- Patch CAN-2005-2871 hyphen domain name security bug

Obtained from: FreeBSD Ports Collection git-svn-id: svn://creme-brulee.marcuscom.com/ports/trunk@4815 df743ca5-7f9a-e211-a948-0013205c9059
author: pav <pav@df743ca5-7f9a-e211-a948-0013205c9059> 2005-09-11 01:49:54 +0800
committer: pav <pav@df743ca5-7f9a-e211-a948-0013205c9059> 2005-09-11 01:49:54 +0800
commit: fcec9bc4f56229f70e44d7fd2a62fee602912395 (patch)
tree: 4b9ed1c9acedd493b12b610d7f32d7f8ba4d6007 /www
parent: fc0dca3f0cb164f4ac48b4a4b05f9b7ae5ce278b (diff)
download: marcuscom-ports-fcec9bc4f56229f70e44d7fd2a62fee602912395.tar
marcuscom-ports-fcec9bc4f56229f70e44d7fd2a62fee602912395.tar.gz
marcuscom-ports-fcec9bc4f56229f70e44d7fd2a62fee602912395.tar.bz2
marcuscom-ports-fcec9bc4f56229f70e44d7fd2a62fee602912395.tar.lz
marcuscom-ports-fcec9bc4f56229f70e44d7fd2a62fee602912395.tar.xz
marcuscom-ports-fcec9bc4f56229f70e44d7fd2a62fee602912395.tar.zst
marcuscom-ports-fcec9bc4f56229f70e44d7fd2a62fee602912395.zip
6 files changed, 306 insertions, 6 deletions
diff --git a/www/mozilla-devel/Makefile b/www/mozilla-devel/Makefile
index 0fe1da746..6bc125a94 100644
--- a/www/mozilla-devel/Makefile
+++ b/www/mozilla-devel/Makefile
@@ -3,12 +3,12 @@
 # Whom:			eivind/dima/jseger
 #
 # $FreeBSD$
-#    $MCom: ports/www/mozilla-devel/Makefile,v 1.6 2005/08/19 02:31:13 mezz Exp $
+#    $MCom: ports/www/mozilla-devel/Makefile,v 1.7 2005/08/20 00:00:49 marcus Exp $
 #
 
 PORTNAME?=	mozilla
 PORTVERSION=	1.8.b1
-PORTREVISION?=	5
+PORTREVISION?=	6
 PORTEPOCH?=	2
 CATEGORIES?=	www
 MASTER_SITES=	${MASTER_SITE_MOZILLA}
diff --git a/www/mozilla-devel/files/patch-CAN-2005-2871 b/www/mozilla-devel/files/patch-CAN-2005-2871
new file mode 100644
index 000000000..0fd2cc670
--- /dev/null
+++ b/www/mozilla-devel/files/patch-CAN-2005-2871
@@ -0,0 +1,92 @@
+Index: netwerk/base/src/nsStandardURL.cpp
+===================================================================
+RCS file: /cvs/mozilla/netwerk/base/src/nsStandardURL.cpp,v
+retrieving revision 1.82
+diff -p -u -1 -2 -r1.82 nsStandardURL.cpp
+--- netwerk/base/src/nsStandardURL.cpp	20 Jun 2005 05:23:20 -0000	1.82
++++ netwerk/base/src/nsStandardURL.cpp	9 Sep 2005 16:34:42 -0000
+@@ -458,24 +458,25 @@ nsStandardURL::AppendToBuf(char *buf, PR
+ //  4- update url segment positions and lengths
+ nsresult
+ nsStandardURL::BuildNormalizedSpec(const char *spec)
+ {
+     // Assumptions: all member URLSegments must be relative the |spec| argument
+     // passed to this function.
+ 
+     // buffers for holding escaped url segments (these will remain empty unless
+     // escaping is required).
+     nsCAutoString encUsername;
+     nsCAutoString encPassword;
+     nsCAutoString encHost;
++    PRBool useEncHost;
+     nsCAutoString encDirectory;
+     nsCAutoString encBasename;
+     nsCAutoString encExtension;
+     nsCAutoString encParam;
+     nsCAutoString encQuery;
+     nsCAutoString encRef;
+ 
+     //
+     // escape each URL segment, if necessary, and calculate approximate normalized
+     // spec length.
+     //
+     PRInt32 approxLen = 3; // includes room for "://"
+@@ -497,25 +498,25 @@ nsStandardURL::BuildNormalizedSpec(const
+         approxLen += encoder.EncodeSegmentCount(spec, mParam,     esc_Param,         encParam);
+         approxLen += encoder.EncodeSegmentCount(spec, mQuery,     esc_Query,         encQuery);
+         approxLen += encoder.EncodeSegmentCount(spec, mRef,       esc_Ref,           encRef);
+     }
+ 
+     // do not escape the hostname, if IPv6 address literal, mHost will
+     // already point to a [ ] delimited IPv6 address literal.
+     // However, perform Unicode normalization on it, as IDN does.
+     mHostEncoding = eEncoding_ASCII;
+     if (mHost.mLen > 0) {
+         const nsCSubstring& tempHost =
+             Substring(spec + mHost.mPos, spec + mHost.mPos + mHost.mLen);
+-        if (NormalizeIDN(tempHost, encHost))
++        if ((useEncHost = NormalizeIDN(tempHost, encHost)))
+             approxLen += encHost.Length();
+         else
+             approxLen += mHost.mLen;
+     }
+ 
+     //
+     // generate the normalized URL string
+     //
+     mSpec.SetLength(approxLen + 32);
+     char *buf;
+     mSpec.BeginWriting(buf);
+     PRUint32 i = 0;
+@@ -530,25 +531,30 @@ nsStandardURL::BuildNormalizedSpec(const
+     mAuthority.mPos = i;
+ 
+     // append authority
+     if (mUsername.mLen > 0) {
+         i = AppendSegmentToBuf(buf, i, spec, mUsername, &encUsername);
+         if (mPassword.mLen >= 0) {
+             buf[i++] = ':';
+             i = AppendSegmentToBuf(buf, i, spec, mPassword, &encPassword);
+         }
+         buf[i++] = '@';
+     }
+     if (mHost.mLen > 0) {
+-        i = AppendSegmentToBuf(buf, i, spec, mHost, &encHost);
++        if (useEncHost) {
++            mHost.mPos = i;
++            mHost.mLen = encHost.Length();
++            i = AppendToBuf(buf, i, encHost.get(), mHost.mLen);
++        } else
++            i = AppendSegmentToBuf(buf, i, spec, mHost);
+         net_ToLowerCase(buf + mHost.mPos, mHost.mLen);
+         if (mPort != -1 && mPort != mDefaultPort) {
+             nsCAutoString portbuf;
+             portbuf.AppendInt(mPort);
+             buf[i++] = ':';
+             i = AppendToBuf(buf, i, portbuf.get(), portbuf.Length());
+         }
+     }
+ 
+     // record authority length
+     mAuthority.mLen = i - mAuthority.mPos;
+ 
diff --git a/www/mozilla/Makefile b/www/mozilla/Makefile
index c346b58e0..24c8e2b41 100644
--- a/www/mozilla/Makefile
+++ b/www/mozilla/Makefile
@@ -3,12 +3,12 @@
 # Whom:			eivind/dima/jseger
 #
 # $FreeBSD$
-#    $MCom: ports/www/mozilla/Makefile,v 1.18 2005/08/19 02:28:16 mezz Exp $
+#    $MCom: ports/www/mozilla/Makefile,v 1.19 2005/08/19 23:59:13 marcus Exp $
 #
 
 PORTNAME=	mozilla
 PORTVERSION=	1.7.11
-PORTREVISION?=	1
+PORTREVISION?=	2
 PORTEPOCH=	2
 CATEGORIES?=	www
 MASTER_SITES=	${MASTER_SITE_MOZILLA} \
diff --git a/www/mozilla/files/patch-CAN-2005-2871 b/www/mozilla/files/patch-CAN-2005-2871
new file mode 100644
index 000000000..eca8515ad
--- /dev/null
+++ b/www/mozilla/files/patch-CAN-2005-2871
@@ -0,0 +1,104 @@
+Index: netwerk/base/src/nsStandardURL.cpp
+===================================================================
+RCS file: /cvs/mozilla/netwerk/base/src/nsStandardURL.cpp,v
+retrieving revision 1.60.16.2
+diff -p -u -1 -2 -r1.60.16.2 nsStandardURL.cpp
+--- netwerk/base/src/nsStandardURL.cpp	17 Feb 2005 23:40:53 -0000	1.60.16.2
++++ netwerk/base/src/nsStandardURL.cpp	9 Sep 2005 16:34:46 -0000
+@@ -403,24 +403,25 @@ nsStandardURL::AppendToBuf(char *buf, PR
+ //  4- update url segment positions and lengths
+ nsresult
+ nsStandardURL::BuildNormalizedSpec(const char *spec)
+ {
+     // Assumptions: all member URLSegments must be relative the |spec| argument
+     // passed to this function.
