head 1.8; access; symbols pkgsrc-2026Q1:1.8.0.26 pkgsrc-2026Q1-base:1.8 pkgsrc-2025Q4:1.8.0.24 pkgsrc-2025Q4-base:1.8 pkgsrc-2025Q3:1.8.0.22 pkgsrc-2025Q3-base:1.8 pkgsrc-2025Q2:1.8.0.20 pkgsrc-2025Q2-base:1.8 pkgsrc-2025Q1:1.8.0.18 pkgsrc-2025Q1-base:1.8 pkgsrc-2024Q4:1.8.0.16 pkgsrc-2024Q4-base:1.8 pkgsrc-2024Q3:1.8.0.14 pkgsrc-2024Q3-base:1.8 pkgsrc-2024Q2:1.8.0.12 pkgsrc-2024Q2-base:1.8 pkgsrc-2024Q1:1.8.0.10 pkgsrc-2024Q1-base:1.8 pkgsrc-2023Q4:1.8.0.8 pkgsrc-2023Q4-base:1.8 pkgsrc-2023Q3:1.8.0.6 pkgsrc-2023Q3-base:1.8 pkgsrc-2023Q2:1.8.0.4 pkgsrc-2023Q2-base:1.8 pkgsrc-2023Q1:1.8.0.2 pkgsrc-2023Q1-base:1.8 pkgsrc-2022Q4:1.7.0.4 pkgsrc-2022Q4-base:1.7 pkgsrc-2022Q3:1.7.0.2 pkgsrc-2022Q3-base:1.7 pkgsrc-2022Q2:1.6.0.10 pkgsrc-2022Q2-base:1.6 pkgsrc-2022Q1:1.6.0.8 pkgsrc-2022Q1-base:1.6 pkgsrc-2021Q4:1.6.0.6 pkgsrc-2021Q4-base:1.6 pkgsrc-2021Q3:1.6.0.4 pkgsrc-2021Q3-base:1.6 pkgsrc-2021Q2:1.6.0.2 pkgsrc-2021Q2-base:1.6 pkgsrc-2021Q1:1.5.0.6 pkgsrc-2021Q1-base:1.5 pkgsrc-2020Q4:1.5.0.4 pkgsrc-2020Q4-base:1.5 pkgsrc-2020Q3:1.5.0.2 pkgsrc-2020Q3-base:1.5 pkgsrc-2020Q2:1.4.0.2 pkgsrc-2020Q2-base:1.4 pkgsrc-2020Q1:1.3.0.8 pkgsrc-2020Q1-base:1.3 pkgsrc-2019Q4:1.3.0.10 pkgsrc-2019Q4-base:1.3 pkgsrc-2019Q3:1.3.0.6 pkgsrc-2019Q3-base:1.3 pkgsrc-2019Q2:1.3.0.4 pkgsrc-2019Q2-base:1.3 pkgsrc-2019Q1:1.3.0.2 pkgsrc-2019Q1-base:1.3 pkgsrc-2018Q4:1.2.0.2 pkgsrc-2018Q4-base:1.2 pkgsrc-2018Q3:1.1.0.22 pkgsrc-2018Q3-base:1.1 pkgsrc-2018Q2:1.1.0.20 pkgsrc-2018Q2-base:1.1 pkgsrc-2018Q1:1.1.0.18 pkgsrc-2018Q1-base:1.1 pkgsrc-2017Q4:1.1.0.16 pkgsrc-2017Q4-base:1.1 pkgsrc-2017Q3:1.1.0.14 pkgsrc-2017Q3-base:1.1 pkgsrc-2017Q2:1.1.0.10 pkgsrc-2017Q2-base:1.1 pkgsrc-2017Q1:1.1.0.8 pkgsrc-2017Q1-base:1.1 pkgsrc-2016Q4:1.1.0.6 pkgsrc-2016Q4-base:1.1 pkgsrc-2016Q3:1.1.0.4 pkgsrc-2016Q3-base:1.1 pkgsrc-2016Q2:1.1.0.2 pkgsrc-2016Q2-base:1.1; locks; strict; comment @// @; 1.8 date 2023.01.07.23.36.39; author ryoon; state Exp; branches; next 1.7; commitid P1sy8TaiVC9spF8E; 1.7 date 2022.07.04.14.34.08; author ryoon; state Exp; branches; next 1.6; commitid ZfHdhd04wXsYpAKD; 1.6 date 2021.04.19.13.50.07; author ryoon; state Exp; branches; next 1.5; commitid YOkKKiXUfxrMlUPC; 1.5 date 2020.07.31.01.26.43; author maya; state Exp; branches; next 1.4; commitid NZJY5AnnHFXdEaiC; 1.4 date 2020.06.03.09.00.24; author ryoon; state Exp; branches; next 1.3; commitid yl0uxVJv02s72LaC; 1.3 date 2019.03.19.16.11.28; author ryoon; state Exp; branches; next 1.2; commitid bdw7MgHtCcmRCZfB; 1.2 date 2018.11.04.00.38.45; author ryoon; state Exp; branches; next 1.1; commitid VDnZtZgWK5fTNyYA; 1.1 date 2016.06.16.12.08.21; author ryoon; state Exp; branches; next ; commitid LAwegbTYgLLjCGaz; desc @@ 1.8 log @firefox: Update to 108.0.1 * Use devel/py-curses during build to avoid errors from Python 3.10. * uniffi-js defines amd64 specific symbols. I have added a hack for i386. If you build www/firefox under NetBSD/aarch64, you will get 'undefined reference' error during linking libxul.so. Please send your error messages to me. I will try to fix link breakage. * Disable Web MIDI explicitly, it causes runtime segfault under NetBSD. Changelog: 108.0.1 Fixed * Fixes a crash for some users on Mac OS X 10.12-10.14 during video playback (bug 1806391). * Fixes a crash that might occur when managing browser history (bug 1806408). Changed * The "Tabs sharing devices" menu item for WebRTC is now located in the tools menu on macOS only (bug 1807697). 108.0.1 Fixed * Fixes the default search engine being reset on upgrade for profiles which were previously copied from a different location. 108.0 New * Import maps, which allow web pages to control the behavior of JavaScript imports, are now enabled by default. * Processes used for background tabs now use efficiency mode on Windows 11 to limit resource use. * The shift+esc keyboard shortcut now opens the Process Manager, offering a way to quickly identify processes that are using too many resources. * Improved frame scheduling when under load; this substantially improves Firefox's MotionMark scores. Fixed * Firefox now supports properly color correcting images tagged with ICCv4 profiles. * Support for non-English characters when saving and printing PDF forms. * The bookmarks toolbar's default "Only show on New Tab" state works correctly for blank new tabs. As before, you can change the bookmark toolbar's behavior using the toolbar context menu. * Various security fixes. Changed * Firefox now supports the WebMIDI API and a new experimental mechanism for controlling access to dangerous capabilities. Security fixes: #CVE-2022-46871: libusrsctp library out of date #CVE-2022-46872: Arbitrary file read from a compromised content process #CVE-2022-46873: Firefox did not implement the CSP directive unsafe-hashes #CVE-2022-46874: Drag and Dropped Filenames could have been truncated to malicious extensions #CVE-2022-46875: Download Protections were bypassed by .atloc and .ftploc files on Mac OS #CVE-2022-46877: Fullscreen notification bypass #CVE-2022-46878: Memory safety bugs fixed in Firefox 108 and Firefox ESR 102.6 #CVE-2022-46879: Memory safety bugs fixed in Firefox 108 @ text @$NetBSD: patch-toolkit_components_terminator_nsTerminator.cpp,v 1.7 2022/07/04 14:34:08 ryoon Exp $ * Fix segfault on exit under NetBSD --- toolkit/components/terminator/nsTerminator.cpp.orig 2022-06-16 21:35:58.000000000 +0000 +++ toolkit/components/terminator/nsTerminator.cpp @@@@ -34,7 +34,7 @@@@ #if defined(XP_WIN) # include #else -# include +# include #endif #include "mozilla/AppShutdown.h" @@@@ -184,7 +184,10 @@@@ void RunWatchdog(void* arg) { #if defined(XP_WIN) Sleep(HEARTBEAT_INTERVAL_MS /* ms */); #else - usleep(HEARTBEAT_INTERVAL_MS * 1000 /* usec */); + struct timespec tickd; + tickd.tv_sec = 0; + tickd.tv_nsec = HEARTBEAT_INTERVAL_MS * 1000 * 1000; + nanosleep(&tickd, NULL); #endif if (gHeartbeat++ < timeToLive) { @ 1.7 log @firefox: Update to 102.0 Changelog: New * Tired of too many windows crowding your screen? You can now disable automatic opening of the download panel every time a new download starts. Read more. * Firefox now mitigates query parameter tracking when navigating sites in ETP strict mode. Fixed * When using a screen reader on Windows, pressing enter to activate an element no longer fails or clicks the wrong element and/or another application window. For those blind or with very limited vision, this technology reads out loud what is on the screen, and users can adapt them to their needs (now, on our platform, without errors). * Various security fixes. Changed * Improved security by moving audio decoding into a separate process with stricter sandboxing, thus improving process isolation. Enterprise * Various bug fixes and new policies have been implemented in the latest version of Firefox. You can find more information in the Firefox for Enterprise 102 Release Notes. * Firefox 102 is the new Extended Support Release (ESR). Firefox 91 ESR goes out of support on September 20, 2022. (See the 102 ESR release notes for more information) Developer * Developer Information * You can now filter style sheets in the Style Editor tab of our developer tools Web Platform * TransformStream and ReadableStream.pipeThrough have landed, allowing you to pipe from a ReadableStream to a WritableStream, executing a transformation on each chunk. * ReadableStream, TransformStream, and WritableStream are all transferable now. * Firefox now supports Content-Security-Policy (CSP) integration with WebAssembly. A document with a CSP that restricts scripts will no longer execute WebAssembly