head 1.9; access; symbols pkgsrc-2018Q1:1.8.0.2 pkgsrc-2018Q1-base:1.8 pkgsrc-2017Q4:1.7.0.14 pkgsrc-2017Q4-base:1.7 pkgsrc-2017Q3:1.7.0.12 pkgsrc-2017Q3-base:1.7 pkgsrc-2017Q2:1.7.0.8 pkgsrc-2017Q2-base:1.7 pkgsrc-2017Q1:1.7.0.6 pkgsrc-2017Q1-base:1.7 pkgsrc-2016Q4:1.7.0.4 pkgsrc-2016Q4-base:1.7 pkgsrc-2016Q3:1.7.0.2 pkgsrc-2016Q3-base:1.7 pkgsrc-2016Q2:1.6.0.2 pkgsrc-2016Q2-base:1.6 pkgsrc-2016Q1:1.4.0.6 pkgsrc-2016Q1-base:1.4 pkgsrc-2015Q4:1.4.0.4 pkgsrc-2015Q4-base:1.4 pkgsrc-2015Q3:1.4.0.2 pkgsrc-2015Q3-base:1.4 pkgsrc-2015Q2:1.2.0.4 pkgsrc-2015Q2-base:1.2 pkgsrc-2015Q1:1.2.0.2 pkgsrc-2015Q1-base:1.2 pkgsrc-2014Q4:1.1.0.2 pkgsrc-2014Q4-base:1.1; locks; strict; comment @# @; 1.9 date 2018.05.10.20.01.53; author ryoon; state dead; branches; next 1.8; commitid xD42Z67JHKvGXMBA; 1.8 date 2018.03.17.00.59.03; author ryoon; state Exp; branches; next 1.7; commitid yheX9IRIu7EcnKuA; 1.7 date 2016.08.06.08.46.59; author ryoon; state Exp; branches 1.7.14.1; next 1.6; commitid E1GJBeRJuobrRdhz; 1.6 date 2016.06.16.12.08.21; author ryoon; state Exp; branches; next 1.5; commitid LAwegbTYgLLjCGaz; 1.5 date 2016.04.27.16.22.40; author ryoon; state Exp; branches; next 1.4; commitid u2rwBznaaKPcDh4z; 1.4 date 2015.09.23.06.44.42; author ryoon; state Exp; branches 1.4.6.1; next 1.3; commitid A8JQd1PZS2cnplCy; 1.3 date 2015.08.11.23.48.18; author ryoon; state Exp; branches; next 1.2; commitid uPb40BQqdcXesUwy; 1.2 date 2015.02.28.04.30.55; author ryoon; state Exp; branches; next 1.1; commitid Y4EEeVfm51r1kJby; 1.1 date 2014.12.01.18.11.14; author ryoon; state Exp; branches; next ; commitid jJPLy0Wr2QzMIm0y; 1.7.14.1 date 2018.03.22.06.56.21; author spz; state Exp; branches; next ; commitid 8s0l4dxdhHyRbqvA; 1.4.6.1 date 2016.05.19.12.56.31; author bsiegert; state Exp; branches; next ; commitid 53h9eCcjRRHEM57z; desc @@ 1.9 log @Update to 60.0 * Remove untested patches including NetBSD/earm support Changelog: New Added a policy engine that allows customized Firefox deployments in enterprise environments, using Windows Group Policy or a cross-platform JSON file Enhancements to New Tab / Firefox Home Responsive layout that shows more content for users with wide-screen displays Highlights section includes web sites saved to Pocket More options to reorder sections and content on the page Pocket Sponsored Stories will appear for a percentage of users in the US. Read about our privacy-conscious approach to sponsored content Redesigned Cookies and Site Storage section in Preferences for greater clarity and control of first- and third-party cookies Applied Quantum CSS to render browser UI Added support for Web Authentication API, which allows USB tokens for website authentication Enhanced camera privacy indicators: Firefox now turns off your camera and the camera's light when you disable video recording, and turns the camera and light on when you resume recording Added an option for Linux users to show or hide page titles in a bar at the top of the browser. You'll find the Title Bar option in the Customize panel available from the main browser menu. Improved WebRTC audio performance and playback for Linux users Locale added: Occitan (oc) Fixed Various security fixes Changed #CVE-2018-5154: Use-after-free with SVG animations and clip paths #CVE-2018-5155: Use-after-free with SVG animations and text paths #CVE-2018-5157: Same-origin bypass of PDF Viewer to view protected PDF files #CVE-2018-5158: Malicious PDF can inject JavaScript into PDF Viewer #CVE-2018-5159: Integer overflow and out-of-bounds write in Skia #CVE-2018-5160: Uninitialized memory use by WebRTC encoder #CVE-2018-5152: WebExtensions information leak through webRequest API #CVE-2018-5153: Out-of-bounds read in mixed content websocket messages #CVE-2018-5163: Replacing cached data in JavaScript Start-up Bytecode Cache #CVE-2018-5164: CSP not applied to all multipart content sent with multipart/x-mixed-replace #CVE-2018-5166: WebExtension host permission bypass through filterReponseData #CVE-2018-5167: Improper linkification of chrome: and javascript: content in web console and JavaScript debugger #CVE-2018-5168: Lightweight themes can be installed without user interaction #CVE-2018-5169: Dragging and dropping link text onto home button can set home page to include chrome pages #CVE-2018-5172: Pasted script from clipboard can run in the Live Bookmarks page or PDF viewer #CVE-2018-5173: File name spoofing of Downloads panel with Unicode characters #CVE-2018-5174: Windows Defender SmartScreen UI runs with less secure behavior for downloaded files in Windows 10 April 2018 Update #CVE-2018-5175: Universal CSP bypass on sites using strict-dynamic in their policies #CVE-2018-5176: JSON Viewer script injection #CVE-2018-5177: Buffer overflow in XSLT during number formatting #CVE-2018-5165: Checkbox for enabling Flash protected mode is inverted in 32-bit Firefox #CVE-2018-5180: heap-use-after-free in mozilla::WebGLContext::DrawElementsInstanced #CVE-2018-5181: Local file can be displayed in noopener tab through drag and drop of hyperlink #CVE-2018-5182: Local file can be displayed from hyperlink dragged and dropped on addressbar #CVE-2018-5151: Memory safety bugs fixed in Firefox 60 #CVE-2018-5150: Memory safety bugs fixed in Firefox 60 and Firefox ESR 52.8 @ text @$NetBSD: patch-media_libtheora_moz.build,v 1.8 2018/03/17 00:59:03 ryoon Exp $ * Support system library --- media/libtheora/moz.build.orig 2018-03-10 02:54:17.000000000 +0000 +++ media/libtheora/moz.build @@@@ -21,6 +21,9 @@@@ FINAL_LIBRARY = 'gkmedias' # The encoder is currently not included. DEFINES['THEORA_DISABLE_ENCODE'] = True +if CONFIG['MOZ_SYSTEM_OGG']: + CFLAGS += CONFIG['MOZ_OGG_CFLAGS'] + # Suppress warnings in third-party code. if CONFIG['CC_TYPE'] in ('clang', 'clang-cl', 'gcc'): CFLAGS += ['-Wno-type-limits'] @ 1.8 log @Update to 59.0.1 Changelog: 59.0.1 Security fix #CVE-2018-5146: Out of bounds memory write in libvorbis 59.0 New Performance enhancements: - Faster load times for content on the Firefox Home page - Faster page load times by loading either from the networked cache or the cache on the user's hard drive (Race Cache With Network) - Improved graphics rendering using Off-Main-Thread Painting (OMTP) for Mac users (OMTP for Windows was released in Firefox 58) Drag-and-drop