head	1.6;
access;
symbols
	pkgsrc-2014Q3:1.4.0.2
	pkgsrc-2014Q3-base:1.4
	pkgsrc-2014Q2:1.3.0.2
	pkgsrc-2014Q2-base:1.3;
locks; strict;
comment	@// @;


1.6
date	2014.10.15.13.07.07;	author ryoon;	state dead;
branches;
next	1.5;
commitid	BxXu2KLWwPm1yiUx;

1.5
date	2014.10.05.01.59.08;	author ryoon;	state Exp;
branches;
next	1.4;
commitid	kbqsx4twOadQaXSx;

1.4
date	2014.07.24.14.57.12;	author ryoon;	state Exp;
branches;
next	1.3;
commitid	fruNobPhlaJdPDJx;

1.3
date	2014.06.11.00.41.36;	author ryoon;	state Exp;
branches;
next	1.2;
commitid	tv3gQQs2QKvtt2Ex;

1.2
date	2014.05.30.10.22.06;	author pho;	state dead;
branches;
next	1.1;
commitid	pujOAy5YvcBW3yCx;

1.1
date	2014.05.30.03.03.36;	author pho;	state Exp;
branches;
next	;
commitid	SyhQGFZ06rmWDvCx;


desc
@@


1.6
log
@Update to 33.0

Changelog:
New
OpenH264 support (sandboxed)

New
Improved search experience through the location bar

New
Slimmer and faster JavaScript strings

New
Search suggestions on the Firefox Start (about:home) and new tab (about:newtab) pages

New
Windows: OMTC enabled by default

New
New CSP (Content Security Policy) backend

New
Support for connecting to HTTP proxy over HTTPS

New
Improved reliability of the session restoration

New
Azerbaijani [az] locale added

Changed
Proprietary window.crypto properties/functions removed

Changed
JSD (JavaScript Debugger Service) removed in favor of the Debugger interface

HTML5
@@counter-style rule from CSS3 Counter Styles specification implemented

HTML5
DOMMatrix interface implemented

Developer
Cubic-bezier curves editor

Developer
Display which elements have listeners attached

Developer
New sidebar which displays a list of shortcuts to every @@media rule in the current stylesheet

Developer
Paint flashing for browser content repaints

Developer
Editable @@keyframes rules in the Rules section of the Inspector

Developer
CSS transform highlighter in the style-inspector

Fixed
Fix incomplete downloads being marked as complete by detecting broken HTTP1.1 transfers (237623)

Fixed
Various security fixes

Fixed in Firefox 33
MFSA 2014-82 Accessing cross-origin objects via the Alarms API
MFSA 2014-81 Inconsistent video sharing within iframe
MFSA 2014-80 Key pinning bypasses
MFSA 2014-79 Use-after-free interacting with text directionality
MFSA 2014-78 Further uninitialized memory use during GIF
MFSA 2014-77 Out-of-bounds write with WebM video
MFSA 2014-76 Web Audio memory corruption issues with custom waveforms
MFSA 2014-75 Buffer overflow during CSS manipulation
MFSA 2014-74 Miscellaneous memory safety hazards (rv:33.0 / rv:31.2)
@
text
@$NetBSD: patch-xpcom_base_nsUUIDGenerator.cpp,v 1.5 2014/10/05 01:59:08 ryoon Exp $

--- xpcom/base/nsUUIDGenerator.cpp.orig	2014-09-24 01:05:41.000000000 +0000
+++ xpcom/base/nsUUIDGenerator.cpp
@@@@ -16,6 +16,10 @@@@
 
 #include "nsUUIDGenerator.h"
 
+#ifdef ANDROID
+extern "C" NS_EXPORT void arc4random_buf(void *, size_t);
+#endif
+
 using namespace mozilla;
 
 NS_IMPL_ISUPPORTS(nsUUIDGenerator, nsIUUIDGenerator)
@@@@ -35,7 +39,7 @@@@ nsUUIDGenerator::Init()
   // We're a service, so we're guaranteed that Init() is not going
   // to be reentered while we're inside Init().
 
