POODLE SSLv3 vulnerability

Dag-Erling Smørgrav des at des.no
Wed Oct 15 09:13:25 UTC 2014 

Updated (still untested) patch which also adds CPE information:

Index: www/firefox/Makefile
===================================================================
--- www/firefox/Makefile	(revision 370893)
+++ www/firefox/Makefile	(working copy)
@@ -4,6 +4,7 @@
 PORTNAME=	firefox
 DISTVERSION=	32.0.3
 DISTVERSIONSUFFIX=.source
+PORTREVISION=	1
 PORTEPOCH=	1
 CATEGORIES=	www ipv6
 MASTER_SITES=	MOZILLA/${PORTNAME}/releases/${DISTVERSION}/source \
@@ -44,9 +45,10 @@
 ALL_TARGET=	default
 GNU_CONFIGURE=	yes
 USE_GL=		gl
-USES=		dos2unix tar:bzip2
+USES=		cpe dos2unix tar:bzip2
 DOS2UNIX_FILES=	media/webrtc/trunk/webrtc/system_wrappers/source/spreadsortlib/spreadsort.hpp
 NO_MOZPKGINSTALL=yes
+CPE_VENDOR=	mozilla
 
 FIREFOX_ICON=		${MOZILLA}.png
 FIREFOX_ICON_SRC=	${PREFIX}/lib/${MOZILLA}/browser/chrome/icons/default/default48.png
Index: www/firefox/files/patch-disable-ssl3
===================================================================
--- www/firefox/files/patch-disable-ssl3	(revision 0)
+++ www/firefox/files/patch-disable-ssl3	(working copy)
@@ -0,0 +1,22 @@
+--- netwerk/base/public/security-prefs.js.orig
++++ netwerk/base/public/security-prefs.js
+@@ -2,7 +2,7 @@
+  * License, v. 2.0. If a copy of the MPL was not distributed with this
+  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+ 
+-pref("security.tls.version.min", 0);
++pref("security.tls.version.min", 1);
+ pref("security.tls.version.max", 3);
+ 
+ pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", false);
+--- security/manager/ssl/src/nsNSSComponent.cpp.orig
++++ security/manager/ssl/src/nsNSSComponent.cpp
+@@ -1076,7 +1076,7 @@ nsresult
+ nsNSSComponent::setEnabledTLSVersions()
+ {
+   // keep these values in sync with security-prefs.js
+-  static const int32_t PSM_DEFAULT_MIN_TLS_VERSION = 0;
++  static const int32_t PSM_DEFAULT_MIN_TLS_VERSION = 1;
+   static const int32_t PSM_DEFAULT_MAX_TLS_VERSION = 3;
+ 
+   int32_t minVersion = Preferences::GetInt("security.tls.version.min",

Property changes on: www/firefox/files/patch-disable-ssl3
___________________________________________________________________
Added: svn:mime-type
## -0,0 +1 ##
+text/plain
\ No newline at end of property
Added: fbsd:nokeywords
## -0,0 +1 ##
+yes
\ No newline at end of property
Added: svn:eol-style
## -0,0 +1 ##
+native
\ No newline at end of property

DES
-- 
Dag-Erling Smørgrav - des at des.no

More information about the freebsd-gecko mailing list