summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--libre/icecat/PKGBUILD17
-rw-r--r--libre/icecat/disable-crypto-hardening-settings.patch (renamed from libre/icecat/disable-general-crypto-hardening-settings.patch)46
2 files changed, 43 insertions, 20 deletions
diff --git a/libre/icecat/PKGBUILD b/libre/icecat/PKGBUILD
index 1811c254c..52e32de8c 100644
--- a/libre/icecat/PKGBUILD
+++ b/libre/icecat/PKGBUILD
@@ -13,7 +13,7 @@
_pgo=true
pkgname=icecat
-_pkgver=38.5.0-gnu1
+_pkgver=38.5.2-gnu1
pkgver=${_pkgver//-/_}
pkgrel=1
@@ -33,7 +33,7 @@ optdepends=('networkmanager: Location detection via available WiFi networks'
url="http://www.gnu.org/software/gnuzilla/"
install=$pkgname.install
#source=(http://ftp.gnu.org/gnu/gnuzilla/${_pkgver%-*}/$pkgname-$_pkgver.tar.bz2{,.sig}
-source=(http://jenkins.trisquel.info/$pkgname/$pkgname-$_pkgver.tar.bz2
+source=(http://jenkins.trisquel.info/$pkgname/binaries/$pkgname-$_pkgver.tar.bz2{,.sig}
mozconfig
libre.patch
gnu_headshadow.png
@@ -42,8 +42,9 @@ source=(http://jenkins.trisquel.info/$pkgname/$pkgname-$_pkgver.tar.bz2
vendor.js
$pkgname-fixed-loading-icon.png
remove-google-play-services-support.patch
- disable-general-crypto-hardening-settings.patch)
-sha256sums=('c266acbc54c364f32a5e56f997f21a2cbbf95fd76ea53452e8026629a9bb5f1f'
+ disable-crypto-hardening-settings.patch)
+sha256sums=('8f99b9cb966404665085f87f1d532a22f3b0d422bfb49eb8f202b40c96ef2854'
+ 'SKIP'
'33a8cf07373c63a0bea70ec2c3983d2cca990752c0f946cb5dbd91f1e2b6410f'
'dd173c9283babb8a04bf55274de05e823161f7d13adb8c5e21dd5a9c0dc549a2'
'93e3001ce152e1d142619e215a9ef07dd429943b99d21726c25da9ceb31e31cd'
@@ -52,8 +53,8 @@ sha256sums=('c266acbc54c364f32a5e56f997f21a2cbbf95fd76ea53452e8026629a9bb5f1f'
'977aa49b940f1da049cefa2878a63ac6669a78e63e9d55bb11db7b8f8fb64c33'
'68e3a5b47c6d175cc95b98b069a15205f027cab83af9e075818d38610feb6213'
'9e651b0f7e7d9d663e8b24077d52bad15f011871747743aff60d6e2d7a45ae5b'
- 'bec42e12cca826d9b60dfd6176eebad2604cac97152f8bb7c03893642bc86a3d')
-#validpgpkeys=('A57369A8BABC2542B5A0368C3C76EED7D7E04784') # Ruben Rodriguez
+ 'bcd351d97e99f9a71ff5f44e29037f5451617378527801e32de514ff30583476')
+validpgpkeys=('A57369A8BABC2542B5A0368C3C76EED7D7E04784') # Ruben Rodriguez
prepare() {
export GNU_BUILD="gnuzilla-release"
@@ -92,10 +93,10 @@ prepare() {
cp "$srcdir/$pkgname-fixed-loading-icon.png" \
browser/themes/linux/tabbrowser/loading.png
- # Disable general crypto hardening settings for now
+ # Disable crypto hardening settings for now
# https://lists.parabola.nu/pipermail/assist/2015-October/000534.html
# https://labs.parabola.nu/issues/842
- patch -Np1 -i "$srcdir/disable-general-crypto-hardening-settings.patch"
+ patch -Np1 -i "$srcdir/disable-crypto-hardening-settings.patch"
}
build() {
diff --git a/libre/icecat/disable-general-crypto-hardening-settings.patch b/libre/icecat/disable-crypto-hardening-settings.patch
index d84cdd2ea..77517c6d0 100644
--- a/libre/icecat/disable-general-crypto-hardening-settings.patch
+++ b/libre/icecat/disable-crypto-hardening-settings.patch
@@ -1,7 +1,7 @@
-diff -Nur icecat-38.3.0.orig/browser/app/profile/icecat.js icecat-38.3.0/browser/app/profile/icecat.js
---- icecat-38.3.0.orig/browser/app/profile/icecat.js 2015-10-12 20:42:13.000000000 -0300
-+++ icecat-38.3.0/browser/app/profile/icecat.js 2015-10-29 14:03:09.377208716 -0300
-@@ -2046,14 +2046,14 @@
+diff -Nur icecat-38.5.2.orig/browser/app/profile/icecat.js icecat-38.5.2/browser/app/profile/icecat.js
+--- icecat-38.5.2.orig/browser/app/profile/icecat.js 2015-12-24 18:24:09.000000000 -0300
++++ icecat-38.5.2/browser/app/profile/icecat.js 2015-12-28 16:06:00.046009585 -0300
+@@ -2047,20 +2047,20 @@
// Crypto hardening
// https://gist.github.com/haasn/69e19fc2fe0e25f3cff5
//General settings
@@ -22,12 +22,23 @@ diff -Nur icecat-38.3.0.orig/browser/app/profile/icecat.js icecat-38.3.0/browser
+//pref("security.OCSP.enabled", 1);
+//pref("security.OCSP.require", true);
//Disable unnecessary protocols
- pref("security.ssl3.rsa_rc4_128_sha", false);
- pref("security.ssl3.rsa_rc4_128_md5", false);
-diff -Nur icecat-38.3.0.orig/mobile/android/app/mobile.js icecat-38.3.0/mobile/android/app/mobile.js
---- icecat-38.3.0.orig/mobile/android/app/mobile.js 2015-10-12 20:42:14.000000000 -0300
-+++ icecat-38.3.0/mobile/android/app/mobile.js 2015-10-29 14:03:24.623133800 -0300
-@@ -1008,14 +1008,14 @@
+-pref("security.ssl3.rsa_rc4_128_sha", false);
+-pref("security.ssl3.rsa_rc4_128_md5", false);
+-pref("security.ssl3.rsa_des_ede3_sha", false);
+-pref("security.ssl3.ecdhe_ecdsa_rc4_128_sha", false);
+-pref("security.ssl3.ecdhe_rsa_rc4_128_sha", false);
++//pref("security.ssl3.rsa_rc4_128_sha", false);
++//pref("security.ssl3.rsa_rc4_128_md5", false);
++//pref("security.ssl3.rsa_des_ede3_sha", false);
++//pref("security.ssl3.ecdhe_ecdsa_rc4_128_sha", false);
++//pref("security.ssl3.ecdhe_rsa_rc4_128_sha", false);
+ // https://directory.fsf.org/wiki/Disable_DHE
+ // Avoid logjam attack
+ pref("security.ssl3.dhe_rsa_aes_128_sha", false);
+diff -Nur icecat-38.5.2.orig/mobile/android/app/mobile.js icecat-38.5.2/mobile/android/app/mobile.js
+--- icecat-38.5.2.orig/mobile/android/app/mobile.js 2015-12-24 18:24:09.000000000 -0300
++++ icecat-38.5.2/mobile/android/app/mobile.js 2015-12-28 16:06:32.144427580 -0300
+@@ -1009,20 +1009,20 @@
// Crypto hardening
// https://gist.github.com/haasn/69e19fc2fe0e25f3cff5
//General settings
@@ -48,5 +59,16 @@ diff -Nur icecat-38.3.0.orig/mobile/android/app/mobile.js icecat-38.3.0/mobile/a
+//pref("security.OCSP.enabled", 1);
+//pref("security.OCSP.require", true);
//Disable unnecessary protocols
- pref("security.ssl3.rsa_rc4_128_sha", false);
- pref("security.ssl3.rsa_rc4_128_md5", false);
+-pref("security.ssl3.rsa_rc4_128_sha", false);
+-pref("security.ssl3.rsa_rc4_128_md5", false);
+-pref("security.ssl3.rsa_des_ede3_sha", false);
+-pref("security.ssl3.ecdhe_ecdsa_rc4_128_sha", false);
+-pref("security.ssl3.ecdhe_rsa_rc4_128_sha", false);
++//pref("security.ssl3.rsa_rc4_128_sha", false);
++//pref("security.ssl3.rsa_rc4_128_md5", false);
++//pref("security.ssl3.rsa_des_ede3_sha", false);
++//pref("security.ssl3.ecdhe_ecdsa_rc4_128_sha", false);
++//pref("security.ssl3.ecdhe_rsa_rc4_128_sha", false);
+ // https://directory.fsf.org/wiki/Disable_DHE
+ // Avoid logjam attack
+ pref("security.ssl3.dhe_rsa_aes_128_sha", false);