rpms/thunderbird
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Rebase to 60

Browse Source
This commit is contained in:
Jan Horak 2018-08-22 14:26:18 +02:00
parent 7953b4f0dd
commit 5c98220f22
28 changed files with 64 additions and 11057 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
build-1360521-missing-cheddar.patch
View File

@ -1,13 +0,0 @@
diff --git a/mozilla-release/media/libstagefright/binding/mp4parse_capi/Cargo.toml b/mozilla-release/media/libstagefright/binding/mp4parse_capi/Cargo.toml
index aee7ee9471..d7e3f55119 100644
--- a/mozilla-release/media/libstagefright/binding/mp4parse_capi/Cargo.toml
+++ b/mozilla-release/media/libstagefright/binding/mp4parse_capi/Cargo.toml
@@ -18,6 +18,8 @@ exclude = [
"*.mp4",
]
+build = false
+
[dependencies]
byteorder = "1.0.0"
"mp4parse" = {version = "0.6.0", path = "../mp4parse"}

11
build-fix-dupes.patch
View File

@ -1,11 +0,0 @@
diff -up thunderbird-52.0/mail/installer/Makefile.in.fix-dupes thunderbird-52.0/mail/installer/Makefile.in
--- thunderbird-52.0/mail/installer/Makefile.in.fix-dupes 2017-04-04 13:06:17.414621079 +0200
+++ thunderbird-52.0/mail/installer/Makefile.in 2017-04-04 13:06:24.397611123 +0200
@@ -15,6 +15,7 @@ ifndef SYSTEM_LIBXUL
MOZ_PKG_FATAL_WARNINGS = 1
endif
MOZ_PKG_DUPEFLAGS = \
+ -w \
-f $(srcdir)/allowed-dupes.mn \
-f $(MOZILLA_DIR)/browser/installer/allowed-dupes.mn \
$(NULL)

12
build-missing-xlocale-h.patch
View File

@ -1,12 +0,0 @@
diff -up thunderbird-52.3.0/mozilla/intl/icu/source/i18n/digitlst.cpp.xlocale thunderbird-52.3.0/mozilla/intl/icu/source/i18n/digitlst.cpp
--- thunderbird-52.3.0/mozilla/intl/icu/source/i18n/digitlst.cpp.xlocale 2017-08-24 14:42:48.634084293 +0200
+++ thunderbird-52.3.0/mozilla/intl/icu/source/i18n/digitlst.cpp 2017-08-24 14:42:50.534084676 +0200
@@ -64,7 +64,7 @@
# if U_PLATFORM_USES_ONLY_WIN32_API || U_PLATFORM == U_PF_CYGWIN
# include <locale.h>
# else
-# include <xlocale.h>
+# include <locale.h>
# endif
#endif

66
build-nspr-prbool.patch
View File

@ -1,66 +0,0 @@
diff -up mozilla-beta/media/webrtc/trunk/webrtc/base/nssidentity.h.prbool-fix mozilla-beta/media/webrtc/trunk/webrtc/base/nssidentity.h
--- mozilla-beta/media/webrtc/trunk/webrtc/base/nssidentity.h.prbool-fix 2015-04-07 10:29:51.919137851 +0200
+++ mozilla-beta/media/webrtc/trunk/webrtc/base/nssidentity.h 2015-04-07 10:33:06.886532753 +0200
@@ -15,6 +15,7 @@
#include "cert.h"
#include "nspr.h"
+#include "prtypes.h"
#include "hasht.h"
#include "keythi.h"
diff -up mozilla-beta/modules/libmar/sign/nss_secutil.h.prbool-fix mozilla-beta/modules/libmar/sign/nss_secutil.h
--- mozilla-beta/modules/libmar/sign/nss_secutil.h.prbool-fix 2015-04-07 10:33:13.079513533 +0200
+++ mozilla-beta/modules/libmar/sign/nss_secutil.h 2015-04-07 10:33:16.101504154 +0200
@@ -11,6 +11,7 @@
#include "nss.h"
#include "pk11pub.h"
#include "cryptohi.h"
+#include "prtypes.h"
#include "hasht.h"
#include "cert.h"
#include "key.h"
diff -up mozilla-beta/security/certverifier/ExtendedValidation.cpp.prbool-fix mozilla-beta/security/certverifier/ExtendedValidation.cpp
--- mozilla-beta/security/certverifier/ExtendedValidation.cpp.prbool-fix 2015-04-07 10:36:42.693902941 +0200
+++ mozilla-beta/security/certverifier/ExtendedValidation.cpp 2015-04-07 10:36:45.925893606 +0200
@@ -9,6 +9,7 @@
#include "cert.h"
#include "certdb.h"
#include "base64.h"
+#include "prtypes.h"
#include "hasht.h"
#include "pkix/stdkeywords.h"
#include "pkix/pkixtypes.h"
diff -up mozilla-beta/security/certverifier/OCSPCache.h.prbool-fix mozilla-beta/security/certverifier/OCSPCache.h
--- mozilla-beta/security/certverifier/OCSPCache.h.prbool-fix 2015-04-07 10:36:34.106927741 +0200
+++ mozilla-beta/security/certverifier/OCSPCache.h 2015-04-07 10:36:35.940922444 +0200
@@ -25,6 +25,7 @@
#ifndef mozilla_psm_OCSPCache_h
#define mozilla_psm_OCSPCache_h
+#include "prtypes.h"
#include "hasht.h"
#include "mozilla/Mutex.h"
#include "mozilla/Vector.h"
diff -up mozilla-beta/security/manager/ssl/src/nsCryptoHash.h.prbool-fix mozilla-beta/security/manager/ssl/src/nsCryptoHash.h
--- mozilla-beta/security/manager/ssl/src/nsCryptoHash.h.prbool-fix 2015-04-07 10:36:15.887980360 +0200
+++ mozilla-beta/security/manager/ssl/src/nsCryptoHash.h 2015-04-07 10:36:18.124973899 +0200
@@ -10,6 +10,7 @@
#include "nsICryptoHash.h"
#include "nsICryptoHMAC.h"
#include "nsNSSShutDown.h"
+#include "prtypes.h"
#include "hasht.h"
#include "secmodt.h"
diff -up mozilla-beta/security/manager/ssl/tests/unit/tlsserver/cmd/ClientAuthServer.cpp.prbool-fix mozilla-beta/security/manager/ssl/tests/unit/tlsserver/cmd/ClientAuthServer.cpp
--- mozilla-beta/security/manager/ssl/tests/unit/tlsserver/cmd/ClientAuthServer.cpp.prbool-fix 2015-04-07 10:36:25.065953853 +0200
+++ mozilla-beta/security/manager/ssl/tests/unit/tlsserver/cmd/ClientAuthServer.cpp 2015-04-07 10:36:27.319947343 +0200
@@ -15,6 +15,7 @@
#include <stdio.h>
+#include "prtypes.h"
#include "hasht.h"
#include "ScopedNSSTypes.h"
#include "ssl.h"

11
build-werror.patch
View File

@ -1,11 +0,0 @@
diff -up firefox-32.0/mozilla-release/media/libstagefright/moz.build.old firefox-32.0/mozilla-release/media/libstagefright/moz.build
--- firefox-32.0/mozilla-release/media/libstagefright/moz.build.old 2014-08-26 05:38:08.000000000 +0200
+++ firefox-32.0/mozilla-release/media/libstagefright/moz.build 2014-08-27 15:40:12.030299348 +0200
@@ -120,7 +120,6 @@ elif CONFIG['GNU_CXX']:
'-Wno-sign-compare'
]
CXXFLAGS += [
- '-Wno-format',
'-Wno-multichar',
'-Wno-sign-compare',
'-Wno-unused',

44
firefox-build-prbool.patch
View File

@ -1,44 +0,0 @@
diff -up firefox-52.0/dom/u2f/U2F.cpp.prbool firefox-52.0/dom/u2f/U2F.cpp
--- firefox-52.0/dom/u2f/U2F.cpp.prbool 2017-03-03 13:42:22.613691228 +0100
+++ firefox-52.0/dom/u2f/U2F.cpp 2017-03-03 13:48:20.864647727 +0100
@@ -4,6 +4,7 @@
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+#include "prtypes.h"
#include "hasht.h"
#include "mozilla/dom/CallbackFunction.h"
#include "mozilla/dom/ContentChild.h"
diff -up firefox-52.0/security/certverifier/CTLogVerifier.cpp.prbool firefox-52.0/security/certverifier/CTLogVerifier.cpp
--- firefox-52.0/security/certverifier/CTLogVerifier.cpp.prbool 2017-01-16 17:16:51.000000000 +0100
+++ firefox-52.0/security/certverifier/CTLogVerifier.cpp 2017-03-03 13:42:22.613691228 +0100
@@ -7,6 +7,7 @@
#include "CTLogVerifier.h"
#include "CTSerialization.h"
+#include "prtypes.h"
#include "hasht.h"
#include "mozilla/ArrayUtils.h"
#include "mozilla/Assertions.h"
diff -up firefox-52.0/security/certverifier/CTObjectsExtractor.cpp.prbool firefox-52.0/security/certverifier/CTObjectsExtractor.cpp
--- firefox-52.0/security/certverifier/CTObjectsExtractor.cpp.prbool 2017-01-16 17:16:51.000000000 +0100
+++ firefox-52.0/security/certverifier/CTObjectsExtractor.cpp 2017-03-03 13:42:22.613691228 +0100
@@ -6,6 +6,7 @@
#include "CTObjectsExtractor.h"
+#include "prtypes.h"
#include "hasht.h"
#include "mozilla/Assertions.h"
#include "mozilla/Casting.h"
diff -up firefox-52.0/security/certverifier/OCSPCache.h.prbool firefox-52.0/security/certverifier/OCSPCache.h
--- firefox-52.0/security/certverifier/OCSPCache.h.prbool 2017-02-27 17:11:06.000000000 +0100
+++ firefox-52.0/security/certverifier/OCSPCache.h 2017-03-03 13:42:22.613691228 +0100
@@ -25,6 +25,7 @@
#ifndef mozilla_psm_OCSPCache_h
#define mozilla_psm_OCSPCache_h
+#include "prtypes.h"
#include "hasht.h"
#include "mozilla/Mutex.h"
#include "mozilla/Vector.h"

19
lightning-bad-langs.patch
View File

@ -1,19 +0,0 @@
diff -up thunderbird-45.0/calendar/locales/shipped-locales.bad-langs thunderbird-45.0/calendar/locales/shipped-locales
--- thunderbird-45.0/calendar/locales/shipped-locales.bad-langs 2016-04-07 23:14:23.000000000 +0200
+++ thunderbird-45.0/calendar/locales/shipped-locales 2016-04-14 13:14:16.853967318 +0200
@@ -15,7 +15,6 @@ fy-NL
ga-IE
gd
hu
-id
is
it
ja linux win32
@@ -24,7 +23,6 @@ lt
nb-NO
nl
nn-NO
-pa-IN
pl
pt-PT
ru

5
mklangsource.sh
View File

@ -9,7 +9,8 @@ tbver=`rpmspec -P thunderbird.spec |awk '/^Version:/ { print $2; exit }'`
tag=THUNDERBIRD_${tbver//./_}_RELEASE
branch=`rpmspec -P thunderbird.spec | awk '/^%define *tarballdir/ { print $3; exit }'`
#locales=$PWD/thunderbird-${tbver}/${branch}/calendar/locales/shipped-locales
locales=$PWD/thunderbird-${tbver}/calendar/locales/shipped-locales
#locales=$PWD/thunderbird-${tbver}/calendar/locales/shipped-locales
locales=$PWD/thunderbird-${tbver}/comm/calendar/locales/shipped-locales
#locales=$PWD/shipped-locales
if [ ! -f $locales ]
then
@ -42,7 +43,7 @@ rm -rf l10n-merged
cp -R l10n l10n-merged
for lang in $(<$locales)
do
compare-locales --merge l10n-merged/$lang $PWD/thunderbird-${tbver}/calendar/locales/l10n.ini l10n $lang
compare-locales --merge l10n-merged/$lang $PWD/thunderbird-${tbver}/comm/calendar/locales/l10n.ini l10n $lang
done