unless the policy uses 'unsafe-eval' or the new 'wasm-unsafe-eval' keyword. Security fixes: #CVE-2022-34479: A popup window could be resized in a way to overlay the address bar with web content #CVE-2022-34470: Use-after-free in nsSHistory #CVE-2022-34468: CSP sandbox header without `allow-scripts` can be bypassed via retargeted javascript: URI #CVE-2022-34482: Drag and drop of malicious image could have led to malicious executable and potential code execution #CVE-2022-34483: Drag and drop of malicious image could have led to malicious executable and potential code execution #CVE-2022-34476: ASN.1 parser could have been tricked into accepting malformed ASN.1 #CVE-2022-34481: Potential integer overflow in ReplaceElementsAt #CVE-2022-34474: Sandboxed iframes could redirect to external schemes #CVE-2022-34469: TLS certificate errors on HSTS-protected domains could be bypassed by the user on Firefox for Android #CVE-2022-34471: Compromised server could trick a browser into an addon downgrade #CVE-2022-34472: Unavailable PAC file resulted in OCSP requests being blocked #CVE-2022-34478: Microsoft protocols can be attacked if a user accepts a prompt #CVE-2022-2200: Undesired attributes could be set as part of prototype pollution #CVE-2022-34480: Free of uninitialized pointer in lg_init #CVE-2022-34477: MediaError message property leaked information on cross-origin same-site pages #CVE-2022-34475: HTML Sanitizer could have been bypassed via same-origin script via use tags #CVE-2022-34473: HTML Sanitizer could have been bypassed via use tags #CVE-2022-34484: Memory safety bugs fixed in Firefox 102 and Firefox ESR 91.11 #CVE-2022-34485: Memory safety bugs fixed in Firefox 102 @ text @d1 1 a1 1 $NetBSD: patch-toolkit_components_terminator_nsTerminator.cpp,v 1.6 2021/04/19 13:50:07 ryoon Exp $ d22 2 a23 2 + tickd.tv_sec = HEARTBEAT_INTERVAL_MS; + tickd.tv_nsec = 0; @ 1.6 log @firefox: Update to 88.0 Changelog: New * PDF forms now support JavaScript embedded in PDF files. Some PDF forms use JavaScript for validation and other interactive features. * Print updates: Margin units are now localized. * Smooth pinch-zooming using a touchpad is now supported on Linux * To protect against cross-site privacy leaks, Firefox now isolates window.name data to the website that created it. Learn more Fixed * Screen readers no longer incorrectly read content that websites have visually hidden, as in the case of articles in the Google Help panel. * Various security fixes. Changed * Firefox will not prompt for access to your microphone or camera if you've already granted access to the same device on the same site in the same tab within the past 50 seconds. This new grace period reduces the number of times you're prompted to grant device access. * The "Take a Screenshot" feature was removed from the Page Actions menu in the url bar. To take a screenshot, right-click to open the context menu. You can also add a screenshots shortcut directly to your toolbar via the Customize menu. Open the Firefox menu and select Customize... * FTP support has been disabled, and its full removal is planned for an upcoming release. Addressing this security risk reduces the likelihood of an attack while also removing support for a non-encrypted protocol. Security fixes: #CVE-2021-23994: Out of bound write due to lazy initialization #CVE-2021-23995: Use-after-free in Responsive Design Mode #CVE-2021-23996: Content rendered outside of webpage viewport #CVE-2021-23997: Use-after-free when freeing fonts from cache #CVE-2021-23998: Secure Lock icon could have been spoofed #CVE-2021-23999: Blob URLs may have been granted additional privileges #CVE-2021-24000: requestPointerLock() could be applied to a tab different from the visible tab #CVE-2021-24001: Testing code could have enabled session history manipulations by a compromised content process #CVE-2021-24002: Arbitrary FTP command execution on FTP servers using an encoded URL #CVE-2021-29945: Incorrect size computation in WebAssembly JIT could lead to null-reads #CVE-2021-29944: HTML injection vulnerability in Firefox for Android's Reader View #CVE-2021-29946: Port blocking could be bypassed #CVE-2021-29947: Memory safety bugs fixed in Firefox 88 @ text @d1 1 a1 1 $NetBSD: patch-toolkit_components_terminator_nsTerminator.cpp,v 1.5 2020/07/31 01:26:43 maya Exp $ d5 1 a5 1 --- toolkit/components/terminator/nsTerminator.cpp.orig 2021-04-08 21:20:12.000000000 +0000 d7 1 a7 1 @@@@ -37,7 +37,7 @@@@ d16 1 a16 1 @@@@ -238,7 +238,10 @@@@ void RunWatchdog(void* arg) { d18 1 a18 1 Sleep(1000 /* ms */); d20 1 a20 1 - usleep(1000000 /* usec */); d22 1 a22 1 + tickd.tv_sec = 1; d27 1 a27 1 // If we are still alive then we just crash. @ 1.5 log @firefox: update to 79.0 New We’ve rolled out WebRender to more Windows users with Intel and AMD GPUs, bringing improved graphics performance to an even larger audience. Firefox users in Germany will now see more Pocket recommendations in their new tab featuring some of the best stories on the web. If you don’t see them, you can turn on Pocket articles in your new tab by following these steps. Fixed Various security fixes. Several crashes while using a screen reader were fixed, including a frequently encountered crash when using the JAWS screen reader. Firefox Developer Tools received significant fixes allowing screen reader users to benefit from some of the tools that were previously inaccessible. SVG title and desc elements (labels and descriptions) are now correctly exposed to assistive technology products such as screen readers. Enterprise A number of bug fixes and new policies have been implemented in the latest version of Firefox. You can see more details in the Firefox for Enterprise 79 Release Notes. Updates to the password policy allow admins to require a primary password (formerly called master password. Previously the policy could disable the primary password but not force a primary password. Users required to use a primary password will only be asked to create a primary password the first time they try to save a password. Developer Developer Information Newly added asynchronous call stacks let developers trace their async code through events, timeouts, and promises. The async execution chains are shown in the Debugger’s call stack, but also for stack traces in Console errors and Network initiators. Erroneous network responses with 4xx/5xx status codes display as errors in the Console, making it easy to understand them in the context of related logs. The request/response details can be expanded or resent for quick debugging. JavaScript errors are now visible not only in the Console, but also in the Debugger. The relevant line of code will be highlighted and display error details on hover. Opening SCSS and CSS-in-JS sources from the Inspector now works more reliably thanks to improved source map handling across all panels. Inspecting accessibility properties from the browser context menu is now available to all users by default. @ text @d1 1 a1 1 $NetBSD: patch-toolkit_components_terminator_nsTerminator.cpp,v 1.4 2020/06/03 09:00:24 ryoon Exp $ d5 1 a5 1 --- toolkit/components/terminator/nsTerminator.cpp.orig 2020-07-20 22:49:51.000000000 +0000 d7 1 a7 1 @@@@ -36,7 +36,7 @@@@ d15 2 a16 2 #include "mozilla/ArrayUtils.h" @@@@ -171,7 +171,10 @@@@ void RunWatchdog(void* arg) { d27 1 a27 1 if (gHeartbeat++ < timeToLive) { @ 1.4 log @firefox: Update to 77.0 Changelog: New Pocket recommendations, featuring some of the best stories on the web, will appear on the Firefox new tab for our users in the UK. If you