From 7b9720c95dc0db45f1727d0372cfb8cd2074828b Mon Sep 17 00:00:00 2001 From: André Fabian Silva Delgado Date: Mon, 28 Dec 2015 12:59:37 -0300 Subject: icecat-38.5.2_gnu1-1: updating version --- libre/icecat/PKGBUILD | 17 ++--- .../icecat/disable-crypto-hardening-settings.patch | 74 ++++++++++++++++++++++ ...disable-general-crypto-hardening-settings.patch | 52 --------------- 3 files changed, 83 insertions(+), 60 deletions(-) create mode 100644 libre/icecat/disable-crypto-hardening-settings.patch delete mode 100644 libre/icecat/disable-general-crypto-hardening-settings.patch diff --git a/libre/icecat/PKGBUILD b/libre/icecat/PKGBUILD index 1811c254c..52e32de8c 100644 --- a/libre/icecat/PKGBUILD +++ b/libre/icecat/PKGBUILD @@ -13,7 +13,7 @@ _pgo=true pkgname=icecat -_pkgver=38.5.0-gnu1 +_pkgver=38.5.2-gnu1 pkgver=${_pkgver//-/_} pkgrel=1 @@ -33,7 +33,7 @@ optdepends=('networkmanager: Location detection via available WiFi networks' url="http://www.gnu.org/software/gnuzilla/" install=$pkgname.install #source=(http://ftp.gnu.org/gnu/gnuzilla/${_pkgver%-*}/$pkgname-$_pkgver.tar.bz2{,.sig} -source=(http://jenkins.trisquel.info/$pkgname/$pkgname-$_pkgver.tar.bz2 +source=(http://jenkins.trisquel.info/$pkgname/binaries/$pkgname-$_pkgver.tar.bz2{,.sig} mozconfig libre.patch gnu_headshadow.png @@ -42,8 +42,9 @@ source=(http://jenkins.trisquel.info/$pkgname/$pkgname-$_pkgver.tar.bz2 vendor.js $pkgname-fixed-loading-icon.png remove-google-play-services-support.patch - disable-general-crypto-hardening-settings.patch) -sha256sums=('c266acbc54c364f32a5e56f997f21a2cbbf95fd76ea53452e8026629a9bb5f1f' + disable-crypto-hardening-settings.patch) +sha256sums=('8f99b9cb966404665085f87f1d532a22f3b0d422bfb49eb8f202b40c96ef2854' + 'SKIP' '33a8cf07373c63a0bea70ec2c3983d2cca990752c0f946cb5dbd91f1e2b6410f' 'dd173c9283babb8a04bf55274de05e823161f7d13adb8c5e21dd5a9c0dc549a2' '93e3001ce152e1d142619e215a9ef07dd429943b99d21726c25da9ceb31e31cd' @@ -52,8 +53,8 @@ sha256sums=('c266acbc54c364f32a5e56f997f21a2cbbf95fd76ea53452e8026629a9bb5f1f' '977aa49b940f1da049cefa2878a63ac6669a78e63e9d55bb11db7b8f8fb64c33' '68e3a5b47c6d175cc95b98b069a15205f027cab83af9e075818d38610feb6213' '9e651b0f7e7d9d663e8b24077d52bad15f011871747743aff60d6e2d7a45ae5b' - 'bec42e12cca826d9b60dfd6176eebad2604cac97152f8bb7c03893642bc86a3d') -#validpgpkeys=('A57369A8BABC2542B5A0368C3C76EED7D7E04784') # Ruben Rodriguez + 'bcd351d97e99f9a71ff5f44e29037f5451617378527801e32de514ff30583476') +validpgpkeys=('A57369A8BABC2542B5A0368C3C76EED7D7E04784') # Ruben Rodriguez prepare() { export GNU_BUILD="gnuzilla-release" @@ -92,10 +93,10 @@ prepare() { cp "$srcdir/$pkgname-fixed-loading-icon.png" \ browser/themes/linux/tabbrowser/loading.png - # Disable general crypto hardening settings for now + # Disable crypto hardening settings for now # https://lists.parabola.nu/pipermail/assist/2015-October/000534.html # https://labs.parabola.nu/issues/842 - patch -Np1 -i "$srcdir/disable-general-crypto-hardening-settings.patch" + patch -Np1 -i "$srcdir/disable-crypto-hardening-settings.patch" } build() { diff --git a/libre/icecat/disable-crypto-hardening-settings.patch b/libre/icecat/disable-crypto-hardening-settings.patch new file mode 100644 index 000000000..77517c6d0 --- /dev/null +++ b/libre/icecat/disable-crypto-hardening-settings.patch @@ -0,0 +1,74 @@ +diff -Nur icecat-38.5.2.orig/browser/app/profile/icecat.js icecat-38.5.2/browser/app/profile/icecat.js +--- icecat-38.5.2.orig/browser/app/profile/icecat.js 2015-12-24 18:24:09.000000000 -0300 ++++ icecat-38.5.2/browser/app/profile/icecat.js 2015-12-28 16:06:00.046009585 -0300 +@@ -2047,20 +2047,20 @@ + // Crypto hardening + // https://gist.github.com/haasn/69e19fc2fe0e25f3cff5 + //General settings +-pref("security.tls.unrestricted_rc4_fallback", false); +-pref("security.tls.insecure_fallback_hosts.use_static_list", false); +-pref("security.tls.version.min", 1); +-pref("security.ssl.require_safe_negotiation", true); +-pref("security.ssl.treat_unsafe_negotiation_as_broken", true); +-pref("security.ssl3.rsa_seed_sha", true); +-pref("security.OCSP.enabled", 1); +-pref("security.OCSP.require", true); ++//pref("security.tls.unrestricted_rc4_fallback", false); ++//pref("security.tls.insecure_fallback_hosts.use_static_list", false); ++//pref("security.tls.version.min", 1); ++//pref("security.ssl.require_safe_negotiation", true); ++//pref("security.ssl.treat_unsafe_negotiation_as_broken", true); ++//pref("security.ssl3.rsa_seed_sha", true); ++//pref("security.OCSP.enabled", 1); ++//pref("security.OCSP.require", true); + //Disable unnecessary protocols +-pref("security.ssl3.rsa_rc4_128_sha", false); +-pref("security.ssl3.rsa_rc4_128_md5", false); +-pref("security.ssl3.rsa_des_ede3_sha", false); +-pref("security.ssl3.ecdhe_ecdsa_rc4_128_sha", false); +-pref("security.ssl3.ecdhe_rsa_rc4_128_sha", false); ++//pref("security.ssl3.rsa_rc4_128_sha", false); ++//pref("security.ssl3.rsa_rc4_128_md5", false); ++//pref("security.ssl3.rsa_des_ede3_sha", false); ++//pref("security.ssl3.ecdhe_ecdsa_rc4_128_sha", false); ++//pref("security.ssl3.ecdhe_rsa_rc4_128_sha", false); + // https://directory.fsf.org/wiki/Disable_DHE + // Avoid logjam attack + pref("security.ssl3.dhe_rsa_aes_128_sha", false); +diff -Nur icecat-38.5.2.orig/mobile/android/app/mobile.js icecat-38.5.2/mobile/android/app/mobile.js +--- icecat-38.5.2.orig/mobile/android/app/mobile.js 2015-12-24 18:24:09.000000000 -0300 ++++ icecat-38.5.2/mobile/android/app/mobile.js 2015-12-28 16:06:32.144427580 -0300 +@@ -1009,20 +1009,20 @@ + // Crypto hardening + // https://gist.github.com/haasn/69e19fc2fe0e25f3cff5 + //General settings +-pref("security.tls.unrestricted_rc4_fallback", false); +-pref("security.tls.insecure_fallback_hosts.use_static_list", false); +-pref("security.tls.version.min", 1); +-pref("security.ssl.require_safe_negotiation", true); +-pref("security.ssl.treat_unsafe_negotiation_as_broken", true); +-pref("security.ssl3.rsa_seed_sha", true); +-pref("security.OCSP.enabled", 1); +-pref("security.OCSP.require", true); ++//pref("security.tls.unrestricted_rc4_fallback", false); ++//pref("security.tls.insecure_fallback_hosts.use_static_list", false); ++//pref("security.tls.version.min", 1); ++//pref("security.ssl.require_safe_negotiation", true); ++//pref("security.ssl.treat_unsafe_negotiation_as_broken", true); ++//pref("security.ssl3.rsa_seed_sha", true); ++//pref("security.OCSP.enabled", 1); ++//pref("security.OCSP.require", true); + //Disable unnecessary protocols +-pref("security.ssl3.rsa_rc4_128_sha", false); +-pref("security.ssl3.rsa_rc4_128_md5", false); +-pref("security.ssl3.rsa_des_ede3_sha", false); +-pref("security.ssl3.ecdhe_ecdsa_rc4_128_sha", false); +-pref("security.ssl3.ecdhe_rsa_rc4_128_sha", false); ++//pref("security.ssl3.rsa_rc4_128_sha", false); ++//pref("security.ssl3.rsa_rc4_128_md5", false); ++//pref("security.ssl3.rsa_des_ede3_sha", false); ++//pref("security.ssl3.ecdhe_ecdsa_rc4_128_sha", false); ++//pref("security.ssl3.ecdhe_rsa_rc4_128_sha", false); + // https://directory.fsf.org/wiki/Disable_DHE + // Avoid logjam attack + pref("security.ssl3.dhe_rsa_aes_128_sha", false); diff --git a/libre/icecat/disable-general-crypto-hardening-settings.patch b/libre/icecat/disable-general-crypto-hardening-settings.patch deleted file mode 100644 index d84cdd2ea..000000000 --- a/libre/icecat/disable-general-crypto-hardening-settings.patch +++ /dev/null @@ -1,52 +0,0 @@ -diff -Nur icecat-38.3.0.orig/browser/app/profile/icecat.js icecat-38.3.0/browser/app/profile/icecat.js ---- icecat-38.3.0.orig/browser/app/profile/icecat.js 2015-10-12 20:42:13.000000000 -0300 -+++ icecat-38.3.0/browser/app/profile/icecat.js 2015-10-29 14:03:09.377208716 -0300 -@@ -2046,14 +2046,14 @@ - // Crypto hardening - // https://gist.github.com/haasn/69e19fc2fe0e25f3cff5 - //General settings --pref("security.tls.unrestricted_rc4_fallback", false); --pref("security.tls.insecure_fallback_hosts.use_static_list", false); --pref("security.tls.version.min", 1); --pref("security.ssl.require_safe_negotiation", true); --pref("security.ssl.treat_unsafe_negotiation_as_broken", true); --pref("security.ssl3.rsa_seed_sha", true); --pref("security.OCSP.enabled", 1); --pref("security.OCSP.require", true); -+//pref("security.tls.unrestricted_rc4_fallback", false); -+//pref("security.tls.insecure_fallback_hosts.use_static_list", false); -+//pref("security.tls.version.min", 1); -+//pref("security.ssl.require_safe_negotiation", true); -+//pref("security.ssl.treat_unsafe_negotiation_as_broken", true); -+//pref("security.ssl3.rsa_seed_sha", true); -+//pref("security.OCSP.enabled", 1); -+//pref("security.OCSP.require", true); - //Disable unnecessary protocols - pref("security.ssl3.rsa_rc4_128_sha", false); - pref("security.ssl3.rsa_rc4_128_md5", false); -diff -Nur icecat-38.3.0.orig/mobile/android/app/mobile.js icecat-38.3.0/mobile/android/app/mobile.js ---- icecat-38.3.0.orig/mobile/android/app/mobile.js 2015-10-12 20:42:14.000000000 -0300 -+++ icecat-38.3.0/mobile/android/app/mobile.js 2015-10-29 14:03:24.623133800 -0300 -@@ -1008,14 +1008,14 @@ - // Crypto hardening - // https://gist.github.com/haasn/69e19fc2fe0e25f3cff5 - //General settings --pref("security.tls.unrestricted_rc4_fallback", false); --pref("security.tls.insecure_fallback_hosts.use_static_list", false); --pref("security.tls.version.min", 1); --pref("security.ssl.require_safe_negotiation", true); --pref("security.ssl.treat_unsafe_negotiation_as_broken", true); --pref("security.ssl3.rsa_seed_sha", true); --pref("security.OCSP.enabled", 1); --pref("security.OCSP.require", true); -+//pref("security.tls.unrestricted_rc4_fallback", false); -+//pref("security.tls.insecure_fallback_hosts.use_static_list", false); -+//pref("security.tls.version.min", 1); -+//pref("security.ssl.require_safe_negotiation", true); -+//pref("security.ssl.treat_unsafe_negotiation_as_broken", true); -+//pref("security.ssl3.rsa_seed_sha", true); -+//pref("security.OCSP.enabled", 1); -+//pref("security.OCSP.require", true); - //Disable unnecessary protocols - pref("security.ssl3.rsa_rc4_128_sha", false); - pref("security.ssl3.rsa_rc4_128_md5", false); -- cgit v1.2.3