head 1.9; access; symbols pkgsrc-2018Q1:1.8.0.2 pkgsrc-2018Q1-base:1.8 pkgsrc-2017Q4:1.6.0.12 pkgsrc-2017Q4-base:1.6 pkgsrc-2017Q3:1.6.0.10 pkgsrc-2017Q3-base:1.6 pkgsrc-2017Q2:1.6.0.6 pkgsrc-2017Q2-base:1.6 pkgsrc-2017Q1:1.6.0.4 pkgsrc-2017Q1-base:1.6 pkgsrc-2016Q4:1.6.0.2 pkgsrc-2016Q4-base:1.6 pkgsrc-2016Q1:1.4.0.2 pkgsrc-2016Q1-base:1.4 pkgsrc-2015Q4:1.2.0.6 pkgsrc-2015Q4-base:1.2 pkgsrc-2015Q3:1.2.0.4 pkgsrc-2015Q3-base:1.2 pkgsrc-2015Q2:1.2.0.2 pkgsrc-2015Q2-base:1.2 pkgsrc-2015Q1:1.1.0.4 pkgsrc-2015Q1-base:1.1 pkgsrc-2014Q4:1.1.0.2 pkgsrc-2014Q4-base:1.1; locks; strict; comment @# @; 1.9 date 2018.05.10.20.01.53; author ryoon; state dead; branches; next 1.8; commitid xD42Z67JHKvGXMBA; 1.8 date 2018.03.17.00.59.03; author ryoon; state Exp; branches; next 1.7; commitid yheX9IRIu7EcnKuA; 1.7 date 2018.01.24.16.52.08; author ryoon; state Exp; branches; next 1.6; commitid Yl8uDmLMV5LNj9oA; 1.6 date 2016.12.03.09.58.26; author ryoon; state Exp; branches 1.6.12.1; next 1.5; commitid uIUIk0K6tuQSqwwz; 1.5 date 2016.06.16.12.08.21; author ryoon; state dead; branches; next 1.4; commitid LAwegbTYgLLjCGaz; 1.4 date 2016.03.08.21.32.52; author ryoon; state Exp; branches; next 1.3; commitid BVJhJwzz8HleXSXy; 1.3 date 2016.01.27.00.08.26; author ryoon; state Exp; branches; next 1.2; commitid U4PoPJGIWVIiavSy; 1.2 date 2015.05.12.22.48.54; author ryoon; state Exp; branches; next 1.1; commitid NJZg0HQjg2n73dly; 1.1 date 2014.12.01.18.11.14; author ryoon; state Exp; branches; next ; commitid jJPLy0Wr2QzMIm0y; 1.6.12.1 date 2018.03.09.07.17.30; author spz; state Exp; branches; next 1.6.12.2; commitid DwVK6v0Mc0P0JKtA; 1.6.12.2 date 2018.03.22.06.56.21; author spz; state Exp; branches; next ; commitid 8s0l4dxdhHyRbqvA; desc @@ 1.9 log @Update to 60.0 * Remove untested patches including NetBSD/earm support Changelog: New Added a policy engine that allows customized Firefox deployments in enterprise environments, using Windows Group Policy or a cross-platform JSON file Enhancements to New Tab / Firefox Home Responsive layout that shows more content for users with wide-screen displays Highlights section includes web sites saved to Pocket More options to reorder sections and content on the page Pocket Sponsored Stories will appear for a percentage of users in the US. Read about our privacy-conscious approach to sponsored content Redesigned Cookies and Site Storage section in Preferences for greater clarity and control of first- and third-party cookies Applied Quantum CSS to render browser UI Added support for Web Authentication API, which allows USB tokens for website authentication Enhanced camera privacy indicators: Firefox now turns off your camera and the camera's light when you disable video recording, and turns the camera and light on when you resume recording Added an option for Linux users to show or hide page titles in a bar at the top of the browser. You'll find the Title Bar option in the Customize panel available from the main browser menu. Improved WebRTC audio performance and playback for Linux users Locale added: Occitan (oc) Fixed Various security fixes Changed #CVE-2018-5154: Use-after-free with SVG animations and clip paths #CVE-2018-5155: Use-after-free with SVG animations and text paths #CVE-2018-5157: Same-origin bypass of PDF Viewer to view protected PDF files #CVE-2018-5158: Malicious PDF can inject JavaScript into PDF Viewer #CVE-2018-5159: Integer overflow and out-of-bounds write in Skia #CVE-2018-5160: Uninitialized memory use by WebRTC encoder #CVE-2018-5152: WebExtensions information leak through webRequest API #CVE-2018-5153: Out-of-bounds read in mixed content websocket messages #CVE-2018-5163: Replacing cached data in JavaScript Start-up Bytecode Cache #CVE-2018-5164: CSP not applied to all multipart content sent with multipart/x-mixed-replace #CVE-2018-5166: WebExtension host permission bypass through filterReponseData #CVE-2018-5167: Improper linkification of chrome: and javascript: content in web console and JavaScript debugger #CVE-2018-5168: Lightweight themes can be installed without user interaction #CVE-2018-5169: Dragging and dropping link text onto home button can set home page to include chrome pages #CVE-2018-5172: Pasted script from clipboard can run in the Live Bookmarks page or PDF viewer #CVE-2018-5173: File name spoofing of Downloads panel with Unicode characters #CVE-2018-5174: Windows Defender SmartScreen UI runs with less secure behavior for downloaded files in Windows 10 April 2018 Update #CVE-2018-5175: Universal CSP bypass on sites using strict-dynamic in their policies #CVE-2018-5176: JSON Viewer script injection #CVE-2018-5177: Buffer overflow in XSLT during number formatting #CVE-2018-5165: Checkbox for enabling Flash protected mode is inverted in 32-bit Firefox #CVE-2018-5180: heap-use-after-free in mozilla::WebGLContext::DrawElementsInstanced #CVE-2018-5181: Local file can be displayed in noopener tab through drag and drop of hyperlink #CVE-2018-5182: Local file can be displayed from hyperlink dragged and dropped on addressbar #CVE-2018-5151: Memory safety bugs fixed in Firefox 60 #CVE-2018-5150: Memory safety bugs fixed in Firefox 60 and Firefox ESR 52.8 @ text @$NetBSD: patch-netwerk_dns_moz.build,v 1.8 2018/03/17 00:59:03 ryoon Exp $ --- netwerk/dns/moz.build.orig 2018-03-10 02:54:17.000000000 +0000 +++ netwerk/dns/moz.build @@@@ -73,3 +73,6 @@@@ USE_LIBS += ['icu'] if CONFIG['CC_TYPE'] in ('clang', 'gcc'): CXXFLAGS += ['-Wno-error=shadow'] + +if CONFIG['MOZ_SYSTEM_HARFBUZZ']: + CXXFLAGS += CONFIG['MOZ_HARFBUZZ_CFLAGS'] @ 1.8 log @Update to 59.0.1 Changelog: 59.0.1 Security fix #CVE-2018-5146: Out of bounds memory write in libvorbis 59.0 New Performance enhancements: - Faster load times for content on the Firefox Home page - Faster page load times by loading either from the networked cache or the cache on the user's hard drive (Race Cache With Network) - Improved graphics rendering using Off-Main-Thread Painting (OMTP) for Mac users (OMTP for Windows was released in Firefox 58) Drag-and-drop to rearrange Top Sites on the Firefox Home page, and customize new windows and tabs in other ways Added features for Firefox Screenshots: - Basic annotation lets the user draw on and highlight saved screenshots - Recropping to change the viewable area of saved screenshots Enhanced WebExtensions API including better support for decentralized protocols and the ability to dynamically register content scripts Improved Real-Time Communications (RTC) capabilities. - Implemented RTP Transceiver to give pages more fine grained control over calls - Implemented features to support large scale conferences Added support for W3C specs for pointer events and improved platform integration with added device support for mouse, pen, and touch screen pointer input Added the Ecosia search engine as an option for German Firefox Added the Qwant search engine as an option for French Firefox Added settings in about:preferences to stop websites from asking to send notifications or access your device's camera, microphone, and location, while still allowing trusted websites to use these features Fixed Various security fixes Changed Firefox Private Browsing Mode will remove path information from referrers to prevent cross-site tracking Security fixes: #CVE-2018-5127: Buffer overflow manipulating SVG animatedPathSegList #CVE-2018-5128: Use-after-free manipulating editor selection ranges #CVE-2018-5129: Out-of-bounds write with malformed IPC messages #CVE-2018-5130: Mismatched RTP payload type can trigger memory corruption #CVE-2018-5131: Fetch API improperly returns cached copies of no-store/no-cache resources #CVE-2018-5132: WebExtension Find API can search privileged pages #CVE-2018-5133: Value of the app.support.baseURL preference is not properly sanitized #CVE-2018-5134: WebExtensions may use view-source: URLs to bypass content restrictions #CVE-2018-5135: WebExtension browserAction can inject scripts into unintended contexts #CVE-2018-5136: Same-origin policy violation with data: URL shared workers #CVE-2018-5137: Script content can access legacy extension non-contentaccessible resources #CVE-2018-5138: Android Custom Tab address spoofing through long domain names #CVE-2018-5140: Moz-icon images accessible to web content through moz-icon: protocol #CVE-2018-5141: DOS attack through notifications Push API #CVE-2018-5142: Media Capture and Streams API permissions display incorrect origin with data: and blob: URLs #CVE-2018-5143: Self-XSS pasting javascript: URL with embedded tab into addressbar #CVE-2018-5126: Memory safety bugs fixed in Firefox 59 #CVE-2018-5125: Memory safety bugs fixed in Firefox 59 and Firefox ESR 52.7 @ text @d1 1 a1 1 $NetBSD: patch-netwerk_dns_moz.build,v 1.7 2018/01/24 16:52:08 ryoon Exp $ @ 1.7 log @Update to 58.0 Changelog: New Performance improvements, including: Rendering graphics for Windows users by using Off-Main-Threa Painting (OMTP) Loading pages faster by changing how Firefox caches and retrieves JavaScript Improvements to Firefox Screenshots: Copy and paste screenshots directly to your clipboard Firefox Screenshots now works in Private Browsing mode Added Nepali (ne-NP) locale In