Fri Nov 17 00:19:01 2017 UTC ()
Update to 52.5.0

Changelog:
Security fixes:
#CVE-2017-7828: Use-after-free of PressShell while restyling layout

Reporter
    Nils
Impact
    critical

Description

A use-after-free vulnerability can occur when flushing and resizing
layout because the PressShell object has been freed while still
in use. This results in a potentially exploitable crash during
these operations.

References

    Bug 1406750
    Bug 1412252

#CVE-2017-7830: Cross-origin URL information leak through Resource Timing API

Reporter
    Jun Kokatsu
Impact
    high

Description

The Resource Timing API incorrectly revealed navigations in cross-origin
iframes. This is a same-origin policy violation and could allow for
data theft of URLs loaded by users.

References

    Memory safety bugs fixed in Firefox 57

#CVE-2017-7826: Memory safety bugs fixed in Firefox 57 and Firefox ESR 52.5

Reporter
    Mozilla developers and community
Impact
    critical

Description

Mozilla developers and community members Christian Holler, David
Keeler, Jon Coppeard, Julien Cristau, Jan de Mooij, Jason Kratzer,
Philipp, Nicholas Nethercote, Oriol Brufau, Andr辿 Bargull, Bob Clary,
Jet Villegas, Randell Jesup, Tyson Smith, Gary Kwong, and Ryan VanderMeulen
reported memory safety bugs present in Firefox 56 and Firefox ESR 52.4.
Some of these bugs showed evidence of memory corruption and we presume
that with enough effort that some of these could be exploited to
run arbitrary code.

References

    Memory safety bugs fixed in Firefox 57 and Firefox ESR 52.5


(ryoon)
diff -r1.10 -r1.11 pkgsrc/www/firefox52/Makefile
diff -r1.8 -r1.9 pkgsrc/www/firefox52/distinfo
cvs diff -r1.10 -r1.11 pkgsrc/www/firefox52/Makefile (expand / switch to unified diff)

--- pkgsrc/www/firefox52/Makefile 2017/11/09 19:17:19 1.10
+++ pkgsrc/www/firefox52/Makefile 2017/11/17 00:19:01 1.11
@@ -1,18 +1,18 @@ @@ -1,18 +1,18 @@
1# $NetBSD: Makefile,v 1.10 2017/11/09 19:17:19 ryoon Exp $ 1# $NetBSD: Makefile,v 1.11 2017/11/17 00:19:01 ryoon Exp $
2 2
3FIREFOX_VER= ${MOZ_BRANCH}${MOZ_BRANCH_MINOR} 3FIREFOX_VER= ${MOZ_BRANCH}${MOZ_BRANCH_MINOR}
4MOZ_BRANCH= 52.4 4MOZ_BRANCH= 52.5
5MOZ_BRANCH_MINOR= .1esr 5MOZ_BRANCH_MINOR= .0esr
6 6
7DISTNAME= firefox-${FIREFOX_VER}.source 7DISTNAME= firefox-${FIREFOX_VER}.source
8PKGNAME= firefox52-${MOZ_BRANCH}${MOZ_BRANCH_MINOR:S/b/beta/:S/esr//} 8PKGNAME= firefox52-${MOZ_BRANCH}${MOZ_BRANCH_MINOR:S/b/beta/:S/esr//}
9CATEGORIES= www 9CATEGORIES= www
10MASTER_SITES+= ${MASTER_SITE_MOZILLA:=firefox/releases/${FIREFOX_VER}/source/} 10MASTER_SITES+= ${MASTER_SITE_MOZILLA:=firefox/releases/${FIREFOX_VER}/source/}
11MASTER_SITES+= ${MASTER_SITE_MOZILLA_ALL:=firefox/releases/${FIREFOX_VER}/source/} 11MASTER_SITES+= ${MASTER_SITE_MOZILLA_ALL:=firefox/releases/${FIREFOX_VER}/source/}
12EXTRACT_SUFX= .tar.xz 12EXTRACT_SUFX= .tar.xz
13 13
14WRKSRC= ${WRKDIR}/${DISTNAME:S/.source//} 14WRKSRC= ${WRKDIR}/${DISTNAME:S/.source//}
15 15
16MAINTAINER= ryoon@NetBSD.org 16MAINTAINER= ryoon@NetBSD.org
17HOMEPAGE= http://www.mozilla.com/en-US/firefox/ 17HOMEPAGE= http://www.mozilla.com/en-US/firefox/
18COMMENT= Web browser with support for extensions (version ${MOZ_BRANCH:C/\..*//}) 18COMMENT= Web browser with support for extensions (version ${MOZ_BRANCH:C/\..*//})
cvs diff -r1.8 -r1.9 pkgsrc/www/firefox52/distinfo (expand / switch to unified diff)

