Fix an insecure connection error in HTTP2 case with devel/nss-3.28 or later
Bump PKGREVISION
This commit is contained in:
parent
58321317d9
commit
a5df064835
6 changed files with 41 additions and 6 deletions
|
@ -1,4 +1,4 @@
|
||||||
# $NetBSD: Makefile,v 1.276 2017/01/16 23:45:16 wiz Exp $
|
# $NetBSD: Makefile,v 1.277 2017/01/20 15:03:36 ryoon Exp $
|
||||||
|
|
||||||
FIREFOX_VER= ${MOZ_BRANCH}${MOZ_BRANCH_MINOR}
|
FIREFOX_VER= ${MOZ_BRANCH}${MOZ_BRANCH_MINOR}
|
||||||
MOZ_BRANCH= 50.1
|
MOZ_BRANCH= 50.1
|
||||||
|
@ -6,7 +6,7 @@ MOZ_BRANCH_MINOR= .0
|
||||||
|
|
||||||
DISTNAME= firefox-${FIREFOX_VER}.source
|
DISTNAME= firefox-${FIREFOX_VER}.source
|
||||||
PKGNAME= firefox-${MOZ_BRANCH}${MOZ_BRANCH_MINOR:S/b/beta/:S/esr//}
|
PKGNAME= firefox-${MOZ_BRANCH}${MOZ_BRANCH_MINOR:S/b/beta/:S/esr//}
|
||||||
PKGREVISION= 1
|
PKGREVISION= 2
|
||||||
CATEGORIES= www
|
CATEGORIES= www
|
||||||
MASTER_SITES+= ${MASTER_SITE_MOZILLA:=firefox/releases/${FIREFOX_VER}/source/}
|
MASTER_SITES+= ${MASTER_SITE_MOZILLA:=firefox/releases/${FIREFOX_VER}/source/}
|
||||||
MASTER_SITES+= ${MASTER_SITE_MOZILLA_ALL:=firefox/releases/${FIREFOX_VER}/source/}
|
MASTER_SITES+= ${MASTER_SITE_MOZILLA_ALL:=firefox/releases/${FIREFOX_VER}/source/}
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
$NetBSD: distinfo,v 1.265 2016/12/18 01:31:00 ryoon Exp $
|
$NetBSD: distinfo,v 1.266 2017/01/20 15:03:36 ryoon Exp $
|
||||||
|
|
||||||
SHA1 (firefox-50.1.0.source.tar.xz) = 6024dc49a566ed6296ad6cd707a199d41f090176
|
SHA1 (firefox-50.1.0.source.tar.xz) = 6024dc49a566ed6296ad6cd707a199d41f090176
|
||||||
RMD160 (firefox-50.1.0.source.tar.xz) = 8931f3ad4e8a2543b8cfc1c191289b5897e081de
|
RMD160 (firefox-50.1.0.source.tar.xz) = 8931f3ad4e8a2543b8cfc1c191289b5897e081de
|
||||||
|
@ -111,6 +111,7 @@ SHA1 (patch-moz.configure) = cd4d3851e9dc2c1adb6a92b6f3cd1966adcd5beb
|
||||||
SHA1 (patch-mozglue_build_arm.cpp) = f41ace63b3f1d2a8ccaffc98c3c64d1e22af5249
|
SHA1 (patch-mozglue_build_arm.cpp) = f41ace63b3f1d2a8ccaffc98c3c64d1e22af5249
|
||||||
SHA1 (patch-mozglue_build_arm.h) = 5e272f4e19b9681d43a63c45d78b0e44a392c7dc
|
SHA1 (patch-mozglue_build_arm.h) = 5e272f4e19b9681d43a63c45d78b0e44a392c7dc
|
||||||
SHA1 (patch-netwerk_dns_moz.build) = d4ad35ee7152ca206156403954cbd247d1252ab0
|
SHA1 (patch-netwerk_dns_moz.build) = d4ad35ee7152ca206156403954cbd247d1252ab0
|
||||||
|
SHA1 (patch-netwerk_protocol_http_Http2Session.cpp) = 9a2170e60aff96abda22c0784f5ee7dd00d79586
|
||||||
SHA1 (patch-python_mozbuild_mozbuild_configure_options.py) = f862ee425ae016df6fe12b55050a8dc075ecce89
|
SHA1 (patch-python_mozbuild_mozbuild_configure_options.py) = f862ee425ae016df6fe12b55050a8dc075ecce89
