head	1.5;
access;
symbols
	pkgsrc-2017Q1:1.4.0.8
	pkgsrc-2017Q1-base:1.4
	pkgsrc-2016Q4:1.4.0.6
	pkgsrc-2016Q4-base:1.4
	pkgsrc-2016Q3:1.4.0.4
	pkgsrc-2016Q3-base:1.4
	pkgsrc-2016Q2:1.4.0.2
	pkgsrc-2016Q2-base:1.4
	pkgsrc-2016Q1:1.3.0.18
	pkgsrc-2016Q1-base:1.3
	pkgsrc-2015Q4:1.3.0.16
	pkgsrc-2015Q4-base:1.3
	pkgsrc-2015Q3:1.3.0.14
	pkgsrc-2015Q3-base:1.3
	pkgsrc-2015Q2:1.3.0.12
	pkgsrc-2015Q2-base:1.3
	pkgsrc-2015Q1:1.3.0.10
	pkgsrc-2015Q1-base:1.3
	pkgsrc-2014Q4:1.3.0.8
	pkgsrc-2014Q4-base:1.3
	pkgsrc-2014Q3:1.3.0.6
	pkgsrc-2014Q3-base:1.3
	pkgsrc-2014Q2:1.3.0.4
	pkgsrc-2014Q2-base:1.3
	pkgsrc-2014Q1:1.3.0.2
	pkgsrc-2014Q1-base:1.3
	pkgsrc-2013Q4:1.1.0.4
	pkgsrc-2013Q4-base:1.1
	pkgsrc-2013Q3:1.1.0.2
	pkgsrc-2013Q3-base:1.1;
locks; strict;
comment	@// @;


1.5
date	2017.06.14.11.28.44;	author ryoon;	state dead;
branches;
next	1.4;
commitid	TvqH8xBKhv2gJkVz;

1.4
date	2016.06.16.12.08.21;	author ryoon;	state Exp;
branches;
next	1.3;
commitid	LAwegbTYgLLjCGaz;

1.3
date	2014.02.20.13.19.03;	author ryoon;	state Exp;
branches;
next	1.2;
commitid	T9GvdtUIEdEreQpx;

1.2
date	2014.02.08.09.36.00;	author ryoon;	state Exp;
branches;
next	1.1;
commitid	ggxuC0XAcatWnhox;

1.1
date	2013.07.17.11.00.13;	author jperkin;	state Exp;
branches;
next	;
commitid	ChOTp6rsavaYsOXw;


desc
@@


1.5
log
@Update to 54.0

* If your 54.0 is unstable, please disable e10s with
  browser.tabs.remote.autostart.2=false (this works at least for me)

Changelog:

New
    Simplified the download button and download status panel
    Added support for multiple content processes (e10s-multi)
    Added Burmese (my) locale

Fixed
    Various security fixes

Changed
    Moved the mobile bookmarks folder to the main bookmarks menu for easier access

Security fixes:
 #CVE-2017-5472: Use-after-free using destroyed node when regenerating trees
 #CVE-2017-7749: Use-after-free during docshell reloading
 #CVE-2017-7750: Use-after-free with track elements
 #CVE-2017-7751: Use-after-free with content viewer listeners
 #CVE-2017-7752: Use-after-free with IME input
 #CVE-2017-7754: Out-of-bounds read in WebGL with ImageInfo object
 #CVE-2017-7755: Privilege escalation through Firefox Installer with same directory DLL files
 #CVE-2017-7756: Use-after-free and use-after-scope logging XHR header errors
 #CVE-2017-7757: Use-after-free in IndexedDB
 #CVE-2017-7778: Vulnerabilities in the Graphite 2 library
 #CVE-2017-7758: Out-of-bounds read in Opus encoder
 #CVE-2017-7759: Android intent URLs can cause navigation to local file system
 #CVE-2017-7760: File manipulation and privilege escalation via callback parameter in Mozilla Windows Updater and Maintenance Service
 #CVE-2017-7761: File deletion and privilege escalation through Mozilla Maintenance Service helper.exe application
 #CVE-2017-7762: Addressbar spoofing in Reader mode
 #CVE-2017-7763: Mac fonts render some unicode characters as spaces
 #CVE-2017-7764: Domain spoofing with combination of Canadian Syllabics and other unicode blocks
 #CVE-2017-7765: Mark of the Web bypass when saving executable files
 #CVE-2017-7766: File execution and privilege escalation through updater.ini, Mozilla Windows Updater, and Mozilla Maintenance Service
 #CVE-2017-7767: Privilege escalation and arbitrary file overwrites through Mozilla Windows Updater and Mozilla Maintenance Service
 #CVE-2017-7768: 32 byte arbitrary file read through Mozilla Maintenance Service
 #CVE-2017-7770: Addressbar spoofing with JavaScript events and fullscreen mode
 #CVE-2017-5471: Memory safety bugs fixed in Firefox 54
 #CVE-2017-5470: Memory safety bugs fixed in Firefox 54 and Firefox ESR 52.2
@
text
@$NetBSD: patch-gfx_graphite2_src_Bidi.cpp,v 1.4 2016/06/16 12:08:21 ryoon Exp $

* Support Solaris

--- gfx/graphite2/src/Bidi.cpp.orig	2013-05-11 19:19:30.000000000 +0000
+++ gfx/graphite2/src/Bidi.cpp
@@@@ -30,6 +30,11 @@@@ of the License or (at your option) any l
 
 using namespace graphite2;
 
+#ifdef __sun
+#undef CS
+#undef ES
+#endif
+
 enum DirCode {  // Hungarian: dirc
         Unk        = -1,
         N          =  0,   // other neutrals (default) - ON
@


1.4
log
@Update to 47.0

* Remove macOS patches, because I cannot confirm them sadly

Changelog:
New
    Support for Google’s Widevine CDM on Windows and Mac OS X so streaming services like Amazon Video can switch from Silverlight to encrypted HTML5 video.
    Enable VP9 video codec for users with fast machines
    Embedded YouTube videos now play with HTML5 video if Flash is not installed.
    View and search open tabs from your smartphone or another computer in a sidebar
    Allow no-cache on back/forward navigations for https resources
    Latgalu [ltg] locale added. Wikipedia tells us there are 164,500 daily speakers.

Fixed
    Various security fixes

Changed
    FUEL (Firefox User Extension Library) has been removed. Add-ons relying on it will stop working.
    The browser.sessionstore.restore_on_demand preference has been reset to its default value (true) to avoid e10s performance problems. Because faster is better!
    The Firefox click-to-activate plugin whitelist has been removed.
    XRender is no longer used for rendering web content on Linux as this may cause a regression in remote X performance

Developer
    Web platform changes
    View, start,and debug registered Service Workers in the Service Workers developer tool
    Simulate Push messages in the Service Workers developer tool
    'Start' button for service workers in about:debugging to start registered Service Workers
    Changes that can affect add-on compatibility
    Added support for ChaCha20/Poly1305 cipher suites
    Custom user agents supported in Responsive Design Mode
    Smart multi-line input in the Web Console

Developer Information
HTML5
    cuechange events are now available on TextTrack objects
    WebCrypto: PBKDF2 supports SHA-2 hash algorithms
    WebCrypto: RSA-PSS signature support


Fixed in Firefox 47
    2016-61 Network Security Services (NSS) vulnerabilities
    2016-60 Java applets bypass CSP protections
    2016-59 Information disclosure of disabled plugins through CSS pseudo-classes
    2016-58 Entering fullscreen and persistent pointerlock without user permission
    2016-57 Incorrect icon displayed on permissions notifications
    2016-56 Use-after-free when textures are used in WebGL operations after recycle pool destruction
    2016-55 File overwrite and privilege escalation through Mozilla Windows updater
    2016-54 Partial same-origin-policy through setting location.host through data URI
    2016-53 Out-of-bounds write with WebGL shader
    2016-52 Addressbar spoofing though the SELECT element
    2016-51 Use-after-free deleting tables from a contenteditable document
    2016-50 Buffer overflow parsing HTML5 fragments
    2016-49 Miscellaneous memory safety hazards (rv:47.0 / rv:45.2)
@
text
@d1 1
a1 1
$NetBSD: patch-gfx_graphite2_src_Bidi.cpp,v 1.3 2014/02/20 13:19:03 ryoon Exp $
@


1.3
log
@Update to 27.0.1

* Fix some syscall definitions in JavaScript are fixed.
  Thank you, tho@@.

Changelog:
FIXED
27.0.1 - Fixed stability issues with Greasemonkey and other JS that used ClearTimeoutOrInterval
FIXED
27.0.1 - JS math correctness issue (bug 941381
@
text
@d1 3
a3 1
$NetBSD: patch-gfx_graphite2_src_Bidi.cpp,v 1.1 2013/07/17 11:00:13 jperkin Exp $
@


1.2
log
@Update to 27.0

Changelog:
NEW
You can now run more than one service at a time with Firefox SocialAPI, allowing you to receive notifications, chat and more from multiple integrated services
CHANGED
Enabled TLS 1.1 (RFC 4346) and TLS 1.2 (RFC 5246) by default
CHANGED
Added support for SPDY 3.1 protocol
DEVELOPER
Ability to reset style sheets using 'all:unset'
DEVELOPER
You can now choose to deobfuscate javascript in the debugger (see 762761)
DEVELOPER
Added support for scrolled fieldsets (see 261037)
DEVELOPER
Implemented allow-popups directive for iframe sandbox, enabling increased security (see 766282)
DEVELOPER
CSS cursor keywords -moz-grab and -moz-grabbing have been unprefixed (see 880672)
DEVELOPER
Added support for ES6 generators in SpiderMonkey (see blog post)
DEVELOPER
Implemented support for mathematical function Math.hypot() in ES6 (see 896264)
HTML5
Dashed line support on Canvas (see 768067)
FIXED
Get Azure/Skia content rendering working on Linux (see 740200)
FIXED
27.0: Security fixes can be found here

Fixed in Firefox 27
MFSA 2014-13 Inconsistent JavaScript handling of access to Window objects
MFSA 2014-12 NSS ticket handling issues
MFSA 2014-11 Crash when using web workers with asm.js
MFSA 2014-10 Firefox default start page UI content invokable by script
MFSA 2014-09 Cross-origin information leak through web workers
MFSA 2014-08 Use-after-free with imgRequestProxy and image proccessing
MFSA 2014-07 XSLT stylesheets treated as styles in Content Security Policy
MFSA 2014-06 Profile path leaks to Android system log
MFSA 2014-05 Information disclosure with *FromPoint on iframes
MFSA 2014-04 Incorrect use of discarded images by RasterImage
MFSA 2014-03 UI selection timeout missing on download prompts
MFSA 2014-02 Clone protected content with XBL scopes
MFSA 2014-01 Miscellaneous memory safety hazards (rv:27.0 / rv:24.3)
@
text
@d3 1
a3 1
--- gfx/graphite2/src/Bidi.cpp.orig	2014-01-28 04:03:41.000000000 +0000
@


1.1
log
@Add SunOS/x86 patchset.  This produces a package, but the resulting
firefox binary does not yet work correctly.
@
text
@d1 1
a1 1
$NetBSD$
d3 1
a3 1
--- gfx/graphite2/src/Bidi.cpp.orig	2013-05-11 19:19:30.000000000 +0000
@