diff options
| author | Joan Figueras | 2017-03-03 19:17:32 +0100 |
|---|---|---|
| committer | Joan Figueras | 2017-03-03 19:17:32 +0100 |
| commit | 4f658ac761ff828a1d5e5f337b570268fba995e7 (patch) | |
| tree | f0fdf2d02c1dee3ffe731d0700a1d15de72c69ea | |
| parent | 4d6235bb7434ca1169a8c85d744ce439ad7155fc (diff) | |
| download | aur-4f658ac761ff828a1d5e5f337b570268fba995e7.tar.gz | |
Fix for bug 1290037 - Update keybits in H2. r=mt, a=ritu
| -rw-r--r-- | .SRCINFO | 2 | ||||
| -rw-r--r-- | PKGBUILD | 12 | ||||
| -rw-r--r-- | update_keybits_in_H2.patch | 29 |
3 files changed, 40 insertions, 3 deletions
@@ -48,6 +48,7 @@ pkgbase = icecat source = gcc6-fix-compilation-for-IceCat.patch source = firefox-gcc-6.0.patch source = icu_configure.patch + source = update_keybits_in_H2.patch validpgpkeys = A57369A8BABC2542B5A0368C3C76EED7D7E04784 sha256sums = 8163e5bc53f69d9f9b0fc5e9f95fae33da8139ae0f902756751cadbaa27e6ee9 sha256sums = SKIP @@ -58,6 +59,7 @@ pkgbase = icecat sha256sums = 329cf6753d29ae64a4336a8a76ee71f0d331a39132159401e4d11de65b708a07 sha256sums = 4d1e1ddabc9e975ed39f49e134559a29e01cd49439e358233f1ede43bf5a52bf sha256sums = ef2a7c41685f8e371d47909bf4cc071a349ef09b1421ab523c94057d85ca8f07 + sha256sums = f99424950ae7493b5814d36279f4af49e89127731fde2b7938b2c10e403796e1 pkgname = icecat @@ -9,7 +9,7 @@ pkgname=icecat pkgver=45.5.1 _pkgver=${pkgver}-gnu1 _pkgverbase=${pkgver%%.*} -pkgrel=5 +pkgrel=6 pkgdesc="GNU version of the Firefox browser." arch=(i686 x86_64) url="http://www.gnu.org/software/gnuzilla/" @@ -32,7 +32,8 @@ source=(http://ftpmirror.gnu.org/gnuzilla/${pkgver}/${pkgname}-${_pkgver}.tar.bz vendor.js gcc6-fix-compilation-for-IceCat.patch firefox-gcc-6.0.patch - icu_configure.patch) + icu_configure.patch + update_keybits_in_H2.patch) sha256sums=('8163e5bc53f69d9f9b0fc5e9f95fae33da8139ae0f902756751cadbaa27e6ee9' 'SKIP' @@ -42,7 +43,8 @@ sha256sums=('8163e5bc53f69d9f9b0fc5e9f95fae33da8139ae0f902756751cadbaa27e6ee9' '4b50e9aec03432e21b44d18c4c97b2630bace606b033f7d556c9d3e3eb0f4fa4' '329cf6753d29ae64a4336a8a76ee71f0d331a39132159401e4d11de65b708a07' '4d1e1ddabc9e975ed39f49e134559a29e01cd49439e358233f1ede43bf5a52bf' - 'ef2a7c41685f8e371d47909bf4cc071a349ef09b1421ab523c94057d85ca8f07') + 'ef2a7c41685f8e371d47909bf4cc071a349ef09b1421ab523c94057d85ca8f07' + 'f99424950ae7493b5814d36279f4af49e89127731fde2b7938b2c10e403796e1') validpgpkeys=(A57369A8BABC2542B5A0368C3C76EED7D7E04784) # Ruben Rodriguez (GNU IceCat releases key) <ruben@gnu.org> @@ -61,6 +63,10 @@ prepare() { # without fixing this, the build throws errors that it's unable to extract the icu version number from uvernum.h and aborts (Thanks jghodd) patch -Np0 -i ${srcdir}/icu_configure.patch + # Bug 1290037 - Update keybits in H2. r=mt, a=ritu + # https://hg.mozilla.org/releases/mozilla-esr45/rev/bf0dd9ae6807 - https://bbs.archlinux.org/viewtopic.php?id=222513 + patch -Np1 -i ${srcdir}/update_keybits_in_H2.patch + msg2 "Starting build..." cp -v ${srcdir}/mozconfig .mozconfig diff --git a/update_keybits_in_H2.patch b/update_keybits_in_H2.patch new file mode 100644 index 000000000000..a16ba44af79c --- /dev/null +++ b/update_keybits_in_H2.patch @@ -0,0 +1,29 @@ + +diff --git a/netwerk/protocol/http/Http2Session.cpp b/netwerk/protocol/http/Http2Session.cpp +--- a/netwerk/protocol/http/Http2Session.cpp ++++ b/netwerk/protocol/http/Http2Session.cpp +@@ -3516,18 +3516,18 @@ Http2Session::ConfirmTLSProfile() + RETURN_SESSION_ERROR(this, INADEQUATE_SECURITY); + } + + uint32_t keybits = ssl->GetKEAKeyBits(); + if (kea == ssl_kea_dh && keybits < 2048) { + LOG3(("Http2Session::ConfirmTLSProfile %p FAILED due to DH %d < 2048\n", + this, keybits)); + RETURN_SESSION_ERROR(this, INADEQUATE_SECURITY); +- } else if (kea == ssl_kea_ecdh && keybits < 256) { // 256 bits is "security level" of 128 +- LOG3(("Http2Session::ConfirmTLSProfile %p FAILED due to ECDH %d < 256\n", ++ } else if (kea == ssl_kea_ecdh && keybits < 224) { // see rfc7540 9.2.1. ++ LOG3(("Http2Session::ConfirmTLSProfile %p FAILED due to ECDH %d < 224\n", + this, keybits)); + RETURN_SESSION_ERROR(this, INADEQUATE_SECURITY); + } + + int16_t macAlgorithm = ssl->GetMACAlgorithmUsed(); + LOG3(("Http2Session::ConfirmTLSProfile %p MAC Algortihm (aead==6) %d\n", + this, macAlgorithm)); + if (macAlgorithm != nsISSLSocketControl::SSL_MAC_AEAD) { + + + + |