[no description] https://git.osdyson.ru/mirror/pkgsrc/atom?h=pkgsrc-2017Q4 2018-03-30T11:14:01Z 2018-03-30T11:14:01Z bsiegert bsiegert@pkgsrc.org 2018-03-30T11:14:01Z urn:sha1:cf4a992c4f8fe2deadec2b54ddbb992120829919 www/drupal7: security fix www/drupal8: security fix Revisions pulled up: - www/drupal7/Makefile 1.48 - www/drupal7/distinfo 1.36 - www/drupal8/Makefile: submitter provided patch - www/drupal8/distinfo: submitter provided patch --- Module Name: pkgsrc Committed By: maya Date: Wed Mar 28 21:22:18 UTC 2018 Modified Files: pkgsrc/www/drupal7: Makefile distinfo Log Message: drupal7: update to 7.58 Fixes remote code execution vulnerability (CVE-2018-7600) No other changes are included in this release. 2018-03-22T06:56:21Z spz spz@pkgsrc.org 2018-03-22T06:56:21Z urn:sha1:e67f0c7f7d55d788ecce0ef4f0b9b28895d99baa devel/nspr: dependency update devel/nss: dependency update www/firefox-l10n: dependent update www/firefox: security update Revisions pulled up: - devel/nspr/Makefile 1.94-1.95 - devel/nspr/distinfo 1.48-1.49 - devel/nspr/patches/patch-az deleted - devel/nspr/patches/patch-nspr_pr_include_md___pth.h 1.1 - devel/nspr/patches/patch-nspr_pr_src_pthreads_ptthread.c 1.1 - devel/nspr/patches/patch-nsprpub_pr_include_md__pth.h deleted - devel/nss/Makefile 1.146,1.148 - devel/nss/PLIST 1.24 - devel/nss/distinfo 1.81,1.83 - devel/nss/patches/patch-nss_lib_freebl_config.mk deleted - devel/nss/patches/patch-nss_lib_freebl_verified_kremlib.h deleted - www/firefox-l10n/Makefile 1.121-1.123 - www/firefox-l10n/distinfo 1.111-1.113 - www/firefox/Makefile 1.320-1.321,1.324 - www/firefox/PLIST 1.127 - www/firefox/distinfo 1.307-1.309 - www/firefox/mozilla-common.mk 1.105-1.106 - www/firefox/patches/patch-aa 1.56 - www/firefox/patches/patch-build_gyp.mozbuild 1.8 - www/firefox/patches/patch-build_moz.configure_keyfiles.configure 1.5 - www/firefox/patches/patch-build_moz.configure_memory.configure deleted - www/firefox/patches/patch-config_baseconfig.mk deleted - www/firefox/patches/patch-config_external_moz.build 1.17 - www/firefox/patches/patch-dom_media_moz.build 1.9 - www/firefox/patches/patch-gfx_skia_generate__mozbuild.py 1.8 - www/firefox/patches/patch-gfx_skia_moz.build 1.15 - www/firefox/patches/patch-gfx_thebes_moz.build 1.9 - www/firefox/patches/patch-media_libcubeb_gtest_moz.build 1.2 - www/firefox/patches/patch-media_libtheora_moz.build 1.8 - www/firefox/patches/patch-media_libvorbis_moz.build 1.4 - www/firefox/patches/patch-media_webrtc_trunk_webrtc_modules_audio__device_linux_audio__device__alsa__linux.cc 1.1 - www/firefox/patches/patch-modules_libpref_init_all.js 1.7 - www/firefox/patches/patch-modules_pdfium_update.sh 1.2 - www/firefox/patches/patch-netwerk_dns_moz.build 1.8 - www/firefox/patches/patch-netwerk_srtp_src_crypto_hash_hmac.c deleted - www/firefox/patches/patch-netwerk_srtp_src_crypto_kernel_crypto__kernel.c deleted - www/firefox/patches/patch-servo_components_style_properties_helpers_animated__properties.mako.rs deleted - www/firefox/patches/patch-third__party_rust_simd_.cargo-checksum.json 1.1 - www/firefox/patches/patch-third__party_rust_simd_src_x86_avx2.rs 1.1 - www/firefox/patches/patch-toolkit_crashreporter_google-breakpad_src_third_party_curl_curlbuild.h deleted - www/firefox/patches/patch-toolkit_moz.configure 1.10 - www/firefox/patches/patch-toolkit_xre_nsEmbedFunctions.cpp deleted - www/firefox/patches/patch-xpcom_build_BinaryPath.h 1.3-1.4 ------------------------------------------------------------------- Module Name: pkgsrc Committed By: ryoon Date: Wed Jan 24 16:21:43 UTC 2018 Modified Files: pkgsrc/devel/nspr: Makefile distinfo Added Files: pkgsrc/devel/nspr/patches: patch-nspr_pr_include_md___pth.h patch-nspr_pr_src_pthreads_ptthread.c Removed Files: pkgsrc/devel/nspr/patches: patch-az patch-nsprpub_pr_include_md__pth.h Log Message: Update to 4.18 Changelog: NSPR 4.18 contains the following changes: - removed HP-UX DCE threads support - improvements for the Windows implementation of PR_SetCurrentThreadName - fixes for the Windows implementation of TCP Fast Open To generate a diff of this commit: cvs rdiff -u -r1.93 -r1.94 pkgsrc/devel/nspr/Makefile cvs rdiff -u -r1.47 -r1.48 pkgsrc/devel/nspr/distinfo cvs rdiff -u -r1.4 -r0 pkgsrc/devel/nspr/patches/patch-az cvs rdiff -u -r0 -r1.1 \ pkgsrc/devel/nspr/patches/patch-nspr_pr_include_md___pth.h \ pkgsrc/devel/nspr/patches/patch-nspr_pr_src_pthreads_ptthread.c cvs rdiff -u -r1.3 -r0 \ pkgsrc/devel/nspr/patches/patch-nsprpub_pr_include_md__pth.h ------------------------------------------------------------------- Module Name: pkgsrc Committed By: ryoon Date: Sat Mar 17 01:06:18 UTC 2018 Modified Files: pkgsrc/devel/nspr: Makefile distinfo Log Message: Update to 4.29 Changelog: NSPR 4.19 contains the following changes: - changed order of shutdown cleanup to avoid a crash on Mac OSX - build compatibility with Android NDK r16 and glibc 2.26 To generate a diff of this commit: cvs rdiff -u -r1.94 -r1.95 pkgsrc/devel/nspr/Makefile cvs rdiff -u -r1.48 -r1.49 pkgsrc/devel/nspr/distinfo ------------------------------------------------------------------- Module Name: pkgsrc Committed By: ryoon Date: Wed Jan 24 16:23:52 UTC 2018 Modified Files: pkgsrc/devel/nss: Makefile distinfo Removed Files: pkgsrc/devel/nss/patches: patch-nss_lib_freebl_config.mk patch-nss_lib_freebl_verified_kremlib.h Log Message: Update to 3.35 Changelog: The NSS team has released Network Security Services (NSS) 3.35, which is a minor release. Summary of the major changes included in this release: - The default database storage format has been changed to SQL, using filenames cert9.db, key4.db, pkcs11.txt. - TLS 1.3 support has been updated to draft -23, along with additional significant changes. - Support for TLS compression was removed. - Added formally verified implementations of non-vectorized Chacha20 and non-vectorized Poly1305 64-bit. - When creating encrypted PKCS#7 or PKCS#12 data, NSS uses a higher iteration count for stronger security. - The CA trust list was updated to version 2.22. To generate a diff of this commit: cvs rdiff -u -r1.145 -r1.146 pkgsrc/devel/nss/Makefile cvs rdiff -u -r1.80 -r1.81 pkgsrc/devel/nss/distinfo cvs rdiff -u -r1.2 -r0 \ pkgsrc/devel/nss/patches/patch-nss_lib_freebl_config.mk cvs rdiff -u -r1.1 -r0 \ pkgsrc/devel/nss/patches/patch-nss_lib_freebl_verified_kremlib.h ------------------------------------------------------------------- Module Name: pkgsrc Committed By: ryoon Date: Sat Mar 17 01:07:15 UTC 2018 Modified Files: pkgsrc/devel/nss: Makefile PLIST distinfo Log Message: Update to 3.36 * Require devel/nspr-4.19 Changelog: The NSS team has released Network Security Services (NSS) 3.36, which is a minor release. Summary of the major changes included in this release: - Replaced existing vectorized ChaCha20 code with verified HACL* implementation. - Experimental APIs for TLS session cache handling. To generate a diff of this commit: cvs rdiff -u -r1.147 -r1.148 pkgsrc/devel/nss/Makefile cvs rdiff -u -r1.23 -r1.24 pkgsrc/devel/nss/PLIST cvs rdiff -u -r1.82 -r1.83 pkgsrc/devel/nss/distinfo ------------------------------------------------------------------- Module Name: pkgsrc Committed By: ryoon Date: Wed Jan 31 14:02:18 UTC 2018 Modified Files: pkgsrc/www/firefox: Makefile distinfo Added Files: pkgsrc/www/firefox/patches: patch-xpcom_build_BinaryPath.h Log Message: Update to 58.0.1 * Fix build under netbsd-7, PR pkg/52956 Changelog: Fix Mozilla Foundation Security Advisory 2018-05: Arbitrary code execution through unsanitized browser UI When using certain non-default security policies on Windows (for example with Windows Defender Exploit Protection or Webroot security products), Firefox 58.0 would fail to load pages (bug 1433065). To generate a diff of this commit: cvs rdiff -u -r1.319 -r1.320 pkgsrc/www/firefox/Makefile cvs rdiff -u -r1.306 -r1.307 pkgsrc/www/firefox/distinfo cvs rdiff -u -r0 -r1.3 \ pkgsrc/www/firefox/patches/patch-xpcom_build_BinaryPath.h ------------------------------------------------------------------- Module Name: pkgsrc Committed By: ryoon Date: Sat Feb 10 07:02:47 UTC 2018 Modified Files: pkgsrc/www/firefox: Makefile distinfo mozilla-common.mk pkgsrc/www/firefox/patches: patch-xpcom_build_BinaryPath.h Log Message: Update to 58.0.2 * Fix segfault on netbsd-7 Changelog: Fix Avoid a signature validation issue during update on macOS Blocklisted graphics drivers related to off main thread painting crashes Tab crash during printing Fix clicking links and scrolling emails on Microsoft Hotmail and Outlook (OWA) webmail To generate a diff of this commit: cvs rdiff -u -r1.320 -r1.321 pkgsrc/www/firefox/Makefile cvs rdiff -u -r1.307 -r1.308 pkgsrc/www/firefox/distinfo cvs rdiff -u -r1.104 -r1.105 pkgsrc/www/firefox/mozilla-common.mk cvs rdiff -u -r1.3 -r1.4 \ pkgsrc/www/firefox/patches/patch-xpcom_build_BinaryPath.h ------------------------------------------------------------------- Module Name: pkgsrc Committed By: ryoon Date: Sat Mar 17 00:59:03 UTC 2018 Modified Files: pkgsrc/www/firefox: Makefile PLIST distinfo mozilla-common.mk pkgsrc/www/firefox/patches: patch-aa patch-build_gyp.mozbuild patch-config_external_moz.build patch-dom_media_moz.build patch-gfx_skia_generate__mozbuild.py patch-gfx_skia_moz.build patch-gfx_thebes_moz.build patch-media_libcubeb_gtest_moz.build patch-media_libtheora_moz.build patch-media_libvorbis_moz.build patch-modules_pdfium_update.sh patch-netwerk_dns_moz.build patch-toolkit_moz.configure Added Files: pkgsrc/www/firefox/patches: patch-build_moz.configure_keyfiles.configure patch-media_webrtc_trunk_webrtc_modules_audio__device_linux_audio__device__alsa__linux.cc patch-modules_libpref_init_all.js patch-third__party_rust_simd_.cargo-checksum.json patch-third__party_rust_simd_src_x86_avx2.rs Removed Files: pkgsrc/www/firefox/patches: patch-build_moz.configure_memory.configure patch-config_baseconfig.mk patch-netwerk_srtp_src_crypto_hash_hmac.c patch-netwerk_srtp_src_crypto_kernel_crypto__kernel.c patch-servo_components_style_properties_helpers_animated__properties.mako.rs patch-toolkit_crashreporter_google-breakpad_src_third_party_curl_curlbuild.h patch-toolkit_xre_nsEmbedFunctions.cpp Log Message: Update to 59.0.1 Changelog: 59.0.1 Security fix #CVE-2018-5146: Out of bounds memory write in libvorbis 59.0 New Performance enhancements: - Faster load times for content on the Firefox Home page - Faster page load times by loading either from the networked cache or the cache on the user's hard drive (Race Cache With Network) - Improved graphics rendering using Off-Main-Thread Painting (OMTP) for Mac users (OMTP for Windows was released in Firefox 58) Drag-and-drop to rearrange Top Sites on the Firefox Home page, and customize new windows and tabs in other ways Added features for Firefox Screenshots: - Basic annotation lets the user draw on and highlight saved screenshots - Recropping to change the viewable area of saved screenshots Enhanced WebExtensions API including better support for decentralized protocols and the ability to dynamically register content scripts Improved Real-Time Communications (RTC) capabilities. - Implemented RTP Transceiver to give pages more fine grained control over calls - Implemented features to support large scale conferences Added support for W3C specs for pointer events and improved platform integration with added device support for mouse, pen, and touch screen pointer input Added the Ecosia search engine as an option for German Firefox Added the Qwant search engine as an option for French Firefox Added settings in about:preferences to stop websites from asking to send notifications or access your device's camera, microphone, and location, while still allowing trusted websites to use these features Fixed Various security fixes Changed Firefox Private Browsing Mode will remove path information from referrers to prevent cross-site tracking Security fixes: #CVE-2018-5127: Buffer overflow manipulating SVG animatedPathSegList #CVE-2018-5128: Use-after-free manipulating editor selection ranges #CVE-2018-5129: Out-of-bounds write with malformed IPC messages #CVE-2018-5130: Mismatched RTP payload type can trigger memory corruption #CVE-2018-5131: Fetch API improperly returns cached copies of no-store/no-cache resources #CVE-2018-5132: WebExtension Find API can search privileged pages #CVE-2018-5133: Value of the app.support.baseURL preference is not properly sanitized #CVE-2018-5134: WebExtensions may use view-source: URLs to bypass content restrictions #CVE-2018-5135: WebExtension browserAction can inject scripts into unintended contexts #CVE-2018-5136: Same-origin policy violation with data: URL shared workers #CVE-2018-5137: Script content can access legacy extension non-contentaccessible resources #CVE-2018-5138: Android Custom Tab address spoofing through long domain names #CVE-2018-5140: Moz-icon images accessible to web content through moz-icon: protocol #CVE-2018-5141: DOS attack through notifications Push API #CVE-2018-5142: Media Capture and Streams API permissions display incorrect origin with data: and blob: URLs #CVE-2018-5143: Self-XSS pasting javascript: URL with embedded tab into addressbar #CVE-2018-5126: Memory safety bugs fixed in Firefox 59 #CVE-2018-5125: Memory safety bugs fixed in Firefox 59 and Firefox ESR 52.7 To generate a diff of this commit: cvs rdiff -u -r1.323 -r1.324 pkgsrc/www/firefox/Makefile cvs rdiff -u -r1.126 -r1.127 pkgsrc/www/firefox/PLIST cvs rdiff -u -r1.308 -r1.309 pkgsrc/www/firefox/distinfo cvs rdiff -u -r1.105 -r1.106 pkgsrc/www/firefox/mozilla-common.mk cvs rdiff -u -r1.55 -r1.56 pkgsrc/www/firefox/patches/patch-aa cvs rdiff -u -r1.7 -r1.8 pkgsrc/www/firefox/patches/patch-build_gyp.mozbuild \ pkgsrc/www/firefox/patches/patch-gfx_skia_generate__mozbuild.py \ pkgsrc/www/firefox/patches/patch-media_libtheora_moz.build \ pkgsrc/www/firefox/patches/patch-netwerk_dns_moz.build cvs rdiff -u -r0 -r1.5 \ pkgsrc/www/firefox/patches/patch-build_moz.configure_keyfiles.configure cvs rdiff -u -r1.2 -r0 \ pkgsrc/www/firefox/patches/patch-build_moz.configure_memory.configure \ pkgsrc/www/firefox/patches/patch-toolkit_crashreporter_google-breakpad_src_third_party_curl_curlbuild.h cvs rdiff -u -r1.10 -r0 pkgsrc/www/firefox/patches/patch-config_baseconfig.mk cvs rdiff -u -r1.16 -r1.17 \ pkgsrc/www/firefox/patches/patch-config_external_moz.build cvs rdiff -u -r1.8 -r1.9 pkgsrc/www/firefox/patches/patch-dom_media_moz.build \ pkgsrc/www/firefox/patches/patch-gfx_thebes_moz.build cvs rdiff -u -r1.14 -r1.15 \ pkgsrc/www/firefox/patches/patch-gfx_skia_moz.build cvs rdiff -u -r1.1 -r1.2 \ pkgsrc/www/firefox/patches/patch-media_libcubeb_gtest_moz.build \ pkgsrc/www/firefox/patches/patch-modules_pdfium_update.sh cvs rdiff -u -r1.3 -r1.4 \ pkgsrc/www/firefox/patches/patch-media_libvorbis_moz.build cvs rdiff -u -r0 -r1.1 \ pkgsrc/www/firefox/patches/patch-media_webrtc_trunk_webrtc_modules_audio__device_linux_audio__device__alsa__linux.cc \ pkgsrc/www/firefox/patches/patch-third__party_rust_simd_.cargo-checksum.json \ pkgsrc/www/firefox/patches/patch-third__party_rust_simd_src_x86_avx2.rs cvs rdiff -u -r0 -r1.7 \ pkgsrc/www/firefox/patches/patch-modules_libpref_init_all.js cvs rdiff -u -r1.4 -r0 \ pkgsrc/www/firefox/patches/patch-netwerk_srtp_src_crypto_hash_hmac.c cvs rdiff -u -r1.3 -r0 \ pkgsrc/www/firefox/patches/patch-netwerk_srtp_src_crypto_kernel_crypto__kernel.c cvs rdiff -u -r1.1 -r0 \ pkgsrc/www/firefox/patches/patch-servo_components_style_properties_helpers_animated__properties.mako.rs cvs rdiff -u -r1.9 -r1.10 \ pkgsrc/www/firefox/patches/patch-toolkit_moz.configure cvs rdiff -u -r1.7 -r0 \ pkgsrc/www/firefox/patches/patch-toolkit_xre_nsEmbedFunctions.cpp ------------------------------------------------------------------- Module Name: pkgsrc Committed By: ryoon Date: Wed Jan 31 14:03:25 UTC 2018 Modified Files: pkgsrc/www/firefox-l10n: Makefile distinfo Log Message: Update to 58.0.1 * Sync with www/firefox-58.0.1 To generate a diff of this commit: cvs rdiff -u -r1.120 -r1.121 pkgsrc/www/firefox-l10n/Makefile cvs rdiff -u -r1.110 -r1.111 pkgsrc/www/firefox-l10n/distinfo ------------------------------------------------------------------- Module Name: pkgsrc Committed By: ryoon Date: Sat Feb 10 07:05:20 UTC 2018 Modified Files: pkgsrc/www/firefox-l10n: Makefile distinfo Log Message: Update to 58.0.2 * Sync with www/firefox-58.0.2 To generate a diff of this commit: cvs rdiff -u -r1.121 -r1.122 pkgsrc/www/firefox-l10n/Makefile cvs rdiff -u -r1.111 -r1.112 pkgsrc/www/firefox-l10n/distinfo ------------------------------------------------------------------- Module Name: pkgsrc Committed By: ryoon Date: Sat Mar 17 01:00:20 UTC 2018 Modified Files: pkgsrc/www/firefox-l10n: Makefile distinfo Log Message: Update to 59.0.1 * Sync with www/firefox-59.0.1 To generate a diff of this commit: cvs rdiff -u -r1.122 -r1.123 pkgsrc/www/firefox-l10n/Makefile cvs rdiff -u -r1.112 -r1.113 pkgsrc/www/firefox-l10n/distinfo 2018-03-21T21:56:28Z spz spz@pkgsrc.org 2018-03-21T21:56:28Z urn:sha1:221c61fee32a5c6303c970a97d905b83919bb398 www/firefox52-l10n: security update www/firefox52: security update Revisions pulled up: - www/firefox52-l10n/Makefile 1.9 - www/firefox52-l10n/PLIST 1.3 - www/firefox52-l10n/distinfo 1.9 - www/firefox52/Makefile 1.19 - www/firefox52/distinfo 1.12 - www/firefox52/patches/patch-CVE-2018-5147 1.1 ------------------------------------------------------------------- Module Name: pkgsrc Committed By: maya Date: Sat Mar 17 00:23:15 UTC 2018 Modified Files: pkgsrc/www/firefox52: Makefile distinfo Added Files: pkgsrc/www/firefox52/patches: patch-CVE-2018-5147 Log Message: firefox52: provide a patch for tremor as well (ARM-specific) upstream commit: https://hg.mozilla.org/releases/mozilla-esr52/rev/5cd5586a2f48 PKGREVISION++ To generate a diff of this commit: cvs rdiff -u -r1.18 -r1.19 pkgsrc/www/firefox52/Makefile cvs rdiff -u -r1.11 -r1.12 pkgsrc/www/firefox52/distinfo cvs rdiff -u -r0 -r1.1 pkgsrc/www/firefox52/patches/patch-CVE-2018-5147 ------------------------------------------------------------------- Module Name: pkgsrc Committed By: ryoon Date: Sat Mar 17 01:01:49 UTC 2018 Modified Files: pkgsrc/www/firefox52-l10n: Makefile PLIST distinfo Log Message: Update to 57.0.2 * Sync with www/firefo52-52.7.2 To generate a diff of this commit: cvs rdiff -u -r1.8 -r1.9 pkgsrc/www/firefox52-l10n/Makefile \ pkgsrc/www/firefox52-l10n/distinfo cvs rdiff -u -r1.2 -r1.3 pkgsrc/www/firefox52-l10n/PLIST 2018-03-21T20:49:56Z spz spz@pkgsrc.org 2018-03-21T20:49:56Z urn:sha1:e77c153fac4380bbb465aefe0cd0b6893d376868 www/seamonkey-l10n: security patch www/seamonkey: security patch Revisions pulled up: - www/seamonkey-l10n/Makefile 1.42 - www/seamonkey-l10n/distinfo 1.40 - www/seamonkey/Makefile 1.170,1.172-1.173 - www/seamonkey/PLIST 1.60 - www/seamonkey/distinfo 1.148-1.150 - www/seamonkey/patches/patch-CVE-2018-5146 1.1 - www/seamonkey/patches/patch-CVE-2018-5147 1.1 ------------------------------------------------------------------- Module Name: pkgsrc Committed By: ryoon Date: Sat Mar 3 22:14:41 UTC 2018 Modified Files: pkgsrc/www/seamonkey: Makefile PLIST distinfo Log Message: Update to 2.49.2 Changelog: * Based on Firefox 52.6 and Thunderbird 52.6 To generate a diff of this commit: cvs rdiff -u -r1.169 -r1.170 pkgsrc/www/seamonkey/Makefile cvs rdiff -u -r1.59 -r1.60 pkgsrc/www/seamonkey/PLIST cvs rdiff -u -r1.147 -r1.148 pkgsrc/www/seamonkey/distinfo ------------------------------------------------------------------- Module Name: pkgsrc Committed By: ryoon Date: Sat Mar 3 22:15:36 UTC 2018 Modified Files: pkgsrc/www/seamonkey-l10n: Makefile distinfo Log Message: Update to 2.49.2 Sync with www/seamonkey-2.49.2 To generate a diff of this commit: cvs rdiff -u -r1.41 -r1.42 pkgsrc/www/seamonkey-l10n/Makefile cvs rdiff -u -r1.39 -r1.40 pkgsrc/www/seamonkey-l10n/distinfo ------------------------------------------------------------------- Module Name: pkgsrc Committed By: maya Date: Fri Mar 16 23:25:56 UTC 2018 Modified Files: pkgsrc/www/seamonkey: Makefile distinfo Added Files: pkgsrc/www/seamonkey/patches: patch-CVE-2018-5146 Log Message: seamonkey: apply patch from firefox52 to fix CVE-2018-5146 remote code execution via ogg files. Note firefox52 nor this patches tremor, so the vulnerability still exists for ARM (which uses tremor rather than vorbis). Blind commit. I don't have the resources to build so many firefoxes. However it is based off firefox52. PKGREVISION++ To generate a diff of this commit: cvs rdiff -u -r1.171 -r1.172 pkgsrc/www/seamonkey/Makefile cvs rdiff -u -r1.148 -r1.149 pkgsrc/www/seamonkey/distinfo cvs rdiff -u -r0 -r1.1 pkgsrc/www/seamonkey/patches/patch-CVE-2018-5146 ------------------------------------------------------------------- Module Name: pkgsrc Committed By: maya Date: Sat Mar 17 00:06:17 UTC 2018 Modified Files: pkgsrc/www/seamonkey: Makefile distinfo Added Files: pkgsrc/www/seamonkey/patches: patch-CVE-2018-5147 Log Message: seamonkey: also provide patch for tremor (i.e. relevant for ARM) vulnerability Also backported upstream after the release: https://hg.mozilla.org/releases/mozilla-esr52/rev/5cd5586a2f48 PKGREVISION++ To generate a diff of this commit: cvs rdiff -u -r1.172 -r1.173 pkgsrc/www/seamonkey/Makefile cvs rdiff -u -r1.149 -r1.150 pkgsrc/www/seamonkey/distinfo cvs rdiff -u -r0 -r1.1 pkgsrc/www/seamonkey/patches/patch-CVE-2018-5147 2018-03-17T23:33:53Z spz spz@pkgsrc.org 2018-03-17T23:33:53Z urn:sha1:1fff2570c300410673c2c9f9f874438e5a99a4df www/firefox52: security update Revisions pulled up: - www/firefox52/Makefile 1.18 - www/firefox52/PLIST 1.5 - www/firefox52/distinfo 1.11 ------------------------------------------------------------------- Module Name: pkgsrc Committed By: maya Date: Fri Mar 16 22:53:19 UTC 2018 Modified Files: pkgsrc/www/firefox52: Makefile PLIST distinfo Log Message: firefox52: update to 52.7.2esr Fixes multiple memory safety bugs remote code execution via vendored libvorbis/tremor. https://www.mozilla.org/en-US/security/advisories/mfsa2018-08/ To generate a diff of this commit: cvs rdiff -u -r1.17 -r1.18 pkgsrc/www/firefox52/Makefile cvs rdiff -u -r1.4 -r1.5 pkgsrc/www/firefox52/PLIST cvs rdiff -u -r1.10 -r1.11 pkgsrc/www/firefox52/distinfo 2018-03-16T21:16:19Z spz spz@pkgsrc.org 2018-03-16T21:16:19Z urn:sha1:4f5393f1d230acfba320fc0242edac851f1bcae1 www/curl: security update Revisions pulled up: - www/curl/Makefile 1.194 - www/curl/PLIST 1.68 - www/curl/distinfo 1.142 ------------------------------------------------------------------- Module Name: pkgsrc Committed By: wiz Date: Wed Mar 14 07:44:24 UTC 2018 Modified Files: pkgsrc/www/curl: Makefile PLIST distinfo Log Message: curl: update to 7.59.0. Curl and libcurl 7.59.0 This release includes the following changes: o curl: add --proxy-pinnedpubkey [10] o added: CURLOPT_TIMEVALUE_LARGE and CURLINFO_FILETIME_T [13] o CURLOPT_RESOLVE: Add support for multiple IP addresses per entry [37] o Add option CURLOPT_HAPPY_EYEBALLS_TIMEOUT_MS [37] o Add new tool option --happy-eyeballs-timeout-ms [37] o Add CURLOPT_RESOLVER_START_FUNCTION and CURLOPT_RESOLVER_START_DATA [39] This release includes the following bugfixes: o openldap: check ldap_get_attribute_ber() results for NULL before using [50] o FTP: reject path components with control codes [51] o readwrite: make sure excess reads don't go beyond buffer end [52] o lib555: drop text conversion and encode data as ascii codes [1] o lib517: make variable static to avoid compiler warning o lib544: sync ascii code data with textual data [1] o GSKit: restore pinnedpubkey functionality [2] o darwinssl: Don't import client certificates into Keychain on macOS [3] o parsedate: fix date parsing for systems with 32 bit long [4] o openssl: fix pinned public key build error in FIPS mode [5] o SChannel/WinSSL: Implement public key pinning [6] o cookies: remove verbose "cookie size:" output o progress-bar: don't use stderr explicitly, use bar->out [7] o Fixes for MSDOS o build: open VC15 projects with VS 2017 o curl_ctype: private is*() type macros and functions [8] o configure: set PATH_SEPARATOR to colon for PATH w/o separator [9] o winbuild: make linker generate proper PDB [11] o curl_easy_reset: clear digest auth state [12] o curl/curl.h: fix comment typo for CURLOPT_DNS_LOCAL_IP6 [14] o range: commonize FTP and FILE range handling [15] o progress-bar docs: update to match implementation [16] o fnmatch: do not match the empty string with a character set o fnmatch: accept an alphanum to be followed by a non-alphanum in char set [17] o build: fix termios issue on android cross-compile [18] o getdate: return -1 for out of range [19] o formdata: use the mime-content type function [20] o time-cond: fix reading the file modification time on Windows [21] o build-openssl.bat: Extend VC15 support to include Enterprise and Professional o build-wolfssl.bat: Extend VC15 support to include Enterprise and Professional o openssl: Don't add verify locations when verifypeer=0 o fnmatch: optimize processing of consecutive *s and ?s pattern characters [22] o schannel: fix compiler warnings [23] o content_encoding: Add "none" alias to "identity" [24] o get_posix_time: only check for overflows if they can happen o http_chunks: don't write chunks twice with CURLOPT_HTTP_TRANSFER_DECODING [25] o README: language fix [26] o sha256: build with OpenSSL < 0.9.8 [27] o smtp: fix processing of initial dot in data [28] o --tlsauthtype: works only if libcurl is built with TLS-SRP support [29] o tests: new tests for http raw mode [30] o libcurl-security.3: man page discussion security concerns when using libcurl o curl_gssapi: make sure this file too uses our *printf() o BINDINGS: fix curb link (and remove ruby-curl-multi) o nss: use PK11_CreateManagedGenericObject() if available [31] o travis: add build with iconv enabled [32] o ssh: add two missing state names [33] o CURLOPT_HEADERFUNCTION.3: mention folded headers o http: fix the max header length detection logic [34] o header callback: don't chop headers into smaller pieces [35] o CURLOPT_HEADER.3: clarify problems with different data sizes o curl --version: show PSL if the run-time lib has it enabled o examples/sftpuploadresume: resume upload via CURLOPT_APPEND [36] o Return error if called recursively from within callbacks [38] o sasl: prefer PLAIN mechanism over LOGIN o winbuild: Use CALL to run batch scripts [40] o curl_share_setopt.3: connection cache is shared within multi handles o winbuild: Use macros for the names of some build utilities [41] o projects/README: remove reference to dead IDN link/package [42] o lib655: silence compiler warning [43] o configure: Fix version check for OpenSSL 1.1.1 o docs/MANUAL: formfind.pl is not accessible on the site anymore [44] o unit1309: fix warning on Windows x64 [45] o unit1307: proper cleanup on OOM to fix torture tests o curl_ctype: fix macro redefinition warnings o build: get CFLAGS (including -werror) used for examples and tests [46] o NO_PROXY: fix for IPv6 numericals in the URL [47] o krb5: use nondeprecated functions [48] o winbuild: prefer documented zlib library names [49] o http2: mark the connection for close on GOAWAY [53] o limit-rate: kick in even before "limit" data has been received [54] o HTTP: allow "header;" to replace an internal header with a blank one [55] o http2: verbose output new MAX_CONCURRENT_STREAMS values o SECURITY: distros' max embargo time is 14 days o curl tool: accept --compressed also if Brotli is enabled and zlib is not o WolfSSL: adding TLSv1.3 [56] o checksrc.pl: add -i and -m options o CURLOPT_COOKIEFILE.3: "-" as file name means stdin To generate a diff of this commit: cvs rdiff -u -r1.193 -r1.194 pkgsrc/www/curl/Makefile cvs rdiff -u -r1.67 -r1.68 pkgsrc/www/curl/PLIST cvs rdiff -u -r1.141 -r1.142 pkgsrc/www/curl/distinfo 2018-03-09T07:17:29Z spz spz@pkgsrc.org 2018-03-09T07:17:29Z urn:sha1:0e76fdd97249c59f1c20b8d6a7997f9a36afa0e7 www/firefox: security update www/firefox-l10n: dependent update NOTE: firefox-58 needs rust and rust in pkgsrc-2017Q4 needs /proc Revisions pulled up: - www/firefox-l10n/Makefile 1.117-1.120 - www/firefox-l10n/PLIST 1.58-1.59 - www/firefox-l10n/distinfo 1.108-1.110 - www/firefox/Makefile 1.316-1.318 - www/firefox/PLIST 1.126 - www/firefox/distinfo 1.304-1.306 - www/firefox/mozilla-common.mk 1.103-1.104 - www/firefox/patches/patch-aa 1.55 - www/firefox/patches/patch-build_moz.configure_keyfiles.configure deleted - www/firefox/patches/patch-config_Makefile.in deleted - www/firefox/patches/patch-config_system-headers deleted - www/firefox/patches/patch-config_system-headers.mozbuild 1.1 - www/firefox/patches/patch-dom_media_flac_FlacDecoder.cpp 1.1 - www/firefox/patches/patch-dom_media_moz.build 1.8 - www/firefox/patches/patch-intl_unicharutil_util_moz.build 1.7 - www/firefox/patches/patch-ipc_chromium_src_base_process__util.h deleted - www/firefox/patches/patch-ipc_glue_MessageChannel.cpp 1.1 - www/firefox/patches/patch-js_src_build_moz.build 1.2 - www/firefox/patches/patch-media_libcubeb_src_cubeb__alsa.c 1.26 - www/firefox/patches/patch-media_libsoundtouch_src_cpu__detect__x86.cpp deleted - www/firefox/patches/patch-netwerk_dns_moz.build 1.7 - www/firefox/patches/patch-servo_components_gfx_font.rs deleted - www/firefox/patches/patch-servo_components_net__traits_response.rs deleted - www/firefox/patches/patch-servo_components_net_fetch_cors__cache.rs deleted - www/firefox/patches/patch-servo_components_net_fetch_methods.rs deleted - www/firefox/patches/patch-servo_components_net_websocket__loader.rs deleted - www/firefox/patches/patch-servo_components_script_dom_bindings_str.rs deleted - www/firefox/patches/patch-servo_components_script_dom_blob.rs deleted - www/firefox/patches/patch-servo_components_script_dom_cssstyledeclaration.rs deleted - www/firefox/patches/patch-servo_components_script_dom_document.rs deleted - www/firefox/patches/patch-servo_components_script_dom_element.rs deleted - www/firefox/patches/patch-servo_components_script_dom_htmlelement.rs deleted - www/firefox/patches/patch-servo_components_script_dom_htmllinkelement.rs deleted - www/firefox/patches/patch-servo_components_script_dom_htmlmetaelement.rs deleted - www/firefox/patches/patch-servo_components_script_dom_htmlscriptelement.rs deleted - www/firefox/patches/patch-servo_components_script_dom_macros.rs deleted - www/firefox/patches/patch-servo_components_script_dom_namednodemap.rs deleted - www/firefox/patches/patch-servo_components_script_dom_serviceworkercontainer.rs deleted - www/firefox/patches/patch-servo_components_script_dom_servoparser_async__html.rs deleted - www/firefox/patches/patch-servo_components_script_dom_websocket.rs deleted - www/firefox/patches/patch-servo_components_script_dom_window.rs deleted - www/firefox/patches/patch-servo_components_script_dom_xmlhttprequest.rs deleted - www/firefox/patches/patch-servo_components_selectors_attr.rs deleted - www/firefox/patches/patch-servo_components_selectors_parser.rs deleted - www/firefox/patches/patch-servo_components_style__traits_viewport.rs deleted - www/firefox/patches/patch-servo_components_style_attr.rs deleted - www/firefox/patches/patch-servo_components_style_counter__style_mod.rs deleted - www/firefox/patches/patch-servo_components_style_custom__properties.rs deleted - www/firefox/patches/patch-servo_components_style_gecko__string__cache_mod.rs deleted - www/firefox/patches/patch-servo_components_style_gecko_generated_pseudo__element__definition.rs deleted - www/firefox/patches/patch-servo_components_style_gecko_pseudo__element__definition.mako.rs deleted - www/firefox/patches/patch-servo_components_style_properties_helpers_animated__properties.mako.rs 1.1 - www/firefox/patches/patch-servo_components_style_properties_longhand_font.mako.rs deleted - www/firefox/patches/patch-servo_components_style_properties_longhand_pointing.mako.rs deleted - www/firefox/patches/patch-servo_components_style_servo_selector__parser.rs deleted - www/firefox/patches/patch-servo_components_style_str.rs deleted - www/firefox/patches/patch-servo_components_style_stylesheets_viewport__rule.rs deleted - www/firefox/patches/patch-servo_components_style_values_mod.rs deleted - www/firefox/patches/patch-servo_components_style_values_specified_align.rs deleted - www/firefox/patches/patch-servo_components_style_values_specified_angle.rs deleted - www/firefox/patches/patch-servo_components_style_values_specified_calc.rs deleted - www/firefox/patches/patch-servo_components_style_values_specified_grid.rs deleted - www/firefox/patches/patch-servo_components_style_values_specified_length.rs deleted - www/firefox/patches/patch-servo_components_style_values_specified_mod.rs deleted - www/firefox/patches/patch-servo_components_style_values_specified_percentage.rs deleted - www/firefox/patches/patch-servo_components_style_values_specified_text.rs deleted - www/firefox/patches/patch-servo_components_style_values_specified_time.rs deleted - www/firefox/patches/patch-third__party_python_futures_concurrent_futures_process.py 1.3 - www/firefox/patches/patch-toolkit_components_protobuf_src_google_protobuf_stubs_atomicops.h 1.4 - www/firefox/patches/patch-toolkit_moz.configure 1.9 - www/firefox/patches/patch-toolkit_mozapps_installer_packager.mk 1.1 - www/firefox/patches/patch-xpcom_reflect_xptcall_md_unix_Makefile.in deleted ------------------------------------------------------------------- Module Name: pkgsrc Committed By: ryoon Date: Mon Jan 1 07:02:17 UTC 2018 Modified Files: pkgsrc/www/firefox: Makefile distinfo Log Message: Update to 57.0.3 Changelog: Fixed * Fix a crash reporting issue that inadvertently sends background tab crash reports to Mozilla without user opt-in (bug 1427111) To generate a diff of this commit: cvs rdiff -u -r1.315 -r1.316 pkgsrc/www/firefox/Makefile cvs rdiff -u -r1.303 -r1.304 pkgsrc/www/firefox/distinfo ------------------------------------------------------------------- Module Name: pkgsrc Committed By: ryoon Date: Mon Jan 1 07:03:33 UTC 2018 Modified Files: pkgsrc/www/firefox-l10n: Makefile distinfo Log Message: Update to 57.0.3 * Sync with www/firefox-57.0.3 To generate a diff of this commit: cvs rdiff -u -r1.116 -r1.117 pkgsrc/www/firefox-l10n/Makefile cvs rdiff -u -r1.107 -r1.108 pkgsrc/www/firefox-l10n/distinfo ------------------------------------------------------------------- Module Name: pkgsrc Committed By: ryoon Date: Mon Jan 8 09:37:57 UTC 2018 Modified Files: pkgsrc/www/firefox: Makefile distinfo mozilla-common.mk Added Files: pkgsrc/www/firefox/patches: patch-servo_components_gfx_font.rs patch-servo_components_net__traits_response.rs patch-servo_components_net_fetch_cors__cache.rs patch-servo_components_net_fetch_methods.rs patch-servo_components_net_websocket__loader.rs patch-servo_components_script_dom_bindings_str.rs patch-servo_components_script_dom_blob.rs patch-servo_components_script_dom_cssstyledeclaration.rs patch-servo_components_script_dom_document.rs patch-servo_components_script_dom_element.rs patch-servo_components_script_dom_htmlelement.rs patch-servo_components_script_dom_htmllinkelement.rs patch-servo_components_script_dom_htmlmetaelement.rs patch-servo_components_script_dom_htmlscriptelement.rs patch-servo_components_script_dom_macros.rs patch-servo_components_script_dom_namednodemap.rs patch-servo_components_script_dom_serviceworkercontainer.rs patch-servo_components_script_dom_servoparser_async__html.rs patch-servo_components_script_dom_websocket.rs patch-servo_components_script_dom_window.rs patch-servo_components_script_dom_xmlhttprequest.rs patch-servo_components_selectors_attr.rs patch-servo_components_selectors_parser.rs patch-servo_components_style__traits_viewport.rs patch-servo_components_style_attr.rs patch-servo_components_style_counter__style_mod.rs patch-servo_components_style_custom__properties.rs patch-servo_components_style_gecko__string__cache_mod.rs patch-servo_components_style_gecko_generated_pseudo__element__definition.rs patch-servo_components_style_gecko_pseudo__element__definition.mako.rs patch-servo_components_style_properties_longhand_font.mako.rs patch-servo_components_style_properties_longhand_pointing.mako.rs patch-servo_components_style_servo_selector__parser.rs patch-servo_components_style_str.rs patch-servo_components_style_stylesheets_viewport__rule.rs patch-servo_components_style_values_mod.rs patch-servo_components_style_values_specified_align.rs patch-servo_components_style_values_specified_angle.rs patch-servo_components_style_values_specified_calc.rs patch-servo_components_style_values_specified_grid.rs patch-servo_components_style_values_specified_length.rs patch-servo_components_style_values_specified_mod.rs patch-servo_components_style_values_specified_percentage.rs patch-servo_components_style_values_specified_text.rs patch-servo_components_style_values_specified_time.rs Log Message: Update to 57.0.4 * Use lang/rust-1.23.0 Changelog: Speculative execution side-channel attack ("Spectre") Announced January 4, 2018 Reporter Jann Horn (Google Project Zero); Microsoft Vunerability Research Impact High Products Firefox Fixed in Firefox 57.0.4 Description Jann Horn of Google Project Zero Security reported that speculative execution performed by modern CPUs could leak information through a timing side-channel attack. Microsoft Vulnerability Research extended this attack to browser JavaScript engines and demonstrated that code on a malicious web page could read data from other web sites (violating the same-origin policy) or private data from the browser itself. Since this new class of attacks involves measuring precise time intervals, as a partial, short-term, mitigation we are disabling or reducing the precision of several time sources in Firefox. The precision of performance.now() has been reduced from 5us to 20us, and the SharedArrayBuffer feature has been disabled because it can be used to construct a high-resolution timer. SharedArrayBuffer is already disabled in Firefox 52 ESR. To generate a diff of this commit: cvs rdiff -u -r1.316 -r1.317 pkgsrc/www/firefox/Makefile cvs rdiff -u -r1.304 -r1.305 pkgsrc/www/firefox/distinfo cvs rdiff -u -r1.102 -r1.103 pkgsrc/www/firefox/mozilla-common.mk cvs rdiff -u -r0 -r1.1 \ pkgsrc/www/firefox/patches/patch-servo_components_gfx_font.rs \ pkgsrc/www/firefox/patches/patch-servo_components_net__traits_response.rs \ pkgsrc/www/firefox/patches/patch-servo_components_net_fetch_cors__cache.rs \ pkgsrc/www/firefox/patches/patch-servo_components_net_fetch_methods.rs \ pkgsrc/www/firefox/patches/patch-servo_components_net_websocket__loader.rs \ pkgsrc/www/firefox/patches/patch-servo_components_script_dom_bindings_str.rs \ pkgsrc/www/firefox/patches/patch-servo_components_script_dom_blob.rs \ pkgsrc/www/firefox/patches/patch-servo_components_script_dom_element.rs \ pkgsrc/www/firefox/patches/patch-servo_components_script_dom_htmlelement.rs \ pkgsrc/www/firefox/patches/patch-servo_components_script_dom_htmllinkelement.rs \ pkgsrc/www/firefox/patches/patch-servo_components_script_dom_htmlmetaelement.rs \ pkgsrc/www/firefox/patches/patch-servo_components_script_dom_htmlscriptelement.rs \ pkgsrc/www/firefox/patches/patch-servo_components_script_dom_macros.rs \ pkgsrc/www/firefox/patches/patch-servo_components_script_dom_namednodemap.rs \ pkgsrc/www/firefox/patches/patch-servo_components_script_dom_serviceworkercontainer.rs \ pkgsrc/www/firefox/patches/patch-servo_components_script_dom_websocket.rs \ pkgsrc/www/firefox/patches/patch-servo_components_script_dom_window.rs \ pkgsrc/www/firefox/patches/patch-servo_components_selectors_attr.rs \ pkgsrc/www/firefox/patches/patch-servo_components_style__traits_viewport.rs \ pkgsrc/www/firefox/patches/patch-servo_components_style_attr.rs \ pkgsrc/www/firefox/patches/patch-servo_components_style_counter__style_mod.rs \ pkgsrc/www/firefox/patches/patch-servo_components_style_custom__properties.rs \ pkgsrc/www/firefox/patches/patch-servo_components_style_gecko__string__cache_mod.rs \ pkgsrc/www/firefox/patches/patch-servo_components_style_gecko_generated_pseudo__element__definition.rs \ pkgsrc/www/firefox/patches/patch-servo_components_style_gecko_pseudo__element__definition.mako.rs \ pkgsrc/www/firefox/patches/patch-servo_components_style_properties_longhand_font.mako.rs \ pkgsrc/www/firefox/patches/patch-servo_components_style_properties_longhand_pointing.mako.rs \ pkgsrc/www/firefox/patches/patch-servo_components_style_servo_selector__parser.rs \ pkgsrc/www/firefox/patches/patch-servo_components_style_str.rs \ pkgsrc/www/firefox/patches/patch-servo_components_style_stylesheets_viewport__rule.rs \ pkgsrc/www/firefox/patches/patch-servo_components_style_values_mod.rs \ pkgsrc/www/firefox/patches/patch-servo_components_style_values_specified_align.rs \ pkgsrc/www/firefox/patches/patch-servo_components_style_values_specified_angle.rs \ pkgsrc/www/firefox/patches/patch-servo_components_style_values_specified_calc.rs \ pkgsrc/www/firefox/patches/patch-servo_components_style_values_specified_grid.rs \ pkgsrc/www/firefox/patches/patch-servo_components_style_values_specified_length.rs \ pkgsrc/www/firefox/patches/patch-servo_components_style_values_specified_mod.rs \ pkgsrc/www/firefox/patches/patch-servo_components_style_values_specified_percentage.rs \ pkgsrc/www/firefox/patches/patch-servo_components_style_values_specified_text.rs \ pkgsrc/www/firefox/patches/patch-servo_components_style_values_specified_time.rs cvs rdiff -u -r0 -r1.3 \ pkgsrc/www/firefox/patches/patch-servo_components_script_dom_cssstyledeclaration.rs \ pkgsrc/www/firefox/patches/patch-servo_components_script_dom_document.rs \ pkgsrc/www/firefox/patches/patch-servo_components_script_dom_servoparser_async__html.rs \ pkgsrc/www/firefox/patches/patch-servo_components_script_dom_xmlhttprequest.rs \ pkgsrc/www/firefox/patches/patch-servo_components_selectors_parser.rs ------------------------------------------------------------------- Module Name: pkgsrc Committed By: ryoon Date: Sun Jan 21 01:29:28 UTC 2018 Modified Files: pkgsrc/www/firefox-l10n: Makefile distinfo Log Message: Update to 57.0.4 * Sync with www/firefox-57.0.4 To generate a diff of this commit: cvs rdiff -u -r1.117 -r1.118 pkgsrc/www/firefox-l10n/Makefile cvs rdiff -u -r1.108 -r1.109 pkgsrc/www/firefox-l10n/distinfo ------------------------------------------------------------------- Module Name: pkgsrc Committed By: ryoon Date: Wed Jan 24 16:52:08 UTC 2018 Modified Files: pkgsrc/www/firefox: Makefile PLIST distinfo mozilla-common.mk pkgsrc/www/firefox/patches: patch-aa patch-dom_media_moz.build patch-intl_unicharutil_util_moz.build patch-js_src_build_moz.build patch-media_libcubeb_src_cubeb__alsa.c patch-netwerk_dns_moz.build patch-toolkit_components_protobuf_src_google_protobuf_stubs_atomicops.h patch-toolkit_moz.configure Added Files: pkgsrc/www/firefox/patches: patch-config_system-headers.mozbuild patch-dom_media_flac_FlacDecoder.cpp patch-ipc_glue_MessageChannel.cpp patch-servo_components_style_properties_helpers_animated__properties.mako.rs patch-third__party_python_futures_concurrent_futures_process.py patch-toolkit_mozapps_installer_packager.mk Removed Files: pkgsrc/www/firefox/patches: patch-build_moz.configure_keyfiles.configure patch-config_Makefile.in patch-config_system-headers patch-ipc_chromium_src_base_process__util.h patch-media_libsoundtouch_src_cpu__detect__x86.cpp patch-servo_components_gfx_font.rs patch-servo_components_net__traits_response.rs patch-servo_components_net_fetch_cors__cache.rs patch-servo_components_net_fetch_methods.rs patch-servo_components_net_websocket__loader.rs patch-servo_components_script_dom_bindings_str.rs patch-servo_components_script_dom_blob.rs patch-servo_components_script_dom_cssstyledeclaration.rs patch-servo_components_script_dom_document.rs patch-servo_components_script_dom_element.rs patch-servo_components_script_dom_htmlelement.rs patch-servo_components_script_dom_htmllinkelement.rs patch-servo_components_script_dom_htmlmetaelement.rs patch-servo_components_script_dom_htmlscriptelement.rs patch-servo_components_script_dom_macros.rs patch-servo_components_script_dom_namednodemap.rs patch-servo_components_script_dom_serviceworkercontainer.rs patch-servo_components_script_dom_servoparser_async__html.rs patch-servo_components_script_dom_websocket.rs patch-servo_components_script_dom_window.rs patch-servo_components_script_dom_xmlhttprequest.rs patch-servo_components_selectors_attr.rs patch-servo_components_selectors_parser.rs patch-servo_components_style__traits_viewport.rs patch-servo_components_style_attr.rs patch-servo_components_style_counter__style_mod.rs patch-servo_components_style_custom__properties.rs patch-servo_components_style_gecko__string__cache_mod.rs patch-servo_components_style_gecko_generated_pseudo__element__definition.rs patch-servo_components_style_gecko_pseudo__element__definition.mako.rs patch-servo_components_style_properties_longhand_font.mako.rs patch-servo_components_style_properties_longhand_pointing.mako.rs patch-servo_components_style_servo_selector__parser.rs patch-servo_components_style_str.rs patch-servo_components_style_stylesheets_viewport__rule.rs patch-servo_components_style_values_mod.rs patch-servo_components_style_values_specified_align.rs patch-servo_components_style_values_specified_angle.rs patch-servo_components_style_values_specified_calc.rs patch-servo_components_style_values_specified_grid.rs patch-servo_components_style_values_specified_length.rs patch-servo_components_style_values_specified_mod.rs patch-servo_components_style_values_specified_percentage.rs patch-servo_components_style_values_specified_text.rs patch-servo_components_style_values_specified_time.rs patch-xpcom_reflect_xptcall_md_unix_Makefile.in Log Message: Update to 58.0 Changelog: New Performance improvements, including: Rendering graphics for Windows users by using Off-Main-Threa Painting (OMTP) Loading pages faster by changing how Firefox caches and retrieves JavaScript Improvements to Firefox Screenshots: Copy and paste screenshots directly to your clipboard Firefox Screenshots now works in Private Browsing mode Added Nepali (ne-NP) locale In case you missed it--57 Release privacy and performance feature: Users can enable Tracking Protection at all times. Learn how to turn Tracking Protection on. Fixed Fonts installed in non-standard directories will no longer appear blank for Linux users Various security fixes Changed User profiles created in Firefox 58 (and in future releases) are not supported in previous versions of Firefox. Users who downgrade to a previous version should create a new profile for that version. Learn about alternatives to downgrading on our support site. Added a warning to alert users and site owners of planned security changes to sites affected by the gradual distrust plan for the Symantec certificate authority #CVE-2018-5091: Use-after-free with DTMF timers #CVE-2018-5092: Use-after-free in Web Workers #CVE-2018-5093: Buffer overflow in WebAssembly during Memory/Table resizing #CVE-2018-5094: Buffer overflow in WebAssembly with garbage collection on uninitialized memory #CVE-2018-5095: Integer overflow in Skia library during edge builder allocation #CVE-2018-5097: Use-after-free when source document is manipulated during XSLT #CVE-2018-5098: Use-after-free while manipulating form input elements #CVE-2018-5099: Use-after-free with widget listener #CVE-2018-5100: Use-after-free when IsPotentiallyScrollable arguments are freed from memory #CVE-2018-5101: Use-after-free with floating first-letter style elements #CVE-2018-5102: Use-after-free in HTML media elements #CVE-2018-5103: Use-after-free during mouse event handling #CVE-2018-5104: Use-after-free during font face manipulation #CVE-2018-5105: WebExtensions can save and execute files on local file system without user prompts #CVE-2018-5106: Developer Tools can expose style editor information cross-origin through service worker #CVE-2018-5107: Printing process will follow symlinks for local file access #CVE-2018-5108: Manually entered blob URL can be accessed by subsequent private browsing tabs #CVE-2018-5109: Audio capture