Content-Transfer-Encoding: 7bit
Content-Type: multipart/mixed; boundary="_----------=_1645415036145680"
MIME-Version: 1.0
Date: Mon, 21 Feb 2022 03:43:56 +0000
From: "Nia Alarie" <nia@netbsd.org>
Subject: CVS commit: pkgsrc/www/firefox91
To: pkgsrc-changes@NetBSD.org
Reply-To: nia@netbsd.org
Message-Id: <20220221034356.ED04CFB24@cvs.NetBSD.org>
Sender: pkgsrc-changes-owner@NetBSD.org
Precedence: bulk

This is a multi-part message in MIME format.

--_----------=_1645415036145680
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
Content-Type: text/plain; charset="US-ASCII"

Module Name:	pkgsrc
Committed By:	nia
Date:		Mon Feb 21 03:43:56 UTC 2022

Modified Files:
	pkgsrc/www/firefox91: Makefile distinfo

Log Message:
firefox91: update to 91.6.0

Security Vulnerabilities fixed in Firefox ESR 91.6

    #CVE-2022-22753: Privilege Escalation to SYSTEM on Windows via Maintenance
    Service

    #CVE-2022-22754: Extensions could have bypassed permission confirmation
    during update

    #CVE-2022-22756: Drag and dropping an image could have resulted in the
    dropped object being an executable

    #CVE-2022-22759: Sandboxed iframes could have executed script if the parent
    appended elements

    #CVE-2022-22760: Cross-Origin responses could be distinguished between
    script and non-script content-types

    #CVE-2022-22761: frame-ancestors Content Security Policy directive was not
    enforced for framed extension pages

    #CVE-2022-22763: Script Execution during invalid object state

    #CVE-2022-22764: Memory safety bugs fixed in Firefox 97 and Firefox ESR 91.6


To generate a diff of this commit:
cvs rdiff -u -r1.12 -r1.13 pkgsrc/www/firefox91/Makefile
cvs rdiff -u -r1.9 -r1.10 pkgsrc/www/firefox91/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


--_----------=_1645415036145680
Content-Disposition: inline
Content-Length: 1907
Content-Transfer-Encoding: binary
Content-Type: text/x-diff; charset=us-ascii

Modified files:

Index: pkgsrc/www/firefox91/Makefile
diff -u pkgsrc/www/firefox91/Makefile:1.12 pkgsrc/www/firefox91/Makefile:1.13
--- pkgsrc/www/firefox91/Makefile:1.12	Wed Jan 26 13:38:06 2022
+++ pkgsrc/www/firefox91/Makefile	Mon Feb 21 03:43:56 2022
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.12 2022/01/26 13:38:06 ryoon Exp $
+# $NetBSD: Makefile,v 1.13 2022/02/21 03:43:56 nia Exp $
 
 FIREFOX_VER=		${MOZ_BRANCH}${MOZ_BRANCH_MINOR}
-MOZ_BRANCH=		91.5
+MOZ_BRANCH=		91.6
 MOZ_BRANCH_MINOR=	.0esr
 
 DISTNAME=	firefox-${FIREFOX_VER}.source

Index: pkgsrc/www/firefox91/distinfo
diff -u pkgsrc/www/firefox91/distinfo:1.9 pkgsrc/www/firefox91/distinfo:1.10
--- pkgsrc/www/firefox91/distinfo:1.9	Wed Jan 26 13:38:06 2022
+++ pkgsrc/www/firefox91/distinfo	Mon Feb 21 03:43:56 2022
@@ -1,8 +1,8 @@
-$NetBSD: distinfo,v 1.9 2022/01/26 13:38:06 ryoon Exp $
+$NetBSD: distinfo,v 1.10 2022/02/21 03:43:56 nia Exp $
 
-BLAKE2s (firefox-91.5.0esr.source.tar.xz) = ede7eb4257b2709ac5c05806761a0ab3a4cc6fb262eeb970ee47fba1bc2504fd
-SHA512 (firefox-91.5.0esr.source.tar.xz) = 1712415b6b73c6a21edfefc39eaba5fcbbca54032f78627c0005d291501d16ef4daffb8b9a160d1d5361113ceba04eb5ddb21d903e3dd8d58838aa9596f2d781
-Size (firefox-91.5.0esr.source.tar.xz) = 381371300 bytes
+BLAKE2s (firefox-91.6.0esr.source.tar.xz) = 4f738596ac1c9608dcdf2dc1f6771065ab3f9dd2927c9a0c569c9fdb671f5424
+SHA512 (firefox-91.6.0esr.source.tar.xz) = 3dd1929f93cdd087a93fc3597f32d9005c986b59832954e01a8c2472b179c92ad611eaa73d3fc000a08b838a0b70da73ff5ba82d6009160655ba6894cf04520e
+Size (firefox-91.6.0esr.source.tar.xz) = 386869628 bytes
 BLAKE2s (nodejs-output-91.0.tgz) = 5007b8d20d6264a4cd573b465643cff83c2adc75ad7dd9fba97ff5fcae787c9f
 SHA512 (nodejs-output-91.0.tgz) = 3a457101a4aaa5ae955b77c41ba6b0d98eb5dd0ae9d6d8cc77c0c7bc0e844238a9c0d86cd1838ffb6a37ad8851f871c21e4ca1bb59d11e58fc42c5fec88c298c
 Size (nodejs-output-91.0.tgz) = 201061 bytes


--_----------=_1645415036145680--