84
mozilla-1228540-1.patch
View File

@ -1,84 +0,0 @@
# HG changeset patch
# User Jonathan Kew <jkew@mozilla.com>
# Date 1452675061 0
# Wed Jan 13 08:51:01 2016 +0000
# Node ID cf699e95e98829b465b64a7e0281d95ec851ce8c
# Parent 3c9f357598e86c2f593e9895d5725bf3498f8f5a
Bug 1228540 - pt 2 - Remove our HBGetGlyphHOrigin callback, as the default behavior is sufficient.
diff --git a/gfx/thebes/gfxHarfBuzzShaper.cpp b/gfx/thebes/gfxHarfBuzzShaper.cpp
--- a/gfx/thebes/gfxHarfBuzzShaper.cpp
+++ b/gfx/thebes/gfxHarfBuzzShaper.cpp
@@ -349,27 +349,16 @@ gfxHarfBuzzShaper::HBGetGlyphVAdvance(hb
static_cast<const gfxHarfBuzzShaper::FontCallbackData*>(font_data);
// Currently, we don't offer gfxFont subclasses a method to override this
// and provide hinted platform-specific vertical advances (analogous to the
// GetGlyphWidth method for horizontal advances). If that proves necessary,
// we'll add a new gfxFont method and call it from here.
return fcd->mShaper->GetGlyphVAdvance(glyph);
}
-/* static */
-hb_bool_t
-gfxHarfBuzzShaper::HBGetGlyphHOrigin(hb_font_t *font, void *font_data,
- hb_codepoint_t glyph,
- hb_position_t *x, hb_position_t *y,
- void *user_data)
-{
- // We work in horizontal coordinates, so no origin adjustment needed here.
- return true;
-}
-
struct VORG {
AutoSwap_PRUint16 majorVersion;
AutoSwap_PRUint16 minorVersion;
AutoSwap_PRInt16 defaultVertOriginY;
AutoSwap_PRUint16 numVertOriginYMetrics;
};
struct VORGrec {
@@ -1262,19 +1251,16 @@ gfxHarfBuzzShaper::Initialize()
hb_font_funcs_set_glyph_func(sHBFontFuncs, HBGetGlyph,
nullptr, nullptr);
hb_font_funcs_set_glyph_h_advance_func(sHBFontFuncs,
HBGetGlyphHAdvance,
nullptr, nullptr);
hb_font_funcs_set_glyph_v_advance_func(sHBFontFuncs,
HBGetGlyphVAdvance,
nullptr, nullptr);
- hb_font_funcs_set_glyph_h_origin_func(sHBFontFuncs,
- HBGetGlyphHOrigin,
- nullptr, nullptr);
hb_font_funcs_set_glyph_v_origin_func(sHBFontFuncs,
HBGetGlyphVOrigin,
nullptr, nullptr);
hb_font_funcs_set_glyph_extents_func(sHBFontFuncs,
HBGetGlyphExtents,
nullptr, nullptr);
hb_font_funcs_set_glyph_contour_point_func(sHBFontFuncs,
HBGetContourPoint,
diff --git a/gfx/thebes/gfxHarfBuzzShaper.h b/gfx/thebes/gfxHarfBuzzShaper.h
--- a/gfx/thebes/gfxHarfBuzzShaper.h
+++ b/gfx/thebes/gfxHarfBuzzShaper.h
@@ -56,21 +56,16 @@ public:
hb_codepoint_t glyph, void *user_data);
// get harfbuzz vertical advance in 16.16 fixed point format.
static hb_position_t
HBGetGlyphVAdvance(hb_font_t *font, void *font_data,
hb_codepoint_t glyph, void *user_data);
static hb_bool_t
- HBGetGlyphHOrigin(hb_font_t *font, void *font_data,
- hb_codepoint_t glyph,
- hb_position_t *x, hb_position_t *y,
- void *user_data);
- static hb_bool_t
HBGetGlyphVOrigin(hb_font_t *font, void *font_data,
hb_codepoint_t glyph,
hb_position_t *x, hb_position_t *y,
void *user_data);
hb_position_t GetHKerning(uint16_t aFirstGlyph,
uint16_t aSecondGlyph) const;

9138
mozilla-1228540.patch
View File

File diff suppressed because it is too large Load Diff

12
mozilla-1253216.patch
View File

@ -1,12 +0,0 @@
diff -up firefox-48.0/js/src/jit/AtomicOperations.h.old firefox-48.0/js/src/jit/AtomicOperations.h
--- firefox-48.0/js/src/jit/AtomicOperations.h.old 2016-07-27 09:42:43.148175449 +0200
+++ firefox-48.0/js/src/jit/AtomicOperations.h 2016-07-27 09:41:13.000000000 +0200
@@ -340,7 +340,7 @@ AtomicOperations::isLockfree(int32_t siz
# elif defined(__aarch64__)
# include "jit/arm64/AtomicOperations-arm64.h"
# else
-# include "jit/none/AtomicOperations-none.h" // These MOZ_CRASH() always
+# include "jit/none/AtomicOperations-ppc.h"
# endif
#elif defined(JS_CODEGEN_X86) || defined(JS_CODEGEN_X64)
# include "jit/x86-shared/AtomicOperations-x86-shared.h"

16
rhbz-1219542-s390-build.patch
View File

@ -1,7 +1,7 @@
diff -up firefox-43.0.3/js/src/configure.in.rhbz-1219542-s390 firefox-43.0.3/js/src/configure.in
--- firefox-43.0.3/js/src/configure.in.rhbz-1219542-s390 2015-12-23 17:11:01.000000000 -0500
+++ firefox-43.0.3/js/src/configure.in 2016-01-03 08:08:27.139956990 -0500
@@ -1466,7 +1466,7 @@ case "$host" in
diff -up firefox-55.0/js/src/old-configure.in.rhbz-1219542-s390 firefox-55.0/js/src/old-configure.in
--- firefox-55.0/js/src/old-configure.in.rhbz-1219542-s390 2017-07-31 18:20:48.000000000 +0200
+++ firefox-55.0/js/src/old-configure.in 2017-08-02 14:31:32.190243669 +0200
@@ -541,7 +541,7 @@ case "$host" in
*-linux*|*-kfreebsd*-gnu|*-gnu*)
HOST_CFLAGS="$HOST_CFLAGS -DXP_UNIX"
@ -10,10 +10,10 @@ diff -up firefox-43.0.3/js/src/configure.in.rhbz-1219542-s390 firefox-43.0.3/js/
;;
*)
@@ -1649,8 +1649,8 @@ ia64*-hpux*)
# while; Intel recommends against using it.
MOZ_OPTIMIZE_FLAGS="-O2"
elif test "$GNU_CC" -o "$GNU_CXX"; then
@@ -617,8 +617,8 @@ case "$target" in
*-*linux*)
if test "$GNU_CC" -o "$GNU_CXX"; then
- MOZ_PGO_OPTIMIZE_FLAGS="-O3"
- MOZ_OPTIMIZE_FLAGS="-O3"
+ MOZ_PGO_OPTIMIZE_FLAGS="-O1"

72
rhbz-1400293-fix-mozilla-1324096.patch
View File

@ -1,72 +0,0 @@
diff --git a/security/certverifier/CertVerifier.cpp b/security/certverifier/CertVerifier.cpp
--- a/security/certverifier/CertVerifier.cpp
+++ b/security/certverifier/CertVerifier.cpp
@@ -120,16 +120,20 @@ IsCertChainRootBuiltInRoot(const UniqueC
}
CERTCertificate* root = rootNode->cert;
if (!root) {
return Result::FATAL_ERROR_LIBRARY_FAILURE;
}
return IsCertBuiltInRoot(root, result);
}
+// The term "builtin root" traditionally refers to a root CA certificate that
+// has been added to the NSS trust store, because it has been approved
+// for inclusion according to the Mozilla CA policy, and might be accepted
+// by Mozilla applications as an issuer for certificates seen on the public web.
Result
IsCertBuiltInRoot(CERTCertificate* cert, bool& result)
{
result = false;
#ifdef DEBUG
nsCOMPtr<nsINSSComponent> component(do_GetService(PSM_COMPONENT_CONTRACTID));
if (!component) {
return Result::FATAL_ERROR_LIBRARY_FAILURE;
@@ -142,25 +146,38 @@ IsCertBuiltInRoot(CERTCertificate* cert,
return Success;
}
#endif // DEBUG
AutoSECMODListReadLock lock;
for (SECMODModuleList* list = SECMOD_GetDefaultModuleList(); list;
list = list->next) {
for (int i = 0; i < list->module->slotCount; i++) {
PK11SlotInfo* slot = list->module->slots[i];
- // PK11_HasRootCerts should return true if and only if the given slot has
- // an object with a CKA_CLASS of CKO_NETSCAPE_BUILTIN_ROOT_LIST, which
- // should be true only of the builtin root list.
- // If we can find a copy of the given certificate on the slot with the
- // builtin root list, that certificate must be a builtin.
- if (PK11_IsPresent(slot) && PK11_HasRootCerts(slot) &&
- PK11_FindCertInSlot(slot, cert, nullptr) != CK_INVALID_HANDLE) {
- result = true;
- return Success;
+ // We're searching for the "builtin root module", which is a module that
+ // contains an object with a CKA_CLASS of CKO_NETSCAPE_BUILTIN_ROOT_LIST.
+ // We use PK11_HasRootCerts() to identify a module with that property.
+ // In the past, we exclusively used the PKCS#11 module named nssckbi,
+ // which is provided by the NSS library.
+ // Nowadays, some distributions use a replacement module, which contains
+ // the builtin roots, but which also contains additional CA certificates,
+ // such as CAs trusted in a local deployment.
+ // We want to be able to distinguish between these two categories,
+ // because a CA, which may issue certificates for the public web,
+ // is expected to comply with additional requirements.
+ // If the certificate has attribute CKA_NSS_MOZILLA_CA_POLICY set to true,
+ // then we treat it as a "builtin root".
+ if (PK11_IsPresent(slot) && PK11_HasRootCerts(slot)) {
+ CK_OBJECT_HANDLE handle = PK11_FindCertInSlot(slot, cert, nullptr);
+ if (handle != CK_INVALID_HANDLE &&
+ PK11_HasAttributeSet(slot, handle, CKA_NSS_MOZILLA_CA_POLICY,
+ false)) {
+ // Attribute was found, and is set to true
+ result = true;
+ break;
+ }
}
}
}
return Success;
}
static Result
BuildCertChainForOneKeyUsage(NSSCertDBTrustDomain& trustDomain, Input certDER,

24
rhbz-966424.patch
View File

@ -1,24 +0,0 @@
diff --git a/toolkit/module/CertUtils.jsm b/toolkit/toolkit/modules/CertUtils.jsm
--- a/toolkit/modules/CertUtils.jsm
+++ b/toolkit/modules/CertUtils.jsm
@@ -170,17 +170,19 @@ this.checkCert =
issuerCert = issuerCert.QueryInterface(Ci.nsIX509Cert3);
var tokenNames = issuerCert.getAllTokenNames({});
if (!tokenNames || !tokenNames.some(isBuiltinToken))
throw new Ce(certNotBuiltInErr, Cr.NS_ERROR_ABORT);
}
function isBuiltinToken(tokenName) {
- return tokenName == "Builtin Object Token";
+ return tokenName == "Builtin Object Token" ||
+ tokenName == "Default Trust" ||
+ tokenName == "System Trust";
}
/**
* This class implements nsIBadCertListener. Its job is to prevent "bad cert"
* security dialogs from being shown to the user. It is better to simply fail
* if the certificate is bad. See bug 304286.
*
* @param aAllowNonBuiltInCerts (optional)

