pkgsrc-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[pkgsrc/pkgsrc-2021Q4]: pkgsrc/www/firefox91 Pullup ticket #6580 - requested ...



details:   https://anonhg.NetBSD.org/pkgsrc/rev/db3ee9d73f75
branches:  pkgsrc-2021Q4
changeset: 374344:db3ee9d73f75
user:      bsiegert <bsiegert%pkgsrc.org@localhost>
date:      Sun Feb 20 10:20:21 2022 +0000

description:
Pullup ticket #6580 - requested by nia
www/firefox91: security fix

Revisions pulled up:
- www/firefox91/Makefile                                        1.12
- www/firefox91/distinfo                                        1.9
- www/firefox91/patches/patch-gfx_angle_checkout_src_compiler_translator_InfoSink.h 1.2

---
   Module Name: pkgsrc
   Committed By:        ryoon
   Date:                Wed Jan 26 13:38:07 UTC 2022

   Modified Files:
        pkgsrc/www/firefox91: Makefile distinfo
        pkgsrc/www/firefox91/patches:
            patch-gfx_angle_checkout_src_compiler_translator_InfoSink.h

   Log Message:
   firefox91: Update to 91.5.0

   Changelog:
   Security fixes:
   #CVE-2022-22746: Calling into reportValidity could have lead to fullscreen
   #CVE-2022-22743: Browser window spoof using fullscreen mode
   #CVE-2022-22742: Out-of-bounds memory access when inserting text in edit mode
   #CVE-2022-22741: Browser window spoof using fullscreen mode
   #CVE-2022-22740: Use-after-free of ChannelEventQueue::mOwner
   #CVE-2022-22738: Heap-buffer-overflow in blendGaussianBlur
   #CVE-2022-22737: Race condition when playing audio files
   #CVE-2021-4140: Iframe sandbox bypass with XSLT
   #CVE-2022-22748: Spoofed origin on external protocol launch dialog
   #CVE-2022-22745: Leaking cross-origin URLs through securitypolicyviolation
    event
   #CVE-2022-22744: The 'Copy as curl' feature in DevTools did not fully escape
    website-controlled data, potentially leading to command injection
   #CVE-2022-22747: Crash when handling empty pkcs7 sequence
   #CVE-2022-22739: Missing throttling on external protocol launch dialog
   #CVE-2022-22751: Memory safety bugs fixed in Firefox 96 and Firefox ESR 91.5

diffstat:

 www/firefox91/Makefile                                                            |   6 +++---
 www/firefox91/distinfo                                                            |  10 +++++-----
 www/firefox91/patches/patch-gfx_angle_checkout_src_compiler_translator_InfoSink.h |   6 +++---
 3 files changed, 11 insertions(+), 11 deletions(-)

diffs (62 lines):

diff -r 814698e9d081 -r db3ee9d73f75 www/firefox91/Makefile
--- a/www/firefox91/Makefile    Mon Feb 07 07:10:47 2022 +0000
+++ b/www/firefox91/Makefile    Sun Feb 20 10:20:21 2022 +0000
@@ -1,8 +1,8 @@
-# $NetBSD: Makefile,v 1.11 2021/12/22 16:05:28 nia Exp $
+# $NetBSD: Makefile,v 1.11.2.1 2022/02/20 10:20:21 bsiegert Exp $
 
 FIREFOX_VER=           ${MOZ_BRANCH}${MOZ_BRANCH_MINOR}
-MOZ_BRANCH=            91.4
-MOZ_BRANCH_MINOR=      .1esr
+MOZ_BRANCH=            91.5
+MOZ_BRANCH_MINOR=      .0esr
 
 DISTNAME=      firefox-${FIREFOX_VER}.source
 PKGNAME=       ${DISTNAME:S/.source//:S/b/beta/:S/esr//:S/firefox-/firefox91-/}
diff -r 814698e9d081 -r db3ee9d73f75 www/firefox91/distinfo
--- a/www/firefox91/distinfo    Mon Feb 07 07:10:47 2022 +0000
+++ b/www/firefox91/distinfo    Sun Feb 20 10:20:21 2022 +0000
@@ -1,8 +1,8 @@
-$NetBSD: distinfo,v 1.8 2021/12/22 16:05:28 nia Exp $
+$NetBSD: distinfo,v 1.8.2.1 2022/02/20 10:20:21 bsiegert Exp $
 
-BLAKE2s (firefox-91.4.1esr.source.tar.xz) = 8fa00028b395eba1bf823a828aab7d5741928e7f221dc73bf404dd63d15b43f3
-SHA512 (firefox-91.4.1esr.source.tar.xz) = 1b9f17c4e58e3753f8507754bba93e3b7f76df5b6845d6173719fbdd98b70af2a90242df42fe274217f56d0280e5dbae17962f5b6bf111421260790f770f5337
-Size (firefox-91.4.1esr.source.tar.xz) = 378159528 bytes
+BLAKE2s (firefox-91.5.0esr.source.tar.xz) = ede7eb4257b2709ac5c05806761a0ab3a4cc6fb262eeb970ee47fba1bc2504fd
+SHA512 (firefox-91.5.0esr.source.tar.xz) = 1712415b6b73c6a21edfefc39eaba5fcbbca54032f78627c0005d291501d16ef4daffb8b9a160d1d5361113ceba04eb5ddb21d903e3dd8d58838aa9596f2d781
+Size (firefox-91.5.0esr.source.tar.xz) = 381371300 bytes
 BLAKE2s (nodejs-output-91.0.tgz) = 5007b8d20d6264a4cd573b465643cff83c2adc75ad7dd9fba97ff5fcae787c9f
 SHA512 (nodejs-output-91.0.tgz) = 3a457101a4aaa5ae955b77c41ba6b0d98eb5dd0ae9d6d8cc77c0c7bc0e844238a9c0d86cd1838ffb6a37ad8851f871c21e4ca1bb59d11e58fc42c5fec88c298c
 Size (nodejs-output-91.0.tgz) = 201061 bytes
@@ -13,7 +13,7 @@
 SHA1 (patch-config_makefiles_rust.mk) = 72d7e9ecee3ccf7ef5f741aac8e35509b41ab7b8
 SHA1 (patch-dom_base_nsAttrName.h) = ac7ba441a3b27df2855cf2673eea36b1cb44ad49
 SHA1 (patch-gfx_angle_checkout_src_common_third__party_smhasher_src_PMurHash.cpp) = e458c9c8dc66edc69c1874734af28a77fc5e3993
-SHA1 (patch-gfx_angle_checkout_src_compiler_translator_InfoSink.h) = 2f73c76c48852613e0c55c1680fcc2a9eb3cf4ef
+SHA1 (patch-gfx_angle_checkout_src_compiler_translator_InfoSink.h) = 2db2859ff7dbd01c24f6bd038bb3c9ba69821115
 SHA1 (patch-gfx_cairo_cairo_src_cairo-type1-subset.c) = 89a9d934ef76706c552c0b81e6cbc0f45b1ffd2c
 SHA1 (patch-gfx_skia_skia_src_core_SkCpu.cpp) = 36218819254f3681b9c717d652ea78c9f20d49ad
 SHA1 (patch-gfx_thebes_gfxPlatform.cpp) = f6f8996f0818a1b890698c7cc5054d49cb1e8924
diff -r 814698e9d081 -r db3ee9d73f75 www/firefox91/patches/patch-gfx_angle_checkout_src_compiler_translator_InfoSink.h
--- a/www/firefox91/patches/patch-gfx_angle_checkout_src_compiler_translator_InfoSink.h Mon Feb 07 07:10:47 2022 +0000
+++ b/www/firefox91/patches/patch-gfx_angle_checkout_src_compiler_translator_InfoSink.h Sun Feb 20 10:20:21 2022 +0000
@@ -1,9 +1,9 @@
-$NetBSD: patch-gfx_angle_checkout_src_compiler_translator_InfoSink.h,v 1.1 2021/09/08 22:19:50 nia Exp $
+$NetBSD: patch-gfx_angle_checkout_src_compiler_translator_InfoSink.h,v 1.1.4.1 2022/02/20 10:20:21 bsiegert Exp $
 
 * isinf/isnan in make.h is defined as macro. Use non-macro version
   to fix build.
 
---- gfx/angle/checkout/src/compiler/translator/InfoSink.h.orig 2018-10-18 20:06:05.000000000 +0000
+--- gfx/angle/checkout/src/compiler/translator/InfoSink.h.orig 2022-01-06 00:52:35.000000000 +0000
 +++ gfx/angle/checkout/src/compiler/translator/InfoSink.h
 @@ -7,7 +7,7 @@
  #ifndef COMPILER_TRANSLATOR_INFOSINK_H_
@@ -12,5 +12,5 @@
 -#include <math.h>
 +#include <cmath>
  #include <stdlib.h>
+ #include "GLSLANG/ShaderLang.h"
  #include "compiler/translator/Common.h"
- #include "compiler/translator/Severity.h"



Home | Main Index | Thread Index | Old Index