![[BACK]](/icons/back.gif){kind=icon}
Up to [cvs.NetBSD.org] / pkgsrc / www / firefox91
Request diff between arbitrary revisions
Default branch: MAIN
Revision 1.20, Mon Aug 28 06:46:33 2023 UTC (7 months, 3 weeks ago) by nia
Branch: MAIN
CVS Tags: HEAD
Changes since 1.19: +1 -1
lines
FILE REMOVED
Remove www/firefox91 We were keeping this around for screen recording support, which is now supported and stable in 102 ESR.
Revision 1.19 / (download) - annotate - [select for diffs], Mon Aug 7 13:28:04 2023 UTC (8 months, 1 week ago) by abs
Branch: MAIN
Changes since 1.18: +7 -1
lines
Diff to previous 1.18 (colored)
Fix firefox91 build with python 3.{10,11}
Bump PKGREVISION
Maintainer pinged 17/7
Revision 1.18 / (download) - annotate - [select for diffs], Sat Dec 10 09:25:58 2022 UTC (16 months, 1 week ago) by abs
Branch: MAIN
CVS Tags: pkgsrc-2023Q2-base,
pkgsrc-2023Q2,
pkgsrc-2023Q1-base,
pkgsrc-2023Q1,
pkgsrc-2022Q4-base,
pkgsrc-2022Q4
Changes since 1.17: +2 -1
lines
Diff to previous 1.17 (colored)
Fix build with rust 1.64.0 and its stricter borrow checker (Most excellent patch from adam@ - we get firefox91 back!) Bump PKGREVISION
Revision 1.14.2.2 / (download) - annotate - [select for diffs], Tue Sep 20 18:31:28 2022 UTC (18 months, 4 weeks ago) by bsiegert
Branch: pkgsrc-2022Q2
Changes since 1.14.2.1: +4 -4
lines
Diff to previous 1.14.2.1 (colored) to branchpoint 1.14 (colored) next main 1.15 (colored)
Pullup ticket #6670 - requested by nia
www/firefox91: security fix
www/firefox91-l10n: dependent update
Revisions pulled up:
- www/firefox91-l10n/Makefile 1.15
- www/firefox91-l10n/distinfo 1.17
- www/firefox91/Makefile 1.25
- www/firefox91/distinfo 1.17
---
Module Name: pkgsrc
Committed By: nia
Date: Tue Sep 6 15:38:35 UTC 2022
Modified Files:
pkgsrc/www/firefox91: Makefile distinfo
pkgsrc/www/firefox91-l10n: Makefile distinfo
Log Message:
firefox91: update to 91.13.0
Security Vulnerabilities fixed in Firefox ESR 91.13
#CVE-2022-38472: Address bar spoofing via XSLT error handling
#CVE-2022-38473: Cross-origin XSLT Documents would have inherited the
parent's permissions
#CVE-2022-38478: Memory safety bugs fixed in Firefox 104, Firefox ESR 102.2,
and Firefox ESR 91.13
Revision 1.17 / (download) - annotate - [select for diffs], Tue Sep 6 15:38:35 2022 UTC (19 months, 1 week ago) by nia
Branch: MAIN
CVS Tags: pkgsrc-2022Q3-base,
pkgsrc-2022Q3
Changes since 1.16: +4 -4
lines
Diff to previous 1.16 (colored)
firefox91: update to 91.13.0
Security Vulnerabilities fixed in Firefox ESR 91.13
#CVE-2022-38472: Address bar spoofing via XSLT error handling
#CVE-2022-38473: Cross-origin XSLT Documents would have inherited the
parent's permissions
#CVE-2022-38478: Memory safety bugs fixed in Firefox 104, Firefox ESR 102.2,
and Firefox ESR 91.13
Revision 1.16 / (download) - annotate - [select for diffs], Tue Aug 9 13:39:28 2022 UTC (20 months, 1 week ago) by nia
Branch: MAIN
Changes since 1.15: +5 -4
lines
Diff to previous 1.15 (colored)
firefox91: update to 91.12.0. Fix building with latest cbindgen.
