diff options
-rw-r--r-- | libre/icecat/PKGBUILD | 13 | ||||
-rw-r--r-- | libre/icecat/disable-general-crypto-hardening-settings.patch | 52 |
2 files changed, 62 insertions, 3 deletions
diff --git a/libre/icecat/PKGBUILD b/libre/icecat/PKGBUILD index ba25fe111..4491f7b54 100644 --- a/libre/icecat/PKGBUILD +++ b/libre/icecat/PKGBUILD @@ -15,7 +15,7 @@ _pgo=true pkgname=icecat _pkgver=38.3.0-gnu1 pkgver=${_pkgver//-/_} -pkgrel=3 +pkgrel=4 pkgdesc="GNU IceCat, the standalone web browser based on Mozilla Firefox." arch=(i686 x86_64) @@ -43,7 +43,8 @@ source=(http://ftp.gnu.org/gnu/gnuzilla/${_pkgver%-*}/$pkgname-$_pkgver.tar.bz2{ freetype261.patch vendor.js $pkgname-fixed-loading-icon.png - remove-google-play-services-support.patch) + remove-google-play-services-support.patch + disable-general-crypto-hardening-settings.patch) sha256sums=('08fe9724a84aef2182265b230c68fa37a36a5d93ffd5118ec0739718dc71a66e' 'SKIP' '33a8cf07373c63a0bea70ec2c3983d2cca990752c0f946cb5dbd91f1e2b6410f' @@ -55,7 +56,8 @@ sha256sums=('08fe9724a84aef2182265b230c68fa37a36a5d93ffd5118ec0739718dc71a66e' 'd3796311f93328fc8494d75a2123d29e51d52c3f01ffea0977efbfbe12171809' '977aa49b940f1da049cefa2878a63ac6669a78e63e9d55bb11db7b8f8fb64c33' '68e3a5b47c6d175cc95b98b069a15205f027cab83af9e075818d38610feb6213' - '9e651b0f7e7d9d663e8b24077d52bad15f011871747743aff60d6e2d7a45ae5b') + '9e651b0f7e7d9d663e8b24077d52bad15f011871747743aff60d6e2d7a45ae5b' + 'bec42e12cca826d9b60dfd6176eebad2604cac97152f8bb7c03893642bc86a3d') validpgpkeys=('A57369A8BABC2542B5A0368C3C76EED7D7E04784') # Ruben Rodriguez prepare() { @@ -100,6 +102,11 @@ prepare() { # https://bugzilla.mozilla.org/show_bug.cgi?id=841734 cp "$srcdir/$pkgname-fixed-loading-icon.png" \ browser/themes/linux/tabbrowser/loading.png + + # Disable general crypto hardening settings for now + # https://lists.parabola.nu/pipermail/assist/2015-October/000534.html + # https://labs.parabola.nu/issues/842 + patch -Np1 -i "$srcdir/disable-general-crypto-hardening-settings.patch" } build() { diff --git a/libre/icecat/disable-general-crypto-hardening-settings.patch b/libre/icecat/disable-general-crypto-hardening-settings.patch new file mode 100644 index 000000000..d84cdd2ea --- /dev/null +++ b/libre/icecat/disable-general-crypto-hardening-settings.patch @@ -0,0 +1,52 @@ +diff -Nur icecat-38.3.0.orig/browser/app/profile/icecat.js icecat-38.3.0/browser/app/profile/icecat.js +--- icecat-38.3.0.orig/browser/app/profile/icecat.js 2015-10-12 20:42:13.000000000 -0300 ++++ icecat-38.3.0/browser/app/profile/icecat.js 2015-10-29 14:03:09.377208716 -0300 +@@ -2046,14 +2046,14 @@ + // Crypto hardening + // https://gist.github.com/haasn/69e19fc2fe0e25f3cff5 + //General settings +-pref("security.tls.unrestricted_rc4_fallback", false); +-pref("security.tls.insecure_fallback_hosts.use_static_list", false); +-pref("security.tls.version.min", 1); +-pref("security.ssl.require_safe_negotiation", true); +-pref("security.ssl.treat_unsafe_negotiation_as_broken", true); +-pref("security.ssl3.rsa_seed_sha", true); +-pref("security.OCSP.enabled", 1); +-pref("security.OCSP.require", true); ++//pref("security.tls.unrestricted_rc4_fallback", false); ++//pref("security.tls.insecure_fallback_hosts.use_static_list", false); ++//pref("security.tls.version.min", 1); ++//pref("security.ssl.require_safe_negotiation", true); ++//pref("security.ssl.treat_unsafe_negotiation_as_broken", true); ++//pref("security.ssl3.rsa_seed_sha", true); ++//pref("security.OCSP.enabled", 1); ++//pref("security.OCSP.require", true); + //Disable unnecessary protocols + pref("security.ssl3.rsa_rc4_128_sha", false); + pref("security.ssl3.rsa_rc4_128_md5", false); +diff -Nur icecat-38.3.0.orig/mobile/android/app/mobile.js icecat-38.3.0/mobile/android/app/mobile.js +--- icecat-38.3.0.orig/mobile/android/app/mobile.js 2015-10-12 20:42:14.000000000 -0300 ++++ icecat-38.3.0/mobile/android/app/mobile.js 2015-10-29 14:03:24.623133800 -0300 +@@ -1008,14 +1008,14 @@ + // Crypto hardening + // https://gist.github.com/haasn/69e19fc2fe0e25f3cff5 + //General settings +-pref("security.tls.unrestricted_rc4_fallback", false); +-pref("security.tls.insecure_fallback_hosts.use_static_list", false); +-pref("security.tls.version.min", 1); +-pref("security.ssl.require_safe_negotiation", true); +-pref("security.ssl.treat_unsafe_negotiation_as_broken", true); +-pref("security.ssl3.rsa_seed_sha", true); +-pref("security.OCSP.enabled", 1); +-pref("security.OCSP.require", true); ++//pref("security.tls.unrestricted_rc4_fallback", false); ++//pref("security.tls.insecure_fallback_hosts.use_static_list", false); ++//pref("security.tls.version.min", 1); ++//pref("security.ssl.require_safe_negotiation", true); ++//pref("security.ssl.treat_unsafe_negotiation_as_broken", true); ++//pref("security.ssl3.rsa_seed_sha", true); ++//pref("security.OCSP.enabled", 1); ++//pref("security.OCSP.require", true); + //Disable unnecessary protocols + pref("security.ssl3.rsa_rc4_128_sha", false); + pref("security.ssl3.rsa_rc4_128_md5", false); |