mirror of
https://git.in.rschanz.org/ryan77627/guix.git
synced 2025-01-12 22:26:40 -05:00
d2cebbf694
Document the fact that we include fixes for CVE-2018-5154, CVE-2018-5155, CVE-2018-5157, CVE-2018-5158, CVE-2018-5159, CVE-2018-5168, CVE-2018-5178, and 9/10 changesets for CVE-2018-5150. * gnu/packages/gnuzilla.scm (icecat)[source]: Relabel patches to reflect CVE assignments. * gnu/packages/patches/icecat-bug-1452075.patch: Rename to... * gnu/packages/patches/icecat-CVE-2018-5157-and-CVE-2018-5158.patch: ...this. * gnu/local.mk (dist_patch_DATA): Rename it.
441 lines
17 KiB
Diff
441 lines
17 KiB
Diff
Based on <https://hg.mozilla.org/releases/mozilla-esr52/rev/608e76ec5ba2>
|
|
Adapted to apply cleanly to GNU IceCat.
|
|
|
|
# HG changeset patch
|
|
# User Ryan VanderMeulen <ryanvm@gmail.com>
|
|
# Date 1523630807 14400
|
|
# Node ID 608e76ec5ba25cec2271d2b400c7bce2d4c5ef79
|
|
# Parent 10b7f43b536f93151201d44d304c991aa9af5d0c
|
|
Bug 1452075 - Backport some upstream pdf.js fixes to ESR52. r=bdahl, r=yury, a=RyanVM
|
|
|
|
diff --git a/browser/extensions/pdfjs/content/PdfStreamConverter.jsm b/browser/extensions/pdfjs/content/PdfStreamConverter.jsm
|
|
--- a/browser/extensions/pdfjs/content/PdfStreamConverter.jsm
|
|
+++ b/browser/extensions/pdfjs/content/PdfStreamConverter.jsm
|
|
@@ -24,17 +24,18 @@ const Cc = Components.classes;
|
|
const Ci = Components.interfaces;
|
|
const Cr = Components.results;
|
|
const Cu = Components.utils;
|
|
// True only if this is the version of pdf.js that is included with icecat.
|
|
const MOZ_CENTRAL = JSON.parse('true');
|
|
const PDFJS_EVENT_ID = 'pdf.js.message';
|
|
const PDF_CONTENT_TYPE = 'application/pdf';
|
|
const PREF_PREFIX = 'pdfjs';
|
|
-const PDF_VIEWER_WEB_PAGE = 'resource://pdf.js/web/viewer.html';
|
|
+const PDF_VIEWER_ORIGIN = "resource://pdf.js";
|
|
+const PDF_VIEWER_WEB_PAGE = "resource://pdf.js/web/viewer.html";
|
|
const MAX_NUMBER_OF_PREFS = 50;
|
|
const MAX_STRING_PREF_LENGTH = 128;
|
|
|
|
Cu.import('resource://gre/modules/XPCOMUtils.jsm');
|
|
Cu.import('resource://gre/modules/Services.jsm');
|
|
Cu.import('resource://gre/modules/NetUtil.jsm');
|
|
|
|
XPCOMUtils.defineLazyModuleGetter(this, 'NetworkManager',
|
|
@@ -105,21 +106,25 @@ function log(aMsg) {
|
|
if (!getBoolPref(PREF_PREFIX + '.pdfBugEnabled', false)) {
|
|
return;
|
|
}
|
|
var msg = 'PdfStreamConverter.js: ' + (aMsg.join ? aMsg.join('') : aMsg);
|
|
Services.console.logStringMessage(msg);
|
|
dump(msg + '\n');
|
|
}
|
|
|
|
-function getDOMWindow(aChannel) {
|
|
+function getDOMWindow(aChannel, aPrincipal) {
|
|
var requestor = aChannel.notificationCallbacks ?
|
|
aChannel.notificationCallbacks :
|
|
aChannel.loadGroup.notificationCallbacks;
|
|
var win = requestor.getInterface(Components.interfaces.nsIDOMWindow);
|
|
+ // Ensure the window wasn't navigated to something that is not PDF.js.
|
|
+ if (!win.document.nodePrincipal.equals(aPrincipal)) {
|
|
+ return null;
|
|
+ }
|
|
return win;
|
|
}
|
|
|
|
function getLocalizedStrings(path) {
|
|
var stringBundle = Cc['@mozilla.org/intl/stringbundle;1'].
|
|
getService(Ci.nsIStringBundleService).
|
|
createBundle('chrome://pdf.js/locale/' + path);
|
|
|
|
@@ -627,31 +632,31 @@ var RangedChromeActions = (function Rang
|
|
data = this.dataListener.readData();
|
|
|
|
this.dataListener.onprogress = function (loaded, total) {
|
|
self.domWindow.postMessage({
|
|
pdfjsLoadAction: 'progressiveRead',
|
|
loaded: loaded,
|
|
total: total,
|
|
chunk: self.dataListener.readData()
|
|
- }, '*');
|
|
+ }, PDF_VIEWER_ORIGIN);
|
|
};
|
|
this.dataListener.oncomplete = function () {
|
|
self.dataListener = null;
|
|
};
|
|
}
|
|
|
|
this.domWindow.postMessage({
|
|
pdfjsLoadAction: 'supportsRangedLoading',
|
|
rangeEnabled: this.rangeEnabled,
|
|
streamingEnabled: this.streamingEnabled,
|
|
pdfUrl: this.pdfUrl,
|
|
length: this.contentLength,
|
|
data: data
|
|
- }, '*');
|
|
+ }, PDF_VIEWER_ORIGIN);
|
|
|
|
return true;
|
|
};
|
|
|
|
proto.requestDataRange = function RangedChromeActions_requestDataRange(args) {
|
|
if (!this.rangeEnabled) {
|
|
return;
|
|
}
|
|
@@ -663,23 +668,23 @@ var RangedChromeActions = (function Rang
|
|
// errors from chrome code for non-range requests, so this doesn't
|
|
// seem high-pri
|
|
this.networkManager.requestRange(begin, end, {
|
|
onDone: function RangedChromeActions_onDone(args) {
|
|
domWindow.postMessage({
|
|
pdfjsLoadAction: 'range',
|
|
begin: args.begin,
|
|
chunk: args.chunk
|
|
- }, '*');
|
|
+ }, PDF_VIEWER_ORIGIN);
|
|
},
|
|
onProgress: function RangedChromeActions_onProgress(evt) {
|
|
domWindow.postMessage({
|
|
pdfjsLoadAction: 'rangeProgress',
|
|
loaded: evt.loaded,
|
|
- }, '*');
|
|
+ }, PDF_VIEWER_ORIGIN);
|
|
}
|
|
});
|
|
};
|
|
|
|
proto.abortLoading = function RangedChromeActions_abortLoading() {
|
|
this.networkManager.abortAllRequests();
|
|
if (this.originalRequest) {
|
|
this.originalRequest.cancel(Cr.NS_BINDING_ABORTED);
|
|
@@ -718,26 +723,26 @@ var StandardChromeActions = (function St
|
|
var self = this;
|
|
|
|
this.dataListener.onprogress = function ChromeActions_dataListenerProgress(
|
|
loaded, total) {
|
|
self.domWindow.postMessage({
|
|
pdfjsLoadAction: 'progress',
|
|
loaded: loaded,
|
|
total: total
|
|
- }, '*');
|
|
+ }, PDF_VIEWER_ORIGIN);
|
|
};
|
|
|
|
this.dataListener.oncomplete =
|
|
function StandardChromeActions_dataListenerComplete(data, errorCode) {
|
|
self.domWindow.postMessage({
|
|
pdfjsLoadAction: 'complete',
|
|
data: data,
|
|
errorCode: errorCode
|
|
- }, '*');
|
|
+ }, PDF_VIEWER_ORIGIN);
|
|
|
|
self.dataListener = null;
|
|
self.originalRequest = null;
|
|
};
|
|
|
|
return true;
|
|
};
|
|
|
|
@@ -972,31 +977,35 @@ PdfStreamConverter.prototype = {
|
|
var proxy = {
|
|
onStartRequest: function(request, context) {
|
|
listener.onStartRequest(aRequest, aContext);
|
|
},
|
|
onDataAvailable: function(request, context, inputStream, offset, count) {
|
|
listener.onDataAvailable(aRequest, aContext, inputStream,
|
|
offset, count);
|
|
},
|
|
- onStopRequest: function(request, context, statusCode) {
|
|
- // We get the DOM window here instead of before the request since it
|
|
- // may have changed during a redirect.