521
sqlcompat-esr52-1-730495-backport
View File

@ -1,521 +0,0 @@
# HG changeset patch
# Parent 8632daab35b081a0bcb4fd7cc99d8a954c28066b
diff --git a/js/xpconnect/src/XPCShellImpl.cpp b/js/xpconnect/src/XPCShellImpl.cpp
--- a/js/xpconnect/src/XPCShellImpl.cpp
+++ b/js/xpconnect/src/XPCShellImpl.cpp
@@ -64,6 +64,8 @@
#include "nsICrashReporter.h"
#endif
+#include "AutoSQLiteLifetime.h"
+
using namespace mozilla;
using namespace JS;
using mozilla::dom::AutoJSAPI;
@@ -1262,6 +1264,7 @@ XRE_XPCShellMain(int argc, char** argv,
const XREShellData* aShellData)
{
MOZ_ASSERT(aShellData);
+ AutoSQLiteLifetime mSQLLT;
JSContext* cx;
int result = 0;
diff --git a/storage/TelemetryVFS.cpp b/storage/TelemetryVFS.cpp
--- a/storage/TelemetryVFS.cpp
+++ b/storage/TelemetryVFS.cpp
@@ -828,6 +828,11 @@ xNextSystemCall(sqlite3_vfs *vfs, const
namespace mozilla {
namespace storage {
+const char *GetVFSName()
+{
+ return "telemetry-vfs";
+}
+
sqlite3_vfs* ConstructTelemetryVFS()
{
#if defined(XP_WIN)
@@ -861,7 +866,7 @@ sqlite3_vfs* ConstructTelemetryVFS()
MOZ_ASSERT(vfs->iVersion <= LAST_KNOWN_VFS_VERSION);
tvfs->szOsFile = sizeof(telemetry_file) - sizeof(sqlite3_file) + vfs->szOsFile;
tvfs->mxPathname = vfs->mxPathname;
- tvfs->zName = "telemetry-vfs";
+ tvfs->zName = GetVFSName();
tvfs->pAppData = vfs;
tvfs->xOpen = xOpen;
tvfs->xDelete = xDelete;
diff --git a/storage/mozStorageConnection.cpp b/storage/mozStorageConnection.cpp
--- a/storage/mozStorageConnection.cpp
+++ b/storage/mozStorageConnection.cpp
@@ -72,6 +72,8 @@ namespace storage {
using mozilla::dom::quota::QuotaObject;
+const char *GetVFSName();
+
namespace {
int
@@ -615,7 +617,7 @@ Connection::initialize()
js::ProfileEntry::Category::STORAGE);
// in memory database requested, sqlite uses a magic file name
- int srv = ::sqlite3_open_v2(":memory:", &mDBConn, mFlags, nullptr);
+ int srv = ::sqlite3_open_v2(":memory:", &mDBConn, mFlags, GetVFSName());
if (srv != SQLITE_OK) {
mDBConn = nullptr;
return convertResultCode(srv);
@@ -649,7 +651,7 @@ Connection::initialize(nsIFile *aDatabas
#else
static const char* sIgnoreLockingVFS = "unix-none";
#endif
- const char* vfs = mIgnoreLockingMode ? sIgnoreLockingVFS : nullptr;
+ const char* vfs = mIgnoreLockingMode ? sIgnoreLockingVFS : GetVFSName();
int srv = ::sqlite3_open_v2(NS_ConvertUTF16toUTF8(path).get(), &mDBConn,
mFlags, vfs);
@@ -684,7 +686,7 @@ Connection::initialize(nsIFileURL *aFile
rv = aFileURL->GetSpec(spec);
NS_ENSURE_SUCCESS(rv, rv);
- int srv = ::sqlite3_open_v2(spec.get(), &mDBConn, mFlags, nullptr);
+ int srv = ::sqlite3_open_v2(spec.get(), &mDBConn, mFlags, GetVFSName());
if (srv != SQLITE_OK) {
mDBConn = nullptr;
return convertResultCode(srv);
diff --git a/storage/mozStorageService.cpp b/storage/mozStorageService.cpp
--- a/storage/mozStorageService.cpp
+++ b/storage/mozStorageService.cpp
@@ -26,6 +26,7 @@
#include "mozIStoragePendingStatement.h"
#include "sqlite3.h"
+#include "AutoSQLiteLifetime.h"
#ifdef SQLITE_OS_WIN
// "windows.h" was included and it can #define lots of things we care about...
@@ -34,13 +35,6 @@
#include "nsIPromptService.h"
-#ifdef MOZ_STORAGE_MEMORY
-# include "mozmemory.h"
-# ifdef MOZ_DMD
-# include "DMD.h"
-# endif
-#endif
-
////////////////////////////////////////////////////////////////////////////////
//// Defines
@@ -282,12 +276,6 @@ Service::~Service()
if (rc != SQLITE_OK)
NS_WARNING("Failed to unregister sqlite vfs wrapper.");
- // Shutdown the sqlite3 API. Warn if shutdown did not turn out okay, but
- // there is nothing actionable we can do in that case.
- rc = ::sqlite3_shutdown();
- if (rc != SQLITE_OK)
- NS_WARNING("sqlite3 did not shutdown cleanly.");
-
DebugOnly<bool> shutdownObserved = !sXPConnect;
NS_ASSERTION(shutdownObserved, "Shutdown was not observed!");
@@ -387,121 +375,7 @@ Service::shutdown()
}
sqlite3_vfs *ConstructTelemetryVFS();
-
-#ifdef MOZ_STORAGE_MEMORY
-
-namespace {
-
-// By default, SQLite tracks the size of all its heap blocks by adding an extra
-// 8 bytes at the start of the block to hold the size. Unfortunately, this
-// causes a lot of 2^N-sized allocations to be rounded up by jemalloc
-// allocator, wasting memory. For example, a request for 1024 bytes has 8
-// bytes added, becoming a request for 1032 bytes, and jemalloc rounds this up
-// to 2048 bytes, wasting 1012 bytes. (See bug 676189 for more details.)
-//
-// So we register jemalloc as the malloc implementation, which avoids this
-// 8-byte overhead, and thus a lot of waste. This requires us to provide a
-// function, sqliteMemRoundup(), which computes the actual size that will be
-// allocated for a given request. SQLite uses this function before all
-// allocations, and may be able to use any excess bytes caused by the rounding.
-//
-// Note: the wrappers for malloc, realloc and moz_malloc_usable_size are
-// necessary because the sqlite_mem_methods type signatures differ slightly
-// from the standard ones -- they use int instead of size_t. But we don't need
-// a wrapper for free.
-
-#ifdef MOZ_DMD
-
-// sqlite does its own memory accounting, and we use its numbers in our memory
-// reporters. But we don't want sqlite's heap blocks to show up in DMD's
-// output as unreported, so we mark them as reported when they're allocated and
-// mark them as unreported when they are freed.
-//
-// In other words, we are marking all sqlite heap blocks as reported even
-// though we're not reporting them ourselves. Instead we're trusting that
-// sqlite is fully and correctly accounting for all of its heap blocks via its
-// own memory accounting. Well, we don't have to trust it entirely, because
-// it's easy to keep track (while doing this DMD-specific marking) of exactly
-// how much memory SQLite is using. And we can compare that against what
-// SQLite reports it is using.
-
-MOZ_DEFINE_MALLOC_SIZE_OF_ON_ALLOC(SqliteMallocSizeOfOnAlloc)
-MOZ_DEFINE_MALLOC_SIZE_OF_ON_FREE(SqliteMallocSizeOfOnFree)
-
-#endif
-
-static void *sqliteMemMalloc(int n)
-{
- void* p = ::malloc(n);
-#ifdef MOZ_DMD
- gSqliteMemoryUsed += SqliteMallocSizeOfOnAlloc(p);
-#endif
- return p;
-}
-
-static void sqliteMemFree(void *p)
-{
-#ifdef MOZ_DMD
- gSqliteMemoryUsed -= SqliteMallocSizeOfOnFree(p);
-#endif
- ::free(p);
-}
-
-static void *sqliteMemRealloc(void *p, int n)
-{
-#ifdef MOZ_DMD
- gSqliteMemoryUsed -= SqliteMallocSizeOfOnFree(p);
- void *pnew = ::realloc(p, n);
- if (pnew) {
- gSqliteMemoryUsed += SqliteMallocSizeOfOnAlloc(pnew);
- } else {
- // realloc failed; undo the SqliteMallocSizeOfOnFree from above
- gSqliteMemoryUsed += SqliteMallocSizeOfOnAlloc(p);
- }
- return pnew;
-#else
- return ::realloc(p, n);
-#endif
-}
-
-static int sqliteMemSize(void *p)
-{
- return ::moz_malloc_usable_size(p);
-}
-
-static int sqliteMemRoundup(int n)
-{
- n = malloc_good_size(n);
-
- // jemalloc can return blocks of size 2 and 4, but SQLite requires that all
- // allocations be 8-aligned. So we round up sub-8 requests to 8. This
- // wastes a small amount of memory but is obviously safe.
- return n <= 8 ? 8 : n;
-}
-
-static int sqliteMemInit(void *p)
-{
- return 0;
-}
-
-static void sqliteMemShutdown(void *p)
-{
-}
-
-const sqlite3_mem_methods memMethods = {
- &sqliteMemMalloc,
- &sqliteMemFree,
- &sqliteMemRealloc,
- &sqliteMemSize,
- &sqliteMemRoundup,
- &sqliteMemInit,
- &sqliteMemShutdown,
- nullptr
-};
-
-} // namespace
-
-#endif // MOZ_STORAGE_MEMORY
+const char *GetVFSName();
static const char* sObserverTopics[] = {
"memory-pressure",
@@ -514,28 +388,13 @@ Service::initialize()
{
MOZ_ASSERT(NS_IsMainThread(), "Must be initialized on the main thread");
- int rc;
-
-#ifdef MOZ_STORAGE_MEMORY
- rc = ::sqlite3_config(SQLITE_CONFIG_MALLOC, &memMethods);
- if (rc != SQLITE_OK)
- return convertResultCode(rc);
-#endif
-
- // TODO (bug 1191405): do not preallocate the connections caches until we
- // have figured the impact on our consumers and memory.
- sqlite3_config(SQLITE_CONFIG_PAGECACHE, NULL, 0, 0);
-
- // Explicitly initialize sqlite3. Although this is implicitly called by
- // various sqlite3 functions (and the sqlite3_open calls in our case),
- // the documentation suggests calling this directly. So we do.
- rc = ::sqlite3_initialize();
+ int rc = AutoSQLiteLifetime::getInitResult();
if (rc != SQLITE_OK)
return convertResultCode(rc);
mSqliteVFS = ConstructTelemetryVFS();
if (mSqliteVFS) {
- rc = sqlite3_vfs_register(mSqliteVFS, 1);
+ rc = sqlite3_vfs_register(mSqliteVFS, 0);
if (rc != SQLITE_OK)
return convertResultCode(rc);
} else {
diff --git a/toolkit/xre/AutoSQLiteLifetime.cpp b/toolkit/xre/AutoSQLiteLifetime.cpp
new file mode 100644
--- /dev/null
+++ b/toolkit/xre/AutoSQLiteLifetime.cpp
@@ -0,0 +1,167 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nsDebug.h"
+#include "AutoSQLiteLifetime.h"
+#include "sqlite3.h"
+
+#ifdef MOZ_STORAGE_MEMORY
+# include "mozmemory.h"
+# ifdef MOZ_DMD
+# include "DMD.h"
+# endif
+
+namespace {
+
+// By default, SQLite tracks the size of all its heap blocks by adding an extra
+// 8 bytes at the start of the block to hold the size. Unfortunately, this
+// causes a lot of 2^N-sized allocations to be rounded up by jemalloc
+// allocator, wasting memory. For example, a request for 1024 bytes has 8
+// bytes added, becoming a request for 1032 bytes, and jemalloc rounds this up
+// to 2048 bytes, wasting 1012 bytes. (See bug 676189 for more details.)
+//
+// So we register jemalloc as the malloc implementation, which avoids this
+// 8-byte overhead, and thus a lot of waste. This requires us to provide a
+// function, sqliteMemRoundup(), which computes the actual size that will be
+// allocated for a given request. SQLite uses this function before all
+// allocations, and may be able to use any excess bytes caused by the rounding.
+//
+// Note: the wrappers for malloc, realloc and moz_malloc_usable_size are
+// necessary because the sqlite_mem_methods type signatures differ slightly
+// from the standard ones -- they use int instead of size_t. But we don't need
+// a wrapper for free.
+
+#ifdef MOZ_DMD
+
+// sqlite does its own memory accounting, and we use its numbers in our memory
+// reporters. But we don't want sqlite's heap blocks to show up in DMD's
+// output as unreported, so we mark them as reported when they're allocated and
+// mark them as unreported when they are freed.
+//
+// In other words, we are marking all sqlite heap blocks as reported even
+// though we're not reporting them ourselves. Instead we're trusting that
+// sqlite is fully and correctly accounting for all of its heap blocks via its
+// own memory accounting. Well, we don't have to trust it entirely, because
+// it's easy to keep track (while doing this DMD-specific marking) of exactly
+// how much memory SQLite is using. And we can compare that against what
+// SQLite reports it is using.
+
+MOZ_DEFINE_MALLOC_SIZE_OF_ON_ALLOC(SqliteMallocSizeOfOnAlloc)
+MOZ_DEFINE_MALLOC_SIZE_OF_ON_FREE(SqliteMallocSizeOfOnFree)
+
+#endif
+
+static void *sqliteMemMalloc(int n)
+{
+ void* p = ::malloc(n);
+#ifdef MOZ_DMD
+ gSqliteMemoryUsed += SqliteMallocSizeOfOnAlloc(p);
+#endif
+ return p;
+}
+
+static void sqliteMemFree(void *p)
+{
+#ifdef MOZ_DMD
+ gSqliteMemoryUsed -= SqliteMallocSizeOfOnFree(p);
+#endif
+ ::free(p);
+}
+
+static void *sqliteMemRealloc(void *p, int n)
+{
+#ifdef MOZ_DMD
+ gSqliteMemoryUsed -= SqliteMallocSizeOfOnFree(p);
+ void *pnew = ::realloc(p, n);
+ if (pnew) {
+ gSqliteMemoryUsed += SqliteMallocSizeOfOnAlloc(pnew);
+ } else {
+ // realloc failed; undo the SqliteMallocSizeOfOnFree from above
+ gSqliteMemoryUsed += SqliteMallocSizeOfOnAlloc(p);
+ }
+ return pnew;
+#else
+ return ::realloc(p, n);
+#endif
+}
+
+static int sqliteMemSize(void *p)
+{
+ return ::moz_malloc_usable_size(p);
+}
+
+static int sqliteMemRoundup(int n)
+{
+ n = malloc_good_size(n);
+
+ // jemalloc can return blocks of size 2 and 4, but SQLite requires that all
+ // allocations be 8-aligned. So we round up sub-8 requests to 8. This
+ // wastes a small amount of memory but is obviously safe.
+ return n <= 8 ? 8 : n;
+}
+
+static int sqliteMemInit(void *p)
+{
+ return 0;
+}
+
+static void sqliteMemShutdown(void *p)
+{
+}
+
+const sqlite3_mem_methods memMethods = {
+ &sqliteMemMalloc,
+ &sqliteMemFree,
+ &sqliteMemRealloc,
+ &sqliteMemSize,
+ &sqliteMemRoundup,
+ &sqliteMemInit,
+ &sqliteMemShutdown,
+ nullptr
+};
+
+} // namespace
+
+#endif // MOZ_STORAGE_MEMORY
+
+namespace mozilla {
+
+AutoSQLiteLifetime::AutoSQLiteLifetime()
+{
+ if (++AutoSQLiteLifetime::sSingletonEnforcer != 1) {
+ NS_RUNTIMEABORT("multiple instances of AutoSQLiteLifetime constructed!");
+ }
+
+#ifdef MOZ_STORAGE_MEMORY
+ sResult = ::sqlite3_config(SQLITE_CONFIG_MALLOC, &memMethods);
+#else
+ sResult = SQLITE_OK;
+#endif
+
+ if (sResult == SQLITE_OK) {
+ // TODO (bug 1191405): do not preallocate the connections caches until we
+ // have figured the impact on our consumers and memory.
+ sqlite3_config(SQLITE_CONFIG_PAGECACHE, NULL, 0, 0);
+
+ // Explicitly initialize sqlite3. Although this is implicitly called by
+ // various sqlite3 functions (and the sqlite3_open calls in our case),
+ // the documentation suggests calling this directly. So we do.
+ sResult = ::sqlite3_initialize();
+ }
+}
+
+AutoSQLiteLifetime::~AutoSQLiteLifetime()
+{
+ // Shutdown the sqlite3 API. Warn if shutdown did not turn out okay, but
+ // there is nothing actionable we can do in that case.
+ sResult = ::sqlite3_shutdown();
+ NS_WARNING_ASSERTION(sResult == SQLITE_OK,
+ "sqlite3 did not shutdown cleanly.");
+}
+
+int AutoSQLiteLifetime::sSingletonEnforcer = 0;
+int AutoSQLiteLifetime::sResult = SQLITE_MISUSE;
+
+} // namespace mozilla
diff --git a/toolkit/xre/AutoSQLiteLifetime.h b/toolkit/xre/AutoSQLiteLifetime.h
new file mode 100644
--- /dev/null
+++ b/toolkit/xre/AutoSQLiteLifetime.h
@@ -0,0 +1,24 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef mozilla_AutoSQLiteLifetime_h
+#define mozilla_AutoSQLiteLifetime_h
+
+namespace mozilla {
+
+class AutoSQLiteLifetime final
+{
+private:
+ static int sSingletonEnforcer;
+ static int sResult;
+public:
+ AutoSQLiteLifetime();
+ ~AutoSQLiteLifetime();
+ static int getInitResult() { return AutoSQLiteLifetime::sResult; }
+};
+
+} // namespace mozilla
+
+#endif
diff --git a/toolkit/xre/moz.build b/toolkit/xre/moz.build
--- a/toolkit/xre/moz.build
+++ b/toolkit/xre/moz.build
@@ -21,7 +21,7 @@ if CONFIG['OS_ARCH'] == 'WINNT':
XPIDL_MODULE = 'xulapp'
-EXPORTS += ['nsAppRunner.h']
+EXPORTS += ['AutoSQLiteLifetime.h', 'nsAppRunner.h']
if CONFIG['MOZ_INSTRUMENT_EVENT_LOOP']:
EXPORTS += ['EventTracer.h']
@@ -81,6 +81,7 @@ UNIFIED_SOURCES += [
# they pull in OS X system headers.
# nsEmbedFunctions.cpp cannot be built in unified mode because it pulls in X11 headers.
SOURCES += [
+ 'AutoSQLiteLifetime.cpp',
'nsAppRunner.cpp',
'nsEmbedFunctions.cpp',
'ProfileReset.cpp',
diff --git a/toolkit/xre/nsAppRunner.cpp b/toolkit/xre/nsAppRunner.cpp
--- a/toolkit/xre/nsAppRunner.cpp
+++ b/toolkit/xre/nsAppRunner.cpp
@@ -276,6 +276,8 @@ extern "C" MOZ_EXPORT void XRE_LibFuzzer
}
#endif
+#include "AutoSQLiteLifetime.h"
+
namespace mozilla {
int (*RunGTest)() = 0;
} // namespace mozilla
@@ -2990,6 +2992,9 @@ bool fire_glxtest_process();
// Encapsulates startup and shutdown state for XRE_main
class XREMain
{
+protected:
+ AutoSQLiteLifetime mSQLLT;
+
public:
XREMain() :
mStartOffline(false)

