head 1.6; access; symbols pkgsrc-2016Q2:1.5.0.2 pkgsrc-2016Q2-base:1.5 pkgsrc-2016Q1:1.4.0.18 pkgsrc-2016Q1-base:1.4 pkgsrc-2015Q4:1.4.0.16 pkgsrc-2015Q4-base:1.4 pkgsrc-2015Q3:1.4.0.14 pkgsrc-2015Q3-base:1.4 pkgsrc-2015Q2:1.4.0.12 pkgsrc-2015Q2-base:1.4 pkgsrc-2015Q1:1.4.0.10 pkgsrc-2015Q1-base:1.4 pkgsrc-2014Q4:1.4.0.8 pkgsrc-2014Q4-base:1.4 pkgsrc-2014Q3:1.4.0.6 pkgsrc-2014Q3-base:1.4 pkgsrc-2014Q2:1.4.0.4 pkgsrc-2014Q2-base:1.4 pkgsrc-2014Q1:1.4.0.2 pkgsrc-2014Q1-base:1.4 pkgsrc-2013Q4:1.2.0.4 pkgsrc-2013Q4-base:1.2 pkgsrc-2013Q3:1.2.0.2 pkgsrc-2013Q3-base:1.2; locks; strict; comment @// @; 1.6 date 2016.08.06.08.46.59; author ryoon; state dead; branches; next 1.5; commitid E1GJBeRJuobrRdhz; 1.5 date 2016.06.16.12.08.21; author ryoon; state Exp; branches; next 1.4; commitid LAwegbTYgLLjCGaz; 1.4 date 2014.02.20.13.19.03; author ryoon; state Exp; branches; next 1.3; commitid T9GvdtUIEdEreQpx; 1.3 date 2014.02.08.09.36.00; author ryoon; state Exp; branches; next 1.2; commitid ggxuC0XAcatWnhox; 1.2 date 2013.09.19.12.37.50; author ryoon; state Exp; branches; next 1.1; commitid hXNFeA0U06W4X26x; 1.1 date 2013.07.17.11.00.13; author jperkin; state Exp; branches; next ; commitid ChOTp6rsavaYsOXw; desc @@ 1.6 log @Update to 48.0 * OSS audio support may not work. I will revisit later Changelog: New: Roar for moar protection against harmful downloads! We've got your back Process separation (e10s) is enabled for some of you. Like it? Let us know and we'll roll it out to more. Add-ons that have not been verified and signed by Mozilla will not load GNU/Linux fans: Get better Canvas performance with speedy Skia support. Try saying that three times fast WebRTC embetterments: Delay-agnostic AEC enabled Full duplex for GNU/Linux enabled ICE Restart & Update is supported Cloning of MediaStream and MediaStreamTrack is now supported Searching for something already in your bookmarks or open tabs? We added super smart icons to let you know Windows folks: Tab (move buttons) and Shift+F10 (pop-up menus) now behave as they should in Firefox customization mode The media parser has been redeveloped using the Rust programming language Windows 7 systems without Platform Update can now use D3D11 WARP Fixed: Various security fixes Heyo, Jabra & Logitech C920 webcam users. We fixed those pesky WebRTC bugs causing frequency distortions. Buh-bye, squeaky voice! Improved step debugging on last line of functions Changed: Starting with the Firefox version 49 release, so long to support for 10.6, 10.7 and 10.8. Now we can focus on where most Mac users are: 10.9. Don't forget to upgrade! After version 48, SSE2 CPU extensions are going to be required on Windows Au revoir to Windows Remote Access Service modem Autodial Developer: WebExtensions support is now considered as stable Workers can now use the Web Crypto API Want to move absolute & fixed positioned elements? (Who doesn't, right?) Now you can with our geometry editor. The memory tool now has a tree map view for your debugging pleasure. It's a little bit of "boo" and a whole lot of "ya." We're putting the spotlight on the background. Now you can debug WebExtensions background content scripts and background pages Content Security Policy (CSP) is now enforced for WebExtensions. (Who's down with CSP?) Old and busted: Error Console. New hotness: Browser Console for your debugging pleasure. Add-on development just got easier because you can reload them from about:debugging — because we're all about debugging. This theme is hot, hot, hot! Say hi to the Firebug theme for Developer Tools. Expand network requests from the console panel to view request details in line, so you can see things in context Fixed in Firefox 48: 2016-84 Information disclosure through Resource Timing API during page navigation 2016-83 Spoofing attack through text injection into internal error pages 2016-82 Addressbar spoofing with right-to-left characters on Firefox for Android 2016-81 Information disclosure and local file manipulation through drag and drop 2016-80 Same-origin policy violation using local HTML file and saved shortcut file 2016-79 Use-after-free when applying SVG effects 2016-78 Type confusion in display transformation 2016-77 Buffer overflow in ClearKey Content Decryption Module (CDM) during video playback 2016-76 Scripts on marquee tag can execute in sandboxed iframes 2016-75 Integer overflow in WebSockets during data buffering 2016-74 Form input type change from password to text can store plain text password in session restore file 2016-73 Use-after-free in service workers with nested