Accepting request 1176699 from home:MSirringhaus:branches:mozilla:Factory

- Adding nss-fips-bsc1223724.patch to fix startup crash of Firefox when using FIPS-mode (bsc#1223724). - Added "Provides: nss" so other RPMs that require 'nss' can be installed (jira PED-6358). OBS-URL: https://build.opensuse.org/request/show/1176699 OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/mozilla-nss?expand=0&rev=448
2024-05-24 09:22:57 +00:00 · 2024-05-24 09:22:57 +00:00 · 4aa22f6ca2
commit 4aa22f6ca2
parent 72cb111a96
3 changed files with 30 additions and 0 deletions
--- a/mozilla-nss.changes
+++ b/mozilla-nss.changes
@ -1,3 +1,11 @@
+-------------------------------------------------------------------
+Fri May 24 08:12:08 UTC 2024 - Martin Sirringhaus <martin.sirringhaus@suse.com>
+
+- Adding nss-fips-bsc1223724.patch to fix startup crash of Firefox
+  when using FIPS-mode (bsc#1223724).
+- Added "Provides: nss" so other RPMs that require 'nss' can
+  be installed (jira PED-6358).
+
 -------------------------------------------------------------------
 Wed May  8 06:06:52 UTC 2024 - Martin Sirringhaus <martin.sirringhaus@suse.com>

--- a/mozilla-nss.spec
+++ b/mozilla-nss.spec
@ -80,6 +80,7 @@ Patch46:        nss-allow-slow-tests.patch
 Patch47:        nss-fips-pct-pubkeys.patch
 Patch48:        nss-fips-test.patch
 Patch49:        nss-allow-slow-tests-s390x.patch
+Patch50:        nss-fips-bsc1223724.patch
 %if 0%{?sle_version} >= 120000 && 0%{?sle_version} < 150000
 # aarch64 + gcc4.8 fails to build on SLE-12 due to undefined references
 BuildRequires:  gcc9-c++
@ -107,6 +108,7 @@ Requires:       libnssckbi.so()(64bit)
 %else
 Requires:       libnssckbi.so
 %endif
+Provides:       nss = %{version}
 %ifnarch %sparc
 %if ! 0%{?qemu_user_space_build}
 %define run_testsuite 1
@ -242,6 +244,7 @@ cd nss
 # slow test on s390x, permit more time
 %patch -P 49 -p1
 %endif
+%patch -P 50 -p1

 # additional CA certificates
 #cd security/nss/lib/ckfw/builtins
--- a/nss-fips-bsc1223724.patch
+++ b/nss-fips-bsc1223724.patch
@ -0,0 +1,19 @@
+Index: nss/lib/pk11wrap/pk11skey.c
+===================================================================
+--- nss.orig/lib/pk11wrap/pk11skey.c
+++ nss/lib/pk11wrap/pk11skey.c
+@@ -520,6 +520,14 @@ PK11_ImportDataKey(PK11SlotInfo *slot, C
+     CK_OBJECT_HANDLE handle;
+     PK11GenericObject *genObject;
+ 
+    // Using HTTP3, Firefox runs via neqo that doesn't log in before calling into
+    // this function. So we try to log in here (and ignore failures) in case of FIPS.
+    // Also, no need to also load certificates, we only create a new object and we
+    // have to be logged in for that.
+    if (PK11_IsFIPS()) {
+        PK11_Authenticate(slot, PR_FALSE, wincx);
+    }
+
+     genObject = PK11_CreateGenericObject(slot, template, PR_ARRAY_SIZE(template), PR_FALSE);
+     if (genObject == NULL) {
+         return NULL;