From 4a7fc8fe1f0f165928dce745cb7b92b2cc432f2e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=BCrgen=20Buchm=C3=BCller?= Date: Mon, 30 Jan 2017 20:05:14 +0100 Subject: [PATCH] icecat: fix issues with nss-3.28.1/ECDSA and ICU --- .../patches/fix-ecdh_keybits_min_224.patch | 15 +++++++++++++ .../icecat/patches/fix-icu_uvernum_h.patch | 22 +++++++++++++++++++ srcpkgs/icecat/template | 2 +- 3 files changed, 38 insertions(+), 1 deletion(-) create mode 100644 srcpkgs/icecat/patches/fix-ecdh_keybits_min_224.patch create mode 100644 srcpkgs/icecat/patches/fix-icu_uvernum_h.patch diff --git a/srcpkgs/icecat/patches/fix-ecdh_keybits_min_224.patch b/srcpkgs/icecat/patches/fix-ecdh_keybits_min_224.patch new file mode 100644 index 0000000000..93549a8c9b --- /dev/null +++ b/srcpkgs/icecat/patches/fix-ecdh_keybits_min_224.patch @@ -0,0 +1,15 @@ +Fix for nss-3.28.1: ECDH keybits minimum is 224 + +--- netwerk/protocol/http/Http2Session.cpp 2016-12-01 23:44:09.000000000 +0100 ++++ netwerk/protocol/http/Http2Session.cpp 2017-01-30 20:00:34.461035226 +0100 +@@ -3521,8 +3521,8 @@ + LOG3(("Http2Session::ConfirmTLSProfile %p FAILED due to DH %d < 2048\n", + this, keybits)); + RETURN_SESSION_ERROR(this, INADEQUATE_SECURITY); +- } else if (kea == ssl_kea_ecdh && keybits < 256) { // 256 bits is "security level" of 128 +- LOG3(("Http2Session::ConfirmTLSProfile %p FAILED due to ECDH %d < 256\n", ++ } else if (kea == ssl_kea_ecdh && keybits < 224) { // see rfc7540 9.2.1. ++ LOG3(("Http2Session::ConfirmTLSProfile %p FAILED due to ECDH %d < 224\n", + this, keybits)); + RETURN_SESSION_ERROR(this, INADEQUATE_SECURITY); + } diff --git a/srcpkgs/icecat/patches/fix-icu_uvernum_h.patch b/srcpkgs/icecat/patches/fix-icu_uvernum_h.patch new file mode 100644 index 0000000000..b127e407c7 --- /dev/null +++ b/srcpkgs/icecat/patches/fix-icu_uvernum_h.patch @@ -0,0 +1,22 @@ +--- configure 2017-01-30 20:32:27.180891101 +0100 ++++ configure 2017-01-30 20:33:26.306913219 +0100 +@@ -30305,7 +30305,7 @@ + fi + fi + +- version=`sed -n 's/^[:space:]*#[[:space:]]*define[[:space:]][[:space:]]*U_ICU_VERSION_MAJOR_NUM[[:space:]][[:space:]]*\([0-9][0-9]*\)[[:space:]]*$/\1/p' "$icudir/common/unicode/uvernum.h"` ++ version=`sed -n 's/^[[:space:]]*#[[:space:]]*define[[:space:]][[:space:]]*U_ICU_VERSION_MAJOR_NUM[[:space:]][[:space:]]*\([0-9][0-9]*\)[[:space:]]*$/\1/p' "$icudir/common/unicode/uvernum.h"` + if test x"$version" = x; then + { echo "configure: error: cannot determine icu version number from uvernum.h header file $lineno" 1>&2; echo "configure: error: cannot determine icu version number from uvernum.h header file $lineno" 1>&5; exit 1; } + fi +--- js/src/configure 2017-01-30 20:32:26.304890774 +0100 ++++ js/src/configure 2017-01-30 20:34:52.391945615 +0100 +@@ -15906,7 +15906,7 @@ + fi + fi + +- version=`sed -n 's/^[:space:]*#[[:space:]]*define[[:space:]][[:space:]]*U_ICU_VERSION_MAJOR_NUM[[:space:]][[:space:]]*\([0-9][0-9]*\)[[:space:]]*$/\1/p' "$icudir/common/unicode/uvernum.h"` ++ version=`sed -n 's/^[[:space:]]*#[[:space:]]*define[[:space:]][[:space:]]*U_ICU_VERSION_MAJOR_NUM[[:space:]][[:space:]]*\([0-9][0-9]*\)[[:space:]]*$/\1/p' "$icudir/common/unicode/uvernum.h"` + if test x"$version" = x; then + { echo "configure: error: cannot determine icu version number from uvernum.h header file $lineno" 1>&2; echo "configure: error: cannot determine icu version number from uvernum.h header file $lineno" 1>&5; exit 1; } + fi diff --git a/srcpkgs/icecat/template b/srcpkgs/icecat/template index fe7fdb12b8..bfa1ea1a18 100644 --- a/srcpkgs/icecat/template +++ b/srcpkgs/icecat/template @@ -1,7 +1,7 @@ # Template build file for 'icecat'. pkgname=icecat version=45.5.1 -revision=2 +revision=3 short_desc="GNU version of the Firefox browser" maintainer="Jürgen Buchmüller " homepage="https://www.gnu.org/software/${pkgname}/"