Mon Feb 21 13:34:26 2022 UTC ()

Pullup ticket #6582 - requested by nia
www/firefox91: security fix

Revisions pulled up:
- www/firefox91/Makefile                                        1.13
- www/firefox91/distinfo                                        1.10

---
   Module Name:	pkgsrc
   Committed By:	nia
   Date:		Mon Feb 21 03:43:56 UTC 2022

   Modified Files:
   	pkgsrc/www/firefox91: Makefile distinfo

   Log Message:
   firefox91: update to 91.6.0

   Security Vulnerabilities fixed in Firefox ESR 91.6

       #CVE-2022-22753: Privilege Escalation to SYSTEM on Windows via Maintenance
       Service

       #CVE-2022-22754: Extensions could have bypassed permission confirmation
       during update

       #CVE-2022-22756: Drag and dropping an image could have resulted in the
       dropped object being an executable

       #CVE-2022-22759: Sandboxed iframes could have executed script if the parent
       appended elements

       #CVE-2022-22760: Cross-Origin responses could be distinguished between
       script and non-script content-types

       #CVE-2022-22761: frame-ancestors Content Security Policy directive was not
       enforced for framed extension pages

       #CVE-2022-22763: Script Execution during invalid object state

       #CVE-2022-22764: Memory safety bugs fixed in Firefox 97 and Firefox ESR 91.6


(bsiegert)

diff -r1.11.2.1 -r1.11.2.2 pkgsrc/www/firefox91/Makefile
diff -r1.8.2.1 -r1.8.2.2 pkgsrc/www/firefox91/distinfo

--- pkgsrc/www/firefox91/Makefile 2022/02/20 10:20:21 1.11.2.1
+++ pkgsrc/www/firefox91/Makefile 2022/02/21 13:34:26 1.11.2.2

 @@ -1,17 +1,17 @@
-# $NetBSD: Makefile,v 1.11.2.1 2022/02/20 10:20:21 bsiegert Exp $
+# $NetBSD: Makefile,v 1.11.2.2 2022/02/21 13:34:26 bsiegert Exp $
 FIREFOX_VER=		${MOZ_BRANCH}${MOZ_BRANCH_MINOR}
-MOZ_BRANCH=		91.5
+MOZ_BRANCH=		91.6
 MOZ_BRANCH_MINOR=	.0esr
 DISTNAME=	firefox-${FIREFOX_VER}.source
 PKGNAME=	${DISTNAME:S/.source//:S/b/beta/:S/esr//:S/firefox-/firefox91-/}
 CATEGORIES=	www
 MASTER_SITES+=	${MASTER_SITE_MOZILLA:=firefox/releases/${FIREFOX_VER}/source/}
 EXTRACT_SUFX=	.tar.xz
 DISTFILES=	${DEFAULT_DISTFILES} nodejs-output-91.0.tgz
 SITES.nodejs-output-91.0.tgz=	${MASTER_SITE_LOCAL}
 MAINTAINER=	ryoon@NetBSD.org
 HOMEPAGE=	https://www.mozilla.org/en-US/firefox/

--- pkgsrc/www/firefox91/distinfo 2022/02/20 10:20:21 1.8.2.1
+++ pkgsrc/www/firefox91/distinfo 2022/02/21 13:34:26 1.8.2.2

 @@ -1,18 +1,18 @@
-$NetBSD: distinfo,v 1.8.2.1 2022/02/20 10:20:21 bsiegert Exp $
+$NetBSD: distinfo,v 1.8.2.2 2022/02/21 13:34:26 bsiegert Exp $
-BLAKE2s (firefox-91.5.0esr.source.tar.xz) = ede7eb4257b2709ac5c05806761a0ab3a4cc6fb262eeb970ee47fba1bc2504fd
+BLAKE2s (firefox-91.6.0esr.source.tar.xz) = 4f738596ac1c9608dcdf2dc1f6771065ab3f9dd2927c9a0c569c9fdb671f5424
-SHA512 (firefox-91.5.0esr.source.tar.xz) = 1712415b6b73c6a21edfefc39eaba5fcbbca54032f78627c0005d291501d16ef4daffb8b9a160d1d5361113ceba04eb5ddb21d903e3dd8d58838aa9596f2d781
+SHA512 (firefox-91.6.0esr.source.tar.xz) = 3dd1929f93cdd087a93fc3597f32d9005c986b59832954e01a8c2472b179c92ad611eaa73d3fc000a08b838a0b70da73ff5ba82d6009160655ba6894cf04520e
-Size (firefox-91.5.0esr.source.tar.xz) = 381371300 bytes
+Size (firefox-91.6.0esr.source.tar.xz) = 386869628 bytes
 BLAKE2s (nodejs-output-91.0.tgz) = 5007b8d20d6264a4cd573b465643cff83c2adc75ad7dd9fba97ff5fcae787c9f
 SHA512 (nodejs-output-91.0.tgz) = 3a457101a4aaa5ae955b77c41ba6b0d98eb5dd0ae9d6d8cc77c0c7bc0e844238a9c0d86cd1838ffb6a37ad8851f871c21e4ca1bb59d11e58fc42c5fec88c298c
 Size (nodejs-output-91.0.tgz) = 201061 bytes
 SHA1 (patch-aa) = 15b8567cee2af9853f6949c80345ffcb1fd3852a
 SHA1 (patch-browser_app_profile_firefox.js) = 89cea0a66457c96ad0b94aaa524aa5942ad781d0
 SHA1 (patch-build_moz.configure_rust.configure) = 25ddfacd29cebbc6db005dbe61a2a7446d480678
 SHA1 (patch-config_gcc-stl-wrapper.template.h) = 9d88c7b1ccfdd3c6bd2dcd9530a36ad4a501d97a
 SHA1 (patch-config_makefiles_rust.mk) = 72d7e9ecee3ccf7ef5f741aac8e35509b41ab7b8
 SHA1 (patch-dom_base_nsAttrName.h) = ac7ba441a3b27df2855cf2673eea36b1cb44ad49
 SHA1 (patch-gfx_angle_checkout_src_common_third__party_smhasher_src_PMurHash.cpp) = e458c9c8dc66edc69c1874734af28a77fc5e3993
 SHA1 (patch-gfx_angle_checkout_src_compiler_translator_InfoSink.h) = 2db2859ff7dbd01c24f6bd038bb3c9ba69821115
 SHA1 (patch-gfx_cairo_cairo_src_cairo-type1-subset.c) = 89a9d934ef76706c552c0b81e6cbc0f45b1ffd2c
 SHA1 (patch-gfx_skia_skia_src_core_SkCpu.cpp) = 36218819254f3681b9c717d652ea78c9f20d49ad