head 1.16; access; symbols pkgsrc-2017Q1:1.15.0.8 pkgsrc-2017Q1-base:1.15 pkgsrc-2016Q4:1.15.0.6 pkgsrc-2016Q4-base:1.15 pkgsrc-2016Q3:1.15.0.4 pkgsrc-2016Q3-base:1.15 pkgsrc-2016Q2:1.15.0.2 pkgsrc-2016Q2-base:1.15 pkgsrc-2016Q1:1.14.0.2 pkgsrc-2016Q1-base:1.14 pkgsrc-2015Q4:1.13.0.16 pkgsrc-2015Q4-base:1.13 pkgsrc-2015Q3:1.13.0.14 pkgsrc-2015Q3-base:1.13 pkgsrc-2015Q2:1.13.0.12 pkgsrc-2015Q2-base:1.13 pkgsrc-2015Q1:1.13.0.10 pkgsrc-2015Q1-base:1.13 pkgsrc-2014Q4:1.13.0.8 pkgsrc-2014Q4-base:1.13 pkgsrc-2014Q3:1.13.0.6 pkgsrc-2014Q3-base:1.13 pkgsrc-2014Q2:1.13.0.4 pkgsrc-2014Q2-base:1.13 pkgsrc-2014Q1:1.13.0.2 pkgsrc-2014Q1-base:1.13 pkgsrc-2013Q4:1.10.0.2 pkgsrc-2013Q4-base:1.10 pkgsrc-2013Q3:1.9.0.4 pkgsrc-2013Q3-base:1.9 pkgsrc-2013Q2:1.9.0.2 pkgsrc-2013Q2-base:1.9 pkgsrc-2012Q4:1.8.0.8 pkgsrc-2012Q4-base:1.8 pkgsrc-2011Q4:1.8.0.6 pkgsrc-2011Q4-base:1.8 pkgsrc-2011Q2:1.8.0.4 pkgsrc-2011Q2-base:1.8 pkgsrc-2009Q4:1.8.0.2 pkgsrc-2009Q4-base:1.8 pkgsrc-2009Q3:1.7.0.2 pkgsrc-2009Q3-base:1.7 pkgsrc-20090805:1.1.1.1 TNF:1.1.1 pkgsrc-2009Q2:1.5.0.22 pkgsrc-2009Q2-base:1.5 pkgsrc-2009Q1:1.5.0.20 pkgsrc-2009Q1-base:1.5 pkgsrc-2008Q4:1.5.0.18 pkgsrc-2008Q4-base:1.5 pkgsrc-2008Q3:1.5.0.16 pkgsrc-2008Q3-base:1.5 cube-native-xorg:1.5.0.14 cube-native-xorg-base:1.5 pkgsrc-2008Q2:1.5.0.12 pkgsrc-2008Q2-base:1.5 cwrapper:1.5.0.10 pkgsrc-2008Q1:1.5.0.8 pkgsrc-2008Q1-base:1.5 pkgsrc-2007Q4:1.5.0.6 pkgsrc-2007Q4-base:1.5 pkgsrc-2007Q3:1.5.0.4 pkgsrc-2007Q3-base:1.5 pkgsrc-2007Q2:1.5.0.2 pkgsrc-2007Q2-base:1.5 pkgsrc-2007Q1:1.4.0.12 pkgsrc-2007Q1-base:1.4 pkgsrc-2006Q4:1.4.0.10 pkgsrc-2006Q4-base:1.4 pkgsrc-2006Q3:1.4.0.8 pkgsrc-2006Q3-base:1.4 pkgsrc-2006Q2:1.4.0.6 pkgsrc-2006Q2-base:1.4 pkgsrc-2006Q1:1.4.0.4 pkgsrc-2006Q1-base:1.4 pkgsrc-2005Q4:1.4.0.2 pkgsrc-2005Q4-base:1.4 pkgsrc-2005Q3:1.3.0.2 pkgsrc-2005Q3-base:1.3 pkgsrc-2005Q2:1.2.0.8 pkgsrc-2005Q2-base:1.2 pkgsrc-2005Q1:1.2.0.6 pkgsrc-2005Q1-base:1.2 pkgsrc-2004Q4:1.2.0.4 pkgsrc-2004Q4-base:1.2 pkgsrc-2004Q3:1.2.0.2 pkgsrc-2004Q3-base:1.2 pkgsrc-2004Q2:1.1.0.2 pkgsrc-2004Q2-base:1.1; locks; strict; comment @# @; 1.16 date 2017.04.27.01.49.47; author ryoon; state dead; branches; next 1.15; commitid J6Df3i7KVGRj47Pz; 1.15 date 2016.06.16.12.08.21; author ryoon; state Exp; branches; next 1.14; commitid LAwegbTYgLLjCGaz; 1.14 date 2016.01.27.13.44.27; author ryoon; state Exp; branches; next 1.13; commitid HTfyQqhWcoHhGzSy; 1.13 date 2014.03.20.21.02.00; author ryoon; state Exp; branches; next 1.12; commitid 7yTA4yPlY6RyTttx; 1.12 date 2014.02.20.13.19.03; author ryoon; state Exp; branches; next 1.11; commitid T9GvdtUIEdEreQpx; 1.11 date 2014.02.08.09.36.00; author ryoon; state Exp; branches; next 1.10; commitid ggxuC0XAcatWnhox; 1.10 date 2013.11.02.22.57.55; author ryoon; state Exp; branches; next 1.9; commitid M2FbcKK4JD2lYKbx; 1.9 date 2013.05.23.13.12.13; author ryoon; state Exp; branches; next 1.8; commitid sFsg0DAPswjWXKQw; 1.8 date 2009.10.11.10.49.56; author tnn; state dead; branches; next 1.7; 1.7 date 2009.08.05.02.43.47; author tnn; state Exp; branches 1.7.2.1; next 1.6; 1.6 date 2009.08.05.01.27.32; author tnn; state dead; branches; next 1.5; 1.5 date 2007.05.12.13.53.08; author ghen; state Exp; branches; next 1.4; 1.4 date 2005.12.10.13.47.22; author taya; state Exp; branches; next 1.3; 1.3 date 2005.09.22.14.14.04; author jlam; state Exp; branches; next 1.2; 1.2 date 2004.06.23.16.47.12; author taya; state Exp; branches; next 1.1; 1.1 date 2004.04.29.14.13.19; author adam; state Exp; branches 1.1.1.1; next ; 1.7.2.1 date 2009.10.28.18.13.24; author tron; state dead; branches; next ; 1.1.1.1 date 2009.08.05.02.37.11; author tnn; state Exp; branches; next ; desc @@ 1.16 log @Update to 53.0 Changelog: New Improved graphics stability for Windows users with the addition of compositor process separation (Quantum Compositor) Two new 'compact' themes available in Firefox, dark and light, based on the Firefox Developer Edition theme Lightweight themes are now applied in private browsing windows Reader Mode now displays estimated reading time for the page Windows 7+ users on 64-bit OS can select 32-bit or 64-bit versions in the stub installer Fixed Various security fixes Changed Updated the design of site permission requests to make them harder to miss and easier to understand Windows XP and Vista are no longer supported. XP and Vista users running Firefox 52 will continue to receive security updates on Firefox ESR 52. 