Mark H Weaver <m...@netris.org> writes: > Leo Famulari <l...@famulari.name> writes: > >> The Spectre bugs have to be fixed per-application for now. As far as I >> know, we haven't made any related changes to packages besides >> linux-libre. >> >> Mozilla has released an update that is supposed to mitigate the >> vulnerability but I don't if they'll be porting it back to the extended >> support release that Icecat is based on. > > I just backported the Spectre mitigation from Firefox 57.0.4 to IceCat, > and pushed it to master here: > > > https://git.savannah.gnu.org/cgit/guix.git/commit/?id=c23243fccd4f73430ca06a862acd33c020c8ed17
I just followed this up with a Spectre mitigation for WebKitGTK+ backported from upstream WebKit: https://git.savannah.gnu.org/cgit/guix.git/commit/?id=56804398a94bea941183ae4ed29d2a9f82069a6f Note that WebKitGTK+ had already reduced the resolution of performance.now() to 100 microseconds over a year ago: https://bugs.webkit.org/show_bug.cgi?id=165503 Mark