+ 
+     // buffers for holding escaped url segments (these will remain empty unless
+     // escaping is required).
+     nsCAutoString encUsername;
+     nsCAutoString encPassword;
+     nsCAutoString encHost;
++    PRBool useEncHost;
+     nsCAutoString encDirectory;
+     nsCAutoString encBasename;
+     nsCAutoString encExtension;
+     nsCAutoString encParam;
+     nsCAutoString encQuery;
+     nsCAutoString encRef;
+ 
+     //
+     // escape each URL segment, if necessary, and calculate approximate normalized
+     // spec length.
+     //
+     PRInt32 approxLen = 3; // includes room for "://"
+@@ -440,34 +441,36 @@ nsStandardURL::BuildNormalizedSpec(const
+         approxLen += encoder.EncodeSegmentCount(spec, mBasename,  esc_FileBaseName,  encBasename);
+         approxLen += encoder.EncodeSegmentCount(spec, mExtension, esc_FileExtension, encExtension);
+         approxLen += encoder.EncodeSegmentCount(spec, mParam,     esc_Param,         encParam);
+         approxLen += encoder.EncodeSegmentCount(spec, mQuery,     esc_Query,         encQuery);
+         approxLen += encoder.EncodeSegmentCount(spec, mRef,       esc_Ref,           encRef);
+     }
+ 
+     // do not escape the hostname, if IPv6 address literal, mHost will
+     // already point to a [ ] delimited IPv6 address literal.
+     // However, perform Unicode normalization on it, as IDN does.
+     mHostEncoding = eEncoding_ASCII;
+     if (mHost.mLen > 0) {
++        useEncHost = PR_FALSE;
+         const nsCSubstring& tempHost =
+             Substring(spec + mHost.mPos, spec + mHost.mPos + mHost.mLen);
+         if (IsASCII(tempHost))
+             approxLen += mHost.mLen;
+         else {
+             mHostEncoding = eEncoding_UTF8;
+             if (gIDNService &&
+-                NS_SUCCEEDED(gIDNService->Normalize(tempHost, encHost)))
++                NS_SUCCEEDED(gIDNService->Normalize(tempHost, encHost))) {
+                 approxLen += encHost.Length();
+-            else {
++                useEncHost = PR_TRUE;
++            } else {
+                 encHost.Truncate();
+                 approxLen += mHost.mLen;
+             }
+         }
+     }
+ 
+     //
+     // generate the normalized URL string
+     //
+     mSpec.SetLength(approxLen + 32);
+     char *buf;
+     mSpec.BeginWriting(buf);
+@@ -483,25 +486,30 @@ nsStandardURL::BuildNormalizedSpec(const
+     mAuthority.mPos = i;
+ 
+     // append authority
+     if (mUsername.mLen > 0) {
+         i = AppendSegmentToBuf(buf, i, spec, mUsername, &encUsername);
+         if (mPassword.mLen >= 0) {
+             buf[i++] = ':';
+             i = AppendSegmentToBuf(buf, i, spec, mPassword, &encPassword);
+         }
+         buf[i++] = '@';
+     }
+     if (mHost.mLen > 0) {
+-        i = AppendSegmentToBuf(buf, i, spec, mHost, &encHost);
++        if (useEncHost) {
++            mHost.mPos = i;
++            mHost.mLen = encHost.Length();
++            i = AppendToBuf(buf, i, encHost.get(), mHost.mLen);
++        } else
++            i = AppendSegmentToBuf(buf, i, spec, mHost);
+         net_ToLowerCase(buf + mHost.mPos, mHost.mLen);
