The NetBSD Project

CVS log for pkgsrc/www/firefox91/Makefile

[BACK] Up to [cvs.NetBSD.org] / pkgsrc / www / firefox91

Request diff between arbitrary revisions


Default branch: MAIN


Revision 1.31 / (download) - annotate - [select for diffs], Sun Jan 29 21:18:03 2023 UTC (36 hours, 53 minutes ago) by ryoon
Branch: MAIN
CVS Tags: HEAD
Changes since 1.30: +2 -2 lines
Diff to previous 1.30 (colored)

*: Recursive revbup from graphics/freetype2

Revision 1.30 / (download) - annotate - [select for diffs], Tue Jan 3 17:38:24 2023 UTC (3 weeks, 6 days ago) by wiz
Branch: MAIN
Changes since 1.29: +2 -2 lines
Diff to previous 1.29 (colored)

*: recursive bump for tiff shlib major bump

Revision 1.29 / (download) - annotate - [select for diffs], Sat Dec 10 09:25:58 2022 UTC (7 weeks, 3 days ago) by abs
Branch: MAIN
CVS Tags: pkgsrc-2022Q4-base, pkgsrc-2022Q4
Changes since 1.28: +2 -2 lines
Diff to previous 1.28 (colored)

Fix build with rust 1.64.0 and its stricter borrow checker

(Most excellent patch from adam@ - we get firefox91 back!)

Bump PKGREVISION

Revision 1.28 / (download) - annotate - [select for diffs], Wed Nov 23 16:21:19 2022 UTC (2 months, 1 week ago) by adam
Branch: MAIN
Changes since 1.27: +2 -2 lines
Diff to previous 1.27 (colored)

massive revision bump after textproc/icu update

Revision 1.27 / (download) - annotate - [select for diffs], Tue Sep 27 20:58:28 2022 UTC (4 months ago) by wiz
Branch: MAIN
Changes since 1.26: +2 -2 lines
Diff to previous 1.26 (colored)

*: recursive bump for ffmpeg4 switch to x264

Revision 1.19.2.2 / (download) - annotate - [select for diffs], Tue Sep 20 18:31:28 2022 UTC (4 months, 1 week ago) by bsiegert
Branch: pkgsrc-2022Q2
Changes since 1.19.2.1: +2 -2 lines
Diff to previous 1.19.2.1 (colored) to branchpoint 1.19 (colored) next main 1.20 (colored)

Pullup ticket #6670 - requested by nia
www/firefox91: security fix
www/firefox91-l10n: dependent update

Revisions pulled up:
- www/firefox91-l10n/Makefile                                   1.15
- www/firefox91-l10n/distinfo                                   1.17
- www/firefox91/Makefile                                        1.25
- www/firefox91/distinfo                                        1.17

---
   Module Name:	pkgsrc
   Committed By:	nia
   Date:		Tue Sep  6 15:38:35 UTC 2022

   Modified Files:
   	pkgsrc/www/firefox91: Makefile distinfo
   	pkgsrc/www/firefox91-l10n: Makefile distinfo

   Log Message:
   firefox91: update to 91.13.0

   Security Vulnerabilities fixed in Firefox ESR 91.13

       #CVE-2022-38472: Address bar spoofing via XSLT error handling

       #CVE-2022-38473: Cross-origin XSLT Documents would have inherited the
       parent's permissions

       #CVE-2022-38478: Memory safety bugs fixed in Firefox 104, Firefox ESR 102.2,
       and Firefox ESR 91.13

Revision 1.26 / (download) - annotate - [select for diffs], Sun Sep 11 12:52:09 2022 UTC (4 months, 2 weeks ago) by wiz
Branch: MAIN
CVS Tags: pkgsrc-2022Q3-base, pkgsrc-2022Q3
Changes since 1.25: +2 -1 lines
Diff to previous 1.25 (colored)

*: bump PKGREVISION for flac shlib bump

Revision 1.25 / (download) - annotate - [select for diffs], Tue Sep 6 15:38:35 2022 UTC (4 months, 3 weeks ago) by nia
Branch: MAIN
Changes since 1.24: +2 -3 lines
Diff to previous 1.24 (colored)

firefox91: update to 91.13.0

Security Vulnerabilities fixed in Firefox ESR 91.13

    #CVE-2022-38472: Address bar spoofing via XSLT error handling

    #CVE-2022-38473: Cross-origin XSLT Documents would have inherited the
    parent's permissions

    #CVE-2022-38478: Memory safety bugs fixed in Firefox 104, Firefox ESR 102.2,
    and Firefox ESR 91.13

Revision 1.24 / (download) - annotate - [select for diffs], Thu Aug 11 05:09:23 2022 UTC (5 months, 3 weeks ago) by gutteridge
Branch: MAIN
Changes since 1.23: +2 -1 lines
Diff to previous 1.23 (colored)

Bump all dependent packages of wayland (belatedly)

The package changed with the addition of its libepoll-shim dependency.
Otherwise, we can get:
ERROR: libepoll-shim>=0.0.20210418 is not installed; can't buildlink files.

Revision 1.23 / (download) - annotate - [select for diffs], Tue Aug 9 13:39:28 2022 UTC (5 months, 3 weeks ago) by nia
Branch: MAIN
Changes since 1.22: +2 -2 lines
Diff to previous 1.22 (colored)

firefox91: update to 91.12.0. Fix building with latest cbindgen.

                  Mozilla Foundation Security Advisory 2022-29

Security Vulnerabilities fixed in Firefox ESR 91.12

    #CVE-2022-36319: Mouse Position spoofing with CSS transforms

    #CVE-2022-36318: Directory indexes for bundled resources reflected URL
    parameters

Revision 1.19.2.1 / (download) - annotate - [select for diffs], Wed Jul 27 07:18:16 2022 UTC (6 months ago) by spz
Branch: pkgsrc-2022Q2
Changes since 1.19: +2 -2 lines
Diff to previous 1.19 (colored)

Pullup ticket #6658 - requested by nia
www/firefox91: security update
www/firefox91-l10n: dependency update

Revisions pulled up:
- www/firefox91-l10n/Makefile                                   1.13
- www/firefox91-l10n/distinfo                                   1.15
- www/firefox91/Makefile                                        1.22
- www/firefox91/distinfo                                        1.15

-------------------------------------------------------------------
   Module Name:	pkgsrc
   Committed By:	nia
   Date:		Fri Jul 22 08:16:40 UTC 2022

   Modified Files:
   	pkgsrc/www/firefox91: Makefile distinfo
   	pkgsrc/www/firefox91-l10n: Makefile distinfo

   Log Message:
   firefox91: update to 91.11.0

                     Mozilla Foundation Security Advisory 2022-25

   Security Vulnerabilities fixed in Firefox ESR 91.11

       #CVE-2022-34479: A popup window could be resized in a way to overlay the
       address bar with web content

       #CVE-2022-34470: Use-after-free in nsSHistory

       #CVE-2022-34468: CSP sandbox header without `allow-scripts` can be bypassed
       via retargeted javascript: URI

       #CVE-2022-34481: Potential integer overflow in ReplaceElementsAt

       #CVE-2022-31744: CSP bypass enabling stylesheet injection

       #CVE-2022-34472: Unavailable PAC file resulted in OCSP requests being
       blocked

       #CVE-2022-34478: Microsoft protocols can be attacked if a user accepts a
       prompt

       #CVE-2022-2200: Undesired attributes could be set as part of prototype
       pollution

       #CVE-2022-34484: Memory safety bugs fixed in Firefox 102 and Firefox ESR
       91.11


   To generate a diff of this commit:
   cvs rdiff -u -r1.21 -r1.22 pkgsrc/www/firefox91/Makefile
   cvs rdiff -u -r1.14 -r1.15 pkgsrc/www/firefox91/distinfo
   cvs rdiff -u -r1.12 -r1.13 pkgsrc/www/firefox91-l10n/Makefile
   cvs rdiff -u -r1.14 -r1.15 pkgsrc/www/firefox91-l10n/distinfo

Revision 1.22 / (download) - annotate - [select for diffs], Fri Jul 22 08:16:39 2022 UTC (6 months, 1 week ago) by nia
Branch: MAIN
Changes since 1.21: +2 -3 lines
Diff to previous 1.21 (colored)

firefox91: update to 91.11.0

                  Mozilla Foundation Security Advisory 2022-25

Security Vulnerabilities fixed in Firefox ESR 91.11

    #CVE-2022-34479: A popup window could be resized in a way to overlay the
    address bar with web content

    #CVE-2022-34470: Use-after-free in nsSHistory

    #CVE-2022-34468: CSP sandbox header without `allow-scripts` can be bypassed
    via retargeted javascript: URI

    #CVE-2022-34481: Potential integer overflow in ReplaceElementsAt

    #CVE-2022-31744: CSP bypass enabling stylesheet injection

    #CVE-2022-34472: Unavailable PAC file resulted in OCSP requests being
    blocked

    #CVE-2022-34478: Microsoft protocols can be attacked if a user accepts a
    prompt

    #CVE-2022-2200: Undesired attributes could be set as part of prototype
    pollution

    #CVE-2022-34484: Memory safety bugs fixed in Firefox 102 and Firefox ESR
    91.11