case you missed it--57 Release privacy and performance feature: Users can enable Tracking Protection at all times. Learn how to turn Tracking Protection on. Fixed Fonts installed in non-standard directories will no longer appear blank for Linux users Various security fixes Changed User profiles created in Firefox 58 (and in future releases) are not supported in previous versions of Firefox. Users who downgrade to a previous version should create a new profile for that version. Learn about alternatives to downgrading on our support site. Added a warning to alert users and site owners of planned security changes to sites affected by the gradual distrust plan for the Symantec certificate authority #CVE-2018-5091: Use-after-free with DTMF timers #CVE-2018-5092: Use-after-free in Web Workers #CVE-2018-5093: Buffer overflow in WebAssembly during Memory/Table resizing #CVE-2018-5094: Buffer overflow in WebAssembly with garbage collection on uninitialized memory #CVE-2018-5095: Integer overflow in Skia library during edge builder allocation #CVE-2018-5097: Use-after-free when source document is manipulated during XSLT #CVE-2018-5098: Use-after-free while manipulating form input elements #CVE-2018-5099: Use-after-free with widget listener #CVE-2018-5100: Use-after-free when IsPotentiallyScrollable arguments are freed from memory #CVE-2018-5101: Use-after-free with floating first-letter style elements #CVE-2018-5102: Use-after-free in HTML media elements #CVE-2018-5103: Use-after-free during mouse event handling #CVE-2018-5104: Use-after-free during font face manipulation #CVE-2018-5105: WebExtensions can save and execute files on local file system without user prompts #CVE-2018-5106: Developer Tools can expose style editor information cross-origin through service worker #CVE-2018-5107: Printing process will follow symlinks for local file access #CVE-2018-5108: Manually entered blob URL can be accessed by subsequent private browsing tabs #CVE-2018-5109: Audio capture prompts and starts with incorrect origin attribution #CVE-2018-5110: Cursor can be made invisible on OS X #CVE-2018-5117: URL spoofing with right-to-left text aligned left-to-right #CVE-2018-5118: Activity Stream images can attempt to load local content through file: #CVE-2018-5119: Reader view will load cross-origin content in violation of CORS headers #CVE-2018-5121: OS X Tibetan characters render incompletely in the addressbar #CVE-2018-5122: Potential integer overflow in DoCrypt #CVE-2018-5090: Memory safety bugs fixed in Firefox 58 #CVE-2018-5089: Memory safety bugs fixed in Firefox 58 and Firefox ESR 52.6 @ text @d1 1 a1 1 $NetBSD: patch-netwerk_dns_moz.build,v 1.6 2016/12/03 09:58:26 ryoon Exp $ d3 1 a3 1 --- netwerk/dns/moz.build.orig 2018-01-11 20:17:04.000000000 +0000 d7 1 a7 1 if CONFIG['GNU_CXX']: @ 1.6 log @Update to 50.0.2 * Change default audio support to ALSA. You can use OSS or pulseaudio via ALSA plugin package. Changelog: 50.0.2: Fixed in Firefox 50.0.2 #CVE-2016-9079: Use-after-free in SVG Animation 50.0.1: Fixed *Firefox crashes with 3rd party Chinese IME when using IME text Security vulnerabilities fixed in Firefox 50.0.1: #CVE-2016-9078: data: URL can inherit wrong origin after an HTTP redirect 50.0: New *Playback video on more sites without plugins with WebM EME Support for Widevine on Windows and Mac *Improved performance for SDK extensions or extensions using the SDK module loader *Added download protection for a large number of executable file types on Windows, Mac and Linux *Increased availability of WebGL to more than 98 percent of users on Windows 7 and newer *Added Guarani (gn) locale *Added option to Find in page that allows users to limit search to whole words only *Updates to keyboard shortcuts *Set a preference to have Ctrl+Tab cycle through tabs in recently used order *View a page in Reader Mode by using Ctrl+Alt+R (command+alt+r on Mac) Fixed *Login cookies are now saved for sites with a high number of cookies (Bug 1264192) *Various security fixes *Fixed rendering of dashed and dotted borders with rounded corners (border-radius) Changed *The link to check for plugin security updates has been removed from the addon manager as Firefox automatically checks for plugin updates *Blocked versions of libavcodec older than 54.35.1 *Added a built-in Emoji set for operating systems without native Emoji fonts (Windows 8.0 and lower and Linux) Developer *Changes for web developers Security vulnerabilities fixed in Firefox 50: #CVE-2016-5296: Heap-buffer-overflow WRITE in rasterize_edges_1 #CVE-2016-5292: URL parsing causes crash #CVE-2016-5293: Write to arbitrary file with Mozilla Updater and Maintenance Service using updater.log hardlink #CVE-2016-5294: Arbitrary target directory for result files of update process #CVE-2016-5297: Incorrect argument length checking in JavaScript #CVE-2016-9064: Add-ons update must verify IDs match between current and new versions #CVE-2016-9065: Firefox for Android location bar spoofing using fullscreen #CVE-2016-9066: Integer overflow leading to a buffer overflow in nsScriptLoadHandler #CVE-2016-9067: heap-use-after-free in nsINode::ReplaceOrInsertBefore #CVE-2016-9068: heap-use-after-free in nsRefreshDriver #CVE-2016-9072: 64-bit NPAPI sandbox isn't enabled on fresh profile #CVE-2016-9075: WebExtensions can access the mozAddonManager API and use it to gain elevated privileges #CVE-2016-9077: Canvas filters allow feDisplacementMaps to be applied to cross-origin images, allowing timing attacks on them #CVE-2016-5291: Same-origin policy violation using local HTML file and saved shortcut file #CVE-2016-5295: Mozilla Maintenance Service: Ability to read arbitrary files as SYSTEM #CVE-2016-5298: SSL indicator can mislead the user about the real URL visited #CVE-2016-5299: Firefox AuthToken in broadcast protected with signature-level permission can be accessed by an application installed beforehand that defines the same permissionsPI key (glocation) in broadcast protected with signature-level permission can be accessed by an application installed beforehand that defines the same permissions #CVE-2016-9062: Private browsing browser traces (Android) in browser.db and wal file #CVE-2016-9070: Sidebar bookmark can have reference to chrome window #CVE-2016-9073: windows.create schema doesn't specify "format": "relativeUrl" #CVE-2016-9074: Insufficient timing side-channel resistance in divSpoiler #CVE-2016-9076: select dropdown menu can be used for URL bar spoofing on e10s #CVE-2016-9063: Possible integer overflow to fix inside XML_Parse in Expat #CVE-2016-9071: Probe browser history via HSTS/301 redirect + CSP #CVE-2016-5289: Memory safety bugs fixed in Firefox 50 #CVE-2016-5290: Memory safety bugs fixed in Firefox 50 and Firefox ESR 45.5 @ text @d1 1 a1 1 $NetBSD$ d3 1 a3 1 --- netwerk/dns/moz.build.orig 2016-10-31 20:15:27.000000000 +0000 d5 1 a5 3 @@@@ -66,6 +66,9 @@@@ LOCAL_INCLUDES += [ '/netwerk/base', ] d7 3 a11 4 + if CONFIG['ENABLE_INTL_API']: DEFINES['IDNA2008'] = True USE_LIBS += ['icu'] @ 1.6.12.1 log @Pullup ticket #5695 - requested by he and maya www/firefox: security update www/firefox-l10n: dependent update NOTE: firefox-58 needs rust and rust in pkgsrc-2017Q4 needs /proc Revisions pulled up: - www/firefox-l10n/Makefile 1.117-1.120 - www/firefox-l10n/PLIST 1.58-1.59 - www/firefox-l10n/distinfo 1.108-1.110 - www/firefox/Makefile 1.316-1.318 - www/firefox/PLIST 1.126 - www/firefox/distinfo 1.304-1.306 - www/firefox/mozilla-common.mk 1.103-1.104 - www/firefox/patches/patch-aa 1.55 - www/firefox/patches/patch-build_moz.configure_keyfiles.configure deleted - www/firefox/patches/patch-config_Makefile.in deleted - www/firefox/patches/patch-config_system-headers deleted - www/firefox/patches/patch-config_system-headers.mozbuild 1.1 - www/firefox/patches/patch-dom_media_flac_FlacDecoder.cpp 1.1 - www/firefox/patches/patch-dom_media_moz.build 1.8 - www/firefox/patches/patch-intl_unicharutil_util_moz.build 1.7 - www/firefox/patches/patch-ipc_chromium_src_base_process__util.h deleted - www/firefox/patches/patch-ipc_glue_MessageChannel.cpp 1.1 - www/firefox/patches/patch-js_src_build_moz.build 1.2 - www/firefox/patches/patch-media_libcubeb_src_cubeb__alsa.c 1.26 - www/firefox/patches/patch-media_libsoundtouch_src_cpu__detect__x86.cpp deleted - www/firefox/patches/patch-netwerk_dns_moz.build 1.7 - www/firefox/patches/patch-servo_components_gfx_font.rs deleted - www/firefox/patches/patch-servo_components_net__traits_response.rs deleted - www/firefox/patches/patch-servo_components_net_fetch_cors__cache.rs deleted - www/firefox/patches/patch-servo_components_net_fetch_methods.rs deleted - www/firefox/patches/patch-servo_components_net_websocket__loader.rs deleted - www/firefox/patches/patch-servo_components_script_dom_bindings_str.rs deleted - www/firefox/patches/patch-servo_components_script_dom_blob.rs deleted - www/firefox/patches/patch-servo_components_script_dom_cssstyledeclaration.rs deleted - www/firefox/patches/patch-servo_components_script_dom_document.rs deleted - www/firefox/patches/patch-servo_components_script_dom_element.rs deleted - www/firefox/patches/patch-servo_components_script_dom_htmlelement.rs deleted - www/firefox/patches/patch-servo_components_script_dom_htmllinkelement.rs deleted - www/firefox/patches/patch-servo_components_script_dom_htmlmetaelement.rs deleted - www/firefox/patches/patch-servo_components_script_dom_htmlscriptelement.rs deleted - www/firefox/patches/patch-servo_components_script_dom_macros.rs deleted - www/firefox/patches/patch-servo_components_script_dom_namednodemap.rs deleted - www/firefox/patches/patch-servo_components_script_dom_serviceworkercontainer.rs deleted - www/firefox/patches/patch-servo_components_script_dom_servoparser_async__html.rs deleted - www/firefox/patches/patch-servo_components_script_dom_websocket.rs deleted - www/firefox/patches/patch-servo_components_script_dom_window.rs deleted - www/firefox/patches/patch-servo_components_script_dom_xmlhttprequest.rs deleted - www/firefox/patches/patch-servo_components_selectors_attr.rs deleted - www/firefox/patches/patch-servo_components_selectors_parser.rs deleted - www/firefox/patches/patch-servo_components_style__traits_viewport.rs deleted - www/firefox/patches/patch-servo_components_style_attr.rs deleted - www/firefox/patches/patch-servo_components_style_counter__style_mod.rs deleted - www/firefox/patches/patch-servo_components_style_custom__properties.rs deleted - www/firefox/patches/patch-servo_components_style_gecko__string__cache_mod.rs deleted - www/firefox/patches/patch-servo_components_style_gecko_generated_pseudo__element__definition.rs deleted - www/firefox/patches/patch-servo_components_style_gecko_pseudo__element__definition.mako.rs deleted - www/firefox/patches/patch-servo_components_style_properties_helpers_animated__properties.mako.rs 1.1 - www/firefox/patches/patch-servo_components_style_properties_longhand_font.mako.rs deleted - www/firefox/patches/patch-servo_components_style_properties_longhand_pointing.mako.rs deleted - www/firefox/patches/patch-servo_components_style_servo_selector__parser.rs deleted - www/firefox/patches/patch-servo_components_style_str.rs deleted - www/firefox/patches/patch-servo_components_style_stylesheets_viewport__rule.rs deleted - www/firefox/patches/patch-servo_components_style_values_mod.rs deleted - www/firefox/patches/patch-servo_components_style_values_specified_align.rs deleted - www/firefox/patches/patch-servo_components_style_values_specified_angle.rs deleted - www/firefox/patches/patch-servo_components_style_values_specified_calc.rs deleted - www/firefox/patches/patch-servo_components_style_values_specified_grid.rs deleted - www/firefox/patches/patch-servo_components_style_values_specified_length.rs deleted - www/firefox/patches/patch-servo_components_style_values_specified_mod.rs deleted - www/firefox/patches/patch-servo_components_style_values_specified_percentage.rs deleted - www/firefox/patches/patch-servo_components_style_values_specified_text.rs deleted - www/firefox/patches/patch-servo_components_style_values_specified_time.rs deleted - www/firefox/patches/patch-third__party_python_futures_concurrent_futures_process.py 1.3 - www/firefox/patches/patch-toolkit_components_protobuf_src_google_protobuf_stubs_atomicops.h 1.4 - www/firefox/patches/patch-toolkit_moz.configure 1.9 - www/firefox/patches/patch-toolkit_mozapps_installer_packager.mk 1.1 - www/firefox/patches/patch-xpcom_reflect_xptcall_md_unix_Makefile.in deleted ------------------------------------------------------------------- Module Name: pkgsrc Committed By: ryoon Date: Mon Jan 1 07:02:17 UTC 2018 Modified Files: pkgsrc/www/firefox: Makefile distinfo Log Message: Update to 57.0.3 Changelog: Fixed * Fix a crash reporting issue that inadvertently sends background tab crash reports to Mozilla without user opt-in (bug 1427111) To generate a diff of this commit: cvs rdiff -u -r1.315 -r1.316 pkgsrc/www/firefox/Makefile cvs rdiff -u -r1.303 -r1.304 pkgsrc/www/firefox/distinfo ------------------------------------------------------------------- Module Name: pkgsrc Committed By: ryoon Date: Mon Jan 1 07:03:33 UTC 2018 Modified Files: pkgsrc/www/firefox-l10n: Makefile distinfo Log Message: Update to 57.0.3 * Sync with www/firefox-57.0.3 To generate a diff of this commit: cvs rdiff -u -r1.116 -r1.117 pkgsrc/www/firefox-l10n/Makefile cvs rdiff -u -r1.107 -r1.108 pkgsrc/www/firefox-l10n/distinfo ------------------------------------------------------------------- Module Name: pkgsrc Committed By: ryoon Date: Mon Jan 8 09:37:57 UTC 2018 Modified Files: pkgsrc/www/firefox: Makefile distinfo mozilla-common.mk Added Files: pkgsrc/www/firefox/patches: patch-servo_components_gfx_font.rs patch-servo_components_net__traits_response.rs patch-servo_components_net_fetch_cors__cache.rs patch-servo_components_net_fetch_methods.rs patch-servo_components_net_websocket__loader.rs patch-servo_components_script_dom_bindings_str.rs patch-servo_components_script_dom_blob.rs patch-servo_components_script_dom_cssstyledeclaration.rs patch-servo_components_script_dom_document.rs patch-servo_components_script_dom_element.rs patch-servo_components_script_dom_htmlelement.rs patch-servo_components_script_dom_htmllinkelement.rs patch-servo_components_script_dom_htmlmetaelement.rs patch-servo_components_script_dom_htmlscriptelement.rs patch-servo_components_script_dom_macros.rs patch-servo_components_script_dom_namednodemap.rs patch-servo_components_script_dom_serviceworkercontainer.rs patch-servo_components_script_dom_servoparser_async__html.rs patch-servo_components_script_dom_websocket.rs patch-servo_components_script_dom_window.rs patch-servo_components_script_dom_xmlhttprequest.rs patch-servo_components_selectors_attr.rs patch-servo_components_selectors_parser.rs patch-servo_components_style__traits_viewport.rs patch-servo_components_style_attr.rs patch-servo_components_style_counter__style_mod.rs patch-servo_components_style_custom__properties.rs patch-servo_components_style_gecko__string__cache_mod.rs patch-servo_components_style_gecko_generated_pseudo__element__definition.rs patch-servo_components_style_gecko_pseudo__element__definition.mako.rs patch-servo_components_style_properties_longhand_font.mako.rs patch-servo_components_style_properties_longhand_pointing.mako.rs patch-servo_components_style_servo_selector__parser.rs patch-servo_components_style_str.rs patch-servo_components_style_stylesheets_viewport__rule.rs patch-servo_components_style_values_mod.rs patch-servo_components_style_values_specified_align.rs patch-servo_components_style_values_specified_angle.rs patch-servo_components_style_values_specified_calc.rs patch-servo_components_style_values_specified_grid.rs patch-servo_components_style_values_specified_length.rs patch-servo_components_style_values_specified_mod.rs patch-servo_components_style_values_specified_percentage.rs patch-servo_components_style_values_specified_text.rs patch-servo_components_style_values_specified_time.rs Log Message: Update to 57.0.4 * Use lang/rust-1.23.0 Changelog: Speculative execution side-channel attack ("Spectre") Announced January 4, 2018 Reporter Jann Horn (Google Project Zero); Microsoft Vunerability Research Impact High Products Firefox Fixed in Firefox 57.0.4 Description Jann Horn of Google Project Zero Security reported that speculative execution performed by modern CPUs could leak information through a timing side-channel attack. Microsoft Vulnerability Research extended this attack to browser JavaScript engines and demonstrated that code on a malicious web page could read data from other web sites (violating the same-origin policy) or private data from the browser itself. Since this new class of attacks involves measuring precise time intervals, as a partial, short-term, mitigation we are disabling or reducing the precision of several time sources in Firefox. The precision of performance.now() has been reduced from 5us to 20us, and the SharedArrayBuffer feature has been disabled because it can be used to construct a high-resolution timer. SharedArrayBuffer is already disabled in Firefox 52 ESR. To generate a diff of this commit: cvs rdiff -u -r1.316 -r1.317 pkgsrc/www/firefox/Makefile cvs rdiff -u -r1.304 -r1.305 pkgsrc/www/firefox/distinfo cvs rdiff -u -r1.102 -r1.103 pkgsrc/www/firefox/mozilla-common.mk cvs rdiff -u -r0 -r1.1 \ pkgsrc/www/firefox/patches/patch-servo_components_gfx_font.rs \ pkgsrc/www/firefox/patches/patch-servo_components_net__traits_response.rs \ pkgsrc/www/firefox/patches/patch-servo_components_net_fetch_cors__cache.rs \ pkgsrc/www/firefox/patches/patch-servo_components_net_fetch_methods.rs \ pkgsrc/www/firefox/patches/patch-servo_components_net_websocket__loader.rs \ pkgsrc/www/firefox/patches/patch-servo_components_script_dom_bindings_str.rs \ pkgsrc/www/firefox/patches/patch-servo_components_script_dom_blob.rs \ pkgsrc/www/firefox/patches/patch-servo_components_script_dom_element.rs \ pkgsrc/www/firefox/patches/patch-servo_components_script_dom_htmlelement.rs \ pkgsrc/www/firefox/patches/patch-servo_components_script_dom_htmllinkelement.rs \ pkgsrc/www/firefox/patches/patch-servo_components_script_dom_htmlmetaelement.rs \ pkgsrc/www/firefox/patches/patch-servo_components_script_dom_htmlscriptelement.rs \ pkgsrc/www/firefox/patches/patch-servo_components_script_dom_macros.rs \ pkgsrc/www/firefox/patches/patch-servo_components_script_dom_namednodemap.rs \ pkgsrc/www/firefox/patches/patch-servo_components_script_dom_serviceworkercontainer.rs \ pkgsrc/www/firefox/patches/patch-servo_components_script_dom_websocket.rs \ pkgsrc/www/firefox/patches/patch-servo_components_script_dom_window.rs \ pkgsrc/www/firefox/patches/patch-servo_components_selectors_attr.rs \ pkgsrc/www/firefox/patches/patch-servo_components_style__traits_viewport.rs \ pkgsrc/www/firefox/patches/patch-servo_components_style_attr.rs \ pkgsrc/www/firefox/patches/patch-servo_components_style_counter__style_mod.rs \ pkgsrc/www/firefox/patches/patch-servo_components_style_custom__properties.rs \ pkgsrc/www/firefox/patches/patch-servo_components_style_gecko__string__cache_mod.rs \ pkgsrc/www/firefox/patches/patch-servo_components_style_gecko_generated_pseudo__element__definition.rs \ pkgsrc/www/firefox/patches/patch-servo_components_style_gecko_pseudo__element__definition.mako.rs \ pkgsrc/www/firefox/patches/patch-servo_components_style_properties_longhand_font.mako.rs \ pkgsrc/www/firefox/patches/patch-servo_components_style_properties_longhand_pointing.mako.rs \ pkgsrc/www/firefox/patches/patch-servo_components_style_servo_selector__parser.rs \ pkgsrc/www/firefox/patches/patch-servo_components_style_str.rs \ pkgsrc/www/firefox/patches/patch-servo_components_style_stylesheets_viewport__rule.rs \ pkgsrc/www/firefox/patches/patch-servo_components_style_values_mod.rs \ pkgsrc/www/firefox/patches/patch-servo_components_style_values_specified_align.rs \ pkgsrc/www/firefox/patches/patch-servo_components_style_values_specified_angle.rs \ pkgsrc/www/firefox/patches/patch-servo_components_style_values_specified_calc.rs \ pkgsrc/www/firefox/patches/patch-servo_components_style_values_specified_grid.rs \ pkgsrc/www/firefox/patches/patch-servo_components_style_values_specified_length.rs \ pkgsrc/www/firefox/patches/patch-servo_components_style_values_specified_mod.rs \ pkgsrc/www/firefox/patches/patch-servo_components_style_values_specified_percentage.rs \ pkgsrc/www/firefox/patches/patch-servo_components_style_values_specified_text.rs \ pkgsrc/www/firefox/patches/patch-servo_components_style_values_specified_time.rs cvs rdiff -u -r0 -r1.3 \ pkgsrc/www/firefox/patches/patch-servo_components_script_dom_cssstyledeclaration.rs \ pkgsrc/www/firefox/patches/patch-servo_components_script_dom_document.rs \ pkgsrc/www/firefox/patches/patch-servo_components_script_dom_servoparser_async__html.rs \ pkgsrc/www/firefox/patches/patch-servo_components_script_dom_xmlhttprequest.rs \ pkgsrc/www/firefox/patches/patch-servo_components_selectors_parser.rs ------------------------------------------------------------------- Module Name: pkgsrc Committed By: ryoon Date: Sun Jan 21 01:29:28 UTC 2018 Modified Files: pkgsrc/www/firefox-l10n: Makefile distinfo Log Message: Update to 57.0.4 * Sync with www/firefox-57.0.4 To generate a diff of this commit: cvs rdiff -u -r1.117 -r1.118 pkgsrc/www/firefox-l10n/Makefile cvs rdiff -u -r1.108 -r1.109 pkgsrc/www/firefox-l10n/distinfo ------------------------------------------------------------------- Module Name: pkgsrc Committed By: ryoon Date: Wed Jan 24 16:52:08 UTC 2018 Modified Files: pkgsrc/www/firefox: Makefile PLIST distinfo mozilla-common.mk pkgsrc/www/firefox/patches: patch-aa patch-dom_media_moz.build patch-intl_unicharutil_util_moz.build patch-js_src_build_moz.build patch-media_libcubeb_src_cubeb__alsa.c patch-netwerk_dns_moz.build patch-toolkit_components_protobuf_src_google_protobuf_stubs_atomicops.h patch-toolkit_moz.configure Added Files: pkgsrc/www/firefox/patches: patch-config_system-headers.mozbuild patch-dom_media_flac_FlacDecoder.cpp patch-ipc_glue_MessageChannel.cpp patch-servo_components_style_properties_helpers_animated__properties.mako.rs patch-third__party_python_futures_concurrent_futures_process.py patch-toolkit_mozapps_installer_packager.mk Removed Files: pkgsrc/www/firefox/patches: patch-build_moz.configure_keyfiles.configure patch-config_Makefile.in patch-config_system-headers patch-ipc_chromium_src_base_process__util.h patch-media_libsoundtouch_src_cpu__detect__x86.cpp patch-servo_components_gfx_font.rs patch-servo_components_net__traits_response.rs patch-servo_components_net_fetch_cors__cache.rs patch-servo_components_net_fetch_methods.rs patch-servo_components_net_websocket__loader.rs patch-servo_components_script_dom_bindings_str.rs patch-servo_components_script_dom_blob.rs patch-servo_components_script_dom_cssstyledeclaration.rs patch-servo_components_script_dom_document.rs patch-servo_components_script_dom_element.rs patch-servo_components_script_dom_htmlelement.rs patch-servo_components_script_dom_htmllinkelement.rs patch-servo_components_script_dom_htmlmetaelement.rs patch-servo_components_script_dom_htmlscriptelement.rs patch-servo_components_script_dom_macros.rs patch-servo_components_script_dom_namednodemap.rs patch-servo_components_script_dom_serviceworkercontainer.rs patch-servo_components_script_dom_servoparser_async__html.rs patch-servo_components_script_dom_websocket.rs patch-servo_components_script_dom_window.rs patch-servo_components_script_dom_xmlhttprequest.rs patch-servo_components_selectors_attr.rs patch-servo_components_selectors_parser.rs patch-servo_components_style__traits_viewport.rs patch-servo_components_style_attr.rs patch-servo_components_style_counter__style_mod.rs patch-servo_components_style_custom__properties.rs patch-servo_components_style_gecko__string__cache_mod.rs patch-servo_components_style_gecko_generated_pseudo__element__definition.rs patch-servo_components_style_gecko_pseudo__element__definition.mako.rs patch-servo_components_style_properties_longhand_font.mako.rs patch-servo_components_style_properties_longhand_pointing.mako.rs patch-servo_components_style_servo_selector__parser.rs patch-servo_components_style_str.rs patch-servo_components_style_stylesheets_viewport__rule.rs patch-servo_components_style_values_mod.rs patch-servo_components_style_values_specified_align.rs patch-servo_components_style_values_specified_angle.rs patch-servo_components_style_values_specified_calc.rs patch-servo_components_style_values_specified_grid.rs patch-servo_components_style_values_specified_length.rs patch-servo_components_style_values_specified_mod.rs patch-servo_components_style_values_specified_percentage.rs patch-servo_components_style_values_specified_text.rs patch-servo_components_style_values_specified_time.rs patch-xpcom_reflect_xptcall_md_unix_Makefile.in Log Message: Update to 58.0 Changelog: New Performance improvements, including: Rendering graphics for Windows users by using Off-Main-Threa Painting (OMTP) Loading pages faster by changing how Firefox caches and retrieves JavaScript Improvements to Firefox Screenshots: Copy and paste screenshots directly to your clipboard Firefox Screenshots now works in Private Browsing mode Added Nepali (ne-NP) locale In case you missed it--57 Release privacy and performance feature: Users can enable Tracking Protection at all times. Learn how to turn Tracking Protection on. Fixed Fonts installed in non-standard directories will no longer appear blank for Linux users Various security fixes Changed User profiles created in Firefox 58 (and in future releases) are not supported in previous versions of Firefox. Users who downgrade to a previous version should create a new profile for that version. Learn about alternatives to downgrading on our support site. Added a warning to alert users and site owners of planned security changes to sites affected by the gradual distrust plan for the Symantec certificate authority #CVE-2018-5091: Use-after-free with DTMF timers #CVE-2018-5092: Use-after-free in Web Workers #CVE-2018-5093: Buffer overflow in WebAssembly during Memory/Table resizing #CVE-2018-5094: Buffer overflow in WebAssembly with garbage collection on uninitialized memory #CVE-2018-5095: Integer overflow in Skia library during edge builder allocation #CVE-2018-5097: Use-after-free when source document is manipulated during XSLT #CVE-2018-5098: Use-after-free while manipulating form input elements #CVE-2018-5099: Use-after-free with widget listener #CVE-2018-5100: Use-after-free when IsPotentiallyScrollable arguments are freed from memory #CVE-2018-5101: Use-after-free with floating first-letter style elements #CVE-2018-5102: Use-after-free in HTML media elements #CVE-2018-5103: Use-after-free during mouse event handling #CVE-2018-5104: Use-after-free during font face manipulation #CVE-2018-5105: WebExtensions can save and execute files on local file system without user prompts #CVE-2018-5106: Developer Tools can expose style editor information cross-origin through service worker #CVE-2018-5107: Printing process will follow symlinks for local file access #CVE-2018-5108: Manually entered blob URL can be accessed by subsequent private browsing tabs #CVE-2018-5109: Audio capture prompts and starts with incorrect origin attribution #CVE-2018-5110: Cursor can be made invisible on OS X #CVE-2018-5117: URL spoofing with right-to-left text aligned left-to-right #CVE-2018-5118: Activity Stream images can attempt to load local content