icecat: fix issues with nss-3.28.1/ECDSA and ICU

This commit is contained in:
Jürgen Buchmüller 2017-01-30 20:05:14 +01:00
parent 974af147fe
commit 4a7fc8fe1f
3 changed files with 38 additions and 1 deletions

View file

@ -0,0 +1,15 @@
Fix for nss-3.28.1: ECDH keybits minimum is 224
--- netwerk/protocol/http/Http2Session.cpp 2016-12-01 23:44:09.000000000 +0100
+++ netwerk/protocol/http/Http2Session.cpp 2017-01-30 20:00:34.461035226 +0100
@@ -3521,8 +3521,8 @@
LOG3(("Http2Session::ConfirmTLSProfile %p FAILED due to DH %d < 2048\n",
this, keybits));
RETURN_SESSION_ERROR(this, INADEQUATE_SECURITY);
- } else if (kea == ssl_kea_ecdh && keybits < 256) { // 256 bits is "security level" of 128
- LOG3(("Http2Session::ConfirmTLSProfile %p FAILED due to ECDH %d < 256\n",
+ } else if (kea == ssl_kea_ecdh && keybits < 224) { // see rfc7540 9.2.1.
+ LOG3(("Http2Session::ConfirmTLSProfile %p FAILED due to ECDH %d < 224\n",
this, keybits));
RETURN_SESSION_ERROR(this, INADEQUATE_SECURITY);
}

View file

@ -0,0 +1,22 @@
--- configure 2017-01-30 20:32:27.180891101 +0100
+++ configure 2017-01-30 20:33:26.306913219 +0100
@@ -30305,7 +30305,7 @@
fi
fi
- version=`sed -n 's/^[:space:]*#[[:space:]]*define[[:space:]][[:space:]]*U_ICU_VERSION_MAJOR_NUM[[:space:]][[:space:]]*\([0-9][0-9]*\)[[:space:]]*$/\1/p' "$icudir/common/unicode/uvernum.h"`
+ version=`sed -n 's/^[[:space:]]*#[[:space:]]*define[[:space:]][[:space:]]*U_ICU_VERSION_MAJOR_NUM[[:space:]][[:space:]]*\([0-9][0-9]*\)[[:space:]]*$/\1/p' "$icudir/common/unicode/uvernum.h"`
if test x"$version" = x; then
{ echo "configure: error: cannot determine icu version number from uvernum.h header file $lineno" 1>&2; echo "configure: error: cannot determine icu version number from uvernum.h header file $lineno" 1>&5; exit 1; }
fi
--- js/src/configure 2017-01-30 20:32:26.304890774 +0100
+++ js/src/configure 2017-01-30 20:34:52.391945615 +0100
@@ -15906,7 +15906,7 @@
fi
fi
- version=`sed -n 's/^[:space:]*#[[:space:]]*define[[:space:]][[:space:]]*U_ICU_VERSION_MAJOR_NUM[[:space:]][[:space:]]*\([0-9][0-9]*\)[[:space:]]*$/\1/p' "$icudir/common/unicode/uvernum.h"`
+ version=`sed -n 's/^[[:space:]]*#[[:space:]]*define[[:space:]][[:space:]]*U_ICU_VERSION_MAJOR_NUM[[:space:]][[:space:]]*\([0-9][0-9]*\)[[:space:]]*$/\1/p' "$icudir/common/unicode/uvernum.h"`
if test x"$version" = x; then
{ echo "configure: error: cannot determine icu version number from uvernum.h header file $lineno" 1>&2; echo "configure: error: cannot determine icu version number from uvernum.h header file $lineno" 1>&5; exit 1; }
fi

View file

@ -1,7 +1,7 @@
# Template build file for 'icecat'.
pkgname=icecat
version=45.5.1
revision=2
revision=3
short_desc="GNU version of the Firefox browser"
maintainer="Jürgen Buchmüller <pullmoll@t-online.de>"
homepage="https://www.gnu.org/software/${pkgname}/"