The NetBSD Project

CVS log for pkgsrc/www/firefox78/Makefile

[BACK] Up to [cvs.NetBSD.org] / pkgsrc / www / firefox78

Request diff between arbitrary revisions


Default branch: MAIN


Revision 1.15.2.1 / (download) - annotate - [select for diffs], Sat Jan 16 21:47:26 2021 UTC (9 days, 12 hours ago) by bsiegert
Branch: pkgsrc-2020Q4
Changes since 1.15: +2 -2 lines
Diff to previous 1.15 (colored) next main 1.16 (colored)

Pullup ticket #6396 - requested by nia
www/firefox78: security fix

Revisions pulled up:
- www/firefox78/Makefile                                        1.17
- www/firefox78/distinfo                                        1.9
- www/firefox78/patches/patch-dom_webgpu_ipc_WebGPUParent.cpp   deleted

---
   Module Name:	pkgsrc
   Committed By:	ryoon
   Date:		Fri Jan  8 19:13:53 UTC 2021

   Modified Files:
   	pkgsrc/www/firefox78: Makefile distinfo
   Removed Files:
   	pkgsrc/www/firefox78/patches: patch-dom_webgpu_ipc_WebGPUParent.cpp

   Log Message:
   firefox78: Update to 78.6.1

   Changelog:
   * Fix: Fixed a crash during video playback on Apple Silicon devices (bug 1683579)
   * Secrity fix:
   #CVE-2020-16044: Use-after-free write when handling a malicious COOKIE-ECHO SCTP chunk

Revision 1.17 / (download) - annotate - [select for diffs], Fri Jan 8 19:13:53 2021 UTC (2 weeks, 3 days ago) by ryoon
Branch: MAIN
CVS Tags: HEAD
Changes since 1.16: +2 -3 lines
Diff to previous 1.16 (colored)

firefox78: Update to 78.6.1

Changelog:
* Fix: Fixed a crash during video playback on Apple Silicon devices (bug 1683579)
* Secrity fix:
#CVE-2020-16044: Use-after-free write when handling a malicious COOKIE-ECHO SCTP chunk

Revision 1.16 / (download) - annotate - [select for diffs], Fri Jan 1 09:52:42 2021 UTC (3 weeks, 4 days ago) by ryoon
Branch: MAIN
Changes since 1.15: +2 -1 lines
Diff to previous 1.15 (colored)

*: Recursive revbump from audio/pulseaudio-14.0

Revision 1.15 / (download) - annotate - [select for diffs], Sat Dec 26 10:35:16 2020 UTC (4 weeks, 2 days ago) by nia
Branch: MAIN
CVS Tags: pkgsrc-2020Q4-base
Branch point for: pkgsrc-2020Q4
Changes since 1.14: +1 -4 lines
Diff to previous 1.14 (colored)

Remove now-actively-harmful 32-bit ARM hack from Mozilla packages.

Revision 1.6.2.3 / (download) - annotate - [select for diffs], Sat Dec 19 20:38:04 2020 UTC (5 weeks, 2 days ago) by bsiegert
Branch: pkgsrc-2020Q3
Changes since 1.6.2.2: +2 -2 lines
Diff to previous 1.6.2.2 (colored) to branchpoint 1.6 (colored) next main 1.7 (colored)

Pullup ticket #6385 - requested by nia
www/firefox78: security fix

Revisions pulled up:
- www/firefox78/Makefile                                        1.14
- www/firefox78/distinfo                                        1.7

---
   Module Name:	pkgsrc
   Committed By:	nia
   Date:		Thu Dec 17 13:24:30 UTC 2020

   Modified Files:
   	pkgsrc/www/firefox78: Makefile distinfo

   Log Message:
   firefox78: Update to 78.6.0

   Security Vulnerabilities fixed in Firefox ESR 78.6

   #CVE-2020-16042: Operations on a BigInt could have caused uninitialized
   memory to be exposed

   #CVE-2020-26971: Heap buffer overflow in WebGL

   #CVE-2020-26973: CSS Sanitizer performed incorrect sanitization

   #CVE-2020-26974: Incorrect cast of StyleGenericFlexBasis resulted in a heap
   use-after-free

   #CVE-2020-26978: Internal network hosts could have been probed by a
   malicious webpage

   #CVE-2020-35111: The proxy.onRequest API did not catch view-source URLs

   #CVE-2020-35112: Opening an extension-less download may have inadvertently
   launched an executable instead

   #CVE-2020-35113: Memory safety bugs fixed in Firefox 84 and Firefox ESR 78.6

Revision 1.14 / (download) - annotate - [select for diffs], Thu Dec 17 13:24:30 2020 UTC (5 weeks, 4 days ago) by nia
Branch: MAIN
Changes since 1.13: +2 -2 lines
Diff to previous 1.13 (colored)

firefox78: Update to 78.6.0

Security Vulnerabilities fixed in Firefox ESR 78.6

#CVE-2020-16042: Operations on a BigInt could have caused uninitialized
memory to be exposed

#CVE-2020-26971: Heap buffer overflow in WebGL

#CVE-2020-26973: CSS Sanitizer performed incorrect sanitization

#CVE-2020-26974: Incorrect cast of StyleGenericFlexBasis resulted in a heap
use-after-free

#CVE-2020-26978: Internal network hosts could have been probed by a
malicious webpage

#CVE-2020-35111: The proxy.onRequest API did not catch view-source URLs

#CVE-2020-35112: Opening an extension-less download may have inadvertently
launched an executable instead

#CVE-2020-35113: Memory safety bugs fixed in Firefox 84 and Firefox ESR 78.6

Revision 1.6.2.2 / (download) - annotate - [select for diffs], Tue Nov 24 18:29:25 2020 UTC (2 months ago) by bsiegert
Branch: pkgsrc-2020Q3
Changes since 1.6.2.1: +2 -6 lines
Diff to previous 1.6.2.1 (colored) to branchpoint 1.6 (colored)

Pullup ticket #6370 - requested by nia
www/firefox78: security fix

NOTE: This also includes the changes from pullup tickets #6363 and #6369.

Revisions pulled up:
- www/firefox78/Makefile                                        1.9,1.13
- www/firefox78/distinfo                                        1.5-1.6
- www/firefox78/patches/patch-js_src_jit_ProcessExecutableMemory.cpp 1.1
- www/firefox78/patches/patch-js_src_vm_ArrayBufferObject.cpp   1.1

---
   Module Name:	pkgsrc
   Committed By:	nia
   Date:		Tue Nov 10 02:59:28 UTC 2020

   Modified Files:
   	pkgsrc/www/firefox78: Makefile distinfo
   Added Files:
   	pkgsrc/www/firefox78/patches:
   	    patch-js_src_jit_ProcessExecutableMemory.cpp
   	    patch-js_src_vm_ArrayBufferObject.cpp

   Log Message:
   firefox78: Update to 78.4.1. Apply MPROTECT patches from mozjs.

   Security Vulnerabilities fixed in Firefox 82.0.3, Firefox ESR 78.4.1, and Thunderbird 78.4.2

   #CVE-2020-26950: Write side effects in MCallGetProperty opcode not accounted for

---
   Module Name:	pkgsrc
   Committed By:	nia
   Date:		Wed Nov 18 12:33:45 UTC 2020

   Modified Files:
   	pkgsrc/www/firefox78: Makefile distinfo

   Log Message:
   firefox78: Update to 78.5.0

   Security Vulnerabilities fixed in Firefox ESR 78.5

       #CVE-2020-26951: Parsing mismatches could confuse and bypass security
       sanitizer for chrome privileged code

       #CVE-2020-16012: Variable time processing of cross-origin images during
       drawImage calls

       #CVE-2020-26953: Fullscreen could be enabled without displaying the security
       UI

       #CVE-2020-26956: XSS through paste (manual and clipboard API)

       #CVE-2020-26958: Requests intercepted through ServiceWorkers lacked MIME
       type restrictions

       #CVE-2020-26959: Use-after-free in WebRequestService

       #CVE-2020-26960: Potential use-after-free in uses of nsTArray

       #CVE-2020-15999: Heap buffer overflow in freetype

       #CVE-2020-26961: DoH did not filter IPv4 mapped IP Addresses

       #CVE-2020-26965: Software keyboards may have remembered typed passwords

       #CVE-2020-26966: Single-word search queries were also broadcast to local
       network

       #CVE-2020-26968: Memory safety bugs fixed in Firefox 83 and Firefox ESR 78.5

Revision 1.13 / (download) - annotate - [select for diffs], Wed Nov 18 12:33:45 2020 UTC (2 months, 1 week ago) by nia
Branch: MAIN
Changes since 1.12: +3 -4 lines
Diff to previous 1.12 (colored)

firefox78: Update to 78.5.0

Security Vulnerabilities fixed in Firefox ESR 78.5

    #CVE-2020-26951: Parsing mismatches could confuse and bypass security
    sanitizer for chrome privileged code

    #CVE-2020-16012: Variable time processing of cross-origin images during
    drawImage calls

    #CVE-2020-26953: Fullscreen could be enabled without displaying the security
    UI

    #CVE-2020-26956: XSS through paste (manual and clipboard API)

    #CVE-2020-26958: Requests intercepted through ServiceWorkers lacked MIME
    type restrictions

    #CVE-2020-26959: Use-after-free in WebRequestService

    #CVE-2020-26960: Potential use-after-free in uses of nsTArray

    #CVE-2020-15999: Heap buffer overflow in freetype

    #CVE-2020-26961: DoH did not filter IPv4 mapped IP Addresses

    #CVE-2020-26965: Software keyboards may have remembered typed passwords

    #CVE-2020-26966: Single-word search queries were also broadcast to local
    network

    #CVE-2020-26968: Memory safety bugs fixed in Firefox 83 and Firefox ESR 78.5

Revision 1.12 / (download) - annotate - [select for diffs], Wed Nov 11 23:04:44 2020 UTC (2 months, 2 weeks ago) by wiz
Branch: MAIN
Changes since 1.11: +4 -2 lines
Diff to previous 1.11 (colored)

firefox78: one INSTALLATION_DIRS line per dir

for easier syncing with other packages

Revision 1.11 / (download) - annotate - [select for diffs], Wed Nov 11 19:10:05 2020 UTC (2 months, 2 weeks ago) by nia
Branch: MAIN
Changes since 1.10: +2 -1 lines
Diff to previous 1.10 (colored)

firefox78: Honor user's compiler choice again, don't require Python 2.

The python 2 dependency was seemingly removed in Firefox 78.0 so we
can remove those old hacks.

Firefox needs clang for some unknown part of the build process (rust
related?), even if building with GCC.

The previous solution in pkgsrc was to force the use of clang, because
pkgsrc provides cwrappers which provided gcc-as-clang, which broke
everything. Instead, override the clang wrapper with the actual clang
executable.

This means the majority of the build happens with GCC (or ccache, distcc,
whatever the user chooses, rather than overriding it with clang). Should help
sparc64, where clang doesn't work too well.

Full build tested on NetBSD/amd64.

Revision 1.10 / (download) - annotate - [select for diffs], Wed Nov 11 10:13:29 2020 UTC (2 months, 2 weeks ago) by nia
Branch: MAIN
Changes since 1.9: +2 -2 lines
Diff to previous 1.9 (colored)

firefox78: Clean up some problems identified by pkglint.

Most of these PLIST variables are no longer used.

Revision 1.9 / (download) - annotate - [select for diffs], Tue Nov 10 02:59:27 2020 UTC (2 months, 2 weeks ago) by nia
Branch: MAIN
Changes since 1.8: +2 -7 lines
Diff to previous 1.8 (colored)

firefox78: Update to 78.4.1. Apply MPROTECT patches from mozjs.

Security Vulnerabilities fixed in Firefox 82.0.3, Firefox ESR 78.4.1, and Thunderbird 78.4.2

#CVE-2020-26950: Write side effects in MCallGetProperty opcode not accounted for

Revision 1.8 / (download) - annotate - [select for diffs], Thu Nov 5 09:09:20 2020 UTC (2 months, 3 weeks ago) by ryoon
Branch: MAIN
Changes since 1.7: +2 -1 lines
Diff to previous 1.7 (colored)

*: Recursive revbump from textproc/icu-68.1

Revision 1.6.2.1 / (download) - annotate - [select for diffs], Fri Oct 23 15:36:35 2020 UTC (3 months ago) by bsiegert
Branch: pkgsrc-2020Q3
Changes since 1.6: +2 -2 lines
Diff to previous 1.6 (colored)

Pullup ticket #6348 - requested by nia
www/firefox78: security fix

Revisions pulled up:
- www/firefox78/Makefile                                        1.7
- www/firefox78/distinfo                                        1.4

---
   Module Name:	pkgsrc
   Committed By:	nia
   Date:		Wed Oct 21 19:23:05 UTC 2020

   Modified Files:
   	pkgsrc/www/firefox78: Makefile distinfo

   Log Message:
   firefox78: Update to 78.4.0

   Security Vulnerabilities fixed in Firefox ESR 78.4

   #CVE-2020-15969: Use-after-free in usersctp
   #CVE-2020-15683: Memory safety bugs fixed in Firefox 82 and Firefox ESR 78.4

Revision 1.7 / (download) - annotate - [select for diffs], Wed Oct 21 19:23:05 2020 UTC (3 months ago) by nia
Branch: MAIN
Changes since 1.6: +2 -2 lines
Diff to previous 1.6 (colored)

firefox78: Update to 78.4.0

Security Vulnerabilities fixed in Firefox ESR 78.4

#CVE-2020-15969: Use-after-free in usersctp
#CVE-2020-15683: Memory safety bugs fixed in Firefox 82 and Firefox ESR 78.4

Revision 1.6 / (download) - annotate - [select for diffs], Thu Sep 24 04:31:07 2020 UTC (4 months ago) by nia
Branch: MAIN
CVS Tags: pkgsrc-2020Q3-base
Branch point for: pkgsrc-2020Q3
Changes since 1.5: +2 -3 lines
Diff to previous 1.5 (colored)

firefox78: Update to 78.3.0

Security Vulnerabilities fixed in Firefox ESR 78.3

    #CVE-2020-15677: Download origin spoofing via redirect

    #CVE-2020-15676: XSS when pasting attacker-controlled data into a
    contenteditable element

    #CVE-2020-15678: When recursing through layers while scrolling, an iterator
    may have become invalid, resulting in a potential use-after-free scenario

    #CVE-2020-15673: Memory safety bugs fixed in Firefox 81 and Firefox ESR 78.3

Revision 1.5 / (download) - annotate - [select for diffs], Mon Aug 31 18:12:33 2020 UTC (4 months, 3 weeks ago) by wiz
Branch: MAIN
Changes since 1.4: +2 -1 lines
Diff to previous 1.4 (colored)

*: bump PKGREVISION for perl-5.32.

Revision 1.4 / (download) - annotate - [select for diffs], Sat Aug 29 15:56:43 2020 UTC (4 months, 4 weeks ago) by nia
Branch: MAIN
Changes since 1.3: +2 -3 lines
Diff to previous 1.3 (colored)

firefox78: Update to 78.2.0

Security Vulnerabilities fixed in Firefox ESR 78.2

    #CVE-2020-15663: Downgrade attack on the Mozilla Maintenance Service could
    have resulted in escalation of privilege

    Note: This issue only affected Windows operating systems.
    Other operating systems are unaffected.

    #CVE-2020-15664: Attacker-induced prompt for extension installation

    #CVE-2020-15670: Memory safety bugs fixed in Firefox 80 and Firefox ESR 78.2

Revision 1.3 / (download) - annotate - [select for diffs], Tue Aug 18 17:58:16 2020 UTC (5 months, 1 week ago) by leot
Branch: MAIN
Changes since 1.2: +2 -2 lines
Diff to previous 1.2 (colored)

*: revbump for libsndfile

Revision 1.2 / (download) - annotate - [select for diffs], Mon Aug 17 20:20:21 2020 UTC (5 months, 1 week ago) by leot
Branch: MAIN
Changes since 1.1: +2 -1 lines
Diff to previous 1.1 (colored)

*: revbump after fontconfig bl3 changes (libuuid removal)

Revision 1.1 / (download) - annotate - [select for diffs], Thu Jul 30 08:09:28 2020 UTC (5 months, 3 weeks ago) by nia
Branch: MAIN

www: Add firefox78

Mozilla Firefox is a free, open-source and cross-platform web browser
for Windows, Linux, MacOS X and many other operating systems.

It is fast and easy to use, and offers many advantages over other web
browsers, such as tabbed browsing and the ability to block pop-up
windows.

Firefox also offers excellent bookmark and history management, and it
can be extended by developers using industry standards such as XML,
CSS, JavaScript, C++, etc. Many extensions are available.

This package provides Firefox 78 ESR.

This form allows you to request diff's between any two revisions of a file. You may select a symbolic revision name using the selection box or you may type in a numeric name using the type-in text box.




CVSweb <webmaster@jp.NetBSD.org>