diff options
author | Rasmus Thomsen <oss@cogitri.dev> | 2020-03-14 00:29:06 +0100 |
---|---|---|
committer | Rasmus Thomsen <oss@cogitri.dev> | 2020-03-14 08:21:20 +0100 |
commit | 1d258f723c31c630b8159e94a980ef430a9ea27b (patch) | |
tree | 8c46a4488ad43da40f4a1252dc09088edf9f8c2b | |
parent | fe087d48122cfc78dd63956f2d89805b797ac408 (diff) | |
download | aports-1d258f723c31c630b8159e94a980ef430a9ea27b.tar.bz2 aports-1d258f723c31c630b8159e94a980ef430a9ea27b.tar.xz |
community/firefox: security upgrade to 74.0
This fixes the following CVEs:
* CVE-2019-20503
* CVE-2020-6805
* CVE-2020-6806
* CVE-2020-6807
* CVE-2020-6808
* CVE-2020-6809
* CVE-2020-6810
* CVE-2020-6811
* CVE-2020-6812
* CVE-2020-6813
* CVE-2020-6814
* CVE-2020-6815
-rw-r--r-- | community/firefox/APKBUILD | 29 | ||||
-rw-r--r-- | community/firefox/allow-custom-rust-vendor.patch | 40 |
2 files changed, 38 insertions, 31 deletions
diff --git a/community/firefox/APKBUILD b/community/firefox/APKBUILD index 15d3b87d6c..2ee6e4e0cc 100644 --- a/community/firefox/APKBUILD +++ b/community/firefox/APKBUILD @@ -2,8 +2,8 @@ # Contributor: Sören Tempel <soeren+alpine@soeren-tempel.net> # Maintainer: Rasmus Thomsen <oss@cogitri.dev> pkgname=firefox -pkgver=73.0.1 -pkgrel=1 +pkgver=74.0 +pkgrel=0 pkgdesc="Firefox web browser" url="https://www.firefox.com/" arch="all !s390x !armhf" # limited by rust and cargo, build failure on armhf due to wasm @@ -54,7 +54,6 @@ source="https://ftp.mozilla.org/pub/firefox/releases/$pkgver/source/firefox-$pkg fix-fortify-system-wrappers.patch fix-seccomp-bpf.patch - fix-toolkit.patch fix-tools.patch mallinfo.patch @@ -64,7 +63,6 @@ source="https://ftp.mozilla.org/pub/firefox/releases/$pkgver/source/firefox-$pkg rust_audio-thread-priority.patch fd6847c9416f9eebde636e21d794d25d1be8791d.patch allow-custom-rust-vendor.patch - b3d8b08265b800165d684281d19ac845a8ff9a66.patch x86_64-alpine-linux-musl.json firefox.desktop @@ -76,6 +74,19 @@ _mozappdir=/usr/lib/firefox ldpath="$_mozappdir" # secfixes: +# 74.0-r0: +# - CVE-2020-6805 +# - CVE-2020-6806 +# - CVE-2020-6807 +# - CVE-2020-6808 +# - CVE-2020-6809 +# - CVE-2020-6810 +# - CVE-2020-6811 +# - CVE-2019-20503 +# - CVE-2020-6812 +# - CVE-2020-6813 +# - CVE-2020-6814 +# - CVE-2020-6815 # 71.0.1-r0: # - CVE-2019-17016 # - CVE-2019-17017 @@ -118,7 +129,7 @@ prepare() { cp "$srcdir"/x86_64-alpine-linux-musl.json rust_targets/. _clear_vendor_checksums audio_thread_priority - _clear_vendor_checksums target-lexicon + _clear_vendor_checksums target-lexicon-0.9.0 } build() { @@ -129,8 +140,6 @@ build() { export BUILD_OFFICIAL=1 export MOZILLA_OFFICIAL=1 export USE_SHORT_LIBNAME=1 - # gcc 6 - export CXXFLAGS="-fno-delete-null-pointer-checks -fno-schedule-insns2" # Find our triplet JSON export RUST_TARGET_PATH="$builddir/rust_targets" @@ -256,11 +265,10 @@ package() { EOF } -sha512sums="89fac2c50e092f2805f48399f68cdf0793324e1dce89266f62b76e9b335dfc553ae54a36738992630b6035a52cd65b9aa774e7e54cea2e3ec7d609d9219cdf76 firefox-73.0.1.source.tar.xz +sha512sums="710ae0803e7261ecda359b64edfd4142433619570817cc02d1e0381897a69cfa5863f01759d0658ffc16a72c568f01cf5ae3ec91777fa71db43cfa73340a5b88 firefox-74.0.source.tar.xz 0b3f1e4b9fdc868e4738b5c81fd6c6128ce8885b260affcb9a65ff9d164d7232626ce1291aaea70132b3e3124f5e13fef4d39326b8e7173e362a823722a85127 stab.h 2f4f15974d52de4bb273b62a332d13620945d284bbc6fe6bd0a1f58ff7388443bc1d3bf9c82cc31a8527aad92b0cd3a1bc41d0af5e1800e0dcbd7033e58ffd71 fix-fortify-system-wrappers.patch 