Pullup ticket #6635 - requested by nia www/firefox91: security update Revisions pulled up: - www/firefox91/Makefile 1.18 - www/firefox91/distinfo 1.13 - www/firefox91/patches/patch-browser_app_profile_firefox.js 1.2 ------------------------------------------------------------------- Module Name: pkgsrc Committed By: nia Date: Mon May 16 21:16:00 UTC 2022 Modified Files: pkgsrc/www/firefox91: Makefile distinfo pkgsrc/www/firefox91/patches: patch-browser_app_profile_firefox.js Log Message: firefox91: update to 91.9.0 Security Vulnerabilities fixed in Firefox ESR 91.9 #CVE-2022-29914: Fullscreen notification bypass using popups #CVE-2022-29909: Bypassing permission prompt in nested browsing contexts #CVE-2022-29916: Leaking browser history with CSS variables #CVE-2022-29911: iframe Sandbox bypass #CVE-2022-29912: Reader mode bypassed SameSite cookies #CVE-2022-29917: Memory safety bugs fixed in Firefox 100 and Firefox ESR 91.9 To generate a diff of this commit: cvs rdiff -u -r1.17 -r1.18 pkgsrc/www/firefox91/Makefile cvs rdiff -u -r1.12 -r1.13 pkgsrc/www/firefox91/distinfo cvs rdiff -u -r1.1 -r1.2 \ pkgsrc/www/firefox91/patches/patch-browser_app_profile_firefox.jsdiff -r1.15.2.1 -r1.15.2.2 pkgsrc/www/firefox91/Makefile
(spz)
@@ -1,17 +1,17 @@ | @@ -1,17 +1,17 @@ | |||
1 | # $NetBSD: Makefile,v 1.15.2.1 2022/04/13 07:16:37 bsiegert Exp $ | 1 | # $NetBSD: Makefile,v 1.15.2.2 2022/06/05 06:09:37 spz Exp $ | |
2 | 2 | |||
3 | FIREFOX_VER= ${MOZ_BRANCH}${MOZ_BRANCH_MINOR} | 3 | FIREFOX_VER= ${MOZ_BRANCH}${MOZ_BRANCH_MINOR} | |
4 | MOZ_BRANCH= 91.8 | 4 | MOZ_BRANCH= 91.9 | |
5 | MOZ_BRANCH_MINOR= .0esr | 5 | MOZ_BRANCH_MINOR= .0esr | |
6 | 6 | |||
7 | DISTNAME= firefox-${FIREFOX_VER}.source | 7 | DISTNAME= firefox-${FIREFOX_VER}.source | |
8 | PKGNAME= ${DISTNAME:S/.source//:S/b/beta/:S/esr//:S/firefox-/firefox91-/} | 8 | PKGNAME= ${DISTNAME:S/.source//:S/b/beta/:S/esr//:S/firefox-/firefox91-/} | |
9 | CATEGORIES= www | 9 | CATEGORIES= www | |
10 | MASTER_SITES+= ${MASTER_SITE_MOZILLA:=firefox/releases/${FIREFOX_VER}/source/} | 10 | MASTER_SITES+= ${MASTER_SITE_MOZILLA:=firefox/releases/${FIREFOX_VER}/source/} | |
11 | EXTRACT_SUFX= .tar.xz | 11 | EXTRACT_SUFX= .tar.xz | |
12 | 12 | |||
13 | DISTFILES= ${DEFAULT_DISTFILES} nodejs-output-91.0.tgz | 13 | DISTFILES= ${DEFAULT_DISTFILES} nodejs-output-91.0.tgz | |
14 | SITES.nodejs-output-91.0.tgz= ${MASTER_SITE_LOCAL} | 14 | SITES.nodejs-output-91.0.tgz= ${MASTER_SITE_LOCAL} | |
15 | 15 | |||
16 | MAINTAINER= ryoon@NetBSD.org | 16 | MAINTAINER= ryoon@NetBSD.org | |
17 | HOMEPAGE= https://www.mozilla.org/en-US/firefox/ | 17 | HOMEPAGE= https://www.mozilla.org/en-US/firefox/ |
@@ -1,23 +1,23 @@ | @@ -1,23 +1,23 @@ | |||
1 | $NetBSD: distinfo,v 1.11.2.1 2022/04/13 07:16:37 bsiegert Exp $ | 1 | $NetBSD: distinfo,v 1.11.2.2 2022/06/05 06:09:37 spz Exp $ | |
2 | 2 | |||
3 | BLAKE2s (firefox-91.8.0esr.source.tar.xz) = 7d5e0d909d4a7e71e011dfe2c08802bb12aeb5fc5a807a57a30b9430e87c8de6 | 3 | BLAKE2s (firefox-91.9.0esr.source.tar.xz) = 36fec9568a45386572e6383d942a091718db5bca2aad13a1bc4448beb45995f1 | |
