diff options
author | maya <maya@pkgsrc.org> | 2018-03-26 23:33:24 +0000 |
---|---|---|
committer | maya <maya@pkgsrc.org> | 2018-03-26 23:33:24 +0000 |
commit | f6945103e34b9d880be119466b30708fb55c8383 (patch) | |
tree | 39db3d14f0123c9ddfaf45cd26d3b4cd00ac2da6 /www | |
parent | 737c3f3e7ad284524fc52f61408a5d9c0f476363 (diff) | |
download | pkgsrc-f6945103e34b9d880be119466b30708fb55c8383.tar.gz |
firefox52: update to 52.7.3
CVE-2018-5148: Use-after-free in compositor
A use-after-free vulnerability can occur in the compositor during certain
graphics operations when a raw pointer is used instead of a reference
counted one. This results in a potentially exploitable crash.
Diffstat (limited to 'www')
-rw-r--r-- | www/firefox52/Makefile | 5 | ||||
-rw-r--r-- | www/firefox52/distinfo | 11 | ||||
-rw-r--r-- | www/firefox52/patches/patch-CVE-2018-5147 | 79 |
3 files changed, 7 insertions, 88 deletions
diff --git a/www/firefox52/Makefile b/www/firefox52/Makefile index 81b2174b273..7997ecb2dc6 100644 --- a/www/firefox52/Makefile +++ b/www/firefox52/Makefile @@ -1,12 +1,11 @@ -# $NetBSD: Makefile,v 1.19 2018/03/17 00:23:15 maya Exp $ +# $NetBSD: Makefile,v 1.20 2018/03/26 23:33:24 maya Exp $ FIREFOX_VER= ${MOZ_BRANCH}${MOZ_BRANCH_MINOR} MOZ_BRANCH= 52.7 -MOZ_BRANCH_MINOR= .2esr +MOZ_BRANCH_MINOR= .3esr DISTNAME= firefox-${FIREFOX_VER}.source PKGNAME= firefox52-${MOZ_BRANCH}${MOZ_BRANCH_MINOR:S/b/beta/:S/esr//} -PKGREVISION= 1 CATEGORIES= www MASTER_SITES+= ${MASTER_SITE_MOZILLA:=firefox/releases/${FIREFOX_VER}/source/} MASTER_SITES+= ${MASTER_SITE_MOZILLA_ALL:=firefox/releases/${FIREFOX_VER}/source/} diff --git a/www/firefox52/distinfo b/www/firefox52/distinfo index 3c976d3a73b..dead0dd0fe7 100644 --- a/www/firefox52/distinfo +++ b/www/firefox52/distinfo @@ -1,10 +1,9 @@ -$NetBSD: distinfo,v 1.12 2018/03/17 00:23:15 maya Exp $ +$NetBSD: distinfo,v 1.13 2018/03/26 23:33:24 maya Exp $ -SHA1 (firefox-52.7.2esr.source.tar.xz) = 7895d445ee7fa7f51ce253483250c7915e74a45e -RMD160 (firefox-52.7.2esr.source.tar.xz) = d8c6c6a7ee0dfe55bd87467aca5709ea82a0050a -SHA512 (firefox-52.7.2esr.source.tar.xz) = e275fd10fd32a0dc237135af3395e3a1ae501844632c973ff3b9bca1456702ee36dbee99fc57300598403c924c0db63bd62a199845c8f4a2e29db5d1e5973395 -Size (firefox-52.7.2esr.source.tar.xz) = 212673520 bytes -SHA1 (patch-CVE-2018-5147) = 04e45d580fde5a44dec4f2e4d617d5302bd3fa44 +SHA1 (firefox-52.7.3esr.source.tar.xz) = 554190b6cbaab895ced8061abfd9ac6c955950f4 +RMD160 (firefox-52.7.3esr.source.tar.xz) = 0b687edea6b60fb3ad4cb5dc02655abc8b8fa94c +SHA512 (firefox-52.7.3esr.source.tar.xz) = fc5530d8ff5b7f6cd8d9f677d65dee3c1489401c9c9b88258f2e59c7796975cfb7f0b8ccfdf80ae92a6644f51f70de8733c334e4673cad9b8813cca33ae3e1c3 +Size (firefox-52.7.3esr.source.tar.xz) = 213945524 bytes SHA1 (patch-aa) = c1084caa275e57b716c3499301f7fc3f99ef5026 SHA1 (patch-ao) = 8b7125ef3b193fca4d03386142887b2f8d5015c5 SHA1 (patch-as) = 632ebd35287f8f97d18721d39a0514d4cdbb12cc diff --git a/www/firefox52/patches/patch-CVE-2018-5147 b/www/firefox52/patches/patch-CVE-2018-5147 deleted file mode 100644 index c544107784c..00000000000 --- a/www/firefox52/patches/patch-CVE-2018-5147 +++ /dev/null @@ -1,79 +0,0 @@ -$NetBSD: patch-CVE-2018-5147,v 1.1 2018/03/17 00:23:15 maya Exp $ - -CVE-2018-5147: Prevent out-of-bounds write in codebook decoding. - -Codebooks that are not an exact divisor of the partition size are now -truncated to fit within the partition. - ---- media/libtremor/lib/tremor_codebook.c.orig 2017-04-11 02:13:12.000000000 +0000 -+++ media/libtremor/lib/tremor_codebook.c -@@ -258,7 +258,7 @@ long vorbis_book_decodevs_add(codebook * - t[i] = book->valuelist+entry[i]*book->dim; - } - for(i=0,o=0;i<book->dim;i++,o+=step) -- for (j=0;j<step;j++) -+ for (j=0;o+j<n && j<step;j++) - a[o+j]+=t[j][i]>>shift; - }else{ - for (i = 0; i < step; i++) { -@@ -267,7 +267,7 @@ long vorbis_book_decodevs_add(codebook * - t[i] = book->valuelist+entry[i]*book->dim; - } - for(i=0,o=0;i<book->dim;i++,o+=step) -- for (j=0;j<step;j++) -+ for (j=0;o+j<n && j<step;j++) - a[o+j]+=t[j][i]<<-shift; - } - } -@@ -287,7 +287,7 @@ long vorbis_book_decodev_add(codebook *b - entry = decode_packed_entry_number(book,b); - if(entry==-1)return(-1); - t = book->valuelist+entry*book->dim; -- for (j=0;j<book->dim;) -+ for (j=0;i<n && j<book->dim;) - a[i++]+=t[j++]>>shift; - } - }else{ -@@ -295,7 +295,7 @@ long vorbis_book_decodev_add(codebook *b - entry = decode_packed_entry_number(book,b); - if(entry==-1)return(-1); - t = book->valuelist+entry*book->dim; -- for (j=0;j<book->dim;) -+ for (j=0;i<n && j<book->dim;) - a[i++]+=t[j++]<<-shift; - } - } -@@ -352,15 +352,15 @@ long vorbis_book_decodevv_add(codebook * - long i,j,entry; - int chptr=0; - int shift=point-book->binarypoint; -- -+ int m=offset+n; - if(shift>=0){ - -- for(i=offset;i<offset+n;){ -+ for(i=offset;i<m;){ - entry = decode_packed_entry_number(book,b); - if(entry==-1)return(-1); - { - const ogg_int32_t *t = book->valuelist+entry*book->dim; -- for (j=0;j<book->dim;j++){ -+ for (j=0;i<m && j<book->dim;j++){ - a[chptr++][i]+=t[j]>>shift; - if(chptr==ch){ - chptr=0; -@@ -371,12 +371,12 @@ long vorbis_book_decodevv_add(codebook * - } - }else{ - -- for(i=offset;i<offset+n;){ -+ for(i=offset;i<m;){ - entry = decode_packed_entry_number(book,b); - if(entry==-1)return(-1); - { - const ogg_int32_t *t = book->valuelist+entry*book->dim; -- for (j=0;j<book->dim;j++){ -+ for (j=0;i<m && j<book->dim;j++){ - a[chptr++][i]+=t[j]<<-shift; - if(chptr==ch){ - chptr=0; |