[pkgsrc/pkgsrc-2021Q4]: pkgsrc/www/firefox91 Pullup ticket #6582 - requested ...

[bsiegert <bsiegert%pkgsrc.org@localhost>]

details:   https://anonhg.NetBSD.org/pkgsrc/rev/63b0f17df935
branches:  pkgsrc-2021Q4
changeset: 374413:63b0f17df935
user:      bsiegert <bsiegert%pkgsrc.org@localhost>
date:      Mon Feb 21 13:34:26 2022 +0000

description:
Pullup ticket #6582 - requested by nia
www/firefox91: security fix

Revisions pulled up:
- www/firefox91/Makefile                                        1.13
- www/firefox91/distinfo                                        1.10

---
   Module Name: pkgsrc
   Committed By:        nia
   Date:                Mon Feb 21 03:43:56 UTC 2022

   Modified Files:
        pkgsrc/www/firefox91: Makefile distinfo

   Log Message:
   firefox91: update to 91.6.0

   Security Vulnerabilities fixed in Firefox ESR 91.6

       #CVE-2022-22753: Privilege Escalation to SYSTEM on Windows via Maintenance
       Service

       #CVE-2022-22754: Extensions could have bypassed permission confirmation
       during update

       #CVE-2022-22756: Drag and dropping an image could have resulted in the
       dropped object being an executable

       #CVE-2022-22759: Sandboxed iframes could have executed script if the parent
       appended elements

       #CVE-2022-22760: Cross-Origin responses could be distinguished between
       script and non-script content-types

       #CVE-2022-22761: frame-ancestors Content Security Policy directive was not
       enforced for framed extension pages

       #CVE-2022-22763: Script Execution during invalid object state

       #CVE-2022-22764: Memory safety bugs fixed in Firefox 97 and Firefox ESR 91.6

diffstat:

 www/firefox91/Makefile |  4 ++--
 www/firefox91/distinfo |  8 ++++----
 2 files changed, 6 insertions(+), 6 deletions(-)

diffs (29 lines):

diff -r ba1dc9788c61 -r 63b0f17df935 www/firefox91/Makefile
--- a/www/firefox91/Makefile    Sun Feb 20 10:32:05 2022 +0000
+++ b/www/firefox91/Makefile    Mon Feb 21 13:34:26 2022 +0000
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.11.2.1 2022/02/20 10:20:21 bsiegert Exp $
+# $NetBSD: Makefile,v 1.11.2.2 2022/02/21 13:34:26 bsiegert Exp $
 
 FIREFOX_VER=           ${MOZ_BRANCH}${MOZ_BRANCH_MINOR}
-MOZ_BRANCH=            91.5
+MOZ_BRANCH=            91.6
 MOZ_BRANCH_MINOR=      .0esr
 
 DISTNAME=      firefox-${FIREFOX_VER}.source
diff -r ba1dc9788c61 -r 63b0f17df935 www/firefox91/distinfo
--- a/www/firefox91/distinfo    Sun Feb 20 10:32:05 2022 +0000
+++ b/www/firefox91/distinfo    Mon Feb 21 13:34:26 2022 +0000
@@ -1,8 +1,8 @@
-$NetBSD: distinfo,v 1.8.2.1 2022/02/20 10:20:21 bsiegert Exp $
+$NetBSD: distinfo,v 1.8.2.2 2022/02/21 13:34:26 bsiegert Exp $
 
-BLAKE2s (firefox-91.5.0esr.source.tar.xz) = ede7eb4257b2709ac5c05806761a0ab3a4cc6fb262eeb970ee47fba1bc2504fd
-SHA512 (firefox-91.5.0esr.source.tar.xz) = 1712415b6b73c6a21edfefc39eaba5fcbbca54032f78627c0005d291501d16ef4daffb8b9a160d1d5361113ceba04eb5ddb21d903e3dd8d58838aa9596f2d781
-Size (firefox-91.5.0esr.source.tar.xz) = 381371300 bytes
+BLAKE2s (firefox-91.6.0esr.source.tar.xz) = 4f738596ac1c9608dcdf2dc1f6771065ab3f9dd2927c9a0c569c9fdb671f5424
+SHA512 (firefox-91.6.0esr.source.tar.xz) = 3dd1929f93cdd087a93fc3597f32d9005c986b59832954e01a8c2472b179c92ad611eaa73d3fc000a08b838a0b70da73ff5ba82d6009160655ba6894cf04520e
+Size (firefox-91.6.0esr.source.tar.xz) = 386869628 bytes
 BLAKE2s (nodejs-output-91.0.tgz) = 5007b8d20d6264a4cd573b465643cff83c2adc75ad7dd9fba97ff5fcae787c9f
 SHA512 (nodejs-output-91.0.tgz) = 3a457101a4aaa5ae955b77c41ba6b0d98eb5dd0ae9d6d8cc77c0c7bc0e844238a9c0d86cd1838ffb6a37ad8851f871c21e4ca1bb59d11e58fc42c5fec88c298c
 Size (nodejs-output-91.0.tgz) = 201061 bytes