Revision 1.21 / (download) - annotate - [select for diffs], Sat Jul 2 16:53:38 2022 UTC (6 months, 4 weeks ago) by ryoon
Branch: MAIN
Changes since 1.20: +2 -2 lines
Diff to previous 1.20 (colored)

*: Recursive revbump from audio/pulseaudio

Revision 1.20 / (download) - annotate - [select for diffs], Tue Jun 28 11:37:04 2022 UTC (7 months ago) by wiz
Branch: MAIN
Changes since 1.19: +2 -1 lines
Diff to previous 1.19 (colored)

*: recursive bump for perl 5.36

Revision 1.19 / (download) - annotate - [select for diffs], Tue Jun 14 09:17:19 2022 UTC (7 months, 2 weeks ago) by nia
Branch: MAIN
CVS Tags: pkgsrc-2022Q2-base
Branch point for: pkgsrc-2022Q2
Changes since 1.18: +2 -2 lines
Diff to previous 1.18 (colored)

firefox91: update to 91.10.0

Security Vulnerabilities fixed in Firefox ESR 91.10

    #CVE-2022-31736: Cross-Origin resource's length leaked

    #CVE-2022-31737: Heap buffer overflow in WebGL

    #CVE-2022-31738: Browser window spoof using fullscreen mode

    #CVE-2022-31739: Attacker-influenced path traversal when saving downloaded
    files

    #CVE-2022-31740: Register allocation problem in WASM on arm64

    #CVE-2022-31741: Uninitialized variable leads to invalid memory read

    #CVE-2022-31742: Querying a WebAuthn token with a large number of
    allowCredential entries may have leaked cross-origin information

    #CVE-2022-31747: Memory safety bugs fixed in Firefox 101 and Firefox ESR
    91.10

Revision 1.15.2.2 / (download) - annotate - [select for diffs], Sun Jun 5 06:09:37 2022 UTC (7 months, 3 weeks ago) by spz
Branch: pkgsrc-2022Q1
Changes since 1.15.2.1: +2 -2 lines
Diff to previous 1.15.2.1 (colored) to branchpoint 1.15 (colored) next main 1.16 (colored)

Pullup ticket #6635 - requested by nia
www/firefox91: security update

Revisions pulled up:
- www/firefox91/Makefile                                        1.18
- www/firefox91/distinfo                                        1.13
- www/firefox91/patches/patch-browser_app_profile_firefox.js    1.2

-------------------------------------------------------------------
   Module Name:	pkgsrc
   Committed By:	nia
   Date:		Mon May 16 21:16:00 UTC 2022

   Modified Files:
   	pkgsrc/www/firefox91: Makefile distinfo
   	pkgsrc/www/firefox91/patches: patch-browser_app_profile_firefox.js

   Log Message:
   firefox91: update to 91.9.0

   Security Vulnerabilities fixed in Firefox ESR 91.9

       #CVE-2022-29914: Fullscreen notification bypass using popups

       #CVE-2022-29909: Bypassing permission prompt in nested browsing contexts

       #CVE-2022-29916: Leaking browser history with CSS variables

       #CVE-2022-29911: iframe Sandbox bypass

       #CVE-2022-29912: Reader mode bypassed SameSite cookies

       #CVE-2022-29917: Memory safety bugs fixed in Firefox 100 and Firefox ESR
       91.9


   To generate a diff of this commit:
   cvs rdiff -u -r1.17 -r1.18 pkgsrc/www/firefox91/Makefile
   cvs rdiff -u -r1.12 -r1.13 pkgsrc/www/firefox91/distinfo
   cvs rdiff -u -r1.1 -r1.2 \
       pkgsrc/www/firefox91/patches/patch-browser_app_profile_firefox.js

Revision 1.18 / (download) - annotate - [select for diffs], Mon May 16 21:15:59 2022 UTC (8 months, 2 weeks ago) by nia
Branch: MAIN
Changes since 1.17: +2 -3 lines
Diff to previous 1.17 (colored)

firefox91: update to 91.9.0

Security Vulnerabilities fixed in Firefox ESR 91.9

    #CVE-2022-29914: Fullscreen notification bypass using popups

    #CVE-2022-29909: Bypassing permission prompt in nested browsing contexts

    #CVE-2022-29916: Leaking browser history with CSS variables

    #CVE-2022-29911: iframe Sandbox bypass

    #CVE-2022-29912: Reader mode bypassed SameSite cookies

    #CVE-2022-29917: Memory safety bugs fixed in Firefox 100 and Firefox ESR
    91.9

Revision 1.17 / (download) - annotate - [select for diffs], Mon Apr 18 19:12:17 2022 UTC (9 months, 1 week ago) by adam
Branch: MAIN
Changes since 1.16: +2 -1 lines
Diff to previous 1.16 (colored)

revbump for textproc/icu update

Revision 1.15.2.1 / (download) - annotate - [select for diffs], Wed Apr 13 07:16:37 2022 UTC (9 months, 2 weeks ago) by bsiegert
Branch: pkgsrc-2022Q1
Changes since 1.15: +2 -3 lines
Diff to previous 1.15 (colored)

Pullup ticket #6612 - requested by nia
www/firefox91: security fix
www/firefox91-l10n: dependent update

Revisions pulled up:
- www/firefox91-l10n/Makefile                                   1.10
- www/firefox91-l10n/distinfo                                   1.12
- www/firefox91/Makefile                                        1.16
- www/firefox91/distinfo                                        1.12

---
   Module Name:	pkgsrc
   Committed By:	nia
   Date:		Sun Apr 10 13:43:44 UTC 2022

   Modified Files:
   	pkgsrc/www/firefox91: Makefile distinfo
   	pkgsrc/www/firefox91-l10n: Makefile distinfo

   Log Message:
   firefox91: update to 91.8.0

   Security Vulnerabilities fixed in Firefox ESR 91.8

   #CVE-2022-1097: Use-after-free in NSSToken objects

   #CVE-2022-28281: Out of bounds write due to unexpected WebAuthN Extensions

   #CVE-2022-1196: Use-after-free after VR Process destruction

   #CVE-2022-28282: Use-after-free in DocumentL10n::TranslateDocument

   #CVE-2022-28285: Incorrect AliasSet used in JIT Codegen

   #CVE-2022-28286: iframe contents could be rendered outside the border

   #CVE-2022-24713: Denial of Service via complex regular expressions

   #CVE-2022-28289: Memory safety bugs fixed in Firefox 99 and Firefox ESR 91.8

Revision 1.16 / (download) - annotate - [select for diffs], Sun Apr 10 13:43:43 2022 UTC (9 months, 3 weeks ago) by nia
Branch: MAIN
Changes since 1.15: +2 -3 lines
Diff to previous 1.15 (colored)

firefox91: update to 91.8.0

Security Vulnerabilities fixed in Firefox ESR 91.8

#CVE-2022-1097: Use-after-free in NSSToken objects

#CVE-2022-28281: Out of bounds write due to unexpected WebAuthN Extensions

#CVE-2022-1196: Use-after-free after VR Process destruction

#CVE-2022-28282: Use-after-free in DocumentL10n::TranslateDocument

#CVE-2022-28285: Incorrect AliasSet used in JIT Codegen

#CVE-2022-28286: iframe contents could be rendered outside the border

#CVE-2022-24713: Denial of Service via complex regular expressions

#CVE-2022-28289: Memory safety bugs fixed in Firefox 99 and Firefox ESR 91.8

Revision 1.15 / (download) - annotate - [select for diffs], Mon Mar 28 10:59:31 2022 UTC (10 months ago) by tnn
Branch: MAIN
CVS Tags: pkgsrc-2022Q1-base
Branch point for: pkgsrc-2022Q1
Changes since 1.14: +2 -1 lines
Diff to previous 1.14 (colored)

{s,t,w}*/*: revbump(1) for libsndfile

Revision 1.11.2.3 / (download) - annotate - [select for diffs], Sun Mar 13 18:34:40 2022 UTC (10 months, 2 weeks ago) by bsiegert
Branch: pkgsrc-2021Q4
Changes since 1.11.2.2: +2 -2 lines
Diff to previous 1.11.2.2 (colored) to branchpoint 1.11 (colored) next main 1.12 (colored)

Pullup ticket #6598 - requested by nia
www/firefox91: security fix

Revisions pulled up:
- www/firefox91/Makefile                                        1.14
- www/firefox91/distinfo                                        1.11

---
   Module Name:	pkgsrc
   Committed By:	nia
   Date:		Thu Mar 10 16:22:47 UTC 2022

   Modified Files:
   	pkgsrc/www/firefox91: Makefile distinfo

   Log Message:
   firefox91: update to 91.7.0

   Security Vulnerabilities fixed in Firefox ESR 91.7

       #CVE-2022-26383: Browser window spoof using fullscreen mode

       #CVE-2022-26384: iframe allow-scripts sandbox bypass

       #CVE-2022-26387: Time-of-check time-of-use bug when verifying add-on
       signatures

       #CVE-2022-26381: Use-after-free in text reflows

       #CVE-2022-26386: Temporary files downloaded to /tmp and accessible by other
       local users

Revision 1.14 / (download) - annotate - [select for diffs], Thu Mar 10 16:22:46 2022 UTC (10 months, 3 weeks ago) by nia
Branch: MAIN
Changes since 1.13: +2 -2 lines
Diff to previous 1.13 (colored)

firefox91: update to 91.7.0

Security Vulnerabilities fixed in Firefox ESR 91.7

    #CVE-2022-26383: Browser window spoof using fullscreen mode

    #CVE-2022-26384: iframe allow-scripts sandbox bypass

    #CVE-2022-26387: Time-of-check time-of-use bug when verifying add-on
    signatures

    #CVE-2022-26381: Use-after-free in text reflows

    #CVE-2022-26386: Temporary files downloaded to /tmp and accessible by other
    local users

Revision 1.11.2.2 / (download) - annotate - [select for diffs], Mon Feb 21 13:34:26 2022 UTC (11 months, 1 week ago) by bsiegert
Branch: pkgsrc-2021Q4
Changes since 1.11.2.1: +2 -2 lines
Diff to previous 1.11.2.1 (colored) to branchpoint 1.11 (colored)

Pullup ticket #6582 - requested by nia
www/firefox91: security fix

Revisions pulled up:
- www/firefox91/Makefile                                        1.13
- www/firefox91/distinfo                                        1.10

---
   Module Name:	pkgsrc
   Committed By:	nia
   Date:		Mon Feb 21 03:43:56 UTC 2022

   Modified Files:
   	pkgsrc/www/firefox91: Makefile distinfo

   Log Message:
   firefox91: update to 91.6.0

   Security Vulnerabilities fixed in Firefox ESR 91.6

       #CVE-2022-22753: Privilege Escalation to SYSTEM on Windows via Maintenance
       Service

       #CVE-2022-22754: Extensions could have bypassed permission confirmation
       during update

       #CVE-2022-22756: Drag and dropping an image could have resulted in the
       dropped object being an executable

       #CVE-2022-22759: Sandboxed iframes could have executed script if the parent
       appended elements

       #CVE-2022-22760: Cross-Origin responses could be distinguished between
       script and non-script content-types

       #CVE-2022-22761: frame-ancestors Content Security Policy directive was not
       enforced for framed extension pages

       #CVE-2022-22763: Script Execution during invalid object state

       #CVE-2022-22764: Memory safety bugs fixed in Firefox 97 and Firefox ESR 91.6

Revision 1.13 / (download) - annotate - [select for diffs], Mon Feb 21 03:43:56 2022 UTC (11 months, 1 week ago) by nia
Branch: MAIN
Changes since 1.12: +2 -2 lines
Diff to previous 1.12 (colored)

firefox91: update to 91.6.0

Security Vulnerabilities fixed in Firefox ESR 91.6

    #CVE-2022-22753: Privilege Escalation to SYSTEM on Windows via Maintenance
    Service

    #CVE-2022-22754: Extensions could have bypassed permission confirmation
    during update

    #CVE-2022-22756: Drag and dropping an image could have resulted in the
    dropped object being an executable

    #CVE-2022-22759: Sandboxed iframes could have executed script if the parent
    appended elements

    #CVE-2022-22760: Cross-Origin responses could be distinguished between
    script and non-script content-types

    #CVE-2022-22761: frame-ancestors Content Security Policy directive was not
    enforced for framed extension pages

    #CVE-2022-22763: Script Execution during invalid object state

    #CVE-2022-22764: Memory safety bugs fixed in Firefox 97 and Firefox ESR 91.6

Revision 1.11.2.1 / (download) - annotate - [select for diffs], Sun Feb 20 10:20:21 2022 UTC (11 months, 1 week ago) by bsiegert
Branch: pkgsrc-2021Q4
Changes since 1.11: +3 -3 lines
Diff to previous 1.11 (colored)

Pullup ticket #6580 - requested by nia
www/firefox91: security fix

Revisions pulled up:
- www/firefox91/Makefile                                        1.12
- www/firefox91/distinfo                                        1.9
- www/firefox91/patches/patch-gfx_angle_checkout_src_compiler_translator_InfoSink.h 1.2

---
   Module Name:	pkgsrc
   Committed By:	ryoon
   Date:		Wed Jan 26 13:38:07 UTC 2022

   Modified Files:
   	pkgsrc/www/firefox91: Makefile distinfo
   	pkgsrc/www/firefox91/patches:
   	    patch-gfx_angle_checkout_src_compiler_translator_InfoSink.h

