head 1.27; access; symbols pkgsrc-2022Q2:1.26.0.6 pkgsrc-2022Q2-base:1.26 pkgsrc-2022Q1:1.26.0.4 pkgsrc-2022Q1-base:1.26 pkgsrc-2021Q4:1.26.0.2 pkgsrc-2021Q4-base:1.26 pkgsrc-2021Q3:1.24.0.4 pkgsrc-2021Q3-base:1.24 pkgsrc-2021Q2:1.24.0.2 pkgsrc-2021Q2-base:1.24 pkgsrc-2021Q1:1.23.0.6 pkgsrc-2021Q1-base:1.23 pkgsrc-2020Q4:1.23.0.4 pkgsrc-2020Q4-base:1.23 pkgsrc-2020Q3:1.23.0.2 pkgsrc-2020Q3-base:1.23 pkgsrc-2020Q2:1.18.0.2 pkgsrc-2020Q2-base:1.18 pkgsrc-2020Q1:1.11.0.2 pkgsrc-2020Q1-base:1.11 pkgsrc-2019Q4:1.5.0.4 pkgsrc-2019Q4-base:1.5 pkgsrc-2019Q3:1.1.0.2 pkgsrc-2019Q3-base:1.1; locks; strict; comment @# @; 1.27 date 2022.08.04.15.15.38; author nia; state dead; branches; next 1.26; commitid pgNsgJvrF48qDzOD; 1.26 date 2021.10.26.11.29.27; author nia; state Exp; branches; next 1.25; commitid Gv0TNLbuylhFsjeD; 1.25 date 2021.10.07.15.07.11; author nia; state Exp; branches; next 1.24; commitid kEwAbZZbki9jhTbD; 1.24 date 2021.06.18.13.30.31; author nia; state Exp; branches; next 1.23; commitid uwUnFyksVkhujCXC; 1.23 date 2020.08.29.18.39.34; author nia; state Exp; branches; next 1.22; commitid JQm2D7tEHFLirZlC; 1.22 date 2020.08.07.09.09.48; author maya; state Exp; branches; next 1.21; commitid l9plruADtsxwZ6jC; 1.21 date 2020.07.29.14.20.30; author nia; state Exp; branches; next 1.20; commitid nxOx2amiNKmi0ZhC; 1.20 date 2020.07.15.19.52.23; author riastradh; state Exp; branches; next 1.19; commitid MDIXuUK6qiE6idgC; 1.19 date 2020.07.07.16.44.11; author nia; state Exp; branches; next 1.18; commitid aITNpyTjrWo9vafC; 1.18 date 2020.06.17.17.59.25; author nia; state Exp; branches 1.18.2.1; next 1.17; commitid wDoRjnPr4z8azBcC; 1.17 date 2020.06.15.10.04.03; author nia; state Exp; branches; next 1.16; commitid 2Bx1JXy2139KYicC; 1.16 date 2020.06.03.13.00.24; author nia; state Exp; branches; next 1.15; commitid wPfuJkeBeCAomMaC; 1.15 date 2020.05.09.13.08.01; author nia; state Exp; branches; next 1.14; commitid KuPqQ8ogGkMtcz7C; 1.14 date 2020.04.10.10.41.50; author nia; state Exp; branches; next 1.13; commitid MkY46qT27Vt4kP3C; 1.13 date 2020.04.04.15.26.42; author nia; state Exp; branches; next 1.12; commitid 5g1HkiwEPiDX553C; 1.12 date 2020.03.30.19.46.03; author joerg; state Exp; branches; next 1.11; commitid U1R5aWqr1NdQGs2C; 1.11 date 2020.03.12.19.39.35; author nia; state Exp; branches 1.11.2.1; next 1.10; commitid AHfPmcD3PoIpe90C; 1.10 date 2020.02.15.12.48.22; author nia; state Exp; branches; next 1.9; commitid gIH2KPsgX8m8NLWB; 1.9 date 2020.02.08.22.06.38; author kamil; state Exp; branches; next 1.8; commitid lRsFHeE4pEaU6VVB; 1.8 date 2020.01.22.13.36.27; author ryoon; state Exp; branches; next 1.7; commitid UTzKDHYZA2vSPGTB; 1.7 date 2020.01.09.20.51.59; author nia; state Exp; branches; next 1.6; commitid b2jz82VtnnV1F3SB; 1.6 date 2020.01.08.21.49.32; author nia; state Exp; branches; next 1.5; commitid aHDwIdADiFED0WRB; 1.5 date 2019.12.08.20.09.41; author nia; state Exp; branches 1.5.4.1; next 1.4; commitid UYhc6v0EXEm3sWNB; 1.4 date 2019.11.27.16.22.27; author jakllsch; state Exp; branches; next 1.3; commitid DaCKX4TFqPhZxvMB; 1.3 date 2019.11.18.12.09.15; author ryoon; state Exp; branches; next 1.2; commitid wTPG9VHdxvgvrkLB; 1.2 date 2019.11.05.17.14.30; author ryoon; state Exp; branches; next 1.1; commitid UGO2Lt8dv2c7yGJB; 1.1 date 2019.09.21.07.31.43; author ryoon; state Exp; branches 1.1.2.1; next ; commitid M01M6WIfULQTLQDB; 1.18.2.1 date 2020.07.09.08.07.51; author bsiegert; state Exp; branches; next 1.18.2.2; commitid eUaVil7AWCBnAnfC; 1.18.2.2 date 2020.07.30.18.13.52; author bsiegert; state Exp; branches; next ; commitid nW4SbmUdsFvqg8iC; 1.11.2.1 date 2020.04.09.10.53.14; author bsiegert; state Exp; branches; next 1.11.2.2; commitid 0uGH5NIbHZFsqH3C; 1.11.2.2 date 2020.04.11.12.39.25; author bsiegert; state Exp; branches; next 1.11.2.3; commitid GvYSIAiRvwyUWX3C; 1.11.2.3 date 2020.05.13.13.40.16; author bsiegert; state Exp; branches; next 1.11.2.4; commitid KNEbuavxflr0g58C; 1.11.2.4 date 2020.06.04.11.36.28; author bsiegert; state Exp; branches; next ; commitid HLVqELQD90NGRTaC; 1.5.4.1 date 2020.01.10.13.56.19; author bsiegert; state Exp; branches; next 1.5.4.2; commitid AGALNGrEvNfDk9SB; 1.5.4.2 date 2020.02.23.11.50.10; author bsiegert; state Exp; branches; next 1.5.4.3; commitid qCbnyRf6iM9FdNXB; 1.5.4.3 date 2020.03.13.20.02.44; author bsiegert; state Exp; branches; next ; commitid d85Q4AaYIrGMkh0C; 1.1.2.1 date 2019.12.07.10.50.33; author bsiegert; state Exp; branches; next ; commitid XzBPyjRZB0VEoLNB; desc @@ 1.27 log @Remove firefox68. This was kept due to being the last LTS release of Firefox that functioned on NetBSD 8, but it's now so far gone, many dependencies of this aren't compiling with the old toolchain and userspace... Users of platforms like NetBSD 8 might have an easier time using arcticfox instead. @ text @$NetBSD: distinfo,v 1.26 2021/10/26 11:29:27 nia Exp $ BLAKE2s (firefox-68.12.0esr.source.tar.xz) = 9ece2f370f5d037b2290ef195f522242d4f9f82183491a52af18b0466a9dfc3e SHA512 (firefox-68.12.0esr.source.tar.xz) = 839b02422e4c87bdb12e0995cd35ca8c1996f3fba00bbb46b419e46b67df5ec48a264cb14632db777ce29166ee4fdcb06e2ee3ce847e64328c58c9a2f9129f4c Size (firefox-68.12.0esr.source.tar.xz) = 313856956 bytes SHA1 (patch-aa) = 9f7200c411cd2217a80ec10a276c8877bc6b845c SHA1 (patch-browser_app_profile_firefox.js) = cf93582b68b8d4e72c3c25682ab9138e185418c8 SHA1 (patch-build_moz.configure_rust.configure) = b57a9b1451dc426d75774f73d7c05fc98fe6e317 SHA1 (patch-config_gcc-stl-wrapper.template.h) = 11b45e0c7a9399c5b74b170648280a388dd67d89 SHA1 (patch-config_makefiles_rust.mk) = 564169b2a1ef7f378caa8ba8962b9cf3baf01735 SHA1 (patch-dom_base_nsAttrName.h) = ac7ba441a3b27df2855cf2673eea36b1cb44ad49 SHA1 (patch-dom_indexedDB_ActorsParent.cpp) = ebc9890d2973bcb59d387033509cb158799d4778 SHA1 (patch-dom_indexedDB_IDBCursor.cpp) = 5a4120964c983526c877d19d9b2bdacb1b1f951a SHA1 (patch-dom_indexedDB_IDBDatabase.cpp) = a617b2ed89809b7026580e315329114b1e87a939 SHA1 (patch-dom_indexedDB_IDBObjectStore.cpp) = cf2bcb19bf24f82a0bab181999ad44f5d297e16e SHA1 (patch-dom_indexedDB_IDBTransaction.cpp) = c07207e5c95425f5f291857a4fa130879463d09a SHA1 (patch-dom_indexedDB_IDBTransaction.h) = 7a8f72531abd14a7763e21898135aa3032b41d00 SHA1 (patch-dom_indexedDB_ProfilerHelpers.h) = 755a20c5d4c84968e1759f189d24bd9b3c8c7d30 SHA1 (patch-dom_media_CubebUtils.cpp) = 3cd2c65ab281d802c56216565970450767a3fb24 SHA1 (patch-dom_webauthn_u2f-hid-rs_src_lib.rs) = c0dfe8b1e7ebbc7c1d6066c204030f13b063b8d7 SHA1 (patch-dom_webauthn_u2f-hid-rs_src_netbsd_device.rs) = 091ffab5bd6a15425acb2ab023cc26f6b23324c6 SHA1 (patch-dom_webauthn_u2f-hid-rs_src_netbsd_fd.rs) = 57f5c3c879b07375234e5cb0cbe0469b15105a6a SHA1 (patch-dom_webauthn_u2f-hid-rs_src_netbsd_mod.rs) = 7160fc9fe6d197b42104856b997337f823d2a791 SHA1 (patch-dom_webauthn_u2f-hid-rs_src_netbsd_monitor.rs) = 527722bd4fbf0aca07d710e0a8b73f95b2adad40 SHA1 (patch-dom_webauthn_u2f-hid-rs_src_netbsd_transaction.rs) = aeafe7c1df614bb5e46cb7fb1cb351001f292caf SHA1 (patch-dom_webauthn_u2f-hid-rs_src_netbsd_uhid.rs) = c1d2157350803fb3eaef6f7a00e7c81dd9cf708b SHA1 (patch-gfx_angle_checkout_src_common_third__party_smhasher_src_PMurHash.cpp) = e458c9c8dc66edc69c1874734af28a77fc5e3993 SHA1 (patch-gfx_angle_checkout_src_compiler_translator_InfoSink.h) = 2f73c76c48852613e0c55c1680fcc2a9eb3cf4ef SHA1 (patch-gfx_gl_GLContextProviderGLX.cpp) = 2c909a10a341e600392417240ad0c556f495d6ba SHA1 (patch-gfx_skia_skia_src_core_SkCpu.cpp) = 36218819254f3681b9c717d652ea78c9f20d49ad SHA1 (patch-gfx_thebes_gfxPlatform.cpp) = e4a25e4a96055b1c42ec018b02d1828257a571de SHA1 (patch-ipc_chromium_src_base_message__pump__libevent.cc) = 4a6606da590cfb8d855bde58b9c6f90e98d0870c SHA1 (patch-ipc_chromium_src_base_platform__thread__posix.cc) = 35d20981d33ccdb1d8ffb8039e48798777f11658 SHA1 (patch-ipc_chromium_src_chrome_common_ipc__channel__posix.cc) = d634805bf3b02475081cb2f263e91e3f4c481a29 SHA1 (patch-ipc_glue_GeckoChildProcessHost.cpp) = 260c29bacd8bf265951b7a412f850bf2b292c836 SHA1 (patch-js_src_threading_posix_Thread.cpp) = 47e612a676e614fd6dd43b8a3140218a3fbdc7fa SHA1 (patch-js_src_util_NativeStack.cpp) = 2c6f844d38343f40ebbc8fd665279256e4ae6d35 SHA1 (patch-media_ffvpx_libavutil_arm_bswap.h) = de58daa0fd23d4fec50426602b65c9ea5862558a SHA1 (patch-media_libcubeb_gtest_moz.build) = ea6dcc7ceeb76ce1fb9d508cf43080a2eef3a9e4 SHA1 (patch-media_libcubeb_src_cubeb.c) = dcc173f0bef8b7b12c45739bf04577f3292a517e SHA1 (patch-media_libcubeb_src_cubeb__alsa.c) = f359a66a22f11142d05746e15894d998d3e3bf5a SHA1 (patch-media_libcubeb_src_moz.build) = 7d66d9e0d7129b2106885201f88355262ee1a22a SHA1 (patch-media_libcubeb_update.sh) = 8dcc4ca8e2812b4063f28e5d6308abbee0b1c9d9 SHA1 (patch-media_libpng_pngpriv.h) = c8084332560017cd7c9b519b61d125fa28af0dbc SHA1 (patch-nsprpub_pr_src_pthreads_ptsynch.c) = c39a222c5ab16c26cb214e5e53a0b61291a00512 SHA1 (patch-toolkit_components_terminator_nsTerminator.cpp) = e5700d95302ef9672b404ab19e13ef7ba3ede5cf SHA1 (patch-toolkit_library_moz.build) = 57516a1cc888fdbaf39ba90f73e5de488ad1f01e SHA1 (patch-toolkit_modules_subprocess_subprocess__shared__unix.js) = 22a39e54e042ab2270a3cb54e4e307c8900cad12 SHA1 (patch-toolkit_moz.configure) = 40ee147cc1d2c62dd6c83b3f67ce9e61f758ea57 SHA1 (patch-toolkit_mozapps_installer_packager.mk) = b2343fbad2556504dfd13601c02e6e2357c7d2bc SHA1 (patch-toolkit_xre_glxtest.cpp) = 04942938f45f326c7d5c4da3bf8cc2d09b977c69 SHA1 (patch-xpcom_base_nscore.h) = 1ac4d34d3c9e80bc1ac966c6c84cb320bc0fa1ec SHA1 (patch-xpcom_reflect_xptcall_md_unix_moz.build) = 6956c90d4c74c71e7e9a5882e4840ba2673160fa @ 1.26 log @www: Replace RMD160 checksums with BLAKE2s checksums All checksums have been double-checked against existing RMD160 and SHA512 hashes Not committed (merge conflicts): www/nghttp2/distinfo Unfetchable distfiles (almost certainly fetched conditionally...): ./www/nginx-devel/distinfo array-var-nginx-module-0.05.tar.gz ./www/nginx-devel/distinfo echo-nginx-module-0.62.tar.gz ./www/nginx-devel/distinfo encrypted-session-nginx-module-0.08.tar.gz ./www/nginx-devel/distinfo form-input-nginx-module-0.12.tar.gz ./www/nginx-devel/distinfo headers-more-nginx-module-0.33.tar.gz ./www/nginx-devel/distinfo lua-nginx-module-0.10.19.tar.gz ./www/nginx-devel/distinfo naxsi-1.3.tar.gz ./www/nginx-devel/distinfo nginx-dav-ext-module-3.0.0.tar.gz ./www/nginx-devel/distinfo nginx-rtmp-module-1.2.2.tar.gz ./www/nginx-devel/distinfo nginx_http_push_module-1.2.10.tar.gz ./www/nginx-devel/distinfo ngx_cache_purge-2.5.1.tar.gz ./www/nginx-devel/distinfo ngx_devel_kit-0.3.1.tar.gz ./www/nginx-devel/distinfo ngx_http_geoip2_module-3.3.tar.gz ./www/nginx-devel/distinfo njs-0.5.0.tar.gz ./www/nginx-devel/distinfo set-misc-nginx-module-0.32.tar.gz ./www/nginx/distinfo array-var-nginx-module-0.05.tar.gz ./www/nginx/distinfo echo-nginx-module-0.62.tar.gz ./www/nginx/distinfo encrypted-session-nginx-module-0.08.tar.gz ./www/nginx/distinfo form-input-nginx-module-0.12.tar.gz ./www/nginx/distinfo headers-more-nginx-module-0.33.tar.gz ./www/nginx/distinfo lua-nginx-module-0.10.19.tar.gz ./www/nginx/distinfo naxsi-1.3.tar.gz ./www/nginx/distinfo nginx-dav-ext-module-3.0.0.tar.gz ./www/nginx/distinfo nginx-rtmp-module-1.2.2.tar.gz ./www/nginx/distinfo nginx_http_push_module-1.2.10.tar.gz ./www/nginx/distinfo ngx_cache_purge-2.5.1.tar.gz ./www/nginx/distinfo ngx_devel_kit-0.3.1.tar.gz ./www/nginx/distinfo ngx_http_geoip2_module-3.3.tar.gz ./www/nginx/distinfo njs-0.5.0.tar.gz ./www/nginx/distinfo set-misc-nginx-module-0.32.tar.gz @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.25 2021/10/07 15:07:11 nia Exp $ @ 1.25 log @www: Remove SHA1 hashes for distfiles @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.24 2021/06/18 13:30:31 nia Exp $ d3 1 a3 1 RMD160 (firefox-68.12.0esr.source.tar.xz) = c7871e1d9f8eaff2c0eaff7c70f49c2488e616f8 @ 1.24 log @firefox68: Fix build with latest NSS. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.23 2020/08/29 18:39:34 nia Exp $ a2 1 SHA1 (firefox-68.12.0esr.source.tar.xz) = 976fae5c3cdee8b7929e4f17eca6cf44513d08b4 @ 1.23 log @firefox68: Update to 68.12.0 Security Vulnerabilities fixed in Firefox ESR 68.12 #CVE-2020-15663: Downgrade attack on the Mozilla Maintenance Service could have resulted in escalation of privilege #CVE-2020-15664: Attacker-induced prompt for extension installation #CVE-2020-15669: Use-After-Free when aborting an operation @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.22 2020/08/07 09:09:48 maya Exp $ d13 7 @ 1.22 log @firefox68: pick up patch-config_makefiles_rust.mk from firefox package. This fixes the build with newer Rust, but probably also helps netbsd releases which had the "dead lock detected" flakiness. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.21 2020/07/29 14:20:30 nia Exp $ d3 4 a6 4 SHA1 (firefox-68.11.0esr.source.tar.xz) = 445acbf7b7b8f75374ee6347bb6f45748511bcf9 RMD160 (firefox-68.11.0esr.source.tar.xz) = 82edab46fe312a47889047fe431784c511684ade SHA512 (firefox-68.11.0esr.source.tar.xz) = 7dcfa4944945bce184b96643a7afbd0cc97c93e4f727695bd5ee1e1745cff89784e68baf109588ef56791211b4b8f5c7c056ae6ac77f54fd00a5af5d5606f23e Size (firefox-68.11.0esr.source.tar.xz) = 321294384 bytes d11 1 a11 1 SHA1 (patch-config_makefiles_rust.mk) = 25502bfbe32877b35c244c2c19d6ee1dd63cb771 @ 1.21 log @firefox68: Update to 68.11.0 Security Vulnerabilities fixed in Firefox ESR 68.11 #CVE-2020-15652: Potential leak of redirect targets when loading scripts in a worker #CVE-2020-6514: WebRTC data channel leaks internal address to peer #CVE-2020-6463: Use-after-free in ANGLE gl::Texture::onUnbindAsSamplerTexture #CVE-2020-15650: Overwriting local files through malicious file picker application #CVE-2020-15649: Exfiltrating local files through malicious file picker application #CVE-2020-15659: Memory safety bugs fixed in Firefox 79 and Firefox ESR 68.11 @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.20 2020/07/15 19:52:23 riastradh Exp $ d11 1 @ 1.20 log @www/firefox68: Add NetBSD support for U2F/FIDO2 security keys. Based on patch submitted upstream: https://github.com/mozilla/authenticator-rs/pull/116 Adapted lightly for firefox68 which had its own copy of an older version of authenticator-rs. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.19 2020/07/07 16:44:11 nia Exp $ d3 4 a6 4 SHA1 (firefox-68.10.0esr.source.tar.xz) = 6c502a8d2379c761250781b313db53d7a270985e RMD160 (firefox-68.10.0esr.source.tar.xz) = 870aaf124f1812018c885ed461fc8541df089b5c SHA512 (firefox-68.10.0esr.source.tar.xz) = c5c1833560364851e7cf8ea51659bc4fb60239b960125cdb20fe31f742d757ffdaef8f314f800dc91214ee8e358033dc2af971c08bbba474ef6158b101881653 Size (firefox-68.10.0esr.source.tar.xz) = 314526224 bytes @ 1.19 log @firefox68: Update to 68.10.0 For anyone curious about the delay: apparently, my ccache cache was corrupted so the build was failing. *sigh* that won't be a problem soon... Security Vulnerabilities fixed in Firefox ESR 68.10 #CVE-2020-12417: Memory corruption due to missing sign-extension for ValueTags on ARM64 #CVE-2020-12418: Information disclosure due to manipulated URL object #CVE-2020-12419: Use-after-free in nsGlobalWindowInner #CVE-2020-12420: Use-After-Free when trying to connect to a STUN server #CVE-2020-12421: Add-On updates did not respect the same certificate trust rules as software updates @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.18 2020/06/17 17:59:25 nia Exp $ d13 7 @ 1.18 log @firefox68: Update distinfo @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.17 2020/06/15 10:04:03 nia Exp $ d3 4 a6 4 SHA1 (firefox-68.9.0esr.source.tar.xz) = ee6406ec1280afc24d4a90c392ff09ff5060686e RMD160 (firefox-68.9.0esr.source.tar.xz) = 6bb287d394768b137d46f4abac9111ba662b9942 SHA512 (firefox-68.9.0esr.source.tar.xz) = 98431800d80f7c680aef9eede29df8217810912a319a7f7f8c2e637c43ecd4f4e29223a417afb2a6315e825f979453ff6e6b5a575649aba5cc63ce5956375bb8 Size (firefox-68.9.0esr.source.tar.xz) = 317469120 bytes @ 1.18.2.1 log @Pullup ticket #6266 - requested by nia www/firefox68: security fix Revisions pulled up: - www/firefox68/Makefile 1.29 - www/firefox68/distinfo 1.19 --- Module Name: pkgsrc Committed By: nia Date: Tue Jul 7 16:44:11 UTC 2020 Modified Files: pkgsrc/www/firefox68: Makefile distinfo Log Message: firefox68: Update to 68.10.0 For anyone curious about the delay: apparently, my ccache cache was corrupted so the build was failing. *sigh* that won't be a problem soon... Security Vulnerabilities fixed in Firefox ESR 68.10 #CVE-2020-12417: Memory corruption due to missing sign-extension for ValueTags on ARM64 #CVE-2020-12418: Information disclosure due to manipulated URL object #CVE-2020-12419: Use-after-free in nsGlobalWindowInner #CVE-2020-12420: Use-After-Free when trying to connect to a STUN server #CVE-2020-12421: Add-On updates did not respect the same certificate trust rules as software updates @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.18 2020/06/17 17:59:25 nia Exp $ d3 4 a6 4 SHA1 (firefox-68.10.0esr.source.tar.xz) = 6c502a8d2379c761250781b313db53d7a270985e RMD160 (firefox-68.10.0esr.source.tar.xz) = 870aaf124f1812018c885ed461fc8541df089b5c SHA512 (firefox-68.10.0esr.source.tar.xz) = c5c1833560364851e7cf8ea51659bc4fb60239b960125cdb20fe31f742d757ffdaef8f314f800dc91214ee8e358033dc2af971c08bbba474ef6158b101881653 Size (firefox-68.10.0esr.source.tar.xz) = 314526224 bytes @ 1.18.2.2 log @Pullup ticket #6287 - requested by nia www/firefox68: security fix Revisions pulled up: - www/firefox68/Makefile 1.31 - www/firefox68/distinfo 1.21 --- Module Name: pkgsrc Committed By: nia Date: Wed Jul 29 14:20:30 UTC 2020 Modified Files: pkgsrc/www/firefox68: Makefile distinfo Log Message: firefox68: Update to 68.11.0 Security Vulnerabilities fixed in Firefox ESR 68.11 #CVE-2020-15652: Potential leak of redirect targets when loading scripts in a worker #CVE-2020-6514: WebRTC data channel leaks internal address to peer #CVE-2020-6463: Use-after-free in ANGLE gl::Texture::onUnbindAsSamplerTexture #CVE-2020-15650: Overwriting local files through malicious file picker application #CVE-2020-15649: Exfiltrating local files through malicious file picker application #CVE-2020-15659: Memory safety bugs fixed in Firefox 79 and Firefox ESR 68.11 @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.18.2.1 2020/07/09 08:07:51 bsiegert Exp $ d3 4 a6 4 SHA1 (firefox-68.11.0esr.source.tar.xz) = 445acbf7b7b8f75374ee6347bb6f45748511bcf9 RMD160 (firefox-68.11.0esr.source.tar.xz) = 82edab46fe312a47889047fe431784c511684ade SHA512 (firefox-68.11.0esr.source.tar.xz) = 7dcfa4944945bce184b96643a7afbd0cc97c93e4f727695bd5ee1e1745cff89784e68baf109588ef56791211b4b8f5c7c056ae6ac77f54fd00a5af5d5606f23e Size (firefox-68.11.0esr.source.tar.xz) = 321294384 bytes @ 1.17 log @firefox68: Remove hack to disable multiprocess mode This was working around the lack of pshared semaphores on older NetBSD releases, and restrictions on which process can destroy semaphores on newer NetBSD releases. However, we've switched to a new NetBSD-exclusive hack in www/firefox where we force the use of the tiled rendering mode. This copies what Firefox does on macOS, which has similar limitations on cross-process semaphores. The discovery of this was a joint effort between maya and me. This avoids several bugs: 1) Multiprocess mode being outright broken on older NetBSD releases 2) Multiprocess mode leaking semaphores and eventually hitting open file limits on newer NetBSD releases Bump PKGREVISION @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.16 2020/06/03 13:00:24 nia Exp $ a17 1 SHA1 (patch-ipc_chromium_src_base_lock__impl__posix.cc) = d84d9b4d416e049423120dcbf9199644ce1c93ab a38 1 SHA1 (patch-xpcom_build_BinaryPath.h) = 92461769d2fee8f015b91a5326247f271afeedea @ 1.16 log @firefox68: Update to 68.9.0 Security Vulnerabilities fixed in Firefox ESR 68.9 #CVE-2020-12399: Timing attack on DSA signatures in NSS library #CVE-2020-12405: Use-after-free in SharedWorkerService #CVE-2020-12406: JavaScript Type confusion with NativeTypes #CVE-2020-12410: Memory safety bugs fixed in Firefox 77 and Firefox ESR 68.9 @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.15 2020/05/09 13:08:01 nia Exp $ d8 1 a8 1 SHA1 (patch-browser_app_profile_firefox.js) = 076cc2892547bac07fe907533f4e821f13f5738e d17 1 a21 2 SHA1 (patch-ipc_glue_CrossProcessSemaphore.h) = 25e24743060acf10c776c6b3b3660f52a2e9fbe8 SHA1 (patch-ipc_glue_CrossProcessSemaphore__posix.cpp) = f8d155ee66008b7cc4052b6a889327543b89e0bb @ 1.15 log @firefox68: Update to 68.8.0 Security Vulnerabilities fixed in Firefox ESR 68.8 #CVE-2020-12387: Use-after-free during worker shutdown #CVE-2020-12388: Sandbox escape with improperly guarded Access Tokens #CVE-2020-12389: Sandbox escape with improperly separated process types #CVE-2020-6831: Buffer overflow in SCTP chunk input validation #CVE-2020-12392: Arbitrary local file access with 'Copy as cURL' #CVE-2020-12393: Devtools' 'Copy as cURL' feature did not fully escape website-controlled data, potentially leading to command injection #CVE-2020-12395: Memory safety bugs fixed in Firefox 76 and Firefox ESR 68.8 @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.14 2020/04/10 10:41:50 nia Exp $ d3 4 a6 4 SHA1 (firefox-68.8.0esr.source.tar.xz) = 291cb48dcbf50030a38a66eca40d9cfcaff9784d RMD160 (firefox-68.8.0esr.source.tar.xz) = d275572b5a35dff01b271285880dff2222f24038 SHA512 (firefox-68.8.0esr.source.tar.xz) = 139a63dc85ae76a50da6be9a31425f97144e6c7e4a65b0f3009a84eb5c8c9566f6bb331e26590f8aecd5045c4d730ab4e848cf7220f3444a31147b5533c742b3 Size (firefox-68.8.0esr.source.tar.xz) = 312602308 bytes d9 1 @ 1.14 log @firefox68: Update to 68.7.0 Security Vulnerabilities fixed in Firefox ESR 68.7 #CVE-2020-6828: Preference overwrite via crafted Intent from malicious Android application #CVE-2020-6827: Custom Tabs in Firefox for Android could have the URI spoofed #CVE-2020-6821: Uninitialized memory could be read when using the WebGL copyTexSubImage method #CVE-2020-6822: Out of bounds write in GMPDecodeData when processing large images #CVE-2020-6825: Memory safety bugs fixed in Firefox 75 and Firefox ESR 68.7 @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.13 2020/04/04 15:26:42 nia Exp $ d3 4 a6 4 SHA1 (firefox-68.7.0esr.source.tar.xz) = 27a2728ac1fff2134f2aae2e411f2266c19db1c2 RMD160 (firefox-68.7.0esr.source.tar.xz) = 2f50d2dc66db24fb628820bdb9b181448c51d561 SHA512 (firefox-68.7.0esr.source.tar.xz) = a3ddcf8ffe5f568b30b1fc9ddcaa5cebe600bf11ce353c09507d5466f999022d45a0dee9a08f53f37b10202a2e2ce4c180743cd6a2ca38dfea1c3e4487b18593 Size (firefox-68.7.0esr.source.tar.xz) = 312235932 bytes @ 1.13 log @firefox68: Update to 68.6.1 Security Vulnerabilities fixed in Firefox 74.0.1 and Firefox ESR 68.6.1 #CVE-2020-6819: Use-after-free while running the nsDocShell destructor #CVE-2020-6820: Use-after-free when handling a ReadableStream @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.12 2020/03/30 19:46:03 joerg Exp $ d3 4 a6 4 SHA1 (firefox-68.6.1esr.source.tar.xz) = 47a3ac24f187f64bdffab42872667cb327f22a81 RMD160 (firefox-68.6.1esr.source.tar.xz) = 0ea4a90102ef0b4d9bb314754fffd4bea7bea2fa SHA512 (firefox-68.6.1esr.source.tar.xz) = 9a3a938021989d99d1c7ca6ca166d6e55a82f70f28e8b12c24b1894d72c23ed13a3e84c17ab2ea55091690775d11613d48595c64de2450e5daa43d28b341f17a Size (firefox-68.6.1esr.source.tar.xz) = 319034884 bytes @ 1.12 log @Fix build with libc++ by making the template wrapper do what it is supposed to do. Don't mess with math.h internals. Honor ressource limit changes during build. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.11 2020/03/12 19:39:35 nia Exp $ d3 4 a6 4 SHA1 (firefox-68.6.0esr.source.tar.xz) = 85d35d0a0190d56585f93c9f117d5c0f52bcbc44 RMD160 (firefox-68.6.0esr.source.tar.xz) = d11d44f5400ca1f5c3b721dd974a77fbf7cf7e7a SHA512 (firefox-68.6.0esr.source.tar.xz) = 84565d654ed8bd2d036d08de4d16e41ae8881f0b20b34424ab347d50a37384acf50c04f74269720e79db28028569dff79f2b910848939ff87c078f36684a75a3 Size (firefox-68.6.0esr.source.tar.xz) = 313814396 bytes @ 1.11 log @firefox68: Update to 68.6.0 While here, - Remove OSS support now that cubeb_sun has been stable for a long while - Appease pkglint Security fixes in this release: #CVE-2020-6805: Use-after-free when removing data about origins #CVE-2020-6806: BodyStream::OnInputStreamReady was missing protections #CVE-2020-6807: Use-after-free in cubeb during stream destruction #CVE-2020-6811: Devtools' 'Copy as cURL' feature did not fully escape #CVE-2019-20503: Out of bounds reads in sctp_load_addresses_from_init #CVE-2020-6812: The names of AirPods with personally identifiable #CVE-2020-6814: Memory safety bugs fixed in Firefox 74 and Firefox ESR 68.6 @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.10 2020/02/15 12:48:22 nia Exp $ d9 1 @ 1.11.2.1 log @Pullup ticket #6150 - requested by nia www/firefox68: security fix Revisions pulled up: - www/firefox68/Makefile 1.16 - www/firefox68/distinfo 1.13 --- Module Name: pkgsrc Committed By: nia Date: Sat Apr 4 15:26:42 UTC 2020 Modified Files: pkgsrc/www/firefox68: Makefile distinfo Log Message: firefox68: Update to 68.6.1 Security Vulnerabilities fixed in Firefox 74.0.1 and Firefox ESR 68.6.1 #CVE-2020-6819: Use-after-free while running the nsDocShell destructor #CVE-2020-6820: Use-after-free when handling a ReadableStream @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.11 2020/03/12 19:39:35 nia Exp $ d3 4 a6 4 SHA1 (firefox-68.6.1esr.source.tar.xz) = 47a3ac24f187f64bdffab42872667cb327f22a81 RMD160 (firefox-68.6.1esr.source.tar.xz) = 0ea4a90102ef0b4d9bb314754fffd4bea7bea2fa SHA512 (firefox-68.6.1esr.source.tar.xz) = 9a3a938021989d99d1c7ca6ca166d6e55a82f70f28e8b12c24b1894d72c23ed13a3e84c17ab2ea55091690775d11613d48595c64de2450e5daa43d28b341f17a Size (firefox-68.6.1esr.source.tar.xz) = 319034884 bytes @ 1.11.2.2 log @Pullup ticket #6155 - requested by nia www/firefox68: security fix Revisions pulled up: - www/firefox68/Makefile 1.17 - www/firefox68/distinfo 1.14 --- Module Name: pkgsrc Committed By: nia Date: Fri Apr 10 10:41:50 UTC 2020 Modified Files: pkgsrc/www/firefox68: Makefile distinfo Log Message: firefox68: Update to 68.7.0 Security Vulnerabilities fixed in Firefox ESR 68.7 #CVE-2020-6828: Preference overwrite via crafted Intent from malicious Android application #CVE-2020-6827: Custom Tabs in Firefox for Android could have the URI spoofed #CVE-2020-6821: Uninitialized memory could be read when using the WebGL copyTexSubImage method #CVE-2020-6822: Out of bounds write in GMPDecodeData when processing large images #CVE-2020-6825: Memory safety bugs fixed in Firefox 75 and Firefox ESR 68.7 @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.11.2.1 2020/04/09 10:53:14 bsiegert Exp $ d3 4 a6 4 SHA1 (firefox-68.7.0esr.source.tar.xz) = 27a2728ac1fff2134f2aae2e411f2266c19db1c2 RMD160 (firefox-68.7.0esr.source.tar.xz) = 2f50d2dc66db24fb628820bdb9b181448c51d561 SHA512 (firefox-68.7.0esr.source.tar.xz) = a3ddcf8ffe5f568b30b1fc9ddcaa5cebe600bf11ce353c09507d5466f999022d45a0dee9a08f53f37b10202a2e2ce4c180743cd6a2ca38dfea1c3e4487b18593 Size (firefox-68.7.0esr.source.tar.xz) = 312235932 bytes @ 1.11.2.3 log @Pullup ticket #6190 - requested by nia www/firefox68: security fix Revisions pulled up: - www/firefox68/Makefile 1.20 - www/firefox68/PLIST 1.6 - www/firefox68/distinfo 1.15 --- Module Name: pkgsrc Committed By: nia Date: Sat May 9 13:08:01 UTC 2020 Modified Files: pkgsrc/www/firefox68: Makefile PLIST distinfo Log Message: firefox68: Update to 68.8.0 Security Vulnerabilities fixed in Firefox ESR 68.8 #CVE-2020-12387: Use-after-free during worker shutdown #CVE-2020-12388: Sandbox escape with improperly guarded Access Tokens #CVE-2020-12389: Sandbox escape with improperly separated process types #CVE-2020-6831: Buffer overflow in SCTP chunk input validation #CVE-2020-12392: Arbitrary local file access with 'Copy as cURL' #CVE-2020-12393: Devtools' 'Copy as cURL' feature did not fully escape website-controlled data, potentially leading to command injection #CVE-2020-12395: Memory safety bugs fixed in Firefox 76 and Firefox ESR 68.8 @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.11.2.2 2020/04/11 12:39:25 bsiegert Exp $ d3 4 a6 4 SHA1 (firefox-68.8.0esr.source.tar.xz) = 291cb48dcbf50030a38a66eca40d9cfcaff9784d RMD160 (firefox-68.8.0esr.source.tar.xz) = d275572b5a35dff01b271285880dff2222f24038 SHA512 (firefox-68.8.0esr.source.tar.xz) = 139a63dc85ae76a50da6be9a31425f97144e6c7e4a65b0f3009a84eb5c8c9566f6bb331e26590f8aecd5045c4d730ab4e848cf7220f3444a31147b5533c742b3 Size (firefox-68.8.0esr.source.tar.xz) = 312602308 bytes @ 1.11.2.4 log @Pullup ticket #6220 - requested by nia www/firefox68: security fix Revisions pulled up: - www/firefox68/Makefile 1.22 - www/firefox68/distinfo 1.16 - www/firefox68/patches/patch-build_moz.configure_rust.configure 1.1 --- Module Name: pkgsrc Committed By: nia Date: Wed Jun 3 13:00:24 UTC 2020 Modified Files: pkgsrc/www/firefox68: Makefile distinfo Added Files: pkgsrc/www/firefox68/patches: patch-build_moz.configure_rust.configure Log Message: firefox68: Update to 68.9.0 Security Vulnerabilities fixed in Firefox ESR 68.9 #CVE-2020-12399: Timing attack on DSA signatures in NSS library #CVE-2020-12405: Use-after-free in SharedWorkerService #CVE-2020-12406: JavaScript Type confusion with NativeTypes #CVE-2020-12410: Memory safety bugs fixed in Firefox 77 and Firefox ESR 68.9 @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.11.2.3 2020/05/13 13:40:16 bsiegert Exp $ d3 4 a6 4 SHA1 (firefox-68.9.0esr.source.tar.xz) = ee6406ec1280afc24d4a90c392ff09ff5060686e RMD160 (firefox-68.9.0esr.source.tar.xz) = 6bb287d394768b137d46f4abac9111ba662b9942 SHA512 (firefox-68.9.0esr.source.tar.xz) = 98431800d80f7c680aef9eede29df8217810912a319a7f7f8c2e637c43ecd4f4e29223a417afb2a6315e825f979453ff6e6b5a575649aba5cc63ce5956375bb8 Size (firefox-68.9.0esr.source.tar.xz) = 317469120 bytes a8 2 SHA1 (patch-build_moz.configure_rust.configure) = b57a9b1451dc426d75774f73d7c05fc98fe6e317 SHA1 (patch-config_gcc-stl-wrapper.template.h) = 11b45e0c7a9399c5b74b170648280a388dd67d89 @ 1.10 log @firefox68: Update to 68.5.0 Security Vulnerabilities fixed in Firefox ESR68.5 # CVE-2020-6796: Missing bounds check on shared memory read in the parent process # CVE-2020-6797: Extensions granted downloads.open permission could open arbitrary applications on Mac OSX # CVE-2020-6798: Incorrect parsing of template tag could result in JavaScript injection # CVE-2020-6799: Arbitrary code execution when opening pdf links from other applications, when Firefox is configured as default pdf reader Note: This issue only affects Windows operating systems and when Firefox is configured as the default handler for non-default filetypes. Other operating systems are unaffected. # CVE-2020-6800: Memory safety bugs fixed in Firefox 73 and Firefox ESR 68.5 @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.9 2020/02/08 22:06:38 kamil Exp $ d3 5 a7 5 SHA1 (firefox-68.5.0esr.source.tar.xz) = 5e74dc0335b09819b24285d23e7746ca70af1dae RMD160 (firefox-68.5.0esr.source.tar.xz) = 34b2446b42e98de3e9f5798466bd4f49375dd44a SHA512 (firefox-68.5.0esr.source.tar.xz) = 0acf4ecd47bccf062ab330231e36355f5d84e66ab411f653ae3160583613840925bb473c0f7dfa4b15311a543940293c4633516851c9466c4b0133c9271710d3 Size (firefox-68.5.0esr.source.tar.xz) = 314176068 bytes SHA1 (patch-aa) = 1f292aae7d37bd480ba834324b737bfebee52503 a8 1 SHA1 (patch-build_moz.configure_old.configure) = 05963b12fd908d90e3378b30cff7e48291b8a447 d10 1 a10 1 SHA1 (patch-dom_media_CubebUtils.cpp) = b1b4f981c4bede877e3bd092d2648d4b8cbc73a5 d26 1 a26 1 SHA1 (patch-media_libcubeb_src_cubeb.c) = e3446562ed16ec9643df42ee0b9c46ee91f22913 d28 2 a29 3 SHA1 (patch-media_libcubeb_src_cubeb__oss.c) = 103f751d5a7bc14a81a6ed43e1afc722bc092f7e SHA1 (patch-media_libcubeb_src_moz.build) = dcca90cb5132442877712cd7b1f4e832c93d2655 SHA1 (patch-media_libcubeb_update.sh) = 4508319d8534a0cc983e4767c2142169af9e5033 d33 1 a33 1 SHA1 (patch-toolkit_library_moz.build) = 102e3713552c26f76e8b4e473846bb8fbc44b278 @ 1.9 log @firefox68: Workaround broken pthread_equal() usage Switch to an internal version of pthread_equal() without sanity checks. Problems detected on NetBSD 9.99.46. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.8 2020/01/22 13:36:27 ryoon Exp $ d3 4 a6 4 SHA1 (firefox-68.4.2esr.source.tar.xz) = 005701cf6dda606500dfd1bdc5158c0dff8329aa RMD160 (firefox-68.4.2esr.source.tar.xz) = 177b128696b1d55e19ffb57029c325c8de3d59b5 SHA512 (firefox-68.4.2esr.source.tar.xz) = e13bb141ad1c138cd9d8dd5d6996224ebe146ce08f0ad9cd37a20a85e8cd33db14e6bf1ab055aab7d3ae6f204ed2cb1ee02d5e6fb3d94778098156e1a46b7d6c Size (firefox-68.4.2esr.source.tar.xz) = 318429980 bytes @ 1.8 log @firefox68: Update to 68.4.2 Changelog: Fixed Fixed various issues opening files with spaces in their path (bug 1601905, bug 1602726) @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.7 2020/01/09 20:51:59 nia Exp $ d33 1 @ 1.7 log @firefox68: Update to 68.4.1 This release fixes one zero-day vulnerability: CVE-2019-17026: IonMonkey type confusion with StoreElementHole and FallibleStoreElement Incorrect alias information in IonMonkey JIT compiler for setting array elements could lead to a type confusion. We are aware of targeted attacks in the wild abusing this flaw @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.6 2020/01/08 21:49:32 nia Exp $ d3 4 a6 4 SHA1 (firefox-68.4.1esr.source.tar.xz) = f11c0ecc0f17435149a2bce83f490bbd329e276d RMD160 (firefox-68.4.1esr.source.tar.xz) = 78098317b75b079a475a0bcb8a5f012178c1a643 SHA512 (firefox-68.4.1esr.source.tar.xz) = 8dd85096f1223b2ab396cc3b89a9f1b113f01ce8919af08a278d077cc4380c108a66b6379c75d85311aa3c54a7804f4d51f718b309fe107ff7c44aca7e4386ed Size (firefox-68.4.1esr.source.tar.xz) = 318559576 bytes @ 1.6 log @firefox68: Update to 68.4.0 Security Vulnerabilities fixed in Firefox ESR 68.4: # CVE-2019-17015: Memory corruption in parent process during new content process initialization on Windows # CVE-2019-17016: Bypass of @@namespace CSS sanitization during pasting # CVE-2019-17017: Type Confusion in XPCVariant.cpp # CVE-2019-17021: Heap address disclosure in parent process during content process initialization on Windows # CVE-2019-17022: CSS sanitization does not escape HTML tags # CVE-2019-17024: Memory safety bugs fixed in Firefox 72 and Firefox ESR 68.4 @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.5 2019/12/08 20:09:41 nia Exp $ d3 4 a6 4 SHA1 (firefox-68.4.0esr.source.tar.xz) = 363c3e0bd0158285075985a826e62ac644ba594c RMD160 (firefox-68.4.0esr.source.tar.xz) = e2cbdf0a0226e9b846bd67253abeb4cd1583f16d SHA512 (firefox-68.4.0esr.source.tar.xz) = 0460d77c5407f2bbbbc9ea1e1c86344bed70d14c050315ce982a9475c519f6350e465fea8638657919068e05fb88a74eb451c649b50059cba6996512a93a0093 Size (firefox-68.4.0esr.source.tar.xz) = 321283916 bytes @ 1.5 log @firefox68: Update to 68.3.0 pkgsrc changes: - Fixed building with wayland libs installed Security fixes: - CVE-2019-17008: Use-after-free in worker destruction - CVE-2019-13722: Stack corruption due to incorrect number of arguments in WebRTC code - CVE-2019-11745: Out of bounds write in NSS when encrypting with a block cipher - CVE-2019-17009: Updater temporary files accessible to unprivileged processes - CVE-2019-17010: Use-after-free when performing device orientation checks - CVE-2019-17005: Buffer overflow in plain text serializer - CVE-2019-17011: Use-after-free when retrieving a document in antitracking - CVE-2019-17012: Memory safety bugs fixed in Firefox 71 and Firefox ESR 68.3 @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.4 2019/11/27 16:22:27 jakllsch Exp $ d3 4 a6 4 SHA1 (firefox-68.3.0esr.source.tar.xz) = 220c262c5cb2ee81d29c58a5afe4522c9880cf2b RMD160 (firefox-68.3.0esr.source.tar.xz) = 7cf26bd69a7414cdd78ab196e9add78b7235ef7c SHA512 (firefox-68.3.0esr.source.tar.xz) = f99a4a18aa1b4472152fc6de68ef56ee071c1adfc70a907c10943f8436758c9adc0fe05a90b894ea521cc0c30782e6e2c29f04747d7edf3e55080fa0c4ebf8c3 Size (firefox-68.3.0esr.source.tar.xz) = 312378276 bytes a32 1 SHA1 (patch-rust-1.39.0) = 73f41832022fb42c6d84131b6daf9396a1fea284 @ 1.5.4.1 log @Pullup ticket #6113 - requested by nia www/firefox68: security fix (zero-day) Revisions pulled up: - www/firefox68/Makefile 1.7-1.8 - www/firefox68/distinfo 1.6-1.7 - www/firefox68/patches/patch-rust-1.39.0 deleted --- Module Name: pkgsrc Committed By: nia Date: Wed Jan 8 21:49:32 UTC 2020 Modified Files: pkgsrc/www/firefox68: Makefile distinfo Removed Files: pkgsrc/www/firefox68/patches: patch-rust-1.39.0 Log Message: firefox68: Update to 68.4.0 Security Vulnerabilities fixed in Firefox ESR 68.4: # CVE-2019-17015: Memory corruption in parent process during new content process initialization on Windows # CVE-2019-17016: Bypass of @@namespace CSS sanitization during pasting # CVE-2019-17017: Type Confusion in XPCVariant.cpp # CVE-2019-17021: Heap address disclosure in parent process during content process initialization on Windows # CVE-2019-17022: CSS sanitization does not escape HTML tags # CVE-2019-17024: Memory safety bugs fixed in Firefox 72 and Firefox ESR 68.4 --- Module Name: pkgsrc Committed By: nia Date: Thu Jan 9 20:51:59 UTC 2020 Modified Files: pkgsrc/www/firefox68: Makefile distinfo Log Message: firefox68: Update to 68.4.1 This release fixes one zero-day vulnerability: CVE-2019-17026: IonMonkey type confusion with StoreElementHole and FallibleStoreElement Incorrect alias information in IonMonkey JIT compiler for setting array elements could lead to a type confusion. We are aware of targeted attacks in the wild abusing this flaw @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.5 2019/12/08 20:09:41 nia Exp $ d3 4 a6 4 SHA1 (firefox-68.4.1esr.source.tar.xz) = f11c0ecc0f17435149a2bce83f490bbd329e276d RMD160 (firefox-68.4.1esr.source.tar.xz) = 78098317b75b079a475a0bcb8a5f012178c1a643 SHA512 (firefox-68.4.1esr.source.tar.xz) = 8dd85096f1223b2ab396cc3b89a9f1b113f01ce8919af08a278d077cc4380c108a66b6379c75d85311aa3c54a7804f4d51f718b309fe107ff7c44aca7e4386ed Size (firefox-68.4.1esr.source.tar.xz) = 318559576 bytes d33 1 @ 1.5.4.2 log @Pullup ticket #6134 - requested by nia www/firefox68: security fix Revisions pulled up: - www/firefox68/Makefile 1.12 - www/firefox68/PLIST 1.4 - www/firefox68/distinfo 1.10 --- Module Name: pkgsrc Committed By: nia Date: Sat Feb 15 12:48:22 UTC 2020 Modified Files: pkgsrc/www/firefox68: Makefile PLIST distinfo Log Message: firefox68: Update to 68.5.0 Security Vulnerabilities fixed in Firefox ESR68.5 # CVE-2020-6796: Missing bounds check on shared memory read in the parent process # CVE-2020-6797: Extensions granted downloads.open permission could open arbitrary applications on Mac OSX # CVE-2020-6798: Incorrect parsing of template tag could result in JavaScript injection # CVE-2020-6799: Arbitrary code execution when opening pdf links from other applications, when Firefox is configured as default pdf reader Note: This issue only affects Windows operating systems and when Firefox is configured as the default handler for non-default filetypes. Other operating systems are unaffected. # CVE-2020-6800: Memory safety bugs fixed in Firefox 73 and Firefox ESR 68.5 @ text @d1 1 a1 1 $NetBSD$ d3 4 a6 4 SHA1 (firefox-68.5.0esr.source.tar.xz) = 5e74dc0335b09819b24285d23e7746ca70af1dae RMD160 (firefox-68.5.0esr.source.tar.xz) = 34b2446b42e98de3e9f5798466bd4f49375dd44a SHA512 (firefox-68.5.0esr.source.tar.xz) = 0acf4ecd47bccf062ab330231e36355f5d84e66ab411f653ae3160583613840925bb473c0f7dfa4b15311a543940293c4633516851c9466c4b0133c9271710d3 Size (firefox-68.5.0esr.source.tar.xz) = 314176068 bytes @ 1.5.4.3 log @Pullup ticket #6145 - requested by nia www/firefox68: security fix Revisions pulled up: - www/firefox68/Makefile 1.15 - www/firefox68/PLIST 1.5 - www/firefox68/distinfo 1.11 - www/firefox68/mozilla-common.mk 1.7 - www/firefox68/options.mk 1.8 - www/firefox68/patches/patch-aa 1.2 - www/firefox68/patches/patch-build_moz.configure_old.configure deleted - www/firefox68/patches/patch-dom_media_CubebUtils.cpp 1.2 - www/firefox68/patches/patch-media_libcubeb_src_cubeb.c 1.2 - www/firefox68/patches/patch-media_libcubeb_src_cubeb__oss.c deleted - www/firefox68/patches/patch-media_libcubeb_src_moz.build 1.2 - www/firefox68/patches/patch-media_libcubeb_update.sh 1.2 - www/firefox68/patches/patch-toolkit_library_moz.build 1.2 --- Module Name: pkgsrc Committed By: nia Date: Thu Mar 12 19:39:35 UTC 2020 Modified Files: pkgsrc/www/firefox68: Makefile PLIST distinfo mozilla-common.mk options.mk pkgsrc/www/firefox68/patches: patch-aa patch-dom_media_CubebUtils.cpp patch-media_libcubeb_src_cubeb.c patch-media_libcubeb_src_moz.build patch-media_libcubeb_update.sh patch-toolkit_library_moz.build Removed Files: pkgsrc/www/firefox68/patches: patch-build_moz.configure_old.configure patch-media_libcubeb_src_cubeb__oss.c Log Message: firefox68: Update to 68.6.0 While here, - Remove OSS support now that cubeb_sun has been stable for a long while - Appease pkglint Security fixes in this release: #CVE-2020-6805: Use-after-free when removing data about origins #CVE-2020-6806: BodyStream::OnInputStreamReady was missing protections #CVE-2020-6807: Use-after-free in cubeb during stream destruction #CVE-2020-6811: Devtools' 'Copy as cURL' feature did not fully escape #CVE-2019-20503: Out of bounds reads in sctp_load_addresses_from_init #CVE-2020-6812: The names of AirPods with personally identifiable #CVE-2020-6814: Memory safety bugs fixed in Firefox 74 and Firefox ESR 68.6 @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.5.4.2 2020/02/23 11:50:10 bsiegert Exp $ d3 5 a7 5 SHA1 (firefox-68.6.0esr.source.tar.xz) = 85d35d0a0190d56585f93c9f117d5c0f52bcbc44 RMD160 (firefox-68.6.0esr.source.tar.xz) = d11d44f5400ca1f5c3b721dd974a77fbf7cf7e7a SHA512 (firefox-68.6.0esr.source.tar.xz) = 84565d654ed8bd2d036d08de4d16e41ae8881f0b20b34424ab347d50a37384acf50c04f74269720e79db28028569dff79f2b910848939ff87c078f36684a75a3 Size (firefox-68.6.0esr.source.tar.xz) = 313814396 bytes SHA1 (patch-aa) = 9f7200c411cd2217a80ec10a276c8877bc6b845c d9 1 d11 1 a11 1 SHA1 (patch-dom_media_CubebUtils.cpp) = 3cd2c65ab281d802c56216565970450767a3fb24 d27 1 a27 1 SHA1 (patch-media_libcubeb_src_cubeb.c) = dcc173f0bef8b7b12c45739bf04577f3292a517e d29 3 a31 2 SHA1 (patch-media_libcubeb_src_moz.build) = 7d66d9e0d7129b2106885201f88355262ee1a22a SHA1 (patch-media_libcubeb_update.sh) = 8dcc4ca8e2812b4063f28e5d6308abbee0b1c9d9 d34 1 a34 1 SHA1 (patch-toolkit_library_moz.build) = 57516a1cc888fdbaf39ba90f73e5de488ad1f01e @ 1.4 log @Arm64 build fix, from me via jmcneill@@ and www/firefox @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.3 2019/11/18 12:09:15 ryoon Exp $ d3 4 a6 4 SHA1 (firefox-68.2.0esr.source.tar.xz) = 19815556c558a99ea76b4abb357eddb684cfd05a RMD160 (firefox-68.2.0esr.source.tar.xz) = 25c7447814adb99efea7632b539312becd3b9096 SHA512 (firefox-68.2.0esr.source.tar.xz) = f6522ca6b9efa3fdeb866912ab9cb904eaace5806c606d5721cba23aebd679885670011c743ca8d381b579b728077182dc766f9b6d3b31ccf51c3eb583c547ee Size (firefox-68.2.0esr.source.tar.xz) = 312103756 bytes @ 1.3 log @Fix build with Rust 1.39.0, bump PKGREVISION @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.2 2019/11/05 17:14:30 ryoon Exp $ d25 1 @ 1.2 log @Update to 68.2.0 with patch from Piotr Meyer Changelog: Security fixes: #CVE-2019-15903: Heap overflow in expat library in XML_GetCurrentLineNumber #CVE-2019-11757: Use-after-free when creating index updates in IndexedDB #CVE-2019-11758: Potentially exploitable crash due to 360 Total Security #CVE-2019-11759: Stack buffer overflow in HKDF output #CVE-2019-11760: Stack buffer overflow in WebRTC networking #CVE-2019-11761: Unintended access to a privileged JSONView object #CVE-2019-11762: document.domain-based origin isolation has same-origin-property violation #CVE-2019-11763: Incorrect HTML parsing results in XSS bypass technique #CVE-2019-11764: Memory safety bugs fixed in Firefox 70 and Firefox ESR 68.2 @ text @d1 1 a1 1 $NetBSD$ d32 1 @ 1.1 log @www/firefox68: import firefox68-68.1.0 Mozilla Firefox is a free, open-source and cross-platform web browser for Windows, Linux, MacOS X and many other operating systems. It is fast and easy to use, and offers many advantages over other web browsers, such as tabbed browsing and the ability to block pop-up windows. Firefox also offers excellent bookmark and history management, and it can be extended by developers using industry standards such as XML, CSS, JavaScript, C++, etc. Many extensions are available. This package provides Firefox 68 ESR. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.364 2019/08/16 14:04:18 ryoon Exp $ d3 4 a6 4 SHA1 (firefox-68.1.0esr.source.tar.xz) = c24f8036294edba40fd36f52a9dbe2cfe30cd229 RMD160 (firefox-68.1.0esr.source.tar.xz) = e1088f9a8b70878d8951010879a920c4c2126955 SHA512 (firefox-68.1.0esr.source.tar.xz) = a53b04b6a4fc98065596117b6bc0aee40c36f74bca02dc7486fda7e9556ad6f221f5ead94db1dc5db572f277556a21b22a0395dae107b67336ca91e33df9882c Size (firefox-68.1.0esr.source.tar.xz) = 312155752 bytes @ 1.1.2.1 log @Pullup ticket #6090 - requested by nia www/firefox68: security fix Revisions pulled up: - www/firefox68/Makefile 1.3 - www/firefox68/PLIST 1.2 - www/firefox68/distinfo 1.2 --- Module Name: pkgsrc Committed By: ryoon Date: Tue Nov 5 17:14:30 UTC 2019 Modified Files: pkgsrc/www/firefox68: Makefile PLIST distinfo Log Message: Update to 68.2.0 with patch from Piotr Meyer Changelog: Security fixes: #CVE-2019-15903: Heap overflow in expat library in XML_GetCurrentLineNumber #CVE-2019-11757: Use-after-free when creating index updates in IndexedDB #CVE-2019-11758: Potentially exploitable crash due to 360 Total Security #CVE-2019-11759: Stack buffer overflow in HKDF output #CVE-2019-11760: Stack buffer overflow in WebRTC networking #CVE-2019-11761: Unintended access to a privileged JSONView object #CVE-2019-11762: document.domain-based origin isolation has same-origin-property violation #CVE-2019-11763: Incorrect HTML parsing results in XSS bypass technique #CVE-2019-11764: Memory safety bugs fixed in Firefox 70 and Firefox ESR 68.2 @ text @d1 1 a1 1 $NetBSD$ d3 4 a6 4 SHA1 (firefox-68.2.0esr.source.tar.xz) = 19815556c558a99ea76b4abb357eddb684cfd05a RMD160 (firefox-68.2.0esr.source.tar.xz) = 25c7447814adb99efea7632b539312becd3b9096 SHA512 (firefox-68.2.0esr.source.tar.xz) = f6522ca6b9efa3fdeb866912ab9cb904eaace5806c606d5721cba23aebd679885670011c743ca8d381b579b728077182dc766f9b6d3b31ccf51c3eb583c547ee Size (firefox-68.2.0esr.source.tar.xz) = 312103756 bytes @