CVS commit: [pkgsrc-2019Q4] pkgsrc/www/firefox68

To: pkgsrc-changes%NetBSD.org@localhost
Subject: CVS commit: [pkgsrc-2019Q4] pkgsrc/www/firefox68
From: "Benny Siegert" <bsiegert%netbsd.org@localhost>
Date: Fri, 10 Jan 2020 13:56:19 +0000

Module Name:    pkgsrc
Committed By:   bsiegert
Date:           Fri Jan 10 13:56:19 UTC 2020

Modified Files:
        pkgsrc/www/firefox68 [pkgsrc-2019Q4]: Makefile distinfo
Removed Files:
        pkgsrc/www/firefox68/patches [pkgsrc-2019Q4]: patch-rust-1.39.0

Log Message:
Pullup ticket #6113 - requested by nia
www/firefox68: security fix (zero-day)

Revisions pulled up:
- www/firefox68/Makefile                                        1.7-1.8
- www/firefox68/distinfo                                        1.6-1.7
- www/firefox68/patches/patch-rust-1.39.0                       deleted

---
   Module Name: pkgsrc
   Committed By:        nia
   Date:                Wed Jan  8 21:49:32 UTC 2020

   Modified Files:
        pkgsrc/www/firefox68: Makefile distinfo
   Removed Files:
        pkgsrc/www/firefox68/patches: patch-rust-1.39.0

   Log Message:
   firefox68: Update to 68.4.0

   Security Vulnerabilities fixed in Firefox ESR 68.4:

   # CVE-2019-17015: Memory corruption in parent process during new content process initialization on Windows
   # CVE-2019-17016: Bypass of @namespace CSS sanitization during pasting
   # CVE-2019-17017: Type Confusion in XPCVariant.cpp
   # CVE-2019-17021: Heap address disclosure in parent process during content process initialization on Windows
   # CVE-2019-17022: CSS sanitization does not escape HTML tags
   # CVE-2019-17024: Memory safety bugs fixed in Firefox 72 and Firefox ESR 68.4

---
   Module Name: pkgsrc
   Committed By:        nia
   Date:                Thu Jan  9 20:51:59 UTC 2020

   Modified Files:
        pkgsrc/www/firefox68: Makefile distinfo

   Log Message:
   firefox68: Update to 68.4.1

   This release fixes one zero-day vulnerability:

   CVE-2019-17026: IonMonkey type confusion with StoreElementHole and FallibleStoreElement

   Incorrect alias information in IonMonkey JIT compiler for setting array elements could lead to a type confusion.
   We are aware of targeted attacks in the wild abusing this flaw


To generate a diff of this commit:
cvs rdiff -u -r1.5 -r1.5.4.1 pkgsrc/www/firefox68/Makefile \
    pkgsrc/www/firefox68/distinfo
cvs rdiff -u -r1.1 -r0 pkgsrc/www/firefox68/patches/patch-rust-1.39.0

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/www/firefox68/Makefile
diff -u pkgsrc/www/firefox68/Makefile:1.5 pkgsrc/www/firefox68/Makefile:1.5.4.1
--- pkgsrc/www/firefox68/Makefile:1.5   Sun Dec  8 20:09:41 2019
+++ pkgsrc/www/firefox68/Makefile       Fri Jan 10 13:56:19 2020
@@ -1,8 +1,8 @@
-# $NetBSD: Makefile,v 1.5 2019/12/08 20:09:41 nia Exp $
+# $NetBSD: Makefile,v 1.5.4.1 2020/01/10 13:56:19 bsiegert Exp $
 
 FIREFOX_VER=           ${MOZ_BRANCH}${MOZ_BRANCH_MINOR}
-MOZ_BRANCH=            68.3
-MOZ_BRANCH_MINOR=      .0esr
+MOZ_BRANCH=            68.4
+MOZ_BRANCH_MINOR=      .1esr
 
