head 1.8; access; symbols pkgsrc-2023Q4:1.7.0.6 pkgsrc-2023Q4-base:1.7 pkgsrc-2023Q3:1.7.0.4 pkgsrc-2023Q3-base:1.7 pkgsrc-2023Q2:1.7.0.2 pkgsrc-2023Q2-base:1.7 pkgsrc-2019Q2:1.4.0.2 pkgsrc-2019Q2-base:1.4 pkgsrc-2019Q1:1.3.0.2 pkgsrc-2019Q1-base:1.3 pkgsrc-2018Q4:1.1.0.30 pkgsrc-2018Q4-base:1.1 pkgsrc-2018Q3:1.1.0.28 pkgsrc-2018Q3-base:1.1 pkgsrc-2018Q2:1.1.0.26 pkgsrc-2018Q2-base:1.1 pkgsrc-2018Q1:1.1.0.24 pkgsrc-2018Q1-base:1.1 pkgsrc-2017Q4:1.1.0.22 pkgsrc-2017Q4-base:1.1 pkgsrc-2017Q3:1.1.0.20 pkgsrc-2017Q3-base:1.1 pkgsrc-2017Q2:1.1.0.16 pkgsrc-2017Q2-base:1.1 pkgsrc-2017Q1:1.1.0.14 pkgsrc-2017Q1-base:1.1 pkgsrc-2016Q4:1.1.0.12 pkgsrc-2016Q4-base:1.1 pkgsrc-2016Q3:1.1.0.10 pkgsrc-2016Q3-base:1.1 pkgsrc-2016Q2:1.1.0.8 pkgsrc-2016Q2-base:1.1 pkgsrc-2016Q1:1.1.0.6 pkgsrc-2016Q1-base:1.1 pkgsrc-2015Q4:1.1.0.4 pkgsrc-2015Q4-base:1.1 pkgsrc-2015Q3:1.1.0.2 pkgsrc-2015Q3-base:1.1; locks; strict; comment @// @; 1.8 date 2024.01.31.15.54.52; author ryoon; state dead; branches; next 1.7; commitid Xm1ju1GZSWmNlCWE; 1.7 date 2023.06.14.16.22.18; author ryoon; state Exp; branches; next 1.6; commitid adeI2K7tyj3zVVsE; 1.6 date 2023.06.04.09.26.35; author ryoon; state Exp; branches; next 1.5; commitid Ch6cdqZaSEfLWBrE; 1.5 date 2019.09.06.03.00.24; author ryoon; state dead; branches; next 1.4; commitid uhThjAhmbBZzKTBB; 1.4 date 2019.06.04.00.23.11; author maya; state Exp; branches; next 1.3; commitid 9ew5YybEF4jVTNpB; 1.3 date 2019.03.19.16.11.28; author ryoon; state Exp; branches; next 1.2; commitid bdw7MgHtCcmRCZfB; 1.2 date 2019.01.29.16.28.22; author ryoon; state Exp; branches; next 1.1; commitid 6ZD5e5dNV9phiH9B; 1.1 date 2015.07.05.11.55.06; author martin; state Exp; branches; next ; commitid tj1BmQp8eCDbH5sy; desc @@ 1.8 log @firefox: Update to 122.0 CHangelog: 122.0: New * Firefox now displays images and descriptions for search suggestions when provided by the search engine. * The translations feature received an improvement in the quality of translated webpages. The results should be much more stable. This fixes issues where the content of a page could disappear when translated, or interactive widgets could break. * Firefox now supports creating and using passkeys stored in the iCloud Keychain on macOS. * MDN Web Docs article suggestions from Firefox Suggest will be available in the address bar for users searching for web development-related information. * The line breaking rules of Web content now match the Unicode Standard. This improves Web Browser compatibility for line breaking. An additional improvement for East Asian and South East Asian end users, Firefox now supports proper language-aware word selection when double-clicking on text for languages including Chinese, Japanese, Burmese, Lao, Khmer, and Thai. * Firefox now ships with a new .deb package for Linux users on Ubuntu, Debian, and Linux Mint. Fixed * Various security fixes. Security fixes: Mozilla Foundation Security Advisory 2024-01 #CVE-2024-0741: Out of bounds write in ANGLE #CVE-2024-0742: Failure to update user input timestamp #CVE-2024-0743: Crash in NSS TLS method #CVE-2024-0744: Wild pointer dereference in JavaScript #CVE-2024-0745: Stack buffer overflow in WebAudio #CVE-2024-0746: Crash when listing printers on Linux #CVE-2024-0747: Bypass of Content Security Policy when directive unsafe-inline was set #CVE-2024-0748: Compromised content process could modify document URI #CVE-2024-0749: Phishing site popup could show local origin in address bar #CVE-2024-0750: Potential permissions request bypass via clickjacking #CVE-2024-0751: Privilege escalation through devtools #CVE-2024-0752: Use-after-free could occur when applying update on macOS #CVE-2024-0753: HSTS policy on subdomain could bypass policy of upper domain #CVE-2024-0754: Crash when using some WASM files in devtools #CVE-2024-0755: Memory safety bugs fixed in Firefox 122, Firefox ESR 115.7, and Thunderbird 115.7 @ text @$NetBSD: patch-toolkit_xre_glxtest.cpp,v 1.7 2023/06/14 16:22:18 ryoon Exp $ * Do not test Linux-specific entry for non-Linux. --- toolkit/xre/glxtest/glxtest.cpp.orig 2023-05-25 21:19:41.000000000 +0000 +++ toolkit/xre/glxtest/glxtest.cpp @@@@ -195,11 +195,15 @@@@ extern "C" { static void get_pci_status() { log("GLX_TEST: get_pci_status start\n"); +#if defined(__linux__) if (access("/sys/bus/pci/", F_OK) != 0 && access("/sys/bus/pci_express/", F_OK) != 0) { record_warning("cannot access /sys/bus/pci"); return; } +#else + return; +#endif void* libpci = dlopen("libpci.so.3", RTLD_LAZY); if (!libpci) { @ 1.7 log @firefox: Update to 114.0.1 * mprotect support for firefox and firefox-bin is insufficient now. Changelog: 114.0.1 Fixed * Fix a startup crash (bug 1837201). 114.0 New * Added UI to manage the DNS over HTTPS exception list. * Bookmarks can now be searched from the Bookmarks menu. The Bookmarks menu is accessible by adding the Bookmarks menu button to the toolbar. * Restrict searches to your local browsing history by selecting Search history from the History, Library or Application menu buttons. * Mac users can now capture video from their cameras in all supported native resolutions. This enables resolutions higher than 1280x720. * It is now possible to reorder the extensions listed in the extensions panel. * Users on macOS, Linux, and Windows 7 can now use FIDO2 / WebAuthn authenticators over USB. Some advanced features, such as fully passwordless logins, require a PIN to be set on the authenticator. * Pocket Recommended content can now be seen in France, Italy, and Spain. Fixed * Various security fixes. Changed * DNS over HTTPS settings are now part of the Privacy & Security section of the Settings page and allow the user to choose from all the supported modes. Enterprise * You can find information about policy updates and enterprise specific bug fixes in the Firefox for Enterprise 114 Release Notes. Developer * Developer Information * The Copy as cURL feature, available in the Network panel, has been enhanced. It now supports the --compressed argument. * The Accessibility Inspector has been improved to accurately recognize all the ARIA roles like banner, main, navigation, and contentinfo, etc. This enhancement is particularly beneficial for web developers working with ARIA roles to improve web accessibility. * Firefox now provides support for the CSS Cascading Level 4 supports() syntax for @@import rules. This allows for the importation of other stylesheets based on support-dependency. In addition, the Inspector panel now accurately displays the conditions at the top of the imported rule. developer tools screenshot of the new @@import syntax rule Web Platform * DOM: Added support for ES Modules on DedicatedWorker and SharedWorker * WebTransport is now enabled by default and will be going to release with 114. As the original Explainer notes, it enables multiple use-cases that are hard or impossible to handle without it, especially for Gaming and live streaming. It covers cases that are problematic for alternative mechanisms, such as WebSockets. Built on top of HTTP3 (HTTP2 support will be coming later). The current implementation in Firefox is passing 505 out of 565 Web-Platform Tests. * CSS: The infinity and NaN constants are now supported inside the calc() function. Security fixes #CVE-2023-34414: Click-jacking certificate exceptions through rendering lag #CVE-2023-34415: Site-isolation bypass on sites that allow open redirects to data: urls #CVE-2023-34416: Memory safety bugs fixed in Firefox 114 and Firefox ESR 102.12 #CVE-2023-34417: Memory safety bugs fixed in Firefox 114 @ text @d1 1 a1 1 $NetBSD: patch-toolkit_xre_glxtest.cpp,v 1.6 2023/06/04 09:26:35 ryoon Exp $ @ 1.6 log @firefox: Update to 113.0.2 * Not tested under NetBSD/i386 and 9 for this commit. If you find problems, please report your failure to me. * Disable WebGL for a while to avoid runtime errors under NetBSD. * Do not pass '-j1 -j1' to cargo when MAKE_JOBS=1. * Do not restrict cargo to unconditional -j1. * Use ffmpeg6 instead of ffmpeg5. Changelog: 113.0.2 Fixed * Fixed an issue which caused Picture-in-Picture windows to not be snappable on Windows 11 or on systems with the FancyZones PowerToy installed (bug 1832331) * Fixed a video playback crash on some Windows systems with Intel