rpms / firefox

Clone
Source Code
GIT

Blame SOURCES/firefox-nss-addon-hack.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c7-plus c8 c8-beta c8-containeronly-stream-flatpak c8-init-modify c8-init-modify2 c8s c9 c9-beta c9-containeronly-stream-flatpak
  1.   73b47ef04aedf267ba38188767bc89aed9635fcf
  2.   SOURCES
  3.   firefox-nss-addon-hack.patch
Blob History Raw
3262b1 
diff -up firefox-84.0.2/security/certverifier/NSSCertDBTrustDomain.cpp.nss-hack firefox-84.0.2/security/certverifier/NSSCertDBTrustDomain.cpp
3262b1 
--- firefox-84.0.2/security/certverifier/NSSCertDBTrustDomain.cpp.nss-hack      2021-01-11 12:12:02.585514543 +0100
3262b1 
+++ firefox-84.0.2/security/certverifier/NSSCertDBTrustDomain.cpp       2021-01-11 12:47:50.345984582 +0100
3262b1 
@@ -1619,6 +1619,15 @@ SECStatus InitializeNSS(const nsACString
3262b1 
     return srv;
3262b1 
   }
3262b1
3262b1 
+  /* Sets the NSS_USE_ALG_IN_ANY_SIGNATURE bit.
3262b1 
+   * does not change NSS_USE_ALG_IN_CERT_SIGNATURE,
3262b1 
+   * so policy will still disable use of sha1 in
3262b1 
+   * certificate related signature processing. */
3262b1 
+  srv = NSS_SetAlgorithmPolicy(SEC_OID_SHA1, NSS_USE_ALG_IN_ANY_SIGNATURE, 0);
3262b1 
+  if (srv != SECSuccess) {
3262b1 
+    NS_WARNING("Unable to use SHA1 for Add-ons, expect broken/disabled Add-ons. See https://bugzilla.redhat.com/show_bug.cgi?id=1908018 for details.");
3262b1 
+  }
3262b1 
+
3262b1 
   if (nssDbConfig == NSSDBConfig::ReadWrite) {
3262b1 
     UniquePK11SlotInfo slot(PK11_GetInternalKeySlot());
3262b1 
     if (!slot) {

Powered by Pagure 5.13.3

SSH Hostkey/Fingerprint | Documentation