pool/MozillaFirefox
SHA256
4
0
Fork 1
Code Issues Pull Requests Packages Projects Releases Wiki Activity
a0dc99e46e
MozillaFirefox/mozilla-shared-nss-db.patch
Wolfgang Rosenauer b9792ce771 - update to Firefox 47.0 (boo#983549) 
* Enable VP9 video codec for users with fast machines
  * Embedded YouTube videos now play with HTML5 video if Flash is
    not installed
  * View and search open tabs from your smartphone or another
    computer in a sidebar
  * Allow no-cache on back/forward navigations for https resources
  security fixes:
  * MFSA 2016-49/CVE-2016-2815/CVE-2016-2818
    (boo#983638)
    (bmo#1241896, bmo#1242798, bmo#1243466, bmo#1245743,
     bmo#1264300, bmo#1271037, bmo#1234147, bmo#1256493,
     bmo#1256739, bmo#1256968, bmo#1261230, bmo#1261752,
     bmo#1263384, bmo#1264575, bmo#1265577, bmo#1267130,
     bmo#1269729, bmo#1273202, bmo#1273701)
    Miscellaneous memory safety hazards (rv:47.0 / rv:45.2)
  * MFSA 2016-50/CVE-2016-2819 (boo#983655) (bmo#1270381)
    Buffer overflow parsing HTML5 fragments
  * MFSA 2016-51/CVE-2016-2821 (bsc#983653) (bmo#1271460)
    Use-after-free deleting tables from a contenteditable document
  * MFSA 2016-52/CVE-2016-2822 (boo#983652) (bmo#1273129)
    Addressbar spoofing though the SELECT element
  * MFSA 2016-53/CVE-2016-2824 (boo#983651) (bmo#1248580)
    Out-of-bounds write with WebGL shader
  * MFSA 2016-54/CVE-2016-2825 (boo#983649) (bmo#1193093)
    Partial same-origin-policy through setting location.host
    through data URI
  * MFSA 2016-56/CVE-2016-2828 (boo#983646) (bmo#1223810)
    Use-after-free when textures are used in WebGL operations
    after recycle pool destruction

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=518
2016-06-08 12:26:29 +00:00

