Date: Wed, 15 Oct 2014 11:13:24 +0200 From: =?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?= <des@des.no> To: ports-secteam@freebsd.org Cc: gecko@freebsd.org Subject: Re: POODLE SSLv3 vulnerability Message-ID: <86egu9zoej.fsf@nine.des.no> In-Reply-To: <8661fmgk1c.fsf@nine.des.no> ("Dag-Erling =?utf-8?Q?Sm=C3=B8r?= =?utf-8?Q?grav=22's?= message of "Wed, 15 Oct 2014 04:10:23 %2B0200") References: <86iojmgn40.fsf@nine.des.no> <8661fmgk1c.fsf@nine.des.no>
next in thread | previous in thread | raw e-mail | index | archive | help
Updated (still untested) patch which also adds CPE information: Index: www/firefox/Makefile =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D --- www/firefox/Makefile (revision 370893) +++ www/firefox/Makefile (working copy) @@ -4,6 +4,7 @@ PORTNAME=3D firefox DISTVERSION=3D 32.0.3 DISTVERSIONSUFFIX=3D.source +PORTREVISION=3D 1 PORTEPOCH=3D 1 CATEGORIES=3D www ipv6 MASTER_SITES=3D MOZILLA/${PORTNAME}/releases/${DISTVERSION}/source \ @@ -44,9 +45,10 @@ ALL_TARGET=3D default GNU_CONFIGURE=3D yes USE_GL=3D gl -USES=3D dos2unix tar:bzip2 +USES=3D cpe dos2unix tar:bzip2 DOS2UNIX_FILES=3D media/webrtc/trunk/webrtc/system_wrappers/source/spreads= ortlib/spreadsort.hpp NO_MOZPKGINSTALL=3Dyes +CPE_VENDOR=3D mozilla =20 FIREFOX_ICON=3D ${MOZILLA}.png FIREFOX_ICON_SRC=3D ${PREFIX}/lib/${MOZILLA}/browser/chrome/icons/default/= default48.png Index: www/firefox/files/patch-disable-ssl3 =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D --- www/firefox/files/patch-disable-ssl3 (revision 0) +++ www/firefox/files/patch-disable-ssl3 (working copy) @@ -0,0 +1,22 @@ +--- netwerk/base/public/security-prefs.js.orig ++++ netwerk/base/public/security-prefs.js +@@ -2,7 +2,7 @@ + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ +=20 +-pref("security.tls.version.min", 0); ++pref("security.tls.version.min", 1); + pref("security.tls.version.max", 3); +=20 + pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_avai= lable_pref", false); +--- security/manager/ssl/src/nsNSSComponent.cpp.orig ++++ security/manager/ssl/src/nsNSSComponent.cpp +@@ -1076,7 +1076,7 @@ nsresult + nsNSSComponent::setEnabledTLSVersions() + { + // keep these values in sync with security-prefs.js +- static const int32_t PSM_DEFAULT_MIN_TLS_VERSION =3D 0; ++ static const int32_t PSM_DEFAULT_MIN_TLS_VERSION =3D 1; + static const int32_t PSM_DEFAULT_MAX_TLS_VERSION =3D 3; +=20 + int32_t minVersion =3D Preferences::GetInt("security.tls.version.min", Property changes on: www/firefox/files/patch-disable-ssl3 ___________________________________________________________________ Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property DES --=20 Dag-Erling Sm=C3=B8rgrav - des@des.no
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?86egu9zoej.fsf>