head 1.3;
access;
symbols
pkgsrc-2017Q4:1.2.0.2
pkgsrc-2017Q4-base:1.2
pkgsrc-2017Q3:1.1.0.8
pkgsrc-2017Q3-base:1.1
pkgsrc-2017Q2:1.1.0.4
pkgsrc-2017Q2-base:1.1
pkgsrc-2017Q1:1.1.0.2
pkgsrc-2017Q1-base:1.1;
locks; strict;
comment @# @;
1.3
date 2018.03.17.00.59.03; author ryoon; state dead;
branches;
next 1.2;
commitid yheX9IRIu7EcnKuA;
1.2
date 2017.11.16.01.04.38; author ryoon; state Exp;
branches
1.2.2.1;
next 1.1;
commitid Azr5anfpJDEficfA;
1.1
date 2017.02.16.02.25.17; author maya; state Exp;
branches;
next ;
commitid P93nxxc5wExOv7Gz;
1.2.2.1
date 2018.03.22.06.56.21; author spz; state dead;
branches;
next ;
commitid 8s0l4dxdhHyRbqvA;
desc
@@
1.3
log
@Update to 59.0.1
Changelog:
59.0.1
Security fix
#CVE-2018-5146: Out of bounds memory write in libvorbis
59.0
New
Performance enhancements:
- Faster load times for content on the Firefox Home page
- Faster page load times by loading either from the networked cache
or the cache on the user's hard drive (Race Cache With Network)
- Improved graphics rendering using Off-Main-Thread Painting (OMTP)
for Mac users (OMTP for Windows was released in Firefox 58)
Drag-and-drop to rearrange Top Sites on the Firefox Home page, and
customize new windows and tabs in other ways
Added features for Firefox Screenshots:
- Basic annotation lets the user draw on and highlight saved screenshots
- Recropping to change the viewable area of saved screenshots
Enhanced WebExtensions API including better support for decentralized
protocols and the ability to dynamically register content scripts
Improved Real-Time Communications (RTC) capabilities.
- Implemented RTP Transceiver to give pages more fine grained control
over calls
- Implemented features to support large scale conferences
Added support for W3C specs for pointer events and improved platform
integration with added device support for mouse, pen, and touch
screen pointer input
Added the Ecosia search engine as an option for German Firefox
Added the Qwant search engine as an option for French Firefox
Added settings in about:preferences to stop websites from asking to
send notifications or access your device's camera, microphone, and
location, while still allowing trusted websites to use these features
Fixed
Various security fixes
Changed
Firefox Private Browsing Mode will remove path information from
referrers to prevent cross-site tracking
Security fixes:
#CVE-2018-5127: Buffer overflow manipulating SVG animatedPathSegList
#CVE-2018-5128: Use-after-free manipulating editor selection ranges
#CVE-2018-5129: Out-of-bounds write with malformed IPC messages
#CVE-2018-5130: Mismatched RTP payload type can trigger memory corruption
#CVE-2018-5131: Fetch API improperly returns cached copies of
no-store/no-cache resources
#CVE-2018-5132: WebExtension Find API can search privileged pages
#CVE-2018-5133: Value of the app.support.baseURL preference is not properly
sanitized
#CVE-2018-5134: WebExtensions may use view-source: URLs to bypass content
restrictions
#CVE-2018-5135: WebExtension browserAction can inject scripts into
unintended contexts
#CVE-2018-5136: Same-origin policy violation with data: URL shared workers
#CVE-2018-5137: Script content can access legacy extension
non-contentaccessible resources
#CVE-2018-5138: Android Custom Tab address spoofing through long domain names
#CVE-2018-5140: Moz-icon images accessible to web content through moz-icon:
protocol
#CVE-2018-5141: DOS attack through notifications Push API
#CVE-2018-5142: Media Capture and Streams API permissions display
incorrect origin with data: and blob: URLs
#CVE-2018-5143: Self-XSS pasting javascript: URL with embedded tab into
addressbar
#CVE-2018-5126: Memory safety bugs fixed in Firefox 59
#CVE-2018-5125: Memory safety bugs fixed in Firefox 59 and Firefox ESR 52.7
@
text
@$NetBSD: patch-build_moz.configure_memory.configure,v 1.2 2017/11/16 01:04:38 ryoon Exp $
Recognise DragonflyBSD
--- build/moz.configure/memory.configure.orig 2017-09-15 04:15:39.000000000 +0000
+++ build/moz.configure/memory.configure
@@@@ -32,7 +32,7 @@@@ def jemalloc(value, target, build_projec
return True
if value and target.kernel not in ('WINNT', 'Linux', 'Darwin', 'kFreeBSD',
- 'FreeBSD', 'NetBSD'):
