![[BACK]](/icons/back.gif){kind=icon}
Up to [cvs.NetBSD.org] / pkgsrc / www / firefox91
Request diff between arbitrary revisions
Default branch: MAIN
Revision 1.31 / (download) - annotate - [select for diffs], Sun Jan 29 21:18:03 2023 UTC (36 hours, 53 minutes ago) by ryoon
Branch: MAIN
CVS Tags: HEAD
Changes since 1.30: +2 -2
lines
Diff to previous 1.30 (colored)
*: Recursive revbup from graphics/freetype2
Revision 1.30 / (download) - annotate - [select for diffs], Tue Jan 3 17:38:24 2023 UTC (3 weeks, 6 days ago) by wiz
Branch: MAIN
Changes since 1.29: +2 -2
lines
Diff to previous 1.29 (colored)
*: recursive bump for tiff shlib major bump
Revision 1.29 / (download) - annotate - [select for diffs], Sat Dec 10 09:25:58 2022 UTC (7 weeks, 3 days ago) by abs
Branch: MAIN
CVS Tags: pkgsrc-2022Q4-base,
pkgsrc-2022Q4
Changes since 1.28: +2 -2
lines
Diff to previous 1.28 (colored)
Fix build with rust 1.64.0 and its stricter borrow checker (Most excellent patch from adam@ - we get firefox91 back!) Bump PKGREVISION
Revision 1.28 / (download) - annotate - [select for diffs], Wed Nov 23 16:21:19 2022 UTC (2 months, 1 week ago) by adam
Branch: MAIN
Changes since 1.27: +2 -2
lines
Diff to previous 1.27 (colored)
massive revision bump after textproc/icu update
Revision 1.27 / (download) - annotate - [select for diffs], Tue Sep 27 20:58:28 2022 UTC (4 months ago) by wiz
Branch: MAIN
Changes since 1.26: +2 -2
lines
Diff to previous 1.26 (colored)
*: recursive bump for ffmpeg4 switch to x264
Revision 1.19.2.2 / (download) - annotate - [select for diffs], Tue Sep 20 18:31:28 2022 UTC (4 months, 1 week ago) by bsiegert
Branch: pkgsrc-2022Q2
Changes since 1.19.2.1: +2 -2
lines
Diff to previous 1.19.2.1 (colored) to branchpoint 1.19 (colored) next main 1.20 (colored)
Pullup ticket #6670 - requested by nia
www/firefox91: security fix
www/firefox91-l10n: dependent update
Revisions pulled up:
- www/firefox91-l10n/Makefile 1.15
- www/firefox91-l10n/distinfo 1.17
- www/firefox91/Makefile 1.25
- www/firefox91/distinfo 1.17
---
Module Name: pkgsrc
Committed By: nia
Date: Tue Sep 6 15:38:35 UTC 2022
Modified Files:
pkgsrc/www/firefox91: Makefile distinfo
pkgsrc/www/firefox91-l10n: Makefile distinfo
Log Message:
firefox91: update to 91.13.0
Security Vulnerabilities fixed in Firefox ESR 91.13
#CVE-2022-38472: Address bar spoofing via XSLT error handling
#CVE-2022-38473: Cross-origin XSLT Documents would have inherited the
parent's permissions
#CVE-2022-38478: Memory safety bugs fixed in Firefox 104, Firefox ESR 102.2,
and Firefox ESR 91.13
Revision 1.26 / (download) - annotate - [select for diffs], Sun Sep 11 12:52:09 2022 UTC (4 months, 2 weeks ago) by wiz
Branch: MAIN
CVS Tags: pkgsrc-2022Q3-base,
pkgsrc-2022Q3
Changes since 1.25: +2 -1
lines
Diff to previous 1.25 (colored)
*: bump PKGREVISION for flac shlib bump
Revision 1.25 / (download) - annotate - [select for diffs], Tue Sep 6 15:38:35 2022 UTC (4 months, 3 weeks ago) by nia
Branch: MAIN
Changes since 1.24: +2 -3
lines
Diff to previous 1.24 (colored)
firefox91: update to 91.13.0
Security Vulnerabilities fixed in Firefox ESR 91.13
#CVE-2022-38472: Address bar spoofing via XSLT error handling
#CVE-2022-38473: Cross-origin XSLT Documents would have inherited the
parent's permissions
#CVE-2022-38478: Memory safety bugs fixed in Firefox 104, Firefox ESR 102.2,
and Firefox ESR 91.13
Revision 1.24 / (download) - annotate - [select for diffs], Thu Aug 11 05:09:23 2022 UTC (5 months, 3 weeks ago) by gutteridge
Branch: MAIN
Changes since 1.23: +2 -1
lines
Diff to previous 1.23 (colored)
Bump all dependent packages of wayland (belatedly) The package changed with the addition of its libepoll-shim dependency. Otherwise, we can get: ERROR: libepoll-shim>=0.0.20210418 is not installed; can't buildlink files.
Revision 1.23 / (download) - annotate - [select for diffs], Tue Aug 9 13:39:28 2022 UTC (5 months, 3 weeks ago) by nia
Branch: MAIN
Changes since 1.22: +2 -2
lines
Diff to previous 1.22 (colored)
firefox91: update to 91.12.0. Fix building with latest cbindgen.
Mozilla Foundation Security Advisory 2022-29
Security Vulnerabilities fixed in Firefox ESR 91.12
#CVE-2022-36319: Mouse Position spoofing with CSS transforms
#CVE-2022-36318: Directory indexes for bundled resources reflected URL
parameters
Revision 1.19.2.1 / (download) - annotate - [select for diffs], Wed Jul 27 07:18:16 2022 UTC (6 months ago) by spz
Branch: pkgsrc-2022Q2
Changes since 1.19: +2 -2
lines
Diff to previous 1.19 (colored)
Pullup ticket #6658 - requested by nia
www/firefox91: security update
www/firefox91-l10n: dependency update
Revisions pulled up:
- www/firefox91-l10n/Makefile 1.13
- www/firefox91-l10n/distinfo 1.15
- www/firefox91/Makefile 1.22
- www/firefox91/distinfo 1.15
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: nia
Date: Fri Jul 22 08:16:40 UTC 2022
Modified Files:
pkgsrc/www/firefox91: Makefile distinfo
pkgsrc/www/firefox91-l10n: Makefile distinfo
Log Message:
firefox91: update to 91.11.0
Mozilla Foundation Security Advisory 2022-25
Security Vulnerabilities fixed in Firefox ESR 91.11
#CVE-2022-34479: A popup window could be resized in a way to overlay the
address bar with web content
#CVE-2022-34470: Use-after-free in nsSHistory
#CVE-2022-34468: CSP sandbox header without `allow-scripts` can be bypassed
via retargeted javascript: URI
#CVE-2022-34481: Potential integer overflow in ReplaceElementsAt
#CVE-2022-31744: CSP bypass enabling stylesheet injection
#CVE-2022-34472: Unavailable PAC file resulted in OCSP requests being
blocked
#CVE-2022-34478: Microsoft protocols can be attacked if a user accepts a
prompt
#CVE-2022-2200: Undesired attributes could be set as part of prototype
pollution
#CVE-2022-34484: Memory safety bugs fixed in Firefox 102 and Firefox ESR
91.11
To generate a diff of this commit:
cvs rdiff -u -r1.21 -r1.22 pkgsrc/www/firefox91/Makefile
cvs rdiff -u -r1.14 -r1.15 pkgsrc/www/firefox91/distinfo
cvs rdiff -u -r1.12 -r1.13 pkgsrc/www/firefox91-l10n/Makefile
cvs rdiff -u -r1.14 -r1.15 pkgsrc/www/firefox91-l10n/distinfo
Revision 1.22 / (download) - annotate - [select for diffs], Fri Jul 22 08:16:39 2022 UTC (6 months, 1 week ago) by nia
Branch: MAIN
Changes since 1.21: +2 -3
lines
Diff to previous 1.21 (colored)
firefox91: update to 91.11.0
Mozilla Foundation Security Advisory 2022-25
Security Vulnerabilities fixed in Firefox ESR 91.11
#CVE-2022-34479: A popup window could be resized in a way to overlay the
address bar with web content
#CVE-2022-34470: Use-after-free in nsSHistory
#CVE-2022-34468: CSP sandbox header without `allow-scripts` can be bypassed
via retargeted javascript: URI
#CVE-2022-34481: Potential integer overflow in ReplaceElementsAt
#CVE-2022-31744: CSP bypass enabling stylesheet injection
#CVE-2022-34472: Unavailable PAC file resulted in OCSP requests being
blocked
#CVE-2022-34478: Microsoft protocols can be attacked if a user accepts a
prompt
#CVE-2022-2200: Undesired attributes could be set as part of prototype
pollution
#CVE-2022-34484: Memory safety bugs fixed in Firefox 102 and Firefox ESR
91.11
Revision 1.21 / (download) - annotate - [select for diffs], Sat Jul 2 16:53:38 2022 UTC (6 months, 4 weeks ago) by ryoon
Branch: MAIN
Changes since 1.20: +2 -2
lines
Diff to previous 1.20 (colored)
*: Recursive revbump from audio/pulseaudio
Revision 1.20 / (download) - annotate - [select for diffs], Tue Jun 28 11:37:04 2022 UTC (7 months ago) by wiz
