedContentIn(mContent, this); + nsIAtom* type = GetType(); + if (type == nsLayoutAtoms::inlineFrame || + type== nsLayoutAtoms::blockFrame) { + // Make sure all the content nodes for the generated content inside + // this frame know it's going away. + // XXXbz would this be better done via a global structure in + // nsCSSFrameConstructor that could key off of + // GeneratedContentFrameRemoved or something? The problem is that + // our kids are gone by the time that's called. + ::CleanupGeneratedContentIn(mContent, this); + } } // Delete the primary child list mFrames.DestroyFrames(aPresContext); // Destroy overflow frames now nsFrameList overflowFrames(GetOverflowFrames(aPresContext, PR_TRUE)); overflowFrames.DestroyFrames(aPresContext); Index: mozilla/layout/generic/nsTextFrame.cpp =================================================================== --- mozilla.orig/layout/generic/nsTextFrame.cpp 2007-10-09 12:49:22.000000000 +0200 +++ mozilla/layout/generic/nsTextFrame.cpp 2007-10-09 13:00:22.000000000 +0200 @@ -948,16 +948,19 @@ NS_IMETHODIMP nsContinuingTextFrame::Init(nsPresContext* aPresContext, nsIContent* aContent, nsIFrame* aParent, nsStyleContext* aContext, nsIFrame* aPrevInFlow) { + NS_PRECONDITION(aContent->IsContentOfType(nsIContent::eTEXT), + "Bogus content!"); + nsresult rv; rv = nsTextFrame::Init(aPresContext, aContent, aParent, aContext, aPrevInFlow); if (aPrevInFlow) { // Hook the frame into the flow mPrevInFlow = aPrevInFlow; aPrevInFlow->SetNextInFlow(this); @@ -6561,16 +6564,17 @@ fprintf(out, " {%d,%d,%d,%d}", mRect.x, mRect.y, mRect.width, mRect.height); if (0 != mState) { if (mState & NS_FRAME_SELECTED_CONTENT) { fprintf(out, " [state=%08x] SELECTED", mState); } else { fprintf(out, " [state=%08x]", mState); } } + fprintf(out, " [content=%p]", NS_STATIC_CAST(void*, mContent)); fprintf(out, " sc=%p", NS_STATIC_CAST(void*, mStyleContext)); nsIAtom* pseudoTag = mStyleContext->GetPseudoType(); if (pseudoTag) { nsAutoString atomString; pseudoTag->ToString(atomString); fprintf(out, " pst=%s", NS_LossyConvertUCS2toASCII(atomString).get()); } mozilla-372309.patch: jsarray.c | 13 +++++++++---- 1 files changed, 9 insertions(+), 4 deletions(-) --- NEW FILE mozilla-372309.patch --- --- js/src/jsarray.c | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) Index: mozilla/js/src/jsarray.c =================================================================== --- mozilla.orig/js/src/jsarray.c 2007-10-09 18:05:26.000000000 +0200 +++ mozilla/js/src/jsarray.c 2007-10-09 18:05:46.000000000 +0200 @@ -1891,19 +1891,24 @@ if (!proto || !InitArrayObject(cx, proto, 0, NULL)) return NULL; return proto; } JSObject * js_NewArrayObject(JSContext *cx, jsuint length, jsval *vector) { + JSTempValueRooter tvr; JSObject *obj; obj = js_NewObject(cx, &js_ArrayClass, NULL, NULL); if (!obj) return NULL; - if (!InitArrayObject(cx, obj, length, vector)) { - cx->weakRoots.newborn[GCX_OBJECT] = NULL; - return NULL; - } + + JS_PUSH_TEMP_ROOT_OBJECT(cx, obj, &tvr); + if (!InitArrayObject(cx, obj, length, vector)) + obj = NULL; + JS_POP_TEMP_ROOT(cx, &tvr); + + /* Set/clear newborn root, in case we lost it. */ + cx->weakRoots.newborn[GCX_OBJECT] = (JSGCThing *) obj; return obj; } mozilla-378787.patch: nsHttpDigestAuth.cpp | 82 ++++++++++++++++++++++++++++++++++++++++++--------- nsHttpDigestAuth.h | 4 ++ 2 files changed, 73 insertions(+), 13 deletions(-) --- NEW FILE mozilla-378787.patch --- --- netwerk/protocol/http/src/nsHttpDigestAuth.cpp | 82 +++++++++++++++++++++---- netwerk/protocol/http/src/nsHttpDigestAuth.h | 4 + 2 files changed, 73 insertions(+), 13 deletions(-) Index: mozilla/netwerk/protocol/http/src/nsHttpDigestAuth.cpp =================================================================== --- mozilla.orig/netwerk/protocol/http/src/nsHttpDigestAuth.cpp 2007-10-09 18:13:40.000000000 +0200 +++ mozilla/netwerk/protocol/http/src/nsHttpDigestAuth.cpp 2007-10-09 18:13:54.000000000 +0200 @@ -337,57 +337,78 @@ rv = CalculateHA2(httpMethod, path, qop, upload_data_digest, ha2_digest); if (NS_FAILED(rv)) return rv; rv = CalculateResponse(ha1_digest, ha2_digest, nonce, qop, nonce_count, cnonce, response_digest); if (NS_FAILED(rv)) return rv; + // + // Values that need to match the quoted-string production from RFC 2616: + // + // username + // realm + // nonce + // opaque + // cnonce + // + nsCAutoString authString; - authString.AssignLiteral("Digest username=\""); - authString += cUser; - authString.AppendLiteral("\", realm=\""); - authString += realm; - authString.AppendLiteral("\", nonce=\""); - authString += nonce; - authString.AppendLiteral("\", uri=\""); + + authString.AssignLiteral("Digest username="); + rv = AppendQuotedString(cUser, authString); + NS_ENSURE_SUCCESS(rv, rv); + + authString.AppendLiteral(", realm="); + rv = AppendQuotedString(realm, authString); + NS_ENSURE_SUCCESS(rv, rv); + + authString.AppendLiteral(", nonce="); + rv = AppendQuotedString(nonce, authString); + NS_ENSURE_SUCCESS(rv, rv); + + authString.AppendLiteral(", uri=\""); authString += path; if (algorithm & ALGO_SPECIFIED) { authString.AppendLiteral("\", algorithm="); if (algorithm & ALGO_MD5_SESS) authString.AppendLiteral("MD5-sess"); else authString.AppendLiteral("MD5"); } else { authString += '\"'; } authString.AppendLiteral(", response=\""); authString += response_digest; + authString += '\"'; if (!opaque.IsEmpty()) { - authString.AppendLiteral("\", opaque=\""); - authString += opaque; + authString.AppendLiteral(", opaque="); + rv = AppendQuotedString(opaque, authString); + NS_ENSURE_SUCCESS(rv, rv); } if (qop) { - authString.AppendLiteral("\", qop="); + authString.AppendLiteral(", qop="); if (requireExtraQuotes) authString += '\"'; authString.AppendLiteral("auth"); if (qop & QOP_AUTH_INT) authString.AppendLiteral("-int"); if (requireExtraQuotes) authString += '\"'; authString.AppendLiteral(", nc="); authString += nonce_count; - authString.AppendLiteral(", cnonce=\""); - authString += cnonce; + + authString.AppendLiteral(", cnonce="); + rv = AppendQuotedString(cnonce, authString); + NS_ENSURE_SUCCESS(rv, rv); } - authString += '\"'; + *creds = ToNewCString(authString); return NS_OK; } NS_IMETHODIMP nsHttpDigestAuth::GetAuthFlags(PRUint32 *flags) { @@ -668,9 +689,44 @@ nsCRT::strncasecmp(challenge+algostart, "auth-int", 8) == 0) *qop |= QOP_AUTH_INT; } } } return NS_OK; } +nsresult +nsHttpDigestAuth::AppendQuotedString(const nsACString & value, + nsACString & aHeaderLine) +{ + nsCAutoString quoted; + nsACString::const_iterator s, e; + value.BeginReading(s); + value.EndReading(e); + + // + // Encode string according to RFC 2616 quoted-string production + // + quoted.Append('"'); + for ( ; s != e; ++s) { + // + // CTL = + // + if (*s <= 31 || *s == 127) { + return NS_ERROR_FAILURE; + } + + // Escape two syntactically significant characters + if (*s == '"' || *s == '\\') { + quoted.Append('\\'); + } + + quoted.Append(*s); + } + // FIXME: bug 41489 + // We should RFC2047-encode non-Latin-1 values according to spec + quoted.Append('"'); + aHeaderLine.Append(quoted); + return NS_OK; +} + // vim: ts=2 sw=2 Index: mozilla/netwerk/protocol/http/src/nsHttpDigestAuth.h =================================================================== --- mozilla.orig/netwerk/protocol/http/src/nsHttpDigestAuth.h 2007-10-09 18:13:40.000000000 +0200 +++ mozilla/netwerk/protocol/http/src/nsHttpDigestAuth.h 2007-10-09 18:13:58.000000000 +0200 @@ -104,15 +104,19 @@ PRUint16 * algorithm, PRUint16 * qop); // result is in mHashBuf nsresult MD5Hash(const char *buf, PRUint32 len); nsresult GetMethodAndPath(nsIHttpChannel *, PRBool, nsCString &, nsCString &); + // append the quoted version of value to aHeaderLine + nsresult AppendQuotedString(const nsACString & value, + nsACString & aHeaderLine); + protected: nsCOMPtr mVerifier; char mHashBuf[DIGEST_LENGTH]; PRBool mGotVerifier; }; #endif // nsHttpDigestAuth_h__ mozilla-384105.patch: nsMenuFrame.cpp | 53 +++++++++++++++++++++++++++++++++++++++++++++++++---- 1 files changed, 49 insertions(+), 4 deletions(-) --- NEW FILE mozilla-384105.patch --- --- layout/xul/base/src/nsMenuFrame.cpp | 53 +++++++++++++++++++++++++++++++++--- 1 file changed, 49 insertions(+), 4 deletions(-) Index: mozilla/layout/xul/base/src/nsMenuFrame.cpp =================================================================== --- mozilla.orig/layout/xul/base/src/nsMenuFrame.cpp 2007-10-09 18:25:33.000000000 +0200 +++ mozilla/layout/xul/base/src/nsMenuFrame.cpp 2007-10-09 18:25:54.000000000 +0200 @@ -694,27 +694,72 @@ if (genVal.IsEmpty()) { child->SetAttr(kNameSpaceID_None, nsXULAtoms::menugenerated, NS_LITERAL_STRING("true"), PR_TRUE); } } return NS_OK; } +struct nsASyncUngenerate : public PLEvent +{ + nsASyncUngenerate(nsIContent* aContent) + : mContent(aContent) + { + } + + void HandleEvent() { + nsAutoString genVal; + mContent->GetAttr(kNameSpaceID_None, nsXULAtoms::menugenerated, genVal); + if (!genVal.IsEmpty()) { + mContent->UnsetAttr(kNameSpaceID_None, nsXULAtoms::menugenerated, + PR_TRUE); + } + } + + nsCOMPtr mContent; +}; + +static void* PR_CALLBACK HandleASyncUngenerate(PLEvent* aEvent) +{ + NS_STATIC_CAST(nsASyncUngenerate*, aEvent)->HandleEvent(); + return nsnull; +} + +static void PR_CALLBACK DestroyASyncUngenerate(PLEvent* aEvent) +{ + delete NS_STATIC_CAST(nsASyncUngenerate*, aEvent); +} + NS_IMETHODIMP nsMenuFrame::UngenerateMenu() { nsCOMPtr child; GetMenuChildrenElement(getter_AddRefs(child)); if (child) { - nsAutoString genVal; - child->GetAttr(kNameSpaceID_None, nsXULAtoms::menugenerated, genVal); - if (!genVal.IsEmpty()) - child->UnsetAttr(kNameSpaceID_None, nsXULAtoms::menugenerated, PR_TRUE); + nsCOMPtr eventService = + do_GetService(kEventQueueServiceCID); + if (eventService) { + nsCOMPtr eventQueue; + eventService->GetThreadEventQueue(PR_GetCurrentThread(), + getter_AddRefs(eventQueue)); + if (eventQueue) { + nsASyncUngenerate* ungenerate = + new nsASyncUngenerate(child); + if (ungenerate) { + PL_InitEvent(ungenerate, nsnull, + ::HandleASyncUngenerate, + ::DestroyASyncUngenerate); + if (NS_FAILED(eventQueue->PostEvent(ungenerate))) { + PL_DestroyEvent(ungenerate); + } + } + } + } } return NS_OK; } NS_IMETHODIMP nsMenuFrame::ActivateMenu(PRBool aActivateFlag) { mozilla-386914.patch: nsXULDocument.cpp | 33 +++++++++++++++++++-------------- 1 files changed, 19 insertions(+), 14 deletions(-) --- NEW FILE mozilla-386914.patch --- --- content/xul/document/src/nsXULDocument.cpp | 33 ++++++++++++++++------------- 1 file changed, 19 insertions(+), 14 deletions(-) Index: mozilla/content/xul/document/src/nsXULDocument.cpp =================================================================== --- mozilla.orig/content/xul/document/src/nsXULDocument.cpp 2007-10-09 18:35:19.000000000 +0200 +++ mozilla/content/xul/document/src/nsXULDocument.cpp 2007-10-09 18:35:37.000000000 +0200 @@ -1097,39 +1097,44 @@ PL_DHashTableOperate(mBroadcasterMap, domele.get(), PL_DHASH_LOOKUP)); if (PL_DHASH_ENTRY_IS_BUSY(entry)) { // We've got listeners: push the value. nsAutoString value; rv = aElement->GetAttr(kNameSpaceID_None, aAttribute, value); - for (PRInt32 i = entry->mListeners.Count() - 1; i >= 0; --i) { + nsCOMArray listenerArray; + PRInt32 i; + for (i = entry->mListeners.Count() - 1; i >= 0; --i) { BroadcastListener* bl = NS_STATIC_CAST(BroadcastListener*, entry->mListeners[i]); if ((bl->mAttribute == aAttribute) || (bl->mAttribute == nsXULAtoms::_star)) { nsCOMPtr listener = do_QueryInterface(bl->mListener); - - if (rv == NS_CONTENT_ATTR_NO_VALUE || - rv == NS_CONTENT_ATTR_HAS_VALUE) { - listener->SetAttr(kNameSpaceID_None, aAttribute, value, - PR_TRUE); - } - else { - listener->UnsetAttr(kNameSpaceID_None, aAttribute, - PR_TRUE); - } - - ExecuteOnBroadcastHandlerFor(aElement, bl->mListener, - aAttribute); + listenerArray.AppendObject(listener); } } + for (i = 0; i < listenerArray.Count(); ++i) { + nsIContent* listener = listenerArray[i]; + if (rv == NS_CONTENT_ATTR_NO_VALUE || + rv == NS_CONTENT_ATTR_HAS_VALUE) { + listener->SetAttr(kNameSpaceID_None, aAttribute, value, + PR_TRUE); + } + else { + listener->UnsetAttr(kNameSpaceID_None, aAttribute, + PR_TRUE); + } + + nsCOMPtr listenerEl = do_QueryInterface(listener); + ExecuteOnBroadcastHandlerFor(aElement, listenerEl, aAttribute); + } } } // Now notify external observers NS_DOCUMENT_NOTIFY_OBSERVERS(AttributeChanged, (this, aElement, aNameSpaceID, aAttribute, aModType)); mozilla-387033.patch: nsTextBoxFrame.cpp | 86 +++++++++++++++++++++++++++++++++++++++++------------ nsTextBoxFrame.h | 7 +++- 2 files changed, 73 insertions(+), 20 deletions(-) --- NEW FILE mozilla-387033.patch --- --- layout/xul/base/src/nsTextBoxFrame.cpp | 86 +++++++++++++++++++++++++-------- layout/xul/base/src/nsTextBoxFrame.h | 7 ++ 2 files changed, 73 insertions(+), 20 deletions(-) Index: mozilla/layout/xul/base/src/nsTextBoxFrame.cpp =================================================================== --- mozilla.orig/layout/xul/base/src/nsTextBoxFrame.cpp 2007-10-09 18:48:08.000000000 +0200 +++ mozilla/layout/xul/base/src/nsTextBoxFrame.cpp 2007-10-09 18:49:59.000000000 +0200 @@ -63,16 +63,17 @@ #include "nsIDocument.h" #include "nsIDOMDocument.h" #include "nsIDOMElement.h" #include "nsIDOMXULLabelElement.h" #include "nsIEventStateManager.h" #include "nsITheme.h" #include "nsUnicharUtils.h" #include "nsContentUtils.h" +#include "nsIReflowCallback.h" #ifdef IBMBIDI #include "nsBidiUtils.h" #include "nsBidiPresUtils.h" #endif // IBMBIDI #include "nsReadableUtils.h" #define ELLIPSIS "..." @@ -145,17 +146,19 @@ // If the accesskey changed, register for the new value // The old value has been unregistered in nsXULElement::SetAttr if (aAttribute == nsXULAtoms::accesskey || aAttribute == nsXULAtoms::control) RegUnregAccessKey(presContext, PR_TRUE); return NS_OK; } -nsTextBoxFrame::nsTextBoxFrame(nsIPresShell* aShell):nsLeafBoxFrame(aShell), mCropType(CropRight),mAccessKeyInfo(nsnull) +nsTextBoxFrame::nsTextBoxFrame(nsIPresShell* aShell) + : nsLeafBoxFrame(aShell), mCropType(CropRight), mAccessKeyInfo(nsnull), + mNeedsReflowCallback(PR_FALSE) { mState |= NS_STATE_NEED_LAYOUT; NeedsRecalc(); } nsTextBoxFrame::~nsTextBoxFrame() { delete mAccessKeyInfo; @@ -216,16 +219,68 @@ const char* prefName = "intl.menuitems.insertseparatorbeforeaccesskeys"; nsAdoptingString val = nsContentUtils::GetLocalizedStringPref(prefName); gInsertSeparatorBeforeAccessKey = val.EqualsLiteral("true"); } return gInsertSeparatorBeforeAccessKey; } +class nsAsyncAccesskeyUpdate : public nsIReflowCallback +{ +public: + nsAsyncAccesskeyUpdate(nsIFrame* aFrame) : mWeakFrame(aFrame) + { + } + + NS_DECL_ISUPPORTS + + NS_IMETHOD ReflowFinished(nsIPresShell* aShell, PRBool* aFlushFlag) + { + nsTextBoxFrame* frame = + NS_STATIC_CAST(nsTextBoxFrame*, mWeakFrame.GetFrame()); + if (frame && frame->UpdateAccesskey(mWeakFrame)) { + *aFlushFlag = PR_TRUE; + } + return NS_OK; + } + + nsWeakFrame mWeakFrame; +}; + +NS_IMPL_ISUPPORTS1(nsAsyncAccesskeyUpdate, nsIReflowCallback) + +PRBool +nsTextBoxFrame::UpdateAccesskey(nsWeakFrame& aWeakThis) +{ + nsAutoString accesskey; + nsCOMPtr labelElement = do_QueryInterface(mContent); + if (labelElement) { + // Accesskey may be stored on control. + nsCxPusher cx(mContent); + labelElement->GetAccessKey(accesskey); + NS_ENSURE_TRUE(aWeakThis.IsAlive(), PR_FALSE); + } + else { + mContent->GetAttr(kNameSpaceID_None, nsXULAtoms::accesskey, accesskey); + } + + if (!accesskey.Equals(mAccessKey)) { + // Need to get clean mTitle. + mContent->GetAttr(kNameSpaceID_None, nsHTMLAtoms::value, mTitle); + mAccessKey = accesskey; + UpdateAccessTitle(); + nsPresContext* presContext = GetPresContext(); + nsBoxLayoutState state(presContext); + MarkDirty(state); + return PR_TRUE; + } + return PR_FALSE; +} + void nsTextBoxFrame::UpdateAttributes(nsPresContext* aPresContext, nsIAtom* aAttribute, PRBool& aResize, PRBool& aRedraw) { PRBool doUpdateTitle = PR_FALSE; aResize = PR_FALSE; @@ -258,34 +313,19 @@ mContent->GetAttr(kNameSpaceID_None, nsHTMLAtoms::value, value); if (!value.Equals(mTitle)) { mTitle = value; doUpdateTitle = PR_TRUE; } } if (aAttribute == nsnull || aAttribute == nsXULAtoms::accesskey) { - nsAutoString accesskey; - nsCOMPtr labelElement = do_QueryInterface(mContent); - if (labelElement) { - labelElement->GetAccessKey(accesskey); // Accesskey may be stored on control - } - else { - mContent->GetAttr(kNameSpaceID_None, nsXULAtoms::accesskey, accesskey); - } - if (!accesskey.Equals(mAccessKey)) { - if (!doUpdateTitle) { - // Need to get clean mTitle and didn't already - nsAutoString value; - mContent->GetAttr(kNameSpaceID_None, nsHTMLAtoms::value, value); - mTitle = value; - doUpdateTitle = PR_TRUE; - } - mAccessKey = accesskey; - } + mNeedsReflowCallback = PR_TRUE; + // Ensure that layout is refreshed and reflow callback called. + aResize = PR_TRUE; } if (doUpdateTitle) { UpdateAccessTitle(); aResize = PR_TRUE; } } @@ -795,16 +835,24 @@ mAccessKeyInfo->mAccesskeyIndex = kNotFound; } } } NS_IMETHODIMP nsTextBoxFrame::DoLayout(nsBoxLayoutState& aBoxLayoutState) { + if (mNeedsReflowCallback) { + nsCOMPtr cb = new nsAsyncAccesskeyUpdate(this); + if (cb) { + GetPresContext()->PresShell()->PostReflowCallback(cb); + } + mNeedsReflowCallback = PR_FALSE; + } + mState |= NS_STATE_NEED_LAYOUT; return nsLeafBoxFrame::DoLayout(aBoxLayoutState); } NS_IMETHODIMP nsTextBoxFrame::NeedsRecalc() { Index: mozilla/layout/xul/base/src/nsTextBoxFrame.h =================================================================== --- mozilla.orig/layout/xul/base/src/nsTextBoxFrame.h 2007-10-09 18:48:08.000000000 +0200 +++ mozilla/layout/xul/base/src/nsTextBoxFrame.h 2007-10-09 18:50:03.000000000 +0200 @@ -85,16 +85,20 @@ nsIRenderingContext& aRenderingContext, const nsRect& aDirtyRect, nsFramePaintLayer aWhichLayer, PRUint32 aFlags = 0); virtual ~nsTextBoxFrame(); protected: + friend class nsAsyncAccesskeyUpdate; + // Should be called only by nsAsyncAccesskeyUpdate. + // Returns PR_TRUE if accesskey was updated. + PRBool UpdateAccesskey(nsWeakFrame& aWeakThis); void UpdateAccessTitle(); void UpdateAccessIndex(); NS_IMETHOD PaintTitle(nsPresContext* aPresContext, nsIRenderingContext& aRenderingContext, const nsRect& aDirtyRect, const nsRect& aRect); @@ -128,17 +132,18 @@ PRBool InsertSeparatorBeforeAccessKey(); CroppingStyle mCropType; nsString mTitle; nsString mCroppedTitle; nsString mAccessKey; nscoord mTitleWidth; nsAccessKeyInfo* mAccessKeyInfo; - PRBool mNeedsRecalc; + PRPackedBool mNeedsRecalc; + PRPackedBool mNeedsReflowCallback; nsSize mTextSize; nscoord mAscent; static PRBool gAlwaysAppendAccessKey; static PRBool gAccessKeyPrefInitialized; static PRBool gInsertSeparatorBeforeAccessKey; static PRBool gInsertSeparatorPrefInitialized; mozilla-387881.patch: jsscript.c | 12 ++++++++++-- 1 files changed, 10 insertions(+), 2 deletions(-) --- NEW FILE mozilla-387881.patch --- --- js/src/jsscript.c | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) Index: mozilla/js/src/jsscript.c =================================================================== --- mozilla.orig/js/src/jsscript.c 2007-10-09 18:58:04.000000000 +0200 +++ mozilla/js/src/jsscript.c 2007-10-09 19:03:36.000000000 +0200 @@ -223,19 +223,27 @@ fp = cx->fp; caller = JS_GetScriptedCaller(cx, fp); JS_ASSERT(!caller || fp->scopeChain == caller->scopeChain); if (caller) { if (!scopeobj) scopeobj = caller->scopeChain; - file = caller->script->filename; - line = js_PCToLineNumber(cx, caller->script, caller->pc); + if (!scopeobj) + return JS_FALSE; + principals = JS_EvalFramePrincipals(cx, fp, caller); + if (principals == caller->script->principals) { + file = caller->script->filename; + line = js_PCToLineNumber(cx, caller->script, caller->pc); + } else { + file = principals->codebase; + line = 0; + } } else { file = NULL; line = 0; principals = NULL; } /* Ensure we compile this script with the right (inner) principals. */ scopeobj = js_CheckScopeChainValidity(cx, scopeobj, js_script_compile); mozilla-388121.patch: content/base/src/nsFrameLoader.cpp | 31 ++----- docshell/base/nsDocShell.cpp | 51 +++++++------ embedding/components/windowwatcher/src/nsWindowWatcher.cpp | 11 ++ 3 files changed, 52 insertions(+), 41 deletions(-) --- NEW FILE mozilla-388121.patch --- --- content/base/src/nsFrameLoader.cpp | 31 ++----- docshell/base/nsDocShell.cpp | 51 +++++++------ embedding/components/windowwatcher/src/nsWindowWatcher.cpp | 11 ++ 3 files changed, 52 insertions(+), 41 deletions(-) Index: mozilla/content/base/src/nsFrameLoader.cpp =================================================================== --- mozilla.orig/content/base/src/nsFrameLoader.cpp 2007-10-09 19:22:51.000000000 +0200 +++ mozilla/content/base/src/nsFrameLoader.cpp 2007-10-09 19:23:15.000000000 +0200 @@ -155,37 +155,26 @@ rv = CheckForRecursiveLoad(uri); NS_ENSURE_SUCCESS(rv, rv); // Is our principal the system principal? nsCOMPtr sysPrin; rv = secMan->GetSystemPrincipal(getter_AddRefs(sysPrin)); NS_ENSURE_SUCCESS(rv, rv); - if (principal == sysPrin) { - // We're a chrome node. Belt and braces -- inherit the principal for this - // load instead of just forcing the system principal. That way if we have - // something loaded already the principal used will be that of what we - // already have loaded. - - // XXX bz I'd love to nix this, but the problem is chrome calling - // setAttribute() on an iframe or browser and passing in a javascript: URI. - // We probably don't want to run that with chrome privileges... Though in - // similar circumstances, if one sets window.location.href from chrome we - // _do_ run that with chrome privileges, so maybe we should do the same - // here? - loadInfo->SetInheritOwner(PR_TRUE); - - // Also, in this case we don't set a referrer, just in case. - } else { - // We'll use our principal, not that of the document loaded inside us. - // This is very important; needed to prevent XSS attacks on documents - // loaded in subframes! - loadInfo->SetOwner(principal); - + // We'll use our principal, not that of the document loaded inside us. + // This is very important; needed to prevent XSS attacks on documents + // loaded in subframes! Note that if |principal == sysPrin| the + // situation is handled by nsDocShell::LoadURI. + loadInfo->SetOwner(principal); + + // Don't set referrer if we're the system principal. + // XXXbz not like it matters -- the URI of the system principal is + // null on branch... + if (principal != sysPrin) { nsCOMPtr referrer; rv = principal->GetURI(getter_AddRefs(referrer)); NS_ENSURE_SUCCESS(rv, rv); loadInfo->SetReferrer(referrer); } // Kick off the load... Index: mozilla/docshell/base/nsDocShell.cpp =================================================================== --- mozilla.orig/docshell/base/nsDocShell.cpp 2007-10-09 19:22:51.000000000 +0200 +++ mozilla/docshell/base/nsDocShell.cpp 2007-10-09 19:23:09.000000000 +0200 @@ -760,41 +760,52 @@ PR_LOG(gDocShellLog, PR_LOG_DEBUG, ("nsDocShell[%p]: loading from session history", this)); #endif rv = LoadHistoryEntry(shEntry, loadType); } // Perform the load... else { - // We need an owner (a referring principal). 3 possibilities: - // (1) If a principal was passed in, that's what we'll use. - // (2) If the caller has allowed inheriting from the current document, - // or if we're being called from chrome (if there's system JS on the stack), - // then inheritOwner should be true and InternalLoad will get an owner - // from the current document. If none of these things are true, then - // (3) we pass a null owner into the channel, and an owner will be - // created later from the URL. - if (!owner && !inheritOwner) { - // See if there's system or chrome JS code running - nsCOMPtr secMan; + // We need an owner (a referring principal). 4 possibilities: + // (1) If the system principal was passed in and we're a typeContent + // docshell, inherit the principal from the current document + // instead. + // (2) In all other cases when the principal passed in is not null, + // use that principal. + // (3) If the caller has allowed inheriting from the current + // document, or if we're being called from chrome (if there's + // system JS on the stack), then inheritOwner should be true and + // InternalLoad will get an owner from the current document. If + // none of these things are true, then + // (4) we pass a null owner into the channel, and an owner will be + // created later from the channel's internal data. + nsCOMPtr secMan = + do_GetService(NS_SCRIPTSECURITYMANAGER_CONTRACTID, &rv); + NS_ENSURE_SUCCESS(rv, rv); - secMan = do_GetService(NS_SCRIPTSECURITYMANAGER_CONTRACTID, &rv); + // Just to compare, not to use! + nsCOMPtr sysPrin; + rv = secMan->GetSystemPrincipal(getter_AddRefs(sysPrin)); + NS_ENSURE_SUCCESS(rv, rv); + + if (owner == sysPrin && mItemType != typeChrome) { + owner = nsnull; + inheritOwner = PR_TRUE; + } + else if (!owner && !inheritOwner) { + // See if there's system or chrome JS code running if (NS_SUCCEEDED(rv)) { - nsCOMPtr sysPrin; nsCOMPtr subjectPrin; - // Just to compare, not to use! - rv = secMan->GetSystemPrincipal(getter_AddRefs(sysPrin)); - if (NS_SUCCEEDED(rv)) { - rv = secMan->GetSubjectPrincipal(getter_AddRefs(subjectPrin)); - } - // If there's no subject principal, there's no JS running, so we're in system code. + rv = secMan->GetSubjectPrincipal(getter_AddRefs(subjectPrin)); + // If there's no subject principal, there's no JS running, so + // we're in system code. if (NS_SUCCEEDED(rv) && - (!subjectPrin || sysPrin.get() == subjectPrin.get())) { + (!subjectPrin || sysPrin == subjectPrin)) { inheritOwner = PR_TRUE; } } } PRUint32 flags = 0; if (inheritOwner) Index: mozilla/embedding/components/windowwatcher/src/nsWindowWatcher.cpp =================================================================== --- mozilla.orig/embedding/components/windowwatcher/src/nsWindowWatcher.cpp 2007-10-09 19:22:51.000000000 +0200 +++ mozilla/embedding/components/windowwatcher/src/nsWindowWatcher.cpp 2007-10-09 19:23:12.000000000 +0200 @@ -772,16 +772,27 @@ nsIPrincipal* newWindowPrincipal = subjectPrincipal; if (!newWindowPrincipal && aParent) { nsCOMPtr sop(do_QueryInterface(aParent)); if (sop) { newWindowPrincipal = sop->GetPrincipal(); } } + nsCOMPtr systemPrincipal; + sm->GetSystemPrincipal(getter_AddRefs(systemPrincipal)); + if (newWindowPrincipal == systemPrincipal) { + // Don't pass this principal along to content windows + PRInt32 itemType; + rv = newDocShellItem->GetItemType(&itemType); + if (NS_FAILED(rv) || itemType != nsIDocShellTreeItem::typeChrome) { + newWindowPrincipal = nsnull; + } + } + nsCOMPtr newWindow = do_QueryInterface(*_retval); #ifdef DEBUG nsCOMPtr newDebugWindow = do_GetInterface(newDocShell); NS_ASSERTION(newWindow == newDebugWindow, "Different windows??"); #endif if (newWindow) { newWindow->SetOpenerScriptPrincipal(newWindowPrincipal); mozilla-388784.patch: nsHTMLLabelElement.cpp | 34 ++++++++++++++++++++++++++++++---- 1 files changed, 30 insertions(+), 4 deletions(-) --- NEW FILE mozilla-388784.patch --- --- content/html/content/src/nsHTMLLabelElement.cpp | 34 +++++++++++++++++++++--- 1 file changed, 30 insertions(+), 4 deletions(-) Index: mozilla/content/html/content/src/nsHTMLLabelElement.cpp =================================================================== --- mozilla.orig/content/html/content/src/nsHTMLLabelElement.cpp 2007-10-11 12:50:48.000000000 +0200 +++ mozilla/content/html/content/src/nsHTMLLabelElement.cpp 2007-10-11 12:51:10.000000000 +0200 @@ -46,17 +46,17 @@ #include "nsIForm.h" #include "nsIDOMHTMLDocument.h" #include "nsIDOMXULDocument.h" #include "nsIDocument.h" #include "nsIFormControlFrame.h" #include "nsIPresShell.h" #include "nsGUIEvent.h" #include "nsIEventStateManager.h" - +#include "nsIDOMHTMLInputElement.h" class nsHTMLLabelElement : public nsGenericHTMLFormElement, public nsIDOMHTMLLabelElement { public: nsHTMLLabelElement(nsINodeInfo *aNodeInfo); virtual ~nsHTMLLabelElement(); @@ -67,16 +67,19 @@ NS_FORWARD_NSIDOMNODE_NO_CLONENODE(nsGenericHTMLFormElement::) // nsIDOMElement NS_FORWARD_NSIDOMELEMENT(nsGenericHTMLFormElement::) // nsIDOMHTMLElement NS_FORWARD_NSIDOMHTMLELEMENT(nsGenericHTMLFormElement::) + // nsIDOMNSHTMLElement + NS_IMETHOD Focus(); + // nsIDOMHTMLLabelElement NS_DECL_NSIDOMHTMLLABELELEMENT // nsIFormControl NS_IMETHOD_(PRInt32) GetType() const { return NS_FORM_LABEL; } NS_IMETHOD Reset(); NS_IMETHOD SubmitNamesValues(nsIFormSubmission* aFormSubmission, nsIContent* aSubmitElement); @@ -103,28 +106,30 @@ virtual nsresult UnsetAttr(PRInt32 aNameSpaceID, nsIAtom* aAttribute, PRBool aNotify); protected: already_AddRefed GetForContent(); already_AddRefed GetFirstFormControl(nsIContent *current); // XXX It would be nice if we could use an event flag instead. - PRBool mHandlingEvent; + PRPackedBool mHandlingEvent; + PRPackedBool mFocusCalled; }; // construction, destruction NS_IMPL_NS_NEW_HTML_ELEMENT(Label) nsHTMLLabelElement::nsHTMLLabelElement(nsINodeInfo *aNodeInfo) : nsGenericHTMLFormElement(aNodeInfo), - mHandlingEvent(PR_FALSE) + mHandlingEvent(PR_FALSE), + mFocusCalled(PR_FALSE) { } nsHTMLLabelElement::~nsHTMLLabelElement() { } // nsISupports @@ -268,24 +273,45 @@ } break; } mHandlingEvent = PR_FALSE; } return rv; } +nsresult +nsHTMLLabelElement::Focus() +{ + PRBool oldFocusCalled = mFocusCalled; + mFocusCalled = PR_TRUE; + nsresult rv = nsGenericHTMLFormElement::Focus(); + mFocusCalled = oldFocusCalled; + return rv; +} + void nsHTMLLabelElement::SetFocus(nsPresContext* aContext) { // Since we don't have '-moz-user-focus: normal', the only time // |SetFocus| will be called is when the accesskey is activated. nsCOMPtr content = GetForContent(); - if (content) + if (content) { + if (mFocusCalled) { + // Handle input element in a special way, so that focusing + // doesn't focus the input field but the + // 'browse...' button. + nsCOMPtr input = do_QueryInterface(content); + if (input) { + input->Focus(); + return; + } + } content->SetFocus(aContext); + } } nsresult nsHTMLLabelElement::Reset() { return NS_OK; } mozilla-390078.patch: jsgc.c | 2 +- 1 files changed, 1 insertion(+), 1 deletion(-) --- NEW FILE mozilla-390078.patch --- --- js/src/jsgc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) Index: mozilla/js/src/jsgc.c =================================================================== --- mozilla.orig/js/src/jsgc.c 2007-10-11 13:29:44.000000000 +0200 +++ mozilla/js/src/jsgc.c 2007-10-11 13:31:23.000000000 +0200 @@ -1767,17 +1767,17 @@ GC_MARK(cx, fp->thisp, "this", NULL); if (fp->argv) { nslots = fp->argc; if (fp->fun) { if (fp->fun->nargs > nslots) nslots = fp->fun->nargs; nslots += fp->fun->extra; } - GC_MARK_JSVALS(cx, nslots, fp->argv, "arg"); + GC_MARK_JSVALS(cx, nslots + 2, fp->argv - 2, "arg"); } if (JSVAL_IS_GCTHING(fp->rval)) GC_MARK(cx, JSVAL_TO_GCTHING(fp->rval), "rval", NULL); if (fp->vars) GC_MARK_JSVALS(cx, fp->nvars, fp->vars, "var"); GC_MARK(cx, fp->scopeChain, "scope chain", NULL); if (fp->sharpArray) GC_MARK(cx, fp->sharpArray, "sharp array", NULL); mozilla-392149-180.patch: nsAppRunner.cpp | 23 ++++++++++++++++------- 1 files changed, 16 insertions(+), 7 deletions(-) --- NEW FILE mozilla-392149-180.patch --- --- mozilla/toolkit/xre/nsAppRunner.cpp.old 2006-11-09 21:55:12.000000000 +0100 +++ mozilla/toolkit/xre/nsAppRunner.cpp 2007-10-17 17:41:20.000000000 +0200 @@ -299,6 +299,12 @@ strimatch(const char* lowerstr, const ch return PR_TRUE; } +enum RemoteResult { + REMOTE_NOT_FOUND = 0, + REMOTE_FOUND = 1, + REMOTE_ARG_BAD = 2 +}; + enum ArgResult { ARG_NONE = 0, ARG_FOUND = 1, @@ -978,7 +984,7 @@ HandleRemoteArgument(const char* remote) return 0; } -static PRBool +static RemoteResult RemoteCommandLine() { nsresult rv; @@ -992,7 +998,7 @@ RemoteCommandLine() ar = CheckArg("a", &temp); if (ar == ARG_BAD) { PR_fprintf(PR_STDERR, "Error: argument -a requires an application name\n"); - return PR_FALSE; + return REMOTE_ARG_BAD; } else if (ar == ARG_FOUND) { program.Assign(temp); } @@ -1000,13 +1006,13 @@ RemoteCommandLine() ar = CheckArg("u", &username); if (ar == ARG_BAD) { PR_fprintf(PR_STDERR, "Error: argument -u requires a username\n"); - return PR_FALSE; + return REMOTE_ARG_BAD; } XRemoteClient client; rv = client.Init(); if (NS_FAILED(rv)) - return PR_FALSE; + return REMOTE_NOT_FOUND; nsXPIDLCString response; PRBool success = PR_FALSE; @@ -1015,9 +1021,9 @@ RemoteCommandLine() getter_Copies(response), &success); // did the command fail? if (NS_FAILED(rv) || !success) - return PR_FALSE; + return REMOTE_NOT_FOUND; - return PR_TRUE; + return REMOTE_FOUND; } #endif // MOZ_ENABLE_XREMOTE @@ -2068,8 +2074,11 @@ XRE_main(int argc, char* argv[], const n if (!PR_GetEnv("MOZ_NO_REMOTE")) { // Try to remote the entire command line. If this fails, start up normally. - if (RemoteCommandLine()) + RemoteResult rr = RemoteCommandLine(); + if (rr == REMOTE_FOUND) return 0; + else if (rr == REMOTE_ARG_BAD) + return 1; } #endif mozilla-393537.patch: jsopcode.c | 12 ++++++++---- 1 files changed, 8 insertions(+), 4 deletions(-) --- NEW FILE mozilla-393537.patch --- --- js/src/jsopcode.c | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) Index: mozilla/js/src/jsopcode.c =================================================================== --- mozilla.orig/js/src/jsopcode.c 2007-10-11 13:38:41.000000000 +0200 +++ mozilla/js/src/jsopcode.c 2007-10-11 13:38:52.000000000 +0200 @@ -351,25 +351,29 @@ #define OFF2STR(sp,off) ((sp)->base + (off)) #define STR2OFF(sp,str) ((str) - (sp)->base) #define RETRACT(sp,str) ((sp)->offset = STR2OFF(sp, str)) static JSBool SprintAlloc(Sprinter *sp, size_t nb) { - if (!sp->base) { - JS_ARENA_ALLOCATE_CAST(sp->base, char *, sp->pool, nb); + char *base; + + base = sp->base; + if (!base) { + JS_ARENA_ALLOCATE_CAST(base, char *, sp->pool, nb); } else { - JS_ARENA_GROW_CAST(sp->base, char *, sp->pool, sp->size, nb); + JS_ARENA_GROW_CAST(base, char *, sp->pool, sp->size, nb); } - if (!sp->base) { + if (!base) { JS_ReportOutOfMemory(sp->context); return JS_FALSE; } + sp->base = base; sp->size += nb; return JS_TRUE; } static ptrdiff_t SprintPut(Sprinter *sp, const char *s, size_t len) { ptrdiff_t nb, offset; mozilla-395942-180.patch: browser/components/nsBrowserContentHandler.js | 28 +++++++++++++--- toolkit/mozapps/extensions/src/nsExtensionManager.js.in | 6 +++ xpfe/bootstrap/Makefile.in | 1 xpfe/bootstrap/nsAppRunner.cpp | 21 ++++++++++++ 4 files changed, 51 insertions(+), 5 deletions(-) --- NEW FILE mozilla-395942-180.patch --- --- browser/components/nsBrowserContentHandler.js | 28 +++++++++++++--- toolkit/mozapps/extensions/src/nsExtensionManager.js.in | 6 +++ xpfe/bootstrap/Makefile.in | 1 xpfe/bootstrap/nsAppRunner.cpp | 21 ++++++++++++ 4 files changed, 51 insertions(+), 5 deletions(-) Index: mozilla/browser/components/nsBrowserContentHandler.js =================================================================== --- mozilla.orig/browser/components/nsBrowserContentHandler.js +++ mozilla/browser/components/nsBrowserContentHandler.js @@ -44,16 +44,17 @@ const nsICommandLine = Components.interfaces.nsICommandLine; const nsICommandLineHandler = Components.interfaces.nsICommandLineHandler; const nsIContentHandler = Components.interfaces.nsIContentHandler; const nsIDocShellTreeItem = Components.interfaces.nsIDocShellTreeItem; const nsIDOMChromeWindow = Components.interfaces.nsIDOMChromeWindow; const nsIDOMWindow = Components.interfaces.nsIDOMWindow; const nsIFactory = Components.interfaces.nsIFactory; const nsIFileURL = Components.interfaces.nsIFileURL; +const nsIJARURI = Components.interfaces.nsIJARURI; const nsIHttpProtocolHandler = Components.interfaces.nsIHttpProtocolHandler; const nsIInterfaceRequestor = Components.interfaces.nsIInterfaceRequestor; const nsIPrefBranch = Components.interfaces.nsIPrefBranch; const nsIPrefLocalizedString = Components.interfaces.nsIPrefLocalizedString; const nsISupportsString = Components.interfaces.nsISupportsString; const nsIURIFixup = Components.interfaces.nsIURIFixup; const nsIWebNavigation = Components.interfaces.nsIWebNavigation; const nsIWindowMediator = Components.interfaces.nsIWindowMediator; @@ -345,22 +346,39 @@ } var chromeParam = cmdLine.handleFlagWithParam("chrome", false); if (chromeParam) { // Handle the old preference dialog URL separately (bug 285416) if (chromeParam == "chrome://browser/content/pref/pref.xul") { openPreferences(); - } else { - var features = "chrome,dialog=no,all" + this.getFeatures(cmdLine); - openWindow(null, chromeParam, "_blank", features, ""); - } + cmdLine.preventDefault = true; + } else try { + // only load URIs which do not inherit chrome privs. + cmdLine.preventDefault = true; - cmdLine.preventDefault = true; + // normally would call checkLoadURI(..., DISALLOW_SCRIPT_OR_DATA) + // for this, but in this context we crash when the security manager + // tries to throw an exception (no window object here). On the branch + // we need to simulate the important bits + var uri = resolveURIInternal(cmdLine, chromeParam); + while (uri instanceof nsIJARURI) { + // unpack to find the real scheme + uri = uri.JARFile; + } + if (!uri.schemeIs("javascript") && !uri.schemeIs("data")) { + var features = "chrome,dialog=no,all" + this.getFeatures(cmdLine); + openWindow(null, uri.spec, "_blank", features, ""); + cmdLine.preventDefault = true; + } + } + catch (e) { + Components.utils.reportError(e); + } } if (cmdLine.handleFlag("preferences", false)) { openPreferences(); cmdLine.preventDefault = true; } if (cmdLine.handleFlag("silent", false)) cmdLine.preventDefault = true; }, Index: mozilla/toolkit/mozapps/extensions/src/nsExtensionManager.js.in =================================================================== --- mozilla.orig/toolkit/mozapps/extensions/src/nsExtensionManager.js.in +++ mozilla/toolkit/mozapps/extensions/src/nsExtensionManager.js.in @@ -2506,16 +2506,22 @@ /** * Installs an XPI/JAR file into the KEY_APP_GLOBAL install location. * @param file * The XPI/JAR file to extract */ _installGlobalItem: function(file) { if (!file || !file.exists()) throw new Error("Unable to find the file specified on the command line!"); +#ifdef XP_WIN + // make sure the file is local on Windows + file.normalize(); + if (file.path[1] != ':') + throw new Error("Can't install global chrome from non-local file "+file.path); +#endif var installManifestFile = extractRDFFileToTempDir(file, FILE_INSTALL_MANIFEST, true); if (!installManifestFile.exists()) throw new Error("The package is missing an install manifest!"); var installManifest = getInstallManifest(installManifestFile); installManifestFile.remove(false); var installData = this._getInstallData(installManifest); var installer = new Installer(installManifest, installData.id, InstallLocations.get(KEY_APP_GLOBAL), Index: mozilla/xpfe/bootstrap/nsAppRunner.cpp =================================================================== --- mozilla.orig/xpfe/bootstrap/nsAppRunner.cpp +++ mozilla/xpfe/bootstrap/nsAppRunner.cpp @@ -87,16 +87,19 @@ #include "nsIEventQueueService.h" #include "nsDirectoryServiceDefs.h" #include "nsBuildID.h" #include "nsIWindowCreator.h" #include "nsIWindowWatcher.h" #include "nsILocalFile.h" #include "nsILookAndFeel.h" #include "nsIProcess.h" +#include "nsIIOService.h" +#include "nsIJARURI.h" +#include "nsNetCID.h" #ifdef MOZ_XPINSTALL #include "InstallCleanupDefines.h" #include "nsISoftwareUpdate.h" #endif // Interfaces Needed #include "nsIXULWindow.h" @@ -578,16 +581,34 @@ if (openWindowWithArgs) { NS_ConvertASCIItoUTF16 cmdArgs(cmdResult); #ifdef DEBUG_CMD_LINE printf("opening %s with %s\n", chromeUrlForTask.get(), "OpenWindow"); #endif /* DEBUG_CMD_LINE */ rv = OpenWindow(chromeUrlForTask, cmdArgs); } else { + // We need to emulate checkLoadURI because we don't have a window yet + nsCOMPtr ioService = do_GetService(NS_IOSERVICE_CONTRACTID, &rv); + if (NS_FAILED(rv)) return rv; + nsCOMPtr baseURI; + rv = ioService->NewURI(cmdResult, nsnull, nsnull, getter_AddRefs(baseURI)); + if (NS_FAILED(rv)) return rv; + nsCOMPtr jarURI(do_QueryInterface(baseURI)); + while (jarURI) { + rv = jarURI->GetJARFile(getter_AddRefs(baseURI)); + if (NS_FAILED(rv)) return rv; + jarURI = do_QueryInterface(baseURI); + } + PRBool scriptOrData = PR_FALSE; + baseURI->SchemeIs("javascript", &scriptOrData); + if (!scriptOrData) + baseURI->SchemeIs("data", &scriptOrData); + if (scriptOrData) + return NS_ERROR_FAILURE; #ifdef DEBUG_CMD_LINE printf("opening %s with %s\n", cmdResult.get(), "OpenWindow"); #endif /* DEBUG_CMD_LINE */ rv = OpenWindow(cmdResult, width, height); if (NS_FAILED(rv)) return rv; } // If we get here without an error, then a window was opened OK. if (NS_SUCCEEDED(rv)) { Index: mozilla/xpfe/bootstrap/Makefile.in =================================================================== --- mozilla.orig/xpfe/bootstrap/Makefile.in +++ mozilla/xpfe/bootstrap/Makefile.in @@ -95,16 +95,17 @@ windowwatcher \ embed_base \ embedcomponents \ docshell \ locale \ profile \ chrome \ xremoteclient \ + jar \ $(NULL) # for jprof REQUIRES += jprof ifdef NS_TRACE_MALLOC REQUIRES += tracemalloc endif Index: .cvsignore =================================================================== RCS file: /cvs/dist/rpms/firefox/FC-6/.cvsignore,v retrieving revision 1.31 retrieving revision 1.32 diff -u -r1.31 -r1.32 --- .cvsignore 18 Jul 2007 04:45:35 -0000 1.31 +++ .cvsignore 19 Oct 2007 10:57:29 -0000 1.32 @@ -1,3 +1,4 @@ mozilla-180-20070717.tar.bz2 firefox-langpacks-1.5.0.12-20070529.tar.bz2 add-gecko-provides +firefox-180-20071018.tar.bz2 Index: firefox.spec =================================================================== RCS file: /cvs/dist/rpms/firefox/FC-6/firefox.spec,v retrieving revision 1.173 retrieving revision 1.174 diff -u -r1.173 -r1.174 --- firefox.spec 18 Jul 2007 13:22:18 -0000 1.173 +++ firefox.spec 19 Oct 2007 10:57:29 -0000 1.174 @@ -11,13 +11,13 @@ Summary: Mozilla Firefox Web browser. Name: firefox Version: 1.5.0.12 -Release: 4%{?dist} +Release: 5%{?dist} URL: http://www.mozilla.org/projects/firefox/ License: MPL/LGPL Group: Applications/Internet %if %{official_branding} #%define tarball firefox-%{version}-source.tar.bz2 -%define tarball mozilla-180-20070717.tar.bz2 +%define tarball firefox-180-20071018.tar.bz2 %else %define tarball firefox-1.5rc3-source.tar.bz2 %endif @@ -55,12 +55,33 @@ Patch40: firefox-1.5-bullet-bill.patch Patch42: firefox-1.1-uriloader.patch Patch50: mozilla-358594.patch -Patch51: mozilla-379245.patch -Patch52: mozilla-382532.patch +#Patch51: mozilla-379245.patch +#Patch52: mozilla-382532.patch Patch53: mozilla-178993.patch Patch55: mozilla-384925.patch Patch56: mozilla-381300.patch +Patch58: mozilla-199088.mailnews.patch +Patch59: mozilla-309322_180_att283610.patch +Patch60: mozilla-267833.patch +Patch61: mozilla-345305_venkmanonly.patch +Patch62: mozilla-361745.patch +Patch63: mozilla-362901.patch +Patch64: mozilla-372309.patch +Patch65: mozilla-378787.patch +Patch66: mozilla-384105.patch +Patch67: mozilla-386914.patch +Patch68: mozilla-387033.patch +Patch70: mozilla-387881.patch +Patch71: mozilla-388121.patch +Patch72: mozilla-388784.patch +Patch73: mozilla-390078.patch +Patch74: mozilla-393537.patch +Patch75: mozilla-395942-180.patch +Patch76: mozilla-325761.patch +Patch77: mozilla-392149-180.patch + + # font system fixes Patch81: firefox-1.5-nopangoxft.patch Patch82: firefox-1.5-pango-mathml.patch @@ -162,12 +183,32 @@ %patch40 -p1 %patch42 -p0 %patch50 -p1 -%patch51 -p1 -%patch52 -p1 +#%patch51 -p1 +#%patch52 -p1 %patch53 -p1 %patch55 -p1 %patch56 -p1 +%patch58 -p1 +%patch59 -p1 +%patch60 -p1 +%patch61 -p1 +%patch62 -p1 +%patch63 -p1 +%patch64 -p1 +%patch65 -p1 +%patch66 -p1 +%patch67 -p1 +%patch68 -p1 +%patch70 -p1 +%patch71 -p1 +%patch72 -p1 +%patch73 -p1 +%patch74 -p1 +%patch75 -p1 +%patch76 -p1 +%patch77 -p1 + # font system fixes %patch81 -p1 -b .nopangoxft %patch82 -p1 -b .pango-mathml @@ -469,6 +510,12 @@ #--------------------------------------------------------------------- %changelog +* Fri Oct 19 2007 Martin Stransky 1.5.0.12-5 +- Update to latest snapshot of Mozilla 1.8.0 branch +- added pathes for Mozilla bugs 199088,267833,309322,345305,361745, + 362901,372309,378787,381300,384105,386914,387033,387881,388121,388784 + 390078,393537,395942 + * Wed Jul 18 2007 Kai Engert - 1.5.0.12-4 - fix tar ball mistake mozilla-381300.patch: caps/src/nsPrincipal.cpp | 39 --- caps/src/nsScriptSecurityManager.cpp | 33 +- content/base/public/nsIDocument.h | 42 +++ content/base/src/nsDocument.cpp | 2 content/base/src/nsDocument.h | 1 content/base/src/nsFrameLoader.cpp | 7 content/html/document/src/nsHTMLDocument.cpp | 44 +-- docshell/base/nsDocShell.cpp | 154 +++++++++--- docshell/base/nsDocShell.h | 16 + dom/public/base/nsPIDOMWindow.h | 29 ++ dom/src/base/nsGlobalWindow.cpp | 161 +++++++------ dom/src/base/nsGlobalWindow.h | 10 dom/src/jsurl/nsJSProtocolHandler.cpp | 6 embedding/components/windowwatcher/src/Makefile.in | 1 embedding/components/windowwatcher/src/nsWindowWatcher.cpp | 61 ++++ embedding/components/windowwatcher/src/nsWindowWatcher.h | 1 16 files changed, 395 insertions(+), 212 deletions(-) Index: mozilla-381300.patch =================================================================== RCS file: /cvs/dist/rpms/firefox/FC-6/mozilla-381300.patch,v retrieving revision 1.1 retrieving revision 1.2 diff -u -r1.1 -r1.2 --- mozilla-381300.patch 18 Jul 2007 04:45:35 -0000 1.1 +++ mozilla-381300.patch 19 Oct 2007 10:57:29 -0000 1.2 @@ -18,9 +18,14 @@ Index: mozilla/caps/src/nsPrincipal.cpp =================================================================== ---- mozilla.orig/caps/src/nsPrincipal.cpp 2007-07-16 11:51:44.000000000 +0200 -+++ mozilla/caps/src/nsPrincipal.cpp 2007-07-16 