32-bit Mac OS X is no longer supported. 32-bit Mac OS X users can switch to Firefox ESR 52 to continue receiving security updates. Updates for Mac OS X are smaller in size compared to updates for Firefox 52 New visual design for audio and video controls Ended Firefox Linux support for processors older than Pentium 4 and AMD Opteron The last few characters of shortened tab titles fade out instead of being replaced by ellipses to keep more of the title visible Security fixes: #CVE-2017-5433: Use-after-free in SMIL animation functions #CVE-2017-5435: Use-after-free during transaction processing in the editor #CVE-2017-5436: Out-of-bounds write with malicious font in Graphite 2 #CVE-2017-5461: Out-of-bounds write in Base64 encoding in NSS #CVE-2017-5459: Buffer overflow in WebGL #CVE-2017-5466: Origin confusion when reloading isolated data:text/html URL #CVE-2017-5434: Use-after-free during focus handling #CVE-2017-5432: Use-after-free in text input selection #CVE-2017-5460: Use-after-free in frame selection #CVE-2017-5438: Use-after-free in nsAutoPtr during XSLT processing #CVE-2017-5439: Use-after-free in nsTArray Length() during XSLT processing #CVE-2017-5440: Use-after-free in txExecutionState destructor during XSLT processing #CVE-2017-5441: Use-after-free with selection during scroll events #CVE-2017-5442: Use-after-free during style changes #CVE-2017-5464: Memory corruption with accessibility and DOM manipulation #CVE-2017-5443: Out-of-bounds write during BinHex decoding #CVE-2017-5444: Buffer overflow while parsing application/http-index-format content #CVE-2017-5446: Out-of-bounds read when HTTP/2 DATA frames are sent with incorrect data #CVE-2017-5447: Out-of-bounds read during glyph processing #CVE-2017-5465: Out-of-bounds read in ConvolvePixel #CVE-2017-5448: Out-of-bounds write in ClearKeyDecryptor #CVE-2017-5437: Vulnerabilities in Libevent library #CVE-2017-5454: Sandbox escape allowing file system read access through file picker #CVE-2017-5455: Sandbox escape through internal feed reader APIs #CVE-2017-5456: Sandbox escape allowing local file system access #CVE-2017-5469: Potential Buffer overflow in flex-generated code #CVE-2017-5445: Uninitialized values used while parsing application/http-index-format content #CVE-2017-5449: Crash during bidirectional unicode manipulation with animation #CVE-2017-5450: Addressbar spoofing using javascript: URI on Firefox for Android #CVE-2017-5451: Addressbar spoofing with onblur event #CVE-2017-5462: DRBG flaw in NSS #CVE-2017-5463: Addressbar spoofing through reader view on Firefox for Android #CVE-2017-5467: Memory corruption when drawing Skia content #CVE-2017-5452: Addressbar spoofing during scrolling with editable content on Firefox for Android #CVE-2017-5453: HTML injection into RSS Reader feed preview page through TITLE element #CVE-2017-5458: Drag and drop of javascript: URLs can allow for self-XSS #CVE-2017-5468: Incorrect ownership model for Private Browsing information #CVE-2017-5430: Memory safety bugs fixed in Firefox 53 and Firefox ESR 52.1 #CVE-2017-5429: Memory safety bugs fixed in Firefox 53, Firefox ESR 45.9, and Firefox ESR 52.1 @ text @$NetBSD: patch-ao,v 1.15 2016/06/16 12:08:21 ryoon Exp $ * For devel/xulrunner* --- toolkit/mozapps/installer/packager.mk.orig 