![[BACK]](/icons/back.gif){kind=icon}
Up to [cvs.NetBSD.org] / pkgsrc / www / firefox
Request diff between arbitrary revisions
Default branch: MAIN
Revision 1.582 / (download) - annotate - [select for diffs], Fri Dec 1 15:05:28 2023 UTC (14 hours, 57 minutes ago) by ryoon
Branch: MAIN
CVS Tags: HEAD
Changes since 1.581: +2 -2
lines
Diff to previous 1.581 (colored)
firefox: Update to 120.0.1
Changelog:
Fixed
* Fixed a bug that was causing persistent startup slowdowns. (bug 1867095)
* Fixed an issue that was causing 100% CPU usage on sites such as Google
Maps. (bug 1866409)
* Fixed an issue that was causing YouTube videos to show a green screen when
hardware acceleration was enabled. (bug 1865928)
* Fixed an issue where the status bar was still visible when viewing
fullscreen video. (bug 1853896)
* Fixed a startup crash affecting Linux users on some aarch64 systems with
page sizes other than 4KB. (bug 1866025)
Revision 1.581 / (download) - annotate - [select for diffs], Wed Nov 22 13:32:12 2023 UTC (9 days, 16 hours ago) by ryoon
Branch: MAIN
Changes since 1.580: +3 -3
lines
Diff to previous 1.580 (colored)
firefox: Update to 120.0
Changelog:
120.0
New
* Firefox supports a new "Copy Link Without Site Tracking" feature in the
context menu which ensures that copied links no longer contain tracking
information.
Screenshot showing Copy Link feature
* Firefox now supports a setting (in Preferences -> Privacy & Security) to
enable Global Privacy Control. With this opt-in feature, Firefox informs
the websites that the user doesn't want their data to be shared or sold.
Screenshot showing GPC preference
* Firefox's private windows and ETP-Strict privacy configuration now enhance
the Canvas APIs with Fingerprinting Protection, thereby continuing to
protect our users' online privacy.
* Firefox has enabled Cookie Banner Blocker by default in private windows for
all users in Germany. Firefox will now auto-refuse cookies and dismiss
annoying cookie banners for supported sites.
* Firefox has enabled URL Tracking Protection by default in private windows
for all users in Germany. Firefox will remove non-essential URL query
parameters that are often used to track users across the web.
* Firefox now imports TLS trust anchors (e.g., certificates) from the
operating system root store. This will be enabled by default on Windows,
macOS, and Android, and if needed, can be turned off in settings
(Preferences -> Privacy & Security -> Certificates).
* Keyboard shortcuts have now been added for editing and deleting a selected
credential on about:logins. For editing - Alt + enter (Option + return on
macOS) and for deleting - Alt + Backspace (Option + Delete on macOS).
* Users on Ubuntu Linux now have the ability to import from Chromium when
both are installed as Snap packages.
* Picture-in-Picture now supports corner snapping on Windows and Linux - just
hold Ctrl as you move the PiP window.
Fixed
* Various security fixes.
Security fixes:
Mozilla Foundation Security Advisory 2023-49
#CVE-2023-6204: Out-of-bound memory access in WebGL2 blitFramebuffer
#CVE-2023-6205: Use-after-free in MessagePort::Entangled
#CVE-2023-6206: Clickjacking permission prompts using the fullscreen transition
#CVE-2023-6207: Use-after-free in ReadableByteStreamQueueEntry::Buffer
#CVE-2023-6208: Using Selection API would copy contents into X11 primary
selection.
#CVE-2023-6209: Incorrect parsing of relative URLs starting with "///"
#CVE-2023-6210: Mixed-content resources not blocked in a javascript: pop-up
#CVE-2023-6211: Clickjacking to load insecure pages in HTTPS-only mode
#CVE-2023-6212: Memory safety bugs fixed in Firefox 120, Firefox ESR 115.5, and
Thunderbird 115.5
#CVE-2023-6213: Memory safety bugs fixed in Firefox 120
Revision 1.580 / (download) - annotate - [select for diffs], Fri Nov 17 03:20:47 2023 UTC (2 weeks, 1 day ago) by ryoon
Branch: MAIN
Changes since 1.579: +3 -4
lines
Diff to previous 1.579 (colored)
firefox: Update to 119.0.1
* Update nodejs kit to 119.0.1.
Changelog:
119.0.1:
Fixed
* Fixed a bug causing colors in the <select> HTML element to not be applied
to dropdown menu arrows. (bug 1861253)
* Fixed a bug with the <input> HTML element state not changing when
dynamically updating the disabled attribute on an ancestor <fieldset>. (bug
1861027)
* Fixed a bug causing elements with the indeterminate CSS selector in a radio
group to not update. (bug 1861346)
Revision 1.579 / (download) - annotate - [select for diffs], Tue Nov 14 14:03:03 2023 UTC (2 weeks, 3 days ago) by wiz
Branch: MAIN
Changes since 1.578: +2 -2
lines
Diff to previous 1.578 (colored)
*: recursive bump for cairo dependency changes
Revision 1.578 / (download) - annotate - [select for diffs], Sun Nov 12 13:23:54 2023 UTC (2 weeks, 5 days ago) by wiz
Branch: MAIN
Changes since 1.577: +2 -2
lines
Diff to previous 1.577 (colored)
*: revebump for new brotli option for freetype2 Addresses PR 57693
Revision 1.577 / (download) - annotate - [select for diffs], Thu Nov 9 00:04:43 2023 UTC (3 weeks, 2 days ago) by wiz
Branch: MAIN
Changes since 1.576: +2 -2
lines
Diff to previous 1.576 (colored)
firefox: clean some pkglint
Revision 1.576 / (download) - annotate - [select for diffs], Wed Nov 8 13:21:17 2023 UTC (3 weeks, 2 days ago) by wiz
Branch: MAIN
Changes since 1.575: +2 -1
lines
Diff to previous 1.575 (colored)
*: recursive bump for icu 74.1
Revision 1.575 / (download) - annotate - [select for diffs], Fri Nov 3 10:20:03 2023 UTC (4 weeks ago) by ryoon
Branch: MAIN
Changes since 1.574: +3 -6
lines
Diff to previous 1.574 (colored)
firefox: Update 119.0
* Enable WebGL with information by Paul Ripke. Thank you.
Changelog:
119.0
New
* Gradually rolling out in Fx119, Firefox View includes more content. You can
now see all open tabs, from all windows. If you sync open tabs, you??ll see
all tabs from other devices. Browsing history is now listed and you can
sort by date or by site. As before, recently closed tabs are also listed on
Firefox View.
To access Firefox View, select the file folder icon at the top left of your
tab strip.
screenshot of Firefox View displaying open tabs and tabs from other devices
* Gradually rolling out in Fx119, Firefox now allows you to edit PDFs by
adding images and alt text, in addition to text and drawings.
screenshot of a photo of a red fox being added to a PDF. The alt text tool
is open to the left of the photo, ready for a description to be added.
* Recently closed tabs now persist between sessions that don't have automatic
session restore enabled. Manually restoring a previous session will
continue to reopen any previously open tabs or windows.
* If you're migrating your data from Chrome, Firefox now offers the ability
to import some of your extensions as well.
* As part of Total Cookie Protection, Firefox now supports the partitioning
of Blob URLs, this mitigates a potential tracking vector that third-party
agents could use to track an individual.
* The visibility of fonts to websites has been restricted to system fonts and
language pack fonts in Enhanced Tracking Protection strict mode to mitigate
font fingerprinting.
* The Storage Access API web standard was updated to improve security while
mitigating website breakages and further enabling the phase out of
third-party cookies in Firefox.
* Encrypted Client Hello (ECH) is now available to Firefox users, delivering
a more private browsing experience. ECH extends the encryption used in TLS
connections to cover more of the handshake and better protect sensitive
fields. Read more about the launch of ECH on Mozilla Distilled.
* Media sniffing is no longer applied to files served as type application/
octet-stream, this allows these files to be downloaded instead of
attempting playback.
* On Windows, the mouse pointer will disappear while typing if the relevant
Windows mouse properties system setting is enabled.
* Firefox is now available in the Santali (sat) language.
Fixed
* Fixed an issue causing unexpected jumps in scroll position on Facebook.
* Various security fixes.
Developer
* Developer Information
* Several enhancements have been made to the Inactive CSS styles feature.
This feature assists in identifying CSS properties that have no effect on
an element. Pseudo-elements such as ::first-letter, ::cue, and
::placeholder are now fully supported.
* The JSON viewer is particularly useful for debugging REST APIs, as it
displays formatted JSON responses. Now, if the JSON is invalid or broken,
it automatically switches to a raw data view, improving the user
experience.
Web Platform
* ARIA reflection for simple attributes and default Accessibility Semantics
for Custom Elements are now supported. Note this includes boolean, enum,
number, and string attributes, but not attributes that reference other
elements.
* credentialless is now supported in Cross-Origin-Embedder-Policy.
* The CSS attr() function now supports a fallback parameter, for example attr
(foobar, "Default value").
* Grouping of items in an array (and iterables) is now easier by using the
methods Object.groupBy or Map.groupBy.
Security fixes:
#CVE-2023-5721: Queued up rendering could have allowed websites to clickjack
#CVE-2023-5722: Cross-Origin size and header leakage
#CVE-2023-5723: Invalid cookie characters could have led to unexpected errors
#CVE-2023-5724: Large WebGL draw could have led to a crash
#CVE-2023-5725: WebExtensions could open arbitrary URLs
#CVE-2023-5726: Full screen notification obscured by file open dialog on macOS
#CVE-2023-5727: Download Protections were bypassed by .msix, .msixbundle,
.appx, and .appxbundle files on Windows
#CVE-2023-5728: Improper object tracking during GC in the JavaScript engine
could have led to a crash.
#CVE-2023-5729: Fullscreen notification dialog could have been obscured by
WebAuthn prompts
#CVE-2023-5730: Memory safety bugs fixed in Firefox 119, Firefox ESR 115.4, and
Thunderbird 115.4.1
#CVE-2023-5731: Memory safety bugs fixed in Firefox 119
Revision 1.574 / (download) - annotate - [select for diffs], Tue Oct 24 22:11:26 2023 UTC (5 weeks, 3 days ago) by wiz
Branch: MAIN
Changes since 1.573: +2 -1
lines
Diff to previous 1.573 (colored)
*: bump for openssl 3
Revision 1.573 / (download) - annotate - [select for diffs], Sun Oct 15 07:41:16 2023 UTC (6 weeks, 5 days ago) by ryoon
Branch: MAIN
Changes since 1.572: +2 -2
lines
Diff to previous 1.572 (colored)
firefox: Update nodejs kit too.
Revision 1.572 / (download) - annotate - [select for diffs], Sun Oct 15 07:40:10 2023 UTC (6 weeks, 5 days ago) by ryoon
Branch: MAIN
Changes since 1.571: +3 -4
lines
Diff to previous 1.571 (colored)
firefox: Update to 118.0.2
Changelog:
118.0.2
Fixed
* Fixed games not loading on betsoft.com (bug 1856145)
* Fixed printing issues for some SVG images (bug 1853727)
* Fixed CORS XHR with authentication no longer working (bug 1855650)
* Fixed h264 WebRTC video not working in some contexts (bug 1855636)
* Fixed Firefox Translations not working on some pages (bugs 1841656 -
1855307)
* Stability fixes (bugs 1851991 - 1799326 - 1856637)
118.0.1
Fixed
* Security fix.
Mozilla Foundation Security Advisory 2023-44
#CVE-2023-5217: Heap buffer overflow in libvpx
118.0
New
* Automated translation of web content is now available to Firefox users!
Unlike cloud-based alternatives, translation is done locally in Firefox, so
that the text being translated does not leave your machine. Many thanks to
the various partners of the EU R&D Bergamot project.
* Web Audio in Firefox now uses the FDLIBM math library on all systems to
improve anonymity with Fingerprint Protection.
* The visibility of fonts to websites has been restricted to system fonts and
language pack fonts to mitigate font fingerprinting in Private Browsing
windows.
* Video Effects and background blur are now available to Firefox users on
Google Meet! (Note: These effects have also been released retroactively to
support Firefox versions back to Firefox 115.)
* Firefox Suggest users (US-only at this time) will now be able to see
browser add-on suggestions right in the address bar based on their
keywords.
Fixed
* Various security fixes.
Enterprise
* You can find information about policy updates and enterprise specific bug
fixes in the Firefox for Enterprise 118 Release Notes.
Web Platform
* 10 new CSS math functions are now supported: round, mod, rem, pow, sqrt,
hypot, log, exp, abs, sign.
* OpaqueResponseBlocking is now enabled by default.
* The <search> element is now supported. The <search> element is a group
element that serves to contain all the elements used in a search or
filtering operation.
Mozilla Foundation Security Advisory 2023-41
#CVE-2023-5168: Out-of-bounds write in FilterNodeD2D1
#CVE-2023-5169: Out-of-bounds write in PathOps
#CVE-2023-5170: Memory leak from a privileged process
#CVE-2023-5171: Use-after-free in Ion Compiler
#CVE-2023-5172: Memory Corruption in Ion Hints
#CVE-2023-5173: Out-of-bounds write in HTTP Alternate Services
#CVE-2023-5174: Double-free in process spawning on Windows
#CVE-2023-5175: Use-after-free of ImageBitmap during process shutdown
#CVE-2023-5176: Memory safety bugs fixed in Firefox 118, Firefox ESR 115.3, and
Thunderbird 115.3
Revision 1.571 / (download) - annotate - [select for diffs], Mon Sep 18 06:12:47 2023 UTC (2 months, 2 weeks ago) by ryoon
Branch: MAIN
CVS Tags: pkgsrc-2023Q3-base,
pkgsrc-2023Q3
Changes since 1.570: +2 -1
lines
Diff to previous 1.570 (colored)
firefox: Fix unintentional capitalization in firefox.js * Bump PKGREVISION.
Revision 1.570 / (download) - annotate - [select for diffs], Sun Sep 17 06:32:27 2023 UTC (2 months, 2 weeks ago) by ryoon
Branch: MAIN
Changes since 1.569: +2 -2
lines
Diff to previous 1.569 (colored)
firefox: Update to 117.0.1
Changelog:
117.0.1:
Fixed
* Fixed a bug causing links opened from outside Firefox to not open on macOS
(bug 1850828)
* Fixed a bug causing extensions using an event page for long-running tasks
to be terminated while running, causing unexpected behavior changes (bug
1851373)
* Temporarily reverted an intentional behavior change preventing Javascript
from changing URL.protocol (bug 1850954).
NOTE: This change is expected to ship in a later Firefox release alongside
other web browsers and sites are encouraged to find alternate ways to
change the protocol if needed.
* Fixed audio worklets not working for sites using WebAssembly exception
handling (bug 1851468)
* Fixed the Reopen all tabs option in the Recently closed tabs menu sometimes
failing to open all tabs (bug 1850856)
* Fixed the bookmarks menu sometimes remaining partially visible when
minimizing Firefox (bug 1843700)
* Fixed an issue causing incorrect time zones to be detected on some sites (
bug 1848615)
Revision 1.569 / (download) - annotate - [select for diffs], Tue Sep 5 14:08:39 2023 UTC (2 months, 3 weeks ago) by ryoon
Branch: MAIN
Changes since 1.568: +3 -4
lines
Diff to previous 1.568 (colored)
firefox: Update to 117.0
Changelog:
New
* Support for credit card autofill has been extended to users running Firefox
in the IT, ES, AT, BE, and PL locales.
* macOS users can now control the tabability of controls and links via
about:preferences.
Screenshot of new macOS tabability option in about:preferences
* To avoid undesirable outcomes on sites which specify their own behavior
when pressing shift+right-click, Firefox now has a
dom.event.contextmenu.shift_suppresses_event preference to prevent the
context menu from appearing.
Fixed
* YouTube video lists now scroll correctly when navigating with a screen
reader.
* Various security fixes.
Changed
* Firefox no longer shows its own screen sharing indicator on Wayland desktop
environments. The system default sharing indicator will be used instead.
Enterprise
* You can find information about policy updates and enterprise specific bug
fixes in the Firefox for Enterprise 117 Release Notes.
Developer
* Developer Information
* Web compatibility inspection has been enhanced with our new CSS
compatibility tooltip in the Developer Tools Inspector. An icon is now
displayed next to properties that could lead to web compatibility issues.
When hovered, the tooltip indicates which browsers are not supported and
displays a link to the MDN page for the property so the user can learn more
about it.
Screenshot showing CSS compatibility icon for a property shown in the
Inspector
* console.clear() no longer clears the Console output if the "Enable
persistent logs" option is enabled.
Web Platform
* Support for improved CSS nesting is now enabled by default.
* Firefox now supports RTCRtpScriptTransform.
* ReadableStream.from is now supported, allowing creation of a ReadableStream
from an (async) iterable.
* Firefox now supports the math-style and math-depth CSS properties and the
font-size: math value.
Security fixes:
#CVE-2023-4573: Memory corruption in IPC CanvasTranslator
#CVE-2023-4574: Memory corruption in IPC ColorPickerShownCallback
#CVE-2023-4575: Memory corruption in IPC FilePickerShownCallback
#CVE-2023-4576: Integer Overflow in RecordedSourceSurfaceCreation
#CVE-2023-4577: Memory corruption in JIT UpdateRegExpStatics
#CVE-2023-4578: Error reporting methods in SpiderMonkey could have triggered an
Out of Memory Exception
#CVE-2023-4579: Persisted search terms were formatted as URLs
#CVE-2023-4580: Push notifications saved to disk unencrypted
#CVE-2023-4581: XLL file extensions were downloadable without warnings
#CVE-2023-4582: Buffer Overflow in WebGL glGetProgramiv
#CVE-2023-4583: Browsing Context potentially not cleared when closing Private
Window
#CVE-2023-4584: Memory safety bugs fixed in Firefox 117, Firefox ESR 102.15,
Firefox ESR 115.2, Thunderbird 102.15, and Thunderbird 115.2
#CVE-2023-4585: Memory safety bugs fixed in Firefox 117, Firefox ESR 115.2, and
Thunderbird 115.2
Revision 1.568 / (download) - annotate - [select for diffs], Tue Aug 22 13:48:16 2023 UTC (3 months, 1 week ago) by tnn
Branch: MAIN
Changes since 1.567: +2 -1
lines
Diff to previous 1.567 (colored)
firefox: build with --enable-forkserver. Bump. This makes parent of content processes be the forkserver process rather than the chrome process. It removes some complexity around setting up and tearing down content processes from the main process and decreases memory usage. This is the default on Linux and other BSDs and makes us less likely to trip over bugs in code paths upstream don't test often.
Revision 1.567 / (download) - annotate - [select for diffs], Thu Aug 17 20:43:43 2023 UTC (3 months, 2 weeks ago) by ryoon
Branch: MAIN
Changes since 1.566: +2 -3
lines
Diff to previous 1.566 (colored)
firefox: Update to 116.0.3
* Make speech-dispatcher denendency as optional and disabled by default.
Changelog:
116.0.3:
Fixed
* Fixed an issue for OPFS users (especially those using the Adobe Photoshop)
that broke access to files that were locally cached in a previous version.
(bug 1847989, bug 1847619)
* Fixed an issue that was breaking screensharing for some users on Wayland. (
bug 1841851)
* Fixed an issue where a fullscreen notification was persistently being shown
to a user, even after disabling it. (bug 1847901)
* Fixed an issue where Firefox would hang when doing a Google search. (bug
1847066)
116.0.2:
Fixed
* Fixed an issue that was causing keystrokes to be scrambled for users using
ZoneAlarm anti-keylogger. (bug 1847033)
116.0.1:
Fixed
* Fixed an issue which caused chart elements to render incorrectly for
Windows users. (bug 1846613)
Revision 1.566 / (download) - annotate - [select for diffs], Wed Aug 16 10:41:35 2023 UTC (3 months, 2 weeks ago) by abs
Branch: MAIN
Changes since 1.565: +10 -2
lines
Diff to previous 1.565 (colored)
Substitute PREFIX in NetBSD wrapper Fix my previous workaround for NetBSD GL issue to correctly substitute PREFIX rather than hard coded /usr/pkg
Revision 1.565 / (download) - annotate - [select for diffs], Mon Aug 14 05:25:29 2023 UTC (3 months, 2 weeks ago) by wiz
Branch: MAIN
Changes since 1.564: +2 -1
lines
Diff to previous 1.564 (colored)
*: recursive bump for Python 3.11 as new default
Revision 1.564 / (download) - annotate - [select for diffs], Thu Aug 3 22:02:33 2023 UTC (3 months, 4 weeks ago) by ryoon
Branch: MAIN
Changes since 1.563: +4 -5
lines
Diff to previous 1.563 (colored)
firefox: Update to 116.0
* speech-dispatcher is not tested yet.
Changelog:
New
* Sidebar switcher allows users to access Bookmarks, History and Synced Tabs
panels easily, quickly switch between them, move the sidebar to another
side of the browser window, or close the sidebar. Now, keyboard users would
be able to do it all with ease too, with or without any assistive
technology running, without needing to memorize keyboard shortcuts to
access these panels.
* When an update is available in English locales, users will now have access
to the release notes in the update notification prompt in the form of a
"Learn More" link.
* It is now possible to copy any file from your operating system and paste it
into Firefox.
* You asked, and we listened! The volume slider is now available in
Picture-in-Picture.
* We added the possibility to edit existing text annotations.
Fixed
* The upload performance of HTTP/2 has been significantly improved starting
with Firefox 115.0, particularly on those with a higher bandwidth delay
product (i.e., networks characterized by both high bandwidth and high
latency).
* Various security fixes.
Changed
* The keyboard shortcut to reopen closed tabs (command + shift + t) now
reopens last closed tab or last closed window, in the order items were
closed. If there aren't any tabs or windows to reopen, this command
restores the previous session. This change is in anticipation of upcoming
changes to recently closed tabs.
Security fixes:
#CVE-2023-4045: Offscreen Canvas could have bypassed cross-origin restrictions
#CVE-2023-4046: Incorrect value used during WASM compilation
#CVE-2023-4047: Potential permissions request bypass via clickjacking
#CVE-2023-4048: Crash in DOMParser due to out-of-memory conditions
#CVE-2023-4049: Fix potential race conditions when releasing platform objects
#CVE-2023-4050: Stack buffer overflow in StorageManager
#CVE-2023-4051: Full screen notification obscured by file open dialog
#CVE-2023-4052: File deletion and privilege escalation through Firefox
uninstaller
#CVE-2023-4053: Full screen notification obscured by external program
#CVE-2023-4054: Lack of warning when opening appref-ms files
#CVE-2023-4055: Cookie jar overflow caused unexpected cookie jar state
#CVE-2023-4056: Memory safety bugs fixed in Firefox 116, Firefox ESR 115.1,
Firefox ESR 102.14, Thunderbird 115.1, and Thunderbird 102.14
#CVE-2023-4057: Memory safety bugs fixed in Firefox 116, Firefox ESR 115.1, and
Thunderbird 115.1
#CVE-2023-4058: Memory safety bugs fixed in Firefox 116
Revision 1.563 / (download) - annotate - [select for diffs], Mon Jul 24 14:15:42 2023 UTC (4 months, 1 week ago) by ryoon
Branch: MAIN
Changes since 1.562: +2 -1
lines
Diff to previous 1.562 (colored)
firefox: Enable X11 desktop capture Fix PR pkg/56955.
Revision 1.562 / (download) - annotate - [select for diffs], Mon Jul 17 14:08:44 2023 UTC (4 months, 2 weeks ago) by ryoon
Branch: MAIN
Changes since 1.561: +3 -3
lines
Diff to previous 1.561 (colored)
firefox: Update to 115.0.2
Changelog:
115.0.2:
Fixed
* Fixed a startup crash experienced by some Windows 10 and 11 users by
blocking instances of a malicious injected DLL (bug 1841751)
* Fixed a bug with displaying a caret in the text editor on some websites (
bug 1840804)
* Fixed a bug with broken audio rendering on some websites (bug 1841982)
* Fixed a bug with patternTransform translate using the wrong units (bug
1840746)
* A security fix.
* Fixed a crash affecting Windows 7 users related to the DLL blocklist.
Security fix:
#CVE-2023-3600: Use-after-free in workers
115.0.1:
Fixed
* Fixed a startup crash for Windows users with Kingsoft Antivirus software
installed (bug 1837242)
Revision 1.561 / (download) - annotate - [select for diffs], Fri Jul 7 13:47:09 2023 UTC (4 months, 3 weeks ago) by ryoon
Branch: MAIN
Changes since 1.560: +3 -3
lines
Diff to previous 1.560 (colored)
firefox: Update to 115.0
Changelog:
New
* Migrating from another browser? Now you can bring over payment methods
you've saved in Chrome-based browsers to Firefox.
* Hardware video decoding is now enabled for Intel GPUs on Linux.
* The Tab Manager dropdown now features close buttons, so you can close tabs
more quickly.
* We've refreshed and streamlined the user interface for importing data in
from other browsers.
* Users without platform support for H264 video decoding can now fallback to
Cisco's OpenH264 plugin for playback.
Fixed
* Windows Magnifier now follows the text cursor correctly when the Firefox
title bar is visible.
* Windows users on low-end/USB wifi drivers and with OS geolocation disabled
can now approve geolocation on a case by case basis without causing
system-wide network instability.
* Various security fixes.
Changed
* Undo and redo are now available in Password fields.
* On Linux, middle clicks on the new tab button will now open the xclipboard
contents in the new tab. If the xclipboard content is a URL then that URL
is opened, any other text is opened with your default search provider.
* For users with a Firefox Colorways built-in theme, the theme will be
automatically migrated to the same theme hosted on addons.mozilla.org for
Firefox profiles that have disabled add-ons auto-updates. This will allow
users to keep their Colorways theme when they are later removed from
Firefox installer files.
* Certain Firefox users may come across a message in the extensions panel
indicating that their add-ons are not allowed on the site currently open.
We have introduced a new back-end feature to only allow some extensions
monitored by Mozilla to run on specific websites for various reasons,
including security concerns.
Security fixes:
#CVE-2023-3482: Block all cookies bypass for localstorage
#CVE-2023-37201: Use-after-free in WebRTC certificate generation
#CVE-2023-37202: Potential use-after-free from compartment mismatch in
SpiderMonkey
#CVE-2023-37203: Drag and Drop API may provide access to local system files
#CVE-2023-37204: Fullscreen notification obscured via option element
#CVE-2023-37205: URL spoofing in address bar using RTL characters
#CVE-2023-37206: Insufficient validation of symlinks in the FileSystem API
#CVE-2023-37207: Fullscreen notification obscured
#CVE-2023-37208: Lack of warning when opening Diagcab files
#CVE-2023-37209: Use-after-free in `NotifyOnHistoryReload`
#CVE-2023-37210: Full-screen mode exit prevention
#CVE-2023-37211: Memory safety bugs fixed in Firefox 115, Firefox ESR 102.13,
and Thunderbird 102.13
#CVE-2023-37212: Memory safety bugs fixed in Firefox 115
Revision 1.560 / (download) - annotate - [select for diffs], Mon Jun 26 13:56:13 2023 UTC (5 months ago) by ryoon
Branch: MAIN
Changes since 1.559: +2 -2
lines
Diff to previous 1.559 (colored)
firefox: Update to 114.0.2
Changelog:
Fixed
Several crash fixes.
Web Extensions: Fixes for 114 regressions in our Native Messaging support.
Revision 1.559 / (download) - annotate - [select for diffs], Wed Jun 14 16:22:18 2023 UTC (5 months, 2 weeks ago) by ryoon
Branch: MAIN
CVS Tags: pkgsrc-2023Q2-base,
pkgsrc-2023Q2
Changes since 1.558: +6 -3
lines
Diff to previous 1.558 (colored)
firefox: Update to 114.0.1
* mprotect support for firefox and firefox-bin is insufficient now.
Changelog:
114.0.1
Fixed
* Fix a startup crash (bug 1837201).
114.0
New
* Added UI to manage the DNS over HTTPS exception list.
* Bookmarks can now be searched from the Bookmarks menu. The Bookmarks menu
is accessible by adding the Bookmarks menu button to the toolbar.
* Restrict searches to your local browsing history by selecting Search
history from the History, Library or Application menu buttons.
* Mac users can now capture video from their cameras in all supported native
resolutions. This enables resolutions higher than 1280x720.
* It is now possible to reorder the extensions listed in the extensions
panel.
* Users on macOS, Linux, and Windows 7 can now use FIDO2 / WebAuthn
authenticators over USB. Some advanced features, such as fully passwordless
logins, require a PIN to be set on the authenticator.
* Pocket Recommended content can now be seen in France, Italy, and Spain.
Fixed
* Various security fixes.
Changed
* DNS over HTTPS settings are now part of the Privacy & Security section of
the Settings page and allow the user to choose from all the supported
modes.
Enterprise
* You can find information about policy updates and enterprise specific bug
fixes in the Firefox for Enterprise 114 Release Notes.
Developer
* Developer Information
* The Copy as cURL feature, available in the Network panel, has been
enhanced. It now supports the --compressed argument.
* The Accessibility Inspector has been improved to accurately recognize all
the ARIA roles like banner, main, navigation, and contentinfo, etc. This
enhancement is particularly beneficial for web developers working with ARIA
roles to improve web accessibility.
* Firefox now provides support for the CSS Cascading Level 4 supports()
syntax for @import rules. This allows for the importation of other
stylesheets based on support-dependency. In addition, the Inspector panel
now accurately displays the conditions at the top of the imported rule.
developer tools screenshot of the new @import syntax rule
Web Platform
* DOM: Added support for ES Modules on DedicatedWorker and SharedWorker
* WebTransport is now enabled by default and will be going to release with
114. As the original Explainer notes, it enables multiple use-cases that
are hard or impossible to handle without it, especially for Gaming and live
streaming. It covers cases that are problematic for alternative mechanisms,
such as WebSockets.
Built on top of HTTP3 (HTTP2 support will be coming later). The current
implementation in Firefox is passing 505 out of 565 Web-Platform Tests.
* CSS: The infinity and NaN constants are now supported inside the calc()
function.
Security fixes
#CVE-2023-34414: Click-jacking certificate exceptions through rendering lag
#CVE-2023-34415: Site-isolation bypass on sites that allow open redirects to
data: urls
#CVE-2023-34416: Memory safety bugs fixed in Firefox 114 and Firefox ESR 102.12
#CVE-2023-34417: Memory safety bugs fixed in Firefox 114
Revision 1.558 / (download) - annotate - [select for diffs], Sun Jun 4 09:26:35 2023 UTC (5 months, 4 weeks ago) by ryoon
Branch: MAIN
Changes since 1.557: +4 -7
lines
Diff to previous 1.557 (colored)
firefox: Update to 113.0.2
* Not tested under NetBSD/i386 and 9 for this commit. If you find problems,
please report your failure to me.
* Disable WebGL for a while to avoid runtime errors under NetBSD.
* Do not pass '-j1 -j1' to cargo when MAKE_JOBS=1.
* Do not restrict cargo to unconditional -j1.
* Use ffmpeg6 instead of ffmpeg5.
Changelog:
113.0.2
Fixed
* Fixed an issue which caused Picture-in-Picture windows to not be snappable
on Windows 11 or on systems with the FancyZones PowerToy installed (bug
1832331)
* Fixed a video playback crash on some Windows systems with Intel graphics (
bug 1831329)
* Fixed a bug which could cause Firefox to freeze on some pages when loading
them with the Developer Tools Web Console open (bug 1828026)
* Fixed a bug which would cause the bookmarks and history sidebars to not
properly react to the browser window being vertically resized (bug 1831535)
113.0.1
Fixed
* Fixed incorrect colors for Windows users with installed monitor/display
color profiles, particularly on wide gamut displays (bug 1832215)
* Fixed borders being visible around fullscreen windows for some
configurations (bug 1830721)
* Fixed an issue which may cause users in some configurations to experience
tearing when watching videos in fullscreen mode (bug 1830792)
113.0
New
* Say hello to enhanced Picture-in-Picture! Rewind, check video duration, and
effortlessly switch to full-screen mode on the web's most popular video
websites.
* Firefox's address bar is already a great place to search for what you're
looking for. Now you'll always be able to see your web search terms and
refine them while viewing your search's results - no additional scrolling
needed! Also, a new result menu has been added making it easier to remove
history results and dismiss sponsored Firefox Suggest entries.
Image demonstrating search terms persisting in the address bar after
hitting Enter for easier editing
* Private windows now protect users even better by blocking third-party
cookies and storage of content trackers.
* Passwords automatically generated by Firefox now include special
characters, giving users more secure passwords by default.
* Firefox 113 introduces a redesigned accessibility engine which
significantly improves the speed, responsiveness, and stability of Firefox
when used with:
+ Screen readers, as well as certain other accessibility software;
+ East Asian input methods;
+ Enterprise single sign-on software; and
+ Other applications which use accessibility frameworks to access
information.
* Importing bookmarks from Safari or a Chrome-based browser? The favicons for
those bookmarks will now also be imported by default to make them easier to
identify.
* Firefox 113 now supports AV1 Image Format files containing animations
(AVIS), improving support for AVIF images across the web.
* The Windows GPU sandbox first shipped in the Firefox 110 release has been
tightened to enhance the security benefits it provides.
* A 13-year-old feature request was fulfilled and Firefox now supports files
being drag-and-dropped directly from Microsoft Outlook. A special thanks to
volunteer contributor Marco Spiess for helping to get this across the
finish line!
* Users on macOS can now access the Services sub-menu directly from Firefox
context menus.
* On Windows, the elastic overscroll effect has been enabled by default. When
two-finger scrolling on the touchpad or scrolling on the touchscreen, you
will now see a bouncing animation when scrolling past the edge of a scroll
container.
* Firefox is now available in the Tajik (tg) language.
Fixed
* Various security fixes.
Changed
* The long-deprecated mozRTCPeerConnection, mozRTCIceCandidate, and
mozRTCSessionDescription WebRTC interfaces have been removed. Sites should
utilize the non-prefixed versions instead.
Security fixes:
#CVE-2023-32205: Browser prompts could have been obscured by popups
#CVE-2023-32206: Crash in RLBox Expat driver
#CVE-2023-32207: Potential permissions request bypass via clickjacking
#CVE-2023-32208: Leak of script base URL in service workers via import()
#CVE-2023-32209: Persistent DoS via favicon image
#CVE-2023-32210: Incorrect principal object ordering
#CVE-2023-32211: Content process crash due to invalid wasm code
#CVE-2023-32212: Potential spoof due to obscured address bar
#CVE-2023-32213: Potential memory corruption in FileReader::DoReadData()
#MFSA-TMP-2023-0002: Race condition in dav1d decoding
#CVE-2023-32214: Potential DoS via exposed protocol handlers
#CVE-2023-32215: Memory safety bugs fixed in Firefox 113 and Firefox ESR 102.11
#CVE-2023-32216: Memory safety bugs fixed in Firefox 113
Revision 1.557 / (download) - annotate - [select for diffs], Fri Jun 2 18:47:20 2023 UTC (5 months, 4 weeks ago) by wiz
Branch: MAIN
Changes since 1.556: +2 -2
lines
Diff to previous 1.556 (colored)
firefox: switch to ffmpeg6 Still compiles, still doesn't link against ffmpeg, but MOZ_FFMPEG is defined to 1. Bump PKGREVISION. XXX: Update comment about hunspell: it's now perhaps new enough to be used from pkgsrc instead of using the provided copy.
Revision 1.556 / (download) - annotate - [select for diffs], Tue May 30 13:26:45 2023 UTC (6 months ago) by abs
Branch: MAIN
Changes since 1.555: +2 -2
lines
Diff to previous 1.555 (colored)
Fix (harmless) error in firefox.sh workaround For the workaround case $PREFIX/bin/firefox would have an extra /usr/pkg/lib/firefox/firefox "$@" added after the exec /usr/pkg/lib/firefox/firefox "$@"
Revision 1.555 / (download) - annotate - [select for diffs], Tue May 30 08:37:37 2023 UTC (6 months ago) by abs
Branch: MAIN
Changes since 1.554: +6 -2
lines
Diff to previous 1.554 (colored)
Add temporary workaround for PR#57445 for native X11 NetBSD Calling "export LD_PRELOAD=/usr/X11R7/lib/libEGL.so" before starting firefox avoids the crash on startup in many cases To be removed once PR#57445 is resolved (or restricted to non fixed installs)
Revision 1.554 / (download) - annotate - [select for diffs], Sat May 6 19:09:50 2023 UTC (6 months, 3 weeks ago) by ryoon
Branch: MAIN
Changes since 1.553: +2 -2
lines
Diff to previous 1.553 (colored)
*: Recursive revbump from audio/libopus 1.4
Revision 1.553 / (download) - annotate - [select for diffs], Fri Apr 28 18:56:22 2023 UTC (7 months ago) by maya
Branch: MAIN
Changes since 1.552: +2 -2
lines
Diff to previous 1.552 (colored)
firefox: fix webauthn support on netbsd with patch committed upstream PKGREVISION++
Revision 1.552 / (download) - annotate - [select for diffs], Wed Apr 19 08:11:46 2023 UTC (7 months, 1 week ago) by adam
Branch: MAIN
Changes since 1.551: +2 -1
lines
Diff to previous 1.551 (colored)
revbump after textproc/icu update
Revision 1.551 / (download) - annotate - [select for diffs], Tue Apr 18 14:00:11 2023 UTC (7 months, 2 weeks ago) by ryoon
Branch: MAIN
Changes since 1.550: +2 -2
lines
Diff to previous 1.550 (colored)
firefox: Update to 112.0.1
Changelog:
112.0.1
Fixed
* Fixed a bug where cookie dates appear to be set in the far future after
updating Firefox. This may have caused cookies to be unintentionally
purged. (bug 1827669).
112.0
New
* Right-clicking on password fields now shows an option to reveal the
password.
* Ubuntu Linux users can now import their browser data from the Chromium Snap
package. Currently, this will only work if Firefox is not also installed as
a Snap package, but work is underway to address this!
* Do you use the tab list panel in the tab bar? If so, you can now close tabs
by middle-clicking items in that list.
* You've always been able to un-close a tab by using (Cmd/Ctrl)-Shift-T. Now,
that same shortcut will restore the previous session if there are no more
closed tabs from the same session to re-open.
* For all ETP Strict users, we extended the list of known tracking parameters
that are removed from URLs to further protect our users from cross-site
tracking.
* Enables overlay of software-decoded video on Intel GPUs in Windows.
Improves video down scaling quality and reduces GPU usage.
* Private windows and ETP set to strict will now include email tracking
protection. This will make it harder for email trackers to learn the
browsing habits of Firefox users. You can check the Tracking Content in the
sub-panel on the shield icon panel.
Fixed
* Various security fixes.
Changed
* The deprecated U2F Javascript API is now disabled by default. The U2F
protocol remains usable through the WebAuthn API. The U2F API can be
re-enabled using the security.webauth.u2f preference.
Security fixes:
#CVE-2023-29531: Out-of-bound memory access in WebGL on macOS
#CVE-2023-29532: Mozilla Maintenance Service Write-lock bypass
#CVE-2023-29533: Fullscreen notification obscured
#CVE-2023-29534: Fullscreen notification could have been obscured on Firefox
for Android
#CVE-2023-1999: Double-free in libwebp
#CVE-2023-29535: Potential Memory Corruption following Garbage Collector
compaction
#CVE-2023-29536: Invalid free from JavaScript code
#CVE-2023-29537: Data Races in font initialization code
#CVE-2023-29538: Directory information could have been leaked to WebExtensions
#CVE-2023-29539: Content-Disposition filename truncation leads to Reflected
File Download
#CVE-2023-29540: Iframe sandbox bypass using redirects and sourceMappingUrls
#CVE-2023-29541: Files with malicious extensions could have been downloaded
unsafely on Linux
#CVE-2023-29542: Bypass of file download extension restrictions
#CVE-2023-29543: Use-after-free in debugging APIs
#CVE-2023-29544: Memory Corruption in garbage collector
#CVE-2023-29545: Windows Save As dialog resolved environment variables
#CVE-2023-29546: Screen recording in Private Browsing included address bar on
Android
#CVE-2023-29547: Secure document cookie could be spoofed with insecure cookie
#CVE-2023-29548: Incorrect optimization result on ARM64
#CVE-2023-29549: Javascript's bind function may have failed
#CVE-2023-29550: Memory safety bugs fixed in Firefox 112 and Firefox ESR 102.10
#CVE-2023-29551: Memory safety bugs fixed in Firefox 112
Revision 1.550 / (download) - annotate - [select for diffs], Wed Apr 5 14:22:35 2023 UTC (7 months, 3 weeks ago) by ryoon
Branch: MAIN
Changes since 1.549: +3 -3
lines
Diff to previous 1.549 (colored)
firefox: Update to 111.0.1
* Enable eventfd(2) for NetBSD 10 or later.
* Fix LICENSE in official Firefox branding case.
Changelog:
111.0.1
Fixed
* Fixed a crash on macOS while pinch-zooming under some circumstances (bug
1658986).
* Fixed a bug causing Firefox to freeze on startup for some Windows users (
bug 1823159).
111.0
New
* Windows native notifications are now enabled.
* Firefox Relay users can now opt-in to create Relay email masks directly
from the Firefox credential manager. You must be signed in with your
Firefox Account.
* We've added two new locales: Silhe Friulian (fur) and Sardinian (sc).
Fixed
* Various security fixes.
Security fixes
#CVE-2023-28159: Fullscreen Notification could have been hidden by download
popups on Android
#CVE-2023-25748: Fullscreen Notification could have been hidden by window
prompts on Android
#CVE-2023-25749: Firefox for Android may have opened third-party apps without a
prompt
#CVE-2023-25750: Potential ServiceWorker cache leak during private browsing
mode
#CVE-2023-25751: Incorrect code generation during JIT compilation
#CVE-2023-28160: Redirect to Web Extension files may have leaked local path
#CVE-2023-28164: URL being dragged from a removed cross-origin iframe into the
same tab triggered navigation
#CVE-2023-28161: One-time permissions granted to a local file were extended to
other local files loaded in the same tab
#CVE-2023-28162: Invalid downcast in Worklets
#CVE-2023-25752: Potential out-of-bounds when accessing throttled streams
#CVE-2023-28163: Windows Save As dialog resolved environment variables
#CVE-2023-28176: Memory safety bugs fixed in Firefox 111 and Firefox ESR 102.9
#CVE-2023-28177: Memory safety bugs fixed in Firefox 111
Revision 1.549 / (download) - annotate - [select for diffs], Mon Mar 6 11:47:26 2023 UTC (8 months, 3 weeks ago) by ryoon
Branch: MAIN
CVS Tags: pkgsrc-2023Q1-base,
pkgsrc-2023Q1
Changes since 1.548: +2 -2
lines
Diff to previous 1.548 (colored)
firefox: Update to 110.0.1
Changelog:
Fixed
* Fixed clearing recent cookies clears all cookies (bug 1816279).
* Fixed a bug causing the context menu to sometimes display on the background
of other Firefox UI elements instead of the foreground on macOS (bug
1763990).
* Fixed Manage bookmarks link on empty bookmarks toolbar not responding to
clicks on Windows (bug 1812636).
* Fixed WebGL crashes on Linux when ran inside a VMWare virtual machine (bug
1807942).
* Fixed a bug with CSP serialization causing bugs with the MitID Digital ID
in Denmark (Bug 1819096).
Revision 1.548 / (download) - annotate - [select for diffs], Wed Feb 15 20:38:13 2023 UTC (9 months, 2 weeks ago) by ryoon
Branch: MAIN
Changes since 1.547: +3 -3
lines
Diff to previous 1.547 (colored)
firefox: Update to 110.0
Changelog:
110.0
New
* It's now possible to import bookmarks, history and passwords not only from
Edge, Chrome or Safari but also from Opera, Opera GX, and Vivaldi for all
the folks who want to move over to Firefox instead!
* GPU sandboxing has been enabled on Windows.
Note: A bug in the popular X-Mouse Button Control (XMBC) tool may cause
mouse wheel scrolling to stop working. The author(s) are working on an
update. Meanwhile, scrolling can be restored by reconfiguring XMBC: either
disable the Make scroll wheel scroll window under cursor option in the
global settings, or enable the Disable scroll window under cursor option if
using a custom profile for Firefox.
* On Windows, third-party modules can now be blocked from injecting
themselves into Firefox, which can be helpful if they are causing crashes
or other undesirable behavior.
* Date, time, and datetime-local input fields can now be cleared with
Cmd+Backspace and Cmd+Delete shortcut on macOS and Ctrl+Backspace and
Ctrl+Delete on Windows and Linux.
* GPU-accelerated Canvas2D is enabled by default on macOS and Linux.
* WebGL performance improvement on Windows, MacOS and Linux.
* Enables overlay of hardware-decoded video with non-Intel GPUs on Windows 10
/11, improving video playback performance and video scaling quality.
Fixed
* Various security fixes.
Changed
* Colorways are no longer available in Firefox, at least not in the same way.
You can still access your saved and active Colorways by selecting Add-ons
and themes from the Firefox menu. Additionally, you can now install
Colorways from all of the previous collections by visiting Colorways by
Firefox on the Mozilla Add-ons website.
Enterprise
* Various bug fixes and new policies have been implemented in the latest
version of Firefox. You can find more information in the Firefox for
Enterprise 110 Release Notes.
Web Platform
* Firefox now supports CSS named pages, allowing web pages to perform
per-page layout and add page-breaks in a declarative manner when printing.
* Firefox now supports CSS size container queries, see the MDN page for
documentation on this feature.
Security fixes:
#CVE-2023-25728: Content security policy leak in violation reports using
#CVE-2023-25730: Screen hijack via browser fullscreen mode
#CVE-2023-25743: Fullscreen notification not shown in Firefox Focus
#CVE-2023-0767: Arbitrary memory write via PKCS 12 in NSS
#CVE-2023-25735: Potential use-after-free from compartment mismatch in
SpiderMonkey
#CVE-2023-25737: Invalid downcast in SVGUtils::SetupStrokeGeometry
#CVE-2023-25738: Printing on Windows could potentially crash Firefox with some
device drivers
#CVE-2023-25739: Use-after-free in
mozilla::dom::ScriptLoadContext::~ScriptLoadContext
#CVE-2023-25729: Extensions could have opened external schemes without user
knowledge
#CVE-2023-25732: Out of bounds memory write from EncodeInputStream
#CVE-2023-25734: Opening local .url files could cause unexpected network loads
#CVE-2023-25740: Opening local .scf files could cause unexpected network loads
#CVE-2023-25731: Prototype pollution when rendering URLPreview
#CVE-2023-25733: Possible null pointer dereference in TaskbarPreviewCallback
#CVE-2023-25736: Invalid downcast in GetTableSelectionMode
#CVE-2023-25741: Same-origin policy leak via image drag and drop
#CVE-2023-25742: Web Crypto ImportKey crashes tab
#CVE-2023-25744: Memory safety bugs fixed in Firefox 110 and Firefox ESR 102.8
#CVE-2023-25745: Memory safety bugs fixed in Firefox 110
Revision 1.547 / (download) - annotate - [select for diffs], Sat Feb 4 17:14:33 2023 UTC (9 months, 3 weeks ago) by ryoon
Branch: MAIN
Changes since 1.546: +2 -3
lines
Diff to previous 1.546 (colored)
firefox: Update to 109.0.1
Changelog:
Fixed
* Reverted changes to Windows font smoothing which caused poor rendering on
some configurations (bug 1803154)
* Fixed jank when loading pages containing a large number of emoji characters
(bug 1809081)
* Fixed an issue causing authentication prompts to not appear when loading
pages in some enterprise environments (bug 1809151)
* Fixed inconsistent sizing of event listener checkboxes inside the Inspector
developer tool (bug 1811760)
Revision 1.546 / (download) - annotate - [select for diffs], Sun Jan 29 21:18:03 2023 UTC (10 months ago) by ryoon
Branch: MAIN
Changes since 1.545: +2 -1
lines
Diff to previous 1.545 (colored)
*: Recursive revbup from graphics/freetype2
Revision 1.545 / (download) - annotate - [select for diffs], Sat Jan 21 01:14:07 2023 UTC (10 months, 1 week ago) by ryoon
Branch: MAIN
Changes since 1.544: +3 -12
lines
Diff to previous 1.544 (colored)
firefox: Update to 109.0
Changelog:
109.0
New
* Manifest Version 3 (MV3) extension support is now enabled by default (MV2
remains enabled/supported). This major update also ushers an exciting user
interface change in the form of the new extensions button.
* The Arbitrary Code Guard exploit protection has been enabled in the media
playback utility processes, improving security for Windows users.
* The native HTML date picker for date and datetime inputs can now be used
with a keyboard alone, improving its accessibility for screen reader users.
Users with limited mobility can also now use common keyboard shortcuts to
navigate the calendar grid and month selection spinners.
* Firefox builds in the Spanish from Spain (es-ES) and Spanish from Argentina
(es-AR) locales now come with a built-in dictionary for the Firefox
spellchecker.
Fixed
* Various security fixes.
Changed
* Effective on January 16, Colorways will no longer be in Firefox. Users will
still be able to access saved and active Colorways from the Add-ons and
themes menu option.
* On macOS, Ctrl or Cmd + trackpad or mouse wheel now scrolls the page
instead of zooming. This avoids accidental zooming and matches the behavior
of other web browsers on macOS.
* The Recently Closed section of Firefox View now equips users with the
ability to manually close/remove url links from the list.
* The empty state messages and graphic components surfaced in Firefox View
for the Tab Pickup and Recently Closed sections have been updated for an
improved user experience.
Developer
* The ability to automatically break when code on the page hits an events
handler has been available since Firefox 69. Firefox 109 now adds new
support for the scrollend event. To use this new event breakpoint, open the
JS debugger and find and expand the Event Listener Breakpoints section in
the right hand column (learn more).
Web Platform
* The scrollend event is now enabled by default. The event is fired when a
scroll has completed.
* Firefox now permanently partitions Storage in third-party contexts
independent of Storage Access to align with other browsers and provide
better Web compatibility.
Security fixes:
#CVE-2023-23597: Logic bug in process allocation allowed to read arbitrary
files
#CVE-2023-23598: Arbitrary file read from GTK drag and drop on Linux
#CVE-2023-23599: Malicious command could be hidden in devtools output on
Windows
#CVE-2023-23600: Notification permissions persisted between Normal and Private
Browsing on Android
#CVE-2023-23601: URL being dragged from cross-origin iframe into same tab
triggers navigation
#CVE-2023-23602: Content Security Policy wasn't being correctly applied to
WebSockets in WebWorkers
#CVE-2023-23603: Calls to <code>console.log</code> allowed bypasing Content
Security Policy via format directive
#CVE-2023-23604: Creation of duplicate <code>SystemPrincipal</code> from less
secure contexts
#CVE-2023-23605: Memory safety bugs fixed in Firefox 109 and Firefox ESR 102.7
#CVE-2023-23606: Memory safety bugs fixed in Firefox 109
Revision 1.544 / (download) - annotate - [select for diffs], Sat Jan 7 23:36:39 2023 UTC (10 months, 3 weeks ago) by ryoon
Branch: MAIN
Changes since 1.543: +13 -4
lines
Diff to previous 1.543 (colored)
firefox: Update to 108.0.1
* Use devel/py-curses during build to avoid errors from Python 3.10.
* uniffi-js defines amd64 specific symbols. I have added a hack for i386.
If you build www/firefox under NetBSD/aarch64, you will get 'undefined
reference' error during linking libxul.so. Please send your error messages
to me. I will try to fix link breakage.
* Disable Web MIDI explicitly, it causes runtime segfault under NetBSD.
Changelog:
108.0.1
Fixed
* Fixes a crash for some users on Mac OS X 10.12-10.14 during video playback
(bug 1806391).
* Fixes a crash that might occur when managing browser history (bug 1806408).
Changed
* The "Tabs sharing devices" menu item for WebRTC is now located in the tools
menu on macOS only (bug 1807697).
108.0.1
Fixed
* Fixes the default search engine being reset on upgrade for profiles which
were previously copied from a different location.
108.0
New
* Import maps, which allow web pages to control the behavior of JavaScript
imports, are now enabled by default.
* Processes used for background tabs now use efficiency mode on Windows 11 to
limit resource use.
* The shift+esc keyboard shortcut now opens the Process Manager, offering a
way to quickly identify processes that are using too many resources.
* Improved frame scheduling when under load; this substantially improves
Firefox's MotionMark scores.
Fixed
* Firefox now supports properly color correcting images tagged with ICCv4
profiles.
* Support for non-English characters when saving and printing PDF forms.
* The bookmarks toolbar's default "Only show on New Tab" state works
correctly for blank new tabs. As before, you can change the bookmark
toolbar's behavior using the toolbar context menu.
* Various security fixes.
Changed
* Firefox now supports the WebMIDI API and a new experimental mechanism for
controlling access to dangerous capabilities.
Security fixes:
#CVE-2022-46871: libusrsctp library out of date
#CVE-2022-46872: Arbitrary file read from a compromised content process
#CVE-2022-46873: Firefox did not implement the CSP directive unsafe-hashes
#CVE-2022-46874: Drag and Dropped Filenames could have been truncated to
malicious extensions
#CVE-2022-46875: Download Protections were bypassed by .atloc and .ftploc files
on Mac OS
#CVE-2022-46877: Fullscreen notification bypass
#CVE-2022-46878: Memory safety bugs fixed in Firefox 108 and Firefox ESR 102.6
#CVE-2022-46879: Memory safety bugs fixed in Firefox 108
Revision 1.543 / (download) - annotate - [select for diffs], Tue Jan 3 17:38:23 2023 UTC (10 months, 4 weeks ago) by wiz
Branch: MAIN
Changes since 1.542: +2 -1
lines
Diff to previous 1.542 (colored)
*: recursive bump for tiff shlib major bump
Revision 1.542 / (download) - annotate - [select for diffs], Sun Dec 11 13:49:09 2022 UTC (11 months, 3 weeks ago) by ryoon
Branch: MAIN
CVS Tags: pkgsrc-2022Q4-base,
pkgsrc-2022Q4
Changes since 1.541: +8 -6
lines
Diff to previous 1.541 (colored)
firefox: Update to 107.0.1
107.0.1:
Fixed
* Fixed an issue with accessing some sites reliably in Private Browsing mode
or Strict ETP due to anti-adblockers (bug 1717806).
* Fixed an issue where Color Management was not available for some users (bug
1799391).
* Fixed an issue with text overlapping in the Settings Menu for some locales
(bug 1800379).
* Fixed an incompatibility with the new Windows 11 22H2 Suggested Actions
feature resulting in hangs when copying phone number links (bug 1798098).
* Fixed an issue where the DevTools UI is not accessible when an alert dialog
is displayed (bug 1801840).
107.0:
New
* Improved the performance of the instance when Microsoft's IME and Defender
retrieve the URL of a focused document in Windows 11 version 22H2.
* Power profiling -- visualizing performance data recorded from web browsers
-- is now also supported on Linux and Mac with Intel CPUs, in addition to
Windows 11 and Apple Silicon.
Fixed
* Various security fixes.
Security fixes:
#CVE-2022-45403: Service Workers might have learned size of cross-origin media
files
#CVE-2022-45404: Fullscreen notification bypass
#CVE-2022-45405: Use-after-free in InputStream implementation
#CVE-2022-45406: Use-after-free of a JavaScript Realm
#CVE-2022-45407: Loading fonts on workers was not thread-safe
#CVE-2022-45408: Fullscreen notification bypass via windowName
#CVE-2022-45409: Use-after-free in Garbage Collection
#CVE-2022-45410: ServiceWorker-intercepted requests bypassed SameSite cookie
policy
#CVE-2022-45411: Cross-Site Tracing was possible via non-standard override
headers
#CVE-2022-45412: Symlinks may resolve to partially uninitialized buffers
#CVE-2022-45413: SameSite=Strict cookies could have been sent cross-site via
intent URLs
#CVE-2022-40674: Use-after-free vulnerability in expat
#CVE-2022-45415: Downloaded file may have been saved with malicious extension
#CVE-2022-45416: Keystroke Side-Channel Leakage
#CVE-2022-45417: Service Workers in Private Browsing Mode may have been written
to disk
#CVE-2022-45418: Custom mouse cursor could have been drawn over browser UI
#CVE-2022-45419: Deleting a security exception did not take effect immediately
#CVE-2022-45420: Iframe contents could be rendered outside the iframe
#CVE-2022-45421: Memory safety bugs fixed in Firefox 107 and Firefox ESR 102.5
106.0.5:
Fixed
* Addresses a crash experienced by users with Intel Gemini Lake CPUs.
106.0.4:
Fixed
* Fixed an issue with DRM Video playback (bug 1797292).
* Fixed broken layout of datetime input when switching types (bug 1797139).
* Fixes Firefox hanging when there is a Direct3D device reset (bug 1792115).
106.0.3:
Fixed
* Fix a startup crash for some users on Windows (bug 1797464).
* Fixed an incompatibility with the new Windows 11 22H2 Suggested Actions
feature resulting in hangs when copying text on a web page (bug 1774285).
106.0.2:
Fixed
* Fix missing content on some PDF forms (bug 1794351).
* Fix column width for the Notification sub-panel in Settings (bug 1793558).
* Fix a browser freeze with accessibility enabled on some sites such as the
Proxmox Web UI (bug 1793748).
* Fix page reloading not working with Firefox View and not refreshing synced
data (bug 1792680 and bug 1794474).
* Fix browser not opening if installed from the Windows Store (Bug 1796391).
106.0.1:
Fixed
* Addresses a crash experienced by users with AMD Zen 1 CPUs. (bug 1796126)
106.0:
New
* It is now possible to edit PDFs: including writing text, drawing, and
adding signatures.
* Setting Firefox as your default browser now also makes it the default PDF
application on Windows systems.
* You can now pin private windows to your Windows taskbar on Window 10 and
Windows 11 for simpler access. Also, private windows have been redesigned
to increase the feeling of privacy.
* Swipe-to-navigate (two fingers on a touchpad swiped left or right to
perform history back or forward) now works for Linux users on Wayland.
* Text Recognition in images allows users on macOS 10.15 and higher to
extract text from the selected image (such as a meme or screenshot).
Extracted text is copied to the clipboard in order to share, store, or
search -- without needing to manually retype everything.
+ This feature is compatible with "VoiceOver," the built-in macOS
screen reader.
+ For more information, check out our SUMO article.
* "Firefox View" helps you get back to content you previously discovered. A
pinned tab allows you to find and open recently closed tabs on your current
device, access tabs from other devices (via our "Tab Pickup" feature),
and change the look of the browser (with Colorways).
+ For more information, read our SUMO article.
* With the launch of the "Independent Voices" collection, Firefox is
introducing 18 new "Colorways." You can now access a "Colorways" modal
experience via "Firefox View"; each new color is accompanied with a
bespoke graphic and a text description that speaks to its deeper meaning.
The collection will be available through Jan 16.
+ For more information, check out our SUMO article.
Fixed
* Various security fixes.
Security fixes:
#CVE-2022-42927: Same-origin policy violation could have leaked cross-origin
URLs
#CVE-2022-42928: Memory Corruption in JS Engine
#CVE-2022-42929: Denial of Service via window.print
#CVE-2022-42930: Race condition in DOM Workers
#CVE-2022-42931: Username saved to a plaintext file on disk
#CVE-2022-42932: Memory safety bugs fixed in Firefox 106 and Firefox ESR 102.4
Revision 1.541 / (download) - annotate - [select for diffs], Wed Nov 23 16:21:19 2022 UTC (12 months, 1 week ago) by adam
Branch: MAIN
Changes since 1.540: +2 -1
lines
Diff to previous 1.540 (colored)
massive revision bump after textproc/icu update
Revision 1.540 / (download) - annotate - [select for diffs], Sat Oct 8 21:18:55 2022 UTC (13 months, 3 weeks ago) by ryoon
Branch: MAIN
Changes since 1.539: +3 -4
lines
Diff to previous 1.539 (colored)
firefox: Update to 105.0.3
* Add --enable-new-pass-manager.
* Disable sysutils/dbus dependency for non-Linux platforms by default.
Changelog:
105.0.3:
Fixed
* Mitigated frequent crashes for Windows users with Avast or AVG Antivirus
software installed (bug 1794064)
105.0.2:
Fixed
* Fixed poor contrast on various menu items with certain themes on Linux
systems (bug 1792063)
* Fixed the scrollbar appearing on the wrong side of select elements in
right-to-left locales (bug 1791219)
* Fixed a possible deadlock when loading some sites in Troubleshoot Mode (bug
1786259)
* Fixed a bug causing some dynamic appearance changes to not appear when
expected (bug 1786521)
* Fixed a bug causing theme styling to not be properly applied to sidebars
for some add-ons in Private Browsing Mode (bug 1787543)
105.0.1:
Fixed
* Reverted focus behavior for new windows back to the content area
instead of the address bar (bug 1784692)
105.0:
New
* Added an option to print only the current page from the print preview
dialog.
* Firefox now supports partitioned service workers in third-party contexts.
You can register service workers in a third-party iframe and it will be
partitioned under the top-level domain.
* Swipe to navigate (two fingers on a touchpad swiped left or right to
perform history back or forward) on Windows is now enabled.
* Firefox is now compliant with the User Timing L3 specification, which adds
additional optional arguments to the performance.mark and
performance.measure methods to provide custom start times, end times,
duration, and attached details.
* Searching in large lists for individual items is now 2x faster. This
performance enhancement replaces array.includes and array.indexOf with an
optimized SIMD version.
Fixed
* Stability on Windows is significantly improved as Firefox handles
low-memory situations much better.
* Touchpad scrolling on macOS was made more accessible by reducing unintended
diagonal scrolling opposite of the intended scroll axis.
* Firefox is less likely to run out of memory on Linux and performs more
efficiently for the rest of the system when memory runs low.
* Various security fixes.
Web Platform
* Support for the Offscreen Canvas DOM API with full context and font
support. The OffscreenCanvas API provides a canvas that can be rendered
off-screen in both Window and Web Worker contexts.
Security fixes:
#CVE-2022-40959: Bypassing FeaturePolicy restrictions on transient pages
#CVE-2022-40960: Data-race when parsing non-UTF-8 URLs in threads
#CVE-2022-40958: Bypassing Secure Context restriction for cookies with __Host
and __Secure prefix
#CVE-2022-40961: Stack-buffer overflow when initializing Graphics
#CVE-2022-40956: Content-Security-Policy base-uri bypass
#CVE-2022-40957: Incoherent instruction cache when building WASM on ARM64
#CVE-2022-40962: Memory safety bugs fixed in Firefox 105 and Firefox ESR 102.3
Revision 1.539 / (download) - annotate - [select for diffs], Tue Sep 27 20:58:28 2022 UTC (14 months ago) by wiz
Branch: MAIN
Changes since 1.538: +2 -2
lines
Diff to previous 1.538 (colored)
*: recursive bump for ffmpeg4 switch to x264
Revision 1.538 / (download) - annotate - [select for diffs], Sun Sep 11 12:52:09 2022 UTC (14 months, 2 weeks ago) by wiz
Branch: MAIN
CVS Tags: pkgsrc-2022Q3-base,
pkgsrc-2022Q3
Changes since 1.537: +2 -1
lines
Diff to previous 1.537 (colored)
*: bump PKGREVISION for flac shlib bump
Revision 1.537 / (download) - annotate - [select for diffs], Thu Sep 8 19:54:16 2022 UTC (14 months, 3 weeks ago) by ryoon
Branch: MAIN
Changes since 1.536: +2 -2
lines
Diff to previous 1.536 (colored)
firefox: Update to 104.0.2
Changelog:
Fixed
* Fixed a bug making it impossible to use touch or a stylus to drag the
scrollbar on pages (bug 1787361).
* Fixed an issue causing some users to crash in out-of-memory conditions (bug
1774155).
* Fixed an issue that would sometimes affect video & audio playback when
loaded via a cross-origin iframe src attribute (bug 1781759).
* Fixed an issue that would sometimes affect video & audio playback when
served with Content-Security-Policy: sandbox (bug 1781063).
Revision 1.536 / (download) - annotate - [select for diffs], Fri Sep 2 15:33:19 2022 UTC (14 months, 4 weeks ago) by ryoon
Branch: MAIN
Changes since 1.535: +3 -3
lines
Diff to previous 1.535 (colored)
firefox: Update to 104.0.1
Changelog:
104.0.1
Fixed
* Addresses an issue with Youtube video playback that was affecting some
users.
104.0
New
* Subtitles are now available for Disney+ in Picture-in-Picture.
* Firefox now supports both the scroll-snap-stop property as well as
re-snapping. You can use the scroll-snap-stop property's always and normal
values to specify whether or not to pass the snap points, even when
scrolling fast. Re-snapping tries to keep the last snap position after any
content/layout changes.
* The Firefox profiler can analyze power usage of a website (Apple M1 and
Windows 11 only).
* The Firefox UI itself will now be throttled for performance and battery
usage when minimized or occluded, in the same way background tabs are.
Fixed
* Highlight color is preserved correctly after typing Enter in the mail
composer of Yahoo Mail and Outlook.
* After bypassing the https only error page navigating back would take you to
the error page that was previously dismissed. Back now takes you to the
previous site that was visited.
* Paste unformatted shortcut (shift+ctrl/cmd+v) now works in plain text
contexts, such as input and text area.
* Various security fixes.
Enterprise
* Various bug fixes and new policies have been implemented in the latest
version of Firefox. You can find more information in the Firefox for
Enterprise 104 Release Notes.
Security fixes:
#CVE-2022-38472: Address bar spoofing via XSLT error handling
#CVE-2022-38473: Cross-origin XSLT Documents would have inherited the parent's
permissions
#CVE-2022-38474: Recording notification not shown when microphone was recording
on Android
#CVE-2022-38475: Attacker could write a value to a zero-length array
#CVE-2022-38477: Memory safety bugs fixed in Firefox 104 and Firefox ESR 102.2
#CVE-2022-38478: Memory safety bugs fixed in Firefox 104, Firefox ESR 102.2,
and Firefox ESR 91.13
Revision 1.535 / (download) - annotate - [select for diffs], Sat Aug 13 12:57:43 2022 UTC (15 months, 2 weeks ago) by ryoon
Branch: MAIN
Changes since 1.534: +1 -2
lines
Diff to previous 1.534 (colored)
forefox: Reset PKGREVISION
Revision 1.534 / (download) - annotate - [select for diffs], Sat Aug 13 12:56:39 2022 UTC (15 months, 2 weeks ago) by ryoon
Branch: MAIN
Changes since 1.533: +2 -2
lines
Diff to previous 1.533 (colored)
firefox: Update to 103.0.2
CHangelog:
Fixed
* Fixed menu shortcuts for users of the JAWS screen reader.
* Fixed an occasional non-overridable certificate error when accessing device
configuration pages.
* Fixed an issue with Picture-in-Picture displaying in fullscreen on macOS.
Revision 1.533 / (download) - annotate - [select for diffs], Thu Aug 11 05:09:22 2022 UTC (15 months, 3 weeks ago) by gutteridge
Branch: MAIN
Changes since 1.532: +2 -1
lines
Diff to previous 1.532 (colored)
Bump all dependent packages of wayland (belatedly) The package changed with the addition of its libepoll-shim dependency. Otherwise, we can get: ERROR: libepoll-shim>=0.0.20210418 is not installed; can't buildlink files.
Revision 1.532 / (download) - annotate - [select for diffs], Sat Aug 6 20:47:51 2022 UTC (15 months, 3 weeks ago) by nia
Branch: MAIN
Changes since 1.531: +7 -1
lines
Diff to previous 1.531 (colored)
firefox: Instead of including an autogenerated patch for libwebrtc, do the automagic inside pre-patch. Also handle aarch64. Require SSE2. It's probably not reasonable to patch -msse2 in everywhere, and upstream has required SSE2 on x86 for years.
Revision 1.531 / (download) - annotate - [select for diffs], Wed Aug 3 17:09:26 2022 UTC (15 months, 4 weeks ago) by ryoon
Branch: MAIN
Changes since 1.530: +2 -3
lines
Diff to previous 1.530 (colored)
firefox: Updatet to 103.0.1
Changelog:
103.0.1:
New
* Enabled hardware acceleration on newer AMD cards.
Fixed
* Fixed a crash on Firefox shutdown caused by a bug in the audio manager.
103.0:
New
* Improved responsiveness on macOS during periods of high CPU load by
switching to a modern lock API.
* Do you always forget something? Required fields are now highlighted in PDF
forms.
* Improved performance on high-refresh rate monitors (120Hz+).
* Enjoying Picture-in-Picture subtitles feature? It just got better: you can
now change subtitles font size directly from the PiP window. Additionally,
PiP subtitles are now available at Funimation, Dailymotion, Tubi, Hotstar,
and SonyLIV.
* Buttons in the Tabs toolbar can now be reached with Tab, Shift+Tab, and
Arrow keys. View this article for additional details.
* Windows' "Make text bigger" accessibility setting now affects all the UI
and content pages, rather than only applying to system font sizes.
* Rejoice! You can now conveniently access Firefox, which will now be pinned
to the Windows taskbar during installation on Windows 10 and 11. (This will
also allow for Firefox to be launched quicker after installing.)
Fixed
* Non-breaking spaces are now preserved --- preventing automatic line
breaks --- when copying text from a form control.
* Fixed WebGL performance issues on NVIDIA binary drivers via DMA-Buf on
Linux.
* Fixed an issue in which Firefox startup could be significantly slowed down
by the processing of Web content local storage. This had the greatest
impact on users with platter hard drives and significant local storage.
* Various security fixes.
Changed
* Removed a configuration option to allow SHA-1 signatures in certificates:
SHA-1 signatures in certificates --- long since determined to no longer be
secure enough --- are now not supported.
Security fixes:
#CVE-2022-36319: Mouse Position spoofing with CSS transforms
#CVE-2022-36318: Directory indexes for bundled resources reflected URL
parameters
#CVE-2022-36314: Opening local <code>.lnk</code> files could cause unexpected
network loads
#CVE-2022-36315: Preload Cache Bypasses Subresource Integrity
#CVE-2022-36316: Performance API leaked whether a cross-site resource is
redirecting
#CVE-2022-2505: Memory safety bugs fixed in Firefox 103 and 102.1
Revision 1.530 / (download) - annotate - [select for diffs], Mon Jul 25 01:01:54 2022 UTC (16 months, 1 week ago) by tnn
Branch: MAIN
Changes since 1.529: +2 -2
lines
Diff to previous 1.529 (colored)
*: revbump for ffmpeg5
Revision 1.529 / (download) - annotate - [select for diffs], Wed Jul 20 21:22:35 2022 UTC (16 months, 1 week ago) by nia
Branch: MAIN
Changes since 1.528: +2 -7
lines
Diff to previous 1.528 (colored)
firefox: Restore PaX MPROTECT support.
Revision 1.528 / (download) - annotate - [select for diffs], Sun Jul 17 08:08:56 2022 UTC (16 months, 2 weeks ago) by wiz
Branch: MAIN
Changes since 1.527: +4 -3
lines
Diff to previous 1.527 (colored)
firefox: remove unused gtk2 dependency Clean up some pkglint while here. Bump PKGREVISION.
Revision 1.527 / (download) - annotate - [select for diffs], Sat Jul 9 02:22:25 2022 UTC (16 months, 3 weeks ago) by ryoon
Branch: MAIN
Changes since 1.526: +2 -2
lines
Diff to previous 1.526 (colored)
firefox: Update to 102.0.1
Changelog:
Fixed
* Fixed bookmark shortcut creation by dragging to Windows File Explorer and
dropping partially broken (bug 1774683)
* Fixed bookmarks sidebar flashing white when opened in dark mode (bug
1776157)
* Fixed multilingual spell checking not working with content in both English
and a non-Latin alphabet (bug 1773802)
* Developer tools: Fixed an issue where the console output keep getting
scrolled to the bottom when the last visible message is an evaluation
result (bug 1776262)
* Fixed Delete cookies and site data when Firefox is closed checkbox getting
disabled on startup (bug 1777419)
* Various stability fixes
Revision 1.526 / (download) - annotate - [select for diffs], Mon Jul 4 14:34:07 2022 UTC (16 months, 4 weeks ago) by ryoon
Branch: MAIN
Changes since 1.525: +3 -4
lines
Diff to previous 1.525 (colored)
firefox: Update to 102.0
Changelog:
New
* Tired of too many windows crowding your screen? You can now disable
automatic opening of the download panel every time a new download starts.
Read more.
* Firefox now mitigates query parameter tracking when navigating sites in ETP
strict mode.
Fixed
* When using a screen reader on Windows, pressing enter to activate an
element no longer fails or clicks the wrong element and/or another
application window. For those blind or with very limited vision, this
technology reads out loud what is on the screen, and users can adapt them
to their needs (now, on our platform, without errors).
* Various security fixes.
Changed
* Improved security by moving audio decoding into a separate process with
stricter sandboxing, thus improving process isolation.
Enterprise
* Various bug fixes and new policies have been implemented in the latest
version of Firefox. You can find more information in the Firefox for
Enterprise 102 Release Notes.
* Firefox 102 is the new Extended Support Release (ESR). Firefox 91 ESR goes
out of support on September 20, 2022. (See the 102 ESR release notes for
more information)
Developer
* Developer Information
* You can now filter style sheets in the Style Editor tab of our developer
tools
Web Platform
* TransformStream and ReadableStream.pipeThrough have landed, allowing you to
pipe from a ReadableStream to a WritableStream, executing a transformation
on each chunk.
* ReadableStream, TransformStream, and WritableStream are all transferable
now.
* Firefox now supports Content-Security-Policy (CSP) integration with
WebAssembly. A document with a CSP that restricts scripts will no longer
execute WebAssembly unless the policy uses 'unsafe-eval' or the new
'wasm-unsafe-eval' keyword.
Security fixes:
#CVE-2022-34479: A popup window could be resized in a way to overlay the
address bar with web content
#CVE-2022-34470: Use-after-free in nsSHistory
#CVE-2022-34468: CSP sandbox header without `allow-scripts` can be bypassed via
retargeted javascript: URI
#CVE-2022-34482: Drag and drop of malicious image could have led to malicious
executable and potential code execution
#CVE-2022-34483: Drag and drop of malicious image could have led to malicious
executable and potential code execution
#CVE-2022-34476: ASN.1 parser could have been tricked into accepting malformed
ASN.1
#CVE-2022-34481: Potential integer overflow in ReplaceElementsAt
#CVE-2022-34474: Sandboxed iframes could redirect to external schemes
#CVE-2022-34469: TLS certificate errors on HSTS-protected domains could be
bypassed by the user on Firefox for Android
#CVE-2022-34471: Compromised server could trick a browser into an addon
downgrade
#CVE-2022-34472: Unavailable PAC file resulted in OCSP requests being blocked
#CVE-2022-34478: Microsoft protocols can be attacked if a user accepts a prompt
#CVE-2022-2200: Undesired attributes could be set as part of prototype
pollution
#CVE-2022-34480: Free of uninitialized pointer in lg_init
#CVE-2022-34477: MediaError message property leaked information on cross-origin
same-site pages
#CVE-2022-34475: HTML Sanitizer could have been bypassed via same-origin script
via use tags
#CVE-2022-34473: HTML Sanitizer could have been bypassed via use tags
#CVE-2022-34484: Memory safety bugs fixed in Firefox 102 and Firefox ESR 91.11
#CVE-2022-34485: Memory safety bugs fixed in Firefox 102
Revision 1.525 / (download) - annotate - [select for diffs], Sat Jul 2 16:53:37 2022 UTC (17 months ago) by ryoon
Branch: MAIN
Changes since 1.524: +2 -2
lines
Diff to previous 1.524 (colored)
*: Recursive revbump from audio/pulseaudio
Revision 1.524 / (download) - annotate - [select for diffs], Tue Jun 28 11:37:04 2022 UTC (17 months ago) by wiz
Branch: MAIN
Changes since 1.523: +2 -1
lines
Diff to previous 1.523 (colored)
*: recursive bump for perl 5.36
Revision 1.523 / (download) - annotate - [select for diffs], Tue Jun 14 16:44:29 2022 UTC (17 months, 2 weeks ago) by ryoon
Branch: MAIN
CVS Tags: pkgsrc-2022Q2-base,
pkgsrc-2022Q2
Changes since 1.522: +2 -7
lines
Diff to previous 1.522 (colored)
firefox: Update to 101.0.1
* Fix build under NetBSD/i386 with thiner LTO option.
Changelog:
Fixed
* Fixed Firefox clearing the clipboard when closing on macOS (bug 1771823)
* Fixed a compatibility issue causing severely impaired functionality with
win32k lockdown enabled on some Windows systems (bug 1769845)
* Fixed context menus not appearing when right-clicking Picture-in-Picture
windows on some Linux systems (bug 1771914)
* Various stability fixes
Revision 1.522 / (download) - annotate - [select for diffs], Mon Jun 6 20:59:39 2022 UTC (17 months, 3 weeks ago) by ryoon
Branch: MAIN
Changes since 1.521: +8 -3
lines
Diff to previous 1.521 (colored)
firefox: Update to 101.0
* Under NetBSD/i386 9, rustc consumes all RAM and swap and failed
to build this package.
Changelog:
New
* Reading is now easier with the prefers-contrast media query, which allows
sites to detect if the user has requested that web content is presented
with a higher (or lower) contrast.
* It??s your choice! All non-configured MIME types can now be assigned a
custom action upon download completion.
* Firefox now allows users to use as many microphones as you want, at the
same time, during video conferencing. The most exciting benefit is that you
can easily switch your microphones at any time (if your conferencing
service provider enables this flexibility).
Fixed
* Various security fixes.
Changed
* Removed "subject common name" fallback support from certificate validation.
This fallback mode was previously enabled only for manually installed
certificates. The CA Browser Forum Baseline Requirements have required the
presence of the "subjectAltName" extension since 2012, and use of the
subject common name was deprecated in RFC 2818.
Revision 1.521 / (download) - annotate - [select for diffs], Sat May 21 14:44:47 2022 UTC (18 months, 1 week ago) by ryoon
Branch: MAIN
Changes since 1.520: +2 -3
lines
Diff to previous 1.520 (colored)
firefox: Update to 100.0.2 Changelog: Security fixes: #CVE-2022-1802: Prototype pollution in Top-Level Await implementation #CVE-2022-1529: Untrusted input used in JavaScript object indexing, leading to prototype pollution
Revision 1.520 / (download) - annotate - [select for diffs], Thu May 19 10:20:16 2022 UTC (18 months, 2 weeks ago) by nia
Branch: MAIN
Changes since 1.519: +2 -1
lines
Diff to previous 1.519 (colored)
firefox: Switch to ffmpeg5.
Revision 1.519 / (download) - annotate - [select for diffs], Tue May 17 12:49:39 2022 UTC (18 months, 2 weeks ago) by ryoon
Branch: MAIN
Changes since 1.518: +2 -3
lines
Diff to previous 1.518 (colored)
firefox: Update to 100.0.1
Changelog:
100.0.1:
Fixed
* Fixed an issue with subtitles in Picture-in-Picture mode while using
Netflix (bug 1768818)
* Fixed an issue where some commands were unavailable in the
Picture-in-Picture window (bug 1768201)
Changed
* Firefox's security sandbox now blocks access to the Win32k APIs for Content
Processes on Windows (bug 1767999)
Revision 1.518 / (download) - annotate - [select for diffs], Mon May 16 14:19:23 2022 UTC (18 months, 2 weeks ago) by tnn
Branch: MAIN
Changes since 1.517: +2 -1
lines
Diff to previous 1.517 (colored)
firefox: bump rev for prefs change
Revision 1.517 / (download) - annotate - [select for diffs], Fri May 13 14:12:53 2022 UTC (18 months, 2 weeks ago) by ryoon
Branch: MAIN
Changes since 1.516: +3 -4
lines
Diff to previous 1.516 (colored)
firefox: Update to 100.0
* Simplify some option logics.
* Add sunaudio and jack options as audio backends.
Changelog
100.0:
New
* We now support captions/subtitles display on YouTube, Prime Video, and
Netflix videos you watch in Picture-in-Picture. Just turn on the subtitles
on the in-page video player, and they will appear in PiP.
* Picture-in-Picture now also supports video captions on websites that use
WebVTT (Web Video Text Track) format, like Coursera.org, Canadian
Broadcasting Corporation, and many more.
* On the first run after install, Firefox detects when its language does not
match the operating system language and offers the user a choice between
the two languages.
* Firefox spell checking now checks spelling in multiple languages. To enable
additional languages, select them in the text field's context menu.
* HDR video is now supported in Firefox on Mac --- starting with YouTube!
Firefox users on macOS 11+ (with HDR-compatible screens) can enjoy
higher-fidelity video content. No need to manually flip any preferences to
turn HDR video support on --- just make sure battery preferences are NOT set
to "optimize video streaming while on battery".
* Hardware accelerated AV1 video decoding is enabled on Windows with
supported GPUs (Intel Gen 11+, AMD RDNA 2 Excluding Navi 24, GeForce 30).
Installing the AV1 Video Extension from the Microsoft Store may also be
required.
* Video overlay is enabled on Windows for Intel GPUs, reducing power usage
during video playback.
* Improved fairness between painting and handling other events. This
noticeably improves the performance of the volume slider on Twitch.
* Scrollbars on Linux and Windows 11 won't take space by default. On Linux,
users can change this in Settings. On Windows, Firefox follows the system
setting (System Settings > Accessibility > Visual Effects > Always show
scrollbars).
* Firefox now supports credit card autofill and capture in the United
Kingdom.
* Firefox now ignores less restricted referrer policies --- including
unsafe-url, no-referrer-when-downgrade, and origin-when-cross-origin
--- for cross-site subresource/iframe requests to prevent privacy
leaks from the referrer.
Fixed
* Users can now choose preferred color schemes for websites. Theme authors
can now make better decisions about which color scheme Firefox uses for
menus. Web content appearance can now be changed in Settings.
* Beginning in this release, the Firefox installer for Windows is signed with
a SHA-256 digest, rather than SHA-1. Update KB4474419 is required for
successful installation on a computer running Microsoft Windows 7. For more
details about this update, visit the Microsoft Technical Support website.
* In macOS 11+ we now only rasterize the fonts once per window. This means
that opening a new tab is fast, and switching tabs in the same window is
also fast. (There's still work to do to share fonts across windows, or to
reduce the time it takes to initialize these fonts.)
* The performance of deeply-nested display: grid elements is greatly
improved.
* Support for profiling multiple java threads has been added.
* Soft-reloading a web page will no longer cause revalidation for all
resources.
* Non-vsync tasks are given more time to run, which improves behavior on
Google docs and Twitch.
* Geckoview APIs have been added to control the start/stop time of capturing
a profile.
* Various security fixes.
Changed
* Firefox has a new focus indicator for links which replaces the old dotted
outline with a solid blue outline. This change unifies the focus indicators
across form fields and links, which makes it easier to identify the focused
link, especially for users with low vision.
* New users can now set Firefox as the default PDF handler when setting
Firefox as their default browser.
* Some websites might not work correctly in Firefox version 100 due to
Firefox's new three-digit number. You can read about it in our blog post
here!
See the Mozilla Support article Difficulties opening or using a website in
Firefox 100 for possible workarounds you can use. There, you will also find
instructions for reporting a broken website so that Mozilla can help fix
the problem.
Mozilla Foundation Security Advisory 2022-16
#CVE-2022-29914: Fullscreen notification bypass using popups
#CVE-2022-29909: Bypassing permission prompt in nested browsing contexts
#CVE-2022-29916: Leaking browser history with CSS variables
#CVE-2022-29911: iframe Sandbox bypass
#CVE-2022-29912: Reader mode bypassed SameSite cookies
#CVE-2022-29910: Firefox for Android forgot HTTP Strict Transport Security
settings
#CVE-2022-29915: Leaking cross-origin redirect through the Performance API
#CVE-2022-29917: Memory safety bugs fixed in Firefox 100 and Firefox ESR 91.9
#CVE-2022-29918: Memory safety bugs fixed in Firefox 100
99.0.1:
Fixed
* Fixed an issue for Windows users that prevented hardware video decoding on
newer Intel drivers (bug 1762125)
* Fixed an issue with text rendering in Bengali (bug 1763368)
* Fixed a selection issue in the Download panel with drag and drop (bug
1762723)
* Fixed an issue preventing Zoom gallery mode for users who go to zoom.us
URLs instead of subdomain.zoom.us URLs (bug 1763801)
99.0:
New
* You can now toggle Narrate in ReaderMode with the keyboard shortcut "n."
* You can find added support for search --- with or without diacritics ---
in the PDF viewer.
* The Linux sandbox has been strengthened: processes exposed to web content
no longer have access to the X Window system (X11).
* Firefox now supports credit card autofill and capture in Germany and
France.
Fixed
* Various security fixes.
Mozilla Foundation Security Advisory 2022-13
#CVE-2022-1097: Use-after-free in NSSToken objects
#CVE-2022-28281: Out of bounds write due to unexpected WebAuthN Extensions
#CVE-2022-28282: Use-after-free in DocumentL10n::TranslateDocument
#CVE-2022-28283: Missing security checks for fetching sourceMapURL
#CVE-2022-28284: Script could be executed via svg's use element
#CVE-2022-28285: Incorrect AliasSet used in JIT Codegen
#CVE-2022-28286: iframe contents could be rendered outside the border
#CVE-2022-28287: Text Selection could crash Firefox
#CVE-2022-24713: Denial of Service via complex regular expressions
#CVE-2022-28289: Memory safety bugs fixed in Firefox 99 and Firefox ESR 91.8
#CVE-2022-28288: Memory safety bugs fixed in Firefox 99
Revision 1.516 / (download) - annotate - [select for diffs], Mon Apr 18 19:12:17 2022 UTC (19 months, 2 weeks ago) by adam
Branch: MAIN
Changes since 1.515: +2 -1
lines
Diff to previous 1.515 (colored)
revbump for textproc/icu update
Revision 1.515 / (download) - annotate - [select for diffs], Sun Apr 3 00:22:30 2022 UTC (19 months, 4 weeks ago) by ryoon
Branch: MAIN
Changes since 1.514: +2 -3
lines
Diff to previous 1.514 (colored)
firefox: Update to 98.0.2
Changelog:
98.0.2:
Fixed
* Fixed an issue preventing users from typing in Address Bar after opening
new tab and pressing cmd + enter (bug 1757376)
* Fixed an issue causing some users to crash in out-of-memory conditions (bug
1757618)
* Fixed an issue in session history which caused some sites to fail to load (
bug 1758664)
* Fixed an add-on specific compatibility issue (bug 1759162)
98.0.1:
Changed
* Yandex and Mail.ru have been removed as optional search providers in the
drop-down search menu in Firefox.
If you previously installed a customized version of Firefox with Yandex or
Mail.ru, offered through partner distribution channels, this release
removes those customizations, including add-ons and default bookmarks.
Where applicable, your browser will revert back to default settings, as
offered by Mozilla. All other releases of Firefox remain unaffected by the
change.
98.0:
New
* Firefox has a new optimized download flow. Instead of prompting every time,
files will download automatically. However, they can still be opened from
the downloads panel with just one click. Easy! More information
You'll find you have a number of options, including:
+ Always Open Similar Files: Make Firefox automatically open downloaded
files of the same type with the system default application.
+ Show In Folder: Open the folder that contains your downloaded files.
+ Go To Download Page: Surfaces the download reference page even after
leaving the site or closing the tab.
+ Copy Download Link: Copy the download link to share it, save it, or for
any applicable use.
+ Delete: You can now delete downloaded files directly from the download
panel and other download views using the context menu.
+ Remove From History: Remove a file from your list of downloaded files.
+ Clear Preview Panel: Clear the list of downloaded items in the preview
panel that opens when you start a download.
In this release, you'll also see that Firefox no longer asks what to do
for each file by default. You won't be prompted to choose a helper
application or save to disk before downloading a file unless you have
changed your download action setting for that type of file.
And now, every time you start a download, Firefox will automatically bring
up the Downloads panel by default. This means you'll experience minimal
interruptions and easily find your downloaded files. Plus, to avoid having
to close it several times, the panel won't show if there are multiple
downloads in progress.
You can now click on a file in the Downloads panel to open it even before
it has finished downloading. Firefox will open the file as soon as it is
available. Firefox: saving you time and helping you get back to what you
care about!
Any files you download will be immediately saved on your disk. Depending on
the current configuration, they'll be saved in your preferred download
folder, or you'll be asked to select a location for each download. Windows
and Linux users will find their downloaded files in the destination folder.
They'll no longer be put in the Temp folder.
* Firefox allows users to choose from a number of built-in search engines to
set as their default. In this release, some users who had previously
configured a default engine might notice their default search engine has
changed since Mozilla was unable to secure formal permission to continue
including certain search engines in Firefox.
Fixed
* Now, you can set a default app to open a file type. Choose the application
you want to use to open files of a specific type in your Firefox settings.
* After updating to Firefox version 98, "Always ask" download actions will
now be reset.
* Various security fixes.
Security fixes:
#CVE-2022-26383: Browser window spoof using fullscreen mode
#CVE-2022-26384: iframe allow-scripts sandbox bypass
#CVE-2022-26387: Time-of-check time-of-use bug when verifying add-on signatures
#CVE-2022-26381: Use-after-free in text reflows
#CVE-2022-26382: Autofill Text could be exfiltrated via side-channel attacks
#CVE-2022-26385: Use-after-free in thread shutdown
#CVE-2022-0843: Memory safety bugs fixed in Firefox 98
Revision 1.514 / (download) - annotate - [select for diffs], Mon Mar 28 10:59:30 2022 UTC (20 months ago) by tnn
Branch: MAIN
CVS Tags: pkgsrc-2022Q1-base,
pkgsrc-2022Q1
Changes since 1.513: +2 -1
lines
Diff to previous 1.513 (colored)
{s,t,w}*/*: revbump(1) for libsndfile
Revision 1.513 / (download) - annotate - [select for diffs], Sun Mar 6 04:51:48 2022 UTC (20 months, 3 weeks ago) by ryoon
Branch: MAIN
Changes since 1.512: +2 -2
lines
Diff to previous 1.512 (colored)
firefox: Updare to 97.0.2 Changelog: Security fixes: #CVE-2022-26485: Use-after-free in XSLT parameter processing #CVE-2022-26486: Use-after-free in WebGPU IPC Framework
Revision 1.512 / (download) - annotate - [select for diffs], Tue Mar 1 13:35:33 2022 UTC (21 months ago) by ryoon
Branch: MAIN
Changes since 1.511: +3 -3
lines
Diff to previous 1.511 (colored)
firefox: Update to 97.0.1
* Remove removed or changed configure options.
Changelog:
97.0.1:
Fixed
* Fixed an issue where TikTok videos would fail to load when selected from a
user's profile page (bug 1750973)
* Fixed an issue which led to Picture-in-Picture mode being unable to be
toggled on Hulu (bug 1753401)
* Works around problems with WebRoot SecureAnywhere antivirus rendering
Firefox unusable in some situations (bug 1752466)
* Fixed an issue causing users to see the Restore Session screen unexpectedly
when starting Firefox (bug 1749996)
97.0:
New
* On February 8, we expired the 18 colorway themes that shipped along with
Firefox 94. This signals the end of a special, limited-time feature set.
However, you can hold onto your favorite colorway, as long as you??re using
it on the expiration date. In other words, if a colorway is ??enabled?? in
the add-ons manager, that colorway is yours forever.
* Beginning February 15, we are releasing 6 brand-new colorways in a special
partner collaboration. U.S.-based fans of the film can visit
truecolors.firefox.com to activate official Turning Red-inspired Colorways,
available exclusively in Firefox for desktop through April 30, 2022.
Firefox users who visit the ??True Colors?? campaign landing page will be
able to modify how their web browser looks, with colors and moods inspired
by some of the main characters in the film. To enjoy the new Colorways, you
??ll need to make sure you upgrade to the latest Firefox 97 version. This
collection will be available in the add-ons manager, within the Colorways
section. Read more about colorway updates here.
* Firefox now supports and displays the new style of scrollbars on Windows
11.
Fixed
* On macOS, we??ve made improvements to system font loading which makes
opening and switching to new tabs faster in certain situations.
* Various security fixes
Changed
* Support for directly generating PostScript for printing on Linux has been
removed. Printing to PostScript printers still remains a supported option,
however.
Security fixes:
#CVE-2022-22753: Privilege Escalation to SYSTEM on Windows via Maintenance
Service
#CVE-2022-22754: Extensions could have bypassed permission confirmation during
update
#CVE-2022-22755: XSL could have allowed JavaScript execution after a tab was
closed
#CVE-2022-22756: Drag and dropping an image could have resulted in the dropped
object being an executable
#CVE-2022-22757: Remote Agent did not prevent local websites from connecting
#CVE-2022-22758: tel: links could have sent USSD codes to the dialer on Firefox
for Android
#CVE-2022-22759: Sandboxed iframes could have executed script if the parent
appended elements
#CVE-2022-22760: Cross-Origin responses could be distinguished between script
and non-script content-types
#CVE-2022-22761: frame-ancestors Content Security Policy directive was not
enforced for framed extension pages
#CVE-2022-22762: JavaScript Dialogs could have been displayed over other
domains on Firefox for Android
#CVE-2022-22764: Memory safety bugs fixed in Firefox 97 and Firefox ESR 91.6
#CVE-2022-0511: Memory safety bugs fixed in Firefox 97
Revision 1.511 / (download) - annotate - [select for diffs], Mon Jan 31 22:44:21 2022 UTC (22 months ago) by ryoon
Branch: MAIN
Changes since 1.510: +2 -2
lines
Diff to previous 1.510 (colored)
firefox: Update to 96.0.3 Changelog: Fixed Fixed an issue that allowed unexpected data to be submitted in some of our search telemetry (bug 1752317)
Revision 1.510 / (download) - annotate - [select for diffs], Tue Jan 25 12:43:48 2022 UTC (22 months ago) by ryoon
Branch: MAIN
Changes since 1.509: +2 -3
lines
Diff to previous 1.509 (colored)
firefox: Update to 96.0.2
Changelog:
Fixed
* Fixed an issue that caused tab height to display inconsistently on Linux
when audio was played (bug 1714276)
* Fixed an issue that caused Lastpass dropdowns to appear blank in Private
Browsing mode (bug 1748158)
* Fixed a crash encountered when resizing a Facebook app (bug 1746084)
Revision 1.509 / (download) - annotate - [select for diffs], Tue Jan 18 18:48:28 2022 UTC (22 months, 1 week ago) by tnn
Branch: MAIN
Changes since 1.508: +2 -1
lines
Diff to previous 1.508 (colored)
firefox: revert enable RLBox on aarch64 It worked in Firefox 95 but browser spins at 100% CPU in Firefox 96 ...
Revision 1.508 / (download) - annotate - [select for diffs], Sat Jan 15 15:57:37 2022 UTC (22 months, 2 weeks ago) by ryoon
Branch: MAIN
Changes since 1.507: +3 -4
lines
Diff to previous 1.507 (colored)
firefox: Update to 96.0.1
Changelog:
Version 96.0.1, first offered to Release channel users on January 14, 2022
Fixed
* Addresses proxy rule exceptions not working on Windows systems when "Use
system proxy settings" is set (bug 1749501)
* Improvements to make the parsing of content-length headers more robust (bug
1749957)
Version 96.0, first offered to Release channel users on January 11, 2022
New
* We've made significant improvements in noise-suppression and
auto-gain-control as well as slight improvements in echo-cancellation to
provide you with a better overall experience.
* We've also significantly reduced main-thread load.
* Firefox will now default all cookies to having a SameSite=lax attribute
which helps defend against Cross-Site Request Forgery (CSRF) attacks.
* When printing, you can now choose to print only the odd/even pages.
Fixed
* On macOS, command-clicking links in Gmail now opens them in a new tab as
expected.
* Our newest release fixes an issue where video intermittently drops SSRC.
* It also fixes an issue where WebRTC downgrades screen sharing resolution to
provide you with a clearer browsing experience.
* Plus, we've fixed video quality degradation issues on certain sites.
* Detached video in fullscreen on macOS has been temporarily disabled to
avoid some issues with corruption, brightness changes, missing subtitles
and high cpu usage.
* Various security fixes
Security fixes:
#CVE-2022-22746: Calling into reportValidity could have lead to fullscreen
window spoof
#CVE-2022-22743: Browser window spoof using fullscreen mode
#CVE-2022-22742: Out-of-bounds memory access when inserting text in edit mode
#CVE-2022-22741: Browser window spoof using fullscreen mode
#CVE-2022-22740: Use-after-free of ChannelEventQueue::mOwner
#CVE-2022-22738: Heap-buffer-overflow in blendGaussianBlur
#CVE-2022-22737: Race condition when playing audio files
#CVE-2021-4140: Iframe sandbox bypass with XSLT
#CVE-2022-22750: IPC passing of resource handles could have lead to sandbox
bypass
#CVE-2022-22749: Lack of URL restrictions when scanning QR codes
#CVE-2022-22748: Spoofed origin on external protocol launch dialog
#CVE-2022-22745: Leaking cross-origin URLs through securitypolicyviolation
event
#CVE-2022-22744: The 'Copy as curl' feature in DevTools did not fully escape
website-controlled data, potentially leading to command injection
#CVE-2022-22747: Crash when handling empty pkcs7 sequence
#CVE-2022-22736: Potential local privilege escalation when loading modules from
the install directory.
#CVE-2022-22739: Missing throttling on external protocol launch dialog
#CVE-2022-22751: Memory safety bugs fixed in Firefox 96 and Firefox ESR 91.5
#CVE-2022-22752: Memory safety bugs fixed in Firefox 96
Revision 1.507 / (download) - annotate - [select for diffs], Wed Dec 22 16:17:00 2021 UTC (23 months, 1 week ago) by ryoon
Branch: MAIN
CVS Tags: pkgsrc-2021Q4-base,
pkgsrc-2021Q4
Changes since 1.506: +2 -1
lines
Diff to previous 1.506 (colored)
firefox: For wasm-ld command to build RLBox wasm binary, depend on devel/lld Bump PKGREVISION.
Revision 1.506 / (download) - annotate - [select for diffs], Sun Dec 19 15:09:49 2021 UTC (23 months, 1 week ago) by ryoon
Branch: MAIN
Changes since 1.505: +9 -4
lines
Diff to previous 1.505 (colored)
firefox: Update to 95.0.1
* Enable RLBox WebAssembly sandboxing for i386 and x86_64 architectures.
Not tested for the other architectures yet.
Changelog:
95.0.1
Fixed
* Fixed frequent MOZILLA_PKIX_ERROR_OCSP_RESPONSE_FOR_CERT_MISSING error
messages when trying to connect to various microsoft.com domains (bug
1745600)
* Fix for a WebRender crash on some Linux/X11 systems (bug 1741956)
* Fix for a frequent Windows shutdown crash (bug 1738984)
* Fix websites contrast issues for some Linux users with Dark mode set at OS
level (bug 1740518)
Revision 1.505 / (download) - annotate - [select for diffs], Sun Dec 19 09:47:59 2021 UTC (23 months, 1 week ago) by maya
Branch: MAIN
Changes since 1.504: +2 -2
lines
Diff to previous 1.504 (colored)
sysutils/pciutils: no longer static, remove BUILDLINK_DEPMETHOD.pciutils?= build And pkgrevision bump consumers. Pointed out by tsutsui in PR pkg/56553
Revision 1.504 / (download) - annotate - [select for diffs], Fri Dec 17 20:08:42 2021 UTC (23 months, 2 weeks ago) by maya
Branch: MAIN
Changes since 1.503: +2 -1
lines
Diff to previous 1.503 (colored)
firefox: detect libpci on netbsd, where we call it libpciutil. webgl works again. bump pkgrevision
Revision 1.503 / (download) - annotate - [select for diffs], Sat Dec 11 14:10:01 2021 UTC (23 months, 3 weeks ago) by ryoon
Branch: MAIN
Changes since 1.502: +6 -6
lines
Diff to previous 1.502 (colored)
firefox: Update to 95.0
Changelog:
New
* RLBox --- a new technology that hardens Firefox against potential security
vulnerabilities in third-party libraries --- is now enabled on all
platforms.
* Good news! You can now download Firefox from the Microsoft Store on Windows
10 and Windows 11 platforms.
* We've reduced CPU usage on macOS in Firefox and WindowServer during event
processing.
* We've also reduced the power usage of software decoded video on macOS,
especially in fullscreen. This includes streaming sites such as Netflix and
Amazon Prime Video.
* You can now move the Picture-in-Picture toggle button to the opposite side
of the video. Simply look for the new context menu option Move
Picture-in-Picture Toggle to Left (Right) Side.
* To better protect Firefox users against side-channel attacks such as
Spectre, Site Isolation is now enabled for all Firefox 95 users.
Fixed
* After starting Firefox, users of the JAWS screen reader and ZoomText
magnifier will no longer need to switch applications in order to access
Firefox.
* You'll find the state of controls using the ARIA switch role is now
correctly reported by Mac OS VoiceOver.
* You'll see a faster content process startup on macOS.
* We've also made memory allocator improvements.
* And we've improved page load performance by speculatively compiling
JavaScript ahead of time.
* Various security fixes
Changed
* We've added a User Agent override for Slack.com, which allows Firefox
users to use more Call features and have access to Huddles.
Security fixes:
Mozilla Foundation Security Advisory 2021-52
#CVE-2021-43536: URL leakage when navigating while executing asynchronous
function
#CVE-2021-43537: Heap buffer overflow when using structured clone
#CVE-2021-43538: Missing fullscreen and pointer lock notification when
requesting both
#CVE-2021-43539: GC rooting failure when calling wasm instance methods
#MOZ-2021-0010: Use-after-free in fullscreen objects on MacOS
#CVE-2021-43540: WebExtensions could have installed persistent ServiceWorkers
#CVE-2021-43541: External protocol handler parameters were unescaped
#CVE-2021-43542: XMLHttpRequest error codes could have leaked the existence of
an external protocol handler
#CVE-2021-43543: Bypass of CSP sandbox directive when embedding
#CVE-2021-43544: Receiving a malicious URL as text through a SEND intent could
have led to XSS
#CVE-2021-43545: Denial of Service when using the Location API in a loop
#CVE-2021-43546: Cursor spoofing could overlay user interface when native
cursor is zoomed
#MOZ-2021-0009: Memory safety bugs fixed in Firefox 95 and Firefox ESR 91.4
Revision 1.502 / (download) - annotate - [select for diffs], Wed Dec 8 16:06:55 2021 UTC (23 months, 3 weeks ago) by adam
Branch: MAIN
Changes since 1.501: +2 -1
lines
Diff to previous 1.501 (colored)
revbump for icu and libffi
Revision 1.501 / (download) - annotate - [select for diffs], Thu Nov 25 14:33:41 2021 UTC (2 years ago) by ryoon
Branch: MAIN
Changes since 1.500: +2 -2
lines
Diff to previous 1.500 (colored)
firefox: Update to 94.0.2
Changelog:
Fixed
* Improved hangs experienced by users of assistive technology such as NVDA
when installing Firefox through the Microsoft Store (bug 1736742)
* Resolved general instability/crashes on Linux caused by a file descriptor
leak when backgrounding tabs using WebGL (bug 1741997)
Changed
* Updated preference design for Firefox Suggest for improved clarity.
Revision 1.500 / (download) - annotate - [select for diffs], Thu Nov 11 16:48:04 2021 UTC (2 years ago) by ryoon
Branch: MAIN
Changes since 1.499: +5 -5
lines
Diff to previous 1.499 (colored)
firefox: Update to 94.0.1
Changelog:
94.0.1
Fixed
* Fixed browser hangs when viewing fullscreen videos on macOS 10.12 (bug 1737998)
94.0
New
* Colorways animated screenshot
With 94, you'll find a selection of six fun seasonal Colorways (available
for a limited time only). Now you can find a color to suit (or lift) your
every mood.
Fun fact: Did you know we have more daily users with color themes than dark
or Alpenglow on Beta? With Firefox 89, 32% of users clicked through to
customize their color theme. And that was just on the first day! We decided
to introduce these new Colorways to give our users more to love.
* Firefox macOS now uses Apple's low power mode for fullscreen video on sites
such as YouTube and Twitch. This meaningfully extends battery life in long
viewing sessions. Now your kids can find out what the fox says on a loop
without you ever missing a beat'
* With this release, power users can use about:unloads to release system
resources by manually unloading tabs without closing them.
* On Windows, there will now be fewer interruptions because Firefox won't
prompt you for updates. Instead, a background agent will download and
install updates even if Firefox is closed.
* And on Linux, we've improved WebGL performance and reduced power
consumption for many users.
* To better protect all Firefox users against side-channel attacks such as
Spectre, we're introducing Site Isolation. It will be rolled out to
Firefox 94 users over the next few weeks. We've got your
back...errr...side!
* We're rolling out the Firefox Multi-Account Containers extension with
Mozilla VPN integration. This lets you use a different server location for
each container.
* Firefox no longer warns you by default when you exit the browser or close a
window using a menu, button, or three-key command. This should cut back on
unwelcome notifications which is always nice--however, if you prefer a bit
of notice, you'll still have full control over the quit/close modal
behavior. All warnings can be managed within Firefox Settings. No worries!
(More details)
* And now, Firefox supports the new Snap Layouts menus when running on
Windows 11.
Fixed
* We've reduced the overhead of using performance.mark() and
performance.measure() APIs with a large set of performance entries.
* Plus, we've modified paint suppression during load to greatly improve
warmload performance in Site Isolation mode.
* You'll also notice a small reduction in Javascript memory usage.
* With this release, you'll notice faster Javascript property enumeration as
well.
* We've also implemented better scheduling of garbage collection which has
improved some pageload benchmarks.
* This release also sees reduced CPU usage during socket polling for HTTPS
connections.
* Additionally, you'll notice faster storage initialization.
* We've also improved cold startup by reducing main thread I/O.
* Plus, closing devtools now reclaims more memory than ever before.
* And we've improved pageload (especially with Site Isolation mode) by
setting a higher priority for loading and displaying images.
* Various security fixes
Enterprise
* Enterprise users now have more control over Firefox deployments with the
availability of our MSIX package on Windows platforms.
* You'll also notice various bug fixes and new policies have been
implemented in this latest version of Firefox. See more details in the
Firefox for Enterprise 94 Release Notes.
Security fixes:
#CVE-2021-38503: iframe sandbox rules did not apply to XSLT stylesheets
#CVE-2021-38504: Use-after-free in file picker dialog
#CVE-2021-38505: Windows 10 Cloud Clipboard may have recorded sensitive user
data
#CVE-2021-38506: Firefox could be coaxed into going into fullscreen mode
without notification or warning
#CVE-2021-38507: Opportunistic Encryption in HTTP2 could be used to bypass the
Same-Origin-Policy on services hosted on other ports
#MOZ-2021-0003: Universal XSS in Firefox for Android via QR Code URLs
#CVE-2021-38508: Permission Prompt could be overlaid, resulting in user
confusion and potential spoofing
#MOZ-2021-0004: Web Extensions could access pre-redirect URL when their context
menu was triggered by a user
#CVE-2021-38509: Javascript alert box could have been spoofed onto an arbitrary
domain
#CVE-2021-38510: Download Protections were bypassed by .inetloc files on Mac OS
#MOZ-2021-0005: 'Copy Image Link' context menu action could have been abused to
see authentication tokens
#MOZ-2021-0006: URL Parsing may incorrectly parse internationalized domains
#MOZ-2021-0007: Memory safety bugs fixed in Firefox 94 and Firefox ESR 91.3
Revision 1.499 / (download) - annotate - [select for diffs], Fri Oct 15 13:00:05 2021 UTC (2 years, 1 month ago) by ryoon
Branch: MAIN
Changes since 1.498: +5 -6
lines
Diff to previous 1.498 (colored)
firefox: Update to 93.0
Changelog:
New
* Firefox now supports the new AVIF image format, which is based on the
modern and royalty free AV1 video codec. It offers significant bandwidth
savings for sites compared to existing image formats. It also supports
transparency and other advanced features.
* Firefox PDF viewer now supports filling more forms (XFA-based forms, used
by multiple governments and banks). Learn more.
* When available system memory is critically low, Firefox on Windows will
automatically unload tabs based on their last access time, memory usage,
and other attributes. This should help reduce Firefox out-of-memory
crashes. Switching to an unloaded tab automatically reloads it.
* To prevent session loss for macOS users who are running Firefox from a
mounted .dmg file, they??ll now be prompted to finish installation. This
permission prompt only appears the first time these users run Firefox on
their computer.
* Firefox now blocks downloads that rely on insecure connections, protecting
against potentially malicious or unsafe downloads. Learn more and see where
to find downloads in Firefox.
* Improved web compatibility for privacy protections with SmartBlock 3.0.
Learn more
* Introducing a new referrer tracking protection in Strict Tracking
Protection and Private Browsing. Learn more
* Introducing Firefox Suggest, a faster way to navigate the web. Learn more
about the experience and locale-specific features.
Fixed
* The VoiceOver screen reader now correctly reports checkable items in
accessible tree controls as checked or unchecked.
* The Orca screen reader now works correctly with Firefox, no longer
requiring users to switch to another application after starting Firefox.
* Various security fixes
Changed
* TLS ciphersuites that use 3DES have been disabled. Such ciphersuites can
only be enabled when deprecated versions of TLS are also enabled. Learn
more.
* The download panel now follows the Firefox visual styles.
Enterprise
* Various bug fixes and new policies have been implemented in the latest
version of Firefox. See more details in the Firefox for Enterprise 93
Release Notes.
Developer
* Developer Information
Web Platform
* The UI for <input type="datetime-local"> has been implemented.
Security fixes:
#CVE-2021-38496: Use-after-free in MessageTask
#CVE-2021-38497: Validation message could have been overlaid on another origin
#CVE-2021-38498: Use-after-free of nsLanguageAtomService object
#CVE-2021-32810: Data race in crossbeam-deque
#CVE-2021-38500: Memory safety bugs fixed in Firefox 93, Firefox ESR 78.15, and
Firefox ESR 91.2
#CVE-2021-38501: Memory safety bugs fixed in Firefox 93 and Firefox ESR 91.2
#CVE-2021-38499: Memory safety bugs fixed in Firefox 93
Revision 1.498 / (download) - annotate - [select for diffs], Sat Oct 9 15:35:11 2021 UTC (2 years, 1 month ago) by nia
Branch: MAIN
Changes since 1.497: +2 -1
lines
Diff to previous 1.497 (colored)
Recursive revbump for multimedia/libaom
Revision 1.497 / (download) - annotate - [select for diffs], Thu Sep 30 14:25:18 2021 UTC (2 years, 2 months ago) by ryoon
Branch: MAIN
Changes since 1.496: +3 -3
lines
Diff to previous 1.496 (colored)
firefox: Revert accidentally committed part
Revision 1.496 / (download) - annotate - [select for diffs], Thu Sep 30 14:24:00 2021 UTC (2 years, 2 months ago) by ryoon
Branch: MAIN
Changes since 1.495: +4 -4
lines
Diff to previous 1.495 (colored)
firefox: Fix SITES for nodejs-output-92.0.tgz
Revision 1.495 / (download) - annotate - [select for diffs], Thu Sep 30 14:18:27 2021 UTC (2 years, 2 months ago) by ryoon
Branch: MAIN
Changes since 1.494: +4 -5
lines
Diff to previous 1.494 (colored)
firefox: Update to 92.0.1
Changelog:
92.0.1
Fixed
* Fixes an issue where audio playback was not working on some Linux systems (
bug 1730499)
* Fixes issues with the findbar close button on different operating systems (
bug 1728368)
92.0
New
* More secure connections: Firefox can now automatically upgrade to HTTPS
using HTTPS RR as Alt-Svc headers.
* Full-range color levels are now supported for video playback on many
systems.
* Mac users can now access the macOS share options from the Firefox File
menu.
* Support for images containing ICC v4 profiles is enabled on macOS.
Fixed
* Firefox performance with screen readers and other accessibility tools is no
longer severely degraded if Mozilla Thunderbird is installed or updated
after Firefox.
* macOS VoiceOver now correctly reports buttons and links marked as ??
expanded?? using the aria-expanded attribute.
* An open alert in a tab no longer causes performance issues in other tabs
using the same process.
* Various security fixes
Changed
* Canonical is now building the official Firefox snap. It's also now
available on two additional architectures, ARMhf and ARM64.
* The bookmark toolbar menus on macOS now follow Firefox visual styles.
* Certificate error pages have been redesigned for a better user experience.
* Continuing work to restructure Firefox??s JavaScript memory management to
be more performant and use less memory.
Revision 1.494 / (download) - annotate - [select for diffs], Thu Sep 16 21:12:48 2021 UTC (2 years, 2 months ago) by nia
Branch: MAIN
CVS Tags: pkgsrc-2021Q3-base,
pkgsrc-2021Q3
Changes since 1.493: +2 -2
lines
Diff to previous 1.493 (colored)
firefox: Use "unofficial" branding Firefox's build system defaults to "nightly" for builds without official branding, and in practice there seems to be very little difference between "nightly" and "unofficial", but this at least makes our choice explicit. Bump PKGREVISION
Revision 1.493 / (download) - annotate - [select for diffs], Thu Sep 16 20:47:40 2021 UTC (2 years, 2 months ago) by nia
Branch: MAIN
Changes since 1.492: +3 -2
lines
Diff to previous 1.492 (colored)
firefox: we no longer install to share/pixmaps
Revision 1.492 / (download) - annotate - [select for diffs], Thu Sep 16 16:46:24 2021 UTC (2 years, 2 months ago) by nia
Branch: MAIN
Changes since 1.491: +14 -36
lines
Diff to previous 1.491 (colored)
firefox: Install scalable icon sizes, bump PKGREVISION
Revision 1.491 / (download) - annotate - [select for diffs], Wed Aug 25 11:50:43 2021 UTC (2 years, 3 months ago) by manu
Branch: MAIN
Changes since 1.490: +2 -1
lines
Diff to previous 1.490 (colored)
Work around build failure on i386 caused by internal compiler error On i386, cc1plus hits an internal error when building gfx/wr/swgl/src/gl.cc with -O2 or -O1. This change adjusts the build script to force -O0.
Revision 1.490 / (download) - annotate - [select for diffs], Tue Aug 24 16:36:01 2021 UTC (2 years, 3 months ago) by ryoon
Branch: MAIN
Changes since 1.489: +2 -2
lines
Diff to previous 1.489 (colored)
firefox: Update to 91.0.2
Changelog:
Fixed
* High Contrast Mode is no longer enabled by default when "Increase Contrast"
is checked in macOS settings (bug 1726606)
* Firefox no longer clears authentication data when purging trackers, to
avoid repeatedly prompting for a password (bug 1721084)
Revision 1.489 / (download) - annotate - [select for diffs], Sun Aug 22 02:31:50 2021 UTC (2 years, 3 months ago) by ryoon
Branch: MAIN
Changes since 1.488: +2 -2
lines
Diff to previous 1.488 (colored)
firefox: Update to 91.0.1
Changelog:
Fixed
* Fixed an issue causing buttons on the tab bar to be resized when loading
certain websites (bug 1704404)
* Fixed an issue which caused tabs from private windows to be visible in
non-private windows when viewing switch-to-tab results in the address bar
panel (bug 1720369)
* Various stability fixes
* Security fix
Security fixes:
#CVE-2021-29991: Header Splitting possible with HTTP/3 Responses
Revision 1.488 / (download) - annotate - [select for diffs], Fri Aug 13 14:57:52 2021 UTC (2 years, 3 months ago) by ryoon
Branch: MAIN
Changes since 1.487: +6 -7
lines
Diff to previous 1.487 (colored)
firefox: Update to 91.0
* Convert to --enable-chrome-format=omni.
It is not necessary to modify JavaScript files to improve support recently.
* Fix build under NetBSD/i386 like lang/mozjs78.
Changelog:
New
* Building on Total Cookie Protection, we've added a more comprehensive logic
for clearing cookies that prevents hidden data leaks and makes it easy for
users to understand which websites are storing local information. Learn
more
* Firefox now supports logging into Microsoft, work, and school accounts
using Windows single sign-on. Learn more
* The simplify page when printing feature is back! When printing, under More
settings > Format select the Simplified option when available to get a
clutter-free page. Learn more
* HTTPS-First Policy: Firefox Private Browsing windows now attempt to make
all connections to websites secure, and fall back to insecure connections
only when websites do not support it. Learn more
* We've added a new locale: Scots (sco)
* The address bar now provides Switch to Tab results also in Private Browsing
windows.
* Firefox now automatically enables High Contrast Mode when "Increase
Contrast" is checked on MacOS
* Firefox now does catch-up paints for almost all user interactions, enabling
a 10-20% improvement in response time to most user interactions.
Fixed
* Various security fixes
Enterprise
* Various bug fixes and new policies have been implemented in the latest
version of Firefox. See more details in the Firefox for Enterprise 91
Release Notes.
Developer
* Developer Information
Web Platform
* The Visual Viewport API is now supported on desktop platforms
Security fixes:
#CVE-2021-29986: Race condition when resolving DNS names could have led to
memory corruption
#CVE-2021-29981: Live range splitting could have led to conflicting assignments
in the JIT
#CVE-2021-29988: Memory corruption as a result of incorrect style treatment
#CVE-2021-29983: Firefox for Android could get stuck in fullscreen mode
#CVE-2021-29984: Incorrect instruction reordering during JIT optimization
#CVE-2021-29980: Uninitialized memory in a canvas object could have led to
memory corruption
#CVE-2021-29987: Users could have been tricked into accepting unwanted
permissions on Linux
#CVE-2021-29985: Use-after-free media channels
#CVE-2021-29982: Single bit data leak due to incorrect JIT optimization and
type confusion
#CVE-2021-29989: Memory safety bugs fixed in Firefox 91 and Firefox ESR 78.13
#CVE-2021-29990: Memory safety bugs fixed in Firefox 91
Revision 1.487 / (download) - annotate - [select for diffs], Fri Jul 30 12:27:09 2021 UTC (2 years, 4 months ago) by ryoon
Branch: MAIN
Changes since 1.486: +2 -1
lines
Diff to previous 1.486 (colored)
*: Recursive revbump from audio/pulseaudio-15.0
Revision 1.486 / (download) - annotate - [select for diffs], Fri Jul 23 07:49:53 2021 UTC (2 years, 4 months ago) by ryoon
Branch: MAIN
Changes since 1.485: +2 -2
lines
Diff to previous 1.485 (colored)
firefox: Update to 90.0.2
Changelog:
90.0.2:
Fixed
* Fixed truncated output when printing (bug 1720621)
* Fixed menu styling on some Gtk themes (bug 1720441, bug 1720874)
#
Changed
* Updates to support DoH Canada rollout
90.0.1:
Fixed
* Fixed a crash when using some accessibility clients on Windows (bug 1720696
)
* Fixed busy looping processing some HTTP3 responses (bug 1720079)
* Fixed transient errors authenticating with some smart cards (bug 1715325)
* Fixed a rare crash on shutdown (bug 1707057)
* Fixed a race on startup that caused about:support to end up empty after
upgrade (bug 1717894)
* Reference link to 90.0 release notes
unresolved
* Printing a page with scaling may result in truncated output (bug 1720621)
Revision 1.485 / (download) - annotate - [select for diffs], Tue Jul 13 14:52:22 2021 UTC (2 years, 4 months ago) by ryoon
Branch: MAIN
Changes since 1.484: +3 -3
lines
Diff to previous 1.484 (colored)
firefox: Update to 90.0
Changelog:
New
* On Windows, updates can now be applied in the background while Firefox is
not running.
* Firefox for Windows now offers a new page about:third-party to help
identify compatibility issues caused by third-party applications
* Exceptions to HTTPS-Only mode can be managed in about:preferences#privacy
* Print to PDF now produces working hyperlinks
* Version 2 of Firefox??s SmartBlock feature further improves private
browsing. Third-party Facebook scripts are blocked to prevent you from
being tracked, but are now automatically loaded ??just in time?? if you
decide to ??Log in with Facebook?? on any website.
Fixed
* Various security fixes
Changed
* The "Open Image in New Tab" context menu item now opens images and media in
a background tab by default. Learn more
* Most users without hardware accelerated WebRender will now be using
software WebRender.
* Improved software WebRender performance
* FTP support has been removed
Enterprise
* Various bug fixes and new policies have been implemented in the latest
version of Firefox. See more details in the Firefox for Enterprise 90
Release Notes.
Developer
* Developer Information
* Support for Private Fields (TC39 proposal, stage 3) is available in
DevTools. The support includes: object inspection, autocompletion,
expression evaluation, variable tooltips, and pretty printing (bug)
* The Network panel shows a preview of HTTP requests for fonts in the
Response tab (bug)
Network panel font preview screenshot
Web Platform
* Support for Fetch Metadata Request Headers, which allows web applications
to better protect themselves and their users against various cross-origin
threats.
* Added the ability to use client authentication certificates stored in
hardware tokens or in Operating System storage.
Security fixes:
#CVE-2021-29970: Use-after-free in accessibility features of a document
#CVE-2021-29971: Granted permissions only compared host; omitting scheme and
port on Android
#CVE-2021-30547: Out of bounds write in ANGLE
#CVE-2021-29972: Use of out-of-date library included use-after-free
vulnerability
#CVE-2021-29973: Password autofill on HTTP websites was enabled without user
interaction on Android
#CVE-2021-29974: HSTS errors could be overridden when network partitioning was
enabled
#CVE-2021-29975: Text message could be overlaid on top of another website
#CVE-2021-29976: Memory safety bugs fixed in Firefox 90 and Firefox ESR 78.12
#CVE-2021-29977: Memory safety bugs fixed in Firefox 90
Revision 1.484 / (download) - annotate - [select for diffs], Fri Jul 2 10:51:16 2021 UTC (2 years, 5 months ago) by tnn
Branch: MAIN
Changes since 1.483: +9 -9
lines
Diff to previous 1.483 (colored)
firefox: fix some pkglint warnings
Revision 1.483 / (download) - annotate - [select for diffs], Wed Jun 30 15:09:55 2021 UTC (2 years, 5 months ago) by ryoon
Branch: MAIN
Changes since 1.482: +7 -8
lines
Diff to previous 1.482 (colored)
firefox: Update to 89.0.2
Changelog:
89.0.2
Fixed
* Fix occasional hangs with Software WebRender on Linux (bug 1708224)
89.0.1
Fixed
* Windows: Resolved an issue causing some screen readers to not interact
correctly with Firefox anymore (bug 1714212)
* Updated translations, including full Spanish (Mexico) localization and
other improvements (bug 1714946)
* Fix various font related regressions (bug 1694174)
* Linux: Fix performance and stability regressions with WebRender (bug
1715895, bug 1715902)
* macOS: Fix screen flickering when scrolling a page on an external monitor (
bug 1715452)
* Enterprise: Fix for the DisableDeveloperTools policy not having effect
anymore (bug 1715777)
* Linux: Fix broken scrollbars on some GTK themes (bug 1714103)
* Various stability and security fixes.
Security fixes:
#CVE-2021-29968: Out of bounds read when drawing text characters onto a Canvas
89.0
New
* Say hello to a fresh new Firefox, designed to get you where you want to go
even faster. We??ve redesigned and modernized the core experience to be
cleaner, more inviting, and easier to use.
Beginning in 89, you??ll notice a number of changes, including:
Simplified browser chrome and toolbar: Less frequently used items removed
to focus on the most important navigation items.
Simplified browser chrome and toolbar screenshot
Clear, streamlined menus: Re-organized and prioritized menu content
according to usage. Updated labels and removed iconography.
Clear, streamlined menus screenshot
Updated prompts: Infobars, panels, and modals have a cleaner design and
clearer language.
Updated prompts screenshot
Inspired tab design: Floating tabs neatly contain information and surface
cues when you need them, like visual indicators for audio controls. The
rounded design of the active tab supports focus and signals the ability to
easily move the tab as needed.
Inspired tab design screenshot
Fewer interruptions: Reduced number of alerts and messages, so you can
browse with fewer distractions.
Cohesive, calmer visuals: Lighter iconography, a refined color palette, and
more consistent styling throughout.
This release also includes enhancements to our privacy offerings:
+ We??ve enhanced the privacy of the Firefox Browser??s Private Browsing
mode with Total Cookie Protection, which confines cookies to the site
where they were created, preventing companies from using cookies to
track your browsing across sites. This feature was originally launched
in Firefox??s ETP Strict mode.
* For macOS users, we're introducing the elastic overscroll effect known from
many other applications. A gentle bouncing animation will indicate that you
reached the end of the page.
In addition, we added support for smart zoom. Double-tap with two fingers
on your trackpad, or with a single finger on your Magic Mouse, to zoom the
content below your cursor into focus.
* Native context menus: Context menus on macOS are now native and support
Dark Mode.
macOS native context menus screenshot
* WebRender is now enabled on Linux with the NVIDIA binary driver and on all
desktop environments
#
Fixed
* Colors in Firefox on macOS will no longer be saturated on wide gamut
displays, untagged images are properly treated as sRGB, and colors in
images tagged as sRGB will now match CSS colors.
* In full screen mode on macOS, moving your mouse to the top of the screen
will no longer hide your tabs behind the system menu bar.
* Also in full screen mode on macOS, it is now possible to hide the browser
toolbars for a fully immersive full screen experience. This brings macOS in
line with Windows and Linux.
* Various stability and security fixes.
#
Changed
* Introducing a non-native implementation of web form controls, which
delivers a new modern design and some improvements to page load
performance. Watch for layout bugs in web pages that make assumptions about
the dimensions or styling of form controls.
* The screenshots feature is available in the right-click context menu. You
can also add a screenshots shortcut to your toolbar. Learn more.
Security fixes:
#CVE-2021-29965: Password Manager on Firefox for Android susceptible to domain
spoofing
#CVE-2021-29960: Filenames printed from private browsing mode incorrectly
retained in preferences
#CVE-2021-29961: Firefox UI spoof using `<select>` elements and CSS scaling
#CVE-2021-29963: Shared cookies for search suggestions in private browsing mode
#CVE-2021-29964: Out of bounds-read when parsing a `WM_COPYDATA` message
#CVE-2021-29959: Devices could be re-enabled without additional permission
prompt
#CVE-2021-29962: No rate-limiting for popups on Firefox for Android
#CVE-2021-29967: Memory safety bugs fixed in Firefox 89 and Firefox ESR 78.11
#CVE-2021-29966: Memory safety bugs fixed in Firefox 89
Revision 1.482 / (download) - annotate - [select for diffs], Fri Jun 18 18:08:05 2021 UTC (2 years, 5 months ago) by nia
Branch: MAIN
CVS Tags: pkgsrc-2021Q2-base,
pkgsrc-2021Q2
Changes since 1.481: +3 -3
lines
Diff to previous 1.481 (colored)
firefox: Explicitly use autoconf-2.13 Candidate fix for PR pkg/56261
Revision 1.481 / (download) - annotate - [select for diffs], Tue Jun 15 13:54:20 2021 UTC (2 years, 5 months ago) by bsiegert
Branch: MAIN
Changes since 1.480: +2 -2
lines
Diff to previous 1.480 (colored)
firefox: fix 64-bit ARM build The code in question has changed in the repo since, so the patch can probably be removed in the next major update.
Revision 1.480 / (download) - annotate - [select for diffs], Mon May 24 19:55:14 2021 UTC (2 years, 6 months ago) by wiz
Branch: MAIN
Changes since 1.479: +2 -1
lines
Diff to previous 1.479 (colored)
*: recursive bump for perl 5.34
Revision 1.479 / (download) - annotate - [select for diffs], Wed May 12 13:31:44 2021 UTC (2 years, 6 months ago) by ryoon
Branch: MAIN
Changes since 1.478: +3 -3
lines
Diff to previous 1.478 (colored)
firefox: Update nodejs output to 88.0.1
Revision 1.478 / (download) - annotate - [select for diffs], Thu May 6 13:14:24 2021 UTC (2 years, 6 months ago) by ryoon
Branch: MAIN
Changes since 1.477: +2 -3
lines
Diff to previous 1.477 (colored)
firefox: Update to 88.0.1
Changelog:
Version 88.0.1, first offered to Release channel users on May 5, 2021
-------------------------------------------------------------------------------
Fixed
* Resolved an issue caused by a recent Widevine plugin update which prevented
some purchased video content from playing correctly (bug 1705138)
* Fixed corruption of videos playing on Twitter or WebRTC calls on some Gen6
Intel graphics chipsets (bug 1708937)
* Fixed menulists in Preferences being unreadable for users with High
Contrast Mode enabled (bug 1706496)
* Various stability and security fixes.
Security fixes:
#CVE-2021-29953: Universal Cross-Site Scripting
#CVE-2021-29952: Race condition in Web Render Components
Revision 1.477 / (download) - annotate - [select for diffs], Mon May 3 16:31:37 2021 UTC (2 years, 6 months ago) by ryoon
Branch: MAIN
Changes since 1.476: +64 -1
lines
Diff to previous 1.476 (colored)
firefox: Enable build without nodejs dependency Patch is from martin@. For the architecture that is not supported by nodejs, for example sparc64, lang/nodejs should not be in www/firefox dependency.
Revision 1.476 / (download) - annotate - [select for diffs], Wed Apr 21 11:42:53 2021 UTC (2 years, 7 months ago) by adam
Branch: MAIN
Changes since 1.475: +2 -1
lines
Diff to previous 1.475 (colored)
revbump for textproc/icu
Revision 1.475 / (download) - annotate - [select for diffs], Mon Apr 19 13:50:07 2021 UTC (2 years, 7 months ago) by ryoon
Branch: MAIN
Changes since 1.474: +2 -3
lines
Diff to previous 1.474 (colored)
firefox: Update to 88.0
Changelog:
New
* PDF forms now support JavaScript embedded in PDF files. Some PDF forms use
JavaScript for validation and other interactive features.
* Print updates: Margin units are now localized.
* Smooth pinch-zooming using a touchpad is now supported on Linux
* To protect against cross-site privacy leaks, Firefox now isolates
window.name data to the website that created it. Learn more
Fixed
* Screen readers no longer incorrectly read content that websites have
visually hidden, as in the case of articles in the Google Help panel.
* Various security fixes.
Changed
* Firefox will not prompt for access to your microphone or camera if you've
already granted access to the same device on the same site in the same tab
within the past 50 seconds. This new grace period reduces the number of
times you're prompted to grant device access.
* The "Take a Screenshot" feature was removed from the Page Actions menu in
the url bar. To take a screenshot, right-click to open the context menu.
You can also add a screenshots shortcut directly to your toolbar via the
Customize menu. Open the Firefox menu and select Customize...
* FTP support has been disabled, and its full removal is planned for an
upcoming release. Addressing this security risk reduces the likelihood of
an attack while also removing support for a non-encrypted protocol.
Security fixes:
#CVE-2021-23994: Out of bound write due to lazy initialization
#CVE-2021-23995: Use-after-free in Responsive Design Mode
#CVE-2021-23996: Content rendered outside of webpage viewport
#CVE-2021-23997: Use-after-free when freeing fonts from cache
#CVE-2021-23998: Secure Lock icon could have been spoofed
#CVE-2021-23999: Blob URLs may have been granted additional privileges
#CVE-2021-24000: requestPointerLock() could be applied to a tab different from
the visible tab
#CVE-2021-24001: Testing code could have enabled session history manipulations
by a compromised content process
#CVE-2021-24002: Arbitrary FTP command execution on FTP servers using an
encoded URL
#CVE-2021-29945: Incorrect size computation in WebAssembly JIT could lead to
null-reads
#CVE-2021-29944: HTML injection vulnerability in Firefox for Android's Reader
View
#CVE-2021-29946: Port blocking could be bypassed
#CVE-2021-29947: Memory safety bugs fixed in Firefox 88
Revision 1.474 / (download) - annotate - [select for diffs], Thu Apr 15 11:23:13 2021 UTC (2 years, 7 months ago) by ryoon
Branch: MAIN
Changes since 1.473: +2 -2
lines
Diff to previous 1.473 (colored)
*: Recursive revbump from devel/nss
Revision 1.473 / (download) - annotate - [select for diffs], Fri Apr 9 06:55:05 2021 UTC (2 years, 7 months ago) by wiz
Branch: MAIN
Changes since 1.472: +2 -1
lines
Diff to previous 1.472 (colored)
*: bump PKGREVISION for nss linking fix
Revision 1.472 / (download) - annotate - [select for diffs], Tue Mar 30 16:39:06 2021 UTC (2 years, 8 months ago) by ryoon
Branch: MAIN
Changes since 1.471: +3 -3
lines
Diff to previous 1.471 (colored)
firefox: Update to 87.0
Changelog:
New
* You'll encounter less website breakage in Private Browsing and Strict
Enhanced Tracking Protection with SmartBlock, which provides stand-in
scripts so that websites load properly.
* To further protect your privacy, our new default HTTP Referrer policy will
trim path and query string information from referrer headers to prevent
sites from accidentally leaking sensitive user data.
* The "Highlight All" feature on Find in Page now displays tick marks
alongside your scrollbar that correspond to the location of matches found
on that page.
* We're proud to announce full support for macOS built-in screen reader,
VoiceOver.
* We've added a new locale: Silesian (szl)
Fixed
* We've fixed several significant accessibility issues:
+ Video controls now have visible focus styling and video and audio
controls are now keyboard navigable. (Bug 1681007)
+ HTML <meter> is now spoken by screen readers. (Bug 1460378)
+ Firefox now sets a useful initial focus in Add-ons Manager. (Bug 580537
)
+ Firefox will now fire a name/description change event when
aria-labelledby/describedby content changes. (Bug 493683)
* Various security fixes.
Changed
* To prevent user data loss when filling out forms, we've disabled the
Backspace key as a navigation shortcut for the back navigation button. To
re-enable the Backspace keyboard shortcut, you can change the about:config
preference browser.backspace_action to 0. You can also use the recommended
Alt + Left arrow (Command + Left arrow on Mac) shortcut instead.
Firefox keyboard shortcuts
* We've removed items from the Library menu that weren't used often or have
other access points in the browser: Synced tabs, Recent highlights, and
Pocket list.
* We've simplified the Help menu by reducing redundant items, such as those
that point to Firefox support pages that can also be accessed via the Get
Help item.
Enterprise
* Various bug fixes and new policies have been implemented in the latest
version of Firefox. You can see more details in the Firefox for Enterprise
87 Release Notes.
Developer
* Developer Information
* We've greatly simplified the Web Developer menu. Go to Application Menu >
Web Developer > Web Developer Tools to access Inspector, Web Console,
Debugger, Network Style Error, Performance, Storage Inspector,
Accessibility, and Application
* Developers can now use the Page Inspector to simulate prefers-color-scheme
media queries, without having to change the operating system to light or
dark mode.
* Developers can now use the Page Inspector to toggle the :target
pseudo-class for the currently selected element in addition to the
pseudo-classes that were previously supported: :hover, :active and :focus,
:focus-within, :focus-visible, and :visited.
* There is a number of Page Inspector improvements and bug fixes related to
inactive CSS rules:
+ The table-layout property is now marked as inactive for non-table
elements.
+ The scroll-padding properties (shorthand and longhand) are now marked
as inactive for non-scrollable elements.
+ The text-overflow property was previously incorrectly marked as
inactive for some overflow values.
Securiy fixes:
#CVE-2021-23981: Texture upload into an unbound backing buffer resulted in an
out-of-bound read
#CVE-2021-23982: Internal network hosts could have been probed by a malicious
webpage
#CVE-2021-23983: Transitions for invalid ::marker properties resulted in memory
corruption
#CVE-2021-23984: Malicious extensions could have spoofed popup information
#CVE-2021-23985: Devtools remote debugging feature could have been enabled
without indication to the user
#CVE-2021-23986: A malicious extension could have performed credential-less
same origin policy violations
#CVE-2021-23987: Memory safety bugs fixed in Firefox 87 and Firefox ESR 78.9
#CVE-2021-23988: Memory safety bugs fixed in Firefox 87
Revision 1.471 / (download) - annotate - [select for diffs], Fri Mar 12 14:11:47 2021 UTC (2 years, 8 months ago) by ryoon
Branch: MAIN
CVS Tags: pkgsrc-2021Q1-base,
pkgsrc-2021Q1
Changes since 1.470: +2 -2
lines
Diff to previous 1.470 (colored)
firefox: Update to 86.0.1
Changelog:
86.0.1
Firefox Release
March 11, 2021
Version 86.0.1, first offered to Release channel users on March 11, 2021
-------------------------------------------------------------------------------
#
Fixed
* Fixed an issue on Apple Silicon machines that caused Firefox to be
unresponsive after system sleep (bug 1682713)
* Fixed an issue causing windows to gain or lose focus unexpectedly (bug
1694927)
* Fixed truncation of date and time widgets due to incorrect width
calculation (bug 1695578)
* Fixed an issue causing unexpected behavior with extensions managing tab
groups (bug 1694699)
* Fixed a frequent Linux crash on browser launch (bug 1694670)
Revision 1.470 / (download) - annotate - [select for diffs], Tue Feb 23 17:02:04 2021 UTC (2 years, 9 months ago) by ryoon
Branch: MAIN
Changes since 1.469: +3 -3
lines
Diff to previous 1.469 (colored)
firefox: Update to 86.0
Changelog:
New
* Firefox now supports simultaneously watching multiple videos in
Picture-in-Picture.
* Today, Firefox introduces Total Cookie Protection to Strict Mode. In Total
Cookie Protection, every website gets its own "cookie jar," preventing
cookies from being used to track you from site to site.
* We've improved our Print functionality with a cleaner design and better
integration with your computer's printer settings.
* For Firefox users in Canada, credit card management and auto-fill are now
enabled.
* Notable performance and stability improvements are achieved by moving
canvas drawing and WebGL drawing to the GPU process.
Fixed
* Reader mode now works with local HTML pages.
* Using screen reader quick navigation to move to editable text controls no
longer incorrectly reaches non-editable cells in some grids such as on
messenger.com.
* The Orca screen reader's mouse review feature now works correctly after
switching tabs in Firefox.
* Screen readers no longer report column headers incorrectly in tables
containing cells spanning multiple columns.
* Links in Reader View now have more color contrast.
* Various security fixes.
Changed
* On Linux and Android, the protection to mitigate the stack clash attack has
been activated.
* From Firefox 86 onward, DTLS 1.0 is no longer supported for establishing
WebRTC's PeerConnections. All WebRTC services need to support DTLS 1.2 from
now on as the minimum version.
* Consolidated all video decoding in the new RDD process which results in a
more secure Firefox.
Enterprise
* Various bug fixes and new policies have been implemented in the latest
version of Firefox. You can see more details in the Firefox for Enterprise
86 Release Notes.
Developer
* Developer Information
* CSS image-set() function in CSS is now enabled, allowing for responsive
images in CSS.
* Inactive CSS tool is now showing a warning when margin or padding is set on
internal table elements.
Inactive CSS screenshot
* Developer Tools Toolbox is now showing a number of errors on the current
page. This is a quick way to surface information to a developer that
something is wrong with their page. Clicking on the red exclamation icon
navigates the user to the Console panel.
Develeoper tools: screenshot of number of errors
Security fixes:
#CVE-2021-23969: Content Security Policy violation report could have contained
the destination of a redirect
#CVE-2021-23970: Multithreaded WASM triggered assertions validating separation
of script domains
#CVE-2021-23968: Content Security Policy violation report could have contained
the destination of a redirect
#CVE-2021-23974: noscript elements could have led to an HTML Sanitizer bypass
#CVE-2021-23971: A website's Referrer-Policy could have been be overridden,
potentially resulting in the full URL being sent as a Referrer
#CVE-2021-23976: Local spoofing of web manifests for arbitrary pages in Firefox
for Android
#CVE-2021-23977: Malicious application could read sensitive data from Firefox
for Android's application directories
#CVE-2021-23972: HTTP Auth phishing warning was omitted when a redirect is
cached
#CVE-2021-23975: about:memory Measure function caused an incorrect pointer
operation
#CVE-2021-23973: MediaError message property could have leaked information
about cross-origin resources
#CVE-2021-23978: Memory safety bugs fixed in Firefox 86 and Firefox ESR 78.8
#CVE-2021-23979: Memory safety bugs fixed in Firefox 86
Revision 1.469 / (download) - annotate - [select for diffs], Wed Feb 10 12:25:05 2021 UTC (2 years, 9 months ago) by ryoon
Branch: MAIN
Changes since 1.468: +2 -3
lines
Diff to previous 1.468 (colored)
firefox: Update to 85.0.2
Changelog:
Fixed a deadlock during startup (bug 1679933)
Revision 1.468 / (download) - annotate - [select for diffs], Sun Feb 7 06:30:39 2021 UTC (2 years, 9 months ago) by ryoon
Branch: MAIN
Changes since 1.467: +2 -1
lines
Diff to previous 1.467 (colored)
*: Recursive revbump from audio/pulseaudio-14.2.nb1
Revision 1.467 / (download) - annotate - [select for diffs], Sat Feb 6 05:02:51 2021 UTC (2 years, 9 months ago) by ryoon
Branch: MAIN
Changes since 1.466: +2 -2
lines
Diff to previous 1.466 (colored)
firefox: Update to 85.0.1
Changelog:
Fixed
Security fix
Prevent access to NTFS special paths that could lead to filesystem corruption.
Fixed a crash when authenticating to websites using SPNEGO on macOS devices with Apple Silicon CPUs (bug 1685427).
Avoid printing an extra blank page at the end of some documents (bug 1689789).
Fixed a browser crash in case of unexpected Cache API state (bug 1684838).
Fixed external URL scheme handlers when using the Firefox flatpak (bug 1688966)
Security fix:
#MOZ-2021-0001: Buffer overflow in depth pitch calculations for compressed textures
Revision 1.466 / (download) - annotate - [select for diffs], Tue Jan 26 15:02:55 2021 UTC (2 years, 10 months ago) by ryoon
Branch: MAIN
Changes since 1.465: +3 -3
lines
Diff to previous 1.465 (colored)
firefox: Update to 85.0
Changelog:
New
* Firefox now protects you from supercookies, a type of tracker that can stay
hidden in your browser and track you online, even after you clear cookies.
By isolating supercookies, Firefox prevents them from tracking your web
browsing from one site to the next.
* It??s easier than ever to save and access your bookmarks. Firefox now
remembers your preferred location for saved bookmarks, displays the
bookmarks toolbar by default on new tabs, and gives you easy access to all
of your bookmarks via a toolbar folder.
* The password manager now allows you to remove all of your saved logins with
one click, as opposed to having to delete each login individually.
Fixed
* Various security fixes.
Changed
* Firefox no longer supports Adobe Flash. There is no setting available to
re-enable Flash support.
Enterprise
* Various bug fixes and new policies have been implemented in the latest
version of Firefox. You can see more details in the Firefox for Enterprise
85 Release Notes.
Developer
* Developer Information
* CSS: We have added support for the :focus-visible pseudo class.
* It's possible to prettify JS expressions in Console source code Editor
(available in multiline mode) using a new toolbar button.
Console Editor Pretty Print Expression Screenshot
Security fixes:
#CVE-2021-23953: Cross-origin information leakage via redirected PDF requests
#CVE-2021-23954: Type confusion when using logical assignment operators in
JavaScript switch statements
#CVE-2021-23955: Clickjacking across tabs through misusing requestPointerLock
#CVE-2021-23956: File picker dialog could have been used to disclose a complete
directory
#CVE-2021-23957: Iframe sandbox could have been bypassed on Android via the
intent URL scheme
#CVE-2021-23958: Screen sharing permission leaked across tabs
#CVE-2021-23959: Cross-Site Scripting in error pages on Firefox for Android
#CVE-2021-23960: Use-after-poison for incorrectly redeclared JavaScript
variables during GC
#CVE-2021-23961: More internal network hosts could have been probed by a
malicious webpage
#CVE-2021-23962: Use-after-poison in <code>nsTreeBodyFrame::RowCountChanged</
code>
#CVE-2021-23963: Permission prompt inaccessible after asking for additional
permissions
#CVE-2021-23964: Memory safety bugs fixed in Firefox 85 and Firefox ESR 78.7
#CVE-2021-23965: Memory safety bugs fixed in Firefox 85
Revision 1.465 / (download) - annotate - [select for diffs], Fri Jan 8 09:56:55 2021 UTC (2 years, 10 months ago) by ryoon
Branch: MAIN
Changes since 1.464: +2 -3
lines
Diff to previous 1.464 (colored)
firefox: Update to 84.0.2 Changelog: Security fix: #CVE-2020-16044: Use-after-free write when handling a malicious COOKIE-ECHO SCTP chunk
Revision 1.464 / (download) - annotate - [select for diffs], Wed Jan 6 11:21:40 2021 UTC (2 years, 10 months ago) by triaxx
Branch: MAIN
Changes since 1.463: +2 -1
lines
Diff to previous 1.463 (colored)
firefox: Fix nss dependency
Revision 1.463 / (download) - annotate - [select for diffs], Fri Jan 1 12:52:16 2021 UTC (2 years, 11 months ago) by ryoon
Branch: MAIN
Changes since 1.462: +2 -3
lines
Diff to previous 1.462 (colored)
firefox: Update to 84.0.1
Changelog:
Fixed
* Fixed problems loading secure websites and crashes for users with certain
third-party PKCS11 modules and smartcards installed (bug 1682881).
* Fixed slower than expected performance and flickering on Canvas elements
for some Windows users (bug 1683116).
* Fixed a bug causing some Unity JS games to not load on Apple Silicon
devices due to improper detection of the OS version (bug 1680516).
* Fixed crashes caused by various third-party antivirus software.
Revision 1.462 / (download) - annotate - [select for diffs], Fri Jan 1 09:52:42 2021 UTC (2 years, 11 months ago) by ryoon
Branch: MAIN
Changes since 1.461: +2 -1
lines
Diff to previous 1.461 (colored)
*: Recursive revbump from audio/pulseaudio-14.0
Revision 1.461 / (download) - annotate - [select for diffs], Sat Dec 26 10:35:16 2020 UTC (2 years, 11 months ago) by nia
Branch: MAIN
CVS Tags: pkgsrc-2020Q4-base,
pkgsrc-2020Q4
Changes since 1.460: +1 -4
lines
Diff to previous 1.460 (colored)
Remove now-actively-harmful 32-bit ARM hack from Mozilla packages.
Revision 1.460 / (download) - annotate - [select for diffs], Thu Dec 17 09:53:15 2020 UTC (2 years, 11 months ago) by ryoon
Branch: MAIN
Changes since 1.459: +2 -2
lines
Diff to previous 1.459 (colored)
firefox: Update to 84.0
Changelog:
New
* Native support for macOS devices built with Apple Silicon CPUs brings
dramatic performance improvements over the non-native build that was
shipped in Firefox 83: Firefox launches over 2.5 times faster and web apps
are now twice as responsive (per the SpeedoMeter 2.0 test). If you are on a
new Apple device, follow these steps to upgrade to the latest Firefox.
* WebRender rolls out to MacOS Big Sur, Windows devices with Intel Gen 6
GPUs, and Intel laptops running Windows 7 and 8. Additionally we'll ship an
accelerated rendering pipeline for Linux/GNOME/X11 users for the first
time, ever!
* Firefox now uses more modern techniques for allocating shared memory on
Linux, improving performance and increasing compatibility with Docker.
* Firefox 84 is the final release to support Adobe Flash.
Fixed
* Various security fixes
#CVE-2020-16042: Operations on a BigInt could have caused uninitialized memory
to be exposed
#CVE-2020-26971: Heap buffer overflow in WebGL
#CVE-2020-26972: Use-After-Free in WebGL
#CVE-2020-26973: CSS Sanitizer performed incorrect sanitization
#CVE-2020-26974: Incorrect cast of StyleGenericFlexBasis resulted in a heap
use-after-free
#CVE-2020-26975: Malicious applications on Android could have induced Firefox
for Android into sending arbitrary attacker-specified headers
#CVE-2020-26976: HTTPS pages could have been intercepted by a registered
service worker when they should not have been
#CVE-2020-26977: URL spoofing via unresponsive port in Firefox for Android
#CVE-2020-26978: Internal network hosts could have been probed by a malicious
webpage
#CVE-2020-26979: When entering an address in the address or search bars, a
website could have redirected the user before they were navigated to the
intended url
#CVE-2020-35111: The proxy.onRequest API did not catch view-source URLs
#CVE-2020-35112: Opening an extension-less download may have inadvertently
launched an executable instead
#CVE-2020-35113: Memory safety bugs fixed in Firefox 84 and Firefox ESR 78.6
Revision 1.459 / (download) - annotate - [select for diffs], Tue Nov 17 16:11:06 2020 UTC (3 years ago) by ryoon
Branch: MAIN
Changes since 1.458: +3 -4
lines
Diff to previous 1.458 (colored)
firefox: Update to 83.0
Changelog:
Version 83.0, first offered to Release channel users on November 17, 2020
New
* Firefox keeps getting faster as a result of significant updates to
SpiderMonkey, our JavaScript engine, you will now experience improved page
load performance by up to 15%, page responsiveness by up to 12%, and
reduced memory usage by up to 8%. We have replaced part of the JavaScript
engine that helps to compile and display websites for you, improving
security and maintainability of the engine at the same time.
* Firefox introduces HTTPS-Only Mode. When enabled, this new mode ensures
that every connection Firefox makes to the web is secure and alerts you
when a secure connection is not available. You can enable it in Firefox
Preferences.
* Pinch zooming will now be supported for our users with Windows touchscreen
devices and touchpads on Mac devices. Firefox users may now use pinch to
zoom on touch-capable devices to zoom in and out of webpages.
* Picture-in-Picture now supports keyboard shortcuts for fast forwarding and
rewinding videos: use the arrow keys to move forward and back 15 seconds,
along with volume controls. For a list of supported commands see Support
Mozilla
* When you are presenting your screen on a video conference in Firefox, you
will see our improved user interface that makes it clearer which devices or
displays are being shared.
* We've improved functionality and design for a number of Firefox search
features:
+ Selecting a search engine at the bottom of the search panel now enters
search mode for that engine, allowing you to see suggestions (if
available) for your search terms. The old behavior (immediately
performing a search) is available with a shift-click.
+ When Firefox autocompletes the URL of one of your search engines, you
can now search with that engine directly in the address bar by
selecting the shortcut in the address bar results.
+ We've added buttons at the bottom of the search panel to allow you to
search your bookmarks, open tabs, and history.
* Firefox supports AcroForm, which will allow you to fill in, print, and save
supported PDF forms and the PDF viewer also has a new fresh look.
* Our users in India on the English build of Firefox will now see Pocket
recommendations in their new tab featuring some of the best stories on the
web. If you don't see them, you can turn on Pocket articles in your new
tab by following these steps.
* For the recently released Apple devices built with Apple Silicon CPUs, you
can use Firefox 83 and future releases without any change. This release
(83) will support emulation under Apple's Rosetta 2 that ships with macOS
Big Sur. We are working toward Firefox being natively-compiled for these
CPUs in a future release.
* This is a major release for WebRender as we roll out to more Firefox users
on Windows 7 and 8 as well as on macOS 10.12 to 10.15.
Fixed
* This release also includes a number of accessibility fixes:
+ Screen reader features which report paragraphs now correctly report
paragraphs instead of lines in Google Docs
+ When reading by word using a screen reader, words are now correctly
reported when there is punctuation nearby
+ The arrow keys now work correctly after tabbing in the
picture-in-picture window
* For users on macOS restoring a session with minimized windows, Firefox now
uses much less power and you should see much longer battery life.
* Various security fixes
Security fixes:
#CVE-2020-26951: Parsing mismatches could confuse and bypass security sanitizer for chrome privileged code
#CVE-2020-26952: Out of memory handling of JITed, inlined functions could lead to a memory corruption
#CVE-2020-16012: Variable time processing of cross-origin images during drawImage calls
#CVE-2020-26953: Fullscreen could be enabled without displaying the security UI
#CVE-2020-26954: Local spoofing of web manifests for arbitrary pages in Firefox for Android
#CVE-2020-26955: Cookies set during file downloads are shared between normal and Private Browsing Mode in Firefox for Android
#CVE-2020-26956: XSS through paste (manual and clipboard API)
#CVE-2020-26957: OneCRL was not working in Firefox for Android
#CVE-2020-26958: Requests intercepted through ServiceWorkers lacked MIME type restrictions
#CVE-2020-26959: Use-after-free in WebRequestService
#CVE-2020-26960: Potential use-after-free in uses of nsTArray
#CVE-2020-15999: Heap buffer overflow in freetype
#CVE-2020-26961: DoH did not filter IPv4 mapped IP Addresses
#CVE-2020-26962: Cross-origin iframes supported login autofill
#CVE-2020-26963: History and Location interfaces could have been used to hang the browser
#CVE-2020-26964: Firefox for Android's Remote Debugging via USB could have been abused by untrusted apps on older versions of Android
#CVE-2020-26965: Software keyboards may have remembered typed passwords
#CVE-2020-26966: Single-word search queries were also broadcast to local network
#CVE-2020-26967: Mutation Observers could break or confuse Firefox Screenshots feature
#CVE-2020-26968: Memory safety bugs fixed in Firefox 83 and Firefox ESR 78.5
#CVE-2020-26969: Memory safety bugs fixed in Firefox 83
Revision 1.458 / (download) - annotate - [select for diffs], Wed Nov 11 22:21:33 2020 UTC (3 years ago) by nia
Branch: MAIN
Changes since 1.457: +2 -2
lines
Diff to previous 1.457 (colored)
firefox: Honor user's compiler choice again, don't require Python 2. The python 2 dependency was seemingly removed in Firefox 78.0 so we can remove those old hacks. Firefox needs clang for some unknown part of the build process (rust related?), even if building with GCC. The previous solution in pkgsrc was to force the use of clang, because pkgsrc provides cwrappers which provided gcc-as-clang, which broke everything. Instead, override the clang wrapper with the actual clang executable. This means the majority of the build happens with GCC (or ccache, distcc, whatever the user chooses, rather than overriding it with clang). Should help sparc64, where clang doesn't work too well. Full build tested on NetBSD/amd64.
Revision 1.457 / (download) - annotate - [select for diffs], Wed Nov 11 10:11:21 2020 UTC (3 years ago) by nia
Branch: MAIN
Changes since 1.456: +2 -2
lines
Diff to previous 1.456 (colored)
firefox: Clean up some problems identified by pkglint. Most of these PLIST variables are no longer used.
Revision 1.456 / (download) - annotate - [select for diffs], Mon Nov 9 15:07:47 2020 UTC (3 years ago) by maya
Branch: MAIN
Changes since 1.455: +3 -3
lines
Diff to previous 1.455 (colored)
firefox{,-l10n}: update to 82.0.3.
Release notes not available at the moment.
Revision 1.455 / (download) - annotate - [select for diffs], Fri Nov 6 08:56:37 2020 UTC (3 years ago) by maya
Branch: MAIN
Changes since 1.454: +3 -4
lines
Diff to previous 1.454 (colored)
firefox: paxctl safety for netbsd. Tested on amd64. This means that text relocations are now fatal. Hopefully other architectures don't have additional ways to be not-mprotect- safe, but there is always the possibility. No obvious performance difference in an older (non-wasm) javascript benchmark.
Revision 1.454 / (download) - annotate - [select for diffs], Thu Nov 5 09:09:20 2020 UTC (3 years ago) by ryoon
Branch: MAIN
Changes since 1.453: +2 -1
lines
Diff to previous 1.453 (colored)
*: Recursive revbump from textproc/icu-68.1
Revision 1.447.2.1 / (download) - annotate - [select for diffs], Thu Oct 29 12:18:54 2020 UTC (3 years, 1 month ago) by spz
Branch: pkgsrc-2020Q3
Changes since 1.447: +17 -18
lines
Diff to previous 1.447 (colored) next main 1.448 (colored)
Pullup ticket #6356 - requested by maya
www/firefox: security update
www/firefox-l10n: security update
Revisions pulled up:
- www/firefox-l10n/Makefile 1.186-1.191
- www/firefox-l10n/PLIST 1.67
- www/firefox-l10n/distinfo 1.168-1.173
- www/firefox/Makefile 1.448-1.453
- www/firefox/PLIST 1.164-1.165
- www/firefox/distinfo 1.411-1.418
- www/firefox/mozilla-common.mk 1.181-1.182
- www/firefox/patches/patch-build_moz.configure_rust.configure 1.7
- www/firefox/patches/patch-config_makefiles_rust.mk 1.5
- www/firefox/patches/patch-js_src_jit_arm64_vixl_MozCpu-vixl.cpp 1.1
- www/firefox/patches/patch-js_src_jsfriendapi.h 1.3
- www/firefox/patches/patch-race_recurse.mk 1.1
- www/firefox/patches/patch-third__party_rust_getrandom_src_lib.rs deleted
- www/firefox/patches/patch-third__party_rust_libc_src_unix_bsd_netbsdlike_netbsd_mod.rs deleted
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: ryoon
Date: Mon Sep 28 13:30:01 UTC 2020
Modified Files:
pkgsrc/www/firefox: Makefile PLIST distinfo
pkgsrc/www/firefox/patches: patch-config_makefiles_rust.mk
patch-js_src_jsfriendapi.h
Removed Files:
pkgsrc/www/firefox/patches:
patch-third__party_rust_getrandom_src_lib.rs
patch-third__party_rust_libc_src_unix_bsd_netbsdlike_netbsd_mod.rs
Log Message:
firefox: Update to 81.0
Changelog:
September 22, 2020
Version 81.0, first offered to Release channel users on September 22, 2020
We'd like to extend a special thank you to all of the new Mozillians who
contributed to this release of Firefox.
New
* You can pause and play audio or video in Firefox right from your keyboard
or headset, giving you easy access to control your media when in another
Firefox tab, another program, or even when your computer is locked.
* In addition to our default, dark and light themes, with this release,
Firefox introduces the Alpenglow theme: a colorful appearance for buttons,
menus, and windows. You can update your Firefox themes under settings or
preferences.
* For our users in the US and Canada, Firefox can now save, manage, and
auto-fill credit card information for you, making shopping on Firefox ever
more convenient. To ensure the smoothest experience, this will be rolling
out to users gradually.
* Firefox supports AcroForm, which will soon allow you to fill in, print, and
save supported PDF forms and the PDF viewer also has a new fresh look.
* Our users in Austria, Belgium and Switzerland using the German version of
Firefox will now see Pocket recommendations in their new tab featuring some
of the best stories on the web. If you donãàÑÕ see them, you can turn on
Pocket articles in your new tab by following these steps. In addition to
FirefoxãàÑÔ new tab, Pocket is also available as an app on iOS and Android.
Fixed
* Various security fixes.
* WeãàÑ×e fixed a bug for users of language packs where the default language
was reset to English after Firefox updates.
* Browser native HTML5 audio/video controls received several important
accessibility fixes:
+ Audio/video controls remain accessible to screen readers even when they
are temporarily hidden visually.
+ Audio/video elapsed and total time are now accessible to screen readers
where they weren't previously.
+ Various unlabelled controls are now labelled making them identifiable
to screen readers.
+ Screen readers no longer intrusively report progress information unless
the user requests it.
Changed
* You will soon find Picture-in-Picture more easily on all the videos you
watch with new iconography.
* The bookmarks toolbar is now automatically revealed once bookmarks are
imported into Firefox, making it easier to find your most important
websites.
* We have expanded our supported file types - .xml, .svg, and .webp - so
files youãàÑ×e downloaded can be opened right in Firefox.
Security fixes:
#CVE-2020-15675: Use-After-Free in WebGL
#CVE-2020-15677: Download origin spoofing via redirect
#CVE-2020-15676: XSS when pasting attacker-controlled data into a
contenteditable element
#CVE-2020-15678: When recursing through layers while scrolling, an iterator may
have become invalid, resulting in a potential use-after-free scenario
#CVE-2020-15673: Memory safety bugs fixed in Firefox 81 and Firefox ESR 78.3
corruption and we presume that with enough effort some of these could have been
exploited to run arbitrary code.
#CVE-2020-15674: Memory safety bugs fixed in Firefox 81
To generate a diff of this commit:
cvs rdiff -u -r1.447 -r1.448 pkgsrc/www/firefox/Makefile
cvs rdiff -u -r1.163 -r1.164 pkgsrc/www/firefox/PLIST
cvs rdiff -u -r1.410 -r1.411 pkgsrc/www/firefox/distinfo
cvs rdiff -u -r1.4 -r1.5 \
pkgsrc/www/firefox/patches/patch-config_makefiles_rust.mk
cvs rdiff -u -r1.2 -r1.3 \
pkgsrc/www/firefox/patches/patch-js_src_jsfriendapi.h
cvs rdiff -u -r1.1 -r0 \
pkgsrc/www/firefox/patches/patch-third__party_rust_getrandom_src_lib.rs
cvs rdiff -u -r1.3 -r0 \
pkgsrc/www/firefox/patches/patch-third__party_rust_libc_src_unix_bsd_netbsdlike_netbsd_mod.rs
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: ryoon
Date: Mon Sep 28 13:31:02 UTC 2020
Modified Files:
pkgsrc/www/firefox-l10n: Makefile PLIST distinfo
Log Message:
firefox-l10n: Update to 81.0
* Add ur locale.
* Sync with www/firefox-81.0.
To generate a diff of this commit:
cvs rdiff -u -r1.185 -r1.186 pkgsrc/www/firefox-l10n/Makefile
cvs rdiff -u -r1.66 -r1.67 pkgsrc/www/firefox-l10n/PLIST
cvs rdiff -u -r1.167 -r1.168 pkgsrc/www/firefox-l10n/distinfo
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: gutteridge
Date: Tue Sep 29 23:20:23 UTC 2020
Modified Files:
pkgsrc/www/firefox: mozilla-common.mk
Log Message:
firefox: 81.0 requires nss >= 3.56
To generate a diff of this commit:
cvs rdiff -u -r1.180 -r1.181 pkgsrc/www/firefox/mozilla-common.mk
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: ryoon
Date: Fri Oct 2 15:44:16 UTC 2020
Modified Files:
pkgsrc/www/firefox: Makefile distinfo
Log Message:
firefox: Update to 81.0.1
Changelog:
Fixed
Fixed missing content on Blackboard course listings (bug 1665447)
Resolved incorrect scaling of Flash content on HiDPI macOS
systems (bug 1667267)
Fixes for various printing issues (bug 1667342, bug 1667510,
bug 1667723)
Fixed legacy preferences not being properly applied when set
via GPO (bug 1666836)
Fixed Picture-in-Picture controls being visible on audio-only
page elements (bug 1666775)
Fixed high memory growth with addons such as Disconnect installed,
causing browser responsiveness issues over time (bug 1658571)
Various stability improvements (bug 1661485, bug 1664542, bug
1664843)
To generate a diff of this commit:
cvs rdiff -u -r1.448 -r1.449 pkgsrc/www/firefox/Makefile
cvs rdiff -u -r1.411 -r1.412 pkgsrc/www/firefox/distinfo
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: ryoon
Date: Fri Oct 2 15:45:25 UTC 2020
Modified Files:
pkgsrc/www/firefox-l10n: Makefile distinfo
Log Message:
firefox-l10n: Update to 81.0.1
* Sync with www/firefox-81.0.1.
To generate a diff of this commit:
cvs rdiff -u -r1.186 -r1.187 pkgsrc/www/firefox-l10n/Makefile
cvs rdiff -u -r1.168 -r1.169 pkgsrc/www/firefox-l10n/distinfo
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: maya
Date: Mon Oct 12 23:45:35 UTC 2020
Modified Files:
pkgsrc/www/firefox: Makefile distinfo
pkgsrc/www/firefox-l10n: Makefile distinfo
Log Message:
firefox{,-l10n}: Update to 81.0.2
Release notes not available yet.
To generate a diff of this commit:
cvs rdiff -u -r1.449 -r1.450 pkgsrc/www/firefox/Makefile
cvs rdiff -u -r1.412 -r1.413 pkgsrc/www/firefox/distinfo
cvs rdiff -u -r1.187 -r1.188 pkgsrc/www/firefox-l10n/Makefile
cvs rdiff -u -r1.169 -r1.170 pkgsrc/www/firefox-l10n/distinfo
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: maya
Date: Tue Oct 20 20:15:30 UTC 2020
Modified Files:
pkgsrc/www/firefox: Makefile PLIST distinfo mozilla-common.mk
pkgsrc/www/firefox-l10n: Makefile distinfo
pkgsrc/www/firefox/patches: patch-build_moz.configure_rust.configure
Log Message:
firefox{,-l10n}: Update to 82.0
New:
With this release, Firefox introduces a number of improvements that make watching videos more delightful:
the Picture-In-Picture button has a new look and position, making it easier for you to find and use the feature.
Picture-In-Picture now has a keyboard shortcut for Mac users (Option + Command + Shift + Right bracket) that works before you start playing the video.
For Windows users, Firefox now uses DirectComposition for hardware decoded video, which will improve CPU and GPU usage during video playback, improving battery life.
Firefox is faster than ever with improved performance on both page loads and start up time:
Websites that use flexbox-based layouts load 20% faster than before;
Restoring a session is 17% quicker, meaning you can more quickly pick up where you left off;
For Windows users, opening new windows got quicker by 10%.
You can now explore new articles when you save a webpage to Pocket from the Firefox toolbar.
WebRender continues to roll out to more Firefox users on Windows.
Fixed:
Screen reader features which report paragraphs now correctly report paragraphs in Firefox instead of lines.
Various security fixes.
To generate a diff of this commit:
cvs rdiff -u -r1.450 -r1.451 pkgsrc/www/firefox/Makefile
cvs rdiff -u -r1.164 -r1.165 pkgsrc/www/firefox/PLIST
cvs rdiff -u -r1.413 -r1.414 pkgsrc/www/firefox/distinfo
cvs rdiff -u -r1.181 -r1.182 pkgsrc/www/firefox/mozilla-common.mk
cvs rdiff -u -r1.188 -r1.189 pkgsrc/www/firefox-l10n/Makefile
cvs rdiff -u -r1.170 -r1.171 pkgsrc/www/firefox-l10n/distinfo
cvs rdiff -u -r1.6 -r1.7 \
pkgsrc/www/firefox/patches/patch-build_moz.configure_rust.configure
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: tnn
Date: Fri Oct 23 12:37:14 UTC 2020
Modified Files:
pkgsrc/www/firefox: distinfo
Added Files:
pkgsrc/www/firefox/patches: patch-js_src_jit_arm64_vixl_MozCpu-vixl.cpp
Log Message:
firefox: NetBSD/aarch64 build fix
To generate a diff of this commit:
cvs rdiff -u -r1.414 -r1.415 pkgsrc/www/firefox/distinfo
cvs rdiff -u -r0 -r1.1 \
pkgsrc/www/firefox/patches/patch-js_src_jit_arm64_vixl_MozCpu-vixl.cpp
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: maya
Date: Mon Oct 26 21:20:59 UTC 2020
Modified Files:
pkgsrc/www/firefox: distinfo
Added Files:
pkgsrc/www/firefox/patches: patch-race_recurse.mk
Log Message:
firefox: backport upstream patch to fix a build race. This appears as
libmozgtk.so missing as well as the symbols it contains.
This affects pkgsrc-stable as well.
To generate a diff of this commit:
cvs rdiff -u -r1.415 -r1.416 pkgsrc/www/firefox/distinfo
cvs rdiff -u -r0 -r1.1 pkgsrc/www/firefox/patches/patch-race_recurse.mk
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: maya
Date: Tue Oct 27 16:59:00 UTC 2020
Modified Files:
pkgsrc/www/firefox: Makefile distinfo
pkgsrc/www/firefox-l10n: Makefile distinfo
Log Message:
firefox{,-l10n}: update to 82.0.1
Avoid an unnecessary prompt to reboot when using the full installer on Windows (bug 1671715)
Restored the ability to print on paper whose width or height is larger than 100 inches, e.g. for receipts (bug 1672370)
Fixed printing of documents with margins of zero, e.g. some PDFs (bug 1672529)
Fixed handling of the WebDriver:ClickElement command in the marionette testing framework (bug 1666755)
Stability fix (bug 1660539)
To generate a diff of this commit:
cvs rdiff -u -r1.451 -r1.452 pkgsrc/www/firefox/Makefile
cvs rdiff -u -r1.416 -r1.417 pkgsrc/www/firefox/distinfo
cvs rdiff -u -r1.189 -r1.190 pkgsrc/www/firefox-l10n/Makefile
cvs rdiff -u -r1.171 -r1.172 pkgsrc/www/firefox-l10n/distinfo
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: maya
Date: Wed Oct 28 15:34:41 UTC 2020
Modified Files:
pkgsrc/www/firefox: Makefile distinfo
pkgsrc/www/firefox-l10n: Makefile distinfo
Log Message:
firefox{,-l10n}: Update to 82.0.2
Fixed duplication of WebSocket messages in certain cases (bug 1673340)
To generate a diff of this commit:
cvs rdiff -u -r1.452 -r1.453 pkgsrc/www/firefox/Makefile
cvs rdiff -u -r1.417 -r1.418 pkgsrc/www/firefox/distinfo
cvs rdiff -u -r1.190 -r1.191 pkgsrc/www/firefox-l10n/Makefile
cvs rdiff -u -r1.172 -r1.173 pkgsrc/www/firefox-l10n/distinfo
Revision 1.453 / (download) - annotate - [select for diffs], Wed Oct 28 15:34:41 2020 UTC (3 years, 1 month ago) by maya
Branch: MAIN
Changes since 1.452: +2 -2
lines
Diff to previous 1.452 (colored)
firefox{,-l10n}: Update to 82.0.2
Fixed duplication of WebSocket messages in certain cases (bug 1673340)
Revision 1.452 / (download) - annotate - [select for diffs], Tue Oct 27 16:59:00 2020 UTC (3 years, 1 month ago) by maya
Branch: MAIN
Changes since 1.451: +2 -2
lines
Diff to previous 1.451 (colored)
firefox{,-l10n}: update to 82.0.1
Avoid an unnecessary prompt to reboot when using the full installer on Windows (bug 1671715)
Restored the ability to print on paper whose width or height is larger than 100 inches, e.g. for receipts (bug 1672370)
Fixed printing of documents with margins of zero, e.g. some PDFs (bug 1672529)
Fixed handling of the WebDriver:ClickElement command in the marionette testing framework (bug 1666755)
Stability fix (bug 1660539)
Revision 1.451 / (download) - annotate - [select for diffs], Tue Oct 20 20:15:29 2020 UTC (3 years, 1 month ago) by maya
Branch: MAIN
Changes since 1.450: +3 -3
lines
Diff to previous 1.450 (colored)
firefox{,-l10n}: Update to 82.0
New:
With this release, Firefox introduces a number of improvements that make watching videos more delightful:
the Picture-In-Picture button has a new look and position, making it easier for you to find and use the feature.
Picture-In-Picture now has a keyboard shortcut for Mac users (Option + Command + Shift + Right bracket) that works before you start playing the video.
For Windows users, Firefox now uses DirectComposition for hardware decoded video, which will improve CPU and GPU usage during video playback, improving battery life.
Firefox is faster than ever with improved performance on both page loads and start up time:
Websites that use flexbox-based layouts load 20% faster than before;
Restoring a session is 17% quicker, meaning you can more quickly pick up where you left off;
For Windows users, opening new windows got quicker by 10%.
You can now explore new articles when you save a webpage to Pocket from the Firefox toolbar.
WebRender continues to roll out to more Firefox users on Windows.
Fixed:
Screen reader features which report paragraphs now correctly report paragraphs in Firefox instead of lines.
Various security fixes.
Revision 1.450 / (download) - annotate - [select for diffs], Mon Oct 12 23:45:35 2020 UTC (3 years, 1 month ago) by maya
Branch: MAIN
Changes since 1.449: +2 -2
lines
Diff to previous 1.449 (colored)
firefox{,-l10n}: Update to 81.0.2
Release notes not available yet.
Revision 1.449 / (download) - annotate - [select for diffs], Fri Oct 2 15:44:16 2020 UTC (3 years, 1 month ago) by ryoon
Branch: MAIN
Changes since 1.448: +2 -2
lines
Diff to previous 1.448 (colored)
firefox: Update to 81.0.1
Changelog:
Fixed
Fixed missing content on Blackboard course listings (bug 1665447)
Resolved incorrect scaling of Flash content on HiDPI macOS
systems (bug 1667267)
Fixes for various printing issues (bug 1667342, bug 1667510,
bug 1667723)
Fixed legacy preferences not being properly applied when set
via GPO (bug 1666836)
Fixed Picture-in-Picture controls being visible on audio-only
page elements (bug 1666775)
Fixed high memory growth with addons such as Disconnect installed,
causing browser responsiveness issues over time (bug 1658571)
Various stability improvements (bug 1661485, bug 1664542, bug
1664843)
Revision 1.448 / (download) - annotate - [select for diffs], Mon Sep 28 13:30:01 2020 UTC (3 years, 2 months ago) by ryoon
Branch: MAIN
Changes since 1.447: +17 -18
lines
Diff to previous 1.447 (colored)
firefox: Update to 81.0
Changelog:
September 22, 2020
Version 81.0, first offered to Release channel users on September 22, 2020
We'd like to extend a special thank you to all of the new Mozillians who
contributed to this release of Firefox.
New
* You can pause and play audio or video in Firefox right from your keyboard
or headset, giving you easy access to control your media when in another
Firefox tab, another program, or even when your computer is locked.
* In addition to our default, dark and light themes, with this release,
Firefox introduces the Alpenglow theme: a colorful appearance for buttons,
menus, and windows. You can update your Firefox themes under settings or
preferences.
* For our users in the US and Canada, Firefox can now save, manage, and
auto-fill credit card information for you, making shopping on Firefox ever
more convenient. To ensure the smoothest experience, this will be rolling
out to users gradually.
* Firefox supports AcroForm, which will soon allow you to fill in, print, and
save supported PDF forms and the PDF viewer also has a new fresh look.
* Our users in Austria, Belgium and Switzerland using the German version of
Firefox will now see Pocket recommendations in their new tab featuring some
of the best stories on the web. If you donãàÑÕ see them, you can turn on
Pocket articles in your new tab by following these steps. In addition to
FirefoxãàÑÔ new tab, Pocket is also available as an app on iOS and Android.
Fixed
* Various security fixes.
* WeãàÑ×e fixed a bug for users of language packs where the default language
was reset to English after Firefox updates.
* Browser native HTML5 audio/video controls received several important
accessibility fixes:
+ Audio/video controls remain accessible to screen readers even when they
are temporarily hidden visually.
+ Audio/video elapsed and total time are now accessible to screen readers
where they weren't previously.
+ Various unlabelled controls are now labelled making them identifiable
to screen readers.
+ Screen readers no longer intrusively report progress information unless
the user requests it.
Changed
* You will soon find Picture-in-Picture more easily on all the videos you
watch with new iconography.
* The bookmarks toolbar is now automatically revealed once bookmarks are
imported into Firefox, making it easier to find your most important
websites.
* We have expanded our supported file types - .xml, .svg, and .webp - so
files youãàÑ×e downloaded can be opened right in Firefox.
Security fixes:
#CVE-2020-15675: Use-After-Free in WebGL
#CVE-2020-15677: Download origin spoofing via redirect
#CVE-2020-15676: XSS when pasting attacker-controlled data into a
contenteditable element
#CVE-2020-15678: When recursing through layers while scrolling, an iterator may
have become invalid, resulting in a potential use-after-free scenario
#CVE-2020-15673: Memory safety bugs fixed in Firefox 81 and Firefox ESR 78.3
corruption and we presume that with enough effort some of these could have been
exploited to run arbitrary code.
#CVE-2020-15674: Memory safety bugs fixed in Firefox 81
Revision 1.447 / (download) - annotate - [select for diffs], Sat Sep 5 10:19:04 2020 UTC (3 years, 2 months ago) by ryoon
Branch: MAIN
CVS Tags: pkgsrc-2020Q3-base
Branch point for: pkgsrc-2020Q3
Changes since 1.446: +2 -1
lines
Diff to previous 1.446 (colored)
firefox: Requires textproc/py-expat at least with python37
Revision 1.446 / (download) - annotate - [select for diffs], Wed Sep 2 10:00:23 2020 UTC (3 years, 2 months ago) by ryoon
Branch: MAIN
Changes since 1.445: +2 -3
lines
Diff to previous 1.445 (colored)
firefox: Update to 80.0.1
* Change WebRTC dependency to new graphics/libv4l.
Changelog:
Fixed
Fixed a performance regression when encountering new intermediate CA certificates (bug 1661543)
Fixed crashes possibly related to GPU resets (bug 1627616)
Fixed rendering on some sites using WebGL (bug 1659225)
Fixed the zoom-in keyboard shortcut on Japanese language builds (bug 1661895)
Fixed download issues related to extensions and cookies (bug 1655190)
Revision 1.445 / (download) - annotate - [select for diffs], Sat Aug 29 22:24:27 2020 UTC (3 years, 3 months ago) by ryoon
Branch: MAIN
Changes since 1.444: +2 -1
lines
Diff to previous 1.444 (colored)
firefox: Use graphics/libv4l1 for NetBSD 9.99.70 or later * This enables webcam for WebRTC. Bump PKGREVISION. * And fix rust.mk patch, from Michael Forney on tech-pkg@.
Revision 1.444 / (download) - annotate - [select for diffs], Tue Aug 25 14:35:24 2020 UTC (3 years, 3 months ago) by ryoon
Branch: MAIN
Changes since 1.443: +3 -4
lines
Diff to previous 1.443 (colored)
firefox: Update to 80.0
Changelog:
New
Firefox can now be set as the default system PDF viewer.
The name reported by accessibility tools for items in multi-tiered
tree controls no longer incorrectly includes information from
items at deeper levels, providing users with the correct level
of content when using a screen reader.
Fixed
Various security fixes.
Several crashes while using a screen reader were fixed including
a frequently encountered crash when using the JAWS screen
reader.
Firefox Developer Tools received significant fixes allowing
screen reader users to benefit from some of the tools that were
previously inaccessible.
SVG title and desc elements (labels and descriptions) are now
correctly exposed to assistive technology products such as
screen readers.
Changed
For users with reduced motion settings, we've reduced a number
of animations such as tab loading to reduce motion for users
with migraines and epilepsy.
The new add-ons blocklist has been enabled to improve performance
and scalability.
Enterprise
A number of bug fixes and new policies have been implemented
in the latest version of Firefox. You can see more details in
the Firefox for Enterprise 80 Release Notes.
Today's release is the final scheduled for Firefox 68 ESR
(68.12) unless there is a critical security issue found prior
to the release of Firefox ESR 78.3 on September 22, 2020. Users
of Firefox 68 ESR will be automatically upgraded to the Firefox
78 ESR series with the release of 78.3.
Developer
We've shipped an experimental sidebar panel in the inspector
to Firefox Developer Edition that helps developers more quickly
identify potential browser compatibility problems based on MDN
data.
In the Network Monitor request list, a turtle icon is shown
for "slow" requests that exceed a threshold for the waiting
time.
Firefox now supports RTX and Transport-cc for improved call
quality in poor network conditions and better bandwidth
estimation. These features also provide better compatibility
with many websites using WebRTC.
Security fixes:
#CVE-2020-15663: Downgrade attack on the Mozilla Maintenance Service could have resulted in escalation of privilege
#CVE-2020-15664: Attacker-induced prompt for extension installation
#CVE-2020-12401: Timing-attack on ECDSA signature generation
#CVE-2020-6829: P-384 and P-521 vulnerable to an electro-magnetic side channel attack on signature generation
#CVE-2020-12400: P-384 and P-521 vulnerable to a side channel attack on modular inversion
#CVE-2020-15665: Address bar not reset when choosing to stay on a page after the beforeunload dialog is shown
#CVE-2020-15666: MediaError message property leaks cross-origin response status
#CVE-2020-15667: Heap overflow when processing an update file
#CVE-2020-15668: Data Race when reading certificate information
#CVE-2020-15670: Memory safety bugs fixed in Firefox 80 and Firefox ESR 78.2
Revision 1.443 / (download) - annotate - [select for diffs], Tue Aug 18 17:58:16 2020 UTC (3 years, 3 months ago) by leot
Branch: MAIN
Changes since 1.442: +2 -2
lines
Diff to previous 1.442 (colored)
*: revbump for libsndfile
Revision 1.442 / (download) - annotate - [select for diffs], Mon Aug 17 20:20:21 2020 UTC (3 years, 3 months ago) by leot
Branch: MAIN
Changes since 1.441: +2 -1
lines
Diff to previous 1.441 (colored)
*: revbump after fontconfig bl3 changes (libuuid removal)
Revision 1.441 / (download) - annotate - [select for diffs], Fri Jul 31 01:26:43 2020 UTC (3 years, 4 months ago) by maya
Branch: MAIN
Changes since 1.440: +3 -4
lines
Diff to previous 1.440 (colored)
firefox: update to 79.0
New
WeãàÑ×e rolled out WebRender to more Windows users with Intel and AMD GPUs, bringing improved graphics performance to an even larger audience.
Firefox users in Germany will now see more Pocket recommendations in their new tab featuring some of the best stories on the web. If you donãàÑÕ see them, you can turn on Pocket articles in your new tab by following these steps.
Fixed
Various security fixes.
Several crashes while using a screen reader were fixed, including a frequently encountered crash when using the JAWS screen reader.
Firefox Developer Tools received significant fixes allowing screen reader users to benefit from some of the tools that were previously inaccessible.
SVG title and desc elements (labels and descriptions) are now correctly exposed to assistive technology products such as screen readers.
Enterprise
A number of bug fixes and new policies have been implemented in the latest version of Firefox. You can see more details in the Firefox for Enterprise 79 Release Notes.
Updates to the password policy allow admins to require a primary password (formerly called master password. Previously the policy could disable the primary password but not force a primary password. Users required to use a primary password will only be asked to create a primary password the first time they try to save a password.
Developer
Developer Information
Newly added asynchronous call stacks let developers trace their async code through events, timeouts, and promises. The async execution chains are shown in the DebuggerãàÑÔ call stack, but also for stack traces in Console errors and Network initiators.
Erroneous network responses with 4xx/5xx status codes display as errors in the Console, making it easy to understand them in the context of related logs. The request/response details can be expanded or resent for quick debugging.
JavaScript errors are now visible not only in the Console, but also in the Debugger. The relevant line of code will be highlighted and display error details on hover.
Opening SCSS and CSS-in-JS sources from the Inspector now works more reliably thanks to improved source map handling across all panels.
Inspecting accessibility properties from the browser context menu is now available to all users by default.
Revision 1.440 / (download) - annotate - [select for diffs], Fri Jul 24 11:31:01 2020 UTC (3 years, 4 months ago) by wiz
Branch: MAIN
Changes since 1.439: +4 -1
lines
Diff to previous 1.439 (colored)
firefox: remove -fexperimental-new-pass-manager from compiler flags Workaround for https://bugs.llvm.org/show_bug.cgi?id=46366
Revision 1.439 / (download) - annotate - [select for diffs], Wed Jul 15 19:51:18 2020 UTC (3 years, 4 months ago) by riastradh
Branch: MAIN
Changes since 1.438: +2 -1
lines
Diff to previous 1.438 (colored)
www/firefox: Add NetBSD support for U2F/FIDO2 security keys. Patch submitted upstream: https://github.com/mozilla/authenticator-rs/pull/116
Revision 1.438 / (download) - annotate - [select for diffs], Sun Jul 12 01:37:50 2020 UTC (3 years, 4 months ago) by ryoon
Branch: MAIN
Changes since 1.437: +2 -2
lines
Diff to previous 1.437 (colored)
firefox: Update to 78.0.2
* Fix build under NetBSD/i386 with PR pkg/55456.
Changelog:
Fixed
Security fix
Fixed an accessibility regression in reader mode (bug 1650922)
Made the address bar more resilient to data corruption in the user profile (bug 1649981)
Fixed a regression opening certain external applications (bug 1650162)
Security fix:
#MFSA-2020-0003: X-Frame-Options bypass using object or embed tags
Revision 1.437 / (download) - annotate - [select for diffs], Thu Jul 2 10:54:26 2020 UTC (3 years, 5 months ago) by ryoon
Branch: MAIN
Changes since 1.436: +2 -2
lines
Diff to previous 1.436 (colored)
firefox: Update to 78.0.1
Changelog:
Fixed an issue which could cause installed search engines to not
be visible when upgrading from a previous release.
Revision 1.436 / (download) - annotate - [select for diffs], Wed Jul 1 13:01:01 2020 UTC (3 years, 5 months ago) by ryoon
Branch: MAIN
Changes since 1.435: +3 -4
lines
Diff to previous 1.435 (colored)
firefox: Update to 78.0
* Some dependency changes.
* Wayland and webcam may not work.
Changelog: New
The Protections Dashboard includes consolidated reports about
tracking protection, data breaches, and password management.
New features let you:
Track how many breaches youãàÑ×e resolved right from the
dashboard
See if any of your saved passwords may have been exposed
in a data breach
To view your dashboard, type about:protections into the address
bar, or select ãà×±rotections Dashboardãàfrom the main menu.
Because we know people try to fix problems by reinstalling
Firefox when a simple refresh is more likely to solve the issue,
weãàÑ×e added a Refresh button to the Uninstaller.
With this release, your screen saver will no longer interrupt
WebRTC calls on Firefox, making conference and video calling
in Firefox better.
WeãàÑ×e rolled out WebRender to Windows users with Intel GPUs,
bringing improved graphics performance to an even larger
audience.
Firefox 78 is also our Extended Support Release (ESR), where
the changes made over the course of the previous 10 releases
will now roll out to our ESR users. Some of the highlights are:
Kiosk mode
Client certificates
Service Worker and Push APIs are now enabled
The Block Autoplay feature is enabled
Picture-in-picture support
View and manage web certificates in about:certificate
Pocket recommendations, featuring some of the best stories on
the web, will now appear on the Firefox new tab for 100% of
our users in the UK. If you donãàÑÕ see them, you can turn on
Pocket articles in your new tab, follow these steps.
Fixed
Various security fixes.
We fixed bugs in the search results quality composition and
improved search result texts based on recommendations by our
partners.
Changed
The minimal system requirements on Linux have been updated.
Firefox now needs GNU libc 2.17, libstdc++ 4.8.1 and GTK+ 3.14
or newer versions.
As part of our ongoing effort to deprecate obsolete cryptography,
we have disabled all remaining DHE-based TLS ciphersuites by
default.
To mitigate web compatibility issues from disabling DHE-based
TLS ciphersuites, Firefox 78 enables two more AES-GCM
SHA2-based ciphersuites.
We have disabled TLS 1.0 and TLS 1.1 to improve your website
connections. Sites that don't support TLS version 1.2 will now
show an error page.
The context menu (accessed by right clicking on a tab) lets
you undo multiple tab closings with a single click and places
Close Tabs to the Right and Close Other Tabs in a submenu.
A number of accessibility improvements have been made with this
release.
When using the JAWS screen reader, pressing the down arrow
in an HTML input control with a datalist no longer incorrectly
moves the cursor to the next element after the input control.
Screen readers no longer severely lag or freeze when focusing
the microphone/camera/screen sharing indicator.
Large tables with thousands of rows now load much faster
for screen reader users.
Text input controls with custom styling now correctly show
the focus outline when appropriate.
Screen readers no longer sometimes incorrectly switch to
document browsing mode unexpectedly when the user enters
the main Developer Tools window.
We reduced a number of animations such as tab hover, search
bar expansion, and others to reduce motion for users with
migraines and epilepsy.
Enterprise
Enable support for client certificates stored on macOS and
Windows by setting the experimental preference
security.osclientcerts.autoload to true.
New policies allow you to configure application handlers,
disable picture in picture, and require a master password,
which will be renamed to ãàÏÑrimary passwordãàin future releases.
More details in the Firefox for Enterprise 78 release notes
Security fixes:
Not available yet.
Revision 1.435 / (download) - annotate - [select for diffs], Wed Jul 1 09:15:46 2020 UTC (3 years, 5 months ago) by nia
Branch: MAIN
Changes since 1.434: +3 -18
lines
Diff to previous 1.434 (colored)
firefox: Add associated patch of each cargo substitution in comments. Remove cargo substitutions with no clear associated patch.
Revision 1.434 / (download) - annotate - [select for diffs], Tue Jun 23 17:38:49 2020 UTC (3 years, 5 months ago) by nia
Branch: MAIN
CVS Tags: pkgsrc-2020Q2-base,
pkgsrc-2020Q2
Changes since 1.433: +7 -2
lines
Diff to previous 1.433 (colored)
firefox: Avoid reading from /dev/random on NetBSD Motivation: This becomes a problem when a user is on a system without HWRNG or a preexisting seed file (to increase the estimated entropy to 256 bits), where Firefox will hang forever on startup waiting for a user to write to /dev/random. Since this was reported on port-arm@, I decided to investigate this, and believe this is the only place Firefox might end up reading from /dev/random. Risk: Probably not much. For actual Transport Layer Security purposes, Network Security Services reads directly from /dev/urandom. On systems where Firefox is used, we can probably reasonably assume that enough entropy has been generated from user input, on-board sensors, and network devices to provide a state that is fairly difficult to predict, even if the NetBSD kernel assigns no value to it (since in embedded environments where the device's operator may be absent, such events can be manipulated to theoretically produce a predictable state - although I don't think this theoretical attack is necessarily something we should be concerned with on low-end desktop systems). Other kernels do assign value to these inputs, so have much lower criteria for unblocking. Bump PKGREVISION
Revision 1.433 / (download) - annotate - [select for diffs], Wed Jun 17 17:54:26 2020 UTC (3 years, 5 months ago) by nia
Branch: MAIN
Changes since 1.432: +2 -2
lines
Diff to previous 1.432 (colored)
firefox: Remove patches for NetBSD 7, rust dropped support for NetBSD 7
Revision 1.432 / (download) - annotate - [select for diffs], Mon Jun 15 08:27:02 2020 UTC (3 years, 5 months ago) by nia
Branch: MAIN
Changes since 1.431: +39 -21
lines
Diff to previous 1.431 (colored)
firefox: sync cargo checksum bits with lang/rust
Revision 1.431 / (download) - annotate - [select for diffs], Sun Jun 14 18:42:19 2020 UTC (3 years, 5 months ago) by maya
Branch: MAIN
Changes since 1.430: +2 -11
lines
Diff to previous 1.430 (colored)
firefox: different way of avoiding pshared semaphores for NetBSD NetBSD has slightly (NetBSD>=9.x) or very (NetBSD<8) broken pshared semaphores. Fortunately, so does macOS, so there's an easy way to avoid reaching the code relying on it which works better. Do so for NetBSD unconditionally, and enable multiprocess unconditionally. Avoids PR kern/55386 for NetBSD>9.0 Avoids corrupt output on major websites, webGL bugs, etc. for NetBSD<=9.0
Revision 1.430 / (download) - annotate - [select for diffs], Fri Jun 5 03:38:56 2020 UTC (3 years, 5 months ago) by ryoon
Branch: MAIN
Changes since 1.429: +2 -2
lines
Diff to previous 1.429 (colored)
firefox: Update to 77.0.1 Changelog: Fixed: Disabled automatic selection of DNS over HTTPS providers during a test to enable wider deployment in a more controlled way (bug 1642723)
Revision 1.429 / (download) - annotate - [select for diffs], Wed Jun 3 09:00:24 2020 UTC (3 years, 5 months ago) by ryoon
Branch: MAIN
Changes since 1.428: +3 -4
lines
Diff to previous 1.428 (colored)
firefox: Update to 77.0
Changelog:
New
Pocket recommendations, featuring some of the best stories on the web, will appear on the Firefox new tab for our users in the UK. If you donãàÑÕ see them, you can turn on Pocket articles in your new tab, follow these steps.
WebRender continues its roll out to more Firefox for Windows users, now available by default on Windows 10 laptops running on Nvidia GPUs with medium (<= 3440x1440) and large screens (> 3440x1440).
You can view and manage web certificates more easily on the new about:certificate page.
Fixed
Various security fixes.
A number of features have been fixed to improve Firefox accessibility.
The applications list in Firefox Options is now accessible to screen reader users.
Some live regions previously didn't report updated text with the JAWS screen reader. This issue has been fixed.
Date/time inputs are now no longer missing labels for users of accessibility tools.
Changed
The browser.urlbar.oneOffSearches preference has been removed. To hide one-off search buttons uncheck search engines on the about:preferences#search page
Security fixes:
#CVE-2020-12399: Timing attack on DSA signatures in NSS library
#CVE-2020-12405: Use-after-free in SharedWorkerService
#CVE-2020-12406: JavaScript type confusion with NativeTypes
#CVE-2020-12407: WebRender leaking GPU memory when using border-image CSS directive
#CVE-2020-12408: URL spoofing when using IP addresses
#CVE-2020-12409: URL spoofing with unicode characters
#CVE-2020-12410: Memory safety bugs fixed in Firefox 77 and Firefox ESR 68.9
#CVE-2020-12411: Memory safety bugs fixed in Firefox 77
Revision 1.428 / (download) - annotate - [select for diffs], Tue Jun 2 08:24:56 2020 UTC (3 years, 6 months ago) by adam
Branch: MAIN
Changes since 1.427: +2 -2
lines
Diff to previous 1.427 (colored)
Revbump for icu
Revision 1.427 / (download) - annotate - [select for diffs], Sat May 30 08:02:52 2020 UTC (3 years, 6 months ago) by rillig
Branch: MAIN
Changes since 1.426: +2 -1
lines
Diff to previous 1.426 (colored)
www/firefox: fix argument range for <ctype.h> functions
Revision 1.426 / (download) - annotate - [select for diffs], Sat May 9 22:20:44 2020 UTC (3 years, 6 months ago) by ryoon
Branch: MAIN
Changes since 1.425: +2 -2
lines
Diff to previous 1.425 (colored)
firefox: Update to 76.0.1
Changelog:
Fixed
Fixed a bug causing some add-ons such as Amazon Assistant to see multiple
onConnect events, impairing functionality (bug 1635637)
Fixed a crash on 32-bit Windows systems with some nVidia drivers
installed (bug 1635823)
Revision 1.425 / (download) - annotate - [select for diffs], Wed May 6 01:00:08 2020 UTC (3 years, 6 months ago) by ryoon
Branch: MAIN
Changes since 1.424: +2 -3
lines
Diff to previous 1.424 (colored)
firefox: Update to 76.0
Changelog:
New
With todayãàÑÔ release, Firefox strengthens protections for your
online account logins and passwords, with innovative approaches
to managing your accounts during this critical time:
Firefox displays critical alerts in the Lockwise password
manager when a website is breached;
If one of your accounts is involved in a website breach
and you've used the same password on other websites, you
will now be prompted to update your password. A key icon
identifies which accounts use that vulnerable password.
Automatically generate secure, complex passwords for new
accounts across more of the web that are easily saved right
in the browser;
You have been able to access and see your saved passwords
under Logins and Passwords easily under the main menu. If
your device happens to be shared among your family or
roommates, the latest update helps to prevent casual snooping
over your shoulder. If you donãàÑÕ have a master password
set up for Firefox, Windows and macOS now requires a login
to your operating system account before showing your saved
passwords.
Picture-in-Picture allows you to multitask, the small video
window following along no matter what you are doing on your
computer, across different applications and even workspaces.
Now, when you are ready to focus on the video, a double click
can take the small window into full screen. Double click again
to reduce the size again.
Firefox now supports Audio Worklets that will allow more complex
audio processing like VR and gaming on the web; and is being
adopted by some of your favorite software programs.
With this change, you can now join Zoom calls on Firefox
without the need for any additional downloads.
WebRender continues its roll out to more Firefox for Windows
users, now available by default on modern Intel laptops with
a small screen (<= 1920x1200) for improved graphics rendering.
Fixed
Various security fixes
Changed
Two updates to the address bar improve its usability and
visibility:
The shadow around the address bar field is reduced in width
when a new tab is opened;
The bookmarks toolbar has expanded slightly in size to
improve its surface area for touchscreens.
Security fixes:
#CVE-2020-12387: Use-after-free during worker shutdown
#CVE-2020-12388: Sandbox escape with improperly guarded Access Tokens
#CVE-2020-12389: Sandbox escape with improperly separated process types
#CVE-2020-6831: Buffer overflow in SCTP chunk input validation
#CVE-2020-12390: Incorrect serialization of nsIPrincipal.origin for IPv6 addresses
#CVE-2020-12391: Content-Security-Policy bypass using object elements
#CVE-2020-12392: Arbitrary local file access with 'Copy as cURL'
#CVE-2020-12393: Devtools' 'Copy as cURL' feature did not fully escape website-controlled data, potentially leading to command injection
#CVE-2020-12394: URL spoofing in location bar when unfocussed
#CVE-2020-12395: Memory safety bugs fixed in Firefox 76 and Firefox ESR 68.8
#CVE-2020-12396: Memory safety bugs fixed in Firefox 76
Revision 1.424 / (download) - annotate - [select for diffs], Mon May 4 21:29:08 2020 UTC (3 years, 6 months ago) by maya
Branch: MAIN
Changes since 1.423: +3 -3
lines
Diff to previous 1.423 (colored)
firefox: disable multiprocess firefox on netbsd 9.0 release too (needs a kernel patch) PKGREVISION++
Revision 1.423 / (download) - annotate - [select for diffs], Sun May 3 18:45:30 2020 UTC (3 years, 6 months ago) by maya
Branch: MAIN
Changes since 1.422: +12 -2
lines
Diff to previous 1.422 (colored)
firefox: limit disbling multiprocess firefox to netbsd-8. The patches might be safe to remove altogether (disabling multiprocess should be enough), but it's not necessary for netbsd-9 in general, as it has working pshared semaphores. Fixes a lot of issues with Firefox, like WebGL not working. PKGREVISION++
Revision 1.422 / (download) - annotate - [select for diffs], Sat May 2 22:24:24 2020 UTC (3 years, 7 months ago) by maya
Branch: MAIN
Changes since 1.421: +2 -2
lines
Diff to previous 1.421 (colored)
firefox: force disable WebGL. It is currently broken unless multiprocess windows are enabled, and we disable them unconditionally. Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=1610395 PKGREVISION++
Revision 1.421 / (download) - annotate - [select for diffs], Fri Apr 24 13:24:21 2020 UTC (3 years, 7 months ago) by nia
Branch: MAIN
Changes since 1.420: +2 -2
lines
Diff to previous 1.420 (colored)
firefox*: Mark ESR versions as such in COMMENT
Revision 1.420 / (download) - annotate - [select for diffs], Sun Apr 12 08:29:17 2020 UTC (3 years, 7 months ago) by adam
Branch: MAIN
Changes since 1.419: +2 -1
lines
Diff to previous 1.419 (colored)
Recursive revision bump after textproc/icu update
Revision 1.419 / (download) - annotate - [select for diffs], Thu Apr 9 19:25:39 2020 UTC (3 years, 7 months ago) by maya
Branch: MAIN
Changes since 1.418: +1 -6
lines
Diff to previous 1.418 (colored)
firefox: GC now unused "notlinux", remove duplicate entries in PLIST.Linux From Michael Forney on tech-pkg, thanks!
Revision 1.418 / (download) - annotate - [select for diffs], Thu Apr 9 14:01:26 2020 UTC (3 years, 7 months ago) by ryoon
Branch: MAIN
Changes since 1.417: +3 -3
lines
Diff to previous 1.417 (colored)
firefox: Update to 75.0
Changelog:
New
With today's release, a number of improvements will help you
search smarter, faster. Type less and find more with Firefox's
revamped address bar:
Focused, clean search experience that's optimized for
smaller laptop screens
Top sites now appear when you select the address
Improved readability of search suggestions with a focus on
new search terms
Suggestions include solutions to common Firefox issues
On Linux, the behavior when clicking on the Address Bar
and the Search Bar now matches other desktop platforms: a
single click selects all without primary selection, a double
click selects a word, and a triple click selects all with
primary selection
Firefox will locally cache all trusted Web PKI Certificate
Authority certificates known to Mozilla. This will improve
HTTPS compatibility with misconfigured web servers and improve
security.
Firefox is now available in Flatpak, an easier way to install
and use Firefox on Linux.
Direct Composition is being integrated for our users on Windows
to help improve performance and enable our ongoing work to ship
WebRender on Windows 10 laptops with Intel graphics cards.
Fixed
Various security fixes
Enterprise
Experimental support for using client certificates from the OS
certificate store can be enabled on macOS by setting the
preference security.osclientcerts.autoload to true.
Enterprise policies may be used to exclude domains from being
resolved via TRR (Trusted Recursive Resolver) using DNS over
HTTPS.
Developer
Developer Information
Save bandwidth and reduce browser memory by using the loading
attribute on the <img> element. The default "eager" value loads
images immediately, and the "lazy" value delays loading until
the image is within range of the viewport.
Instant evaluation for Console expressions lets developers
identify and fix errors more rapidly than before. As long as
expressions typed into the Web Console are side-effect free,
their results will be previewed while you type.
Security fixes:
#CVE-2020-6821: Uninitialized memory could be read when using the WebGL copyTexSubImage method
#CVE-2020-6822: Out of bounds write in GMPDecodeData when processing large images
#CVE-2020-6823: Malicious Extension could obtain auth codes from OAuth login flows
#CVE-2020-6824: Generated passwords may be identical on the same site between separate private browsing sessions
#CVE-2020-6825: Memory safety bugs fixed in Firefox 75 and Firefox ESR 68.7
#CVE-2020-6826: Memory safety bugs fixed in Firefox 75
Revision 1.417 / (download) - annotate - [select for diffs], Sat Apr 4 02:37:30 2020 UTC (3 years, 7 months ago) by ryoon
Branch: MAIN
Changes since 1.416: +2 -2
lines
Diff to previous 1.416 (colored)
firefox: Update to 74.0.1 Changelog: Security fixes: #CVE-2020-6819: Use-after-free while running the nsDocShell destructor #CVE-2020-6820: Use-after-free when handling a ReadableStream
Revision 1.416 / (download) - annotate - [select for diffs], Sun Mar 29 01:01:19 2020 UTC (3 years, 8 months ago) by joerg
Branch: MAIN
CVS Tags: pkgsrc-2020Q1-base,
pkgsrc-2020Q1
Changes since 1.415: +3 -1
lines
Diff to previous 1.415 (colored)
Don't hack __isinf for libc++, it makes things worse.
Revision 1.415 / (download) - annotate - [select for diffs], Sat Mar 14 04:49:16 2020 UTC (3 years, 8 months ago) by ryoon
Branch: MAIN
Changes since 1.414: +4 -5
lines
Diff to previous 1.414 (colored)
firefox: Update to 74.0
* Follow HOMEPAGE redirect
Changelog:
New
Your login management has improved with the ability to reverse
alpha sort (Name Z-A) in Lockwise, which you can access under
Logins and Passwords.
Firefox now makes importing your bookmarks and history from
the new Microsoft Edge browser on Windows and Mac simple.
Add-ons installed by external applications can now be removed
using the Add-ons Manager (about:addons). Going forward, only
users can install add-ons; they cannot be installed by an
application.
Facebook Container prevents Facebook from tracking you around
the web - Facebook logins, likes, and comments are automatically
blocked on non-Facebook sites. But when we need an exception,
you can now create one by adding custom sites to the Facebook
Container.
Firefox now provides better privacy for your web voice and
video calls through support for mDNS ICE by cloaking your
computerãàÑÔ IP address with a random ID in certain WebRTC
scenarios.
Fixed
Various security fixes.
We have fixed issues involving pinned tabs such as being lost.
You should also no longer see them reorder themselves.
Security fixes:
#CVE-2020-6805: Use-after-free when removing data about origins
#CVE-2020-6806: BodyStream::OnInputStreamReady was missing protections against state confusion
#CVE-2020-6807: Use-after-free in cubeb during stream destruction
#CVE-2020-6808: URL Spoofing via javascript: URL
#CVE-2020-6809: Web Extensions with the all-urls permission could access local files
#CVE-2020-6810: Focusing a popup while in fullscreen could have obscured the fullscreen notification
#CVE-2020-6811: Devtools' 'Copy as cURL' feature did not fully escape website-controlled data, potentially leading to command injection
#CVE-2019-20503: Out of bounds reads in sctp_load_addresses_from_init
#CVE-2020-6812: The names of AirPods with personally identifiable information were exposed to websites with camera or microphone permission
#CVE-2020-6813: @import statements in CSS could bypass the Content Security Policy nonce feature
#CVE-2020-6814: Memory safety bugs fixed in Firefox 74 and Firefox ESR 68.6
#CVE-2020-6815: Memory and script safety bugs fixed in Firefox 74
Revision 1.414 / (download) - annotate - [select for diffs], Tue Mar 10 22:11:09 2020 UTC (3 years, 8 months ago) by wiz
Branch: MAIN
Changes since 1.413: +2 -2
lines
Diff to previous 1.413 (colored)
librsvg: update bl3.mk to remove libcroco in rust case recursive bump for the dependency change
Revision 1.413 / (download) - annotate - [select for diffs], Sun Mar 8 16:42:30 2020 UTC (3 years, 8 months ago) by bsiegert
Branch: MAIN
Changes since 1.412: +2 -1
lines
Diff to previous 1.412 (colored)
Revbump packages depending on libffi after .so version change. Requested by Matthias Ferdinand and Oskar on pkgsrc-users.
Revision 1.412 / (download) - annotate - [select for diffs], Wed Feb 26 20:55:43 2020 UTC (3 years, 9 months ago) by maya
Branch: MAIN
Changes since 1.411: +6 -1
lines
Diff to previous 1.411 (colored)
firefox: fix PLIST on linux. A bunch of files that are mysteriously not on linux, and a bunch of files that are mysteriously OS-specific (probably missing "else"). And a sandboxing library.
Revision 1.411 / (download) - annotate - [select for diffs], Fri Feb 21 15:13:12 2020 UTC (3 years, 9 months ago) by ryoon
Branch: MAIN
Changes since 1.410: +2 -2
lines
Diff to previous 1.410 (colored)
firefox: Update to 73.0.1
* Do not define USE_LANGUAGES+=gnu++17. Passing -std=gnu++17 to all clang
invocations causes build failure.
Changelog:
Fixed
Fixed crashes on Windows systems running third-party security software such as 0patch or G DATA (bug 1610790)
Fixed loss of browser functionality in certain circumstances such as running in Windows compatibility mode or having custom anti-exploit settings (bug 1614885)
Resolved problems connecting to the RBC Royal Bank website (bug 1613943)
Fixed Firefox unexpectedly exiting when leaving Print Preview mode (bug 1611133)
Fixed crashes when playing encrypted content on some Linux systems (bug 1614535)
Revision 1.410 / (download) - annotate - [select for diffs], Wed Feb 12 16:36:50 2020 UTC (3 years, 9 months ago) by ryoon
Branch: MAIN
Changes since 1.409: +3 -4
lines
Diff to previous 1.409 (colored)
firefox: Update to 73.0
Changelog:
New
Today's Firefox release includes two features that help users
view and read website content more easily, quickly. Like all
accessibility improvements, these features improve browsing
for everyone.
Firefox has offered a page zoom feature for more than a
decade that allows users to set the zoom level on a per-site
basis. For users who need to zoom most websites, having to
adjust zoom for each new site can be an annoyance. To
address this, we have implemented a new global default zoom
level setting. This option is available in about:preferences
under "Language and Appearance" and can be scaled up or
down from 100% as needed and sets the default zoom level
for all sites. Per-site zoom is still available to make
adjustments to individual sites as needed.
Many users with low vision rely on Windows' High Contrast
Mode to make websites more readable. Traditionally, to
increase the readability of text, Firefox has disabled
background images when High Contrast Mode is enabled. With
today's release of Firefox 73, we introduce a "readability
backplate" solution which places a block of background
color between the text and background image. Now, websites
in High Contrast Mode are more readable without disabling
background images.
Fixed
Various security fixes.
Improved audio quality when playing back audio at a faster or
slower speed.
Firefox will now only prompt you to save logins if a field in
a login form was modified.
Changed
WebRender will roll out to laptops with Nvidia graphics cards
with drivers newer than 432.00, and screen sizes smaller than
1920x1200
Security fixes:
#CVE-2020-6796: Missing bounds check on shared memory read in the parent process
#CVE-2020-6797: Extensions granted downloads.open permission could open arbitrary applications on Mac OSX
#CVE-2020-6798: Incorrect parsing of template tag could result in JavaScript injection
#CVE-2020-6799: Arbitrary code execution when opening pdf links from other applications, when Firefox is configured as default pdf reader
#CVE-2020-6800: Memory safety bugs fixed in Firefox 73 and Firefox ESR 68.5
#CVE-2020-6801: Memory safety bugs fixed in Firefox 73
Revision 1.409 / (download) - annotate - [select for diffs], Sat Feb 8 22:11:53 2020 UTC (3 years, 9 months ago) by kamil
Branch: MAIN
Changes since 1.408: +2 -1
lines
Diff to previous 1.408 (colored)
firefox: Workaround broken pthread_equal() usage Switch to an internal version of pthread_equal() without sanity checks. Problems detected on NetBSD 9.99.46.
Revision 1.408 / (download) - annotate - [select for diffs], Wed Jan 22 13:34:26 2020 UTC (3 years, 10 months ago) by ryoon
Branch: MAIN
Changes since 1.407: +2 -3
lines
Diff to previous 1.407 (colored)
firefox: Update to 72.0.2
Changelog:
Fixed
Various stability fixes
Fixed issues opening files with spaces in their path (bug 1601905)
Fixed a hang opening about:logins when a master password is set (bug 1606992)
Fixed a web compatibility issue with CSS Shadow Parts which shipped in Firefox 72 (bug 1604989)
Fixed inconsistent playback performance for fullscreen 1080p videos on some systems (bug 1608485)
Revision 1.407 / (download) - annotate - [select for diffs], Sat Jan 18 21:51:06 2020 UTC (3 years, 10 months ago) by jperkin
Branch: MAIN
Changes since 1.406: +2 -2
lines
Diff to previous 1.406 (colored)
*: Recursive revision bump for openssl 1.1.1.
Revision 1.406 / (download) - annotate - [select for diffs], Wed Jan 15 10:50:37 2020 UTC (3 years, 10 months ago) by ryoon
Branch: MAIN
Changes since 1.405: +2 -1
lines
Diff to previous 1.405 (colored)
firefox: Allow hardware acceleration up to 4K UHD resolution Bump PKGREVISION.
Revision 1.405 / (download) - annotate - [select for diffs], Thu Jan 9 15:06:28 2020 UTC (3 years, 10 months ago) by ryoon
Branch: MAIN
Changes since 1.404: +6 -6
lines
Diff to previous 1.404 (colored)
firefox: Update to 72.0.1
Changelog:
72.0.1
Security fixes:
#CVE-2019-17026: IonMonkey type confusion with StoreElementHole and FallibleStoreElement
72.0
New
FirefoxãàÑÔ Enhanced Tracking Protection marks a major new
milestone in our battle against cross-site tracking: we now
block fingerprinting scripts by default for all users, taking
a new bold step in the fight for our usersãàprivacy.
Firefox replaces annoying notification request pop-ups with a
more delightful experience, by default for all users. The
pop-ups no longer interrupt your browsing, in its place, a
speech bubble will appear in the address bar when you interact
with the site.
Picture-in-picture video is now also available in Firefox for
Mac and Linux: Select the blue icon from the right edge of a
video to pop open a floating window so you can keep watching
while working in other tabs or apps. Learn how the feature
works.
Security fixes:
#CVE-2019-17015: Memory corruption in parent process during new content process initialization on Windows
#CVE-2019-17016: Bypass of @namespace CSS sanitization during pasting
#CVE-2019-17017: Type Confusion in XPCVariant.cpp
#CVE-2019-17018: Windows Keyboard in Private Browsing Mode may retain word suggestions
#CVE-2019-17019: Python files could be inadvertently executed upon opening a download
#CVE-2019-17020: Content Security Policy not applied to XSL stylesheets applied to XML documents
#CVE-2019-17021: Heap address disclosure in parent process during content process initialization on Windows
#CVE-2019-17022: CSS sanitization does not escape HTML tags
#CVE-2019-17023: NSS may negotiate TLS 1.2 or below after a TLS 1.3 HelloRetryRequest had been sent
#CVE-2019-17024: Memory safety bugs fixed in Firefox 72 and Firefox ESR 68.4
#CVE-2019-17025: Memory safety bugs fixed in Firefox 72
Revision 1.404 / (download) - annotate - [select for diffs], Sun Jan 5 17:55:22 2020 UTC (3 years, 10 months ago) by nia
Branch: MAIN
Changes since 1.403: +2 -1
lines
Diff to previous 1.403 (colored)
*: Enable Wayland where supported in GTK and Firefox. Bump PKGREVISIONs
Revision 1.403 / (download) - annotate - [select for diffs], Tue Dec 3 14:21:20 2019 UTC (3 years, 11 months ago) by ryoon
Branch: MAIN
CVS Tags: pkgsrc-2019Q4-base,
pkgsrc-2019Q4
Changes since 1.402: +3 -4
lines
Diff to previous 1.402 (colored)
Update to 71.0
* Remove oss option. Its patch is not usable for 71.0.
Changelog:
New
Improvements to Lockwise, our integrated password manager:
Firefox now recognizes subdomains and will autofill domain logins from Lockwise
Integrated breach alerts from Firefox Monitor are now available to users with screen readers
More information about Enhanced Tracking Protection in action:
Notifications when Firefox blocks cryptominers
A running tally of blocked trackers in the protection panel accessed by clicking the address bar shield
Picture-in-picture video comes to Firefox for Windows: Select the blue icon from the right edge of a video to pop open a floating window so you can keep watching while working in other tabs. Learn how the feature works.
Native MP3 decoding on Windows, Linux, and macOS
Security fixes:
Not available yet.
Revision 1.402 / (download) - annotate - [select for diffs], Tue Nov 12 12:31:16 2019 UTC (4 years ago) by ryoon
Branch: MAIN
Changes since 1.401: +10 -1
lines
Diff to previous 1.401 (colored)
Fix build with lang/rust-1.39.0 with upstream patch, bump PKGREVISION
Revision 1.401 / (download) - annotate - [select for diffs], Mon Nov 4 22:09:54 2019 UTC (4 years ago) by rillig
Branch: MAIN
Changes since 1.400: +6 -6
lines
Diff to previous 1.400 (colored)
www: align variable assignments pkglint -Wall -F --only aligned --only indent -r Manually excluded phraseanet since pkglint got the indentation wrong.
Revision 1.400 / (download) - annotate - [select for diffs], Sat Nov 2 02:09:32 2019 UTC (4 years, 1 month ago) by ryoon
Branch: MAIN
Changes since 1.399: +2 -2
lines
Diff to previous 1.399 (colored)
Update to 70.0.1
* Try to use pkgsrc clang/clang++ explicitly
Changelog:
Fixed
Fix for an issue that caused some websites or page elements using dynamic JavaScript to fail to load. (Bug 1592136)
Update OpenH264 video plugin for macOS 10.15 users (Bug 1587543)
Title bar no longer shows in full screen view (Bug 1588747)
Changed
OpenH264 video codec version bump for macOS 10.15 users (Bug 1587543)
Revision 1.399 / (download) - annotate - [select for diffs], Mon Oct 28 13:03:27 2019 UTC (4 years, 1 month ago) by ryoon
Branch: MAIN
Changes since 1.398: +5 -4
lines
Diff to previous 1.398 (colored)
Update to 70.0
* Offline build is incomplete. However I cannot finish the fix.
Changelog:
New
More privacy protections from Enhanced Tracking Protection:
Social tracking protection, which blocks cross-site tracking cookies from sites like Facebook, Twitter, and LinkedIn, is now a standard feature of Enhanced Tracking Protection.
The Privacy Protections report shows an overview, with details, of the trackers Firefox has blocked. It provides consolidated reports from Monitor and Lockwise.
More security protections from Firefox Lockwise, our digital identity and password management tool:
Lockwise for desktop lets you create, update, and delete your logins and passwords to sync across all your devices, including the Lockwise mobile apps and Firefox mobile browsersãà
Integrated breach alerts from Firefox Monitor, to alert you when saved logins and passwords are compromised in online data breaches.
Complex password generation, to help you create and save strong passwords for new online accounts.
Improvements to core engine components, for better browsing on more sites
A faster Javascript Baseline Interpreter to handle the modern webÑÔ
large codebases and improve page load performance by as much as 8
percent.
WebRender rolled out to more Firefox for Windows users, now available by default on Windows desktops with integrated Intel graphics cards and resolution of 1920x1200 or less) for improved graphics rendering.
Compositor improvements in Firefox for macOS that reduce power
consumption, speed up page load by as much as 22 percent, and reduce
resource use for video by up to 37 percent.
More browser features to help you get the most out of Firefox products and services
A stand-alone Firefox account menu for easy access to Firefox services like Monitor and Send.
A message panel accessed from the gift icon in the toolbar that offers a quick overview of new releases and key features.
When a website uses your geolocation, an indicator is shown in the
address bar.
Fixed
Various security fixes
Changed
Built-in Firefox pages now follow the system dark mode preference
Aliased theme properties have been removed, which may affect some themes
Passwords can now be imported from Chrome on macOS in addition to existing support for Windows
Readability is now greatly improved on under- or overlined texts, including links. The lines will now be interrupted instead of crossing over a glyph.
Improved privacy and security indicators
A new crossed-out lock icon will indicate sites delivered via
insecure HTTP
The formerly green lock icon is now grey
The Extended Validation (EV) indicator has been moved to the identity
popup that appears when clicking the lock icon
Security fixes:
#CVE-2018-6156: Heap buffer overflow in FEC processing in WebRTC
#CVE-2019-15903: Heap overflow in expat library in XML_GetCurrentLineNumber
#CVE-2019-11757: Use-after-free when creating index updates in IndexedDB
#CVE-2019-11759: Stack buffer overflow in HKDF output
#CVE-2019-11760: Stack buffer overflow in WebRTC networking
#CVE-2019-11761: Unintended access to a privileged JSONView object
#CVE-2019-11762: document.domain-based origin isolation has same-origin-property violation
#CVE-2019-11763: Incorrect HTML parsing results in XSS bypass technique
#CVE-2019-11765: Incorrect permissions could be granted to a website
#CVE-2019-17000: CSP bypass using object tag with data: URI
#CVE-2019-17001: CSP bypass using object tag when script-src 'none' is specified
#CVE-2019-17002: upgrade-insecure-requests was not being honored for links dragged and dropped
#CVE-2019-11764: Memory safety bugs fixed in Firefox 70 and Firefox ESR 68.2
Revision 1.398 / (download) - annotate - [select for diffs], Tue Oct 15 18:07:48 2019 UTC (4 years, 1 month ago) by ryoon
Branch: MAIN
Changes since 1.397: +2 -2
lines
Diff to previous 1.397 (colored)
Update to 69.0.3
Changelog:
Fixed
Fixed download errors for Windows 10 users with Parental Controls enabled (bug 1586228)
Fixed Yahoo mail users being prompted to download files when clicking on emails (bug 1582848)
Revision 1.397 / (download) - annotate - [select for diffs], Fri Oct 4 12:43:20 2019 UTC (4 years, 1 month ago) by ryoon
Branch: MAIN
Changes since 1.396: +2 -2
lines
Diff to previous 1.396 (colored)
Update to 69.0.2
Changelog:
Fixed
Fixed a crash when editing files on Office 365 websites (bug 1579858)
Fixed detection of the Windows 10 Parental Controls feature being enabled (bug 1584613)
Fixed a Linux-only crash when changing the playback speed while watching YouTube videos (bug 1582222)
Revision 1.396 / (download) - annotate - [select for diffs], Sat Sep 21 07:25:50 2019 UTC (4 years, 2 months ago) by ryoon
Branch: MAIN
CVS Tags: pkgsrc-2019Q3-base,
pkgsrc-2019Q3
Changes since 1.395: +7 -8
lines
Diff to previous 1.395 (colored)
Update to 69.0.1
Changelog:
Fixed
Fixed external programs launching in the background when clicking a link from inside Firefox to launch them (bug 1570845)
Usability improvements to the Add-ons Manager for users with screen readers (bug 1567600)
Fixed the Captive Portal notification bar not being dismissable in some situations after login is complete (bug 1578633)
Fixed the maximum size of fonts in Reader Mode when zoomed (bug 1578454)
Fixed missing stacks in the Developer Tools Performance section (bug 1578354)
Security and stability fixes
irefox 69.0.1
Security fixes:
#CVE-2019-11754: Pointer Lock is enabled with no user notification
Revision 1.395 / (download) - annotate - [select for diffs], Wed Sep 18 14:17:18 2019 UTC (4 years, 2 months ago) by ryoon
Branch: MAIN
Changes since 1.394: +2 -2
lines
Diff to previous 1.394 (colored)
Recursive revbump from audio/pulseaudio
Revision 1.394 / (download) - annotate - [select for diffs], Sat Sep 7 03:41:42 2019 UTC (4 years, 2 months ago) by gutteridge
Branch: MAIN
Changes since 1.393: +2 -1
lines
Diff to previous 1.393 (colored)
firefox: fix build when webrtc option is not enabled PeerConnectionIdp.jsm is installed universally, not just when webrtc is an enabled option.
Revision 1.393 / (download) - annotate - [select for diffs], Fri Sep 6 03:00:23 2019 UTC (4 years, 2 months ago) by ryoon
Branch: MAIN
Changes since 1.392: +3 -4
lines
Diff to previous 1.392 (colored)
Update to 69.0
* Use clang to compile all files. Mix of gcc and clang causes some errors in
Rust c++ command invocation (C++ header mismatches).
Changelog:
New
Enhanced Tracking Protection (ETP) rolls out stronger privacy protections:
The default standard setting for this feature now blocks third-party tracking cookies and cryptominers.
The optional strict setting blocks fingerprinters as well as the items blocked in the standard setting.
The Block Autoplay feature is enhanced to give users the option to block any video that automatically starts playing, not just those that automatically play with sound.
For our users in the US or using the en-US browser, we are shipping a new ãàׯew Tabãàpage experience that connects you to the best of PocketãàÑÔ content.
Support for the Web Authentication HmacSecret extension via Windows Hello now comes with this release, for versions of Windows 10 May 2019 or newer, enabling more passwordless experiences on the web.
Support for receiving multiple video codecs with this release makes it easier for WebRTC conferencing services to mix video from different clients.
For our users on Windows 10, youãàÑÍl see performance and UI improvements:
Firefox will give Windows hints to appropriately set content process priority levels, meaning more processor time spent on the tasks you're actively working on, and less processor time spent on things in the background (with the exception of video and audio playback).
For our existing Windows 10 users, you can easily find and launch Firefox from a shortcut on the Win10 taskbar.
For our users on macOS, battery life and download UI are both improved:
macOS users on dual-graphics-card machines (like MacBook Pro) will switch back to the low-power GPU more aggressively, saving battery life.
Finder on macOS now displays download progress for files being downloaded.
JIT support comes to ARM64 for improved performance of our JavaScript Optimizing JIT compiler.
Fixed
Various security fixes
Changed
As previously announced in the Plugin Roadmap for Firefox, the "Always Activate" option for Flash plugin content has been removed. Firefox will now always ask for user permission before activating Flash content on a website.
With the deprecation of Adobe Flash Player, there is no longer a need to identify users on 32-bit version of the Firefox browser on 64-bit version operating systems reducing user agent fingerprinting factors providing greater level of privacy to our users as well as improving the experience of downloading other apps.
Firefox no longer loads userChrome.css or userContent.css by default improving start-up performance. Users who wish to customize Firefox by using these files can set the toolkit.legacyUserProfileCustomizations.stylesheets preference to true to restore this ability.
Enterprise
For Enterprise system administrators that manage macOS computers, we begin shipping a Mozilla signed PKG installer to simplify your deployments.
Developer
For our mobile web developers, we have migrated remote debugging from the old WebIDE into a re-designed about:debugging, making debugging GeckoView on remote devices via USB rock solid.
The network panel will now show blocked resources to allow developers to best understand the impact of content blocking and ad blocking extensions given our ongoing expansion of Enhanced Tracking Protection to all users with this release.
The new event listener breakpoint feature allows developers to pause on a host of different event types, whether it be related to animations, DOM, media, mouse, touch, worker, and many other event types.
Firefox Developer Tools now offers an audit for the presence of text alternatives for non-text content, the a11y panel checks toolbar has been augmented to better help developers adhere to WCAG Guideline 1.1.
Security fixes:
#CVE-2019-11751: Malicious code execution through command line parameters
#CVE-2019-11746: Use-after-free while manipulating video
#CVE-2019-11744: XSS by breaking out of title and textarea elements using innerHTML
#CVE-2019-11742: Same-origin policy violation with SVG filters and canvas to steal cross-origin images
#CVE-2019-11736: File manipulation and privilege escalation in Mozilla Maintenance Service
#CVE-2019-11753: Privilege escalation with Mozilla Maintenance Service in custom Firefox installation location
#CVE-2019-11752: Use-after-free while extracting a key value in IndexedDB
#CVE-2019-9812: Sandbox escape through Firefox Sync
#CVE-2019-11741: Isolate addons.mozilla.org and accounts.firefox.com
#CVE-2019-11743: Cross-origin access to unload event attributes
#CVE-2019-11749: Camera information available without prompting using getUserMedia
#CVE-2019-5849: Out-of-bounds read in Skia
#CVE-2019-11750: Type confusion in Spidermonkey
#CVE-2019-11737: Content security policy directives ignore port and path if host is a wildcard
#CVE-2019-11738: Content security policy bypass through hash-based sources in directives
#CVE-2019-11747: 'Forget about this site' removes sites from pre-loaded HSTS list
#CVE-2019-11734: Memory safety bugs fixed in Firefox 69
#CVE-2019-11735: Memory safety bugs fixed in Firefox 69 and Firefox ESR 68.1
#CVE-2019-11740: Memory safety bugs fixed in Firefox 69, Firefox ESR 68.1, and Firefox ESR 60.9
Revision 1.392 / (download) - annotate - [select for diffs], Fri Aug 16 14:04:18 2019 UTC (4 years, 3 months ago) by ryoon
Branch: MAIN
Changes since 1.391: +2 -3
lines
Diff to previous 1.391 (colored)
Update to 68.0.2
Changelog:
Fixed
Fixed a bug causing some special characters to be cut off from the end of the search terms when searching from the URL bar (bug 1560228)
Allow fonts to be loaded via file:// URLs when opening a page locally (bug 1565942)
Printing emails from the Outlook web app no longer prints only the header and footer (bug 1567105)
Fixed a bug causing some images not to be displayed on reload, including on Google Maps (bug 1565542)
Fixed an error when starting external applications configured as URI handlers (bug 1567614)
Security fixes
#CVE-2019-11733: Stored passwords in 'Saved Logins' can be copied without master password entry
Revision 1.391 / (download) - annotate - [select for diffs], Sun Aug 11 13:24:19 2019 UTC (4 years, 3 months ago) by wiz
Branch: MAIN
Changes since 1.390: +2 -1
lines
Diff to previous 1.390 (colored)
Bump PKGREVISIONs for perl 5.30.0
Revision 1.390 / (download) - annotate - [select for diffs], Wed Jul 24 13:52:52 2019 UTC (4 years, 4 months ago) by ryoon
Branch: MAIN
Changes since 1.389: +2 -3
lines
Diff to previous 1.389 (colored)
Update to 68.0.1
Changelog:
Fixed
Fixed missing Full Screen button when watching videos in full
screen mode on HBO GO (bug 1562837)
Fixed a bug causing incorrect messages to appear for some
locales when sites try to request the use of the Storage Access
API (bug 1558503)
Users in Russian regions may have their default search engine
changed (bug 1565315)
Built-in search engines in some locales do not function correctly
(bug 1565779)
Revision 1.389 / (download) - annotate - [select for diffs], Sun Jul 21 22:25:53 2019 UTC (4 years, 4 months ago) by wiz
Branch: MAIN
Changes since 1.388: +2 -1
lines
Diff to previous 1.388 (colored)
*: recursive bump for gdk-pixbuf2-2.38.1
Revision 1.388 / (download) - annotate - [select for diffs], Thu Jul 11 11:32:40 2019 UTC (4 years, 4 months ago) by ryoon
Branch: MAIN
Changes since 1.387: +3 -3
lines
Diff to previous 1.387 (colored)
Update to 68.0
Changelog:
New
Dark mode in reader view expands so that windows are also dark on the controls, sidebars and toolbars.
Improved extension security and discovery:
New reporting feature in about:addons allows you to report security and performance issues with extensions and themes.
Redesigned extensions dashboard in about:addons provides easy access to information about your extensions, including data and settings access required by each extension.
Find high quality, secure extensions via the Recommended Extensions program in about:addons, which now displays user count and ratings for each extension. "Recommendedãàbadges for these extensions also appear on AMO. More extensions will be added over time.
Cryptomining and fingerprinting protections are added to strict content blocking settings in Privacy & Security preferences.
WebRender will roll out to Windows 10 users with AMD graphics cards.
Windows Background Intelligent Transfer Service (BITS) update download support, which allows Firefox update downloads to continue when Firefox is closed.
Fixed
Various security fixes
Local files can no longer access other files in the same directory.
Security fixes:
#CVE-2019-9811: Sandbox escape via installation of malicious language pack
#CVE-2019-11711: Script injection within domain through inner window reuse
#CVE-2019-11712: Cross-origin POST requests can be made with NPAPI plugins by following 308 redirects
#CVE-2019-11713: Use-after-free with HTTP/2 cached stream
#CVE-2019-11714: NeckoChild can trigger crash when accessed off of main thread
#CVE-2019-11729: Empty or malformed p256-ECDH public keys may trigger a segmentation fault
#CVE-2019-11715: HTML parsing error can contribute to content XSS
#CVE-2019-11716: globalThis not enumerable until accessed
#CVE-2019-11717: Caret character improperly escaped in origins
#CVE-2019-11718: Activity Stream writes unsanitized content to innerHTML
#CVE-2019-11719: Out-of-bounds read when importing curve25519 private key
#CVE-2019-11720: Character encoding XSS vulnerability
#CVE-2019-11721: Domain spoofing through unicode latin 'kra' character
#CVE-2019-11730: Same-origin policy treats all files in a directory as having the same-origin
#CVE-2019-11723: Cookie leakage during add-on fetching across private browsing boundaries
#CVE-2019-11724: Retired site input.mozilla.org has remote troubleshooting permissions
#CVE-2019-11725: Websocket resources bypass safebrowsing protections
#CVE-2019-11727: PKCS#1 v1.5 signatures can be used for TLS 1.3
#CVE-2019-11728: Port scanning through Alt-Svc header
#CVE-2019-11710: Memory safety bugs fixed in Firefox 68
#CVE-2019-11709: Memory safety bugs fixed in Firefox 68 and Firefox ESR 60.8
Revision 1.387 / (download) - annotate - [select for diffs], Fri Jun 21 16:35:32 2019 UTC (4 years, 5 months ago) by ryoon
Branch: MAIN
CVS Tags: pkgsrc-2019Q2-base,
pkgsrc-2019Q2
Changes since 1.386: +2 -2
lines
Diff to previous 1.386 (colored)
Update to 67.0.4 Changelog: #CVE-2019-11708: sandbox escape using Prompt:Open
Revision 1.386 / (download) - annotate - [select for diffs], Wed Jun 19 12:24:06 2019 UTC (4 years, 5 months ago) by ryoon
Branch: MAIN
Changes since 1.385: +2 -3
lines
Diff to previous 1.385 (colored)
Update to 67.0.3 Changelog: Security fix: #CVE-2019-11707: Type confusion in Array.pop
Revision 1.385 / (download) - annotate - [select for diffs], Thu Jun 13 22:05:24 2019 UTC (4 years, 5 months ago) by nia
Branch: MAIN
Changes since 1.384: +3 -1
lines
Diff to previous 1.384 (colored)
firefox: Add sun audio backend and make it a default where supported. This replaces the OSS backend with something that passes the unit tests, supports additional channels, and supports recording. It will be included with future versions of Firefox. Tested with: * YouTube audio-video sync test * about:support device detection * WebRTC microphone recording (using an USB microphone) Note: you can select an audio backend using the about:config variable media.cubeb.backend. This can be set to options such as sun/pulse/oss. Let me know if you still need to use the oss backend. It's very incomplete, buggy, and FreeBSD has already removed it - ideally we should eventually. Bump PKGREVISION.
Revision 1.384 / (download) - annotate - [select for diffs], Wed Jun 12 18:33:27 2019 UTC (4 years, 5 months ago) by ryoon
Branch: MAIN
Changes since 1.383: +2 -2
lines
Diff to previous 1.383 (colored)
Update to 67.0.2
Changelog:
Fixed
Fix JavaScript error ("TypeError: data is null in PrivacyFilter.jsm")
in console which may significantly degrade sessionstore
reliability and performance (bug 1553413)
Proxy authentication dialog box repeatedly pops up asking to
authenticate after upgrading to Firefox 67 (bug 1548804)
Pearson MyCloud breaks if FIDO U2F is not Chrome's implementation
(bug 1551282)
Starting in safe mode on Linux or macOS causes Firefox to think
on the subsequent launch that the profile is too recent to be
used with this version of Firefox (bug 1556612)
Linux distribution users can't easily install/use additional/different
languages using the built-in preferences UI (bug 1554744)
Developer tools users can't copy the href/src content from
various HTML tags via the context menu in the Inspector markup
view (bug 1552275)
Custom home page is broken with clearing data on shutdown
settings applied (bug 1554167)
Performance-regression for eclipse RAP based applications (bug
1555962)
macOS 10.15 crash fix (bug 1556076)
Can't start two downloads in parallel via <a download> anymore
(bug 1542912)
Revision 1.383 / (download) - annotate - [select for diffs], Sat Jun 8 11:46:02 2019 UTC (4 years, 5 months ago) by ryoon
Branch: MAIN
Changes since 1.382: +1 -5
lines
Diff to previous 1.382 (colored)
Simplify nasm and yasm conditional Noticed by szptvlfn@, thank you.
Revision 1.382 / (download) - annotate - [select for diffs], Fri Jun 7 19:15:44 2019 UTC (4 years, 5 months ago) by maya
Branch: MAIN
Changes since 1.381: +3 -1
lines
Diff to previous 1.381 (colored)
firefox: follow rjs@ commit to libaom: nasm is mostly a tool for x86 assembly, so I'm going to assume it's only needed for x86 builds on firefox as well.
Revision 1.381 / (download) - annotate - [select for diffs], Wed Jun 5 13:04:37 2019 UTC (4 years, 5 months ago) by ryoon
Branch: MAIN
Changes since 1.380: +2 -3
lines
Diff to previous 1.380 (colored)
Update to 67.0.1
Changelog:
In this version, Firefox helps you get better acquainted with our
family of products and services through a new experience that
includes a set of web pages and in-browser notifications. All
Firefox products and services have powerful privacy protection
built in; joining Firefox provides users with additional features
and capabilities. These experiences will highlight these benefits.
The new experience will roll out for English (en-US, en-GB, en-CA),
French (fr) and German (de) browser users today, expanding to other
languages in the coming weeks.
With the new experience, there will be an opportunity for users
to opt in for test-driving upcoming products during registration.
For new users, this release will come with Enhanced Tracking
Protection (ETP), stronger privacy protections on by default as
ãà×´tandardãàin the Privacy & Security setting. Firefox Enhanced
Tracking Protection will now automatically block third-party tracking
cookies that appear on the Disconnect list. Firefox will continue
to block third-party tracking loads in private windows, as it has
done since version 42.
For existing users, while ETP will be rolling out by default
in the coming months, you can turn this feature on today under
Preferences, select Privacy & Security to select the Custom
menu, and under the Content Blocking section, mark the Cookies
checkbox and choose ãà×µhird-party trackersãàin the Cookies pull
down menu.
Revision 1.380 / (download) - annotate - [select for diffs], Sat Jun 1 19:11:28 2019 UTC (4 years, 6 months ago) by maya
Branch: MAIN
Changes since 1.379: +2 -2
lines
Diff to previous 1.379 (colored)
firefox*: don't use /dev/sound on netbsd. it treats "pause" as a sticky operation and might randomly fail to play audio if another program has paused its audio. PR kern/54229
Revision 1.379 / (download) - annotate - [select for diffs], Sat Jun 1 12:52:10 2019 UTC (4 years, 6 months ago) by mef
Branch: MAIN
Changes since 1.378: +3 -1
lines
Diff to previous 1.378 (colored)
Add BUILD_DEPENDS+= nasm-[0-9]*:../../devel/nasm for AV1 support, thanks maya@ for review configure.log from bulkbuild shows following: | ERROR: nasm 2.13 or greater is required for AV1 support. Either install nasm or add --disable-av1 to your configure options. | *** Error code 1
Revision 1.378 / (download) - annotate - [select for diffs], Fri May 31 10:38:59 2019 UTC (4 years, 6 months ago) by maya
Branch: MAIN
Changes since 1.377: +2 -2
lines
Diff to previous 1.377 (colored)
firefox: tolerate libGL.so with a different major number on netbsd Fixes WebGL. PR pkg/54247 Bump PKGREVISION.
Revision 1.377 / (download) - annotate - [select for diffs], Mon May 27 14:19:26 2019 UTC (4 years, 6 months ago) by tsutsui
Branch: MAIN
Changes since 1.376: +2 -1
lines
Diff to previous 1.376 (colored)
firefox: fix wrong latency unit in stream_init() function. Based on a patch in PR pkg/54206 from Y.Sugahara. Bump PKGREVISION.
Revision 1.376 / (download) - annotate - [select for diffs], Sat May 25 20:17:04 2019 UTC (4 years, 6 months ago) by szptvlfn
Branch: MAIN
Changes since 1.375: +2 -2
lines
Diff to previous 1.375 (colored)
update firefox HOMEPAGE (http -> https)
Revision 1.375 / (download) - annotate - [select for diffs], Wed May 22 13:32:51 2019 UTC (4 years, 6 months ago) by ryoon
Branch: MAIN
Changes since 1.374: +3 -4
lines
Diff to previous 1.374 (colored)
Update to 67.0
Changelog:
New
Firefox 67 demonstrates improved performance thanks to a number of changes such as:
Lowering priority of setTimeout during page load
Delayed component initialization until after start up
Painting sooner during page load but less often
Suspending unused tabs
Learn more about our approach to performance in 67 in the Mozilla blog.
Users can block known cryptominers and fingerprinters in the Custom settings of their Content Blocking preferences.
Keyboard accessibility has improved in the latest version of Firefox. Toolbar and toolbar overflow menu are both fully keyboard accessible: keyboard users can now access add-ons, the downloads panel, the overflow, Page actions and Firefox menus, and much more.
Private Browsing sees both usability and security improvements:
Save passwords in private browsing mode
Choose which extensions to exclude from private tabs
A myriad of new features help make Firefox easier to use:
WeãàÑ×e added a toolbar menu for your Firefox Account to provide more transparency for when you are synced, sharing data across devices and with Firefox. Personalize the appearance of the menu with your own avatar
Tabs can now be pinned from the Page Actions menu in the address bar
Firefox will highlight useful features (like Pin Tabs) when users are most likely to benefit from them.
Easier access to your list of saved logins from the main menu and login autocomplete. Learn about all the ways you can manage your passwords in Firefox.
The Import Data from Another Browser feature is now also available from the File menu
Users will be able to run different Firefox installs side by side by default so that you can run the beta and release versions simultaneously
Firefox will now protect you against running older versions of the browser which can lead to data corruption and stability issues
Firefox is upgrading to the newer, higher performance, AV1 decoder known as ãàÏÅav1dãà
WebRender is gradually enabled by default on Windows 10 desktops with NVIDIA graphics cards
MozillaãàÑÔ highest performing JavaScript compiler now supports ARM64 Windows devices.
Enable FIDO U2F API, and permit registrations for Google Accounts
Some users will see experiments with an improved Pocket experience in Firefox Home with different layouts and more topical content.
Fixed
Various security fixes
#CVE-2019-9815: Disable hyperthreading on content JavaScript threads on macOS
#CVE-2019-9816: Type confusion with object groups and UnboxedObjects
#CVE-2019-9817: Stealing of cross-domain images using canvas
#CVE-2019-9818: Use-after-free in crash generation server
#CVE-2019-9819: Compartment mismatch with fetch API
#CVE-2019-9820: Use-after-free of ChromeEventHandler by DocShell
#CVE-2019-9821: Use-after-free in AssertWorkerThread
#CVE-2019-11691: Use-after-free in XMLHttpRequest
#CVE-2019-11692: Use-after-free removing listeners in the event listener manager
#CVE-2019-11693: Buffer overflow in WebGL bufferdata on Linux
#CVE-2019-7317: Use-after-free in png_image_free of libpng library
#CVE-2019-11694: Uninitialized memory memory leakage in Windows sandbox
#CVE-2019-11695: Custom cursor can render over user interface outside of web content
#CVE-2019-11t .JNLP files are not recognized as executable files for download prompts
#CVE-2019-11697: Pressing key combinations can bypass installation prompt delays and install extensions
#CVE-2019-11698: Theft of user history data through drag and drop of hyperlinks to andsulting bookmark is subsequently dragged and dropped into the web content area, an arbitrary query of a user's browser history can be run and transmitted to the content page via drop event data. This allows for the theft of browser history by a malicious site.
#CVE-2019-11700: res: protocol can be used to open known local files
#CVE-2019-11699: Incorrect domain name highlighting during page navigation
#CVE-2019-11701: webcal: protocol default handler loads vulnerable web page
#CVE-2019-9814: Memory safety bugs fixed in Firefox 67
#CVE-2019-9800: Memory safety bugs fixed in Firefox 67 and Firefox ESR 60.7
Revision 1.374 / (download) - annotate - [select for diffs], Wed May 22 06:24:17 2019 UTC (4 years, 6 months ago) by pho
Branch: MAIN
Changes since 1.373: +2 -1
lines
Diff to previous 1.373 (colored)
Add a patch to fix upstream bug 1553389; bump revision
Revision 1.373 / (download) - annotate - [select for diffs], Fri May 10 19:44:11 2019 UTC (4 years, 6 months ago) by ryoon
Branch: MAIN
Changes since 1.372: +2 -2
lines
Diff to previous 1.372 (colored)
Update to 66.0.5
Changelog:
Fixed:
Further improvements to re-enable web extensions which had been
disabled for users with a master password set (Bug 1549249).
Revision 1.372 / (download) - annotate - [select for diffs], Mon May 6 00:18:51 2019 UTC (4 years, 6 months ago) by ryoon
Branch: MAIN
Changes since 1.371: +2 -3
lines
Diff to previous 1.371 (colored)
Update to 66.0.4 Changelog: Fixed: Repaired certificate chain to re-enable web extensions that had been disabled
Revision 1.371 / (download) - annotate - [select for diffs], Sun May 5 22:49:52 2019 UTC (4 years, 6 months ago) by ryoon
Branch: MAIN
Changes since 1.370: +2 -2
lines
Diff to previous 1.370 (colored)
Recursive rebvump from devel/nss
Revision 1.370 / (download) - annotate - [select for diffs], Mon Apr 15 08:31:10 2019 UTC (4 years, 7 months ago) by pho
Branch: MAIN
Changes since 1.369: +2 -1
lines
Diff to previous 1.369 (colored)
Add a patch to fix upstream bug #1543602; bump revision
Revision 1.369 / (download) - annotate - [select for diffs], Thu Apr 11 13:42:32 2019 UTC (4 years, 7 months ago) by ryoon
Branch: MAIN
Changes since 1.368: +2 -3
lines
Diff to previous 1.368 (colored)
Update to 66.0.3
Changelog:
Fixed
Address bar on tablets running Windows 10 now behaves correctly (Bug 1498973)
Performance issues with some HTML5 games (Bug 1537609)
Fixed a bug with keypress events in IBM cloud applications (Bug 1538970)
Fix for keypress events in some Microsoft cloud applications (Bug 1539618)
Changed
Updated Baidu search plugin
Revision 1.368 / (download) - annotate - [select for diffs], Wed Apr 3 00:33:11 2019 UTC (4 years, 8 months ago) by ryoon
Branch: MAIN
Changes since 1.367: +2 -1
lines
Diff to previous 1.367 (colored)
Recursive revbump from textproc/icu
Revision 1.367 / (download) - annotate - [select for diffs], Mon Apr 1 12:27:52 2019 UTC (4 years, 8 months ago) by ryoon
Branch: MAIN
Changes since 1.366: +2 -2
lines
Diff to previous 1.366 (colored)
Update to 66.0.2
Changelog:
Fixed
Fixed Web compatibility issues with Office 365, iCloud and IBM
WebMail caused by recent changes to the handling of keyboard
events (Bug 1538966)
Crash fixes (bug 1521370, bug 1539118)
Revision 1.366 / (download) - annotate - [select for diffs], Sun Mar 24 05:44:14 2019 UTC (4 years, 8 months ago) by ryoon
Branch: MAIN
CVS Tags: pkgsrc-2019Q1-base,
pkgsrc-2019Q1
Changes since 1.365: +2 -3
lines
Diff to previous 1.365 (colored)
Update to 66.0.1 Changelog: Security fixes: #CVE-2019-9810: IonMonkey MArraySlice has incorrect alias information #CVE-2019-9813: Ionmonkey type confusion with __proto__ mutations
Revision 1.365 / (download) - annotate - [select for diffs], Wed Mar 20 14:38:17 2019 UTC (4 years, 8 months ago) by tsutsui
Branch: MAIN
Changes since 1.364: +2 -1
lines
Diff to previous 1.364 (colored)
firefox: 66.0 requires libwebp>=1.0.2. Bump PKGREVISION.
Revision 1.364 / (download) - annotate - [select for diffs], Tue Mar 19 16:11:27 2019 UTC (4 years, 8 months ago) by ryoon
Branch: MAIN
Changes since 1.363: +3 -4
lines
Diff to previous 1.363 (colored)
Update to 66.0
Changelog:
New
Firefox now prevents websites from automatically playing sound. You can add individual sites to an exceptions list or turn blocking off. To learn more about block autoplay, which will be rolled out gradually to all users, visit the Mozilla blog.
Improved search experience:
Find a specific webpage faster when you have a lot of tabs open: You can now search within all of your open tabs from the tab overflow menu
Easier search via a redesigned new tab in Private Windows
Smoother scrolling: Scroll anchoring keeps content from jumping as images and ads load at the top of the page
Improved performance and better user experience for extensions:
Extensions now store their settings in a Firefox database, rather than individual JSON files, making every site you visit faster
A redesigned keyboard shortcuts section in about:addons makes it easier to view and adjust default shortcuts
Redesigned certificate error pages help you better understand and resolve issues, including identification of certificate issuers for anti-virus software
Added basic support for macOS Touch Bar
Experimenting with an improved Pocket experience in New Tab with different layouts and more topical content
Improved performance and reduced crash rates by [doubling web content loading processes from 4 to 8 [1]
Easier, passwordless security: Added support for Windows Hello on Windows 10, allowing you to use your face, fingerprint, or external security keys for website authentication
Fixed
The Dark and Light Firefox themes now override the system setting for title bar accent color on Windows 10
Linux users: Resolved an issue that caused Firefox to freeze when downloading files
Various security fixes
Changed
System title bar is hidden by default to match Gnome guideline for Linux users
Developer
DevTools Inspector is now fully usable when the Debugger is paused
Lowered priority of setTimeout and setInterval during page load to improve overall page load performance
Fixed: <button> element is no longer special cased in event dispatch, per latest specifications
Security fixes:
Not available yet.
Revision 1.363 / (download) - annotate - [select for diffs], Fri Mar 15 12:52:42 2019 UTC (4 years, 8 months ago) by ryoon
Branch: MAIN
Changes since 1.362: +2 -2
lines
Diff to previous 1.362 (colored)
Fix build with webrtc option, bump PKGREVISION * webrtc option requires the internal libvpx. * And remove widevinecdm option. It is not useful.
Revision 1.362 / (download) - annotate - [select for diffs], Mon Mar 4 15:53:06 2019 UTC (4 years, 8 months ago) by ryoon
Branch: MAIN
Changes since 1.361: +2 -7
lines
Diff to previous 1.361 (colored)
Fix build with lang/rust-1.33.0. Bump PKGREVISION
Revision 1.361 / (download) - annotate - [select for diffs], Sun Mar 3 00:57:29 2019 UTC (4 years, 9 months ago) by ryoon
Branch: MAIN
Changes since 1.360: +2 -3
lines
Diff to previous 1.360 (colored)
Update to 65.0.2 Changelog: fixed: Fixed an issue with geolocation services affecting Windows users
Revision 1.360 / (download) - annotate - [select for diffs], Tue Feb 26 12:14:12 2019 UTC (4 years, 9 months ago) by rin
Branch: MAIN
Changes since 1.359: +13 -1
lines
Diff to previous 1.359 (colored)
Add support for NetBSD/aarch64 and arm. This includes patches for third_party/rust/libc 2.43, which requires hack to overwrite checksum fields in .cargo-checksum.json. These will become unnecessary if libc >= 2.45 is imported. For aarch64, - python locks up randomly when "make configure"; see lib/54017: http://gnats.netbsd.org/54017 - nodejs randomly(?) crashes sometimes. However, if you are luckly enough ;-), you will have a working binary. Bump revision.
Revision 1.359 / (download) - annotate - [select for diffs], Tue Feb 19 15:23:53 2019 UTC (4 years, 9 months ago) by ryoon
Branch: MAIN
Changes since 1.358: +2 -4
lines
Diff to previous 1.358 (colored)
Update to 65.0.1
Changelog:
Fixed
Fixed accidental requests to addons.mozilla.org when an addon recommendation doorhanger is shown (bug 1526387)
Improved playback of interactive Netflix videos (bug 1524500)
Fixed color management not working on macOS (bug 1506495)
Fixed incorrect sizing of the "Clear Recent History" window in some situations (bug 1523696)
Fixed audio & video delays while making WebRTC calls (bug 1521577 & bug 1523817)
Fixed video sizing problems during some WebRTC calls (bug 1520200)
Fixed looping CONNECT requests when using WebSockets over HTTP/2 from behind a proxy server (bug 1523427)
Fixed the "Enter" key not working on password entry fields for certain Linux distributions (bug 1523635)
Various stability and security fixes.
Security fixes:
#CVE-2018-18356: Use-after-free in Skia
#CVE-2019-5785: Integer overflow in Skia
#CVE-2018-18511: Cross-origin theft of images with ImageBitmapRenderingContext
Revision 1.358 / (download) - annotate - [select for diffs], Fri Feb 1 16:47:59 2019 UTC (4 years, 10 months ago) by ryoon
Branch: MAIN
Changes since 1.357: +2 -1
lines
Diff to previous 1.357 (colored)
Bump PKGREVISION * Use graphics/libwebp * Bump devel/cbindgen requirement (PR pkg/53925) * Enable system's addons, for example langpacks from www/firefox-l10n * Fix potential configure error from clock_gettime(CLOCK_MONOTONIC, ...)
Revision 1.357 / (download) - annotate - [select for diffs], Tue Jan 29 22:33:58 2019 UTC (4 years, 10 months ago) by tnn
Branch: MAIN
Changes since 1.356: +10 -14
lines
Diff to previous 1.356 (colored)
remove obsolete hacks.mk & reduce diffs between mozilla derivative packages
Revision 1.356 / (download) - annotate - [select for diffs], Tue Jan 29 16:28:22 2019 UTC (4 years, 10 months ago) by ryoon
Branch: MAIN
Changes since 1.355: +4 -3
lines
Diff to previous 1.355 (colored)
Updatet to 65.0
Changelog:
New
Enhanced tracking protection: Simplified content blocking settings give users standard, strict, and custom options to control online trackers. A redesigned content blocking section in the site information panel (viewed by expanding the small ãà×Êãàicon in the address bar) shows what Firefox detects and blocks on each website you visit. To learn more about content blocking, visit the Mozilla Blog.
A better experience for multilingual users: An updated Language section in Preferences allows users to install multiple language packs and order language preferences for Firefox and websites, without having to download locale-specific versions.
Support for Handoff on macOS: Continue browsing across devices. Pick up where you left off with iOS (via Firefox or Safari) on Firefox on Mac.
A better video streaming experience for Windows users: Firefox now supports the next-generation, royalty-free video compression technology called AV1. Read about MozillaãàÑÔ contribution to this new open standard.
Improved performance and web compatibility, with support for the WebP image format: WebP brings the same image quality as existing formats at smaller file sizes, which saves bandwidth and speeds up page load.
Fixed
Various security fixes.
Changed
Enhanced security for macOS, Linux, and Android users via stronger stack smashing protection which is now enabled by default for all platforms. "Stack smashing" is a common security attack in which malicious actors corrupt or take control of a vulnerable program.
Firefox will now warn you when closing a window (regardless of whether you have automatic session restore enabled for restart).
Easier performance management: The revamped Task Manager page found at about:performance now reports memory usage for tabs and add-ons.
Improved the pop-up blocker to prevent multiple pop-up windows from being opened by websites at the same time.
Security fixes:
Not available yet.
Revision 1.355 / (download) - annotate - [select for diffs], Wed Jan 23 15:45:48 2019 UTC (4 years, 10 months ago) by jperkin
Branch: MAIN
Changes since 1.354: +2 -1
lines
Diff to previous 1.354 (colored)
firefox: Remove -pie on SunOS.
Revision 1.354 / (download) - annotate - [select for diffs], Thu Jan 10 13:37:40 2019 UTC (4 years, 10 months ago) by ryoon
Branch: MAIN
Changes since 1.353: +2 -2
lines
Diff to previous 1.353 (colored)
Update to 64.0.2
Changelog:
Fixed
Fixed a browser crash on MacOS (bug 1510058)
Updated the Japanese translation for missing strings (bug 1513259)
Properly restore column sizes in developer tools inspector (bug 1503175)
Fixed video stuttering on Youtube (bug 1513511)
Fix updates for some lightweight themes (bug 1508777)
Revision 1.353 / (download) - annotate - [select for diffs], Wed Dec 12 14:08:50 2018 UTC (4 years, 11 months ago) by ryoon
Branch: MAIN
CVS Tags: pkgsrc-2018Q4-base,
pkgsrc-2018Q4
Changes since 1.352: +3 -4
lines
Diff to previous 1.352 (colored)
Update to 64.0
Changelog:
New
Better recommendations: You may see suggestions in regular browsing mode for new and relevant Firefox features, services, and extensions based on how you use the web (for US users only)
Enhanced tab management: You can now select multiple tabs from the tab bar and close, move, bookmark, or pin them quickly and easily
Easier performance management: The new Task Manager page found at about:performance lets you see how much energy each open tab consumes and provides access to close tabs to conserve power
Improved performance for Mac and Linux users, by enabling link time optimization (Clang LTO). (Clang LTO was enabled for Windows users in Firefox 63.)
More seamless sharing on Windows: Windows users can now share web pages using the native sharing experience. You can access Share in the Page Actions menu
Added option to remove add-ons using the context menu on their toolbar buttons
New for enterprise users: Updated the policy engine on macOS to allow using configuration profiles to customize Firefox for enterprise deployments
Fixed
Various security fixes
Changed
RSS feed preview and live bookmarks are available only via add-ons
TLS certificates issued by Symantec are no longer trusted by Firefox. Website operators are strongly encouraged to replace any remaining Symantec TLS certificates as soon as possible.
about:crashes has been redesigned to make it clear when a crash is being submitted to Mozilla, as well as being clear that removing crashes locally does not remove them from crash-stats.mozilla.com
The macOS keyboard shortcut to add "www" and ".com" to a URL is now ctrl-enter instead of [apple]-enter
Security fixes:
#CVE-2018-12407: Buffer overflow with ANGLE library when using VertexBuffer11 module
#CVE-2018-17466: Buffer overflow and out-of-bounds read in ANGLE library with TextureStorage11
#CVE-2018-18492: Use-after-free with select element
#CVE-2018-18493: Buffer overflow in accelerated 2D canvas with Skia
#CVE-2018-18494: Same-origin policy violation using location attribute and performance.getEntries to steal cross-origin URLs
#CVE-2018-18495: WebExtension content scripts can be loaded in about: pages
#CVE-2018-18496: Embedded feed preview page can be abused for clickjacking
#CVE-2018-18497: WebExtensions can load arbitrary URLs through pipe separators
#CVE-2018-18498: Integer overflow when calculating buffer sizes for images
#CVE-2018-12406: Memory safety bugs fixed in Firefox 64
#CVE-2018-12405: Memory safety bugs fixed in Firefox 64 and Firefox ESR 60.4
Revision 1.352 / (download) - annotate - [select for diffs], Sun Dec 9 18:52:49 2018 UTC (4 years, 11 months ago) by adam
Branch: MAIN
Changes since 1.351: +2 -2
lines
Diff to previous 1.351 (colored)
revbump after updating textproc/icu
Revision 1.351 / (download) - annotate - [select for diffs], Fri Nov 23 08:06:33 2018 UTC (5 years ago) by ryoon
Branch: MAIN
Changes since 1.350: +2 -1
lines
Diff to previous 1.350 (colored)
Recursive revbump from multimedia/libva
Revision 1.350 / (download) - annotate - [select for diffs], Fri Nov 16 23:38:59 2018 UTC (5 years ago) by maya
Branch: MAIN
Changes since 1.349: +2 -3
lines
Diff to previous 1.349 (colored)
firefox: update to 63.0.3
Games using WebGL (created in Unity) get stuck after very short time of gameplay (bug 1502748)
Slow page loading for some users with specific proxy configurations (bug 1495024)
Disable HTTP response throttling by default for causing bugs with videos in background tabs (bug 1503354)
Opening magnet links no longer works (bug 1498934)
Crash fixes (bug 1498510, bug 1503424)
Revision 1.349 / (download) - annotate - [select for diffs], Wed Nov 14 22:22:35 2018 UTC (5 years ago) by kleink
Branch: MAIN
Changes since 1.348: +2 -2
lines
Diff to previous 1.348 (colored)
Revbump after cairo 1.16.0 update.
Revision 1.348 / (download) - annotate - [select for diffs], Tue Nov 13 13:13:47 2018 UTC (5 years ago) by wiz
Branch: MAIN
Changes since 1.347: +1 -2
lines
Diff to previous 1.347 (colored)
firefox: Remove references to non-existent files.
Revision 1.347 / (download) - annotate - [select for diffs], Mon Nov 12 12:50:52 2018 UTC (5 years ago) by jperkin
Branch: MAIN
Changes since 1.346: +3 -1
lines
Diff to previous 1.346 (colored)
firefox: SunOS build fixes.
Revision 1.346 / (download) - annotate - [select for diffs], Mon Nov 12 03:53:03 2018 UTC (5 years ago) by ryoon
Branch: MAIN
Changes since 1.345: +2 -1
lines
Diff to previous 1.345 (colored)
Recursive revbump from hardbuzz-2.1.1
Revision 1.345 / (download) - annotate - [select for diffs], Sun Nov 4 00:38:44 2018 UTC (5 years ago) by ryoon
Branch: MAIN
Changes since 1.344: +3 -3
lines
Diff to previous 1.344 (colored)
Update to 63.0.1
* Minimize pkgsrc specific patches.
* A build system written in Rust lang does not find a C++ header files
from pkgsrc (non-base) GCC, this version is not buildable on NetBSD 7.
I will investigate this problem again.
Changelog:
63.0.1
Fixed
Snippets are not loaded due to missing element (bug 1503047)
Print preview always shows 30% scale when it is actually Shrink To Fit
(bug 1501952)
Dialog displayed when closing multiple windows shows unreplaced %1$S
placeholder in Japanese and potentially other locales (bug 1500823)
63.0
New
Performance and visual improvements for Windows users
Performance improvements for macOS users
Added content blocking, a collection of Firefox settings that offer
users greater control over technology that can track them around the
web. In 63, users can opt to block third-party tracking cookies or
block all trackers and create exceptions for trusted sites that don't
work correctly with content blocking enabled.
WebExtensions now run in their own process on Linux
Firefox now warns about having multiple windows and tabs open
when quitting from the main menu. The Save and Quit feature has been
removed. You can restore your session by ticking the box for Restore
previous session in the General->Startup options or by using Restore
Previous Session in the main menu.
Firefox now recognizes the operating system accessibility setting for
reducing animation
Added search shortcuts for Top Sites: Amazon and Google appear as Top
Sites tiles on the Firefox Home (New Tab) page. When selected these
tiles will change focus to the address bar to initiate a search.
Currently in US only.
Fixed
Resolved an issue that prevented the address bar from autofilling
bookmarked URLs in certain cases
Various security fixes
Changed
In the Library, the Open in Sidebar feature for individual bookmarks
was removed
The option to Never check for updates was removed from about:preferences.
You can use the DisableAppUpdate enterprise policy as a substitute.
The Ctrl+Tab shortcut now displays thumbnail previews of your tabs and
cycles through tabs in recently used order. This new default behavior
is activated only in new profiles and can be changed in preferences.
#CVE-2018-12391: HTTP Live Stream audio data is accessible cross-origin
#CVE-2018-12392: Crash with nested event loops
#CVE-2018-12393: Integer overflow during Unicode conversion while loading JavaScript
#CVE-2018-12395: WebExtension bypass of domain restrictions through header rewriting
#CVE-2018-12396: WebExtension content scripts can execute in disallowed contexts
#CVE-2018-12397: Missing warning prompt when WebExtension requests local file access
#CVE-2018-12398: CSP bypass through stylesheet injection in resource URIs
#CVE-2018-12399: Spoofing of protocol registration notification bar
#CVE-2018-12400: Favicons are cached in private browsing mode on Firefox for Android
#CVE-2018-12401: DOS attack through special resource URI parsing
#CVE-2018-12402: SameSite cookies leak when pages are explicitly saved
#CVE-2018-12403: Mixed content warning is not displayed when HTTPS page loads a favicon over HTTP
#CVE-2018-12388: Memory safety bugs fixed in Firefox 63
#CVE-2018-12390: Memory safety bugs fixed in Firefox 63 and Firefox ESR 60.3
Revision 1.343.2.1 / (download) - annotate - [select for diffs], Sun Oct 7 11:32:06 2018 UTC (5 years, 1 month ago) by spz
Branch: pkgsrc-2018Q3
Changes since 1.343: +2 -2
lines
Diff to previous 1.343 (colored) next main 1.344 (colored)
Pullup ticket #5839 - requested by maya
lang/spidermonkey52: security update
www/firefox-l10n: security update
www/firefox: security update
Revisions pulled up:
- lang/spidermonkey52/Makefile 1.10
- lang/spidermonkey52/distinfo 1.5
- lang/spidermonkey52/patches/patch-CVE-2018-12387 1.1
- www/firefox-l10n/Makefile 1.133
- www/firefox-l10n/distinfo 1.123
- www/firefox/Makefile 1.344
- www/firefox/distinfo 1.326
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: maya
Date: Wed Oct 3 17:30:30 UTC 2018
Modified Files:
pkgsrc/www/firefox: Makefile distinfo
Log Message:
firefox: update to 62.0.3
Fixed hangs on macOS Mojave (10.14) when various dialog windows (upload, download, print, etc) are activated (bug 1489785)
Fixed playback of some encrypted video streams on macOS (bug 1491940)
Unvisited bookmarks can once again be autofilled in the address bar (bug 1488879)
WebGL rendering issues (bug 1489099)
Updates from unpacked language packs no longer break the browser (bug 1488934)
Fix fallback on startup when a language pack is missing (bug 1492459)
Profile refresh from the Windows stub installer restarts the browser (bug 1491999)
Properly restore window size and position when restarting on Windows (bugs 1489214 and 1489852)
Avoid crash when sharing a profile with newer (as yet unreleased) versions of Firefox (bug 1490585)
Do not undo removal of search engines when using a language pack (bug 1489820)
Fixed rendering of some web sites (bug 1421885)
Restored compatibility with some sites using deprecated TLS settings (bug 1487517)
Fix screen share on MacOS when using multiple monitors (bug 1487419)
CVE-2018-12386: Type confusion in JavaScript
CVE-2018-12387:
CVE-2018-12385: Crash in TransportSecurityInfo due to cached data
To generate a diff of this commit:
cvs rdiff -u -r1.343 -r1.344 pkgsrc/www/firefox/Makefile
cvs rdiff -u -r1.325 -r1.326 pkgsrc/www/firefox/distinfo
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: maya
Date: Wed Oct 3 17:31:07 UTC 2018
Modified Files:
pkgsrc/www/firefox-l10n: Makefile distinfo
Log Message:
firefox-l10n: catch up to www/firefox update.
To generate a diff of this commit:
cvs rdiff -u -r1.132 -r1.133 pkgsrc/www/firefox-l10n/Makefile
cvs rdiff -u -r1.122 -r1.123 pkgsrc/www/firefox-l10n/distinfo
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: maya
Date: Wed Oct 3 18:58:23 UTC 2018
Modified Files:
pkgsrc/lang/spidermonkey52: Makefile distinfo
Added Files:
pkgsrc/lang/spidermonkey52/patches: patch-CVE-2018-12387
Log Message:
spidermonkey52: backport patch for CVE-2018-12387
Don't inline push with more than 1 argument
A vulnerability where the JavaScript JIT compiler inlines Array.prototype.push with multiple arguments that results in the stack pointer being off by 8 bytes after a bailout. This leaks a memory
address to the calling function which can be used as part of an exploit inside the sandboxed content process.
Bump PKGREVISION
To generate a diff of this commit:
cvs rdiff -u -r1.9 -r1.10 pkgsrc/lang/spidermonkey52/Makefile
cvs rdiff -u -r1.4 -r1.5 pkgsrc/lang/spidermonkey52/distinfo
cvs rdiff -u -r0 -r1.1 \
pkgsrc/lang/spidermonkey52/patches/patch-CVE-2018-12387
Revision 1.344 / (download) - annotate - [select for diffs], Wed Oct 3 17:30:30 2018 UTC (5 years, 1 month ago) by maya
Branch: MAIN
Changes since 1.343: +2 -2
lines
Diff to previous 1.343 (colored)
firefox: update to 62.0.3 Fixed hangs on macOS Mojave (10.14) when various dialog windows (upload, download, print, etc) are activated (bug 1489785) Fixed playback of some encrypted video streams on macOS (bug 1491940) Unvisited bookmarks can once again be autofilled in the address bar (bug 1488879) WebGL rendering issues (bug 1489099) Updates from unpacked language packs no longer break the browser (bug 1488934) Fix fallback on startup when a language pack is missing (bug 1492459) Profile refresh from the Windows stub installer restarts the browser (bug 1491999) Properly restore window size and position when restarting on Windows (bugs 1489214 and 1489852) Avoid crash when sharing a profile with newer (as yet unreleased) versions of Firefox (bug 1490585) Do not undo removal of search engines when using a language pack (bug 1489820) Fixed rendering of some web sites (bug 1421885) Restored compatibility with some sites using deprecated TLS settings (bug 1487517) Fix screen share on MacOS when using multiple monitors (bug 1487419) CVE-2018-12386: Type confusion in JavaScript CVE-2018-12387: CVE-2018-12385: Crash in TransportSecurityInfo due to cached data
Revision 1.343 / (download) - annotate - [select for diffs], Wed Sep 5 15:29:58 2018 UTC (5 years, 2 months ago) by ryoon
Branch: MAIN
CVS Tags: pkgsrc-2018Q3-base
Branch point for: pkgsrc-2018Q3
Changes since 1.342: +3 -4
lines
Diff to previous 1.342 (colored)
Update to 62.0
Changelog:
New
Firefox Home (the default New Tab) now allows users to display up to
4 rows of top sites, Pocket stories, and highlights
"Reopen in Container" tab menu option appears for users with Containers
that lets them choose to reopen a tab in a different container
In advance of removing all trust for Symantec-issued certificates in
Firefox 63, a preference was added that allows users to distrust
certificates issued by Symantec. To use this preference, go to
about:config in the address bar and set the preference
"security.pki.distrust_ca_policy" to 2.
Added FreeBSD support for WebAuthn
Improved graphics rendering for Windows users without accelerated hardware
using Parallel-Off-Main-Thread Painting
Support for CSS Shapes, allowing for richer web page layouts. This goes
hand in hand with a brand new Shape Path Editor in the CSS inspector.
CSS Variable Fonts (OpenType Font Variations) support, which makes it
possible to create beautiful typography with a single font file
Updates for enterprise environments:
AutoConfig is sandboxed to the documented API by default. You
can disable the sandbox by setting the preference
general.config.sandbox_enabled to false. Our long term plan is to
remove the ability to turn off the sandboxing. If you need to
continue to use more complex AutoConfig scripts, you will need to use
Firefox Extended Support Release (ESR).
Added Canadian English (en-CA) locale
Changed
Removed the description field for bookmarks. Users who have stored
descriptions using the field may wish to export these descriptions
as html or json files, as they will be removed in a future release.
Dark theme is automatically enabled in macOS 10.14 dark mode
Changed the default setting to Enforce (3) for the
security.pki.name_matching_mode preference
Adobe Flash applets now run in a more secure mode using process
sandboxing on macOS. Learn how this may affect features here.
Users disconnecting from Sync are now offered the option to wipe
their Firefox profile data (including bookmarks, passwords, history,
cookies, and site data) from their desktop computer
Changed how WebRTC handles screen sharing: When screen-sharing a window,
the window will be brought to front
Developer
Three-pane Inspector in Developer Tools separates the rules into its own
panel
Revision 1.342 / (download) - annotate - [select for diffs], Wed Aug 22 09:47:24 2018 UTC (5 years, 3 months ago) by wiz
Branch: MAIN
Changes since 1.341: +2 -1
lines
Diff to previous 1.341 (colored)
Recursive bump for perl5-5.28.0
Revision 1.341 / (download) - annotate - [select for diffs], Sat Aug 11 18:45:15 2018 UTC (5 years, 3 months ago) by ryoon
Branch: MAIN
Changes since 1.340: +2 -3
lines
Diff to previous 1.340 (colored)
Update to 61.0.2
Changelog:
New
Adds support for automatically restoring your Firefox session
after Windows restarts. Currently, this feature is not enabled
by default for most users, but will be gradually enabled over
the coming weeks.
Fixed
Improved website rendering with the Retained Display List
feature enabled (Bug 1474402)
Fixed broken DevTools panels with certain extensions installed
(Bug 1474379)
Fixed a crash for users with some accessibility tools enabled
(Bug 1474007)
Revision 1.340 / (download) - annotate - [select for diffs], Fri Jul 20 03:34:31 2018 UTC (5 years, 4 months ago) by ryoon
Branch: MAIN
Changes since 1.339: +2 -2
lines
Diff to previous 1.339 (colored)
Recursive revbump from textproc/icu-62.1
Revision 1.339 / (download) - annotate - [select for diffs], Mon Jul 16 02:03:15 2018 UTC (5 years, 4 months ago) by ryoon
Branch: MAIN
Changes since 1.338: +2 -2
lines
Diff to previous 1.338 (colored)
Bump PKGREVISION. Change ffmpeg to 4 from 3
Revision 1.338 / (download) - annotate - [select for diffs], Sun Jul 15 23:15:01 2018 UTC (5 years, 4 months ago) by ryoon
Branch: MAIN
Changes since 1.337: +2 -1
lines
Diff to previous 1.337 (colored)
Fix PR pkg/53429. Use libstdc++ from pkgsrc gcc61-libs to fix runtime error BUmp PKGREVISION
Revision 1.337 / (download) - annotate - [select for diffs], Fri Jul 6 20:51:57 2018 UTC (5 years, 4 months ago) by ryoon
Branch: MAIN
Changes since 1.336: +2 -3
lines
Diff to previous 1.336 (colored)
Update to 61.0.1
Changelog:
Fixed
Fixed broken website loading for Chinese users with accessibility enabled (Bug 1471824)
Fix missing content on the New Tab Page and the Home section of the Preferences page (Bug 1471375)
Fixed loss of bookmarks under rare circumstances when upgrading from Firefox 60 (Bug 1472127)
Improved playback of Twitch 1080p video streams (Bug 1469257)
Web pages no longer lose focus when a browser popup window is opened (Bug 1471415)
Fixed launching of downloads without a file extension on Windows (Bug 1465458)
Re-allowed downloading files from FTP sites via the "Save Link As" option when linked from HTTP pages (Bug 1470295)
Fixed extensions being unable to override the default homepage in certain situations (Bug 1466846)
Revision 1.336 / (download) - annotate - [select for diffs], Fri Jul 6 20:51:24 2018 UTC (5 years, 4 months ago) by ryoon
Branch: MAIN
Changes since 1.335: +3 -1
lines
Diff to previous 1.335 (colored)
Fix build under NetBSD/{i386,amd64} 8.0_RC2 with lang/gcc6
Revision 1.335 / (download) - annotate - [select for diffs], Fri Jul 6 15:06:50 2018 UTC (5 years, 4 months ago) by ryoon
Branch: MAIN
Changes since 1.334: +2 -1
lines
Diff to previous 1.334 (colored)
Recursive revbump from audio/pulseaudio
Revision 1.334 / (download) - annotate - [select for diffs], Thu Jun 28 13:52:37 2018 UTC (5 years, 5 months ago) by ryoon
Branch: MAIN
CVS Tags: pkgsrc-2018Q2-base,
pkgsrc-2018Q2
Changes since 1.333: +3 -3
lines
Diff to previous 1.333 (colored)
Update to 61.0
Changelog:
New
Enhanced performance:
Faster page rendering with Quantum CSS improvements and the new
retained display list feature
Faster switching between tabs on Windows and Linux
WebExtensions now run in their own process on MacOS
Convenient access to more search engines: You can now add search engines
to the address bar "Search with" tool from the page action menu when on
a webpage that provides an OpenSearch plugin
Share links from Firefox for MacOS more easily: You can now share the URL
of an active tab from the page actions menu in the address bar
Improved security:
On-by-default support for the latest draft of the TLS 1.3 specification
Access to FTP subresources inside http(s) pages has been blocked
A more consistent user experience: Improvements for dark theme support
across the entire Firefox user interface
More customization for tab management: added support to allow WebExtensions
to hide tabs
Improved bookmark syncing
Fixed
Various security fixes
Changed
The settings for customizing your homepage and new tab page in Firefox
have been added to a new Preferences section that can be accessed from
Firefox at about:preferences#home. The settings can also be accessed via
the gear icon on the New Tab page.
Security fixes:
#CVE-2018-12359: Buffer overflow using computed size of canvas element
#CVE-2018-12360: Use-after-free when using focus()
#CVE-2018-12361: Integer overflow in SwizzleData
#CVE-2018-12358: Same-origin bypass using service worker and redirection
#CVE-2018-12362: Integer overflow in SSSE3 scaler
#CVE-2018-5156: Media recorder segmentation fault when track type is changed during capture
#CVE-2018-12363: Use-after-free when appending DOM nodes
#CVE-2018-12364: CSRF attacks through 307 redirects and NPAPI plugins
#CVE-2018-12365: Compromised IPC child process can list local filenames
#CVE-2018-12371: Integer overflow in Skia library during edge builder allocation
#CVE-2018-12366: Invalid data handling during QCMS transformations
#CVE-2018-12367: Timing attack mitigation of PerformanceNavigationTiming
#CVE-2018-12368: No warning when opening executable SettingContent-ms files
#CVE-2018-12369: WebExtension security permission checks bypassed by embedded experiments
#CVE-2018-12370: SameSite cookie protections bypassed when exiting Reader View
#CVE-2018-5186: Memory safety bugs fixed in Firefox 61
#CVE-2018-5187: Memory safety bugs fixed in Firefox 60 and Firefox ESR 60.1
#CVE-2018-5188: Memory safety bugs fixed in Firefox 60, Firefox ESR 60.1, and Firefox ESR 52.9
Revision 1.333 / (download) - annotate - [select for diffs], Sun Jun 10 04:09:05 2018 UTC (5 years, 5 months ago) by ryoon
Branch: MAIN
Changes since 1.332: +2 -2
lines
Diff to previous 1.332 (colored)
Update to 60.0.2
Changelog:
Fixed
Fix missing nodes in the developer tools Inspector panel (bug 1460223)
Various security fixes
Fix font rendering when using third-party font managers on OS X 10.11
and earlier (bug 1460917)
Security fix:
#CVE-2018-6126: Heap buffer overflow rasterizing paths in SVG with Skia
Revision 1.332 / (download) - annotate - [select for diffs], Fri May 18 12:50:09 2018 UTC (5 years, 6 months ago) by ryoon
Branch: MAIN
Changes since 1.331: +2 -2
lines
Diff to previous 1.331 (colored)
Update to 60.0.1
* Restore automatic www/firefox-l10n selection
* Disable multiprocess window by default to reduce tab crashes
Changelog:
fixed
Avoid overly long cycle collector pauses with some add-ons installed (Bug 1449033)
After unckecking the "Sponsored Stories" option, the New Tab page now immediately stops displaying "Sponsored content" cards (Bug 1458906)
On touchscreen devices, fixed momentum scrolling on non-zoomable pages (Bug 1457743)
Fixed black map on Google Maps with updated Nvidia Web Drivers on macOS (Bug 1458553)
Use the right default background when opening tabs or windows in high contrast mode (Bug 1458956)
The Firefox uninstaller on Windows is now translated again (Bug 1436662)
Restored translations of the Preferences panels when using a language pack (Bug 1461590)
Revision 1.331 / (download) - annotate - [select for diffs], Thu May 10 20:01:53 2018 UTC (5 years, 6 months ago) by ryoon
Branch: MAIN
Changes since 1.330: +9 -7
lines
Diff to previous 1.330 (colored)
Update to 60.0
* Remove untested patches including NetBSD/earm support
Changelog:
New
Added a policy engine that allows customized Firefox deployments in
enterprise environments, using Windows Group Policy or a cross-platform
JSON file
Enhancements to New Tab / Firefox Home
Responsive layout that shows more content for users with wide-screen
displays
Highlights section includes web sites saved to Pocket
More options to reorder sections and content on the page
Pocket Sponsored Stories will appear for a percentage of users in
the US. Read about our privacy-conscious approach to sponsored content
Redesigned Cookies and Site Storage section in Preferences for greater
clarity and control of first- and third-party cookies
Applied Quantum CSS to render browser UI
Added support for Web Authentication API, which allows USB tokens for
website authentication
Enhanced camera privacy indicators: Firefox now turns off your camera
and the camera's light when you disable video recording, and turns
the camera and light on when you resume recording
Added an option for Linux users to show or hide page titles in a bar
at the top of the browser. You'll find the Title Bar option in the
Customize panel available from the main browser menu.
Improved WebRTC audio performance and playback for Linux users
Locale added: Occitan (oc)
Fixed
Various security fixes
Changed
#CVE-2018-5154: Use-after-free with SVG animations and clip paths
#CVE-2018-5155: Use-after-free with SVG animations and text paths
#CVE-2018-5157: Same-origin bypass of PDF Viewer to view protected PDF files
#CVE-2018-5158: Malicious PDF can inject JavaScript into PDF Viewer
#CVE-2018-5159: Integer overflow and out-of-bounds write in Skia
#CVE-2018-5160: Uninitialized memory use by WebRTC encoder
#CVE-2018-5152: WebExtensions information leak through webRequest API
#CVE-2018-5153: Out-of-bounds read in mixed content websocket messages
#CVE-2018-5163: Replacing cached data in JavaScript Start-up Bytecode Cache
#CVE-2018-5164: CSP not applied to all multipart content sent with
multipart/x-mixed-replace
#CVE-2018-5166: WebExtension host permission bypass through filterReponseData
#CVE-2018-5167: Improper linkification of chrome: and javascript: content
in web console and JavaScript debugger
#CVE-2018-5168: Lightweight themes can be installed without user interaction
#CVE-2018-5169: Dragging and dropping link text onto home button can set home
page to include chrome pages
#CVE-2018-5172: Pasted script from clipboard can run in the Live Bookmarks
page or PDF viewer
#CVE-2018-5173: File name spoofing of Downloads panel with Unicode characters
#CVE-2018-5174: Windows Defender SmartScreen UI runs with less secure behavior
for downloaded files in Windows 10 April 2018 Update
#CVE-2018-5175: Universal CSP bypass on sites using strict-dynamic in
their policies
#CVE-2018-5176: JSON Viewer script injection
#CVE-2018-5177: Buffer overflow in XSLT during number formatting
#CVE-2018-5165: Checkbox for enabling Flash protected mode is inverted in
32-bit Firefox
#CVE-2018-5180: heap-use-after-free in mozilla::WebGLContext::DrawElementsInstanced
#CVE-2018-5181: Local file can be displayed in noopener tab through drag and
drop of hyperlink
#CVE-2018-5182: Local file can be displayed from hyperlink dragged and dropped
on addressbar
#CVE-2018-5151: Memory safety bugs fixed in Firefox 60
#CVE-2018-5150: Memory safety bugs fixed in Firefox 60 and Firefox ESR 52.8
Revision 1.330 / (download) - annotate - [select for diffs], Tue May 8 10:38:57 2018 UTC (5 years, 6 months ago) by maya
Branch: MAIN
Changes since 1.329: +3 -4
lines
Diff to previous 1.329 (colored)
firefox: update to 59.0.3 Fix for compatibility with Windows 10 April 2018 update (Bug 1452619)
Revision 1.329 / (download) - annotate - [select for diffs], Sun Apr 29 13:36:00 2018 UTC (5 years, 7 months ago) by martin
Branch: MAIN
Changes since 1.328: +2 -2
lines
Diff to previous 1.328 (colored)
My calendar is off - can't ride a bump from a earlier this months, so bump PKGREVISION for clipboard paste fixes.
Revision 1.328 / (download) - annotate - [select for diffs], Mon Apr 16 14:35:18 2018 UTC (5 years, 7 months ago) by wiz
Branch: MAIN
Changes since 1.327: +2 -2
lines
Diff to previous 1.327 (colored)
Recursive bump for new fribidi dependency in pango.
Revision 1.327 / (download) - annotate - [select for diffs], Sat Apr 14 07:05:14 2018 UTC (5 years, 7 months ago) by ryoon
Branch: MAIN
Changes since 1.326: +2 -2
lines
Diff to previous 1.326 (colored)
Autodetect www/firefox UI language, bump PKGREVISION of www/firefox
Revision 1.326 / (download) - annotate - [select for diffs], Tue Apr 3 03:10:51 2018 UTC (5 years, 8 months ago) by ryoon
Branch: MAIN
Changes since 1.325: +2 -1
lines
Diff to previous 1.325 (colored)
Remove EME support for NetBSD. Bump PKGREVISION I cannot provide effective CDM module.
Revision 1.325 / (download) - annotate - [select for diffs], Mon Mar 26 22:24:45 2018 UTC (5 years, 8 months ago) by maya
Branch: MAIN
CVS Tags: pkgsrc-2018Q1-base,
pkgsrc-2018Q1
Changes since 1.324: +3 -3
lines
Diff to previous 1.324 (colored)
firefox: update to 59.0.2 CVE-2018-5148: Use-after-free in compositor Invalid page rendering with hardware acceleration enabled (Bug 1435472) Windows 7 users with touch screens or certain 3rd party desktop applications which interact with Firefox through accessibility services may experience random browser crashes. Known 3rd party applicatioins with issues: StickyPassword, Windows 7 touch screen. (Bug 1424505) Browser keyboard shortcuts (eg copy Ctrl+C) don't work on sites that use those keys with resistFingerprinting enabled (Bug 1433592) High CPU / memory churn caused by third-party software on some computers (Bug 1446280) Users who have configured an "automatic proxy configuration URL" and want to reload their proxy settings from the URL will find the Reload button disabled in the Connection Settings dialog when they select Preferences/Options > Network Proxy > Settings... (Bug 1445991) URL Fragment Identifiers Break Service Worker Responses (Bug 1443850) User's trying to cancel a print around the time it completes will continue to get intermittent crashes (Bug 1441598) Broken getUserMedia (audio) on DragonFly, FreeBSD, NetBSD, OpenBSD. Video chat apps either wouldn't work or be always muted (Bug 1444074)
Revision 1.315.2.2 / (download) - annotate - [select for diffs], Thu Mar 22 06:56:21 2018 UTC (5 years, 8 months ago) by spz
Branch: pkgsrc-2017Q4
Changes since 1.315.2.1: +9 -12
lines
Diff to previous 1.315.2.1 (colored) to branchpoint 1.315 (colored) next main 1.316 (colored)
Pullup ticket #5728 - requested by maya
devel/nspr: dependency update
devel/nss: dependency update
www/firefox-l10n: dependent update
www/firefox: security update
Revisions pulled up:
- devel/nspr/Makefile 1.94-1.95
- devel/nspr/distinfo 1.48-1.49
- devel/nspr/patches/patch-az deleted
- devel/nspr/patches/patch-nspr_pr_include_md___pth.h 1.1
- devel/nspr/patches/patch-nspr_pr_src_pthreads_ptthread.c 1.1
- devel/nspr/patches/patch-nsprpub_pr_include_md__pth.h deleted
- devel/nss/Makefile 1.146,1.148
- devel/nss/PLIST 1.24
- devel/nss/distinfo 1.81,1.83
- devel/nss/patches/patch-nss_lib_freebl_config.mk deleted
- devel/nss/patches/patch-nss_lib_freebl_verified_kremlib.h deleted
- www/firefox-l10n/Makefile 1.121-1.123
- www/firefox-l10n/distinfo 1.111-1.113
- www/firefox/Makefile 1.320-1.321,1.324
- www/firefox/PLIST 1.127
- www/firefox/distinfo 1.307-1.309
- www/firefox/mozilla-common.mk 1.105-1.106
- www/firefox/patches/patch-aa 1.56
- www/firefox/patches/patch-build_gyp.mozbuild 1.8
- www/firefox/patches/patch-build_moz.configure_keyfiles.configure 1.5
- www/firefox/patches/patch-build_moz.configure_memory.configure deleted
- www/firefox/patches/patch-config_baseconfig.mk deleted
- www/firefox/patches/patch-config_external_moz.build 1.17
- www/firefox/patches/patch-dom_media_moz.build 1.9
- www/firefox/patches/patch-gfx_skia_generate__mozbuild.py 1.8
- www/firefox/patches/patch-gfx_skia_moz.build 1.15
- www/firefox/patches/patch-gfx_thebes_moz.build 1.9
- www/firefox/patches/patch-media_libcubeb_gtest_moz.build 1.2
- www/firefox/patches/patch-media_libtheora_moz.build 1.8
- www/firefox/patches/patch-media_libvorbis_moz.build 1.4
- www/firefox/patches/patch-media_webrtc_trunk_webrtc_modules_audio__device_linux_audio__device__alsa__linux.cc 1.1
- www/firefox/patches/patch-modules_libpref_init_all.js 1.7
- www/firefox/patches/patch-modules_pdfium_update.sh 1.2
- www/firefox/patches/patch-netwerk_dns_moz.build 1.8
- www/firefox/patches/patch-netwerk_srtp_src_crypto_hash_hmac.c deleted
- www/firefox/patches/patch-netwerk_srtp_src_crypto_kernel_crypto__kernel.c deleted
- www/firefox/patches/patch-servo_components_style_properties_helpers_animated__properties.mako.rs deleted
- www/firefox/patches/patch-third__party_rust_simd_.cargo-checksum.json 1.1
- www/firefox/patches/patch-third__party_rust_simd_src_x86_avx2.rs 1.1
- www/firefox/patches/patch-toolkit_crashreporter_google-breakpad_src_third_party_curl_curlbuild.h deleted
- www/firefox/patches/patch-toolkit_moz.configure 1.10
- www/firefox/patches/patch-toolkit_xre_nsEmbedFunctions.cpp deleted
- www/firefox/patches/patch-xpcom_build_BinaryPath.h 1.3-1.4
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: ryoon
Date: Wed Jan 24 16:21:43 UTC 2018
Modified Files:
pkgsrc/devel/nspr: Makefile distinfo
Added Files:
pkgsrc/devel/nspr/patches: patch-nspr_pr_include_md___pth.h
patch-nspr_pr_src_pthreads_ptthread.c
Removed Files:
pkgsrc/devel/nspr/patches: patch-az patch-nsprpub_pr_include_md__pth.h
Log Message:
Update to 4.18
Changelog:
NSPR 4.18 contains the following changes:
- removed HP-UX DCE threads support
- improvements for the Windows implementation of PR_SetCurrentThreadName
- fixes for the Windows implementation of TCP Fast Open
To generate a diff of this commit:
cvs rdiff -u -r1.93 -r1.94 pkgsrc/devel/nspr/Makefile
cvs rdiff -u -r1.47 -r1.48 pkgsrc/devel/nspr/distinfo
cvs rdiff -u -r1.4 -r0 pkgsrc/devel/nspr/patches/patch-az
cvs rdiff -u -r0 -r1.1 \
pkgsrc/devel/nspr/patches/patch-nspr_pr_include_md___pth.h \
pkgsrc/devel/nspr/patches/patch-nspr_pr_src_pthreads_ptthread.c
cvs rdiff -u -r1.3 -r0 \
pkgsrc/devel/nspr/patches/patch-nsprpub_pr_include_md__pth.h
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: ryoon
Date: Sat Mar 17 01:06:18 UTC 2018
Modified Files:
pkgsrc/devel/nspr: Makefile distinfo
Log Message:
Update to 4.29
Changelog:
NSPR 4.19 contains the following changes:
- changed order of shutdown cleanup to avoid a crash on Mac OSX
- build compatibility with Android NDK r16 and glibc 2.26
To generate a diff of this commit:
cvs rdiff -u -r1.94 -r1.95 pkgsrc/devel/nspr/Makefile
cvs rdiff -u -r1.48 -r1.49 pkgsrc/devel/nspr/distinfo
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: ryoon
Date: Wed Jan 24 16:23:52 UTC 2018
Modified Files:
pkgsrc/devel/nss: Makefile distinfo
Removed Files:
pkgsrc/devel/nss/patches: patch-nss_lib_freebl_config.mk
patch-nss_lib_freebl_verified_kremlib.h
Log Message:
Update to 3.35
Changelog:
The NSS team has released Network Security Services (NSS) 3.35,
which is a minor release.
Summary of the major changes included in this release:
- The default database storage format has been changed to SQL,
using filenames cert9.db, key4.db, pkcs11.txt.
- TLS 1.3 support has been updated to draft -23, along with
additional significant changes.
- Support for TLS compression was removed.
- Added formally verified implementations of non-vectorized Chacha20
and non-vectorized Poly1305 64-bit.
- When creating encrypted PKCS#7 or PKCS#12 data, NSS uses a
higher iteration count for stronger security.
- The CA trust list was updated to version 2.22.
To generate a diff of this commit:
cvs rdiff -u -r1.145 -r1.146 pkgsrc/devel/nss/Makefile
cvs rdiff -u -r1.80 -r1.81 pkgsrc/devel/nss/distinfo
cvs rdiff -u -r1.2 -r0 \
pkgsrc/devel/nss/patches/patch-nss_lib_freebl_config.mk
cvs rdiff -u -r1.1 -r0 \
pkgsrc/devel/nss/patches/patch-nss_lib_freebl_verified_kremlib.h
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: ryoon
Date: Sat Mar 17 01:07:15 UTC 2018
Modified Files:
pkgsrc/devel/nss: Makefile PLIST distinfo
Log Message:
Update to 3.36
* Require devel/nspr-4.19
Changelog:
The NSS team has released Network Security Services (NSS) 3.36,
which is a minor release.
Summary of the major changes included in this release:
- Replaced existing vectorized ChaCha20 code with verified
HACL* implementation.
- Experimental APIs for TLS session cache handling.
To generate a diff of this commit:
cvs rdiff -u -r1.147 -r1.148 pkgsrc/devel/nss/Makefile
cvs rdiff -u -r1.23 -r1.24 pkgsrc/devel/nss/PLIST
cvs rdiff -u -r1.82 -r1.83 pkgsrc/devel/nss/distinfo
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: ryoon
Date: Wed Jan 31 14:02:18 UTC 2018
Modified Files:
pkgsrc/www/firefox: Makefile distinfo
Added Files:
pkgsrc/www/firefox/patches: patch-xpcom_build_BinaryPath.h
Log Message:
Update to 58.0.1
* Fix build under netbsd-7, PR pkg/52956
Changelog:
Fix Mozilla Foundation Security Advisory 2018-05:
Arbitrary code execution through unsanitized browser UI
When using certain non-default security policies on Windows (for
example with Windows Defender Exploit Protection or Webroot security
products), Firefox 58.0 would fail to load pages (bug 1433065).
To generate a diff of this commit:
cvs rdiff -u -r1.319 -r1.320 pkgsrc/www/firefox/Makefile
cvs rdiff -u -r1.306 -r1.307 pkgsrc/www/firefox/distinfo
cvs rdiff -u -r0 -r1.3 \
pkgsrc/www/firefox/patches/patch-xpcom_build_BinaryPath.h
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: ryoon
Date: Sat Feb 10 07:02:47 UTC 2018
Modified Files:
pkgsrc/www/firefox: Makefile distinfo mozilla-common.mk
pkgsrc/www/firefox/patches: patch-xpcom_build_BinaryPath.h
Log Message:
Update to 58.0.2
* Fix segfault on netbsd-7
Changelog:
Fix
Avoid a signature validation issue during update on macOS
Blocklisted graphics drivers related to off main thread painting crashes
Tab crash during printing
Fix clicking links and scrolling emails on Microsoft Hotmail and Outlook
(OWA) webmail
To generate a diff of this commit:
cvs rdiff -u -r1.320 -r1.321 pkgsrc/www/firefox/Makefile
cvs rdiff -u -r1.307 -r1.308 pkgsrc/www/firefox/distinfo
cvs rdiff -u -r1.104 -r1.105 pkgsrc/www/firefox/mozilla-common.mk
cvs rdiff -u -r1.3 -r1.4 \
pkgsrc/www/firefox/patches/patch-xpcom_build_BinaryPath.h
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: ryoon
Date: Sat Mar 17 00:59:03 UTC 2018
Modified Files:
pkgsrc/www/firefox: Makefile PLIST distinfo mozilla-common.mk
pkgsrc/www/firefox/patches: patch-aa patch-build_gyp.mozbuild
patch-config_external_moz.build patch-dom_media_moz.build
patch-gfx_skia_generate__mozbuild.py patch-gfx_skia_moz.build
patch-gfx_thebes_moz.build patch-media_libcubeb_gtest_moz.build
patch-media_libtheora_moz.build patch-media_libvorbis_moz.build
patch-modules_pdfium_update.sh patch-netwerk_dns_moz.build
patch-toolkit_moz.configure
Added Files:
pkgsrc/www/firefox/patches:
patch-build_moz.configure_keyfiles.configure
patch-media_webrtc_trunk_webrtc_modules_audio__device_linux_audio__device__alsa__linux.cc
patch-modules_libpref_init_all.js
patch-third__party_rust_simd_.cargo-checksum.json
patch-third__party_rust_simd_src_x86_avx2.rs
Removed Files:
pkgsrc/www/firefox/patches: patch-build_moz.configure_memory.configure
patch-config_baseconfig.mk
patch-netwerk_srtp_src_crypto_hash_hmac.c
patch-netwerk_srtp_src_crypto_kernel_crypto__kernel.c
patch-servo_components_style_properties_helpers_animated__properties.mako.rs
patch-toolkit_crashreporter_google-breakpad_src_third_party_curl_curlbuild.h
patch-toolkit_xre_nsEmbedFunctions.cpp
Log Message:
Update to 59.0.1
Changelog:
59.0.1
Security fix
#CVE-2018-5146: Out of bounds memory write in libvorbis
59.0
New
Performance enhancements:
- Faster load times for content on the Firefox Home page
- Faster page load times by loading either from the networked cache
or the cache on the user's hard drive (Race Cache With Network)
- Improved graphics rendering using Off-Main-Thread Painting (OMTP)
for Mac users (OMTP for Windows was released in Firefox 58)
Drag-and-drop to rearrange Top Sites on the Firefox Home page, and
customize new windows and tabs in other ways
Added features for Firefox Screenshots:
- Basic annotation lets the user draw on and highlight saved screenshots
- Recropping to change the viewable area of saved screenshots
Enhanced WebExtensions API including better support for decentralized
protocols and the ability to dynamically register content scripts
Improved Real-Time Communications (RTC) capabilities.
- Implemented RTP Transceiver to give pages more fine grained control
over calls
- Implemented features to support large scale conferences
Added support for W3C specs for pointer events and improved platform
integration with added device support for mouse, pen, and touch
screen pointer input
Added the Ecosia search engine as an option for German Firefox
Added the Qwant search engine as an option for French Firefox
Added settings in about:preferences to stop websites from asking to
send notifications or access your device's camera, microphone, and
location, while still allowing trusted websites to use these features
Fixed
Various security fixes
Changed
Firefox Private Browsing Mode will remove path information from
referrers to prevent cross-site tracking
Security fixes:
#CVE-2018-5127: Buffer overflow manipulating SVG animatedPathSegList
#CVE-2018-5128: Use-after-free manipulating editor selection ranges
#CVE-2018-5129: Out-of-bounds write with malformed IPC messages
#CVE-2018-5130: Mismatched RTP payload type can trigger memory corruption
#CVE-2018-5131: Fetch API improperly returns cached copies of
no-store/no-cache resources
#CVE-2018-5132: WebExtension Find API can search privileged pages
#CVE-2018-5133: Value of the app.support.baseURL preference is not properly
sanitized
#CVE-2018-5134: WebExtensions may use view-source: URLs to bypass content
restrictions
#CVE-2018-5135: WebExtension browserAction can inject scripts into
unintended contexts
#CVE-2018-5136: Same-origin policy violation with data: URL shared workers
#CVE-2018-5137: Script content can access legacy extension
non-contentaccessible resources
#CVE-2018-5138: Android Custom Tab address spoofing through long domain names
#CVE-2018-5140: Moz-icon images accessible to web content through moz-icon:
protocol
#CVE-2018-5141: DOS attack through notifications Push API
#CVE-2018-5142: Media Capture and Streams API permissions display
incorrect origin with data: and blob: URLs
#CVE-2018-5143: Self-XSS pasting javascript: URL with embedded tab into
addressbar
#CVE-2018-5126: Memory safety bugs fixed in Firefox 59
#CVE-2018-5125: Memory safety bugs fixed in Firefox 59 and Firefox ESR 52.7
To generate a diff of this commit:
cvs rdiff -u -r1.323 -r1.324 pkgsrc/www/firefox/Makefile
cvs rdiff -u -r1.126 -r1.127 pkgsrc/www/firefox/PLIST
cvs rdiff -u -r1.308 -r1.309 pkgsrc/www/firefox/distinfo
cvs rdiff -u -r1.105 -r1.106 pkgsrc/www/firefox/mozilla-common.mk
cvs rdiff -u -r1.55 -r1.56 pkgsrc/www/firefox/patches/patch-aa
cvs rdiff -u -r1.7 -r1.8 pkgsrc/www/firefox/patches/patch-build_gyp.mozbuild \
pkgsrc/www/firefox/patches/patch-gfx_skia_generate__mozbuild.py \
pkgsrc/www/firefox/patches/patch-media_libtheora_moz.build \
pkgsrc/www/firefox/patches/patch-netwerk_dns_moz.build
cvs rdiff -u -r0 -r1.5 \
pkgsrc/www/firefox/patches/patch-build_moz.configure_keyfiles.configure
cvs rdiff -u -r1.2 -r0 \
pkgsrc/www/firefox/patches/patch-build_moz.configure_memory.configure \
pkgsrc/www/firefox/patches/patch-toolkit_crashreporter_google-breakpad_src_third_party_curl_curlbuild.h
cvs rdiff -u -r1.10 -r0 pkgsrc/www/firefox/patches/patch-config_baseconfig.mk
cvs rdiff -u -r1.16 -r1.17 \
pkgsrc/www/firefox/patches/patch-config_external_moz.build
cvs rdiff -u -r1.8 -r1.9 pkgsrc/www/firefox/patches/patch-dom_media_moz.build \
pkgsrc/www/firefox/patches/patch-gfx_thebes_moz.build
cvs rdiff -u -r1.14 -r1.15 \
pkgsrc/www/firefox/patches/patch-gfx_skia_moz.build
cvs rdiff -u -r1.1 -r1.2 \
pkgsrc/www/firefox/patches/patch-media_libcubeb_gtest_moz.build \
pkgsrc/www/firefox/patches/patch-modules_pdfium_update.sh
cvs rdiff -u -r1.3 -r1.4 \
pkgsrc/www/firefox/patches/patch-media_libvorbis_moz.build
cvs rdiff -u -r0 -r1.1 \
pkgsrc/www/firefox/patches/patch-media_webrtc_trunk_webrtc_modules_audio__device_linux_audio__device__alsa__linux.cc \
pkgsrc/www/firefox/patches/patch-third__party_rust_simd_.cargo-checksum.json \
pkgsrc/www/firefox/patches/patch-third__party_rust_simd_src_x86_avx2.rs
cvs rdiff -u -r0 -r1.7 \
pkgsrc/www/firefox/patches/patch-modules_libpref_init_all.js
cvs rdiff -u -r1.4 -r0 \
pkgsrc/www/firefox/patches/patch-netwerk_srtp_src_crypto_hash_hmac.c
cvs rdiff -u -r1.3 -r0 \
pkgsrc/www/firefox/patches/patch-netwerk_srtp_src_crypto_kernel_crypto__kernel.c
cvs rdiff -u -r1.1 -r0 \
pkgsrc/www/firefox/patches/patch-servo_components_style_properties_helpers_animated__properties.mako.rs
cvs rdiff -u -r1.9 -r1.10 \
pkgsrc/www/firefox/patches/patch-toolkit_moz.configure
cvs rdiff -u -r1.7 -r0 \
pkgsrc/www/firefox/patches/patch-toolkit_xre_nsEmbedFunctions.cpp
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: ryoon
Date: Wed Jan 31 14:03:25 UTC 2018
Modified Files:
pkgsrc/www/firefox-l10n: Makefile distinfo
Log Message:
Update to 58.0.1
* Sync with www/firefox-58.0.1
To generate a diff of this commit:
cvs rdiff -u -r1.120 -r1.121 pkgsrc/www/firefox-l10n/Makefile
cvs rdiff -u -r1.110 -r1.111 pkgsrc/www/firefox-l10n/distinfo
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: ryoon
Date: Sat Feb 10 07:05:20 UTC 2018
Modified Files:
pkgsrc/www/firefox-l10n: Makefile distinfo
Log Message:
Update to 58.0.2
* Sync with www/firefox-58.0.2
To generate a diff of this commit:
cvs rdiff -u -r1.121 -r1.122 pkgsrc/www/firefox-l10n/Makefile
cvs rdiff -u -r1.111 -r1.112 pkgsrc/www/firefox-l10n/distinfo
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: ryoon
Date: Sat Mar 17 01:00:20 UTC 2018
Modified Files:
pkgsrc/www/firefox-l10n: Makefile distinfo
Log Message:
Update to 59.0.1
* Sync with www/firefox-59.0.1
To generate a diff of this commit:
cvs rdiff -u -r1.122 -r1.123 pkgsrc/www/firefox-l10n/Makefile
cvs rdiff -u -r1.112 -r1.113 pkgsrc/www/firefox-l10n/distinfo
Revision 1.324 / (download) - annotate - [select for diffs], Sat Mar 17 00:59:02 2018 UTC (5 years, 8 months ago) by ryoon
Branch: MAIN
Changes since 1.323: +10 -14
lines
Diff to previous 1.323 (colored)
Update to 59.0.1
Changelog:
59.0.1
Security fix
#CVE-2018-5146: Out of bounds memory write in libvorbis
59.0
New
Performance enhancements:
- Faster load times for content on the Firefox Home page
- Faster page load times by loading either from the networked cache
or the cache on the user's hard drive (Race Cache With Network)
- Improved graphics rendering using Off-Main-Thread Painting (OMTP)
for Mac users (OMTP for Windows was released in Firefox 58)
Drag-and-drop to rearrange Top Sites on the Firefox Home page, and
customize new windows and tabs in other ways
Added features for Firefox Screenshots:
- Basic annotation lets the user draw on and highlight saved screenshots
- Recropping to change the viewable area of saved screenshots
Enhanced WebExtensions API including better support for decentralized
protocols and the ability to dynamically register content scripts
Improved Real-Time Communications (RTC) capabilities.
- Implemented RTP Transceiver to give pages more fine grained control
over calls
- Implemented features to support large scale conferences
Added support for W3C specs for pointer events and improved platform
integration with added device support for mouse, pen, and touch
screen pointer input
Added the Ecosia search engine as an option for German Firefox
Added the Qwant search engine as an option for French Firefox
Added settings in about:preferences to stop websites from asking to
send notifications or access your device's camera, microphone, and
location, while still allowing trusted websites to use these features
Fixed
Various security fixes
Changed
Firefox Private Browsing Mode will remove path information from
referrers to prevent cross-site tracking
Security fixes:
#CVE-2018-5127: Buffer overflow manipulating SVG animatedPathSegList
#CVE-2018-5128: Use-after-free manipulating editor selection ranges
#CVE-2018-5129: Out-of-bounds write with malformed IPC messages
#CVE-2018-5130: Mismatched RTP payload type can trigger memory corruption
#CVE-2018-5131: Fetch API improperly returns cached copies of
no-store/no-cache resources
#CVE-2018-5132: WebExtension Find API can search privileged pages
#CVE-2018-5133: Value of the app.support.baseURL preference is not properly
sanitized
#CVE-2018-5134: WebExtensions may use view-source: URLs to bypass content
restrictions
#CVE-2018-5135: WebExtension browserAction can inject scripts into
unintended contexts
#CVE-2018-5136: Same-origin policy violation with data: URL shared workers
#CVE-2018-5137: Script content can access legacy extension
non-contentaccessible resources
#CVE-2018-5138: Android Custom Tab address spoofing through long domain names
#CVE-2018-5140: Moz-icon images accessible to web content through moz-icon:
protocol
#CVE-2018-5141: DOS attack through notifications Push API
#CVE-2018-5142: Media Capture and Streams API permissions display
incorrect origin with data: and blob: URLs
#CVE-2018-5143: Self-XSS pasting javascript: URL with embedded tab into
addressbar
#CVE-2018-5126: Memory safety bugs fixed in Firefox 59
#CVE-2018-5125: Memory safety bugs fixed in Firefox 59 and Firefox ESR 52.7
Revision 1.323 / (download) - annotate - [select for diffs], Mon Mar 12 11:17:46 2018 UTC (5 years, 8 months ago) by wiz
Branch: MAIN
Changes since 1.322: +2 -2
lines
Diff to previous 1.322 (colored)
Recursive bumps for fontconfig and libzip dependency changes.
Revision 1.315.2.1 / (download) - annotate - [select for diffs], Fri Mar 9 07:17:29 2018 UTC (5 years, 8 months ago) by spz
Branch: pkgsrc-2017Q4
Changes since 1.315: +7 -3
lines
Diff to previous 1.315 (colored)
Pullup ticket #5695 - requested by he and maya
www/firefox: security update
www/firefox-l10n: dependent update
NOTE: firefox-58 needs rust and rust in pkgsrc-2017Q4 needs /proc
Revisions pulled up:
- www/firefox-l10n/Makefile 1.117-1.120
- www/firefox-l10n/PLIST 1.58-1.59
- www/firefox-l10n/distinfo 1.108-1.110
- www/firefox/Makefile 1.316-1.318
- www/firefox/PLIST 1.126
- www/firefox/distinfo 1.304-1.306
- www/firefox/mozilla-common.mk 1.103-1.104
- www/firefox/patches/patch-aa 1.55
- www/firefox/patches/patch-build_moz.configure_keyfiles.configure deleted
- www/firefox/patches/patch-config_Makefile.in deleted
- www/firefox/patches/patch-config_system-headers deleted
- www/firefox/patches/patch-config_system-headers.mozbuild 1.1
- www/firefox/patches/patch-dom_media_flac_FlacDecoder.cpp 1.1
- www/firefox/patches/patch-dom_media_moz.build 1.8
- www/firefox/patches/patch-intl_unicharutil_util_moz.build 1.7
- www/firefox/patches/patch-ipc_chromium_src_base_process__util.h deleted
- www/firefox/patches/patch-ipc_glue_MessageChannel.cpp 1.1
- www/firefox/patches/patch-js_src_build_moz.build 1.2
- www/firefox/patches/patch-media_libcubeb_src_cubeb__alsa.c 1.26
- www/firefox/patches/patch-media_libsoundtouch_src_cpu__detect__x86.cpp deleted
- www/firefox/patches/patch-netwerk_dns_moz.build 1.7
- www/firefox/patches/patch-servo_components_gfx_font.rs deleted
- www/firefox/patches/patch-servo_components_net__traits_response.rs deleted
- www/firefox/patches/patch-servo_components_net_fetch_cors__cache.rs deleted
- www/firefox/patches/patch-servo_components_net_fetch_methods.rs deleted
- www/firefox/patches/patch-servo_components_net_websocket__loader.rs deleted
- www/firefox/patches/patch-servo_components_script_dom_bindings_str.rs deleted
- www/firefox/patches/patch-servo_components_script_dom_blob.rs deleted
- www/firefox/patches/patch-servo_components_script_dom_cssstyledeclaration.rs deleted
- www/firefox/patches/patch-servo_components_script_dom_document.rs deleted
- www/firefox/patches/patch-servo_components_script_dom_element.rs deleted
- www/firefox/patches/patch-servo_components_script_dom_htmlelement.rs deleted
- www/firefox/patches/patch-servo_components_script_dom_htmllinkelement.rs deleted
- www/firefox/patches/patch-servo_components_script_dom_htmlmetaelement.rs deleted
- www/firefox/patches/patch-servo_components_script_dom_htmlscriptelement.rs deleted
- www/firefox/patches/patch-servo_components_script_dom_macros.rs deleted
- www/firefox/patches/patch-servo_components_script_dom_namednodemap.rs deleted
- www/firefox/patches/patch-servo_components_script_dom_serviceworkercontainer.rs deleted
- www/firefox/patches/patch-servo_components_script_dom_servoparser_async__html.rs deleted
- www/firefox/patches/patch-servo_components_script_dom_websocket.rs deleted
- www/firefox/patches/patch-servo_components_script_dom_window.rs deleted
- www/firefox/patches/patch-servo_components_script_dom_xmlhttprequest.rs deleted
- www/firefox/patches/patch-servo_components_selectors_attr.rs deleted
- www/firefox/patches/patch-servo_components_selectors_parser.rs deleted
- www/firefox/patches/patch-servo_components_style__traits_viewport.rs deleted
- www/firefox/patches/patch-servo_components_style_attr.rs deleted
- www/firefox/patches/patch-servo_components_style_counter__style_mod.rs deleted
- www/firefox/patches/patch-servo_components_style_custom__properties.rs deleted
- www/firefox/patches/patch-servo_components_style_gecko__string__cache_mod.rs deleted
- www/firefox/patches/patch-servo_components_style_gecko_generated_pseudo__element__definition.rs deleted
- www/firefox/patches/patch-servo_components_style_gecko_pseudo__element__definition.mako.rs deleted
- www/firefox/patches/patch-servo_components_style_properties_helpers_animated__properties.mako.rs 1.1
- www/firefox/patches/patch-servo_components_style_properties_longhand_font.mako.rs deleted
- www/firefox/patches/patch-servo_components_style_properties_longhand_pointing.mako.rs deleted
- www/firefox/patches/patch-servo_components_style_servo_selector__parser.rs deleted
- www/firefox/patches/patch-servo_components_style_str.rs deleted
- www/firefox/patches/patch-servo_components_style_stylesheets_viewport__rule.rs deleted
- www/firefox/patches/patch-servo_components_style_values_mod.rs deleted
- www/firefox/patches/patch-servo_components_style_values_specified_align.rs deleted
- www/firefox/patches/patch-servo_components_style_values_specified_angle.rs deleted
- www/firefox/patches/patch-servo_components_style_values_specified_calc.rs deleted
- www/firefox/patches/patch-servo_components_style_values_specified_grid.rs deleted
- www/firefox/patches/patch-servo_components_style_values_specified_length.rs deleted
- www/firefox/patches/patch-servo_components_style_values_specified_mod.rs deleted
- www/firefox/patches/patch-servo_components_style_values_specified_percentage.rs deleted
- www/firefox/patches/patch-servo_components_style_values_specified_text.rs deleted
- www/firefox/patches/patch-servo_components_style_values_specified_time.rs deleted
- www/firefox/patches/patch-third__party_python_futures_concurrent_futures_process.py 1.3
- www/firefox/patches/patch-toolkit_components_protobuf_src_google_protobuf_stubs_atomicops.h 1.4
- www/firefox/patches/patch-toolkit_moz.configure 1.9
- www/firefox/patches/patch-toolkit_mozapps_installer_packager.mk 1.1
- www/firefox/patches/patch-xpcom_reflect_xptcall_md_unix_Makefile.in deleted
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: ryoon
Date: Mon Jan 1 07:02:17 UTC 2018
Modified Files:
pkgsrc/www/firefox: Makefile distinfo
Log Message:
Update to 57.0.3
Changelog:
Fixed
* Fix a crash reporting issue that inadvertently sends background tab
crash reports to Mozilla without user opt-in (bug 1427111)
To generate a diff of this commit:
cvs rdiff -u -r1.315 -r1.316 pkgsrc/www/firefox/Makefile
cvs rdiff -u -r1.303 -r1.304 pkgsrc/www/firefox/distinfo
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: ryoon
Date: Mon Jan 1 07:03:33 UTC 2018
Modified Files:
pkgsrc/www/firefox-l10n: Makefile distinfo
Log Message:
Update to 57.0.3
* Sync with www/firefox-57.0.3
To generate a diff of this commit:
cvs rdiff -u -r1.116 -r1.117 pkgsrc/www/firefox-l10n/Makefile
cvs rdiff -u -r1.107 -r1.108 pkgsrc/www/firefox-l10n/distinfo
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: ryoon
Date: Mon Jan 8 09:37:57 UTC 2018
Modified Files:
pkgsrc/www/firefox: Makefile distinfo mozilla-common.mk
Added Files:
pkgsrc/www/firefox/patches: patch-servo_components_gfx_font.rs
patch-servo_components_net__traits_response.rs
patch-servo_components_net_fetch_cors__cache.rs
patch-servo_components_net_fetch_methods.rs
patch-servo_components_net_websocket__loader.rs
patch-servo_components_script_dom_bindings_str.rs
patch-servo_components_script_dom_blob.rs
patch-servo_components_script_dom_cssstyledeclaration.rs
patch-servo_components_script_dom_document.rs
patch-servo_components_script_dom_element.rs
patch-servo_components_script_dom_htmlelement.rs
patch-servo_components_script_dom_htmllinkelement.rs
patch-servo_components_script_dom_htmlmetaelement.rs
patch-servo_components_script_dom_htmlscriptelement.rs
patch-servo_components_script_dom_macros.rs
patch-servo_components_script_dom_namednodemap.rs
patch-servo_components_script_dom_serviceworkercontainer.rs
patch-servo_components_script_dom_servoparser_async__html.rs
patch-servo_components_script_dom_websocket.rs
patch-servo_components_script_dom_window.rs
patch-servo_components_script_dom_xmlhttprequest.rs
patch-servo_components_selectors_attr.rs
patch-servo_components_selectors_parser.rs
patch-servo_components_style__traits_viewport.rs
patch-servo_components_style_attr.rs
patch-servo_components_style_counter__style_mod.rs
patch-servo_components_style_custom__properties.rs
patch-servo_components_style_gecko__string__cache_mod.rs
patch-servo_components_style_gecko_generated_pseudo__element__definition.rs
patch-servo_components_style_gecko_pseudo__element__definition.mako.rs
patch-servo_components_style_properties_longhand_font.mako.rs
patch-servo_components_style_properties_longhand_pointing.mako.rs
patch-servo_components_style_servo_selector__parser.rs
patch-servo_components_style_str.rs
patch-servo_components_style_stylesheets_viewport__rule.rs
patch-servo_components_style_values_mod.rs
patch-servo_components_style_values_specified_align.rs
patch-servo_components_style_values_specified_angle.rs
patch-servo_components_style_values_specified_calc.rs
patch-servo_components_style_values_specified_grid.rs
patch-servo_components_style_values_specified_length.rs
patch-servo_components_style_values_specified_mod.rs
patch-servo_components_style_values_specified_percentage.rs
patch-servo_components_style_values_specified_text.rs
patch-servo_components_style_values_specified_time.rs
Log Message:
Update to 57.0.4
* Use lang/rust-1.23.0
Changelog:
Speculative execution side-channel attack ("Spectre")
Announced
January 4, 2018
Reporter
Jann Horn (Google Project Zero); Microsoft Vunerability Research
Impact
High
Products
Firefox
Fixed in
Firefox 57.0.4
Description
Jann Horn of Google Project Zero Security reported that speculative
execution performed by modern CPUs could leak information through
a timing side-channel attack. Microsoft Vulnerability Research extended
this attack to browser JavaScript engines and demonstrated that code on
a malicious web page could read data from other web sites (violating
the same-origin policy) or private data from the browser itself.
Since this new class of attacks involves measuring precise time intervals,
as a partial, short-term, mitigation we are disabling or reducing
the precision of several time sources in Firefox. The precision of
performance.now() has been reduced from 5us to 20us, and
the SharedArrayBuffer feature has been disabled because it can be
used to construct a high-resolution timer.
SharedArrayBuffer is already disabled in Firefox 52 ESR.
To generate a diff of this commit:
cvs rdiff -u -r1.316 -r1.317 pkgsrc/www/firefox/Makefile
cvs rdiff -u -r1.304 -r1.305 pkgsrc/www/firefox/distinfo
cvs rdiff -u -r1.102 -r1.103 pkgsrc/www/firefox/mozilla-common.mk
cvs rdiff -u -r0 -r1.1 \
pkgsrc/www/firefox/patches/patch-servo_components_gfx_font.rs \
pkgsrc/www/firefox/patches/patch-servo_components_net__traits_response.rs \
pkgsrc/www/firefox/patches/patch-servo_components_net_fetch_cors__cache.rs \
pkgsrc/www/firefox/patches/patch-servo_components_net_fetch_methods.rs \
pkgsrc/www/firefox/patches/patch-servo_components_net_websocket__loader.rs \
pkgsrc/www/firefox/patches/patch-servo_components_script_dom_bindings_str.rs \
pkgsrc/www/firefox/patches/patch-servo_components_script_dom_blob.rs \
pkgsrc/www/firefox/patches/patch-servo_components_script_dom_element.rs \
pkgsrc/www/firefox/patches/patch-servo_components_script_dom_htmlelement.rs \
pkgsrc/www/firefox/patches/patch-servo_components_script_dom_htmllinkelement.rs \
pkgsrc/www/firefox/patches/patch-servo_components_script_dom_htmlmetaelement.rs \
pkgsrc/www/firefox/patches/patch-servo_components_script_dom_htmlscriptelement.rs \
pkgsrc/www/firefox/patches/patch-servo_components_script_dom_macros.rs \
pkgsrc/www/firefox/patches/patch-servo_components_script_dom_namednodemap.rs \
pkgsrc/www/firefox/patches/patch-servo_components_script_dom_serviceworkercontainer.rs \
pkgsrc/www/firefox/patches/patch-servo_components_script_dom_websocket.rs \
pkgsrc/www/firefox/patches/patch-servo_components_script_dom_window.rs \
pkgsrc/www/firefox/patches/patch-servo_components_selectors_attr.rs \
pkgsrc/www/firefox/patches/patch-servo_components_style__traits_viewport.rs \
pkgsrc/www/firefox/patches/patch-servo_components_style_attr.rs \
pkgsrc/www/firefox/patches/patch-servo_components_style_counter__style_mod.rs \
pkgsrc/www/firefox/patches/patch-servo_components_style_custom__properties.rs \
pkgsrc/www/firefox/patches/patch-servo_components_style_gecko__string__cache_mod.rs \
pkgsrc/www/firefox/patches/patch-servo_components_style_gecko_generated_pseudo__element__definition.rs \
pkgsrc/www/firefox/patches/patch-servo_components_style_gecko_pseudo__element__definition.mako.rs \
pkgsrc/www/firefox/patches/patch-servo_components_style_properties_longhand_font.mako.rs \
pkgsrc/www/firefox/patches/patch-servo_components_style_properties_longhand_pointing.mako.rs \
pkgsrc/www/firefox/patches/patch-servo_components_style_servo_selector__parser.rs \
pkgsrc/www/firefox/patches/patch-servo_components_style_str.rs \
pkgsrc/www/firefox/patches/patch-servo_components_style_stylesheets_viewport__rule.rs \
pkgsrc/www/firefox/patches/patch-servo_components_style_values_mod.rs \
pkgsrc/www/firefox/patches/patch-servo_components_style_values_specified_align.rs \
pkgsrc/www/firefox/patches/patch-servo_components_style_values_specified_angle.rs \
pkgsrc/www/firefox/patches/patch-servo_components_style_values_specified_calc.rs \
pkgsrc/www/firefox/patches/patch-servo_components_style_values_specified_grid.rs \
pkgsrc/www/firefox/patches/patch-servo_components_style_values_specified_length.rs \
pkgsrc/www/firefox/patches/patch-servo_components_style_values_specified_mod.rs \
pkgsrc/www/firefox/patches/patch-servo_components_style_values_specified_percentage.rs \
pkgsrc/www/firefox/patches/patch-servo_components_style_values_specified_text.rs \
pkgsrc/www/firefox/patches/patch-servo_components_style_values_specified_time.rs
cvs rdiff -u -r0 -r1.3 \
pkgsrc/www/firefox/patches/patch-servo_components_script_dom_cssstyledeclaration.rs \
pkgsrc/www/firefox/patches/patch-servo_components_script_dom_document.rs \
pkgsrc/www/firefox/patches/patch-servo_components_script_dom_servoparser_async__html.rs \
pkgsrc/www/firefox/patches/patch-servo_components_script_dom_xmlhttprequest.rs \
pkgsrc/www/firefox/patches/patch-servo_components_selectors_parser.rs
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: ryoon
Date: Sun Jan 21 01:29:28 UTC 2018
Modified Files:
pkgsrc/www/firefox-l10n: Makefile distinfo
Log Message:
Update to 57.0.4
* Sync with www/firefox-57.0.4
To generate a diff of this commit:
cvs rdiff -u -r1.117 -r1.118 pkgsrc/www/firefox-l10n/Makefile
cvs rdiff -u -r1.108 -r1.109 pkgsrc/www/firefox-l10n/distinfo
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: ryoon
Date: Wed Jan 24 16:52:08 UTC 2018
Modified Files:
pkgsrc/www/firefox: Makefile PLIST distinfo mozilla-common.mk
pkgsrc/www/firefox/patches: patch-aa patch-dom_media_moz.build
patch-intl_unicharutil_util_moz.build patch-js_src_build_moz.build
patch-media_libcubeb_src_cubeb__alsa.c patch-netwerk_dns_moz.build
patch-toolkit_components_protobuf_src_google_protobuf_stubs_atomicops.h
patch-toolkit_moz.configure
Added Files:
pkgsrc/www/firefox/patches: patch-config_system-headers.mozbuild
patch-dom_media_flac_FlacDecoder.cpp
patch-ipc_glue_MessageChannel.cpp
patch-servo_components_style_properties_helpers_animated__properties.mako.rs
patch-third__party_python_futures_concurrent_futures_process.py
patch-toolkit_mozapps_installer_packager.mk
Removed Files:
pkgsrc/www/firefox/patches:
patch-build_moz.configure_keyfiles.configure
patch-config_Makefile.in patch-config_system-headers
patch-ipc_chromium_src_base_process__util.h
patch-media_libsoundtouch_src_cpu__detect__x86.cpp
patch-servo_components_gfx_font.rs
patch-servo_components_net__traits_response.rs
patch-servo_components_net_fetch_cors__cache.rs
patch-servo_components_net_fetch_methods.rs
patch-servo_components_net_websocket__loader.rs
patch-servo_components_script_dom_bindings_str.rs
patch-servo_components_script_dom_blob.rs
patch-servo_components_script_dom_cssstyledeclaration.rs
patch-servo_components_script_dom_document.rs
patch-servo_components_script_dom_element.rs
patch-servo_components_script_dom_htmlelement.rs
patch-servo_components_script_dom_htmllinkelement.rs
patch-servo_components_script_dom_htmlmetaelement.rs
patch-servo_components_script_dom_htmlscriptelement.rs
patch-servo_components_script_dom_macros.rs
patch-servo_components_script_dom_namednodemap.rs
patch-servo_components_script_dom_serviceworkercontainer.rs
patch-servo_components_script_dom_servoparser_async__html.rs
patch-servo_components_script_dom_websocket.rs
patch-servo_components_script_dom_window.rs
patch-servo_components_script_dom_xmlhttprequest.rs
patch-servo_components_selectors_attr.rs
patch-servo_components_selectors_parser.rs
patch-servo_components_style__traits_viewport.rs
patch-servo_components_style_attr.rs
patch-servo_components_style_counter__style_mod.rs
patch-servo_components_style_custom__properties.rs
patch-servo_components_style_gecko__string__cache_mod.rs
patch-servo_components_style_gecko_generated_pseudo__element__definition.rs
patch-servo_components_style_gecko_pseudo__element__definition.mako.rs
patch-servo_components_style_properties_longhand_font.mako.rs
patch-servo_components_style_properties_longhand_pointing.mako.rs
patch-servo_components_style_servo_selector__parser.rs
patch-servo_components_style_str.rs
patch-servo_components_style_stylesheets_viewport__rule.rs
patch-servo_components_style_values_mod.rs
patch-servo_components_style_values_specified_align.rs
patch-servo_components_style_values_specified_angle.rs
patch-servo_components_style_values_specified_calc.rs
patch-servo_components_style_values_specified_grid.rs
patch-servo_components_style_values_specified_length.rs
patch-servo_components_style_values_specified_mod.rs
patch-servo_components_style_values_specified_percentage.rs
patch-servo_components_style_values_specified_text.rs
patch-servo_components_style_values_specified_time.rs
patch-xpcom_reflect_xptcall_md_unix_Makefile.in
Log Message:
Update to 58.0
Changelog:
New
Performance improvements, including:
Rendering graphics for Windows users by using Off-Main-Threa
Painting (OMTP)
Loading pages faster by changing how Firefox caches and retrieves
JavaScript
Improvements to Firefox Screenshots:
Copy and paste screenshots directly to your clipboard
Firefox Screenshots now works in Private Browsing mode
Added Nepali (ne-NP) locale
In case you missed it--57 Release privacy and performance feature:
Users can enable Tracking Protection at all times. Learn how to turn
Tracking Protection on.
Fixed
Fonts installed in non-standard directories will no longer appear
blank for Linux users
Various security fixes
Changed
User profiles created in Firefox 58 (and in future releases) are not
supported in previous versions of Firefox. Users who downgrade to
a previous version should create a new profile for that version.
Learn about alternatives to downgrading on our support site.
Added a warning to alert users and site owners of planned security
changes to sites affected by the gradual distrust plan for
the Symantec certificate authority
#CVE-2018-5091: Use-after-free with DTMF timers
#CVE-2018-5092: Use-after-free in Web Workers
#CVE-2018-5093: Buffer overflow in WebAssembly during Memory/Table resizing
#CVE-2018-5094: Buffer overflow in WebAssembly with garbage collection on
uninitialized memory
#CVE-2018-5095: Integer overflow in Skia library during edge builder allocation
#CVE-2018-5097: Use-after-free when source document is manipulated during XSLT
#CVE-2018-5098: Use-after-free while manipulating form input elements
#CVE-2018-5099: Use-after-free with widget listener
#CVE-2018-5100: Use-after-free when IsPotentiallyScrollable arguments are
freed from memory
#CVE-2018-5101: Use-after-free with floating first-letter style elements
#CVE-2018-5102: Use-after-free in HTML media elements
#CVE-2018-5103: Use-after-free during mouse event handling
#CVE-2018-5104: Use-after-free during font face manipulation
#CVE-2018-5105: WebExtensions can save and execute files on local file
system without user prompts
#CVE-2018-5106: Developer Tools can expose style editor information
cross-origin through service worker
#CVE-2018-5107: Printing process will follow symlinks for local file access
#CVE-2018-5108: Manually entered blob URL can be accessed by subsequent
private browsing tabs
#CVE-2018-5109: Audio capture prompts and starts with incorrect origin
attribution
#CVE-2018-5110: Cursor can be made invisible on OS X
#CVE-2018-5117: URL spoofing with right-to-left text aligned left-to-right
#CVE-2018-5118: Activity Stream images can attempt to load local content
through file:
#CVE-2018-5119: Reader view will load cross-origin content in violation
of CORS headers
#CVE-2018-5121: OS X Tibetan characters render incompletely in the addressbar
#CVE-2018-5122: Potential integer overflow in DoCrypt
#CVE-2018-5090: Memory safety bugs fixed in Firefox 58
#CVE-2018-5089: Memory safety bugs fixed in Firefox 58 and Firefox ESR 52.6
To generate a diff of this commit:
cvs rdiff -u -r1.317 -r1.318 pkgsrc/www/firefox/Makefile
cvs rdiff -u -r1.125 -r1.126 pkgsrc/www/firefox/PLIST
cvs rdiff -u -r1.305 -r1.306 pkgsrc/www/firefox/distinfo
cvs rdiff -u -r1.103 -r1.104 pkgsrc/www/firefox/mozilla-common.mk
cvs rdiff -u -r1.54 -r1.55 pkgsrc/www/firefox/patches/patch-aa
cvs rdiff -u -r1.3 -r0 \
pkgsrc/www/firefox/patches/patch-build_moz.configure_keyfiles.configure \
pkgsrc/www/firefox/patches/patch-servo_components_script_dom_cssstyledeclaration.rs \
pkgsrc/www/firefox/patches/patch-servo_components_script_dom_document.rs \
pkgsrc/www/firefox/patches/patch-servo_components_script_dom_servoparser_async__html.rs \
pkgsrc/www/firefox/patches/patch-servo_components_script_dom_xmlhttprequest.rs \
pkgsrc/www/firefox/patches/patch-servo_components_selectors_parser.rs \
pkgsrc/www/firefox/patches/patch-xpcom_reflect_xptcall_md_unix_Makefile.in
cvs rdiff -u -r1.11 -r0 pkgsrc/www/firefox/patches/patch-config_Makefile.in
cvs rdiff -u -r1.25 -r0 \
pkgsrc/www/firefox/patches/patch-config_system-headers
cvs rdiff -u -r0 -r1.1 \
pkgsrc/www/firefox/patches/patch-config_system-headers.mozbuild \
pkgsrc/www/firefox/patches/patch-dom_media_flac_FlacDecoder.cpp \
pkgsrc/www/firefox/patches/patch-ipc_glue_MessageChannel.cpp \
pkgsrc/www/firefox/patches/patch-servo_components_style_properties_helpers_animated__properties.mako.rs \
pkgsrc/www/firefox/patches/patch-toolkit_mozapps_installer_packager.mk
cvs rdiff -u -r1.7 -r1.8 pkgsrc/www/firefox/patches/patch-dom_media_moz.build
cvs rdiff -u -r1.6 -r1.7 \
pkgsrc/www/firefox/patches/patch-intl_unicharutil_util_moz.build \
pkgsrc/www/firefox/patches/patch-netwerk_dns_moz.build
cvs rdiff -u -r1.6 -r0 \
pkgsrc/www/firefox/patches/patch-ipc_chromium_src_base_process__util.h
cvs rdiff -u -r1.1 -r1.2 \
pkgsrc/www/firefox/patches/patch-js_src_build_moz.build
cvs rdiff -u -r1.25 -r1.26 \
pkgsrc/www/firefox/patches/patch-media_libcubeb_src_cubeb__alsa.c
cvs rdiff -u -r1.5 -r0 \
pkgsrc/www/firefox/patches/patch-media_libsoundtouch_src_cpu__detect__x86.cpp
cvs rdiff -u -r1.1 -r0 \
pkgsrc/www/firefox/patches/patch-servo_components_gfx_font.rs \
pkgsrc/www/firefox/patches/patch-servo_components_net__traits_response.rs \
pkgsrc/www/firefox/patches/patch-servo_components_net_fetch_cors__cache.rs \
pkgsrc/www/firefox/patches/patch-servo_components_net_fetch_methods.rs \
pkgsrc/www/firefox/patches/patch-servo_components_net_websocket__loader.rs \
pkgsrc/www/firefox/patches/patch-servo_components_script_dom_bindings_str.rs \
pkgsrc/www/firefox/patches/patch-servo_components_script_dom_blob.rs \
pkgsrc/www/firefox/patches/patch-servo_components_script_dom_element.rs \
pkgsrc/www/firefox/patches/patch-servo_components_script_dom_htmlelement.rs \
pkgsrc/www/firefox/patches/patch-servo_components_script_dom_htmllinkelement.rs \
pkgsrc/www/firefox/patches/patch-servo_components_script_dom_htmlmetaelement.rs \
pkgsrc/www/firefox/patches/patch-servo_components_script_dom_htmlscriptelement.rs \
pkgsrc/www/firefox/patches/patch-servo_components_script_dom_macros.rs \
pkgsrc/www/firefox/patches/patch-servo_components_script_dom_namednodemap.rs \
pkgsrc/www/firefox/patches/patch-servo_components_script_dom_serviceworkercontainer.rs \
pkgsrc/www/firefox/patches/patch-servo_components_script_dom_websocket.rs \
pkgsrc/www/firefox/patches/patch-servo_components_script_dom_window.rs \
pkgsrc/www/firefox/patches/patch-servo_components_selectors_attr.rs \
pkgsrc/www/firefox/patches/patch-servo_components_style__traits_viewport.rs \
pkgsrc/www/firefox/patches/patch-servo_components_style_attr.rs \
pkgsrc/www/firefox/patches/patch-servo_components_style_counter__style_mod.rs \
pkgsrc/www/firefox/patches/patch-servo_components_style_custom__properties.rs \
pkgsrc/www/firefox/patches/patch-servo_components_style_gecko__string__cache_mod.rs \
pkgsrc/www/firefox/patches/patch-servo_components_style_gecko_generated_pseudo__element__definition.rs \
pkgsrc/www/firefox/patches/patch-servo_components_style_gecko_pseudo__element__definition.mako.rs \
pkgsrc/www/firefox/patches/patch-servo_components_style_properties_longhand_font.mako.rs \
pkgsrc/www/firefox/patches/patch-servo_components_style_properties_longhand_pointing.mako.rs \
pkgsrc/www/firefox/patches/patch-servo_components_style_servo_selector__parser.rs \
pkgsrc/www/firefox/patches/patch-servo_components_style_str.rs \
pkgsrc/www/firefox/patches/patch-servo_components_style_stylesheets_viewport__rule.rs \
pkgsrc/www/firefox/patches/patch-servo_components_style_values_mod.rs \
pkgsrc/www/firefox/patches/patch-servo_components_style_values_specified_align.rs \
pkgsrc/www/firefox/patches/patch-servo_components_style_values_specified_angle.rs \
pkgsrc/www/firefox/patches/patch-servo_components_style_values_specified_calc.rs \
pkgsrc/www/firefox/patches/patch-servo_components_style_values_specified_grid.rs \
pkgsrc/www/firefox/patches/patch-servo_components_style_values_specified_length.rs \
pkgsrc/www/firefox/patches/patch-servo_components_style_values_specified_mod.rs \
pkgsrc/www/firefox/patches/patch-servo_components_style_values_specified_percentage.rs \
pkgsrc/www/firefox/patches/patch-servo_components_style_values_specified_text.rs \
pkgsrc/www/firefox/patches/patch-servo_components_style_values_specified_time.rs
cvs rdiff -u -r0 -r1.3 \
pkgsrc/www/firefox/patches/patch-third__party_python_futures_concurrent_futures_process.py
cvs rdiff -u -r1.3 -r1.4 \
pkgsrc/www/firefox/patches/patch-toolkit_components_protobuf_src_google_protobuf_stubs_atomicops.h
cvs rdiff -u -r1.8 -r1.9 \
pkgsrc/www/firefox/patches/patch-toolkit_moz.configure
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: ryoon
Date: Wed Jan 24 16:54:05 UTC 2018
Modified Files:
pkgsrc/www/firefox-l10n: Makefile PLIST distinfo
Log Message:
Update to 58.0
* Sync with www/firefox-58.0
* Add ne-NP locale
To generate a diff of this commit:
cvs rdiff -u -r1.118 -r1.119 pkgsrc/www/firefox-l10n/Makefile
cvs rdiff -u -r1.57 -r1.58 pkgsrc/www/firefox-l10n/PLIST
cvs rdiff -u -r1.109 -r1.110 pkgsrc/www/firefox-l10n/distinfo
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: ryoon
Date: Mon Jan 29 15:22:54 UTC 2018
Modified Files:
pkgsrc/www/firefox-l10n: Makefile PLIST
Log Message:
Previous revison does not work. Install xpi files instead. Bump PKGREVISION
To generate a diff of this commit:
cvs rdiff -u -r1.119 -r1.120 pkgsrc/www/firefox-l10n/Makefile
cvs rdiff -u -r1.58 -r1.59 pkgsrc/www/firefox-l10n/PLIST
Revision 1.322 / (download) - annotate - [select for diffs], Mon Feb 26 08:19:32 2018 UTC (5 years, 9 months ago) by adam
Branch: MAIN
Changes since 1.321: +2 -1
lines
Diff to previous 1.321 (colored)
revbump after x264-devel update
Revision 1.321 / (download) - annotate - [select for diffs], Sat Feb 10 07:02:47 2018 UTC (5 years, 9 months ago) by ryoon
Branch: MAIN
Changes since 1.320: +2 -2
lines
Diff to previous 1.320 (colored)
Update to 58.0.2
* Fix segfault on netbsd-7
Changelog:
Fix
Avoid a signature validation issue during update on macOS
Blocklisted graphics drivers related to off main thread painting crashes
Tab crash during printing
Fix clicking links and scrolling emails on Microsoft Hotmail and Outlook
(OWA) webmail
Revision 1.320 / (download) - annotate - [select for diffs], Wed Jan 31 14:02:17 2018 UTC (5 years, 10 months ago) by ryoon
Branch: MAIN
Changes since 1.319: +2 -3
lines
Diff to previous 1.319 (colored)
Update to 58.0.1 * Fix build under netbsd-7, PR pkg/52956 Changelog: Fix Mozilla Foundation Security Advisory 2018-05: Arbitrary code execution through unsanitized browser UI When using certain non-default security policies on Windows (for example with Windows Defender Exploit Protection or Webroot security products), Firefox 58.0 would fail to load pages (bug 1433065).
Revision 1.319 / (download) - annotate - [select for diffs], Sun Jan 28 20:11:07 2018 UTC (5 years, 10 months ago) by wiz
Branch: MAIN
Changes since 1.318: +2 -1
lines
Diff to previous 1.318 (colored)
Bump PKGREVISION for gdbm shlib major bump
Revision 1.318 / (download) - annotate - [select for diffs], Wed Jan 24 16:52:08 2018 UTC (5 years, 10 months ago) by ryoon
Branch: MAIN
Changes since 1.317: +7 -3
lines
Diff to previous 1.317 (colored)
Update to 58.0
Changelog:
New
Performance improvements, including:
Rendering graphics for Windows users by using Off-Main-Threa
Painting (OMTP)
Loading pages faster by changing how Firefox caches and retrieves
JavaScript
Improvements to Firefox Screenshots:
Copy and paste screenshots directly to your clipboard
Firefox Screenshots now works in Private Browsing mode
Added Nepali (ne-NP) locale
In case you missed it--57 Release privacy and performance feature:
Users can enable Tracking Protection at all times. Learn how to turn
Tracking Protection on.
Fixed
Fonts installed in non-standard directories will no longer appear
blank for Linux users
Various security fixes
Changed
User profiles created in Firefox 58 (and in future releases) are not
supported in previous versions of Firefox. Users who downgrade to
a previous version should create a new profile for that version.
Learn about alternatives to downgrading on our support site.
Added a warning to alert users and site owners of planned security
changes to sites affected by the gradual distrust plan for
the Symantec certificate authority
#CVE-2018-5091: Use-after-free with DTMF timers
#CVE-2018-5092: Use-after-free in Web Workers
#CVE-2018-5093: Buffer overflow in WebAssembly during Memory/Table resizing
#CVE-2018-5094: Buffer overflow in WebAssembly with garbage collection on
uninitialized memory
#CVE-2018-5095: Integer overflow in Skia library during edge builder allocation
#CVE-2018-5097: Use-after-free when source document is manipulated during XSLT
#CVE-2018-5098: Use-after-free while manipulating form input elements
#CVE-2018-5099: Use-after-free with widget listener
#CVE-2018-5100: Use-after-free when IsPotentiallyScrollable arguments are
freed from memory
#CVE-2018-5101: Use-after-free with floating first-letter style elements
#CVE-2018-5102: Use-after-free in HTML media elements
#CVE-2018-5103: Use-after-free during mouse event handling
#CVE-2018-5104: Use-after-free during font face manipulation
#CVE-2018-5105: WebExtensions can save and execute files on local file
system without user prompts
#CVE-2018-5106: Developer Tools can expose style editor information
cross-origin through service worker
#CVE-2018-5107: Printing process will follow symlinks for local file access
#CVE-2018-5108: Manually entered blob URL can be accessed by subsequent
private browsing tabs
#CVE-2018-5109: Audio capture prompts and starts with incorrect origin
attribution
#CVE-2018-5110: Cursor can be made invisible on OS X
#CVE-2018-5117: URL spoofing with right-to-left text aligned left-to-right
#CVE-2018-5118: Activity Stream images can attempt to load local content
through file:
#CVE-2018-5119: Reader view will load cross-origin content in violation
of CORS headers
#CVE-2018-5121: OS X Tibetan characters render incompletely in the addressbar
#CVE-2018-5122: Potential integer overflow in DoCrypt
#CVE-2018-5090: Memory safety bugs fixed in Firefox 58
#CVE-2018-5089: Memory safety bugs fixed in Firefox 58 and Firefox ESR 52.6
Revision 1.317 / (download) - annotate - [select for diffs], Mon Jan 8 09:37:56 2018 UTC (5 years, 10 months ago) by ryoon
Branch: MAIN
Changes since 1.316: +2 -2
lines
Diff to previous 1.316 (colored)
Update to 57.0.4
* Use lang/rust-1.23.0
Changelog:
Speculative execution side-channel attack ("Spectre")
Announced
January 4, 2018
Reporter
Jann Horn (Google Project Zero); Microsoft Vunerability Research
Impact
High
Products
Firefox
Fixed in
Firefox 57.0.4
Description
Jann Horn of Google Project Zero Security reported that speculative
execution performed by modern CPUs could leak information through
a timing side-channel attack. Microsoft Vulnerability Research extended
this attack to browser JavaScript engines and demonstrated that code on
a malicious web page could read data from other web sites (violating
the same-origin policy) or private data from the browser itself.
Since this new class of attacks involves measuring precise time intervals,
as a partial, short-term, mitigation we are disabling or reducing
the precision of several time sources in Firefox. The precision of
performance.now() has been reduced from 5us to 20us, and
the SharedArrayBuffer feature has been disabled because it can be
used to construct a high-resolution timer.
SharedArrayBuffer is already disabled in Firefox 52 ESR.
Revision 1.316 / (download) - annotate - [select for diffs], Mon Jan 1 07:02:17 2018 UTC (5 years, 11 months ago) by ryoon
Branch: MAIN
Changes since 1.315: +2 -2
lines
Diff to previous 1.315 (colored)
Update to 57.0.3
Changelog:
Fixed
* Fix a crash reporting issue that inadvertently sends background tab
crash reports to Mozilla without user opt-in (bug 1427111)
Revision 1.315 / (download) - annotate - [select for diffs], Sun Dec 10 00:45:09 2017 UTC (5 years, 11 months ago) by ryoon
Branch: MAIN
CVS Tags: pkgsrc-2017Q4-base
Branch point for: pkgsrc-2017Q4
Changes since 1.314: +2 -2
lines
Diff to previous 1.314 (colored)
Update to 57.0.2 * Move gtk3 part to mozilla-common.mk * Add a option for Widevine CDM support Changelog: For Windows only.
Revision 1.314 / (download) - annotate - [select for diffs], Mon Dec 4 15:17:55 2017 UTC (5 years, 11 months ago) by ryoon
Branch: MAIN
Changes since 1.313: +2 -3
lines
Diff to previous 1.313 (colored)
Update to 57.0.1
Changelog:
Fixed
Fix a video color distortion issue on YouTube and other video sites
with some AMD devices (bug 1417442)
Fix an issue with prefs.js when the profile path has non-ascii
characters (bug 1420427)
Various security fixes
Google map crashes on OSX with Intel HD Graphics 3000
Changed
Block injection of a client library associated with the RealPlayer
Free player which is known to cause performance problems in Firefox.
(Bug 1418535)
Security fixes:
Not available
Revision 1.313 / (download) - annotate - [select for diffs], Thu Nov 30 16:45:40 2017 UTC (6 years ago) by adam
Branch: MAIN
Changes since 1.312: +2 -2
lines
Diff to previous 1.312 (colored)
Revbump after textproc/icu update
Revision 1.312 / (download) - annotate - [select for diffs], Thu Nov 23 17:20:16 2017 UTC (6 years ago) by wiz
Branch: MAIN
Changes since 1.311: +2 -1
lines
Diff to previous 1.311 (colored)
recursive bump for libxkbcommon removal from at-spi2-core
Revision 1.311 / (download) - annotate - [select for diffs], Thu Nov 16 01:04:38 2017 UTC (6 years ago) by ryoon
Branch: MAIN
Changes since 1.310: +3 -4
lines
Diff to previous 1.310 (colored)
Update to 57.0
Changelog: New
A completely new browsing engine, designed to take full advantage
of the processing power in modern devices
A redesigned interface with a clean, modern appearance, consistent
visual elements, and optimizations for touch screens
A unified address and search bar. New installs will see this
unified bar. Learn how to add the stand-alone search bar to
the toolbar
A revamped new tab page that includes top visited sites, recently
visited pages, and recommendations from Pocket (in the US,
Canada, and Germany)
An updated product tour to orient new and returning Firefox
users
AMD VP9 hardware video decoder support for improved video
playback with lower power consumption
An expanded section in preferences to manage all website
permissions
Fixed
Various security fixes
Changed
Firefox now exclusively supports extensions built using the
WebExtension API, and unsupported legacy extensions will no
longer work. Learn more about our efforts to improve the
performance and security of extensions
The browser's autoscroll feature, as well as scrolling by
keyboard input and touch-dragging of scrollbars, now use
asynchronous scrolling. These scrolling methods are now similar
to other input methods like mousewheel, and provide a smoother
scrolling experience
The content process now has a stricter security sandbox that
blocks filesystem reading and writing on Linux, similar to the
protections for Windows and macOS that shipped in Firefox 56
Middle mouse paste in the content area no longer navigates to
URLs by default on Unix systems
Removed the toolbar Share button. If you relied on this feature,
you can install the Share Backported extension instead.
Some older versions of the ATOK IME, including ATOK 2006, 2008,
2009 and 2010, can cause crashes and are therefore disabled on
the Windows 64-bit version of Firefox Quantum. To fix those
incompatibility issues, please use a newer version of ATOK or
one of other IMEs.
The default font for Japanese text is now Meiryo
Security fixes:
CVE-2017-7828: Use-after-free of PressShell while restyling layout
Reporter
Nils
Impact
critical
Description
A use-after-free vulnerability can occur when flushing and resizing
layout because the PressShell object has been freed while still in
use. This results in a potentially exploitable crash during these
operations.
References
Bug 1406750 Bug 1412252
#CVE-2017-7830: Cross-origin URL information leak through Resource
Timing API
Reporter
Jun Kokatsu
Impact
high
Description
The Resource Timing API incorrectly revealed navigations in
cross-origin iframes. This is a same-origin policy violation and
could allow for data theft of URLs loaded by users.
References
Bug 1408990
#CVE-2017-7831: Information disclosure of exposed properties on
JavaScript proxy objects
Reporter
Oriol Brufau
Impact
moderate
Description
A vulnerability where the security wrapper does not deny access to
some exposed properties using the deprecated exposedProps mechanism
on proxy objects. These properties should be explicitly unavailable
to proxy objects.
References
Bug 1392026
#CVE-2017-7832: Domain spoofing through use of dotless 'i' character
followed by accent markers
Reporter
Jonathan Kew
Impact
moderate
Description
The combined, single character, version of the letter 'i' with any
of the potential accents in unicode, such as acute or grave, can
be spoofed in the addressbar by the dotless version of 'i' followed
by the same accent as a second character with most font sets. This
allows for domain spoofing attacks because these combined domain
names do not display as punycode.
References
Bug 1408782
#CVE-2017-7833: Domain spoofing with Arabic and Indic vowel marker
characters
Reporter
Rayyan Bijoora
Impact
moderate
Description
Some Arabic and Indic vowel marker characters can be combined with
Latin characters in a domain name to eclipse the non-Latin character
with some font sets on the addressbar. The non-Latin character will
not be visible to most viewers. This allows for domain spoofing
attacks because these combined domain names do not display as
punycode.
References
Bug 1370497
#CVE-2017-7834: data: URLs opened in new tabs bypass CSP protections
Reporter
Jordi Chancel
Impact
moderate
Description
A data: URL loaded in a new tab did not inherit the Content Security
Policy (CSP) of the original page, allowing for bypasses of the
policy including the execution of JavaScript. In prior versions
when data: documents also inherited the context of the original
page this would allow for potential cross-site scripting (XSS)
attacks.
References
Bug 1358009
#CVE-2017-7835: Mixed content blocking incorrectly applies with
redirects
Reporter
Ben Kelly
Impact
moderate
Description
Mixed content blocking of insecure (HTTP) sub-resources in a secure
(HTTPS) document was not correctly applied for resources that
redirect from HTTPS to HTTP, allowing content that should be blocked,
such as scripts, to be loaded on a page.
References
Bug 1402363
#CVE-2017-7836: Pingsender dynamically loads libcurl on Linux and
OS X
Reporter
Ezra Caltum
Impact
moderate
Description
The "pingsender" executable used by the Firefox Health Report
dynamically loads a system copy of libcurl, which an attacker could
replace. This allows for privilege escalation as the replaced
libcurl code will run with Firefox's privileges. Note: This attack
requires an attacker have local system access and only affects OS
X and Linux. Windows systems are not affected.
References
Bug 1401339
#CVE-2017-7837: SVG loaded as <img> can use meta tags to set cookies
Reporter
Jun Kokatsu
Impact
moderate
Description
SVG loaded through <img> tags can use <meta> tags within the SVG
data to set cookies for that page.
References
Bug 1325923
#CVE-2017-7838: Failure of individual decoding of labels in
international domain names triggers punycode display of entire IDN
Reporter
Corey Bonnell
Impact
low
Description
Punycode format text will be displayed for entire qualified
international domain names in some instances when a sub-domain
triggers the punycode display instead of the primary domain being
displayed in native script and the sub-domain only displaying as
punycode. This could be used for limited spoofing attacks due to
user confusion.
References
Bug 1399540
#CVE-2017-7839: Control characters before javascript: URLs defeats
self-XSS prevention mechanism
Reporter
Eric Lawrence
Impact
low
Description
Control characters prepended before javascript: URLs pasted in the
addressbar can cause the leading characters to be ignored and the
pasted JavaScript to be executed instead of being blocked. This
could be used in social engineering and self-cross-site-scripting
(self-XSS) attacks where users are convinced to copy and paste text
into the addressbar.
References
Bug 1402896
#CVE-2017-7840: Exported bookmarks do not strip script elements
from user-supplied tags
Reporter
Hanno Bock
Impact
low
Description
JavaScript can be injected into an exported bookmarks file by
placing JavaScript code into user-supplied tags in saved bookmarks.
If the resulting exported HTML file is later opened in a browser
this JavaScript will be executed. This could be used in social
engineering and self-cross-scripting (self-XSS) attacks if users
were convinced to add malicious tags to bookmarks, export them,
and then open the resulting file.
References
Bug 1366420
#CVE-2017-7842: Referrer Policy is not always respected for <link>
elements
Reporter
Jun Kokatsu
Impact
low
Description
If a document's Referrer Policy attribute is set to "no-referrer"
sometimes two network requests are made for <link> elements
instead of one. One of these requests includes the referrer instead
of respecting the set policy to not include a referrer on requests.
References
Bug 1397064
#CVE-2017-7827: Memory safety bugs fixed in Firefox 57
Reporter
Mozilla developers and community
Impact
critical
Description
Mozilla developers and community members Boris Zbarsky, Carsten Book,
Christian Holler, Byron Campen, Jan de Mooij, Jason Kratzer,
Jesse Schwartzentruber, Marcia Knous, Randell Jesup, Tyson Smith,
and Ting-Yu Chou reported memory safety bugs present in Firefox 56.
Some of these bugs showed evidence of memory corruption and we presume
that with enough effort that some of these could be exploited to run
arbitrary code.
References
Memory safety bugs fixed in Firefox 57
#CVE-2017-7826: Memory safety bugs fixed in Firefox 57 and Firefox
ESR 52.5
Reporter
Mozilla developers and community
Impact
critical
Description
Mozilla developers and community members Christian Holler, David
Keeler, Jon Coppeard, Julien Cristau, Jan de Mooij, Jason Kratzer,
Philipp, Nicholas Nethercote, Oriol Brufau, André Bargull, Bob
Clary, Jet Villegas, Randell Jesup, Tyson Smith, Gary Kwong, and
Ryan VanderMeulen reported memory safety bugs present in Firefox
56 and Firefox ESR 52.4. Some of these bugs showed evidence of
memory corruption and we presume that with enough effort that some
of these could be exploited to run arbitrary code.
References
Memory safety bugs fixed in Firefox 57 and Firefox ESR 52.5
Revision 1.310 / (download) - annotate - [select for diffs], Fri Nov 3 22:07:27 2017 UTC (6 years ago) by ryoon
Branch: MAIN
Changes since 1.309: +2 -2
lines
Diff to previous 1.309 (colored)
Fix build with lang-rust-1.21.0 from 57 via FreeBSD Ports. Bump PKGREVISION
Revision 1.309 / (download) - annotate - [select for diffs], Sun Oct 29 09:47:57 2017 UTC (6 years, 1 month ago) by ryoon
Branch: MAIN
Changes since 1.308: +2 -1
lines
Diff to previous 1.308 (colored)
Make clang and rust as build dependencies. Fix PR pkg/52668 Bump PKGREVISION
Revision 1.308 / (download) - annotate - [select for diffs], Fri Oct 27 13:21:28 2017 UTC (6 years, 1 month ago) by ryoon
Branch: MAIN
Changes since 1.307: +2 -2
lines
Diff to previous 1.307 (colored)
Update to 56.0.2
Changelog:
56.0.2:
fixed:
Disable Form Autofill completely on user request (Bug 1404531)
Fix for video-related crashes on Windows 7 (Bug 1409141)
Correct detection for 64-bit GSSAPI authentication (Bug 1409275)
Fix for shutdown crash (Bug 1404105)
56.0.1:
fixed:
Block D3D11 when using Intel drivers on Windows 7 systems
with partial AVX support (bug 1403353)
changed:
Users of 32-bit Firefox on 64-bit Windows are migrated to
64-bit Firefox for increased stability and security.
Revision 1.307 / (download) - annotate - [select for diffs], Sat Sep 30 05:34:11 2017 UTC (6 years, 2 months ago) by ryoon
Branch: MAIN
Changes since 1.306: +5 -4
lines
Diff to previous 1.306 (colored)
Update to 56.0
New
Launched Firefox Screenshots, a feature that lets users take, save, and share screenshots without leaving the browser
Added support for address form autofill (en-US only)
Updated Preferences
Added search tool so users can find a specific setting quickly
Reorganized preferences so users can more easily scan settings
Rewrote descriptions so users can better understand choices and how they affect browsing
Revised data collection choices so they align with updated Privacy Notice and data collection strategy
Media opened in a background tab will not play until the tab is selected
Improved Send Tabs feature of Sync for iOS and Android, and Send Tabs can be discovered even by users without a Firefox Account
Changed
Replaced character encoding converters with a new Encoding Standard-compliant implementation written in Rust
Added hardware acceleration for AES-GCM
Updated the Safe Browsing protocol to version 4
Reduced update download file size by approximately 20 percent
Improved security for verifying update downloads
Developer
Added Layout Panel to CSS Grid DevTools
Revision 1.306 / (download) - annotate - [select for diffs], Mon Sep 18 09:53:37 2017 UTC (6 years, 2 months ago) by maya
Branch: MAIN
CVS Tags: pkgsrc-2017Q3-base,
pkgsrc-2017Q3
Changes since 1.305: +2 -1
lines
Diff to previous 1.305 (colored)
revbump for requiring ICU 59.x
Revision 1.305 / (download) - annotate - [select for diffs], Sat Sep 2 03:47:46 2017 UTC (6 years, 3 months ago) by ryoon
Branch: MAIN
Changes since 1.304: +2 -2
lines
Diff to previous 1.304 (colored)
Update to 55.0.3
Changelog:
Fixed
Fix an issue with addons when using a path containing non-ascii characters (bug 1389160)
Fix file uploads to some websites, including YouTube (bug 1383518)
Revision 1.304 / (download) - annotate - [select for diffs], Thu Aug 17 12:47:55 2017 UTC (6 years, 3 months ago) by ryoon
Branch: MAIN
Changes since 1.303: +2 -3
lines
Diff to previous 1.303 (colored)
Update to 55.0.2
Changelog:
Fixed
Fix a potential issue when the username had some specific characters in the path (Bug 1388584)
Fix an issue with new installation notification for sideload add-ons (Bug 1372448)
Fix performance regressions with WebExtension (Bugs 1386937 & 1389381)
Fix a regression with the popup menu (Bug 1388682)
Revision 1.303 / (download) - annotate - [select for diffs], Wed Aug 16 14:13:44 2017 UTC (6 years, 3 months ago) by ryoon
Branch: MAIN
Changes since 1.302: +2 -1
lines
Diff to previous 1.302 (colored)
Fix recent llvm/clang from FreeBSD 12 * Bump PKGREVISION * Fix PR pkg/52487
Revision 1.302 / (download) - annotate - [select for diffs], Sat Aug 12 04:58:45 2017 UTC (6 years, 3 months ago) by ryoon
Branch: MAIN
Changes since 1.301: +2 -2
lines
Diff to previous 1.301 (colored)
Update to 55.0.1
Changelog:
Fixed
Fix a regression the tab restoration process (bug 1388160)
Fix a problem causing What's new pages not to be displayed (bug 1386224)
Fix a rendering issue with some PKCS#11 libraries (bug 1388370)
Disable the predictor prefetch (bug 1388160)
Revision 1.301 / (download) - annotate - [select for diffs], Thu Aug 10 14:46:15 2017 UTC (6 years, 3 months ago) by ryoon
Branch: MAIN
Changes since 1.300: +3 -4
lines
Diff to previous 1.300 (colored)
Update to 55.0
Changelog:
New
Launched Windows support for WebVR, bringing immersive experiences to the web. See examples and try working demos at Mozilla VR.
Added options that let users optimize recent performance improvements
Setting to enable Hardware VP9 acceleration on Windows 10 Anniversary Edition for better battery life and lower CPU usage while watching videos
Setting to modify the number of concurrent content processes for faster page loading and more responsive tab switching
Simplified installation process with a streamlined Windows stub installer
Firefox for Windows 64-bit is now installed by default on 64-bit systems with at least 2GB of RAM
Full installers with advanced installation options are still available
Improved address bar functionality
Search with any installed one-click search engine directly from the address bar
Search suggestions appear by default
When entering a hostname (like pinterest.com) in the URL bar, Firefox resolves to the secure version of the site (https://www.pinterest.com) instead of the insecure version (http://www.pinterest.com) when possible
Updated Sidebar for bookmarks, history, and synced tabs so it can appear at the right edge of the window as well as the left
Added support for stereo microphones with WebRTC
Pages can be simplified before printing from within Print Preview
Updated Firefox for OSX and macOS to allow users to assign custom keyboard shortcuts to Firefox menu items via System Preferences
Browsing sessions with a high number of tabs are now restored in an instant
Make screenshots of webpages, and save them locally or upload them to the cloud. This feature will undergo A/B testing and will not be visible for some users.
Added Belarusian (be) locale
Fixed
Various security fixes
Changed
Made the Adobe Flash plugin click-to-activate by default and allowed only on http:// and https:// URL schemes. (This change will not be visible to all users immediately. For more information see the Firefox plugin roadmap)
Firefox does not support downgrades, even though this may have worked in past versions. Users who install Firefox 55+ and later downgrade to an earlier version may experience issues with Firefox.
Modernized application update UI to be less intrusive and more aligned with the rest of the browser. Only users who have not restarted their browser 8 days after downloading an update or users who opted out of automatic updates will see this change.
Security fixes:
CVE-2017-7798: XUL injection in the style editor in devtools
Reporter
Frederik Braun
Impact
critical
Description
The Developer Tools feature suffers from a XUL injection vulnerability due to improper sanitization of the web page source code. In the worst case, this could allow arbitrary code execution when opening a malicious page with the style editor tool.
References
Bug 1371586, 1372112
#CVE-2017-7800: Use-after-free in WebSockets during disconnection
Reporter
Looben Yang
Impact
critical
Description
A use-after-free vulnerability can occur in WebSockets when the object holding the connection is freed before the disconnection operation is finished. This results in an exploitable crash.
References
Bug 1374047
#CVE-2017-7801: Use-after-free with marquee during window resizing
Reporter
Nils
Impact
critical
Description
A use-after-free vulnerability can occur while re-computing layout for a marquee element during window resizing where the updated style object is freed while still in use. This results in a potentially exploitable crash.
References
Bug 1371259
#CVE-2017-7809: Use-after-free while deleting attached editor DOM node
Reporter
Nils
Impact
high
Description
A use-after-free vulnerability can occur when an editor DOM node is deleted prematurely during tree traversal while still bound to the document. This results in a potentially exploitable crash.
References
Bug 1380284
#CVE-2017-7784: Use-after-free with image observers
Reporter
Nils
Impact
high
Description
A use-after-free vulnerability can occur when reading an image observer during frame reconstruction after the observer has been freed. This results in a potentially exploitable crash.
References
Bug 1376087
#CVE-2017-7802: Use-after-free resizing image elements
Reporter
Nils
Impact
high
Description
A use-after-free vulnerability can occur when manipulating the DOM during the resize event of an image element. If these elements have been freed due to a lack of strong references, a potentially exploitable crash may occur when the freed elements are accessed.
References
Bug 1378147
#CVE-2017-7785: Buffer overflow manipulating ARIA attributes in DOM
Reporter
Nils
Impact
high
Description
A buffer overflow can occur when manipulating Accessible Rich Internet Applications (ARIA) attributes within the DOM. This results in a potentially exploitable crash.
References
Bug 1356985
#CVE-2017-7786: Buffer overflow while painting non-displayable SVG
Reporter
Nils
Impact
high
Description
A buffer overflow can occur when the image renderer attempts to paint non-displayable SVG elements. This results in a potentially exploitable crash.
References
Bug 1365189
#CVE-2017-7806: Use-after-free in layer manager with SVG
Reporter
Nils
Impact
high
Description
A use-after-free vulnerability can occur when the layer manager is freed too early when rendering specific SVG content, resulting in a potentially exploitable crash.
References
Bug 1378113
#CVE-2017-7753: Out-of-bounds read with cached style data and pseudo-elements
Reporter
SkyLined
Impact
high
Description
An out-of-bounds read occurs when applying style rules to pseudo-elements, such as ::first-line, using cached style data.
References
Bug 1353312
#CVE-2017-7787: Same-origin policy bypass with iframes through page reloads
Reporter
Oliver Wagner
Impact
high
Description
Same-origin policy protections can be bypassed on pages with embedded iframes during page reloads, allowing the iframes to access content on the top level page, leading to information disclosure.
References
Bug 1322896
#CVE-2017-7807: Domain hijacking through AppCache fallback
Reporter
Mathias Karlsson
Impact
high
Description
A mechanism that uses AppCache to hijack a URL in a domain using fallback by serving the files from a sub-path on the domain. This has been addressed by requiring fallback files be inside the manifest directory.
References
Bug 1376459
#CVE-2017-7792: Buffer overflow viewing certificates with an extremely long OID
Reporter
Fraser Tweedale
Impact
high
Description
A buffer overflow will occur when viewing a certificate in the certificate manager if the certificate has an extremely long object identifier (OID). This results in a potentially exploitable crash.
References
Bug 1368652
#CVE-2017-7804: Memory protection bypass through WindowsDllDetourPatcher
Reporter
Stephen Fewer
Impact
high
Description
The destructor function for the WindowsDllDetourPatcher class can be re-purposed by malicious code in concert with another vulnerability to write arbitrary data to an attacker controlled location in memory. This can be used to bypass existing memory protections in this situation.
Note: This attack only affects Windows operating systems. Other operating systems are not affected.
References
Bug 1372849
#CVE-2017-7791: Spoofing following page navigation with data: protocol and modal alerts
Reporter
Jose MarÃa Acuña
Impact
moderate
Description
On pages containing an iframe, the data: protocol can be used to create a modal alert that will render over arbitrary domains following page navigation, spoofing of the origin of the modal alert from the iframe content.
References
Bug 1365875
#CVE-2017-7808: CSP information leak with frame-ancestors containing paths
Reporter
Jun Kokatsu
Impact
moderate
Description
A content security policy (CSP) frame-ancestors directive containing origins with paths allows for comparisons against those paths instead of the origin. This results in a cross-origin information leak of this path information.
References
Bug 1367531
#CVE-2017-7782: WindowsDllDetourPatcher allocates memory without DEP protections
Reporter
Arthur Edelstein
Impact
moderate
Description
An error in the WindowsDllDetourPatcher where a RWX ("Read/Write/Execute") 4k block is allocated but never protected, violating DEP protections.
Note: This attack only affects Windows operating systems. Other operating systems are not affected.
References
Bug 1344034
#CVE-2017-7781: Elliptic curve point addition error when using mixed Jacobian-affine coordinates
Reporter
Antonio Sanso
Impact
moderate
Description
An error occurs in the elliptic curve point addition algorithm that uses mixed Jacobian-affine coordinates where it can yield a result POINT_AT_INFINITY when it should not. A man-in-the-middle attacker could use this to interfere with a connection, resulting in an attacked party computing an incorrect shared secret.
References
Bug 1352039
#CVE-2017-7794: Linux file truncation via sandbox broker
Reporter
Jann Horn
Impact
moderate
Description
On Linux systems, if the content process is compromised, the sandbox broker will allow files to be truncated even though the sandbox explicitly only has read access to the local file system and no write permissions.
Note: This attack only affects the Linux operating system. Other operating systems are not affected.
References
Bug 1374281
#CVE-2017-7803: CSP containing 'sandbox' improperly applied
Reporter
Rhys Enniks
Impact
moderate
Description
When a pageÑÔ content security policy (CSP) header contains a sandbox directive, other directives are ignored. This results in the incorrect enforcement of CSP.
References
Bug 1377426
#CVE-2017-7799: Self-XSS XUL injection in about:webrtc
Reporter
Frederik Braun
Impact
moderate
Description
JavaScript in the about:webrtc page is not sanitized properly being being assigned to innerHTML. Data on this page is supplied by WebRTC usage and is not under third-party control, making this difficult to exploit, but the vulnerability could possibly be used for a cross-site scripting (XSS) attack.
References
Bug 1372509
#CVE-2017-7783: DOS attack through long username in URL
Reporter
Amit Sangra
Impact
low
Description
If a long user name is used in a username/password combination in a site URL (such as http://UserName:Password@example.com), the resulting modal prompt will hang in a non-responsive state or crash, causing a denial of service.
References
Bug 1360842
#CVE-2017-7788: Sandboxed about:srcdoc iframes do not inherit CSP directives
Reporter
Muneaki Nishimura
Impact
low
Description
When an iframe has a sandbox attribute and its content is specified using srcdoc, that content does not inherit the containing page's Content Security Policy (CSP) as it should unless the sandbox attribute included allow-same-origin.
References
Bug 1073952
#CVE-2017-7789: Failure to enable HSTS when two STS headers are sent for a connection
Reporter
Muneaki Nishimura
Impact
low
Description
If a server sends two Strict-Transport-Security (STS) headers for a single connection, they will be rejected as invalid and HTTP Strict Transport Security (HSTS) will not be enabled for the connection.
References
Bug 1074642
#CVE-2017-7790: Windows crash reporter reads extra memory for some non-null-terminated registry values
Reporter
Xiaoyin Liu
Impact
low
Description
On Windows systems, if non-null-terminated strings are copied into the crash reporter for some specific registry keys, stack memory data can be copied until a null is found. This can potentially contain private data from the local system.
Note: This attack only affects Windows operating systems. Other operating systems are not affected.
References
Bug 1350460
#CVE-2017-7796: Windows updater can delete any file named update.log
Reporter
Matt Howell
Impact
low
Description
On Windows systems, the logger run by the Windows updater deletes the file "update.log" before it runs in order to write a new log of that name. The path to this file is supplied at the command line to the updater and could be used in concert with another local exploit to delete a different file named "update.log" instead of the one intended.
Note: This attack only affects Windows operating systems. Other operating systems are not affected.
References
Bug 1234401
#CVE-2017-7797: Response header name interning leaks across origins
Reporter
Anne van Kesteren
Impact
low
Description
Response header name interning does not have same-origin protections and these headers are stored in a global registry. This allows stored header names to be available cross-origin.
References
Bug 1334776
#CVE-2017-7780: Memory safety bugs fixed in Firefox 55
Reporter
Mozilla developers and community
Impact
critical
Description
Mozilla developers and community members Gary Kwong, Christian Holler, André Bargull, Bob Clary, Carsten Book, Emilio Cobos lvarez, Masayuki Nakano, Sebastian Hengst, Franziskus Kiefer, Tyson Smith, and Ronald Crane reported memory safety bugs present in Firefox 54. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code.
References
Memory safety bugs fixed in Firefox 55
#CVE-2017-7779: Memory safety bugs fixed in Firefox 55 and Firefox ESR 52.3
Reporter
Mozilla developers and community
Impact
critical
Description
Mozilla developers and community members Masayuki Nakano, Gary Kwong, Ronald Crane, Andrew McCreight, Tyson Smith, Bevis Tseng, Christian Holler, Bryce Van Dyk, Dragana Damjanovic, Kartikaya Gupta, Philipp, Tristan Bourvon, and Andi-Bogdan Postelnicu reported memory safety bugs present in Firefox 54 and Firefox ESR 52.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code.
References
Memory safety bugs fixed in Firefox 55 and Firefox ESR 52.3
Revision 1.300 / (download) - annotate - [select for diffs], Sun Jul 9 09:04:00 2017 UTC (6 years, 4 months ago) by maya
Branch: MAIN
Changes since 1.299: +2 -1
lines
Diff to previous 1.299 (colored)
firefox{,45,52}: bump pkgrevision with no change.
these packages pull in GCC_REQD+=4.9 via mozilla-common.mk, and
are very widely used (I suspect only www/firefox actually needs it)
this will take care of most of the fallout from major bumping
pkgsrc-gcc-libstdc++ to 7 on netbsd. these are the most widely
used packages setting GCC_REQD>4.8.
Revision 1.299 / (download) - annotate - [select for diffs], Mon Jul 3 12:27:49 2017 UTC (6 years, 5 months ago) by ryoon
Branch: MAIN
Changes since 1.298: +2 -3
lines
Diff to previous 1.298 (colored)
Update to 54.0.1
Changelog:
Fixed
Fix a display issue of tab title (bug 1357656)
Fix a display issue of opening new tab (bug 1371995)
Fix a display issue when opening multiple tabs (bug 1371962)
Fix a tab display issue when downloading files (bug 1373109)
Fix a PDF printing issue (bug 1366744)
Fix a Netflix issue on Linux (bug 1375708)
Revision 1.298 / (download) - annotate - [select for diffs], Thu Jun 29 08:07:59 2017 UTC (6 years, 5 months ago) by martin
Branch: MAIN
CVS Tags: pkgsrc-2017Q2-base,
pkgsrc-2017Q2
Changes since 1.297: +2 -1
lines
Diff to previous 1.297 (colored)
Add patch from PR 51966.
Revision 1.297 / (download) - annotate - [select for diffs], Wed Jun 14 11:28:44 2017 UTC (6 years, 5 months ago) by ryoon
Branch: MAIN
Changes since 1.296: +3 -3
lines
Diff to previous 1.296 (colored)
Update to 54.0
* If your 54.0 is unstable, please disable e10s with
browser.tabs.remote.autostart.2=false (this works at least for me)
Changelog:
New
Simplified the download button and download status panel
Added support for multiple content processes (e10s-multi)
Added Burmese (my) locale
Fixed
Various security fixes
Changed
Moved the mobile bookmarks folder to the main bookmarks menu for easier access
Security fixes:
#CVE-2017-5472: Use-after-free using destroyed node when regenerating trees
#CVE-2017-7749: Use-after-free during docshell reloading
#CVE-2017-7750: Use-after-free with track elements
#CVE-2017-7751: Use-after-free with content viewer listeners
#CVE-2017-7752: Use-after-free with IME input
#CVE-2017-7754: Out-of-bounds read in WebGL with ImageInfo object
#CVE-2017-7755: Privilege escalation through Firefox Installer with same directory DLL files
#CVE-2017-7756: Use-after-free and use-after-scope logging XHR header errors
#CVE-2017-7757: Use-after-free in IndexedDB
#CVE-2017-7778: Vulnerabilities in the Graphite 2 library
#CVE-2017-7758: Out-of-bounds read in Opus encoder
#CVE-2017-7759: Android intent URLs can cause navigation to local file system
#CVE-2017-7760: File manipulation and privilege escalation via callback parameter in Mozilla Windows Updater and Maintenance Service
#CVE-2017-7761: File deletion and privilege escalation through Mozilla Maintenance Service helper.exe application
#CVE-2017-7762: Addressbar spoofing in Reader mode
#CVE-2017-7763: Mac fonts render some unicode characters as spaces
#CVE-2017-7764: Domain spoofing with combination of Canadian Syllabics and other unicode blocks
#CVE-2017-7765: Mark of the Web bypass when saving executable files
#CVE-2017-7766: File execution and privilege escalation through updater.ini, Mozilla Windows Updater, and Mozilla Maintenance Service
#CVE-2017-7767: Privilege escalation and arbitrary file overwrites through Mozilla Windows Updater and Mozilla Maintenance Service
#CVE-2017-7768: 32 byte arbitrary file read through Mozilla Maintenance Service
#CVE-2017-7770: Addressbar spoofing with JavaScript events and fullscreen mode
#CVE-2017-5471: Memory safety bugs fixed in Firefox 54
#CVE-2017-5470: Memory safety bugs fixed in Firefox 54 and Firefox ESR 52.2
Revision 1.296 / (download) - annotate - [select for diffs], Mon May 22 11:39:12 2017 UTC (6 years, 6 months ago) by ryoon
Branch: MAIN
Changes since 1.295: +2 -3
lines
Diff to previous 1.295 (colored)
Update to 53.0.3
Changelog:
Fixed
Fix excessive resource usage from the captive portal detection service (bug 1359697)
FIx hangs when using a proxy with NTLM authentication (bug 1360574)
Changed
Bump preloaded security information expiration times (bug 1364240)
Revision 1.295 / (download) - annotate - [select for diffs], Mon May 15 15:49:27 2017 UTC (6 years, 6 months ago) by maya
Branch: MAIN
Changes since 1.294: +2 -1
lines
Diff to previous 1.294 (colored)
firefox: default to oss everywhere but linux, which defaults to pulseaudio. alsa is not supported upstream, and checks for failures by calling assert, which means the default setup crashes whenever audio is played. bump pkgrevision
Revision 1.294 / (download) - annotate - [select for diffs], Mon May 8 15:33:43 2017 UTC (6 years, 6 months ago) by ryoon
Branch: MAIN
Changes since 1.293: +2 -2
lines
Diff to previous 1.293 (colored)
Update to 53.0.2
Changelog:
Fixed
Various security fixes
Make form validation errors and date picker panel visible to the user (Bug 1341190)
Changed
The non-standard showDialog argument to window.find is now ignored (Bug 1348409)
Security fixes:
#CVE-2017-5031: Use after free in ANGLE
Revision 1.293 / (download) - annotate - [select for diffs], Thu Apr 27 01:49:47 2017 UTC (6 years, 7 months ago) by ryoon
Branch: MAIN
Changes since 1.292: +3 -4
lines
Diff to previous 1.292 (colored)
Update to 53.0
Changelog:
New
Improved graphics stability for Windows users with the addition of compositor process separation (Quantum Compositor)
Two new 'compact' themes available in Firefox, dark and light, based on the Firefox Developer Edition theme
Lightweight themes are now applied in private browsing windows
Reader Mode now displays estimated reading time for the page
Windows 7+ users on 64-bit OS can select 32-bit or 64-bit versions in the stub installer
Fixed
Various security fixes
Changed
Updated the design of site permission requests to make them harder to miss and easier to understand
Windows XP and Vista are no longer supported. XP and Vista users running Firefox 52 will continue to receive security updates on Firefox ESR 52.
32-bit Mac OS X is no longer supported. 32-bit Mac OS X users can switch to Firefox ESR 52 to continue receiving security updates.
Updates for Mac OS X are smaller in size compared to updates for Firefox 52
New visual design for audio and video controls
Ended Firefox Linux support for processors older than Pentium 4 and AMD Opteron
The last few characters of shortened tab titles fade out instead of being replaced by ellipses to keep more of the title visible
Security fixes:
#CVE-2017-5433: Use-after-free in SMIL animation functions
#CVE-2017-5435: Use-after-free during transaction processing in the editor
#CVE-2017-5436: Out-of-bounds write with malicious font in Graphite 2
#CVE-2017-5461: Out-of-bounds write in Base64 encoding in NSS
#CVE-2017-5459: Buffer overflow in WebGL
#CVE-2017-5466: Origin confusion when reloading isolated data:text/html URL
#CVE-2017-5434: Use-after-free during focus handling
#CVE-2017-5432: Use-after-free in text input selection
#CVE-2017-5460: Use-after-free in frame selection
#CVE-2017-5438: Use-after-free in nsAutoPtr during XSLT processing
#CVE-2017-5439: Use-after-free in nsTArray Length() during XSLT processing
#CVE-2017-5440: Use-after-free in txExecutionState destructor during XSLT processing
#CVE-2017-5441: Use-after-free with selection during scroll events
#CVE-2017-5442: Use-after-free during style changes
#CVE-2017-5464: Memory corruption with accessibility and DOM manipulation
#CVE-2017-5443: Out-of-bounds write during BinHex decoding
#CVE-2017-5444: Buffer overflow while parsing application/http-index-format content
#CVE-2017-5446: Out-of-bounds read when HTTP/2 DATA frames are sent with incorrect data
#CVE-2017-5447: Out-of-bounds read during glyph processing
#CVE-2017-5465: Out-of-bounds read in ConvolvePixel
#CVE-2017-5448: Out-of-bounds write in ClearKeyDecryptor
#CVE-2017-5437: Vulnerabilities in Libevent library
#CVE-2017-5454: Sandbox escape allowing file system read access through file picker
#CVE-2017-5455: Sandbox escape through internal feed reader APIs
#CVE-2017-5456: Sandbox escape allowing local file system access
#CVE-2017-5469: Potential Buffer overflow in flex-generated code
#CVE-2017-5445: Uninitialized values used while parsing application/http-index-format content
#CVE-2017-5449: Crash during bidirectional unicode manipulation with animation
#CVE-2017-5450: Addressbar spoofing using javascript: URI on Firefox for Android
#CVE-2017-5451: Addressbar spoofing with onblur event
#CVE-2017-5462: DRBG flaw in NSS
#CVE-2017-5463: Addressbar spoofing through reader view on Firefox for Android
#CVE-2017-5467: Memory corruption when drawing Skia content
#CVE-2017-5452: Addressbar spoofing during scrolling with editable content on Firefox for Android
#CVE-2017-5453: HTML injection into RSS Reader feed preview page through TITLE element
#CVE-2017-5458: Drag and drop of javascript: URLs can allow for self-XSS
#CVE-2017-5468: Incorrect ownership model for Private Browsing information
#CVE-2017-5430: Memory safety bugs fixed in Firefox 53 and Firefox ESR 52.1
#CVE-2017-5429: Memory safety bugs fixed in Firefox 53, Firefox ESR 45.9, and Firefox ESR 52.1
Revision 1.292 / (download) - annotate - [select for diffs], Sat Apr 22 21:04:01 2017 UTC (6 years, 7 months ago) by adam
Branch: MAIN
Changes since 1.291: +2 -1
lines
Diff to previous 1.291 (colored)
Revbump after icu update
Revision 1.291 / (download) - annotate - [select for diffs], Thu Mar 30 19:11:14 2017 UTC (6 years, 8 months ago) by ryoon
Branch: MAIN
Changes since 1.290: +2 -2
lines
Diff to previous 1.290 (colored)
Update to 52.0.2
Changelog:
Fixed:
Use Nirmala UI as fallback font for additional Indic languages (Bug 1342787)
Fix loading tab icons on session restore (Bug 1338009)
Fix a crash on startup on Linux (Bug 1345413)
Fix new installs erroneously not prompting to change the default browser setting (Bug 1343938)
Revision 1.290 / (download) - annotate - [select for diffs], Sat Mar 18 23:00:12 2017 UTC (6 years, 8 months ago) by ryoon
Branch: MAIN
CVS Tags: pkgsrc-2017Q1-base,
pkgsrc-2017Q1
Changes since 1.289: +2 -3
lines
Diff to previous 1.289 (colored)
Update to 52.0.1 Changelog: Security fix: #CVE-2017-5428: integer overflow in createImageBitmap()
Revision 1.289 / (download) - annotate - [select for diffs], Fri Mar 17 10:24:11 2017 UTC (6 years, 8 months ago) by maya
Branch: MAIN
Changes since 1.288: +2 -1
lines
Diff to previous 1.288 (colored)
Bump pkgrevision with no changes for libvdpau/libva screwup, as this package built with changed options.
Revision 1.288 / (download) - annotate - [select for diffs], Tue Mar 7 20:45:43 2017 UTC (6 years, 8 months ago) by ryoon
Branch: MAIN
Changes since 1.287: +3 -4
lines
Diff to previous 1.287 (colored)
Update to 52.0
* Switch to GTK3 build
* Remove py-sqlite2 dependency, fix PR pkg/52032
Changelog:
New
Added support for WebAssembly, an emerging standard that brings near-native performance to Web-based games, apps, and software libraries without the use of plugins.
Added automatic captive portal detection, for easier access to Wi-Fi hotspots. When accessing the Internet via a captive portal, Firefox will alert users and open the portal login page in a new tab.
Added user warnings for non-secure HTTP pages with logins. Firefox now displays a "This connection is not secure" message when users click into the username and password fields on pages that don't use HTTPS.
Implemented the Strict Secure Cookies specification which forbids insecure HTTP sites from setting cookies with the "secure" attribute. In some cases, this will prevent an insecure site from setting a cookie with the same name as an existing "secure" cookie from the same base domain.
Enhanced Sync to allow users to send and open tabs from one device to another.
Fixed
Various security fixes
Improved text input for third-party keyboard layouts on Windows. This will address some keyboard layouts that
* have chained dead keys
* input two or more characters with a non-printable key or a dead key sequence
* input a character even when a dead key sequence failed to compose a character
Changed
Removed support for Netscape Plugin API (NPAPI) plugins other than Flash. Silverlight, Java, Acrobat and the like are no longer supported.
Removed Battery Status API to reduce fingerprinting of users by trackers
Improved experience for downloads:
* Notification in the toolbar when a download fails
* Quick access to five most recent downloads rather than three
* Larger buttons for canceling and restarting downloads
Display (but allow users to override) an "Untrusted Connection" error when encountering SHA-1 certificates that chain up to a root certificate included in Mozilla's CA Certificate Program. (Note: Firefox continues to permit SHA-1 certificates that chain to manually imported root certificates.) Read more about the Mozilla Security Team's plans to deprecate SHA-1
Migrated Firefox users on Windows XP and Windows Vista operating systems to the extended support release (ESR) version of Firefox.
When not using Direct2D on Windows, Skia is used for content rendering
Developer
Enabled CSS Grid Layout, opening up a world of new possibilities for graphic design
Redesigned Responsive Design Mode to include device selection, network throttling, and more
Improved security for screen sharing, which now shows a preview and no longer requires a whitelisted domain
unresolved
Google Hangouts temporarily won't work
Security fixes:
#CVE-2017-5400: asm.js JIT-spray bypass of ASLR and DEP
#CVE-2017-5401: Memory Corruption when handling ErrorResult
#CVE-2017-5402: Use-after-free working with events in FontFace objects
#CVE-2017-5403: Use-after-free using addRange to add range to an incorrect root object
#CVE-2017-5404: Use-after-free working with ranges in selections
#CVE-2017-5406: Segmentation fault in Skia with canvas operations
#CVE-2017-5407: Pixel and history stealing via floating-point timing side channel with SVG filters
#CVE-2017-5410: Memory corruption during JavaScript garbage collection incremental sweeping
#CVE-2017-5411: Use-after-free in Buffer Storage in libGLES
#CVE-2017-5409: File deletion via callback parameter in Mozilla Windows Updater and Maintenance Service
#CVE-2017-5408: Cross-origin reading of video captions in violation of CORS
#CVE-2017-5412: Buffer overflow read in SVG filters
#CVE-2017-5413: Segmentation fault during bidirectional operations
#CVE-2017-5414: File picker can choose incorrect default directory
#CVE-2017-5415: Addressbar spoofing through blob URL
#CVE-2017-5416: Null dereference crash in HttpChannel
#CVE-2017-5417: Addressbar spoofing by draging and dropping URLs
#CVE-2017-5425: Overly permissive Gecko Media Plugin sandbox regular expression access
#CVE-2017-5426: Gecko Media Plugin sandbox is not started if seccomp-bpf filter is running
#CVE-2017-5427: Non-existent chrome.manifest file loaded during startup
#CVE-2017-5418: Out of bounds read when parsing HTTP digest authorization responses
#CVE-2017-5419: Repeated authentication prompts lead to DOS attack
#CVE-2017-5420: Javascript: URLs can obfuscate addressbar location
#CVE-2017-5405: FTP response codes can cause use of uninitialized values for ports
#CVE-2017-5421: Print preview spoofing
#CVE-2017-5422: DOS attack by using view-source: protocol repeatedly in one hyperlink
#CVE-2017-5399: Memory safety bugs fixed in Firefox 52
#CVE-2017-5398: Memory safety bugs fixed in Firefox 52 and Firefox ESR 45.8
Revision 1.287 / (download) - annotate - [select for diffs], Fri Feb 24 21:54:52 2017 UTC (6 years, 9 months ago) by maya
Branch: MAIN
Changes since 1.286: +2 -2
lines
Diff to previous 1.286 (colored)
revbump for ffmpeg3 buildlink3.mk addition of vaapi and vdpau. It creates a noticeable change at least for mpv, which now doesn't complain about --vo=vaapi or --vo=vdpau.
Revision 1.286 / (download) - annotate - [select for diffs], Mon Feb 20 12:22:53 2017 UTC (6 years, 9 months ago) by ryoon
Branch: MAIN
Changes since 1.285: +2 -2
lines
Diff to previous 1.285 (colored)
Disable widevine support, PR pkg/51969. Bump PKGREVISION. It works with the demo site, however does not work with real services.
Revision 1.285 / (download) - annotate - [select for diffs], Sun Feb 12 06:26:08 2017 UTC (6 years, 9 months ago) by ryoon
Branch: MAIN
Changes since 1.284: +2 -2
lines
Diff to previous 1.284 (colored)
Recursive revbump from fonts/harfbuzz
Revision 1.284 / (download) - annotate - [select for diffs], Sat Feb 11 08:27:33 2017 UTC (6 years, 9 months ago) by ryoon
Branch: MAIN
Changes since 1.283: +2 -3
lines
Diff to previous 1.283 (colored)
Remove assert to enable alsa-plugins-oss audio playback. Bump PKGREVISION
Your NetBSD system should have ~/.asoundrc like as follows.
However OSS audio playback is not ver stable.
pcm.oss {
type oss
device /dev/audio
}
pcm.!default {
type plug
slave {
pcm oss
format S16_LE
}
}
ctl.!default {
type oss
device /dev/mixer
}
Revision 1.283 / (download) - annotate - [select for diffs], Mon Feb 6 19:00:44 2017 UTC (6 years, 9 months ago) by martin
Branch: MAIN
Changes since 1.282: +2 -1
lines
Diff to previous 1.282 (colored)
PR pkg/51954: avoid destroying an uninitialized cond var. Bump to nb1.
Revision 1.282 / (download) - annotate - [select for diffs], Mon Feb 6 13:56:04 2017 UTC (6 years, 9 months ago) by wiz
Branch: MAIN
Changes since 1.281: +2 -1
lines
Diff to previous 1.281 (colored)
Recursive bump for harfbuzz's new graphite2 dependency.
Revision 1.281 / (download) - annotate - [select for diffs], Sat Feb 4 12:58:12 2017 UTC (6 years, 9 months ago) by maya
Branch: MAIN
Changes since 1.280: +8 -1
lines
Diff to previous 1.280 (colored)
firefox: don't include malloc.h on dragonflybsd. a slightly more maintenance friendly version of the patch in PR pkg/51695 from David Shao.
Revision 1.280 / (download) - annotate - [select for diffs], Fri Jan 27 13:28:11 2017 UTC (6 years, 10 months ago) by ryoon
Branch: MAIN
Changes since 1.279: +2 -2
lines
Diff to previous 1.279 (colored)
Update to 51.0.1 Changelog: Fixed Geolocation not working on Windows (Bug 1333516) Multiprocess incompatibility did not correctly register with some add-ons (Bug 1333423)
Revision 1.279 / (download) - annotate - [select for diffs], Wed Jan 25 13:24:51 2017 UTC (6 years, 10 months ago) by ryoon
Branch: MAIN
Changes since 1.278: +3 -4
lines
Diff to previous 1.278 (colored)
Update to 51.0
Changelog:
New
Users can view passwords in the save password prompt before saving them
Added a zoom button in the URL bar:
Displays percent above or below 100 percent when a user has changed the page zoom setting from the default
Lets users return to the default setting by clicking on the button
Improved video performance for users without GPU acceleration for less CPU usage and a better full screen experience
Firefox will save passwords even in forms that do not have ãà×Ôubmitãàevents
Added support for FLAC (Free Lossless Audio Codec) playback
Added support for WebGL 2, with advanced graphics rendering features like transform feedback, improved texturing capabilities, and a new sophisticated shading language
A warning is displayed when a login page does not have a secure connection
Added Georgian (ka) and Kabyle (kab) locales
An even faster E10s! Tab Switching is better!
Improved reliability of browser data sync
Remove Belarusian (be) locale
Fixed
Various security fixes
Changed
Use 2D graphics library (Skia) for content rendering on Linux
Re-enabled E10s support for Russian (ru) locale
Updated to NSS 3.28.1
Security fixes:
#CVE-2017-5375: Excessive JIT code allocation allows bypass of ASLR and DEP
#CVE-2017-5376: Use-after-free in XSL
#CVE-2017-5377: Memory corruption with transforms to create gradients in Skia
#CVE-2017-5378: Pointer and frame data leakage of Javascript objects
#CVE-2017-5379: Use-after-free in Web Animations
#CVE-2017-5380: Potential use-after-free during DOM manipulations
#CVE-2017-5390: Insecure communication methods in Developer Tools JSON viewer
#CVE-2017-5389: WebExtensions can install additional add-ons via modified host requests
#CVE-2017-5396: Use-after-free with Media Decoder
#CVE-2017-5381: Certificate Viewer exporting can be used to navigate and save to arbitrary filesystem locations
#CVE-2017-5382: Feed preview can expose privileged content errors and exceptions
#CVE-2017-5383: Location bar spoofing with unicode characters
#CVE-2017-5384: Information disclosure via Proxy Auto-Config (PAC)
#CVE-2017-5385: Data sent in multipart channels ignores referrer-policy response headers
#CVE-2017-5386: WebExtensions can use data: protocol to affect other extensions
#CVE-2017-5394: Android location bar spoofing using fullscreen and JavaScript events
#CVE-2017-5391: Content about: pages can load privileged about: pages
#CVE-2017-5392: Weak references using multiple threads on weak proxy objects lead to unsafe memory usage
#CVE-2017-5393: Remove addons.mozilla.org CDN from whitelist for mozAddonManager
#CVE-2017-5395: Android location bar spoofing during scrolling
#CVE-2017-5387: Disclosure of local file existence through TRACK tag error messages
#CVE-2017-5388: WebRTC can be used to generate a large amount of UDP traffic for DDOS attacks
#CVE-2017-5374: Memory safety bugs fixed in Firefox 51
#CVE-2017-5373: Memory safety bugs fixed in Firefox 51 and Firefox ESR 45.7
Revision 1.278 / (download) - annotate - [select for diffs], Sat Jan 21 20:06:53 2017 UTC (6 years, 10 months ago) by ryoon
Branch: MAIN
Changes since 1.277: +2 -2
lines
Diff to previous 1.277 (colored)
Recursive revbump from audio/pulseaudio-10.0
Revision 1.277 / (download) - annotate - [select for diffs], Fri Jan 20 15:03:36 2017 UTC (6 years, 10 months ago) by ryoon
Branch: MAIN
Changes since 1.276: +2 -2
lines
Diff to previous 1.276 (colored)
Fix an insecure connection error in HTTP2 case with devel/nss-3.28 or later Bump PKGREVISION
Revision 1.276 / (download) - annotate - [select for diffs], Mon Jan 16 23:45:16 2017 UTC (6 years, 10 months ago) by wiz
Branch: MAIN
Changes since 1.275: +2 -1
lines
Diff to previous 1.275 (colored)
Recursive bump for libvpx shlib major change.
Revision 1.275 / (download) - annotate - [select for diffs], Sun Dec 18 01:31:00 2016 UTC (6 years, 11 months ago) by ryoon
Branch: MAIN
CVS Tags: pkgsrc-2016Q4-base,
pkgsrc-2016Q4
Changes since 1.274: +3 -4
lines
Diff to previous 1.274 (colored)
Update to 50.1.0 Changelog: #CVE-2016-9894: Buffer overflow in SkiaGL #CVE-2016-9899: Use-after-free while manipulating DOM events and audio elements #CVE-2016-9895: CSP bypass using marquee tag #CVE-2016-9896: Use-after-free with WebVR #CVE-2016-9897: Memory corruption in libGLES #CVE-2016-9898: Use-after-free in Editor while manipulating DOM subtrees #CVE-2016-9900: Restricted external resources can be loaded by SVG images through data URLs #CVE-2016-9904: Cross-origin information leak in shared atoms #CVE-2016-9901: Data from Pocket server improperly sanitized before execution #CVE-2016-9902: Pocket extension does not validate the origin of events #CVE-2016-9903: XSS injection vulnerability in add-ons SDK #CVE-2016-9080: Memory safety bugs fixed in Firefox 50.1 #CVE-2016-9893: Memory safety bugs fixed in Firefox 50.1 and Firefox ESR 45.6
Revision 1.274 / (download) - annotate - [select for diffs], Fri Dec 9 11:51:09 2016 UTC (6 years, 11 months ago) by martin
Branch: MAIN
Changes since 1.273: +2 -2
lines
Diff to previous 1.273 (colored)
Avoid crashes when decoding woff2 fonts on alignment critical architectures
Revision 1.273 / (download) - annotate - [select for diffs], Sun Dec 4 05:17:43 2016 UTC (6 years, 11 months ago) by ryoon
Branch: MAIN
Changes since 1.272: +2 -2
lines
Diff to previous 1.272 (colored)
Recursive revbump from textproc/icu 58.1
Revision 1.272 / (download) - annotate - [select for diffs], Sat Dec 3 11:30:28 2016 UTC (6 years, 11 months ago) by ryoon
Branch: MAIN
Changes since 1.271: +2 -1
lines
Diff to previous 1.271 (colored)
Bump PKGREVISION. On NetBSD use alsa by default.
Revision 1.271 / (download) - annotate - [select for diffs], Sat Dec 3 09:58:25 2016 UTC (6 years, 11 months ago) by ryoon
Branch: MAIN
Changes since 1.270: +2 -3
lines
Diff to previous 1.270 (colored)
Update to 50.0.2
* Change default audio support to ALSA.
You can use OSS or pulseaudio via ALSA plugin package.
Changelog:
50.0.2:
Fixed in Firefox 50.0.2
#CVE-2016-9079: Use-after-free in SVG Animation
50.0.1:
Fixed
*Firefox crashes with 3rd party Chinese IME when using IME text
Security vulnerabilities fixed in Firefox 50.0.1:
#CVE-2016-9078: data: URL can inherit wrong origin after an HTTP redirect
50.0:
New
*Playback video on more sites without plugins with WebM EME Support for Widevine on Windows and Mac
*Improved performance for SDK extensions or extensions using the SDK module loader
*Added download protection for a large number of executable file types on Windows, Mac and Linux
*Increased availability of WebGL to more than 98 percent of users on Windows 7 and newer
*Added Guarani (gn) locale
*Added option to Find in page that allows users to limit search to whole words only
*Updates to keyboard shortcuts
*Set a preference to have Ctrl+Tab cycle through tabs in recently used order
*View a page in Reader Mode by using Ctrl+Alt+R (command+alt+r on Mac)
Fixed
*Login cookies are now saved for sites with a high number of cookies (Bug 1264192)
*Various security fixes
*Fixed rendering of dashed and dotted borders with rounded corners (border-radius)
Changed
*The link to check for plugin security updates has been removed from the addon manager as Firefox automatically checks for plugin updates
*Blocked versions of libavcodec older than 54.35.1
*Added a built-in Emoji set for operating systems without native Emoji fonts (Windows 8.0 and lower and Linux)
Developer
*Changes for web developers
Security vulnerabilities fixed in Firefox 50:
#CVE-2016-5296: Heap-buffer-overflow WRITE in rasterize_edges_1
#CVE-2016-5292: URL parsing causes crash
#CVE-2016-5293: Write to arbitrary file with Mozilla Updater and Maintenance Service using updater.log hardlink
#CVE-2016-5294: Arbitrary target directory for result files of update process
#CVE-2016-5297: Incorrect argument length checking in JavaScript
#CVE-2016-9064: Add-ons update must verify IDs match between current and new versions
#CVE-2016-9065: Firefox for Android location bar spoofing using fullscreen
#CVE-2016-9066: Integer overflow leading to a buffer overflow in nsScriptLoadHandler
#CVE-2016-9067: heap-use-after-free in nsINode::ReplaceOrInsertBefore
#CVE-2016-9068: heap-use-after-free in nsRefreshDriver
#CVE-2016-9072: 64-bit NPAPI sandbox isn't enabled on fresh profile
#CVE-2016-9075: WebExtensions can access the mozAddonManager API and use it to gain elevated privileges
#CVE-2016-9077: Canvas filters allow feDisplacementMaps to be applied to cross-origin images, allowing timing attacks on them
#CVE-2016-5291: Same-origin policy violation using local HTML file and saved shortcut file
#CVE-2016-5295: Mozilla Maintenance Service: Ability to read arbitrary files as SYSTEM
#CVE-2016-5298: SSL indicator can mislead the user about the real URL visited
#CVE-2016-5299: Firefox AuthToken in broadcast protected with signature-level permission can be accessed by an application installed beforehand that defines the same permissionsPI key (glocation) in broadcast protected with signature-level permission can be accessed by an application installed beforehand that defines the same permissions
#CVE-2016-9062: Private browsing browser traces (Android) in browser.db and wal file
#CVE-2016-9070: Sidebar bookmark can have reference to chrome window
#CVE-2016-9073: windows.create schema doesn't specify "format": "relativeUrl"
#CVE-2016-9074: Insufficient timing side-channel resistance in divSpoiler
#CVE-2016-9076: select dropdown menu can be used for URL bar spoofing on e10s
#CVE-2016-9063: Possible integer overflow to fix inside XML_Parse in Expat
#CVE-2016-9071: Probe browser history via HSTS/301 redirect + CSP
#CVE-2016-5289: Memory safety bugs fixed in Firefox 50
#CVE-2016-5290: Memory safety bugs fixed in Firefox 50 and Firefox ESR 45.5
Revision 1.270 / (download) - annotate - [select for diffs], Wed Nov 9 17:41:08 2016 UTC (7 years ago) by maya
Branch: MAIN
Changes since 1.269: +4 -3
lines
Diff to previous 1.269 (colored)
firefox: adjust our OSS patch to saturate as opposed to overflowing the buffer. this fixes the problem of random noise sometimes when playing bass-heavy music. minor pkglint nits. bump PKGREVISION
Revision 1.269 / (download) - annotate - [select for diffs], Thu Nov 3 22:46:43 2016 UTC (7 years ago) by joerg
Branch: MAIN
Changes since 1.268: +4 -1
lines
Diff to previous 1.268 (colored)
Consistently move and patch yuv_row_arm.S.
Revision 1.268 / (download) - annotate - [select for diffs], Wed Oct 26 20:23:27 2016 UTC (7 years, 1 month ago) by ryoon
Branch: MAIN
Changes since 1.267: +2 -2
lines
Diff to previous 1.267 (colored)
Update to 49.0.2
CHangelog:
New
Asynchronous rendering of the Flash plugins is now enabled by default. This should improve performance and reduce crashes for sites that use the Flash plugin. (Bug 1307108)
Fixed
Change D3D9 default fallback preference to prevent graphical artifacts (Bug 1306465)
Network issue prevents some users from seeing the Firefox UI on startup (Bug 1305436)
Web compatibility issue with Array.prototype.values (Bug 1299593)
Various security fixes (CVE-2016-5287, CVE-2016-5288)
Web compatibility issue with file uploads (Bug 1306472)
Changed
Diagnostic information on timing for tab switching (Bug 1304113)
Fix a Canvas filters graphics issue affecting HTML5 apps (Bug 1304539)
Revision 1.267 / (download) - annotate - [select for diffs], Tue Sep 20 20:01:41 2016 UTC (7 years, 2 months ago) by ryoon
Branch: MAIN
CVS Tags: pkgsrc-2016Q3-base,
pkgsrc-2016Q3
Changes since 1.266: +5 -3
lines
Diff to previous 1.266 (colored)
Update to 49.0
Changelog:
New
Updated Firefox Login Manager to allow HTTPS pages to use saved HTTP logins. ItãàÑÔ one more way Firefox is supporting LetãàÑÔ Encrypt and helping users transition to a more secure web.
Added features to Reader Mode that make it easier on the eyes and the ears
Controls that allow users to adjust the width and line spacing of text
Narrate, which reads the content of a page out loud
Improved video performance for users on systems that support SSSE3 without hardware acceleration
Added context menu controls to HTML5 audio and video that let users loops files or play files at 1.25x speed
Enhancements for Mac users
Improved performance on OS X systems without hardware acceleration
Improved appearance of anti-aliased OS X fonts
Improvements in about:memory reports for tracking font memory usage
Improve performance on Windows systems without hardware acceleration
Fixed
Fixed an issue that prevented users from updating Firefox for Mac unless they originally installed Firefox. Now, those users as well as any user with administrative credentials can update Firefox.
Various security fixes
Changed
Ended Firefox for Mac support for OS X 10.6, 10.7, and 10.8.
Ended Firefox for Windows support for SSE processors
Removed Firefox Hello
Re-enabled the default for Graphite2 font shaping
Developer
Added a Cause column to the Network Monitor to show what caused each network request
Introduced web speech synthesis API
Fixed in Firefox 49
2016-85 Security vulnerabilities fixed in Firefox 49
CVE-2016-2827 - Out-of-bounds read in mozilla::net::IsValidReferrerPolicy [low]
Reporter: Atte Kettunen
Description: A content security policy (CSP) containing a referrer directive with no values can cause a non-exploitable crash. [1289085]
CVE-2016-5270 - Heap-buffer-overflow in nsCaseTransformTextRunFactory::TransformString [high]
Reporter: Atte Kettunen
Description: An out-of-bounds write of a boolean value during text conversion with some unicode characters. [1291016]
CVE-2016-5271 - Out-of-bounds read in PropertyProvider::GetSpacingInternal [low]
Reporter: Abhishek Arya
Description: An out-of-bounds read during the processing of text runs in some pages using display:contents. [1288946]
CVE-2016-5272 - Bad cast in nsImageGeometryMixin [high]
Reporter: Abhishek Arya
Description: A bad cast when processing layout with input elements can result in a potentially exploitable crash. [1297934]
CVE-2016-5273 - crash in mozilla::a11y::HyperTextAccessible::GetChildOffset [high]
Reporter: Nils
Description: A potentially exploitable crash in accessibility [1280387]
CVE-2016-5276 - Heap-use-after-free in mozilla::a11y::DocAccessible::ProcessInvalidationList [high]
Reporter: Nils
Description: A use-after-free vulnerability triggered by setting a aria-owns attribute [1287721]
CVE-2016-5274 - use-after-free in nsFrameManager::CaptureFrameState [high]
Reporter: Nils
Description: A use-after-free issue in web animations during restyling. [1282076]
CVE-2016-5277 - Heap-use-after-free in nsRefreshDriver::Tick [high]
Reporter: Nils
Description: A user-after-free vulnerability with web animations when destroying a timeline [1291665]
CVE-2016-5275 - global-buffer-overflow in mozilla::gfx::FilterSupport::ComputeSourceNeededRegions [critical]
Reporter: Nils
Description: A buffer overflow when working with empty filters during canvas rendering [1287316]
CVE-2016-5278 - Heap-buffer-overflow in nsBMPEncoder::AddImageFrame [critical]
Reporter: Nils
Description: A potentially exploitable crash caused by a buffer overflow while encoding image frames to images [1294677]
CVE-2016-5279 - Full local path of files is available to web pages after drag and drop [moderate]
Reporter: Rafael Gieschke
Description: The full path to local files is available to scripts when local files are drag and dropped into Firefox [1249522]
CVE-2016-5280 - Use-after-free in mozilla::nsTextNodeDirectionalityMap::RemoveElementFromMap [high]
Reporter: Mei Wang
Description: Use-after-free vulnerability when changing text direction [1289970]
CVE-2016-5281 - use-after-free in DOMSVGLength [high]
Reporter: Brian Carpenter
Description: Use-after-free vulnerability when manipulating SVG format content through script [1284690]
CVE-2016-5282 - Don't allow content to request favicons from non-whitelisted schemes [moderate]
Reporter: Richard Newman
Description: Favicons can be loaded through non-whitelisted protocols, such as jar: [932335]
CVE-2016-5283 - <iframe src> fragment timing attack can reveal cross-origin data [high]
Reporter: Gavin Sharp
Description: A timing attack vulnerability using iframes to potentially reveal private data using document resizes and link colors [928187]
CVE-2016-5284 - Add-on update site certificate pin expiration [high]
Reporter: Ryan Duff
Description: Due to flaws in the process we used to update "Preloaded Public Key Pinning" in our releases, the pinning for add-on updates became ineffective in early September. An attacker who was able to get a mis-issued certificate for a Mozilla web site could send malicious add-on updates to users on networks controlled by the attacker. Users who have not installed any add-ons are not affected. [1303127]
CVE-2016-5256 - Memory safety bugs fixed in Firefox 49 [critical]
Reporter: Mozilla developers
Description: Mozilla developers Christoph Diehl, Christian Holler, Gary Kwong, Nathan Froyd, Honza Bambas, Seth Fowler, and Michael Smith reported memory safety bugs present in Firefox 48. Some of these bugs showed evidence of memory corruption under certain circumstances could potentially exploited to run arbitrary code. [Memory safety bugs fixed in Firefox 49]
CVE-2016-5257 - Memory safety bugs fixed in Firefox 49 and Firefox ESR 45.4 [critical]
Reporter: Mozilla developers
Description: Mozilla developers and community members Christoph Diehl, Andrew McCreight, Dan Minor, Byron Campen, Jon Coppeard, Steve Fink, Tyson Smith, Philipp, and Carsten Book reported memory safety bugs present in Firefox 48 and Firefox ESR 45.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort at least some of these could be exploited to run arbitrary code. [Memory safety bugs fixed in Firefox 49 and Firefox ESR 45.4]
Revision 1.266 / (download) - annotate - [select for diffs], Mon Aug 29 12:56:53 2016 UTC (7 years, 3 months ago) by ryoon
Branch: MAIN
Changes since 1.265: +2 -2
lines
Diff to previous 1.265 (colored)
Update to 48.0.2 Changelog: Fix a startup crash issue caused by Websense (Windows only) (Bug 1291738)
Revision 1.265 / (download) - annotate - [select for diffs], Sat Aug 20 11:17:32 2016 UTC (7 years, 3 months ago) by ryoon
Branch: MAIN
Changes since 1.264: +2 -3
lines
Diff to previous 1.264 (colored)
Update to 48.0.1
* Remove dbus-glib dependency and add dbus option (from Robert Swindells)
* Fix potential build failure in skia (from Robert Swindells)
Changelog:
Fixed
Fix an audio regression impacting some major websites (bug 1295296)
Fix a top crash in the JavaScript engine (Bug 1290469)
Fix a startup crash issue caused by Websense (Bug 1291738)
Fix a different behavior with e10s / non-e10s on <select> and mouse events (Bug 1291078)
Fix a top crash caused by plugin issues (Bug 1264530)
Fix an unsigned add-ons issue on Windows
Fix a shutdown issue (Bug 1276920)
Fix a crash in WebRTC
Revision 1.264 / (download) - annotate - [select for diffs], Wed Aug 17 00:06:46 2016 UTC (7 years, 3 months ago) by ryoon
Branch: MAIN
Changes since 1.263: +2 -1
lines
Diff to previous 1.263 (colored)
Recursive revbump from multimedia/libvpx uppdate
Revision 1.263 / (download) - annotate - [select for diffs], Sat Aug 6 08:46:59 2016 UTC (7 years, 3 months ago) by ryoon
Branch: MAIN
Changes since 1.262: +4 -4
lines
Diff to previous 1.262 (colored)
Update to 48.0
* OSS audio support may not work. I will revisit later
Changelog:
New:
Roar for moar protection against harmful downloads! We've got your back
Process separation (e10s) is enabled for some of you. Like it? Let us know and we'll roll it out to more.
Add-ons that have not been verified and signed by Mozilla will not load
GNU/Linux fans: Get better Canvas performance with speedy Skia support. Try saying that three times fast
WebRTC embetterments:
Delay-agnostic AEC enabled
Full duplex for GNU/Linux enabled
ICE Restart & Update is supported
Cloning of MediaStream and MediaStreamTrack is now supported
Searching for something already in your bookmarks or open tabs? We added super smart icons to let you know
Windows folks: Tab (move buttons) and Shift+F10 (pop-up menus) now behave as they should in Firefox customization mode
The media parser has been redeveloped using the Rust programming language
Windows 7 systems without Platform Update can now use D3D11 WARP
Fixed:
Various security fixes
Heyo, Jabra & Logitech C920 webcam users. We fixed those pesky WebRTC bugs causing frequency distortions. Buh-bye, squeaky voice!
Improved step debugging on last line of functions
Changed:
Starting with the Firefox version 49 release, so long to support for 10.6, 10.7 and 10.8. Now we can focus on where most Mac users are: 10.9. Don't forget to upgrade!
After version 48, SSE2 CPU extensions are going to be required on Windows
Au revoir to Windows Remote Access Service modem Autodial
Developer:
WebExtensions support is now considered as stable
Workers can now use the Web Crypto API
Want to move absolute & fixed positioned elements? (Who doesn't, right?) Now you can with our geometry editor.
The memory tool now has a tree map view for your debugging pleasure. It's a little bit of "boo" and a whole lot of "ya."
We're putting the spotlight on the background. Now you can debug WebExtensions background content scripts and background pages
Content Security Policy (CSP) is now enforced for WebExtensions. (Who's down with CSP?)
Old and busted: Error Console. New hotness: Browser Console for your debugging pleasure.
Add-on development just got easier because you can reload them from about:debugging ãàbecause we're all about debugging.
This theme is hot, hot, hot! Say hi to the Firebug theme for Developer Tools.
Expand network requests from the console panel to view request details in line, so you can see things in context
Fixed in Firefox 48:
2016-84 Information disclosure through Resource Timing API during page navigation
2016-83 Spoofing attack through text injection into internal error pages
2016-82 Addressbar spoofing with right-to-left characters on Firefox for Android
2016-81 Information disclosure and local file manipulation through drag and drop
2016-80 Same-origin policy violation using local HTML file and saved shortcut file
2016-79 Use-after-free when applying SVG effects
2016-78 Type confusion in display transformation
2016-77 Buffer overflow in ClearKey Content Decryption Module (CDM) during video playback
2016-76 Scripts on marquee tag can execute in sandboxed iframes
2016-75 Integer overflow in WebSockets during data buffering
2016-74 Form input type change from password to text can store plain text password in session restore file
2016-73 Use-after-free in service workers with nested sync events
2016-72 Use-after-free in DTLS during WebRTC session shutdown
2016-71 Crash in incremental garbage collection in JavaScript
2016-70 Use-after-free when using alt key and toplevel menus
2016-69 Arbitrary file manipulation by local user through Mozilla updater and callback application path parameter
2016-68 Out-of-bounds read during XML parsing in Expat library
2016-67 Stack underflow during 2D graphics rendering
2016-66 Location bar spoofing via data URLs with malformed/invalid mediatypes
2016-65 Cairo rendering crash due to memory allocation issue with FFmpeg 0.10
2016-64 Buffer overflow rendering SVG with bidirectional content
2016-63 Favicon network connection can persist when page is closed
2016-62 Miscellaneous memory safety hazards (rv:48.0 / rv:45.3)
Revision 1.262 / (download) - annotate - [select for diffs], Thu Aug 4 17:03:39 2016 UTC (7 years, 3 months ago) by ryoon
Branch: MAIN
Changes since 1.261: +2 -2
lines
Diff to previous 1.261 (colored)
Recursive revbump from audio/pulseaudio
Revision 1.261 / (download) - annotate - [select for diffs], Wed Aug 3 10:23:31 2016 UTC (7 years, 4 months ago) by adam
Branch: MAIN
Changes since 1.260: +2 -2
lines
Diff to previous 1.260 (colored)
Revbump after graphics/gd update
Revision 1.260 / (download) - annotate - [select for diffs], Sat Jul 9 06:39:12 2016 UTC (7 years, 4 months ago) by wiz
Branch: MAIN
Changes since 1.259: +2 -1
lines
Diff to previous 1.259 (colored)
Bump PKGREVISION for perl-5.24.0 for everything mentioning perl.
Revision 1.259 / (download) - annotate - [select for diffs], Sat Jul 2 12:38:04 2016 UTC (7 years, 5 months ago) by ryoon
Branch: MAIN
Changes since 1.258: +2 -3
lines
Diff to previous 1.258 (colored)
Update to 47.0.1
Changelog:
Fixed
Selenium WebDriver may cause Firefox to crash at startup
Revision 1.258 / (download) - annotate - [select for diffs], Sat Jun 25 22:06:12 2016 UTC (7 years, 5 months ago) by pgoyette
Branch: MAIN
CVS Tags: pkgsrc-2016Q2-base,
pkgsrc-2016Q2
Changes since 1.257: +3 -1
lines
Diff to previous 1.257 (colored)
Add plugin-container to list of not-mprotect-safe files, bump pkgrevision.
Revision 1.257 / (download) - annotate - [select for diffs], Thu Jun 16 20:06:26 2016 UTC (7 years, 5 months ago) by ryoon
Branch: MAIN
Changes since 1.256: +1 -3
lines
Diff to previous 1.256 (colored)
Remove unnecessary BUILDLINK_TRANSFORM
Revision 1.256 / (download) - annotate - [select for diffs], Thu Jun 16 12:08:21 2016 UTC (7 years, 5 months ago) by ryoon
Branch: MAIN
Changes since 1.255: +6 -8
lines
Diff to previous 1.255 (colored)
Update to 47.0
* Remove macOS patches, because I cannot confirm them sadly
Changelog:
New
Support for GoogleãàÑÔ Widevine CDM on Windows and Mac OS X so streaming services like Amazon Video can switch from Silverlight to encrypted HTML5 video.
Enable VP9 video codec for users with fast machines
Embedded YouTube videos now play with HTML5 video if Flash is not installed.
View and search open tabs from your smartphone or another computer in a sidebar
Allow no-cache on back/forward navigations for https resources
Latgalu [ltg] locale added. Wikipedia tells us there are 164,500 daily speakers.
Fixed
Various security fixes
Changed
FUEL (Firefox User Extension Library) has been removed. Add-ons relying on it will stop working.
The browser.sessionstore.restore_on_demand preference has been reset to its default value (true) to avoid e10s performance problems. Because faster is better!
The Firefox click-to-activate plugin whitelist has been removed.
XRender is no longer used for rendering web content on Linux as this may cause a regression in remote X performance
Developer
Web platform changes
View, start,and debug registered Service Workers in the Service Workers developer tool
Simulate Push messages in the Service Workers developer tool
'Start' button for service workers in about:debugging to start registered Service Workers
Changes that can affect add-on compatibility
Added support for ChaCha20/Poly1305 cipher suites
Custom user agents supported in Responsive Design Mode
Smart multi-line input in the Web Console
Developer Information
HTML5
cuechange events are now available on TextTrack objects
WebCrypto: PBKDF2 supports SHA-2 hash algorithms
WebCrypto: RSA-PSS signature support
Fixed in Firefox 47
2016-61 Network Security Services (NSS) vulnerabilities
2016-60 Java applets bypass CSP protections
2016-59 Information disclosure of disabled plugins through CSS pseudo-classes
2016-58 Entering fullscreen and persistent pointerlock without user permission
2016-57 Incorrect icon displayed on permissions notifications
2016-56 Use-after-free when textures are used in WebGL operations after recycle pool destruction
2016-55 File overwrite and privilege escalation through Mozilla Windows updater
2016-54 Partial same-origin-policy through setting location.host through data URI
2016-53 Out-of-bounds write with WebGL shader
2016-52 Addressbar spoofing though the SELECT element
2016-51 Use-after-free deleting tables from a contenteditable document
2016-50 Buffer overflow parsing HTML5 fragments
2016-49 Miscellaneous memory safety hazards (rv:47.0 / rv:45.2)
Revision 1.255 / (download) - annotate - [select for diffs], Fri Jun 10 13:16:42 2016 UTC (7 years, 5 months ago) by wiz
Branch: MAIN
Changes since 1.254: +5 -2
lines
Diff to previous 1.254 (colored)
Mark files as not PaX MPROTECT safe. Bump PKGREVISION.
Revision 1.254 / (download) - annotate - [select for diffs], Fri May 20 12:25:20 2016 UTC (7 years, 6 months ago) by wiz
Branch: MAIN
Changes since 1.253: +2 -1
lines
Diff to previous 1.253 (colored)
Depend on an nss providing nss-config, and remove workaround patch. Bump PKGREVISION.
Revision 1.247.2.1 / (download) - annotate - [select for diffs], Thu May 19 12:56:30 2016 UTC (7 years, 6 months ago) by bsiegert
Branch: pkgsrc-2016Q1
Changes since 1.247: +3 -3
lines
Diff to previous 1.247 (colored) next main 1.248 (colored)
Pullup ticket #5015 - requested by sevan
www/firefox: security fix
Revisions pulled up:
- www/firefox/Makefile 1.249-1.250
- www/firefox/PLIST 1.105-1.106
- www/firefox/distinfo 1.242-1.243
- www/firefox/mozilla-common.mk 1.73
- www/firefox/patches/patch-aa 1.45
- www/firefox/patches/patch-config_external_moz.build 1.11
- www/firefox/patches/patch-config_system-headers 1.18
- www/firefox/patches/patch-dom_media_gstreamer_GStreamerAllocator.cpp deleted
- www/firefox/patches/patch-dom_media_moz.build 1.3
- www/firefox/patches/patch-gfx_skia_generate__mozbuild.py 1.4
- www/firefox/patches/patch-gfx_skia_moz.build 1.11
- www/firefox/patches/patch-gfx_skia_skia_src_core_SkUtilsArm.cpp 1.2
- www/firefox/patches/patch-gfx_skia_skia_src_opts_SkBitmapProcState__opts__arm.cpp deleted
- www/firefox/patches/patch-gfx_skia_skia_src_opts_memset.arm.S deleted
- www/firefox/patches/patch-gfx_thebes_moz.build 1.3
- www/firefox/patches/patch-media_libcubeb_src_cubeb.c 1.3
- www/firefox/patches/patch-media_libcubeb_src_cubeb__alsa.c 1.14
- www/firefox/patches/patch-media_libcubeb_src_moz.build 1.7
- www/firefox/patches/patch-media_libtheora_moz.build 1.5
- www/firefox/patches/patch-pb deleted
- www/firefox/patches/patch-pc deleted
- www/firefox/patches/patch-toolkit_library_moz.build 1.5
- www/firefox/patches/patch-xpcom_reflect_xptcall_md_unix_moz.build 1.5
---
Module Name: pkgsrc
Committed By: ryoon
Date: Wed Apr 13 20:37:33 UTC 2016
Modified Files:
pkgsrc/www/firefox: Makefile PLIST distinfo
Log Message:
Update to 45.0.2
Changelog:
Fixed:
Fix an issue impacting the cookie header when third-party cookies are blocked (1257861)
Fix a web compatibility regression impacting the srcset attribute of the image tag (1259482)
Fix a regression with the copy and paste with some old versions of some Gecko applications like Thunderbird (1254980)
Fix a crash impacting the video playback with Media Source Extension (1258562)
Fix a regression impacting some specific uploads (1255735)
---
Module Name: pkgsrc
Committed By: ryoon
Date: Wed Apr 27 16:22:40 UTC 2016
Modified Files:
pkgsrc/www/firefox: Makefile PLIST distinfo mozilla-common.mk
pkgsrc/www/firefox/patches: patch-aa patch-config_external_moz.build
patch-config_system-headers patch-dom_media_moz.build
patch-gfx_skia_generate__mozbuild.py patch-gfx_skia_moz.build
patch-gfx_skia_skia_src_core_SkUtilsArm.cpp
patch-gfx_thebes_moz.build patch-media_libcubeb_src_cubeb.c
patch-media_libcubeb_src_cubeb__alsa.c
patch-media_libcubeb_src_moz.build patch-media_libtheora_moz.build
patch-toolkit_library_moz.build
patch-xpcom_reflect_xptcall_md_unix_moz.build
Removed Files:
pkgsrc/www/firefox/patches:
patch-dom_media_gstreamer_GStreamerAllocator.cpp
patch-gfx_skia_skia_src_opts_SkBitmapProcState__opts__arm.cpp
patch-gfx_skia_skia_src_opts_memset.arm.S patch-pb patch-pc
Log Message:
Update to 46.0
* Drop buildlink to gstreamer1
Changelog:
New
Improved security of the JavaScript Just In Time (JIT) Compiler
GTK3 integration (GNU/Linux only)
Fixed
Correct rendering for scaled SVGs that use a clip and a mask
Various security fixes
Screen reader behavior with blank spaces in Google Docs corrected
Changed
WebRTC fixes to improve performance and stability
Developer
Display dominator trees in Memory tool
Allocation and garbage collection pause profiling in the performance panel
Launch responsive mode from the Style Editor @media sidebar
HTML5
Added support for document.elementsFromPoint
Added HKDF support for Web Crypto API
Fixed in Firefox 46
2016-48 Firefox Health Reports could accept events from untrusted domains
2016-47 Write to invalid HashMap entry through JavaScript.watch()
2016-46 Elevation of privilege with chrome.tabs.update API in web extensions
2016-45 CSP not applied to pages sent with multipart/x-mixed-replace
2016-44 Buffer overflow in libstagefright with CENC offsets
2016-43 Disclosure of user actions through JavaScript with motion and orientation sensors
2016-42 Use-after-free and buffer overflow in Service Workers
2016-41 Content provider permission bypass allows malicious application to access data
2016-40 Privilege escalation through file deletion by Maintenance Service updater
2016-39 Miscellaneous memory safety hazards (rv:46.0 / rv:45.1 / rv:38.8)
Revision 1.253 / (download) - annotate - [select for diffs], Thu May 5 11:46:15 2016 UTC (7 years, 6 months ago) by ryoon
Branch: MAIN
Changes since 1.252: +2 -3
lines
Diff to previous 1.252 (colored)
Update to 46.0.1
Changelog:
Fixed
Page loading issue related to antivirus software (Bug 1268922)
Search plugin issue for various locales (Bug 1246494)
Add-on signing certificate expiration (Bug 1267318)
Service worker update issue (Bug 1267733)
Build issue when jit is disabled (Bug 1266366)
Limit Sync registration updates (Bug 1262312)
Revision 1.252 / (download) - annotate - [select for diffs], Wed May 4 16:22:35 2016 UTC (7 years, 6 months ago) by martin
Branch: MAIN
Changes since 1.251: +2 -2
lines
Diff to previous 1.251 (colored)
Make it buildable on sparc64
Revision 1.251 / (download) - annotate - [select for diffs], Fri Apr 29 23:42:49 2016 UTC (7 years, 7 months ago) by ryoon
Branch: MAIN
Changes since 1.250: +2 -1
lines
Diff to previous 1.250 (colored)
Bump PKGREVISION for enabling H.264 video playback support with ffmpeg Add dependency to multimedia/ffmpeg3
Revision 1.250 / (download) - annotate - [select for diffs], Wed Apr 27 16:22:39 2016 UTC (7 years, 7 months ago) by ryoon
Branch: MAIN
Changes since 1.249: +3 -3
lines
Diff to previous 1.249 (colored)
Update to 46.0
* Drop buildlink to gstreamer1
Changelog:
New
Improved security of the JavaScript Just In Time (JIT) Compiler
GTK3 integration (GNU/Linux only)
Fixed
Correct rendering for scaled SVGs that use a clip and a mask
Various security fixes
Screen reader behavior with blank spaces in Google Docs corrected
Changed
WebRTC fixes to improve performance and stability
Developer
Display dominator trees in Memory tool
Allocation and garbage collection pause profiling in the performance panel
Launch responsive mode from the Style Editor @media sidebar
HTML5
Added support for document.elementsFromPoint
Added HKDF support for Web Crypto API
Fixed in Firefox 46
2016-48 Firefox Health Reports could accept events from untrusted domains
2016-47 Write to invalid HashMap entry through JavaScript.watch()
2016-46 Elevation of privilege with chrome.tabs.update API in web extensions
2016-45 CSP not applied to pages sent with multipart/x-mixed-replace
2016-44 Buffer overflow in libstagefright with CENC offsets
2016-43 Disclosure of user actions through JavaScript with motion and orientation sensors
2016-42 Use-after-free and buffer overflow in Service Workers
2016-41 Content provider permission bypass allows malicious application to access data
2016-40 Privilege escalation through file deletion by Maintenance Service updater
2016-39 Miscellaneous memory safety hazards (rv:46.0 / rv:45.1 / rv:38.8)
Revision 1.249 / (download) - annotate - [select for diffs], Wed Apr 13 20:37:33 2016 UTC (7 years, 7 months ago) by ryoon
Branch: MAIN
Changes since 1.248: +2 -3
lines
Diff to previous 1.248 (colored)
Update to 45.0.2
Changelog:
Fixed:
Fix an issue impacting the cookie header when third-party cookies are blocked (1257861)
Fix a web compatibility regression impacting the srcset attribute of the image tag (1259482)
Fix a regression with the copy and paste with some old versions of some Gecko applications like Thunderbird (1254980)
Fix a crash impacting the video playback with Media Source Extension (1258562)
Fix a regression impacting some specific uploads (1255735)
Revision 1.248 / (download) - annotate - [select for diffs], Mon Apr 11 19:02:05 2016 UTC (7 years, 7 months ago) by ryoon
Branch: MAIN
Changes since 1.247: +2 -1
lines
Diff to previous 1.247 (colored)
Recursive revbump from textproc/icu 57.1
Revision 1.247 / (download) - annotate - [select for diffs], Sat Mar 19 22:57:50 2016 UTC (7 years, 8 months ago) by ryoon
Branch: MAIN
CVS Tags: pkgsrc-2016Q1-base
Branch point for: pkgsrc-2016Q1
Changes since 1.246: +2 -2
lines
Diff to previous 1.246 (colored)
Update to 45.0.1
Changelog:
Fixed
Fix a potential performance regression (Youtube for example) (1220502)
Fix a regression causing search engine settings to be lost in some context (1254694)
Bring back non-standard jar: URIs to fix a regression in IBM iNotes (1255139)
XSLTProcessor.importStylesheet was failing when <import> was used (1249572)
Fix an issue which could cause the list of search provider to be empty (1255605)
Fix a regression when using the location bar (1254503)
Fix some loading issues when Accept third-party cookies: was set to Never (1254856)
Changed
Disabled Graphite font shaping library
Revision 1.246 / (download) - annotate - [select for diffs], Tue Mar 8 21:32:52 2016 UTC (7 years, 8 months ago) by ryoon
Branch: MAIN
Changes since 1.245: +3 -4
lines
Diff to previous 1.245 (colored)
Update to 45.0
Changelog:
New
Instant browser tab sharing through Hello
Tabs synced via Firefox Accounts from other devices are now shown in dropdown area of Awesome Bar when searching
Synced Tabs button in button bar
Introduce a new preference (network.dns.blockDotOnion) to allow blocking .onion at the DNS level
Guarani [gn] locale added
Fixed
URLs containing a Unicode-format Internationalized Domain Name (IDN) are now properly redirected
Various security fixes
Fixed in Firefox 45
2016-37 Font vulnerabilities in the Graphite 2 library
2016-36 Use-after-free during processing of DER encoded keys in NSS
2016-35 Buffer overflow during ASN.1 decoding in NSS
2016-34 Out-of-bounds read in HTML parser following a failed allocation
2016-33 Use-after-free in GetStaticInstance in WebRTC
2016-32 WebRTC and LibVPX vulnerabilities found through code inspection
2016-31 Memory corruption with malicious NPAPI plugin
2016-30 Buffer overflow in Brotli decompression
2016-29 Same-origin policy violation using perfomance.getEntries and history navigation with session restore
2016-28 Addressbar spoofing though history navigation and Location protocol property
2016-27 Use-after-free during XML transformations
2016-26 Memory corruption when modifying a file being read by FileReader
2016-25 Use-after-free when using multiple WebRTC data channels
2016-24 Use-after-free in SetBody
2016-23 Use-after-free in HTML5 string parser
2016-22 Service Worker Manager out-of-bounds read in Service Worker Manager
2016-21 Displayed page address can be overridden
2016-20 Memory leak in libstagefright when deleting an array during MP4 processing
2016-19 Linux video memory DOS with Intel drivers
2016-18 CSP reports fail to strip location information for embedded iframe pages
2016-17 Local file overwriting and potential privilege escalation through CSP reports
2016-16 Miscellaneous memory safety hazards (rv:45.0 / rv:38.7)
Revision 1.245 / (download) - annotate - [select for diffs], Sat Mar 5 11:29:36 2016 UTC (7 years, 8 months ago) by jperkin
Branch: MAIN
Changes since 1.244: +2 -1
lines
Diff to previous 1.244 (colored)
Bump PKGREVISION for security/openssl ABI bump.
Revision 1.244 / (download) - annotate - [select for diffs], Fri Feb 26 10:57:45 2016 UTC (7 years, 9 months ago) by jperkin
Branch: MAIN
Changes since 1.243: +3 -7
lines
Diff to previous 1.243 (colored)
Use OPSYSVARS.
Revision 1.243 / (download) - annotate - [select for diffs], Fri Feb 12 15:21:48 2016 UTC (7 years, 9 months ago) by ryoon
Branch: MAIN
Changes since 1.242: +2 -2
lines
Diff to previous 1.242 (colored)
Update to 44.0.2 Changelog: Fix: Firefox hangs or crashes on startup (1243098) Security bug: 2016-13 Same-origin-policy violation using Service Workers with plugins
Revision 1.242 / (download) - annotate - [select for diffs], Tue Feb 9 12:47:22 2016 UTC (7 years, 9 months ago) by ryoon
Branch: MAIN
Changes since 1.241: +2 -3
lines
Diff to previous 1.241 (colored)
Update to 44.0.1
Changelog:
Fix:
Fix issue which could lead to the removal of stored passwords under certain circumstances (1242176)
Allows spaces in cookie names (1244505)
Fix WebSockets when used in a Service Worker context (1243942)
Disable opus/vorbis audio with H.264 (1245696)
Require NSS 3.21 (1244069)
Ship the Gecko SDK (1243740)
Fix for graphics startup crash (GNU/Linux) (1222171)
Fix a crash in cache networking (1244076)
Revision 1.241 / (download) - annotate - [select for diffs], Sat Feb 6 22:13:22 2016 UTC (7 years, 9 months ago) by ryoon
Branch: MAIN
Changes since 1.240: +2 -1
lines
Diff to previous 1.240 (colored)
Add workaround for build failure under recent NetBSD with binutils 2.26, bump PKGREVISION
Revision 1.240 / (download) - annotate - [select for diffs], Wed Jan 27 00:08:26 2016 UTC (7 years, 10 months ago) by ryoon
Branch: MAIN
Changes since 1.239: +3 -3
lines
Diff to previous 1.239 (colored)
Update to 44.0
Changelog:
New
Improved warning pages for certificate errors and untrusted connections
Enable H.264 if system decoder is available
Enable WebM/VP9 video support on systems that don't support MP4/H.264
In the animation-inspector timeline, lightning bolt icon next to animations running on the compositor thread
Support the brotli compression format via HTTPS content-encoding
Screenshot commands allow user choice of pixel ratio in Developer Tools
Fixed
Windows XP and Vista screensaver doesn't disable when watching videos (Bug 1193610)
Various security fixes
Changed
To support unicode-range descriptor for webfonts, font matching under Linux now uses the same font matching code as other platforms
Use a SHA-256 signing certificate for Windows builds, to meet new signing requirements
Firefox has removed support for the RC4 decipher
Firefox will no longer trust the Equifax Secure Certificate Authority 1024-bit root certificate or the UTN - DATACorp SGC to validate secure website certificates
Stricter validation of web fonts
On-screen keyboard support temporarily turned off for Windows 8 and Windows 8.1
Developer
Right click on a logged object in the console to store it as a global variable on the page
Visual tools for Animation:
View/Edit CSS animation keyframe rules directly in the inspector
Visually modify the cubic-bezier curve that drives the way animations progress through time
Discover and scrub through all CSS animations and transitions playing on the page
Learn more: http://devtoolschallenger.com/
Visual tools for Layout and Styles:
Display rulers along the viewport to verify size and position and use the measurement tool to easily detect spacing and alignment problems
Use CSS filters to preview and create real-time effects like drop-shadows, sepia, etc
Learn more: http://devtoolschallenger.com/
New memory tool for inspecting the memory heap
Service Workers API
Built-in JSON reader to intuitively view, search, copy and save data without extensions
Jump to function definitions in the debugger with Cmd-Click
WebSocket Debugging API and add-on
The rule view now displays styles using their authored text, and edits in the rule view are now linked to the style editor
Security bugs:
Fixed in Firefox 44
2016-12 Lightweight themes on Firefox for Android do not verify a secure connection
2016-11 Application Reputation service disabled in Firefox 43
2016-10 Unsafe memory manipulation found through code inspection
2016-09 Addressbar spoofing attacks
2016-08 Delay following click events in file download dialog too short on OS X
2016-07 Errors in mp_div and mp_exptmod cryptographic functions in NSS
2016-06 Missing delay following user click events in protocol handler dialog
2016-05 Addressbar spoofing through stored data url shortcuts on Firefox for Android
2016-04 Firefox allows for control characters to be set in cookie names
2016-03 Buffer overflow in WebGL after out of memory allocation
2016-02 Out of Memory crash when parsing GIF format images
2016-01 Miscellaneous memory safety hazards (rv:44.0 / rv:38.6)
Revision 1.239 / (download) - annotate - [select for diffs], Sat Jan 9 05:48:48 2016 UTC (7 years, 10 months ago) by ryoon
Branch: MAIN
Changes since 1.238: +2 -2
lines
Diff to previous 1.238 (colored)
Update to 43.0.4 Changelog: Fixed: Fix for startup crash for users of a third party antivirus tool (Bug 1235537) Fixed: Multi-user GNU/Linux download folders can be created (Bug 1233434) Changed: Re-enable SHA-1 certificates (Bug 1236975)
Revision 1.238 / (download) - annotate - [select for diffs], Thu Dec 31 08:45:42 2015 UTC (7 years, 11 months ago) by ryoon
Branch: MAIN
Changes since 1.237: +2 -2
lines
Diff to previous 1.237 (colored)
Update to 43.0.3
* Fix alsa option build, fix PR pkg/50427
Changelog:
Fix: Fix network issue when using Nvidia's Network Access Manager (1233237)
Fix: On some Windows configurations, improve the decoding of some videos on YouTube (1233970)
Revision 1.237 / (download) - annotate - [select for diffs], Sun Dec 27 18:25:33 2015 UTC (7 years, 11 months ago) by ryoon
Branch: MAIN
Changes since 1.236: +2 -3
lines
Diff to previous 1.236 (colored)
Update to 43.0.2 * Add OSS support, disabled by default Changelog: 43.0.2: Stability fixes. 43.0.1: Not for non-Microsoft Windows platforms.
Revision 1.236 / (download) - annotate - [select for diffs], Sat Dec 19 12:50:55 2015 UTC (7 years, 11 months ago) by martin
Branch: MAIN
CVS Tags: pkgsrc-2015Q4-base,
pkgsrc-2015Q4
Changes since 1.235: +2 -1
lines
Diff to previous 1.235 (colored)
Remove changes for bugzilla ticket #1026499 which has been resolved differently upstream.
Revision 1.235 / (download) - annotate - [select for diffs], Wed Dec 16 09:34:55 2015 UTC (7 years, 11 months ago) by ryoon
Branch: MAIN
Changes since 1.234: +3 -4
lines
Diff to previous 1.234 (colored)
Update to 43.0
Changelog:
New Private Browsing with Tracking Protection offers choice of blocking additional trackers
New Improved API support for m4v video playback
New Firefox 64-bit for Windows is now available via the Firefox download page
New Users can choose search suggestions from the Awesome Bar
New On-screen keyboard displayed on selecting input field on devices running Windows 8 or greater
New Firefox Health Report has switched to use the same data collection mechanism as telemetry
Developer Markup view shows indicators for pseudo-classes locked for elements
Developer Bind F1 key to open the settings when the toolbox is focused
Developer New 'Use in Console' context menu item in Inspector to store selected element in a temporary variable
Developer Search button next to overridden CSS properties to find similar properties in the rules view
Developer Ability to filter styles from their property names in the rules view
Developer Stack traces are now shown for exceptions inside the console
Developer Added ability to display server-side logs in the console
Developer Ability to choose resolution for the GCLI screenshot command
Developer Subresource integrity allows developers to make their sites more secure
Developer Network requests in Console now link to Network panel instead of opening in a popup
Developer Unprefixed 'hyphens' property is now supported
Developer WebIDE now has a sidebar-based UI
Developer The 'transform-origin' property is now supported on SVG elements
Developer Animation inspector now displays animations in a timeline
Developer Single-process mode is no longer supported for NPAPI plugins
Fixed Eyedropper tool does not work as expected when page is zoomed
Fixed Various security fixes
Fixed in Firefox 43
2015-149 Cross-site reading attack through data and view-source URIs
2015-148 Privilege escalation vulnerabilities in WebExtension APIs
2015-147 Integer underflow and buffer overflow processing MP4 metadata in libstagefright
2015-146 Integer overflow in MP4 playback in 64-bit versions
2015-145 Underflow through code inspection
2015-144 Buffer overflows found through code inspection
2015-143 Linux file chooser crashes on malformed images due to flaws in Jasper library
2015-142 DOS due to malformed frames in HTTP/2
2015-141 Hash in data URI is incorrectly parsed
2015-140 Cross-origin information leak through web workers error events
2015-139 Integer overflow allocating extremely large textures
2015-138 Use-after-free in WebRTC when datachannel is used after being destroyed
2015-137 Firefox allows for control characters to be set in cookies
2015-136 Same-origin policy violation using perfomance.getEntries and history navigation
2015-135 Crash with JavaScript variable assignment with unboxed objects
2015-134 Miscellaneous memory safety hazards (rv:43.0 / rv:38.5)
Revision 1.234 / (download) - annotate - [select for diffs], Wed Nov 18 14:19:55 2015 UTC (8 years ago) by ryoon
Branch: MAIN
Changes since 1.233: +2 -1
lines
Diff to previous 1.233 (colored)
Recursive revbump from multimedia/libvpx
Revision 1.233 / (download) - annotate - [select for diffs], Tue Nov 3 15:52:57 2015 UTC (8 years, 1 month ago) by ryoon
Branch: MAIN
Changes since 1.232: +4 -6
lines
Diff to previous 1.232 (colored)
Update to 42.0
Changelog:
New Private Browsing with Tracking Protection blocks certain Web elements that could be used to record your behavior across sites
New Control Center that contains site security and privacy controls
New Indicator added to tabs that play audio with one-click muting
New WebRTC improvements:
IPV6 support
Preferences for controlling ICE candidate generation and IP exposure
Hooks for extensions to allow/deny createOffer/Answer
Improved ability for applications to monitor and control which devices are used in getUserMedia
New Login Manager improvements:
Improved heuristics to save usernames and passwords
Edit and show all logins in line, Copy/Paste usernames/passwords from the Context menu
Migration imports your passwords to Firefox from Google Chrome for Windows and Internet Explorer; import anytime from the Login Manager
Changed Improved performance on interactive websites that trigger a lot of restyles
HTML5 Media Source Extension for HTML5 video available for all sites
HTML5 Support ImageBitmap and createImageBitmap()
HTML5 Implemented ES6 Reflect
Developer Ability to save filter presets inside CSS Filter Tooltip
Developer CSS filter presets in the Inspector
Developer Configurable Firefox OS Simulator in WebIDE, to simulate reference devices like phones, tablets, even TVs
Developer Asynchronous call stacks now allow web developers to follow the code flow through setTimeout, DOM event handlers, and Promise handlers.
Developer Remote website debugging over WiFi (no USB cable or ADB needed)
Developer View HTML source in a tab
Revision 1.232 / (download) - annotate - [select for diffs], Sun Oct 25 15:59:37 2015 UTC (8 years, 1 month ago) by jmcneill
Branch: MAIN
Changes since 1.231: +2 -1
lines
Diff to previous 1.231 (colored)
NEON runtime detection for NetBSD/arm.
Revision 1.231 / (download) - annotate - [select for diffs], Fri Oct 16 20:50:23 2015 UTC (8 years, 1 month ago) by ryoon
Branch: MAIN
Changes since 1.230: +2 -3
lines
Diff to previous 1.230 (colored)
Update to 41.0.2
Changelog:
Security fix
Fixed in Firefox 41.0.2
2015-115 Cross-origin restriction bypass using Fetch
Revision 1.230 / (download) - annotate - [select for diffs], Fri Oct 16 12:58:16 2015 UTC (8 years, 1 month ago) by jmcneill
Branch: MAIN
Changes since 1.229: +2 -2
lines
Diff to previous 1.229 (colored)
gio is part of gtk2 not gnome, so dont make the gio extension conditional on the gnome pkg option. bump pkg revision.
Revision 1.229 / (download) - annotate - [select for diffs], Sat Oct 10 01:58:21 2015 UTC (8 years, 1 month ago) by ryoon
Branch: MAIN
Changes since 1.228: +2 -1
lines
Diff to previous 1.228 (colored)
Recursive revbump from textproc/icu
Revision 1.228 / (download) - annotate - [select for diffs], Mon Oct 5 15:53:23 2015 UTC (8 years, 1 month ago) by ryoon
Branch: MAIN
Changes since 1.227: +2 -3
lines
Diff to previous 1.227 (colored)
Update to 41.0.1 Changelog: Fixed Fix a startup crash related to Yandex toolbar and Adblock Plus (1209124) Fixed Fix potential hangs with Flash plugins (1185639) Fixed Fix a regression in the bookmark creation (1206376) Fixed Fix a startup crash with some Intel Media Accelerator 3150 graphic cards (1207665) Fixed Fix a graphic crash, occurring occasionally on Facebook (1178601)
Revision 1.227 / (download) - annotate - [select for diffs], Sun Sep 27 23:46:31 2015 UTC (8 years, 2 months ago) by tnn
Branch: MAIN
Changes since 1.226: +2 -1
lines
Diff to previous 1.226 (colored)
Remove old and probably stale Gecko Media Plugin patches (from FreeBSD?). It might still be possible that pkgsrc needs adjustments for gmp loading if/when we adopt some gmp packages, but until then they serve no purpose and in fact appear to be harmful. Fixes Firefox startup error message: addons.manager ERROR Exception calling provider GMPProvider.startup
Revision 1.226 / (download) - annotate - [select for diffs], Wed Sep 23 06:44:41 2015 UTC (8 years, 2 months ago) by ryoon
Branch: MAIN
CVS Tags: pkgsrc-2015Q3-base,
pkgsrc-2015Q3
Changes since 1.225: +4 -5
lines
Diff to previous 1.225 (colored)
Update to 41.0
Changelog:
New Enhance IME support on Windows (Vista +) using TSF (Text Services Framework)
New Ability to set a profile picture for your Firefox Account
New Firefox Hello now includes instant messaging
New SVG images can be used as favicons
New Improved box-shadow rendering performance
Changed WebRTC now requires perfect forward secrecy
Changed WARP is disabled on Windows 7
Changed Updates to image decoding process
Changed Support for running animations of 'transform' and 'opacity' on the compositor thread
HTML5 MessageChannel and MessagePort API enabled by default
HTML5 Added support for the transform-origin property on SVG elements
HTML5 CSS Font Loading API enabled by default
HTML5 Navigator.onLine now varies with actual internet connectivity (Windows and Mac OS X only)
HTML5 Copy/Cut Web content from JavaScript to the OS clipboard with document.execCommand("cut"/"copy")
HTML5 Implemented Cache API for querying named caches that are accessible Window, Worker, and ServiceWorker
Developer Removed support for binary XPCOM components in extensions, use addon SDK "system/child_process" pipe mechanism for native binaries instead
Developer Network requests can be exported in HAR format
Developer Quickly add new CSS rule with New Rule button in the Inspector
Developer Screenshot a node or element from markup view with the Screenshot Node context menu item
Developer Copy element CSS rule declarations with the Copy Rule Declaration context menu item in the Inspector
Developer Pseudo-Class panel in the Inspector
Fixed Picture element does not react to resize/viewport changes
Fixed Various security fixes
Security fixes:
Fixed in Firefox 41
2015-114 Information disclosure via the High Resolution Time API
2015-113 Memory safety errors in libGLES in the ANGLE graphics library
2015-112 Vulnerabilities found through code inspection
2015-111 Errors in the handling of CORS preflight request headers
2015-110 Dragging and dropping images exposes final URL after redirects
2015-109 JavaScript immutable property enforcement can be bypassed
2015-108 Scripted proxies can access inner window
2015-107 Out-of-bounds read during 2D canvas display on Linux 16-bit color depth systems
2015-106 Use-after-free while manipulating HTML media content
2015-105 Buffer overflow while decoding WebM video
2015-104 Use-after-free with shared workers and IndexedDB
2015-103 URL spoofing in reader mode
2015-102 Crash when using debugger with SavedStacks in JavaScript
2015-101 Buffer overflow in libvpx while parsing vp9 format video
2015-100 Arbitrary file manipulation by local user through Mozilla updater
2015-99 Site attribute spoofing on Android by pasting URL with unknown scheme
2015-98 Out of bounds read in QCMS library with ICC V4 profile attributes
2015-97 Memory leak in mozTCPSocket to servers
2015-96 Miscellaneous memory safety hazards (rv:41.0 / rv:38.3)
Revision 1.225 / (download) - annotate - [select for diffs], Sun Aug 30 09:29:15 2015 UTC (8 years, 3 months ago) by ryoon
Branch: MAIN
Changes since 1.224: +2 -1
lines
Diff to previous 1.224 (colored)
Bump PKGREVISION * Set layers.offmainthreadcomposition.enabled=false by default. Improve stability.
Revision 1.224 / (download) - annotate - [select for diffs], Sat Aug 29 12:11:22 2015 UTC (8 years, 3 months ago) by ryoon
Branch: MAIN
Changes since 1.223: +2 -2
lines
Diff to previous 1.223 (colored)
Update to 40.0.3
* Enable PIE.
Changelog:
Changed Disable the asynchronous plugin initialization (1198590)
Fixed Fix a segmentation fault in the GStreamer support (GNU/Linux) (1145230)
Fixed Fix a startup crash when using DisplayLink (Windows Only) (1195844)
Fixed Fix a regression with some Japanese fonts used in the <input> field (1194055)
Fixed On some sites, the selection in a select combox box using the mouse could be broken (1194733)
Fixed Some search partner codes were missing (1195683)
Fixed Various security fixes
Fixed in Firefox 40.0.3
2015-95 Add-on notification bypass through data URLs
2015-94 Use-after-free when resizing canvas element during restyling
Revision 1.223 / (download) - annotate - [select for diffs], Wed Aug 19 11:37:04 2015 UTC (8 years, 3 months ago) by ryoon
Branch: MAIN
Changes since 1.222: +2 -3
lines
Diff to previous 1.222 (colored)
Update to 40.0.2 * Disable OSS support explicitly under NetBSD. Changelog: New Enabled API allowing Windows 10 users to open settings dialog (1193196) Fixed mozalloc.lib was missing from the xulrunner package (1168291) Fixed Fix a startup crash with some combination of hardware and drivers (1160295)
Revision 1.222 / (download) - annotate - [select for diffs], Wed Aug 12 05:41:30 2015 UTC (8 years, 3 months ago) by ryoon
Branch: MAIN
Changes since 1.221: +2 -1
lines
Diff to previous 1.221 (colored)
Bump PKGREVISION. * Fix merge mistake.
Revision 1.221 / (download) - annotate - [select for diffs], Tue Aug 11 23:48:17 2015 UTC (8 years, 3 months ago) by ryoon
Branch: MAIN
Changes since 1.220: +2 -2
lines
Diff to previous 1.220 (colored)
Update to 40.0
Changelog:
New Support for Windows 10
New Added protection against unwanted software downloads
New User can receive suggested tiles in the new tab page based on categories Firefox matches to browsing history (en-US only).
New Hello allows adding a link to conversations to provide context on what the conversation will be about
New New style for add-on manager based on the in-content preferences style
New Improved scrolling, graphics, and video playback performance with off main thread compositing (GNU/Linux only)
New Graphic blocklist mechanism improved: Firefox version ranges can be specified, limiting the number of devices blocked
Changed Add-on extensions that are not signed by Mozilla will display a warning
Changed NPAPI Plug-in performance improved via asynchronous initialization
Changed Smoother animation and scrolling with hardware vsync (Windows only)
Changed JPEG images use less memory when scaled and can be painted faster
Changed Sub-resources can no longer request HTTP authentication, thus protecting users from inadvertently disclosing login data
HTML5 IndexedDB transactions are now non-durable by default
HTML5 Implemented AudioBufferSourceNode.detune to modulate playback rate in cents, a logarithmic unit of measure used for musical intervals
Developer Improved Performance tools in the developer tools: Waterfall view, Call Tree view and a Flame Chart view
Developer New rules view tooltip in the Inspector to tweak CSS Filter values
Developer Console API messages from SharedWorker and ServiceWorker are now displayed in web console
Developer New page ruler highlighting tool that displays lightweight horizontal and vertical rules on a page
Developer Inspector now searches across all content frames in a page
Fixed Kannada text does not display properly in built-in pdf viewer
Fixed Various security fixes
Known Issues
unresolved If Firefox is restarted from an add-on install notification, on-going private browsing downloads might be canceled without warning (1185294)
Fixed in Firefox 40
2015-92 Use-after-free in XMLHttpRequest with shared workers
2015-91 Mozilla Content Security Policy allows for asterisk wildcards in violation of CSP specification
2015-90 Vulnerabilities found through code inspection
2015-89 Buffer overflows on Libvpx when decoding WebM video
2015-88 Heap overflow in gdk-pixbuf when scaling bitmap images
2015-87 Crash when using shared memory in JavaScript
2015-86 Feed protocol with POST bypasses mixed content protections
2015-85 Out-of-bounds write with Updater and malicious MAR file
2015-84 Arbitrary file overwriting through Mozilla Maintenance Service with hard links
2015-83 Overflow issues in libstagefright
2015-82 Redefinition of non-configurable JavaScript object properties
2015-81 Use-after-free in MediaStream playback
2015-80 Out-of-bounds read with malformed MP3 file
2015-79 Miscellaneous memory safety hazards (rv:40.0 / rv:38.2)
Revision 1.220 / (download) - annotate - [select for diffs], Sun Aug 9 16:21:49 2015 UTC (8 years, 3 months ago) by he
Branch: MAIN
Changes since 1.219: +1 -2
lines
Diff to previous 1.219 (colored)
Hm, actually get rid of the PKGREVISION now that we bumped the version.
Revision 1.219 / (download) - annotate - [select for diffs], Sun Aug 9 16:20:39 2015 UTC (8 years, 3 months ago) by he
Branch: MAIN
Changes since 1.218: +2 -2
lines
Diff to previous 1.218 (colored)
Update to version 39.0.3. Fixes Mozilla Foundation Security Advisory 2015-78: Same origin violation and local file stealing via PDF reader * Fixes CVE-2015-4495 - It's possible to read local files or perform privilege escalation by using a native setter, bug 1178058. * Remove PlayPreview registration from PDF viewer, bug 1179262.
Revision 1.218 / (download) - annotate - [select for diffs], Thu Jul 16 22:05:31 2015 UTC (8 years, 4 months ago) by ryoon
Branch: MAIN
Changes since 1.217: +1 -4
lines
Diff to previous 1.217 (colored)
Recent firefox does not support external xulrunner build. Remove commented out lines.
Revision 1.217 / (download) - annotate - [select for diffs], Sun Jul 5 11:55:06 2015 UTC (8 years, 4 months ago) by martin
Branch: MAIN
Changes since 1.216: +2 -1
lines
Diff to previous 1.216 (colored)
Make WebGL work on NetBSD
Revision 1.216 / (download) - annotate - [select for diffs], Fri Jul 3 10:25:40 2015 UTC (8 years, 5 months ago) by ryoon
Branch: MAIN
Changes since 1.215: +3 -4
lines
Diff to previous 1.215 (colored)
Update to 39.0
Changelog:
New Share Hello URLs with social networks
New Project Silk: Smoother animation and scrolling (Mac OS X)
New Support for 'switch' role in ARIA 1.1 (web accessibility)
New SafeBrowsing malware detection lookups enabled for downloads (Mac OS X and Linux)
New Support for new Unicode 8.0 skin tone emoji
Changed Removed support for insecure SSLv3 for network communications
Changed Disable use of RC4 except for temporarily whitelisted hosts
Changed The malware detection service for downloads now covers common Mac file types (Bug 1138721)
Changed of displaying dashed lines is improved (Mac OS X) (Bug 1123019)
HTML5 List-style-type now accepts a string value
HTML5 Enable the Fetch API for network requests from dedicated, shared and service workers
HTML5 Cascading of CSS transitions and animations now matches the current spec
HTML5 Implement <link rel="preconnect">allowing anticipation of a future connection without revealing any information
HTML5 Added support for CSS Scroll Snap Points
Developer Drag and drop enabled for nodes in Inspector markup view
Developer Webconsole input history persists even after closing the toolbox
Developer Cubic bezier tooltip now shows a gallery of timing-function presets for use with CSS animations
Developer localhost is now available offline for WebSocket connections
Fixed Improve performance for IPv6 fallback to IPv4
Fixed Fix incomplete downloads being marked as complete by detecting broken HTTP1.1 transfers
Fixed The Security state indicator on a page now correctly ignores loads caused by previous pages
Fixed Fixed an issue where a Hello conversation window would sometimes fail to open
Fixed A regression that could lead to Flash not displaying has been fixed
Fixed Update to NSS 3.19.2
Fixed Various security fixes
Fixed in Firefox 39
2015-71 NSS incorrectly permits skipping of ServerKeyExchange
2015-70 NSS accepts export-length DHE keys with regular DHE cipher suites
2015-69 Privilege escalation in PDF.js
2015-68 OS X crash reports may contain entered key press information
2015-67 Key pinning is ignored when overridable errors are encountered
2015-66 Vulnerabilities found through code inspection
2015-65 Use-after-free in workers while using XMLHttpRequest
2015-64 ECDSA signature validation fails to handle some signatures correctly
2015-63 Use-after-free in Content Policy due to microtask execution error
2015-62 Out-of-bound read while computing an oscillator rendering range in Web Audio
2015-61 Type confusion in Indexed Database Manager
2015-60 Local files or privileged URLs in pages can be opened into new tabs
2015-59 Miscellaneous memory safety hazards (rv:39.0 / rv:31.8 / rv:38.1)
Revision 1.215 / (download) - annotate - [select for diffs], Tue Jun 30 09:57:42 2015 UTC (8 years, 5 months ago) by ryoon
Branch: MAIN
Changes since 1.214: +2 -1
lines
Diff to previous 1.214 (colored)
Recursive revbump from pkgsrc/multimedia/libvpx.
Revision 1.214 / (download) - annotate - [select for diffs], Wed Jun 3 03:22:31 2015 UTC (8 years, 6 months ago) by ryoon
Branch: MAIN
CVS Tags: pkgsrc-2015Q2-base,
pkgsrc-2015Q2
Changes since 1.213: +2 -2
lines
Diff to previous 1.213 (colored)
Update to 38.0.5 Changelog: New: Keep track of articles and videos with Pocket New: Clean formatting for articles and blog posts with Reader View New: Share the active tab or window in a Hello conversation Fixed: A race condition that would cause Firefox to stop painting when switching tabs (bug 1067470) Fixed: Fixed graphics performance when using the built-in VGA driver on Windows 7 (Bug 1165732)
Revision 1.213 / (download) - annotate - [select for diffs], Fri May 15 10:36:13 2015 UTC (8 years, 6 months ago) by ryoon
Branch: MAIN
Changes since 1.212: +2 -3
lines
Diff to previous 1.212 (colored)
Update to 38.0.1 Changelog: Fixed Systems with first generation NVidia Optimus graphics cards may crash on start-up Fixed Users who import cookies from Google Chrome can end up with broken websites Fixed WebRTC H264 video streams from CiscoSpark native clients are not decoded correctly. (Fixed in Firefox ESR 38.0.1; was already fixed in Firefox 38.0) Fixed Large animated images may fail to play and may stop other images from loading
Revision 1.212 / (download) - annotate - [select for diffs], Thu May 14 15:28:04 2015 UTC (8 years, 6 months ago) by bad
Branch: MAIN
Changes since 1.211: +2 -1
lines
Diff to previous 1.211 (colored)
GCC 4.6 doesn't cut the mustard anymore. Require 4.8 as that is the best supported version on NetBSD. PKGREVISION++
Revision 1.211 / (download) - annotate - [select for diffs], Tue May 12 22:48:54 2015 UTC (8 years, 6 months ago) by ryoon
Branch: MAIN
Changes since 1.210: +3 -4
lines
Diff to previous 1.210 (colored)
Update to 38.0
Changelog:
New New tab-based preferences
New Ruby annotation support
New Base for the next ESR release.
Changed autocomplete=off is no longer supported for username/password fields
Changed URL parser avoids doing percent encoding when setting the Fragment part of the URL, and percent decoding when getting the Fragment in line with the URL spec
Changed RegExp.prototype.source now returns "(?:)" instead of the empty string for empty regular expressions
Changed Improved page load times via speculative connection warmup
HTML5 WebSocket now available in Web Workers
HTML5 BroadcastChannel API implemented
HTML5 Implemented srcset attribute and <picture> element for responsive images
HTML5 Implemented DOM3 Events KeyboardEvent.code
HTML5 Mac OS X: Implemented a subset of the Media Source Extensions (MSE) API to allow native HTML5 playback on YouTube
HTML5 Implemented Encrypted Media Extensions (EME) API to support encrypted HTML5 video/audio playback (Windows Vista or later only)
HTML5 Automatically download Adobe Primetime Content Decryption Module (CDM) for DRM playback through EME (Windows Vista or later only)
Developer Optimized-out variables are now visible in Debugger UI
Developer XMLHttpRequest logs in the web console are now visually labelled and can be filtered separately from regular network requests
Developer WebRTC now has multistream and renegotiation support
Developer copy command added to console
Fixed Various security fixes
Fixed in Firefox 38
2015-58 Mozilla Windows updater can be run outside of application directory
2015-57 Privilege escalation through IPC channel messages
2015-56 Untrusted site hosting trusted page can intercept webchannel responses
2015-55 Buffer overflow and out-of-bounds read while parsing MP4 video metadata
2015-54 Buffer overflow when parsing compressed XML
2015-53 Use-after-free due to Media Decoder Thread creation during shutdown
2015-52 Sensitive URL encoded information written to Android logcat
2015-51 Use-after-free during text processing with vertical text enabled
2015-50 Out-of-bounds read and write in asm.js validation
2015-49 Referrer policy ignored when links opened by middle-click and context menu
2015-48 Buffer overflow with SVG content and CSS
2015-47 Buffer overflow parsing H.264 video with Linux Gstreamer
2015-46 Miscellaneous memory safety hazards (rv:38.0 / rv:31.7)
Revision 1.210 / (download) - annotate - [select for diffs], Sat Apr 25 14:25:01 2015 UTC (8 years, 7 months ago) by tnn
Branch: MAIN
Changes since 1.209: +2 -1
lines
Diff to previous 1.209 (colored)
Recursive revbump following MesaLib update, categories p through x.
Revision 1.209 / (download) - annotate - [select for diffs], Tue Apr 21 11:27:23 2015 UTC (8 years, 7 months ago) by ryoon
Branch: MAIN
Changes since 1.208: +2 -3
lines
Diff to previous 1.208 (colored)
Update to 37.0.2 Changelog: Fixed Request Desktop Site feature does not work as expected
Revision 1.208 / (download) - annotate - [select for diffs], Sun Apr 12 06:24:32 2015 UTC (8 years, 7 months ago) by martin
Branch: MAIN
Changes since 1.207: +2 -2
lines
Diff to previous 1.207 (colored)
Workaround for Bug 1152776 (apparently only affecting architectures w/o real JIT support). Better fix upstream in all newer branches already.
Revision 1.207 / (download) - annotate - [select for diffs], Fri Apr 10 05:40:36 2015 UTC (8 years, 7 months ago) by martin
Branch: MAIN
Changes since 1.206: +2 -1
lines
Diff to previous 1.206 (colored)
Avoid a crash on alignment critical architectures
Revision 1.206 / (download) - annotate - [select for diffs], Mon Apr 6 10:50:50 2015 UTC (8 years, 7 months ago) by tron
Branch: MAIN
Changes since 1.205: +2 -3
lines
Diff to previous 1.205 (colored)
Update "firefox" package to version 37.0.1. Changes since version 37.0: - Disabled HTTP/2 AltSvc - Start-up crash due to graphics hardware and third party software - Various security fixes
Revision 1.205 / (download) - annotate - [select for diffs], Mon Apr 6 08:17:39 2015 UTC (8 years, 7 months ago) by adam
Branch: MAIN
Changes since 1.204: +2 -1
lines
Diff to previous 1.204 (colored)
Revbump after updating textproc/icu
Revision 1.204 / (download) - annotate - [select for diffs], Sun Apr 5 12:54:11 2015 UTC (8 years, 7 months ago) by ryoon
Branch: MAIN
Changes since 1.203: +3 -4
lines
Diff to previous 1.203 (colored)
Update to 37.0
* Bump nspr requirement.
Changelog:
New Heartbeat user rating system - your feedback about Firefox
New Yandex set as default search provider for the Turkish locale
New Bing search now uses HTTPS for secure searching
New Improved protection against site impersonation via OneCRL centralized certificate revocation
New Opportunistically encrypt HTTP traffic where the server supports HTTP/2 AltSvc
Changed Disabled insecure TLS version fallback for site security
Changed Extended SSL error reporting for reporting non-certificate errors
Changed TLS False Start optimization now requires a cipher suite using AEAD construction
Changed Improved certificate and TLS communication security by removing support for DSA
Changed Improved performance of WebGL rendering on Windows
HTML5 Implemented a subset of the Media Source Extensions (MSE) API to allow native HTML5 playback on YouTube (Windows only)
HTML5 Added support for CSS display:contents
HTML5 IndexedDB now accessible from worker threads
HTML5 New SDP/JSEP implementation in WebRTC
Developer Debug tabs opened in Chrome Desktop, Chrome for Android, and Safari for iOS
Developer New Inspector animations panel to control element animations
Developer New Security Panel included in Network Panel
Developer Debugger panel support for chrome:// and about:// URIs
Developer Added logging of weak ciphers to the web console
Fixed Various security fixes
Fixed in Firefox 37
2015-42 Windows can retain access to privileged content on navigation to unprivileged pages
2015-41 PRNG weakness allows for DNS poisoning on Android
2015-40 Same-origin bypass through anchor navigation
2015-39 Use-after-free due to type confusion flaws
2015-38 Memory corruption crashes in Off Main Thread Compositing
2015-37 CORS requests should not follow 30x redirections after preflight
2015-36 Incorrect memory management for simple-type arrays in WebRTC
2015-35 Cursor clickjacking with flash and images
2015-34 Out of bounds read in QCMS library
2015-33 resource:// documents can load privileged pages
2015-32 Add-on lightweight theme installation approval bypassed through MITM attack
2015-31 Use-after-free when using the Fluendo MP3 GStreamer plugin
2015-30 Miscellaneous memory safety hazards (rv:37.0 / rv:31.6)
Revision 1.203 / (download) - annotate - [select for diffs], Tue Mar 31 10:59:43 2015 UTC (8 years, 8 months ago) by martin
Branch: MAIN
CVS Tags: pkgsrc-2015Q1-base,
pkgsrc-2015Q1
Changes since 1.202: +2 -1
lines
Diff to previous 1.202 (colored)
Avoid another crash on big endian 64 bit platforms
Revision 1.202 / (download) - annotate - [select for diffs], Sun Mar 22 00:21:16 2015 UTC (8 years, 8 months ago) by ryoon
Branch: MAIN
Changes since 1.201: +2 -2
lines
Diff to previous 1.201 (colored)
Update to 36.0.4
Changelog:
Fixed 36.0.4: Security fixes for issues disclosed at HP Zero Day Initiative's Pwn2Own contest
Fixed in Firefox 36.0.4
2015-28 Privilege escalation through SVG navigation
Fixed in Firefox 36.0.3
2015-29 Code execution through incorrect JavaScript bounds checking elimination
Revision 1.201 / (download) - annotate - [select for diffs], Sat Mar 21 06:13:16 2015 UTC (8 years, 8 months ago) by ryoon
Branch: MAIN
Changes since 1.200: +2 -3
lines
Diff to previous 1.200 (colored)
Update to 36.0.3 Changelog: Fixed 36.0.3: Security fixes for issues disclosed at HP Zero Day Initiative's Pwn2Own contest
Revision 1.200 / (download) - annotate - [select for diffs], Fri Mar 20 10:13:57 2015 UTC (8 years, 8 months ago) by martin
Branch: MAIN
Changes since 1.199: +2 -1
lines
Diff to previous 1.199 (colored)
Make it build & work on sparc64 again
Revision 1.199 / (download) - annotate - [select for diffs], Wed Mar 11 00:22:27 2015 UTC (8 years, 8 months ago) by ryoon
Branch: MAIN
Changes since 1.198: +2 -5
lines
Diff to previous 1.198 (colored)
Update to 36.0.1
Changelog:
Fixed 36.0.1 - Disable the usage of the ANY DNS query type (1093983)
Fixed 36.0.1 - Fixed a startup crash with EMET (1137050)
Fixed 36.0.1 - Hello may become inactive until restart (1137469)
Fixed 36.0.1 - Print preferences may not be preserved (1136855)
Fixed 36.0.1 - Hello contact tabs may not be visible (1137141)
Fixed 36.0.1 - Accept hostnames that include an underscore character ("_") (1136616)
Fixed 36.0.1 - WebGL may use significant memory with Canvas2d (1137251)
Fixed 36.0.1 - Option -remote has been restored (1080319)
Fixed 36.0.1 - Fix a top crash
Revision 1.198 / (download) - annotate - [select for diffs], Thu Mar 5 13:29:41 2015 UTC (8 years, 8 months ago) by ryoon
Branch: MAIN
Changes since 1.197: +2 -1
lines
Diff to previous 1.197 (colored)
Bump PKGREVISION. * Fix segfault under NetBSD/i386 6. From tsutsui@. Thank you.
Revision 1.197 / (download) - annotate - [select for diffs], Sat Feb 28 22:17:59 2015 UTC (8 years, 9 months ago) by ryoon
Branch: MAIN
Changes since 1.196: +3 -1
lines
Diff to previous 1.196 (colored)
Use DIST_SUBDIR for new tarball. Thank you, wiz@.
Revision 1.196 / (download) - annotate - [select for diffs], Sat Feb 28 04:30:55 2015 UTC (8 years, 9 months ago) by ryoon
Branch: MAIN
Changes since 1.195: +3 -4
lines
Diff to previous 1.195 (colored)
Update to 36.0
Changelog:
New Pinned tiles on the new tab page can be synced
New Support for the full HTTP/2 protocol. HTTP/2 enables a faster, more scalable, and more responsive web.
New Locale added: Uzbek (uz)
Changed -remote option removed
Changed No longer accept insecure RC4 ciphers whenever possible
Changed Phasing out Certificates with 1024-bit RSA Keys
Changed Shut down hangs will now show the crash reporter before exiting the program
Changed Add-on Compatibility
HTML5 Support for the ECMAScript 6 Symbol data type added
HTML5 unicode-range CSS descriptor implemented
HTML5 CSSOM-View scroll behavior implemented allowing smooth scrolling of content without custom libraries
HTML5 object-fit and object-position implemented.
Defines how and where the content of a replaced element is displayed
HTML5 isolation CSS property implemented.
Create a new stacking context to isolate groups of boxes to control which blend together
HTML5 CSS3 will-change property implemented.
Hints the browser of elements that will be modified. The browser will perform some performance optimization for these
HTML5 Changed JavaScript 'const' semantics to conform better to the ES6 specification.
The const declaration is now block-scoped and requires an initializer. It also can not be redeclared anymore.
HTML5 Improved ES6 generators for better performance
Developer Eval sources now appear in the Debugger
Debug JavaScript code that is evaluated dynamically, either as a string passed to eval() or as a string passed to the Function constructor
Developer DOM Promises inspection
Developer Inspector: More paste options in markup view
Fixed CSS gradients work on premultiplied colors
Fixed Fix some unexpected logout from Facebook or Google after restart
Fixed Various security fixes
Fixed in Firefox 36
2015-27 Caja Compiler JavaScript sandbox bypass
2015-26 UI Tour whitelisted sites in background tab can spoof foreground tabs
2015-25 Local files or privileged URLs in pages can be opened into new tabs
2015-24 Reading of local files through manipulation of form autocomplete
2015-23 Use-after-free in Developer Console date with OpenType Sanitiser
2015-22 Crash using DrawTarget in Cairo graphics library
2015-21 Buffer underflow during MP3 playback
2015-20 Buffer overflow during CSS restyling
2015-19 Out-of-bounds read and write while rendering SVG content
2015-18 Double-free when using non-default memory allocators with a zero-length XHR
2015-17 Buffer overflow in libstagefright during MP4 video playback
2015-16 Use-after-free in IndexedDB
2015-15 TLS TURN and STUN connections silently fail to simple TCP connections
2015-14 Malicious WebGL content crash when writing strings
2015-13 Appended period to hostnames can bypass HPKP and HSTS protections
2015-12 Invoking Mozilla updater will load locally stored DLL files
2015-11 Miscellaneous memory safety hazards (rv:36.0 / rv:31.5)
Revision 1.195 / (download) - annotate - [select for diffs], Sat Feb 21 23:35:42 2015 UTC (8 years, 9 months ago) by ryoon
Branch: MAIN
Changes since 1.194: +2 -2
lines
Diff to previous 1.194 (colored)
Recursive revbump from audio/pulseaudio.
Revision 1.194 / (download) - annotate - [select for diffs], Mon Feb 16 16:16:16 2015 UTC (8 years, 9 months ago) by bad
Branch: MAIN
Changes since 1.193: +2 -2
lines
Diff to previous 1.193 (colored)
Re-enable -Werror=char-subscripts and fix the fallout in the code. Per discussion with ryoon@. Bump PKGREVISION for this and the previous two commits.
Revision 1.193 / (download) - annotate - [select for diffs], Sat Feb 14 07:59:24 2015 UTC (8 years, 9 months ago) by martin
Branch: MAIN
Changes since 1.192: +2 -2
lines
Diff to previous 1.192 (colored)
Another try at proper alignment fixes for http2 sessions
Revision 1.192 / (download) - annotate - [select for diffs], Thu Feb 12 13:50:22 2015 UTC (8 years, 9 months ago) by wiz
Branch: MAIN
Changes since 1.191: +2 -2
lines
Diff to previous 1.191 (colored)
Remove a patch, since it causes fallout. Requested by martin (the patch author). Bump PKGREVISION.
Revision 1.191 / (download) - annotate - [select for diffs], Sun Feb 8 09:36:31 2015 UTC (8 years, 9 months ago) by martin
Branch: MAIN
Changes since 1.190: +2 -2
lines
Diff to previous 1.190 (colored)
Make it work on strict alignment architectures again.
Revision 1.190 / (download) - annotate - [select for diffs], Fri Jan 30 15:19:59 2015 UTC (8 years, 10 months ago) by ryoon
Branch: MAIN
Changes since 1.189: +2 -1
lines
Diff to previous 1.189 (colored)
Bump PKGREVISION. * Fix merge mistake.
Revision 1.189 / (download) - annotate - [select for diffs], Tue Jan 27 21:41:47 2015 UTC (8 years, 10 months ago) by ryoon
Branch: MAIN
Changes since 1.188: +2 -2
lines
Diff to previous 1.188 (colored)
Update to 35.0.1 Changelog: Fixed 35.0.1 - With the Enhanced Steam extension, Firefox could crash (1123732) Fixed 35.0.1 - Fix a potential startup crash (1122367) Fixed 35.0.1 - Kerberos authentication did not work with alias (1108971) Fixed 35.0.1 - SVG / CSS animation had a regression causing rendering issues on websites like openstreemap.org (1083079) Fixed 35.0.1 - On Godaddy webmail, Firefox could crash (1113121) Fixed 35.0.1 - document.baseURI did not get updated to document.location after base tag was removed from DOM for site with a CSP (1121857) Fixed 35.0.1 - With a Right-to-left (RTL) version of Firefox, the text selection could be broken (1104036) Fixed 35.0.1 - CSP had a change in behavior with regard to case sensitivity resources loading (1122445)
Revision 1.188 / (download) - annotate - [select for diffs], Fri Jan 16 22:42:09 2015 UTC (8 years, 10 months ago) by ryoon
Branch: MAIN
Changes since 1.187: +3 -3
lines
Diff to previous 1.187 (colored)
Update to 35.0
Changelog:
New Firefox Hello with new rooms-based conversations model
New New search UI improved and enabled for more locales
New Access the Firefox Marketplace from the Tools menu and optional toolbar button
New Built-in support for H264 (MP4) on Mac OS X Snow Leopard (10.6) and newer through native APIs
New Use tiled rendering on OS X
New Improved high quality image resizing performance
New Improved handling of dynamic styling changes to increase responsiveness
HTML5 Added support for the CSS Font Loading API
HTML5 Resource Timing API implemented
HTML5 CSS filters enabled by default
HTML5 Changed JavaScript 'let' semantics to conform better to the ES6 specification
Developer Support for inspecting ::before and ::after pseudo elements
Developer Computed view: Nodes matching the hovered selector are now highlighted
Developer Network Monitor: New request/response headers view (more info)
Developer Added support for the EXT_blend_minmax WebGL extension
Fixed Show DOM Properties context menu item in inspector
Fixed Reduced resource usage for scaled images
Fixed PDF.js updated to version 1.0.907
Fixed Non-HTTP(S) XHR now returns correct status code
Fixed Various security fixes
Security fixes:
2015-09 XrayWrapper bypass through DOM objects
2015-08 Delegated OCSP responder certificates failure with id-pkix-ocsp-nocheck extension
2015-07 Gecko Media Plugin sandbox escape
2015-06 Read-after-free in WebRTC
2015-05 Read of uninitialized memory in Web Audio
2015-04 Cookie injection through Proxy Authenticate responses
2015-03 sendBeacon requests lack an Origin header
2015-02 Uninitialized memory use during bitmap rendering
2015-01 Miscellaneous memory safety hazards (rv:35.0 / rv:31.4)
Revision 1.187 / (download) - annotate - [select for diffs], Mon Dec 1 18:11:14 2014 UTC (9 years ago) by ryoon
Branch: MAIN
CVS Tags: pkgsrc-2014Q4-base,
pkgsrc-2014Q4
Changes since 1.186: +3 -3
lines
Diff to previous 1.186 (colored)
Update to 34.0.5 Changelog: New Default search engine changed to Yahoo! for North America New Default search engine changed to Yandex for Belarusian, Kazakh, and Russian locales New Improved search bar (en-US only) New Firefox Hello real-time communication client New Easily switch themes/personas directly in the Customizing mode New Wikipedia search now uses HTTPS for secure searching (en-US only) New Implementation of HTTP/2 (draft14) and ALPN New Recover from a locked Firefox process in the "Firefox is already running" dialog on Windows Changed Disabled SSLv3 Changed Proprietary window.crypto properties/functions re-enabled (to be removed in Firefox 35) Changed Firefox signed by Apple OS X version 2 signature HTML5 ECMAScript 6 WeakSet Implemented HTML5 JavaScript Template Strings Implemented HTML5 CSS3 Font variants and features control (e.g. kerning) implemented HTML5 WebCrypto: RSA-OAEP, PBKDF2 and AES-KW support HTML5 WebCrypto: wrapKey and unwrapKey implemented HTML5 WebCrypto: Import/export of JWK-formatted keys HTML5 matches() DOM API implemented (formerly mozMatchesSelector()) HTML5 Performance.now() for workers implemented HTML5 WebCrypto: ECDH support Developer WebIDE: Create, edit, and test a new Web application from your browser Developer Highlight all nodes that match a given selector in the Style Editor and the Inspector's Rules panel Developer Improved User Interface of the Profiler Developer console.table function added to web console Fixed CSS transitions start correctly when started at the same time as changes to display, position, overflow, and similar properties Fixed Various security fixes 2014-89 Bad casting from the BasicThebesLayer to BasicContainerLayer 2014-88 Buffer overflow while parsing media content 2014-87 Use-after-free during HTML5 parsing 2014-86 CSP leaks redirect data via violation reports 2014-85 XMLHttpRequest crashes with some input streams 2014-84 XBL bindings accessible via improper CSS declarations 2014-83 Miscellaneous memory safety hazards (rv:34.0 / rv:31.3)
Revision 1.186 / (download) - annotate - [select for diffs], Thu Nov 20 15:01:47 2014 UTC (9 years ago) by wiz
Branch: MAIN
Changes since 1.185: +2 -2
lines
Diff to previous 1.185 (colored)
Remove duplicate space in COMMENT.
Revision 1.185 / (download) - annotate - [select for diffs], Tue Nov 18 15:33:14 2014 UTC (9 years ago) by tron
Branch: MAIN
Changes since 1.184: +2 -3
lines
Diff to previous 1.184 (colored)
Update "firefox" package to version 33.1.1. Changes since 33.1: - Fixed startup crash (1021265)
Revision 1.184 / (download) - annotate - [select for diffs], Sat Nov 15 22:04:59 2014 UTC (9 years ago) by szptvlfn
Branch: MAIN
Changes since 1.183: +2 -1
lines
Diff to previous 1.183 (colored)
firefox-33.1 has DuckDuckGo as a search option, so remove related patches.
Revision 1.183 / (download) - annotate - [select for diffs], Mon Nov 10 20:55:56 2014 UTC (9 years ago) by ryoon
Branch: MAIN
Changes since 1.182: +3 -3
lines
Diff to previous 1.182 (colored)
Update to 33.1 Changelog: New Forget Button added New Enhanced Tiles New Privacy tour introduced New Adding DuckDuckGo as a search option
Revision 1.182 / (download) - annotate - [select for diffs], Fri Nov 7 17:36:11 2014 UTC (9 years ago) by ryoon
Branch: MAIN
Changes since 1.181: +2 -3
lines
Diff to previous 1.181 (colored)
Update to 33.0.3 Changelog: Fixed 33.0.3: Blacklisted graphics drivers that were causing black screens with OMTC enabled (1093863) Fixed 33.0.3 Fix two startup crashes with some combination of hardware and drivers (1064107 and 1021265)
Revision 1.181 / (download) - annotate - [select for diffs], Thu Nov 6 13:56:32 2014 UTC (9 years ago) by ryoon
Branch: MAIN
Changes since 1.180: +2 -1
lines
Diff to previous 1.180 (colored)
Bump PKGREVISION * Build libmozjs.so shared library again. Thank you, joerg@.
Revision 1.180 / (download) - annotate - [select for diffs], Thu Oct 30 17:12:27 2014 UTC (9 years, 1 month ago) by ryoon
Branch: MAIN
Changes since 1.179: +2 -3
lines
Diff to previous 1.179 (colored)
Update to 33.0.2 Changelog: Fixed 33.0.2: Fix a startup crash with some combination of hardware and drivers
Revision 1.179 / (download) - annotate - [select for diffs], Wed Oct 29 22:12:35 2014 UTC (9 years, 1 month ago) by ryoon
Branch: MAIN
Changes since 1.178: +3 -2
lines
Diff to previous 1.178 (colored)
Bump PKGREVISION * Disable libmozjs.so to avoid WRKDIR reference error.
Revision 1.178 / (download) - annotate - [select for diffs], Tue Oct 28 17:26:56 2014 UTC (9 years, 1 month ago) by ryoon
Branch: MAIN
Changes since 1.177: +2 -2
lines
Diff to previous 1.177 (colored)
Update to 33.0.1 Changelog: Fixed 33.0.1: Firefox displays a black screen at start-up with certain graphics drivers
Revision 1.177 / (download) - annotate - [select for diffs], Wed Oct 15 13:07:07 2014 UTC (9 years, 1 month ago) by ryoon
Branch: MAIN
Changes since 1.176: +2 -3
lines
Diff to previous 1.176 (colored)
Update to 33.0 Changelog: New OpenH264 support (sandboxed) New Improved search experience through the location bar New Slimmer and faster JavaScript strings New Search suggestions on the Firefox Start (about:home) and new tab (about:newtab) pages New Windows: OMTC enabled by default New New CSP (Content Security Policy) backend New Support for connecting to HTTP proxy over HTTPS New Improved reliability of the session restoration New Azerbaijani [az] locale added Changed Proprietary window.crypto properties/functions removed Changed JSD (JavaScript Debugger Service) removed in favor of the Debugger interface HTML5 @counter-style rule from CSS3 Counter Styles specification implemented HTML5 DOMMatrix interface implemented Developer Cubic-bezier curves editor Developer Display which elements have listeners attached Developer New sidebar which displays a list of shortcuts to every @media rule in the current stylesheet Developer Paint flashing for browser content repaints Developer Editable @keyframes rules in the Rules section of the Inspector Developer CSS transform highlighter in the style-inspector Fixed Fix incomplete downloads being marked as complete by detecting broken HTTP1.1 transfers (237623) Fixed Various security fixes Fixed in Firefox 33 MFSA 2014-82 Accessing cross-origin objects via the Alarms API MFSA 2014-81 Inconsistent video sharing within iframe MFSA 2014-80 Key pinning bypasses MFSA 2014-79 Use-after-free interacting with text directionality MFSA 2014-78 Further uninitialized memory use during GIF MFSA 2014-77 Out-of-bounds write with WebM video MFSA 2014-76 Web Audio memory corruption issues with custom waveforms MFSA 2014-75 Buffer overflow during CSS manipulation MFSA 2014-74 Miscellaneous memory safety hazards (rv:33.0 / rv:31.2)
Revision 1.176 / (download) - annotate - [select for diffs], Tue Oct 7 16:47:37 2014 UTC (9 years, 1 month ago) by adam
Branch: MAIN
Changes since 1.175: +2 -1
lines
Diff to previous 1.175 (colored)
Revbump after updating libwebp and icu
Revision 1.175 / (download) - annotate - [select for diffs], Sun Oct 5 01:59:08 2014 UTC (9 years, 1 month ago) by ryoon
Branch: MAIN
Changes since 1.174: +2 -2
lines
Diff to previous 1.174 (colored)
Update to 32.0.3 Changelog: Fixed 32.0.3: New security fixes can be found here New New HTTP cache provides improved performance including crash recovery New Integration of generational garbage collection New Public key pinning support enabled New View historical use information for logins stored in password manager New Display the number of found items in the find toolbar New Easier back, forward, reload, and bookmarking through the context menu New Lower Sorbian [dsb] locale added Changed Removed and turned off trust bit for some 1024-bit root certificates Changed Performance improvements to Password Manager and Add-on Manager HTML5 drawFocusIfNeeded enabled by default HTML5 ECMAScript 6 built-in method Array#copyWithin implemented HTML5 CSS position:sticky enabled by default HTML5 mix-blend-mode enabled by default HTML5 New Array built-in: Array.from() HTML5 navigator.languages property and languagechange event implemented HTML5 Vibration API updated to latest W3C spec HTML5 CSS box-decoration-break replaces -moz-background-inline-policy HTML5 box-decoration-break enabled by default Developer HiDPI support in Developer Tools UI Developer Inspector button moved to the top left Developer Hidden nodes displayed differently in the markup-view Developer New Web Audio Editor Developer Code completion and inline documentation added to Scratchpad Fixed 32.0.2 - Corrupt installations cause Firefox to crash on update Fixed 32.0.1 - Stability issues for computers with multiple graphics cards Fixed 32.0.1 - Mixed content icon may be incorrectly displayed instead of lock icon for SSL sites Fixed 32.0.1 - WebRTC: setRemoteDescription() silently fails if no success callback is specified Fixed Various security fixes Fixed Mac OS X: cmd-L does not open a new window when no window is available Fixed Text Rendering Issues on Windows 7 with Platform Update KB2670838 (MSIE 10 Prerequisite) or on Windows 8.1 Security fixes: Fixed in Firefox 32.0.3 MFSA 2014-73 RSA Signature Forgery in NSS Fixed in Firefox 32 MFSA 2014-72 Use-after-free setting text directionality MFSA 2014-71 Profile directory file access through file: protocol MFSA 2014-70 Out-of-bounds read in Web Audio audio timeline MFSA 2014-69 Uninitialized memory use during GIF rendering MFSA 2014-68 Use-after-free during DOM interactions with SVG MFSA 2014-67 Miscellaneous memory safety hazards (rv:32.0 / rv:31.1 / rv:24.8)
Revision 1.174 / (download) - annotate - [select for diffs], Sat Jul 26 00:16:51 2014 UTC (9 years, 4 months ago) by ryoon
Branch: MAIN
CVS Tags: pkgsrc-2014Q3-base,
pkgsrc-2014Q3
Changes since 1.173: +2 -2
lines
Diff to previous 1.173 (colored)
Automatically include correct version number in COMMENT. Patch is provided from martin@. Thank you.
Revision 1.173 / (download) - annotate - [select for diffs], Thu Jul 24 14:57:12 2014 UTC (9 years, 4 months ago) by ryoon
Branch: MAIN
Changes since 1.172: +2 -3
lines
Diff to previous 1.172 (colored)
Update to 31.0
Changelog:
New
Add the search field to the new tab page
New
Support of Prefer:Safe http header for parental control (learn more)
New
mozilla::pkix as default certificate verifier (learn more)
New
Block malware from downloaded files (learn more)
New
Partial implementation of the OpenType MATH table (section 6.3.6) see documentation about mathematical fonts and the MathML Torture Test for details
New
audio/video .ogg and .pdf files handled by Firefox if no application specified (Windows only)
New
Upper Sorbian [hsb] locale added
Changed
Removal of the CAPS infrastructure for specifying site-specific permissions (via capability.policy.* preferences). Most notably, attempts to use this functionality to grant access to the clipboard will no longer work. The sole exception is the checkloaduri permission, which may still be used as before to allow sites to load file:// URIs.
HTML5
WebVTT implemented and enabled (learn more)
HTML5
CSS3 variables implemented (learn more)
Developer
Developer Tools: Add-on Debugger (learn more)
Developer
Developer Tools: Canvas Debugger (learn more)
Developer
New Array built-in: Array.prototype.fill() (learn more)
Developer
New Object built-in: Object.setPrototypeOf() (learn more)
Developer
CSP 1.1 nonce-source and hash-source enabled by default
Developer
Developer Tools: Eyedropper tool added to the color picker (learn more)
Developer
Developer Tools: Editable Box Model (learn more)
Developer
Developer Tools: Code Editor improvements (learn more)
Developer
Developer Tools: Console stack traces (learn more)
Developer
Developer Tools: Copy as cURL (learn more)
Developer
Developer Tools: Styled console logs (learn more)
Developer
navigator.sendBeacon enabled by default (learn more)
Developer
Dialogs spawned from the onbeforeunload event no longer block access to the rest of the browser
Fixed
Search for partially selected link text from context menu (985824)
Fixed
Various security fixes
Fixed in Firefox 31
MFSA 2014-66 IFRAME sandbox same-origin access through redirect
MFSA 2014-65 Certificate parsing broken by non-standard character encoding
MFSA 2014-64 Crash in Skia library when scaling high quality images
MFSA 2014-63 Use-after-free while when manipulating certificates in the trusted cache
MFSA 2014-62 Exploitable WebGL crash with Cesium JavaScript library
MFSA 2014-61 Use-after-free with FireOnStateChange event
MFSA 2014-60 Toolbar dialog customization event spoofing
MFSA 2014-59 Use-after-free in DirectWrite font handling
MFSA 2014-58 Use-after-free in Web Audio due to incorrect control message ordering
MFSA 2014-57 Buffer overflow during Web Audio buffering for playback
MFSA 2014-56 Miscellaneous memory safety hazards (rv:31.0 / rv:24.7)
Revision 1.172 / (download) - annotate - [select for diffs], Tue Jul 8 13:14:43 2014 UTC (9 years, 4 months ago) by ryoon
Branch: MAIN
Changes since 1.171: +2 -2
lines
Diff to previous 1.171 (colored)
Bump PKGREVISION of www/firefox and www/seamonkey * Use gstreamer 1.0 instead of gstreamer 0.10. Suggested by Ottavio Caruso.
Revision 1.171 / (download) - annotate - [select for diffs], Thu Jun 19 20:31:03 2014 UTC (9 years, 5 months ago) by martin
Branch: MAIN
CVS Tags: pkgsrc-2014Q2-base,
pkgsrc-2014Q2
Changes since 1.170: +3 -2
lines
Diff to previous 1.170 (colored)
Fix bugzilla ticket 1026499: generated C++ code does not obey alignement restrictions, make the code generator issue explicit alignment requests.
Revision 1.170 / (download) - annotate - [select for diffs], Wed Jun 11 00:40:59 2014 UTC (9 years, 5 months ago) by ryoon
Branch: MAIN
Changes since 1.169: +2 -3
lines
Diff to previous 1.169 (colored)
Update to 30.0
* debug build is broken
Changelog:
New
Sidebars button in browser chrome enables faster access to social, bookmark, & history sidebars
New
Mac OS X command-E sets find term to selected text
New
Support for GStreamer 1.0
Changed
Disallow calling WebIDL constructors as functions on the web
Developer
With the exception of those bundled inside an extension or ones that are whitelisted, plugins will no longer be activated by default (see blog post)
Developer
Fixes to box-shadow and other visual overflow (see bug 480888)
Developer
Mute and volume available per window when using WebAudio
Developer
background-blend-mode enabled by default
Developer
Use of line-height allowed for <input type="reset|button|submit">
Developer
ES6 array and generator comprehensions implemented (read docs for more details)
Developer
Error stack now contains column number
Developer
Support for alpha option in canvas context options (feature description)
Fixed
Ignore autocomplete="off" when offering to save passwords via the password manager (see 956906)
Fixed
TypedArrays don't support new named properties (see 695438)
Fixed
Various security fixes
Fixed in Firefox 30
MFSA 2014-54 Buffer overflow in Gamepad API
MFSA 2014-53 Buffer overflow in Web Audio Speex resampler
MFSA 2014-52 Use-after-free with SMIL Animation Controller
MFSA 2014-51 Use-after-free in Event Listener Manager
MFSA 2014-50 Clickjacking through cursor invisability after Flash interaction
MFSA 2014-49 Use-after-free and out of bounds issues found using Address Sanitizer
MFSA 2014-48 Miscellaneous memory safety hazards (rv:30.0 / rv:24.6)
Revision 1.169 / (download) - annotate - [select for diffs], Mon Jun 9 14:18:08 2014 UTC (9 years, 5 months ago) by ryoon
Branch: MAIN
Changes since 1.168: +2 -2
lines
Diff to previous 1.168 (colored)
Recursive revbump from pulseaudio-5.0
Revision 1.168 / (download) - annotate - [select for diffs], Mon Jun 2 02:31:55 2014 UTC (9 years, 6 months ago) by dholland
Branch: MAIN
Changes since 1.167: +2 -2
lines
Diff to previous 1.167 (colored)
Put the version numbers back in COMMENT as they were put in by explicit request a while back. (But use the current version.) PR 48845. I don't remember the PR number for the original request but it can be tracked down if necessary.
Revision 1.167 / (download) - annotate - [select for diffs], Thu May 29 23:37:57 2014 UTC (9 years, 6 months ago) by wiz
Branch: MAIN
Changes since 1.166: +2 -2
lines
Diff to previous 1.166 (colored)
Bump for perl-5.20.0. Do it for all packages that * mention perl, or * have a directory name starting with p5-*, or * depend on a package starting with p5- like last time, for 5.18, where this didn't lead to complaints. Let me know if you have any this time.
Revision 1.166 / (download) - annotate - [select for diffs], Thu May 29 14:03:58 2014 UTC (9 years, 6 months ago) by ryoon
Branch: MAIN
Changes since 1.165: +2 -2
lines
Diff to previous 1.165 (colored)
PR pkg/48845 Fix (remove) wrong version number in comments
Revision 1.165 / (download) - annotate - [select for diffs], Wed May 28 03:25:25 2014 UTC (9 years, 6 months ago) by pho
Branch: MAIN
Changes since 1.164: +3 -2
lines
Diff to previous 1.164 (colored)
PR pkg/48840: Fix PLIST on Cygwin and Darwin libmozglue is built and installed as a shared library on these platforms.
Revision 1.164 / (download) - annotate - [select for diffs], Tue May 13 11:06:00 2014 UTC (9 years, 6 months ago) by ryoon
Branch: MAIN
Changes since 1.163: +2 -3
lines
Diff to previous 1.163 (colored)
Update to 29.0.1 Changelog: Fixed 29.0.1 -pdf.js printing white page (1003707) Fixed 29.0.1 - Tabs not visible with dark themes under Windows 8.1 (907373) Fixed 29.0.1 - Session Restore failed with a corrupted sessionstore.js file (1001167) Fixed 29.0.1 - Seer disabled by default (1005958)
Revision 1.163 / (download) - annotate - [select for diffs], Mon May 5 00:52:10 2014 UTC (9 years, 7 months ago) by ryoon
Branch: MAIN
Changes since 1.162: +2 -1
lines
Diff to previous 1.162 (colored)
Recursive revbump from pixman, fix PR pkg/48777 And bump library requirements
Revision 1.162 / (download) - annotate - [select for diffs], Wed Apr 30 15:07:17 2014 UTC (9 years, 7 months ago) by ryoon
Branch: MAIN
Changes since 1.161: +2 -3
lines
Diff to previous 1.161 (colored)
Update to 29.0
* Restore html5 audio playback under NetBSD
Changelog:
New
Significant new customization mode makes it easy to personalize your Web experience to access the features you use the most (learn more)
New
A new, easy to access menu sits in the right hand corner of Firefox and includes popular browser controls
New
Sleek new tabs provide an overall smoother look and fade into the background when not active
New
An interactive onboarding tour to guide users through the new Firefox changes
New
The ability to set up Firefox Sync by creating a Firefox account (learn more)
New
Gamepad API finalized and enabled (learn more)
New
HTTPS used for Yahoo Searches performed in en-US locale
New
Malay [ma] locale added
Changed
Clicking on a W3C Web Notification will switch to the originating tab
Developer
'box-sizing' (dropping the -moz- prefix) implemented (learn more)
Developer
Console object available in Web Workers (learn more)
Developer
Promises enabled by default (learn more)
Developer
SharedWorker enabled by default
Developer
<input type="number"> implemented and enabled
Developer
<input type="color"> implemented and enabled
Developer
Enabled ECMAScript Internationalization API
Developer
Add-on bar has been removed, content moved to navigation bar
Developer
Implemented URLSearchParams from the URL specification (see MDN for details )
Fixed
Various security fixes
Fixed in Firefox 29
MFSA 2014-47 Debugger can bypass XrayWrappers with JavaScript
MFSA 2014-46 Use-after-free in nsHostResolve
MFSA 2014-45 Incorrect IDNA domain name matching for wildcard certificates
MFSA 2014-44 Use-after-free in imgLoader while resizing images
MFSA 2014-43 Cross-site scripting (XSS) using history navigations
MFSA 2014-42 Privilege escalation through Web Notification API
MFSA 2014-41 Out-of-bounds write in Cairo
MFSA 2014-40 Firefox for Android addressbar suppression
MFSA 2014-39 Use-after-free in the Text Track Manager for HTML video
MFSA 2014-38 Buffer overflow when using non-XBL object as XBL
MFSA 2014-37 Out of bounds read while decoding JPG images
MFSA 2014-36 Web Audio memory corruption issues
MFSA 2014-35 Privilege escalation through Mozilla Maintenance Service Installer
MFSA 2014-34 Miscellaneous memory safety hazards (rv:29.0 / rv:24.5)
Revision 1.156.2.1 / (download) - annotate - [select for diffs], Mon Apr 21 07:30:36 2014 UTC (9 years, 7 months ago) by tron
Branch: pkgsrc-2014Q1
Changes since 1.156: +2 -1
lines
Diff to previous 1.156 (colored) next main 1.157 (colored)
Pullup ticket #4381 - requested by ryoon www/firefox: bug fix Revisions pulled up: - www/firefox/Makefile 1.160 via patch - www/firefox/distinfo 1.137 via patch - www/firefox/patches/patch-browser_app_nsBrowserApp.cpp deleted --- Module Name: pkgsrc Committed By: ryoon Date: Sat Apr 19 23:16:39 UTC 2014 Modified Files: pkgsrc/www/firefox: Makefile distinfo Removed Files: pkgsrc/www/firefox/patches: patch-browser_app_nsBrowserApp.cpp Log Message: Bump PKGREVISION * Do not set plugin environmental variable
Revision 1.161 / (download) - annotate - [select for diffs], Sun Apr 20 02:27:53 2014 UTC (9 years, 7 months ago) by ryoon
Branch: MAIN
Changes since 1.160: +2 -2
lines
Diff to previous 1.160 (colored)
Recursive revbump from json-c 0.12 update
Revision 1.160 / (download) - annotate - [select for diffs], Sat Apr 19 23:16:39 2014 UTC (9 years, 7 months ago) by ryoon
Branch: MAIN
Changes since 1.159: +2 -2
lines
Diff to previous 1.159 (colored)
Bump PKGREVISION * Do not set plugin environmental variable
Revision 1.159 / (download) - annotate - [select for diffs], Wed Apr 16 11:22:04 2014 UTC (9 years, 7 months ago) by wiz
Branch: MAIN
Changes since 1.158: +2 -2
lines
Diff to previous 1.158 (colored)
Bump PKGREVISION for libatomic_ops PKGNAME change.
Revision 1.158 / (download) - annotate - [select for diffs], Thu Apr 10 07:33:59 2014 UTC (9 years, 7 months ago) by martin
Branch: MAIN
Changes since 1.157: +2 -2
lines
Diff to previous 1.157 (colored)
Make the custom memory allocator in the JS engine deal with sparc64 TOPDOWN_VM (already reported upstream).
Revision 1.157 / (download) - annotate - [select for diffs], Wed Apr 9 07:27:17 2014 UTC (9 years, 7 months ago) by obache
Branch: MAIN
Changes since 1.156: +2 -1
lines
Diff to previous 1.156 (colored)
recursive bump from icu shlib major bump.
Revision 1.156 / (download) - annotate - [select for diffs], Thu Mar 20 21:02:00 2014 UTC (9 years, 8 months ago) by ryoon
Branch: MAIN
CVS Tags: pkgsrc-2014Q1-base
Branch point for: pkgsrc-2014Q1
Changes since 1.155: +3 -4
lines
Diff to previous 1.155 (colored)
Update to 28.0 Changelog: NEW VP9 video decoding implemented NEW Mac OS X: Notification Center support for web notifications NEW Horizontal HTML5 audio/video volume control NEW Support for Opus in WebM CHANGED Now that spdy/3 is implemented support for spdy/2 has been removed and servers without spdy/3 will negotiate to http/1 without any penalty DEVELOPER Support for MathML 2.0 'mathvariant' attribute DEVELOPER Background thread hang reporting DEVELOPER Support for multi-line flexbox in layout FIXED Various security fixes Fixed in Firefox 28 MFSA 2014-32 Out-of-bounds write through TypedArrayObject after neutering MFSA 2014-31 Out-of-bounds read/write through neutering ArrayBuffer objects MFSA 2014-30 Use-after-free in TypeObject MFSA 2014-29 Privilege escalation using WebIDL-implemented APIs MFSA 2014-28 SVG filters information disclosure through feDisplacementMap MFSA 2014-27 Memory corruption in Cairo during PDF font rendering MFSA 2014-26 Information disclosure through polygon rendering in MathML MFSA 2014-25 Firefox OS DeviceStorageFile object vulnerable to relative path escape MFSA 2014-24 Android Crash Reporter open to manipulation MFSA 2014-23 Content Security Policy for data: documents not preserved by session restore MFSA 2014-22 WebGL content injection from one domain to rendering in another MFSA 2014-21 Local file access via Open Link in new tab MFSA 2014-20 onbeforeunload and Javascript navigation DOS MFSA 2014-19 Spoofing attack on WebRTC permission prompt MFSA 2014-18 crypto.generateCRMFRequest does not validate type of key MFSA 2014-17 Out of bounds read during WAV file decoding MFSA 2014-16 Files extracted during updates are not always read only MFSA 2014-15 Miscellaneous memory safety hazards (rv:28.0 / rv:24.4)
Revision 1.155 / (download) - annotate - [select for diffs], Wed Mar 12 23:41:33 2014 UTC (9 years, 8 months ago) by ryoon
Branch: MAIN
Changes since 1.154: +1 -3
lines
Diff to previous 1.154 (colored)
Move CHECK_PORTABILITY_SKIP
Revision 1.154 / (download) - annotate - [select for diffs], Fri Feb 21 16:17:47 2014 UTC (9 years, 9 months ago) by ryoon
Branch: MAIN
Changes since 1.153: +2 -1
lines
Diff to previous 1.153 (colored)
Bump PKGREVISION Fix SUBST string. From tsutsui@, thank you.
Revision 1.153 / (download) - annotate - [select for diffs], Thu Feb 20 13:19:03 2014 UTC (9 years, 9 months ago) by ryoon
Branch: MAIN
Changes since 1.152: +2 -3
lines
Diff to previous 1.152 (colored)
Update to 27.0.1 * Fix some syscall definitions in JavaScript are fixed. Thank you, tho@. Changelog: FIXED 27.0.1 - Fixed stability issues with Greasemonkey and other JS that used ClearTimeoutOrInterval FIXED 27.0.1 - JS math correctness issue (bug 941381
Revision 1.152 / (download) - annotate - [select for diffs], Wed Feb 12 23:18:44 2014 UTC (9 years, 9 months ago) by tron
Branch: MAIN
Changes since 1.151: +2 -1
lines
Diff to previous 1.151 (colored)
Recursive PKGREVISION bump for OpenSSL API version bump.
Revision 1.151 / (download) - annotate - [select for diffs], Sat Feb 8 09:36:00 2014 UTC (9 years, 9 months ago) by ryoon
Branch: MAIN
Changes since 1.150: +4 -4
lines
Diff to previous 1.150 (colored)
Update to 27.0 Changelog: NEW You can now run more than one service at a time with Firefox SocialAPI, allowing you to receive notifications, chat and more from multiple integrated services CHANGED Enabled TLS 1.1 (RFC 4346) and TLS 1.2 (RFC 5246) by default CHANGED Added support for SPDY 3.1 protocol DEVELOPER Ability to reset style sheets using 'all:unset' DEVELOPER You can now choose to deobfuscate javascript in the debugger (see 762761) DEVELOPER Added support for scrolled fieldsets (see 261037) DEVELOPER Implemented allow-popups directive for iframe sandbox, enabling increased security (see 766282) DEVELOPER CSS cursor keywords -moz-grab and -moz-grabbing have been unprefixed (see 880672) DEVELOPER Added support for ES6 generators in SpiderMonkey (see blog post) DEVELOPER Implemented support for mathematical function Math.hypot() in ES6 (see 896264) HTML5 Dashed line support on Canvas (see 768067) FIXED Get Azure/Skia content rendering working on Linux (see 740200) FIXED 27.0: Security fixes can be found here Fixed in Firefox 27 MFSA 2014-13 Inconsistent JavaScript handling of access to Window objects MFSA 2014-12 NSS ticket handling issues MFSA 2014-11 Crash when using web workers with asm.js MFSA 2014-10 Firefox default start page UI content invokable by script MFSA 2014-09 Cross-origin information leak through web workers MFSA 2014-08 Use-after-free with imgRequestProxy and image proccessing MFSA 2014-07 XSLT stylesheets treated as styles in Content Security Policy MFSA 2014-06 Profile path leaks to Android system log MFSA 2014-05 Information disclosure with *FromPoint on iframes MFSA 2014-04 Incorrect use of discarded images by RasterImage MFSA 2014-03 UI selection timeout missing on download prompts MFSA 2014-02 Clone protected content with XBL scopes MFSA 2014-01 Miscellaneous memory safety hazards (rv:27.0 / rv:24.3)
Revision 1.150 / (download) - annotate - [select for diffs], Wed Jan 1 11:52:37 2014 UTC (9 years, 11 months ago) by wiz
Branch: MAIN
Changes since 1.149: +2 -1
lines
Diff to previous 1.149 (colored)
Recursive PKGREVISION bump for libgcrypt-1.6.0 shlib major bump.
Revision 1.149 / (download) - annotate - [select for diffs], Mon Dec 30 00:24:07 2013 UTC (9 years, 11 months ago) by dholland
Branch: MAIN
CVS Tags: pkgsrc-2013Q4-base,
pkgsrc-2013Q4
Changes since 1.148: +2 -2
lines
Diff to previous 1.148 (colored)
Update the COMMENTs for the firefox packages to include the upstream version number, as suggested in PR 47418 a year ago. Also make sure the localization packages claim they belong to the right corresponding firefox packages, as a number of them were wrong.
Revision 1.148 / (download) - annotate - [select for diffs], Sun Dec 15 13:54:37 2013 UTC (9 years, 11 months ago) by ryoon
Branch: MAIN
Changes since 1.147: +6 -4
lines
Diff to previous 1.147 (colored)
Update to 26.0 * Build outside WRKSRC, fix build Changelog: NEW All Java plug-ins are defaulted to 'click to play' NEW Password manager now supports script-generated password fields NEW Updates can now be performed by Windows users without write permissions to Firefox install directory (requires Mozilla Maintenance Service) NEW Support for H.264 on Linux if the appropriate gstreamer plug-ins are installed CHANGED Support for MP3 decoding on Windows XP, completing MP3 support across Windows OS versions CHANGED CSP implementation now supports multiple policies, including the case of both an enforced and Report-Only policy, per the spec DEVELOPER Social API now supports Social Bookmarking for multiple providers through its SocialMarks functionality (see MDN docs) DEVELOPER Math.ToFloat32 takes a JS value and converts it to a Float32, whenever possible DEVELOPER There is no longer a prompt when websites use appcache DEVELOPER Support for the CSS image orientation property DEVELOPER New App Manager allows you to deploy and debug HTML5 webapps on Firefox OS phones and the Firefox OS Simulator DEVELOPER IndexedDB can now be used as a "optimistic" storage area so it doesn't require any prompts and data is stored in a pool with LRU eviction policy, in short temporary storage FIXED When displaying a standalone image, Firefox matches the EXIF orientation information contained within the JPEG image (298619) FIXED Text Rendering Issues on Windows 7 with Platform Update KB2670838 (MSIE 10 Prerequisite) or on Windows 8.1 (812695) FIXED Improved page load times due to no longer decoding images that aren't visible (847223) FIXED AudioToolbox MP3 backend for OSX (914479) FIXED Various security fixes Fixed in Firefox 26 MFSA 2013-117 Mis-issued ANSSI/DCSSI certificate MFSA 2013-116 JPEG information leak MFSA 2013-115 GetElementIC typed array stubs can be generated outside observed typesets MFSA 2013-114 Use-after-free in synthetic mouse movement MFSA 2013-113 Trust settings for built-in roots ignored during EV certificate validation MFSA 2013-112 Linux clipboard information disclosure though selection paste MFSA 2013-111 Segmentation violation when replacing ordered list elements MFSA 2013-110 Potential overflow in JavaScript binary search algorithms MFSA 2013-109 Use-after-free during Table Editing MFSA 2013-108 Use-after-free in event listeners MFSA 2013-107 Sandbox restrictions not applied to nested object elements MFSA 2013-106 Character encoding cross-origin XSS attack MFSA 2013-105 Application Installation doorhanger persists on navigation MFSA 2013-104 Miscellaneous memory safety hazards (rv:26.0 / rv:24.2)
Revision 1.147 / (download) - annotate - [select for diffs], Mon Nov 25 12:00:48 2013 UTC (10 years ago) by wiz
Branch: MAIN
Changes since 1.146: +2 -1
lines
Diff to previous 1.146 (colored)
PKGREVISION bump for json-c shlib rename.
Revision 1.146 / (download) - annotate - [select for diffs], Thu Nov 21 15:24:38 2013 UTC (10 years ago) by ryoon
Branch: MAIN
Changes since 1.145: +2 -3
lines
Diff to previous 1.145 (colored)
Update to 25.0.1 Changelog: FIXED 25.0.1: New security fixes can be found here FIXED 25.0.1: Pages sometimes wouldn't load without first moving the cursor Fixed in Firefox 25.0.1 MFSA 2013-103 Miscellaneous Network Security Services (NSS) vulnerabilities
Revision 1.145 / (download) - annotate - [select for diffs], Wed Nov 13 14:12:31 2013 UTC (10 years ago) by ryoon
Branch: MAIN
Changes since 1.144: +2 -2
lines
Diff to previous 1.144 (colored)
Fix PR pkg/48240 and bump PKGREVISION * Use *30 instead of *50. Restore session is recovered on NetBSD/amd64 5.2. Based on martin@'s patch on pkgsrc-users@.
Revision 1.144 / (download) - annotate - [select for diffs], Thu Nov 7 15:47:23 2013 UTC (10 years ago) by ryoon
Branch: MAIN
Changes since 1.143: +2 -2
lines
Diff to previous 1.143 (colored)
Fix PR pkg/48240 and bump PKGREVISION * Use __fstat50 etc instead of fstat on NetBSD. Based on martin@'s patch for firefox 27.0. Restore session is recovered on NetBSD/amd64.
Revision 1.143 / (download) - annotate - [select for diffs], Tue Nov 5 14:20:41 2013 UTC (10 years ago) by ryoon
Branch: MAIN
Changes since 1.142: +2 -1
lines
Diff to previous 1.142 (colored)
Bump PKGREVISION Fix cpuset(3) usage. The patch is from rmind@. Thank you.
Revision 1.142 / (download) - annotate - [select for diffs], Sat Nov 2 22:57:55 2013 UTC (10 years, 1 month ago) by ryoon
Branch: MAIN
Changes since 1.141: +7 -8
lines
Diff to previous 1.141 (colored)
Update to 25.0 * Enable pulseaudio by default, OSS support is dropped, and ALSA support on NetBSD does not work properly for me * Enable GStremer support for non-webm and non-theora video support * Create alsa option, and enabled on Linux by default Changelog: NEW Web Audio support NEW The find bar is no longer shared between tabs CHANGED If away from Firefox for months, you now will be offered the option to reset it to its default state while preserving your essential information CHANGED Resetting Firefox no longer clears your browsing session DEVELOPER CSS3 background-attachment:local support to control background scrolling DEVELOPER Many new ES6 functions implemented HTML5 iframe document content can now be specified inline FIXED Blank or missing page thumbnails when opening a new tab FIXED Security fixes can be found here Fixed in Firefox 25 MFSA 2013-102 Use-after-free in HTML document templates MFSA 2013-101 Memory corruption in workers MFSA 2013-100 Miscellaneous use-after-free issues found through ASAN fuzzing MFSA 2013-99 Security bypass of PDF.js checks using iframes MFSA 2013-98 Use-after-free when updating offline cache MFSA 2013-97 Writing to cycle collected object during image decoding MFSA 2013-96 Improperly initialized memory and overflows in some JavaScript functions MFSA 2013-95 Access violation with XSLT and uninitialized data MFSA 2013-94 Spoofing addressbar though SELECT element MFSA 2013-93 Miscellaneous memory safety hazards (rv:25.0 / rv:24.1 / rv:17.0.10)
Revision 1.141 / (download) - annotate - [select for diffs], Mon Oct 21 10:46:48 2013 UTC (10 years, 1 month ago) by wiz
Branch: MAIN
Changes since 1.140: +2 -2
lines
Diff to previous 1.140 (colored)
Bump PKGREVISION for icu shlib major bump.
Revision 1.140 / (download) - annotate - [select for diffs], Thu Oct 10 14:42:35 2013 UTC (10 years, 1 month ago) by ryoon
Branch: MAIN
Changes since 1.139: +2 -2
lines
Diff to previous 1.139 (colored)
Recursive revbump from pango-1.36.0
Revision 1.139 / (download) - annotate - [select for diffs], Wed Oct 9 17:39:18 2013 UTC (10 years, 1 month ago) by wiz
Branch: MAIN
Changes since 1.138: +2 -1
lines
Diff to previous 1.138 (colored)
recursive bump for libmng-2.0.2 shlib major bump and dependency change
Revision 1.138 / (download) - annotate - [select for diffs], Thu Sep 19 12:37:49 2013 UTC (10 years, 2 months ago) by ryoon
Branch: MAIN
CVS Tags: pkgsrc-2013Q3-base,
pkgsrc-2013Q3
Changes since 1.137: +15 -8
lines
Diff to previous 1.137 (colored)
Update to 24.0, ESR edition. * Merge some patches via FreeBSD ports. * Tested on NetBSD/amd64 6.99.23 and DragonFly/amd64 3.4.1. * Use system hunspell dictionaries. * DuckDuckGo search window. * Enable system icu support. Changelog: NEW Support for new scrollbar style in Mac OS X 10.7 and newer NEW Implemented Close tabs to the right NEW Social: Ability to tear-off chat windows to view separately by simply dragging them out CHANGED Accessibility related improvements on using pinned tabs (see 577727) CHANGED Removed support for Revocation Lists feature (see 867465) CHANGED Performance improvements on New Tab Page loads (see 791670) DEVELOPER Major SVG rendering improvements around Image tiling and scaling (see 600207 ) DEVELOPER Improved and unified Browser console for enhanced debugging experience, replacing existing Error console DEVELOPER Removed support for sherlock files that are loaded from application or profile directory FIXED Replace fixed-ratio audio resampler in webrtc.org capture code with Speex resampler and eliminate pseudo-44000Hz rate ( see 886886) FIXED 24.0: Security fixes can be found here Fixed in Firefox 24 MFSA 2013-92 GC hazard with default compartments and frame chain restoration MFSA 2013-91 User-defined properties on DOM proxies get the wrong "this" object MFSA 2013-90 Memory corruption involving scrolling MFSA 2013-89 Buffer overflow with multi-column, lists, and floats MFSA 2013-88 compartment mismatch re-attaching XBL-backed nodes MFSA 2013-87 Shared object library loading from writable location MFSA 2013-86 WebGL Information disclosure through OS X NVIDIA graphic drivers MFSA 2013-85 Uninitialized data in IonMonkey MFSA 2013-84 Same-origin bypass through symbolic links MFSA 2013-83 Mozilla Updater does not lock MAR file after signature verification MFSA 2013-82 Calling scope for new Javascript objects can lead to memory corruption MFSA 2013-81 Use-after-free with select element MFSA 2013-80 NativeKey continues handling key messages after widget is destroyed MFSA 2013-79 Use-after-free in Animation Manager during stylesheet cloning MFSA 2013-78 Integer overflow in ANGLE library MFSA 2013-77 Improper state in HTML5 Tree Builder with templates MFSA 2013-76 Miscellaneous memory safety hazards (rv:24.0 / rv:17.0.9)
Revision 1.137 / (download) - annotate - [select for diffs], Mon Sep 2 19:51:28 2013 UTC (10 years, 3 months ago) by adam
Branch: MAIN
Changes since 1.136: +2 -1
lines
Diff to previous 1.136 (colored)
Revbump after cairo update
Revision 1.136 / (download) - annotate - [select for diffs], Sat Aug 17 07:47:59 2013 UTC (10 years, 3 months ago) by ryoon
Branch: MAIN
Changes since 1.135: +2 -3
lines
Diff to previous 1.135 (colored)
Update to 23.0.1 Changelog: FIXED 23.0.1 - Rendering glitches on H.264 video only in FF23 on Vista (901944) FIXED 23.0.1 - Spellchecking broken with non-ASCII characters in profile path (902532) FIXED 23.0.1 - Audio static/"burble"/breakup in Firefox to Firefox WebRTC calls (901527)
Revision 1.135 / (download) - annotate - [select for diffs], Fri Aug 16 09:20:41 2013 UTC (10 years, 3 months ago) by obache
Branch: MAIN
Changes since 1.134: +2 -1
lines
Diff to previous 1.134 (colored)
revbump from libnotify bumped to 0.7 and dependency changed from libnotify07.
Revision 1.134 / (download) - annotate - [select for diffs], Wed Aug 7 12:17:54 2013 UTC (10 years, 3 months ago) by ryoon
Branch: MAIN
Changes since 1.133: +6 -6
lines
Diff to previous 1.133 (colored)
Update to 23.0
* Install SDK to firefox-sdk directory.
* Split multiple CONFIGURE_ARS's arguments.
* Enable libmozjs.so build.
Changelog:
NEW
Mixed content blocking enabled to protects users from man-in-the-middle attacks and eavesdroppers on HTTPS pages (learn more)
NEW
Options panel created for Web Developer Toolbox
CHANGED
"Enable JavaScript" preference checkbox has been removed and user-set values will be reset to the default
CHANGED
Updated Firefox Logo
CHANGED
Improved about:memory's functional UI
CHANGED
Simplified interface for notifications of plugin installation
CHANGED
Enabled DXVA2 on Windows Vista+ to accelerate H.264 video decoding
CHANGED
Users can now switch to a new search provider across the entire browser
CHANGED
CSP policies using the standard syntax and semantics will now be enforced
CHANGED
<input type='file'> rendering improvements (see bug 838675)
CHANGED
Replace fixed-ratio audio resampler in webrtc.org capture code with Speex resampler and eliminate pseudo-44000Hz rate
CHANGED
"Load images automatically" and Always show the tab bar" checkboxes removed from preferences and reset to defaults
DEVELOPER
HTML5 <input type="range"> form control implemented
DEVELOPER
Write more accessible pages on touch interfaces with new ARIA role for key buttons
DEVELOPER
Social share functionality
DEVELOPER
Added unprefixed requestAnimationFrame
DEVELOPER
Implemented a global browser console
DEVELOPER
Dropped blink effect from text-decoration: blink; and completely removed <blink> element
DEVELOPER
New feature in toolbox: Network Monitor
FIXED
Various security fixes
n Firefox 23
MFSA 2013-75 Local Java applets may read contents of local file system
MFSA 2013-74 Firefox full and stub installer DLL hijacking
MFSA 2013-73 Same-origin bypass with web workers and XMLHttpRequest
MFSA 2013-72 Wrong principal used for validating URI for some Javascript components
MFSA 2013-71 Further Privilege escalation through Mozilla Updater
MFSA 2013-70 Bypass of XrayWrappers using XBL Scopes
MFSA 2013-69 CRMF requests allow for code execution and XSS attacks
MFSA 2013-68 Document URI misrepresentation and masquerading
MFSA 2013-67 Crash during WAV audio file decoding
MFSA 2013-66 Buffer overflow in Mozilla Maintenance Service and Mozilla Updater
MFSA 2013-65 Buffer underflow when generating CRMF requests
MFSA 2013-64 Use after free mutating DOM during SetBody
MFSA 2013-63 Miscellaneous memory safety hazards (rv:23.0 / rv:17.0.8)
Revision 1.133 / (download) - annotate - [select for diffs], Wed Jul 17 11:00:13 2013 UTC (10 years, 4 months ago) by jperkin
Branch: MAIN
Changes since 1.132: +9 -1
lines
Diff to previous 1.132 (colored)
Add SunOS/x86 patchset. This produces a package, but the resulting firefox binary does not yet work correctly.
Revision 1.132 / (download) - annotate - [select for diffs], Wed Jun 26 11:32:12 2013 UTC (10 years, 5 months ago) by ryoon
Branch: MAIN
CVS Tags: pkgsrc-2013Q2-base,
pkgsrc-2013Q2
Changes since 1.131: +8 -4
lines
Diff to previous 1.131 (colored)
Update to 22.0
* On NetBSD WebRTC support is disabled, because libxul.so has some errors
in link stage. WebRTC support should be tested on non-NetBSD platforms.
* It seems that OSS sound support is not working properly on NetBSD.
Changelog:
NEW
WebRTC is now enabled by default!
