CVS commit: [pkgsrc-2021Q3] pkgsrc/www/firefox91

To: pkgsrc-changes%NetBSD.org@localhost
Subject: CVS commit: [pkgsrc-2021Q3] pkgsrc/www/firefox91
From: "Benny Siegert" <bsiegert%netbsd.org@localhost>
Date: Fri, 5 Nov 2021 19:28:53 +0000

Module Name:    pkgsrc
Committed By:   bsiegert
Date:           Fri Nov  5 19:28:53 UTC 2021

Modified Files:
        pkgsrc/www/firefox91 [pkgsrc-2021Q3]: Makefile PLIST distinfo
Added Files:
        pkgsrc/www/firefox91/patches [pkgsrc-2021Q3]:
            patch-modules_fdlibm_src_math__private.h

Log Message:
Pullup ticket #6530 - requested by nia
www/firefox91: security fix

Revisions pulled up:
- www/firefox91/Makefile                                        1.8
- www/firefox91/PLIST                                           1.3
- www/firefox91/distinfo                                        1.6
- www/firefox91/patches/patch-modules_fdlibm_src_math__private.h 1.1

---
   Module Name: pkgsrc
   Committed By:        nia
   Date:                Wed Nov  3 19:19:40 UTC 2021

   Modified Files:
        pkgsrc/www/firefox91: Makefile PLIST distinfo
   Added Files:
        pkgsrc/www/firefox91/patches: patch-modules_fdlibm_src_math__private.h

   Log Message:
   firefox91: update to 91.3.0

   Security Vulnerabilities fixed in Firefox ESR 91.3

       #CVE-2021-38503: iframe sandbox rules did not apply to XSLT stylesheets

       #CVE-2021-38504: Use-after-free in file picker dialog

       #CVE-2021-38506: Firefox could be coaxed into going into fullscreen mode
       without notification or warning

       #CVE-2021-38507: Opportunistic Encryption in HTTP2 could be used to bypass
       the Same-Origin-Policy on services hosted on other ports

       #MOZ-2021-0008: Use-after-free in HTTP2 Session object

       #CVE-2021-38508: Permission Prompt could be overlaid, resulting in user
       confusion and potential spoofing

       #CVE-2021-38509: Javascript alert box could have been spoofed onto an
       arbitrary domain

       #CVE-2021-38510: Download Protections were bypassed by .inetloc files on Mac
       OS

       #MOZ-2021-0007: Memory safety bugs fixed in Firefox 94 and Firefox ESR 91.3


To generate a diff of this commit:
cvs rdiff -u -r1.5.2.1 -r1.5.2.2 pkgsrc/www/firefox91/Makefile
cvs rdiff -u -r1.2 -r1.2.2.1 pkgsrc/www/firefox91/PLIST
cvs rdiff -u -r1.2.2.1 -r1.2.2.2 pkgsrc/www/firefox91/distinfo
cvs rdiff -u -r0 -r1.1.2.2 \
    pkgsrc/www/firefox91/patches/patch-modules_fdlibm_src_math__private.h

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/www/firefox91/Makefile
diff -u pkgsrc/www/firefox91/Makefile:1.5.2.1 pkgsrc/www/firefox91/Makefile:1.5.2.2
--- pkgsrc/www/firefox91/Makefile:1.5.2.1       Mon Oct 11 18:36:20 2021
+++ pkgsrc/www/firefox91/Makefile       Fri Nov  5 19:28:52 2021
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.5.2.1 2021/10/11 18:36:20 bsiegert Exp $
+# $NetBSD: Makefile,v 1.5.2.2 2021/11/05 19:28:52 bsiegert Exp $
 
 FIREFOX_VER=           ${MOZ_BRANCH}${MOZ_BRANCH_MINOR}
-MOZ_BRANCH=            91.2
+MOZ_BRANCH=            91.3
 MOZ_BRANCH_MINOR=      .0esr
 
 DISTNAME=      firefox-${FIREFOX_VER}.source

Index: pkgsrc/www/firefox91/PLIST
diff -u pkgsrc/www/firefox91/PLIST:1.2 pkgsrc/www/firefox91/PLIST:1.2.2.1
--- pkgsrc/www/firefox91/PLIST:1.2      Thu Sep 16 17:47:13 2021
+++ pkgsrc/www/firefox91/PLIST  Fri Nov  5 19:28:52 2021
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.2 2021/09/16 17:47:13 nia Exp $
+@comment $NetBSD: PLIST,v 1.2.2.1 2021/11/05 19:28:52 bsiegert Exp $
 bin/firefox91
 lib/firefox91/application.ini
 lib/firefox91/browser/chrome/icons/default/default128.png
@@ -9,6 +9,7 @@ lib/firefox91/browser/chrome/icons/defau
 lib/firefox91/browser/features/doh-rollout%mozilla.org.xpi@localhost
 lib/firefox91/browser/features/formautofill%mozilla.org.xpi@localhost
 lib/firefox91/browser/features/pictureinpicture%mozilla.org.xpi@localhost
+lib/firefox91/browser/features/proxy-failover%mozilla.com.xpi@localhost
 lib/firefox91/browser/features/screenshots%mozilla.org.xpi@localhost
 lib/firefox91/browser/features/webcompat-reporter%mozilla.org.xpi@localhost
 lib/firefox91/browser/features/webcompat%mozilla.org.xpi@localhost

