Accepting request 788017 from home:msmeissn:branches:mozilla:Factory

- firefox-fips.patch: allow /proc/sys/crypto/fips_enabled to be read, as openssl 1.1.1 
  FIPS aborts if it cannot access it (bsc#1167132)

OBS-URL: https://build.opensuse.org/request/show/788017
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=813

MozillaFirefox.changes

@@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Wed Mar 25 07:30:39 UTC 2020 - Marcus Meissner <meissner@suse.com>
+
+- firefox-fips.patch: allow /proc/sys/crypto/fips_enabled to be read, as openssl 1.1.1 
+  FIPS aborts if it cannot access it (bsc#1167132)
+
 -------------------------------------------------------------------
 Sat Mar  7 08:51:06 UTC 2020 - Wolfgang Rosenauer <wr@rosenauer.org>
 

MozillaFirefox.spec

@@ -186,6 +186,7 @@ Patch20:        mozilla-fix-top-level-asm.patch
 Patch21:        mozilla-bmo1504834-part4.patch
 Patch22:        mozilla-bmo849632.patch
 Patch23:        mozilla-bmo1609538.patch
+Patch24:        firefox-fips.patch
 # Firefox/browser
 Patch101:       firefox-kde.patch
 Patch102:       firefox-branded-icons.patch
@@ -321,6 +322,7 @@ cd $RPM_BUILD_DIR/%{srcname}-%{orig_version}
 %patch21 -p1
 %patch22 -p1
 %patch23 -p1
+%patch24 -p1
 # Firefox
 %patch101 -p1
 %patch102 -p1

firefox-fips.patch

@@ -0,0 +1,12 @@
+Index: firefox-74.0/security/sandbox/linux/broker/SandboxBrokerPolicyFactory.cpp
+===================================================================
+--- firefox-74.0.orig/security/sandbox/linux/broker/SandboxBrokerPolicyFactory.cpp
++++ firefox-74.0/security/sandbox/linux/broker/SandboxBrokerPolicyFactory.cpp
+@@ -276,6 +276,7 @@ SandboxBrokerPolicyFactory::SandboxBroke
+ 
+   // Read permissions
+   policy->AddPath(rdonly, "/dev/urandom");
++  policy->AddPath(rdonly, "/proc/sys/crypto/fips_enabled");
+   policy->AddPath(rdonly, "/proc/cpuinfo");
+   policy->AddPath(rdonly, "/proc/meminfo");
+   policy->AddDir(rdonly, "/sys/devices/cpu");