diff options
-rw-r--r-- | firefox-nss-addon-hack.patch | 19 | ||||
-rw-r--r-- | firefox.spec | 16 | ||||
-rwxr-xr-x | run-tests-wayland | 4 |
3 files changed, 36 insertions, 3 deletions
diff --git a/firefox-nss-addon-hack.patch b/firefox-nss-addon-hack.patch new file mode 100644 index 0000000..0322707 --- /dev/null +++ b/firefox-nss-addon-hack.patch @@ -0,0 +1,19 @@ +diff -up firefox-84.0.2/security/certverifier/NSSCertDBTrustDomain.cpp.nss-hack firefox-84.0.2/security/certverifier/NSSCertDBTrustDomain.cpp
+--- firefox-84.0.2/security/certverifier/NSSCertDBTrustDomain.cpp.nss-hack 2021-01-11 12:12:02.585514543 +0100
++++ firefox-84.0.2/security/certverifier/NSSCertDBTrustDomain.cpp 2021-01-11 12:47:50.345984582 +0100
+@@ -1619,6 +1619,15 @@ SECStatus InitializeNSS(const nsACString
+ return srv;
+ }
+
++ /* Sets the NSS_USE_ALG_IN_ANY_SIGNATURE bit.
++ * does not change NSS_USE_ALG_IN_CERT_SIGNATURE,
++ * so policy will still disable use of sha1 in
++ * certificate related signature processing. */
++ srv = NSS_SetAlgorithmPolicy(SEC_OID_SHA1, NSS_USE_ALG_IN_ANY_SIGNATURE, 0);
++ if (srv != SECSuccess) {
++ NS_WARNING("Unable to use SHA1 for Add-ons, expect broken/disabled Add-ons. See https://bugzilla.redhat.com/show_bug.cgi?id=1908018 for details.");
++ }
++
+ if (nssDbConfig == NSSDBConfig::ReadWrite) {
+ UniquePK11SlotInfo slot(PK11_GetInternalKeySlot());
+ if (!slot) {
diff --git a/firefox.spec b/firefox.spec index 48d51cd..5a42d1c 100644 --- a/firefox.spec +++ b/firefox.spec @@ -4,6 +4,15 @@ %global build_with_clang 0 %global build_with_asan 0 %global run_firefox_tests 1 +# Temporary disable tests on Rawhide/arm/i686 due to failures +%if 0%{?fedora} > 33 +%ifarch armv7hl +%global run_firefox_tests 0 +%endif +%ifarch %{ix86} +%global run_firefox_tests 0 +%endif +%endif %global test_offscreen 1 %global test_on_wayland 0 %global create_debuginfo 1 @@ -131,7 +140,7 @@ ExcludeArch: s390x Summary: Mozilla Firefox Web browser Name: firefox Version: 84.0.2 -Release: 1%{?pre_tag}%{?dist} +Release: 2%{?pre_tag}%{?dist} URL: https://www.mozilla.org/firefox/ License: MPLv1.1 or GPLv2+ or LGPLv2+ Source0: https://archive.mozilla.org/pub/firefox/releases/%{version}%{?pre_version}/source/firefox-%{version}%{?pre_version}.source.tar.xz @@ -192,6 +201,7 @@ Patch224: mozilla-1170092.patch Patch226: rhbz-1354671.patch Patch227: firefox-locale-debug.patch Patch228: disable-openh264-download.patch +Patch229: firefox-nss-addon-hack.patch # Upstream patches Patch402: mozilla-1196777.patch @@ -409,6 +419,7 @@ This package contains results of tests executed during build. %endif %patch227 -p1 -b .locale-debug %patch228 -p1 -b .disable-openh264-download +%patch229 -p1 -b .firefox-nss-addon-hack %patch402 -p1 -b .1196777 %patch407 -p1 -b .1667096 @@ -1013,6 +1024,9 @@ gtk-update-icon-cache %{_datadir}/icons/hicolor &>/dev/null || : #--------------------------------------------------------------------- %changelog +* Mon Jan 11 2021 Martin Stransky <stransky@redhat.com> - 84.0.2-2 +- Added a workaround for rhbz#1908018 + * Wed Jan 6 2021 Martin Stransky <stransky@redhat.com> - 84.0.2-1 - Updated to 84.0.2 diff --git a/run-tests-wayland b/run-tests-wayland index eb42785..d1b7cdb 100755 --- a/run-tests-wayland +++ b/run-tests-wayland @@ -70,8 +70,8 @@ if [ $OFFSCREEN_TESTING -ne 0 ] ; then fi if [ $RUN_XPCSHELL_TEST -ne 0 ] ; then - ./mach xpcshell-test --sequential 2>&1 | cat - | tee $TEST_DIR/xpcshell - ./mach xpcshell-test --sequential --enable-webrender 2>&1 | cat - | tee $TEST_DIR/xpcshell-wr + ./mach xpcshell-test 2>&1 | cat - | tee $TEST_DIR/xpcshell + ./mach xpcshell-test --enable-webrender 2>&1 | cat - | tee $TEST_DIR/xpcshell-wr fi # Basic render testing |