|
||||||
SHA1 (patch-rc) = 9628b038f036f3fc0e37bdf84fa0abf99dbc8d2a
|
SHA1 (patch-rc) = 9628b038f036f3fc0e37bdf84fa0abf99dbc8d2a
|
||||||
SHA1 (patch-toolkit_components_osfile_modules_osfile__unix__back.jsm) = 27e90fdfd5587f670958d832cd56107740b226ee
|
SHA1 (patch-toolkit_components_osfile_modules_osfile__unix__back.jsm) = 27e90fdfd5587f670958d832cd56107740b226ee
|
||||||
|
|
|
@ -0,0 +1,18 @@
|
||||||
|
$NetBSD: patch-netwerk_protocol_http_Http2Session.cpp,v 1.7 2017/01/20 15:03:37 ryoon Exp $
|
||||||
|
|
||||||
|
Fix an insecure connection error with NSS 3.28 or later in HTTP2 case
|
||||||
|
https://hg.mozilla.org/mozilla-central/rev/361ac226da2a
|
||||||
|
|
||||||
|
--- netwerk/protocol/http/Http2Session.cpp.orig 2016-10-31 20:15:27.000000000 +0000
|
||||||
|
+++ netwerk/protocol/http/Http2Session.cpp
|
||||||
|
@@ -3542,8 +3542,8 @@ Http2Session::ConfirmTLSProfile()
|
||||||
|
LOG3(("Http2Session::ConfirmTLSProfile %p FAILED due to DH %d < 2048\n",
|
||||||
|
this, keybits));
|
||||||
|
RETURN_SESSION_ERROR(this, INADEQUATE_SECURITY);
|
||||||
|
- } else if (kea == ssl_kea_ecdh && keybits < 256) { // 256 bits is "security level" of 128
|
||||||
|
- LOG3(("Http2Session::ConfirmTLSProfile %p FAILED due to ECDH %d < 256\n",
|
||||||
|
+ } else if (kea == ssl_kea_ecdh && keybits < 224) { // see rfc7540 9.2.1.
|
||||||
|
+ LOG3(("Http2Session::ConfirmTLSProfile %p FAILED due to ECDH %d < 224\n",
|
||||||
|
this, keybits));
|
||||||
|
RETURN_SESSION_ERROR(this, INADEQUATE_SECURITY);
|
||||||
|
}
|
|
@ -1,4 +1,4 @@
|
||||||
# $NetBSD: Makefile,v 1.15 2017/01/16 23:45:17 wiz Exp $
|
# $NetBSD: Makefile,v 1.16 2017/01/20 15:03:37 ryoon Exp $
|
||||||
|
|
||||||
MOZILLA_PKG_NAME= firefox45
|
MOZILLA_PKG_NAME= firefox45
|
||||||
FIREFOX_VER= ${MOZ_BRANCH}${MOZ_BRANCH_MINOR}
|
FIREFOX_VER= ${MOZ_BRANCH}${MOZ_BRANCH_MINOR}
|
||||||
|
@ -7,7 +7,7 @@ MOZ_BRANCH_MINOR= .0esr
|
||||||
|
|
||||||
DISTNAME= firefox-${FIREFOX_VER}.source
|
DISTNAME= firefox-${FIREFOX_VER}.source
|
||||||
PKGNAME= ${MOZILLA_PKG_NAME}-${MOZ_BRANCH}${MOZ_BRANCH_MINOR:S/b/beta/:S/esr//}
|
PKGNAME= ${MOZILLA_PKG_NAME}-${MOZ_BRANCH}${MOZ_BRANCH_MINOR:S/b/beta/:S/esr//}
|
||||||
PKGREVISION= 1
|
PKGREVISION= 2
|
||||||
CATEGORIES= www
|
CATEGORIES= www
|
||||||
MASTER_SITES+= ${MASTER_SITE_MOZILLA:=firefox/releases/${FIREFOX_VER}/source/}
|
MASTER_SITES+= ${MASTER_SITE_MOZILLA:=firefox/releases/${FIREFOX_VER}/source/}
|
||||||
MASTER_SITES+= ${MASTER_SITE_MOZILLA_ALL:=firefox/releases/${FIREFOX_VER}/source/}
|
MASTER_SITES+= ${MASTER_SITE_MOZILLA_ALL:=firefox/releases/${FIREFOX_VER}/source/}
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
$NetBSD: distinfo,v 1.9 2017/01/02 17:45:12 ryoon Exp $
|
$NetBSD: distinfo,v 1.10 2017/01/20 15:03:37 ryoon Exp $
|
||||||
|
|
||||||
SHA1 (firefox-45.6.0esr.source.tar.xz) = 4dda3d1965aabf0963de43180e6cadfc4ce6f650
|
SHA1 (firefox-45.6.0esr.source.tar.xz) = 4dda3d1965aabf0963de43180e6cadfc4ce6f650
|
||||||
RMD160 (firefox-45.6.0esr.source.tar.xz) = 2308f3c27264c3da29fe08e952138996b4575980
|
RMD160 (firefox-45.6.0esr.source.tar.xz) = 2308f3c27264c3da29fe08e952138996b4575980
|
||||||
|
@ -114,6 +114,7 @@ SHA1 (patch-modules_libpref_init_all.js) = fc47d4133490d3da79217864028f5a86023a6
|
||||||
SHA1 (patch-mozglue_build_arm.cpp) = e89e9ff5a26fb11b55df29a0b29d1cd6f35e46e6
|
SHA1 (patch-mozglue_build_arm.cpp) = e89e9ff5a26fb11b55df29a0b29d1cd6f35e46e6
|
||||||
SHA1 (patch-mozglue_build_arm.h) = e303e53d1931b28aab68346c7f6caac4402d16f1
|
SHA1 (patch-mozglue_build_arm.h) = e303e53d1931b28aab68346c7f6caac4402d16f1
|
||||||
SHA1 (patch-netwerk_dns_moz.build) = 6bf4691cf81d5f6fc1b392a4fac4368615e18faa
|
SHA1 (patch-netwerk_dns_moz.build) = 6bf4691cf81d5f6fc1b392a4fac4368615e18faa
|
||||||
|
SHA1 (patch-netwerk_protocol_http_Http2Session.cpp) = 7322fbf185aaf00c6caf9d6c5ceaa2600d188d47
|
||||||
SHA1 (patch-pb) = 97c9b2e4cefd524dc6ba825f71c3da2a761aa1f4
|
SHA1 (patch-pb) = 97c9b2e4cefd524dc6ba825f71c3da2a761aa1f4
|
||||||
SHA1 (patch-pc) = 8b2baa88f0983a2fef4f801cf6b1ae425f6c813a
|
SHA1 (patch-pc) = 8b2baa88f0983a2fef4f801cf6b1ae425f6c813a
|
||||||
SHA1 (patch-rc) = 3bc75b2005bb1a371231846ea605bcf55251db57
|
SHA1 (patch-rc) = 3bc75b2005bb1a371231846ea605bcf55251db57
|
||||||
|
|
|
@ -0,0 +1,15 @@
|
||||||
|
$NetBSD: patch-netwerk_protocol_http_Http2Session.cpp,v 1.1 2017/01/20 15:03:37 ryoon Exp $
|
||||||
|
|
||||||
|
--- netwerk/protocol/http/Http2Session.cpp.orig 2016-07-25 12:12:07.000000000 +0000
|
||||||
|
+++ netwerk/protocol/http/Http2Session.cpp
|
||||||
|
@@ -3521,8 +3521,8 @@ Http2Session::ConfirmTLSProfile()
|
||||||
|
LOG3(("Http2Session::ConfirmTLSProfile %p FAILED due to DH %d < 2048\n",
|
||||||
|
this, keybits));
|
||||||
|
RETURN_SESSION_ERROR(this, INADEQUATE_SECURITY);
|
||||||
|
- } else if (kea == ssl_kea_ecdh && keybits < 256) { // 256 bits is "security level" of 128
|
||||||
|
- LOG3(("Http2Session::ConfirmTLSProfile %p FAILED due to ECDH %d < 256\n",
|
||||||
|
+ } else if (kea == ssl_kea_ecdh && keybits < 224) { // see rfc7540 9.2.1.
|
||||||
|
+ LOG3(("Http2Session::ConfirmTLSProfile %p FAILED due to ECDH %d < 224\n",
|
||||||
|
this, keybits));
|
||||||
|
RETURN_SESSION_ERROR(this, INADEQUATE_SECURITY);
|
||||||
|
}
|
Loading…
Reference in a new issue