head 1.55; access; symbols pkgsrc-2025Q4:1.51.0.2 pkgsrc-2025Q4-base:1.51 pkgsrc-2025Q3:1.50.0.2 pkgsrc-2025Q3-base:1.50 pkgsrc-2025Q2:1.49.0.2 pkgsrc-2025Q2-base:1.49 pkgsrc-2025Q1:1.43.0.2 pkgsrc-2025Q1-base:1.43 pkgsrc-2024Q4:1.38.0.2 pkgsrc-2024Q4-base:1.38 pkgsrc-2024Q3:1.29.0.2 pkgsrc-2024Q3-base:1.29 pkgsrc-2024Q2:1.24.0.2 pkgsrc-2024Q2-base:1.24 pkgsrc-2024Q1:1.17.0.2 pkgsrc-2024Q1-base:1.17 pkgsrc-2023Q4:1.10.0.2 pkgsrc-2023Q4-base:1.10 pkgsrc-2023Q3:1.1.0.2 pkgsrc-2023Q3-base:1.1; locks; strict; comment @# @; 1.55 date 2026.03.01.02.45.39; author gutteridge; state dead; branches; next 1.54; commitid 5cXMuEhprqxcydwG; 1.54 date 2026.01.27.08.40.49; author wiz; state Exp; branches; next 1.53; commitid f4MYtJVcsY7dz0sG; 1.53 date 2026.01.07.08.49.18; author wiz; state Exp; branches; next 1.52; commitid 1wQ3ICD8eebefrpG; 1.52 date 2025.12.22.06.08.17; author adam; state Exp; branches; next 1.51; commitid YVGobEfcMaDpTmnG; 1.51 date 2025.10.23.20.39.45; author wiz; state Exp; branches; next 1.50; commitid 1V2hBZn9ypXaCJfG; 1.50 date 2025.08.30.22.46.30; author wiz; state Exp; branches; next 1.49; commitid 2izPxU30rhec4O8G; 1.49 date 2025.05.09.19.37.15; author wiz; state Exp; branches; next 1.48; commitid WCR78K3U9f0aFgUF; 1.48 date 2025.04.30.02.41.35; author gutteridge; state Exp; branches; next 1.47; commitid aAgipbKKAeNMk1TF; 1.47 date 2025.04.24.14.16.03; author wiz; state Exp; branches; next 1.46; commitid A3VBjL8Zdd4LljSF; 1.46 date 2025.04.17.21.52.46; author wiz; state Exp; branches; next 1.45; commitid xcIXAVA292fk6sRF; 1.45 date 2025.04.12.06.54.26; author wiz; state Exp; branches; next 1.44; commitid 9ljkSS9zovZmjJQF; 1.44 date 2025.04.04.00.21.26; author gutteridge; state Exp; branches; next 1.43; commitid qGXkkUFY3kBvoFPF; 1.43 date 2025.03.12.03.49.23; author gutteridge; state Exp; branches 1.43.2.1; next 1.42; commitid AwJzA3B7u6KChJMF; 1.42 date 2025.02.12.06.45.39; author ryoon; state Exp; branches; next 1.41; commitid wrOiT0jBBwBs99JF; 1.41 date 2025.02.04.20.29.06; author bsiegert; state Exp; branches; next 1.40; commitid yMwJ3xW1SRnsYbIF; 1.40 date 2025.01.07.17.17.34; author bsiegert; state Exp; branches; next 1.39; commitid YI1RczmvZ7fCNzEF; 1.39 date 2024.12.27.08.20.49; author wiz; state Exp; branches; next 1.38; commitid tLKuqVS8lkJCb7DF; 1.38 date 2024.11.26.19.11.54; author bsiegert; state Exp; branches 1.38.2.1; next 1.37; commitid pvMBPOfuzNbyNbzF; 1.37 date 2024.11.17.07.16.49; author wiz; state Exp; branches; next 1.36; commitid xKvmQYB52TGx7YxF; 1.36 date 2024.11.14.22.22.04; author wiz; state Exp; branches; next 1.35; commitid JmuDYqwL4erbdFxF; 1.35 date 2024.11.08.02.15.10; author gutteridge; state Exp; branches; next 1.34; commitid Bf60ehihFQIzKMwF; 1.34 date 2024.11.01.12.54.49; author wiz; state Exp; branches; next 1.33; commitid QB4Wk02mZPuBuWvF; 1.33 date 2024.11.01.00.54.03; author wiz; state Exp; branches; next 1.32; commitid QT27BdVP362gvSvF; 1.32 date 2024.10.20.14.04.43; author wiz; state Exp; branches; next 1.31; commitid iXiXTiwhLpC9hpuF; 1.31 date 2024.10.10.02.45.22; author gutteridge; state Exp; branches; next 1.30; commitid 2wkwTRXiaPgHQ3tF; 1.30 date 2024.10.02.22.09.13; author gutteridge; state Exp; branches; next 1.29; commitid fl9pwhTW4oM5x8sF; 1.29 date 2024.09.11.05.33.18; author gutteridge; state Exp; branches 1.29.2.1; next 1.28; commitid lPEUzvMQsvD5IlpF; 1.28 date 2024.08.16.15.15.36; author ryoon; state Exp; branches; next 1.27; commitid vJEPOhCTB8zJL3mF; 1.27 date 2024.08.08.03.54.49; author gutteridge; state Exp; branches; next 1.26; commitid B3nQJdQCGXC2gYkF; 1.26 date 2024.08.01.15.21.25; author ryoon; state Exp; branches; next 1.25; commitid dyFRqDMEBePCh8kF; 1.25 date 2024.07.09.22.18.47; author gutteridge; state Exp; branches; next 1.24; commitid hd8qndX15mYykdhF; 1.24 date 2024.06.21.13.25.26; author jperkin; state Exp; branches 1.24.2.1; next 1.23; commitid jGLdTRMKQJ9tXQeF; 1.23 date 2024.06.12.13.40.46; author gutteridge; state Exp; branches; next 1.22; commitid WHpuWDxHkRFFkHdF; 1.22 date 2024.05.29.16.34.49; author adam; state Exp; branches; next 1.21; commitid n8aFyEjEVZA0JUbF; 1.21 date 2024.05.14.17.57.00; author gutteridge; state Exp; branches; next 1.20; commitid kG7hdAvm1UWpGZ9F; 1.20 date 2024.04.17.13.42.45; author gutteridge; state Exp; branches; next 1.19; commitid 178taocDuTbU8v6F; 1.19 date 2024.04.07.07.35.12; author wiz; state Exp; branches; next 1.18; commitid oMYDjdZchby5qb5F; 1.18 date 2024.04.06.08.06.52; author wiz; state Exp; branches; next 1.17; commitid xuM7fEJrv2TOC35F; 1.17 date 2024.03.25.00.35.50; author gutteridge; state Exp; branches 1.17.2.1; next 1.16; commitid dYl5FZ9LRuyIwt3F; 1.16 date 2024.01.31.16.18.33; author ryoon; state Exp; branches; next 1.15; commitid IPSdnD8nNk0VtCWE; 1.15 date 2024.01.30.14.22.37; author ryoon; state Exp; branches; next 1.14; commitid gARf2FgciecARtWE; 1.14 date 2024.01.22.13.17.07; author ryoon; state Exp; branches; next 1.13; commitid mWwkMGjpxTdrLrVE; 1.13 date 2024.01.10.15.38.44; author ryoon; state Exp; branches; next 1.12; commitid Aicn2gaVnLK6WUTE; 1.12 date 2024.01.08.17.39.44; author leot; state Exp; branches; next 1.11; commitid gYw5oIqbltWqEFTE; 1.11 date 2023.12.29.17.29.14; author he; state Exp; branches; next 1.10; commitid B6KN6dRAP6SDVnSE; 1.10 date 2023.12.22.17.11.31; author abs; state Exp; branches 1.10.2.1; next 1.9; commitid EPlEA7aGf43F3uRE; 1.9 date 2023.11.23.12.47.01; author ryoon; state Exp; branches; next 1.8; commitid 4X4hgrETnzXRwJNE; 1.8 date 2023.11.14.14.03.04; author wiz; state Exp; branches; next 1.7; commitid BZ5vzwBRof1beAME; 1.7 date 2023.11.12.13.23.54; author wiz; state Exp; branches; next 1.6; commitid SjpNXQIV5XeZ3kME; 1.6 date 2023.11.09.15.23.04; author wiz; state Exp; branches; next 1.5; commitid xhhtu7ddrTwiQWLE; 1.5 date 2023.11.08.13.21.17; author wiz; state Exp; branches; next 1.4; commitid PsuHTklAIsF4bOLE; 1.4 date 2023.10.24.22.11.26; author wiz; state Exp; branches; next 1.3; commitid MTsrqKm6aGrQAVJE; 1.3 date 2023.10.21.17.11.38; author gdt; state Exp; branches; next 1.2; commitid Sr0Nb6aaZLDw2wJE; 1.2 date 2023.10.15.07.47.59; author ryoon; state Exp; branches; next 1.1; commitid 5YT8Vgi3kop08HIE; 1.1 date 2023.09.11.12.33.25; author ryoon; state Exp; branches; next ; commitid rMNXbfzQzGMHNlEE; 1.43.2.1 date 2025.04.09.20.18.59; author bsiegert; state Exp; branches; next 1.43.2.2; commitid yaNwOFemFg5wRpQF; 1.43.2.2 date 2025.05.02.20.13.55; author maya; state Exp; branches; next ; commitid ZWUVqVOgcSqW5nTF; 1.38.2.1 date 2025.01.09.12.07.14; author maya; state Exp; branches; next 1.38.2.2; commitid I24fG1EP2u5b2OEF; 1.38.2.2 date 2025.02.09.14.01.44; author maya; state Exp; branches; next 1.38.2.3; commitid EVYFUrQULTSFFNIF; 1.38.2.3 date 2025.03.13.17.02.06; author bsiegert; state Exp; branches; next ; commitid wEPpQZTxaNgMDVMF; 1.29.2.1 date 2024.10.04.17.47.38; author bsiegert; state Exp; branches; next 1.29.2.2; commitid WAHTPj2bX3qg2nsF; 1.29.2.2 date 2024.10.11.17.29.22; author bsiegert; state Exp; branches; next 1.29.2.3; commitid 8JRTnm0hLk73IgtF; 1.29.2.3 date 2024.11.27.14.34.47; author maya; state Exp; branches; next ; commitid Z02u1RgegAsueizF; 1.24.2.1 date 2024.07.12.18.58.04; author bsiegert; state Exp; branches; next 1.24.2.2; commitid RSf4vaf6vOCP7AhF; 1.24.2.2 date 2024.08.09.19.03.52; author bsiegert; state Exp; branches; next 1.24.2.3; commitid jTMlxJdqG7f1gblF; 1.24.2.3 date 2024.09.25.18.04.08; author bsiegert; state Exp; branches; next ; commitid gyMIQQJ3i6uRpdrF; 1.17.2.1 date 2024.04.22.18.29.02; author bsiegert; state Exp; branches; next 1.17.2.2; commitid 2whKWgE1wHjiza7F; 1.17.2.2 date 2024.05.17.13.01.22; author bsiegert; state Exp; branches; next 1.17.2.3; commitid 1UwjoHvlZpQ3XlaF; 1.17.2.3 date 2024.06.23.18.22.54; author bsiegert; state Exp; branches; next ; commitid XG90WXeGQRhDx8fF; 1.10.2.1 date 2024.03.31.15.14.40; author bsiegert; state Exp; branches; next ; commitid 4zYq3SIHTsCsck4F; desc @@ 1.55 log @firefox115: remove package As proposed on pkgsrc-users. No objections or known users that can't move to a newer ESR (this version having just gone EOL). @ text @# $NetBSD: Makefile,v 1.54 2026/01/27 08:40:49 wiz Exp $ FIREFOX_VER= ${MOZ_BRANCH}${MOZ_BRANCH_MINOR} MOZ_BRANCH= 115.23 MOZ_BRANCH_MINOR= .0esr DISTNAME= firefox-${FIREFOX_VER}.source PKGNAME= ${DISTNAME:S/.source//:S/b/beta/:S/esr//:S/firefox-/firefox115-/} PKGREVISION= 6 CATEGORIES= www MASTER_SITES+= ${MASTER_SITE_MOZILLA:=firefox/releases/${FIREFOX_VER}/source/} MASTER_SITES+= ${MASTER_SITE_MOZILLA_ALL:=firefox/releases/${FIREFOX_VER}/source/} EXTRACT_SUFX= .tar.xz NODEJSKIT= nodejs-output-115.0.tgz DISTFILES= ${DEFAULT_DISTFILES} ${NODEJSKIT} SITES.${NODEJSKIT}= ${MASTER_SITE_LOCAL} MAINTAINER= ryoon@@NetBSD.org HOMEPAGE= https://www.mozilla.org/en-US/firefox/ COMMENT= Web browser with support for extensions (version ${FIREFOX_VER:tu:C/\\.[[:digit:]\.]*//}) LICENSE= mpl-1.1 # -------- BEFORE UPDATING THIS PACKAGE PLEASE READ & UNDERSTAND: ------- # # This package works around a (stupid) build time dependency on nodejs # (which is not available for all architectures and unnecessary for the # real build). To do this, it places some additional burden on the # maintainer. # # While working on the package, please make sure you have # # FIREFOX_MAINTAINER=yes # # set in your build environment. # When the package is ready for commit (but before commit), do: # # make maintainer-files # # This will do another round (depending on state of your work dir at this # moment) of one or two builds and generate a cache of all output that # nodejs generates during a build. # # When this is done, just commit the results (they will be in the files/ # directory). # # ----------------------------------------------------------------------- WRKSRC= ${WRKDIR}/firefox-${PKGVERSION_NOREV} MOZILLA_DIR= # empty # Note: In --enable-chrome-format=flat case, # when updating remember to conditionalise about-background.png in PLIST CONFIGURE_ARGS+= --enable-application=browser #CFLAGS+= -I${PREFIX}/include/nspr # for lang/gcc6 CFLAGS+= -D_GLIBCXX_INCLUDE_NEXT_C_HEADERS CFLAGS.SunOS+= -D_POSIX_PTHREAD_SEMANTICS # Do not use uselocale() in third_party/pipewire. CFLAGS.NetBSD+= -D__LOCALE_C_ONLY LDFLAGS+= ${COMPILER_RPATH_FLAG}${PREFIX}/lib/${PKGBASE} LDFLAGS+= ${COMPILER_RPATH_FLAG}${PREFIX}/lib LDFLAGS.DragonFly+= -lplc4 -lnspr4 LDFLAGS.FreeBSD+= -lplc4 -lnspr4 LDFLAGS.Linux+= -lnspr4 LDFLAGS.SunOS+= -lm # XXX not sure how to test this! likely unnecessary NOT_PAX_MPROTECT_SAFE+= lib/${PKGBASE}/plugin-container # Should revisit to complete mprotect support. NOT_PAX_MPROTECT_SAFE+= lib/${PKGBASE}/${MOZILLA} NOT_PAX_MPROTECT_SAFE+= lib/${PKGBASE}/${MOZILLA}-bin # Avoid ld "invalid section index" errors. BUILDLINK_TRANSFORM.SunOS+= rm:-fdata-sections BUILDLINK_TRANSFORM.SunOS+= rm:-ffunction-sections BUILDLINK_TRANSFORM.SunOS+= rm:-pie BUILDLINK_TRANSFORM.SunOS+= rm:-Wl,-rpath-link,${WRKDIR}/build/dist/bin BUILDLINK_TRANSFORM.SunOS+= rm:-Wl,-rpath-link,${PREFIX}/lib # Workaround for https://bugs.llvm.org/show_bug.cgi?id=46366 BUILDLINK_TRANSFORM.NetBSD+= rm:-fexperimental-new-pass-manager SUBST_CLASSES+= dfly_malloc_h SUBST_STAGE.dfly_malloc_h= pre-configure SUBST_MESSAGE.dfly_malloc_h= Dont include malloc.h on dragonflybsd SUBST_SED.dfly_malloc_h= -e 's,HAVE_MALLOC_H,HAVE_MALLOC_H \&\& !defined(__DragonFly__),g' SUBST_FILES.dfly_malloc_h+= media/ffvpx/libavutil/mem.c SUBST_CLASSES+= paths SUBST_STAGE.paths= pre-configure SUBST_FILES.paths= ../firefox.sh SUBST_VARS.paths= PREFIX MOZILLA SUBST_CLASSES+= rust178 SUBST_STAGE.rust178= pre-configure SUBST_MESSAGE.rust178= Clearing cargo checksums SUBST_FILES.rust178= third_party/rust/bindgen/.cargo-checksum.json SUBST_FILES.rust178+= third_party/rust/any_all_workaround/.cargo-checksum.json SUBST_FILES.rust178+= third_party/rust/encoding_rs/.cargo-checksum.json SUBST_SED.rust178= -e 's/\("files":{\)[^}]*/\1/' .include "mozilla-common.mk" .include "options.mk" CHECK_INTERPRETER_SKIP+= lib/firefox-sdk/sdk/bin/header.py CHECK_INTERPRETER_SKIP+= lib/firefox-sdk/sdk/bin/typelib.py CHECK_INTERPRETER_SKIP+= lib/firefox-sdk/sdk/bin/xpidl.py CHECK_INTERPRETER_SKIP+= lib/firefox-sdk/sdk/bin/xpt.py CHECK_WRKREF_SKIP+= lib/${MOZILLA}/omni.ja MOZILLA= ${PKGBASE} .if !empty(PKG_OPTIONS:Mofficial-mozilla-branding) MOZILLA_NAME= Firefox MOZILLA_BRANDING= official .else MOZILLA_NAME= Browser MOZILLA_BRANDING= unofficial .endif pre-configure: # As of 106.0, .in template files are not patched. # cd ${WRKSRC} && autoconf # cd ${WRKSRC}/js/src && autoconf cd ${WRKSRC} && mkdir ${OBJDIR} cd ${WRKSRC}/${OBJDIR} && touch old-configure.vars # Do not fetch Rust Cargo file via network during build .if !defined(FIREFOX_MAINTAINER) mv ${WRKDIR}/dist ${WRKSRC}/${OBJDIR} .endif .if defined(FIREFOX_MAINTAINER) # Create files needed only by the firefox maintainer when updating # the package # XXX - manually removing the .*_done files is wrong! .PHONY: build-list build-list: cd ${WRKSRC}/${OBJDIR}/dist/bin/browser/chrome && \ find . -type f | sort > ${OUT:Q} NODE_LIST= "${WRKDIR}/node.list" NO_NODE_LIST= "${WRKDIR}/no-node.list" NODE_FILES= "${WRKDIR}/node.flist" .PHONY: maintainer-files maintainer-files: rm -f ${FILESDIR}/node-wrapper.sh V=$$( node -v ) && \ printf '#! /bin/sh\n\nVERS=%s\n\nif [ "$$1" = "-v" ] || [ "$$1" = "--version" ]; then\n\tprintf "$${VERS}\\n"\nfi\n\nexit 0\n' $$V \ > ${FILESDIR}/node-wrapper.sh && \ chmod 0755 ${FILESDIR}/node-wrapper.sh rm -f ${WRKDIR}/.build_done ${WRKDIR}/.configure_done ${MAKE} MAINTAINER_INTERNAL=yes build ${MAKE} MAINTAINER_INTERNAL=yes OUT="${NO_NODE_LIST}" build-list ${MAKE} OUT="${NODE_LIST}" build-list ${DIFF} -u "${NO_NODE_LIST}" "${NODE_LIST}" | \ ${AWK} \ '/^\+\.\//{ printf("dist/bin/browser/chrome/%s\n", gensub(/^\+\.\//, "", "")) }' \ > "${NODE_FILES}" cd ${WRKSRC}/${OBJDIR} && tar -c -T "${NODE_FILES}" -z \ -f ${FILESDIR}/nodejs-output-${PKGVERSION_NOREV}.tgz .endif pre-patch: for f in $$(find ${WRKSRC}/third_party/libwebrtc -name moz.build -type f) ; \ do \ ${AWK} -f ${FILESDIR}/replace-moz.build.awk $$f > $$f.new; mv $$f.new $$f ; \ done post-build: ${SED} -e 's|@@MOZILLA@@|${MOZILLA}|g' \ -e 's|@@MOZILLA_NAME@@|${MOZILLA_NAME}|g' \ -e 's|@@FIREFOX_ICON@@|${MOZILLA}|g' \ < ${FILESDIR}/desktop.in \ > ${WRKDIR}/desktop INSTALLATION_DIRS+= share/applications post-extract: ${CP} ${FILESDIR}/firefox.sh ${WRKDIR}/firefox.sh # patch(1) of NetBSD 9 cannot handle long line. ${CP} ${FILESDIR}/third__party_rust_encoding__rs_.cargo-checksum.json \ ${WRKSRC}/third_party/rust/encoding_rs/.cargo-checksum.json post-install: .if ${OPSYS} == "NetBSD" && ${X11_TYPE} == "native" ${INSTALL_SCRIPT} ${WRKDIR}/firefox.sh ${DESTDIR}${PREFIX}/bin/${MOZILLA} .else ${ECHO} '#! /bin/sh' > ${DESTDIR}${PREFIX}/bin/${MOZILLA} ${ECHO} '${PREFIX}/lib/${MOZILLA}/${MOZILLA} "$$@@"' >> \ ${DESTDIR}${PREFIX}/bin/${MOZILLA} ${CHMOD} 755 ${DESTDIR}${PREFIX}/bin/${MOZILLA} .endif ${INSTALL_DATA} ${WRKDIR}/desktop \ ${DESTDIR}${PREFIX}/share/applications/${MOZILLA}.desktop .for i in 16 22 24 32 48 64 128 256 ${INSTALL_DATA_DIR} ${DESTDIR}${PREFIX}/share/icons/hicolor/${i}x${i}/apps ${INSTALL_DATA} ${WRKSRC}/browser/branding/${MOZILLA_BRANDING}/default${i}.png \ ${DESTDIR}${PREFIX}/share/icons/hicolor/${i}x${i}/apps/${MOZILLA}.png .endfor .include "../../graphics/hicolor-icon-theme/buildlink3.mk" .include "../../sysutils/desktop-file-utils/desktopdb.mk" .include "../../mk/bsd.pkg.mk" @ 1.54 log @*: recursive bump for removal of cairo's xcb option @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.53 2026/01/07 08:49:18 wiz Exp $ @ 1.53 log @*: recursive bump for icu 78.1 @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.52 2025/12/22 06:08:17 adam Exp $ d9 1 a9 1 PKGREVISION= 5 @ 1.52 log @revbump for x264 @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.51 2025/10/23 20:39:45 wiz Exp $ d9 1 a9 1 PKGREVISION= 4 @ 1.51 log @*: recursive bump for pcre2 Running an old binary against the new pcre doesn't work: /usr/pkg/lib/libpcre2-8.so.0: version PCRE2_10.47 required by /usr/pkg/lib/libglib-2.0.so.0 not defined @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.50 2025/08/30 22:46:30 wiz Exp $ d9 1 a9 1 PKGREVISION= 3 @ 1.50 log @*: recursive bump for tiff growing lerc dependency @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.49 2025/05/09 19:37:15 wiz Exp $ d9 1 a9 1 PKGREVISION= 2 @ 1.49 log @*: bump for llvm 19 (shlib major changed) @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.48 2025/04/30 02:41:35 gutteridge Exp $ d9 1 a9 1 PKGREVISION= 1 @ 1.48 log @firefox115: update to 115.23 Mozilla Foundation Security Advisory 2025-30 Security Vulnerabilities fixed in Firefox ESR 115.23 Announced April 29, 2025 Impact high Products Firefox ESR Fixed in Firefox ESR 115.23 #CVE-2025-2817: Privilege escalation in Firefox Updater Reporter Dong-uk Kim (@@justlikebono) Impact high Description Mozilla Firefox's update mechanism allowed a medium-integrity user process to interfere with the SYSTEM-level updater by manipulating the file-locking behavior. By injecting code into the user-privileged process, an attacker could bypass intended access controls, allowing SYSTEM-level file operations on paths controlled by a non-privileged user and enabling privilege escalation. References Bug 1917536 #CVE-2025-4082: WebGL shader attribute memory corruption in Firefox for macOS Reporter un3xploitable & GF Impact high Description Modification of specific WebGL shader attributes could trigger an out-of-bounds read, which, when chained with other vulnerabilities, could be used to escalate privileges. This bug only affects Firefox for macOS. Other versions of Firefox are unaffected. References Bug 1937097 #CVE-2025-4083: Process isolation bypass using "javascript:" URI links in cross-origin frames Reporter Nika Layzell Impact high Description A process isolation vulnerability in Firefox stemmed from improper handling of javascript: URIs, which could allow content to execute in the top-level document's process instead of the intended frame, potentially enabling a sandbox escape. References Bug 1958350 #CVE-2025-4084: Potential local code execution in "copy as cURL" command Reporter Ameen Basha M K Impact moderate Description Due to insufficient escaping of the ampersand character in the "copy as cURL" feature, an attacker could trick a user into using this command, potentially leading to local code execution on the user's system. This bug only affects Firefox for Windows. Other versions of Firefox are unaffected. References Bug 1949994, 1960198 @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.47 2025/04/24 14:16:03 wiz Exp $ d9 1 @ 1.47 log @*: recursive bump for jpeg -> libjpeg-turbo switch @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.46 2025/04/17 21:52:46 wiz Exp $ d4 1 a4 1 MOZ_BRANCH= 115.22 a8 1 PKGREVISION= 3 @ 1.46 log @*: recursive bump for icu 77 and libxml2 2.14 @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.45 2025/04/12 06:54:26 wiz Exp $ d9 1 a9 1 PKGREVISION= 2 @ 1.45 log @*: recursive bump for libtheora 1.2 @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.44 2025/04/04 00:21:26 gutteridge Exp $ d9 1 a9 1 PKGREVISION= 1 @ 1.44 log @firefox115: update to 115.22.0 Security Vulnerabilities fixed in Firefox ESR 115.22 Announced April 1, 2025 Impact high Products Firefox ESR Fixed in Firefox ESR 115.22 #CVE-2025-3028: Use-after-free triggered by XSLTProcessor Reporter Ivan Fratric of Google Project Zero Impact high Description JavaScript code running while transforming a document with the XSLTProcessor could lead to a use-after-free. References Bug 1941002 @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.43 2025/03/12 03:49:23 gutteridge Exp $ d9 1 @ 1.43 log @firefox115: update to 115.21.0 Mozilla Foundation Security Advisory 2025-15 Security Vulnerabilities fixed in Firefox ESR 115.21 Announced March 4, 2025 Impact critical Products Firefox ESR Fixed in Firefox ESR 115.21 #CVE-2024-43097: Overflow when growing an SkRegion's RunArray Reporter Google Android Impact critical Description In resizeToAtLeast of SkRegion.cpp, there was a possible out of bounds write due to an integer overflow References Bug 1945624 #CVE-2025-1930: AudioIPC StreamData could trigger a use-after-free in the Browser process Reporter dalmurino Impact high Description On Windows, a compromised content process could use bad StreamData sent over AudioIPC to trigger a use-after-free in the Browser process. This could have led to a sandbox escape. References Bug 1902309 #CVE-2025-1931: Use-after-free in WebTransportChild Reporter sherkito Impact high Description It was possible to cause a use-after-free in the content process side of a WebTransport connection, leading to a potentially exploitable crash. References Bug 1944126 #CVE-2025-1933: JIT corruption of WASM i32 return values on 64-bit CPUs Reporter Xiangwei Zhang and kkdong of Tencent Security YUNDING LAB Impact high Description On 64-bit CPUs, when the JIT compiles WASM i32 return values they can pick up bits from left over memory. This can potentially cause them to be treated as a different type. References Bug 1946004 #CVE-2025-1937: Memory safety bugs fixed in Firefox 136, Thunderbird 136, Firefox ESR 115.21, Firefox ESR 128.8, and Thunderbird 128.8 Reporter the Mozilla Fuzzing Team, Andrew McCreight Impact high Description Memory safety bugs present in Firefox 135, Thunderbird 135, Firefox ESR 115.20, Firefox ESR 128.7, and Thunderbird 128.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. References Memory safety bugs fixed in Firefox 136, Thunderbird 136, Firefox ESR 115.21, Firefox ESR 128.8, and Thunderbird 128.8 @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.42 2025/02/12 06:45:39 ryoon Exp $ d4 1 a4 1 MOZ_BRANCH= 115.21 @ 1.43.2.1 log @Pullup ticket #6955 - requested by gutteridge www/firefox115: security fix www/firefox115-l10n: dependent update Revisions pulled up: - www/firefox115-l10n/Makefile 1.19 - www/firefox115-l10n/distinfo 1.19 - www/firefox115/Makefile 1.44 - www/firefox115/distinfo 1.24 --- Module Name: pkgsrc Committed By: gutteridge Date: Fri Apr 4 00:21:26 UTC 2025 Modified Files: pkgsrc/www/firefox115: Makefile distinfo Log Message: firefox115: update to 115.22.0 Security Vulnerabilities fixed in Firefox ESR 115.22 Announced April 1, 2025 Impact high Products Firefox ESR Fixed in Firefox ESR 115.22 #CVE-2025-3028: Use-after-free triggered by XSLTProcessor Reporter Ivan Fratric of Google Project Zero Impact high Description JavaScript code running while transforming a document with the XSLTProcessor could lead to a use-after-free. References Bug 1941002 --- Module Name: pkgsrc Committed By: gutteridge Date: Fri Apr 4 00:25:41 UTC 2025 Modified Files: pkgsrc/www/firefox115-l10n: Makefile distinfo Log Message: firefox115-l10n: update to 115.22.0 @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.43 2025/03/12 03:49:23 gutteridge Exp $ d4 1 a4 1 MOZ_BRANCH= 115.22 @ 1.43.2.2 log @Pullup ticket #6962 - requested by gutteridge www/firefox115: Security fix www/firefox115-l10n: Security fix Revisions pulled up: - www/firefox115-l10n/Makefile 1.20 - www/firefox115-l10n/distinfo 1.20 - www/firefox115/Makefile 1.48 - www/firefox115/distinfo 1.25 --- Module Name: pkgsrc Committed By: gutteridge Date: Wed Apr 30 02:41:35 UTC 2025 Modified Files: pkgsrc/www/firefox115: Makefile distinfo Log Message: firefox115: update to 115.23 Mozilla Foundation Security Advisory 2025-30 Security Vulnerabilities fixed in Firefox ESR 115.23 Announced April 29, 2025 Impact high Products Firefox ESR Fixed in Firefox ESR 115.23 #CVE-2025-2817: Privilege escalation in Firefox Updater Reporter Dong-uk Kim (@@justlikebono) Impact high Description Mozilla Firefox's update mechanism allowed a medium-integrity user process = to interfere with the SYSTEM-level updater by manipulating the file-locking= behavior. By injecting code into the=20 user-privileged process, an attacker could bypass intended access controls,= allowing SYSTEM-level file operations on paths controlled by a non-privile= ged user and enabling privilege escalation. References Bug 1917536 #CVE-2025-4082: WebGL shader attribute memory corruption in Firefox for mac= OS Reporter un3xploitable & GF Impact high Description Modification of specific WebGL shader attributes could trigger an out-of-bo= unds read, which, when chained with other vulnerabilities, could be used to= escalate privileges. This bug only affects Firefox for macOS. Other versions of Firefox are unaf= fected. References Bug 1937097 #CVE-2025-4083: Process isolation bypass using "javascript:" URI links in c= ross-origin frames Reporter Nika Layzell Impact high Description A process isolation vulnerability in Firefox stemmed from improper handling= of javascript: URIs, which could allow content to execute in the top-level= document's process instead of the intended=20 frame, potentially enabling a sandbox escape. References Bug 1958350 #CVE-2025-4084: Potential local code execution in "copy as cURL" command Reporter Ameen Basha M K Impact moderate Description Due to insufficient escaping of the ampersand character in the "copy as cUR= L" feature, an attacker could trick a user into using this command, potenti= ally leading to local code execution on the=20 user's system. This bug only affects Firefox for Windows. Other versions of Firefox are un= affected. References Bug 1949994, 1960198 --- Module Name: pkgsrc Committed By: gutteridge Date: Wed Apr 30 02:42:15 UTC 2025 Modified Files: pkgsrc/www/firefox115-l10n: Makefile distinfo Log Message: firefox115-l10n: update to 115.23 @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.43.2.1 2025/04/09 20:18:59 bsiegert Exp $ d4 1 a4 1 MOZ_BRANCH= 115.23 @ 1.42 log @*: Recursive revbump from audio/flac-1.5.0 @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.41 2025/02/04 20:29:06 bsiegert Exp $ d4 1 a4 1 MOZ_BRANCH= 115.20 a8 1 PKGREVISION= 1 @ 1.41 log @firefox115: update to 115.20.0 (security) Security Vulnerabilities fixed in Firefox ESR 115.20 #CVE-2025-1009: Use-after-free in XSLT Impact: high An attacker could have caused a use-after-free via crafted XSLT data, leading to a potentially exploitable crash. #CVE-2025-1010: Use-after-free in Custom Highlight Impact: high An attacker could have caused a use-after-free via the Custom Highlight API, leading to a potentially exploitable crash. #CVE-2025-1012: Use-after-free during concurrent delazification Impact: moderate A race during concurrent delazification could have led to a use-after-free. #CVE-2025-1016: Memory safety bugs fixed in Firefox 135, Thunderbird 135, Firefox ESR 115.20, Firefox ESR 128.7, Thunderbird 115.20, and Thunderbird 128.7 Impact: high Memory safety bugs present in Firefox 134, Thunderbird 134, Firefox ESR 115.19, Firefox ESR 128.6, Thunderbird 115.19, and Thunderbird 128.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.40 2025/01/07 17:17:34 bsiegert Exp $ d9 1 @ 1.40 log @firefox115, firefox115-l10n: update to 115.19.0 Security Vulnerabilities fixed in Firefox ESR 115.19 #CVE-2025-0238: Use-after-free when breaking lines in text Impact: moderate Assuming a controlled failed memory allocation, an attacker could have caused a use-after-free, leading to a potentially exploitable crash. #CVE-2025-0242: Memory safety bugs fixed in Firefox 134, Thunderbird 134, Firefox ESR 115.19, Firefox ESR 128.6, Thunderbird 115.19, and Thunderbird 128.6 Impact: high Memory safety bugs present in Firefox 133, Thunderbird 133, Firefox ESR 115.18, Firefox ESR 128.5, Thunderbird 115.18, and Thunderbird 128.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.39 2024/12/27 08:20:49 wiz Exp $ d4 1 a4 1 MOZ_BRANCH= 115.19 @ 1.39 log @*: recursive bump for pango requiring fontconfig 2.15 @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.38 2024/11/26 19:11:54 bsiegert Exp $ d4 1 a4 1 MOZ_BRANCH= 115.18 a8 1 PKGREVISION= 1 @ 1.38 log @firefox115: update to 115.18.0 Security Vulnerabilities fixed in Firefox ESR 115.18 #CVE-2024-11691: Out-of-bounds write in Apple GPU drivers via WebGL Impact: high Certain WebGL operations on Apple silicon M series devices could have lead to an out-of-bounds write and memory corruption due to a flaw in Apple's GPU driver. This bug only affected the application on Apple M series hardware. Other platforms were unaffected. #CVE-2024-11694: CSP Bypass and XSS Exposure via Web Compatibility Shims Impact: moderate Enhanced Tracking Protection's Strict mode may have inadvertently allowed a CSP frame-src bypass and DOM-based XSS through the Google SafeFrame shim in the Web Compatibility extension. This issue could have exposed users to malicious frames masquerading as legitimate content. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.37 2024/11/17 07:16:49 wiz Exp $ d9 1 @ 1.38.2.1 log @Pullup ticket #6926 - requested by bsiegert www/firefox115: security fix www/firefox115-l10n: security fix Revisions pulled up: - www/firefox115-l10n/Makefile 1.16 - www/firefox115-l10n/distinfo 1.16 - www/firefox115/Makefile 1.40 - www/firefox115/distinfo 1.21 --- Module Name: pkgsrc Committed By: bsiegert Date: Tue Jan 7 17:17:34 UTC 2025 Modified Files: pkgsrc/www/firefox115: Makefile distinfo pkgsrc/www/firefox115-l10n: Makefile distinfo Log Message: firefox115, firefox115-l10n: update to 115.19.0 Security Vulnerabilities fixed in Firefox ESR 115.19 #CVE-2025-0238: Use-after-free when breaking lines in text Impact: moderate Assuming a controlled failed memory allocation, an attacker could have caused a use-after-free, leading to a potentially exploitable crash. #CVE-2025-0242: Memory safety bugs fixed in Firefox 134, Thunderbird 134, Firefox ESR 115.19, Firefox ESR 128.6, Thunderbird 115.19, and Thunderbird 128.6 Impact: high Memory safety bugs present in Firefox 133, Thunderbird 133, Firefox ESR 115= .18, Firefox ESR 128.5, Thunderbird 115.18, and Thunderbird 128.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.38 2024/11/26 19:11:54 bsiegert Exp $ d4 1 a4 1 MOZ_BRANCH= 115.19 @ 1.38.2.2 log @Pullup ticket #6941 - requested by bsiegert www/firefox115-l10n: Security fix www/firefox115: Security fix Revisions pulled up: - www/firefox115-l10n/Makefile 1.17 - www/firefox115-l10n/distinfo 1.17 - www/firefox115/Makefile 1.41 - www/firefox115/distinfo 1.22 --- Module Name: pkgsrc Committed By: bsiegert Date: Tue Feb 4 20:29:06 UTC 2025 Modified Files: pkgsrc/www/firefox115: Makefile distinfo pkgsrc/www/firefox115-l10n: Makefile distinfo Log Message: firefox115: update to 115.20.0 (security) Security Vulnerabilities fixed in Firefox ESR 115.20 #CVE-2025-1009: Use-after-free in XSLT Impact: high An attacker could have caused a use-after-free via crafted XSLT data, leadi= ng to a potentially exploitable crash. #CVE-2025-1010: Use-after-free in Custom Highlight Impact: high An attacker could have caused a use-after-free via the Custom Highlight API= , leading to a potentially exploitable crash. #CVE-2025-1012: Use-after-free during concurrent delazification Impact: moderate A race during concurrent delazification could have led to a use-after-free. #CVE-2025-1016: Memory safety bugs fixed in Firefox 135, Thunderbird 135, Firefox ESR 115.20, Firefox ESR 128.7, Thunderbird 115.20, and Thunderbird 128.7 Impact: high Memory safety bugs present in Firefox 134, Thunderbird 134, Firefox ESR 115= .19, Firefox ESR 128.6, Thunderbird 115.19, and Thunderbird 128.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.38.2.1 2025/01/09 12:07:14 maya Exp $ d4 1 a4 1 MOZ_BRANCH= 115.20 @ 1.38.2.3 log @Pullup ticket #6949 - requested by gutteridge www/firefox115: security fix www/firefox115-l10n: dependent update Revisions pulled up: - www/firefox115-l10n/Makefile 1.18 - www/firefox115-l10n/distinfo 1.18 - www/firefox115/Makefile 1.43 - www/firefox115/distinfo 1.23 --- Module Name: pkgsrc Committed By: gutteridge Date: Wed Mar 12 03:49:24 UTC 2025 Modified Files: pkgsrc/www/firefox115: Makefile distinfo Log Message: firefox115: update to 115.21.0 Mozilla Foundation Security Advisory 2025-15 Security Vulnerabilities fixed in Firefox ESR 115.21 Announced March 4, 2025 Impact critical Products Firefox ESR Fixed in Firefox ESR 115.21 #CVE-2024-43097: Overflow when growing an SkRegion's RunArray Reporter Google Android Impact critical Description In resizeToAtLeast of SkRegion.cpp, there was a possible out of bounds write due to an integer overflow References Bug 1945624 #CVE-2025-1930: AudioIPC StreamData could trigger a use-after-free in the Browser process Reporter dalmurino Impact high Description On Windows, a compromised content process could use bad StreamData sent over AudioIPC to trigger a use-after-free in the Browser process. This could have led to a sandbox escape. References Bug 1902309 #CVE-2025-1931: Use-after-free in WebTransportChild Reporter sherkito Impact high Description It was possible to cause a use-after-free in the content process side of a WebTransport connection, leading to a potentially exploitable crash. References Bug 1944126 #CVE-2025-1933: JIT corruption of WASM i32 return values on 64-bit CPUs Reporter Xiangwei Zhang and kkdong of Tencent Security YUNDING LAB Impact high Description On 64-bit CPUs, when the JIT compiles WASM i32 return values they can pick up bits from left over memory. This can potentially cause them to be treated as a different type. References Bug 1946004 #CVE-2025-1937: Memory safety bugs fixed in Firefox 136, Thunderbird 136, Firefox ESR 115.21, Firefox ESR 128.8, and Thunderbird 128.8 Reporter the Mozilla Fuzzing Team, Andrew McCreight Impact high Description Memory safety bugs present in Firefox 135, Thunderbird 135, Firefox ESR 115.20, Firefox ESR 128.7, and Thunderbird 128.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. References Memory safety bugs fixed in Firefox 136, Thunderbird 136, Firefox ESR 115.21, Firefox ESR 128.8, and Thunderbird 128.8 --- Module Name: pkgsrc Committed By: gutteridge Date: Wed Mar 12 03:50:23 UTC 2025 Modified Files: pkgsrc/www/firefox115-l10n: Makefile distinfo Log Message: firefox115-l10n: update to 115.21.0 @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.38.2.2 2025/02/09 14:01:44 maya Exp $ d4 1 a4 1 MOZ_BRANCH= 115.21 @ 1.37 log @*: recursive bump for default-on option of at-spi2-core @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.36 2024/11/14 22:22:04 wiz Exp $ d4 1 a4 1 MOZ_BRANCH= 115.17 a8 1 PKGREVISION= 2 @ 1.36 log @*: recursive bump for icu 76 shlib major version bump @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.35 2024/11/08 02:15:10 gutteridge Exp $ d9 1 a9 1 PKGREVISION= 1 @ 1.35 log @firefox115: update to 115.17.0 Mozilla Foundation Security Advisory 2024-57 Security Vulnerabilities fixed in Firefox ESR 115.17 CVE-2024-10458: Permission leak via embed or object elements CVE-2024-10459: Use-after-free in layout with accessibility CVE-2024-10463: Cross origin video frame leak @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.34 2024/11/01 12:54:49 wiz Exp $ d9 1 @ 1.34 log @*: revbump for icu downgrade @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.33 2024/11/01 00:54:03 wiz Exp $ d4 2 a5 2 MOZ_BRANCH= 115.16 MOZ_BRANCH_MINOR= .1esr a8 1 PKGREVISION= 3 @ 1.33 log @*: recursive bump for icu 76.1 shlib bump @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.32 2024/10/20 14:04:43 wiz Exp $ d9 1 a9 1 PKGREVISION= 2 @ 1.32 log @*: recursive bump for merging at-spi2-atk and atk into at2-spi-core Remove at-spi2-atk and atk @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.31 2024/10/10 02:45:22 gutteridge Exp $ d9 1 a9 1 PKGREVISION= 1 @ 1.31 log @firefox115: update to 115.16.1 * Fixes for mfsa2024-51, also known as CVE-2024-9680. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.30 2024/10/02 22:09:13 gutteridge Exp $ d9 1 @ 1.30 log @firefox115: update to 115.16.0 * Fixes for mfsa2024-48, also known as: CVE-2024-9392, CVE-2024-9393, CVE-2024-9394, CVE-2024-9401 Please note, per Mozilla, "Firefox ESR 115 is now supported only on Windows 7-8.1 and macOS 10.12-10.14. Users on other operating systems should use Firefox ESR 128 instead." This update has been run tested on NetBSD 9.4 amd64 and found functional, but pkgsrc users should bear this in mind. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.29 2024/09/11 05:33:18 gutteridge Exp $ d5 1 a5 1 MOZ_BRANCH_MINOR= .0esr @ 1.29 log @firefox115: update to 115.15.0 * Fixes for mfsa2024-41, also known as: CVE-2024-8381, CVE-2024-8382, CVE-2024-8383, CVE-2024-8384 @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.28 2024/08/16 15:15:36 ryoon Exp $ d4 1 a4 1 MOZ_BRANCH= 115.15 @ 1.29.2.1 log @Pullup ticket #6900 - requested by gutteridge www/firefox115: security fix www/firefox115-l10n: dependent update Revisions pulled up: - www/firefox115-l10n/Makefile 1.13 - www/firefox115-l10n/distinfo 1.13 - www/firefox115/Makefile 1.30 - www/firefox115/distinfo 1.17 --- Module Name: pkgsrc Committed By: gutteridge Date: Wed Oct 2 22:09:13 UTC 2024 Modified Files: pkgsrc/www/firefox115: Makefile distinfo Log Message: firefox115: update to 115.16.0 * Fixes for mfsa2024-48, also known as: CVE-2024-9392, CVE-2024-9393, CVE-2024-9394, CVE-2024-9401 Please note, per Mozilla, "Firefox ESR 115 is now supported only on Windows 7-8.1 and macOS 10.12-10.14. Users on other operating systems should use Firefox ESR 128 instead." This update has been run tested on NetBSD 9.4 amd64 and found functional, but pkgsrc users should bear this in mind. --- Module Name: pkgsrc Committed By: gutteridge Date: Wed Oct 2 22:10:38 UTC 2024 Modified Files: pkgsrc/www/firefox115-l10n: Makefile distinfo Log Message: firefox115-l10n: update to 115.16.0 @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.29 2024/09/11 05:33:18 gutteridge Exp $ d4 1 a4 1 MOZ_BRANCH= 115.16 @ 1.29.2.2 log @Pullup ticket #6906 - requested by gutteridge www/firefox115: security fix Revisions pulled up: - www/firefox115/Makefile 1.31 - www/firefox115/distinfo 1.18 --- Module Name: pkgsrc Committed By: gutteridge Date: Thu Oct 10 02:45:22 UTC 2024 Modified Files: pkgsrc/www/firefox115: Makefile distinfo Log Message: firefox115: update to 115.16.1 * Fixes for mfsa2024-51, also known as CVE-2024-9680. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.29.2.1 2024/10/04 17:47:38 bsiegert Exp $ d5 1 a5 1 MOZ_BRANCH_MINOR= .1esr @ 1.29.2.3 log @Pullup ticket #6919 - requested by bsiegert www/firefox115: Security fix www/firefox115-l10n: Security fix Revisions pulled up: - www/firefox115-l10n/Makefile 1.15 - www/firefox115-l10n/distinfo 1.15 - www/firefox115/Makefile 1.38 - www/firefox115/distinfo 1.20 --- Module Name: pkgsrc Committed By: bsiegert Date: Tue Nov 26 19:11:54 UTC 2024 Modified Files: pkgsrc/www/firefox115: Makefile distinfo Log Message: firefox115: update to 115.18.0 Security Vulnerabilities fixed in Firefox ESR 115.18 #CVE-2024-11691: Out-of-bounds write in Apple GPU drivers via WebGL Impact: high Certain WebGL operations on Apple silicon M series devices could have lead to an out-of-bounds write and memory corruption due to a flaw in Apple's GPU driver. This bug only affected the application on Apple M series hardware. Other platforms were unaffected. #CVE-2024-11694: CSP Bypass and XSS Exposure via Web Compatibility Shims Impact: moderate Enhanced Tracking Protection's Strict mode may have inadvertently allowed a CSP frame-src bypass and DOM-based XSS through the Google SafeFrame shim in the Web Compatibility extension. This issue could have exposed users to malicious frames masquerading as legitimate content. --- Module Name: pkgsrc Committed By: bsiegert Date: Tue Nov 26 19:12:36 UTC 2024 Modified Files: pkgsrc/www/firefox115-l10n: Makefile distinfo Log Message: firefox115-l10n: update to 115.18.0 These are the translations for the firefox115 update. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.29.2.2 2024/10/11 17:29:22 bsiegert Exp $ d4 2 a5 2 MOZ_BRANCH= 115.18 MOZ_BRANCH_MINOR= .0esr @ 1.28 log @www/firefox115: FIx build with lang/rust-1.79.0 * Use patches from FreeBSD Ports to fix build error with lang/rust-1.79.0. * Tested under NetBSD/amd64 9 and 10, and NetBSD/i386 9 and 10. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.27 2024/08/08 03:54:49 gutteridge Exp $ d4 1 a4 1 MOZ_BRANCH= 115.14 @ 1.27 log @firefox115: update to 115.14.0 * Fixes for mfsa2024-34, also known as: CVE-2024-7519, CVE-2024-7521, CVE-2024-7522, CVE-2024-7524, CVE-2024-7525, CVE-2024-7526, CVE-2024-7527, CVE-2024-7529, CVE-2024-7531 @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.26 2024/08/01 15:21:25 ryoon Exp $ d98 8 d186 3 @ 1.26 log @www/firefox115: Fix build under NetBSD/i386 10.0 at least * Remove static_assert()s. This is not valid for NetBSD/i386 10 or later. This may be inconsistency between stddef.h and GCC's assumption. * Force Clto=thin to reduce memory usage during build. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.24.2.1 2024/07/12 18:58:04 bsiegert Exp $ d4 1 a4 1 MOZ_BRANCH= 115.13 @ 1.25 log @firefox115: update to 115.13.0 * Fixes for mfsa2024-30, also known as: CVE-2024-6600, CVE-2024-6601, CVE-2024-6602, CVE-2024-6603, CVE-2024-6604 @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.24 2024/06/21 13:25:26 jperkin Exp $ @ 1.24 log @firefox*: Prune -Wl,-rpath-link on SunOS. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.23 2024/06/12 13:40:46 gutteridge Exp $ d4 1 a4 1 MOZ_BRANCH= 115.12 @ 1.24.2.1 log @Pullup ticket #6877 - requested by gutteridge www/firefox115: security fix www/firefox115-l10n: dependent update Revisions pulled up: - www/firefox115-l10n/Makefile 1.10 - www/firefox115-l10n/distinfo 1.10 - www/firefox115/Makefile 1.25 - www/firefox115/distinfo 1.11 --- Module Name: pkgsrc Committed By: gutteridge Date: Tue Jul 9 22:18:47 UTC 2024 Modified Files: pkgsrc/www/firefox115: Makefile distinfo Log Message: firefox115: update to 115.13.0 * Fixes for mfsa2024-30, also known as: CVE-2024-6600, CVE-2024-6601, CVE-2024-6602, CVE-2024-6603, CVE-2024-6604 --- Module Name: pkgsrc Committed By: gutteridge Date: Tue Jul 9 22:20:20 UTC 2024 Modified Files: pkgsrc/www/firefox115-l10n: Makefile distinfo Log Message: firefox115-l10n: update to 115.13.0 @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.24 2024/06/21 13:25:26 jperkin Exp $ d4 1 a4 1 MOZ_BRANCH= 115.13 @ 1.24.2.2 log @Pullup ticket #6889 - requested by gutteridge www/firefox115: security fix www/firefox115-l10n: dependent update Revisions pulled up: - www/firefox115-l10n/Makefile 1.11 - www/firefox115-l10n/distinfo 1.11 - www/firefox115/Makefile 1.27 - www/firefox115/distinfo 1.13 --- Module Name: pkgsrc Committed By: gutteridge Date: Thu Aug 8 03:54:49 UTC 2024 Modified Files: pkgsrc/www/firefox115: Makefile distinfo Log Message: firefox115: update to 115.14.0 * Fixes for mfsa2024-34, also known as: CVE-2024-7519, CVE-2024-7521, CVE-2024-7522, CVE-2024-7524, CVE-2024-7525, CVE-2024-7526, CVE-2024-7527, CVE-2024-7529, CVE-2024-7531 --- Module Name: pkgsrc Committed By: gutteridge Date: Thu Aug 8 04:00:13 UTC 2024 Modified Files: pkgsrc/www/firefox115-l10n: Makefile distinfo Log Message: firefox115-l10n: update to 115.14.0 @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.24.2.1 2024/07/12 18:58:04 bsiegert Exp $ d4 1 a4 1 MOZ_BRANCH= 115.14 @ 1.24.2.3 log @Pullup ticket #6894 - requested by gutteridge www/firefox115: security fix www/firefox115-l10n: dependent update Revisions pulled up: - www/firefox115-l10n/Makefile 1.12 - www/firefox115-l10n/distinfo 1.12 - www/firefox115/Makefile 1.29 - www/firefox115/distinfo 1.15 --- Module Name: pkgsrc Committed By: gutteridge Date: Wed Sep 11 05:33:18 UTC 2024 Modified Files: pkgsrc/www/firefox115: Makefile distinfo Log Message: firefox115: update to 115.15.0 * Fixes for mfsa2024-41, also known as: CVE-2024-8381, CVE-2024-8382, CVE-2024-8383, CVE-2024-8384 --- Module Name: pkgsrc Committed By: gutteridge Date: Wed Sep 11 05:35:17 UTC 2024 Modified Files: pkgsrc/www/firefox115-l10n: Makefile distinfo Log Message: firefox115-l10n: update to 115.15.0 @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.24.2.2 2024/08/09 19:03:52 bsiegert Exp $ d4 1 a4 1 MOZ_BRANCH= 115.15 @ 1.23 log @firefox115: update to 115.12.0 * Fixes for mfsa2024-26, also known as: CVE-2024-5688, CVE-2024-5702, CVE-2024-5690, CVE-2024-5691, CVE-2024-5692, CVE-2024-5693, CVE-2024-5696, CVE-2024-5700 @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.22 2024/05/29 16:34:49 adam Exp $ d81 3 @ 1.22 log @revbump after icu and protobuf updates @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.21 2024/05/14 17:57:00 gutteridge Exp $ d4 1 a4 1 MOZ_BRANCH= 115.11 a8 1 PKGREVISION= 1 @ 1.21 log @firefox115: update to 115.11.0 * Fixes for mfsa2024-22, also known as: CVE-2024-4367, CVE-2024-4767, CVE-2024-4768, CVE-2024-4769, CVE-2024-4770, CVE-2024-4777 @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.20 2024/04/17 13:42:45 gutteridge Exp $ d9 1 @ 1.20 log @firefox115: update to 115.10.0 * Fixes for mfsa2024-19, also known as: CVE-2024-3852, CVE-2024-3854, CVE-2024-3857, CVE-2024-2609, CVE-2024-3859, CVE-2024-3861, CVE-2024-3302, CVE-2024-3864. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.19 2024/04/07 07:35:12 wiz Exp $ d4 1 a4 1 MOZ_BRANCH= 115.10 @ 1.19 log @*: bump for cairo buildlink3.mk change lzo was made an option @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.18 2024/04/06 08:06:52 wiz Exp $ d4 2 a5 2 MOZ_BRANCH= 115.9 MOZ_BRANCH_MINOR= .1esr a8 1 PKGREVISION= 2 @ 1.18 log @* recursive bump for libxkbcommon 1.7.0 Marc Baudoin reported problems with using old binary packages with the new libkxbcommon, so force everything to 1.7.0 @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.17 2024/03/25 00:35:50 gutteridge Exp $ d9 1 a9 1 PKGREVISION= 1 @ 1.17 log @firefox115: update to 115.9.1 Note there are references to use of Python 3.12 as a build tool now being supported, but this has not been tested in pkgsrc as it stands. (This has been tested on NetBSD 9.3_STABLE with pkgsrc defaults.) 115.9.1 Fixes for mfsa2024-16, also known as CVE-2024-29944 115.9.0 Fixes for mfsa2024-13, also known as: CVE-2024-0743, CVE-2024-2607, CVE-2024-2608, CVE-2024-2616, CVE-2023-5388, CVE-2024-2610, CVE-2024-2611, CVE-2024-2612, CVE-2024-2614 115.8.0 Fixes for mfsa2024-06, also known as: CVE-2024-1546, CVE-2024-1547, CVE-2024-1548, CVE-2024-1549, CVE-2024-1550, CVE-2024-1551, CVE-2024-1552, CVE-2024-1553 @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.16 2024/01/31 16:18:33 ryoon Exp $ d9 1 @ 1.17.2.1 log @Pullup ticket #6850 - requested by gutteridge www/firefox115: security fix www/firefox115-l10n: dependent update Revisions pulled up: - www/firefox115-l10n/Makefile 1.7 - www/firefox115-l10n/distinfo 1.7 - www/firefox115/Makefile 1.20 - www/firefox115/distinfo 1.7 --- Module Name: pkgsrc Committed By: gutteridge Date: Wed Apr 17 13:42:45 UTC 2024 Modified Files: pkgsrc/www/firefox115: Makefile distinfo Log Message: firefox115: update to 115.10.0 * Fixes for mfsa2024-19, also known as: CVE-2024-3852, CVE-2024-3854, CVE-2024-3857, CVE-2024-2609, CVE-2024-3859, CVE-2024-3861, CVE-2024-3302, CVE-2024-3864. --- Module Name: pkgsrc Committed By: gutteridge Date: Wed Apr 17 13:46:55 UTC 2024 Modified Files: pkgsrc/www/firefox115-l10n: Makefile distinfo Log Message: firefox115-l10n: update to 115.10.0 @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.17 2024/03/25 00:35:50 gutteridge Exp $ d4 2 a5 2 MOZ_BRANCH= 115.10 MOZ_BRANCH_MINOR= .0esr @ 1.17.2.2 log @Pullup ticket #6855 - requested by gutteridge www/firefox115: security fix www/firefox115-lang: dependent update Revisions pulled up: - www/firefox115-l10n/Makefile 1.8 - www/firefox115-l10n/distinfo 1.8 - www/firefox115/Makefile 1.21 - www/firefox115/distinfo 1.9 --- Module Name: pkgsrc Committed By: gutteridge Date: Tue May 14 17:57:00 UTC 2024 Modified Files: pkgsrc/www/firefox115: Makefile distinfo Log Message: firefox115: update to 115.11.0 * Fixes for mfsa2024-22, also known as: CVE-2024-4367, CVE-2024-4767, CVE-2024-4768, CVE-2024-4769, CVE-2024-4770, CVE-2024-4777 --- Module Name: pkgsrc Committed By: gutteridge Date: Tue May 14 17:59:57 UTC 2024 Modified Files: pkgsrc/www/firefox115-l10n: Makefile distinfo Log Message: firefox115-l10n: update to 115.11.0 @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.17.2.1 2024/04/22 18:29:02 bsiegert Exp $ d4 1 a4 1 MOZ_BRANCH= 115.11 @ 1.17.2.3 log @Pullup ticket #6869 - requested by gutteridge www/firefox115: security fix www/firefox115-l10n: dependent update Revisions pulled up: - www/firefox115-l10n/Makefile 1.9 - www/firefox115-l10n/distinfo 1.9 - www/firefox115/Makefile 1.23 - www/firefox115/distinfo 1.10 --- Module Name: pkgsrc Committed By: gutteridge Date: Wed Jun 12 13:40:46 UTC 2024 Modified Files: pkgsrc/www/firefox115: Makefile distinfo Log Message: firefox115: update to 115.12.0 * Fixes for mfsa2024-26, also known as: CVE-2024-5688, CVE-2024-5702, CVE-2024-5690, CVE-2024-5691, CVE-2024-5692, CVE-2024-5693, CVE-2024-5696, CVE-2024-5700 --- Module Name: pkgsrc Committed By: gutteridge Date: Wed Jun 12 13:44:06 UTC 2024 Modified Files: pkgsrc/www/firefox115-l10n: Makefile distinfo Log Message: firefox115-l10n: update to 115.12.0 @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.17.2.2 2024/05/17 13:01:22 bsiegert Exp $ d4 1 a4 1 MOZ_BRANCH= 115.12 @ 1.16 log @firefox115: Update to 115.7.0 Changelog: 115.7.0: Mozilla Foundation Security Advisory 2024-02 #CVE-2024-0741: Out of bounds write in ANGLE #CVE-2024-0742: Failure to update user input timestamp #CVE-2024-0746: Crash when listing printers on Linux #CVE-2024-0747: Bypass of Content Security Policy when directive unsafe-inline was set #CVE-2024-0749: Phishing site popup could show local origin in address bar #CVE-2024-0750: Potential permissions request bypass via clickjacking #CVE-2024-0751: Privilege escalation through devtools #CVE-2024-0753: HSTS policy on subdomain could bypass policy of upper domain #CVE-2024-0755: Memory safety bugs fixed in Firefox 122, Firefox ESR 115.7, and Thunderbird 115.7 @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.15 2024/01/30 14:22:37 ryoon Exp $ d4 2 a5 2 MOZ_BRANCH= 115.7 MOZ_BRANCH_MINOR= .0esr @ 1.15 log @*: Recursive revbump from audio/pulseaudio-17.0 @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.14 2024/01/22 13:17:07 ryoon Exp $ d4 1 a4 1 MOZ_BRANCH= 115.6 a8 1 PKGREVISION= 2 @ 1.14 log @*: Recursive revbump from multimedia/libvpx @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.13 2024/01/10 15:38:44 ryoon Exp $ d9 1 a9 1 PKGREVISION= 1 @ 1.13 log @firefox115: Update to 115.6.0 Changelog: 115.6.0: * Security fixes. Mozilla Foundation Security Advisory 2023-54 #CVE-2023-6856: Heap-buffer-overflow affecting WebGL DrawElementsInstanced method with Mesa VM driver #CVE-2023-6865: Potential exposure of uninitialized data in EncryptingOutputStream #CVE-2023-6857: Symlinks may resolve to smaller than expected buffers #CVE-2023-6858: Heap buffer overflow in nsTextFragment #CVE-2023-6859: Use-after-free in PR_GetIdentitiesLayer #CVE-2023-6860: Potential sandbox escape due to VideoBridge lack of texture validation #CVE-2023-6867: Clickjacking permission prompts using the popup transition #CVE-2023-6861: Heap buffer overflow affected nsWindow::PickerOpen(void) in headless mode #CVE-2023-6862: Use-after-free in nsDNSService #CVE-2023-6863: Undefined behavior in ShutdownObserver() #CVE-2023-6864: Memory safety bugs fixed in Firefox 121, Firefox ESR 115.6, and Thunderbird 115.6 @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.12 2024/01/08 17:39:44 leot Exp $ d9 1 @ 1.12 log @firefox115: Re-enable screen/tab capture Sync replace-moz.build.awk with firefox{102,} so that X11 desktop capture works. (Re)Fix PR pkg/56955. (While here define PKGREVISION only once.) PKGREVISION++ @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.11 2023/12/29 17:29:14 he Exp $ d4 1 a4 1 MOZ_BRANCH= 115.5 a5 1 PKGREVISION= 2 @ 1.11 log @firefox115: on i386, use -mstackrealign also in CFLAGS. Patterned after recent change to firefox: force stack re-alignment so that you don't get a segfault when doing movdqa %xmm7,(%esp) and %esp is not 16-byte aligned. Bump PKGREVISION. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.10 2023/12/22 17:11:31 abs Exp $ a3 1 PKGREVISION= 1 d6 1 a6 1 PKGREVISION= 1 @ 1.10 log @Fix substitution of $PREFIX/bin/firefox115 for NetBSD native X11 No change for other platforms Bump PKGREVISION @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.9 2023/11/23 12:47:01 ryoon Exp $ d7 1 @ 1.10.2.1 log @Pullup ticket #6840 - requested by gutteridge www/firefox115: security fix www/firefox115-l10n: dependent update Revisions pulled up: - www/firefox115-l10n/Makefile 1.4-1.6 - www/firefox115-l10n/distinfo 1.4-1.6 - www/firefox115/Makefile 1.11-1.13,1.16-1.17 - www/firefox115/distinfo 1.4-1.6 - www/firefox115/files/replace-moz.build.awk 1.2 - www/firefox115/mozilla-common.mk 1.5-1.6 --- Module Name: pkgsrc Committed By: he Date: Fri Dec 29 17:29:14 UTC 2023 Modified Files: pkgsrc/www/firefox115: Makefile mozilla-common.mk Log Message: firefox115: on i386, use -mstackrealign also in CFLAGS. Patterned after recent change to firefox: force stack re-alignment so that you don't get a segfault when doing movdqa %xmm7,(%esp) and %esp is not 16-byte aligned. Bump PKGREVISION. --- Module Name: pkgsrc Committed By: leot Date: Mon Jan 8 17:39:44 UTC 2024 Modified Files: pkgsrc/www/firefox115: Makefile pkgsrc/www/firefox115/files: replace-moz.build.awk Log Message: firefox115: Re-enable screen/tab capture Sync replace-moz.build.awk with firefox{102,} so that X11 desktop capture works. (Re)Fix PR pkg/56955. (While here define PKGREVISION only once.) PKGREVISION++ --- Module Name: pkgsrc Committed By: ryoon Date: Wed Jan 10 15:38:44 UTC 2024 Modified Files: pkgsrc/www/firefox115: Makefile distinfo mozilla-common.mk Log Message: firefox115: Update to 115.6.0 Changelog: 115.6.0: * Security fixes. Mozilla Foundation Security Advisory 2023-54 #CVE-2023-6856: Heap-buffer-overflow affecting WebGL DrawElementsInstanced method with Mesa VM driver #CVE-2023-6865: Potential exposure of uninitialized data in EncryptingOutputStream #CVE-2023-6857: Symlinks may resolve to smaller than expected buffers #CVE-2023-6858: Heap buffer overflow in nsTextFragment #CVE-2023-6859: Use-after-free in PR_GetIdentitiesLayer #CVE-2023-6860: Potential sandbox escape due to VideoBridge lack of texture validation #CVE-2023-6867: Clickjacking permission prompts using the popup transition #CVE-2023-6861: Heap buffer overflow affected nsWindow::PickerOpen(void) in headless mode #CVE-2023-6862: Use-after-free in nsDNSService #CVE-2023-6863: Undefined behavior in ShutdownObserver() #CVE-2023-6864: Memory safety bugs fixed in Firefox 121, Firefox ESR 115.6, and Thunderbird 115.6 --- Module Name: pkgsrc Committed By: ryoon Date: Wed Jan 31 16:18:33 UTC 2024 Modified Files: pkgsrc/www/firefox115: Makefile distinfo Log Message: firefox115: Update to 115.7.0 Changelog: 115.7.0: Mozilla Foundation Security Advisory 2024-02 #CVE-2024-0741: Out of bounds write in ANGLE #CVE-2024-0742: Failure to update user input timestamp #CVE-2024-0746: Crash when listing printers on Linux #CVE-2024-0747: Bypass of Content Security Policy when directive unsafe-inline was set #CVE-2024-0749: Phishing site popup could show local origin in address bar #CVE-2024-0750: Potential permissions request bypass via clickjacking #CVE-2024-0751: Privilege escalation through devtools #CVE-2024-0753: HSTS policy on subdomain could bypass policy of upper domain #CVE-2024-0755: Memory safety bugs fixed in Firefox 122, Firefox ESR 115.7, and Thunderbird 115.7 --- Module Name: pkgsrc Committed By: gutteridge Date: Mon Mar 25 00:35:50 UTC 2024 Modified Files: pkgsrc/www/firefox115: Makefile distinfo Log Message: firefox115: update to 115.9.1 Note there are references to use of Python 3.12 as a build tool now being supported, but this has not been tested in pkgsrc as it stands. (This has been tested on NetBSD 9.3_STABLE with pkgsrc defaults.) 115.9.1 Fixes for mfsa2024-16, also known as CVE-2024-29944 115.9.0 Fixes for mfsa2024-13, also known as: CVE-2024-0743, CVE-2024-2607, CVE-2024-2608, CVE-2024-2616, CVE-2023-5388, CVE-2024-2610, CVE-2024-2611, CVE-2024-2612, CVE-2024-2614 115.8.0 Fixes for mfsa2024-06, also known as: CVE-2024-1546, CVE-2024-1547, CVE-2024-1548, CVE-2024-1549, CVE-2024-1550, CVE-2024-1551, CVE-2024-1552, CVE-2024-1553 --- Module Name: pkgsrc Committed By: ryoon Date: Wed Jan 10 15:39:18 UTC 2024 Modified Files: pkgsrc/www/firefox115-l10n: Makefile distinfo Log Message: firefox115-l10n: Update to 115.6.0 * Sync with www/firefox115-115.6.0. --- Module Name: pkgsrc Committed By: ryoon Date: Wed Jan 31 16:19:07 UTC 2024 Modified Files: pkgsrc/www/firefox115-l10n: Makefile distinfo Log Message: firefox115: Update to 115.7.0 * Sync with www/firefox115-115.7.0. --- Module Name: pkgsrc Committed By: gutteridge Date: Tue Mar 26 13:54:13 UTC 2024 Modified Files: pkgsrc/www/firefox115-l10n: Makefile distinfo Log Message: firefox115-l10n: update to 115.9.1 @ text @d1 1 a1 1 # $NetBSD$ d4 3 a6 2 MOZ_BRANCH= 115.9 MOZ_BRANCH_MINOR= .1esr @ 1.9 log @firefox115: Update to 115.5.0 Changelog: Fixed Various security fixes and other quality improvements. Security fixes: Mozilla Foundation Security Advisory 2023-50 #CVE-2023-6204: Out-of-bound memory access in WebGL2 blitFramebuffer #CVE-2023-6205: Use-after-free in MessagePort::Entangled #CVE-2023-6206: Clickjacking permission prompts using the fullscreen transition #CVE-2023-6207: Use-after-free in ReadableByteStreamQueueEntry::Buffer #CVE-2023-6208: Using Selection API would copy contents into X11 primary selection. #CVE-2023-6209: Incorrect parsing of relative URLs starting with "///" #CVE-2023-6212: Memory safety bugs fixed in Firefox 120, Firefox ESR 115.5, and Thunderbird 115.5 @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.8 2023/11/14 14:03:04 wiz Exp $ d4 1 d91 5 d174 3 d179 1 a179 1 ${INSTALL_SCRIPT} ${FILESDIR}/firefox.sh ${DESTDIR}${PREFIX}/bin/${MOZILLA} @ 1.8 log @*: recursive bump for cairo dependency changes @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.7 2023/11/12 13:23:54 wiz Exp $ d4 2 a5 2 MOZ_BRANCH= 115.3 MOZ_BRANCH_MINOR= .1esr a8 1 PKGREVISION= 6 @ 1.7 log @*: revebump for new brotli option for freetype2 Addresses PR 57693 @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.6 2023/11/09 15:23:04 wiz Exp $ d9 1 a9 1 PKGREVISION= 5 @ 1.6 log @firefox115: bump PKGREVISION for startup script fix @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.5 2023/11/08 13:21:17 wiz Exp $ d9 1 a9 1 PKGREVISION= 4 @ 1.5 log @*: recursive bump for icu 74.1 @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.4 2023/10/24 22:11:26 wiz Exp $ d9 1 a9 1 PKGREVISION= 3 @ 1.4 log @*: bump for openssl 3 @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.3 2023/10/21 17:11:38 gdt Exp $ d9 1 a9 1 PKGREVISION= 2 @ 1.3 log @recursive revbump for tiff update @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.2 2023/10/15 07:47:59 ryoon Exp $ d9 1 a9 1 PKGREVISION= 1 @ 1.2 log @firefox115: Update to 115.3.1 Changelog: 115.3.1 * Security fix Mozilla Foundation Security Advisory 2023-44 #CVE-2023-5217: Heap buffer overflow in libvpx 115.3.0 Fixed * Various security fixes and other quality improvements. Mozilla Foundation Security Advisory 2023-42 #CVE-2023-5168: Out-of-bounds write in FilterNodeD2D1 #CVE-2023-5169: Out-of-bounds write in PathOps #CVE-2023-5171: Use-after-free in Ion Compiler #CVE-2023-5174: Double-free in process spawning on Windows #CVE-2023-5176: Memory safety bugs fixed in Firefox 118, Firefox ESR 115.3, and Thunderbird 115.3 @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.1 2023/09/11 12:33:25 ryoon Exp $ d9 1 @ 1.1 log @www/firefox115: import firefox115-115.2.0 Mozilla Firefox is a free, open-source and cross-platform web browser for Windows, Linux, MacOS X and many other operating systems. It is fast and easy to use, and offers many advantages over other web browsers, such as tabbed browsing and the ability to block pop-up windows. Firefox also offers excellent bookmark and history management, and it can be extended by developers using industry standards such as XML, CSS, JavaScript, C++, etc. Many extensions are available. Note: Due to upstream's trademark policies, this package identifies as "Nightly" rather than "Firefox" by default. This package provides Firefox 115 Extended Support Release. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.562 2023/07/17 14:08:44 ryoon Exp $ d4 2 a5 2 MOZ_BRANCH= 115.2 MOZ_BRANCH_MINOR= .0esr @