pkgsrc-Changes archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

CVS commit: pkgsrc/www/firefox



Module Name:    pkgsrc
Committed By:   nia
Date:           Tue Jun 23 17:38:50 UTC 2020

Modified Files:
        pkgsrc/www/firefox: Makefile distinfo
Added Files:
        pkgsrc/www/firefox/patches:
            patch-third__party_rust_getrandom_src_lib.rs

Log Message:
firefox: Avoid reading from /dev/random on NetBSD

Motivation: This becomes a problem when a user is on a system without
HWRNG or a preexisting seed file (to increase the estimated entropy to
256 bits), where Firefox will hang forever on startup waiting for a
user to write to /dev/random. Since this was reported on port-arm@,
I decided to investigate this, and believe this is the only place
Firefox might end up reading from /dev/random.

Risk: Probably not much. For actual Transport Layer Security purposes,
Network Security Services reads directly from /dev/urandom. On systems
where Firefox is used, we can probably reasonably assume that enough
entropy has been generated from user input, on-board sensors, and network
devices to provide a state that is fairly difficult to predict, even if the
NetBSD kernel assigns no value to it (since in embedded environments
where the device's operator may be absent, such events can be manipulated
to theoretically produce a predictable state - although I don't think
this theoretical attack is necessarily something we should be concerned
with on low-end desktop systems). Other kernels do assign value to these
inputs, so have much lower criteria for unblocking.

Bump PKGREVISION


To generate a diff of this commit:
cvs rdiff -u -r1.433 -r1.434 pkgsrc/www/firefox/Makefile
cvs rdiff -u -r1.399 -r1.400 pkgsrc/www/firefox/distinfo
cvs rdiff -u -r0 -r1.1 \
    pkgsrc/www/firefox/patches/patch-third__party_rust_getrandom_src_lib.rs

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/www/firefox/Makefile
diff -u pkgsrc/www/firefox/Makefile:1.433 pkgsrc/www/firefox/Makefile:1.434
--- pkgsrc/www/firefox/Makefile:1.433   Wed Jun 17 17:54:26 2020
+++ pkgsrc/www/firefox/Makefile Tue Jun 23 17:38:49 2020
@@ -1,9 +1,9 @@
-# $NetBSD: Makefile,v 1.433 2020/06/17 17:54:26 nia Exp $
+# $NetBSD: Makefile,v 1.434 2020/06/23 17:38:49 nia Exp $
 
 FIREFOX_VER=           ${MOZ_BRANCH}${MOZ_BRANCH_MINOR}
 MOZ_BRANCH=            77.0
 MOZ_BRANCH_MINOR=      .1
-PKGREVISION=           2
+PKGREVISION=           3
 
 DISTNAME=      firefox-${FIREFOX_VER}.source
 PKGNAME=       ${DISTNAME:S/.source//:S/b/beta/:S/esr//}
@@ -99,6 +99,11 @@ CKSUMS+=     efdada601d13c489451da9d65a78c42
 CKSUMS+=       34f9aa76b6c9c05136bb69dcd6455397faef571a567254d2c541d50a962994db
 CKSUMS+=       e5581852eec87918901a129284b4965aefc8a19394187a8095779a084f28fabe
 
+CKSUM_CRATES+= third_party/rust/getrandom
+
+CKSUMS+=       0e52f6bde42d7bb05c297ce1c25b9879d61b28caba98f6226a152bff538db6c2
+CKSUMS+=       394425b4ba03c21c494e64d993678f7014575b1e3d590b9ee452b5c2d83ec4ac
+
 SUBST_CLASSES+=                cksum
 SUBST_STAGE.cksum=     pre-configure
 .for crate in ${CKSUM_CRATES}

Index: pkgsrc/www/firefox/distinfo
diff -u pkgsrc/www/firefox/distinfo:1.399 pkgsrc/www/firefox/distinfo:1.400
--- pkgsrc/www/firefox/distinfo:1.399   Wed Jun 17 17:54:26 2020
+++ pkgsrc/www/firefox/distinfo Tue Jun 23 17:38:49 2020
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.399 2020/06/17 17:54:26 nia Exp $
+$NetBSD: distinfo,v 1.400 2020/06/23 17:38:49 nia Exp $
 
