From 52009dc3bd98ea0b3dc0cedaddf4c1a9cf18a2f3 Mon Sep 17 00:00:00 2001 From: Mark H Weaver Date: Wed, 24 Jan 2018 02:25:23 -0500 Subject: gnu: icecat: Add more fixes from upstream mozilla-esr52. Includes fixes for CVE-2018-5104, CVE-2018-5097, CVE-2018-5099, and the remaining 7 out of 21 changesets for CVE-2018-5089. * gnu/packages/gnuzilla.scm (icecat)[source]: Add selected fixes from the upstream mozilla-esr52 repository. Remove the local spectre mitigation patch in favor of the (identical) changeset from upstream. * gnu/packages/patches/icecat-bug-1427870-spectre-mitigation.patch: Delete. * gnu/local.mk (dist_patch_DATA): Remove it. --- .../icecat-bug-1427870-spectre-mitigation.patch | 49 ---------------------- 1 file changed, 49 deletions(-) delete mode 100644 gnu/packages/patches/icecat-bug-1427870-spectre-mitigation.patch (limited to 'gnu/packages/patches') diff --git a/gnu/packages/patches/icecat-bug-1427870-spectre-mitigation.patch b/gnu/packages/patches/icecat-bug-1427870-spectre-mitigation.patch deleted file mode 100644 index 6b088286cb..0000000000 --- a/gnu/packages/patches/icecat-bug-1427870-spectre-mitigation.patch +++ /dev/null @@ -1,49 +0,0 @@ -Mitigate Spectre by reducing the resolution of performance.now() to 20 -microseconds. Based on: - - https://hg.mozilla.org/releases/mozilla-release/rev/afa87f9be3a8 - -For more details, see: - - https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-timing-attack/ - -This patch was modified to apply cleanly to GNU IceCat. - - -# HG changeset patch -# User Tom Ritter -# Date 1514660820 21600 -# Node ID afa87f9be3a8852da3a30f286b15ae599c7874f6 -# Parent 6caa457ebedc915b43dc1d054b8fe22e82ca7447 -Bug 1427870 - Change resolution of .now() to 20us. r=bkelly, a=lizzard - -The comment about workers was introduced in Bug 1186489 but became obsolete some time after that -(definitely by Bug 1278838) - -diff --git a/dom/performance/Performance.cpp b/dom/performance/Performance.cpp ---- a/dom/performance/Performance.cpp -+++ b/dom/performance/Performance.cpp -@@ -234,20 +234,19 @@ Performance::ClearResourceTimings() - { - MOZ_ASSERT(NS_IsMainThread()); - mResourceEntries.Clear(); - } - - DOMHighResTimeStamp - Performance::RoundTime(double aTime) const - { -- // Round down to the nearest 5us, because if the timer is too accurate people -- // can do nasty timing attacks with it. See similar code in the worker -- // Performance implementation. -- const double maxResolutionMs = 0.005; -+ // Round down to the nearest 20us, because if the timer is too accurate people -+ // can do nasty timing attacks with it. -+ const double maxResolutionMs = 0.020; - return floor(aTime / maxResolutionMs) * maxResolutionMs; - } - - - void - Performance::Mark(const nsAString& aName, ErrorResult& aRv) - { - // Don't add the entry if the buffer is full. XXX should be removed by bug 1159003. -- cgit v1.2.3