to rearrange Top Sites on the Firefox Home page, and customize new windows and tabs in other ways Added features for Firefox Screenshots: - Basic annotation lets the user draw on and highlight saved screenshots - Recropping to change the viewable area of saved screenshots Enhanced WebExtensions API including better support for decentralized protocols and the ability to dynamically register content scripts Improved Real-Time Communications (RTC) capabilities. - Implemented RTP Transceiver to give pages more fine grained control over calls - Implemented features to support large scale conferences Added support for W3C specs for pointer events and improved platform integration with added device support for mouse, pen, and touch screen pointer input Added the Ecosia search engine as an option for German Firefox Added the Qwant search engine as an option for French Firefox Added settings in about:preferences to stop websites from asking to send notifications or access your device's camera, microphone, and location, while still allowing trusted websites to use these features Fixed Various security fixes Changed Firefox Private Browsing Mode will remove path information from referrers to prevent cross-site tracking Security fixes: #CVE-2018-5127: Buffer overflow manipulating SVG animatedPathSegList #CVE-2018-5128: Use-after-free manipulating editor selection ranges #CVE-2018-5129: Out-of-bounds write with malformed IPC messages #CVE-2018-5130: Mismatched RTP payload type can trigger memory corruption #CVE-2018-5131: Fetch API improperly returns cached copies of no-store/no-cache resources #CVE-2018-5132: WebExtension Find API can search privileged pages #CVE-2018-5133: Value of the app.support.baseURL preference is not properly sanitized #CVE-2018-5134: WebExtensions may use view-source: URLs to bypass content restrictions #CVE-2018-5135: WebExtension browserAction can inject scripts into unintended contexts #CVE-2018-5136: Same-origin policy violation with data: URL shared workers #CVE-2018-5137: Script content can access legacy extension non-contentaccessible resources #CVE-2018-5138: Android Custom Tab address spoofing through long domain names #CVE-2018-5140: Moz-icon images accessible to web content through moz-icon: protocol #CVE-2018-5141: DOS attack through notifications Push API #CVE-2018-5142: Media Capture and Streams API permissions display incorrect origin with data: and blob: URLs #CVE-2018-5143: Self-XSS pasting javascript: URL with embedded tab into addressbar #CVE-2018-5126: Memory safety bugs fixed in Firefox 59 #CVE-2018-5125: Memory safety bugs fixed in Firefox 59 and Firefox ESR 52.7 @ text @d1 1 a1 1 $NetBSD: patch-media_libtheora_moz.build,v 1.7 2016/08/06 08:46:59 ryoon Exp $ @ 1.7 log @Update to 48.0 * OSS audio support may not work. I will revisit later Changelog: New: Roar for moar protection against harmful downloads! We've got your back Process separation (e10s) is enabled for some of you. Like it? Let us know and we'll roll it out to more. Add-ons that have not been verified and signed by Mozilla will not load GNU/Linux fans: Get better Canvas performance with speedy Skia support. Try saying that three times fast WebRTC embetterments: Delay-agnostic AEC enabled Full duplex for GNU/Linux enabled ICE Restart & Update is supported Cloning of MediaStream and MediaStreamTrack is now supported Searching for something already in your bookmarks or open tabs? We added super smart icons to let you know Windows folks: Tab (move buttons) and Shift+F10 (pop-up menus) now behave as they should in Firefox customization mode The media parser has been redeveloped using the Rust programming language Windows 7 systems without Platform Update can now use D3D11 WARP Fixed: Various security fixes Heyo, Jabra & Logitech C920 webcam users. We fixed those pesky WebRTC bugs causing frequency distortions. Buh-bye, squeaky voice! Improved step debugging on last line of functions Changed: Starting with the Firefox version 49 release, so long to support for 10.6, 10.7 and 10.8. Now we can focus on where most Mac users are: 10.9. Don't forget to upgrade! After version 48, SSE2 CPU extensions are going to be required on Windows Au revoir to Windows Remote Access Service modem Autodial Developer: WebExtensions support is now considered as stable Workers can now use the Web Crypto API Want to move absolute & fixed positioned elements? (Who doesn't, right?) Now you can with our geometry editor. The memory tool now has a tree map view for your debugging pleasure. It's a little bit of "boo" and a whole lot of "ya." We're putting the spotlight on the background. Now you can debug WebExtensions background content scripts and background pages Content Security Policy (CSP) is now enforced for WebExtensions. (Who's down with CSP?) Old and busted: Error Console. New hotness: Browser Console for your debugging pleasure. Add-on development just got easier because you can reload them from about:debugging — because we're all about debugging. This theme is hot, hot, hot! Say hi to the Firebug theme for Developer Tools. Expand network requests from the console panel to view request details in line, so you can see things in context Fixed in Firefox 48: 2016-84 Information disclosure through Resource Timing API during page navigation 2016-83 Spoofing attack through text injection into internal error pages 2016-82 Addressbar spoofing with right-to-left characters on Firefox for Android 2016-81 Information disclosure and local file manipulation through drag and drop 2016-80 Same-origin policy violation using local HTML file and saved shortcut file 2016-79 Use-after-free when applying SVG effects 2016-78 Type confusion in display transformation 2016-77 Buffer overflow in ClearKey Content Decryption Module (CDM) during video playback 2016-76 Scripts on marquee tag can execute in sandboxed iframes 2016-75 Integer overflow in WebSockets during data buffering 2016-74 Form input type change from password to text can store plain text password in session restore file 2016-73 Use-after-free in service workers with nested sync events 2016-72 Use-after-free in DTLS during WebRTC session shutdown 2016-71 Crash in incremental garbage collection in JavaScript 2016-70 Use-after-free when using alt key and toplevel menus 2016-69 