[arch-commits] Commit in thunderbird/trunk (PKGBUILD nss-3.28.patch)

Evangelos Foutras foutrelis at archlinux.org
Wed Jan 25 15:56:14 UTC 2017


    Date: Wednesday, January 25, 2017 @ 15:56:13
  Author: foutrelis
Revision: 287430

upgpkg: thunderbird 45.6.0-2

Apply patch for NSS 3.28.

Added:
  thunderbird/trunk/nss-3.28.patch
Modified:
  thunderbird/trunk/PKGBUILD

----------------+
 PKGBUILD       |   10 +++++++++-
 nss-3.28.patch |   35 +++++++++++++++++++++++++++++++++++
 2 files changed, 44 insertions(+), 1 deletion(-)

Modified: PKGBUILD
===================================================================
--- PKGBUILD	2017-01-25 15:27:54 UTC (rev 287429)
+++ PKGBUILD	2017-01-25 15:56:13 UTC (rev 287430)
@@ -7,7 +7,7 @@
 
 pkgname=thunderbird
 pkgver=45.6.0
-pkgrel=1
+pkgrel=2
 pkgdesc="Standalone mail and news reader from mozilla.org"
 arch=('i686' 'x86_64')
 license=('MPL' 'GPL' 'LGPL')
@@ -24,6 +24,7 @@
         thunderbird.desktop
         thunderbird-install-dir.patch
         firefox-gcc-6.0.patch mozilla-1228540.patch mozilla-1228540-1.patch
+        nss-3.28.patch
         vendor.js)
 sha256sums=('c32c74d69c4a2f79f120f44965525fc8197bbd39a9dac85027b2d9f74e04d8dc'
             'b884ccab9bea135600b41a2359073e637dee96dac64d22aceec4adb7fd936b23'
@@ -32,6 +33,7 @@
             '4d1e1ddabc9e975ed39f49e134559a29e01cd49439e358233f1ede43bf5a52bf'
             '3a3e84c702ee31450a3e84698441aceb11cf44e64c9fedcaddb8cb50db759417'
             'd1ccbaf0973615c57f7893355e5cd3a89efb4e91071d0ec376e429b50cf6ed19'
+            '87fb92e45f161d47b9e3ca31bcce60555bc33d633116dab4baa3bfba6ad965c4'
             'e4ea8e6788163d9f8db8f1f40023db3ea0a1358f9a4510169f2d4c4fe6a887ed')
 
 # Google API keys (see http://www.chromium.org/developers/how-tos/api-keys)
@@ -60,6 +62,12 @@
   patch -d mozilla -Np1 < ../mozilla-1228540.patch
   patch -d mozilla -Np1 < ../mozilla-1228540-1.patch
 
+  # Update minimum bits in H2 (needed for NSS 3.28)
+  patch -d mozilla -Np1 < ../nss-3.28.patch
+
+  # https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=850984
+  sed -i 's/\^\[:space:\]\*/^[[:space:]]*/' mozilla/{,js/src/}configure
+
   echo -n "$_google_api_key" >google-api-key
   echo "ac_add_options --with-google-api-keyfile=\"$PWD/google-api-key\"" >>.mozconfig
 

Added: nss-3.28.patch
===================================================================
--- nss-3.28.patch	                        (rev 0)
+++ nss-3.28.patch	2017-01-25 15:56:13 UTC (rev 287430)
@@ -0,0 +1,35 @@
+
+# HG changeset patch
+# User Franziskus Kiefer <franziskuskiefer at gmail.com>
+# Date 1469717280 -7200
+# Node ID 361ac226da2a83516db8d4e4c5b41a69b3ba754f
+# Parent  5d5d3ef04f3f77bb95616f56c129256a89f57831
+Bug 1290037 - Update keybits in H2, r=mt
+
+MozReview-Commit-ID: 35oWoDMqe1Y
+
+diff --git a/netwerk/protocol/http/Http2Session.cpp b/netwerk/protocol/http/Http2Session.cpp
+--- a/netwerk/protocol/http/Http2Session.cpp
++++ b/netwerk/protocol/http/Http2Session.cpp
+@@ -3544,18 +3544,18 @@ Http2Session::ConfirmTLSProfile()
+     RETURN_SESSION_ERROR(this, INADEQUATE_SECURITY);
+   }
+ 
+   uint32_t keybits = ssl->GetKEAKeyBits();
+   if (kea == ssl_kea_dh && keybits < 2048) {
+     LOG3(("Http2Session::ConfirmTLSProfile %p FAILED due to DH %d < 2048\n",
+           this, keybits));
+     RETURN_SESSION_ERROR(this, INADEQUATE_SECURITY);
+-  } else if (kea == ssl_kea_ecdh && keybits < 256) { // 256 bits is "security level" of 128
+-    LOG3(("Http2Session::ConfirmTLSProfile %p FAILED due to ECDH %d < 256\n",
++  } else if (kea == ssl_kea_ecdh && keybits < 224) { // see rfc7540 9.2.1.
++    LOG3(("Http2Session::ConfirmTLSProfile %p FAILED due to ECDH %d < 224\n",
+           this, keybits));
+     RETURN_SESSION_ERROR(this, INADEQUATE_SECURITY);
+   }
+ 
+   int16_t macAlgorithm = ssl->GetMACAlgorithmUsed();
+   LOG3(("Http2Session::ConfirmTLSProfile %p MAC Algortihm (aead==6) %d\n",
+         this, macAlgorithm));
+   if (macAlgorithm != nsISSLSocketControl::SSL_MAC_AEAD) {
+



More information about the arch-commits mailing list