+         if (mPort != -1 && mPort != mDefaultPort) {
+             nsCAutoString portbuf;
+             portbuf.AppendInt(mPort);
+             buf[i++] = ':';
+             i = AppendToBuf(buf, i, portbuf.get(), portbuf.Length());
+         }
+     }
+ 
+     // record authority length
+     mAuthority.mLen = i - mAuthority.mPos;
+ 
diff --git a/www/seamonkey/Makefile b/www/seamonkey/Makefile
index c346b58e0..24c8e2b41 100644
--- a/www/seamonkey/Makefile
+++ b/www/seamonkey/Makefile
@@ -3,12 +3,12 @@
 # Whom:			eivind/dima/jseger
 #
 # $FreeBSD$
-#    $MCom: ports/www/mozilla/Makefile,v 1.18 2005/08/19 02:28:16 mezz Exp $
+#    $MCom: ports/www/mozilla/Makefile,v 1.19 2005/08/19 23:59:13 marcus Exp $
 #
 
 PORTNAME=	mozilla
 PORTVERSION=	1.7.11
-PORTREVISION?=	1
+PORTREVISION?=	2
 PORTEPOCH=	2
 CATEGORIES?=	www
 MASTER_SITES=	${MASTER_SITE_MOZILLA} \
diff --git a/www/seamonkey/files/patch-CAN-2005-2871 b/www/seamonkey/files/patch-CAN-2005-2871
new file mode 100644
index 000000000..eca8515ad
--- /dev/null
+++ b/www/seamonkey/files/patch-CAN-2005-2871
@@ -0,0 +1,104 @@
+Index: netwerk/base/src/nsStandardURL.cpp
+===================================================================
+RCS file: /cvs/mozilla/netwerk/base/src/nsStandardURL.cpp,v
+retrieving revision 1.60.16.2
+diff -p -u -1 -2 -r1.60.16.2 nsStandardURL.cpp
+--- netwerk/base/src/nsStandardURL.cpp	17 Feb 2005 23:40:53 -0000	1.60.16.2
++++ netwerk/base/src/nsStandardURL.cpp	9 Sep 2005 16:34:46 -0000
+@@ -403,24 +403,25 @@ nsStandardURL::AppendToBuf(char *buf, PR
+ //  4- update url segment positions and lengths
+ nsresult
+ nsStandardURL::BuildNormalizedSpec(const char *spec)
+ {
+     // Assumptions: all member URLSegments must be relative the |spec| argument
+     // passed to this function.
+ 
+     // buffers for holding escaped url segments (these will remain empty unless
+     // escaping is required).
+     nsCAutoString encUsername;
+     nsCAutoString encPassword;
+     nsCAutoString encHost;
++    PRBool useEncHost;
+     nsCAutoString encDirectory;
+     nsCAutoString encBasename;
+     nsCAutoString encExtension;
+     nsCAutoString encParam;
+     nsCAutoString encQuery;
+     nsCAutoString encRef;
+ 
+     //
+     // escape each URL segment, if necessary, and calculate approximate normalized
+     // spec length.
+     //
+     PRInt32 approxLen = 3; // includes room for "://"
+@@ -440,34 +441,36 @@ nsStandardURL::BuildNormalizedSpec(const
+         approxLen += encoder.EncodeSegmentCount(spec, mBasename,  esc_FileBaseName,  encBasename);
+         approxLen += encoder.EncodeSegmentCount(spec, mExtension, esc_FileExtension, encExtension);
+         approxLen += encoder.EncodeSegmentCount(spec, mParam,     esc_Param,         encParam);
+         approxLen += encoder.EncodeSegmentCount(spec, mQuery,     esc_Query,         encQuery);
+         approxLen += encoder.EncodeSegmentCount(spec, mRef,       esc_Ref,           encRef);
+     }
+ 
+     // do not escape the hostname, if IPv6 address literal, mHost will
+     // already point to a [ ] delimited IPv6 address literal.
+     // However, perform Unicode normalization on it, as IDN does.
+     mHostEncoding = eEncoding_ASCII;
+     if (mHost.mLen > 0) {
++        useEncHost = PR_FALSE;
+         const nsCSubstring& tempHost =
+             Substring(spec + mHost.mPos, spec + mHost.mPos + mHost.mLen);
+         if (IsASCII(tempHost))
+             approxLen += mHost.mLen;
+         else {
+             mHostEncoding = eEncoding_UTF8;
+             if (gIDNService &&
+-                NS_SUCCEEDED(gIDNService->Normalize(tempHost, encHost)))
++                NS_SUCCEEDED(gIDNService->Normalize(tempHost, encHost))) {
+                 approxLen += encHost.Length();
+-            else {
++                useEncHost = PR_TRUE;
++            } else {
+                 encHost.Truncate();
+                 approxLen += mHost.mLen;
+             }
+         }
+     }
+ 
+     //
+     // generate the normalized URL string
+     //
+     mSpec.SetLength(approxLen + 32);
+     char *buf;
+     mSpec.BeginWriting(buf);
+@@ -483,25 +486,30 @@ nsStandardURL::BuildNormalizedSpec(const
+     mAuthority.mPos = i;
+ 
+     // append authority
+     if (mUsername.mLen > 0) {
+         i = AppendSegmentToBuf(buf, i, spec, mUsername, &encUsername);
+         if (mPassword.mLen >= 0) {
+             buf[i++] = ':';
+             i = AppendSegmentToBuf(buf, i, spec, mPassword, &encPassword);
+         }
+         buf[i++] = '@';
+     }
+     if (mHost.mLen > 0) {
+-        i = AppendSegmentToBuf(buf, i, spec, mHost, &encHost);
++        if (useEncHost) {
++            mHost.mPos = i;
++            mHost.mLen = encHost.Length();
++            i = AppendToBuf(buf, i, encHost.get(), mHost.mLen);
++        } else
++            i = AppendSegmentToBuf(buf, i, spec, mHost);
+         net_ToLowerCase(buf + mHost.mPos, mHost.mLen);
+         if (mPort != -1 && mPort != mDefaultPort) {
+             nsCAutoString portbuf;
+             portbuf.AppendInt(mPort);
+             buf[i++] = ':';
+             i = AppendToBuf(buf, i, portbuf.get(), portbuf.Length());
+         }
+     }
+ 
+     // record authority length
+     mAuthority.mLen = i - mAuthority.mPos;
+
author	pav <pav@df743ca5-7f9a-e211-a948-0013205c9059>	2005-09-11 01:49:54 +0800
committer	pav <pav@df743ca5-7f9a-e211-a948-0013205c9059>	2005-09-11 01:49:54 +0800
commit	fcec9bc4f56229f70e44d7fd2a62fee602912395 (patch)
tree	4b9ed1c9acedd493b12b610d7f32d7f8ba4d6007 /www
parent	fc0dca3f0cb164f4ac48b4a4b05f9b7ae5ce278b (diff)
download	marcuscom-ports-fcec9bc4f56229f70e44d7fd2a62fee602912395.tar marcuscom-ports-fcec9bc4f56229f70e44d7fd2a62fee602912395.tar.gz marcuscom-ports-fcec9bc4f56229f70e44d7fd2a62fee602912395.tar.bz2 marcuscom-ports-fcec9bc4f56229f70e44d7fd2a62fee602912395.tar.lz marcuscom-ports-fcec9bc4f56229f70e44d7fd2a62fee602912395.tar.xz marcuscom-ports-fcec9bc4f56229f70e44d7fd2a62fee602912395.tar.zst marcuscom-ports-fcec9bc4f56229f70e44d7fd2a62fee602912395.zip