head 1.5;
access;
symbols
pkgsrc-2016Q1:1.4.0.6
pkgsrc-2016Q1-base:1.4
pkgsrc-2015Q4:1.4.0.4
pkgsrc-2015Q4-base:1.4
pkgsrc-2015Q3:1.4.0.2
pkgsrc-2015Q3-base:1.4
pkgsrc-2015Q2:1.3.0.2
pkgsrc-2015Q2-base:1.3
pkgsrc-2015Q1:1.2.0.2
pkgsrc-2015Q1-base:1.2;
locks; strict;
comment @// @;
1.5
date 2016.06.16.12.08.21; author ryoon; state dead;
branches;
next 1.4;
commitid LAwegbTYgLLjCGaz;
1.4
date 2015.07.03.10.25.40; author ryoon; state Exp;
branches;
next 1.3;
commitid yNqCmaHKVtcygPry;
1.3
date 2015.05.12.22.48.54; author ryoon; state Exp;
branches;
next 1.2;
commitid NJZg0HQjg2n73dly;
1.2
date 2015.02.19.21.33.22; author ryoon; state Exp;
branches;
next 1.1;
commitid 6X2fU9yCF6jHgFay;
1.1
date 2015.02.16.16.16.17; author bad; state Exp;
branches;
next ;
commitid D1C7H4hKP4KvBfay;
desc
@@
1.5
log
@Update to 47.0
* Remove macOS patches, because I cannot confirm them sadly
Changelog:
New
Support for Google’s Widevine CDM on Windows and Mac OS X so streaming services like Amazon Video can switch from Silverlight to encrypted HTML5 video.
Enable VP9 video codec for users with fast machines
Embedded YouTube videos now play with HTML5 video if Flash is not installed.
View and search open tabs from your smartphone or another computer in a sidebar
Allow no-cache on back/forward navigations for https resources
Latgalu [ltg] locale added. Wikipedia tells us there are 164,500 daily speakers.
Fixed
Various security fixes
Changed
FUEL (Firefox User Extension Library) has been removed. Add-ons relying on it will stop working.
The browser.sessionstore.restore_on_demand preference has been reset to its default value (true) to avoid e10s performance problems. Because faster is better!
The Firefox click-to-activate plugin whitelist has been removed.
XRender is no longer used for rendering web content on Linux as this may cause a regression in remote X performance
Developer
Web platform changes
View, start,and debug registered Service Workers in the Service Workers developer tool
Simulate Push messages in the Service Workers developer tool
'Start' button for service workers in about:debugging to start registered Service Workers
Changes that can affect add-on compatibility
Added support for ChaCha20/Poly1305 cipher suites
Custom user agents supported in Responsive Design Mode
Smart multi-line input in the Web Console
Developer Information
HTML5
cuechange events are now available on TextTrack objects
WebCrypto: PBKDF2 supports SHA-2 hash algorithms
WebCrypto: RSA-PSS signature support
Fixed in Firefox 47
2016-61 Network Security Services (NSS) vulnerabilities
2016-60 Java applets bypass CSP protections
2016-59 Information disclosure of disabled plugins through CSS pseudo-classes
2016-58 Entering fullscreen and persistent pointerlock without user permission
2016-57 Incorrect icon displayed on permissions notifications
2016-56 Use-after-free when textures are used in WebGL operations after recycle pool destruction
2016-55 File overwrite and privilege escalation through Mozilla Windows updater
2016-54 Partial same-origin-policy through setting location.host through data URI
2016-53 Out-of-bounds write with WebGL shader
2016-52 Addressbar spoofing though the SELECT element
2016-51 Use-after-free deleting tables from a contenteditable document
2016-50 Buffer overflow parsing HTML5 fragments
2016-49 Miscellaneous memory safety hazards (rv:47.0 / rv:45.2)
@
text
@$NetBSD: patch-js_src_shell_jsoptparse.cpp,v 1.4 2015/07/03 10:25:40 ryoon Exp $
--- js/src/shell/jsoptparse.cpp.orig 2015-06-18 20:55:32.000000000 +0000
+++ js/src/shell/jsoptparse.cpp
@@@@ -95,7 +95,7 @@@@ PrintParagraph(const char* text, unsigne
++it;
while (*it != '\0') {
- MOZ_ASSERT(!isspace(*it));
+ MOZ_ASSERT(!isspace((unsigned char)*it));
/* Delimit the current token. */
const char* limit = it;
@
1.4
log
@Update to 39.0
Changelog:
New Share Hello URLs with social networks
New Project Silk: Smoother animation and scrolling (Mac OS X)
New Support for 'switch' role in ARIA 1.1 (web accessibility)
New SafeBrowsing malware detection lookups enabled for downloads (Mac OS X and Linux)
New Support for new Unicode 8.0 skin tone emoji
Changed Removed support for insecure SSLv3 for network communications
Changed Disable use of RC4 except for temporarily whitelisted hosts
Changed The malware detection service for downloads now covers common Mac file types (Bug 1138721)
Changed of displaying dashed lines is improved (Mac OS X) (Bug 1123019)
HTML5 List-style-type now accepts a string value
HTML5 Enable the Fetch API for network requests from dedicated, shared and service workers
HTML5 Cascading of CSS transitions and animations now matches the current spec
HTML5 Implement allowing anticipation of a future connection without revealing any information
HTML5 Added support for CSS Scroll Snap Points
Developer Drag and drop enabled for nodes in Inspector markup view
Developer Webconsole input history persists even after closing the toolbox