269
sqlcompat-esr52-2-backport-1389664
View File

@ -1,269 +0,0 @@
# HG changeset patch
# Parent 77c27a1e264305362865d6d64af201299e04dece
diff --git a/security/certverifier/NSSCertDBTrustDomain.cpp b/security/certverifier/NSSCertDBTrustDomain.cpp
--- a/security/certverifier/NSSCertDBTrustDomain.cpp
+++ b/security/certverifier/NSSCertDBTrustDomain.cpp
@@ -1097,7 +1097,27 @@ InitializeNSS(const char* dir, bool read
if (!loadPKCS11Modules) {
flags |= NSS_INIT_NOMODDB;
}
- return ::NSS_Initialize(dir, "", "", SECMOD_DB, flags);
+ SECStatus srv = NSS_Initialize(dir, "", "", SECMOD_DB, flags);
+ if (srv != SECSuccess) {
+ return srv;
+ }
+
+ if (!readOnly) {
+ UniquePK11SlotInfo slot(PK11_GetInternalKeySlot());
+ if (!slot) {
+ return SECFailure;
+ }
+ // If the key DB doesn't have a password set, PK11_NeedUserInit will return
+ // true. For the SQL DB, we need to set a password or we won't be able to
+ // import any certificates or change trust settings.
+ if (PK11_NeedUserInit(slot.get())) {
+ srv = PK11_InitPin(slot.get(), nullptr, nullptr);
+ MOZ_ASSERT(srv == SECSuccess);
+ Unused << srv;
+ }
+ }
+
+ return SECSuccess;
}
void
diff --git a/security/manager/ssl/nsIPK11Token.idl b/security/manager/ssl/nsIPK11Token.idl
--- a/security/manager/ssl/nsIPK11Token.idl
+++ b/security/manager/ssl/nsIPK11Token.idl
@@ -65,6 +65,14 @@ interface nsIPK11Token : nsISupports
void setAskPasswordDefaults([const] in long askTimes, [const] in long timeout);
/*
+ * True if a password has been configured for this token, and false otherwise.
+ * (Whether or not the user is currently logged in makes no difference.)
+ * In particular, this can be used to determine if a user has set a master
+ * password (if this is the internal key token).
+ */
+ readonly attribute boolean hasPassword;
+
+ /*
* Other attributes
*/
boolean isHardwareToken();
diff --git a/security/manager/ssl/nsNSSCertificateDB.cpp b/security/manager/ssl/nsNSSCertificateDB.cpp
--- a/security/manager/ssl/nsNSSCertificateDB.cpp
+++ b/security/manager/ssl/nsNSSCertificateDB.cpp
@@ -56,31 +56,6 @@ using mozilla::psm::SharedSSLState;
extern LazyLogModule gPIPNSSLog;
-static nsresult
-attemptToLogInWithDefaultPassword()
-{
-#ifdef NSS_DISABLE_DBM
- // The SQL NSS DB requires the user to be authenticated to set certificate
- // trust settings, even if the user's password is empty. To maintain
- // compatibility with the DBM-based database, try to log in with the
- // default empty password. This will allow, at least, tests that need to
- // change certificate trust to pass on all platforms. TODO(bug 978120): Do
- // proper testing and/or implement a better solution so that we are confident
- // that this does the correct thing outside of xpcshell tests too.
- UniquePK11SlotInfo slot(PK11_GetInternalKeySlot());
- if (!slot) {
- return MapSECStatus(SECFailure);
- }
- if (PK11_NeedUserInit(slot.get())) {
- // Ignore the return value. Presumably PK11_InitPin will fail if the user
- // has a non-default password.
- Unused << PK11_InitPin(slot.get(), nullptr, nullptr);
- }
-#endif
-
- return NS_OK;
-}
-
NS_IMPL_ISUPPORTS(nsNSSCertificateDB, nsIX509CertDB)
nsNSSCertificateDB::~nsNSSCertificateDB()
@@ -843,11 +818,6 @@ nsNSSCertificateDB::SetCertTrust(nsIX509
nsresult rv;
UniqueCERTCertificate nsscert(cert->GetCert());
- rv = attemptToLogInWithDefaultPassword();
- if (NS_WARN_IF(rv != NS_OK)) {
- return rv;
- }
-
SECStatus srv;
if (type == nsIX509Cert::CA_CERT) {
// always start with untrusted and move up
@@ -1366,11 +1336,6 @@ nsNSSCertificateDB::AddCertFromBase64(co
MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("Created nick \"%s\"\n", nickname.get()));
- rv = attemptToLogInWithDefaultPassword();
- if (NS_WARN_IF(rv != NS_OK)) {
- return rv;
- }
-
SECStatus srv = CERT_AddTempCertToPerm(tmpCert.get(), nickname.get(),
trust.GetTrust());
return MapSECStatus(srv);
@@ -1400,11 +1365,6 @@ nsNSSCertificateDB::SetCertTrustFromStri
}
UniqueCERTCertificate nssCert(cert->GetCert());
- nsresult rv = attemptToLogInWithDefaultPassword();
- if (NS_WARN_IF(rv != NS_OK)) {
- return rv;
- }
-
srv = CERT_ChangeCertTrust(CERT_GetDefaultCertDB(), nssCert.get(), &trust);
return MapSECStatus(srv);
}
diff --git a/security/manager/ssl/nsNSSComponent.cpp b/security/manager/ssl/nsNSSComponent.cpp
--- a/security/manager/ssl/nsNSSComponent.cpp
+++ b/security/manager/ssl/nsNSSComponent.cpp
@@ -2081,8 +2081,14 @@ NS_IMETHODIMP
nsNSSComponent::Observe(nsISupports* aSubject, const char* aTopic,
const char16_t* someData)
{
- if (nsCRT::strcmp(aTopic, PROFILE_BEFORE_CHANGE_TOPIC) == 0) {
- MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("receiving profile change topic\n"));
+ // In some tests, we don't receive a "profile-before-change" topic. However,
+ // we still have to shut down before the storage service shuts down, because
+ // closing the sql-backed softoken requires sqlite still be available. Thus,
+ // we observe "xpcom-shutdown" just in case.
+ if (nsCRT::strcmp(aTopic, PROFILE_BEFORE_CHANGE_TOPIC) == 0 ||
+ nsCRT::strcmp(aTopic, NS_XPCOM_SHUTDOWN_OBSERVER_ID) == 0) {
+ MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+ ("receiving profile change or XPCOM shutdown notification"));
DoProfileBeforeChange();
} else if (nsCRT::strcmp(aTopic, NS_PREFBRANCH_PREFCHANGE_TOPIC_ID) == 0) {
nsNSSShutDownPreventionLock locker;
@@ -2234,6 +2240,7 @@ nsNSSComponent::RegisterObservers()
// keep a strong reference to this component. As a result, this will live at
// least as long as the observer service.
observerService->AddObserver(this, PROFILE_BEFORE_CHANGE_TOPIC, false);
+ observerService->AddObserver(this, NS_XPCOM_SHUTDOWN_OBSERVER_ID, false);
return NS_OK;
}
diff --git a/security/manager/ssl/nsPK11TokenDB.cpp b/security/manager/ssl/nsPK11TokenDB.cpp
--- a/security/manager/ssl/nsPK11TokenDB.cpp
+++ b/security/manager/ssl/nsPK11TokenDB.cpp
@@ -293,11 +293,24 @@ NS_IMETHODIMP
nsPK11Token::InitPassword(const nsACString& initialPassword)
{
nsNSSShutDownPreventionLock locker;
- if (isAlreadyShutDown())
+ if (isAlreadyShutDown()) {
return NS_ERROR_NOT_AVAILABLE;
+ }
- return MapSECStatus(
- PK11_InitPin(mSlot.get(), "", PromiseFlatCString(initialPassword).get()));
+ const nsCString& passwordCStr = PromiseFlatCString(initialPassword);
+ // PSM initializes the sqlite-backed softoken with an empty password. The
+ // implementation considers this not to be a password (GetHasPassword returns
+ // false), but we can't actually call PK11_InitPin again. Instead, we call
+ // PK11_ChangePW with the empty password.
+ bool hasPassword;
+ nsresult rv = GetHasPassword(&hasPassword);
+ if (NS_FAILED(rv)) {
+ return rv;
+ }
+ if (!PK11_NeedUserInit(mSlot.get()) && !hasPassword) {
+ return MapSECStatus(PK11_ChangePW(mSlot.get(), "", passwordCStr.get()));
+ }
+ return MapSECStatus(PK11_InitPin(mSlot.get(), "", passwordCStr.get()));
}
NS_IMETHODIMP
@@ -359,6 +372,23 @@ nsPK11Token::ChangePassword(const nsACSt
}
NS_IMETHODIMP
+nsPK11Token::GetHasPassword(bool* hasPassword)
+{
+ NS_ENSURE_ARG_POINTER(hasPassword);
+
+ nsNSSShutDownPreventionLock locker;
+ if (isAlreadyShutDown()) {
+ return NS_ERROR_NOT_AVAILABLE;
+ }
+
+ // PK11_NeedLogin returns true if the token is currently configured to require
+ // the user to log in (whether or not the user is actually logged in makes no
+ // difference).
+ *hasPassword = PK11_NeedLogin(mSlot.get()) && !PK11_NeedUserInit(mSlot.get());
+ return NS_OK;
+}
+
+NS_IMETHODIMP
nsPK11Token::IsHardwareToken(bool* _retval)
{
NS_ENSURE_ARG_POINTER(_retval);
diff --git a/security/manager/ssl/tests/unit/head_psm.js b/security/manager/ssl/tests/unit/head_psm.js
--- a/security/manager/ssl/tests/unit/head_psm.js
+++ b/security/manager/ssl/tests/unit/head_psm.js
@@ -770,14 +770,6 @@ function add_prevented_cert_override_tes
add_connection_test(aHost, aExpectedError);
}
-function loginToDBWithDefaultPassword() {
- let tokenDB = Cc["@mozilla.org/security/pk11tokendb;1"]
- .getService(Ci.nsIPK11TokenDB);
- let token = tokenDB.getInternalKeyToken();
- token.initPassword("");
- token.login(/*force*/ false);
-}
-
// Helper for asyncTestCertificateUsages.
class CertVerificationResult {
constructor(certName, usageString, successExpected, resolve) {
diff --git a/security/manager/ssl/tests/unit/test_certDB_import.js b/security/manager/ssl/tests/unit/test_certDB_import.js
--- a/security/manager/ssl/tests/unit/test_certDB_import.js
+++ b/security/manager/ssl/tests/unit/test_certDB_import.js
@@ -89,11 +89,6 @@ function testImportCACert() {
}
function run_test() {
- // We have to set a password and login before we attempt to import anything.
- // In particular, the SQL NSS DB requires the user to be authenticated to set
- // certificate trust settings, which we do when we import CA certs.
- loginToDBWithDefaultPassword();
-
let certificateDialogsCID =
MockRegistrar.register("@mozilla.org/nsCertificateDialogs;1",
gCertificateDialogs);
diff --git a/security/manager/ssl/tests/unit/test_certDB_import_pkcs12.js b/security/manager/ssl/tests/unit/test_certDB_import_pkcs12.js
--- a/security/manager/ssl/tests/unit/test_certDB_import_pkcs12.js
+++ b/security/manager/ssl/tests/unit/test_certDB_import_pkcs12.js
@@ -73,9 +73,6 @@ function testImportPKCS12Cert() {
}
function run_test() {
- // We have to set a password and login before we attempt to import anything.
- loginToDBWithDefaultPassword();
-
let certificateDialogsCID =
MockRegistrar.register("@mozilla.org/nsCertificateDialogs;1",
gCertificateDialogs);
diff --git a/security/manager/ssl/tests/unit/test_sdr.js b/security/manager/ssl/tests/unit/test_sdr.js
--- a/security/manager/ssl/tests/unit/test_sdr.js
+++ b/security/manager/ssl/tests/unit/test_sdr.js
@@ -22,12 +22,6 @@ const gTokenPasswordDialogs = {
};
function run_test() {
- // We have to set a password and login before we attempt to encrypt anything.
- // In particular, failing to do so will cause the Encrypt() implementation to
- // pop up a dialog asking for a password to be set. This won't work in the
- // xpcshell environment and will lead to an assertion.
- loginToDBWithDefaultPassword();
-
let sdr = Cc["@mozilla.org/security/sdr;1"]
.getService(Ci.nsISecretDecoderRing);

