Up to [cvs.NetBSD.org] / pkgsrc / www / firefox60
Request diff between arbitrary revisions
Keyword substitution: kv
Default branch: MAIN
www: Remove firefox60 - EOL
Revbump for icu
www/firefox60: remove no-op SUBST block The file mozHunspell.cpp does not exist anymore. The only file in the directory mozilla/extensions/spellcheck that contains @prefix@ is Makefile.in.
firefox*: Mark ESR versions as such in COMMENT
Recursive revision bump after textproc/icu update
librsvg: update bl3.mk to remove libcroco in rust case recursive bump for the dependency change
Revbump packages depending on libffi after .so version change. Requested by Matthias Ferdinand and Oskar on pkgsrc-users.
firefox60: Workaround broken pthread_equal() usage Switch to an internal version of pthread_equal() without sanity checks. Problems detected on NetBSD 9.99.46.
*: Recursive revision bump for openssl 1.1.1.
firefox60: Fix build with rust-1.40.0, bump PKGREVISION
Update to 60.9.0 * Fix build with rust-1.39.0 Changelog: #CVE-2019-11746: Use-after-free while manipulating video #CVE-2019-11744: XSS by breaking out of title and textarea elements using innerHTML #CVE-2019-11742: Same-origin policy violation with SVG filters and canvas to steal cross-origin images #CVE-2019-11753: Privilege escalation with Mozilla Maintenance Service in custom Firefox installation location #CVE-2019-11752: Use-after-free while extracting a key value in IndexedDB #CVE-2019-9812: Sandbox escape through Firefox Sync #CVE-2019-11743: Cross-origin access to unload event attributes #CVE-2019-11740: Memory safety bugs fixed in Firefox 69, Firefox ESR 68.1, and Firefox ESR 60.9
www: align variable assignments pkglint -Wall -F --only aligned --only indent -r Manually excluded phraseanet since pkglint got the indentation wrong.
Recursive revbump from audio/pulseaudio
Bump PKGREVISIONs for perl 5.30.0
*: recursive bump for gdk-pixbuf2-2.38.1
Update to 60.7.2 Changelog: #CVE-2019-11708: sandbox escape using Prompt:Open
Update firefox60 and firefox60-l10n to 60.7.1, fixing CVE-2019-11707. Tested on amd64, OK ryoon@
firefox60: Disable the nonblocking audio code for now. It seems to cause frame drops at higher latencies.
firefox60: Add sun audio backend and make it a default where supported. This replaces the OSS backend with something that passes the unit tests, supports additional channels, and supports recording. It will be included with future versions of Firefox. Tested with: * YouTube audio-video sync test * about:support device detection * WebRTC microphone recording (using an USB microphone) While here, fix WebRTC builds. Note: you can select an audio backend using the about:config variable media.cubeb.backend. This can be set to options such as sun/pulse/oss. Let me know if you still need to use the oss backend. It's very incomplete, buggy, and FreeBSD has already removed it - ideally we should eventually. Bump PKGREVISION.
firefox*: don't use /dev/sound on netbsd. it treats "pause" as a sticky operation and might randomly fail to play audio if another program has paused its audio. PR kern/54229
firefox60: update to 60.7.0nb2. NetBSD doesn't ship libGL.so.1 due to a major bump. Look for the unversioned name. Based on maya's patch for www/firefox.
firefox60: update to 60.7.0nb1. copy tsutsui's commit to firefox: fix wrong latency unit in stream_init() function. Based on a patch in PR pkg/54206 from Y.Sugahara. Bump PKGREVISION.
Update to 60.7.0 From Piotr Meyer, thank you. Changelog: changed: Font and date adjustments to accommodate the new Reiwa era in Japan fixed: #CVE-2019-9815: Disable hyperthreading on content JavaScript threads on macOS #CVE-2019-9816: Type confusion with object groups and UnboxedObjects #CVE-2019-9817: Stealing of cross-domain images using canvas #CVE-2019-9818: Use-after-free in crash generation server #CVE-2019-9819: Compartment mismatch with fetch API #CVE-2019-9820: Use-after-free of ChromeEventHandler by DocShell #CVE-2019-11691: Use-after-free in XMLHttpRequest #CVE-2019-11692: Use-after-free removing listeners in the event listener manager #CVE-2019-11693: Buffer overflow in WebGL bufferdata on Linux #CVE-2019-7317: Use-after-free in png_image_free of libpng library #CVE-2019-9797: Cross-origin theft of images with createImageBitmap #CVE-2018-18511: Cross-origin theft of images with ImageBitmapRenderingContext #CVE-2019-11694: Uninitialized memory memory leakage in Windows sandbox #CVE-2019-11698: Theft of user history data through drag and drop of hyperlinks to and from bookmarks #CVE-2019-5798: Out-of-bounds read in Skia #CVE-2019-9800: Memory safety bugs fixed in Firefox 67 and Firefox ESR 60.7
update firefox HOMEPAGE (http -> https)
Update to 60.6.3 * Convert to ffmpeg dependency to 4 Changelog: Fixed: Further improvements to re-enable web extensions which had been disabled for users with a master password set (Bug 1549249).
Update to 60.6.2 Changelog: Fixed: Repaired certificate chain to re-enable web extensions that had been disabled
Recursive rebvump from devel/nss
Recursive revbump from textproc/icu
Update to 60.6.1 Changelog: 60.6.1 #CVE-2019-9810: IonMonkey MArraySlice has incorrect alias information #CVE-2019-9813: Ionmonkey type confusion with __proto__ mutations 60.6.0 #CVE-2019-9790: Use-after-free when removing in-use DOM elements #CVE-2019-9791: Type inference is incorrect for constructors entered through on-stack replacement with IonMonkey #CVE-2019-9792: IonMonkey leaks JS_OPTIMIZED_OUT magic value to script #CVE-2019-9793: Improper bounds checks when Spectre mitigations are disabled #CVE-2019-9794: Command line arguments not discarded during execution #CVE-2019-9795: Type-confusion in IonMonkey JIT compiler #CVE-2019-9801: Windows programs that are not 'URL Handlers' are exposed to web content #CVE-2018-18506: Proxy Auto-Configuration file can define localhost access to be proxied #CVE-2019-9788: Memory safety bugs fixed in Firefox 66 and Firefox ESR 60.6 Enterprise In the network connections settings, sites added to the "No proxy for" list will now honor that setting regardless of any other specified proxy settings
firefox60: sort LDFLAGS, add whitespace (to reduce diffs to tor-browser)
Fix build with lang/rust-1.33.0. Bump PKGREVISION
Update to 60.5.2 Changelog: 60.5.2 Fixed a frequent crash when reading various Reuters news articles (bug 1505844) 60.5.1 #CVE-2018-18356: Use-after-free in Skia #CVE-2019-5785: Integer overflow in Skia #CVE-2018-18335: Buffer overflow in Skia with accelerated Canvas 2D 60.5.0 #CVE-2018-18500: Use-after-free parsing HTML5 stream #CVE-2018-18505: Privilege escalation through IPC channel messages #CVE-2018-18501: Memory safety bugs fixed in Firefox 65 and Firefox ESR 60.5
remove obsolete hacks.mk & reduce diffs between mozilla derivative packages
Update to 60.4.0 Changelog: New Updated list of currency codes to include Unidad Previsional (UYW) (Bug 1499028) Fixed Various security fixes Security fixes: #CVE-2018-17466: Buffer overflow and out-of-bounds read in ANGLE library with TextureStorage11 #CVE-2018-18492: Use-after-free with select element #CVE-2018-18493: Buffer overflow in accelerated 2D canvas with Skia #CVE-2018-18494: Same-origin policy violation using location attribute and performance.getEntries to steal cross-origin URLs #CVE-2018-18498: Integer overflow when calculating buffer sizes for images #CVE-2018-12405: Memory safety bugs fixed in Firefox 64 and Firefox ESR 60.4
revbump after updating textproc/icu
Recursive revbump from multimedia/libva
Revbump after cairo 1.16.0 update.
Recursive revbump from hardbuzz-2.1.1
Pullup ticket #5869 - requested by maya www/firefox60: security fix, build fix Revisions pulled up: - www/firefox60-l10n/Makefile 1.4 - www/firefox60-l10n/distinfo 1.4 - www/firefox60/Makefile 1.6-1.7 - www/firefox60/PLIST 1.2 - www/firefox60/distinfo 1.3 - www/firefox60/patches/patch-build_moz.configure_init.configure deleted - www/firefox60/patches/patch-third__party_rust_libloading_.cargo-checksum.json deleted - www/firefox60/patches/patch-third__party_rust_libloading_build.rs deleted --- Module Name: pkgsrc Committed By: he Date: Sun Oct 28 17:40:15 UTC 2018 Modified Files: pkgsrc/www/firefox60: Makefile Added Files: pkgsrc/www/firefox60/patches: patch-build_moz.configure_init.configure Log Message: Add a patch so that this configures with rust >= 1.29, patterned after https://bugzilla.mozilla.org/show_bug.cgi?id=1479540 --- Module Name: pkgsrc Committed By: maya Date: Mon Oct 29 01:16:58 UTC 2018 Modified Files: pkgsrc/www/firefox60: Makefile PLIST distinfo pkgsrc/www/firefox60-l10n: Makefile distinfo Removed Files: pkgsrc/www/firefox60/patches: patch-build_moz.configure_init.configure patch-third__party_rust_libloading_.cargo-checksum.json patch-third__party_rust_libloading_build.rs Log Message: firefox60{,-l10n}: update to 60.3.0 patches removed seem to be merged. security fixes: https://www.mozilla.org/en-US/security/advisories/mfsa2018-27/
firefox60{,-l10n}: update to 60.3.0 patches removed seem to be merged. security fixes: https://www.mozilla.org/en-US/security/advisories/mfsa2018-27/
Add a patch so that this configures with rust >= 1.29, patterned after https://bugzilla.mozilla.org/show_bug.cgi?id=1479540
Update to 60.2.0 Changelog: #CVE-2018-12377: Use-after-free in refresh driver timers #CVE-2018-12378: Use-after-free in IndexedDB #CVE-2018-12379: Out-of-bounds write with malicious MAR file #CVE-2017-16541: Proxy bypass using automount and autofs #CVE-2018-12381: Dragging and dropping Outlook email message results in page navigation #CVE-2018-12376: Memory safety bugs fixed in Firefox 62 and Firefox ESR 60.2
Recursive bump for perl5-5.28.0
Recursive revbump from textproc/icu-62.1
Recursive revbump from audio/pulseaudio
www/firefox60: import firefox60-60.1.0 Mozilla Firefox is a free, open-source and cross-platform web browser for Windows, Linux, MacOS X and many other operating systems. It is fast and easy to use, and offers many advantages over other web browsers, such as tabbed browsing and the ability to block pop-up windows. Firefox also offers excellent bookmark and history management, and it can be extended by developers using industry standards such as XML, CSS, JavaScript, C++, etc. Many extensions are available. This package provides Firefox 60 ESR. Securty fixes: #CVE-2018-12359: Buffer overflow using computed size of canvas element #CVE-2018-12360: Use-after-free when using focus() #CVE-2018-12361: Integer overflow in SwizzleData #CVE-2018-12362: Integer overflow in SSSE3 scaler #CVE-2018-5156: Media recorder segmentation fault when track type is changed during capture #CVE-2018-12363: Use-after-free when appending DOM nodes #CVE-2018-12364: CSRF attacks through 307 redirects and NPAPI plugins #CVE-2018-12365: Compromised IPC child process can list local filenames #CVE-2018-12371: Integer overflow in Skia library during edge builder allocation #CVE-2018-12366: Invalid data handling during QCMS transformations #CVE-2018-12367: Timing attack mitigation of PerformanceNavigationTiming #CVE-2018-12368: No warning when opening executable SettingContent-ms files #CVE-2018-12369: WebExtension security permission checks bypassed by embedded experiments #CVE-2018-5187: Memory safety bugs fixed in Firefox 60 and Firefox ESR 60.1 #CVE-2018-5188: Memory safety bugs fixed in Firefox 60, Firefox ESR 60.1, and Firefox ESR 52.9