Up to [cvs.NetBSD.org] / pkgsrc / www / firefox68
Request diff between arbitrary revisions
Keyword substitution: kv
Default branch: MAIN
Remove firefox68. This was kept due to being the last LTS release of Firefox that functioned on NetBSD 8, but it's now so far gone, many dependencies of this aren't compiling with the old toolchain and userspace... Users of platforms like NetBSD 8 might have an easier time using arcticfox instead.
*: Recursive revbump from audio/pulseaudio
*: recursive bump for perl 5.36
revbump for textproc/icu update
{s,t,w}*/*: revbump(1) for libsndfile
revbump for icu and libffi
Recursive revbump for multimedia/libaom
*: Recursive revbump from audio/pulseaudio-15.0
firefox68: explicitly use autoconf-2.13
*: recursive bump for perl 5.34
revbump for textproc/icu
*: Recursive revbump from devel/nss
*: bump PKGREVISION for nss linking fix
*: Recursive revbump from audio/pulseaudio-14.2.nb1
*: Recursive revbump from audio/pulseaudio-14.0
Remove now-actively-harmful 32-bit ARM hack from Mozilla packages.
*: Recursive revbump from textproc/icu-68.1
*: bump PKGREVISION for perl-5.32.
firefox68: Update to 68.12.0 Security Vulnerabilities fixed in Firefox ESR 68.12 #CVE-2020-15663: Downgrade attack on the Mozilla Maintenance Service could have resulted in escalation of privilege #CVE-2020-15664: Attacker-induced prompt for extension installation #CVE-2020-15669: Use-After-Free when aborting an operation
*: revbump for libsndfile
*: revbump after fontconfig bl3 changes (libuuid removal)
Pullup ticket #6287 - requested by nia www/firefox68: security fix Revisions pulled up: - www/firefox68/Makefile 1.31 - www/firefox68/distinfo 1.21 --- Module Name: pkgsrc Committed By: nia Date: Wed Jul 29 14:20:30 UTC 2020 Modified Files: pkgsrc/www/firefox68: Makefile distinfo Log Message: firefox68: Update to 68.11.0 Security Vulnerabilities fixed in Firefox ESR 68.11 #CVE-2020-15652: Potential leak of redirect targets when loading scripts in a worker #CVE-2020-6514: WebRTC data channel leaks internal address to peer #CVE-2020-6463: Use-after-free in ANGLE gl::Texture::onUnbindAsSamplerTexture #CVE-2020-15650: Overwriting local files through malicious file picker application #CVE-2020-15649: Exfiltrating local files through malicious file picker application #CVE-2020-15659: Memory safety bugs fixed in Firefox 79 and Firefox ESR 68.11
firefox68: Update to 68.11.0 Security Vulnerabilities fixed in Firefox ESR 68.11 #CVE-2020-15652: Potential leak of redirect targets when loading scripts in a worker #CVE-2020-6514: WebRTC data channel leaks internal address to peer #CVE-2020-6463: Use-after-free in ANGLE gl::Texture::onUnbindAsSamplerTexture #CVE-2020-15650: Overwriting local files through malicious file picker application #CVE-2020-15649: Exfiltrating local files through malicious file picker application #CVE-2020-15659: Memory safety bugs fixed in Firefox 79 and Firefox ESR 68.11
www/firefox68: Add NetBSD support for U2F/FIDO2 security keys. Based on patch submitted upstream: https://github.com/mozilla/authenticator-rs/pull/116 Adapted lightly for firefox68 which had its own copy of an older version of authenticator-rs.
