pkgsrc-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[pkgsrc/trunk]: pkgsrc/www/seamonkey seamonkey: provide patch for CVE-2018-51...



details:   https://anonhg.NetBSD.org/pkgsrc/rev/710fcd9954c1
branches:  trunk
changeset: 378035:710fcd9954c1
user:      maya <maya%pkgsrc.org@localhost>
date:      Mon Mar 26 22:56:07 2018 +0000

description:
seamonkey: provide patch for CVE-2018-5148: Use-after-free in compositor

A use-after-free vulnerability can occur in the compositor during
certain graphics operations when a raw pointer is used instead of a
reference counted one. This results in a potentially exploitable crash

Bug 1440717 - Use RefPtr for CompositingRenderTargetOGL::mGL. r=Bas, a=ritu

PKGREVISION++

diffstat:

 www/seamonkey/Makefile                                                               |   4 +-
 www/seamonkey/distinfo                                                               |   4 +-
 www/seamonkey/patches/patch-mozilla_gfx_layers_opengl_CompositingRenderTargetOGL.cpp |  21 ++++++++++
 www/seamonkey/patches/patch-mozilla_gfx_layers_opengl_CompositingRenderTargetOGL.h   |  21 ++++++++++
 4 files changed, 47 insertions(+), 3 deletions(-)

diffs (82 lines):

diff -r 357103ef69d9 -r 710fcd9954c1 www/seamonkey/Makefile
--- a/www/seamonkey/Makefile    Mon Mar 26 22:26:13 2018 +0000
+++ b/www/seamonkey/Makefile    Mon Mar 26 22:56:07 2018 +0000
@@ -1,8 +1,8 @@
-# $NetBSD: Makefile,v 1.173 2018/03/17 00:06:17 maya Exp $
+# $NetBSD: Makefile,v 1.174 2018/03/26 22:56:07 maya Exp $
 
 DISTNAME=      seamonkey-${SM_VER}.source
 PKGNAME=       seamonkey-${SM_VER:S/b/beta/}
-PKGREVISION=   3
+PKGREVISION=   4
 SM_VER=                2.49.2
 CATEGORIES=    www
 MASTER_SITES=  ${MASTER_SITE_MOZILLA:=seamonkey/releases/${SM_VER}/source/}
diff -r 357103ef69d9 -r 710fcd9954c1 www/seamonkey/distinfo
--- a/www/seamonkey/distinfo    Mon Mar 26 22:26:13 2018 +0000
+++ b/www/seamonkey/distinfo    Mon Mar 26 22:56:07 2018 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.150 2018/03/17 00:06:17 maya Exp $
+$NetBSD: distinfo,v 1.151 2018/03/26 22:56:07 maya Exp $
 
