head	1.4;
access;
symbols
	pkgsrc-2015Q3:1.3.0.4
	pkgsrc-2015Q3-base:1.3
	pkgsrc-2015Q2:1.3.0.2
	pkgsrc-2015Q2-base:1.3
	pkgsrc-2015Q1:1.2.0.2
	pkgsrc-2015Q1-base:1.2;
locks; strict;
comment	@// @;


1.4
date	2015.12.16.09.34.56;	author ryoon;	state dead;
branches;
next	1.3;
commitid	aMgpAzrWlYumE9Ny;

1.3
date	2015.05.12.22.48.54;	author ryoon;	state Exp;
branches;
next	1.2;
commitid	NJZg0HQjg2n73dly;

1.2
date	2015.02.19.21.33.22;	author ryoon;	state Exp;
branches;
next	1.1;
commitid	6X2fU9yCF6jHgFay;

1.1
date	2015.02.16.16.16.17;	author bad;	state Exp;
branches;
next	;
commitid	D1C7H4hKP4KvBfay;


desc
@@


1.4
log
@Update to 43.0

Changelog:
    New Private Browsing with Tracking Protection offers choice of blocking additional trackers
    New Improved API support for m4v video playback
    New Firefox 64-bit for Windows is now available via the Firefox download page
    New Users can choose search suggestions from the Awesome Bar
    New On-screen keyboard displayed on selecting input field on devices running Windows 8 or greater
    New Firefox Health Report has switched to use the same data collection mechanism as telemetry
    Developer Markup view shows indicators for pseudo-classes locked for elements
    Developer Bind F1 key to open the settings when the toolbox is focused
    Developer New 'Use in Console' context menu item in Inspector to store selected element in a temporary variable
    Developer Search button next to overridden CSS properties to find similar properties in the rules view
    Developer Ability to filter styles from their property names in the rules view
    Developer Stack traces are now shown for exceptions inside the console
    Developer Added ability to display server-side logs in the console
    Developer Ability to choose resolution for the GCLI screenshot command
    Developer Subresource integrity allows developers to make their sites more secure
    Developer Network requests in Console now link to Network panel instead of opening in a popup
    Developer Unprefixed 'hyphens' property is now supported
    Developer WebIDE now has a sidebar-based UI
    Developer The 'transform-origin' property is now supported on SVG elements
    Developer Animation inspector now displays animations in a timeline
    Developer Single-process mode is no longer supported for NPAPI plugins
    Fixed Eyedropper tool does not work as expected when page is zoomed
    Fixed Various security fixes

Fixed in Firefox 43
    2015-149 Cross-site reading attack through data and view-source URIs
    2015-148 Privilege escalation vulnerabilities in WebExtension APIs
    2015-147 Integer underflow and buffer overflow processing MP4 metadata in libstagefright
    2015-146 Integer overflow in MP4 playback in 64-bit versions
    2015-145 Underflow through code inspection
    2015-144 Buffer overflows found through code inspection
    2015-143 Linux file chooser crashes on malformed images due to flaws in Jasper library
    2015-142 DOS due to malformed frames in HTTP/2
    2015-141 Hash in data URI is incorrectly parsed
    2015-140 Cross-origin information leak through web workers error events
    2015-139 Integer overflow allocating extremely large textures
    2015-138 Use-after-free in WebRTC when datachannel is used after being destroyed
    2015-137 Firefox allows for control characters to be set in cookies
    2015-136 Same-origin policy violation using perfomance.getEntries and history navigation
    2015-135 Crash with JavaScript variable assignment with unboxed objects
    2015-134 Miscellaneous memory safety hazards (rv:43.0 / rv:38.5)
@
text
@$NetBSD: patch-js_src_jsapi.cpp,v 1.3 2015/05/12 22:48:54 ryoon Exp $

--- js/src/jsapi.cpp.orig	2015-04-29 21:11:46.000000000 +0000
+++ js/src/jsapi.cpp
@@@@ -115,7 +115,7 @@@@ using js::frontend::Parser;
 #define JS_ADDRESSOF_VA_LIST(ap) (&(ap))
 #endif
 
