pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/pkgsrc-2020Q3]: pkgsrc/www/firefox78 Pullup ticket #6370 - requested ...
details: https://anonhg.NetBSD.org/pkgsrc/rev/8a66189627a6
branches: pkgsrc-2020Q3
changeset: 442480:8a66189627a6
user: bsiegert <bsiegert%pkgsrc.org@localhost>
date: Tue Nov 24 18:29:25 2020 +0000
description:
Pullup ticket #6370 - requested by nia
www/firefox78: security fix
NOTE: This also includes the changes from pullup tickets #6363 and #6369.
Revisions pulled up:
- www/firefox78/Makefile 1.9,1.13
- www/firefox78/distinfo 1.5-1.6
- www/firefox78/patches/patch-js_src_jit_ProcessExecutableMemory.cpp 1.1
- www/firefox78/patches/patch-js_src_vm_ArrayBufferObject.cpp 1.1
---
Module Name: pkgsrc
Committed By: nia
Date: Tue Nov 10 02:59:28 UTC 2020
Modified Files:
pkgsrc/www/firefox78: Makefile distinfo
Added Files:
pkgsrc/www/firefox78/patches:
patch-js_src_jit_ProcessExecutableMemory.cpp
patch-js_src_vm_ArrayBufferObject.cpp
Log Message:
firefox78: Update to 78.4.1. Apply MPROTECT patches from mozjs.
Security Vulnerabilities fixed in Firefox 82.0.3, Firefox ESR 78.4.1, and Thunderbird 78.4.2
#CVE-2020-26950: Write side effects in MCallGetProperty opcode not accounted for
---
Module Name: pkgsrc
Committed By: nia
Date: Wed Nov 18 12:33:45 UTC 2020
Modified Files:
pkgsrc/www/firefox78: Makefile distinfo
Log Message:
firefox78: Update to 78.5.0
Security Vulnerabilities fixed in Firefox ESR 78.5
#CVE-2020-26951: Parsing mismatches could confuse and bypass security
sanitizer for chrome privileged code
#CVE-2020-16012: Variable time processing of cross-origin images during
drawImage calls
#CVE-2020-26953: Fullscreen could be enabled without displaying the security
UI
#CVE-2020-26956: XSS through paste (manual and clipboard API)
#CVE-2020-26958: Requests intercepted through ServiceWorkers lacked MIME
type restrictions
#CVE-2020-26959: Use-after-free in WebRequestService
#CVE-2020-26960: Potential use-after-free in uses of nsTArray
#CVE-2020-15999: Heap buffer overflow in freetype
#CVE-2020-26961: DoH did not filter IPv4 mapped IP Addresses
#CVE-2020-26965: Software keyboards may have remembered typed passwords
#CVE-2020-26966: Single-word search queries were also broadcast to local
network
#CVE-2020-26968: Memory safety bugs fixed in Firefox 83 and Firefox ESR 78.5
diffstat:
www/firefox78/Makefile | 8 +-
www/firefox78/distinfo | 12 +-
www/firefox78/patches/patch-js_src_jit_ProcessExecutableMemory.cpp | 38 ++++++++++
www/firefox78/patches/patch-js_src_vm_ArrayBufferObject.cpp | 24 ++++++
4 files changed, 71 insertions(+), 11 deletions(-)
diffs (123 lines):
diff -r 50bcf783b8d1 -r 8a66189627a6 www/firefox78/Makefile
--- a/www/firefox78/Makefile Tue Nov 24 18:28:37 2020 +0000
+++ b/www/firefox78/Makefile Tue Nov 24 18:29:25 2020 +0000
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.6.2.1 2020/10/23 15:36:35 bsiegert Exp $
+# $NetBSD: Makefile,v 1.6.2.2 2020/11/24 18:29:25 bsiegert Exp $
FIREFOX_VER= ${MOZ_BRANCH}${MOZ_BRANCH_MINOR}
-MOZ_BRANCH= 78.4
+MOZ_BRANCH= 78.5
MOZ_BRANCH_MINOR= .0esr
DISTNAME= firefox-${FIREFOX_VER}.source
@@ -36,10 +36,6 @@
LDFLAGS.Linux+= -lnspr4
LDFLAGS.SunOS+= -lm
-NOT_PAX_MPROTECT_SAFE+= lib/${PKGBASE}/${MOZILLA}
-NOT_PAX_MPROTECT_SAFE+= lib/${PKGBASE}/${MOZILLA}-bin
-NOT_PAX_MPROTECT_SAFE+= lib/${PKGBASE}/plugin-container
-
ALL_ENV+= MOZ_APP_NAME=${MOZILLA}
# Avoid ld "invalid section index" errors.
diff -r 50bcf783b8d1 -r 8a66189627a6 www/firefox78/distinfo
--- a/www/firefox78/distinfo Tue Nov 24 18:28:37 2020 +0000
+++ b/www/firefox78/distinfo Tue Nov 24 18:29:25 2020 +0000
@@ -1,9 +1,9 @@
-$NetBSD: distinfo,v 1.3.2.1 2020/10/23 15:36:35 bsiegert Exp $
+$NetBSD: distinfo,v 1.3.2.2 2020/11/24 18:29:25 bsiegert Exp $
-SHA1 (firefox-78.4.0esr.source.tar.xz) = 4cf96aeedca03d6f84ade360aeb43cae4819342a
-RMD160 (firefox-78.4.0esr.source.tar.xz) = 376ae67b15060906557bb19cd5be385dcf5e6138
-SHA512 (firefox-78.4.0esr.source.tar.xz) = d9de975e9acf7dab6186db877fe2df87a0e9e3c016e884473ecb188025a31032b1fe7f202598285970ed7a48268c7f3e265657708725da4eb7846db85a036246
-Size (firefox-78.4.0esr.source.tar.xz) = 335094656 bytes
+SHA1 (firefox-78.5.0esr.source.tar.xz) = ae46913563ffe92efa7cdaacb818435a4c3d4492
+RMD160 (firefox-78.5.0esr.source.tar.xz) = 53bf565b08f8c743f22e5f61fca8fd98da062a6c
+SHA512 (firefox-78.5.0esr.source.tar.xz) = 0d16013342b6e8d67adb5c111177ea4796db4fb593da8aa254d0d95bdf33fad798c2dbb235d44db4177c32dd2d7b3ac26b938b476342753ee8d6c83d968d0281
+Size (firefox-78.5.0esr.source.tar.xz) = 333995288 bytes
SHA1 (patch-aa) = 11060461fdaca5661e89651b8ded4a59d2abc4d7
SHA1 (patch-browser_app_profile_firefox.js) = 89cea0a66457c96ad0b94aaa524aa5942ad781d0
SHA1 (patch-build_moz.configure_rust.configure) = ee9e207e67709f3c9455b4d22f5f254890e99ca8
@@ -20,8 +20,10 @@
SHA1 (patch-ipc_chromium_src_base_message__pump__libevent.cc) = 4a6606da590cfb8d855bde58b9c6f90e98d0870c
SHA1 (patch-ipc_chromium_src_base_platform__thread__posix.cc) = 35d20981d33ccdb1d8ffb8039e48798777f11658
SHA1 (patch-ipc_glue_GeckoChildProcessHost.cpp) = 260c29bacd8bf265951b7a412f850bf2b292c836
+SHA1 (patch-js_src_jit_ProcessExecutableMemory.cpp) = c75e9ea7124c18be1a051106fcc407ddd1e82e46
SHA1 (patch-js_src_jsfriendapi.h) = 6bbb895b882ee24929f011751c42732215e153a2
SHA1 (patch-js_src_util_NativeStack.cpp) = a0a16d8d8d78d3cc3f4d2a508586f1a7821f7dba
+SHA1 (patch-js_src_vm_ArrayBufferObject.cpp) = ca117633d2aae52d82ec349a0bfb0c03b87898b4
SHA1 (patch-media_ffvpx_libavutil_arm_bswap.h) = de58daa0fd23d4fec50426602b65c9ea5862558a
SHA1 (patch-media_libcubeb_src_cubeb__alsa.c) = 31536f36cb33f16da309527b50eda9b721608115
SHA1 (patch-media_libcubeb_src_moz.build) = e4e64a1135cf4157ae5b6f7c1710ebd076953479
diff -r 50bcf783b8d1 -r 8a66189627a6 www/firefox78/patches/patch-js_src_jit_ProcessExecutableMemory.cpp
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/www/firefox78/patches/patch-js_src_jit_ProcessExecutableMemory.cpp Tue Nov 24 18:29:25 2020 +0000
@@ -0,0 +1,38 @@
+$NetBSD: patch-js_src_jit_ProcessExecutableMemory.cpp,v 1.1.2.2 2020/11/24 18:29:25 bsiegert Exp $
+
+PaX MPROTECT safety for NetBSD.
+
+--- js/src/jit/ProcessExecutableMemory.cpp.orig 2020-10-27 23:47:06.000000000 +0000
++++ js/src/jit/ProcessExecutableMemory.cpp
+@@ -362,9 +362,16 @@ static void* ReserveProcessExecutableMem
+ // Note that randomAddr is just a hint: if the address is not available
+ // mmap will pick a different address.
+ void* randomAddr = ComputeRandomAllocationAddress();
++#ifdef PROT_MPROTECT
++ void* p = MozTaggedAnonymousMmap(randomAddr, bytes,
++ PROT_MPROTECT(PROT_EXEC | PROT_WRITE | PROT_READ),
++ MAP_PRIVATE | MAP_ANON, -1, 0,
++ "js-executable-memory");
++#else
+ void* p = MozTaggedAnonymousMmap(randomAddr, bytes, PROT_NONE,
+ MAP_NORESERVE | MAP_PRIVATE | MAP_ANON, -1,
+ 0, "js-executable-memory");
++#endif
+ if (p == MAP_FAILED) {
+ return nullptr;
+ }
+@@ -409,8 +416,12 @@ static unsigned ProtectionSettingToFlags
+
+ static MOZ_MUST_USE bool CommitPages(void* addr, size_t bytes,
+ ProtectionSetting protection) {
+- void* p = MozTaggedAnonymousMmap(
+- addr, bytes, ProtectionSettingToFlags(protection),
++ void* p = MozTaggedAnonymousMmap(addr, bytes,
++#ifdef PROT_MPROTECT
++ ProtectionSettingToFlags(protection) | PROT_MPROTECT(PROT_EXEC | PROT_WRITE | PROT_READ),
++#else
++ ProtectionSettingToFlags(protection),
++#endif
+ MAP_FIXED | MAP_PRIVATE | MAP_ANON, -1, 0, "js-executable-memory");
+ if (p == MAP_FAILED) {
+ return false;
diff -r 50bcf783b8d1 -r 8a66189627a6 www/firefox78/patches/patch-js_src_vm_ArrayBufferObject.cpp
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/www/firefox78/patches/patch-js_src_vm_ArrayBufferObject.cpp Tue Nov 24 18:29:25 2020 +0000
@@ -0,0 +1,24 @@
+$NetBSD: patch-js_src_vm_ArrayBufferObject.cpp,v 1.1.2.2 2020/11/24 18:29:25 bsiegert Exp $
+
+PaX MPROTECT safety for NetBSD.
+
+--- js/src/vm/ArrayBufferObject.cpp.orig 2020-10-27 23:48:08.000000000 +0000
++++ js/src/vm/ArrayBufferObject.cpp
+@@ -165,9 +165,17 @@ void* js::MapBufferMemory(size_t mappedS
+ return nullptr;
+ }
+ #else // XP_WIN
++
++#ifdef PROT_MPROTECT
++ void* data =
++ MozTaggedAnonymousMmap(nullptr, mappedSize,
++ PROT_MPROTECT(PROT_EXEC | PROT_WRITE | PROT_READ),
++ MAP_PRIVATE | MAP_ANON, -1, 0, "wasm-reserved");
++#else
+ void* data =
+ MozTaggedAnonymousMmap(nullptr, mappedSize, PROT_NONE,
+ MAP_PRIVATE | MAP_ANON, -1, 0, "wasm-reserved");
++#endif
+ if (data == MAP_FAILED) {
+ return nullptr;
+ }
Home |
Main Index |
Thread Index |
Old Index