FS#64401 - [p11-kit][nss] drop custom patch
Attached to Project:
Arch Linux
Opened by loqs (loqs) - Tuesday, 05 November 2019, 20:06 GMT
Last edited by Jan Alexander Steffens (heftig) - Friday, 24 January 2020, 21:57 GMT
Opened by loqs (loqs) - Tuesday, 05 November 2019, 20:06 GMT
Last edited by Jan Alexander Steffens (heftig) - Friday, 24 January 2020, 21:57 GMT
|
Details
Description:
Arch ships a patch to address [1]. This is no longer need due to p11-kit [3] and nss [4] supporting CKA_NSS_MOZILLA_CA_POLICY which is what firefox now checks for [5]. Coincidentally use of this patch is a factor in triggering MITM detection in firefox [6]. Additional info: * p11-kit 0.23.18.1-1 * nss 3.47-1 * [1] https://bugs.freedesktop.org/show_bug.cgi?id=66161 * [2] https://bugs.freedesktop.org/show_bug.cgi?id=99453 * [3] https://github.com/p11-glue/p11-kit/pull/46 * [4] https://bugzilla.mozilla.org/show_bug.cgi?id=1334976 * [5] https://bugzilla.mozilla.org/show_bug.cgi?id=880269 * [6] https://bbs.archlinux.org/viewtopic.php?pid=1871363#p1871363 |
This task depends upon
Closed by Jan Alexander Steffens (heftig)
Friday, 24 January 2020, 21:57 GMT
Reason for closing: Fixed
Additional comments about closing: p11-kit 0.23.19-2
nss 3.49.2-2
Friday, 24 January 2020, 21:57 GMT
Reason for closing: Fixed
Additional comments about closing: p11-kit 0.23.19-2
nss 3.49.2-2
https://bugzilla.redhat.com/show_bug.cgi?id=1752303
https://github.com/clearlinux/distribution/issues/1006
If it is not a factor in cert validation failure issues I would have expected removing the patch should not reduce the incidence of the issue triggering from roughly 50% to zero.