Developer Cubic bezier tooltip now shows a gallery of timing-function presets for use with CSS animations
Developer localhost is now available offline for WebSocket connections
Fixed Improve performance for IPv6 fallback to IPv4
Fixed Fix incomplete downloads being marked as complete by detecting broken HTTP1.1 transfers
Fixed The Security state indicator on a page now correctly ignores loads caused by previous pages
Fixed Fixed an issue where a Hello conversation window would sometimes fail to open
Fixed A regression that could lead to Flash not displaying has been fixed
Fixed Update to NSS 3.19.2
Fixed Various security fixes
Fixed in Firefox 39
2015-71 NSS incorrectly permits skipping of ServerKeyExchange
2015-70 NSS accepts export-length DHE keys with regular DHE cipher suites
2015-69 Privilege escalation in PDF.js
2015-68 OS X crash reports may contain entered key press information
2015-67 Key pinning is ignored when overridable errors are encountered
2015-66 Vulnerabilities found through code inspection
2015-65 Use-after-free in workers while using XMLHttpRequest
2015-64 ECDSA signature validation fails to handle some signatures correctly
2015-63 Use-after-free in Content Policy due to microtask execution error
2015-62 Out-of-bound read while computing an oscillator rendering range in Web Audio
2015-61 Type confusion in Indexed Database Manager
2015-60 Local files or privileged URLs in pages can be opened into new tabs
2015-59 Miscellaneous memory safety hazards (rv:39.0 / rv:31.8 / rv:38.1)
@
text
@d1 1
a1 1
$NetBSD: patch-js_src_shell_jsoptparse.cpp,v 1.3 2015/05/12 22:48:54 ryoon Exp $
@
1.3
log
@Update to 38.0
Changelog:
New New tab-based preferences
New Ruby annotation support
New Base for the next ESR release.
Changed autocomplete=off is no longer supported for username/password fields
Changed URL parser avoids doing percent encoding when setting the Fragment part of the URL, and percent decoding when getting the Fragment in line with the URL spec
Changed RegExp.prototype.source now returns "(?:)" instead of the empty string for empty regular expressions
Changed Improved page load times via speculative connection warmup
HTML5 WebSocket now available in Web Workers
HTML5 BroadcastChannel API implemented
HTML5 Implemented srcset attribute and element for responsive images
HTML5 Implemented DOM3 Events KeyboardEvent.code
HTML5 Mac OS X: Implemented a subset of the Media Source Extensions (MSE) API to allow native HTML5 playback on YouTube
HTML5 Implemented Encrypted Media Extensions (EME) API to support encrypted HTML5 video/audio playback (Windows Vista or later only)
HTML5 Automatically download Adobe Primetime Content Decryption Module (CDM) for DRM playback through EME (Windows Vista or later only)
Developer Optimized-out variables are now visible in Debugger UI
Developer XMLHttpRequest logs in the web console are now visually labelled and can be filtered separately from regular network requests
Developer WebRTC now has multistream and renegotiation support
Developer copy command added to console
Fixed Various security fixes
Fixed in Firefox 38
2015-58 Mozilla Windows updater can be run outside of application directory
2015-57 Privilege escalation through IPC channel messages
2015-56 Untrusted site hosting trusted page can intercept webchannel responses
2015-55 Buffer overflow and out-of-bounds read while parsing MP4 video metadata
2015-54 Buffer overflow when parsing compressed XML
2015-53 Use-after-free due to Media Decoder Thread creation during shutdown
2015-52 Sensitive URL encoded information written to Android logcat
2015-51 Use-after-free during text processing with vertical text enabled
2015-50 Out-of-bounds read and write in asm.js validation
2015-49 Referrer policy ignored when links opened by middle-click and context menu
2015-48 Buffer overflow with SVG content and CSS
2015-47 Buffer overflow parsing H.264 video with Linux Gstreamer
2015-46 Miscellaneous memory safety hazards (rv:38.0 / rv:31.7)
@
text
@d1 1
a1 1
$NetBSD: patch-js_src_shell_jsoptparse.cpp,v 1.2 2015/02/19 21:33:22 ryoon Exp $
d3 1
a3 1
--- js/src/shell/jsoptparse.cpp.orig 2015-05-04 00:43:27.000000000 +0000
d5 2
a6 2
@@@@ -90,7 +90,7 @@@@ PrintParagraph(const char* text, unsigne
printf("%*s", startColno, "");
@
1.2
log
@Fix debug build.
@
text
@d1 1
a1 1
$NetBSD: patch-js_src_shell_jsoptparse.cpp,v 1.1 2015/02/16 16:16:17 bad Exp $
d3 1
a3 1
--- js/src/shell/jsoptparse.cpp.orig 2015-01-23 06:00:02.000000000 +0000
d5 1
a5 1
@@@@ -90,11 +90,11 @@@@ PrintParagraph(const char *text, unsigne
d13 1
a13 6
const char *limit = it;
- while (!isspace(*limit) && *limit != '\0')
+ while (!isspace(((unsigned char)*limit)) && *limit != '\0')
++limit;
/*
@
1.1
log
@Re-enable -Werror=char-subscripts and fix the fallout in the code.
Per discussion with ryoon@@.
Bump PKGREVISION for this and the previous two commits.
@
text
@d1 1
a1 1
$NetBSD$
d4 7
a10 2
+++ js/src/shell/jsoptparse.cpp 2015-02-05 13:10:47.000000000 +0000
@@@@ -94,7 +94,7 @@@@
@