From 0af6ffdd8d81f86a232902a54f99d4cfcd369490 Mon Sep 17 00:00:00 2001 From: Kei Kebreau Date: Tue, 23 Jan 2018 17:44:53 -0500 Subject: [PATCH 1/8] gnu: qscintilla: Update to 2.10.2. * gnu/packages/qt.scm (qscintilla, python-qscintilla, python-pyqt+qscintilla): Update to 2.10.2. --- gnu/packages/qt.scm | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/gnu/packages/qt.scm b/gnu/packages/qt.scm index 70c76ee454..596006080a 100644 --- a/gnu/packages/qt.scm +++ b/gnu/packages/qt.scm @@ -1657,7 +1657,7 @@ contain over 620 classes.") (define-public qscintilla (package (name "qscintilla") - (version "2.10.1") + (version "2.10.2") (source (origin (method url-fetch) (uri (string-append "mirror://sourceforge/pyqt/QScintilla2/" @@ -1665,7 +1665,7 @@ contain over 620 classes.") version ".tar.gz")) (sha256 (base32 - "0r7s7ndblv3jc0xig1y4l64b6mfr879cdv3zwdndn27rj6fqmycp")))) + "1l2ylsv6s3wfhyx7qr5cxgkwwwhvbrpd2k7akgm9bvbyf4h1vcql")))) (build-system gnu-build-system) (arguments `(#:phases @@ -1685,7 +1685,7 @@ contain over 620 classes.") (string-append out "/lib/qt$${QT_MAJOR_VERSION}")) (("\\$\\$\\[QT_HOST_DATA\\]") (string-append out "/lib/qt$${QT_MAJOR_VERSION}"))) - (zero? (system* "qmake")))))))) + (invoke "qmake"))))))) (native-inputs `(("qtbase" ,qtbase))) (home-page "http://www.riverbankcomputing.co.uk/software/qscintilla/intro") (synopsis "Qt port of the Scintilla C++ editor control") @@ -1715,8 +1715,8 @@ indicators, code completion and call tips.") (replace 'configure (lambda* (#:key outputs configure-flags #:allow-other-keys) (chdir "Python") - (and (zero? (apply system* "python3" "configure.py" - configure-flags)) + (and (apply invoke "python3" "configure.py" + configure-flags) ;; Install to the right directory (begin (substitute* '("Makefile" From 133f725773dda4cc9b5de4025a0c59b921052b9f Mon Sep 17 00:00:00 2001 From: Leo Famulari Date: Wed, 24 Jan 2018 03:20:08 -0500 Subject: [PATCH 2/8] gnu: curl: Update replacement to 7.58.0 [fixes CVE-2018-{1000005,1000007}]. * gnu/packages/curl.scm (curl)[replacement]: Update to 7.58.0. (curl-7.57.0): Replace with curl-7.58.0. --- gnu/packages/curl.scm | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/gnu/packages/curl.scm b/gnu/packages/curl.scm index cccbbc8d99..2ab1944d44 100644 --- a/gnu/packages/curl.scm +++ b/gnu/packages/curl.scm @@ -46,7 +46,7 @@ (package (name "curl") (version "7.55.1") - (replacement curl-7.57.0) + (replacement curl-7.58.0) (source (origin (method url-fetch) (uri (string-append "https://curl.haxx.se/download/curl-" @@ -126,10 +126,10 @@ tunneling, and so on.") "See COPYING in the distribution.")) (home-page "https://curl.haxx.se/"))) -(define-public curl-7.57.0 +(define-public curl-7.58.0 (package (inherit curl) - (version "7.57.0") + (version "7.58.0") (source (origin (method url-fetch) @@ -137,7 +137,7 @@ tunneling, and so on.") version ".tar.xz")) (sha256 (base32 - "0y3qbjjcxhcvm1yawp3spfssjbskv0g6gyzld6ckif5pf8ygvxpm")))))) + "1qz303lagxidmkyym90mxiaqnqddwi2219vzydsyn29n4iski0ba")))))) (define-public kurly (package From 4f34e0dba0cd8769a8189c04c8585bde4cd25a41 Mon Sep 17 00:00:00 2001 From: Efraim Flashner Date: Wed, 24 Jan 2018 10:53:55 +0200 Subject: [PATCH 3/8] gnu: vifm: Update inputs. * gnu/packages/vim.scm (vifm)[native-inputs]: Move perl ... [inputs]: ... to here. [home-page]: Use https. --- gnu/packages/vim.scm | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/gnu/packages/vim.scm b/gnu/packages/vim.scm index 32f1e1ca54..abd25bc9d6 100644 --- a/gnu/packages/vim.scm +++ b/gnu/packages/vim.scm @@ -1,6 +1,6 @@ ;;; GNU Guix --- Functional package management for GNU ;;; Copyright © 2013 Cyril Roelandt -;;; Copyright © 2016, 2017 Efraim Flashner +;;; Copyright © 2016, 2017, 2018 Efraim Flashner ;;; Copyright © 2016, 2017 ng0 ;;; Copyright © 2017 Ricardo Wurmus ;;; Copyright © 2017 Marius Bakke @@ -758,12 +758,12 @@ refactor Vim in order to: (delete-file-recursively (string-append vifm "/vim"))) #t))))) (native-inputs - `(("groff" ,groff) ; for the documentation - ("perl" ,perl))) + `(("groff" ,groff))) ; for the documentation (inputs `(("libx11" ,libx11) - ("ncurses" ,ncurses))) - (home-page "http://vifm.info/") + ("ncurses" ,ncurses) + ("perl" ,perl))) + (home-page "https://vifm.info/") (synopsis "Flexible vi-like file manager using ncurses") (description "Vifm is a file manager providing a @command{vi}-like usage experience. It has similar keybindings and modes (e.g. normal, command line, From c1c2e1d72b23f57ff0d4869a6970183d833383fb Mon Sep 17 00:00:00 2001 From: Mark H Weaver Date: Wed, 24 Jan 2018 02:04:42 -0500 Subject: [PATCH 4/8] gnu: icecat: Relabel patches to reflect CVE assignments. Document that our existing patches include fixes for CVE-2018-5091, CVE-2018-5095, CVE-2018-5096, CVE-2018-5098, CVE-2018-5102, CVE-2018-5103, CVE-2018-5117, and 14 out of 21 changesets for CVE-2018-5089. * gnu/packages/gnuzilla.scm (icecat)[sources]: Relabel patches to reflect CVE assignments. --- gnu/packages/gnuzilla.scm | 46 +++++++++++++++++++-------------------- 1 file changed, 23 insertions(+), 23 deletions(-) diff --git a/gnu/packages/gnuzilla.scm b/gnu/packages/gnuzilla.scm index 92037326e0..02e7f2c948 100644 --- a/gnu/packages/gnuzilla.scm +++ b/gnu/packages/gnuzilla.scm @@ -1,7 +1,7 @@ ;;; GNU Guix --- Functional package management for GNU ;;; Copyright © 2013, 2015 Andreas Enge ;;; Copyright © 2013, 2014, 2015, 2016, 2017 Ludovic Courtès -;;; Copyright © 2014, 2015, 2016, 2017 Mark H Weaver +;;; Copyright © 2014, 2015, 2016, 2017, 2018 Mark H Weaver ;;; Copyright © 2015 Sou Bunnbu ;;; Copyright © 2016, 2017 Efraim Flashner ;;; Copyright © 2016 Alex Griffin @@ -484,36 +484,36 @@ security standards.") (mozilla-patch "icecat-bug-1355576.patch" "cf34a0574e58" "1z7sa1d12hypgivm5xxn32s58afpjcij97jvnafcgnfvxywrgr1m") (mozilla-patch "icecat-CVE-2017-7843.patch" "f6216ea8b8fc" "0jnhdkj0ch9mj01mzlvhjgf8zsxlbg6m7yvpq99qr7xmg0pzbgwl") (mozilla-patch "icecat-bug-1413741.patch" "4e00ce2897c4" "0k95vi31glia2i03djidkc0gkwp9qldy34fz1rxcj56a1iphbq7w") - (mozilla-patch "icecat-bug-1224396.patch" "92d450811409" "0xsvggnr0y65nd52nkbjvpcbs5nd84pvbayk5vinbx1mnk2wh2vy") - (mozilla-patch "icecat-bug-1415582.patch" "7eba7d14704a" "1vi17qmjzh3kji14iz370kvs4425asgp93ns2chf5ldlq5b9196g") - (mozilla-patch "icecat-bug-1417797.patch" "457d023c167e" "11g8hg8yp20lsn52dx1ym8r4yjsnsmx0h182d6nbl6ab9wp7d1m9") - (mozilla-patch "icecat-bug-1410134.patch" "5e7b16213198" "14c4x6c3mygf8p77n9bia5rndjpngbvik1r1ylk97k3ggy4fj6zh") - (mozilla-patch "icecat-bug-1419363.patch" "0712b6cbbdc8" "0rllsq6ckpms7g9k6qky1gr5rz1gav4widrha6w1s9f88cbrqgk5") - (mozilla-patch "icecat-bug-1408276.patch" "084c427ccf99" "0sjdy2iang09a9g6liavpjgry04dp6smjgj0y7lp5lfqijdr8q2d") - (mozilla-patch "icecat-bug-1382366.patch" "1bfb3d8d4510" "0c2dcxj74ijs6qf9sqcbj8w998hblic66vy41818z7xnw46j5j1j") + (mozilla-patch "icecat-CVE-2018-5089-pt01.patch" "92d450811409" "0xsvggnr0y65nd52nkbjvpcbs5nd84pvbayk5vinbx1mnk2wh2vy") + (mozilla-patch "icecat-CVE-2018-5089-pt02.patch" "7eba7d14704a" "1vi17qmjzh3kji14iz370kvs4425asgp93ns2chf5ldlq5b9196g") + (mozilla-patch "icecat-CVE-2018-5089-pt03.patch" "457d023c167e" "11g8hg8yp20lsn52dx1ym8r4yjsnsmx0h182d6nbl6ab9wp7d1m9") + (mozilla-patch "icecat-CVE-2018-5089-pt04.patch" "5e7b16213198" "14c4x6c3mygf8p77n9bia5rndjpngbvik1r1ylk97k3ggy4fj6zh") + (mozilla-patch "icecat-CVE-2018-5102.patch" "0712b6cbbdc8" "0rllsq6ckpms7g9k6qky1gr5rz1gav4widrha6w1s9f88cbrqgk5") + (mozilla-patch "icecat-CVE-2018-5089-pt05.patch" "084c427ccf99" "0sjdy2iang09a9g6liavpjgry04dp6smjgj0y7lp5lfqijdr8q2d") + (mozilla-patch "icecat-CVE-2018-5089-pt06.patch" "1bfb3d8d4510" "0c2dcxj74ijs6qf9sqcbj8w998hblic66vy41818z7xnw46j5j1j") (mozilla-patch "icecat-bug-1414425.patch" "5623e01e63a8" "08dn3v96bsb61hy3wfxz43fhn1mk9vlm5ydvdjgi3wiqadvacgzs") - (mozilla-patch "icecat-bug-1409951.patch" "14a389d40329" "0f4gbak5bd2walxrxs3myig28v9lhvplf3a1nws1a4ajx80slzq1") + (mozilla-patch "icecat-CVE-2018-5089-pt07.patch" "14a389d40329" "0f4gbak5bd2walxrxs3myig28v9lhvplf3a1nws1a4ajx80slzq1") (mozilla-patch "icecat-bug-1415441.patch" "7339297cddb7" "017lbw0mn5rwzb2abfw6qrk07m3r96vwbj81cmqvdfnmprcjni5j") - (mozilla-patch "icecat-bug-1418922.patch" "aa55d4cdaee5" "1l3qwjfx0jsbbw2dg8bsnx7k47zibamgswndq0d1bchnmary62aw") + (mozilla-patch "icecat-CVE-2018-5096.patch" "aa55d4cdaee5" "1l3qwjfx0jsbbw2dg8bsnx7k47zibamgswndq0d1bchnmary62aw") (mozilla-patch "icecat-bug-1382358.patch" "762f4e53889a" "0n61zrb6rz9bhhdsqs5ziwaiy81pq52c76p9qmi9hrxbn24ism1k") - (mozilla-patch "icecat-bug-1399520.patch" "0152d097672f" "16ybg718calvciv00kil8s97lhh11hj6gx0acf73r44xfkvm8nfg") + (mozilla-patch "icecat-CVE-2018-5089-pt08.patch" "0152d097672f" "16ybg718calvciv00kil8s97lhh11hj6gx0acf73r44xfkvm8nfg") (search-patch "icecat-bug-1414945.patch") - (mozilla-patch "icecat-bug-1414452.patch" "079356ed5317" "107c0b93g2k743wvhwz2ps3j6p09qld7d0raljijv5y5n8q4wp92") - (mozilla-patch "icecat-bug-1418854.patch" "93e4994a892c" "00r2qxw3619529vy9d04dl9kcziqy3fv3iawgy9svzygyx1kj5wx") - (mozilla-patch "icecat-bug-1422389.patch" "f8a6e1864832" "1wbxn0v50637yjg8b8675k01x9cyx95jpjxpyqfaa97762qkznba") - (mozilla-patch "icecat-bug-1415598.patch" "0cc1c9068714" "1qmqpi14zs7c95k3c7396gpp6apb622k0mgv553kw4rr81nj1yac") - (mozilla-patch "icecat-bug-1418447.patch" "ce6f3fb2bf58" "1b1msb5d5jsgrqa2hkbsrm0n54qdmx1b2bf65v44v17appa03lra") - (mozilla-patch "icecat-bug-1423159.patch" "6b4d3c5d5e51" "074p93dhwr1ckhypkjpblnmg9hg44a9030g1glqffi9dyn3iq3k4") + (mozilla-patch "icecat-CVE-2018-5089-pt09.patch" "079356ed5317" "107c0b93g2k743wvhwz2ps3j6p09qld7d0raljijv5y5n8q4wp92") + (mozilla-patch "icecat-CVE-2018-5089-pt10.patch" "93e4994a892c" "00r2qxw3619529vy9d04dl9kcziqy3fv3iawgy9svzygyx1kj5wx") + (mozilla-patch "icecat-CVE-2018-5089-pt11.patch" "f8a6e1864832" "1wbxn0v50637yjg8b8675k01x9cyx95jpjxpyqfaa97762qkznba") + (mozilla-patch "icecat-CVE-2018-5089-pt12.patch" "0cc1c9068714" "1qmqpi14zs7c95k3c7396gpp6apb622k0mgv553kw4rr81nj1yac") + (mozilla-patch "icecat-CVE-2018-5095.patch" "ce6f3fb2bf58" "1b1msb5d5jsgrqa2hkbsrm0n54qdmx1b2bf65v44v17appa03lra") + (mozilla-patch "icecat-CVE-2018-5103.patch" "6b4d3c5d5e51" "074p93dhwr1ckhypkjpblnmg9hg44a9030g1glqffi9dyn3iq3k4") (mozilla-patch "icecat-bug-1411745.patch" "1a510ee578a0" "1imb7glh2m1zwvvpvr4k4iddms5byqzr35j7kv3y5is77aiwl4z5") (mozilla-patch "icecat-bug-1411708.patch" "34c968767eb7" "0l2jy201ikj3m3h66mvlsj4y0ki7cpm7x7nnfygbwnfxg42s1sip") - (mozilla-patch "icecat-bug-1423086.patch" "bc166be85bb4" "0w1lrjzfrfflaw4l6sfi3ir81iyi9gyfck5g41dwp0jc1b59jzvg") - (mozilla-patch "icecat-bug-1412145.patch" "66cfc3c4047d" "05j8ic4lv2d2ygr6d62rkdlfyg2rpljalwrkkhllinw2dfi3n15b") - (mozilla-patch "icecat-bug-1399400.patch" "3236ffdf0ced" "1kvk4qyslaj1ldgs1wpxnf79zajcihzcd1zvbrg990i3hgyn3gk3") + (mozilla-patch "icecat-CVE-2018-5091.patch" "bc166be85bb4" "0w1lrjzfrfflaw4l6sfi3ir81iyi9gyfck5g41dwp0jc1b59jzvg") + (mozilla-patch "icecat-CVE-2018-5089-pt13.patch" "66cfc3c4047d" "05j8ic4lv2d2ygr6d62rkdlfyg2rpljalwrkkhllinw2dfi3n15b") + (mozilla-patch "icecat-CVE-2018-5098.patch" "3236ffdf0ced" "1kvk4qyslaj1ldgs1wpxnf79zajcihzcd1zvbrg990i3hgyn3gk3") (mozilla-patch "icecat-bug-1424373-pt1.patch" "320032aaa068" "1ch282qibprz1q0f2imvynh4sg7gads6sf3ayhjcd62zjncpgyz7") (search-patch "icecat-bug-1424373-pt2.patch") - (mozilla-patch "icecat-bug-1412420.patch" "c2945f1249eb" "18p0344w6grpyfiz8dczfw977p0qy37iqv95whgnrjli2ab51kji") - (mozilla-patch "icecat-bug-1395508-pt1.patch" "263165eacc54" "0518xnd9f4qkn7l0z73kldm9dr33y6hf054ril4f8r2j8s9fy33i") - (mozilla-patch "icecat-bug-1395508-pt2.patch" "58e87d9cc44e" "0j9qwjm25bmhw0sj426yl4fqaa6zknf5cjk0yisdd3895652n5i4") + (mozilla-patch "icecat-CVE-2018-5089-pt14.patch" "c2945f1249eb" "18p0344w6grpyfiz8dczfw977p0qy37iqv95whgnrjli2ab51kji") + (mozilla-patch "icecat-CVE-2018-5117-pt1.patch" "263165eacc54" "0518xnd9f4qkn7l0z73kldm9dr33y6hf054ril4f8r2j8s9fy33i") + (mozilla-patch "icecat-CVE-2018-5117-pt2.patch" "58e87d9cc44e" "0j9qwjm25bmhw0sj426yl4fqaa6zknf5cjk0yisdd3895652n5i4") (search-patch "icecat-bug-1427870-spectre-mitigation.patch"))) (modules '((guix build utils))) (snippet From 52009dc3bd98ea0b3dc0cedaddf4c1a9cf18a2f3 Mon Sep 17 00:00:00 2001 From: Mark H Weaver Date: Wed, 24 Jan 2018 02:25:23 -0500 Subject: [PATCH 5/8] gnu: icecat: Add more fixes from upstream mozilla-esr52. Includes fixes for CVE-2018-5104, CVE-2018-5097, CVE-2018-5099, and the remaining 7 out of 21 changesets for CVE-2018-5089. * gnu/packages/gnuzilla.scm (icecat)[source]: Add selected fixes from the upstream mozilla-esr52 repository. Remove the local spectre mitigation patch in favor of the (identical) changeset from upstream. * gnu/packages/patches/icecat-bug-1427870-spectre-mitigation.patch: Delete. * gnu/local.mk (dist_patch_DATA): Remove it. --- gnu/local.mk | 1 - gnu/packages/gnuzilla.scm | 17 ++++++- ...cecat-bug-1427870-spectre-mitigation.patch | 49 ------------------- 3 files changed, 16 insertions(+), 51 deletions(-) delete mode 100644 gnu/packages/patches/icecat-bug-1427870-spectre-mitigation.patch diff --git a/gnu/local.mk b/gnu/local.mk index b72c586e37..e86e7dacaf 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -759,7 +759,6 @@ dist_patch_DATA = \ %D%/packages/patches/icecat-bug-1415133.patch \ %D%/packages/patches/icecat-bug-1414945.patch \ %D%/packages/patches/icecat-bug-1424373-pt2.patch \ - %D%/packages/patches/icecat-bug-1427870-spectre-mitigation.patch \ %D%/packages/patches/icu4c-CVE-2017-7867-CVE-2017-7868.patch \ %D%/packages/patches/icu4c-CVE-2017-14952.patch \ %D%/packages/patches/icu4c-reset-keyword-list-iterator.patch \ diff --git a/gnu/packages/gnuzilla.scm b/gnu/packages/gnuzilla.scm index 02e7f2c948..7d98a61990 100644 --- a/gnu/packages/gnuzilla.scm +++ b/gnu/packages/gnuzilla.scm @@ -514,7 +514,22 @@ security standards.") (mozilla-patch "icecat-CVE-2018-5089-pt14.patch" "c2945f1249eb" "18p0344w6grpyfiz8dczfw977p0qy37iqv95whgnrjli2ab51kji") (mozilla-patch "icecat-CVE-2018-5117-pt1.patch" "263165eacc54" "0518xnd9f4qkn7l0z73kldm9dr33y6hf054ril4f8r2j8s9fy33i") (mozilla-patch "icecat-CVE-2018-5117-pt2.patch" "58e87d9cc44e" "0j9qwjm25bmhw0sj426yl4fqaa6zknf5cjk0yisdd3895652n5i4") - (search-patch "icecat-bug-1427870-spectre-mitigation.patch"))) + (mozilla-patch "icecat-CVE-2018-5089-pt15.patch" "aa4b11615431" "0whfvwaj3dmk89ah2kbv7zz7a8ckqa0xajf5fl12bgl7q8c8ndnm") + (mozilla-patch "icecat-CVE-2018-5104.patch" "66761c5bfbe1" "076128pxc7ik1zq2v0d5m6vd7nls2030jzdc4w0ggy8hd5yyb8g9") + (mozilla-patch "icecat-bug-1408631.patch" "6f5c8df1925d" "1hgr18p5dwhlsan6jxlj3ay7cbfyywk40bpbnjc8gqmq6y25cn48") + (mozilla-patch "icecat-bug-1422735.patch" "b88ef76f5687" "0rzpxfrhddc0238rq3r1b02j95g0rdplk1fjmk85m51xvggh9086") + (mozilla-patch "icecat-bug-1261963.patch" "d0c98f5b6c12" "1z9jn19hnwjand9c0ifc39gq71nz17jjqy2s5fqr2z06y8qys62h") + (mozilla-patch "icecat-CVE-2018-5089-pt16.patch" "f7865afb1fe6" "0i7ydmcr1g0ih3myyxaxjq6wfg3rvq5j4893kjqksqihfqrkzs4j") + (mozilla-patch "icecat-CVE-2018-5097.patch" "9fb7614319df" "1xirahk06w8pyw4pdh64f4pg3qcb7c8x8frrmad2895fagy14g4k") + (mozilla-patch "icecat-mitigate-spectre.patch" "81d6465bd7c2" "1za5l249pb5x7f283vrimy0ankjzvwa99hfql3v4fm5a4grjkj9n") + (mozilla-patch "icecat-CVE-2018-5089-pt17.patch" "5f753161df25" "1k2mpwagz08wzxfzwy2b4a0pz0hkhdqby6n11i7pasx3ary670km") + (mozilla-patch "icecat-CVE-2018-5099.patch" "b95d654de120" "1cv7nz2gsyjjigw6wv4xagh8q6bcg0971md8b6xjvz5m26aynlaw") + (mozilla-patch "icecat-bug-1408631.patch" "3b1faddc0e5f" "0817x5mrdyjj0gc9yi19m6d78d18ypc9nbld64d2axhc8v9bz3xf") + (mozilla-patch "icecat-glibc-2.26.patch" "57d4fae4dffe" "1sv7kp7m4i7n31ny8k7cpjsrqpxh5y5jm27sh2cgpj7fhi5kqsj2") + (mozilla-patch "icecat-CVE-2018-5089-pt18.patch" "fe271a2b9503" "11wr8mdxw01dlmzkq55hf0qd52cwmx4vk96cff66d4kkl1dbj6qn") + (mozilla-patch "icecat-CVE-2018-5089-pt19.patch" "410da936a1e8" "14dvaysz0svlh50kdabjhd2s5avz6p93sbyqhwik5rlvcg5ax5zp") + (mozilla-patch "icecat-CVE-2018-5089-pt20.patch" "8368a9a379e3" "0fqq01ms7m4kb9b10n8gy5n9n4x43crz2gn1r6c4ny52wzgm3j6f") + (mozilla-patch "icecat-CVE-2018-5089-pt21.patch" "a7c8e85285e2" "1caa2w5r8rqb1qrk4mgf2vw1k592idvqmgs8qfz2dp2744kk6z98"))) (modules '((guix build utils))) (snippet '(begin diff --git a/gnu/packages/patches/icecat-bug-1427870-spectre-mitigation.patch b/gnu/packages/patches/icecat-bug-1427870-spectre-mitigation.patch deleted file mode 100644 index 6b088286cb..0000000000 --- a/gnu/packages/patches/icecat-bug-1427870-spectre-mitigation.patch +++ /dev/null @@ -1,49 +0,0 @@ -Mitigate Spectre by reducing the resolution of performance.now() to 20 -microseconds. Based on: - - https://hg.mozilla.org/releases/mozilla-release/rev/afa87f9be3a8 - -For more details, see: - - https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-timing-attack/ - -This patch was modified to apply cleanly to GNU IceCat. - - -# HG changeset patch -# User Tom Ritter -# Date 1514660820 21600 -# Node ID afa87f9be3a8852da3a30f286b15ae599c7874f6 -# Parent 6caa457ebedc915b43dc1d054b8fe22e82ca7447 -Bug 1427870 - Change resolution of .now() to 20us. r=bkelly, a=lizzard - -The comment about workers was introduced in Bug 1186489 but became obsolete some time after that -(definitely by Bug 1278838) - -diff --git a/dom/performance/Performance.cpp b/dom/performance/Performance.cpp ---- a/dom/performance/Performance.cpp -+++ b/dom/performance/Performance.cpp -@@ -234,20 +234,19 @@ Performance::ClearResourceTimings() - { - MOZ_ASSERT(NS_IsMainThread()); - mResourceEntries.Clear(); - } - - DOMHighResTimeStamp - Performance::RoundTime(double aTime) const - { -- // Round down to the nearest 5us, because if the timer is too accurate people -- // can do nasty timing attacks with it. See similar code in the worker -- // Performance implementation. -- const double maxResolutionMs = 0.005; -+ // Round down to the nearest 20us, because if the timer is too accurate people -+ // can do nasty timing attacks with it. -+ const double maxResolutionMs = 0.020; - return floor(aTime / maxResolutionMs) * maxResolutionMs; - } - - - void - Performance::Mark(const nsAString& aName, ErrorResult& aRv) - { - // Don't add the entry if the buffer is full. XXX should be removed by bug 1159003. From e0d41d24191a9fbff044fd2bfc4f7bf50e02603b Mon Sep 17 00:00:00 2001 From: Mark H Weaver Date: Wed, 24 Jan 2018 06:02:56 -0500 Subject: [PATCH 6/8] gnu: linux-libre@4.4: Update to 4.4.113. * gnu/packages/linux.scm (linux-libre-4.4): Update to 4.4.113. --- gnu/packages/linux.scm | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm index aa36f05c75..d581490342 100644 --- a/gnu/packages/linux.scm +++ b/gnu/packages/linux.scm @@ -390,8 +390,8 @@ It has been modified to remove all non-free binary blobs.") #:configuration-file kernel-config)) (define-public linux-libre-4.4 - (make-linux-libre "4.4.112" - "12qnbqn6n984c0cwbwi26znmhw8pasxsfy1qyh5s1pzqx3k4q2h2" + (make-linux-libre "4.4.113" + "17l5gw99ph312k0x4d3f08zlsp1ljr6c1mp0xvqp1257gnz84bgb" %intel-compatible-systems #:configuration-file kernel-config)) From b98af01bf4add7f87861b134357ec0765a0c2337 Mon Sep 17 00:00:00 2001 From: Mark H Weaver Date: Wed, 24 Jan 2018 06:03:31 -0500 Subject: [PATCH 7/8] gnu: linux-libre@4.9: Update to 4.9.78. * gnu/packages/linux.scm (linux-libre-4.9): Update to 4.9.78. --- gnu/packages/linux.scm | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm index d581490342..bfce571d6d 100644 --- a/gnu/packages/linux.scm +++ b/gnu/packages/linux.scm @@ -384,8 +384,8 @@ It has been modified to remove all non-free binary blobs.") #:configuration-file kernel-config)) (define-public linux-libre-4.9 - (make-linux-libre "4.9.77" - "1lar2nmk1njz2lb73j64wwwc6sxx6ik5jm6lpiz1wav7avs1wix3" + (make-linux-libre "4.9.78" + "12j7nxz92krq2ax7rii4pr6y1pr37n7ml692kqifpzpbzqm5yb9k" %intel-compatible-systems #:configuration-file kernel-config)) From a6af4d25f1af0acd4fa26b69c5fd0bd3042a85e2 Mon Sep 17 00:00:00 2001 From: Mark H Weaver Date: Wed, 24 Jan 2018 06:05:00 -0500 Subject: [PATCH 8/8] gnu: linux-libre: Update to 4.14.15. * gnu/packages/linux.scm (%linux-libre-version): Update to 4.14.15. (%linux-libre-hash): Update hash. --- gnu/packages/linux.scm | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm index bfce571d6d..319479d3dd 100644 --- a/gnu/packages/linux.scm +++ b/gnu/packages/linux.scm @@ -370,8 +370,8 @@ It has been modified to remove all non-free binary blobs.") (define %intel-compatible-systems '("x86_64-linux" "i686-linux")) (define %linux-compatible-systems '("x86_64-linux" "i686-linux" "armhf-linux")) -(define %linux-libre-version "4.14.14") -(define %linux-libre-hash "0s135a5bdggsj2vhpfscmiyjgw2lzgprfk5ypba1aaqv7mrwwrm7") +(define %linux-libre-version "4.14.15") +(define %linux-libre-hash "0s94d51bym3zipxf40xjzq943b7b2x4ba1gp3j7l5npj5nr2xiy8") ;; linux-libre configuration for armhf-linux is derived from Debian armmp. It ;; supports qemu "virt" machine and possibly a large number of ARM boards.