-bool
+JS_PUBLIC_API(bool)
 JS::CallArgs::requireAtLeast(JSContext* cx, const char* fnname, unsigned required) {
     if (length() < required) {
         char numArgsStr[40];
@


1.3
log
@Update to 38.0

Changelog:
New New tab-based preferences
New Ruby annotation support
New Base for the next ESR release.
Changed autocomplete=off is no longer supported for username/password fields
Changed URL parser avoids doing percent encoding when setting the Fragment part of the URL, and percent decoding when getting the Fragment in line with the URL spec
Changed RegExp.prototype.source now returns "(?:)" instead of the empty string for empty regular expressions
Changed Improved page load times via speculative connection warmup
HTML5 WebSocket now available in Web Workers
HTML5 BroadcastChannel API implemented
HTML5 Implemented srcset attribute and <picture> element for responsive images
HTML5 Implemented DOM3 Events KeyboardEvent.code
HTML5 Mac OS X: Implemented a subset of the Media Source Extensions (MSE) API to allow native HTML5 playback on YouTube
HTML5 Implemented Encrypted Media Extensions (EME) API to support encrypted HTML5 video/audio playback (Windows Vista or later only)
HTML5 Automatically download Adobe Primetime Content Decryption Module (CDM) for DRM playback through EME (Windows Vista or later only)
Developer Optimized-out variables are now visible in Debugger UI
Developer XMLHttpRequest logs in the web console are now visually labelled and can be filtered separately from regular network requests
Developer WebRTC now has multistream and renegotiation support
Developer copy command added to console
Fixed Various security fixes

Fixed in Firefox 38

    2015-58 Mozilla Windows updater can be run outside of application directory
    2015-57 Privilege escalation through IPC channel messages
    2015-56 Untrusted site hosting trusted page can intercept webchannel responses
    2015-55 Buffer overflow and out-of-bounds read while parsing MP4 video metadata
    2015-54 Buffer overflow when parsing compressed XML
    2015-53 Use-after-free due to Media Decoder Thread creation during shutdown
    2015-52 Sensitive URL encoded information written to Android logcat
    2015-51 Use-after-free during text processing with vertical text enabled
    2015-50 Out-of-bounds read and write in asm.js validation
    2015-49 Referrer policy ignored when links opened by middle-click and context menu
    2015-48 Buffer overflow with SVG content and CSS
    2015-47 Buffer overflow parsing H.264 video with Linux Gstreamer
    2015-46 Miscellaneous memory safety hazards (rv:38.0 / rv:31.7)
@
text
@d1 1
a1 1
$NetBSD$
@


1.2
log
@Fix debug build.
@
text
@d1 1
a1 1
$NetBSD: patch-js_src_jsapi.cpp,v 1.1 2015/02/16 16:16:17 bad Exp $
d3 1
a3 1
--- js/src/jsapi.cpp.orig	2015-01-23 06:00:01.000000000 +0000
d5 9
a13 18
@@@@ -236,7 +236,7 @@@@ JS_ConvertArgumentsVA(JSContext *cx, con
     assertSameCompartment(cx, args);
     required = true;
     while ((c = *format++) != '\0') {
-        if (isspace(c))
+        if (isspace(((unsigned char)c)))
             continue;
         if (c == '/') {
             required = false;
@@@@ -525,7 +525,7 @@@@ MessageParameterCount(const char *format
 {
     unsigned numfmtspecs = 0;
     for (const char *fmt = format; *fmt != '\0'; fmt++) {
-        if (*fmt == '{' && isdigit(fmt[1]))
+        if (*fmt == '{' && isdigit((unsigned char)fmt[1]))
             ++numfmtspecs;
     }
     return numfmtspecs;
@


1.1
log
@Re-enable -Werror=char-subscripts and fix the fallout in the code.
Per discussion with ryoon@@.
Bump PKGREVISION for this and the previous two commits.
@
text
@d1 1
a1 1
$NetBSD$
d4 2
a5 2
+++ js/src/jsapi.cpp	2015-02-05 12:13:20.000000000 +0000
@@@@ -236,7 +236,7 @@@@
d14 9
@