+ 'FreeBSD', 'NetBSD', 'DragonFly'):
die('--enable-jemalloc is not supported on %s', target.kernel)
@
1.2
log
@Update to 57.0
Changelog: New
A completely new browsing engine, designed to take full advantage
of the processing power in modern devices
A redesigned interface with a clean, modern appearance, consistent
visual elements, and optimizations for touch screens
A unified address and search bar. New installs will see this
unified bar. Learn how to add the stand-alone search bar to
the toolbar
A revamped new tab page that includes top visited sites, recently
visited pages, and recommendations from Pocket (in the US,
Canada, and Germany)
An updated product tour to orient new and returning Firefox
users
AMD VP9 hardware video decoder support for improved video
playback with lower power consumption
An expanded section in preferences to manage all website
permissions
Fixed
Various security fixes
Changed
Firefox now exclusively supports extensions built using the
WebExtension API, and unsupported legacy extensions will no
longer work. Learn more about our efforts to improve the
performance and security of extensions
The browser's autoscroll feature, as well as scrolling by
keyboard input and touch-dragging of scrollbars, now use
asynchronous scrolling. These scrolling methods are now similar
to other input methods like mousewheel, and provide a smoother
scrolling experience
The content process now has a stricter security sandbox that
blocks filesystem reading and writing on Linux, similar to the
protections for Windows and macOS that shipped in Firefox 56
Middle mouse paste in the content area no longer navigates to
URLs by default on Unix systems
Removed the toolbar Share button. If you relied on this feature,
you can install the Share Backported extension instead.
Some older versions of the ATOK IME, including ATOK 2006, 2008,
2009 and 2010, can cause crashes and are therefore disabled on
the Windows 64-bit version of Firefox Quantum. To fix those
incompatibility issues, please use a newer version of ATOK or
one of other IMEs.
The default font for Japanese text is now Meiryo
Security fixes:
CVE-2017-7828: Use-after-free of PressShell while restyling layout
Reporter
Nils
Impact
critical
Description
A use-after-free vulnerability can occur when flushing and resizing
layout because the PressShell object has been freed while still in
use. This results in a potentially exploitable crash during these
operations.
References
Bug 1406750 Bug 1412252
#CVE-2017-7830: Cross-origin URL information leak through Resource
Timing API
Reporter
Jun Kokatsu
Impact
high
Description
The Resource Timing API incorrectly revealed navigations in
cross-origin iframes. This is a same-origin policy violation and
could allow for data theft of URLs loaded by users.
References
Bug 1408990
#CVE-2017-7831: Information disclosure of exposed properties on
JavaScript proxy objects
Reporter
Oriol Brufau
Impact
moderate
Description
A vulnerability where the security wrapper does not deny access to
some exposed properties using the deprecated exposedProps mechanism
on proxy objects. These properties should be explicitly unavailable
to proxy objects.
References
Bug 1392026
#CVE-2017-7832: Domain spoofing through use of dotless 'i' character
followed by accent markers
Reporter
Jonathan Kew
Impact
moderate
Description
The combined, single character, version of the letter 'i' with any
of the potential accents in unicode, such as acute or grave, can
be spoofed in the addressbar by the dotless version of 'i' followed
by the same accent as a second character with most font sets. This
allows for domain spoofing attacks because these combined domain
names do not display as punycode.
References
Bug 1408782
#CVE-2017-7833: Domain spoofing with Arabic and Indic vowel marker
characters
Reporter
Rayyan Bijoora
Impact
moderate
Description
Some Arabic and Indic vowel marker characters can be combined with
Latin characters in a domain name to eclipse the non-Latin character
with some font sets on the addressbar. The non-Latin character will
not be visible to most viewers. This allows for domain spoofing
attacks because these combined domain names do not display as
punycode.
