head 1.26;
access;
symbols
pkgsrc-2017Q4:1.25.0.6
pkgsrc-2017Q4-base:1.25
pkgsrc-2017Q3:1.25.0.4
pkgsrc-2017Q3-base:1.25
pkgsrc-2017Q2:1.24.0.2
pkgsrc-2017Q2-base:1.24
pkgsrc-2017Q1:1.22.0.2
pkgsrc-2017Q1-base:1.22
pkgsrc-2016Q4:1.21.0.2
pkgsrc-2016Q4-base:1.21
pkgsrc-2016Q3:1.20.0.2
pkgsrc-2016Q3-base:1.20
pkgsrc-2016Q2:1.19.0.2
pkgsrc-2016Q2-base:1.19
pkgsrc-2016Q1:1.17.0.2
pkgsrc-2016Q1-base:1.17
pkgsrc-2015Q4:1.15.0.2
pkgsrc-2015Q4-base:1.15
pkgsrc-2015Q3:1.14.0.2
pkgsrc-2015Q3-base:1.14
pkgsrc-2015Q2:1.13.0.2
pkgsrc-2015Q2-base:1.13
pkgsrc-2015Q1:1.11.0.4
pkgsrc-2015Q1-base:1.11
pkgsrc-2014Q4:1.11.0.2
pkgsrc-2014Q4-base:1.11
pkgsrc-2014Q3:1.10.0.2
pkgsrc-2014Q3-base:1.10
pkgsrc-2014Q2:1.9.0.2
pkgsrc-2014Q2-base:1.9
pkgsrc-2014Q1:1.7.0.2
pkgsrc-2014Q1-base:1.7
pkgsrc-2013Q4:1.4.0.2
pkgsrc-2013Q4-base:1.4
pkgsrc-2013Q3:1.2.0.2
pkgsrc-2013Q3-base:1.2
pkgsrc-2013Q2:1.1.0.2
pkgsrc-2013Q2-base:1.1;
locks; strict;
comment @# @;
1.26
date 2018.01.24.16.52.08; author ryoon; state dead;
branches;
next 1.25;
commitid Yl8uDmLMV5LNj9oA;
1.25
date 2017.08.10.14.46.15; author ryoon; state Exp;
branches
1.25.6.1;
next 1.24;
commitid rDI4h24RNI2oZF2A;
1.24
date 2017.06.14.11.28.44; author ryoon; state Exp;
branches;
next 1.23;
commitid TvqH8xBKhv2gJkVz;
1.23
date 2017.04.27.01.49.47; author ryoon; state Exp;
branches;
next 1.22;
commitid J6Df3i7KVGRj47Pz;
1.22
date 2017.03.07.20.45.43; author ryoon; state Exp;
branches;
next 1.21;
commitid cj2gfa0XmazzZEIz;
1.21
date 2016.12.03.09.58.26; author ryoon; state Exp;
branches;
next 1.20;
commitid uIUIk0K6tuQSqwwz;
1.20
date 2016.08.06.08.46.59; author ryoon; state Exp;
branches;
next 1.19;
commitid E1GJBeRJuobrRdhz;
1.19
date 2016.06.16.12.08.21; author ryoon; state Exp;
branches;
next 1.18;
commitid LAwegbTYgLLjCGaz;
1.18
date 2016.04.27.16.22.40; author ryoon; state Exp;
branches;
next 1.17;
commitid u2rwBznaaKPcDh4z;
1.17
date 2016.01.27.00.08.26; author ryoon; state Exp;
branches
1.17.2.1;
next 1.16;
commitid U4PoPJGIWVIiavSy;
1.16
date 2016.01.19.10.23.29; author ryoon; state Exp;
branches;
next 1.15;
commitid wazdsInHmH0hPwRy;
1.15
date 2015.11.03.15.52.57; author ryoon; state Exp;
branches;
next 1.14;
commitid omt1OZedtJyJ7FHy;
1.14
date 2015.07.03.10.25.40; author ryoon; state Exp;
branches;
next 1.13;
commitid yNqCmaHKVtcygPry;
1.13
date 2015.05.12.22.48.54; author ryoon; state Exp;
branches;
next 1.12;
commitid NJZg0HQjg2n73dly;
1.12
date 2015.04.05.12.54.11; author ryoon; state Exp;
branches;
next 1.11;
commitid K8Tn7QcmAk8VWogy;
1.11
date 2014.12.01.18.11.14; author ryoon; state Exp;
branches;
next 1.10;
commitid jJPLy0Wr2QzMIm0y;
1.10
date 2014.07.24.14.57.12; author ryoon; state Exp;
branches;
next 1.9;
commitid fruNobPhlaJdPDJx;
1.9
date 2014.06.11.00.40.59; author ryoon; state Exp;
branches;
next 1.8;
commitid QTw894DEf2Let2Ex;
1.8
date 2014.04.30.15.07.18; author ryoon; state Exp;
branches;
next 1.7;
commitid BxErbE5mH8g3CIyx;
1.7
date 2014.03.20.21.02.00; author ryoon; state Exp;
branches;
next 1.6;
commitid 7yTA4yPlY6RyTttx;
1.6
date 2014.02.20.13.19.03; author ryoon; state Exp;
branches;
next 1.5;
commitid T9GvdtUIEdEreQpx;
1.5
date 2014.02.08.09.36.00; author ryoon; state Exp;
branches;
next 1.4;
commitid ggxuC0XAcatWnhox;
1.4
date 2013.12.15.13.54.37; author ryoon; state Exp;
branches;
next 1.3;
commitid Vw2sJulZRCraAehx;
1.3
date 2013.11.02.22.57.55; author ryoon; state Exp;
branches;
next 1.2;
commitid M2FbcKK4JD2lYKbx;
1.2
date 2013.09.19.12.37.49; author ryoon; state Exp;
branches;
next 1.1;
commitid hXNFeA0U06W4X26x;
1.1
date 2013.05.23.13.12.13; author ryoon; state Exp;
branches;
next ;
commitid sFsg0DAPswjWXKQw;
1.25.6.1
date 2018.03.09.07.17.30; author spz; state dead;
branches;
next ;
commitid DwVK6v0Mc0P0JKtA;
1.17.2.1
date 2016.05.19.12.56.30; author bsiegert; state Exp;
branches;
next ;
commitid 53h9eCcjRRHEM57z;
desc
@@
1.26
log
@Update to 58.0
Changelog:
New
Performance improvements, including:
Rendering graphics for Windows users by using Off-Main-Threa
Painting (OMTP)
Loading pages faster by changing how Firefox caches and retrieves
JavaScript
Improvements to Firefox Screenshots:
Copy and paste screenshots directly to your clipboard
Firefox Screenshots now works in Private Browsing mode
Added Nepali (ne-NP) locale
In case you missed it--57 Release privacy and performance feature:
Users can enable Tracking Protection at all times. Learn how to turn
Tracking Protection on.
Fixed
Fonts installed in non-standard directories will no longer appear
blank for Linux users
Various security fixes
Changed
User profiles created in Firefox 58 (and in future releases) are not
supported in previous versions of Firefox. Users who downgrade to
a previous version should create a new profile for that version.
Learn about alternatives to downgrading on our support site.
Added a warning to alert users and site owners of planned security
changes to sites affected by the gradual distrust plan for
the Symantec certificate authority
#CVE-2018-5091: Use-after-free with DTMF timers
#CVE-2018-5092: Use-after-free in Web Workers
#CVE-2018-5093: Buffer overflow in WebAssembly during Memory/Table resizing
#CVE-2018-5094: Buffer overflow in WebAssembly with garbage collection on
uninitialized memory
#CVE-2018-5095: Integer overflow in Skia library during edge builder allocation
#CVE-2018-5097: Use-after-free when source document is manipulated during XSLT
#CVE-2018-5098: Use-after-free while manipulating form input elements
#CVE-2018-5099: Use-after-free with widget listener
#CVE-2018-5100: Use-after-free when IsPotentiallyScrollable arguments are
freed from memory
#CVE-2018-5101: Use-after-free with floating first-letter style elements
#CVE-2018-5102: Use-after-free in HTML media elements
#CVE-2018-5103: Use-after-free during mouse event handling
#CVE-2018-5104: Use-after-free during font face manipulation
#CVE-2018-5105: WebExtensions can save and execute files on local file
system without user prompts
#CVE-2018-5106: Developer Tools can expose style editor information
cross-origin through service worker
#CVE-2018-5107: Printing process will follow symlinks for local file access
#CVE-2018-5108: Manually entered blob URL can be accessed by subsequent
private browsing tabs
#CVE-2018-5109: Audio capture prompts and starts with incorrect origin
attribution
#CVE-2018-5110: Cursor can be made invisible on OS X
#CVE-2018-5117: URL spoofing with right-to-left text aligned left-to-right
#CVE-2018-5118: Activity Stream images can attempt to load local content
through file:
#CVE-2018-5119: Reader view will load cross-origin content in violation
of CORS headers
#CVE-2018-5121: OS X Tibetan characters render incompletely in the addressbar
#CVE-2018-5122: Potential integer overflow in DoCrypt
#CVE-2018-5090: Memory safety bugs fixed in Firefox 58
#CVE-2018-5089: Memory safety bugs fixed in Firefox 58 and Firefox ESR 52.6
@
text
@$NetBSD: patch-config_system-headers,v 1.25 2017/08/10 14:46:15 ryoon Exp $
* Try to support Video4Linux2
* Resolve libm undefined error
* Support system libraries
--- config/system-headers.orig 2017-07-31 16:20:50.000000000 +0000
+++ config/system-headers
@@@@ -626,6 +626,7 @@@@ libgnome/libgnome.h
libgnomeui/gnome-icon-lookup.h
libgnomeui/gnome-icon-theme.h
libgnomeui/gnome-ui-init.h
+libv4l2.h
limits.h
link.h
#ifdef ANDROID
@@@@ -1267,6 +1268,15 @@@@ libsn/sn-launcher.h
libsn/sn-monitor.h
libsn/sn-util.h
#endif
+#if MOZ_SYSTEM_GRAPHITE2==1
+graphite2/Font.h
+graphite2/Segment.h
+#endif
+#if MOZ_SYSTEM_HARFBUZZ==1
+harfbuzz/hb-glib.h
+harfbuzz/hb-ot.h
+harfbuzz/hb.h
+#endif
#if MOZ_SYSTEM_HUNSPELL==1
hunspell.hxx
#endif
@@@@ -1335,3 +1345,17 @@@@ unicode/utypes.h
libutil.h
unwind.h
fenv.h
+#if MOZ_SYSTEM_OGG==1
+ogg/ogg.h
+ogg/os_types.h
+#endif
+#if MOZ_SYSTEM_THEORA==1
+theora/theoradec.h
+#endif
+#if MOZ_SYSTEM_VORBIS==1
+vorbis/codec.h
+vorbis/vorbisenc.h
+#endif
+#if MOZ_SYSTEM_TREMOR==1
+tremor/ivorbiscodec.h
+#endif
@
1.25
log
@Update to 55.0
Changelog:
New
Launched Windows support for WebVR, bringing immersive experiences to the web. See examples and try working demos at Mozilla VR.
Added options that let users optimize recent performance improvements
Setting to enable Hardware VP9 acceleration on Windows 10 Anniversary Edition for better battery life and lower CPU usage while watching videos
Setting to modify the number of concurrent content processes for faster page loading and more responsive tab switching
Simplified installation process with a streamlined Windows stub installer
Firefox for Windows 64-bit is now installed by default on 64-bit systems with at least 2GB of RAM
Full installers with advanced installation options are still available
Improved address bar functionality
Search with any installed one-click search engine directly from the address bar
Search suggestions appear by default
When entering a hostname (like pinterest.com) in the URL bar, Firefox resolves to the secure version of the site (https://www.pinterest.com) instead of the insecure version (http://www.pinterest.com) when possible
Updated Sidebar for bookmarks, history, and synced tabs so it can appear at the right edge of the window as well as the left
Added support for stereo microphones with WebRTC
Pages can be simplified before printing from within Print Preview
Updated Firefox for OSX and macOS to allow users to assign custom keyboard shortcuts to Firefox menu items via System Preferences
Browsing sessions with a high number of tabs are now restored in an instant
Make screenshots of webpages, and save them locally or upload them to the cloud. This feature will undergo A/B testing and will not be visible for some users.
Added Belarusian (be) locale
Fixed
Various security fixes
Changed
Made the Adobe Flash plugin click-to-activate by default and allowed only on http:// and https:// URL schemes. (This change will not be visible to all users immediately. For more information see the Firefox plugin roadmap)
Firefox does not support downgrades, even though this may have worked in past versions. Users who install Firefox 55+ and later downgrade to an earlier version may experience issues with Firefox.
Modernized application update UI to be less intrusive and more aligned with the rest of the browser. Only users who have not restarted their browser 8 days after downloading an update or users who opted out of automatic updates will see this change.
Security fixes:
CVE-2017-7798: XUL injection in the style editor in devtools
Reporter
Frederik Braun
Impact
critical
Description
The Developer Tools feature suffers from a XUL injection vulnerability due to improper sanitization of the web page source code. In the worst case, this could allow arbitrary code execution when opening a malicious page with the style editor tool.
References
Bug 1371586, 1372112
#CVE-2017-7800: Use-after-free in WebSockets during disconnection
Reporter
Looben Yang
Impact
critical
Description
A use-after-free vulnerability can occur in WebSockets when the object holding the connection is freed before the disconnection operation is finished. This results in an exploitable crash.
References
Bug 1374047
#CVE-2017-7801: Use-after-free with marquee during window resizing
Reporter
Nils
Impact
critical
Description
A use-after-free vulnerability can occur while re-computing layout for a marquee element during window resizing where the updated style object is freed while still in use. This results in a potentially exploitable crash.
References
Bug 1371259
#CVE-2017-7809: Use-after-free while deleting attached editor DOM node
Reporter
Nils
Impact
high
Description
A use-after-free vulnerability can occur when an editor DOM node is deleted prematurely during tree traversal while still bound to the document. This results in a potentially exploitable crash.
References
Bug 1380284
#CVE-2017-7784: Use-after-free with image observers
Reporter
Nils
Impact
high
Description
A use-after-free vulnerability can occur when reading an image observer during frame reconstruction after the observer has been freed. This results in a potentially exploitable crash.
References
Bug 1376087
#CVE-2017-7802: Use-after-free resizing image elements
Reporter
Nils
Impact
high
Description
A use-after-free vulnerability can occur when manipulating the DOM during the resize event of an image element. If these elements have been freed due to a lack of strong references, a potentially exploitable crash may occur when the freed elements are accessed.
References
Bug 1378147
#CVE-2017-7785: Buffer overflow manipulating ARIA attributes in DOM
Reporter
Nils
Impact
high
Description
A buffer overflow can occur when manipulating Accessible Rich Internet Applications (ARIA) attributes within the DOM. This results in a potentially exploitable crash.
References
Bug 1356985
#CVE-2017-7786: Buffer overflow while painting non-displayable SVG
Reporter
Nils
Impact
high
Description
A buffer overflow can occur when the image renderer attempts to paint non-displayable SVG elements. This results in a potentially exploitable crash.
References
Bug 1365189
#CVE-2017-7806: Use-after-free in layer manager with SVG
Reporter
Nils
Impact
high
Description
A use-after-free vulnerability can occur when the layer manager is freed too early when rendering specific SVG content, resulting in a potentially exploitable crash.
References
Bug 1378113
#CVE-2017-7753: Out-of-bounds read with cached style data and pseudo-elements
Reporter
SkyLined
Impact
high
Description
An out-of-bounds read occurs when applying style rules to pseudo-elements, such as ::first-line, using cached style data.
References
Bug 1353312
#CVE-2017-7787: Same-origin policy bypass with iframes through page reloads
Reporter
Oliver Wagner
Impact
high
Description
Same-origin policy protections can be bypassed on pages with embedded iframes during page reloads, allowing the iframes to access content on the top level page, leading to information disclosure.
References
Bug 1322896
#CVE-2017-7807: Domain hijacking through AppCache fallback
Reporter
Mathias Karlsson
Impact
high
Description
A mechanism that uses AppCache to hijack a URL in a domain using fallback by serving the files from a sub-path on the domain. This has been addressed by requiring fallback files be inside the manifest directory.
References
Bug 1376459
#CVE-2017-7792: Buffer overflow viewing certificates with an extremely long OID
Reporter
Fraser Tweedale
Impact
high
Description
A buffer overflow will occur when viewing a certificate in the certificate manager if the certificate has an extremely long object identifier (OID). This results in a potentially exploitable crash.
References
Bug 1368652
#CVE-2017-7804: Memory protection bypass through WindowsDllDetourPatcher
Reporter
Stephen Fewer
Impact
high
Description
The destructor function for the WindowsDllDetourPatcher class can be re-purposed by malicious code in concert with another vulnerability to write arbitrary data to an attacker controlled location in memory. This can be used to bypass existing memory protections in this situation.
Note: This attack only affects Windows operating systems. Other operating systems are not affected.
References
Bug 1372849
#CVE-2017-7791: Spoofing following page navigation with data: protocol and modal alerts
Reporter
Jose María Acuña
Impact
moderate
Description
On pages containing an iframe, the data: protocol can be used to create a modal alert that will render over arbitrary domains following page navigation, spoofing of the origin of the modal alert from the iframe content.
References
Bug 1365875
#CVE-2017-7808: CSP information leak with frame-ancestors containing paths
Reporter
Jun Kokatsu
Impact
moderate
Description
A content security policy (CSP) frame-ancestors directive containing origins with paths allows for comparisons against those paths instead of the origin. This results in a cross-origin information leak of this path information.
References
Bug 1367531
#CVE-2017-7782: WindowsDllDetourPatcher allocates memory without DEP protections
Reporter
Arthur Edelstein
Impact
moderate
Description
An error in the WindowsDllDetourPatcher where a RWX ("Read/Write/Execute") 4k block is allocated but never protected, violating DEP protections.
Note: This attack only affects Windows operating systems. Other operating systems are not affected.
References
Bug 1344034
#CVE-2017-7781: Elliptic curve point addition error when using mixed Jacobian-affine coordinates
Reporter
Antonio Sanso
Impact
moderate
Description
An error occurs in the elliptic curve point addition algorithm that uses mixed Jacobian-affine coordinates where it can yield a result POINT_AT_INFINITY when it should not. A man-in-the-middle attacker could use this to interfere with a connection, resulting in an attacked party computing an incorrect shared secret.
References
Bug 1352039
#CVE-2017-7794: Linux file truncation via sandbox broker
Reporter
Jann Horn
Impact
moderate
Description
On Linux systems, if the content process is compromised, the sandbox broker will allow files to be truncated even though the sandbox explicitly only has read access to the local file system and no write permissions.
Note: This attack only affects the Linux operating system. Other operating systems are not affected.
References
Bug 1374281
#CVE-2017-7803: CSP containing 'sandbox' improperly applied
Reporter
Rhys Enniks
Impact
moderate
Description
When a page’s content security policy (CSP) header contains a sandbox directive, other directives are ignored. This results in the incorrect enforcement of CSP.
References
Bug 1377426
#CVE-2017-7799: Self-XSS XUL injection in about:webrtc
Reporter
Frederik Braun
Impact
moderate
Description
JavaScript in the about:webrtc page is not sanitized properly being being assigned to innerHTML. Data on this page is supplied by WebRTC usage and is not under third-party control, making this difficult to exploit, but the vulnerability could possibly be used for a cross-site scripting (XSS) attack.
References
Bug 1372509
#CVE-2017-7783: DOS attack through long username in URL
Reporter
Amit Sangra
Impact
low
Description
If a long user name is used in a username/password combination in a site URL (such as http://UserName:Password@@example.com), the resulting modal prompt will hang in a non-responsive state or crash, causing a denial of service.
References
Bug 1360842
#CVE-2017-7788: Sandboxed about:srcdoc iframes do not inherit CSP directives
Reporter
Muneaki Nishimura
Impact
low
Description
When an iframe has a sandbox attribute and its content is specified using srcdoc, that content does not inherit the containing page's Content Security Policy (CSP) as it should unless the sandbox attribute included allow-same-origin.
References
Bug 1073952
#CVE-2017-7789: Failure to enable HSTS when two STS headers are sent for a connection
Reporter
Muneaki Nishimura
Impact
low
Description
If a server sends two Strict-Transport-Security (STS) headers for a single connection, they will be rejected as invalid and HTTP Strict Transport Security (HSTS) will not be enabled for the connection.
References
Bug 1074642
#CVE-2017-7790: Windows crash reporter reads extra memory for some non-null-terminated registry values
Reporter
Xiaoyin Liu
Impact
low
Description
On Windows systems, if non-null-terminated strings are copied into the crash reporter for some specific registry keys, stack memory data can be copied until a null is found. This can potentially contain private data from the local system.
Note: This attack only affects Windows operating systems. Other operating systems are not affected.
References
Bug 1350460
#CVE-2017-7796: Windows updater can delete any file named update.log
Reporter
Matt Howell
Impact
low
Description
On Windows systems, the logger run by the Windows updater deletes the file "update.log" before it runs in order to write a new log of that name. The path to this file is supplied at the command line to the updater and could be used in concert with another local exploit to delete a different file named "update.log" instead of the one intended.
Note: This attack only affects Windows operating systems. Other operating systems are not affected.
References
Bug 1234401
#CVE-2017-7797: Response header name interning leaks across origins
Reporter
Anne van Kesteren
Impact
low
Description
Response header name interning does not have same-origin protections and these headers are stored in a global registry. This allows stored header names to be available cross-origin.
References
Bug 1334776
#CVE-2017-7780: Memory safety bugs fixed in Firefox 55
Reporter
Mozilla developers and community
Impact
critical
Description
Mozilla developers and community members Gary Kwong, Christian Holler, André Bargull, Bob Clary, Carsten Book, Emilio Cobos Álvarez, Masayuki Nakano, Sebastian Hengst, Franziskus Kiefer, Tyson Smith, and Ronald Crane reported memory safety bugs present in Firefox 54. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code.
References
Memory safety bugs fixed in Firefox 55
#CVE-2017-7779: Memory safety bugs fixed in Firefox 55 and Firefox ESR 52.3
Reporter
Mozilla developers and community
Impact
critical
Description
Mozilla developers and community members Masayuki Nakano, Gary Kwong, Ronald Crane, Andrew McCreight, Tyson Smith, Bevis Tseng, Christian Holler, Bryce Van Dyk, Dragana Damjanovic, Kartikaya Gupta, Philipp, Tristan Bourvon, and Andi-Bogdan Postelnicu reported memory safety bugs present in Firefox 54 and Firefox ESR 52.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code.
References
Memory safety bugs fixed in Firefox 55 and Firefox ESR 52.3
@
text
@d1 1
a1 1
$NetBSD: patch-config_system-headers,v 1.24 2017/06/14 11:28:44 ryoon Exp $
@
1.25.6.1
log
@Pullup ticket #5695 - requested by he and maya
www/firefox: security update
www/firefox-l10n: dependent update
NOTE: firefox-58 needs rust and rust in pkgsrc-2017Q4 needs /proc
Revisions pulled up:
- www/firefox-l10n/Makefile 1.117-1.120
- www/firefox-l10n/PLIST 1.58-1.59
- www/firefox-l10n/distinfo 1.108-1.110
- www/firefox/Makefile 1.316-1.318
- www/firefox/PLIST 1.126
- www/firefox/distinfo 1.304-1.306
- www/firefox/mozilla-common.mk 1.103-1.104
- www/firefox/patches/patch-aa 1.55
- www/firefox/patches/patch-build_moz.configure_keyfiles.configure deleted
- www/firefox/patches/patch-config_Makefile.in deleted
- www/firefox/patches/patch-config_system-headers deleted
- www/firefox/patches/patch-config_system-headers.mozbuild 1.1
- www/firefox/patches/patch-dom_media_flac_FlacDecoder.cpp 1.1
- www/firefox/patches/patch-dom_media_moz.build 1.8
- www/firefox/patches/patch-intl_unicharutil_util_moz.build 1.7
- www/firefox/patches/patch-ipc_chromium_src_base_process__util.h deleted
- www/firefox/patches/patch-ipc_glue_MessageChannel.cpp 1.1
- www/firefox/patches/patch-js_src_build_moz.build 1.2
- www/firefox/patches/patch-media_libcubeb_src_cubeb__alsa.c 1.26
- www/firefox/patches/patch-media_libsoundtouch_src_cpu__detect__x86.cpp deleted
- www/firefox/patches/patch-netwerk_dns_moz.build 1.7
- www/firefox/patches/patch-servo_components_gfx_font.rs deleted
- www/firefox/patches/patch-servo_components_net__traits_response.rs deleted
- www/firefox/patches/patch-servo_components_net_fetch_cors__cache.rs deleted
- www/firefox/patches/patch-servo_components_net_fetch_methods.rs deleted
- www/firefox/patches/patch-servo_components_net_websocket__loader.rs deleted
- www/firefox/patches/patch-servo_components_script_dom_bindings_str.rs deleted
- www/firefox/patches/patch-servo_components_script_dom_blob.rs deleted
- www/firefox/patches/patch-servo_components_script_dom_cssstyledeclaration.rs deleted
- www/firefox/patches/patch-servo_components_script_dom_document.rs deleted
- www/firefox/patches/patch-servo_components_script_dom_element.rs deleted
- www/firefox/patches/patch-servo_components_script_dom_htmlelement.rs deleted
- www/firefox/patches/patch-servo_components_script_dom_htmllinkelement.rs deleted
- www/firefox/patches/patch-servo_components_script_dom_htmlmetaelement.rs deleted
- www/firefox/patches/patch-servo_components_script_dom_htmlscriptelement.rs deleted
- www/firefox/patches/patch-servo_components_script_dom_macros.rs deleted
- www/firefox/patches/patch-servo_components_script_dom_namednodemap.rs deleted
- www/firefox/patches/patch-servo_components_script_dom_serviceworkercontainer.rs deleted
- www/firefox/patches/patch-servo_components_script_dom_servoparser_async__html.rs deleted
- www/firefox/patches/patch-servo_components_script_dom_websocket.rs deleted
- www/firefox/patches/patch-servo_components_script_dom_window.rs deleted
- www/firefox/patches/patch-servo_components_script_dom_xmlhttprequest.rs deleted
- www/firefox/patches/patch-servo_components_selectors_attr.rs deleted
- www/firefox/patches/patch-servo_components_selectors_parser.rs deleted
- www/firefox/patches/patch-servo_components_style__traits_viewport.rs deleted
- www/firefox/patches/patch-servo_components_style_attr.rs deleted
- www/firefox/patches/patch-servo_components_style_counter__style_mod.rs deleted
- www/firefox/patches/patch-servo_components_style_custom__properties.rs deleted
- www/firefox/patches/patch-servo_components_style_gecko__string__cache_mod.rs deleted
- www/firefox/patches/patch-servo_components_style_gecko_generated_pseudo__element__definition.rs deleted
- www/firefox/patches/patch-servo_components_style_gecko_pseudo__element__definition.mako.rs deleted
- www/firefox/patches/patch-servo_components_style_properties_helpers_animated__properties.mako.rs 1.1
- www/firefox/patches/patch-servo_components_style_properties_longhand_font.mako.rs deleted
- www/firefox/patches/patch-servo_components_style_properties_longhand_pointing.mako.rs deleted
- www/firefox/patches/patch-servo_components_style_servo_selector__parser.rs deleted
- www/firefox/patches/patch-servo_components_style_str.rs deleted
- www/firefox/patches/patch-servo_components_style_stylesheets_viewport__rule.rs deleted
- www/firefox/patches/patch-servo_components_style_values_mod.rs deleted
- www/firefox/patches/patch-servo_components_style_values_specified_align.rs deleted
- www/firefox/patches/patch-servo_components_style_values_specified_angle.rs deleted
- www/firefox/patches/patch-servo_components_style_values_specified_calc.rs deleted
- www/firefox/patches/patch-servo_components_style_values_specified_grid.rs deleted
- www/firefox/patches/patch-servo_components_style_values_specified_length.rs deleted
- www/firefox/patches/patch-servo_components_style_values_specified_mod.rs deleted
- www/firefox/patches/patch-servo_components_style_values_specified_percentage.rs deleted
- www/firefox/patches/patch-servo_components_style_values_specified_text.rs deleted
- www/firefox/patches/patch-servo_components_style_values_specified_time.rs deleted
- www/firefox/patches/patch-third__party_python_futures_concurrent_futures_process.py 1.3
- www/firefox/patches/patch-toolkit_components_protobuf_src_google_protobuf_stubs_atomicops.h 1.4
- www/firefox/patches/patch-toolkit_moz.configure 1.9
- www/firefox/patches/patch-toolkit_mozapps_installer_packager.mk 1.1
- www/firefox/patches/patch-xpcom_reflect_xptcall_md_unix_Makefile.in deleted
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: ryoon
Date: Mon Jan 1 07:02:17 UTC 2018
Modified Files:
pkgsrc/www/firefox: Makefile distinfo
Log Message:
Update to 57.0.3
Changelog:
Fixed
* Fix a crash reporting issue that inadvertently sends background tab
crash reports to Mozilla without user opt-in (bug 1427111)
To generate a diff of this commit:
cvs rdiff -u -r1.315 -r1.316 pkgsrc/www/firefox/Makefile
cvs rdiff -u -r1.303 -r1.304 pkgsrc/www/firefox/distinfo
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: ryoon
Date: Mon Jan 1 07:03:33 UTC 2018
Modified Files:
pkgsrc/www/firefox-l10n: Makefile distinfo
Log Message:
Update to 57.0.3
* Sync with www/firefox-57.0.3
To generate a diff of this commit:
cvs rdiff -u -r1.116 -r1.117 pkgsrc/www/firefox-l10n/Makefile
cvs rdiff -u -r1.107 -r1.108 pkgsrc/www/firefox-l10n/distinfo
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: ryoon
Date: Mon Jan 8 09:37:57 UTC 2018
Modified Files:
pkgsrc/www/firefox: Makefile distinfo mozilla-common.mk
Added Files:
pkgsrc/www/firefox/patches: patch-servo_components_gfx_font.rs
patch-servo_components_net__traits_response.rs
patch-servo_components_net_fetch_cors__cache.rs
patch-servo_components_net_fetch_methods.rs
patch-servo_components_net_websocket__loader.rs
patch-servo_components_script_dom_bindings_str.rs
patch-servo_components_script_dom_blob.rs
patch-servo_components_script_dom_cssstyledeclaration.rs
patch-servo_components_script_dom_document.rs
patch-servo_components_script_dom_element.rs
patch-servo_components_script_dom_htmlelement.rs
patch-servo_components_script_dom_htmllinkelement.rs
patch-servo_components_script_dom_htmlmetaelement.rs
patch-servo_components_script_dom_htmlscriptelement.rs
patch-servo_components_script_dom_macros.rs
patch-servo_components_script_dom_namednodemap.rs
patch-servo_components_script_dom_serviceworkercontainer.rs
patch-servo_components_script_dom_servoparser_async__html.rs
patch-servo_components_script_dom_websocket.rs
patch-servo_components_script_dom_window.rs
patch-servo_components_script_dom_xmlhttprequest.rs
patch-servo_components_selectors_attr.rs
patch-servo_components_selectors_parser.rs
patch-servo_components_style__traits_viewport.rs
patch-servo_components_style_attr.rs
patch-servo_components_style_counter__style_mod.rs
patch-servo_components_style_custom__properties.rs
patch-servo_components_style_gecko__string__cache_mod.rs
patch-servo_components_style_gecko_generated_pseudo__element__definition.rs
patch-servo_components_style_gecko_pseudo__element__definition.mako.rs
patch-servo_components_style_properties_longhand_font.mako.rs
patch-servo_components_style_properties_longhand_pointing.mako.rs
patch-servo_components_style_servo_selector__parser.rs
patch-servo_components_style_str.rs
patch-servo_components_style_stylesheets_viewport__rule.rs
patch-servo_components_style_values_mod.rs
patch-servo_components_style_values_specified_align.rs
patch-servo_components_style_values_specified_angle.rs
patch-servo_components_style_values_specified_calc.rs
patch-servo_components_style_values_specified_grid.rs
patch-servo_components_style_values_specified_length.rs
patch-servo_components_style_values_specified_mod.rs
patch-servo_components_style_values_specified_percentage.rs
patch-servo_components_style_values_specified_text.rs
patch-servo_components_style_values_specified_time.rs
Log Message:
Update to 57.0.4
* Use lang/rust-1.23.0
Changelog:
Speculative execution side-channel attack ("Spectre")
Announced
January 4, 2018
Reporter
Jann Horn (Google Project Zero); Microsoft Vunerability Research
Impact
High
Products
Firefox
Fixed in
Firefox 57.0.4
Description
Jann Horn of Google Project Zero Security reported that speculative
execution performed by modern CPUs could leak information through
a timing side-channel attack. Microsoft Vulnerability Research extended
this attack to browser JavaScript engines and demonstrated that code on
a malicious web page could read data from other web sites (violating
the same-origin policy) or private data from the browser itself.
Since this new class of attacks involves measuring precise time intervals,
as a partial, short-term, mitigation we are disabling or reducing
the precision of several time sources in Firefox. The precision of
performance.now() has been reduced from 5us to 20us, and
the SharedArrayBuffer feature has been disabled because it can be
used to construct a high-resolution timer.
SharedArrayBuffer is already disabled in Firefox 52 ESR.
To generate a diff of this commit:
cvs rdiff -u -r1.316 -r1.317 pkgsrc/www/firefox/Makefile
cvs rdiff -u -r1.304 -r1.305 pkgsrc/www/firefox/distinfo
cvs rdiff -u -r1.102 -r1.103 pkgsrc/www/firefox/mozilla-common.mk
cvs rdiff -u -r0 -r1.1 \
pkgsrc/www/firefox/patches/patch-servo_components_gfx_font.rs \
pkgsrc/www/firefox/patches/patch-servo_components_net__traits_response.rs \
pkgsrc/www/firefox/patches/patch-servo_components_net_fetch_cors__cache.rs \
pkgsrc/www/firefox/patches/patch-servo_components_net_fetch_methods.rs \
pkgsrc/www/firefox/patches/patch-servo_components_net_websocket__loader.rs \
pkgsrc/www/firefox/patches/patch-servo_components_script_dom_bindings_str.rs \
pkgsrc/www/firefox/patches/patch-servo_components_script_dom_blob.rs \
pkgsrc/www/firefox/patches/patch-servo_components_script_dom_element.rs \
pkgsrc/www/firefox/patches/patch-servo_components_script_dom_htmlelement.rs \
pkgsrc/www/firefox/patches/patch-servo_components_script_dom_htmllinkelement.rs \
pkgsrc/www/firefox/patches/patch-servo_components_script_dom_htmlmetaelement.rs \
pkgsrc/www/firefox/patches/patch-servo_components_script_dom_htmlscriptelement.rs \
pkgsrc/www/firefox/patches/patch-servo_components_script_dom_macros.rs \
pkgsrc/www/firefox/patches/patch-servo_components_script_dom_namednodemap.rs \
pkgsrc/www/firefox/patches/patch-servo_components_script_dom_serviceworkercontainer.rs \
pkgsrc/www/firefox/patches/patch-servo_components_script_dom_websocket.rs \
pkgsrc/www/firefox/patches/patch-servo_components_script_dom_window.rs \
pkgsrc/www/firefox/patches/patch-servo_components_selectors_attr.rs \
pkgsrc/www/firefox/patches/patch-servo_components_style__traits_viewport.rs \
pkgsrc/www/firefox/patches/patch-servo_components_style_attr.rs \
pkgsrc/www/firefox/patches/patch-servo_components_style_counter__style_mod.rs \
pkgsrc/www/firefox/patches/patch-servo_components_style_custom__properties.rs \
pkgsrc/www/firefox/patches/patch-servo_components_style_gecko__string__cache_mod.rs \
pkgsrc/www/firefox/patches/patch-servo_components_style_gecko_generated_pseudo__element__definition.rs \
pkgsrc/www/firefox/patches/patch-servo_components_style_gecko_pseudo__element__definition.mako.rs \
pkgsrc/www/firefox/patches/patch-servo_components_style_properties_longhand_font.mako.rs \
pkgsrc/www/firefox/patches/patch-servo_components_style_properties_longhand_pointing.mako.rs \
pkgsrc/www/firefox/patches/patch-servo_components_style_servo_selector__parser.rs \
pkgsrc/www/firefox/patches/patch-servo_components_style_str.rs \
pkgsrc/www/firefox/patches/patch-servo_components_style_stylesheets_viewport__rule.rs \
pkgsrc/www/firefox/patches/patch-servo_components_style_values_mod.rs \
pkgsrc/www/firefox/patches/patch-servo_components_style_values_specified_align.rs \
pkgsrc/www/firefox/patches/patch-servo_components_style_values_specified_angle.rs \
pkgsrc/www/firefox/patches/patch-servo_components_style_values_specified_calc.rs \
pkgsrc/www/firefox/patches/patch-servo_components_style_values_specified_grid.rs \
pkgsrc/www/firefox/patches/patch-servo_components_style_values_specified_length.rs \
pkgsrc/www/firefox/patches/patch-servo_components_style_values_specified_mod.rs \
pkgsrc/www/firefox/patches/patch-servo_components_style_values_specified_percentage.rs \
pkgsrc/www/firefox/patches/patch-servo_components_style_values_specified_text.rs \
pkgsrc/www/firefox/patches/patch-servo_components_style_values_specified_time.rs
cvs rdiff -u -r0 -r1.3 \
pkgsrc/www/firefox/patches/patch-servo_components_script_dom_cssstyledeclaration.rs \
pkgsrc/www/firefox/patches/patch-servo_components_script_dom_document.rs \
pkgsrc/www/firefox/patches/patch-servo_components_script_dom_servoparser_async__html.rs \
pkgsrc/www/firefox/patches/patch-servo_components_script_dom_xmlhttprequest.rs \
pkgsrc/www/firefox/patches/patch-servo_components_selectors_parser.rs
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: ryoon
Date: Sun Jan 21 01:29:28 UTC 2018
Modified Files:
pkgsrc/www/firefox-l10n: Makefile distinfo
Log Message:
Update to 57.0.4
* Sync with www/firefox-57.0.4
To generate a diff of this commit:
cvs rdiff -u -r1.117 -r1.118 pkgsrc/www/firefox-l10n/Makefile
cvs rdiff -u -r1.108 -r1.109 pkgsrc/www/firefox-l10n/distinfo
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: ryoon
Date: Wed Jan 24 16:52:08 UTC 2018
Modified Files:
pkgsrc/www/firefox: Makefile PLIST distinfo mozilla-common.mk
pkgsrc/www/firefox/patches: patch-aa patch-dom_media_moz.build
patch-intl_unicharutil_util_moz.build patch-js_src_build_moz.build
patch-media_libcubeb_src_cubeb__alsa.c patch-netwerk_dns_moz.build
patch-toolkit_components_protobuf_src_google_protobuf_stubs_atomicops.h
patch-toolkit_moz.configure
Added Files:
pkgsrc/www/firefox/patches: patch-config_system-headers.mozbuild
patch-dom_media_flac_FlacDecoder.cpp
patch-ipc_glue_MessageChannel.cpp
patch-servo_components_style_properties_helpers_animated__properties.mako.rs
patch-third__party_python_futures_concurrent_futures_process.py
patch-toolkit_mozapps_installer_packager.mk
Removed Files:
pkgsrc/www/firefox/patches:
patch-build_moz.configure_keyfiles.configure
patch-config_Makefile.in patch-config_system-headers
patch-ipc_chromium_src_base_process__util.h
patch-media_libsoundtouch_src_cpu__detect__x86.cpp
patch-servo_components_gfx_font.rs
patch-servo_components_net__traits_response.rs
patch-servo_components_net_fetch_cors__cache.rs
patch-servo_components_net_fetch_methods.rs
patch-servo_components_net_websocket__loader.rs
patch-servo_components_script_dom_bindings_str.rs
patch-servo_components_script_dom_blob.rs
patch-servo_components_script_dom_cssstyledeclaration.rs
patch-servo_components_script_dom_document.rs
patch-servo_components_script_dom_element.rs
patch-servo_components_script_dom_htmlelement.rs
patch-servo_components_script_dom_htmllinkelement.rs
patch-servo_components_script_dom_htmlmetaelement.rs
patch-servo_components_script_dom_htmlscriptelement.rs
patch-servo_components_script_dom_macros.rs
patch-servo_components_script_dom_namednodemap.rs
patch-servo_components_script_dom_serviceworkercontainer.rs
patch-servo_components_script_dom_servoparser_async__html.rs
patch-servo_components_script_dom_websocket.rs
patch-servo_components_script_dom_window.rs
patch-servo_components_script_dom_xmlhttprequest.rs
patch-servo_components_selectors_attr.rs
patch-servo_components_selectors_parser.rs
patch-servo_components_style__traits_viewport.rs
patch-servo_components_style_attr.rs
patch-servo_components_style_counter__style_mod.rs
patch-servo_components_style_custom__properties.rs
patch-servo_components_style_gecko__string__cache_mod.rs
patch-servo_components_style_gecko_generated_pseudo__element__definition.rs
patch-servo_components_style_gecko_pseudo__element__definition.mako.rs
patch-servo_components_style_properties_longhand_font.mako.rs
patch-servo_components_style_properties_longhand_pointing.mako.rs
patch-servo_components_style_servo_selector__parser.rs
patch-servo_components_style_str.rs
patch-servo_components_style_stylesheets_viewport__rule.rs
patch-servo_components_style_values_mod.rs
patch-servo_components_style_values_specified_align.rs
patch-servo_components_style_values_specified_angle.rs
patch-servo_components_style_values_specified_calc.rs
patch-servo_components_style_values_specified_grid.rs
patch-servo_components_style_values_specified_length.rs
patch-servo_components_style_values_specified_mod.rs
patch-servo_components_style_values_specified_percentage.rs
patch-servo_components_style_values_specified_text.rs
patch-servo_components_style_values_specified_time.rs
patch-xpcom_reflect_xptcall_md_unix_Makefile.in
Log Message:
Update to 58.0
Changelog:
New
Performance improvements, including:
Rendering graphics for Windows users by using Off-Main-Threa
Painting (OMTP)
Loading pages faster by changing how Firefox caches and retrieves
JavaScript
Improvements to Firefox Screenshots:
Copy and paste screenshots directly to your clipboard
Firefox Screenshots now works in Private Browsing mode
Added Nepali (ne-NP) locale
In case you missed it--57 Release privacy and performance feature:
Users can enable Tracking Protection at all times. Learn how to turn
Tracking Protection on.
Fixed
Fonts installed in non-standard directories will no longer appear
blank for Linux users
Various security fixes
Changed
User profiles created in Firefox 58 (and in future releases) are not
supported in previous versions of Firefox. Users who downgrade to
a previous version should create a new profile for that version.
Learn about alternatives to downgrading on our support site.
Added a warning to alert users and site owners of planned security
changes to sites affected by the gradual distrust plan for
the Symantec certificate authority
#CVE-2018-5091: Use-after-free with DTMF timers
#CVE-2018-5092: Use-after-free in Web Workers
#CVE-2018-5093: Buffer overflow in WebAssembly during Memory/Table resizing
#CVE-2018-5094: Buffer overflow in WebAssembly with garbage collection on
uninitialized memory
#CVE-2018-5095: Integer overflow in Skia library during edge builder allocation
#CVE-2018-5097: Use-after-free when source document is manipulated during XSLT
#CVE-2018-5098: Use-after-free while manipulating form input elements
#CVE-2018-5099: Use-after-free with widget listener
#CVE-2018-5100: Use-after-free when IsPotentiallyScrollable arguments are
freed from memory
#CVE-2018-5101: Use-after-free with floating first-letter style elements
#CVE-2018-5102: Use-after-free in HTML media elements
#CVE-2018-5103: Use-after-free during mouse event handling
#CVE-2018-5104: Use-after-free during font face manipulation
#CVE-2018-5105: WebExtensions can save and execute files on local file
system without user prompts
#CVE-2018-5106: Developer Tools can expose style editor information
cross-origin through service worker
#CVE-2018-5107: Printing process will follow symlinks for local file access
#CVE-2018-5108: Manually entered blob URL can be accessed by subsequent
private browsing tabs
#CVE-2018-5109: Audio capture prompts and starts with incorrect origin
attribution
#CVE-2018-5110: Cursor can be made invisible on OS X
#CVE-2018-5117: URL spoofing with right-to-left text aligned left-to-right
#CVE-2018-5118: Activity Stream images can attempt to load local content
through file:
#CVE-2018-5119: Reader view will load cross-origin content in violation
of CORS headers
#CVE-2018-5121: OS X Tibetan characters render incompletely in the addressbar
#CVE-2018-5122: Potential integer overflow in DoCrypt
#CVE-2018-5090: Memory safety bugs fixed in Firefox 58
#CVE-2018-5089: Memory safety bugs fixed in Firefox 58 and Firefox ESR 52.6
To generate a diff of this commit:
cvs rdiff -u -r1.317 -r1.318 pkgsrc/www/firefox/Makefile
cvs rdiff -u -r1.125 -r1.126 pkgsrc/www/firefox/PLIST
cvs rdiff -u -r1.305 -r1.306 pkgsrc/www/firefox/distinfo
cvs rdiff -u -r1.103 -r1.104 pkgsrc/www/firefox/mozilla-common.mk
cvs rdiff -u -r1.54 -r1.55 pkgsrc/www/firefox/patches/patch-aa
cvs rdiff -u -r1.3 -r0 \
pkgsrc/www/firefox/patches/patch-build_moz.configure_keyfiles.configure \
pkgsrc/www/firefox/patches/patch-servo_components_script_dom_cssstyledeclaration.rs \
pkgsrc/www/firefox/patches/patch-servo_components_script_dom_document.rs \
pkgsrc/www/firefox/patches/patch-servo_components_script_dom_servoparser_async__html.rs \
pkgsrc/www/firefox/patches/patch-servo_components_script_dom_xmlhttprequest.rs \
pkgsrc/www/firefox/patches/patch-servo_components_selectors_parser.rs \
pkgsrc/www/firefox/patches/patch-xpcom_reflect_xptcall_md_unix_Makefile.in
cvs rdiff -u -r1.11 -r0 pkgsrc/www/firefox/patches/patch-config_Makefile.in
cvs rdiff -u -r1.25 -r0 \
pkgsrc/www/firefox/patches/patch-config_system-headers
cvs rdiff -u -r0 -r1.1 \
pkgsrc/www/firefox/patches/patch-config_system-headers.mozbuild \
pkgsrc/www/firefox/patches/patch-dom_media_flac_FlacDecoder.cpp \
pkgsrc/www/firefox/patches/patch-ipc_glue_MessageChannel.cpp \
pkgsrc/www/firefox/patches/patch-servo_components_style_properties_helpers_animated__properties.mako.rs \
pkgsrc/www/firefox/patches/patch-toolkit_mozapps_installer_packager.mk
cvs rdiff -u -r1.7 -r1.8 pkgsrc/www/firefox/patches/patch-dom_media_moz.build
cvs rdiff -u -r1.6 -r1.7 \
pkgsrc/www/firefox/patches/patch-intl_unicharutil_util_moz.build \
pkgsrc/www/firefox/patches/patch-netwerk_dns_moz.build
cvs rdiff -u -r1.6 -r0 \
pkgsrc/www/firefox/patches/patch-ipc_chromium_src_base_process__util.h
cvs rdiff -u -r1.1 -r1.2 \
pkgsrc/www/firefox/patches/patch-js_src_build_moz.build
cvs rdiff -u -r1.25 -r1.26 \
pkgsrc/www/firefox/patches/patch-media_libcubeb_src_cubeb__alsa.c
cvs rdiff -u -r1.5 -r0 \
pkgsrc/www/firefox/patches/patch-media_libsoundtouch_src_cpu__detect__x86.cpp
cvs rdiff -u -r1.1 -r0 \
pkgsrc/www/firefox/patches/patch-servo_components_gfx_font.rs \
pkgsrc/www/firefox/patches/patch-servo_components_net__traits_response.rs \
pkgsrc/www/firefox/patches/patch-servo_components_net_fetch_cors__cache.rs \
pkgsrc/www/firefox/patches/patch-servo_components_net_fetch_methods.rs \
pkgsrc/www/firefox/patches/patch-servo_components_net_websocket__loader.rs \
pkgsrc/www/firefox/patches/patch-servo_components_script_dom_bindings_str.rs \
pkgsrc/www/firefox/patches/patch-servo_components_script_dom_blob.rs \
pkgsrc/www/firefox/patches/patch-servo_components_script_dom_element.rs \
pkgsrc/www/firefox/patches/patch-servo_components_script_dom_htmlelement.rs \
pkgsrc/www/firefox/patches/patch-servo_components_script_dom_htmllinkelement.rs \
pkgsrc/www/firefox/patches/patch-servo_components_script_dom_htmlmetaelement.rs \
pkgsrc/www/firefox/patches/patch-servo_components_script_dom_htmlscriptelement.rs \
pkgsrc/www/firefox/patches/patch-servo_components_script_dom_macros.rs \
pkgsrc/www/firefox/patches/patch-servo_components_script_dom_namednodemap.rs \
pkgsrc/www/firefox/patches/patch-servo_components_script_dom_serviceworkercontainer.rs \
pkgsrc/www/firefox/patches/patch-servo_components_script_dom_websocket.rs \
pkgsrc/www/firefox/patches/patch-servo_components_script_dom_window.rs \
pkgsrc/www/firefox/patches/patch-servo_components_selectors_attr.rs \
pkgsrc/www/firefox/patches/patch-servo_components_style__traits_viewport.rs \
pkgsrc/www/firefox/patches/patch-servo_components_style_attr.rs \
pkgsrc/www/firefox/patches/patch-servo_components_style_counter__style_mod.rs \
pkgsrc/www/firefox/patches/patch-servo_components_style_custom__properties.rs \
pkgsrc/www/firefox/patches/patch-servo_components_style_gecko__string__cache_mod.rs \
pkgsrc/www/firefox/patches/patch-servo_components_style_gecko_generated_pseudo__element__definition.rs \
pkgsrc/www/firefox/patches/patch-servo_components_style_gecko_pseudo__element__definition.mako.rs \
pkgsrc/www/firefox/patches/patch-servo_components_style_properties_longhand_font.mako.rs \
pkgsrc/www/firefox/patches/patch-servo_components_style_properties_longhand_pointing.mako.rs \
pkgsrc/www/firefox/patches/patch-servo_components_style_servo_selector__parser.rs \
pkgsrc/www/firefox/patches/patch-servo_components_style_str.rs \
pkgsrc/www/firefox/patches/patch-servo_components_style_stylesheets_viewport__rule.rs \
pkgsrc/www/firefox/patches/patch-servo_components_style_values_mod.rs \
pkgsrc/www/firefox/patches/patch-servo_components_style_values_specified_align.rs \
pkgsrc/www/firefox/patches/patch-servo_components_style_values_specified_angle.rs \
pkgsrc/www/firefox/patches/patch-servo_components_style_values_specified_calc.rs \
pkgsrc/www/firefox/patches/patch-servo_components_style_values_specified_grid.rs \
pkgsrc/www/firefox/patches/patch-servo_components_style_values_specified_length.rs \
pkgsrc/www/firefox/patches/patch-servo_components_style_values_specified_mod.rs \
pkgsrc/www/firefox/patches/patch-servo_components_style_values_specified_percentage.rs \
pkgsrc/www/firefox/patches/patch-servo_components_style_values_specified_text.rs \
pkgsrc/www/firefox/patches/patch-servo_components_style_values_specified_time.rs
cvs rdiff -u -r0 -r1.3 \
pkgsrc/www/firefox/patches/patch-third__party_python_futures_concurrent_futures_process.py
cvs rdiff -u -r1.3 -r1.4 \
pkgsrc/www/firefox/patches/patch-toolkit_components_protobuf_src_google_protobuf_stubs_atomicops.h
cvs rdiff -u -r1.8 -r1.9 \
pkgsrc/www/firefox/patches/patch-toolkit_moz.configure
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: ryoon
Date: Wed Jan 24 16:54:05 UTC 2018
Modified Files:
pkgsrc/www/firefox-l10n: Makefile PLIST distinfo
Log Message:
Update to 58.0
* Sync with www/firefox-58.0
* Add ne-NP locale
To generate a diff of this commit:
cvs rdiff -u -r1.118 -r1.119 pkgsrc/www/firefox-l10n/Makefile
cvs rdiff -u -r1.57 -r1.58 pkgsrc/www/firefox-l10n/PLIST
cvs rdiff -u -r1.109 -r1.110 pkgsrc/www/firefox-l10n/distinfo
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: ryoon
Date: Mon Jan 29 15:22:54 UTC 2018
Modified Files:
pkgsrc/www/firefox-l10n: Makefile PLIST
Log Message:
Previous revison does not work. Install xpi files instead. Bump PKGREVISION
To generate a diff of this commit:
cvs rdiff -u -r1.119 -r1.120 pkgsrc/www/firefox-l10n/Makefile
cvs rdiff -u -r1.58 -r1.59 pkgsrc/www/firefox-l10n/PLIST
@
text
@d1 1
a1 1
$NetBSD: patch-config_system-headers,v 1.25 2017/08/10 14:46:15 ryoon Exp $
@
1.24
log
@Update to 54.0
* If your 54.0 is unstable, please disable e10s with
browser.tabs.remote.autostart.2=false (this works at least for me)
Changelog:
New
Simplified the download button and download status panel
Added support for multiple content processes (e10s-multi)
Added Burmese (my) locale
Fixed
Various security fixes
Changed
Moved the mobile bookmarks folder to the main bookmarks menu for easier access
Security fixes:
#CVE-2017-5472: Use-after-free using destroyed node when regenerating trees
#CVE-2017-7749: Use-after-free during docshell reloading
#CVE-2017-7750: Use-after-free with track elements
#CVE-2017-7751: Use-after-free with content viewer listeners
#CVE-2017-7752: Use-after-free with IME input
#CVE-2017-7754: Out-of-bounds read in WebGL with ImageInfo object
#CVE-2017-7755: Privilege escalation through Firefox Installer with same directory DLL files
#CVE-2017-7756: Use-after-free and use-after-scope logging XHR header errors
#CVE-2017-7757: Use-after-free in IndexedDB
#CVE-2017-7778: Vulnerabilities in the Graphite 2 library
#CVE-2017-7758: Out-of-bounds read in Opus encoder
#CVE-2017-7759: Android intent URLs can cause navigation to local file system
#CVE-2017-7760: File manipulation and privilege escalation via callback parameter in Mozilla Windows Updater and Maintenance Service
#CVE-2017-7761: File deletion and privilege escalation through Mozilla Maintenance Service helper.exe application
#CVE-2017-7762: Addressbar spoofing in Reader mode
#CVE-2017-7763: Mac fonts render some unicode characters as spaces
#CVE-2017-7764: Domain spoofing with combination of Canadian Syllabics and other unicode blocks
#CVE-2017-7765: Mark of the Web bypass when saving executable files
#CVE-2017-7766: File execution and privilege escalation through updater.ini, Mozilla Windows Updater, and Mozilla Maintenance Service
#CVE-2017-7767: Privilege escalation and arbitrary file overwrites through Mozilla Windows Updater and Mozilla Maintenance Service
#CVE-2017-7768: 32 byte arbitrary file read through Mozilla Maintenance Service
#CVE-2017-7770: Addressbar spoofing with JavaScript events and fullscreen mode
#CVE-2017-5471: Memory safety bugs fixed in Firefox 54
#CVE-2017-5470: Memory safety bugs fixed in Firefox 54 and Firefox ESR 52.2
@
text
@d1 1
a1 1
$NetBSD: patch-config_system-headers,v 1.23 2017/04/27 01:49:47 ryoon Exp $
d7 1
a7 1
--- config/system-headers.orig 2017-06-05 20:45:15.000000000 +0000
d9 1
a9 1
@@@@ -625,6 +625,7 @@@@ libgnome/libgnome.h
d17 1
a17 1
@@@@ -1268,6 +1269,24 @@@@ libsn/sn-launcher.h
a29 9
+#if MOZ_SYSTEM_GRAPHITE2==1
+graphite2/Font.h
+graphite2/Segment.h
+#endif
+#if MOZ_SYSTEM_HARFBUZZ==1
+harfbuzz/hb-glib.h
+harfbuzz/hb-ot.h
+harfbuzz/hb.h
+#endif
d33 1
a33 1
@@@@ -1338,3 +1357,31 @@@@ unicode/utypes.h
a50 14
+#if MOZ_SYSTEM_OGG==1
+ogg/ogg.h
+ogg/os_types.h
+#endif
+#if MOZ_SYSTEM_THEORA==1
+theora/theoradec.h
+#endif
+#if MOZ_SYSTEM_VORBIS==1
+vorbis/codec.h
+vorbis/vorbisenc.h
+#endif
+#if MOZ_SYSTEM_TREMOR==1
+tremor/ivorbiscodec.h
+#endif
@
1.23
log
@Update to 53.0
Changelog:
New
Improved graphics stability for Windows users with the addition of compositor process separation (Quantum Compositor)
Two new 'compact' themes available in Firefox, dark and light, based on the Firefox Developer Edition theme
Lightweight themes are now applied in private browsing windows
Reader Mode now displays estimated reading time for the page
Windows 7+ users on 64-bit OS can select 32-bit or 64-bit versions in the stub installer
Fixed
Various security fixes
Changed
Updated the design of site permission requests to make them harder to miss and easier to understand
Windows XP and Vista are no longer supported. XP and Vista users running Firefox 52 will continue to receive security updates on Firefox ESR 52.
32-bit Mac OS X is no longer supported. 32-bit Mac OS X users can switch to Firefox ESR 52 to continue receiving security updates.
Updates for Mac OS X are smaller in size compared to updates for Firefox 52
New visual design for audio and video controls
Ended Firefox Linux support for processors older than Pentium 4 and AMD Opteron
The last few characters of shortened tab titles fade out instead of being replaced by ellipses to keep more of the title visible
Security fixes:
#CVE-2017-5433: Use-after-free in SMIL animation functions
#CVE-2017-5435: Use-after-free during transaction processing in the editor
#CVE-2017-5436: Out-of-bounds write with malicious font in Graphite 2
#CVE-2017-5461: Out-of-bounds write in Base64 encoding in NSS
#CVE-2017-5459: Buffer overflow in WebGL
#CVE-2017-5466: Origin confusion when reloading isolated data:text/html URL
#CVE-2017-5434: Use-after-free during focus handling
#CVE-2017-5432: Use-after-free in text input selection
#CVE-2017-5460: Use-after-free in frame selection
#CVE-2017-5438: Use-after-free in nsAutoPtr during XSLT processing
#CVE-2017-5439: Use-after-free in nsTArray Length() during XSLT processing
#CVE-2017-5440: Use-after-free in txExecutionState destructor during XSLT processing
#CVE-2017-5441: Use-after-free with selection during scroll events
#CVE-2017-5442: Use-after-free during style changes
#CVE-2017-5464: Memory corruption with accessibility and DOM manipulation
#CVE-2017-5443: Out-of-bounds write during BinHex decoding
#CVE-2017-5444: Buffer overflow while parsing application/http-index-format content
#CVE-2017-5446: Out-of-bounds read when HTTP/2 DATA frames are sent with incorrect data
#CVE-2017-5447: Out-of-bounds read during glyph processing
#CVE-2017-5465: Out-of-bounds read in ConvolvePixel
#CVE-2017-5448: Out-of-bounds write in ClearKeyDecryptor
#CVE-2017-5437: Vulnerabilities in Libevent library
#CVE-2017-5454: Sandbox escape allowing file system read access through file picker
#CVE-2017-5455: Sandbox escape through internal feed reader APIs
#CVE-2017-5456: Sandbox escape allowing local file system access
#CVE-2017-5469: Potential Buffer overflow in flex-generated code
#CVE-2017-5445: Uninitialized values used while parsing application/http-index-format content
#CVE-2017-5449: Crash during bidirectional unicode manipulation with animation
#CVE-2017-5450: Addressbar spoofing using javascript: URI on Firefox for Android
#CVE-2017-5451: Addressbar spoofing with onblur event
#CVE-2017-5462: DRBG flaw in NSS
#CVE-2017-5463: Addressbar spoofing through reader view on Firefox for Android
#CVE-2017-5467: Memory corruption when drawing Skia content
#CVE-2017-5452: Addressbar spoofing during scrolling with editable content on Firefox for Android
#CVE-2017-5453: HTML injection into RSS Reader feed preview page through TITLE element
#CVE-2017-5458: Drag and drop of javascript: URLs can allow for self-XSS
#CVE-2017-5468: Incorrect ownership model for Private Browsing information
#CVE-2017-5430: Memory safety bugs fixed in Firefox 53 and Firefox ESR 52.1
#CVE-2017-5429: Memory safety bugs fixed in Firefox 53, Firefox ESR 45.9, and Firefox ESR 52.1
@
text
@d1 1
a1 1
$NetBSD: patch-config_system-headers,v 1.22 2017/03/07 20:45:43 ryoon Exp $
d7 1
a7 1
--- config/system-headers.orig 2017-04-11 04:15:17.000000000 +0000
d9 1
a9 1
@@@@ -624,6 +624,7 @@@@ libgnome/libgnome.h
d17 1
a17 1
@@@@ -1267,6 +1268,15 @@@@ libsn/sn-launcher.h
d30 9
d42 1
a42 1
@@@@ -1337,3 +1347,17 @@@@ unicode/utypes.h
d60 14
@
1.22
log
@Update to 52.0
* Switch to GTK3 build
* Remove py-sqlite2 dependency, fix PR pkg/52032
Changelog:
New
Added support for WebAssembly, an emerging standard that brings near-native performance to Web-based games, apps, and software libraries without the use of plugins.
Added automatic captive portal detection, for easier access to Wi-Fi hotspots. When accessing the Internet via a captive portal, Firefox will alert users and open the portal login page in a new tab.
Added user warnings for non-secure HTTP pages with logins. Firefox now displays a "This connection is not secure" message when users click into the username and password fields on pages that don't use HTTPS.
Implemented the Strict Secure Cookies specification which forbids insecure HTTP sites from setting cookies with the "secure" attribute. In some cases, this will prevent an insecure site from setting a cookie with the same name as an existing "secure" cookie from the same base domain.
Enhanced Sync to allow users to send and open tabs from one device to another.
Fixed
Various security fixes
Improved text input for third-party keyboard layouts on Windows. This will address some keyboard layouts that
* have chained dead keys
* input two or more characters with a non-printable key or a dead key sequence
* input a character even when a dead key sequence failed to compose a character
Changed
Removed support for Netscape Plugin API (NPAPI) plugins other than Flash. Silverlight, Java, Acrobat and the like are no longer supported.
Removed Battery Status API to reduce fingerprinting of users by trackers
Improved experience for downloads:
* Notification in the toolbar when a download fails
* Quick access to five most recent downloads rather than three
* Larger buttons for canceling and restarting downloads
Display (but allow users to override) an "Untrusted Connection" error when encountering SHA-1 certificates that chain up to a root certificate included in Mozilla's CA Certificate Program. (Note: Firefox continues to permit SHA-1 certificates that chain to manually imported root certificates.) Read more about the Mozilla Security Team's plans to deprecate SHA-1
Migrated Firefox users on Windows XP and Windows Vista operating systems to the extended support release (ESR) version of Firefox.
When not using Direct2D on Windows, Skia is used for content rendering
Developer
Enabled CSS Grid Layout, opening up a world of new possibilities for graphic design
Redesigned Responsive Design Mode to include device selection, network throttling, and more
Improved security for screen sharing, which now shows a preview and no longer requires a whitelisted domain
unresolved
Google Hangouts temporarily won't work
Security fixes:
#CVE-2017-5400: asm.js JIT-spray bypass of ASLR and DEP
#CVE-2017-5401: Memory Corruption when handling ErrorResult
#CVE-2017-5402: Use-after-free working with events in FontFace objects
#CVE-2017-5403: Use-after-free using addRange to add range to an incorrect root object
#CVE-2017-5404: Use-after-free working with ranges in selections
#CVE-2017-5406: Segmentation fault in Skia with canvas operations
#CVE-2017-5407: Pixel and history stealing via floating-point timing side channel with SVG filters
#CVE-2017-5410: Memory corruption during JavaScript garbage collection incremental sweeping
#CVE-2017-5411: Use-after-free in Buffer Storage in libGLES
#CVE-2017-5409: File deletion via callback parameter in Mozilla Windows Updater and Maintenance Service
#CVE-2017-5408: Cross-origin reading of video captions in violation of CORS
#CVE-2017-5412: Buffer overflow read in SVG filters
#CVE-2017-5413: Segmentation fault during bidirectional operations
#CVE-2017-5414: File picker can choose incorrect default directory
#CVE-2017-5415: Addressbar spoofing through blob URL
#CVE-2017-5416: Null dereference crash in HttpChannel
#CVE-2017-5417: Addressbar spoofing by draging and dropping URLs
#CVE-2017-5425: Overly permissive Gecko Media Plugin sandbox regular expression access
#CVE-2017-5426: Gecko Media Plugin sandbox is not started if seccomp-bpf filter is running
#CVE-2017-5427: Non-existent chrome.manifest file loaded during startup
#CVE-2017-5418: Out of bounds read when parsing HTTP digest authorization responses
#CVE-2017-5419: Repeated authentication prompts lead to DOS attack
#CVE-2017-5420: Javascript: URLs can obfuscate addressbar location
#CVE-2017-5405: FTP response codes can cause use of uninitialized values for ports
#CVE-2017-5421: Print preview spoofing
#CVE-2017-5422: DOS attack by using view-source: protocol repeatedly in one hyperlink
#CVE-2017-5399: Memory safety bugs fixed in Firefox 52
#CVE-2017-5398: Memory safety bugs fixed in Firefox 52 and Firefox ESR 45.8
@
text
@d1 1
a1 1
$NetBSD: patch-config_system-headers,v 1.21 2016/12/03 09:58:26 ryoon Exp $
d7 1
a7 1
--- config/system-headers.orig 2017-02-23 20:13:58.000000000 +0000
d33 1
a33 1
@@@@ -1335,3 +1345,17 @@@@ unicode/utypes.h
@
1.21
log
@Update to 50.0.2
* Change default audio support to ALSA.
You can use OSS or pulseaudio via ALSA plugin package.
Changelog:
50.0.2:
Fixed in Firefox 50.0.2
#CVE-2016-9079: Use-after-free in SVG Animation
50.0.1:
Fixed
*Firefox crashes with 3rd party Chinese IME when using IME text
Security vulnerabilities fixed in Firefox 50.0.1:
#CVE-2016-9078: data: URL can inherit wrong origin after an HTTP redirect
50.0:
New
*Playback video on more sites without plugins with WebM EME Support for Widevine on Windows and Mac
*Improved performance for SDK extensions or extensions using the SDK module loader
*Added download protection for a large number of executable file types on Windows, Mac and Linux
*Increased availability of WebGL to more than 98 percent of users on Windows 7 and newer
*Added Guarani (gn) locale
*Added option to Find in page that allows users to limit search to whole words only
*Updates to keyboard shortcuts
*Set a preference to have Ctrl+Tab cycle through tabs in recently used order
*View a page in Reader Mode by using Ctrl+Alt+R (command+alt+r on Mac)
Fixed
*Login cookies are now saved for sites with a high number of cookies (Bug 1264192)
*Various security fixes
*Fixed rendering of dashed and dotted borders with rounded corners (border-radius)
Changed
*The link to check for plugin security updates has been removed from the addon manager as Firefox automatically checks for plugin updates
*Blocked versions of libavcodec older than 54.35.1
*Added a built-in Emoji set for operating systems without native Emoji fonts (Windows 8.0 and lower and Linux)
Developer
*Changes for web developers
Security vulnerabilities fixed in Firefox 50:
#CVE-2016-5296: Heap-buffer-overflow WRITE in rasterize_edges_1
#CVE-2016-5292: URL parsing causes crash
#CVE-2016-5293: Write to arbitrary file with Mozilla Updater and Maintenance Service using updater.log hardlink
#CVE-2016-5294: Arbitrary target directory for result files of update process
#CVE-2016-5297: Incorrect argument length checking in JavaScript
#CVE-2016-9064: Add-ons update must verify IDs match between current and new versions
#CVE-2016-9065: Firefox for Android location bar spoofing using fullscreen
#CVE-2016-9066: Integer overflow leading to a buffer overflow in nsScriptLoadHandler
#CVE-2016-9067: heap-use-after-free in nsINode::ReplaceOrInsertBefore
#CVE-2016-9068: heap-use-after-free in nsRefreshDriver
#CVE-2016-9072: 64-bit NPAPI sandbox isn't enabled on fresh profile
#CVE-2016-9075: WebExtensions can access the mozAddonManager API and use it to gain elevated privileges
#CVE-2016-9077: Canvas filters allow feDisplacementMaps to be applied to cross-origin images, allowing timing attacks on them
#CVE-2016-5291: Same-origin policy violation using local HTML file and saved shortcut file
#CVE-2016-5295: Mozilla Maintenance Service: Ability to read arbitrary files as SYSTEM
#CVE-2016-5298: SSL indicator can mislead the user about the real URL visited
#CVE-2016-5299: Firefox AuthToken in broadcast protected with signature-level permission can be accessed by an application installed beforehand that defines the same permissionsPI key (glocation) in broadcast protected with signature-level permission can be accessed by an application installed beforehand that defines the same permissions
#CVE-2016-9062: Private browsing browser traces (Android) in browser.db and wal file
#CVE-2016-9070: Sidebar bookmark can have reference to chrome window
#CVE-2016-9073: windows.create schema doesn't specify "format": "relativeUrl"
#CVE-2016-9074: Insufficient timing side-channel resistance in divSpoiler
#CVE-2016-9076: select dropdown menu can be used for URL bar spoofing on e10s
#CVE-2016-9063: Possible integer overflow to fix inside XML_Parse in Expat
#CVE-2016-9071: Probe browser history via HSTS/301 redirect + CSP
#CVE-2016-5289: Memory safety bugs fixed in Firefox 50
#CVE-2016-5290: Memory safety bugs fixed in Firefox 50 and Firefox ESR 45.5
@
text
@d1 1
a1 1
$NetBSD: patch-config_system-headers,v 1.20 2016/08/06 08:46:59 ryoon Exp $
d7 1
a7 1
--- config/system-headers.orig 2016-10-31 20:15:28.000000000 +0000
d9 1
a9 1
@@@@ -624,6 +624,8 @@@@ libgnome/libgnome.h
a13 1
+limits
d17 3
a19 35
@@@@ -714,6 +716,7 @@@@ mapiutil.h
mapix.h
Math64.h
math.h
+complex
mbstring.h
#ifdef ANDROID
android/native_window.h
@@@@ -1301,6 +1304,25 @@@@ vpx/vp8cx.h
vpx/vp8dx.h
vpx_mem/vpx_mem.h
#endif
+#ifdef GKMEDIAS_SHARED_LIBRARY
+vpx/vpx_codec.h
+vpx/vpx_decoder.h
+vpx/vpx_encoder.h
+vpx/vp8cx.h
+vpx/vp8dx.h
+vpx_mem/vpx_mem.h
+vorbis/codec.h
+theora/theoradec.h
+tremor/ivorbiscodec.h
+speex/speex_resampler.h
+soundtouch/SoundTouch.h
+ogg/ogg.h
+ogg/os_types.h
+nestegg/nestegg.h
+cubeb/cubeb.h
+speex/speex_resampler.h
+soundtouch/SoundTouch.h
+#endif
gst/gst.h
gst/app/gstappsink.h
gst/app/gstappsrc.h
@@@@ -1331,3 +1353,26 @@@@ unicode/utypes.h
a20 2
libutil.h
unwind.h
d30 7
@
1.20
log
@Update to 48.0
* OSS audio support may not work. I will revisit later
Changelog:
New:
Roar for moar protection against harmful downloads! We've got your back
Process separation (e10s) is enabled for some of you. Like it? Let us know and we'll roll it out to more.
Add-ons that have not been verified and signed by Mozilla will not load
GNU/Linux fans: Get better Canvas performance with speedy Skia support. Try saying that three times fast
WebRTC embetterments:
Delay-agnostic AEC enabled
Full duplex for GNU/Linux enabled
ICE Restart & Update is supported
Cloning of MediaStream and MediaStreamTrack is now supported
Searching for something already in your bookmarks or open tabs? We added super smart icons to let you know
Windows folks: Tab (move buttons) and Shift+F10 (pop-up menus) now behave as they should in Firefox customization mode
The media parser has been redeveloped using the Rust programming language
Windows 7 systems without Platform Update can now use D3D11 WARP
Fixed:
Various security fixes
Heyo, Jabra & Logitech C920 webcam users. We fixed those pesky WebRTC bugs causing frequency distortions. Buh-bye, squeaky voice!
Improved step debugging on last line of functions
Changed:
Starting with the Firefox version 49 release, so long to support for 10.6, 10.7 and 10.8. Now we can focus on where most Mac users are: 10.9. Don't forget to upgrade!
After version 48, SSE2 CPU extensions are going to be required on Windows
Au revoir to Windows Remote Access Service modem Autodial
Developer:
WebExtensions support is now considered as stable
Workers can now use the Web Crypto API
Want to move absolute & fixed positioned elements? (Who doesn't, right?) Now you can with our geometry editor.
The memory tool now has a tree map view for your debugging pleasure. It's a little bit of "boo" and a whole lot of "ya."
We're putting the spotlight on the background. Now you can debug WebExtensions background content scripts and background pages
Content Security Policy (CSP) is now enforced for WebExtensions. (Who's down with CSP?)
Old and busted: Error Console. New hotness: Browser Console for your debugging pleasure.
Add-on development just got easier because you can reload them from about:debugging — because we're all about debugging.
This theme is hot, hot, hot! Say hi to the Firebug theme for Developer Tools.
Expand network requests from the console panel to view request details in line, so you can see things in context
Fixed in Firefox 48:
2016-84 Information disclosure through Resource Timing API during page navigation
2016-83 Spoofing attack through text injection into internal error pages
2016-82 Addressbar spoofing with right-to-left characters on Firefox for Android
2016-81 Information disclosure and local file manipulation through drag and drop
2016-80 Same-origin policy violation using local HTML file and saved shortcut file
2016-79 Use-after-free when applying SVG effects
2016-78 Type confusion in display transformation
2016-77 Buffer overflow in ClearKey Content Decryption Module (CDM) during video playback
2016-76 Scripts on marquee tag can execute in sandboxed iframes
2016-75 Integer overflow in WebSockets during data buffering
2016-74 Form input type change from password to text can store plain text password in session restore file
2016-73 Use-after-free in service workers with nested sync events
2016-72 Use-after-free in DTLS during WebRTC session shutdown
2016-71 Crash in incremental garbage collection in JavaScript
2016-70 Use-after-free when using alt key and toplevel menus
2016-69 Arbitrary file manipulation by local user through Mozilla updater and callback application path parameter
2016-68 Out-of-bounds read during XML parsing in Expat library
2016-67 Stack underflow during 2D graphics rendering
2016-66 Location bar spoofing via data URLs with malformed/invalid mediatypes
2016-65 Cairo rendering crash due to memory allocation issue with FFmpeg 0.10
2016-64 Buffer overflow rendering SVG with bidirectional content
2016-63 Favicon network connection can persist when page is closed
2016-62 Miscellaneous memory safety hazards (rv:48.0 / rv:45.3)
@
text
@d1 1
a1 1
$NetBSD: patch-config_system-headers,v 1.19 2016/06/16 12:08:21 ryoon Exp $
d7 1
a7 1
--- config/system-headers.orig 2016-07-25 20:22:04.000000000 +0000
d9 1
a9 1
@@@@ -631,6 +631,7 @@@@ libgnome/libgnome.h
d14 1
a14 1
limits
d17 2
a18 1
@@@@ -724,6 +725,7 @@@@ mapiutil.h
d25 2
a26 2
media/AudioEffect.h
@@@@ -1315,6 +1317,25 @@@@ vpx/vp8cx.h
d52 1
a52 1
@@@@ -1345,3 +1366,35 @@@@ unicode/utypes.h
d56 9
a78 18
+#if MOZ_SYSTEM_CELT==1
+celt.h
+celt_header.h
+celt/celt.h
+celt/celt_header.h
+#endif
+#if MOZ_SYSTEM_OPUS==1
+opus.h
+opus_multistream.h
+opus/opus.h
+opus/opus_multistream.h
+#endif
+#if MOZ_SYSTEM_SPEEX==1
+speex/speex_resampler.h
+#endif
+#if MOZ_SYSTEM_SOUNDTOUCH==1
+soundtouch/SoundTouch.h
+#endif
@
1.19
log
@Update to 47.0
* Remove macOS patches, because I cannot confirm them sadly
Changelog:
New
Support for Google’s Widevine CDM on Windows and Mac OS X so streaming services like Amazon Video can switch from Silverlight to encrypted HTML5 video.
Enable VP9 video codec for users with fast machines
Embedded YouTube videos now play with HTML5 video if Flash is not installed.
View and search open tabs from your smartphone or another computer in a sidebar
Allow no-cache on back/forward navigations for https resources
Latgalu [ltg] locale added. Wikipedia tells us there are 164,500 daily speakers.
Fixed
Various security fixes
Changed
FUEL (Firefox User Extension Library) has been removed. Add-ons relying on it will stop working.
The browser.sessionstore.restore_on_demand preference has been reset to its default value (true) to avoid e10s performance problems. Because faster is better!
The Firefox click-to-activate plugin whitelist has been removed.
XRender is no longer used for rendering web content on Linux as this may cause a regression in remote X performance
Developer
Web platform changes
View, start,and debug registered Service Workers in the Service Workers developer tool
Simulate Push messages in the Service Workers developer tool
'Start' button for service workers in about:debugging to start registered Service Workers
Changes that can affect add-on compatibility
Added support for ChaCha20/Poly1305 cipher suites
Custom user agents supported in Responsive Design Mode
Smart multi-line input in the Web Console
Developer Information
HTML5
cuechange events are now available on TextTrack objects
WebCrypto: PBKDF2 supports SHA-2 hash algorithms
WebCrypto: RSA-PSS signature support
Fixed in Firefox 47
2016-61 Network Security Services (NSS) vulnerabilities
2016-60 Java applets bypass CSP protections
2016-59 Information disclosure of disabled plugins through CSS pseudo-classes
2016-58 Entering fullscreen and persistent pointerlock without user permission
2016-57 Incorrect icon displayed on permissions notifications
2016-56 Use-after-free when textures are used in WebGL operations after recycle pool destruction
2016-55 File overwrite and privilege escalation through Mozilla Windows updater
2016-54 Partial same-origin-policy through setting location.host through data URI
2016-53 Out-of-bounds write with WebGL shader
2016-52 Addressbar spoofing though the SELECT element
2016-51 Use-after-free deleting tables from a contenteditable document
2016-50 Buffer overflow parsing HTML5 fragments
2016-49 Miscellaneous memory safety hazards (rv:47.0 / rv:45.2)
@
text
@d1 1
a1 1
$NetBSD: patch-config_system-headers,v 1.18 2016/04/27 16:22:40 ryoon Exp $
d7 1
a7 1
--- config/system-headers.orig 2016-06-01 04:11:40.000000000 +0000
d55 1
a55 1
+#if MOZ_NATIVE_OGG==1
d59 1
a59 1
+#if MOZ_NATIVE_THEORA==1
d62 1
a62 1
+#if MOZ_NATIVE_VORBIS==1
d66 1
a66 1
+#if MOZ_NATIVE_TREMOR==1
d69 1
a69 1
+#if MOZ_NATIVE_CELT==1
d75 1
a75 1
+#if MOZ_NATIVE_OPUS==1
d81 1
a81 1
+#if MOZ_NATIVE_SPEEX==1
d84 1
a84 1
+#if MOZ_NATIVE_SOUNDTOUCH==1
@
1.18
log
@Update to 46.0
* Drop buildlink to gstreamer1
Changelog:
New
Improved security of the JavaScript Just In Time (JIT) Compiler
GTK3 integration (GNU/Linux only)
Fixed
Correct rendering for scaled SVGs that use a clip and a mask
Various security fixes
Screen reader behavior with blank spaces in Google Docs corrected
Changed
WebRTC fixes to improve performance and stability
Developer
Display dominator trees in Memory tool
Allocation and garbage collection pause profiling in the performance panel
Launch responsive mode from the Style Editor @@media sidebar
HTML5
Added support for document.elementsFromPoint
Added HKDF support for Web Crypto API
Fixed in Firefox 46
2016-48 Firefox Health Reports could accept events from untrusted domains
2016-47 Write to invalid HashMap entry through JavaScript.watch()
2016-46 Elevation of privilege with chrome.tabs.update API in web extensions
2016-45 CSP not applied to pages sent with multipart/x-mixed-replace
2016-44 Buffer overflow in libstagefright with CENC offsets
2016-43 Disclosure of user actions through JavaScript with motion and orientation sensors
2016-42 Use-after-free and buffer overflow in Service Workers
2016-41 Content provider permission bypass allows malicious application to access data
2016-40 Privilege escalation through file deletion by Maintenance Service updater
2016-39 Miscellaneous memory safety hazards (rv:46.0 / rv:45.1 / rv:38.8)
@
text
@d1 1
a1 1
$NetBSD: patch-config_system-headers,v 1.17 2016/01/27 00:08:26 ryoon Exp $
d3 5
a7 1
--- config/system-headers.orig 2016-04-15 16:57:45.000000000 +0000
d9 1
a9 1
@@@@ -629,6 +629,7 @@@@ libgnome/libgnome.h
d17 1
a17 1
@@@@ -722,6 +723,7 @@@@ mapiutil.h
d25 1
a25 1
@@@@ -1312,6 +1314,25 @@@@ vpx/vp8cx.h
d51 1
a51 1
@@@@ -1342,3 +1363,43 @@@@ unicode/utypes.h
a54 8
+#if MOZ_NATIVE_GRAPHITE2==1
+graphite2/Font.h
+graphite2/Segment.h
+#endif
+#if MOZ_NATIVE_HARFBUZZ==1
+harfbuzz/hb-ot.h
+harfbuzz/hb.h
+#endif
@
1.17
log
@Update to 44.0
Changelog:
New
Improved warning pages for certificate errors and untrusted connections
Enable H.264 if system decoder is available
Enable WebM/VP9 video support on systems that don't support MP4/H.264
In the animation-inspector timeline, lightning bolt icon next to animations running on the compositor thread
Support the brotli compression format via HTTPS content-encoding
Screenshot commands allow user choice of pixel ratio in Developer Tools
Fixed
Windows XP and Vista screensaver doesn't disable when watching videos (Bug 1193610)
Various security fixes
Changed
To support unicode-range descriptor for webfonts, font matching under Linux now uses the same font matching code as other platforms
Use a SHA-256 signing certificate for Windows builds, to meet new signing requirements
Firefox has removed support for the RC4 decipher
Firefox will no longer trust the Equifax Secure Certificate Authority 1024-bit root certificate or the UTN - DATACorp SGC to validate secure website certificates
Stricter validation of web fonts
On-screen keyboard support temporarily turned off for Windows 8 and Windows 8.1
Developer
Right click on a logged object in the console to store it as a global variable on the page
Visual tools for Animation:
View/Edit CSS animation keyframe rules directly in the inspector
Visually modify the cubic-bezier curve that drives the way animations progress through time
Discover and scrub through all CSS animations and transitions playing on the page
Learn more: http://devtoolschallenger.com/
Visual tools for Layout and Styles:
Display rulers along the viewport to verify size and position and use the measurement tool to easily detect spacing and alignment problems
Use CSS filters to preview and create real-time effects like drop-shadows, sepia, etc
Learn more: http://devtoolschallenger.com/
New memory tool for inspecting the memory heap
Service Workers API
Built-in JSON reader to intuitively view, search, copy and save data without extensions
Jump to function definitions in the debugger with Cmd-Click
WebSocket Debugging API and add-on
The rule view now displays styles using their authored text, and edits in the rule view are now linked to the style editor
Security bugs:
Fixed in Firefox 44
2016-12 Lightweight themes on Firefox for Android do not verify a secure connection
2016-11 Application Reputation service disabled in Firefox 43
2016-10 Unsafe memory manipulation found through code inspection
2016-09 Addressbar spoofing attacks
2016-08 Delay following click events in file download dialog too short on OS X
2016-07 Errors in mp_div and mp_exptmod cryptographic functions in NSS
2016-06 Missing delay following user click events in protocol handler dialog
2016-05 Addressbar spoofing through stored data url shortcuts on Firefox for Android
2016-04 Firefox allows for control characters to be set in cookie names
2016-03 Buffer overflow in WebGL after out of memory allocation
2016-02 Out of Memory crash when parsing GIF format images
2016-01 Miscellaneous memory safety hazards (rv:44.0 / rv:38.6)
@
text
@d1 1
a1 1
$NetBSD: patch-config_system-headers,v 1.16 2016/01/19 10:23:29 ryoon Exp $
d3 1
a3 1
--- config/system-headers.orig 2016-01-15 01:01:40.000000000 +0000
d5 1
a5 1
@@@@ -627,6 +627,7 @@@@ libgnome/libgnome.h
a9 1
lib$routines.h
d12 2
a13 1
@@@@ -721,6 +722,7 @@@@ mapiutil.h
d21 1
a21 1
@@@@ -1313,6 +1315,25 @@@@ vpx/vp8cx.h
d47 1
a47 1
@@@@ -1343,3 +1364,43 @@@@ unicode/utypes.h
@
1.17.2.1
log
@Pullup ticket #5015 - requested by sevan
www/firefox: security fix
Revisions pulled up:
- www/firefox/Makefile 1.249-1.250
- www/firefox/PLIST 1.105-1.106
- www/firefox/distinfo 1.242-1.243
- www/firefox/mozilla-common.mk 1.73
- www/firefox/patches/patch-aa 1.45
- www/firefox/patches/patch-config_external_moz.build 1.11
- www/firefox/patches/patch-config_system-headers 1.18
- www/firefox/patches/patch-dom_media_gstreamer_GStreamerAllocator.cpp deleted
- www/firefox/patches/patch-dom_media_moz.build 1.3
- www/firefox/patches/patch-gfx_skia_generate__mozbuild.py 1.4
- www/firefox/patches/patch-gfx_skia_moz.build 1.11
- www/firefox/patches/patch-gfx_skia_skia_src_core_SkUtilsArm.cpp 1.2
- www/firefox/patches/patch-gfx_skia_skia_src_opts_SkBitmapProcState__opts__arm.cpp deleted
- www/firefox/patches/patch-gfx_skia_skia_src_opts_memset.arm.S deleted
- www/firefox/patches/patch-gfx_thebes_moz.build 1.3
- www/firefox/patches/patch-media_libcubeb_src_cubeb.c 1.3
- www/firefox/patches/patch-media_libcubeb_src_cubeb__alsa.c 1.14
- www/firefox/patches/patch-media_libcubeb_src_moz.build 1.7
- www/firefox/patches/patch-media_libtheora_moz.build 1.5
- www/firefox/patches/patch-pb deleted
- www/firefox/patches/patch-pc deleted
- www/firefox/patches/patch-toolkit_library_moz.build 1.5
- www/firefox/patches/patch-xpcom_reflect_xptcall_md_unix_moz.build 1.5
---
Module Name: pkgsrc
Committed By: ryoon
Date: Wed Apr 13 20:37:33 UTC 2016
Modified Files:
pkgsrc/www/firefox: Makefile PLIST distinfo
Log Message:
Update to 45.0.2
Changelog:
Fixed:
Fix an issue impacting the cookie header when third-party cookies are blocked (1257861)
Fix a web compatibility regression impacting the srcset attribute of the image tag (1259482)
Fix a regression with the copy and paste with some old versions of some Gecko applications like Thunderbird (1254980)
Fix a crash impacting the video playback with Media Source Extension (1258562)
Fix a regression impacting some specific uploads (1255735)
---
Module Name: pkgsrc
Committed By: ryoon
Date: Wed Apr 27 16:22:40 UTC 2016
Modified Files:
pkgsrc/www/firefox: Makefile PLIST distinfo mozilla-common.mk
pkgsrc/www/firefox/patches: patch-aa patch-config_external_moz.build
patch-config_system-headers patch-dom_media_moz.build
patch-gfx_skia_generate__mozbuild.py patch-gfx_skia_moz.build
patch-gfx_skia_skia_src_core_SkUtilsArm.cpp
patch-gfx_thebes_moz.build patch-media_libcubeb_src_cubeb.c
patch-media_libcubeb_src_cubeb__alsa.c
patch-media_libcubeb_src_moz.build patch-media_libtheora_moz.build
patch-toolkit_library_moz.build
patch-xpcom_reflect_xptcall_md_unix_moz.build
Removed Files:
pkgsrc/www/firefox/patches:
patch-dom_media_gstreamer_GStreamerAllocator.cpp
patch-gfx_skia_skia_src_opts_SkBitmapProcState__opts__arm.cpp
patch-gfx_skia_skia_src_opts_memset.arm.S patch-pb patch-pc
Log Message:
Update to 46.0
* Drop buildlink to gstreamer1
Changelog:
New
Improved security of the JavaScript Just In Time (JIT) Compiler
GTK3 integration (GNU/Linux only)
Fixed
Correct rendering for scaled SVGs that use a clip and a mask
Various security fixes
Screen reader behavior with blank spaces in Google Docs corrected
Changed
WebRTC fixes to improve performance and stability
Developer
Display dominator trees in Memory tool
Allocation and garbage collection pause profiling in the performance panel
Launch responsive mode from the Style Editor @@media sidebar
HTML5
Added support for document.elementsFromPoint
Added HKDF support for Web Crypto API
Fixed in Firefox 46
2016-48 Firefox Health Reports could accept events from untrusted domains
2016-47 Write to invalid HashMap entry through JavaScript.watch()
2016-46 Elevation of privilege with chrome.tabs.update API in web extensions
2016-45 CSP not applied to pages sent with multipart/x-mixed-replace
2016-44 Buffer overflow in libstagefright with CENC offsets
2016-43 Disclosure of user actions through JavaScript with motion and orientation sensors
2016-42 Use-after-free and buffer overflow in Service Workers
2016-41 Content provider permission bypass allows malicious application to access data
2016-40 Privilege escalation through file deletion by Maintenance Service updater
2016-39 Miscellaneous memory safety hazards (rv:46.0 / rv:45.1 / rv:38.8)
@
text
@d1 1
a1 1
$NetBSD$
d3 1
a3 1
--- config/system-headers.orig 2016-04-15 16:57:45.000000000 +0000
d5 1
a5 1
@@@@ -629,6 +629,7 @@@@ libgnome/libgnome.h
d10 1
d13 1
a13 2
link.h
@@@@ -722,6 +723,7 @@@@ mapiutil.h
d21 1
a21 1
@@@@ -1312,6 +1314,25 @@@@ vpx/vp8cx.h
d47 1
a47 1
@@@@ -1342,3 +1363,43 @@@@ unicode/utypes.h
@
1.16
log
@Fix build with recent g++/complex on NetBSD current
@
text
@d1 1
a1 1
$NetBSD$
d3 1
a3 1
--- config/system-headers.orig 2016-01-06 00:44:00.000000000 +0000
d21 15
a35 4
@@@@ -1324,10 +1326,13 @@@@ vorbis/codec.h
theora/theoradec.h
tremor/ivorbiscodec.h
speex/speex_resampler.h
d37 4
a40 4
ogg/ogg.h
ogg/os_types.h
nestegg/nestegg.h
cubeb/cubeb.h
d43 1
a43 1
#endif
d46 2
a47 1
@@@@ -1359,3 +1364,43 @@@@ unicode/utypes.h
@
1.15
log
@Update to 42.0
Changelog:
New Private Browsing with Tracking Protection blocks certain Web elements that could be used to record your behavior across sites
New Control Center that contains site security and privacy controls
New Indicator added to tabs that play audio with one-click muting
New WebRTC improvements:
IPV6 support
Preferences for controlling ICE candidate generation and IP exposure
Hooks for extensions to allow/deny createOffer/Answer
Improved ability for applications to monitor and control which devices are used in getUserMedia
New Login Manager improvements:
Improved heuristics to save usernames and passwords
Edit and show all logins in line, Copy/Paste usernames/passwords from the Context menu
Migration imports your passwords to Firefox from Google Chrome for Windows and Internet Explorer; import anytime from the Login Manager
Changed Improved performance on interactive websites that trigger a lot of restyles
HTML5 Media Source Extension for HTML5 video available for all sites
HTML5 Support ImageBitmap and createImageBitmap()
HTML5 Implemented ES6 Reflect
Developer Ability to save filter presets inside CSS Filter Tooltip
Developer CSS filter presets in the Inspector
Developer Configurable Firefox OS Simulator in WebIDE, to simulate reference devices like phones, tablets, even TVs
Developer Asynchronous call stacks now allow web developers to follow the code flow through setTimeout, DOM event handlers, and Promise handlers.
Developer Remote website debugging over WiFi (no USB cable or ADB needed)
Developer View HTML source in a tab
@
text
@d1 1
a1 1
$NetBSD: patch-config_system-headers,v 1.14 2015/07/03 10:25:40 ryoon Exp $
d3 1
a3 1
--- config/system-headers.orig 2015-10-22 22:30:30.000000000 +0000
d5 1
a5 1
@@@@ -626,6 +626,7 @@@@ libgnome/libgnome.h
d13 9
a21 1
@@@@ -1322,10 +1323,13 @@@@ vorbis/codec.h
d35 1
a35 1
@@@@ -1355,3 +1359,43 @@@@ unicode/utypes.h
@
1.14
log
@Update to 39.0
Changelog:
New Share Hello URLs with social networks
New Project Silk: Smoother animation and scrolling (Mac OS X)
New Support for 'switch' role in ARIA 1.1 (web accessibility)
New SafeBrowsing malware detection lookups enabled for downloads (Mac OS X and Linux)
New Support for new Unicode 8.0 skin tone emoji
Changed Removed support for insecure SSLv3 for network communications
Changed Disable use of RC4 except for temporarily whitelisted hosts
Changed The malware detection service for downloads now covers common Mac file types (Bug 1138721)
Changed of displaying dashed lines is improved (Mac OS X) (Bug 1123019)
HTML5 List-style-type now accepts a string value
HTML5 Enable the Fetch API for network requests from dedicated, shared and service workers
HTML5 Cascading of CSS transitions and animations now matches the current spec
HTML5 Implement allowing anticipation of a future connection without revealing any information
HTML5 Added support for CSS Scroll Snap Points
Developer Drag and drop enabled for nodes in Inspector markup view
Developer Webconsole input history persists even after closing the toolbox
Developer Cubic bezier tooltip now shows a gallery of timing-function presets for use with CSS animations
Developer localhost is now available offline for WebSocket connections
Fixed Improve performance for IPv6 fallback to IPv4
Fixed Fix incomplete downloads being marked as complete by detecting broken HTTP1.1 transfers
Fixed The Security state indicator on a page now correctly ignores loads caused by previous pages
Fixed Fixed an issue where a Hello conversation window would sometimes fail to open
Fixed A regression that could lead to Flash not displaying has been fixed
Fixed Update to NSS 3.19.2
Fixed Various security fixes
Fixed in Firefox 39
2015-71 NSS incorrectly permits skipping of ServerKeyExchange
2015-70 NSS accepts export-length DHE keys with regular DHE cipher suites
2015-69 Privilege escalation in PDF.js
2015-68 OS X crash reports may contain entered key press information
2015-67 Key pinning is ignored when overridable errors are encountered
2015-66 Vulnerabilities found through code inspection
2015-65 Use-after-free in workers while using XMLHttpRequest
2015-64 ECDSA signature validation fails to handle some signatures correctly
2015-63 Use-after-free in Content Policy due to microtask execution error
2015-62 Out-of-bound read while computing an oscillator rendering range in Web Audio
2015-61 Type confusion in Indexed Database Manager
2015-60 Local files or privileged URLs in pages can be opened into new tabs
2015-59 Miscellaneous memory safety hazards (rv:39.0 / rv:31.8 / rv:38.1)
@
text
@d1 1
a1 1
$NetBSD: patch-config_system-headers,v 1.13 2015/05/12 22:48:54 ryoon Exp $
d3 1
a3 1
--- config/system-headers.orig 2015-06-18 20:55:30.000000000 +0000
d5 1
a5 1
@@@@ -628,6 +628,7 @@@@ libgnome/libgnome.h
d13 1
a13 9
@@@@ -1258,7 +1259,6 @@@@ X11/Xlocale.h
X11/Xos.h
X11/Xutil.h
zmouse.h
-soundtouch/SoundTouch.h
#if MOZ_NATIVE_PNG==1
png.h
#endif
@@@@ -1320,10 +1320,13 @@@@ vorbis/codec.h
d27 1
a27 1
@@@@ -1352,3 +1355,43 @@@@ unicode/utypes.h
@
1.13
log
@Update to 38.0
Changelog:
New New tab-based preferences
New Ruby annotation support
New Base for the next ESR release.
