head 1.3; access; symbols pkgsrc-2018Q1:1.2.0.4 pkgsrc-2018Q1-base:1.2 pkgsrc-2017Q4:1.2.0.2 pkgsrc-2017Q4-base:1.2 pkgsrc-2017Q3:1.1.0.10 pkgsrc-2017Q3-base:1.1 pkgsrc-2017Q2:1.1.0.6 pkgsrc-2017Q2-base:1.1 pkgsrc-2017Q1:1.1.0.4 pkgsrc-2017Q1-base:1.1 pkgsrc-2016Q4:1.1.0.2 pkgsrc-2016Q4-base:1.1; locks; strict; comment @// @; 1.3 date 2018.05.10.20.01.53; author ryoon; state dead; branches; next 1.2; commitid xD42Z67JHKvGXMBA; 1.2 date 2017.09.30.05.34.12; author ryoon; state Exp; branches; next 1.1; commitid FvJcfB7R3sEnib9A; 1.1 date 2016.12.03.09.58.26; author ryoon; state Exp; branches; next ; commitid uIUIk0K6tuQSqwwz; desc @@ 1.3 log @Update to 60.0 * Remove untested patches including NetBSD/earm support Changelog: New Added a policy engine that allows customized Firefox deployments in enterprise environments, using Windows Group Policy or a cross-platform JSON file Enhancements to New Tab / Firefox Home Responsive layout that shows more content for users with wide-screen displays Highlights section includes web sites saved to Pocket More options to reorder sections and content on the page Pocket Sponsored Stories will appear for a percentage of users in the US. Read about our privacy-conscious approach to sponsored content Redesigned Cookies and Site Storage section in Preferences for greater clarity and control of first- and third-party cookies Applied Quantum CSS to render browser UI Added support for Web Authentication API, which allows USB tokens for website authentication Enhanced camera privacy indicators: Firefox now turns off your camera and the camera's light when you disable video recording, and turns the camera and light on when you resume recording Added an option for Linux users to show or hide page titles in a bar at the top of the browser. You'll find the Title Bar option in the Customize panel available from the main browser menu. Improved WebRTC audio performance and playback for Linux users Locale added: Occitan (oc) Fixed Various security fixes Changed #CVE-2018-5154: Use-after-free with SVG animations and clip paths #CVE-2018-5155: Use-after-free with SVG animations and text paths #CVE-2018-5157: Same-origin bypass of PDF Viewer to view protected PDF files #CVE-2018-5158: Malicious PDF can inject JavaScript into PDF Viewer #CVE-2018-5159: Integer overflow and out-of-bounds write in Skia #CVE-2018-5160: Uninitialized memory use by WebRTC encoder #CVE-2018-5152: WebExtensions information leak through webRequest API #CVE-2018-5153: Out-of-bounds read in mixed content websocket messages #CVE-2018-5163: Replacing cached data in JavaScript Start-up Bytecode Cache #CVE-2018-5164: CSP not applied to all multipart content sent with multipart/x-mixed-replace #CVE-2018-5166: WebExtension host permission bypass through filterReponseData #CVE-2018-5167: Improper linkification of chrome: and javascript: content in web console and JavaScript debugger #CVE-2018-5168: Lightweight themes can be installed without user interaction #CVE-2018-5169: Dragging and dropping link text onto home button can set home page to include chrome pages #CVE-2018-5172: Pasted script from clipboard can run in the Live Bookmarks page or PDF viewer #CVE-2018-5173: File name spoofing of Downloads panel with Unicode characters #CVE-2018-5174: Windows Defender SmartScreen UI runs with less secure behavior for downloaded files in Windows 10 April 2018 Update #CVE-2018-5175: Universal CSP bypass on sites using strict-dynamic in their policies #CVE-2018-5176: JSON Viewer script injection #CVE-2018-5177: Buffer