From 8f7f02ae397da7ce0cf9c3bc16b5d117807c1949 Mon Sep 17 00:00:00 2001 From: Beat Gaetzi Date: Wed, 15 Oct 2014 15:48:16 +0000 Subject: - Update Firefox to 33.0 - Update Firefox ESR to 31.2.0 - Update NSS to 3.17.2 - Update Thunderbird to 31.2.0 - Update libxul to 31.2.0 (and mark as BROKEN) - Disable SSL 3.0 with pref (Upstream bug 1076983) - (workaround) replace USE_GCC=yes with USES=compiler:gcc-c++11-lib in order to fix runtime for PGO and powerpc/powerpc64 on libc++ systems - Add OSS audio fallback for HTML5 audio from upstream bug; not exposed yet because WebRTC still needs ALSA or PulseAudio - Kill @dirrm from gecko@ ports per CHANGES from 20140922 - Drop workaround for LLVM PR 19007: base and lang/clang34 have the fix - Improve workaround comment for LLVM PR 15840, partially rejecting r348851 by marino@ until bug 193555 PR: 194356 Submitted by: Jan Beich Security: http://www.vuxml.org/freebsd/9c1495ac-8d8c-4789-a0f3-8ca6b476619c.html --- www/libxul/files/patch-bug1076983 | 45 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 45 insertions(+) create mode 100644 www/libxul/files/patch-bug1076983 (limited to 'www/libxul/files/patch-bug1076983') diff --git a/www/libxul/files/patch-bug1076983 b/www/libxul/files/patch-bug1076983 new file mode 100644 index 000000000000..182aadf58bf5 --- /dev/null +++ b/www/libxul/files/patch-bug1076983 @@ -0,0 +1,45 @@ +commit e10ee74 +Author: Martin Thomson +Date: Tue Oct 14 17:17:35 2014 -0700 + + Bug 1076983 - Disabling SSL 3.0 with pref +--- + netwerk/base/public/security-prefs.js | 2 +- + security/manager/ssl/src/nsNSSComponent.cpp | 7 +++---- + 2 files changed, 4 insertions(+), 5 deletions(-) + +diff --git netwerk/base/public/security-prefs.js netwerk/base/public/security-prefs.js +index 352552e..c12731b 100644 +--- netwerk/base/public/security-prefs.js ++++ netwerk/base/public/security-prefs.js +@@ -2,7 +2,7 @@ + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +-pref("security.tls.version.min", 0); ++pref("security.tls.version.min", 1); + pref("security.tls.version.max", 3); + + pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", false); +diff --git security/manager/ssl/src/nsNSSComponent.cpp security/manager/ssl/src/nsNSSComponent.cpp +index 8cab67b..772959d 100644 +--- security/manager/ssl/src/nsNSSComponent.cpp ++++ security/manager/ssl/src/nsNSSComponent.cpp +@@ -829,14 +829,13 @@ void nsNSSComponent::setValidationOptions(bool isInitialSetting, + mDefaultCertVerifier = new SharedCertVerifier(odc, osc, ogc, pinningMode); + } + +-// Enable the TLS versions given in the prefs, defaulting to SSL 3.0 (min +-// version) and TLS 1.2 (max version) when the prefs aren't set or set to +-// invalid values. ++// Enable the TLS versions given in the prefs, defaulting to TLS 1.0 (min) and ++// TLS 1.2 (max) when the prefs aren't set or set to invalid values. + nsresult + nsNSSComponent::setEnabledTLSVersions() + { + // keep these values in sync with security-prefs.js +- static const int32_t PSM_DEFAULT_MIN_TLS_VERSION = 0; ++ static const int32_t PSM_DEFAULT_MIN_TLS_VERSION = 1; + static const int32_t PSM_DEFAULT_MAX_TLS_VERSION = 3; + + int32_t minVersion = Preferences::GetInt("security.tls.version.min", -- cgit v1.2.3