rpms/firefox
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Resolves: #1935623 Fixing failed addon install because of disabled sha1 algorithm

Browse Source
This commit is contained in:
Jan Horak 2021-04-27 16:35:14 +02:00
parent 96aa03110b
commit ed35847078
2 changed files with 26 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
firefox-nss-addon-hack.patch Normal file
View File

@ -0,0 +1,19 @@
diff -up firefox-84.0.2/security/certverifier/NSSCertDBTrustDomain.cpp.nss-hack firefox-84.0.2/security/certverifier/NSSCertDBTrustDomain.cpp
--- firefox-84.0.2/security/certverifier/NSSCertDBTrustDomain.cpp.nss-hack 2021-01-11 12:12:02.585514543 +0100
+++ firefox-84.0.2/security/certverifier/NSSCertDBTrustDomain.cpp 2021-01-11 12:47:50.345984582 +0100
@@ -1619,6 +1619,15 @@ SECStatus InitializeNSS(const nsACString
return srv;
}
+ /* Sets the NSS_USE_ALG_IN_ANY_SIGNATURE bit.
+ * does not change NSS_USE_ALG_IN_CERT_SIGNATURE,
+ * so policy will still disable use of sha1 in
+ * certificate related signature processing. */
+ srv = NSS_SetAlgorithmPolicy(SEC_OID_SHA1, NSS_USE_ALG_IN_ANY_SIGNATURE, 0);
+ if (srv != SECSuccess) {
+ NS_WARNING("Unable to use SHA1 for Add-ons, expect broken/disabled Add-ons. See https://bugzilla.redhat.com/show_bug.cgi?id=1908018 for details.");
+ }
+
if (nssDbConfig == NSSDBConfig::ReadWrite) {
UniquePK11SlotInfo slot(PK11_GetInternalKeySlot());
if (!slot) {

8
firefox.spec
View File

@ -198,7 +198,7 @@
Summary: Mozilla Firefox Web browser Summary: Mozilla Firefox Web browser
Name: firefox Name: firefox
Version: 78.8.0 Version: 78.8.0
Release: 5%{?dist} Release: 6%{?dist}
URL: https://www.mozilla.org/firefox/ URL: https://www.mozilla.org/firefox/
License: MPLv1.1 or GPLv2+ or LGPLv2+ License: MPLv1.1 or GPLv2+ or LGPLv2+
%if 0%{?rhel} == 7 %if 0%{?rhel} == 7
@ -267,6 +267,7 @@ Patch232: firefox-rhel6-hugepage.patch
Patch233: firefox-rhel6-nss-tls1.3.patch Patch233: firefox-rhel6-nss-tls1.3.patch
Patch234: rhbz-1821418.patch Patch234: rhbz-1821418.patch
Patch235: firefox-pipewire-0-3.patch Patch235: firefox-pipewire-0-3.patch
Patch236: firefox-nss-addon-hack.patch
# Upstream patches # Upstream patches
Patch402: mozilla-1196777.patch Patch402: mozilla-1196777.patch
@ -601,10 +602,12 @@ sed -ie 's|/usr/include|/app/include|' %_sourcedir/firefox-pipewire-0-3.patch
%if 0%{?rhel} >= 8 %if 0%{?rhel} >= 8
%if 0%{?rhel_minor_version} >= 3 %if 0%{?rhel_minor_version} >= 3
%patch235 -p1 -b .pipewire-0-3 %patch235 -p1 -b .pipewire-0-3
%else %else
%patch231 -p1 -b .pipewire %patch231 -p1 -b .pipewire
%endif %endif
%endif %endif
%patch236 -p1 -b .firefox-nss-addon-hack
%patch234 -p1 -b .rhbz-1821418 %patch234 -p1 -b .rhbz-1821418
@ -1591,6 +1594,9 @@ gtk-update-icon-cache %{_datadir}/icons/hicolor &>/dev/null || :
#--------------------------------------------------------------------- #---------------------------------------------------------------------
%changelog %changelog
* Tue Apr 27 2021 Jan Horak <jhorak@redhat.com> - 78.8.0-6
- Added patch for SHA-1 support for the addons
* Thu Apr 15 2021 Mohan Boddu <mboddu@redhat.com> - 78.8.0-5 * Thu Apr 15 2021 Mohan Boddu <mboddu@redhat.com> - 78.8.0-5
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937 - Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937