head 1.27; access; symbols pkgsrc-2025Q4:1.26.0.6 pkgsrc-2025Q4-base:1.26 pkgsrc-2025Q3:1.26.0.4 pkgsrc-2025Q3-base:1.26 pkgsrc-2025Q2:1.26.0.2 pkgsrc-2025Q2-base:1.26 pkgsrc-2025Q1:1.23.0.2 pkgsrc-2025Q1-base:1.23 pkgsrc-2024Q4:1.20.0.2 pkgsrc-2024Q4-base:1.20 pkgsrc-2024Q3:1.16.0.2 pkgsrc-2024Q3-base:1.16 pkgsrc-2024Q2:1.10.0.2 pkgsrc-2024Q2-base:1.10 pkgsrc-2024Q1:1.6.0.2 pkgsrc-2024Q1-base:1.6 pkgsrc-2023Q4:1.3.0.2 pkgsrc-2023Q4-base:1.3 pkgsrc-2023Q3:1.1.0.2 pkgsrc-2023Q3-base:1.1; locks; strict; comment @# @; 1.27 date 2026.03.01.02.45.39; author gutteridge; state dead; branches; next 1.26; commitid 5cXMuEhprqxcydwG; 1.26 date 2025.05.24.05.09.12; author gutteridge; state Exp; branches; next 1.25; commitid aCeUdn72DugCn7WF; 1.25 date 2025.04.30.02.41.35; author gutteridge; state Exp; branches; next 1.24; commitid aAgipbKKAeNMk1TF; 1.24 date 2025.04.04.00.21.26; author gutteridge; state Exp; branches; next 1.23; commitid qGXkkUFY3kBvoFPF; 1.23 date 2025.03.12.03.49.23; author gutteridge; state Exp; branches 1.23.2.1; next 1.22; commitid AwJzA3B7u6KChJMF; 1.22 date 2025.02.04.20.29.06; author bsiegert; state Exp; branches; next 1.21; commitid yMwJ3xW1SRnsYbIF; 1.21 date 2025.01.07.17.17.34; author bsiegert; state Exp; branches; next 1.20; commitid YI1RczmvZ7fCNzEF; 1.20 date 2024.11.26.19.11.54; author bsiegert; state Exp; branches 1.20.2.1; next 1.19; commitid pvMBPOfuzNbyNbzF; 1.19 date 2024.11.08.02.15.10; author gutteridge; state Exp; branches; next 1.18; commitid Bf60ehihFQIzKMwF; 1.18 date 2024.10.10.02.45.22; author gutteridge; state Exp; branches; next 1.17; commitid 2wkwTRXiaPgHQ3tF; 1.17 date 2024.10.02.22.09.13; author gutteridge; state Exp; branches; next 1.16; commitid fl9pwhTW4oM5x8sF; 1.16 date 2024.09.18.07.27.42; author wiz; state Exp; branches 1.16.2.1; next 1.15; commitid h4FzLScW3Q7s7gqF; 1.15 date 2024.09.11.05.33.18; author gutteridge; state Exp; branches; next 1.14; commitid lPEUzvMQsvD5IlpF; 1.14 date 2024.08.16.15.15.36; author ryoon; state Exp; branches; next 1.13; commitid vJEPOhCTB8zJL3mF; 1.13 date 2024.08.08.03.54.49; author gutteridge; state Exp; branches; next 1.12; commitid B3nQJdQCGXC2gYkF; 1.12 date 2024.08.01.15.21.25; author ryoon; state Exp; branches; next 1.11; commitid dyFRqDMEBePCh8kF; 1.11 date 2024.07.09.22.18.47; author gutteridge; state Exp; branches; next 1.10; commitid hd8qndX15mYykdhF; 1.10 date 2024.06.12.13.40.46; author gutteridge; state Exp; branches 1.10.2.1; next 1.9; commitid WHpuWDxHkRFFkHdF; 1.9 date 2024.05.14.17.57.00; author gutteridge; state Exp; branches; next 1.8; commitid kG7hdAvm1UWpGZ9F; 1.8 date 2024.05.10.09.14.08; author jperkin; state Exp; branches; next 1.7; commitid jHFAdTDQWnjZUq9F; 1.7 date 2024.04.17.13.42.45; author gutteridge; state Exp; branches; next 1.6; commitid 178taocDuTbU8v6F; 1.6 date 2024.03.25.00.35.50; author gutteridge; state Exp; branches 1.6.2.1; next 1.5; commitid dYl5FZ9LRuyIwt3F; 1.5 date 2024.01.31.16.18.33; author ryoon; state Exp; branches; next 1.4; commitid IPSdnD8nNk0VtCWE; 1.4 date 2024.01.10.15.38.44; author ryoon; state Exp; branches; next 1.3; commitid Aicn2gaVnLK6WUTE; 1.3 date 2023.11.23.12.47.01; author ryoon; state Exp; branches 1.3.2.1; next 1.2; commitid 4X4hgrETnzXRwJNE; 1.2 date 2023.10.15.07.47.59; author ryoon; state Exp; branches; next 1.1; commitid 5YT8Vgi3kop08HIE; 1.1 date 2023.09.11.12.33.25; author ryoon; state Exp; branches; next ; commitid rMNXbfzQzGMHNlEE; 1.23.2.1 date 2025.04.09.20.18.59; author bsiegert; state Exp; branches; next 1.23.2.2; commitid yaNwOFemFg5wRpQF; 1.23.2.2 date 2025.05.02.20.13.55; author maya; state Exp; branches; next ; commitid ZWUVqVOgcSqW5nTF; 1.20.2.1 date 2025.01.09.12.07.14; author maya; state Exp; branches; next 1.20.2.2; commitid I24fG1EP2u5b2OEF; 1.20.2.2 date 2025.02.09.14.01.44; author maya; state Exp; branches; next 1.20.2.3; commitid EVYFUrQULTSFFNIF; 1.20.2.3 date 2025.03.13.17.02.06; author bsiegert; state Exp; branches; next ; commitid wEPpQZTxaNgMDVMF; 1.16.2.1 date 2024.10.04.17.47.38; author bsiegert; state Exp; branches; next 1.16.2.2; commitid WAHTPj2bX3qg2nsF; 1.16.2.2 date 2024.10.11.17.29.22; author bsiegert; state Exp; branches; next 1.16.2.3; commitid 8JRTnm0hLk73IgtF; 1.16.2.3 date 2024.11.27.14.34.47; author maya; state Exp; branches; next ; commitid Z02u1RgegAsueizF; 1.10.2.1 date 2024.07.12.18.58.04; author bsiegert; state Exp; branches; next 1.10.2.2; commitid RSf4vaf6vOCP7AhF; 1.10.2.2 date 2024.07.25.06.15.40; author ryoon; state Exp; branches; next 1.10.2.3; commitid t8sbJHmTDyZfubjF; 1.10.2.3 date 2024.07.26.22.56.34; author gutteridge; state Exp; branches; next 1.10.2.4; commitid JUCStU9rE6tpZojF; 1.10.2.4 date 2024.08.09.19.03.52; author bsiegert; state Exp; branches; next 1.10.2.5; commitid jTMlxJdqG7f1gblF; 1.10.2.5 date 2024.09.25.18.04.08; author bsiegert; state Exp; branches; next ; commitid gyMIQQJ3i6uRpdrF; 1.6.2.1 date 2024.04.22.18.29.02; author bsiegert; state Exp; branches; next 1.6.2.2; commitid 2whKWgE1wHjiza7F; 1.6.2.2 date 2024.05.17.13.01.22; author bsiegert; state Exp; branches; next 1.6.2.3; commitid 1UwjoHvlZpQ3XlaF; 1.6.2.3 date 2024.06.23.18.22.54; author bsiegert; state Exp; branches; next ; commitid XG90WXeGQRhDx8fF; 1.3.2.1 date 2024.03.31.15.14.40; author bsiegert; state Exp; branches; next ; commitid 4zYq3SIHTsCsck4F; desc @@ 1.27 log @firefox115: remove package As proposed on pkgsrc-users. No objections or known users that can't move to a newer ESR (this version having just gone EOL). @ text @$NetBSD: distinfo,v 1.26 2025/05/24 05:09:12 gutteridge Exp $ BLAKE2s (firefox-115.23.0esr.source.tar.xz) = 0303bb54fbfed23fe6ca291067c0ed61366ed6733d7b7679c763604d3b573efa SHA512 (firefox-115.23.0esr.source.tar.xz) = 5a169330481b795c9fc2ed7a66147d5058fe78484deb373c65c57bed994505cb2900530fc60e47cd76ace22c940e33a36f65543dee3f135b09f60b5384a29362 Size (firefox-115.23.0esr.source.tar.xz) = 519850976 bytes BLAKE2s (nodejs-output-115.0.tgz) = 95d25628b865aa71e85c63001f4054d03ff58b273ca05784a021fa176b2b1425 SHA512 (nodejs-output-115.0.tgz) = 345108033cfbff90e3244bb5591b307e1fcf56c7290b5112e949d400bdadf08c1e4a6d109b5f7264ac417c2cc4e76371cc14678417f6cb017649cc883bdbb4d4 Size (nodejs-output-115.0.tgz) = 221458 bytes SHA1 (patch-browser_app_profile_firefox.js) = 3b01cf7e37ea39bdd358fb14de5ce382b945ae39 SHA1 (patch-build_moz.configure_init.configure) = 65deb3c233df0aab81eb1fca05d708e5a4ed169a SHA1 (patch-build_moz.configure_rust.configure) = 25ddfacd29cebbc6db005dbe61a2a7446d480678 SHA1 (patch-config_gcc-stl-wrapper.template.h) = 9d1f15ff487efa9202114d19ed5668b4e7aa032a SHA1 (patch-config_makefiles_rust.mk) = 7c3649060aec923a18196e9b1accb590660be710 SHA1 (patch-dom_base_nsAttrName.h) = ac7ba441a3b27df2855cf2673eea36b1cb44ad49 SHA1 (patch-dom_webtransport_api_WebTransportDatagramDuplexStream.cpp) = b93b4c6367bd2fb3d1868ab7d97ca56c100be414 SHA1 (patch-gfx_angle_checkout_src_common_third__party_smhasher_src_PMurHash.cpp) = e458c9c8dc66edc69c1874734af28a77fc5e3993 SHA1 (patch-gfx_angle_checkout_src_compiler_translator_InfoSink.h) = b2adce9e65662283a11b6dcff40e95523e940045 SHA1 (patch-gfx_skia_skia_src_core_SkCpu.cpp) = 36218819254f3681b9c717d652ea78c9f20d49ad SHA1 (patch-gfx_skia_skia_src_core_SkVM.cpp) = 11d8084e933f68496fc4d2f57d1eb1065483bf9c SHA1 (patch-gfx_wr_swgl_build.rs) = df6ebfaabb4d27994e59a9d0eaf12c7cf08415fb SHA1 (patch-intl_lwbrk_LineBreaker.cpp) = e2eaf7d66f1255ba5baf7f7edadbb1fa8cb39b13 SHA1 (patch-ipc_chromium_src_base_message__pump__libevent.cc) = 298642a3527804115b398fb7904a3596962932e3 SHA1 (patch-ipc_chromium_src_base_platform__thread__posix.cc) = 35d20981d33ccdb1d8ffb8039e48798777f11658 SHA1 (patch-ipc_glue_GeckoChildProcessHost.cpp) = 6cdd0fe60455eab8f9846257c2bfea207f19478b SHA1 (patch-js_public_Utility.h) = bb5464a0398b91693ab362e6b9b06d48429b9e7d SHA1 (patch-js_src_jit_FlushICache.cpp) = b7536050d06e87612fbedc7ce269b5f120eb0ce9 