head 1.49; access; symbols pkgsrc-2019Q1:1.45.0.2 pkgsrc-2019Q1-base:1.45 pkgsrc-2018Q4:1.44.0.2 pkgsrc-2018Q4-base:1.44 pkgsrc-2018Q3:1.37.0.2 pkgsrc-2018Q3-base:1.37 pkgsrc-2018Q2:1.34.0.2 pkgsrc-2018Q2-base:1.34 pkgsrc-2018Q1:1.32.0.2 pkgsrc-2018Q1-base:1.32 pkgsrc-2017Q4:1.30.0.2 pkgsrc-2017Q4-base:1.30 pkgsrc-2017Q3:1.29.0.4 pkgsrc-2017Q3-base:1.29 pkgsrc-2017Q2:1.27.0.2 pkgsrc-2017Q2-base:1.27 pkgsrc-2017Q1:1.23.0.2 pkgsrc-2017Q1-base:1.23 pkgsrc-2016Q4:1.13.0.2 pkgsrc-2016Q4-base:1.13 pkgsrc-2016Q3:1.11.0.2 pkgsrc-2016Q3-base:1.11 pkgsrc-2016Q2:1.4.0.2 pkgsrc-2016Q2-base:1.4; locks; strict; comment @# @; 1.49 date 2019.06.12.15.25.02; author wiz; state dead; branches; next 1.48; commitid 2GoWNtyWwJekDUqB; 1.48 date 2019.05.25.20.17.04; author szptvlfn; state Exp; branches; next 1.47; commitid yzbMsjMqxhF9OCoB; 1.47 date 2019.05.05.22.49.52; author ryoon; state Exp; branches; next 1.46; commitid YtWt2iY1TlCOj4mB; 1.46 date 2019.04.03.00.33.11; author ryoon; state Exp; branches; next 1.45; commitid pkuNrSZ2MZiLWPhB; 1.45 date 2019.01.29.22.33.58; author tnn; state Exp; branches; next 1.44; commitid Rpig8eZeqZRFjJ9B; 1.44 date 2018.12.09.18.52.49; author adam; state Exp; branches; next 1.43; commitid Pdg91emznUBdJ93B; 1.43 date 2018.11.29.11.21.58; author prlw1; state Exp; branches; next 1.42; commitid aZ35ZFDHjmtByP1B; 1.42 date 2018.11.23.08.06.33; author ryoon; state Exp; branches; next 1.41; commitid sJCwe34v6pRyF21B; 1.41 date 2018.11.16.13.02.45; author bsiegert; state Exp; branches; next 1.40; commitid C5FsGFSwip5dxa0B; 1.40 date 2018.11.14.22.22.36; author kleink; state Exp; branches; next 1.39; commitid GUhtnbJ6vT0uGXZA; 1.39 date 2018.11.12.03.53.04; author ryoon; state Exp; branches; next 1.38; commitid 9EFLHvDNIp1OBBZA; 1.38 date 2018.10.24.15.42.47; author bsiegert; state Exp; branches; next 1.37; commitid 9zPPKYR67vbJ9eXA; 1.37 date 2018.08.22.09.47.24; author wiz; state Exp; branches; next 1.36; commitid YLub8g3ofvFGb6PA; 1.36 date 2018.07.20.03.34.31; author ryoon; state Exp; branches; next 1.35; commitid 09Go9qhjDl36dPKA; 1.35 date 2018.07.06.15.06.51; author ryoon; state Exp; branches; next 1.34; commitid NN0f6QXNRPpHu5JA; 1.34 date 2018.04.16.14.35.18; author wiz; state Exp; branches; next 1.33; commitid kzqGMVblMLsRUFyA; 1.33 date 2018.04.14.07.34.43; author adam; state Exp; branches; next 1.32; commitid OW5IgFIaJWdTEnyA; 1.32 date 2018.03.12.11.17.46; author wiz; state Exp; branches; next 1.31; commitid Mv60lx3Uo1UqW9uA; 1.31 date 2018.01.28.20.11.07; author wiz; state Exp; branches; next 1.30; commitid QPx6fI8ZTJVRhGoA; 1.30 date 2017.11.23.17.20.16; author wiz; state Exp; branches; next 1.29; commitid IKMbhxg2I0GMsbgA; 1.29 date 2017.09.08.02.38.44; author ryoon; state Exp; branches; next 1.28; commitid Z3LDLQtL2xn22l6A; 1.28 date 2017.07.09.09.04.00; author maya; state Exp; branches; next 1.27; commitid sZLsCO7IsdXK6xYz; 1.27 date 2017.05.13.02.34.30; author khorben; state Exp; branches; next 1.26; commitid eXm8I6cOVQV5NaRz; 1.26 date 2017.05.12.20.21.27; author khorben; state Exp; branches; next 1.25; commitid o1orxGer6OfhJ8Rz; 1.25 date 2017.05.10.14.13.26; author ryoon; state Exp; branches; next 1.24; commitid aalvPWtbvZczLQQz; 1.24 date 2017.04.22.21.04.02; author adam; state Exp; branches; next 1.23; commitid FZEMSoU8Sj6ZBzOz; 1.23 date 2017.03.26.03.54.37; author ryoon; state Exp; branches 1.23.2.1; next 1.22; commitid tsXZHmFtCMPVM0Lz; 1.22 date 2017.03.26.03.53.34; author ryoon; state Exp; branches; next 1.21; commitid f5Yz5VyIogvAM0Lz; 1.21 date 2017.02.12.06.26.08; author ryoon; state Exp; branches; next 1.20; commitid k6LcxswBlcMUXCFz; 1.20 date 2017.02.08.07.32.01; author maya; state Exp; branches; next 1.19; commitid MUuRHMGbjuMbs7Fz; 1.19 date 2017.02.06.13.56.05; author wiz; state Exp; branches; next 1.18; commitid gPJ49nTI4WujETEz; 1.18 date 2017.01.27.13.43.41; author ryoon; state Exp; branches; next 1.17; commitid d6E7kYhTlYuCUBDz; 1.17 date 2017.01.21.20.06.53; author ryoon; state Exp; branches; next 1.16; commitid XHtF6XJOdLqPdSCz; 1.16 date 2017.01.20.15.03.37; author ryoon; state Exp; branches; next 1.15; commitid 76C6sFH8mxPWzICz; 1.15 date 2017.01.16.23.45.17; author wiz; state Exp; branches; next 1.14; commitid frBytSz1XOJOAfCz; 1.14 date 2017.01.02.17.45.12; author ryoon; state Exp; branches; next 1.13; commitid wo4awYPHBygi3qAz; 1.13 date 2016.12.04.05.17.44; author ryoon; state Exp; branches; next 1.12; commitid xSaWu3mShoBjQCwz; 1.12 date 2016.12.03.10.19.29; author ryoon; state Exp; branches; next 1.11; commitid 5o5sRBzKC6Paywwz; 1.11 date 2016.09.21.11.51.14; author ryoon; state Exp; branches; next 1.10; commitid LdCg0IqjFGv8p9nz; 1.10 date 2016.08.20.23.17.00; author maya; state Exp; branches; next 1.9; commitid CNdEoGvxQFlYd6jz; 1.9 date 2016.08.17.00.06.47; author ryoon; state Exp; branches; next 1.8; commitid 7KzDd43Irha3DAiz; 1.8 date 2016.08.11.04.24.03; author ryoon; state Exp; branches; next 1.7; commitid zIRFJABCF4eqfQhz; 1.7 date 2016.08.04.17.03.39; author ryoon; state Exp; branches; next 1.6; commitid 2O6EMHxyKJmLF0hz; 1.6 date 2016.08.03.10.23.31; author adam; state Exp; branches; next 1.5; commitid AsJCxHnjaXbduQgz; 1.5 date 2016.07.09.06.39.12; author wiz; state Exp; branches; next 1.4; commitid dlqnocGpOoXV2Cdz; 1.4 date 2016.06.19.06.24.09; author ryoon; state Exp; branches; next 1.3; commitid YGzG1A3YDudgC2bz; 1.3 date 2016.05.05.11.51.24; author ryoon; state Exp; branches; next 1.2; commitid rUevdif8MiHcSh5z; 1.2 date 2016.05.04.09.41.55; author ryoon; state Exp; branches; next 1.1; commitid o5jm53gN3IjMb95z; 1.1 date 2016.04.27.16.36.50; author ryoon; state Exp; branches; next ; commitid Onfyoesz0cL5Ih4z; 1.23.2.1 date 2017.06.13.19.11.21; author bsiegert; state Exp; branches; next ; commitid WhCtE1Ks6aP1kfVz; desc @@ 1.49 log @firefox{36,45}: remove old ESR releases of firefox This still leaves the current ESR release, firefox60, the unsupported one before that, firefox52, which does not depend on rust. @ text @# $NetBSD: Makefile,v 1.48 2019/05/25 20:17:04 szptvlfn Exp $ PKGREVISION= 20 FIREFOX_VER= ${MOZ_BRANCH}${MOZ_BRANCH_MINOR} MOZ_BRANCH= 45.9 MOZ_BRANCH_MINOR= .0esr DISTNAME= firefox-${FIREFOX_VER}.source PKGNAME= firefox${MOZ_BRANCH:C/\..*$//}-${MOZ_BRANCH}${MOZ_BRANCH_MINOR:S/b/beta/:S/esr//} CATEGORIES= www MASTER_SITES+= ${MASTER_SITE_MOZILLA:=firefox/releases/${FIREFOX_VER}/source/} MASTER_SITES+= ${MASTER_SITE_MOZILLA_ALL:=firefox/releases/${FIREFOX_VER}/source/} EXTRACT_SUFX= .tar.xz WRKSRC= ${WRKDIR}/${DISTNAME:S/.source//} MAINTAINER= ryoon@@NetBSD.org HOMEPAGE= https://www.mozilla.com/en-US/firefox/ COMMENT= Web browser with support for extensions (version ${MOZ_BRANCH:C/\..*//}) LICENSE= mpl-1.1 MOZILLA_DIR= # empty # Note: when updating remember to conditionalise about-background.png in PLIST CONFIGURE_ARGS+= --enable-application=browser LDFLAGS+= ${COMPILER_RPATH_FLAG}${PREFIX}/lib/${PKGBASE} LDFLAGS.DragonFly+= -lplc4 -lnspr4 LDFLAGS.FreeBSD+= -lplc4 -lnspr4 LDFLAGS.Linux+= -lnspr4 LDFLAGS.SunOS+= -lm NOT_PAX_MPROTECT_SAFE+= lib/${PKGBASE}/firefox NOT_PAX_MPROTECT_SAFE+= lib/${PKGBASE}/firefox-bin NOT_PAX_MPROTECT_SAFE+= lib/${PKGBASE}/plugin-container ALL_ENV+= MOZILLA_PKG_NAME=${PKGBASE} # Avoid ld "invalid section index" errors. BUILDLINK_TRANSFORM.SunOS+= rm:-fdata-sections BUILDLINK_TRANSFORM.SunOS+= rm:-ffunction-sections .include "mozilla-common.mk" .include "options.mk" CHECK_INTERPRETER_SKIP+=lib/firefox-sdk/sdk/bin/header.py CHECK_INTERPRETER_SKIP+=lib/firefox-sdk/sdk/bin/typelib.py CHECK_INTERPRETER_SKIP+=lib/firefox-sdk/sdk/bin/xpidl.py CHECK_INTERPRETER_SKIP+=lib/firefox-sdk/sdk/bin/xpt.py MOZILLA= ${PKGBASE} MOZILLA_ICON= ${WRKSRC}/${OBJDIR}/dist/firefox/browser/chrome/icons/default/default48.png .if !empty(PKG_OPTIONS:Mofficial-mozilla-branding) MOZILLA_NAME= Firefox .else MOZILLA_NAME= Browser .endif SUBST_CLASSES+= sys-dic SUBST_STAGE.sys-dic= pre-configure SUBST_MESSAGE.sys-dic= Reference to system hunspell dictionaries. SUBST_FILES.sys-dic= extensions/spellcheck/hunspell/glue/mozHunspell.cpp