   Log Message:
   firefox91: Update to 91.5.0

   Changelog:
   Security fixes:
   #CVE-2022-22746: Calling into reportValidity could have lead to fullscreen
   #CVE-2022-22743: Browser window spoof using fullscreen mode
   #CVE-2022-22742: Out-of-bounds memory access when inserting text in edit mode
   #CVE-2022-22741: Browser window spoof using fullscreen mode
   #CVE-2022-22740: Use-after-free of ChannelEventQueue::mOwner
   #CVE-2022-22738: Heap-buffer-overflow in blendGaussianBlur
   #CVE-2022-22737: Race condition when playing audio files
   #CVE-2021-4140: Iframe sandbox bypass with XSLT
   #CVE-2022-22748: Spoofed origin on external protocol launch dialog
   #CVE-2022-22745: Leaking cross-origin URLs through securitypolicyviolation
    event
   #CVE-2022-22744: The 'Copy as curl' feature in DevTools did not fully escape
    website-controlled data, potentially leading to command injection
   #CVE-2022-22747: Crash when handling empty pkcs7 sequence
   #CVE-2022-22739: Missing throttling on external protocol launch dialog
   #CVE-2022-22751: Memory safety bugs fixed in Firefox 96 and Firefox ESR 91.5

Revision 1.12 / (download) - annotate - [select for diffs], Wed Jan 26 13:38:06 2022 UTC (12 months ago) by ryoon
Branch: MAIN
Changes since 1.11: +3 -3 lines
Diff to previous 1.11 (colored)

firefox91: Update to 91.5.0

Changelog:
Security fixes:
#CVE-2022-22746: Calling into reportValidity could have lead to fullscreen
#CVE-2022-22743: Browser window spoof using fullscreen mode
#CVE-2022-22742: Out-of-bounds memory access when inserting text in edit mode
#CVE-2022-22741: Browser window spoof using fullscreen mode
#CVE-2022-22740: Use-after-free of ChannelEventQueue::mOwner
#CVE-2022-22738: Heap-buffer-overflow in blendGaussianBlur
#CVE-2022-22737: Race condition when playing audio files
#CVE-2021-4140: Iframe sandbox bypass with XSLT
#CVE-2022-22748: Spoofed origin on external protocol launch dialog
#CVE-2022-22745: Leaking cross-origin URLs through securitypolicyviolation
 event
#CVE-2022-22744: The 'Copy as curl' feature in DevTools did not fully escape
 website-controlled data, potentially leading to command injection
#CVE-2022-22747: Crash when handling empty pkcs7 sequence
#CVE-2022-22739: Missing throttling on external protocol launch dialog
#CVE-2022-22751: Memory safety bugs fixed in Firefox 96 and Firefox ESR 91.5

Revision 1.11 / (download) - annotate - [select for diffs], Wed Dec 22 16:05:28 2021 UTC (13 months, 1 week ago) by nia
Branch: MAIN
CVS Tags: pkgsrc-2021Q4-base
Branch point for: pkgsrc-2021Q4
Changes since 1.10: +2 -2 lines
Diff to previous 1.10 (colored)

firefox91: update to 91.4.1

Change, singular:

    Fixed frequent MOZILLA_PKIX_ERROR_OCSP_RESPONSE_FOR_CERT_MISSING error
messages when trying to connect to various microsoft.com domains (bug 1745600)

Revision 1.5.2.3 / (download) - annotate - [select for diffs], Tue Dec 14 17:44:44 2021 UTC (13 months, 2 weeks ago) by tm
Branch: pkgsrc-2021Q3
Changes since 1.5.2.2: +2 -2 lines
Diff to previous 1.5.2.2 (colored) to branchpoint 1.5 (colored) next main 1.6 (colored)

Pullup ticket #6552 - requested by nia
www/firefox91: security fix

Revisions pulled up:
- www/firefox91-l10n/Makefile                                   1.5
- www/firefox91-l10n/distinfo                                   1.7
- www/firefox91/Makefile                                        1.10
- www/firefox91/distinfo                                        1.7

---
   Module Name:	pkgsrc
   Committed By:	nia
   Date:		Fri Dec 10 14:32:07 UTC 2021

   Modified Files:
   	pkgsrc/www/firefox91: Makefile distinfo
   	pkgsrc/www/firefox91-l10n: Makefile distinfo

   Log Message:
   firefox91: Update to 91.4.0

   Security Vulnerabilities fixed in Firefox ESR 91.4.0

       #CVE-2021-43536: URL leakage when navigating while executing asynchronous
       function

       #CVE-2021-43537: Heap buffer overflow when using structured clone

       #CVE-2021-43538: Missing fullscreen and pointer lock notification when
       requesting both

       #CVE-2021-43539: GC rooting failure when calling wasm instance methods

       #CVE-2021-43541: External protocol handler parameters were unescaped

       #CVE-2021-43542: XMLHttpRequest error codes could have leaked the existence
       of an external protocol handler

       #CVE-2021-43543: Bypass of CSP sandbox directive when embedding

       #CVE-2021-43545: Denial of Service when using the Location API in a loop

       #CVE-2021-43546: Cursor spoofing could overlay user interface when native
       cursor is zoomed

