head 1.10; access; symbols pkgsrc-2018Q1:1.9.0.2 pkgsrc-2018Q1-base:1.9 pkgsrc-2017Q4:1.8.0.8 pkgsrc-2017Q4-base:1.8 pkgsrc-2017Q3:1.8.0.6 pkgsrc-2017Q3-base:1.8 pkgsrc-2017Q2:1.8.0.2 pkgsrc-2017Q2-base:1.8 pkgsrc-2017Q1:1.7.0.2 pkgsrc-2017Q1-base:1.7 pkgsrc-2016Q4:1.5.0.2 pkgsrc-2016Q4-base:1.5 pkgsrc-2016Q1:1.2.0.2 pkgsrc-2016Q1-base:1.2 pkgsrc-2015Q4:1.1.0.10 pkgsrc-2015Q4-base:1.1 pkgsrc-2015Q3:1.1.0.8 pkgsrc-2015Q3-base:1.1 pkgsrc-2015Q2:1.1.0.6 pkgsrc-2015Q2-base:1.1 pkgsrc-2015Q1:1.1.0.4 pkgsrc-2015Q1-base:1.1 pkgsrc-2014Q4:1.1.0.2 pkgsrc-2014Q4-base:1.1; locks; strict; comment @# @; 1.10 date 2018.05.10.20.01.53; author ryoon; state dead; branches; next 1.9; commitid xD42Z67JHKvGXMBA; 1.9 date 2018.03.17.00.59.03; author ryoon; state Exp; branches; next 1.8; commitid yheX9IRIu7EcnKuA; 1.8 date 2017.06.14.11.28.44; author ryoon; state Exp; branches 1.8.8.1; next 1.7; commitid TvqH8xBKhv2gJkVz; 1.7 date 2017.03.07.20.45.43; author ryoon; state Exp; branches; next 1.6; commitid cj2gfa0XmazzZEIz; 1.6 date 2017.01.25.13.24.51; author ryoon; state Exp; branches; next 1.5; commitid 3acwYN6np6o7SlDz; 1.5 date 2016.12.03.09.58.26; author ryoon; state Exp; branches; next 1.4; commitid uIUIk0K6tuQSqwwz; 1.4 date 2016.06.16.12.08.21; author ryoon; state dead; branches; next 1.3; commitid LAwegbTYgLLjCGaz; 1.3 date 2016.04.27.16.22.40; author ryoon; state Exp; branches; next 1.2; commitid u2rwBznaaKPcDh4z; 1.2 date 2016.01.28.06.48.50; author ryoon; state Exp; branches 1.2.2.1; next 1.1; commitid qaL2WnAnwhGHlFSy; 1.1 date 2014.12.01.18.11.14; author ryoon; state Exp; branches; next ; commitid jJPLy0Wr2QzMIm0y; 1.8.8.1 date 2018.03.22.06.56.21; author spz; state Exp; branches; next ; commitid 8s0l4dxdhHyRbqvA; 1.2.2.1 date 2016.05.19.12.56.31; author bsiegert; state Exp; branches; next ; commitid 53h9eCcjRRHEM57z; desc @@ 1.10 log @Update to 60.0 * Remove untested patches including NetBSD/earm support Changelog: New Added a policy engine that allows customized Firefox deployments in enterprise environments, using Windows Group Policy or a cross-platform JSON file Enhancements to New Tab / Firefox Home Responsive layout that shows more content for users with wide-screen displays Highlights section includes web sites saved to Pocket More options to reorder sections and content on the page Pocket Sponsored Stories will appear for a percentage of users in the US. Read about our privacy-conscious approach to sponsored content Redesigned Cookies and Site Storage section in Preferences for greater clarity and control of first- and third-party cookies Applied Quantum CSS to render browser UI Added support for Web Authentication API, which allows USB tokens for website authentication Enhanced camera privacy indicators: Firefox now turns off your camera and the camera's light when you disable video recording, and turns the camera and light on when you resume recording Added an option for Linux users to show or hide page titles in a bar at the top of the browser. You'll find the Title Bar option in the Customize panel available from the main browser menu. Improved WebRTC audio performance and playback for Linux users Locale added: Occitan (oc) Fixed Various security fixes Changed #CVE-2018-5154: Use-after-free with SVG animations and clip paths #CVE-2018-5155: Use-after-free with SVG animations and text paths #CVE-2018-5157: Same-origin bypass of PDF Viewer to view protected PDF files #CVE-2018-5158: Malicious PDF can inject JavaScript into PDF Viewer #CVE-2018-5159: Integer overflow and out-of-bounds write in Skia #CVE-2018-5160: Uninitialized memory use by WebRTC encoder #CVE-2018-5152: WebExtensions information leak through webRequest API #CVE-2018-5153: Out-of-bounds read in mixed content websocket messages #CVE-2018-5163: Replacing cached data in JavaScript Start-up Bytecode Cache #CVE-2018-5164: CSP not applied to all multipart content sent with multipart/x-mixed-replace #CVE-2018-5166: WebExtension host permission bypass through filterReponseData #CVE-2018-5167: Improper linkification of chrome: and javascript: content in web console and JavaScript debugger #CVE-2018-5168: Lightweight themes can be installed without user interaction #CVE-2018-5169: Dragging and dropping link text onto home button can set home page to include chrome pages #CVE-2018-5172: Pasted script from clipboard can run in the Live Bookmarks page or PDF viewer #CVE-2018-5173: File name spoofing of Downloads panel with Unicode characters #CVE-2018-5174: Windows Defender SmartScreen UI runs with less secure behavior for downloaded files in Windows 10 April 2018 Update #CVE-2018-5175: Universal CSP bypass on sites using strict-dynamic in their policies #CVE-2018-5176: JSON Viewer script injection #CVE-2018-5177: Buffer overflow in XSLT during number formatting #CVE-2018-5165: Checkbox for enabling Flash protected mode is inverted in 32-bit Firefox #CVE-2018-5180: heap-use-after-free in mozilla::WebGLContext::DrawElementsInstanced #CVE-2018-5181: Local file can be displayed in noopener tab through drag and drop of hyperlink #CVE-2018-5182: Local file can be displayed from hyperlink dragged and dropped on addressbar #CVE-2018-5151: Memory safety bugs fixed in Firefox 60 #CVE-2018-5150: Memory safety bugs fixed in Firefox 60 and Firefox ESR 52.8 @ text @$NetBSD: patch-gfx_thebes_moz.build,v 1.9 2018/03/17 00:59:03 ryoon Exp $ --- gfx/thebes/moz.build.orig 2018-03-10 02:54:17.000000000 +0000 +++ gfx/thebes/moz.build @@@@ -273,7 +273,13 @@@@ if CONFIG['MOZ_WIDGET_TOOLKIT'] == 'gtk3 LOCAL_INCLUDES += CONFIG['SKIA_INCLUDES'] -DEFINES['GRAPHITE2_STATIC'] = True +if CONFIG['MOZ_SYSTEM_GRAPHITE2']: + CXXFLAGS += CONFIG['MOZ_GRAPHITE2_CFLAGS'] +else: + DEFINES['GRAPHITE2_STATIC'] = True + +if CONFIG['MOZ_SYSTEM_HARFBUZZ']: + CXXFLAGS += CONFIG['MOZ_HARFBUZZ_CFLAGS'] if CONFIG['CC_TYPE'] == 'clang': # Suppress warnings from Skia header files. @ 1.9 log @Update to 59.0.1 Changelog: 59.0.1 Security fix #CVE-2018-5146: Out of bounds memory write in libvorbis 59.0 New Performance enhancements: - Faster load times for content on the Firefox Home page - Faster page load times by loading either from the networked cache or the cache on the user's hard drive (Race Cache With Network) - Improved graphics rendering using Off-Main-Thread Painting (OMTP) for Mac users (OMTP for Windows was released in Firefox 58) Drag-and-drop to rearrange Top Sites on the Firefox Home page, and customize new windows and tabs in other ways Added features for Firefox Screenshots: - Basic annotation lets the user draw on and highlight saved screenshots - Recropping to change the viewable area of saved screenshots Enhanced WebExtensions API including better support for decentralized protocols and the ability to dynamically register content scripts Improved Real-Time Communications (RTC) capabilities. - Implemented RTP Transceiver to give pages more fine grained control over calls - Implemented features to support large scale conferences Added support for W3C specs for pointer events and improved platform integration with added device support for mouse, pen, and touch screen pointer input Added the Ecosia search engine as an option for German Firefox Added the Qwant search engine as an option for French Firefox Added settings in about:preferences to stop websites from asking to send notifications or access your device's camera, microphone, and location, while still allowing trusted websites to use these features Fixed Various security fixes Changed Firefox Private Browsing Mode will remove path information from referrers to prevent cross-site tracking Security fixes: #CVE-2018-5127: Buffer overflow manipulating SVG animatedPathSegList #CVE-2018-5128: Use-after-free manipulating editor selection ranges #CVE-2018-5129: Out-of-bounds write with malformed IPC messages #CVE-2018-5130: Mismatched RTP payload type can trigger memory corruption #CVE-2018-5131: Fetch API improperly returns cached copies of no-store/no-cache resources #CVE-2018-5132: WebExtension Find API can search privileged pages #CVE-2018-5133: Value of the app.support.baseURL preference is not properly sanitized #CVE-2018-5134: WebExtensions may use view-source: URLs to bypass content restrictions #CVE-2018-5135: WebExtension browserAction can inject scripts into unintended contexts #CVE-2018-5136: Same-origin policy violation with data: URL shared workers #CVE-2018-5137: Script content can access legacy extension non-contentaccessible resources #CVE-2018-5138: Android Custom Tab address spoofing through long domain names #CVE-2018-5140: Moz-icon images accessible to web content through moz-icon: protocol #CVE-2018-5141: DOS attack through notifications Push API #CVE-2018-5142: Media Capture and Streams API permissions display incorrect origin with data: and blob: URLs #CVE-2018-5143: Self-XSS pasting javascript: URL with embedded tab into addressbar #CVE-2018-5126: Memory safety bugs fixed in Firefox 59 #CVE-2018-5125: Memory safety bugs fixed in Firefox 59 and Firefox ESR 52.7 @ text @d1 1 a1 1 $NetBSD: patch-gfx_thebes_moz.build,v 1.8 2017/06/14 11:28:44 ryoon Exp $ @ 1.8 log @Update to 54.0 * If your 54.0 is unstable, please disable e10s with browser.tabs.remote.autostart.2=false (this works at least for me) Changelog: New Simplified the download button and download status panel Added support for multiple content processes (e10s-multi) Added Burmese (my) locale Fixed Various security fixes Changed Moved the mobile bookmarks folder to the main bookmarks menu for easier access Security fixes: #CVE-2017-5472: Use-after-free using destroyed node when regenerating trees #CVE-2017-7749: Use-after-free during docshell reloading #CVE-2017-7750: Use-after-free with track elements #CVE-2017-7751: Use-after-free with content viewer listeners #CVE-2017-7752: Use-after-free with IME input #CVE-2017-7754: Out-of-bounds read in WebGL with ImageInfo object #CVE-2017-7755: Privilege escalation through Firefox Installer with same directory DLL files #CVE-2017-7756: Use-after-free and use-after-scope logging XHR header errors #CVE-2017-7757: Use-after-free in IndexedDB #CVE-2017-7778: Vulnerabilities in the Graphite 2 library #CVE-2017-7758: Out-of-bounds read in Opus encoder #CVE-2017-7759: Android intent URLs can cause navigation to local file system #CVE-2017-7760: File manipulation and privilege escalation via callback parameter in Mozilla Windows Updater and Maintenance Service #CVE-2017-7761: File deletion and privilege escalation through Mozilla Maintenance Service helper.exe application #CVE-2017-7762: Addressbar spoofing in Reader mode #CVE-2017-7763: Mac fonts render some unicode characters as spaces #CVE-2017-7764: Domain spoofing with combination of Canadian Syllabics and other unicode blocks #CVE-2017-7765: Mark of the Web bypass when saving executable files #CVE-2017-7766: File execution and privilege escalation through updater.ini, Mozilla Windows Updater, and Mozilla Maintenance Service #CVE-2017-7767: Privilege escalation and arbitrary file overwrites through Mozilla Windows Updater and Mozilla Maintenance Service #CVE-2017-7768: 32 byte arbitrary file read through Mozilla Maintenance Service #CVE-2017-7770: Addressbar spoofing with JavaScript events and fullscreen mode #CVE-2017-5471: Memory safety bugs fixed in Firefox 54 #CVE-2017-5470: Memory safety bugs fixed in Firefox 54 and Firefox ESR 52.2 @ text @d1 1 a1 1 $NetBSD: patch-gfx_thebes_moz.build,v 1.7 2017/03/07 20:45:43 ryoon Exp $ d3 1 a3 1 --- gfx/thebes/moz.build.orig 2017-06-05 20:45:20.000000000 +0000 d5 1 a5 1 @@@@ -274,7 +274,13 @@@@ if CONFIG['MOZ_WIDGET_TOOLKIT'] in ('gtk d18 1 a18 1 if CONFIG['CLANG_CXX']: @ 1.8.8.1 log @Pullup ticket #5728 - requested by maya devel/nspr: dependency update devel/nss: dependency update www/firefox-l10n: dependent update www/firefox: security update Revisions pulled up: - devel/nspr/Makefile 1.94-1.95 - devel/nspr/distinfo 1.48-1.49 - devel/nspr/patches/patch-az deleted - devel/nspr/patches/patch-nspr_pr_include_md___pth.h 1.1 - devel/nspr/patches/patch-nspr_pr_src_pthreads_ptthread.c 1.1 - devel/nspr/patches/patch-nsprpub_pr_include_md__pth.h deleted - devel/nss/Makefile 1.146,1.148 - devel/nss/PLIST 1.24 - devel/nss/distinfo 1.81,1.83 - devel/nss/patches/patch-nss_lib_freebl_config.mk deleted - devel/nss/patches/patch-nss_lib_freebl_verified_kremlib.h deleted - www/firefox-l10n/Makefile 1.121-1.123 - www/firefox-l10n/distinfo 1.111-1.113 - www/firefox/Makefile 1.320-1.321,1.324 - www/firefox/PLIST 1.127 - www/firefox/distinfo 1.307-1.309 - www/firefox/mozilla-common.mk 1.105-1.106 - www/firefox/patches/patch-aa 1.56 - www/firefox/patches/patch-build_gyp.mozbuild 1.8 - www/firefox/patches/patch-build_moz.configure_keyfiles.configure 1.5 - www/firefox/patches/patch-build_moz.configure_memory.configure deleted - www/firefox/patches/patch-config_baseconfig.mk deleted - www/firefox/patches/patch-config_external_moz.build 1.17 - www/firefox/patches/patch-dom_media_moz.build 1.9 - www/firefox/patches/patch-gfx_skia_generate__mozbuild.py 1.8 - www/firefox/patches/patch-gfx_skia_moz.build 1.15 - www/firefox/patches/patch-gfx_thebes_moz.build 1.9 - www/firefox/patches/patch-media_libcubeb_gtest_moz.build 1.2 - www/firefox/patches/patch-media_libtheora_moz.build 1.8 - www/firefox/patches/patch-media_libvorbis_moz.build 1.4 - www/firefox/patches/patch-media_webrtc_trunk_webrtc_modules_audio__device_linux_audio__device__alsa__linux.cc 1.1 - www/firefox/patches/patch-modules_libpref_init_all.js 1.7 - www/firefox/patches/patch-modules_pdfium_update.sh 1.2 - www/firefox/patches/patch-netwerk_dns_moz.build 1.8 - www/firefox/patches/patch-netwerk_srtp_src_crypto_hash_hmac.c deleted - www/firefox/patches/patch-netwerk_srtp_src_crypto_kernel_crypto__kernel.c deleted - www/firefox/patches/patch-servo_components_style_properties_helpers_animated__properties.mako.rs deleted - www/firefox/patches/patch-third__party_rust_simd_.cargo-checksum.json 1.1 - www/firefox/patches/patch-third__party_rust_simd_src_x86_avx2.rs 1.1 - www/firefox/patches/patch-toolkit_crashreporter_google-breakpad_src_third_party_curl_curlbuild.h deleted - www/firefox/patches/patch-toolkit_moz.configure 1.10 - www/firefox/patches/patch-toolkit_xre_nsEmbedFunctions.cpp deleted - www/firefox/patches/patch-xpcom_build_BinaryPath.h 1.3-1.4 ------------------------------------------------------------------- Module Name: pkgsrc Committed By: ryoon Date: Wed Jan 24 16:21:43 UTC 2018 Modified Files: pkgsrc/devel/nspr: Makefile distinfo Added Files: pkgsrc/devel/nspr/patches: patch-nspr_pr_include_md___pth.h patch-nspr_pr_src_pthreads_ptthread.c Removed Files: pkgsrc/devel/nspr/patches: patch-az patch-nsprpub_pr_include_md__pth.h Log Message: Update to 4.18 Changelog: NSPR 4.18 contains the following changes: - removed HP-UX DCE threads support - improvements for the Windows implementation of PR_SetCurrentThreadName - fixes for the Windows implementation of TCP Fast Open To generate a diff of this commit: cvs rdiff -u -r1.93 -r1.94 pkgsrc/devel/nspr/Makefile cvs rdiff -u -r1.47 -r1.48 pkgsrc/devel/nspr/distinfo cvs rdiff -u -r1.4 -r0 pkgsrc/devel/nspr/patches/patch-az cvs rdiff -u -r0 -r1.1 \ pkgsrc/devel/nspr/patches/patch-nspr_pr_include_md___pth.h \ pkgsrc/devel/nspr/patches/patch-nspr_pr_src_pthreads_ptthread.c cvs rdiff -u -r1.3 -r0 \ pkgsrc/devel/nspr/patches/patch-nsprpub_pr_include_md__pth.h ------------------------------------------------------------------- Module Name: pkgsrc Committed By: ryoon Date: Sat Mar 17 01:06:18 UTC 2018 Modified Files: pkgsrc/devel/nspr: Makefile distinfo Log Message: Update to 4.29 Changelog: NSPR 4.19 contains the following changes: - changed order of shutdown cleanup to avoid a crash on Mac OSX - build compatibility with Android NDK r16 and glibc 2.26 To generate a diff of this commit: cvs rdiff -u -r1.94 -r1.95 pkgsrc/devel/nspr/Makefile cvs rdiff -u -r1.48 -r1.49 pkgsrc/devel/nspr/distinfo ------------------------------------------------------------------- Module Name: pkgsrc Committed By: ryoon Date: Wed Jan 24 16:23:52 UTC 2018 Modified Files: pkgsrc/devel/nss: Makefile distinfo Removed Files: pkgsrc/devel/nss/patches: patch-nss_lib_freebl_config.mk patch-nss_lib_freebl_verified_kremlib.h Log Message: Update to 3.35 Changelog: The NSS team has released Network Security Services (NSS) 3.35, which is a minor release. Summary of the major changes included in this release: - The default database storage format has been changed to SQL, using filenames cert9.db, key4.db, pkcs11.txt. - TLS 1.3 support has been updated to draft -23, along with additional significant changes. - Support for TLS compression was removed. - Added formally verified implementations of non-vectorized Chacha20 and non-vectorized Poly1305 64-bit. - When creating encrypted PKCS#7 or PKCS#12 data, NSS uses a higher iteration count for stronger security. - The CA trust list was updated to version 2.22. To generate a diff of this commit: cvs rdiff -u -r1.145 -r1.146 pkgsrc/devel/nss/Makefile cvs rdiff -u -r1.80 -r1.81 pkgsrc/devel/nss/distinfo cvs rdiff -u -r1.2 -r0 \ pkgsrc/devel/nss/patches/patch-nss_lib_freebl_config.mk cvs rdiff -u -r1.1 -r0 \ pkgsrc/devel/nss/patches/patch-nss_lib_freebl_verified_kremlib.h ------------------------------------------------------------------- Module Name: pkgsrc Committed By: ryoon Date: Sat Mar 17 01:07:15 UTC 2018 Modified Files: pkgsrc/devel/nss: Makefile PLIST distinfo Log Message: Update to 3.36 * Require devel/nspr-4.19 Changelog: The NSS team has released Network Security Services (NSS) 3.36, which is a minor release. Summary of the major changes included in this release: - Replaced existing vectorized ChaCha20 code with verified HACL* implementation. - Experimental APIs for TLS session cache handling. To generate a diff of this commit: cvs rdiff -u -r1.147 -r1.148 pkgsrc/devel/nss/Makefile cvs rdiff -u -r1.23 -r1.24 pkgsrc/devel/nss/PLIST cvs rdiff -u -r1.82 -r1.83 pkgsrc/devel/nss/distinfo ------------------------------------------------------------------- Module Name: pkgsrc Committed By: ryoon Date: Wed Jan 31 14:02:18 UTC 2018 Modified Files: pkgsrc/www/firefox: Makefile distinfo Added Files: pkgsrc/www/firefox/patches: patch-xpcom_build_BinaryPath.h Log Message: Update to 58.0.1 * Fix build under netbsd-7, PR pkg/52956 Changelog: Fix Mozilla Foundation Security Advisory 2018-05: Arbitrary code execution through unsanitized browser UI When using certain non-default security policies on Windows (for example with Windows Defender Exploit Protection or Webroot security products), Firefox 58.0 would fail to load pages (bug 1433065). To generate a diff of this commit: cvs rdiff -u -r1.319 -r1.320 pkgsrc/www/firefox/Makefile cvs rdiff -u -r1.306 -r1.307 pkgsrc/www/firefox/distinfo cvs rdiff -u -r0 -r1.3 \ pkgsrc/www/firefox/patches/patch-xpcom_build_BinaryPath.h ------------------------------------------------------------------- Module Name: pkgsrc Committed By: ryoon Date: Sat Feb 10 07:02:47 UTC 2018 Modified Files: pkgsrc/www/firefox: Makefile distinfo mozilla-common.mk pkgsrc/www/firefox/patches: patch-xpcom_build_BinaryPath.h Log Message: Update to 58.0.2 * Fix segfault on netbsd-7 Changelog: Fix Avoid a signature validation issue during update on macOS Blocklisted graphics drivers related to off main thread painting crashes Tab crash during printing Fix clicking links and scrolling emails on Microsoft Hotmail and Outlook (OWA) webmail To generate a diff of this commit: cvs rdiff -u -r1.320 -r1.321 pkgsrc/www/firefox/Makefile cvs rdiff -u -r1.307 -r1.308 pkgsrc/www/firefox/distinfo cvs rdiff -u -r1.104 -r1.105 pkgsrc/www/firefox/mozilla-common.mk cvs rdiff -u -r1.3 -r1.4 \ pkgsrc/www/firefox/patches/patch-xpcom_build_BinaryPath.h ------------------------------------------------------------------- Module Name: pkgsrc Committed By: ryoon Date: Sat Mar 17 00:59:03 UTC 2018 Modified Files: pkgsrc/www/firefox: Makefile PLIST distinfo mozilla-common.mk pkgsrc/www/firefox/patches: patch-aa patch-build_gyp.mozbuild patch-config_external_moz.build patch-dom_media_moz.build patch-gfx_skia_generate__mozbuild.py patch-gfx_skia_moz.build patch-gfx_thebes_moz.build patch-media_libcubeb_gtest_moz.build patch-media_libtheora_moz.build patch-media_libvorbis_moz.build patch-modules_pdfium_update.sh patch-netwerk_dns_moz.build patch-toolkit_moz.configure Added Files: pkgsrc/www/firefox/patches: patch-build_moz.configure_keyfiles.configure patch-media_webrtc_trunk_webrtc_modules_audio__device_linux_audio__device__alsa__linux.cc patch-modules_libpref_init_all.js patch-third__party_rust_simd_.cargo-checksum.json patch-third__party_rust_simd_src_x86_avx2.rs Removed Files: pkgsrc/www/firefox/patches: patch-build_moz.configure_memory.configure patch-config_baseconfig.mk patch-netwerk_srtp_src_crypto_hash_hmac.c patch-netwerk_srtp_src_crypto_kernel_crypto__kernel.c patch-servo_components_style_properties_helpers_animated__properties.mako.rs patch-toolkit_crashreporter_google-breakpad_src_third_party_curl_curlbuild.h patch-toolkit_xre_nsEmbedFunctions.cpp Log Message: Update to 59.0.1 Changelog: 59.0.1 Security fix #CVE-2018-5146: Out of bounds memory write in libvorbis 59.0 New Performance enhancements: - Faster load times for content on the Firefox Home page - Faster page load times by loading either from the networked cache or the cache on the user's hard drive (Race Cache With Network) - Improved graphics rendering using Off-Main-Thread Painting (OMTP) for Mac users (OMTP for Windows was released in Firefox 58) Drag-and-drop to rearrange Top Sites on the Firefox Home page, and customize new windows and tabs in other ways Added features for Firefox Screenshots: - Basic annotation lets the user draw on and highlight saved screenshots - Recropping to change the viewable area of saved screenshots Enhanced WebExtensions API including better support for decentralized protocols and the ability to dynamically register content scripts Improved Real-Time Communications (RTC) capabilities. - Implemented RTP Transceiver to give pages more fine grained control over calls - Implemented features to support large scale conferences Added support for W3C specs for pointer events and improved platform integration with added device support for mouse, pen, and touch screen pointer input Added the Ecosia search engine as an option for German Firefox Added the Qwant search engine as an option for French Firefox Added settings in about:preferences to stop websites from asking to send notifications or access your device's camera, microphone, and location, while still allowing trusted websites to use these features Fixed Various security fixes Changed Firefox Private Browsing Mode will remove path information from referrers to prevent cross-site tracking Security fixes: #CVE-2018-5127: Buffer overflow manipulating SVG animatedPathSegList #CVE-2018-5128: Use-after-free manipulating editor selection ranges #CVE-2018-5129: Out-of-bounds write with malformed IPC messages #CVE-2018-5130: Mismatched RTP payload type can trigger memory corruption #CVE-2018-5131: Fetch API improperly returns cached copies of no-store/no-cache resources #CVE-2018-5132: WebExtension Find API can search privileged pages #CVE-2018-5133: Value of the app.support.baseURL preference is not properly sanitized #CVE-2018-5134: WebExtensions may use view-source: URLs to bypass content restrictions #CVE-2018-5135: WebExtension browserAction can inject scripts into unintended contexts #CVE-2018-5136: Same-origin policy violation with data: URL shared workers #CVE-2018-5137: Script content can access legacy extension non-contentaccessible resources #CVE-2018-5138: Android Custom Tab address spoofing through long domain names #CVE-2018-5140: Moz-icon images accessible to web content through moz-icon: protocol #CVE-2018-5141: DOS attack through notifications Push API #CVE-2018-5142: Media Capture and Streams API permissions display incorrect origin with data: and blob: URLs #CVE-2018-5143: Self-XSS pasting javascript: URL with embedded tab into addressbar #CVE-2018-5126: Memory safety bugs fixed in Firefox 59 #CVE-2018-5125: Memory safety bugs fixed in Firefox 59 and Firefox ESR 52.7 To generate a diff of this commit: cvs rdiff -u -r1.323 -r1.324 pkgsrc/www/firefox/Makefile cvs rdiff -u -r1.126 -r1.127 pkgsrc/www/firefox/PLIST cvs rdiff -u -r1.308 -r1.309 pkgsrc/www/firefox/distinfo cvs rdiff -u -r1.105 -r1.106 pkgsrc/www/firefox/mozilla-common.mk cvs rdiff -u -r1.55 -r1.56 pkgsrc/www/firefox/patches/patch-aa cvs rdiff -u -r1.7 -r1.8 pkgsrc/www/firefox/patches/patch-build_gyp.mozbuild \ pkgsrc/www/firefox/patches/patch-gfx_skia_generate__mozbuild.py \ pkgsrc/www/firefox/patches/patch-media_libtheora_moz.build \ pkgsrc/www/firefox/patches/patch-netwerk_dns_moz.build cvs rdiff -u -r0 -r1.5 \ pkgsrc/www/firefox/patches/patch-build_moz.configure_keyfiles.configure cvs rdiff -u -r1.2 -r0 \ pkgsrc/www/firefox/patches/patch-build_moz.configure_memory.configure \ pkgsrc/www/firefox/patches/patch-toolkit_crashreporter_google-breakpad_src_third_party_curl_curlbuild.h cvs rdiff -u -r1.10 -r0 pkgsrc/www/firefox/patches/patch-config_baseconfig.mk cvs rdiff -u -r1.16 -r1.17 \ pkgsrc/www/firefox/patches/patch-config_external_moz.build cvs rdiff -u -r1.8 -r1.9 pkgsrc/www/firefox/patches/patch-dom_media_moz.build \ pkgsrc/www/firefox/patches/patch-gfx_thebes_moz.build cvs rdiff -u -r1.14 -r1.15 \ pkgsrc/www/firefox/patches/patch-gfx_skia_moz.build cvs rdiff -u -r1.1 -r1.2 \ pkgsrc/www/firefox/patches/patch-media_libcubeb_gtest_moz.build \ pkgsrc/www/firefox/patches/patch-modules_pdfium_update.sh cvs rdiff -u -r1.3 -r1.4 \ pkgsrc/www/firefox/patches/patch-media_libvorbis_moz.build cvs rdiff -u -r0 -r1.1 \ pkgsrc/www/firefox/patches/patch-media_webrtc_trunk_webrtc_modules_audio__device_linux_audio__device__alsa__linux.cc \ pkgsrc/www/firefox/patches/patch-third__party_rust_simd_.cargo-checksum.json \ pkgsrc/www/firefox/patches/patch-third__party_rust_simd_src_x86_avx2.rs cvs rdiff -u -r0 -r1.7 \ pkgsrc/www/firefox/patches/patch-modules_libpref_init_all.js cvs rdiff -u -r1.4 -r0 \ pkgsrc/www/firefox/patches/patch-netwerk_srtp_src_crypto_hash_hmac.c cvs rdiff -u -r1.3 -r0 \ pkgsrc/www/firefox/patches/patch-netwerk_srtp_src_crypto_kernel_crypto__kernel.c cvs rdiff -u -r1.1 -r0 \ pkgsrc/www/firefox/patches/patch-servo_components_style_properties_helpers_animated__properties.mako.rs cvs rdiff -u -r1.9 -r1.10 \ pkgsrc/www/firefox/patches/patch-toolkit_moz.configure cvs rdiff -u -r1.7 -r0 \ pkgsrc/www/firefox/patches/patch-toolkit_xre_nsEmbedFunctions.cpp ------------------------------------------------------------------- Module Name: pkgsrc Committed By: ryoon Date: Wed Jan 31 14:03:25 UTC 2018 Modified Files: pkgsrc/www/firefox-l10n: Makefile distinfo Log Message: Update to 58.0.1 * Sync with www/firefox-58.0.1 To generate a diff of this commit: cvs rdiff -u -r1.120 -r1.121 pkgsrc/www/firefox-l10n/Makefile cvs rdiff -u -r1.110 -r1.111 pkgsrc/www/firefox-l10n/distinfo ------------------------------------------------------------------- Module Name: pkgsrc Committed By: ryoon Date: Sat Feb 10 07:05:20 UTC 2018 Modified Files: pkgsrc/www/firefox-l10n: Makefile distinfo Log Message: Update to 58.0.2 * Sync with www/firefox-58.0.2 To generate a diff of this commit: cvs rdiff -u -r1.121 -r1.122 pkgsrc/www/firefox-l10n/Makefile cvs rdiff -u -r1.111 -r1.112 pkgsrc/www/firefox-l10n/distinfo ------------------------------------------------------------------- Module Name: pkgsrc Committed By: ryoon Date: Sat Mar 17 01:00:20 UTC 2018 Modified Files: pkgsrc/www/firefox-l10n: Makefile distinfo Log Message: Update to 59.0.1 * Sync with www/firefox-59.0.1 To generate a diff of this commit: cvs rdiff -u -r1.122 -r1.123 pkgsrc/www/firefox-l10n/Makefile cvs rdiff -u -r1.112 -r1.113 pkgsrc/www/firefox-l10n/distinfo @ text @d1 1 a1 1 $NetBSD$ d3 1 a3 1 --- gfx/thebes/moz.build.orig 2018-03-10 02:54:17.000000000 +0000 d5 1 a5 1 @@@@ -273,7 +273,13 @@@@ if CONFIG['MOZ_WIDGET_TOOLKIT'] == 'gtk3 d18 1 a18 1 if CONFIG['CC_TYPE'] == 'clang': @ 1.7 log @Update to 52.0 * Switch to GTK3 build * Remove py-sqlite2 dependency, fix PR pkg/52032 Changelog: New Added support for WebAssembly, an emerging standard that brings near-native performance to Web-based games, apps, and software libraries without the use of plugins. Added automatic captive portal detection, for easier access to Wi-Fi hotspots. When accessing the Internet via a captive portal, Firefox will alert users and open the portal login page in a new tab. Added user warnings for non-secure HTTP pages with logins. Firefox now displays a "This connection is not secure" message when users click into the username and password fields on pages that don't use HTTPS. Implemented the Strict Secure Cookies specification which forbids insecure HTTP sites from setting cookies with the "secure" attribute. In some cases, this will prevent an insecure site from setting a cookie with the same name as an existing "secure" cookie from the same base domain. Enhanced Sync to allow users to send and open tabs from one device to another. Fixed Various security fixes Improved text input for third-party keyboard layouts on Windows. This will address some keyboard layouts that * have chained dead keys * input two or more characters with a non-printable key or a dead key sequence * input a character even when a dead key sequence failed to compose a character Changed Removed support for Netscape Plugin API (NPAPI) plugins other than Flash. Silverlight, Java, Acrobat and the like are no longer supported. Removed Battery Status API to reduce fingerprinting of users by trackers Improved experience for downloads: * Notification in the toolbar when a download fails * Quick access to five most recent downloads rather than three * Larger buttons for canceling and restarting downloads Display (but allow users to override) an "Untrusted Connection" error when encountering SHA-1 certificates that chain up to a root certificate included in Mozilla's CA Certificate Program. (Note: Firefox continues to permit SHA-1 certificates that chain to manually imported root certificates.) Read more about the Mozilla Security Team's plans to deprecate SHA-1 Migrated Firefox users on Windows XP and Windows Vista operating systems to the extended support release (ESR) version of Firefox. When not using Direct2D on Windows, Skia is used for content rendering Developer Enabled CSS Grid Layout, opening up a world of new possibilities for graphic design Redesigned Responsive Design Mode to include device selection, network throttling, and more Improved security for screen sharing, which now shows a preview and no longer requires a whitelisted domain unresolved Google Hangouts temporarily won't work Security fixes: #CVE-2017-5400: asm.js JIT-spray bypass of ASLR and DEP #CVE-2017-5401: Memory Corruption when handling ErrorResult #CVE-2017-5402: Use-after-free working with events in FontFace objects #CVE-2017-5403: Use-after-free using addRange to add range to an incorrect root object #CVE-2017-5404: Use-after-free working with ranges in selections #CVE-2017-5406: Segmentation fault in Skia with canvas operations #CVE-2017-5407: Pixel and history stealing via floating-point timing side channel with SVG filters #CVE-2017-5410: Memory corruption during JavaScript garbage collection incremental sweeping #CVE-2017-5411: Use-after-free in Buffer Storage in libGLES #CVE-2017-5409: File deletion via callback parameter in Mozilla Windows Updater and Maintenance Service #CVE-2017-5408: Cross-origin reading of video captions in violation of CORS #CVE-2017-5412: Buffer overflow read in SVG filters #CVE-2017-5413: Segmentation fault during bidirectional operations #CVE-2017-5414: File picker can choose incorrect default directory #CVE-2017-5415: Addressbar spoofing through blob URL #CVE-2017-5416: Null dereference crash in HttpChannel #CVE-2017-5417: Addressbar spoofing by draging and dropping URLs #CVE-2017-5425: Overly permissive Gecko Media Plugin sandbox regular expression access #CVE-2017-5426: Gecko Media Plugin sandbox is not started if seccomp-bpf filter is running #CVE-2017-5427: Non-existent chrome.manifest file loaded during startup #CVE-2017-5418: Out of bounds read when parsing HTTP digest authorization responses #CVE-2017-5419: Repeated authentication prompts lead to DOS attack #CVE-2017-5420: Javascript: URLs can obfuscate addressbar location #CVE-2017-5405: FTP response codes can cause use of uninitialized values for ports #CVE-2017-5421: Print preview spoofing #CVE-2017-5422: DOS attack by using view-source: protocol repeatedly in one hyperlink #CVE-2017-5399: Memory safety bugs fixed in Firefox 52 #CVE-2017-5398: Memory safety bugs fixed in Firefox 52 and Firefox ESR 45.8 @ text @d1 1 a1 1 $NetBSD: patch-gfx_thebes_moz.build,v 1.6 2017/01/25 13:24:51 ryoon Exp $ d3 1 a3 1 --- gfx/thebes/moz.build.orig 2017-01-23 16:13:47.000000000 +0000 d5 2 a6 1 @@@@ -266,7 +266,13 @@@@ if CONFIG['MOZ_WIDGET_TOOLKIT'] in ('gtk a7 1 LOCAL_INCLUDES += ['/media/libyuv/include'] @ 1.6 log @Update to 51.0 Changelog: New Users can view passwords in the save password prompt before saving them Added a zoom button in the URL bar: Displays percent above or below 100 percent when a user has changed the page zoom setting from the default Lets users return to the default setting by clicking on the button Improved video performance for users without GPU acceleration for less CPU usage and a better full screen experience Firefox will save passwords even in forms that do not have “submit” events Added support for FLAC (Free Lossless Audio Codec) playback Added support for WebGL 2, with advanced graphics rendering features like transform feedback, improved texturing capabilities, and a new sophisticated shading language A warning is displayed when a login page does not have a secure connection Added Georgian (ka) and Kabyle (kab) locales An even faster E10s! Tab Switching is better! Improved reliability of browser data sync Remove Belarusian (be) locale Fixed Various security fixes Changed Use 2D graphics library (Skia) for content rendering on Linux Re-enabled E10s support for Russian (ru) locale Updated to NSS 3.28.1 Security fixes: #CVE-2017-5375: Excessive JIT code allocation allows bypass of ASLR and DEP #CVE-2017-5376: Use-after-free in XSL #CVE-2017-5377: Memory corruption with transforms to create gradients in Skia #CVE-2017-5378: Pointer and frame data leakage of Javascript objects #CVE-2017-5379: Use-after-free in Web Animations #CVE-2017-5380: Potential use-after-free during DOM manipulations #CVE-2017-5390: Insecure communication methods in Developer Tools JSON viewer #CVE-2017-5389: WebExtensions can install additional add-ons via modified host requests #CVE-2017-5396: Use-after-free with Media Decoder #CVE-2017-5381: Certificate Viewer exporting can be used to navigate and save to arbitrary filesystem locations #CVE-2017-5382: Feed preview can expose privileged content errors and exceptions #CVE-2017-5383: Location bar spoofing with unicode characters #CVE-2017-5384: Information disclosure via Proxy Auto-Config (PAC) #CVE-2017-5385: Data sent in multipart channels ignores referrer-policy response headers #CVE-2017-5386: WebExtensions can use data: protocol to affect other extensions #CVE-2017-5394: Android location bar spoofing using fullscreen and JavaScript events #CVE-2017-5391: Content about: pages can load privileged about: pages #CVE-2017-5392: Weak references using multiple threads on weak proxy objects lead to unsafe memory usage #CVE-2017-5393: Remove addons.mozilla.org CDN from whitelist for mozAddonManager #CVE-2017-5395: Android location bar spoofing during scrolling #CVE-2017-5387: Disclosure of local file existence through TRACK tag error messages #CVE-2017-5388: WebRTC can be used to generate a large amount of UDP traffic for DDOS attacks #CVE-2017-5374: Memory safety bugs fixed in Firefox 51 #CVE-2017-5373: Memory safety bugs fixed in Firefox 51 and Firefox ESR 45.7 @ text @d1 1 a1 1 $NetBSD: patch-gfx_thebes_moz.build,v 1.5 2016/12/03 09:58:26 ryoon Exp $ d3 1 a3 1 --- gfx/thebes/moz.build.orig 2017-01-16 16:16:51.000000000 +0000 d5 1 a5 1 @@@@ -286,7 +286,13 @@@@ if CONFIG['MOZ_WIDGET_TOOLKIT'] in ('gtk a9 3 +if CONFIG['MOZ_SYSTEM_HARFBUZZ']: + CXXFLAGS += CONFIG['MOZ_HARFBUZZ_CFLAGS'] + d14 3 @ 1.5 log @Update to 50.0.2 * Change default audio support to ALSA. You can use OSS or pulseaudio via ALSA plugin package. Changelog: 50.0.2: Fixed in Firefox 50.0.2 #CVE-2016-9079: Use-after-free in SVG Animation 50.0.1: Fixed *Firefox crashes with 3rd party Chinese IME when using IME text Security vulnerabilities fixed in Firefox 50.0.1: #CVE-2016-9078: data: URL can inherit wrong origin after an HTTP redirect 50.0: New *Playback video on more sites without plugins with WebM EME Support for Widevine on Windows and Mac *Improved performance for SDK extensions or extensions using the SDK module loader *Added download protection for a large number of executable file types on Windows, Mac and Linux *Increased availability of WebGL to more than 98 percent of users on Windows 7 and newer *Added Guarani (gn) locale *Added option to Find in page that allows users to limit search to whole words only *Updates to keyboard shortcuts *Set a preference to have Ctrl+Tab cycle through tabs in recently used order *View a page in Reader Mode by using Ctrl+Alt+R (command+alt+r on Mac) Fixed *Login cookies are now saved for sites with a high number of cookies (Bug 1264192) *Various security fixes *Fixed rendering of dashed and dotted borders with rounded corners (border-radius) Changed *The link to check for plugin security updates has been removed from the addon manager as Firefox automatically checks for plugin updates *Blocked versions of libavcodec older than 54.35.1 *Added a built-in Emoji set for operating systems without native Emoji fonts (Windows 8.0 and lower and Linux) Developer *Changes for web developers Security vulnerabilities fixed in Firefox 50: #CVE-2016-5296: Heap-buffer-overflow WRITE in rasterize_edges_1 #CVE-2016-5292: URL parsing causes crash #CVE-2016-5293: Write to arbitrary file with Mozilla Updater and Maintenance Service using updater.log hardlink #CVE-2016-5294: Arbitrary target directory for result files of update process #CVE-2016-5297: Incorrect argument length checking in JavaScript #CVE-2016-9064: Add-ons update must verify IDs match between current and new versions #CVE-2016-9065: Firefox for Android location bar spoofing using fullscreen #CVE-2016-9066: Integer overflow leading to a buffer overflow in nsScriptLoadHandler #CVE-2016-9067: heap-use-after-free in nsINode::ReplaceOrInsertBefore #CVE-2016-9068: heap-use-after-free in nsRefreshDriver #CVE-2016-9072: 64-bit NPAPI sandbox isn't enabled on fresh profile #CVE-2016-9075: WebExtensions can access the mozAddonManager API and use it to gain elevated privileges #CVE-2016-9077: Canvas filters allow feDisplacementMaps to be applied to cross-origin images, allowing timing attacks on them #CVE-2016-5291: Same-origin policy violation using local HTML file and saved shortcut file #CVE-2016-5295: Mozilla Maintenance Service: Ability to read arbitrary files as SYSTEM #CVE-2016-5298: SSL indicator can mislead the user about the real URL visited #CVE-2016-5299: Firefox AuthToken in broadcast protected with signature-level permission can be accessed by an application installed beforehand that defines the same permissionsPI key (glocation) in broadcast protected with signature-level permission can be accessed by an application installed beforehand that defines the same permissions #CVE-2016-9062: Private browsing browser traces (Android) in browser.db and wal file #CVE-2016-9070: Sidebar bookmark can have reference to chrome window #CVE-2016-9073: windows.create schema doesn't specify "format": "relativeUrl" #CVE-2016-9074: Insufficient timing side-channel resistance in divSpoiler #CVE-2016-9076: select dropdown menu can be used for URL bar spoofing on e10s #CVE-2016-9063: Possible integer overflow to fix inside XML_Parse in Expat #CVE-2016-9071: Probe browser history via HSTS/301 redirect + CSP #CVE-2016-5289: Memory safety bugs fixed in Firefox 50 #CVE-2016-5290: Memory safety bugs fixed in Firefox 50 and Firefox ESR 45.5 @ text @d1 1 a1 1 $NetBSD$ d3 1 a3 1 --- gfx/thebes/moz.build.orig 2016-10-31 20:15:32.000000000 +0000 d5 1 a5 2 @@@@ -289,7 +289,13 @@@@ if CONFIG['MOZ_WIDGET_TOOLKIT'] in ('gtk d7 1 @ 1.4 log @Update to 47.0 * Remove macOS patches, because I cannot confirm them sadly Changelog: New Support for Google’s Widevine CDM on Windows and Mac OS X so streaming services like Amazon Video can switch from Silverlight to encrypted HTML5 video. Enable VP9 video codec for users with fast machines Embedded YouTube videos now play with HTML5 video if Flash is not installed. View and search open tabs from your smartphone or another computer in a sidebar Allow no-cache on back/forward navigations for https resources Latgalu [ltg] locale added. Wikipedia tells us there are 164,500 daily speakers. Fixed Various security fixes Changed FUEL (Firefox User Extension Library) has been removed. Add-ons relying on it will stop working. The browser.sessionstore.restore_on_demand preference has been reset to its default value (true) to avoid e10s performance problems. Because faster is better! The Firefox click-to-activate plugin whitelist has been removed. XRender is no longer used for rendering web content on Linux as this may cause a regression in remote X performance Developer Web platform changes View, start,and debug registered Service Workers in the Service Workers developer tool Simulate Push messages in the Service Workers developer tool 'Start' button for service workers in about:debugging to start registered Service Workers Changes that can affect add-on compatibility Added support for ChaCha20/Poly1305 cipher suites Custom user agents supported in Responsive Design Mode Smart multi-line input in the Web Console Developer Information HTML5 cuechange events are now available on TextTrack objects WebCrypto: PBKDF2 supports SHA-2 hash algorithms WebCrypto: RSA-PSS signature support Fixed in Firefox 47 2016-61 Network Security Services (NSS) vulnerabilities 2016-60 Java applets bypass CSP protections 2016-59 Information disclosure of disabled plugins through CSS pseudo-classes 2016-58 Entering fullscreen and persistent pointerlock without user permission 2016-57 Incorrect icon displayed on permissions notifications 2016-56 Use-after-free when textures are used in WebGL operations after recycle pool destruction 2016-55 File overwrite and privilege escalation through Mozilla Windows updater 2016-54 Partial same-origin-policy through setting location.host through data URI 2016-53 Out-of-bounds write with WebGL shader 2016-52 Addressbar spoofing though the SELECT element 2016-51 Use-after-free deleting tables from a contenteditable document 2016-50 Buffer overflow parsing HTML5 fragments 2016-49 Miscellaneous memory safety hazards (rv:47.0 / rv:45.2) @ text @d1 1 a1 1 $NetBSD: patch-gfx_thebes_moz.build,v 1.3 2016/04/27 16:22:40 ryoon Exp $ d3 1 a3 1 --- gfx/thebes/moz.build.orig 2016-04-15 16:57:42.000000000 +0000 d5 1 a5 3 @@@@ -293,6 +293,12 @@@@ CXXFLAGS += CONFIG['TK_CFLAGS'] CFLAGS += CONFIG['MOZ_CAIRO_CFLAGS'] CFLAGS += CONFIG['TK_CFLAGS'] d7 4 a10 1 +if CONFIG['MOZ_NATIVE_HARFBUZZ']: d13 1 a13 1 +if CONFIG['MOZ_NATIVE_GRAPHITE2']: d15 2 a16 3 + if CONFIG['MOZ_WIDGET_TOOLKIT'] in ('android', 'gonk', 'qt'): CXXFLAGS += CONFIG['CAIRO_FT_CFLAGS'] a17 6 @@@@ -306,8 +312,6 @@@@ if CONFIG['MOZ_WIDGET_TOOLKIT'] in ('gtk LOCAL_INCLUDES += CONFIG['SKIA_INCLUDES'] -DEFINES['GRAPHITE2_STATIC'] = True - a19 1 SOURCES['gfxPlatform.cpp'].flags += ['-Wno-implicit-fallthrough'] @ 1.3 log @Update to 46.0 * Drop buildlink to gstreamer1 Changelog: New Improved security of the JavaScript Just In Time (JIT) Compiler GTK3 integration (GNU/Linux only) Fixed Correct rendering for scaled SVGs that use a clip and a mask Various security fixes Screen reader behavior with blank spaces in Google Docs corrected Changed WebRTC fixes to improve performance and stability Developer Display dominator trees in Memory tool Allocation and garbage collection pause profiling in the performance panel Launch responsive mode from the Style Editor @@media sidebar HTML5 Added support for document.elementsFromPoint Added HKDF support for Web Crypto API Fixed in Firefox 46 2016-48 Firefox Health Reports could accept events from untrusted domains 2016-47 Write to invalid HashMap entry through JavaScript.watch() 2016-46 Elevation of privilege with chrome.tabs.update API in web extensions 2016-45 CSP not applied to pages sent with multipart/x-mixed-replace 2016-44 Buffer overflow in libstagefright with CENC offsets 2016-43 Disclosure of user actions through JavaScript with motion and orientation sensors 2016-42 Use-after-free and buffer overflow in Service Workers 2016-41 Content provider permission bypass allows malicious application to access data 2016-40 Privilege escalation through file deletion by Maintenance Service updater 2016-39 Miscellaneous memory safety hazards (rv:46.0 / rv:45.1 / rv:38.8) @ text @d1 1 a1 1 $NetBSD: patch-gfx_thebes_moz.build,v 1.2 2016/01/28 06:48:50 ryoon Exp $ @ 1.2 log @Fix build with graphics/graphite2 1.3.5 @ text @d1 1 a1 1 $NetBSD: patch-gfx_thebes_moz.build,v 1.1 2014/12/01 18:11:14 ryoon Exp $ d3 1 a3 1 --- gfx/thebes/moz.build.orig 2016-01-23 23:23:35.000000000 +0000 d5 1 a5 1 @@@@ -291,6 +291,12 @@@@ CXXFLAGS += CONFIG['TK_CFLAGS'] d18 1 a18 1 @@@@ -304,7 +310,5 @@@@ if CONFIG['MOZ_WIDGET_TOOLKIT'] in ('gtk d24 3 a26 2 if CONFIG['OS_ARCH'] == 'WINNT': del DEFINES['UNICODE'] @ 1.2.2.1 log @Pullup ticket #5015 - requested by sevan www/firefox: security fix Revisions pulled up: - www/firefox/Makefile 1.249-1.250 - www/firefox/PLIST 1.105-1.106 - www/firefox/distinfo 1.242-1.243 - www/firefox/mozilla-common.mk 1.73 - www/firefox/patches/patch-aa 1.45 - www/firefox/patches/patch-config_external_moz.build 1.11 - www/firefox/patches/patch-config_system-headers 1.18 - www/firefox/patches/patch-dom_media_gstreamer_GStreamerAllocator.cpp deleted - www/firefox/patches/patch-dom_media_moz.build 1.3 - www/firefox/patches/patch-gfx_skia_generate__mozbuild.py 1.4 - www/firefox/patches/patch-gfx_skia_moz.build 1.11 - www/firefox/patches/patch-gfx_skia_skia_src_core_SkUtilsArm.cpp 1.2 - www/firefox/patches/patch-gfx_skia_skia_src_opts_SkBitmapProcState__opts__arm.cpp deleted - www/firefox/patches/patch-gfx_skia_skia_src_opts_memset.arm.S deleted - www/firefox/patches/patch-gfx_thebes_moz.build 1.3 - www/firefox/patches/patch-media_libcubeb_src_cubeb.c 1.3 - www/firefox/patches/patch-media_libcubeb_src_cubeb__alsa.c 1.14 - www/firefox/patches/patch-media_libcubeb_src_moz.build 1.7 - www/firefox/patches/patch-media_libtheora_moz.build 1.5 - www/firefox/patches/patch-pb deleted - www/firefox/patches/patch-pc deleted - www/firefox/patches/patch-toolkit_library_moz.build 1.5 - www/firefox/patches/patch-xpcom_reflect_xptcall_md_unix_moz.build 1.5 --- Module Name: pkgsrc Committed By: ryoon Date: Wed Apr 13 20:37:33 UTC 2016 Modified Files: pkgsrc/www/firefox: Makefile PLIST distinfo Log Message: Update to 45.0.2 Changelog: Fixed: Fix an issue impacting the cookie header when third-party cookies are blocked (1257861) Fix a web compatibility regression impacting the srcset attribute of the image tag (1259482) Fix a regression with the copy and paste with some old versions of some Gecko applications like Thunderbird (1254980) Fix a crash impacting the video playback with Media Source Extension (1258562) Fix a regression impacting some specific uploads (1255735) --- Module Name: pkgsrc Committed By: ryoon Date: Wed Apr 27 16:22:40 UTC 2016 Modified Files: pkgsrc/www/firefox: Makefile PLIST distinfo mozilla-common.mk pkgsrc/www/firefox/patches: patch-aa patch-config_external_moz.build patch-config_system-headers patch-dom_media_moz.build patch-gfx_skia_generate__mozbuild.py patch-gfx_skia_moz.build patch-gfx_skia_skia_src_core_SkUtilsArm.cpp patch-gfx_thebes_moz.build patch-media_libcubeb_src_cubeb.c patch-media_libcubeb_src_cubeb__alsa.c patch-media_libcubeb_src_moz.build patch-media_libtheora_moz.build patch-toolkit_library_moz.build patch-xpcom_reflect_xptcall_md_unix_moz.build Removed Files: pkgsrc/www/firefox/patches: patch-dom_media_gstreamer_GStreamerAllocator.cpp patch-gfx_skia_skia_src_opts_SkBitmapProcState__opts__arm.cpp patch-gfx_skia_skia_src_opts_memset.arm.S patch-pb patch-pc Log Message: Update to 46.0 * Drop buildlink to gstreamer1 Changelog: New Improved security of the JavaScript Just In Time (JIT) Compiler GTK3 integration (GNU/Linux only) Fixed Correct rendering for scaled SVGs that use a clip and a mask Various security fixes Screen reader behavior with blank spaces in Google Docs corrected Changed WebRTC fixes to improve performance and stability Developer Display dominator trees in Memory tool Allocation and garbage collection pause profiling in the performance panel Launch responsive mode from the Style Editor @@media sidebar HTML5 Added support for document.elementsFromPoint Added HKDF support for Web Crypto API Fixed in Firefox 46 2016-48 Firefox Health Reports could accept events from untrusted domains 2016-47 Write to invalid HashMap entry through JavaScript.watch() 2016-46 Elevation of privilege with chrome.tabs.update API in web extensions 2016-45 CSP not applied to pages sent with multipart/x-mixed-replace 2016-44 Buffer overflow in libstagefright with CENC offsets 2016-43 Disclosure of user actions through JavaScript with motion and orientation sensors 2016-42 Use-after-free and buffer overflow in Service Workers 2016-41 Content provider permission bypass allows malicious application to access data 2016-40 Privilege escalation through file deletion by Maintenance Service updater 2016-39 Miscellaneous memory safety hazards (rv:46.0 / rv:45.1 / rv:38.8) @ text @d1 1 a1 1 $NetBSD$ d3 1 a3 1 --- gfx/thebes/moz.build.orig 2016-04-15 16:57:42.000000000 +0000 d5 1 a5 1 @@@@ -293,6 +293,12 @@@@ CXXFLAGS += CONFIG['TK_CFLAGS'] d18 1 a18 1 @@@@ -306,8 +312,6 @@@@ if CONFIG['MOZ_WIDGET_TOOLKIT'] in ('gtk d24 2 a25 3 if CONFIG['CLANG_CXX']: # Suppress warnings from Skia header files. SOURCES['gfxPlatform.cpp'].flags += ['-Wno-implicit-fallthrough'] @ 1.1 log @Update to 34.0.5 Changelog: New Default search engine changed to Yahoo! for North America New Default search engine changed to Yandex for Belarusian, Kazakh, and Russian locales New Improved search bar (en-US only) New Firefox Hello real-time communication client New Easily switch themes/personas directly in the Customizing mode New Wikipedia search now uses HTTPS for secure searching (en-US only) New Implementation of HTTP/2 (draft14) and ALPN New Recover from a locked Firefox process in the "Firefox is already running" dialog on Windows Changed Disabled SSLv3 Changed Proprietary window.crypto properties/functions re-enabled (to be removed in Firefox 35) Changed Firefox signed by Apple OS X version 2 signature HTML5 ECMAScript 6 WeakSet Implemented HTML5 JavaScript Template Strings Implemented HTML5 CSS3 Font variants and features control (e.g. kerning) implemented HTML5 WebCrypto: RSA-OAEP, PBKDF2 and AES-KW support HTML5 WebCrypto: wrapKey and unwrapKey implemented HTML5 WebCrypto: Import/export of JWK-formatted keys HTML5 matches() DOM API implemented (formerly mozMatchesSelector()) HTML5 Performance.now() for workers implemented HTML5 WebCrypto: ECDH support Developer WebIDE: Create, edit, and test a new Web application from your browser Developer Highlight all nodes that match a given selector in the Style Editor and the Inspector's Rules panel Developer Improved User Interface of the Profiler Developer console.table function added to web console Fixed CSS transitions start correctly when started at the same time as changes to display, position, overflow, and similar properties Fixed Various security fixes 2014-89 Bad casting from the BasicThebesLayer to BasicContainerLayer 2014-88 Buffer overflow while parsing media content 2014-87 Use-after-free during HTML5 parsing 2014-86 CSP leaks redirect data via violation reports 2014-85 XMLHttpRequest crashes with some input streams 2014-84 XBL bindings accessible via improper CSS declarations 2014-83 Miscellaneous memory safety hazards (rv:34.0 / rv:31.3) @ text @d1 1 a1 1 $NetBSD$ d3 1 a3 1 --- gfx/thebes/moz.build.orig 2014-11-21 03:37:31.000000000 +0000 d5 1 a5 1 @@@@ -276,6 +276,12 @@@@ CXXFLAGS += CONFIG['TK_CFLAGS'] d18 8 @