Rebuilt for new nss 3.28.1 (mozbz#1290037)

This commit is contained in:
Martin Stransky 2017-01-20 11:25:14 +01:00
parent 82b0306a0f
commit 2b1c6aa33e
2 changed files with 44 additions and 2 deletions

34
mozilla-1290037.patch Normal file
View File

@ -0,0 +1,34 @@
# HG changeset patch
# User Franziskus Kiefer <franziskuskiefer@gmail.com>
# Date 1469717280 -7200
# Thu Jul 28 16:48:00 2016 +0200
# Node ID 95aa61f1e3562e526bf88179d9d078fd90ad1bda
# Parent d42aacfe34af25e2f5110e2ca3d24a210eabeb33
Update keybits in H2, r=mt
MozReview-Commit-ID: 35oWoDMqe1Y
diff --git a/netwerk/protocol/http/Http2Session.cpp b/netwerk/protocol/http/Http2Session.cpp
--- a/netwerk/protocol/http/Http2Session.cpp
+++ b/netwerk/protocol/http/Http2Session.cpp
@@ -3544,18 +3544,18 @@ Http2Session::ConfirmTLSProfile()
RETURN_SESSION_ERROR(this, INADEQUATE_SECURITY);
}
uint32_t keybits = ssl->GetKEAKeyBits();
if (kea == ssl_kea_dh && keybits < 2048) {
LOG3(("Http2Session::ConfirmTLSProfile %p FAILED due to DH %d < 2048\n",
this, keybits));
RETURN_SESSION_ERROR(this, INADEQUATE_SECURITY);
- } else if (kea == ssl_kea_ecdh && keybits < 256) { // 256 bits is "security level" of 128
- LOG3(("Http2Session::ConfirmTLSProfile %p FAILED due to ECDH %d < 256\n",
+ } else if (kea == ssl_kea_ecdh && keybits < 224) { // see rfc7540 9.2.1.
+ LOG3(("Http2Session::ConfirmTLSProfile %p FAILED due to ECDH %d < 224\n",
this, keybits));
RETURN_SESSION_ERROR(this, INADEQUATE_SECURITY);
}
int16_t macAlgorithm = ssl->GetMACAlgorithmUsed();
LOG3(("Http2Session::ConfirmTLSProfile %p MAC Algortihm (aead==6) %d\n",
this, macAlgorithm));
if (macAlgorithm != nsISSLSocketControl::SSL_MAC_AEAD) {

View File

@ -63,7 +63,7 @@
Summary: Mozilla Thunderbird mail/newsgroup client
Name: thunderbird
Version: 45.6.0
Release: 3%{?dist}
Release: 4%{?dist}
URL: http://www.mozilla.org/projects/thunderbird/
License: MPLv1.1 or GPLv2+ or LGPLv2+
Group: Applications/Internet
@ -107,6 +107,9 @@ Patch400: rhbz-966424.patch
Patch402: rhbz-1014858.patch
# libvpx no longer has compat defines, use the current ones
# NSS 3.28.1 patch
Patch500: mozilla-1290037.patch
%if %{official_branding}
# Required by Mozilla Corporation
@ -223,12 +226,14 @@ cd mozilla
%patch400 -p1 -b .966424
#%patch402 -p1 -b .rhbz-1014858 FIXME musi byt
%patch304 -p1 -b .1245783
# NSS 3.28.1 patch
%patch500 -p1 -b .1290037
cd ..
%patch105 -p1 -b .bad-langs
%patch200 -p1 -b .addons
%if %{official_branding}
# Required by Mozilla Corporation
@ -611,6 +616,9 @@ gtk-update-icon-cache %{_datadir}/icons/hicolor &>/dev/null || :
#===============================================================================
%changelog
* Fri Jan 20 2017 Martin Stransky <stransky@redhat.com> - 45.6.0-4
- Rebuilt for new nss 3.28.1 (mozbz#1290037)
* Fri Jan 6 2017 Jan Horak <jhorak@redhat.com> - 45.6.0-3
- Fixed calendar locales: rhbz#1410740