Pullup ticket #6266 - requested by nia www/firefox68: security fix Revisions pulled up: - www/firefox68/Makefile 1.29 - www/firefox68/distinfo 1.19 --- Module Name: pkgsrc Committed By: nia Date: Tue Jul 7 16:44:11 UTC 2020 Modified Files: pkgsrc/www/firefox68: Makefile distinfo Log Message: firefox68: Update to 68.10.0 For anyone curious about the delay: apparently, my ccache cache was corrupted so the build was failing. *sigh* that won't be a problem soon... Security Vulnerabilities fixed in Firefox ESR 68.10 #CVE-2020-12417: Memory corruption due to missing sign-extension for ValueTags on ARM64 #CVE-2020-12418: Information disclosure due to manipulated URL object #CVE-2020-12419: Use-after-free in nsGlobalWindowInner #CVE-2020-12420: Use-After-Free when trying to connect to a STUN server #CVE-2020-12421: Add-On updates did not respect the same certificate trust rules as software updates
firefox68: Update to 68.10.0 For anyone curious about the delay: apparently, my ccache cache was corrupted so the build was failing. *sigh* that won't be a problem soon... Security Vulnerabilities fixed in Firefox ESR 68.10 #CVE-2020-12417: Memory corruption due to missing sign-extension for ValueTags on ARM64 #CVE-2020-12418: Information disclosure due to manipulated URL object #CVE-2020-12419: Use-after-free in nsGlobalWindowInner #CVE-2020-12420: Use-After-Free when trying to connect to a STUN server #CVE-2020-12421: Add-On updates did not respect the same certificate trust rules as software updates
firefox68: Revert accidental partial update
firefox68: Remove cargo SUBSTs since there's no clear patching of crates
firefox68: Remove patches for NetBSD 7, rust dropped support for NetBSD 7
firefox68: Remove hack to disable multiprocess mode This was working around the lack of pshared semaphores on older NetBSD releases, and restrictions on which process can destroy semaphores on newer NetBSD releases. However, we've switched to a new NetBSD-exclusive hack in www/firefox where we force the use of the tiled rendering mode. This copies what Firefox does on macOS, which has similar limitations on cross-process semaphores. The discovery of this was a joint effort between maya and me. This avoids several bugs: 1) Multiprocess mode being outright broken on older NetBSD releases 2) Multiprocess mode leaking semaphores and eventually hitting open file limits on newer NetBSD releases Bump PKGREVISION
firefox68: Clean up checksum SUBSTs, following lang/rust
www: Remove firefox60 - EOL
Pullup ticket #6220 - requested by nia www/firefox68: security fix Revisions pulled up: - www/firefox68/Makefile 1.22 - www/firefox68/distinfo 1.16 - www/firefox68/patches/patch-build_moz.configure_rust.configure 1.1 --- Module Name: pkgsrc Committed By: nia Date: Wed Jun 3 13:00:24 UTC 2020 Modified Files: pkgsrc/www/firefox68: Makefile distinfo Added Files: pkgsrc/www/firefox68/patches: patch-build_moz.configure_rust.configure Log Message: firefox68: Update to 68.9.0 Security Vulnerabilities fixed in Firefox ESR 68.9 #CVE-2020-12399: Timing attack on DSA signatures in NSS library #CVE-2020-12405: Use-after-free in SharedWorkerService #CVE-2020-12406: JavaScript Type confusion with NativeTypes #CVE-2020-12410: Memory safety bugs fixed in Firefox 77 and Firefox ESR 68.9
firefox68: Update to 68.9.0 Security Vulnerabilities fixed in Firefox ESR 68.9 #CVE-2020-12399: Timing attack on DSA signatures in NSS library #CVE-2020-12405: Use-after-free in SharedWorkerService #CVE-2020-12406: JavaScript Type confusion with NativeTypes #CVE-2020-12410: Memory safety bugs fixed in Firefox 77 and Firefox ESR 68.9
Revbump for icu
Pullup ticket #6190 - requested by nia www/firefox68: security fix Revisions pulled up: - www/firefox68/Makefile 1.20 - www/firefox68/PLIST 1.6 - www/firefox68/distinfo 1.15 --- Module Name: pkgsrc Committed By: nia Date: Sat May 9 13:08:01 UTC 2020 Modified Files: pkgsrc/www/firefox68: Makefile PLIST distinfo Log Message: firefox68: Update to 68.8.0 Security Vulnerabilities fixed in Firefox ESR 68.8 #CVE-2020-12387: Use-after-free during worker shutdown #CVE-2020-12388: Sandbox escape with improperly guarded Access Tokens #CVE-2020-12389: Sandbox escape with improperly separated process types #CVE-2020-6831: Buffer overflow in SCTP chunk input validation #CVE-2020-12392: Arbitrary local file access with 'Copy as cURL' #CVE-2020-12393: Devtools' 'Copy as cURL' feature did not fully escape website-controlled data, potentially leading to command injection #CVE-2020-12395: Memory safety bugs fixed in Firefox 76 and Firefox ESR 68.8
firefox68: Update to 68.8.0 Security Vulnerabilities fixed in Firefox ESR 68.8 #CVE-2020-12387: Use-after-free during worker shutdown #CVE-2020-12388: Sandbox escape with improperly guarded Access Tokens #CVE-2020-12389: Sandbox escape with improperly separated process types #CVE-2020-6831: Buffer overflow in SCTP chunk input validation #CVE-2020-12392: Arbitrary local file access with 'Copy as cURL' #CVE-2020-12393: Devtools' 'Copy as cURL' feature did not fully escape website-controlled data, potentially leading to command injection #CVE-2020-12395: Memory safety bugs fixed in Firefox 76 and Firefox ESR 68.8
firefox*: Mark ESR versions as such in COMMENT
Recursive revision bump after textproc/icu update
Pullup ticket #6155 - requested by nia www/firefox68: security fix Revisions pulled up: - www/firefox68/Makefile 1.17 - www/firefox68/distinfo 1.14 --- Module Name: pkgsrc Committed By: nia Date: Fri Apr 10 10:41:50 UTC 2020 Modified Files: pkgsrc/www/firefox68: Makefile distinfo Log Message: firefox68: Update to 68.7.0 Security Vulnerabilities fixed in Firefox ESR 68.7 #CVE-2020-6828: Preference overwrite via crafted Intent from malicious Android application #CVE-2020-6827: Custom Tabs in Firefox for Android could have the URI spoofed #CVE-2020-6821: Uninitialized memory could be read when using the WebGL copyTexSubImage method #CVE-2020-6822: Out of bounds write in GMPDecodeData when processing large images #CVE-2020-6825: Memory safety bugs fixed in Firefox 75 and Firefox ESR 68.7
firefox68: Update to 68.7.0 Security Vulnerabilities fixed in Firefox ESR 68.7 #CVE-2020-6828: Preference overwrite via crafted Intent from malicious Android application #CVE-2020-6827: Custom Tabs in Firefox for Android could have the URI spoofed #CVE-2020-6821: Uninitialized memory could be read when using the WebGL copyTexSubImage method #CVE-2020-6822: Out of bounds write in GMPDecodeData when processing large images #CVE-2020-6825: Memory safety bugs fixed in Firefox 75 and Firefox ESR 68.7
