Revert "Fix CVE-2024-11695."v115.18.0-gnu2

This reverts commit 306c589a92599638c843d32beaa4119961330d6c.
author: Mark H Weaver <mhw@netris.org> 2024-11-28 13:01:11 -0500
committer: Mark H Weaver <mhw@netris.org> 2024-11-28 13:01:25 -0500
commit: dc99e15355412bc9b11b34d3fe5729bed1c251de (patch)
tree: 653e947f501463f5f6c14cbae6dbb6490083be8d /data
parent: c85854d2f1eb4ec59a1e1c12a1ba0ba4ae29a557 (diff)
1 files changed, 0 insertions, 91 deletions
diff --git a/data/patches/CVE-2024-11695.patch b/data/patches/CVE-2024-11695.patch
deleted file mode 100644
index aef984e..0000000
--- a/data/patches/CVE-2024-11695.patch
+++ /dev/null
@@ -1,91 +0,0 @@
-Fixes CVE-2024-11695 (URL Bar Spoofing via Manipulated Punycode and Whitespace Characters)
-Based on <https://hg.mozilla.org/releases/mozilla-esr128/rev/e6099586845f23c0f85fe29a636980e57d206897>
-Adapted to ESR 115 by Mark H Weaver <mhw@netris.org>
-
-# HG changeset patch
-# User Marco Bonardo <mbonardo@mozilla.com>
-# Date 1731417582 0
-# Node ID e6099586845f23c0f85fe29a636980e57d206897
-# Parent  3b50417aca257bfb30f3277f915fc400aa83c7c7
-Bug 1925496.  a=dmeehan
-
-Original Revision: https://phabricator.services.mozilla.com/D228315
-
-Differential Revision: https://phabricator.services.mozilla.com/D228568
-
-diff --git a/browser/components/urlbar/UrlbarInput.sys.mjs b/browser/components/urlbar/UrlbarInput.sys.mjs
---- a/browser/components/urlbar/UrlbarInput.sys.mjs
-+++ b/browser/components/urlbar/UrlbarInput.sys.mjs
-@@ -4001,22 +4001,23 @@ function losslessDecodeURI(aURI) {
-   //   U+2028-2029: line and paragraph separators
-   //   U+2800: braille empty pattern
-   //   U+FFFC: object replacement character
-   // Encode any trailing whitespace that may be part of a pasted URL, so that it
-   // doesn't get eaten away by the location bar (bug 410726).
-   // Encode all adjacent space chars (U+0020), to prevent spoofing attempts
-   // where they would push part of the URL to overflow the location bar
-   // (bug 1395508). A single space, or the last space if the are many, is
--  // preserved to maintain readability of certain urls. We only do this for the
--  // common space, because others may be eaten when copied to the clipboard, so
--  // it's safer to preserve them encoded.
-+  // preserved to maintain readability of certain urls if it's not followed by a
-+  // control or separator character. We only do this for the common space,
-+  // because others may be eaten when copied to the clipboard,so it's safer to
-+  // preserve them encoded.
-   value = value.replace(
-     // eslint-disable-next-line no-control-regex
--    /[\u0000-\u001f\u007f-\u00a0\u1680\u2000-\u200a\u2028\u2029\u202f\u205f\u2800\u3000\ufffc]|[\r\n\t]|\u0020(?=\u0020)|\s$/g,
-+    /[[\p{Separator}--\u0020]\p{Control}\u2800\ufffc]|\u0020(?=[\p{Other}\p{Separator}])|\s$/gv,
-     encodeURIComponent
-   );
- 
-   // Encode characters that are ignorable, can't be rendered usefully, or may
-   // confuse users.
-   //
-   // Default ignorable characters; ZWNJ (U+200C) and ZWJ (U+200D) are excluded
-   // per bug 582186:
-@@ -4028,19 +4029,20 @@ function losslessDecodeURI(aURI) {
-   //   U+061C, U+200E, U+200F, U+202A-202E, U+2066-2069
-   // Other format characters in the Cf category that are unlikely to be rendered
-   // usefully:
-   //   U+0600-0605, U+08E2, U+110BD (U+D804 + U+DCBD),
-   //   U+110CD (U+D804 + U+DCCD), U+13430-13438 (U+D80D + U+DC30-DC38),
-   //   U+1BCA0-1BCA3 (U+D82F + U+DCA0-DCA3)
-   // Mimicking UI parts:
-   //   U+1F50F-1F513 (U+D83D + U+DD0F-DD13), U+1F6E1 (U+D83D + U+DEE1)
-+  // Unassigned codepoints, sometimes shown as empty glyphs.
-   value = value.replace(
-     // eslint-disable-next-line no-misleading-character-class
--    /[\u00ad\u034f\u061c\u06dd\u070f\u115f\u1160\u17b4\u17b5\u180b-\u180e\u200b\u200e\u200f\u202a-\u202e\u2060-\u206f\u3164\u0600-\u0605\u08e2\ufe00-\ufe0f\ufeff\uffa0\ufff0-\ufffb]|\ud804[\udcbd\udccd]|\ud80d[\udc30-\udc38]|\ud82f[\udca0-\udca3]|\ud834[\udd73-\udd7a]|[\udb40-\udb43][\udc00-\udfff]|\ud83d[\udd0f-\udd13\udee1]/g,
-+    /[\u00ad\u034f\u061c\u06dd\u070f\u115f\u1160\u17b4\u17b5\u180b-\u180e\u200b\u200e\u200f\u202a-\u202e\u2060-\u206f\u3164\u0600-\u0605\u08e2\ufe00-\ufe0f\ufeff\uffa0\ufff0-\ufffb\p{Unassigned}\p{Private_Use}]|\ud804[\udcbd\udccd]|\ud80d[\udc30-\udc38]|\ud82f[\udca0-\udca3]|\ud834[\udd73-\udd7a]|[\udb40-\udb43][\udc00-\udfff]|\ud83d[\udd0f-\udd13\udee1]/gv,
-     encodeURIComponent
-   );
-   return value;
- }
- 
- /**
-  * Handles copy and cut commands for the urlbar.
-  */
-diff --git a/browser/components/urlbar/tests/browser/browser_copying.js b/browser/components/urlbar/tests/browser/browser_copying.js
---- a/browser/components/urlbar/tests/browser/browser_copying.js
-+++ b/browser/components/urlbar/tests/browser/browser_copying.js
-@@ -247,17 +247,17 @@ var tests = [
-   },
-   {
-     loadURL: "http://example.com/a%E3%80%80test",
-     expectedURL: "example.com/a%E3%80%80test",
-     copyExpected: "http://example.com/a%E3%80%80test",
-   },
-   {
-     loadURL: "http://example.com/a%20%C2%A0test",
--    expectedURL: "example.com/a %C2%A0test",
-+    expectedURL: "example.com/a%20%C2%A0test",
-     copyExpected: "http://example.com/a%20%C2%A0test",
-   },
-   {
-     loadURL: "http://example.com/%20%20%20",
-     expectedURL: "example.com/%20%20%20",
-     copyExpected: "http://example.com/%20%20%20",
-   },
-   {
-
author	Mark H Weaver <mhw@netris.org>	2024-11-28 13:01:11 -0500
committer	Mark H Weaver <mhw@netris.org>	2024-11-28 13:01:25 -0500
commit	dc99e15355412bc9b11b34d3fe5729bed1c251de (patch)
tree	653e947f501463f5f6c14cbae6dbb6490083be8d /data
parent	c85854d2f1eb4ec59a1e1c12a1ba0ba4ae29a557 (diff)