control: tags -1 + patch Hi Carsten
On 25.10.2016 07:28, Carsten Schoenert wrote: > On Mon, Oct 24, 2016 at 10:22:58PM +0200, Jens Reyer wrote: >> The changes have been committed upstream by now (Target Milestone: >> Thunderbird 52.0). > > thanks for figuring out and adding additional information to thisd bug > report. > I'm currently unsure if we will fins to include this upstream changes > into the next uploads as we are preparing the switch back to thunderbird > packages. The plan is to serve Thunderbird packages for the Stretch > release. Thunderbird 52.0 ESR will be released 2017-03-07. If I understood the release model correctly, 52.2 ESR will be the first version of this series that will be uploaded to stretch. It will be released on 2017-06-13. No hard opinion if this bug needs to be fixed in the meantime, but personally I'd prefer so. Attached you'll find a ready made patch series. For this I added comm-central as hg/git remote and then cherry-picked the 3 commits from the upstream bug on patch-queue master. There was only one merge conflict, and I'm confident I resolved it correctly. I didn't "quilt refresh" the patches, so there are some whitespace warnings. Previously I already tested successfully that it works as expected. Now I successfully rebuilt 45.5.1-1 with this patch and run this version. Greets jre
>From 23a5fbefa8135ebcb702bb4234187132baf2cb3f Mon Sep 17 00:00:00 2001 From: Jens Reyer <jre.wine...@gmail.com> Date: Sat, 3 Dec 2016 15:07:22 +0100 Subject: [PATCH] improve RSS feeds invalid certificate handling Closes: #837177 Signed-off-by: Jens Reyer <jre.wine...@gmail.com> --- ...ment-verify-mode-in-the-subscribe-dialog-.patch | 335 ++++++++++++++++++++ ...ds-with-an-invalid-certificate-fail-wit-1.patch | 40 +++ ...eeds-with-an-invalid-certificate-fail-wit.patch | 349 +++++++++++++++++++++ debian/patches/series | 3 + 4 files changed, 727 insertions(+) create mode 100644 debian/patches/fixes/Bug-497488-Implement-verify-mode-in-the-subscribe-dialog-.patch create mode 100644 debian/patches/fixes/Bug-497488-RSS-feeds-with-an-invalid-certificate-fail-wit-1.patch create mode 100644 debian/patches/fixes/Bug-497488-RSS-feeds-with-an-invalid-certificate-fail-wit.patch diff --git a/debian/patches/fixes/Bug-497488-Implement-verify-mode-in-the-subscribe-dialog-.patch b/debian/patches/fixes/Bug-497488-Implement-verify-mode-in-the-subscribe-dialog-.patch new file mode 100644 index 0000000..d6e5b34 --- /dev/null +++ b/debian/patches/fixes/Bug-497488-Implement-verify-mode-in-the-subscribe-dialog-.patch @@ -0,0 +1,335 @@ +From: alta88 <alt...@gmail.com> +Date: Tue, 18 Oct 2016 12:02:00 +0200 +Subject: Bug 497488 - Implement verify mode in the subscribe dialog for + existing feed urls. r=mkmelin + +Origin: https://hg.mozilla.org/comm-central/rev/141676b80c81e2a3daeeac6ad21da35086ae0240 +Bug-Debian: https://bugs.debian.org/837177 +Bug: https://bugzilla.mozilla.org/show_bug.cgi?id=497488 +Applied-Upstream: Thunderbird 52.0 + +Signed-off-by: Jens Reyer <jre.wine...@gmail.com> + +# Conflicts: +# mailnews/extensions/newsblog/content/FeedUtils.jsm +--- + .../chrome/messenger-newsblog/newsblog.properties | 1 + + mailnews/extensions/newsblog/content/Feed.js | 30 +++--- + mailnews/extensions/newsblog/content/FeedUtils.jsm | 2 +- + .../newsblog/content/feed-subscriptions.js | 119 ++++++++++++++------- + .../newsblog/content/feed-subscriptions.xul | 2 +- + 5 files changed, 102 insertions(+), 52 deletions(-) + +diff --git a/mail/locales/en-US/chrome/messenger-newsblog/newsblog.properties b/mail/locales/en-US/chrome/messenger-newsblog/newsblog.properties +index 3abbc23..c1a3c97 100644 +--- a/mail/locales/en-US/chrome/messenger-newsblog/newsblog.properties ++++ b/mail/locales/en-US/chrome/messenger-newsblog/newsblog.properties +@@ -13,6 +13,7 @@ subscribe-feedMoved=Feed subscription moved. + subscribe-feedCopied=Feed subscription copied. + subscribe-feedRemoved=Feed unsubscribed. + subscribe-feedNotValid=The Feed URL is not a valid feed. ++subscribe-feedVerified=The Feed URL has been verified. + subscribe-networkError=The Feed URL could not be found. Please check the name and try again. + subscribe-noAuthError=The Feed URL is not authorized. + subscribe-loading=Loading, please wait⦠+diff --git a/mailnews/extensions/newsblog/content/Feed.js b/mailnews/extensions/newsblog/content/Feed.js +index a4b8555..7e47260 100755 +--- a/mailnews/extensions/newsblog/content/Feed.js ++++ b/mailnews/extensions/newsblog/content/Feed.js +@@ -20,6 +20,7 @@ var FeedCache = + let index = this.normalizeHost(aUrl); + if (index in this.mFeeds) + return this.mFeeds[index]; ++ + return null; + }, + +@@ -111,13 +112,10 @@ Feed.prototype = + // Before we do anything, make sure the url is an http url. This is just + // a sanity check so we don't try opening mailto urls, imap urls, etc. that + // the user may have tried to subscribe to as an rss feed. +- let uri = Cc["@mozilla.org/network/standard-url;1"]. +- createInstance(Ci.nsIURI); +- uri.spec = this.url; +- if (!FeedUtils.isValidScheme(uri)) ++ if (!FeedUtils.isValidScheme(this.url)) + { + // Simulate an invalid feed error. +- FeedUtils.log.info("Feed.download: invalid protocol for - " + uri.spec); ++ FeedUtils.log.info("Feed.download: invalid protocol for - " + this.url); + this.onParseError(this); + return; + } +@@ -174,7 +172,7 @@ Feed.prototype = + onDownloaded: function(aEvent) + { + let request = aEvent.target; +- let isHttp = /^http(s?)/.test(request.channel.originalURI.scheme); ++ let isHttp = request.channel.originalURI.scheme.startsWith("http"); + let url = request.channel.originalURI.spec; + if (isHttp && (request.status < 200 || request.status >= 300)) + { +@@ -317,6 +315,7 @@ Feed.prototype = + true); + if (lastModified) + lastModified = lastModified.QueryInterface(Ci.nsIRDFLiteral).Value; ++ + return lastModified; + }, + +@@ -586,15 +585,20 @@ Feed.prototype = + { + // Now that we are done parsing the feed, remove the feed from the cache. + FeedCache.removeFeed(aFeed.url); +- aFeed.removeInvalidItems(false); + +- if (aCode == FeedUtils.kNewsBlogSuccess && aFeed.mLastModified) +- aFeed.lastModified = aFeed.mLastModified; ++ if (aFeed.parseItems) ++ { ++ // Do this only if we're in parse/store mode. ++ aFeed.removeInvalidItems(false); + +- // Flush any feed item changes to disk. +- let ds = FeedUtils.getItemsDS(aFeed.server); +- ds.Flush(); +- FeedUtils.log.debug("Feed.cleanupParsingState: items stored - " + this.itemsStored); ++ if (aCode == FeedUtils.kNewsBlogSuccess && aFeed.mLastModified) ++ aFeed.lastModified = aFeed.mLastModified; ++ ++ // Flush any feed item changes to disk. ++ let ds = FeedUtils.getItemsDS(aFeed.server); ++ ds.Flush(); ++ FeedUtils.log.debug("Feed.cleanupParsingState: items stored - " + this.itemsStored); ++ } + + // Force the xml http request to go away. This helps reduce some nasty + // assertions on shut down. +diff --git a/mailnews/extensions/newsblog/content/FeedUtils.jsm b/mailnews/extensions/newsblog/content/FeedUtils.jsm +index c29d840..8c45451 100644 +--- a/mailnews/extensions/newsblog/content/FeedUtils.jsm ++++ b/mailnews/extensions/newsblog/content/FeedUtils.jsm +@@ -240,8 +240,8 @@ var FeedUtils = { + + aFolder.ListDescendants(allFolders); + ++ let folder; + function feeder() { +- let folder; + let numFolders = allFolders.length; + for (let i = 0; i < numFolders; i++) { + folder = allFolders.queryElementAt(i, Ci.nsIMsgFolder); +diff --git a/mailnews/extensions/newsblog/content/feed-subscriptions.js b/mailnews/extensions/newsblog/content/feed-subscriptions.js +index 45044cc..34bf954 100644 +--- a/mailnews/extensions/newsblog/content/feed-subscriptions.js ++++ b/mailnews/extensions/newsblog/content/feed-subscriptions.js +@@ -25,6 +25,7 @@ var FeedSubscriptions = { + kMoveMode : 3, + kCopyMode : 4, + kImportingOPML : 5, ++ kVerifyUrlMode : 6, + + get FOLDER_ACTIONS() + { +@@ -1016,9 +1017,10 @@ var FeedSubscriptions = { + } + }, + +- setNewFolder: function(aFolder) ++ setNewFolder: function(aEvent) + { +- this.setFolderPicker(aFolder, true); ++ aEvent.stopPropagation(); ++ this.setFolderPicker(aEvent.target._folder, true); + this.editFeed(); + }, + +@@ -1285,6 +1287,13 @@ var FeedSubscriptions = { + return false; + } + ++ if (!FeedUtils.isValidScheme(feedLocation)) ++ { ++ message = FeedUtils.strings.GetStringFromName("subscribe-feedNotValid"); ++ this.updateStatusItem("statusText", message); ++ return false; ++ } ++ + let addFolder; + if (aFolder) + { +@@ -1402,8 +1411,7 @@ var FeedSubscriptions = { + let resource = FeedUtils.rdf.GetResource(itemToEdit.url); + let currentFolderServer = itemToEdit.parentFolder.server; + let ds = FeedUtils.getSubscriptionsDS(currentFolderServer); +- let currentFolder = ds.GetTarget(resource, FeedUtils.FZ_DESTFOLDER, true); +- let currentFolderURI = currentFolder.QueryInterface(Ci.nsIRDFResource).ValueUTF8; ++ let currentFolderURI = itemToEdit.parentFolder.URI; + let feed = new Feed(resource, currentFolderServer); + feed.folder = itemToEdit.parentFolder; + +@@ -1421,7 +1429,38 @@ var FeedSubscriptions = { + return; + } + ++ // Did the user change the folder URI for storing the feed? ++ let editFolderURI = selectFolder.getAttribute("uri"); ++ if (currentFolderURI != editFolderURI) ++ { ++ // Make sure the new folderpicked folder is visible. ++ this.selectFolder(selectFolder._folder); ++ // Now go back to the feed item. ++ this.selectFeed(feed, null); ++ // We need to find the index of the new parent folder. ++ let newParentIndex = this.mView.kRowIndexUndefined; ++ for (let index = 0; index < this.mView.rowCount; index++) ++ { ++ let item = this.mView.getItemAtIndex(index); ++ if (item && item.container && item.url == editFolderURI) ++ { ++ newParentIndex = index; ++ break; ++ } ++ } ++ ++ if (newParentIndex != this.mView.kRowIndexUndefined) ++ this.moveCopyFeed(seln.currentIndex, newParentIndex, "move"); ++ ++ return; ++ } ++ + let updated = false; ++ let message = ""; ++ // Disable the button until the update completes and we process the async ++ // verify response. ++ document.getElementById("editFeed").setAttribute("disabled", true); ++ + // Check to see if the title value changed, no blank title allowed. + if (feed.title != editNameValue) + { +@@ -1447,44 +1486,32 @@ var FeedSubscriptions = { + } + + // Check to see if the categoryPrefs custom prefix string value changed. +- if (itemToEdit.options.category.prefix != editAutotagPrefix) ++ if (itemToEdit.options.category.prefix != editAutotagPrefix && ++ itemToEdit.options.category.prefix != null && ++ editAutotagPrefix != "") + { + itemToEdit.options.category.prefix = editAutotagPrefix; + feed.options = itemToEdit.options; + updated = true; + } + +- // Did the user change the folder URI for storing the feed? +- let editFolderURI = selectFolder.getAttribute("uri"); +- if (currentFolderURI != editFolderURI) +- { +- // Make sure the new folderpicked folder is visible. +- this.selectFolder(selectFolder._folder); +- // Now go back to the feed item. +- this.selectFeed(feed, null); +- // We need to find the index of the new parent folder. +- let newParentIndex = this.mView.kRowIndexUndefined; +- for (let index = 0; index < this.mView.rowCount; index++) +- { +- let item = this.mView.getItemAtIndex(index); +- if (item && item.container && item.url == editFolderURI) +- { +- newParentIndex = index; +- break; +- } +- } +- +- if (newParentIndex != this.mView.kRowIndexUndefined) +- this.moveCopyFeed(seln.currentIndex, newParentIndex, "move"); ++ let verifyDelay = 0; ++ if (updated) { ++ ds.Flush(); ++ message = FeedUtils.strings.GetStringFromName("subscribe-feedUpdated"); ++ this.updateStatusItem("statusText", message); ++ verifyDelay = 1500; + } + +- if (!updated) +- return; +- +- ds.Flush(); +- +- let message = FeedUtils.strings.GetStringFromName("subscribe-feedUpdated"); +- this.updateStatusItem("statusText", message); ++ // Now we want to verify if the stored feed url still works. If it ++ // doesn't, show the error. Delay a bit to leave Updated message visible. ++ message = FeedUtils.strings.GetStringFromName("subscribe-validating-feed"); ++ this.mActionMode = this.kVerifyUrlMode; ++ setTimeout(() => { ++ this.updateStatusItem("statusText", message); ++ this.updateStatusItem("progressMeter", "?"); ++ feed.download(false, this.mFeedDownloadCallback); ++ }, verifyDelay); + }, + + /** +@@ -1652,10 +1679,22 @@ var FeedSubscriptions = { + // Feed is null if our attempt to parse the feed failed. + let message = ""; + let win = FeedSubscriptions; +- if (aErrorCode == FeedUtils.kNewsBlogSuccess) ++ if (aErrorCode == FeedUtils.kNewsBlogSuccess || ++ aErrorCode == FeedUtils.kNewsBlogNoNewItems) + { + win.updateStatusItem("progressMeter", 100); + ++ if (win.mActionMode == win.kVerifyUrlMode) { ++ // Just checking for errors, if none bye. The (non error) code ++ // kNewsBlogNoNewItems can only happen in verify mode. ++ win.mActionMode = null; ++ win.clearStatusInfo(); ++ message = FeedUtils.strings.GetStringFromName("subscribe-feedVerified"); ++ win.updateStatusItem("statusText", message); ++ document.getElementById("editFeed").removeAttribute("disabled"); ++ return; ++ } ++ + // Add the feed to the databases. + FeedUtils.addFeed(feed); + +@@ -1731,7 +1770,9 @@ var FeedSubscriptions = { + else + { + // Non success. Remove intermediate traces from the feeds database. +- if (feed && feed.url && feed.server) ++ // But only if we're not in verify mode. ++ if (win.mActionMode != win.kVerifyUrlMode && ++ feed && feed.url && feed.server) + FeedUtils.deleteFeed(FeedUtils.rdf.GetResource(feed.url), + feed.server, + feed.server.rootFolder); +@@ -1754,9 +1795,13 @@ var FeedSubscriptions = { + message = FeedUtils.strings.GetStringFromName( + "subscribe-noAuthError"); + +- if (win.mActionMode != win.kUpdateMode) ++ if (win.mActionMode != win.kUpdateMode && ++ win.mActionMode != win.kVerifyUrlMode) + // Re-enable the add button if subscribe failed. + document.getElementById("addFeed").removeAttribute("disabled"); ++ if (win.mActionMode == win.kVerifyUrlMode) ++ // Re-enable the update button if verify failed. ++ document.getElementById("editFeed").removeAttribute("disabled"); + } + + win.mActionMode = null; +diff --git a/mailnews/extensions/newsblog/content/feed-subscriptions.xul b/mailnews/extensions/newsblog/content/feed-subscriptions.xul +index 5ccf9c8..a67943a 100644 +--- a/mailnews/extensions/newsblog/content/feed-subscriptions.xul ++++ b/mailnews/extensions/newsblog/content/feed-subscriptions.xul +@@ -132,7 +132,7 @@ + mode="feeds" + showFileHereLabel="true" + showAccountsFileHere="true" +- oncommand="FeedSubscriptions.setNewFolder(event.target._folder)"/> ++ oncommand="FeedSubscriptions.setNewFolder(event)"/> + </menulist> + <textbox id="selectFolderValue" + flex="1" diff --git a/debian/patches/fixes/Bug-497488-RSS-feeds-with-an-invalid-certificate-fail-wit-1.patch b/debian/patches/fixes/Bug-497488-RSS-feeds-with-an-invalid-certificate-fail-wit-1.patch new file mode 100644 index 0000000..61bc437 --- /dev/null +++ b/debian/patches/fixes/Bug-497488-RSS-feeds-with-an-invalid-certificate-fail-wit-1.patch @@ -0,0 +1,40 @@ +From: alta88 <alt...@gmail.com> +Date: Tue, 18 Oct 2016 12:01:00 +0200 +Subject: Bug 497488 - RSS feeds with an invalid certificate fail with a + misleading message. r=IanN a=IanN + +Origin: https://hg.mozilla.org/comm-central/rev/324728b47409a90d5feeba83566db016b3da826c +Bug-Debian: https://bugs.debian.org/837177 +Bug: https://bugzilla.mozilla.org/show_bug.cgi?id=497488 +Applied-Upstream: Thunderbird 52.0 + +Signed-off-by: Jens Reyer <jre.wine...@gmail.com> +--- + suite/locales/en-US/chrome/mailnews/newsblog/newsblog.properties | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/suite/locales/en-US/chrome/mailnews/newsblog/newsblog.properties b/suite/locales/en-US/chrome/mailnews/newsblog/newsblog.properties +index 47e38fd..c1a3c97 100644 +--- a/suite/locales/en-US/chrome/mailnews/newsblog/newsblog.properties ++++ b/suite/locales/en-US/chrome/mailnews/newsblog/newsblog.properties +@@ -13,7 +13,9 @@ subscribe-feedMoved=Feed subscription moved. + subscribe-feedCopied=Feed subscription copied. + subscribe-feedRemoved=Feed unsubscribed. + subscribe-feedNotValid=The Feed URL is not a valid feed. ++subscribe-feedVerified=The Feed URL has been verified. + subscribe-networkError=The Feed URL could not be found. Please check the name and try again. ++subscribe-noAuthError=The Feed URL is not authorized. + subscribe-loading=Loading, please wait⦠+ + subscribe-OPMLImportTitle=Select OPML file to import +@@ -66,6 +68,10 @@ newsblog-noNewArticlesForFeed=There are no new articles for this feed. + newsblog-networkError=%S could not be found. Please check the name and try again. + ## LOCALIZATION NOTE(newsblog-feedNotValid): %S is the feed URL + newsblog-feedNotValid=%S is not a valid feed. ++## LOCALIZATION NOTE(newsblog-badCertError): %S is the feed URL host ++newsblog-badCertError=%S uses an invalid security certificate. ++## LOCALIZATION NOTE(newsblog-noAuthError): %S is the feed URL ++newsblog-noAuthError=%S is not authorized. + newsblog-getNewMsgsCheck=Checking feeds for new items⦠+ + ## LOCALIZATION NOTE(feeds-accountname): This string should be the same as feeds.accountName in am-newsblog.dtd diff --git a/debian/patches/fixes/Bug-497488-RSS-feeds-with-an-invalid-certificate-fail-wit.patch b/debian/patches/fixes/Bug-497488-RSS-feeds-with-an-invalid-certificate-fail-wit.patch new file mode 100644 index 0000000..f2e338f --- /dev/null +++ b/debian/patches/fixes/Bug-497488-RSS-feeds-with-an-invalid-certificate-fail-wit.patch @@ -0,0 +1,349 @@ +From: alta88 <alt...@gmail.com> +Date: Thu, 13 Oct 2016 05:20:00 +0200 +Subject: Bug 497488 - RSS feeds with an invalid certificate fail with a + misleading message. r=mkmelin + +Origin: https://hg.mozilla.org/comm-central/rev/9fcd32547793baeb1881ed251e796243e1e964e9 +Bug-Debian: https://bugs.debian.org/837177 +Bug: https://bugzilla.mozilla.org/show_bug.cgi?id=497488 +Applied-Upstream: Thunderbird 52.0 + +Signed-off-by: Jens Reyer <jre.wine...@gmail.com> +--- + .../chrome/messenger-newsblog/newsblog.properties | 5 + + mailnews/extensions/newsblog/content/Feed.js | 27 ++-- + mailnews/extensions/newsblog/content/FeedUtils.jsm | 136 ++++++++++++++++++++- + .../newsblog/content/feed-subscriptions.js | 31 ++++- + .../newsblog/content/feed-subscriptions.xul | 11 +- + 5 files changed, 198 insertions(+), 12 deletions(-) + +diff --git a/mail/locales/en-US/chrome/messenger-newsblog/newsblog.properties b/mail/locales/en-US/chrome/messenger-newsblog/newsblog.properties +index 47e38fd..3abbc23 100644 +--- a/mail/locales/en-US/chrome/messenger-newsblog/newsblog.properties ++++ b/mail/locales/en-US/chrome/messenger-newsblog/newsblog.properties +@@ -14,6 +14,7 @@ subscribe-feedCopied=Feed subscription copied. + subscribe-feedRemoved=Feed unsubscribed. + subscribe-feedNotValid=The Feed URL is not a valid feed. + subscribe-networkError=The Feed URL could not be found. Please check the name and try again. ++subscribe-noAuthError=The Feed URL is not authorized. + subscribe-loading=Loading, please wait⦠+ + subscribe-OPMLImportTitle=Select OPML file to import +@@ -66,6 +67,10 @@ newsblog-noNewArticlesForFeed=There are no new articles for this feed. + newsblog-networkError=%S could not be found. Please check the name and try again. + ## LOCALIZATION NOTE(newsblog-feedNotValid): %S is the feed URL + newsblog-feedNotValid=%S is not a valid feed. ++## LOCALIZATION NOTE(newsblog-badCertError): %S is the feed URL host ++newsblog-badCertError=%S uses an invalid security certificate. ++## LOCALIZATION NOTE(newsblog-noAuthError): %S is the feed URL ++newsblog-noAuthError=%S is not authorized. + newsblog-getNewMsgsCheck=Checking feeds for new items⦠+ + ## LOCALIZATION NOTE(feeds-accountname): This string should be the same as feeds.accountName in am-newsblog.dtd +diff --git a/mailnews/extensions/newsblog/content/Feed.js b/mailnews/extensions/newsblog/content/Feed.js +index 2d84fc4..a4b8555 100755 +--- a/mailnews/extensions/newsblog/content/Feed.js ++++ b/mailnews/extensions/newsblog/content/Feed.js +@@ -220,15 +220,27 @@ Feed.prototype = + let feed = FeedCache.getFeed(url); + if (feed.downloadCallback) + { ++ // Generic network or 'not found' error initially. + let error = FeedUtils.kNewsBlogRequestFailure; +- try +- { +- if (request.status == 304) +- // If the http status code is 304, the feed has not been modified +- // since we last downloaded it and does not need to be parsed. +- error = FeedUtils.kNewsBlogNoNewItems; ++ ++ if (request.status == 304) { ++ // If the http status code is 304, the feed has not been modified ++ // since we last downloaded it and does not need to be parsed. ++ error = FeedUtils.kNewsBlogNoNewItems; ++ } ++ else { ++ let [errType, errName] = FeedUtils.createTCPErrorFromFailedXHR(request); ++ FeedUtils.log.info("Feed.onDownloaded: request errType:errName:statusCode - " + ++ errType + ":" + errName + ":" + request.status); ++ if (errType == "SecurityCertificate") ++ // This is the code for nsINSSErrorsService.ERROR_CLASS_BAD_CERT ++ // overrideable security certificate errors. ++ error = FeedUtils.kNewsBlogBadCertError; ++ ++ if (request.status == 401 || request.status == 403) ++ // Unauthorized or Forbidden. ++ error = FeedUtils.kNewsBlogNoAuthError; + } +- catch (ex) {} + + feed.downloadCallback.downloaded(feed, error); + } +@@ -602,4 +614,3 @@ Feed.prototype = + this.storeNextItem(); + } + }; +- +diff --git a/mailnews/extensions/newsblog/content/FeedUtils.jsm b/mailnews/extensions/newsblog/content/FeedUtils.jsm +index ec3b16f..c29d840 100644 +--- a/mailnews/extensions/newsblog/content/FeedUtils.jsm ++++ b/mailnews/extensions/newsblog/content/FeedUtils.jsm +@@ -96,10 +96,14 @@ var FeedUtils = { + // Generic networking failure when trying to download the feed. + kNewsBlogRequestFailure: 2, + kNewsBlogFeedIsBusy: 3, +- // There are no new articles for this feed ++ // For 304 Not Modified; There are no new articles for this feed. + kNewsBlogNoNewItems: 4, + kNewsBlogCancel: 5, + kNewsBlogFileError: 6, ++ // Invalid certificate, for overridable user exception errors. ++ kNewsBlogBadCertError: 7, ++ // For 401 Unauthorized or 403 Forbidden. ++ kNewsBlogNoAuthError: 8, + + CANCEL_REQUESTED: false, + AUTOTAG: "~AUTOTAG", +@@ -1243,6 +1247,127 @@ var FeedUtils = { + return validUri ? uri : null; + }, + ++ /** ++ * Returns security/certificate/network error details for an XMLHTTPRequest. ++ * ++ * @param XMLHTTPRequest xhr - The xhr request. ++ * @return array [string errType, string errName] (null if not determined). ++ */ ++ createTCPErrorFromFailedXHR: function(xhr) { ++ let status = xhr.channel.QueryInterface(Ci.nsIRequest).status; ++ ++ let errType = null; ++ let errName = null; ++ if ((status & 0xff0000) === 0x5a0000) { ++ // Security module. ++ const nsINSSErrorsService = Ci.nsINSSErrorsService; ++ let nssErrorsService = Cc["@mozilla.org/nss_errors_service;1"] ++ .getService(nsINSSErrorsService); ++ let errorClass; ++ ++ // getErrorClass()) will throw a generic NS_ERROR_FAILURE if the error ++ // code is somehow not in the set of covered errors. ++ try { ++ errorClass = nssErrorsService.getErrorClass(status); ++ } ++ catch (ex) { ++ // Catch security protocol exception. ++ errorClass = "SecurityProtocol"; ++ } ++ ++ if (errorClass == nsINSSErrorsService.ERROR_CLASS_BAD_CERT) { ++ errType = "SecurityCertificate"; ++ } ++ else { ++ errType = "SecurityProtocol"; ++ } ++ ++ // NSS_SEC errors (happen below the base value because of negative vals). ++ if ((status & 0xffff) < Math.abs(nsINSSErrorsService.NSS_SEC_ERROR_BASE)) { ++ // The bases are actually negative, so in our positive numeric space, ++ // we need to subtract the base off our value. ++ let nssErr = Math.abs(nsINSSErrorsService.NSS_SEC_ERROR_BASE) - (status & 0xffff); ++ ++ switch (nssErr) { ++ case 11: // SEC_ERROR_EXPIRED_CERTIFICATE, sec(11) ++ errName = "SecurityExpiredCertificateError"; ++ break; ++ case 12: // SEC_ERROR_REVOKED_CERTIFICATE, sec(12) ++ errName = "SecurityRevokedCertificateError"; ++ break; ++ ++ // Per bsmith, we will be unable to tell these errors apart very soon, ++ // so it makes sense to just folder them all together already. ++ case 13: // SEC_ERROR_UNKNOWN_ISSUER, sec(13) ++ case 20: // SEC_ERROR_UNTRUSTED_ISSUER, sec(20) ++ case 21: // SEC_ERROR_UNTRUSTED_CERT, sec(21) ++ case 36: // SEC_ERROR_CA_CERT_INVALID, sec(36) ++ errName = "SecurityUntrustedCertificateIssuerError"; ++ break; ++ case 90: // SEC_ERROR_INADEQUATE_KEY_USAGE, sec(90) ++ errName = "SecurityInadequateKeyUsageError"; ++ break; ++ case 176: // SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED, sec(176) ++ errName = "SecurityCertificateSignatureAlgorithmDisabledError"; ++ break; ++ default: ++ errName = "SecurityError"; ++ break; ++ } ++ } ++ else { ++ // Calculating the difference. ++ let sslErr = Math.abs(nsINSSErrorsService.NSS_SSL_ERROR_BASE) - (status & 0xffff); ++ ++ switch (sslErr) { ++ case 3: // SSL_ERROR_NO_CERTIFICATE, ssl(3) ++ errName = "SecurityNoCertificateError"; ++ break; ++ case 4: // SSL_ERROR_BAD_CERTIFICATE, ssl(4) ++ errName = "SecurityBadCertificateError"; ++ break; ++ case 8: // SSL_ERROR_UNSUPPORTED_CERTIFICATE_TYPE, ssl(8) ++ errName = "SecurityUnsupportedCertificateTypeError"; ++ break; ++ case 9: // SSL_ERROR_UNSUPPORTED_VERSION, ssl(9) ++ errName = "SecurityUnsupportedTLSVersionError"; ++ break; ++ case 12: // SSL_ERROR_BAD_CERT_DOMAIN, ssl(12) ++ errName = "SecurityCertificateDomainMismatchError"; ++ break; ++ default: ++ errName = "SecurityError"; ++ break; ++ } ++ } ++ } ++ else { ++ errType = "Network"; ++ switch (status) { ++ // Connect to host:port failed. ++ case 0x804B000C: // NS_ERROR_CONNECTION_REFUSED, network(13) ++ errName = "ConnectionRefusedError"; ++ break; ++ // network timeout error. ++ case 0x804B000E: // NS_ERROR_NET_TIMEOUT, network(14) ++ errName = "NetworkTimeoutError"; ++ break; ++ // Hostname lookup failed. ++ case 0x804B001E: // NS_ERROR_UNKNOWN_HOST, network(30) ++ errName = "DomainNotFoundError"; ++ break; ++ case 0x804B0047: // NS_ERROR_NET_INTERRUPT, network(71) ++ errName = "NetworkInterruptError"; ++ break; ++ default: ++ errName = "NetworkError"; ++ break; ++ } ++ } ++ ++ return [errType, errName]; ++ }, ++ + /** + * Returns if a uri/url is valid to subscribe. + * +@@ -1441,6 +1566,15 @@ var FeedUtils = { + message = FeedUtils.strings.GetStringFromName( + "subscribe-errorOpeningFile"); + break; ++ case FeedUtils.kNewsBlogBadCertError: ++ let host = Services.io.newURI(feed.url, null, null).host; ++ message = FeedUtils.strings.formatStringFromName( ++ "newsblog-badCertError", [host], 1); ++ break; ++ case FeedUtils.kNewsBlogNoAuthError: ++ message = FeedUtils.strings.formatStringFromName( ++ "newsblog-noAuthError", [feed.url], 1); ++ break; + } + if (message) + FeedUtils.log.info("downloaded: " + +diff --git a/mailnews/extensions/newsblog/content/feed-subscriptions.js b/mailnews/extensions/newsblog/content/feed-subscriptions.js +index 4742f07..45044cc 100644 +--- a/mailnews/extensions/newsblog/content/feed-subscriptions.js ++++ b/mailnews/extensions/newsblog/content/feed-subscriptions.js +@@ -1146,7 +1146,9 @@ var FeedSubscriptions = { + + onMouseDown: function (aEvent) + { +- if (aEvent.button != 0 || aEvent.target.id == "validationText") ++ if (aEvent.button != 0 || ++ aEvent.target.id == "validationText" || ++ aEvent.target.id == "addCertException") + return; + + this.clearStatusInfo(); +@@ -1743,6 +1745,14 @@ var FeedSubscriptions = { + if (aErrorCode == FeedUtils.kNewsBlogFileError) + message = FeedUtils.strings.GetStringFromName( + "subscribe-errorOpeningFile"); ++ if (aErrorCode == FeedUtils.kNewsBlogBadCertError) { ++ let host = Services.io.newURI(feed.url, null, null).host; ++ message = FeedUtils.strings.formatStringFromName( ++ "newsblog-badCertError", [host], 1); ++ } ++ if (aErrorCode == FeedUtils.kNewsBlogNoAuthError) ++ message = FeedUtils.strings.GetStringFromName( ++ "subscribe-noAuthError"); + + if (win.mActionMode != win.kUpdateMode) + // Re-enable the add button if subscribe failed. +@@ -1796,6 +1806,12 @@ var FeedSubscriptions = { + el.removeAttribute("collapsed"); + else + el.setAttribute("collapsed", true); ++ ++ el = document.getElementById("addCertException"); ++ if (aErrorCode == FeedUtils.kNewsBlogBadCertError) ++ el.removeAttribute("collapsed"); ++ else ++ el.setAttribute("collapsed", true); + }, + + clearStatusInfo: function() +@@ -1803,6 +1819,7 @@ var FeedSubscriptions = { + document.getElementById("statusText").textContent = ""; + document.getElementById("progressMeter").collapsed = true; + document.getElementById("validationText").collapsed = true; ++ document.getElementById("addCertException").collapsed = true; + }, + + checkValidation: function(aEvent) +@@ -1829,6 +1846,18 @@ var FeedSubscriptions = { + aEvent.stopPropagation(); + }, + ++ addCertExceptionDialog: function() ++ { ++ let feedURL = document.getElementById("locationValue").value.trim(); ++ let params = { exceptionAdded : false, ++ location: feedURL, ++ prefetchCert: true }; ++ window.openDialog("chrome://pippki/content/exceptionDialog.xul", ++ "", "chrome,centerscreen,modal", params); ++ if (params.exceptionAdded) ++ this.clearStatusInfo(); ++ }, ++ + // Listener for folder pane changes. + FolderListener: { + get feedWindow() { +diff --git a/mailnews/extensions/newsblog/content/feed-subscriptions.xul b/mailnews/extensions/newsblog/content/feed-subscriptions.xul +index 8344167..5ccf9c8 100644 +--- a/mailnews/extensions/newsblog/content/feed-subscriptions.xul ++++ b/mailnews/extensions/newsblog/content/feed-subscriptions.xul +@@ -10,8 +10,10 @@ + <?xml-stylesheet href="chrome://messenger-newsblog/skin/feed-subscriptions.css" type="text/css"?> + + <!DOCTYPE window [ +-<!ENTITY % feedDTD SYSTEM "chrome://messenger-newsblog/locale/feed-subscriptions.dtd"> +- %feedDTD; ++ <!ENTITY % feedDTD SYSTEM "chrome://messenger-newsblog/locale/feed-subscriptions.dtd"> ++ %feedDTD; ++ <!ENTITY % certDTD SYSTEM "chrome://pippki/locale/certManager.dtd"> ++ %certDTD; + ]> + + <window id="subscriptionsDialog" +@@ -176,6 +178,11 @@ + crop="end" + value="&validateText.label;" + onclick="FeedSubscriptions.checkValidation(event);"/> ++ <button id="addCertException" ++ collapsed="true" ++ label="&certmgr.addException.label;" ++ accesskey="&certmgr.addException.accesskey;" ++ oncommand="FeedSubscriptions.addCertExceptionDialog();"/> + <progressmeter id="progressMeter" + collapsed="true" + mode="determined" diff --git a/debian/patches/series b/debian/patches/series index 0d8a726..eab4f46 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -97,3 +97,6 @@ porting-kfreebsd-hurd/CrossProcessMutex.h-fix-build-on-kfreebsd-and-GNU-hurd.pat fixes/Bug-1277295-Remove-obsolete-reference-to-storage-service-.patch fixes/Bug-1245076-Don-t-include-mozalloc.h-from-the-cstdlib-wra.patch porting-mips/libyuv_disable-mips-assembly-for-MIPS64.patch +fixes/Bug-497488-RSS-feeds-with-an-invalid-certificate-fail-wit.patch +fixes/Bug-497488-Implement-verify-mode-in-the-subscribe-dialog-.patch +fixes/Bug-497488-RSS-feeds-with-an-invalid-certificate-fail-wit-1.patch -- 2.10.2