Pullup ticket #6150 - requested by nia www/firefox68: security fix Revisions pulled up: - www/firefox68/Makefile 1.16 - www/firefox68/distinfo 1.13 --- Module Name: pkgsrc Committed By: nia Date: Sat Apr 4 15:26:42 UTC 2020 Modified Files: pkgsrc/www/firefox68: Makefile distinfo Log Message: firefox68: Update to 68.6.1 Security Vulnerabilities fixed in Firefox 74.0.1 and Firefox ESR 68.6.1 #CVE-2020-6819: Use-after-free while running the nsDocShell destructor #CVE-2020-6820: Use-after-free when handling a ReadableStream
firefox68: Update to 68.6.1 Security Vulnerabilities fixed in Firefox 74.0.1 and Firefox ESR 68.6.1 #CVE-2020-6819: Use-after-free while running the nsDocShell destructor #CVE-2020-6820: Use-after-free when handling a ReadableStream
Pullup ticket #6145 - requested by nia www/firefox68: security fix Revisions pulled up: - www/firefox68/Makefile 1.15 - www/firefox68/PLIST 1.5 - www/firefox68/distinfo 1.11 - www/firefox68/mozilla-common.mk 1.7 - www/firefox68/options.mk 1.8 - www/firefox68/patches/patch-aa 1.2 - www/firefox68/patches/patch-build_moz.configure_old.configure deleted - www/firefox68/patches/patch-dom_media_CubebUtils.cpp 1.2 - www/firefox68/patches/patch-media_libcubeb_src_cubeb.c 1.2 - www/firefox68/patches/patch-media_libcubeb_src_cubeb__oss.c deleted - www/firefox68/patches/patch-media_libcubeb_src_moz.build 1.2 - www/firefox68/patches/patch-media_libcubeb_update.sh 1.2 - www/firefox68/patches/patch-toolkit_library_moz.build 1.2 --- Module Name: pkgsrc Committed By: nia Date: Thu Mar 12 19:39:35 UTC 2020 Modified Files: pkgsrc/www/firefox68: Makefile PLIST distinfo mozilla-common.mk options.mk pkgsrc/www/firefox68/patches: patch-aa patch-dom_media_CubebUtils.cpp patch-media_libcubeb_src_cubeb.c patch-media_libcubeb_src_moz.build patch-media_libcubeb_update.sh patch-toolkit_library_moz.build Removed Files: pkgsrc/www/firefox68/patches: patch-build_moz.configure_old.configure patch-media_libcubeb_src_cubeb__oss.c Log Message: firefox68: Update to 68.6.0 While here, - Remove OSS support now that cubeb_sun has been stable for a long while - Appease pkglint Security fixes in this release: #CVE-2020-6805: Use-after-free when removing data about origins #CVE-2020-6806: BodyStream::OnInputStreamReady was missing protections #CVE-2020-6807: Use-after-free in cubeb during stream destruction #CVE-2020-6811: Devtools' 'Copy as cURL' feature did not fully escape #CVE-2019-20503: Out of bounds reads in sctp_load_addresses_from_init #CVE-2020-6812: The names of AirPods with personally identifiable #CVE-2020-6814: Memory safety bugs fixed in Firefox 74 and Firefox ESR 68.6
firefox68: Update to 68.6.0 While here, - Remove OSS support now that cubeb_sun has been stable for a long while - Appease pkglint Security fixes in this release: #CVE-2020-6805: Use-after-free when removing data about origins #CVE-2020-6806: BodyStream::OnInputStreamReady was missing protections #CVE-2020-6807: Use-after-free in cubeb during stream destruction #CVE-2020-6811: Devtools' 'Copy as cURL' feature did not fully escape #CVE-2019-20503: Out of bounds reads in sctp_load_addresses_from_init #CVE-2020-6812: The names of AirPods with personally identifiable #CVE-2020-6814: Memory safety bugs fixed in Firefox 74 and Firefox ESR 68.6
librsvg: update bl3.mk to remove libcroco in rust case recursive bump for the dependency change
Revbump packages depending on libffi after .so version change. Requested by Matthias Ferdinand and Oskar on pkgsrc-users.