       #MOZ-2021-0009: Memory safety bugs fixed in Firefox 95 and Firefox ESR 91.4

Revision 1.10 / (download) - annotate - [select for diffs], Fri Dec 10 14:32:07 2021 UTC (13 months, 3 weeks ago) by nia
Branch: MAIN
Changes since 1.9: +2 -3 lines
Diff to previous 1.9 (colored)

firefox91: Update to 91.4.0

Security Vulnerabilities fixed in Firefox ESR 91.4.0

    #CVE-2021-43536: URL leakage when navigating while executing asynchronous
    function

    #CVE-2021-43537: Heap buffer overflow when using structured clone

    #CVE-2021-43538: Missing fullscreen and pointer lock notification when
    requesting both

    #CVE-2021-43539: GC rooting failure when calling wasm instance methods

    #CVE-2021-43541: External protocol handler parameters were unescaped

    #CVE-2021-43542: XMLHttpRequest error codes could have leaked the existence
    of an external protocol handler

    #CVE-2021-43543: Bypass of CSP sandbox directive when embedding

    #CVE-2021-43545: Denial of Service when using the Location API in a loop

    #CVE-2021-43546: Cursor spoofing could overlay user interface when native
    cursor is zoomed

    #MOZ-2021-0009: Memory safety bugs fixed in Firefox 95 and Firefox ESR 91.4

Revision 1.9 / (download) - annotate - [select for diffs], Wed Dec 8 16:06:56 2021 UTC (13 months, 3 weeks ago) by adam
Branch: MAIN
Changes since 1.8: +2 -1 lines
Diff to previous 1.8 (colored)

revbump for icu and libffi

Revision 1.5.2.2 / (download) - annotate - [select for diffs], Fri Nov 5 19:28:52 2021 UTC (14 months, 3 weeks ago) by bsiegert
Branch: pkgsrc-2021Q3
Changes since 1.5.2.1: +2 -2 lines
Diff to previous 1.5.2.1 (colored) to branchpoint 1.5 (colored)

Pullup ticket #6530 - requested by nia
www/firefox91: security fix

Revisions pulled up:
- www/firefox91/Makefile                                        1.8
- www/firefox91/PLIST                                           1.3
- www/firefox91/distinfo                                        1.6
- www/firefox91/patches/patch-modules_fdlibm_src_math__private.h 1.1

---
   Module Name:	pkgsrc
   Committed By:	nia
   Date:		Wed Nov  3 19:19:40 UTC 2021

   Modified Files:
   	pkgsrc/www/firefox91: Makefile PLIST distinfo
   Added Files:
   	pkgsrc/www/firefox91/patches: patch-modules_fdlibm_src_math__private.h

   Log Message:
   firefox91: update to 91.3.0

   Security Vulnerabilities fixed in Firefox ESR 91.3

       #CVE-2021-38503: iframe sandbox rules did not apply to XSLT stylesheets

       #CVE-2021-38504: Use-after-free in file picker dialog

       #CVE-2021-38506: Firefox could be coaxed into going into fullscreen mode
       without notification or warning

       #CVE-2021-38507: Opportunistic Encryption in HTTP2 could be used to bypass
       the Same-Origin-Policy on services hosted on other ports

       #MOZ-2021-0008: Use-after-free in HTTP2 Session object

       #CVE-2021-38508: Permission Prompt could be overlaid, resulting in user
       confusion and potential spoofing

       #CVE-2021-38509: Javascript alert box could have been spoofed onto an
       arbitrary domain

       #CVE-2021-38510: Download Protections were bypassed by .inetloc files on Mac
       OS

       #MOZ-2021-0007: Memory safety bugs fixed in Firefox 94 and Firefox ESR 91.3

Revision 1.8 / (download) - annotate - [select for diffs], Wed Nov 3 19:19:40 2021 UTC (14 months, 3 weeks ago) by nia
Branch: MAIN
Changes since 1.7: +2 -3 lines
Diff to previous 1.7 (colored)

firefox91: update to 91.3.0

Security Vulnerabilities fixed in Firefox ESR 91.3

    #CVE-2021-38503: iframe sandbox rules did not apply to XSLT stylesheets

    #CVE-2021-38504: Use-after-free in file picker dialog

    #CVE-2021-38506: Firefox could be coaxed into going into fullscreen mode
    without notification or warning

    #CVE-2021-38507: Opportunistic Encryption in HTTP2 could be used to bypass
    the Same-Origin-Policy on services hosted on other ports

    #MOZ-2021-0008: Use-after-free in HTTP2 Session object

    #CVE-2021-38508: Permission Prompt could be overlaid, resulting in user
    confusion and potential spoofing

    #CVE-2021-38509: Javascript alert box could have been spoofed onto an
    arbitrary domain

    #CVE-2021-38510: Download Protections were bypassed by .inetloc files on Mac
    OS

