diff options
author | Mark H Weaver <mhw@netris.org> | 2018-01-24 02:25:23 -0500 |
---|---|---|
committer | Mark H Weaver <mhw@netris.org> | 2018-01-24 05:59:01 -0500 |
commit | 52009dc3bd98ea0b3dc0cedaddf4c1a9cf18a2f3 (patch) | |
tree | a1b03833adcbd7f710e7563ca584b126ec4f8def /gnu/packages/patches | |
parent | c1c2e1d72b23f57ff0d4869a6970183d833383fb (diff) | |
download | guix-52009dc3bd98ea0b3dc0cedaddf4c1a9cf18a2f3.tar guix-52009dc3bd98ea0b3dc0cedaddf4c1a9cf18a2f3.tar.gz |
gnu: icecat: Add more fixes from upstream mozilla-esr52.
Includes fixes for CVE-2018-5104, CVE-2018-5097, CVE-2018-5099, and the
remaining 7 out of 21 changesets for CVE-2018-5089.
* gnu/packages/gnuzilla.scm (icecat)[source]: Add selected fixes from the
upstream mozilla-esr52 repository. Remove the local spectre mitigation patch
in favor of the (identical) changeset from upstream.
* gnu/packages/patches/icecat-bug-1427870-spectre-mitigation.patch: Delete.
* gnu/local.mk (dist_patch_DATA): Remove it.
Diffstat (limited to 'gnu/packages/patches')
-rw-r--r-- | gnu/packages/patches/icecat-bug-1427870-spectre-mitigation.patch | 49 |
1 files changed, 0 insertions, 49 deletions
diff --git a/gnu/packages/patches/icecat-bug-1427870-spectre-mitigation.patch b/gnu/packages/patches/icecat-bug-1427870-spectre-mitigation.patch deleted file mode 100644 index 6b088286cb..0000000000 --- a/gnu/packages/patches/icecat-bug-1427870-spectre-mitigation.patch +++ /dev/null @@ -1,49 +0,0 @@ -Mitigate Spectre by reducing the resolution of performance.now() to 20 -microseconds. Based on: - - https://hg.mozilla.org/releases/mozilla-release/rev/afa87f9be3a8 - -For more details, see: - - https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-timing-attack/ - -This patch was modified to apply cleanly to GNU IceCat. - - -# HG changeset patch -# User Tom Ritter <tom@mozilla.com> -# Date 1514660820 21600 -# Node ID afa87f9be3a8852da3a30f286b15ae599c7874f6 -# Parent 6caa457ebedc915b43dc1d054b8fe22e82ca7447 -Bug 1427870 - Change resolution of .now() to 20us. r=bkelly, a=lizzard - -The comment about workers was introduced in Bug 1186489 but became obsolete some time after that -(definitely by Bug 1278838) - -diff --git a/dom/performance/Performance.cpp b/dom/performance/Performance.cpp ---- a/dom/performance/Performance.cpp -+++ b/dom/performance/Performance.cpp -@@ -234,20 +234,19 @@ Performance::ClearResourceTimings() - { - MOZ_ASSERT(NS_IsMainThread()); - mResourceEntries.Clear(); - } - - DOMHighResTimeStamp - Performance::RoundTime(double aTime) const - { -- // Round down to the nearest 5us, because if the timer is too accurate people -- // can do nasty timing attacks with it. See similar code in the worker -- // Performance implementation. -- const double maxResolutionMs = 0.005; -+ // Round down to the nearest 20us, because if the timer is too accurate people -+ // can do nasty timing attacks with it. -+ const double maxResolutionMs = 0.020; - return floor(aTime / maxResolutionMs) * maxResolutionMs; - } - - - void - Performance::Mark(const nsAString& aName, ErrorResult& aRv) - { - // Don't add the entry if the buffer is full. XXX should be removed by bug 1159003. |