Branch: MAIN
Changes since 1.19: +2 -1
lines
Diff to previous 1.19 (colored)
*: recursive bump for perl 5.36
Revision 1.19 / (download) - annotate - [select for diffs], Tue Jun 14 09:17:19 2022 UTC (7 months, 2 weeks ago) by nia
Branch: MAIN
CVS Tags: pkgsrc-2022Q2-base
Branch point for: pkgsrc-2022Q2
Changes since 1.18: +2 -2
lines
Diff to previous 1.18 (colored)
firefox91: update to 91.10.0
Security Vulnerabilities fixed in Firefox ESR 91.10
#CVE-2022-31736: Cross-Origin resource's length leaked
#CVE-2022-31737: Heap buffer overflow in WebGL
#CVE-2022-31738: Browser window spoof using fullscreen mode
#CVE-2022-31739: Attacker-influenced path traversal when saving downloaded
files
#CVE-2022-31740: Register allocation problem in WASM on arm64
#CVE-2022-31741: Uninitialized variable leads to invalid memory read
#CVE-2022-31742: Querying a WebAuthn token with a large number of
allowCredential entries may have leaked cross-origin information
#CVE-2022-31747: Memory safety bugs fixed in Firefox 101 and Firefox ESR
91.10
Revision 1.15.2.2 / (download) - annotate - [select for diffs], Sun Jun 5 06:09:37 2022 UTC (7 months, 3 weeks ago) by spz
Branch: pkgsrc-2022Q1
Changes since 1.15.2.1: +2 -2
lines
Diff to previous 1.15.2.1 (colored) to branchpoint 1.15 (colored) next main 1.16 (colored)
Pullup ticket #6635 - requested by nia
www/firefox91: security update
Revisions pulled up:
- www/firefox91/Makefile 1.18
- www/firefox91/distinfo 1.13
- www/firefox91/patches/patch-browser_app_profile_firefox.js 1.2
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: nia
Date: Mon May 16 21:16:00 UTC 2022
Modified Files:
pkgsrc/www/firefox91: Makefile distinfo
pkgsrc/www/firefox91/patches: patch-browser_app_profile_firefox.js
Log Message:
firefox91: update to 91.9.0
Security Vulnerabilities fixed in Firefox ESR 91.9
#CVE-2022-29914: Fullscreen notification bypass using popups
#CVE-2022-29909: Bypassing permission prompt in nested browsing contexts
#CVE-2022-29916: Leaking browser history with CSS variables
#CVE-2022-29911: iframe Sandbox bypass
#CVE-2022-29912: Reader mode bypassed SameSite cookies
#CVE-2022-29917: Memory safety bugs fixed in Firefox 100 and Firefox ESR
91.9
To generate a diff of this commit:
cvs rdiff -u -r1.17 -r1.18 pkgsrc/www/firefox91/Makefile
cvs rdiff -u -r1.12 -r1.13 pkgsrc/www/firefox91/distinfo
cvs rdiff -u -r1.1 -r1.2 \
pkgsrc/www/firefox91/patches/patch-browser_app_profile_firefox.js
Revision 1.18 / (download) - annotate - [select for diffs], Mon May 16 21:15:59 2022 UTC (8 months, 2 weeks ago) by nia
Branch: MAIN
Changes since 1.17: +2 -3
lines
Diff to previous 1.17 (colored)
firefox91: update to 91.9.0
Security Vulnerabilities fixed in Firefox ESR 91.9
#CVE-2022-29914: Fullscreen notification bypass using popups
#CVE-2022-29909: Bypassing permission prompt in nested browsing contexts
#CVE-2022-29916: Leaking browser history with CSS variables
#CVE-2022-29911: iframe Sandbox bypass
#CVE-2022-29912: Reader mode bypassed SameSite cookies
#CVE-2022-29917: Memory safety bugs fixed in Firefox 100 and Firefox ESR
91.9
Revision 1.17 / (download) - annotate - [select for diffs], Mon Apr 18 19:12:17 2022 UTC (9 months, 1 week ago) by adam
Branch: MAIN
Changes since 1.16: +2 -1
lines
Diff to previous 1.16 (colored)
revbump for textproc/icu update
Revision 1.15.2.1 / (download) - annotate - [select for diffs], Wed Apr 13 07:16:37 2022 UTC (9 months, 2 weeks ago) by bsiegert
Branch: pkgsrc-2022Q1
Changes since 1.15: +2 -3
lines
Diff to previous 1.15 (colored)
Pullup ticket #6612 - requested by nia www/firefox91: security fix www/firefox91-l10n: dependent update Revisions pulled up: - www/firefox91-l10n/Makefile 1.10 - www/firefox91-l10n/distinfo 1.12 - www/firefox91/Makefile 1.16 - www/firefox91/distinfo 1.12 --- Module Name: pkgsrc Committed By: nia Date: Sun Apr 10 13:43:44 UTC 2022 Modified Files: pkgsrc/www/firefox91: Makefile distinfo pkgsrc/www/firefox91-l10n: Makefile distinfo Log Message: firefox91: update to 91.8.0 Security Vulnerabilities fixed in Firefox ESR 91.8 #CVE-2022-1097: Use-after-free in NSSToken objects #CVE-2022-28281: Out of bounds write due to unexpected WebAuthN Extensions #CVE-2022-1196: Use-after-free after VR Process destruction #CVE-2022-28282: Use-after-free in DocumentL10n::TranslateDocument #CVE-2022-28285: Incorrect AliasSet used in JIT Codegen #CVE-2022-28286: iframe contents could be rendered outside the border #CVE-2022-24713: Denial of Service via complex regular expressions #CVE-2022-28289: Memory safety bugs fixed in Firefox 99 and Firefox ESR 91.8
Revision 1.16 / (download) - annotate - [select for diffs], Sun Apr 10 13:43:43 2022 UTC (9 months, 3 weeks ago) by nia
Branch: MAIN
Changes since 1.15: +2 -3
lines
Diff to previous 1.15 (colored)
firefox91: update to 91.8.0 Security Vulnerabilities fixed in Firefox ESR 91.8 #CVE-2022-1097: Use-after-free in NSSToken objects #CVE-2022-28281: Out of bounds write due to unexpected WebAuthN Extensions #CVE-2022-1196: Use-after-free after VR Process destruction #CVE-2022-28282: Use-after-free in DocumentL10n::TranslateDocument #CVE-2022-28285: Incorrect AliasSet used in JIT Codegen #CVE-2022-28286: iframe contents could be rendered outside the border #CVE-2022-24713: Denial of Service via complex regular expressions #CVE-2022-28289: Memory safety bugs fixed in Firefox 99 and Firefox ESR 91.8
Revision 1.15 / (download) - annotate - [select for diffs], Mon Mar 28 10:59:31 2022 UTC (10 months ago) by tnn
Branch: MAIN
CVS Tags: pkgsrc-2022Q1-base
Branch point for: pkgsrc-2022Q1
Changes since 1.14: +2 -1
lines
Diff to previous 1.14 (colored)
{s,t,w}*/*: revbump(1) for libsndfile
Revision 1.11.2.3 / (download) - annotate - [select for diffs], Sun Mar 13 18:34:40 2022 UTC (10 months, 2 weeks ago) by bsiegert
Branch: pkgsrc-2021Q4
Changes since 1.11.2.2: +2 -2
lines
Diff to previous 1.11.2.2 (colored) to branchpoint 1.11 (colored) next main 1.12 (colored)
Pullup ticket #6598 - requested by nia
www/firefox91: security fix
Revisions pulled up:
- www/firefox91/Makefile 1.14
- www/firefox91/distinfo 1.11
---
Module Name: pkgsrc
Committed By: nia
Date: Thu Mar 10 16:22:47 UTC 2022
Modified Files:
pkgsrc/www/firefox91: Makefile distinfo
Log Message:
firefox91: update to 91.7.0
Security Vulnerabilities fixed in Firefox ESR 91.7
#CVE-2022-26383: Browser window spoof using fullscreen mode
#CVE-2022-26384: iframe allow-scripts sandbox bypass
#CVE-2022-26387: Time-of-check time-of-use bug when verifying add-on
signatures
#CVE-2022-26381: Use-after-free in text reflows
#CVE-2022-26386: Temporary files downloaded to /tmp and accessible by other
local users
Revision 1.14 / (download) - annotate - [select for diffs], Thu Mar 10 16:22:46 2022 UTC (10 months, 3 weeks ago) by nia
Branch: MAIN
Changes since 1.13: +2 -2
lines
Diff to previous 1.13 (colored)
firefox91: update to 91.7.0
Security Vulnerabilities fixed in Firefox ESR 91.7
#CVE-2022-26383: Browser window spoof using fullscreen mode
#CVE-2022-26384: iframe allow-scripts sandbox bypass
#CVE-2022-26387: Time-of-check time-of-use bug when verifying add-on
signatures
#CVE-2022-26381: Use-after-free in text reflows
#CVE-2022-26386: Temporary files downloaded to /tmp and accessible by other
local users
