| |
@@ -152,7 +152,7 @@
|
| |
Summary: Mozilla Firefox Web browser
|
| |
Name: firefox
|
| |
Version: 89.0.2
|
| |
- Release: 2%{?pre_tag}%{?dist}
|
| |
+ Release: 3%{?pre_tag}%{?dist}
|
| |
URL: https://www.mozilla.org/firefox/
|
| |
License: MPLv1.1 or GPLv2+ or LGPLv2+
|
| |
Source0: https://archive.mozilla.org/pub/firefox/releases/%{version}%{?pre_version}/source/firefox-%{version}%{?pre_version}.source.tar.xz
|
| |
@@ -921,6 +921,17 @@
|
| |
rm -f %{buildroot}%{mozappdirdev}/sdk/lib/libmozjs.so
|
| |
rm -f %{buildroot}%{mozappdirdev}/sdk/lib/libmozalloc.so
|
| |
rm -f %{buildroot}%{mozappdirdev}/sdk/lib/libxul.so
|
| |
+
|
| |
+ # Create a symlink to replace libnssckbi.so with p11-kit-client.so
|
| |
+ # instead of p11-kit-trust.so, so that Firefox can see the system
|
| |
+ # trust store on the host through the p11-kit RPC protocol. A symlink
|
| |
+ # to libnss3.so is also needed, because Firefox tries to load
|
| |
+ # libnssckbi.so from the same directory where libnss3.so is loaded (as
|
| |
+ # of Firefox 89).
|
| |
+ %if 0%{?flatpak}
|
| |
+ ln -sf /usr/lib64/libnss3.so %{buildroot}%{_libdir}/libnss3.so
|
| |
+ ln -sf /usr/lib64/pkcs11/p11-kit-client.so %{buildroot}%{_libdir}/libnssckbi.so
|
| |
+ %endif
|
| |
#---------------------------------------------------------------------
|
| |
|
| |
# Moves defaults/preferences to browser/defaults/preferences
|
| |
@@ -1029,6 +1040,9 @@
|
| |
#---------------------------------------------------------------------
|
| |
|
| |
%changelog
|
| |
+ * Mon Jul 12 2021 Daiki Ueno <dueno@redhat.com> - 89.0.2-3
|
| |
+ - flatpak: Enable loading system trust store on the host (rhbz#1766340)
|
| |
+
|
| |
* Wed Jun 30 2021 Martin Stransky <stransky@redhat.com> - 89.0.2-2
|
| |
- Added fix for mozbz#1715254 (rhbz#1976892).
|
| |
|
| |
This directs the libnssckbi.so symlink to p11-kit-client.so, instead
of p11-kit-trust.so, so Firefox flatpak can access the system trust
store on the host. Since the /usr filesystem is read-only, this
creates the link in /app/lib64, which is added to LD_LIBRARY_PATH
inside flatpak. A symlink to libnss3.so also needs to be created in
the same directory, to trick the directory search order in
ListPossibleLoadableRootsLocations:
https://hg.mozilla.org/mozilla-central/file/8e850fd29a957f505e0355c1326279e06e9040bb/security/manager/ssl/nsNSSComponent.cpp#l970
Signed-off-by: Daiki Ueno dueno@redhat.com