diff options
| author | Beat Gaetzi <beat@FreeBSD.org> | 2014-10-15 15:48:16 +0000 |
|---|---|---|
| committer | Beat Gaetzi <beat@FreeBSD.org> | 2014-10-15 15:48:16 +0000 |
| commit | 8f7f02ae397da7ce0cf9c3bc16b5d117807c1949 (patch) | |
| tree | c910dffa13397137a5faa661668aff88ff8d1a77 /mail/thunderbird/files/patch-bug1076983 | |
| parent | - Allow svnup to work with TLS; SSLv3 is being disabled due to POODLE. (diff) | |
- Update Firefox to 33.0
- Update Firefox ESR to 31.2.0
- Update NSS to 3.17.2
- Update Thunderbird to 31.2.0
- Update libxul to 31.2.0 (and mark as BROKEN)
- Disable SSL 3.0 with pref (Upstream bug 1076983)
- (workaround) replace USE_GCC=yes with USES=compiler:gcc-c++11-lib in
order to fix runtime for PGO and powerpc/powerpc64 on libc++ systems
- Add OSS audio fallback for HTML5 audio from upstream bug;
not exposed yet because WebRTC still needs ALSA or PulseAudio
- Kill @dirrm from gecko@ ports per CHANGES from 20140922
- Drop workaround for LLVM PR 19007: base and lang/clang34 have the fix
- Improve workaround comment for LLVM PR 15840, partially rejecting
r348851 by marino@ until bug 193555
PR: 194356
Submitted by: Jan Beich
Security: http://www.vuxml.org/freebsd/9c1495ac-8d8c-4789-a0f3-8ca6b476619c.html
Notes
Notes:
svn path=/head/; revision=370932
Diffstat (limited to '')
| -rw-r--r-- | mail/thunderbird/files/patch-bug1076983 | 45 |
1 files changed, 45 insertions, 0 deletions
diff --git a/mail/thunderbird/files/patch-bug1076983 b/mail/thunderbird/files/patch-bug1076983 new file mode 100644 index 000000000000..ff764be7398f --- /dev/null +++ b/mail/thunderbird/files/patch-bug1076983 @@ -0,0 +1,45 @@ +commit e10ee74 +Author: Martin Thomson <martin.thomson@gmail.com> +Date: Tue Oct 14 17:17:35 2014 -0700 + + Bug 1076983 - Disabling SSL 3.0 with pref +--- + netwerk/base/public/security-prefs.js | 2 +- + security/manager/ssl/src/nsNSSComponent.cpp | 7 +++---- + 2 files changed, 4 insertions(+), 5 deletions(-) + +diff --git netwerk/base/public/security-prefs.js netwerk/base/public/security-prefs.js +index 352552e..c12731b 100644 +--- mozilla/netwerk/base/public/security-prefs.js ++++ mozilla/netwerk/base/public/security-prefs.js +@@ -2,7 +2,7 @@ + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +-pref("security.tls.version.min", 0); ++pref("security.tls.version.min", 1); + pref("security.tls.version.max", 3); + + pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", false); +diff --git security/manager/ssl/src/nsNSSComponent.cpp security/manager/ssl/src/nsNSSComponent.cpp +index 8cab67b..772959d 100644 +--- mozilla/security/manager/ssl/src/nsNSSComponent.cpp ++++ mozilla/security/manager/ssl/src/nsNSSComponent.cpp +@@ -829,14 +829,13 @@ void nsNSSComponent::setValidationOptions(bool isInitialSetting, + mDefaultCertVerifier = new SharedCertVerifier(odc, osc, ogc, pinningMode); + } + +-// Enable the TLS versions given in the prefs, defaulting to SSL 3.0 (min +-// version) and TLS 1.2 (max version) when the prefs aren't set or set to +-// invalid values. ++// Enable the TLS versions given in the prefs, defaulting to TLS 1.0 (min) and ++// TLS 1.2 (max) when the prefs aren't set or set to invalid values. + nsresult + nsNSSComponent::setEnabledTLSVersions() + { + // keep these values in sync with security-prefs.js +- static const int32_t PSM_DEFAULT_MIN_TLS_VERSION = 0; ++ static const int32_t PSM_DEFAULT_MIN_TLS_VERSION = 1; + static const int32_t PSM_DEFAULT_MAX_TLS_VERSION = 3; + + int32_t minVersion = Preferences::GetInt("security.tls.version.min", |