head	1.5;
access;
symbols
	pkgsrc-2019Q2:1.4.0.4
	pkgsrc-2019Q2-base:1.4
	pkgsrc-2019Q1:1.4.0.2
	pkgsrc-2019Q1-base:1.4
	pkgsrc-2018Q4:1.2.0.2
	pkgsrc-2018Q4-base:1.2;
locks; strict;
comment	@// @;


1.5
date	2019.07.11.11.32.40;	author ryoon;	state dead;
branches;
next	1.4;
commitid	78kKTlsMNaN1qCuB;

1.4
date	2019.03.19.16.11.28;	author ryoon;	state Exp;
branches;
next	1.3;
commitid	bdw7MgHtCcmRCZfB;

1.3
date	2019.01.29.16.28.22;	author ryoon;	state Exp;
branches;
next	1.2;
commitid	6ZD5e5dNV9phiH9B;

1.2
date	2018.11.14.18.51.40;	author wiz;	state Exp;
branches;
next	1.1;
commitid	h5TMDRhd6nRTwWZA;

1.1
date	2018.11.12.12.50.52;	author jperkin;	state Exp;
branches;
next	;
commitid	ran5DVIhqZL6BEZA;


desc
@@


1.5
log
@Update to 68.0

Changelog:

New
    Dark mode in reader view expands so that windows are also dark on the controls, sidebars and toolbars.

    Improved extension security and discovery:
        New reporting feature in about:addons allows you to report security and performance issues with extensions and themes.
        Redesigned extensions dashboard in about:addons provides easy access to information about your extensions, including data and settings access required by each extension.
        Find high quality, secure extensions via the Recommended Extensions program in about:addons, which now displays user count and ratings for each extension. "Recommended” badges for these extensions also appear on AMO. More extensions will be added over time.

    Cryptomining and fingerprinting protections are added to strict content blocking settings in Privacy & Security preferences.

    WebRender will roll out to Windows 10 users with AMD graphics cards.

    Windows Background Intelligent Transfer Service (BITS) update download support, which allows Firefox update downloads to continue when Firefox is closed.

Fixed

    Various security fixes

    Local files can no longer access other files in the same directory.

Security fixes:
#CVE-2019-9811: Sandbox escape via installation of malicious language pack
#CVE-2019-11711: Script injection within domain through inner window reuse
#CVE-2019-11712: Cross-origin POST requests can be made with NPAPI plugins by following 308 redirects
#CVE-2019-11713: Use-after-free with HTTP/2 cached stream
#CVE-2019-11714: NeckoChild can trigger crash when accessed off of main thread
#CVE-2019-11729: Empty or malformed p256-ECDH public keys may trigger a segmentation fault
#CVE-2019-11715: HTML parsing error can contribute to content XSS
#CVE-2019-11716: globalThis not enumerable until accessed
#CVE-2019-11717: Caret character improperly escaped in origins
#CVE-2019-11718: Activity Stream writes unsanitized content to innerHTML
#CVE-2019-11719: Out-of-bounds read when importing curve25519 private key
#CVE-2019-11720: Character encoding XSS vulnerability
#CVE-2019-11721: Domain spoofing through unicode latin 'kra' character
#CVE-2019-11730: Same-origin policy treats all files in a directory as having the same-origin
#CVE-2019-11723: Cookie leakage during add-on fetching across private browsing boundaries
#CVE-2019-11724: Retired site input.mozilla.org has remote troubleshooting permissions
#CVE-2019-11725: Websocket resources bypass safebrowsing protections
#CVE-2019-11727: PKCS#1 v1.5 signatures can be used for TLS 1.3
#CVE-2019-11728: Port scanning through Alt-Svc header
#CVE-2019-11710: Memory safety bugs fixed in Firefox 68
#CVE-2019-11709: Memory safety bugs fixed in Firefox 68 and Firefox ESR 60.8
@
text
@$NetBSD: patch-xpcom_components_nsComponentManager.cpp,v 1.4 2019/03/19 16:11:28 ryoon Exp $

Ensure symbols aren't pruned from being unused.

--- xpcom/components/nsComponentManager.cpp.orig	2019-03-07 16:53:45.000000000 +0000
+++ xpcom/components/nsComponentManager.cpp
@@@@ -268,8 +268,13 @@@@ NSMODULE_ASAN_BLACKLIST __declspec(alloc
 
 #  if defined(__ELF__) || (defined(_WIN32) && defined(__GNUC__))
 
+#ifdef __sun
+extern "C" mozilla::Module const* const __start_kPStaticModules = nullptr;
+extern "C" mozilla::Module const* const __stop_kPStaticModules = nullptr;
+#else
 extern "C" mozilla::Module const* const __start_kPStaticModules;
 extern "C" mozilla::Module const* const __stop_kPStaticModules;
+#endif
 
 #  elif defined(__MACH__)
 
@


1.4
log
@Update to 66.0

Changelog:
New
    Firefox now prevents websites from automatically playing sound. You can add individual sites to an exceptions list or turn blocking off. To learn more about block autoplay, which will be rolled out gradually to all users, visit the Mozilla blog.

