head	1.3;
access;
symbols
	pkgsrc-2016Q1:1.2.0.10
	pkgsrc-2016Q1-base:1.2
	pkgsrc-2015Q4:1.2.0.8
	pkgsrc-2015Q4-base:1.2
	pkgsrc-2015Q3:1.2.0.6
	pkgsrc-2015Q3-base:1.2
	pkgsrc-2015Q2:1.2.0.4
	pkgsrc-2015Q2-base:1.2
	pkgsrc-2015Q1:1.2.0.2
	pkgsrc-2015Q1-base:1.2
	pkgsrc-2014Q4:1.1.0.6
	pkgsrc-2014Q4-base:1.1
	pkgsrc-2014Q3:1.1.0.4
	pkgsrc-2014Q3-base:1.1
	pkgsrc-2014Q2:1.1.0.2
	pkgsrc-2014Q2-base:1.1;
locks; strict;
comment	@// @;


1.3
date	2016.06.16.12.08.21;	author ryoon;	state dead;
branches;
next	1.2;
commitid	LAwegbTYgLLjCGaz;

1.2
date	2015.02.28.04.30.55;	author ryoon;	state Exp;
branches;
next	1.1;
commitid	Y4EEeVfm51r1kJby;

1.1
date	2014.05.30.03.03.36;	author pho;	state Exp;
branches;
next	;
commitid	SyhQGFZ06rmWDvCx;


desc
@@


1.3
log
@Update to 47.0

* Remove macOS patches, because I cannot confirm them sadly

Changelog:
New
    Support for Google’s Widevine CDM on Windows and Mac OS X so streaming services like Amazon Video can switch from Silverlight to encrypted HTML5 video.
    Enable VP9 video codec for users with fast machines
    Embedded YouTube videos now play with HTML5 video if Flash is not installed.
    View and search open tabs from your smartphone or another computer in a sidebar
    Allow no-cache on back/forward navigations for https resources
    Latgalu [ltg] locale added. Wikipedia tells us there are 164,500 daily speakers.

Fixed
    Various security fixes

Changed
    FUEL (Firefox User Extension Library) has been removed. Add-ons relying on it will stop working.
    The browser.sessionstore.restore_on_demand preference has been reset to its default value (true) to avoid e10s performance problems. Because faster is better!
    The Firefox click-to-activate plugin whitelist has been removed.
    XRender is no longer used for rendering web content on Linux as this may cause a regression in remote X performance

Developer
    Web platform changes
    View, start,and debug registered Service Workers in the Service Workers developer tool
    Simulate Push messages in the Service Workers developer tool
    'Start' button for service workers in about:debugging to start registered Service Workers
    Changes that can affect add-on compatibility
    Added support for ChaCha20/Poly1305 cipher suites
    Custom user agents supported in Responsive Design Mode
    Smart multi-line input in the Web Console

Developer Information
HTML5
    cuechange events are now available on TextTrack objects
    WebCrypto: PBKDF2 supports SHA-2 hash algorithms
    WebCrypto: RSA-PSS signature support


Fixed in Firefox 47
    2016-61 Network Security Services (NSS) vulnerabilities
    2016-60 Java applets bypass CSP protections
    2016-59 Information disclosure of disabled plugins through CSS pseudo-classes
    2016-58 Entering fullscreen and persistent pointerlock without user permission
    2016-57 Incorrect icon displayed on permissions notifications
    2016-56 Use-after-free when textures are used in WebGL operations after recycle pool destruction
    2016-55 File overwrite and privilege escalation through Mozilla Windows updater
    2016-54 Partial same-origin-policy through setting location.host through data URI
    2016-53 Out-of-bounds write with WebGL shader
    2016-52 Addressbar spoofing though the SELECT element
    2016-51 Use-after-free deleting tables from a contenteditable document
    2016-50 Buffer overflow parsing HTML5 fragments
    2016-49 Miscellaneous memory safety hazards (rv:47.0 / rv:45.2)
@
text
@$NetBSD: patch-dom_plugins_ipc_PluginProcessChild.cpp,v 1.2 2015/02/28 04:30:55 ryoon Exp $

Just because OS_ARCH is Darwin does not mean
libplugin_child_interpose.dylib is used.