through file: #CVE-2018-5119: Reader view will load cross-origin content in violation of CORS headers #CVE-2018-5121: OS X Tibetan characters render incompletely in the addressbar #CVE-2018-5122: Potential integer overflow in DoCrypt #CVE-2018-5090: Memory safety bugs fixed in Firefox 58 #CVE-2018-5089: Memory safety bugs fixed in Firefox 58 and Firefox ESR 52.6 To generate a diff of this commit: cvs rdiff -u -r1.317 -r1.318 pkgsrc/www/firefox/Makefile cvs rdiff -u -r1.125 -r1.126 pkgsrc/www/firefox/PLIST cvs rdiff -u -r1.305 -r1.306 pkgsrc/www/firefox/distinfo cvs rdiff -u -r1.103 -r1.104 pkgsrc/www/firefox/mozilla-common.mk cvs rdiff -u -r1.54 -r1.55 pkgsrc/www/firefox/patches/patch-aa cvs rdiff -u -r1.3 -r0 \ pkgsrc/www/firefox/patches/patch-build_moz.configure_keyfiles.configure \ pkgsrc/www/firefox/patches/patch-servo_components_script_dom_cssstyledeclaration.rs \ pkgsrc/www/firefox/patches/patch-servo_components_script_dom_document.rs \ pkgsrc/www/firefox/patches/patch-servo_components_script_dom_servoparser_async__html.rs \ pkgsrc/www/firefox/patches/patch-servo_components_script_dom_xmlhttprequest.rs \ pkgsrc/www/firefox/patches/patch-servo_components_selectors_parser.rs \ pkgsrc/www/firefox/patches/patch-xpcom_reflect_xptcall_md_unix_Makefile.in cvs rdiff -u -r1.11 -r0 pkgsrc/www/firefox/patches/patch-config_Makefile.in cvs rdiff -u -r1.25 -r0 \ pkgsrc/www/firefox/patches/patch-config_system-headers cvs rdiff -u -r0 -r1.1 \ pkgsrc/www/firefox/patches/patch-config_system-headers.mozbuild \ pkgsrc/www/firefox/patches/patch-dom_media_flac_FlacDecoder.cpp \ pkgsrc/www/firefox/patches/patch-ipc_glue_MessageChannel.cpp \ pkgsrc/www/firefox/patches/patch-servo_components_style_properties_helpers_animated__properties.mako.rs \ pkgsrc/www/firefox/patches/patch-toolkit_mozapps_installer_packager.mk cvs rdiff -u -r1.7 -r1.8 pkgsrc/www/firefox/patches/patch-dom_media_moz.build cvs rdiff -u -r1.6 -r1.7 \ pkgsrc/www/firefox/patches/patch-intl_unicharutil_util_moz.build \ pkgsrc/www/firefox/patches/patch-netwerk_dns_moz.build cvs rdiff -u -r1.6 -r0 \ pkgsrc/www/firefox/patches/patch-ipc_chromium_src_base_process__util.h cvs rdiff -u -r1.1 -r1.2 \ pkgsrc/www/firefox/patches/patch-js_src_build_moz.build cvs rdiff -u -r1.25 -r1.26 \ pkgsrc/www/firefox/patches/patch-media_libcubeb_src_cubeb__alsa.c cvs rdiff -u -r1.5 -r0 \ pkgsrc/www/firefox/patches/patch-media_libsoundtouch_src_cpu__detect__x86.cpp cvs rdiff -u -r1.1 -r0 \ pkgsrc/www/firefox/patches/patch-servo_components_gfx_font.rs \ pkgsrc/www/firefox/patches/patch-servo_components_net__traits_response.rs \ pkgsrc/www/firefox/patches/patch-servo_components_net_fetch_cors__cache.rs \ pkgsrc/www/firefox/patches/patch-servo_components_net_fetch_methods.rs \ pkgsrc/www/firefox/patches/patch-servo_components_net_websocket__loader.rs \ pkgsrc/www/firefox/patches/patch-servo_components_script_dom_bindings_str.rs \ pkgsrc/www/firefox/patches/patch-servo_components_script_dom_blob.rs \ pkgsrc/www/firefox/patches/patch-servo_components_script_dom_element.rs \ pkgsrc/www/firefox/patches/patch-servo_components_script_dom_htmlelement.rs \ pkgsrc/www/firefox/patches/patch-servo_components_script_dom_htmllinkelement.rs \ pkgsrc/www/firefox/patches/patch-servo_components_script_dom_htmlmetaelement.rs \ pkgsrc/www/firefox/patches/patch-servo_components_script_dom_htmlscriptelement.rs \ pkgsrc/www/firefox/patches/patch-servo_components_script_dom_macros.rs \ pkgsrc/www/firefox/patches/patch-servo_components_script_dom_namednodemap.rs \ pkgsrc/www/firefox/patches/patch-servo_components_script_dom_serviceworkercontainer.rs \ pkgsrc/www/firefox/patches/patch-servo_components_script_dom_websocket.rs \ pkgsrc/www/firefox/patches/patch-servo_components_script_dom_window.rs \ pkgsrc/www/firefox/patches/patch-servo_components_selectors_attr.rs \ pkgsrc/www/firefox/patches/patch-servo_components_style__traits_viewport.rs \ pkgsrc/www/firefox/patches/patch-servo_components_style_attr.rs \ pkgsrc/www/firefox/patches/patch-servo_components_style_counter__style_mod.rs \ pkgsrc/www/firefox/patches/patch-servo_components_style_custom__properties.rs \ pkgsrc/www/firefox/patches/patch-servo_components_style_gecko__string__cache_mod.rs \ pkgsrc/www/firefox/patches/patch-servo_components_style_gecko_generated_pseudo__element__definition.rs \ pkgsrc/www/firefox/patches/patch-servo_components_style_gecko_pseudo__element__definition.mako.rs \ pkgsrc/www/firefox/patches/patch-servo_components_style_properties_longhand_font.mako.rs \ pkgsrc/www/firefox/patches/patch-servo_components_style_properties_longhand_pointing.mako.rs \ pkgsrc/www/firefox/patches/patch-servo_components_style_servo_selector__parser.rs \ pkgsrc/www/firefox/patches/patch-servo_components_style_str.rs \ pkgsrc/www/firefox/patches/patch-servo_components_style_stylesheets_viewport__rule.rs \ pkgsrc/www/firefox/patches/patch-servo_components_style_values_mod.rs \ pkgsrc/www/firefox/patches/patch-servo_components_style_values_specified_align.rs \ pkgsrc/www/firefox/patches/patch-servo_components_style_values_specified_angle.rs \ pkgsrc/www/firefox/patches/patch-servo_components_style_values_specified_calc.rs \ pkgsrc/www/firefox/patches/patch-servo_components_style_values_specified_grid.rs \ pkgsrc/www/firefox/patches/patch-servo_components_style_values_specified_length.rs \ pkgsrc/www/firefox/patches/patch-servo_components_style_values_specified_mod.rs \ pkgsrc/www/firefox/patches/patch-servo_components_style_values_specified_percentage.rs \ pkgsrc/www/firefox/patches/patch-servo_components_style_values_specified_text.rs \ pkgsrc/www/firefox/patches/patch-servo_components_style_values_specified_time.rs cvs rdiff -u -r0 -r1.3 \ pkgsrc/www/firefox/patches/patch-third__party_python_futures_concurrent_futures_process.py cvs rdiff -u -r1.3 -r1.4 \ pkgsrc/www/firefox/patches/patch-toolkit_components_protobuf_src_google_protobuf_stubs_atomicops.h cvs rdiff -u -r1.8 -r1.9 \ pkgsrc/www/firefox/patches/patch-toolkit_moz.configure ------------------------------------------------------------------- Module Name: pkgsrc Committed By: ryoon Date: Wed Jan 24 16:54:05 UTC 2018 Modified Files: pkgsrc/www/firefox-l10n: Makefile PLIST distinfo Log Message: Update to 58.0 * Sync with www/firefox-58.0 * Add ne-NP locale To generate a diff of this commit: cvs rdiff -u -r1.118 -r1.119 pkgsrc/www/firefox-l10n/Makefile cvs rdiff -u -r1.57 -r1.58 pkgsrc/www/firefox-l10n/PLIST cvs rdiff -u -r1.109 -r1.110 pkgsrc/www/firefox-l10n/distinfo ------------------------------------------------------------------- Module Name: pkgsrc Committed By: ryoon Date: Mon Jan 29 15:22:54 UTC 2018 Modified Files: pkgsrc/www/firefox-l10n: Makefile PLIST Log Message: Previous revison does not work. Install xpi files instead. Bump PKGREVISION To generate a diff of this commit: cvs rdiff -u -r1.119 -r1.120 pkgsrc/www/firefox-l10n/Makefile cvs rdiff -u -r1.58 -r1.59 pkgsrc/www/firefox-l10n/PLIST @ text @d3 1 a3 1 --- netwerk/dns/moz.build.orig 2018-01-11 20:17:04.000000000 +0000 d5 3 a7 1 @@@@ -73,3 +73,6 @@@@ USE_LIBS += ['icu'] a8 3 if CONFIG['GNU_CXX']: CXXFLAGS += ['-Wno-error=shadow'] + d11 4 @ 1.6.12.2 log @Pullup ticket #5728 - requested by maya devel/nspr: dependency update devel/nss: dependency update www/firefox-l10n: dependent update www/firefox: security update Revisions pulled up: - devel/nspr/Makefile 1.94-1.95 - devel/nspr/distinfo 1.48-1.49 - devel/nspr/patches/patch-az deleted - devel/nspr/patches/patch-nspr_pr_include_md___pth.h 1.1 - devel/nspr/patches/patch-nspr_pr_src_pthreads_ptthread.c 1.1 - devel/nspr/patches/patch-nsprpub_pr_include_md__pth.h deleted - devel/nss/Makefile 1.146,1.148 - devel/nss/PLIST 1.24 - devel/nss/distinfo 1.81,1.83 - devel/nss/patches/patch-nss_lib_freebl_config.mk deleted - devel/nss/patches/patch-nss_lib_freebl_verified_kremlib.h deleted - www/firefox-l10n/Makefile 1.121-1.123 - www/firefox-l10n/distinfo 1.111-1.113 - www/firefox/Makefile 1.320-1.321,1.324 - www/firefox/PLIST 1.127 - www/firefox/distinfo 1.307-1.309 - www/firefox/mozilla-common.mk 1.105-1.106 - www/firefox/patches/patch-aa 1.56 - www/firefox/patches/patch-build_gyp.mozbuild 1.8 - www/firefox/patches/patch-build_moz.configure_keyfiles.configure 1.5 - www/firefox/patches/patch-build_moz.configure_memory.configure deleted - www/firefox/patches/patch-config_baseconfig.mk deleted - www/firefox/patches/patch-config_external_moz.build 1.17 - www/firefox/patches/patch-dom_media_moz.build 1.9 - www/firefox/patches/patch-gfx_skia_generate__mozbuild.py 1.8 - www/firefox/patches/patch-gfx_skia_moz.build 1.15 - www/firefox/patches/patch-gfx_thebes_moz.build 1.9 - www/firefox/patches/patch-media_libcubeb_gtest_moz.build 1.2 - www/firefox/patches/patch-media_libtheora_moz.build 1.8 - www/firefox/patches/patch-media_libvorbis_moz.build 1.4 - www/firefox/patches/patch-media_webrtc_trunk_webrtc_modules_audio__device_linux_audio__device__alsa__linux.cc 1.1 - www/firefox/patches/patch-modules_libpref_init_all.js 1.7 - www/firefox/patches/patch-modules_pdfium_update.sh 1.2 - www/firefox/patches/patch-netwerk_dns_moz.build 1.8 - www/firefox/patches/patch-netwerk_srtp_src_crypto_hash_hmac.c deleted - www/firefox/patches/patch-netwerk_srtp_src_crypto_kernel_crypto__kernel.c deleted - www/firefox/patches/patch-servo_components_style_properties_helpers_animated__properties.mako.rs deleted - www/firefox/patches/patch-third__party_rust_simd_.cargo-checksum.json 1.1 - www/firefox/patches/patch-third__party_rust_simd_src_x86_avx2.rs 1.1 - www/firefox/patches/patch-toolkit_crashreporter_google-breakpad_src_third_party_curl_curlbuild.h deleted - www/firefox/patches/patch-toolkit_moz.configure 1.10 - www/firefox/patches/patch-toolkit_xre_nsEmbedFunctions.cpp deleted - www/firefox/patches/patch-xpcom_build_BinaryPath.h 1.3-1.4 ------------------------------------------------------------------- Module Name: pkgsrc Committed By: ryoon Date: Wed Jan 24 16:21:43 UTC 2018 Modified Files: pkgsrc/devel/nspr: Makefile distinfo Added Files: pkgsrc/devel/nspr/patches: patch-nspr_pr_include_md___pth.h patch-nspr_pr_src_pthreads_ptthread.c Removed Files: pkgsrc/devel/nspr/patches: patch-az patch-nsprpub_pr_include_md__pth.h Log Message: Update to 4.18 Changelog: NSPR 4.18 contains the following changes: - removed HP-UX DCE threads support - improvements for the Windows implementation of PR_SetCurrentThreadName - fixes for the Windows implementation of TCP Fast Open To generate a diff of this commit: cvs rdiff -u -r1.93 -r1.94 pkgsrc/devel/nspr/Makefile cvs rdiff -u -r1.47 -r1.48 pkgsrc/devel/nspr/distinfo cvs rdiff -u -r1.4 -r0 pkgsrc/devel/nspr/patches/patch-az cvs rdiff -u -r0 -r1.1 \ pkgsrc/devel/nspr/patches/patch-nspr_pr_include_md___pth.h \ pkgsrc/devel/nspr/patches/patch-nspr_pr_src_pthreads_ptthread.c cvs rdiff -u -r1.3 -r0 \ pkgsrc/devel/nspr/patches/patch-nsprpub_pr_include_md__pth.h ------------------------------------------------------------------- Module Name: pkgsrc Committed By: ryoon Date: Sat Mar 17 01:06:18 UTC 2018 Modified Files: pkgsrc/devel/nspr: Makefile distinfo Log Message: Update to 4.29 Changelog: NSPR 4.19 contains the following changes: - changed order of shutdown cleanup to avoid a crash on Mac OSX - build compatibility with Android NDK r16 and glibc 2.26 To generate a diff of this commit: cvs rdiff -u -r1.94 -r1.95 pkgsrc/devel/nspr/Makefile cvs rdiff -u -r1.48 -r1.49 pkgsrc/devel/nspr/distinfo ------------------------------------------------------------------- Module Name: pkgsrc Committed By: ryoon Date: Wed Jan 24 16:23:52 UTC 2018 Modified Files: pkgsrc/devel/nss: Makefile distinfo Removed Files: pkgsrc/devel/nss/patches: patch-nss_lib_freebl_config.mk patch-nss_lib_freebl_verified_kremlib.h Log Message: Update to 3.35 Changelog: The NSS team has released Network Security Services (NSS) 3.35, which is a minor release. Summary of the major changes included in this release: - The default database storage format has been changed to SQL, using filenames cert9.db, key4.db, pkcs11.txt. - TLS 1.3 support has been updated to draft -23, along with additional significant changes. - Support for TLS compression was removed. - Added formally verified implementations of non-vectorized Chacha20 and non-vectorized Poly1305 64-bit. - When creating encrypted PKCS#7 or PKCS#12 data, NSS uses a higher iteration count for stronger security. - The CA trust list was updated to version 2.22. To generate a diff of this commit: cvs rdiff -u -r1.145 -r1.146 pkgsrc/devel/nss/Makefile cvs rdiff -u -r1.80 -r1.81 pkgsrc/devel/nss/distinfo cvs rdiff -u -r1.2 -r0 \ pkgsrc/devel/nss/patches/patch-nss_lib_freebl_config.mk cvs rdiff -u -r1.1 -r0 \ pkgsrc/devel/nss/patches/patch-nss_lib_freebl_verified_kremlib.h ------------------------------------------------------------------- Module Name: pkgsrc Committed By: ryoon Date: Sat Mar 17 01:07:15 UTC 2018 Modified Files: pkgsrc/devel/nss: Makefile PLIST distinfo Log Message: Update to 3.36 * Require devel/nspr-4.19 Changelog: The NSS team has released Network Security Services (NSS) 3.36, which is a minor release. Summary of the major changes included in this release: - Replaced existing vectorized ChaCha20 code with verified HACL* implementation. - Experimental APIs for TLS session cache handling. To generate a diff of this commit: cvs rdiff -u -r1.147 -r1.148 pkgsrc/devel/nss/Makefile cvs rdiff -u -r1.23 -r1.24 pkgsrc/devel/nss/PLIST cvs rdiff -u -r1.82 -r1.83 pkgsrc/devel/nss/distinfo ------------------------------------------------------------------- Module Name: pkgsrc Committed By: ryoon Date: Wed Jan 31 14:02:18 UTC 2018 Modified Files: pkgsrc/www/firefox: Makefile distinfo Added Files: pkgsrc/www/firefox/patches: patch-xpcom_build_BinaryPath.h Log Message: Update to 58.0.1 * Fix build under netbsd-7, PR pkg/52956 Changelog: Fix Mozilla Foundation Security Advisory 2018-05: Arbitrary code execution through unsanitized browser UI When using certain non-default security policies on Windows (for example with Windows Defender Exploit Protection or Webroot security products), Firefox 58.0 would fail to load pages (bug 1433065). To generate a diff of this commit: cvs rdiff -u -r1.319 -r1.320 pkgsrc/www/firefox/Makefile cvs rdiff -u -r1.306 -r1.307 pkgsrc/www/firefox/distinfo cvs rdiff -u -r0 -r1.3 \ pkgsrc/www/firefox/patches/patch-xpcom_build_BinaryPath.h ------------------------------------------------------------------- Module Name: pkgsrc Committed By: ryoon Date: Sat Feb 10 07:02:47 UTC 2018 Modified Files: pkgsrc/www/firefox: Makefile distinfo mozilla-common.mk pkgsrc/www/firefox/patches: patch-xpcom_build_BinaryPath.h Log Message: Update to 58.0.2 * Fix segfault on netbsd-7 Changelog: Fix Avoid a signature validation issue during update on macOS Blocklisted graphics drivers related to off main thread painting crashes Tab crash during printing Fix clicking links and scrolling emails on Microsoft Hotmail and Outlook (OWA) webmail To generate a diff of this commit: cvs rdiff -u -r1.320 -r1.321 pkgsrc/www/firefox/Makefile cvs rdiff -u -r1.307 -r1.308 pkgsrc/www/firefox/distinfo cvs rdiff -u -r1.104 -r1.105 pkgsrc/www/firefox/mozilla-common.mk cvs rdiff -u -r1.3 -r1.4 \ pkgsrc/www/firefox/patches/patch-xpcom_build_BinaryPath.h ------------------------------------------------------------------- Module Name: pkgsrc Committed By: ryoon Date: Sat Mar 17 00:59:03 UTC 2018 Modified Files: pkgsrc/www/firefox: Makefile PLIST distinfo mozilla-common.mk pkgsrc/www/firefox/patches: patch-aa patch-build_gyp.mozbuild patch-config_external_moz.build patch-dom_media_moz.build patch-gfx_skia_generate__mozbuild.py patch-gfx_skia_moz.build patch-gfx_thebes_moz.build patch-media_libcubeb_gtest_moz.build patch-media_libtheora_moz.build patch-media_libvorbis_moz.build patch-modules_pdfium_update.sh patch-netwerk_dns_moz.build patch-toolkit_moz.configure Added Files: pkgsrc/www/firefox/patches: patch-build_moz.configure_keyfiles.configure patch-media_webrtc_trunk_webrtc_modules_audio__device_linux_audio__device__alsa__linux.cc patch-modules_libpref_init_all.js patch-third__party_rust_simd_.cargo-checksum.json patch-third__party_rust_simd_src_x86_avx2.rs Removed Files: pkgsrc/www/firefox/patches: patch-build_moz.configure_memory.configure patch-config_baseconfig.mk patch-netwerk_srtp_src_crypto_hash_hmac.c patch-netwerk_srtp_src_crypto_kernel_crypto__kernel.c patch-servo_components_style_properties_helpers_animated__properties.mako.rs patch-toolkit_crashreporter_google-breakpad_src_third_party_curl_curlbuild.h patch-toolkit_xre_nsEmbedFunctions.cpp Log Message: Update to 59.0.1 Changelog: 59.0.1 Security fix #CVE-2018-5146: Out of bounds memory write in libvorbis 59.0 New Performance enhancements: - Faster load times for content on the Firefox Home page - Faster page load times by loading either from the networked cache or the cache on the user's hard drive (Race Cache With Network) - Improved graphics rendering using Off-Main-Thread Painting (OMTP) for Mac users (OMTP for Windows was released in Firefox 58) Drag-and-drop to rearrange Top Sites on the Firefox Home page, and customize new windows and tabs in other ways Added features for Firefox Screenshots: - Basic annotation lets the user draw on and highlight saved screenshots - Recropping to change the viewable area of saved screenshots Enhanced WebExtensions API including better support for decentralized protocols and the ability to dynamically register content scripts Improved Real-Time Communications (RTC) capabilities. - Implemented RTP Transceiver to give pages more fine grained control over calls - Implemented features to support large scale conferences Added support for W3C specs for pointer events and improved platform integration with added device support for mouse, pen, and touch screen pointer input Added the Ecosia search engine as an option for German Firefox Added the Qwant search engine as an option for French Firefox Added settings in about:preferences to stop websites from asking to send notifications or access your device's camera, microphone, and location, while still allowing trusted websites to use these features Fixed Various security fixes Changed Firefox Private Browsing Mode will remove path information from referrers to prevent cross-site tracking Security fixes: #CVE-2018-5127: Buffer overflow manipulating SVG animatedPathSegList #CVE-2018-5128: Use-after-free manipulating editor selection ranges #CVE-2018-5129: Out-of-bounds write with malformed IPC messages #CVE-2018-5130: Mismatched RTP payload type can trigger memory corruption #CVE-2018-5131: Fetch API improperly returns cached copies of no-store/no-cache resources #CVE-2018-5132: WebExtension Find API can search privileged pages #CVE-2018-5133: Value of the app.support.baseURL preference is not properly sanitized #CVE-2018-5134: WebExtensions may use view-source: URLs to bypass content restrictions #CVE-2018-5135: WebExtension browserAction can inject scripts into unintended contexts #CVE-2018-5136: Same-origin policy violation with data: URL shared workers #CVE-2018-5137: Script content can access legacy extension non-contentaccessible resources #CVE-2018-5138: Android Custom Tab address spoofing through long domain names #CVE-2018-5140: Moz-icon images accessible to web content through moz-icon: protocol #CVE-2018-5141: DOS attack through notifications Push API #CVE-2018-5142: Media Capture and Streams API permissions display incorrect origin with data: and blob: URLs #CVE-2018-5143: Self-XSS pasting javascript: URL with embedded tab into addressbar #CVE-2018-5126: Memory safety bugs fixed in Firefox 59 #CVE-2018-5125: Memory safety bugs fixed in Firefox 59 and Firefox ESR 52.7 To generate a diff of this commit: cvs rdiff -u -r1.323 -r1.324 pkgsrc/www/firefox/Makefile cvs rdiff -u -r1.126 -r1.127 pkgsrc/www/firefox/PLIST cvs rdiff -u -r1.308 -r1.309 pkgsrc/www/firefox/distinfo cvs rdiff -u -r1.105 -r1.106 pkgsrc/www/firefox/mozilla-common.mk cvs rdiff -u -r1.55 -r1.56 pkgsrc/www/firefox/patches/patch-aa cvs rdiff -u -r1.7 -r1.8 pkgsrc/www/firefox/patches/patch-build_gyp.mozbuild \ pkgsrc/www/firefox/patches/patch-gfx_skia_generate__mozbuild.py \ pkgsrc/www/firefox/patches/patch-media_libtheora_moz.build \ pkgsrc/www/firefox/patches/patch-netwerk_dns_moz.build cvs rdiff -u -r0 -r1.5 \ pkgsrc/www/firefox/patches/patch-build_moz.configure_keyfiles.configure cvs rdiff -u -r1.2 -r0 \ pkgsrc/www/firefox/patches/patch-build_moz.configure_memory.configure \ pkgsrc/www/firefox/patches/patch-toolkit_crashreporter_google-breakpad_src_third_party_curl_curlbuild.h cvs rdiff -u -r1.10 -r0 pkgsrc/www/firefox/patches/patch-config_baseconfig.mk cvs rdiff -u -r1.16 -r1.17 \ pkgsrc/www/firefox/patches/patch-config_external_moz.build cvs rdiff -u -r1.8 -r1.9 pkgsrc/www/firefox/patches/patch-dom_media_moz.build \ pkgsrc/www/firefox/patches/patch-gfx_thebes_moz.build cvs rdiff -u -r1.14 -r1.15 \ pkgsrc/www/firefox/patches/patch-gfx_skia_moz.build cvs rdiff -u -r1.1 -r1.2 \ pkgsrc/www/firefox/patches/patch-media_libcubeb_gtest_moz.build \ pkgsrc/www/firefox/patches/patch-modules_pdfium_update.sh cvs rdiff -u -r1.3 -r1.4 \ pkgsrc/www/firefox/patches/patch-media_libvorbis_moz.build cvs rdiff -u -r0 -r1.1 \ pkgsrc/www/firefox/patches/patch-media_webrtc_trunk_webrtc_modules_audio__device_linux_audio__device__alsa__linux.cc \ pkgsrc/www/firefox/patches/patch-third__party_rust_simd_.cargo-checksum.json \ pkgsrc/www/firefox/patches/patch-third__party_rust_simd_src_x86_avx2.rs cvs rdiff -u -r0 -r1.7 \ pkgsrc/www/firefox/patches/patch-modules_libpref_init_all.js cvs rdiff -u -r1.4 -r0 \ pkgsrc/www/firefox/patches/patch-netwerk_srtp_src_crypto_hash_hmac.c cvs rdiff -u -r1.3 -r0 \ pkgsrc/www/firefox/patches/patch-netwerk_srtp_src_crypto_kernel_crypto__kernel.c cvs rdiff -u -r1.1 -r0 \ pkgsrc/www/firefox/patches/patch-servo_components_style_properties_helpers_animated__properties.mako.rs cvs rdiff -u -r1.9 -r1.10 \ pkgsrc/www/firefox/patches/patch-toolkit_moz.configure cvs rdiff -u -r1.7 -r0 \ pkgsrc/www/firefox/patches/patch-toolkit_xre_nsEmbedFunctions.cpp ------------------------------------------------------------------- Module Name: pkgsrc Committed By: ryoon Date: Wed Jan 31 14:03:25 UTC 2018 Modified Files: pkgsrc/www/firefox-l10n: Makefile distinfo Log Message: Update to 58.0.1 * Sync with www/firefox-58.0.1 To generate a diff of this commit: cvs rdiff -u -r1.120 -r1.121 pkgsrc/www/firefox-l10n/Makefile cvs rdiff -u -r1.110 -r1.111 pkgsrc/www/firefox-l10n/distinfo ------------------------------------------------------------------- Module Name: pkgsrc Committed By: ryoon Date: Sat Feb 10 07:05:20 UTC 2018 Modified Files: pkgsrc/www/firefox-l10n: Makefile distinfo Log Message: Update to 58.0.2 * Sync with www/firefox-58.0.2 To generate a diff of this commit: cvs rdiff -u -r1.121 -r1.122 pkgsrc/www/firefox-l10n/Makefile cvs rdiff -u -r1.111 -r1.112 pkgsrc/www/firefox-l10n/distinfo ------------------------------------------------------------------- Module Name: pkgsrc Committed By: ryoon Date: Sat Mar 17 01:00:20 UTC 2018 Modified Files: pkgsrc/www/firefox-l10n: Makefile distinfo Log Message: Update to 59.0.1 * Sync with www/firefox-59.0.1 To generate a diff of this commit: cvs rdiff -u -r1.122 -r1.123 pkgsrc/www/firefox-l10n/Makefile cvs rdiff -u -r1.112 -r1.113 pkgsrc/www/firefox-l10n/distinfo @ text @d1 1 a1 1 $NetBSD: patch-netwerk_dns_moz.build,v 1.6.12.1 2018/03/09 07:17:30 spz Exp $ d3 1 a3 1 --- netwerk/dns/moz.build.orig 2018-03-10 02:54:17.000000000 +0000 d7 1 a7 1 if CONFIG['CC_TYPE'] in ('clang', 'gcc'): @ 1.5 log @Update to 47.0 * Remove macOS patches, because I cannot confirm them sadly Changelog: New Support for Google’s Widevine CDM on Windows and Mac OS X so streaming services like Amazon Video can switch from Silverlight to encrypted HTML5 video. Enable VP9 video codec for users with fast machines Embedded YouTube videos now play with HTML5 video if Flash is not installed. View and search open tabs from your smartphone or another computer in a sidebar Allow no-cache on back/forward navigations for https resources Latgalu [ltg] locale added. Wikipedia tells us there are 164,500 daily speakers. Fixed Various security fixes Changed FUEL (Firefox User Extension Library) has been removed. Add-ons relying on it will stop working. The browser.sessionstore.restore_on_demand preference has been reset to its default value (true) to avoid e10s performance problems. Because faster is better! The Firefox click-to-activate plugin whitelist has been removed. XRender is no longer used for rendering web content on Linux as this may cause a regression in remote X performance Developer Web platform changes View, start,and debug registered Service Workers in the Service Workers developer tool Simulate Push messages in the Service Workers developer tool 'Start' button for service workers in about:debugging to start registered Service Workers Changes that can affect add-on compatibility Added support for ChaCha20/Poly1305 cipher suites Custom user agents supported in Responsive Design Mode Smart multi-line input in the Web Console Developer Information HTML5 cuechange events are now available on TextTrack objects WebCrypto: PBKDF2 supports SHA-2 hash algorithms WebCrypto: RSA-PSS signature support Fixed in Firefox 47 2016-61 Network Security Services (NSS) vulnerabilities 2016-60 Java applets bypass CSP protections 2016-59 Information disclosure of disabled plugins through CSS pseudo-classes 2016-58 Entering fullscreen and persistent pointerlock without user permission 2016-57 Incorrect icon displayed on permissions notifications 2016-56 Use-after-free when textures are used in WebGL operations after recycle pool destruction 2016-55 File overwrite and privilege escalation through Mozilla Windows updater 2016-54 Partial same-origin-policy through setting location.host through data URI 2016-53 Out-of-bounds write with WebGL shader 2016-52 Addressbar spoofing though the SELECT element 2016-51 Use-after-free deleting tables from a contenteditable document 2016-50 Buffer overflow parsing HTML5 fragments 2016-49 Miscellaneous memory safety hazards (rv:47.0 / rv:45.2) @ text @d1 1 a1 1 $NetBSD: patch-netwerk_dns_moz.build,v 1.4 2016/03/08 21:32:52 ryoon Exp $ d3 1 a3 1 --- netwerk/dns/moz.build.orig 2016-02-25 23:02:18.000000000 +0000 d9 1 a9 1 +if CONFIG['MOZ_NATIVE_HARFBUZZ']: d12 3 a14 3 if CONFIG['MOZ_WIDGET_TOOLKIT'] == 'gonk' and CONFIG['ANDROID_VERSION'] > '19': LOCAL_INCLUDES += ['%' + '%s/bionic/libc/dns/include' % CONFIG['ANDROID_SOURCE']] @ 1.4 log @Update to 45.0 Changelog: New Instant browser tab sharing through Hello Tabs synced via Firefox Accounts from other devices are now shown in dropdown area of Awesome Bar when searching Synced Tabs button in button bar Introduce a new preference (network.dns.blockDotOnion) to allow blocking .onion at the DNS level Guarani [gn] locale added Fixed URLs containing a Unicode-format Internationalized Domain Name (IDN) are now properly redirected Various security fixes Fixed in Firefox 45 2016-37 Font vulnerabilities in the Graphite 2 library 2016-36 Use-after-free during processing of DER encoded keys in NSS 2016-35 Buffer overflow during ASN.1 decoding in NSS 2016-34 Out-of-bounds read in HTML parser following a failed allocation 2016-33 Use-after-free in GetStaticInstance in WebRTC 2016-32 WebRTC and LibVPX vulnerabilities found through code inspection 2016-31 Memory corruption with malicious NPAPI plugin 2016-30 Buffer overflow in Brotli decompression 2016-29 Same-origin policy violation using perfomance.getEntries and history navigation with session restore 2016-28 Addressbar spoofing though history navigation and Location protocol property 2016-27 Use-after-free during XML transformations 2016-26 Memory corruption when modifying a file being read by FileReader 2016-25 Use-after-free when using multiple WebRTC data channels 2016-24 Use-after-free in SetBody 2016-23 Use-after-free in HTML5 string parser 2016-22 Service Worker Manager out-of-bounds read in Service Worker Manager 2016-21 Displayed page address can be overridden 2016-20 Memory leak in libstagefright when deleting an array during MP4 processing 2016-19 Linux video memory DOS with Intel drivers 2016-18 CSP reports fail to strip location information for embedded iframe pages 2016-17 Local file overwriting and potential privilege escalation through CSP reports 2016-16 Miscellaneous memory safety hazards (rv:45.0 / rv:38.7) @ text @d1 1 a1 1 $NetBSD: patch-netwerk_dns_moz.build,v 1.3 2016/01/27 00:08:26 ryoon Exp $ @ 1.3 log @Update to 44.0 Changelog: New Improved warning pages for certificate errors and untrusted connections Enable H.264 if system decoder is available Enable WebM/VP9 video support on systems that don't support MP4/H.264 In the animation-inspector timeline, lightning bolt icon next to animations running on the compositor thread Support the brotli compression format via HTTPS content-encoding Screenshot commands allow user choice of pixel ratio in Developer Tools Fixed Windows XP and Vista screensaver doesn't disable when watching videos (Bug 1193610) Various security fixes Changed To support unicode-range descriptor for webfonts, font matching under Linux now uses the same font matching code as other platforms Use a SHA-256 signing certificate for Windows builds, to meet new signing requirements Firefox has removed support for the RC4 decipher Firefox will no longer trust the Equifax Secure Certificate Authority 1024-bit root certificate or the UTN - DATACorp SGC to validate secure website certificates Stricter validation of web fonts On-screen keyboard support temporarily turned off for Windows 8 and Windows 8.1 Developer Right click on a logged object in the console to store it as a global variable on the page Visual tools for Animation: View/Edit CSS animation keyframe rules directly in the inspector Visually modify the cubic-bezier curve that drives the way animations progress through time Discover and scrub through all CSS animations and transitions playing on the page Learn more: http://devtoolschallenger.com/ Visual tools for Layout and Styles: Display rulers along the viewport to verify size and position and use the measurement tool to easily detect spacing and alignment problems Use CSS filters to preview and create real-time effects like drop-shadows, sepia, etc Learn more: http://devtoolschallenger.com/ New memory tool for inspecting the memory heap Service Workers API Built-in JSON reader to intuitively view, search, copy and save data without extensions Jump to function definitions in the debugger with Cmd-Click WebSocket Debugging API and add-on The rule view now displays styles using their authored text, and edits in the rule view are now linked to the style editor Security bugs: Fixed in Firefox 44 2016-12 Lightweight themes on Firefox for Android do not verify a secure connection 2016-11 Application Reputation service disabled in Firefox 43 2016-10 Unsafe memory manipulation found through code inspection 2016-09 Addressbar spoofing attacks 2016-08 Delay following click events in file download dialog too short on OS X 2016-07 Errors in mp_div and mp_exptmod cryptographic functions in NSS 2016-06 Missing delay following user click events in protocol handler dialog 2016-05 Addressbar spoofing through stored data url shortcuts on Firefox for Android 2016-04 Firefox allows for control characters to be set in cookie names 2016-03 Buffer overflow in WebGL after out of memory allocation 2016-02 Out of Memory crash when parsing GIF format images 2016-01 Miscellaneous memory safety hazards (rv:44.0 / rv:38.6) @ text @d1 1 a1 1 $NetBSD: patch-netwerk_dns_moz.build,v 1.2 2015/05/12 22:48:54 ryoon Exp $ d3 1 a3 1 --- netwerk/dns/moz.build.orig 2016-01-15 01:01:54.000000000 +0000 d13 1 a13 1 CXXFLAGS += ['-I%s/bionic/libc/dns/include' % CONFIG['ANDROID_SOURCE']] @ 1.2 log @Update to 38.0 Changelog: New New tab-based preferences New Ruby annotation support New Base for the next ESR release. Changed autocomplete=off is no longer supported for username/password fields Changed URL parser avoids doing percent encoding when setting the Fragment part of the URL, and percent decoding when getting the Fragment in line with the URL spec Changed RegExp.prototype.source now returns "(?:)" instead of the empty string for empty regular expressions Changed Improved page load times via speculative connection warmup HTML5 WebSocket now available in Web Workers HTML5 BroadcastChannel API implemented HTML5 Implemented srcset attribute and element for responsive images HTML5 Implemented DOM3 Events KeyboardEvent.code HTML5 Mac OS X: Implemented a subset of the Media Source Extensions (MSE) API to allow native HTML5 playback on YouTube HTML5 Implemented Encrypted Media Extensions (EME) API to support encrypted HTML5 video/audio playback (Windows Vista or later only) HTML5 Automatically download Adobe Primetime Content Decryption Module (CDM) for DRM playback through EME (Windows Vista or later only) Developer Optimized-out variables are now visible in Debugger UI Developer XMLHttpRequest logs in the web console are now visually labelled and can be filtered separately from regular network requests Developer WebRTC now has multistream and renegotiation support Developer copy command added to console Fixed Various security fixes Fixed in Firefox 38 2015-58 Mozilla Windows updater can be run outside of application directory 2015-57 Privilege escalation through IPC channel messages 2015-56 Untrusted site hosting trusted page can intercept webchannel responses 2015-55 Buffer overflow and out-of-bounds read while parsing MP4 video metadata 2015-54 Buffer overflow when parsing compressed XML 2015-53 Use-after-free due to Media Decoder Thread creation during shutdown 2015-52 Sensitive URL encoded information written to Android logcat 2015-51 Use-after-free during text processing with vertical text enabled 2015-50 Out-of-bounds read and write in asm.js validation 2015-49 Referrer policy ignored when links opened by middle-click and context menu 2015-48 Buffer overflow with SVG content and CSS 2015-47 Buffer overflow parsing H.264 video with Linux Gstreamer 2015-46 Miscellaneous memory safety hazards (rv:38.0 / rv:31.7) @ text @d1 1 a1 1 $NetBSD: patch-netwerk_dns_moz.build,v 1.1 2014/12/01 18:11:14 ryoon Exp $ d3 1 a3 1 --- netwerk/dns/moz.build.orig 2015-05-04 00:43:34.000000000 +0000 d5 1 a5 1 @@@@ -68,5 +68,8 @@@@ LOCAL_INCLUDES += [ d14 1 @ 1.1 log @Update to 34.0.5 Changelog: New Default search engine changed to Yahoo! for North America New Default search engine changed to Yandex for Belarusian, Kazakh, and Russian locales New Improved search bar (en-US only) New Firefox Hello real-time communication client New Easily switch themes/personas directly in the Customizing mode New Wikipedia search now uses HTTPS for secure searching (en-US only) New Implementation of HTTP/2 (draft14) and ALPN New Recover from a locked Firefox process in the "Firefox is already running" dialog on Windows Changed Disabled SSLv3 Changed Proprietary window.crypto properties/functions re-enabled (to be removed in Firefox 35) Changed Firefox signed by Apple OS X version 2 signature HTML5 ECMAScript 6 WeakSet Implemented HTML5 JavaScript Template Strings Implemented HTML5 CSS3 Font variants and features control (e.g. kerning) implemented HTML5 WebCrypto: RSA-OAEP, PBKDF2 and AES-KW support HTML5 WebCrypto: wrapKey and unwrapKey implemented HTML5 WebCrypto: Import/export of JWK-formatted keys HTML5 matches() DOM API implemented (formerly mozMatchesSelector()) HTML5 Performance.now() for workers implemented HTML5 WebCrypto: ECDH support Developer WebIDE: Create, edit, and test a new Web application from your browser Developer Highlight all nodes that match a given selector in the Style Editor and the Inspector's Rules panel Developer Improved User Interface of the Profiler Developer console.table function added to web console Fixed CSS transitions start correctly when started at the same time as changes to display, position, overflow, and similar properties Fixed Various security fixes 2014-89 Bad casting from the BasicThebesLayer to BasicContainerLayer 2014-88 Buffer overflow while parsing media content 2014-87 Use-after-free during HTML5 parsing 2014-86 CSP leaks redirect data via violation reports 2014-85 XMLHttpRequest crashes with some input streams 2014-84 XBL bindings accessible via improper CSS declarations 2014-83 Miscellaneous memory safety hazards (rv:34.0 / rv:31.3) @ text @d1 1 a1 1 $NetBSD$ d3 1 a3 1 --- netwerk/dns/moz.build.orig 2014-11-21 03:37:46.000000000 +0000 d5 2 a6 3 @@@@ -63,3 +63,6 @@@@ GENERATED_FILES = [ LOCAL_INCLUDES += [ '../base/src', d8 1 a8 1 + d11 3 @