From 9ea24798ffde8aa9f4383ce5da52111707eb09ab Mon Sep 17 00:00:00 2001 From: André Fabian Silva Delgado Date: Tue, 31 Jan 2017 03:12:50 -0300 Subject: icecat-45.5.1_gnu1-4: apply patch for NSS 3.28 --- libre/icecat/PKGBUILD | 9 +++++++-- libre/icecat/nss-3.28.patch | 35 +++++++++++++++++++++++++++++++++++ 2 files changed, 42 insertions(+), 2 deletions(-) create mode 100644 libre/icecat/nss-3.28.patch (limited to 'libre') diff --git a/libre/icecat/PKGBUILD b/libre/icecat/PKGBUILD index 566d77695..30b7b25ec 100644 --- a/libre/icecat/PKGBUILD +++ b/libre/icecat/PKGBUILD @@ -15,13 +15,13 @@ _pgo=false pkgname=icecat _pkgver=45.5.1-gnu1 pkgver=${_pkgver//-/_} -pkgrel=3 +pkgrel=4 pkgdesc="GNU IceCat, the standalone web browser based on Mozilla Firefox." arch=(i686 x86_64 armv7h) license=(MPL GPL LGPL) depends=(alsa-lib dbus-glib desktop-file-utils ffmpeg gtk2 gtk3 hicolor-icon-theme hunspell icu=58.2 libevent libvpx libxt mime-types mozilla-common nss sqlite startup-notification ttf-font) -makedepends=(diffutils gconf imake inetutils libpulse mesa mozilla-searchplugins python2 unzip yasm zip) +makedepends=(autoconf2.13 diffutils gconf imake inetutils libpulse mesa mozilla-searchplugins python2 unzip yasm zip) options=(!emptydirs !makeflags debug) if $_pgo; then makedepends+=(xorg-server-xvfb) @@ -42,6 +42,7 @@ source=(http://ftp.gnu.org/gnu/gnuzilla/${_pkgver%-*}/$pkgname-$_pkgver.tar.bz2{ firefox-gcc-6.0.patch gcc6-fix-compilation-for-IceCat.patch mozilla-1228540-1.patch + nss-3.28.patch vendor.js $pkgname-fixed-loading-icon.png no-libnotify.patch @@ -60,6 +61,7 @@ sha256sums=('8163e5bc53f69d9f9b0fc5e9f95fae33da8139ae0f902756751cadbaa27e6ee9' '4d1e1ddabc9e975ed39f49e134559a29e01cd49439e358233f1ede43bf5a52bf' '329cf6753d29ae64a4336a8a76ee71f0d331a39132159401e4d11de65b708a07' 'd1ccbaf0973615c57f7893355e5cd3a89efb4e91071d0ec376e429b50cf6ed19' + '87fb92e45f161d47b9e3ca31bcce60555bc33d633116dab4baa3bfba6ad965c4' '977aa49b940f1da049cefa2878a63ac6669a78e63e9d55bb11db7b8f8fb64c33' '68e3a5b47c6d175cc95b98b069a15205f027cab83af9e075818d38610feb6213' 'e4ebdd14096d177d264a7993dbd5df46463605ff45f783732c26d30b9caa53a7' @@ -99,6 +101,9 @@ prepare() { # Update to harfbuzz (following Icedove in [libre]) patch -Np1 -i $srcdir/mozilla-1228540-1.patch + # Update minimum bits in H2 (needed for NSS 3.28) + patch -Np1 -i $srcdir/nss-3.28.patch + # Patch and remove anything that's left patch -Np1 -i "$srcdir/libre.patch" rm -v browser/base/content/abouthome/snippet*.png || true diff --git a/libre/icecat/nss-3.28.patch b/libre/icecat/nss-3.28.patch new file mode 100644 index 000000000..92c1376ae --- /dev/null +++ b/libre/icecat/nss-3.28.patch @@ -0,0 +1,35 @@ + +# HG changeset patch +# User Franziskus Kiefer +# Date 1469717280 -7200 +# Node ID 361ac226da2a83516db8d4e4c5b41a69b3ba754f +# Parent 5d5d3ef04f3f77bb95616f56c129256a89f57831 +Bug 1290037 - Update keybits in H2, r=mt + +MozReview-Commit-ID: 35oWoDMqe1Y + +diff --git a/netwerk/protocol/http/Http2Session.cpp b/netwerk/protocol/http/Http2Session.cpp +--- a/netwerk/protocol/http/Http2Session.cpp ++++ b/netwerk/protocol/http/Http2Session.cpp +@@ -3544,18 +3544,18 @@ Http2Session::ConfirmTLSProfile() + RETURN_SESSION_ERROR(this, INADEQUATE_SECURITY); + } + + uint32_t keybits = ssl->GetKEAKeyBits(); + if (kea == ssl_kea_dh && keybits < 2048) { + LOG3(("Http2Session::ConfirmTLSProfile %p FAILED due to DH %d < 2048\n", + this, keybits)); + RETURN_SESSION_ERROR(this, INADEQUATE_SECURITY); +- } else if (kea == ssl_kea_ecdh && keybits < 256) { // 256 bits is "security level" of 128 +- LOG3(("Http2Session::ConfirmTLSProfile %p FAILED due to ECDH %d < 256\n", ++ } else if (kea == ssl_kea_ecdh && keybits < 224) { // see rfc7540 9.2.1. ++ LOG3(("Http2Session::ConfirmTLSProfile %p FAILED due to ECDH %d < 224\n", + this, keybits)); + RETURN_SESSION_ERROR(this, INADEQUATE_SECURITY); + } + + int16_t macAlgorithm = ssl->GetMACAlgorithmUsed(); + LOG3(("Http2Session::ConfirmTLSProfile %p MAC Algortihm (aead==6) %d\n", + this, macAlgorithm)); + if (macAlgorithm != nsISSLSocketControl::SSL_MAC_AEAD) { + -- cgit v1.2.3