--- dom/plugins/ipc/PluginProcessChild.cpp.orig	2015-02-17 21:40:45.000000000 +0000
+++ dom/plugins/ipc/PluginProcessChild.cpp
@@@@ -56,7 +56,7 @@@@ PluginProcessChild::Init()
 {
     nsDebugImpl::SetMultiprocessMode("NPAPI");
 
-#if defined(XP_MACOSX)
+#if defined(MOZ_WIDGET_COCOA)
     // Remove the trigger for "dyld interposing" that we added in
     // GeckoChildProcessHost::PerformAsyncLaunchInternal(), in the host
     // process just before we were launched.  Dyld interposing will still
@


1.2
log
@Update to 36.0

Changelog:
New Pinned tiles on the new tab page can be synced
New Support for the full HTTP/2 protocol. HTTP/2 enables a faster, more scalable, and more responsive web.
New Locale added: Uzbek (uz)
Changed -remote option removed
Changed No longer accept insecure RC4 ciphers whenever possible
Changed Phasing out Certificates with 1024-bit RSA Keys
Changed Shut down hangs will now show the crash reporter before exiting the program
Changed Add-on Compatibility
HTML5 Support for the ECMAScript 6 Symbol data type added
HTML5 unicode-range CSS descriptor implemented
HTML5 CSSOM-View scroll behavior implemented allowing smooth scrolling of content without custom libraries
HTML5 object-fit and object-position implemented.
      Defines how and where the content of a replaced element is displayed
HTML5 isolation CSS property implemented.
      Create a new stacking context to isolate groups of boxes to control which blend together
HTML5 CSS3 will-change property implemented.
      Hints the browser of elements that will be modified. The browser will perform some performance optimization for these
HTML5 Changed JavaScript 'const' semantics to conform better to the ES6 specification.
      The const declaration is now block-scoped and requires an initializer. It also can not be redeclared anymore.
HTML5 Improved ES6 generators for better performance
Developer Eval sources now appear in the Debugger
          Debug JavaScript code that is evaluated dynamically, either as a string passed to eval() or as a string passed to the Function constructor
Developer DOM Promises inspection
Developer Inspector: More paste options in markup view
Fixed CSS gradients work on premultiplied colors
Fixed Fix some unexpected logout from Facebook or Google after restart
Fixed Various security fixes

Fixed in Firefox 36
    2015-27 Caja Compiler JavaScript sandbox bypass
    2015-26 UI Tour whitelisted sites in background tab can spoof foreground tabs
    2015-25 Local files or privileged URLs in pages can be opened into new tabs
    2015-24 Reading of local files through manipulation of form autocomplete
    2015-23 Use-after-free in Developer Console date with OpenType Sanitiser
    2015-22 Crash using DrawTarget in Cairo graphics library
    2015-21 Buffer underflow during MP3 playback
    2015-20 Buffer overflow during CSS restyling
    2015-19 Out-of-bounds read and write while rendering SVG content
    2015-18 Double-free when using non-default memory allocators with a zero-length XHR
    2015-17 Buffer overflow in libstagefright during MP4 video playback
    2015-16 Use-after-free in IndexedDB
    2015-15 TLS TURN and STUN connections silently fail to simple TCP connections
    2015-14 Malicious WebGL content crash when writing strings
    2015-13 Appended period to hostnames can bypass HPKP and HSTS protections
    2015-12 Invoking Mozilla updater will load locally stored DLL files
    2015-11 Miscellaneous memory safety hazards (rv:36.0 / rv:31.5)
@
text
@d1 1
a1 1
$NetBSD: patch-dom_plugins_ipc_PluginProcessChild.cpp,v 1.1 2014/05/30 03:03:36 pho Exp $
@


1.1
log
@PR pkg/48840: Don't assume cocoa toolkit just because OS_ARCH is Darwin
@
text
@d1 1
a1 1
$NetBSD$
d6 1
a6 1
--- dom/plugins/ipc/PluginProcessChild.cpp.orig	2014-05-06 22:55:25.000000000 +0000
d8 1
a8 3
@@@@ -42,7 +42,7 @@@@ namespace plugins {
 bool
 PluginProcessChild::Init()
d10 2
@