POODLE SSLv3 vulnerability
Jan Beich
jbeich at vfemail.net
Wed Oct 15 10:55:54 UTC 2014
Dag-Erling Smørgrav <des at des.no> writes:
> Updated (still untested) patch which also adds CPE information:
>
> Index: www/firefox/Makefile
> ===================================================================
> --- www/firefox/Makefile (revision 370893)
> +++ www/firefox/Makefile (working copy)
> @@ -4,6 +4,7 @@
> PORTNAME= firefox
> DISTVERSION= 32.0.3
> DISTVERSIONSUFFIX=.source
> +PORTREVISION= 1
Too late. Mozilla already announced (other) vulnerabilities in Firefox 32.0.
Firefox 33.0 is pending merge to ports in bug 194356.
https://www.mozilla.org/security/announce/
> PORTEPOCH= 1
> CATEGORIES= www ipv6
> MASTER_SITES= MOZILLA/${PORTNAME}/releases/${DISTVERSION}/source \
> @@ -44,9 +45,10 @@
> ALL_TARGET= default
> GNU_CONFIGURE= yes
> USE_GL= gl
> -USES= dos2unix tar:bzip2
> +USES= cpe dos2unix tar:bzip2
> DOS2UNIX_FILES= media/webrtc/trunk/webrtc/system_wrappers/source/spreadsortlib/spreadsort.hpp
> NO_MOZPKGINSTALL=yes
> +CPE_VENDOR= mozilla
Already in bsd.gecko.mk since r363978 or Firefox 31.0 update.
>
> FIREFOX_ICON= ${MOZILLA}.png
> FIREFOX_ICON_SRC= ${PREFIX}/lib/${MOZILLA}/browser/chrome/icons/default/default48.png
> Index: www/firefox/files/patch-disable-ssl3
> ===================================================================
> --- www/firefox/files/patch-disable-ssl3 (revision 0)
> +++ www/firefox/files/patch-disable-ssl3 (working copy)
> @@ -0,0 +1,22 @@
> +--- netwerk/base/public/security-prefs.js.orig
> ++++ netwerk/base/public/security-prefs.js
> +@@ -2,7 +2,7 @@
> + * License, v. 2.0. If a copy of the MPL was not distributed with this
> + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
> +
> +-pref("security.tls.version.min", 0);
> ++pref("security.tls.version.min", 1);
> + pref("security.tls.version.max", 3);
> +
> + pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", false);
> +--- security/manager/ssl/src/nsNSSComponent.cpp.orig
> ++++ security/manager/ssl/src/nsNSSComponent.cpp
> +@@ -1076,7 +1076,7 @@ nsresult
> + nsNSSComponent::setEnabledTLSVersions()
> + {
> + // keep these values in sync with security-prefs.js
> +- static const int32_t PSM_DEFAULT_MIN_TLS_VERSION = 0;
> ++ static const int32_t PSM_DEFAULT_MIN_TLS_VERSION = 1;
> + static const int32_t PSM_DEFAULT_MAX_TLS_VERSION = 3;
> +
> + int32_t minVersion = Preferences::GetInt("security.tls.version.min",
This is already tracked upstream and may land *before* 34.0. Anyway, I've
added the patch under different filename and applied to linux- ports.
https://bugzilla.mozilla.org/show_bug.cgi?id=1076983
-------------------------------------------------
VFEmail.net - http://www.vfemail.net
ONLY AT VFEmail! - Use our Metadata Mitigator to keep your email out of the NSA's hands!
$24.95 ONETIME Lifetime accounts with Privacy Features!
15GB disk! No bandwidth quotas!
Commercial and Bulk Mail Options!
More information about the freebsd-gecko
mailing list