Navigation:
Browse pkgsrc
(this page)
lang spidermo..
CVSweb ] [ 
Homepage ] [ 
RSS ] [ 
Required by ] [ 
Add to tracker ] 2018-10-07 13:32:06 by S.P.Zeidler | Files touched by this commit (3) |  |
Log message:
Pullup ticket #5839 - requested by maya
lang/spidermonkey52: security update
www/firefox-l10n: security update
www/firefox: security update
Revisions pulled up:
- lang/spidermonkey52/Makefile 1.10
- lang/spidermonkey52/distinfo 1.5
- lang/spidermonkey52/patches/patch-CVE-2018-12387 1.1
- www/firefox-l10n/Makefile 1.133
- www/firefox-l10n/distinfo 1.123
- www/firefox/Makefile 1.344
- www/firefox/distinfo 1.326
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: maya
Date: Wed Oct 3 17:30:30 UTC 2018
Modified Files:
pkgsrc/www/firefox: Makefile distinfo
Log message:
firefox: update to 62.0.3
Fixed hangs on macOS Mojave (10.14) when various dialog windows (upload, \
download, print, etc) are activated (bug 1489785)
Fixed playback of some encrypted video streams on macOS (bug 1491940)
Unvisited bookmarks can once again be autofilled in the address bar (bug 1488879)
WebGL rendering issues (bug 1489099)
Updates from unpacked language packs no longer break the browser (bug 1488934)
Fix fallback on startup when a language pack is missing (bug 1492459)
Profile refresh from the Windows stub installer restarts the browser (bug 1491999)
Properly restore window size and position when restarting on Windows (bugs \
1489214 and 1489852)
Avoid crash when sharing a profile with newer (as yet unreleased) versions of \
Firefox (bug 1490585)
Do not undo removal of search engines when using a language pack (bug 1489820)
Fixed rendering of some web sites (bug 1421885)
Restored compatibility with some sites using deprecated TLS settings (bug 1487517)
Fix screen share on MacOS when using multiple monitors (bug 1487419)
CVE-2018-12386: Type confusion in JavaScript
CVE-2018-12387:
CVE-2018-12385: Crash in TransportSecurityInfo due to cached data
To generate a diff of this commit:
cvs rdiff -u -r1.343 -r1.344 pkgsrc/www/firefox/Makefile
cvs rdiff -u -r1.325 -r1.326 pkgsrc/www/firefox/distinfo
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: maya
Date: Wed Oct 3 17:31:07 UTC 2018
Modified Files:
pkgsrc/www/firefox-l10n: Makefile distinfo
Log message:
firefox-l10n: catch up to www/firefox update.
To generate a diff of this commit:
cvs rdiff -u -r1.132 -r1.133 pkgsrc/www/firefox-l10n/Makefile
cvs rdiff -u -r1.122 -r1.123 pkgsrc/www/firefox-l10n/distinfo
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: maya
Date: Wed Oct 3 18:58:23 UTC 2018
Modified Files:
pkgsrc/lang/spidermonkey52: Makefile distinfo
Added Files:
pkgsrc/lang/spidermonkey52/patches: patch-CVE-2018-12387
Log message:
spidermonkey52: backport patch for CVE-2018-12387
Don't inline push with more than 1 argument
A vulnerability where the JavaScript JIT compiler inlines \
Array.prototype.push with multiple arguments that results in the stack pointer \
being off by 8 bytes after a bailout. This leaks a memory
address to the calling function which can be used as part of an exploit \
inside the sandboxed content process.
Bump PKGREVISION
To generate a diff of this commit:
cvs rdiff -u -r1.9 -r1.10 pkgsrc/lang/spidermonkey52/Makefile
cvs rdiff -u -r1.4 -r1.5 pkgsrc/lang/spidermonkey52/distinfo
cvs rdiff -u -r0 -r1.1 \
pkgsrc/lang/spidermonkey52/patches/patch-CVE-2018-12387
|
New packages: