[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Processed: Re: Bug#624354: ./xpcshell: error while loading shared libraries: ./libxul.so: R_PPC_REL24 relocation at 0x0f9f0148 for symbol `_restgpr_29_x' out of range

On Thu, Apr 28, 2011 at 10:00:09AM +0200, Matthias Klose wrote:
> On 04/28/2011 09:57 AM, Mike Hommey wrote:
> >Take the build log, remove all lines without -fPIC, you'll only get
> >lines for building binaries and objects that aren't linked into
> >libxul.so. QED.
> 
> shows nothing at all, and in particular no reason for the reassignment.

Another data point that I gave before: 3.5.17-1 built just fine, but
3.5.18-1 didn't. And attached here is the diff between both versions,
since you don't trust the maintainer telling you that the switch in the
toolchain is the likely culprit.

But, yeah, it's just easier to dismiss toolchain bugs.

diff --git a/.hgtags b/.hgtags
index e4d679e..c049fad 100644
--- a/.hgtags
+++ b/.hgtags
@@ -40,3 +40,7 @@ f7a9328d3fb6f1829858cb9774637bcb756ee29f UPDATE_PACKAGING_R7
 4e2a6694987623bf43c83f2d0d161e5506431e1a UPDATE_PACKAGING_R11_1
 d5eeb3c1521478207596dc753c0649ed2cf67ee2 FIREFOX_3_5_17_RELEASE
 d5eeb3c1521478207596dc753c0649ed2cf67ee2 FIREFOX_3_5_17_BUILD1
+d5eeb3c1521478207596dc753c0649ed2cf67ee2 SEAMONKEY_2_0_12_BUILD1
+d5eeb3c1521478207596dc753c0649ed2cf67ee2 SEAMONKEY_2_0_12_RELEASE
+5a5dcb215b8d58a7b37c489ff5f5937acd0bc707 FIREFOX_3_5_18_RELEASE
+5a5dcb215b8d58a7b37c489ff5f5937acd0bc707 FIREFOX_3_5_18_BUILD1
diff --git a/browser/config/version.txt b/browser/config/version.txt
index c8e1136..cec4e41 100644
--- a/browser/config/version.txt
+++ b/browser/config/version.txt
@@ -1 +1 @@
-3.5.17
+3.5.18
diff --git a/config/milestone.txt b/config/milestone.txt
index 3f423a4..b7d5e54 100644
--- a/config/milestone.txt
+++ b/config/milestone.txt
@@ -10,4 +10,4 @@
 # hardcoded milestones in the tree from these two files.
 #--------------------------------------------------------
 
-1.9.1.17
+1.9.1.18
diff --git a/debian/changelog b/debian/changelog
index 557b468..6cbd2dc 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+iceweasel (3.5.18-1) unstable; urgency=high
+
+  * New upstream release.
+  * mfsa2011-11: Update to HTTPS certificate blacklist.
+
+ -- Mike Hommey <glandium@debian.org>  Wed, 23 Mar 2011 10:53:41 +0100
+
 iceweasel (3.5.17-1) unstable; urgency=high
 
   * New upstream release.
diff --git a/debian/control b/debian/control
index 882cbe0..e1aa468 100644
--- a/debian/control
+++ b/debian/control
@@ -55,7 +55,7 @@ Depends: ${shlibs:Depends},
          fontconfig,
          procps,
          debianutils (>= 1.16),
-         xulrunner-1.9.1 (>= 1.9.1.17)
+         xulrunner-1.9.1 (>= 1.9.1.18)
 Suggests: ttf-lyx | latex-xft-fonts,
           xfonts-mathml,
           ttf-mathematica4.1,
diff --git a/js/src/config/milestone.txt b/js/src/config/milestone.txt
index 3f423a4..b7d5e54 100644
--- a/js/src/config/milestone.txt
+++ b/js/src/config/milestone.txt
@@ -10,4 +10,4 @@
 # hardcoded milestones in the tree from these two files.
 #--------------------------------------------------------
 
-1.9.1.17
+1.9.1.18
diff --git a/security/manager/ssl/src/nsNSSCallbacks.cpp b/security/manager/ssl/src/nsNSSCallbacks.cpp
index b2dc52e..3f0a221 100644
--- a/security/manager/ssl/src/nsNSSCallbacks.cpp
+++ b/security/manager/ssl/src/nsNSSCallbacks.cpp
@@ -75,6 +75,7 @@
 #include "cert.h"
 #include "ocsp.h"
 #include "nssb64.h"
+#include "secerr.h"
 
 static NS_DEFINE_CID(kNSSComponentCID, NS_NSSCOMPONENT_CID);
 NSSCleanupAutoPtrClass(CERTCertificate, CERT_DestroyCertificate)
@@ -978,10 +979,70 @@ void PR_CALLBACK HandshakeCallback(PRFileDesc* fd, void* client_data) {
   PR_Free(signer);
 }
 
