head 1.9;
access;
symbols
pkgsrc-2016Q4:1.8.0.6
pkgsrc-2016Q4-base:1.8
pkgsrc-2016Q3:1.8.0.4
pkgsrc-2016Q3-base:1.8
pkgsrc-2016Q2:1.8.0.2
pkgsrc-2016Q2-base:1.8
pkgsrc-2016Q1:1.7.0.16
pkgsrc-2016Q1-base:1.7
pkgsrc-2015Q4:1.7.0.14
pkgsrc-2015Q4-base:1.7
pkgsrc-2015Q3:1.7.0.12
pkgsrc-2015Q3-base:1.7
pkgsrc-2015Q2:1.7.0.10
pkgsrc-2015Q2-base:1.7
pkgsrc-2015Q1:1.7.0.8
pkgsrc-2015Q1-base:1.7
pkgsrc-2014Q4:1.7.0.6
pkgsrc-2014Q4-base:1.7
pkgsrc-2014Q3:1.7.0.4
pkgsrc-2014Q3-base:1.7
pkgsrc-2014Q2:1.7.0.2
pkgsrc-2014Q2-base:1.7
pkgsrc-2014Q1:1.6.0.2
pkgsrc-2014Q1-base:1.6
pkgsrc-2013Q4:1.4.0.2
pkgsrc-2013Q4-base:1.4
pkgsrc-2013Q3:1.2.0.2
pkgsrc-2013Q3-base:1.2
pkgsrc-2013Q2:1.1.0.2
pkgsrc-2013Q2-base:1.1;
locks; strict;
comment @// @;
1.9
date 2017.03.07.20.45.43; author ryoon; state dead;
branches;
next 1.8;
commitid cj2gfa0XmazzZEIz;
1.8
date 2016.06.16.12.08.21; author ryoon; state Exp;
branches;
next 1.7;
commitid LAwegbTYgLLjCGaz;
1.7
date 2014.04.30.15.07.18; author ryoon; state Exp;
branches;
next 1.6;
commitid BxErbE5mH8g3CIyx;
1.6
date 2014.02.20.13.19.03; author ryoon; state Exp;
branches;
next 1.5;
commitid T9GvdtUIEdEreQpx;
1.5
date 2014.02.08.09.36.00; author ryoon; state Exp;
branches;
next 1.4;
commitid ggxuC0XAcatWnhox;
1.4
date 2013.12.15.13.54.37; author ryoon; state Exp;
branches;
next 1.3;
commitid Vw2sJulZRCraAehx;
1.3
date 2013.11.02.22.57.55; author ryoon; state Exp;
branches;
next 1.2;
commitid M2FbcKK4JD2lYKbx;
1.2
date 2013.09.19.12.37.50; author ryoon; state Exp;
branches;
next 1.1;
commitid hXNFeA0U06W4X26x;
1.1
date 2013.06.21.23.11.42; author ryoon; state Exp;
branches;
next ;
commitid Gkw1wozLMBI0mxUw;
desc
@@
1.9
log
@Update to 52.0
* Switch to GTK3 build
* Remove py-sqlite2 dependency, fix PR pkg/52032
Changelog:
New
Added support for WebAssembly, an emerging standard that brings near-native performance to Web-based games, apps, and software libraries without the use of plugins.
Added automatic captive portal detection, for easier access to Wi-Fi hotspots. When accessing the Internet via a captive portal, Firefox will alert users and open the portal login page in a new tab.
Added user warnings for non-secure HTTP pages with logins. Firefox now displays a "This connection is not secure" message when users click into the username and password fields on pages that don't use HTTPS.
Implemented the Strict Secure Cookies specification which forbids insecure HTTP sites from setting cookies with the "secure" attribute. In some cases, this will prevent an insecure site from setting a cookie with the same name as an existing "secure" cookie from the same base domain.
Enhanced Sync to allow users to send and open tabs from one device to another.
Fixed
Various security fixes
Improved text input for third-party keyboard layouts on Windows. This will address some keyboard layouts that
* have chained dead keys
* input two or more characters with a non-printable key or a dead key sequence
* input a character even when a dead key sequence failed to compose a character
Changed
Removed support for Netscape Plugin API (NPAPI) plugins other than Flash. Silverlight, Java, Acrobat and the like are no longer supported.
