Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package mozilla-nss for openSUSE:Factory checked in at 2024-05-27 11:44:37 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/mozilla-nss (Old) and /work/SRC/openSUSE:Factory/.mozilla-nss.new.24587 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "mozilla-nss" Mon May 27 11:44:37 2024 rev:218 rq:1176701 version:3.100 Changes: -------- --- /work/SRC/openSUSE:Factory/mozilla-nss/mozilla-nss.changes 2024-05-16 17:13:57.733284232 +0200 +++ /work/SRC/openSUSE:Factory/.mozilla-nss.new.24587/mozilla-nss.changes 2024-05-27 11:45:05.802135889 +0200 @@ -1,0 +2,8 @@ +Fri May 24 08:12:08 UTC 2024 - Martin Sirringhaus <[email protected]> + +- Adding nss-fips-bsc1223724.patch to fix startup crash of Firefox + when using FIPS-mode (bsc#1223724). +- Added "Provides: nss" so other RPMs that require 'nss' can + be installed (jira PED-6358). + +------------------------------------------------------------------- New: ---- nss-fips-bsc1223724.patch BETA DEBUG BEGIN: New: - Adding nss-fips-bsc1223724.patch to fix startup crash of Firefox when using FIPS-mode (bsc#1223724). BETA DEBUG END: ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ mozilla-nss.spec ++++++ --- /var/tmp/diff_new_pack.2WylZp/_old 2024-05-27 11:45:13.082402608 +0200 +++ /var/tmp/diff_new_pack.2WylZp/_new 2024-05-27 11:45:13.086402754 +0200 @@ -80,6 +80,7 @@ Patch47: nss-fips-pct-pubkeys.patch Patch48: nss-fips-test.patch Patch49: nss-allow-slow-tests-s390x.patch +Patch50: nss-fips-bsc1223724.patch %if 0%{?sle_version} >= 120000 && 0%{?sle_version} < 150000 # aarch64 + gcc4.8 fails to build on SLE-12 due to undefined references BuildRequires: gcc9-c++ @@ -107,6 +108,7 @@ %else Requires: libnssckbi.so %endif +Provides: nss = %{version} %ifnarch %sparc %if ! 0%{?qemu_user_space_build} %define run_testsuite 1 @@ -242,6 +244,7 @@ # slow test on s390x, permit more time %patch -P 49 -p1 %endif +%patch -P 50 -p1 # additional CA certificates #cd security/nss/lib/ckfw/builtins ++++++ nss-fips-bsc1223724.patch ++++++ Index: nss/lib/pk11wrap/pk11skey.c =================================================================== --- nss.orig/lib/pk11wrap/pk11skey.c +++ nss/lib/pk11wrap/pk11skey.c @@ -520,6 +520,14 @@ PK11_ImportDataKey(PK11SlotInfo *slot, C CK_OBJECT_HANDLE handle; PK11GenericObject *genObject; + // Using HTTP3, Firefox runs via neqo that doesn't log in before calling into + // this function. So we try to log in here (and ignore failures) in case of FIPS. + // Also, no need to also load certificates, we only create a new object and we + // have to be logged in for that. + if (PK11_IsFIPS()) { + PK11_Authenticate(slot, PR_FALSE, wincx); + } + genObject = PK11_CreateGenericObject(slot, template, PR_ARRAY_SIZE(template), PR_FALSE); if (genObject == NULL) { return NULL;