SUBST_VARS.sys-dic= PREFIX post-extract: mv ${WRKSRC}/gfx/ycbcr/yuv_row_arm.s ${WRKSRC}/gfx/ycbcr/yuv_row_arm.S ${CP} files/cubeb_oss.c ${WRKSRC}/media/libcubeb/src/cubeb_oss.c pre-configure: cd ${WRKSRC} && mkdir ${OBJDIR} cd ${WRKSRC} && autoconf cd ${WRKSRC}/js/src && autoconf # XXX Makefile is broken? When libxul is provided from devel/xulrunner, # XXX please remove this. mkdir ${WRKSRC}/js/src/.deps post-build: ${SED} -e 's|@@MOZILLA@@|${MOZILLA}|g' \ -e 's|@@MOZILLA_NAME@@|${MOZILLA_NAME}|g' \ -e 's|@@FIREFOX_ICON@@|${MOZILLA}.png|g' \ < ${FILESDIR}/desktop.in \ > ${WRKDIR}/desktop INSTALLATION_DIRS+= share/applications share/pixmaps post-install: ${INSTALL_DATA} ${WRKDIR}/desktop \ ${DESTDIR}${PREFIX}/share/applications/${MOZILLA}.desktop ${INSTALL_DATA} ${MOZILLA_ICON} \ ${DESTDIR}${PREFIX}/share/pixmaps/${MOZILLA}.png .include "../../sysutils/desktop-file-utils/desktopdb.mk" .include "../../mk/bsd.pkg.mk" @ 1.48 log @update firefox HOMEPAGE (http -> https) @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.47 2019/05/05 22:49:52 ryoon Exp $ @ 1.47 log @Recursive rebvump from devel/nss @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.46 2019/04/03 00:33:11 ryoon Exp $ d18 1 a18 1 HOMEPAGE= http://www.mozilla.com/en-US/firefox/ @ 1.46 log @Recursive revbump from textproc/icu @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.45 2019/01/29 22:33:58 tnn Exp $ d3 1 a3 1 PKGREVISION= 19 @ 1.45 log @remove obsolete hacks.mk & reduce diffs between mozilla derivative packages @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.44 2018/12/09 18:52:49 adam Exp $ d3 1 a3 1 PKGREVISION= 18 @ 1.44 log @revbump after updating textproc/icu @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.43 2018/11/29 11:21:58 prlw1 Exp $ a2 1 MOZILLA_PKG_NAME= firefox45 d9 1 a9 1 PKGNAME= ${MOZILLA_PKG_NAME}-${MOZ_BRANCH}${MOZ_BRANCH_MINOR:S/b/beta/:S/esr//} d27 4 a30 2 # workround for link of libxul.so etc. LDFLAGS+= ${COMPILER_RPATH_FLAG}${PREFIX}/lib/${MOZILLA_PKG_NAME} d33 3 a35 3 NOT_PAX_MPROTECT_SAFE+= lib/firefox45/firefox NOT_PAX_MPROTECT_SAFE+= lib/firefox45/firefox-bin NOT_PAX_MPROTECT_SAFE+= lib/firefox45/plugin-container d37 1 a37 1 ALL_ENV+= MOZILLA_PKG_NAME=${MOZILLA_PKG_NAME} a42 4 LDFLAGS.DragonFly= -lplc4 -lnspr4 LDFLAGS.FreeBSD= -lplc4 -lnspr4 LDFLAGS.Linux= -lnspr4 d51 1 a51 1 MOZILLA=${MOZILLA_PKG_NAME} @ 1.43 log @Revbump for libcanberra gstreamer change. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.42 2018/11/23 08:06:33 ryoon Exp $ d4 1 a4 1 PKGREVISION= 17 @ 1.42 log @Recursive revbump from multimedia/libva @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.41 2018/11/16 13:02:45 bsiegert Exp $ d4 1 a4 1 PKGREVISION= 16 @ 1.41 log @Revbump hunspell reverse-depends after update. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.40 2018/11/14 22:22:36 kleink Exp $ d4 1 a4 1 PKGREVISION= 15 @ 1.40 log @Revbump after cairo 1.16.0 update. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.39 2018/11/12 03:53:04 ryoon Exp $ d4 1 a4 1 PKGREVISION= 14 @ 1.39 log @Recursive revbump from hardbuzz-2.1.1 @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.38 2018/10/24 15:42:47 bsiegert Exp $ d4 1 a4 1 PKGREVISION= 13 @ 1.38 log @Revbump packages that depend on hunspell. The recent hunspell update has changed the name of the library, so these need to be rebuilt. prodded by wiz@@ and leot@@. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.37 2018/08/22 09:47:24 wiz Exp $ d4 1 a4 1 PKGREVISION= 12 @ 1.37 log @Recursive bump for perl5-5.28.0 @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.36 2018/07/20 03:34:31 ryoon Exp $ d4 1 a4 1 PKGREVISION= 11 @ 1.36 log @Recursive revbump from textproc/icu-62.1 @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.35 2018/07/06 15:06:51 ryoon Exp $ d4 1 a4 1 PKGREVISION= 10 @ 1.35 log @Recursive revbump from audio/pulseaudio @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.34 2018/04/16 14:35:18 wiz Exp $ d4 1 a4 1 PKGREVISION= 9 @ 1.34 log @Recursive bump for new fribidi dependency in pango. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.33 2018/04/14 07:34:43 adam Exp $ d4 1 a4 1 PKGREVISION= 8 @ 1.33 log @revbump after icu update @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.32 2018/03/12 11:17:46 wiz Exp $ d4 1 a4 1 PKGREVISION= 7 @ 1.32 log @Recursive bumps for fontconfig and libzip dependency changes. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.31 2018/01/28 20:11:07 wiz Exp $ d4 1 a4 1 PKGREVISION= 6 @ 1.31 log @Bump PKGREVISION for gdbm shlib major bump @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.30 2017/11/23 17:20:16 wiz Exp $ d4 1 a4 1 PKGREVISION= 5 a10 1 PKGREVISION= 1 @ 1.30 log @recursive bump for libxkbcommon removal from at-spi2-core @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.29 2017/09/08 02:38:44 ryoon Exp $ d4 1 a4 1 PKGREVISION= 4 @ 1.29 log @Recursive revbump from audio/pulseaudio-11.0 @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.28 2017/07/09 09:04:00 maya Exp $ d4 1 a4 1 PKGREVISION= 3 @ 1.28 log @firefox{,45,52}: bump pkgrevision with no change. these packages pull in GCC_REQD+=4.9 via mozilla-common.mk, and are very widely used (I suspect only www/firefox actually needs it) this will take care of most of the fallout from major bumping pkgsrc-gcc-libstdc++ to 7 on netbsd. these are the most widely used packages setting GCC_REQD>4.8. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.27 2017/05/13 02:34:30 khorben Exp $ d4 1 a4 1 PKGREVISION= 2 @ 1.27 log @Add dependency to multimedia/ffmpeg3 This fixes audio and H.264 support. From ryoon@@ originally, on 46.0nb1 at the time. "commit" maya@@ @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.26 2017/05/12 20:21:27 khorben Exp $ d4 1 a4 1 PKGREVISION= 1 @ 1.26 log @Register more binaries as not safe for PaX mprotect This also reflects the current situation in www/firefox. Bumps PKGREVISION. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.25 2017/05/10 14:13:26 ryoon Exp $ d4 1 @ 1.25 log @Update to 45.9.0 Changelog: Security fixes: #CVE-2017-5433: Use-after-free in SMIL animation functions #CVE-2017-5435: Use-after-free during transaction processing in the editor #CVE-2017-5436: Out-of-bounds write with malicious font in Graphite 2 #CVE-2017-5461: Out-of-bounds write in Base64 encoding in NSS #CVE-2017-5459: Buffer overflow in WebGL #CVE-2017-5434: Use-after-free during focus handling #CVE-2017-5432: Use-after-free in text input selection #CVE-2017-5460: Use-after-free in frame selection #CVE-2017-5438: Use-after-free in nsAutoPtr during XSLT processing #CVE-2017-5439: Use-after-free in nsTArray Length() during XSLT processing #CVE-2017-5440: Use-after-free in txExecutionState destructor during XSLT processing #CVE-2017-5441: Use-after-free with selection during scroll events #CVE-2017-5442: Use-after-free during style changes #CVE-2017-5464: Memory corruption with accessibility and DOM manipulation #CVE-2017-5443: Out-of-bounds write during BinHex decoding #CVE-2017-5444: Buffer overflow while parsing application/http-index-format content #CVE-2017-5446: Out-of-bounds read when HTTP/2 DATA frames are sent with incorrect data #CVE-2017-5447: Out-of-bounds read during glyph processing #CVE-2017-5465: Out-of-bounds read in ConvolvePixel #CVE-2017-5448: Out-of-bounds write in ClearKeyDecryptor #CVE-2016-10196: Vulnerabilities in Libevent library #CVE-2017-5469: Potential Buffer overflow in flex-generated code #CVE-2017-5445: Uninitialized values used while parsing application/http-index-format content #CVE-2017-5462: DRBG flaw in NSS #CVE-2017-5429: Memory safety bugs fixed in Firefox 53, Firefox ESR 45.9, and Firefox ESR 52.1 @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.24 2017/04/22 21:04:02 adam Exp $ d10 1 d33 2 @ 1.24 log @Revbump after icu update @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.23 2017/03/26 03:54:37 ryoon Exp $ d5 1 a5 1 MOZ_BRANCH= 45.8 a9 1 PKGREVISION= 1 @ 1.23 log @Remove PKGREVISION @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.22 2017/03/26 03:53:34 ryoon Exp $ d10 1 @ 1.23.2.1 log @Pullup ticket #5476 - requested by khorben www/firefox45: security fix Revisions pulled up: - www/firefox45-l10n/Makefile 1.10 - www/firefox45-l10n/distinfo 1.11 - www/firefox45/Makefile 1.25-1.27 - www/firefox45/distinfo 1.14 - www/firefox45/mozilla-common.mk 1.7 --- Module Name: pkgsrc Committed By: ryoon Date: Wed May 10 14:13:26 UTC 2017 Modified Files: pkgsrc/www/firefox45: Makefile distinfo Log Message: Update to 45.9.0 Changelog: Security fixes: #CVE-2017-5433: Use-after-free in SMIL animation functions #CVE-2017-5435: Use-after-free during transaction processing in the editor #CVE-2017-5436: Out-of-bounds write with malicious font in Graphite 2 #CVE-2017-5461: Out-of-bounds write in Base64 encoding in NSS #CVE-2017-5459: Buffer overflow in WebGL #CVE-2017-5434: Use-after-free during focus handling #CVE-2017-5432: Use-after-free in text input selection #CVE-2017-5460: Use-after-free in frame selection #CVE-2017-5438: Use-after-free in nsAutoPtr during XSLT processing #CVE-2017-5439: Use-after-free in nsTArray Length() during XSLT processing #CVE-2017-5440: Use-after-free in txExecutionState destructor during XSLT processing #CVE-2017-5441: Use-after-free with selection during scroll events #CVE-2017-5442: Use-after-free during style changes #CVE-2017-5464: Memory corruption with accessibility and DOM manipulation #CVE-2017-5443: Out-of-bounds write during BinHex decoding #CVE-2017-5444: Buffer overflow while parsing application/http-index-format content #CVE-2017-5446: Out-of-bounds read when HTTP/2 DATA frames are sent with incorrect data #CVE-2017-5447: Out-of-bounds read during glyph processing #CVE-2017-5465: Out-of-bounds read in ConvolvePixel #CVE-2017-5448: Out-of-bounds write in ClearKeyDecryptor #CVE-2016-10196: Vulnerabilities in Libevent library #CVE-2017-5469: Potential Buffer overflow in flex-generated code #CVE-2017-5445: Uninitialized values used while parsing application/http-index-format content #CVE-2017-5462: DRBG flaw in NSS #CVE-2017-5429: Memory safety bugs fixed in Firefox 53, Firefox ESR 45.9, and Firefox ESR 52.1 --- Module Name: pkgsrc Committed By: ryoon Date: Wed May 10 14:14:41 UTC 2017 Modified Files: pkgsrc/www/firefox45-l10n: Makefile distinfo Log Message: Update to 45.9.0 * Sync with firefox45-45.9.0 --- Module Name: pkgsrc Committed By: khorben Date: Fri May 12 20:21:27 UTC 2017 Modified Files: pkgsrc/www/firefox45: Makefile Log Message: Register more binaries as not safe for PaX mprotect This also reflects the current situation in www/firefox. Bumps PKGREVISION. --- Module Name: pkgsrc Committed By: khorben Date: Sat May 13 02:34:30 UTC 2017 Modified Files: pkgsrc/www/firefox45: Makefile mozilla-common.mk Log Message: Add dependency to multimedia/ffmpeg3 This fixes audio and H.264 support. From ryoon@@ originally, on 46.0nb1 at the time. "commit" maya@@ @ text @d1 1 a1 1 # $NetBSD$ a3 1 PKGREVISION= 1 d5 1 a5 1 MOZ_BRANCH= 45.9 a9 1 PKGREVISION= 1 a31 2 NOT_PAX_MPROTECT_SAFE+= lib/firefox45/firefox-bin NOT_PAX_MPROTECT_SAFE+= lib/firefox45/plugin-container @ 1.22 log @Update to 45.8.0 Changelog: #CVE-2017-5400: asm.js JIT-spray bypass of ASLR and DEP #CVE-2017-5401: Memory Corruption when handling ErrorResult #CVE-2017-5402: Use-after-free working with events in FontFace objects #CVE-2017-5404: Use-after-free working with ranges in selections #CVE-2017-5407: Pixel and history stealing via floating-point timing side channel with SVG filters #CVE-2017-5410: Memory corruption during JavaScript garbage collection incremental sweeping #CVE-2017-5409: File deletion via callback parameter in Mozilla Windows Updater and Maintenance Service #CVE-2017-5408: Cross-origin reading of video captions in violation of CORS #CVE-2017-5405: FTP response codes can cause use of uninitialized values for ports #CVE-2017-5398: Memory safety bugs fixed in Firefox 52 and Firefox ESR 45.8 @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.21 