Removed Battery Status API to reduce fingerprinting of users by trackers
Improved experience for downloads:
* Notification in the toolbar when a download fails
* Quick access to five most recent downloads rather than three
* Larger buttons for canceling and restarting downloads
Display (but allow users to override) an "Untrusted Connection" error when encountering SHA-1 certificates that chain up to a root certificate included in Mozilla's CA Certificate Program. (Note: Firefox continues to permit SHA-1 certificates that chain to manually imported root certificates.) Read more about the Mozilla Security Team's plans to deprecate SHA-1
Migrated Firefox users on Windows XP and Windows Vista operating systems to the extended support release (ESR) version of Firefox.
When not using Direct2D on Windows, Skia is used for content rendering
Developer
Enabled CSS Grid Layout, opening up a world of new possibilities for graphic design
Redesigned Responsive Design Mode to include device selection, network throttling, and more
Improved security for screen sharing, which now shows a preview and no longer requires a whitelisted domain
unresolved
Google Hangouts temporarily won't work
Security fixes:
#CVE-2017-5400: asm.js JIT-spray bypass of ASLR and DEP
#CVE-2017-5401: Memory Corruption when handling ErrorResult
#CVE-2017-5402: Use-after-free working with events in FontFace objects
#CVE-2017-5403: Use-after-free using addRange to add range to an incorrect root object
#CVE-2017-5404: Use-after-free working with ranges in selections
#CVE-2017-5406: Segmentation fault in Skia with canvas operations
#CVE-2017-5407: Pixel and history stealing via floating-point timing side channel with SVG filters
#CVE-2017-5410: Memory corruption during JavaScript garbage collection incremental sweeping
#CVE-2017-5411: Use-after-free in Buffer Storage in libGLES
#CVE-2017-5409: File deletion via callback parameter in Mozilla Windows Updater and Maintenance Service
#CVE-2017-5408: Cross-origin reading of video captions in violation of CORS
#CVE-2017-5412: Buffer overflow read in SVG filters
#CVE-2017-5413: Segmentation fault during bidirectional operations
#CVE-2017-5414: File picker can choose incorrect default directory
#CVE-2017-5415: Addressbar spoofing through blob URL
#CVE-2017-5416: Null dereference crash in HttpChannel
#CVE-2017-5417: Addressbar spoofing by draging and dropping URLs
#CVE-2017-5425: Overly permissive Gecko Media Plugin sandbox regular expression access
#CVE-2017-5426: Gecko Media Plugin sandbox is not started if seccomp-bpf filter is running
#CVE-2017-5427: Non-existent chrome.manifest file loaded during startup
#CVE-2017-5418: Out of bounds read when parsing HTTP digest authorization responses
#CVE-2017-5419: Repeated authentication prompts lead to DOS attack
#CVE-2017-5420: Javascript: URLs can obfuscate addressbar location
#CVE-2017-5405: FTP response codes can cause use of uninitialized values for ports
#CVE-2017-5421: Print preview spoofing
#CVE-2017-5422: DOS attack by using view-source: protocol repeatedly in one hyperlink
#CVE-2017-5399: Memory safety bugs fixed in Firefox 52
#CVE-2017-5398: Memory safety bugs fixed in Firefox 52 and Firefox ESR 45.8
@
text
@$NetBSD: patch-js__src__vm__SPSProfiler.cpp,v 1.8 2016/06/16 12:08:21 ryoon Exp $
Unclear fallout from our version of bug 840242, attachment v1: some architectures
fail to link if we do not add the inlines here - might be compiler/arch specific.
--- js/src/vm/SPSProfiler.cpp.orig 2014-04-18 02:03:21.000000000 +0000
+++ js/src/vm/SPSProfiler.cpp
@@@@ -4,6 +4,8 @@@@
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+#include "jscntxtinlines.h"
+
#include "vm/SPSProfiler.h"
#include "mozilla/DebugOnly.h"
@
1.8
log
@Update to 47.0
* Remove macOS patches, because I cannot confirm them sadly
Changelog:
New
Support for Google’s Widevine CDM on Windows and Mac OS X so streaming services like Amazon Video can switch from Silverlight to encrypted HTML5 video.