Revision 1.11.2.2 / (download) - annotate - [select for diffs], Mon Feb 21 13:34:26 2022 UTC (11 months, 1 week ago) by bsiegert
Branch: pkgsrc-2021Q4
Changes since 1.11.2.1: +2 -2
lines
Diff to previous 1.11.2.1 (colored) to branchpoint 1.11 (colored)
Pullup ticket #6582 - requested by nia
www/firefox91: security fix
Revisions pulled up:
- www/firefox91/Makefile 1.13
- www/firefox91/distinfo 1.10
---
Module Name: pkgsrc
Committed By: nia
Date: Mon Feb 21 03:43:56 UTC 2022
Modified Files:
pkgsrc/www/firefox91: Makefile distinfo
Log Message:
firefox91: update to 91.6.0
Security Vulnerabilities fixed in Firefox ESR 91.6
#CVE-2022-22753: Privilege Escalation to SYSTEM on Windows via Maintenance
Service
#CVE-2022-22754: Extensions could have bypassed permission confirmation
during update
#CVE-2022-22756: Drag and dropping an image could have resulted in the
dropped object being an executable
#CVE-2022-22759: Sandboxed iframes could have executed script if the parent
appended elements
#CVE-2022-22760: Cross-Origin responses could be distinguished between
script and non-script content-types
#CVE-2022-22761: frame-ancestors Content Security Policy directive was not
enforced for framed extension pages
#CVE-2022-22763: Script Execution during invalid object state
#CVE-2022-22764: Memory safety bugs fixed in Firefox 97 and Firefox ESR 91.6
Revision 1.13 / (download) - annotate - [select for diffs], Mon Feb 21 03:43:56 2022 UTC (11 months, 1 week ago) by nia
Branch: MAIN
Changes since 1.12: +2 -2
lines
Diff to previous 1.12 (colored)
firefox91: update to 91.6.0
Security Vulnerabilities fixed in Firefox ESR 91.6
#CVE-2022-22753: Privilege Escalation to SYSTEM on Windows via Maintenance
Service
#CVE-2022-22754: Extensions could have bypassed permission confirmation
during update
#CVE-2022-22756: Drag and dropping an image could have resulted in the
dropped object being an executable
#CVE-2022-22759: Sandboxed iframes could have executed script if the parent
appended elements
#CVE-2022-22760: Cross-Origin responses could be distinguished between
script and non-script content-types
#CVE-2022-22761: frame-ancestors Content Security Policy directive was not
enforced for framed extension pages
#CVE-2022-22763: Script Execution during invalid object state
#CVE-2022-22764: Memory safety bugs fixed in Firefox 97 and Firefox ESR 91.6
Revision 1.11.2.1 / (download) - annotate - [select for diffs], Sun Feb 20 10:20:21 2022 UTC (11 months, 1 week ago) by bsiegert
Branch: pkgsrc-2021Q4
Changes since 1.11: +3 -3
lines
Diff to previous 1.11 (colored)
Pullup ticket #6580 - requested by nia
www/firefox91: security fix
Revisions pulled up:
- www/firefox91/Makefile 1.12
- www/firefox91/distinfo 1.9
- www/firefox91/patches/patch-gfx_angle_checkout_src_compiler_translator_InfoSink.h 1.2
---
Module Name: pkgsrc
Committed By: ryoon
Date: Wed Jan 26 13:38:07 UTC 2022
Modified Files:
pkgsrc/www/firefox91: Makefile distinfo
pkgsrc/www/firefox91/patches:
patch-gfx_angle_checkout_src_compiler_translator_InfoSink.h
Log Message:
firefox91: Update to 91.5.0
Changelog:
Security fixes:
#CVE-2022-22746: Calling into reportValidity could have lead to fullscreen
#CVE-2022-22743: Browser window spoof using fullscreen mode
#CVE-2022-22742: Out-of-bounds memory access when inserting text in edit mode
#CVE-2022-22741: Browser window spoof using fullscreen mode
#CVE-2022-22740: Use-after-free of ChannelEventQueue::mOwner
#CVE-2022-22738: Heap-buffer-overflow in blendGaussianBlur
#CVE-2022-22737: Race condition when playing audio files
#CVE-2021-4140: Iframe sandbox bypass with XSLT
#CVE-2022-22748: Spoofed origin on external protocol launch dialog
