From 84aecf83e0b356ea51e2c00c83626dc49f8d0ad7 Mon Sep 17 00:00:00 2001 From: Jan Horak Date: Thu, 27 Apr 2017 11:49:26 +0200 Subject: [PATCH] Added patch for rhbz#1400293 - kai nss patch which removes workaround patch, for F24 and F25 --- firefox.spec | 25 +++++++++++++++-------- rhbz-1400293-workaround.patch | 37 ----------------------------------- 2 files changed, 17 insertions(+), 45 deletions(-) delete mode 100644 rhbz-1400293-workaround.patch diff --git a/firefox.spec b/firefox.spec index d287b0e..ffac162 100644 --- a/firefox.spec +++ b/firefox.spec @@ -110,7 +110,7 @@ Summary: Mozilla Firefox Web browser Name: firefox Version: 53.0 -Release: 3%{?pre_tag}%{?dist} +Release: 4%{?pre_tag}%{?dist} URL: https://www.mozilla.org/firefox/ License: MPLv1.1 or GPLv2+ or LGPLv2+ Group: Applications/Internet @@ -149,9 +149,7 @@ Patch224: mozilla-1170092.patch Patch225: mozilla-1005640-accept-lang.patch #ARM run-time patch Patch226: rhbz-1354671.patch -# Fix depends on p11-kit-trust 0.23.4 and enhanced ca-certificates.rpm Patch227: rhbz-1400293-fix-mozilla-1324096.patch -Patch228: rhbz-1400293-workaround.patch Patch229: firefox-nss-version.patch # Upstream patches @@ -222,6 +220,19 @@ BuildRequires: nss-devel >= 3.29.1-2.1 Requires: nss >= 3.29.1-2.1 %endif +%if 0%{?fedora} < 26 +# Using Conflicts for p11-kit, not Requires, because on multi-arch +# systems p11-kit isn't yet available for secondary arches like +# p11-kit.i686 (fallback to libnssckbi.so from NSS). +# This build contains backports from p11-kit 0.23.4 +Conflicts: p11-kit < 0.23.2-3 +# Requires build with CKA_NSS_MOZILLA_CA_POLICY attribute +Requires: ca-certificates >= 2017.2.11-1.1 +# Requires NSS build with backports from NSS 3.30 +BuildRequires: nss-devel >= 3.29.3-1.1 +Requires: nss >= 3.29.3-1.1 +%endif + BuildRequires: desktop-file-utils BuildRequires: system-bookmarks %if %{?system_sqlite} @@ -313,12 +324,7 @@ cd %{tarballdir} %ifarch aarch64 %patch226 -p1 -b .1354671 %endif -%if 0%{?fedora} > 25 - # Fix depends on p11-kit-trust 0.23.4 and enhanced ca-certificates.rpm %patch227 -p1 -b .rh1400293 -%else -%patch228 -p1 -b .rh1400293 -%endif %patch229 -p1 -b .nss-version %patch304 -p1 -b .1253216 @@ -855,6 +861,9 @@ gtk-update-icon-cache %{_datadir}/icons/hicolor &>/dev/null || : #--------------------------------------------------------------------- %changelog +* Thu Apr 27 2017 Jan Horak - 53.0-4 +- Added patch from rhbz#1400293 + * Thu Apr 20 2017 Martin Stransky - 53.0-3 - Enabled second arches diff --git a/rhbz-1400293-workaround.patch b/rhbz-1400293-workaround.patch deleted file mode 100644 index f9cc7c2..0000000 --- a/rhbz-1400293-workaround.patch +++ /dev/null @@ -1,37 +0,0 @@ -diff -up ./CertVerifier.cpp.ignoreBuiltinStatus ./CertVerifier.cpp ---- ./security/certverifier/CertVerifier.cpp.ignoreBuiltinStatus 2016-10-31 21:15:28.000000000 +0100 -+++ ./security/certverifier/CertVerifier.cpp 2016-12-16 21:35:32.155105623 +0100 -@@ -65,6 +65,9 @@ InitCertVerifierLog() - Result - IsCertChainRootBuiltInRoot(const UniqueCERTCertList& chain, bool& result) - { -+ result = false; -+ return Success; -+#if 0 - if (!chain || CERT_LIST_EMPTY(chain)) { - return Result::FATAL_ERROR_LIBRARY_FAILURE; - } -@@ -77,12 +80,15 @@ IsCertChainRootBuiltInRoot(const UniqueC - return Result::FATAL_ERROR_LIBRARY_FAILURE; - } - return IsCertBuiltInRoot(root, result); -+#endif - } - - Result - IsCertBuiltInRoot(CERTCertificate* cert, bool& result) - { - result = false; -+ return Success; -+#if 0 - #ifdef DEBUG - nsCOMPtr component(do_GetService(PSM_COMPONENT_CONTRACTID)); - if (!component) { -@@ -114,6 +120,7 @@ IsCertBuiltInRoot(CERTCertificate* cert, - } - } - return Success; -+#endif - } - - static Result