head 1.2; access; symbols pkgsrc-2018Q1:1.1.0.4 pkgsrc-2018Q1-base:1.1 pkgsrc-2017Q4:1.1.0.2; locks; strict; comment @// @; 1.2 date 2018.05.10.20.01.53; author ryoon; state dead; branches; next 1.1; commitid xD42Z67JHKvGXMBA; 1.1 date 2018.01.24.16.52.08; author ryoon; state Exp; branches 1.1.2.1; next ; commitid Yl8uDmLMV5LNj9oA; 1.1.2.1 date 2018.01.24.16.52.08; author spz; state dead; branches; next 1.1.2.2; commitid DwVK6v0Mc0P0JKtA; 1.1.2.2 date 2018.03.09.07.17.30; author spz; state Exp; branches; next ; commitid DwVK6v0Mc0P0JKtA; desc @@ 1.2 log @Update to 60.0 * Remove untested patches including NetBSD/earm support Changelog: New Added a policy engine that allows customized Firefox deployments in enterprise environments, using Windows Group Policy or a cross-platform JSON file Enhancements to New Tab / Firefox Home Responsive layout that shows more content for users with wide-screen displays Highlights section includes web sites saved to Pocket More options to reorder sections and content on the page Pocket Sponsored Stories will appear for a percentage of users in the US. Read about our privacy-conscious approach to sponsored content Redesigned Cookies and Site Storage section in Preferences for greater clarity and control of first- and third-party cookies Applied Quantum CSS to render browser UI Added support for Web Authentication API, which allows USB tokens for website authentication Enhanced camera privacy indicators: Firefox now turns off your camera and the camera's light when you disable video recording, and turns the camera and light on when you resume recording Added an option for Linux users to show or hide page titles in a bar at the top of the browser. You'll find the Title Bar option in the Customize panel available from the main browser menu. Improved WebRTC audio performance and playback for Linux users Locale added: Occitan (oc) Fixed Various security fixes Changed #CVE-2018-5154: Use-after-free with SVG animations and clip paths #CVE-2018-5155: Use-after-free with SVG animations and text paths #CVE-2018-5157: Same-origin bypass of PDF Viewer to view protected PDF files #CVE-2018-5158: Malicious PDF can inject JavaScript into PDF Viewer #CVE-2018-5159: Integer overflow and out-of-bounds write in Skia #CVE-2018-5160: Uninitialized memory use by WebRTC encoder #CVE-2018-5152: WebExtensions information leak through webRequest API #CVE-2018-5153: Out-of-bounds read in mixed content websocket messages #CVE-2018-5163: Replacing cached data in JavaScript Start-up Bytecode Cache #CVE-2018-5164: CSP not applied to all multipart content sent with multipart/x-mixed-replace #CVE-2018-5166: WebExtension host permission bypass through filterReponseData #CVE-2018-5167: Improper linkification of chrome: and javascript: content in web console and JavaScript debugger #CVE-2018-5168: Lightweight themes can be installed without user interaction #CVE-2018-5169: Dragging and dropping link text onto home button can set home page to include chrome pages #CVE-2018-5172: Pasted script from clipboard can run in the Live Bookmarks page or PDF viewer #CVE-2018-5173: File name spoofing of Downloads panel with Unicode characters #CVE-2018-5174: Windows Defender SmartScreen UI runs with less secure behavior for downloaded files in Windows 10 April 2018 Update #CVE-2018-5175: Universal CSP bypass on sites using strict-dynamic in their policies #CVE-2018-5176: JSON Viewer script injection #CVE-2018-5177: Buffer overflow in XSLT during number formatting #CVE-2018-5165: Checkbox for enabling Flash protected mode is inverted in 32-bit Firefox #CVE-2018-5180: heap-use-after-free in mozilla::WebGLContext::DrawElementsInstanced #CVE-2018-5181: Local file can be displayed in noopener tab through drag and drop of hyperlink #CVE-2018-5182: Local file can be displayed from hyperlink dragged and dropped on addressbar #CVE-2018-5151: Memory safety bugs fixed in Firefox 60 #CVE-2018-5150: Memory safety bugs fixed in Firefox 60 and Firefox ESR 52.8 @ text @$NetBSD: patch-ipc_glue_MessageChannel.cpp,v 1.1 2018/01/24 16:52:08 ryoon Exp $ --- ipc/glue/MessageChannel.cpp.orig 2018-01-11 20:17:05.000000000 +0000 +++ ipc/glue/MessageChannel.cpp @@@@ -686,6 +686,11 @@@@ MessageChannel::WillDestroyCurrentMessag mWorkerLoop = nullptr; } +#if defined(_LIBCPP_VERSION) && _LIBCPP_VERSION < 4000 +// Work around UB in __tree crashing mPendingPromises.clear() +// http://llvm.org/viewvc/llvm-project?view=revision&revision=276003 +[[clang::optnone]] +#endif void MessageChannel::Clear() { @ 1.1 log @Update to 58.0 Changelog: New Performance improvements, including: Rendering graphics for Windows users by using Off-Main-Threa Painting (OMTP) Loading pages faster by changing how Firefox caches and retrieves JavaScript Improvements to Firefox Screenshots: Copy and paste screenshots directly to your clipboard Firefox Screenshots now works in Private Browsing mode Added Nepali (ne-NP) locale In case you missed it--57 Release privacy and performance feature: Users can enable Tracking Protection at all times. Learn how to turn Tracking Protection on. Fixed Fonts installed in non-standard directories will no longer appear blank for Linux users Various security fixes Changed User profiles created in Firefox 58 (and in future releases) are not supported in previous versions of Firefox. Users who downgrade to a previous version should create a new profile for that version. Learn about alternatives to downgrading on our support site. Added a warning to alert users and site owners of planned security changes to sites affected by the gradual distrust plan for the Symantec certificate authority #CVE-2018-5091: Use-after-free with DTMF timers #CVE-2018-5092: Use-after-free in Web Workers #CVE-2018-5093: Buffer overflow in WebAssembly during Memory/Table resizing #CVE-2018-5094: Buffer overflow in WebAssembly with garbage collection on uninitialized memory #CVE-2018-5095: Integer overflow in Skia library during edge builder allocation #CVE-2018-5097: Use-after-free when source document is manipulated during XSLT #CVE-2018-5098: Use-after-free while manipulating form input elements #CVE-2018-5099: Use-after-free with widget listener #CVE-2018-5100: Use-after-free when IsPotentiallyScrollable arguments are freed from memory #CVE-2018-5101: Use-after-free with floating first-letter style elements #CVE-2018-5102: Use-after-free in HTML media elements #CVE-2018-5103: Use-after-free during mouse event handling #CVE-2018-5104: Use-after-free during font face manipulation #CVE-2018-5105: WebExtensions can save and execute files on local file system without user prompts #CVE-2018-5106: Developer Tools can expose style editor information cross-origin through service worker #CVE-2018-5107: Printing process will follow symlinks for local file access #CVE-2018-5108: Manually entered blob URL can be accessed by subsequent private browsing tabs #CVE-2018-5109: Audio capture prompts and starts with incorrect origin attribution #CVE-2018-5110: Cursor can be made invisible on OS X #CVE-2018-5117: URL spoofing with right-to-left text aligned left-to-right #CVE-2018-5118: Activity Stream images can attempt to load local content through file: #CVE-2018-5119: Reader view will load cross-origin content in violation of CORS headers #CVE-2018-5121: OS X Tibetan characters render incompletely in the addressbar #CVE-2018-5122: Potential integer overflow in DoCrypt #CVE-2018-5090: Memory safety bugs fixed in Firefox 58 #CVE-2018-5089: Memory safety bugs fixed in Firefox 58 and Firefox ESR 52.6 @ text @d1 1 a1 1 $NetBSD$ @ 1.1.2.1 log @file patch-ipc_glue_MessageChannel.cpp was added on branch pkgsrc-2017Q4 on 2018-03-09 07:17:30 +0000 @ text @d1 16 @ 1.1.2.2 log @Pullup ticket #5695 - requested by he and maya www/firefox: security update www/firefox-l10n: dependent update NOTE: firefox-58 needs rust and rust in pkgsrc-2017Q4 needs /proc Revisions pulled up: - www/firefox-l10n/Makefile 1.117-1.120 - www/firefox-l10n/PLIST 1.58-1.59 - www/firefox-l10n/distinfo 1.108-1.110 - www/firefox/Makefile 1.316-1.318 - www/firefox/PLIST 1.126 - www/firefox/distinfo 1.304-1.306 - www/firefox/mozilla-common.mk 1.103-1.104 - www/firefox/patches/patch-aa 1.55 - www/firefox/patches/patch-build_moz.configure_keyfiles.configure deleted - www/firefox/patches/patch-config_Makefile.in deleted - www/firefox/patches/patch-config_system-headers deleted - www/firefox/patches/patch-config_system-headers.mozbuild 1.1 - www/firefox/patches/patch-dom_media_flac_FlacDecoder.cpp 1.1 - www/firefox/patches/patch-dom_media_moz.build 1.8 - www/firefox/patches/patch-intl_unicharutil_util_moz.build 1.7 - www/firefox/patches/patch-ipc_chromium_src_base_process__util.h deleted - www/firefox/patches/patch-ipc_glue_MessageChannel.cpp 1.1 - www/firefox/patches/patch-js_src_build_moz.build 1.2 - www/firefox/patches/patch-media_libcubeb_src_cubeb__alsa.c 1.26 - www/firefox/patches/patch-media_libsoundtouch_src_cpu__detect__x86.cpp deleted - www/firefox/patches/patch-netwerk_dns_moz.build 1.7 - www/firefox/patches/patch-servo_components_gfx_font.rs deleted - www/firefox/patches/patch-servo_components_net__traits_response.rs deleted - www/firefox/patches/patch-servo_components_net_fetch_cors__cache.rs deleted - www/firefox/patches/patch-servo_components_net_fetch_methods.rs deleted - www/firefox/patches/patch-servo_components_net_websocket__loader.rs deleted - www/firefox/patches/patch-servo_components_script_dom_bindings_str.rs deleted - www/firefox/patches/patch-servo_components_script_dom_blob.rs deleted - www/firefox/patches/patch-servo_components_script_dom_cssstyledeclaration.rs deleted - www/firefox/patches/patch-servo_components_script_dom_document.rs deleted - www/firefox/patches/patch-servo_components_script_dom_element.rs deleted - www/firefox/patches/patch-servo_components_script_dom_htmlelement.rs deleted - www/firefox/patches/patch-servo_components_script_dom_htmllinkelement.rs deleted - www/firefox/patches/patch-servo_components_script_dom_htmlmetaelement.rs deleted - www/firefox/patches/patch-servo_components_script_dom_htmlscriptelement.rs deleted - www/firefox/patches/patch-servo_components_script_dom_macros.rs deleted - www/firefox/patches/patch-servo_components_script_dom_namednodemap.rs deleted - www/firefox/patches/patch-servo_components_script_dom_serviceworkercontainer.rs deleted - www/firefox/patches/patch-servo_components_script_dom_servoparser_async__html.rs deleted - www/firefox/patches/patch-servo_components_script_dom_websocket.rs deleted - www/firefox/patches/patch-servo_components_script_dom_window.rs deleted - www/firefox/patches/patch-servo_components_script_dom_xmlhttprequest.rs deleted - www/firefox/patches/patch-servo_components_selectors_attr.rs deleted - www/firefox/patches/patch-servo_components_selectors_parser.rs deleted - www/firefox/patches/patch-servo_components_style__traits_viewport.rs deleted - www/firefox/patches/patch-servo_components_style_attr.rs deleted - www/firefox/patches/patch-servo_components_style_counter__style_mod.rs deleted - www/firefox/patches/patch-servo_components_style_custom__properties.rs deleted - www/firefox/patches/patch-servo_components_style_gecko__string__cache_mod.rs deleted - www/firefox/patches/patch-servo_components_style_gecko_generated_pseudo__element__definition.rs deleted - www/firefox/patches/patch-servo_components_style_gecko_pseudo__element__definition.mako.rs deleted - www/firefox/patches/patch-servo_components_style_properties_helpers_animated__properties.mako.rs 1.1 - www/firefox/patches/patch-servo_components_style_properties_longhand_font.mako.rs deleted - www/firefox/patches/patch-servo_components_style_properties_longhand_pointing.mako.rs deleted - www/firefox/patches/patch-servo_components_style_servo_selector__parser.rs deleted - www/firefox/patches/patch-servo_components_style_str.rs deleted - www/firefox/patches/patch-servo_components_style_stylesheets_viewport__rule.rs deleted - www/firefox/patches/patch-servo_components_style_values_mod.rs deleted - www/firefox/patches/patch-servo_components_style_values_specified_align.rs deleted - www/firefox/patches/patch-servo_components_style_values_specified_angle.rs deleted - www/firefox/patches/patch-servo_components_style_values_specified_calc.rs deleted - www/firefox/patches/patch-servo_components_style_values_specified_grid.rs deleted - www/firefox/patches/patch-servo_components_style_values_specified_length.rs deleted - www/firefox/patches/patch-servo_components_style_values_specified_mod.rs deleted - www/firefox/patches/patch-servo_components_style_values_specified_percentage.rs deleted - www/firefox/patches/patch-servo_components_style_values_specified_text.rs deleted - www/firefox/patches/patch-servo_components_style_values_specified_time.rs deleted - www/firefox/patches/patch-third__party_python_futures_concurrent_futures_process.py 1.3 - www/firefox/patches/patch-toolkit_components_protobuf_src_google_protobuf_stubs_atomicops.h 1.4 - www/firefox/patches/patch-toolkit_moz.configure 1.9 - www/firefox/patches/patch-toolkit_mozapps_installer_packager.mk 1.1 - www/firefox/patches/patch-xpcom_reflect_xptcall_md_unix_Makefile.in deleted ------------------------------------------------------------------- Module Name: pkgsrc Committed By: ryoon Date: Mon Jan 1 07:02:17 UTC 2018 Modified Files: pkgsrc/www/firefox: Makefile distinfo Log Message: Update to 57.0.3 Changelog: Fixed * Fix a crash reporting issue that inadvertently sends background tab crash reports to Mozilla without user opt-in (bug 1427111) To generate a diff of this commit: cvs rdiff -u -r1.315 -r1.316 pkgsrc/www/firefox/Makefile cvs rdiff -u -r1.303 -r1.304 pkgsrc/www/firefox/distinfo ------------------------------------------------------------------- Module Name: pkgsrc Committed By: ryoon Date: Mon Jan 1 07:03:33 UTC 2018 Modified Files: pkgsrc/www/firefox-l10n: Makefile distinfo Log Message: Update to 57.0.3 * Sync with www/firefox-57.0.3 To generate a diff of this commit: cvs rdiff -u -r1.116 -r1.117 pkgsrc/www/firefox-l10n/Makefile cvs rdiff -u -r1.107 -r1.108 pkgsrc/www/firefox-l10n/distinfo ------------------------------------------------------------------- Module Name: pkgsrc Committed By: ryoon Date: Mon Jan 8 09:37:57 UTC 2018 Modified Files: pkgsrc/www/firefox: Makefile distinfo mozilla-common.mk Added Files: pkgsrc/www/firefox/patches: patch-servo_components_gfx_font.rs patch-servo_components_net__traits_response.rs patch-servo_components_net_fetch_cors__cache.rs patch-servo_components_net_fetch_methods.rs patch-servo_components_net_websocket__loader.rs patch-servo_components_script_dom_bindings_str.rs patch-servo_components_script_dom_blob.rs patch-servo_components_script_dom_cssstyledeclaration.rs patch-servo_components_script_dom_document.rs patch-servo_components_script_dom_element.rs patch-servo_components_script_dom_htmlelement.rs patch-servo_components_script_dom_htmllinkelement.rs patch-servo_components_script_dom_htmlmetaelement.rs patch-servo_components_script_dom_htmlscriptelement.rs patch-servo_components_script_dom_macros.rs patch-servo_components_script_dom_namednodemap.rs patch-servo_components_script_dom_serviceworkercontainer.rs patch-servo_components_script_dom_servoparser_async__html.rs patch-servo_components_script_dom_websocket.rs patch-servo_components_script_dom_window.rs patch-servo_components_script_dom_xmlhttprequest.rs patch-servo_components_selectors_attr.rs patch-servo_components_selectors_parser.rs patch-servo_components_style__traits_viewport.rs patch-servo_components_style_attr.rs patch-servo_components_style_counter__style_mod.rs patch-servo_components_style_custom__properties.rs patch-servo_components_style_gecko__string__cache_mod.rs patch-servo_components_style_gecko_generated_pseudo__element__definition.rs patch-servo_components_style_gecko_pseudo__element__definition.mako.rs patch-servo_components_style_properties_longhand_font.mako.rs patch-servo_components_style_properties_longhand_pointing.mako.rs patch-servo_components_style_servo_selector__parser.rs patch-servo_components_style_str.rs patch-servo_components_style_stylesheets_viewport__rule.rs patch-servo_components_style_values_mod.rs patch-servo_components_style_values_specified_align.rs patch-servo_components_style_values_specified_angle.rs patch-servo_components_style_values_specified_calc.rs patch-servo_components_style_values_specified_grid.rs patch-servo_components_style_values_specified_length.rs patch-servo_components_style_values_specified_mod.rs patch-servo_components_style_values_specified_percentage.rs patch-servo_components_style_values_specified_text.rs patch-servo_components_style_values_specified_time.rs Log Message: Update to 57.0.4 * Use lang/rust-1.23.0 Changelog: Speculative execution side-channel attack ("Spectre") Announced January 4, 2018 Reporter Jann Horn (Google Project Zero); Microsoft Vunerability Research Impact High Products Firefox Fixed in Firefox 57.0.4 Description Jann Horn of Google Project Zero Security reported that speculative execution performed by modern CPUs could leak information through a timing side-channel attack. Microsoft Vulnerability Research extended this attack to browser JavaScript engines and demonstrated that code on a malicious web page could read data from other web sites (violating the same-origin policy) or private data from the browser itself. Since this new class of attacks involves measuring precise time intervals, as a partial, short-term, mitigation we are disabling or reducing the precision of several time sources in Firefox. The precision of performance.now() has been reduced from 5us to 20us, and the SharedArrayBuffer feature has been disabled because it can be used to construct a high-resolution timer. SharedArrayBuffer is already disabled in Firefox 52 ESR. To generate a diff of this commit: cvs rdiff -u -r1.316 -r1.317 pkgsrc/www/firefox/Makefile cvs rdiff -u -r1.304 -r1.305 pkgsrc/www/firefox/distinfo cvs rdiff -u -r1.102 -r1.103 pkgsrc/www/firefox/mozilla-common.mk cvs rdiff -u -r0 -r1.1 \ pkgsrc/www/firefox/patches/patch-servo_components_gfx_font.rs \ pkgsrc/www/firefox/patches/patch-servo_components_net__traits_response.rs \ pkgsrc/www/firefox/patches/patch-servo_components_net_fetch_cors__cache.rs \ pkgsrc/www/firefox/patches/patch-servo_components_net_fetch_methods.rs \ pkgsrc/www/firefox/patches/patch-servo_components_net_websocket__loader.rs \ pkgsrc/www/firefox/patches/patch-servo_components_script_dom_bindings_str.rs \ pkgsrc/www/firefox/patches/patch-servo_components_script_dom_blob.rs \ pkgsrc/www/firefox/patches/patch-servo_components_script_dom_element.rs \ pkgsrc/www/firefox/patches/patch-servo_components_script_dom_htmlelement.rs \ pkgsrc/www/firefox/patches/patch-servo_components_script_dom_htmllinkelement.rs \ pkgsrc/www/firefox/patches/patch-servo_components_script_dom_htmlmetaelement.rs \ pkgsrc/www/firefox/patches/patch-servo_components_script_dom_htmlscriptelement.rs \ pkgsrc/www/firefox/patches/patch-servo_components_script_dom_macros.rs \ pkgsrc/www/firefox/patches/patch-servo_components_script_dom_namednodemap.rs \ pkgsrc/www/firefox/patches/patch-servo_components_script_dom_serviceworkercontainer.rs \ pkgsrc/www/firefox/patches/patch-servo_components_script_dom_websocket.rs \ pkgsrc/www/firefox/patches/patch-servo_components_script_dom_window.rs \ pkgsrc/www/firefox/patches/patch-servo_components_selectors_attr.rs \ pkgsrc/www/firefox/patches/patch-servo_components_style__traits_viewport.rs \ pkgsrc/www/firefox/patches/patch-servo_components_style_attr.rs \ pkgsrc/www/firefox/patches/patch-servo_components_style_counter__style_mod.rs \ pkgsrc/www/firefox/patches/patch-servo_components_style_custom__properties.rs \ pkgsrc/www/firefox/patches/patch-servo_components_style_gecko__string__cache_mod.rs \ pkgsrc/www/firefox/patches/patch-servo_components_style_gecko_generated_pseudo__element__definition.rs \ pkgsrc/www/firefox/patches/patch-servo_components_style_gecko_pseudo__element__definition.mako.rs \ pkgsrc/www/firefox/patches/patch-servo_components_style_properties_longhand_font.mako.rs \ pkgsrc/www/firefox/patches/patch-servo_components_style_properties_longhand_pointing.mako.rs \ pkgsrc/www/firefox/patches/patch-servo_components_style_servo_selector__parser.rs \ pkgsrc/www/firefox/patches/patch-servo_components_style_str.rs \ pkgsrc/www/firefox/patches/patch-servo_components_style_stylesheets_viewport__rule.rs \ pkgsrc/www/firefox/patches/patch-servo_components_style_values_mod.rs \ pkgsrc/www/firefox/patches/patch-servo_components_style_values_specified_align.rs \ pkgsrc/www/firefox/patches/patch-servo_components_style_values_specified_angle.rs \ pkgsrc/www/firefox/patches/patch-servo_components_style_values_specified_calc.rs \ pkgsrc/www/firefox/patches/patch-servo_components_style_values_specified_grid.rs \ pkgsrc/www/firefox/patches/patch-servo_components_style_values_specified_length.rs \ pkgsrc/www/firefox/patches/patch-servo_components_style_values_specified_mod.rs \ pkgsrc/www/firefox/patches/patch-servo_components_style_values_specified_percentage.rs \ pkgsrc/www/firefox/patches/patch-servo_components_style_values_specified_text.rs \ pkgsrc/www/firefox/patches/patch-servo_components_style_values_specified_time.rs cvs rdiff -u -r0 -r1.3 \ pkgsrc/www/firefox/patches/patch-servo_components_script_dom_cssstyledeclaration.rs \ pkgsrc/www/firefox/patches/patch-servo_components_script_dom_document.rs \ pkgsrc/www/firefox/patches/patch-servo_components_script_dom_servoparser_async__html.rs \ pkgsrc/www/firefox/patches/patch-servo_components_script_dom_xmlhttprequest.rs \ pkgsrc/www/firefox/patches/patch-servo_components_selectors_parser.rs ------------------------------------------------------------------- Module Name: pkgsrc Committed By: ryoon Date: Sun Jan 21 01:29:28 UTC 2018 Modified Files: pkgsrc/www/firefox-l10n: Makefile distinfo Log Message: Update to 57.0.4 * Sync with www/firefox-57.0.4 To generate a diff of this commit: cvs rdiff -u -r1.117 -r1.118 pkgsrc/www/firefox-l10n/Makefile cvs rdiff -u -r1.108 -r1.109 pkgsrc/www/firefox-l10n/distinfo ------------------------------------------------------------------- Module Name: pkgsrc Committed By: ryoon Date: Wed Jan 24 16:52:08 UTC 2018 