head	1.3;
access;
symbols
	pkgsrc-2019Q2:1.2.0.4
	pkgsrc-2019Q2-base:1.2
	pkgsrc-2019Q1:1.2.0.2
	pkgsrc-2019Q1-base:1.2
	pkgsrc-2018Q4:1.1.0.2
	pkgsrc-2018Q4-base:1.1;
locks; strict;
comment	@// @;


1.3
date	2019.07.11.11.32.40;	author ryoon;	state dead;
branches;
next	1.2;
commitid	78kKTlsMNaN1qCuB;

1.2
date	2019.01.29.16.28.22;	author ryoon;	state Exp;
branches;
next	1.1;
commitid	6ZD5e5dNV9phiH9B;

1.1
date	2018.11.07.12.55.11;	author martin;	state Exp;
branches;
next	;
commitid	LzUVVXSU6l8wM0ZA;


desc
@@


1.3
log
@Update to 68.0

Changelog:

New
    Dark mode in reader view expands so that windows are also dark on the controls, sidebars and toolbars.

    Improved extension security and discovery:
        New reporting feature in about:addons allows you to report security and performance issues with extensions and themes.
        Redesigned extensions dashboard in about:addons provides easy access to information about your extensions, including data and settings access required by each extension.
        Find high quality, secure extensions via the Recommended Extensions program in about:addons, which now displays user count and ratings for each extension. "Recommended” badges for these extensions also appear on AMO. More extensions will be added over time.

    Cryptomining and fingerprinting protections are added to strict content blocking settings in Privacy & Security preferences.

    WebRender will roll out to Windows 10 users with AMD graphics cards.

    Windows Background Intelligent Transfer Service (BITS) update download support, which allows Firefox update downloads to continue when Firefox is closed.

Fixed

    Various security fixes

    Local files can no longer access other files in the same directory.

Security fixes:
#CVE-2019-9811: Sandbox escape via installation of malicious language pack
#CVE-2019-11711: Script injection within domain through inner window reuse
#CVE-2019-11712: Cross-origin POST requests can be made with NPAPI plugins by following 308 redirects
#CVE-2019-11713: Use-after-free with HTTP/2 cached stream
#CVE-2019-11714: NeckoChild can trigger crash when accessed off of main thread
#CVE-2019-11729: Empty or malformed p256-ECDH public keys may trigger a segmentation fault
#CVE-2019-11715: HTML parsing error can contribute to content XSS
#CVE-2019-11716: globalThis not enumerable until accessed
#CVE-2019-11717: Caret character improperly escaped in origins
#CVE-2019-11718: Activity Stream writes unsanitized content to innerHTML
#CVE-2019-11719: Out-of-bounds read when importing curve25519 private key
#CVE-2019-11720: Character encoding XSS vulnerability
#CVE-2019-11721: Domain spoofing through unicode latin 'kra' character
#CVE-2019-11730: Same-origin policy treats all files in a directory as having the same-origin
#CVE-2019-11723: Cookie leakage during add-on fetching across private browsing boundaries
#CVE-2019-11724: Retired site input.mozilla.org has remote troubleshooting permissions
#CVE-2019-11725: Websocket resources bypass safebrowsing protections
#CVE-2019-11727: PKCS#1 v1.5 signatures can be used for TLS 1.3
#CVE-2019-11728: Port scanning through Alt-Svc header
#CVE-2019-11710: Memory safety bugs fixed in Firefox 68
#CVE-2019-11709: Memory safety bugs fixed in Firefox 68 and Firefox ESR 60.8
@
text
@$NetBSD: patch-js_xpconnect_src_XPCMaps.cpp,v 1.2 2019/01/29 16:28:22 ryoon Exp $

Avoid alignement issues, see bugzilla
see https://bugzilla.mozilla.org/show_bug.cgi?id=1434726

--- js/xpconnect/src/XPCMaps.cpp.orig	2019-01-18 00:20:42.000000000 +0000
+++ js/xpconnect/src/XPCMaps.cpp
@@@@ -21,7 +21,13 @@@@ using namespace mozilla;
 // nsID, not the hash of the pointer to the nsID.
 
 static PLDHashNumber HashIIDPtrKey(const void* key) {
+#ifdef __sparc__
+ uintptr_t v;
+ memcpy(&v, key, sizeof(v));
+ return HashGeneric(&v);
+#else
   return HashGeneric(*((uintptr_t*)key));
+#endif
 }
 
 static bool MatchIIDPtrKey(const PLDHashEntryHdr* entry, const void* key) {
@


1.2
log
@Updatet to 65.0

Changelog:
New

    Enhanced tracking protection: Simplified content blocking settings give users standard, strict, and custom options to control online trackers. A redesigned content blocking section in the site information panel (viewed by expanding the small “i” icon in the address bar) shows what Firefox detects and blocks on each website you visit. To learn more about content blocking, visit the Mozilla Blog.

    A better experience for multilingual users: An updated Language section in Preferences allows users to install multiple language packs and order language preferences for Firefox and websites, without having to download locale-specific versions.

    Support for Handoff on macOS: Continue browsing across devices. Pick up where you left off with iOS (via Firefox or Safari) on Firefox on Mac.

    A better video streaming experience for Windows users: Firefox now supports the next-generation, royalty-free video compression technology called AV1. Read about Mozilla’s contribution to this new open standard.

    Improved performance and web compatibility, with support for the WebP image format: WebP brings the same image quality as existing formats at smaller file sizes, which saves bandwidth and speeds up page load.

Fixed

    Various security fixes.

Changed

    Enhanced security for macOS, Linux, and Android users via stronger stack smashing protection which is now enabled by default for all platforms. "Stack smashing" is a common security attack in which malicious actors corrupt or take control of a vulnerable program.

    Firefox will now warn you when closing a window (regardless of whether you have automatic session restore enabled for restart).

    Easier performance management: The revamped Task Manager page found at about:performance now reports memory usage for tabs and add-ons.

    Improved the pop-up blocker to prevent multiple pop-up windows from being opened by websites at the same time.

Security fixes:
Not available yet.
@
text
@d1 1
a1 1
$NetBSD: patch-js_xpconnect_src_XPCMaps.cpp,v 1.1 2018/11/07 12:55:11 martin Exp $
@


1.1
log
@Make the pkg at least build on sparc64 (nowhere near working yet)
@
text
@d1 1
a1 1
$NetBSD$
d6 6
a11 6
--- js/xpconnect/src/XPCMaps.cpp.orig	2018-10-31 01:08:09.000000000 +0100
+++ js/xpconnect/src/XPCMaps.cpp	2018-11-07 13:03:15.754241064 +0100
@@@@ -23,7 +23,13 @@@@ using namespace mozilla;
 static PLDHashNumber
 HashIIDPtrKey(const void* key)
 {
d13 3
a15 3
+    uintptr_t v;
+    memcpy(&v, key, sizeof(v));
+    return HashGeneric(&v);
d17 1
a17 1
     return HashGeneric(*((uintptr_t*)key));
d21 1
a21 1
 static bool
@