Received: from mail.netbsd.org (mail.netbsd.org [199.233.217.200]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) (Client CN "mail.NetBSD.org", Issuer "mail.NetBSD.org CA" (not verified)) by mollari.NetBSD.org (Postfix) with ESMTPS id 6E0A41A921F for ; Thu, 10 Mar 2022 16:22:49 +0000 (UTC) Received: by mail.netbsd.org (Postfix, from userid 605) id 7634C84D96; Thu, 10 Mar 2022 16:22:48 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by mail.netbsd.org (Postfix) with ESMTP id AD5B284EDD for ; Thu, 10 Mar 2022 16:22:47 +0000 (UTC) X-Virus-Scanned: amavisd-new at netbsd.org Received: from mail.netbsd.org ([127.0.0.1]) by localhost (mail.netbsd.org [127.0.0.1]) (amavisd-new, port 10025) with ESMTP id aPzHbJC689kC for ; Thu, 10 Mar 2022 16:22:47 +0000 (UTC) Received: from cvs.NetBSD.org (ivanova.NetBSD.org [IPv6:2001:470:a085:999:28c:faff:fe03:5984]) by mail.netbsd.org (Postfix) with ESMTP id 2151B84CEF for ; Thu, 10 Mar 2022 16:22:47 +0000 (UTC) Received: by cvs.NetBSD.org (Postfix, from userid 500) id 152F0FB24; Thu, 10 Mar 2022 16:22:47 +0000 (UTC) Content-Transfer-Encoding: 7bit Content-Type: multipart/mixed; boundary="_----------=_1646929367124720" MIME-Version: 1.0 Date: Thu, 10 Mar 2022 16:22:47 +0000 From: "Nia Alarie" Subject: CVS commit: pkgsrc/www/firefox91 To: pkgsrc-changes@NetBSD.org Reply-To: nia@netbsd.org X-Mailer: log_accum Message-Id: <20220310162247.152F0FB24@cvs.NetBSD.org> Sender: pkgsrc-changes-owner@NetBSD.org List-Id: Precedence: bulk List-Unsubscribe: This is a multi-part message in MIME format. --_----------=_1646929367124720 Content-Disposition: inline Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset="US-ASCII" Module Name: pkgsrc Committed By: nia Date: Thu Mar 10 16:22:47 UTC 2022 Modified Files: pkgsrc/www/firefox91: Makefile distinfo Log Message: firefox91: update to 91.7.0 Security Vulnerabilities fixed in Firefox ESR 91.7 #CVE-2022-26383: Browser window spoof using fullscreen mode #CVE-2022-26384: iframe allow-scripts sandbox bypass #CVE-2022-26387: Time-of-check time-of-use bug when verifying add-on signatures #CVE-2022-26381: Use-after-free in text reflows #CVE-2022-26386: Temporary files downloaded to /tmp and accessible by other local users To generate a diff of this commit: cvs rdiff -u -r1.13 -r1.14 pkgsrc/www/firefox91/Makefile cvs rdiff -u -r1.10 -r1.11 pkgsrc/www/firefox91/distinfo Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. --_----------=_1646929367124720 Content-Disposition: inline Content-Length: 1906 Content-Transfer-Encoding: binary Content-Type: text/x-diff; charset=us-ascii Modified files: Index: pkgsrc/www/firefox91/Makefile diff -u pkgsrc/www/firefox91/Makefile:1.13 pkgsrc/www/firefox91/Makefile:1.14 --- pkgsrc/www/firefox91/Makefile:1.13 Mon Feb 21 03:43:56 2022 +++ pkgsrc/www/firefox91/Makefile Thu Mar 10 16:22:46 2022 @@ -1,7 +1,7 @@ -# $NetBSD: Makefile,v 1.13 2022/02/21 03:43:56 nia Exp $ +# $NetBSD: Makefile,v 1.14 2022/03/10 16:22:46 nia Exp $ FIREFOX_VER= ${MOZ_BRANCH}${MOZ_BRANCH_MINOR} -MOZ_BRANCH= 91.6 +MOZ_BRANCH= 91.7 MOZ_BRANCH_MINOR= .0esr DISTNAME= firefox-${FIREFOX_VER}.source Index: pkgsrc/www/firefox91/distinfo diff -u pkgsrc/www/firefox91/distinfo:1.10 pkgsrc/www/firefox91/distinfo:1.11 --- pkgsrc/www/firefox91/distinfo:1.10 Mon Feb 21 03:43:56 2022 +++ pkgsrc/www/firefox91/distinfo Thu Mar 10 16:22:46 2022 @@ -1,8 +1,8 @@ -$NetBSD: distinfo,v 1.10 2022/02/21 03:43:56 nia Exp $ +$NetBSD: distinfo,v 1.11 2022/03/10 16:22:46 nia Exp $ -BLAKE2s (firefox-91.6.0esr.source.tar.xz) = 4f738596ac1c9608dcdf2dc1f6771065ab3f9dd2927c9a0c569c9fdb671f5424 -SHA512 (firefox-91.6.0esr.source.tar.xz) = 3dd1929f93cdd087a93fc3597f32d9005c986b59832954e01a8c2472b179c92ad611eaa73d3fc000a08b838a0b70da73ff5ba82d6009160655ba6894cf04520e -Size (firefox-91.6.0esr.source.tar.xz) = 386869628 bytes +BLAKE2s (firefox-91.7.0esr.source.tar.xz) = 16487f53743fe1ec42768c3399a3938d2620d0afce9c5e353c596a43245588dc +SHA512 (firefox-91.7.0esr.source.tar.xz) = 925811989d8a91d826ba356bd46ac54be8153288ec0319c28d2bfbe89191e62e107691159dd7ca247253e2a4952eb59a5b9613e3feea3f5351238d4822e26301 +Size (firefox-91.7.0esr.source.tar.xz) = 383133596 bytes BLAKE2s (nodejs-output-91.0.tgz) = 5007b8d20d6264a4cd573b465643cff83c2adc75ad7dd9fba97ff5fcae787c9f SHA512 (nodejs-output-91.0.tgz) = 3a457101a4aaa5ae955b77c41ba6b0d98eb5dd0ae9d6d8cc77c0c7bc0e844238a9c0d86cd1838ffb6a37ad8851f871c21e4ca1bb59d11e58fc42c5fec88c298c Size (nodejs-output-91.0.tgz) = 201061 bytes --_----------=_1646929367124720--