The NetBSD Project

CVS log for pkgsrc/www/firefox78/distinfo

[BACK] Up to [cvs.NetBSD.org] / pkgsrc / www / firefox78

Request diff between arbitrary revisions


Default branch: MAIN


Revision 1.7.2.1 / (download) - annotate - [select for diffs], Sat Jan 16 21:47:26 2021 UTC (9 days, 12 hours ago) by bsiegert
Branch: pkgsrc-2020Q4
Changes since 1.7: +5 -5 lines
Diff to previous 1.7 (colored) next main 1.8 (colored)

Pullup ticket #6396 - requested by nia
www/firefox78: security fix

Revisions pulled up:
- www/firefox78/Makefile                                        1.17
- www/firefox78/distinfo                                        1.9
- www/firefox78/patches/patch-dom_webgpu_ipc_WebGPUParent.cpp   deleted

---
   Module Name:	pkgsrc
   Committed By:	ryoon
   Date:		Fri Jan  8 19:13:53 UTC 2021

   Modified Files:
   	pkgsrc/www/firefox78: Makefile distinfo
   Removed Files:
   	pkgsrc/www/firefox78/patches: patch-dom_webgpu_ipc_WebGPUParent.cpp

   Log Message:
   firefox78: Update to 78.6.1

   Changelog:
   * Fix: Fixed a crash during video playback on Apple Silicon devices (bug 1683579)
   * Secrity fix:
   #CVE-2020-16044: Use-after-free write when handling a malicious COOKIE-ECHO SCTP chunk

Revision 1.9 / (download) - annotate - [select for diffs], Fri Jan 8 19:13:53 2021 UTC (2 weeks, 3 days ago) by ryoon
Branch: MAIN
CVS Tags: HEAD
Changes since 1.8: +5 -6 lines
Diff to previous 1.8 (colored)

firefox78: Update to 78.6.1

Changelog:
* Fix: Fixed a crash during video playback on Apple Silicon devices (bug 1683579)
* Secrity fix:
#CVE-2020-16044: Use-after-free write when handling a malicious COOKIE-ECHO SCTP chunk

Revision 1.8 / (download) - annotate - [select for diffs], Fri Jan 1 12:54:13 2021 UTC (3 weeks, 3 days ago) by ryoon
Branch: MAIN
Changes since 1.7: +2 -1 lines
Diff to previous 1.7 (colored)

firefox78: Fix build with devel/cbindgen-0.16.0

Revision 1.3.2.3 / (download) - annotate - [select for diffs], Sat Dec 19 20:38:04 2020 UTC (5 weeks, 2 days ago) by bsiegert
Branch: pkgsrc-2020Q3
Changes since 1.3.2.2: +5 -5 lines
Diff to previous 1.3.2.2 (colored) to branchpoint 1.3 (colored) next main 1.4 (colored)

Pullup ticket #6385 - requested by nia
www/firefox78: security fix

Revisions pulled up:
- www/firefox78/Makefile                                        1.14
- www/firefox78/distinfo                                        1.7

---
   Module Name:	pkgsrc
   Committed By:	nia
   Date:		Thu Dec 17 13:24:30 UTC 2020

   Modified Files:
   	pkgsrc/www/firefox78: Makefile distinfo

   Log Message:
   firefox78: Update to 78.6.0

   Security Vulnerabilities fixed in Firefox ESR 78.6

   #CVE-2020-16042: Operations on a BigInt could have caused uninitialized
   memory to be exposed

   #CVE-2020-26971: Heap buffer overflow in WebGL

   #CVE-2020-26973: CSS Sanitizer performed incorrect sanitization

   #CVE-2020-26974: Incorrect cast of StyleGenericFlexBasis resulted in a heap
   use-after-free

   #CVE-2020-26978: Internal network hosts could have been probed by a
   malicious webpage

   #CVE-2020-35111: The proxy.onRequest API did not catch view-source URLs

   #CVE-2020-35112: Opening an extension-less download may have inadvertently
   launched an executable instead

   #CVE-2020-35113: Memory safety bugs fixed in Firefox 84 and Firefox ESR 78.6

Revision 1.7 / (download) - annotate - [select for diffs], Thu Dec 17 13:24:30 2020 UTC (5 weeks, 4 days ago) by nia
Branch: MAIN
CVS Tags: pkgsrc-2020Q4-base
Branch point for: pkgsrc-2020Q4
Changes since 1.6: +5 -5 lines
Diff to previous 1.6 (colored)

firefox78: Update to 78.6.0

Security Vulnerabilities fixed in Firefox ESR 78.6

#CVE-2020-16042: Operations on a BigInt could have caused uninitialized
memory to be exposed

#CVE-2020-26971: Heap buffer overflow in WebGL

#CVE-2020-26973: CSS Sanitizer performed incorrect sanitization

#CVE-2020-26974: Incorrect cast of StyleGenericFlexBasis resulted in a heap
use-after-free

#CVE-2020-26978: Internal network hosts could have been probed by a
malicious webpage

#CVE-2020-35111: The proxy.onRequest API did not catch view-source URLs

#CVE-2020-35112: Opening an extension-less download may have inadvertently
launched an executable instead

#CVE-2020-35113: Memory safety bugs fixed in Firefox 84 and Firefox ESR 78.6

Revision 1.3.2.2 / (download) - annotate - [select for diffs], Tue Nov 24 18:29:25 2020 UTC (2 months ago) by bsiegert
Branch: pkgsrc-2020Q3
Changes since 1.3.2.1: +7 -5 lines
Diff to previous 1.3.2.1 (colored) to branchpoint 1.3 (colored)

Pullup ticket #6370 - requested by nia
www/firefox78: security fix

NOTE: This also includes the changes from pullup tickets #6363 and #6369.

Revisions pulled up:
- www/firefox78/Makefile                                        1.9,1.13
- www/firefox78/distinfo                                        1.5-1.6
- www/firefox78/patches/patch-js_src_jit_ProcessExecutableMemory.cpp 1.1
- www/firefox78/patches/patch-js_src_vm_ArrayBufferObject.cpp   1.1

---
   Module Name:	pkgsrc
   Committed By:	nia
   Date:		Tue Nov 10 02:59:28 UTC 2020

   Modified Files:
   	pkgsrc/www/firefox78: Makefile distinfo
   Added Files:
   	pkgsrc/www/firefox78/patches:
   	    patch-js_src_jit_ProcessExecutableMemory.cpp
   	    patch-js_src_vm_ArrayBufferObject.cpp

   Log Message:
   firefox78: Update to 78.4.1. Apply MPROTECT patches from mozjs.

   Security Vulnerabilities fixed in Firefox 82.0.3, Firefox ESR 78.4.1, and Thunderbird 78.4.2

   #CVE-2020-26950: Write side effects in MCallGetProperty opcode not accounted for

---
   Module Name:	pkgsrc
   Committed By:	nia
   Date:		Wed Nov 18 12:33:45 UTC 2020

   Modified Files:
   	pkgsrc/www/firefox78: Makefile distinfo

   Log Message:
   firefox78: Update to 78.5.0

   Security Vulnerabilities fixed in Firefox ESR 78.5

       #CVE-2020-26951: Parsing mismatches could confuse and bypass security
       sanitizer for chrome privileged code

       #CVE-2020-16012: Variable time processing of cross-origin images during
       drawImage calls

       #CVE-2020-26953: Fullscreen could be enabled without displaying the security
       UI

       #CVE-2020-26956: XSS through paste (manual and clipboard API)

       #CVE-2020-26958: Requests intercepted through ServiceWorkers lacked MIME
       type restrictions

       #CVE-2020-26959: Use-after-free in WebRequestService

       #CVE-2020-26960: Potential use-after-free in uses of nsTArray

       #CVE-2020-15999: Heap buffer overflow in freetype

       #CVE-2020-26961: DoH did not filter IPv4 mapped IP Addresses

       #CVE-2020-26965: Software keyboards may have remembered typed passwords

       #CVE-2020-26966: Single-word search queries were also broadcast to local
       network

       #CVE-2020-26968: Memory safety bugs fixed in Firefox 83 and Firefox ESR 78.5

Revision 1.6 / (download) - annotate - [select for diffs], Wed Nov 18 12:33:45 2020 UTC (2 months, 1 week ago) by nia
Branch: MAIN
Changes since 1.5: +5 -5 lines
Diff to previous 1.5 (colored)

firefox78: Update to 78.5.0

Security Vulnerabilities fixed in Firefox ESR 78.5

    #CVE-2020-26951: Parsing mismatches could confuse and bypass security
    sanitizer for chrome privileged code

    #CVE-2020-16012: Variable time processing of cross-origin images during
    drawImage calls

    #CVE-2020-26953: Fullscreen could be enabled without displaying the security
    UI

    #CVE-2020-26956: XSS through paste (manual and clipboard API)

    #CVE-2020-26958: Requests intercepted through ServiceWorkers lacked MIME
    type restrictions

    #CVE-2020-26959: Use-after-free in WebRequestService

    #CVE-2020-26960: Potential use-after-free in uses of nsTArray

    #CVE-2020-15999: Heap buffer overflow in freetype

    #CVE-2020-26961: DoH did not filter IPv4 mapped IP Addresses

    #CVE-2020-26965: Software keyboards may have remembered typed passwords

    #CVE-2020-26966: Single-word search queries were also broadcast to local
    network

    #CVE-2020-26968: Memory safety bugs fixed in Firefox 83 and Firefox ESR 78.5

Revision 1.5 / (download) - annotate - [select for diffs], Tue Nov 10 02:59:27 2020 UTC (2 months, 2 weeks ago) by nia
Branch: MAIN
Changes since 1.4: +7 -5 lines
Diff to previous 1.4 (colored)

firefox78: Update to 78.4.1. Apply MPROTECT patches from mozjs.

