Bug 250665 - [PATCH] security/nss: Bug in 3.58 breaks several applications
Summary: [PATCH] security/nss: Bug in 3.58 breaks several applications
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Some People
Assignee: freebsd-gecko (Nobody)
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2020-10-27 08:42 UTC by yamagi
Modified: 2020-10-28 10:56 UTC (History)
1 user (show)

See Also:
jbeich: maintainer-feedback+
jbeich: merge-quarterly+


Attachments
Integrate the upstream fix into the port (9.04 KB, patch)
2020-10-27 08:42 UTC, yamagi
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description yamagi 2020-10-27 08:42:44 UTC
Created attachment 219138 [details]
Integrate the upstream fix into the port

Hi,
the update to security/nss 3.58 on 2020-10-17 introduced a nasty upstream bug that broke several applications. Most notably pidgin. The upstream bug report also mentions curl, but I could not reproduce that.

The attached patch integrates the upstream fix into the port and bumps PORTREVISION.

The upstream bug report: https://bugzilla.mozilla.org/show_bug.cgi?id=1672703
The upstream fix is here: https://hg.mozilla.org/projects/nss/rev/b03a4fc5b902498414b02640dcb2717dfef9682f

Regards,
Yamagi
Comment 1 commit-hook freebsd_committer 2020-10-28 10:50:59 UTC
A commit references this bug:

Author: jbeich
Date: Wed Oct 28 10:50:30 UTC 2020
New revision: 553535
URL: https://svnweb.freebsd.org/changeset/ports/553535

Log:
  security/nss: unbreak non-gecko consumers after r552532

  Pidgin failed with "nss: Handshake failed (-12251)" i.e.,
  SSL_ERROR_RX_MALFORMED_CHANGE_CIPHER -12251 "SSL received a malformed Change Cipher Spec record."

  PR:		250665
  Submitted by:	yamagi@yamagi.org

Changes:
  head/security/nss/Makefile
  head/security/nss/files/patch-bug1672703
Comment 2 commit-hook freebsd_committer 2020-10-28 10:51:01 UTC
A commit references this bug:

Author: jbeich
Date: Wed Oct 28 10:50:53 UTC 2020
New revision: 553536
URL: https://svnweb.freebsd.org/changeset/ports/553536

Log:
  MFH: r553535

  security/nss: unbreak non-gecko consumers after r552532

  Pidgin failed with "nss: Handshake failed (-12251)" i.e.,
  SSL_ERROR_RX_MALFORMED_CHANGE_CIPHER -12251 "SSL received a malformed Change Cipher Spec record."

  PR:		250665
  Submitted by:	yamagi@yamagi.org
  Approved by:	ports-secteam blanket

Changes:
_U  branches/2020Q4/
  branches/2020Q4/security/nss/Makefile
  branches/2020Q4/security/nss/files/patch-bug1672703
Comment 3 Jan Beich freebsd_committer 2020-10-28 10:55:47 UTC
Thanks. Expect /latest and /quarterly packages to get the fix in ~2 days (builds start on Tuesday/Thursday/Saturday/Sunday at 01:00 UTC).