diff options
| author | Martin Stransky <stransky@redhat.com> | 2021-01-11 13:35:55 +0100 |
|---|---|---|
| committer | Martin Stransky <stransky@redhat.com> | 2021-01-11 13:35:55 +0100 |
| commit | d4a7089f0cca8d642dbc21d57233f34ede50bf56 (patch) | |
| tree | 67a3e9ba1a20c466b6e5d3b0da83368884441a9a /firefox-nss-addon-hack.patch | |
| parent | Temporary disable tests on rahide/arm/i686 due to failures (diff) | |
| download | librewolf-fedora-ff-d4a7089f0cca8d642dbc21d57233f34ede50bf56.tar.gz librewolf-fedora-ff-d4a7089f0cca8d642dbc21d57233f34ede50bf56.tar.bz2 librewolf-fedora-ff-d4a7089f0cca8d642dbc21d57233f34ede50bf56.zip | |
Added a workaround for rhbz#1908018
Diffstat (limited to 'firefox-nss-addon-hack.patch')
| -rw-r--r-- | firefox-nss-addon-hack.patch | 19 |
1 files changed, 19 insertions, 0 deletions
diff --git a/firefox-nss-addon-hack.patch b/firefox-nss-addon-hack.patch new file mode 100644 index 0000000..0322707 --- /dev/null +++ b/firefox-nss-addon-hack.patch @@ -0,0 +1,19 @@ +diff -up firefox-84.0.2/security/certverifier/NSSCertDBTrustDomain.cpp.nss-hack firefox-84.0.2/security/certverifier/NSSCertDBTrustDomain.cpp
+--- firefox-84.0.2/security/certverifier/NSSCertDBTrustDomain.cpp.nss-hack 2021-01-11 12:12:02.585514543 +0100
++++ firefox-84.0.2/security/certverifier/NSSCertDBTrustDomain.cpp 2021-01-11 12:47:50.345984582 +0100
+@@ -1619,6 +1619,15 @@ SECStatus InitializeNSS(const nsACString
+ return srv;
+ }
+
++ /* Sets the NSS_USE_ALG_IN_ANY_SIGNATURE bit.
++ * does not change NSS_USE_ALG_IN_CERT_SIGNATURE,
++ * so policy will still disable use of sha1 in
++ * certificate related signature processing. */
++ srv = NSS_SetAlgorithmPolicy(SEC_OID_SHA1, NSS_USE_ALG_IN_ANY_SIGNATURE, 0);
++ if (srv != SECSuccess) {
++ NS_WARNING("Unable to use SHA1 for Add-ons, expect broken/disabled Add-ons. See https://bugzilla.redhat.com/show_bug.cgi?id=1908018 for details.");
++ }
++
+ if (nssDbConfig == NSSDBConfig::ReadWrite) {
+ UniquePK11SlotInfo slot(PK11_GetInternalKeySlot());
+ if (!slot) {
|