|
|
- var domWindow = getDOMWindow(channel);
|
|
+ onStopRequest(request, context, statusCode) {
|
|
+ var domWindow = getDOMWindow(channel, resourcePrincipal);
|
|
+ if (!Components.isSuccessCode(statusCode) || !domWindow) {
|
|
+ // The request may have been aborted and the document may have been
|
|
+ // replaced with something that is not PDF.js, abort attaching.
|
|
+ listener.onStopRequest(aRequest, context, statusCode);
|
|
+ return;
|
|
+ }
|
|
var actions;
|
|
if (rangeRequest || streamRequest) {
|
|
actions = new RangedChromeActions(
|
|
domWindow, contentDispositionFilename, aRequest,
|
|
rangeRequest, streamRequest, dataListener);
|
|
} else {
|
|
actions = new StandardChromeActions(
|
|
domWindow, contentDispositionFilename, aRequest, dataListener);
|
|
}
|
|
var requestListener = new RequestListener(actions);
|
|
- domWindow.addEventListener(PDFJS_EVENT_ID, function(event) {
|
|
+ domWindow.document.addEventListener(PDFJS_EVENT_ID, function(event) {
|
|
requestListener.receive(event);
|
|
}, false, true);
|
|
if (actions.supportsIntegratedFind()) {
|
|
var findEventManager = new FindEventManager(domWindow);
|
|
findEventManager.bind();
|
|
}
|
|
listener.onStopRequest(aRequest, aContext, statusCode);
|
|
|
|
diff --git a/browser/extensions/pdfjs/content/build/pdf.worker.js b/browser/extensions/pdfjs/content/build/pdf.worker.js
|
|
--- a/browser/extensions/pdfjs/content/build/pdf.worker.js
|
|
+++ b/browser/extensions/pdfjs/content/build/pdf.worker.js
|
|
@@ -41648,16 +41648,32 @@
|
|
var error = sharedUtil.error;
|
|
var info = sharedUtil.info;
|
|
var isArray = sharedUtil.isArray;
|
|
var isBool = sharedUtil.isBool;
|
|
var isDict = corePrimitives.isDict;
|
|
var isStream = corePrimitives.isStream;
|
|
var PostScriptLexer = corePsParser.PostScriptLexer;
|
|
var PostScriptParser = corePsParser.PostScriptParser;
|
|
+ function toNumberArray(arr) {
|
|
+ if (!Array.isArray(arr)) {
|
|
+ return null;
|
|
+ }
|
|
+ var length = arr.length;
|
|
+ for (var i = 0; i < length; i++) {
|
|
+ if (typeof arr[i] !== 'number') {
|
|
+ var result = new Array(length);
|
|
+ for (var j = 0; j < length; j++) {
|
|
+ result[j] = +arr[j];
|
|
+ }
|
|
+ return result;
|
|
+ }
|
|
+ }
|
|
+ return arr;
|
|
+ }
|
|
var PDFFunction = function PDFFunctionClosure() {
|
|
var CONSTRUCT_SAMPLED = 0;
|
|
var CONSTRUCT_INTERPOLATED = 2;
|
|
var CONSTRUCT_STICHED = 3;
|
|
var CONSTRUCT_POSTSCRIPT = 4;
|
|
return {
|
|
getSampleArray: function PDFFunction_getSampleArray(size, outputSize, bps, str) {
|
|
var i, ii;
|
|
@@ -41747,43 +41763,43 @@
|
|
out[index] = [
|
|
arr[i],
|
|
arr[i + 1]
|
|
];
|
|
++index;
|
|
}
|
|
return out;
|
|
}
|
|
- var domain = dict.getArray('Domain');
|
|
- var range = dict.getArray('Range');
|
|
+ var domain = toNumberArray(dict.getArray('Domain'));
|
|
+ var range = toNumberArray(dict.getArray('Range'));
|
|
if (!domain || !range) {
|
|
error('No domain or range');
|
|
}
|
|
var inputSize = domain.length / 2;
|
|
var outputSize = range.length / 2;
|
|
domain = toMultiArray(domain);
|
|
range = toMultiArray(range);
|
|
- var size = dict.get('Size');
|
|
+ var size = toNumberArray(dict.get('Size'));
|
|
var bps = dict.get('BitsPerSample');
|
|
var order = dict.get('Order') || 1;
|
|
if (order !== 1) {
|
|
// No description how cubic spline interpolation works in PDF32000:2008
|
|
// As in poppler, ignoring order, linear interpolation may work as good
|
|
info('No support for cubic spline interpolation: ' + order);
|
|
}
|
|
