From 1b29572413710a3c231e8fbc5f34389eed1ee9be Mon Sep 17 00:00:00 2001 From: bsiegert Date: Sat, 7 Dec 2019 10:50:33 +0000 Subject: Pullup ticket #6090 - requested by nia www/firefox68: security fix Revisions pulled up: - www/firefox68/Makefile 1.3 - www/firefox68/PLIST 1.2 - www/firefox68/distinfo 1.2 --- Module Name: pkgsrc Committed By: ryoon Date: Tue Nov 5 17:14:30 UTC 2019 Modified Files: pkgsrc/www/firefox68: Makefile PLIST distinfo Log Message: Update to 68.2.0 with patch from Piotr Meyer Changelog: Security fixes: #CVE-2019-15903: Heap overflow in expat library in XML_GetCurrentLineNumber #CVE-2019-11757: Use-after-free when creating index updates in IndexedDB #CVE-2019-11758: Potentially exploitable crash due to 360 Total Security #CVE-2019-11759: Stack buffer overflow in HKDF output #CVE-2019-11760: Stack buffer overflow in WebRTC networking #CVE-2019-11761: Unintended access to a privileged JSONView object #CVE-2019-11762: document.domain-based origin isolation has same-origin-property violation #CVE-2019-11763: Incorrect HTML parsing results in XSS bypass technique #CVE-2019-11764: Memory safety bugs fixed in Firefox 70 and Firefox ESR 68.2 --- www/firefox68/Makefile | 4 ++-- www/firefox68/PLIST | 24 ++++++++++++++++++++++-- www/firefox68/distinfo | 10 +++++----- 3 files changed, 29 insertions(+), 9 deletions(-) diff --git a/www/firefox68/Makefile b/www/firefox68/Makefile index 77847823e2e..abf14e8a1fb 100644 --- a/www/firefox68/Makefile +++ b/www/firefox68/Makefile @@ -1,7 +1,7 @@ -# $NetBSD: Makefile,v 1.1 2019/09/21 07:31:43 ryoon Exp $ +# $NetBSD: Makefile,v 1.1.2.1 2019/12/07 10:50:33 bsiegert Exp $ FIREFOX_VER= ${MOZ_BRANCH}${MOZ_BRANCH_MINOR} -MOZ_BRANCH= 68.1 +MOZ_BRANCH= 68.2 MOZ_BRANCH_MINOR= .0esr DISTNAME= firefox-${FIREFOX_VER}.source diff --git a/www/firefox68/PLIST b/www/firefox68/PLIST index 1aacc03a08c..65c8591d9ab 100644 --- a/www/firefox68/PLIST +++ b/www/firefox68/PLIST @@ -1,4 +1,4 @@ -@comment $NetBSD: PLIST,v 1.1 2019/09/21 07:31:43 ryoon Exp $ +@comment $NetBSD: PLIST,v 1.1.2.1 2019/12/07 10:50:33 bsiegert Exp $ bin/firefox68 lib/firefox68/actors/AudioPlaybackChild.jsm lib/firefox68/actors/AutoplayChild.jsm @@ -1671,6 +1671,7 @@ lib/firefox68/browser/chrome/devtools/content/shared/splitview.css lib/firefox68/browser/chrome/devtools/content/shared/theme-switching.js lib/firefox68/browser/chrome/devtools/content/shared/vendor/d3.js lib/firefox68/browser/chrome/devtools/content/shared/vendor/dagre-d3.js +lib/firefox68/browser/chrome/devtools/content/shared/webextension-fallback.html lib/firefox68/browser/chrome/devtools/content/shared/widgets/VariablesView.xul lib/firefox68/browser/chrome/devtools/content/shared/widgets/cubic-bezier.css lib/firefox68/browser/chrome/devtools/content/shared/widgets/filter-widget.css @@ -2823,7 +2824,6 @@ lib/firefox68/browser/chrome/devtools/modules/devtools/client/shared/demangle.js lib/firefox68/browser/chrome/devtools/modules/devtools/client/shared/devices.js lib/firefox68/browser/chrome/devtools/modules/devtools/client/shared/enum.js lib/firefox68/browser/chrome/devtools/modules/devtools/client/shared/events.js -lib/firefox68/browser/chrome/devtools/modules/devtools/client/shared/file-saver.js lib/firefox68/browser/chrome/devtools/modules/devtools/client/shared/focus.js lib/firefox68/browser/chrome/devtools/modules/devtools/client/shared/getjson.js lib/firefox68/browser/chrome/devtools/modules/devtools/client/shared/inplace-editor.js @@ -4243,6 +4243,10 @@ lib/firefox68/browser/features/webcompat@mozilla.org/data/injections.js lib/firefox68/browser/features/webcompat@mozilla.org/data/ua_overrides.js lib/firefox68/browser/features/webcompat@mozilla.org/experiment-apis/aboutConfigPrefs.js lib/firefox68/browser/features/webcompat@mozilla.org/experiment-apis/aboutConfigPrefs.json +lib/firefox68/browser/features/webcompat@mozilla.org/experiment-apis/experiments.js +lib/firefox68/browser/features/webcompat@mozilla.org/experiment-apis/experiments.json +lib/firefox68/browser/features/webcompat@mozilla.org/experiment-apis/sharedPreferences.js +lib/firefox68/browser/features/webcompat@mozilla.org/experiment-apis/sharedPreferences.json lib/firefox68/browser/features/webcompat@mozilla.org/injections/css/bug0000000-testbed-css-injection.css lib/firefox68/browser/features/webcompat@mozilla.org/injections/css/bug1305028-gaming.youtube.com-webkit-scrollbar.css lib/firefox68/browser/features/webcompat@mozilla.org/injections/css/bug1432935-breitbart.com-webkit-scrollbar.css @@ -4252,13 +4256,27 @@ lib/firefox68/browser/features/webcompat@mozilla.org/injections/css/bug1526977-s lib/firefox68/browser/features/webcompat@mozilla.org/injections/css/bug1561371-mail.google.com-allow-horizontal-scrolling.css lib/firefox68/browser/features/webcompat@mozilla.org/injections/css/bug1567610-dns.google.com-moz-fit-content.css lib/firefox68/browser/features/webcompat@mozilla.org/injections/css/bug1568256-zertifikate.commerzbank.de-flex.css +lib/firefox68/browser/features/webcompat@mozilla.org/injections/css/bug1568908-console.cloud.google.com-scrollbar-fix.css +lib/firefox68/browser/features/webcompat@mozilla.org/injections/css/bug1570119-teamcoco.com-scrollbar-width.css +lib/firefox68/browser/features/webcompat@mozilla.org/injections/css/bug1570328-developer-apple.com-transform-scale.css +lib/firefox68/browser/features/webcompat@mozilla.org/injections/css/bug1574973-patch.com-dropdown-menu-fix.css +lib/firefox68/browser/features/webcompat@mozilla.org/injections/css/bug1575000-apply.lloydsbank.co.uk-radio-buttons-fix.css +lib/firefox68/browser/features/webcompat@mozilla.org/injections/css/bug1575011-holiday-weather.com-scrolling-fix.css +lib/firefox68/browser/features/webcompat@mozilla.org/injections/css/bug1575017-dunkindonuts.com-flex-basis.css +lib/firefox68/browser/features/webcompat@mozilla.org/injections/css/bug1577270-binance.com-calc-height-fix.css +lib/firefox68/browser/features/webcompat@mozilla.org/injections/css/bug1577297-kitkat.com.au-slider-width-fix.css lib/firefox68/browser/features/webcompat@mozilla.org/injections/js/bug0000000-testbed-js-injection.js lib/firefox68/browser/features/webcompat@mozilla.org/injections/js/bug1452707-window.controllers-shim-ib.absa.co.za.js lib/firefox68/browser/features/webcompat@mozilla.org/injections/js/bug1457335-histography.io-ua-change.js lib/firefox68/browser/features/webcompat@mozilla.org/injections/js/bug1472075-bankofamerica.com-ua-change.js lib/firefox68/browser/features/webcompat@mozilla.org/injections/js/bug1472081-election.gov.np-window.sidebar-shim.js lib/firefox68/browser/features/webcompat@mozilla.org/injections/js/bug1482066-portalminasnet.com-window.sidebar-shim.js +lib/firefox68/browser/features/webcompat@mozilla.org/injections/js/bug1570856-medium.com-menu-isTier1.js +lib/firefox68/browser/features/webcompat@mozilla.org/injections/js/bug1577245-salesforce-communities-hide-unsupported.js +lib/firefox68/browser/features/webcompat@mozilla.org/injections/js/bug1579159-m.tailieu.vn-pdfjs-worker-disable.js lib/firefox68/browser/features/webcompat@mozilla.org/lib/about_compat_broker.js +lib/firefox68/browser/features/webcompat@mozilla.org/lib/custom_functions.js +lib/firefox68/browser/features/webcompat@mozilla.org/lib/google.js lib/firefox68/browser/features/webcompat@mozilla.org/lib/injections.js lib/firefox68/browser/features/webcompat@mozilla.org/lib/module_shim.js lib/firefox68/browser/features/webcompat@mozilla.org/lib/ua_overrides.js @@ -4364,6 +4382,7 @@ lib/firefox68/browser/modules/ProfileMigrator.jsm lib/firefox68/browser/modules/ReaderParent.jsm lib/firefox68/browser/modules/RemotePrompt.jsm lib/firefox68/browser/modules/Sanitizer.jsm +lib/firefox68/browser/modules/ScreenshotChild.jsm lib/firefox68/browser/modules/SearchTelemetry.jsm lib/firefox68/browser/modules/SearchWidgetTracker.jsm lib/firefox68/browser/modules/SelectionChangedMenulist.jsm @@ -5405,6 +5424,7 @@ lib/firefox68/modules/GMPExtractorWorker.js lib/firefox68/modules/GMPInstallManager.jsm lib/firefox68/modules/GMPUtils.jsm lib/firefox68/modules/Geometry.jsm +lib/firefox68/modules/HiddenFrame.jsm lib/firefox68/modules/HTMLMenuBuilder.jsm lib/firefox68/modules/HealthPing.jsm lib/firefox68/modules/HelperAppDlg.jsm diff --git a/www/firefox68/distinfo b/www/firefox68/distinfo index 83d8942b5a8..b452b6c9651 100644 --- a/www/firefox68/distinfo +++ b/www/firefox68/distinfo @@ -1,9 +1,9 @@ -$NetBSD: distinfo,v 1.1 2019/09/21 07:31:43 ryoon Exp $ +$NetBSD: distinfo,v 1.1.2.1 2019/12/07 10:50:33 bsiegert Exp $ -SHA1 (firefox-68.1.0esr.source.tar.xz) = c24f8036294edba40fd36f52a9dbe2cfe30cd229 -RMD160 (firefox-68.1.0esr.source.tar.xz) = e1088f9a8b70878d8951010879a920c4c2126955 -SHA512 (firefox-68.1.0esr.source.tar.xz) = a53b04b6a4fc98065596117b6bc0aee40c36f74bca02dc7486fda7e9556ad6f221f5ead94db1dc5db572f277556a21b22a0395dae107b67336ca91e33df9882c -Size (firefox-68.1.0esr.source.tar.xz) = 312155752 bytes +SHA1 (firefox-68.2.0esr.source.tar.xz) = 19815556c558a99ea76b4abb357eddb684cfd05a +RMD160 (firefox-68.2.0esr.source.tar.xz) = 25c7447814adb99efea7632b539312becd3b9096 +SHA512 (firefox-68.2.0esr.source.tar.xz) = f6522ca6b9efa3fdeb866912ab9cb904eaace5806c606d5721cba23aebd679885670011c743ca8d381b579b728077182dc766f9b6d3b31ccf51c3eb583c547ee +Size (firefox-68.2.0esr.source.tar.xz) = 312103756 bytes SHA1 (patch-aa) = 1f292aae7d37bd480ba834324b737bfebee52503 SHA1 (patch-browser_app_profile_firefox.js) = 076cc2892547bac07fe907533f4e821f13f5738e SHA1 (patch-build_moz.configure_old.configure) = 05963b12fd908d90e3378b30cff7e48291b8a447 -- cgit v1.2.3