[arch-commits] Commit in chromium/trunk (3 files)
Evangelos Foutras
foutrelis at archlinux.org
Tue Jun 23 05:15:23 UTC 2015
Date: Tuesday, June 23, 2015 @ 07:15:23
Author: foutrelis
Revision: 241220
upgpkg: chromium 43.0.2357.130-1
New upstream release.
Added:
chromium/trunk/0001-NSS-reject-DH-groups-smaller-than-1024-bits.patch
chromium/trunk/0001-Use-the-correct-URL-for-ERR_SSL_WEAK_SERVER_EPHEMERA.patch
Modified:
chromium/trunk/PKGBUILD
-----------------------------------------------------------------+
0001-NSS-reject-DH-groups-smaller-than-1024-bits.patch | 33 ++++++++++
0001-Use-the-correct-URL-for-ERR_SSL_WEAK_SERVER_EPHEMERA.patch | 32 +++++++++
PKGBUILD | 17 +++--
3 files changed, 78 insertions(+), 4 deletions(-)
Added: 0001-NSS-reject-DH-groups-smaller-than-1024-bits.patch
===================================================================
--- 0001-NSS-reject-DH-groups-smaller-than-1024-bits.patch (rev 0)
+++ 0001-NSS-reject-DH-groups-smaller-than-1024-bits.patch 2015-06-23 05:15:23 UTC (rev 241220)
@@ -0,0 +1,33 @@
+From 1da1e686a87ad9f95d26786d2b53a1a4c280189f Mon Sep 17 00:00:00 2001
+From: agl <agl at chromium.org>
+Date: Wed, 20 May 2015 13:20:29 -0700
+Subject: [PATCH] NSS: reject DH groups smaller than 1024 bits.
+
+Since some platforms are still using NSS for now, this change mirrors https://boringssl-review.googlesource.com/#/c/4813/ in NSS.
+
+BUG=490240
+
+Review URL: https://codereview.chromium.org/1143303002
+
+Cr-Commit-Position: refs/heads/master@{#330791}
+---
+ net/third_party/nss/ssl/ssl3con.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/net/third_party/nss/ssl/ssl3con.c b/net/third_party/nss/ssl/ssl3con.c
+index 89c98ea..861d434 100644
+--- a/net/third_party/nss/ssl/ssl3con.c
++++ b/net/third_party/nss/ssl/ssl3con.c
+@@ -6946,7 +6946,8 @@ ssl3_HandleServerKeyExchange(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
+ if (rv != SECSuccess) {
+ goto loser; /* malformed. */
+ }
+- if (dh_p.len < 512/8) {
++ if (dh_p.len < 1024/8 ||
++ (dh_p.len == 1024/8 && (dh_p.data[0] & 0x80) == 0)) {
+ errCode = SSL_ERROR_WEAK_SERVER_EPHEMERAL_DH_KEY;
+ goto alert_loser;
+ }
+--
+2.4.2
+
Added: 0001-Use-the-correct-URL-for-ERR_SSL_WEAK_SERVER_EPHEMERA.patch
===================================================================
--- 0001-Use-the-correct-URL-for-ERR_SSL_WEAK_SERVER_EPHEMERA.patch (rev 0)
+++ 0001-Use-the-correct-URL-for-ERR_SSL_WEAK_SERVER_EPHEMERA.patch 2015-06-23 05:15:23 UTC (rev 241220)
@@ -0,0 +1,32 @@
+From aa9abe7692a3ee99b69811594938d97cb180351e Mon Sep 17 00:00:00 2001
+From: avi <avi at chromium.org>
+Date: Wed, 20 May 2015 13:57:17 -0700
+Subject: [PATCH] Use the correct URL for ERR_SSL_WEAK_SERVER_EPHEMERAL_DH_KEY
+ errors.