SHA1 (patch-js_src_jit_ProcessExecutableMemory.cpp) = 1e25924a29e3700b0e0e5d143f1db35029b431fb SHA1 (patch-js_src_util_NativeStack.cpp) = a0a16d8d8d78d3cc3f4d2a508586f1a7821f7dba SHA1 (patch-js_src_vm_ArrayBufferObject.cpp) = 374ffc0ce12e1c5babf2e553aba96612b0a30b1e SHA1 (patch-llvm18) = b8695581784be16758526ba5185fbd8a8eecc0ba SHA1 (patch-media_ffvpx_libavutil_arm_bswap.h) = de58daa0fd23d4fec50426602b65c9ea5862558a SHA1 (patch-media_libpng_pngpriv.h) = c8084332560017cd7c9b519b61d125fa28af0dbc SHA1 (patch-media_libtheora_lib_info.c) = f6dbf536d73859a1ff78304c2e9f6a6f74dac01f SHA1 (patch-modules_fdlibm_src_math__private.h) = e20b6c23011d7123cbbd64a500eb8ce8c426620e SHA1 (patch-nsprpub_pr_src_pthreads_ptsynch.c) = b0d1f6a6e0eb852b0fd0238ad3f8ed3166c60a50 SHA1 (patch-rust-1.78.0) = 6bf983ae1827531ad955693b9d185b663cd06ee2 SHA1 (patch-security_nss_lib_freebl_mpi_mpi.c) = a7cd867916524770609d1c307a65b315b88456f4 SHA1 (patch-servo_components_style__traits_values.rs) = 335365fd58a71a8e60d93ec0efcb11eeb94d6d09 SHA1 (patch-servo_ports_geckolib_cbindgen.toml) = 71b4d2432176fbc5b21dc3c70fec7f9a92fb69e1 SHA1 (patch-third__party_js_cfworker_build.sh) = 46cdf97b99cf01080f290ae8d9a33b5f869fc3e4 SHA1 (patch-third__party_libwebrtc_modules_desktop__capture_linux_wayland_egl__dmabuf.cc) = 455be625b5de2f6f1f4b2dbb6c8cb33ca16c2583 SHA1 (patch-third__party_libwebrtc_modules_video__capture_linux_device__info__v4l2.cc) = 8848fb05c1e8b45234f74db71602a8a84c0404a4 SHA1 (patch-third__party_libwebrtc_modules_video__capture_linux_video__capture__v4l2.cc) = 8111952a107eb2cd665525ddd0e27c79eee3c1cd SHA1 (patch-third__party_libwebrtc_system__wrappers_source_cpu__features__linux.cc) = b90e22b50879f7adcc1da3a993f52c0701b720f8 SHA1 (patch-third__party_sqlite3_src_moz.build) = b26856a4b87aa12211575d9982f62dc899474b52 SHA1 (patch-third__party_wasm2c_src_prebuilt_wasm2c__source__includes.cc) = 99d0db944f0c2d0c623460991efd423d9127c988 SHA1 (patch-third__party_wasm2c_wasm2c_wasm-rt-impl.c) = cd5fd67f53d7a448cc9075a3756e2a03d4f43e4b SHA1 (patch-toolkit_components_terminator_nsTerminator.cpp) = e905e38ef1b88d764c695c019f15609350c1c43b SHA1 (patch-toolkit_modules_subprocess_subprocess__shared__unix.js) = 2303b753066298305ccae80d72765dbc4da5e0dc SHA1 (patch-toolkit_moz.configure) = c183f8b1566ffed0df17bf856f693b3a288affeb SHA1 (patch-toolkit_mozapps_installer_packager.mk) = 706635b76a7b525794aba95e95544f09e18bb662 SHA1 (patch-toolkit_xre_glxtest.cpp) = adcd5b05fcbd7b41c01a2aa66f3e8f05ed230444 SHA1 (patch-widget_gtk_DMABufSurface.cpp) = 7d1d2d7770e563c7b912e24444254ae2791710ea SHA1 (patch-xpcom_base_nscore.h) = 1ac4d34d3c9e80bc1ac966c6c84cb320bc0fa1ec SHA1 (patch-xpcom_reflect_xptcall_md_unix_moz.build) = 81d43a046fcef6bf6717d52485686ba8e8738254 @ 1.26 log @firefox115: add information to two patches (NFC) Provide the standard heading format and note exactly where they were sourced from. (The original commit also didn't detail the full gamut of what's changed and why.) @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.25 2025/04/30 02:41:35 gutteridge Exp $ @ 1.25 log @firefox115: update to 115.23 Mozilla Foundation Security Advisory 2025-30 Security Vulnerabilities fixed in Firefox ESR 115.23 Announced April 29, 2025 Impact high Products Firefox ESR Fixed in Firefox ESR 115.23 #CVE-2025-2817: Privilege escalation in Firefox Updater Reporter Dong-uk Kim (@@justlikebono) Impact high Description Mozilla Firefox's update mechanism allowed a medium-integrity user process to interfere with the SYSTEM-level updater by manipulating the file-locking behavior. By injecting code into the user-privileged process, an attacker could bypass intended access controls, allowing SYSTEM-level file operations on paths controlled by a non-privileged user and enabling privilege escalation. References Bug 1917536 #CVE-2025-4082: WebGL shader attribute memory corruption in Firefox for macOS Reporter un3xploitable & GF Impact high Description Modification of specific WebGL shader attributes could trigger an out-of-bounds read, which, when chained with other vulnerabilities, could be used to escalate privileges. This bug only affects Firefox for macOS. Other versions of Firefox are unaffected. References Bug 1937097 #CVE-2025-4083: Process isolation bypass using "javascript:" URI links in cross-origin frames Reporter Nika Layzell Impact high Description A process isolation vulnerability in Firefox stemmed from improper handling of javascript: URIs, which could allow content to execute in the top-level document's process instead of the intended frame, potentially enabling a sandbox escape. References Bug 1958350 #CVE-2025-4084: Potential local code execution in "copy as cURL" command Reporter Ameen Basha M K Impact moderate Description Due to insufficient escaping of the ampersand character in the "copy as cURL" feature, an attacker could trick a user into using this command, potentially leading to local code execution on the user's system. This bug only affects Firefox for Windows. Other versions of Firefox are unaffected. References Bug 1949994, 1960198 @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.24 2025/04/04 00:21:26 gutteridge Exp $ d30 1 a30 1 SHA1 (patch-llvm18) = d349d2f2311b95d42e92476b232b79bdd49cece4 d36 1 a36 1 SHA1 (patch-rust-1.78.0) = aa83482a831ab2ee8b38f57c1b7873719e5f8b5b @ 1.24 log @firefox115: update to 115.22.0 Security Vulnerabilities fixed in Firefox ESR 115.22 Announced April 1, 2025 Impact high Products Firefox ESR Fixed in Firefox ESR 115.22 #CVE-2025-3028: Use-after-free triggered by XSLTProcessor Reporter Ivan Fratric of Google Project Zero Impact high Description JavaScript code running while transforming a document with the XSLTProcessor could lead to a use-after-free. References Bug 1941002 @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.23 2025/03/12 03:49:23 gutteridge Exp $ d3 3 a5 3 BLAKE2s (firefox-115.22.0esr.source.tar.xz) = 5970be8e111e1e3aa3daed9f3d6edd2c7d763ce86c4fa27bc01c79c857638acf SHA512 (firefox-115.22.0esr.source.tar.xz) = 339c65a062e1d7db7de12deb12c515d048443d00216bff251c08cbb47bec211d9597611c8c0213499f977a44e28b5c7cf5db9b17ac2f92865e42c4a25c32f4a8 Size (firefox-115.22.0esr.source.tar.xz) = 506552492 bytes @ 1.23 log @firefox115: update to 115.21.0 Mozilla Foundation Security Advisory 2025-15 Security Vulnerabilities fixed in Firefox ESR 115.21 Announced March 4, 2025 Impact critical Products Firefox ESR Fixed in Firefox ESR 115.21 #CVE-2024-43097: Overflow when growing an SkRegion's RunArray Reporter Google Android Impact critical Description In resizeToAtLeast of SkRegion.cpp, there was a possible out of bounds write due to an integer overflow References Bug 1945624 #CVE-2025-1930: AudioIPC StreamData could trigger a use-after-free in the Browser process Reporter dalmurino Impact high Description On Windows, a compromised content process could use bad StreamData sent over AudioIPC to trigger a use-after-free in the Browser process. This could have led to a sandbox escape. References Bug 1902309 #CVE-2025-1931: Use-after-free in WebTransportChild Reporter sherkito Impact high Description It was possible to cause a use-after-free in the content process side of a WebTransport connection, leading to a potentially exploitable crash. References Bug 1944126 #CVE-2025-1933: JIT corruption of WASM i32 return values on 64-bit CPUs Reporter Xiangwei Zhang and kkdong of Tencent Security YUNDING LAB Impact high Description On 64-bit CPUs, when the JIT compiles WASM i32 return values they can pick up bits from left over memory. This can potentially cause them to be treated as a different type. References Bug 1946004 #CVE-2025-1937: Memory safety bugs fixed in Firefox 136, Thunderbird 136, Firefox ESR 115.21, Firefox ESR 128.8, and Thunderbird 128.8 Reporter the Mozilla Fuzzing Team, Andrew McCreight Impact high Description Memory safety bugs present in Firefox 135, Thunderbird 135, Firefox ESR 115.20, Firefox ESR 128.7, and Thunderbird 128.