Mozilla Foundation Security Advisory 2022-29
Security Vulnerabilities fixed in Firefox ESR 91.12
#CVE-2022-36319: Mouse Position spoofing with CSS transforms
#CVE-2022-36318: Directory indexes for bundled resources reflected URL
parameters
Revision 1.14.2.1 / (download) - annotate - [select for diffs], Wed Jul 27 07:18:16 2022 UTC (20 months, 3 weeks ago) by spz
Branch: pkgsrc-2022Q2
Changes since 1.14: +4 -4
lines
Diff to previous 1.14 (colored)
Pullup ticket #6658 - requested by nia
www/firefox91: security update
www/firefox91-l10n: dependency update
Revisions pulled up:
- www/firefox91-l10n/Makefile 1.13
- www/firefox91-l10n/distinfo 1.15
- www/firefox91/Makefile 1.22
- www/firefox91/distinfo 1.15
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: nia
Date: Fri Jul 22 08:16:40 UTC 2022
Modified Files:
pkgsrc/www/firefox91: Makefile distinfo
pkgsrc/www/firefox91-l10n: Makefile distinfo
Log Message:
firefox91: update to 91.11.0
Mozilla Foundation Security Advisory 2022-25
Security Vulnerabilities fixed in Firefox ESR 91.11
#CVE-2022-34479: A popup window could be resized in a way to overlay the
address bar with web content
#CVE-2022-34470: Use-after-free in nsSHistory
#CVE-2022-34468: CSP sandbox header without `allow-scripts` can be bypassed
via retargeted javascript: URI
#CVE-2022-34481: Potential integer overflow in ReplaceElementsAt
#CVE-2022-31744: CSP bypass enabling stylesheet injection
#CVE-2022-34472: Unavailable PAC file resulted in OCSP requests being
blocked
#CVE-2022-34478: Microsoft protocols can be attacked if a user accepts a
prompt
#CVE-2022-2200: Undesired attributes could be set as part of prototype
pollution
#CVE-2022-34484: Memory safety bugs fixed in Firefox 102 and Firefox ESR
91.11
To generate a diff of this commit:
cvs rdiff -u -r1.21 -r1.22 pkgsrc/www/firefox91/Makefile
cvs rdiff -u -r1.14 -r1.15 pkgsrc/www/firefox91/distinfo
cvs rdiff -u -r1.12 -r1.13 pkgsrc/www/firefox91-l10n/Makefile
cvs rdiff -u -r1.14 -r1.15 pkgsrc/www/firefox91-l10n/distinfo
Revision 1.15 / (download) - annotate - [select for diffs], Fri Jul 22 08:16:39 2022 UTC (20 months, 4 weeks ago) by nia
Branch: MAIN
Changes since 1.14: +4 -4
lines
Diff to previous 1.14 (colored)
firefox91: update to 91.11.0
Mozilla Foundation Security Advisory 2022-25
Security Vulnerabilities fixed in Firefox ESR 91.11
#CVE-2022-34479: A popup window could be resized in a way to overlay the
address bar with web content
#CVE-2022-34470: Use-after-free in nsSHistory
#CVE-2022-34468: CSP sandbox header without `allow-scripts` can be bypassed
via retargeted javascript: URI
#CVE-2022-34481: Potential integer overflow in ReplaceElementsAt
#CVE-2022-31744: CSP bypass enabling stylesheet injection
#CVE-2022-34472: Unavailable PAC file resulted in OCSP requests being
blocked
#CVE-2022-34478: Microsoft protocols can be attacked if a user accepts a
prompt
#CVE-2022-2200: Undesired attributes could be set as part of prototype
pollution
#CVE-2022-34484: Memory safety bugs fixed in Firefox 102 and Firefox ESR
91.11
Revision 1.14 / (download) - annotate - [select for diffs], Tue Jun 14 09:17:19 2022 UTC (22 months ago) by nia
Branch: MAIN
CVS Tags: pkgsrc-2022Q2-base
Branch point for: pkgsrc-2022Q2
Changes since 1.13: +4 -4
lines
Diff to previous 1.13 (colored)
firefox91: update to 91.10.0
Security Vulnerabilities fixed in Firefox ESR 91.10
#CVE-2022-31736: Cross-Origin resource's length leaked
#CVE-2022-31737: Heap buffer overflow in WebGL
#CVE-2022-31738: Browser window spoof using fullscreen mode
#CVE-2022-31739: Attacker-influenced path traversal when saving downloaded
files
#CVE-2022-31740: Register allocation problem in WASM on arm64
#CVE-2022-31741: Uninitialized variable leads to invalid memory read
#CVE-2022-31742: Querying a WebAuthn token with a large number of
allowCredential entries may have leaked cross-origin information
#CVE-2022-31747: Memory safety bugs fixed in Firefox 101 and Firefox ESR
91.10
Revision 1.11.2.2 / (download) - annotate - [select for diffs], Sun Jun 5 06:09:37 2022 UTC (22 months, 2 weeks ago) by spz
Branch: pkgsrc-2022Q1
Changes since 1.11.2.1: +5 -5
lines
Diff to previous 1.11.2.1 (colored) to branchpoint 1.11 (colored) next main 1.12 (colored)
Pullup ticket #6635 - requested by nia
www/firefox91: security update
Revisions pulled up:
- www/firefox91/Makefile 1.18
- www/firefox91/distinfo 1.13
- www/firefox91/patches/patch-browser_app_profile_firefox.js 1.2
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: nia
Date: Mon May 16 21:16:00 UTC 2022
Modified Files:
pkgsrc/www/firefox91: Makefile distinfo
pkgsrc/www/firefox91/patches: patch-browser_app_profile_firefox.js
Log Message:
firefox91: update to 91.9.0
Security Vulnerabilities fixed in Firefox ESR 91.9
#CVE-2022-29914: Fullscreen notification bypass using popups
#CVE-2022-29909: Bypassing permission prompt in nested browsing contexts
#CVE-2022-29916: Leaking browser history with CSS variables
#CVE-2022-29911: iframe Sandbox bypass
#CVE-2022-29912: Reader mode bypassed SameSite cookies
#CVE-2022-29917: Memory safety bugs fixed in Firefox 100 and Firefox ESR
91.9
To generate a diff of this commit:
cvs rdiff -u -r1.17 -r1.18 pkgsrc/www/firefox91/Makefile
cvs rdiff -u -r1.12 -r1.13 pkgsrc/www/firefox91/distinfo
cvs rdiff -u -r1.1 -r1.2 \
pkgsrc/www/firefox91/patches/patch-browser_app_profile_firefox.js
Revision 1.13 / (download) - annotate - [select for diffs], Mon May 16 21:15:59 2022 UTC (23 months ago) by nia
Branch: MAIN
Changes since 1.12: +5 -5
lines
Diff to previous 1.12 (colored)
firefox91: update to 91.9.0
Security Vulnerabilities fixed in Firefox ESR 91.9
#CVE-2022-29914: Fullscreen notification bypass using popups
#CVE-2022-29909: Bypassing permission prompt in nested browsing contexts
#CVE-2022-29916: Leaking browser history with CSS variables
#CVE-2022-29911: iframe Sandbox bypass
#CVE-2022-29912: Reader mode bypassed SameSite cookies
#CVE-2022-29917: Memory safety bugs fixed in Firefox 100 and Firefox ESR
91.9
Revision 1.11.2.1 / (download) - annotate - [select for diffs], Wed Apr 13 07:16:37 2022 UTC (2 years ago) by bsiegert
Branch: pkgsrc-2022Q1
Changes since 1.11: +4 -4
lines
Diff to previous 1.11 (colored)
Pullup ticket #6612 - requested by nia www/firefox91: security fix www/firefox91-l10n: dependent update Revisions pulled up: - www/firefox91-l10n/Makefile 1.10 - www/firefox91-l10n/distinfo 1.12 - www/firefox91/Makefile 1.16 - www/firefox91/distinfo 1.12 --- Module Name: pkgsrc Committed By: nia Date: Sun Apr 10 13:43:44 UTC 2022 Modified Files: pkgsrc/www/firefox91: Makefile distinfo pkgsrc/www/firefox91-l10n: Makefile distinfo Log Message: firefox91: update to 91.8.0 Security Vulnerabilities fixed in Firefox ESR 91.8 #CVE-2022-1097: Use-after-free in NSSToken objects #CVE-2022-28281: Out of bounds write due to unexpected WebAuthN Extensions #CVE-2022-1196: Use-after-free after VR Process destruction #CVE-2022-28282: Use-after-free in DocumentL10n::TranslateDocument #CVE-2022-28285: Incorrect AliasSet used in JIT Codegen #CVE-2022-28286: iframe contents could be rendered outside the border #CVE-2022-24713: Denial of Service via complex regular expressions #CVE-2022-28289: Memory safety bugs fixed in Firefox 99 and Firefox ESR 91.8