Security Vulnerabilities fixed in Firefox 82.0.3, Firefox ESR 78.4.1, and Thunderbird 78.4.2

#CVE-2020-26950: Write side effects in MCallGetProperty opcode not accounted for

Revision 1.3.2.1 / (download) - annotate - [select for diffs], Fri Oct 23 15:36:35 2020 UTC (3 months ago) by bsiegert
Branch: pkgsrc-2020Q3
Changes since 1.3: +5 -5 lines
Diff to previous 1.3 (colored)

Pullup ticket #6348 - requested by nia
www/firefox78: security fix

Revisions pulled up:
- www/firefox78/Makefile                                        1.7
- www/firefox78/distinfo                                        1.4

---
   Module Name:	pkgsrc
   Committed By:	nia
   Date:		Wed Oct 21 19:23:05 UTC 2020

   Modified Files:
   	pkgsrc/www/firefox78: Makefile distinfo

   Log Message:
   firefox78: Update to 78.4.0

   Security Vulnerabilities fixed in Firefox ESR 78.4

   #CVE-2020-15969: Use-after-free in usersctp
   #CVE-2020-15683: Memory safety bugs fixed in Firefox 82 and Firefox ESR 78.4

Revision 1.4 / (download) - annotate - [select for diffs], Wed Oct 21 19:23:05 2020 UTC (3 months ago) by nia
Branch: MAIN
Changes since 1.3: +5 -5 lines
Diff to previous 1.3 (colored)

firefox78: Update to 78.4.0

Security Vulnerabilities fixed in Firefox ESR 78.4

#CVE-2020-15969: Use-after-free in usersctp
#CVE-2020-15683: Memory safety bugs fixed in Firefox 82 and Firefox ESR 78.4

Revision 1.3 / (download) - annotate - [select for diffs], Thu Sep 24 04:31:07 2020 UTC (4 months ago) by nia
Branch: MAIN
CVS Tags: pkgsrc-2020Q3-base
Branch point for: pkgsrc-2020Q3
Changes since 1.2: +5 -5 lines
Diff to previous 1.2 (colored)

firefox78: Update to 78.3.0

Security Vulnerabilities fixed in Firefox ESR 78.3

    #CVE-2020-15677: Download origin spoofing via redirect

    #CVE-2020-15676: XSS when pasting attacker-controlled data into a
    contenteditable element

    #CVE-2020-15678: When recursing through layers while scrolling, an iterator
    may have become invalid, resulting in a potential use-after-free scenario

    #CVE-2020-15673: Memory safety bugs fixed in Firefox 81 and Firefox ESR 78.3

Revision 1.2 / (download) - annotate - [select for diffs], Sat Aug 29 15:56:43 2020 UTC (4 months, 4 weeks ago) by nia
Branch: MAIN
Changes since 1.1: +5 -5 lines
Diff to previous 1.1 (colored)

firefox78: Update to 78.2.0

Security Vulnerabilities fixed in Firefox ESR 78.2

    #CVE-2020-15663: Downgrade attack on the Mozilla Maintenance Service could
    have resulted in escalation of privilege

    Note: This issue only affected Windows operating systems.
    Other operating systems are unaffected.

    #CVE-2020-15664: Attacker-induced prompt for extension installation

    #CVE-2020-15670: Memory safety bugs fixed in Firefox 80 and Firefox ESR 78.2

Revision 1.1 / (download) - annotate - [select for diffs], Thu Jul 30 08:09:28 2020 UTC (5 months, 3 weeks ago) by nia
Branch: MAIN

www: Add firefox78

Mozilla Firefox is a free, open-source and cross-platform web browser
for Windows, Linux, MacOS X and many other operating systems.

It is fast and easy to use, and offers many advantages over other web
browsers, such as tabbed browsing and the ability to block pop-up
windows.

Firefox also offers excellent bookmark and history management, and it
can be extended by developers using industry standards such as XML,
CSS, JavaScript, C++, etc. Many extensions are available.

This package provides Firefox 78 ESR.

This form allows you to request diff's between any two revisions of a file. You may select a symbolic revision name using the selection box or you may type in a numeric name using the type-in text box.




CVSweb <webmaster@jp.NetBSD.org>