pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/www/seamonkey seamonkey: apply patch from firefox52 to...
details: https://anonhg.NetBSD.org/pkgsrc/rev/b8b6d2794d3a
branches: trunk
changeset: 377417:b8b6d2794d3a
user: maya <maya%pkgsrc.org@localhost>
date: Fri Mar 16 23:25:56 2018 +0000
description:
seamonkey: apply patch from firefox52 to fix CVE-2018-5146
remote code execution via ogg files.
Note firefox52 nor this patches tremor, so the vulnerability still exists
for ARM (which uses tremor rather than vorbis).
Blind commit. I don't have the resources to build so many firefoxes.
However it is based off firefox52.
PKGREVISION++
diffstat:
www/seamonkey/Makefile | 4 +-
www/seamonkey/distinfo | 3 +-
www/seamonkey/patches/patch-CVE-2018-5146 | 82 +++++++++++++++++++++++++++++++
3 files changed, 86 insertions(+), 3 deletions(-)
diffs (115 lines):
diff -r cbaf495c4905 -r b8b6d2794d3a www/seamonkey/Makefile
--- a/www/seamonkey/Makefile Fri Mar 16 23:02:09 2018 +0000
+++ b/www/seamonkey/Makefile Fri Mar 16 23:25:56 2018 +0000
@@ -1,8 +1,8 @@
-# $NetBSD: Makefile,v 1.171 2018/03/12 11:17:47 wiz Exp $
+# $NetBSD: Makefile,v 1.172 2018/03/16 23:25:56 maya Exp $
DISTNAME= seamonkey-${SM_VER}.source
PKGNAME= seamonkey-${SM_VER:S/b/beta/}
-PKGREVISION= 1
+PKGREVISION= 2
SM_VER= 2.49.2
CATEGORIES= www
MASTER_SITES= ${MASTER_SITE_MOZILLA:=seamonkey/releases/${SM_VER}/source/}
diff -r cbaf495c4905 -r b8b6d2794d3a www/seamonkey/distinfo
--- a/www/seamonkey/distinfo Fri Mar 16 23:02:09 2018 +0000
+++ b/www/seamonkey/distinfo Fri Mar 16 23:25:56 2018 +0000
@@ -1,9 +1,10 @@
-$NetBSD: distinfo,v 1.148 2018/03/03 22:14:41 ryoon Exp $
+$NetBSD: distinfo,v 1.149 2018/03/16 23:25:56 maya Exp $
SHA1 (seamonkey-2.49.2.source.tar.xz) = 843ff7e74e488d03bdbf72237a1973c50887494b
RMD160 (seamonkey-2.49.2.source.tar.xz) = 9f79789a5d44985d96f8549f537ad01f23c1fc2c
SHA512 (seamonkey-2.49.2.source.tar.xz) = 6f69f7fb0a2de8086231b615b62b350edf6c903d2fde90ee4c79e316cfcf5a413097df9afe1397dbfe680e264f6be14c2c147be7ba11c5dbd73a1e9e01b8857e
Size (seamonkey-2.49.2.source.tar.xz) = 229980312 bytes
+SHA1 (patch-CVE-2018-5146) = 121d8511b4aef0a784ae12d12c35cd4282c9ab83
SHA1 (patch-ao) = e466058ed1899a64a9ab5b57290ff2baad1ea03c
SHA1 (patch-ldap_c-sdk_include_portable.h) = ce0b643fa031b74bf7d74eedc4f3729807aef799
SHA1 (patch-mail_app_Makefile.in) = da6ac87ffdcff733f11218cb11f8ef316bb1bc18
diff -r cbaf495c4905 -r b8b6d2794d3a www/seamonkey/patches/patch-CVE-2018-5146
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/www/seamonkey/patches/patch-CVE-2018-5146 Fri Mar 16 23:25:56 2018 +0000
@@ -0,0 +1,82 @@
+$NetBSD: patch-CVE-2018-5146,v 1.1 2018/03/16 23:25:56 maya Exp $
+
+CVE-2018-5146: Prevent out-of-bounds write in codebook decoding.
+
+Codebooks that are not an exact divisor of the partition size are now
+truncated to fit within the partition.
+
+--- mozilla/media/libvorbis/lib/vorbis_codebook.c.orig 2018-02-05 11:49:22.000000000 +0000
++++ mozilla/media/libvorbis/lib/vorbis_codebook.c
+@@ -387,7 +387,7 @@ long vorbis_book_decodevs_add(codebook *
+ t[i] = book->valuelist+entry[i]*book->dim;
+ }
+ for(i=0,o=0;i<book->dim;i++,o+=step)
+- for (j=0;j<step;j++)
++ for (j=0;o+j<n && j<step;j++)
+ a[o+j]+=t[j][i];
+ }
+ return(0);
+@@ -399,41 +399,12 @@ long vorbis_book_decodev_add(codebook *b
+ int i,j,entry;
+ float *t;
+
+- if(book->dim>8){
+- for(i=0;i<n;){
+- entry = decode_packed_entry_number(book,b);
+- if(entry==-1)return(-1);
+- t = book->valuelist+entry*book->dim;
+- for (j=0;j<book->dim;)
+- a[i++]+=t[j++];
+- }
+- }else{
+- for(i=0;i<n;){
+- entry = decode_packed_entry_number(book,b);
+- if(entry==-1)return(-1);
+- t = book->valuelist+entry*book->dim;
+- j=0;
+- switch((int)book->dim){
+- case 8:
+- a[i++]+=t[j++];
+- case 7:
+- a[i++]+=t[j++];
+- case 6:
+- a[i++]+=t[j++];
+- case 5:
+- a[i++]+=t[j++];
+- case 4:
+- a[i++]+=t[j++];
+- case 3:
+- a[i++]+=t[j++];
+- case 2:
+- a[i++]+=t[j++];
+- case 1:
+- a[i++]+=t[j++];
+- case 0:
+- break;
+- }
+- }
++ for(i=0;i<n;){
++ entry = decode_packed_entry_number(book,b);
++ if(entry==-1)return(-1);
++ t = book->valuelist+entry*book->dim;
++ for(j=0;i<n && j<book->dim;)
++ a[i++]+=t[j++];
+ }
+ }
+ return(0);
+@@ -471,12 +442,13 @@ long vorbis_book_decodevv_add(codebook *
+ long i,j,entry;
+ int chptr=0;
+ if(book->used_entries>0){
+- for(i=offset/ch;i<(offset+n)/ch;){
++ int m=(offset+n)/ch;
++ for(i=offset/ch;i<m;){
+ entry = decode_packed_entry_number(book,b);
+ if(entry==-1)return(-1);
+ {
+ const float *t = book->valuelist+entry*book->dim;
+- for (j=0;j<book->dim;j++){
++ for (j=0;i<m && j<book->dim;j++){
+ a[chptr++][i]+=t[j];
+ if(chptr==ch){
+ chptr=0;
Home |
Main Index |
Thread Index |
Old Index