head 1.7; access; symbols pkgsrc-2023Q2:1.5.0.2 pkgsrc-2023Q2-base:1.5 pkgsrc-2023Q1:1.3.0.2 pkgsrc-2023Q1-base:1.3 pkgsrc-2022Q4:1.2.0.14 pkgsrc-2022Q4-base:1.2 pkgsrc-2022Q3:1.2.0.12 pkgsrc-2022Q3-base:1.2 pkgsrc-2022Q2:1.2.0.10 pkgsrc-2022Q2-base:1.2 pkgsrc-2022Q1:1.2.0.8 pkgsrc-2022Q1-base:1.2 pkgsrc-2021Q4:1.2.0.6 pkgsrc-2021Q4-base:1.2 pkgsrc-2021Q3:1.2.0.4 pkgsrc-2021Q3-base:1.2 pkgsrc-2021Q2:1.2.0.2 pkgsrc-2021Q2-base:1.2 pkgsrc-2021Q1:1.1.0.6 pkgsrc-2021Q1-base:1.1 pkgsrc-2020Q4:1.1.0.4 pkgsrc-2020Q4-base:1.1 pkgsrc-2020Q3:1.1.0.2 pkgsrc-2020Q3-base:1.1; locks; strict; comment @// @; 1.7 date 2023.08.03.22.02.33; author ryoon; state dead; branches; next 1.6; commitid RciuY6ggGfxDcozE; 1.6 date 2023.07.07.13.47.10; author ryoon; state Exp; branches; next 1.5; commitid 2n2W1ND0SO1wkSvE; 1.5 date 2023.04.18.14.00.11; author ryoon; state Exp; branches; next 1.4; commitid G6aYPlXzPWOoYAlE; 1.4 date 2023.04.05.14.22.36; author ryoon; state Exp; branches; next 1.3; commitid 2mcgkmDUoGwYvVjE; 1.3 date 2023.01.24.17.57.09; author nia; state Exp; branches; next 1.2; commitid 9Me0jLePQPV5ZOaE; 1.2 date 2021.04.19.13.50.07; author ryoon; state Exp; branches; next 1.1; commitid YOkKKiXUfxrMlUPC; 1.1 date 2020.07.31.01.26.43; author maya; state Exp; branches; next ; commitid NZJY5AnnHFXdEaiC; desc @@ 1.7 log @firefox: Update to 116.0 * speech-dispatcher is not tested yet. Changelog: New * Sidebar switcher allows users to access Bookmarks, History and Synced Tabs panels easily, quickly switch between them, move the sidebar to another side of the browser window, or close the sidebar. Now, keyboard users would be able to do it all with ease too, with or without any assistive technology running, without needing to memorize keyboard shortcuts to access these panels. * When an update is available in English locales, users will now have access to the release notes in the update notification prompt in the form of a "Learn More" link. * It is now possible to copy any file from your operating system and paste it into Firefox. * You asked, and we listened! The volume slider is now available in Picture-in-Picture. * We added the possibility to edit existing text annotations. Fixed * The upload performance of HTTP/2 has been significantly improved starting with Firefox 115.0, particularly on those with a higher bandwidth delay product (i.e., networks characterized by both high bandwidth and high latency). * Various security fixes. Changed * The keyboard shortcut to reopen closed tabs (command + shift + t) now reopens last closed tab or last closed window, in the order items were closed. If there aren't any tabs or windows to reopen, this command restores the previous session. This change is in anticipation of upcoming changes to recently closed tabs. Security fixes: #CVE-2023-4045: Offscreen Canvas could have bypassed cross-origin restrictions #CVE-2023-4046: Incorrect value used during WASM compilation #CVE-2023-4047: Potential permissions request bypass via clickjacking #CVE-2023-4048: Crash in DOMParser due to out-of-memory conditions #CVE-2023-4049: Fix potential race conditions when releasing platform objects #CVE-2023-4050: Stack buffer overflow in StorageManager #CVE-2023-4051: Full screen notification obscured by file open dialog #CVE-2023-4052: File deletion and privilege escalation through Firefox uninstaller #CVE-2023-4053: Full screen notification obscured by external program #CVE-2023-4054: Lack of warning when opening appref-ms files #CVE-2023-4055: Cookie jar overflow caused unexpected cookie jar state #CVE-2023-4056: Memory safety bugs fixed in Firefox 116, Firefox ESR 115.1, Firefox ESR 102.14, Thunderbird 115.1, and Thunderbird 102.14 #CVE-2023-4057: Memory safety bugs fixed in Firefox 116, Firefox ESR 115.1, and Thunderbird 115.1 #CVE-2023-4058: Memory safety bugs fixed in Firefox 116 @ text @$NetBSD: patch-widget_gtk_DMABufSurface.cpp,v 1.6 2023/07/07 13:47:10 ryoon Exp $ No eventfd on NetBSD 9 and older, fix build --- widget/gtk/DMABufSurface.cpp.orig 2023-06-22 21:19:23.000000000 +0000 +++ widget/gtk/DMABufSurface.cpp @@@@ -6,6 +6,9 @@@@ #include "DMABufSurface.h" +#if defined(__NetBSD__) +#include +#endif #include #include #include @@@@ -18,7 +21,9 @@@@ #include #include #include +#if !(defined(__NetBSD__) && (__NetBSD_Version__ - 0 < 1000000000)) #include +#endif #include #include @@@@ -147,6 +152,7 @@@@ void DMABufSurface::GlobalRefAdd() { } void DMABufSurface::GlobalRefCountCreate() { +#if !(defined(__NetBSD__) && (__NetBSD_Version__ - 0 < 1000000000)) LOGDMABUFREF(("DMABufSurface::GlobalRefCountCreate UID %d", mUID)); MOZ_DIAGNOSTIC_ASSERT(!mGlobalRefCountFd); // Create global ref count initialized to 0, @@@@ -159,6 +165,7 @@@@ void DMABufSurface::GlobalRefCountCreate mGlobalRefCountFd = 0; return; } +#endif } void DMABufSurface::GlobalRefCountImport(int aFd) { @ 1.6 log @firefox: Update to 115.0 Changelog: New * Migrating from another browser? Now you can bring over payment methods you've saved in Chrome-based browsers to Firefox. * Hardware video decoding is now enabled for Intel GPUs on Linux. * The Tab Manager dropdown now features close buttons, so you can close tabs more quickly. * We've refreshed and streamlined the user interface for importing data in from other browsers. * Users without platform support for H264 video decoding can now fallback to Cisco's OpenH264 plugin for playback. Fixed * Windows Magnifier now follows the text cursor correctly when the Firefox title bar is visible. * Windows users on low-end/USB wifi drivers and with OS geolocation disabled can now approve geolocation on a case by case basis without causing system-wide network instability. * Various security fixes. Changed * Undo and redo are now available in Password fields. * On Linux, middle clicks on the new tab button will now open the xclipboard contents in the new tab. If the xclipboard content is a URL then that URL is opened, any other text is opened with your default search provider. * For users with a Firefox Colorways built-in theme, the theme will be automatically migrated to the same theme hosted on addons.mozilla.org for Firefox profiles that have disabled add-ons auto-updates. This will allow users to keep their Colorways theme when they are later removed from Firefox installer files. * Certain Firefox users may come across a message in the extensions panel indicating that their add-ons are not allowed on the site currently open. We have introduced a new back-end feature to only allow some extensions monitored by Mozilla to run on specific websites for various reasons, including security concerns. Security fixes: #CVE-2023-3482: Block all cookies bypass for localstorage #CVE-2023-37201: Use-after-free in WebRTC certificate generation #CVE-2023-37202: Potential use-after-free from compartment mismatch in SpiderMonkey #CVE-2023-37203: Drag and Drop API may provide access to local system files #CVE-2023-37204: Fullscreen notification obscured via option element #CVE-2023-37205: URL spoofing in address bar using RTL characters #CVE-2023-37206: Insufficient validation of symlinks in the FileSystem API #CVE-2023-37207: Fullscreen notification obscured #CVE-2023-37208: Lack of warning when opening Diagcab files #CVE-2023-37209: Use-after-free in `NotifyOnHistoryReload` #CVE-2023-37210: Full-screen mode exit prevention #CVE-2023-37211: Memory safety bugs fixed in Firefox 115, Firefox ESR 102.13, and Thunderbird 102.13 #CVE-2023-37212: Memory safety bugs fixed in Firefox 115 @ text @d1 1 a1 1 $NetBSD: patch-widget_gtk_DMABufSurface.cpp,v 1.5 2023/04/18 14:00:11 ryoon Exp $ @ 1.5 log @firefox: Update to 112.0.1 Changelog: 112.0.1 Fixed * Fixed a bug where cookie dates appear to be set in the far future after updating Firefox. This may have caused cookies to be unintentionally purged. (bug 1827669). 112.0 New * Right-clicking on password fields now shows an option to reveal the password. * Ubuntu Linux users can now import their browser data from the Chromium Snap package. Currently, this will only work if Firefox is not also installed as a Snap package, but work is underway to address this! * Do you use the tab list panel in the tab bar? If so, you can now close tabs by middle-clicking items in that list. * You've always been able to un-close a tab by using (Cmd/Ctrl)-Shift-T. Now, that same shortcut will restore the previous session if there are no more closed tabs from the same session to re-open. * For all ETP Strict users, we extended the list of known tracking parameters that are removed from URLs to further protect our users from cross-site tracking. * Enables overlay of software-decoded video on Intel GPUs in Windows. Improves video down scaling quality and reduces GPU usage. * Private windows and ETP set to strict will now include email tracking protection. This will make it harder for email trackers to learn the browsing habits of Firefox users. You can check the Tracking Content in the sub-panel on the shield icon panel. Fixed * Various security fixes. Changed * The deprecated U2F Javascript API is now disabled by default. The U2F protocol remains usable through the WebAuthn API. The U2F API can be re-enabled using the security.webauth.u2f preference. Security fixes: #CVE-2023-29531: Out-of-bound memory access in WebGL on macOS #CVE-2023-29532: Mozilla Maintenance Service Write-lock bypass #CVE-2023-29533: Fullscreen notification obscured #CVE-2023-29534: Fullscreen notification could have been obscured on Firefox for Android #CVE-2023-1999: Double-free in libwebp #CVE-2023-29535: Potential Memory Corruption following Garbage Collector compaction #CVE-2023-29536: Invalid free from JavaScript code #CVE-2023-29537: Data Races in font initialization code #CVE-2023-29538: Directory information could have been leaked to WebExtensions #CVE-2023-29539: Content-Disposition filename truncation leads to Reflected File Download #CVE-2023-29540: Iframe sandbox bypass using redirects and sourceMappingUrls #CVE-2023-29541: Files with malicious extensions could have been downloaded unsafely on Linux #CVE-2023-29542: Bypass of file download extension restrictions #CVE-2023-29543: Use-after-free in debugging APIs #CVE-2023-29544: Memory Corruption in garbage collector #CVE-2023-29545: Windows Save As dialog resolved environment variables #CVE-2023-29546: Screen recording in Private Browsing included address bar on Android #CVE-2023-29547: Secure document cookie could be spoofed with insecure cookie #CVE-2023-29548: Incorrect optimization result on ARM64 #CVE-2023-29549: Javascript's bind function may have failed #CVE-2023-29550: Memory safety bugs fixed in Firefox 112 and Firefox ESR 102.10 #CVE-2023-29551: Memory safety bugs fixed in Firefox 112 @ text @d1 1 a1 1 $NetBSD: patch-widget_gtk_DMABufSurface.cpp,v 1.4 2023/04/05 14:22:36 ryoon Exp $ d5 1 a5 1 --- widget/gtk/DMABufSurface.cpp.orig 2023-03-30 21:16:10.000000000 +0000 d27 1 a27 1 @@@@ -134,6 +139,7 @@@@ void DMABufSurface::GlobalRefAdd() { d32 2 a33 1 MOZ_ASSERT(!mGlobalRefCountFd); d35 1 a35 2 // i.e. is not referenced after create. @@@@ -145,6 +151,7 @@@@ void DMABufSurface::GlobalRefCountCreate @ 1.4 log @firefox: Update to 111.0.1 * Enable eventfd(2) for NetBSD 10 or later. * Fix LICENSE in official Firefox branding case. Changelog: 111.0.1 Fixed * Fixed a crash on macOS while pinch-zooming under some circumstances (bug 1658986). * Fixed a bug causing Firefox to freeze on startup for some Windows users ( bug 1823159). 111.0 New * Windows native notifications are now enabled. * Firefox Relay users can now opt-in to create Relay email masks directly from the Firefox credential manager. You must be signed in with your Firefox Account. * We've added two new locales: Silhe Friulian (fur) and Sardinian (sc). Fixed * Various security fixes. Security fixes #CVE-2023-28159: Fullscreen Notification could have been hidden by download popups on Android #CVE-2023-25748: Fullscreen Notification could have been hidden by window prompts on Android #CVE-2023-25749: Firefox for Android may have opened third-party apps without a prompt #CVE-2023-25750: Potential ServiceWorker cache leak during private browsing mode #CVE-2023-25751: Incorrect code generation during JIT compilation #CVE-2023-28160: Redirect to Web Extension files may have leaked local path #CVE-2023-28164: URL being dragged from a removed cross-origin iframe into the same tab triggered navigation #CVE-2023-28161: One-time permissions granted to a local file were extended to other local files loaded in the same tab #CVE-2023-28162: Invalid downcast in Worklets #CVE-2023-25752: Potential out-of-bounds when accessing throttled streams #CVE-2023-28163: Windows Save As dialog resolved environment variables #CVE-2023-28176: Memory safety bugs fixed in Firefox 111 and Firefox ESR 102.9 #CVE-2023-28177: Memory safety bugs fixed in Firefox 111 @ text @d1 1 a1 1 $NetBSD: patch-widget_gtk_DMABufSurface.cpp,v 1.3 2023/01/24 17:57:09 nia Exp $ d5 1 a5 1 --- widget/gtk/DMABufSurface.cpp.orig 2023-03-02 21:15:57.000000000 +0000 d27 1 a27 1 @@@@ -128,6 +133,7 @@@@ void DMABufSurface::GlobalRefAdd() { d33 3 a35 3 mGlobalRefCountFd = eventfd(0, EFD_CLOEXEC | EFD_NONBLOCK | EFD_SEMAPHORE); if (mGlobalRefCountFd < 0) { @@@@ -137,6 +143,7 @@@@ void DMABufSurface::GlobalRefCountCreate @ 1.3 log @firefox: Update patch comments. @ text @d1 1 a1 1 $NetBSD: patch-widget_gtk_DMABufSurface.cpp,v 1.2 2021/04/19 13:50:07 ryoon Exp $ d5 1 a5 1 --- widget/gtk/DMABufSurface.cpp.orig 2021-04-08 21:20:12.000000000 +0000 d7 11 a17 1 @@@@ -18,7 +18,9 @@@@ d21 1 a21 1 +#ifndef __NetBSD__ d27 1 a27 1 @@@@ -97,6 +99,7 @@@@ void DMABufSurface::GlobalRefAdd() { d31 1 a31 1 +#ifndef __NetBSD__ d35 1 a35 1 @@@@ -106,6 +109,7 @@@@ void DMABufSurface::GlobalRefCountCreate @ 1.2 log @firefox: Update to 88.0 Changelog: New * PDF forms now support JavaScript embedded in PDF files. Some PDF forms use JavaScript for validation and other interactive features. * Print updates: Margin units are now localized. * Smooth pinch-zooming using a touchpad is now supported on Linux * To protect against cross-site privacy leaks, Firefox now isolates window.name data to the website that created it. Learn more Fixed * Screen readers no longer incorrectly read content that websites have visually hidden, as in the case of articles in the Google Help panel. * Various security fixes. Changed * Firefox will not prompt for access to your microphone or camera if you've already granted access to the same device on the same site in the same tab within the past 50 seconds. This new grace period reduces the number of times you're prompted to grant device access. * The "Take a Screenshot" feature was removed from the Page Actions menu in the url bar. To take a screenshot, right-click to open the context menu. You can also add a screenshots shortcut directly to your toolbar via the Customize menu. Open the Firefox menu and select Customize... * FTP support has been disabled, and its full removal is planned for an upcoming release. Addressing this security risk reduces