11:53:05.000000000 +0200 -@@ -260,15 +260,10 @@ +--- mozilla.orig/caps/src/nsPrincipal.cpp 2007-10-09 12:48:36.000000000 +0200 ++++ mozilla/caps/src/nsPrincipal.cpp 2007-10-09 12:48:38.000000000 +0200 +@@ -255,60 +255,29 @@ + aOther->GetSubjectName(str); + *aResult = str.Equals(mCert->subjectName) || str.IsEmpty(); + } + + return NS_OK; } // Codebases are equal if they have the same origin. @@ -40,7 +45,9 @@ } *aResult = PR_TRUE; -@@ -278,32 +273,6 @@ + return NS_OK; + } + NS_IMETHODIMP nsPrincipal::Subsumes(nsIPrincipal *aOther, PRBool *aResult) { @@ -73,11 +80,21 @@ return Equals(aOther, aResult); } + NS_IMETHODIMP + nsPrincipal::CanEnableCapability(const char *capability, PRInt16 *result) + { + // If this principal is marked invalid, can't enable any capabilities + nsCStringKey invalidKey(sInvalid); Index: mozilla/caps/src/nsScriptSecurityManager.cpp =================================================================== ---- mozilla.orig/caps/src/nsScriptSecurityManager.cpp 2007-07-16 11:51:44.000000000 +0200 -+++ mozilla/caps/src/nsScriptSecurityManager.cpp 2007-07-16 11:53:05.000000000 +0200 -@@ -273,7 +273,7 @@ +--- mozilla.orig/caps/src/nsScriptSecurityManager.cpp 2007-10-09 12:48:36.000000000 +0200 ++++ mozilla/caps/src/nsScriptSecurityManager.cpp 2007-10-09 12:48:38.000000000 +0200 +@@ -268,17 +268,17 @@ + *result = PR_FALSE; + + if (aSourceURI == aTargetURI) + { + *result = PR_TRUE; return NS_OK; } @@ -86,7 +103,17 @@ { // return false return NS_OK; -@@ -863,8 +863,14 @@ + } + + // If either uri is a jar URI, get the base URI + nsCOMPtr jarURI; + nsCOMPtr sourceBaseURI(aSourceURI); +@@ -858,34 +858,46 @@ + PRBool aIsCheckConnect) + { + /* + ** Get origin of subject and object and compare. + */ if (aSubject == aObject) return NS_OK; @@ -101,7 +128,10 @@ if (aIsCheckConnect) { // Don't use domain for CheckConnect calls, since that's called for -@@ -875,12 +881,18 @@ + // data-only load checks like XMLHTTPRequest (bug 290100). + aSubject->GetURI(getter_AddRefs(subjectURI)); + aObject->GetURI(getter_AddRefs(objectURI)); + } else { aSubject->GetDomain(getter_AddRefs(subjectURI)); @@ -122,7 +152,17 @@ } PRBool isSameOrigin = PR_FALSE; -@@ -899,24 +911,11 @@ + nsresult rv = SecurityCompareURIs(subjectURI, objectURI, &isSameOrigin); + NS_ENSURE_SUCCESS(rv, rv); + + if (isSameOrigin) + { // If either the subject or the object has changed its principal by +@@ -894,34 +906,21 @@ + // DNS spoofing based on document.domain (154930) + + // But this restriction does not apply to CheckConnect calls, since + // that's called for data-only load checks like XMLHTTPRequest where + // we ignore domain (bug 290100). if (aIsCheckConnect) return NS_OK; @@ -148,11 +188,21 @@ /* ** Access tests failed, so now report error. */ + return NS_ERROR_DOM_PROP_ACCESS_DENIED; + } + + + nsresult Index: mozilla/content/base/public/nsIDocument.h =================================================================== ---- mozilla.orig/content/base/public/nsIDocument.h 2007-07-16 11:51:44.000000000 +0200 -+++ mozilla/content/base/public/nsIDocument.h 2007-07-16 11:53:05.000000000 +0200 -@@ -841,7 +841,7 @@ +--- mozilla.orig/content/base/public/nsIDocument.h 2007-10-09 12:48:36.000000000 +0200 ++++ mozilla/content/base/public/nsIDocument.h 2007-10-09 12:48:38.000000000 +0200 +@@ -836,17 +836,17 @@ + // The document's security info + nsCOMPtr mSecurityInfo; + + // if this document is part of a multipart document, + // the ID can be used to distinguish it from the other parts. PRUint32 mPartID; }; @@ -161,7 +211,17 @@ #define NS_IDOCUMENT_MOZILLA_1_8_0_BRANCH_IID \ { 0x7d001ad2, 0x01ac, 0x4bf2, \ { 0xb8, 0x3a, 0x50, 0xaa, 0xed, 0xc6, 0x1d, 0xfa } } -@@ -870,6 +870,46 @@ + + class nsIDocument_MOZILLA_1_8_0_BRANCH : public nsISupports + { + public: + NS_DEFINE_STATIC_IID_ACCESSOR(NS_IDOCUMENT_MOZILLA_1_8_0_BRANCH_IID) +@@ -865,16 +865,56 @@ + * + * @param aIndex the index of the child to remove + * @param aNotify whether to notify the document that the remove has + * occurred + */ virtual nsresult RemoveChildAt(PRUint32 aIndex, PRBool aNotify) = 0; }; @@ -208,11 +268,21 @@ /** * Helper class to automatically handle batching of document updates. This * class will call BeginUpdate on construction and EndUpdate on destruction on + * the given document with the given update type. The document could be null, + * in which case no updates will be called. The constructor also takes a + * boolean that can be set to false to prevent notifications. + */ + class mozAutoDocUpdate Index: mozilla/content/base/src/nsDocument.cpp =================================================================== ---- mozilla.orig/content/base/src/nsDocument.cpp 2007-07-16 11:51:44.000000000 +0200 -+++ mozilla/content/base/src/nsDocument.cpp 2007-07-16 11:53:05.000000000 +0200 -@@ -783,6 +783,7 @@ +--- mozilla.orig/content/base/src/nsDocument.cpp 2007-10-09 12:48:36.000000000 +0200 ++++ mozilla/content/base/src/nsDocument.cpp 2007-10-09 12:48:38.000000000 +0200 +@@ -778,16 +778,17 @@ + // = + // ================================================================== + + // NOTE! nsDocument::operator new() zeroes out all members, so don't + // bother initializing members to 0. nsDocument::nsDocument() : nsIDocument(), @@ -220,7 +290,17 @@ mVisible(PR_TRUE) { #ifdef PR_LOGGING -@@ -916,6 +917,7 @@ + if (!gDocumentLeakPRLog) + gDocumentLeakPRLog = PR_NewLogModule("DocumentLeak"); + + if (gDocumentLeakPRLog) + PR_LOG(gDocumentLeakPRLog, PR_LOG_DEBUG, +@@ -911,16 +912,17 @@ + } + + PRBool gCheckedForXPathDOM = PR_FALSE; + PRBool gHaveXPathDOM = PR_FALSE; + NS_INTERFACE_MAP_BEGIN(nsDocument) NS_INTERFACE_MAP_ENTRY(nsIDocument) NS_INTERFACE_MAP_ENTRY(nsIDocument_MOZILLA_1_8_0_BRANCH) @@ -228,11 +308,21 @@ NS_INTERFACE_MAP_ENTRY(nsIDOMDocument) NS_INTERFACE_MAP_ENTRY(nsIDOMNSDocument) NS_INTERFACE_MAP_ENTRY(nsIDOMDocumentEvent) + NS_INTERFACE_MAP_ENTRY(nsIDOM3DocumentEvent) + NS_INTERFACE_MAP_ENTRY(nsIDOMDocumentStyle) + NS_INTERFACE_MAP_ENTRY(nsIDOMNSDocumentStyle) + NS_INTERFACE_MAP_ENTRY(nsIDOMDocumentView) + NS_INTERFACE_MAP_ENTRY(nsIDOMDocumentRange) Index: mozilla/content/base/src/nsDocument.h =================================================================== ---- mozilla.orig/content/base/src/nsDocument.h 2007-07-16 11:51:44.000000000 +0200 -+++ mozilla/content/base/src/nsDocument.h 2007-07-16 11:53:05.000000000 +0200 -@@ -365,6 +365,7 @@ +--- mozilla.orig/content/base/src/nsDocument.h 2007-10-09 12:48:36.000000000 +0200 ++++ mozilla/content/base/src/nsDocument.h 2007-10-09 12:48:38.000000000 +0200 +@@ -360,16 +360,17 @@ + // really an nsIDOMXMLDocument. The reason for implementing + // nsIDOMXMLDocument on this class is to avoid having to duplicate all + // its inherited methods on document classes that *are* + // nsIDOMXMLDocument's. nsDocument's QI should *not* claim to support + // nsIDOMXMLDocument unless someone writes a real implementation of // the interface. class nsDocument : public nsIDocument, public nsIDocument_MOZILLA_1_8_0_BRANCH, @@ -240,11 +330,21 @@ public nsIDOMXMLDocument, // inherits nsIDOMDocument public nsIDOMNSDocument, public nsIDOMDocumentEvent, + public nsIDOM3DocumentEvent, + public nsIDOMNSDocumentStyle, + public nsIDOMDocumentView, + public nsIDOMDocumentRange, + public nsIDOMDocumentTraversal, Index: mozilla/content/base/src/nsFrameLoader.cpp =================================================================== ---- mozilla.orig/content/base/src/nsFrameLoader.cpp 2007-07-16 11:51:44.000000000 +0200 -+++ mozilla/content/base/src/nsFrameLoader.cpp 2007-07-16 11:53:05.000000000 +0200 -@@ -165,6 +165,13 @@ +--- mozilla.orig/content/base/src/nsFrameLoader.cpp 2007-10-09 12:48:36.000000000 +0200 ++++ mozilla/content/base/src/nsFrameLoader.cpp 2007-10-09 12:48:38.000000000 +0200 +@@ -160,16 +160,23 @@ + rv = secMan->GetSystemPrincipal(getter_AddRefs(sysPrin)); + NS_ENSURE_SUCCESS(rv, rv); + + if (principal == sysPrin) { + // We're a chrome node. Belt and braces -- inherit the principal for this // load instead of just forcing the system principal. That way if we have // something loaded already the principal used will be that of what we // already have loaded. @@ -258,11 +358,21 @@ loadInfo->SetInheritOwner(PR_TRUE); // Also, in this case we don't set a referrer, just in case. + } else { + // We'll use our principal, not that of the document loaded inside us. + // This is very important; needed to prevent XSS attacks on documents + // loaded in subframes! + loadInfo->SetOwner(principal); Index: mozilla/content/html/document/src/nsHTMLDocument.cpp =================================================================== ---- mozilla.orig/content/html/document/src/nsHTMLDocument.cpp 2007-07-16 11:51:44.000000000 +0200 -+++ mozilla/content/html/document/src/nsHTMLDocument.cpp 2007-07-16 11:53:05.000000000 +0200 -@@ -2020,10 +2020,24 @@ +--- mozilla.orig/content/html/document/src/nsHTMLDocument.cpp 2007-10-09 12:48:36.000000000 +0200 ++++ mozilla/content/html/document/src/nsHTMLDocument.cpp 2007-10-09 12:48:38.000000000 +0200 +@@ -2026,20 +2026,34 @@ + + // Hold onto ourselves on the offchance that we're down to one ref + nsRefPtr kungFuDeathGrip(this); + + if (mScriptGlobalObject) { // Rememer the old scope in case the call to SetNewDocument changes it. nsCOMPtr oldScope(do_QueryReferent(mScopeObject)); @@ -287,7 +397,17 @@ nsCOMPtr newScope(do_QueryReferent(mScopeObject)); if (oldScope && newScope != oldScope) { nsContentUtils::ReparentContentWrappersInScope(oldScope, newScope); -@@ -2359,36 +2373,6 @@ + } + } + + // XXX This is a nasty workaround for a scrollbar code bug + // (http://bugzilla.mozilla.org/show_bug.cgi?id=55334). +@@ -2365,46 +2379,16 @@ + nsHTMLDocument::ScriptWriteCommon(PRBool aNewlineTerminate) + { + nsCOMPtr ncc; + + nsresult rv = nsContentUtils::XPConnect()-> GetCurrentNativeCallContext(getter_AddRefs(ncc)); NS_ENSURE_SUCCESS(rv, rv); @@ -324,11 +444,21 @@ if (ncc) { // We're called from JS, concatenate the extra arguments into // string_buffer + PRUint32 i, argc; + + ncc->GetArgc(&argc); + + JSContext *cx = nsnull; Index: mozilla/docshell/base/nsDocShell.cpp =================================================================== ---- mozilla.orig/docshell/base/nsDocShell.cpp 2007-07-16 11:51:44.000000000 +0200 -+++ mozilla/docshell/base/nsDocShell.cpp 2007-07-16 11:53:05.000000000 +0200 -@@ -3226,21 +3226,20 @@ +--- mozilla.orig/docshell/base/nsDocShell.cpp 2007-10-09 12:48:36.000000000 +0200 ++++ mozilla/docshell/base/nsDocShell.cpp 2007-10-09 12:48:38.000000000 +0200 +@@ -3238,31 +3238,30 @@ + /* If you change this part of code, make sure bug 45297 does not re-occur */ + if (mOSHE) { + rv = LoadHistoryEntry(mOSHE, type); + } + else if (mLSHE) { // In case a reload happened before the current load is done rv = LoadHistoryEntry(mLSHE, type); } else { @@ -359,7 +489,17 @@ nsnull, // No window target NS_LossyConvertUCS2toASCII(contentTypeHint).get(), nsnull, // No post data -@@ -4859,7 +4858,38 @@ + nsnull, // No headers data + type, // Load type + nsnull, // No SHEntry + PR_TRUE, + nsnull, // No nsIDocShell +@@ -4871,17 +4870,48 @@ + NS_IMETHODIMP + nsDocShell::EnsureContentViewer() + { + if (mContentViewer) + return NS_OK; if (mIsBeingDestroyed) return NS_ERROR_FAILURE; @@ -399,7 +539,17 @@ } NS_IMETHODIMP -@@ -6300,12 +6330,28 @@ + nsDocShell::EnsureDeviceContext() + { + if (mDeviceContext) + return NS_OK; + +@@ -6322,22 +6352,38 @@ + return NS_ERROR_CONTENT_BLOCKED_SHOW_ALT; + } + + return NS_ERROR_CONTENT_BLOCKED; + } nsCOMPtr owner(aOwner); // @@ -432,7 +582,17 @@ // // Resolve the window target before going any further... -@@ -6684,42 +6730,51 @@ + // If the load has been targeted to another DocShell, then transfer the + // load to it... + // + if (aWindowTarget && *aWindowTarget) { + PRBool bIsNewWindow; +@@ -6706,52 +6752,61 @@ + if (NS_FAILED(rv)) { + nsCOMPtr chan(do_QueryInterface(req)); + DisplayLoadError(rv, aURI, nsnull, chan); + } + return rv; } @@ -505,7 +665,17 @@ } nsresult -@@ -6885,7 +6940,12 @@ + nsDocShell::DoURILoad(nsIURI * aURI, + nsIURI * aReferrerURI, + PRBool aSendReferrer, + nsISupports * aOwner, + const char * aTypeHint, +@@ -6907,27 +6962,32 @@ + // Referrer is currenly only set for link clicks here. + httpChannel->SetReferrer(aReferrerURI); + } + } + // // Set the owner of the channel - only for javascript and data channels. // // XXX: Is seems wrong that the owner is ignored - even if one is @@ -519,7 +689,9 @@ // // (Currently chrome URIs set the owner when they are created! // So setting a NULL owner would be bad!) -@@ -6895,7 +6955,7 @@ + // + PRBool isJSOrData = PR_FALSE; + aURI->SchemeIs("javascript", &isJSOrData); if (!isJSOrData) { aURI->SchemeIs("data", &isJSOrData); } @@ -528,7 +700,17 @@ channel->SetOwner(aOwner); } -@@ -8730,3 +8790,21 @@ + rv = DoChannelLoad(channel, uriLoader); + + // + // If the channel load failed, we failed and nsIWebProgress just ain't + // gonna happen. +@@ -8752,8 +8812,26 @@ + + nsCOMPtr window(do_QueryInterface(mScriptGlobal)); + + // Get the an auth prompter for our window so that the parenting + // of the dialogs works as it should when using tabs. return wwatch->GetNewAuthPrompter(window, aResult); } @@ -552,9 +734,14 @@ + Index: mozilla/docshell/base/nsDocShell.h =================================================================== ---- mozilla.orig/docshell/base/nsDocShell.h 2007-07-16 11:51:44.000000000 +0200 -+++ mozilla/docshell/base/nsDocShell.h 2007-07-16 11:53:05.000000000 +0200 -@@ -287,7 +287,18 @@ +--- mozilla.orig/docshell/base/nsDocShell.h 2007-10-09 12:48:36.000000000 +0200 ++++ mozilla/docshell/base/nsDocShell.h 2007-10-09 12:48:38.000000000 +0200 +@@ -284,17 +284,28 @@ + NS_IMETHOD NewContentViewerObj(const char * aContentType, + nsIRequest * request, nsILoadGroup * aLoadGroup, + nsIStreamListener ** aContentHandler, nsIContentViewer ** aViewer); + NS_IMETHOD SetupNewViewer(nsIContentViewer * aNewViewer); + void SetupReferrerFromChannel(nsIChannel * aChannel); NS_IMETHOD GetEldestPresContext(nsPresContext** aPresContext); @@ -574,7 +761,17 @@ virtual nsresult DoURILoad(nsIURI * aURI, nsIURI * aReferrer, PRBool aSendReferrer, -@@ -511,6 +522,9 @@ + nsISupports * aOwner, + const char * aTypeHint, + nsIInputStream * aPostData, + nsIInputStream * aHeadersData, + PRBool firstParty, +@@ -509,16 +520,19 @@ + // Begin the toplevel restore process for |aSHEntry|. + // This simulates a channel open, and defers the real work until + // RestoreFromHistory is called from a PLEvent. + nsresult RestorePresentation(nsISHEntry *aSHEntry, PRBool *aRestoring); + // Call BeginRestore(nsnull, PR_FALSE) for each child of this shell. nsresult BeginRestoreChildren(); @@ -584,11 +781,21 @@ protected: // Override the parent setter from nsDocLoader virtual nsresult SetDocLoaderParent(nsDocLoader * aLoader); + + PRPackedBool mAllowSubframes; + PRPackedBool mAllowPlugins; + PRPackedBool mAllowJavascript; + PRPackedBool mAllowMetaRedirects; Index: mozilla/dom/public/base/nsPIDOMWindow.h =================================================================== ---- mozilla.orig/dom/public/base/nsPIDOMWindow.h 2007-07-16 11:51:44.000000000 +0200 -+++ mozilla/dom/public/base/nsPIDOMWindow.h 2007-07-16 11:53:05.000000000 +0200 -@@ -50,6 +50,8 @@ +--- mozilla.orig/dom/public/base/nsPIDOMWindow.h 2007-10-09 12:48:36.000000000 +0200 ++++ mozilla/dom/public/base/nsPIDOMWindow.h 2007-10-09 12:48:38.000000000 +0200 +@@ -45,16 +45,18 @@ + #include "nsIDOMXULCommandDispatcher.h" + #include "nsIDOMElement.h" + #include "nsIDOMWindowInternal.h" + #include "nsIChromeEventHandler.h" + #include "nsIDOMDocument.h" #include "nsIURI.h" #include "nsCOMPtr.h" @@ -597,7 +804,17 @@ // Popup control state enum. The values in this enum must go from most // permissive to least permissive so that it's safe to push state in // all situations. Pushing popup state onto the stack never makes the -@@ -252,6 +254,8 @@ + // current popup state less permissive (see + // nsGlobalWindow::PushPopupControlState()). + enum PopupControlState { + openAllowed = 0, // open that window without worries + openControlled, // it's a popup, but allow it +@@ -247,16 +249,18 @@ + } + + win = this; + } + return win->mIsHandlingResizeEvent; } @@ -606,7 +823,17 @@ virtual void SetOpenerScriptURL(nsIURI* aURI) = 0; virtual PopupControlState PushPopupControlState(PopupControlState aState, -@@ -313,7 +317,6 @@ + PRBool aForce) const = 0; + virtual void PopPopupControlState(PopupControlState state) const = 0; + virtual PopupControlState GetPopupControlState() const = 0; + virtual OpenAllowValue GetOpenAllow(const nsAString &aName) = 0; + +@@ -308,32 +312,55 @@ + // These two variables are special in that they're set to the same + // value on both the outer window and the current inner window. Make + // sure you keep them in sync! + nsCOMPtr mChromeEventHandler; // strong + nsCOMPtr mDocument; // strong // These members are only used on outer windows. nsIDOMElement *mFrameElement; // weak @@ -614,7 +841,15 @@ // These variables are only used on inner windows. nsTimeout *mRunningTimeout; -@@ -329,6 +332,30 @@ + + PRUint32 mMutationBits; + + PRPackedBool mIsDocumentLoaded; + PRPackedBool mIsHandlingResizeEvent; + PRPackedBool mIsInnerWindow; + + // And these are the references between inner and outer windows. + nsPIDOMWindow *mInnerWindow; nsPIDOMWindow *mOuterWindow; }; @@ -645,11 +880,21 @@ #ifdef _IMPL_NS_LAYOUT PopupControlState + PushPopupControlState(PopupControlState aState, PRBool aForce); + + void + PopPopupControlState(PopupControlState aState); + Index: mozilla/dom/src/base/nsGlobalWindow.cpp =================================================================== ---- mozilla.orig/dom/src/base/nsGlobalWindow.cpp 2007-07-16 11:51:44.000000000 +0200 -+++ mozilla/dom/src/base/nsGlobalWindow.cpp 2007-07-16 11:53:05.000000000 +0200 -@@ -296,13 +296,28 @@ +--- mozilla.orig/dom/src/base/nsGlobalWindow.cpp 2007-10-09 12:48:36.000000000 +0200 ++++ mozilla/dom/src/base/nsGlobalWindow.cpp 2007-10-09 12:48:38.000000000 +0200 +@@ -291,23 +291,38 @@ + static const char sJSStackContractID[] = "@mozilla.org/js/xpc/ContextStack;1"; + + static const char kDOMBundleURL[] = "chrome://global/locale/commonDialogs.properties"; + static const char kDOMSecurityWarningsBundleURL[] = "chrome://global/locale/dom/dom.properties"; + static const char kCryptoContractID[] = NS_CRYPTO_CONTRACTID; static const char kPkcs11ContractID[] = NS_PKCS11_CONTRACTID; @@ -679,7 +924,17 @@ mIsFrozen(PR_FALSE), mFullScreen(PR_FALSE), mIsClosed(PR_FALSE), -@@ -521,6 +536,7 @@ + mInClose(PR_FALSE), + mHavePendingClose(PR_FALSE), + mOpenerWasCleared(PR_FALSE), + mIsPopupSpam(PR_FALSE), + mArguments(nsnull), +@@ -516,16 +531,17 @@ + NS_INTERFACE_MAP_ENTRY(nsIDOMJSWindow) + NS_INTERFACE_MAP_ENTRY(nsIScriptGlobalObject) + NS_INTERFACE_MAP_ENTRY(nsIScriptObjectPrincipal) + NS_INTERFACE_MAP_ENTRY(nsIDOMEventReceiver) + NS_INTERFACE_MAP_ENTRY(nsIDOMEventTarget) NS_INTERFACE_MAP_ENTRY(nsIDOM3EventTarget) NS_INTERFACE_MAP_ENTRY(nsIDOMNSEventTarget) NS_INTERFACE_MAP_ENTRY(nsPIDOMWindow) @@ -687,7 +942,17 @@ NS_INTERFACE_MAP_ENTRY(nsIDOMViewCSS) NS_INTERFACE_MAP_ENTRY(nsIDOMAbstractView) NS_INTERFACE_MAP_ENTRY(nsISupportsWeakReference) -@@ -581,70 +597,52 @@ + NS_INTERFACE_MAP_ENTRY(nsIInterfaceRequestor) + NS_DOM_INTERFACE_MAP_ENTRY_CLASSINFO(Window) + NS_INTERFACE_MAP_END + + +@@ -576,80 +592,62 @@ + FORWARD_TO_OUTER(GetContext, (), nsnull); + + return mContext; + } + PRBool nsGlobalWindow::WouldReuseInnerWindow(nsIDocument *aNewDocument) { @@ -783,7 +1048,17 @@ } nsCOMPtr treeItem(do_QueryInterface(mDocShell)); -@@ -664,9 +662,49 @@ + + if (treeItem) { + PRInt32 itemType = nsIDocShellTreeItem::typeContent; + treeItem->GetItemType(&itemType); + +@@ -659,19 +657,59 @@ + + // No treeItem: don't reuse the current inner window. + return PR_FALSE; + } + void nsGlobalWindow::SetOpenerScriptURL(nsIURI* aURI) { @@ -835,7 +1110,17 @@ } PopupControlState -@@ -944,7 +982,7 @@ + PushPopupControlState(PopupControlState aState, PRBool aForce) + { + PopupControlState oldState = gPopupControlState; + + if (aState < gPopupControlState || aForce) { +@@ -939,17 +977,17 @@ + SetStatus(EmptyString()); + SetDefaultStatus(EmptyString()); + + // This code should not be called during shutdown any more (now that + // we don't ever call SetNewDocument(nsnull), so no need to null // check xpc here. nsIXPConnect *xpc = nsContentUtils::XPConnect(); @@ -844,7 +1129,17 @@ // XXX We used to share event listeners between inner windows in special // circumstances (that were remarkably close to the conditions that we set -@@ -3530,6 +3568,7 @@ + // reUseInnerWindow in) but that left dangling pointers to the old (destroyed) + // inner window (bug 303765). Setting this here should be a no-op. + aRemoveEventListeners = !reUseInnerWindow; + + // Remember the old document's principal. +@@ -3525,33 +3563,30 @@ + if (embeddingWin) + embeddingWin->SetFocus(); + } + + nsCOMPtr presShell; if (mDocShell) { // Don't look for a presshell if we're a root chrome window that's got // about:blank loaded. We don't want to focus our widget in that case. @@ -852,7 +1147,11 @@ PRBool lookForPresShell = PR_TRUE; PRInt32 itemType = nsIDocShellTreeItem::typeContent; nsCOMPtr treeItem(do_QueryInterface(mDocShell)); -@@ -3541,12 +3580,8 @@ + NS_ASSERTION(treeItem, "What happened?"); + treeItem->GetItemType(&itemType); + if (itemType == nsIDocShellTreeItem::typeChrome && + GetPrivateRoot() == NS_STATIC_CAST(nsIDOMWindowInternal*, this) && + mDocument) { nsCOMPtr doc(do_QueryInterface(mDocument)); NS_ASSERTION(doc, "Bogus doc?"); nsIURI* ourURI = doc->GetDocumentURI(); @@ -867,7 +1166,17 @@ } } -@@ -5978,25 +6013,7 @@ + if (lookForPresShell) { + mDocShell->GetEldestPresShell(getter_AddRefs(presShell)); + } + } + +@@ -5973,35 +6008,17 @@ + aExtraArgument, getter_AddRefs(domReturn)); + } + } + } + } // success! @@ -894,11 +1203,21 @@ return rv; } + + // static + void + nsGlobalWindow::CloseWindow(nsISupports *aWindow) + { Index: mozilla/dom/src/base/nsGlobalWindow.h =================================================================== ---- mozilla.orig/dom/src/base/nsGlobalWindow.h 2007-07-16 11:51:44.000000000 +0200 -+++ mozilla/dom/src/base/nsGlobalWindow.h 2007-07-16 11:53:05.000000000 +0200 -@@ -129,7 +129,7 @@ +--- mozilla.orig/dom/src/base/nsGlobalWindow.h 2007-10-09 12:48:36.000000000 +0200 ++++ mozilla/dom/src/base/nsGlobalWindow.h 2007-10-09 12:48:38.000000000 +0200 +@@ -124,17 +124,17 @@ + // needed to ensure that mOuterWindow doesn't end up dangling. The + // nature of PRCList means that the window itself is always in the + // list, and an outer window's list will also contain all inner window + // objects that are still in memory (and in reality all inner window + // object's lists also contain its outer and all other inner windows // belonging to the same outer window, but that's an unimportant // side effect of inheriting PRCList). @@ -907,7 +1226,17 @@ public nsIScriptGlobalObject, public nsIDOMJSWindow, public nsIScriptObjectPrincipal, -@@ -224,6 +224,10 @@ + public nsIDOMEventReceiver, + public nsIDOM3EventTarget, + public nsIDOMNSEventTarget, + public nsIDOMViewCSS, + public nsSupportsWeakReference, +@@ -219,16 +219,20 @@ + virtual NS_HIDDEN_(PopupControlState) GetPopupControlState() const; + virtual NS_HIDDEN_(OpenAllowValue) GetOpenAllow(const nsAString &aName); + + virtual NS_HIDDEN_(nsresult) SaveWindowState(nsISupports **aState); + virtual NS_HIDDEN_(nsresult) RestoreWindowState(nsISupports *aState); virtual NS_HIDDEN_(PRBool) WouldReuseInnerWindow(nsIDocument *aNewDocument); @@ -918,7 +1247,17 @@ // nsIDOMViewCSS NS_DECL_NSIDOMVIEWCSS -@@ -294,8 +298,6 @@ + // nsIDOMAbstractView + NS_DECL_NSIDOMABSTRACTVIEW + + // nsIInterfaceRequestor + NS_DECL_NSIINTERFACEREQUESTOR +@@ -289,18 +293,16 @@ + void FreeInnerObjects(JSContext *cx); + + nsresult SetNewDocument(nsIDOMDocument *aDocument, + nsISupports *aState, + PRBool aRemoveEventListeners, PRBool aClearScopeHint, PRBool aIsInternalCall); @@ -927,7 +1266,17 @@ // Get the parent, returns null if this is a toplevel window nsIDOMWindowInternal *GetParentInternal(); -@@ -461,6 +463,8 @@ + // popup tracking + PRBool IsPopupSpamWindow() + { + if (IsInnerWindow() && !mOuterWindow) { + return PR_FALSE; +@@ -456,16 +458,18 @@ + nsString mDefaultStatus; + + nsIScriptGlobalObjectOwner* mGlobalObjectOwner; // Weak Reference + nsIDocShell* mDocShell; // Weak Reference + nsCOMPtr mCrypto; nsCOMPtr mPkcs11; nsCOMPtr mInnerWindowHolder; @@ -936,11 +1285,21 @@ // These member variable are used only on inner windows. nsCOMPtr mListenerManager; + nsTimeout* mTimeouts; + nsTimeout** mTimeoutInsertionPoint; + PRUint32 mTimeoutPublicIdCounter; + PRUint32 mTimeoutFiringDepth; + Index: mozilla/dom/src/jsurl/nsJSProtocolHandler.cpp =================================================================== ---- mozilla.orig/dom/src/jsurl/nsJSProtocolHandler.cpp 2007-07-16 11:51:44.000000000 +0200 -+++ mozilla/dom/src/jsurl/nsJSProtocolHandler.cpp 2007-07-16 11:53:05.000000000 +0200 -@@ -222,10 +222,8 @@ +--- mozilla.orig/dom/src/jsurl/nsJSProtocolHandler.cpp 2007-10-09 12:48:36.000000000 +0200 ++++ mozilla/dom/src/jsurl/nsJSProtocolHandler.cpp 2007-10-09 12:48:38.000000000 +0200 +@@ -217,20 +217,18 @@ + PRBool useSandbox = PR_TRUE; + + if (owner) { + principal = do_QueryInterface(owner, &rv); + NS_ASSERTION(principal, "Channel's owner is not a principal"); if (!principal) return NS_ERROR_FAILURE; @@ -953,11 +1312,21 @@ nsCOMPtr objectPrincipal; rv = securityManager->GetObjectPrincipal( (JSContext*)scriptContext->GetNativeContext(), + globalJSObject, + getter_AddRefs(objectPrincipal)); + if (NS_FAILED(rv)) + return rv; + Index: mozilla/embedding/components/windowwatcher/src/Makefile.in =================================================================== ---- mozilla.orig/embedding/components/windowwatcher/src/Makefile.in 2007-07-16 11:51:44.000000000 +0200 -+++ mozilla/embedding/components/windowwatcher/src/Makefile.in 2007-07-16 11:53:05.000000000 +0200 -@@ -63,6 +63,7 @@ +--- mozilla.orig/embedding/components/windowwatcher/src/Makefile.in 2007-10-09 12:48:36.000000000 +0200 ++++ mozilla/embedding/components/windowwatcher/src/Makefile.in 2007-10-09 12:48:38.000000000 +0200 +@@ -58,16 +58,17 @@ + content \ + pref \ + necko \ + docshell \ + webbrwsr \ embed_base \ intl \ layout \ @@ -965,11 +1334,21 @@ $(NULL) CPPSRCS = nsPrompt.cpp \ + nsWWJSUtils.cpp \ + nsWindowWatcher.cpp \ + $(NULL) + + ifdef MOZ_XUL Index: mozilla/embedding/components/windowwatcher/src/nsWindowWatcher.cpp =================================================================== ---- mozilla.orig/embedding/components/windowwatcher/src/nsWindowWatcher.cpp 2007-07-16 11:51:44.000000000 +0200 -+++ mozilla/embedding/components/windowwatcher/src/nsWindowWatcher.cpp 2007-07-16 11:53:05.000000000 +0200 -@@ -58,6 +58,7 @@ +--- mozilla.orig/embedding/components/windowwatcher/src/nsWindowWatcher.cpp 2007-10-09 12:48:36.000000000 +0200 ++++ mozilla/embedding/components/windowwatcher/src/nsWindowWatcher.cpp 2007-10-09 12:48:38.000000000 +0200 +@@ -53,16 +53,17 @@ + #include "nsIDocShellLoadInfo.h" + #include "nsIDocShellTreeItem.h" + #include "nsIDocShellTreeOwner.h" + #include "nsIDocument.h" + #include "nsIDOMDocument.h" #include "nsIDOMWindow.h" #include "nsIDOMChromeWindow.h" #include "nsIDOMWindowInternal.h" @@ -977,7 +1356,17 @@ #include "nsIScreen.h" #include "nsIScreenManager.h" #include "nsIScriptContext.h" -@@ -684,7 +685,7 @@ + #include "nsIEventQueue.h" + #include "nsIEventQueueService.h" + #include "nsIGenericFactory.h" + #include "nsIJSContextStack.h" + #include "nsIObserverService.h" +@@ -679,17 +680,17 @@ + } + } + } + + // better have a window to use by this point if (!newDocShellItem) return rv; @@ -986,7 +1375,17 @@ if (NS_FAILED(rv)) return rv; -@@ -750,6 +751,43 @@ + /* disable persistence of size/position in popups (determined by + determining whether the features parameter specifies width or height + in any way). We consider any overriding of the window's size or position + in the open call as disabling persistence of those attributes. + Popup windows (which should not persist size or position) generally set +@@ -745,16 +746,53 @@ + nsCOMPtr newMarkupDocViewer(do_QueryInterface(newContentViewer)); + if (doc && newMarkupDocViewer) { + newMarkupDocViewer->SetDefaultCharacterSet(doc->GetDocumentCharacterSet()); + } + } } } @@ -1030,7 +1429,17 @@ if (uriToLoad) { // get the script principal and pass it to docshell JSContextAutoPopper contextGuard; -@@ -769,15 +807,8 @@ + cx = GetJSContextFromCallStack(); + + // get the security manager + if (!cx) + cx = GetJSContextFromWindow(aParent); +@@ -764,25 +802,18 @@ + return rv; + cx = contextGuard.get(); + } + + nsCOMPtr loadInfo; newDocShell->CreateLoadInfo(getter_AddRefs(loadInfo)); NS_ENSURE_TRUE(loadInfo, NS_ERROR_FAILURE); @@ -1048,7 +1457,17 @@ } // Set the new window's referrer from the calling context's document: -@@ -1523,6 +1554,7 @@ + + // get the calling context off the JS context stack + nsCOMPtr stack = do_GetService(sJSStackContractID); + + JSContext* ccx = nsnull; +@@ -1518,26 +1549,36 @@ + /* Fetch the nsIDOMWindow corresponding to the given nsIDocShellTreeItem. + This forces the creation of a script context, if one has not already + been created. Note it also sets the window's opener to the parent, + if applicable -- because it's just convenient, that's all. null aParent + is acceptable. */ nsresult nsWindowWatcher::ReadyOpenedDocShellItem(nsIDocShellTreeItem *aOpenedItem, nsIDOMWindow *aParent, @@ -1056,7 +1475,10 @@ nsIDOMWindow **aOpenedWindow) { nsresult rv = NS_ERROR_FAILURE; -@@ -1533,6 +1565,15 @@ + + *aOpenedWindow = 0; + nsCOMPtr globalObject(do_GetInterface(aOpenedItem)); + if (globalObject) { if (aParent) { nsCOMPtr internalParent(do_QueryInterface(aParent)); globalObject->SetOpenerWindow(internalParent); // damnit @@ -1072,11 +1494,21 @@ } rv = CallQueryInterface(globalObject, aOpenedWindow); } + return rv; + } + + /* Size and position the new window according to aFeatures. This method + is assumed to be called after the window has already been given Index: mozilla/embedding/components/windowwatcher/src/nsWindowWatcher.h =================================================================== ---- mozilla.orig/embedding/components/windowwatcher/src/nsWindowWatcher.h 2007-07-16 11:51:44.000000000 +0200 -+++ mozilla/embedding/components/windowwatcher/src/nsWindowWatcher.h 2007-07-16 11:53:05.000000000 +0200 -@@ -100,6 +100,7 @@ +--- mozilla.orig/embedding/components/windowwatcher/src/nsWindowWatcher.h 2007-10-09 12:48:36.000000000 +0200 ++++ mozilla/embedding/components/windowwatcher/src/nsWindowWatcher.h 2007-10-09 12:48:38.000000000 +0200 +@@ -95,16 +95,17 @@ + PRBool aFeaturesSpecified, + PRBool aDialog, + PRBool aChromeURL, + PRBool aHasChromeParent); + static PRInt32 WinHasOption(const char *aOptions, const char *aName, PRInt32 aDefault, PRBool *aPresenceFlag); static nsresult ReadyOpenedDocShellItem(nsIDocShellTreeItem *aOpenedItem, nsIDOMWindow *aParent, @@ -1084,3 +1516,8 @@ nsIDOMWindow **aOpenedWindow); static void SizeOpenedDocShellItem(nsIDocShellTreeItem *aDocShellItem, nsIDOMWindow *aParent, + const char *aFeatures, + PRUint32 aChromeFlags); + static nsresult AttachArguments(nsIDOMWindow *aWindow, + PRUint32 argc, jsval *argv); + static nsresult ConvertSupportsTojsvals(nsIDOMWindow *aWindow, mozilla-version.patch: browser/config/version.txt | 2 +- config/milestone.txt | 2 +- configure | 2 +- configure.in | 2 +- mail/config/version.txt | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) Index: mozilla-version.patch =================================================================== RCS file: /cvs/dist/rpms/firefox/FC-6/mozilla-version.patch,v retrieving revision 1.1 retrieving revision 1.2 diff -u -r1.1 -r1.2 --- mozilla-version.patch 18 Jul 2007 13:12:52 -0000 1.1 +++ mozilla-version.patch 19 Oct 2007 10:57:29 -0000 1.2 @@ -41,5 +41,5 @@ --- org/mozilla/mail/config/version.txt 2007-05-31 11:22:44.000000000 +0200 +++ fixed/mozilla/mail/config/version.txt 2007-07-18 13:36:36.000000000 +0200 @@ -1 +1 @@ --1.5.0.13pre +-1.5.0.14pre +1.5.0.12 Index: sources =================================================================== RCS file: /cvs/dist/rpms/firefox/FC-6/sources,v retrieving revision 1.38 retrieving revision 1.39 diff -u -r1.38 -r1.39 --- sources 18 Jul 2007 04:45:35 -0000 1.38 +++ sources 19 Oct 2007 10:57:29 -0000 1.39 @@ -1,2 +1,2 @@ 04b6e4b4a38f50a3546a483d876e2fa1 firefox-langpacks-1.5.0.12-20070529.tar.bz2 -a4e46e60012ac52aa166f291f5ea3007 mozilla-180-20070717.tar.bz2 +43843946be14cd4034f4858e6b39801c firefox-180-20071018.tar.bz2 From fedora-cvs-commits at redhat.com Fri Oct 19 11:07:25 2007 From: fedora-cvs-commits at redhat.com (fedora-cvs-commits at redhat.com) Date: Fri, 19 Oct 2007 07:07:25 -0400 Subject: rpms/thunderbird/FC-6 mozilla-267833.patch, NONE, 1.1 mozilla-309322_180_att283610.patch, NONE, 1.1 mozilla-325761.patch, NONE, 1.1 mozilla-345305_venkmanonly.patch, NONE, 1.1 mozilla-361745.patch, NONE, 1.1 mozilla-362901.patch, NONE, 1.1 mozilla-372309.patch, NONE, 1.1 mozilla-378787.patch, NONE, 1.1 mozilla-384105.patch, NONE, 1.1 mozilla-386914.patch, NONE, 1.1 mozilla-387033.patch, NONE, 1.1 mozilla-387881.patch, NONE, 1.1 mozilla-388121.patch, NONE, 1.1 mozilla-388784.patch, NONE, 1.1 mozilla-390078.patch, NONE, 1.1 mozilla-392149-180.patch, NONE, 1.1 mozilla-393537.patch, NONE, 1.1 mozilla-395942-180.patch, NONE, 1.1 .cvsignore, 1.14, 1.15 mozilla-381300.patch, 1.1, 1.2 mozilla-version.patch, 1.1, 1.2 sources, 1.23, 1.24 thunderbird.spec, 1.96, 1.97 Message-ID: <200710191107.l9JB7PQ7022984@cvs.devel.redhat.com> Author: stransky Update of /cvs/dist/rpms/thunderbird/FC-6 In directory cvs.devel.redhat.com:/tmp/cvs-serv22966 Modified Files: .cvsignore mozilla-381300.patch mozilla-version.patch sources thunderbird.spec Added Files: mozilla-267833.patch mozilla-309322_180_att283610.patch mozilla-325761.patch mozilla-345305_venkmanonly.patch mozilla-361745.patch mozilla-362901.patch mozilla-372309.patch mozilla-378787.patch mozilla-384105.patch mozilla-386914.patch mozilla-387033.patch mozilla-387881.patch mozilla-388121.patch mozilla-388784.patch mozilla-390078.patch mozilla-392149-180.patch mozilla-393537.patch mozilla-395942-180.patch Log Message: * Thu Oct 18 2007 Martin Stransky - 1.5.0.12-3 - Update to latest snapshot of Mozilla 1.8.0 branch - added pathes for Mozilla bugs 199088,267833,309322,345305,361745, 362901,372309,378787,381300,384105,386914,387033,387881,388121,388784 390078,393537,395942,325761,392149 mozilla-267833.patch: content/base/src/nsDocument.cpp | 21 ++++ content/base/src/nsDocument.h | 3 content/html/document/src/nsHTMLContentSink.cpp | 3 content/xbl/src/nsBindingManager.cpp | 98 +++++++++++++++++++++- content/xbl/src/nsBindingManager.h | 36 +++++++- content/xbl/src/nsXBLResourceLoader.cpp | 9 -- content/xul/templates/src/nsXULContentBuilder.cpp | 4 layout/base/nsCSSFrameConstructor.cpp | 18 ---- layout/base/nsCSSFrameConstructor.h | 13 ++ layout/base/nsPresShell.cpp | 20 ++++ 10 files changed, 195 insertions(+), 30 deletions(-) --- NEW FILE mozilla-267833.patch --- --- content/base/src/nsDocument.cpp | 21 ++++ content/base/src/nsDocument.h | 3 content/html/document/src/nsHTMLContentSink.cpp | 3 content/xbl/src/nsBindingManager.cpp | 98 +++++++++++++++++++++- content/xbl/src/nsBindingManager.h | 36 +++++++- content/xbl/src/nsXBLResourceLoader.cpp | 9 -- content/xul/templates/src/nsXULContentBuilder.cpp | 4 layout/base/nsCSSFrameConstructor.cpp | 18 ---- layout/base/nsCSSFrameConstructor.h | 13 ++ layout/base/nsPresShell.cpp | 20 ++++ 10 files changed, 195 insertions(+), 30 deletions(-) Index: mozilla/content/base/src/nsDocument.cpp =================================================================== --- mozilla.orig/content/base/src/nsDocument.cpp 2007-10-09 15:26:43.000000000 +0200 +++ mozilla/content/base/src/nsDocument.cpp 2007-10-09 15:27:15.000000000 +0200 @@ -974,22 +974,24 @@ { if (mBindingManager || mCSSLoader || mNodeInfoManager) { return NS_ERROR_ALREADY_INITIALIZED; } mLinkMap.Init(); // Force initialization. - nsBindingManager *bindingManager = new nsBindingManager(); + nsBindingManager *bindingManager = new nsBindingManager(this); NS_ENSURE_TRUE(bindingManager, NS_ERROR_OUT_OF_MEMORY); mBindingManager = bindingManager; // The binding manager must always be the first observer of the document. - mObservers.PrependElement(bindingManager); + if (!mObservers.PrependElement(bindingManager)) { + return NS_ERROR_OUT_OF_MEMORY; + } mOnloadBlocker = new nsOnloadBlocker(); NS_ENSURE_TRUE(mOnloadBlocker, NS_ERROR_OUT_OF_MEMORY); NS_NewCSSLoader(this, &mCSSLoader); NS_ENSURE_TRUE(mCSSLoader, NS_ERROR_OUT_OF_MEMORY); // Assume we're not HTML and not quirky, until we know otherwise mCSSLoader->SetCaseSensitive(PR_TRUE); @@ -2230,28 +2232,43 @@ } return mObservers.Contains(aObserver); } void nsDocument::BeginUpdate(nsUpdateType aUpdateType) { + if (mUpdateNestLevel == 0) { + nsIBindingManager* bm = mBindingManager; + NS_STATIC_CAST(nsBindingManager*, bm)->BeginOutermostUpdate(); + } + + ++mUpdateNestLevel; if (mScriptLoader) { NS_STATIC_CAST(nsScriptLoader*, NS_STATIC_CAST(nsIScriptLoader*, mScriptLoader))->AddExecuteBlocker(); } NS_DOCUMENT_NOTIFY_OBSERVERS(BeginUpdate, (this, aUpdateType)); } void nsDocument::EndUpdate(nsUpdateType aUpdateType) { NS_DOCUMENT_NOTIFY_OBSERVERS(EndUpdate, (this, aUpdateType)); + + --mUpdateNestLevel; + if (mUpdateNestLevel == 0) { + // This set of updates may have created XBL bindings. Let the + // binding manager know we're done. + nsIBindingManager* bm = mBindingManager; + NS_STATIC_CAST(nsBindingManager*, bm)->EndOutermostUpdate(); + } + if (mScriptLoader) { NS_STATIC_CAST(nsScriptLoader*, NS_STATIC_CAST(nsIScriptLoader*, mScriptLoader))->RemoveExecuteBlocker(); } } void Index: mozilla/content/base/src/nsDocument.h =================================================================== --- mozilla.orig/content/base/src/nsDocument.h 2007-10-09 15:26:43.000000000 +0200 +++ mozilla/content/base/src/nsDocument.h 2007-10-09 15:26:47.000000000 +0200 @@ -889,12 +889,15 @@ PRUint32 mOnloadBlockCount; nsCOMPtr mOnloadBlocker; // A map from unvisited URI hashes to content elements nsTHashtable mLinkMap; // URIs whose visitedness has changed while we were hidden nsCOMArray mVisitednessChangedURIs; + + // Our update nesting level + PRUint32 mUpdateNestLevel; }; #endif /* nsDocument_h___ */ Index: mozilla/content/html/document/src/nsHTMLContentSink.cpp =================================================================== --- mozilla.orig/content/html/document/src/nsHTMLContentSink.cpp 2007-10-09 15:26:44.000000000 +0200 +++ mozilla/content/html/document/src/nsHTMLContentSink.cpp 2007-10-09 15:28:09.000000000 +0200 @@ -1632,16 +1632,19 @@ * they are visible in the tree. Specifically, make sure * that they are all added to their respective parents. * Also, do notification at the top for all content that * has been newly added so that the frame tree is complete. */ nsresult SinkContext::FlushTags(PRBool aNotify) { + // Not starting an update here, unlike trunk. We'll get XBL + // constructors firing async of the stuff we flush right now. + // Don't release last text node in case we need to add to it again FlushText(); if (aNotify) { // Start from the base of the stack (growing upward) and do // a notification from the node that is closest to the root of // tree for any content that has been added. PRInt32 stackPos = 1; Index: mozilla/content/xbl/src/nsBindingManager.cpp =================================================================== --- mozilla.orig/content/xbl/src/nsBindingManager.cpp 2007-10-09 15:26:44.000000000 +0200 +++ mozilla/content/xbl/src/nsBindingManager.cpp 2007-10-09 15:28:06.000000000 +0200 @@ -300,18 +300,21 @@ // Implementation ///////////////////////////////////////////////////////////////// // Static member variable initialization // Implement our nsISupports methods NS_IMPL_ISUPPORTS3(nsBindingManager, nsIBindingManager, nsIStyleRuleSupplier, nsIDocumentObserver) // Constructors/Destructors -nsBindingManager::nsBindingManager(void) -: mProcessingAttachedStack(PR_FALSE) +nsBindingManager::nsBindingManager(nsIDocument* aDocument) + : mProcessingAttachedStack(PR_FALSE), + mProcessOnEndUpdate(PR_FALSE), + mProcessAttachedQueueEvent(nsnull), + mDocument(aDocument) { mContentListTable.ops = nsnull; mAnonymousNodesTable.ops = nsnull; mInsertionParentTable.ops = nsnull; mWrapperTable.ops = nsnull; } static PRBool PR_CALLBACK @@ -781,48 +784,81 @@ NS_IMETHODIMP nsBindingManager::AddToAttachedQueue(nsXBLBinding* aBinding) { if (!mAttachedStack.AppendElement(aBinding)) return NS_ERROR_OUT_OF_MEMORY; NS_ADDREF(aBinding); + + // If we're in the middle of processing our queue already, don't + // bother posting the event. + if (!mProcessingAttachedStack && !mProcessAttachedQueueEvent) { + nsCOMPtr eventQueueService = + do_GetService(NS_EVENTQUEUESERVICE_CONTRACTID); + nsCOMPtr eventQueue; + if (eventQueueService) { + eventQueueService-> + GetSpecialEventQueue(nsIEventQueueService::UI_THREAD_EVENT_QUEUE, + getter_AddRefs(eventQueue)); + } + if (eventQueue) { + ProcessAttachedQueueEvent* ev = new ProcessAttachedQueueEvent(this); + if (ev && NS_FAILED(eventQueue->PostEvent(ev))) { + PL_DestroyEvent(ev); + } else { + mProcessAttachedQueueEvent = ev; + } + } + } + return NS_OK; } NS_IMETHODIMP nsBindingManager::ClearAttachedQueue() { mAttachedStack.EnumerateForwards(ReleaseBindings, nsnull); mAttachedStack.Clear(); return NS_OK; } +void +nsBindingManager::DoProcessAttachedQueue() +{ + ProcessAttachedQueue(); + + NS_ASSERTION(mAttachedStack.Count() == 0, + "Shouldn't have pending bindings!"); + + mProcessAttachedQueueEvent = nsnull; +} + NS_IMETHODIMP nsBindingManager::ProcessAttachedQueue() { - if (mProcessingAttachedStack) + if (mProcessingAttachedStack || mAttachedStack.Count() == 0) return NS_OK; mProcessingAttachedStack = PR_TRUE; PRInt32 lastItem; while ((lastItem = mAttachedStack.Count() - 1) >= 0) { nsXBLBinding *binding = NS_STATIC_CAST(nsXBLBinding*, mAttachedStack.FastElementAt(lastItem)); mAttachedStack.RemoveElementAt(lastItem); NS_ASSERTION(binding, "null item in attached stack?"); binding->ExecuteAttachedHandler(); NS_RELEASE(binding); } mProcessingAttachedStack = PR_FALSE; - ClearAttachedQueue(); + NS_ASSERTION(mAttachedStack.Count() == 0, "How did we get here?"); return NS_OK; } PR_STATIC_CALLBACK(PLDHashOperator) AccumulateBindingsToDetach(nsISupports *aKey, nsXBLBinding *aBinding, void* aVoidArray) { nsVoidArray* arr = NS_STATIC_CAST(nsVoidArray*, aVoidArray); @@ -1304,8 +1340,62 @@ nsXBLInsertionPoint* point = contentList->GetInsertionPointAt(i); if (point->GetInsertionIndex() != -1) { point->RemoveChild(aChild); } } } } } + +void +nsBindingManager::DocumentWillBeDestroyed(nsIDocument* aDocument) +{ + // Make sure to not run any more XBL constructors + mProcessingAttachedStack = PR_TRUE; + + mDocument = nsnull; +} + +void +nsBindingManager::BeginOutermostUpdate() +{ + mProcessOnEndUpdate = (mAttachedStack.Count() == 0); +} + +void +nsBindingManager::EndOutermostUpdate() +{ + if (mProcessOnEndUpdate) { + mProcessOnEndUpdate = PR_FALSE; + ProcessAttachedQueue(); + } +} + +static void PR_CALLBACK +HandlePLEvent(nsBindingManager::ProcessAttachedQueueEvent* aEvent) +{ + aEvent->HandleEvent(); +} + +static void PR_CALLBACK +DestroyPLEvent(nsBindingManager::ProcessAttachedQueueEvent* aEvent) +{ + delete aEvent; +} + +nsBindingManager::ProcessAttachedQueueEvent::ProcessAttachedQueueEvent(nsBindingManager* aBindingManager) + : mBindingManager(aBindingManager) +{ + PL_InitEvent(this, aBindingManager, + (PLHandleEventProc) ::HandlePLEvent, + (PLDestroyEventProc) ::DestroyPLEvent); + if (aBindingManager->mDocument) { + aBindingManager->mDocument->BlockOnload(); + } +} + +nsBindingManager::ProcessAttachedQueueEvent::~ProcessAttachedQueueEvent() +{ + if (mBindingManager->mDocument) { + mBindingManager->mDocument->UnblockOnload(); + } +} Index: mozilla/content/xbl/src/nsBindingManager.h =================================================================== --- mozilla.orig/content/xbl/src/nsBindingManager.h 2007-10-09 15:26:44.000000000 +0200 +++ mozilla/content/xbl/src/nsBindingManager.h 2007-10-09 15:28:02.000000000 +0200 @@ -42,16 +42,17 @@ #include "nsIBindingManager.h" #include "nsIStyleRuleSupplier.h" #include "nsStubDocumentObserver.h" #include "pldhash.h" #include "nsInterfaceHashtable.h" #include "nsRefPtrHashtable.h" #include "nsURIHashKey.h" +#include "plevent.h" class nsIContent; class nsIXPConnectWrappedJS; class nsIAtom; class nsIDOMNodeList; class nsVoidArray; class nsIDocument; class nsIURI; @@ -61,17 +62,17 @@ class nsBindingManager : public nsIBindingManager, public nsIStyleRuleSupplier, public nsStubDocumentObserver { NS_DECL_ISUPPORTS public: - nsBindingManager(); + nsBindingManager(nsIDocument* aDocument); ~nsBindingManager(); virtual nsXBLBinding* GetBinding(nsIContent* aContent); NS_IMETHOD SetBinding(nsIContent* aContent, nsXBLBinding* aBinding); NS_IMETHOD GetInsertionParent(nsIContent* aContent, nsIContent** aResult); NS_IMETHOD SetInsertionParent(nsIContent* aContent, nsIContent* aResult); @@ -136,31 +137,55 @@ virtual void ContentInserted(nsIDocument* aDocument, nsIContent* aContainer, nsIContent* aChild, PRInt32 aIndexInContainer); virtual void ContentRemoved(nsIDocument* aDocument, nsIContent* aContainer, nsIContent* aChild, PRInt32 aIndexInContainer); + virtual void DocumentWillBeDestroyed(nsIDocument* aDocument); + + struct