Received: by mail.netbsd.org (Postfix, from userid 605) id 3D0D384EA2; Sat, 7 Dec 2019 10:50:35 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by mail.netbsd.org (Postfix) with ESMTP id B80AE84EA1 for ; Sat, 7 Dec 2019 10:50:34 +0000 (UTC) X-Virus-Scanned: amavisd-new at netbsd.org Received: from mail.netbsd.org ([IPv6:::1]) by localhost (mail.netbsd.org [IPv6:::1]) (amavisd-new, port 10025) with ESMTP id o1O9EY5N2TK1 for ; Sat, 7 Dec 2019 10:50:33 +0000 (UTC) Received: from cvs.NetBSD.org (ivanova.netbsd.org [199.233.217.197]) by mail.netbsd.org (Postfix) with ESMTP id D54AA84CD8 for ; Sat, 7 Dec 2019 10:50:33 +0000 (UTC) Received: by cvs.NetBSD.org (Postfix, from userid 500) id CF0B7FA97; Sat, 7 Dec 2019 10:50:33 +0000 (UTC) Content-Transfer-Encoding: 7bit Content-Type: multipart/mixed; boundary="_----------=_157571583317270" MIME-Version: 1.0 Date: Sat, 7 Dec 2019 10:50:33 +0000 From: "Benny Siegert" Subject: CVS commit: [pkgsrc-2019Q3] pkgsrc/www/firefox68 To: pkgsrc-changes@NetBSD.org Reply-To: bsiegert@netbsd.org X-Mailer: log_accum Message-Id: <20191207105033.CF0B7FA97@cvs.NetBSD.org> Sender: pkgsrc-changes-owner@NetBSD.org List-Id: pkgsrc-changes.NetBSD.org Precedence: bulk List-Unsubscribe: This is a multi-part message in MIME format. --_----------=_157571583317270 Content-Disposition: inline Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset="US-ASCII" Module Name: pkgsrc Committed By: bsiegert Date: Sat Dec 7 10:50:33 UTC 2019 Modified Files: pkgsrc/www/firefox68 [pkgsrc-2019Q3]: Makefile PLIST distinfo Log Message: Pullup ticket #6090 - requested by nia www/firefox68: security fix Revisions pulled up: - www/firefox68/Makefile 1.3 - www/firefox68/PLIST 1.2 - www/firefox68/distinfo 1.2 --- Module Name: pkgsrc Committed By: ryoon Date: Tue Nov 5 17:14:30 UTC 2019 Modified Files: pkgsrc/www/firefox68: Makefile PLIST distinfo Log Message: Update to 68.2.0 with patch from Piotr Meyer Changelog: Security fixes: #CVE-2019-15903: Heap overflow in expat library in XML_GetCurrentLineNumber #CVE-2019-11757: Use-after-free when creating index updates in IndexedDB #CVE-2019-11758: Potentially exploitable crash due to 360 Total Security #CVE-2019-11759: Stack buffer overflow in HKDF output #CVE-2019-11760: Stack buffer overflow in WebRTC networking #CVE-2019-11761: Unintended access to a privileged JSONView object #CVE-2019-11762: document.domain-based origin isolation has same-origin-property violation #CVE-2019-11763: Incorrect HTML parsing results in XSS bypass technique #CVE-2019-11764: Memory safety bugs fixed in Firefox 70 and Firefox ESR 68.2 To generate a diff of this commit: cvs rdiff -u -r1.1 -r1.1.2.1 pkgsrc/www/firefox68/Makefile \ pkgsrc/www/firefox68/PLIST pkgsrc/www/firefox68/distinfo Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. --_----------=_157571583317270 Content-Disposition: inline Content-Length: 8393 Content-Transfer-Encoding: binary Content-Type: text/x-diff; charset=us-ascii Modified files: Index: pkgsrc/www/firefox68/Makefile diff -u pkgsrc/www/firefox68/Makefile:1.1 pkgsrc/www/firefox68/Makefile:1.1.2.1 --- pkgsrc/www/firefox68/Makefile:1.1 Sat Sep 21 07:31:43 2019 +++ pkgsrc/www/firefox68/Makefile Sat Dec 7 10:50:33 2019 @@ -1,7 +1,7 @@ -# $NetBSD: Makefile,v 1.1 2019/09/21 07:31:43 ryoon Exp $ +# $NetBSD: Makefile,v 1.1.2.1 2019/12/07 10:50:33 bsiegert Exp $ FIREFOX_VER= ${MOZ_BRANCH}${MOZ_BRANCH_MINOR} -MOZ_BRANCH= 68.1 +MOZ_BRANCH= 68.2 MOZ_BRANCH_MINOR= .0esr DISTNAME= firefox-${FIREFOX_VER}.source Index: pkgsrc/www/firefox68/PLIST diff -u pkgsrc/www/firefox68/PLIST:1.1 pkgsrc/www/firefox68/PLIST:1.1.2.1 --- pkgsrc/www/firefox68/PLIST:1.1 Sat Sep 21 07:31:43 2019 +++ pkgsrc/www/firefox68/PLIST Sat Dec 7 10:50:33 2019 @@ -1,4 +1,4 @@ -@comment $NetBSD: PLIST,v 