Mozilla Firefox Web browser
51a52cd487651b4a0b73b3c81136e86fec82ce36..da7fc7d3b9a6656f7a8e202d80b3639c29630242
2017-03-17 CentOS Sources
debrand firefox-52.0-5.el7_3
da7fc7 diff | tree
2017-03-17 CentOS Sources
import firefox-52.0-5.el7_3
464556 diff | tree
1 files added
1 files modified
95 ■■■■■ changed files
SOURCES/mozilla-1348168.patch 88 ●●●●● patch | view | raw | blame | history
SPECS/firefox.spec 7 ●●●● patch | view | raw | blame | history
SOURCES/mozilla-1348168.patch
New file
@@ -0,0 +1,88 @@
# HG changeset patch
# User Ehsan Akhgari <ehsan@mozilla.com>
# Date 1489719163 14400
# Node ID 4af7cd795eeef3bce2dd40d5a6e92d21304eaea1
# Parent  dac467924a46c4bbff97c948bf4a7143dada2b19
Bug 1348168 - Disable Mozilla custom ImageBitmap extensions that didn't go through proper API review; r=bzbarsky a=dveditz
diff --git a/dom/base/nsGlobalWindow.cpp b/dom/base/nsGlobalWindow.cpp
--- a/dom/base/nsGlobalWindow.cpp
+++ b/dom/base/nsGlobalWindow.cpp
@@ -14993,16 +14993,20 @@ nsGlobalWindow::CreateImageBitmap(const
 already_AddRefed<mozilla::dom::Promise>
 nsGlobalWindow::CreateImageBitmap(const ImageBitmapSource& aImage,
                                   int32_t aOffset, int32_t aLength,
                                   ImageBitmapFormat aFormat,
                                   const Sequence<ChannelPixelLayout>& aLayout,
                                   ErrorResult& aRv)
 {
+  if (!ImageBitmap::ExtensionsEnabled(nullptr, nullptr)) {
+    aRv.Throw(NS_ERROR_TYPE_ERR);
+    return nullptr;
+  }
   if (aImage.IsArrayBuffer() || aImage.IsArrayBufferView()) {
     return ImageBitmap::Create(this, aImage, aOffset, aLength, aFormat, aLayout,
                                aRv);
   } else {
     aRv.Throw(NS_ERROR_TYPE_ERR);
     return nullptr;
   }
 }
diff --git a/dom/workers/WorkerScope.cpp b/dom/workers/WorkerScope.cpp
--- a/dom/workers/WorkerScope.cpp
+++ b/dom/workers/WorkerScope.cpp
@@ -471,16 +471,24 @@ WorkerGlobalScope::CreateImageBitmap(con
 already_AddRefed<mozilla::dom::Promise>
 WorkerGlobalScope::CreateImageBitmap(const ImageBitmapSource& aImage,
                                      int32_t aOffset, int32_t aLength,
                                      ImageBitmapFormat aFormat,
                                      const Sequence<ChannelPixelLayout>& aLayout,
                                      ErrorResult& aRv)
 {
+  JSContext* cx = GetCurrentThreadJSContext();
+  MOZ_ASSERT(cx);
+
+  if (!ImageBitmap::ExtensionsEnabled(cx, nullptr)) {
+    aRv.Throw(NS_ERROR_TYPE_ERR);
+    return nullptr;
+  }
+
   if (aImage.IsArrayBuffer() || aImage.IsArrayBufferView()) {
     return ImageBitmap::Create(this, aImage, aOffset, aLength, aFormat, aLayout,
                                aRv);
   } else {
     aRv.Throw(NS_ERROR_TYPE_ERR);
     return nullptr;
   }
 }
diff --git a/modules/libpref/init/all.js b/modules/libpref/init/all.js
--- a/modules/libpref/init/all.js
+++ b/modules/libpref/init/all.js
@@ -831,22 +831,18 @@ pref("ui.scrollToClick", 0);
 pref("canvas.focusring.enabled", true);
 pref("canvas.customfocusring.enabled", false);
 pref("canvas.hitregions.enabled", false);
 pref("canvas.filters.enabled", true);
 // Add support for canvas path objects
 pref("canvas.path.enabled", true);
 pref("canvas.capturestream.enabled", true);
-// Disable the ImageBitmap-extensions in the release build.
-#ifdef RELEASE_OR_BETA
+// Disable the ImageBitmap-extensions for now.
 pref("canvas.imagebitmap_extensions.enabled", false);
-#else
-pref("canvas.imagebitmap_extensions.enabled", true);
-#endif
 // We want the ability to forcibly disable platform a11y, because
 // some non-a11y-related components attempt to bring it up.  See bug
 // 538530 for details about Windows; we have a pref here that allows it
 // to be disabled for performance and testing resons.
 // See bug 761589 for the crossplatform aspect.
 //
 // This pref is checked only once, and the browser needs a restart to
SPECS/firefox.spec
@@ -77,7 +77,7 @@
Summary:        Mozilla Firefox Web browser
Name:           firefox
Version:        52.0
Release:        4%{?dist}
Release:        5%{?dist}
URL:            http://www.mozilla.org/projects/firefox/
License:        MPLv1.1 or GPLv2+ or LGPLv2+
Group:          Applications/Internet
@@ -126,6 +126,7 @@
Patch112:       mozilla-256180.patch
Patch113:       rhbz-1414535.patch
Patch114:       rhbz-1423012.patch
Patch115:       mozilla-1348168.patch
# Upstream patches
# Skia support for big endian platforms, since patch got review- I think we can delete that:
@@ -379,6 +380,7 @@
%patch112 -p1 -b .mozbz-256180
%patch113 -p1 -b .rhbz-1414535
%patch114 -p1 -b .rhbz-1423012
%patch115 -p1 -b .mozbz-1348168
# Upstream patches
#%patch201 -p1 -b .mozbz-1005535 see Patch201 comment
@@ -880,6 +882,9 @@
#---------------------------------------------------------------------
%changelog
* Fri Mar 17 2017 Martin Stransky <stransky@redhat.com> - 52.0-5
- Added fix for mozbz#1348168/CVE-2017-5428
* Mon Mar  6 2017 Jan Horak <jhorak@redhat.com> - 52.0-4
- Update to 52.0 ESR (b4)