ProcessAttachedQueueEvent; + friend struct ProcessAttachedQueueEvent; + + struct ProcessAttachedQueueEvent : public PLEvent { + ProcessAttachedQueueEvent(nsBindingManager* aBindingManager); + ~ProcessAttachedQueueEvent(); + + void HandleEvent() { + mBindingManager->DoProcessAttachedQueue(); + } + + nsRefPtr mBindingManager; + }; + + // Notify the binding manager when an outermost update begins and + // ends. The end method can execute script. + void BeginOutermostUpdate(); + void EndOutermostUpdate(); protected: nsresult GetXBLChildNodesInternal(nsIContent* aContent, nsIDOMNodeList** aResult, PRBool* aIsAnonymousContentList); nsresult GetAnonymousNodesInternal(nsIContent* aContent, nsIDOMNodeList** aResult, PRBool* aIsAnonymousContentList); nsIContent* GetEnclosingScope(nsIContent* aContent) { return aContent->GetBindingParent(); } nsresult GetNestedInsertionPoint(nsIContent* aParent, nsIContent* aChild, nsIContent** aResult); + // Same as ProcessAttachedQueue, but also nulls out + // mProcessAttachedQueueEvent + void DoProcessAttachedQueue(); + // MEMBER VARIABLES protected: // A mapping from nsIContent* to the nsXBLBinding* that is // installed on that element. nsRefPtrHashtable mBindingTable; // A mapping from nsIContent* to an nsIDOMNodeList* // (nsAnonymousContentList*). This list contains an accurate @@ -198,14 +223,21 @@ // A mapping from a URL (a string) to a nsIStreamListener. This // table is the currently loading binding docs. If they're in this // table, they have not yet finished loading. nsInterfaceHashtable mLoadingDocTable; // A queue of binding attached event handlers that are awaiting execution. nsVoidArray mAttachedStack; - PRBool mProcessingAttachedStack; + PRPackedBool mProcessingAttachedStack; + PRPackedBool mProcessOnEndUpdate; + + // Our posted event to process the attached queue, if any + ProcessAttachedQueueEvent* mProcessAttachedQueueEvent; + + // Our document. This is a weak ref; the document owns us + nsIDocument* mDocument; }; PRBool PR_CALLBACK ReleaseInsertionPoint(void* aElement, void* aData); #endif Index: mozilla/content/xbl/src/nsXBLResourceLoader.cpp =================================================================== --- mozilla.orig/content/xbl/src/nsXBLResourceLoader.cpp 2007-10-09 15:26:44.000000000 +0200 +++ mozilla/content/xbl/src/nsXBLResourceLoader.cpp 2007-10-09 15:27:56.000000000 +0200 @@ -233,22 +233,16 @@ // We need the document to flush out frame construction and // such, so we want to use the current document. nsIDocument* doc = content->GetCurrentDoc(); if (doc) { // Flush first to make sure we can get the frame for content doc->FlushPendingNotifications(Flush_Frames); - // Notify - nsIContent* parent = content->GetParent(); - PRInt32 index = 0; - if (parent) - index = parent->IndexOf(content); - // If |content| is (in addition to having binding |mBinding|) // also a descendant of another element with binding |mBinding|, // then we might have just constructed it due to the // notification of its parent. (We can know about both if the // binding loads were triggered from the DOM rather than frame // construction.) So we have to check both whether the element // has a primary frame and whether it's in the undisplayed map // before sending a ContentInserted notification, or bad things @@ -258,18 +252,17 @@ nsIFrame* childFrame; shell->GetPrimaryFrameFor(content, &childFrame); if (!childFrame) { // Check to see if it's in the undisplayed content map. nsStyleContext* sc = shell->FrameManager()->GetUndisplayedContent(content); if (!sc) { - nsCOMPtr obs(do_QueryInterface(shell)); - obs->ContentInserted(doc, parent, content, index); + shell->RecreateFramesFor(content); } } } // Flush again // XXXbz why is this needed? doc->FlushPendingNotifications(Flush_ContentAndNotify); } Index: mozilla/content/xul/templates/src/nsXULContentBuilder.cpp =================================================================== --- mozilla.orig/content/xul/templates/src/nsXULContentBuilder.cpp 2007-10-09 15:26:44.000000000 +0200 +++ mozilla/content/xul/templates/src/nsXULContentBuilder.cpp 2007-10-09 15:28:12.000000000 +0200 @@ -1768,16 +1768,18 @@ if (container && IsLazyWidgetItem(aElement)) { // The tree widget is special, and has to be spanked every // time we add content to a container. nsCOMPtr doc = mRoot->GetDocument(); NS_ASSERTION(doc, "root element has no document"); if (! doc) return NS_ERROR_UNEXPECTED; + mozAutoDocUpdate upd(container->GetCurrentDoc(), UPDATE_CONTENT_MODEL, + PR_TRUE); doc->ContentAppended(container, newIndex); } return NS_OK; } nsresult nsXULContentBuilder::CloseContainer(nsIContent* aElement) @@ -1902,16 +1904,18 @@ CreateTemplateAndContainerContents(mRoot, getter_AddRefs(container), &newIndex); if (container) { nsCOMPtr doc = mRoot->GetDocument(); NS_ASSERTION(doc, "root element has no document"); if (! doc) return NS_ERROR_UNEXPECTED; + mozAutoDocUpdate upd(container->GetCurrentDoc(), UPDATE_CONTENT_MODEL, + PR_TRUE); doc->ContentAppended(container, newIndex); } return NS_OK; } nsresult nsXULContentBuilder::CompileCondition(nsIAtom* aTag, Index: mozilla/layout/base/nsCSSFrameConstructor.cpp =================================================================== --- mozilla.orig/layout/base/nsCSSFrameConstructor.cpp 2007-10-09 15:26:44.000000000 +0200 +++ mozilla/layout/base/nsCSSFrameConstructor.cpp 2007-10-09 15:27:43.000000000 +0200 @@ -8914,19 +8914,16 @@ // Don't create child frames for iframes/frames, they should not // display any content that they contain. else if (nsLayoutAtoms::subDocumentFrame != frameType) { // Construct a child frame (that does not have a table as parent) ConstructFrame(state, childContent, parentFrame, frameItems); } } - // We built some new frames. Initialize any newly-constructed bindings. - mDocument->BindingManager()->ProcessAttachedQueue(); - // process the current pseudo frame state if (!state.mPseudoFrames.IsEmpty()) { ProcessPseudoFrames(state, frameItems); } if (haveFirstLineStyle) { // It's possible that some of the new frames go into a // first-line frame. Look at them and see... @@ -9348,18 +9345,16 @@ if (fdbg) { printf("nsCSSFrameConstructor::ContentInserted: resulting frame model:\n"); fdbg->List(state.mPresContext, stdout, 0); } } #endif } - mDocument->BindingManager()->ProcessAttachedQueue(); - // otherwise this is not a child of the root element, and we // won't let it have a frame. return NS_OK; } // Otherwise, we've got parent content. Find its frame. nsIFrame* parentFrame = aContainerFrame; if (!parentFrame) { @@ -9574,20 +9569,16 @@ if (nsLayoutAtoms::tableCaptionFrame == frameItems.childList->GetType()) { NS_ASSERTION(frameItems.childList == frameItems.lastChild , "adding a non caption frame to the caption childlist?"); captionItems.AddChild(frameItems.childList); frameItems = nsFrameItems(); } } - // Now that we've created frames, run the attach queue. - //XXXwaterson should we do this after we've processed pseudos, too? - mDocument->BindingManager()->ProcessAttachedQueue(); - // process the current pseudo frame state if (!state.mPseudoFrames.IsEmpty()) ProcessPseudoFrames(state, frameItems); // If the final parent frame (decided by AdjustParentFrame()) is different // from the parent of the insertion point we calculated above then // parentFrame/prevSibling/appendAfterFrame are now invalid and as it is // unknown where to insert correctly we append instead (bug 341858). @@ -13209,18 +13200,16 @@ if (!state.mPseudoFrames.IsEmpty()) { ProcessPseudoFrames(state, frameItems); } nsIFrame* newFrame = frameItems.childList; *aNewFrame = newFrame; if (NS_SUCCEEDED(rv) && (nsnull != newFrame)) { - mDocument->BindingManager()->ProcessAttachedQueue(); - // Notify the parent frame if (aIsAppend) rv = ((nsListBoxBodyFrame*)aParentFrame)->ListBoxAppendFrames(newFrame); else rv = ((nsListBoxBodyFrame*)aParentFrame)->ListBoxInsertFrames(aPrevFrame, newFrame); } } @@ -14227,21 +14216,21 @@ restylesToProcess; currentRestyle != lastRestyle; ++currentRestyle) { ProcessOneRestyle(currentRestyle->mContent, currentRestyle->mRestyleHint, currentRestyle->mChangeHint); } + delete [] restylesToProcess; + EndUpdate(); viewManager->EndUpdateViewBatch(NS_VMREFRESH_NO_SYNC); - - delete [] restylesToProcess; } void nsCSSFrameConstructor::PostRestyleEvent(nsIContent* aContent, nsReStyleHint aRestyleHint, nsChangeHint aMinChangeHint) { if (aRestyleHint == 0 && !aMinChangeHint) { @@ -14276,32 +14265,33 @@ mRestyleEventQueue = eventQueue; } } } void nsCSSFrameConstructor::RestyleEvent::HandleEvent() { nsCSSFrameConstructor* constructor = NS_STATIC_CAST(nsCSSFrameConstructor*, owner); - nsIViewManager* viewManager = + nsCOMPtr viewManager = constructor->mDocument->GetShellAt(0)->GetPresContext()->GetViewManager(); NS_ASSERTION(viewManager, "Must have view manager for update"); viewManager->BeginUpdateViewBatch(); // Force flushing of any pending content notifications that might have queued // up while our event was pending. That will ensure that we don't construct // frames for content right now that's still waiting to be notified on, constructor->mPresShell->GetDocument()-> FlushPendingNotifications(Flush_ContentAndNotify); // Make sure that any restyles that happen from now on will go into // a new event. constructor->mRestyleEventQueue = nsnull; constructor->ProcessPendingRestyles(); + constructor->mDocument->BindingManager()->ProcessAttachedQueue(); viewManager->EndUpdateViewBatch(NS_VMREFRESH_NO_SYNC); } PR_STATIC_CALLBACK(void*) HandleRestyleEvent(PLEvent* aEvent) { nsCSSFrameConstructor::RestyleEvent* evt = NS_STATIC_CAST(nsCSSFrameConstructor::RestyleEvent*, aEvent); Index: mozilla/layout/base/nsCSSFrameConstructor.h =================================================================== --- mozilla.orig/layout/base/nsCSSFrameConstructor.h 2007-10-09 15:26:44.000000000 +0200 +++ mozilla/layout/base/nsCSSFrameConstructor.h 2007-10-09 15:27:18.000000000 +0200 @@ -133,21 +133,34 @@ void BeginUpdate() { ++mUpdateCount; } void EndUpdate(); void RecalcQuotesAndCounters(); void WillDestroyFrameTree(); // Note: It's the caller's responsibility to make sure to wrap a // ProcessRestyledFrames call in a view update batch. + // This function does not call ProcessAttachedQueue() on the binding manager. + // If the caller wants that to happen synchronously, it needs to handle that + // itself. nsresult ProcessRestyledFrames(nsStyleChangeList& aRestyleArray); +private: + // This function does not call ProcessAttachedQueue() on the binding manager. + // If the caller wants that to happen synchronously, it needs to handle that + // itself. void ProcessOneRestyle(nsIContent* aContent, nsReStyleHint aRestyleHint, nsChangeHint aChangeHint); + +public: + // This function does not call ProcessAttachedQueue() on the binding manager. + // If the caller wants that to happen synchronously, it needs to handle that + // itself. void ProcessPendingRestyles(); + void PostRestyleEvent(nsIContent* aContent, nsReStyleHint aRestyleHint, nsChangeHint aMinChangeHint); // Notification that we were unable to render a replaced element. nsresult CantRenderReplacedElement(nsIFrame* aFrame); // Request to create a continuing frame nsresult CreateContinuingFrame(nsPresContext* aPresContext, Index: mozilla/layout/base/nsPresShell.cpp =================================================================== --- mozilla.orig/layout/base/nsPresShell.cpp 2007-10-09 15:26:44.000000000 +0200 +++ mozilla/layout/base/nsPresShell.cpp 2007-10-09 15:27:51.000000000 +0200 @@ -2980,16 +2980,19 @@ ti->SetIdle(PR_FALSE); mPaintSuppressionTimer->InitWithFuncCallback(sPaintSuppressionCallback, this, delay, nsITimer::TYPE_ONE_SHOT); } } + // Run the XBL binding constructors for any new frames we've constructed + mDocument->BindingManager()->ProcessAttachedQueue(); + return NS_OK; //XXX this needs to be real. MMP } void PresShell::sPaintSuppressionCallback(nsITimer *aTimer, void* aPresShell) { PresShell* self = NS_STATIC_CAST(PresShell*, aPresShell); if (self) @@ -5382,17 +5385,34 @@ NS_ASSERTION(!isSafeToFlush || mViewManager, "Must have view manager"); if (isSafeToFlush && mViewManager) { // Style reresolves not in conjunction with reflows can't cause // painting or geometry changes, so don't bother with view update // batching if we only have style reresolve mViewManager->BeginUpdateViewBatch(); if (aType & Flush_StyleReresolves) { + // Processing pending restyles can kill us, and some callers only + // hold weak refs when calling FlushPendingNotifications(). :( + nsCOMPtr kungFuDeathGrip(this); mFrameConstructor->ProcessPendingRestyles(); + if (mIsDestroying) { + // We no longer have a view manager and all that. + // XXX FIXME: Except we're in the middle of a view update batch... We + // need to address that somehow. See bug 369165. + return NS_OK; + } + + mDocument->BindingManager()->ProcessAttachedQueue(); + if (mIsDestroying) { + // We no longer have a view manager and all that. + // XXX FIXME: Except we're in the middle of a view update batch... We + // need to address that somehow. See bug 369165. + return NS_OK; + } } if (aType & Flush_OnlyReflow) { mFrameConstructor->RecalcQuotesAndCounters(); ProcessReflowCommands(PR_FALSE); } PRUint32 updateFlags = NS_VMREFRESH_NO_SYNC; mozilla-309322_180_att283610.patch: base/nsCSSFrameConstructor.cpp | 182 ++++++++++++++++------------------------- tables/nsTableOuterFrame.cpp | 61 +++++++------ tables/nsTableOuterFrame.h | 1 3 files changed, 107 insertions(+), 137 deletions(-) --- NEW FILE mozilla-309322_180_att283610.patch --- --- layout/base/nsCSSFrameConstructor.cpp | 182 +++++++++++++--------------------- layout/tables/nsTableOuterFrame.cpp | 61 +++++------ layout/tables/nsTableOuterFrame.h | 1 3 files changed, 107 insertions(+), 137 deletions(-) Index: mozilla/layout/base/nsCSSFrameConstructor.cpp =================================================================== --- mozilla.orig/layout/base/nsCSSFrameConstructor.cpp 2007-10-09 15:03:00.000000000 +0200 +++ mozilla/layout/base/nsCSSFrameConstructor.cpp 2007-10-09 15:15:19.000000000 +0200 @@ -3468,23 +3468,38 @@ NS_PRECONDITION(aFrameItems, "Must have frame items to work with"); aCreatedPseudo = PR_FALSE; if (!aParentFrame) { // Nothing to do here return NS_OK; } + PRBool childIsSpecialContent = PR_FALSE; // lazy lookup + // Only use the outer table frame as parent if the child is going to use a + // tableCaptionFrame, otherwise the inner table frame is the parent + // (bug 341858). + if (aParentFrame->GetType() == nsLayoutAtoms::tableOuterFrame) { + childIsSpecialContent = IsSpecialContent(aChildContent, aTag, aNameSpaceID, + aChildStyle); + if (childIsSpecialContent || + (aChildStyle->GetStyleDisplay()->mDisplay != + NS_STYLE_DISPLAY_TABLE_CAPTION)) { + aParentFrame = aParentFrame->GetContentInsertionFrame(); + } + } + // If our parent is a table, table-row-group, or table-row, and // we're not table-related in any way, we have to create table // pseudo-frames so that we have a table cell to live in. if (IsTableRelated(aParentFrame->GetType(), PR_FALSE) && (!IsTableRelated(aChildDisplay->mDisplay, PR_TRUE) || // Also need to create a pseudo-parent if the child is going to end up // with a frame based on something other than display. + childIsSpecialContent || // looked it up before IsSpecialContent(aChildContent, aTag, aNameSpaceID, aChildStyle))) { nsTableCreator tableCreator(aState.mPresShell); nsresult rv = GetPseudoCellFrame(tableCreator, aState, *aParentFrame); if (NS_FAILED(rv)) { return rv; } NS_ASSERTION(aState.mPseudoFrames.mCellInner.mFrame, @@ -8389,55 +8404,50 @@ nsCSSFrameConstructor::IsValidSibling(nsIFrame* aParentFrame, const nsIFrame& aSibling, PRUint8 aSiblingDisplay, nsIContent& aContent, PRUint8& aDisplay) { if ((NS_STYLE_DISPLAY_TABLE_COLUMN_GROUP == aSiblingDisplay) || (NS_STYLE_DISPLAY_TABLE_COLUMN == aSiblingDisplay) || + (NS_STYLE_DISPLAY_TABLE_CAPTION == aSiblingDisplay) || (NS_STYLE_DISPLAY_TABLE_HEADER_GROUP == aSiblingDisplay) || (NS_STYLE_DISPLAY_TABLE_ROW_GROUP == aSiblingDisplay) || (NS_STYLE_DISPLAY_TABLE_FOOTER_GROUP == aSiblingDisplay)) { // if we haven't already, construct a style context to find the display type of aContent if (UNSET_DISPLAY == aDisplay) { nsRefPtr styleContext; styleContext = ResolveStyleContext(aSibling.GetParent(), &aContent); if (!styleContext) return PR_FALSE; const nsStyleDisplay* display = styleContext->GetStyleDisplay(); aDisplay = display->mDisplay; } switch (aSiblingDisplay) { case NS_STYLE_DISPLAY_TABLE_COLUMN_GROUP: return (NS_STYLE_DISPLAY_TABLE_COLUMN_GROUP == aDisplay); case NS_STYLE_DISPLAY_TABLE_COLUMN: return (NS_STYLE_DISPLAY_TABLE_COLUMN == aDisplay); + case NS_STYLE_DISPLAY_TABLE_CAPTION: + return (NS_STYLE_DISPLAY_TABLE_CAPTION == aDisplay); default: // all of the row group types return (NS_STYLE_DISPLAY_TABLE_HEADER_GROUP == aDisplay) || (NS_STYLE_DISPLAY_TABLE_ROW_GROUP == aDisplay) || (NS_STYLE_DISPLAY_TABLE_FOOTER_GROUP == aDisplay) || (NS_STYLE_DISPLAY_TABLE_CAPTION == aDisplay); } } - else if (NS_STYLE_DISPLAY_TABLE_CAPTION == aSiblingDisplay) { - // Nothing can be a sibling of a caption since there can only be one caption. - // But this check is necessary since a row group and caption are siblings - // from a content perspective (they share the table content as parent) - return PR_FALSE; - } - else { - if (nsLayoutAtoms::fieldSetFrame == aParentFrame->GetType()) { - // Legends can be sibling of legends but not of other content in the fieldset - nsIAtom* sibType = aSibling.GetType(); - nsCOMPtr legendContent(do_QueryInterface(&aContent)); - - if ((legendContent && (nsLayoutAtoms::legendFrame != sibType)) || - (!legendContent && (nsLayoutAtoms::legendFrame == sibType))) - return PR_FALSE; - } + else if (nsLayoutAtoms::fieldSetFrame == aParentFrame->GetType()) { + // Legends can be sibling of legends but not of other content in the fieldset + nsIAtom* sibType = aSibling.GetType(); + nsCOMPtr legendContent(do_QueryInterface(&aContent)); + + if ((legendContent && (nsLayoutAtoms::legendFrame != sibType)) || + (!legendContent && (nsLayoutAtoms::legendFrame == sibType))) + return PR_FALSE; } return PR_TRUE; } /** * Find the ``rightmost'' frame for the content immediately preceding * aIndexInContainer, following continuations if necessary. @@ -8871,46 +8881,28 @@ RemoveLetterFrames(state.mPresContext, state.mPresShell, state.mFrameManager, containingBlock); } // if the container is a table and a caption was appended, it needs to be put in // the outer table frame's additional child list. nsFrameItems captionItems; - PRBool hasCaption = PR_FALSE; - if (nsLayoutAtoms::tableFrame == frameType) { - nsIFrame* outerTable = parentFrame->GetParent(); - if (outerTable) { - if (outerTable->GetFirstChild(nsLayoutAtoms::captionList)) { - hasCaption = PR_TRUE; - } - } - } PRUint32 i; count = aContainer->GetChildCount(); for (i = aNewIndexInContainer; i < count; i++) { nsIContent *childContent = aContainer->GetChildAt(i); // lookup the table child frame type as it is much more difficult to remove a frame // and all it descendants (abs. pos. for instance) than to prevent the frame creation. if (nsLayoutAtoms::tableFrame == frameType) { - if (hasCaption) { - // Resolve the style context and get its display - nsRefPtr childStyleContext; - childStyleContext = ResolveStyleContext(parentFrame, childContent); - if (childStyleContext->GetStyleDisplay()->mDisplay == NS_STYLE_DISPLAY_TABLE_CAPTION) - continue; //don't create a table caption frame and its descendants - } nsFrameItems tempItems; ConstructFrame(state, childContent, parentFrame, tempItems); if (tempItems.childList) { if (nsLayoutAtoms::tableCaptionFrame == tempItems.childList->GetType()) { - NS_ASSERTION(!captionItems.childList, "don't append twice a caption"); - hasCaption = PR_TRUE; // remember that we have a caption now - captionItems.AddChild(tempItems.childList); + captionItems.AddChild(tempItems.childList); } else { frameItems.AddChild(tempItems.childList); } } } else if (nsLayoutAtoms::tableColGroupFrame == frameType) { nsRefPtr childStyleContext; @@ -9117,17 +9109,18 @@ if (!IsInlineFrame2(aParentFrame)) return PR_FALSE; // find out if aChild is a block or inline PRBool childIsBlock = PR_FALSE; if (aChild->IsContentOfType(nsIContent::eELEMENT)) { nsRefPtr styleContext; styleContext = ResolveStyleContext(aParentFrame, aChild); - childIsBlock = styleContext->GetStyleDisplay()->IsBlockLevel(); + const nsStyleDisplay* display = styleContext->GetStyleDisplay(); + childIsBlock = display->IsBlockLevel() || IsTableRelated(display->mDisplay, PR_TRUE); } nsIFrame* prevParent; // parent of prev sibling nsIFrame* nextParent; // parent of next sibling if (childIsBlock) { if (aPrevSibling) { prevParent = aPrevSibling->GetParent(); NS_ASSERTION(prevParent, "program error - null parent frame"); @@ -9464,31 +9457,21 @@ // if we don't need to reframe then set parentFrame and prevSibling to the correct values if (NeedSpecialFrameReframe(aContainer, container, parentFrame, aChild, aIndexInContainer, prevSibling, nextSibling)) { return ReframeContainingBlock(parentFrame); } } - nsFrameItems frameItems; nsFrameConstructorState state(mPresShell, mFixedContainingBlock, GetAbsoluteContainingBlock(parentFrame), GetFloatContainingBlock(parentFrame), aFrameState); - PRBool hasCaption = PR_FALSE; - if (nsLayoutAtoms::tableFrame == parentFrame->GetType()) { - nsIFrame* outerTable = parentFrame->GetParent(); - if (outerTable) { - if (outerTable->GetFirstChild(nsLayoutAtoms::captionList)) { - hasCaption = PR_TRUE; - } - } - } // Recover state for the containing block - we need to know if // it has :first-letter or :first-line style applied to it. The // reason we care is that the internal structure in these cases // is not the normal structure and requires custom updating // logic. nsIFrame* containingBlock = state.mFloatedItems.containingBlock; nsStyleContext* blockSC; @@ -9575,47 +9558,55 @@ } } else if (NS_STYLE_DISPLAY_TABLE_COLUMN_GROUP == parentDisplay->mDisplay) { nsRefPtr childStyleContext; childStyleContext = ResolveStyleContext(parentFrame, aChild); if (childStyleContext->GetStyleDisplay()->mDisplay != NS_STYLE_DISPLAY_TABLE_COLUMN) return NS_OK; //don't create anything else than columns below a colgroup } - else if (parentFrame->GetType() == nsLayoutAtoms::tableFrame && hasCaption) { - // Resolve the style context and get its display - nsRefPtr childStyleContext; - childStyleContext = ResolveStyleContext(parentFrame, aChild); - if (childStyleContext->GetStyleDisplay()->mDisplay == NS_STYLE_DISPLAY_TABLE_CAPTION) - return NS_OK; //don't create a second table caption frame and its descendants - } // if the container is a table and a caption will be appended, it needs to be // put in the outer table frame's additional child list. - nsFrameItems tempItems, captionItems; + nsFrameItems frameItems, captionItems; - ConstructFrame(state, aChild, parentFrame, tempItems); - if (tempItems.childList) { - if (nsLayoutAtoms::tableCaptionFrame == tempItems.childList->GetType()) { - captionItems.AddChild(tempItems.childList); - } - else { - frameItems.AddChild(tempItems.childList); + ConstructFrame(state, aChild, parentFrame, frameItems); + if (frameItems.childList) { + if (nsLayoutAtoms::tableCaptionFrame == frameItems.childList->GetType()) { + NS_ASSERTION(frameItems.childList == frameItems.lastChild , + "adding a non caption frame to the caption childlist?"); + captionItems.AddChild(frameItems.childList); + frameItems = nsFrameItems(); } } // Now that we've created frames, run the attach queue. //XXXwaterson should we do this after we've processed pseudos, too? mDocument->BindingManager()->ProcessAttachedQueue(); // process the current pseudo frame state if (!state.mPseudoFrames.IsEmpty()) ProcessPseudoFrames(state, frameItems); + // If the final parent frame (decided by AdjustParentFrame()) is different + // from the parent of the insertion point we calculated above then + // parentFrame/prevSibling/appendAfterFrame are now invalid and as it is + // unknown where to insert correctly we append instead (bug 341858). + if (frameItems.childList && + frameItems.childList->GetParent() != parentFrame) { + prevSibling = nsnull; + isAppend = PR_TRUE; + parentFrame = + ::AdjustAppendParentForAfterContent(mPresShell->GetPresContext(), + aContainer, + frameItems.childList->GetParent(), + &appendAfterFrame); + } + // XXX Bug 19949 // Although select frame are inline we do not want to call // WipeContainingBlock because it will throw away the entire select frame and // start over which is something we do not want to do // nsCOMPtr selectContent = do_QueryInterface(aContainer); if (!selectContent) { // Perform special check for diddling around with the frames in @@ -9636,16 +9627,17 @@ // Use more complicated insert logic when inserting InsertFirstLineFrames(state, aContainer, containingBlock, &parentFrame, prevSibling, frameItems); } } nsIFrame* newFrame = frameItems.childList; if (NS_SUCCEEDED(rv) && newFrame) { + NS_ASSERTION(!captionItems.childList, "leaking caption frames"); // Notify the parent frame if (isAppend) { AppendFrames(state, aContainer, parentFrame, newFrame, appendAfterFrame); } else { if (!prevSibling) { // We're inserting the new frame as the first child. See if the // parent has a :before pseudo-element @@ -9674,23 +9666,26 @@ if (NS_SUCCEEDED(rv) && newCaptionFrame) { nsIFrame* outerTableFrame; if (GetCaptionAdjustedParent(parentFrame, newCaptionFrame, &outerTableFrame)) { // If the parent is not a outer table frame we will try to add frames // to a named child list that the parent does not honour and the frames // will get lost NS_ASSERTION(nsLayoutAtoms::tableOuterFrame == outerTableFrame->GetType(), "Pseudo frame construction failure, a caption can be only a child of a outer table frame"); - // the double caption creation was prevented above, so we are sure - // that we can append - NS_ASSERTION(!outerTableFrame->GetFirstChild(nsLayoutAtoms::captionList), - "No double captions please"); - state.mFrameManager->AppendFrames(outerTableFrame, - nsLayoutAtoms::captionList, - newCaptionFrame); + if (isAppend) { + state.mFrameManager->AppendFrames(outerTableFrame, + nsLayoutAtoms::captionList, + newCaptionFrame); + } + else { + state.mFrameManager->InsertFrames(outerTableFrame, + nsLayoutAtoms::captionList, + prevSibling, newCaptionFrame); + } } } } // Here we have been notified that content has been insert // so if the select now has a single item // we need to go in and removed the dummy frame nsCOMPtr selectElement = do_QueryInterface(aContainer); if (selectElement) @@ -11277,57 +11272,28 @@ // XXXbz should we be passing in a non-null aContentParentFrame? nsHTMLContainerFrame::CreateViewForFrame(newFrame, nsnull, PR_FALSE); // Create a continuing inner table frame, and if there's a caption then // replicate the caption nsFrameItems newChildFrames; nsIFrame* childFrame = aFrame->GetFirstChild(nsnull); - while (childFrame) { - // See if it's the inner table frame - if (nsLayoutAtoms::tableFrame == childFrame->GetType()) { - nsIFrame* continuingTableFrame; - - // It's the inner table frame, so create a continuing frame - rv = CreateContinuingFrame(aPresContext, childFrame, newFrame, - &continuingTableFrame); - if (NS_FAILED(rv)) { - newFrame->Destroy(aPresContext); - *aContinuingFrame = nsnull; - return rv; - } - newChildFrames.AddChild(continuingTableFrame); - } else { - // XXX remove this code and the above checks. We don't want to replicate - // the caption (that is what the thead is for). This code is not executed - // anyway, because the caption was put in a different child list. - nsStyleContext* captionStyle = childFrame->GetStyleContext(); - nsIContent* caption = childFrame->GetContent(); - NS_ASSERTION(NS_STYLE_DISPLAY_TABLE_CAPTION == - captionStyle->GetStyleDisplay()->mDisplay, - "expected caption"); - - // Replicate the caption frame - // XXX We have to do it this way instead of calling ConstructFrameByDisplayType(), - // because of a bug in the way ConstructTableFrame() handles the initial child - // list... - nsIFrame* captionFrame; - nsFrameItems childItems; - NS_NewTableCaptionFrame(aPresShell, &captionFrame); - nsFrameConstructorState state(mPresShell, mFixedContainingBlock, - GetAbsoluteContainingBlock(newFrame), - captionFrame); - captionFrame->Init(aPresContext, caption, newFrame, captionStyle, nsnull); - ProcessChildren(state, caption, captionFrame, PR_TRUE, childItems, - PR_TRUE); - captionFrame->SetInitialChildList(aPresContext, nsnull, childItems.childList); - newChildFrames.AddChild(captionFrame); + if (childFrame) { + nsIFrame* continuingTableFrame; + rv = CreateContinuingFrame(aPresContext, childFrame, newFrame, + &continuingTableFrame); + if (NS_FAILED(rv)) { + newFrame->Destroy(aPresContext); + *aContinuingFrame = nsnull; + return rv; } - childFrame = childFrame->GetNextSibling(); + newChildFrames.AddChild(continuingTableFrame); + + NS_ASSERTION(!childFrame->GetNextSibling(),"there can be only one inner table frame"); } // Set the outer table's initial child list newFrame->SetInitialChildList(aPresContext, nsnull, newChildFrames.childList); } *aContinuingFrame = newFrame; return rv; Index: mozilla/layout/tables/nsTableOuterFrame.cpp =================================================================== --- mozilla.orig/layout/tables/nsTableOuterFrame.cpp 2007-10-09 15:03:32.000000000 +0200 +++ mozilla/layout/tables/nsTableOuterFrame.cpp 2007-10-09 15:15:27.000000000 +0200 @@ -69,20 +69,17 @@ nsTableCaptionFrame::~nsTableCaptionFrame() { } NS_IMETHODIMP nsTableOuterFrame::Destroy(nsPresContext* aPresContext) { - if (mCaptionFrame) { - mCaptionFrame->Destroy(aPresContext); - } - + mCaptionFrames.DestroyFrames(aPresContext); return nsHTMLContainerFrame::Destroy(aPresContext); } nsIAtom* nsTableCaptionFrame::GetType() const { return nsLayoutAtoms::tableCaptionFrame; } @@ -173,17 +170,17 @@ return rv; } nsIFrame* nsTableOuterFrame::GetFirstChild(nsIAtom* aListName) const { if (nsLayoutAtoms::captionList == aListName) { - return mCaptionFrame; + return mCaptionFrames.FirstChild(); } if (!aListName) { return mFrames.FirstChild(); } return nsnull; } nsIAtom* @@ -197,17 +194,18 @@ NS_IMETHODIMP nsTableOuterFrame::SetInitialChildList(nsPresContext* aPresContext, nsIAtom* aListName, nsIFrame* aChildList) { if (nsLayoutAtoms::captionList == aListName) { // the frame constructor already checked for table-caption display type - mCaptionFrame = aChildList; + mCaptionFrames.SetFrames(aChildList); + mCaptionFrame = mCaptionFrames.FirstChild(); } else { NS_ASSERTION(!aListName, "wrong childlist"); NS_ASSERTION(mFrames.IsEmpty(), "Frame leak!"); mFrames.SetFrames(aChildList); mInnerTableFrame = nsnull; if (aChildList) { if (nsLayoutAtoms::tableFrame == aChildList->GetType()) { @@ -220,77 +218,82 @@ } NS_IMETHODIMP nsTableOuterFrame::AppendFrames(nsIAtom* aListName, nsIFrame* aFrameList) { nsresult rv; - // We only have two child frames: the inner table and one caption frame. + // We only have two child frames: the inner table and a caption frame. // The inner frame is provided when we're initialized, and it cannot change if (nsLayoutAtoms::captionList == aListName) { - NS_PRECONDITION(!mCaptionFrame, "already have a caption frame"); - // We only support having a single caption frame - if (mCaptionFrame || (LengthOf(aFrameList) > 1)) { - rv = NS_ERROR_UNEXPECTED; - } else { - // Insert the caption frame into the child list - mCaptionFrame = aFrameList; - - // Reflow the new caption frame. It's already marked dirty, so generate a reflow - // command that tells us to reflow our dirty child frames - rv = GetPresContext()-> - PresShell()->AppendReflowCommand(this, eReflowType_ReflowDirty, + mCaptionFrames.AppendFrames(this, aFrameList); + mCaptionFrame = mCaptionFrames.FirstChild(); + + // Reflow the new caption frame. It's already marked dirty, so generate a reflow + // command that tells us to reflow our dirty child frames + rv = GetPresContext()-> + PresShell()->AppendReflowCommand(this, eReflowType_ReflowDirty, nsnull); - } + } else { NS_PRECONDITION(PR_FALSE, "unexpected child frame type"); rv = NS_ERROR_UNEXPECTED; } return rv; } NS_IMETHODIMP nsTableOuterFrame::InsertFrames(nsIAtom* aListName, nsIFrame* aPrevFrame, nsIFrame* aFrameList) { - NS_PRECONDITION(!aPrevFrame, "invalid previous frame"); - return AppendFrames(aListName, aFrameList); + if (nsLayoutAtoms::captionList == aListName) { + mCaptionFrames.InsertFrames(nsnull, aPrevFrame, aFrameList); + mCaptionFrame = mCaptionFrames.FirstChild(); + + // Reflow the new caption frame. It's already marked dirty, so + // just tell the pres shell. + return GetPresContext()-> + PresShell()->AppendReflowCommand(this, eReflowType_ReflowDirty, + nsnull); + } + else { + NS_PRECONDITION(!aPrevFrame, "invalid previous frame"); + return AppendFrames(aListName, aFrameList); + } } NS_IMETHODIMP nsTableOuterFrame::RemoveFrame(nsIAtom* aListName, nsIFrame* aOldFrame) { // We only have two child frames: the inner table and one caption frame. // The inner frame can't be removed so this should be the caption NS_PRECONDITION(nsLayoutAtoms::captionList == aListName, "can't remove inner frame"); - NS_PRECONDITION(aOldFrame == mCaptionFrame, "invalid caption frame"); PRUint8 captionSide = GetCaptionSide(); // See if the (top/bottom) caption's minimum width impacted the inner table or there // is a left/right caption (that likely impacts the inner table) if ((mMinCaptionWidth == mRect.width) || (NS_SIDE_LEFT == captionSide) || (NS_SIDE_RIGHT == captionSide)) { // The old caption width had an effect on the inner table width so // we're going to need to reflow it. Mark it dirty mInnerTableFrame->AddStateBits(NS_FRAME_IS_DIRTY); } - // Remove the caption frame and destroy it - if (mCaptionFrame && (mCaptionFrame == aOldFrame)) { - mCaptionFrame->Destroy(GetPresContext()); - mCaptionFrame = nsnull; - mMinCaptionWidth = 0; - } + // Remove the frame and destroy it + mCaptionFrames.DestroyFrame(GetPresContext(), aOldFrame); + mCaptionFrame = mCaptionFrames.FirstChild(); + + mMinCaptionWidth = 0; // Generate a reflow command so we get reflowed GetPresContext()->PresShell()->AppendReflowCommand(this, eReflowType_ReflowDirty, nsnull); return NS_OK; } Index: mozilla/layout/tables/nsTableOuterFrame.h =================================================================== --- mozilla.orig/layout/tables/nsTableOuterFrame.h 2007-10-09 15:03:47.000000000 +0200 +++ mozilla/layout/tables/nsTableOuterFrame.h 2007-10-09 15:15:29.000000000 +0200 @@ -398,16 +398,17 @@ nscoord aAvailableWidth, nsMargin& aMargin, nsMargin& aMarginNoAuto, nsMargin& aPadding); private: // used to keep track of this frame's children. They are redundant with mFrames, but more convient nsTableFrame* mInnerTableFrame; + nsFrameList mCaptionFrames; nsIFrame* mCaptionFrame; // used to track caption max element size PRInt32 mMinCaptionWidth; nscoord mPriorAvailWidth; #ifdef DEBUG_TABLE_REFLOW_TIMING public: mozilla-325761.patch: nsScriptSecurityManager.cpp | 2 +- 1 files changed, 1 insertion(+), 1 deletion(-) --- NEW FILE mozilla-325761.patch --- --- caps/src/nsScriptSecurityManager.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) Index: mozilla/caps/src/nsScriptSecurityManager.cpp =================================================================== --- mozilla.orig/caps/src/nsScriptSecurityManager.cpp +++ mozilla/caps/src/nsScriptSecurityManager.cpp @@ -1353,17 +1353,17 @@ { "aim", AllowProtocol }, { "data", AllowProtocol }, { "keyword", DenyProtocol }, { "resource", ChromeProtocol }, { "gopher", AllowProtocol }, { "datetime", DenyProtocol }, { "finger", AllowProtocol }, { "res", DenyProtocol }, - { "x-jsd", ChromeProtocol }, + { "x-jsd", DenyProtocol }, { "wyciwyg", DenyProtocol } }; NS_NAMED_LITERAL_STRING(errorTag, "CheckLoadURIError"); for (unsigned i=0; i < sizeof(protocolList)/sizeof(protocolList[0]); i++) { if (targetScheme.LowerCaseEqualsASCII(protocolList[i].name)) { mozilla-345305_venkmanonly.patch: venkman-records.js | 151 ++++++++++++++++++++++++++++++++++++++++++++--------- venkman-utils.js | 2 venkman-views.js | 40 ++++---------- 3 files changed, 142 insertions(+), 51 deletions(-) --- NEW FILE mozilla-345305_venkmanonly.patch --- --- extensions/venkman/resources/content/venkman-records.js | 151 +++++++++++++--- extensions/venkman/resources/content/venkman-utils.js | 2 extensions/venkman/resources/content/venkman-views.js | 40 +--- 3 files changed, 142 insertions(+), 51 deletions(-) Index: mozilla/extensions/venkman/resources/content/venkman-records.js =================================================================== --- mozilla.orig/extensions/venkman/resources/content/venkman-records.js 2007-10-09 16:36:04.000000000 +0200 +++ mozilla/extensions/venkman/resources/content/venkman-records.js 2007-10-09 16:36:36.000000000 +0200 @@ -560,30 +560,31 @@ ValueRecord.prototype.showConstants = e.toggle; console.prefs["valueRecord.showConstants"] = e.toggle; } if ("isInteractive" in e && e.isInteractive) dispatch("pref valueRecord.showConstants", { isInteractive: true }); } -function ValueRecord (value, name, flags) +function ValueRecord (value, name, flags, jsdFrame) { if (!(value instanceof jsdIValue)) throw new BadMojo (ERR_INVALID_PARAM, "value", String(value)); this.setColumnPropertyName ("col-0", "displayName"); this.setColumnPropertyName ("col-1", "displayType"); this.setColumnPropertyName ("col-2", "displayValue"); this.setColumnPropertyName ("col-3", "displayFlags"); this.displayName = name; this.displayFlags = formatFlags(flags); this.name = name; this.flags = flags; this.value = value; + this.jsdFrame = jsdFrame; this.jsType = null; this.onPreRefresh = false; this.refresh(); delete this.onPreRefresh; } ValueRecord.prototype = new XULTreeViewRecord (null); @@ -595,16 +596,59 @@ if ("parentRecord" in this) return this.__share = this.parentRecord._share; ASSERT (0, "ValueRecord cannot be the root of a visible tree."); return null; } +ValueRecord.prototype.__defineGetter__("expression", vr_getexpressionl); +function vr_getexpressionl() +{ + return this.getExpression(); +} + +ValueRecord.prototype.getExpression = +function vr_getexpression(extra) +{ + var items = [this.displayName]; + + if ("value" in this.parentRecord) + { + var cur = this.parentRecord; + while (cur != console.views["locals"].childData && + cur != console.views["locals"].scopeRecord) + { + if ("isECMAProto" in cur) + items.unshift("__proto__"); + else if ("isECMAParent" in cur) + items.unshift("__parent__"); + else + items.unshift(cur.displayName); + cur = cur.parentRecord; + } + } + + if (typeof extra == "string") + items.push(extra); + + return makeExpression(items); +} + +ValueRecord.prototype.evalString = +function vr_evalstring(string) +{ + //dd("ValueRecord(" + this.displayName + ").evalString(" + string + ")"); + var rval = new Object(); + if (this.jsdFrame.eval(string, JSD_URL_SCHEME + "value-record", 1, rval)) + return rval.value; + return undefined; +} + ValueRecord.prototype.showFunctions = false; ValueRecord.prototype.showECMAProps = false; ValueRecord.prototype.showConstants = false; ValueRecord.prototype.getProperties = function vr_getprops (properties) { if ("valueIsException" in this || this.flags & PROP_EXCEPTION) @@ -645,18 +689,20 @@ var prop = value.getProperty (this.name); if (prop) { this.flags = prop.flags; this.value = prop.value; } else { - var jsval = value.getWrappedValue(); - this.value = console.jsds.wrapValue(jsval[this.name]); + ASSERT(this.jsdFrame, "ValueRecord(" + this.displayName + + ").onPreRefresh: no jsdIStackFrame to safely eval on!"); + + this.value = this.evalString(this.expression); this.flags = PROP_ENUMERATE | PROP_HINTED; } } } ValueRecord.prototype.refresh = function vr_refresh () { @@ -817,51 +863,107 @@ default: ASSERT (0, "invalid value"); } } ValueRecord.prototype.countProperties = function vr_countprops () { - var c = 0; - var jsval = this.value.getWrappedValue(); - try - { - for (var p in jsval) - ++c; - } - catch (ex) - { - dd ("caught exception counting properties\n" + ex); - } - - return c; + ASSERT(this.jsdFrame, "ValueRecord(" + this.displayName + + ").countProperties: no jsdIStackFrame to safely eval on!"); + + // Note: uses an inline function to avoid polluting the frame's scope. + var code = "(function(obj){" + + " var count = 0;" + + " for (var prop in obj)" + + " ++count;" + + " return count;" + + "})(" + this.expression + ")"; + + // rv is undefined if an exception occured. + var rv = this.evalString(code); + if (typeof rv == "undefined") + return 0; + + return rv.intValue; } ValueRecord.prototype.listProperties = function vr_listprops () { + function charEscapeReplace(s, c) + { + return String.fromCharCode(parseInt(c, 16)); + }; + // the ":" prefix for keys in the propMap avoid collisions with "real" // pseudo-properties, such as __proto__. If we were to actually assign // to those we would introduce bad side affects. //dd ("listProperties {"); - var i; - var jsval = this.value.getWrappedValue(); + var i, jsval; var propMap = new Object(); /* get the enumerable properties */ - - for (var p in jsval) + + ASSERT(this.jsdFrame, "ValueRecord(" + this.displayName + + ").listProperties: no jsdIStackFrame to safely eval on!"); + + var propList = new Array(); + + // quote() puts double-quotes at either end of the string, + // backspash-escapes double-quotes in the string, and (quite + // importantly) uses \xXX and \uXXXX escapes for non-ASCII + // characters. + + // Note: uses an inline function to avoid polluting the frame's scope. + var code = "(function(obj){" + + " var string = '';" + + " for (var prop in obj) {" + + " if (string)" + + " string += ',';" + + " string += prop.quote();" + + " }" + + " return string;" + + "})(" + this.expression + ")"; + + // list is undefined if an exception occured. + var list = this.evalString(code); + if (typeof list != "undefined") { + list = list.stringValue; + //dd("ValueRecord(" + this.displayName + + // ").listProperties: list: " + list); + if (list) { + list = ('",' + list + ',"').split('","'); + + for (i = 0; i < list.length; i++) + { + if (!list[i]) + continue; + + var prop = list[i]; + prop = prop.replace(/\\x([0-9a-f]{2})/i, charEscapeReplace); + prop = prop.replace(/\\u([0-9a-f]{4})/i, charEscapeReplace); + prop = prop.replace(/\\(.)/, "$1"); + propList.push(prop); + //dd("ValueRecord(" + this.displayName + + // ").listProperties: prop: " + prop); + } + } + } + + for (i = 0; i < propList.length; i++) { + var p = propList[i]; var value; try { - value = console.jsds.wrapValue(jsval[p]); + value = this.evalString(this.getExpression(p)); + if (this.showFunctions || value.jsType != TYPE_FUNCTION) { propMap[":" + p] = { name: p, value: value, flags: PROP_ENUMERATE | PROP_HINTED }; } else { //dd ("not including function " + name); @@ -987,25 +1089,25 @@ this.propertyList = this.listProperties(); if (this.showECMAProps) { var rec; if (this.value.jsPrototype) { rec = new ValueRecord(this.value.jsPrototype, - MSG_VAL_PROTO); + MSG_VAL_PROTO, "", this.jsdFrame); rec.isECMAProto = true; this.appendChild (rec); } if (this.value.jsParent) { rec = new ValueRecord(this.value.jsParent, - MSG_VAL_PARENT); + MSG_VAL_PARENT, "", this.jsdFrame); rec.isECMAParent = true; this.appendChild (rec); } } if (!this.childData.length && !this.propertyList.length) { rec = new XTLabelRecord ("col-0", MSG_VAL_NONE, @@ -1014,17 +1116,18 @@ return; } for (var i = 0; i < this.propertyList.length; ++i) { var prop = this.propertyList[i]; this.appendChild(new ValueRecord(prop.value, prop.name, - prop.flags)); + prop.flags, + this.jsdFrame)); } } catch (ex) { display (getMsg (MSN_ERR_FAILURE, ex), MT_ERROR); } } Index: mozilla/extensions/venkman/resources/content/venkman-utils.js =================================================================== --- mozilla.orig/extensions/venkman/resources/content/venkman-utils.js 2007-10-09 16:36:04.000000000 +0200 +++ mozilla/extensions/venkman/resources/content/venkman-utils.js 2007-10-09 16:36:39.000000000 +0200 @@ -1004,17 +1004,17 @@ function makeExpression (items) { function escapeItem (item, first) { // Numbers. if (item.match(/^[0-9]+$/i)) return "[" + item + "]"; // Words/other items that don't need quoting. - if (item.match(/^[a-z_][a-z0-9_]+$/i)) + if (item.match(/^[a-z_][a-z0-9_]*$/i)) return (!first ? "." : "") + item; // Quote everything else. return "[" + item.quote() + "]"; }; var expression = escapeItem(items[0], true); for (var i = 1; i < items.length; i++) Index: mozilla/extensions/venkman/resources/content/venkman-views.js =================================================================== --- mozilla.orig/extensions/venkman/resources/content/venkman-views.js 2007-10-09 16:36:04.000000000 +0200 +++ mozilla/extensions/venkman/resources/content/venkman-views.js 2007-10-09 16:36:29.000000000 +0200 @@ -607,17 +607,18 @@ { var tag = jsdFrame.script.tag; if (tag in this.savedStates) state = this.savedStates[tag]; } if (jsdFrame.scope) { - this.scopeRecord = new ValueRecord (jsdFrame.scope, MSG_VAL_SCOPE, ""); + this.scopeRecord = new ValueRecord(jsdFrame.scope, MSG_VAL_SCOPE, "", + jsdFrame); this.scopeRecord.onPreRefresh = null; this.childData.appendChild(this.scopeRecord); if (!state && jsdFrame.scope.propertyCount < console.prefs["localsView.autoOpenMax"]) { this.scopeRecord.open(); } @@ -629,17 +630,17 @@ "locals:col-3"]); this.scopeRecord.property = ValueRecord.prototype.atomObject; this.childData.appendChild(this.scopeRecord); } if (jsdFrame.thisValue) { this.thisRecord = new ValueRecord (jsdFrame.thisValue, MSG_VAL_THIS, - ""); + "", jsdFrame); this.thisRecord.onPreRefresh = null; this.childData.appendChild(this.thisRecord); if (!state && jsdFrame.thisValue.propertyCount < console.prefs["localsView.autoOpenMax"]) { this.scopeRecord.open(); } } @@ -794,40 +795,17 @@ cx.jsdValueList = new Array(); function recordContextGetter (cx, rec, i) { if (i == 0) { cx.jsdValue = rec.value; - var items = new Array(); - items.unshift(rec.displayName); - - if ("value" in rec.parentRecord) - { - cx.parentValue = rec.parentRecord.value; - var cur = rec.parentRecord; - while (cur != locals.childData && - cur != locals.scopeRecord) - { - if ("isECMAProto" in cur) - items.unshift("__proto__"); - else if ("isECMAParent" in cur) - items.unshift("__parent__"); - else - items.unshift(cur.displayName); - cur = cur.parentRecord; - } - } - else - { - cx.parentValue = null; - } - cx.expression = makeExpression(items); + cx.expression = rec.expression; cx.propertyName = rec.displayName; } else { cx.jsdValueList.push(rec.value); } return cx; }; @@ -4299,19 +4277,29 @@ if (!