2017/02/12 06:26:08 ryoon Exp $ a9 1 PKGREVISION= 3 @ 1.21 log @Recursive revbump from fonts/harfbuzz @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.20 2017/02/08 07:32:01 maya Exp $ d5 1 a5 1 MOZ_BRANCH= 45.7 @ 1.20 log @firefox45: make oss audio not overflow (sound like crap) when playing bass-heavy sounds, similar to the change made to www/firefox. put this patch in files/ because it's the right thing and also because I'm struggling to make changes to the patch, possibly my moving the location of EOF so the patch doesn't apply fully (guessing) PKGREVISION->2 @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.19 2017/02/06 13:56:05 wiz Exp $ d10 1 a10 1 PKGREVISION= 2 @ 1.19 log @Recursive bump for harfbuzz's new graphite2 dependency. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.18 2017/01/27 13:43:41 ryoon Exp $ d10 1 a10 1 PKGREVISION= 1 d68 1 @ 1.18 log @Update 45.7.0 Security fixes: #CVE-2017-5375: Excessive JIT code allocation allows bypass of ASLR and DEP #CVE-2017-5376: Use-after-free in XSL #CVE-2017-5378: Pointer and frame data leakage of Javascript objects #CVE-2017-5380: Potential use-after-free during DOM manipulations #CVE-2017-5390: Insecure communication methods in Developer Tools JSON viewer #CVE-2017-5396: Use-after-free with Media Decoder #CVE-2017-5383: Location bar spoofing with unicode characters #CVE-2017-5386: WebExtensions can use data: protocol to affect other extensions #CVE-2017-5373: Memory safety bugs fixed in Firefox 51 and Firefox ESR 45.7 @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.17 2017/01/21 20:06:53 ryoon Exp $ d10 1 @ 1.17 log @Recursive revbump from audio/pulseaudio-10.0 @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.16 2017/01/20 15:03:37 ryoon Exp $ d5 1 a5 1 MOZ_BRANCH= 45.6 a9 1 PKGREVISION= 3 @ 1.16 log @Fix an insecure connection error in HTTP2 case with devel/nss-3.28 or later Bump PKGREVISION @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.15 2017/01/16 23:45:17 wiz Exp $ d10 1 a10 1 PKGREVISION= 2 @ 1.15 log @Recursive bump for libvpx shlib major change. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.14 2017/01/02 17:45:12 ryoon Exp $ d10 1 a10 1 PKGREVISION= 1 @ 1.14 log @Update to 45.6.0 Chagnelog: Security vulnerabilities fixed in Firefox ESR 45.6 #CVE-2016-9899: Use-after-free while manipulating DOM events and audio elements #CVE-2016-9895: CSP bypass using marquee tag #CVE-2016-9897: Memory corruption in libGLES #CVE-2016-9898: Use-after-free in Editor while manipulating DOM subtrees #CVE-2016-9900: Restricted external resources can be loaded by SVG images through data URLs #CVE-2016-9904: Cross-origin information leak in shared atoms #CVE-2016-9905: Crash in EnumerateSubDocuments #CVE-2016-9901: Data from Pocket server improperly sanitized before execution #CVE-2016-9902: Pocket extension does not validate the origin of events #CVE-2016-9893: Memory safety bugs fixed in Firefox 50.1 and Firefox ESR 45.6 @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.13 2016/12/04 05:17:44 ryoon Exp $ d10 1 @ 1.13 log @Recursive revbump from textproc/icu 58.1 @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.12 2016/12/03 10:19:29 ryoon Exp $ d5 2 a6 2 MOZ_BRANCH= 45.5 MOZ_BRANCH_MINOR= .1esr a9 1 PKGREVISION= 1 @ 1.12 log @Update to 45.5.1 Changelog: 45.5.1: #CVE-2016-9079: Use-after-free in SVG Animation 45.5.0: #CVE-2016-5296: Heap-buffer-overflow WRITE in rasterize_edges_1 #CVE-2016-5293: Write to arbitrary file with Mozilla Updater and Maintenance Service using updater.log hardlink #CVE-2016-5294: Arbitrary target directory for result files of update process #CVE-2016-5297: Incorrect argument length checking in JavaScript #CVE-2016-9064: Add-ons update must verify IDs match between current and new versions #CVE-2016-9066: Integer overflow leading to a buffer overflow in nsScriptLoadHandler #CVE-2016-5291: Same-origin policy violation using local HTML file and saved shortcut file #CVE-2016-9074: Insufficient timing