Received: by mail.netbsd.org (Postfix, from userid 605) id 8BB0184D5E; Fri, 16 Mar 2018 23:25:58 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by mail.netbsd.org (Postfix) with ESMTP id 825C584D5D for ; Fri, 16 Mar 2018 23:25:57 +0000 (UTC) X-Virus-Scanned: amavisd-new at netbsd.org Received: from mail.netbsd.org ([IPv6:::1]) by localhost (mail.netbsd.org [IPv6:::1]) (amavisd-new, port 10025) with ESMTP id C-tmbW8zZ9_R for ; Fri, 16 Mar 2018 23:25:56 +0000 (UTC) Received: from cvs.NetBSD.org (ivanova.netbsd.org [199.233.217.197]) by mail.netbsd.org (Postfix) with ESMTP id 7671384D21 for ; Fri, 16 Mar 2018 23:25:56 +0000 (UTC) Received: by cvs.NetBSD.org (Postfix, from userid 500) id 6F717FB40; Fri, 16 Mar 2018 23:25:56 +0000 (UTC) Content-Transfer-Encoding: 7bit Content-Type: multipart/mixed; boundary="_----------=_1521242756106310" MIME-Version: 1.0 Date: Fri, 16 Mar 2018 23:25:56 +0000 From: "Maya Rashish" Subject: CVS commit: pkgsrc/www/seamonkey To: pkgsrc-changes@NetBSD.org Reply-To: maya@netbsd.org X-Mailer: log_accum Message-Id: <20180316232556.6F717FB40@cvs.NetBSD.org> Sender: pkgsrc-changes-owner@NetBSD.org List-Id: pkgsrc-changes.NetBSD.org Precedence: bulk List-Unsubscribe: This is a multi-part message in MIME format. --_----------=_1521242756106310 Content-Disposition: inline Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset="US-ASCII" Module Name: pkgsrc Committed By: maya Date: Fri Mar 16 23:25:56 UTC 2018 Modified Files: pkgsrc/www/seamonkey: Makefile distinfo Added Files: pkgsrc/www/seamonkey/patches: patch-CVE-2018-5146 Log Message: seamonkey: apply patch from firefox52 to fix CVE-2018-5146 remote code execution via ogg files. Note firefox52 nor this patches tremor, so the vulnerability still exists for ARM (which uses tremor rather than vorbis). Blind commit. I don't have the resources to build so many firefoxes. However it is based off firefox52. PKGREVISION++ To generate a diff of this commit: cvs rdiff -u -r1.171 -r1.172 pkgsrc/www/seamonkey/Makefile cvs rdiff -u -r1.148 -r1.149 pkgsrc/www/seamonkey/distinfo cvs rdiff -u -r0 -r1.1 pkgsrc/www/seamonkey/patches/patch-CVE-2018-5146 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. --_----------=_1521242756106310 Content-Disposition: inline Content-Length: 4440 Content-Transfer-Encoding: binary Content-Type: text/x-diff; charset=us-ascii Modified files: Index: pkgsrc/www/seamonkey/Makefile diff -u pkgsrc/www/seamonkey/Makefile:1.171 pkgsrc/www/seamonkey/Makefile:1.172 --- pkgsrc/www/seamonkey/Makefile:1.171 Mon Mar 12 11:17:47 2018 +++ pkgsrc/www/seamonkey/Makefile Fri Mar 16 23:25:56 2018 @@ -1,8 +1,8 @@ -# $NetBSD: Makefile,v 1.171 2018/03/12 11:17:47 wiz Exp $ +# $NetBSD: Makefile,v 1.172 2018/03/16 23:25:56 maya Exp $ DISTNAME= seamonkey-${SM_VER}.source PKGNAME= seamonkey-${SM_VER:S/b/beta/} -PKGREVISION= 1 +PKGREVISION= 2 SM_VER= 2.49.2 CATEGORIES= www MASTER_SITES= ${MASTER_SITE_MOZILLA:=seamonkey/releases/${SM_VER}/source/} Index: pkgsrc/www/seamonkey/distinfo diff -u pkgsrc/www/seamonkey/distinfo:1.148 pkgsrc/www/seamonkey/distinfo:1.149 --- pkgsrc/www/seamonkey/distinfo:1.148 Sat Mar 3 22:14:41 2018 +++ pkgsrc/www/seamonkey/distinfo Fri Mar 16 23:25:56 2018 @@ -1,9 +1,10 @@ -$NetBSD: distinfo,v 1.148 2018/03/03 22:14:41 ryoon Exp $ +$NetBSD: distinfo,v 1.149 2018/03/16 23:25:56 maya Exp $ SHA1 (seamonkey-2.49.2.source.tar.xz) = 843ff7e74e488d03bdbf72237a1973c50887494b RMD160 (seamonkey-2.49.2.source.tar.xz) = 9f79789a5d44985d96f8549f537ad01f23c1fc2c SHA512 (seamonkey-2.49.2.source.tar.xz) = 6f69f7fb0a2de8086231b615b62b350edf6c903d2fde90ee4c79e316cfcf5a413097df9afe1397dbfe680e264f6be14c2c147be7ba11c5dbd73a1e9e01b8857e Size (seamonkey-2.49.2.source.tar.xz) = 229980312 bytes +SHA1 (patch-CVE-2018-5146) = 121d8511b4aef0a784ae12d12c35cd4282c9ab83 SHA1 (patch-ao) = e466058ed1899a64a9ab5b57290ff2baad1ea03c SHA1 (patch-ldap_c-sdk_include_portable.h) = ce0b643fa031b74bf7d74eedc4f3729807aef799 SHA1 (patch-mail_app_Makefile.in) = da6ac87ffdcff733f11218cb11f8ef316bb1bc18 Added files: Index: pkgsrc/www/seamonkey/patches/patch-CVE-2018-5146 diff -u /dev/null pkgsrc/www/seamonkey/patches/patch-CVE-2018-5146:1.1 --- /dev/null Fri Mar 16 23:25:56 2018 +++ pkgsrc/www/seamonkey/patches/patch-CVE-2018-5146 Fri Mar 16 23:25:56 2018 @@ -0,0 +1,82 @@ +$NetBSD: patch-CVE-2018-5146,v 1.1 2018/03/16 23:25:56 maya Exp $ + +CVE-2018-5146: Prevent out-of-bounds write in codebook decoding. + +Codebooks that are not an exact divisor of the partition size are now +truncated to fit within the partition. + +--- mozilla/media/libvorbis/lib/vorbis_codebook.c.orig 2018-02-05 11:49:22.000000000 +0000 ++++ mozilla/media/libvorbis/lib/vorbis_codebook.c +@@ -387,7 +387,7 @@ long vorbis_book_decodevs_add(codebook * + t[i] = book->valuelist+entry[i]*book->dim; + } + for(i=0,o=0;idim;i++,o+=step) +- for (j=0;jdim>8){ +- for(i=0;ivaluelist+entry*book->dim; +- for (j=0;jdim;) +- a[i++]+=t[j++]; +- } +- }else{ +- for(i=0;ivaluelist+entry*book->dim; +- j=0; +- switch((int)book->dim){ +- case 8: +- a[i++]+=t[j++]; +- case 7: +- a[i++]+=t[j++]; +- case 6: +- a[i++]+=t[j++]; +- case 5: +- a[i++]+=t[j++]; +- case 4: +- a[i++]+=t[j++]; +- case 3: +- a[i++]+=t[j++]; +- case 2: +- a[i++]+=t[j++]; +- case 1: +- a[i++]+=t[j++]; +- case 0: +- break; +- } +- } ++ for(i=0;ivaluelist+entry*book->dim; ++ for(j=0;idim;) ++ a[i++]+=t[j++]; + } + } + return(0); +@@ -471,12 +442,13 @@ long vorbis_book_decodevv_add(codebook * + long i,j,entry; + int chptr=0; + if(book->used_entries>0){ +- for(i=offset/ch;i<(offset+n)/ch;){ ++ int m=(offset+n)/ch; ++ for(i=offset/ch;ivaluelist+entry*book->dim; +- for (j=0;jdim;j++){ ++ for (j=0;idim;j++){ + a[chptr++][i]+=t[j]; + if(chptr==ch){ + chptr=0; --_----------=_1521242756106310--