head 1.2; access; symbols pkgsrc-2018Q2:1.1.0.6 pkgsrc-2018Q2-base:1.1 pkgsrc-2018Q1:1.1.0.4 pkgsrc-2018Q1-base:1.1 pkgsrc-2017Q4:1.1.0.2; locks; strict; comment @# @; 1.2 date 2018.07.26.11.30.01; author wiz; state dead; branches; next 1.1; commitid Suq8N13pbqoCEDLA; 1.1 date 2018.03.17.00.06.17; author maya; state Exp; branches 1.1.2.1; next ; commitid puMT1QKfuc1Y4KuA; 1.1.2.1 date 2018.03.17.00.06.17; author spz; state dead; branches; next 1.1.2.2; commitid xNPInKLdLv6MPmvA; 1.1.2.2 date 2018.03.21.20.49.56; author spz; state Exp; branches; next ; commitid xNPInKLdLv6MPmvA; desc @@ 1.2 log @seamonkey: remove patch that is already included in upstream @ text @$NetBSD: patch-CVE-2018-5147,v 1.1 2018/03/17 00:06:17 maya Exp $ CVE-2018-5147: Prevent out-of-bounds write in codebook decoding. Codebooks that are not an exact divisor of the partition size are now truncated to fit within the partition. --- mozilla/media/libtremor/lib/tremor_codebook.c.orig 2018-02-05 11:49:21.000000000 +0000 +++ mozilla/media/libtremor/lib/tremor_codebook.c @@@@ -258,7 +258,7 @@@@ long vorbis_book_decodevs_add(codebook * t[i] = book->valuelist+entry[i]*book->dim; } for(i=0,o=0;idim;i++,o+=step) - for (j=0;j>shift; }else{ for (i = 0; i < step; i++) { @@@@ -267,7 +267,7 @@@@ long vorbis_book_decodevs_add(codebook * t[i] = book->valuelist+entry[i]*book->dim; } for(i=0,o=0;idim;i++,o+=step) - for (j=0;jvaluelist+entry*book->dim; - for (j=0;jdim;) + for (j=0;idim;) a[i++]+=t[j++]>>shift; } }else{ @@@@ -295,7 +295,7 @@@@ long vorbis_book_decodev_add(codebook *b entry = decode_packed_entry_number(book,b); if(entry==-1)return(-1); t = book->valuelist+entry*book->dim; - for (j=0;jdim;) + for (j=0;idim;) a[i++]+=t[j++]<<-shift; } } @@@@ -352,15 +352,15 @@@@ long vorbis_book_decodevv_add(codebook * long i,j,entry; int chptr=0; int shift=point-book->binarypoint; - + int m=offset+n; if(shift>=0){ - for(i=offset;ivaluelist+entry*book->dim; - for (j=0;jdim;j++){ + for (j=0;idim;j++){ a[chptr++][i]+=t[j]>>shift; if(chptr==ch){ chptr=0; @@@@ -371,12 +371,12 @@@@ long vorbis_book_decodevv_add(codebook * } }else{ - for(i=offset;ivaluelist+entry*book->dim; - for (j=0;jdim;j++){ + for (j=0;idim;j++){ a[chptr++][i]+=t[j]<<-shift; if(chptr==ch){ chptr=0; @ 1.1 log @seamonkey: also provide patch for tremor (i.e. relevant for ARM) vulnerability Also backported upstream after the release: https://hg.mozilla.org/releases/mozilla-esr52/rev/5cd5586a2f48 PKGREVISION++ @ text @d1 1 a1 1 $NetBSD$ @ 1.1.2.1 log @file patch-CVE-2018-5147 was added on branch pkgsrc-2017Q4 on 2018-03-21 20:49:56 +0000 @ text @d1 79 @ 1.1.2.2 log @Pullup ticket #5726 - requested by maya www/seamonkey-l10n: security patch www/seamonkey: security patch Revisions pulled up: - www/seamonkey-l10n/Makefile 1.42 - www/seamonkey-l10n/distinfo 1.40 - www/seamonkey/Makefile 1.170,1.172-1.173 - www/seamonkey/PLIST 1.60 - www/seamonkey/distinfo 1.148-1.150 - www/seamonkey/patches/patch-CVE-2018-5146 1.1 - www/seamonkey/patches/patch-CVE-2018-5147 1.1 ------------------------------------------------------------------- Module Name: pkgsrc Committed By: ryoon Date: Sat Mar 3 22:14:41 UTC 2018 Modified Files: pkgsrc/www/seamonkey: Makefile PLIST distinfo Log Message: Update to 2.49.2 Changelog: * Based on Firefox 52.6 and Thunderbird 52.6 To generate a diff of this commit: cvs rdiff -u -r1.169 -r1.170 pkgsrc/www/seamonkey/Makefile cvs rdiff -u -r1.59 -r1.60 pkgsrc/www/seamonkey/PLIST cvs rdiff -u -r1.147 -r1.148 pkgsrc/www/seamonkey/distinfo ------------------------------------------------------------------- Module Name: pkgsrc Committed By: ryoon Date: Sat Mar 3 22:15:36 UTC 2018 Modified Files: pkgsrc/www/seamonkey-l10n: Makefile distinfo Log Message: Update to 2.49.2 Sync with www/seamonkey-2.49.2 To generate a diff of this commit: cvs rdiff -u -r1.41 -r1.42 pkgsrc/www/seamonkey-l10n/Makefile cvs rdiff -u -r1.39 -r1.40 pkgsrc/www/seamonkey-l10n/distinfo ------------------------------------------------------------------- Module Name: pkgsrc Committed By: maya Date: Fri Mar 16 23:25:56 UTC 2018 Modified Files: pkgsrc/www/seamonkey: Makefile distinfo Added Files: pkgsrc/www/seamonkey/patches: patch-CVE-2018-5146 Log Message: seamonkey: apply patch from firefox52 to fix CVE-2018-5146 remote code execution via ogg files. Note firefox52 nor this patches tremor, so the vulnerability still exists for ARM (which uses tremor rather than vorbis). Blind commit. I don't have the resources to build so many firefoxes. However it is based off firefox52. PKGREVISION++ To generate a diff of this commit: cvs rdiff -u -r1.171 -r1.172 pkgsrc/www/seamonkey/Makefile cvs rdiff -u -r1.148 -r1.149 pkgsrc/www/seamonkey/distinfo cvs rdiff -u -r0 -r1.1 pkgsrc/www/seamonkey/patches/patch-CVE-2018-5146 ------------------------------------------------------------------- Module Name: pkgsrc Committed By: maya Date: Sat Mar 17 00:06:17 UTC 2018 Modified Files: pkgsrc/www/seamonkey: Makefile distinfo Added Files: pkgsrc/www/seamonkey/patches: patch-CVE-2018-5147 Log Message: seamonkey: also provide patch for tremor (i.e. relevant for ARM) vulnerability Also backported upstream after the release: https://hg.mozilla.org/releases/mozilla-esr52/rev/5cd5586a2f48 PKGREVISION++ To generate a diff of this commit: cvs rdiff -u -r1.172 -r1.173 pkgsrc/www/seamonkey/Makefile cvs rdiff -u -r1.149 -r1.150 pkgsrc/www/seamonkey/distinfo cvs rdiff -u -r0 -r1.1 pkgsrc/www/seamonkey/patches/patch-CVE-2018-5147 @ text @a0 79 $NetBSD$ CVE-2018-5147: Prevent out-of-bounds write in codebook decoding. Codebooks that are not an exact divisor of the partition size are now truncated to fit within the partition. --- mozilla/media/libtremor/lib/tremor_codebook.c.orig 2018-02-05 11:49:21.000000000 +0000 +++ mozilla/media/libtremor/lib/tremor_codebook.c @@@@ -258,7 +258,7 @@@@ long vorbis_book_decodevs_add(codebook * t[i] = book->valuelist+entry[i]*book->dim; } for(i=0,o=0;idim;i++,o+=step) - for (j=0;j>shift; }else{ for (i = 0; i < step; i++) { @@@@ -267,7 +267,7 @@@@ long vorbis_book_decodevs_add(codebook * t[i] = book->valuelist+entry[i]*book->dim; } for(i=0,o=0;idim;i++,o+=step) - for (j=0;jvaluelist+entry*book->dim; - for (j=0;jdim;) + for (j=0;idim;) a[i++]+=t[j++]>>shift; } }else{ @@@@ -295,7 +295,7 @@@@ long vorbis_book_decodev_add(codebook *b entry = decode_packed_entry_number(book,b); if(entry==-1)return(-1); t = book->valuelist+entry*book->dim; - for (j=0;jdim;) + for (j=0;idim;) a[i++]+=t[j++]<<-shift; } } @@@@ -352,15 +352,15 @@@@ long vorbis_book_decodevv_add(codebook * long i,j,entry; int chptr=0; int shift=point-book->binarypoint; - + int m=offset+n; if(shift>=0){ - for(i=offset;ivaluelist+entry*book->dim; - for (j=0;jdim;j++){ + for (j=0;idim;j++){ a[chptr++][i]+=t[j]>>shift; if(chptr==ch){ chptr=0; @@@@ -371,12 +371,12 @@@@ long vorbis_book_decodevv_add(codebook * } }else{ - for(i=offset;ivaluelist+entry*book->dim; - for (j=0;jdim;j++){ + for (j=0;idim;j++){ a[chptr++][i]+=t[j]<<-shift; if(chptr==ch){ chptr=0; @