head	1.6;
access;
symbols
	pkgsrc-2016Q4:1.5.0.6
	pkgsrc-2016Q4-base:1.5
	pkgsrc-2016Q3:1.5.0.4
	pkgsrc-2016Q3-base:1.5
	pkgsrc-2016Q2:1.5.0.2
	pkgsrc-2016Q2-base:1.5
	pkgsrc-2016Q1:1.4.0.18
	pkgsrc-2016Q1-base:1.4
	pkgsrc-2015Q4:1.4.0.16
	pkgsrc-2015Q4-base:1.4
	pkgsrc-2015Q3:1.4.0.14
	pkgsrc-2015Q3-base:1.4
	pkgsrc-2015Q2:1.4.0.12
	pkgsrc-2015Q2-base:1.4
	pkgsrc-2015Q1:1.4.0.10
	pkgsrc-2015Q1-base:1.4
	pkgsrc-2014Q4:1.4.0.8
	pkgsrc-2014Q4-base:1.4
	pkgsrc-2014Q3:1.4.0.6
	pkgsrc-2014Q3-base:1.4
	pkgsrc-2014Q2:1.4.0.4
	pkgsrc-2014Q2-base:1.4
	pkgsrc-2014Q1:1.4.0.2
	pkgsrc-2014Q1-base:1.4
	pkgsrc-2013Q4:1.2.0.4
	pkgsrc-2013Q4-base:1.2
	pkgsrc-2013Q3:1.2.0.2
	pkgsrc-2013Q3-base:1.2
	pkgsrc-2013Q2:1.1.0.2
	pkgsrc-2013Q2-base:1.1;
locks; strict;
comment	@# @;


1.6
date	2017.01.25.13.24.51;	author ryoon;	state dead;
branches;
next	1.5;
commitid	3acwYN6np6o7SlDz;

1.5
date	2016.06.16.12.08.21;	author ryoon;	state Exp;
branches;
next	1.4;
commitid	LAwegbTYgLLjCGaz;

1.4
date	2014.02.20.13.19.03;	author ryoon;	state Exp;
branches;
next	1.3;
commitid	T9GvdtUIEdEreQpx;

1.3
date	2014.02.08.09.36.00;	author ryoon;	state Exp;
branches;
next	1.2;
commitid	ggxuC0XAcatWnhox;

1.2
date	2013.09.19.12.37.49;	author ryoon;	state Exp;
branches;
next	1.1;
commitid	hXNFeA0U06W4X26x;

1.1
date	2013.05.23.13.12.13;	author ryoon;	state Exp;
branches;
next	;
commitid	sFsg0DAPswjWXKQw;


desc
@@


1.6
log
@Update to 51.0

Changelog:
New
    Users can view passwords in the save password prompt before saving them

    Added a zoom button in the URL bar:
        Displays percent above or below 100 percent when a user has changed the page zoom setting from the default
        Lets users return to the default setting by clicking on the button

    Improved video performance for users without GPU acceleration for less CPU usage and a better full screen experience

    Firefox will save passwords even in forms that do not have “submit” events

    Added support for FLAC (Free Lossless Audio Codec) playback

    Added support for WebGL 2, with advanced graphics rendering features like transform feedback, improved texturing capabilities, and a new sophisticated shading language

    A warning is displayed when a login page does not have a secure connection

    Added Georgian (ka) and Kabyle (kab) locales

    An even faster E10s! Tab Switching is better!

    Improved reliability of browser data sync

    Remove Belarusian (be) locale

Fixed
    Various security fixes

Changed
    Use 2D graphics library (Skia) for content rendering on Linux

    Re-enabled E10s support for Russian (ru) locale

    Updated to NSS 3.28.1

Security fixes:
 #CVE-2017-5375: Excessive JIT code allocation allows bypass of ASLR and DEP
 #CVE-2017-5376: Use-after-free in XSL
 #CVE-2017-5377: Memory corruption with transforms to create gradients in Skia
 #CVE-2017-5378: Pointer and frame data leakage of Javascript objects
 #CVE-2017-5379: Use-after-free in Web Animations
 #CVE-2017-5380: Potential use-after-free during DOM manipulations
 #CVE-2017-5390: Insecure communication methods in Developer Tools JSON viewer
 #CVE-2017-5389: WebExtensions can install additional add-ons via modified host requests
 #CVE-2017-5396: Use-after-free with Media Decoder
 #CVE-2017-5381: Certificate Viewer exporting can be used to navigate and save to arbitrary filesystem locations
 #CVE-2017-5382: Feed preview can expose privileged content errors and exceptions
 #CVE-2017-5383: Location bar spoofing with unicode characters
 #CVE-2017-5384: Information disclosure via Proxy Auto-Config (PAC)
 #CVE-2017-5385: Data sent in multipart channels ignores referrer-policy response headers
 #CVE-2017-5386: WebExtensions can use data: protocol to affect other extensions
 #CVE-2017-5394: Android location bar spoofing using fullscreen and JavaScript events
 #CVE-2017-5391: Content about: pages can load privileged about: pages
 #CVE-2017-5392: Weak references using multiple threads on weak proxy objects lead to unsafe memory usage
 #CVE-2017-5393: Remove addons.mozilla.org CDN from whitelist for mozAddonManager
 #CVE-2017-5395: Android location bar spoofing during scrolling
 #CVE-2017-5387: Disclosure of local file existence through TRACK tag error messages
 #CVE-2017-5388: WebRTC can be used to generate a large amount of UDP traffic for DDOS attacks
 #CVE-2017-5374: Memory safety bugs fixed in Firefox 51
 #CVE-2017-5373: Memory safety bugs fixed in Firefox 51 and Firefox ESR 45.7
@
text
@$NetBSD: patch-bf,v 1.5 2016/06/16 12:08:21 ryoon Exp $

* For NetBSD, use pthread_attr_get_np

--- js/src/jsnativestack.cpp.orig	2013-09-10 03:43:36.000000000 +0000
+++ js/src/jsnativestack.cpp
@@@@ -114,7 +114,7 @@@@ js::GetNativeStackBaseImpl()
     pthread_attr_init(&sattr);
 #  if defined(__OpenBSD__)
     stack_t ss;
-#  elif defined(PTHREAD_NP_H) || defined(_PTHREAD_NP_H_) || defined(NETBSD)
+#  elif defined(PTHREAD_NP_H) || defined(_PTHREAD_NP_H_) || defined(__DragonFly__) || defined(NETBSD) || defined(__NetBSD__) /* XXX tnn not sure why NETBSD isn't defined, it looks like it should be ... */
     /* e.g. on FreeBSD 4.8 or newer, neundorf@@kde.org */
     pthread_attr_get_np(thread, &sattr);
 #  else
@


1.5
log
@Update to 47.0

* Remove macOS patches, because I cannot confirm them sadly

Changelog:
New
    Support for Google’s Widevine CDM on Windows and Mac OS X so streaming services like Amazon Video can switch from Silverlight to encrypted HTML5 video.
    Enable VP9 video codec for users with fast machines
    Embedded YouTube videos now play with HTML5 video if Flash is not installed.
    View and search open tabs from your smartphone or another computer in a sidebar
    Allow no-cache on back/forward navigations for https resources
    Latgalu [ltg] locale added. Wikipedia tells us there are 164,500 daily speakers.

Fixed
    Various security fixes

Changed
    FUEL (Firefox User Extension Library) has been removed. Add-ons relying on it will stop working.
    The browser.sessionstore.restore_on_demand preference has been reset to its default value (true) to avoid e10s performance problems. Because faster is better!
    The Firefox click-to-activate plugin whitelist has been removed.
    XRender is no longer used for rendering web content on Linux as this may cause a regression in remote X performance

Developer
    Web platform changes
    View, start,and debug registered Service Workers in the Service Workers developer tool
    Simulate Push messages in the Service Workers developer tool
    'Start' button for service workers in about:debugging to start registered Service Workers
    Changes that can affect add-on compatibility
    Added support for ChaCha20/Poly1305 cipher suites
    Custom user agents supported in Responsive Design Mode
    Smart multi-line input in the Web Console

Developer Information
HTML5
    cuechange events are now available on TextTrack objects
    WebCrypto: PBKDF2 supports SHA-2 hash algorithms
    WebCrypto: RSA-PSS signature support


Fixed in Firefox 47
    2016-61 Network Security Services (NSS) vulnerabilities
    2016-60 Java applets bypass CSP protections
    2016-59 Information disclosure of disabled plugins through CSS pseudo-classes
    2016-58 Entering fullscreen and persistent pointerlock without user permission
    2016-57 Incorrect icon displayed on permissions notifications
    2016-56 Use-after-free when textures are used in WebGL operations after recycle pool destruction
    2016-55 File overwrite and privilege escalation through Mozilla Windows updater
    2016-54 Partial same-origin-policy through setting location.host through data URI
    2016-53 Out-of-bounds write with WebGL shader
    2016-52 Addressbar spoofing though the SELECT element
    2016-51 Use-after-free deleting tables from a contenteditable document
    2016-50 Buffer overflow parsing HTML5 fragments
    2016-49 Miscellaneous memory safety hazards (rv:47.0 / rv:45.2)
@
text
@d1 1
a1 1
$NetBSD: patch-bf,v 1.4 2014/02/20 13:19:03 ryoon Exp $
@


1.4
log
@Update to 27.0.1

* Fix some syscall definitions in JavaScript are fixed.
  Thank you, tho@@.

Changelog:
FIXED
27.0.1 - Fixed stability issues with Greasemonkey and other JS that used ClearTimeoutOrInterval
FIXED
27.0.1 - JS math correctness issue (bug 941381
@
text
@d1 3
a3 1
$NetBSD: patch-bf,v 1.2 2013/09/19 12:37:49 ryoon Exp $
@


1.3
log
@Update to 27.0

Changelog:
NEW
You can now run more than one service at a time with Firefox SocialAPI, allowing you to receive notifications, chat and more from multiple integrated services
CHANGED
Enabled TLS 1.1 (RFC 4346) and TLS 1.2 (RFC 5246) by default
CHANGED
Added support for SPDY 3.1 protocol
DEVELOPER
Ability to reset style sheets using 'all:unset'
DEVELOPER
You can now choose to deobfuscate javascript in the debugger (see 762761)
DEVELOPER
Added support for scrolled fieldsets (see 261037)
DEVELOPER
Implemented allow-popups directive for iframe sandbox, enabling increased security (see 766282)
DEVELOPER
CSS cursor keywords -moz-grab and -moz-grabbing have been unprefixed (see 880672)
DEVELOPER
Added support for ES6 generators in SpiderMonkey (see blog post)
DEVELOPER
Implemented support for mathematical function Math.hypot() in ES6 (see 896264)
HTML5
Dashed line support on Canvas (see 768067)
FIXED
Get Azure/Skia content rendering working on Linux (see 740200)
FIXED
27.0: Security fixes can be found here

Fixed in Firefox 27
MFSA 2014-13 Inconsistent JavaScript handling of access to Window objects
MFSA 2014-12 NSS ticket handling issues
MFSA 2014-11 Crash when using web workers with asm.js
MFSA 2014-10 Firefox default start page UI content invokable by script
MFSA 2014-09 Cross-origin information leak through web workers
MFSA 2014-08 Use-after-free with imgRequestProxy and image proccessing
MFSA 2014-07 XSLT stylesheets treated as styles in Content Security Policy
MFSA 2014-06 Profile path leaks to Android system log
MFSA 2014-05 Information disclosure with *FromPoint on iframes
MFSA 2014-04 Incorrect use of discarded images by RasterImage
MFSA 2014-03 UI selection timeout missing on download prompts
MFSA 2014-02 Clone protected content with XBL scopes
MFSA 2014-01 Miscellaneous memory safety hazards (rv:27.0 / rv:24.3)
@
text
@d3 1
a3 1
--- js/src/jsnativestack.cpp.orig	2014-01-28 04:03:46.000000000 +0000
@


1.2
log
@Update to 24.0, ESR edition.

* Merge some patches via FreeBSD ports.
* Tested on NetBSD/amd64 6.99.23 and DragonFly/amd64 3.4.1.
* Use system hunspell dictionaries.
* DuckDuckGo search window.
* Enable system icu support.

Changelog:
NEW
Support for new scrollbar style in Mac OS X 10.7 and newer
NEW
Implemented Close tabs to the right
NEW
Social: Ability to tear-off chat windows to view separately by simply dragging them out
CHANGED
Accessibility related improvements on using pinned tabs (see 577727)
CHANGED
Removed support for Revocation Lists feature (see 867465)
CHANGED
Performance improvements on New Tab Page loads (see 791670)
DEVELOPER
Major SVG rendering improvements around Image tiling and scaling (see 600207 )
DEVELOPER
Improved and unified Browser console for enhanced debugging experience, replacing existing Error console
DEVELOPER
Removed support for sherlock files that are loaded from application or profile directory
FIXED
Replace fixed-ratio audio resampler in webrtc.org capture code with Speex resampler and eliminate pseudo-44000Hz rate ( see 886886)
FIXED
24.0: Security fixes can be found here

Fixed in Firefox 24
MFSA 2013-92 GC hazard with default compartments and frame chain restoration
MFSA 2013-91 User-defined properties on DOM proxies get the wrong "this" object
MFSA 2013-90 Memory corruption involving scrolling
MFSA 2013-89 Buffer overflow with multi-column, lists, and floats
MFSA 2013-88 compartment mismatch re-attaching XBL-backed nodes
MFSA 2013-87 Shared object library loading from writable location
MFSA 2013-86 WebGL Information disclosure through OS X NVIDIA graphic drivers
MFSA 2013-85 Uninitialized data in IonMonkey
MFSA 2013-84 Same-origin bypass through symbolic links
MFSA 2013-83 Mozilla Updater does not lock MAR file after signature verification
MFSA 2013-82 Calling scope for new Javascript objects can lead to memory corruption
MFSA 2013-81 Use-after-free with select element
MFSA 2013-80 NativeKey continues handling key messages after widget is destroyed
MFSA 2013-79 Use-after-free in Animation Manager during stylesheet cloning
MFSA 2013-78 Integer overflow in ANGLE library
MFSA 2013-77 Improper state in HTML5 Tree Builder with templates
MFSA 2013-76 Miscellaneous memory safety hazards (rv:24.0 / rv:17.0.9)
@
text
@d1 1
a1 1
$NetBSD: patch-bf,v 1.1 2013/05/23 13:12:13 ryoon Exp $
d3 1
a3 1
--- js/src/jsnativestack.cpp.orig	2013-09-10 03:43:36.000000000 +0000
@


1.1
log
@Bump PKGREVISION.

* Remove reference to devel/xulrunner.
* Move some common files for firefox/xulrunner-21.0.
* Move patches from devel/sulrunner.
* Take MAINTAINERship.
@
text
@d1 1
a1 1
$NetBSD: patch-bf,v 1.12 2013/04/05 13:30:17 ryoon Exp $
d3 1
a3 1
--- js/src/jsnativestack.cpp.orig	2013-03-26 22:17:48.000000000 +0000
d5 1
a5 10
@@@@ -19,7 +19,7 @@@@
 #elif defined(XP_MACOSX) || defined(DARWIN) || defined(XP_UNIX)
 # include <pthread.h>
 
-# if defined(__FreeBSD__) || defined(__OpenBSD__)
+# if defined(__FreeBSD__) || defined(__OpenBSD__) || defined(__DragonFly__)
 #  include <pthread_np.h>
 # endif
 
@@@@ -112,7 +112,7 @@@@ js::GetNativeStackBaseImpl()
@