Modified Files: pkgsrc/www/firefox: Makefile PLIST distinfo mozilla-common.mk pkgsrc/www/firefox/patches: patch-aa patch-dom_media_moz.build patch-intl_unicharutil_util_moz.build patch-js_src_build_moz.build patch-media_libcubeb_src_cubeb__alsa.c patch-netwerk_dns_moz.build patch-toolkit_components_protobuf_src_google_protobuf_stubs_atomicops.h patch-toolkit_moz.configure Added Files: pkgsrc/www/firefox/patches: patch-config_system-headers.mozbuild patch-dom_media_flac_FlacDecoder.cpp patch-ipc_glue_MessageChannel.cpp patch-servo_components_style_properties_helpers_animated__properties.mako.rs patch-third__party_python_futures_concurrent_futures_process.py patch-toolkit_mozapps_installer_packager.mk Removed Files: pkgsrc/www/firefox/patches: patch-build_moz.configure_keyfiles.configure patch-config_Makefile.in patch-config_system-headers patch-ipc_chromium_src_base_process__util.h patch-media_libsoundtouch_src_cpu__detect__x86.cpp patch-servo_components_gfx_font.rs patch-servo_components_net__traits_response.rs patch-servo_components_net_fetch_cors__cache.rs patch-servo_components_net_fetch_methods.rs patch-servo_components_net_websocket__loader.rs patch-servo_components_script_dom_bindings_str.rs patch-servo_components_script_dom_blob.rs patch-servo_components_script_dom_cssstyledeclaration.rs patch-servo_components_script_dom_document.rs patch-servo_components_script_dom_element.rs patch-servo_components_script_dom_htmlelement.rs patch-servo_components_script_dom_htmllinkelement.rs patch-servo_components_script_dom_htmlmetaelement.rs patch-servo_components_script_dom_htmlscriptelement.rs patch-servo_components_script_dom_macros.rs patch-servo_components_script_dom_namednodemap.rs patch-servo_components_script_dom_serviceworkercontainer.rs patch-servo_components_script_dom_servoparser_async__html.rs patch-servo_components_script_dom_websocket.rs patch-servo_components_script_dom_window.rs patch-servo_components_script_dom_xmlhttprequest.rs patch-servo_components_selectors_attr.rs patch-servo_components_selectors_parser.rs patch-servo_components_style__traits_viewport.rs patch-servo_components_style_attr.rs patch-servo_components_style_counter__style_mod.rs patch-servo_components_style_custom__properties.rs patch-servo_components_style_gecko__string__cache_mod.rs patch-servo_components_style_gecko_generated_pseudo__element__definition.rs patch-servo_components_style_gecko_pseudo__element__definition.mako.rs patch-servo_components_style_properties_longhand_font.mako.rs patch-servo_components_style_properties_longhand_pointing.mako.rs patch-servo_components_style_servo_selector__parser.rs patch-servo_components_style_str.rs patch-servo_components_style_stylesheets_viewport__rule.rs patch-servo_components_style_values_mod.rs patch-servo_components_style_values_specified_align.rs patch-servo_components_style_values_specified_angle.rs patch-servo_components_style_values_specified_calc.rs patch-servo_components_style_values_specified_grid.rs patch-servo_components_style_values_specified_length.rs patch-servo_components_style_values_specified_mod.rs patch-servo_components_style_values_specified_percentage.rs patch-servo_components_style_values_specified_text.rs patch-servo_components_style_values_specified_time.rs patch-xpcom_reflect_xptcall_md_unix_Makefile.in Log Message: Update to 58.0 Changelog: New Performance improvements, including: Rendering graphics for Windows users by using Off-Main-Threa Painting (OMTP) Loading pages faster by changing how Firefox caches and retrieves JavaScript Improvements to Firefox Screenshots: Copy and paste screenshots directly to your clipboard Firefox Screenshots now works in Private Browsing mode Added Nepali (ne-NP) locale In case you missed it--57 Release privacy and performance feature: Users can enable Tracking Protection at all times. Learn how to turn Tracking Protection on. Fixed Fonts installed in non-standard directories will no longer appear blank for Linux users Various security fixes Changed User profiles created in Firefox 58 (and in future releases) are not supported in previous versions of Firefox. Users who downgrade to a previous version should create a new profile for that version. Learn about alternatives to downgrading on our support site. Added a warning to alert users and site owners of planned security changes to sites affected by the gradual distrust plan for the Symantec certificate authority #CVE-2018-5091: Use-after-free with DTMF timers #CVE-2018-5092: Use-after-free in Web Workers #CVE-2018-5093: Buffer overflow in WebAssembly during Memory/Table resizing #CVE-2018-5094: Buffer overflow in WebAssembly with garbage collection on uninitialized memory #CVE-2018-5095: Integer overflow in Skia library during edge builder allocation #CVE-2018-5097: Use-after-free when source document is manipulated during XSLT #CVE-2018-5098: Use-after-free while manipulating form input elements #CVE-2018-5099: Use-after-free with widget listener #CVE-2018-5100: Use-after-free when IsPotentiallyScrollable arguments are freed from memory #CVE-2018-5101: Use-after-free with floating first-letter style elements #CVE-2018-5102: Use-after-free in HTML media elements #CVE-2018-5103: Use-after-free during mouse event handling #CVE-2018-5104: Use-after-free during font face manipulation #CVE-2018-5105: WebExtensions can save and execute files on local file system without user prompts #CVE-2018-5106: Developer Tools can expose style editor information cross-origin through service worker #CVE-2018-5107: Printing process will follow symlinks for local file access #CVE-2018-5108: Manually entered blob URL can be accessed by subsequent private browsing tabs #CVE-2018-5109: Audio capture prompts and starts with incorrect origin attribution #CVE-2018-5110: Cursor can be made invisible on OS X #CVE-2018-5117: URL spoofing with right-to-left text aligned left-to-right #CVE-2018-5118: Activity Stream images can attempt to load local content through file: #CVE-2018-5119: Reader view will load cross-origin content in violation of CORS headers #CVE-2018-5121: OS X Tibetan characters render incompletely in the addressbar #CVE-2018-5122: Potential integer overflow in DoCrypt #CVE-2018-5090: Memory safety bugs fixed in Firefox 58 #CVE-2018-5089: Memory safety bugs fixed in Firefox 58 and Firefox ESR 52.6 To generate a diff of this commit: cvs rdiff -u -r1.317 -r1.318 pkgsrc/www/firefox/Makefile cvs rdiff -u -r1.125 -r1.126 pkgsrc/www/firefox/PLIST cvs rdiff -u -r1.305 -r1.306 pkgsrc/www/firefox/distinfo cvs rdiff -u -r1.103 -r1.104 pkgsrc/www/firefox/mozilla-common.mk cvs rdiff -u -r1.54 -r1.55 pkgsrc/www/firefox/patches/patch-aa cvs rdiff -u -r1.3 -r0 \ pkgsrc/www/firefox/patches/patch-build_moz.configure_keyfiles.configure \ pkgsrc/www/firefox/patches/patch-servo_components_script_dom_cssstyledeclaration.rs \ pkgsrc/www/firefox/patches/patch-servo_components_script_dom_document.rs \ pkgsrc/www/firefox/patches/patch-servo_components_script_dom_servoparser_async__html.rs \ pkgsrc/www/firefox/patches/patch-servo_components_script_dom_xmlhttprequest.rs \ pkgsrc/www/firefox/patches/patch-servo_components_selectors_parser.rs \ pkgsrc/www/firefox/patches/patch-xpcom_reflect_xptcall_md_unix_Makefile.in cvs rdiff -u -r1.11 -r0 pkgsrc/www/firefox/patches/patch-config_Makefile.in cvs rdiff -u -r1.25 -r0 \ pkgsrc/www/firefox/patches/patch-config_system-headers cvs rdiff -u -r0 -r1.1 \ pkgsrc/www/firefox/patches/patch-config_system-headers.mozbuild \ pkgsrc/www/firefox/patches/patch-dom_media_flac_FlacDecoder.cpp \ pkgsrc/www/firefox/patches/patch-ipc_glue_MessageChannel.cpp \ pkgsrc/www/firefox/patches/patch-servo_components_style_properties_helpers_animated__properties.mako.rs \ pkgsrc/www/firefox/patches/patch-toolkit_mozapps_installer_packager.mk cvs rdiff -u -r1.7 -r1.8 pkgsrc/www/firefox/patches/patch-dom_media_moz.build cvs rdiff -u -r1.6 -r1.7 \ pkgsrc/www/firefox/patches/patch-intl_unicharutil_util_moz.build \ pkgsrc/www/firefox/patches/patch-netwerk_dns_moz.build cvs rdiff -u -r1.6 -r0 \ pkgsrc/www/firefox/patches/patch-ipc_chromium_src_base_process__util.h cvs rdiff -u -r1.1 -r1.2 \ pkgsrc/www/firefox/patches/patch-js_src_build_moz.build cvs rdiff -u -r1.25 -r1.26 \ pkgsrc/www/firefox/patches/patch-media_libcubeb_src_cubeb__alsa.c cvs rdiff -u -r1.5 -r0 \ pkgsrc/www/firefox/patches/patch-media_libsoundtouch_src_cpu__detect__x86.cpp cvs rdiff -u -r1.1 -r0 \ pkgsrc/www/firefox/patches/patch-servo_components_gfx_font.rs \ pkgsrc/www/firefox/patches/patch-servo_components_net__traits_response.rs \ pkgsrc/www/firefox/patches/patch-servo_components_net_fetch_cors__cache.rs \ pkgsrc/www/firefox/patches/patch-servo_components_net_fetch_methods.rs \ pkgsrc/www/firefox/patches/patch-servo_components_net_websocket__loader.rs \ pkgsrc/www/firefox/patches/patch-servo_components_script_dom_bindings_str.rs \ pkgsrc/www/firefox/patches/patch-servo_components_script_dom_blob.rs \ pkgsrc/www/firefox/patches/patch-servo_components_script_dom_element.rs \ pkgsrc/www/firefox/patches/patch-servo_components_script_dom_htmlelement.rs \ pkgsrc/www/firefox/patches/patch-servo_components_script_dom_htmllinkelement.rs \ pkgsrc/www/firefox/patches/patch-servo_components_script_dom_htmlmetaelement.rs \ pkgsrc/www/firefox/patches/patch-servo_components_script_dom_htmlscriptelement.rs \ pkgsrc/www/firefox/patches/patch-servo_components_script_dom_macros.rs \ pkgsrc/www/firefox/patches/patch-servo_components_script_dom_namednodemap.rs \ pkgsrc/www/firefox/patches/patch-servo_components_script_dom_serviceworkercontainer.rs \ pkgsrc/www/firefox/patches/patch-servo_components_script_dom_websocket.rs \ pkgsrc/www/firefox/patches/patch-servo_components_script_dom_window.rs \ pkgsrc/www/firefox/patches/patch-servo_components_selectors_attr.rs \ pkgsrc/www/firefox/patches/patch-servo_components_style__traits_viewport.rs \ pkgsrc/www/firefox/patches/patch-servo_components_style_attr.rs \ pkgsrc/www/firefox/patches/patch-servo_components_style_counter__style_mod.rs \ pkgsrc/www/firefox/patches/patch-servo_components_style_custom__properties.rs \ pkgsrc/www/firefox/patches/patch-servo_components_style_gecko__string__cache_mod.rs \ pkgsrc/www/firefox/patches/patch-servo_components_style_gecko_generated_pseudo__element__definition.rs \ pkgsrc/www/firefox/patches/patch-servo_components_style_gecko_pseudo__element__definition.mako.rs \ pkgsrc/www/firefox/patches/patch-servo_components_style_properties_longhand_font.mako.rs \ pkgsrc/www/firefox/patches/patch-servo_components_style_properties_longhand_pointing.mako.rs \ pkgsrc/www/firefox/patches/patch-servo_components_style_servo_selector__parser.rs \ pkgsrc/www/firefox/patches/patch-servo_components_style_str.rs \ pkgsrc/www/firefox/patches/patch-servo_components_style_stylesheets_viewport__rule.rs \ pkgsrc/www/firefox/patches/patch-servo_components_style_values_mod.rs \ pkgsrc/www/firefox/patches/patch-servo_components_style_values_specified_align.rs \ pkgsrc/www/firefox/patches/patch-servo_components_style_values_specified_angle.rs \ pkgsrc/www/firefox/patches/patch-servo_components_style_values_specified_calc.rs \ pkgsrc/www/firefox/patches/patch-servo_components_style_values_specified_grid.rs \ pkgsrc/www/firefox/patches/patch-servo_components_style_values_specified_length.rs \ pkgsrc/www/firefox/patches/patch-servo_components_style_values_specified_mod.rs \ pkgsrc/www/firefox/patches/patch-servo_components_style_values_specified_percentage.rs \ pkgsrc/www/firefox/patches/patch-servo_components_style_values_specified_text.rs \ pkgsrc/www/firefox/patches/patch-servo_components_style_values_specified_time.rs cvs rdiff -u -r0 -r1.3 \ pkgsrc/www/firefox/patches/patch-third__party_python_futures_concurrent_futures_process.py cvs rdiff -u -r1.3 -r1.4 \ pkgsrc/www/firefox/patches/patch-toolkit_components_protobuf_src_google_protobuf_stubs_atomicops.h cvs rdiff -u -r1.8 -r1.9 \ pkgsrc/www/firefox/patches/patch-toolkit_moz.configure ------------------------------------------------------------------- Module Name: pkgsrc Committed By: ryoon Date: Wed Jan 24 16:54:05 UTC 2018 Modified Files: pkgsrc/www/firefox-l10n: Makefile PLIST distinfo Log Message: Update to 58.0 * Sync with www/firefox-58.0 * Add ne-NP locale To generate a diff of this commit: cvs rdiff -u -r1.118 -r1.119 pkgsrc/www/firefox-l10n/Makefile cvs rdiff -u -r1.57 -r1.58 pkgsrc/www/firefox-l10n/PLIST cvs rdiff -u -r1.109 -r1.110 pkgsrc/www/firefox-l10n/distinfo ------------------------------------------------------------------- Module Name: pkgsrc Committed By: ryoon Date: Mon Jan 29 15:22:54 UTC 2018 Modified Files: pkgsrc/www/firefox-l10n: Makefile PLIST Log Message: Previous revison does not work. Install xpi files instead. Bump PKGREVISION To generate a diff of this commit: cvs rdiff -u -r1.119 -r1.120 pkgsrc/www/firefox-l10n/Makefile cvs rdiff -u -r1.58 -r1.59 pkgsrc/www/firefox-l10n/PLIST @ text @a0 16 $NetBSD$ --- ipc/glue/MessageChannel.cpp.orig 2018-01-11 20:17:05.000000000 +0000 +++ ipc/glue/MessageChannel.cpp @@@@ -686,6 +686,11 @@@@ MessageChannel::WillDestroyCurrentMessag mWorkerLoop = nullptr; } +#if defined(_LIBCPP_VERSION) && _LIBCPP_VERSION < 4000 +// Work around UB in __tree crashing mPendingPromises.clear() +// http://llvm.org/viewvc/llvm-project?view=revision&revision=276003 +[[clang::optnone]] +#endif void MessageChannel::Clear() { @