diff options
| author | André Fabian Silva Delgado <emulatorman@parabola.nu> | 2017-01-29 20:07:02 -0300 |
|---|---|---|
| committer | André Fabian Silva Delgado <emulatorman@parabola.nu> | 2017-01-29 20:12:23 -0300 |
| commit | dfebd7cd734ab06c7a651efc941ef5acbcef7578 (patch) | |
| tree | 0e40227a939d037c6ce1bb2a24e5732247b21145 /nonprism/icedove | |
| parent | 2ccde3a522d626fc0055fedb0145f7b5c985fb73 (diff) | |
| download | abslibre-dfebd7cd734ab06c7a651efc941ef5acbcef7578.tar.gz abslibre-dfebd7cd734ab06c7a651efc941ef5acbcef7578.tar.bz2 abslibre-dfebd7cd734ab06c7a651efc941ef5acbcef7578.zip | |
icedove-1:45.6.0.deb3-2{,.nonprism1}: apply patch for NSS 3.28
Diffstat (limited to 'nonprism/icedove')
| -rw-r--r-- | nonprism/icedove/PKGBUILD | 7 | ||||
| -rw-r--r-- | nonprism/icedove/nss-3.28.patch | 35 |
2 files changed, 41 insertions, 1 deletions
diff --git a/nonprism/icedove/PKGBUILD b/nonprism/icedove/PKGBUILD index d69a23ca3..6f14d983a 100644 --- a/nonprism/icedove/PKGBUILD +++ b/nonprism/icedove/PKGBUILD @@ -17,7 +17,7 @@ _pkgname=thunderbird pkgname=icedove epoch=1 pkgver=$_debver.$_debrel -pkgrel=1.nonprism1 +pkgrel=2.nonprism1 pkgdesc="A libre version of Debian Icedove, the standalone mail and news reader based on Mozilla Thunderbird, without support for unsafe and dangerous for privacy protocols" arch=(i686 x86_64 armv7h) @@ -39,6 +39,7 @@ source=("$_debrepo/`debfile $_debname`_$_debver.orig.tar.xz" $pkgname.desktop changing-the-default-search-engine.patch firefox-gcc-6.0.patch mozilla-1228540.patch mozilla-1228540-1.patch + nss-3.28.patch vendor.js fix-missing-files.patch no-neon.patch @@ -53,6 +54,7 @@ sha256sums=('b2cbd20c78476b9b7ba7624d8e12e6e593b5c60f79488feae2c07d2163618b9d' '4d1e1ddabc9e975ed39f49e134559a29e01cd49439e358233f1ede43bf5a52bf' '3a3e84c702ee31450a3e84698441aceb11cf44e64c9fedcaddb8cb50db759417' 'd1ccbaf0973615c57f7893355e5cd3a89efb4e91071d0ec376e429b50cf6ed19' + '87fb92e45f161d47b9e3ca31bcce60555bc33d633116dab4baa3bfba6ad965c4' '058b58074368b57acf8a6df9a9ffac848b7d7b39f5abd84cb2039bcee42b73e2' '294a2cc7b0477ad285af10ac2a04b767cabec07f03b23da23014bda71caea510' '59f40d8b2480aa67bf76f4f119826b6828a6a59cc040caf1ab5a6e19eef44c6e' @@ -137,6 +139,9 @@ prepare() { patch -d mozilla -Np1 < ../mozilla-1228540.patch patch -d mozilla -Np1 < ../mozilla-1228540-1.patch + # Update minimum bits in H2 (needed for NSS 3.28) + patch -d mozilla -Np1 < ../nss-3.28.patch + cp -v "$srcdir/mozconfig" .mozconfig mkdir "$srcdir/path" diff --git a/nonprism/icedove/nss-3.28.patch b/nonprism/icedove/nss-3.28.patch new file mode 100644 index 000000000..92c1376ae --- /dev/null +++ b/nonprism/icedove/nss-3.28.patch @@ -0,0 +1,35 @@ + +# HG changeset patch +# User Franziskus Kiefer <franziskuskiefer@gmail.com> +# Date 1469717280 -7200 +# Node ID 361ac226da2a83516db8d4e4c5b41a69b3ba754f +# Parent 5d5d3ef04f3f77bb95616f56c129256a89f57831 +Bug 1290037 - Update keybits in H2, r=mt + +MozReview-Commit-ID: 35oWoDMqe1Y + +diff --git a/netwerk/protocol/http/Http2Session.cpp b/netwerk/protocol/http/Http2Session.cpp +--- a/netwerk/protocol/http/Http2Session.cpp ++++ b/netwerk/protocol/http/Http2Session.cpp +@@ -3544,18 +3544,18 @@ Http2Session::ConfirmTLSProfile() + RETURN_SESSION_ERROR(this, INADEQUATE_SECURITY); + } + + uint32_t keybits = ssl->GetKEAKeyBits(); + if (kea == ssl_kea_dh && keybits < 2048) { + LOG3(("Http2Session::ConfirmTLSProfile %p FAILED due to DH %d < 2048\n", + this, keybits)); + RETURN_SESSION_ERROR(this, INADEQUATE_SECURITY); +- } else if (kea == ssl_kea_ecdh && keybits < 256) { // 256 bits is "security level" of 128 +- LOG3(("Http2Session::ConfirmTLSProfile %p FAILED due to ECDH %d < 256\n", ++ } else if (kea == ssl_kea_ecdh && keybits < 224) { // see rfc7540 9.2.1. ++ LOG3(("Http2Session::ConfirmTLSProfile %p FAILED due to ECDH %d < 224\n", + this, keybits)); + RETURN_SESSION_ERROR(this, INADEQUATE_SECURITY); + } + + int16_t macAlgorithm = ssl->GetMACAlgorithmUsed(); + LOG3(("Http2Session::ConfirmTLSProfile %p MAC Algortihm (aead==6) %d\n", + this, macAlgorithm)); + if (macAlgorithm != nsISSLSocketControl::SSL_MAC_AEAD) { + |