Enable VP9 video codec for users with fast machines
Embedded YouTube videos now play with HTML5 video if Flash is not installed.
View and search open tabs from your smartphone or another computer in a sidebar
Allow no-cache on back/forward navigations for https resources
Latgalu [ltg] locale added. Wikipedia tells us there are 164,500 daily speakers.
Fixed
Various security fixes
Changed
FUEL (Firefox User Extension Library) has been removed. Add-ons relying on it will stop working.
The browser.sessionstore.restore_on_demand preference has been reset to its default value (true) to avoid e10s performance problems. Because faster is better!
The Firefox click-to-activate plugin whitelist has been removed.
XRender is no longer used for rendering web content on Linux as this may cause a regression in remote X performance
Developer
Web platform changes
View, start,and debug registered Service Workers in the Service Workers developer tool
Simulate Push messages in the Service Workers developer tool
'Start' button for service workers in about:debugging to start registered Service Workers
Changes that can affect add-on compatibility
Added support for ChaCha20/Poly1305 cipher suites
Custom user agents supported in Responsive Design Mode
Smart multi-line input in the Web Console
Developer Information
HTML5
cuechange events are now available on TextTrack objects
WebCrypto: PBKDF2 supports SHA-2 hash algorithms
WebCrypto: RSA-PSS signature support
Fixed in Firefox 47
2016-61 Network Security Services (NSS) vulnerabilities
2016-60 Java applets bypass CSP protections
2016-59 Information disclosure of disabled plugins through CSS pseudo-classes
2016-58 Entering fullscreen and persistent pointerlock without user permission
2016-57 Incorrect icon displayed on permissions notifications
2016-56 Use-after-free when textures are used in WebGL operations after recycle pool destruction
2016-55 File overwrite and privilege escalation through Mozilla Windows updater
2016-54 Partial same-origin-policy through setting location.host through data URI
2016-53 Out-of-bounds write with WebGL shader
2016-52 Addressbar spoofing though the SELECT element
2016-51 Use-after-free deleting tables from a contenteditable document
2016-50 Buffer overflow parsing HTML5 fragments
2016-49 Miscellaneous memory safety hazards (rv:47.0 / rv:45.2)
@
text
@d1 1
a1 1
$NetBSD: patch-js__src__vm__SPSProfiler.cpp,v 1.7 2014/04/30 15:07:18 ryoon Exp $
@
1.7
log
@Update to 29.0
* Restore html5 audio playback under NetBSD
Changelog:
New
Significant new customization mode makes it easy to personalize your Web experience to access the features you use the most (learn more)
New
A new, easy to access menu sits in the right hand corner of Firefox and includes popular browser controls
New
Sleek new tabs provide an overall smoother look and fade into the background when not active
New
An interactive onboarding tour to guide users through the new Firefox changes
New
The ability to set up Firefox Sync by creating a Firefox account (learn more)
New
Gamepad API finalized and enabled (learn more)
New
HTTPS used for Yahoo Searches performed in en-US locale
New
Malay [ma] locale added
Changed
Clicking on a W3C Web Notification will switch to the originating tab
Developer
'box-sizing' (dropping the -moz- prefix) implemented (learn more)
Developer
Console object available in Web Workers (learn more)
Developer
Promises enabled by default (learn more)
Developer
SharedWorker enabled by default
Developer
implemented and enabled
Developer
implemented and enabled
Developer
Enabled ECMAScript Internationalization API
Developer
Add-on bar has been removed, content moved to navigation bar
Developer
Implemented URLSearchParams from the URL specification (see MDN for details )
Fixed
Various security fixes
Fixed in Firefox 29
MFSA 2014-47 Debugger can bypass XrayWrappers with JavaScript
MFSA 2014-46 Use-after-free in nsHostResolve
MFSA 2014-45 Incorrect IDNA domain name matching for wildcard certificates
MFSA 2014-44 Use-after-free in imgLoader while resizing images
MFSA 2014-43 Cross-site scripting (XSS) using history navigations
MFSA 2014-42 Privilege escalation through Web Notification API
MFSA 2014-41 Out-of-bounds write in Cairo
MFSA 2014-40 Firefox for Android addressbar suppression
MFSA 2014-39 Use-after-free in the Text Track Manager for HTML video
MFSA 2014-38 Buffer overflow when using non-XBL object as XBL
MFSA 2014-37 Out of bounds read while decoding JPG images
MFSA 2014-36 Web Audio memory corruption issues
MFSA 2014-35 Privilege escalation through Mozilla Maintenance Service Installer
MFSA 2014-34 Miscellaneous memory safety hazards (rv:29.0 / rv:24.5)
@
text
@d1 1
a1 1
$NetBSD: patch-js__src__vm__SPSProfiler.cpp,v 1.6 2014/02/20 13:19:03 ryoon Exp $
a5 1
@
1.6
log
@Update to 27.0.1
* Fix some syscall definitions in JavaScript are fixed.
Thank you, tho@@.
Changelog:
FIXED
27.0.1 - Fixed stability issues with Greasemonkey and other JS that used ClearTimeoutOrInterval
FIXED
27.0.1 - JS math correctness issue (bug 941381
@
text
@d1 1
a1 1
$NetBSD: patch-js__src__vm__SPSProfiler.cpp,v 1.4 2013/12/15 13:54:37 ryoon Exp $
d7 1
a7 1
--- js/src/vm/SPSProfiler.cpp.orig 2013-12-05 16:07:40.000000000 +0000
d9 1
a9 1
@@@@ -4,12 +4,15 @@@@
a17 7
#include "jsnum.h"
#include "jsscript.h"
+#include "jscntxtinlines.h"
#include "jit/BaselineJIT.h"
#include "vm/StringBuffer.h"
@
1.5
log
@Update to 27.0
Changelog:
NEW
You can now run more than one service at a time with Firefox SocialAPI, allowing you to receive notifications, chat and more from multiple integrated services
CHANGED
Enabled TLS 1.1 (RFC 4346) and TLS 1.2 (RFC 5246) by default
CHANGED
Added support for SPDY 3.1 protocol
DEVELOPER
Ability to reset style sheets using 'all:unset'
DEVELOPER
You can now choose to deobfuscate javascript in the debugger (see 762761)
DEVELOPER
Added support for scrolled fieldsets (see 261037)
DEVELOPER
Implemented allow-popups directive for iframe sandbox, enabling increased security (see 766282)
DEVELOPER
CSS cursor keywords -moz-grab and -moz-grabbing have been unprefixed (see 880672)
DEVELOPER
Added support for ES6 generators in SpiderMonkey (see blog post)
DEVELOPER
Implemented support for mathematical function Math.hypot() in ES6 (see 896264)
HTML5
Dashed line support on Canvas (see 768067)
FIXED
Get Azure/Skia content rendering working on Linux (see 740200)
FIXED
27.0: Security fixes can be found here
Fixed in Firefox 27
MFSA 2014-13 Inconsistent JavaScript handling of access to Window objects
MFSA 2014-12 NSS ticket handling issues
MFSA 2014-11 Crash when using web workers with asm.js
MFSA 2014-10 Firefox default start page UI content invokable by script
MFSA 2014-09 Cross-origin information leak through web workers
MFSA 2014-08 Use-after-free with imgRequestProxy and image proccessing
MFSA 2014-07 XSLT stylesheets treated as styles in Content Security Policy
MFSA 2014-06 Profile path leaks to Android system log
MFSA 2014-05 Information disclosure with *FromPoint on iframes
MFSA 2014-04 Incorrect use of discarded images by RasterImage
MFSA 2014-03 UI selection timeout missing on download prompts
MFSA 2014-02 Clone protected content with XBL scopes
MFSA 2014-01 Miscellaneous memory safety hazards (rv:27.0 / rv:24.3)
@
text
@d7 1
a7 1
--- js/src/vm/SPSProfiler.cpp.orig 2014-01-28 04:03:48.000000000 +0000
@
1.4
log
@Update to 26.0
* Build outside WRKSRC, fix build
Changelog:
NEW
All Java plug-ins are defaulted to 'click to play'
NEW
Password manager now supports script-generated password fields
NEW
Updates can now be performed by Windows users without write permissions to Firefox install directory (requires Mozilla Maintenance Service)
NEW
Support for H.264 on Linux if the appropriate gstreamer plug-ins are installed
CHANGED
Support for MP3 decoding on Windows XP, completing MP3 support across Windows OS versions
CHANGED
CSP implementation now supports multiple policies, including the case of both an enforced and Report-Only policy, per the spec
DEVELOPER
Social API now supports Social Bookmarking for multiple providers through its SocialMarks functionality (see MDN docs)
DEVELOPER
Math.ToFloat32 takes a JS value and converts it to a Float32, whenever possible
DEVELOPER
There is no longer a prompt when websites use appcache
DEVELOPER
Support for the CSS image orientation property
DEVELOPER
