aboutsummaryrefslogtreecommitdiff
path: root/gnu/packages/patches
diff options
context:
space:
mode:
authorMark H Weaver <mhw@netris.org>2018-01-24 02:25:23 -0500
committerMark H Weaver <mhw@netris.org>2018-01-24 05:59:01 -0500
commit52009dc3bd98ea0b3dc0cedaddf4c1a9cf18a2f3 (patch)
treea1b03833adcbd7f710e7563ca584b126ec4f8def /gnu/packages/patches
parentc1c2e1d72b23f57ff0d4869a6970183d833383fb (diff)
downloadguix-52009dc3bd98ea0b3dc0cedaddf4c1a9cf18a2f3.tar
guix-52009dc3bd98ea0b3dc0cedaddf4c1a9cf18a2f3.tar.gz
gnu: icecat: Add more fixes from upstream mozilla-esr52.
Includes fixes for CVE-2018-5104, CVE-2018-5097, CVE-2018-5099, and the remaining 7 out of 21 changesets for CVE-2018-5089. * gnu/packages/gnuzilla.scm (icecat)[source]: Add selected fixes from the upstream mozilla-esr52 repository. Remove the local spectre mitigation patch in favor of the (identical) changeset from upstream. * gnu/packages/patches/icecat-bug-1427870-spectre-mitigation.patch: Delete. * gnu/local.mk (dist_patch_DATA): Remove it.
Diffstat (limited to 'gnu/packages/patches')
-rw-r--r--gnu/packages/patches/icecat-bug-1427870-spectre-mitigation.patch49
1 files changed, 0 insertions, 49 deletions
diff --git a/gnu/packages/patches/icecat-bug-1427870-spectre-mitigation.patch b/gnu/packages/patches/icecat-bug-1427870-spectre-mitigation.patch
deleted file mode 100644
index 6b088286cb..0000000000
--- a/gnu/packages/patches/icecat-bug-1427870-spectre-mitigation.patch
+++ /dev/null
@@ -1,49 +0,0 @@
-Mitigate Spectre by reducing the resolution of performance.now() to 20
-microseconds. Based on:
-
- https://hg.mozilla.org/releases/mozilla-release/rev/afa87f9be3a8
-
-For more details, see:
-
- https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-timing-attack/
-
-This patch was modified to apply cleanly to GNU IceCat.
-
-
-# HG changeset patch
-# User Tom Ritter <tom@mozilla.com>
-# Date 1514660820 21600
-# Node ID afa87f9be3a8852da3a30f286b15ae599c7874f6
-# Parent 6caa457ebedc915b43dc1d054b8fe22e82ca7447
-Bug 1427870 - Change resolution of .now() to 20us. r=bkelly, a=lizzard
-
-The comment about workers was introduced in Bug 1186489 but became obsolete some time after that
-(definitely by Bug 1278838)
-
-diff --git a/dom/performance/Performance.cpp b/dom/performance/Performance.cpp
---- a/dom/performance/Performance.cpp
-+++ b/dom/performance/Performance.cpp
-@@ -234,20 +234,19 @@ Performance::ClearResourceTimings()
- {
- MOZ_ASSERT(NS_IsMainThread());
- mResourceEntries.Clear();
- }
-
- DOMHighResTimeStamp
- Performance::RoundTime(double aTime) const
- {
-- // Round down to the nearest 5us, because if the timer is too accurate people
-- // can do nasty timing attacks with it. See similar code in the worker
-- // Performance implementation.
-- const double maxResolutionMs = 0.005;
-+ // Round down to the nearest 20us, because if the timer is too accurate people
-+ // can do nasty timing attacks with it.
-+ const double maxResolutionMs = 0.020;
- return floor(aTime / maxResolutionMs) * maxResolutionMs;
- }
-
-
- void
- Performance::Mark(const nsAString& aName, ErrorResult& aRv)
- {
- // Don't add the entry if the buffer is full. XXX should be removed by bug 1159003.