- var encode = dict.getArray('Encode');
|
|
+ var encode = toNumberArray(dict.getArray('Encode'));
|
|
if (!encode) {
|
|
encode = [];
|
|
for (var i = 0; i < inputSize; ++i) {
|
|
- encode.push(0);
|
|
- encode.push(size[i] - 1);
|
|
- }
|
|
- }
|
|
- encode = toMultiArray(encode);
|
|
- var decode = dict.getArray('Decode');
|
|
+ encode.push([0, size[i] - 1]);
|
|
+ }
|
|
+ } else {
|
|
+ encode = toMultiArray(encode);
|
|
+ }
|
|
+ var decode = toNumberArray(dict.getArray('Decode'));
|
|
if (!decode) {
|
|
decode = range;
|
|
} else {
|
|
decode = toMultiArray(decode);
|
|
}
|
|
var samples = this.getSampleArray(size, outputSize, bps, str);
|
|
return [
|
|
CONSTRUCT_SAMPLED,
|
|
@@ -41868,22 +41884,19 @@
|
|
// Decode_2j, Decode_2j+1)
|
|
rj = interpolate(rj, 0, 1, decode[j][0], decode[j][1]);
|
|
// y_j = min(max(r_j, range_2j), range_2j+1)
|
|
dest[destOffset + j] = Math.min(Math.max(rj, range[j][0]), range[j][1]);
|
|
}
|
|
};
|
|
},
|
|
constructInterpolated: function PDFFunction_constructInterpolated(str, dict) {
|
|
- var c0 = dict.getArray('C0') || [0];
|
|
- var c1 = dict.getArray('C1') || [1];
|
|
+ var c0 = toNumberArray(dict.getArray('C0')) || [0];
|
|
+ var c1 = toNumberArray(dict.getArray('C1')) || [1];
|
|
var n = dict.get('N');
|
|
- if (!isArray(c0) || !isArray(c1)) {
|
|
- error('Illegal dictionary for interpolated function');
|
|
- }
|
|
var length = c0.length;
|
|
var diff = [];
|
|
for (var i = 0; i < length; ++i) {
|
|
diff.push(c1[i] - c0[i]);
|
|
}
|
|
return [
|
|
CONSTRUCT_INTERPOLATED,
|
|
c0,
|
|
@@ -41899,49 +41912,45 @@
|
|
return function constructInterpolatedFromIRResult(src, srcOffset, dest, destOffset) {
|
|
var x = n === 1 ? src[srcOffset] : Math.pow(src[srcOffset], n);
|
|
for (var j = 0; j < length; ++j) {
|
|
dest[destOffset + j] = c0[j] + x * diff[j];
|
|
}
|
|
};
|
|
},
|
|
constructStiched: function PDFFunction_constructStiched(fn, dict, xref) {
|
|
- var domain = dict.getArray('Domain');
|
|
+ var domain = toNumberArray(dict.getArray('Domain'));
|
|
if (!domain) {
|
|
error('No domain');
|
|
}
|
|
var inputSize = domain.length / 2;
|
|
if (inputSize !== 1) {
|
|
error('Bad domain for stiched function');
|
|
}
|
|
var fnRefs = dict.get('Functions');
|
|
var fns = [];
|
|
for (var i = 0, ii = fnRefs.length; i < ii; ++i) {
|
|
- fns.push(PDFFunction.getIR(xref, xref.fetchIfRef(fnRefs[i])));
|
|
- }
|
|
- var bounds = dict.getArray('Bounds');
|
|
- var encode = dict.getArray('Encode');
|
|
+ fns.push(PDFFunction.parse(xref, xref.fetchIfRef(fnRefs[i])));
|
|
+ }
|
|
+ var bounds = toNumberArray(dict.getArray('Bounds'));
|
|
+ var encode = toNumberArray(dict.getArray('Encode'));
|
|
return [
|
|
CONSTRUCT_STICHED,
|
|
domain,
|
|
bounds,
|
|
encode,
|
|
fns
|
|
];
|
|
},
|
|
constructStichedFromIR: function PDFFunction_constructStichedFromIR(IR) {
|
|
var domain = IR[1];
|
|
var bounds = IR[2];
|
|
var encode = IR[3];
|
|
- var fnsIR = IR[4];
|
|
- var fns = [];
|
|
+ var fns = IR[4];
|
|
var tmpBuf = new Float32Array(1);
|
|
- for (var i = 0, ii = fnsIR.length; i < ii; i++) {
|
|
- fns.push(PDFFunction.fromIR(fnsIR[i]));
|
|
- }
|
|
return function constructStichedFromIRResult(src, srcOffset, dest, destOffset) {
|
|
var clip = function constructStichedFromIRClip(v, min, max) {
|
|
if (v > max) {
|
|
v = max;
|
|
} else if (v < min) {
|
|
v = min;
|
|
}
|
|
return v;
|
|
@@ -41968,18 +41977,18 @@
|
|
// Prevent the value from becoming NaN as a result
|
|
// of division by zero (fixes issue6113.pdf).