15
sqlcompat-esr52-3-backport-1394871
View File

@ -1,15 +0,0 @@
# HG changeset patch
# Parent d7181942327fc7ce8a820a2c09bd96534c2fef58
diff --git a/browser/components/migration/FirefoxProfileMigrator.js b/browser/components/migration/FirefoxProfileMigrator.js
--- a/browser/components/migration/FirefoxProfileMigrator.js
+++ b/browser/components/migration/FirefoxProfileMigrator.js
@@ -130,7 +130,7 @@ FirefoxProfileMigrator.prototype._getRes
let places = getFileResource(types.HISTORY, ["places.sqlite", "places.sqlite-wal"]);
let cookies = getFileResource(types.COOKIES, ["cookies.sqlite", "cookies.sqlite-wal"]);
let passwords = getFileResource(types.PASSWORDS,
- ["signons.sqlite", "logins.json", "key3.db",
+ ["signons.sqlite", "logins.json", "key3.db", "key4.db",
"signedInUser.json"]);
let formData = getFileResource(types.FORMDATA, ["formhistory.sqlite"]);
let bookmarksBackups = getFileResource(types.OTHERDATA,

149
sqlcompat-esr52-4-backport-1329360
View File

@ -1,149 +0,0 @@
# HG changeset patch
# Parent a2f525a055c84cb9617c275a48575fea7b0001ea
diff --git a/config/external/nss/nss.symbols b/config/external/nss/nss.symbols
--- a/config/external/nss/nss.symbols
+++ b/config/external/nss/nss.symbols
@@ -25,7 +25,6 @@ CERT_AddCertToListHead
CERT_AddCertToListTail
CERT_AddExtension
CERT_AddExtensionByOID
-__CERT_AddTempCertToPerm
CERT_AsciiToName
CERT_CacheOCSPResponseFromSideChannel
CERT_CertChainFromCert
diff --git a/security/manager/ssl/moz.build b/security/manager/ssl/moz.build
--- a/security/manager/ssl/moz.build
+++ b/security/manager/ssl/moz.build
@@ -182,8 +182,6 @@ DEFINES['NSS_ENABLE_ECC'] = 'True'
for var in ('DLL_PREFIX', 'DLL_SUFFIX'):
DEFINES[var] = '"%s"' % CONFIG[var]
-DEFINES['CERT_AddTempCertToPerm'] = '__CERT_AddTempCertToPerm'
-
USE_LIBS += [
'crmf',
]
diff --git a/security/manager/ssl/nsNSSCertificateDB.cpp b/security/manager/ssl/nsNSSCertificateDB.cpp
--- a/security/manager/ssl/nsNSSCertificateDB.cpp
+++ b/security/manager/ssl/nsNSSCertificateDB.cpp
@@ -349,9 +349,17 @@ nsNSSCertificateDB::handleCACertDownload
!!(trustBits & nsIX509CertDB::TRUSTED_EMAIL),
!!(trustBits & nsIX509CertDB::TRUSTED_OBJSIGN));
- if (CERT_AddTempCertToPerm(tmpCert.get(), nickname.get(),
- trust.GetTrust()) != SECSuccess) {
- return NS_ERROR_FAILURE;
+ UniquePK11SlotInfo slot(PK11_GetInternalKeySlot());
+ SECStatus srv = PK11_ImportCert(slot.get(), tmpCert.get(), CK_INVALID_HANDLE,
+ nickname.get(),
+ false); // this parameter is ignored by NSS
+ if (srv != SECSuccess) {
+ return MapSECStatus(srv);
+ }
+ // NSS ignores the first argument to CERT_ChangeCertTrust
+ srv = CERT_ChangeCertTrust(nullptr, tmpCert.get(), trust.GetTrust());
+ if (srv != SECSuccess) {
+ return MapSECStatus(srv);
}
// Import additional delivered certificates that can be verified.
@@ -511,34 +519,30 @@ ImportCertsIntoTempStorage(int numcerts,
return NS_OK;
}
-static SECStatus
-ImportCertsIntoPermanentStorage(const UniqueCERTCertList& certChain,
- const SECCertUsage usage, const bool caOnly)
+static nsresult
+ImportCertsIntoPermanentStorage(const UniqueCERTCertList& certChain)
{
- int chainLen = 0;
- for (CERTCertListNode *chainNode = CERT_LIST_HEAD(certChain);
+ bool encounteredFailure = false;
+ PRErrorCode savedErrorCode = 0;
+ UniquePK11SlotInfo slot(PK11_GetInternalKeySlot());
+ for (CERTCertListNode* chainNode = CERT_LIST_HEAD(certChain);
!CERT_LIST_END(chainNode, certChain);
chainNode = CERT_LIST_NEXT(chainNode)) {
- chainLen++;
+ UniquePORTString nickname(CERT_MakeCANickname(chainNode->cert));
+ SECStatus srv = PK11_ImportCert(slot.get(), chainNode->cert,
+ CK_INVALID_HANDLE, nickname.get(),
+ false); // this parameter is ignored by NSS
+ if (srv != SECSuccess) {
+ encounteredFailure = true;
+ savedErrorCode = PR_GetError();
+ }
}
- SECItem **rawArray;
- rawArray = (SECItem **) PORT_Alloc(chainLen * sizeof(SECItem *));
- if (!rawArray) {
- return SECFailure;
+ if (encounteredFailure) {
+ return GetXPCOMFromNSSError(savedErrorCode);
}
- int i = 0;
- for (CERTCertListNode *chainNode = CERT_LIST_HEAD(certChain);
- !CERT_LIST_END(chainNode, certChain);
- chainNode = CERT_LIST_NEXT(chainNode), i++) {
- rawArray[i] = &chainNode->cert->derCert;
- }
- SECStatus srv = CERT_ImportCerts(CERT_GetDefaultCertDB(), usage, chainLen,
- rawArray, nullptr, true, caOnly, nullptr);
-
- PORT_Free(rawArray);
- return srv;
+ return NS_OK;
}
NS_IMETHODIMP
@@ -597,11 +601,9 @@ nsNSSCertificateDB::ImportEmailCertifica
DisplayCertificateAlert(ctx, "NotImportingUnverifiedCert", certToShow, locker);
continue;
}
- SECStatus srv = ImportCertsIntoPermanentStorage(certChain,
- certUsageEmailRecipient,
- false);
- if (srv != SECSuccess) {
- return NS_ERROR_FAILURE;
+ rv = ImportCertsIntoPermanentStorage(certChain);
+ if (NS_FAILED(rv)) {
+ return rv;
}
CERT_SaveSMimeProfile(node->cert, nullptr, nullptr);
}
@@ -654,10 +656,9 @@ nsNSSCertificateDB::ImportValidCACertsIn
continue;
}
- SECStatus srv = ImportCertsIntoPermanentStorage(certChain, certUsageAnyCA,
- true);
- if (srv != SECSuccess) {
- return NS_ERROR_FAILURE;
+ nsresult rv = ImportCertsIntoPermanentStorage(certChain);
+ if (NS_FAILED(rv)) {
+ return rv;
}
}
@@ -1336,8 +1337,15 @@ nsNSSCertificateDB::AddCertFromBase64(co
MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("Created nick \"%s\"\n", nickname.get()));
- SECStatus srv = CERT_AddTempCertToPerm(tmpCert.get(), nickname.get(),
- trust.GetTrust());
+ UniquePK11SlotInfo slot(PK11_GetInternalKeySlot());
+ SECStatus srv = PK11_ImportCert(slot.get(), tmpCert.get(), CK_INVALID_HANDLE,
+ nickname.get(),
+ false); // this parameter is ignored by NSS
+ if (srv != SECSuccess) {
+ return MapSECStatus(srv);
+ }
+ // NSS ignores the first argument to CERT_ChangeCertTrust
+ srv = CERT_ChangeCertTrust(nullptr, tmpCert.get(), trust.GetTrust());
return MapSECStatus(srv);
}