NEW
Windows: Firefox now follows display scaling options to render text larger on high-res displays
NEW
Mac OS X: Download progress in Dock application icon
NEW
HTML5 audio/video playback rate can now be changed
NEW
Social services management implemented in Add-ons Manager
NEW
asm.js optimizations (OdinMonkey) enabled for major performance improvements
CHANGED
Improved WebGL rendering performance through asynchronous canvas updates
CHANGED
Plain text files displayed within Firefox will now word-wrap
CHANGED
For user security, the |Components| object is no longer accessible from web content
CHANGED
Pointer Lock API can now be used outside of fullscreen
DEVELOPER
CSS3 Flexbox implemented and enabled by default
DEVELOPER
New Web Notifications API implemented
DEVELOPER
Added clipboardData API for JavaScript access to a user's clipboard
DEVELOPER
New built-in font inspector
HTML5
New HTML5 <data> and <time> elements
FIXED
Various security fixes
FIXED
Scrolling using some high-resolution-scroll aware touchpads feels slow (829952)
Fixed in Firefox 22
MFSA 2013-62 Inaccessible updater can lead to local privilege escalation
MFSA 2013-61 Homograph domain spoofing in .com, .net and .name
MFSA 2013-60 getUserMedia permission dialog incorrectly displays location
MFSA 2013-59 XrayWrappers can be bypassed to run user defined methods in a privileged context
MFSA 2013-58 X-Frame-Options ignored when using server push with multi-part responses
MFSA 2013-57 Sandbox restrictions not applied to nested frame elements
MFSA 2013-56 PreserveWrapper has inconsistent behavior
MFSA 2013-55 SVG filters can lead to information disclosure
MFSA 2013-54 Data in the body of XHR HEAD requests leads to CSRF attacks
MFSA 2013-53 Execution of unmapped memory through onreadystatechange event
MFSA 2013-52 Arbitrary code execution within Profiler
MFSA 2013-51 Privileged content access and execution via XBL
MFSA 2013-50 Memory corruption found using Address Sanitizer
MFSA 2013-49 Miscellaneous memory safety hazards (rv:22.0 / rv:17.0.7)
Revision 1.131 / (download) - annotate - [select for diffs], Fri Jun 21 23:11:42 2013 UTC (10 years, 5 months ago) by ryoon
Branch: MAIN
Changes since 1.130: +2 -2
lines
Diff to previous 1.130 (colored)
Bump PKGREVISION. * Add NetBSD/sparc64 support from martin@. Almost all functionalities work fine, but https handling. * Enable system jpeg support. This is accidentally disabled.
Revision 1.130 / (download) - annotate - [select for diffs], Thu Jun 6 14:08:46 2013 UTC (10 years, 5 months ago) by ryoon
Branch: MAIN
Changes since 1.129: +2 -2
lines
Diff to previous 1.129 (colored)
Bump PKGREVISION from firefox/mozilla-commom.mk's change.
Revision 1.129 / (download) - annotate - [select for diffs], Thu Jun 6 12:55:11 2013 UTC (10 years, 5 months ago) by wiz
Branch: MAIN
Changes since 1.128: +2 -2
lines
Diff to previous 1.128 (colored)
Bump PKGREVISION for libXft changes for NetBSD native X support on NetBSD 6, requested by tron.
Revision 1.128 / (download) - annotate - [select for diffs], Tue Jun 4 22:17:15 2013 UTC (10 years, 5 months ago) by tron
Branch: MAIN
Changes since 1.127: +2 -2
lines
Diff to previous 1.127 (colored)
Try to fix the fallout caused by the fix for PR pkg/47882. Part 3: Recursively bump package revisions again after the "freetype2" and "fontconfig" handling was fixed.
Revision 1.127 / (download) - annotate - [select for diffs], Mon Jun 3 10:06:08 2013 UTC (10 years, 6 months ago) by wiz
Branch: MAIN
Changes since 1.126: +2 -2
lines
Diff to previous 1.126 (colored)
Bump freetype2 and fontconfig dependencies to current pkgsrc versions, to address issues with NetBSD-6(and earlier)'s fontconfig not being new enough for pango. While doing that, also bump freetype2 dependency to current pkgsrc version. Suggested by tron in PR 47882
Revision 1.126 / (download) - annotate - [select for diffs], Fri May 31 12:42:32 2013 UTC (10 years, 6 months ago) by wiz
Branch: MAIN
Changes since 1.125: +2 -2
lines
Diff to previous 1.125 (colored)
Bump all packages for perl-5.18, that a) refer 'perl' in their Makefile, or b) have a directory name of p5-*, or c) have any dependency on any p5-* package Like last time, where this caused no complaints.
Revision 1.125 / (download) - annotate - [select for diffs], Thu May 23 13:12:13 2013 UTC (10 years, 6 months ago) by ryoon
Branch: MAIN
Changes since 1.124: +14 -29
lines
Diff to previous 1.124 (colored)
Bump PKGREVISION. * Remove reference to devel/xulrunner. * Move some common files for firefox/xulrunner-21.0. * Move patches from devel/sulrunner. * Take MAINTAINERship.
Revision 1.124 / (download) - annotate - [select for diffs], Sun May 19 08:50:24 2013 UTC (10 years, 6 months ago) by ryoon
Branch: MAIN
Changes since 1.123: +34 -25
lines
Diff to previous 1.123 (colored)
Update to 21.0 * This release of firefox is built with internal xulrunner. Because separated (system) xulrunner has prefs and chrome load problem. * gnome option is broken in libnkmozgnomevfs.so build. Changelog: NEW The Social API now supports multiple providers NEW Enhanced three-state UI for Do Not Track (DNT) NEW Firefox will suggest how to improve your application startup time if needed NEW Preliminary implementation of Firefox Health Report CHANGED Ability to restore removed thumbnails on New Tab Page CHANGED CSS -moz-user-select:none selection changed to improve compatibility with -webkit-user-select:none (bug 816298) CHANGED Graphics related performance improvements (bug 809821) CHANGED Removed E4X support from Spidermonkey DEVELOPER Implemented Remote Profiling DEVELOPER Integrated add-on SDK loader and API libraries into Firefox HTML5 Added support for <main> element HTML5 Implemented scoped stylesheets HTML5 Added support for window.crypto.getRandomValues FIXED Some function keys may not work when pressed (833719) FIXED Browsing and Download history clearing needs unification to avoid confusion on clearing download history (847627) FIXED 21.0: Security fixes can be found here Fixed in Firefox 21 MFSA 2013-48 Memory corruption found using Address Sanitizer MFSA 2013-47 Uninitialized functions in DOMSVGZoomEvent MFSA 2013-46 Use-after-free with video and onresize event MFSA 2013-45 Mozilla Updater fails to update some Windows Registry entries MFSA 2013-44 Local privilege escalation through Mozilla Maintenance Service MFSA 2013-43 File input control has access to full path MFSA 2013-42 Privileged access for content level constructor MFSA 2013-41 Miscellaneous memory safety hazards (rv:21.0 / rv:17.0.6)
Revision 1.123 / (download) - annotate - [select for diffs], Fri Feb 22 14:54:01 2013 UTC (10 years, 9 months ago) by ryoon
Branch: MAIN
CVS Tags: pkgsrc-2013Q1-base,
pkgsrc-2013Q1
Changes since 1.122: +1 -2
lines
Diff to previous 1.122 (colored)
Update to 19.0 Sync with xulrunner-19.0.
Revision 1.122 / (download) - annotate - [select for diffs], Sat Feb 16 11:24:52 2013 UTC (10 years, 9 months ago) by wiz
Branch: MAIN
Changes since 1.121: +2 -1
lines
Diff to previous 1.121 (colored)
Recursive bump for png-1.6.
Revision 1.121 / (download) - annotate - [select for diffs], Sat Feb 9 11:10:36 2013 UTC (10 years, 9 months ago) by ryoon
Branch: MAIN
Changes since 1.120: +1 -2
lines
Diff to previous 1.120 (colored)
Reset PKGREVISION. I have forgotten this.
Revision 1.120 / (download) - annotate - [select for diffs], Wed Feb 6 23:24:00 2013 UTC (10 years, 9 months ago) by jperkin
Branch: MAIN
Changes since 1.119: +2 -2
lines
Diff to previous 1.119 (colored)
PKGREVISION bumps for the security/openssl 1.0.1d update.
Revision 1.119 / (download) - annotate - [select for diffs], Fri Feb 1 22:21:14 2013 UTC (10 years, 10 months ago) by wiz
Branch: MAIN
Changes since 1.118: +2 -2
lines
Diff to previous 1.118 (colored)
Reset MAINTAINER/OWNER (became observers)
Revision 1.118 / (download) - annotate - [select for diffs], Sat Jan 26 21:39:02 2013 UTC (10 years, 10 months ago) by adam
Branch: MAIN
Changes since 1.117: +2 -1
lines
Diff to previous 1.117 (colored)
Revbump after graphics/jpeg and textproc/icu
Revision 1.117 / (download) - annotate - [select for diffs], Sun Jan 20 11:17:58 2013 UTC (10 years, 10 months ago) by ryoon
Branch: MAIN
Changes since 1.116: +4 -4
lines
Diff to previous 1.116 (colored)
Sync with xulrunner 18.0.1.
Revision 1.116 / (download) - annotate - [select for diffs], Wed Nov 21 15:26:50 2012 UTC (11 years ago) by ryoon
Branch: MAIN
CVS Tags: pkgsrc-2012Q4-base,
pkgsrc-2012Q4
Changes since 1.115: +4 -5
lines
Diff to previous 1.115 (colored)
Update to 17.0
* Add --enable-pulseaudio configure option (functionality is not tested)
Changelog:
NEW
First revision of the Social API and support for Facebook Messenger
NEW
Click-to-play blocklisting implemented to prevent vulnerable plugin versions from running without the user's permission (see blog post)
CHANGED
Updated Awesome Bar experience with larger icons
CHANGED
Mac OS X 10.5 is no longer supported
DEVELOPER
JavaScript Maps and Sets are now iterable
DEVELOPER
SVG FillPaint and StrokePaint implemented
DEVELOPER
Improvements that make the Web Console, Debugger and Developer Toolbar faster and easier to use
DEVELOPER
New Markup panel in the Page Inspector allows easy editing of the DOM
HTML5
Sandbox attribute for iframes implemented, enabling increased security
FIXED
Over twenty performance improvements, including fixes around the New Tab page
FIXED
Pointer lock doesn't work in web apps (769150)
FIXED
Page scrolling on sites with fixed headers (780345)
Revision 1.115 / (download) - annotate - [select for diffs], Sat Nov 17 10:57:49 2012 UTC (11 years ago) by ryoon
Branch: MAIN
Changes since 1.114: +2 -1
lines
Diff to previous 1.114 (colored)
Bump PKGREVISION Fix PR/47201 Fix _res is not supported for multi-threaded programs. error. Patch is provided by Martin Husemann in http://mail-index.netbsd.org/current-users/2012/11/12/msg021470.html . And tested by Patrick Welche and me.
Revision 1.114 / (download) - annotate - [select for diffs], Fri Oct 12 18:27:21 2012 UTC (11 years, 1 month ago) by ryoon
Branch: MAIN
Changes since 1.113: +2 -3
lines
Diff to previous 1.113 (colored)
Update to 16.0.1
Changelog:
FIXED
16.0.1: Vulnerability outlined here
https://blog.mozilla.org/security/2012/10/10/security-vulnerability-in-firefox-16/
NEW
Firefox on Mac OS X now has preliminary VoiceOver support turned on by default
NEW
Initial web app support (Windows/Mac/Linux)
NEW
Acholi and Kazakh localizations added
CHANGED
Improvements around JavaScript responsiveness through incremental garbage collection
DEVELOPER
New Developer Toolbar with buttons for quick access to tools, error count for the Web Console, and a new command line for quick keyboard access
DEVELOPER
CSS3 Animations, Transitions, Transforms and Gradients unprefixed in Firefox 16
DEVELOPER
Recently opened files list in Scratchpad implemented
FIXED
16.0.1: Vulnerability outlined here
https://blog.mozilla.org/security/2012/10/10/security-vulnerability-in-firefox-16/
FIXED
Debugger breakpoints do not catch on page reload (783393)
FIXED
No longer supporting MD5 as a hash algorithm in digital signatures (650355)
FIXED
Opus support by default (772341)
FIXED
Reverse animation direction has been implemented (655920)
FIXED
Per tab reporting in about:memory (687724)
FIXED
User Agent strings for pre-release Firefox versions now show only major version (728831)
Revision 1.113 / (download) - annotate - [select for diffs], Mon Oct 8 23:02:32 2012 UTC (11 years, 1 month ago) by adam
Branch: MAIN
Changes since 1.112: +2 -2
lines
Diff to previous 1.112 (colored)
Revbump after updating graphics/pango
Revision 1.111.2.1 / (download) - annotate - [select for diffs], Wed Oct 3 12:09:43 2012 UTC (11 years, 2 months ago) by spz
Branch: pkgsrc-2012Q3
Changes since 1.111: +2 -2
lines
Diff to previous 1.111 (colored) next main 1.112 (colored)
Pullup ticket #3927 - requested by tron graphics/cairo: build fix Revisions pulled up: - archivers/ark/Makefile 1.9 - archivers/file-roller/Makefile 1.121 - audio/albumplayer/Makefile 1.22 - audio/amarok-kde3/Makefile 1.28 - audio/amarok/Makefile 1.115 - audio/ario/Makefile 1.23 - audio/audacious-plugins/Makefile 1.34 - audio/audacious/Makefile 1.28 - audio/audacious/buildlink3.mk 1.20 - audio/audacity/Makefile 1.78 - audio/aumix-gtk/Makefile 1.18 - audio/bmp-esound/Makefile 1.30 - audio/bmp-flac/Makefile 1.13 - audio/bmp-mac/Makefile 1.19 - audio/bmp-musepack/Makefile 1.27 - audio/bmp-pulse/Makefile 1.17 - audio/bmp-scrobbler/Makefile 1.15 - audio/bmp/Makefile 1.49 - audio/bmp/buildlink3.mk 1.23 - audio/bmpx/Makefile 1.48 - audio/bsl/Makefile 1.17 - audio/buzztard/Makefile 1.21 - audio/easytag/Makefile 1.76 - audio/exaile/Makefile 1.34 - audio/gbemol/Makefile 1.18 - audio/gimmix/Makefile 1.24 - audio/gkrellm-volume/Makefile 1.41 - audio/glurp/Makefile 1.28 - audio/gmp3info/Makefile 1.40 - audio/gmpc-albumview/Makefile 1.12 - audio/gmpc-lastfm/Makefile 1.11 - audio/gmpc-lyrics/Makefile 1.12 - audio/gmpc-lyricwiki/Makefile 1.14 - audio/gmpc-magnatune/Makefile 1.16 - audio/gmpc-mdcover/Makefile 1.11 - audio/gmpc-tagedit/Makefile 1.12 - audio/gmpc/Makefile 1.53 - audio/gmpc/buildlink3.mk 1.17 - audio/gnome-vfs-cdda/Makefile 1.20 - audio/gqmpeg-devel/Makefile 1.39 - audio/gtick/Makefile 1.26 - audio/gtkpod/Makefile 1.46 - audio/hydrogen/Makefile 1.31 - audio/jack-rack/Makefile 1.25 - audio/libcanberra/Makefile 1.26 - audio/libcanberra/buildlink3.mk 1.16 - audio/libgpod/Makefile 1.29 - audio/libgpod/buildlink3.mk 1.15 - audio/liblastfm/Makefile 1.22 - audio/liblastfm/buildlink3.mk 1.14 - audio/libvisual-bmp/Makefile 1.31 - audio/libvisual-plugins/Makefile 1.35 - audio/libvisual0.2-plugins/Makefile 1.18 - audio/liteamp/Makefile 1.52 - audio/mp3diags/Makefile 1.29 - audio/mp3splt-gtk/Makefile 1.14 - audio/muse/Makefile 1.42 - audio/padevchooser/Makefile 1.23 - audio/paman/Makefile 1.19 - audio/paprefs/Makefile 1.20 - audio/pavucontrol/Makefile 1.22 - audio/pavumeter/Makefile 1.20 - audio/pulseaudio/Makefile 1.60 - audio/py-musique/Makefile 1.35 - audio/qjackctl/Makefile 1.20 - audio/rhythmbox/Makefile 1.98 - audio/sfxr/Makefile 1.13 - audio/snd/Makefile 1.70 - audio/solfege/Makefile 1.39 - audio/sonata/Makefile 1.30 - audio/sound-juicer/Makefile 1.55 - audio/streamtuner/Makefile 1.58 - audio/streamtuner/buildlink3.mk 1.27 - audio/sweep/Makefile 1.55 - audio/terminatorx/Makefile 1.32 - audio/timidity/Makefile 1.85 - audio/xfce4-mixer/Makefile 1.40 - audio/xfce4-xmms-plugin/Makefile 1.28 - audio/xfce4-xmms-plugin/buildlink3.mk 1.32 - biology/chemtool/Makefile 1.41 - biology/gnome-chemistry-utils/Makefile 1.14 - biology/openbabel/Makefile 1.10 - cad/boolean/Makefile 1.57 - cad/geda/Makefile 1.79 - cad/gerbv/Makefile 1.50 - cad/gsmc/Makefile 1.26 - cad/gtk2-wcalc/Makefile 1.18 - cad/gtkwave/Makefile 1.43 - cad/gwave/Makefile 1.47 - cad/librecad/Makefile 1.10 - cad/openscad/Makefile 1.13 - cad/pcb/Makefile 1.63 - cad/transcalc/Makefile 1.33 - chat/empathy/Makefile 1.42 - chat/empathy/buildlink3.mk 1.20 - chat/finch/Makefile 1.45 - chat/gajim/Makefile 1.15 - chat/gg2/Makefile 1.43 - chat/gnomeicu/Makefile 1.83 - chat/gossip/Makefile 1.79 - chat/konversation/Makefile 1.48 - chat/libpurple/Makefile 1.46 - chat/libpurple/buildlink3.mk 1.34 - chat/msn-pecan/Makefile 1.21 - chat/pidgin-facebookchat/Makefile 1.28 - chat/pidgin-icb/Makefile 1.24 - chat/pidgin-latex/Makefile 1.27 - chat/pidgin-libnotify/Makefile 1.20 - chat/pidgin-otr/Makefile 1.30 - chat/pidgin-sametime/Makefile 1.32 - chat/pidgin-silc/Makefile 1.35 - chat/pidgin/Makefile 1.45 - chat/pidgin/buildlink3.mk 1.31 - chat/psi/Makefile 1.69 - chat/spectrum/Makefile 1.23 - chat/telepathy-farsight/Makefile 1.26 - chat/telepathy-farsight/buildlink3.mk 1.20 - chat/telepathy-mission-control/Makefile 1.20 - chat/telepathy-mission-control/buildlink3.mk 1.15 - chat/xchat-systray-integration/Makefile 1.30 - chat/xchat/Makefile 1.79 - comms/asterisk10/Makefile 1.30 - comms/asterisk18/Makefile 1.48 - comms/efax-gtk/Makefile 1.59 - comms/gnome-pilot/Makefile 1.71 - comms/gnome-pilot/buildlink3.mk 1.44 - comms/jpilot-syncmal/Makefile 1.54 - comms/jpilot/Makefile 1.83 - comms/jpilot/buildlink3.mk 1.26 - comms/multisync-gui/Makefile 1.22 - converters/tex2rtf/Makefile 1.36 - databases/gourmet/Makefile 1.30 - databases/gq/Makefile 1.53 - databases/gramps/Makefile 1.60 - databases/gramps2/Makefile 1.57 - databases/gramps3/Makefile 1.35 - databases/gtkdbfeditor/Makefile 1.8 - databases/libgnomedb/Makefile 1.87 - databases/libgnomedb/buildlink3.mk 1.40 - databases/mergeant/Makefile 1.79 - databases/mysql-workbench/Makefile 1.17 - databases/p5-RRD-Simple/Makefile 1.14 - databases/pgadmin3/Makefile 1.30 - databases/rrdtool/Makefile 1.99 - databases/rrdtool/buildlink3.mk 1.35 - databases/ruby-rrdtool/Makefile 1.7 - devel/GConf-ui/Makefile 1.23 - devel/GConf-ui/buildlink3.mk 1.16 - devel/SDL_Pango/Makefile 1.15 - devel/SDL_Pango/buildlink3.mk 1.12 - devel/anjuta/Makefile 1.93 - devel/at-spi/Makefile 1.67 - devel/at-spi/buildlink3.mk 1.31 - devel/automoc4/Makefile 1.20 - devel/blib/Makefile 1.27 - devel/blib/buildlink3.mk 1.22 - devel/boa-constructor/Makefile 1.18 - devel/coconut/Makefile 1.49 - devel/compizconfig-backend-gconf/Makefile 1.17 - devel/cppcheck/Makefile 1.17 - devel/cutter/Makefile 1.20 - devel/dconf-editor/Makefile 1.12 - devel/devhelp/Makefile 1.78 - devel/devhelp/buildlink3.mk 1.24 - devel/distccmon-gnome/Makefile 1.36 - devel/distccmon-gtk/Makefile 1.21 - devel/eric4/Makefile 1.28 - devel/ethos/Makefile 1.13 - devel/ethos/buildlink3.mk 1.12 - devel/frama-c/Makefile 1.27 - devel/gconfmm/Makefile 1.50 - devel/gconfmm/buildlink3.mk 1.26 - devel/gdl/Makefile 1.33 - devel/gdl/buildlink3.mk 1.22 - devel/geany/Makefile 1.25 - devel/glade/Makefile 1.74 - devel/glade3/Makefile 1.26 - devel/glade3/buildlink3.mk 1.16 - devel/gmtk/Makefile 1.9 - devel/gmtk/buildlink3.mk 1.9 - devel/gnome-build/Makefile 1.32 - devel/gnome-build/buildlink3.mk 1.24 - devel/gobject-introspection/Makefile 1.24 - devel/gps/Makefile 1.16 - devel/gst-plugins0.10-pango/Makefile 1.17 - devel/guile-gnome/Makefile 1.33 - devel/kdesdk4/Makefile 1.44 - devel/kdevelop4/Makefile 1.22 - devel/kdevplatform/Makefile 1.23 - devel/kdiff3/Makefile 1.24 - devel/libbonoboui/Makefile 1.93 - devel/libbonoboui/buildlink3.mk 1.37 - devel/libcompizconfig/Makefile 1.20 - devel/libdbusmenu-qt/Makefile 1.12 - devel/libdbusmenu-qt/buildlink3.mk 1.9 - devel/libextractor/Makefile 1.54 - devel/libgail-gnome/Makefile 1.49 - devel/libgail-gnome/buildlink3.mk 1.40 - devel/libglade/Makefile 1.82 - devel/libglade/buildlink3.mk 1.28 - devel/libglademm/Makefile 1.28 - devel/libglademm/buildlink3.mk 1.24 - devel/libgnome/Makefile 1.95 - devel/libgnome/buildlink3.mk 1.37 - devel/libgnomemm/Makefile 1.42 - devel/libgnomemm/buildlink3.mk 1.31 - devel/libgnomeui/Makefile 1.109 - devel/libgnomeui/buildlink3.mk 1.44 - devel/libgnomeuimm/Makefile 1.41 - devel/libgnomeuimm/buildlink3.mk 1.32 - devel/libgweather/Makefile 1.35 - devel/libgweather/buildlink3.mk 1.20 - devel/libpeas/Makefile 1.5 - devel/libpeas/buildlink3.mk 1.4 - devel/libsexy/Makefile 1.19 - devel/libsexy/buildlink3.mk 1.20 - devel/libsexymm/Makefile 1.17 - devel/libsexymm/buildlink3.mk 1.16 - devel/libview/Makefile 1.12 - devel/libview/buildlink3.mk 1.13 - devel/libwnck/Makefile 1.86 - devel/libwnck/buildlink3.mk 1.32 - devel/mono-tools/Makefile 1.44 - devel/monodevelop-database/Makefile 1.16 - devel/monodevelop/Makefile 1.51 - devel/monodevelop/buildlink3.mk 1.16 - devel/monotone-viz/Makefile 1.43 - devel/p5-Gnome2/Makefile 1.16 - devel/p5-Gtk2-GladeXML/Makefile 1.19 - devel/p5-Wx-Perl-DataWalker/Makefile 1.16 - devel/p5-pango/Makefile 1.16 - devel/p5-pango/buildlink3.mk 1.12 - devel/pango/Makefile 1.166 - devel/pango/buildlink3.mk 1.32 - devel/pangomm/Makefile 1.23 - devel/pangomm/buildlink3.mk 1.15 - devel/py-compizconfig/Makefile 1.21 - devel/py-gobject-shared/Makefile 1.31 - devel/py-gobject/Makefile 1.43 - devel/py-gobject3/Makefile 1.6 - devel/qconf/Makefile 1.18 - devel/qjson/Makefile 1.5 - devel/qtscriptgenerator/Makefile 1.19 - devel/qtscriptgenerator/buildlink3.mk 1.14 - devel/rapidsvn/Makefile 1.60 - devel/ruby-gnome2-pango/Makefile 1.29 - devel/ruby-gnome2-pango/buildlink3.mk 1.27 - devel/scintilla/Makefile 1.11 - devel/scintilla/buildlink3.mk 1.10 - devel/swt/Makefile 1.24 - devel/valide/Makefile 1.19 - devel/xfce4-dev-tools/Makefile 1.19 - devel/xfconf/Makefile 1.13 - devel/xulrunner/Makefile 1.80 - devel/xulrunner/buildlink3.mk 1.29 - devel/xulrunner10/Makefile 1.6 - devel/xulrunner10/buildlink3.mk 1.6 - devel/xulrunner192/Makefile 1.18 - devel/xulrunner192/buildlink3.mk 1.14 - editors/Sigil/Makefile 1.36 - editors/TeXmacs-devel/Makefile 1.14 - editors/abiword-plugins/Makefile 1.48 - editors/abiword/Makefile 1.138 - editors/beaver/Makefile 1.27 - editors/conglomerate/Makefile 1.76 - editors/dasher/Makefile 1.70 - editors/emacs-snapshot/Makefile 1.33 - editors/emacs/Makefile 1.150 - editors/emacs22/Makefile 1.26 - editors/emacs24/Makefile 1.8 - editors/gconf-editor/Makefile 1.81 - editors/gedit-python/Makefile 1.12 - editors/gedit/Makefile 1.118 - editors/gedit/buildlink3.mk 1.31 - editors/gedit3-spell/Makefile 1.3 - editors/gedit3/Makefile 1.3 - editors/ghex/Makefile 1.22 - editors/gice/Makefile 1.41 - editors/gobby/Makefile 1.26 - editors/gtranslator/Makefile 1.48 - editors/gummi/Makefile 1.6 - editors/kate/Makefile 1.7 - editors/kile/Makefile 1.66 - editors/leafpad/Makefile 1.31 - editors/lyx/Makefile 1.26 - editors/medit/Makefile 1.6 - editors/mlview/Makefile 1.56 - editors/notecase/Makefile 1.28 - editors/p5-Padre/Makefile 1.22 - editors/p5-Wx-Scintilla/Makefile 1.4 - editors/poedit/Makefile 1.43 - editors/qgoogletranslator/Makefile 1.10 - editors/scite/Makefile 1.11 - editors/tea/Makefile 1.22 - editors/texmaker/Makefile 1.29 - editors/texworks/Makefile 1.8 - editors/tomboy/Makefile 1.42 - editors/vim-gtk2/Makefile 1.50 - editors/xfce4-mousepad/Makefile 1.20 - editors/xournal/Makefile 1.18 - emulators/blinkensim/Makefile 1.23 - emulators/bochs/Makefile 1.69 - emulators/e-uae/Makefile 1.23 - emulators/fuse/Makefile 1.46 - emulators/gambatte/Makefile 1.15 - emulators/gens/Makefile 1.27 - emulators/gpsim-devel/Makefile 1.26 - emulators/gpsim-devel/buildlink3.mk 1.22 - emulators/gpsim-oscilloscope/Makefile 1.22 - emulators/gpsim-ptyusart/Makefile 1.23 - emulators/gpsim/Makefile 1.35 - emulators/mame/Makefile 1.14 - emulators/mess/Makefile 1.18 - emulators/nestopia/Makefile 1.16 - emulators/snes9x-gtk/Makefile 1.24 - emulators/tme/Makefile 1.32 - emulators/uae/Makefile 1.63 - emulators/vice/Makefile 1.100 - emulators/xnp2/Makefile 1.5 - emulators/yabause/Makefile 1.21 - filesystems/fuse-pod/Makefile 1.14 - finance/gkrellm-stock/Makefile 1.39 - finance/gnucash/Makefile 1.172 - fonts/fntsample/Makefile 1.7 - fonts/fontforge/Makefile 1.80 - fonts/gbdfed/Makefile 1.15 - fonts/gucharmap/Makefile 1.83 - fonts/gucharmap/buildlink3.mk 1.39 - games/atomix/Makefile 1.27 - games/blinken/Makefile 1.6 - games/bluemoon/Makefile 1.16 - games/ccgo/Makefile 1.43 - games/crack-attack/Makefile 1.29 - games/crossfire-client-gtk2/Makefile 1.17 - games/dopewars/Makefile 1.52 - games/eboard/Makefile 1.23 - games/flightgear/Makefile 1.28 - games/freeciv-client/Makefile 1.57 - games/frozen-bubble/Makefile 1.37 - games/gamazons/Makefile 1.26 - games/gbrainy/Makefile 1.56 - games/gcompris/Makefile 1.38 - games/genecys-client/Makefile 1.32 - games/gnome-games/Makefile 1.127 - games/gnome-mastermind/Makefile 1.17 - games/grhino/Makefile 1.54 - games/gtetrinet/Makefile 1.63 - games/gtkballs/Makefile 1.48 - games/gtklevel9/Makefile 1.20 - games/gtkmagnetic/Makefile 1.31 - games/gturing/Makefile 1.63 - games/holtz/Makefile 1.5 - games/kanagram/Makefile 1.6 - games/kanatest/Makefile 1.14 - games/kdegames4/Makefile 1.34 - games/kdetoys4/Makefile 1.25 - games/khangman/Makefile 1.6 - games/kye/Makefile 1.38 - games/pioneers/Makefile 1.36 - games/pokerth/Makefile 1.25 - games/puzzles/Makefile 1.24 - games/pytraffic/Makefile 1.30 - games/quarry/Makefile 1.21 - games/rftg/Makefile 1.21 - games/scummvm-tools/Makefile 1.13 - games/simgear/Makefile 1.26 - games/sirius/Makefile 1.58 - games/teg/Makefile 1.36 - games/wesnoth/Makefile 1.82 - games/wxhugo/Makefile 1.31 - games/xcowsay/Makefile 1.4 - geography/emerillon/Makefile 1.13 - geography/geoclue/Makefile 1.13 - geography/libchamplain04/Makefile 1.15 - geography/libchamplain04/buildlink3.mk 1.15 - geography/libchamplain06/Makefile 1.14 - geography/libchamplain06/buildlink3.mk 1.15 - geography/libchamplain08/Makefile 1.10 - geography/libchamplain08/buildlink3.mk 1.11 - geography/mapserver/Makefile 1.38 - geography/merkaartor/Makefile 1.34 - geography/qgis/Makefile 1.21 - geography/qlandkartegt/Makefile 1.23 - geography/qlandkartem/Makefile 1.19 - geography/viking/Makefile 1.39 - graphics/aqsis/Makefile 1.42 - graphics/blinkenthemes/Makefile 1.23 - graphics/blinkentools/Makefile 1.25 - graphics/cairo-gobject/Makefile 1.11 - graphics/cairo-gobject/buildlink3.mk 1.9 - graphics/cairo/Makefile 1.105-1.107 - graphics/cairo/buildlink3.mk 1.43-1.46 - graphics/cairo/options.mk 1.8-1.9 - graphics/cairomm/Makefile 1.21 - graphics/cairomm/buildlink3.mk 1.9 - graphics/camlimages/Makefile 1.47 - graphics/cheese/Makefile 1.35 - graphics/cinepaint/Makefile 1.38 - graphics/clutter-box2d/Makefile 1.18 - graphics/clutter-cairo/Makefile 1.16 - graphics/clutter-cairo/buildlink3.mk 1.15 - graphics/clutter-gtk/Makefile 1.21 - graphics/clutter-gtk/buildlink3.mk 1.16 - graphics/clutter-mx/Makefile 1.11 - graphics/clutter-mx/buildlink3.mk 1.10 - graphics/clutter-qt/Makefile 1.16 - graphics/clutter/Makefile 1.33 - graphics/clutter/buildlink3.mk 1.19 - graphics/clutter08-gtk/Makefile 1.12 - graphics/clutter08-gtk/buildlink3.mk 1.13 - graphics/clutter08/Makefile 1.13 - graphics/clutter08/buildlink3.mk 1.13 - graphics/comix/Makefile 1.39 - graphics/darktable/Makefile 1.20 - graphics/denemo/Makefile 1.38 - graphics/dia-python/Makefile 1.29 - graphics/dia/Makefile 1.74 - graphics/digikam/Makefile 1.84 - graphics/djview4/Makefile 1.23 - graphics/eog-plugins-map/Makefile 1.16 - graphics/eog-plugins/Makefile 1.14 - graphics/eog/Makefile 1.72 - graphics/eog/buildlink3.mk 1.13 - graphics/eog3/Makefile 1.6 - graphics/evas-svg/Makefile 1.20 - graphics/extrema/Makefile 1.15 - graphics/f-spot/Makefile 1.45 - graphics/fotoxx/Makefile 1.29 - graphics/frameworks/Makefile 1.19 - graphics/geeqie/Makefile 1.26 - graphics/gegl/Makefile 1.38 - graphics/gegl/buildlink3.mk 1.21 - graphics/gfract/Makefile 1.46 - graphics/gimmage/Makefile 1.15 - graphics/gimp-color-manager/Makefile 1.36 - graphics/gimp-exif-browser/Makefile 1.15 - graphics/gimp-fix-ca/Makefile 1.28 - graphics/gimp-liquid-rescale/Makefile 1.22 - graphics/gimp-rawphoto/Makefile 1.37 - graphics/gimp-refocus-it/Makefile 1.38 - graphics/gimp-resynthesizer/Makefile 1.15 - graphics/gimp-ufraw/Makefile 1.75 - graphics/gimp/Makefile 1.221 - graphics/gimp/buildlink3.mk 1.44 - graphics/gimp2-wideangle/Makefile 1.40 - graphics/giram/Makefile 1.65 - graphics/gliv/Makefile 1.38 - graphics/gmngview/Makefile 1.33 - graphics/gnome-icon-theme/Makefile 1.80 - graphics/gnuplot/Makefile 1.64 - graphics/goocanvas/Makefile 1.20 - graphics/goocanvas/buildlink3.mk 1.15 - graphics/goocanvasmm/Makefile 1.22 - graphics/gpicview/Makefile 1.8 - graphics/gqview-devel/Makefile 1.47 - graphics/gqview/Makefile 1.84 - graphics/graphviz/Makefile 1.104 - graphics/gst-plugins0.10-cairo/Makefile 1.17 - graphics/gthumb/Makefile 1.73 - graphics/gthumb3/Makefile 1.4 - graphics/gtkam/Makefile 1.55 - graphics/gtkglext/Makefile 1.49 - graphics/gtkglext/buildlink3.mk 1.28 - graphics/gtkimageview/Makefile 1.21 - graphics/guile-cairo/Makefile 1.13 - graphics/gwenview/Makefile 1.57 - graphics/hugin/Makefile 1.29 - graphics/inkscape/Makefile 1.77 - graphics/kamera/Makefile 1.6 - graphics/kcolorchooser/Makefile 1.6 - graphics/kdegraphics-mobipocket/Makefile 1.6 - graphics/kdegraphics-strigi-analyzer/Makefile 1.6 - graphics/kdegraphics-thumbnailers/Makefile 1.6 - graphics/kgamma/Makefile 1.6 - graphics/kipi-plugins-calendar-kde3/Makefile 1.20 - graphics/kipi-plugins-kde3/Makefile 1.24 - graphics/kipi-plugins/Makefile 1.76 - graphics/kolourpaint/Makefile 1.6 - graphics/koverartist/Makefile 1.23 - graphics/kruler/Makefile 1.6 - graphics/ksaneplugin/Makefile 1.6 - graphics/ksnapshot/Makefile 1.6 - graphics/libexif-gtk/Makefile 1.38 - graphics/libexif-gtk/buildlink3.mk 1.22 - graphics/libgdiplus/Makefile 1.60 - graphics/libgdiplus/buildlink3.mk 1.40 - graphics/libgnomecanvas/Makefile 1.66 - graphics/libgnomecanvas/buildlink3.mk 1.30 - graphics/libgnomecanvasmm/Makefile 1.28 - graphics/libgnomecanvasmm/buildlink3.mk 1.23 - graphics/libkdcraw/Makefile 1.32 - graphics/libkdcraw/buildlink3.mk 1.21 - graphics/libkexiv2/Makefile 1.35 - graphics/libkface/Makefile 1.5 - graphics/libkface/buildlink3.mk 1.5 - graphics/libkipi/Makefile 1.44 - graphics/libkipi/buildlink3.mk 1.31 - graphics/libksane/Makefile 1.6 - graphics/libksane/buildlink3.mk 1.5 - graphics/librsvg/Makefile 1.63 - graphics/librsvg/buildlink3.mk 1.30 - graphics/libscigraphica/Makefile 1.26 - graphics/libscigraphica/buildlink3.mk 1.20 - graphics/nvtv/Makefile 1.22 - graphics/opencv/Makefile 1.29 - graphics/osg/Makefile 1.25 - graphics/osg/buildlink3.mk 1.17 - graphics/p5-Gnome2-Canvas/Makefile 1.13 - graphics/p5-Gnome2-Canvas/buildlink3.mk 1.13 - graphics/p5-cairo/Makefile 1.17 - graphics/p5-cairo/buildlink3.mk 1.9 - graphics/p5-clutter/Makefile 1.21 - graphics/py-cairo/Makefile 1.34 - graphics/py-cairo/buildlink3.mk 1.17 - graphics/py-clutter-gtk/Makefile 1.18 - graphics/py-clutter/Makefile 1.30 - graphics/py-clutter/buildlink3.mk 1.17 - graphics/py-goocanvas/Makefile 1.25 - graphics/py-gtkglext/Makefile 1.25 - graphics/py-matplotlib-gtk2/Makefile 1.33 - graphics/qimageblitz/Makefile 1.16 - graphics/qimageblitz/buildlink3.mk 1.17 - graphics/qiv/Makefile 1.36 - graphics/qiviewer/Makefile 1.7 - graphics/ristretto/Makefile 1.17 - graphics/ruby-clutter-cairo/Makefile 1.16 - graphics/ruby-clutter-core/Makefile 1.19 - graphics/ruby-clutter-gtk/Makefile 1.16 - graphics/ruby-gnome2-goocanvas/Makefile 1.23 - graphics/ruby-gnome2-rsvg/Makefile 1.36 - graphics/ruby-rcairo/Makefile 1.28 - graphics/ruby-rcairo/buildlink3.mk 1.16 - graphics/sane-frontends/Makefile 1.55 - graphics/scidavis/Makefile 1.19 - graphics/scigraphica/Makefile 1.61 - graphics/shotwell-gtk3/Makefile 1.9 - graphics/shotwell/Makefile 1.37 - graphics/svgpart/Makefile 1.6 - graphics/tuxpaint/Makefile 1.68 - graphics/ucview/Makefile 1.17 - graphics/unicap/Makefile 1.20 - graphics/veusz/Makefile 1.33 - graphics/viewnior/Makefile 1.8 - graphics/wxsvg/Makefile 1.31 - graphics/wxsvg/buildlink3.mk 1.25 - graphics/xfce4-icon-theme/Makefile 1.20 - graphics/xfce4-icon-theme/buildlink3.mk 1.30 - graphics/xsane/Makefile 1.97 - graphics/xzgv/Makefile 1.54 - graphics/zphoto/Makefile 1.25 - ham/gmfsk/Makefile 1.46 - ham/gnuradio-examples/Makefile 1.31 - ham/gnuradio-radio-astronomy/Makefile 1.25 - ham/gnuradio-wxgui/Makefile 1.35 - ham/gnuradio-wxgui/buildlink3.mk 1.31 - ham/gpredict/Makefile 1.29 - ham/grig/Makefile 1.31 - ham/xdx/Makefile 1.33 - ham/xlog/Makefile 1.48 - inputmethod/gcin/Makefile 1.19 - inputmethod/gtk-im-libthai/Makefile 1.15 - inputmethod/ibus-chewing/Makefile 1.19 - inputmethod/ibus-handwrite/Makefile 1.18 - inputmethod/ibus-input-pad/Makefile 1.16 - inputmethod/ibus-m17n/Makefile 1.18 - inputmethod/ibus-qt/Makefile 1.19 - inputmethod/ibus-skk/Makefile 1.17 - inputmethod/ibus-t9/Makefile 1.12 - inputmethod/ibus-unikey/Makefile 1.14 - inputmethod/ibus/Makefile 1.21 - inputmethod/im-ja/Makefile 1.20 - inputmethod/imhangul/Makefile 1.27 - inputmethod/imhangul_status_applet/Makefile 1.52 - inputmethod/input-pad/Makefile 1.16 - inputmethod/input-pad/buildlink3.mk 1.14 - inputmethod/kasumi/Makefile 1.17 - inputmethod/kimera-tomoe-gtk/Makefile 1.14 - inputmethod/kimera/Makefile 1.13 - inputmethod/m17n-im-config/Makefile 1.17 - inputmethod/m17n-im-config/buildlink3.mk 1.17 - inputmethod/nabi/Makefile 1.41 - inputmethod/novel-pinyin/Makefile 1.17 - inputmethod/py-input-pad/Makefile 1.19 - inputmethod/scim-anthy/Makefile 1.14 - inputmethod/scim-array/Makefile 1.13 - inputmethod/scim-canna/Makefile 1.14 - inputmethod/scim-ccinput/Makefile 1.15 - inputmethod/scim-chewing/Makefile 1.15 - inputmethod/scim-fcitx/Makefile 1.13 - inputmethod/scim-hangul/Makefile 1.15 - inputmethod/scim-input-pad/Makefile 1.14 - inputmethod/scim-m17n/Makefile 1.15 - inputmethod/scim-pinyin/Makefile 1.14 - inputmethod/scim-prime/Makefile 1.14 - inputmethod/scim-python/Makefile 1.14 - inputmethod/scim-sinhala/Makefile 1.13 - inputmethod/scim-skk/Makefile 1.13 - inputmethod/scim-tables/Makefile 1.15 - inputmethod/scim-thai/Makefile 1.15 - inputmethod/scim-tomoe/Makefile 1.16 - inputmethod/scim-uim/Makefile 1.15 - inputmethod/scim-unikey/Makefile 1.13 - inputmethod/scim/Makefile 1.18 - inputmethod/scim/buildlink3.mk 1.15 - inputmethod/tomoe-gtk/Makefile 1.19 - inputmethod/tomoe-gtk/buildlink3.mk 1.17 - inputmethod/uim-tomoe-gtk/Makefile 1.19 - inputmethod/uim/Makefile 1.66 - lang/basic256/Makefile 1.12 - lang/classpath-gui/Makefile 1.29 - lang/clisp/Makefile 1.91 - lang/coq/Makefile 1.47 - lang/kaffe-x11/Makefile 1.34 - lang/racket/Makefile 1.20 - lang/sablevm-classpath-gui/Makefile 1.28 - lang/smalltalk/Makefile 1.70 - lang/squeak-vm/Makefile 1.17 - mail/akonadi/Makefile 1.41 - mail/akonadi/buildlink3.mk 1.18 - mail/balsa/Makefile 1.90 - mail/claws-mail-archive/Makefile 1.23 - mail/claws-mail-attachwarner/Makefile 1.30 - mail/claws-mail-attremover/Makefile 1.29 - mail/claws-mail-cachesaver/Makefile 1.29 - mail/claws-mail-dillo-viewer/Makefile 1.27 - mail/claws-mail-fetchinfo/Makefile 1.30 - mail/claws-mail-gtkhtml/Makefile 1.39 - mail/claws-mail-mailmbox/Makefile 1.29 - mail/claws-mail-newmail/Makefile 1.31 - mail/claws-mail-notification/Makefile 1.32 - mail/claws-mail-pgpcore/Makefile 1.27 - mail/claws-mail-pgpcore/buildlink3.mk 1.18 - mail/claws-mail-pgpinline/Makefile 1.27 - mail/claws-mail-pgpmime/Makefile 1.26 - mail/claws-mail-rssyl/Makefile 1.34 - mail/claws-mail-smime/Makefile 1.28 - mail/claws-mail-spamreport/Makefile 1.32 - mail/claws-mail-synce/Makefile 1.29 - mail/claws-mail-tnef/Makefile 1.27 - mail/claws-mail-vcalendar/Makefile 1.34 - mail/claws-mail/Makefile 1.48 - mail/evolution-data-server/Makefile 1.124 - mail/evolution-exchange/Makefile 1.64 - mail/evolution/Makefile 1.185 - mail/evolution/buildlink3.mk 1.49 - mail/mail-notification/Makefile 1.69 - mail/msmtp/Makefile 1.42 - mail/netbiff/Makefile 1.18 - mail/sylpheed/Makefile 1.140 - mail/thunderbird/Makefile 1.99 - mail/thunderbird10/Makefile 1.13 - math/R/Makefile 1.130 - math/analitza/Makefile 1.6 - math/analitza/buildlink3.mk 1.5 - math/calcoo/Makefile 1.23 - math/cantor/Makefile 1.6 - math/cgal/Makefile 1.10 - math/cgal/buildlink3.mk 1.8 - math/euler/Makefile 1.32 - math/extcalc/Makefile 1.16 - math/fityk/Makefile 1.17 - math/galculator/Makefile 1.32 - math/gcalctool-gtk3/Makefile 1.11 - math/gcalctool/Makefile 1.107 - math/genius/Makefile 1.47 - math/gnumeric/Makefile 1.161 - math/gnumeric110/Makefile 1.39 - math/grpn/Makefile 1.35 - math/gtklife/Makefile 1.25 - math/kalgebra/Makefile 1.6 - math/kcalc/Makefile 1.6 - math/pspp/Makefile 1.58 - math/qalculate-bases/Makefile 1.31 - math/qalculate-currency/Makefile 1.31 - math/qalculate-gtk/Makefile 1.50 - math/qalculate-units/Makefile 1.31 - math/speedcrunch/Makefile 1.14 - math/wxMaxima/Makefile 1.17 - meta-pkgs/xfce4-extras/Makefile 1.50 - meta-pkgs/xfce4/Makefile 1.55 - meta-pkgs/xfce4/buildlink3.mk 1.37 - misc/attica/Makefile 1.17 - misc/attica/buildlink3.mk 1.14 - misc/blccc/Makefile 1.26 - misc/calibre/Makefile 1.44 - misc/celestia/Makefile 1.40 - misc/deskbar-applet/Makefile 1.65 - misc/fbreader/Makefile 1.23 - misc/gelemental/Makefile 1.17 - misc/gkrellm-flynn/Makefile 1.30 - misc/gkrellm-launch/Makefile 1.28 - misc/gkrellm-leds/Makefile 1.30 - misc/gkrellm-moon/Makefile 1.35 - misc/gkrellm-weather/Makefile 1.43 - misc/gnome-utils/Makefile 1.120 - misc/goffice0.6/Makefile 1.30 - misc/goffice0.6/buildlink3.mk 1.22 - misc/goffice0.8/Makefile 1.28 - misc/goffice0.8/buildlink3.mk 1.17 - misc/gok/Makefile 1.79 - misc/gperiodic/Makefile 1.58 - misc/gwaei/Makefile 1.26 - misc/kaccessible/Makefile 1.6 - misc/kalzium/Makefile 1.6 - misc/kanjipad/Makefile 1.33 - misc/kbruch/Makefile 1.6 - misc/kcharselect/Makefile 1.6 - misc/kchmviewer/Makefile 1.28 - misc/kde-wallpapers4/Makefile 1.6 - misc/kdeadmin4/Makefile 1.32 - misc/kdeartwork4/Makefile 1.27 - misc/kdepim-runtime4/Makefile 1.32 - misc/kdepim4/Makefile 1.39 - misc/kdepimlibs4/Makefile 1.39 - misc/kdepimlibs4/buildlink3.mk 1.25 - misc/kdeplasma-addons4/Makefile 1.34 - misc/kgeography/Makefile 1.9 - misc/kig/Makefile 1.6 - misc/kiten/Makefile 1.6 - misc/klettres/Makefile 1.6 - misc/kmag/Makefile 1.6 - misc/kmousetool/Makefile 1.6 - misc/kmouth/Makefile 1.6 - misc/kremotecontrol/Makefile 1.6 - misc/kstars/Makefile 1.17 - misc/ktouch/Makefile 1.6 - misc/kturtle/Makefile 1.6 - misc/kwordquiz/Makefile 1.6 - misc/libkdeedu/Makefile 1.6 - misc/libkdeedu/buildlink3.mk 1.5 - misc/libkgeomap/Makefile 1.5 - misc/libkgeomap/buildlink3.mk 1.5 - misc/libkvkontakte/Makefile 1.5 - misc/libkvkontakte/buildlink3.mk 1.5 - misc/libreoffice/Makefile 1.13 - misc/marble/Makefile 1.7 - misc/marble/buildlink3.mk 1.5 - misc/mousetweaks/Makefile 1.31 - misc/openoffice3/Makefile 1.74 - misc/parley/Makefile 1.6 - misc/rocs/Makefile 1.8 - misc/stellarium/Makefile 1.62 - misc/step/Makefile 1.6 - misc/superkaramba/Makefile 1.7 - misc/sweeper/Makefile 1.6 - misc/tellico/Makefile 1.57 - misc/usbprog/Makefile 1.12 - misc/vym/Makefile 1.20 - misc/xchm/Makefile 1.57 - misc/xfce4-weather-plugin/Makefile 1.27 - misc/xfce4-weather-plugin/buildlink3.mk 1.29 - misc/yelp/Makefile 1.110 - misc/yelp3/Makefile 1.11 - misc/zyGrib/Makefile 1.33 - multimedia/avidemux/Makefile 1.77 - multimedia/clutter-gst/Makefile 1.22 - multimedia/clutter-gst/buildlink3.mk 1.18 - multimedia/clutter08-gst/Makefile 1.13 - multimedia/clutter08-gst/buildlink3.mk 1.14 - multimedia/dvdstyler/Makefile 1.44 - multimedia/farsight2/Makefile 1.27 - multimedia/farsight2/buildlink3.mk 1.21 - multimedia/gecko-mediaplayer/Makefile 1.17 - multimedia/gmencoder/Makefile 1.53 - multimedia/gmplayer/Makefile 1.103 - multimedia/gnash/Makefile 1.58 - multimedia/gnome-media/Makefile 1.43 - multimedia/gnome-media/buildlink3.mk 1.21 - multimedia/gnome-mplayer/Makefile 1.17 - multimedia/gopchop/Makefile 1.36 - multimedia/gst123/Makefile 1.15 - multimedia/gxine/Makefile 1.64 - multimedia/handbrake/Makefile 1.20 - multimedia/hwdecode-demos/Makefile 1.4 - multimedia/kdemultimedia4/Makefile 1.35 - multimedia/kdenlive/Makefile 1.13 - multimedia/kmplayer-kde3/Makefile 1.19 - multimedia/kmplayer/Makefile 1.69 - multimedia/mkvtoolnix-old/Makefile 1.22 - multimedia/mkvtoolnix/Makefile 1.50 - multimedia/mlt/Makefile 1.15 - multimedia/mplayer-plugin/Makefile 1.22 - multimedia/ogle_gui/Makefile 1.31 - multimedia/phonon-backend-gstreamer/Makefile 1.5 - multimedia/phonon/Makefile 1.25 - multimedia/phonon/buildlink3.mk 1.18 - multimedia/pitivi/Makefile 1.18 - multimedia/pspvc/Makefile 1.21 - multimedia/py-clutter-gst/Makefile 1.18 - multimedia/ruby-clutter-gst/Makefile 1.18 - multimedia/subtitleeditor/Makefile 1.21 - multimedia/swfdec-gnome/Makefile 1.22 - multimedia/swfdec-mozilla/Makefile 1.23 - multimedia/swfdec/Makefile 1.31 - multimedia/swfdec/buildlink3.mk 1.33 - multimedia/totem-browser-plugin/Makefile 1.25 - multimedia/totem-nautilus/Makefile 1.29 - multimedia/totem-pl-parser/Makefile 1.40 - multimedia/totem-pl-parser/buildlink3.mk 1.24 - multimedia/totem/Makefile 1.60 - multimedia/totem/buildlink3.mk 1.26 - multimedia/vlc/Makefile 1.140-1.141 - multimedia/vlc08/Makefile 1.44 - multimedia/vlc10/Makefile 1.21-1.22 - multimedia/vlc2/Makefile 1.13-1.14 - multimedia/xfce4-mpc-plugin/Makefile 1.16 - multimedia/xfce4-mpc-plugin/buildlink3.mk 1.18 - multimedia/xfmedia/Makefile 1.34 - multimedia/xine-lib/Makefile 1.106 - multimedia/xvid4conf/Makefile 1.26 - net/Transmission-gui/Makefile 1.7 - net/amule/Makefile 1.54 - net/avahi/Makefile 1.36 - net/avahi/buildlink3.mk 1.16 - net/bug-buddy/Makefile 1.85 - net/cacti/Makefile 1.9 - net/choqok/Makefile 1.3 - net/dc_gui2/Makefile 1.65 - net/dcsharp/Makefile 1.28 - net/dhcpcd-gtk/Makefile 1.25 - net/ed2k-gtk-gui/Makefile 1.36 - net/ekiga/Makefile 1.37 - net/etherape/Makefile 1.70 - net/ettercap/Makefile 1.58 - net/filezilla/Makefile 1.34 - net/gitso/Makefile 1.6 - net/gkrellm-multiping/Makefile 1.30 - net/gkrellm-snmp/Makefile 1.38 - net/gkrellm-wireless/Makefile 1.37 - net/gnome-netstatus/Makefile 1.60 - net/gnome-nettool/Makefile 1.22 - net/gnome-vfs-smb/Makefile 1.20 - net/gssdp/Makefile 1.20 - net/gtk-gnutella/Makefile 1.78 - net/gtk-vnc/Makefile 1.25 - net/gtk-vnc/buildlink3.mk 1.18 - net/gupnp-tools/Makefile 1.19 - net/jigdo/Makefile 1.35 - net/kdenetwork4/Makefile 1.43 - net/kmldonkey/Makefile 1.20 - net/ktorrent/Makefile 1.47 - net/libdmapsharing/Makefile 1.14 - net/libktorrent/Makefile 1.4 - net/libktorrent/buildlink3.mk 1.4 - net/logjam/Makefile 1.33 - net/mbrowse/Makefile 1.12 - net/mldonkey-gui/Makefile 1.57 - net/monsoon/Makefile 1.26 - net/mtr/Makefile 1.74 - net/nagstamon/Makefile 1.20 - net/nfdump/Makefile 1.20 - net/nmap/Makefile 1.94 - net/ntop/Makefile 1.79 - net/remmina-plugins/Makefile 1.6 - net/remmina/Makefile 1.6 - net/tsclient/Makefile 1.66 - net/twitux/Makefile 1.22 - net/unison/Makefile 1.60 - net/unison2.32/Makefile 1.15 - net/urlgfe/Makefile 1.19 - net/vinagre/Makefile 1.32 - net/vino/Makefile 1.56 - net/wireshark/Makefile 1.87 - net/wistumbler2-gtk/Makefile 1.21 - net/xfce4-wavelan-plugin/Makefile 1.26 - net/xfce4-wavelan-plugin/buildlink3.mk 1.30 - net/xymon/Makefile 1.24 - news/pan/Makefile 1.72 - parallel/ganglia-monitor-core/Makefile 1.42 - parallel/hwloc/Makefile 1.6 - pkgtools/gnome-packagekit/Makefile 1.26 - pkgtools/packagekit/Makefile 1.26 - pkgtools/x11-links/Makefile 1.135-1.136 - pkgtools/x11-links/buildlink3.mk 1.44 - print/abcm2ps/Makefile 1.18 - print/advi/Makefile 1.51 - print/diffpdf/Makefile 1.26 - print/epdfview/Makefile 1.30 - print/evince-nautilus/Makefile 1.49 - print/evince/Makefile 1.85 - print/evince/buildlink3.mk 1.17 - print/evince3/Makefile 1.8 - print/evince3/buildlink3.mk 1.6 - print/glabels/Makefile 1.59 - print/gtklp/Makefile 1.21 - print/gutenprint-lib/Makefile 1.36 - print/hplip/Makefile 1.7 - print/imposter/Makefile 1.29 - print/kbibtex/Makefile 1.31 - print/libgnomeprint/Makefile 1.84 - print/libgnomeprint/buildlink3.mk 1.34 - print/libgnomeprintui/Makefile 1.72 - print/libgnomeprintui/buildlink3.mk 1.31 - print/libgxps/Makefile 1.5 - print/libgxps/buildlink3.mk 1.4 - print/lilypond/Makefile 1.82 - print/okular/Makefile 1.9 - print/paps/Makefile 1.5 - print/poppler-glib/Makefile 1.48 - print/poppler-glib/buildlink3.mk 1.29 - print/poppler-qt4/Makefile 1.30 - print/printer-applet/Makefile 1.7 - print/ruby-gnome2-poppler/Makefile 1.34 - print/scribus-qt4/Makefile 1.15 - print/scribus/Makefile 1.80 - print/xfce4-print/Makefile 1.39 - print/xfce4-print/buildlink3.mk 1.40 - security/MyPasswordSafe/Makefile 1.28 - security/fprint-demo/Makefile 1.15 - security/fwbuilder/Makefile 1.31 - security/gnome-keyring-manager/Makefile 1.37 - security/gnome-keyring/Makefile 1.72 - security/gnome-keyring/buildlink3.mk 1.28 - security/gpa/Makefile 1.36 - security/gpass/Makefile 1.43 - security/honeyd/Makefile 1.41 - security/hydra/Makefile 1.40 - security/keepassx/Makefile 1.18 - security/kgpg/Makefile 1.9 - security/ksecrets/Makefile 1.7 - security/kwallet/Makefile 1.6 - security/libfwbuilder/Makefile 1.39 - security/libfwbuilder/buildlink3.mk 1.32 - security/openvas-client/Makefile 1.16 - security/pinentry-gtk2/Makefile 1.18 - security/pinentry-qt4/Makefile 1.17 - security/policykit-gnome/Makefile 1.20 - security/polkit-qt/Makefile 1.18 - security/polkit-qt/buildlink3.mk 1.15 - security/putty/Makefile 1.27 - security/qca2-gnupg/Makefile 1.8 - security/qca2-ossl/Makefile 1.22 - security/qca2/Makefile 1.26 - security/qca2/buildlink3.mk 1.19 - security/qoauth/Makefile 1.2 - security/qoauth/buildlink3.mk 1.2 - security/seahorse-plugins/Makefile 1.33 - security/seahorse/Makefile 1.105 - security/seahorse/buildlink3.mk 1.26 - sysutils/amtterm/Makefile 1.8 - sysutils/bacula-qt-console/Makefile 1.24 - sysutils/bacula-tray-monitor/Makefile 1.25 - sysutils/bacula-wx-console/Makefile 1.29 - sysutils/brasero-nautilus/Makefile 1.22 - sysutils/brasero/Makefile 1.39 - sysutils/brasero/buildlink3.mk 1.22 - sysutils/btpin-qt/Makefile 1.19 - sysutils/bubblemon/Makefile 1.16 - sysutils/conky/Makefile 1.5 - sysutils/dvdisaster/Makefile 1.21 - sysutils/filelight/Makefile 1.33 - sysutils/gcdmaster/Makefile 1.61 - sysutils/gkrellm-est/Makefile 1.28 - sysutils/gkrellm/Makefile 1.71 - sysutils/gkrellm/buildlink3.mk 1.28 - sysutils/gnome-commander/Makefile 1.36 - sysutils/gnome-device-manager/Makefile 1.22 - sysutils/gnome-mount/Makefile 1.21 - sysutils/gnome-mount/buildlink3.mk 1.17 - sysutils/gnome-nds-thumbnailer/Makefile 1.16 - sysutils/gnome-pkgview/Makefile 1.45 - sysutils/gnome-power-manager/Makefile 1.31 - sysutils/gnome-settings-daemon/Makefile 1.36 - sysutils/gnome-system-monitor/Makefile 1.33 - sysutils/gnome-system-tools/Makefile 1.20 - sysutils/gnome-vfs-monikers/Makefile 1.20 - sysutils/gnome-vfs/Makefile 1.95 - sysutils/gnome-vfs/buildlink3.mk 1.38 - sysutils/gnome-vfsmm/Makefile 1.37 - sysutils/gnome-vfsmm/buildlink3.mk 1.27 - sysutils/gnome-volume-manager/Makefile 1.24 - sysutils/grun/Makefile 1.32 - sysutils/gst-plugins0.10-gnomevfs/Makefile 1.33 - sysutils/gtk-send-pr/Makefile 1.42 - sysutils/gvfs/Makefile 1.46 - sysutils/k3b/Makefile 1.48 - sysutils/k4dirstat/Makefile 1.7 - sysutils/kdf/Makefile 1.27 - sysutils/kfloppy/Makefile 1.6 - sysutils/libgksu/Makefile 1.22 - sysutils/libgksu/buildlink3.mk 1.17 - sysutils/libnotify/Makefile 1.23 - sysutils/libnotify/buildlink3.mk 1.20 - sysutils/nautilus-sendto/Makefile 1.33 - sysutils/nautilus/Makefile 1.126 - sysutils/nautilus/buildlink3.mk 1.51 - sysutils/notification-daemon/Makefile 1.28 - sysutils/open-vm-tools/Makefile 1.29 - sysutils/p5-Gnome2-VFS/Makefile 1.15 - sysutils/p5-Gnome2-VFS/buildlink3.mk 1.14 - sysutils/pcmanfm/Makefile 1.20 - sysutils/py-notify/Makefile 1.26 - sysutils/py-notify/buildlink3.mk 1.20 - sysutils/rox/Makefile 1.64 - sysutils/screentest/Makefile 1.27 - sysutils/strigi/Makefile 1.23 - sysutils/virt-manager/Makefile 1.4 - sysutils/xcdroast/Makefile 1.63 - sysutils/xfce4-appfinder/Makefile 1.26 - sysutils/xfce4-battery-plugin/Makefile 1.22 - sysutils/xfce4-battery-plugin/buildlink3.mk 1.19 - sysutils/xfce4-cpugraph-plugin/Makefile 1.25 - sysutils/xfce4-cpugraph-plugin/buildlink3.mk 1.29 - sysutils/xfce4-diskperf-plugin/Makefile 1.29 - sysutils/xfce4-diskperf-plugin/buildlink3.mk 1.30 - sysutils/xfce4-fsguard-plugin/Makefile 1.22 - sysutils/xfce4-fsguard-plugin/buildlink3.mk 1.27 - sysutils/xfce4-genmon-plugin/Makefile 1.15 - sysutils/xfce4-genmon-plugin/buildlink3.mk 1.17 - sysutils/xfce4-netload-plugin/Makefile 1.31 - sysutils/xfce4-netload-plugin/buildlink3.mk 1.33 - sysutils/xfce4-quicklauncher-plugin/Makefile 1.23 - sysutils/xfce4-quicklauncher-plugin/buildlink3.mk 1.29 - sysutils/xfce4-systemload-plugin/Makefile 1.29 - sysutils/xfce4-systemload-plugin/buildlink3.mk 1.31 - sysutils/xfce4-thunar/Makefile 1.28 - sysutils/xfce4-thunar/buildlink3.mk 1.24 - sysutils/xfce4-volman/Makefile 1.20 - sysutils/xfce4-xarchiver/Makefile 1.19 - sysutils/xfce4-xarchiver/buildlink3.mk 1.18 - sysutils/xfce4-xkb-plugin/Makefile 1.27 - sysutils/xfce4-xkb-plugin/buildlink3.mk 1.30 - textproc/FlightCrew/Makefile 1.16 - textproc/OdfConverter/Makefile 1.20 - textproc/dikt/Makefile 1.10 - textproc/ebview/Makefile 1.17 - textproc/gnome-spell/Makefile 1.50 - textproc/gnome-spell/buildlink3.mk 1.36 - textproc/gnome-subtitles/Makefile 1.27 - textproc/gtkspell/Makefile 1.49 - textproc/gtkspell/buildlink3.mk 1.26 - textproc/py-gdick/Makefile 1.32 - textproc/soprano/Makefile 1.29 - textproc/soprano/buildlink3.mk 1.17 - textproc/xfce4-dict-plugin/Makefile 1.15 - textproc/xfce4-dict-plugin/buildlink3.mk 1.17 - time/cairo-clock/Makefile 1.27 - time/evolution-webcal/Makefile 1.59 - time/gchore/Makefile 1.18 - time/gdeskcal/Makefile 1.44 - time/gnotime/Makefile 1.55 - time/gtodo-applet/Makefile 1.47 - time/gtodo/Makefile 1.43 - time/hamster-applet/Makefile 1.29 - time/ktimer/Makefile 1.6 - time/planner/Makefile 1.37 - time/rsibreak/Makefile 1.28 - time/xfce4-datetime-plugin/Makefile 1.29 - time/xfce4-datetime-plugin/buildlink3.mk 1.29 - time/xfce4-orage/Makefile 1.19 - time/xfce4-timer-plugin/Makefile 1.15 - time/xfce4-timer-plugin/buildlink3.mk 1.17 - wm/afterstep/Makefile 1.58 - wm/awesome/Makefile 1.31 - wm/bmpanel2/Makefile 1.10 - wm/compiz-fusion-plugins-extra/Makefile 1.20 - wm/compiz-fusion-plugins-main/Makefile 1.22 - wm/compiz-fusion-plugins-main/buildlink3.mk 1.17 - wm/compiz/Makefile 1.52 - wm/compiz/buildlink3.mk 1.17 - wm/e16menuedit2/Makefile 1.35 - wm/fluxconf/Makefile 1.16 - wm/metacity/Makefile 1.103 - wm/metacity/buildlink3.mk 1.33 - wm/metisse/Makefile 1.27 - wm/openbox/Makefile 1.78 - wm/oroborox/Makefile 1.34 - wm/sawfish/Makefile 1.67 - wm/selectwm/Makefile 1.21 - wm/wbar/Makefile 1.11 - wm/wmakerconf/Makefile 1.57 - wm/xfce4-wm-themes/Makefile 1.31 - wm/xfce4-wm/Makefile 1.43 - www/amaya/Makefile 1.74 - www/ap22-dnssd/Makefile 1.18 - www/bluefish/Makefile 1.101 - www/browser-bookmarks-menu/Makefile 1.33 - www/drivel/Makefile 1.65 - www/epiphany-extensions/Makefile 1.76 - www/epiphany/Makefile 1.131 - www/epiphany/buildlink3.mk 1.50 - www/firefox/Makefile 1.112 - www/firefox10/Makefile 1.8 - www/firefox36/Makefile 1.18 - www/gtkhtml314/Makefile 1.52 - www/icedtea-web/Makefile 1.14 - www/kazehakase/Makefile 1.50 - www/kdewebdev4/Makefile 1.31 - www/libgtkhtml/Makefile 1.62 - www/libgtkhtml/buildlink3.mk 1.35 - www/libmediawiki/Makefile 1.5 - www/libmediawiki/buildlink3.mk 1.5 - www/liferea-current/Makefile 1.34 - www/liferea/Makefile 1.108 - www/midori/Makefile 1.48 - www/netsurf/Makefile 1.21 - www/nspluginwrapper/Makefile 1.32 - www/seamonkey/Makefile 1.78 - www/webkit-gtk/Makefile 1.59 - www/webkit-gtk/buildlink3.mk 1.27 - www/webkit-gtk3/Makefile 1.14 - www/webkit-gtk3/buildlink3.mk 1.10 - x11/alacarte/Makefile 1.41 - x11/antiright/Makefile 1.21 - x11/avant-window-navigator/Makefile 1.11 - x11/clisp-gtk2/Makefile 1.13 - x11/deskmenu/Makefile 1.15 - x11/devilspie/Makefile 1.52 - x11/eekboard/Makefile 1.17 - x11/eekboard/buildlink3.mk 1.15 - x11/fast-user-switch-applet/Makefile 1.45 - x11/fltk13/Makefile 1.4 - x11/ftmenu/Makefile 1.17 - x11/gdm/Makefile 1.170 - x11/gnome-applets/Makefile 1.105 - x11/gnome-control-center/Makefile 1.55 - x11/gnome-control-center/buildlink3.mk 1.28 - x11/gnome-desktop-sharp/Makefile 1.38 - x11/gnome-desktop-sharp/buildlink3.mk 1.31 - x11/gnome-desktop/Makefile 1.117 - x11/gnome-desktop/buildlink3.mk 1.43 - x11/gnome-desktop3/Makefile 1.4 - x11/gnome-desktop3/buildlink3.mk 1.4 - x11/gnome-mag/Makefile 1.73 - x11/gnome-mag/buildlink3.mk 1.31 - x11/gnome-panel/Makefile 1.148 - x11/gnome-panel/buildlink3.mk 1.52 - x11/gnome-screensaver/Makefile 1.58 - x11/gnome-session/Makefile 1.139 - x11/gnome-sharp/Makefile 1.36 - x11/gnome-sharp/buildlink3.mk 1.30 - x11/gnome-terminal/Makefile 1.46 - x11/gnome-themes-extras/Makefile 1.58 - x11/gnome-themes/Makefile 1.89 - x11/gnopernicus/Makefile 1.78 - x11/grandr_applet/Makefile 1.27 - x11/gromit/Makefile 1.24 - x11/gselt/Makefile 1.12 - x11/gtk-sharp/Makefile 1.30 - x11/gtk2+extra/Makefile 1.20 - x11/gtk2+extra/buildlink3.mk 1.23 - x11/gtk2-chtheme/Makefile 1.24 - x11/gtk2-engines-bluecurve/Makefile 1.31 - x11/gtk2-engines-murrine/Makefile 1.17 - x11/gtk2-engines/Makefile 1.77 - x11/gtk2-engines/buildlink3.mk 1.26 - x11/gtk2-theme-switch/Makefile 1.32 - x11/gtk2/Makefile 1.236 - x11/gtk2/buildlink3.mk 1.56 - x11/gtk3/Makefile 1.27 - x11/gtk3/buildlink3.mk 1.8 - x11/gtkada/Makefile 1.11 - x11/gtkada/buildlink3.mk 1.10 - x11/gtkglarea2/Makefile 1.25 - x11/gtkglarea2/buildlink3.mk 1.20 - x11/gtkmm-utils/Makefile 1.12 - x11/gtkmm-utils/buildlink3.mk 1.14 - x11/gtkmm/Makefile 1.85 - x11/gtkmm/buildlink3.mk 1.32 - x11/gtksourceview-sharp2/Makefile 1.33 - x11/gtksourceview/Makefile 1.64 - x11/gtksourceview/buildlink3.mk 1.32 - x11/gtksourceview2/Makefile 1.33 - x11/gtksourceview2/buildlink3.mk 1.19 - x11/gtksourceview3/Makefile 1.4 - x11/gtksourceview3/buildlink3.mk 1.4 - x11/gtkterm2/Makefile 1.27 - x11/hot-babe/Makefile 1.33 - x11/kactivities/Makefile 1.6 - x11/kactivities/buildlink3.mk 1.6 - x11/kde-baseapps4/Makefile 1.8 - x11/kde-runtime4/Makefile 1.12 - x11/kde-runtime4/buildlink3.mk 1.6 - x11/kde-workspace4/Makefile 1.11 - x11/kde-workspace4/buildlink3.mk 1.6 - x11/kdelibs4/Makefile 1.47 - x11/kdelibs4/buildlink3.mk 1.22 - x11/konsole/Makefile 1.6 - x11/lablgtk/Makefile 1.68 - x11/lablgtk/buildlink3.mk 1.22 - x11/libX11/Makefile 1.28 - x11/libdesktop-agnostic/Makefile 1.10 - x11/libdesktop-agnostic/buildlink3.mk 1.7 - x11/libgnomekbd/Makefile 1.37 - x11/libunique/Makefile 1.21 - x11/libunique/buildlink3.mk 1.15 - x11/libunique3/Makefile 1.9 - x11/libxcb/buildlink3.mk 1.3 - x11/libxfce4gui/Makefile 1.41 - x11/libxfce4gui/buildlink3.mk 1.40 - x11/libxfce4menu/Makefile 1.11 - x11/libxfce4menu/buildlink3.mk 1.13 - x11/libxfce4util/Makefile 1.27 - x11/matchbox-panel-manager/Makefile 1.24 - x11/mlterm/Makefile 1.72 - x11/nucleo/Makefile 1.29 - x11/nucleo/buildlink3.mk 1.24 - x11/p5-Alien-wxWidgets/Makefile 1.20 - x11/p5-Wx-Perl-ProcessStream/Makefile 1.19 - x11/p5-Wx/Makefile 1.24 - x11/p5-Wx/buildlink3.mk 1.15 - x11/p5-gtk2/Makefile 1.49 - x11/p5-gtk2/buildlink3.mk 1.16 - x11/py-gnome2-desktop/Makefile 1.67 - x11/py-gnome2-desktop/buildlink3.mk 1.21 - x11/py-gnome2-extras/Makefile 1.57 - x11/py-gnome2-extras/buildlink3.mk 1.32 - x11/py-gnome2/Makefile 1.86 - x11/py-gnome2/buildlink3.mk 1.41 - x11/py-gtk2/Makefile 1.87 - x11/py-gtk2/buildlink3.mk 1.40 - x11/py-gtksourceview/Makefile 1.24 - x11/py-kde4/Makefile 1.14 - x11/py-kiwi/Makefile 1.22 - x11/py-qt4-qscintilla/Makefile 1.22 - x11/py-qt4-qscintilla/buildlink3.mk 1.16 - x11/py-qt4/Makefile 1.54 - x11/py-vte/Makefile 1.11 - x11/py-vte/buildlink3.mk 1.11 - x11/py-wxWidgets/Makefile 1.39 - x11/py-wxWidgets/buildlink3.mk 1.33 - x11/qt4-creator/Makefile 1.15 - x11/qt4-docs/Makefile 1.23 - x11/qt4-libs/Makefile 1.78 - x11/qt4-libs/buildlink3.mk 1.34 - x11/qt4-mng/Makefile 1.17 - x11/qt4-mysql/Makefile 1.26 - x11/qt4-pgsql/Makefile 1.34 - x11/qt4-qdbus/Makefile 1.28 - x11/qt4-qdbus/buildlink3.mk 1.17 - x11/qt4-qscintilla/Makefile 1.21 - x11/qt4-qscintilla/buildlink3.mk 1.15 - x11/qt4-sqlite3/Makefile 1.29 - x11/qt4-tiff/Makefile 1.26 - x11/qt4-tools/Makefile 1.54 - x11/qt4-tools/buildlink3.mk 1.24 - x11/qwt-qt4/Makefile 1.20 - x11/qwt-qt4/buildlink3.mk 1.17 - x11/qwt6-qt4/Makefile 1.5 - x11/qwt6-qt4/buildlink3.mk 1.4 - x11/qwtplot3d-qt4/Makefile 1.15 - x11/qwtplot3d-qt4/buildlink3.mk 1.15 - x11/rep-gtk2/Makefile 1.22 - x11/rox-session/Makefile 1.31 - x11/ruby-gnome2-gtk/Makefile 1.36 - x11/ruby-gnome2-gtk/buildlink3.mk 1.21 - x11/ruby-gnome2-gtksourceview2/Makefile 1.25 - x11/ruby-gnome2-vte/Makefile 1.28 - x11/ruby-wxruby/Makefile 1.8 - x11/sakura/Makefile 1.10 - x11/startup-notification/Makefil