Re: heads up: nss 3.59 breaks firefox add-ons

Tue, 15 Dec 2020 14:59:49 -0800 

On 12/15/20 5:09 PM, Adam Williamson wrote:

On Tue, 2020-12-15 at 22:38 +0100, Alexander Ploumistos wrote:

On Tue, Dec 15, 2020 at 9:04 PM Alexander Ploumistos
<alex.ploumis...@gmail.com> wrote:


On Tue, Dec 15, 2020 at 8:17 PM Kevin Fenzi <ke...@scrye.com> wrote:


If you upgrade in f33 or rawhide to nss 3.59, all your firefox add-ons
will stop working. Worse they will appear corrupted, so you will have to
remove them and re-install them (after downgrading nss).


I'm running firefox 83.0-13.fc33.x86_64 with nss 3.59.0-2.fc33
installed since it hit my local updates-testing mirror and all my
add-ons are looking good.


So, I spoke too soon. I just got notified that one of my add-ons is
misbehaving and it has been disabled. I'm still on the same session I
was when I sent the previous message, nothing was installed or updated
in the meantime. Is this bug time-based or something?


You didn't answer the question whether you had restarted Firefox since
installing the new nss.

Either way, probably Firefox is doing a periodic check of installed
add-ons and that fails whenever it happens now. The issue is they're
signed with SHA-1 certs, but nss is now not accepting SHA-1 per the
current system-wide policy.


Since there is no great way for end-users to motivate the various add-on 
creators to update their certs, this sounds like a serious problem.

For now I've put an exclude in my dnf.conf to prevent any nss upgrades, but 
that is also not a great solution, for obvious reasons.  Perhaps there will 
have to be a way for end-users to override the check for critical add-ons.  
Hopefully the add-on creators will eventually switch certs, but that could take 
a very long time.

        Steve
_______________________________________________
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org






















					Reply via email to