390
sqlcompat-esr52-5-backport-1382866
View File

@ -1,390 +0,0 @@
# HG changeset patch
# Parent c8f9e7eadcb3068b796b575310a85411a0d90da1
diff --git a/security/manager/ssl/nsCertTree.cpp b/security/manager/ssl/nsCertTree.cpp
--- a/security/manager/ssl/nsCertTree.cpp
+++ b/security/manager/ssl/nsCertTree.cpp
@@ -16,6 +16,7 @@
#include "nsIX509CertValidity.h"
#include "nsNSSCertHelper.h"
#include "nsNSSCertificate.h"
+#include "nsNSSCertificateDB.h"
#include "nsNSSComponent.h" // for PIPNSS string bundle calls.
#include "nsNSSHelper.h"
#include "nsReadableUtils.h"
@@ -800,8 +801,8 @@ nsCertTree::DeleteEntryObject(uint32_t i
SECStatus srv = CERT_DecodeTrustString(&trust, ""); // no override
if (srv == SECSuccess) {
- CERT_ChangeCertTrust(CERT_GetDefaultCertDB(), nsscert.get(),
- &trust);
+ ChangeCertTrustWithPossibleAuthentication(nsscert, trust,
+ nullptr);
}
}
}
diff --git a/security/manager/ssl/nsNSSCertTrust.h b/security/manager/ssl/nsNSSCertTrust.h
--- a/security/manager/ssl/nsNSSCertTrust.h
+++ b/security/manager/ssl/nsNSSCertTrust.h
@@ -57,8 +57,7 @@ public:
/* set p <--> P */
void AddPeerTrust(bool ssl, bool email, bool objSign);
- /* get it (const?) (shallow?) */
- CERTCertTrust * GetTrust() { return &mTrust; }
+ CERTCertTrust& GetTrust() { return mTrust; }
private:
void addTrust(unsigned int *t, unsigned int v);
diff --git a/security/manager/ssl/nsNSSCertificateDB.cpp b/security/manager/ssl/nsNSSCertificateDB.cpp
--- a/security/manager/ssl/nsNSSCertificateDB.cpp
+++ b/security/manager/ssl/nsNSSCertificateDB.cpp
@@ -232,6 +232,38 @@ nsNSSCertificateDB::getCertsFromPackage(
return collectArgs;
}
+// When using the sql-backed softoken, trust settings are authenticated using a
+// key in the secret database. Thus, if the user has a password, we need to
+// authenticate to the token in order to be able to change trust settings.
+SECStatus
+ChangeCertTrustWithPossibleAuthentication(const UniqueCERTCertificate& cert,
+ CERTCertTrust& trust, void* ctx)
+{
+ MOZ_ASSERT(cert, "cert must be non-null");
+ if (!cert) {
+ PR_SetError(SEC_ERROR_LIBRARY_FAILURE, 0);
+ return SECFailure;
+ }
+ // NSS ignores the first argument to CERT_ChangeCertTrust
+ SECStatus srv = CERT_ChangeCertTrust(nullptr, cert.get(), &trust);
+ if (srv == SECSuccess || PR_GetError() != SEC_ERROR_TOKEN_NOT_LOGGED_IN) {
+ return srv;
+ }
+ if (cert->slot) {
+ // If this certificate is on an external PKCS#11 token, we have to
+ // authenticate to that token.
+ srv = PK11_Authenticate(cert->slot, PR_TRUE, ctx);
+ } else {
+ // Otherwise, the certificate is on the internal module.
+ UniquePK11SlotInfo internalSlot(PK11_GetInternalKeySlot());
+ srv = PK11_Authenticate(internalSlot.get(), PR_TRUE, ctx);
+ }
+ if (srv != SECSuccess) {
+ return srv;
+ }
+ return CERT_ChangeCertTrust(nullptr, cert.get(), &trust);
+}
+
nsresult
nsNSSCertificateDB::handleCACertDownload(NotNull<nsIArray*> x509Certs,
nsIInterfaceRequestor *ctx,
@@ -356,8 +388,8 @@ nsNSSCertificateDB::handleCACertDownload
if (srv != SECSuccess) {
return MapSECStatus(srv);
}
- // NSS ignores the first argument to CERT_ChangeCertTrust
- srv = CERT_ChangeCertTrust(nullptr, tmpCert.get(), trust.GetTrust());
+ srv = ChangeCertTrustWithPossibleAuthentication(tmpCert, trust.GetTrust(),
+ ctx);
if (srv != SECSuccess) {
return MapSECStatus(srv);
}
@@ -798,8 +830,8 @@ nsNSSCertificateDB::DeleteCertificate(ns
// the cert onto the card again at which point we *will* want to
// trust that cert if it chains up properly.
nsNSSCertTrust trust(0, 0, 0);
- srv = CERT_ChangeCertTrust(CERT_GetDefaultCertDB(),
- cert.get(), trust.GetTrust());
+ srv = ChangeCertTrustWithPossibleAuthentication(cert, trust.GetTrust(),
+ nullptr);
}
MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("cert deleted: %d", srv));
return (srv) ? NS_ERROR_FAILURE : NS_OK;
@@ -815,38 +847,33 @@ nsNSSCertificateDB::SetCertTrust(nsIX509
if (isAlreadyShutDown()) {
return NS_ERROR_NOT_AVAILABLE;
}
- nsNSSCertTrust trust;
- nsresult rv;
- UniqueCERTCertificate nsscert(cert->GetCert());
- SECStatus srv;
- if (type == nsIX509Cert::CA_CERT) {
- // always start with untrusted and move up
- trust.SetValidCA();
- trust.AddCATrust(!!(trusted & nsIX509CertDB::TRUSTED_SSL),
- !!(trusted & nsIX509CertDB::TRUSTED_EMAIL),
- !!(trusted & nsIX509CertDB::TRUSTED_OBJSIGN));
- srv = CERT_ChangeCertTrust(CERT_GetDefaultCertDB(),
- nsscert.get(),
- trust.GetTrust());
- } else if (type == nsIX509Cert::SERVER_CERT) {
- // always start with untrusted and move up
- trust.SetValidPeer();
- trust.AddPeerTrust(trusted & nsIX509CertDB::TRUSTED_SSL, 0, 0);
- srv = CERT_ChangeCertTrust(CERT_GetDefaultCertDB(),
- nsscert.get(),
- trust.GetTrust());
- } else if (type == nsIX509Cert::EMAIL_CERT) {
- // always start with untrusted and move up
- trust.SetValidPeer();
- trust.AddPeerTrust(0, !!(trusted & nsIX509CertDB::TRUSTED_EMAIL), 0);
- srv = CERT_ChangeCertTrust(CERT_GetDefaultCertDB(),
- nsscert.get(),
- trust.GetTrust());
- } else {
- // ignore user certs
- return NS_OK;
+ nsNSSCertTrust trust;
+ switch (type) {
+ case nsIX509Cert::CA_CERT:
+ trust.SetValidCA();
+ trust.AddCATrust(!!(trusted & nsIX509CertDB::TRUSTED_SSL),
+ !!(trusted & nsIX509CertDB::TRUSTED_EMAIL),
+ !!(trusted & nsIX509CertDB::TRUSTED_OBJSIGN));
+ break;
+ case nsIX509Cert::SERVER_CERT:
+ trust.SetValidPeer();
+ trust.AddPeerTrust(trusted & nsIX509CertDB::TRUSTED_SSL, false, false);
+ break;
+ case nsIX509Cert::EMAIL_CERT:
+ trust.SetValidPeer();
+ trust.AddPeerTrust(false, !!(trusted & nsIX509CertDB::TRUSTED_EMAIL),
+ false);
+ break;
+ default:
+ // Ignore any other type of certificate (including invalid types).
+ return NS_OK;
}
+
+ UniqueCERTCertificate nsscert(cert->GetCert());
+ SECStatus srv = ChangeCertTrustWithPossibleAuthentication(nsscert,
+ trust.GetTrust(),
+ nullptr);
return MapSECStatus(srv);
}
@@ -1311,7 +1338,7 @@ nsNSSCertificateDB::AddCertFromBase64(co
}
nsNSSCertTrust trust;
- if (CERT_DecodeTrustString(trust.GetTrust(), PromiseFlatCString(aTrust).get())
+ if (CERT_DecodeTrustString(&trust.GetTrust(), PromiseFlatCString(aTrust).get())
!= SECSuccess) {
return NS_ERROR_FAILURE;
}
@@ -1344,8 +1371,8 @@ nsNSSCertificateDB::AddCertFromBase64(co
if (srv != SECSuccess) {
return MapSECStatus(srv);
}
- // NSS ignores the first argument to CERT_ChangeCertTrust
- srv = CERT_ChangeCertTrust(nullptr, tmpCert.get(), trust.GetTrust());
+ srv = ChangeCertTrustWithPossibleAuthentication(tmpCert, trust.GetTrust(),
+ nullptr);
return MapSECStatus(srv);
}
@@ -1373,7 +1400,7 @@ nsNSSCertificateDB::SetCertTrustFromStri
}
UniqueCERTCertificate nssCert(cert->GetCert());
- srv = CERT_ChangeCertTrust(CERT_GetDefaultCertDB(), nssCert.get(), &trust);
+ srv = ChangeCertTrustWithPossibleAuthentication(nssCert, trust, nullptr);
return MapSECStatus(srv);
}
diff --git a/security/manager/ssl/nsNSSCertificateDB.h b/security/manager/ssl/nsNSSCertificateDB.h
--- a/security/manager/ssl/nsNSSCertificateDB.h
+++ b/security/manager/ssl/nsNSSCertificateDB.h
@@ -74,4 +74,8 @@ private:
{0xb3, 0x2c, 0x80, 0x12, 0x46, 0x93, 0xd8, 0x71} \
}
+SECStatus
+ChangeCertTrustWithPossibleAuthentication(
+ const mozilla::UniqueCERTCertificate& cert, CERTCertTrust& trust, void* ctx);
+
#endif // nsNSSCertificateDB_h
diff --git a/security/manager/ssl/nsNSSComponent.cpp b/security/manager/ssl/nsNSSComponent.cpp
--- a/security/manager/ssl/nsNSSComponent.cpp
+++ b/security/manager/ssl/nsNSSComponent.cpp
@@ -682,8 +682,8 @@ nsNSSComponent::MaybeImportFamilySafetyR
0,
0
};
- if (CERT_ChangeCertTrust(nullptr, nssCertificate.get(), &trust)
- != SECSuccess) {
+ if (ChangeCertTrustWithPossibleAuthentication(nssCertificate, trust,
+ nullptr) != SECSuccess) {
MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
("couldn't trust certificate for TLS server auth"));
return NS_ERROR_FAILURE;
@@ -769,8 +769,8 @@ nsNSSComponent::UnloadFamilySafetyRoot()
// they're the same. To work around this, we set a non-zero flag to ensure
// that the trust will get updated.
CERTCertTrust trust = { CERTDB_USER, 0, 0 };
- if (CERT_ChangeCertTrust(nullptr, mFamilySafetyRoot.get(), &trust)
- != SECSuccess) {
+ if (ChangeCertTrustWithPossibleAuthentication(mFamilySafetyRoot, trust,
+ nullptr) != SECSuccess) {
MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
("couldn't untrust certificate for TLS server auth"));
}
@@ -912,7 +912,9 @@ nsNSSComponent::UnloadEnterpriseRoots()
("library failure: CERTCertListNode null or lacks cert"));
continue;
}
- if (CERT_ChangeCertTrust(nullptr, n->cert, &trust) != SECSuccess) {
+ UniqueCERTCertificate cert(CERT_DupCertificate(n->cert));
+ if (ChangeCertTrustWithPossibleAuthentication(cert, trust, nullptr)
+ != SECSuccess) {
MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
("couldn't untrust certificate for TLS server auth"));
}
@@ -1068,8 +1070,8 @@ nsNSSComponent::ImportEnterpriseRootsFor
MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("couldn't add cert to list"));
continue;
}
- if (CERT_ChangeCertTrust(nullptr, nssCertificate.get(), &trust)
- != SECSuccess) {
+ if (ChangeCertTrustWithPossibleAuthentication(nssCertificate, trust,
+ nullptr) != SECSuccess) {
MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
("couldn't trust certificate for TLS server auth"));
}
diff --git a/security/manager/ssl/tests/unit/test_certDB_import_with_master_password.js b/security/manager/ssl/tests/unit/test_certDB_import_with_master_password.js
new file mode 100644
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_certDB_import_with_master_password.js
@@ -0,0 +1,120 @@
+// -*- indent-tabs-mode: nil; js-indent-level: 2 -*-
+// Any copyright is dedicated to the Public Domain.
+// http://creativecommons.org/publicdomain/zero/1.0/
+"use strict";
+
+// Tests that a CA certificate can still be imported if the user has a master
+// password set.
+
+do_get_profile();
+
+const gCertDB = Cc["@mozilla.org/security/x509certdb;1"]
+ .getService(Ci.nsIX509CertDB);
+
+const CA_CERT_COMMON_NAME = "importedCA";
+
+let gCACertImportDialogCount = 0;
+
+// Mock implementation of nsICertificateDialogs.
+const gCertificateDialogs = {
+ confirmDownloadCACert: (ctx, cert, trust) => {
+ gCACertImportDialogCount++;
+ equal(cert.commonName, CA_CERT_COMMON_NAME,
+ "CA cert to import should have the correct CN");
+ trust.value = Ci.nsIX509CertDB.TRUSTED_EMAIL;
+ return true;
+ },
+ setPKCS12FilePassword: (ctx, password) => {
+ // This is only relevant to exporting.
+ ok(false, "setPKCS12FilePassword() should not have been called");
+ },
+ getPKCS12FilePassword: (ctx, password) => {
+ // We don't test anything that calls this method yet.
+ ok(false, "getPKCS12FilePassword() should not have been called");
+ },
+ viewCert: (ctx, cert) => {
+ // This shouldn't be called for import methods.
+ ok(false, "viewCert() should not have been called");
+ },
+
+ QueryInterface: XPCOMUtils.generateQI([Ci.nsICertificateDialogs])
+};
+
+var gMockPrompter = {
+ passwordToTry: "password",
+ numPrompts: 0,
+
+ // This intentionally does not use arrow function syntax to avoid an issue
+ // where in the context of the arrow function, |this != gMockPrompter| due to
+ // how objects get wrapped when going across xpcom boundaries.
+ promptPassword(dialogTitle, text, password, checkMsg, checkValue) {
+ this.numPrompts++;
+ if (this.numPrompts > 1) { // don't keep retrying a bad password
+ return false;
+ }
+ equal(text,
+ "Please enter the master password for the Software Security Device.",
+ "password prompt text should be as expected");
+ equal(checkMsg, null, "checkMsg should be null");
+ ok(this.passwordToTry, "passwordToTry should be non-null");
+ password.value = this.passwordToTry;
+ return true;
+ },
+
+ QueryInterface: XPCOMUtils.generateQI([Ci.nsIPrompt]),
+
+ // Again with the arrow function issue.
+ getInterface(iid) {
+ if (iid.equals(Ci.nsIPrompt)) {
+ return this;
+ }
+
+ throw new Error(Cr.NS_ERROR_NO_INTERFACE);
+ }
+};
+
+function getCertAsByteArray(certPath) {
+ let certFile = do_get_file(certPath, false);
+ let certBytes = readFile(certFile);
+
+ let byteArray = [];
+ for (let i = 0; i < certBytes.length; i++) {
+ byteArray.push(certBytes.charCodeAt(i));
+ }
+
+ return byteArray;
+}
+
+function run_test() {
+ let certificateDialogsCID =
+ MockRegistrar.register("@mozilla.org/nsCertificateDialogs;1",
+ gCertificateDialogs);
+ do_register_cleanup(() => {
+ MockRegistrar.unregister(certificateDialogsCID);
+ });
+
+ // Set a master password.
+ let tokenDB = Cc["@mozilla.org/security/pk11tokendb;1"]
+ .getService(Ci.nsIPK11TokenDB);
+ let token = tokenDB.getInternalKeyToken();
+ token.initPassword("password");
+ token.logoutSimple();
+
+ // Sanity check the CA cert is missing.
+ throws(() => gCertDB.findCertByNickname(CA_CERT_COMMON_NAME),
+ /NS_ERROR_FAILURE/,
+ "CA cert should not be in the database before import");
+
+ // Import and check for success.
+ let caArray = getCertAsByteArray("test_certDB_import/importedCA.pem");
+ gCertDB.importCertificates(caArray, caArray.length, Ci.nsIX509Cert.CA_CERT,
+ gMockPrompter);
+ equal(gCACertImportDialogCount, 1,
+ "Confirmation dialog for the CA cert should only be shown once");
+
+ let caCert = gCertDB.findCertByNickname(CA_CERT_COMMON_NAME);
+ notEqual(caCert, null, "CA cert should now be found in the database");
+ ok(gCertDB.isCertTrusted(caCert, Ci.nsIX509Cert.CA_CERT,
+ Ci.nsIX509CertDB.TRUSTED_EMAIL),
+ "CA cert should be trusted for e-mail");
+}
diff --git a/security/manager/ssl/tests/unit/xpcshell.ini b/security/manager/ssl/tests/unit/xpcshell.ini
--- a/security/manager/ssl/tests/unit/xpcshell.ini
+++ b/security/manager/ssl/tests/unit/xpcshell.ini
@@ -55,6 +55,7 @@ run-sequentially = hardcoded ports
[test_cert_version.js]
[test_certDB_import.js]
[test_certDB_import_pkcs12.js]
+[test_certDB_import_with_master_password.js]
[test_certviewer_invalid_oids.js]
skip-if = toolkit == 'android'
[test_constructX509FromBase64.js]