#CVE-2022-22745: Leaking cross-origin URLs through securitypolicyviolation
event
#CVE-2022-22744: The 'Copy as curl' feature in DevTools did not fully escape
website-controlled data, potentially leading to command injection
#CVE-2022-22747: Crash when handling empty pkcs7 sequence
#CVE-2022-22739: Missing throttling on external protocol launch dialog
#CVE-2022-22751: Memory safety bugs fixed in Firefox 96 and Firefox ESR 91.5
Revision 1.12 / (download) - annotate - [select for diffs], Wed Jan 26 13:38:06 2022 UTC (12 months ago) by ryoon
Branch: MAIN
Changes since 1.11: +3 -3
lines
Diff to previous 1.11 (colored)
firefox91: Update to 91.5.0 Changelog: Security fixes: #CVE-2022-22746: Calling into reportValidity could have lead to fullscreen #CVE-2022-22743: Browser window spoof using fullscreen mode #CVE-2022-22742: Out-of-bounds memory access when inserting text in edit mode #CVE-2022-22741: Browser window spoof using fullscreen mode #CVE-2022-22740: Use-after-free of ChannelEventQueue::mOwner #CVE-2022-22738: Heap-buffer-overflow in blendGaussianBlur #CVE-2022-22737: Race condition when playing audio files #CVE-2021-4140: Iframe sandbox bypass with XSLT #CVE-2022-22748: Spoofed origin on external protocol launch dialog #CVE-2022-22745: Leaking cross-origin URLs through securitypolicyviolation event #CVE-2022-22744: The 'Copy as curl' feature in DevTools did not fully escape website-controlled data, potentially leading to command injection #CVE-2022-22747: Crash when handling empty pkcs7 sequence #CVE-2022-22739: Missing throttling on external protocol launch dialog #CVE-2022-22751: Memory safety bugs fixed in Firefox 96 and Firefox ESR 91.5
Revision 1.11 / (download) - annotate - [select for diffs], Wed Dec 22 16:05:28 2021 UTC (13 months, 1 week ago) by nia
Branch: MAIN
CVS Tags: pkgsrc-2021Q4-base
Branch point for: pkgsrc-2021Q4
Changes since 1.10: +2 -2
lines
Diff to previous 1.10 (colored)
firefox91: update to 91.4.1
Change, singular:
Fixed frequent MOZILLA_PKIX_ERROR_OCSP_RESPONSE_FOR_CERT_MISSING error
messages when trying to connect to various microsoft.com domains (bug 1745600)
Revision 1.5.2.3 / (download) - annotate - [select for diffs], Tue Dec 14 17:44:44 2021 UTC (13 months, 2 weeks ago) by tm
Branch: pkgsrc-2021Q3
Changes since 1.5.2.2: +2 -2
lines
Diff to previous 1.5.2.2 (colored) to branchpoint 1.5 (colored) next main 1.6 (colored)
Pullup ticket #6552 - requested by nia
www/firefox91: security fix
Revisions pulled up:
- www/firefox91-l10n/Makefile 1.5
- www/firefox91-l10n/distinfo 1.7
- www/firefox91/Makefile 1.10
- www/firefox91/distinfo 1.7
---
Module Name: pkgsrc
Committed By: nia
Date: Fri Dec 10 14:32:07 UTC 2021
Modified Files:
pkgsrc/www/firefox91: Makefile distinfo
pkgsrc/www/firefox91-l10n: Makefile distinfo
Log Message:
firefox91: Update to 91.4.0
Security Vulnerabilities fixed in Firefox ESR 91.4.0
#CVE-2021-43536: URL leakage when navigating while executing asynchronous
function
#CVE-2021-43537: Heap buffer overflow when using structured clone
#CVE-2021-43538: Missing fullscreen and pointer lock notification when
requesting both
#CVE-2021-43539: GC rooting failure when calling wasm instance methods
#CVE-2021-43541: External protocol handler parameters were unescaped
#CVE-2021-43542: XMLHttpRequest error codes could have leaked the existence
of an external protocol handler
#CVE-2021-43543: Bypass of CSP sandbox directive when embedding
#CVE-2021-43545: Denial of Service when using the Location API in a loop
#CVE-2021-43546: Cursor spoofing could overlay user interface when native
cursor is zoomed
#MOZ-2021-0009: Memory safety bugs fixed in Firefox 95 and Firefox ESR 91.4
