From 0979a72b3acb7f86f8d39fe2f7dfd3d83fb5e560 Mon Sep 17 00:00:00 2001
From: Martin Stransky <stransky@redhat.com>
Date: Tue, 14 Oct 2014 12:41:33 +0200
Subject: build fix - missng header for PRBool

---
 firefox-build-prbool.patch | 11 +++++++
 firefox.spec               |  4 +++
 mozilla-1042889.patch      | 81 ++++++++++++++++++++++++++++++++++++++++++++++
 3 files changed, 96 insertions(+)
 create mode 100644 firefox-build-prbool.patch
 create mode 100644 mozilla-1042889.patch

diff --git a/firefox-build-prbool.patch b/firefox-build-prbool.patch
new file mode 100644
index 0000000..c7424ea
--- /dev/null
+++ b/firefox-build-prbool.patch
@@ -0,0 +1,11 @@
+diff -up mozilla-release/security/certverifier/OCSPCache.h.old mozilla-release/security/certverifier/OCSPCache.h
+--- mozilla-release/security/certverifier/OCSPCache.h.old	2014-10-14 12:33:46.519970732 +0200
++++ mozilla-release/security/certverifier/OCSPCache.h	2014-10-14 12:34:44.418000625 +0200
+@@ -25,6 +25,7 @@
+ #ifndef mozilla_psm_OCSPCache_h
+ #define mozilla_psm_OCSPCache_h
+ 
++#include "prtypes.h"
+ #include "hasht.h"
+ #include "mozilla/Mutex.h"
+ #include "mozilla/Vector.h"
diff --git a/firefox.spec b/firefox.spec
index ca4c800..98c9654 100644
--- a/firefox.spec
+++ b/firefox.spec
@@ -117,6 +117,7 @@ Patch3:         mozilla-build-arm.patch
 Patch18:        xulrunner-24.0-jemalloc-ppc.patch
 # workaround linking issue on s390 (JSContext::updateMallocCounter(size_t) not found)
 Patch19:        xulrunner-24.0-s390-inlines.patch
+Patch20:        firefox-build-prbool.patch
 
 # Fedora specific patches
 # Unable to install addons from https pages
@@ -127,6 +128,7 @@ Patch217:        firefox-baseline-disable.patch
 
 # Upstream patches
 Patch300:        mozilla-858919.patch
+Patch301:        mozilla-1042889.patch
 
 %if %{official_branding}
 # Required by Mozilla Corporation
@@ -249,6 +251,7 @@ cd %{tarballdir}
 %endif
 %patch18 -p2 -b .jemalloc-ppc
 %patch19 -p2 -b .s390-inlines
+%patch20 -p1 -b .prbool
 
