CVS commit: pkgsrc/www/firefox52

["Ryo ONODERA" <ryoon%netbsd.org@localhost>]

Module Name:    pkgsrc
Committed By:   ryoon
Date:           Fri Nov 17 00:19:01 UTC 2017

Modified Files:
        pkgsrc/www/firefox52: Makefile distinfo

Log Message:
Update to 52.5.0

Changelog:
Security fixes:
#CVE-2017-7828: Use-after-free of PressShell while restyling layout

Reporter
    Nils
Impact
    critical

Description

A use-after-free vulnerability can occur when flushing and resizing
layout because the PressShell object has been freed while still
in use. This results in a potentially exploitable crash during
these operations.

References

    Bug 1406750
    Bug 1412252

#CVE-2017-7830: Cross-origin URL information leak through Resource Timing API

Reporter
    Jun Kokatsu
Impact
    high

Description

The Resource Timing API incorrectly revealed navigations in cross-origin
iframes. This is a same-origin policy violation and could allow for
data theft of URLs loaded by users.

References

    Memory safety bugs fixed in Firefox 57

#CVE-2017-7826: Memory safety bugs fixed in Firefox 57 and Firefox ESR 52.5

Reporter
    Mozilla developers and community
Impact
    critical

Description

Mozilla developers and community members Christian Holler, David
Keeler, Jon Coppeard, Julien Cristau, Jan de Mooij, Jason Kratzer,
Philipp, Nicholas Nethercote, Oriol Brufau, André Bargull, Bob Clary,
Jet Villegas, Randell Jesup, Tyson Smith, Gary Kwong, and Ryan VanderMeulen
reported memory safety bugs present in Firefox 56 and Firefox ESR 52.4.
Some of these bugs showed evidence of memory corruption and we presume
that with enough effort that some of these could be exploited to
run arbitrary code.

References

    Memory safety bugs fixed in Firefox 57 and Firefox ESR 52.5


To generate a diff of this commit:
cvs rdiff -u -r1.10 -r1.11 pkgsrc/www/firefox52/Makefile
cvs rdiff -u -r1.8 -r1.9 pkgsrc/www/firefox52/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/www/firefox52/Makefile
diff -u pkgsrc/www/firefox52/Makefile:1.10 pkgsrc/www/firefox52/Makefile:1.11
--- pkgsrc/www/firefox52/Makefile:1.10  Thu Nov  9 19:17:19 2017
+++ pkgsrc/www/firefox52/Makefile       Fri Nov 17 00:19:01 2017
@@ -1,8 +1,8 @@
-# $NetBSD: Makefile,v 1.10 2017/11/09 19:17:19 ryoon Exp $
+# $NetBSD: Makefile,v 1.11 2017/11/17 00:19:01 ryoon Exp $
 
 FIREFOX_VER=           ${MOZ_BRANCH}${MOZ_BRANCH_MINOR}
-MOZ_BRANCH=            52.4
-MOZ_BRANCH_MINOR=      .1esr
+MOZ_BRANCH=            52.5
+MOZ_BRANCH_MINOR=      .0esr
 
 DISTNAME=      firefox-${FIREFOX_VER}.source
 PKGNAME=       firefox52-${MOZ_BRANCH}${MOZ_BRANCH_MINOR:S/b/beta/:S/esr//}

Index: pkgsrc/www/firefox52/distinfo
diff -u pkgsrc/www/firefox52/distinfo:1.8 pkgsrc/www/firefox52/distinfo:1.9
--- pkgsrc/www/firefox52/distinfo:1.8   Thu Nov  9 19:17:19 2017
+++ pkgsrc/www/firefox52/distinfo       Fri Nov 17 00:19:01 2017
@@ -1,9 +1,9 @@
-$NetBSD: distinfo,v 1.8 2017/11/09 19:17:19 ryoon Exp $
+$NetBSD: distinfo,v 1.9 2017/11/17 00:19:01 ryoon Exp $
 
-SHA1 (firefox-52.4.1esr.source.tar.xz) = c9ab3441780518ed9a57206d5f88445e38adb4f5
-RMD160 (firefox-52.4.1esr.source.tar.xz) = ca192f10ba393eecc023c55cfcfbc11a7d18dcf9
-SHA512 (firefox-52.4.1esr.source.tar.xz) = d80c7219548391d8a47b6e404662ea41e6acfa264a67d69365e76dd8943077e388ab24b030850919f8fc6681c11486bdbaaf170d441c861f4a12cedbe08955ab
-Size (firefox-52.4.1esr.source.tar.xz) = 211950124 bytes
+SHA1 (firefox-52.5.0esr.source.tar.xz) = 4941f498f8ec838b1bdc70fc8f13c8fde379ddce
+RMD160 (firefox-52.5.0esr.source.tar.xz) = c451c1c7cbb5ba8cdf1e35d48f08725cc8bd329c
+SHA512 (firefox-52.5.0esr.source.tar.xz) = fe724108ba538e590b87a5c1b817471d3cca9b038ba2755642e4d7b8ebb6174322be1fe074f24ef181946f9a027106b50b500d2fa541d8a99ef44905822eda18
+Size (firefox-52.5.0esr.source.tar.xz) = 214241184 bytes
 SHA1 (patch-aa) = c1084caa275e57b716c3499301f7fc3f99ef5026
 SHA1 (patch-ao) = 8b7125ef3b193fca4d03386142887b2f8d5015c5
 SHA1 (patch-as) = 632ebd35287f8f97d18721d39a0514d4cdbb12cc