4 | SHA512 (firefox-91.8.0esr.source.tar.xz) = edea2c7d4d3d0322091b20b623019ef041090d9f89f33c8e3140f66a54624261f278257393db70d2038154de8ee02da0bee6ecf85c281f3558338da71fc173c3 | 4 | SHA512 (firefox-91.9.0esr.source.tar.xz) = fd69d489429052013d2c1b8b766a47920ecee62f0688505758f593b27ae66d6343b9107163749406251aedebdf836147e4d562415a811b04d7ab2ae31e32f133 | |
5 | Size (firefox-91.8.0esr.source.tar.xz) = 380325092 bytes | 5 | Size (firefox-91.9.0esr.source.tar.xz) = 384516460 bytes | |
6 | BLAKE2s (nodejs-output-91.0.tgz) = 5007b8d20d6264a4cd573b465643cff83c2adc75ad7dd9fba97ff5fcae787c9f | 6 | BLAKE2s (nodejs-output-91.0.tgz) = 5007b8d20d6264a4cd573b465643cff83c2adc75ad7dd9fba97ff5fcae787c9f | |
7 | SHA512 (nodejs-output-91.0.tgz) = 3a457101a4aaa5ae955b77c41ba6b0d98eb5dd0ae9d6d8cc77c0c7bc0e844238a9c0d86cd1838ffb6a37ad8851f871c21e4ca1bb59d11e58fc42c5fec88c298c | 7 | SHA512 (nodejs-output-91.0.tgz) = 3a457101a4aaa5ae955b77c41ba6b0d98eb5dd0ae9d6d8cc77c0c7bc0e844238a9c0d86cd1838ffb6a37ad8851f871c21e4ca1bb59d11e58fc42c5fec88c298c | |
8 | Size (nodejs-output-91.0.tgz) = 201061 bytes | 8 | Size (nodejs-output-91.0.tgz) = 201061 bytes | |
9 | SHA1 (patch-aa) = 15b8567cee2af9853f6949c80345ffcb1fd3852a | 9 | SHA1 (patch-aa) = 15b8567cee2af9853f6949c80345ffcb1fd3852a | |
10 | SHA1 (patch-browser_app_profile_firefox.js) = 89cea0a66457c96ad0b94aaa524aa5942ad781d0 | 10 | SHA1 (patch-browser_app_profile_firefox.js) = 7f6b4361fe62ccc2d1c092a5ace97ea2085727bf | |
11 | SHA1 (patch-build_moz.configure_rust.configure) = 25ddfacd29cebbc6db005dbe61a2a7446d480678 | 11 | SHA1 (patch-build_moz.configure_rust.configure) = 25ddfacd29cebbc6db005dbe61a2a7446d480678 | |
12 | SHA1 (patch-config_gcc-stl-wrapper.template.h) = 9d88c7b1ccfdd3c6bd2dcd9530a36ad4a501d97a | 12 | SHA1 (patch-config_gcc-stl-wrapper.template.h) = 9d88c7b1ccfdd3c6bd2dcd9530a36ad4a501d97a | |
13 | SHA1 (patch-config_makefiles_rust.mk) = 72d7e9ecee3ccf7ef5f741aac8e35509b41ab7b8 | 13 | SHA1 (patch-config_makefiles_rust.mk) = 72d7e9ecee3ccf7ef5f741aac8e35509b41ab7b8 | |
14 | SHA1 (patch-dom_base_nsAttrName.h) = ac7ba441a3b27df2855cf2673eea36b1cb44ad49 | 14 | SHA1 (patch-dom_base_nsAttrName.h) = ac7ba441a3b27df2855cf2673eea36b1cb44ad49 | |
15 | SHA1 (patch-gfx_angle_checkout_src_common_third__party_smhasher_src_PMurHash.cpp) = e458c9c8dc66edc69c1874734af28a77fc5e3993 | 15 | SHA1 (patch-gfx_angle_checkout_src_common_third__party_smhasher_src_PMurHash.cpp) = e458c9c8dc66edc69c1874734af28a77fc5e3993 | |
16 | SHA1 (patch-gfx_angle_checkout_src_compiler_translator_InfoSink.h) = 2db2859ff7dbd01c24f6bd038bb3c9ba69821115 | 16 | SHA1 (patch-gfx_angle_checkout_src_compiler_translator_InfoSink.h) = 2db2859ff7dbd01c24f6bd038bb3c9ba69821115 | |
17 | SHA1 (patch-gfx_cairo_cairo_src_cairo-type1-subset.c) = 89a9d934ef76706c552c0b81e6cbc0f45b1ffd2c | 17 | SHA1 (patch-gfx_cairo_cairo_src_cairo-type1-subset.c) = 89a9d934ef76706c552c0b81e6cbc0f45b1ffd2c | |
18 | SHA1 (patch-gfx_skia_skia_src_core_SkCpu.cpp) = 36218819254f3681b9c717d652ea78c9f20d49ad | 18 | SHA1 (patch-gfx_skia_skia_src_core_SkCpu.cpp) = 36218819254f3681b9c717d652ea78c9f20d49ad | |
19 | SHA1 (patch-gfx_thebes_gfxPlatform.cpp) = f6f8996f0818a1b890698c7cc5054d49cb1e8924 | 19 | SHA1 (patch-gfx_thebes_gfxPlatform.cpp) = f6f8996f0818a1b890698c7cc5054d49cb1e8924 | |
20 | SHA1 (patch-gfx_wr_swgl_build.rs) = df6ebfaabb4d27994e59a9d0eaf12c7cf08415fb | 20 | SHA1 (patch-gfx_wr_swgl_build.rs) = df6ebfaabb4d27994e59a9d0eaf12c7cf08415fb | |
21 | SHA1 (patch-ipc_chromium_src_base_message__pump__libevent.cc) = 4a6606da590cfb8d855bde58b9c6f90e98d0870c | 21 | SHA1 (patch-ipc_chromium_src_base_message__pump__libevent.cc) = 4a6606da590cfb8d855bde58b9c6f90e98d0870c | |
22 | SHA1 (patch-ipc_chromium_src_base_platform__thread__posix.cc) = 35d20981d33ccdb1d8ffb8039e48798777f11658 | 22 | SHA1 (patch-ipc_chromium_src_base_platform__thread__posix.cc) = 35d20981d33ccdb1d8ffb8039e48798777f11658 | |
23 | SHA1 (patch-ipc_glue_GeckoChildProcessHost.cpp) = 260c29bacd8bf265951b7a412f850bf2b292c836 | 23 | SHA1 (patch-ipc_glue_GeckoChildProcessHost.cpp) = 260c29bacd8bf265951b7a412f850bf2b292c836 |
@@ -1,17 +1,28 @@ | @@ -1,17 +1,28 @@ | |||
1 | $NetBSD: patch-browser_app_profile_firefox.js,v 1.1 2021/09/08 22:19:50 nia Exp $ | 1 | $NetBSD: patch-browser_app_profile_firefox.js,v 1.1.6.1 2022/06/05 06:09:37 spz Exp $ | |
2 | 2 | |||
3 | --- browser/app/profile/firefox.js.orig 2019-07-06 01:48:29.000000000 +0000 | 3 | This patch modifies default Firefox settings - see the comments above | |
4 | each one. | |||
5 | ||||
6 | --- browser/app/profile/firefox.js.orig 2022-04-28 23:01:46.000000000 +0000 | |||
4 | +++ browser/app/profile/firefox.js | 7 | +++ browser/app/profile/firefox.js | |
5 | @@ -1851,6 +1851,12 @@ pref("fission.frontend.simulate-messages | 8 | @@ -2205,6 +2205,20 @@ pref("fission.frontend.simulate-messages | |
6 | pref("toolkit.coverage.enabled", false); | 9 | pref("toolkit.coverage.enabled", false); | |
7 | pref("toolkit.coverage.endpoint.base", "https://coverage.mozilla.org"); | 10 | pref("toolkit.coverage.endpoint.base", "https://coverage.mozilla.org"); | |
8 | 11 | |||
9 | +// Select UI locale from LANG/LC_MESSAGE environmental variables | 12 | +// Select UI locale from LANG/LC_MESSAGE environmental variables | |
10 | +pref("intl.locale.requested", ""); | 13 | +pref("intl.locale.requested", ""); | |
11 | + | 14 | + | |
12 | +// Enable system addons, for example langpacks from www/firefox-l10n | 15 | +// Enable system addons, for example langpacks from www/firefox-l10n | |
13 | +pref("extensions.autoDisableScopes", 11); | 16 | +pref("extensions.autoDisableScopes", 11); | |
14 | + | 17 | + | |
18 | +// Firefox includes a complex mechanism for "blacklisting" GPUs that | |||
19 | +// appears to fail on a NetBSD system where the only available OpenGL | |||
20 | +// implementations are all from Mesa. WebRender was supposed to be | |||
21 | +// enabled by default from Firefox 91 onwards and appears to greatly | |||
22 | +// improve performance even with acceleration disabled at the kernel | |||
23 | +// level. | |||
24 | +pref("gfx.webrender.all", true); | |||
25 | + | |||
15 | // Discovery prefs | 26 | // Discovery prefs | |
16 | pref("browser.discovery.enabled", true); | 27 | pref("browser.discovery.enabled", true); | |
17 | pref("browser.discovery.containers.enabled", true); | 28 | pref("browser.discovery.containers.enabled", true); |