Received: by mail.netbsd.org (Postfix, from userid 605)
	id 794FD84F61; Mon, 26 Mar 2018 22:56:09 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
	by mail.netbsd.org (Postfix) with ESMTP id 963D484E40
	for <pkgsrc-changes@NetBSD.org>; Mon, 26 Mar 2018 22:56:08 +0000 (UTC)
X-Virus-Scanned: amavisd-new at netbsd.org
Received: from mail.netbsd.org ([IPv6:::1])
	by localhost (mail.netbsd.org [IPv6:::1]) (amavisd-new, port 10025)
	with ESMTP id z-_U4ekH59oh for <pkgsrc-changes@netbsd.org>;
	Mon, 26 Mar 2018 22:56:07 +0000 (UTC)
Received: from cvs.NetBSD.org (ivanova.NetBSD.org [IPv6:2001:470:a085:999:28c:faff:fe03:5984])
	by mail.netbsd.org (Postfix) with ESMTP id 890A284D6F
	for <pkgsrc-changes@NetBSD.org>; Mon, 26 Mar 2018 22:56:07 +0000 (UTC)
Received: by cvs.NetBSD.org (Postfix, from userid 500)
	id 8298AFB40; Mon, 26 Mar 2018 22:56:07 +0000 (UTC)
Content-Transfer-Encoding: 7bit
Content-Type: multipart/mixed; boundary="_----------=_1522104967197400"
MIME-Version: 1.0
Date: Mon, 26 Mar 2018 22:56:07 +0000
From: "Maya Rashish" <maya@netbsd.org>
Subject: CVS commit: pkgsrc/www/seamonkey
To: pkgsrc-changes@NetBSD.org
Reply-To: maya@netbsd.org
X-Mailer: log_accum
Message-Id: <20180326225607.8298AFB40@cvs.NetBSD.org>
Sender: pkgsrc-changes-owner@NetBSD.org
List-Id: pkgsrc-changes.NetBSD.org
Precedence: bulk
List-Unsubscribe: <mailto:majordomo@NetBSD.org?subject=Unsubscribe%20pkgsrc-changes&body=unsubscribe%20pkgsrc-changes>

This is a multi-part message in MIME format.

--_----------=_1522104967197400
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
Content-Type: text/plain; charset="US-ASCII"

Module Name:	pkgsrc
Committed By:	maya
Date:		Mon Mar 26 22:56:07 UTC 2018

Modified Files:
	pkgsrc/www/seamonkey: Makefile distinfo
Added Files:
	pkgsrc/www/seamonkey/patches:
	    patch-mozilla_gfx_layers_opengl_CompositingRenderTargetOGL.cpp
	    patch-mozilla_gfx_layers_opengl_CompositingRenderTargetOGL.h

Log Message:
seamonkey: provide patch for CVE-2018-5148: Use-after-free in compositor

A use-after-free vulnerability can occur in the compositor during
certain graphics operations when a raw pointer is used instead of a
reference counted one. This results in a potentially exploitable crash

Bug 1440717 - Use RefPtr for CompositingRenderTargetOGL::mGL. r=Bas, a=ritu

PKGREVISION++


To generate a diff of this commit:
cvs rdiff -u -r1.173 -r1.174 pkgsrc/www/seamonkey/Makefile
cvs rdiff -u -r1.150 -r1.151 pkgsrc/www/seamonkey/distinfo
cvs rdiff -u -r0 -r1.1 \
    pkgsrc/www/seamonkey/patches/patch-mozilla_gfx_layers_opengl_CompositingRenderTargetOGL.cpp \
    pkgsrc/www/seamonkey/patches/patch-mozilla_gfx_layers_opengl_CompositingRenderTargetOGL.h

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


--_----------=_1522104967197400
Content-Disposition: inline
Content-Length: 4864
Content-Transfer-Encoding: binary
Content-Type: text/x-diff; charset=us-ascii

Modified files:

Index: pkgsrc/www/seamonkey/Makefile
diff -u pkgsrc/www/seamonkey/Makefile:1.173 pkgsrc/www/seamonkey/Makefile:1.174
--- pkgsrc/www/seamonkey/Makefile:1.173	Sat Mar 17 00:06:17 2018
+++ pkgsrc/www/seamonkey/Makefile	Mon Mar 26 22:56:07 2018
@@ -1,8 +1,8 @@
-# $NetBSD: Makefile,v 1.173 2018/03/17 00:06:17 maya Exp $
+# $NetBSD: Makefile,v 1.174 2018/03/26 22:56:07 maya Exp $
 
 DISTNAME=	seamonkey-${SM_VER}.source
 PKGNAME=	seamonkey-${SM_VER:S/b/beta/}
-PKGREVISION=	3
+PKGREVISION=	4
 SM_VER=		2.49.2
 CATEGORIES=	www
 MASTER_SITES=	${MASTER_SITE_MOZILLA:=seamonkey/releases/${SM_VER}/source/}

Index: pkgsrc/www/seamonkey/distinfo
diff -u pkgsrc/www/seamonkey/distinfo:1.150 pkgsrc/www/seamonkey/distinfo:1.151
--- pkgsrc/www/seamonkey/distinfo:1.150	Sat Mar 17 00:06:17 2018
+++ pkgsrc/www/seamonkey/distinfo	Mon Mar 26 22:56:07 2018
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.150 2018/03/17 00:06:17 maya Exp $
+$NetBSD: distinfo,v 1.151 2018/03/26 22:56:07 maya Exp $
 