overflow in XSLT during number formatting #CVE-2018-5165: Checkbox for enabling Flash protected mode is inverted in 32-bit Firefox #CVE-2018-5180: heap-use-after-free in mozilla::WebGLContext::DrawElementsInstanced #CVE-2018-5181: Local file can be displayed in noopener tab through drag and drop of hyperlink #CVE-2018-5182: Local file can be displayed from hyperlink dragged and dropped on addressbar #CVE-2018-5151: Memory safety bugs fixed in Firefox 60 #CVE-2018-5150: Memory safety bugs fixed in Firefox 60 and Firefox ESR 52.8 @ text @$NetBSD: patch-dom_media_AudioStream.cpp,v 1.2 2017/09/30 05:34:12 ryoon Exp $ --- dom/media/AudioStream.cpp.orig 2017-09-14 20:15:56.000000000 +0000 +++ dom/media/AudioStream.cpp @@@@ -115,7 +115,9 @@@@ AudioStream::AudioStream(DataSource& aSo : mMonitor("AudioStream") , mChannels(0) , mOutChannels(0) +#ifndef MOZ_SYSTEM_SOUNDTOUCH , mTimeStretcher(nullptr) +#endif , mDumpFile(nullptr) , mState(INITIALIZED) , mDataSource(aSource) @@@@ -135,9 +137,11 @@@@ AudioStream::~AudioStream() if (mDumpFile) { fclose(mDumpFile); } +#ifndef MOZ_SYSTEM_SOUNDTOUCH if (mTimeStretcher) { soundtouch::destroySoundTouchObj(mTimeStretcher); } +#endif #if defined(XP_WIN) if (XRE_IsContentProcess()) { audio::AudioNotificationReceiver::Unregister(this); @@@@ -161,7 +165,11 @@@@ nsresult AudioStream::EnsureTimeStretche { mMonitor.AssertCurrentThreadOwns(); if (!mTimeStretcher) { +#ifdef MOZ_SYSTEM_SOUNDTOUCH + mTimeStretcher = new soundtouch::SoundTouch(); +#else mTimeStretcher = soundtouch::createSoundTouchObj(); +#endif mTimeStretcher->setSampleRate(mAudioClock.GetInputRate()); mTimeStretcher->setChannels(mOutChannels); mTimeStretcher->setPitch(1.0); @ 1.2 log @Update to 56.0 New Launched Firefox Screenshots, a feature that lets users take, save, and share screenshots without leaving the browser Added support for address form autofill (en-US only) Updated Preferences Added search tool so users can find a specific setting quickly Reorganized preferences so users can more easily scan settings Rewrote descriptions so users can better understand choices and how they affect browsing Revised data collection choices so they align with updated Privacy Notice and data collection strategy Media opened in a background tab will not play until the tab is selected Improved Send Tabs feature of Sync for iOS and Android, and Send Tabs can be discovered even by users without a Firefox Account Changed Replaced character encoding converters with a new Encoding Standard-compliant implementation written in Rust Added hardware acceleration for AES-GCM Updated the Safe Browsing protocol to version 4 Reduced update download file size by approximately 20 percent Improved security for verifying update downloads Developer Added Layout Panel to CSS Grid DevTools @ text @d1 1 a1 1 $NetBSD: patch-dom_media_AudioStream.cpp,v 1.1 2016/12/03 09:58:26 ryoon Exp $ @ 1.1 log @Update to 50.0.2 * Change default audio support to ALSA. You can use OSS or pulseaudio via ALSA plugin package. Changelog: 50.0.2: Fixed in Firefox 50.0.2 #CVE-2016-9079: Use-after-free in SVG Animation 50.0.1: Fixed *Firefox crashes with 3rd party Chinese IME when using IME text Security vulnerabilities fixed in Firefox 50.0.1: #CVE-2016-9078: data: URL can inherit wrong origin after an HTTP redirect 50.0: New *Playback video on more sites without plugins with WebM EME Support for Widevine on Windows and Mac *Improved performance for SDK extensions or extensions using the SDK module loader *Added download protection for a large number of