prompts and starts with incorrect origin attribution #CVE-2018-5110: Cursor can be made invisible on OS X #CVE-2018-5117: URL spoofing with right-to-left text aligned left-to-right #CVE-2018-5118: Activity Stream images can attempt to load local content through file: #CVE-2018-5119: Reader view will load cross-origin content in violation of CORS headers #CVE-2018-5121: OS X Tibetan characters render incompletely in the addressbar #CVE-2018-5122: Potential integer overflow in DoCrypt #CVE-2018-5090: Memory safety bugs fixed in Firefox 58 #CVE-2018-5089: Memory safety bugs fixed in Firefox 58 and Firefox ESR 52.6 To generate a diff of this commit: cvs rdiff -u -r1.317 -r1.318 pkgsrc/www/firefox/Makefile cvs rdiff -u -r1.125 -r1.126 pkgsrc/www/firefox/PLIST cvs rdiff -u -r1.305 -r1.306 pkgsrc/www/firefox/distinfo cvs rdiff -u -r1.103 -r1.104 pkgsrc/www/firefox/mozilla-common.mk cvs rdiff -u -r1.54 -r1.55 pkgsrc/www/firefox/patches/patch-aa cvs rdiff -u -r1.3 -r0 \ pkgsrc/www/firefox/patches/patch-build_moz.configure_keyfiles.configure \ pkgsrc/www/firefox/patches/patch-servo_components_script_dom_cssstyledeclaration.rs \ pkgsrc/www/firefox/patches/patch-servo_components_script_dom_document.rs \ pkgsrc/www/firefox/patches/patch-servo_components_script_dom_servoparser_async__html.rs \ pkgsrc/www/firefox/patches/patch-servo_components_script_dom_xmlhttprequest.rs \ pkgsrc/www/firefox/patches/patch-servo_components_selectors_parser.rs \ pkgsrc/www/firefox/patches/patch-xpcom_reflect_xptcall_md_unix_Makefile.in cvs rdiff -u -r1.11 -r0 pkgsrc/www/firefox/patches/patch-config_Makefile.in cvs rdiff -u -r1.25 -r0 \ pkgsrc/www/firefox/patches/patch-config_system-headers cvs rdiff -u -r0 -r1.1 \ pkgsrc/www/firefox/patches/patch-config_system-headers.mozbuild \ pkgsrc/www/firefox/patches/patch-dom_media_flac_FlacDecoder.cpp \ pkgsrc/www/firefox/patches/patch-ipc_glue_MessageChannel.cpp \ pkgsrc/www/firefox/patches/patch-servo_components_style_properties_helpers_animated__properties.mako.rs \ pkgsrc/www/firefox/patches/patch-toolkit_mozapps_installer_packager.mk cvs rdiff -u -r1.7 -r1.8 pkgsrc/www/firefox/patches/patch-dom_media_moz.build cvs rdiff -u -r1.6 -r1.7 \ pkgsrc/www/firefox/patches/patch-intl_unicharutil_util_moz.build \ pkgsrc/www/firefox/patches/patch-netwerk_dns_moz.build cvs rdiff -u -r1.6 -r0 \ pkgsrc/www/firefox/patches/patch-ipc_chromium_src_base_process__util.h cvs rdiff -u -r1.1 -r1.2 \ pkgsrc/www/firefox/patches/patch-js_src_build_moz.build cvs rdiff -u -r1.25 -r1.26 \ pkgsrc/www/firefox/patches/patch-media_libcubeb_src_cubeb__alsa.c cvs rdiff -u -r1.5 -r0 \ pkgsrc/www/firefox/patches/patch-media_libsoundtouch_src_cpu__detect__x86.cpp cvs rdiff -u -r1.1 -r0 \ pkgsrc/www/firefox/patches/patch-servo_components_gfx_font.rs \ pkgsrc/www/firefox/patches/patch-servo_components_net__traits_response.rs \ pkgsrc/www/firefox/patches/patch-servo_components_net_fetch_cors__cache.rs \ pkgsrc/www/firefox/patches/patch-servo_components_net_fetch_methods.rs \ pkgsrc/www/firefox/patches/patch-servo_components_net_websocket__loader.rs \ pkgsrc/www/firefox/patches/patch-servo_components_script_dom_bindings_str.rs \ pkgsrc/www/firefox/patches/patch-servo_components_script_dom_blob.rs \ pkgsrc/www/firefox/patches/patch-servo_components_script_dom_element.rs \ pkgsrc/www/firefox/patches/patch-servo_components_script_dom_htmlelement.rs \ pkgsrc/www/firefox/patches/patch-servo_components_script_dom_htmllinkelement.rs \ pkgsrc/www/firefox/patches/patch-servo_components_script_dom_htmlmetaelement.rs \ pkgsrc/www/firefox/patches/patch-servo_components_script_dom_htmlscriptelement.rs \ pkgsrc/www/firefox/patches/patch-servo_components_script_dom_macros.rs \ pkgsrc/www/firefox/patches/patch-servo_components_script_dom_namednodemap.rs \ pkgsrc/www/firefox/patches/patch-servo_components_script_dom_serviceworkercontainer.rs \ pkgsrc/www/firefox/patches/patch-servo_components_script_dom_websocket.rs \ pkgsrc/www/firefox/patches/patch-servo_components_script_dom_window.rs \ pkgsrc/www/firefox/patches/patch-servo_components_selectors_attr.rs \ pkgsrc/www/firefox/patches/patch-servo_components_style__traits_viewport.rs \ pkgsrc/www/firefox/patches/patch-servo_components_style_attr.rs \ pkgsrc/www/firefox/patches/patch-servo_components_style_counter__style_mod.rs \ pkgsrc/www/firefox/patches/patch-servo_components_style_custom__properties.rs \ pkgsrc/www/firefox/patches/patch-servo_components_style_gecko__string__cache_mod.rs \ pkgsrc/www/firefox/patches/patch-servo_components_style_gecko_generated_pseudo__element__definition.rs \ pkgsrc/www/firefox/patches/patch-servo_components_style_gecko_pseudo__element__definition.mako.rs \ pkgsrc/www/firefox/patches/patch-servo_components_style_properties_longhand_font.mako.rs \ pkgsrc/www/firefox/patches/patch-servo_components_style_properties_longhand_pointing.mako.rs \ pkgsrc/www/firefox/patches/patch-servo_components_style_servo_selector__parser.rs \ pkgsrc/www/firefox/patches/patch-servo_components_style_str.rs \ pkgsrc/www/firefox/patches/patch-servo_components_style_stylesheets_viewport__rule.rs \ pkgsrc/www/firefox/patches/patch-servo_components_style_values_mod.rs \ pkgsrc/www/firefox/patches/patch-servo_components_style_values_specified_align.rs \ pkgsrc/www/firefox/patches/patch-servo_components_style_values_specified_angle.rs \ pkgsrc/www/firefox/patches/patch-servo_components_style_values_specified_calc.rs \ pkgsrc/www/firefox/patches/patch-servo_components_style_values_specified_grid.rs \ pkgsrc/www/firefox/patches/patch-servo_components_style_values_specified_length.rs \ pkgsrc/www/firefox/patches/patch-servo_components_style_values_specified_mod.rs \ pkgsrc/www/firefox/patches/patch-servo_components_style_values_specified_percentage.rs \ pkgsrc/www/firefox/patches/patch-servo_components_style_values_specified_text.rs \ pkgsrc/www/firefox/patches/patch-servo_components_style_values_specified_time.rs cvs rdiff -u -r0 -r1.3 \ pkgsrc/www/firefox/patches/patch-third__party_python_futures_concurrent_futures_process.py cvs rdiff -u -r1.3 -r1.4 \ pkgsrc/www/firefox/patches/patch-toolkit_components_protobuf_src_google_protobuf_stubs_atomicops.h cvs rdiff -u -r1.8 -r1.9 \ pkgsrc/www/firefox/patches/patch-toolkit_moz.configure ------------------------------------------------------------------- Module Name: pkgsrc Committed By: ryoon Date: Wed Jan 24 16:54:05 UTC 2018 Modified Files: pkgsrc/www/firefox-l10n: Makefile PLIST distinfo Log Message: Update to 58.0 * Sync with www/firefox-58.0 * Add ne-NP locale To generate a diff of this commit: cvs rdiff -u -r1.118 -r1.119 pkgsrc/www/firefox-l10n/Makefile cvs rdiff -u -r1.57 -r1.58 pkgsrc/www/firefox-l10n/PLIST cvs rdiff -u -r1.109 -r1.110 pkgsrc/www/firefox-l10n/distinfo ------------------------------------------------------------------- Module Name: pkgsrc Committed By: ryoon Date: Mon Jan 29 15:22:54 UTC 2018 Modified Files: pkgsrc/www/firefox-l10n: Makefile PLIST Log Message: Previous revison does not work. Install xpi files instead. Bump PKGREVISION To generate a diff of this commit: cvs rdiff -u -r1.119 -r1.120 pkgsrc/www/firefox-l10n/Makefile cvs rdiff -u -r1.58 -r1.59 pkgsrc/www/firefox-l10n/PLIST 2018-03-02T21:23:49Z spz spz@pkgsrc.org 2018-03-02T21:23:49Z urn:sha1:b5889718c3f27797df18448fbec510a2cec7855e www/drupal7: security update Revisions pulled up: - www/drupal7/Makefile 1.47 - www/drupal7/distinfo 1.35 ------------------------------------------------------------------- Module Name: pkgsrc Committed By: wen Date: Tue Feb 27 08:05:07 UTC 2018 Modified Files: pkgsrc/www/drupal7: Makefile distinfo Log Message: Update to 7.57 Upstream changes: drupal 7.57 Posted by David_Rothstein on 21 February 2018 Release notes Maintenance and security release of the Drupal 7 series. This release fixes security vulnerabilities. Sites are urged to upgrade immediately after reading the notes below and the security announcement: Drupal Core - Critical - Multiple Vulnerabilities - SA-CORE-2018-001 No other fixes are included. To generate a diff of this commit: cvs rdiff -u -r1.46 -r1.47 pkgsrc/www/drupal7/Makefile cvs rdiff -u -r1.34 -r1.35 pkgsrc/www/drupal7/distinfo 2018-03-02T21:23:28Z spz spz@pkgsrc.org 2018-03-02T21:23:28Z urn:sha1:578b808b049c3f2d0395f5a678bdd4ed040f865d www/drupal8: security update Revisions pulled up: - www/drupal8/Makefile 1.2-1.3 - www/drupal8/PLIST 1.2-1.3 - www/drupal8/distinfo 1.2-1.3 ------------------------------------------------------------------- Module Name: pkgsrc Committed By: wen Date: Fri Feb 2 03:08:39 UTC 2018 Modified Files: pkgsrc/www/drupal8: Makefile PLIST distinfo Log Message: Update to 8.4.4 Upstream changes: The following important issues are resolved in 8.4.4 (in addition to the dozens of other fixes listed at the end of this post): [PHP 7.2] count() parameter must be an array or an object that implements Countable. Drupal 8.4.4 still has one remaining critical bug on PHP 7.2 which will be fixed by Drupal 8.5.0, to be released March 7 2018. Concurrently editing two translations of a node may result in data loss for non-translatable fields Known issues There are no known regressions in this release. Important: If you have not already upgraded to 8.4.0, read the Drupal 8.4.0 release notes before upgrading to 8.4.4. Drupal 8.4 includes major version updates for Symfony, jQuery, and jQuery UI and is no longer compatible with older versions of Drush. Drupal 8 currently has one remaining critical bug on PHP 7.2 which will be fixed by Drupal 8.5.0, to be released March, 7 2018. Search the issue queue for all known issues. All changes since the last release #2894068 by Jo Fitzgerald, davidsickmiller, alexpott, heddn, Yogesh Pawar, quietone, xjm: datetime_type is not set correctly when migrating datetime fields from D7 #2930715 by alexpott, dawehner: Recursive rebuild caused by installing admin_toolbar_tools module #2837022 by hchonov, xjm, vlad.dancer, plach, matsbla, Gábor Hojtsy: Concurrently editing two translations of a node may result in data loss for non-translatable fields #2933125 by Tessa Bakker: Case mismatch in ExportForm.php #2323459 by harsha012, jhodgdon, joachim: Change wording of annotation keys to properties #2840257 by kiamlaluno: The documentation makes reference to a function that doesn't exist #2779921 by kiamlaluno, alexpott: hook_field_widget_form_alter() still reference a hook that is not used anymore #2931294 by claudiu.cristea, Wim Leers: Timestamp field type misses schema for value #2923884 by mfernea: Fix 'Squiz.WhiteSpace.SemicolonSpacing' coding standard #2899708 by gaurav.kapoor, tan33sh, tedbow, droplet, Wim Leers: `quote` should be `blockquote` in off-canvas.base.css #2932154 by jhedstrom: ModerationInformation::getLatestRevisionId returns access-specific results #2932551 by jeqq: Error when calling ModerationStateFieldItemList::updateModeratedEntity() if the entity doesn't have workflow #2346893 by lauriii, idebr, slashrsm, RavindraSingh, Rade, Fabianx, alexpott, swentel, gauravjeet, darrenwh, deepak_zyxware, joelpittet, Wim Leers, Yogesh Pawar, Vj, ivan.chavarro, josephdpurcell, josmera01, rloos289, kattekrab, Tanvish Jha, csakiistvan, xjm, larowlan, akalata: Duplicate AJAX wrapper around a file field #2921033 by Jo Fitzgerald, masipila, phenaproxima, xjm, Wim Leers: Improve API documentation of DrupalSqlBase source plugin #2862671 by masipila, Jo Fitzgerald, kleog, phenaproxima, quietone: Add documentation to SqlBase source plugin #2930072 by vaplas, Lendude: Module: Convert system functional tests to phpunit #2913864 by Jo Fitzgerald, chiranjeeb2410, matslats, phenaproxima: badly constructred link in drupal_set_message #2928846 by alexpott, Berdir: [PHP 7.2] count() parameter must be an array or an object that implements Countable #1489692 by Liam Morland, pfrenssen, YesCT, geekinpink, sudishth, josmera01, David_Rothstein: Incorrect handling of file upload limit exceeded - file widget disappears #2914938 by timmillwood, RajabNatshah, xjm, Manuel Garcia, amateescu, Wim Leers: Preview of content - Notice: Undefined offset: 0 in _quickedit_entity_is_latest_revision() (line 196 of core/modules/quickedit/quickedit.module) #2880445 by pjcdawkins, japerry, gargsuchi, q0rban: Config sync should not throw a warning when not being writable #2927636 by alexpott, Mile23, Mixologic: Backport --supress-deprecations to run-tests.sh 8.4.x #2928778 by plach: Exception when trying to save a new revision after manually setting the original revision ID #2929464 by tedbow, mpdonadio: Tests under "core/modules/ckeditor/tests/modules/src/Kernel" are in the wrong folder and do not get tested #2795317 by hswong3i, alexpott, Lendude, bircher, dawehner, martin107, Jo Fitzgerald, mondrake: Allow PHPUnit 6+ support for object mocking #2862745 by masipila, quietone: Add documentation to EntityFieldInstance destination plugin #2862746 by masipila, quietone, phenaproxima: Add documentation to EntityFieldStorageConfig destination plugin #2927844 by Jo Fitzgerald, quietone, heddn: Correct references to 'iterator' plugin to be 'sub_process' #2927563 by tstoeckler, amateescu: Aggregator feed "refresh" field should have a default value #2927569 by tstoeckler, amateescu: Various tests do not set values for required field when creating entities #2862207 by kalpaitch, jmmarquez, jeetendrakumar: Config import change profile message #2923886 by mfernea: Fix 'Squiz.WhiteSpace.LanguageConstructSpacing' coding standard Revert "Issue #2929076 by marcoscano: Fix wrong \Drupal\Core\Entity\EntityTypeInterface::getBundleLabel() docblock" #2929076 by marcoscano: Fix wrong \Drupal\Core\Entity\EntityTypeInterface::getBundleLabel() docblock #2927758 by Wim Leers, dagmar: Update DbLogResourceTest to use the ResourceTestBase base class instead of the deprecated RESTTestBase #2717965 by Yogesh Pawar, pguillard, alexpott, Liam Morland, skylord, oxy86, cilefen, balagan, Anthony Fok: Site name is not UTF-8 encoded in email headers To generate a diff of this commit: cvs rdiff -u -r1.1 -r1.2 pkgsrc/www/drupal8/Makefile pkgsrc/www/drupal8/PLIST \ pkgsrc/www/drupal8/distinfo ------------------------------------------------------------------- Module Name: pkgsrc Committed By: wen Date: Tue Feb 27 07:48:29 UTC 2018 Modified Files: pkgsrc/www/drupal8: Makefile PLIST distinfo Log Message: Update to 8.4.5 Upstream changes: 8.4.5 Security release of the Drupal 8 series. This release fixes security vulnerabilities. Sites are urged to upgrade immediately after reading the notes below and the security announcements: Drupal Core - Critical - Multiple Vulnerabilities - SA-CORE-2018-001 No other fixes are included. To generate a diff of this commit: cvs rdiff -u -r1.2 -r1.3 pkgsrc/www/drupal8/Makefile pkgsrc/www/drupal8/PLIST \ pkgsrc/www/drupal8/distinfo 2018-02-05T09:38:18Z spz spz@pkgsrc.org 2018-02-05T09:38:18Z urn:sha1:12f63c5675cad69db641b4d3d26742562098914e www/squid3: security update Revisions pulled up: - www/squid3/Makefile 1.79-1.80 - www/squid3/distinfo 1.62 ------------------------------------------------------------------- Module Name: pkgsrc Committed By: taca Date: Tue Jan 23 02:28:49 UTC 2018 Modified Files: pkgsrc/www/squid3: Makefile distinfo Log Message: www/squid3: Add security patches Add two official security patches. o Denial of service attack when processing ESI responses o Denial of service attack when processing ESI responses or downloading intermediate CA certificates http://www.squid-cache.org/Advisories/SQUID-2018_1.txt http://www.squid-cache.org/Advisories/SQUID-2018_2.txt Bump PKGREVISION. To generate a diff of this commit: cvs rdiff -u -r1.78 -r1.79 pkgsrc/www/squid3/Makefile cvs rdiff -u -r1.61 -r1.62 pkgsrc/www/squid3/distinfo ------------------------------------------------------------------- Module Name: pkgsrc Committed By: veego Date: Thu Jan 25 16:54:28 UTC 2018 Modified Files: pkgsrc/www/squid3: Makefile Log Message: Add missing PATCH_SITES for the new patch files in the last commit. To generate a diff of this commit: cvs rdiff -u -r1.79 -r1.80 pkgsrc/www/squid3/Makefile