4f2e9d5b4c
Part of patch-af has been fixed upstream. Security fixes in this version: MFSA 2008-33 Crash and remote code execution in block reflow MFSA 2008-32 Remote site run as local file via Windows URL shortcut MFSA 2008-31 Peer-trusted certs can use alt names to spoof MFSA 2008-30 File location URL in directory listings not escaped properly MFSA 2008-29 Faulty .properties file results in uninitialized memory being used MFSA 2008-28 Arbitrary socket connections with Java LiveConnect on Mac OS X MFSA 2008-27 Arbitrary file upload via originalTarget and DOM Range MFSA 2008-25 Arbitrary code execution in mozIJSSubScriptLoader.loadSubScript() MFSA 2008-24 Chrome script loading from fastload file MFSA 2008-23 Signed JAR tampering MFSA 2008-22 XSS through JavaScript same-origin violation MFSA 2008-21 Crashes with evidence of memory corruption (rv:1.8.1.15) For more info, see http://www.mozilla.com/en-US/firefox/2.0.0.15/releasenotes/
12 lines
337 B
Text
12 lines
337 B
Text
$NetBSD: patch-af,v 1.6 2008/07/02 09:03:35 ghen Exp $
|
|
|
|
--- security/nss/lib/freebl/unix_rand.c.orig 2007-07-26 01:18:55.000000000 +0200
|
|
+++ security/nss/lib/freebl/unix_rand.c
|
|
@@ -35,6 +35,7 @@
|
|
* ***** END LICENSE BLOCK ***** */
|
|
|
|
#include <stdio.h>
|
|
+#include <fcntl.h>
|
|
#include <string.h>
|
|
#include <signal.h>
|
|
#include <unistd.h>
|