Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/www/firefox firefox: Avoid reading from /dev/random on...
details: https://anonhg.NetBSD.org/pkgsrc/rev/a67223dbda7b
branches: trunk
changeset: 434840:a67223dbda7b
user: nia <nia%pkgsrc.org@localhost>
date: Tue Jun 23 17:38:49 2020 +0000
description:
firefox: Avoid reading from /dev/random on NetBSD
Motivation: This becomes a problem when a user is on a system without
HWRNG or a preexisting seed file (to increase the estimated entropy to
256 bits), where Firefox will hang forever on startup waiting for a
user to write to /dev/random. Since this was reported on port-arm@,
I decided to investigate this, and believe this is the only place
Firefox might end up reading from /dev/random.
Risk: Probably not much. For actual Transport Layer Security purposes,
Network Security Services reads directly from /dev/urandom. On systems
where Firefox is used, we can probably reasonably assume that enough
entropy has been generated from user input, on-board sensors, and network
devices to provide a state that is fairly difficult to predict, even if the
NetBSD kernel assigns no value to it (since in embedded environments
where the device's operator may be absent, such events can be manipulated
to theoretically produce a predictable state - although I don't think
this theoretical attack is necessarily something we should be concerned
with on low-end desktop systems). Other kernels do assign value to these
inputs, so have much lower criteria for unblocking.
Bump PKGREVISION
diffstat:
www/firefox/Makefile | 9 ++-
www/firefox/distinfo | 3 +-
www/firefox/patches/patch-third__party_rust_getrandom_src_lib.rs | 24 ++++++++++
3 files changed, 33 insertions(+), 3 deletions(-)
diffs (72 lines):
diff -r 92c5443a2622 -r a67223dbda7b www/firefox/Makefile
--- a/www/firefox/Makefile Tue Jun 23 15:59:17 2020 +0000
+++ b/www/firefox/Makefile Tue Jun 23 17:38:49 2020 +0000
@@ -1,9 +1,9 @@
-# $NetBSD: Makefile,v 1.433 2020/06/17 17:54:26 nia Exp $
+# $NetBSD: Makefile,v 1.434 2020/06/23 17:38:49 nia Exp $
FIREFOX_VER= ${MOZ_BRANCH}${MOZ_BRANCH_MINOR}
MOZ_BRANCH= 77.0
MOZ_BRANCH_MINOR= .1
-PKGREVISION= 2
+PKGREVISION= 3
DISTNAME= firefox-${FIREFOX_VER}.source
PKGNAME= ${DISTNAME:S/.source//:S/b/beta/:S/esr//}
@@ -99,6 +99,11 @@
CKSUMS+= 34f9aa76b6c9c05136bb69dcd6455397faef571a567254d2c541d50a962994db
CKSUMS+= e5581852eec87918901a129284b4965aefc8a19394187a8095779a084f28fabe
+CKSUM_CRATES+= third_party/rust/getrandom
+
+CKSUMS+= 0e52f6bde42d7bb05c297ce1c25b9879d61b28caba98f6226a152bff538db6c2
+CKSUMS+= 394425b4ba03c21c494e64d993678f7014575b1e3d590b9ee452b5c2d83ec4ac
+
SUBST_CLASSES+= cksum
SUBST_STAGE.cksum= pre-configure
.for crate in ${CKSUM_CRATES}
diff -r 92c5443a2622 -r a67223dbda7b www/firefox/distinfo
--- a/www/firefox/distinfo Tue Jun 23 15:59:17 2020 +0000
+++ b/www/firefox/distinfo Tue Jun 23 17:38:49 2020 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.399 2020/06/17 17:54:26 nia Exp $
+$NetBSD: distinfo,v 1.400 2020/06/23 17:38:49 nia Exp $
SHA1 (firefox-77.0.1.source.tar.xz) = 86735b221c17964f5e6a756a973b6d0696fbf1c5
RMD160 (firefox-77.0.1.source.tar.xz) = 59ef718e1bf9eef0a6b90c60ec20bbe4c7402ffe
@@ -30,6 +30,7 @@
SHA1 (patch-media_libvorbis_lib_vorbis__info.c) = b6b1a84a095db8459bdff24c04f4d56886ddbe45
SHA1 (patch-nsprpub_pr_src_pthreads_ptsynch.c) = 13e512c7ee9fa1e14ba415d62fa853e5fbfc91c0
SHA1 (patch-security_nss_lib_freebl_mpi_mpi.c) = a7cd867916524770609d1c307a65b315b88456f4
+SHA1 (patch-third__party_rust_getrandom_src_lib.rs) = 2ad80d10ebfeef0dc27435fc2c16be7b5e5d444a
SHA1 (patch-third__party_rust_libc_src_unix_bsd_netbsdlike_netbsd_mod.rs) = 3755f32fea84900cc0f00af3d9f53ed5fcfb0b4b
SHA1 (patch-toolkit_components_terminator_nsTerminator.cpp) = 5a516d377d491e0504aaf2d7aed04bb9ebeccc56
SHA1 (patch-toolkit_modules_subprocess_subprocess__shared__unix.js) = 22a39e54e042ab2270a3cb54e4e307c8900cad12
diff -r 92c5443a2622 -r a67223dbda7b www/firefox/patches/patch-third__party_rust_getrandom_src_lib.rs
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/www/firefox/patches/patch-third__party_rust_getrandom_src_lib.rs Tue Jun 23 17:38:49 2020 +0000
@@ -0,0 +1,24 @@
+$NetBSD: patch-third__party_rust_getrandom_src_lib.rs,v 1.1 2020/06/23 17:38:50 nia Exp $
+
+https://github.com/rust-random/getrandom/pull/115
+
+--- third_party/rust/getrandom/src/lib.rs.orig 2020-06-02 23:37:31.000000000 +0000
++++ third_party/rust/getrandom/src/lib.rs
+@@ -17,7 +17,7 @@
+ //! | macOS, iOS | [`SecRandomCopyBytes`][4]
+ //! | FreeBSD | [`kern.arandom`][5]
+ //! | OpenBSD, Bitrig | [`getentropy`][6]
+-//! | NetBSD | [`/dev/urandom`][7] after reading from `/dev/random` once
++//! | NetBSD | [`kern.arandom`][5]
+ //! | Dragonfly BSD | [`/dev/random`][8]
+ //! | Solaris, illumos | [`getrandom`][9] system call if available, otherwise [`/dev/random`][10]
+ //! | Fuchsia OS | [`cprng_draw`][11]
+@@ -184,7 +184,7 @@ mod_use!(cfg(target_os = "illumos"), sol
+ mod_use!(cfg(target_os = "ios"), macos);
+ mod_use!(cfg(target_os = "linux"), linux_android);
+ mod_use!(cfg(target_os = "macos"), macos);
+-mod_use!(cfg(target_os = "netbsd"), use_file);
++mod_use!(cfg(target_os = "netbsd"), freebsd);
+ mod_use!(cfg(target_os = "openbsd"), openbsd_bitrig);
+ mod_use!(cfg(target_os = "redox"), use_file);
+ mod_use!(cfg(target_os = "solaris"), solaris_illumos);
Home |
Main Index |
Thread Index |
Old Index