diff --git a/MozillaFirefox.changes b/MozillaFirefox.changes index 914c8cc..5e66782 100644 --- a/MozillaFirefox.changes +++ b/MozillaFirefox.changes @@ -1,3 +1,10 @@ +------------------------------------------------------------------- +Wed Mar 25 07:30:39 UTC 2020 - Marcus Meissner + +- mozilla-sandbox-fips.patch: allow /proc/sys/crypto/fips_enabled + to be read, as openssl 1.1.1 FIPS aborts if it cannot access it + (bsc#1167132) + ------------------------------------------------------------------- Sat Mar 7 08:51:06 UTC 2020 - Wolfgang Rosenauer diff --git a/MozillaFirefox.spec b/MozillaFirefox.spec index f14498f..5ea3955 100644 --- a/MozillaFirefox.spec +++ b/MozillaFirefox.spec @@ -169,6 +169,7 @@ Patch2: mozilla-kde.patch Patch3: mozilla-ntlm-full-path.patch Patch4: mozilla-aarch64-startup-crash.patch Patch5: mozilla-bmo1463035.patch +Patch6: mozilla-sandbox-fips.patch Patch7: mozilla-fix-aarch64-libopus.patch Patch8: mozilla-disable-wasm-emulate-arm-unaligned-fp-access.patch Patch9: mozilla-s390-context.patch @@ -302,6 +303,7 @@ cd $RPM_BUILD_DIR/%{srcname}-%{orig_version} %patch3 -p1 %patch4 -p1 %patch5 -p1 +%patch6 -p1 %patch7 -p1 %patch8 -p1 %patch9 -p1 diff --git a/mozilla-sandbox-fips.patch b/mozilla-sandbox-fips.patch new file mode 100644 index 0000000..b442676 --- /dev/null +++ b/mozilla-sandbox-fips.patch @@ -0,0 +1,16 @@ +From: meissner@suse.com +Subject: allow Firefox to access addtional process information +Reference: http://bugzilla.suse.com/show_bug.cgi?id=1167132 + +Index: firefox-74.0/security/sandbox/linux/broker/SandboxBrokerPolicyFactory.cpp +=================================================================== +--- firefox-74.0.orig/security/sandbox/linux/broker/SandboxBrokerPolicyFactory.cpp ++++ firefox-74.0/security/sandbox/linux/broker/SandboxBrokerPolicyFactory.cpp +@@ -276,6 +276,7 @@ SandboxBrokerPolicyFactory::SandboxBroke + + // Read permissions + policy->AddPath(rdonly, "/dev/urandom"); ++ policy->AddPath(rdonly, "/proc/sys/crypto/fips_enabled"); + policy->AddPath(rdonly, "/proc/cpuinfo"); + policy->AddPath(rdonly, "/proc/meminfo"); + policy->AddDir(rdonly, "/sys/devices/cpu");