2016-01-23 23:23:49.000000000 +0000 +++ toolkit/mozapps/installer/packager.mk @@@@ -132,7 +132,7 @@@@ endif $(NSINSTALL) -D $(DESTDIR)$(bindir) $(RM) -f $(DESTDIR)$(bindir)/$(MOZ_APP_NAME) ln -s $(installdir)/$(MOZ_APP_NAME) $(DESTDIR)$(bindir) -ifdef INSTALL_SDK # Here comes the hard part +ifeq ($(MOZ_APP_NAME),xulrunner) $(NSINSTALL) -D $(DESTDIR)$(includedir) (cd $(DIST)/include && $(TAR) $(TAR_CREATE_FLAGS) - .) | \ (cd $(DESTDIR)$(includedir) && tar -xf -) @ 1.15 log @Update to 47.0 * Remove macOS patches, because I cannot confirm them sadly Changelog: New Support for Google’s Widevine CDM on Windows and Mac OS X so streaming services like Amazon Video can switch from Silverlight to encrypted HTML5 video. Enable VP9 video codec for users with fast machines Embedded YouTube videos now play with HTML5 video if Flash is not installed. View and search open tabs from your smartphone or another computer in a sidebar Allow no-cache on back/forward navigations for https resources Latgalu [ltg] locale added. Wikipedia tells us there are 164,500 daily speakers. Fixed Various security fixes Changed FUEL (Firefox User Extension Library) has been removed. Add-ons relying on it will stop working. The browser.sessionstore.restore_on_demand preference has been reset to its default value (true) to avoid e10s performance problems. Because faster is better! The Firefox click-to-activate plugin whitelist has been removed. XRender is no longer used for rendering web content on Linux as this may cause a regression in remote X performance Developer Web platform changes View, start,and debug registered Service Workers in the Service Workers developer tool Simulate Push messages in the Service Workers developer tool 'Start' button for service workers in about:debugging to start registered Service Workers Changes that can affect add-on compatibility Added support for ChaCha20/Poly1305 cipher suites Custom user agents supported in Responsive Design Mode Smart multi-line input in the Web Console Developer Information HTML5 cuechange events are now available on TextTrack objects WebCrypto: PBKDF2 supports SHA-2 hash algorithms WebCrypto: RSA-PSS signature support Fixed in Firefox 47 2016-61 Network Security Services (NSS) vulnerabilities 2016-60 Java applets bypass CSP protections 2016-59 Information disclosure of disabled plugins through CSS pseudo-classes 2016-58 Entering fullscreen and persistent pointerlock without user permission 2016-57 Incorrect icon displayed on permissions notifications 2016-56 Use-after-free when textures are used in WebGL operations after recycle pool destruction 2016-55 File overwrite and privilege escalation through Mozilla Windows updater 2016-54 Partial same-origin-policy through setting location.host through data URI 2016-53 Out-of-bounds write with WebGL shader 2016-52 Addressbar spoofing though the SELECT element 2016-51 Use-after-free deleting tables from a contenteditable document 2016-50 Buffer overflow parsing HTML5 fragments 2016-49 Miscellaneous memory safety hazards (rv:47.0 / rv:45.2) @ text @d1 1 a1 1 $NetBSD: patch-ao,v 1.14 2016/01/27 13:44:27 ryoon Exp $ @ 1.14 log @Fix "ignoring" error for patching. Reported by pgoyette@@ @ text @d1 3 a3 1 $NetBSD: patch-ao,v 1.13 2014/03/20 21:02:00 ryoon Exp $ @ 1.13 log @Update to 28.0 Changelog: NEW VP9 video decoding implemented NEW Mac OS X: Notification Center support for web notifications NEW Horizontal HTML5 audio/video volume control NEW Support for Opus in WebM CHANGED Now that spdy/3 is implemented support for spdy/2 has been removed and servers without spdy/3 will negotiate to http/1 without any penalty DEVELOPER Support for MathML 2.0 'mathvariant' attribute DEVELOPER Background thread hang reporting DEVELOPER Support for multi-line flexbox in layout FIXED Various security fixes Fixed in Firefox 28 MFSA 2014-32 Out-of-bounds write through TypedArrayObject after neutering MFSA 2014-31 Out-of-bounds read/write through neutering ArrayBuffer objects MFSA 2014-30 Use-after-free in TypeObject MFSA 2014-29 Privilege escalation using WebIDL-implemented APIs MFSA 2014-28 SVG filters information disclosure through feDisplacementMap MFSA 2014-27 Memory corruption in Cairo during PDF font rendering MFSA 2014-26 Information disclosure through polygon rendering in MathML MFSA 2014-25 Firefox OS DeviceStorageFile object vulnerable to relative path escape MFSA 2014-24 Android Crash Reporter open to manipulation MFSA 2014-23 Content Security Policy for data: documents not preserved by session restore MFSA 2014-22 WebGL content injection from one domain to rendering in another MFSA 2014-21 Local file access via Open Link in new tab MFSA 2014-20 onbeforeunload and Javascript navigation DOS MFSA 2014-19 Spoofing attack on WebRTC permission prompt MFSA 2014-18 crypto.generateCRMFRequest does not validate type of key MFSA 2014-17 Out of bounds read during WAV file decoding MFSA 2014-16 Files extracted during updates are not always read only MFSA 2014-15 Miscellaneous memory safety hazards (rv:28.0 / rv:24.4) @ text @d1 1 a1 1 $NetBSD: patch-ao,v 1.12 2014/02/20 13:19:03 ryoon Exp $ d3 1 a3 1 --- toolkit/mozapps/installer/packager.mk.orig 2014-03-15 05:19:37.000000000 +0000 d5 1 a5 1 @@@@ -775,7 +775,7 @@@@ endif @ 1.12 log @Update to 27.0.1 * Fix some syscall definitions in JavaScript are fixed. Thank you, tho@@. Changelog: FIXED 27.0.1 - Fixed stability issues with Greasemonkey and other JS that used ClearTimeoutOrInterval FIXED 27.0.1 - JS math correctness issue (bug 941381 @ text @d1 1 a1 1 $NetBSD: patch-ao,v 1.10 2013/11/02 22:57:55 ryoon Exp $ d3 1 a3 1 --- toolkit/mozapps/installer/packager.mk.orig 2013-10-25 22:27:43.000000000 +0000 d5 1 a5 3 @@@@ -680,9 +680,9 @@@@ endif (cd $(DIST)/$(MOZ_PKG_DIR) && $(TAR) --exclude=precomplete $(TAR_CREATE_FLAGS) - .) | \ (cd $(DESTDIR)$(installdir) && tar -xf -) d7 2 a8 2 - $(RM) -f $(DESTDIR)$(bindir)/$(MOZ_APP_NAME) - ln -s $(installdir)/$(MOZ_APP_NAME) $(DESTDIR)$(bindir) a9 2 + $(RM) -f $(DESTDIR)$(bindir)/$(MOZILLA_PKG_NAME) + ln -s $(installdir)/$(MOZ_APP_NAME) $(DESTDIR)$(bindir)/$(MOZILLA_PKG_NAME) @ 1.11 log @Update to 27.0 Changelog: NEW You can now run more than one service at a time with Firefox SocialAPI, allowing you to receive notifications, chat and more from multiple integrated services CHANGED Enabled TLS 1.1 (RFC 4346) and TLS 1.2 (RFC 5246) by default CHANGED Added support for SPDY 3.1 protocol DEVELOPER Ability to reset style sheets using 'all:unset' DEVELOPER You can now choose to deobfuscate javascript in the debugger (see 762761) DEVELOPER Added support for scrolled fieldsets (see 261037) DEVELOPER Implemented allow-popups directive for iframe sandbox, enabling increased security (see 766282) DEVELOPER CSS cursor keywords -moz-grab and -moz-grabbing have been unprefixed (see 880672) DEVELOPER Added support for ES6 generators in SpiderMonkey (see blog post) DEVELOPER Implemented support for mathematical function Math.hypot() in ES6 (see 896264) HTML5 Dashed line support on Canvas (see 768067) FIXED Get Azure/Skia content rendering working on Linux (see 740200) FIXED 27.0: Security fixes can be found here Fixed in Firefox 27 MFSA 2014-13 Inconsistent JavaScript handling of access to Window objects MFSA 2014-12 NSS ticket handling issues MFSA 2014-11 Crash when using web workers with asm.js MFSA 2014-10 Firefox default start page UI content invokable by script MFSA 2014-09 Cross-origin information leak through web workers MFSA 2014-08 Use-after-free with imgRequestProxy and image proccessing MFSA 2014-07 XSLT stylesheets treated as styles in Content Security Policy MFSA 2014-06 Profile path leaks to Android system log MFSA 2014-05 Information disclosure with *FromPoint on