pkgsrc.se | The NetBSD package collection

Next | Query returned 3 messages, browsing 1 to 10 | previous

CVS Commit History:

2020-03-13 21:02:45 by Benny Siegert | Files touched by this commit (13) | Package updated

Log message:
Pullup ticket #6145 - requested by nia
www/firefox68: security fix

Revisions pulled up:
- www/firefox68/Makefile                                        1.15
- www/firefox68/PLIST                                           1.5
- www/firefox68/distinfo                                        1.11
- www/firefox68/mozilla-common.mk                               1.7
- www/firefox68/options.mk                                      1.8
- www/firefox68/patches/patch-aa                                1.2
- www/firefox68/patches/patch-build_moz.configure_old.configure deleted
- www/firefox68/patches/patch-dom_media_CubebUtils.cpp          1.2
- www/firefox68/patches/patch-media_libcubeb_src_cubeb.c        1.2
- www/firefox68/patches/patch-media_libcubeb_src_cubeb__oss.c   deleted
- www/firefox68/patches/patch-media_libcubeb_src_moz.build      1.2
- www/firefox68/patches/patch-media_libcubeb_update.sh          1.2
- www/firefox68/patches/patch-toolkit_library_moz.build         1.2

---
   Module Name:	pkgsrc
   Committed By:	nia
   Date:		Thu Mar 12 19:39:35 UTC 2020

   Modified Files:
   	pkgsrc/www/firefox68: Makefile PLIST distinfo mozilla-common.mk
   	    options.mk
   	pkgsrc/www/firefox68/patches: patch-aa patch-dom_media_CubebUtils.cpp
   	    patch-media_libcubeb_src_cubeb.c patch-media_libcubeb_src_moz.build
   	    patch-media_libcubeb_update.sh patch-toolkit_library_moz.build
   Removed Files:
   	pkgsrc/www/firefox68/patches: patch-build_moz.configure_old.configure
   	    patch-media_libcubeb_src_cubeb__oss.c

   Log message:
   firefox68: Update to 68.6.0

   While here,

   - Remove OSS support now that cubeb_sun has been stable for a long while
   - Appease pkglint

   Security fixes in this release:

   #CVE-2020-6805: Use-after-free when removing data about origins
   #CVE-2020-6806: BodyStream::OnInputStreamReady was missing protections
   #CVE-2020-6807: Use-after-free in cubeb during stream destruction
   #CVE-2020-6811: Devtools' 'Copy as cURL' feature did not fully escape
   #CVE-2019-20503: Out of bounds reads in sctp_load_addresses_from_init
   #CVE-2020-6812: The names of AirPods with personally identifiable
   #CVE-2020-6814: Memory safety bugs fixed in Firefox 74 and Firefox ESR 68.6

2020-02-23 12:50:10 by Benny Siegert | Files touched by this commit (3)

Log message:
Pullup ticket #6134 - requested by nia
www/firefox68: security fix

Revisions pulled up:
- www/firefox68/Makefile                                        1.12
- www/firefox68/PLIST                                           1.4
- www/firefox68/distinfo                                        1.10

---
   Module Name:	pkgsrc
   Committed By:	nia
   Date:		Sat Feb 15 12:48:22 UTC 2020

   Modified Files:
   	pkgsrc/www/firefox68: Makefile PLIST distinfo

   Log message:
   firefox68: Update to 68.5.0

   Security Vulnerabilities fixed in Firefox ESR68.5

   # CVE-2020-6796: Missing bounds check on shared memory read in the parent process
   # CVE-2020-6797: Extensions granted downloads.open permission could open \ 
arbitrary applications on Mac OSX
   # CVE-2020-6798: Incorrect parsing of template tag could result in JavaScript \ 
injection
   # CVE-2020-6799: Arbitrary code execution when opening pdf links from other \ 
applications, when Firefox is configured as default pdf reader
   	Note: This issue only affects Windows operating systems and when Firefox is \ 
configured as the default handler for non-default filetypes. Other operating \ 
systems are unaffected.
   # CVE-2020-6800: Memory safety bugs fixed in Firefox 73 and Firefox ESR 68.5

2020-01-10 14:56:19 by Benny Siegert | Files touched by this commit (3)

Log message:
Pullup ticket #6113 - requested by nia
www/firefox68: security fix (zero-day)

Revisions pulled up:
- www/firefox68/Makefile                                        1.7-1.8
- www/firefox68/distinfo                                        1.6-1.7
- www/firefox68/patches/patch-rust-1.39.0                       deleted

---
   Module Name:	pkgsrc
   Committed By:	nia
   Date:		Wed Jan  8 21:49:32 UTC 2020

   Modified Files:
   	pkgsrc/www/firefox68: Makefile distinfo
   Removed Files:
   	pkgsrc/www/firefox68/patches: patch-rust-1.39.0

   Log message:
   firefox68: Update to 68.4.0

   Security Vulnerabilities fixed in Firefox ESR 68.4:

   # CVE-2019-17015: Memory corruption in parent process during new content \ 
process initialization on Windows
   # CVE-2019-17016: Bypass of @namespace CSS sanitization during pasting
   # CVE-2019-17017: Type Confusion in XPCVariant.cpp
   # CVE-2019-17021: Heap address disclosure in parent process during content \ 
process initialization on Windows
   # CVE-2019-17022: CSS sanitization does not escape HTML tags
   # CVE-2019-17024: Memory safety bugs fixed in Firefox 72 and Firefox ESR 68.4

---
   Module Name:	pkgsrc
   Committed By:	nia
   Date:		Thu Jan  9 20:51:59 UTC 2020

   Modified Files:
   	pkgsrc/www/firefox68: Makefile distinfo

   Log message:
   firefox68: Update to 68.4.1

   This release fixes one zero-day vulnerability:

   CVE-2019-17026: IonMonkey type confusion with StoreElementHole and \ 
FallibleStoreElement

   Incorrect alias information in IonMonkey JIT compiler for setting array \ 
elements could lead to a type confusion.
   We are aware of targeted attacks in the wild abusing this flaw

Next | Query returned 3 messages, browsing 1 to 10 | previous