the likelihood of an attack while also removing support for a non-encrypted protocol. Security fixes: #CVE-2021-23994: Out of bound write due to lazy initialization #CVE-2021-23995: Use-after-free in Responsive Design Mode #CVE-2021-23996: Content rendered outside of webpage viewport #CVE-2021-23997: Use-after-free when freeing fonts from cache #CVE-2021-23998: Secure Lock icon could have been spoofed #CVE-2021-23999: Blob URLs may have been granted additional privileges #CVE-2021-24000: requestPointerLock() could be applied to a tab different from the visible tab #CVE-2021-24001: Testing code could have enabled session history manipulations by a compromised content process #CVE-2021-24002: Arbitrary FTP command execution on FTP servers using an encoded URL #CVE-2021-29945: Incorrect size computation in WebAssembly JIT could lead to null-reads #CVE-2021-29944: HTML injection vulnerability in Firefox for Android's Reader View #CVE-2021-29946: Port blocking could be bypassed #CVE-2021-29947: Memory safety bugs fixed in Firefox 88 @ text @d1 1 a1 1 $NetBSD: patch-widget_gtk_DMABufSurface.cpp,v 1.1 2020/07/31 01:26:43 maya Exp $ d3 1 a3 1 No eventfd on netbsd, fix build @ 1.1 log @firefox: update to 79.0 New We’ve rolled out WebRender to more Windows users with Intel and AMD GPUs, bringing improved graphics performance to an even larger audience. Firefox users in Germany will now see more Pocket recommendations in their new tab featuring some of the best stories on the web. If you don’t see them, you can turn on Pocket articles in your new tab by following these steps. Fixed Various security fixes. Several crashes while using a screen reader were fixed, including a frequently encountered crash when using the JAWS screen reader. Firefox Developer Tools received significant fixes allowing screen reader users to benefit from some of the tools that were previously inaccessible. SVG title and desc elements (labels and descriptions) are now correctly exposed to assistive technology products such as screen readers. Enterprise A number of bug fixes and new policies have been implemented in the latest version of Firefox. You can see more details in the Firefox for Enterprise 79 Release Notes. Updates to the password policy allow admins to require a primary password (formerly called master password. Previously the policy could disable the primary password but not force a primary password. Users required to use a primary password will only be asked to create a primary password the first time they try to save a password. Developer Developer Information Newly added asynchronous call stacks let developers trace their async code through events, timeouts, and promises. The async execution chains are shown in the Debugger’s call stack, but also for stack traces in Console errors and Network initiators. Erroneous network responses with 4xx/5xx status codes display as errors in the Console, making it easy to understand them in the context of related logs. The request/response details can be expanded or resent for quick debugging. JavaScript errors are now visible not only in the Console, but also in the Debugger. The relevant line of code will be highlighted and display error details on hover. Opening SCSS and CSS-in-JS sources from the Inspector now works more reliably thanks to improved source map handling across all panels. Inspecting accessibility properties from the browser context menu is now available to all users by default. @ text @d1 1 a1 1 $NetBSD$ d5 1 a5 1 --- widget/gtk/DMABufSurface.cpp.orig 2020-07-20 20:56:52.000000000 +0000 d15 1 d17 1 a17 2 #include "mozilla/widget/gbm.h" @@@@ -91,6 +93,7 @@@@ void DMABufSurface::GlobalRefAdd() { d25 1 a25 1 @@@@ -98,6 +101,7 @@@@ void DMABufSurface::GlobalRefCountCreate @