iframes MFSA 2014-04 Incorrect use of discarded images by RasterImage MFSA 2014-03 UI selection timeout missing on download prompts MFSA 2014-02 Clone protected content with XBL scopes MFSA 2014-01 Miscellaneous memory safety hazards (rv:27.0 / rv:24.3) @ text @d3 1 a3 1 --- toolkit/mozapps/installer/packager.mk.orig 2014-01-28 04:04:06.000000000 +0000 d5 1 a5 1 @@@@ -725,9 +725,9 @@@@ endif @ 1.10 log @Update to 25.0 * Enable pulseaudio by default, OSS support is dropped, and ALSA support on NetBSD does not work properly for me * Enable GStremer support for non-webm and non-theora video support * Create alsa option, and enabled on Linux by default Changelog: NEW Web Audio support NEW The find bar is no longer shared between tabs CHANGED If away from Firefox for months, you now will be offered the option to reset it to its default state while preserving your essential information CHANGED Resetting Firefox no longer clears your browsing session DEVELOPER CSS3 background-attachment:local support to control background scrolling DEVELOPER Many new ES6 functions implemented HTML5 iframe document content can now be specified inline FIXED Blank or missing page thumbnails when opening a new tab FIXED Security fixes can be found here Fixed in Firefox 25 MFSA 2013-102 Use-after-free in HTML document templates MFSA 2013-101 Memory corruption in workers MFSA 2013-100 Miscellaneous use-after-free issues found through ASAN fuzzing MFSA 2013-99 Security bypass of PDF.js checks using iframes MFSA 2013-98 Use-after-free when updating offline cache MFSA 2013-97 Writing to cycle collected object during image decoding MFSA 2013-96 Improperly initialized memory and overflows in some JavaScript functions MFSA 2013-95 Access violation with XSLT and uninitialized data MFSA 2013-94 Spoofing addressbar though SELECT element MFSA 2013-93 Miscellaneous memory safety hazards (rv:25.0 / rv:24.1 / rv:17.0.10) @ text @d1 1 a1 1 $NetBSD: patch-ao,v 1.9 2013/05/23 13:12:13 ryoon Exp $ d3 1 a3 1 --- toolkit/mozapps/installer/packager.mk.orig 2013-10-25 22:27:43.000000000 +0000 d5 1 a5 1 @@@@ -680,9 +680,9 @@@@ endif @ 1.9 log @Bump PKGREVISION. * Remove reference to devel/xulrunner. * Move some common files for firefox/xulrunner-21.0. * Move patches from devel/sulrunner. * Take MAINTAINERship. @ text @d1 1 a1 1 $NetBSD: patch-ao,v 1.7 2013/04/05 13:30:17 ryoon Exp $ d3 1 a3 1 --- toolkit/mozapps/installer/packager.mk.orig 2013-03-26 22:18:05.000000000 +0000 d5 1 a5 1 @@@@ -911,8 +911,8 @@@@ endif d11 1 d14 1 a14 1 ifdef INSTALL_SDK # Here comes the hard part d17 1 @ 1.8 log @- allow firefox and xulrunner to share some infrastructure - install headers for plugin and liveconnect (needed by openjdk7-icedtea-plugin) - bump revision for both packages @ text @d1 1 a1 1 $NetBSD: patch-ao,v 1.7 2009/08/05 02:43:47 tnn Exp $ d3 1 a3 1 --- toolkit/mozapps/installer/packager.mk.orig 2009-06-29 18:15:27.000000000 +0200 d5 2 a6 2 @@@@ -449,8 +449,8 @@@@ endif (cd $(DIST)/$(MOZ_PKG_DIR) && tar $(TAR_CREATE_FLAGS) - .) | \ d14 2 a15 11 # include directory is stable (dist/sdk/include) and unstable (dist/include) $(NSINSTALL) -D $(DESTDIR)$(includedir)/stable @@@@ -458,7 +458,7 @@@@ ifdef INSTALL_SDK # Here comes the hard (cd $(DIST)/sdk/include && tar $(TAR_CREATE_FLAGS) - .) | \ (cd $(DESTDIR)$(includedir)/stable && tar -xf -) # The dist/include has module subdirectories that we need to flatten - find $(DIST)/include -xtype f -exec $(SYSINSTALL) $(IFLAGS1) {} $(DESTDIR)$(includedir)/unstable \; + find $(DIST)/include -type f -exec $(SYSINSTALL) $(IFLAGS1) {} $(DESTDIR)$(includedir)/unstable \; # IDL directory is stable (dist/sdk/idl) and unstable (dist/idl) $(NSINSTALL) -D $(DESTDIR)$(idldir)/stable $(NSINSTALL) -D $(DESTDIR)$(idldir)/unstable @ 1.7 log @merge pkgsrc-20090805 @ text @d1 1 a1 1 $NetBSD$ @ 1.7.2.1 log @Pullup ticket #2923 - requested