Arbitrary file manipulation by local user through Mozilla updater and callback application path parameter 2016-68 Out-of-bounds read during XML parsing in Expat library 2016-67 Stack underflow during 2D graphics rendering 2016-66 Location bar spoofing via data URLs with malformed/invalid mediatypes 2016-65 Cairo rendering crash due to memory allocation issue with FFmpeg 0.10 2016-64 Buffer overflow rendering SVG with bidirectional content 2016-63 Favicon network connection can persist when page is closed 2016-62 Miscellaneous memory safety hazards (rv:48.0 / rv:45.3) @ text @d1 1 a1 1 $NetBSD: patch-media_libtheora_moz.build,v 1.6 2016/06/16 12:08:21 ryoon Exp $ d5 1 a5 1 --- media/libtheora/moz.build.orig 2016-07-25 20:22:04.000000000 +0000 d15 1 a15 1 if CONFIG['GNU_CC'] or CONFIG['CLANG_CL']: @ 1.7.14.1 log @Pullup ticket #5728 - requested by maya devel/nspr: dependency update devel/nss: dependency update www/firefox-l10n: dependent update www/firefox: security update Revisions pulled up: - devel/nspr/Makefile 1.94-1.95 - devel/nspr/distinfo 1.48-1.49 - devel/nspr/patches/patch-az deleted - devel/nspr/patches/patch-nspr_pr_include_md___pth.h 1.1 - devel/nspr/patches/patch-nspr_pr_src_pthreads_ptthread.c 1.1 - devel/nspr/patches/patch-nsprpub_pr_include_md__pth.h deleted - devel/nss/Makefile 1.146,1.148 - devel/nss/PLIST 1.24 - devel/nss/distinfo 1.81,1.83 - devel/nss/patches/patch-nss_lib_freebl_config.mk deleted - devel/nss/patches/patch-nss_lib_freebl_verified_kremlib.h deleted - www/firefox-l10n/Makefile 1.121-1.123 - www/firefox-l10n/distinfo 1.111-1.113 - www/firefox/Makefile 1.320-1.321,1.324 - www/firefox/PLIST 1.127 - www/firefox/distinfo 1.307-1.309 - www/firefox/mozilla-common.mk 1.105-1.106 - www/firefox/patches/patch-aa 1.56 - www/firefox/patches/patch-build_gyp.mozbuild 1.8 - www/firefox/patches/patch-build_moz.configure_keyfiles.configure 1.5 - www/firefox/patches/patch-build_moz.configure_memory.configure deleted - www/firefox/patches/patch-config_baseconfig.mk deleted - www/firefox/patches/patch-config_external_moz.build 1.17 - www/firefox/patches/patch-dom_media_moz.build 1.9 - www/firefox/patches/patch-gfx_skia_generate__mozbuild.py 1.8 - www/firefox/patches/patch-gfx_skia_moz.build 1.15 - www/firefox/patches/patch-gfx_thebes_moz.build 1.9 - www/firefox/patches/patch-media_libcubeb_gtest_moz.build 1.2 - www/firefox/patches/patch-media_libtheora_moz.build 1.8 - www/firefox/patches/patch-media_libvorbis_moz.build 1.4 - www/firefox/patches/patch-media_webrtc_trunk_webrtc_modules_audio__device_linux_audio__device__alsa__linux.cc 1.1 - www/firefox/patches/patch-modules_libpref_init_all.js 1.7 - www/firefox/patches/patch-modules_pdfium_update.sh 1.2 - www/firefox/patches/patch-netwerk_dns_moz.build 1.8 - www/firefox/patches/patch-netwerk_srtp_src_crypto_hash_hmac.c deleted - www/firefox/patches/patch-netwerk_srtp_src_crypto_kernel_crypto__kernel.c deleted - www/firefox/patches/patch-servo_components_style_properties_helpers_animated__properties.mako.rs deleted - www/firefox/patches/patch-third__party_rust_simd_.cargo-checksum.json 1.1 - www/firefox/patches/patch-third__party_rust_simd_src_x86_avx2.rs 1.1 - www/firefox/patches/patch-toolkit_crashreporter_google-breakpad_src_third_party_curl_curlbuild.h deleted - www/firefox/patches/patch-toolkit_moz.configure 1.10 - www/firefox/patches/patch-toolkit_xre_nsEmbedFunctions.cpp deleted - www/firefox/patches/patch-xpcom_build_BinaryPath.h 1.3-1.4 ------------------------------------------------------------------- Module Name: pkgsrc Committed By: ryoon Date: Wed Jan 24 16:21:43 UTC 2018 Modified Files: pkgsrc/devel/nspr: Makefile distinfo Added Files: pkgsrc/devel/nspr/patches: patch-nspr_pr_include_md___pth.h patch-nspr_pr_src_pthreads_ptthread.c Removed Files: pkgsrc/devel/nspr/patches: patch-az patch-nsprpub_pr_include_md__pth.h Log Message: Update to 4.18 Changelog: NSPR 4.18 contains the following changes: - removed HP-UX DCE threads support - improvements for the Windows implementation of PR_SetCurrentThreadName - fixes for the Windows implementation of TCP Fast Open To generate a diff of this commit: cvs rdiff -u -r1.93 -r1.94 pkgsrc/devel/nspr/Makefile cvs rdiff -u -r1.47 -r1.48 pkgsrc/devel/nspr/distinfo cvs rdiff -u -r1.4 -r0 pkgsrc/devel/nspr/patches/patch-az cvs rdiff -u -r0 -r1.1 \ pkgsrc/devel/nspr/patches/patch-nspr_pr_include_md___pth.h \ pkgsrc/devel/nspr/patches/patch-nspr_pr_src_pthreads_ptthread.c cvs rdiff -u -r1.3 -r0 \ pkgsrc/devel/nspr/patches/patch-nsprpub_pr_include_md__pth.h ------------------------------------------------------------------- Module Name: pkgsrc Committed By: ryoon Date: Sat Mar 17 01:06:18 UTC 2018 Modified Files: pkgsrc/devel/nspr: Makefile distinfo Log Message: Update to 4.29 Changelog: NSPR 4.19 contains the following changes: - changed order of shutdown cleanup to avoid a crash on Mac OSX - build compatibility with Android NDK r16 and glibc 2.26 To generate a diff of this commit: cvs rdiff -u -r1.94 -r1.95 pkgsrc/devel/nspr/Makefile cvs rdiff -u -r1.48 -r1.49 pkgsrc/devel/nspr/distinfo ------------------------------------------------------------------- Module Name: pkgsrc Committed By: ryoon Date: Wed Jan 24 16:23:52 UTC 2018 Modified Files: pkgsrc/devel/nss: Makefile distinfo Removed Files: pkgsrc/devel/nss/patches: patch-nss_lib_freebl_config.mk patch-nss_lib_freebl_verified_kremlib.h Log Message: Update to 3.35 Changelog: The NSS team has released Network Security Services (NSS) 3.35, which is a minor release. Summary of the major changes included in this release: - The default database storage format has been changed to SQL, using filenames cert9.db, key4.db, pkcs11.txt. - TLS 1.3 support has been updated to draft -23, along with additional significant changes. - Support for TLS compression was removed. - Added formally verified implementations of non-vectorized Chacha20 and non-vectorized Poly1305 64-bit. - When creating encrypted PKCS#7 or PKCS#12 data, NSS uses a higher iteration count for stronger security. - The CA trust list was updated to version 2.22. To generate a diff of this commit: cvs rdiff -u -r1.145 -r1.146 pkgsrc/devel/nss/Makefile cvs rdiff -u -r1.80 -r1.81 pkgsrc/devel/nss/distinfo cvs rdiff -u -r1.2 -r0 \ pkgsrc/devel/nss/patches/patch-nss_lib_freebl_config.mk cvs