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. References Memory safety bugs fixed in Firefox 136, Thunderbird 136, Firefox ESR 115.21, Firefox ESR 128.8, and Thunderbird 128.8 @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.22 2025/02/04 20:29:06 bsiegert Exp $ d3 3 a5 3 BLAKE2s (firefox-115.21.0esr.source.tar.xz) = a578c8a7857c4b942584eb06fe84284d4a6de6ef7cca3195053aadd0dc26a70b SHA512 (firefox-115.21.0esr.source.tar.xz) = dabdcbe44f38d8405edbb62e193407cde18f7f4740fd4f3187b3c876729bbc6873792c37108713ad2707293d88c5e3c49e4311e7591528404a884412d26f671a Size (firefox-115.21.0esr.source.tar.xz) = 509630248 bytes @ 1.23.2.1 log @Pullup ticket #6955 - requested by gutteridge www/firefox115: security fix www/firefox115-l10n: dependent update Revisions pulled up: - www/firefox115-l10n/Makefile 1.19 - www/firefox115-l10n/distinfo 1.19 - www/firefox115/Makefile 1.44 - www/firefox115/distinfo 1.24 --- Module Name: pkgsrc Committed By: gutteridge Date: Fri Apr 4 00:21:26 UTC 2025 Modified Files: pkgsrc/www/firefox115: Makefile distinfo Log Message: firefox115: update to 115.22.0 Security Vulnerabilities fixed in Firefox ESR 115.22 Announced April 1, 2025 Impact high Products Firefox ESR Fixed in Firefox ESR 115.22 #CVE-2025-3028: Use-after-free triggered by XSLTProcessor Reporter Ivan Fratric of Google Project Zero Impact high Description JavaScript code running while transforming a document with the XSLTProcessor could lead to a use-after-free. References Bug 1941002 --- Module Name: pkgsrc Committed By: gutteridge Date: Fri Apr 4 00:25:41 UTC 2025 Modified Files: pkgsrc/www/firefox115-l10n: Makefile distinfo Log Message: firefox115-l10n: update to 115.22.0 @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.23 2025/03/12 03:49:23 gutteridge Exp $ d3 3 a5 3 BLAKE2s (firefox-115.22.0esr.source.tar.xz) = 5970be8e111e1e3aa3daed9f3d6edd2c7d763ce86c4fa27bc01c79c857638acf SHA512 (firefox-115.22.0esr.source.tar.xz) = 339c65a062e1d7db7de12deb12c515d048443d00216bff251c08cbb47bec211d9597611c8c0213499f977a44e28b5c7cf5db9b17ac2f92865e42c4a25c32f4a8 Size (firefox-115.22.0esr.source.tar.xz) = 506552492 bytes @ 1.23.2.2 log @Pullup ticket #6962 - requested by gutteridge www/firefox115: Security fix www/firefox115-l10n: Security fix Revisions pulled up: - www/firefox115-l10n/Makefile 1.20 - www/firefox115-l10n/distinfo 1.20 - www/firefox115/Makefile 1.48 - www/firefox115/distinfo 1.25 --- Module Name: pkgsrc Committed By: gutteridge Date: Wed Apr 30 02:41:35 UTC 2025 Modified Files: pkgsrc/www/firefox115: Makefile distinfo Log Message: firefox115: update to 115.23 Mozilla Foundation Security Advisory 2025-30 Security Vulnerabilities fixed in Firefox ESR 115.23 Announced April 29, 2025 Impact high Products Firefox ESR Fixed in Firefox ESR 115.23 #CVE-2025-2817: Privilege escalation in Firefox Updater Reporter Dong-uk Kim (@@justlikebono) Impact high Description Mozilla Firefox's update mechanism allowed a medium-integrity user process = to interfere with the SYSTEM-level updater by manipulating the file-locking= behavior. By injecting code into the=20 user-privileged process, an attacker could bypass intended access controls,= allowing SYSTEM-level file operations on paths controlled by a non-privile= ged user and enabling privilege escalation. References Bug 1917536 #CVE-2025-4082: WebGL shader attribute memory corruption in Firefox for mac= OS Reporter un3xploitable & GF Impact high Description Modification of specific WebGL shader attributes could trigger an out-of-bo= unds read, which, when chained with other vulnerabilities, could be used to= escalate privileges. This bug only affects Firefox for macOS. Other versions of Firefox are unaf= fected. References Bug 1937097 #CVE-2025-4083: Process isolation bypass using "javascript:" URI links in c= ross-origin frames Reporter Nika Layzell Impact high Description A process isolation vulnerability in Firefox stemmed from improper handling= of javascript: URIs, which could allow content to execute in the top-level= document's process instead of the intended=20 frame, potentially enabling a sandbox escape. References Bug 1958350 #CVE-2025-4084: Potential local code execution in "copy as cURL" command Reporter Ameen Basha M K Impact moderate Description Due to insufficient escaping of the ampersand character in the "copy as cUR= L" feature, an attacker could trick a user into using this command, potenti= ally leading to local code execution on the=20 user's system. This bug only affects Firefox for Windows. Other versions of Firefox are un= affected. References Bug 1949994, 1960198 --- Module Name: pkgsrc Committed By: gutteridge Date: Wed Apr 30 02:42:15 UTC 2025 Modified Files: pkgsrc/www/firefox115-l10n: Makefile distinfo Log Message: firefox115-l10n: update to 115.23 @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.23.2.1 2025/04/09 20:18:59 bsiegert Exp $ d3 3 a5 3 BLAKE2s (firefox-115.23.0esr.source.tar.xz) = 0303bb54fbfed23fe6ca291067c0ed61366ed6733d7b7679c763604d3b573efa SHA512 (firefox-115.23.0esr.source.tar.xz) = 5a169330481b795c9fc2ed7a66147d5058fe78484deb373c65c57bed994505cb2900530fc60e47cd76ace22c940e33a36f65543dee3f135b09f60b5384a29362 Size (firefox-115.23.0esr.source.tar.xz) = 519850976 bytes @ 1.22 log @firefox115: update to 115.20.0 (security) Security Vulnerabilities fixed in Firefox ESR 115.20 #CVE-2025-1009: Use-after-free in XSLT Impact: high An attacker could have caused a use-after-free via crafted XSLT data, leading to a potentially exploitable crash. #CVE-2025-1010: Use-after-free in Custom Highlight Impact: high An attacker could have caused a use-after-free via the Custom Highlight API, leading to a potentially exploitable crash. #CVE-2025-1012: Use-after-free during concurrent delazification Impact: moderate A race during concurrent delazification could have led to a use-after-free. #CVE-2025-1016: Memory safety bugs fixed in Firefox 135, Thunderbird 135, Firefox ESR 115.20, Firefox ESR 128.7, Thunderbird 115.20, and Thunderbird 128.7 Impact: high Memory safety bugs present in Firefox 134, Thunderbird 134, Firefox ESR 115.19, Firefox ESR 128.6, Thunderbird 115.19, and Thunderbird 128.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.21 2025/01/07 17:17:34 bsiegert Exp $ d3 3 a5 3 BLAKE2s (firefox-115.20.0esr.source.tar.xz) = b9b23c7a70abe385770786f1cbd93125e3b6260256c0cf0cca0ea33b5051cd25 SHA512 (firefox-115.20.0esr.source.tar.xz) = 19b62cc3036dbb0d2041edf2da8bb739dc06f4a015ff345c9fdfd6d36bf9cee0f3d7d6086ff1ec2b6d4c1bd21a77bd259ddcbe5e706158582b7fb1bba8c8d66e Size (firefox-115.20.0esr.source.tar.xz) = 504902096 bytes @ 1.21 log @firefox115, firefox115-l10n: update to 115.19.0 Security Vulnerabilities fixed in Firefox ESR 115.19 #CVE-2025-0238: Use-after-free when breaking lines in text Impact: moderate Assuming a controlled failed memory allocation, an attacker could have caused a use-after-free, leading to a potentially exploitable crash. #CVE-2025-0242: Memory safety bugs fixed in Firefox 134, Thunderbird 134, Firefox ESR 115.19, Firefox ESR 128.6, Thunderbird 115.19, and Thunderbird 128.6 Impact: high Memory safety bugs present in Firefox 133, Thunderbird 133, Firefox ESR 115.18, Firefox ESR 128.5, Thunderbird 115.18, and Thunderbird 128.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.20 2024/11/26 19:11:54 bsiegert Exp $ d3 3 a5 3 BLAKE2s (firefox-115.19.0esr.source.tar.xz) = fe54fd8e6dbfb993acb2a74ca75cf9d925daeef27550383414f1e37d5613ca56 SHA512 (firefox-115.19.0esr.source.tar.xz) = ec9db52933e49e32903d054aa1bff6ae79eecf99ac1dc72755a43668018c147bbb70c230674f8cb82622132f04557e35103553b3563c8cc00a9d203990100390 Size (firefox-115.19.0esr.source.tar.xz) = 505810580 bytes @ 1.20 log @firefox115: update to 115.18.0 Security Vulnerabilities fixed in Firefox ESR 115.18 #CVE-2024-11691: Out-of-bounds write in Apple GPU drivers via WebGL Impact: high Certain WebGL operations on Apple silicon M series devices could have lead to an out-of-bounds write and memory corruption due to a flaw in Apple's GPU driver. This bug only affected the application on Apple M series hardware. Other platforms were unaffected. #CVE-2024-11694: CSP Bypass and XSS Exposure via Web Compatibility Shims Impact: moderate Enhanced Tracking Protection's Strict mode may have inadvertently allowed a CSP frame-src bypass and DOM-based XSS through the Google SafeFrame shim in the Web Compatibility extension. This issue could have exposed users to malicious frames masquerading as legitimate content. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.19 2024/11/08 02:15:10 gutteridge Exp $ d3 3 a5 3 BLAKE2s (firefox-115.18.0esr.source.tar.xz) = 0e99ddebd96b2dc7168062dbaf9f9d33422a9a17aa287ba8b5727a407e41c651 SHA512 (firefox-115.18.0esr.source.tar.xz) = 620ea4ec0385cf372ef2398ac14225f0b7d60466ac4cc85e7cb074d85aa8b4d1bd74e95d482395a672d61d379bee4443e38937795f44dfedf986a4f8bca26e96 Size (firefox-115.18.0esr.source.tar.xz) = 509818360 bytes @ 1.20.2.1 log @Pullup ticket #6926 - requested by bsiegert www/firefox115: security fix www/firefox115-l10n: security fix Revisions pulled up: - www/firefox115-l10n/Makefile 1.16 - www/firefox115-l10n/distinfo 1.16 - www/firefox115/Makefile 1.40 - www/firefox115/distinfo 1.21 --- Module Name: pkgsrc Committed By: bsiegert Date: Tue Jan 7 17:17:34 UTC 2025 Modified Files: pkgsrc/www/firefox115: Makefile distinfo pkgsrc/www/firefox115-l10n: Makefile distinfo Log Message: firefox115, firefox115-l10n: update to 115.19.0 Security Vulnerabilities fixed in Firefox ESR 115.19 #CVE-2025-0238: Use-after-free when breaking lines in text Impact: moderate Assuming a controlled failed memory allocation, an attacker could have caused a use-after-free, leading to a potentially exploitable crash. #CVE-2025-0242: Memory safety bugs fixed in Firefox 134, Thunderbird 134, Firefox ESR 115.19, Firefox ESR 128.6, Thunderbird 115.19, and Thunderbird 128.6 Impact: high Memory safety bugs present in Firefox 133, Thunderbird 133, Firefox ESR 115= .18, Firefox ESR 128.5, Thunderbird 115.18, and Thunderbird 128.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.20 2024/11/26 19:11:54 bsiegert Exp $ d3 3 a5 3 BLAKE2s (firefox-115.19.0esr.source.tar.xz) = fe54fd8e6dbfb993acb2a74ca75cf9d925daeef27550383414f1e37d5613ca56 SHA512 (firefox-115.19.0esr.source.tar.xz) = ec9db52933e49e32903d054aa1bff6ae79eecf99ac1dc72755a43668018c147bbb70c230674f8cb82622132f04557e35103553b3563c8cc00a9d203990100390 Size (firefox-115.19.0esr.source.tar.xz) = 505810580 bytes @ 1.20.2.2 log @Pullup ticket #6941 - requested by bsiegert www/firefox115-l10n: Security fix www/firefox115: Security fix Revisions pulled up: - www/firefox115-l10n/Makefile 1.17 - www/firefox115-l10n/distinfo 1.17 - www/firefox115/Makefile 1.41 - www/firefox115/distinfo 1.22 --- Module Name: pkgsrc Committed By: bsiegert Date: Tue Feb 4 20:29:06 UTC 2025 Modified Files: pkgsrc/www/firefox115: Makefile distinfo pkgsrc/www/firefox115-l10n: Makefile distinfo Log Message: firefox115: update to 115.20.0 (security) Security Vulnerabilities fixed in Firefox ESR 115.20 #CVE-2025-1009: Use-after-free in XSLT Impact: high An attacker could have caused a use-after-free via crafted XSLT data, leadi= ng to a potentially exploitable crash. #CVE-2025-1010: Use-after-free in Custom Highlight Impact: high An attacker could have caused a use-after-free via the Custom Highlight API= , leading to a potentially exploitable crash. #CVE-2025-1012: Use-after-free during concurrent delazification Impact: moderate A race during concurrent delazification could have led to a use-after-free. #CVE-2025-1016: Memory safety bugs fixed in Firefox 135, Thunderbird 135, Firefox ESR 115.20, Firefox ESR 128.7, Thunderbird 115.20, and Thunderbird 128.7 Impact: high Memory safety bugs present in Firefox 134, Thunderbird 134, Firefox ESR 115= .19, Firefox ESR 128.6, Thunderbird 115.19, and Thunderbird 128.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.20.2.1 2025/01/09 12:07:14 maya Exp $ d3 3 a5 3 BLAKE2s (firefox-115.20.0esr.source.tar.xz) = b9b23c7a70abe385770786f1cbd93125e3b6260256c0cf0cca0ea33b5051cd25 SHA512 (firefox-115.20.0esr.source.tar.xz) = 19b62cc3036dbb0d2041edf2da8bb739dc06f4a015ff345c9fdfd6d36bf9cee0f3d7d6086ff1ec2b6d4c1bd21a77bd259ddcbe5e706158582b7fb1bba8c8d66e Size (firefox-115.20.0esr.source.tar.xz) = 504902096 bytes @ 1.20.2.3 log @Pullup ticket #6949 - requested by gutteridge www/firefox115: security fix www/firefox115-l10n: dependent update Revisions pulled up: - www/firefox115-l10n/Makefile 1.18 - www/firefox115-l10n/distinfo 1.18 - www/firefox115/Makefile 1.43 - www/firefox115/distinfo 1.23 --- Module Name: pkgsrc Committed By: gutteridge Date: Wed Mar 12 03:49:24 UTC 2025 Modified Files: pkgsrc/www/firefox115: Makefile distinfo Log Message: firefox115: update to 115.21.0 Mozilla Foundation Security Advisory 2025-15 Security Vulnerabilities fixed in Firefox ESR 115.21 Announced March 4, 2025 Impact critical Products Firefox ESR Fixed in Firefox ESR 115.21 #CVE-2024-43097: Overflow when growing an SkRegion's RunArray Reporter Google Android Impact critical Description In resizeToAtLeast of SkRegion.cpp, there was a possible out of bounds write due to an integer overflow References Bug 1945624 #CVE-2025-1930: AudioIPC StreamData could trigger a use-after-free in the Browser process Reporter dalmurino Impact high Description On Windows, a compromised content process could use bad StreamData sent over AudioIPC to trigger a use-after-free in the Browser process. This could have led to a sandbox escape. References Bug 1902309 #CVE-2025-1931: Use-after-free in WebTransportChild Reporter sherkito Impact high Description It was possible to cause a use-after-free in the content process side of a WebTransport connection, leading to a potentially exploitable crash. References Bug 1944126 #CVE-2025-1933: JIT corruption of WASM i32 return values on 64-bit CPUs Reporter Xiangwei Zhang and kkdong of Tencent Security YUNDING LAB Impact high Description On 64-bit CPUs, when the JIT compiles WASM i32 return values they can pick up bits from left over memory. This can potentially cause them to be treated as a different type. References Bug 1946004 #CVE-2025-1937: Memory safety bugs fixed in Firefox 136, Thunderbird 136, Firefox ESR 115.21, Firefox ESR 128.8, and Thunderbird 128.8 Reporter the Mozilla Fuzzing Team, Andrew McCreight Impact high Description Memory safety bugs present in Firefox 135, Thunderbird 135, Firefox ESR 115.20, Firefox ESR 128.7, and Thunderbird 128.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. References Memory safety bugs fixed in Firefox 136, Thunderbird 136, Firefox ESR 115.21, Firefox ESR 128.8, and Thunderbird 128.8 --- Module Name: pkgsrc Committed By: gutteridge Date: Wed Mar 12 03:50:23 UTC 2025 Modified Files: pkgsrc/www/firefox115-l10n: Makefile distinfo Log Message: firefox115-l10n: update to 115.21.0 @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.20.2.2 2025/02/09 14:01:44 maya Exp $ d3 3 a5 3 BLAKE2s (firefox-115.21.0esr.source.tar.xz) = a578c8a7857c4b942584eb06fe84284d4a6de6ef7cca3195053aadd0dc26a70b SHA512 (firefox-115.21.0esr.source.tar.xz) = dabdcbe44f38d8405edbb62e193407cde18f7f4740fd4f3187b3c876729bbc6873792c37108713ad2707293d88c5e3c49e4311e7591528404a884412d26f671a Size (firefox-115.21.0esr.source.tar.xz) = 509630248 bytes @ 1.19 log @firefox115: update to 115.17.0 Mozilla Foundation Security Advisory 2024-57 Security Vulnerabilities fixed in Firefox ESR 115.17 CVE-2024-10458: Permission leak via embed or object elements CVE-2024-10459: Use-after-free in layout with accessibility CVE-2024-10463: Cross origin video frame leak @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.18 2024/10/10 02:45:22 gutteridge Exp $ d3 3 a5 3 BLAKE2s (firefox-115.17.0esr.source.tar.xz) = b011a4dcfcc2cd2e12857fe492ce29123eef1f1ac796e0e5185f7db44b917e86 SHA512 (firefox-115.17.0esr.source.tar.xz) = b6edbc8593ecee339c5c5e2384077e78d6c551a420f8577725c3f03608ba729a2c352a77dad6b75ec838095d91bd3b73db79cc64cf1c00e0d60d367f4e1497a2 Size (firefox-115.17.0esr.source.tar.xz) = 505387352 bytes @ 1.18 log @firefox115: update to 115.16.1 * Fixes for mfsa2024-51, also known as CVE-2024-9680. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.17 2024/10/02 22:09:13 gutteridge Exp $ d3 3 a5 3 BLAKE2s (firefox-115.16.1esr.source.tar.xz) = 98244c05ad5eeb1b4feeeb23e3a3bbf1346fb68e40166e7f4cad4820b98fa84f SHA512 (firefox-115.16.1esr.source.tar.xz) = eca42b3494fdab73e67d5c8e8b76520729adb75b5cad85172953dba56b225b0f05dcfea70fe8cc3e1bf1cd3d7103159cc20095d5480bb1b0e6d3ec90588988a8 Size (firefox-115.16.1esr.source.tar.xz) = 514949380 bytes @ 1.17 log @firefox115: update to 115.16.0 * Fixes for mfsa2024-48, also known as: CVE-2024-9392, CVE-2024-9393, CVE-2024-9394, CVE-2024-9401 Please note, per Mozilla, "Firefox ESR 115 is now supported only on Windows 7-8.1 and macOS 10.12-10.14. Users on other operating systems should use Firefox ESR 128 instead." This update has been run tested on NetBSD 9.4 amd64 and found functional, but pkgsrc users should bear this in mind. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.16 2024/09/18 07:27:42 wiz Exp $ d3 3 a5 3 BLAKE2s (firefox-115.16.0esr.source.tar.xz) = c89a1fdf405dc3210bb74a6b429acc3586caea2d5cf8b605633b374c1a3ebf68 SHA512 (firefox-115.16.0esr.source.tar.xz) = b6f93ec3d6acac5df177253c65b833c017e65ed6e78e96ff029098443928d291f6f67164aedb83d80aa28ee9dee305086597798238d3330e35183030e53e3550 Size (firefox-115.16.0esr.source.tar.xz) = 515133700 bytes @ 1.16 log @firefox115: fix build with latest cbindgen @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.15 2024/09/11 05:33:18 gutteridge Exp $ d3 3 a5 3 BLAKE2s (firefox-115.15.0esr.source.tar.xz) = 64673bf84111036a5d7efda8fa152356fc71ea195cb14d4b90d7c7f0431fe16b SHA512 (firefox-115.15.0esr.source.tar.xz) = 0df4c498c99cce08903004d2e0f9e977a19f7de86240aa82dba179b60f1d67ca3021eb474f56bddc38035e773eeb5d99bb3e1b0756d9f7583dc8e1f747f477ba Size (firefox-115.15.0esr.source.tar.xz) = 507920832 bytes @ 1.16.2.1 log @Pullup ticket #6900 - requested by gutteridge www/firefox115: security fix www/firefox115-l10n: dependent update Revisions pulled up: - www/firefox115-l10n/Makefile 1.13 - www/firefox115-l10n/distinfo 1.13 - www/firefox115/Makefile 1.30 - www/firefox115/distinfo 1.17 --- Module Name: pkgsrc Committed By: gutteridge Date: Wed Oct 2 22:09:13 UTC 2024 Modified Files: pkgsrc/www/firefox115: Makefile distinfo Log Message: firefox115: update to 115.16.0 * Fixes for mfsa2024-48, also known as: CVE-2024-9392, CVE-2024-9393, CVE-2024-9394, CVE-2024-9401 Please note, per Mozilla, "Firefox ESR 115 is now supported only on Windows 7-8.1 and macOS 10.12-10.14. Users on other operating systems should use Firefox ESR 128 instead." This update has been run tested on NetBSD 9.4 amd64 and found functional, but pkgsrc users should bear this in mind. --- Module Name: pkgsrc Committed By: gutteridge Date: Wed Oct 2 22:10:38 UTC 2024 Modified Files: pkgsrc/www/firefox115-l10n: Makefile distinfo Log Message: firefox115-l10n: update to 115.16.0 @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.16 2024/09/18 07:27:42 wiz Exp $ d3 3 a5 3 BLAKE2s (firefox-115.16.0esr.source.tar.xz) = c89a1fdf405dc3210bb74a6b429acc3586caea2d5cf8b605633b374c1a3ebf68 SHA512 (firefox-115.16.0esr.source.tar.xz) = b6f93ec3d6acac5df177253c65b833c017e65ed6e78e96ff029098443928d291f6f67164aedb83d80aa28ee9dee305086597798238d3330e35183030e53e3550 Size (firefox-115.16.0esr.source.tar.xz) = 515133700 bytes @ 1.16.2.2 log @Pullup ticket #6906 - requested by gutteridge www/firefox115: security fix Revisions pulled up: - www/firefox115/Makefile 1.31 - www/firefox115/distinfo 1.18 --- Module Name: pkgsrc Committed By: gutteridge Date: Thu Oct 10 02:45:22 UTC 2024 Modified Files: pkgsrc/www/firefox115: Makefile distinfo Log Message: firefox115: update to 115.16.1 * Fixes for mfsa2024-51, also known as CVE-2024-9680. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.16.2.1 2024/10/04 17:47:38 bsiegert Exp $ d3 3 a5 3 BLAKE2s (firefox-115.16.1esr.source.tar.xz) = 98244c05ad5eeb1b4feeeb23e3a3bbf1346fb68e40166e7f4cad4820b98fa84f SHA512 (firefox-115.16.1esr.source.tar.xz) = eca42b3494fdab73e67d5c8e8b76520729adb75b5cad85172953dba56b225b0f05dcfea70fe8cc3e1bf1cd3d7103159cc20095d5480bb1b0e6d3ec90588988a8 Size (firefox-115.16.1esr.source.tar.xz) = 514949380 bytes @ 1.16.2.3 log @Pullup ticket #6919 - requested by bsiegert www/firefox115: Security fix www/firefox115-l10n: Security fix Revisions pulled up: - www/firefox115-l10n/Makefile 1.15 - www/firefox115-l10n/distinfo 1.15 - www/firefox115/Makefile 1.38 - www/firefox115/distinfo 1.20 --- Module Name: pkgsrc Committed By: bsiegert Date: Tue Nov 26 19:11:54 UTC 2024 Modified Files: pkgsrc/www/firefox115: Makefile distinfo Log Message: firefox115: update to 115.18.0 Security Vulnerabilities fixed in Firefox ESR 115.18 #CVE-2024-11691: Out-of-bounds write in Apple GPU drivers via WebGL Impact: high Certain WebGL operations on Apple silicon M series devices could have lead to an out-of-bounds write and memory corruption due to a flaw in Apple's GPU driver. This bug only affected the application on Apple M series hardware. Other platforms were unaffected. #CVE-2024-11694: CSP Bypass and XSS Exposure via Web Compatibility Shims Impact: moderate Enhanced Tracking Protection's Strict mode may have inadvertently allowed a CSP frame-src bypass and DOM-based XSS through the Google SafeFrame shim in the Web Compatibility extension. This issue could have exposed users to malicious frames masquerading as legitimate content. --- Module Name: pkgsrc Committed By: bsiegert Date: Tue Nov 26 19:12:36 UTC 2024 Modified Files: pkgsrc/www/firefox115-l10n: Makefile distinfo Log Message: firefox115-l10n: update to 115.18.0 These are the translations for the firefox115 update. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.16.2.2 2024/10/11 17:29:22 bsiegert Exp $ d3 3 a5 3 BLAKE2s (firefox-115.18.0esr.source.tar.xz) = 0e99ddebd96b2dc7168062dbaf9f9d33422a9a17aa287ba8b5727a407e41c651 SHA512 (firefox-115.18.0esr.source.tar.xz) = 620ea4ec0385cf372ef2398ac14225f0b7d60466ac4cc85e7cb074d85aa8b4d1bd74e95d482395a672d61d379bee4443e38937795f44dfedf986a4f8bca26e96 Size (firefox-115.18.0esr.source.tar.xz) = 509818360 bytes @ 1.15 log @firefox115: update to 115.15.0 * Fixes for mfsa2024-41, also known as: CVE-2024-8381, CVE-2024-8382, CVE-2024-8383, CVE-2024-8384 @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.14 2024/08/16 15:15:36 ryoon Exp $ d38 2 @ 1.14 log @www/firefox115: FIx build with lang/rust-1.79.0 * Use patches from FreeBSD Ports to fix build error with lang/rust-1.79.0. * Tested under NetBSD/amd64 9 and 10, and NetBSD/i386 9 and 10. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.13 2024/08/08 03:54:49 gutteridge Exp $ d3 3 a5 3 BLAKE2s (firefox-115.14.0esr.source.tar.xz) = 34f0f8e821073cf601ea75a4c3a295e62f10be56a9f38be087bfdcd7d84c64e4 SHA512 (firefox-115.14.0esr.source.tar.xz) = dd40c1fd3cf454dbf33a85d38e47bb0e736ed89b829643653e239f43232441f4e9f3c7876f058ff2e6f19daf2b50a8f2d13274e9a107d8a258a6067d1fc43f54 Size (firefox-115.14.0esr.source.tar.xz) = 507310580 bytes @ 1.13 log @firefox115: update to 115.14.0 * Fixes for mfsa2024-34, also known as: CVE-2024-7519, CVE-2024-7521, CVE-2024-7522, CVE-2024-7524, CVE-2024-7525, CVE-2024-7526, CVE-2024-7527, CVE-2024-7529, CVE-2024-7531 @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.11 2024/07/09 22:18:47 gutteridge Exp $ d25 1 a25 1 SHA1 (patch-js_public_Utility.h) = e3916ecc334196950543350dcd28f3b31cc239d0 d30 1 d36 1 @ 1.12 log @www/firefox115: Fix build under NetBSD/i386 10.0 at least * Remove static_assert()s. This is not valid for NetBSD/i386 10 or later. This may be inconsistency between stddef.h and GCC's assumption. * Force Clto=thin to reduce memory usage during build. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.10.2.1 2024/07/12 18:58:04 bsiegert Exp $ d3 3 a5 3 BLAKE2s (firefox-115.13.0esr.source.tar.xz) = f0cc616f13869bdfe9e2b740373bf16f84fd6deaffd2029068ecafc115a9db05 SHA512 (firefox-115.13.0esr.source.tar.xz) = 799cdf2d0494003a5addd0da703f53deb9c9d6bb6f6c95d40026363382803e2d086039c7798940a1f35f4cba111f2e8e21bde8ac2eac29fd9bd6876dd8d3a85f Size (firefox-115.13.0esr.source.tar.xz) = 510571488 bytes @ 1.11 log @firefox115: update to 115.13.0 * Fixes for mfsa2024-30, also known as: CVE-2024-6600, CVE-2024-6601, CVE-2024-6602, CVE-2024-6603, CVE-2024-6604 @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.10 2024/06/12 13:40:46 gutteridge Exp $ d13 1 a13 1 SHA1 (patch-config_makefiles_rust.mk) = 788ab8fed45625bc5552c56a3ab05b5ed7d49a8f d25 1 @ 1.10 log @firefox115: update to 115.12.0 * Fixes for mfsa2024-26, also known as: CVE-2024-5688, CVE-2024-5702, CVE-2024-5690, CVE-2024-5691, CVE-2024-5692, CVE-2024-5693, CVE-2024-5696, CVE-2024-5700 @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.9 2024/05/14 17:57:00 gutteridge Exp $ d3 3 a5 3 BLAKE2s (firefox-115.12.0esr.source.tar.xz) = b9b0f4b18de3fd7dac8f4b4f10ccf204f45ad7d9ad3cc3e035ef453998d3563d SHA512 (firefox-115.12.0esr.source.tar.xz) = d98475061d870e0f3aa920b7c0b9b0c1cbdb3f4102f760f1d1c5ea3e45e216c673c8d3662501e7e78af4950a003a519e94b57e9b1eda8d615c159cdf62130e89 Size (firefox-115.12.0esr.source.tar.xz) = 505219784 bytes @ 1.10.2.1 log @Pullup ticket #6877 - requested by gutteridge www/firefox115: security fix www/firefox115-l10n: dependent update Revisions pulled up: - www/firefox115-l10n/Makefile 1.10 - www/firefox115-l10n/distinfo 1.10 - www/firefox115/Makefile 1.25 - www/firefox115/distinfo 1.11 --- Module Name: pkgsrc Committed By: gutteridge Date: Tue Jul 9 22:18:47 UTC 2024 Modified Files: pkgsrc/www/firefox115: Makefile distinfo Log Message: firefox115: update to 115.13.0 * Fixes for mfsa2024-30, also known as: CVE-2024-6600, CVE-2024-6601, CVE-2024-6602, CVE-2024-6603, CVE-2024-6604 --- Module Name: pkgsrc Committed By: gutteridge Date: Tue Jul 9 22:20:20 UTC 2024 Modified Files: pkgsrc/www/firefox115-l10n: Makefile distinfo Log Message: firefox115-l10n: update to 115.13.0 @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.10 2024/06/12 13:40:46 gutteridge Exp $ d3 3 a5 3 BLAKE2s (firefox-115.13.0esr.source.tar.xz) = f0cc616f13869bdfe9e2b740373bf16f84fd6deaffd2029068ecafc115a9db05 SHA512 (firefox-115.13.0esr.source.tar.xz) = 799cdf2d0494003a5addd0da703f53deb9c9d6bb6f6c95d40026363382803e2d086039c7798940a1f35f4cba111f2e8e21bde8ac2eac29fd9bd6876dd8d3a85f Size (firefox-115.13.0esr.source.tar.xz) = 510571488 bytes @ 1.10.2.2 log @www/firefox115: Fix build under NetBSD/i386 10.0 at least * Remove static_assert()s. This is not valid for NetBSD/i386 10 or later. This may be inconsistency between stddef.h and GCC's assumption. * Force Clto=thin to reduce memory usage during build. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.10.2.1 2024/07/12 18:58:04 bsiegert Exp $ d13 1 a13 1 SHA1 (patch-config_makefiles_rust.mk) = 7c3649060aec923a18196e9b1accb590660be710 a24 1 SHA1 (patch-js_public_Utility.h) = e3916ecc334196950543350dcd28f3b31cc239d0 @ 1.10.2.3 log @firefox115: revert changes mistakenly applied on branch As requested by ryoon@@. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.10.2.2 2024/07/25 06:15:40 ryoon Exp $ d13 1 a13 1 SHA1 (patch-config_makefiles_rust.mk) = 788ab8fed45625bc5552c56a3ab05b5ed7d49a8f d25 1 @ 1.10.2.4 log @Pullup ticket #6889 - requested by gutteridge www/firefox115: security fix www/firefox115-l10n: dependent update Revisions pulled up: - www/firefox115-l10n/Makefile 1.11 - www/firefox115-l10n/distinfo 1.11 - www/firefox115/Makefile 1.27 - www/firefox115/distinfo 1.13 --- Module Name: pkgsrc Committed By: gutteridge Date: Thu Aug 8 03:54:49 UTC 2024 Modified Files: pkgsrc/www/firefox115: Makefile distinfo Log Message: firefox115: update to 115.14.0 * Fixes for mfsa2024-34, also known as: CVE-2024-7519, CVE-2024-7521, CVE-2024-7522, CVE-2024-7524, CVE-2024-7525, CVE-2024-7526, CVE-2024-7527, CVE-2024-7529, CVE-2024-7531 --- Module Name: pkgsrc Committed By: gutteridge Date: Thu Aug 8 04:00:13 UTC 2024 Modified Files: pkgsrc/www/firefox115-l10n: Makefile distinfo Log Message: firefox115-l10n: update to 115.14.0 @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.10.2.3 2024/07/26 22:56:34 gutteridge Exp $ d3 3 a5 3 BLAKE2s (firefox-115.14.0esr.source.tar.xz) = 34f0f8e821073cf601ea75a4c3a295e62f10be56a9f38be087bfdcd7d84c64e4 SHA512 (firefox-115.14.0esr.source.tar.xz) = dd40c1fd3cf454dbf33a85d38e47bb0e736ed89b829643653e239f43232441f4e9f3c7876f058ff2e6f19daf2b50a8f2d13274e9a107d8a258a6067d1fc43f54 Size (firefox-115.14.0esr.source.tar.xz) = 507310580 bytes @ 1.10.2.5 log @Pullup ticket #6894 - requested by gutteridge www/firefox115: security fix www/firefox115-l10n: dependent update Revisions pulled up: - www/firefox115-l10n/Makefile 1.12 - www/firefox115-l10n/distinfo 1.12 - www/firefox115/Makefile 1.29 - www/firefox115/distinfo 1.15 --- Module Name: pkgsrc Committed By: gutteridge Date: Wed Sep 11 05:33:18 UTC 2024 Modified Files: pkgsrc/www/firefox115: Makefile distinfo Log Message: firefox115: update to 115.15.0 * Fixes for mfsa2024-41, also known as: CVE-2024-8381, CVE-2024-8382, CVE-2024-8383, CVE-2024-8384 --- Module Name: pkgsrc Committed By: gutteridge Date: Wed Sep 11 05:35:17 UTC 2024 Modified Files: pkgsrc/www/firefox115-l10n: Makefile distinfo Log Message: firefox115-l10n: update to 115.15.0 @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.10.2.4 2024/08/09 19:03:52 bsiegert Exp $ d3 3 a5 3 BLAKE2s (firefox-115.15.0esr.source.tar.xz) = 64673bf84111036a5d7efda8fa152356fc71ea195cb14d4b90d7c7f0431fe16b SHA512 (firefox-115.15.0esr.source.tar.xz) = 0df4c498c99cce08903004d2e0f9e977a19f7de86240aa82dba179b60f1d67ca3021eb474f56bddc38035e773eeb5d99bb3e1b0756d9f7583dc8e1f747f477ba Size (firefox-115.15.0esr.source.tar.xz) = 507920832 bytes @ 1.9 log @firefox115: update to 115.11.0 * Fixes for mfsa2024-22, also known as: CVE-2024-4367, CVE-2024-4767, CVE-2024-4768, CVE-2024-4769, CVE-2024-4770, CVE-2024-4777 @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.8 2024/05/10 09:14:08 jperkin Exp $ d3 3 a5 3 BLAKE2s (firefox-115.11.0esr.source.tar.xz) = 0606639bdfea2126fa8fc117e67ae57c6a5fdd91e3787a3fb7299b875a912873 SHA512 (firefox-115.11.0esr.source.tar.xz) = 0f3a87c99fb008088afd509d9259f893fdd44ea6bf6a5e69806fefb8d355415e81b9e8832a392acb9d0c1c50e4add7f1362a4aaadc35e1d9c2e55baf7136aed8 Size (firefox-115.11.0esr.source.tar.xz) = 506015444 bytes @ 1.8 log @mozilla: Support illumos triple. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.7 2024/04/17 13:42:45 gutteridge Exp $ d3 3 a5 3 BLAKE2s (firefox-115.10.0esr.source.tar.xz) = 230331706fa79dda2fa9d05bf0e9eda6c0c8695067cd9bbbcb4c1d6ebe45b4e0 SHA512 (firefox-115.10.0esr.source.tar.xz) = 0626e2c68ce43f24dfc2b9216e2565537ad8781daf4195d53420e1b78d57d0f6360fbe56b0ddbedae3818546c72472c85c1ff2b208c123d32a0543e666f42b65 Size (firefox-115.10.0esr.source.tar.xz) = 507826764 bytes @ 1.7 log @firefox115: update to 115.10.0 * Fixes for mfsa2024-19, also known as: CVE-2024-3852, CVE-2024-3854, CVE-2024-3857, CVE-2024-2609, CVE-2024-3859, CVE-2024-3861, CVE-2024-3302, CVE-2024-3864. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.6 2024/03/25 00:35:50 gutteridge Exp $ d10 1 @ 1.6 log @firefox115: update to 115.9.1 Note there are references to use of Python 3.12 as a build tool now being supported, but this has not been tested in pkgsrc as it stands. (This has been tested on NetBSD 9.3_STABLE with pkgsrc defaults.) 115.9.1 Fixes for mfsa2024-16, also known as CVE-2024-29944 115.9.0 Fixes for mfsa2024-13, also known as: CVE-2024-0743, CVE-2024-2607, CVE-2024-2608, CVE-2024-2616, CVE-2023-5388, CVE-2024-2610, CVE-2024-2611, CVE-2024-2612, CVE-2024-2614 115.8.0 Fixes for mfsa2024-06, also known as: CVE-2024-1546, CVE-2024-1547, CVE-2024-1548, CVE-2024-1549, CVE-2024-1550, CVE-2024-1551, CVE-2024-1552, CVE-2024-1553 @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.5 2024/01/31 16:18:33 ryoon Exp $ d3 3 a5 3 BLAKE2s (firefox-115.9.1esr.source.tar.xz) = f22cf141215df7a84f324d15cd03dd643c2148900df3ffbda066424181829e74 SHA512 (firefox-115.9.1esr.source.tar.xz) = 9ccaede2fcda13a07f98a2110bb8f99c7324601d66bff311f3070a669576a1598fe1d7de2d005d725d1f44dbe3934a9c0fd0b7950f60686047d4ce8d9d812310 Size (firefox-115.9.1esr.source.tar.xz) = 508070816 bytes @ 1.6.2.1 log @Pullup ticket #6850 - requested by gutteridge www/firefox115: security fix www/firefox115-l10n: dependent update Revisions pulled up: - www/firefox115-l10n/Makefile 1.7 - www/firefox115-l10n/distinfo 1.7 - www/firefox115/Makefile 1.20 - www/firefox115/distinfo 1.7 --- Module Name: pkgsrc Committed By: gutteridge Date: Wed Apr 17 13:42:45 UTC 2024 Modified Files: pkgsrc/www/firefox115: Makefile distinfo Log Message: firefox115: update to 115.10.0 * Fixes for mfsa2024-19, also known as: CVE-2024-3852, CVE-2024-3854, CVE-2024-3857, CVE-2024-2609, CVE-2024-3859, CVE-2024-3861, CVE-2024-3302, CVE-2024-3864. --- Module Name: pkgsrc Committed By: gutteridge Date: Wed Apr 17 13:46:55 UTC 2024 Modified Files: pkgsrc/www/firefox115-l10n: Makefile distinfo Log Message: firefox115-l10n: update to 115.10.0 @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.6 2024/03/25 00:35:50 gutteridge Exp $ d3 3 a5 3 BLAKE2s (firefox-115.10.0esr.source.tar.xz) = 230331706fa79dda2fa9d05bf0e9eda6c0c8695067cd9bbbcb4c1d6ebe45b4e0 SHA512 (firefox-115.10.0esr.source.tar.xz) = 0626e2c68ce43f24dfc2b9216e2565537ad8781daf4195d53420e1b78d57d0f6360fbe56b0ddbedae3818546c72472c85c1ff2b208c123d32a0543e666f42b65 Size (firefox-115.10.0esr.source.tar.xz) = 507826764 bytes @ 1.6.2.2 log @Pullup ticket #6855 - requested by gutteridge www/firefox115: security fix www/firefox115-lang: dependent update Revisions pulled up: - www/firefox115-l10n/Makefile 1.8 - www/firefox115-l10n/distinfo 1.8 - www/firefox115/Makefile 1.21 - www/firefox115/distinfo 1.9 --- Module Name: pkgsrc Committed By: gutteridge Date: Tue May 14 17:57:00 UTC 2024 Modified Files: pkgsrc/www/firefox115: Makefile distinfo Log Message: firefox115: update to 115.11.0 * Fixes for mfsa2024-22, also known as: CVE-2024-4367, CVE-2024-4767, CVE-2024-4768, CVE-2024-4769, CVE-2024-4770, CVE-2024-4777 --- Module Name: pkgsrc Committed By: gutteridge Date: Tue May 14 17:59:57 UTC 2024 Modified Files: pkgsrc/www/firefox115-l10n: Makefile distinfo Log Message: firefox115-l10n: update to 115.11.0 @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.6.2.1 2024/04/22 18:29:02 bsiegert Exp $ d3 3 a5 3 BLAKE2s (firefox-115.11.0esr.source.tar.xz) = 0606639bdfea2126fa8fc117e67ae57c6a5fdd91e3787a3fb7299b875a912873 SHA512 (firefox-115.11.0esr.source.tar.xz) = 0f3a87c99fb008088afd509d9259f893fdd44ea6bf6a5e69806fefb8d355415e81b9e8832a392acb9d0c1c50e4add7f1362a4aaadc35e1d9c2e55baf7136aed8 Size (firefox-115.11.0esr.source.tar.xz) = 506015444 bytes @ 1.6.2.3 log @Pullup ticket #6869 - requested by gutteridge www/firefox115: security fix www/firefox115-l10n: dependent update Revisions pulled up: - www/firefox115-l10n/Makefile 1.9 - www/firefox115-l10n/distinfo 1.9 - www/firefox115/Makefile 1.23 - www/firefox115/distinfo 1.10 --- Module Name: pkgsrc Committed By: gutteridge Date: Wed Jun 12 13:40:46 UTC 2024 Modified Files: pkgsrc/www/firefox115: Makefile distinfo Log Message: firefox115: update to 115.12.0 * Fixes for mfsa2024-26, also known as: CVE-2024-5688, CVE-2024-5702, CVE-2024-5690, CVE-2024-5691, CVE-2024-5692, CVE-2024-5693, CVE-2024-5696, CVE-2024-5700 --- Module Name: pkgsrc Committed By: gutteridge Date: Wed Jun 12 13:44:06 UTC 2024 Modified Files: pkgsrc/www/firefox115-l10n: Makefile distinfo Log Message: firefox115-l10n: update to 115.12.0 @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.6.2.2 2024/05/17 13:01:22 bsiegert Exp $ d3 3 a5 3 BLAKE2s (firefox-115.12.0esr.source.tar.xz) = b9b0f4b18de3fd7dac8f4b4f10ccf204f45ad7d9ad3cc3e035ef453998d3563d SHA512 (firefox-115.12.0esr.source.tar.xz) = d98475061d870e0f3aa920b7c0b9b0c1cbdb3f4102f760f1d1c5ea3e45e216c673c8d3662501e7e78af4950a003a519e94b57e9b1eda8d615c159cdf62130e89 Size (firefox-115.12.0esr.source.tar.xz) = 505219784 bytes @ 1.5 log @firefox115: Update to 115.7.0 Changelog: 115.7.0: Mozilla Foundation Security Advisory 2024-02 #CVE-2024-0741: Out of bounds write in ANGLE #CVE-2024-0742: Failure to update user input timestamp #CVE-2024-0746: Crash when listing printers on Linux #CVE-2024-0747: Bypass of Content Security Policy when directive unsafe-inline was set #CVE-2024-0749: Phishing site popup could show local origin in address bar #CVE-2024-0750: Potential permissions request bypass via clickjacking #CVE-2024-0751: Privilege escalation through devtools #CVE-2024-0753: HSTS policy on subdomain could bypass policy of upper domain #CVE-2024-0755: Memory safety bugs fixed in Firefox 122, Firefox ESR 115.7, and Thunderbird 115.7 @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.4 2024/01/10 15:38:44 ryoon Exp $ d3 3 a5 3 BLAKE2s (firefox-115.7.0esr.source.tar.xz) = 7ba9023baacfaf5894cdd2bd196af1492efc9718b833112d50bc7d21dca69372 SHA512 (firefox-115.7.0esr.source.tar.xz) = d468d8ef117d76e0660c5359c3becf0502354c61bdaaeb4137d86f52b50143abec2ac4578af69afa5670700b57efff1c7323ca23e3339a9eaaa888dee7e8e922 Size (firefox-115.7.0esr.source.tar.xz) = 515513828 bytes @ 1.4 log @firefox115: Update to 115.6.0 Changelog: 115.6.0: * Security fixes. Mozilla Foundation Security Advisory 2023-54 #CVE-2023-6856: Heap-buffer-overflow affecting WebGL DrawElementsInstanced method with Mesa VM driver #CVE-2023-6865: Potential exposure of uninitialized data in EncryptingOutputStream #CVE-2023-6857: Symlinks may resolve to smaller than expected buffers #CVE-2023-6858: Heap buffer overflow in nsTextFragment #CVE-2023-6859: Use-after-free in PR_GetIdentitiesLayer #CVE-2023-6860: Potential sandbox escape due to VideoBridge lack of texture validation #CVE-2023-6867: Clickjacking permission prompts using the popup transition #CVE-2023-6861: Heap buffer overflow affected nsWindow::PickerOpen(void) in headless mode #CVE-2023-6862: Use-after-free in nsDNSService #CVE-2023-6863: Undefined behavior in ShutdownObserver() #CVE-2023-6864: Memory safety bugs fixed in Firefox 121, Firefox ESR 115.6, and Thunderbird 115.6 @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.3 2023/11/23 12:47:01 ryoon Exp $ d3 3 a5 3 BLAKE2s (firefox-115.6.0esr.source.tar.xz) = 36a05ee81148f9b6ff6c0efdbc7a91447400e243b419008bd6f9120eb918929c SHA512 (firefox-115.6.0esr.source.tar.xz) = 9fe23b5f715e35b788d9c8fefe6b7be8785789b4ae6f5649b05a54221934101c6e1b9580319145f9bcaebfbd00fcc33e97afb63f7d57ba102a6b02c874d324af Size (firefox-115.6.0esr.source.tar.xz) = 511017732 bytes @ 1.3 log @firefox115: Update to 115.5.0 Changelog: Fixed Various security fixes and other quality improvements. Security fixes: Mozilla Foundation Security Advisory 2023-50 #CVE-2023-6204: Out-of-bound memory access in WebGL2 blitFramebuffer #CVE-2023-6205: Use-after-free in MessagePort::Entangled #CVE-2023-6206: Clickjacking permission prompts using the fullscreen transition #CVE-2023-6207: Use-after-free in