by tnn xulrunner: security update firefox: security update Revisions pulled up: - devel/xulrunner/Makefile 1.24-1.25 - devel/xulrunner/PLIST 1.17-1.18 - devel/xulrunner/distinfo 1.13-1.14 - devel/xulrunner/mozilla-common.mk 1.2 - devel/xulrunner/patches/patch-aa 1.2 - devel/xulrunner/patches/patch-aq 1.3 - devel/xulrunner/patches/patch-ay 1.1 - devel/xulrunner/patches/patch-mf 1.2 - devel/xulrunner/patches/patch-mn 1.2 - devel/xulrunner/patches/patch-nb delete - devel/xulrunner/patches/patch-nc delete - devel/xulrunner/patches/patch-pd 1.2 - devel/xulrunner/patches/patch-ra 1.1 - devel/xulrunner/patches/patch-rb 1.1 - devel/xulrunner/patches/patch-rc 1.1 - www/firefox/Makefile 1.60-1.61 - www/firefox/PLIST 1.39 - www/firefox/distinfo delete - www/firefox/patches/patch-aa delete - www/firefox/patches/patch-ao delete - www/firefox/patches/patch-ma delete - www/firefox/patches/patch-mi delete - www/firefox/patches/patch-mk delete - www/firefox/patches/patch-mm delete - www/firefox/patches/patch-ra delete - www/firefox/patches/patch-rb delete - www/firefox/patches/patch-rc delete --- Module Name: pkgsrc Committed By: tnn Date: Sun Oct 11 10:49:57 UTC 2009 Modified Files: pkgsrc/devel/xulrunner: Makefile PLIST distinfo pkgsrc/devel/xulrunner/patches: patch-aa pkgsrc/www/firefox: Makefile Added Files: pkgsrc/devel/xulrunner/patches: patch-ay patch-ra patch-rb patch-rc Removed Files: pkgsrc/www/firefox: distinfo pkgsrc/www/firefox/patches: patch-aa patch-ao patch-ma patch-mi patch-mk patch-mm patch-ra patch-rb patch-rc Log Message: - allow firefox and xulrunner to share some infrastructure - install headers for plugin and liveconnect (needed by openjdk7-icedtea-plugin) - bump revision for both packages --- Module Name: pkgsrc Committed By: tnn Date: Wed Oct 28 11:36:36 UTC 2009 Modified Files: pkgsrc/devel/xulrunner: Makefile PLIST distinfo mozilla-common.mk pkgsrc/devel/xulrunner/patches: patch-aq patch-mf patch-mn patch-pd pkgsrc/www/firefox: Makefile PLIST Removed Files: pkgsrc/devel/xulrunner/patches: patch-nb patch-nc Log Message: Security and bugfix update of firefox (to 3.5.4) and xulrunner (to 1.9.1.4) Also fix broken DESTDIR support. Fixes the following security issues: MFSA 2009-64 Crashes with evidence of memory corruption (rv:1.9.1.4/ 1.9.0.15) MFSA 2009-63 Upgrade media libraries to fix memory safety bugs MFSA 2009-62 Download filename spoofing with RTL override MFSA 2009-61 Cross-origin data theft through document.getSelection() MFSA 2009-59 Heap buffer overflow in string to number conversion MFSA 2009-57 Chrome privilege escalation in XPCVariant::VariantDataToJS () MFSA 2009-56 Heap buffer overflow in GIF color map parser MFSA 2009-55 Crash in proxy auto-configuration regexp parsing MFSA 2009-54 Crash with recursive web-worker calls MFSA 2009-53 Local downloaded file tampering MFSA 2009-52 Form history vulnerable to stealing @ text @d1 1 a1 1 $NetBSD: patch-ao,v 1.7 2009/08/05 02:43:47 tnn Exp $ @ 1.6 log @Remove firefox 2.x. Firefox 3.5 branch will be imported in this location. (I opted for removing and re-importing instead of a plain update due to extensive patch rototil) We may encounter minor turbulence as dependent packages are sorted out. Thank you for flying pkgsrc-current. @ text @d1 1 a1 1 $NetBSD: patch-ao,v 1.5 2007/05/12 13:53:08 ghen Exp $ d3 22 a24 74 diff -ruN ../Orig/mozilla/gfx/src/x11shared/nsFontFreeType.cpp ./gfx/src/x11shared/nsFontFreeType.cpp --- ../Orig/mozilla/gfx/src/x11shared/nsFontFreeType.cpp 2004-04-18 06:52:34.000000000 +0900 +++ ./gfx/src/x11shared/nsFontFreeType.cpp 2005-12-04 19:07:49.000000000 +0900 @@@@ -177,7 +177,7 @@@@ FTC_Manager mgr; nsresult rv; mFt2->GetFTCacheManager(&mgr); - rv = mFt2->ManagerLookupSize(mgr, &mImageDesc.font, &face, nsnull); + rv = mFt2->ManagerLookupFace(mgr, mImageDesc->face_id, &face); NS_ASSERTION(NS_SUCCEEDED(rv), "failed