15
sqlcompat-esr52-6-fix-logins-decrypt-test
View File

@ -1,15 +0,0 @@
# HG changeset patch
# Parent f973c71c077df09ca6ec52254c79d3b654a2bb22
diff --git a/toolkit/components/passwordmgr/test/unit/test_logins_decrypt_failure.js b/toolkit/components/passwordmgr/test/unit/test_logins_decrypt_failure.js
--- a/toolkit/components/passwordmgr/test/unit/test_logins_decrypt_failure.js
+++ b/toolkit/components/passwordmgr/test/unit/test_logins_decrypt_failure.js
@@ -20,7 +20,7 @@ function resetMasterPassword()
let token = Cc["@mozilla.org/security/pk11tokendb;1"]
.getService(Ci.nsIPK11TokenDB).getInternalKeyToken();
token.reset();
- token.changePassword("", "");
+ token.initPassword("");
}
// Tests

13
thunderbird-enable-addons.patch
View File

@ -1,13 +0,0 @@
diff -up comm-esr31/mail/app/profile/all-thunderbird.js.addons comm-esr31/mail/app/profile/all-thunderbird.js
--- comm-esr31/mail/app/profile/all-thunderbird.js.addons 2014-07-18 02:04:05.000000000 +0200
+++ comm-esr31/mail/app/profile/all-thunderbird.js 2014-07-29 15:29:11.949728141 +0200
@@ -174,7 +174,8 @@ pref("extensions.update.autoUpdateDefaul
// Disable add-ons installed into the shared user and shared system areas by
// default. This does not include the application directory. See the SCOPE
// constants in AddonManager.jsm for values to use here
-pref("extensions.autoDisableScopes", 15);
+pref("extensions.autoDisableScopes", 0);
+pref("extensions.showMismatchUI", false);
// Preferences for AMO integration
pref("extensions.getAddons.cache.enabled", true);

12
thunderbird-install-dir.patch
View File

@ -1,12 +0,0 @@
diff -up comm-esr38/mozilla/config/baseconfig.mk.dir comm-esr38/mozilla/config/baseconfig.mk
--- comm-esr38/mozilla/config/baseconfig.mk.dir 2015-06-08 19:49:23.000000000 +0200
+++ comm-esr38/mozilla/config/baseconfig.mk 2015-06-16 14:45:16.048913473 +0200
@@ -4,7 +4,7 @@
# whether a normal build is happening or whether the check is running.
includedir := $(includedir)/$(MOZ_APP_NAME)-$(MOZ_APP_VERSION)
idldir = $(datadir)/idl/$(MOZ_APP_NAME)-$(MOZ_APP_VERSION)
-installdir = $(libdir)/$(MOZ_APP_NAME)-$(MOZ_APP_VERSION)
+installdir = $(libdir)/$(MOZ_APP_NAME)
sdkdir = $(libdir)/$(MOZ_APP_NAME)-devel-$(MOZ_APP_VERSION)
ifndef TOP_DIST
TOP_DIST = dist

5
thunderbird-mozconfig
View File

@ -1,5 +1,5 @@
mk_add_options MOZ_CO_PROJECT=mail
ac_add_options --enable-application=mail
ac_add_options --enable-application=comm/mail
mk_add_options AUTOCONF=autoconf-2.13
#ac_add_options --with-system-png
@ -18,7 +18,6 @@ ac_add_options --enable-system-hunspell
ac_add_options --disable-necko-wifi
ac_add_options --disable-updater
ac_add_options --enable-startup-notification
ac_add_options --enable-gio
ac_add_options --enable-pie
ac_add_options --with-system-icu
@ -30,4 +29,4 @@ export BUILD_OFFICIAL=1
export MOZILLA_OFFICIAL=1
mk_add_options BUILD_OFFICIAL=1
mk_add_options MOZILLA_OFFICIAL=1
mk_add_options MOZ_OBJDIR=@TOPSRCDIR@/objdir

13
thunderbird-objdir.patch
View File

@ -1,13 +0,0 @@
diff -up thunderbird-31.0/comm-esr31/client.mk.old thunderbird-31.0/comm-esr31/client.mk
--- thunderbird-31.0/comm-esr31/client.mk.old 2014-07-18 02:04:05.000000000 +0200
+++ thunderbird-31.0/comm-esr31/client.mk 2014-07-30 10:57:01.177453550 +0200
@@ -131,7 +131,7 @@ endif
ifndef MOZ_OBJDIR
- MOZ_OBJDIR = obj-$(CONFIG_GUESS)
+ MOZ_OBJDIR = objdir
else
# On Windows Pymake builds check MOZ_OBJDIR doesn't start with "/"
ifneq (,$(findstring mingw,$(CONFIG_GUESS)))
diff -up thunderbird-31.0/comm-esr31/mozilla/media/webrtc/trunk/Makefile.old thunderbird-31.0/comm-esr31/mozilla/media/webrtc/trunk/Makefile

15
thunderbird-redhat-default-prefs.js
View File

@ -1,7 +1,7 @@
pref("app.update.enabled", false);
pref("app.update.autoInstallEnabled", false);
# Allow users to set custom colors
# pref("browser.display.use_system_colors", true);
/* Allow users to set custom colors*/
/* pref("browser.display.use_system_colors", true);*/
pref("general.useragent.vendor", "Fedora");
pref("general.useragent.vendorSub", "THUNDERBIRD_RPM_VR");
pref("intl.locale.matchOS", true);
@ -9,15 +9,15 @@ pref("mail.shell.checkDefaultClient", false);
pref("toolkit.networkmanager.disable", false);
pref("offline.autoDetect", true);
# Disable global indexing by default
/* Disable global indexing by default*/
pref("mailnews.database.global.indexer.enabled", false);
# Do not switch to Smart Folders after upgrade to 3.0b4
pref("mail.folder.views.version", "1")
/* Do not switch to Smart Folders after upgrade to 3.0b4 */
pref("mail.folder.views.version", "1");
pref("extensions.shownSelectionUI", true);
pref("extensions.autoDisableScope", 0);
# For rhbz#1024232
/* For rhbz#1024232 */
pref("ui.SpellCheckerUnderlineStyle", 1);
/* Workaround for rhbz#1134876 */
@ -26,3 +26,6 @@ pref("javascript.options.baselinejit", false);
pref("network.negotiate-auth.allow-insecure-ntlm-v1", true);
/* Workaround for mozbz#1063315 */
pref("security.use_mozillapkix_verification", false);
/* Use OS settings for UI language */
pref("intl.locale.requested", "");

4
thunderbird.sh.in
View File

@ -34,7 +34,7 @@ MOZ_DIST_BIN="$MOZ_LIB_DIR/thunderbird"
MOZ_PROGRAM="$MOZ_DIST_BIN/thunderbird"
MOZ_LANGPACKS_DIR="$MOZ_DIST_BIN/langpacks"
MOZ_EXTENSIONS_PROFILE_DIR="$HOME/.mozilla/extensions/{3550f703-e582-4d05-9a08-453d09bdfdc6}"
MOZ_LAUNCHER="$MOZ_DIST_BIN/run-mozilla.sh"
MOZ_LAUNCHER="$MOZ_DIST_BIN/thunderbird"
##
## Set MOZ_ENABLE_PANGO is no longer used because Pango is enabled by default
@ -153,4 +153,4 @@ do
esac
done
exec $MOZ_LAUNCHER $script_args $MOZ_PROGRAM "$@"
exec $MOZ_PROGRAM "$@"