1.1 2019/09/21 07:31:43 ryoon Exp $ +@comment $NetBSD: PLIST,v 1.1.2.1 2019/12/07 10:50:33 bsiegert Exp $ bin/firefox68 lib/firefox68/actors/AudioPlaybackChild.jsm lib/firefox68/actors/AutoplayChild.jsm @@ -1671,6 +1671,7 @@ lib/firefox68/browser/chrome/devtools/co lib/firefox68/browser/chrome/devtools/content/shared/theme-switching.js lib/firefox68/browser/chrome/devtools/content/shared/vendor/d3.js lib/firefox68/browser/chrome/devtools/content/shared/vendor/dagre-d3.js +lib/firefox68/browser/chrome/devtools/content/shared/webextension-fallback.html lib/firefox68/browser/chrome/devtools/content/shared/widgets/VariablesView.xul lib/firefox68/browser/chrome/devtools/content/shared/widgets/cubic-bezier.css lib/firefox68/browser/chrome/devtools/content/shared/widgets/filter-widget.css @@ -2823,7 +2824,6 @@ lib/firefox68/browser/chrome/devtools/mo lib/firefox68/browser/chrome/devtools/modules/devtools/client/shared/devices.js lib/firefox68/browser/chrome/devtools/modules/devtools/client/shared/enum.js lib/firefox68/browser/chrome/devtools/modules/devtools/client/shared/events.js -lib/firefox68/browser/chrome/devtools/modules/devtools/client/shared/file-saver.js lib/firefox68/browser/chrome/devtools/modules/devtools/client/shared/focus.js lib/firefox68/browser/chrome/devtools/modules/devtools/client/shared/getjson.js lib/firefox68/browser/chrome/devtools/modules/devtools/client/shared/inplace-editor.js @@ -4243,6 +4243,10 @@ lib/firefox68/browser/features/webcompat lib/firefox68/browser/features/webcompat@mozilla.org/data/ua_overrides.js lib/firefox68/browser/features/webcompat@mozilla.org/experiment-apis/aboutConfigPrefs.js lib/firefox68/browser/features/webcompat@mozilla.org/experiment-apis/aboutConfigPrefs.json +lib/firefox68/browser/features/webcompat@mozilla.org/experiment-apis/experiments.js +lib/firefox68/browser/features/webcompat@mozilla.org/experiment-apis/experiments.json +lib/firefox68/browser/features/webcompat@mozilla.org/experiment-apis/sharedPreferences.js +lib/firefox68/browser/features/webcompat@mozilla.org/experiment-apis/sharedPreferences.json lib/firefox68/browser/features/webcompat@mozilla.org/injections/css/bug0000000-testbed-css-injection.css lib/firefox68/browser/features/webcompat@mozilla.org/injections/css/bug1305028-gaming.youtube.com-webkit-scrollbar.css lib/firefox68/browser/features/webcompat@mozilla.org/injections/css/bug1432935-breitbart.com-webkit-scrollbar.css @@ -4252,13 +4256,27 @@ lib/firefox68/browser/features/webcompat lib/firefox68/browser/features/webcompat@mozilla.org/injections/css/bug1561371-mail.google.com-allow-horizontal-scrolling.css lib/firefox68/browser/features/webcompat@mozilla.org/injections/css/bug1567610-dns.google.com-moz-fit-content.css lib/firefox68/browser/features/webcompat@mozilla.org/injections/css/bug1568256-zertifikate.commerzbank.de-flex.css +lib/firefox68/browser/features/webcompat@mozilla.org/injections/css/bug1568908-console.cloud.google.com-scrollbar-fix.css +lib/firefox68/browser/features/webcompat@mozilla.org/injections/css/bug1570119-teamcoco.com-scrollbar-width.css +lib/firefox68/browser/features/webcompat@mozilla.org/injections/css/bug1570328-developer-apple.com-transform-scale.css +lib/firefox68/browser/features/webcompat@mozilla.org/injections/css/bug1574973-patch.com-dropdown-menu-fix.css +lib/firefox68/browser/features/webcompat@mozilla.org/injections/css/bug1575000-apply.lloydsbank.co.uk-radio-buttons-fix.css +lib/firefox68/browser/features/webcompat@mozilla.org/injections/css/bug1575011-holiday-weather.com-scrolling-fix.css +lib/firefox68/browser/features/webcompat@mozilla.org/injections/css/bug1575017-dunkindonuts.com-flex-basis.css +lib/firefox68/browser/features/webcompat@mozilla.org/injections/css/bug1577270-binance.com-calc-height-fix.css +lib/firefox68/browser/features/webcompat@mozilla.org/injections/css/bug1577297-kitkat.com.au-slider-width-fix.css lib/firefox68/browser/features/webcompat@mozilla.org/injections/js/bug0000000-testbed-js-injection.js lib/firefox68/browser/features/webcompat@mozilla.org/injections/js/bug1452707-window.controllers-shim-ib.absa.co.za.js lib/firefox68/browser/features/webcompat@mozilla.org/injections/js/bug1457335-histography.io-ua-change.js lib/firefox68/browser/features/webcompat@mozilla.org/injections/js/bug1472075-bankofamerica.com-ua-change.js lib/firefox68/browser/features/webcompat@mozilla.org/injections/js/bug1472081-election.gov.np-window.sidebar-shim.js lib/firefox68/browser/features/webcompat@mozilla.org/injections/js/bug1482066-portalminasnet.com-window.sidebar-shim.js +lib/firefox68/browser/features/webcompat@mozilla.org/injections/js/bug1570856-medium.com-menu-isTier1.js +lib/firefox68/browser/features/webcompat@mozilla.org/injections/js/bug1577245-salesforce-communities-hide-unsupported.js +lib/firefox68/browser/features/webcompat@mozilla.org/injections/js/bug1579159-m.tailieu.vn-pdfjs-worker-disable.js lib/firefox68/browser/features/webcompat@mozilla.org/lib/about_compat_broker.js +lib/firefox68/browser/features/webcompat@mozilla.org/lib/custom_functions.js +lib/firefox68/browser/features/webcompat@mozilla.org/lib/google.js lib/firefox68/browser/features/webcompat@mozilla.org/lib/injections.js lib/firefox68/browser/features/webcompat@mozilla.org/lib/module_shim.js lib/firefox68/browser/features/webcompat@mozilla.org/lib/ua_overrides.js @@ -4364,6 +4382,7 @@ lib/firefox68/browser/modules/ProfileMig lib/firefox68/browser/modules/ReaderParent.jsm lib/firefox68/browser/modules/RemotePrompt.jsm lib/firefox68/browser/modules/Sanitizer.jsm +lib/firefox68/browser/modules/ScreenshotChild.jsm lib/firefox68/browser/modules/SearchTelemetry.jsm lib/firefox68/browser/modules/SearchWidgetTracker.jsm lib/firefox68/browser/modules/SelectionChangedMenulist.jsm @@ -5405,6 +5424,7 @@ lib/firefox68/modules/GMPExtractorWorker lib/firefox68/modules/GMPInstallManager.jsm lib/firefox68/modules/GMPUtils.jsm lib/firefox68/modules/Geometry.jsm +lib/firefox68/modules/HiddenFrame.jsm lib/firefox68/modules/HTMLMenuBuilder.jsm lib/firefox68/modules/HealthPing.jsm lib/firefox68/modules/HelperAppDlg.jsm Index: pkgsrc/www/firefox68/distinfo diff -u pkgsrc/www/firefox68/distinfo:1.1 pkgsrc/www/firefox68/distinfo:1.1.2.1 --- pkgsrc/www/firefox68/distinfo:1.1 Sat Sep 21 07:31:43 2019 +++ pkgsrc/www/firefox68/distinfo Sat Dec 7 10:50:33 2019 @@ -1,9 +1,9 @@ -$NetBSD: distinfo,v 1.1 2019/09/21 07:31:43 ryoon Exp $ +$NetBSD: distinfo,v 1.1.2.1 2019/12/07 10:50:33 bsiegert Exp $ -SHA1 (firefox-68.1.0esr.source.tar.xz) = c24f8036294edba40fd36f52a9dbe2cfe30cd229 -RMD160 (firefox-68.1.0esr.source.tar.xz) = e1088f9a8b70878d8951010879a920c4c2126955 -SHA512 (firefox-68.1.0esr.source.tar.xz) = a53b04b6a4fc98065596117b6bc0aee40c36f74bca02dc7486fda7e9556ad6f221f5ead94db1dc5db572f277556a21b22a0395dae107b67336ca91e33df9882c -Size (firefox-68.1.0esr.source.tar.xz) = 312155752 bytes +SHA1 (firefox-68.2.0esr.source.tar.xz) = 19815556c558a99ea76b4abb357eddb684cfd05a +RMD160 (firefox-68.2.0esr.source.tar.xz) = 25c7447814adb99efea7632b539312becd3b9096 +SHA512 (firefox-68.2.0esr.source.tar.xz) = f6522ca6b9efa3fdeb866912ab9cb904eaace5806c606d5721cba23aebd679885670011c743ca8d381b579b728077182dc766f9b6d3b31ccf51c3eb583c547ee +Size (firefox-68.2.0esr.source.tar.xz) = 312103756 bytes SHA1 (patch-aa) = 1f292aae7d37bd480ba834324b737bfebee52503 SHA1 (patch-browser_app_profile_firefox.js) = 076cc2892547bac07fe907533f4e821f13f5738e SHA1 (patch-build_moz.configure_old.configure) = 05963b12fd908d90e3378b30cff7e48291b8a447 --_----------=_157571583317270--