rpms/firefox
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Resolves: #2013247 Added fix for failing addons signatures.

Browse Source
This commit is contained in:
Jan Horak 2021-12-13 11:01:06 +01:00
parent 634a48fd8a
commit fc86aa8ab8
2 changed files with 25 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
firefox-nss-addon-hack.patch Normal file
View File

@ -0,0 +1,19 @@
diff -up firefox-84.0.2/security/certverifier/NSSCertDBTrustDomain.cpp.nss-hack firefox-84.0.2/security/certverifier/NSSCertDBTrustDomain.cpp
--- firefox-84.0.2/security/certverifier/NSSCertDBTrustDomain.cpp.nss-hack 2021-01-11 12:12:02.585514543 +0100
+++ firefox-84.0.2/security/certverifier/NSSCertDBTrustDomain.cpp 2021-01-11 12:47:50.345984582 +0100
@@ -1619,6 +1619,15 @@ SECStatus InitializeNSS(const nsACString
return srv;
}
+ /* Sets the NSS_USE_ALG_IN_ANY_SIGNATURE bit.
+ * does not change NSS_USE_ALG_IN_CERT_SIGNATURE,
+ * so policy will still disable use of sha1 in
+ * certificate related signature processing. */
+ srv = NSS_SetAlgorithmPolicy(SEC_OID_SHA1, NSS_USE_ALG_IN_ANY_SIGNATURE, 0);
+ if (srv != SECSuccess) {
+ NS_WARNING("Unable to use SHA1 for Add-ons, expect broken/disabled Add-ons. See https://bugzilla.redhat.com/show_bug.cgi?id=1908018 for details.");
+ }
+
if (nssDbConfig == NSSDBConfig::ReadWrite) {
UniquePK11SlotInfo slot(PK11_GetInternalKeySlot());
if (!slot) {

7
firefox.spec
View File

@ -129,7 +129,7 @@ end}
Summary: Mozilla Firefox Web browser Summary: Mozilla Firefox Web browser
Name: firefox Name: firefox
Version: 91.4.0 Version: 91.4.0
Release: 1%{?dist} Release: 2%{?dist}
URL: https://www.mozilla.org/firefox/ URL: https://www.mozilla.org/firefox/
License: MPLv1.1 or GPLv2+ or LGPLv2+ License: MPLv1.1 or GPLv2+ or LGPLv2+
%if 0%{?rhel} == 9 %if 0%{?rhel} == 9
@ -184,6 +184,7 @@ Patch6: build-nss-version.patch
Patch215: firefox-enable-addons.patch Patch215: firefox-enable-addons.patch
Patch219: rhbz-1173156.patch Patch219: rhbz-1173156.patch
Patch224: mozilla-1170092.patch Patch224: mozilla-1170092.patch
Patch225: firefox-nss-addon-hack.patch
# Upstream patches # Upstream patches
@ -424,6 +425,7 @@ echo "use_rustts %{?use_rustts}"
%patch215 -p1 -b .addons %patch215 -p1 -b .addons
%patch219 -p1 -b .rhbz-1173156 %patch219 -p1 -b .rhbz-1173156
%patch224 -p1 -b .1170092 %patch224 -p1 -b .1170092
%patch225 -p1 -b .firefox-nss-addon-hack
# Patch for big endian platforms only # Patch for big endian platforms only
%if 0%{?big_endian} %if 0%{?big_endian}
@ -1247,6 +1249,9 @@ gtk-update-icon-cache %{_datadir}/icons/hicolor &>/dev/null || :
#--------------------------------------------------------------------- #---------------------------------------------------------------------
%changelog %changelog
* Mon Dec 13 2021 Jan Horak <jhorak@redhat.com> - 91.4.0-2
- Added fix for failing addons signatures.
* Wed Dec 01 2021 Eike Rathke <erack@redhat.com> - 91.4.0-1 * Wed Dec 01 2021 Eike Rathke <erack@redhat.com> - 91.4.0-1
- Update to 91.4.0 build1 - Update to 91.4.0 build1