New App Manager allows you to deploy and debug HTML5 webapps on Firefox OS phones and the Firefox OS Simulator
DEVELOPER
IndexedDB can now be used as a "optimistic" storage area so it doesn't require any prompts and data is stored in a pool with LRU eviction policy, in short temporary storage
FIXED
When displaying a standalone image, Firefox matches the EXIF orientation information contained within the JPEG image (298619)
FIXED
Text Rendering Issues on Windows 7 with Platform Update KB2670838 (MSIE 10 Prerequisite) or on Windows 8.1 (812695)
FIXED
Improved page load times due to no longer decoding images that aren't visible (847223)
FIXED
AudioToolbox MP3 backend for OSX (914479)
FIXED
Various security fixes
Fixed in Firefox 26
MFSA 2013-117 Mis-issued ANSSI/DCSSI certificate
MFSA 2013-116 JPEG information leak
MFSA 2013-115 GetElementIC typed array stubs can be generated outside observed typesets
MFSA 2013-114 Use-after-free in synthetic mouse movement
MFSA 2013-113 Trust settings for built-in roots ignored during EV certificate validation
MFSA 2013-112 Linux clipboard information disclosure though selection paste
MFSA 2013-111 Segmentation violation when replacing ordered list elements
MFSA 2013-110 Potential overflow in JavaScript binary search algorithms
MFSA 2013-109 Use-after-free during Table Editing
MFSA 2013-108 Use-after-free in event listeners
MFSA 2013-107 Sandbox restrictions not applied to nested object elements
MFSA 2013-106 Character encoding cross-origin XSS attack
MFSA 2013-105 Application Installation doorhanger persists on navigation
MFSA 2013-104 Miscellaneous memory safety hazards (rv:26.0 / rv:24.2)
@
text
@d1 1
a1 1
$NetBSD: patch-js__src__vm__SPSProfiler.cpp,v 1.3 2013/11/02 22:57:55 ryoon Exp $
d7 1
a7 1
--- js/src/vm/SPSProfiler.cpp.orig 2013-12-05 16:07:40.000000000 +0000
@
1.3
log
@Update to 25.0
* Enable pulseaudio by default, OSS support is dropped, and ALSA support
on NetBSD does not work properly for me
* Enable GStremer support for non-webm and non-theora video support
* Create alsa option, and enabled on Linux by default
Changelog:
NEW
Web Audio support
NEW
The find bar is no longer shared between tabs
CHANGED
If away from Firefox for months, you now will be offered the option to reset it to its default state while preserving your essential information
CHANGED
Resetting Firefox no longer clears your browsing session
DEVELOPER
CSS3 background-attachment:local support to control background scrolling
DEVELOPER
Many new ES6 functions implemented
HTML5
iframe document content can now be specified inline
FIXED
Blank or missing page thumbnails when opening a new tab
FIXED
Security fixes can be found here
Fixed in Firefox 25
MFSA 2013-102 Use-after-free in HTML document templates
MFSA 2013-101 Memory corruption in workers
MFSA 2013-100 Miscellaneous use-after-free issues found through ASAN fuzzing
MFSA 2013-99 Security bypass of PDF.js checks using iframes
MFSA 2013-98 Use-after-free when updating offline cache
MFSA 2013-97 Writing to cycle collected object during image decoding
MFSA 2013-96 Improperly initialized memory and overflows in some JavaScript functions
MFSA 2013-95 Access violation with XSLT and uninitialized data
MFSA 2013-94 Spoofing addressbar though SELECT element
MFSA 2013-93 Miscellaneous memory safety hazards (rv:25.0 / rv:24.1 / rv:17.0.10)
@
text
@d1 1
a1 1
$NetBSD: patch-js__src__vm__SPSProfiler.cpp,v 1.2 2013/09/19 12:37:50 ryoon Exp $
d7 1
a7 1
--- js/src/vm/SPSProfiler.cpp.orig 2013-10-25 22:27:26.000000000 +0000
d9 9
a17 1
@@@@ -10,6 +10,7 @@@@
@
1.2
log
@Update to 24.0, ESR edition.
