pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/www/firefox52 firefox52: update to 52.7.3
details: https://anonhg.NetBSD.org/pkgsrc/rev/c45977efaa09
branches: trunk
changeset: 378036:c45977efaa09
user: maya <maya%pkgsrc.org@localhost>
date: Mon Mar 26 23:33:24 2018 +0000
description:
firefox52: update to 52.7.3
CVE-2018-5148: Use-after-free in compositor
A use-after-free vulnerability can occur in the compositor during certain
graphics operations when a raw pointer is used instead of a reference
counted one. This results in a potentially exploitable crash.
diffstat:
www/firefox52/Makefile | 5 +-
www/firefox52/distinfo | 11 +--
www/firefox52/patches/patch-CVE-2018-5147 | 79 -------------------------------
3 files changed, 7 insertions(+), 88 deletions(-)
diffs (120 lines):
diff -r 710fcd9954c1 -r c45977efaa09 www/firefox52/Makefile
--- a/www/firefox52/Makefile Mon Mar 26 22:56:07 2018 +0000
+++ b/www/firefox52/Makefile Mon Mar 26 23:33:24 2018 +0000
@@ -1,12 +1,11 @@
-# $NetBSD: Makefile,v 1.19 2018/03/17 00:23:15 maya Exp $
+# $NetBSD: Makefile,v 1.20 2018/03/26 23:33:24 maya Exp $
FIREFOX_VER= ${MOZ_BRANCH}${MOZ_BRANCH_MINOR}
MOZ_BRANCH= 52.7
-MOZ_BRANCH_MINOR= .2esr
+MOZ_BRANCH_MINOR= .3esr
DISTNAME= firefox-${FIREFOX_VER}.source
PKGNAME= firefox52-${MOZ_BRANCH}${MOZ_BRANCH_MINOR:S/b/beta/:S/esr//}
-PKGREVISION= 1
CATEGORIES= www
MASTER_SITES+= ${MASTER_SITE_MOZILLA:=firefox/releases/${FIREFOX_VER}/source/}
MASTER_SITES+= ${MASTER_SITE_MOZILLA_ALL:=firefox/releases/${FIREFOX_VER}/source/}
diff -r 710fcd9954c1 -r c45977efaa09 www/firefox52/distinfo
--- a/www/firefox52/distinfo Mon Mar 26 22:56:07 2018 +0000
+++ b/www/firefox52/distinfo Mon Mar 26 23:33:24 2018 +0000
@@ -1,10 +1,9 @@
-$NetBSD: distinfo,v 1.12 2018/03/17 00:23:15 maya Exp $
+$NetBSD: distinfo,v 1.13 2018/03/26 23:33:24 maya Exp $
-SHA1 (firefox-52.7.2esr.source.tar.xz) = 7895d445ee7fa7f51ce253483250c7915e74a45e
-RMD160 (firefox-52.7.2esr.source.tar.xz) = d8c6c6a7ee0dfe55bd87467aca5709ea82a0050a
-SHA512 (firefox-52.7.2esr.source.tar.xz) = e275fd10fd32a0dc237135af3395e3a1ae501844632c973ff3b9bca1456702ee36dbee99fc57300598403c924c0db63bd62a199845c8f4a2e29db5d1e5973395
-Size (firefox-52.7.2esr.source.tar.xz) = 212673520 bytes
-SHA1 (patch-CVE-2018-5147) = 04e45d580fde5a44dec4f2e4d617d5302bd3fa44
+SHA1 (firefox-52.7.3esr.source.tar.xz) = 554190b6cbaab895ced8061abfd9ac6c955950f4
+RMD160 (firefox-52.7.3esr.source.tar.xz) = 0b687edea6b60fb3ad4cb5dc02655abc8b8fa94c
+SHA512 (firefox-52.7.3esr.source.tar.xz) = fc5530d8ff5b7f6cd8d9f677d65dee3c1489401c9c9b88258f2e59c7796975cfb7f0b8ccfdf80ae92a6644f51f70de8733c334e4673cad9b8813cca33ae3e1c3
+Size (firefox-52.7.3esr.source.tar.xz) = 213945524 bytes
SHA1 (patch-aa) = c1084caa275e57b716c3499301f7fc3f99ef5026
SHA1 (patch-ao) = 8b7125ef3b193fca4d03386142887b2f8d5015c5
SHA1 (patch-as) = 632ebd35287f8f97d18721d39a0514d4cdbb12cc
diff -r 710fcd9954c1 -r c45977efaa09 www/firefox52/patches/patch-CVE-2018-5147
--- a/www/firefox52/patches/patch-CVE-2018-5147 Mon Mar 26 22:56:07 2018 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,79 +0,0 @@
-$NetBSD: patch-CVE-2018-5147,v 1.1 2018/03/17 00:23:15 maya Exp $
-
-CVE-2018-5147: Prevent out-of-bounds write in codebook decoding.
