Re: heads up: nss 3.59 breaks firefox add-ons

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 12/15/20 5:09 PM, Adam Williamson wrote:

On Tue, 2020-12-15 at 22:38 +0100, Alexander Ploumistos wrote:

On Tue, Dec 15, 2020 at 9:04 PM Alexander Ploumistos
<alex.ploumistos@xxxxxxxxx> wrote:


On Tue, Dec 15, 2020 at 8:17 PM Kevin Fenzi <kevin@xxxxxxxxx> wrote:


If you upgrade in f33 or rawhide to nss 3.59, all your firefox add-ons
will stop working. Worse they will appear corrupted, so you will have to
remove them and re-install them (after downgrading nss).


I'm running firefox 83.0-13.fc33.x86_64 with nss 3.59.0-2.fc33
installed since it hit my local updates-testing mirror and all my
add-ons are looking good.


So, I spoke too soon. I just got notified that one of my add-ons is
misbehaving and it has been disabled. I'm still on the same session I
was when I sent the previous message, nothing was installed or updated
in the meantime. Is this bug time-based or something?


You didn't answer the question whether you had restarted Firefox since
installing the new nss.

Either way, probably Firefox is doing a periodic check of installed
add-ons and that fails whenever it happens now. The issue is they're
signed with SHA-1 certs, but nss is now not accepting SHA-1 per the
current system-wide policy.


Since there is no great way for end-users to motivate the various add-on creators to update their certs, this sounds like a serious problem.

For now I've put an exclude in my dnf.conf to prevent any nss upgrades, but that is also not a great solution, for obvious reasons.  Perhaps there will have to be a way for end-users to override the check for critical add-ons.  Hopefully the add-on creators will eventually switch certs, but that could take a very long time.

	Steve
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Users]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]

  Powered by Linux