+struct nsSerialBinaryBlacklistEntry
+{
+  unsigned int len;
+  const char *binary_serial;
+};
+
+// bug 642395
+static struct nsSerialBinaryBlacklistEntry myUTNBlacklistEntries[] = {
+  { 17, "\x00\x92\x39\xd5\x34\x8f\x40\xd1\x69\x5a\x74\x54\x70\xe1\xf2\x3f\x43" },
+  { 17, "\x00\xd8\xf3\x5f\x4e\xb7\x87\x2b\x2d\xab\x06\x92\xe3\x15\x38\x2f\xb0" },
+  { 16, "\x72\x03\x21\x05\xc5\x0c\x08\x57\x3d\x8e\xa5\x30\x4e\xfe\xe8\xb0" },
+  { 17, "\x00\xb0\xb7\x13\x3e\xd0\x96\xf9\xb5\x6f\xae\x91\xc8\x74\xbd\x3a\xc0" },
+  { 16, "\x39\x2a\x43\x4f\x0e\x07\xdf\x1f\x8a\xa3\x05\xde\x34\xe0\xc2\x29" },
+  { 16, "\x3e\x75\xce\xd4\x6b\x69\x30\x21\x21\x88\x30\xae\x86\xa8\x2a\x71" },
+  { 17, "\x00\xe9\x02\x8b\x95\x78\xe4\x15\xdc\x1a\x71\x0a\x2b\x88\x15\x44\x47" },
+  { 17, "\x00\xd7\x55\x8f\xda\xf5\xf1\x10\x5b\xb2\x13\x28\x2b\x70\x77\x29\xa3" },
+  { 16, "\x04\x7e\xcb\xe9\xfc\xa5\x5f\x7b\xd0\x9e\xae\x36\xe1\x0c\xae\x1e" },
+  { 17, "\x00\xf5\xc8\x6a\xf3\x61\x62\xf1\x3a\x64\xf5\x4f\x6d\xc9\x58\x7c\x06" },
+  { 0, 0 } // end marker
+};
+
 SECStatus PR_CALLBACK AuthCertificateCallback(void* client_data, PRFileDesc* fd,
                                               PRBool checksig, PRBool isServer) {
   nsNSSShutDownPreventionLock locker;
 
+  CERTCertificate *serverCert = SSL_PeerCertificate(fd);
+  if (serverCert && 
+      serverCert->serialNumber.data &&
+      !strcmp(serverCert->issuerName, 
+        "CN=UTN-USERFirst-Hardware,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US")) {
+
+    unsigned char *server_cert_comparison_start = (unsigned char*)serverCert->serialNumber.data;
+    unsigned int server_cert_comparison_len = serverCert->serialNumber.len;
+
+    while (server_cert_comparison_len) {
+      if (*server_cert_comparison_start != 0)
+        break;
+
+      ++server_cert_comparison_start;
+      --server_cert_comparison_len;
+    }
+
+    nsSerialBinaryBlacklistEntry *walk = myUTNBlacklistEntries;
+    for ( ; walk && walk->len; ++walk) {
+
+      unsigned char *locked_cert_comparison_start = (unsigned char*)walk->binary_serial;
+      unsigned int locked_cert_comparison_len = walk->len;
+      
+      while (locked_cert_comparison_len) {
+        if (*locked_cert_comparison_start != 0)
+          break;
+        
+        ++locked_cert_comparison_start;
+        --locked_cert_comparison_len;
+      }
+
+      if (server_cert_comparison_len == locked_cert_comparison_len &&
+          !memcmp(server_cert_comparison_start, locked_cert_comparison_start, locked_cert_comparison_len)) {
+        PR_SetError(SEC_ERROR_REVOKED_CERTIFICATE, 0);
+        return SECFailure;
+      }
+    }
+  }
+  
   // first the default action
   SECStatus rv = SSL_AuthCertificate(CERT_GetDefaultCertDB(), fd, checksig, isServer);
 
@@ -989,7 +1050,6 @@ SECStatus PR_CALLBACK AuthCertificateCallback(void* client_data, PRFileDesc* fd,
   // complete chain at any time it might need it.
   // But we keep only those CA certs in the temp db, that we didn't already know.
   
-  CERTCertificate *serverCert = SSL_PeerCertificate(fd);
   CERTCertificateCleaner serverCertCleaner(serverCert);
 
   if (serverCert) {
Reply to: