![[BACK]](/icons/back.gif){kind=icon}
Up to [cvs.NetBSD.org] / pkgsrc / www / firefox / patches
Request diff between arbitrary revisions
Default branch: MAIN
Revision 1.3 / (download) - annotate - [select for diffs], Thu Nov 11 16:48:04 2021 UTC (2 years, 5 months ago) by ryoon
Branch: MAIN
CVS Tags: pkgsrc-2024Q1-base,
pkgsrc-2024Q1,
pkgsrc-2023Q4-base,
pkgsrc-2023Q4,
pkgsrc-2023Q3-base,
pkgsrc-2023Q3,
pkgsrc-2023Q2-base,
pkgsrc-2023Q2,
pkgsrc-2023Q1-base,
pkgsrc-2023Q1,
pkgsrc-2022Q4-base,
pkgsrc-2022Q4,
pkgsrc-2022Q3-base,
pkgsrc-2022Q3,
pkgsrc-2022Q2-base,
pkgsrc-2022Q2,
pkgsrc-2022Q1-base,
pkgsrc-2022Q1,
pkgsrc-2021Q4-base,
pkgsrc-2021Q4,
HEAD
Changes since 1.2: +3 -3
lines
Diff to previous 1.2 (colored)
firefox: Update to 94.0.1
Changelog:
94.0.1
Fixed
* Fixed browser hangs when viewing fullscreen videos on macOS 10.12 (bug 1737998)
94.0
New
* Colorways animated screenshot
With 94, you'll find a selection of six fun seasonal Colorways (available
for a limited time only). Now you can find a color to suit (or lift) your
every mood.
Fun fact: Did you know we have more daily users with color themes than dark
or Alpenglow on Beta? With Firefox 89, 32% of users clicked through to
customize their color theme. And that was just on the first day! We decided
to introduce these new Colorways to give our users more to love.
* Firefox macOS now uses Apple's low power mode for fullscreen video on sites
such as YouTube and Twitch. This meaningfully extends battery life in long
viewing sessions. Now your kids can find out what the fox says on a loop
without you ever missing a beat'
* With this release, power users can use about:unloads to release system
resources by manually unloading tabs without closing them.
* On Windows, there will now be fewer interruptions because Firefox won't
prompt you for updates. Instead, a background agent will download and
install updates even if Firefox is closed.
* And on Linux, we've improved WebGL performance and reduced power
consumption for many users.
* To better protect all Firefox users against side-channel attacks such as
Spectre, we're introducing Site Isolation. It will be rolled out to
Firefox 94 users over the next few weeks. We've got your
back...errr...side!
* We're rolling out the Firefox Multi-Account Containers extension with
Mozilla VPN integration. This lets you use a different server location for
each container.
* Firefox no longer warns you by default when you exit the browser or close a
window using a menu, button, or three-key command. This should cut back on
unwelcome notifications which is always nice--however, if you prefer a bit
of notice, you'll still have full control over the quit/close modal
behavior. All warnings can be managed within Firefox Settings. No worries!
(More details)
* And now, Firefox supports the new Snap Layouts menus when running on
Windows 11.
Fixed
* We've reduced the overhead of using performance.mark() and
performance.measure() APIs with a large set of performance entries.
* Plus, we've modified paint suppression during load to greatly improve
warmload performance in Site Isolation mode.
* You'll also notice a small reduction in Javascript memory usage.
* With this release, you'll notice faster Javascript property enumeration as
well.
* We've also implemented better scheduling of garbage collection which has
improved some pageload benchmarks.
* This release also sees reduced CPU usage during socket polling for HTTPS
connections.
* Additionally, you'll notice faster storage initialization.
* We've also improved cold startup by reducing main thread I/O.
* Plus, closing devtools now reclaims more memory than ever before.
* And we've improved pageload (especially with Site Isolation mode) by
setting a higher priority for loading and displaying images.
* Various security fixes
Enterprise
* Enterprise users now have more control over Firefox deployments with the
availability of our MSIX package on Windows platforms.
* You'll also notice various bug fixes and new policies have been
implemented in this latest version of Firefox. See more details in the
Firefox for Enterprise 94 Release Notes.
Security fixes:
#CVE-2021-38503: iframe sandbox rules did not apply to XSLT stylesheets
#CVE-2021-38504: Use-after-free in file picker dialog
#CVE-2021-38505: Windows 10 Cloud Clipboard may have recorded sensitive user
data
#CVE-2021-38506: Firefox could be coaxed into going into fullscreen mode
without notification or warning
#CVE-2021-38507: Opportunistic Encryption in HTTP2 could be used to bypass the
Same-Origin-Policy on services hosted on other ports
#MOZ-2021-0003: Universal XSS in Firefox for Android via QR Code URLs
#CVE-2021-38508: Permission Prompt could be overlaid, resulting in user
confusion and potential spoofing
#MOZ-2021-0004: Web Extensions could access pre-redirect URL when their context
menu was triggered by a user
#CVE-2021-38509: Javascript alert box could have been spoofed onto an arbitrary
domain
#CVE-2021-38510: Download Protections were bypassed by .inetloc files on Mac OS
#MOZ-2021-0005: 'Copy Image Link' context menu action could have been abused to
see authentication tokens
#MOZ-2021-0006: URL Parsing may incorrectly parse internationalized domains
#MOZ-2021-0007: Memory safety bugs fixed in Firefox 94 and Firefox ESR 91.3
Revision 1.2 / (download) - annotate - [select for diffs], Sun Nov 4 00:38:44 2018 UTC (5 years, 5 months ago) by ryoon
Branch: MAIN
CVS Tags: pkgsrc-2021Q3-base,
pkgsrc-2021Q3,
pkgsrc-2021Q2-base,
pkgsrc-2021Q2,
pkgsrc-2021Q1-base,
pkgsrc-2021Q1,
pkgsrc-2020Q4-base,
pkgsrc-2020Q4,
pkgsrc-2020Q3-base,
pkgsrc-2020Q3,
pkgsrc-2020Q2-base,
pkgsrc-2020Q2,
pkgsrc-2020Q1-base,
pkgsrc-2020Q1,
pkgsrc-2019Q4-base,
pkgsrc-2019Q4,
pkgsrc-2019Q3-base,
pkgsrc-2019Q3,
pkgsrc-2019Q2-base,
pkgsrc-2019Q2,
pkgsrc-2019Q1-base,
pkgsrc-2019Q1,
pkgsrc-2018Q4-base,
pkgsrc-2018Q4
Changes since 1.1: +1 -1
lines
Diff to previous 1.1 (colored)
Update to 63.0.1
* Minimize pkgsrc specific patches.
* A build system written in Rust lang does not find a C++ header files
from pkgsrc (non-base) GCC, this version is not buildable on NetBSD 7.
I will investigate this problem again.
Changelog:
63.0.1
Fixed
Snippets are not loaded due to missing element (bug 1503047)
Print preview always shows 30% scale when it is actually Shrink To Fit
(bug 1501952)
Dialog displayed when closing multiple windows shows unreplaced %1$S
placeholder in Japanese and potentially other locales (bug 1500823)
63.0
New
Performance and visual improvements for Windows users
Performance improvements for macOS users
Added content blocking, a collection of Firefox settings that offer
users greater control over technology that can track them around the
web. In 63, users can opt to block third-party tracking cookies or
block all trackers and create exceptions for trusted sites that don't
work correctly with content blocking enabled.
WebExtensions now run in their own process on Linux
Firefox now warns about having multiple windows and tabs open
when quitting from the main menu. The Save and Quit feature has been
removed. You can restore your session by ticking the box for Restore
previous session in the General->Startup options or by using Restore
Previous Session in the main menu.
Firefox now recognizes the operating system accessibility setting for
reducing animation
Added search shortcuts for Top Sites: Amazon and Google appear as Top
Sites tiles on the Firefox Home (New Tab) page. When selected these
tiles will change focus to the address bar to initiate a search.
Currently in US only.
Fixed
Resolved an issue that prevented the address bar from autofilling
bookmarked URLs in certain cases
Various security fixes
Changed
In the Library, the Open in Sidebar feature for individual bookmarks
was removed
The option to Never check for updates was removed from about:preferences.
You can use the DisableAppUpdate enterprise policy as a substitute.
The Ctrl+Tab shortcut now displays thumbnail previews of your tabs and
cycles through tabs in recently used order. This new default behavior
is activated only in new profiles and can be changed in preferences.
#CVE-2018-12391: HTTP Live Stream audio data is accessible cross-origin
#CVE-2018-12392: Crash with nested event loops
#CVE-2018-12393: Integer overflow during Unicode conversion while loading JavaScript
#CVE-2018-12395: WebExtension bypass of domain restrictions through header rewriting
#CVE-2018-12396: WebExtension content scripts can execute in disallowed contexts
#CVE-2018-12397: Missing warning prompt when WebExtension requests local file access
#CVE-2018-12398: CSP bypass through stylesheet injection in resource URIs
#CVE-2018-12399: Spoofing of protocol registration notification bar
#CVE-2018-12400: Favicons are cached in private browsing mode on Firefox for Android
#CVE-2018-12401: DOS attack through special resource URI parsing
#CVE-2018-12402: SameSite cookies leak when pages are explicitly saved
#CVE-2018-12403: Mixed content warning is not displayed when HTTPS page loads a favicon over HTTP
#CVE-2018-12388: Memory safety bugs fixed in Firefox 63
#CVE-2018-12390: Memory safety bugs fixed in Firefox 63 and Firefox ESR 60.3
Revision 1.1 / (download) - annotate - [select for diffs], Wed Sep 5 15:29:58 2018 UTC (5 years, 7 months ago) by ryoon
Branch: MAIN
CVS Tags: pkgsrc-2018Q3-base,
pkgsrc-2018Q3
Update to 62.0
Changelog:
New
Firefox Home (the default New Tab) now allows users to display up to
4 rows of top sites, Pocket stories, and highlights
"Reopen in Container" tab menu option appears for users with Containers
that lets them choose to reopen a tab in a different container
In advance of removing all trust for Symantec-issued certificates in
Firefox 63, a preference was added that allows users to distrust
certificates issued by Symantec. To use this preference, go to
about:config in the address bar and set the preference
"security.pki.distrust_ca_policy" to 2.
Added FreeBSD support for WebAuthn
Improved graphics rendering for Windows users without accelerated hardware
using Parallel-Off-Main-Thread Painting
Support for CSS Shapes, allowing for richer web page layouts. This goes
hand in hand with a brand new Shape Path Editor in the CSS inspector.
CSS Variable Fonts (OpenType Font Variations) support, which makes it
possible to create beautiful typography with a single font file
Updates for enterprise environments:
AutoConfig is sandboxed to the documented API by default. You
can disable the sandbox by setting the preference
general.config.sandbox_enabled to false. Our long term plan is to
remove the ability to turn off the sandboxing. If you need to
continue to use more complex AutoConfig scripts, you will need to use
Firefox Extended Support Release (ESR).
Added Canadian English (en-CA) locale
Changed
Removed the description field for bookmarks. Users who have stored
descriptions using the field may wish to export these descriptions
as html or json files, as they will be removed in a future release.
Dark theme is automatically enabled in macOS 10.14 dark mode
Changed the default setting to Enforce (3) for the
security.pki.name_matching_mode preference
Adobe Flash applets now run in a more secure mode using process
sandboxing on macOS. Learn how this may affect features here.
Users disconnecting from Sync are now offered the option to wipe
their Firefox profile data (including bookmarks, passwords, history,
cookies, and site data) from their desktop computer
Changed how WebRTC handles screen sharing: When screen-sharing a window,
the window will be brought to front
Developer
Three-pane Inspector in Developer Tools separates the rules into its own
panel