to get face/size"); if (NS_FAILED(rv)) return nsnull; @@@@ -191,22 +191,15 @@@@ PRBool embedded_bimap = PR_FALSE; mFaceID = aFaceID; mPixelSize = aPixelSize; - mImageDesc.font.face_id = (void*)mFaceID; - mImageDesc.font.pix_width = aPixelSize; - mImageDesc.font.pix_height = aPixelSize; - mImageDesc.image_type = 0; + mImageDesc->face_id = (FTC_FaceID)&mFaceID; + mImageDesc->width = aPixelSize; + mImageDesc->height = aPixelSize; + mImageDesc->flags = 0; if (aPixelSize < nsFreeType2::gAntiAliasMinimum) { - mImageDesc.image_type |= ftc_image_mono; anti_alias = PR_FALSE; } - if (nsFreeType2::gFreeType2Autohinted) - mImageDesc.image_type |= ftc_image_flag_autohinted; - - if (nsFreeType2::gFreeType2Unhinted) - mImageDesc.image_type |= ftc_image_flag_unhinted; - PRUint32 num_embedded_bitmaps, i; PRInt32* embedded_bitmapheights; mFaceID->GetEmbeddedBitmapHeights(&num_embedded_bitmaps, @@@@ -218,7 +211,6 @@@@ if (embedded_bitmapheights[i] == aPixelSize) { embedded_bimap = PR_TRUE; // unhinted must be set for embedded bitmaps to be used - mImageDesc.image_type |= ftc_image_flag_unhinted; break; } } @@@@ -312,7 +304,7 @@@@ if (!face) return NS_ERROR_FAILURE; - FTC_Image_Cache icache; + FTC_ImageCache icache; mFt2->GetImageCache(&icache); if (!icache) return NS_ERROR_FAILURE; @@@@ -401,7 +393,7 @@@@ if (!face) return 0; - FTC_Image_Cache icache; + FTC_ImageCache icache; mFt2->GetImageCache(&icache); if (!icache) return 0; @@@@ -723,7 +715,7 @@@@ if (y%4==0) (*blendPixelFunc)(sub_image, y, ascent-1, black, 255/2); #endif - FTC_Image_Cache icache; + FTC_ImageCache icache; mFt2->GetImageCache(&icache); if (!icache) return 0; @ 1.5 log @Update to Firefox 2.0.0.3 (nb1), from www/firefox2* (see there for history and change notes). Firefox 1.5.0.x will be maintained in www/firefox15*, as discussed on tech-pkg. @ text @d1 1 a1 1 $NetBSD: patch-ao,v 1.1.1.1 2006/10/24 22:20:11 ghen Exp $ @ 1.4 log @ Update firefox & firefox-gtk1 to 1.5 Including fix for long title & history file problem. http://www.mozilla.org/security/history-title.html https://bugzilla.mozilla.org/show_bug.cgi?id=319004 What's New in Firefox 1.5 Firefox 1.5 is the next version of our award-winning Web browser. Here's what's new in Firefox 1.5: * Automated update to streamline product upgrades. Notification of an update is more prominent, and updates to Firefox may now be half a megabyte or smaller. Updating extensions has also improved. * Faster browser navigation with improvements to back and forward button performance. * Drag and drop reordering for browser tabs. * Improvements to popup blocking. * Clear Private Data feature provides an easy way to quickly remove personal data through a menu item or keyboard shortcut. * Answers.com is added to the search engine list. * Improvements to product usability including descriptive error pages, redesigned options menu, RSS discovery, and "Safe Mode" experience. * Better accessibility including support for DHTML accessibility and assistive technologies such as the Window-Eyes 5.5 beta screen reader for Microsoft Windows. Screen readers read aloud all available information in applications and documents or show the information on a Braille display, enabling blind and visually impaired users to use equivalent software functionality as their sighted peers. * Report a broken Web site wizard to report Web sites that are not working in Firefox. * Better support for Mac OS X (10.2 and greater) including profile migration from Safari and Mac Internet Explorer. * New support for Web Standards including SVG, CSS 2 and CSS 3, and JavaScript 1.6. * Many security enhancements. The Burning Edge has more detailed lists of new features and notable bug fixes. http://www.squarefree.com/burningedge/releases/1.5-comprehensive.html @ text @d1 1 a1 1 $NetBSD$ @ 1.3 log @Update www/firefox and www/firefox-gtk1 to version 