rdiff -u -r1.1 -r0 \ pkgsrc/devel/nss/patches/patch-nss_lib_freebl_verified_kremlib.h ------------------------------------------------------------------- Module Name: pkgsrc Committed By: ryoon Date: Sat Mar 17 01:07:15 UTC 2018 Modified Files: pkgsrc/devel/nss: Makefile PLIST distinfo Log Message: Update to 3.36 * Require devel/nspr-4.19 Changelog: The NSS team has released Network Security Services (NSS) 3.36, which is a minor release. Summary of the major changes included in this release: - Replaced existing vectorized ChaCha20 code with verified HACL* implementation. - Experimental APIs for TLS session cache handling. To generate a diff of this commit: cvs rdiff -u -r1.147 -r1.148 pkgsrc/devel/nss/Makefile cvs rdiff -u -r1.23 -r1.24 pkgsrc/devel/nss/PLIST cvs rdiff -u -r1.82 -r1.83 pkgsrc/devel/nss/distinfo ------------------------------------------------------------------- Module Name: pkgsrc Committed By: ryoon Date: Wed Jan 31 14:02:18 UTC 2018 Modified Files: pkgsrc/www/firefox: Makefile distinfo Added Files: pkgsrc/www/firefox/patches: patch-xpcom_build_BinaryPath.h Log Message: Update to 58.0.1 * Fix build under netbsd-7, PR pkg/52956 Changelog: Fix Mozilla Foundation Security Advisory 2018-05: Arbitrary code execution through unsanitized browser UI When using certain non-default security policies on Windows (for example with Windows Defender Exploit Protection or Webroot security products), Firefox 58.0 would fail to load pages (bug 1433065). To generate a diff of this commit: cvs rdiff -u -r1.319 -r1.320 pkgsrc/www/firefox/Makefile cvs rdiff -u -r1.306 -r1.307 pkgsrc/www/firefox/distinfo cvs rdiff -u -r0 -r1.3 \ pkgsrc/www/firefox/patches/patch-xpcom_build_BinaryPath.h ------------------------------------------------------------------- Module Name: pkgsrc Committed By: ryoon Date: Sat Feb 10 07:02:47 UTC 2018 Modified Files: pkgsrc/www/firefox: Makefile distinfo mozilla-common.mk pkgsrc/www/firefox/patches: patch-xpcom_build_BinaryPath.h Log Message: Update to 58.0.2 * Fix segfault on netbsd-7 Changelog: Fix Avoid a signature validation issue during update on macOS Blocklisted graphics drivers related to off main thread painting crashes Tab crash during printing Fix clicking links and scrolling emails on Microsoft Hotmail and Outlook (OWA) webmail To generate a diff of this commit: cvs rdiff -u -r1.320 -r1.321 pkgsrc/www/firefox/Makefile cvs rdiff -u -r1.307 -r1.308 pkgsrc/www/firefox/distinfo cvs rdiff -u -r1.104 -r1.105 pkgsrc/www/firefox/mozilla-common.mk cvs rdiff -u -r1.3 -r1.4 \ pkgsrc/www/firefox/patches/patch-xpcom_build_BinaryPath.h ------------------------------------------------------------------- Module Name: pkgsrc Committed By: ryoon Date: Sat Mar 17 00:59:03 UTC 2018 Modified Files: pkgsrc/www/firefox: Makefile PLIST distinfo mozilla-common.mk pkgsrc/www/firefox/patches: patch-aa patch-build_gyp.mozbuild patch-config_external_moz.build patch-dom_media_moz.build patch-gfx_skia_generate__mozbuild.py patch-gfx_skia_moz.build patch-gfx_thebes_moz.build patch-media_libcubeb_gtest_moz.build patch-media_libtheora_moz.build patch-media_libvorbis_moz.build patch-modules_pdfium_update.sh patch-netwerk_dns_moz.build patch-toolkit_moz.configure Added Files: pkgsrc/www/firefox/patches: patch-build_moz.configure_keyfiles.configure patch-media_webrtc_trunk_webrtc_modules_audio__device_linux_audio__device__alsa__linux.cc patch-modules_libpref_init_all.js patch-third__party_rust_simd_.cargo-checksum.json patch-third__party_rust_simd_src_x86_avx2.rs Removed Files: pkgsrc/www/firefox/patches: patch-build_moz.configure_memory.configure patch-config_baseconfig.mk patch-netwerk_srtp_src_crypto_hash_hmac.c patch-netwerk_srtp_src_crypto_kernel_crypto__kernel.c patch-servo_components_style_properties_helpers_animated__properties.mako.rs patch-toolkit_crashreporter_google-breakpad_src_third_party_curl_curlbuild.h patch-toolkit_xre_nsEmbedFunctions.cpp Log Message: Update to 59.0.1 Changelog: 59.0.1 Security fix #CVE-2018-5146: Out of bounds memory write in libvorbis 59.0 New Performance enhancements: - Faster load times for content on the Firefox Home page - Faster page load times by loading either from the networked cache or the cache on the user's hard drive (Race Cache With Network) - Improved graphics rendering using Off-Main-Thread Painting (OMTP) for Mac users (OMTP for Windows was released in Firefox 58) Drag-and-drop to rearrange Top Sites on the Firefox Home page, and customize new windows and tabs in other ways Added features for Firefox Screenshots: - Basic annotation lets the user draw on and highlight saved screenshots - Recropping to change the viewable area of saved screenshots Enhanced WebExtensions API including better support for decentralized protocols and the ability to dynamically register content scripts Improved Real-Time Communications (RTC) capabilities. - Implemented RTP Transceiver to give pages more fine grained control over calls - Implemented features to support large scale conferences Added support for W3C specs for pointer events and improved platform integration with added device support for mouse, pen, and touch screen pointer input Added the Ecosia search engine as an option for German Firefox Added the Qwant search engine as an option for French Firefox Added settings in about:preferences to stop websites from asking to send notifications or access your device's camera, microphone, and location, while still allowing trusted websites to use these features Fixed Various security fixes Changed Firefox Private Browsing Mode will remove path information from referrers to prevent cross-site tracking Security fixes: #CVE-2018-5127: Buffer overflow manipulating SVG animatedPathSegList #CVE-2018-5128: Use-after-free manipulating editor selection ranges #CVE-2018-5129: Out-of-bounds write with malformed IPC messages #CVE-2018-5130: Mismatched RTP payload type can trigger memory corruption #CVE-2018-5131: Fetch API improperly returns cached copies of no-store/no-cache resources #CVE-2018-5132: WebExtension Find API can search privileged pages #CVE-2018-5133: Value of the app.support.baseURL preference is not properly sanitized #CVE-2018-5134: WebExtensions may use view-source: URLs to bypass content restrictions #CVE-2018-5135: WebExtension browserAction can