Revision 1.10 / (download) - annotate - [select for diffs], Fri Dec 10 14:32:07 2021 UTC (13 months, 3 weeks ago) by nia
Branch: MAIN
Changes since 1.9: +2 -3
lines
Diff to previous 1.9 (colored)
firefox91: Update to 91.4.0
Security Vulnerabilities fixed in Firefox ESR 91.4.0
#CVE-2021-43536: URL leakage when navigating while executing asynchronous
function
#CVE-2021-43537: Heap buffer overflow when using structured clone
#CVE-2021-43538: Missing fullscreen and pointer lock notification when
requesting both
#CVE-2021-43539: GC rooting failure when calling wasm instance methods
#CVE-2021-43541: External protocol handler parameters were unescaped
#CVE-2021-43542: XMLHttpRequest error codes could have leaked the existence
of an external protocol handler
#CVE-2021-43543: Bypass of CSP sandbox directive when embedding
#CVE-2021-43545: Denial of Service when using the Location API in a loop
#CVE-2021-43546: Cursor spoofing could overlay user interface when native
cursor is zoomed
#MOZ-2021-0009: Memory safety bugs fixed in Firefox 95 and Firefox ESR 91.4
Revision 1.9 / (download) - annotate - [select for diffs], Wed Dec 8 16:06:56 2021 UTC (13 months, 3 weeks ago) by adam
Branch: MAIN
Changes since 1.8: +2 -1
lines
Diff to previous 1.8 (colored)
revbump for icu and libffi
Revision 1.5.2.2 / (download) - annotate - [select for diffs], Fri Nov 5 19:28:52 2021 UTC (14 months, 3 weeks ago) by bsiegert
Branch: pkgsrc-2021Q3
Changes since 1.5.2.1: +2 -2
lines
Diff to previous 1.5.2.1 (colored) to branchpoint 1.5 (colored)
Pullup ticket #6530 - requested by nia
www/firefox91: security fix
Revisions pulled up:
- www/firefox91/Makefile 1.8
- www/firefox91/PLIST 1.3
- www/firefox91/distinfo 1.6
- www/firefox91/patches/patch-modules_fdlibm_src_math__private.h 1.1
---
Module Name: pkgsrc
Committed By: nia
Date: Wed Nov 3 19:19:40 UTC 2021
Modified Files:
pkgsrc/www/firefox91: Makefile PLIST distinfo
Added Files:
pkgsrc/www/firefox91/patches: patch-modules_fdlibm_src_math__private.h
Log Message:
firefox91: update to 91.3.0
Security Vulnerabilities fixed in Firefox ESR 91.3
#CVE-2021-38503: iframe sandbox rules did not apply to XSLT stylesheets
#CVE-2021-38504: Use-after-free in file picker dialog
#CVE-2021-38506: Firefox could be coaxed into going into fullscreen mode
without notification or warning
#CVE-2021-38507: Opportunistic Encryption in HTTP2 could be used to bypass
the Same-Origin-Policy on services hosted on other ports
#MOZ-2021-0008: Use-after-free in HTTP2 Session object
#CVE-2021-38508: Permission Prompt could be overlaid, resulting in user
confusion and potential spoofing
#CVE-2021-38509: Javascript alert box could have been spoofed onto an
arbitrary domain
#CVE-2021-38510: Download Protections were bypassed by .inetloc files on Mac
OS
#MOZ-2021-0007: Memory safety bugs fixed in Firefox 94 and Firefox ESR 91.3
Revision 1.8 / (download) - annotate - [select for diffs], Wed Nov 3 19:19:40 2021 UTC (14 months, 3 weeks ago) by nia
Branch: MAIN
Changes since 1.7: +2 -3
lines
Diff to previous 1.7 (colored)
firefox91: update to 91.3.0
Security Vulnerabilities fixed in Firefox ESR 91.3
#CVE-2021-38503: iframe sandbox rules did not apply to XSLT stylesheets
#CVE-2021-38504: Use-after-free in file picker dialog
#CVE-2021-38506: Firefox could be coaxed into going into fullscreen mode
without notification or warning
#CVE-2021-38507: Opportunistic Encryption in HTTP2 could be used to bypass
the Same-Origin-Policy on services hosted on other ports
#MOZ-2021-0008: Use-after-free in HTTP2 Session object
#CVE-2021-38508: Permission Prompt could be overlaid, resulting in user
confusion and potential spoofing
#CVE-2021-38509: Javascript alert box could have been spoofed onto an
arbitrary domain
#CVE-2021-38510: Download Protections were bypassed by .inetloc files on Mac
OS
#MOZ-2021-0007: Memory safety bugs fixed in Firefox 94 and Firefox ESR 91.3
Revision 1.5.2.1 / (download) - annotate - [select for diffs], Mon Oct 11 18:36:20 2021 UTC (15 months, 2 weeks ago) by bsiegert
Branch: pkgsrc-2021Q3
Changes since 1.5: +2 -3
lines
Diff to previous 1.5 (colored)
Pullup ticket #6509 - requested by nia
www/firefox91: security fix
www/firefox91-l10n: dependent update
Revisions pulled up:
- www/firefox91-l10n/Makefile 1.3
- www/firefox91-l10n/distinfo 1.4
- www/firefox91/Makefile 1.6
- www/firefox91/distinfo 1.4
---
Module Name: pkgsrc
Committed By: nia
Date: Fri Oct 8 14:41:35 UTC 2021
Modified Files:
pkgsrc/www/firefox91: Makefile distinfo
pkgsrc/www/firefox91-l10n: Makefile distinfo
Log Message:
firefox91: Update to 91.2.0
Security Vulnerabilities fixed in Firefox ESR 91.2
#CVE-2021-38496: Use-after-free in MessageTask
#CVE-2021-38497: Validation message could have been overlaid on another
origin
#CVE-2021-38498: Use-after-free of nsLanguageAtomService object
#CVE-2021-32810: Data race in crossbeam-deque
#CVE-2021-38500: Memory safety bugs fixed in Firefox 93, Firefox ESR 78.15,
and Firefox ESR 91.2
Revision 1.7 / (download) - annotate - [select for diffs], Sat Oct 9 15:35:12 2021 UTC (15 months, 3 weeks ago) by nia
Branch: MAIN
Changes since 1.6: +2 -1
lines
Diff to previous 1.6 (colored)
Recursive revbump for multimedia/libaom
Revision 1.6 / (download) - annotate - [select for diffs], Fri Oct 8 14:41:34 2021 UTC (15 months, 3 weeks ago) by nia
Branch: MAIN
Changes since 1.5: +2 -3
lines
Diff to previous 1.5 (colored)
firefox91: Update to 91.2.0
Security Vulnerabilities fixed in Firefox ESR 91.2
#CVE-2021-38496: Use-after-free in MessageTask
#CVE-2021-38497: Validation message could have been overlaid on another
origin
#CVE-2021-38498: Use-after-free of nsLanguageAtomService object
#CVE-2021-32810: Data race in crossbeam-deque
#CVE-2021-38500: Memory safety bugs fixed in Firefox 93, Firefox ESR 78.15,
and Firefox ESR 91.2
Revision 1.5 / (download) - annotate - [select for diffs], Thu Sep 16 20:46:35 2021 UTC (16 months, 2 weeks ago) by nia
Branch: MAIN
CVS Tags: pkgsrc-2021Q3-base
Branch point for: pkgsrc-2021Q3
Changes since 1.4: +3 -2
lines
Diff to previous 1.4 (colored)
firefox91: we no longer install to share/pixmaps
Revision 1.4 / (download) - annotate - [select for diffs], Thu Sep 16 20:45:38 2021 UTC (16 months, 2 weeks ago) by nia
Branch: MAIN
Changes since 1.3: +2 -2
lines
Diff to previous 1.3 (colored)
firefox91: Explicitly use "unofficial" branding Firefox's build system defaults to "nightly" for builds without official branding, and in practice there seems to be very little difference between "nightly" and "unofficial", but this at least makes our choice explicit. Bump PKGREVISION
Revision 1.3 / (download) - annotate - [select for diffs], Thu Sep 16 17:47:13 2021 UTC (16 months, 2 weeks ago) by nia
Branch: MAIN
Changes since 1.2: +14 -35
lines
Diff to previous 1.2 (colored)
firefox91: install scalable icons, bump PKGREVISION
Revision 1.2 / (download) - annotate - [select for diffs], Thu Sep 9 11:13:59 2021 UTC (16 months, 3 weeks ago) by nia
Branch: MAIN
Changes since 1.1: +3 -3
lines
Diff to previous 1.1 (colored)
firefox91: update to 91.1.0 This fixes CVE-2021-38495
Revision 1.1 / (download) - annotate - [select for diffs], Wed Sep 8 22:19:50 2021 UTC (16 months, 3 weeks ago) by nia
Branch: MAIN
Add Firefox 91ESR as a starting point for the branch.