commit mozilla-nss for openSUSE:Factory

Source-Sync Mon, 27 May 2024 02:45:59 -0700

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package mozilla-nss for openSUSE:Factory 
checked in at 2024-05-27 11:44:37
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/mozilla-nss (Old)
 and      /work/SRC/openSUSE:Factory/.mozilla-nss.new.24587 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


Package is "mozilla-nss"

Mon May 27 11:44:37 2024 rev:218 rq:1176701 version:3.100

Changes:
--------
--- /work/SRC/openSUSE:Factory/mozilla-nss/mozilla-nss.changes  2024-05-16 
17:13:57.733284232 +0200
+++ /work/SRC/openSUSE:Factory/.mozilla-nss.new.24587/mozilla-nss.changes       
2024-05-27 11:45:05.802135889 +0200
@@ -1,0 +2,8 @@
+Fri May 24 08:12:08 UTC 2024 - Martin Sirringhaus <martin.sirringh...@suse.com>
+
+- Adding nss-fips-bsc1223724.patch to fix startup crash of Firefox
+  when using FIPS-mode (bsc#1223724).
+- Added "Provides: nss" so other RPMs that require 'nss' can
+  be installed (jira PED-6358).
+
+-------------------------------------------------------------------

New:
----
  nss-fips-bsc1223724.patch

BETA DEBUG BEGIN:
  New:
- Adding nss-fips-bsc1223724.patch to fix startup crash of Firefox
  when using FIPS-mode (bsc#1223724).
BETA DEBUG END:

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ mozilla-nss.spec ++++++
--- /var/tmp/diff_new_pack.2WylZp/_old  2024-05-27 11:45:13.082402608 +0200
+++ /var/tmp/diff_new_pack.2WylZp/_new  2024-05-27 11:45:13.086402754 +0200
@@ -80,6 +80,7 @@
 Patch47:        nss-fips-pct-pubkeys.patch
 Patch48:        nss-fips-test.patch
 Patch49:        nss-allow-slow-tests-s390x.patch
+Patch50:        nss-fips-bsc1223724.patch
 %if 0%{?sle_version} >= 120000 && 0%{?sle_version} < 150000
 # aarch64 + gcc4.8 fails to build on SLE-12 due to undefined references
 BuildRequires:  gcc9-c++
@@ -107,6 +108,7 @@
 %else
 Requires:       libnssckbi.so
 %endif
+Provides:       nss = %{version}
 %ifnarch %sparc
 %if ! 0%{?qemu_user_space_build}
 %define run_testsuite 1
@@ -242,6 +244,7 @@
 # slow test on s390x, permit more time
 %patch -P 49 -p1
 %endif
+%patch -P 50 -p1
 
 # additional CA certificates
 #cd security/nss/lib/ckfw/builtins



++++++ nss-fips-bsc1223724.patch ++++++
Index: nss/lib/pk11wrap/pk11skey.c
===================================================================
--- nss.orig/lib/pk11wrap/pk11skey.c
+++ nss/lib/pk11wrap/pk11skey.c
@@ -520,6 +520,14 @@ PK11_ImportDataKey(PK11SlotInfo *slot, C
     CK_OBJECT_HANDLE handle;
     PK11GenericObject *genObject;
 
+    // Using HTTP3, Firefox runs via neqo that doesn't log in before calling 
into
+    // this function. So we try to log in here (and ignore failures) in case 
of FIPS.
+    // Also, no need to also load certificates, we only create a new object 
and we
+    // have to be logged in for that.
+    if (PK11_IsFIPS()) {
+        PK11_Authenticate(slot, PR_FALSE, wincx);
+    }
+
     genObject = PK11_CreateGenericObject(slot, template, 
PR_ARRAY_SIZE(template), PR_FALSE);
     if (genObject == NULL) {
         return NULL;

commit mozilla-nss for openSUSE:Factory

Reply via email to