144 lines
4.6 KiB
Diff
Raw Blame History

From: Hans Petter Jansson <hpj@copyleft.no>
Wolfgang Rosenauer <wr@rosenauer.org>
Subject: use libnsssharedhelper if available at compile time
(can be disabled by exporting MOZ_XRE_NO_NSSHELPER=1)
References:
diff --git a/old-configure.in b/old-configure.in
--- a/old-configure.in
+++ b/old-configure.in
@@ -8187,16 +8187,31 @@ if test "$MOZ_ENABLE_SKIA"; then
AC_DEFINE(USE_SKIA_GPU)
AC_SUBST(MOZ_ENABLE_SKIA_GPU)
fi
fi
AC_SUBST(MOZ_ENABLE_SKIA)
AC_SUBST_LIST(SKIA_INCLUDES)
dnl ========================================================
+dnl Check for nss-shared-helper
+dnl ========================================================
+
+ PKG_CHECK_MODULES(NSSHELPER, nss-shared-helper,
+ [MOZ_ENABLE_NSSHELPER=1],
+ [MOZ_ENABLE_NSSHELPER=])
+
+if test "$MOZ_ENABLE_NSSHELPER"; then
+ AC_DEFINE(MOZ_ENABLE_NSSHELPER)
+fi
+AC_SUBST(MOZ_ENABLE_NSSHELPER)
+AC_SUBST_LIST(NSSHELPER_CFLAGS)
+AC_SUBST_LIST(NSSHELPER_LIBS)
+
+dnl ========================================================
dnl disable xul
dnl ========================================================
MOZ_ARG_DISABLE_BOOL(xul,
[ --disable-xul Disable XUL],
MOZ_XUL= )
if test "$MOZ_XUL"; then
AC_DEFINE(MOZ_XUL)
else
diff --git a/security/manager/ssl/moz.build b/security/manager/ssl/moz.build
--- a/security/manager/ssl/moz.build
+++ b/security/manager/ssl/moz.build
@@ -160,16 +160,19 @@ UNIFIED_SOURCES += [
FINAL_LIBRARY = 'xul'
LOCAL_INCLUDES += [
'/dom/base',
'/security/certverifier',
'/security/pkix/include',
]
+CXXFLAGS += sorted(CONFIG['NSSHELPER_CFLAGS'])
+OS_LIBS += sorted(CONFIG['NSSHELPER_LIBS'])
+
LOCAL_INCLUDES += [
'!/dist/public/nss',
]
if CONFIG['NSS_DISABLE_DBM']:
DEFINES['NSS_DISABLE_DBM'] = '1'
DEFINES['SSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES'] = 'True'
diff --git a/security/manager/ssl/nsNSSComponent.cpp b/security/manager/ssl/nsNSSComponent.cpp
--- a/security/manager/ssl/nsNSSComponent.cpp
+++ b/security/manager/ssl/nsNSSComponent.cpp
@@ -1,14 +1,21 @@
/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
*
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+#ifdef MOZ_ENABLE_NSSHELPER
+#pragma GCC visibility push(default)
+#include <nss-shared-helper.h>
+#pragma GCC visibility pop
+#include "prenv.h"
+#endif
+
#include "nsNSSComponent.h"
#include "ExtendedValidation.h"
#include "NSSCertDBTrustDomain.h"
#include "SharedSSLState.h"
#include "mozilla/Preferences.h"
#include "mozilla/PublicSSL.h"
#include "mozilla/Services.h"
@@ -1017,17 +1024,31 @@ nsNSSComponent::InitializeNSS()
return rv;
}
}
MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("inSafeMode: %u\n", inSafeMode));
if (!nocertdb && !profileStr.IsEmpty()) {
// First try to initialize the NSS DB in read/write mode.
// Only load PKCS11 modules if we're not in safe mode.
+#ifdef MOZ_ENABLE_NSSHELPER
+ if (PR_GetEnv("MOZ_XRE_NO_NSSHELPER")) {
+ init_rv = ::mozilla::psm::InitializeNSS(profileStr.get(), false, !inSafeMode);
+ } else {
+ uint32_t flags = NSS_INIT_NOROOTINIT | NSS_INIT_OPTIMIZESPACE;
+ init_rv = ::nsshelp_open_db ("Firefox", profileStr.get(), flags);
+
+ if (init_rv != SECSuccess) {
+ MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("can not init NSS using nsshelp_open_db in %s\n", profileStr.get()));
+ init_rv = ::mozilla::psm::InitializeNSS(profileStr.get(), false, !inSafeMode);
+ }
+ }
+#else
init_rv = ::mozilla::psm::InitializeNSS(profileStr.get(), false, !inSafeMode);
+#endif
// If that fails, attempt read-only mode.
if (init_rv != SECSuccess) {
MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("could not init NSS r/w in %s\n", profileStr.get()));
init_rv = ::mozilla::psm::InitializeNSS(profileStr.get(), true, !inSafeMode);
}
if (init_rv != SECSuccess) {
MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("could not init in r/o either\n"));
}
diff --git a/toolkit/library/moz.build b/toolkit/library/moz.build
--- a/toolkit/library/moz.build
+++ b/toolkit/library/moz.build
@@ -209,16 +209,18 @@ if CONFIG['OS_ARCH'] == 'Linux' and CONF
OS_LIBS += [
'rt',
]
OS_LIBS += CONFIG['MOZ_CAIRO_OSLIBS']
OS_LIBS += CONFIG['MOZ_WEBRTC_X11_LIBS']
OS_LIBS += CONFIG['MOZ_SERVO_LIBS']
+OS_LIBS += sorted(CONFIG['NSSHELPER_LIBS'])
+
if CONFIG['MOZ_NATIVE_JPEG']:
OS_LIBS += CONFIG['MOZ_JPEG_LIBS']
if CONFIG['MOZ_NATIVE_PNG']:
OS_LIBS += CONFIG['MOZ_PNG_LIBS']
if CONFIG['MOZ_NATIVE_HUNSPELL']:
OS_LIBS += CONFIG['MOZ_HUNSPELL_LIBS']
Reference in New Issue View Git Blame Copy Permalink