Pullup ticket #6134 - requested by nia www/firefox68: security fix Revisions pulled up: - www/firefox68/Makefile 1.12 - www/firefox68/PLIST 1.4 - www/firefox68/distinfo 1.10 --- Module Name: pkgsrc Committed By: nia Date: Sat Feb 15 12:48:22 UTC 2020 Modified Files: pkgsrc/www/firefox68: Makefile PLIST distinfo Log Message: firefox68: Update to 68.5.0 Security Vulnerabilities fixed in Firefox ESR68.5 # CVE-2020-6796: Missing bounds check on shared memory read in the parent process # CVE-2020-6797: Extensions granted downloads.open permission could open arbitrary applications on Mac OSX # CVE-2020-6798: Incorrect parsing of template tag could result in JavaScript injection # CVE-2020-6799: Arbitrary code execution when opening pdf links from other applications, when Firefox is configured as default pdf reader Note: This issue only affects Windows operating systems and when Firefox is configured as the default handler for non-default filetypes. Other operating systems are unaffected. # CVE-2020-6800: Memory safety bugs fixed in Firefox 73 and Firefox ESR 68.5
firefox68: Update to 68.5.0 Security Vulnerabilities fixed in Firefox ESR68.5 # CVE-2020-6796: Missing bounds check on shared memory read in the parent process # CVE-2020-6797: Extensions granted downloads.open permission could open arbitrary applications on Mac OSX # CVE-2020-6798: Incorrect parsing of template tag could result in JavaScript injection # CVE-2020-6799: Arbitrary code execution when opening pdf links from other applications, when Firefox is configured as default pdf reader Note: This issue only affects Windows operating systems and when Firefox is configured as the default handler for non-default filetypes. Other operating systems are unaffected. # CVE-2020-6800: Memory safety bugs fixed in Firefox 73 and Firefox ESR 68.5
firefox68: Workaround broken pthread_equal() usage Switch to an internal version of pthread_equal() without sanity checks. Problems detected on NetBSD 9.99.46.
firefox68: Update to 68.4.2 Changelog: Fixed Fixed various issues opening files with spaces in their path (bug 1601905, bug 1602726)
*: Recursive revision bump for openssl 1.1.1.
Pullup ticket #6113 - requested by nia www/firefox68: security fix (zero-day) Revisions pulled up: - www/firefox68/Makefile 1.7-1.8 - www/firefox68/distinfo 1.6-1.7 - www/firefox68/patches/patch-rust-1.39.0 deleted --- Module Name: pkgsrc Committed By: nia Date: Wed Jan 8 21:49:32 UTC 2020 Modified Files: pkgsrc/www/firefox68: Makefile distinfo Removed Files: pkgsrc/www/firefox68/patches: patch-rust-1.39.0 Log Message: firefox68: Update to 68.4.0 Security Vulnerabilities fixed in Firefox ESR 68.4: # CVE-2019-17015: Memory corruption in parent process during new content process initialization on Windows # CVE-2019-17016: Bypass of @namespace CSS sanitization during pasting # CVE-2019-17017: Type Confusion in XPCVariant.cpp # CVE-2019-17021: Heap address disclosure in parent process during content process initialization on Windows # CVE-2019-17022: CSS sanitization does not escape HTML tags # CVE-2019-17024: Memory safety bugs fixed in Firefox 72 and Firefox ESR 68.4 --- Module Name: pkgsrc Committed By: nia Date: Thu Jan 9 20:51:59 UTC 2020 Modified Files: pkgsrc/www/firefox68: Makefile distinfo Log Message: firefox68: Update to 68.4.1 This release fixes one zero-day vulnerability: CVE-2019-17026: IonMonkey type confusion with StoreElementHole and FallibleStoreElement Incorrect alias information in IonMonkey JIT compiler for setting array elements could lead to a type confusion. We are aware of targeted attacks in the wild abusing this flaw
firefox68: Update to 68.4.1 This release fixes one zero-day vulnerability: CVE-2019-17026: IonMonkey type confusion with StoreElementHole and FallibleStoreElement Incorrect alias information in IonMonkey JIT compiler for setting array elements could lead to a type confusion. We are aware of targeted attacks in the wild abusing this flaw
