Update to 48.0.1, Added fix for mozbz#1291700 - Since latest release NTLM/SPNEGO no longer works

2016-08-19 12:01:30 +02:00 · 2016-08-19 12:01:30 +02:00 · 924133a90d
parent 7029bb409d
commit 924133a90d
4 changed files with 107 additions and 5 deletions
--- a/.gitignore
+++ b/.gitignore
@ -202,3 +202,5 @@ firefox-3.6.4.source.tar.bz2
 /firefox-langpacks-48.0-20160726.tar.xz
 /firefox-48.0.source.tar.xz
 /firefox-langpacks-48.0-20160727.tar.xz
+/firefox-langpacks-48.0.1-20160819.tar.xz
+/firefox-48.0.1.source.tar.xz
--- a/firefox.spec
+++ b/firefox.spec
@ -85,8 +85,8 @@

 Summary:        Mozilla Firefox Web browser
 Name:           firefox
-Version:        48.0
-Release:        6%{?pre_tag}%{?dist}
+Version:        48.0.1
+Release:        1%{?pre_tag}%{?dist}
 URL:            https://www.mozilla.org/firefox/
 License:        MPLv1.1 or GPLv2+ or LGPLv2+
 Group:          Applications/Internet
@ -135,6 +135,7 @@ Patch406:        mozilla-256180.patch
 Patch407:        mozilla-890908-async-nego.patch
 Patch408:        mozilla-1272332.patch
 Patch409:        mozilla-1225044.patch
+Patch410:        mozilla-1291700.patch

 # Debian patches
 Patch500:        mozilla-440908.patch
@ -279,6 +280,7 @@ cd %{tarballdir}
 %patch407 -p1 -b .890908-async-nego
 %patch408 -p1 -b .1272332
 %patch409 -p1 -b .1225044
+%patch410 -p1 -b .1291700

 # Debian extension patch
 %patch500 -p1 -b .440908
@ -773,7 +775,7 @@ gtk-update-icon-cache %{_datadir}/icons/hicolor &>/dev/null || :
 %exclude %{_libdir}/firefox-devel-%{version}
 %exclude %{_datadir}/idl
 %if !%{?system_nss}
-%{mozappdir}/libfreebl3.chk
+%{mozappdir}/libfreeblpriv3.chk
 %{mozappdir}/libnssdbm3.chk
 %{mozappdir}/libsoftokn3.chk
 %endif
@ -781,6 +783,11 @@ gtk-update-icon-cache %{_datadir}/icons/hicolor &>/dev/null || :
 #---------------------------------------------------------------------

 %changelog
+* Fri Aug 19 2016 Martin Stransky <stransky@redhat.com> - 48.0.1-1
+- Update to 48.0.1
+- Added fix for mozbz#1291700 - Since latest release NTLM/SPNEGO
+  no longer works
+
 * Wed Aug 17 2016 Martin Stransky <stransky@redhat.com> - 48.0-6
 - Added patch for mozbz#1225044 - gtk3 rendering glitches

--- a/mozilla-1291700.patch
+++ b/mozilla-1291700.patch
@ -0,0 +1,93 @@
+# HG changeset patch
+# User Honza Bambas <honzab.moz@firemni.cz>
+# Parent  069612b7e7c93f79394fc40bc24c1e354de7a3e5
+Bug 1291700 - Allow negotiate/ntml to work when in the 'Never remember history' mode, r=jduell
+
+diff --git a/extensions/auth/nsHttpNegotiateAuth.cpp b/extensions/auth/nsHttpNegotiateAuth.cpp
+--- a/extensions/auth/nsHttpNegotiateAuth.cpp
+++ b/extensions/auth/nsHttpNegotiateAuth.cpp
+@@ -60,17 +60,37 @@ static const char kNegotiateAuthSSPI[] =
+ //-----------------------------------------------------------------------------
+ 
+ // Return false when the channel comes from a Private browsing window.
+ static bool
+ TestNotInPBMode(nsIHttpAuthenticableChannel *authChannel)
+ {
+     nsCOMPtr<nsIChannel> bareChannel = do_QueryInterface(authChannel);
+     MOZ_ASSERT(bareChannel);
+-    return !NS_UsePrivateBrowsing(bareChannel);
+
+    if (!NS_UsePrivateBrowsing(bareChannel)) {
+        return true;
+    }
+
+    nsCOMPtr<nsIPrefBranch> prefs = do_GetService(NS_PREFSERVICE_CONTRACTID);
+    if (!prefs) {
+        return true;
+    }
+
+    // When the "Never remember history" option is set, all channels are
+    // set PB mode flag, but here we want to make an exception, users
+    // want their credentials go out.
+    bool dontRememberHistory;
+    if (NS_SUCCEEDED(prefs->GetBoolPref("browser.privatebrowsing.autostart",
+                                        &dontRememberHistory)) &&
+        dontRememberHistory) {
+        return true;
+    }
+
+    return false;
+ }
+ 
+ NS_IMETHODIMP
+ nsHttpNegotiateAuth::GetAuthFlags(uint32_t *flags)
+ {
+     //
+     // Negotiate Auth creds should not be reused across multiple requests.
+     // Only perform the negotiation when it is explicitly requested by the
+diff --git a/netwerk/protocol/http/nsHttpNTLMAuth.cpp b/netwerk/protocol/http/nsHttpNTLMAuth.cpp
+--- a/netwerk/protocol/http/nsHttpNTLMAuth.cpp
+++ b/netwerk/protocol/http/nsHttpNTLMAuth.cpp
+@@ -182,28 +182,38 @@ ForceGenericNTLM()
+     return flag;
+ }
+ 
+ // Check to see if we should use default credentials for this host or proxy.
+ static bool
+ CanUseDefaultCredentials(nsIHttpAuthenticableChannel *channel,
+                          bool isProxyAuth)
+ {
+    nsCOMPtr<nsIPrefBranch> prefs = do_GetService(NS_PREFSERVICE_CONTRACTID);
+
+     // Prevent using default credentials for authentication when we are in the
+     // private browsing mode.  It would cause a privacy data leak.
+     nsCOMPtr<nsIChannel> bareChannel = do_QueryInterface(channel);
+     MOZ_ASSERT(bareChannel);
+
+     if (NS_UsePrivateBrowsing(bareChannel)) {
+        // But allow when in the "Never remember history" mode.
+        bool dontRememberHistory;
+        if (prefs &&
+            NS_SUCCEEDED(prefs->GetBoolPref("browser.privatebrowsing.autostart",
+                                            &dontRememberHistory)) &&
+            !dontRememberHistory) {
+            return false;
+        }
+    }
+
+    if (!prefs) {
+         return false;
+     }
+ 
+-    nsCOMPtr<nsIPrefBranch> prefs = do_GetService(NS_PREFSERVICE_CONTRACTID);
+-    if (!prefs)
+-        return false;
+-
+     if (isProxyAuth) {
+         bool val;
+         if (NS_FAILED(prefs->GetBoolPref(kAllowProxies, &val)))
+             val = false;
+         LOG(("Default credentials allowed for proxy: %d\n", val));
+         return val;
+     }
+ 
--- a/4
+++ b/4
@ -1,2 +1,2 @@
-df52f6cfdf98e10b3f036479f38406c4  firefox-48.0.source.tar.xz
-be99fdaebb501a70c03cee3a49f716b1  firefox-langpacks-48.0-20160727.tar.xz
+892a534ca51f5d21d658d1d1fc08e8c5  firefox-langpacks-48.0.1-20160819.tar.xz
+8c09b6cbf13ce13aa57d87175da997f4  firefox-48.0.1.source.tar.xz