-#if !defined(XP_WIN) && !defined(XP_MACOSX) && !defined(ANDROID)
+#if !defined(XP_WIN) && !defined(XP_MACOSX) && !defined(HAVE_ARC4RANDOM)
   /* initialize random number generator using NSPR random noise */
   unsigned int seed;
 
@@@@ -72,7 +76,7 @@@@ nsUUIDGenerator::Init()
   }
 #endif
 
-#endif /* non XP_WIN and non XP_MACOSX */
+#endif /* non XP_WIN and non XP_MACOSX and non ARC4RANDOM */
 
   return NS_OK;
 }
@@@@ -122,13 +126,16 @@@@ nsUUIDGenerator::GenerateUUIDInPlace(nsI
    * back to it; instead, we use the value returned when we called
    * initstate, since older glibc's have broken setstate() return values
    */
-#ifndef ANDROID
+#ifndef HAVE_ARC4RANDOM
   setstate(mState);
 #endif
 
+#ifdef HAVE_ARC4RANDOM_BUF
+  arc4random_buf(aId, sizeof(nsID));
+#else /* HAVE_ARC4RANDOM_BUF */
   size_t bytesLeft = sizeof(nsID);
   while (bytesLeft > 0) {
-#ifdef ANDROID
+#ifdef HAVE_ARC4RANDOM
     long rval = arc4random();
     const size_t mRBytes = 4;
 #else
@@@@ -150,6 +157,7 @@@@ nsUUIDGenerator::GenerateUUIDInPlace(nsI
 
     bytesLeft -= toWrite;
   }
+#endif /* HAVE_ARC4RANDOM_BUF */
 
   /* Put in the version */
   aId->m2 &= 0x0fff;
@@@@ -159,7 +167,7 @@@@ nsUUIDGenerator::GenerateUUIDInPlace(nsI
   aId->m3[0] &= 0x3f;
   aId->m3[0] |= 0x80;
 
-#ifndef ANDROID
+#ifndef HAVE_ARC4RANDOM
   /* Restore the previous RNG state */
   setstate(mSavedState);
 #endif
@


1.5
log
@Update to 32.0.3

Changelog:

Fixed
32.0.3: New security fixes can be found here

New
New HTTP cache provides improved performance including crash recovery

New
Integration of generational garbage collection

New
Public key pinning support enabled

New
View historical use information for logins stored in password manager

New
Display the number of found items in the find toolbar

New
Easier back, forward, reload, and bookmarking through the context menu

New
Lower Sorbian [dsb] locale added

Changed
Removed and turned off trust bit for some 1024-bit root certificates

Changed
Performance improvements to Password Manager and Add-on Manager

HTML5
drawFocusIfNeeded enabled by default

HTML5
ECMAScript 6 built-in method Array#copyWithin implemented

HTML5
CSS position:sticky enabled by default

HTML5
mix-blend-mode enabled by default

HTML5
New Array built-in: Array.from()

HTML5
navigator.languages property and languagechange event implemented

HTML5
Vibration API updated to latest W3C spec

HTML5
CSS box-decoration-break replaces -moz-background-inline-policy

HTML5
box-decoration-break enabled by default

Developer
HiDPI support in Developer Tools UI

Developer
Inspector button moved to the top left

Developer
Hidden nodes displayed differently in the markup-view

Developer
New Web Audio Editor

Developer
Code completion and inline documentation added to Scratchpad

Fixed
32.0.2 - Corrupt installations cause Firefox to crash on update

Fixed
32.0.1 - Stability issues for computers with multiple graphics cards

Fixed
32.0.1 - Mixed content icon may be incorrectly displayed instead of lock icon for SSL sites

Fixed
32.0.1 - WebRTC: setRemoteDescription() silently fails if no success callback is specified

Fixed
Various security fixes

Fixed
Mac OS X: cmd-L does not open a new window when no window is available

Fixed
Text Rendering Issues on Windows 7 with Platform Update KB2670838 (MSIE 10 Prerequisite) or on Windows 8.1


Security fixes:
Fixed in Firefox 32.0.3
MFSA 2014-73 RSA Signature Forgery in NSS