 SHA1 (seamonkey-2.49.2.source.tar.xz) = 843ff7e74e488d03bdbf72237a1973c50887494b
 RMD160 (seamonkey-2.49.2.source.tar.xz) = 9f79789a5d44985d96f8549f537ad01f23c1fc2c
@@ -37,6 +37,8 @@ SHA1 (patch-mozilla_gfx_cairo_libpixman_
 SHA1 (patch-mozilla_gfx_gl_GLContextProviderGLX.cpp) = d4d0cdf25ae15f7cc07d1ad213ec7d2b015e4168
 SHA1 (patch-mozilla_gfx_graphite2_moz-gr-update.sh) = 22365f3d536b929a73e8e5d99a34f5857b5b2d35
 SHA1 (patch-mozilla_gfx_graphite2_src_Bidi.cpp) = fb97becdfeeea742e8c0bc51e10efc124a2a11f3
+SHA1 (patch-mozilla_gfx_layers_opengl_CompositingRenderTargetOGL.cpp) = 296b7d67033aad8d3f914caa97574b44be9a0a47
+SHA1 (patch-mozilla_gfx_layers_opengl_CompositingRenderTargetOGL.h) = 52ce2aa5557ff6dc74d4ae1e931f20be3c4dbe78
 SHA1 (patch-mozilla_gfx_moz.build) = c3bb9f947bb6cb19d890fba83bd9dd4ac29d2ebf
 SHA1 (patch-mozilla_gfx_skia_generate__mozbuild.py) = 9850cc0636728061cad1297716bdf43d6ef5d063
 SHA1 (patch-mozilla_gfx_skia_moz.build) = e7337cf958e2ab9f422573519eb4ee0666319964

Added files:

Index: pkgsrc/www/seamonkey/patches/patch-mozilla_gfx_layers_opengl_CompositingRenderTargetOGL.cpp
diff -u /dev/null pkgsrc/www/seamonkey/patches/patch-mozilla_gfx_layers_opengl_CompositingRenderTargetOGL.cpp:1.1
--- /dev/null	Mon Mar 26 22:56:07 2018
+++ pkgsrc/www/seamonkey/patches/patch-mozilla_gfx_layers_opengl_CompositingRenderTargetOGL.cpp	Mon Mar 26 22:56:07 2018
@@ -0,0 +1,21 @@
+$NetBSD: patch-mozilla_gfx_layers_opengl_CompositingRenderTargetOGL.cpp,v 1.1 2018/03/26 22:56:07 maya Exp $
+
+CVE-2018-5148: Use-after-free in compositor
+
+A use-after-free vulnerability can occur in the compositor during
+certain graphics operations when a raw pointer is used instead of a
+reference counted one. This results in a potentially exploitable crash
+
+Bug 1440717 - Use RefPtr for CompositingRenderTargetOGL::mGL. r=Bas, a=ritu
+
+--- mozilla/gfx/layers/opengl/CompositingRenderTargetOGL.cpp.orig	2018-02-05 11:48:12.000000000 +0000
++++ mozilla/gfx/layers/opengl/CompositingRenderTargetOGL.cpp
+@@ -60,7 +60,7 @@ CompositingRenderTargetOGL::BindRenderTa
+         msg.AppendPrintf("Framebuffer not complete -- CheckFramebufferStatus returned 0x%x, "
+                          "GLContext=%p, IsOffscreen()=%d, mFBO=%d, aFBOTextureTarget=0x%x, "
+                          "aRect.width=%d, aRect.height=%d",
+-                         result, mGL, mGL->IsOffscreen(), mFBO, mInitParams.mFBOTextureTarget,
++                         result, mGL.get(), mGL->IsOffscreen(), mFBO, mInitParams.mFBOTextureTarget,
+                          mInitParams.mSize.width, mInitParams.mSize.height);
+         NS_WARNING(msg.get());
+       }
Index: pkgsrc/www/seamonkey/patches/patch-mozilla_gfx_layers_opengl_CompositingRenderTargetOGL.h
diff -u /dev/null pkgsrc/www/seamonkey/patches/patch-mozilla_gfx_layers_opengl_CompositingRenderTargetOGL.h:1.1
--- /dev/null	Mon Mar 26 22:56:07 2018
+++ pkgsrc/www/seamonkey/patches/patch-mozilla_gfx_layers_opengl_CompositingRenderTargetOGL.h	Mon Mar 26 22:56:07 2018
@@ -0,0 +1,21 @@
+$NetBSD: patch-mozilla_gfx_layers_opengl_CompositingRenderTargetOGL.h,v 1.1 2018/03/26 22:56:07 maya Exp $
+
+CVE-2018-5148: Use-after-free in compositor
+
+A use-after-free vulnerability can occur in the compositor during
+certain graphics operations when a raw pointer is used instead of a
+reference counted one. This results in a potentially exploitable crash
+
+Bug 1440717 - Use RefPtr for CompositingRenderTargetOGL::mGL. r=Bas, a=ritu
+
+--- mozilla/gfx/layers/opengl/CompositingRenderTargetOGL.h.orig	2018-02-05 11:48:08.000000000 +0000
++++ mozilla/gfx/layers/opengl/CompositingRenderTargetOGL.h
+@@ -184,7 +184,7 @@ private:
+    * the target is always cleared at the end of a frame.
+    */
+   RefPtr<CompositorOGL> mCompositor;
+-  GLContext* mGL;
++  RefPtr<GLContext> mGL;
+   GLuint mTextureHandle;
+   GLuint mFBO;
+ };


--_----------=_1522104967197400--