[opensuse] firefox ESR 17 broken with latest updates on 42.1
With these installed, Google works normally: i | ca-certificates-mozilla | package | 2.7-7.1 | noarch | Update i | mozilla-nspr | package | 4.12-1.1 | x86_64 | Mozilla i | mozilla-nss | package | 3.26.2-1.1 | x86_64 | Mozilla i | mozilla-nss-certs | package | 3.26.2-1.1 | x86_64 | Mozilla i | firefox-esr | package | 17.0.11-1.33 | x86_64 | MozillaLegacy With these, "secure connection failed. The key does not support the requested operation. (Error code: sec_error_invalid_key)" trying to access Google: i | ca-certificates-mozilla | package | 2.7-7.1 | noarch | Update i | mozilla-nspr | package | 4.13.1-2.1 | x86_64 | Mozilla (or Mozilla131) i | mozilla-nss | package | 3.28.1-2.1 | x86_64 | Mozilla (or Mozilla131) i | mozilla-nss-certs| package | 3.28.1-2.1 | x86_64 | Mozilla (or Mozilla131) i | firefox-esr | package | 17.0.11-1.34 | x86_64 | MozillaLegacy Does a bug need to be filed to enable continuing to use esr17 for Google? -- "The wise are known for their understanding, and pleasant words are persuasive." Proverbs 16:21 (New Living Translation) Team OS/2 ** Reg. Linux User #211409 ** a11y rocks! Felix Miata *** http://fm.no-ip.com/ -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
In data sabato 21 gennaio 2017 04:03:13, Felix Miata ha scritto:
With these installed, Google works normally:
Does a bug need to be filed to enable continuing to use esr17 for Google?
Don't you think this question would belong to factory? Just a guess (because of the audience) -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Hi, NSS 3.28.1 triggers a bug in Firefox which was hiding since ages there. I'm a bit surprised that it affects also ESR17 though. http://www.mail-archive.com/dev-tech-crypto@lists.mozilla.org/msg12737.html Now it seems that the only way to fix it would be to backport the fix to ESR17. But it's certainly not my focus to maintain ESR17 which is stone old and insecure by definition. Feel free to do an SR with a patch to the package though. Otherwise I cannot tell you right now if and when I find the time to look after that. Wolfgang Am 21.01.2017 um 10:03 schrieb Felix Miata:
With these installed, Google works normally: i | ca-certificates-mozilla | package | 2.7-7.1 | noarch | Update i | mozilla-nspr | package | 4.12-1.1 | x86_64 | Mozilla i | mozilla-nss | package | 3.26.2-1.1 | x86_64 | Mozilla i | mozilla-nss-certs | package | 3.26.2-1.1 | x86_64 | Mozilla i | firefox-esr | package | 17.0.11-1.33 | x86_64 | MozillaLegacy
With these, "secure connection failed. The key does not support the requested operation. (Error code: sec_error_invalid_key)" trying to access Google: i | ca-certificates-mozilla | package | 2.7-7.1 | noarch | Update i | mozilla-nspr | package | 4.13.1-2.1 | x86_64 | Mozilla (or Mozilla131) i | mozilla-nss | package | 3.28.1-2.1 | x86_64 | Mozilla (or Mozilla131) i | mozilla-nss-certs| package | 3.28.1-2.1 | x86_64 | Mozilla (or Mozilla131) i | firefox-esr | package | 17.0.11-1.34 | x86_64 | MozillaLegacy
Does a bug need to be filed to enable continuing to use esr17 for Google?
-- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Wolfgang Rosenauer composed on 2017-01-21 10:10 (UTC+0100):
Felix Miata:
With these installed, Google works normally: i | ca-certificates-mozilla | package | 2.7-7.1 | noarch | Update i | mozilla-nspr | package | 4.12-1.1 | x86_64 | Mozilla i | mozilla-nss | package | 3.26.2-1.1 | x86_64 | Mozilla i | mozilla-nss-certs | package | 3.26.2-1.1 | x86_64 | Mozilla i | firefox-esr | package | 17.0.11-1.33 | x86_64 | MozillaLegacy
With these, "secure connection failed. The key does not support the requested operation. (Error code: sec_error_invalid_key)" trying to access Google: i | ca-certificates-mozilla | package | 2.7-7.1 | noarch | Update i | mozilla-nspr | package | 4.13.1-2.1 | x86_64 | Mozilla (or Mozilla131) i | mozilla-nss | package | 3.28.1-2.1 | x86_64 | Mozilla (or Mozilla131) i | mozilla-nss-certs| package | 3.28.1-2.1 | x86_64 | Mozilla (or Mozilla131) i | firefox-esr | package | 17.0.11-1.34 | x86_64 | MozillaLegacy
Does a bug need to be filed to enable continuing to use esr17 for Google?
NSS 3.28.1 triggers a bug in Firefox which was hiding since ages there. I'm a bit surprised that it affects also ESR17 though. http://www.mail-archive.com/dev-tech-crypto@lists.mozilla.org/msg12737.html
Now it seems that the only way to fix it would be to backport the fix to ESR17. But it's certainly not my focus to maintain ESR17 which is stone old and insecure by definition.
True about age and security, but at 41% the package size of 50.1 it lacks unappreciated bloat and "improvements" in newer versions, so is useful nevertheless when used alongside newer SeaMonkey, Qupzilla and Firefox releases.
Feel free to do an SR with a patch to the package though.
I don't build anything or know what SR means, and have no knowledge of, time or interest in building.
Otherwise I cannot tell you right now if and when I find the time to look after that.
The bug occurs with openSUSE's esr17 rpm, but not with Mozilla.org's esr17, and so far, only with .34 and not .33. Sorry I forgot to try or mention before posting. Mozilla.org's provided .bz2 build doesn't seem to care about the nss version, so unless and until openSUSE's rpm gets a fix I can use Mozilla's. Have all the package version increments of esr17 been incorporating stealth bug fixes? I see nothing in the changelog for .34, last entry almost 3 years ago. esr17 is the only zilla I install from openSUSE repos. All other builds I run are Mozilla.org .bz2s. And to avoid wontfixed https://bugzilla.mozilla.org/show_bug.cgi?id=1269274 in 42.2+ I have to lock down GTK3 to 42.1's 3.16 version. -- "The wise are known for their understanding, and pleasant words are persuasive." Proverbs 16:21 (New Living Translation) Team OS/2 ** Reg. Linux User #211409 ** a11y rocks! Felix Miata *** http://fm.no-ip.com/ -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Wolfgang Rosenauer wrote:
NSS 3.28.1 triggers a bug in Firefox which was hiding since ages there. I'm a bit surprised that it affects also ESR17 though. http://www.mail-archive.com/dev-tech-crypto@lists.mozilla.org/msg12737.html
Now it seems that the only way to fix it would be to backport the fix to ESR17. But it's certainly not my focus to maintain ESR17 which is stone old and insecure by definition. Feel free to do an SR with a patch to the package though. Otherwise I cannot tell you right now if and when I find the time to look after that. A patch for Firefox 50.1 should be available soon in mozilla_Factory repository.
See https://build.opensuse.org/package/view_file/mozilla:Factory/MozillaFirefox/... Greetings, Björn -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
participants (4)
-
Bjoern Voigt -
Felix Miata -
stakanov -
Wolfgang Rosenauer