Bug 194356 - www/firefox et al. update to fix CVE-2014-157[4-8], CVE-2014-158[0-6]
Summary: www/firefox et al. update to fix CVE-2014-157[4-8], CVE-2014-158[0-6]
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Only Me
Assignee: freebsd-gecko mailing list
URL: https://www.mozilla.org/en-US/firefox...
Keywords:
Depends on:
Blocks: 194543
  Show dependency treegraph
 
Reported: 2014-10-14 20:03 UTC by Jan Beich
Modified: 2015-01-07 14:34 UTC (History)
1 user (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Jan Beich freebsd_committer 2014-10-14 20:03:14 UTC
$ svn export https://trillian.chruetertee.ch/svn/freebsd-gecko/branches/firefox33
$ (cd firefox33; for d in */*/files; do rm -rf /usr/ports/$d; done)
$ cp -R firefox33/ /usr/ports/

See URL for general changes.
See firefox33/Gecko_ChangeLog file for port-specific changes beyond updates.
See firefox33/VuXML file to put an entry into security/vuxml/vuln.xml.

New ports to |svn add| are:

  multimedia/gmp-api
  multimedia/openh264

www/libxul regresses to BROKEN: an issue with make target dependencies. Needs smart bisecting of build environment to understand why it does/doesn't happen upstream. Low priority for me.
Comment 1 Bugzilla Automation freebsd_committer 2014-10-14 20:03:14 UTC
Auto-assigned to maintainer gecko@FreeBSD.org
Comment 2 commit-hook freebsd_committer 2014-10-15 11:46:15 UTC
A commit references this bug:

Author: beat
Date: Wed Oct 15 11:46:05 UTC 2014
New revision: 370908
URL: https://svnweb.freebsd.org/changeset/ports/370908

Log:
  Document mozilla vulnerabilities

  PR:		194356
  Submitted by:	Jan Beich

Changes:
  head/security/vuxml/vuln.xml
Comment 3 commit-hook freebsd_committer 2014-10-15 11:56:17 UTC
A commit references this bug:

Author: beat
Date: Wed Oct 15 11:56:08 UTC 2014
New revision: 370909
URL: https://svnweb.freebsd.org/changeset/ports/370909

Log:
  Gecko Media Plugins API from mozilla-central.

  WWW: https://wiki.mozilla.org/GeckoMediaPlugins

  PR:		194356
  Submitted by:	Jan Beich

Changes:
  head/multimedia/Makefile
  head/multimedia/gmp-api/
  head/multimedia/gmp-api/Makefile
  head/multimedia/gmp-api/distinfo
  head/multimedia/gmp-api/pkg-descr
  head/multimedia/gmp-api/pkg-plist
Comment 4 commit-hook freebsd_committer 2014-10-15 12:01:18 UTC
A commit references this bug:

Author: beat
Date: Wed Oct 15 12:01:05 UTC 2014
New revision: 370910
URL: https://svnweb.freebsd.org/changeset/ports/370910

Log:
  OpenH264 is a codec library which supports H.264 encoding and decoding.
  It is suitable for use in real time applications such as WebRTC.

  WWW: http://www.openh264.org/

  PR:		194356
  Submitted by:	Jan Beich

Changes:
  head/multimedia/Makefile
  head/multimedia/openh264/
  head/multimedia/openh264/Makefile
  head/multimedia/openh264/distinfo
  head/multimedia/openh264/files/
  head/multimedia/openh264/files/gmpopenh264.js.in
  head/multimedia/openh264/files/patch-Makefile
  head/multimedia/openh264/pkg-descr
  head/multimedia/openh264/pkg-plist
Comment 5 commit-hook freebsd_committer 2014-10-15 15:48:37 UTC
A commit references this bug:

Author: beat
Date: Wed Oct 15 15:48:20 UTC 2014
New revision: 370932
URL: https://svnweb.freebsd.org/changeset/ports/370932

Log:
  - Update Firefox to 33.0
  - Update Firefox ESR to 31.2.0
  - Update NSS to 3.17.2
  - Update Thunderbird to 31.2.0
  - Update libxul to 31.2.0 (and mark as BROKEN)
  - Disable SSL 3.0 with pref (Upstream bug 1076983)
  - (workaround) replace USE_GCC=yes with USES=compiler:gcc-c++11-lib in
    order to fix runtime for PGO and powerpc/powerpc64 on libc++ systems
  - Add OSS audio fallback for HTML5 audio from upstream bug;
    not exposed yet because WebRTC still needs ALSA or PulseAudio
  - Kill @dirrm from gecko@ ports per CHANGES from 20140922
  - Drop workaround for LLVM PR 19007: base and lang/clang34 have the fix
  - Improve workaround comment for LLVM PR 15840, partially rejecting
    r348851 by marino@ until bug 193555

  PR:		194356
  Submitted by:	Jan Beich
  Security:	http://www.vuxml.org/freebsd/9c1495ac-8d8c-4789-a0f3-8ca6b476619c.html

Changes:
  head/Mk/Uses/gecko.mk
  head/Mk/bsd.gecko.mk
  head/devel/nspr/pkg-plist
  head/mail/linux-thunderbird/Makefile
  head/mail/linux-thunderbird/distinfo
  head/mail/linux-thunderbird/pkg-plist
  head/mail/thunderbird/Makefile
  head/mail/thunderbird/distinfo
  head/mail/thunderbird/files/patch-bug1021761
  head/mail/thunderbird/files/patch-bug1073709
  head/mail/thunderbird/files/patch-bug1076983
  head/mail/thunderbird/files/patch-clang34-disable-stdcall
  head/mail/thunderbird-i18n/Makefile
  head/mail/thunderbird-i18n/distinfo
  head/net-im/linux-instantbird/pkg-plist
  head/security/ca_root_nss/Makefile
  head/security/ca_root_nss/distinfo
  head/security/ca_root_nss/pkg-plist
  head/security/nss/Makefile
  head/security/nss/distinfo
  head/security/nss/pkg-plist
  head/www/firefox/Makefile
  head/www/firefox/distinfo
  head/www/firefox/files/patch-bug1015547
  head/www/firefox/files/patch-bug1021761
  head/www/firefox/files/patch-bug1026828
  head/www/firefox/files/patch-bug1041268
  head/www/firefox/files/patch-bug1073709
  head/www/firefox/files/patch-bug1076983
  head/www/firefox/files/patch-bug779713
  head/www/firefox/files/patch-bug826985
  head/www/firefox/files/patch-bug847568
  head/www/firefox/files/patch-clang34-disable-stdcall
  head/www/firefox/files/patch-system-openh264
  head/www/firefox-esr/Makefile
  head/www/firefox-esr/distinfo
  head/www/firefox-esr/files/patch-bug1021761
  head/www/firefox-esr/files/patch-bug1073709
  head/www/firefox-esr/files/patch-bug1076983
  head/www/firefox-esr/files/patch-clang34-disable-stdcall
  head/www/firefox-esr-i18n/Makefile
  head/www/firefox-esr-i18n/distinfo
  head/www/firefox-i18n/Makefile
  head/www/firefox-i18n/distinfo
  head/www/libxul/Makefile
  head/www/libxul/distinfo
  head/www/libxul/files/patch-bug1013675
  head/www/libxul/files/patch-bug1013882
  head/www/libxul/files/patch-bug1015547
  head/www/libxul/files/patch-bug1021761
  head/www/libxul/files/patch-bug1026828
  head/www/libxul/files/patch-bug1041381
  head/www/libxul/files/patch-bug1041795
  head/www/libxul/files/patch-bug1073709
  head/www/libxul/files/patch-bug1076983
  head/www/libxul/files/patch-bug702179
  head/www/libxul/files/patch-bug779713
  head/www/libxul/files/patch-bug783463
  head/www/libxul/files/patch-bug803480
  head/www/libxul/files/patch-bug807492
  head/www/libxul/files/patch-bug810716
  head/www/libxul/files/patch-bug826985
  head/www/libxul/files/patch-bug847568
  head/www/libxul/files/patch-bug851992
  head/www/libxul/files/patch-bug876156
  head/www/libxul/files/patch-bug878791
  head/www/libxul/files/patch-bug886181
  head/www/libxul/files/patch-bug889699
  head/www/libxul/files/patch-bug893397
  head/www/libxul/files/patch-bug910875
  head/www/libxul/files/patch-bug916216
  head/www/libxul/files/patch-bug916589
  head/www/libxul/files/patch-bug918177
  head/www/libxul/files/patch-bug938730
  head/www/libxul/files/patch-bug945046
  head/www/libxul/files/patch-bug946560
  head/www/libxul/files/patch-bug961264
  head/www/libxul/files/patch-bug961816
  head/www/libxul/files/patch-bug962345
  head/www/libxul/files/patch-bug975634
  head/www/libxul/files/patch-bug977457
  head/www/libxul/files/patch-bug981348
  head/www/libxul/files/patch-bug985848
  head/www/libxul/files/patch-clang34-disable-stdcall
  head/www/libxul/files/patch-config-baseconfig.mk
  head/www/libxul/files/patch-toolkit_mozapps_installer_packager_mk
  head/www/libxul/files/patch-toolkit_xre_Makefile.in
  head/www/libxul/files/patch-z-bug1026828
  head/www/libxul/files/patch-z-bug517422
  head/www/libxul/files/patch-z-bug847568
  head/www/libxul/files/patch-zz-bug517422
  head/www/libxul/files/pkg-deinstall.in
  head/www/libxul/files/pkg-install.in
  head/www/linux-firefox/Makefile
  head/www/linux-firefox/distinfo
  head/www/linux-firefox/pkg-plist
  head/www/linux-seamonkey/Makefile.common
  head/www/xpi-adblock/Makefile.xpi
Comment 6 commit-hook freebsd_committer 2014-10-16 05:31:53 UTC
A commit references this bug:

Author: bapt
Date: Thu Oct 16 05:31:44 UTC 2014
New revision: 370969
URL: https://svnweb.freebsd.org/changeset/ports/370969

Log:
  MFH: r370932

  - Update Firefox to 33.0
  - Update Firefox ESR to 31.2.0
  - Update NSS to 3.17.2
  - Update Thunderbird to 31.2.0
  - Update libxul to 31.2.0 (and mark as BROKEN)
  - Disable SSL 3.0 with pref (Upstream bug 1076983)
  - (workaround) replace USE_GCC=yes with USES=compiler:gcc-c++11-lib in
    order to fix runtime for PGO and powerpc/powerpc64 on libc++ systems
  - Add OSS audio fallback for HTML5 audio from upstream bug;
    not exposed yet because WebRTC still needs ALSA or PulseAudio
  - Kill @dirrm from gecko@ ports per CHANGES from 20140922
  - Drop workaround for LLVM PR 19007: base and lang/clang34 have the fix
  - Improve workaround comment for LLVM PR 15840, partially rejecting
    r348851 by marino@ until bug 193555

  PR:		194356
  Submitted by:	Jan Beich
  Security:	http://www.vuxml.org/freebsd/9c1495ac-8d8c-4789-a0f3-8ca6b476619c.html

Changes:
_U  branches/2014Q4/
  branches/2014Q4/Mk/Uses/gecko.mk
  branches/2014Q4/Mk/bsd.gecko.mk
  branches/2014Q4/devel/nspr/pkg-plist
  branches/2014Q4/mail/linux-thunderbird/Makefile
  branches/2014Q4/mail/linux-thunderbird/distinfo
  branches/2014Q4/mail/linux-thunderbird/pkg-plist
  branches/2014Q4/mail/thunderbird/Makefile
  branches/2014Q4/mail/thunderbird/distinfo
  branches/2014Q4/mail/thunderbird/files/patch-bug1021761
  branches/2014Q4/mail/thunderbird/files/patch-bug1073709
  branches/2014Q4/mail/thunderbird/files/patch-bug1076983
  branches/2014Q4/mail/thunderbird/files/patch-clang34-disable-stdcall
  branches/2014Q4/mail/thunderbird-i18n/Makefile
  branches/2014Q4/mail/thunderbird-i18n/distinfo
  branches/2014Q4/net-im/linux-instantbird/pkg-plist
  branches/2014Q4/security/ca_root_nss/Makefile
  branches/2014Q4/security/ca_root_nss/distinfo
  branches/2014Q4/security/ca_root_nss/pkg-plist
  branches/2014Q4/security/nss/Makefile
  branches/2014Q4/security/nss/distinfo
  branches/2014Q4/security/nss/pkg-plist
  branches/2014Q4/www/firefox/Makefile
  branches/2014Q4/www/firefox/distinfo
  branches/2014Q4/www/firefox/files/patch-bug1015547
  branches/2014Q4/www/firefox/files/patch-bug1021761
  branches/2014Q4/www/firefox/files/patch-bug1026828
  branches/2014Q4/www/firefox/files/patch-bug1041268
  branches/2014Q4/www/firefox/files/patch-bug1073709
  branches/2014Q4/www/firefox/files/patch-bug1076983
  branches/2014Q4/www/firefox/files/patch-bug779713
  branches/2014Q4/www/firefox/files/patch-bug826985
  branches/2014Q4/www/firefox/files/patch-bug847568
  branches/2014Q4/www/firefox/files/patch-clang34-disable-stdcall
  branches/2014Q4/www/firefox/files/patch-system-openh264
  branches/2014Q4/www/firefox-esr/Makefile
  branches/2014Q4/www/firefox-esr/distinfo
  branches/2014Q4/www/firefox-esr/files/patch-bug1021761
  branches/2014Q4/www/firefox-esr/files/patch-bug1073709
  branches/2014Q4/www/firefox-esr/files/patch-bug1076983
  branches/2014Q4/www/firefox-esr/files/patch-clang34-disable-stdcall