+
+BUG=490260,490240
+TEST=as in bug
+
+Review URL: https://codereview.chromium.org/1148943002
+
+Cr-Commit-Position: refs/heads/master@{#330799}
+---
+ chrome/common/localized_error.cc | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/chrome/common/localized_error.cc b/chrome/common/localized_error.cc
+index 0c4ad43..1ea56b1 100644
+--- a/chrome/common/localized_error.cc
++++ b/chrome/common/localized_error.cc
+@@ -49,7 +49,7 @@ namespace {
+ static const char kRedirectLoopLearnMoreUrl[] =
+ "https://www.google.com/support/chrome/bin/answer.py?answer=95626";
+ static const char kWeakDHKeyLearnMoreUrl[] =
+- "http://sites.google.com/a/chromium.org/dev/"
++ "https://www.chromium.org/administrators/"
+ "err_ssl_weak_server_ephemeral_dh_key";
+ #if defined(OS_CHROMEOS)
+ static const char kAppWarningLearnMoreUrl[] =
+--
+2.4.2
+
Modified: PKGBUILD
===================================================================
--- PKGBUILD 2015-06-23 04:33:01 UTC (rev 241219)
+++ PKGBUILD 2015-06-23 05:15:23 UTC (rev 241220)
@@ -5,8 +5,8 @@
# Contributor: Daniel J Griffiths <ghost1227 at archlinux.us>
pkgname=chromium
-pkgver=43.0.2357.125
-pkgrel=2
+pkgver=43.0.2357.130
+pkgrel=1
_launcher_ver=2
pkgdesc="The open-source project behind Google Chrome, an attempt at creating a safer, faster, and more stable browser"
arch=('i686' 'x86_64')
@@ -27,11 +27,15 @@
source=(https://commondatastorage.googleapis.com/chromium-browser-official/$pkgname-$pkgver.tar.xz
chromium-launcher-$_launcher_ver.tar.gz::https://github.com/foutrelis/chromium-launcher/archive/v$_launcher_ver.tar.gz
chromium.desktop
+ 0001-NSS-reject-DH-groups-smaller-than-1024-bits.patch
+ 0001-Use-the-correct-URL-for-ERR_SSL_WEAK_SERVER_EPHEMERA.patch
add-build-flag-to-disable-hotwording.patch
chromium-widevine.patch)
-sha256sums=('af1774d093f90f9ccfd7def3b2b3a8caa109274ac28d4bec0285e50f8a5a5405'
+sha256sums=('62fb55439396a5d49ba53d4377e8d2554c14c2e8a6255f07909ccee8f248002e'
'7f91c81721092d707d7b94e6555a48bc7fd0bc0e1174df4649bdcd745930e52f'
'028a748a5c275de9b8f776f97909f999a8583a4b77fd1cd600b4fc5c0c3e91e9'
+ '46daf921ed7eaab175f5a86b09357c69c33a10ffe1d4e7c24476af510c1b28d0'
+ '8fb428244be7b50268a2848a34405c5551232e5c77f9e553cfdd3103979748d2'
'3a1c589aa90c0597776d945d34638d43e2d40d93bc1962148815831a5122ac4e'
'379b746e187de28f80f5a7cd19edcfa31859656826f802a1ede054fcb6dfb221')
@@ -55,6 +59,12 @@
prepare() {
cd "$srcdir/$pkgname-$pkgver"
+ # https://code.google.com/p/chromium/issues/detail?id=490240
+ patch -Np1 -i ../0001-NSS-reject-DH-groups-smaller-than-1024-bits.patch
+
+ # https://code.google.com/p/chromium/issues/detail?id=490260
+ patch -Np1 -i ../0001-Use-the-correct-URL-for-ERR_SSL_WEAK_SERVER_EPHEMERA.patch
+
# Add build flag to disable 'Ok Google' hotwording feature
# The issue with this functionality is that it downloads a binary blob
# and that this behavior cannot be disabled if a user wishes to do so.
@@ -133,7 +143,6 @@
-Duse_system_libvpx=1
-Duse_system_libxml=0
-Duse_system_snappy=1
- -Duse_system_ssl=0
-Duse_system_xdg_utils=1
-Duse_system_yasm=1
-Duse_system_zlib=0
More information about the arch-commits
mailing list