 SHA1 (seamonkey-2.49.2.source.tar.xz) = 843ff7e74e488d03bdbf72237a1973c50887494b
 RMD160 (seamonkey-2.49.2.source.tar.xz) = 9f79789a5d44985d96f8549f537ad01f23c1fc2c
@@ -37,6 +37,8 @@
 SHA1 (patch-mozilla_gfx_gl_GLContextProviderGLX.cpp) = d4d0cdf25ae15f7cc07d1ad213ec7d2b015e4168
 SHA1 (patch-mozilla_gfx_graphite2_moz-gr-update.sh) = 22365f3d536b929a73e8e5d99a34f5857b5b2d35
 SHA1 (patch-mozilla_gfx_graphite2_src_Bidi.cpp) = fb97becdfeeea742e8c0bc51e10efc124a2a11f3
+SHA1 (patch-mozilla_gfx_layers_opengl_CompositingRenderTargetOGL.cpp) = 296b7d67033aad8d3f914caa97574b44be9a0a47
+SHA1 (patch-mozilla_gfx_layers_opengl_CompositingRenderTargetOGL.h) = 52ce2aa5557ff6dc74d4ae1e931f20be3c4dbe78
 SHA1 (patch-mozilla_gfx_moz.build) = c3bb9f947bb6cb19d890fba83bd9dd4ac29d2ebf
 SHA1 (patch-mozilla_gfx_skia_generate__mozbuild.py) = 9850cc0636728061cad1297716bdf43d6ef5d063
 SHA1 (patch-mozilla_gfx_skia_moz.build) = e7337cf958e2ab9f422573519eb4ee0666319964
diff -r 357103ef69d9 -r 710fcd9954c1 www/seamonkey/patches/patch-mozilla_gfx_layers_opengl_CompositingRenderTargetOGL.cpp
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/www/seamonkey/patches/patch-mozilla_gfx_layers_opengl_CompositingRenderTargetOGL.cpp      Mon Mar 26 22:56:07 2018 +0000
@@ -0,0 +1,21 @@
+$NetBSD: patch-mozilla_gfx_layers_opengl_CompositingRenderTargetOGL.cpp,v 1.1 2018/03/26 22:56:07 maya Exp $
+
+CVE-2018-5148: Use-after-free in compositor
+
+A use-after-free vulnerability can occur in the compositor during
+certain graphics operations when a raw pointer is used instead of a
+reference counted one. This results in a potentially exploitable crash
+
+Bug 1440717 - Use RefPtr for CompositingRenderTargetOGL::mGL. r=Bas, a=ritu
+
+--- mozilla/gfx/layers/opengl/CompositingRenderTargetOGL.cpp.orig      2018-02-05 11:48:12.000000000 +0000
++++ mozilla/gfx/layers/opengl/CompositingRenderTargetOGL.cpp
+@@ -60,7 +60,7 @@ CompositingRenderTargetOGL::BindRenderTa
+         msg.AppendPrintf("Framebuffer not complete -- CheckFramebufferStatus returned 0x%x, "
+                          "GLContext=%p, IsOffscreen()=%d, mFBO=%d, aFBOTextureTarget=0x%x, "
+                          "aRect.width=%d, aRect.height=%d",
+-                         result, mGL, mGL->IsOffscreen(), mFBO, mInitParams.mFBOTextureTarget,
++                         result, mGL.get(), mGL->IsOffscreen(), mFBO, mInitParams.mFBOTextureTarget,
+                          mInitParams.mSize.width, mInitParams.mSize.height);
+         NS_WARNING(msg.get());
+       }
diff -r 357103ef69d9 -r 710fcd9954c1 www/seamonkey/patches/patch-mozilla_gfx_layers_opengl_CompositingRenderTargetOGL.h
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/www/seamonkey/patches/patch-mozilla_gfx_layers_opengl_CompositingRenderTargetOGL.h        Mon Mar 26 22:56:07 2018 +0000
@@ -0,0 +1,21 @@
+$NetBSD: patch-mozilla_gfx_layers_opengl_CompositingRenderTargetOGL.h,v 1.1 2018/03/26 22:56:07 maya Exp $
+
+CVE-2018-5148: Use-after-free in compositor
+
+A use-after-free vulnerability can occur in the compositor during
+certain graphics operations when a raw pointer is used instead of a
+reference counted one. This results in a potentially exploitable crash
+
+Bug 1440717 - Use RefPtr for CompositingRenderTargetOGL::mGL. r=Bas, a=ritu
+
+--- mozilla/gfx/layers/opengl/CompositingRenderTargetOGL.h.orig        2018-02-05 11:48:08.000000000 +0000
++++ mozilla/gfx/layers/opengl/CompositingRenderTargetOGL.h
+@@ -184,7 +184,7 @@ private:
+    * the target is always cleared at the end of a frame.
+    */
+   RefPtr<CompositorOGL> mCompositor;
+-  GLContext* mGL;
++  RefPtr<GLContext> mGL;
+   GLuint mTextureHandle;
+   GLuint mFBO;
+ };



Home | Main Index | Thread Index | Old Index