* Merge some patches via FreeBSD ports.
* Tested on NetBSD/amd64 6.99.23 and DragonFly/amd64 3.4.1.
* Use system hunspell dictionaries.
* DuckDuckGo search window.
* Enable system icu support.
Changelog:
NEW
Support for new scrollbar style in Mac OS X 10.7 and newer
NEW
Implemented Close tabs to the right
NEW
Social: Ability to tear-off chat windows to view separately by simply dragging them out
CHANGED
Accessibility related improvements on using pinned tabs (see 577727)
CHANGED
Removed support for Revocation Lists feature (see 867465)
CHANGED
Performance improvements on New Tab Page loads (see 791670)
DEVELOPER
Major SVG rendering improvements around Image tiling and scaling (see 600207 )
DEVELOPER
Improved and unified Browser console for enhanced debugging experience, replacing existing Error console
DEVELOPER
Removed support for sherlock files that are loaded from application or profile directory
FIXED
Replace fixed-ratio audio resampler in webrtc.org capture code with Speex resampler and eliminate pseudo-44000Hz rate ( see 886886)
FIXED
24.0: Security fixes can be found here
Fixed in Firefox 24
MFSA 2013-92 GC hazard with default compartments and frame chain restoration
MFSA 2013-91 User-defined properties on DOM proxies get the wrong "this" object
MFSA 2013-90 Memory corruption involving scrolling
MFSA 2013-89 Buffer overflow with multi-column, lists, and floats
MFSA 2013-88 compartment mismatch re-attaching XBL-backed nodes
MFSA 2013-87 Shared object library loading from writable location
MFSA 2013-86 WebGL Information disclosure through OS X NVIDIA graphic drivers
MFSA 2013-85 Uninitialized data in IonMonkey
MFSA 2013-84 Same-origin bypass through symbolic links
MFSA 2013-83 Mozilla Updater does not lock MAR file after signature verification
MFSA 2013-82 Calling scope for new Javascript objects can lead to memory corruption
MFSA 2013-81 Use-after-free with select element
MFSA 2013-80 NativeKey continues handling key messages after widget is destroyed
MFSA 2013-79 Use-after-free in Animation Manager during stylesheet cloning
MFSA 2013-78 Integer overflow in ANGLE library
MFSA 2013-77 Improper state in HTML5 Tree Builder with templates
MFSA 2013-76 Miscellaneous memory safety hazards (rv:24.0 / rv:17.0.9)
@
text
@d1 1
a1 1
$NetBSD: patch-js__src__vm__SPSProfiler.cpp,v 1.1 2013/06/21 23:11:42 ryoon Exp $
d7 1
a7 1
--- js/src/vm/SPSProfiler.cpp.orig 2013-09-10 03:43:39.000000000 +0000
d9 1
a9 1
@@@@ -8,6 +8,7 @@@@
d15 1
a15 1
#include "vm/SPSProfiler.h"
@
1.1
log
@Bump PKGREVISION.
* Add NetBSD/sparc64 support from martin@@.
Almost all functionalities work fine, but https handling.
* Enable system jpeg support. This is accidentally disabled.
@
text
@d1 1
a1 1
$NetBSD$
d7 3
a9 3
--- js/src/vm/SPSProfiler.cpp.orig 2013-05-11 21:19:36.000000000 +0200
+++ js/src/vm/SPSProfiler.cpp 2013-06-15 11:49:39.000000000 +0200
@@@@ -9,6 +9,7 @@@@
d15 2
a16 2
#include "methodjit/MethodJIT.h"
#include "methodjit/Compiler.h"
@