pkgsrc-Changes archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
CVS commit: pkgsrc/www/seamonkey
Module Name: pkgsrc
Committed By: maya
Date: Mon Mar 26 22:56:07 UTC 2018
Modified Files:
pkgsrc/www/seamonkey: Makefile distinfo
Added Files:
pkgsrc/www/seamonkey/patches:
patch-mozilla_gfx_layers_opengl_CompositingRenderTargetOGL.cpp
patch-mozilla_gfx_layers_opengl_CompositingRenderTargetOGL.h
Log Message:
seamonkey: provide patch for CVE-2018-5148: Use-after-free in compositor
A use-after-free vulnerability can occur in the compositor during
certain graphics operations when a raw pointer is used instead of a
reference counted one. This results in a potentially exploitable crash
Bug 1440717 - Use RefPtr for CompositingRenderTargetOGL::mGL. r=Bas, a=ritu
PKGREVISION++
To generate a diff of this commit:
cvs rdiff -u -r1.173 -r1.174 pkgsrc/www/seamonkey/Makefile
cvs rdiff -u -r1.150 -r1.151 pkgsrc/www/seamonkey/distinfo
cvs rdiff -u -r0 -r1.1 \
pkgsrc/www/seamonkey/patches/patch-mozilla_gfx_layers_opengl_CompositingRenderTargetOGL.cpp \
pkgsrc/www/seamonkey/patches/patch-mozilla_gfx_layers_opengl_CompositingRenderTargetOGL.h
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: pkgsrc/www/seamonkey/Makefile
diff -u pkgsrc/www/seamonkey/Makefile:1.173 pkgsrc/www/seamonkey/Makefile:1.174
--- pkgsrc/www/seamonkey/Makefile:1.173 Sat Mar 17 00:06:17 2018
+++ pkgsrc/www/seamonkey/Makefile Mon Mar 26 22:56:07 2018
@@ -1,8 +1,8 @@
-# $NetBSD: Makefile,v 1.173 2018/03/17 00:06:17 maya Exp $
+# $NetBSD: Makefile,v 1.174 2018/03/26 22:56:07 maya Exp $
DISTNAME= seamonkey-${SM_VER}.source
PKGNAME= seamonkey-${SM_VER:S/b/beta/}
-PKGREVISION= 3
+PKGREVISION= 4
SM_VER= 2.49.2
CATEGORIES= www
MASTER_SITES= ${MASTER_SITE_MOZILLA:=seamonkey/releases/${SM_VER}/source/}
Index: pkgsrc/www/seamonkey/distinfo
diff -u pkgsrc/www/seamonkey/distinfo:1.150 pkgsrc/www/seamonkey/distinfo:1.151
--- pkgsrc/www/seamonkey/distinfo:1.150 Sat Mar 17 00:06:17 2018
+++ pkgsrc/www/seamonkey/distinfo Mon Mar 26 22:56:07 2018
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.150 2018/03/17 00:06:17 maya Exp $
+$NetBSD: distinfo,v 1.151 2018/03/26 22:56:07 maya Exp $
SHA1 (seamonkey-2.49.2.source.tar.xz) = 843ff7e74e488d03bdbf72237a1973c50887494b
RMD160 (seamonkey-2.49.2.source.tar.xz) = 9f79789a5d44985d96f8549f537ad01f23c1fc2c
@@ -37,6 +37,8 @@ SHA1 (patch-mozilla_gfx_cairo_libpixman_
SHA1 (patch-mozilla_gfx_gl_GLContextProviderGLX.cpp) = d4d0cdf25ae15f7cc07d1ad213ec7d2b015e4168
SHA1 (patch-mozilla_gfx_graphite2_moz-gr-update.sh) = 22365f3d536b929a73e8e5d99a34f5857b5b2d35
SHA1 (patch-mozilla_gfx_graphite2_src_Bidi.cpp) = fb97becdfeeea742e8c0bc51e10efc124a2a11f3
+SHA1 (patch-mozilla_gfx_layers_opengl_CompositingRenderTargetOGL.cpp) = 296b7d67033aad8d3f914caa97574b44be9a0a47
+SHA1 (patch-mozilla_gfx_layers_opengl_CompositingRenderTargetOGL.h) = 52ce2aa5557ff6dc74d4ae1e931f20be3c4dbe78
SHA1 (patch-mozilla_gfx_moz.build) = c3bb9f947bb6cb19d890fba83bd9dd4ac29d2ebf
SHA1 (patch-mozilla_gfx_skia_generate__mozbuild.py) = 9850cc0636728061cad1297716bdf43d6ef5d063
SHA1 (patch-mozilla_gfx_skia_moz.build) = e7337cf958e2ab9f422573519eb4ee0666319964
Added files:
Index: pkgsrc/www/seamonkey/patches/patch-mozilla_gfx_layers_opengl_CompositingRenderTargetOGL.cpp
diff -u /dev/null pkgsrc/www/seamonkey/patches/patch-mozilla_gfx_layers_opengl_CompositingRenderTargetOGL.cpp:1.1
--- /dev/null Mon Mar 26 22:56:07 2018
+++ pkgsrc/www/seamonkey/patches/patch-mozilla_gfx_layers_opengl_CompositingRenderTargetOGL.cpp Mon Mar 26 22:56:07 2018
@@ -0,0 +1,21 @@
+$NetBSD: patch-mozilla_gfx_layers_opengl_CompositingRenderTargetOGL.cpp,v 1.1 2018/03/26 22:56:07 maya Exp $
+
+CVE-2018-5148: Use-after-free in compositor
+
+A use-after-free vulnerability can occur in the compositor during
+certain graphics operations when a raw pointer is used instead of a
+reference counted one. This results in a potentially exploitable crash
+
+Bug 1440717 - Use RefPtr for CompositingRenderTargetOGL::mGL. r=Bas, a=ritu
+
+--- mozilla/gfx/layers/opengl/CompositingRenderTargetOGL.cpp.orig 2018-02-05 11:48:12.000000000 +0000
++++ mozilla/gfx/layers/opengl/CompositingRenderTargetOGL.cpp
+@@ -60,7 +60,7 @@ CompositingRenderTargetOGL::BindRenderTa
+ msg.AppendPrintf("Framebuffer not complete -- CheckFramebufferStatus returned 0x%x, "
+ "GLContext=%p, IsOffscreen()=%d, mFBO=%d, aFBOTextureTarget=0x%x, "
+ "aRect.width=%d, aRect.height=%d",
+- result, mGL, mGL->IsOffscreen(), mFBO, mInitParams.mFBOTextureTarget,
++ result, mGL.get(), mGL->IsOffscreen(), mFBO, mInitParams.mFBOTextureTarget,
+ mInitParams.mSize.width, mInitParams.mSize.height);
+ NS_WARNING(msg.get());
+ }
Index: pkgsrc/www/seamonkey/patches/patch-mozilla_gfx_layers_opengl_CompositingRenderTargetOGL.h
diff -u /dev/null pkgsrc/www/seamonkey/patches/patch-mozilla_gfx_layers_opengl_CompositingRenderTargetOGL.h:1.1
--- /dev/null Mon Mar 26 22:56:07 2018
+++ pkgsrc/www/seamonkey/patches/patch-mozilla_gfx_layers_opengl_CompositingRenderTargetOGL.h Mon Mar 26 22:56:07 2018
@@ -0,0 +1,21 @@
+$NetBSD: patch-mozilla_gfx_layers_opengl_CompositingRenderTargetOGL.h,v 1.1 2018/03/26 22:56:07 maya Exp $
+
+CVE-2018-5148: Use-after-free in compositor
+
+A use-after-free vulnerability can occur in the compositor during
+certain graphics operations when a raw pointer is used instead of a
+reference counted one. This results in a potentially exploitable crash
+
+Bug 1440717 - Use RefPtr for CompositingRenderTargetOGL::mGL. r=Bas, a=ritu
+
+--- mozilla/gfx/layers/opengl/CompositingRenderTargetOGL.h.orig 2018-02-05 11:48:08.000000000 +0000
++++ mozilla/gfx/layers/opengl/CompositingRenderTargetOGL.h
+@@ -184,7 +184,7 @@ private:
+ * the target is always cleared at the end of a frame.
+ */
+ RefPtr<CompositorOGL> mCompositor;
+- GLContext* mGL;
++ RefPtr<GLContext> mGL;
+ GLuint mTextureHandle;
+ GLuint mFBO;
+ };
Home |
Main Index |
Thread Index |
Old Index