inject scripts into unintended contexts #CVE-2018-5136: Same-origin policy violation with data: URL shared workers #CVE-2018-5137: Script content can access legacy extension non-contentaccessible resources #CVE-2018-5138: Android Custom Tab address spoofing through long domain names #CVE-2018-5140: Moz-icon images accessible to web content through moz-icon: protocol #CVE-2018-5141: DOS attack through notifications Push API #CVE-2018-5142: Media Capture and Streams API permissions display incorrect origin with data: and blob: URLs #CVE-2018-5143: Self-XSS pasting javascript: URL with embedded tab into addressbar #CVE-2018-5126: Memory safety bugs fixed in Firefox 59 #CVE-2018-5125: Memory safety bugs fixed in Firefox 59 and Firefox ESR 52.7 To generate a diff of this commit: cvs rdiff -u -r1.323 -r1.324 pkgsrc/www/firefox/Makefile cvs rdiff -u -r1.126 -r1.127 pkgsrc/www/firefox/PLIST cvs rdiff -u -r1.308 -r1.309 pkgsrc/www/firefox/distinfo cvs rdiff -u -r1.105 -r1.106 pkgsrc/www/firefox/mozilla-common.mk cvs rdiff -u -r1.55 -r1.56 pkgsrc/www/firefox/patches/patch-aa cvs rdiff -u -r1.7 -r1.8 pkgsrc/www/firefox/patches/patch-build_gyp.mozbuild \ pkgsrc/www/firefox/patches/patch-gfx_skia_generate__mozbuild.py \ pkgsrc/www/firefox/patches/patch-media_libtheora_moz.build \ pkgsrc/www/firefox/patches/patch-netwerk_dns_moz.build cvs rdiff -u -r0 -r1.5 \ pkgsrc/www/firefox/patches/patch-build_moz.configure_keyfiles.configure cvs rdiff -u -r1.2 -r0 \ pkgsrc/www/firefox/patches/patch-build_moz.configure_memory.configure \ pkgsrc/www/firefox/patches/patch-toolkit_crashreporter_google-breakpad_src_third_party_curl_curlbuild.h cvs rdiff -u -r1.10 -r0 pkgsrc/www/firefox/patches/patch-config_baseconfig.mk cvs rdiff -u -r1.16 -r1.17 \ pkgsrc/www/firefox/patches/patch-config_external_moz.build cvs rdiff -u -r1.8 -r1.9 pkgsrc/www/firefox/patches/patch-dom_media_moz.build \ pkgsrc/www/firefox/patches/patch-gfx_thebes_moz.build cvs rdiff -u -r1.14 -r1.15 \ pkgsrc/www/firefox/patches/patch-gfx_skia_moz.build cvs rdiff -u -r1.1 -r1.2 \ pkgsrc/www/firefox/patches/patch-media_libcubeb_gtest_moz.build \ pkgsrc/www/firefox/patches/patch-modules_pdfium_update.sh cvs rdiff -u -r1.3 -r1.4 \ pkgsrc/www/firefox/patches/patch-media_libvorbis_moz.build cvs rdiff -u -r0 -r1.1 \ pkgsrc/www/firefox/patches/patch-media_webrtc_trunk_webrtc_modules_audio__device_linux_audio__device__alsa__linux.cc \ pkgsrc/www/firefox/patches/patch-third__party_rust_simd_.cargo-checksum.json \ pkgsrc/www/firefox/patches/patch-third__party_rust_simd_src_x86_avx2.rs cvs rdiff -u -r0 -r1.7 \ pkgsrc/www/firefox/patches/patch-modules_libpref_init_all.js cvs rdiff -u -r1.4 -r0 \ pkgsrc/www/firefox/patches/patch-netwerk_srtp_src_crypto_hash_hmac.c cvs rdiff -u -r1.3 -r0 \ pkgsrc/www/firefox/patches/patch-netwerk_srtp_src_crypto_kernel_crypto__kernel.c cvs rdiff -u -r1.1 -r0 \ pkgsrc/www/firefox/patches/patch-servo_components_style_properties_helpers_animated__properties.mako.rs cvs rdiff -u -r1.9 -r1.10 \ pkgsrc/www/firefox/patches/patch-toolkit_moz.configure cvs rdiff -u -r1.7 -r0 \ pkgsrc/www/firefox/patches/patch-toolkit_xre_nsEmbedFunctions.cpp ------------------------------------------------------------------- Module Name: pkgsrc Committed By: ryoon Date: Wed Jan 31 14:03:25 UTC 2018 Modified Files: pkgsrc/www/firefox-l10n: Makefile distinfo Log Message: Update to 58.0.1 * Sync with www/firefox-58.0.1 To generate a diff of this commit: cvs rdiff -u -r1.120 -r1.121 pkgsrc/www/firefox-l10n/Makefile cvs rdiff -u -r1.110 -r1.111 pkgsrc/www/firefox-l10n/distinfo ------------------------------------------------------------------- Module Name: pkgsrc Committed By: ryoon Date: Sat Feb 10 07:05:20 UTC 2018 Modified Files: pkgsrc/www/firefox-l10n: Makefile distinfo Log Message: Update to 58.0.2 * Sync with www/firefox-58.0.2 To generate a diff of this commit: cvs rdiff -u -r1.121 -r1.122 pkgsrc/www/firefox-l10n/Makefile cvs rdiff -u -r1.111 -r1.112 pkgsrc/www/firefox-l10n/distinfo ------------------------------------------------------------------- Module Name: pkgsrc Committed By: ryoon Date: Sat Mar 17 01:00:20 UTC 2018 Modified Files: pkgsrc/www/firefox-l10n: Makefile distinfo Log Message: Update to 59.0.1 * Sync with www/firefox-59.0.1 To generate a diff of this commit: cvs rdiff -u -r1.122 -r1.123 pkgsrc/www/firefox-l10n/Makefile cvs rdiff -u -r1.112 -r1.113 pkgsrc/www/firefox-l10n/distinfo @ text @d1 1 a1 1 $NetBSD$ d5 1 a5 1 --- media/libtheora/moz.build.orig 2018-03-10 02:54:17.000000000 +0000 d15 1 a15 1 if CONFIG['CC_TYPE'] in ('clang', 'clang-cl', 'gcc'): @ 1.6 log @Update to 47.0 * Remove macOS patches, because I cannot confirm them sadly Changelog: New Support for Google’s Widevine CDM on Windows and Mac OS X so streaming services like Amazon Video can switch from Silverlight to encrypted HTML5 video. Enable VP9 video codec for users with fast machines Embedded YouTube videos now play with HTML5 video if Flash is not installed. View and search open tabs from your smartphone or another computer in a sidebar Allow no-cache on back/forward navigations for https resources Latgalu [ltg] locale added. Wikipedia tells us there are 164,500 daily speakers. Fixed Various security fixes Changed FUEL (Firefox User Extension Library) has been removed. Add-ons relying on it will stop working. The browser.sessionstore.restore_on_demand preference has been reset to its default value (true) to avoid e10s performance problems. Because faster is better! The Firefox click-to-activate plugin whitelist has been removed. XRender is no longer used for rendering web content on Linux as this may cause a regression in remote X performance Developer Web platform changes View, start,and debug registered Service Workers in the Service Workers developer tool Simulate Push messages in the Service Workers developer tool 'Start' button for service workers in about:debugging to start registered Service Workers Changes that can affect add-on compatibility Added support for ChaCha20/Poly1305 cipher suites Custom user agents supported in Responsive Design Mode Smart multi-line input in the Web Console Developer Information HTML5 cuechange events are now available on TextTrack objects WebCrypto: PBKDF2 supports SHA-2 hash algorithms WebCrypto: RSA-PSS signature support Fixed in Firefox 