sync events 2016-72 Use-after-free in DTLS during WebRTC session shutdown 2016-71 Crash in incremental garbage collection in JavaScript 2016-70 Use-after-free when using alt key and toplevel menus 2016-69 Arbitrary file manipulation by local user through Mozilla updater and callback application path parameter 2016-68 Out-of-bounds read during XML parsing in Expat library 2016-67 Stack underflow during 2D graphics rendering 2016-66 Location bar spoofing via data URLs with malformed/invalid mediatypes 2016-65 Cairo rendering crash due to memory allocation issue with FFmpeg 0.10 2016-64 Buffer overflow rendering SVG with bidirectional content 2016-63 Favicon network connection can persist when page is closed 2016-62 Miscellaneous memory safety hazards (rv:48.0 / rv:45.3) @ text @$NetBSD: patch-js_src_jsmath.cpp,v 1.5 2016/06/16 12:08:21 ryoon Exp $ * Support Solaris --- js/src/jsmath.cpp.orig 2013-09-10 03:43:36.000000000 +0000 +++ js/src/jsmath.cpp @@@@ -244,7 +244,7 @@@@ js::ecmaAtan2(double y, double x) } #endif -#if defined(SOLARIS) && defined(__GNUC__) +#if defined(notSOLARIS) && defined(__GNUC__) if (y == 0) { if (IsNegativeZero(x)) return js_copysign(M_PI, y); @ 1.5 log @Update to 47.0 * Remove macOS patches, because I cannot confirm them sadly Changelog: New Support for Google’s Widevine CDM on Windows and Mac OS X so streaming services like Amazon Video can switch from Silverlight to encrypted HTML5 video. Enable VP9 video codec for users with fast machines Embedded YouTube videos now play with HTML5 video if Flash is not installed. View and search open tabs from your smartphone or another computer in a sidebar Allow no-cache on back/forward navigations for https resources Latgalu [ltg] locale added. Wikipedia tells us there are 164,500 daily speakers. Fixed Various security fixes Changed FUEL (Firefox User Extension Library) has been removed. Add-ons relying on it will stop working. The browser.sessionstore.restore_on_demand preference has been reset to its default value (true) to avoid e10s performance problems. Because faster is better! The Firefox click-to-activate plugin whitelist has been removed. XRender is no longer used for rendering web content on Linux as this may cause a regression in remote X performance Developer Web platform changes View, start,and debug registered Service Workers in the Service Workers developer tool Simulate Push messages in the Service Workers developer tool 'Start' button for service workers in about:debugging to start registered Service Workers Changes that can affect add-on compatibility Added support for ChaCha20/Poly1305 cipher suites Custom user agents supported in Responsive Design Mode Smart multi-line input in the Web Console Developer Information HTML5 cuechange events are now available on TextTrack objects WebCrypto: PBKDF2 supports SHA-2 hash algorithms WebCrypto: RSA-PSS signature support Fixed in Firefox 47 2016-61 Network Security Services (NSS) vulnerabilities 2016-60 Java applets bypass CSP protections 2016-59 Information disclosure of disabled plugins through CSS pseudo-classes 2016-58 Entering fullscreen and persistent pointerlock without user permission 2016-57 Incorrect icon displayed on permissions notifications 2016-56 Use-after-free when textures are used in WebGL operations after recycle pool destruction 2016-55 File overwrite and privilege escalation through Mozilla Windows updater 2016-54 Partial same-origin-policy through setting location.host through data URI 2016-53 Out-of-bounds write with WebGL shader 2016-52 Addressbar spoofing though the SELECT element 2016-51 Use-after-free deleting tables from a contenteditable document 2016-50 Buffer overflow parsing HTML5 fragments 2016-49 Miscellaneous memory safety hazards (rv:47.0 / rv:45.2) @ text @d1 1 a1 1 $NetBSD: patch-js_src_jsmath.cpp,v 1.4 2014/02/20 13:19:03 ryoon Exp $ @ 1.4 log @Update to 27.0.1 * Fix some syscall definitions in JavaScript are fixed. Thank you, tho@@. Changelog: FIXED 27.0.1 - Fixed stability issues with Greasemonkey and other JS that used ClearTimeoutOrInterval FIXED 27.0.1 - JS math correctness issue (bug 941381 @ text @d1 3 a3 1 $NetBSD: patch-js_src_jsmath.cpp,v 1.2 2013/09/19 12:37:50 ryoon Exp $ @ 1.3 log @Update to 27.0 Changelog: NEW You can now run more than one service at a time with Firefox SocialAPI, allowing you to receive notifications, chat and more from multiple integrated services CHANGED Enabled TLS 1.1 (RFC 4346) and TLS 1.2 (RFC 5246) by default CHANGED Added support for SPDY 3.1 protocol DEVELOPER Ability to reset style