161
thunderbird.spec
View File

@ -54,14 +54,6 @@
%define use_gtk3 1
%endif
%define build_with_rust 0
%if 0%{?fedora} > 23 || 0%{?rhel} > 7
%ifarch x86_64
%define build_with_rust 1
%endif
%endif
%if %{?system_libvpx}
%global libvpx_version 1.4.0
%endif
@ -69,11 +61,7 @@
%define tb_version 45.6.0
%define thunderbird_app_id \{3550f703-e582-4d05-9a08-453d09bdfdc6\}
# Bump one with each minor lightning release
%define gdata_version 3.3
# BUMP VERSION THERE:
%define gdata_version_internal 0.14
%global gdata_extname %{_libdir}/mozilla/extensions/{3550f703-e582-4d05-9a08-453d09bdfdc6}/{a62ef8ec-5fdc-40c2-873c-223b8a6925cc}
%global langpackdir %{mozappdir}/distribution/extensions
# The tarball is pretty inconsistent with directory structure.
# Sometimes there is a top level directory. That goes here.
@ -95,14 +83,14 @@
Summary: Mozilla Thunderbird mail/newsgroup client
Name: thunderbird
Version: 52.9.1
Release: 2%{?dist}
Version: 60.0
Release: 1%{?dist}
URL: http://www.mozilla.org/projects/thunderbird/
License: MPLv1.1 or GPLv2+ or LGPLv2+
Group: Applications/Internet
Source0: ftp://ftp.mozilla.org/pub/thunderbird/releases/%{version}%{?pre_version}/source/thunderbird-%{version}%{?pre_version}.source.tar.xz
%if %{build_langpacks}
Source1: thunderbird-langpacks-%{version}-20180710.tar.xz
Source1: thunderbird-langpacks-%{version}-20180815.tar.xz
%endif
# Locales for lightning
Source2: l10n-lightning-%{version}.tar.xz
@ -115,48 +103,21 @@ Source20: thunderbird.desktop
Source21: thunderbird.sh.in
# Mozilla (XULRunner) patches
Patch0: thunderbird-install-dir.patch
Patch9: mozilla-build-arm.patch
Patch10: firefox-build-prbool.patch
Patch26: build-icu-big-endian.patch
# Build patches
Patch100: thunderbird-objdir.patch
Patch101: build-nspr-prbool.patch
Patch102: build-werror.patch
Patch103: rhbz-1219542-s390-build.patch
Patch104: firefox-gcc-6.0.patch
Patch105: lightning-bad-langs.patch
Patch106: build-1360521-missing-cheddar.patch
# Linux specific
Patch200: thunderbird-enable-addons.patch
# PPC fix
Patch300: xulrunner-24.0-jemalloc-ppc.patch
Patch301: mozilla-1228540-1.patch
Patch302: mozilla-1228540.patch
Patch303: mozilla-1253216.patch
Patch304: mozilla-1245783.patch
Patch305: build-fix-dupes.patch
Patch307: build-missing-xlocale-h.patch
# Fedora specific patches
Patch400: rhbz-966424.patch
Patch403: rhbz-1400293-fix-mozilla-1324096.patch
# libvpx no longer has compat defines, use the current ones
# Upstream patches
# Backported upstream patches for compatibility with NSS sql database
# format, rhbz#1496563
Patch501: sqlcompat-esr52-1-730495-backport
Patch502: sqlcompat-esr52-2-backport-1389664
Patch503: sqlcompat-esr52-3-backport-1394871
Patch504: sqlcompat-esr52-4-backport-1329360
Patch505: sqlcompat-esr52-5-backport-1382866
Patch506: sqlcompat-esr52-6-fix-logins-decrypt-test
%if %{official_branding}
# Required by Mozilla Corporation
@ -212,10 +173,11 @@ BuildRequires: yasm
BuildRequires: dbus-glib-devel
Obsoletes: thunderbird-lightning
Provides: thunderbird-lightning
%if %{?build_with_rust}
Obsoletes: thunderbird-lightning-gdata <= 1:3.3.0.14
#Conflicts: thunderbird-lightning-gdata <= 1:3.3.0.14
#Obsoletes: thunderbird-52.9.1
BuildRequires: rust
BuildRequires: cargo
%endif
BuildRequires: python2-devel
Suggests: u2f-hidraw-policy
@ -243,67 +205,25 @@ debug %{name}, you want to install %{name}-debuginfo instead.
%global tb_version %{version}
%package lightning-gdata
Summary: Lightning data provider for Google Calendar
Version: %{gdata_version}.%{gdata_version_internal}
Requires: %{name}%{?_isa} = %{tb_version}-%{release}
Epoch: 1
%description lightning-gdata
This extension allows Lightning to read and write events to a Google Calendar.
Please read http://wiki.mozilla.org/Calendar:GDATA_Provider for more details
and before filing a bug. Also, be sure to visit the dicussion forums, maybe
your bug already has a solution!
%prep
%setup -q
%patch0 -p1 -b .dir
%patch100 -p2 -b .objdir
# Mozilla (XULRunner) patches
cd mozilla
#cd mozilla
%patch9 -p2 -b .arm
%patch10 -p1 -b .build-prbool
%patch300 -p2 -b .852698
#%patch302 -p1 -b .mozbz-1228540
%patch303 -p1 -b .mozilla-1253216
#%patch301 -p1 -b .mozbz-1228540-1
#%patch102 -p2 -b .build-werror
#%patch101 -p1 -b .nspr-prbool
%ifarch s390
%patch103 -p1 -b .rhbz-1219542-s390-build
%endif
%patch104 -p1 -b .gcc6
%patch106 -p2 -b .1360521-missing-cheddar
%patch400 -p1 -b .966424
%patch403 -p1 -b .rhbz-1400293
%patch304 -p1 -b .1245783
# Patch for big endian platforms only
%if 0%{?big_endian}
%patch26 -p1 -b .icu
%patch307 -p2 -b .xlocale
%endif
cd ..
%patch305 -p1 -b .fix-dupes
%patch105 -p1 -b .bad-langs
%patch200 -p1 -b .addons
%if 0%{?fedora} > 27
pushd mozilla
%patch501 -p1 -b .sqlcompat-1
%patch502 -p1 -b .sqlcompat-2
%patch503 -p1 -b .sqlcompat-3
%patch504 -p1 -b .sqlcompat-4
%patch505 -p1 -b .sqlcompat-5
%patch506 -p1 -b .sqlcompat-6
popd
%endif
#cd ..
%if %{official_branding}
# Required by Mozilla Corporation
@ -327,8 +247,8 @@ echo "ac_add_options --without-system-nspr" >> .mozconfig
echo "ac_add_options --without-system-nss" >> .mozconfig
%endif
# s390(x) fails to start with jemalloc enabled
%ifarch s390 s390x
# Second arches fail to start with jemalloc enabled
%ifnarch %{ix86} x86_64
echo "ac_add_options --disable-jemalloc" >> .mozconfig
%endif
@ -411,10 +331,6 @@ echo "ac_add_options --with-system-icu" >> .mozconfig
echo "ac_add_options --without-system-icu" >> .mozconfig
%endif
%if %{?build_with_rust}
echo "ac_add_options --enable-rust" >> .mozconfig
%endif
%ifarch aarch64 ppc64 s390x
echo "ac_add_options --disable-skia" >> .mozconfig
%endif
@ -461,11 +377,9 @@ esac
%if 0%{?big_endian}
echo "Generate big endian version of config/external/icu/data/icud58l.dat"
cd mozilla
./mach python intl/icu_sources_data.py .
ls -l config/external/icu/data
rm -f config/external/icu/data/icudt*l.dat
cd ..
%endif
# Update the various config.guess to upstream release for aarch64 support
@ -520,10 +434,14 @@ MOZ_SMP_FLAGS=-j1
[ "$RPM_BUILD_NCPUS" -ge 8 ] && MOZ_SMP_FLAGS=-j8
%endif
make -f client.mk build STRIP="/bin/true" MOZ_MAKE_FLAGS="$MOZ_SMP_FLAGS"
export MOZ_MAKE_FLAGS="$MOZ_SMP_FLAGS"
export STRIP=/bin/true
./mach build
#make -f client.mk build STRIP="/bin/true" MOZ_MAKE_FLAGS="$MOZ_SMP_FLAGS"
# Package l10n files
cd %{objdir}/calendar/lightning
cd %{objdir}/comm/calendar/lightning
grep -v 'osx' ../../../calendar/locales/shipped-locales | while read lang x
do
make AB_CD=en-US L10N_XPI_NAME=lightning libs-$lang
@ -547,9 +465,9 @@ DESTDIR=$RPM_BUILD_ROOT make install
cd ..
# install icons
for s in 16 22 24 32 48 256; do
for s in 16 22 24 32 48 64 128 256; do
%{__mkdir_p} $RPM_BUILD_ROOT%{_datadir}/icons/hicolor/${s}x${s}/apps
%{__cp} -p other-licenses/branding/%{name}/mailicon${s}.png \
%{__cp} -p comm/mail/branding/%{name}/default${s}.png \
$RPM_BUILD_ROOT%{_datadir}/icons/hicolor/${s}x${s}/apps/thunderbird.png
done
@ -584,15 +502,22 @@ rm -f $RPM_BUILD_ROOT/%{_bindir}/thunderbird
%{__rm} -f %{name}.lang # Delete for --short-circuit option
touch %{name}.lang
%if %{build_langpacks}
%{__mkdir_p} $RPM_BUILD_ROOT%{mozappdir}/langpacks
%{__mkdir_p} %{buildroot}%{langpackdir}
%{__tar} xf %{SOURCE1}
for langpack in `ls thunderbird-langpacks/*.xpi`; do
language=`basename $langpack .xpi`
extensionID=langpack-$language@thunderbird.mozilla.org
%{__mkdir_p} $extensionID
unzip -qq $langpack -d $extensionID
find $extensionID -type f | xargs chmod 644
cd $extensionID
zip -qq -r9mX ../${extensionID}.xpi *
cd -
%{__install} -m 644 ${extensionID}.xpi %{buildroot}%{langpackdir}
language=`echo $language | sed -e 's/-/_/g'`
%{__install} -m 644 ${langpack} $RPM_BUILD_ROOT%{mozappdir}/langpacks/${extensionID}.xpi
echo "%%lang($language) %{mozappdir}/langpacks/${extensionID}.xpi" >> %{name}.lang
echo "%%lang($language) %{langpackdir}/${extensionID}.xpi" >> %{name}.lang
done
%{__rm} -rf thunderbird-langpacks
%endif # build_langpacks
@ -601,9 +526,7 @@ done
%{__rm} -rf $RPM_BUILD_ROOT%{_libdir}/%{name}-devel-%{tb_version}
# Copy over the LICENSE
cd mozilla
install -c -m 644 LICENSE $RPM_BUILD_ROOT%{mozappdir}
cd -
# Use the system hunspell dictionaries
%{__rm} -rf $RPM_BUILD_ROOT/%{mozappdir}/dictionaries
@ -665,12 +588,6 @@ SentUpstream: 2014-09-22
</application>
EOF
# lightning-gdata
mkdir -p $RPM_BUILD_ROOT%{gdata_extname}
touch $RPM_BUILD_ROOT%{gdata_extname}/chrome.manifest
unzip -qod $RPM_BUILD_ROOT%{gdata_extname} %{objdir}/dist/xpi-stage/gdata-provider-%{gdata_version}.en-US.linux-*.xpi
#===============================================================================
%post
@ -687,10 +604,6 @@ fi
%posttrans
gtk-update-icon-cache %{_datadir}/icons/hicolor &>/dev/null || :
# lightning-gdata files=========================================================
%files lightning-gdata
# temp disable %doc mozilla/LEGAL mozilla/LICENSE mozilla/README.txt
%{gdata_extname}
#===============================================================================
%files -f %{name}.lang
%defattr(-,root,root,-)
@ -711,10 +624,11 @@ gtk-update-icon-cache %{_datadir}/icons/hicolor &>/dev/null || :
%{mozappdir}/dictionaries
%dir %{mozappdir}/extensions
%{mozappdir}/extensions/{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi
%dir %{mozappdir}/langpacks
%if %{build_langpacks}
%dir %{langpackdir}
%endif
%{mozappdir}/greprefs
%{mozappdir}/isp
%{mozappdir}/run-mozilla.sh
%{mozappdir}/thunderbird-bin
%{mozappdir}/thunderbird
%{mozappdir}/*.so
@ -728,6 +642,8 @@ gtk-update-icon-cache %{_datadir}/icons/hicolor &>/dev/null || :
%{_datadir}/icons/hicolor/256x256/apps/thunderbird.png
%{_datadir}/icons/hicolor/32x32/apps/thunderbird.png
%{_datadir}/icons/hicolor/48x48/apps/thunderbird.png
%{_datadir}/icons/hicolor/64x64/apps/thunderbird.png
%{_datadir}/icons/hicolor/128x128/apps/thunderbird.png
%if %{enable_mozilla_crashreporter}
%{mozappdir}/crashreporter
%{mozappdir}/crashreporter.ini
@ -736,15 +652,14 @@ gtk-update-icon-cache %{_datadir}/icons/hicolor &>/dev/null || :
%if !%{?system_nss}
%{mozappdir}/*.chk
%endif
%exclude %{_datadir}/idl/%{name}-%{tb_version}
%exclude %{_includedir}/%{name}-%{tb_version}
%{mozappdir}/dependentlibs.list
%{mozappdir}/distribution
%if !%{?system_libicu}
%{mozappdir}/icudt*.dat
#%{mozappdir}/icudt*.dat
%endif
%{mozappdir}/fonts
%{mozappdir}/chrome.manifest
%{mozappdir}/pingsender
%if %{?use_gtk3}
%{mozappdir}/gtk2/libmozgtk.so
%endif
@ -752,6 +667,10 @@ gtk-update-icon-cache %{_datadir}/icons/hicolor &>/dev/null || :
#===============================================================================
%changelog
* Wed Aug 15 2018 Jan Horak <jhorak@redhat.com> - 60.0-1
- Update to 60.0
- Removing gdata-provider extension because it's no longer provided by Thunderbird
* Sat Jul 14 2018 Fedora Release Engineering <releng@fedoraproject.org> - 52.9.1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild

12
xulrunner-24.0-jemalloc-ppc.patch
View File

@ -1,12 +0,0 @@
diff -up thunderbird-52.0/mozilla/memory/mozjemalloc/jemalloc.c.852698 thunderbird-52.0/mozilla/memory/mozjemalloc/jemalloc.c
--- thunderbird-52.0/mozilla/memory/mozjemalloc/jemalloc.c.852698 2017-04-04 10:32:15.667281885 +0200
+++ thunderbird-52.0/mozilla/memory/mozjemalloc/jemalloc.c 2017-04-04 10:35:15.907018486 +0200
@@ -1096,7 +1096,7 @@ static const bool config_recycle = false
* controlling the malloc behavior are defined as compile-time constants
* for best performance and cannot be altered at runtime.
*/
-#if !defined(__ia64__) && !defined(__sparc__) && !defined(__mips__) && !defined(__aarch64__)
+#if !defined(__ia64__) && !defined(__sparc__) && !defined(__mips__) && !defined(__aarch64__) && !defined(__powerpc__)
#define MALLOC_STATIC_SIZES 1
#endif