firefox68: Update to 68.4.0 Security Vulnerabilities fixed in Firefox ESR 68.4: # CVE-2019-17015: Memory corruption in parent process during new content process initialization on Windows # CVE-2019-17016: Bypass of @namespace CSS sanitization during pasting # CVE-2019-17017: Type Confusion in XPCVariant.cpp # CVE-2019-17021: Heap address disclosure in parent process during content process initialization on Windows # CVE-2019-17022: CSS sanitization does not escape HTML tags # CVE-2019-17024: Memory safety bugs fixed in Firefox 72 and Firefox ESR 68.4
*: Enable Wayland where supported in GTK and Firefox. Bump PKGREVISIONs
firefox68: Update to 68.3.0 pkgsrc changes: - Fixed building with wayland libs installed Security fixes: - CVE-2019-17008: Use-after-free in worker destruction - CVE-2019-13722: Stack corruption due to incorrect number of arguments in WebRTC code - CVE-2019-11745: Out of bounds write in NSS when encrypting with a block cipher - CVE-2019-17009: Updater temporary files accessible to unprivileged processes - CVE-2019-17010: Use-after-free when performing device orientation checks - CVE-2019-17005: Buffer overflow in plain text serializer - CVE-2019-17011: Use-after-free when retrieving a document in antitracking - CVE-2019-17012: Memory safety bugs fixed in Firefox 71 and Firefox ESR 68.3
Pullup ticket #6090 - requested by nia www/firefox68: security fix Revisions pulled up: - www/firefox68/Makefile 1.3 - www/firefox68/PLIST 1.2 - www/firefox68/distinfo 1.2 --- Module Name: pkgsrc Committed By: ryoon Date: Tue Nov 5 17:14:30 UTC 2019 Modified Files: pkgsrc/www/firefox68: Makefile PLIST distinfo Log Message: Update to 68.2.0 with patch from Piotr Meyer Changelog: Security fixes: #CVE-2019-15903: Heap overflow in expat library in XML_GetCurrentLineNumber #CVE-2019-11757: Use-after-free when creating index updates in IndexedDB #CVE-2019-11758: Potentially exploitable crash due to 360 Total Security #CVE-2019-11759: Stack buffer overflow in HKDF output #CVE-2019-11760: Stack buffer overflow in WebRTC networking #CVE-2019-11761: Unintended access to a privileged JSONView object #CVE-2019-11762: document.domain-based origin isolation has same-origin-property violation #CVE-2019-11763: Incorrect HTML parsing results in XSS bypass technique #CVE-2019-11764: Memory safety bugs fixed in Firefox 70 and Firefox ESR 68.2
Fix build with Rust 1.39.0, bump PKGREVISION
Update to 68.2.0 with patch from Piotr Meyer Changelog: Security fixes: #CVE-2019-15903: Heap overflow in expat library in XML_GetCurrentLineNumber #CVE-2019-11757: Use-after-free when creating index updates in IndexedDB #CVE-2019-11758: Potentially exploitable crash due to 360 Total Security #CVE-2019-11759: Stack buffer overflow in HKDF output #CVE-2019-11760: Stack buffer overflow in WebRTC networking #CVE-2019-11761: Unintended access to a privileged JSONView object #CVE-2019-11762: document.domain-based origin isolation has same-origin-property violation #CVE-2019-11763: Incorrect HTML parsing results in XSS bypass technique #CVE-2019-11764: Memory safety bugs fixed in Firefox 70 and Firefox ESR 68.2
www: align variable assignments pkglint -Wall -F --only aligned --only indent -r Manually excluded phraseanet since pkglint got the indentation wrong.
www/firefox68: import firefox68-68.1.0 Mozilla Firefox is a free, open-source and cross-platform web browser for Windows, Linux, MacOS X and many other operating systems. It is fast and easy to use, and offers many advantages over other web browsers, such as tabbed browsing and the ability to block pop-up windows. Firefox also offers excellent bookmark and history management, and it can be extended by developers using industry standards such as XML, CSS, JavaScript, C++, etc. Many extensions are available. This package provides Firefox 68 ESR.