diff options
| author | Mark H Weaver <mhw@netris.org> | 2018-01-06 13:40:23 -0500 |
|---|---|---|
| committer | Mark H Weaver <mhw@netris.org> | 2018-01-06 15:04:10 -0500 |
| commit | c23243fccd4f73430ca06a862acd33c020c8ed17 (patch) | |
| tree | 8c23f559e2e81a4b27139eb720704e76fed131f8 /gnu/packages/patches | |
| parent | 5ae8c77adec6b64a53ed10c3505263380205321d (diff) | |
| download | guix-patches-c23243fccd4f73430ca06a862acd33c020c8ed17.tar guix-patches-c23243fccd4f73430ca06a862acd33c020c8ed17.tar.gz | |
gnu: icecat: Add more fixes, including Spectre mitigation.
* gnu/packages/gnuzilla.scm (icecat)[source]: Add more fixes from the
upstream mozilla-esr52 repository, plus a backported mitigation for
Spectre from Firefox 57.0.4.
* gnu/packages/patches/icecat-bug-1427870-spectre-mitigation.patch:
New file.
* gnu/local.mk (dist_patch_DATA): Add it.
Diffstat (limited to 'gnu/packages/patches')
| -rw-r--r-- | gnu/packages/patches/icecat-bug-1427870-spectre-mitigation.patch | 49 |
1 files changed, 49 insertions, 0 deletions
diff --git a/gnu/packages/patches/icecat-bug-1427870-spectre-mitigation.patch b/gnu/packages/patches/icecat-bug-1427870-spectre-mitigation.patch new file mode 100644 index 0000000000..6b088286cb --- /dev/null +++ b/gnu/packages/patches/icecat-bug-1427870-spectre-mitigation.patch @@ -0,0 +1,49 @@ +Mitigate Spectre by reducing the resolution of performance.now() to 20 +microseconds. Based on: + + https://hg.mozilla.org/releases/mozilla-release/rev/afa87f9be3a8 + +For more details, see: + + https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-timing-attack/ + +This patch was modified to apply cleanly to GNU IceCat. + + +# HG changeset patch +# User Tom Ritter <tom@mozilla.com> +# Date 1514660820 21600 +# Node ID afa87f9be3a8852da3a30f286b15ae599c7874f6 +# Parent 6caa457ebedc915b43dc1d054b8fe22e82ca7447 +Bug 1427870 - Change resolution of .now() to 20us. r=bkelly, a=lizzard + +The comment about workers was introduced in Bug 1186489 but became obsolete some time after that +(definitely by Bug 1278838) + +diff --git a/dom/performance/Performance.cpp b/dom/performance/Performance.cpp +--- a/dom/performance/Performance.cpp ++++ b/dom/performance/Performance.cpp +@@ -234,20 +234,19 @@ Performance::ClearResourceTimings() + { + MOZ_ASSERT(NS_IsMainThread()); + mResourceEntries.Clear(); + } + + DOMHighResTimeStamp + Performance::RoundTime(double aTime) const + { +- // Round down to the nearest 5us, because if the timer is too accurate people +- // can do nasty timing attacks with it. See similar code in the worker +- // Performance implementation. +- const double maxResolutionMs = 0.005; ++ // Round down to the nearest 20us, because if the timer is too accurate people ++ // can do nasty timing attacks with it. ++ const double maxResolutionMs = 0.020; + return floor(aTime / maxResolutionMs) * maxResolutionMs; + } + + + void + Performance::Mark(const nsAString& aName, ErrorResult& aRv) + { + // Don't add the entry if the buffer is full. XXX should be removed by bug 1159003. |