 SHA1 (firefox-77.0.1.source.tar.xz) = 86735b221c17964f5e6a756a973b6d0696fbf1c5
 RMD160 (firefox-77.0.1.source.tar.xz) = 59ef718e1bf9eef0a6b90c60ec20bbe4c7402ffe
@@ -30,6 +30,7 @@ SHA1 (patch-media_libtheora_lib_info.c) 
 SHA1 (patch-media_libvorbis_lib_vorbis__info.c) = b6b1a84a095db8459bdff24c04f4d56886ddbe45
 SHA1 (patch-nsprpub_pr_src_pthreads_ptsynch.c) = 13e512c7ee9fa1e14ba415d62fa853e5fbfc91c0
 SHA1 (patch-security_nss_lib_freebl_mpi_mpi.c) = a7cd867916524770609d1c307a65b315b88456f4
+SHA1 (patch-third__party_rust_getrandom_src_lib.rs) = 2ad80d10ebfeef0dc27435fc2c16be7b5e5d444a
 SHA1 (patch-third__party_rust_libc_src_unix_bsd_netbsdlike_netbsd_mod.rs) = 3755f32fea84900cc0f00af3d9f53ed5fcfb0b4b
 SHA1 (patch-toolkit_components_terminator_nsTerminator.cpp) = 5a516d377d491e0504aaf2d7aed04bb9ebeccc56
 SHA1 (patch-toolkit_modules_subprocess_subprocess__shared__unix.js) = 22a39e54e042ab2270a3cb54e4e307c8900cad12

Added files:

Index: pkgsrc/www/firefox/patches/patch-third__party_rust_getrandom_src_lib.rs
diff -u /dev/null pkgsrc/www/firefox/patches/patch-third__party_rust_getrandom_src_lib.rs:1.1
--- /dev/null   Tue Jun 23 17:38:50 2020
+++ pkgsrc/www/firefox/patches/patch-third__party_rust_getrandom_src_lib.rs     Tue Jun 23 17:38:50 2020
@@ -0,0 +1,24 @@
+$NetBSD: patch-third__party_rust_getrandom_src_lib.rs,v 1.1 2020/06/23 17:38:50 nia Exp $
+
+https://github.com/rust-random/getrandom/pull/115
+
+--- third_party/rust/getrandom/src/lib.rs.orig 2020-06-02 23:37:31.000000000 +0000
++++ third_party/rust/getrandom/src/lib.rs
+@@ -17,7 +17,7 @@
+ //! | macOS, iOS       | [`SecRandomCopyBytes`][4]
+ //! | FreeBSD          | [`kern.arandom`][5]
+ //! | OpenBSD, Bitrig  | [`getentropy`][6]
+-//! | NetBSD           | [`/dev/urandom`][7] after reading from `/dev/random` once
++//! | NetBSD           | [`kern.arandom`][5]
+ //! | Dragonfly BSD    | [`/dev/random`][8]
+ //! | Solaris, illumos | [`getrandom`][9] system call if available, otherwise [`/dev/random`][10]
+ //! | Fuchsia OS       | [`cprng_draw`][11]
+@@ -184,7 +184,7 @@ mod_use!(cfg(target_os = "illumos"), sol
+ mod_use!(cfg(target_os = "ios"), macos);
+ mod_use!(cfg(target_os = "linux"), linux_android);
+ mod_use!(cfg(target_os = "macos"), macos);
+-mod_use!(cfg(target_os = "netbsd"), use_file);
++mod_use!(cfg(target_os = "netbsd"), freebsd);
+ mod_use!(cfg(target_os = "openbsd"), openbsd_bitrig);
+ mod_use!(cfg(target_os = "redox"), use_file);
+ mod_use!(cfg(target_os = "solaris"), solaris_illumos);



Home | Main Index | Thread Index | Old Index