97b8712767
* Enable VP9 video codec for users with fast machines
* Embedded YouTube videos now play with HTML5 video if Flash is
not installed
* View and search open tabs from your smartphone or another
computer in a sidebar
* Allow no-cache on back/forward navigations for https resources
security fixes:
* MFSA 2016-49/CVE-2016-2815/CVE-2016-2818
(boo#983638)
(bmo#1241896, bmo#1242798, bmo#1243466, bmo#1245743,
bmo#1264300, bmo#1271037, bmo#1234147, bmo#1256493,
bmo#1256739, bmo#1256968, bmo#1261230, bmo#1261752,
bmo#1263384, bmo#1264575, bmo#1265577, bmo#1267130,
bmo#1269729, bmo#1273202, bmo#1273701)
Miscellaneous memory safety hazards (rv:47.0 / rv:45.2)
* MFSA 2016-50/CVE-2016-2819 (boo#983655) (bmo#1270381)
Buffer overflow parsing HTML5 fragments
* MFSA 2016-51/CVE-2016-2821 (bsc#983653) (bmo#1271460)
Use-after-free deleting tables from a contenteditable document
* MFSA 2016-52/CVE-2016-2822 (boo#983652) (bmo#1273129)
Addressbar spoofing though the SELECT element
* MFSA 2016-53/CVE-2016-2824 (boo#983651) (bmo#1248580)
Out-of-bounds write with WebGL shader
* MFSA 2016-54/CVE-2016-2825 (boo#983649) (bmo#1193093)
Partial same-origin-policy through setting location.host
through data URI
* MFSA 2016-56/CVE-2016-2828 (boo#983646) (bmo#1223810)
Use-after-free when textures are used in WebGL operations
after recycle pool destruction
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=518
144 lines
4.6 KiB
Diff
144 lines
4.6 KiB
Diff
From: Hans Petter Jansson <hpj@copyleft.no>
|
|
Wolfgang Rosenauer <wr@rosenauer.org>
|
|
Subject: use libnsssharedhelper if available at compile time
|
|
(can be disabled by exporting MOZ_XRE_NO_NSSHELPER=1)
|
|
References:
|
|
|
|
diff --git a/old-configure.in b/old-configure.in
|
|
--- a/old-configure.in
|
|
+++ b/old-configure.in
|
|
@@ -8187,16 +8187,31 @@ if test "$MOZ_ENABLE_SKIA"; then
|
|
AC_DEFINE(USE_SKIA_GPU)
|
|
AC_SUBST(MOZ_ENABLE_SKIA_GPU)
|
|
fi
|
|
fi
|
|
AC_SUBST(MOZ_ENABLE_SKIA)
|
|
AC_SUBST_LIST(SKIA_INCLUDES)
|
|
|
|
dnl ========================================================
|
|
+dnl Check for nss-shared-helper
|
|
+dnl ========================================================
|
|
+
|
|
+ PKG_CHECK_MODULES(NSSHELPER, nss-shared-helper,
|
|
+ [MOZ_ENABLE_NSSHELPER=1],
|
|
+ [MOZ_ENABLE_NSSHELPER=])
|
|
+
|
|
+if test "$MOZ_ENABLE_NSSHELPER"; then
|
|
+ AC_DEFINE(MOZ_ENABLE_NSSHELPER)
|
|
+fi
|
|
+AC_SUBST(MOZ_ENABLE_NSSHELPER)
|
|
+AC_SUBST_LIST(NSSHELPER_CFLAGS)
|
|
+AC_SUBST_LIST(NSSHELPER_LIBS)
|
|
+
|
|
+dnl ========================================================
|
|
dnl disable xul
|
|
dnl ========================================================
|
|
MOZ_ARG_DISABLE_BOOL(xul,
|
|
[ --disable-xul Disable XUL],
|
|
MOZ_XUL= )
|
|
if test "$MOZ_XUL"; then
|
|
AC_DEFINE(MOZ_XUL)
|
|
else
|
|
diff --git a/security/manager/ssl/moz.build b/security/manager/ssl/moz.build
|
|
--- a/security/manager/ssl/moz.build
|
|
+++ b/security/manager/ssl/moz.build
|
|
@@ -160,16 +160,19 @@ UNIFIED_SOURCES += [
|
|
FINAL_LIBRARY = 'xul'
|
|
|
|
LOCAL_INCLUDES += [
|
|
'/dom/base',
|
|
'/security/certverifier',
|
|
'/security/pkix/include',
|
|
]
|
|
|
|
+CXXFLAGS += sorted(CONFIG['NSSHELPER_CFLAGS'])
|
|
+OS_LIBS += sorted(CONFIG['NSSHELPER_LIBS'])
|
|
+
|
|
LOCAL_INCLUDES += [
|
|
'!/dist/public/nss',
|
|
]
|
|
|
|
if CONFIG['NSS_DISABLE_DBM']:
|
|
DEFINES['NSS_DISABLE_DBM'] = '1'
|
|
|
|
DEFINES['SSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES'] = 'True'
|
|
diff --git a/security/manager/ssl/nsNSSComponent.cpp b/security/manager/ssl/nsNSSComponent.cpp
|
|
--- a/security/manager/ssl/nsNSSComponent.cpp
|
|
+++ b/security/manager/ssl/nsNSSComponent.cpp
|
|
@@ -1,14 +1,21 @@
|
|
/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
|
|
*
|
|
* This Source Code Form is subject to the terms of the Mozilla Public
|
|
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
|
|
|
|
+#ifdef MOZ_ENABLE_NSSHELPER
|
|
+#pragma GCC visibility push(default)
|
|
+#include <nss-shared-helper.h>
|
|
+#pragma GCC visibility pop
|
|
+#include "prenv.h"
|
|
+#endif
|
|
+
|
|
#include "nsNSSComponent.h"
|
|
|
|
#include "ExtendedValidation.h"
|
|
#include "NSSCertDBTrustDomain.h"
|
|
#include "SharedSSLState.h"
|
|
#include "mozilla/Preferences.h"
|
|
#include "mozilla/PublicSSL.h"
|
|
#include "mozilla/Services.h"
|
|
@@ -1017,17 +1024,31 @@ nsNSSComponent::InitializeNSS()
|
|
return rv;
|
|
}
|
|
}
|
|
MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("inSafeMode: %u\n", inSafeMode));
|
|
|
|
if (!nocertdb && !profileStr.IsEmpty()) {
|
|
// First try to initialize the NSS DB in read/write mode.
|
|
// Only load PKCS11 modules if we're not in safe mode.
|
|
+#ifdef MOZ_ENABLE_NSSHELPER
|
|
+ if (PR_GetEnv("MOZ_XRE_NO_NSSHELPER")) {
|
|
+ init_rv = ::mozilla::psm::InitializeNSS(profileStr.get(), false, !inSafeMode);
|
|
+ } else {
|
|
+ uint32_t flags = NSS_INIT_NOROOTINIT | NSS_INIT_OPTIMIZESPACE;
|
|
+ init_rv = ::nsshelp_open_db ("Firefox", profileStr.get(), flags);
|
|
+
|
|
+ if (init_rv != SECSuccess) {
|
|
+ MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("can not init NSS using nsshelp_open_db in %s\n", profileStr.get()));
|
|
+ init_rv = ::mozilla::psm::InitializeNSS(profileStr.get(), false, !inSafeMode);
|
|
+ }
|
|
+ }
|
|
+#else
|
|
init_rv = ::mozilla::psm::InitializeNSS(profileStr.get(), false, !inSafeMode);
|
|
+#endif
|
|
// If that fails, attempt read-only mode.
|
|
if (init_rv != SECSuccess) {
|
|
MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("could not init NSS r/w in %s\n", profileStr.get()));
|
|
init_rv = ::mozilla::psm::InitializeNSS(profileStr.get(), true, !inSafeMode);
|
|
}
|
|
if (init_rv != SECSuccess) {
|
|
MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("could not init in r/o either\n"));
|
|
}
|
|
diff --git a/toolkit/library/moz.build b/toolkit/library/moz.build
|
|
--- a/toolkit/library/moz.build
|
|
+++ b/toolkit/library/moz.build
|
|
@@ -209,16 +209,18 @@ if CONFIG['OS_ARCH'] == 'Linux' and CONF
|
|
OS_LIBS += [
|
|
'rt',
|
|
]
|
|
|
|
OS_LIBS += CONFIG['MOZ_CAIRO_OSLIBS']
|
|
OS_LIBS += CONFIG['MOZ_WEBRTC_X11_LIBS']
|
|
OS_LIBS += CONFIG['MOZ_SERVO_LIBS']
|
|
|
|
+OS_LIBS += sorted(CONFIG['NSSHELPER_LIBS'])
|
|
+
|
|
if CONFIG['MOZ_NATIVE_JPEG']:
|
|
OS_LIBS += CONFIG['MOZ_JPEG_LIBS']
|
|
|
|
if CONFIG['MOZ_NATIVE_PNG']:
|
|
OS_LIBS += CONFIG['MOZ_PNG_LIBS']
|
|
|
|
if CONFIG['MOZ_NATIVE_HUNSPELL']:
|
|
OS_LIBS += CONFIG['MOZ_HUNSPELL_LIBS']
|