sheets using 'all:unset' DEVELOPER You can now choose to deobfuscate javascript in the debugger (see 762761) DEVELOPER Added support for scrolled fieldsets (see 261037) DEVELOPER Implemented allow-popups directive for iframe sandbox, enabling increased security (see 766282) DEVELOPER CSS cursor keywords -moz-grab and -moz-grabbing have been unprefixed (see 880672) DEVELOPER Added support for ES6 generators in SpiderMonkey (see blog post) DEVELOPER Implemented support for mathematical function Math.hypot() in ES6 (see 896264) HTML5 Dashed line support on Canvas (see 768067) FIXED Get Azure/Skia content rendering working on Linux (see 740200) FIXED 27.0: Security fixes can be found here Fixed in Firefox 27 MFSA 2014-13 Inconsistent JavaScript handling of access to Window objects MFSA 2014-12 NSS ticket handling issues MFSA 2014-11 Crash when using web workers with asm.js MFSA 2014-10 Firefox default start page UI content invokable by script MFSA 2014-09 Cross-origin information leak through web workers MFSA 2014-08 Use-after-free with imgRequestProxy and image proccessing MFSA 2014-07 XSLT stylesheets treated as styles in Content Security Policy MFSA 2014-06 Profile path leaks to Android system log MFSA 2014-05 Information disclosure with *FromPoint on iframes MFSA 2014-04 Incorrect use of discarded images by RasterImage MFSA 2014-03 UI selection timeout missing on download prompts MFSA 2014-02 Clone protected content with XBL scopes MFSA 2014-01 Miscellaneous memory safety hazards (rv:27.0 / rv:24.3) @ text @d3 1 a3 1 --- js/src/jsmath.cpp.orig 2014-01-28 04:03:46.000000000 +0000 d5 1 a5 1 @@@@ -277,7 +277,7 @@@@ js::ecmaAtan2(double y, double x) @ 1.2 log @Update to 24.0, ESR edition. * Merge some patches via FreeBSD ports. * Tested on NetBSD/amd64 6.99.23 and DragonFly/amd64 3.4.1. * Use system hunspell dictionaries. * DuckDuckGo search window. * Enable system icu support. Changelog: NEW Support for new scrollbar style in Mac OS X 10.7 and newer NEW Implemented Close tabs to the right NEW Social: Ability to tear-off chat windows to view separately by simply dragging them out CHANGED Accessibility related improvements on using pinned tabs (see 577727) CHANGED Removed support for Revocation Lists feature (see 867465) CHANGED Performance improvements on New Tab Page loads (see 791670) DEVELOPER Major SVG rendering improvements around Image tiling and scaling (see 600207 ) DEVELOPER Improved and unified Browser console for enhanced debugging experience, replacing existing Error console DEVELOPER Removed support for sherlock files that are loaded from application or profile directory FIXED Replace fixed-ratio audio resampler in webrtc.org capture code with Speex resampler and eliminate pseudo-44000Hz rate ( see 886886) FIXED 24.0: Security fixes can be found here Fixed in Firefox 24 MFSA 2013-92 GC hazard with default compartments and frame chain restoration MFSA 2013-91 User-defined properties on DOM proxies get the wrong "this" object MFSA 2013-90 Memory corruption involving scrolling MFSA 2013-89 Buffer overflow with multi-column, lists, and floats MFSA 2013-88 compartment mismatch re-attaching XBL-backed nodes MFSA 2013-87 Shared object library loading from writable location MFSA 2013-86 WebGL Information disclosure through OS X NVIDIA graphic drivers MFSA 2013-85 Uninitialized data in IonMonkey MFSA 2013-84 Same-origin bypass through symbolic links MFSA 2013-83 Mozilla Updater does not lock MAR file after signature verification MFSA 2013-82 Calling scope for new Javascript objects can lead to memory corruption MFSA 2013-81 Use-after-free with select element MFSA 2013-80 NativeKey continues handling key messages after widget is destroyed MFSA 2013-79 Use-after-free in Animation Manager during stylesheet cloning MFSA 2013-78 Integer overflow in ANGLE library MFSA 2013-77 Improper state in HTML5 Tree Builder with templates MFSA 2013-76 Miscellaneous memory safety hazards (rv:24.0 / rv:17.0.9) @ text @d1 1 a1 1 $NetBSD: patch-js_src_jsmath.cpp,v 1.1 2013/07/17 11:00:13 jperkin Exp $ d3 1 a3 1 --- js/src/jsmath.cpp.orig 2013-09-10 03:43:36.000000000 +0000 d5 1 a5 1 @@@@ -244,7 +244,7 @@@@ js::ecmaAtan2(double y, double x) @ 1.1 log @Add SunOS/x86 patchset. This produces a package, but the resulting firefox binary does not yet work correctly. @ text @d1 1 a1 1 $NetBSD$ d3 1 a3 1 --- js/src/jsmath.cpp.orig 2013-05-11 19:19:34.000000000 +0000 d5 1 a5 1 @@@@ -195,7 +195,7 @@@@ math_atan2_kernel(double x, double y) d11 3 a13 3 if (x == 0) { if (MOZ_DOUBLE_IS_NEGZERO(y)) return js_copysign(M_PI, x); @