From e923020b291dda8fd0c1193147db115adce48f85 Mon Sep 17 00:00:00 2001
From: Jan Horak <jhorak@redhat.com>
Date: Tue, 25 Mar 2025 15:03:56 +0100
Subject: [PATCH] Added workaround from RHEL-71999

Related: RHEL-84207
---
 firefox.spec                  |  2 ++
 rhbz-71999-fips-youtube.patch | 43 +++++++++++++++++++++++++++++++++++
 2 files changed, 45 insertions(+)
 create mode 100644 rhbz-71999-fips-youtube.patch

diff --git a/firefox.spec b/firefox.spec
index 700526b..6382208 100644
--- a/firefox.spec
+++ b/firefox.spec
@@ -247,6 +247,7 @@ Patch12:        firefox-system-nss-replace-xyber-with-mlkem.patch
 # Enabled vsync cause the black screen when running in Kiosk mode
 # This will be fixed in Firefox 140
 Patch13:        disable-vsync-for-kiosk.patch
+Patch14:        rhbz-71999-fips-youtube.patch
 
 # -- Upstreamed patches --
 Patch51:       mozilla-bmo1170092.patch
@@ -1226,6 +1227,7 @@ echo "--------------------------------------------"
 %patch -P12 -p1 -b .system-nss-replace-xyber-with-mlkem
 %endif
 %patch -P13 -p1 -b .kiosk-vsync
+%patch -P14 -p1 -b .rhbz-71999-fips-youtube
 
 # We need to create the wasi.patch with the correct path to the wasm libclang_rt.
 %if %{with_wasi_sdk}
diff --git a/rhbz-71999-fips-youtube.patch b/rhbz-71999-fips-youtube.patch
new file mode 100644
index 0000000..5d53eed
--- /dev/null
+++ b/rhbz-71999-fips-youtube.patch
@@ -0,0 +1,43 @@
+changeset:   781221:573380ae60a7
+tag:         tip
+user:        stransky <stransky@redhat.com>
+date:        Mon Mar 24 10:13:50 2025 +0100
+files:       dom/cache/CacheStorage.cpp dom/indexedDB/ActorsParent.cpp
+description:
+FIPS-youtube
+
+
+diff --git a/dom/cache/CacheStorage.cpp b/dom/cache/CacheStorage.cpp
+--- a/dom/cache/CacheStorage.cpp
++++ b/dom/cache/CacheStorage.cpp
+@@ -38,6 +38,7 @@
+ #include "nsURLParsers.h"
+ #include "js/Object.h"              // JS::GetClass
+ #include "js/PropertyAndElement.h"  // JS_DefineProperty
++#include "pk11pub.h"
+ 
+ namespace mozilla::dom::cache {
+ 
+@@ -581,7 +582,7 @@ bool CacheStorage::HasStorageAccess(UseC
+     if (!principal->IsSystemPrincipal() &&
+         principal->GetPrivateBrowsingId() !=
+             nsIScriptSecurityManager::DEFAULT_PRIVATE_BROWSING_ID &&
+-        !StaticPrefs::dom_cache_privateBrowsing_enabled()) {
++        (!StaticPrefs::dom_cache_privateBrowsing_enabled() || PK11_IsFIPS())) {
+       return false;
+     }
+   }
+diff --git a/dom/indexedDB/ActorsParent.cpp b/dom/indexedDB/ActorsParent.cpp
+--- a/dom/indexedDB/ActorsParent.cpp
++++ b/dom/indexedDB/ActorsParent.cpp
+@@ -14791,7 +14791,8 @@ nsresult FactoryOp::Open() {
+     mEnforcingQuota = mPersistenceType != PERSISTENCE_TYPE_PERSISTENT;
+ 
+     if (mOriginMetadata.mIsPrivate) {
+-      if (StaticPrefs::dom_indexedDB_privateBrowsing_enabled()) {
++      if (StaticPrefs::dom_indexedDB_privateBrowsing_enabled() &&
++          !PK11_IsFIPS()) {
+         // Explicitly disallow moz-extension urls from using the encrypted
+         // indexedDB storage mode when the caller is an extension (see Bug
+         // 1841806).
+