Index: pkgsrc/www/firefox91/distinfo
diff -u pkgsrc/www/firefox91/distinfo:1.2.2.1 pkgsrc/www/firefox91/distinfo:1.2.2.2
--- pkgsrc/www/firefox91/distinfo:1.2.2.1       Mon Oct 11 18:36:20 2021
+++ pkgsrc/www/firefox91/distinfo       Fri Nov  5 19:28:52 2021
@@ -1,9 +1,7 @@
-$NetBSD: distinfo,v 1.2.2.1 2021/10/11 18:36:20 bsiegert Exp $
+$NetBSD: distinfo,v 1.2.2.2 2021/11/05 19:28:52 bsiegert Exp $
 
-RMD160 (firefox-91.2.0esr.source.tar.xz) = 410ea5ccd338f115134fb814a903812f82a4557a
-SHA512 (firefox-91.2.0esr.source.tar.xz) = f4cff7e43ff9927cbab3f02d37d360ee8bb0dbe988e280cb0638ee67bfe3c76e3a0469336de1b212fba66c958d58594b1739aafee1ebb84695d098c1e5c77b9d
-Size (firefox-91.2.0esr.source.tar.xz) = 381665824 bytes
-RMD160 (nodejs-output-91.0.tgz) = b21fe976a919cd891a757eaba2f4006d8e4ab747
+SHA512 (firefox-91.3.0esr.source.tar.xz) = 7cf6efd165acc134bf576715580c103a2fc10ab928ede4c18f69908c62a04eb0f60affa8ceafd5883b393c31b85cae6821d0ae063c9e78117456d475947deaa9
+Size (firefox-91.3.0esr.source.tar.xz) = 381117132 bytes
 SHA512 (nodejs-output-91.0.tgz) = 3a457101a4aaa5ae955b77c41ba6b0d98eb5dd0ae9d6d8cc77c0c7bc0e844238a9c0d86cd1838ffb6a37ad8851f871c21e4ca1bb59d11e58fc42c5fec88c298c
 Size (nodejs-output-91.0.tgz) = 201061 bytes
 SHA1 (patch-aa) = 15b8567cee2af9853f6949c80345ffcb1fd3852a
@@ -32,6 +30,7 @@ SHA1 (patch-media_libcubeb_src_moz.build
 SHA1 (patch-media_libpng_pngpriv.h) = c8084332560017cd7c9b519b61d125fa28af0dbc
 SHA1 (patch-media_libtheora_lib_info.c) = f6dbf536d73859a1ff78304c2e9f6a6f74dac01f
 SHA1 (patch-media_webrtc_trunk_webrtc_modules_video__capture_linux_device__info__linux.cc) = f495b64d33db4940c0dfe8c36ddf82aa752b25d9
+SHA1 (patch-modules_fdlibm_src_math__private.h) = 6ae3b0077b4a8c6088c35769fa1972cfc44ea9c1
 SHA1 (patch-mozglue_misc_Uptime.cpp) = daefe25ef1ebc8e4d3735017b9e8ac68c4710a00
 SHA1 (patch-nsprpub_pr_src_pthreads_ptsynch.c) = 13e512c7ee9fa1e14ba415d62fa853e5fbfc91c0
 SHA1 (patch-security_nss_lib_freebl_mpi_mpi.c) = a7cd867916524770609d1c307a65b315b88456f4

Added files:

Index: pkgsrc/www/firefox91/patches/patch-modules_fdlibm_src_math__private.h
diff -u /dev/null pkgsrc/www/firefox91/patches/patch-modules_fdlibm_src_math__private.h:1.1.2.2
--- /dev/null   Fri Nov  5 19:28:53 2021
+++ pkgsrc/www/firefox91/patches/patch-modules_fdlibm_src_math__private.h       Fri Nov  5 19:28:53 2021
@@ -0,0 +1,18 @@
+$NetBSD: patch-modules_fdlibm_src_math__private.h,v 1.1.2.2 2021/11/05 19:28:53 bsiegert Exp $
+
+* Fix PR pkg/56457, build failure on NetBSD/i386.
+  Do not use FreeBSD-specific definition.
+
+--- modules/fdlibm/src/math_private.h.orig     2021-09-27 22:47:42.000000000 +0000
++++ modules/fdlibm/src/math_private.h
+@@ -30,8 +30,8 @@
+  * Adapted from https://github.com/freebsd/freebsd-src/search?q=__double_t
+  */
+ 
+-typedef double      __double_t;
+-typedef __double_t  double_t;
++#include <math.h>
++typedef double_t __double_t;
+ 
+ /*
+  * The original fdlibm code used statements like:

Prev by Date: CVS commit: [pkgsrc-2021Q3] pkgsrc/www/firefox91-l10n
Next by Date: CVS commit: [pkgsrc-2021Q3] pkgsrc/doc
Previous by Thread: CVS commit: [pkgsrc-2021Q3] pkgsrc/www/firefox91-l10n
Next by Thread: CVS commit: [pkgsrc-2021Q3] pkgsrc/doc
Indexes:

Home | Main Index | Thread Index | Old Index