  branches/2014Q4/www/firefox-esr-i18n/Makefile
  branches/2014Q4/www/firefox-esr-i18n/distinfo
  branches/2014Q4/www/firefox-i18n/Makefile
  branches/2014Q4/www/firefox-i18n/distinfo
  branches/2014Q4/www/libxul/Makefile
  branches/2014Q4/www/libxul/distinfo
  branches/2014Q4/www/libxul/files/patch-bug1013675
  branches/2014Q4/www/libxul/files/patch-bug1013882
  branches/2014Q4/www/libxul/files/patch-bug1015547
  branches/2014Q4/www/libxul/files/patch-bug1021761
  branches/2014Q4/www/libxul/files/patch-bug1026828
  branches/2014Q4/www/libxul/files/patch-bug1041381
  branches/2014Q4/www/libxul/files/patch-bug1041795
  branches/2014Q4/www/libxul/files/patch-bug1073709
  branches/2014Q4/www/libxul/files/patch-bug1076983
  branches/2014Q4/www/libxul/files/patch-bug702179
  branches/2014Q4/www/libxul/files/patch-bug779713
  branches/2014Q4/www/libxul/files/patch-bug783463
  branches/2014Q4/www/libxul/files/patch-bug803480
  branches/2014Q4/www/libxul/files/patch-bug807492
  branches/2014Q4/www/libxul/files/patch-bug810716
  branches/2014Q4/www/libxul/files/patch-bug826985
  branches/2014Q4/www/libxul/files/patch-bug847568
  branches/2014Q4/www/libxul/files/patch-bug851992
  branches/2014Q4/www/libxul/files/patch-bug876156
  branches/2014Q4/www/libxul/files/patch-bug878791
  branches/2014Q4/www/libxul/files/patch-bug886181
  branches/2014Q4/www/libxul/files/patch-bug889699
  branches/2014Q4/www/libxul/files/patch-bug893397
  branches/2014Q4/www/libxul/files/patch-bug910875
  branches/2014Q4/www/libxul/files/patch-bug916216
  branches/2014Q4/www/libxul/files/patch-bug916589
  branches/2014Q4/www/libxul/files/patch-bug918177
  branches/2014Q4/www/libxul/files/patch-bug938730
  branches/2014Q4/www/libxul/files/patch-bug945046
  branches/2014Q4/www/libxul/files/patch-bug946560
  branches/2014Q4/www/libxul/files/patch-bug961264
  branches/2014Q4/www/libxul/files/patch-bug961816
  branches/2014Q4/www/libxul/files/patch-bug962345
  branches/2014Q4/www/libxul/files/patch-bug975634
  branches/2014Q4/www/libxul/files/patch-bug977457
  branches/2014Q4/www/libxul/files/patch-bug981348
  branches/2014Q4/www/libxul/files/patch-bug985848
  branches/2014Q4/www/libxul/files/patch-clang34-disable-stdcall
  branches/2014Q4/www/libxul/files/patch-config-baseconfig.mk
  branches/2014Q4/www/libxul/files/patch-toolkit_mozapps_installer_packager_mk
  branches/2014Q4/www/libxul/files/patch-toolkit_xre_Makefile.in
  branches/2014Q4/www/libxul/files/patch-z-bug1026828
  branches/2014Q4/www/libxul/files/patch-z-bug517422
  branches/2014Q4/www/libxul/files/patch-z-bug847568
  branches/2014Q4/www/libxul/files/patch-zz-bug517422
  branches/2014Q4/www/libxul/files/pkg-deinstall.in
  branches/2014Q4/www/libxul/files/pkg-install.in
  branches/2014Q4/www/linux-firefox/Makefile
  branches/2014Q4/www/linux-firefox/distinfo
  branches/2014Q4/www/linux-firefox/pkg-plist
  branches/2014Q4/www/linux-seamonkey/Makefile.common
  branches/2014Q4/www/xpi-adblock/Makefile.xpi
Comment 7 commit-hook freebsd_committer 2014-10-16 10:26:25 UTC
A commit references this bug:

Author: beat
Date: Thu Oct 16 10:25:50 UTC 2014
New revision: 370991
URL: https://svnweb.freebsd.org/changeset/ports/370991

Log:
  - Update SeaMonkey to 2.30
  - Disable SSL 3.0 with pref (Upstream bug 1076983)
  - Apply r368080 to seamonkey-i18n
  - Kill @dirrm from gecko@ ports per CHANGES from 20140922

  PR:		194356
  Submitted by:	Jan Beich
  MFH:		2014Q4
  Security:	http://www.vuxml.org/freebsd/9c1495ac-8d8c-4789-a0f3-8ca6b476619c.html

Changes:
  head/www/linux-seamonkey/Makefile
  head/www/linux-seamonkey/distinfo
  head/www/linux-seamonkey/pkg-plist
  head/www/seamonkey/Makefile
  head/www/seamonkey/distinfo
  head/www/seamonkey/files/patch-bug1015547
  head/www/seamonkey/files/patch-bug1021761
  head/www/seamonkey/files/patch-bug1026828
  head/www/seamonkey/files/patch-bug1041268
  head/www/seamonkey/files/patch-bug1073709
  head/www/seamonkey/files/patch-bug1076983
  head/www/seamonkey/files/patch-bug779713
  head/www/seamonkey/files/patch-bug826985
  head/www/seamonkey/files/patch-bug847568
  head/www/seamonkey/files/patch-clang34-disable-stdcall
  head/www/seamonkey/files/patch-system-openh264
  head/www/seamonkey-i18n/Makefile
  head/www/seamonkey-i18n/distinfo
Comment 8 Beat Gaetzi freebsd_committer 2014-10-16 10:30:57 UTC
Committed. Thanks for your work!
Comment 9 commit-hook freebsd_committer 2014-10-16 12:21:35 UTC
A commit references this bug:

Author: beat
Date: Thu Oct 16 12:20:35 UTC 2014
New revision: 371004
URL: https://svnweb.freebsd.org/changeset/ports/371004

Log:
  MFH: r370991

  - Update SeaMonkey to 2.30
  - Disable SSL 3.0 with pref (Upstream bug 1076983)
  - Apply r368080 to seamonkey-i18n
  - Kill @dirrm from gecko@ ports per CHANGES from 20140922

  PR:		194356
  Submitted by:	Jan Beich
  Security:	http://www.vuxml.org/freebsd/9c1495ac-8d8c-4789-a0f3-8ca6b476619c.html
  Approved by:	ports-secteam (rea)

Changes:
_U  branches/2014Q4/
  branches/2014Q4/www/linux-seamonkey/Makefile
  branches/2014Q4/www/linux-seamonkey/distinfo
  branches/2014Q4/www/linux-seamonkey/pkg-plist
  branches/2014Q4/www/seamonkey/Makefile
  branches/2014Q4/www/seamonkey/distinfo
  branches/2014Q4/www/seamonkey/files/patch-bug1015547
  branches/2014Q4/www/seamonkey/files/patch-bug1021761
  branches/2014Q4/www/seamonkey/files/patch-bug1026828
  branches/2014Q4/www/seamonkey/files/patch-bug1041268
  branches/2014Q4/www/seamonkey/files/patch-bug1073709
  branches/2014Q4/www/seamonkey/files/patch-bug1076983
  branches/2014Q4/www/seamonkey/files/patch-bug779713
  branches/2014Q4/www/seamonkey/files/patch-bug826985
  branches/2014Q4/www/seamonkey/files/patch-bug847568
  branches/2014Q4/www/seamonkey/files/patch-clang34-disable-stdcall
  branches/2014Q4/www/seamonkey/files/patch-system-openh264
  branches/2014Q4/www/seamonkey-i18n/Makefile
  branches/2014Q4/www/seamonkey-i18n/distinfo
Comment 10 commit-hook freebsd_committer 2014-12-08 15:10:58 UTC
A commit references this bug:

Author: beat
Date: Mon Dec  8 15:10:22 UTC 2014
New revision: 374271
URL: https://svnweb.freebsd.org/changeset/ports/374271

Log:
  MFH: r370909

  Gecko Media Plugins API from mozilla-central.

  WWW: https://wiki.mozilla.org/GeckoMediaPlugins

  PR:		194356
  Submitted by:	Jan Beich
  Approved by:	portmgr (bapt)

Changes:
_U  branches/2014Q4/
  branches/2014Q4/multimedia/Makefile
  branches/2014Q4/multimedia/gmp-api/
Comment 11 commit-hook freebsd_committer 2014-12-08 15:12:01 UTC
A commit references this bug:

Author: beat
Date: Mon Dec  8 15:11:56 UTC 2014
New revision: 374272
URL: https://svnweb.freebsd.org/changeset/ports/374272

Log:
  MFH: r370910

  OpenH264 is a codec library which supports H.264 encoding and decoding.
  It is suitable for use in real time applications such as WebRTC.

  WWW: http://www.openh264.org/

  PR:		194356
  Submitted by:	Jan Beich
  Approved by:	portmgr (bapt)

Changes:
_U  branches/2014Q4/
  branches/2014Q4/multimedia/Makefile
  branches/2014Q4/multimedia/openh264/