References
Bug 1370497
#CVE-2017-7834: data: URLs opened in new tabs bypass CSP protections
Reporter
Jordi Chancel
Impact
moderate
Description
A data: URL loaded in a new tab did not inherit the Content Security
Policy (CSP) of the original page, allowing for bypasses of the
policy including the execution of JavaScript. In prior versions
when data: documents also inherited the context of the original
page this would allow for potential cross-site scripting (XSS)
attacks.
References
Bug 1358009
#CVE-2017-7835: Mixed content blocking incorrectly applies with
redirects
Reporter
Ben Kelly
Impact
moderate
Description
Mixed content blocking of insecure (HTTP) sub-resources in a secure
(HTTPS) document was not correctly applied for resources that
redirect from HTTPS to HTTP, allowing content that should be blocked,
such as scripts, to be loaded on a page.
References
Bug 1402363
#CVE-2017-7836: Pingsender dynamically loads libcurl on Linux and
OS X
Reporter
Ezra Caltum
Impact
moderate
Description
The "pingsender" executable used by the Firefox Health Report
dynamically loads a system copy of libcurl, which an attacker could
replace. This allows for privilege escalation as the replaced
libcurl code will run with Firefox's privileges. Note: This attack
requires an attacker have local system access and only affects OS
X and Linux. Windows systems are not affected.
References
Bug 1401339
#CVE-2017-7837: SVG loaded as ![]()
can use meta tags to set cookies
Reporter
Jun Kokatsu
Impact
moderate
Description
SVG loaded through ![]()
tags can use tags within the SVG
data to set cookies for that page.
References
Bug 1325923
#CVE-2017-7838: Failure of individual decoding of labels in
international domain names triggers punycode display of entire IDN
Reporter
Corey Bonnell
Impact
low
Description
Punycode format text will be displayed for entire qualified
international domain names in some instances when a sub-domain
triggers the punycode display instead of the primary domain being
displayed in native script and the sub-domain only displaying as
punycode. This could be used for limited spoofing attacks due to
user confusion.
References
Bug 1399540
#CVE-2017-7839: Control characters before javascript: URLs defeats
self-XSS prevention mechanism
Reporter
Eric Lawrence
Impact
low
Description
Control characters prepended before javascript: URLs pasted in the
addressbar can cause the leading characters to be ignored and the
pasted JavaScript to be executed instead of being blocked. This
could be used in social engineering and self-cross-site-scripting
(self-XSS) attacks where users are convinced to copy and paste text
into the addressbar.
References
Bug 1402896
#CVE-2017-7840: Exported bookmarks do not strip script elements
from user-supplied tags
Reporter
Hanno Bock
Impact
low
Description
JavaScript can be injected into an exported bookmarks file by
placing JavaScript code into user-supplied tags in saved bookmarks.
If the resulting exported HTML file is later opened in a browser
this JavaScript will be executed. This could be used in social
engineering and self-cross-scripting (self-XSS) attacks if users
were convinced to add malicious tags to bookmarks, export them,
and then open the resulting file.
References
Bug 1366420
#CVE-2017-7842: Referrer Policy is not always respected for
elements
Reporter
Jun Kokatsu
Impact
low
Description
If a document's Referrer Policy attribute is set to "no-referrer"
sometimes two network requests are made for elements
instead of one. One of these requests includes the referrer instead
of respecting the set policy to not include a referrer on requests.
References
Bug 1397064
#CVE-2017-7827: Memory safety bugs fixed in Firefox 57
Reporter
Mozilla developers and community
Impact
critical
Description
Mozilla developers and community members Boris Zbarsky, Carsten Book,
Christian Holler, Byron Campen, Jan de Mooij, Jason Kratzer,
Jesse Schwartzentruber, Marcia Knous, Randell Jesup, Tyson Smith,
and Ting-Yu Chou reported memory safety bugs present in Firefox 56.
Some of these bugs showed evidence of memory corruption and we presume
that with enough effort that some of these could be exploited to run
arbitrary code.