("currentEvalObject" in console)) { display (MSG_ERR_NO_EVAL_OBJECT, MT_ERROR); return null; } refresher = function () { if ("frames" in console) + { + this.jsdFrame = getCurrentFrame(); this.value = evalInTargetScope(e.expression, true); + } else + { + /* This is a security protection; leaving the + * object open allows access to child items when + * we have no frame to safely eval them on. + */ + this.close(); throw MSG_VAL_NA; + } }; } else { refresher = function () { var rv = evalInDebuggerScope(e.expression, true); this.value = console.jsds.wrapValue(rv); }; mozilla-361745.patch: nsSVGImageFrame.cpp | 12 ++++++++---- 1 files changed, 8 insertions(+), 4 deletions(-) --- NEW FILE mozilla-361745.patch --- --- layout/svg/base/src/nsSVGImageFrame.cpp | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) Index: mozilla/layout/svg/base/src/nsSVGImageFrame.cpp =================================================================== --- mozilla.orig/layout/svg/base/src/nsSVGImageFrame.cpp 2007-10-09 17:42:44.000000000 +0200 +++ mozilla/layout/svg/base/src/nsSVGImageFrame.cpp 2007-10-09 17:43:02.000000000 +0200 @@ -285,17 +285,17 @@ mX->GetValue(&x); mY->GetValue(&y); mWidth->GetValue(&width); mHeight->GetValue(&height); /* In a perfect world, this would be handled by the DOM, and return a DOM exception. */ - if (width == 0 || height == 0) + if (width <= 0 || height <= 0) return NS_OK; pathBuilder->Moveto(x, y); pathBuilder->Lineto(x+width, y); pathBuilder->Lineto(x+width, y+height); pathBuilder->Lineto(x, y+height); pathBuilder->ClosePath(&x, &y); @@ -305,16 +305,22 @@ //---------------------------------------------------------------------- // nsISVGChildFrame methods: NS_IMETHODIMP nsSVGImageFrame::PaintSVG(nsISVGRendererCanvas* canvas, const nsRect& dirtyRectTwips) { if (!GetStyleVisibility()->IsVisible()) return NS_OK; + float width, height; + mWidth->GetValue(&width); + mHeight->GetValue(&height); + if (width <= 0 || height <= 0) + return NS_OK; + if (mSurfaceInvalid) { nsCOMPtr currentRequest; nsCOMPtr imageLoader = do_QueryInterface(mContent); if (imageLoader) imageLoader->GetRequest(nsIImageLoadingContent::CURRENT_REQUEST, getter_AddRefs(currentRequest)); nsCOMPtr currentContainer; @@ -348,21 +354,19 @@ clip->ClipPaint(canvas, this, matrix); } } if (mSurface) { nsCOMPtr ctm; GetCanvasTM(getter_AddRefs(ctm)); - float x, y, width, height; + float x, y; mX->GetValue(&x); mY->GetValue(&y); - mWidth->GetValue(&width); - mHeight->GetValue(&height); if (GetStyleDisplay()->IsScrollableOverflow()) canvas->SetClipRect(ctm, x, y, width, height); PRUint32 nativeWidth, nativeHeight; mSurface->GetWidth(&nativeWidth); mSurface->GetHeight(&nativeHeight); mozilla-362901.patch: base/nsCSSFrameConstructor.cpp | 122 ++++++++++++++++++++++++++--------------- base/nsCSSFrameConstructor.h | 4 + base/nsStyleChangeList.cpp | 2 generic/nsBlockFrame.cpp | 32 +++++++--- generic/nsBlockFrame.h | 2 generic/nsContainerFrame.cpp | 18 +++--- generic/nsTextFrame.cpp | 4 + 7 files changed, 122 insertions(+), 62 deletions(-) --- NEW FILE mozilla-362901.patch --- --- layout/base/nsCSSFrameConstructor.cpp | 122 +++++++++++++++++++++------------- layout/base/nsCSSFrameConstructor.h | 4 + layout/base/nsStyleChangeList.cpp | 2 layout/generic/nsBlockFrame.cpp | 32 +++++--- layout/generic/nsBlockFrame.h | 2 layout/generic/nsContainerFrame.cpp | 18 +++-- layout/generic/nsTextFrame.cpp | 4 + 7 files changed, 122 insertions(+), 62 deletions(-) Index: mozilla/layout/base/nsCSSFrameConstructor.cpp =================================================================== --- mozilla.orig/layout/base/nsCSSFrameConstructor.cpp 2007-10-09 12:53:36.000000000 +0200 +++ mozilla/layout/base/nsCSSFrameConstructor.cpp 2007-10-09 13:00:22.000000000 +0200 @@ -8855,21 +8855,20 @@ nsFrameConstructorState state(mPresShell, mFixedContainingBlock, GetAbsoluteContainingBlock(parentFrame), GetFloatContainingBlock(parentFrame)); // See if the containing block has :first-letter style applied. PRBool haveFirstLetterStyle = PR_FALSE, haveFirstLineStyle = PR_FALSE; nsIFrame* containingBlock = state.mFloatedItems.containingBlock; if (containingBlock) { - nsIContent* blockContent = containingBlock->GetContent(); - nsStyleContext* blockSC = containingBlock->GetStyleContext(); - HaveSpecialBlockStyle(blockContent, blockSC, - &haveFirstLetterStyle, - &haveFirstLineStyle); + haveFirstLetterStyle = HaveFirstLetterStyle(containingBlock); + haveFirstLineStyle = + HaveFirstLineStyle(containingBlock->GetContent(), + containingBlock->GetStyleContext()); } if (haveFirstLetterStyle) { // Before we get going, remove the current letter frames RemoveLetterFrames(state.mPresContext, state.mPresShell, state.mFrameManager, containingBlock); } @@ -9507,21 +9506,20 @@ // place. If its a certain kind of container then some special // processing is done. if ((NS_STYLE_DISPLAY_BLOCK == parentDisplay->mDisplay) || (NS_STYLE_DISPLAY_LIST_ITEM == parentDisplay->mDisplay) || (NS_STYLE_DISPLAY_INLINE == parentDisplay->mDisplay) || (NS_STYLE_DISPLAY_INLINE_BLOCK == parentDisplay->mDisplay)) { // Recover the special style flags for the containing block if (containingBlock) { - blockSC = containingBlock->GetStyleContext(); - blockContent = containingBlock->GetContent(); - HaveSpecialBlockStyle(blockContent, blockSC, - &haveFirstLetterStyle, - &haveFirstLineStyle); + haveFirstLetterStyle = HaveFirstLetterStyle(containingBlock); + haveFirstLineStyle = + HaveFirstLineStyle(containingBlock->GetContent(), + containingBlock->GetStyleContext()); } if (haveFirstLetterStyle) { // Get the correct parentFrame and prevSibling - if a // letter-frame is present, use its parent. if (parentFrame->GetType() == nsLayoutAtoms::letterFrame) { parentFrame = parentFrame->GetParent(); container = parentFrame->GetContent(); @@ -10011,20 +10009,17 @@ if (parentFrame->GetType() == nsLayoutAtoms::frameSetFrame) { // Just reframe the parent, since framesets are weird like that. return RecreateFramesForContent(parentFrame->GetContent()); } // Examine the containing-block for the removed content and see if // :first-letter style applies. nsIFrame* containingBlock = GetFloatContainingBlock(parentFrame); - PRBool haveFLS = containingBlock ? - HaveFirstLetterStyle(containingBlock->GetContent(), - containingBlock->GetStyleContext()) : - PR_FALSE; + PRBool haveFLS = containingBlock && HaveFirstLetterStyle(containingBlock); if (haveFLS) { // Trap out to special routine that handles adjusting a blocks // frame tree when first-letter style is present. #ifdef NOISY_FIRST_LETTER printf("ContentRemoved: containingBlock="); nsFrame::ListTag(stdout, containingBlock); printf(" parentFrame="); nsFrame::ListTag(stdout, parentFrame); @@ -10428,52 +10423,55 @@ if (nsnull != frame) { #if 0 NS_FRAME_LOG(NS_FRAME_TRACE_CALLS, ("nsCSSFrameConstructor::CharacterDataChanged: content=%p[%s] subcontent=%p frame=%p", aContent, ContentTag(aContent, 0), aSubContent, frame)); #endif - // Special check for text content that is a child of a letter - // frame. There are two interesting cases that we have to handle - // carefully: text content that is going empty (which means we - // should select a new text node as the first-letter text) or text - // content that empty but is no longer empty (it might be the - // first-letter text but isn't currently). - // - // To deal with both of these we make a simple change: map a - // CharacterDataChanged into a ReinsertContent when we are changing text - // that is part of a first-letter situation. - PRBool doCharacterDataChanged = PR_TRUE; + // Special check for text content that is a child of a letter frame. If + // this happens, we should remove the letter frame, do whatever we're + // planning to do with this notification, then put the letter frame back. + // Note that this is basically what ReinsertContent ends up doing; the + // reason we dont' want to call that here is that our text content could be + // native anonymous, in which case ReinsertContent would completely barf on + // it. And reinserting the non-anonymous ancestor would just lead us to + // come back into this notification (e.g. if quotes or counters are + // involved), leading to a loop. + PRBool haveFirstLetterStyle = PR_FALSE; + nsIFrame* block = nsnull; nsCOMPtr textContent(do_QueryInterface(aContent)); if (textContent) { // Ok, it's text content. Now do some real work... - nsIFrame* block = GetFloatContainingBlock(frame); + block = GetFloatContainingBlock(frame); if (block) { // See if the block has first-letter style applied to it. - nsIContent* blockContent = block->GetContent(); - nsStyleContext* blockSC = block->GetStyleContext(); - PRBool haveFirstLetterStyle = - HaveFirstLetterStyle(blockContent, blockSC); + haveFirstLetterStyle = HaveFirstLetterStyle(block); if (haveFirstLetterStyle) { - // The block has first-letter style. Use content-replaced to - // repair the blocks frame structure properly. - nsCOMPtr container = aContent->GetParent(); - if (container) { - doCharacterDataChanged = PR_FALSE; - rv = ReinsertContent(container, aContent); - } + RemoveLetterFrames(mPresShell->GetPresContext(), mPresShell, + mPresShell->FrameManager(), block); + // Reget |frame|, since we might have killed it. Do we + // really need to call CharacterDataChanged in this case, + // though? + mPresShell->GetPrimaryFrameFor(aContent, &frame); + NS_ASSERTION(frame, "Should have frame here!"); } } } - if (doCharacterDataChanged) { - frame->CharacterDataChanged(mPresShell->GetPresContext(), aContent, - aAppend); + frame->CharacterDataChanged(mPresShell->GetPresContext(), aContent, + aAppend); + + if (haveFirstLetterStyle) { + // Note that if we got here |block| is not null + nsFrameConstructorState state(mPresShell, mFixedContainingBlock, + GetAbsoluteContainingBlock(frame), + block, nsnull); + RecoverLetterFrames(state, block); } } return rv; } #ifdef ACCESSIBILITY nsIAtom* @@ -12184,16 +12182,32 @@ nsStyleContext* aStyleContext) { return nsLayoutUtils::HasPseudoStyle(aContent, aStyleContext, nsCSSPseudoElements::firstLetter, mPresShell->GetPresContext()); } PRBool +nsCSSFrameConstructor::HaveFirstLetterStyle(nsIFrame* aBlockFrame) +{ + NS_PRECONDITION(aBlockFrame, "Need a frame"); + +#ifdef DEBUG + nsBlockFrame* block; + NS_ASSERTION(NS_SUCCEEDED(aBlockFrame->QueryInterface(kBlockFrameCID, + (void**)&block)) && + block, + "Not a block frame?"); +#endif + + return (aBlockFrame->GetStateBits() & NS_BLOCK_HAS_FIRST_LETTER_STYLE) != 0; +} + +PRBool nsCSSFrameConstructor::HaveFirstLineStyle(nsIContent* aContent, nsStyleContext* aStyleContext) { return nsLayoutUtils::HasPseudoStyle(aContent, aStyleContext, nsCSSPseudoElements::firstLine, mPresShell->GetPresContext()); } @@ -12694,17 +12708,24 @@ nsFrameItems& aResult) { // Create the first-letter-frame nsresult rv; nsIFrame* letterFrame; nsStyleSet *styleSet = mPresShell->StyleSet(); NS_NewFirstLetterFrame(mPresShell, &letterFrame); - InitAndRestoreFrame(aState, aTextContent, aParentFrame, aStyleContext, + // We don't want to use a text content for a non-text frame (because we want + // its primary frame to be a text frame). So use its parent for the + // first-letter. + nsIContent* letterContent = aTextContent->GetParent(); + NS_ASSERTION(letterContent->GetBindingParent() != letterContent, + "Reframes of this letter frame will mess with the root of a " + "native anonymous content subtree!"); + InitAndRestoreFrame(aState, letterContent, aParentFrame, aStyleContext, nsnull, letterFrame); // Init the text frame to refer to the letter frame. Make sure we // get a proper style context for it (the one passed in is for the // letter frame and will have the float property set on it; the text // frame shouldn't have that set). nsRefPtr textSC; textSC = styleSet->ResolveStyleForNonElement(aStyleContext); @@ -12713,17 +12734,17 @@ // And then give the text frame to the letter frame letterFrame->SetInitialChildList(aState.mPresContext, nsnull, aTextFrame); // Now make the placeholder nsIFrame* placeholderFrame; CreatePlaceholderFrameFor(mPresShell, aState.mPresContext, aState.mFrameManager, - aTextContent, letterFrame, + letterContent, letterFrame, aStyleContext, aParentFrame, &placeholderFrame); // See if we will need to continue the text frame (does it contain // more than just the first-letter text or not?) If it does, then we // create (in advance) a continuation frame for it. nsIFrame* nextTextFrame = nsnull; if (NeedFirstLetterContinuation(aTextContent)) { @@ -12790,18 +12811,24 @@ blockContent, aParentFrame, sc, aResult); } else { // Make an inflow first-letter frame nsIFrame* letterFrame; nsresult rv = NS_NewFirstLetterFrame(mPresShell, &letterFrame); if (NS_SUCCEEDED(rv)) { - // Initialize the first-letter-frame. - letterFrame->Init(aState.mPresContext, aTextContent, aParentFrame, + // Initialize the first-letter-frame. We don't want to use a text + // content for a non-text frame (because we want its primary frame to + // be a text frame). So use its parent for the first-letter. + nsIContent* letterContent = aTextContent->GetParent(); + NS_ASSERTION(letterContent->GetBindingParent() != letterContent, + "Reframes of this letter frame will mess with the root " + "of a native anonymous content subtree!"); + letterFrame->Init(aState.mPresContext, letterContent, aParentFrame, sc, nsnull); nsRefPtr textSC; textSC = mPresShell->StyleSet()->ResolveStyleForNonElement(sc); InitAndRestoreFrame(aState, aTextContent, letterFrame, textSC, nsnull, textFrame); letterFrame->SetInitialChildList(aState.mPresContext, nsnull, @@ -12819,16 +12846,18 @@ nsCSSFrameConstructor::WrapFramesInFirstLetterFrame( nsFrameConstructorState& aState, nsIContent* aBlockContent, nsIFrame* aBlockFrame, nsFrameItems& aBlockFrames) { nsresult rv = NS_OK; + aBlockFrame->AddStateBits(NS_BLOCK_HAS_FIRST_LETTER_STYLE); + nsIFrame* parentFrame = nsnull; nsIFrame* textFrame = nsnull; nsIFrame* prevFrame = nsnull; nsFrameItems letterFrames; PRBool stopLooking = PR_FALSE; rv = WrapFramesInFirstLetterFrame(aState, aBlockFrame, aBlockFrames.childList, &parentFrame, &textFrame, &prevFrame, @@ -13139,16 +13168,18 @@ // Fixup the letter frame situation for the given block nsresult nsCSSFrameConstructor::RecoverLetterFrames(nsFrameConstructorState& aState, nsIFrame* aBlockFrame) { nsresult rv = NS_OK; + aBlockFrame->AddStateBits(NS_BLOCK_HAS_FIRST_LETTER_STYLE); + nsIFrame* blockKids = aBlockFrame->GetFirstChild(nsnull); nsIFrame* parentFrame = nsnull; nsIFrame* textFrame = nsnull; nsIFrame* prevFrame = nsnull; nsFrameItems letterFrames; PRBool stopLooking = PR_FALSE; rv = WrapFramesInFirstLetterFrame(aState, aBlockFrame, blockKids, &parentFrame, &textFrame, &prevFrame, @@ -14246,16 +14277,19 @@ nsCSSFrameConstructor::PostRestyleEvent(nsIContent* aContent, nsReStyleHint aRestyleHint, nsChangeHint aMinChangeHint) { if (aRestyleHint == 0 && !aMinChangeHint) { // Nothing to do here return; } + + NS_ASSERTION(aContent->IsContentOfType(nsIContent::eELEMENT), + "Shouldn't be trying to restyle non-elements directly"); RestyleData existingData; existingData.mRestyleHint = nsReStyleHint(0); existingData.mChangeHint = NS_STYLE_HINT_NONE; mPendingRestyles.Get(aContent, &existingData); existingData.mRestyleHint = nsReStyleHint(existingData.mRestyleHint | aRestyleHint); Index: mozilla/layout/base/nsCSSFrameConstructor.h =================================================================== --- mozilla.orig/layout/base/nsCSSFrameConstructor.h 2007-10-09 12:49:22.000000000 +0200 +++ mozilla/layout/base/nsCSSFrameConstructor.h 2007-10-09 13:00:22.000000000 +0200 @@ -736,16 +736,20 @@ already_AddRefed GetFirstLineStyle(nsIContent* aContent, nsStyleContext* aStyleContext); PRBool HaveFirstLetterStyle(nsIContent* aContent, nsStyleContext* aStyleContext); + // Check whether a given block has first-letter style. Make sure to + // only pass in blocks! And don't pass in null either. + PRBool HaveFirstLetterStyle(nsIFrame* aBlockFrame); + PRBool HaveFirstLineStyle(nsIContent* aContent, nsStyleContext* aStyleContext); void HaveSpecialBlockStyle(nsIContent* aContent, nsStyleContext* aStyleContext, PRBool* aHaveFirstLetterStyle, PRBool* aHaveFirstLineStyle); Index: mozilla/layout/base/nsStyleChangeList.cpp =================================================================== --- mozilla.orig/layout/base/nsStyleChangeList.cpp 2007-10-09 12:49:22.000000000 +0200 +++ mozilla/layout/base/nsStyleChangeList.cpp 2007-10-09 13:00:22.000000000 +0200 @@ -84,16 +84,18 @@ nsresult nsStyleChangeList::AppendChange(nsIFrame* aFrame, nsIContent* aContent, nsChangeHint aHint) { NS_ASSERTION(aFrame || (aHint & nsChangeHint_ReconstructFrame), "must have frame"); NS_ASSERTION(aContent || !(aHint & nsChangeHint_ReconstructFrame), "must have content"); + NS_ASSERTION(!aContent || aContent->IsContentOfType(nsIContent::eELEMENT), + "Shouldn't be trying to restyle non-elements directly"); if ((0 < mCount) && (aHint & nsChangeHint_ReconstructFrame)) { // filter out all other changes for same content if (aContent) { PRInt32 index = mCount; while (0 < index--) { if (aContent == mArray[index].mContent) { // remove this change mCount--; if (index < mCount) { // move later changes down Index: mozilla/layout/generic/nsBlockFrame.cpp =================================================================== --- mozilla.orig/layout/generic/nsBlockFrame.cpp 2007-10-09 12:49:22.000000000 +0200 +++ mozilla/layout/generic/nsBlockFrame.cpp 2007-10-09 13:00:22.000000000 +0200 @@ -76,16 +76,17 @@ #include "nsAutoPtr.h" #include "nsIServiceManager.h" #include "nsIScrollableFrame.h" #ifdef ACCESSIBILITY #include "nsIAccessibilityService.h" #endif #include "nsLayoutUtils.h" #include "nsBoxLayoutState.h" +#include "nsCSSAnonBoxes.h" #ifdef IBMBIDI #include "nsBidiPresUtils.h" #endif // IBMBIDI #include "nsIDOMHTMLBodyElement.h" #include "nsIDOMHTMLHtmlElement.h" @@ -7237,28 +7238,37 @@ if (mAbsoluteContainer.GetChildListName() == aListName) { mAbsoluteContainer.SetInitialChildList(this, aPresContext, aListName, aChildList); } else if (nsLayoutAtoms::floatList == aListName) { mFloats.SetFrames(aChildList); } else { - // Lookup up the two pseudo style contexts - if (nsnull == mPrevInFlow) { - nsRefPtr firstLetterStyle = GetFirstLetterStyle(aPresContext); - if (nsnull != firstLetterStyle) { - mState |= NS_BLOCK_HAS_FIRST_LETTER_STYLE; -#ifdef NOISY_FIRST_LETTER - ListTag(stdout); - printf(": first-letter style found\n"); +#ifdef DEBUG + // The only times a block that is an anonymous box is allowed to have a + // first-letter frame are when it's the block inside a non-anonymous cell, + // the block inside a fieldset, a scrolled content block, or a column + // content block. Also, a block that has a previous continuation can't + // have a first letter frame. + nsIAtom *pseudo = GetStyleContext()->GetPseudoType(); + PRBool haveFirstLetterStyle = + !mPrevInFlow && + (!pseudo || + (pseudo == nsCSSAnonBoxes::cellContent && + mParent->GetStyleContext()->GetPseudoType() == nsnull) || + pseudo == nsCSSAnonBoxes::fieldsetContent || + pseudo == nsCSSAnonBoxes::scrolledContent || + pseudo == nsCSSAnonBoxes::columnContent) && + nsRefPtr(GetFirstLetterStyle(aPresContext)) != nsnull; + NS_ASSERTION(haveFirstLetterStyle == + ((mState & NS_BLOCK_HAS_FIRST_LETTER_STYLE) != 0), + "NS_BLOCK_HAS_FIRST_LETTER_STYLE state out of sync"); #endif - } - } - + rv = AddFrames(aChildList, nsnull); if (NS_FAILED(rv)) { return rv; } // Create list bullet if this is a list-item. Note that this is done // here so that RenumberLists will work (it needs the bullets to // store the bullet numbers). Index: mozilla/layout/generic/nsBlockFrame.h =================================================================== --- mozilla.orig/layout/generic/nsBlockFrame.h 2007-10-09 12:49:22.000000000 +0200 +++ mozilla/layout/generic/nsBlockFrame.h 2007-10-09 13:00:22.000000000 +0200 @@ -291,22 +291,24 @@ PRBool HandleOverflowPlaceholdersOnPulledLine( nsBlockReflowState& aState, nsLineBox* aLine); protected: nsBlockFrame(); virtual ~nsBlockFrame(); +#ifdef DEBUG already_AddRefed GetFirstLetterStyle(nsPresContext* aPresContext) { return aPresContext->StyleSet()-> ProbePseudoStyleFor(mContent, nsCSSPseudoElements::firstLetter, mStyleContext); } +#endif /* * Overides member function of nsHTMLContainerFrame. Needed to handle the * lines in a nsBlockFrame properly. */ virtual void PaintTextDecorationLines(nsIRenderingContext& aRenderingContext, nscolor aColor, nscoord aOffset, Index: mozilla/layout/generic/nsContainerFrame.cpp =================================================================== --- mozilla.orig/layout/generic/nsContainerFrame.cpp 2007-10-09 12:49:22.000000000 +0200 +++ mozilla/layout/generic/nsContainerFrame.cpp 2007-10-09 13:00:22.000000000 +0200 @@ -143,23 +143,27 @@ nsContainerFrame::Destroy(nsPresContext* aPresContext) { // Prevent event dispatch during destruction if (HasView()) { GetView()->SetClientData(nsnull); } if (mState & NS_FRAME_GENERATED_CONTENT) { - // Make sure all the content nodes for the generated content inside - // this frame know it's going away. - // XXXbz would this be better done via a global structure in - // nsCSSFrameConstructor that could key off of - // GeneratedContentFrameRemoved or something? The problem is that - // our kids are gone by the time that's called. - ::CleanupGeneratedContentIn(mContent, this); + nsIAtom* type = GetType(); + if (type == nsLayoutAtoms::inlineFrame || + type== nsLayoutAtoms::blockFrame) { + // Make sure all the content nodes for the generated content inside + // this frame know it's going away. + // XXXbz would this be better done via a global structure in + // nsCSSFrameConstructor that could key off of + // GeneratedContentFrameRemoved or something? The problem is that + // our kids are gone by the time that's called. + ::CleanupGeneratedContentIn(mContent, this); + } } // Delete the primary child list mFrames.DestroyFrames(aPresContext); // Destroy overflow frames now nsFrameList overflowFrames(GetOverflowFrames(aPresContext, PR_TRUE)); overflowFrames.DestroyFrames(aPresContext); Index: mozilla/layout/generic/nsTextFrame.cpp =================================================================== --- mozilla.orig/layout/generic/nsTextFrame.cpp 2007-10-09 12:49:22.000000000 +0200 +++ mozilla/layout/generic/nsTextFrame.cpp 2007-10-09 13:00:22.000000000 +0200 @@ -948,16 +948,19 @@ NS_IMETHODIMP nsContinuingTextFrame::Init(nsPresContext* aPresContext, nsIContent* aContent, nsIFrame* aParent, nsStyleContext* aContext, nsIFrame* aPrevInFlow) { + NS_PRECONDITION(aContent->IsContentOfType(nsIContent::eTEXT), + "Bogus content!"); + nsresult rv; rv = nsTextFrame::Init(aPresContext, aContent, aParent, aContext, aPrevInFlow); if (aPrevInFlow) { // Hook the frame into the flow mPrevInFlow = aPrevInFlow; aPrevInFlow->SetNextInFlow(this); @@ -6561,16 +6564,17 @@ fprintf(out, " {%d,%d,%d,%d}", mRect.x, mRect.y, mRect.width, mRect.height); if (0 != mState) { if (mState & NS_FRAME_SELECTED_CONTENT) { fprintf(out, " [state=%08x] SELECTED", mState); } else { fprintf(out, " [state=%08x]", mState); } } + fprintf(out, " [content=%p]", NS_STATIC_CAST(void*, mContent)); fprintf(out, " sc=%p", NS_STATIC_CAST(void*, mStyleContext)); nsIAtom* pseudoTag = mStyleContext->GetPseudoType(); if (pseudoTag) { nsAutoString atomString; pseudoTag->ToString(atomString); fprintf(out, " pst=%s", NS_LossyConvertUCS2toASCII(atomString).get()); } mozilla-372309.patch: jsarray.c | 13 +++++++++---- 1 files changed, 9 insertions(+), 4 deletions(-) --- NEW FILE mozilla-372309.patch --- --- js/src/jsarray.c | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) Index: mozilla/js/src/jsarray.c =================================================================== --- mozilla.orig/js/src/jsarray.c 2007-10-09 18:05:26.000000000 +0200 +++ mozilla/js/src/jsarray.c 2007-10-09 18:05:46.000000000 +0200 @@ -1891,19 +1891,24 @@ if (!proto || !InitArrayObject(cx, proto, 0, NULL)) return NULL; return proto; } JSObject * js_NewArrayObject(JSContext *cx, jsuint length, jsval *vector) { + JSTempValueRooter tvr; JSObject *obj; obj = js_NewObject(cx, &js_ArrayClass, NULL, NULL); if (!obj) return NULL; - if (!InitArrayObject(cx, obj, length, vector)) { - cx->weakRoots.newborn[GCX_OBJECT] = NULL; - return NULL; - } + + JS_PUSH_TEMP_ROOT_OBJECT(cx, obj, &tvr); + if (!InitArrayObject(cx, obj, length, vector)) + obj = NULL; + JS_POP_TEMP_ROOT(cx, &tvr); + + /* Set/clear newborn root, in case we lost it. */ + cx->weakRoots.newborn[GCX_OBJECT] = (JSGCThing *) obj; return obj; } mozilla-378787.patch: nsHttpDigestAuth.cpp | 82 ++++++++++++++++++++++++++++++++++++++++++--------- nsHttpDigestAuth.h | 4 ++ 2 files changed, 73 insertions(+), 13 deletions(-) --- NEW FILE mozilla-378787.patch --- --- netwerk/protocol/http/src/nsHttpDigestAuth.cpp | 82 +++++++++++++++++++++---- netwerk/protocol/http/src/nsHttpDigestAuth.h | 4 + 2 files changed, 73 insertions(+), 13 deletions(-) Index: mozilla/netwerk/protocol/http/src/nsHttpDigestAuth.cpp =================================================================== --- mozilla.orig/netwerk/protocol/http/src/nsHttpDigestAuth.cpp 2007-10-09 18:13:40.000000000 +0200 +++ mozilla/netwerk/protocol/http/src/nsHttpDigestAuth.cpp 2007-10-09 18:13:54.000000000 +0200 @@ -337,57 +337,78 @@ rv = CalculateHA2(httpMethod, path, qop, upload_data_digest, ha2_digest); if (NS_FAILED(rv)) return rv; rv = CalculateResponse(ha1_digest, ha2_digest, nonce, qop, nonce_count, cnonce, response_digest); if (NS_FAILED(rv)) return rv; + // + // Values that need to match the quoted-string production from RFC 2616: + // + // username + // realm + // nonce + // opaque + // cnonce + // + nsCAutoString authString; - authString.AssignLiteral("Digest username=\""); - authString += cUser; - authString.AppendLiteral("\", realm=\""); - authString += realm; - authString.AppendLiteral("\", nonce=\""); - authString += nonce; - authString.AppendLiteral("\", uri=\""); + + authString.AssignLiteral("Digest username="); + rv = AppendQuotedString(cUser, authString); + NS_ENSURE_SUCCESS(rv, rv); + + authString.AppendLiteral(", realm="); + rv = AppendQuotedString(realm, authString); + NS_ENSURE_SUCCESS(rv, rv); + + authString.AppendLiteral(", nonce="); + rv = AppendQuotedString(nonce, authString); + NS_ENSURE_SUCCESS(rv, rv); + + authString.AppendLiteral(", uri=\""); authString += path; if (algorithm & ALGO_SPECIFIED) { authString.AppendLiteral("\", algorithm="); if (algorithm & ALGO_MD5_SESS) authString.AppendLiteral("MD5-sess"); else authString.AppendLiteral("MD5"); } else { authString += '\"'; } authString.AppendLiteral(", response=\""); authString += response_digest; + authString += '\"'; if (!opaque.IsEmpty()) { - authString.AppendLiteral("\", opaque=\""); - authString += opaque; + authString.AppendLiteral(", opaque="); + rv = AppendQuotedString(opaque, authString); + NS_ENSURE_SUCCESS(rv, rv); } if (qop) { - authString.AppendLiteral("\", qop="); + authString.AppendLiteral(", qop="); if (requireExtraQuotes) authString += '\"'; authString.AppendLiteral("auth"); if (qop & QOP_AUTH_INT) authString.AppendLiteral("-int"); if (requireExtraQuotes) authString += '\"'; authString.AppendLiteral(", nc="); authString += nonce_count; - authString.AppendLiteral(", cnonce=\""); - authString += cnonce; + + authString.AppendLiteral(", cnonce="); + rv = AppendQuotedString(cnonce, authString); + NS_ENSURE_SUCCESS(rv, rv); } - authString += '\"'; + *creds = ToNewCString(authString); return NS_OK; } NS_IMETHODIMP nsHttpDigestAuth::GetAuthFlags(PRUint32 *flags) { @@ -668,9 +689,44 @@ nsCRT::strncasecmp(challenge+algostart, "auth-int", 8) == 0) *qop |= QOP_AUTH_INT; } } } return NS_OK; } +nsresult +nsHttpDigestAuth::AppendQuotedString(const nsACString & value, + nsACString & aHeaderLine) +{ + nsCAutoString quoted; + nsACString::const_iterator s, e; + value.BeginReading(s); + value.EndReading(e); + + // + // Encode string according to RFC 2616 quoted-string production + // + quoted.Append('"'); + for ( ; s != e; ++s) { + // + // CTL = + // + if (*s <= 31 || *s == 127) { + return NS_ERROR_FAILURE; + } + + // Escape two syntactically significant characters + if (*s == '"' || *s == '\\') { + quoted.Append('\\'); + } + + quoted.Append(*s); + } + // FIXME: bug 41489 + // We should RFC2047-encode non-Latin-1 values according to spec + quoted.Append('"'); + aHeaderLine.Append(quoted); + return NS_OK; +} + // vim: ts=2 sw=2 Index: mozilla/netwerk/protocol/http/src/nsHttpDigestAuth.h =================================================================== --- mozilla.orig/netwerk/protocol/http/src/nsHttpDigestAuth.h 2007-10-09 18:13:40.000000000 +0200 +++ mozilla/netwerk/protocol/http/src/nsHttpDigestAuth.h 2007-10-09 18:13:58.000000000 +0200 @@ -104,15 +104,19 @@ PRUint16 * algorithm, PRUint16 * qop); // result is in mHashBuf nsresult MD5Hash(const char *buf, PRUint32 len); nsresult GetMethodAndPath(nsIHttpChannel *, PRBool, nsCString &, nsCString &); + // append the quoted version of value to aHeaderLine + nsresult AppendQuotedString(const nsACString & value, + nsACString & aHeaderLine); + protected: nsCOMPtr mVerifier; char mHashBuf[DIGEST_LENGTH]; PRBool mGotVerifier; }; #endif // nsHttpDigestAuth_h__ mozilla-384105.patch: nsMenuFrame.cpp | 53 +++++++++++++++++++++++++++++++++++++++++++++++++---- 1 files changed, 49 insertions(+), 4 deletions(-) --- NEW FILE mozilla-384105.patch --- --- layout/xul/base/src/nsMenuFrame.cpp | 53 +++++++++++++++++++++++++++++++++--- 1 file changed, 49 insertions(+), 4 deletions(-) Index: mozilla/layout/xul/base/src/nsMenuFrame.cpp =================================================================== --- mozilla.orig/layout/xul/base/src/nsMenuFrame.cpp 2007-10-09 18:25:33.000000000 +0200 +++ mozilla/layout/xul/base/src/nsMenuFrame.cpp 2007-10-09 18:25:54.000000000 +0200 @@ -694,27 +694,72 @@ if (genVal.IsEmpty()) { child->SetAttr(kNameSpaceID_None, nsXULAtoms::menugenerated, NS_LITERAL_STRING("true"), PR_TRUE); } } return NS_OK; } +struct nsASyncUngenerate : public PLEvent +{ + nsASyncUngenerate(nsIContent* aContent) + : mContent(aContent) + { + } + + void HandleEvent() { + nsAutoString genVal; + mContent->GetAttr(kNameSpaceID_None, nsXULAtoms::menugenerated, genVal); + if (!genVal.IsEmpty()) { + mContent->UnsetAttr(kNameSpaceID_None, nsXULAtoms::menugenerated, + PR_TRUE); + } + } + + nsCOMPtr mContent; +}; + +static void* PR_CALLBACK HandleASyncUngenerate(PLEvent* aEvent) +{ + NS_STATIC_CAST(nsASyncUngenerate*, aEvent)->HandleEvent(); + return nsnull; +} + +static void PR_CALLBACK DestroyASyncUngenerate(PLEvent* aEvent) +{ + delete NS_STATIC_CAST(nsASyncUngenerate*, aEvent); +} + NS_IMETHODIMP nsMenuFrame::UngenerateMenu() { nsCOMPtr child; GetMenuChildrenElement(getter_AddRefs(child)); if (child) { - nsAutoString genVal; - child->GetAttr(kNameSpaceID_None, nsXULAtoms::menugenerated, genVal); - if (!genVal.IsEmpty()) - child->UnsetAttr(kNameSpaceID_None, nsXULAtoms::menugenerated, PR_TRUE); + nsCOMPtr eventService = + do_GetService(kEventQueueServiceCID); + if (eventService) { + nsCOMPtr eventQueue; + eventService->GetThreadEventQueue(PR_GetCurrentThread(), + getter_AddRefs(eventQueue)); + if (eventQueue) { + nsASyncUngenerate* ungenerate = + new nsASyncUngenerate(child); + if (ungenerate) { + PL_InitEvent(ungenerate, nsnull, + ::HandleASyncUngenerate, + ::DestroyASyncUngenerate); + if (NS_FAILED(eventQueue->PostEvent(ungenerate))) { + PL_DestroyEvent(ungenerate); + } + } + } + } } return NS_OK; } NS_IMETHODIMP nsMenuFrame::ActivateMenu(PRBool aActivateFlag) { mozilla-386914.patch: nsXULDocument.cpp | 33 +++++++++++++++++++-------------- 1 files changed, 19 insertions(+), 14 deletions(-) --- NEW FILE mozilla-386914.patch --- --- content/xul/document/src/nsXULDocument.cpp | 33 ++++++++++++++++------------- 1 file changed, 19 insertions(+), 14 deletions(-) Index: mozilla/content/xul/document/src/nsXULDocument.cpp =================================================================== --- mozilla.orig/content/xul/document/src/nsXULDocument.cpp 2007-10-09 18:35:19.000000000 +0200 +++ mozilla/content/xul/document/src/nsXULDocument.cpp 2007-10-09 18:35:37.000000000 +0200 @@ -1097,39 +1097,44 @@ PL_DHashTableOperate(mBroadcasterMap, domele.get(), PL_DHASH_LOOKUP)); if (PL_DHASH_ENTRY_IS_BUSY(entry)) { // We've got listeners: push the value. nsAutoString value; rv = aElement->GetAttr(kNameSpaceID_None, aAttribute, value); - for (PRInt32 i = entry->mListeners.Count() - 1; i >= 0; --i) { + nsCOMArray listenerArray; + PRInt32 i; + for (i = entry->mListeners.Count() - 1; i >= 0; --i) { BroadcastListener* bl = NS_STATIC_CAST(BroadcastListener*, entry->mListeners[i]); if ((bl->mAttribute == aAttribute) || (bl->mAttribute == nsXULAtoms::_star)) { nsCOMPtr listener = do_QueryInterface(bl->mListener); - - if (rv == NS_CONTENT_ATTR_NO_VALUE || - rv == NS_CONTENT_ATTR_HAS_VALUE) { - listener->SetAttr(kNameSpaceID_None, aAttribute, value, - PR_TRUE); - } - else { - listener->UnsetAttr(kNameSpaceID_None, aAttribute, - PR_TRUE); - } - - ExecuteOnBroadcastHandlerFor(aElement, bl->mListener, - aAttribute); + listenerArray.AppendObject(listener); } } + for (i = 0; i < listenerArray.Count(); ++i) { + nsIContent* listener = listenerArray[i]; + if (rv == NS_CONTENT_ATTR_NO_VALUE || + rv == NS_CONTENT_ATTR_HAS_VALUE) { + listener->SetAttr(kNameSpaceID_None, aAttribute, value, + PR_TRUE); + } + else { + listener->UnsetAttr(kNameSpaceID_None, aAttribute, + PR_TRUE); + } + + nsCOMPtr listenerEl = do_QueryInterface(listener); + ExecuteOnBroadcastHandlerFor(aElement, listenerEl, aAttribute); + } } } // Now notify external observers NS_DOCUMENT_NOTIFY_OBSERVERS(AttributeChanged, (this, aElement, aNameSpaceID, aAttribute, aModType)); mozilla-387033.patch: nsTextBoxFrame.cpp | 86 +++++++++++++++++++++++++++++++++++++++++------------ nsTextBoxFrame.h | 7 +++- 2 files changed, 73 insertions(+), 20 deletions(-) --- NEW FILE mozilla-387033.patch --- --- layout/xul/base/src/nsTextBoxFrame.cpp | 86 +++++++++++++++++++++++++-------- layout/xul/base/src/nsTextBoxFrame.h | 7 ++ 2 files changed, 73 insertions(+), 20 deletions(-) Index: mozilla/layout/xul/base/src/nsTextBoxFrame.cpp =================================================================== --- mozilla.orig/layout/xul/base/src/nsTextBoxFrame.cpp 2007-10-09 18:48:08.000000000 +0200 +++ mozilla/layout/xul/base/src/nsTextBoxFrame.cpp 2007-10-09 18:49:59.000000000 +0200 @@ -63,16 +63,17 @@ #include "nsIDocument.h" #include "nsIDOMDocument.h" #include "nsIDOMElement.h" #include "nsIDOMXULLabelElement.h" #include "nsIEventStateManager.h" #include "nsITheme.h" #include "nsUnicharUtils.h" #include "nsContentUtils.h" +#include "nsIReflowCallback.h" #ifdef IBMBIDI #include "nsBidiUtils.h" #include "nsBidiPresUtils.h" #endif // IBMBIDI #include "nsReadableUtils.h" #define ELLIPSIS "..." @@ -145,17 +146,19 @@ // If the accesskey changed, register for the new value // The old value has been unregistered in nsXULElement::SetAttr if (aAttribute == nsXULAtoms::accesskey || aAttribute == nsXULAtoms::control) RegUnregAccessKey(presContext, PR_TRUE); return NS_OK; } -nsTextBoxFrame::nsTextBoxFrame(nsIPresShell* aShell):nsLeafBoxFrame(aShell), mCropType(CropRight),mAccessKeyInfo(nsnull) +nsTextBoxFrame::nsTextBoxFrame(nsIPresShell* aShell) + : nsLeafBoxFrame(aShell), mCropType(CropRight), mAccessKeyInfo(nsnull), + mNeedsReflowCallback(PR_FALSE) { mState |= NS_STATE_NEED_LAYOUT; NeedsRecalc(); } nsTextBoxFrame::~nsTextBoxFrame() { delete mAccessKeyInfo; @@ -216,16 +219,68 @@ const char* prefName = "intl.menuitems.insertseparatorbeforeaccesskeys"; nsAdoptingString val = nsContentUtils::GetLocalizedStringPref(prefName); gInsertSeparatorBeforeAccessKey = val.EqualsLiteral("true"); } return gInsertSeparatorBeforeAccessKey; } +class nsAsyncAccesskeyUpdate : public nsIReflowCallback +{ +public: + nsAsyncAccesskeyUpdate(nsIFrame* aFrame) : mWeakFrame(aFrame) + { + } + + NS_DECL_ISUPPORTS + + NS_IMETHOD ReflowFinished(nsIPresShell* aShell, PRBool* aFlushFlag) + { + nsTextBoxFrame* frame = + NS_STATIC_CAST(nsTextBoxFrame*, mWeakFrame.GetFrame()); + if (frame && frame->UpdateAccesskey(mWeakFrame)) { + *aFlushFlag = PR_TRUE; + } + return NS_OK; + } + + nsWeakFrame mWeakFrame; +}; + +NS_IMPL_ISUPPORTS1(nsAsyncAccesskeyUpdate, nsIReflowCallback) + +PRBool +nsTextBoxFrame::UpdateAccesskey(nsWeakFrame& aWeakThis) +{ + nsAutoString accesskey; + nsCOMPtr labelElement = do_QueryInterface(mContent); + if (labelElement) { + // Accesskey may be stored on control. + nsCxPusher cx(mContent); + labelElement->GetAccessKey(accesskey); + NS_ENSURE_TRUE(aWeakThis.IsAlive(), PR_FALSE); + } + else { + mContent->GetAttr(kNameSpaceID_None, nsXULAtoms::accesskey, accesskey); + } + + if (!accesskey.Equals(mAccessKey)) { + // Need to get clean mTitle. + mContent->GetAttr(kNameSpaceID_None, nsHTMLAtoms::value, mTitle); + mAccessKey = accesskey; + UpdateAccessTitle(); + nsPresContext* presContext = GetPresContext(); + nsBoxLayoutState state(presContext); + MarkDirty(state); + return PR_TRUE; + } + return PR_FALSE; +} + void nsTextBoxFrame::UpdateAttributes(nsPresContext* aPresContext, nsIAtom* aAttribute, PRBool& aResize, PRBool& aRedraw) { PRBool doUpdateTitle = PR_FALSE; aResize = PR_FALSE; @@ -258,34 +313,19 @@ mContent->GetAttr(kNameSpaceID_None, nsHTMLAtoms::value, value); if (!value.Equals(mTitle)) { mTitle = value; doUpdateTitle = PR_TRUE; } } if (aAttribute == nsnull || aAttribute == nsXULAtoms::accesskey) { - nsAutoString accesskey; - nsCOMPtr labelElement = do_QueryInterface(mContent); - if (labelElement) { - labelElement->GetAccessKey(accesskey); // Accesskey may be stored on control - } - else { - mContent->GetAttr(kNameSpaceID_None, nsXULAtoms::accesskey, accesskey); - } - if (!accesskey.Equals(mAccessKey)) { - if (!doUpdateTitle) { - // Need to get clean mTitle and didn't already - nsAutoString value; - mContent->GetAttr(kNameSpaceID_None, nsHTMLAtoms::value, value); - mTitle = value; - doUpdateTitle = PR_TRUE; - } - mAccessKey = accesskey; - } + mNeedsReflowCallback = PR_TRUE; + // Ensure that layout is refreshed and reflow callback called. + aResize = PR_TRUE; } if (doUpdateTitle) { UpdateAccessTitle(); aResize = PR_TRUE; } } @@ -795,16 +835,24 @@ mAccessKeyInfo->mAccesskeyIndex = kNotFound; } } } NS_IMETHODIMP nsTextBoxFrame::DoLayout(nsBoxLayoutState& aBoxLayoutState) { + if (mNeedsReflowCallback) { + nsCOMPtr cb = new nsAsyncAccesskeyUpdate(this); + if (cb) { + GetPresContext()->PresShell()->PostReflowCallback(cb); + } + mNeedsReflowCallback = PR_FALSE; + } + mState |= NS_STATE_NEED_LAYOUT; return nsLeafBoxFrame::DoLayout(aBoxLayoutState); } NS_IMETHODIMP nsTextBoxFrame::NeedsRecalc() { Index: mozilla/layout/xul/base/src/nsTextBoxFrame.h =================================================================== --- mozilla.orig/layout/xul/base/src/nsTextBoxFrame.h 2007-10-09 18:48:08.000000000 +0200 +++ mozilla/layout/xul/base/src/nsTextBoxFrame.h 2007-10-09 18:50:03.000000000 +0200 @@ -85,16 +85,20 @@ nsIRenderingContext& aRenderingContext, const nsRect& aDirtyRect, nsFramePaintLayer aWhichLayer, PRUint32 aFlags = 0); virtual ~nsTextBoxFrame(); protected: + friend class nsAsyncAccesskeyUpdate; + // Should be called only by nsAsyncAccesskeyUpdate. + // Returns PR_TRUE if accesskey was updated. + PRBool UpdateAccesskey(nsWeakFrame& aWeakThis); void UpdateAccessTitle(); void UpdateAccessIndex(); NS_IMETHOD PaintTitle(nsPresContext* aPresContext, nsIRenderingContext& aRenderingContext, const nsRect& aDirtyRect, const nsRect& aRect); @@ -128,17 +132,18 @@ PRBool InsertSeparatorBeforeAccessKey(); CroppingStyle mCropType; nsString mTitle; nsString mCroppedTitle; nsString mAccessKey; nscoord mTitleWidth; nsAccessKeyInfo* mAccessKeyInfo; - PRBool mNeedsRecalc; + PRPackedBool mNeedsRecalc; + PRPackedBool mNeedsReflowCallback; nsSize mTextSize; nscoord mAscent; static PRBool gAlwaysAppendAccessKey; static PRBool gAccessKeyPrefInitialized; static PRBool gInsertSeparatorBeforeAccessKey; static PRBool gInsertSeparatorPrefInitialized; mozilla-387881.patch: jsscript.c | 12 ++++++++++-- 1 files changed, 10 insertions(+), 2 deletions(-) --- NEW FILE mozilla-387881.patch --- --- js/src/jsscript.c | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) Index: mozilla/js/src/jsscript.c =================================================================== --- mozilla.orig/js/src/jsscript.c 2007-10-09 18:58:04.000000000 +0200 +++ mozilla/js/src/jsscript.c 2007-10-09 19:03:36.000000000 +0200 @@ -223,19 +223,27 @@ fp = cx->fp; caller = JS_GetScriptedCaller(cx, fp); JS_ASSERT(!caller || fp->scopeChain == caller->scopeChain); if (caller) { if (!scopeobj) scopeobj = caller->scopeChain; - file = caller->script->filename; - line = js_PCToLineNumber(cx, caller->script, caller->pc); + if (!scopeobj) + return JS_FALSE; + principals = JS_EvalFramePrincipals(cx, fp, caller); + if (principals == caller->script->principals) { + file = caller->script->filename; + line = js_PCToLineNumber(cx, caller->script, caller->pc); + } else { + file = principals->codebase; + line = 0; + } } else { file = NULL; line = 0; principals = NULL; } /* Ensure we compile this script with the right (inner) principals. */ scopeobj = js_CheckScopeChainValidity(cx, scopeobj, js_script_compile); mozilla-388121.patch: content/base/src/nsFrameLoader.cpp | 31 ++----- docshell/base/nsDocShell.cpp | 51 +++++++------ embedding/components/windowwatcher/src/nsWindowWatcher.cpp | 11 ++ 3 files changed, 52 insertions(+), 41 deletions(-) --- NEW FILE mozilla-388121.patch --- --- content/base/src/nsFrameLoader.cpp | 31 ++----- docshell/base/nsDocShell.cpp | 51 +++++++------ embedding/components/windowwatcher/src/nsWindowWatcher.cpp | 11 ++ 3 files changed, 52 insertions(+), 41 deletions(-) Index: mozilla/content/base/src/nsFrameLoader.cpp =================================================================== --- mozilla.orig/content/base/src/nsFrameLoader.cpp 2007-10-09 19:22:51.000000000 +0200 +++ mozilla/content/base/src/nsFrameLoader.cpp 2007-10-09 19:23:15.000000000 +0200 @@ -155,37 +155,26 @@ rv = CheckForRecursiveLoad(uri); NS_ENSURE_SUCCESS(rv, rv); // Is our principal the system principal? nsCOMPtr sysPrin; rv = secMan->GetSystemPrincipal(getter_AddRefs(sysPrin)); NS_ENSURE_SUCCESS(rv, rv); - if (principal == sysPrin) { - // We're a chrome node. Belt and braces -- inherit the principal for this - // load instead of just forcing the system principal. That way if we have - // something loaded already the principal used will be that of what we - // already have loaded. - - // XXX bz I'd love to nix this, but the problem is chrome calling - // setAttribute() on an iframe or browser and passing in a javascript: URI. - // We probably don't want to run that with chrome privileges... Though in - // similar circumstances, if one sets window.location.href from chrome we - // _do_ run that with chrome privileges, so maybe we should do the same - // here? - loadInfo->SetInheritOwner(PR_TRUE); - - // Also, in this case we don't set a referrer, just in case. - } else { - // We'll use our principal, not that of the document loaded inside us. - // This is very important; needed to prevent XSS attacks on documents - // loaded in subframes! - loadInfo->SetOwner(principal); - + // We'll use our principal, not that of the document loaded inside us. + // This is very important; needed to prevent XSS attacks on documents + // loaded in subframes! Note that if |principal == sysPrin| the + // situation is handled by nsDocShell::LoadURI. + loadInfo->SetOwner(principal); + + // Don't set referrer if we're the system principal. + // XXXbz not like it matters -- the URI of the system principal is + // null on branch... + if (principal != sysPrin) { nsCOMPtr referrer; rv = principal->GetURI(getter_AddRefs(referrer)); NS_ENSURE_SUCCESS(rv, rv); loadInfo->SetReferrer(referrer); } // Kick off the load... Index: mozilla/docshell/base/nsDocShell.cpp =================================================================== --- mozilla.orig/docshell/base/nsDocShell.cpp 2007-10-09 19:22:51.000000000 +0200 +++ mozilla/docshell/base/nsDocShell.cpp 2007-10-09 19:23:09.000000000 +0200 @@ -760,41 +760,52 @@ PR_LOG(gDocShellLog, PR_LOG_DEBUG, ("nsDocShell[%p]: loading from session history", this)); #endif rv = LoadHistoryEntry(shEntry, loadType); } // Perform the load... else { - // We need an owner (a referring principal). 