Revision 1.12 / (download) - annotate - [select for diffs], Sun Apr 10 13:43:43 2022 UTC (2 years ago) by nia
Branch: MAIN
Changes since 1.11: +4 -4
lines
Diff to previous 1.11 (colored)
firefox91: update to 91.8.0 Security Vulnerabilities fixed in Firefox ESR 91.8 #CVE-2022-1097: Use-after-free in NSSToken objects #CVE-2022-28281: Out of bounds write due to unexpected WebAuthN Extensions #CVE-2022-1196: Use-after-free after VR Process destruction #CVE-2022-28282: Use-after-free in DocumentL10n::TranslateDocument #CVE-2022-28285: Incorrect AliasSet used in JIT Codegen #CVE-2022-28286: iframe contents could be rendered outside the border #CVE-2022-24713: Denial of Service via complex regular expressions #CVE-2022-28289: Memory safety bugs fixed in Firefox 99 and Firefox ESR 91.8
Revision 1.8.2.3 / (download) - annotate - [select for diffs], Sun Mar 13 18:34:40 2022 UTC (2 years, 1 month ago) by bsiegert
Branch: pkgsrc-2021Q4
Changes since 1.8.2.2: +4 -4
lines
Diff to previous 1.8.2.2 (colored) to branchpoint 1.8 (colored) next main 1.9 (colored)
Pullup ticket #6598 - requested by nia
www/firefox91: security fix
Revisions pulled up:
- www/firefox91/Makefile 1.14
- www/firefox91/distinfo 1.11
---
Module Name: pkgsrc
Committed By: nia
Date: Thu Mar 10 16:22:47 UTC 2022
Modified Files:
pkgsrc/www/firefox91: Makefile distinfo
Log Message:
firefox91: update to 91.7.0
Security Vulnerabilities fixed in Firefox ESR 91.7
#CVE-2022-26383: Browser window spoof using fullscreen mode
#CVE-2022-26384: iframe allow-scripts sandbox bypass
#CVE-2022-26387: Time-of-check time-of-use bug when verifying add-on
signatures
#CVE-2022-26381: Use-after-free in text reflows
#CVE-2022-26386: Temporary files downloaded to /tmp and accessible by other
local users
Revision 1.11 / (download) - annotate - [select for diffs], Thu Mar 10 16:22:46 2022 UTC (2 years, 1 month ago) by nia
Branch: MAIN
CVS Tags: pkgsrc-2022Q1-base
Branch point for: pkgsrc-2022Q1
Changes since 1.10: +4 -4
lines
Diff to previous 1.10 (colored)
firefox91: update to 91.7.0
Security Vulnerabilities fixed in Firefox ESR 91.7
#CVE-2022-26383: Browser window spoof using fullscreen mode
#CVE-2022-26384: iframe allow-scripts sandbox bypass
#CVE-2022-26387: Time-of-check time-of-use bug when verifying add-on
signatures
#CVE-2022-26381: Use-after-free in text reflows
#CVE-2022-26386: Temporary files downloaded to /tmp and accessible by other
local users
Revision 1.8.2.2 / (download) - annotate - [select for diffs], Mon Feb 21 13:34:26 2022 UTC (2 years, 1 month ago) by bsiegert
Branch: pkgsrc-2021Q4
Changes since 1.8.2.1: +4 -4
lines
Diff to previous 1.8.2.1 (colored) to branchpoint 1.8 (colored)
Pullup ticket #6582 - requested by nia
www/firefox91: security fix
Revisions pulled up:
- www/firefox91/Makefile 1.13
- www/firefox91/distinfo 1.10
---
Module Name: pkgsrc
Committed By: nia
Date: Mon Feb 21 03:43:56 UTC 2022
Modified Files:
pkgsrc/www/firefox91: Makefile distinfo
Log Message:
firefox91: update to 91.6.0
Security Vulnerabilities fixed in Firefox ESR 91.6
#CVE-2022-22753: Privilege Escalation to SYSTEM on Windows via Maintenance
Service
#CVE-2022-22754: Extensions could have bypassed permission confirmation
during update
#CVE-2022-22756: Drag and dropping an image could have resulted in the
dropped object being an executable
#CVE-2022-22759: Sandboxed iframes could have executed script if the parent
appended elements
#CVE-2022-22760: Cross-Origin responses could be distinguished between
script and non-script content-types
