Sat Aug 29 18:39:34 2020 UTC ()
firefox68: Update to 68.12.0

Security Vulnerabilities fixed in Firefox ESR 68.12

    #CVE-2020-15663: Downgrade attack on the Mozilla Maintenance Service could
    have resulted in escalation of privilege

    #CVE-2020-15664: Attacker-induced prompt for extension installation

    #CVE-2020-15669: Use-After-Free when aborting an operation


(nia)
diff -r1.33 -r1.34 pkgsrc/www/firefox68/Makefile
diff -r1.22 -r1.23 pkgsrc/www/firefox68/distinfo
diff -r1.1 -r1.2 pkgsrc/www/firefox68/patches/patch-config_makefiles_rust.mk
cvs diff -r1.33 -r1.34 pkgsrc/www/firefox68/Attic/Makefile (expand / switch to unified diff)

--- pkgsrc/www/firefox68/Attic/Makefile 2020/08/18 17:58:16 1.33
+++ pkgsrc/www/firefox68/Attic/Makefile 2020/08/29 18:39:34 1.34
@@ -1,22 +1,21 @@ @@ -1,22 +1,21 @@
1# $NetBSD: Makefile,v 1.33 2020/08/18 17:58:16 leot Exp $ 1# $NetBSD: Makefile,v 1.34 2020/08/29 18:39:34 nia Exp $
2 2
3FIREFOX_VER= ${MOZ_BRANCH}${MOZ_BRANCH_MINOR} 3FIREFOX_VER= ${MOZ_BRANCH}${MOZ_BRANCH_MINOR}
4MOZ_BRANCH= 68.11 4MOZ_BRANCH= 68.12
5MOZ_BRANCH_MINOR= .0esr 5MOZ_BRANCH_MINOR= .0esr
6 6
7DISTNAME= firefox-${FIREFOX_VER}.source 7DISTNAME= firefox-${FIREFOX_VER}.source
8PKGNAME= ${DISTNAME:S/.source//:S/b/beta/:S/esr//:S/firefox-/firefox68-/} 8PKGNAME= ${DISTNAME:S/.source//:S/b/beta/:S/esr//:S/firefox-/firefox68-/}
9PKGREVISION= 2 
10CATEGORIES= www 9CATEGORIES= www
11MASTER_SITES+= ${MASTER_SITE_MOZILLA:=firefox/releases/${FIREFOX_VER}/source/} 10MASTER_SITES+= ${MASTER_SITE_MOZILLA:=firefox/releases/${FIREFOX_VER}/source/}
12EXTRACT_SUFX= .tar.xz 11EXTRACT_SUFX= .tar.xz
13 12
14MAINTAINER= ryoon@NetBSD.org 13MAINTAINER= ryoon@NetBSD.org
15HOMEPAGE= https://www.mozilla.com/en-US/firefox/ 14HOMEPAGE= https://www.mozilla.com/en-US/firefox/
16COMMENT= Web browser with support for extensions (version ${FIREFOX_VER:tu:C/\\.[[:digit:]\.]*//}) 15COMMENT= Web browser with support for extensions (version ${FIREFOX_VER:tu:C/\\.[[:digit:]\.]*//})
17LICENSE= mpl-1.1 16LICENSE= mpl-1.1
18 17
19SUPERSEDES+= firefox60-[0-9]* 18SUPERSEDES+= firefox60-[0-9]*
20 19
21WRKSRC= ${WRKDIR}/firefox-${FIREFOX_VER:S/esr//} 20WRKSRC= ${WRKDIR}/firefox-${FIREFOX_VER:S/esr//}
22 21
cvs diff -r1.22 -r1.23 pkgsrc/www/firefox68/Attic/distinfo (expand / switch to unified diff)

--- pkgsrc/www/firefox68/Attic/distinfo 2020/08/07 09:09:48 1.22
+++ pkgsrc/www/firefox68/Attic/distinfo 2020/08/29 18:39:34 1.23
@@ -1,24 +1,24 @@ @@ -1,24 +1,24 @@
1$NetBSD: distinfo,v 1.22 2020/08/07 09:09:48 maya Exp $ 1$NetBSD: distinfo,v 1.23 2020/08/29 18:39:34 nia Exp $
2 2
3SHA1 (firefox-68.11.0esr.source.tar.xz) = 445acbf7b7b8f75374ee6347bb6f45748511bcf9 3SHA1 (firefox-68.12.0esr.source.tar.xz) = 976fae5c3cdee8b7929e4f17eca6cf44513d08b4
4RMD160 (firefox-68.11.0esr.source.tar.xz) = 82edab46fe312a47889047fe431784c511684ade 4RMD160 (firefox-68.12.0esr.source.tar.xz) = c7871e1d9f8eaff2c0eaff7c70f49c2488e616f8
5SHA512 (firefox-68.11.0esr.source.tar.xz) = 7dcfa4944945bce184b96643a7afbd0cc97c93e4f727695bd5ee1e1745cff89784e68baf109588ef56791211b4b8f5c7c056ae6ac77f54fd00a5af5d5606f23e 5SHA512 (firefox-68.12.0esr.source.tar.xz) = 839b02422e4c87bdb12e0995cd35ca8c1996f3fba00bbb46b419e46b67df5ec48a264cb14632db777ce29166ee4fdcb06e2ee3ce847e64328c58c9a2f9129f4c
6Size (firefox-68.11.0esr.source.tar.xz) = 321294384 bytes 6Size (firefox-68.12.0esr.source.tar.xz) = 313856956 bytes
7SHA1 (patch-aa) = 9f7200c411cd2217a80ec10a276c8877bc6b845c 7SHA1 (patch-aa) = 9f7200c411cd2217a80ec10a276c8877bc6b845c
8SHA1 (patch-browser_app_profile_firefox.js) = cf93582b68b8d4e72c3c25682ab9138e185418c8 8SHA1 (patch-browser_app_profile_firefox.js) = cf93582b68b8d4e72c3c25682ab9138e185418c8
9SHA1 (patch-build_moz.configure_rust.configure) = b57a9b1451dc426d75774f73d7c05fc98fe6e317 9SHA1 (patch-build_moz.configure_rust.configure) = b57a9b1451dc426d75774f73d7c05fc98fe6e317
10SHA1 (patch-config_gcc-stl-wrapper.template.h) = 11b45e0c7a9399c5b74b170648280a388dd67d89 10SHA1 (patch-config_gcc-stl-wrapper.template.h) = 11b45e0c7a9399c5b74b170648280a388dd67d89
11SHA1 (patch-config_makefiles_rust.mk) = 25502bfbe32877b35c244c2c19d6ee1dd63cb771 11SHA1 (patch-config_makefiles_rust.mk) = 564169b2a1ef7f378caa8ba8962b9cf3baf01735
12SHA1 (patch-dom_base_nsAttrName.h) = ac7ba441a3b27df2855cf2673eea36b1cb44ad49 12SHA1 (patch-dom_base_nsAttrName.h) = ac7ba441a3b27df2855cf2673eea36b1cb44ad49
13SHA1 (patch-dom_media_CubebUtils.cpp) = 3cd2c65ab281d802c56216565970450767a3fb24 13SHA1 (patch-dom_media_CubebUtils.cpp) = 3cd2c65ab281d802c56216565970450767a3fb24
14SHA1 (patch-dom_webauthn_u2f-hid-rs_src_lib.rs) = c0dfe8b1e7ebbc7c1d6066c204030f13b063b8d7 14SHA1 (patch-dom_webauthn_u2f-hid-rs_src_lib.rs) = c0dfe8b1e7ebbc7c1d6066c204030f13b063b8d7
15SHA1 (patch-dom_webauthn_u2f-hid-rs_src_netbsd_device.rs) = 091ffab5bd6a15425acb2ab023cc26f6b23324c6 15SHA1 (patch-dom_webauthn_u2f-hid-rs_src_netbsd_device.rs) = 091ffab5bd6a15425acb2ab023cc26f6b23324c6
16SHA1 (patch-dom_webauthn_u2f-hid-rs_src_netbsd_fd.rs) = 57f5c3c879b07375234e5cb0cbe0469b15105a6a 16SHA1 (patch-dom_webauthn_u2f-hid-rs_src_netbsd_fd.rs) = 57f5c3c879b07375234e5cb0cbe0469b15105a6a
17SHA1 (patch-dom_webauthn_u2f-hid-rs_src_netbsd_mod.rs) = 7160fc9fe6d197b42104856b997337f823d2a791 17SHA1 (patch-dom_webauthn_u2f-hid-rs_src_netbsd_mod.rs) = 7160fc9fe6d197b42104856b997337f823d2a791
18SHA1 (patch-dom_webauthn_u2f-hid-rs_src_netbsd_monitor.rs) = 527722bd4fbf0aca07d710e0a8b73f95b2adad40 18SHA1 (patch-dom_webauthn_u2f-hid-rs_src_netbsd_monitor.rs) = 527722bd4fbf0aca07d710e0a8b73f95b2adad40
19SHA1 (patch-dom_webauthn_u2f-hid-rs_src_netbsd_transaction.rs) = aeafe7c1df614bb5e46cb7fb1cb351001f292caf 19SHA1 (patch-dom_webauthn_u2f-hid-rs_src_netbsd_transaction.rs) = aeafe7c1df614bb5e46cb7fb1cb351001f292caf
20SHA1 (patch-dom_webauthn_u2f-hid-rs_src_netbsd_uhid.rs) = c1d2157350803fb3eaef6f7a00e7c81dd9cf708b 20SHA1 (patch-dom_webauthn_u2f-hid-rs_src_netbsd_uhid.rs) = c1d2157350803fb3eaef6f7a00e7c81dd9cf708b
21SHA1 (patch-gfx_angle_checkout_src_common_third__party_smhasher_src_PMurHash.cpp) = e458c9c8dc66edc69c1874734af28a77fc5e3993 21SHA1 (patch-gfx_angle_checkout_src_common_third__party_smhasher_src_PMurHash.cpp) = e458c9c8dc66edc69c1874734af28a77fc5e3993
22SHA1 (patch-gfx_angle_checkout_src_compiler_translator_InfoSink.h) = 2f73c76c48852613e0c55c1680fcc2a9eb3cf4ef 22SHA1 (patch-gfx_angle_checkout_src_compiler_translator_InfoSink.h) = 2f73c76c48852613e0c55c1680fcc2a9eb3cf4ef
23SHA1 (patch-gfx_gl_GLContextProviderGLX.cpp) = 2c909a10a341e600392417240ad0c556f495d6ba 23SHA1 (patch-gfx_gl_GLContextProviderGLX.cpp) = 2c909a10a341e600392417240ad0c556f495d6ba
24SHA1 (patch-gfx_skia_skia_src_core_SkCpu.cpp) = 36218819254f3681b9c717d652ea78c9f20d49ad 24SHA1 (patch-gfx_skia_skia_src_core_SkCpu.cpp) = 36218819254f3681b9c717d652ea78c9f20d49ad
cvs diff -r1.1 -r1.2 pkgsrc/www/firefox68/patches/Attic/patch-config_makefiles_rust.mk (expand / switch to unified diff)

--- pkgsrc/www/firefox68/patches/Attic/patch-config_makefiles_rust.mk 2020/08/07 09:09:48 1.1
+++ pkgsrc/www/firefox68/patches/Attic/patch-config_makefiles_rust.mk 2020/08/29 18:39:34 1.2
@@ -1,30 +1,18 @@ @@ -1,30 +1,18 @@
1$NetBSD: patch-config_makefiles_rust.mk,v 1.1 2020/08/07 09:09:48 maya Exp $ 1$NetBSD: patch-config_makefiles_rust.mk,v 1.2 2020/08/29 18:39:34 nia Exp $
2 2
3NetBSD<10 doesn't get along with parallel rust builds (it causes issues 3NetBSD<10 doesn't get along with parallel rust builds (it causes issues
4with ld.so) which are the default. Force -j1. 4with ld.so) which are the default. Force -j1.
5 5
6Set -Cembed-bitcode=yes when using LTO to fix build with rust >= 1.45. 6--- config/makefiles/rust.mk.orig 2020-08-17 18:26:21.000000000 +0000
7Upstream bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1640982 
8 
9--- config/makefiles/rust.mk.orig 2020-07-20 21:02:39.000000000 +0000 
10+++ config/makefiles/rust.mk 7+++ config/makefiles/rust.mk
11@@ -49,11 +49,19 @@ ifndef MOZ_DEBUG_RUST 8@@ -60,6 +60,10 @@ ifdef CARGO_INCREMENTAL
12 # Enable link-time optimization for release builds. 
13 cargo_rustc_flags += -C lto 
14 endif 
15+# Versions of rust >= 1.45 need -Cembed-bitcode=yes for all crates when 
16+# using -Clto. 
17+ifeq (,$(filter 1.38.% 1.39.% 1.40.% 1.41.% 1.42.% 1.43.% 1.44.%,$(RUSTC_VERSION))) 
18+RUSTFLAGS += -Cembed-bitcode=yes 
19+endif 
20 endif 
21  
22 ifdef CARGO_INCREMENTAL 
23 export CARGO_INCREMENTAL 9 export CARGO_INCREMENTAL
24 endif 10 endif
 11
25+ifeq ($(OS_ARCH),NetBSD) 12+ifeq ($(OS_ARCH),NetBSD)
26+cargo_build_flags += -j1 13+cargo_build_flags += -j1
27+endif 14+endif
28  15+
29 rustflags_neon = 16 rustflags_neon =
30 ifeq (neon,$(MOZ_FPU)) 17 ifeq (neon,$(MOZ_FPU))
 18 # Enable neon and disable restriction to 16 FPU registers