graphics ( bug 1831329) * Fixed a bug which could cause Firefox to freeze on some pages when loading them with the Developer Tools Web Console open (bug 1828026) * Fixed a bug which would cause the bookmarks and history sidebars to not properly react to the browser window being vertically resized (bug 1831535) 113.0.1 Fixed * Fixed incorrect colors for Windows users with installed monitor/display color profiles, particularly on wide gamut displays (bug 1832215) * Fixed borders being visible around fullscreen windows for some configurations (bug 1830721) * Fixed an issue which may cause users in some configurations to experience tearing when watching videos in fullscreen mode (bug 1830792) 113.0 New * Say hello to enhanced Picture-in-Picture! Rewind, check video duration, and effortlessly switch to full-screen mode on the web's most popular video websites. * Firefox's address bar is already a great place to search for what you're looking for. Now you'll always be able to see your web search terms and refine them while viewing your search's results - no additional scrolling needed! Also, a new result menu has been added making it easier to remove history results and dismiss sponsored Firefox Suggest entries. Image demonstrating search terms persisting in the address bar after hitting Enter for easier editing * Private windows now protect users even better by blocking third-party cookies and storage of content trackers. * Passwords automatically generated by Firefox now include special characters, giving users more secure passwords by default. * Firefox 113 introduces a redesigned accessibility engine which significantly improves the speed, responsiveness, and stability of Firefox when used with: + Screen readers, as well as certain other accessibility software; + East Asian input methods; + Enterprise single sign-on software; and + Other applications which use accessibility frameworks to access information. * Importing bookmarks from Safari or a Chrome-based browser? The favicons for those bookmarks will now also be imported by default to make them easier to identify. * Firefox 113 now supports AV1 Image Format files containing animations (AVIS), improving support for AVIF images across the web. * The Windows GPU sandbox first shipped in the Firefox 110 release has been tightened to enhance the security benefits it provides. * A 13-year-old feature request was fulfilled and Firefox now supports files being drag-and-dropped directly from Microsoft Outlook. A special thanks to volunteer contributor Marco Spiess for helping to get this across the finish line! * Users on macOS can now access the Services sub-menu directly from Firefox context menus. * On Windows, the elastic overscroll effect has been enabled by default. When two-finger scrolling on the touchpad or scrolling on the touchscreen, you will now see a bouncing animation when scrolling past the edge of a scroll container. * Firefox is now available in the Tajik (tg) language. Fixed * Various security fixes. Changed * The long-deprecated mozRTCPeerConnection, mozRTCIceCandidate, and mozRTCSessionDescription WebRTC interfaces have been removed. Sites should utilize the non-prefixed versions instead. Security fixes: #CVE-2023-32205: Browser prompts could have been obscured by popups #CVE-2023-32206: Crash in RLBox Expat driver #CVE-2023-32207: Potential permissions request bypass via clickjacking #CVE-2023-32208: Leak of script base URL in service workers via import() #CVE-2023-32209: Persistent DoS via favicon image #CVE-2023-32210: Incorrect principal object ordering #CVE-2023-32211: Content process crash due to invalid wasm code #CVE-2023-32212: Potential spoof due to obscured address bar #CVE-2023-32213: Potential memory corruption in FileReader::DoReadData() #MFSA-TMP-2023-0002: Race condition in dav1d decoding #CVE-2023-32214: Potential DoS via exposed protocol handlers #CVE-2023-32215: Memory safety bugs fixed in Firefox 113 and Firefox ESR 102.11 #CVE-2023-32216: Memory safety bugs fixed in Firefox 113 @ text @d1 1 a1 1 $NetBSD$ d5 5 a9 4 --- toolkit/xre/glxtest.cpp.orig 2023-04-14 16:28:10.000000000 +0000 +++ toolkit/xre/glxtest.cpp @@@@ -289,11 +289,15 @@@@ static void close_logging() { #define PCI_BASE_CLASS_DISPLAY 0x03 a10 1 static void get_pci_status() { @ 1.5 log @Update to 69.0 * Use clang to compile all files. Mix of gcc and clang causes some errors in Rust c++ command invocation (C++ header mismatches). Changelog: New Enhanced Tracking Protection (ETP) rolls out stronger privacy protections: The default standard setting for this feature now blocks third-party tracking cookies and cryptominers. The optional strict setting blocks fingerprinters as well as the items blocked in the standard setting. The Block Autoplay feature is enhanced to give users the option to block any video that automatically starts playing, not just those that automatically play with sound. For our users in the US or using the en-US browser, we are shipping a new “New Tab” page experience that connects you to the best of Pocket’s content. Support for the Web Authentication HmacSecret extension via Windows Hello now comes with this release, for versions of Windows 10 May 2019 or newer, enabling more passwordless experiences on the web. Support for receiving multiple video codecs with this release makes it easier for WebRTC conferencing services to mix video from different clients. For our users on Windows 10, you’ll see performance and UI improvements: Firefox will give Windows hints to appropriately set content process priority levels, meaning more processor time spent on the tasks you're actively working on, and less processor time spent on things in the background (with the exception of video and audio playback). For our existing Windows 10 users, you can easily find and launch Firefox from a shortcut on the Win10 taskbar. For our users on macOS, battery life and download UI are both improved: macOS users on dual-graphics-card machines (like MacBook Pro) will switch back to the low-power GPU more aggressively, saving battery life. Finder on macOS now displays download progress for files being downloaded. JIT support comes to ARM64 for improved performance of our JavaScript Optimizing JIT compiler. Fixed Various security fixes Changed As previously announced in the Plugin Roadmap for Firefox, the "Always Activate" option for Flash plugin content has been removed. Firefox will now always ask for user permission before activating Flash content on a website. With the deprecation of Adobe Flash Player, there is no longer a need to identify users on 32-bit version of the Firefox browser on 64-bit version operating systems reducing user agent fingerprinting factors providing greater level of privacy to our users as well as improving the experience of downloading other apps. Firefox no longer loads userChrome.css or userContent.css by default improving start-up performance. Users who wish to customize Firefox by using these files can set the toolkit.legacyUserProfileCustomizations.stylesheets preference to true to restore this ability. Enterprise For Enterprise system administrators that manage macOS computers, we begin shipping a Mozilla signed PKG installer to simplify your deployments. Developer For our mobile web developers, we have migrated remote debugging from the old WebIDE into a re-designed about:debugging, making debugging GeckoView on remote devices via USB rock solid. The network panel will now show blocked resources to allow developers to best understand the impact of content blocking and ad blocking extensions given our ongoing expansion of Enhanced Tracking Protection to all users with this release. The new event listener breakpoint feature allows developers to pause on a host of different event types, whether it be related to animations, DOM, media, mouse, touch, worker, and many other event types. Firefox Developer Tools now offers an audit for the presence of text alternatives for non-text content, the a11y panel checks toolbar has been augmented to better help developers adhere to WCAG Guideline 1.1. Security fixes: #CVE-2019-11751: Malicious code execution through command line parameters #CVE-2019-11746: Use-after-free while manipulating video #CVE-2019-11744: XSS by breaking out of title and textarea elements using innerHTML #CVE-2019-11742: Same-origin policy violation with SVG filters and canvas to steal cross-origin images #CVE-2019-11736: File manipulation and privilege escalation in Mozilla Maintenance Service #CVE-2019-11753: Privilege escalation with Mozilla Maintenance Service in custom Firefox installation location #CVE-2019-11752: Use-after-free while extracting a key value in IndexedDB #CVE-2019-9812: Sandbox escape through Firefox Sync #CVE-2019-11741: Isolate addons.mozilla.org and accounts.firefox.com #CVE-2019-11743: Cross-origin access to unload event attributes #CVE-2019-11749: Camera information available without prompting using getUserMedia #CVE-2019-5849: Out-of-bounds read in Skia #CVE-2019-11750: Type confusion in Spidermonkey #CVE-2019-11737: Content security policy directives ignore port and path if host is a wildcard #CVE-2019-11738: Content security policy bypass through hash-based sources in directives #CVE-2019-11747: 'Forget about this site' removes sites from pre-loaded HSTS list #CVE-2019-11734: Memory safety bugs fixed in Firefox 69 #CVE-2019-11735: Memory safety bugs fixed in Firefox 69 and Firefox ESR 68.1 #CVE-2019-11740: Memory safety bugs fixed in Firefox 69, Firefox ESR 68.1, and Firefox ESR 60.9 @ text @d1 1 a1 1 $NetBSD: patch-toolkit_xre_glxtest.cpp,v 1.4 2019/06/04 00:23:11 maya Exp $ d3 1 a3 3 Fix libGL filename on NetBSD, see https://bugzilla.mozilla.org/show_bug.cgi?id=1180498 https://hg.mozilla.org/integration/mozilla-inbound/rev/8bcc51aaa91e d5 1 a5 1 --- toolkit/xre/glxtest.cpp.orig 2019-03-07 16:53:43.000000000 +0000 d7 2 a8 2 @@@@ -116,7 +116,7 @@@@ void glxtest() { "The MOZ_AVOID_OPENGL_ALTOGETHER environment variable is defined"); d10 13 a22 6 ///// Open libGL and load needed symbols ///// -#ifdef __OpenBSD__ +#if defined(__OpenBSD__) || defined(__NetBSD__) # define LIBGL_FILENAME "libGL.so" #else # define LIBGL_FILENAME "libGL.so.1" @ 1.4 log @firefox: reference upstream commit in patch files. @ text @d1 1 a1 1 $NetBSD: patch-toolkit_xre_glxtest.cpp,v 1.3 2019/03/19 16:11:28 ryoon Exp $ @ 1.3 log @Update to 66.0 Changelog: New Firefox now prevents websites from automatically playing sound. You can add individual sites to an exceptions list or turn blocking off. To learn more about block autoplay, which will be rolled out gradually to all users, visit the Mozilla blog. Improved search experience: Find a specific webpage faster when you have a lot of tabs open: You can now search within all of your open tabs from the tab overflow menu Easier search via a redesigned new tab in Private Windows Smoother scrolling: Scroll anchoring keeps content from jumping as images and ads load at the top of the page Improved performance and better user experience for extensions: Extensions now store their settings in a Firefox database, rather than individual JSON files, making every site you visit faster A redesigned keyboard shortcuts section in about:addons makes it easier to view and adjust default shortcuts Redesigned certificate error pages help you better understand and resolve issues, including identification of certificate issuers for anti-virus software Added basic support for macOS Touch Bar Experimenting with an improved Pocket experience in New Tab with different layouts and more topical content Improved performance and reduced crash rates by [doubling web content loading processes from 4 to 8 [1] Easier, passwordless security: Added support for Windows Hello on Windows 10, allowing you to use your face, fingerprint, or external security keys for website authentication Fixed The Dark and Light Firefox themes now override the system setting for title bar accent color on Windows 10 Linux users: Resolved an issue that caused Firefox to freeze when downloading files Various security fixes Changed System title bar is hidden by default to match Gnome guideline for Linux users Developer DevTools Inspector is now fully usable when the Debugger is paused Lowered priority of setTimeout and setInterval during page load to improve overall page load performance Fixed: