pool/MozillaFirefox
SHA256
4
0
Fork 1
Code Issues Pull Requests Packages Projects Releases Wiki Activity
ccadb573ea
MozillaFirefox/mozilla-shared-nss-db.patch
Wolfgang Rosenauer ccadb573ea - update to Firefox 40.0 (bnc#940806) 
* Added protection against unwanted software downloads
  * Suggested Tiles show sites of interest, based on categories
    from your recent browsing history
  * Hello allows adding a link to conversations to provide context
    on what the conversation will be about
  * New style for add-on manager based on the in-content
    preferences style
  * Improved scrolling, graphics, and video playback performance
    with off main thread compositing (GNU/Linux only)
  * Graphic blocklist mechanism improved: Firefox version ranges
    can be specified, limiting the number of devices blocked
  security fixes:
  * MFSA 2015-79/CVE-2015-4473/CVE-2015-4474
    Miscellaneous memory safety hazards
  * MFSA 2015-80/CVE-2015-4475 (bmo#1175396)
    Out-of-bounds read with malformed MP3 file
  * MFSA 2015-81/CVE-2015-4477 (bmo#1179484)
    Use-after-free in MediaStream playback
  * MFSA 2015-82/CVE-2015-4478 (bmo#1105914)
    Redefinition of non-configurable JavaScript object properties
  * MFSA 2015-83/CVE-2015-4479/CVE-2015-4480/CVE-2015-4493
    Overflow issues in libstagefright
  * MFSA 2015-84/CVE-2015-4481 (bmo1171518)
    Arbitrary file overwriting through Mozilla Maintenance Service
    with hard links (only affected Windows)
  * MFSA 2015-85/CVE-2015-4482 (bmo#1184500)
    Out-of-bounds write with Updater and malicious MAR file
    (does not affect openSUSE RPM packages which do not ship the
     updater)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=454
2015-08-12 07:11:49 +00:00

145 lines
4.6 KiB
Diff
Raw Blame History

From: Hans Petter Jansson <hpj@copyleft.no>
Wolfgang Rosenauer <wr@rosenauer.org>
Subject: use libnsssharedhelper if available at compile time
(can be disabled by exporting MOZ_XRE_NO_NSSHELPER=1)
References:
diff --git a/configure.in b/configure.in
--- a/configure.in
+++ b/configure.in
@@ -8217,16 +8217,31 @@ if test "$MOZ_ENABLE_SKIA"; then
MOZ_ENABLE_SKIA_GPU=1
AC_DEFINE(USE_SKIA_GPU)
AC_SUBST(MOZ_ENABLE_SKIA_GPU)
fi
fi
AC_SUBST(MOZ_ENABLE_SKIA)
dnl ========================================================
+dnl Check for nss-shared-helper
+dnl ========================================================
+
+ PKG_CHECK_MODULES(NSSHELPER, nss-shared-helper,
+ [MOZ_ENABLE_NSSHELPER=1],
+ [MOZ_ENABLE_NSSHELPER=])
+
+if test "$MOZ_ENABLE_NSSHELPER"; then
+ AC_DEFINE(MOZ_ENABLE_NSSHELPER)
+fi
+AC_SUBST(MOZ_ENABLE_NSSHELPER)
+AC_SUBST_LIST(NSSHELPER_CFLAGS)
+AC_SUBST_LIST(NSSHELPER_LIBS)
+
+dnl ========================================================
dnl disable xul
dnl ========================================================
MOZ_ARG_DISABLE_BOOL(xul,
[ --disable-xul Disable XUL],
MOZ_XUL= )
if test "$MOZ_XUL"; then
AC_DEFINE(MOZ_XUL)
else
diff --git a/security/manager/ssl/src/moz.build b/security/manager/ssl/src/moz.build
--- a/security/manager/ssl/src/moz.build
