Date: Wed, 15 Oct 2014 11:13:24 +0200 From: =?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?= <des@des.no> To: ports-secteam@freebsd.org Cc: gecko@freebsd.org Subject: Re: POODLE SSLv3 vulnerability Message-ID: <86egu9zoej.fsf@nine.des.no> In-Reply-To: <8661fmgk1c.fsf@nine.des.no> ("Dag-Erling =?utf-8?Q?Sm=C3=B8r?= =?utf-8?Q?grav=22's?= message of "Wed, 15 Oct 2014 04:10:23 %2B0200") References: <86iojmgn40.fsf@nine.des.no> <8661fmgk1c.fsf@nine.des.no>
next in thread | previous in thread | raw e-mail | index | archive | help
Updated (still untested) patch which also adds CPE information:
Index: www/firefox/Makefile
===================================================================
--- www/firefox/Makefile (revision 370893)
+++ www/firefox/Makefile (working copy)
@@ -4,6 +4,7 @@
PORTNAME= firefox
DISTVERSION= 32.0.3
DISTVERSIONSUFFIX=.source
+PORTREVISION= 1
PORTEPOCH= 1
CATEGORIES= www ipv6
MASTER_SITES= MOZILLA/${PORTNAME}/releases/${DISTVERSION}/source \
@@ -44,9 +45,10 @@
ALL_TARGET= default
GNU_CONFIGURE= yes
USE_GL= gl
-USES= dos2unix tar:bzip2
+USES= cpe dos2unix tar:bzip2
DOS2UNIX_FILES= media/webrtc/trunk/webrtc/system_wrappers/source/spreadsortlib/spreadsort.hpp
NO_MOZPKGINSTALL=yes
+CPE_VENDOR= mozilla
FIREFOX_ICON= ${MOZILLA}.png
FIREFOX_ICON_SRC= ${PREFIX}/lib/${MOZILLA}/browser/chrome/icons/default/default48.png
Index: www/firefox/files/patch-disable-ssl3
===================================================================
--- www/firefox/files/patch-disable-ssl3 (revision 0)
+++ www/firefox/files/patch-disable-ssl3 (working copy)
@@ -0,0 +1,22 @@
+--- netwerk/base/public/security-prefs.js.orig
++++ netwerk/base/public/security-prefs.js
+@@ -2,7 +2,7 @@
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+-pref("security.tls.version.min", 0);
++pref("security.tls.version.min", 1);
+ pref("security.tls.version.max", 3);
+
+ pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", false);
+--- security/manager/ssl/src/nsNSSComponent.cpp.orig
++++ security/manager/ssl/src/nsNSSComponent.cpp
+@@ -1076,7 +1076,7 @@ nsresult
+ nsNSSComponent::setEnabledTLSVersions()
+ {
+ // keep these values in sync with security-prefs.js
+- static const int32_t PSM_DEFAULT_MIN_TLS_VERSION = 0;
++ static const int32_t PSM_DEFAULT_MIN_TLS_VERSION = 1;
+ static const int32_t PSM_DEFAULT_MAX_TLS_VERSION = 3;
+
+ int32_t minVersion = Preferences::GetInt("security.tls.version.min",
Property changes on: www/firefox/files/patch-disable-ssl3
___________________________________________________________________
Added: svn:mime-type
## -0,0 +1 ##
+text/plain
\ No newline at end of property
Added: fbsd:nokeywords
## -0,0 +1 ##
+yes
\ No newline at end of property
Added: svn:eol-style
## -0,0 +1 ##
+native
\ No newline at end of property
DES
--
Dag-Erling Smørgrav - des@des.no
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?86egu9zoej.fsf>