    Improved search experience:
        Find a specific webpage faster when you have a lot of tabs open: You can now search within all of your open tabs from the tab overflow menu
        Easier search via a redesigned new tab in Private Windows

    Smoother scrolling: Scroll anchoring keeps content from jumping as images and ads load at the top of the page

    Improved performance and better user experience for extensions:
        Extensions now store their settings in a Firefox database, rather than individual JSON files, making every site you visit faster
        A redesigned keyboard shortcuts section in about:addons makes it easier to view and adjust default shortcuts

    Redesigned certificate error pages help you better understand and resolve issues, including identification of certificate issuers for anti-virus software

    Added basic support for macOS Touch Bar

    Experimenting with an improved Pocket experience in New Tab with different layouts and more topical content

    Improved performance and reduced crash rates by [doubling web content loading processes from 4 to 8 [1]

    Easier, passwordless security: Added support for Windows Hello on Windows 10, allowing you to use your face, fingerprint, or external security keys for website authentication

Fixed
    The Dark and Light Firefox themes now override the system setting for title bar accent color on Windows 10

    Linux users: Resolved an issue that caused Firefox to freeze when downloading files

    Various security fixes

Changed

    System title bar is hidden by default to match Gnome guideline for Linux users

Developer

    DevTools Inspector is now fully usable when the Debugger is paused

    Lowered priority of setTimeout and setInterval during page load to improve overall page load performance

    Fixed: <button> element is no longer special cased in event dispatch, per latest specifications

Security fixes:
Not available yet.
@
text
@d1 1
a1 1
$NetBSD: patch-xpcom_components_nsComponentManager.cpp,v 1.3 2019/01/29 16:28:22 ryoon Exp $
@


1.3
log
@Updatet to 65.0

Changelog:
New

    Enhanced tracking protection: Simplified content blocking settings give users standard, strict, and custom options to control online trackers. A redesigned content blocking section in the site information panel (viewed by expanding the small “i” icon in the address bar) shows what Firefox detects and blocks on each website you visit. To learn more about content blocking, visit the Mozilla Blog.

    A better experience for multilingual users: An updated Language section in Preferences allows users to install multiple language packs and order language preferences for Firefox and websites, without having to download locale-specific versions.

    Support for Handoff on macOS: Continue browsing across devices. Pick up where you left off with iOS (via Firefox or Safari) on Firefox on Mac.

    A better video streaming experience for Windows users: Firefox now supports the next-generation, royalty-free video compression technology called AV1. Read about Mozilla’s contribution to this new open standard.

    Improved performance and web compatibility, with support for the WebP image format: WebP brings the same image quality as existing formats at smaller file sizes, which saves bandwidth and speeds up page load.

Fixed

    Various security fixes.

Changed

    Enhanced security for macOS, Linux, and Android users via stronger stack smashing protection which is now enabled by default for all platforms. "Stack smashing" is a common security attack in which malicious actors corrupt or take control of a vulnerable program.

    Firefox will now warn you when closing a window (regardless of whether you have automatic session restore enabled for restart).

    Easier performance management: The revamped Task Manager page found at about:performance now reports memory usage for tabs and add-ons.

    Improved the pop-up blocker to prevent multiple pop-up windows from being opened by websites at the same time.

Security fixes:
Not available yet.
@
text
@d1 1
a1 1
$NetBSD: patch-xpcom_components_nsComponentManager.cpp,v 1.2 2018/11/14 18:51:40 wiz Exp $
d5 1
a5 1
--- xpcom/components/nsComponentManager.cpp.orig	2019-01-18 00:21:31.000000000 +0000
d7 1
a7 1
@@@@ -267,8 +267,13 @@@@ NSMODULE_ASAN_BLACKLIST __declspec(alloc
d9 1
a9 1
 #if defined(__ELF__) || (defined(_WIN32) && defined(__GNUC__))
d19 1
a19 1
 #elif defined(__MACH__)
@


1.2
log
@firefox: fix build on NetBSD

Tip from jperkin, thanks!
@
text
@d1 1
a1 1
$NetBSD: patch-xpcom_components_nsComponentManager.cpp,v 1.1 2018/11/12 12:50:52 jperkin Exp $
d5 1
a5 1
--- xpcom/components/nsComponentManager.cpp.orig	2018-10-31 00:08:15.000000000 +0000
d7 1
a7 1
@@@@ -298,8 +298,13 @@@@ extern mozilla::Module const* const __st
d9 1
a9 1
 #  if defined(__ELF__) || (defined(_WIN32) && defined(__GNUC__))
d19 1
a19 1
 #  elif defined(__MACH__)
@


1.1
log
@firefox: SunOS build fixes.
@
text
@d1 1
a1 1
$NetBSD$
d7 1
a7 1
@@@@ -298,8 +298,8 @@@@ extern mozilla::Module const* const __st
d11 1
a11 2
-extern "C" mozilla::Module const* const __start_kPStaticModules;
-extern "C" mozilla::Module const* const __stop_kPStaticModules;
d14 4
@