    #MOZ-2021-0007: Memory safety bugs fixed in Firefox 94 and Firefox ESR 91.3

Revision 1.5.2.1 / (download) - annotate - [select for diffs], Mon Oct 11 18:36:20 2021 UTC (15 months, 2 weeks ago) by bsiegert
Branch: pkgsrc-2021Q3
Changes since 1.5: +2 -3 lines
Diff to previous 1.5 (colored)

Pullup ticket #6509 - requested by nia
www/firefox91: security fix
www/firefox91-l10n: dependent update

Revisions pulled up:
- www/firefox91-l10n/Makefile                                   1.3
- www/firefox91-l10n/distinfo                                   1.4
- www/firefox91/Makefile                                        1.6
- www/firefox91/distinfo                                        1.4

---
   Module Name:	pkgsrc
   Committed By:	nia
   Date:		Fri Oct  8 14:41:35 UTC 2021

   Modified Files:
   	pkgsrc/www/firefox91: Makefile distinfo
   	pkgsrc/www/firefox91-l10n: Makefile distinfo

   Log Message:
   firefox91: Update to 91.2.0

   Security Vulnerabilities fixed in Firefox ESR 91.2

       #CVE-2021-38496: Use-after-free in MessageTask

       #CVE-2021-38497: Validation message could have been overlaid on another
       origin

       #CVE-2021-38498: Use-after-free of nsLanguageAtomService object

       #CVE-2021-32810: Data race in crossbeam-deque

       #CVE-2021-38500: Memory safety bugs fixed in Firefox 93, Firefox ESR 78.15,
       and Firefox ESR 91.2

Revision 1.7 / (download) - annotate - [select for diffs], Sat Oct 9 15:35:12 2021 UTC (15 months, 3 weeks ago) by nia
Branch: MAIN
Changes since 1.6: +2 -1 lines
Diff to previous 1.6 (colored)

Recursive revbump for multimedia/libaom

Revision 1.6 / (download) - annotate - [select for diffs], Fri Oct 8 14:41:34 2021 UTC (15 months, 3 weeks ago) by nia
Branch: MAIN
Changes since 1.5: +2 -3 lines
Diff to previous 1.5 (colored)

firefox91: Update to 91.2.0

Security Vulnerabilities fixed in Firefox ESR 91.2

    #CVE-2021-38496: Use-after-free in MessageTask

    #CVE-2021-38497: Validation message could have been overlaid on another
    origin

    #CVE-2021-38498: Use-after-free of nsLanguageAtomService object

    #CVE-2021-32810: Data race in crossbeam-deque

    #CVE-2021-38500: Memory safety bugs fixed in Firefox 93, Firefox ESR 78.15,
    and Firefox ESR 91.2

Revision 1.5 / (download) - annotate - [select for diffs], Thu Sep 16 20:46:35 2021 UTC (16 months, 2 weeks ago) by nia
Branch: MAIN
CVS Tags: pkgsrc-2021Q3-base
Branch point for: pkgsrc-2021Q3
Changes since 1.4: +3 -2 lines
Diff to previous 1.4 (colored)

firefox91: we no longer install to share/pixmaps

Revision 1.4 / (download) - annotate - [select for diffs], Thu Sep 16 20:45:38 2021 UTC (16 months, 2 weeks ago) by nia
Branch: MAIN
Changes since 1.3: +2 -2 lines
Diff to previous 1.3 (colored)

firefox91: Explicitly use "unofficial" branding

Firefox's build system defaults to "nightly" for builds without official
branding, and in practice there seems to be very little difference between
"nightly" and "unofficial", but this at least makes our choice explicit.

Bump PKGREVISION

Revision 1.3 / (download) - annotate - [select for diffs], Thu Sep 16 17:47:13 2021 UTC (16 months, 2 weeks ago) by nia
Branch: MAIN
Changes since 1.2: +14 -35 lines
Diff to previous 1.2 (colored)

firefox91: install scalable icons, bump PKGREVISION

Revision 1.2 / (download) - annotate - [select for diffs], Thu Sep 9 11:13:59 2021 UTC (16 months, 3 weeks ago) by nia
Branch: MAIN
Changes since 1.1: +3 -3 lines
Diff to previous 1.1 (colored)

firefox91: update to 91.1.0

This fixes CVE-2021-38495

Revision 1.1 / (download) - annotate - [select for diffs], Wed Sep 8 22:19:50 2021 UTC (16 months, 3 weeks ago) by nia
Branch: MAIN

Add Firefox 91ESR as a starting point for the branch.

This form allows you to request diff's between any two revisions of a file. You may select a symbolic revision name using the selection box or you may type in a numeric name using the type-in text box.




CVSweb <webmaster@jp.NetBSD.org>