summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--firefox-build-prbool.patch11
-rw-r--r--firefox.spec4
-rw-r--r--mozilla-1042889.patch81
3 files changed, 96 insertions, 0 deletions
diff --git a/firefox-build-prbool.patch b/firefox-build-prbool.patch
new file mode 100644
index 0000000..c7424ea
--- /dev/null
+++ b/firefox-build-prbool.patch
@@ -0,0 +1,11 @@
+diff -up mozilla-release/security/certverifier/OCSPCache.h.old mozilla-release/security/certverifier/OCSPCache.h
+--- mozilla-release/security/certverifier/OCSPCache.h.old 2014-10-14 12:33:46.519970732 +0200
++++ mozilla-release/security/certverifier/OCSPCache.h 2014-10-14 12:34:44.418000625 +0200
+@@ -25,6 +25,7 @@
+ #ifndef mozilla_psm_OCSPCache_h
+ #define mozilla_psm_OCSPCache_h
+
++#include "prtypes.h"
+ #include "hasht.h"
+ #include "mozilla/Mutex.h"
+ #include "mozilla/Vector.h"
diff --git a/firefox.spec b/firefox.spec
index ca4c800..98c9654 100644
--- a/firefox.spec
+++ b/firefox.spec
@@ -117,6 +117,7 @@ Patch3: mozilla-build-arm.patch
Patch18: xulrunner-24.0-jemalloc-ppc.patch
# workaround linking issue on s390 (JSContext::updateMallocCounter(size_t) not found)
Patch19: xulrunner-24.0-s390-inlines.patch
+Patch20: firefox-build-prbool.patch
# Fedora specific patches
# Unable to install addons from https pages
@@ -127,6 +128,7 @@ Patch217: firefox-baseline-disable.patch
# Upstream patches
Patch300: mozilla-858919.patch
+Patch301: mozilla-1042889.patch
%if %{official_branding}
# Required by Mozilla Corporation
@@ -249,6 +251,7 @@ cd %{tarballdir}
%endif
%patch18 -p2 -b .jemalloc-ppc
%patch19 -p2 -b .s390-inlines
+%patch20 -p1 -b .prbool
# For branding specific patches.
@@ -263,6 +266,7 @@ cd %{tarballdir}
# Upstream patches
%patch300 -p1 -b .858919
+%patch301 -p1 -b .1042889
%if %{official_branding}
# Required by Mozilla Corporation
diff --git a/mozilla-1042889.patch b/mozilla-1042889.patch
new file mode 100644
index 0000000..6061b9b
--- /dev/null
+++ b/mozilla-1042889.patch
@@ -0,0 +1,81 @@
+diff --git a/dom/browser-element/BrowserElementChildPreload.js b/dom/browser-element/BrowserElementChildPreload.js
+--- a/dom/browser-element/BrowserElementChildPreload.js
++++ b/dom/browser-element/BrowserElementChildPreload.js
+@@ -90,16 +90,17 @@ function getErrorClass(errorCode) {
+ switch (NSPRCode) {
+ case SEC_ERROR_UNKNOWN_ISSUER:
+ case SEC_ERROR_UNTRUSTED_ISSUER:
+ case SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE:
+ case SEC_ERROR_UNTRUSTED_CERT:
+ case SSL_ERROR_BAD_CERT_DOMAIN:
+ case SEC_ERROR_EXPIRED_CERTIFICATE:
+ case SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED:
++ case SEC_ERROR_CA_CERT_INVALID:
+ case MOZILLA_PKIX_ERROR_CA_CERT_USED_AS_END_ENTITY:
+ return Ci.nsINSSErrorsService.ERROR_CLASS_BAD_CERT;
+ default:
+ return Ci.nsINSSErrorsService.ERROR_CLASS_SSL_PROTOCOL;
+ }
+
+ return null;
+ }
+diff --git a/security/manager/ssl/src/NSSErrorsService.cpp b/security/manager/ssl/src/NSSErrorsService.cpp
+--- a/security/manager/ssl/src/NSSErrorsService.cpp
++++ b/security/manager/ssl/src/NSSErrorsService.cpp
+@@ -136,16 +136,17 @@ NSSErrorsService::GetErrorClass(nsresult
+ // Overridable errors.
+ case SEC_ERROR_UNKNOWN_ISSUER:
+ case SEC_ERROR_UNTRUSTED_ISSUER:
+ case SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE:
+ case SEC_ERROR_UNTRUSTED_CERT:
+ case SSL_ERROR_BAD_CERT_DOMAIN:
+ case SEC_ERROR_EXPIRED_CERTIFICATE:
+ case SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED:
++ case SEC_ERROR_CA_CERT_INVALID:
+ case mozilla::pkix::MOZILLA_PKIX_ERROR_CA_CERT_USED_AS_END_ENTITY:
+ *aErrorClass = ERROR_CLASS_BAD_CERT;
+ break;
+ // Non-overridable errors.
+ default:
+ *aErrorClass = ERROR_CLASS_SSL_PROTOCOL;
+ break;
+ }
+diff --git a/security/manager/ssl/src/SSLServerCertVerification.cpp b/security/manager/ssl/src/SSLServerCertVerification.cpp
+--- a/security/manager/ssl/src/SSLServerCertVerification.cpp
++++ b/security/manager/ssl/src/SSLServerCertVerification.cpp
+@@ -287,16 +287,17 @@ private:
+
+ // A probe value of 1 means "no error".
+ uint32_t
+ MapCertErrorToProbeValue(PRErrorCode errorCode)
+ {
+ switch (errorCode)
+ {
+ case SEC_ERROR_UNKNOWN_ISSUER: return 2;
++ case SEC_ERROR_CA_CERT_INVALID: return 3;
+ case SEC_ERROR_UNTRUSTED_ISSUER: return 4;
+ case SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE: return 5;
+ case SEC_ERROR_UNTRUSTED_CERT: return 6;
+ case SEC_ERROR_INADEQUATE_KEY_USAGE: return 7;
+ case SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED: return 8;
+ case SSL_ERROR_BAD_CERT_DOMAIN: return 9;
+ case SEC_ERROR_EXPIRED_CERTIFICATE: return 10;
+ case mozilla::pkix::MOZILLA_PKIX_ERROR_CA_CERT_USED_AS_END_ENTITY: return 11;
+@@ -321,16 +322,17 @@ DetermineCertOverrideErrors(CERTCertific
+ MOZ_ASSERT(errorCodeMismatch == 0);
+ MOZ_ASSERT(errorCodeExpired == 0);
+
+ // Assumes the error prioritization described in mozilla::pkix's
+ // BuildForward function. Also assumes that CERT_VerifyCertName was only
+ // called if CertVerifier::VerifyCert succeeded.
+ switch (defaultErrorCodeToReport) {
+ case SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED:
++ case SEC_ERROR_CA_CERT_INVALID:
+ case SEC_ERROR_UNKNOWN_ISSUER:
+ case mozilla::pkix::MOZILLA_PKIX_ERROR_CA_CERT_USED_AS_END_ENTITY:
+ {
+ collectedErrors = nsICertOverrideService::ERROR_UNTRUSTED;
+ errorCodeTrust = defaultErrorCodeToReport;
+
+ SECCertTimeValidity validity = CERT_CheckCertValidTimes(cert, now, false);
+ if (validity == secCertTimeUndetermined) {
bgstack15