3 possibilities: - // (1) If a principal was passed in, that's what we'll use. - // (2) If the caller has allowed inheriting from the current document, - // or if we're being called from chrome (if there's system JS on the stack), - // then inheritOwner should be true and InternalLoad will get an owner - // from the current document. If none of these things are true, then - // (3) we pass a null owner into the channel, and an owner will be - // created later from the URL. - if (!owner && !inheritOwner) { - // See if there's system or chrome JS code running - nsCOMPtr secMan; + // We need an owner (a referring principal). 4 possibilities: + // (1) If the system principal was passed in and we're a typeContent + // docshell, inherit the principal from the current document + // instead. + // (2) In all other cases when the principal passed in is not null, + // use that principal. + // (3) If the caller has allowed inheriting from the current + // document, or if we're being called from chrome (if there's + // system JS on the stack), then inheritOwner should be true and + // InternalLoad will get an owner from the current document. If + // none of these things are true, then + // (4) we pass a null owner into the channel, and an owner will be + // created later from the channel's internal data. + nsCOMPtr secMan = + do_GetService(NS_SCRIPTSECURITYMANAGER_CONTRACTID, &rv); + NS_ENSURE_SUCCESS(rv, rv); - secMan = do_GetService(NS_SCRIPTSECURITYMANAGER_CONTRACTID, &rv); + // Just to compare, not to use! + nsCOMPtr sysPrin; + rv = secMan->GetSystemPrincipal(getter_AddRefs(sysPrin)); + NS_ENSURE_SUCCESS(rv, rv); + + if (owner == sysPrin && mItemType != typeChrome) { + owner = nsnull; + inheritOwner = PR_TRUE; + } + else if (!owner && !inheritOwner) { + // See if there's system or chrome JS code running if (NS_SUCCEEDED(rv)) { - nsCOMPtr sysPrin; nsCOMPtr subjectPrin; - // Just to compare, not to use! - rv = secMan->GetSystemPrincipal(getter_AddRefs(sysPrin)); - if (NS_SUCCEEDED(rv)) { - rv = secMan->GetSubjectPrincipal(getter_AddRefs(subjectPrin)); - } - // If there's no subject principal, there's no JS running, so we're in system code. + rv = secMan->GetSubjectPrincipal(getter_AddRefs(subjectPrin)); + // If there's no subject principal, there's no JS running, so + // we're in system code. if (NS_SUCCEEDED(rv) && - (!subjectPrin || sysPrin.get() == subjectPrin.get())) { + (!subjectPrin || sysPrin == subjectPrin)) { inheritOwner = PR_TRUE; } } } PRUint32 flags = 0; if (inheritOwner) Index: mozilla/embedding/components/windowwatcher/src/nsWindowWatcher.cpp =================================================================== --- mozilla.orig/embedding/components/windowwatcher/src/nsWindowWatcher.cpp 2007-10-09 19:22:51.000000000 +0200 +++ mozilla/embedding/components/windowwatcher/src/nsWindowWatcher.cpp 2007-10-09 19:23:12.000000000 +0200 @@ -772,16 +772,27 @@ nsIPrincipal* newWindowPrincipal = subjectPrincipal; if (!newWindowPrincipal && aParent) { nsCOMPtr sop(do_QueryInterface(aParent)); if (sop) { newWindowPrincipal = sop->GetPrincipal(); } } + nsCOMPtr systemPrincipal; + sm->GetSystemPrincipal(getter_AddRefs(systemPrincipal)); + if (newWindowPrincipal == systemPrincipal) { + // Don't pass this principal along to content windows + PRInt32 itemType; + rv = newDocShellItem->GetItemType(&itemType); + if (NS_FAILED(rv) || itemType != nsIDocShellTreeItem::typeChrome) { + newWindowPrincipal = nsnull; + } + } + nsCOMPtr newWindow = do_QueryInterface(*_retval); #ifdef DEBUG nsCOMPtr newDebugWindow = do_GetInterface(newDocShell); NS_ASSERTION(newWindow == newDebugWindow, "Different windows??"); #endif if (newWindow) { newWindow->SetOpenerScriptPrincipal(newWindowPrincipal); mozilla-388784.patch: nsHTMLLabelElement.cpp | 34 ++++++++++++++++++++++++++++++---- 1 files changed, 30 insertions(+), 4 deletions(-) --- NEW FILE mozilla-388784.patch --- --- content/html/content/src/nsHTMLLabelElement.cpp | 34 +++++++++++++++++++++--- 1 file changed, 30 insertions(+), 4 deletions(-) Index: mozilla/content/html/content/src/nsHTMLLabelElement.cpp =================================================================== --- mozilla.orig/content/html/content/src/nsHTMLLabelElement.cpp 2007-10-11 12:50:48.000000000 +0200 +++ mozilla/content/html/content/src/nsHTMLLabelElement.cpp 2007-10-11 12:51:10.000000000 +0200 @@ -46,17 +46,17 @@ #include "nsIForm.h" #include "nsIDOMHTMLDocument.h" #include "nsIDOMXULDocument.h" #include "nsIDocument.h" #include "nsIFormControlFrame.h" #include "nsIPresShell.h" #include "nsGUIEvent.h" #include "nsIEventStateManager.h" - +#include "nsIDOMHTMLInputElement.h" class nsHTMLLabelElement : public nsGenericHTMLFormElement, public nsIDOMHTMLLabelElement { public: nsHTMLLabelElement(nsINodeInfo *aNodeInfo); virtual ~nsHTMLLabelElement(); @@ -67,16 +67,19 @@ NS_FORWARD_NSIDOMNODE_NO_CLONENODE(nsGenericHTMLFormElement::) // nsIDOMElement NS_FORWARD_NSIDOMELEMENT(nsGenericHTMLFormElement::) // nsIDOMHTMLElement NS_FORWARD_NSIDOMHTMLELEMENT(nsGenericHTMLFormElement::) + // nsIDOMNSHTMLElement + NS_IMETHOD Focus(); + // nsIDOMHTMLLabelElement NS_DECL_NSIDOMHTMLLABELELEMENT // nsIFormControl NS_IMETHOD_(PRInt32) GetType() const { return NS_FORM_LABEL; } NS_IMETHOD Reset(); NS_IMETHOD SubmitNamesValues(nsIFormSubmission* aFormSubmission, nsIContent* aSubmitElement); @@ -103,28 +106,30 @@ virtual nsresult UnsetAttr(PRInt32 aNameSpaceID, nsIAtom* aAttribute, PRBool aNotify); protected: already_AddRefed GetForContent(); already_AddRefed GetFirstFormControl(nsIContent *current); // XXX It would be nice if we could use an event flag instead. - PRBool mHandlingEvent; + PRPackedBool mHandlingEvent; + PRPackedBool mFocusCalled; }; // construction, destruction NS_IMPL_NS_NEW_HTML_ELEMENT(Label) nsHTMLLabelElement::nsHTMLLabelElement(nsINodeInfo *aNodeInfo) : nsGenericHTMLFormElement(aNodeInfo), - mHandlingEvent(PR_FALSE) + mHandlingEvent(PR_FALSE), + mFocusCalled(PR_FALSE) { } nsHTMLLabelElement::~nsHTMLLabelElement() { } // nsISupports @@ -268,24 +273,45 @@ } break; } mHandlingEvent = PR_FALSE; } return rv; } +nsresult +nsHTMLLabelElement::Focus() +{ + PRBool oldFocusCalled = mFocusCalled; + mFocusCalled = PR_TRUE; + nsresult rv = nsGenericHTMLFormElement::Focus(); + mFocusCalled = oldFocusCalled; + return rv; +} + void nsHTMLLabelElement::SetFocus(nsPresContext* aContext) { // Since we don't have '-moz-user-focus: normal', the only time // |SetFocus| will be called is when the accesskey is activated. nsCOMPtr content = GetForContent(); - if (content) + if (content) { + if (mFocusCalled) { + // Handle input element in a special way, so that focusing + // doesn't focus the input field but the + // 'browse...' button. + nsCOMPtr input = do_QueryInterface(content); + if (input) { + input->Focus(); + return; + } + } content->SetFocus(aContext); + } } nsresult nsHTMLLabelElement::Reset() { return NS_OK; } mozilla-390078.patch: jsgc.c | 2 +- 1 files changed, 1 insertion(+), 1 deletion(-) --- NEW FILE mozilla-390078.patch --- --- js/src/jsgc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) Index: mozilla/js/src/jsgc.c =================================================================== --- mozilla.orig/js/src/jsgc.c 2007-10-11 13:29:44.000000000 +0200 +++ mozilla/js/src/jsgc.c 2007-10-11 13:31:23.000000000 +0200 @@ -1767,17 +1767,17 @@ GC_MARK(cx, fp->thisp, "this", NULL); if (fp->argv) { nslots = fp->argc; if (fp->fun) { if (fp->fun->nargs > nslots) nslots = fp->fun->nargs; nslots += fp->fun->extra; } - GC_MARK_JSVALS(cx, nslots, fp->argv, "arg"); + GC_MARK_JSVALS(cx, nslots + 2, fp->argv - 2, "arg"); } if (JSVAL_IS_GCTHING(fp->rval)) GC_MARK(cx, JSVAL_TO_GCTHING(fp->rval), "rval", NULL); if (fp->vars) GC_MARK_JSVALS(cx, fp->nvars, fp->vars, "var"); GC_MARK(cx, fp->scopeChain, "scope chain", NULL); if (fp->sharpArray) GC_MARK(cx, fp->sharpArray, "sharp array", NULL); mozilla-392149-180.patch: nsAppRunner.cpp | 23 ++++++++++++++++------- 1 files changed, 16 insertions(+), 7 deletions(-) --- NEW FILE mozilla-392149-180.patch --- --- mozilla/toolkit/xre/nsAppRunner.cpp.old 2006-11-09 21:55:12.000000000 +0100 +++ mozilla/toolkit/xre/nsAppRunner.cpp 2007-10-17 17:41:20.000000000 +0200 @@ -299,6 +299,12 @@ strimatch(const char* lowerstr, const ch return PR_TRUE; } +enum RemoteResult { + REMOTE_NOT_FOUND = 0, + REMOTE_FOUND = 1, + REMOTE_ARG_BAD = 2 +}; + enum ArgResult { ARG_NONE = 0, ARG_FOUND = 1, @@ -978,7 +984,7 @@ HandleRemoteArgument(const char* remote) return 0; } -static PRBool +static RemoteResult RemoteCommandLine() { nsresult rv; @@ -992,7 +998,7 @@ RemoteCommandLine() ar = CheckArg("a", &temp); if (ar == ARG_BAD) { PR_fprintf(PR_STDERR, "Error: argument -a requires an application name\n"); - return PR_FALSE; + return REMOTE_ARG_BAD; } else if (ar == ARG_FOUND) { program.Assign(temp); } @@ -1000,13 +1006,13 @@ RemoteCommandLine() ar = CheckArg("u", &username); if (ar == ARG_BAD) { PR_fprintf(PR_STDERR, "Error: argument -u requires a username\n"); - return PR_FALSE; + return REMOTE_ARG_BAD; } XRemoteClient client; rv = client.Init(); if (NS_FAILED(rv)) - return PR_FALSE; + return REMOTE_NOT_FOUND; nsXPIDLCString response; PRBool success = PR_FALSE; @@ -1015,9 +1021,9 @@ RemoteCommandLine() getter_Copies(response), &success); // did the command fail? if (NS_FAILED(rv) || !success) - return PR_FALSE; + return REMOTE_NOT_FOUND; - return PR_TRUE; + return REMOTE_FOUND; } #endif // MOZ_ENABLE_XREMOTE @@ -2068,8 +2074,11 @@ XRE_main(int argc, char* argv[], const n if (!PR_GetEnv("MOZ_NO_REMOTE")) { // Try to remote the entire command line. If this fails, start up normally. - if (RemoteCommandLine()) + RemoteResult rr = RemoteCommandLine(); + if (rr == REMOTE_FOUND) return 0; + else if (rr == REMOTE_ARG_BAD) + return 1; } #endif mozilla-393537.patch: jsopcode.c | 12 ++++++++---- 1 files changed, 8 insertions(+), 4 deletions(-) --- NEW FILE mozilla-393537.patch --- --- js/src/jsopcode.c | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) Index: mozilla/js/src/jsopcode.c =================================================================== --- mozilla.orig/js/src/jsopcode.c 2007-10-11 13:38:41.000000000 +0200 +++ mozilla/js/src/jsopcode.c 2007-10-11 13:38:52.000000000 +0200 @@ -351,25 +351,29 @@ #define OFF2STR(sp,off) ((sp)->base + (off)) #define STR2OFF(sp,str) ((str) - (sp)->base) #define RETRACT(sp,str) ((sp)->offset = STR2OFF(sp, str)) static JSBool SprintAlloc(Sprinter *sp, size_t nb) { - if (!sp->base) { - JS_ARENA_ALLOCATE_CAST(sp->base, char *, sp->pool, nb); + char *base; + + base = sp->base; + if (!base) { + JS_ARENA_ALLOCATE_CAST(base, char *, sp->pool, nb); } else { - JS_ARENA_GROW_CAST(sp->base, char *, sp->pool, sp->size, nb); + JS_ARENA_GROW_CAST(base, char *, sp->pool, sp->size, nb); } - if (!sp->base) { + if (!base) { JS_ReportOutOfMemory(sp->context); return JS_FALSE; } + sp->base = base; sp->size += nb; return JS_TRUE; } static ptrdiff_t SprintPut(Sprinter *sp, const char *s, size_t len) { ptrdiff_t nb, offset; mozilla-395942-180.patch: mail/components/nsMailDefaultHandler.js | 29 +++++++++++++--- toolkit/mozapps/extensions/src/nsExtensionManager.js.in | 6 +++ xpfe/bootstrap/Makefile.in | 1 xpfe/bootstrap/nsAppRunner.cpp | 21 +++++++++++ 4 files changed, 53 insertions(+), 4 deletions(-) --- NEW FILE mozilla-395942-180.patch --- --- browser/components/nsBrowserContentHandler.js | 28 +++++++++++++--- toolkit/mozapps/extensions/src/nsExtensionManager.js.in | 6 +++ xpfe/bootstrap/Makefile.in | 1 xpfe/bootstrap/nsAppRunner.cpp | 21 ++++++++++++ 4 files changed, 51 insertions(+), 5 deletions(-) Index: mozilla/toolkit/mozapps/extensions/src/nsExtensionManager.js.in =================================================================== --- mozilla.orig/toolkit/mozapps/extensions/src/nsExtensionManager.js.in +++ mozilla/toolkit/mozapps/extensions/src/nsExtensionManager.js.in @@ -2506,16 +2506,22 @@ /** * Installs an XPI/JAR file into the KEY_APP_GLOBAL install location. * @param file * The XPI/JAR file to extract */ _installGlobalItem: function(file) { if (!file || !file.exists()) throw new Error("Unable to find the file specified on the command line!"); +#ifdef XP_WIN + // make sure the file is local on Windows + file.normalize(); + if (file.path[1] != ':') + throw new Error("Can't install global chrome from non-local file "+file.path); +#endif var installManifestFile = extractRDFFileToTempDir(file, FILE_INSTALL_MANIFEST, true); if (!installManifestFile.exists()) throw new Error("The package is missing an install manifest!"); var installManifest = getInstallManifest(installManifestFile); installManifestFile.remove(false); var installData = this._getInstallData(installManifest); var installer = new Installer(installManifest, installData.id, InstallLocations.get(KEY_APP_GLOBAL), Index: mozilla/xpfe/bootstrap/nsAppRunner.cpp =================================================================== --- mozilla.orig/xpfe/bootstrap/nsAppRunner.cpp +++ mozilla/xpfe/bootstrap/nsAppRunner.cpp @@ -87,16 +87,19 @@ #include "nsIEventQueueService.h" #include "nsDirectoryServiceDefs.h" #include "nsBuildID.h" #include "nsIWindowCreator.h" #include "nsIWindowWatcher.h" #include "nsILocalFile.h" #include "nsILookAndFeel.h" #include "nsIProcess.h" +#include "nsIIOService.h" +#include "nsIJARURI.h" +#include "nsNetCID.h" #ifdef MOZ_XPINSTALL #include "InstallCleanupDefines.h" #include "nsISoftwareUpdate.h" #endif // Interfaces Needed #include "nsIXULWindow.h" @@ -578,16 +581,34 @@ if (openWindowWithArgs) { NS_ConvertASCIItoUTF16 cmdArgs(cmdResult); #ifdef DEBUG_CMD_LINE printf("opening %s with %s\n", chromeUrlForTask.get(), "OpenWindow"); #endif /* DEBUG_CMD_LINE */ rv = OpenWindow(chromeUrlForTask, cmdArgs); } else { + // We need to emulate checkLoadURI because we don't have a window yet + nsCOMPtr ioService = do_GetService(NS_IOSERVICE_CONTRACTID, &rv); + if (NS_FAILED(rv)) return rv; + nsCOMPtr baseURI; + rv = ioService->NewURI(cmdResult, nsnull, nsnull, getter_AddRefs(baseURI)); + if (NS_FAILED(rv)) return rv; + nsCOMPtr jarURI(do_QueryInterface(baseURI)); + while (jarURI) { + rv = jarURI->GetJARFile(getter_AddRefs(baseURI)); + if (NS_FAILED(rv)) return rv; + jarURI = do_QueryInterface(baseURI); + } + PRBool scriptOrData = PR_FALSE; + baseURI->SchemeIs("javascript", &scriptOrData); + if (!scriptOrData) + baseURI->SchemeIs("data", &scriptOrData); + if (scriptOrData) + return NS_ERROR_FAILURE; #ifdef DEBUG_CMD_LINE printf("opening %s with %s\n", cmdResult.get(), "OpenWindow"); #endif /* DEBUG_CMD_LINE */ rv = OpenWindow(cmdResult, width, height); if (NS_FAILED(rv)) return rv; } // If we get here without an error, then a window was opened OK. if (NS_SUCCEEDED(rv)) { Index: mozilla/xpfe/bootstrap/Makefile.in =================================================================== --- mozilla.orig/xpfe/bootstrap/Makefile.in +++ mozilla/xpfe/bootstrap/Makefile.in @@ -95,16 +95,17 @@ windowwatcher \ embed_base \ embedcomponents \ docshell \ locale \ profile \ chrome \ xremoteclient \ + jar \ $(NULL) # for jprof REQUIRES += jprof ifdef NS_TRACE_MALLOC REQUIRES += tracemalloc endif --- mozilla/mail/components/nsMailDefaultHandler.js.old 2006-04-26 05:49:00.000000000 +0200 +++ mozilla/mail/components/nsMailDefaultHandler.js 2007-10-17 12:42:21.000000000 +0200 @@ -41,6 +41,7 @@ const nsICommandLine = Compone const nsICommandLineHandler = Components.interfaces.nsICommandLineHandler; const nsIDOMWindowInternal = Components.interfaces.nsIDOMWindowInternal; const nsIFactory = Components.interfaces.nsIFactory; +const nsIJARURI = Components.interfaces.nsIJARURI; const nsISupportsString = Components.interfaces.nsISupportsString; const nsIWindowMediator = Components.interfaces.nsIWindowMediator; const nsIWindowWatcher = Components.interfaces.nsIWindowWatcher; @@ -186,11 +187,31 @@ var nsMailDefaultHandler = { .getService(nsIWindowWatcher); var argstring = Components.classes["@mozilla.org/supports-string;1"] .createInstance(nsISupportsString); - wwatch.openWindow(null, chromeParam, "_blank", - "chrome,dialog=no,all", argstring); - cmdLine.preventDefault = true; + + try { + // only load URIs which do not inherit chrome privs. + + // normally would call checkLoadURI( ,DISALLOW_SCRIPT_OR_DATA) + // for this, but in this context we crash when the security manager + // tries to throw an exception (no window object here). On the branch + // we need to simulate the important bits + var uri = resolveURIInternal(cmdLine, chromeParam); + while (uri instanceof nsIJARURI) { + // unpack to find the real scheme + uri = uri.JARFile; + } + if (!uri.schemeIs("javascript") && !uri.schemeIs("data")) { + wwatch.openWindow(null, uri.spec, "_blank", + "chrome,dialog=no,all", argstring); + cmdLine.preventDefault = true; + } + } + catch (e) { + dump(e); + throw Components.results.NS_ERROR_ABORT; + } } - + var count = cmdLine.length; if (count) { var i = 0; Index: .cvsignore =================================================================== RCS file: /cvs/dist/rpms/thunderbird/FC-6/.cvsignore,v retrieving revision 1.14 retrieving revision 1.15 diff -u -r1.14 -r1.15 --- .cvsignore 20 Jul 2007 01:04:32 -0000 1.14 +++ .cvsignore 19 Oct 2007 11:07:23 -0000 1.15 @@ -1,2 +1,3 @@ mozilla-180-20070717.tar.bz2 thunderbird-langpacks-1.5.0.12-20070530.tar.bz2 +thunderbird-180-20071018.tar.bz2 mozilla-381300.patch: caps/src/nsPrincipal.cpp | 39 --- caps/src/nsScriptSecurityManager.cpp | 33 +- content/base/public/nsIDocument.h | 42 +++ content/base/src/nsDocument.cpp | 2 content/base/src/nsDocument.h | 1 content/base/src/nsFrameLoader.cpp | 7 content/html/document/src/nsHTMLDocument.cpp | 44 +-- docshell/base/nsDocShell.cpp | 154 +++++++++--- docshell/base/nsDocShell.h | 16 + dom/public/base/nsPIDOMWindow.h | 29 ++ dom/src/base/nsGlobalWindow.cpp | 161 +++++++------ dom/src/base/nsGlobalWindow.h | 10 dom/src/jsurl/nsJSProtocolHandler.cpp | 6 embedding/components/windowwatcher/src/Makefile.in | 1 embedding/components/windowwatcher/src/nsWindowWatcher.cpp | 61 ++++ embedding/components/windowwatcher/src/nsWindowWatcher.h | 1 16 files changed, 395 insertions(+), 212 deletions(-) Index: mozilla-381300.patch =================================================================== RCS file: /cvs/dist/rpms/thunderbird/FC-6/mozilla-381300.patch,v retrieving revision 1.1 retrieving revision 1.2 diff -u -r1.1 -r1.2 --- mozilla-381300.patch 20 Jul 2007 01:04:32 -0000 1.1 +++ mozilla-381300.patch 19 Oct 2007 11:07:23 -0000 1.2 @@ -18,9 +18,14 @@ Index: mozilla/caps/src/nsPrincipal.cpp =================================================================== ---- mozilla.orig/caps/src/nsPrincipal.cpp 2007-07-16 11:51:44.000000000 +0200 -+++ mozilla/caps/src/nsPrincipal.cpp 2007-07-16 11:53:05.000000000 +0200 -@@ -260,15 +260,10 @@ +--- mozilla.orig/caps/src/nsPrincipal.cpp 2007-10-09 12:48:36.000000000 +0200 ++++ mozilla/caps/src/nsPrincipal.cpp 2007-10-09 12:48:38.000000000 +0200 +@@ -255,60 +255,29 @@ + aOther->GetSubjectName(str); + *aResult = str.Equals(mCert->subjectName) || str.IsEmpty(); + } + + return NS_OK; } // Codebases are equal if they have the same origin. @@ -40,7 +45,9 @@ } *aResult = PR_TRUE; -@@ -278,32 +273,6 @@ + return NS_OK; + } + NS_IMETHODIMP nsPrincipal::Subsumes(nsIPrincipal *aOther, PRBool *aResult) { @@ -73,11 +80,21 @@ return Equals(aOther, aResult); } + NS_IMETHODIMP + nsPrincipal::CanEnableCapability(const char *capability, PRInt16 *result) + { + // If this principal is marked invalid, can't enable any capabilities + nsCStringKey invalidKey(sInvalid); Index: mozilla/caps/src/nsScriptSecurityManager.cpp =================================================================== ---- mozilla.orig/caps/src/nsScriptSecurityManager.cpp 2007-07-16 11:51:44.000000000 +0200 -+++ mozilla/caps/src/nsScriptSecurityManager.cpp 2007-07-16 11:53:05.000000000 +0200 -@@ -273,7 +273,7 @@ +--- mozilla.orig/caps/src/nsScriptSecurityManager.cpp 2007-10-09 12:48:36.000000000 +0200 ++++ mozilla/caps/src/nsScriptSecurityManager.cpp 2007-10-09 12:48:38.000000000 +0200 +@@ -268,17 +268,17 @@ + *result = PR_FALSE; + + if (aSourceURI == aTargetURI) + { + *result = PR_TRUE; return NS_OK; } @@ -86,7 +103,17 @@ { // return false return NS_OK; -@@ -863,8 +863,14 @@ + } + + // If either uri is a jar URI, get the base URI + nsCOMPtr jarURI; + nsCOMPtr sourceBaseURI(aSourceURI); +@@ -858,34 +858,46 @@ + PRBool aIsCheckConnect) + { + /* + ** Get origin of subject and object and compare. + */ if (aSubject == aObject) return NS_OK; @@ -101,7 +128,10 @@ if (aIsCheckConnect) { // Don't use domain for CheckConnect calls, since that's called for -@@ -875,12 +881,18 @@ + // data-only load checks like XMLHTTPRequest (bug 290100). + aSubject->GetURI(getter_AddRefs(subjectURI)); + aObject->GetURI(getter_AddRefs(objectURI)); + } else { aSubject->GetDomain(getter_AddRefs(subjectURI)); @@ -122,7 +152,17 @@ } PRBool isSameOrigin = PR_FALSE; -@@ -899,24 +911,11 @@ + nsresult rv = SecurityCompareURIs(subjectURI, objectURI, &isSameOrigin); + NS_ENSURE_SUCCESS(rv, rv); + + if (isSameOrigin) + { // If either the subject or the object has changed its principal by +@@ -894,34 +906,21 @@ + // DNS spoofing based on document.domain (154930) + + // But this restriction does not apply to CheckConnect calls, since + // that's called for data-only load checks like XMLHTTPRequest where + // we ignore domain (bug 290100). if (aIsCheckConnect) return NS_OK; @@ -148,11 +188,21 @@ /* ** Access tests failed, so now report error. */ + return NS_ERROR_DOM_PROP_ACCESS_DENIED; + } + + + nsresult Index: mozilla/content/base/public/nsIDocument.h =================================================================== ---- mozilla.orig/content/base/public/nsIDocument.h 2007-07-16 11:51:44.000000000 +0200 -+++ mozilla/content/base/public/nsIDocument.h 2007-07-16 11:53:05.000000000 +0200 -@@ -841,7 +841,7 @@ +--- mozilla.orig/content/base/public/nsIDocument.h 2007-10-09 12:48:36.000000000 +0200 ++++ mozilla/content/base/public/nsIDocument.h 2007-10-09 12:48:38.000000000 +0200 +@@ -836,17 +836,17 @@ + // The document's security info + nsCOMPtr mSecurityInfo; + + // if this document is part of a multipart document, + // the ID can be used to distinguish it from the other parts. PRUint32 mPartID; }; @@ -161,7 +211,17 @@ #define NS_IDOCUMENT_MOZILLA_1_8_0_BRANCH_IID \ { 0x7d001ad2, 0x01ac, 0x4bf2, \ { 0xb8, 0x3a, 0x50, 0xaa, 0xed, 0xc6, 0x1d, 0xfa } } -@@ -870,6 +870,46 @@ + + class nsIDocument_MOZILLA_1_8_0_BRANCH : public nsISupports + { + public: + NS_DEFINE_STATIC_IID_ACCESSOR(NS_IDOCUMENT_MOZILLA_1_8_0_BRANCH_IID) +@@ -865,16 +865,56 @@ + * + * @param aIndex the index of the child to remove + * @param aNotify whether to notify the document that the remove has + * occurred + */ virtual nsresult RemoveChildAt(PRUint32 aIndex, PRBool aNotify) = 0; }; @@ -208,11 +268,21 @@ /** * Helper class to automatically handle batching of document updates. This * class will call BeginUpdate on construction and EndUpdate on destruction on + * the given document with the given update type. The document could be null, + * in which case no updates will be called. The constructor also takes a + * boolean that can be set to false to prevent notifications. + */ + class mozAutoDocUpdate Index: mozilla/content/base/src/nsDocument.cpp =================================================================== ---- mozilla.orig/content/base/src/nsDocument.cpp 2007-07-16 11:51:44.000000000 +0200 -+++ mozilla/content/base/src/nsDocument.cpp 2007-07-16 11:53:05.000000000 +0200 -@@ -783,6 +783,7 @@ +--- mozilla.orig/content/base/src/nsDocument.cpp 2007-10-09 12:48:36.000000000 +0200 ++++ mozilla/content/base/src/nsDocument.cpp 2007-10-09 12:48:38.000000000 +0200 +@@ -778,16 +778,17 @@ + // = + // ================================================================== + + // NOTE! nsDocument::operator new() zeroes out all members, so don't + // bother initializing members to 0. nsDocument::nsDocument() : nsIDocument(), @@ -220,7 +290,17 @@ mVisible(PR_TRUE) { #ifdef PR_LOGGING -@@ -916,6 +917,7 @@ + if (!gDocumentLeakPRLog) + gDocumentLeakPRLog = PR_NewLogModule("DocumentLeak"); + + if (gDocumentLeakPRLog) + PR_LOG(gDocumentLeakPRLog, PR_LOG_DEBUG, +@@ -911,16 +912,17 @@ + } + + PRBool gCheckedForXPathDOM = PR_FALSE; + PRBool gHaveXPathDOM = PR_FALSE; + NS_INTERFACE_MAP_BEGIN(nsDocument) NS_INTERFACE_MAP_ENTRY(nsIDocument) NS_INTERFACE_MAP_ENTRY(nsIDocument_MOZILLA_1_8_0_BRANCH) @@ -228,11 +308,21 @@ NS_INTERFACE_MAP_ENTRY(nsIDOMDocument) NS_INTERFACE_MAP_ENTRY(nsIDOMNSDocument) NS_INTERFACE_MAP_ENTRY(nsIDOMDocumentEvent) + NS_INTERFACE_MAP_ENTRY(nsIDOM3DocumentEvent) + NS_INTERFACE_MAP_ENTRY(nsIDOMDocumentStyle) + NS_INTERFACE_MAP_ENTRY(nsIDOMNSDocumentStyle) + NS_INTERFACE_MAP_ENTRY(nsIDOMDocumentView) + NS_INTERFACE_MAP_ENTRY(nsIDOMDocumentRange) Index: mozilla/content/base/src/nsDocument.h =================================================================== ---- mozilla.orig/content/base/src/nsDocument.h 2007-07-16 11:51:44.000000000 +0200 -+++ mozilla/content/base/src/nsDocument.h 2007-07-16 11:53:05.000000000 +0200 -@@ -365,6 +365,7 @@ +--- mozilla.orig/content/base/src/nsDocument.h 2007-10-09 12:48:36.000000000 +0200 ++++ mozilla/content/base/src/nsDocument.h 2007-10-09 12:48:38.000000000 +0200 +@@ -360,16 +360,17 @@ + // really an nsIDOMXMLDocument. The reason for implementing + // nsIDOMXMLDocument on this class is to avoid having to duplicate all + // its inherited methods on document classes that *are* + // nsIDOMXMLDocument's. nsDocument's QI should *not* claim to support + // nsIDOMXMLDocument unless someone writes a real implementation of // the interface. class nsDocument : public nsIDocument, public nsIDocument_MOZILLA_1_8_0_BRANCH, @@ -240,11 +330,21 @@ public nsIDOMXMLDocument, // inherits nsIDOMDocument public nsIDOMNSDocument, public nsIDOMDocumentEvent, + public nsIDOM3DocumentEvent, + public nsIDOMNSDocumentStyle, + public nsIDOMDocumentView, + public nsIDOMDocumentRange, + public nsIDOMDocumentTraversal, Index: mozilla/content/base/src/nsFrameLoader.cpp =================================================================== ---- mozilla.orig/content/base/src/nsFrameLoader.cpp 2007-07-16 11:51:44.000000000 +0200 -+++ mozilla/content/base/src/nsFrameLoader.cpp 2007-07-16 11:53:05.000000000 +0200 -@@ -165,6 +165,13 @@ +--- mozilla.orig/content/base/src/nsFrameLoader.cpp 2007-10-09 12:48:36.000000000 +0200 ++++ mozilla/content/base/src/nsFrameLoader.cpp 2007-10-09 12:48:38.000000000 +0200 +@@ -160,16 +160,23 @@ + rv = secMan->GetSystemPrincipal(getter_AddRefs(sysPrin)); + NS_ENSURE_SUCCESS(rv, rv); + + if (principal == sysPrin) { + // We're a chrome node. Belt and braces -- inherit the principal for this // load instead of just forcing the system principal. That way if we have // something loaded already the principal used will be that of what we // already have loaded. @@ -258,11 +358,21 @@ loadInfo->SetInheritOwner(PR_TRUE); // Also, in this case we don't set a referrer, just in case. + } else { + // We'll use our principal, not that of the document loaded inside us. + // This is very important; needed to prevent XSS attacks on documents + // loaded in subframes! + loadInfo->SetOwner(principal); Index: mozilla/content/html/document/src/nsHTMLDocument.cpp =================================================================== ---- mozilla.orig/content/html/document/src/nsHTMLDocument.cpp 2007-07-16 11:51:44.000000000 +0200 -+++ mozilla/content/html/document/src/nsHTMLDocument.cpp 2007-07-16 11:53:05.000000000 +0200 -@@ -2020,10 +2020,24 @@ +--- mozilla.orig/content/html/document/src/nsHTMLDocument.cpp 2007-10-09 12:48:36.000000000 +0200 ++++ mozilla/content/html/document/src/nsHTMLDocument.cpp 2007-10-09 12:48:38.000000000 +0200 +@@ -2026,20 +2026,34 @@ + + // Hold onto ourselves on the offchance that we're down to one ref + nsRefPtr kungFuDeathGrip(this); + + if (mScriptGlobalObject) { // Rememer the old scope in case the call to SetNewDocument changes it. nsCOMPtr oldScope(do_QueryReferent(mScopeObject)); @@ -287,7 +397,17 @@ nsCOMPtr newScope(do_QueryReferent(mScopeObject)); if (oldScope && newScope != oldScope) { nsContentUtils::ReparentContentWrappersInScope(oldScope, newScope); -@@ -2359,36 +2373,6 @@ + } + } + + // XXX This is a nasty workaround for a scrollbar code bug + // (http://bugzilla.mozilla.org/show_bug.cgi?id=55334). +@@ -2365,46 +2379,16 @@ + nsHTMLDocument::ScriptWriteCommon(PRBool aNewlineTerminate) + { + nsCOMPtr ncc; + + nsresult rv = nsContentUtils::XPConnect()-> GetCurrentNativeCallContext(getter_AddRefs(ncc)); NS_ENSURE_SUCCESS(rv, rv); @@ -324,11 +444,21 @@ if (ncc) { // We're called from JS, concatenate the extra arguments into // string_buffer + PRUint32 i, argc; + + ncc->GetArgc(&argc); + + JSContext *cx = nsnull; Index: mozilla/docshell/base/nsDocShell.cpp =================================================================== ---- mozilla.orig/docshell/base/nsDocShell.cpp 2007-07-16 11:51:44.000000000 +0200 -+++ mozilla/docshell/base/nsDocShell.cpp 2007-07-16 11:53:05.000000000 +0200 -@@ -3226,21 +3226,20 @@ +--- mozilla.orig/docshell/base/nsDocShell.cpp 2007-10-09 12:48:36.000000000 +0200 ++++ mozilla/docshell/base/nsDocShell.cpp 2007-10-09 12:48:38.000000000 +0200 +@@ -3238,31 +3238,30 @@ + /* If you change this part of code, make sure bug 45297 does not re-occur */ + if (mOSHE) { + rv = LoadHistoryEntry(mOSHE, type); + } + else if (mLSHE) { // In case a reload happened before the current load is done rv = LoadHistoryEntry(mLSHE, type); } else { @@ -359,7 +489,17 @@ nsnull, // No window target NS_LossyConvertUCS2toASCII(contentTypeHint).get(), nsnull, // No post data -@@ -4859,7 +4858,38 @@ + nsnull, // No headers data + type, // Load type + nsnull, // No SHEntry + PR_TRUE, + nsnull, // No nsIDocShell +@@ -4871,17 +4870,48 @@ + NS_IMETHODIMP + nsDocShell::EnsureContentViewer() + { + if (mContentViewer) + return NS_OK; if (mIsBeingDestroyed) return NS_ERROR_FAILURE; @@ -399,7 +539,17 @@ } NS_IMETHODIMP -@@ -6300,12 +6330,28 @@ + nsDocShell::EnsureDeviceContext() + { + if (mDeviceContext) + return NS_OK; + +@@ -6322,22 +6352,38 @@ + return NS_ERROR_CONTENT_BLOCKED_SHOW_ALT; + } + + return NS_ERROR_CONTENT_BLOCKED; + } nsCOMPtr owner(aOwner); // @@ -432,7 +582,17 @@ // // Resolve the window target before going any further... -@@ -6684,42 +6730,51 @@ + // If the load has been targeted to another DocShell, then transfer the + // load to it... + // + if (aWindowTarget && *aWindowTarget) { + PRBool bIsNewWindow; +@@ -6706,52 +6752,61 @@ + if (NS_FAILED(rv)) { + nsCOMPtr chan(do_QueryInterface(req)); + DisplayLoadError(rv, aURI, nsnull, chan); + } + return rv; } @@ -505,7 +665,17 @@ } nsresult -@@ -6885,7 +6940,12 @@ + nsDocShell::DoURILoad(nsIURI * aURI, + nsIURI * aReferrerURI, + PRBool aSendReferrer, + nsISupports * aOwner, + const char * aTypeHint, +@@ -6907,27 +6962,32 @@ + // Referrer is currenly only set for link clicks here. + httpChannel->SetReferrer(aReferrerURI); + } + } + // // Set the owner of the channel - only for javascript and data channels. // // XXX: Is seems wrong that the owner is ignored - even if one is @@ -519,7 +689,9 @@ // // (Currently chrome URIs set the owner when they are created! // So setting a NULL owner would be bad!) -@@ -6895,7 +6955,7 @@ + // + PRBool isJSOrData = PR_FALSE; + aURI->SchemeIs("javascript", &isJSOrData); if (!isJSOrData) { aURI->SchemeIs("data", &isJSOrData); } @@ -528,7 +700,17 @@ channel->SetOwner(aOwner); } -@@ -8730,3 +8790,21 @@ + rv = DoChannelLoad(channel, uriLoader); + + // + // If the channel load failed, we failed and nsIWebProgress just ain't + // gonna happen. +@@ -8752,8 +8812,26 @@ + + nsCOMPtr window(do_QueryInterface(mScriptGlobal)); + + // Get the an auth prompter for our window so that the parenting + // of the dialogs works as it should when using tabs. return wwatch->GetNewAuthPrompter(window, aResult); } @@ -552,9 +734,14 @@ + Index: mozilla/docshell/base/nsDocShell.h =================================================================== ---- mozilla.orig/docshell/base/nsDocShell.h 2007-07-16 11:51:44.000000000 +0200 -+++ mozilla/docshell/base/nsDocShell.h 2007-07-16 11:53:05.000000000 +0200 -@@ -287,7 +287,18 @@ +--- mozilla.orig/docshell/base/nsDocShell.h 2007-10-09 12:48:36.000000000 +0200 ++++ mozilla/docshell/base/nsDocShell.h 2007-10-09 12:48:38.000000000 +0200 +@@ -284,17 +284,28 @@ + NS_IMETHOD NewContentViewerObj(const char * aContentType, + nsIRequest * request, nsILoadGroup * aLoadGroup, + nsIStreamListener ** aContentHandler, nsIContentViewer ** aViewer); + NS_IMETHOD SetupNewViewer(nsIContentViewer * aNewViewer); + void SetupReferrerFromChannel(nsIChannel * aChannel); NS_IMETHOD GetEldestPresContext(nsPresContext** aPresContext); @@ -574,7 +761,17 @@ virtual nsresult DoURILoad(nsIURI * aURI, nsIURI * aReferrer, PRBool aSendReferrer, -@@ -511,6 +522,9 @@ + nsISupports * aOwner, + const char * aTypeHint, + nsIInputStream * aPostData, + nsIInputStream * aHeadersData, + PRBool firstParty, +@@ -509,16 +520,19 @@ + // Begin the toplevel restore process for |aSHEntry|. + // This simulates a channel open, and defers the real work until + // RestoreFromHistory is called from a PLEvent. + nsresult RestorePresentation(nsISHEntry *aSHEntry, PRBool *aRestoring); + // Call BeginRestore(nsnull, PR_FALSE) for each child of this shell. nsresult BeginRestoreChildren(); @@ -584,11 +781,21 @@ protected: // Override the parent setter from nsDocLoader virtual nsresult SetDocLoaderParent(nsDocLoader * aLoader); + + PRPackedBool mAllowSubframes; + PRPackedBool mAllowPlugins; + PRPackedBool mAllowJavascript; + PRPackedBool mAllowMetaRedirects; Index: mozilla/dom/public/base/nsPIDOMWindow.h =================================================================== ---- mozilla.orig/dom/public/base/nsPIDOMWindow.h 2007-07-16 11:51:44.000000000 +0200 -+++ mozilla/dom/public/base/nsPIDOMWindow.h 2007-07-16 11:53:05.000000000 +0200 -@@ -50,6 +50,8 @@ +--- mozilla.orig/dom/public/base/nsPIDOMWindow.h 2007-10-09 12:48:36.000000000 +0200 ++++ mozilla/dom/public/base/nsPIDOMWindow.h 2007-10-09 12:48:38.000000000 +0200 +@@ -45,16 +45,18 @@ + #include "nsIDOMXULCommandDispatcher.h" + #include "nsIDOMElement.h" + #include "nsIDOMWindowInternal.h" + #include "nsIChromeEventHandler.h" + #include "nsIDOMDocument.h" #include "nsIURI.h" #include "nsCOMPtr.h" @@ -597,7 +804,17 @@ // Popup control state enum. The values in this enum must go from most // permissive to least permissive so that it's safe to push state in // all situations. Pushing popup state onto the stack never makes the -@@ -252,6 +254,8 @@ + // current popup state less permissive (see + // nsGlobalWindow::PushPopupControlState()). + enum PopupControlState { + openAllowed = 0, // open that window without worries + openControlled, // it's a popup, but allow it +@@ -247,16 +249,18 @@ + } + + win = this; + } + return win->mIsHandlingResizeEvent; } @@ -606,7 +823,17 @@ virtual void SetOpenerScriptURL(nsIURI* aURI) = 0; virtual PopupControlState PushPopupControlState(PopupControlState aState, -@@ -313,7 +317,6 @@ + PRBool aForce) const = 0; + virtual void PopPopupControlState(PopupControlState state) const = 0; + virtual PopupControlState GetPopupControlState() const = 0; + virtual OpenAllowValue GetOpenAllow(const nsAString &aName) = 0; + +@@ -308,32 +312,55 @@ + // These two variables are special in that they're set to the same + // value on both the outer window and the current inner window. Make + // sure you keep them in sync! + nsCOMPtr mChromeEventHandler; // strong + nsCOMPtr mDocument; // strong // These members are only used on outer windows. nsIDOMElement *mFrameElement; // weak @@ -614,7 +841,15 @@ // These variables are only used on inner windows. nsTimeout *mRunningTimeout; -@@ -329,6 +332,30 @@ + + PRUint32 mMutationBits; + + PRPackedBool mIsDocumentLoaded; + PRPackedBool mIsHandlingResizeEvent; + PRPackedBool mIsInnerWindow; + + // And these are the references between inner and outer windows. + nsPIDOMWindow *mInnerWindow; nsPIDOMWindow *mOuterWindow; }; @@ -645,11 +880,21 @@ #ifdef _IMPL_NS_LAYOUT PopupControlState + PushPopupControlState(PopupControlState aState, PRBool aForce); + + void + PopPopupControlState(PopupControlState aState); + Index: mozilla/dom/src/base/nsGlobalWindow.cpp =================================================================== ---- mozilla.orig/dom/src/base/nsGlobalWindow.cpp 2007-07-16 11:51:44.000000000 +0200 -+++ mozilla/dom/src/base/nsGlobalWindow.cpp 2007-07-16 11:53:05.000000000 +0200 -@@ -296,13 +296,28 @@ +--- mozilla.orig/dom/src/base/nsGlobalWindow.cpp 2007-10-09 12:48:36.000000000 +0200 ++++ mozilla/dom/src/base/nsGlobalWindow.cpp 2007-10-09 12:48:38.000000000 +0200 +@@ -291,23 +291,38 @@ + static const char sJSStackContractID[] = "@mozilla.org/js/xpc/ContextStack;1"; + + static const char kDOMBundleURL[] = "chrome://global/locale/commonDialogs.properties"; + static const char kDOMSecurityWarningsBundleURL[] = "chrome://global/locale/dom/dom.properties"; + static const char kCryptoContractID[] = NS_CRYPTO_CONTRACTID; static const char kPkcs11ContractID[] = NS_PKCS11_CONTRACTID; @@ -679,7 +924,17 @@ mIsFrozen(PR_FALSE), mFullScreen(PR_FALSE), mIsClosed(PR_FALSE), -@@ -521,6 +536,7 @@ + mInClose(PR_FALSE), + mHavePendingClose(PR_FALSE), + mOpenerWasCleared(PR_FALSE), + mIsPopupSpam(PR_FALSE), + mArguments(nsnull), +@@ -516,16 +531,17 @@ + NS_INTERFACE_MAP_ENTRY(nsIDOMJSWindow) + NS_INTERFACE_MAP_ENTRY(nsIScriptGlobalObject) + NS_INTERFACE_MAP_ENTRY(nsIScriptObjectPrincipal) + NS_INTERFACE_MAP_ENTRY(nsIDOMEventReceiver) + NS_INTERFACE_MAP_ENTRY(nsIDOMEventTarget) NS_INTERFACE_MAP_ENTRY(nsIDOM3EventTarget) NS_INTERFACE_MAP_ENTRY(nsIDOMNSEventTarget) NS_INTERFACE_MAP_ENTRY(nsPIDOMWindow) @@ -687,7 +942,17 @@ NS_INTERFACE_MAP_ENTRY(nsIDOMViewCSS) NS_INTERFACE_MAP_ENTRY(nsIDOMAbstractView) NS_INTERFACE_MAP_ENTRY(nsISupportsWeakReference) -@@ -581,70 +597,52 @@ + NS_INTERFACE_MAP_ENTRY(nsIInterfaceRequestor) + NS_DOM_INTERFACE_MAP_ENTRY_CLASSINFO(Window) + NS_INTERFACE_MAP_END + + +@@ -576,80 +592,62 @@ + FORWARD_TO_OUTER(GetContext, (), nsnull); + + return mContext; + } + PRBool nsGlobalWindow::WouldReuseInnerWindow(nsIDocument *aNewDocument) { @@ -783,7 +1048,17 @@ } nsCOMPtr treeItem(do_QueryInterface(mDocShell)); -@@ -664,9 +662,49 @@ + + if (treeItem) { + PRInt32 itemType = nsIDocShellTreeItem::typeContent; + treeItem->GetItemType(&itemType); + +@@ -659,19 +657,59 @@ + + // No treeItem: don't reuse the current inner window. + return PR_FALSE; + } + void nsGlobalWindow::SetOpenerScriptURL(nsIURI* aURI) { @@ -835,7 +1110,17 @@ } PopupControlState -@@ -944,7 +982,7 @@ + PushPopupControlState(PopupControlState aState, PRBool aForce) + { + PopupControlState oldState = gPopupControlState; + + if (aState < gPopupControlState || aForce) { +@@ -939,17 +977,17 @@ + SetStatus(EmptyString()); + SetDefaultStatus(EmptyString()); + + // This code should not be called during shutdown any more (now that + // we don't ever call SetNewDocument(nsnull), so no need to null // check xpc here. nsIXPConnect *xpc = nsContentUtils::XPConnect(); @@ -844,7 +1129,17 @@ // XXX We used to share event listeners between inner windows in special // circumstances (that were remarkably close to the conditions that we set -@@ -3530,6 +3568,7 @@ + // reUseInnerWindow in) but that left dangling pointers to the old (destroyed) + // inner window (bug 303765). Setting this here should be a no-op. + aRemoveEventListeners = !reUseInnerWindow; + + // Remember the old document's principal. +@@ -3525,33 +3563,30 @@ + if (embeddingWin) + embeddingWin->SetFocus(); + } + + nsCOMPtr presShell; if (mDocShell) { // Don't look for a presshell if we're a root chrome window that's got // about:blank loaded. We don't want to focus our widget in that case. @@ -852,7 +1147,11 @@ PRBool lookForPresShell = PR_TRUE; PRInt32 itemType = nsIDocShellTreeItem::typeContent; nsCOMPtr treeItem(do_QueryInterface(mDocShell)); -@@ -3541,12 +3580,8 @@ + NS_ASSERTION(treeItem, "What happened?"); + treeItem->GetItemType(&itemType); + if (itemType == nsIDocShellTreeItem::typeChrome && + GetPrivateRoot() == NS_STATIC_CAST(nsIDOMWindowInternal*, this) && + mDocument) { nsCOMPtr doc(do_QueryInterface(mDocument)); NS_ASSERTION(doc, "Bogus doc?"); nsIURI* ourURI = doc->GetDocumentURI(); @@ -867,7 +1166,17 @@ } } -@@ -5978,25 +6013,7 @@ + if (lookForPresShell) { + mDocShell->GetEldestPresShell(getter_AddRefs(presShell)); + } + } + +@@ -5973,35 +6008,17 @@ + aExtraArgument, getter_AddRefs(domReturn)); + } + } + } + } // success! @@ -894,11 +1203,21 @@ return rv; } + + // static + void + nsGlobalWindow::CloseWindow(nsISupports *aWindow) + { Index: mozilla/dom/src/base/nsGlobalWindow.h =================================================================== ---- mozilla.orig/dom/src/base/nsGlobalWindow.h 2007-07-16 11:51:44.000000000 +0200 -+++ mozilla/dom/src/base/nsGlobalWindow.h 2007-07-16 11:53:05.000000000 +0200 -@@ -129,7 +129,7 @@ +--- mozilla.orig/dom/src/base/nsGlobalWindow.h 2007-10-09 12:48:36.000000000 +0200 ++++ mozilla/dom/src/base/nsGlobalWindow.h 2007-10-09 12:48:38.000000000 +0200 +@@ -124,17 +124,17 @@ + // needed to ensure that mOuterWindow doesn't end up dangling. The + // nature of PRCList means that the window itself is always in the + // list, and an outer window's list will also contain all inner window + // objects that are still in memory (and in reality all inner window + // object's lists also contain its outer and all other inner windows // belonging to the same outer window, but that's an unimportant // side effect of inheriting PRCList). @@ -907,7 +1226,17 @@ public nsIScriptGlobalObject, public nsIDOMJSWindow, public nsIScriptObjectPrincipal, -@@ -224,6 +224,10 @@ + public nsIDOMEventReceiver, + public nsIDOM3EventTarget, + public nsIDOMNSEventTarget, + public nsIDOMViewCSS, + public nsSupportsWeakReference, +@@ -219,16 +219,20 @@ + virtual NS_HIDDEN_(PopupControlState) GetPopupControlState() const; + virtual NS_HIDDEN_(OpenAllowValue) GetOpenAllow(const nsAString &aName); + + virtual NS_HIDDEN_(nsresult) SaveWindowState(nsISupports **aState); + virtual NS_HIDDEN_(nsresult) RestoreWindowState(nsISupports *aState); virtual NS_HIDDEN_(PRBool) WouldReuseInnerWindow(nsIDocument *aNewDocument); @@ -918,7 +1247,17 @@ // nsIDOMViewCSS NS_DECL_NSIDOMVIEWCSS -@@ -294,8 +298,6 @@ + // nsIDOMAbstractView + NS_DECL_NSIDOMABSTRACTVIEW + + // nsIInterfaceRequestor + NS_DECL_NSIINTERFACEREQUESTOR +@@ -289,18 +293,16 @@ + void FreeInnerObjects(JSContext *cx); + + nsresult SetNewDocument(nsIDOMDocument *aDocument, + nsISupports *aState, + PRBool aRemoveEventListeners, PRBool aClearScopeHint, PRBool aIsInternalCall); @@ -927,7 +1266,17 @@ // Get the parent, returns null if this is a toplevel window nsIDOMWindowInternal *GetParentInternal(); -@@ -461,6 +463,8 @@ + // popup tracking + PRBool IsPopupSpamWindow() + { + if (IsInnerWindow() && !mOuterWindow) { + return PR_FALSE; +@@ -456,16 +458,18 @@ + nsString mDefaultStatus; + + nsIScriptGlobalObjectOwner* mGlobalObjectOwner; // Weak Reference + nsIDocShell* mDocShell; // Weak Reference + nsCOMPtr mCrypto; nsCOMPtr mPkcs11; nsCOMPtr mInnerWindowHolder; @@ -936,11 +1285,21 @@ // These member variable are used only on inner windows. nsCOMPtr mListenerManager; + nsTimeout* mTimeouts; + nsTimeout** mTimeoutInsertionPoint; + PRUint32 mTimeoutPublicIdCounter; + PRUint32 mTimeoutFiringDepth; + Index: mozilla/dom/src/jsurl/nsJSProtocolHandler.cpp =================================================================== ---- mozilla.orig/dom/src/jsurl/nsJSProtocolHandler.cpp 2007-07-16 11:51:44.000000000 +0200 -+++ mozilla/dom/src/jsurl/nsJSProtocolHandler.cpp 2007-07-16 11:53:05.000000000 +0200 -@@ -222,10 +222,8 @@ +--- mozilla.orig/dom/src/jsurl/nsJSProtocolHandler.cpp 2007-10-09 12:48:36.000000000 +0200 ++++ mozilla/dom/src/jsurl/nsJSProtocolHandler.cpp 2007-10-09 12:48:38.000000000 +0200 +@@ -217,20 +217,18 @@ + PRBool useSandbox = PR_TRUE; + + if (owner) { + principal = do_QueryInterface(owner, &rv); + NS_ASSERTION(principal, "Channel's owner is not a principal"); if (!principal) return NS_ERROR_FAILURE; @@ -953,11 +1312,21 @@ nsCOMPtr objectPrincipal; rv = securityManager->GetObjectPrincipal( (JSContext*)scriptContext->GetNativeContext(), + globalJSObject, + getter_AddRefs(objectPrincipal)); + if (NS_FAILED(rv)) + return rv; + Index: mozilla/embedding/components/windowwatcher/src/Makefile.in =================================================================== ---- mozilla.orig/embedding/components/windowwatcher/src/Makefile.in 2007-07-16 11:51:44.000000000 +0200 -+++ mozilla/embedding/components/windowwatcher/src/Makefile.in 2007-07-16 11:53:05.000000000 +0200 -@@ -63,6 +63,7 @@ +--- mozilla.orig/embedding/components/windowwatcher/src/Makefile.in 2007-10-09 12:48:36.000000000 +0200 ++++ mozilla/embedding/components/windowwatcher/src/Makefile.in 2007-10-09 12:48:38.000000000 +0200 +@@ -58,16 +58,17 @@ + content \ + pref \ + necko \ + docshell \ + webbrwsr \ embed_base \ intl \ layout \ @@ -965,11 +1334,21 @@ $(NULL) CPPSRCS = nsPrompt.cpp \ + nsWWJSUtils.cpp \ + nsWindowWatcher.cpp \ + $(NULL) + + ifdef MOZ_XUL Index: mozilla/embedding/components/windowwatcher/src/nsWindowWatcher.cpp =================================================================== ---- mozilla.orig/embedding/components/windowwatcher/src/nsWindowWatcher.cpp 2007-07-16 11:51:44.000000000 +0200 -+++ mozilla/embedding/components/windowwatcher/src/nsWindowWatcher.cpp 2007-07-16 11:53:05.000000000 +0200 -@@ -58,6 +58,7 @@ +--- mozilla.orig/embedding/components/windowwatcher/src/nsWindowWatcher.cpp 2007-10-09 12:48:36.000000000 +0200 ++++ mozilla/embedding/components/windowwatcher/src/nsWindowWatcher.cpp 2007-10-09 12:48:38.000000000 +0200 +@@ -53,16 +53,17 @@ + #include "nsIDocShellLoadInfo.h" + #include "nsIDocShellTreeItem.h" + #include "nsIDocShellTreeOwner.h" + #include "nsIDocument.h" + #include "nsIDOMDocument.h" #include "nsIDOMWindow.h" #include "nsIDOMChromeWindow.h" #include "nsIDOMWindowInternal.h" @@ -977,7 +1356,17 @@ #include "nsIScreen.h" #include "nsIScreenManager.h" #include "nsIScriptContext.h" -@@ -684,7 +685,7 @@ + #include "nsIEventQueue.h" + #include "nsIEventQueueService.h" + #include "nsIGenericFactory.h" + #include "nsIJSContextStack.h" + #include "nsIObserverService.h" +@@ -679,17 +680,17 @@ + } + } + } + + // better have a window to use by this point if (!newDocShellItem) return rv; @@ -986,7 +1375,17 @@ if (NS_FAILED(rv)) return rv; -@@ -750,6 +751,43 @@ + /* disable persistence of size/position in popups (determined by + determining whether the features parameter specifies width or height + in any way). We consider any overriding of the window's size or position + in the open call as disabling persistence of those attributes. + Popup windows (which should not persist size or position) generally set +@@ -745,16 +746,53 @@ + nsCOMPtr newMarkupDocViewer(do_QueryInterface(newContentViewer)); + if (doc && newMarkupDocViewer) { + newMarkupDocViewer->SetDefaultCharacterSet(doc->GetDocumentCharacterSet()); + } + } } } @@ -1030,7 +1429,17 @@ if (uriToLoad) { // get the script principal and pass it to docshell JSContextAutoPopper contextGuard; -@@ -769,15 +807,8 @@ + cx = GetJSContextFromCallStack(); + + // get the security manager + if (!cx) + cx = GetJSContextFromWindow(aParent); +@@ -764,25 +802,18 @@ + return rv; + cx = contextGuard.get(); + } + + nsCOMPtr loadInfo; newDocShell->CreateLoadInfo(getter_AddRefs(loadInfo)); NS_ENSURE_TRUE(loadInfo, NS_ERROR_FAILURE); @@ -1048,7 +1457,17 @@ } // Set the new window's referrer from the calling context's document: -@@ -1523,6 +1554,7 @@ + + // get the calling context off the JS context stack + nsCOMPtr stack = do_GetService(sJSStackContractID); + + JSContext* ccx = nsnull; +@@ -1518,26 +1549,36 @@ + /* Fetch the nsIDOMWindow corresponding to the given nsIDocShellTreeItem. + This forces the creation of a script context, if one has not already + been created. Note it also sets the window's opener to the parent, + if applicable -- because it's just convenient, that's all. null aParent + is acceptable. */ nsresult nsWindowWatcher::ReadyOpenedDocShellItem(nsIDocShellTreeItem *aOpenedItem, nsIDOMWindow *aParent, @@ -1056,7 +1475,10 @@ nsIDOMWindow **aOpenedWindow) { nsresult rv = NS_ERROR_FAILURE; -@@ -1533,6 +1565,15 @@ + + *aOpenedWindow = 0; + nsCOMPtr globalObject(do_GetInterface(aOpenedItem)); + if (globalObject) { if (aParent) { nsCOMPtr internalParent(do_QueryInterface(aParent)); globalObject->SetOpenerWindow(internalParent); // damnit @@ -1072,11 +1494,21 @@ } rv = CallQueryInterface(globalObject, aOpenedWindow); } + return rv; + } + + /* Size and position the new window according to aFeatures. This method + is assumed to be called after the window has already been given Index: mozilla/embedding/components/windowwatcher/src/nsWindowWatcher.h =================================================================== ---- mozilla.orig/embedding/components/windowwatcher/src/nsWindowWatcher.h 2007-07-16 11:51:44.000000000 +0200 -+++ mozilla/embedding/components/windowwatcher/src/nsWindowWatcher.h 2007-07-16 11:53:05.000000000 +0200 -@@ -100,6 +100,7 @@ +--- mozilla.orig/embedding/components/windowwatcher/src/nsWindowWatcher.h 2007-10-09 12:48:36.000000000 +0200 ++++ mozilla/embedding/components/windowwatcher/src/nsWindowWatcher.h 2007-10-09 12:48:38.000000000 +0200 +@@ -95,16 +95,17 @@ + PRBool aFeaturesSpecified, + PRBool aDialog, + PRBool aChromeURL, + PRBool aHasChromeParent); + static PRInt32 WinHasOption(const char *aOptions, const char *aName, PRInt32 aDefault, PRBool *aPresenceFlag); static nsresult ReadyOpenedDocShellItem(nsIDocShellTreeItem *aOpenedItem, nsIDOMWindow *aParent, @@ -1084,3 +1516,8 @@ nsIDOMWindow **aOpenedWindow); static void SizeOpenedDocShellItem(nsIDocShellTreeItem *aDocShellItem, nsIDOMWindow *aParent, + const char *aFeatures, + PRUint32 aChromeFlags); + static nsresult AttachArguments(nsIDOMWindow *aWindow, + PRUint32 argc, jsval *argv); + static nsresult ConvertSupportsTojsvals(nsIDOMWindow *aWindow, mozilla-version.patch: browser/config/version.txt | 2 +- config/milestone.txt | 2 +- configure | 2 +- configure.in | 2 +- mail/config/version.txt | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) Index: mozilla-version.patch =================================================================== RCS file: /cvs/dist/rpms/thunderbird/FC-6/mozilla-version.patch,v retrieving revision 1.1 retrieving revision 1.2 diff -u -r1.1 -r1.2 --- mozilla-version.patch 20 Jul 2007 01:04:32 -0000 1.1 +++ mozilla-version.patch 19 Oct 2007 11:07:23 -0000 1.2 @@ -41,5 +41,5 @@ --- org/mozilla/mail/config/version.txt 2007-05-31 11:22:44.000000000 +0200 +++ fixed/mozilla/mail/config/version.txt 2007-07-18 13:36:36.000000000 +0200 @@ -1 +1 @@ --1.5.0.13pre +-1.5.0.14pre +1.5.0.12 Index: sources =================================================================== RCS file: /cvs/dist/rpms/thunderbird/FC-6/sources,v retrieving revision 1.23 retrieving revision 1.24 diff -u -r1.23 -r1.24 --- sources 20 Jul 2007 01:04:32 -0000 1.23 +++ sources 19 Oct 2007 11:07:23 -0000 1.24 @@ -1,2 +1,2 @@ -a4e46e60012ac52aa166f291f5ea3007 mozilla-180-20070717.tar.bz2 8e5c2a12327b1538b596b2a523479215 thunderbird-langpacks-1.5.0.12-20070530.tar.bz2 +a1dc9346aa50a2b58bc1cd350136c233 thunderbird-180-20071018.tar.bz2 Index: thunderbird.spec =================================================================== RCS file: /cvs/dist/rpms/thunderbird/FC-6/thunderbird.spec,v retrieving revision 1.96 retrieving revision 1.97 diff -u -r1.96 -r1.97 --- thunderbird.spec 20 Jul 2007 01:04:32 -0000 1.96 +++ thunderbird.spec 19 Oct 2007 11:07:23 -0000 1.97 @@ -8,13 +8,13 @@ Summary: Mozilla Thunderbird mail/newsgroup client Name: thunderbird Version: 1.5.0.12 -Release: 2%{?dist} +Release: 3%{?dist} URL: http://www.mozilla.org/projects/thunderbird/ License: MPL Group: Applications/Internet %if %{official_branding} #%define tarball thunderbird-%{version}-source.tar.bz2 -%define tarball mozilla-180-20070717.tar.bz2 +%define tarball thunderbird-180-20071018.tar.bz2 %else %define tarball thunderbird-1.5rc1-source.tar.bz2 %endif @@ -47,12 +47,31 @@ Patch40: firefox-1.5-bullet-bill.patch Patch42: firefox-1.1-uriloader.patch Patch50: mozilla-358594.patch -Patch51: mozilla-379245.patch -Patch52: mozilla-382532.patch +#Patch51: mozilla-379245.patch +#Patch52: mozilla-382532.patch Patch53: mozilla-178993.patch Patch55: mozilla-384925.patch Patch56: mozilla-381300.patch +Patch59: mozilla-309322_180_att283610.patch +Patch60: mozilla-267833.patch +Patch61: mozilla-345305_venkmanonly.patch +Patch62: mozilla-361745.patch +Patch63: mozilla-362901.patch +Patch64: mozilla-372309.patch +Patch65: mozilla-378787.patch +Patch66: mozilla-384105.patch +Patch67: mozilla-386914.patch +Patch68: mozilla-387033.patch +Patch70: mozilla-387881.patch +Patch71: mozilla-388121.patch +Patch72: mozilla-388784.patch +Patch73: mozilla-390078.patch +Patch74: mozilla-393537.patch +Patch75: mozilla-395942-180.patch +Patch76: mozilla-325761.patch +Patch77: mozilla-392149-180.patch + # font system fixes Patch81: firefox-1.5-nopangoxft.patch Patch82: firefox-1.5-pango-mathml.patch @@ -126,12 +145,31 @@ %patch40 -p1 %patch42 -p0 %patch50 -p1 -%patch51 -p1 -%patch52 -p1 +#%patch51 -p1 +#%patch52 -p1 %patch53 -p1 %patch55 -p1 %patch56 -p1 +%patch59 -p1 +%patch60 -p1 +%patch61 -p1 +%patch62 -p1 +%patch63 -p1 +%patch64 -p1 +%patch65 -p1 +%patch66 -p1 +%patch67 -p1 +%patch68 -p1 +%patch70 -p1 +%patch71 -p1 +%patch72 -p1 +%patch73 -p1 +%patch74 -p1 +%patch75 -p1 +%patch76 -p1 +%patch77 -p1 + # font system fixes %patch81 -p1 -b .nopangoxft %patch82 -p1 -b .pango-mathml @@ -292,6 +330,12 @@ #=============================================================================== %changelog +* Thu Oct 18 2007 Martin Stransky - 1.5.0.12-3 +- Update to latest snapshot of Mozilla 1.8.0 branch +- added pathes for Mozilla bugs 199088,267833,309322,345305,361745, + 362901,372309,378787,381300,384105,386914,387033,387881,388121,388784 + 390078,393537,395942,325761,392149 + * Fri Jul 20 2007 Kai Engert - 1.5.0.12-2 - Add a patch to stick with major versions 1.5.0.12 / 1.8.0.12 - Update to latest snapshot of Mozilla 1.8.0 branch From fedora-cvs-commits at redhat.com Mon Oct 22 16:53:22 2007 From: fedora-cvs-commits at redhat.com (fedora-cvs-commits at redhat.com) Date: Mon, 22 Oct 2007 12:53:22 -0400 Subject: rpms/kernel/FC-6 linux-2.6-params-sysfs-skip-missing-period.patch, NONE, 1.1 kernel-2.6.spec, 1.3031, 1.3032 Message-ID: <200710221653.l9MGrMTZ014073@cvs.devel.redhat.com> Author: cebbert Update of /cvs/dist/rpms/kernel/FC-6 In directory cvs.devel.redhat.com:/tmp/cvs-serv14053 Modified Files: kernel-2.6.spec Added Files: linux-2.6-params-sysfs-skip-missing-period.patch Log Message: * Mon Oct 22 2007 Chuck Ebbert - Don't create /sys/module/nousb/ linux-2.6-params-sysfs-skip-missing-period.patch: params.c | 8 +++++++- 1 files changed, 7 insertions(+), 1 deletion(-) --- NEW FILE linux-2.6-params-sysfs-skip-missing-period.patch --- From: Dave Young Date: Thu, 18 Oct 2007 10:05:07 +0000 (-0700) Subject: param_sysfs_builtin memchr argument fix X-Git-Url: http://git.kernel.org/?p=linux%2Fkernel%2Fgit%2Ftorvalds%2Flinux-2.6.git;a=commitdiff_plain;h=faf8c714f4508207a9c81cc94dafc76ed6680b44 param_sysfs_builtin memchr argument fix If memchr argument is longer than strlen(kp->name), there will be some weird result. It will casuse duplicate filenames in sysfs for the "nousb". kernel warning messages are as bellow: sysfs: duplicate filename 'usbcore' can not be created WARNING: at fs/sysfs/dir.c:416 sysfs_add_one() [] sysfs_add_one+0xa0/0xe0 [] create_dir+0x48/0xb0 [] sysfs_create_dir+0x29/0x50 [] create_dir+0x1b/0x50 [] kobject_add+0x46/0x150 [] kobject_init+0x3a/0x80 [] kernel_param_sysfs_setup+0x50/0xb0 [] param_sysfs_builtin+0xee/0x130 [] param_sysfs_init+0x23/0x60 [] __next_cpu+0x12/0x20 [] kernel_init+0x0/0xb0 [] kernel_init+0x0/0xb0 [] do_initcalls+0x46/0x1e0 [] create_proc_entry+0x52/0x90 [] register_irq_proc+0x9c/0xc0 [] proc_mkdir_mode+0x34/0x50 [] kernel_init+0x0/0xb0 [] kernel_init+0x62/0xb0 [] kernel_thread_helper+0x7/0x14 ======================= kobject_add failed for usbcore with -EEXIST, don't try to register things with the same name in the same directory. [] kobject_add+0xf6/0x150 [] kernel_param_sysfs_setup+0x50/0xb0 [] param_sysfs_builtin+0xee/0x130 [] param_sysfs_init+0x23/0x60 [] __next_cpu+0x12/0x20 [] kernel_init+0x0/0xb0 [] kernel_init+0x0/0xb0 [] do_initcalls+0x46/0x1e0 [] create_proc_entry+0x52/0x90 [] register_irq_proc+0x9c/0xc0 [] proc_mkdir_mode+0x34/0x50 [] kernel_init+0x0/0xb0 [] kernel_init+0x62/0xb0 [] kernel_thread_helper+0x7/0x14 ======================= Module 'usbcore' failed to be added to sysfs, error number -17 The system will be unstable now. Signed-off-by: Dave Young Cc: Greg KH Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds --- bz 242715 diff --git a/kernel/params.c b/kernel/params.c index 1d6aca2..16f269e 100644 --- a/kernel/params.c +++ b/kernel/params.c @@ -592,11 +592,17 @@ static void __init param_sysfs_builtin(void) for (i=0; i < __stop___param - __start___param; i++) { char *dot; + size_t kplen; kp = &__start___param[i]; + kplen = strlen(kp->name); /* We do not handle args without periods. */ - dot = memchr(kp->name, '.', MAX_KBUILD_MODNAME); + if (kplen > MAX_KBUILD_MODNAME) { + DEBUGP("kernel parameter name is too long: %s\n", kp->name); + continue; + } + dot = memchr(kp->name, '.', kplen); if (!dot) { DEBUGP("couldn't find period in %s\n", kp->name); continue; Index: kernel-2.6.spec =================================================================== RCS file: /cvs/dist/rpms/kernel/FC-6/kernel-2.6.spec,v retrieving revision 1.3031 retrieving revision 1.3032 diff -u -r1.3031 -r1.3032 --- kernel-2.6.spec 17 Oct 2007 21:34:23 -0000 1.3031 +++ kernel-2.6.spec 22 Oct 2007 16:53:19 -0000 1.3032 @@ -554,6 +554,7 @@ Patch370: linux-2.6-crash-driver.patch Patch390: linux-2.6-dev-get-driver-properly.patch Patch391: linux-2.6-sysfs-deprecated-fix-nested-devices.patch +Patch392: linux-2.6-params-sysfs-skip-missing-period.patch Patch400: linux-2.6-scsi-cpqarray-set-master.patch Patch404: linux-2.6-scsi-mpt-vmware-fix.patch @@ -1200,6 +1201,8 @@ ApplyPatch linux-2.6-dev-get-driver-properly.patch # fix deprecated device links ApplyPatch linux-2.6-sysfs-deprecated-fix-nested-devices.patch +# don't create /sys/module/nousb +ApplyPatch linux-2.6-params-sysfs-skip-missing-period.patch # # SCSI Bits. @@ -2284,6 +2287,9 @@ %endif %changelog +* Mon Oct 22 2007 Chuck Ebbert +- Don't create /sys/module/nousb/ + * Tue Oct 16 2007 Chuck Ebbert - sysfs: fix device links - fix boot speed on VT enabled processors From fedora-cvs-commits at redhat.com Tue Oct 23 19:52:09 2007 From: fedora-cvs-commits at redhat.com (fedora-cvs-commits at redhat.com) Date: Tue, 23 Oct 2007 15:52:09 -0400 Subject: rpms/kernel/FC-6 linux-2.6-snapshot-2.6.22.11.patch, NONE, 1.1 kernel-2.6.spec, 1.3032, 1.3033 linux-2.6-acpi-disable-cstates-in-suspend.patch, 1.1, NONE Message-ID: <200710231952.l9NJq97f000400@cvs.devel.redhat.com> Author: cebbert Update of /cvs/dist/rpms/kernel/FC-6 In directory cvs.devel.redhat.com:/tmp/cvs-serv380 Modified Files: kernel-2.6.spec Added Files: linux-2.6-snapshot-2.6.22.11.patch Removed Files: linux-2.6-acpi-disable-cstates-in-suspend.patch Log Message: * Tue Oct 23 2007 Chuck Ebbert - add patches queued for 2.6.22.11 linux-2.6-snapshot-2.6.22.11.patch: arch/sparc64/kernel/sys_sparc.c | 15 ++++----------- drivers/acpi/processor_core.c | 2 ++ drivers/acpi/processor_idle.c | 19 ++++++++++++++++++- drivers/char/random.c | 10 ++++++---- drivers/scsi/esp_scsi.c | 3 ++- include/acpi/processor.h | 2 ++ include/net/rose.h | 2 +- include/net/tcp.h | 6 ++---- net/ieee80211/ieee80211_rx.c | 6 ++++++ net/ipv4/tcp_input.c | 3 +++ net/ipv4/tcp_ipv4.c | 19 +++++++++---------- net/ipv6/addrconf.c | 13 ++++++++++--- net/ipv6/ndisc.c | 9 +++++---- net/ipv6/tcp_ipv6.c | 18 +++++++++--------- net/rose/rose_loopback.c | 4 ++-- net/rose/rose_route.c | 15 ++++++++++----- net/sched/cls_u32.c | 2 +- net/socket.c | 3 --- 18 files changed, 92 insertions(+), 59 deletions(-) --- NEW FILE linux-2.6-snapshot-2.6.22.11.patch --- Index: 2.6.22.11-queue/drivers/acpi/processor_core.c =================================================================== --- 2.6.22.11-queue.orig/drivers/acpi/processor_core.c 2007-07-16 13:23:48.000000000 -0400 +++ 2.6.22.11-queue/drivers/acpi/processor_core.c 2007-10-23 15:44:50.000000000 -0400 @@ -93,6 +93,8 @@ static struct acpi_driver acpi_processor .add = acpi_processor_add, .remove = acpi_processor_remove, .start = acpi_processor_start, + .suspend = acpi_processor_suspend, + .resume = acpi_processor_resume, }, }; Index: 2.6.22.11-queue/drivers/acpi/processor_idle.c =================================================================== --- 2.6.22.11-queue.orig/drivers/acpi/processor_idle.c 2007-07-16 13:23:48.000000000 -0400 +++ 2.6.22.11-queue/drivers/acpi/processor_idle.c 2007-10-23 15:44:50.000000000 -0400 @@ -324,6 +324,23 @@ static void acpi_state_timer_broadcast(s #endif +/* + * Suspend / resume control + */ +static int acpi_idle_suspend; + +int acpi_processor_suspend(struct acpi_device * device, pm_message_t state) +{ + acpi_idle_suspend = 1; + return 0; +} + +int acpi_processor_resume(struct acpi_device * device) +{ + acpi_idle_suspend = 0; + return 0; +} + static void acpi_processor_idle(void) { struct acpi_processor *pr = NULL; @@ -354,7 +371,7 @@ static void acpi_processor_idle(void) } cx = pr->power.state; - if (!cx) { + if (!cx || acpi_idle_suspend) { if (pm_idle_save) pm_idle_save(); else Index: 2.6.22.11-queue/include/acpi/processor.h =================================================================== --- 2.6.22.11-queue.orig/include/acpi/processor.h 2007-07-16 13:23:50.000000000 -0400 +++ 2.6.22.11-queue/include/acpi/processor.h 2007-10-23 15:44:50.000000000 -0400 @@ -279,6 +279,8 @@ int acpi_processor_power_init(struct acp int acpi_processor_cst_has_changed(struct acpi_processor *pr); int acpi_processor_power_exit(struct acpi_processor *pr, struct acpi_device *device); +int acpi_processor_suspend(struct acpi_device * device, pm_message_t state); +int acpi_processor_resume(struct acpi_device * device); /* in processor_thermal.c */ int acpi_processor_get_limit_info(struct acpi_processor *pr); Index: 2.6.22.11-queue/drivers/scsi/esp_scsi.c =================================================================== --- 2.6.22.11-queue.orig/drivers/scsi/esp_scsi.c 2007-07-16 13:23:49.000000000 -0400 +++ 2.6.22.11-queue/drivers/scsi/esp_scsi.c 2007-10-23 15:44:50.000000000 -0400 @@ -2318,6 +2318,7 @@ int __devinit scsi_esp_register(struct e esp->host->transportt = esp_transport_template; esp->host->max_lun = ESP_MAX_LUN; esp->host->cmd_per_lun = 2; + esp->host->unique_id = instance; esp_set_clock_params(esp); @@ -2341,7 +2342,7 @@ int __devinit scsi_esp_register(struct e if (err) return err; - esp->host->unique_id = instance++; + instance++; scsi_scan_host(esp->host); Index: 2.6.22.11-queue/net/sched/cls_u32.c =================================================================== --- 2.6.22.11-queue.orig/net/sched/cls_u32.c 2007-07-16 13:23:51.000000000 -0400 +++ 2.6.22.11-queue/net/sched/cls_u32.c 2007-10-23 15:44:50.000000000 -0400 @@ -518,7 +518,7 @@ static int u32_set_parms(struct tcf_prot #ifdef CONFIG_NET_CLS_IND if (tb[TCA_U32_INDEV-1]) { - int err = tcf_change_indev(tp, n->indev, tb[TCA_U32_INDEV-1]); + err = tcf_change_indev(tp, n->indev, tb[TCA_U32_INDEV-1]); if (err < 0) goto errout; } Index: 2.6.22.11-queue/net/ieee80211/ieee80211_rx.c =================================================================== --- 2.6.22.11-queue.orig/net/ieee80211/ieee80211_rx.c 2007-07-16 13:23:50.000000000 -0400 +++ 2.6.22.11-queue/net/ieee80211/ieee80211_rx.c 2007-10-23 15:44:50.000000000 -0400 @@ -366,6 +366,12 @@ int ieee80211_rx(struct ieee80211_device frag = WLAN_GET_SEQ_FRAG(sc); hdrlen = ieee80211_get_hdrlen(fc); + if (skb->len < hdrlen) { + printk(KERN_INFO "%s: invalid SKB length %d\n", + dev->name, skb->len); + goto rx_dropped; + } + /* Put this code here so that we avoid duplicating it in all * Rx paths. - Jean II */ #ifdef CONFIG_WIRELESS_EXT Index: 2.6.22.11-queue/net/ipv6/addrconf.c =================================================================== --- 2.6.22.11-queue.orig/net/ipv6/addrconf.c 2007-10-03 15:52:45.000000000 -0400 +++ 2.6.22.11-queue/net/ipv6/addrconf.c 2007-10-23 15:44:50.000000000 -0400 @@ -73,6 +73,7 @@ #include #include #include +#include #include #include @@ -212,6 +213,12 @@ static struct ipv6_devconf ipv6_devconf_ const struct in6_addr in6addr_any = IN6ADDR_ANY_INIT; const struct in6_addr in6addr_loopback = IN6ADDR_LOOPBACK_INIT; +/* Check if a valid qdisc is available */ +static inline int addrconf_qdisc_ok(struct net_device *dev) +{ + return (dev->qdisc != &noop_qdisc); +} + static void addrconf_del_timer(struct inet6_ifaddr *ifp) { if (del_timer(&ifp->timer)) @@ -376,7 +383,7 @@ static struct inet6_dev * ipv6_add_dev(s } #endif - if (netif_running(dev) && netif_carrier_ok(dev)) + if (netif_running(dev) && addrconf_qdisc_ok(dev)) ndev->if_flags |= IF_READY; ipv6_mc_init_dev(ndev); @@ -2269,7 +2276,7 @@ static int addrconf_notify(struct notifi case NETDEV_UP: case NETDEV_CHANGE: if (event == NETDEV_UP) { - if (!netif_carrier_ok(dev)) { + if (!addrconf_qdisc_ok(dev)) { /* device is not ready yet. */ printk(KERN_INFO "ADDRCONF(NETDEV_UP): %s: " @@ -2281,7 +2288,7 @@ static int addrconf_notify(struct notifi if (idev) idev->if_flags |= IF_READY; } else { - if (!netif_carrier_ok(dev)) { + if (!addrconf_qdisc_ok(dev)) { /* device is still not ready. */ break; } Index: 2.6.22.11-queue/net/ipv6/ndisc.c =================================================================== --- 2.6.22.11-queue.orig/net/ipv6/ndisc.c 2007-10-03 15:52:45.000000000 -0400 +++ 2.6.22.11-queue/net/ipv6/ndisc.c 2007-10-23 15:44:50.000000000 -0400 @@ -1268,9 +1268,10 @@ static void ndisc_redirect_rcv(struct sk if (ipv6_addr_equal(dest, target)) { on_link = 1; - } else if (!(ipv6_addr_type(target) & IPV6_ADDR_LINKLOCAL)) { + } else if (ipv6_addr_type(target) != + (IPV6_ADDR_UNICAST|IPV6_ADDR_LINKLOCAL)) { ND_PRINTK2(KERN_WARNING - "ICMPv6 Redirect: target address is not link-local.\n"); + "ICMPv6 Redirect: target address is not link-local unicast.\n"); return; } @@ -1344,9 +1345,9 @@ void ndisc_send_redirect(struct sk_buff } if (!ipv6_addr_equal(&ipv6_hdr(skb)->daddr, target) && - !(ipv6_addr_type(target) & IPV6_ADDR_LINKLOCAL)) { + ipv6_addr_type(target) != (IPV6_ADDR_UNICAST|IPV6_ADDR_LINKLOCAL)) { ND_PRINTK2(KERN_WARNING - "ICMPv6 Redirect: target address is not link-local.\n"); + "ICMPv6 Redirect: target address is not link-local unicast.\n"); return; } Index: 2.6.22.11-queue/include/net/rose.h =================================================================== --- 2.6.22.11-queue.orig/include/net/rose.h 2007-03-01 13:09:14.000000000 -0500 +++ 2.6.22.11-queue/include/net/rose.h 2007-10-23 15:44:50.000000000 -0400 @@ -188,7 +188,7 @@ extern void rose_kick(struct sock *); extern void rose_enquiry_response(struct sock *); /* rose_route.c */ -extern struct rose_neigh rose_loopback_neigh; +extern struct rose_neigh *rose_loopback_neigh; extern const struct file_operations rose_neigh_fops; extern const struct file_operations rose_nodes_fops; extern const struct file_operations rose_routes_fops; Index: 2.6.22.11-queue/net/rose/rose_loopback.c =================================================================== --- 2.6.22.11-queue.orig/net/rose/rose_loopback.c 2007-07-16 13:23:51.000000000 -0400 +++ 2.6.22.11-queue/net/rose/rose_loopback.c 2007-10-23 15:44:50.000000000 -0400 @@ -79,7 +79,7 @@ static void rose_loopback_timer(unsigned skb_reset_transport_header(skb); - sk = rose_find_socket(lci_o, &rose_loopback_neigh); + sk = rose_find_socket(lci_o, rose_loopback_neigh); if (sk) { if (rose_process_rx_frame(sk, skb) == 0) kfree_skb(skb); @@ -88,7 +88,7 @@ static void rose_loopback_timer(unsigned if (frametype == ROSE_CALL_REQUEST) { if ((dev = rose_dev_get(dest)) != NULL) { - if (rose_rx_call_request(skb, dev, &rose_loopback_neigh, lci_o) == 0) + if (rose_rx_call_request(skb, dev, rose_loopback_neigh, lci_o) == 0) kfree_skb(skb); } else { kfree_skb(skb); Index: 2.6.22.11-queue/net/rose/rose_route.c =================================================================== --- 2.6.22.11-queue.orig/net/rose/rose_route.c 2007-07-16 13:23:51.000000000 -0400 +++ 2.6.22.11-queue/net/rose/rose_route.c 2007-10-23 15:44:50.000000000 -0400 @@ -45,7 +45,7 @@ static DEFINE_SPINLOCK(rose_neigh_list_l static struct rose_route *rose_route_list; static DEFINE_SPINLOCK(rose_route_list_lock); -struct rose_neigh rose_loopback_neigh; +struct rose_neigh *rose_loopback_neigh; /* * Add a new route to a node, and in the process add the node and the @@ -362,7 +362,12 @@ out: */ void rose_add_loopback_neigh(void) { - struct rose_neigh *sn = &rose_loopback_neigh; + struct rose_neigh *sn; + + rose_loopback_neigh = kmalloc(sizeof(struct rose_neigh), GFP_KERNEL); + if (!rose_loopback_neigh) + return; + sn = rose_loopback_neigh; sn->callsign = null_ax25_address; sn->digipeat = NULL; @@ -417,13 +422,13 @@ int rose_add_loopback_node(rose_address rose_node->mask = 10; rose_node->count = 1; rose_node->loopback = 1; - rose_node->neighbour[0] = &rose_loopback_neigh; + rose_node->neighbour[0] = rose_loopback_neigh; /* Insert at the head of list. Address is always mask=10 */ rose_node->next = rose_node_list; rose_node_list = rose_node; - rose_loopback_neigh.count++; + rose_loopback_neigh->count++; out: spin_unlock_bh(&rose_node_list_lock); @@ -454,7 +459,7 @@ void rose_del_loopback_node(rose_address rose_remove_node(rose_node); - rose_loopback_neigh.count--; + rose_loopback_neigh->count--; out: spin_unlock_bh(&rose_node_list_lock); Index: 2.6.22.11-queue/net/socket.c =================================================================== --- 2.6.22.11-queue.orig/net/socket.c 2007-10-03 15:52:45.000000000 -0400 +++ 2.6.22.11-queue/net/socket.c 2007-10-23 15:44:50.000000000 -0400 @@ -778,9 +778,6 @@ static ssize_t sock_aio_write(struct kio if (pos != 0) return -ESPIPE; - if (iocb->ki_left == 0) /* Match SYS5 behaviour */ - return 0; - x = alloc_sock_iocb(iocb, &siocb); if (!x) return -ENOMEM; Index: 2.6.22.11-queue/arch/sparc64/kernel/sys_sparc.c =================================================================== --- 2.6.22.11-queue.orig/arch/sparc64/kernel/sys_sparc.c 2007-07-16 13:23:48.000000000 -0400 +++ 2.6.22.11-queue/arch/sparc64/kernel/sys_sparc.c 2007-10-23 15:44:50.000000000 -0400 @@ -436,7 +436,7 @@ out: asmlinkage long sys_ipc(unsigned int call, int first, unsigned long second, unsigned long third, void __user *ptr, long fifth) { - int err; + long err; /* No need for backward compatibility. We can start fresh... */ if (call <= SEMCTL) { @@ -453,16 +453,9 @@ asmlinkage long sys_ipc(unsigned int cal err = sys_semget(first, (int)second, (int)third); goto out; case SEMCTL: { - union semun fourth; - err = -EINVAL; - if (!ptr) - goto out; - err = -EFAULT; - if (get_user(fourth.__pad, - (void __user * __user *) ptr)) - goto out; - err = sys_semctl(first, (int)second | IPC_64, - (int)third, fourth); + err = sys_semctl(first, third, + (int)second | IPC_64, + (union semun) ptr); goto out; } default: Index: 2.6.22.11-queue/net/ipv4/tcp_input.c =================================================================== --- 2.6.22.11-queue.orig/net/ipv4/tcp_input.c 2007-10-03 15:52:45.000000000 -0400 +++ 2.6.22.11-queue/net/ipv4/tcp_input.c 2007-10-23 15:44:50.000000000 -0400 @@ -2403,6 +2403,9 @@ static int tcp_tso_acked(struct sock *sk __u32 dval = min(tp->fackets_out, packets_acked); tp->fackets_out -= dval; } + /* hint's skb might be NULL but we don't need to care */ + tp->fastpath_cnt_hint -= min_t(u32, packets_acked, + tp->fastpath_cnt_hint); tp->packets_out -= packets_acked; BUG_ON(tcp_skb_pcount(skb) == 0); Index: 2.6.22.11-queue/include/net/tcp.h =================================================================== --- 2.6.22.11-queue.orig/include/net/tcp.h 2007-10-03 15:52:45.000000000 -0400 +++ 2.6.22.11-queue/include/net/tcp.h 2007-10-23 15:44:50.000000000 -0400 @@ -1061,14 +1061,12 @@ struct tcp_md5sig_key { }; struct tcp4_md5sig_key { - u8 *key; - u16 keylen; + struct tcp_md5sig_key base; __be32 addr; }; struct tcp6_md5sig_key { - u8 *key; - u16 keylen; + struct tcp_md5sig_key base; #if 0 u32 scope_id; /* XXX */ #endif Index: 2.6.22.11-queue/net/ipv4/tcp_ipv4.c =================================================================== --- 2.6.22.11-queue.orig/net/ipv4/tcp_ipv4.c 2007-10-03 15:52:45.000000000 -0400 +++ 2.6.22.11-queue/net/ipv4/tcp_ipv4.c 2007-10-23 15:44:50.000000000 -0400 @@ -833,8 +833,7 @@ static struct tcp_md5sig_key * return NULL; for (i = 0; i < tp->md5sig_info->entries4; i++) { if (tp->md5sig_info->keys4[i].addr == addr) - return (struct tcp_md5sig_key *) - &tp->md5sig_info->keys4[i]; + return &tp->md5sig_info->keys4[i].base; } return NULL; } @@ -865,9 +864,9 @@ int tcp_v4_md5_do_add(struct sock *sk, _ key = (struct tcp4_md5sig_key *)tcp_v4_md5_do_lookup(sk, addr); if (key) { /* Pre-existing entry - just update that one. */ - kfree(key->key); - key->key = newkey; - key->keylen = newkeylen; + kfree(key->base.key); + key->base.key = newkey; + key->base.keylen = newkeylen; } else { struct tcp_md5sig_info *md5sig; @@ -906,9 +905,9 @@ int tcp_v4_md5_do_add(struct sock *sk, _ md5sig->alloced4++; } md5sig->entries4++; - md5sig->keys4[md5sig->entries4 - 1].addr = addr; - md5sig->keys4[md5sig->entries4 - 1].key = newkey; - md5sig->keys4[md5sig->entries4 - 1].keylen = newkeylen; + md5sig->keys4[md5sig->entries4 - 1].addr = addr; + md5sig->keys4[md5sig->entries4 - 1].base.key = newkey; + md5sig->keys4[md5sig->entries4 - 1].base.keylen = newkeylen; } return 0; } @@ -930,7 +929,7 @@ int tcp_v4_md5_do_del(struct sock *sk, _ for (i = 0; i < tp->md5sig_info->entries4; i++) { if (tp->md5sig_info->keys4[i].addr == addr) { /* Free the key */ - kfree(tp->md5sig_info->keys4[i].key); + kfree(tp->md5sig_info->keys4[i].base.key); tp->md5sig_info->entries4--; if (tp->md5sig_info->entries4 == 0) { @@ -964,7 +963,7 @@ static void tcp_v4_clear_md5_list(struct if (tp->md5sig_info->entries4) { int i; for (i = 0; i < tp->md5sig_info->entries4; i++) - kfree(tp->md5sig_info->keys4[i].key); + kfree(tp->md5sig_info->keys4[i].base.key); tp->md5sig_info->entries4 = 0; tcp_free_md5sig_pool(); } Index: 2.6.22.11-queue/net/ipv6/tcp_ipv6.c =================================================================== --- 2.6.22.11-queue.orig/net/ipv6/tcp_ipv6.c 2007-10-03 15:52:45.000000000 -0400 +++ 2.6.22.11-queue/net/ipv6/tcp_ipv6.c 2007-10-23 15:44:50.000000000 -0400 @@ -551,7 +551,7 @@ static struct tcp_md5sig_key *tcp_v6_md5 for (i = 0; i < tp->md5sig_info->entries6; i++) { if (ipv6_addr_cmp(&tp->md5sig_info->keys6[i].addr, addr) == 0) - return (struct tcp_md5sig_key *)&tp->md5sig_info->keys6[i]; + return &tp->md5sig_info->keys6[i].base; } return NULL; } @@ -579,9 +579,9 @@ static int tcp_v6_md5_do_add(struct sock key = (struct tcp6_md5sig_key*) tcp_v6_md5_do_lookup(sk, peer); if (key) { /* modify existing entry - just update that one */ - kfree(key->key); - key->key = newkey; - key->keylen = newkeylen; + kfree(key->base.key); + key->base.key = newkey; + key->base.keylen = newkeylen; } else { /* reallocate new list if current one is full. */ if (!tp->md5sig_info) { @@ -615,8 +615,8 @@ static int tcp_v6_md5_do_add(struct sock ipv6_addr_copy(&tp->md5sig_info->keys6[tp->md5sig_info->entries6].addr, peer); - tp->md5sig_info->keys6[tp->md5sig_info->entries6].key = newkey; - tp->md5sig_info->keys6[tp->md5sig_info->entries6].keylen = newkeylen; + tp->md5sig_info->keys6[tp->md5sig_info->entries6].base.key = newkey; + tp->md5sig_info->keys6[tp->md5sig_info->entries6].base.keylen = newkeylen; tp->md5sig_info->entries6++; } @@ -638,7 +638,7 @@ static int tcp_v6_md5_do_del(struct sock for (i = 0; i < tp->md5sig_info->entries6; i++) { if (ipv6_addr_cmp(&tp->md5sig_info->keys6[i].addr, peer) == 0) { /* Free the key */ - kfree(tp->md5sig_info->keys6[i].key); + kfree(tp->md5sig_info->keys6[i].base.key); tp->md5sig_info->entries6--; if (tp->md5sig_info->entries6 == 0) { @@ -669,7 +669,7 @@ static void tcp_v6_clear_md5_list (struc if (tp->md5sig_info->entries6) { for (i = 0; i < tp->md5sig_info->entries6; i++) - kfree(tp->md5sig_info->keys6[i].key); + kfree(tp->md5sig_info->keys6[i].base.key); tp->md5sig_info->entries6 = 0; tcp_free_md5sig_pool(); } @@ -680,7 +680,7 @@ static void tcp_v6_clear_md5_list (struc if (tp->md5sig_info->entries4) { for (i = 0; i < tp->md5sig_info->entries4; i++) - kfree(tp->md5sig_info->keys4[i].key); + kfree(tp->md5sig_info->keys4[i].base.key); tp->md5sig_info->entries4 = 0; tcp_free_md5sig_pool(); } Index: 2.6.22.11-queue/drivers/char/random.c =================================================================== --- 2.6.22.11-queue.orig/drivers/char/random.c 2007-10-03 15:52:45.000000000 -0400 +++ 2.6.22.11-queue/drivers/char/random.c 2007-10-23 15:44:50.000000000 -0400 @@ -1550,11 +1550,13 @@ __u32 secure_tcp_sequence_number(__be32 * As close as possible to RFC 793, which * suggests using a 250 kHz clock. * Further reading shows this assumes 2 Mb/s networks. - * For 10 Gb/s Ethernet, a 1 GHz clock is appropriate. - * That's funny, Linux has one built in! Use it! - * (Networks are faster now - should this be increased?) + * For 10 Mb/s Ethernet, a 1 MHz clock is appropriate. + * For 10 Gb/s Ethernet, a 1 GHz clock should be ok, but + * we also need to limit the resolution so that the u32 seq + * overlaps less than one time per MSL (2 minutes). + * Choosing a clock of 64 ns period is OK. (period of 274 s) */ - seq += ktime_get_real().tv64; + seq += ktime_get_real().tv64 >> 6; #if 0 printk("init_seq(%lx, %lx, %d, %d) = %d\n", saddr, daddr, sport, dport, seq); Index: kernel-2.6.spec =================================================================== RCS file: /cvs/dist/rpms/kernel/FC-6/kernel-2.6.spec,v retrieving revision 1.3032 retrieving revision 1.3033 diff -u -r1.3032 -r1.3033 --- kernel-2.6.spec 22 Oct 2007 16:53:19 -0000 1.3032 +++ kernel-2.6.spec 23 Oct 2007 19:52:06 -0000 1.3033 @@ -496,8 +496,8 @@ %endif -# stable -rc -# Patch02: patch-2.6.22.6-rc1.patch +# unreleased stable patch +Patch02: linux-2.6-snapshot-2.6.22.11.patch %if !%{nopatches} @@ -625,7 +625,6 @@ Patch781: linux-2.6-usb-allow-1-byte-replies.patch Patch782: linux-2.6-usb-fixup-interval-lengths.patch -Patch790: linux-2.6-acpi-disable-cstates-in-suspend.patch Patch791: linux-2.6-acpi-kill-dmesg-spam.patch Patch800: linux-2.6-wakeups-hdaps.patch @@ -1070,8 +1069,8 @@ %endif -# stable -rc -# ApplyPatch patch-2.6.22.9-rc1.patch +# unreleased stable patch +ApplyPatch linux-2.6-snapshot-2.6.22.11.patch # This patch adds a "make nonint_oldconfig" which is non-interactive and # also gives a list of missing options at the end. Useful for automated @@ -1347,8 +1346,6 @@ # timers # ACPI patches -# fix some suspend bugs -ApplyPatch linux-2.6-acpi-disable-cstates-in-suspend.patch # silence noisy message ApplyPatch linux-2.6-acpi-kill-dmesg-spam.patch @@ -2287,6 +2284,9 @@ %endif %changelog +* Tue Oct 23 2007 Chuck Ebbert +- add patches queued for 2.6.22.11 + * Mon Oct 22 2007 Chuck Ebbert - Don't create /sys/module/nousb/ --- linux-2.6-acpi-disable-cstates-in-suspend.patch DELETED --- From fedora-cvs-commits at redhat.com Wed Oct 24 13:06:31 2007 From: fedora-cvs-commits at redhat.com (fedora-cvs-commits at redhat.com) Date: Wed, 24 Oct 2007 09:06:31 -0400 Subject: rpms/tar/FC-6 tar-1.15.1-safer_name_suffix.patch, NONE, 1.1 tar.spec, 1.56, 1.57 Message-ID: <200710241306.l9OD6VQD029040@cvs.devel.redhat.com> Author: rbrich Update of /cvs/dist/rpms/tar/FC-6 In directory cvs.devel.redhat.com:/tmp/cvs-serv29023 Modified Files: tar.spec Added Files: tar-1.15.1-safer_name_suffix.patch Log Message: CVE-2007-4476 tar-1.15.1-safer_name_suffix.patch: names.c | 42 ++++++++++++++++++++++++++++++++---------- 1 files changed, 32 insertions(+), 10 deletions(-) --- NEW FILE tar-1.15.1-safer_name_suffix.patch --- diff -up tar-1.15.1/src/names.c.safer_name_suffix tar-1.15.1/src/names.c --- tar-1.15.1/src/names.c.safer_name_suffix 2007-10-22 16:21:20.000000000 +0200 +++ tar-1.15.1/src/names.c 2007-10-22 16:23:45.000000000 +0200 @@ -958,15 +958,27 @@ hash_string_compare (void const *name1, return strcmp (name1, name2) == 0; } -/* Return zero if TABLE contains a copy of STRING; otherwise, insert a - copy of STRING to TABLE and return 1. */ +/* Return zero if TABLE contains a LEN-character long prefix of STRING, + otherwise, insert a newly allocated copy of this prefix to TABLE and + return 1. If RETURN_PREFIX is not NULL, point it to the allocated + copy. */ static bool -hash_string_insert (Hash_table **table, char const *string) +hash_string_insert_prefix (Hash_table **table, char const *string, size_t len, + const char **return_prefix) { Hash_table *t = *table; - char *s = xstrdup (string); + char *s; char *e; + if (len) + { + s = xmalloc (len + 1); + memcpy (s, string, len); + s[len] = 0; + } + else + s = xstrdup (string); + if (! ((t || (*table = t = hash_initialize (0, 0, hash_string_hasher, hash_string_compare, 0))) @@ -974,7 +986,11 @@ hash_string_insert (Hash_table **table, xalloc_die (); if (e == s) - return 1; + { + if (return_prefix) + *return_prefix = s; + return 1; + } else { free (s); @@ -982,6 +998,14 @@ hash_string_insert (Hash_table **table, } } +/* Return zero if TABLE contains a copy of STRING; otherwise, insert a + copy of STRING to TABLE and return 1. */ +bool +hash_string_insert (Hash_table **table, char const *string) +{ + return hash_string_insert_prefix (table, string, 0, NULL); +} + /* Return 1 if TABLE contains STRING. */ static bool hash_string_lookup (Hash_table const *table, char const *string) @@ -1082,11 +1106,9 @@ safer_name_suffix (char const *file_name if (prefix_len) { - char *prefix = alloca (prefix_len + 1); - memcpy (prefix, file_name, prefix_len); - prefix[prefix_len] = '\0'; - - if (hash_string_insert (&prefix_table[link_target], prefix)) + const char *prefix; + if (hash_string_insert_prefix (&prefix_table[link_target], file_name, + prefix_len, &prefix)) { static char const *const diagnostic[] = { Index: tar.spec =================================================================== RCS file: /cvs/dist/rpms/tar/FC-6/tar.spec,v retrieving revision 1.56 retrieving revision 1.57 diff -u -r1.56 -r1.57 --- tar.spec 29 Aug 2007 09:01:25 -0000 1.56 +++ tar.spec 24 Oct 2007 13:06:28 -0000 1.57 @@ -2,7 +2,7 @@ Name: tar Epoch: 2 Version: 1.15.1 -Release: 26%{?dist} +Release: 27%{?dist} License: GPL Group: Applications/Archiving URL: http://www.gnu.org/software/tar/ @@ -27,6 +27,7 @@ Patch16: tar-1.15.1-mangling.patch Patch17: tar-1.15.1-stdout.patch Patch18: tar-1.15.1-dot_dot_vuln.patch +Patch19: tar-1.15.1-safer_name_suffix.patch Prereq: info BuildRequires: autoconf automake gzip libacl-devel libselinux-devel Buildroot: %{_tmppath}/%{name}-%{version}-root @@ -63,6 +64,7 @@ %patch16 -p1 -b .mangling %patch17 -p1 -b .stdout %patch18 -p1 -b .dot_dot_vuln +%patch19 -p1 -b .safer_name_suffix automake %build @@ -120,6 +122,10 @@ %{_infodir}/tar.info* %changelog +* Wed Oct 24 2007 Radek Brich 2:1.15.1-27 +- backported upstream patch for CVE-2007-4476 + (tar stack crashing in safer_name_suffix) + * Wed Aug 29 2007 Radek Brich 2:1.15.1-26 - Fix CVE-2007-4131 tar directory traversal vulnerability (#253685) From fedora-cvs-commits at redhat.com Thu Oct 25 13:13:38 2007 From: fedora-cvs-commits at redhat.com (fedora-cvs-commits at redhat.com) Date: Thu, 25 Oct 2007 09:13:38 -0400 Subject: rpms/rpm/FC-6 config.guess, NONE, 1.1 config.sub, NONE, 1.1 rpm-4.4.2.1-addinstall.patch, NONE, 1.1 rpm-4.4.2.1-macrobuffer.patch, NONE, 1.1 rpm.spec, 1.217, 1.218 Message-ID: <200710251313.l9PDDcOK025341@cvs.devel.redhat.com> Author: pmatilai Update of /cvs/dist/rpms/rpm/FC-6 In directory cvs.devel.redhat.com:/tmp/cvs-serv25216 Modified Files: rpm.spec Added Files: config.guess config.sub rpm-4.4.2.1-addinstall.patch rpm-4.4.2.1-macrobuffer.patch Log Message: - updated versions of config.guess and config.sub (#259761) - fix rpmbuild macro buffer overflow on spec parsing (#253971) - dont treat adding same package to transaction twice as error (#303531) --- NEW FILE config.guess --- #! /bin/sh # Attempt to guess a canonical system name. # Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, # 2000, 2001, 2002, 2003 Free Software Foundation, Inc. timestamp='2003-06-17' # This file is free software; you can redistribute it and/or modify it # under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, but # WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU # General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. # # As a special exception to the GNU General Public License, if you # distribute this file as part of a program that contains a # configuration script generated by Autoconf, you may include it under # the same distribution terms that you use for the rest of that program. # Originally written by Per Bothner . # Please send patches to . Submit a context # diff and a properly formatted ChangeLog entry. # # This script attempts to guess a canonical system name similar to # config.sub. If it succeeds, it prints the system name on stdout, and # exits with 0. Otherwise, it exits with 1. # # The plan is that this can be called by configure scripts if you # don't specify an explicit build system type. me=`echo "$0" | sed -e 's,.*/,,'` usage="\ Usage: $0 [OPTION] Output the configuration name of the system \`$me' is run on. Operation modes: -h, --help print this help, then exit -t, --time-stamp print date of last modification, then exit -v, --version print version number, then exit Report bugs and patches to ." version="\ GNU config.guess ($timestamp) Originally written by Per Bothner. Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001 Free Software Foundation, Inc. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE." help=" Try \`$me --help' for more information." # Parse command line while test $# -gt 0 ; do case $1 in --time-stamp | --time* | -t ) echo "$timestamp" ; exit 0 ;; --version | -v ) echo "$version" ; exit 0 ;; --help | --h* | -h ) echo "$usage"; exit 0 ;; -- ) # Stop option processing shift; break ;; - ) # Use stdin as input. break ;; -* ) echo "$me: invalid option $1$help" >&2 exit 1 ;; * ) break ;; esac done if test $# != 0; then echo "$me: too many arguments$help" >&2 exit 1 fi trap 'exit 1' 1 2 15 # CC_FOR_BUILD -- compiler used by this script. Note that the use of a # compiler to aid in system detection is discouraged as it requires # temporary files to be created and, as you can see below, it is a # headache to deal with in a portable fashion. # Historically, `CC_FOR_BUILD' used to be named `HOST_CC'. We still # use `HOST_CC' if defined, but it is deprecated. # Portable tmp directory creation inspired by the Autoconf team. set_cc_for_build=' trap "exitcode=\$?; (rm -f \$tmpfiles 2>/dev/null; rmdir \$tmp 2>/dev/null) && exit \$exitcode" 0 ; trap "rm -f \$tmpfiles 2>/dev/null; rmdir \$tmp 2>/dev/null; exit 1" 1 2 13 15 ; : ${TMPDIR=/tmp} ; { tmp=`(umask 077 && mktemp -d -q "$TMPDIR/cgXXXXXX") 2>/dev/null` && test -n "$tmp" && test -d "$tmp" ; } || { test -n "$RANDOM" && tmp=$TMPDIR/cg$$-$RANDOM && (umask 077 && mkdir $tmp) ; } || { tmp=$TMPDIR/cg-$$ && (umask 077 && mkdir $tmp) && echo "Warning: creating insecure temp directory" >&2 ; } || { echo "$me: cannot create a temporary directory in $TMPDIR" >&2 ; exit 1 ; } ; dummy=$tmp/dummy ; tmpfiles="$dummy.c $dummy.o $dummy.rel $dummy" ; case $CC_FOR_BUILD,$HOST_CC,$CC in ,,) echo "int x;" > $dummy.c ; for c in cc gcc c89 c99 ; do if ($c -c -o $dummy.o $dummy.c) >/dev/null 2>&1 ; then CC_FOR_BUILD="$c"; break ; fi ; done ; if test x"$CC_FOR_BUILD" = x ; then CC_FOR_BUILD=no_compiler_found ; fi ;; ,,*) CC_FOR_BUILD=$CC ;; ,*,*) CC_FOR_BUILD=$HOST_CC ;; esac ;' # This is needed to find uname on a Pyramid OSx when run in the BSD universe. # (ghazi at noc.rutgers.edu 1994-08-24) if (test -f /.attbin/uname) >/dev/null 2>&1 ; then PATH=$PATH:/.attbin ; export PATH fi UNAME_MACHINE=`(uname -m) 2>/dev/null` || UNAME_MACHINE=unknown UNAME_RELEASE=`(uname -r) 2>/dev/null` || UNAME_RELEASE=unknown UNAME_SYSTEM=`(uname -s) 2>/dev/null` || UNAME_SYSTEM=unknown UNAME_VERSION=`(uname -v) 2>/dev/null` || UNAME_VERSION=unknown ## for Red Hat Linux if test -f /etc/redhat-release ; then VENDOR=redhat ; else VENDOR= ; fi # Note: order is significant - the case branches are not exclusive. case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in *:NetBSD:*:*) # NetBSD (nbsd) targets should (where applicable) match one or # more of the tupples: *-*-netbsdelf*, *-*-netbsdaout*, # *-*-netbsdecoff* and *-*-netbsd*. For targets that recently # switched to ELF, *-*-netbsd* would select the old # object file format. This provides both forward # compatibility and a consistent mechanism for selecting the # object file format. # # Note: NetBSD doesn't particularly care about the vendor # portion of the name. We always set it to "unknown". sysctl="sysctl -n hw.machine_arch" UNAME_MACHINE_ARCH=`(/sbin/$sysctl 2>/dev/null || \ /usr/sbin/$sysctl 2>/dev/null || echo unknown)` case "${UNAME_MACHINE_ARCH}" in armeb) machine=armeb-unknown ;; arm*) machine=arm-unknown ;; sh3el) machine=shl-unknown ;; sh3eb) machine=sh-unknown ;; *) machine=${UNAME_MACHINE_ARCH}-unknown ;; esac # The Operating System including object format, if it has switched # to ELF recently, or will in the future. case "${UNAME_MACHINE_ARCH}" in arm*|i386|m68k|ns32k|sh3*|sparc|vax) eval $set_cc_for_build if echo __ELF__ | $CC_FOR_BUILD -E - 2>/dev/null \ | grep __ELF__ >/dev/null then # Once all utilities can be ECOFF (netbsdecoff) or a.out (netbsdaout). # Return netbsd for either. FIX? os=netbsd else os=netbsdelf fi ;; *) os=netbsd ;; esac # The OS release # Debian GNU/NetBSD machines have a different userland, and # thus, need a distinct triplet. However, they do not need # kernel version information, so it can be replaced with a # suitable tag, in the style of linux-gnu. case "${UNAME_VERSION}" in Debian*) release='-gnu' ;; *) release=`echo ${UNAME_RELEASE}|sed -e 's/[-_].*/\./'` ;; esac # Since CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM: # contains redundant information, the shorter form: # CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM is used. echo "${machine}-${os}${release}" exit 0 ;; amiga:OpenBSD:*:*) echo m68k-unknown-openbsd${UNAME_RELEASE} exit 0 ;; arc:OpenBSD:*:*) echo mipsel-unknown-openbsd${UNAME_RELEASE} exit 0 ;; hp300:OpenBSD:*:*) echo m68k-unknown-openbsd${UNAME_RELEASE} exit 0 ;; mac68k:OpenBSD:*:*) echo m68k-unknown-openbsd${UNAME_RELEASE} exit 0 ;; macppc:OpenBSD:*:*) echo powerpc-unknown-openbsd${UNAME_RELEASE} exit 0 ;; mvme68k:OpenBSD:*:*) echo m68k-unknown-openbsd${UNAME_RELEASE} exit 0 ;; mvme88k:OpenBSD:*:*) echo m88k-unknown-openbsd${UNAME_RELEASE} exit 0 ;; mvmeppc:OpenBSD:*:*) echo powerpc-unknown-openbsd${UNAME_RELEASE} exit 0 ;; pmax:OpenBSD:*:*) echo mipsel-unknown-openbsd${UNAME_RELEASE} exit 0 ;; sgi:OpenBSD:*:*) echo mipseb-unknown-openbsd${UNAME_RELEASE} exit 0 ;; sun3:OpenBSD:*:*) echo m68k-unknown-openbsd${UNAME_RELEASE} exit 0 ;; wgrisc:OpenBSD:*:*) echo mipsel-unknown-openbsd${UNAME_RELEASE} exit 0 ;; *:OpenBSD:*:*) echo ${UNAME_MACHINE}-unknown-openbsd${UNAME_RELEASE} exit 0 ;; alpha:OSF1:*:*) if test $UNAME_RELEASE = "V4.0"; then UNAME_RELEASE=`/usr/sbin/sizer -v | awk '{print $3}'` fi # According to Compaq, /usr/sbin/psrinfo has been available on # OSF/1 and Tru64 systems produced since 1995. I hope that # covers most systems running today. This code pipes the CPU # types through head -n 1, so we only detect the type of CPU 0. ALPHA_CPU_TYPE=`/usr/sbin/psrinfo -v | sed -n -e 's/^ The alpha \(.*\) processor.*$/\1/p' | head -n 1` case "$ALPHA_CPU_TYPE" in "EV4 (21064)") UNAME_MACHINE="alpha" ;; "EV4.5 (21064)") UNAME_MACHINE="alpha" ;; "LCA4 (21066/21068)") UNAME_MACHINE="alpha" ;; "EV5 (21164)") UNAME_MACHINE="alphaev5" ;; "EV5.6 (21164A)") UNAME_MACHINE="alphaev56" ;; "EV5.6 (21164PC)") UNAME_MACHINE="alphapca56" ;; "EV5.7 (21164PC)") UNAME_MACHINE="alphapca57" ;; "EV6 (21264)") UNAME_MACHINE="alphaev6" ;; "EV6.7 (21264A)") UNAME_MACHINE="alphaev67" ;; "EV6.8CB (21264C)") UNAME_MACHINE="alphaev68" ;; "EV6.8AL (21264B)") UNAME_MACHINE="alphaev68" ;; "EV6.8CX (21264D)") UNAME_MACHINE="alphaev68" ;; "EV6.9A (21264/EV69A)") UNAME_MACHINE="alphaev69" ;; "EV7 (21364)") UNAME_MACHINE="alphaev7" ;; "EV7.9 (21364A)") UNAME_MACHINE="alphaev79" ;; esac # A Vn.n version is a released version. # A Tn.n version is a released field test version. # A Xn.n version is an unreleased experimental baselevel. # 1.2 uses "1.2" for uname -r. echo ${UNAME_MACHINE}-dec-osf`echo ${UNAME_RELEASE} | sed -e 's/^[VTX]//' | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'` exit 0 ;; Alpha*:OpenVMS:*:*) echo alpha-hp-vms exit 0 ;; Alpha\ *:Windows_NT*:*) # How do we know it's Interix rather than the generic POSIX subsystem? # Should we change UNAME_MACHINE based on the output of uname instead # of the specific Alpha model? echo alpha-pc-interix exit 0 ;; 21064:Windows_NT:50:3) echo alpha-dec-winnt3.5 exit 0 ;; Amiga*:UNIX_System_V:4.0:*) echo m68k-unknown-sysv4 exit 0;; *:[Aa]miga[Oo][Ss]:*:*) echo ${UNAME_MACHINE}-unknown-amigaos exit 0 ;; *:[Mm]orph[Oo][Ss]:*:*) echo ${UNAME_MACHINE}-unknown-morphos exit 0 ;; *:OS/390:*:*) echo i370-ibm-openedition exit 0 ;; arm:RISC*:1.[012]*:*|arm:riscix:1.[012]*:*) echo arm-acorn-riscix${UNAME_RELEASE} exit 0;; SR2?01:HI-UX/MPP:*:* | SR8000:HI-UX/MPP:*:*) echo hppa1.1-hitachi-hiuxmpp exit 0;; Pyramid*:OSx*:*:* | MIS*:OSx*:*:* | MIS*:SMP_DC-OSx*:*:*) # akee at wpdis03.wpafb.af.mil (Earle F. Ake) contributed MIS and NILE. if test "`(/bin/universe) 2>/dev/null`" = att ; then echo pyramid-pyramid-sysv3 else echo pyramid-pyramid-bsd fi exit 0 ;; NILE*:*:*:dcosx) echo pyramid-pyramid-svr4 exit 0 ;; DRS?6000:unix:4.0:6*) echo sparc-icl-nx6 exit 0 ;; DRS?6000:UNIX_SV:4.2*:7*) case `/usr/bin/uname -p` in sparc) echo sparc-icl-nx7 && exit 0 ;; esac ;; sun4H:SunOS:5.*:*) echo sparc-hal-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` exit 0 ;; sun4*:SunOS:5.*:* | tadpole*:SunOS:5.*:*) echo sparc-sun-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` exit 0 ;; i86pc:SunOS:5.*:*) echo i386-pc-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` exit 0 ;; sun4*:SunOS:6*:*) # According to config.sub, this is the proper way to canonicalize # SunOS6. Hard to guess exactly what SunOS6 will be like, but # it's likely to be more like Solaris than SunOS4. echo sparc-sun-solaris3`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` exit 0 ;; sun4*:SunOS:*:*) case "`/usr/bin/arch -k`" in Series*|S4*) UNAME_RELEASE=`uname -v` ;; esac # Japanese Language versions have a version number like `4.1.3-JL'. echo sparc-sun-sunos`echo ${UNAME_RELEASE}|sed -e 's/-/_/'` exit 0 ;; sun3*:SunOS:*:*) echo m68k-sun-sunos${UNAME_RELEASE} exit 0 ;; sun*:*:4.2BSD:*) UNAME_RELEASE=`(sed 1q /etc/motd | awk '{print substr($5,1,3)}') 2>/dev/null` test "x${UNAME_RELEASE}" = "x" && UNAME_RELEASE=3 case "`/bin/arch`" in sun3) echo m68k-sun-sunos${UNAME_RELEASE} ;; sun4) echo sparc-sun-sunos${UNAME_RELEASE} ;; esac exit 0 ;; aushp:SunOS:*:*) echo sparc-auspex-sunos${UNAME_RELEASE} exit 0 ;; # The situation for MiNT is a little confusing. The machine name # can be virtually everything (everything which is not # "atarist" or "atariste" at least should have a processor # > m68000). The system name ranges from "MiNT" over "FreeMiNT" # to the lowercase version "mint" (or "freemint"). Finally # the system name "TOS" denotes a system which is actually not # MiNT. But MiNT is downward compatible to TOS, so this should # be no problem. atarist[e]:*MiNT:*:* | atarist[e]:*mint:*:* | atarist[e]:*TOS:*:*) echo m68k-atari-mint${UNAME_RELEASE} exit 0 ;; atari*:*MiNT:*:* | atari*:*mint:*:* | atarist[e]:*TOS:*:*) echo m68k-atari-mint${UNAME_RELEASE} exit 0 ;; *falcon*:*MiNT:*:* | *falcon*:*mint:*:* | *falcon*:*TOS:*:*) echo m68k-atari-mint${UNAME_RELEASE} exit 0 ;; milan*:*MiNT:*:* | milan*:*mint:*:* | *milan*:*TOS:*:*) echo m68k-milan-mint${UNAME_RELEASE} exit 0 ;; hades*:*MiNT:*:* | hades*:*mint:*:* | *hades*:*TOS:*:*) echo m68k-hades-mint${UNAME_RELEASE} exit 0 ;; *:*MiNT:*:* | *:*mint:*:* | *:*TOS:*:*) echo m68k-unknown-mint${UNAME_RELEASE} exit 0 ;; powerpc:machten:*:*) echo powerpc-apple-machten${UNAME_RELEASE} exit 0 ;; RISC*:Mach:*:*) echo mips-dec-mach_bsd4.3 exit 0 ;; RISC*:ULTRIX:*:*) echo mips-dec-ultrix${UNAME_RELEASE} exit 0 ;; VAX*:ULTRIX*:*:*) echo vax-dec-ultrix${UNAME_RELEASE} exit 0 ;; 2020:CLIX:*:* | 2430:CLIX:*:*) echo clipper-intergraph-clix${UNAME_RELEASE} exit 0 ;; mips:*:*:UMIPS | mips:*:*:RISCos) eval $set_cc_for_build sed 's/^ //' << EOF >$dummy.c #ifdef __cplusplus #include /* for printf() prototype */ int main (int argc, char *argv[]) { #else int main (argc, argv) int argc; char *argv[]; { #endif #if defined (host_mips) && defined (MIPSEB) #if defined (SYSTYPE_SYSV) printf ("mips-mips-riscos%ssysv\n", argv[1]); exit (0); #endif #if defined (SYSTYPE_SVR4) printf ("mips-mips-riscos%ssvr4\n", argv[1]); exit (0); #endif #if defined (SYSTYPE_BSD43) || defined(SYSTYPE_BSD) printf ("mips-mips-riscos%sbsd\n", argv[1]); exit (0); #endif #endif exit (-1); } EOF $CC_FOR_BUILD -o $dummy $dummy.c \ && $dummy `echo "${UNAME_RELEASE}" | sed -n 's/\([0-9]*\).*/\1/p'` \ && exit 0 echo mips-mips-riscos${UNAME_RELEASE} exit 0 ;; Motorola:PowerMAX_OS:*:*) echo powerpc-motorola-powermax exit 0 ;; Motorola:*:4.3:PL8-*) echo powerpc-harris-powermax exit 0 ;; Night_Hawk:*:*:PowerMAX_OS | Synergy:PowerMAX_OS:*:*) echo powerpc-harris-powermax exit 0 ;; Night_Hawk:Power_UNIX:*:*) echo powerpc-harris-powerunix exit 0 ;; m88k:CX/UX:7*:*) echo m88k-harris-cxux7 exit 0 ;; m88k:*:4*:R4*) echo m88k-motorola-sysv4 exit 0 ;; m88k:*:3*:R3*) echo m88k-motorola-sysv3 exit 0 ;; AViiON:dgux:*:*) # DG/UX returns AViiON for all architectures UNAME_PROCESSOR=`/usr/bin/uname -p` if [ $UNAME_PROCESSOR = mc88100 ] || [ $UNAME_PROCESSOR = mc88110 ] then if [ ${TARGET_BINARY_INTERFACE}x = m88kdguxelfx ] || \ [ ${TARGET_BINARY_INTERFACE}x = x ] then echo m88k-dg-dgux${UNAME_RELEASE} else echo m88k-dg-dguxbcs${UNAME_RELEASE} fi else echo i586-dg-dgux${UNAME_RELEASE} fi exit 0 ;; M88*:DolphinOS:*:*) # DolphinOS (SVR3) echo m88k-dolphin-sysv3 exit 0 ;; M88*:*:R3*:*) # Delta 88k system running SVR3 echo m88k-motorola-sysv3 exit 0 ;; XD88*:*:*:*) # Tektronix XD88 system running UTekV (SVR3) echo m88k-tektronix-sysv3 exit 0 ;; Tek43[0-9][0-9]:UTek:*:*) # Tektronix 4300 system running UTek (BSD) echo m68k-tektronix-bsd exit 0 ;; *:IRIX*:*:*) echo mips-sgi-irix`echo ${UNAME_RELEASE}|sed -e 's/-/_/g'` exit 0 ;; ????????:AIX?:[12].1:2) # AIX 2.2.1 or AIX 2.1.1 is RT/PC AIX. echo romp-ibm-aix # uname -m gives an 8 hex-code CPU id exit 0 ;; # Note that: echo "'`uname -s`'" gives 'AIX ' i*86:AIX:*:*) echo i386-ibm-aix exit 0 ;; ia64:AIX:*:*) if [ -x /usr/bin/oslevel ] ; then IBM_REV=`/usr/bin/oslevel` else IBM_REV=${UNAME_VERSION}.${UNAME_RELEASE} fi echo ${UNAME_MACHINE}-ibm-aix${IBM_REV} exit 0 ;; *:AIX:2:3) if grep bos325 /usr/include/stdio.h >/dev/null 2>&1; then eval $set_cc_for_build sed 's/^ //' << EOF >$dummy.c #include main() { if (!__power_pc()) exit(1); puts("powerpc-ibm-aix3.2.5"); exit(0); } EOF $CC_FOR_BUILD -o $dummy $dummy.c && $dummy && exit 0 echo rs6000-ibm-aix3.2.5 elif grep bos324 /usr/include/stdio.h >/dev/null 2>&1; then echo rs6000-ibm-aix3.2.4 else echo rs6000-ibm-aix3.2 fi exit 0 ;; *:AIX:*:[45]) IBM_CPU_ID=`/usr/sbin/lsdev -C -c processor -S available | sed 1q | awk '{ print $1 }'` if /usr/sbin/lsattr -El ${IBM_CPU_ID} | grep ' POWER' >/dev/null 2>&1; then IBM_ARCH=rs6000 else IBM_ARCH=powerpc fi if [ -x /usr/bin/oslevel ] ; then IBM_REV=`/usr/bin/oslevel` else IBM_REV=${UNAME_VERSION}.${UNAME_RELEASE} fi echo ${IBM_ARCH}-ibm-aix${IBM_REV} exit 0 ;; *:AIX:*:*) echo rs6000-ibm-aix exit 0 ;; ibmrt:4.4BSD:*|romp-ibm:BSD:*) echo romp-ibm-bsd4.4 exit 0 ;; ibmrt:*BSD:*|romp-ibm:BSD:*) # covers RT/PC BSD and echo romp-ibm-bsd${UNAME_RELEASE} # 4.3 with uname added to exit 0 ;; # report: romp-ibm BSD 4.3 *:BOSX:*:*) echo rs6000-bull-bosx exit 0 ;; DPX/2?00:B.O.S.:*:*) echo m68k-bull-sysv3 exit 0 ;; 9000/[34]??:4.3bsd:1.*:*) echo m68k-hp-bsd exit 0 ;; hp300:4.4BSD:*:* | 9000/[34]??:4.3bsd:2.*:*) echo m68k-hp-bsd4.4 exit 0 ;; 9000/[34678]??:HP-UX:*:*) HPUX_REV=`echo ${UNAME_RELEASE}|sed -e 's/[^.]*.[0B]*//'` case "${UNAME_MACHINE}" in 9000/31? ) HP_ARCH=m68000 ;; 9000/[34]?? ) HP_ARCH=m68k ;; 9000/[678][0-9][0-9]) if [ -x /usr/bin/getconf ]; then sc_cpu_version=`/usr/bin/getconf SC_CPU_VERSION 2>/dev/null` sc_kernel_bits=`/usr/bin/getconf SC_KERNEL_BITS 2>/dev/null` case "${sc_cpu_version}" in 523) HP_ARCH="hppa1.0" ;; # CPU_PA_RISC1_0 528) HP_ARCH="hppa1.1" ;; # CPU_PA_RISC1_1 532) # CPU_PA_RISC2_0 case "${sc_kernel_bits}" in 32) HP_ARCH="hppa2.0n" ;; 64) HP_ARCH="hppa2.0w" ;; '') HP_ARCH="hppa2.0" ;; # HP-UX 10.20 esac ;; esac fi if [ "${HP_ARCH}" = "" ]; then eval $set_cc_for_build sed 's/^ //' << EOF >$dummy.c #define _HPUX_SOURCE #include #include int main () { #if defined(_SC_KERNEL_BITS) long bits = sysconf(_SC_KERNEL_BITS); #endif long cpu = sysconf (_SC_CPU_VERSION); switch (cpu) { case CPU_PA_RISC1_0: puts ("hppa1.0"); break; case CPU_PA_RISC1_1: puts ("hppa1.1"); break; case CPU_PA_RISC2_0: #if defined(_SC_KERNEL_BITS) switch (bits) { case 64: puts ("hppa2.0w"); break; case 32: puts ("hppa2.0n"); break; default: puts ("hppa2.0"); break; } break; #else /* !defined(_SC_KERNEL_BITS) */ puts ("hppa2.0"); break; #endif default: puts ("hppa1.0"); break; } exit (0); } EOF (CCOPTS= $CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null) && HP_ARCH=`$dummy` test -z "$HP_ARCH" && HP_ARCH=hppa fi ;; esac if [ ${HP_ARCH} = "hppa2.0w" ] then # avoid double evaluation of $set_cc_for_build test -n "$CC_FOR_BUILD" || eval $set_cc_for_build if echo __LP64__ | (CCOPTS= $CC_FOR_BUILD -E -) | grep __LP64__ >/dev/null then HP_ARCH="hppa2.0w" else HP_ARCH="hppa64" fi fi echo ${HP_ARCH}-hp-hpux${HPUX_REV} exit 0 ;; ia64:HP-UX:*:*) HPUX_REV=`echo ${UNAME_RELEASE}|sed -e 's/[^.]*.[0B]*//'` echo ia64-hp-hpux${HPUX_REV} exit 0 ;; 3050*:HI-UX:*:*) eval $set_cc_for_build sed 's/^ //' << EOF >$dummy.c #include int main () { long cpu = sysconf (_SC_CPU_VERSION); /* The order matters, because CPU_IS_HP_MC68K erroneously returns true for CPU_PA_RISC1_0. CPU_IS_PA_RISC returns correct results, however. */ if (CPU_IS_PA_RISC (cpu)) { switch (cpu) { case CPU_PA_RISC1_0: puts ("hppa1.0-hitachi-hiuxwe2"); break; case CPU_PA_RISC1_1: puts ("hppa1.1-hitachi-hiuxwe2"); break; case CPU_PA_RISC2_0: puts ("hppa2.0-hitachi-hiuxwe2"); break; default: puts ("hppa-hitachi-hiuxwe2"); break; } } else if (CPU_IS_HP_MC68K (cpu)) puts ("m68k-hitachi-hiuxwe2"); else puts ("unknown-hitachi-hiuxwe2"); exit (0); } EOF $CC_FOR_BUILD -o $dummy $dummy.c && $dummy && exit 0 echo unknown-hitachi-hiuxwe2 exit 0 ;; 9000/7??:4.3bsd:*:* | 9000/8?[79]:4.3bsd:*:* ) echo hppa1.1-hp-bsd exit 0 ;; 9000/8??:4.3bsd:*:*) echo hppa1.0-hp-bsd exit 0 ;; *9??*:MPE/iX:*:* | *3000*:MPE/iX:*:*) echo hppa1.0-hp-mpeix exit 0 ;; hp7??:OSF1:*:* | hp8?[79]:OSF1:*:* ) echo hppa1.1-hp-osf exit 0 ;; hp8??:OSF1:*:*) echo hppa1.0-hp-osf exit 0 ;; i*86:OSF1:*:*) if [ -x /usr/sbin/sysversion ] ; then echo ${UNAME_MACHINE}-unknown-osf1mk else echo ${UNAME_MACHINE}-unknown-osf1 fi exit 0 ;; parisc*:Lites*:*:*) echo hppa1.1-hp-lites exit 0 ;; C1*:ConvexOS:*:* | convex:ConvexOS:C1*:*) echo c1-convex-bsd exit 0 ;; C2*:ConvexOS:*:* | convex:ConvexOS:C2*:*) if getsysinfo -f scalar_acc then echo c32-convex-bsd else echo c2-convex-bsd fi exit 0 ;; C34*:ConvexOS:*:* | convex:ConvexOS:C34*:*) echo c34-convex-bsd exit 0 ;; C38*:ConvexOS:*:* | convex:ConvexOS:C38*:*) echo c38-convex-bsd exit 0 ;; C4*:ConvexOS:*:* | convex:ConvexOS:C4*:*) echo c4-convex-bsd exit 0 ;; CRAY*Y-MP:*:*:*) echo ymp-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' exit 0 ;; CRAY*[A-Z]90:*:*:*) echo ${UNAME_MACHINE}-cray-unicos${UNAME_RELEASE} \ | sed -e 's/CRAY.*\([A-Z]90\)/\1/' \ -e y/ABCDEFGHIJKLMNOPQRSTUVWXYZ/abcdefghijklmnopqrstuvwxyz/ \ -e 's/\.[^.]*$/.X/' exit 0 ;; CRAY*TS:*:*:*) echo t90-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' exit 0 ;; CRAY*T3E:*:*:*) echo alphaev5-cray-unicosmk${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' exit 0 ;; CRAY*SV1:*:*:*) echo sv1-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' exit 0 ;; *:UNICOS/mp:*:*) echo nv1-cray-unicosmp${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' exit 0 ;; F30[01]:UNIX_System_V:*:* | F700:UNIX_System_V:*:*) FUJITSU_PROC=`uname -m | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'` FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'` FUJITSU_REL=`echo ${UNAME_RELEASE} | sed -e 's/ /_/'` echo "${FUJITSU_PROC}-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}" exit 0 ;; i*86:BSD/386:*:* | i*86:BSD/OS:*:* | *:Ascend\ Embedded/OS:*:*) echo ${UNAME_MACHINE}-pc-bsdi${UNAME_RELEASE} exit 0 ;; sparc*:BSD/OS:*:*) echo sparc-unknown-bsdi${UNAME_RELEASE} exit 0 ;; *:BSD/OS:*:*) echo ${UNAME_MACHINE}-unknown-bsdi${UNAME_RELEASE} exit 0 ;; *:FreeBSD:*:*|*:GNU/FreeBSD:*:*) # Determine whether the default compiler uses glibc. eval $set_cc_for_build sed 's/^ //' << EOF >$dummy.c #include #if __GLIBC__ >= 2 LIBC=gnu #else LIBC= #endif EOF eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep ^LIBC=` echo ${UNAME_MACHINE}-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`${LIBC:+-$LIBC} exit 0 ;; i*:CYGWIN*:*) echo ${UNAME_MACHINE}-pc-cygwin exit 0 ;; i*:MINGW*:*) echo ${UNAME_MACHINE}-pc-mingw32 exit 0 ;; i*:PW*:*) echo ${UNAME_MACHINE}-pc-pw32 exit 0 ;; x86:Interix*:[34]*) echo i586-pc-interix${UNAME_RELEASE}|sed -e 's/\..*//' exit 0 ;; [345]86:Windows_95:* | [345]86:Windows_98:* | [345]86:Windows_NT:*) echo i${UNAME_MACHINE}-pc-mks exit 0 ;; i*:Windows_NT*:* | Pentium*:Windows_NT*:*) # How do we know it's Interix rather than the generic POSIX subsystem? # It also conflicts with pre-2.0 versions of AT&T UWIN. Should we # UNAME_MACHINE based on the output of uname instead of i386? echo i586-pc-interix exit 0 ;; i*:UWIN*:*) echo ${UNAME_MACHINE}-pc-uwin exit 0 ;; p*:CYGWIN*:*) echo powerpcle-unknown-cygwin exit 0 ;; prep*:SunOS:5.*:*) echo powerpcle-unknown-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` exit 0 ;; *:GNU:*:*) echo `echo ${UNAME_MACHINE}|sed -e 's,[-/].*$,,'`-unknown-gnu`echo ${UNAME_RELEASE}|sed -e 's,/.*$,,'` exit 0 ;; i*86:Minix:*:*) echo ${UNAME_MACHINE}-pc-minix exit 0 ;; arm*:Linux:*:*) echo ${UNAME_MACHINE}-unknown-linux-gnu exit 0 ;; cris:Linux:*:*) echo cris-axis-linux-gnu exit 0 ;; ia64:Linux:*:*) echo ${UNAME_MACHINE}-${VENDOR:-unknown}-linux-gnu exit 0 ;; m68*:Linux:*:*) echo ${UNAME_MACHINE}-unknown-linux-gnu exit 0 ;; mips:Linux:*:*) eval $set_cc_for_build sed 's/^ //' << EOF >$dummy.c #undef CPU #undef mips #undef mipsel #if defined(__MIPSEL__) || defined(__MIPSEL) || defined(_MIPSEL) || defined(MIPSEL) CPU=mipsel #else #if defined(__MIPSEB__) || defined(__MIPSEB) || defined(_MIPSEB) || defined(MIPSEB) CPU=mips #else CPU= #endif #endif EOF eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep ^CPU=` test x"${CPU}" != x && echo "${CPU}-unknown-linux-gnu" && exit 0 ;; mips64:Linux:*:*) eval $set_cc_for_build sed 's/^ //' << EOF >$dummy.c #undef CPU #undef mips64 #undef mips64el #if defined(__MIPSEL__) || defined(__MIPSEL) || defined(_MIPSEL) || defined(MIPSEL) CPU=mips64el #else #if defined(__MIPSEB__) || defined(__MIPSEB) || defined(_MIPSEB) || defined(MIPSEB) CPU=mips64 #else CPU= #endif #endif EOF eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep ^CPU=` test x"${CPU}" != x && echo "${CPU}-unknown-linux-gnu" && exit 0 ;; ppc:Linux:*:*) echo powerpc-${VENDOR:-unknown}-linux-gnu exit 0 ;; ppc64:Linux:*:*) echo powerpc64-${VENDOR:-unknown}-linux-gnu exit 0 ;; alpha:Linux:*:*) case `sed -n '/^cpu model/s/^.*: \(.*\)/\1/p' < /proc/cpuinfo` in EV5) UNAME_MACHINE=alphaev5 ;; EV56) UNAME_MACHINE=alphaev56 ;; PCA56) UNAME_MACHINE=alphapca56 ;; PCA57) UNAME_MACHINE=alphapca56 ;; EV6) UNAME_MACHINE=alphaev6 ;; EV67) UNAME_MACHINE=alphaev67 ;; EV68*) UNAME_MACHINE=alphaev68 ;; esac objdump --private-headers /bin/sh | grep ld.so.1 >/dev/null if test "$?" = 0 ; then LIBC="libc1" ; else LIBC="" ; fi echo ${UNAME_MACHINE}-unknown-linux-gnu${LIBC} exit 0 ;; parisc:Linux:*:* | hppa:Linux:*:*) # Look for CPU level case `grep '^cpu[^a-z]*:' /proc/cpuinfo 2>/dev/null | cut -d' ' -f2` in PA7*) echo hppa1.1-unknown-linux-gnu ;; PA8*) echo hppa2.0-unknown-linux-gnu ;; *) echo hppa-unknown-linux-gnu ;; esac exit 0 ;; parisc64:Linux:*:* | hppa64:Linux:*:*) echo hppa64-unknown-linux-gnu exit 0 ;; s390:Linux:*:* | s390x:Linux:*:*) echo ${UNAME_MACHINE}-${VENDOR:-ibm}-linux-gnu exit 0 ;; sh64*:Linux:*:*) echo ${UNAME_MACHINE}-unknown-linux-gnu exit 0 ;; sh*:Linux:*:*) echo ${UNAME_MACHINE}-unknown-linux-gnu exit 0 ;; sparc:Linux:*:* | sparc64:Linux:*:*) echo ${UNAME_MACHINE}-unknown-linux-gnu exit 0 ;; x86_64:Linux:*:*) echo x86_64-${VENDOR:-unknown}-linux-gnu exit 0 ;; i*86:Linux:*:*) # The BFD linker knows what the default object file format is, so # first see if it will tell us. cd to the root directory to prevent # problems with other programs or directories called `ld' in the path. # Set LC_ALL=C to ensure ld outputs messages in English. ld_supported_targets=`cd /; LC_ALL=C ld --help 2>&1 \ | sed -ne '/supported targets:/!d s/[ ][ ]*/ /g s/.*supported targets: *// s/ .*// p'` case "$ld_supported_targets" in elf32-i386) TENTATIVE="${UNAME_MACHINE}-pc-linux-gnu" ;; a.out-i386-linux) echo "${UNAME_MACHINE}-pc-linux-gnuaout" exit 0 ;; coff-i386) echo "${UNAME_MACHINE}-pc-linux-gnucoff" exit 0 ;; "") # Either a pre-BFD a.out linker (linux-gnuoldld) or # one that does not give us useful --help. echo "${UNAME_MACHINE}-pc-linux-gnuoldld" exit 0 ;; esac # Determine whether the default compiler is a.out or elf eval $set_cc_for_build sed 's/^ //' << EOF >$dummy.c #include #ifdef __ELF__ # ifdef __GLIBC__ # if __GLIBC__ >= 2 LIBC=gnu # else LIBC=gnulibc1 # endif # else LIBC=gnulibc1 # endif #else #ifdef __INTEL_COMPILER LIBC=gnu #else LIBC=gnuaout #endif #endif EOF eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep ^LIBC=` test x"${LIBC}" != x && echo "${UNAME_MACHINE}-${VENDOR:-pc}-linux-${LIBC}" && exit 0 test x"${TENTATIVE}" != x && echo "${TENTATIVE}" && exit 0 ;; i*86:DYNIX/ptx:4*:*) # ptx 4.0 does uname -s correctly, with DYNIX/ptx in there. # earlier versions are messed up and put the nodename in both # sysname and nodename. echo i386-sequent-sysv4 exit 0 ;; i*86:UNIX_SV:4.2MP:2.*) # Unixware is an offshoot of SVR4, but it has its own version # number series starting with 2... # I am not positive that other SVR4 systems won't match this, # I just have to hope. -- rms. # Use sysv4.2uw... so that sysv4* matches it. echo ${UNAME_MACHINE}-pc-sysv4.2uw${UNAME_VERSION} exit 0 ;; i*86:OS/2:*:*) # If we were able to find `uname', then EMX Unix compatibility # is probably installed. echo ${UNAME_MACHINE}-pc-os2-emx exit 0 ;; i*86:XTS-300:*:STOP) echo ${UNAME_MACHINE}-unknown-stop exit 0 ;; i*86:atheos:*:*) echo ${UNAME_MACHINE}-unknown-atheos exit 0 ;; i*86:LynxOS:2.*:* | i*86:LynxOS:3.[01]*:* | i*86:LynxOS:4.0*:*) echo i386-unknown-lynxos${UNAME_RELEASE} exit 0 ;; i*86:*DOS:*:*) echo ${UNAME_MACHINE}-pc-msdosdjgpp exit 0 ;; i*86:*:4.*:* | i*86:SYSTEM_V:4.*:*) UNAME_REL=`echo ${UNAME_RELEASE} | sed 's/\/MP$//'` if grep Novell /usr/include/link.h >/dev/null 2>/dev/null; then echo ${UNAME_MACHINE}-univel-sysv${UNAME_REL} else echo ${UNAME_MACHINE}-pc-sysv${UNAME_REL} fi exit 0 ;; i*86:*:5:[78]*) case `/bin/uname -X | grep "^Machine"` in *486*) UNAME_MACHINE=i486 ;; *Pentium) UNAME_MACHINE=i586 ;; *Pent*|*Celeron) UNAME_MACHINE=i686 ;; esac echo ${UNAME_MACHINE}-unknown-sysv${UNAME_RELEASE}${UNAME_SYSTEM}${UNAME_VERSION} exit 0 ;; i*86:*:3.2:*) if test -f /usr/options/cb.name; then UNAME_REL=`sed -n 's/.*Version //p' /dev/null >/dev/null ; then UNAME_REL=`(/bin/uname -X|grep Release|sed -e 's/.*= //')` (/bin/uname -X|grep i80486 >/dev/null) && UNAME_MACHINE=i486 (/bin/uname -X|grep '^Machine.*Pentium' >/dev/null) \ && UNAME_MACHINE=i586 (/bin/uname -X|grep '^Machine.*Pent *II' >/dev/null) \ && UNAME_MACHINE=i686 (/bin/uname -X|grep '^Machine.*Pentium Pro' >/dev/null) \ && UNAME_MACHINE=i686 echo ${UNAME_MACHINE}-pc-sco$UNAME_REL else echo ${UNAME_MACHINE}-pc-sysv32 fi exit 0 ;; pc:*:*:*) # Left here for compatibility: # uname -m prints for DJGPP always 'pc', but it prints nothing about # the processor, so we play safe by assuming i386. echo i386-pc-msdosdjgpp exit 0 ;; Intel:Mach:3*:*) echo i386-pc-mach3 exit 0 ;; paragon:*:*:*) echo i860-intel-osf1 exit 0 ;; i860:*:4.*:*) # i860-SVR4 if grep Stardent /usr/include/sys/uadmin.h >/dev/null 2>&1 ; then echo i860-stardent-sysv${UNAME_RELEASE} # Stardent Vistra i860-SVR4 else # Add other i860-SVR4 vendors below as they are discovered. echo i860-unknown-sysv${UNAME_RELEASE} # Unknown i860-SVR4 fi exit 0 ;; mini*:CTIX:SYS*5:*) # "miniframe" echo m68010-convergent-sysv exit 0 ;; mc68k:UNIX:SYSTEM5:3.51m) echo m68k-convergent-sysv exit 0 ;; M680?0:D-NIX:5.3:*) echo m68k-diab-dnix exit 0 ;; M68*:*:R3V[567]*:*) test -r /sysV68 && echo 'm68k-motorola-sysv' && exit 0 ;; 3[34]??:*:4.0:3.0 | 3[34]??A:*:4.0:3.0 | 3[34]??,*:*:4.0:3.0 | 3[34]??/*:*:4.0:3.0 | 4400:*:4.0:3.0 | 4850:*:4.0:3.0 | SKA40:*:4.0:3.0 | SDS2:*:4.0:3.0 | SHG2:*:4.0:3.0) OS_REL='' test -r /etc/.relid \ && OS_REL=.`sed -n 's/[^ ]* [^ ]* \([0-9][0-9]\).*/\1/p' < /etc/.relid` /bin/uname -p 2>/dev/null | grep 86 >/dev/null \ && echo i486-ncr-sysv4.3${OS_REL} && exit 0 /bin/uname -p 2>/dev/null | /bin/grep entium >/dev/null \ && echo i586-ncr-sysv4.3${OS_REL} && exit 0 ;; 3[34]??:*:4.0:* | 3[34]??,*:*:4.0:*) /bin/uname -p 2>/dev/null | grep 86 >/dev/null \ && echo i486-ncr-sysv4 && exit 0 ;; m68*:LynxOS:2.*:* | m68*:LynxOS:3.0*:*) echo m68k-unknown-lynxos${UNAME_RELEASE} exit 0 ;; mc68030:UNIX_System_V:4.*:*) echo m68k-atari-sysv4 exit 0 ;; TSUNAMI:LynxOS:2.*:*) echo sparc-unknown-lynxos${UNAME_RELEASE} exit 0 ;; rs6000:LynxOS:2.*:*) echo rs6000-unknown-lynxos${UNAME_RELEASE} exit 0 ;; PowerPC:LynxOS:2.*:* | PowerPC:LynxOS:3.[01]*:* | PowerPC:LynxOS:4.0*:*) echo powerpc-unknown-lynxos${UNAME_RELEASE} exit 0 ;; SM[BE]S:UNIX_SV:*:*) echo mips-dde-sysv${UNAME_RELEASE} exit 0 ;; RM*:ReliantUNIX-*:*:*) echo mips-sni-sysv4 exit 0 ;; RM*:SINIX-*:*:*) echo mips-sni-sysv4 exit 0 ;; *:SINIX-*:*:*) if uname -p 2>/dev/null >/dev/null ; then UNAME_MACHINE=`(uname -p) 2>/dev/null` echo ${UNAME_MACHINE}-sni-sysv4 else echo ns32k-sni-sysv fi exit 0 ;; PENTIUM:*:4.0*:*) # Unisys `ClearPath HMP IX 4000' SVR4/MP effort # says echo i586-unisys-sysv4 exit 0 ;; *:UNIX_System_V:4*:FTX*) # From Gerald Hewes . # How about differentiating between stratus architectures? -djm echo hppa1.1-stratus-sysv4 exit 0 ;; *:*:*:FTX*) # From seanf at swdc.stratus.com. echo i860-stratus-sysv4 exit 0 ;; *:VOS:*:*) # From Paul.Green at stratus.com. echo hppa1.1-stratus-vos exit 0 ;; mc68*:A/UX:*:*) echo m68k-apple-aux${UNAME_RELEASE} exit 0 ;; news*:NEWS-OS:6*:*) echo mips-sony-newsos6 exit 0 ;; R[34]000:*System_V*:*:* | R4000:UNIX_SYSV:*:* | R*000:UNIX_SV:*:*) if [ -d /usr/nec ]; then echo mips-nec-sysv${UNAME_RELEASE} else echo mips-unknown-sysv${UNAME_RELEASE} fi exit 0 ;; BeBox:BeOS:*:*) # BeOS running on hardware made by Be, PPC only. echo powerpc-be-beos exit 0 ;; BeMac:BeOS:*:*) # BeOS running on Mac or Mac clone, PPC only. echo powerpc-apple-beos exit 0 ;; BePC:BeOS:*:*) # BeOS running on Intel PC compatible. echo i586-pc-beos exit 0 ;; SX-4:SUPER-UX:*:*) echo sx4-nec-superux${UNAME_RELEASE} exit 0 ;; SX-5:SUPER-UX:*:*) echo sx5-nec-superux${UNAME_RELEASE} exit 0 ;; SX-6:SUPER-UX:*:*) echo sx6-nec-superux${UNAME_RELEASE} exit 0 ;; Power*:Rhapsody:*:*) echo powerpc-apple-rhapsody${UNAME_RELEASE} exit 0 ;; *:Rhapsody:*:*) echo ${UNAME_MACHINE}-apple-rhapsody${UNAME_RELEASE} exit 0 ;; *:Darwin:*:*) case `uname -p` in *86) UNAME_PROCESSOR=i686 ;; powerpc) UNAME_PROCESSOR=powerpc ;; esac echo ${UNAME_PROCESSOR}-apple-darwin${UNAME_RELEASE} exit 0 ;; *:procnto*:*:* | *:QNX:[0123456789]*:*) UNAME_PROCESSOR=`uname -p` if test "$UNAME_PROCESSOR" = "x86"; then UNAME_PROCESSOR=i386 UNAME_MACHINE=pc fi echo ${UNAME_PROCESSOR}-${UNAME_MACHINE}-nto-qnx${UNAME_RELEASE} exit 0 ;; *:QNX:*:4*) echo i386-pc-qnx exit 0 ;; NSR-[DGKLNPTVW]:NONSTOP_KERNEL:*:*) echo nsr-tandem-nsk${UNAME_RELEASE} exit 0 ;; *:NonStop-UX:*:*) echo mips-compaq-nonstopux exit 0 ;; BS2000:POSIX*:*:*) echo bs2000-siemens-sysv exit 0 ;; DS/*:UNIX_System_V:*:*) echo ${UNAME_MACHINE}-${UNAME_SYSTEM}-${UNAME_RELEASE} exit 0 ;; *:Plan9:*:*) # "uname -m" is not consistent, so use $cputype instead. 386 # is converted to i386 for consistency with other x86 # operating systems. if test "$cputype" = "386"; then UNAME_MACHINE=i386 else UNAME_MACHINE="$cputype" fi echo ${UNAME_MACHINE}-unknown-plan9 exit 0 ;; *:TOPS-10:*:*) echo pdp10-unknown-tops10 exit 0 ;; *:TENEX:*:*) echo pdp10-unknown-tenex exit 0 ;; KS10:TOPS-20:*:* | KL10:TOPS-20:*:* | TYPE4:TOPS-20:*:*) echo pdp10-dec-tops20 exit 0 ;; XKL-1:TOPS-20:*:* | TYPE5:TOPS-20:*:*) echo pdp10-xkl-tops20 exit 0 ;; *:TOPS-20:*:*) echo pdp10-unknown-tops20 exit 0 ;; *:ITS:*:*) echo pdp10-unknown-its exit 0 ;; SEI:*:*:SEIUX) echo mips-sei-seiux${UNAME_RELEASE} exit 0 ;; esac #echo '(No uname command or uname output not recognized.)' 1>&2 #echo "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" 1>&2 eval $set_cc_for_build cat >$dummy.c < # include #endif main () { #if defined (sony) #if defined (MIPSEB) /* BFD wants "bsd" instead of "newsos". Perhaps BFD should be changed, I don't know.... */ printf ("mips-sony-bsd\n"); exit (0); #else #include printf ("m68k-sony-newsos%s\n", #ifdef NEWSOS4 "4" #else "" #endif ); exit (0); #endif #endif #if defined (__arm) && defined (__acorn) && defined (__unix) printf ("arm-acorn-riscix"); exit (0); #endif #if defined (hp300) && !defined (hpux) printf ("m68k-hp-bsd\n"); exit (0); #endif #if defined (NeXT) #if !defined (__ARCHITECTURE__) #define __ARCHITECTURE__ "m68k" #endif int version; version=`(hostinfo | sed -n 's/.*NeXT Mach \([0-9]*\).*/\1/p') 2>/dev/null`; if (version < 4) printf ("%s-next-nextstep%d\n", __ARCHITECTURE__, version); else printf ("%s-next-openstep%d\n", __ARCHITECTURE__, version); exit (0); #endif #if defined (MULTIMAX) || defined (n16) #if defined (UMAXV) printf ("ns32k-encore-sysv\n"); exit (0); #else #if defined (CMU) printf ("ns32k-encore-mach\n"); exit (0); #else printf ("ns32k-encore-bsd\n"); exit (0); #endif #endif #endif #if defined (__386BSD__) printf ("i386-pc-bsd\n"); exit (0); #endif #if defined (sequent) #if defined (i386) printf ("i386-sequent-dynix\n"); exit (0); #endif #if defined (ns32000) printf ("ns32k-sequent-dynix\n"); exit (0); #endif #endif #if defined (_SEQUENT_) struct utsname un; uname(&un); if (strncmp(un.version, "V2", 2) == 0) { printf ("i386-sequent-ptx2\n"); exit (0); } if (strncmp(un.version, "V1", 2) == 0) { /* XXX is V1 correct? */ printf ("i386-sequent-ptx1\n"); exit (0); } printf ("i386-sequent-ptx\n"); exit (0); #endif #if defined (vax) # if !defined (ultrix) # include # if defined (BSD) # if BSD == 43 printf ("vax-dec-bsd4.3\n"); exit (0); # else # if BSD == 199006 printf ("vax-dec-bsd4.3reno\n"); exit (0); # else printf ("vax-dec-bsd\n"); exit (0); # endif # endif # else printf ("vax-dec-bsd\n"); exit (0); # endif # else printf ("vax-dec-ultrix\n"); exit (0); # endif #endif #if defined (alliant) && defined (i860) printf ("i860-alliant-bsd\n"); exit (0); #endif exit (1); } EOF $CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null && $dummy && exit 0 # Apollos put the system type in the environment. test -d /usr/apollo && { echo ${ISP}-apollo-${SYSTYPE}; exit 0; } # Convex versions that predate uname can use getsysinfo(1) if [ -x /usr/convex/getsysinfo ] then case `getsysinfo -f cpu_type` in c1*) echo c1-convex-bsd exit 0 ;; c2*) if getsysinfo -f scalar_acc then echo c32-convex-bsd else echo c2-convex-bsd fi exit 0 ;; c34*) echo c34-convex-bsd exit 0 ;; c38*) echo c38-convex-bsd exit 0 ;; c4*) echo c4-convex-bsd exit 0 ;; esac fi cat >&2 < in order to provide the needed information to handle your system. config.guess timestamp = $timestamp uname -m = `(uname -m) 2>/dev/null || echo unknown` uname -r = `(uname -r) 2>/dev/null || echo unknown` uname -s = `(uname -s) 2>/dev/null || echo unknown` uname -v = `(uname -v) 2>/dev/null || echo unknown` /usr/bin/uname -p = `(/usr/bin/uname -p) 2>/dev/null` /bin/uname -X = `(/bin/uname -X) 2>/dev/null` hostinfo = `(hostinfo) 2>/dev/null` /bin/universe = `(/bin/universe) 2>/dev/null` /usr/bin/arch -k = `(/usr/bin/arch -k) 2>/dev/null` /bin/arch = `(/bin/arch) 2>/dev/null` /usr/bin/oslevel = `(/usr/bin/oslevel) 2>/dev/null` /usr/convex/getsysinfo = `(/usr/convex/getsysinfo) 2>/dev/null` UNAME_MACHINE = ${UNAME_MACHINE} UNAME_RELEASE = ${UNAME_RELEASE} UNAME_SYSTEM = ${UNAME_SYSTEM} UNAME_VERSION = ${UNAME_VERSION} EOF exit 1 # Local variables: # eval: (add-hook 'write-file-hooks 'time-stamp) # time-stamp-start: "timestamp='" # time-stamp-format: "%:y-%02m-%02d" # time-stamp-end: "'" # End: --- NEW FILE config.sub --- #! /bin/sh # Configuration validation subroutine script. # Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, # 2000, 2001, 2002, 2003 Free Software Foundation, Inc. timestamp='2003-06-18' # This file is (in principle) common to ALL GNU software. # The presence of a machine in this file suggests that SOME GNU software # can handle that machine. It does not imply ALL GNU software can. # # This file is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 59 Temple Place - Suite 330, # Boston, MA 02111-1307, USA. # As a special exception to the GNU General Public License, if you # distribute this file as part of a program that contains a # configuration script generated by Autoconf, you may include it under # the same distribution terms that you use for the rest of that program. # Please send patches to . Submit a context # diff and a properly formatted ChangeLog entry. # # Configuration subroutine to validate and canonicalize a configuration type. # Supply the specified configuration type as an argument. # If it is invalid, we print an error message on stderr and exit with code 1. # Otherwise, we print the canonical config type on stdout and succeed. # This file is supposed to be the same for all GNU packages # and recognize all the CPU types, system types and aliases # that are meaningful with *any* GNU software. # Each package is responsible for reporting which valid configurations # it does not support. The user should be able to distinguish # a failure to support a valid configuration from a meaningless # configuration. # The goal of this file is to map all the various variations of a given # machine specification into a single specification in the form: # CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM # or in some cases, the newer four-part form: # CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM # It is wrong to echo any other type of specification. me=`echo "$0" | sed -e 's,.*/,,'` usage="\ Usage: $0 [OPTION] CPU-MFR-OPSYS $0 [OPTION] ALIAS Canonicalize a configuration name. Operation modes: -h, --help print this help, then exit -t, --time-stamp print date of last modification, then exit -v, --version print version number, then exit Report bugs and patches to ." version="\ GNU config.sub ($timestamp) Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001 Free Software Foundation, Inc. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE." help=" Try \`$me --help' for more information." # Parse command line while test $# -gt 0 ; do case $1 in --time-stamp | --time* | -t ) echo "$timestamp" ; exit 0 ;; --version | -v ) echo "$version" ; exit 0 ;; --help | --h* | -h ) echo "$usage"; exit 0 ;; -- ) # Stop option processing shift; break ;; - ) # Use stdin as input. break ;; -* ) echo "$me: invalid option $1$help" exit 1 ;; *local*) # First pass through any local machine types. echo $1 exit 0;; * ) break ;; esac done case $# in 0) echo "$me: missing argument$help" >&2 exit 1;; 1) ;; *) echo "$me: too many arguments$help" >&2 exit 1;; esac # Separate what the user gave into CPU-COMPANY and OS or KERNEL-OS (if any). # Here we must recognize all the valid KERNEL-OS combinations. maybe_os=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\2/'` case $maybe_os in nto-qnx* | linux-gnu* | freebsd*-gnu* | netbsd*-gnu* | storm-chaos* | os2-emx* | rtmk-nova*) os=-$maybe_os basic_machine=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\1/'` ;; *) basic_machine=`echo $1 | sed 's/-[^-]*$//'` if [ $basic_machine != $1 ] then os=`echo $1 | sed 's/.*-/-/'` else os=; fi ;; esac ### Let's recognize common machines as not being operating systems so ### that things like config.sub decstation-3100 work. We also ### recognize some manufacturers as not being operating systems, so we ### can provide default operating systems below. case $os in -sun*os*) # Prevent following clause from handling this invalid input. ;; -dec* | -mips* | -sequent* | -encore* | -pc532* | -sgi* | -sony* | \ -att* | -7300* | -3300* | -delta* | -motorola* | -sun[234]* | \ -unicom* | -ibm* | -next | -hp | -isi* | -apollo | -altos* | \ -convergent* | -ncr* | -news | -32* | -3600* | -3100* | -hitachi* |\ -c[123]* | -convex* | -sun | -crds | -omron* | -dg | -ultra | -tti* | \ -harris | -dolphin | -highlevel | -gould | -cbm | -ns | -masscomp | \ -apple | -axis) os= basic_machine=$1 ;; -sim | -cisco | -oki | -wec | -winbond) os= basic_machine=$1 ;; -scout) ;; -wrs) os=-vxworks basic_machine=$1 ;; -chorusos*) os=-chorusos basic_machine=$1 ;; -chorusrdb) os=-chorusrdb basic_machine=$1 ;; -hiux*) os=-hiuxwe2 ;; -sco5) os=-sco3.2v5 basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` ;; -sco4) os=-sco3.2v4 basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` ;; -sco3.2.[4-9]*) os=`echo $os | sed -e 's/sco3.2./sco3.2v/'` basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` ;; -sco3.2v[4-9]*) # Don't forget version if it is 3.2v4 or newer. basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` ;; -sco*) os=-sco3.2v2 basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` ;; -udk*) basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` ;; -isc) os=-isc2.2 basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` ;; -clix*) basic_machine=clipper-intergraph ;; -isc*) basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` ;; -lynx*) os=-lynxos ;; -ptx*) basic_machine=`echo $1 | sed -e 's/86-.*/86-sequent/'` ;; -windowsnt*) os=`echo $os | sed -e 's/windowsnt/winnt/'` ;; -psos*) os=-psos ;; -mint | -mint[0-9]*) basic_machine=m68k-atari os=-mint ;; esac # Decode aliases for certain CPU-COMPANY combinations. case $basic_machine in # Recognize the basic CPU types without company name. # Some are omitted here because they have special meanings below. 1750a | 580 \ | a29k \ | alpha | alphaev[4-8] | alphaev56 | alphaev6[78] | alphapca5[67] \ | alpha64 | alpha64ev[4-8] | alpha64ev56 | alpha64ev6[78] | alpha64pca5[67] \ | arc | arm | arm[bl]e | arme[lb] | armv[2345] | armv[345][lb] | avr \ | c4x | clipper \ | d10v | d30v | dlx | dsp16xx \ | fr30 | frv \ | h8300 | h8500 | hppa | hppa1.[01] | hppa2.0 | hppa2.0[nw] | hppa64 \ | i370 | i860 | i960 | ia64 \ | ip2k \ | m32r | m68000 | m68k | m88k | mcore \ | mips | mipsbe | mipseb | mipsel | mipsle \ | mips16 \ | mips64 | mips64el \ | mips64vr | mips64vrel \ | mips64orion | mips64orionel \ | mips64vr4100 | mips64vr4100el \ | mips64vr4300 | mips64vr4300el \ | mips64vr5000 | mips64vr5000el \ | mipsisa32 | mipsisa32el \ | mipsisa32r2 | mipsisa32r2el \ | mipsisa64 | mipsisa64el \ | mipsisa64sb1 | mipsisa64sb1el \ | mipsisa64sr71k | mipsisa64sr71kel \ | mipstx39 | mipstx39el \ | mn10200 | mn10300 \ | msp430 \ | ns16k | ns32k \ | openrisc | or32 \ | pdp10 | pdp11 | pj | pjl \ | powerpc | powerpc64 | powerpc64le | powerpcle | ppcbe \ | pyramid \ | s390 | s390x \ | sh | sh[1234] | sh[23]e | sh[34]eb | shbe | shle | sh[1234]le | sh3ele \ | sh64 | sh64le \ | sparc | sparc64 | sparc86x | sparclet | sparclite | sparcv8 | sparcv9 | sparcv9b \ | strongarm \ | tahoe | thumb | tic4x | tic80 | tron \ | v850 | v850e \ | we32k \ | x86 | xscale | xstormy16 | xtensa \ | z8k) basic_machine=$basic_machine-unknown ;; m6811 | m68hc11 | m6812 | m68hc12) # Motorola 68HC11/12. basic_machine=$basic_machine-unknown os=-none ;; m88110 | m680[12346]0 | m683?2 | m68360 | m5200 | v70 | w65 | z8k) ;; # We use `pc' rather than `unknown' # because (1) that's what they normally are, and # (2) the word "unknown" tends to confuse beginning users. i*86 | x86_64) basic_machine=$basic_machine-pc ;; # Object if more than one company name word. *-*-*) echo Invalid configuration \`$1\': machine \`$basic_machine\' not recognized 1>&2 exit 1 ;; # Recognize the basic CPU types with company name. 580-* \ | a29k-* \ | alpha-* | alphaev[4-8]-* | alphaev56-* | alphaev6[78]-* \ | alpha64-* | alpha64ev[4-8]-* | alpha64ev56-* | alpha64ev6[78]-* \ | alphapca5[67]-* | alpha64pca5[67]-* | arc-* \ | arm-* | armbe-* | armle-* | armeb-* | armv*-* \ | avr-* \ | bs2000-* \ | c[123]* | c30-* | [cjt]90-* | c4x-* | c54x-* | c55x-* | c6x-* \ | clipper-* | cydra-* \ | d10v-* | d30v-* | dlx-* \ | elxsi-* \ | f30[01]-* | f700-* | fr30-* | frv-* | fx80-* \ | h8300-* | h8500-* \ | hppa-* | hppa1.[01]-* | hppa2.0-* | hppa2.0[nw]-* | hppa64-* \ | i*86-* | i860-* | i960-* | ia64-* \ | ip2k-* \ | m32r-* \ | m68000-* | m680[012346]0-* | m68360-* | m683?2-* | m68k-* \ | m88110-* | m88k-* | mcore-* \ | mips-* | mipsbe-* | mipseb-* | mipsel-* | mipsle-* \ | mips16-* \ | mips64-* | mips64el-* \ | mips64vr-* | mips64vrel-* \ | mips64orion-* | mips64orionel-* \ | mips64vr4100-* | mips64vr4100el-* \ | mips64vr4300-* | mips64vr4300el-* \ | mips64vr5000-* | mips64vr5000el-* \ | mipsisa32-* | mipsisa32el-* \ | mipsisa32r2-* | mipsisa32r2el-* \ | mipsisa64-* | mipsisa64el-* \ | mipsisa64sb1-* | mipsisa64sb1el-* \ | mipsisa64sr71k-* | mipsisa64sr71kel-* \ | mipstx39-* | mipstx39el-* \ | msp430-* \ | none-* | np1-* | nv1-* | ns16k-* | ns32k-* \ | orion-* \ | pdp10-* | pdp11-* | pj-* | pjl-* | pn-* | power-* \ | powerpc-* | powerpc64-* | powerpc64le-* | powerpcle-* | ppcbe-* \ | pyramid-* \ | romp-* | rs6000-* \ | s390-* | s390x-* \ | sh-* | sh[1234]-* | sh[23]e-* | sh[34]eb-* | shbe-* \ | shle-* | sh[1234]le-* | sh3ele-* | sh64-* | sh64le-* \ | sparc-* | sparc64-* | sparc86x-* | sparclet-* | sparclite-* \ | sparcv8-* | sparcv9-* | sparcv9b-* | strongarm-* | sv1-* | sx?-* \ | tahoe-* | thumb-* \ | tic30-* | tic4x-* | tic54x-* | tic55x-* | tic6x-* | tic80-* \ | tron-* \ | v850-* | v850e-* | vax-* \ | we32k-* \ | x86-* | x86_64-* | xps100-* | xscale-* | xstormy16-* \ | xtensa-* \ | ymp-* \ | z8k-*) ;; # Recognize the various machine names and aliases which stand # for a CPU type and a company and sometimes even an OS. 386bsd) basic_machine=i386-unknown os=-bsd ;; 3b1 | 7300 | 7300-att | att-7300 | pc7300 | safari | unixpc) basic_machine=m68000-att ;; 3b*) basic_machine=we32k-att ;; a29khif) basic_machine=a29k-amd os=-udi ;; adobe68k) basic_machine=m68010-adobe os=-scout ;; alliant | fx80) basic_machine=fx80-alliant ;; altos | altos3068) basic_machine=m68k-altos ;; am29k) basic_machine=a29k-none os=-bsd ;; amd64) basic_machine=x86_64-pc ;; amdahl) basic_machine=580-amdahl os=-sysv ;; amiga | amiga-*) basic_machine=m68k-unknown ;; amigaos | amigados) basic_machine=m68k-unknown os=-amigaos ;; amigaunix | amix) basic_machine=m68k-unknown os=-sysv4 ;; apollo68) basic_machine=m68k-apollo os=-sysv ;; apollo68bsd) basic_machine=m68k-apollo os=-bsd ;; aux) basic_machine=m68k-apple os=-aux ;; balance) basic_machine=ns32k-sequent os=-dynix ;; c90) basic_machine=c90-cray os=-unicos ;; convex-c1) basic_machine=c1-convex os=-bsd ;; convex-c2) basic_machine=c2-convex os=-bsd ;; convex-c32) basic_machine=c32-convex os=-bsd ;; convex-c34) basic_machine=c34-convex os=-bsd ;; convex-c38) basic_machine=c38-convex os=-bsd ;; cray | j90) basic_machine=j90-cray os=-unicos ;; crds | unos) basic_machine=m68k-crds ;; cris | cris-* | etrax*) basic_machine=cris-axis ;; da30 | da30-*) basic_machine=m68k-da30 ;; decstation | decstation-3100 | pmax | pmax-* | pmin | dec3100 | decstatn) basic_machine=mips-dec ;; decsystem10* | dec10*) basic_machine=pdp10-dec os=-tops10 ;; decsystem20* | dec20*) basic_machine=pdp10-dec os=-tops20 ;; delta | 3300 | motorola-3300 | motorola-delta \ | 3300-motorola | delta-motorola) basic_machine=m68k-motorola ;; delta88) basic_machine=m88k-motorola os=-sysv3 ;; dpx20 | dpx20-*) basic_machine=rs6000-bull os=-bosx ;; dpx2* | dpx2*-bull) basic_machine=m68k-bull os=-sysv3 ;; ebmon29k) basic_machine=a29k-amd os=-ebmon ;; elxsi) basic_machine=elxsi-elxsi os=-bsd ;; encore | umax | mmax) basic_machine=ns32k-encore ;; es1800 | OSE68k | ose68k | ose | OSE) basic_machine=m68k-ericsson os=-ose ;; fx2800) basic_machine=i860-alliant ;; genix) basic_machine=ns32k-ns ;; gmicro) basic_machine=tron-gmicro os=-sysv ;; go32) basic_machine=i386-pc os=-go32 ;; h3050r* | hiux*) basic_machine=hppa1.1-hitachi os=-hiuxwe2 ;; h8300hms) basic_machine=h8300-hitachi os=-hms ;; h8300xray) basic_machine=h8300-hitachi os=-xray ;; h8500hms) basic_machine=h8500-hitachi os=-hms ;; harris) basic_machine=m88k-harris os=-sysv3 ;; hp300-*) basic_machine=m68k-hp ;; hp300bsd) basic_machine=m68k-hp os=-bsd ;; hp300hpux) basic_machine=m68k-hp os=-hpux ;; hp3k9[0-9][0-9] | hp9[0-9][0-9]) basic_machine=hppa1.0-hp ;; hp9k2[0-9][0-9] | hp9k31[0-9]) basic_machine=m68000-hp ;; hp9k3[2-9][0-9]) basic_machine=m68k-hp ;; hp9k6[0-9][0-9] | hp6[0-9][0-9]) basic_machine=hppa1.0-hp ;; hp9k7[0-79][0-9] | hp7[0-79][0-9]) basic_machine=hppa1.1-hp ;; hp9k78[0-9] | hp78[0-9]) # FIXME: really hppa2.0-hp basic_machine=hppa1.1-hp ;; hp9k8[67]1 | hp8[67]1 | hp9k80[24] | hp80[24] | hp9k8[78]9 | hp8[78]9 | hp9k893 | hp893) # FIXME: really hppa2.0-hp basic_machine=hppa1.1-hp ;; hp9k8[0-9][13679] | hp8[0-9][13679]) basic_machine=hppa1.1-hp ;; hp9k8[0-9][0-9] | hp8[0-9][0-9]) basic_machine=hppa1.0-hp ;; hppa-next) os=-nextstep3 ;; hppaosf) basic_machine=hppa1.1-hp os=-osf ;; hppro) basic_machine=hppa1.1-hp os=-proelf ;; i370-ibm* | ibm*) basic_machine=i370-ibm ;; # I'm not sure what "Sysv32" means. Should this be sysv3.2? i*86v32) basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'` os=-sysv32 ;; i*86v4*) basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'` os=-sysv4 ;; i*86v) basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'` os=-sysv ;; i*86sol2) basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'` os=-solaris2 ;; i386mach) basic_machine=i386-mach os=-mach ;; i386-vsta | vsta) basic_machine=i386-unknown os=-vsta ;; iris | iris4d) basic_machine=mips-sgi case $os in -irix*) ;; *) os=-irix4 ;; esac ;; isi68 | isi) basic_machine=m68k-isi os=-sysv ;; m88k-omron*) basic_machine=m88k-omron ;; magnum | m3230) basic_machine=mips-mips os=-sysv ;; merlin) basic_machine=ns32k-utek os=-sysv ;; mingw32) basic_machine=i386-pc os=-mingw32 ;; miniframe) basic_machine=m68000-convergent ;; *mint | -mint[0-9]* | *MiNT | *MiNT[0-9]*) basic_machine=m68k-atari os=-mint ;; mips3*-*) basic_machine=`echo $basic_machine | sed -e 's/mips3/mips64/'` ;; mips3*) basic_machine=`echo $basic_machine | sed -e 's/mips3/mips64/'`-unknown ;; mmix*) basic_machine=mmix-knuth os=-mmixware ;; monitor) basic_machine=m68k-rom68k os=-coff ;; morphos) basic_machine=powerpc-unknown os=-morphos ;; msdos) basic_machine=i386-pc os=-msdos ;; mvs) basic_machine=i370-ibm os=-mvs ;; ncr3000) basic_machine=i486-ncr os=-sysv4 ;; netbsd386) basic_machine=i386-unknown os=-netbsd ;; netwinder) basic_machine=armv4l-rebel os=-linux ;; news | news700 | news800 | news900) basic_machine=m68k-sony os=-newsos ;; news1000) basic_machine=m68030-sony os=-newsos ;; news-3600 | risc-news) basic_machine=mips-sony os=-newsos ;; necv70) basic_machine=v70-nec os=-sysv ;; next | m*-next ) basic_machine=m68k-next case $os in -nextstep* ) ;; -ns2*) os=-nextstep2 ;; *) os=-nextstep3 ;; esac ;; nh3000) basic_machine=m68k-harris os=-cxux ;; nh[45]000) basic_machine=m88k-harris os=-cxux ;; nindy960) basic_machine=i960-intel os=-nindy ;; mon960) basic_machine=i960-intel os=-mon960 ;; nonstopux) basic_machine=mips-compaq os=-nonstopux ;; np1) basic_machine=np1-gould ;; nv1) basic_machine=nv1-cray os=-unicosmp ;; nsr-tandem) basic_machine=nsr-tandem ;; op50n-* | op60c-*) basic_machine=hppa1.1-oki os=-proelf ;; or32 | or32-*) basic_machine=or32-unknown os=-coff ;; OSE68000 | ose68000) basic_machine=m68000-ericsson os=-ose ;; os68k) basic_machine=m68k-none os=-os68k ;; pa-hitachi) basic_machine=hppa1.1-hitachi os=-hiuxwe2 ;; paragon) basic_machine=i860-intel os=-osf ;; pbd) basic_machine=sparc-tti ;; pbb) basic_machine=m68k-tti ;; pc532 | pc532-*) basic_machine=ns32k-pc532 ;; pentium | p5 | k5 | k6 | nexgen | viac3) basic_machine=i586-pc ;; pentiumpro | p6 | 6x86 | athlon | athlon_*) basic_machine=i686-pc ;; pentiumii | pentium2 | pentiumiii | pentium3) basic_machine=i686-pc ;; pentium4) basic_machine=i786-pc ;; pentium-* | p5-* | k5-* | k6-* | nexgen-* | viac3-*) basic_machine=i586-`echo $basic_machine | sed 's/^[^-]*-//'` ;; pentiumpro-* | p6-* | 6x86-* | athlon-*) basic_machine=i686-`echo $basic_machine | sed 's/^[^-]*-//'` ;; pentiumii-* | pentium2-* | pentiumiii-* | pentium3-*) basic_machine=i686-`echo $basic_machine | sed 's/^[^-]*-//'` ;; pentium4-*) basic_machine=i786-`echo $basic_machine | sed 's/^[^-]*-//'` ;; pn) basic_machine=pn-gould ;; power) basic_machine=power-ibm ;; ppc) basic_machine=powerpc-unknown ;; ppc-*) basic_machine=powerpc-`echo $basic_machine | sed 's/^[^-]*-//'` ;; ppcle | powerpclittle | ppc-le | powerpc-little) basic_machine=powerpcle-unknown ;; ppcle-* | powerpclittle-*) basic_machine=powerpcle-`echo $basic_machine | sed 's/^[^-]*-//'` ;; ppc64) basic_machine=powerpc64-unknown ;; ppc64-*) basic_machine=powerpc64-`echo $basic_machine | sed 's/^[^-]*-//'` ;; ppc64le | powerpc64little | ppc64-le | powerpc64-little) basic_machine=powerpc64le-unknown ;; ppc64le-* | powerpc64little-*) basic_machine=powerpc64le-`echo $basic_machine | sed 's/^[^-]*-//'` ;; ps2) basic_machine=i386-ibm ;; pw32) basic_machine=i586-unknown os=-pw32 ;; rom68k) basic_machine=m68k-rom68k os=-coff ;; rm[46]00) basic_machine=mips-siemens ;; rtpc | rtpc-*) basic_machine=romp-ibm ;; sa29200) basic_machine=a29k-amd os=-udi ;; sb1) basic_machine=mipsisa64sb1-unknown ;; sb1el) basic_machine=mipsisa64sb1el-unknown ;; sei) basic_machine=mips-sei os=-seiux ;; sequent) basic_machine=i386-sequent ;; sh) basic_machine=sh-hitachi os=-hms ;; sh64) basic_machine=sh64-unknown ;; sparclite-wrs | simso-wrs) basic_machine=sparclite-wrs os=-vxworks ;; sps7) basic_machine=m68k-bull os=-sysv2 ;; spur) basic_machine=spur-unknown ;; st2000) basic_machine=m68k-tandem ;; stratus) basic_machine=i860-stratus os=-sysv4 ;; sun2) basic_machine=m68000-sun ;; sun2os3) basic_machine=m68000-sun os=-sunos3 ;; sun2os4) basic_machine=m68000-sun os=-sunos4 ;; sun3os3) basic_machine=m68k-sun os=-sunos3 ;; sun3os4) basic_machine=m68k-sun os=-sunos4 ;; sun4os3) basic_machine=sparc-sun os=-sunos3 ;; sun4os4) basic_machine=sparc-sun os=-sunos4 ;; sun4sol2) basic_machine=sparc-sun os=-solaris2 ;; sun3 | sun3-*) basic_machine=m68k-sun ;; sun4) basic_machine=sparc-sun ;; sun386 | sun386i | roadrunner) basic_machine=i386-sun ;; sv1) basic_machine=sv1-cray os=-unicos ;; symmetry) basic_machine=i386-sequent os=-dynix ;; t3e) basic_machine=alphaev5-cray os=-unicos ;; t90) basic_machine=t90-cray os=-unicos ;; tic54x | c54x*) basic_machine=tic54x-unknown os=-coff ;; tic55x | c55x*) basic_machine=tic55x-unknown os=-coff ;; tic6x | c6x*) basic_machine=tic6x-unknown os=-coff ;; tx39) basic_machine=mipstx39-unknown ;; tx39el) basic_machine=mipstx39el-unknown ;; toad1) basic_machine=pdp10-xkl os=-tops20 ;; tower | tower-32) basic_machine=m68k-ncr ;; udi29k) basic_machine=a29k-amd os=-udi ;; ultra3) basic_machine=a29k-nyu os=-sym1 ;; v810 | necv810) basic_machine=v810-nec os=-none ;; vaxv) basic_machine=vax-dec os=-sysv ;; vms) basic_machine=vax-dec os=-vms ;; vpp*|vx|vx-*) basic_machine=f301-fujitsu ;; vxworks960) basic_machine=i960-wrs os=-vxworks ;; vxworks68) basic_machine=m68k-wrs os=-vxworks ;; vxworks29k) basic_machine=a29k-wrs os=-vxworks ;; w65*) basic_machine=w65-wdc os=-none ;; w89k-*) basic_machine=hppa1.1-winbond os=-proelf ;; xps | xps100) basic_machine=xps100-honeywell ;; ymp) basic_machine=ymp-cray os=-unicos ;; z8k-*-coff) basic_machine=z8k-unknown os=-sim ;; none) basic_machine=none-none os=-none ;; # Here we handle the default manufacturer of certain CPU types. It is in # some cases the only manufacturer, in others, it is the most popular. w89k) basic_machine=hppa1.1-winbond ;; op50n) basic_machine=hppa1.1-oki ;; op60c) basic_machine=hppa1.1-oki ;; romp) basic_machine=romp-ibm ;; rs6000) basic_machine=rs6000-ibm ;; vax) basic_machine=vax-dec ;; pdp10) # there are many clones, so DEC is not a safe bet basic_machine=pdp10-unknown ;; pdp11) basic_machine=pdp11-dec ;; we32k) basic_machine=we32k-att ;; sh3 | sh4 | sh[34]eb | sh[1234]le | sh[23]ele) basic_machine=sh-unknown ;; sh64) basic_machine=sh64-unknown ;; sparc | sparcv8 | sparcv9 | sparcv9b) basic_machine=sparc-sun ;; cydra) basic_machine=cydra-cydrome ;; orion) basic_machine=orion-highlevel ;; orion105) basic_machine=clipper-highlevel ;; mac | mpw | mac-mpw) basic_machine=m68k-apple ;; pmac | pmac-mpw) basic_machine=powerpc-apple ;; *-unknown) # Make sure to match an already-canonicalized machine name. ;; *) echo Invalid configuration \`$1\': machine \`$basic_machine\' not recognized 1>&2 exit 1 ;; esac # Here we canonicalize certain aliases for manufacturers. case $basic_machine in *-digital*) basic_machine=`echo $basic_machine | sed 's/digital.