 DISTNAME=      firefox-${FIREFOX_VER}.source
 PKGNAME=       ${DISTNAME:S/.source//:S/b/beta/:S/esr//:S/firefox-/firefox68-/}
Index: pkgsrc/www/firefox68/distinfo
diff -u pkgsrc/www/firefox68/distinfo:1.5 pkgsrc/www/firefox68/distinfo:1.5.4.1
--- pkgsrc/www/firefox68/distinfo:1.5   Sun Dec  8 20:09:41 2019
+++ pkgsrc/www/firefox68/distinfo       Fri Jan 10 13:56:19 2020
@@ -1,9 +1,9 @@
-$NetBSD: distinfo,v 1.5 2019/12/08 20:09:41 nia Exp $
+$NetBSD: distinfo,v 1.5.4.1 2020/01/10 13:56:19 bsiegert Exp $
 
-SHA1 (firefox-68.3.0esr.source.tar.xz) = 220c262c5cb2ee81d29c58a5afe4522c9880cf2b
-RMD160 (firefox-68.3.0esr.source.tar.xz) = 7cf26bd69a7414cdd78ab196e9add78b7235ef7c
-SHA512 (firefox-68.3.0esr.source.tar.xz) = f99a4a18aa1b4472152fc6de68ef56ee071c1adfc70a907c10943f8436758c9adc0fe05a90b894ea521cc0c30782e6e2c29f04747d7edf3e55080fa0c4ebf8c3
-Size (firefox-68.3.0esr.source.tar.xz) = 312378276 bytes
+SHA1 (firefox-68.4.1esr.source.tar.xz) = f11c0ecc0f17435149a2bce83f490bbd329e276d
+RMD160 (firefox-68.4.1esr.source.tar.xz) = 78098317b75b079a475a0bcb8a5f012178c1a643
+SHA512 (firefox-68.4.1esr.source.tar.xz) = 8dd85096f1223b2ab396cc3b89a9f1b113f01ce8919af08a278d077cc4380c108a66b6379c75d85311aa3c54a7804f4d51f718b309fe107ff7c44aca7e4386ed
+Size (firefox-68.4.1esr.source.tar.xz) = 318559576 bytes
 SHA1 (patch-aa) = 1f292aae7d37bd480ba834324b737bfebee52503
 SHA1 (patch-browser_app_profile_firefox.js) = 076cc2892547bac07fe907533f4e821f13f5738e
 SHA1 (patch-build_moz.configure_old.configure) = 05963b12fd908d90e3378b30cff7e48291b8a447
@@ -30,7 +30,6 @@ SHA1 (patch-media_libcubeb_src_cubeb__os
 SHA1 (patch-media_libcubeb_src_moz.build) = dcca90cb5132442877712cd7b1f4e832c93d2655
 SHA1 (patch-media_libcubeb_update.sh) = 4508319d8534a0cc983e4767c2142169af9e5033
 SHA1 (patch-media_libpng_pngpriv.h) = c8084332560017cd7c9b519b61d125fa28af0dbc
-SHA1 (patch-rust-1.39.0) = 73f41832022fb42c6d84131b6daf9396a1fea284
 SHA1 (patch-toolkit_components_terminator_nsTerminator.cpp) = e5700d95302ef9672b404ab19e13ef7ba3ede5cf
 SHA1 (patch-toolkit_library_moz.build) = 102e3713552c26f76e8b4e473846bb8fbc44b278
 SHA1 (patch-toolkit_modules_subprocess_subprocess__shared__unix.js) = 22a39e54e042ab2270a3cb54e4e307c8900cad12

Prev by Date: CVS commit: pkgsrc
Next by Date: CVS commit: [pkgsrc-2019Q4] pkgsrc/net/libtorrent-rasterbar
Previous by Thread: CVS commit: pkgsrc
Next by Thread: CVS commit: [pkgsrc-2019Q4] pkgsrc/net/libtorrent-rasterbar
Indexes:

Home | Main Index | Thread Index | Old Index