[asac@debian.org: Re: ffox 1.5.0.2/1.0.8 CVE-Ids,
MFSAs and Bugzilla bugs]
Alexander Sack
asac at debian.org
Sat Apr 15 17:11:57 UTC 2006
Hi,
OK, you can get it (read below) from my people.debian.org account:
http://people.debian.org/~asac/aviary1.0.8a.tar.gz
attached you find a patch that is needed to get InstallTrigger code
changes apply cleanly. Just apply it before anything else.
...
----- Forwarded message from Alexander Sack <asac at debian.org> -----
From: Alexander Sack <asac at debian.org>
To: Eric Dorland <eric at debian.org>
Cc: Debian Mozilla Maintainers <pkg-mozilla-maintainers at lists.alioth.debian.org>,
Debian Security Team <team at security.debian.org>
Subject: Re: ffox 1.5.0.2/1.0.8 CVE-Ids, MFSAs and Bugzilla bugs
On Fri, Apr 14, 2006 at 04:52:41PM -0400, Eric Dorland wrote:
>
> Thanks for creating this list. Are you working on backporting the
> security fixes to the sarge mozilla-firefox package? Should we
> coordinate and split up the work?
Yes, I am extracting them from cvs. Attached you find a tarball
containing all checkins already documented to some extent.
Those in top level folder are directly linked with a mfsa. It should
be pretty easy for you to figure which mfsa and cve-id they belong
to by searching for bug numbers in the advisory list sent to this list.
Patches/Checkins in __nomfsa/ *need attention*! Those bugs are
security related, but I couldn't find a security announcement
associated.
We should start to run test builds now. Not all patches will apply
cleanly. Please report your problems and we can figure them
out - hopefully :). Anyway, please take care that you keep the sorting
by name of the patch files when applying them. If you apply main
patches AND those in __nomfsa, copy them to one directory first. If
you have issues applying hunks please resolve them manually and sent
back cleaned patches.
For test builds we should assume that checkins in __nomfsa are indeed
security checkins. So please apply them anyway. I will try to sort
this mess out with upstream asap.
----- End forwarded message -----
- Alexander
--
GPG messages preferred. | .''`. ** Debian GNU/Linux **
Alexander Sack | : :' : The universal
asac at debian.org | `. `' Operating System
http://www.asoftsite.org/ | `- http://www.debian.org/
-------------- next part --------------
Index: mozilla/xpinstall/src/nsJSInstallTriggerGlobal.cpp
diff -u mozilla/xpinstall/src/nsJSInstallTriggerGlobal.cpp:1.35.6.4.2.5 mozilla/xpinstall/src/nsJSInstallTriggerGlobal.cpp:1.35.6.4.2.6
--- mozilla/xpinstall/src/nsJSInstallTriggerGlobal.cpp:1.35.6.4.2.5 Wed Jul 6 01:29:00 2005
+++ mozilla/xpinstall/src/nsJSInstallTriggerGlobal.cpp Mon Sep 12 23:27:19 2005
@@ -206,9 +206,7 @@
InstallTriggerGlobalUpdateEnabled(JSContext *cx, JSObject *obj, uintN argc, jsval *argv, jsval *rval)
{
nsIDOMInstallTriggerGlobal *nativeThis = (nsIDOMInstallTriggerGlobal*)
- JS_GetInstancePrivate(cx, obj, &InstallTriggerGlobalClass, argv);
- if (!nativeThis)
- return JS_FALSE;
+ JS_GetInstancePrivate(cx, obj, &InstallTriggerGlobalClass, 0);
*rval = JSVAL_FALSE;
@@ -235,9 +233,7 @@
InstallTriggerGlobalInstall(JSContext *cx, JSObject *obj, uintN argc, jsval *argv, jsval *rval)
{
nsIDOMInstallTriggerGlobal *nativeThis = (nsIDOMInstallTriggerGlobal*)
- JS_GetInstancePrivate(cx, obj, &InstallTriggerGlobalClass, argv);
- if (!nativeThis)
- return JS_FALSE;
+ JS_GetInstancePrivate(cx, obj, &InstallTriggerGlobalClass, 0);
*rval = JSVAL_FALSE;
@@ -412,9 +408,7 @@
InstallTriggerGlobalInstallChrome(JSContext *cx, JSObject *obj, uintN argc, jsval *argv, jsval *rval)
{
nsIDOMInstallTriggerGlobal *nativeThis = (nsIDOMInstallTriggerGlobal*)
- JS_GetInstancePrivate(cx, obj, &InstallTriggerGlobalClass, argv);
- if (!nativeThis)
- return JS_FALSE;
+ JS_GetInstancePrivate(cx, obj, &InstallTriggerGlobalClass, 0);
uint32 chromeType = NOT_CHROME;
nsAutoString sourceURL;
@@ -505,9 +499,7 @@
InstallTriggerGlobalStartSoftwareUpdate(JSContext *cx, JSObject *obj, uintN argc, jsval *argv, jsval *rval)
{
nsIDOMInstallTriggerGlobal *nativeThis = (nsIDOMInstallTriggerGlobal*)
- JS_GetInstancePrivate(cx, obj, &InstallTriggerGlobalClass, argv);
- if (!nativeThis)
- return JS_FALSE;
+ JS_GetInstancePrivate(cx, obj, &InstallTriggerGlobalClass, 0);
PRBool nativeRet;
PRInt32 flags = 0;
@@ -595,9 +587,7 @@
InstallTriggerGlobalCompareVersion(JSContext *cx, JSObject *obj, uintN argc, jsval *argv, jsval *rval)
{
nsIDOMInstallTriggerGlobal *nativeThis = (nsIDOMInstallTriggerGlobal*)
- JS_GetInstancePrivate(cx, obj, &InstallTriggerGlobalClass, argv);
- if (!nativeThis)
- return JS_FALSE;
+ JS_GetInstancePrivate(cx, obj, &InstallTriggerGlobalClass, 0);
nsAutoString regname;
nsAutoString version;
@@ -698,9 +688,7 @@
InstallTriggerGlobalGetVersion(JSContext *cx, JSObject *obj, uintN argc, jsval *argv, jsval *rval)
{
nsIDOMInstallTriggerGlobal *nativeThis = (nsIDOMInstallTriggerGlobal*)
- JS_GetInstancePrivate(cx, obj, &InstallTriggerGlobalClass, argv);
- if (!nativeThis)
- return JS_FALSE;
+ JS_GetInstancePrivate(cx, obj, &InstallTriggerGlobalClass, 0);
nsAutoString regname;
nsAutoString version;
More information about the pkg-mozilla-maintainers
mailing list