--- pkgsrc/www/firefox52/distinfo 2017/11/09 19:17:19 1.8
+++ pkgsrc/www/firefox52/distinfo 2017/11/17 00:19:01 1.9
@@ -1,19 +1,19 @@ @@ -1,19 +1,19 @@
1$NetBSD: distinfo,v 1.8 2017/11/09 19:17:19 ryoon Exp $ 1$NetBSD: distinfo,v 1.9 2017/11/17 00:19:01 ryoon Exp $
2 2
3SHA1 (firefox-52.4.1esr.source.tar.xz) = c9ab3441780518ed9a57206d5f88445e38adb4f5 3SHA1 (firefox-52.5.0esr.source.tar.xz) = 4941f498f8ec838b1bdc70fc8f13c8fde379ddce
4RMD160 (firefox-52.4.1esr.source.tar.xz) = ca192f10ba393eecc023c55cfcfbc11a7d18dcf9 4RMD160 (firefox-52.5.0esr.source.tar.xz) = c451c1c7cbb5ba8cdf1e35d48f08725cc8bd329c
5SHA512 (firefox-52.4.1esr.source.tar.xz) = d80c7219548391d8a47b6e404662ea41e6acfa264a67d69365e76dd8943077e388ab24b030850919f8fc6681c11486bdbaaf170d441c861f4a12cedbe08955ab 5SHA512 (firefox-52.5.0esr.source.tar.xz) = fe724108ba538e590b87a5c1b817471d3cca9b038ba2755642e4d7b8ebb6174322be1fe074f24ef181946f9a027106b50b500d2fa541d8a99ef44905822eda18
6Size (firefox-52.4.1esr.source.tar.xz) = 211950124 bytes 6Size (firefox-52.5.0esr.source.tar.xz) = 214241184 bytes
7SHA1 (patch-aa) = c1084caa275e57b716c3499301f7fc3f99ef5026 7SHA1 (patch-aa) = c1084caa275e57b716c3499301f7fc3f99ef5026
8SHA1 (patch-ao) = 8b7125ef3b193fca4d03386142887b2f8d5015c5 8SHA1 (patch-ao) = 8b7125ef3b193fca4d03386142887b2f8d5015c5
9SHA1 (patch-as) = 632ebd35287f8f97d18721d39a0514d4cdbb12cc 9SHA1 (patch-as) = 632ebd35287f8f97d18721d39a0514d4cdbb12cc
10SHA1 (patch-build_gyp.mozbuild) = 481270e6703e556fb87a3440cb3cfb3d4fcc4c86 10SHA1 (patch-build_gyp.mozbuild) = 481270e6703e556fb87a3440cb3cfb3d4fcc4c86
11SHA1 (patch-build_moz.configure_init.configure) = f2df0c6b92aa825a61f6a4ee1f70f5443c61858e 11SHA1 (patch-build_moz.configure_init.configure) = f2df0c6b92aa825a61f6a4ee1f70f5443c61858e
12SHA1 (patch-build_moz.configure_keyfiles.configure) = dd46c7c29464f374eed3f0762f4653d42032c261 12SHA1 (patch-build_moz.configure_keyfiles.configure) = dd46c7c29464f374eed3f0762f4653d42032c261
13SHA1 (patch-build_moz.configure_memory.configure) = 46237c1415eff3f99d4889a6300ec96af925f0a6 13SHA1 (patch-build_moz.configure_memory.configure) = 46237c1415eff3f99d4889a6300ec96af925f0a6
14SHA1 (patch-build_moz.configure_old.configure) = d57f718ff0c1d2901ec9f4c958f5a7323ee7c700 14SHA1 (patch-build_moz.configure_old.configure) = d57f718ff0c1d2901ec9f4c958f5a7323ee7c700
15SHA1 (patch-build_pgo_profileserver.py) = 48ad50f716eda2157cbc225298f6672f164b4207 15SHA1 (patch-build_pgo_profileserver.py) = 48ad50f716eda2157cbc225298f6672f164b4207
16SHA1 (patch-config_Makefile.in) = fc6d4de55f4d9ab8598d5b89e6630e4685af1795 16SHA1 (patch-config_Makefile.in) = fc6d4de55f4d9ab8598d5b89e6630e4685af1795
17SHA1 (patch-config_baseconfig.mk) = fbc3fd75bf5d794284e5703a9df227949e819136 17SHA1 (patch-config_baseconfig.mk) = fbc3fd75bf5d794284e5703a9df227949e819136
18SHA1 (patch-config_external_moz.build) = 68708dc0fb94119b9f140d05dd737e69bb6bba81 18SHA1 (patch-config_external_moz.build) = 68708dc0fb94119b9f140d05dd737e69bb6bba81
19SHA1 (patch-config_stl__wrappers_ios) = 00d723e2f2f252485350ede5833f0bb84c1235c1 19SHA1 (patch-config_stl__wrappers_ios) = 00d723e2f2f252485350ede5833f0bb84c1235c1