#CVE-2022-22761: frame-ancestors Content Security Policy directive was not
enforced for framed extension pages
#CVE-2022-22763: Script Execution during invalid object state
#CVE-2022-22764: Memory safety bugs fixed in Firefox 97 and Firefox ESR 91.6
Revision 1.10 / (download) - annotate - [select for diffs], Mon Feb 21 03:43:56 2022 UTC (2 years, 1 month ago) by nia
Branch: MAIN
Changes since 1.9: +4 -4
lines
Diff to previous 1.9 (colored)
firefox91: update to 91.6.0
Security Vulnerabilities fixed in Firefox ESR 91.6
#CVE-2022-22753: Privilege Escalation to SYSTEM on Windows via Maintenance
Service
#CVE-2022-22754: Extensions could have bypassed permission confirmation
during update
#CVE-2022-22756: Drag and dropping an image could have resulted in the
dropped object being an executable
#CVE-2022-22759: Sandboxed iframes could have executed script if the parent
appended elements
#CVE-2022-22760: Cross-Origin responses could be distinguished between
script and non-script content-types
#CVE-2022-22761: frame-ancestors Content Security Policy directive was not
enforced for framed extension pages
#CVE-2022-22763: Script Execution during invalid object state
#CVE-2022-22764: Memory safety bugs fixed in Firefox 97 and Firefox ESR 91.6
Revision 1.8.2.1 / (download) - annotate - [select for diffs], Sun Feb 20 10:20:21 2022 UTC (2 years, 1 month ago) by bsiegert
Branch: pkgsrc-2021Q4
Changes since 1.8: +5 -5
lines
Diff to previous 1.8 (colored)
Pullup ticket #6580 - requested by nia
www/firefox91: security fix
Revisions pulled up:
- www/firefox91/Makefile 1.12
- www/firefox91/distinfo 1.9
- www/firefox91/patches/patch-gfx_angle_checkout_src_compiler_translator_InfoSink.h 1.2
---
Module Name: pkgsrc
Committed By: ryoon
Date: Wed Jan 26 13:38:07 UTC 2022
Modified Files:
pkgsrc/www/firefox91: Makefile distinfo
pkgsrc/www/firefox91/patches:
patch-gfx_angle_checkout_src_compiler_translator_InfoSink.h
Log Message:
firefox91: Update to 91.5.0
Changelog:
Security fixes:
#CVE-2022-22746: Calling into reportValidity could have lead to fullscreen
#CVE-2022-22743: Browser window spoof using fullscreen mode
#CVE-2022-22742: Out-of-bounds memory access when inserting text in edit mode
#CVE-2022-22741: Browser window spoof using fullscreen mode
#CVE-2022-22740: Use-after-free of ChannelEventQueue::mOwner
#CVE-2022-22738: Heap-buffer-overflow in blendGaussianBlur
#CVE-2022-22737: Race condition when playing audio files
#CVE-2021-4140: Iframe sandbox bypass with XSLT
#CVE-2022-22748: Spoofed origin on external protocol launch dialog
#CVE-2022-22745: Leaking cross-origin URLs through securitypolicyviolation
event
#CVE-2022-22744: The 'Copy as curl' feature in DevTools did not fully escape
website-controlled data, potentially leading to command injection
#CVE-2022-22747: Crash when handling empty pkcs7 sequence
#CVE-2022-22739: Missing throttling on external protocol launch dialog
#CVE-2022-22751: Memory safety bugs fixed in Firefox 96 and Firefox ESR 91.5
Revision 1.9 / (download) - annotate - [select for diffs], Wed Jan 26 13:38:06 2022 UTC (2 years, 2 months ago) by ryoon
Branch: MAIN
Changes since 1.8: +5 -5
lines
Diff to previous 1.8 (colored)
firefox91: Update to 91.5.0 Changelog: Security fixes: #CVE-2022-22746: Calling into reportValidity could have lead to fullscreen #CVE-2022-22743: Browser window spoof using fullscreen mode #CVE-2022-22742: Out-of-bounds memory access when inserting text in edit mode #CVE-2022-22741: Browser window spoof using fullscreen mode #CVE-2022-22740: Use-after-free of ChannelEventQueue::mOwner #CVE-2022-22738: Heap-buffer-overflow in blendGaussianBlur #CVE-2022-22737: Race condition when playing audio files #CVE-2021-4140: Iframe sandbox bypass with XSLT #CVE-2022-22748: Spoofed origin on external protocol launch dialog #CVE-2022-22745: Leaking cross-origin URLs through securitypolicyviolation event #CVE-2022-22744: The 'Copy as curl' feature in DevTools did not fully escape website-controlled data, potentially leading to command injection #CVE-2022-22747: Crash when handling empty pkcs7 sequence #CVE-2022-22739: Missing throttling on external protocol launch dialog #CVE-2022-22751: Memory safety bugs fixed in Firefox 96 and Firefox ESR 91.5
Revision 1.8 / (download) - annotate - [select for diffs], Wed Dec 22 16:05:28 2021 UTC (2 years, 3 months ago) by nia
Branch: MAIN
CVS Tags: pkgsrc-2021Q4-base
Branch point for: pkgsrc-2021Q4
Changes since 1.7: +4 -4
lines
Diff to previous 1.7 (colored)
firefox91: update to 91.4.1
Change, singular:
Fixed frequent MOZILLA_PKIX_ERROR_OCSP_RESPONSE_FOR_CERT_MISSING error
messages when trying to connect to various microsoft.com domains (bug 1745600)
Revision 1.2.2.3 / (download) - annotate - [select for diffs], Tue Dec 14 17:44:44 2021 UTC (2 years, 4 months ago) by tm
Branch: pkgsrc-2021Q3
Changes since 1.2.2.2: +7 -3
lines
Diff to previous 1.2.2.2 (colored) to branchpoint 1.2 (colored) next main 1.3 (colored)
Pullup ticket #6552 - requested by nia
www/firefox91: security fix
Revisions pulled up:
- www/firefox91-l10n/Makefile 1.5
- www/firefox91-l10n/distinfo 1.7
- www/firefox91/Makefile 1.10
- www/firefox91/distinfo 1.7
---
Module Name: pkgsrc
Committed By: nia
Date: Fri Dec 10 14:32:07 UTC 2021
Modified Files:
pkgsrc/www/firefox91: Makefile distinfo
pkgsrc/www/firefox91-l10n: Makefile distinfo
Log Message:
firefox91: Update to 91.4.0
Security Vulnerabilities fixed in Firefox ESR 91.4.0
#CVE-2021-43536: URL leakage when navigating while executing asynchronous
function
#CVE-2021-43537: Heap buffer overflow when using structured clone
#CVE-2021-43538: Missing fullscreen and pointer lock notification when
requesting both
#CVE-2021-43539: GC rooting failure when calling wasm instance methods
#CVE-2021-43541: External protocol handler parameters were unescaped
#CVE-2021-43542: XMLHttpRequest error codes could have leaked the existence
of an external protocol handler
#CVE-2021-43543: Bypass of CSP sandbox directive when embedding
#CVE-2021-43545: Denial of Service when using the Location API in a loop
#CVE-2021-43546: Cursor spoofing could overlay user interface when native
cursor is zoomed
#MOZ-2021-0009: Memory safety bugs fixed in Firefox 95 and Firefox ESR 91.4
Revision 1.7 / (download) - annotate - [select for diffs], Fri Dec 10 14:32:07 2021 UTC (2 years, 4 months ago) by nia
Branch: MAIN
Changes since 1.6: +4 -4
lines
Diff to previous 1.6 (colored)
firefox91: Update to 91.4.0
Security Vulnerabilities fixed in Firefox ESR 91.4.0
#CVE-2021-43536: URL leakage when navigating while executing asynchronous
function
#CVE-2021-43537: Heap buffer overflow when using structured clone
#CVE-2021-43538: Missing fullscreen and pointer lock notification when
requesting both
#CVE-2021-43539: GC rooting failure when calling wasm instance methods
#CVE-2021-43541: External protocol handler parameters were unescaped
#CVE-2021-43542: XMLHttpRequest error codes could have leaked the existence
of an external protocol handler
#CVE-2021-43543: Bypass of CSP sandbox directive when embedding
#CVE-2021-43545: Denial of Service when using the Location API in a loop
#CVE-2021-43546: Cursor spoofing could overlay user interface when native
cursor is zoomed
#MOZ-2021-0009: Memory safety bugs fixed in Firefox 95 and Firefox ESR 91.4
Revision 1.2.2.2 / (download) - annotate - [select for diffs], Fri Nov 5 19:28:52 2021 UTC (2 years, 5 months ago) by bsiegert
Branch: pkgsrc-2021Q3
Changes since 1.2.2.1: +4 -5
lines
Diff to previous 1.2.2.1 (colored) to branchpoint 1.2 (colored)
Pullup ticket #6530 - requested by nia
www/firefox91: security fix
Revisions pulled up:
- www/firefox91/Makefile 1.8
- www/firefox91/PLIST 1.3
- www/firefox91/distinfo 1.6
- www/firefox91/patches/patch-modules_fdlibm_src_math__private.h 1.1
---
Module Name: pkgsrc
Committed By: nia
Date: Wed Nov 3 19:19:40 UTC 2021
Modified Files:
pkgsrc/www/firefox91: Makefile PLIST distinfo
Added Files:
pkgsrc/www/firefox91/patches: patch-modules_fdlibm_src_math__private.h
Log Message:
firefox91: update to 91.3.0
Security Vulnerabilities fixed in Firefox ESR 91.3
#CVE-2021-38503: iframe sandbox rules did not apply to XSLT stylesheets
#CVE-2021-38504: Use-after-free in file picker dialog
#CVE-2021-38506: Firefox could be coaxed into going into fullscreen mode
without notification or warning
#CVE-2021-38507: Opportunistic Encryption in HTTP2 could be used to bypass
the Same-Origin-Policy on services hosted on other ports
#MOZ-2021-0008: Use-after-free in HTTP2 Session object
#CVE-2021-38508: Permission Prompt could be overlaid, resulting in user
confusion and potential spoofing
#CVE-2021-38509: Javascript alert box could have been spoofed onto an
arbitrary domain
#CVE-2021-38510: Download Protections were bypassed by .inetloc files on Mac
OS
#MOZ-2021-0007: Memory safety bugs fixed in Firefox 94 and Firefox ESR 91.3
Revision 1.6 / (download) - annotate - [select for diffs], Wed Nov 3 19:19:40 2021 UTC (2 years, 5 months ago) by nia
Branch: MAIN
Changes since 1.5: +5 -4
lines
Diff to previous 1.5 (colored)
firefox91: update to 91.3.0
Security Vulnerabilities fixed in Firefox ESR 91.3
#CVE-2021-38503: iframe sandbox rules did not apply to XSLT stylesheets
#CVE-2021-38504: Use-after-free in file picker dialog
#CVE-2021-38506: Firefox could be coaxed into going into fullscreen mode
without notification or warning
#CVE-2021-38507: Opportunistic Encryption in HTTP2 could be used to bypass
the Same-Origin-Policy on services hosted on other ports
#MOZ-2021-0008: Use-after-free in HTTP2 Session object
#CVE-2021-38508: Permission Prompt could be overlaid, resulting in user
confusion and potential spoofing
#CVE-2021-38509: Javascript alert box could have been spoofed onto an
arbitrary domain
#CVE-2021-38510: Download Protections were bypassed by .inetloc files on Mac
OS
#MOZ-2021-0007: Memory safety bugs fixed in Firefox 94 and Firefox ESR 91.3
Revision 1.5 / (download) - annotate - [select for diffs], Tue Oct 26 11:29:27 2021 UTC (2 years, 5 months ago) by nia
Branch: MAIN
Changes since 1.4: +3 -3
lines
Diff to previous 1.4 (colored)
www: Replace RMD160 checksums with BLAKE2s checksums All checksums have been double-checked against existing RMD160 and SHA512 hashes Not committed (merge conflicts): www/nghttp2/distinfo Unfetchable distfiles (almost certainly fetched conditionally...): ./www/nginx-devel/distinfo array-var-nginx-module-0.05.tar.gz ./www/nginx-devel/distinfo echo-nginx-module-0.62.tar.gz ./www/nginx-devel/distinfo encrypted-session-nginx-module-0.08.tar.gz ./www/nginx-devel/distinfo form-input-nginx-module-0.12.tar.gz ./www/nginx-devel/distinfo headers-more-nginx-module-0.33.tar.gz ./www/nginx-devel/distinfo lua-nginx-module-0.10.19.tar.gz ./www/nginx-devel/distinfo naxsi-1.3.tar.gz ./www/nginx-devel/distinfo nginx-dav-ext-module-3.0.0.tar.gz ./www/nginx-devel/distinfo nginx-rtmp-module-1.2.2.tar.gz ./www/nginx-devel/distinfo nginx_http_push_module-1.2.10.tar.gz ./www/nginx-devel/distinfo ngx_cache_purge-2.5.1.tar.gz ./www/nginx-devel/distinfo ngx_devel_kit-0.3.1.tar.gz ./www/nginx-devel/distinfo ngx_http_geoip2_module-3.3.tar.gz ./www/nginx-devel/distinfo njs-0.5.0.tar.gz ./www/nginx-devel/distinfo set-misc-nginx-module-0.32.tar.gz ./www/nginx/distinfo array-var-nginx-module-0.05.tar.gz ./www/nginx/distinfo echo-nginx-module-0.62.tar.gz ./www/nginx/distinfo encrypted-session-nginx-module-0.08.tar.gz ./www/nginx/distinfo form-input-nginx-module-0.12.tar.gz ./www/nginx/distinfo headers-more-nginx-module-0.33.tar.gz ./www/nginx/distinfo lua-nginx-module-0.10.19.tar.gz ./www/nginx/distinfo naxsi-1.3.tar.gz ./www/nginx/distinfo nginx-dav-ext-module-3.0.0.tar.gz ./www/nginx/distinfo nginx-rtmp-module-1.2.2.tar.gz ./www/nginx/distinfo nginx_http_push_module-1.2.10.tar.gz ./www/nginx/distinfo ngx_cache_purge-2.5.1.tar.gz ./www/nginx/distinfo ngx_devel_kit-0.3.1.tar.gz ./www/nginx/distinfo ngx_http_geoip2_module-3.3.tar.gz ./www/nginx/distinfo njs-0.5.0.tar.gz ./www/nginx/distinfo set-misc-nginx-module-0.32.tar.gz
Revision 1.2.2.1 / (download) - annotate - [select for diffs], Mon Oct 11 18:36:20 2021 UTC (2 years, 6 months ago) by bsiegert
Branch: pkgsrc-2021Q3
Changes since 1.2: +4 -6
lines
Diff to previous 1.2 (colored)
Pullup ticket #6509 - requested by nia
www/firefox91: security fix
www/firefox91-l10n: dependent update
Revisions pulled up:
- www/firefox91-l10n/Makefile 1.3
- www/firefox91-l10n/distinfo 1.4
- www/firefox91/Makefile 1.6
- www/firefox91/distinfo 1.4
---
Module Name: pkgsrc
Committed By: nia
Date: Fri Oct 8 14:41:35 UTC 2021
Modified Files:
pkgsrc/www/firefox91: Makefile distinfo
pkgsrc/www/firefox91-l10n: Makefile distinfo
Log Message:
firefox91: Update to 91.2.0
Security Vulnerabilities fixed in Firefox ESR 91.2
#CVE-2021-38496: Use-after-free in MessageTask
#CVE-2021-38497: Validation message could have been overlaid on another
origin
#CVE-2021-38498: Use-after-free of nsLanguageAtomService object
#CVE-2021-32810: Data race in crossbeam-deque
#CVE-2021-38500: Memory safety bugs fixed in Firefox 93, Firefox ESR 78.15,
and Firefox ESR 91.2
Revision 1.4 / (download) - annotate - [select for diffs], Fri Oct 8 14:41:34 2021 UTC (2 years, 6 months ago) by nia
Branch: MAIN
Changes since 1.3: +4 -4
lines
Diff to previous 1.3 (colored)
firefox91: Update to 91.2.0
Security Vulnerabilities fixed in Firefox ESR 91.2
#CVE-2021-38496: Use-after-free in MessageTask
#CVE-2021-38497: Validation message could have been overlaid on another
origin
#CVE-2021-38498: Use-after-free of nsLanguageAtomService object
#CVE-2021-32810: Data race in crossbeam-deque
#CVE-2021-38500: Memory safety bugs fixed in Firefox 93, Firefox ESR 78.15,
and Firefox ESR 91.2
Revision 1.3 / (download) - annotate - [select for diffs], Thu Oct 7 15:06:57 2021 UTC (2 years, 6 months ago) by nia
Branch: MAIN
Changes since 1.2: +1 -3
lines
Diff to previous 1.2 (colored)
www: Remove SHA1 hashes for distfiles
Revision 1.2 / (download) - annotate - [select for diffs], Thu Sep 9 11:13:59 2021 UTC (2 years, 7 months ago) by nia
Branch: MAIN
CVS Tags: pkgsrc-2021Q3-base
Branch point for: pkgsrc-2021Q3
Changes since 1.1: +5 -5
lines
Diff to previous 1.1 (colored)
firefox91: update to 91.1.0 This fixes CVE-2021-38495
Revision 1.1 / (download) - annotate - [select for diffs], Wed Sep 8 22:19:50 2021 UTC (2 years, 7 months ago) by nia
Branch: MAIN
Add Firefox 91ESR as a starting point for the branch.