Merge branch 'master' into f33

firefox-nss-addon-hack.patch

@@ -0,0 +1,19 @@
+diff -up firefox-84.0.2/security/certverifier/NSSCertDBTrustDomain.cpp.nss-hack firefox-84.0.2/security/certverifier/NSSCertDBTrustDomain.cpp
+--- firefox-84.0.2/security/certverifier/NSSCertDBTrustDomain.cpp.nss-hack      2021-01-11 12:12:02.585514543 +0100
++++ firefox-84.0.2/security/certverifier/NSSCertDBTrustDomain.cpp       2021-01-11 12:47:50.345984582 +0100
+@@ -1619,6 +1619,15 @@ SECStatus InitializeNSS(const nsACString
+     return srv;
+   }
+
++  /* Sets the NSS_USE_ALG_IN_ANY_SIGNATURE bit.
++   * does not change NSS_USE_ALG_IN_CERT_SIGNATURE,
++   * so policy will still disable use of sha1 in
++   * certificate related signature processing. */
++  srv = NSS_SetAlgorithmPolicy(SEC_OID_SHA1, NSS_USE_ALG_IN_ANY_SIGNATURE, 0);
++  if (srv != SECSuccess) {
++    NS_WARNING("Unable to use SHA1 for Add-ons, expect broken/disabled Add-ons. See https://bugzilla.redhat.com/show_bug.cgi?id=1908018 for details.");
++  }
++
+   if (nssDbConfig == NSSDBConfig::ReadWrite) {
+     UniquePK11SlotInfo slot(PK11_GetInternalKeySlot());
+     if (!slot) {

firefox.spec

@@ -4,6 +4,15 @@
 %global build_with_clang  0
 %global build_with_asan   0
 %global run_firefox_tests 1
+# Temporary disable tests on Rawhide/arm/i686 due to failures
+%if 0%{?fedora} > 33
+%ifarch armv7hl
+%global run_firefox_tests 0
+%endif
+%ifarch %{ix86}
+%global run_firefox_tests 0
+%endif
+%endif
 %global test_offscreen    1
 %global test_on_wayland   0
 %global create_debuginfo  1
@@ -131,7 +140,7 @@ ExcludeArch: s390x
 Summary:        Mozilla Firefox Web browser
 Name:           firefox
 Version:        84.0.2
-Release:        1%{?pre_tag}%{?dist}
+Release:        2%{?pre_tag}%{?dist}
 URL:            https://www.mozilla.org/firefox/
 License:        MPLv1.1 or GPLv2+ or LGPLv2+
 Source0:        https://archive.mozilla.org/pub/firefox/releases/%{version}%{?pre_version}/source/firefox-%{version}%{?pre_version}.source.tar.xz
@@ -192,6 +201,7 @@ Patch224:        mozilla-1170092.patch
 Patch226:        rhbz-1354671.patch
 Patch227:        firefox-locale-debug.patch
 Patch228:        disable-openh264-download.patch
+Patch229:        firefox-nss-addon-hack.patch
 
 # Upstream patches
 Patch402:        mozilla-1196777.patch
@@ -409,6 +419,7 @@ This package contains results of tests executed during build.
 %endif
 %patch227 -p1 -b .locale-debug
 %patch228 -p1 -b .disable-openh264-download
+%patch229 -p1 -b .firefox-nss-addon-hack
 
 %patch402 -p1 -b .1196777
 %patch407 -p1 -b .1667096
@@ -1013,6 +1024,9 @@ gtk-update-icon-cache %{_datadir}/icons/hicolor &>/dev/null || :
 #---------------------------------------------------------------------
 
 %changelog
+* Mon Jan 11 2021 Martin Stransky <stransky@redhat.com> - 84.0.2-2
+- Added a workaround for rhbz#1908018
+
 * Wed Jan 6 2021 Martin Stransky <stransky@redhat.com> - 84.0.2-1
 - Updated to 84.0.2
 

run-tests-wayland

@@ -70,8 +70,8 @@ if [ $OFFSCREEN_TESTING -ne 0 ] ; then
 fi
 
 if [ $RUN_XPCSHELL_TEST -ne 0 ] ; then
-  ./mach xpcshell-test --sequential 2>&1 | cat - | tee $TEST_DIR/xpcshell
-  ./mach xpcshell-test --sequential --enable-webrender 2>&1 | cat - | tee $TEST_DIR/xpcshell-wr
+  ./mach xpcshell-test 2>&1 | cat - | tee $TEST_DIR/xpcshell
+  ./mach xpcshell-test --enable-webrender 2>&1 | cat - | tee $TEST_DIR/xpcshell-wr
 fi
 
 # Basic render testing