side-channel resistance in divSpoiler #CVE-2016-5290: Memory safety bugs fixed in Firefox 50 and Firefox ESR 45.5 @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.11 2016/09/21 11:51:14 ryoon Exp $ d10 1 @ 1.11 log @Update to 45.4.0 Changelog: Security vulnerabilities fixed in Firefox ESR 45.4 Announced September 13, 2016 Impact Critical Products Firefox ESR Fixed in Firefox ESR 45.4 Description CVE-2016-5270 - Heap-buffer-overflow in nsCaseTransformTextRunFactory::TransformString [high] Reporter: Atte Kettunen Description: An out-of-bounds write of a boolean value during text conversion with some unicode characters. [1291016] CVE-2016-5272 - Bad cast in nsImageGeometryMixin [high] Reporter: Abhishek Arya Description: A bad cast when processing layout with input elements can result in a potentially exploitable crash. [1297934] CVE-2016-5276 - Heap-use-after-free in mozilla::a11y::DocAccessible::ProcessInvalidationList [high] Reporter: Nils Description: A use-after-free vulnerability triggered by setting a aria-owns attribute [1287721] CVE-2016-5274 - use-after-free in nsFrameManager::CaptureFrameState [high] Reporter: Nils Description: A use-after-free issue in web animations during restyling. [1282076] CVE-2016-5277 - Heap-use-after-free in nsRefreshDriver::Tick [high] Reporter: Nils Description: A user-after-free vulnerability with web animations when destroying a timeline [1291665] CVE-2016-5278 - Heap-buffer-overflow in nsBMPEncoder::AddImageFrame [critical] Reporter: Nils Description: A potentially exploitable crash caused by a buffer overflow while encoding image frames to images [1294677] CVE-2016-5280 - Use-after-free in mozilla::nsTextNodeDirectionalityMap::RemoveElementFromMap [high] Reporter: Mei Wang Description: Use-after-free vulnerability when changing text direction [1289970] CVE-2016-5281 - use-after-free in DOMSVGLength [high] Reporter: Brian Carpenter Description: Use-after-free vulnerability when manipulating SVG format content through script [1284690] CVE-2016-5284 - Add-on update site certificate pin expiration [high] Reporter: Multiple people Description: Due to flaws in the process we used to update "Preloaded Public Key Pinning" in our releases, the pinning for add-on updates became ineffective in early September. An attacker who was able to get a mis-issued certificate for a Mozilla web site could send malicious add-on updates to users on networks controlled by the attacker. Users who have not installed any add-ons are not affected. [1303127] CVE-2016-5250 - Resource Timing API is storing resources sent by the previous page [moderate] Reporter: Catalin Dumitru Description: URLs of resources loaded after a navigation started can leak to the following page through the Resource Timing API, leading to potential information disclosure. [1254688] CVE-2016-5261 - Integer overflow and memory corruption in WebSocketChannel [high] Reporter: Samuel Groß Description: An integer overflow error in WebSockets during data buffering on incoming packets resulting in attacker controlled data being written at a known offset in the allocated buffer. [1287266] CVE-2016-5257 - Memory safety bugs fixed in Firefox 49 and Firefox ESR 45.4 [critical] Reporter: Mozilla developers Description: Mozilla developers and community members Christoph Diehl, Andrew McCreight, Dan Minor, Byron Campen, Jon Coppeard, Steve Fink, Tyson Smith, Philipp, and Carsten Book reported memory safety bugs present in Firefox 48 and Firefox ESR 45.