ported all-gentoo prefs from firefox-bin to address Logjam attack vector, bug 550288

(Portage version: 2.2.18/cvs/Linux x86_64, signed Manifest commit with key 2B6559ED)

4 files changed, 33 insertions, 4 deletions

diff --git a/www-client/seamonkey-bin/ChangeLog b/www-client/seamonkey-bin/ChangeLog
index 3c97d0cf06d7..8f2ede4fdcf8 100644
--- a/www-client/seamonkey-bin/ChangeLog
+++ b/www-client/seamonkey-bin/ChangeLog
@@ -1,6 +1,14 @@
 # ChangeLog for www-client/seamonkey-bin
 # Copyright 1999-2015 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/www-client/seamonkey-bin/ChangeLog,v 1.222 2015/03/26 11:36:44 ago Exp $
+# $Header: /var/cvsroot/gentoo-x86/www-client/seamonkey-bin/ChangeLog,v 1.223 2015/05/31 14:34:58 axs Exp $
+
+*seamonkey-bin-2.33.1-r1 (31 May 2015)
+
+  31 May 2015; Ian Stakenvicius (_AxS_) <axs@gentoo.org>
+  +files/all-gentoo-1-cve-2015-4000.js, +files/local-settings.js,
+  +seamonkey-bin-2.33.1-r1.ebuild, -seamonkey-bin-2.31.ebuild:
+  ported all-gentoo prefs from firefox-bin to address Logjam attack vector, bug
+  550288
 
   26 Mar 2015; Agostino Sarubbo <ago@gentoo.org> seamonkey-bin-2.33.1.ebuild:
   Stable for x86, wrt bug #544056
diff --git a/www-client/seamonkey-bin/files/all-gentoo-1-cve-2015-4000.js b/www-client/seamonkey-bin/files/all-gentoo-1-cve-2015-4000.js
new file mode 100644
index 000000000000..0cda361882e5
--- /dev/null
+++ b/www-client/seamonkey-bin/files/all-gentoo-1-cve-2015-4000.js
@@ -0,0 +1,13 @@
+// Ensure preference cann't be changed by users
+lockPref("app.update.auto", false);
+lockPref("app.update.enabled", false);
+lockPref("intl.locale.matchOS",                true);
+// Allow user to change based on needs
+defaultPref("browser.display.use_system_colors",  true);
+defaultPref("spellchecker.dictionary_path", "/usr/share/myspell");
+defaultPref("browser.shell.checkDefaultBrowser",  false); 
+// Preferences that should be reset every session
+pref("browser.EULA.override",              true); 
+// CVE-2015-4000 - prevent Logjam attack vector
+lockPref("security.ssl3.dhe_rsa_aes_128_sha", false);
+lockPref("security.ssl3.dhe_rsa_aes_256_sha", false);
diff --git a/www-client/seamonkey-bin/files/local-settings.js b/www-client/seamonkey-bin/files/local-settings.js
new file mode 100644
index 000000000000..9dac3b0eae0a
--- /dev/null
+++ b/www-client/seamonkey-bin/files/local-settings.js
@@ -0,0 +1,2 @@
+pref("general.config.filename", "all-gentoo.js");
+pref("general.config.obscure_value", 0); // use this to disable the byte-shift
diff --git a/www-client/seamonkey-bin/seamonkey-bin-2.31.ebuild b/www-client/seamonkey-bin/seamonkey-bin-2.33.1-r1.ebuild
index 109dc168102b..4c1dee60f286 100644
--- a/www-client/seamonkey-bin/seamonkey-bin-2.31.ebuild
+++ b/www-client/seamonkey-bin/seamonkey-bin-2.33.1-r1.ebuild
@@ -1,6 +1,6 @@
-# Copyright 1999-2014 Gentoo Foundation
+# Copyright 1999-2015 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/www-client/seamonkey-bin/seamonkey-bin-2.31.ebuild,v 1.3 2014/12/10 19:34:31 ago Exp $
+# $Header: /var/cvsroot/gentoo-x86/www-client/seamonkey-bin/seamonkey-bin-2.33.1-r1.ebuild,v 1.1 2015/05/31 14:34:58 axs Exp $
 
 EAPI="4"
 
@@ -28,7 +28,7 @@ SRC_URI="${SRC_URI}
 HOMEPAGE="http://www.seamonkey-project.org/"
 RESTRICT="strip mirror"
 
-KEYWORDS="-* amd64 x86"
+KEYWORDS="-* ~amd64 ~x86"
 SLOT="0"
 LICENSE="MPL-2.0 GPL-2 LGPL-2.1"
 IUSE="startup-notification"
@@ -105,6 +105,12 @@ EOF
 	    echo "StartupNotify=true" >> "${D}"/usr/share/applications/${PN}.desktop
 	fi
 
+	# Fix prefs that make no sense for a system-wide install
+	insinto ${MOZILLA_FIVE_HOME}/defaults/pref/
+	doins "${FILESDIR}"/local-settings.js
+	# Copy preferences file so we can do a simple rename.
+	cp "${FILESDIR}"/all-gentoo-1-cve-2015-4000.js  "${D}"${MOZILLA_FIVE_HOME}/all-gentoo.js
+
 	# revdep-rebuild entry
 	insinto /etc/revdep-rebuild
 	doins "${FILESDIR}"/10${PN} || die