rpms/firefox
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Added a workaround for rhbz#1908018

Browse Source
This commit is contained in:
Martin Stransky 2021-01-11 13:35:55 +01:00
parent 83be9a9005
commit d4a7089f0c
2 changed files with 25 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
firefox-nss-addon-hack.patch Normal file
View File

@ -0,0 +1,19 @@
diff -up firefox-84.0.2/security/certverifier/NSSCertDBTrustDomain.cpp.nss-hack firefox-84.0.2/security/certverifier/NSSCertDBTrustDomain.cpp
--- firefox-84.0.2/security/certverifier/NSSCertDBTrustDomain.cpp.nss-hack 2021-01-11 12:12:02.585514543 +0100
+++ firefox-84.0.2/security/certverifier/NSSCertDBTrustDomain.cpp 2021-01-11 12:47:50.345984582 +0100
@@ -1619,6 +1619,15 @@ SECStatus InitializeNSS(const nsACString
return srv;
}
+ /* Sets the NSS_USE_ALG_IN_ANY_SIGNATURE bit.
+ * does not change NSS_USE_ALG_IN_CERT_SIGNATURE,
+ * so policy will still disable use of sha1 in
+ * certificate related signature processing. */
+ srv = NSS_SetAlgorithmPolicy(SEC_OID_SHA1, NSS_USE_ALG_IN_ANY_SIGNATURE, 0);
+ if (srv != SECSuccess) {
+ NS_WARNING("Unable to use SHA1 for Add-ons, expect broken/disabled Add-ons. See https://bugzilla.redhat.com/show_bug.cgi?id=1908018 for details.");
+ }
+
if (nssDbConfig == NSSDBConfig::ReadWrite) {
UniquePK11SlotInfo slot(PK11_GetInternalKeySlot());
if (!slot) {

7
firefox.spec
View File

@ -140,7 +140,7 @@ ExcludeArch: s390x
Summary: Mozilla Firefox Web browser Summary: Mozilla Firefox Web browser
Name: firefox Name: firefox
Version: 84.0.2 Version: 84.0.2
Release: 1%{?pre_tag}%{?dist} Release: 2%{?pre_tag}%{?dist}
URL: https://www.mozilla.org/firefox/ URL: https://www.mozilla.org/firefox/
License: MPLv1.1 or GPLv2+ or LGPLv2+ License: MPLv1.1 or GPLv2+ or LGPLv2+
Source0: https://archive.mozilla.org/pub/firefox/releases/%{version}%{?pre_version}/source/firefox-%{version}%{?pre_version}.source.tar.xz Source0: https://archive.mozilla.org/pub/firefox/releases/%{version}%{?pre_version}/source/firefox-%{version}%{?pre_version}.source.tar.xz
@ -201,6 +201,7 @@ Patch224: mozilla-1170092.patch
Patch226: rhbz-1354671.patch Patch226: rhbz-1354671.patch
Patch227: firefox-locale-debug.patch Patch227: firefox-locale-debug.patch
Patch228: disable-openh264-download.patch Patch228: disable-openh264-download.patch
Patch229: firefox-nss-addon-hack.patch
# Upstream patches # Upstream patches
Patch402: mozilla-1196777.patch Patch402: mozilla-1196777.patch
@ -418,6 +419,7 @@ This package contains results of tests executed during build.
%endif %endif
%patch227 -p1 -b .locale-debug %patch227 -p1 -b .locale-debug
%patch228 -p1 -b .disable-openh264-download %patch228 -p1 -b .disable-openh264-download
%patch229 -p1 -b .firefox-nss-addon-hack
%patch402 -p1 -b .1196777 %patch402 -p1 -b .1196777
%patch407 -p1 -b .1667096 %patch407 -p1 -b .1667096
@ -1022,6 +1024,9 @@ gtk-update-icon-cache %{_datadir}/icons/hicolor &>/dev/null || :
#--------------------------------------------------------------------- #---------------------------------------------------------------------
%changelog %changelog
* Mon Jan 11 2021 Martin Stransky <stransky@redhat.com> - 84.0.2-2
- Added a workaround for rhbz#1908018
* Wed Jan 6 2021 Martin Stransky <stransky@redhat.com> - 84.0.2-1 * Wed Jan 6 2021 Martin Stransky <stransky@redhat.com> - 84.0.2-1
- Updated to 84.0.2 - Updated to 84.0.2