import firefox-91.4.0-3.el9

2022-01-11 12:08:00 -05:00 · 2022-01-11 12:08:00 -05:00 · 3693bec26f
commit 3693bec26f
parent 00e4b213f5
4 changed files with 41 additions and 11 deletions
--- a/.firefox.metadata
+++ b/.firefox.metadata
@ -1,5 +1,5 @@
 c822547dbc12e2baebdfdfb38b665e23f0c2513a SOURCES/cbindgen-vendor.tar.xz
-736b0b4313f678de624c0124f61a86893385d110 SOURCES/firefox-91.3.0esr.processed-source.tar.xz
-7b821f5b94cba12efc8a2b86dbd8c7321b453568 SOURCES/firefox-langpacks-91.3.0esr-20211101.tar.xz
+322e0ffb8b442f599b0f5dd695e6f83050b3dc82 SOURCES/firefox-91.4.0esr.processed-source.tar.xz
+74a1b8c9a5f4a96f80af2d3fe542495e3af2423a SOURCES/firefox-langpacks-91.4.0esr-20211201.tar.xz
 b5fd1332d8e0d37339ae170c7bebcb63a40b22e0 SOURCES/nspr-4.32.0-1.el8_1.src.rpm
-29da2158892dc108a7a21fd8411fccf0061481b3 SOURCES/nss-3.67.0-6.el8_1.src.rpm
+8fff814901e03c2518ede2f8992d898f5ba61ed9 SOURCES/nss-3.67.0-7.el8_1.src.rpm
--- a/.gitignore
+++ b/.gitignore
@ -1,5 +1,5 @@
 SOURCES/cbindgen-vendor.tar.xz
-SOURCES/firefox-91.3.0esr.processed-source.tar.xz
-SOURCES/firefox-langpacks-91.3.0esr-20211101.tar.xz
+SOURCES/firefox-91.4.0esr.processed-source.tar.xz
+SOURCES/firefox-langpacks-91.4.0esr-20211201.tar.xz
 SOURCES/nspr-4.32.0-1.el8_1.src.rpm
-SOURCES/nss-3.67.0-6.el8_1.src.rpm
+SOURCES/nss-3.67.0-7.el8_1.src.rpm
--- a/SOURCES/firefox-nss-addon-hack.patch
+++ b/SOURCES/firefox-nss-addon-hack.patch
@ -0,0 +1,19 @@
+diff -up firefox-84.0.2/security/certverifier/NSSCertDBTrustDomain.cpp.nss-hack firefox-84.0.2/security/certverifier/NSSCertDBTrustDomain.cpp
+--- firefox-84.0.2/security/certverifier/NSSCertDBTrustDomain.cpp.nss-hack      2021-01-11 12:12:02.585514543 +0100
+++ firefox-84.0.2/security/certverifier/NSSCertDBTrustDomain.cpp       2021-01-11 12:47:50.345984582 +0100
+@@ -1619,6 +1619,15 @@ SECStatus InitializeNSS(const nsACString
+     return srv;
+   }
+
+  /* Sets the NSS_USE_ALG_IN_ANY_SIGNATURE bit.
+   * does not change NSS_USE_ALG_IN_CERT_SIGNATURE,
+   * so policy will still disable use of sha1 in
+   * certificate related signature processing. */
+  srv = NSS_SetAlgorithmPolicy(SEC_OID_SHA1, NSS_USE_ALG_IN_ANY_SIGNATURE, 0);
+  if (srv != SECSuccess) {
+    NS_WARNING("Unable to use SHA1 for Add-ons, expect broken/disabled Add-ons. See https://bugzilla.redhat.com/show_bug.cgi?id=1908018 for details.");
+  }
+
+   if (nssDbConfig == NSSDBConfig::ReadWrite) {
+     UniquePK11SlotInfo slot(PK11_GetInternalKeySlot());
+     if (!slot) {
--- a/SPECS/firefox.spec
+++ b/SPECS/firefox.spec
@ -128,8 +128,8 @@ end}

 Summary:        Mozilla Firefox Web browser
 Name:           firefox
-Version:        91.3.0
-Release:        1%{?dist}
+Version:        91.4.0
+Release:        3%{?dist}
 URL:            https://www.mozilla.org/firefox/
 License:        MPLv1.1 or GPLv2+ or LGPLv2+
 %if 0%{?rhel} == 9
@ -149,7 +149,7 @@ ExcludeArch:    s390 ppc
 # Link to official tarball: https://hg.mozilla.org/releases/mozilla-release/archive/firefox-%%{version}%%{?pre_version}.source.tar.xz
 Source0:        firefox-%{version}%{?pre_version}.processed-source.tar.xz
 %if %{build_langpacks}
-Source1:        firefox-langpacks-%{version}%{?pre_version}-20211101.tar.xz
+Source1:        firefox-langpacks-%{version}%{?pre_version}-20211201.tar.xz
 %endif
 Source2:        cbindgen-vendor.tar.xz
 Source3:        process-official-tarball
@ -168,7 +168,7 @@ Source26:       distribution.ini
 Source27:       google-api-key
 Source28:       node-stdout-nonblocking-wrapper

-Source403:      nss-3.67.0-6.el8_1.src.rpm
+Source403:      nss-3.67.0-7.el8_1.src.rpm
 Source401:      nss-setup-flags-env.inc
 Source402:      nspr-4.32.0-1.el8_1.src.rpm

@ -184,6 +184,7 @@ Patch6:         build-nss-version.patch
 Patch215:        firefox-enable-addons.patch
 Patch219:        rhbz-1173156.patch
 Patch224:        mozilla-1170092.patch
+Patch225:        firefox-nss-addon-hack.patch

 # Upstream patches

@ -424,6 +425,7 @@ echo "use_rustts            %{?use_rustts}"
 %patch215 -p1 -b .addons
 %patch219 -p1 -b .rhbz-1173156
 %patch224 -p1 -b .1170092
+%patch225 -p1 -b .firefox-nss-addon-hack

 # Patch for big endian platforms only
 %if 0%{?big_endian}
@ -480,7 +482,7 @@ echo "ac_add_options --disable-optimize" >> .mozconfig
 %else
 %global optimize_flags "-g -O2"
 %ifarch s390x
-%global optimize_flags "-g -O1"
+%global optimize_flags "-g -O2"
 %endif
 %ifarch ppc64le aarch64
 %global optimize_flags "-g -O2"
@ -1247,6 +1249,15 @@ gtk-update-icon-cache %{_datadir}/icons/hicolor &>/dev/null || :
 #---------------------------------------------------------------------

 %changelog
+* Wed Dec 22 2021 Jan Horak <jhorak@redhat.com> - 91.4.0-3
+- Enable optimalization on s390x
+
+* Mon Dec 13 2021 Jan Horak <jhorak@redhat.com> - 91.4.0-2
+- Added fix for failing addons signatures.
+
+* Wed Dec 01 2021 Eike Rathke <erack@redhat.com> - 91.4.0-1
+- Update to 91.4.0 build1
+
 * Mon Nov 01 2021 Eike Rathke <erack@redhat.com> - 91.3.0-1
 - Update to 91.3.0 build1