47 2016-61 Network Security Services (NSS) vulnerabilities 2016-60 Java applets bypass CSP protections 2016-59 Information disclosure of disabled plugins through CSS pseudo-classes 2016-58 Entering fullscreen and persistent pointerlock without user permission 2016-57 Incorrect icon displayed on permissions notifications 2016-56 Use-after-free when textures are used in WebGL operations after recycle pool destruction 2016-55 File overwrite and privilege escalation through Mozilla Windows updater 2016-54 Partial same-origin-policy through setting location.host through data URI 2016-53 Out-of-bounds write with WebGL shader 2016-52 Addressbar spoofing though the SELECT element 2016-51 Use-after-free deleting tables from a contenteditable document 2016-50 Buffer overflow parsing HTML5 fragments 2016-49 Miscellaneous memory safety hazards (rv:47.0 / rv:45.2) @ text @d1 1 a1 1 $NetBSD: patch-media_libtheora_moz.build,v 1.5 2016/04/27 16:22:40 ryoon Exp $ d5 1 a5 1 --- media/libtheora/moz.build.orig 2016-04-15 16:57:47.000000000 +0000 d11 1 a11 1 +if CONFIG['MOZ_NATIVE_OGG']: @ 1.5 log @Update to 46.0 * Drop buildlink to gstreamer1 Changelog: New Improved security of the JavaScript Just In Time (JIT) Compiler GTK3 integration (GNU/Linux only) Fixed Correct rendering for scaled SVGs that use a clip and a mask Various security fixes Screen reader behavior with blank spaces in Google Docs corrected Changed WebRTC fixes to improve performance and stability Developer Display dominator trees in Memory tool Allocation and garbage collection pause profiling in the performance panel Launch responsive mode from the Style Editor @@media sidebar HTML5 Added support for document.elementsFromPoint Added HKDF support for Web Crypto API Fixed in Firefox 46 2016-48 Firefox Health Reports could accept events from untrusted domains 2016-47 Write to invalid HashMap entry through JavaScript.watch() 2016-46 Elevation of privilege with chrome.tabs.update API in web extensions 2016-45 CSP not applied to pages sent with multipart/x-mixed-replace 2016-44 Buffer overflow in libstagefright with CENC offsets 2016-43 Disclosure of user actions through JavaScript with motion and orientation sensors 2016-42 Use-after-free and buffer overflow in Service Workers 2016-41 Content provider permission bypass allows malicious application to access data 2016-40 Privilege escalation through file deletion by Maintenance Service updater 2016-39 Miscellaneous memory safety hazards (rv:46.0 / rv:45.1 / rv:38.8) @ text @d1 3 a3 1 $NetBSD: patch-media_libtheora_moz.build,v 1.4 2015/09/23 06:44:42 ryoon Exp $ @ 1.4 log @Update to 41.0 Changelog: New Enhance IME support on Windows (Vista +) using TSF (Text Services Framework) New Ability to set a profile picture for your Firefox Account New Firefox Hello now includes instant messaging New SVG images can be used as favicons New Improved box-shadow rendering performance Changed WebRTC now requires perfect forward secrecy Changed WARP is disabled on Windows 7 Changed Updates to image decoding process Changed Support for running animations of 'transform' and 'opacity' on the compositor thread HTML5 MessageChannel and MessagePort API enabled by default HTML5 Added support for the transform-origin property on SVG elements HTML5 CSS Font Loading API enabled by default HTML5 Navigator.onLine now varies with actual internet connectivity (Windows and Mac OS X only) HTML5 Copy/Cut Web content from JavaScript to the OS clipboard with document.execCommand("cut"/"copy") HTML5 Implemented Cache API for querying named caches that are accessible Window, Worker, and ServiceWorker Developer Removed support for binary XPCOM components in extensions, use addon SDK "system/child_process" pipe mechanism for native binaries instead Developer Network requests can be exported in HAR format Developer Quickly add new CSS rule with New Rule button in the Inspector Developer Screenshot a node or element from markup view with the Screenshot Node context menu item Developer Copy element CSS rule declarations with the Copy Rule Declaration context menu item in the Inspector Developer Pseudo-Class panel in the Inspector Fixed Picture element does not react to resize/viewport changes Fixed Various security fixes Security fixes: Fixed in Firefox 41 2015-114 Information disclosure via the High Resolution Time API 2015-113 Memory safety errors in libGLES in the ANGLE graphics library 2015-112 Vulnerabilities found through code inspection 2015-111 Errors in the handling of CORS preflight request headers 2015-110 Dragging and dropping images exposes final URL after redirects 2015-109 JavaScript immutable property enforcement can be bypassed 2015-108 Scripted proxies can access inner window 2015-107 Out-of-bounds read during 2D canvas display on Linux 16-bit color depth systems 2015-106 Use-after-free while manipulating HTML media content 2015-105 Buffer overflow while decoding WebM video 2015-104 Use-after-free with shared workers and IndexedDB 2015-103 URL spoofing in reader mode 2015-102 Crash when using debugger with SavedStacks in JavaScript 2015-101 Buffer overflow in libvpx while parsing vp9 format video 2015-100 Arbitrary file manipulation by local user through Mozilla updater 2015-99 Site attribute spoofing on Android by pasting URL with unknown scheme 2015-98 Out of bounds read in QCMS library with ICC V4 profile attributes 2015-97 Memory leak in mozTCPSocket to servers 2015-96 Miscellaneous memory safety hazards (rv:41.0 / rv:38.3) @ text @d1 1 a1 1 $NetBSD: patch-media_libtheora_moz.build,v 1.3 2015/08/11 23:48:18 ryoon Exp $ d3 1 a3 1 --- media/libtheora/moz.build.orig 2015-08-24 21:53:11.000000000 +0000 d5 1 a5 1 @@@@ -21,6 +21,9 @@@@ if CONFIG['GKMEDIAS_SHARED_LIBRARY']: d13 1 a13 1 if CONFIG['GNU_CC']: @ 1.4.6.1 log @Pullup ticket #5015 - requested by sevan www/firefox: security fix Revisions pulled up: - www/firefox/Makefile 1.249-1.250 - www/firefox/PLIST 1.105-1.106 - www/firefox/distinfo 1.242-1.243 - www/firefox/mozilla-common.mk 1.73 - www/firefox/patches/patch-aa 1.45 - www/firefox/patches/patch-config_external_moz.build 1.11 - www/firefox/patches/patch-config_system-headers 1.18 - www/firefox/patches/patch-dom_media_gstreamer_GStreamerAllocator.cpp deleted - www/firefox/patches/patch-dom_media_moz.build 1.3 - www/firefox/patches/patch-gfx_skia_generate__mozbuild.py 1.4 - www/firefox/patches/patch-gfx_skia_moz.build 1.11 - www/firefox/patches/patch-gfx_skia_skia_src_core_SkUtilsArm.cpp 1.2 - www/firefox/patches/patch-gfx_skia_skia_src_opts_SkBitmapProcState__opts__arm.cpp deleted - www/firefox/patches/patch-gfx_skia_skia_src_opts_memset.arm.S deleted - www/firefox/patches/patch-gfx_thebes_moz.build 1.3 - www/firefox/patches/patch-media_libcubeb_src_cubeb.c 1.3 - www/firefox/patches/patch-media_libcubeb_src_cubeb__alsa.c 1.14 - www/firefox/patches/patch-media_libcubeb_src_moz.build 1.7 - www/firefox/patches/patch-media_libtheora_moz.build 1.5 - www/firefox/patches/patch-pb deleted - www/firefox/patches/patch-pc deleted - www/firefox/patches/patch-toolkit_library_moz.build 1.5 - www/firefox/patches/patch-xpcom_reflect_xptcall_md_unix_moz.build 1.5 --- Module Name: pkgsrc Committed By: ryoon Date: Wed Apr 13 20:37:33 UTC 2016 Modified Files: pkgsrc/www/firefox: Makefile PLIST distinfo Log Message: Update to 45.0.2 Changelog: Fixed: Fix an issue impacting the cookie header when third-party cookies are blocked (1257861) Fix a web compatibility regression impacting the srcset attribute of the image tag (1259482) Fix a regression with the copy and paste with some old versions of some Gecko applications like Thunderbird (1254980) Fix a crash impacting the video playback with Media Source Extension (1258562) Fix a regression impacting some specific uploads (1255735) --- Module Name: pkgsrc Committed By: ryoon Date: Wed Apr 27 16:22:40 UTC 2016 Modified Files: pkgsrc/www/firefox: Makefile PLIST distinfo mozilla-common.mk pkgsrc/www/firefox/patches: patch-aa patch-config_external_moz.build patch-config_system-headers patch-dom_media_moz.build patch-gfx_skia_generate__mozbuild.py patch-gfx_skia_moz.build patch-gfx_skia_skia_src_core_SkUtilsArm.cpp patch-gfx_thebes_moz.build patch-media_libcubeb_src_cubeb.c patch-media_libcubeb_src_cubeb__alsa.c patch-media_libcubeb_src_moz.build patch-media_libtheora_moz.build patch-toolkit_library_moz.build patch-xpcom_reflect_xptcall_md_unix_moz.build Removed Files: pkgsrc/www/firefox/patches: patch-dom_media_gstreamer_GStreamerAllocator.cpp patch-gfx_skia_skia_src_opts_SkBitmapProcState__opts__arm.cpp patch-gfx_skia_skia_src_opts_memset.arm.S patch-pb patch-pc Log Message: Update to 46.0 * Drop buildlink to gstreamer1 Changelog: New Improved security of the JavaScript Just In Time (JIT) Compiler GTK3 integration (GNU/Linux only) Fixed Correct rendering for scaled SVGs that use a clip and a mask Various security fixes Screen reader behavior with blank spaces in Google Docs corrected Changed WebRTC fixes to improve performance and stability Developer Display dominator trees in Memory tool Allocation and garbage collection pause profiling in the performance panel Launch responsive mode from the Style Editor @@media sidebar HTML5 Added support for document.elementsFromPoint Added HKDF support for Web Crypto API Fixed in Firefox 46 2016-48 Firefox Health Reports could accept events from untrusted domains 2016-47 Write to invalid HashMap entry through JavaScript.watch() 2016-46 Elevation of privilege with chrome.tabs.update API in web extensions 2016-45 CSP not applied to pages sent with multipart/x-mixed-replace 2016-44 Buffer overflow in libstagefright with CENC offsets 2016-43 Disclosure of user actions through JavaScript with motion and orientation sensors 2016-42 Use-after-free and buffer overflow in Service Workers 2016-41 Content provider permission bypass allows malicious application to access data 2016-40 Privilege escalation through file deletion by Maintenance Service updater 2016-39 Miscellaneous memory safety hazards (rv:46.0 / rv:45.1 / rv:38.8) @ text @d1 1 a1 1 $NetBSD$ d3 1 a3 1 --- media/libtheora/moz.build.orig 2016-04-15 16:57:47.000000000 +0000 d5 1 a5 1 @@@@ -21,6 +21,9 @@@@ FINAL_LIBRARY = 'gkmedias' d13 1 a13 1 if CONFIG['GNU_CC'] or CONFIG['CLANG_CL']: @ 1.3 log @Update to 40.0 Changelog: New Support for Windows 10 New Added protection against unwanted software downloads New User can receive suggested tiles in the new tab page based on categories Firefox matches to browsing history (en-US only). New Hello allows adding a link to conversations to provide context on what the conversation will be about New New style for add-on manager based on the in-content preferences style New Improved scrolling, graphics, and video playback performance with off main thread compositing (GNU/Linux only) New Graphic blocklist mechanism improved: Firefox version ranges can be specified, limiting the number of devices blocked Changed Add-on extensions that are not signed by Mozilla will display a warning Changed NPAPI Plug-in performance improved via asynchronous initialization Changed Smoother animation and scrolling with hardware vsync (Windows only) Changed JPEG images use less memory when scaled and can be painted faster Changed Sub-resources can no longer request HTTP authentication, thus protecting users from inadvertently disclosing login data HTML5 IndexedDB transactions are now non-durable by default HTML5 Implemented AudioBufferSourceNode.detune to modulate playback rate in cents, a logarithmic unit of measure used for musical intervals Developer Improved Performance tools in the developer tools: Waterfall view, Call Tree view and a Flame Chart view Developer New rules view tooltip in the Inspector to tweak CSS Filter values Developer Console API messages from SharedWorker and ServiceWorker are now displayed in web console Developer New page ruler highlighting tool that displays lightweight horizontal and vertical rules on a page Developer Inspector now searches across all content frames in a page Fixed Kannada text does not display properly in built-in pdf viewer Fixed Various security fixes Known Issues unresolved If Firefox is restarted from an add-on install notification, on-going private browsing downloads might be canceled without warning (1185294) Fixed in Firefox 40 2015-92 Use-after-free in XMLHttpRequest with shared workers 2015-91 Mozilla Content Security Policy allows for asterisk wildcards in violation of CSP specification 2015-90 Vulnerabilities found through code inspection 2015-89 Buffer overflows on Libvpx when decoding WebM video 2015-88 Heap overflow in gdk-pixbuf when scaling bitmap images 2015-87 Crash when using shared memory in JavaScript 2015-86 Feed protocol with POST bypasses mixed content protections 2015-85 Out-of-bounds write with Updater and malicious MAR file 2015-84 Arbitrary file overwriting through Mozilla Maintenance Service with hard links 2015-83 Overflow issues in libstagefright 2015-82 Redefinition of non-configurable JavaScript object properties 2015-81 Use-after-free in MediaStream playback 2015-80 Out-of-bounds read with malformed MP3 file 2015-79 Miscellaneous memory safety hazards (rv:40.0 / rv:38.2) @ text @d1 1 a1 1 $NetBSD: patch-media_libtheora_moz.build,v 1.2 2015/02/28 04:30:55 ryoon Exp $ d3 1 a3 1 --- media/libtheora/moz.build.orig 2015-08-07 15:54:12.000000000 +0000 a14 6 @@@@ -94,3 +97,5 @@@@ if CONFIG['GNU_AS']: if CONFIG['OS_TARGET'] == 'Android': DEFINES['__linux__'] = True +if CONFIG['MOZ_NATIVE_OGG']: + CFLAGS += CONFIG['MOZ_OGG_CFLAGS'] @ 1.2 log @Update to 36.0 Changelog: New Pinned tiles on the new tab page can be synced New Support for the full HTTP/2 protocol. HTTP/2 enables a faster, more scalable, and more responsive web. New Locale added: Uzbek (uz) Changed -remote option removed Changed No longer accept insecure RC4 ciphers whenever possible Changed Phasing out Certificates with 1024-bit RSA Keys Changed Shut down hangs will now show the crash reporter before exiting the program Changed Add-on Compatibility HTML5 Support for the ECMAScript 6 Symbol data type added HTML5 unicode-range CSS descriptor implemented HTML5 CSSOM-View scroll behavior implemented allowing smooth scrolling of content without custom libraries HTML5 object-fit and object-position implemented. Defines how and where the content of a replaced element is displayed HTML5 isolation CSS property implemented. Create a new stacking context to isolate groups of boxes to control which blend together HTML5 CSS3 will-change property implemented. Hints the browser of elements that will be modified. The browser will perform some performance optimization for these HTML5 Changed JavaScript 'const' semantics to conform better to the ES6 specification. The const declaration is now block-scoped and requires an initializer. It also can not be redeclared anymore. HTML5 Improved ES6 generators for better performance Developer Eval sources now appear in the Debugger Debug JavaScript code that is evaluated dynamically, either as a string passed to eval() or as a string passed to the Function constructor Developer DOM Promises inspection Developer Inspector: More paste options in markup view Fixed CSS gradients work on premultiplied colors Fixed Fix some unexpected logout from Facebook or Google after restart Fixed Various security fixes Fixed in Firefox 36 2015-27 Caja Compiler JavaScript sandbox bypass 2015-26 UI Tour whitelisted sites in background tab can spoof foreground tabs 2015-25 Local files or privileged URLs in pages can be opened into new tabs 2015-24 Reading of local files through manipulation of form autocomplete 2015-23 Use-after-free in Developer Console date with OpenType Sanitiser 2015-22 Crash using DrawTarget in Cairo graphics library 2015-21 Buffer underflow during MP3 playback 2015-20 Buffer overflow during CSS restyling 2015-19 Out-of-bounds read and write while rendering SVG content 2015-18 Double-free when using non-default memory allocators with a zero-length XHR 2015-17 Buffer overflow in libstagefright during MP4 video playback 2015-16 Use-after-free in IndexedDB 2015-15 TLS TURN and STUN connections silently fail to simple TCP connections 2015-14 Malicious WebGL content crash when writing strings 2015-13 Appended period to hostnames can bypass HPKP and HSTS protections 2015-12 Invoking Mozilla updater will load locally stored DLL files 2015-11 Miscellaneous memory safety hazards (rv:36.0 / rv:31.5) @ text @d1 1 a1 1 $NetBSD: patch-media_libtheora_moz.build,v 1.1 2014/12/01 18:11:14 ryoon Exp $ d3 1 a3 1 --- media/libtheora/moz.build.orig 2015-02-17 21:40:41.000000000 +0000 d5 11 a15 1 @@@@ -93,3 +93,5 @@@@ if CONFIG['GNU_AS']: @ 1.1 log @Update to 34.0.5 Changelog: New Default search engine changed to Yahoo! for North America New Default search engine changed to Yandex for Belarusian, Kazakh, and Russian locales New Improved search bar (en-US only) New Firefox Hello real-time communication client New Easily switch themes/personas directly in the Customizing mode New Wikipedia search now uses HTTPS for secure searching (en-US only) New Implementation of HTTP/2 (draft14) and ALPN New Recover from a locked Firefox process in the "Firefox is already running" dialog on Windows Changed Disabled SSLv3 Changed Proprietary window.crypto properties/functions re-enabled (to be removed in Firefox 35) Changed Firefox signed by Apple OS X version 2 signature HTML5 ECMAScript 6 WeakSet Implemented HTML5 JavaScript Template Strings Implemented HTML5 CSS3 Font variants and features control (e.g. kerning) implemented HTML5 WebCrypto: RSA-OAEP, PBKDF2 and AES-KW support HTML5 WebCrypto: wrapKey and unwrapKey implemented HTML5 WebCrypto: Import/export of JWK-formatted keys HTML5 matches() DOM API implemented (formerly mozMatchesSelector()) HTML5 Performance.now() for workers implemented HTML5 WebCrypto: ECDH support Developer WebIDE: Create, edit, and test a new Web application from your browser Developer Highlight all nodes that match a given selector in the Style Editor and the Inspector's Rules panel Developer Improved User Interface of the Profiler Developer console.table function added to web console Fixed CSS transitions start correctly when started at the same time as changes to display, position, overflow, and similar properties Fixed Various security fixes 2014-89 Bad casting from the BasicThebesLayer to BasicContainerLayer 2014-88 Buffer overflow while parsing media content 2014-87 Use-after-free during HTML5 parsing 2014-86 CSP leaks redirect data via violation reports 2014-85 XMLHttpRequest crashes with some input streams 2014-84 XBL bindings accessible via improper CSS declarations 2014-83 Miscellaneous memory safety hazards (rv:34.0 / rv:31.3) @ text @d1 1 a1 1 $NetBSD$ d3 1 a3 1 --- media/libtheora/moz.build.orig 2014-11-21 03:37:42.000000000 +0000 d5 3 a7 3 @@@@ -6,3 +6,5 @@@@ DIRS += ['include', 'lib'] @