-
-Codebooks that are not an exact divisor of the partition size are now
-truncated to fit within the partition.
-
---- media/libtremor/lib/tremor_codebook.c.orig 2017-04-11 02:13:12.000000000 +0000
-+++ media/libtremor/lib/tremor_codebook.c
-@@ -258,7 +258,7 @@ long vorbis_book_decodevs_add(codebook *
- t[i] = book->valuelist+entry[i]*book->dim;
- }
- for(i=0,o=0;i<book->dim;i++,o+=step)
-- for (j=0;j<step;j++)
-+ for (j=0;o+j<n && j<step;j++)
- a[o+j]+=t[j][i]>>shift;
- }else{
- for (i = 0; i < step; i++) {
-@@ -267,7 +267,7 @@ long vorbis_book_decodevs_add(codebook *
- t[i] = book->valuelist+entry[i]*book->dim;
- }
- for(i=0,o=0;i<book->dim;i++,o+=step)
-- for (j=0;j<step;j++)
-+ for (j=0;o+j<n && j<step;j++)
- a[o+j]+=t[j][i]<<-shift;
- }
- }
-@@ -287,7 +287,7 @@ long vorbis_book_decodev_add(codebook *b
- entry = decode_packed_entry_number(book,b);
- if(entry==-1)return(-1);
- t = book->valuelist+entry*book->dim;
-- for (j=0;j<book->dim;)
-+ for (j=0;i<n && j<book->dim;)
- a[i++]+=t[j++]>>shift;
- }
- }else{
-@@ -295,7 +295,7 @@ long vorbis_book_decodev_add(codebook *b
- entry = decode_packed_entry_number(book,b);
- if(entry==-1)return(-1);
- t = book->valuelist+entry*book->dim;
-- for (j=0;j<book->dim;)
-+ for (j=0;i<n && j<book->dim;)
- a[i++]+=t[j++]<<-shift;
- }
- }
-@@ -352,15 +352,15 @@ long vorbis_book_decodevv_add(codebook *
- long i,j,entry;
- int chptr=0;
- int shift=point-book->binarypoint;
--
-+ int m=offset+n;
- if(shift>=0){
-
-- for(i=offset;i<offset+n;){
-+ for(i=offset;i<m;){
- entry = decode_packed_entry_number(book,b);
- if(entry==-1)return(-1);
- {
- const ogg_int32_t *t = book->valuelist+entry*book->dim;
-- for (j=0;j<book->dim;j++){
-+ for (j=0;i<m && j<book->dim;j++){
- a[chptr++][i]+=t[j]>>shift;
- if(chptr==ch){
- chptr=0;
-@@ -371,12 +371,12 @@ long vorbis_book_decodevv_add(codebook *
- }
- }else{
-
-- for(i=offset;i<offset+n;){
-+ for(i=offset;i<m;){
- entry = decode_packed_entry_number(book,b);
- if(entry==-1)return(-1);
- {
- const ogg_int32_t *t = book->valuelist+entry*book->dim;
-- for (j=0;j<book->dim;j++){
-+ for (j=0;i<m && j<book->dim;j++){
- a[chptr++][i]+=t[j]<<-shift;
- if(chptr==ch){
- chptr=0;
Home |
Main Index |
Thread Index |
Old Index