ReadableByteStreamQueueEntry::Buffer #CVE-2023-6208: Using Selection API would copy contents into X11 primary selection. #CVE-2023-6209: Incorrect parsing of relative URLs starting with "///" #CVE-2023-6212: Memory safety bugs fixed in Firefox 120, Firefox ESR 115.5, and Thunderbird 115.5 @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.2 2023/10/15 07:47:59 ryoon Exp $ d3 3 a5 3 BLAKE2s (firefox-115.5.0esr.source.tar.xz) = edbc13615a536e474331226d60eaa1dea53e7c71a6461cadc5a058ecb85062a7 SHA512 (firefox-115.5.0esr.source.tar.xz) = 5ee722884cd545cf5146f414526b4547286625f4f5996a409d7f64f115633fb7eb74d202e82f175fd5b2d24cce88deee70020fcb284055fcdea3d39da182074e Size (firefox-115.5.0esr.source.tar.xz) = 512244040 bytes @ 1.3.2.1 log @Pullup ticket #6840 - requested by gutteridge www/firefox115: security fix www/firefox115-l10n: dependent update Revisions pulled up: - www/firefox115-l10n/Makefile 1.4-1.6 - www/firefox115-l10n/distinfo 1.4-1.6 - www/firefox115/Makefile 1.11-1.13,1.16-1.17 - www/firefox115/distinfo 1.4-1.6 - www/firefox115/files/replace-moz.build.awk 1.2 - www/firefox115/mozilla-common.mk 1.5-1.6 --- Module Name: pkgsrc Committed By: he Date: Fri Dec 29 17:29:14 UTC 2023 Modified Files: pkgsrc/www/firefox115: Makefile mozilla-common.mk Log Message: firefox115: on i386, use -mstackrealign also in CFLAGS. Patterned after recent change to firefox: force stack re-alignment so that you don't get a segfault when doing movdqa %xmm7,(%esp) and %esp is not 16-byte aligned. Bump PKGREVISION. --- Module Name: pkgsrc Committed By: leot Date: Mon Jan 8 17:39:44 UTC 2024 Modified Files: pkgsrc/www/firefox115: Makefile pkgsrc/www/firefox115/files: replace-moz.build.awk Log Message: firefox115: Re-enable screen/tab capture Sync replace-moz.build.awk with firefox{102,} so that X11 desktop capture works. (Re)Fix PR pkg/56955. (While here define PKGREVISION only once.) PKGREVISION++ --- Module Name: pkgsrc Committed By: ryoon Date: Wed Jan 10 15:38:44 UTC 2024 Modified Files: pkgsrc/www/firefox115: Makefile distinfo mozilla-common.mk Log Message: firefox115: Update to 115.6.0 Changelog: 115.6.0: * Security fixes. Mozilla Foundation Security Advisory 2023-54 #CVE-2023-6856: Heap-buffer-overflow affecting WebGL DrawElementsInstanced method with Mesa VM driver #CVE-2023-6865: Potential exposure of uninitialized data in EncryptingOutputStream #CVE-2023-6857: Symlinks may resolve to smaller than expected buffers #CVE-2023-6858: Heap buffer overflow in nsTextFragment #CVE-2023-6859: Use-after-free in PR_GetIdentitiesLayer #CVE-2023-6860: Potential sandbox escape due to VideoBridge lack of texture validation #CVE-2023-6867: Clickjacking permission prompts using the popup transition #CVE-2023-6861: Heap buffer overflow affected nsWindow::PickerOpen(void) in headless mode #CVE-2023-6862: Use-after-free in nsDNSService #CVE-2023-6863: Undefined behavior in ShutdownObserver() #CVE-2023-6864: Memory safety bugs fixed in Firefox 121, Firefox ESR 115.6, and Thunderbird 115.6 --- Module Name: pkgsrc Committed By: ryoon Date: Wed Jan 31 16:18:33 UTC 2024 Modified Files: pkgsrc/www/firefox115: Makefile distinfo Log Message: firefox115: Update to 115.7.0 Changelog: 115.7.0: Mozilla Foundation Security Advisory 2024-02 #CVE-2024-0741: Out of bounds write in ANGLE #CVE-2024-0742: Failure to update user input timestamp #CVE-2024-0746: Crash when listing printers on Linux #CVE-2024-0747: Bypass of Content Security Policy when directive unsafe-inline was set #CVE-2024-0749: Phishing site popup could show local origin in address bar #CVE-2024-0750: Potential permissions request bypass via clickjacking #CVE-2024-0751: Privilege escalation through devtools #CVE-2024-0753: HSTS policy on subdomain could bypass policy of upper domain #CVE-2024-0755: Memory safety bugs fixed in Firefox 122, Firefox ESR 115.7, and Thunderbird 115.7 --- Module Name: pkgsrc Committed By: gutteridge Date: Mon Mar 25 00:35:50 UTC 2024 Modified Files: pkgsrc/www/firefox115: Makefile distinfo Log Message: firefox115: update to 115.9.1 Note there are references to use of Python 3.12 as a build tool now being supported, but this has not been tested in pkgsrc as it stands. (This has been tested on NetBSD 9.3_STABLE with pkgsrc defaults.) 115.9.1 Fixes for mfsa2024-16, also known as CVE-2024-29944 115.9.0 Fixes for mfsa2024-13, also known as: CVE-2024-0743, CVE-2024-2607, CVE-2024-2608, CVE-2024-2616, CVE-2023-5388, CVE-2024-2610, CVE-2024-2611, CVE-2024-2612, CVE-2024-2614 115.8.0 Fixes for mfsa2024-06, also known as: CVE-2024-1546, CVE-2024-1547, CVE-2024-1548, CVE-2024-1549, CVE-2024-1550, CVE-2024-1551, CVE-2024-1552, CVE-2024-1553 --- Module Name: pkgsrc Committed By: ryoon Date: Wed Jan 10 15:39:18 UTC 2024 Modified Files: pkgsrc/www/firefox115-l10n: Makefile distinfo Log Message: firefox115-l10n: Update to 115.6.0 * Sync with www/firefox115-115.6.0. --- Module Name: pkgsrc Committed By: ryoon Date: Wed Jan 31 16:19:07 UTC 2024 Modified Files: pkgsrc/www/firefox115-l10n: Makefile distinfo Log Message: firefox115: Update to 115.7.0 * Sync with www/firefox115-115.7.0. --- Module Name: pkgsrc Committed By: gutteridge Date: Tue Mar 26 13:54:13 UTC 2024 Modified Files: pkgsrc/www/firefox115-l10n: Makefile distinfo Log Message: firefox115-l10n: update to 115.9.1 @ text @d1 1 a1 1 $NetBSD$ d3 3 a5 3 BLAKE2s (firefox-115.9.1esr.source.tar.xz) = f22cf141215df7a84f324d15cd03dd643c2148900df3ffbda066424181829e74 SHA512 (firefox-115.9.1esr.source.tar.xz) = 9ccaede2fcda13a07f98a2110bb8f99c7324601d66bff311f3070a669576a1598fe1d7de2d005d725d1f44dbe3934a9c0fd0b7950f60686047d4ce8d9d812310 Size (firefox-115.9.1esr.source.tar.xz) = 508070816 bytes @ 1.2 log @firefox115: Update to 115.3.1 Changelog: 115.3.1 * Security fix Mozilla Foundation Security Advisory 2023-44 #CVE-2023-5217: Heap buffer overflow in libvpx 115.3.0 Fixed * Various security fixes and other quality improvements. Mozilla Foundation Security Advisory 2023-42 #CVE-2023-5168: Out-of-bounds write in FilterNodeD2D1 #CVE-2023-5169: Out-of-bounds write in PathOps #CVE-2023-5171: Use-after-free in Ion Compiler #CVE-2023-5174: Double-free in process spawning on Windows #CVE-2023-5176: Memory safety bugs fixed in Firefox 118, Firefox ESR 115.3, and Thunderbird 115.3 @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.1 2023/09/11 12:33:25 ryoon Exp $ d3 3 a5 3 BLAKE2s (firefox-115.3.1esr.source.tar.xz) = 5b4076a017c80f161353afce1aed9716424a8369719df7b0534bc1ea91ec6dec SHA512 (firefox-115.3.1esr.source.tar.xz) = 65cb6fc46bba03eed742bd67f8e36b63b19f2ad7b85d2f503595704a4e88f554758a1e66ba548c8efe97a76322fb2514db72e6ff4bb2992d1aaa86edc3af85f1 Size (firefox-115.3.1esr.source.tar.xz) = 515785920 bytes d20 1 @ 1.1 log @www/firefox115: import firefox115-115.2.0 Mozilla Firefox is a free, open-source and cross-platform web browser for Windows, Linux, MacOS X and many other operating systems. It is fast and easy to use, and offers many advantages over other web browsers, such as tabbed browsing and the ability to block pop-up windows. Firefox also offers excellent bookmark and history management, and it can be extended by developers using industry standards such as XML, CSS, JavaScript, C++, etc. Many extensions are available. Note: Due to upstream's trademark policies, this package identifies as "Nightly" rather than "Firefox" by default. This package provides Firefox 115 Extended Support Release. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.501 2023/07/17 14:08:44 ryoon Exp $ d3 3 a5 3 BLAKE2s (firefox-115.2.0esr.source.tar.xz) = eb64581135bb1c9a5207d79fffd319c59817d03e334d659ead42aa2a54a72e86 SHA512 (firefox-115.2.0esr.source.tar.xz) = df3b4efd9607e8eb4932717760c865eb31ac7a96246cb4385190c33316c9595e0793a1f3c45ebb9674a9ba4fce98d83f71b063bef09ef307d92d1cd78d30d812 Size (firefox-115.2.0esr.source.tar.xz) = 514055028 bytes @