head 1.3; access; symbols pkgsrc-2018Q1:1.2.0.18 pkgsrc-2018Q1-base:1.2 pkgsrc-2017Q4:1.2.0.16 pkgsrc-2017Q4-base:1.2 pkgsrc-2017Q3:1.2.0.14 pkgsrc-2017Q3-base:1.2 pkgsrc-2017Q2:1.2.0.10 pkgsrc-2017Q2-base:1.2 pkgsrc-2017Q1:1.2.0.8 pkgsrc-2017Q1-base:1.2 pkgsrc-2016Q4:1.2.0.6 pkgsrc-2016Q4-base:1.2 pkgsrc-2016Q3:1.2.0.4 pkgsrc-2016Q3-base:1.2 pkgsrc-2016Q2:1.2.0.2 pkgsrc-2016Q2-base:1.2 pkgsrc-2016Q1:1.1.0.12 pkgsrc-2016Q1-base:1.1 pkgsrc-2015Q4:1.1.0.10 pkgsrc-2015Q4-base:1.1 pkgsrc-2015Q3:1.1.0.8 pkgsrc-2015Q3-base:1.1 pkgsrc-2015Q2:1.1.0.6 pkgsrc-2015Q2-base:1.1 pkgsrc-2015Q1:1.1.0.4 pkgsrc-2015Q1-base:1.1 pkgsrc-2014Q4:1.1.0.2 pkgsrc-2014Q4-base:1.1; locks; strict; comment @# @; 1.3 date 2018.05.10.20.01.53; author ryoon; state dead; branches; next 1.2; commitid xD42Z67JHKvGXMBA; 1.2 date 2016.06.16.12.08.21; author ryoon; state Exp; branches; next 1.1; commitid LAwegbTYgLLjCGaz; 1.1 date 2014.12.01.18.12.38; author ryoon; state Exp; branches; next ; commitid bV9tffXgu38bJm0y; desc @@ 1.3 log @Update to 60.0 * Remove untested patches including NetBSD/earm support Changelog: New Added a policy engine that allows customized Firefox deployments in enterprise environments, using Windows Group Policy or a cross-platform JSON file Enhancements to New Tab / Firefox Home Responsive layout that shows more content for users with wide-screen displays Highlights section includes web sites saved to Pocket More options to reorder sections and content on the page Pocket Sponsored Stories will appear for a percentage of users in the US. Read about our privacy-conscious approach to sponsored content Redesigned Cookies and Site Storage section in Preferences for greater clarity and control of first- and third-party cookies Applied Quantum CSS to render browser UI Added support for Web Authentication API, which allows USB tokens for website authentication Enhanced camera privacy indicators: Firefox now turns off your camera and the camera's light when you disable video recording, and turns the camera and light on when you resume recording Added an option for Linux users to show or hide page titles in a bar at the top of the browser. You'll find the Title Bar option in the Customize panel available from the main browser menu. Improved WebRTC audio performance and playback for Linux users Locale added: Occitan (oc) Fixed Various security fixes Changed #CVE-2018-5154: Use-after-free with SVG animations and clip paths #CVE-2018-5155: Use-after-free with SVG animations and text paths #CVE-2018-5157: Same-origin bypass of PDF Viewer to view protected PDF files #CVE-2018-5158: Malicious PDF can inject JavaScript into PDF Viewer #CVE-2018-5159: Integer overflow and out-of-bounds write in Skia #CVE-2018-5160: Uninitialized memory use by WebRTC encoder #CVE-2018-5152: WebExtensions information leak through webRequest API #CVE-2018-5153: Out-of-bounds read in mixed content websocket messages #CVE-2018-5163: Replacing cached data in JavaScript Start-up Bytecode Cache #CVE-2018-5164: CSP not applied to all multipart content sent with multipart/x-mixed-replace #CVE-2018-5166: WebExtension host permission bypass through filterReponseData #CVE-2018-5167: Improper linkification of chrome: and javascript: content in web console and JavaScript debugger #CVE-2018-5168: Lightweight themes can be installed without user interaction #CVE-2018-5169: Dragging and dropping link text onto home button can set home page to include chrome pages #CVE-2018-5172: Pasted script from clipboard can run in the Live Bookmarks page or PDF viewer #CVE-2018-5173: File name spoofing of Downloads panel with Unicode characters #CVE-2018-5174: Windows Defender SmartScreen UI runs with less secure behavior for downloaded files in Windows 10 April 2018 Update #CVE-2018-5175: Universal CSP bypass on sites using strict-dynamic in their policies #CVE-2018-5176: JSON Viewer script injection #CVE-2018-5177: Buffer overflow in XSLT during number formatting #CVE-2018-5165: Checkbox for enabling Flash protected mode is inverted in 32-bit Firefox #CVE-2018-5180: heap-use-after-free in mozilla::WebGLContext::DrawElementsInstanced #CVE-2018-5181: Local file can be displayed in noopener tab through drag and drop of hyperlink #CVE-2018-5182: Local file can be displayed from hyperlink dragged and dropped on addressbar #CVE-2018-5151: Memory safety bugs fixed in Firefox 60 #CVE-2018-5150: Memory safety bugs fixed in Firefox 60 and Firefox ESR 52.8 @ text @$NetBSD: patch-gfx_ycbcr_moz.build,v 1.2 2016/06/16 12:08:21 ryoon Exp $ * yuv_row_arm.S requires pre-processor --- gfx/ycbcr/moz.build.orig 2014-11-26 12:30:03.000000000 +0000 +++ gfx/ycbcr/moz.build @@@@ -63,7 +63,7 @@@@ else: if CONFIG['CPU_ARCH'] == 'arm' and CONFIG['HAVE_ARM_NEON']: SOURCES += [ - 'yuv_row_arm.s', + 'yuv_row_arm.S', ] SOURCES += [ 'yuv_convert_arm.cpp', @ 1.2 log @Update to 47.0 * Remove macOS patches, because I cannot confirm them sadly Changelog: New Support for Google’s Widevine CDM on Windows and Mac OS X so streaming services like Amazon Video can switch from Silverlight to encrypted HTML5 video. Enable VP9 video codec for users with fast machines Embedded YouTube videos now play with HTML5 video if Flash is not installed. View and search open tabs from your smartphone or another computer in a sidebar Allow no-cache on back/forward navigations for https resources Latgalu [ltg] locale added. Wikipedia tells us there are 164,500 daily speakers. Fixed Various security fixes Changed FUEL (Firefox User Extension Library) has been removed. Add-ons relying on it will stop working. The browser.sessionstore.restore_on_demand preference has been reset to its default value (true) to avoid e10s performance problems. Because faster is better! The Firefox click-to-activate plugin whitelist has been removed. XRender is no longer used for rendering web content on Linux as this may cause a regression in remote X performance Developer Web platform changes View, start,and debug registered Service Workers in the Service Workers developer tool Simulate Push messages in the Service Workers developer tool 'Start' button for service workers in about:debugging to start registered Service Workers Changes that can affect add-on compatibility Added support for ChaCha20/Poly1305 cipher suites Custom user agents supported in Responsive Design Mode Smart multi-line input in the Web Console Developer Information HTML5 cuechange events are now available on TextTrack objects WebCrypto: PBKDF2 supports SHA-2 hash algorithms WebCrypto: RSA-PSS signature support Fixed in Firefox 47 2016-61 Network Security Services (NSS) vulnerabilities 2016-60 Java applets bypass CSP protections 2016-59 Information disclosure of disabled plugins through CSS pseudo-classes 2016-58 Entering fullscreen and persistent pointerlock without user permission 2016-57 Incorrect icon displayed on permissions notifications 2016-56 Use-after-free when textures are used in WebGL operations after recycle pool destruction 2016-55 File overwrite and privilege escalation through Mozilla Windows updater 2016-54 Partial same-origin-policy through setting location.host through data URI 2016-53 Out-of-bounds write with WebGL shader 2016-52 Addressbar spoofing though the SELECT element 2016-51 Use-after-free deleting tables from a contenteditable document 2016-50 Buffer overflow parsing HTML5 fragments 2016-49 Miscellaneous memory safety hazards (rv:47.0 / rv:45.2) @ text @d1 1 a1 1 $NetBSD: patch-gfx_ycbcr_moz.build,v 1.1 2014/12/01 18:12:38 ryoon Exp $ @ 1.1 log @Add patches. @ text @d1 3 a3 1 $NetBSD$ @