1.0.7. Changes from version 1.0.6 include: * Fix for a potential buffer overflow vulnerability when loading a hostname with all soft-hyphens * Fix to prevent URLs passed from external programs from being parsed by the shell (Linux only) * Fix to prevent a crash when loading a Proxy Auto-Config (PAC) script that uses an "eval" statement * Fix to restore InstallTrigger.getVersion() for Extension authors * Other stability and security fixes Approved by taya. @ text @d3 4 a6 3 --- gfx/src/x11shared/nsFontFreeType.cpp.orig 2003-12-25 08:24:52.000000000 +0000 +++ gfx/src/x11shared/nsFontFreeType.cpp @@@@ -177,7 +177,7 @@@@ nsFreeTypeFont::getFTFace() d15 1 a15 1 @@@@ -191,22 +191,15 @@@@ nsFreeTypeFont::nsFreeTypeFont(nsITrueTy d42 1 a42 1 @@@@ -218,7 +211,6 @@@@ nsFreeTypeFont::nsFreeTypeFont(nsITrueTy d50 1 a50 1 @@@@ -312,7 +304,7 @@@@ nsFreeTypeFont::doGetBoundingMetrics(con d59 1 a59 1 @@@@ -401,7 +393,7 @@@@ nsFreeTypeFont::GetWidth(const PRUnichar d68 1 a68 1 @@@@ -723,7 +715,7 @@@@ nsFreeTypeXImage::DrawString(nsRendering @ 1.2 log @ Update firefox to 0.9 Here's what's new in this release of Firefox: * New Default Theme An updated Default Theme now presents a uniform appearance across all three platforms - a new crisp, clear look for Windows users. Finetuning for GNOME will follow in future releases. * Comprehensive Data Migration Switching to Firefox has never been easier now that Firefox imports data like Favorites, History, Settings, Cookies and Passwords from Internet Explorer. Firefox can also import from Mozilla 1.x, Netscape 4.x, 6.x and 7.x, and Opera. MacOS X and Linux migrators for browsers like Safari, OmniWeb, Konqueror etc. will arrive in future releases. * Extension/Theme Manager New Extension and Theme Managers provide a convenient way to manage and update your add-ons. SmartUpdate also notifies you of updates to Firefox. * Help A new online help system is available. * Lots of bug fixes and improvements Copy Image, the ability to delete individual items from Autocomplete lists, SMB/SFTP support on GNOME via gnome-vfs, better Bookmarks, Search and many other refinements fine tune the browsing experience. For Linux/GTK2 Users * Look and Feel Updates Ongoing improvements have been made to improve the way Firefox adheres to your GTK2 themes, such as menus. * Talkback for GTK2 Help us nail down crashes by submitting talkback reports with this crash reporting tool. @ text @d3 3 a5 4 diff -ru ../Orig/mozilla/gfx/src/x11shared/nsFontFreeType.cpp ./gfx/src/x11shared/nsFontFreeType.cpp --- ../Orig/mozilla/gfx/src/x11shared/nsFontFreeType.cpp 2003-12-25 17:24:52.000000000 +0900 +++ ./gfx/src/x11shared/nsFontFreeType.cpp 2004-06-15 23:56:14.000000000 +0900 @@@@ -177,7 +177,7 @@@@ d14 1 a14 1 @@@@ -191,22 +191,15 @@@@ d41 1 a41 1 @@@@ -218,7 +211,6 @@@@ d49 1 a49 1 @@@@ -312,7 +304,7 @@@@ d58 1 a58 1 @@@@ -401,7 +393,7 @@@@ d67 1 a67 1 @@@@ -723,7 +715,7 @@@@ @ 1.1 log @Fixed problems with the new freetype2 library @ text @d3 4 a6 3 --- gfx/src/x11shared/nsFontFreeType.cpp.orig 2004-04-29 12:32:42.000000000 +0000 +++ gfx/src/x11shared/nsFontFreeType.cpp @@@@ -177,7 +177,7 @@@@ nsFreeTypeFont::getFTFace() d15 1 a15 1 @@@@ -191,22 +191,15 @@@@ nsFreeTypeFont::nsFreeTypeFont(nsITrueTy d42 1 a42 1 @@@@ -218,7 +211,6 @@@@ nsFreeTypeFont::nsFreeTypeFont(nsITrueTy d50 1 a50 1 @@@@ -312,7 +304,7 @@@@ nsFreeTypeFont::doGetBoundingMetrics(con d59 1 a59 1 @@@@ -401,7 +393,7 @@@@ nsFreeTypeFont::GetWidth(const PRUnichar d68 1 a68 1 @@@@ -725,7 +717,7 @@@@ nsFreeTypeXImage::DrawString(nsRendering @ 1.1.1.1 log @Import firefox-3.5.2 as www/firefox. from pkgsrc-wip. Firefox 3.5 is based on the Gecko 1.9.1 rendering platform. Firefox 3.5 offers many changes over the previous version, supporting new web technologies, improving performance and ease of use. Some of the notable features are: * Support for the HTML5