+++ b/security/manager/ssl/src/moz.build
@@ -81,16 +81,19 @@ SOURCES += [
IPDL_SOURCES += [
'PPSMContentDownloader.ipdl',
]
LOCAL_INCLUDES += [
'/security/manager/boot/src',
]
+CXXFLAGS += sorted(CONFIG['NSSHELPER_CFLAGS'])
+OS_LIBS += sorted(CONFIG['NSSHELPER_LIBS'])
+
if not CONFIG['MOZ_NO_SMART_CARDS']:
UNIFIED_SOURCES += [
'nsSmartCardMonitor.cpp',
]
if CONFIG['MOZ_XUL']:
UNIFIED_SOURCES += [
'nsCertTree.cpp',
diff --git a/security/manager/ssl/src/nsNSSComponent.cpp b/security/manager/ssl/src/nsNSSComponent.cpp
--- a/security/manager/ssl/src/nsNSSComponent.cpp
+++ b/security/manager/ssl/src/nsNSSComponent.cpp
@@ -1,14 +1,21 @@
/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
*
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+#ifdef MOZ_ENABLE_NSSHELPER
+#pragma GCC visibility push(default)
+#include <nss-shared-helper.h>
+#pragma GCC visibility pop
+#include "prenv.h"
+#endif
+
#include "nsNSSComponent.h"
#include "ExtendedValidation.h"
#include "NSSCertDBTrustDomain.h"
#include "mozilla/Telemetry.h"
#include "nsAppDirectoryServiceDefs.h"
#include "nsCertVerificationThread.h"
#include "nsAppDirectoryServiceDefs.h"
@@ -998,17 +1005,31 @@ nsNSSComponent::InitializeNSS()
if (NS_FAILED(rv)) {
nsPSMInitPanic::SetPanic();
return NS_ERROR_NOT_AVAILABLE;
}
SECStatus init_rv = SECFailure;
if (!profileStr.IsEmpty()) {
// First try to initialize the NSS DB in read/write mode.
- SECStatus init_rv = ::mozilla::psm::InitializeNSS(profileStr.get(), false);
+#ifdef MOZ_ENABLE_NSSHELPER
+ if (PR_GetEnv("MOZ_XRE_NO_NSSHELPER")) {
+ init_rv = ::mozilla::psm::InitializeNSS(profileStr.get(), false);
+ } else {
+ uint32_t flags = NSS_INIT_NOROOTINIT | NSS_INIT_OPTIMIZESPACE;
+ init_rv = ::nsshelp_open_db ("Firefox", profileStr.get(), flags);
+
+ if (init_rv != SECSuccess) {
+ PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("can not init NSS using nsshelp_open_db in %s\n", profileStr.get()));
+ init_rv = ::mozilla::psm::InitializeNSS(profileStr.get(), false);
+ }
+ }
+#else
+ init_rv = ::mozilla::psm::InitializeNSS(profileStr.get(), false);
+#endif
// If that fails, attempt read-only mode.
if (init_rv != SECSuccess) {
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("could not init NSS r/w in %s\n", profileStr.get()));
init_rv = ::mozilla::psm::InitializeNSS(profileStr.get(), true);
}
if (init_rv != SECSuccess) {
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("could not init in r/o either\n"));
}
diff --git a/toolkit/library/moz.build b/toolkit/library/moz.build
--- a/toolkit/library/moz.build
+++ b/toolkit/library/moz.build
@@ -197,16 +197,18 @@ if CONFIG['MOZ_B2G_CAMERA'] and CONFIG['
'stagefright_omx',
]
if CONFIG['OS_ARCH'] == 'Linux' and CONFIG['OS_TARGET'] != 'Android':
OS_LIBS += [
'rt',
]
+OS_LIBS += sorted(CONFIG['NSSHELPER_LIBS'])
+
OS_LIBS += CONFIG['MOZ_CAIRO_OSLIBS']
OS_LIBS += CONFIG['MOZ_WEBRTC_X11_LIBS']
if CONFIG['MOZ_NATIVE_JPEG']:
OS_LIBS += CONFIG['MOZ_JPEG_LIBS']
if CONFIG['MOZ_NATIVE_PNG']:
OS_LIBS += CONFIG['MOZ_PNG_LIBS']
Reference in New Issue View Git Blame Copy Permalink