*/dec/'` ;; *-commodore*) basic_machine=`echo $basic_machine | sed 's/commodore.*/cbm/'` ;; *) ;; esac # Decode manufacturer-specific aliases for certain operating systems. if [ x"$os" != x"" ] then case $os in # First match some system type aliases # that might get confused with valid system types. # -solaris* is a basic system type, with this one exception. -solaris1 | -solaris1.*) os=`echo $os | sed -e 's|solaris1|sunos4|'` ;; -solaris) os=-solaris2 ;; -svr4*) os=-sysv4 ;; -unixware*) os=-sysv4.2uw ;; -gnu/linux*) os=`echo $os | sed -e 's|gnu/linux|linux-gnu|'` ;; # First accept the basic system types. # The portable systems comes first. # Each alternative MUST END IN A *, to match a version number. # -sysv* is not here because it comes later, after sysvr4. -gnu* | -bsd* | -mach* | -minix* | -genix* | -ultrix* | -irix* \ | -*vms* | -sco* | -esix* | -isc* | -aix* | -sunos | -sunos[34]*\ | -hpux* | -unos* | -osf* | -luna* | -dgux* | -solaris* | -sym* \ | -amigaos* | -amigados* | -msdos* | -newsos* | -unicos* | -aof* \ | -aos* \ | -nindy* | -vxsim* | -vxworks* | -ebmon* | -hms* | -mvs* \ | -clix* | -riscos* | -uniplus* | -iris* | -rtu* | -xenix* \ | -hiux* | -386bsd* | -netbsd* | -openbsd* | -freebsd* | -riscix* \ | -lynxos* | -bosx* | -nextstep* | -cxux* | -aout* | -elf* | -oabi* \ | -ptx* | -coff* | -ecoff* | -winnt* | -domain* | -vsta* \ | -udi* | -eabi* | -lites* | -ieee* | -go32* | -aux* \ | -chorusos* | -chorusrdb* \ | -cygwin* | -pe* | -psos* | -moss* | -proelf* | -rtems* \ | -mingw32* | -linux-gnu* | -uxpv* | -beos* | -mpeix* | -udk* \ | -interix* | -uwin* | -mks* | -rhapsody* | -darwin* | -opened* \ | -openstep* | -oskit* | -conix* | -pw32* | -nonstopux* \ | -storm-chaos* | -tops10* | -tenex* | -tops20* | -its* \ | -os2* | -vos* | -palmos* | -uclinux* | -nucleus* \ | -morphos* | -superux* | -rtmk* | -rtmk-nova* | -windiss* \ | -powermax* | -dnix* | -nx6 | -nx7 | -sei*) # Remember, each alternative MUST END IN *, to match a version number. ;; -qnx*) case $basic_machine in x86-* | i*86-*) ;; *) os=-nto$os ;; esac ;; -nto-qnx*) ;; -nto*) os=`echo $os | sed -e 's|nto|nto-qnx|'` ;; -sim | -es1800* | -hms* | -xray | -os68k* | -none* | -v88r* \ | -windows* | -osx | -abug | -netware* | -os9* | -beos* \ | -macos* | -mpw* | -magic* | -mmixware* | -mon960* | -lnews*) ;; -mac*) os=`echo $os | sed -e 's|mac|macos|'` ;; -linux*) os=`echo $os | sed -e 's|linux|linux-gnu|'` ;; -sunos5*) os=`echo $os | sed -e 's|sunos5|solaris2|'` ;; -sunos6*) os=`echo $os | sed -e 's|sunos6|solaris3|'` ;; -opened*) os=-openedition ;; -wince*) os=-wince ;; -osfrose*) os=-osfrose ;; -osf*) os=-osf ;; -utek*) os=-bsd ;; -dynix*) os=-bsd ;; -acis*) os=-aos ;; -atheos*) os=-atheos ;; -386bsd) os=-bsd ;; -ctix* | -uts*) os=-sysv ;; -nova*) os=-rtmk-nova ;; -ns2 ) os=-nextstep2 ;; -nsk*) os=-nsk ;; # Preserve the version number of sinix5. -sinix5.*) os=`echo $os | sed -e 's|sinix|sysv|'` ;; -sinix*) os=-sysv4 ;; -triton*) os=-sysv3 ;; -oss*) os=-sysv3 ;; -svr4) os=-sysv4 ;; -svr3) os=-sysv3 ;; -sysvr4) os=-sysv4 ;; # This must come after -sysvr4. -sysv*) ;; -ose*) os=-ose ;; -es1800*) os=-ose ;; -xenix) os=-xenix ;; -*mint | -mint[0-9]* | -*MiNT | -MiNT[0-9]*) os=-mint ;; -aros*) os=-aros ;; -kaos*) os=-kaos ;; -none) ;; *) # Get rid of the `-' at the beginning of $os. os=`echo $os | sed 's/[^-]*-//'` echo Invalid configuration \`$1\': system \`$os\' not recognized 1>&2 exit 1 ;; esac else # Here we handle the default operating systems that come with various machines. # The value should be what the vendor currently ships out the door with their # machine or put another way, the most popular os provided with the machine. # Note that if you're going to try to match "-MANUFACTURER" here (say, # "-sun"), then you have to tell the case statement up towards the top # that MANUFACTURER isn't an operating system. Otherwise, code above # will signal an error saying that MANUFACTURER isn't an operating # system, and we'll never get to this point. case $basic_machine in *-acorn) os=-riscix1.2 ;; arm*-rebel) os=-linux ;; arm*-semi) os=-aout ;; c4x-* | tic4x-*) os=-coff ;; # This must come before the *-dec entry. pdp10-*) os=-tops20 ;; pdp11-*) os=-none ;; *-dec | vax-*) os=-ultrix4.2 ;; m68*-apollo) os=-domain ;; i386-sun) os=-sunos4.0.2 ;; m68000-sun) os=-sunos3 # This also exists in the configure program, but was not the # default. # os=-sunos4 ;; m68*-cisco) os=-aout ;; mips*-cisco) os=-elf ;; mips*-*) os=-elf ;; or32-*) os=-coff ;; *-tti) # must be before sparc entry or we get the wrong os. os=-sysv3 ;; sparc-* | *-sun) os=-sunos4.1.1 ;; *-be) os=-beos ;; *-ibm) os=-aix ;; *-wec) os=-proelf ;; *-winbond) os=-proelf ;; *-oki) os=-proelf ;; *-hp) os=-hpux ;; *-hitachi) os=-hiux ;; i860-* | *-att | *-ncr | *-altos | *-motorola | *-convergent) os=-sysv ;; *-cbm) os=-amigaos ;; *-dg) os=-dgux ;; *-dolphin) os=-sysv3 ;; m68k-ccur) os=-rtu ;; m88k-omron*) os=-luna ;; *-next ) os=-nextstep ;; *-sequent) os=-ptx ;; *-crds) os=-unos ;; *-ns) os=-genix ;; i370-*) os=-mvs ;; *-next) os=-nextstep3 ;; *-gould) os=-sysv ;; *-highlevel) os=-bsd ;; *-encore) os=-bsd ;; *-sgi) os=-irix ;; *-siemens) os=-sysv4 ;; *-masscomp) os=-rtu ;; f30[01]-fujitsu | f700-fujitsu) os=-uxpv ;; *-rom68k) os=-coff ;; *-*bug) os=-coff ;; *-apple) os=-macos ;; *-atari*) os=-mint ;; *) os=-none ;; esac fi # Here we handle the case where we know the os, and the CPU type, but not the # manufacturer. We pick the logical manufacturer. vendor=unknown case $basic_machine in *-unknown) case $os in -riscix*) vendor=acorn ;; -sunos*) vendor=sun ;; -aix*) vendor=ibm ;; -beos*) vendor=be ;; -hpux*) vendor=hp ;; -mpeix*) vendor=hp ;; -hiux*) vendor=hitachi ;; -unos*) vendor=crds ;; -dgux*) vendor=dg ;; -luna*) vendor=omron ;; -genix*) vendor=ns ;; -mvs* | -opened*) vendor=ibm ;; -ptx*) vendor=sequent ;; -vxsim* | -vxworks* | -windiss*) vendor=wrs ;; -aux*) vendor=apple ;; -hms*) vendor=hitachi ;; -mpw* | -macos*) vendor=apple ;; -*mint | -mint[0-9]* | -*MiNT | -MiNT[0-9]*) vendor=atari ;; -vos*) vendor=stratus ;; esac basic_machine=`echo $basic_machine | sed "s/unknown/$vendor/"` ;; esac echo $basic_machine$os exit 0 # Local variables: # eval: (add-hook 'write-file-hooks 'time-stamp) # time-stamp-start: "timestamp='" # time-stamp-format: "%:y-%02m-%02d" # time-stamp-end: "'" # End: rpm-4.4.2.1-addinstall.patch: depends.c | 4 ++-- 1 files changed, 2 insertions(+), 2 deletions(-) --- NEW FILE rpm-4.4.2.1-addinstall.patch --- changeset: 6163:e6fd49c4379c user: Panu Matilainen date: Tue Sep 11 09:13:19 2007 +0300 files: lib/depends.c description: rpmtsAddInstallElement() consistency (rhbz#180996, rhbz#281611) Don't error out if the same (or older) package is attempted to add to the transaction, only warn (because we can handle it) (transplanted from 557fa00203ac2c861dcc0030d692696298899382) diff -r dcf46aa6c42c -r e6fd49c4379c lib/depends.c --- a/lib/depends.c Tue Sep 11 09:01:19 2007 +0300 +++ b/lib/depends.c Tue Sep 11 09:13:19 2007 +0300 @@ -214,8 +214,8 @@ int rpmtsAddInstallElement(rpmts ts, Hea _("package %s was already added, skipping %s\n"), (pkgNEVR ? pkgNEVR + 2 : "?pkgNEVR?"), (addNEVR ? addNEVR + 2 : "?addNEVR?")); - ec = 1; - break; + ec = 0; + goto exit; } /* rpm-4.4.2.1-macrobuffer.patch: macro.c | 17 ++++++++++++++++- 1 files changed, 16 insertions(+), 1 deletion(-) --- NEW FILE rpm-4.4.2.1-macrobuffer.patch --- diff -r 883c6df1757b -r 333063345c7b rpmio/macro.c --- a/rpmio/macro.c Tue Aug 28 10:26:12 2007 +0300 +++ b/rpmio/macro.c Mon Aug 27 11:01:39 2007 +0300 @@ -253,7 +253,7 @@ findEntry(MacroContext mc, const char * { MacroEntry key, *ret; struct MacroEntry_s keybuf; - char namebuf[1024]; + char *namebuf = NULL; /*@-globs@*/ if (mc == NULL) mc = rpmGlobalMacroContext; @@ -263,6 +263,8 @@ findEntry(MacroContext mc, const char * /*@-branchstate@*/ if (namelen > 0) { + namebuf = alloca(namelen + 1); + memset(namebuf, 0, (namelen + 1)); strncpy(namebuf, name, namelen); namebuf[namelen] = '\0'; name = namebuf; @@ -601,6 +603,11 @@ doShellEscape(MacroBuf mb, const char * FILE *shf; int rc; int c; + + if (clen >= sizeof(pcmd)) { + rpmError(RPMERR_BADSPEC, _("Target buffer overflow\n")); + return 1; + } strncpy(pcmd, cmd, clen); pcmd[clen] = '\0'; @@ -1079,6 +1086,10 @@ doOutput(MacroBuf mb, int waserror, cons { char buf[BUFSIZ]; + if (msglen >= sizeof(buf)) { + rpmError(RPMERR_BADSPEC, _("Target buffer overflow\n")); + msglen = sizeof(buf) - 1; + } strncpy(buf, msg, msglen); buf[msglen] = '\0'; (void) expandU(mb, buf, sizeof(buf)); @@ -1108,6 +1119,10 @@ doFoo(MacroBuf mb, int negate, const cha buf[0] = '\0'; if (g != NULL) { + if (gn >= sizeof(buf)) { + rpmError(RPMERR_BADSPEC, _("Target buffer overflow\n")); + gn = sizeof(buf) - 1; + } strncpy(buf, g, gn); buf[gn] = '\0'; (void) expandU(mb, buf, sizeof(buf)); Index: rpm.spec =================================================================== RCS file: /cvs/dist/rpms/rpm/FC-6/rpm.spec,v retrieving revision 1.217 retrieving revision 1.218 diff -u -r1.217 -r1.218 --- rpm.spec 13 Aug 2007 08:51:35 -0000 1.217 +++ rpm.spec 25 Oct 2007 13:13:36 -0000 1.218 @@ -14,10 +14,12 @@ Name: rpm Version: 4.4.2.1 %{expand: %%define rpm_version %{version}} -Release: 1%{?dist} +Release: 2%{?dist} Group: System Environment/Base Url: http://www.rpm.org/ Source: rpm-%{rpm_version}.tar.gz +Source10: config.guess +Source11: config.sub Patch1: rpm-4.4.1-prereq.patch Patch2: rpm-4.4.2-ghost-conflicts.patch Patch3: rpm-4.4.2-trust.patch @@ -30,6 +32,8 @@ Patch10: rpm-4.4.2.1-checkterminate-noexit.patch Patch11: rpm-4.4.2.1-config-mtime.patch Patch12: rpm-4.4.2.1-strict-docdir.patch +Patch13: rpm-4.4.2.1-macrobuffer.patch +Patch14: rpm-4.4.2.1-addinstall.patch # XXX Beware, this is one murky license, partially GPL/LGPL dual-licensed # and several different components with their own licenses included... License: (GPLv2 and LGPLv2 with exceptions) and BSD and MIT and Sleepycat @@ -150,6 +154,10 @@ %patch10 -p1 -b .checkterminate-noexit %patch11 -p1 -b .config-mtime %patch12 -p1 -b .strict-docdir +%patch13 -p1 -b .macrobuffer +%patch14 -p1 -b .addinstall + +cp -fp %{SOURCE10} %{SOURCE11} . %build @@ -447,6 +455,11 @@ %{__includedir}/popt.h %changelog +* Thu Oct 25 2007 Panu Matilainen - 4.4.2.1-2 +- updated versions of config.guess and config.sub (#259761) +- fix rpmbuild macro buffer overflow on spec parsing (#253971) +- dont treat adding same package to transaction twice as error (#303531) + * Mon Aug 13 2007 Panu Matilainen - 4.4.2.1-1 - update to 4.4.2.1 (#247749 and others) - drop upstreamed patches and sources From fedora-cvs-commits at redhat.com Fri Oct 26 16:42:24 2007 From: fedora-cvs-commits at redhat.com (fedora-cvs-commits at redhat.com) Date: Fri, 26 Oct 2007 12:42:24 -0400 Subject: rpms/xen/FC-6 xen-baked-tmpfile.patch, NONE, 1.1 xen.spec, 1.174, 1.175 Message-ID: <200710261642.l9QGgOaI022599@cvs.devel.redhat.com> Author: berrange Update of /cvs/dist/rpms/xen/FC-6 In directory cvs.devel.redhat.com:/tmp/cvs-serv22566 Modified Files: xen.spec Added Files: xen-baked-tmpfile.patch Log Message: Fixed xenbaked tmpfile flaw (CVE-2007-3919) xen-baked-tmpfile.patch: xenbaked.c | 2 +- xenmon.py | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) --- NEW FILE xen-baked-tmpfile.patch --- changeset: 16157:b28ae5f00553 tag: tip user: Keir Fraser date: Tue Oct 23 09:26:43 2007 +0100 files: tools/xenmon/xenbaked.c tools/xenmon/xenmon.py description: xenmon: Fix security vulnerability CVE-2007-3919. The xenbaked daemon and xenmon utility communicate via a mmap'ed shared file. Since this file is located in /tmp, unprivileged users can cause arbitrary files to be truncated by creating a symlink from the well-known /tmp filename to e.g., /etc/passwd. The fix is to place the shared file in a directory to which only root should have access (in this case /var/run/). This bug was reported, and the fix suggested, by Steve Kemp . Thanks! Signed-off-by: Keir Fraser diff -r 118a21c66fd5 -r b28ae5f00553 tools/xenmon/xenbaked.c --- a/tools/xenmon/xenbaked.c Mon Oct 22 21:06:11 2007 +0100 +++ b/tools/xenmon/xenbaked.c Tue Oct 23 09:26:43 2007 +0100 @@ -589,7 +589,7 @@ error_t cmd_parser(int key, char *arg, s return 0; } -#define SHARED_MEM_FILE "/tmp/xenq-shm" +#define SHARED_MEM_FILE "/var/run/xenq-shm" void alloc_qos_data(int ncpu) { int i, n, pgsize, off=0; diff -r 118a21c66fd5 -r b28ae5f00553 tools/xenmon/xenmon.py --- a/tools/xenmon/xenmon.py Mon Oct 22 21:06:11 2007 +0100 +++ b/tools/xenmon/xenmon.py Tue Oct 23 09:26:43 2007 +0100 @@ -46,7 +46,7 @@ QOS_DATA_SIZE = struct.calcsize(ST_QDATA QOS_DATA_SIZE = struct.calcsize(ST_QDATA)*NSAMPLES + struct.calcsize(ST_DOM_INFO)*NDOMAINS + struct.calcsize("4i") # location of mmaped file, hard coded right now -SHM_FILE = "/tmp/xenq-shm" +SHM_FILE = "/var/run/xenq-shm" # format strings TOTALS = 15*' ' + "%6.2f%%" + 35*' ' + "%6.2f%%" Index: xen.spec =================================================================== RCS file: /cvs/dist/rpms/xen/FC-6/xen.spec,v retrieving revision 1.174 retrieving revision 1.175 diff -u -r1.174 -r1.175 --- xen.spec 26 Sep 2007 16:54:25 -0000 1.174 +++ xen.spec 26 Oct 2007 16:42:22 -0000 1.175 @@ -3,7 +3,7 @@ Summary: Xen is a virtual machine monitor Name: xen Version: 3.0.3 -Release: 12%{dist} +Release: 13%{dist} Group: Development/Libraries License: GPL URL: http://www.cl.cam.ac.uk/Research/SRG/netos/xen/index.html @@ -54,6 +54,7 @@ Patch42: xen-network-bonding-fix.patch Patch43: xen-logfile-permissions.patch Patch44: xen-keyboard.patch +Patch45: xen-baked-tmpfile.patch Patch80: xen-destroydevice-args.patch Patch81: xen-hotplug-error-reporting.patch @@ -120,7 +121,7 @@ Requires: kpartx Prereq: chkconfig Conflicts: libvirt <= 0.2.0-1.fc6 -ExclusiveArch: i386 x86_64 ia64 +ExclusiveArch: i386 i686 x86_64 ia64 %description This package contains the Xen hypervisor and Xen tools, needed to @@ -226,6 +227,8 @@ %patch43 -p1 # VNC keymap fixes %patch44 -p1 +# xenbaked tmpfile flaw +%patch45 -p1 # fix HVM cannot allocate memory bug %patch80 -p1 @@ -379,6 +382,9 @@ %{_libdir}/*.a %changelog +* Fri Oct 26 2007 Daniel P. Berrange - 3.1.0-13.fc6 +- Fixed xenbaked tmpfile flaw (CVE-2007-3919) + * Wed Sep 26 2007 Chris Lalancette - 3.0.3-12.fc6 - QEmu cirrus bitblit bounds check - CVE-2007-1320 (rhbz #238723) - QEmu NE2000 overflow check - CVE-2007-1321 (rhbz #238723) From fedora-cvs-commits at redhat.com Mon Oct 29 10:14:43 2007 From: fedora-cvs-commits at redhat.com (fedora-cvs-commits at redhat.com) Date: Mon, 29 Oct 2007 06:14:43 -0400 Subject: rpms/ruby/FC-6 ruby.spec,1.95,1.96 Message-ID: <200710291014.l9TAEhr5003183@cvs.devel.redhat.com> Author: tagoh Update of /cvs/dist/rpms/ruby/FC-6 In directory cvs.devel.redhat.com:/tmp/cvs-serv3159 Modified Files: ruby.spec Log Message: * Mon Oct 29 2007 Akira TAGOH - 1.8.5.113-3 - Doh. exactly enable pthread support for ppc again. (#201452) Index: ruby.spec =================================================================== RCS file: /cvs/dist/rpms/ruby/FC-6/ruby.spec,v retrieving revision 1.95 retrieving revision 1.96 diff -u -r1.95 -r1.96 --- ruby.spec 15 Oct 2007 12:51:25 -0000 1.95 +++ ruby.spec 29 Oct 2007 10:14:41 -0000 1.96 @@ -11,7 +11,7 @@ Name: ruby Version: %{rubyver}%{?dotpatchlevel} -Release: 2%{?dist} +Release: 3%{?dist} License: Ruby or GPL+ URL: http://www.ruby-lang.org/ BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) @@ -184,10 +184,6 @@ --disable-rpath \ --with-ruby-prefix=%{_prefix}/lib -%ifarch ppc -cp Makefile Makefile.orig -sed -e 's/^EXTMK_ARGS[[:space:]].*=\(.*\) --$/EXTMK_ARGS=\1 --disable-tcl-thread --/' Makefile.orig > Makefile -%endif make RUBY_INSTALL_NAME=ruby %{?_smp_mflags} %ifarch ia64 # Miscompilation? Buggy code? @@ -465,6 +461,9 @@ %endif %changelog +* Mon Oct 29 2007 Akira TAGOH - 1.8.5.113-3 +- Doh. exactly enable pthread support for ppc again. (#201452) + * Mon Oct 15 2007 Akira TAGOH - 1.8.5.113-2 - Enable pthread support for ppc too. (#201452) - Fix unexpected dependencies appears in ruby-libs. (#253325) From fedora-cvs-commits at redhat.com Mon Oct 29 13:48:49 2007 From: fedora-cvs-commits at redhat.com (fedora-cvs-commits at redhat.com) Date: Mon, 29 Oct 2007 09:48:49 -0400 Subject: rpms/ruby/FC-6 ruby-1.8.6.111-CVE-2007-5162.patch, NONE, 1.1 .cvsignore, 1.21, 1.22 ruby.spec, 1.96, 1.97 sources, 1.20, 1.21 ruby-1.8.5-CVE-2007-5162.patch, 1.1, NONE Message-ID: <200710291348.l9TDmnjL003972@cvs.devel.redhat.com> Author: tagoh Update of /cvs/dist/rpms/ruby/FC-6 In directory cvs.devel.redhat.com:/tmp/cvs-serv3944 Modified Files: .cvsignore ruby.spec sources Added Files: ruby-1.8.6.111-CVE-2007-5162.patch Removed Files: ruby-1.8.5-CVE-2007-5162.patch Log Message: * Mon Oct 29 2007 Akira TAGOH - 1.8.5.114-1 - New upstream release. - ruby-1.8.6.111-CVE-2007-5162.patch: Update a bit with backporting the changes at trunk to enable the fix without any modifications on the users' scripts. Note that Net::HTTP#enable_post_connection_check isn't available anymore. If you want to disable this post-check, you should give OpenSSL::SSL::VERIFY_NONE to Net::HTTP#verify_mode= instead of. sources 29 Oct 2007 13:48:43 -0000 d57f9762b3b34a9e4835085b4c5acc59 ruby-1.8.5-p114.tar.bz2 ruby-1.8.6.111-CVE-2007-5162.patch: ext/openssl/lib/net/ftptls.rb | 10 ++++++++++ ext/openssl/lib/net/telnets.rb | 3 +++ lib/net/http.rb | 11 +---------- lib/net/imap.rb | 1 + lib/open-uri.rb | 1 - 5 files changed, 15 insertions(+), 11 deletions(-) --- NEW FILE ruby-1.8.6.111-CVE-2007-5162.patch --- diff -pruN ruby-1.8.6-p111.orig/ext/openssl/lib/net/ftptls.rb ruby-1.8.6-p111/ext/openssl/lib/net/ftptls.rb --- ruby-1.8.6-p111.orig/ext/openssl/lib/net/ftptls.rb 2007-02-13 08:01:19.000000000 +0900 +++ ruby-1.8.6-p111/ext/openssl/lib/net/ftptls.rb 2007-10-29 21:10:24.000000000 +0900 @@ -29,13 +29,23 @@ require 'net/ftp' module Net class FTPTLS < FTP + def connect(host, port=FTP_PORT) + @hostname = host + super + end + def login(user = "anonymous", passwd = nil, acct = nil) + store = OpenSSL::X509::Store.new + store.set_default_paths ctx = OpenSSL::SSL::SSLContext.new('SSLv23') + ctx.cert_store = store + ctx.verify_mode = OpenSSL::SSL::VERIFY_PEER ctx.key = nil ctx.cert = nil voidcmd("AUTH TLS") @sock = OpenSSL::SSL::SSLSocket.new(@sock, ctx) @sock.connect + @sock.post_connection_check(@hostname) super(user, passwd, acct) voidcmd("PBSZ 0") end diff -pruN ruby-1.8.6-p111.orig/ext/openssl/lib/net/telnets.rb ruby-1.8.6-p111/ext/openssl/lib/net/telnets.rb --- ruby-1.8.6-p111.orig/ext/openssl/lib/net/telnets.rb 2007-02-13 08:01:19.000000000 +0900 +++ ruby-1.8.6-p111/ext/openssl/lib/net/telnets.rb 2007-10-29 21:13:03.000000000 +0900 @@ -134,6 +134,9 @@ module Net @sock.verify_callback = @options['VerifyCallback'] @sock.verify_depth = @options['VerifyDepth'] @sock.connect + if @options['VerifyMode'] != OpenSSL::SSL::VERIFY_NONE + @sock.post_connection_check(@options['Host']) + end @ssl = true end '' diff -pruN ruby-1.8.6-p111.orig/lib/net/http.rb ruby-1.8.6-p111/lib/net/http.rb --- ruby-1.8.6-p111.orig/lib/net/http.rb 2007-09-24 17:12:24.000000000 +0900 +++ ruby-1.8.6-p111/lib/net/http.rb 2007-10-29 21:12:12.000000000 +0900 @@ -470,7 +470,6 @@ module Net #:nodoc: @debug_output = nil @use_ssl = false @ssl_context = nil - @enable_post_connection_check = false end def inspect @@ -527,9 +526,6 @@ module Net #:nodoc: false # redefined in net/https end - # specify enabling SSL server certificate and hostname checking. - attr_accessor :enable_post_connection_check - # Opens TCP connection and HTTP session. # # When this method is called with block, gives a HTTP object @@ -589,12 +585,7 @@ module Net #:nodoc: end s.connect if @ssl_context.verify_mode != OpenSSL::SSL::VERIFY_NONE - begin - s.post_connection_check(@address) - rescue OpenSSL::SSL::SSLError => ex - raise ex if @enable_post_connection_check - warn ex.message - end + s.post_connection_check(@address) end end on_connect diff -pruN ruby-1.8.6-p111.orig/lib/net/imap.rb ruby-1.8.6-p111/lib/net/imap.rb --- ruby-1.8.6-p111.orig/lib/net/imap.rb 2007-08-22 08:28:09.000000000 +0900 +++ ruby-1.8.6-p111/lib/net/imap.rb 2007-10-29 21:14:38.000000000 +0900 @@ -900,6 +900,7 @@ module Net end @sock = SSLSocket.new(@sock, context) @sock.connect # start ssl session. + @sock.post_connection_check(@host) if verify else @usessl = false end diff -pruN ruby-1.8.6-p111.orig/lib/open-uri.rb ruby-1.8.6-p111/lib/open-uri.rb --- ruby-1.8.6-p111.orig/lib/open-uri.rb 2007-09-24 17:12:24.000000000 +0900 +++ ruby-1.8.6-p111/lib/open-uri.rb 2007-10-29 21:16:03.000000000 +0900 @@ -229,7 +229,6 @@ module OpenURI if target.class == URI::HTTPS require 'net/https' http.use_ssl = true - http.enable_post_connection_check = true http.verify_mode = OpenSSL::SSL::VERIFY_PEER store = OpenSSL::X509::Store.new store.set_default_paths Index: .cvsignore =================================================================== RCS file: /cvs/dist/rpms/ruby/FC-6/.cvsignore,v retrieving revision 1.21 retrieving revision 1.22 diff -u -r1.21 -r1.22 --- .cvsignore 4 Oct 2007 14:08:14 -0000 1.21 +++ .cvsignore 29 Oct 2007 13:48:46 -0000 1.22 @@ -15,3 +15,4 @@ ruby-1.8.5-p35.tar.gz ruby-1.8.5-p52.tar.bz2 ruby-1.8.5-p113.tar.bz2 +ruby-1.8.5-p114.tar.bz2 Index: ruby.spec =================================================================== RCS file: /cvs/dist/rpms/ruby/FC-6/ruby.spec,v retrieving revision 1.96 retrieving revision 1.97 diff -u -r1.96 -r1.97 --- ruby.spec 29 Oct 2007 10:14:41 -0000 1.96 +++ ruby.spec 29 Oct 2007 13:48:46 -0000 1.97 @@ -1,7 +1,7 @@ %define manver 1.4.6 %define rubyxver 1.8 %define rubyver 1.8.5 -%define _patchlevel 113 +%define _patchlevel 114 %define dotpatchlevel %{?_patchlevel:.%{_patchlevel}} %define patchlevel %{?_patchlevel:-p%{_patchlevel}} %define sitedir %{_libdir}/ruby/site_ruby @@ -11,7 +11,7 @@ Name: ruby Version: %{rubyver}%{?dotpatchlevel} -Release: 3%{?dist} +Release: 1%{?dist} License: Ruby or GPL+ URL: http://www.ruby-lang.org/ BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) @@ -38,7 +38,7 @@ Patch23: ruby-multilib.patch Patch24: ruby-tcltk-multilib.patch Patch25: ruby-fix-autoconf-magic-code.patch -Patch26: ruby-1.8.5-CVE-2007-5162.patch +Patch26: ruby-1.8.6.111-CVE-2007-5162.patch Summary: An interpreter of object-oriented scripting language Group: Development/Languages @@ -461,7 +461,13 @@ %endif %changelog -* Mon Oct 29 2007 Akira TAGOH - 1.8.5.113-3 +* Mon Oct 29 2007 Akira TAGOH - 1.8.5.114-1 +- New upstream release. +- ruby-1.8.6.111-CVE-2007-5162.patch: Update a bit with backporting the changes + at trunk to enable the fix without any modifications on the users' scripts. + Note that Net::HTTP#enable_post_connection_check isn't available anymore. + If you want to disable this post-check, you should give OpenSSL::SSL::VERIFY_NONE + to Net::HTTP#verify_mode= instead of. - Doh. exactly enable pthread support for ppc again. (#201452) * Mon Oct 15 2007 Akira TAGOH - 1.8.5.113-2 Index: sources =================================================================== RCS file: /cvs/dist/rpms/ruby/FC-6/sources,v retrieving revision 1.20 retrieving revision 1.21 diff -u -r1.20 -r1.21 --- sources 4 Oct 2007 14:08:15 -0000 1.20 +++ sources 29 Oct 2007 13:48:46 -0000 1.21 @@ -2,4 +2,4 @@ d65e3a216d6d345a2a6f1aa8758c2f75 ruby-refm-rdp-1.8.1-ja-html.tar.gz 7f3e181c0be9a1579e43a5a8b26372d6 rubyfaq-990927.tar.bz2 8aa2e2da327dc43ff6e46e634eb657b6 rubyfaq-jp-990927.tar.bz2 -682117fbca4cd2ceac6beb6a403eef59 ruby-1.8.5-p113.tar.bz2 +d57f9762b3b34a9e4835085b4c5acc59 ruby-1.8.5-p114.tar.bz2 --- ruby-1.8.5-CVE-2007-5162.patch DELETED --- From fedora-cvs-commits at redhat.com Wed Oct 31 13:07:55 2007 From: fedora-cvs-commits at redhat.com (fedora-cvs-commits at redhat.com) Date: Wed, 31 Oct 2007 09:07:55 -0400 Subject: rpms/coreutils/FC-6 coreutils-5.97-requiresecuritycontext.patch, NONE, 1.1 coreutils-selinux.patch, 1.30, 1.31 coreutils.spec, 1.153, 1.154 Message-ID: <200710311307.l9VD7t4C004077@cvs.devel.redhat.com> Author: ovasik Update of /cvs/dist/rpms/coreutils/FC-6 In directory cvs.devel.redhat.com:/tmp/cvs-serv4054 Modified Files: coreutils-selinux.patch coreutils.spec Added Files: coreutils-5.97-requiresecuritycontext.patch Log Message: fix for runuser (#232652), for cp -a rewrite on NFS(#219900) coreutils-5.97-requiresecuritycontext.patch: copy.c | 40 ++++++++++++++++++++++++++-------------- copy.h | 12 ++++++++++++ cp.c | 10 ++++++++-- install.c | 1 + mv.c | 1 + 5 files changed, 48 insertions(+), 16 deletions(-) --- NEW FILE coreutils-5.97-requiresecuritycontext.patch --- diff -ur coreutils-5.97.orig/src/copy.c coreutils-5.97/src/copy.c --- coreutils-5.97.orig/src/copy.c 2007-10-19 16:45:22.000000000 +0200 +++ coreutils-5.97/src/copy.c 2007-10-31 13:37:20.000000000 +0100 @@ -245,23 +245,32 @@ dest_desc = open (dst_name, O_WRONLY | O_TRUNC | O_BINARY, dst_mode); #ifdef WITH_SELINUX - if (dest_desc >= 0 && selinux_enabled && - (x->preserve_security_context || x->set_security_context)) + if (x->preserve_security_context && 0 <= dest_desc) { - security_context_t con; - if(getfscreatecon(&con) == -1) + security_context_t con = NULL; + if(getfscreatecon(&con) < 0) { - return_val = false; - goto close_src_desc; + if (x->require_preserve_context) + { + error(0, errno, _("failed to get file system create context")); + return_val = false; + goto close_src_desc; + } } if (con) { - if(fsetfilecon(dest_desc, con) == -1) + if(fsetfilecon(dest_desc, con) < 0) { - return_val = false; - freecon(con); - goto close_src_desc; + if (x->require_preserve_context) + { + error(0, errno, + _("failed to set security context of %s to %s"), + quote_n (0, dst_name), quote_n(1, con)); + return_val = false; + freecon(con); + goto close_src_desc; + } } freecon(con); } @@ -1438,10 +1447,12 @@ { if (setfscreatecon(con) < 0) { - error (0, errno, _("cannot set setfscreatecon %s"), quote (con)); - if (x->require_preserve) { + error (0, errno, + _("cannot set default file creation context to %s"), + quote (con)); + if (x->require_preserve_context) { freecon(con); - return 1; + return false; } } freecon(con); @@ -1449,7 +1460,8 @@ else { if (( errno != ENOTSUP ) && ( errno != ENODATA )) { error (0, errno, _("cannot lgetfilecon %s"), quote (src_name)); - return 1; + if (x->require_preserve_context) + return 1; } } } diff -ur coreutils-5.97.orig/src/copy.h coreutils-5.97/src/copy.h --- coreutils-5.97.orig/src/copy.h 2007-10-19 16:45:22.000000000 +0200 +++ coreutils-5.97/src/copy.h 2007-10-31 13:39:14.000000000 +0100 @@ -150,6 +150,18 @@ it be zero. */ bool require_preserve; + /* Useful only when preserve_security_context is true. + If true, a failed attempt to preserve a file's security context + propagates failure "out" to the caller. If false, a failure to + preserve a file's security context does not change the invoking + application's exit status. Give diagnostics for failed syscalls + regardless of this setting. For example, with "cp --preserve=context" + this flag is "true", while with "cp -a", it is false. That means + "cp -a" attempts to preserve any security context, but does not + fail if it is unable to do so. */ + bool require_preserve_context; + + /* If true, copy directories recursively and copy special files as themselves rather than copying their contents. */ bool recursive; diff -ur coreutils-5.97.orig/src/cp.c coreutils-5.97/src/cp.c --- coreutils-5.97.orig/src/cp.c 2007-10-19 16:45:22.000000000 +0200 +++ coreutils-5.97/src/cp.c 2007-10-31 13:41:57.000000000 +0100 @@ -754,6 +754,7 @@ x->set_security_context = false; #endif + x->require_preserve_context = false; x->require_preserve = false; x->recursive = false; x->sparse_mode = SPARSE_AUTO; @@ -831,6 +832,7 @@ case PRESERVE_CONTEXT: x->preserve_security_context = on_off; + x->require_preserve_context = on_off; break; case PRESERVE_ALL: @@ -838,7 +840,10 @@ x->preserve_timestamps = on_off; x->preserve_ownership = on_off; x->preserve_links = on_off; - x->preserve_security_context = on_off; + if (selinux_enabled) { + x->preserve_security_context = on_off; + x->require_preserve_context = on_off; + } break; default: @@ -902,7 +907,8 @@ x.preserve_ownership = true; x.preserve_mode = true; x.preserve_timestamps = true; - x.preserve_security_context = true; + if (selinux_enabled) + x.preserve_security_context = true; x.require_preserve = true; x.recursive = true; break; Pouze v coreutils-5.97/src: chcon.c.selinux diff -ur coreutils-5.97.orig/src/install.c coreutils-5.97/src/install.c --- coreutils-5.97.orig/src/install.c 2007-10-19 16:45:22.000000000 +0200 +++ coreutils-5.97/src/install.c 2007-10-31 13:28:51.000000000 +0100 @@ -184,6 +184,7 @@ x->preserve_mode = false; x->preserve_timestamps = false; x->require_preserve = false; + x->require_preserve_context = false; x->recursive = false; x->sparse_mode = SPARSE_AUTO; x->symbolic_link = false; diff -ur coreutils-5.97.orig/src/mv.c coreutils-5.97/src/mv.c --- coreutils-5.97.orig/src/mv.c 2007-10-19 16:45:22.000000000 +0200 +++ coreutils-5.97/src/mv.c 2007-10-31 13:29:39.000000000 +0100 @@ -137,6 +137,7 @@ x->set_security_context = false; #endif x->require_preserve = false; /* FIXME: maybe make this an option */ + x->require_preserve_context = false; x->recursive = true; x->sparse_mode = SPARSE_AUTO; /* FIXME: maybe make this an option */ x->symbolic_link = false; coreutils-selinux.patch: README | 4 config.hin | 33 +--- configure.ac | 7 man/Makefile.am | 4 man/chcon.1 | 64 ++++++++ man/chcon.x | 4 man/cp.1 | 5 man/dir.1 | 14 + man/id.1 | 3 man/install.1 | 5 man/ls.1 | 14 + man/mkdir.1 | 2 man/mkfifo.1 | 3 man/mknod.1 | 3 man/runcon.1 | 45 +++++ man/runcon.x | 14 + man/stat.1 | 6 man/vdir.1 | 14 + src/Makefile.am | 23 +- src/chcon.c | 421 +++++++++++++++++++++++++++++++++++++++++++++++++++++ src/copy.c | 73 +++++++++ src/copy.h | 4 src/cp.c | 67 ++++++++ src/id.c | 68 ++++++++ src/install.c | 99 ++++++++++++ src/ls.c | 296 ++++++++++++++++++++++++++++++++----- src/mkdir.c | 30 +++ src/mkfifo.c | 29 +++ src/mknod.c | 30 +++ src/mv.c | 13 + src/runcon.c | 252 +++++++++++++++++++++++++++++++ src/stat.c | 146 ++++++++++++++---- tests/help-version | 4 33 files changed, 1698 insertions(+), 101 deletions(-) Index: coreutils-selinux.patch =================================================================== RCS file: /cvs/dist/rpms/coreutils/FC-6/coreutils-selinux.patch,v retrieving revision 1.30 retrieving revision 1.31 diff -u -r1.30 -r1.31 --- coreutils-selinux.patch 17 Apr 2007 11:43:06 -0000 1.30 +++ coreutils-selinux.patch 31 Oct 2007 13:07:53 -0000 1.31 @@ -1934,7 +1934,7 @@ backup_suffix_string = getenv ("SIMPLE_BACKUP_SUFFIX"); --- /dev/null 2007-04-17 09:18:47.810494296 +0100 +++ coreutils-5.97/src/runcon.c 2007-04-17 12:34:48.000000000 +0100 -@@ -0,0 +1,253 @@ +@@ -0,0 +1,252 @@ +/* + * runcon [ context | + * ( [ -c ] [ -r role ] [-t type] [ -u user ] [ -l levelrange ] ) @@ -2020,7 +2020,6 @@ + textdomain (PACKAGE); + + while (1) { -+ int c; + int this_option_optind = optind ? optind : 1; + int option_index = 0; + static struct option long_options[] = { @@ -2033,7 +2032,7 @@ + { "version", 0, &show_version, 1 }, + { 0, 0, 0, 0 } + }; -+ c = getopt_long(argc, argv, "r:t:u:l:c", long_options, &option_index); ++ int c = getopt_long(argc, argv, "+r:t:u:l:c", long_options, &option_index); + if ( c == -1 ) { + break; + } Index: coreutils.spec =================================================================== RCS file: /cvs/dist/rpms/coreutils/FC-6/coreutils.spec,v retrieving revision 1.153 retrieving revision 1.154 diff -u -r1.153 -r1.154 --- coreutils.spec 17 Apr 2007 11:43:06 -0000 1.153 +++ coreutils.spec 31 Oct 2007 13:07:53 -0000 1.154 @@ -1,7 +1,7 @@ Summary: The GNU core utilities: a set of tools commonly used in shell scripts Name: coreutils Version: 5.97 -Release: 12.5%{?dist} +Release: 12.6%{?dist} License: GPL Group: System Environment/Base Url: http://www.gnu.org/software/coreutils/ @@ -56,6 +56,8 @@ #SELINUX Patch Patch950: coreutils-selinux.patch +#SELINUX Patch fix to allow cp -a rewrite file on different filesystem +Patch951: coreutils-5.97-requiresecuritycontext.patch BuildRoot: %_tmppath/%{name}-root BuildRequires: gettext libtermcap-devel bison @@ -117,6 +119,7 @@ #SELinux %patch950 -p1 -b .selinux +%patch951 -p1 -b .require-preserve # Don't run basic-1 test, since it breaks when run in the background # (bug #102033). @@ -290,6 +293,11 @@ /sbin/runuser %changelog +* Wed Oct 30 2007 Ondrej Vasik 5.97-12.6 +- allow cp -a to rewrite file on different filesystem(#219900) + (based on upstream patch) +- applied upstream patch for runuser to coreutils-selinux.patch(#232652) + * Tue Apr 17 2007 Tim Waugh 5.97-12.5 - Fixed dangling symlinks fix (bug #230052, bug #236311). From fedora-cvs-commits at redhat.com Wed Oct 31 23:41:00 2007 From: fedora-cvs-commits at redhat.com (fedora-cvs-commits at redhat.com) Date: Wed, 31 Oct 2007 19:41:00 -0400 Subject: rpms/kernel/FC-6 linux-2.6-x86_64-revert-sparsemem-4g.patch, NONE, 1.1 patch-2.6.22.11-rc1.bz2.sign, NONE, 1.1 .cvsignore, 1.575, 1.576 kernel-2.6.spec, 1.3033, 1.3034 sources, 1.539, 1.540 upstream, 1.459, 1.460 linux-2.6-snapshot-2.6.22.11.patch, 1.1, NONE Message-ID: <200710312341.l9VNf0be008300@cvs.devel.redhat.com> Author: cebbert Update of /cvs/dist/rpms/kernel/FC-6 In directory cvs.devel.redhat.com:/tmp/cvs-serv8283 Modified Files: .cvsignore kernel-2.6.spec sources upstream Added Files: linux-2.6-x86_64-revert-sparsemem-4g.patch patch-2.6.22.11-rc1.bz2.sign Removed Files: linux-2.6-snapshot-2.6.22.11.patch Log Message: * Tue Oct 23 2007 Chuck Ebbert - 2.6.22.11-rc1 - fix crash with AGP on some x86_64 systems linux-2.6-x86_64-revert-sparsemem-4g.patch: arch/x86_64/mm/init.c | 5 ----- include/linux/bootmem.h | 1 - mm/sparse.c | 11 ----------- 3 files changed, 17 deletions(-) --- NEW FILE linux-2.6-x86_64-revert-sparsemem-4g.patch --- Reverted upstream by: Commit: 6a22c57b8d2a62dea7280a6b2ac807a539ef0716 Revert this commit: commit 2e1c49db4c640b35df13889b86b9d62215ade4b6 Author: Zou Nan hai Date: Fri Jun 1 00:46:28 2007 -0700 x86_64: allocate sparsemem memmap above 4G On systems with huge amount of physical memory, VFS cache and memory memmap may eat all available system memory under 4G, then the system may fail to allocate swiotlb bounce buffer. There was a fix for this issue in arch/x86_64/mm/numa.c, but that fix dose not cover sparsemem model. This patch add fix to sparsemem model by first try to allocate memmap above 4G. Signed-off-by: Zou Nan hai Acked-by: Suresh Siddha Cc: Andi Kleen Cc: Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds diff --git a/arch/x86_64/mm/init.c b/arch/x86_64/mm/init.c index 458893b..e2d6bad 100644 --- a/arch/x86_64/mm/init.c +++ b/arch/x86_64/mm/init.c @@ -734,8 +734,3 @@ int in_gate_area_no_task(unsigned long addr) return (addr >= VSYSCALL_START) && (addr < VSYSCALL_END); } -void *alloc_bootmem_high_node(pg_data_t *pgdat, unsigned long size) -{ - return __alloc_bootmem_core(pgdat->bdata, size, - SMP_CACHE_BYTES, (4UL*1024*1024*1024), 0); -} diff --git a/include/linux/bootmem.h b/include/linux/bootmem.h index c83534e..0365ec9 100644 --- a/include/linux/bootmem.h +++ b/include/linux/bootmem.h @@ -59,7 +59,6 @@ extern void *__alloc_bootmem_core(struct bootmem_data *bdata, unsigned long align, unsigned long goal, unsigned long limit); -extern void *alloc_bootmem_high_node(pg_data_t *pgdat, unsigned long size); #ifndef CONFIG_HAVE_ARCH_BOOTMEM_NODE extern void reserve_bootmem(unsigned long addr, unsigned long size); diff --git a/mm/sparse.c b/mm/sparse.c index 239f5a7..1facdff 100644 --- a/mm/sparse.c +++ b/mm/sparse.c @@ -215,12 +215,6 @@ static int __meminit sparse_init_one_section(struct mem_section *ms, return 1; } -__attribute__((weak)) -void *alloc_bootmem_high_node(pg_data_t *pgdat, unsigned long size) -{ - return NULL; -} - static struct page __init *sparse_early_mem_map_alloc(unsigned long pnum) { struct page *map; @@ -231,11 +225,6 @@ static struct page __init *sparse_early_mem_map_alloc(unsigned long pnum) if (map) return map; - map = alloc_bootmem_high_node(NODE_DATA(nid), - sizeof(struct page) * PAGES_PER_SECTION); - if (map) - return map; - map = alloc_bootmem_node(NODE_DATA(nid), sizeof(struct page) * PAGES_PER_SECTION); if (map) --- NEW FILE patch-2.6.22.11-rc1.bz2.sign --- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) Comment: See http://www.kernel.org/signature.html for info iD8DBQBHKJ1kyGugalF9Dw4RAsC5AKCBFC//v/n6TURbBpdU4ucdbMJmZwCfV1dL jO94/mii4ctHR18gMD4aLik= =wb1c -----END PGP SIGNATURE----- Index: .cvsignore =================================================================== RCS file: /cvs/dist/rpms/kernel/FC-6/.cvsignore,v retrieving revision 1.575 retrieving revision 1.576 diff -u -r1.575 -r1.576 --- .cvsignore 16 Oct 2007 18:13:44 -0000 1.575 +++ .cvsignore 31 Oct 2007 23:40:57 -0000 1.576 @@ -4,3 +4,4 @@ kernel-2.6.22 linux-2.6.22.tar.bz2 patch-2.6.22.10.bz2 +patch-2.6.22.11-rc1.bz2 Index: kernel-2.6.spec =================================================================== RCS file: /cvs/dist/rpms/kernel/FC-6/kernel-2.6.spec,v retrieving revision 1.3033 retrieving revision 1.3034 diff -u -r1.3033 -r1.3034 --- kernel-2.6.spec 23 Oct 2007 19:52:06 -0000 1.3033 +++ kernel-2.6.spec 31 Oct 2007 23:40:57 -0000 1.3034 @@ -497,7 +497,7 @@ %endif # unreleased stable patch -Patch02: linux-2.6-snapshot-2.6.22.11.patch +Patch02: patch-2.6.22.11-rc1.bz2 %if !%{nopatches} @@ -579,6 +579,7 @@ Patch601: linux-2.6-input-ff-create-limit-memory.patch Patch602: linux-2.6-x86_64-e820_hole_size.patch Patch603: linux-2.6-x86_64-fix-boot-speed-on-vt.patch +Patch604: linux-2.6-x86_64-revert-sparsemem-4g.patch Patch610: linux-2.6-defaults-fat-utf8.patch Patch620: linux-2.6-defaults-unicode-vt.patch @@ -1070,7 +1071,7 @@ %endif # unreleased stable patch -ApplyPatch linux-2.6-snapshot-2.6.22.11.patch +ApplyPatch patch-2.6.22.11-rc1.bz2 # This patch adds a "make nonint_oldconfig" which is non-interactive and # also gives a list of missing options at the end. Useful for automated @@ -1256,6 +1257,8 @@ ApplyPatch linux-2.6-x86_64-e820_hole_size.patch # fix boot speed on VT enabled processors ApplyPatch linux-2.6-x86_64-fix-boot-speed-on-vt.patch +# fix agp crash +ApplyPatch linux-2.6-x86_64-revert-sparsemem-4g.patch # Changes to upstream defaults. # Use UTF-8 by default on VFAT. @@ -2285,6 +2288,10 @@ %changelog * Tue Oct 23 2007 Chuck Ebbert +- 2.6.22.11-rc1 +- fix crash with AGP on some x86_64 systems + +* Tue Oct 23 2007 Chuck Ebbert - add patches queued for 2.6.22.11 * Mon Oct 22 2007 Chuck Ebbert Index: sources =================================================================== RCS file: /cvs/dist/rpms/kernel/FC-6/sources,v retrieving revision 1.539 retrieving revision 1.540 diff -u -r1.539 -r1.540 --- sources 16 Oct 2007 18:13:44 -0000 1.539 +++ sources 31 Oct 2007 23:40:57 -0000 1.540 @@ -1,2 +1,3 @@ 2e230d005c002fb3d38a3ca07c0200d0 linux-2.6.22.tar.bz2 8dc6d14fb270d13e8ef670d23387b418 patch-2.6.22.10.bz2 +74f24203db68ebe8ba262a3743492d73 patch-2.6.22.11-rc1.bz2 Index: upstream =================================================================== RCS file: /cvs/dist/rpms/kernel/FC-6/upstream,v retrieving revision 1.459 retrieving revision 1.460 diff -u -r1.459 -r1.460 --- upstream 16 Oct 2007 18:13:44 -0000 1.459 +++ upstream 31 Oct 2007 23:40:57 -0000 1.460 @@ -1,2 +1,3 @@ linux-2.6.22.tar.bz2 patch-2.6.22.10.bz2 +patch-2.6.22.11-rc1.bz2 --- linux-2.6-snapshot-2.6.22.11.patch DELETED --- From fedora-cvs-commits at redhat.com Wed Oct 31 23:52:38 2007 From: fedora-cvs-commits at redhat.com (fedora-cvs-commits at redhat.com) Date: Wed, 31 Oct 2007 19:52:38 -0400 Subject: rpms/kernel/FC-6 kernel-2.6.spec,1.3034,1.3035 Message-ID: <200710312352.l9VNqcWl010041@cvs.devel.redhat.com> Author: cebbert Update of /cvs/dist/rpms/kernel/FC-6 In directory cvs.devel.redhat.com:/tmp/cvs-serv9982 Modified Files: kernel-2.6.spec Log Message: fix date in changelog Index: kernel-2.6.spec =================================================================== RCS file: /cvs/dist/rpms/kernel/FC-6/kernel-2.6.spec,v retrieving revision 1.3034 retrieving revision 1.3035 diff -u -r1.3034 -r1.3035 --- kernel-2.6.spec 31 Oct 2007 23:40:57 -0000 1.3034 +++ kernel-2.6.spec 31 Oct 2007 23:52:34 -0000 1.3035 @@ -2287,7 +2287,7 @@ %endif %changelog -* Tue Oct 23 2007 Chuck Ebbert +* Wed Oct 31 2007 Chuck Ebbert - 2.6.22.11-rc1 - fix crash with AGP on some x86_64 systems