don’t see them, you can turn on Pocket articles in your new tab, follow these steps. WebRender continues its roll out to more Firefox for Windows users, now available by default on Windows 10 laptops running on Nvidia GPUs with medium (<= 3440x1440) and large screens (> 3440x1440). You can view and manage web certificates more easily on the new about:certificate page. Fixed Various security fixes. A number of features have been fixed to improve Firefox accessibility. The applications list in Firefox Options is now accessible to screen reader users. Some live regions previously didn't report updated text with the JAWS screen reader. This issue has been fixed. Date/time inputs are now no longer missing labels for users of accessibility tools. Changed The browser.urlbar.oneOffSearches preference has been removed. To hide one-off search buttons uncheck search engines on the about:preferences#search page Security fixes: #CVE-2020-12399: Timing attack on DSA signatures in NSS library #CVE-2020-12405: Use-after-free in SharedWorkerService #CVE-2020-12406: JavaScript type confusion with NativeTypes #CVE-2020-12407: WebRender leaking GPU memory when using border-image CSS directive #CVE-2020-12408: URL spoofing when using IP addresses #CVE-2020-12409: URL spoofing with unicode characters #CVE-2020-12410: Memory safety bugs fixed in Firefox 77 and Firefox ESR 68.9 #CVE-2020-12411: Memory safety bugs fixed in Firefox 77 @ text @d1 1 a1 1 $NetBSD: patch-toolkit_components_terminator_nsTerminator.cpp,v 1.3 2019/03/19 16:11:28 ryoon Exp $ d5 1 a5 1 --- toolkit/components/terminator/nsTerminator.cpp.orig 2020-05-21 22:38:09.000000000 +0000 d16 1 a16 1 @@@@ -180,7 +180,10 @@@@ void RunWatchdog(void* arg) { d26 1 a27 1 #if !defined(MOZ_VALGRIND) || !defined(MOZ_CODE_COVERAGE) @ 1.3 log @Update to 66.0 Changelog: New Firefox now prevents websites from automatically playing sound. You can add individual sites to an exceptions list or turn blocking off. To learn more about block autoplay, which will be rolled out gradually to all users, visit the Mozilla blog. Improved search experience: Find a specific webpage faster when you have a lot of tabs open: You can now search within all of your open tabs from the tab overflow menu Easier search via a redesigned new tab in Private Windows Smoother scrolling: Scroll anchoring keeps content from jumping as images and ads load at the top of the page Improved performance and better user experience for extensions: Extensions now store their settings in a Firefox database, rather than individual JSON files, making every site you visit faster A redesigned keyboard shortcuts section in about:addons makes it easier to view and adjust default shortcuts Redesigned certificate error pages help you better understand and resolve issues, including identification of certificate issuers for anti-virus software Added basic support for macOS Touch Bar Experimenting with an improved Pocket experience in New Tab with different layouts and more topical content Improved performance and reduced crash rates by [doubling web content loading processes from 4 to 8 [1] Easier, passwordless security: Added support for Windows Hello on Windows 10, allowing you to use your face, fingerprint, or external security keys for website authentication Fixed The Dark and Light Firefox themes now override the system setting for title bar accent color on Windows 10 Linux users: Resolved an issue that caused Firefox to freeze when downloading files Various security fixes Changed System title bar is hidden by default to match Gnome guideline for Linux users Developer DevTools Inspector is now fully usable when the Debugger is paused Lowered priority of setTimeout and setInterval during page load to improve overall page load performance Fixed: