diff options
author | Rasmus Thomsen <oss@cogitri.dev> | 2020-05-06 08:29:45 +0200 |
---|---|---|
committer | Rasmus Thomsen <oss@cogitri.dev> | 2020-05-06 10:21:09 +0200 |
commit | c9413fd0912a1f1e6cdc9e5fd25d15f4f22cc11a (patch) | |
tree | e56ee22d91689d9faf9d6dc43c936b80d1966b48 | |
parent | d618ecb8bb35efdf8a9fea44664f350843fc58ca (diff) | |
download | aports-c9413fd0912a1f1e6cdc9e5fd25d15f4f22cc11a.tar.bz2 aports-c9413fd0912a1f1e6cdc9e5fd25d15f4f22cc11a.tar.xz |
community/firefox: security upgrade to 76.0
-rw-r--r-- | community/firefox/APKBUILD | 22 | ||||
-rw-r--r-- | community/firefox/sandbox-fork.patch | 13 |
2 files changed, 31 insertions, 4 deletions
diff --git a/community/firefox/APKBUILD b/community/firefox/APKBUILD index 07414016c2..15c91cf192 100644 --- a/community/firefox/APKBUILD +++ b/community/firefox/APKBUILD @@ -2,8 +2,8 @@ # Contributor: Sören Tempel <soeren+alpine@soeren-tempel.net> # Maintainer: Rasmus Thomsen <oss@cogitri.dev> pkgname=firefox -pkgver=75.0 -pkgrel=2 +pkgver=76.0 +pkgrel=0 pkgdesc="Firefox web browser" url="https://www.firefox.com/" # Limited on: @@ -72,6 +72,7 @@ source="https://ftp.mozilla.org/pub/firefox/releases/$pkgver/source/firefox-$pkg firefox-safe.desktop remove-faulty-libvpx-check.patch disable-neon-in-aom.patch + sandbox-fork.patch " _mozappdir=/usr/lib/firefox @@ -80,6 +81,18 @@ _mozappdir=/usr/lib/firefox ldpath="$_mozappdir" # secfixes: +# 76.0-r0: +# - CVE-2020-6831 +# - CVE-2020-12387 +# - CVE-2020-12388 +# - CVE-2020-12389 +# - CVE-2020-12390 +# - CVE-2020-12391 +# - CVE-2020-12392 +# - CVE-2020-12393 +# - CVE-2020-12394 +# - CVE-2020-12395 +# - CVE-2020-12396 # 75.0-r0: # - CVE-2020-6821 # - CVE-2020-6822 @@ -254,7 +267,7 @@ package() { EOF } -sha512sums="29c9e3455251ab5f5a3e8f2d0ad6f8b43f710d15605bf169fd5cd7ade3555da6b2df66ec26af5624c0f4bb46d5e7e3527351f648fee79f5defcb926fa6ae382a firefox-75.0.source.tar.xz +sha512sums="1f023861aaed0468f62135d3ef1098f599111df4e8f231e19baaa54e4bad0e3ddf8575895467ffc9f72bd91a2f6ed5b55096fe4932685e4bb58871e004c184db firefox-76.0.source.tar.xz 0b3f1e4b9fdc868e4738b5c81fd6c6128ce8885b260affcb9a65ff9d164d7232626ce1291aaea70132b3e3124f5e13fef4d39326b8e7173e362a823722a85127 stab.h 2f4f15974d52de4bb273b62a332d13620945d284bbc6fe6bd0a1f58ff7388443bc1d3bf9c82cc31a8527aad92b0cd3a1bc41d0af5e1800e0dcbd7033e58ffd71 fix-fortify-system-wrappers.patch 4510fb92653d0fdcfbc6d30e18087c0d22d4acd5eb53be7d0a333abe087a9e0bf9e58e56bafe96e1e1b28ebd1fd33b8926dbb70c221007e335b33d1468755c66 fix-tools.patch @@ -267,4 +280,5 @@ d35cacb9ede80e6bfbef0709823e536dddfb1c02d776275b0b7adb5969e9927d8c6117df96873569 f3b7c3e804ce04731012a46cb9e9a6b0769e3772aef9c0a4a8c7520b030fdf6cd703d5e9ff49275f14b7d738fe82a0a4fde3bc3219dff7225d5db0e274987454 firefox.desktop 5dcb6288d0444a8a471d669bbaf61cdb1433663eff38b72ee5e980843f5fc07d0d60c91627a2c1159215d0ad77ae3f115dcc5fdfe87e64ca704b641aceaa44ed firefox-safe.desktop bb75b2abda86e455d81571052a2cfec5a9d858ffa91c50a7217b4b6c02cbfc0400e9114a27bd54ce78d7d3a44e9b03927cf0317654d98c0f39d26c63c9670117 remove-faulty-libvpx-check.patch -f963fcdba7307a0b1712dfb95ceba4ab49f449f60e550bb69d15d50272e6df9add90862251ee561e4ea5fd171a2703552ffa7aade92996f5f0b3e577f1544a6d disable-neon-in-aom.patch" +f963fcdba7307a0b1712dfb95ceba4ab49f449f60e550bb69d15d50272e6df9add90862251ee561e4ea5fd171a2703552ffa7aade92996f5f0b3e577f1544a6d disable-neon-in-aom.patch +4911ddb41bef8d9f6d6200159cde465627e940fe1c09099be55769d21a5a52a3f737e1bf803daa96126c035b091aea880fbc5d2e6cf5da96ddd17322461a72d6 sandbox-fork.patch" diff --git a/community/firefox/sandbox-fork.patch b/community/firefox/sandbox-fork.patch new file mode 100644 index 0000000000..328943cb00 --- /dev/null +++ b/community/firefox/sandbox-fork.patch @@ -0,0 +1,13 @@ +make SYS_fork non-fatal, musl uses it for fork(2) + +--- a/security/sandbox/linux/SandboxFilter.cpp ++++ b/security/sandbox/linux/SandboxFilter.cpp +@@ -1253,6 +1253,8 @@ + // usually do something reasonable on error. + case __NR_clone: + return ClonePolicy(Error(EPERM)); ++ case __NR_fork: ++ return Error(ENOSYS); + + # ifdef __NR_fadvise64 + case __NR_fadvise64: |