X-Original-To: alpine-aports@lists.alpinelinux.org Received: from mail-lf0-f68.google.com (mail-lf0-f68.google.com [209.85.215.68]) by lists.alpinelinux.org (Postfix) with ESMTP id F0A805C0595 for ; Mon, 26 Dec 2016 14:15:04 +0000 (GMT) Received: by mail-lf0-f68.google.com with SMTP id y21so25488609lfa.0 for ; Mon, 26 Dec 2016 06:15:04 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id; bh=AlIRYW7ZdJ/RZLT4MA+UoIX2RSD5exEj/CNM6JJfdSM=; b=U9NDL8/BQM8C1YZA8ahVvRRI69Tym+OqhL86bsgaHba0Q37cSLZA8IH/dGUoMmp91s uaDaoasLpxnCFAn6MTtMyf+5DlC6RkJL1WUTMHNoboM/9F8Pg+C/dmH4pGe0VimIjELU QGigqkqzhrjCNLLnHRkS99RcVsMxwBZq32L8L0r8lrZAKI3EYndccap2oQYSLKJLJQmM /t2gdAVljWda7VmMdM6u/iIVnHCyZMS0Be3gEbKDG1IzLws5PKJAGQxs6sFh91lOW/M1 F341i28YlIPQ+TTxbsK/TUF6Cc+GbLDhFRa8HD0giaDyac/eWVFUZWrPuLduMGmASZgz 2a/Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=AlIRYW7ZdJ/RZLT4MA+UoIX2RSD5exEj/CNM6JJfdSM=; b=jctRdcnETOwffkqPswf4ohrhqhG4pTV0BYFWSOVLgg1ZHHEVu7gq934k45ENh4RVrz ACIilxnSsi22Tr7+liiMZD6IPDM2pd1hwOIo94X/O5xcZMg2B7lyzFICFwAgTBlAzc6A irxmlmvPbOM1iKMDqulIRks5e5dhM0AvPhIjZnhqp/zXAxDjy0I4g0JMRZHJmYxmjShV BLm9oC2oWYjnOZ5q2wXCmwTiZzZR+B24DzBbaxs76OzC49I+IVfE2/a7178cPJMC3/22 gkIsCFRco/QgtXWLNTJSAAPBBakh0DKZ65AH7WCKNdErNCw+qdFOMoAjE+Q3AG1EPv1t 2GMQ== X-Gm-Message-State: AIkVDXL8g/0m6GwHbj+kXEe5WNwxF9HQRmR3T8COmiZtpzL+DeBRCv0XVmXAue5GoAWMHg== X-Received: by 10.25.242.75 with SMTP id d11mr10436052lfk.168.1482761704031; Mon, 26 Dec 2016 06:15:04 -0800 (PST) Received: from v3-4.util.wtbts.net ([83.145.235.199]) by smtp.gmail.com with ESMTPSA id y26sm10617833lja.22.2016.12.26.06.15.02 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Mon, 26 Dec 2016 06:15:03 -0800 (PST) From: Sergey Lukin To: alpine-aports@lists.alpinelinux.org Cc: Sergey Lukin Subject: [alpine-aports] [PATCH v3.4] community/firefox-esr: security upgrade to 45.6.0 - fixes #6532 Date: Mon, 26 Dec 2016 14:14:42 +0000 Message-Id: <20161226141442.15713-1-sergej.lukin@gmail.com> X-Mailer: git-send-email 2.8.3 X-Mailinglist: alpine-aports Precedence: list List-Id: Alpine Development List-Unsubscribe: List-Post: List-Help: List-Subscribe: CVE-2016-9893: Memory safety bugs CVE-2016-9895: CSP bypass using marquee tag CVE-2016-9897: Memory corruption in libGLES CVE-2016-9898: Use-after-free in Editor while manipulating DOM subtrees CVE-2016-9899: Use-after-free while manipulating DOM events and audio elements CVE-2016-9900: Restricted external resources can be loaded by SVG images through data URLs CVE-2016-9901: Data from Pocket server improperly sanitized before execution CVE-2016-9902: Pocket extension does not validate the origin of events CVE-2016-9904: Cross-origin information leak in shared atoms CVE-2016-9905: Crash in EnumerateSubDocuments --- community/firefox-esr/APKBUILD | 23 +++++++++++++++++++---- 1 file changed, 19 insertions(+), 4 deletions(-) diff --git a/community/firefox-esr/APKBUILD b/community/firefox-esr/APKBUILD index e403d4b..a80d15c 100644 --- a/community/firefox-esr/APKBUILD +++ b/community/firefox-esr/APKBUILD @@ -1,7 +1,8 @@ +# Contributor: Sergei Lukin # Contributor: William Pitcock # Maintainer: Natanael Copa pkgname=firefox-esr -pkgver=45.4.0 +pkgver=45.6.0 _pkgver=$pkgver _xulver=$pkgver pkgrel=0 @@ -74,6 +75,20 @@ source="http://ftp.mozilla.org/pub/firefox/releases/${pkgver}esr/source/firefox- firefox.desktop firefox-safe.desktop" +# secfixes: +# 45.6.0: +# - CVE-2016-9893 +# - CVE-2016-9895 +# - CVE-2016-9897 +# - CVE-2016-9898 +# - CVE-2016-9899 +# - CVE-2016-9900 +# - CVE-2016-9901 +# - CVE-2016-9902 +# - CVE-2016-9904 +# - CVE-2016-9905 + + _builddir="${srcdir}/firefox-${pkgver}esr" _mozappdir=/usr/lib/firefox-$pkgver _mozappdirdev=/usr/lib/firefox-devel-$pkgver @@ -169,7 +184,7 @@ dev() { default_dev } -md5sums="20358acfbb9e11782940c180fd2b1528 firefox-45.4.0esr.source.tar.xz +md5sums="ee3cf2401a5716cebacaae5fb70d133f firefox-45.6.0esr.source.tar.xz 1f4c60e662ed93784431bd06c5141719 mozconfig 99b27aeac58923f318d083e5e71879ba vendor.js 6ab77b80c8c7d6fd07ab53c54561f4df 0002-Use-C99-math-isfinite.patch @@ -188,7 +203,7 @@ b8b2a3cdb38f402e4eb4885908233811 libavutil.patch 0db0cce8350d59a91ae2c4f0400f7146 mallinfo.patch ba96924ece1d77453e462429037a2ce5 firefox.desktop 6f38a5899034b7786cb1f75ad42032b8 firefox-safe.desktop" -sha256sums="cfd90096b9e1019b9de4fe061ece8c65f668b8a24bcbb657ce6b3c940ef83ad0 firefox-45.4.0esr.source.tar.xz +sha256sums="c1e7ddf6efb0f54c8071131b6395f4942a422c2ab70f2e9a81b588373d6fbf5b firefox-45.6.0esr.source.tar.xz 23c2b4535ce83c92ba978e15ce328c9f140def155d12523c00df30baf41b98dc mozconfig afecb8c17a2bedafe600dd572d24eff24e540cda02f675705d11168040379ce6 vendor.js 080a55182b865471a86fa4b70a66ed9495f1e536f7fdc4060cb8c675b4749c6e 0002-Use-C99-math-isfinite.patch @@ -207,7 +222,7 @@ a1ba79ec0c50c19edcfb24bb2686a718a77b02035e412989b9208b9b818abe14 allow-utf8-fal 2f564fa5f347f3c7f20d589ef273f000ca9c9aeca2c6ad0fb5b15bfc715d8b81 mallinfo.patch b571c4a49884a3c98806246c9cc3e60c73d5a8f4aeb7f96217db0be1d6210eda firefox.desktop 4b6de45753856a890f4482055666e77f9b01bdfb7e0df08bafaa3a4d9937eed3 firefox-safe.desktop" -sha512sums="2955e02f829a10186a8b22320fb97d4b0fc2b45721fcffa6295653fd760d516ae72b5656547685ba1e0699b381e28044996d9ee12a8738842b4e6b8acd296715 firefox-45.4.0esr.source.tar.xz +sha512sums="b96c71aeed8a1185a085512f33d454a1735237cd9ddf37c8caa9cc91892eafab0615fc0ca6035f282ca8101489fa84c0de1087d1963c05b64df32b0c86446610 firefox-45.6.0esr.source.tar.xz e14b4a646230f7a752ef864b0e6a074fdac74d6c4abde2c31656eb10ac6f002a5c664d257bf3f4bd22544f10103e38d5fae49f84fcaae402b81940e72bcfe0e5 mozconfig cc10dba32d9c7faf1d99b8fdebc71bf0200ad10b976105edb45df696bf64a668b2b7aa8c3892a8056eb71fb071b0e0ae51c3ce2fb75acfb7e7035104c0e4fce3 vendor.js 7e123144bc2b1efed149dfb41b255c447d43ea93a63ebe114d01945e6a6d69edc2f2a3c36980a93279106c1842355851b8b6c1d96679ee6be7b9b30513e0b1a8 0002-Use-C99-math-isfinite.patch -- 2.8.3 --- Unsubscribe: alpine-aports+unsubscribe@lists.alpinelinux.org Help: alpine-aports+help@lists.alpinelinux.org ---