Changed autocomplete=off is no longer supported for username/password fields
Changed URL parser avoids doing percent encoding when setting the Fragment part of the URL, and percent decoding when getting the Fragment in line with the URL spec
Changed RegExp.prototype.source now returns "(?:)" instead of the empty string for empty regular expressions
Changed Improved page load times via speculative connection warmup
HTML5 WebSocket now available in Web Workers
HTML5 BroadcastChannel API implemented
HTML5 Implemented srcset attribute and element for responsive images
HTML5 Implemented DOM3 Events KeyboardEvent.code
HTML5 Mac OS X: Implemented a subset of the Media Source Extensions (MSE) API to allow native HTML5 playback on YouTube
HTML5 Implemented Encrypted Media Extensions (EME) API to support encrypted HTML5 video/audio playback (Windows Vista or later only)
HTML5 Automatically download Adobe Primetime Content Decryption Module (CDM) for DRM playback through EME (Windows Vista or later only)
Developer Optimized-out variables are now visible in Debugger UI
Developer XMLHttpRequest logs in the web console are now visually labelled and can be filtered separately from regular network requests
Developer WebRTC now has multistream and renegotiation support
Developer copy command added to console
Fixed Various security fixes
Fixed in Firefox 38
2015-58 Mozilla Windows updater can be run outside of application directory
2015-57 Privilege escalation through IPC channel messages
2015-56 Untrusted site hosting trusted page can intercept webchannel responses
2015-55 Buffer overflow and out-of-bounds read while parsing MP4 video metadata
2015-54 Buffer overflow when parsing compressed XML
2015-53 Use-after-free due to Media Decoder Thread creation during shutdown
2015-52 Sensitive URL encoded information written to Android logcat
2015-51 Use-after-free during text processing with vertical text enabled
2015-50 Out-of-bounds read and write in asm.js validation
2015-49 Referrer policy ignored when links opened by middle-click and context menu
2015-48 Buffer overflow with SVG content and CSS
2015-47 Buffer overflow parsing H.264 video with Linux Gstreamer
2015-46 Miscellaneous memory safety hazards (rv:38.0 / rv:31.7)
@
text
@d1 1
a1 1
$NetBSD: patch-config_system-headers,v 1.12 2015/04/05 12:54:11 ryoon Exp $
d3 1
a3 1
--- config/system-headers.orig 2015-05-04 00:43:23.000000000 +0000
d5 4
a8 12
@@@@ -189,7 +189,6 @@@@ asm/signal.h
ASRegistry.h
assert.h
atk/atk.h
-atk-bridge.h
atlcom.h
atlconv.h
atlctl.cpp
@@@@ -636,6 +635,7 @@@@ libgnomevfs/gnome-vfs-mime-handlers.h
libgnomevfs/gnome-vfs-mime-utils.h
libgnomevfs/gnome-vfs-ops.h
libgnomevfs/gnome-vfs-standard-callbacks.h
d13 1
a13 1
@@@@ -1266,7 +1266,6 @@@@ X11/Xlocale.h
d21 1
a21 1
@@@@ -1328,10 +1327,13 @@@@ vorbis/codec.h
d35 1
a35 1
@@@@ -1360,3 +1362,43 @@@@ unicode/utypes.h
@
1.12
log
@Update to 37.0
* Bump nspr requirement.
Changelog:
New Heartbeat user rating system - your feedback about Firefox
New Yandex set as default search provider for the Turkish locale
New Bing search now uses HTTPS for secure searching
New Improved protection against site impersonation via OneCRL centralized certificate revocation
New Opportunistically encrypt HTTP traffic where the server supports HTTP/2 AltSvc
Changed Disabled insecure TLS version fallback for site security
Changed Extended SSL error reporting for reporting non-certificate errors
Changed TLS False Start optimization now requires a cipher suite using AEAD construction
Changed Improved certificate and TLS communication security by removing support for DSA
Changed Improved performance of WebGL rendering on Windows
HTML5 Implemented a subset of the Media Source Extensions (MSE) API to allow native HTML5 playback on YouTube (Windows only)
HTML5 Added support for CSS display:contents
HTML5 IndexedDB now accessible from worker threads
HTML5 New SDP/JSEP implementation in WebRTC
Developer Debug tabs opened in Chrome Desktop, Chrome for Android, and Safari for iOS
Developer New Inspector animations panel to control element animations
Developer New Security Panel included in Network Panel
Developer Debugger panel support for chrome:// and about:// URIs
Developer Added logging of weak ciphers to the web console
Fixed Various security fixes
Fixed in Firefox 37
2015-42 Windows can retain access to privileged content on navigation to unprivileged pages
2015-41 PRNG weakness allows for DNS poisoning on Android
2015-40 Same-origin bypass through anchor navigation
2015-39 Use-after-free due to type confusion flaws
2015-38 Memory corruption crashes in Off Main Thread Compositing
2015-37 CORS requests should not follow 30x redirections after preflight
2015-36 Incorrect memory management for simple-type arrays in WebRTC
2015-35 Cursor clickjacking with flash and images
2015-34 Out of bounds read in QCMS library
2015-33 resource:// documents can load privileged pages
2015-32 Add-on lightweight theme installation approval bypassed through MITM attack
2015-31 Use-after-free when using the Fluendo MP3 GStreamer plugin
2015-30 Miscellaneous memory safety hazards (rv:37.0 / rv:31.6)
@
text
@d1 1
a1 1
$NetBSD: patch-config_system-headers,v 1.11 2014/12/01 18:11:14 ryoon Exp $
d3 1
a3 1
--- config/system-headers.orig 2015-03-27 02:20:20.000000000 +0000
d43 1
a43 1
@@@@ -1360,3 +1362,37 @@@@ unicode/utypes.h
d69 6
@
1.11
log
@Update to 34.0.5
Changelog:
New Default search engine changed to Yahoo! for North America
New Default search engine changed to Yandex for Belarusian, Kazakh, and Russian locales
New Improved search bar (en-US only)
New Firefox Hello real-time communication client
New Easily switch themes/personas directly in the Customizing mode
New Wikipedia search now uses HTTPS for secure searching (en-US only)
New Implementation of HTTP/2 (draft14) and ALPN
New Recover from a locked Firefox process in the "Firefox is already running" dialog on Windows
Changed Disabled SSLv3
Changed Proprietary window.crypto properties/functions re-enabled (to be removed in Firefox 35)
Changed Firefox signed by Apple OS X version 2 signature
HTML5 ECMAScript 6 WeakSet Implemented
HTML5 JavaScript Template Strings Implemented
HTML5 CSS3 Font variants and features control (e.g. kerning) implemented
HTML5 WebCrypto: RSA-OAEP, PBKDF2 and AES-KW support
HTML5 WebCrypto: wrapKey and unwrapKey implemented
HTML5 WebCrypto: Import/export of JWK-formatted keys
HTML5 matches() DOM API implemented (formerly mozMatchesSelector())
HTML5 Performance.now() for workers implemented
HTML5 WebCrypto: ECDH support
Developer WebIDE: Create, edit, and test a new Web application from your browser
Developer Highlight all nodes that match a given selector in the Style Editor and the Inspector's Rules panel
Developer Improved User Interface of the Profiler
Developer console.table function added to web console
Fixed CSS transitions start correctly when started at the same time as changes to display, position, overflow, and similar properties
Fixed Various security fixes
2014-89 Bad casting from the BasicThebesLayer to BasicContainerLayer
2014-88 Buffer overflow while parsing media content
2014-87 Use-after-free during HTML5 parsing
2014-86 CSP leaks redirect data via violation reports
2014-85 XMLHttpRequest crashes with some input streams
2014-84 XBL bindings accessible via improper CSS declarations
2014-83 Miscellaneous memory safety hazards (rv:34.0 / rv:31.3)
@
text
@d1 1
a1 1
$NetBSD: patch-config_system-headers,v 1.10 2014/07/24 14:57:12 ryoon Exp $
d3 1
a3 1
--- config/system-headers.orig 2014-11-21 03:37:23.000000000 +0000
d5 17
a21 1
@@@@ -1267,7 +1267,6 @@@@ X11/Xlocale.h
d29 1
a29 1
@@@@ -1329,10 +1328,13 @@@@ vorbis/codec.h
d43 1
a43 1
@@@@ -1361,3 +1363,37 @@@@ unicode/utypes.h
@
1.10
log
@Update to 31.0
Changelog:
New
Add the search field to the new tab page
New
Support of Prefer:Safe http header for parental control (learn more)
New
mozilla::pkix as default certificate verifier (learn more)
New
Block malware from downloaded files (learn more)
New
Partial implementation of the OpenType MATH table (section 6.3.6) see documentation about mathematical fonts and the MathML Torture Test for details
New
audio/video .ogg and .pdf files handled by Firefox if no application specified (Windows only)
New
Upper Sorbian [hsb] locale added
Changed
Removal of the CAPS infrastructure for specifying site-specific permissions (via capability.policy.* preferences). Most notably, attempts to use this functionality to grant access to the clipboard will no longer work. The sole exception is the checkloaduri permission, which may still be used as before to allow sites to load file:// URIs.
HTML5
WebVTT implemented and enabled (learn more)
HTML5
CSS3 variables implemented (learn more)
Developer
Developer Tools: Add-on Debugger (learn more)
Developer
Developer Tools: Canvas Debugger (learn more)
Developer
New Array built-in: Array.prototype.fill() (learn more)
Developer
New Object built-in: Object.setPrototypeOf() (learn more)
Developer
CSP 1.1 nonce-source and hash-source enabled by default
Developer
Developer Tools: Eyedropper tool added to the color picker (learn more)
Developer
Developer Tools: Editable Box Model (learn more)
Developer
Developer Tools: Code Editor improvements (learn more)
Developer
Developer Tools: Console stack traces (learn more)
Developer
Developer Tools: Copy as cURL (learn more)
Developer
Developer Tools: Styled console logs (learn more)
Developer
navigator.sendBeacon enabled by default (learn more)
Developer
Dialogs spawned from the onbeforeunload event no longer block access to the rest of the browser
Fixed
Search for partially selected link text from context menu (985824)
Fixed
Various security fixes
Fixed in Firefox 31
MFSA 2014-66 IFRAME sandbox same-origin access through redirect
MFSA 2014-65 Certificate parsing broken by non-standard character encoding
MFSA 2014-64 Crash in Skia library when scaling high quality images
MFSA 2014-63 Use-after-free while when manipulating certificates in the trusted cache
MFSA 2014-62 Exploitable WebGL crash with Cesium JavaScript library
MFSA 2014-61 Use-after-free with FireOnStateChange event
MFSA 2014-60 Toolbar dialog customization event spoofing
MFSA 2014-59 Use-after-free in DirectWrite font handling
MFSA 2014-58 Use-after-free in Web Audio due to incorrect control message ordering
MFSA 2014-57 Buffer overflow during Web Audio buffering for playback
MFSA 2014-56 Miscellaneous memory safety hazards (rv:31.0 / rv:24.7)
@
text
@d1 1
a1 1
$NetBSD: patch-config_system-headers,v 1.9 2014/06/11 00:40:59 ryoon Exp $
d3 1
a3 1
--- config/system-headers.orig 2014-07-17 01:45:08.000000000 +0000
d5 1
a5 1
@@@@ -1048,8 +1048,6 @@@@ X11/Xlocale.h
a8 1
-speex/speex_resampler.h
d13 6
a18 1
@@@@ -1117,6 +1115,8 @@@@ ogg/ogg.h
d27 1
a27 1
@@@@ -1145,3 +1145,37 @@@@ unicode/utypes.h
@
1.9
log
@Update to 30.0
* debug build is broken
Changelog:
New
Sidebars button in browser chrome enables faster access to social, bookmark, & history sidebars
New
Mac OS X command-E sets find term to selected text
New
Support for GStreamer 1.0
Changed
Disallow calling WebIDL constructors as functions on the web
Developer
With the exception of those bundled inside an extension or ones that are whitelisted, plugins will no longer be activated by default (see blog post)
Developer
Fixes to box-shadow and other visual overflow (see bug 480888)
Developer
Mute and volume available per window when using WebAudio
Developer
background-blend-mode enabled by default
Developer
Use of line-height allowed for
Developer
ES6 array and generator comprehensions implemented (read docs for more details)
Developer
Error stack now contains column number
Developer
Support for alpha option in canvas context options (feature description)
Fixed
Ignore autocomplete="off" when offering to save passwords via the password manager (see 956906)
Fixed
TypedArrays don't support new named properties (see 695438)
Fixed
Various security fixes
Fixed in Firefox 30
MFSA 2014-54 Buffer overflow in Gamepad API
MFSA 2014-53 Buffer overflow in Web Audio Speex resampler
MFSA 2014-52 Use-after-free with SMIL Animation Controller
MFSA 2014-51 Use-after-free in Event Listener Manager
MFSA 2014-50 Clickjacking through cursor invisability after Flash interaction
MFSA 2014-49 Use-after-free and out of bounds issues found using Address Sanitizer
MFSA 2014-48 Miscellaneous memory safety hazards (rv:30.0 / rv:24.6)
@
text
@d1 1
a1 1
$NetBSD: patch-config_system-headers,v 1.8 2014/04/30 15:07:18 ryoon Exp $
d3 1
a3 1
--- config/system-headers.orig 2014-05-29 23:30:30.000000000 +0000
d5 3
a7 3
@@@@ -1050,8 +1050,6 @@@@ X11/Xutil.h
xpt_struct.h
xpt_xdr.h
d14 1
a14 1
@@@@ -1119,6 +1117,8 @@@@ ogg/ogg.h
d23 1
a23 1
@@@@ -1147,3 +1147,38 @@@@ unicode/utypes.h
a26 1
+cairo-qt.h
@
1.8
log
@Update to 29.0
* Restore html5 audio playback under NetBSD
Changelog:
New
Significant new customization mode makes it easy to personalize your Web experience to access the features you use the most (learn more)
New
A new, easy to access menu sits in the right hand corner of Firefox and includes popular browser controls
New
Sleek new tabs provide an overall smoother look and fade into the background when not active
New
An interactive onboarding tour to guide users through the new Firefox changes
New
The ability to set up Firefox Sync by creating a Firefox account (learn more)
New
Gamepad API finalized and enabled (learn more)
New
HTTPS used for Yahoo Searches performed in en-US locale
New
Malay [ma] locale added
Changed
Clicking on a W3C Web Notification will switch to the originating tab
Developer
'box-sizing' (dropping the -moz- prefix) implemented (learn more)
Developer
Console object available in Web Workers (learn more)
Developer
Promises enabled by default (learn more)
Developer
SharedWorker enabled by default
Developer
implemented and enabled
Developer
implemented and enabled
Developer
Enabled ECMAScript Internationalization API
Developer
Add-on bar has been removed, content moved to navigation bar
Developer
Implemented URLSearchParams from the URL specification (see MDN for details )
Fixed
Various security fixes
Fixed in Firefox 29
MFSA 2014-47 Debugger can bypass XrayWrappers with JavaScript
MFSA 2014-46 Use-after-free in nsHostResolve
MFSA 2014-45 Incorrect IDNA domain name matching for wildcard certificates
MFSA 2014-44 Use-after-free in imgLoader while resizing images
MFSA 2014-43 Cross-site scripting (XSS) using history navigations
MFSA 2014-42 Privilege escalation through Web Notification API
MFSA 2014-41 Out-of-bounds write in Cairo
MFSA 2014-40 Firefox for Android addressbar suppression
MFSA 2014-39 Use-after-free in the Text Track Manager for HTML video
MFSA 2014-38 Buffer overflow when using non-XBL object as XBL
MFSA 2014-37 Out of bounds read while decoding JPG images
MFSA 2014-36 Web Audio memory corruption issues
MFSA 2014-35 Privilege escalation through Mozilla Maintenance Service Installer
MFSA 2014-34 Miscellaneous memory safety hazards (rv:29.0 / rv:24.5)
@
text
@d1 1
a1 1
$NetBSD: patch-config_system-headers,v 1.7 2014/03/20 21:02:00 ryoon Exp $
d3 1
a3 1
--- config/system-headers.orig 2014-04-18 02:02:39.000000000 +0000
d5 1
a5 1
@@@@ -1051,8 +1051,6 @@@@ X11/Xutil.h
d14 1
a14 1
@@@@ -1118,6 +1116,8 @@@@ ogg/ogg.h
d23 1
a23 1
@@@@ -1146,3 +1146,39 @@@@ unicode/utypes.h
a28 1
+unwind.h
@
1.7
log
@Update to 28.0
Changelog:
NEW
VP9 video decoding implemented
NEW
Mac OS X: Notification Center support for web notifications
NEW
Horizontal HTML5 audio/video volume control
NEW
Support for Opus in WebM
CHANGED
Now that spdy/3 is implemented support for spdy/2 has been removed and servers without spdy/3 will negotiate to http/1 without any penalty
DEVELOPER
Support for MathML 2.0 'mathvariant' attribute
DEVELOPER
Background thread hang reporting
DEVELOPER
Support for multi-line flexbox in layout
FIXED
Various security fixes
Fixed in Firefox 28
MFSA 2014-32 Out-of-bounds write through TypedArrayObject after neutering
MFSA 2014-31 Out-of-bounds read/write through neutering ArrayBuffer objects
MFSA 2014-30 Use-after-free in TypeObject
MFSA 2014-29 Privilege escalation using WebIDL-implemented APIs
MFSA 2014-28 SVG filters information disclosure through feDisplacementMap
MFSA 2014-27 Memory corruption in Cairo during PDF font rendering
MFSA 2014-26 Information disclosure through polygon rendering in MathML
MFSA 2014-25 Firefox OS DeviceStorageFile object vulnerable to relative path escape
MFSA 2014-24 Android Crash Reporter open to manipulation
MFSA 2014-23 Content Security Policy for data: documents not preserved by session restore
MFSA 2014-22 WebGL content injection from one domain to rendering in another
MFSA 2014-21 Local file access via Open Link in new tab
MFSA 2014-20 onbeforeunload and Javascript navigation DOS
MFSA 2014-19 Spoofing attack on WebRTC permission prompt
MFSA 2014-18 crypto.generateCRMFRequest does not validate type of key
MFSA 2014-17 Out of bounds read during WAV file decoding
MFSA 2014-16 Files extracted during updates are not always read only
MFSA 2014-15 Miscellaneous memory safety hazards (rv:28.0 / rv:24.4)
@
text
@d1 1
a1 1
$NetBSD: patch-config_system-headers,v 1.6 2014/02/20 13:19:03 ryoon Exp $
d3 1
a3 1
--- config/system-headers.orig 2014-03-15 05:19:09.000000000 +0000
d5 8
a12 3
@@@@ -1144,4 +1144,28 @@@@ unicode/unum.h
unicode/ustring.h
unicode/utypes.h
d14 13
d41 3
d48 3
d57 6
a62 1
libutil.h
@
1.6
log
@Update to 27.0.1
* Fix some syscall definitions in JavaScript are fixed.
Thank you, tho@@.
Changelog:
FIXED
27.0.1 - Fixed stability issues with Greasemonkey and other JS that used ClearTimeoutOrInterval
FIXED
27.0.1 - JS math correctness issue (bug 941381
@
text
@d1 1
a1 1
$NetBSD: patch-config_system-headers,v 1.4 2013/12/15 13:54:37 ryoon Exp $
d3 1
a3 1
--- config/system-headers.orig 2013-12-05 16:07:23.000000000 +0000
d5 1
a5 1
@@@@ -1144,3 +1144,4 @@@@ unicode/unum.h
d9 25
a33 1
+libutil.h
@
1.5
log
@Update to 27.0
Changelog:
NEW
You can now run more than one service at a time with Firefox SocialAPI, allowing you to receive notifications, chat and more from multiple integrated services
CHANGED
Enabled TLS 1.1 (RFC 4346) and TLS 1.2 (RFC 5246) by default
CHANGED
Added support for SPDY 3.1 protocol
DEVELOPER
Ability to reset style sheets using 'all:unset'
DEVELOPER
You can now choose to deobfuscate javascript in the debugger (see 762761)
DEVELOPER
Added support for scrolled fieldsets (see 261037)
DEVELOPER
Implemented allow-popups directive for iframe sandbox, enabling increased security (see 766282)
DEVELOPER
CSS cursor keywords -moz-grab and -moz-grabbing have been unprefixed (see 880672)
DEVELOPER
Added support for ES6 generators in SpiderMonkey (see blog post)
DEVELOPER
Implemented support for mathematical function Math.hypot() in ES6 (see 896264)
HTML5
Dashed line support on Canvas (see 768067)
FIXED
Get Azure/Skia content rendering working on Linux (see 740200)
FIXED
27.0: Security fixes can be found here
Fixed in Firefox 27
MFSA 2014-13 Inconsistent JavaScript handling of access to Window objects
MFSA 2014-12 NSS ticket handling issues
MFSA 2014-11 Crash when using web workers with asm.js
MFSA 2014-10 Firefox default start page UI content invokable by script
MFSA 2014-09 Cross-origin information leak through web workers
MFSA 2014-08 Use-after-free with imgRequestProxy and image proccessing
MFSA 2014-07 XSLT stylesheets treated as styles in Content Security Policy
MFSA 2014-06 Profile path leaks to Android system log
MFSA 2014-05 Information disclosure with *FromPoint on iframes
MFSA 2014-04 Incorrect use of discarded images by RasterImage
MFSA 2014-03 UI selection timeout missing on download prompts
MFSA 2014-02 Clone protected content with XBL scopes
MFSA 2014-01 Miscellaneous memory safety hazards (rv:27.0 / rv:24.3)
@
text
@d3 1
a3 1
--- config/system-headers.orig 2014-01-28 04:03:35.000000000 +0000
@
1.4
log
@Update to 26.0
* Build outside WRKSRC, fix build
Changelog:
NEW
All Java plug-ins are defaulted to 'click to play'
NEW
Password manager now supports script-generated password fields
NEW
Updates can now be performed by Windows users without write permissions to Firefox install directory (requires Mozilla Maintenance Service)
NEW
Support for H.264 on Linux if the appropriate gstreamer plug-ins are installed
CHANGED
Support for MP3 decoding on Windows XP, completing MP3 support across Windows OS versions
CHANGED
CSP implementation now supports multiple policies, including the case of both an enforced and Report-Only policy, per the spec
DEVELOPER
Social API now supports Social Bookmarking for multiple providers through its SocialMarks functionality (see MDN docs)
DEVELOPER
Math.ToFloat32 takes a JS value and converts it to a Float32, whenever possible
DEVELOPER
There is no longer a prompt when websites use appcache
DEVELOPER
Support for the CSS image orientation property
DEVELOPER
New App Manager allows you to deploy and debug HTML5 webapps on Firefox OS phones and the Firefox OS Simulator
DEVELOPER
IndexedDB can now be used as a "optimistic" storage area so it doesn't require any prompts and data is stored in a pool with LRU eviction policy, in short temporary storage
FIXED
When displaying a standalone image, Firefox matches the EXIF orientation information contained within the JPEG image (298619)
FIXED
Text Rendering Issues on Windows 7 with Platform Update KB2670838 (MSIE 10 Prerequisite) or on Windows 8.1 (812695)
FIXED
Improved page load times due to no longer decoding images that aren't visible (847223)
FIXED
AudioToolbox MP3 backend for OSX (914479)
FIXED
Various security fixes
Fixed in Firefox 26
MFSA 2013-117 Mis-issued ANSSI/DCSSI certificate
MFSA 2013-116 JPEG information leak
MFSA 2013-115 GetElementIC typed array stubs can be generated outside observed typesets
MFSA 2013-114 Use-after-free in synthetic mouse movement
MFSA 2013-113 Trust settings for built-in roots ignored during EV certificate validation
MFSA 2013-112 Linux clipboard information disclosure though selection paste
MFSA 2013-111 Segmentation violation when replacing ordered list elements
MFSA 2013-110 Potential overflow in JavaScript binary search algorithms
MFSA 2013-109 Use-after-free during Table Editing
MFSA 2013-108 Use-after-free in event listeners
MFSA 2013-107 Sandbox restrictions not applied to nested object elements
MFSA 2013-106 Character encoding cross-origin XSS attack
MFSA 2013-105 Application Installation doorhanger persists on navigation
MFSA 2013-104 Miscellaneous memory safety hazards (rv:26.0 / rv:24.2)
@
text
@d1 1
a1 1
$NetBSD: patch-config_system-headers,v 1.3 2013/11/02 22:57:55 ryoon Exp $
d3 1
a3 1
--- config/system-headers.orig 2013-12-05 16:07:23.000000000 +0000
@
1.3
log
@Update to 25.0
* Enable pulseaudio by default, OSS support is dropped, and ALSA support
on NetBSD does not work properly for me
* Enable GStremer support for non-webm and non-theora video support
* Create alsa option, and enabled on Linux by default
Changelog:
NEW
Web Audio support
NEW
The find bar is no longer shared between tabs
CHANGED
If away from Firefox for months, you now will be offered the option to reset it to its default state while preserving your essential information
CHANGED
Resetting Firefox no longer clears your browsing session
DEVELOPER
CSS3 background-attachment:local support to control background scrolling
DEVELOPER
Many new ES6 functions implemented
HTML5
iframe document content can now be specified inline
FIXED
Blank or missing page thumbnails when opening a new tab
FIXED
Security fixes can be found here
Fixed in Firefox 25
MFSA 2013-102 Use-after-free in HTML document templates
MFSA 2013-101 Memory corruption in workers
MFSA 2013-100 Miscellaneous use-after-free issues found through ASAN fuzzing
MFSA 2013-99 Security bypass of PDF.js checks using iframes
MFSA 2013-98 Use-after-free when updating offline cache
MFSA 2013-97 Writing to cycle collected object during image decoding
MFSA 2013-96 Improperly initialized memory and overflows in some JavaScript functions
MFSA 2013-95 Access violation with XSLT and uninitialized data
MFSA 2013-94 Spoofing addressbar though SELECT element
MFSA 2013-93 Miscellaneous memory safety hazards (rv:25.0 / rv:24.1 / rv:17.0.10)
@
text
@d1 1
a1 1
$NetBSD: patch-config_system-headers,v 1.2 2013/09/19 12:37:49 ryoon Exp $
d3 1
a3 1
--- config/system-headers.orig 2013-10-25 22:27:10.000000000 +0000
d5 5
a9 23
@@@@ -469,6 +469,7 @@@@ IOKit/IOMessage.h
IOKit/pwr_mgt/IOPMLib.h
iomanip
ios
+iosfwd
iostream
iostream.h
iterator
@@@@ -1132,3 +1133,14 @@@@ kvm.h
spawn.h
err.h
xlocale.h
+#if MOZ_NATIVE_ICU==1
+unicode/locid.h
+unicode/numsys.h
+unicode/ucal.h
+unicode/ucol.h
+unicode/udat.h
+unicode/udatpg.h
+unicode/uenum.h
+unicode/unum.h
+unicode/ustring.h
+#endif
@
1.2
log
@Update to 24.0, ESR edition.
* Merge some patches via FreeBSD ports.
* Tested on NetBSD/amd64 6.99.23 and DragonFly/amd64 3.4.1.
* Use system hunspell dictionaries.
* DuckDuckGo search window.
* Enable system icu support.
Changelog:
NEW
Support for new scrollbar style in Mac OS X 10.7 and newer
NEW
Implemented Close tabs to the right
NEW
Social: Ability to tear-off chat windows to view separately by simply dragging them out
CHANGED
Accessibility related improvements on using pinned tabs (see 577727)
CHANGED
Removed support for Revocation Lists feature (see 867465)
CHANGED
Performance improvements on New Tab Page loads (see 791670)
DEVELOPER
Major SVG rendering improvements around Image tiling and scaling (see 600207 )
DEVELOPER
Improved and unified Browser console for enhanced debugging experience, replacing existing Error console
DEVELOPER
Removed support for sherlock files that are loaded from application or profile directory
FIXED
Replace fixed-ratio audio resampler in webrtc.org capture code with Speex resampler and eliminate pseudo-44000Hz rate ( see 886886)
FIXED
24.0: Security fixes can be found here
Fixed in Firefox 24
MFSA 2013-92 GC hazard with default compartments and frame chain restoration
MFSA 2013-91 User-defined properties on DOM proxies get the wrong "this" object
MFSA 2013-90 Memory corruption involving scrolling
MFSA 2013-89 Buffer overflow with multi-column, lists, and floats
MFSA 2013-88 compartment mismatch re-attaching XBL-backed nodes
MFSA 2013-87 Shared object library loading from writable location
MFSA 2013-86 WebGL Information disclosure through OS X NVIDIA graphic drivers
MFSA 2013-85 Uninitialized data in IonMonkey
MFSA 2013-84 Same-origin bypass through symbolic links
MFSA 2013-83 Mozilla Updater does not lock MAR file after signature verification
MFSA 2013-82 Calling scope for new Javascript objects can lead to memory corruption
MFSA 2013-81 Use-after-free with select element
MFSA 2013-80 NativeKey continues handling key messages after widget is destroyed
MFSA 2013-79 Use-after-free in Animation Manager during stylesheet cloning
MFSA 2013-78 Integer overflow in ANGLE library
MFSA 2013-77 Improper state in HTML5 Tree Builder with templates
MFSA 2013-76 Miscellaneous memory safety hazards (rv:24.0 / rv:17.0.9)
@
text
@d1 1
a1 1
$NetBSD: patch-config_system-headers,v 1.1 2013/05/23 13:12:13 ryoon Exp $
d3 1
a3 1
--- config/system-headers.orig 2013-09-10 03:43:23.000000000 +0000
d5 9
a13 1
@@@@ -1132,3 +1132,14 @@@@ kvm.h
@
1.1
log
@Bump PKGREVISION.
* Remove reference to devel/xulrunner.
* Move some common files for firefox/xulrunner-21.0.
* Move patches from devel/sulrunner.
* Take MAINTAINERship.
@
text
@d1 1
a1 1
$NetBSD: patch-config_system-headers,v 1.5 2013/05/19 08:47:41 ryoon Exp $
d3 1
a3 1
--- config/system-headers.orig 2013-05-11 19:19:23.000000000 +0000
d5 1
a5 3
@@@@ -1126,3 +1126,5 @@@@ sys/thr.h
sys/user.h
kvm.h
d7 13
a19 2
+err.h
+xlocale.h
@