84b84d2d7dbc16002510bf856796ad345ac38ef6d3254670230189bba7c2d4781714d231236d5a3d70129a4597b430c3171644b01ad0f5a5bb13b55d407337a4 fix-seccomp-bpf.patch -2c65ea7280e6e89826ebad563ee25203a99ff0b4ba8fc60ec261ada6c69874d649c6ac92fcecc6307a6e5a00de27d7956acf944d556ddfadec0411be16f4e0b8 fix-toolkit.patch 4d55f41d15be7457ad630f8f07e4fc0314c2f75720010b4bbe6a2a7f3228210a1e069949e11795efbe2e784b0762e79fdfe5b8ec38e8a64cb8d9cf3b57dd5af1 fix-tools.patch a4a3e062661bda64d502d426c480ac9645345860118de9df9ffe6e0597738c70c11e5cdef2d4fd12c5e2ee30a09310159230524655a419a4f7e4eeeb0f3c06b0 mallinfo.patch 454ea3263cabce099accbdc47aaf83be26a19f8b5a4568c01a7ef0384601cf8315efd86cd917f9c8bf419c2c845db89a905f3ff9a8eb0c8e41042e93aa96a85c disable-moz-stackwalk.patch @@ -268,8 +276,7 @@ a4a3e062661bda64d502d426c480ac9645345860118de9df9ffe6e0597738c70c11e5cdef2d4fd12 d35cacb9ede80e6bfbef0709823e536dddfb1c02d776275b0b7adb5969e9927d8c6117df96873569c3f3db0a18ee5db24f8086a9311a05077892be43a3dd8d79 fix-webrtc-glibcisms.patch 18098bae18ce9ead6bca0d93d28e634495fa08a4c0707057f72a9e34205a64a0ce5ab98a4cfc2d492412725b14447eb9553b2976d9620c3d71eba2135c6ba211 rust_audio-thread-priority.patch 60845dcb034b2c4459c30f7d5f25c8176cf42df794e2cc0e86c3e2abb6541c24b962f3a16ca70a288d4d6f377b68d00b2904b22463108559612053d835d9bff1 fd6847c9416f9eebde636e21d794d25d1be8791d.patch -8487a7f1936d493f0429ebbf579469471542fccce3a842803ade3fa76200b0e831a176aff9c8072da17932d01923cfc050611041e3e9e429b25995b9a07bd3cf allow-custom-rust-vendor.patch -81647de16c8d2959068c36d08244a7a067bedf04e18d04da9201aae884ea15948cae1760b6985b4bd9c13e90b03b2ccc89bb10105712382bc728f070e4f780bb b3d8b08265b800165d684281d19ac845a8ff9a66.patch +4e584621145cf8add069c6dac18e805b3274a1ee402d84e924df2341f7d3c5be261a93ef51283bacbd606f47fbdc628c4323ecc31efc5b403b8d224b18dc278f allow-custom-rust-vendor.patch 0dfa633abf3f411c90a030c46ee7f8fdde6fdd9f3a0c493599a58633e09b183d6c04590fc1984256e514c1da4f72f43dde3f5dbceef888b08262952b4f894919 x86_64-alpine-linux-musl.json f3b7c3e804ce04731012a46cb9e9a6b0769e3772aef9c0a4a8c7520b030fdf6cd703d5e9ff49275f14b7d738fe82a0a4fde3bc3219dff7225d5db0e274987454 firefox.desktop 5dcb6288d0444a8a471d669bbaf61cdb1433663eff38b72ee5e980843f5fc07d0d60c91627a2c1159215d0ad77ae3f115dcc5fdfe87e64ca704b641aceaa44ed firefox-safe.desktop" diff --git a/community/firefox/allow-custom-rust-vendor.patch b/community/firefox/allow-custom-rust-vendor.patch index c20ca46acb..218650f411 100644 --- a/community/firefox/allow-custom-rust-vendor.patch +++ b/community/firefox/allow-custom-rust-vendor.patch @@ -13,8 +13,8 @@ Fixes #33. diff --git a/src/targets.rs b/src/targets.rs index 6ae570e..90b2736 100644 ---- a/third_party/rust/target-lexicon/src/targets.rs -+++ b/third_party/rust/target-lexicon/src/targets.rs +--- a/third_party/rust/target-lexicon-0.9.0/src/targets.rs ++++ b/third_party/rust/target-lexicon-0.9.0/src/targets.rs @@ -1,6 +1,8 @@ // This file defines all the identifier enums and target-aware logic. @@ -165,8 +165,8 @@ index 6ae570e..90b2736 100644 } diff --git a/src/triple.rs b/src/triple.rs index 36dcd9a..1abda26 100644 ---- a/third_party/rust/target-lexicon/src/triple.rs -+++ b/third_party/rust/target-lexicon/src/triple.rs +--- a/third_party/rust/target-lexicon.0.9.0/src/triple.rs ++++ b/third_party/rust/target-lexicon-0.9.0/src/triple.rs @@ -322,10 +322,6 @@ mod tests { Triple::from_str("foo"), Err(ParseError::UnrecognizedArchitecture("foo".to_owned())) @@ -190,8 +190,8 @@ Subject: [PATCH 2/7] Add more tests. diff --git a/src/targets.rs b/src/targets.rs index 90b2736..7d1f069 100644 ---- a/third_party/rust/target-lexicon/src/targets.rs -+++ b/third_party/rust/target-lexicon/src/targets.rs +--- a/third_party/rust/target-lexicon-0.9.0/src/targets.rs ++++ b/third_party/rust/target-lexicon-0.9.0/src/targets.rs @@ -1174,6 +1174,7 @@ mod tests { #[test] @@ -256,8 +256,8 @@ Subject: [PATCH 3/7] Use `.chars().any(...)` instead of diff --git a/src/targets.rs b/src/targets.rs index 7d1f069..1078dd3 100644 ---- a/third_party/rust/target-lexicon/src/targets.rs -+++ b/third_party/rust/target-lexicon/src/targets.rs +--- a/third_party/rust/target-lexicon-0.9.0/src/targets.rs ++++ b/third_party/rust/target-lexicon/src-0.9.0/targets.rs @@ -779,12 +779,9 @@ impl FromStr for Vendor { } @@ -287,8 +287,8 @@ Subject: [PATCH 4/7] Fix build.rs to generate the correct code to build diff --git a/build.rs b/build.rs index a0ba3b7..446f9e7 100644 ---- a/third_party/rust/target-lexicon/build.rs -+++ b/third_party/rust/target-lexicon/build.rs +--- a/third_party/rust/target-lexicon-0.9.0/build.rs ++++ b/third_party/rust/target-lexicon-0.9.0/build.rs @@ -32,6 +32,7 @@ mod parse_error { } } @@ -342,8 +342,8 @@ Subject: [PATCH 5/7] Fix custom vendors in `const fn` contexts. diff --git a/build.rs b/build.rs index 446f9e7..e88206e 100644 ---- a/third_party/rust/target-lexicon/build.rs -+++ b/third_party/rust/target-lexicon/build.rs +--- a/third_party/rust/target-lexicon-0.9.0/build.rs ++++ b/third_party/rust/target-lexicon-0.9.0/build.rs @@ -53,6 +53,8 @@ fn write_host_rs(mut out: File, triple: Triple) -> io::Result<()> { writeln!(out, "use crate::Aarch64Architecture::*;")?; writeln!(out, "#[allow(unused_imports)]")?; @@ -382,8 +382,8 @@ index 446f9e7..e88206e 100644 } diff --git a/src/lib.rs b/src/lib.rs index 8d6da8d..70f6488 100644 ---- a/third_party/rust/target-lexicon/src/lib.rs -+++ b/third_party/rust/target-lexicon/src/lib.rs +--- a/third_party/rust/target-lexicon-0.9.0/src/lib.rs ++++ b/third_party/rust/target-lexicon-0.9.0/src/lib.rs @@ -28,7 +28,7 @@ mod triple; pub use self::host::HOST; pub use self::parse_error::ParseError; @@ -396,8 +396,8 @@ index 8d6da8d..70f6488 100644 pub use self::triple::{CallingConvention, Endianness, PointerWidth, Triple}; diff --git a/src/targets.rs b/src/targets.rs index 1078dd3..7152020 100644 ---- a/third_party/rust/target-lexicon/src/targets.rs -+++ b/third_party/rust/target-lexicon/src/targets.rs +--- a/third_party/rust/target-lexicon-0.9.0/src/targets.rs ++++ b/third_party/rust/target-lexicon-0.9.0/src/targets.rs @@ -4,6 +4,7 @@ use crate::triple::{Endianness, PointerWidth, Triple}; use alloc::boxed::Box; use alloc::string::String; @@ -521,8 +521,8 @@ Subject: [PATCH 6/7] Add a testcase with a BOM too, just in case. diff --git a/src/targets.rs b/src/targets.rs index 7152020..9a4d990 100644 ---- a/third_party/rust/target-lexicon/src/targets.rs -+++ b/third_party/rust/target-lexicon/src/targets.rs +--- a/third_party/rust/target-lexicon-0.9.0/src/targets.rs ++++ b/third_party/rust/target-lexicon-0.9.0/src/targets.rs @@ -1246,6 +1246,10 @@ mod tests { Triple::from_str("x86_64-customvendor-linux").is_err(), "zero-width character hazard" @@ -547,8 +547,8 @@ Subject: [PATCH 7/7] Use an anonymous function instead of just a local diff --git a/src/targets.rs b/src/targets.rs index 9a4d990..eb5a088 100644 ---- a/third_party/rust/target-lexicon/src/targets.rs -+++ b/third_party/rust/target-lexicon/src/targets.rs +--- a/third_party/rust/target-lexicon-0.9.0/src/targets.rs ++++ b/third_party/rust/target-lexicon-0.9.0/src/targets.rs @@ -813,10 +813,9 @@ impl FromStr for Vendor { } |