head 1.4; access; symbols pkgsrc-2023Q2:1.3.0.4 pkgsrc-2023Q2-base:1.3 pkgsrc-2023Q1:1.3.0.2 pkgsrc-2023Q1-base:1.3 pkgsrc-2022Q4:1.2.0.12 pkgsrc-2022Q4-base:1.2 pkgsrc-2022Q3:1.2.0.10 pkgsrc-2022Q3-base:1.2 pkgsrc-2022Q2:1.2.0.8 pkgsrc-2022Q2-base:1.2 pkgsrc-2022Q1:1.2.0.6 pkgsrc-2022Q1-base:1.2 pkgsrc-2021Q4:1.2.0.4 pkgsrc-2021Q4-base:1.2 pkgsrc-2021Q3:1.2.0.2 pkgsrc-2021Q3-base:1.2 pkgsrc-2021Q2:1.1.0.6 pkgsrc-2021Q2-base:1.1 pkgsrc-2021Q1:1.1.0.4 pkgsrc-2021Q1-base:1.1 pkgsrc-2020Q4:1.1.0.2 pkgsrc-2020Q4-base:1.1; locks; strict; comment @// @; 1.4 date 2023.08.03.22.02.33; author ryoon; state dead; branches; next 1.3; commitid RciuY6ggGfxDcozE; 1.3 date 2023.01.24.17.57.09; author nia; state Exp; branches; next 1.2; commitid 9Me0jLePQPV5ZOaE; 1.2 date 2021.06.30.15.09.56; author ryoon; state Exp; branches; next 1.1; commitid Xz9yNkwfZJaFtaZC; 1.1 date 2020.11.06.08.56.37; author maya; state Exp; branches; next ; commitid TACHJfL50bwiZNuC; desc @@ 1.4 log @firefox: Update to 116.0 * speech-dispatcher is not tested yet. Changelog: New * Sidebar switcher allows users to access Bookmarks, History and Synced Tabs panels easily, quickly switch between them, move the sidebar to another side of the browser window, or close the sidebar. Now, keyboard users would be able to do it all with ease too, with or without any assistive technology running, without needing to memorize keyboard shortcuts to access these panels. * When an update is available in English locales, users will now have access to the release notes in the update notification prompt in the form of a "Learn More" link. * It is now possible to copy any file from your operating system and paste it into Firefox. * You asked, and we listened! The volume slider is now available in Picture-in-Picture. * We added the possibility to edit existing text annotations. Fixed * The upload performance of HTTP/2 has been significantly improved starting with Firefox 115.0, particularly on those with a higher bandwidth delay product (i.e., networks characterized by both high bandwidth and high latency). * Various security fixes. Changed * The keyboard shortcut to reopen closed tabs (command + shift + t) now reopens last closed tab or last closed window, in the order items were closed. If there aren't any tabs or windows to reopen, this command restores the previous session. This change is in anticipation of upcoming changes to recently closed tabs. Security fixes: #CVE-2023-4045: Offscreen Canvas could have bypassed cross-origin restrictions #CVE-2023-4046: Incorrect value used during WASM compilation #CVE-2023-4047: Potential permissions request bypass via clickjacking #CVE-2023-4048: Crash in DOMParser due to out-of-memory conditions #CVE-2023-4049: Fix potential race conditions when releasing platform objects #CVE-2023-4050: Stack buffer overflow in StorageManager #CVE-2023-4051: Full screen notification obscured by file open dialog #CVE-2023-4052: File deletion and privilege escalation through Firefox uninstaller #CVE-2023-4053: Full screen notification obscured by external program #CVE-2023-4054: Lack of warning when opening appref-ms files #CVE-2023-4055: Cookie jar overflow caused unexpected cookie jar state #CVE-2023-4056: Memory safety bugs fixed in Firefox 116, Firefox ESR 115.1, Firefox ESR 102.14, Thunderbird 115.1, and Thunderbird 102.14 #CVE-2023-4057: Memory safety bugs fixed in Firefox 116, Firefox ESR 115.1, and Thunderbird 115.1 #CVE-2023-4058: Memory safety bugs fixed in Firefox 116 @ text @$NetBSD: patch-js_src_vm_ArrayBufferObject.cpp,v 1.3 2023/01/24 17:57:09 nia Exp $ PaX MPROTECT safety for NetBSD. https://bugzilla.mozilla.org/show_bug.cgi?id=1811913 --- js/src/vm/ArrayBufferObject.cpp.orig 2021-05-20 21:29:34.000000000 +0000 +++ js/src/vm/ArrayBufferObject.cpp @@@@ -189,9 +189,17 @@@@ void* js::MapBufferMemory(size_t mappedS MOZ_ASSERT(data); memset(data, 0, mappedSize); #else // !XP_WIN && !__wasi__ + +#ifdef PROT_MPROTECT + void* data = + MozTaggedAnonymousMmap(nullptr, mappedSize, + PROT_MPROTECT(PROT_EXEC | PROT_WRITE | PROT_READ), + MAP_PRIVATE | MAP_ANON, -1, 0, "wasm-reserved"); +#else void* data = MozTaggedAnonymousMmap(nullptr, mappedSize, PROT_NONE, MAP_PRIVATE | MAP_ANON, -1, 0, "wasm-reserved"); +#endif if (data == MAP_FAILED) { return nullptr; } @ 1.3 log @firefox: Update patch comments. @ text @d1 1 a1 1 $NetBSD: patch-js_src_vm_ArrayBufferObject.cpp,v 1.2 2021/06/30 15:09:56 ryoon Exp $ @ 1.2 log @firefox: Update to 89.0.2 Changelog: 89.0.2 Fixed * Fix occasional hangs with Software WebRender on Linux (bug 1708224) 89.0.1 Fixed * Windows: Resolved an issue causing some screen readers to not interact correctly with Firefox anymore (bug 1714212) * Updated translations, including full Spanish (Mexico) localization and other improvements (bug 1714946) * Fix various font related regressions (bug 1694174) * Linux: Fix performance and stability regressions with WebRender (bug 1715895, bug 1715902) * macOS: Fix screen flickering when scrolling a page on an external monitor ( bug 1715452) * Enterprise: Fix for the DisableDeveloperTools policy not having effect anymore (bug 1715777) * Linux: Fix broken scrollbars on some GTK themes (bug 1714103) * Various stability and security fixes. Security fixes: #CVE-2021-29968: Out of bounds read when drawing text characters onto a Canvas 89.0 New * Say hello to a fresh new Firefox, designed to get you where you want to go even faster. We??ve redesigned and modernized the core experience to be cleaner, more inviting, and easier to use. Beginning in 89, you??ll notice a number of changes, including: Simplified browser chrome and toolbar: Less frequently used items removed to focus on the most important navigation items. Simplified browser chrome and toolbar screenshot Clear, streamlined menus: Re-organized and prioritized menu content according to usage. Updated labels and removed iconography. Clear, streamlined menus screenshot Updated prompts: Infobars, panels, and modals have a cleaner design and clearer language. Updated prompts screenshot Inspired tab design: Floating tabs neatly contain information and surface cues when you need them, like visual indicators for audio controls. The rounded design of the active tab supports focus and signals the ability to easily move the tab as needed. Inspired tab design screenshot Fewer interruptions: Reduced number of alerts and messages, so you can browse with fewer distractions. Cohesive, calmer visuals: Lighter iconography, a refined color palette, and more consistent styling throughout. This release also includes enhancements to our privacy offerings: + We??ve enhanced the privacy of the Firefox Browser??s Private Browsing mode with Total Cookie Protection, which confines cookies to the site where they were created, preventing companies from using cookies to track your browsing across sites. This feature was originally launched in Firefox??s ETP Strict mode. * For macOS users, we're introducing the elastic overscroll effect known from many other applications. A gentle bouncing animation will indicate that you reached the end of the page. In addition, we added support for smart zoom. Double-tap with two fingers on your trackpad, or with a single finger on your Magic Mouse, to zoom the content below your cursor into focus. * Native context menus: Context menus on macOS are now native and support Dark Mode. macOS native context menus screenshot * WebRender is now enabled on Linux with the NVIDIA binary driver and on all desktop environments # Fixed * Colors in Firefox on macOS will no longer be saturated on wide gamut displays, untagged images are properly treated as sRGB, and colors in images tagged as sRGB will now match CSS colors. * In full screen mode on macOS, moving your mouse to the top of the screen will no longer hide your tabs behind the system menu bar. * Also in full screen mode on macOS, it is now possible to hide the browser toolbars for a fully immersive full screen experience. This brings macOS in line with Windows and Linux. * Various stability and security fixes. # Changed * Introducing a non-native implementation of web form controls, which delivers a new modern design and some improvements to page load performance. Watch for layout bugs in web pages that make assumptions about the dimensions or styling of form controls. * The screenshots feature is available in the right-click context menu. You can also add a screenshots shortcut to your toolbar. Learn more. Security fixes: #CVE-2021-29965: Password Manager on Firefox for Android susceptible to domain spoofing #CVE-2021-29960: Filenames printed from private browsing mode incorrectly retained in preferences #CVE-2021-29961: Firefox UI spoof using `