References
Memory safety bugs fixed in Firefox 57
#CVE-2017-7826: Memory safety bugs fixed in Firefox 57 and Firefox
ESR 52.5
Reporter
Mozilla developers and community
Impact
critical
Description
Mozilla developers and community members Christian Holler, David
Keeler, Jon Coppeard, Julien Cristau, Jan de Mooij, Jason Kratzer,
Philipp, Nicholas Nethercote, Oriol Brufau, André Bargull, Bob
Clary, Jet Villegas, Randell Jesup, Tyson Smith, Gary Kwong, and
Ryan VanderMeulen reported memory safety bugs present in Firefox
56 and Firefox ESR 52.4. Some of these bugs showed evidence of
memory corruption and we presume that with enough effort that some
of these could be exploited to run arbitrary code.
References
Memory safety bugs fixed in Firefox 57 and Firefox ESR 52.5
@
text
@d1 1
a1 1
$NetBSD: patch-build_moz.configure_memory.configure,v 1.1 2017/02/16 02:25:17 maya Exp $
@
1.2.2.1
log
@Pullup ticket #5728 - requested by maya
devel/nspr: dependency update
devel/nss: dependency update
www/firefox-l10n: dependent update
www/firefox: security update
Revisions pulled up:
- devel/nspr/Makefile 1.94-1.95
- devel/nspr/distinfo 1.48-1.49
- devel/nspr/patches/patch-az deleted
- devel/nspr/patches/patch-nspr_pr_include_md___pth.h 1.1
- devel/nspr/patches/patch-nspr_pr_src_pthreads_ptthread.c 1.1
- devel/nspr/patches/patch-nsprpub_pr_include_md__pth.h deleted
- devel/nss/Makefile 1.146,1.148
- devel/nss/PLIST 1.24
- devel/nss/distinfo 1.81,1.83
- devel/nss/patches/patch-nss_lib_freebl_config.mk deleted
- devel/nss/patches/patch-nss_lib_freebl_verified_kremlib.h deleted
- www/firefox-l10n/Makefile 1.121-1.123
- www/firefox-l10n/distinfo 1.111-1.113
- www/firefox/Makefile 1.320-1.321,1.324
- www/firefox/PLIST 1.127
- www/firefox/distinfo 1.307-1.309
- www/firefox/mozilla-common.mk 1.105-1.106
- www/firefox/patches/patch-aa 1.56
- www/firefox/patches/patch-build_gyp.mozbuild 1.8
- www/firefox/patches/patch-build_moz.configure_keyfiles.configure 1.5
- www/firefox/patches/patch-build_moz.configure_memory.configure deleted
- www/firefox/patches/patch-config_baseconfig.mk deleted
- www/firefox/patches/patch-config_external_moz.build 1.17
- www/firefox/patches/patch-dom_media_moz.build 1.9
- www/firefox/patches/patch-gfx_skia_generate__mozbuild.py 1.8
- www/firefox/patches/patch-gfx_skia_moz.build 1.15
- www/firefox/patches/patch-gfx_thebes_moz.build 1.9
- www/firefox/patches/patch-media_libcubeb_gtest_moz.build 1.2
- www/firefox/patches/patch-media_libtheora_moz.build 1.8
- www/firefox/patches/patch-media_libvorbis_moz.build 1.4
- www/firefox/patches/patch-media_webrtc_trunk_webrtc_modules_audio__device_linux_audio__device__alsa__linux.cc 1.1
- www/firefox/patches/patch-modules_libpref_init_all.js 1.7
- www/firefox/patches/patch-modules_pdfium_update.sh 1.2
- www/firefox/patches/patch-netwerk_dns_moz.build 1.8
- www/firefox/patches/patch-netwerk_srtp_src_crypto_hash_hmac.c deleted
- www/firefox/patches/patch-netwerk_srtp_src_crypto_kernel_crypto__kernel.c deleted
- www/firefox/patches/patch-servo_components_style_properties_helpers_animated__properties.mako.rs deleted
- www/firefox/patches/patch-third__party_rust_simd_.cargo-checksum.json 1.1
- www/firefox/patches/patch-third__party_rust_simd_src_x86_avx2.rs 1.1
- www/firefox/patches/patch-toolkit_crashreporter_google-breakpad_src_third_party_curl_curlbuild.h deleted
- www/firefox/patches/patch-toolkit_moz.configure 1.10
- www/firefox/patches/patch-toolkit_xre_nsEmbedFunctions.cpp deleted
- www/firefox/patches/patch-xpcom_build_BinaryPath.h 1.3-1.4
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: ryoon
Date: Wed Jan 24 16:21:43 UTC 2018
Modified Files:
pkgsrc/devel/nspr: Makefile distinfo
Added Files:
pkgsrc/devel/nspr/patches: patch-nspr_pr_include_md___pth.h
patch-nspr_pr_src_pthreads_ptthread.c
Removed Files:
pkgsrc/devel/nspr/patches: patch-az patch-nsprpub_pr_include_md__pth.h
Log Message:
Update to 4.18
Changelog:
NSPR 4.18 contains the following changes:
- removed HP-UX DCE threads support
- improvements for the Windows implementation of PR_SetCurrentThreadName
- fixes for the Windows implementation of TCP Fast Open
To generate a diff of this commit:
cvs rdiff -u -r1.93 -r1.94 pkgsrc/devel/nspr/Makefile
cvs rdiff -u -r1.47 -r1.48 pkgsrc/devel/nspr/distinfo
cvs rdiff -u -r1.4 -r0 pkgsrc/devel/nspr/patches/patch-az
cvs rdiff -u -r0 -r1.1 \
pkgsrc/devel/nspr/patches/patch-nspr_pr_include_md___pth.h \
pkgsrc/devel/nspr/patches/patch-nspr_pr_src_pthreads_ptthread.c
cvs rdiff -u -r1.3 -r0 \
pkgsrc/devel/nspr/patches/patch-nsprpub_pr_include_md__pth.h
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: ryoon
Date: Sat Mar 17 01:06:18 UTC 2018
Modified Files:
pkgsrc/devel/nspr: Makefile distinfo
Log Message:
Update to 4.29
Changelog:
NSPR 4.19 contains the following changes:
- changed order of shutdown cleanup to avoid a crash on Mac OSX
- build compatibility with Android NDK r16 and glibc 2.26
To generate a diff of this commit:
cvs rdiff -u -r1.94 -r1.95 pkgsrc/devel/nspr/Makefile
cvs rdiff -u -r1.48 -r1.49 pkgsrc/devel/nspr/distinfo
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: ryoon
Date: Wed Jan 24 16:23:52 UTC 2018
Modified Files:
pkgsrc/devel/nss: Makefile distinfo
Removed Files:
pkgsrc/devel/nss/patches: patch-nss_lib_freebl_config.mk
patch-nss_lib_freebl_verified_kremlib.h
Log Message:
Update to 3.35
Changelog:
The NSS team has released Network Security Services (NSS) 3.35,
which is a minor release.
Summary of the major changes included in this release:
- The default database storage format has been changed to SQL,
using filenames cert9.db, key4.db, pkcs11.txt.
- TLS 1.3 support has been updated to draft -23, along with
additional significant changes.
- Support for TLS compression was removed.
- Added formally verified implementations of non-vectorized Chacha20
and non-vectorized Poly1305 64-bit.
- When creating encrypted PKCS#7 or PKCS#12 data, NSS uses a
higher iteration count for stronger security.
- The CA trust list was updated to version 2.22.
To generate a diff of this commit:
cvs rdiff -u -r1.145 -r1.146 pkgsrc/devel/nss/Makefile
cvs rdiff -u -r1.80 -r1.81 pkgsrc/devel/nss/distinfo
cvs rdiff -u -r1.2 -r0 \
pkgsrc/devel/nss/patches/patch-nss_lib_freebl_config.mk
cvs rdiff -u -r1.1 -r0 \
pkgsrc/devel/nss/patches/patch-nss_lib_freebl_verified_kremlib.h
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: ryoon
Date: Sat Mar 17 01:07:15 UTC 2018
Modified Files:
pkgsrc/devel/nss: Makefile PLIST distinfo
Log Message:
Update to 3.36
* Require devel/nspr-4.19
Changelog:
The NSS team has released Network Security Services (NSS) 3.36,
which is a minor release.
Summary of the major changes included in this release:
- Replaced existing vectorized ChaCha20 code with verified
HACL* implementation.
- Experimental APIs for TLS session cache handling.
To generate a diff of this commit:
cvs rdiff -u -r1.147 -r1.148 pkgsrc/devel/nss/Makefile
cvs rdiff -u -r1.23 -r1.24 pkgsrc/devel/nss/PLIST
cvs rdiff -u -r1.82 -r1.83 pkgsrc/devel/nss/distinfo
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: ryoon
Date: Wed Jan 31 14:02:18 UTC 2018
Modified Files:
pkgsrc/www/firefox: Makefile distinfo
Added Files:
pkgsrc/www/firefox/patches: patch-xpcom_build_BinaryPath.h
Log Message:
Update to 58.0.1
* Fix build under netbsd-7, PR pkg/52956
Changelog:
Fix Mozilla Foundation Security Advisory 2018-05:
Arbitrary code execution through unsanitized browser UI
When using certain non-default security policies on Windows (for
example with Windows Defender Exploit Protection or Webroot security
products), Firefox 58.0 would fail to load pages (bug 1433065).
To generate a diff of this commit:
cvs rdiff -u -r1.319 -r1.320 pkgsrc/www/firefox/Makefile
cvs rdiff -u -r1.306 -r1.307 pkgsrc/www/firefox/distinfo
cvs rdiff -u -r0 -r1.3 \
pkgsrc/www/firefox/patches/patch-xpcom_build_BinaryPath.h
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: ryoon
Date: Sat Feb 10 07:02:47 UTC 2018
Modified Files:
pkgsrc/www/firefox: Makefile distinfo mozilla-common.mk
pkgsrc/www/firefox/patches: patch-xpcom_build_BinaryPath.h
Log Message:
Update to 58.0.2
* Fix segfault on netbsd-7
Changelog:
Fix
Avoid a signature validation issue during update on macOS
Blocklisted graphics drivers related to off main thread painting crashes
Tab crash during printing
Fix clicking links and scrolling emails on Microsoft Hotmail and Outlook
(OWA) webmail
To generate a diff of this commit:
cvs rdiff -u -r1.320 -r1.321 pkgsrc/www/firefox/Makefile
cvs rdiff -u -r1.307 -r1.308 pkgsrc/www/firefox/distinfo
cvs rdiff -u -r1.104 -r1.105 pkgsrc/www/firefox/mozilla-common.mk
cvs rdiff -u -r1.3 -r1.4 \
pkgsrc/www/firefox/patches/patch-xpcom_build_BinaryPath.h
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: ryoon
Date: Sat Mar 17 00:59:03 UTC 2018
Modified Files:
pkgsrc/www/firefox: Makefile PLIST distinfo mozilla-common.mk
pkgsrc/www/firefox/patches: patch-aa patch-build_gyp.mozbuild
patch-config_external_moz.build patch-dom_media_moz.build
patch-gfx_skia_generate__mozbuild.py patch-gfx_skia_moz.build
patch-gfx_thebes_moz.build patch-media_libcubeb_gtest_moz.build
patch-media_libtheora_moz.build patch-media_libvorbis_moz.build
patch-modules_pdfium_update.sh patch-netwerk_dns_moz.build
patch-toolkit_moz.configure
Added Files:
pkgsrc/www/firefox/patches:
patch-build_moz.configure_keyfiles.configure
patch-media_webrtc_trunk_webrtc_modules_audio__device_linux_audio__device__alsa__linux.cc
patch-modules_libpref_init_all.js
patch-third__party_rust_simd_.cargo-checksum.json
patch-third__party_rust_simd_src_x86_avx2.rs
Removed Files:
pkgsrc/www/firefox/patches: patch-build_moz.configure_memory.configure
patch-config_baseconfig.mk
patch-netwerk_srtp_src_crypto_hash_hmac.c
patch-netwerk_srtp_src_crypto_kernel_crypto__kernel.c
patch-servo_components_style_properties_helpers_animated__properties.mako.rs
patch-toolkit_crashreporter_google-breakpad_src_third_party_curl_curlbuild.h
patch-toolkit_xre_nsEmbedFunctions.cpp
Log Message:
Update to 59.0.1
Changelog:
59.0.1
Security fix
#CVE-2018-5146: Out of bounds memory write in libvorbis
59.0
New
Performance enhancements:
- Faster load times for content on the Firefox Home page
- Faster page load times by loading either from the networked cache
or the cache on the user's hard drive (Race Cache With Network)
- Improved graphics rendering using Off-Main-Thread Painting (OMTP)
for Mac users (OMTP for Windows was released in Firefox 58)
Drag-and-drop to rearrange Top Sites on the Firefox Home page, and
customize new windows and tabs in other ways
Added features for Firefox Screenshots:
- Basic annotation lets the user draw on and highlight saved screenshots
- Recropping to change the viewable area of saved screenshots
Enhanced WebExtensions API including better support for decentralized
protocols and the ability to dynamically register content scripts
Improved Real-Time Communications (RTC) capabilities.
- Implemented RTP Transceiver to give pages more fine grained control
over calls
- Implemented features to support large scale conferences
Added support for W3C specs for pointer events and improved platform
integration with added device support for mouse, pen, and touch
screen pointer input
Added the Ecosia search engine as an option for German Firefox
Added the Qwant search engine as an option for French Firefox
Added settings in about:preferences to stop websites from asking to
send notifications or access your device's camera, microphone, and
location, while still allowing trusted websites to use these features
Fixed
Various security fixes
Changed
Firefox Private Browsing Mode will remove path information from
referrers to prevent cross-site tracking
Security fixes:
#CVE-2018-5127: Buffer overflow manipulating SVG animatedPathSegList
#CVE-2018-5128: Use-after-free manipulating editor selection ranges
#CVE-2018-5129: Out-of-bounds write with malformed IPC messages
#CVE-2018-5130: Mismatched RTP payload type can trigger memory corruption
#CVE-2018-5131: Fetch API improperly returns cached copies of
no-store/no-cache resources
#CVE-2018-5132: WebExtension Find API can search privileged pages
#CVE-2018-5133: Value of the app.support.baseURL preference is not properly
sanitized
#CVE-2018-5134: WebExtensions may use view-source: URLs to bypass content
restrictions
#CVE-2018-5135: WebExtension browserAction can inject scripts into
unintended contexts
#CVE-2018-5136: Same-origin policy violation with data: URL shared workers
#CVE-2018-5137: Script content can access legacy extension
non-contentaccessible resources
#CVE-2018-5138: Android Custom Tab address spoofing through long domain names
#CVE-2018-5140: Moz-icon images accessible to web content through moz-icon:
protocol
#CVE-2018-5141: DOS attack through notifications Push API
#CVE-2018-5142: Media Capture and Streams API permissions display
incorrect origin with data: and blob: URLs
#CVE-2018-5143: Self-XSS pasting javascript: URL with embedded tab into
addressbar
#CVE-2018-5126: Memory safety bugs fixed in Firefox 59
#CVE-2018-5125: Memory safety bugs fixed in Firefox 59 and Firefox ESR 52.7
To generate a diff of this commit:
cvs rdiff -u -r1.323 -r1.324 pkgsrc/www/firefox/Makefile
cvs rdiff -u -r1.126 -r1.127 pkgsrc/www/firefox/PLIST
cvs rdiff -u -r1.308 -r1.309 pkgsrc/www/firefox/distinfo
cvs rdiff -u -r1.105 -r1.106 pkgsrc/www/firefox/mozilla-common.mk
cvs rdiff -u -r1.55 -r1.56 pkgsrc/www/firefox/patches/patch-aa
cvs rdiff -u -r1.7 -r1.8 pkgsrc/www/firefox/patches/patch-build_gyp.mozbuild \
pkgsrc/www/firefox/patches/patch-gfx_skia_generate__mozbuild.py \
pkgsrc/www/firefox/patches/patch-media_libtheora_moz.build \
pkgsrc/www/firefox/patches/patch-netwerk_dns_moz.build
cvs rdiff -u -r0 -r1.5 \
pkgsrc/www/firefox/patches/patch-build_moz.configure_keyfiles.configure
cvs rdiff -u -r1.2 -r0 \
pkgsrc/www/firefox/patches/patch-build_moz.configure_memory.configure \
pkgsrc/www/firefox/patches/patch-toolkit_crashreporter_google-breakpad_src_third_party_curl_curlbuild.h
cvs rdiff -u -r1.10 -r0 pkgsrc/www/firefox/patches/patch-config_baseconfig.mk
cvs rdiff -u -r1.16 -r1.17 \
pkgsrc/www/firefox/patches/patch-config_external_moz.build
cvs rdiff -u -r1.8 -r1.9 pkgsrc/www/firefox/patches/patch-dom_media_moz.build \
pkgsrc/www/firefox/patches/patch-gfx_thebes_moz.build
cvs rdiff -u -r1.14 -r1.15 \
pkgsrc/www/firefox/patches/patch-gfx_skia_moz.build
cvs rdiff -u -r1.1 -r1.2 \
pkgsrc/www/firefox/patches/patch-media_libcubeb_gtest_moz.build \
pkgsrc/www/firefox/patches/patch-modules_pdfium_update.sh
cvs rdiff -u -r1.3 -r1.4 \
pkgsrc/www/firefox/patches/patch-media_libvorbis_moz.build
cvs rdiff -u -r0 -r1.1 \
pkgsrc/www/firefox/patches/patch-media_webrtc_trunk_webrtc_modules_audio__device_linux_audio__device__alsa__linux.cc \
pkgsrc/www/firefox/patches/patch-third__party_rust_simd_.cargo-checksum.json \
pkgsrc/www/firefox/patches/patch-third__party_rust_simd_src_x86_avx2.rs
cvs rdiff -u -r0 -r1.7 \
pkgsrc/www/firefox/patches/patch-modules_libpref_init_all.js
cvs rdiff -u -r1.4 -r0 \
pkgsrc/www/firefox/patches/patch-netwerk_srtp_src_crypto_hash_hmac.c
cvs rdiff -u -r1.3 -r0 \
pkgsrc/www/firefox/patches/patch-netwerk_srtp_src_crypto_kernel_crypto__kernel.c
cvs rdiff -u -r1.1 -r0 \
pkgsrc/www/firefox/patches/patch-servo_components_style_properties_helpers_animated__properties.mako.rs
cvs rdiff -u -r1.9 -r1.10 \
pkgsrc/www/firefox/patches/patch-toolkit_moz.configure
cvs rdiff -u -r1.7 -r0 \
pkgsrc/www/firefox/patches/patch-toolkit_xre_nsEmbedFunctions.cpp
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: ryoon
Date: Wed Jan 31 14:03:25 UTC 2018
Modified Files:
pkgsrc/www/firefox-l10n: Makefile distinfo
Log Message:
Update to 58.0.1
* Sync with www/firefox-58.0.1
To generate a diff of this commit:
cvs rdiff -u -r1.120 -r1.121 pkgsrc/www/firefox-l10n/Makefile
cvs rdiff -u -r1.110 -r1.111 pkgsrc/www/firefox-l10n/distinfo
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: ryoon
Date: Sat Feb 10 07:05:20 UTC 2018
Modified Files:
pkgsrc/www/firefox-l10n: Makefile distinfo
Log Message:
Update to 58.0.2
* Sync with www/firefox-58.0.2
To generate a diff of this commit:
cvs rdiff -u -r1.121 -r1.122 pkgsrc/www/firefox-l10n/Makefile
cvs rdiff -u -r1.111 -r1.112 pkgsrc/www/firefox-l10n/distinfo
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: ryoon
Date: Sat Mar 17 01:00:20 UTC 2018
Modified Files:
pkgsrc/www/firefox-l10n: Makefile distinfo
Log Message:
Update to 59.0.1
* Sync with www/firefox-59.0.1
To generate a diff of this commit:
cvs rdiff -u -r1.122 -r1.123 pkgsrc/www/firefox-l10n/Makefile
cvs rdiff -u -r1.112 -r1.113 pkgsrc/www/firefox-l10n/distinfo
@
text
@d1 1
a1 1
$NetBSD: patch-build_moz.configure_memory.configure,v 1.2 2017/11/16 01:04:38 ryoon Exp $
@
1.1
log
@firefox: add some configure bits for DragonflyBSD lost in the passage of
time. PR pkg/51695
@
text
@d1 1
a1 1
$NetBSD$
d5 1
a5 1
--- build/moz.configure/memory.configure.orig 2017-01-16 16:16:51.000000000 +0000
d7 6
a12 7
@@@@ -66,7 +66,7 @@@@ def jemalloc_os_define(jemalloc, jemallo
return 'MOZ_MEMORY_LINUX'
if target.kernel == 'Darwin':
return 'MOZ_MEMORY_DARWIN'
- if target.kernel in ('kFreeBSD', 'FreeBSD', 'NetBSD'):
+ if target.kernel in ('kFreeBSD', 'FreeBSD', 'NetBSD', 'DragonFly'):
return 'MOZ_MEMORY_BSD'
d15 1
@