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort at least some of these could be exploited to run arbitrary code. [Memory safety bugs fixed in Firefox 49 and Firefox ESR 45.4] @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.10 2016/08/20 23:17:00 maya Exp $ d5 2 a6 2 MOZ_BRANCH= 45.4 MOZ_BRANCH_MINOR= .0esr @ 1.10 log @Another paxctl +m needed, lib/firefox45/firefox @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.9 2016/08/17 00:06:47 ryoon Exp $ d5 1 a5 1 MOZ_BRANCH= 45.3 a9 1 PKGREVISION= 1 @ 1.9 log @Recursive revbump from multimedia/libvpx uppdate @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.8 2016/08/11 04:24:03 ryoon Exp $ d32 2 @ 1.8 log @Update to 45.3.0 Changelog: Fixed Various stability fixes Fixed in Firefox ESR 45.3 2016-80 Same-origin policy violation using local HTML file and saved shortcut file 2016-79 Use-after-free when applying SVG effects 2016-78 Type confusion in display transformation 2016-77 Buffer overflow in ClearKey Content Decryption Module (CDM) during video playback 2016-76 Scripts on marquee tag can execute in sandboxed iframes 2016-73 Use-after-free in service workers with nested sync events 2016-72 Use-after-free in DTLS during WebRTC session shutdown 2016-70 Use-after-free when using alt key and toplevel menus 2016-67 Stack underflow during 2D graphics rendering 2016-65 Cairo rendering crash due to memory allocation issue with FFmpeg 0.10 2016-64 Buffer overflow rendering SVG with bidirectional content 2016-63 Favicon network connection can persist when page is closed 2016-62 Miscellaneous memory safety hazards (rv:48.0 / rv:45.3) @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.7 2016/08/04 17:03:39 ryoon Exp $ d10 1 @ 1.7 log @Recursive revbump from audio/pulseaudio @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.6 2016/08/03 10:23:31 adam Exp $ d5 1 a5 1 MOZ_BRANCH= 45.2 a9 1 PKGREVISION= 3 @ 1.6 log @Revbump after graphics/gd update @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.5 2016/07/09 06:39:12 wiz Exp $ d10 1 a10 1 PKGREVISION= 2 @ 1.5 log @Bump PKGREVISION for perl-5.24.0 for everything mentioning perl. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.4 2016/06/19 06:24:09 ryoon Exp $ d10 1 a10 1 PKGREVISION= 1 @ 1.4 log @Update to 45.2.0 Changelog: Fixed Graphics-related crashes (Bugs 1261320, 1224199) Various security fixes Unicode support for AutoConfig API (Bug 1271032) Web compatibility fix for addEventListener API (Bug 1266194) Fixed in Firefox ESR 45.2 2016-58 Entering fullscreen and persistent pointerlock without user permission 2016-56 Use-after-free when textures are used in WebGL operations after recycle pool destruction 2016-55 File overwrite and privilege escalation through Mozilla Windows updater 2016-53 Out-of-bounds write with WebGL shader 2016-52 Addressbar spoofing though the SELECT element 2016-51 Use-after-free deleting tables from a contenteditable document 2016-50 Buffer overflow parsing HTML5 fragments 2016-49 Miscellaneous memory safety hazards (rv:47.0 / rv:45.2) @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.3 2016/05/05 11:51:24 ryoon Exp $ d10 1 @ 1.3 log @Update to 45.1.1 Changelog: Fixed Build issue when jit is disabled (Bug 1266366) Add-on signing certificate expiration (Bug 1267318) Graphics-related shutdown crash (Bug 1261321) @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.2 2016/05/04 09:41:55 ryoon Exp $ d5 2 a6 2 MOZ_BRANCH= 45.1 MOZ_BRANCH_MINOR= .1esr @ 1.2 log @Remove unused patch. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.1 2016/04/27 16:36:50 ryoon Exp $ d6 1 a6 1 MOZ_BRANCH_MINOR= .0esr @ 1.1 log @Import firefox45-45.1.0 as www/firefox45. Mozilla Firefox is a free, open-source and cross-platform web browser for Windows, Linux, MacOS X and many other operating systems. It is fast and easy to use, and offers many advantages over other web browsers, such as tabbed browsing and the ability to block pop-up windows. Firefox also offers excellent bookmark and history management, and it can be extended by developers using industry standards such as XML, CSS, JavaScript, C++, etc. Many extensions are available. This package tracks Firefox 45 ESR branch. Changelog from www/firefox 45.0.2: Fixed in Firefox ESR 45.1 2016-47 Write to invalid HashMap entry through JavaScript.watch() 2016-44 Buffer overflow in libstagefright with CENC offsets 2016-39 Miscellaneous memory safety hazards (rv:46.0 / rv:45.1 / rv:38.8) @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.249 2016/04/13 20:37:33 ryoon Exp $ d63 3 @