 # For branding specific patches.
 
@@ -263,6 +266,7 @@ cd %{tarballdir}
 
 # Upstream patches
 %patch300 -p1 -b .858919
+%patch301 -p1 -b .1042889
 
 %if %{official_branding}
 # Required by Mozilla Corporation
diff --git a/mozilla-1042889.patch b/mozilla-1042889.patch
new file mode 100644
index 0000000..6061b9b
--- /dev/null
+++ b/mozilla-1042889.patch
@@ -0,0 +1,81 @@
+diff --git a/dom/browser-element/BrowserElementChildPreload.js b/dom/browser-element/BrowserElementChildPreload.js
+--- a/dom/browser-element/BrowserElementChildPreload.js
++++ b/dom/browser-element/BrowserElementChildPreload.js
+@@ -90,16 +90,17 @@ function getErrorClass(errorCode) {
+   switch (NSPRCode) {
+     case SEC_ERROR_UNKNOWN_ISSUER:
+     case SEC_ERROR_UNTRUSTED_ISSUER:
+     case SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE:
+     case SEC_ERROR_UNTRUSTED_CERT:
+     case SSL_ERROR_BAD_CERT_DOMAIN:
+     case SEC_ERROR_EXPIRED_CERTIFICATE:
+     case SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED:
++    case SEC_ERROR_CA_CERT_INVALID:
+     case MOZILLA_PKIX_ERROR_CA_CERT_USED_AS_END_ENTITY:
+       return Ci.nsINSSErrorsService.ERROR_CLASS_BAD_CERT;
+     default:
+       return Ci.nsINSSErrorsService.ERROR_CLASS_SSL_PROTOCOL;
+   }
+ 
+   return null;
+ }
+diff --git a/security/manager/ssl/src/NSSErrorsService.cpp b/security/manager/ssl/src/NSSErrorsService.cpp
+--- a/security/manager/ssl/src/NSSErrorsService.cpp
++++ b/security/manager/ssl/src/NSSErrorsService.cpp
+@@ -136,16 +136,17 @@ NSSErrorsService::GetErrorClass(nsresult
+     // Overridable errors.
+     case SEC_ERROR_UNKNOWN_ISSUER:
+     case SEC_ERROR_UNTRUSTED_ISSUER:
+     case SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE:
+     case SEC_ERROR_UNTRUSTED_CERT:
+     case SSL_ERROR_BAD_CERT_DOMAIN:
+     case SEC_ERROR_EXPIRED_CERTIFICATE:
+     case SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED:
++    case SEC_ERROR_CA_CERT_INVALID:
+     case mozilla::pkix::MOZILLA_PKIX_ERROR_CA_CERT_USED_AS_END_ENTITY:
+       *aErrorClass = ERROR_CLASS_BAD_CERT;
+       break;
+     // Non-overridable errors.
+     default:
+       *aErrorClass = ERROR_CLASS_SSL_PROTOCOL;
+       break;
+   }
+diff --git a/security/manager/ssl/src/SSLServerCertVerification.cpp b/security/manager/ssl/src/SSLServerCertVerification.cpp
+--- a/security/manager/ssl/src/SSLServerCertVerification.cpp
++++ b/security/manager/ssl/src/SSLServerCertVerification.cpp
+@@ -287,16 +287,17 @@ private:
+ 
+ // A probe value of 1 means "no error".
+ uint32_t
+ MapCertErrorToProbeValue(PRErrorCode errorCode)
+ {
+   switch (errorCode)
+   {
+     case SEC_ERROR_UNKNOWN_ISSUER:                     return  2;
++    case SEC_ERROR_CA_CERT_INVALID:                    return  3;
+     case SEC_ERROR_UNTRUSTED_ISSUER:                   return  4;
+     case SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE:         return  5;
+     case SEC_ERROR_UNTRUSTED_CERT:                     return  6;
+     case SEC_ERROR_INADEQUATE_KEY_USAGE:               return  7;
+     case SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED:  return  8;
+     case SSL_ERROR_BAD_CERT_DOMAIN:                    return  9;
+     case SEC_ERROR_EXPIRED_CERTIFICATE:                return 10;
+     case mozilla::pkix::MOZILLA_PKIX_ERROR_CA_CERT_USED_AS_END_ENTITY: return 11;
+@@ -321,16 +322,17 @@ DetermineCertOverrideErrors(CERTCertific
+   MOZ_ASSERT(errorCodeMismatch == 0);
+   MOZ_ASSERT(errorCodeExpired == 0);
+ 
+   // Assumes the error prioritization described in mozilla::pkix's
+   // BuildForward function. Also assumes that CERT_VerifyCertName was only
+   // called if CertVerifier::VerifyCert succeeded.
+   switch (defaultErrorCodeToReport) {
+     case SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED:
++    case SEC_ERROR_CA_CERT_INVALID:
+     case SEC_ERROR_UNKNOWN_ISSUER:
+     case mozilla::pkix::MOZILLA_PKIX_ERROR_CA_CERT_USED_AS_END_ENTITY:
+     {
+       collectedErrors = nsICertOverrideService::ERROR_UNTRUSTED;
+       errorCodeTrust = defaultErrorCodeToReport;
+ 
+       SECCertTimeValidity validity = CERT_CheckCertValidTimes(cert, now, false);
+       if (validity == secCertTimeUndetermined) {
-- 
cgit