The NetBSD Project

CVS log for pkgsrc/www/firefox45/Makefile

[BACK] Up to [cvs.NetBSD.org] / pkgsrc / www / firefox45

Request diff between arbitrary revisions


Default branch: MAIN


Revision 1.46 / (download) - annotate - [select for diffs], Wed Apr 3 00:33:11 2019 UTC (2 weeks, 6 days ago) by ryoon
Branch: MAIN
CVS Tags: HEAD
Changes since 1.45: +2 -2 lines
Diff to previous 1.45 (colored)

Recursive revbump from textproc/icu

Revision 1.45 / (download) - annotate - [select for diffs], Tue Jan 29 22:33:58 2019 UTC (2 months, 3 weeks ago) by tnn
Branch: MAIN
CVS Tags: pkgsrc-2019Q1-base, pkgsrc-2019Q1
Changes since 1.44: +11 -14 lines
Diff to previous 1.44 (colored)

remove obsolete hacks.mk & reduce diffs between mozilla derivative packages

Revision 1.44 / (download) - annotate - [select for diffs], Sun Dec 9 18:52:49 2018 UTC (4 months, 1 week ago) by adam
Branch: MAIN
CVS Tags: pkgsrc-2018Q4-base, pkgsrc-2018Q4
Changes since 1.43: +2 -2 lines
Diff to previous 1.43 (colored)

revbump after updating textproc/icu

Revision 1.43 / (download) - annotate - [select for diffs], Thu Nov 29 11:21:58 2018 UTC (4 months, 3 weeks ago) by prlw1
Branch: MAIN
Changes since 1.42: +2 -2 lines
Diff to previous 1.42 (colored)

Revbump for libcanberra gstreamer change.

Revision 1.42 / (download) - annotate - [select for diffs], Fri Nov 23 08:06:33 2018 UTC (4 months, 4 weeks ago) by ryoon
Branch: MAIN
Changes since 1.41: +2 -2 lines
Diff to previous 1.41 (colored)

Recursive revbump from multimedia/libva

Revision 1.41 / (download) - annotate - [select for diffs], Fri Nov 16 13:02:45 2018 UTC (5 months ago) by bsiegert
Branch: MAIN
Changes since 1.40: +2 -2 lines
Diff to previous 1.40 (colored)

Revbump hunspell reverse-depends after update.

Revision 1.40 / (download) - annotate - [select for diffs], Wed Nov 14 22:22:36 2018 UTC (5 months, 1 week ago) by kleink
Branch: MAIN
Changes since 1.39: +2 -2 lines
Diff to previous 1.39 (colored)

Revbump after cairo 1.16.0 update.

Revision 1.39 / (download) - annotate - [select for diffs], Mon Nov 12 03:53:04 2018 UTC (5 months, 1 week ago) by ryoon
Branch: MAIN
Changes since 1.38: +2 -2 lines
Diff to previous 1.38 (colored)

Recursive revbump from hardbuzz-2.1.1

Revision 1.38 / (download) - annotate - [select for diffs], Wed Oct 24 15:42:47 2018 UTC (5 months, 4 weeks ago) by bsiegert
Branch: MAIN
Changes since 1.37: +2 -2 lines
Diff to previous 1.37 (colored)

Revbump packages that depend on hunspell.

The recent hunspell update has changed the name of the library, so these
need to be rebuilt.

prodded by wiz@ and leot@.

Revision 1.37 / (download) - annotate - [select for diffs], Wed Aug 22 09:47:24 2018 UTC (8 months ago) by wiz
Branch: MAIN
CVS Tags: pkgsrc-2018Q3-base, pkgsrc-2018Q3
Changes since 1.36: +2 -2 lines
Diff to previous 1.36 (colored)

Recursive bump for perl5-5.28.0

Revision 1.36 / (download) - annotate - [select for diffs], Fri Jul 20 03:34:31 2018 UTC (9 months ago) by ryoon
Branch: MAIN
Changes since 1.35: +2 -2 lines
Diff to previous 1.35 (colored)

Recursive revbump from textproc/icu-62.1

Revision 1.35 / (download) - annotate - [select for diffs], Fri Jul 6 15:06:51 2018 UTC (9 months, 2 weeks ago) by ryoon
Branch: MAIN
Changes since 1.34: +2 -2 lines
Diff to previous 1.34 (colored)

Recursive revbump from audio/pulseaudio

Revision 1.34 / (download) - annotate - [select for diffs], Mon Apr 16 14:35:18 2018 UTC (12 months ago) by wiz
Branch: MAIN
CVS Tags: pkgsrc-2018Q2-base, pkgsrc-2018Q2
Changes since 1.33: +2 -2 lines
Diff to previous 1.33 (colored)

Recursive bump for new fribidi dependency in pango.

Revision 1.33 / (download) - annotate - [select for diffs], Sat Apr 14 07:34:43 2018 UTC (12 months, 1 week ago) by adam
Branch: MAIN
Changes since 1.32: +2 -2 lines
Diff to previous 1.32 (colored)

revbump after icu update

Revision 1.32 / (download) - annotate - [select for diffs], Mon Mar 12 11:17:46 2018 UTC (13 months, 1 week ago) by wiz
Branch: MAIN
CVS Tags: pkgsrc-2018Q1-base, pkgsrc-2018Q1
Changes since 1.31: +2 -3 lines
Diff to previous 1.31 (colored)

Recursive bumps for fontconfig and libzip dependency changes.

Revision 1.31 / (download) - annotate - [select for diffs], Sun Jan 28 20:11:07 2018 UTC (14 months, 3 weeks ago) by wiz
Branch: MAIN
Changes since 1.30: +2 -2 lines
Diff to previous 1.30 (colored)

Bump PKGREVISION for gdbm shlib major bump

Revision 1.30 / (download) - annotate - [select for diffs], Thu Nov 23 17:20:16 2017 UTC (16 months, 4 weeks ago) by wiz
Branch: MAIN
CVS Tags: pkgsrc-2017Q4-base, pkgsrc-2017Q4
Changes since 1.29: +2 -2 lines
Diff to previous 1.29 (colored)

recursive bump for libxkbcommon removal from at-spi2-core

Revision 1.29 / (download) - annotate - [select for diffs], Fri Sep 8 02:38:44 2017 UTC (19 months, 2 weeks ago) by ryoon
Branch: MAIN
CVS Tags: pkgsrc-2017Q3-base, pkgsrc-2017Q3, pkgsrc-
Changes since 1.28: +2 -2 lines
Diff to previous 1.28 (colored)

Recursive revbump from audio/pulseaudio-11.0

Revision 1.28 / (download) - annotate - [select for diffs], Sun Jul 9 09:04:00 2017 UTC (21 months, 1 week ago) by maya
Branch: MAIN
Changes since 1.27: +2 -2 lines
Diff to previous 1.27 (colored)

firefox{,45,52}: bump pkgrevision with no change.

these packages pull in GCC_REQD+=4.9 via mozilla-common.mk, and
are very widely used (I suspect only www/firefox actually needs it)

this will take care of most of the fallout from major bumping
pkgsrc-gcc-libstdc++ to 7 on netbsd. these are the most widely
used packages setting GCC_REQD>4.8.

Revision 1.23.2.1 / (download) - annotate - [select for diffs], Tue Jun 13 19:11:21 2017 UTC (22 months, 1 week ago) by bsiegert
Branch: pkgsrc-2017Q1
Changes since 1.23: +6 -2 lines
Diff to previous 1.23 (colored) next main 1.24 (colored)

Pullup ticket #5476 - requested by khorben
www/firefox45: security fix

Revisions pulled up:
- www/firefox45-l10n/Makefile                                   1.10
- www/firefox45-l10n/distinfo                                   1.11
- www/firefox45/Makefile                                        1.25-1.27
- www/firefox45/distinfo                                        1.14
- www/firefox45/mozilla-common.mk                               1.7

---
   Module Name:	pkgsrc
   Committed By:	ryoon
   Date:		Wed May 10 14:13:26 UTC 2017

   Modified Files:
   	pkgsrc/www/firefox45: Makefile distinfo

   Log Message:
   Update to 45.9.0

   Changelog:
   Security fixes:
     #CVE-2017-5433: Use-after-free in SMIL animation functions
     #CVE-2017-5435: Use-after-free during transaction processing in the editor
     #CVE-2017-5436: Out-of-bounds write with malicious font in Graphite 2
     #CVE-2017-5461: Out-of-bounds write in Base64 encoding in NSS
     #CVE-2017-5459: Buffer overflow in WebGL
     #CVE-2017-5434: Use-after-free during focus handling
     #CVE-2017-5432: Use-after-free in text input selection
     #CVE-2017-5460: Use-after-free in frame selection
     #CVE-2017-5438: Use-after-free in nsAutoPtr during XSLT processing
     #CVE-2017-5439: Use-after-free in nsTArray Length() during XSLT processing
     #CVE-2017-5440: Use-after-free in txExecutionState destructor during
   XSLT processing
     #CVE-2017-5441: Use-after-free with selection during scroll events
     #CVE-2017-5442: Use-after-free during style changes
     #CVE-2017-5464: Memory corruption with accessibility and DOM manipulation
     #CVE-2017-5443: Out-of-bounds write during BinHex decoding
     #CVE-2017-5444: Buffer overflow while parsing
   application/http-index-format content
     #CVE-2017-5446: Out-of-bounds read when HTTP/2 DATA frames are sent
   with incorrect data
     #CVE-2017-5447: Out-of-bounds read during glyph processing
     #CVE-2017-5465: Out-of-bounds read in ConvolvePixel
     #CVE-2017-5448: Out-of-bounds write in ClearKeyDecryptor
     #CVE-2016-10196: Vulnerabilities in Libevent library
     #CVE-2017-5469: Potential Buffer overflow in flex-generated code
     #CVE-2017-5445: Uninitialized values used while parsing
   application/http-index-format content
     #CVE-2017-5462: DRBG flaw in NSS
     #CVE-2017-5429: Memory safety bugs fixed in Firefox 53, Firefox ESR
   45.9, and Firefox ESR 52.1

---
   Module Name:	pkgsrc
   Committed By:	ryoon
   Date:		Wed May 10 14:14:41 UTC 2017

   Modified Files:
   	pkgsrc/www/firefox45-l10n: Makefile distinfo

   Log Message:
   Update to 45.9.0

   * Sync with firefox45-45.9.0

---
   Module Name:	pkgsrc
   Committed By:	khorben
   Date:		Fri May 12 20:21:27 UTC 2017

   Modified Files:
   	pkgsrc/www/firefox45: Makefile

   Log Message:
   Register more binaries as not safe for PaX mprotect

   This also reflects the current situation in www/firefox.

   Bumps PKGREVISION.

---
   Module Name:	pkgsrc
   Committed By:	khorben
   Date:		Sat May 13 02:34:30 UTC 2017

   Modified Files:
   	pkgsrc/www/firefox45: Makefile mozilla-common.mk

   Log Message:
   Add dependency to multimedia/ffmpeg3

   This fixes audio and H.264 support. From ryoon@ originally, on 46.0nb1 at
   the time.

   "commit" maya@

Revision 1.27 / (download) - annotate - [select for diffs], Sat May 13 02:34:30 2017 UTC (23 months, 1 week ago) by khorben
Branch: MAIN
CVS Tags: pkgsrc-2017Q2-base, pkgsrc-2017Q2
Changes since 1.26: +2 -1 lines
Diff to previous 1.26 (colored)

Add dependency to multimedia/ffmpeg3

This fixes audio and H.264 support. From ryoon@ originally, on 46.0nb1 at
the time.

"commit" maya@

Revision 1.26 / (download) - annotate - [select for diffs], Fri May 12 20:21:27 2017 UTC (23 months, 1 week ago) by khorben
Branch: MAIN
Changes since 1.25: +4 -1 lines
Diff to previous 1.25 (colored)

Register more binaries as not safe for PaX mprotect

This also reflects the current situation in www/firefox.

Bumps PKGREVISION.

Revision 1.25 / (download) - annotate - [select for diffs], Wed May 10 14:13:26 2017 UTC (23 months, 1 week ago) by ryoon
Branch: MAIN
Changes since 1.24: +2 -3 lines
Diff to previous 1.24 (colored)

Update to 45.9.0

Changelog:
Security fixes:
 #CVE-2017-5433: Use-after-free in SMIL animation functions
 #CVE-2017-5435: Use-after-free during transaction processing in the editor
 #CVE-2017-5436: Out-of-bounds write with malicious font in Graphite 2
 #CVE-2017-5461: Out-of-bounds write in Base64 encoding in NSS
 #CVE-2017-5459: Buffer overflow in WebGL
 #CVE-2017-5434: Use-after-free during focus handling
 #CVE-2017-5432: Use-after-free in text input selection
 #CVE-2017-5460: Use-after-free in frame selection
 #CVE-2017-5438: Use-after-free in nsAutoPtr during XSLT processing
 #CVE-2017-5439: Use-after-free in nsTArray Length() during XSLT processing
 #CVE-2017-5440: Use-after-free in txExecutionState destructor during XSLT processing
 #CVE-2017-5441: Use-after-free with selection during scroll events
 #CVE-2017-5442: Use-after-free during style changes
 #CVE-2017-5464: Memory corruption with accessibility and DOM manipulation
 #CVE-2017-5443: Out-of-bounds write during BinHex decoding
 #CVE-2017-5444: Buffer overflow while parsing application/http-index-format content
 #CVE-2017-5446: Out-of-bounds read when HTTP/2 DATA frames are sent with incorrect data
 #CVE-2017-5447: Out-of-bounds read during glyph processing
 #CVE-2017-5465: Out-of-bounds read in ConvolvePixel
 #CVE-2017-5448: Out-of-bounds write in ClearKeyDecryptor
 #CVE-2016-10196: Vulnerabilities in Libevent library
 #CVE-2017-5469: Potential Buffer overflow in flex-generated code
 #CVE-2017-5445: Uninitialized values used while parsing application/http-index-format content
 #CVE-2017-5462: DRBG flaw in NSS
 #CVE-2017-5429: Memory safety bugs fixed in Firefox 53, Firefox ESR 45.9, and Firefox ESR 52.1

Revision 1.24 / (download) - annotate - [select for diffs], Sat Apr 22 21:04:02 2017 UTC (2 years ago) by adam
Branch: MAIN
Changes since 1.23: +2 -1 lines
Diff to previous 1.23 (colored)

Revbump after icu update

Revision 1.23 / (download) - annotate - [select for diffs], Sun Mar 26 03:54:37 2017 UTC (2 years ago) by ryoon
Branch: MAIN
CVS Tags: pkgsrc-2017Q1-base
Branch point for: pkgsrc-2017Q1
Changes since 1.22: +1 -2 lines
Diff to previous 1.22 (colored)

Remove PKGREVISION

Revision 1.22 / (download) - annotate - [select for diffs], Sun Mar 26 03:53:34 2017 UTC (2 years ago) by ryoon
Branch: MAIN
Changes since 1.21: +2 -2 lines
Diff to previous 1.21 (colored)

Update to 45.8.0

Changelog:
 #CVE-2017-5400: asm.js JIT-spray bypass of ASLR and DEP
 #CVE-2017-5401: Memory Corruption when handling ErrorResult
 #CVE-2017-5402: Use-after-free working with events in FontFace objects
 #CVE-2017-5404: Use-after-free working with ranges in selections
 #CVE-2017-5407: Pixel and history stealing via floating-point timing side channel with SVG filters
 #CVE-2017-5410: Memory corruption during JavaScript garbage collection incremental sweeping
 #CVE-2017-5409: File deletion via callback parameter in Mozilla Windows Updater and Maintenance Service
 #CVE-2017-5408: Cross-origin reading of video captions in violation of CORS
 #CVE-2017-5405: FTP response codes can cause use of uninitialized values for ports
 #CVE-2017-5398: Memory safety bugs fixed in Firefox 52 and Firefox ESR 45.8

Revision 1.21 / (download) - annotate - [select for diffs], Sun Feb 12 06:26:08 2017 UTC (2 years, 2 months ago) by ryoon
Branch: MAIN
Changes since 1.20: +2 -2 lines
Diff to previous 1.20 (colored)

Recursive revbump from fonts/harfbuzz

Revision 1.20 / (download) - annotate - [select for diffs], Wed Feb 8 07:32:01 2017 UTC (2 years, 2 months ago) by maya
Branch: MAIN
Changes since 1.19: +3 -2 lines
Diff to previous 1.19 (colored)

firefox45: make oss audio not overflow (sound like crap) when playing
bass-heavy sounds, similar to the change made to www/firefox.

put this patch in files/ because it's the right thing and also because
I'm struggling to make changes to the patch, possibly my moving the
location of EOF so the patch doesn't apply fully (guessing)

PKGREVISION->2

Revision 1.19 / (download) - annotate - [select for diffs], Mon Feb 6 13:56:05 2017 UTC (2 years, 2 months ago) by wiz
Branch: MAIN
Changes since 1.18: +2 -1 lines
Diff to previous 1.18 (colored)

Recursive bump for harfbuzz's new graphite2 dependency.

Revision 1.18 / (download) - annotate - [select for diffs], Fri Jan 27 13:43:41 2017 UTC (2 years, 2 months ago) by ryoon
Branch: MAIN
Changes since 1.17: +2 -3 lines
Diff to previous 1.17 (colored)

Update 45.7.0

Security fixes:
#CVE-2017-5375: Excessive JIT code allocation allows bypass of ASLR and DEP
#CVE-2017-5376: Use-after-free in XSL
#CVE-2017-5378: Pointer and frame data leakage of Javascript objects
#CVE-2017-5380: Potential use-after-free during DOM manipulations
#CVE-2017-5390: Insecure communication methods in Developer Tools JSON viewer
#CVE-2017-5396: Use-after-free with Media Decoder
#CVE-2017-5383: Location bar spoofing with unicode characters
#CVE-2017-5386: WebExtensions can use data: protocol to affect other extensions
#CVE-2017-5373: Memory safety bugs fixed in Firefox 51 and Firefox ESR 45.7

Revision 1.17 / (download) - annotate - [select for diffs], Sat Jan 21 20:06:53 2017 UTC (2 years, 3 months ago) by ryoon
Branch: MAIN
Changes since 1.16: +2 -2 lines
Diff to previous 1.16 (colored)

Recursive revbump from audio/pulseaudio-10.0

Revision 1.16 / (download) - annotate - [select for diffs], Fri Jan 20 15:03:37 2017 UTC (2 years, 3 months ago) by ryoon
Branch: MAIN
Changes since 1.15: +2 -2 lines
Diff to previous 1.15 (colored)

Fix an insecure connection error in HTTP2 case with devel/nss-3.28 or later
Bump PKGREVISION

Revision 1.15 / (download) - annotate - [select for diffs], Mon Jan 16 23:45:17 2017 UTC (2 years, 3 months ago) by wiz
Branch: MAIN
Changes since 1.14: +2 -1 lines
Diff to previous 1.14 (colored)

Recursive bump for libvpx shlib major change.

Revision 1.14 / (download) - annotate - [select for diffs], Mon Jan 2 17:45:12 2017 UTC (2 years, 3 months ago) by ryoon
Branch: MAIN
Changes since 1.13: +3 -4 lines
Diff to previous 1.13 (colored)

Update to 45.6.0

Chagnelog:
Security vulnerabilities fixed in Firefox ESR 45.6
 #CVE-2016-9899: Use-after-free while manipulating DOM events and audio elements
 #CVE-2016-9895: CSP bypass using marquee tag
 #CVE-2016-9897: Memory corruption in libGLES
 #CVE-2016-9898: Use-after-free in Editor while manipulating DOM subtrees
 #CVE-2016-9900: Restricted external resources can be loaded by SVG images through data URLs
 #CVE-2016-9904: Cross-origin information leak in shared atoms
 #CVE-2016-9905: Crash in EnumerateSubDocuments
 #CVE-2016-9901: Data from Pocket server improperly sanitized before execution
 #CVE-2016-9902: Pocket extension does not validate the origin of events
 #CVE-2016-9893: Memory safety bugs fixed in Firefox 50.1 and Firefox ESR 45.6

Revision 1.13 / (download) - annotate - [select for diffs], Sun Dec 4 05:17:44 2016 UTC (2 years, 4 months ago) by ryoon
Branch: MAIN
CVS Tags: pkgsrc-2016Q4-base, pkgsrc-2016Q4
Changes since 1.12: +2 -1 lines
Diff to previous 1.12 (colored)

Recursive revbump from textproc/icu 58.1

Revision 1.12 / (download) - annotate - [select for diffs], Sat Dec 3 10:19:29 2016 UTC (2 years, 4 months ago) by ryoon
Branch: MAIN
Changes since 1.11: +3 -3 lines
Diff to previous 1.11 (colored)

Update to 45.5.1

Changelog:
45.5.1:
 #CVE-2016-9079: Use-after-free in SVG Animation

45.5.0:
 #CVE-2016-5296: Heap-buffer-overflow WRITE in rasterize_edges_1
 #CVE-2016-5293: Write to arbitrary file with Mozilla Updater and Maintenance Service using updater.log hardlink
 #CVE-2016-5294: Arbitrary target directory for result files of update process
 #CVE-2016-5297: Incorrect argument length checking in JavaScript
 #CVE-2016-9064: Add-ons update must verify IDs match between current and new versions
 #CVE-2016-9066: Integer overflow leading to a buffer overflow in nsScriptLoadHandler
 #CVE-2016-5291: Same-origin policy violation using local HTML file and saved shortcut file
 #CVE-2016-9074: Insufficient timing side-channel resistance in divSpoiler
 #CVE-2016-5290: Memory safety bugs fixed in Firefox 50 and Firefox ESR 45.5

Revision 1.11 / (download) - annotate - [select for diffs], Wed Sep 21 11:51:14 2016 UTC (2 years, 7 months ago) by ryoon
Branch: MAIN
CVS Tags: pkgsrc-2016Q3-base, pkgsrc-2016Q3
Changes since 1.10: +2 -3 lines
Diff to previous 1.10 (colored)

Update to 45.4.0

Changelog:
Security vulnerabilities fixed in Firefox ESR 45.4

Announced
    September 13, 2016
Impact
    Critical
Products
    Firefox ESR
Fixed in

        Firefox ESR 45.4

Description

CVE-2016-5270 - Heap-buffer-overflow in nsCaseTransformTextRunFactory::TransformString [high]
Reporter: Atte Kettunen
Description: An out-of-bounds write of a boolean value during text conversion with some unicode characters. [1291016]

CVE-2016-5272 - Bad cast in nsImageGeometryMixin [high]
Reporter: Abhishek Arya
Description: A bad cast when processing layout with input elements can result in a potentially exploitable crash. [1297934]

CVE-2016-5276 - Heap-use-after-free in mozilla::a11y::DocAccessible::ProcessInvalidationList [high]
Reporter: Nils
Description: A use-after-free vulnerability triggered by setting a aria-owns attribute [1287721]

CVE-2016-5274 - use-after-free in nsFrameManager::CaptureFrameState [high]
Reporter: Nils
Description: A use-after-free issue in web animations during restyling. [1282076]

CVE-2016-5277 - Heap-use-after-free in nsRefreshDriver::Tick [high]
Reporter: Nils
Description: A user-after-free vulnerability with web animations when destroying a timeline [1291665]

CVE-2016-5278 - Heap-buffer-overflow in nsBMPEncoder::AddImageFrame [critical]
Reporter: Nils
Description: A potentially exploitable crash caused by a buffer overflow while encoding image frames to images [1294677]

CVE-2016-5280 - Use-after-free in mozilla::nsTextNodeDirectionalityMap::RemoveElementFromMap [high]
Reporter: Mei Wang
Description: Use-after-free vulnerability when changing text direction [1289970]

CVE-2016-5281 - use-after-free in DOMSVGLength [high]
Reporter: Brian Carpenter
Description: Use-after-free vulnerability when manipulating SVG format content through script [1284690]

CVE-2016-5284 - Add-on update site certificate pin expiration [high]
Reporter: Multiple people
Description: Due to flaws in the process we used to update "Preloaded Public Key Pinning" in our releases, the pinning for add-on updates became ineffective in early September. An attacker who was able to get a mis-issued certificate for a Mozilla web site could send malicious add-on updates to users on networks controlled by the attacker. Users who have not installed any add-ons are not affected. [1303127]

CVE-2016-5250 - Resource Timing API is storing resources sent by the previous page [moderate]
Reporter: Catalin Dumitru
Description: URLs of resources loaded after a navigation started can leak to the following page through the Resource Timing API, leading to potential information disclosure. [1254688]

CVE-2016-5261 - Integer overflow and memory corruption in WebSocketChannel [high]
Reporter: Samuel Gro
Description: An integer overflow error in WebSockets during data buffering on incoming packets resulting in attacker controlled data being written at a known offset in the allocated buffer. [1287266]

CVE-2016-5257 - Memory safety bugs fixed in Firefox 49 and Firefox ESR 45.4 [critical]
Reporter: Mozilla developers
Description: Mozilla developers and community members Christoph Diehl, Andrew McCreight, Dan Minor, Byron Campen, Jon Coppeard, Steve Fink, Tyson Smith, Philipp, and Carsten Book reported memory safety bugs present in Firefox 48 and Firefox ESR 45.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort at least some of these could be exploited to run arbitrary code. [Memory safety bugs fixed in Firefox 49 and Firefox ESR 45.4]

Revision 1.10 / (download) - annotate - [select for diffs], Sat Aug 20 23:17:00 2016 UTC (2 years, 8 months ago) by maya
Branch: MAIN
Changes since 1.9: +3 -1 lines
Diff to previous 1.9 (colored)

Another paxctl +m needed, lib/firefox45/firefox

Revision 1.9 / (download) - annotate - [select for diffs], Wed Aug 17 00:06:47 2016 UTC (2 years, 8 months ago) by ryoon
Branch: MAIN
Changes since 1.8: +2 -1 lines
Diff to previous 1.8 (colored)

Recursive revbump from multimedia/libvpx uppdate

Revision 1.8 / (download) - annotate - [select for diffs], Thu Aug 11 04:24:03 2016 UTC (2 years, 8 months ago) by ryoon
Branch: MAIN
Changes since 1.7: +2 -3 lines
Diff to previous 1.7 (colored)

Update to 45.3.0

Changelog:

Fixed Various stability fixes

Fixed in Firefox ESR 45.3
    2016-80 Same-origin policy violation using local HTML file and saved shortcut file
    2016-79 Use-after-free when applying SVG effects
    2016-78 Type confusion in display transformation
    2016-77 Buffer overflow in ClearKey Content Decryption Module (CDM) during video playback
    2016-76 Scripts on marquee tag can execute in sandboxed iframes
    2016-73 Use-after-free in service workers with nested sync events
    2016-72 Use-after-free in DTLS during WebRTC session shutdown
    2016-70 Use-after-free when using alt key and toplevel menus
    2016-67 Stack underflow during 2D graphics rendering
    2016-65 Cairo rendering crash due to memory allocation issue with FFmpeg 0.10
    2016-64 Buffer overflow rendering SVG with bidirectional content
    2016-63 Favicon network connection can persist when page is closed
    2016-62 Miscellaneous memory safety hazards (rv:48.0 / rv:45.3)

Revision 1.7 / (download) - annotate - [select for diffs], Thu Aug 4 17:03:39 2016 UTC (2 years, 8 months ago) by ryoon
Branch: MAIN
Changes since 1.6: +2 -2 lines
Diff to previous 1.6 (colored)

Recursive revbump from audio/pulseaudio

Revision 1.6 / (download) - annotate - [select for diffs], Wed Aug 3 10:23:31 2016 UTC (2 years, 8 months ago) by adam
Branch: MAIN
Changes since 1.5: +2 -2 lines
Diff to previous 1.5 (colored)

Revbump after graphics/gd update

Revision 1.5 / (download) - annotate - [select for diffs], Sat Jul 9 06:39:12 2016 UTC (2 years, 9 months ago) by wiz
Branch: MAIN
Changes since 1.4: +2 -1 lines
Diff to previous 1.4 (colored)

Bump PKGREVISION for perl-5.24.0 for everything mentioning perl.

Revision 1.4 / (download) - annotate - [select for diffs], Sun Jun 19 06:24:09 2016 UTC (2 years, 10 months ago) by ryoon
Branch: MAIN
CVS Tags: pkgsrc-2016Q2-base, pkgsrc-2016Q2
Changes since 1.3: +3 -3 lines
Diff to previous 1.3 (colored)

Update to 45.2.0

Changelog:
Fixed
    Graphics-related crashes (Bugs 1261320, 1224199)
    Various security fixes
    Unicode support for AutoConfig API (Bug 1271032)
    Web compatibility fix for addEventListener API (Bug 1266194)

Fixed in Firefox ESR 45.2
    2016-58 Entering fullscreen and persistent pointerlock without user permission
    2016-56 Use-after-free when textures are used in WebGL operations after recycle pool destruction
    2016-55 File overwrite and privilege escalation through Mozilla Windows updater
    2016-53 Out-of-bounds write with WebGL shader
    2016-52 Addressbar spoofing though the SELECT element
    2016-51 Use-after-free deleting tables from a contenteditable document
    2016-50 Buffer overflow parsing HTML5 fragments
    2016-49 Miscellaneous memory safety hazards (rv:47.0 / rv:45.2)

Revision 1.3 / (download) - annotate - [select for diffs], Thu May 5 11:51:24 2016 UTC (2 years, 11 months ago) by ryoon
Branch: MAIN
Changes since 1.2: +2 -2 lines
Diff to previous 1.2 (colored)

Update to 45.1.1

Changelog:
Fixed
    Build issue when jit is disabled (Bug 1266366)

    Add-on signing certificate expiration (Bug 1267318)

    Graphics-related shutdown crash (Bug 1261321)

Revision 1.2 / (download) - annotate - [select for diffs], Wed May 4 09:41:55 2016 UTC (2 years, 11 months ago) by ryoon
Branch: MAIN
Changes since 1.1: +4 -1 lines
Diff to previous 1.1 (colored)

Remove unused patch.

Revision 1.1 / (download) - annotate - [select for diffs], Wed Apr 27 16:36:50 2016 UTC (2 years, 11 months ago) by ryoon
Branch: MAIN

Import firefox45-45.1.0 as www/firefox45.

Mozilla Firefox is a free, open-source and cross-platform web browser
for Windows, Linux, MacOS X and many other operating systems.

It is fast and easy to use, and offers many advantages over other web
browsers, such as tabbed browsing and the ability to block pop-up
windows.

Firefox also offers excellent bookmark and history management, and it
can be extended by developers using industry standards such as XML,
CSS, JavaScript, C++, etc. Many extensions are available.

This package tracks Firefox 45 ESR branch.

Changelog from www/firefox 45.0.2:
Fixed in Firefox ESR 45.1
    2016-47 Write to invalid HashMap entry through JavaScript.watch()
    2016-44 Buffer overflow in libstagefright with CENC offsets
    2016-39 Miscellaneous memory safety hazards (rv:46.0 / rv:45.1 / rv:38.8)

This form allows you to request diff's between any two revisions of a file. You may select a symbolic revision name using the selection box or you may type in a numeric name using the type-in text box.




CVSweb <webmaster@jp.NetBSD.org>