executable file types on Windows, Mac and Linux *Increased availability of WebGL to more than 98 percent of users on Windows 7 and newer *Added Guarani (gn) locale *Added option to Find in page that allows users to limit search to whole words only *Updates to keyboard shortcuts *Set a preference to have Ctrl+Tab cycle through tabs in recently used order *View a page in Reader Mode by using Ctrl+Alt+R (command+alt+r on Mac) Fixed *Login cookies are now saved for sites with a high number of cookies (Bug 1264192) *Various security fixes *Fixed rendering of dashed and dotted borders with rounded corners (border-radius) Changed *The link to check for plugin security updates has been removed from the addon manager as Firefox automatically checks for plugin updates *Blocked versions of libavcodec older than 54.35.1 *Added a built-in Emoji set for operating systems without native Emoji fonts (Windows 8.0 and lower and Linux) Developer *Changes for web developers Security vulnerabilities fixed in Firefox 50: #CVE-2016-5296: Heap-buffer-overflow WRITE in rasterize_edges_1 #CVE-2016-5292: URL parsing causes crash #CVE-2016-5293: Write to arbitrary file with Mozilla Updater and Maintenance Service using updater.log hardlink #CVE-2016-5294: Arbitrary target directory for result files of update process #CVE-2016-5297: Incorrect argument length checking in JavaScript #CVE-2016-9064: Add-ons update must verify IDs match between current and new versions #CVE-2016-9065: Firefox for Android location bar spoofing using fullscreen #CVE-2016-9066: Integer overflow leading to a buffer overflow in nsScriptLoadHandler #CVE-2016-9067: heap-use-after-free in nsINode::ReplaceOrInsertBefore #CVE-2016-9068: heap-use-after-free in nsRefreshDriver #CVE-2016-9072: 64-bit NPAPI sandbox isn't enabled on fresh profile #CVE-2016-9075: WebExtensions can access the mozAddonManager API and use it to gain elevated privileges #CVE-2016-9077: Canvas filters allow feDisplacementMaps to be applied to cross-origin images, allowing timing attacks on them #CVE-2016-5291: Same-origin policy violation using local HTML file and saved shortcut file #CVE-2016-5295: Mozilla Maintenance Service: Ability to read arbitrary files as SYSTEM #CVE-2016-5298: SSL indicator can mislead the user about the real URL visited #CVE-2016-5299: Firefox AuthToken in broadcast protected with signature-level permission can be accessed by an application installed beforehand that defines the same permissionsPI key (glocation) in broadcast protected with signature-level permission can be accessed by an application installed beforehand that defines the same permissions #CVE-2016-9062: Private browsing browser traces (Android) in browser.db and wal file #CVE-2016-9070: Sidebar bookmark can have reference to chrome window #CVE-2016-9073: windows.create schema doesn't specify "format": "relativeUrl" #CVE-2016-9074: Insufficient timing side-channel resistance in divSpoiler #CVE-2016-9076: select dropdown menu can be used for URL bar spoofing on e10s #CVE-2016-9063: Possible integer overflow to fix inside XML_Parse in Expat #CVE-2016-9071: Probe browser history via HSTS/301 redirect + CSP #CVE-2016-5289: Memory safety bugs fixed in Firefox 50 #CVE-2016-5290: Memory safety bugs fixed in Firefox 50 and Firefox ESR 45.5 @ text @d1 1 a1 1 $NetBSD$ d3 1 a3 1 --- dom/media/AudioStream.cpp.orig 2016-10-31 20:15:33.000000000 +0000 d15 1 a15 1 @@@@ -130,9 +132,11 @@@@ AudioStream::~AudioStream() d24 4 a27 4 } size_t @@@@ -151,7 +155,11 @@@@ nsresult AudioStream::EnsureTimeStretche @