diff options
-rw-r--r-- | firefox.spec | 7 | ||||
-rw-r--r-- | mozilla-1290037.patch | 34 |
2 files changed, 40 insertions, 1 deletions
diff --git a/firefox.spec b/firefox.spec index 4089325..4a6c8b3 100644 --- a/firefox.spec +++ b/firefox.spec @@ -94,7 +94,7 @@ Summary: Mozilla Firefox Web browser Name: firefox Version: 50.1.0 -Release: 2%{?pre_tag}%{?dist} +Release: 3%{?pre_tag}%{?dist} URL: https://www.mozilla.org/firefox/ License: MPLv1.1 or GPLv2+ or LGPLv2+ Group: Applications/Internet @@ -138,6 +138,7 @@ Patch406: mozilla-256180.patch # Rebase Gtk3 widget code to latest trunk to # fix various rendering problems Patch407: widget-rebase.patch +Patch408: mozilla-1290037.patch # Debian patches Patch500: mozilla-440908.patch @@ -280,6 +281,7 @@ cd %{tarballdir} # Rebase Gtk3 widget code to latest trunk to # fix various rendering problems %patch407 -p1 -b .widget-rebase +%patch408 -p1 -b .1290037 # Debian extension patch %patch500 -p1 -b .440908 @@ -788,6 +790,9 @@ gtk-update-icon-cache %{_datadir}/icons/hicolor &>/dev/null || : #--------------------------------------------------------------------- %changelog +* Mon Jan 16 2017 Martin Stransky <stransky@redhat.com> - 50.1.0-3 +- Added patch for nss 3.28.1 (mozbz#1290037) + * Wed Dec 21 2016 Martin Stransky <stransky@redhat.com> - 50.1.0-2 - Enabled Mozilla crash reporter diff --git a/mozilla-1290037.patch b/mozilla-1290037.patch new file mode 100644 index 0000000..508d580 --- /dev/null +++ b/mozilla-1290037.patch @@ -0,0 +1,34 @@ +# HG changeset patch +# User Franziskus Kiefer <franziskuskiefer@gmail.com> +# Date 1469717280 -7200 +# Thu Jul 28 16:48:00 2016 +0200 +# Node ID 95aa61f1e3562e526bf88179d9d078fd90ad1bda +# Parent d42aacfe34af25e2f5110e2ca3d24a210eabeb33 +Update keybits in H2, r=mt + +MozReview-Commit-ID: 35oWoDMqe1Y + +diff --git a/netwerk/protocol/http/Http2Session.cpp b/netwerk/protocol/http/Http2Session.cpp +--- a/netwerk/protocol/http/Http2Session.cpp ++++ b/netwerk/protocol/http/Http2Session.cpp +@@ -3544,18 +3544,18 @@ Http2Session::ConfirmTLSProfile() + RETURN_SESSION_ERROR(this, INADEQUATE_SECURITY); + } + + uint32_t keybits = ssl->GetKEAKeyBits(); + if (kea == ssl_kea_dh && keybits < 2048) { + LOG3(("Http2Session::ConfirmTLSProfile %p FAILED due to DH %d < 2048\n", + this, keybits)); + RETURN_SESSION_ERROR(this, INADEQUATE_SECURITY); +- } else if (kea == ssl_kea_ecdh && keybits < 256) { // 256 bits is "security level" of 128 +- LOG3(("Http2Session::ConfirmTLSProfile %p FAILED due to ECDH %d < 256\n", ++ } else if (kea == ssl_kea_ecdh && keybits < 224) { // see rfc7540 9.2.1. ++ LOG3(("Http2Session::ConfirmTLSProfile %p FAILED due to ECDH %d < 224\n", + this, keybits)); + RETURN_SESSION_ERROR(this, INADEQUATE_SECURITY); + } + + int16_t macAlgorithm = ssl->GetMACAlgorithmUsed(); + LOG3(("Http2Session::ConfirmTLSProfile %p MAC Algortihm (aead==6) %d\n", + this, macAlgorithm)); + if (macAlgorithm != nsISSLSocketControl::SSL_MAC_AEAD) { |