|
|
tmpBuf[0] = dmin === dmax ? rmin : rmin + (v - dmin) * (rmax - rmin) / (dmax - dmin);
|
|
// call the appropriate function
|
|
fns[i](tmpBuf, 0, dest, destOffset);
|
|
};
|
|
},
|
|
constructPostScript: function PDFFunction_constructPostScript(fn, dict, xref) {
|
|
- var domain = dict.getArray('Domain');
|
|
- var range = dict.getArray('Range');
|
|
+ var domain = toNumberArray(dict.getArray('Domain'));
|
|
+ var range = toNumberArray(dict.getArray('Range'));
|
|
if (!domain) {
|
|
error('No domain.');
|
|
}
|
|
if (!range) {
|
|
error('No range.');
|
|
}
|
|
var lexer = new PostScriptLexer(fn);
|
|
var parser = new PostScriptParser(lexer);
|
|
@@ -42928,18 +42937,18 @@
|
|
case 'IndexedCS':
|
|
var baseIndexedCS = IR[1];
|
|
var hiVal = IR[2];
|
|
var lookup = IR[3];
|
|
return new IndexedCS(ColorSpace.fromIR(baseIndexedCS), hiVal, lookup);
|
|
case 'AlternateCS':
|
|
var numComps = IR[1];
|
|
var alt = IR[2];
|
|
- var tintFnIR = IR[3];
|
|
- return new AlternateCS(numComps, ColorSpace.fromIR(alt), PDFFunction.fromIR(tintFnIR));
|
|
+ var tintFn = IR[3];
|
|
+ return new AlternateCS(numComps, ColorSpace.fromIR(alt), tintFn);
|
|
case 'LabCS':
|
|
whitePoint = IR[1];
|
|
blackPoint = IR[2];
|
|
var range = IR[3];
|
|
return new LabCS(whitePoint, blackPoint, range);
|
|
default:
|
|
error('Unknown name ' + name);
|
|
}
|
|
@@ -43067,22 +43076,22 @@
|
|
var name = xref.fetchIfRef(cs[1]);
|
|
numComps = 1;
|
|
if (isName(name)) {
|
|
numComps = 1;
|
|
} else if (isArray(name)) {
|
|
numComps = name.length;
|
|
}
|
|
alt = ColorSpace.parseToIR(cs[2], xref, res);
|
|
- var tintFnIR = PDFFunction.getIR(xref, xref.fetchIfRef(cs[3]));
|
|
+ var tintFn = PDFFunction.parse(xref, xref.fetchIfRef(cs[3]));
|
|
return [
|
|
'AlternateCS',
|
|
numComps,
|
|
alt,
|
|
- tintFnIR
|
|
+ tintFn
|
|
];
|
|
case 'Lab':
|
|
params = xref.fetchIfRef(cs[1]);
|
|
whitePoint = params.getArray('WhitePoint');
|
|
blackPoint = params.getArray('BlackPoint');
|
|
var range = params.getArray('Range');
|
|
return [
|
|
'LabCS',
|
|
@@ -52483,9 +52492,9 @@
|
|
initializeWorker();
|
|
}
|
|
exports.setPDFNetworkStreamClass = setPDFNetworkStreamClass;
|
|
exports.WorkerTask = WorkerTask;
|
|
exports.WorkerMessageHandler = WorkerMessageHandler;
|
|
}));
|
|
}.call(pdfjsLibs));
|
|
exports.WorkerMessageHandler = pdfjsLibs.pdfjsCoreWorker.WorkerMessageHandler;
|
|
-}));
|
|
\ No newline at end of file
|
|
+}));
|
|
|