Date: Wed, 15 Oct 2014 11:13:24 +0200 From: =?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?= <des@des.no> To: ports-secteam@freebsd.org Cc: gecko@freebsd.org Subject: Re: POODLE SSLv3 vulnerability Message-ID: <86egu9zoej.fsf@nine.des.no> In-Reply-To: <8661fmgk1c.fsf@nine.des.no> ("Dag-Erling =?utf-8?Q?Sm=C3=B8r?= =?utf-8?Q?grav=22's?= message of "Wed, 15 Oct 2014 04:10:23 %2B0200") References: <86iojmgn40.fsf@nine.des.no> <8661fmgk1c.fsf@nine.des.no>
next in thread | previous in thread | raw e-mail | index | archive | help
Updated (still untested) patch which also adds CPE information:
Index: www/firefox/Makefile
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
--- www/firefox/Makefile (revision 370893)
+++ www/firefox/Makefile (working copy)
@@ -4,6 +4,7 @@
PORTNAME=3D firefox
DISTVERSION=3D 32.0.3
DISTVERSIONSUFFIX=3D.source
+PORTREVISION=3D 1
PORTEPOCH=3D 1
CATEGORIES=3D www ipv6
MASTER_SITES=3D MOZILLA/${PORTNAME}/releases/${DISTVERSION}/source \
@@ -44,9 +45,10 @@
ALL_TARGET=3D default
GNU_CONFIGURE=3D yes
USE_GL=3D gl
-USES=3D dos2unix tar:bzip2
+USES=3D cpe dos2unix tar:bzip2
DOS2UNIX_FILES=3D media/webrtc/trunk/webrtc/system_wrappers/source/spreads=
ortlib/spreadsort.hpp
NO_MOZPKGINSTALL=3Dyes
+CPE_VENDOR=3D mozilla
=20
FIREFOX_ICON=3D ${MOZILLA}.png
FIREFOX_ICON_SRC=3D ${PREFIX}/lib/${MOZILLA}/browser/chrome/icons/default/=
default48.png
Index: www/firefox/files/patch-disable-ssl3
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
--- www/firefox/files/patch-disable-ssl3 (revision 0)
+++ www/firefox/files/patch-disable-ssl3 (working copy)
@@ -0,0 +1,22 @@
+--- netwerk/base/public/security-prefs.js.orig
++++ netwerk/base/public/security-prefs.js
+@@ -2,7 +2,7 @@
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+=20
+-pref("security.tls.version.min", 0);
++pref("security.tls.version.min", 1);
+ pref("security.tls.version.max", 3);
+=20
+ pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_avai=
lable_pref", false);
+--- security/manager/ssl/src/nsNSSComponent.cpp.orig
++++ security/manager/ssl/src/nsNSSComponent.cpp
+@@ -1076,7 +1076,7 @@ nsresult
+ nsNSSComponent::setEnabledTLSVersions()
+ {
+ // keep these values in sync with security-prefs.js
+- static const int32_t PSM_DEFAULT_MIN_TLS_VERSION =3D 0;
++ static const int32_t PSM_DEFAULT_MIN_TLS_VERSION =3D 1;
+ static const int32_t PSM_DEFAULT_MAX_TLS_VERSION =3D 3;
+=20
+ int32_t minVersion =3D Preferences::GetInt("security.tls.version.min",
Property changes on: www/firefox/files/patch-disable-ssl3
___________________________________________________________________
Added: svn:mime-type
## -0,0 +1 ##
+text/plain
\ No newline at end of property
Added: fbsd:nokeywords
## -0,0 +1 ##
+yes
\ No newline at end of property
Added: svn:eol-style
## -0,0 +1 ##
+native
\ No newline at end of property
DES
--=20
Dag-Erling Sm=C3=B8rgrav - des@des.no
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?86egu9zoej.fsf>