Fixed in Firefox 32
MFSA 2014-72 Use-after-free setting text directionality
MFSA 2014-71 Profile directory file access through file: protocol
MFSA 2014-70 Out-of-bounds read in Web Audio audio timeline
MFSA 2014-69 Uninitialized memory use during GIF rendering
MFSA 2014-68 Use-after-free during DOM interactions with SVG
MFSA 2014-67 Miscellaneous memory safety hazards (rv:32.0 / rv:31.1 / rv:24.8)
@
text
@d1 1
a1 1
$NetBSD: patch-xpcom_base_nsUUIDGenerator.cpp,v 1.4 2014/07/24 14:57:12 ryoon Exp $
@


1.4
log
@Update to 31.0

Changelog:
    New
    Add the search field to the new tab page

    New
    Support of Prefer:Safe http header for parental control (learn more)

    New
    mozilla::pkix as default certificate verifier (learn more)

    New
    Block malware from downloaded files (learn more)

    New
    Partial implementation of the OpenType MATH table (section 6.3.6) see documentation about mathematical fonts and the MathML Torture Test for details

    New
    audio/video .ogg and .pdf files handled by Firefox if no application specified (Windows only)

    New
    Upper Sorbian [hsb] locale added

    Changed
    Removal of the CAPS infrastructure for specifying site-specific permissions (via capability.policy.* preferences). Most notably, attempts to use this functionality to grant access to the clipboard will no longer work. The sole exception is the checkloaduri permission, which may still be used as before to allow sites to load file:// URIs.

    HTML5
    WebVTT implemented and enabled (learn more)

    HTML5
    CSS3 variables implemented (learn more)

    Developer
    Developer Tools: Add-on Debugger (learn more)

    Developer
    Developer Tools: Canvas Debugger (learn more)

    Developer
    New Array built-in: Array.prototype.fill() (learn more)

    Developer
    New Object built-in: Object.setPrototypeOf() (learn more)

    Developer
    CSP 1.1 nonce-source and hash-source enabled by default

    Developer
    Developer Tools: Eyedropper tool added to the color picker (learn more)

    Developer
    Developer Tools: Editable Box Model (learn more)

    Developer
    Developer Tools: Code Editor improvements (learn more)

    Developer
    Developer Tools: Console stack traces (learn more)

    Developer
    Developer Tools: Copy as cURL (learn more)

    Developer
    Developer Tools: Styled console logs (learn more)

    Developer
    navigator.sendBeacon enabled by default (learn more)

    Developer
    Dialogs spawned from the onbeforeunload event no longer block access to the rest of the browser

    Fixed
    Search for partially selected link text from context menu (985824)

    Fixed
    Various security fixes

Fixed in Firefox 31
MFSA 2014-66 IFRAME sandbox same-origin access through redirect
MFSA 2014-65 Certificate parsing broken by non-standard character encoding
MFSA 2014-64 Crash in Skia library when scaling high quality images
MFSA 2014-63 Use-after-free while when manipulating certificates in the trusted cache
MFSA 2014-62 Exploitable WebGL crash with Cesium JavaScript library
MFSA 2014-61 Use-after-free with FireOnStateChange event
MFSA 2014-60 Toolbar dialog customization event spoofing
MFSA 2014-59 Use-after-free in DirectWrite font handling
MFSA 2014-58 Use-after-free in Web Audio due to incorrect control message ordering
MFSA 2014-57 Buffer overflow during Web Audio buffering for playback
MFSA 2014-56 Miscellaneous memory safety hazards (rv:31.0 / rv:24.7)
@
text
@d1 1
a1 1
$NetBSD: patch-xpcom_base_nsUUIDGenerator.cpp,v 1.3 2014/06/11 00:41:36 ryoon Exp $
d3 1
a3 1
--- xpcom/base/nsUUIDGenerator.cpp.orig	2014-07-17 01:45:42.000000000 +0000
d5 1
a5 1
@@@@ -15,6 +15,10 @@@@
d16 4
a19 4
@@@@ -34,7 +38,7 @@@@ nsUUIDGenerator::Init()
     // We're a service, so we're guaranteed that Init() is not going
     // to be reentered while we're inside Init().
     
d22 2
a23 2
     /* initialize random number generator using NSPR random noise */
     unsigned int seed;
d25 2
a26 2
@@@@ -67,7 +71,7 @@@@ nsUUIDGenerator::Init()
         return NS_ERROR_FAILURE;
d32 1
a32 1
     return NS_OK;
d34 4
a37 4
@@@@ -114,13 +118,16 @@@@ nsUUIDGenerator::GenerateUUIDInPlace(nsI
      * back to it; instead, we use the value returned when we called
      * initstate, since older glibc's have broken setstate() return values
      */
d40 1
a40 1
     setstate(mState);
d44 1
a44 1
+    arc4random_buf(id, sizeof(nsID));
d46 2
a47 2
     size_t bytesLeft = sizeof(nsID);
     while (bytesLeft > 0) {
d50 2
a51 2
         long rval = arc4random();
         const size_t mRBytes = 4;
d53 1
a53 1
@@@@ -141,6 +148,7 @@@@ nsUUIDGenerator::GenerateUUIDInPlace(nsI
d55 2
a56 2
         bytesLeft -= toWrite;
     }
d59 5
a63 5
     /* Put in the version */
     id->m2 &= 0x0fff;
@@@@ -150,7 +158,7 @@@@ nsUUIDGenerator::GenerateUUIDInPlace(nsI
     id->m3[0] &= 0x3f;
     id->m3[0] |= 0x80;
d67 2
a68 2
     /* Restore the previous RNG state */
     setstate(mSavedState);
@


1.3
log
@Add patches
@
text
@d1 1
a1 1
$NetBSD$
d3 1
a3 1
--- xpcom/base/nsUUIDGenerator.cpp.orig	2014-05-29 23:31:50.000000000 +0000
d15 1
a15 1
 NS_IMPL_ISUPPORTS1(nsUUIDGenerator, nsIUUIDGenerator)
@


1.2
log
@PR pkg/48840: Remove most patches that I have recently added

The preprocessor macro XP_MACOSX is misused everywhere. They tend to
say "#if defined(XP_MACOSX)" to actually mean
"#if defined(MOZ_WIDGET_COCOA)". It's okay to equate XP_MACOSX with
XP_DARWIN but equating it with MOZ_WIDGET_COCOA is just wrong. As a
result, cairo-gtk2 build on Darwin is completely broken and needs
heavy patching. Ideally they should be fixed individually but that
will be an extremely hard work, so don't define XP_MACOSX for now.
@
text
@d1 1
a1 1
$NetBSD: patch-xpcom_base_nsUUIDGenerator.cpp,v 1.1 2014/05/30 03:03:36 pho Exp $
d3 1
a3 3
Don't assume cocoa toolkit just because OS_ARCH is Darwin.

--- xpcom/base/nsUUIDGenerator.cpp.orig	2014-05-06 22:56:38.000000000 +0000
d5 12
a16 10
@@@@ -6,7 +6,7 @@@@
 #if defined(XP_WIN)
 #include <windows.h>
 #include <objbase.h>
-#elif defined(XP_MACOSX)
+#elif defined(MOZ_WIDGET_COCOA)
 #include <CoreFoundation/CoreFoundation.h>
 #else
 #include <stdlib.h>
@@@@ -34,7 +34,7 @@@@ nsUUIDGenerator::Init()
d21 1
a21 1
+#if !defined(XP_WIN) && !defined(MOZ_WIDGET_COCOA) && !defined(ANDROID)
d25 1
a25 1
@@@@ -67,7 +67,7 @@@@ nsUUIDGenerator::Init()
d30 1
a30 1
+#endif /* non XP_WIN and non MOZ_WIDGET_COCOA */
d34 36
a69 9
@@@@ -100,7 +100,7 @@@@ nsUUIDGenerator::GenerateUUIDInPlace(nsI
     HRESULT hr = CoCreateGuid((GUID*)id);
     if (FAILED(hr))
         return NS_ERROR_FAILURE;
-#elif defined(XP_MACOSX)
+#elif defined(MOZ_WIDGET_COCOA)
     CFUUIDRef uuid = CFUUIDCreate(kCFAllocatorDefault);
     if (!uuid)
         return NS_ERROR_FAILURE;
@


1.1
log
@PR pkg/48840: Don't assume cocoa toolkit just because OS_ARCH is Darwin
@
text
@d1 1
a1 1
$NetBSD$
@