diff --git a/srcpkgs/chromium/patches/0001-Demand-for-newer-POSIX-macro.patch b/srcpkgs/chromium/patches/0001-Demand-for-newer-POSIX-macro.patch new file mode 100644 index 0000000000..22eed8105b --- /dev/null +++ b/srcpkgs/chromium/patches/0001-Demand-for-newer-POSIX-macro.patch @@ -0,0 +1,36 @@ +From 241364c6f4d44165ce2dc707b9ad141dcc880d1b Mon Sep 17 00:00:00 2001 +From: Khem Raj +Date: Sat, 27 Jun 2015 13:29:52 -0700 +Subject: [PATCH] Demand for newer POSIX macro + +Reason for change: Define _POSIX_C_SOURCE such that it demands correct +posix interfaces, netdb.h declares interfaces such as +getaddrinfo if __USE_POSIX, i.e. POSIX.1:1990 or later. +However, these interfaces were new in the 2001 edition of POSIX +therefore ask for Extension from POSIX.1:2001 since we use addrinfo +structure here. + +Change-Id: Icb1c92745d1a0ca958108ae80c270c630628729e +Signed-off-by: Khem Raj +Reviewed-on: https://boringssl-review.googlesource.com/5253 +Reviewed-by: Adam Langley +--- + crypto/bio/socket_helper.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/crypto/bio/socket_helper.c b/crypto/bio/socket_helper.c +index b1cdd1a..481278f 100644 +--- crypto/bio/socket_helper.c ++++ crypto/bio/socket_helper.c +@@ -12,7 +12,7 @@ + * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN + * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ + +-#define _POSIX_SOURCE ++#define _POSIX_C_SOURCE 200112L + + #include + #include +-- +2.5.0 + diff --git a/srcpkgs/chromium/patches/0001-NSS-reject-DH-groups-smaller-than-1024-bits.patch b/srcpkgs/chromium/patches/0001-NSS-reject-DH-groups-smaller-than-1024-bits.patch new file mode 100644 index 0000000000..9057aac89d --- /dev/null +++ b/srcpkgs/chromium/patches/0001-NSS-reject-DH-groups-smaller-than-1024-bits.patch @@ -0,0 +1,33 @@ +From 1da1e686a87ad9f95d26786d2b53a1a4c280189f Mon Sep 17 00:00:00 2001 +From: agl +Date: Wed, 20 May 2015 13:20:29 -0700 +Subject: [PATCH] NSS: reject DH groups smaller than 1024 bits. + +Since some platforms are still using NSS for now, this change mirrors https://boringssl-review.googlesource.com/#/c/4813/ in NSS. + +BUG=490240 + +Review URL: https://codereview.chromium.org/1143303002 + +Cr-Commit-Position: refs/heads/master@{#330791} +--- + net/third_party/nss/ssl/ssl3con.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/net/third_party/nss/ssl/ssl3con.c b/net/third_party/nss/ssl/ssl3con.c +index 89c98ea..861d434 100644 +--- net/third_party/nss/ssl/ssl3con.c ++++ net/third_party/nss/ssl/ssl3con.c +@@ -6946,7 +6946,8 @@ ssl3_HandleServerKeyExchange(sslSocket *ss, SSL3Opaque *b, PRUint32 length) + if (rv != SECSuccess) { + goto loser; /* malformed. */ + } +- if (dh_p.len < 512/8) { ++ if (dh_p.len < 1024/8 || ++ (dh_p.len == 1024/8 && (dh_p.data[0] & 0x80) == 0)) { + errCode = SSL_ERROR_WEAK_SERVER_EPHEMERAL_DH_KEY; + goto alert_loser; + } +-- +2.4.2 + diff --git a/srcpkgs/chromium/patches/0001-Use-the-correct-URL-for-ERR_SSL_WEAK_SERVER_EPHEMERA.patch b/srcpkgs/chromium/patches/0001-Use-the-correct-URL-for-ERR_SSL_WEAK_SERVER_EPHEMERA.patch new file mode 100644 index 0000000000..d3fb8f12a1 --- /dev/null +++ b/srcpkgs/chromium/patches/0001-Use-the-correct-URL-for-ERR_SSL_WEAK_SERVER_EPHEMERA.patch @@ -0,0 +1,32 @@ +From aa9abe7692a3ee99b69811594938d97cb180351e Mon Sep 17 00:00:00 2001 +From: avi +Date: Wed, 20 May 2015 13:57:17 -0700 +Subject: [PATCH] Use the correct URL for ERR_SSL_WEAK_SERVER_EPHEMERAL_DH_KEY + errors. + +BUG=490260,490240 +TEST=as in bug + +Review URL: https://codereview.chromium.org/1148943002 + +Cr-Commit-Position: refs/heads/master@{#330799} +--- + chrome/common/localized_error.cc | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/chrome/common/localized_error.cc b/chrome/common/localized_error.cc +index 0c4ad43..1ea56b1 100644 +--- chrome/common/localized_error.cc ++++ chrome/common/localized_error.cc +@@ -49,7 +49,7 @@ namespace { + static const char kRedirectLoopLearnMoreUrl[] = + "https://www.google.com/support/chrome/bin/answer.py?answer=95626"; + static const char kWeakDHKeyLearnMoreUrl[] = +- "http://sites.google.com/a/chromium.org/dev/" ++ "https://www.chromium.org/administrators/" + "err_ssl_weak_server_ephemeral_dh_key"; + #if defined(OS_CHROMEOS) + static const char kAppWarningLearnMoreUrl[] = +-- +2.4.2 +