diff options
| author | ryoon <ryoon> | 2017-04-27 01:49:47 +0000 |
|---|---|---|
| committer | ryoon <ryoon> | 2017-04-27 01:49:47 +0000 |
| commit | 27d5b3ff8ccde01d7531711a3731dd20ee9c02dc (patch) | |
| tree | 8a886914b0c4d3a11cfcb9bfca24d2a23f499f74 /www/firefox/patches/patch-aa | |
| parent | 15fba9b6a166bffb7d730368ad011ccc42a125eb (diff) | |
| download | pkgsrc-27d5b3ff8ccde01d7531711a3731dd20ee9c02dc.tar.gz | |
Update to 53.0
Changelog:
New
Improved graphics stability for Windows users with the addition of compositor process separation (Quantum Compositor)
Two new 'compact' themes available in Firefox, dark and light, based on the Firefox Developer Edition theme
Lightweight themes are now applied in private browsing windows
Reader Mode now displays estimated reading time for the page
Windows 7+ users on 64-bit OS can select 32-bit or 64-bit versions in the stub installer
Fixed
Various security fixes
Changed
Updated the design of site permission requests to make them harder to miss and easier to understand
Windows XP and Vista are no longer supported. XP and Vista users running Firefox 52 will continue to receive security updates on Firefox ESR 52.
32-bit Mac OS X is no longer supported. 32-bit Mac OS X users can switch to Firefox ESR 52 to continue receiving security updates.
Updates for Mac OS X are smaller in size compared to updates for Firefox 52
New visual design for audio and video controls
Ended Firefox Linux support for processors older than Pentium 4 and AMD Opteron
The last few characters of shortened tab titles fade out instead of being replaced by ellipses to keep more of the title visible
Security fixes:
#CVE-2017-5433: Use-after-free in SMIL animation functions
#CVE-2017-5435: Use-after-free during transaction processing in the editor
#CVE-2017-5436: Out-of-bounds write with malicious font in Graphite 2
#CVE-2017-5461: Out-of-bounds write in Base64 encoding in NSS
#CVE-2017-5459: Buffer overflow in WebGL
#CVE-2017-5466: Origin confusion when reloading isolated data:text/html URL
#CVE-2017-5434: Use-after-free during focus handling
#CVE-2017-5432: Use-after-free in text input selection
#CVE-2017-5460: Use-after-free in frame selection
#CVE-2017-5438: Use-after-free in nsAutoPtr during XSLT processing
#CVE-2017-5439: Use-after-free in nsTArray Length() during XSLT processing
#CVE-2017-5440: Use-after-free in txExecutionState destructor during XSLT processing
#CVE-2017-5441: Use-after-free with selection during scroll events
#CVE-2017-5442: Use-after-free during style changes
#CVE-2017-5464: Memory corruption with accessibility and DOM manipulation
#CVE-2017-5443: Out-of-bounds write during BinHex decoding
#CVE-2017-5444: Buffer overflow while parsing application/http-index-format content
#CVE-2017-5446: Out-of-bounds read when HTTP/2 DATA frames are sent with incorrect data
#CVE-2017-5447: Out-of-bounds read during glyph processing
#CVE-2017-5465: Out-of-bounds read in ConvolvePixel
#CVE-2017-5448: Out-of-bounds write in ClearKeyDecryptor
#CVE-2017-5437: Vulnerabilities in Libevent library
#CVE-2017-5454: Sandbox escape allowing file system read access through file picker
#CVE-2017-5455: Sandbox escape through internal feed reader APIs
#CVE-2017-5456: Sandbox escape allowing local file system access
#CVE-2017-5469: Potential Buffer overflow in flex-generated code
#CVE-2017-5445: Uninitialized values used while parsing application/http-index-format content
#CVE-2017-5449: Crash during bidirectional unicode manipulation with animation
#CVE-2017-5450: Addressbar spoofing using javascript: URI on Firefox for Android
#CVE-2017-5451: Addressbar spoofing with onblur event
#CVE-2017-5462: DRBG flaw in NSS
#CVE-2017-5463: Addressbar spoofing through reader view on Firefox for Android
#CVE-2017-5467: Memory corruption when drawing Skia content
#CVE-2017-5452: Addressbar spoofing during scrolling with editable content on Firefox for Android
#CVE-2017-5453: HTML injection into RSS Reader feed preview page through TITLE element
#CVE-2017-5458: Drag and drop of javascript: URLs can allow for self-XSS
#CVE-2017-5468: Incorrect ownership model for Private Browsing information
#CVE-2017-5430: Memory safety bugs fixed in Firefox 53 and Firefox ESR 52.1
#CVE-2017-5429: Memory safety bugs fixed in Firefox 53, Firefox ESR 45.9, and Firefox ESR 52.1
Diffstat (limited to 'www/firefox/patches/patch-aa')
| -rw-r--r-- | www/firefox/patches/patch-aa | 20 |
1 files changed, 10 insertions, 10 deletions
diff --git a/www/firefox/patches/patch-aa b/www/firefox/patches/patch-aa index 3c1285d03f0..a4e9c2931f9 100644 --- a/www/firefox/patches/patch-aa +++ b/www/firefox/patches/patch-aa @@ -1,13 +1,13 @@ -$NetBSD: patch-aa,v 1.50 2017/03/07 20:45:43 ryoon Exp $ +$NetBSD: patch-aa,v 1.51 2017/04/27 01:49:47 ryoon Exp $ * MOZ_ENABLE_PROFILER_SPS is not for users, Disable it * Disable libjpeg-turbo check * Add system libraries option * Add OSS audio support ---- old-configure.in.orig 2017-03-04 10:47:32.150192599 +0000 +--- old-configure.in.orig 2017-04-23 15:21:06.933492440 +0000 +++ old-configure.in -@@ -2159,11 +2159,7 @@ if test "$MOZ_SYSTEM_JPEG" = 1; then +@@ -2084,11 +2084,7 @@ if test "$MOZ_SYSTEM_JPEG" = 1; then #include <jpeglib.h> ], [ #if JPEG_LIB_VERSION < $MOZJPEG #error "Insufficient JPEG library version ($MOZJPEG required)." @@ -20,9 +20,9 @@ $NetBSD: patch-aa,v 1.50 2017/03/07 20:45:43 ryoon Exp $ MOZ_SYSTEM_JPEG=1, AC_MSG_ERROR([Insufficient JPEG library version for --with-system-jpeg])) fi -@@ -2894,6 +2890,9 @@ if test -n "$MOZ_WEBRTC"; then +@@ -2818,6 +2814,9 @@ if test -n "$MOZ_WEBRTC"; then + AC_DEFINE(MOZ_WEBRTC_ASSERT_ALWAYS) MOZ_RAW=1 - MOZ_VPX_ERROR_CONCEALMENT=1 + dnl with libv4l2 we can support more cameras + PKG_CHECK_MODULES(MOZ_LIBV4L2, libv4l2) @@ -30,7 +30,7 @@ $NetBSD: patch-aa,v 1.50 2017/03/07 20:45:43 ryoon Exp $ dnl enable once Signaling lands MOZ_WEBRTC_SIGNALING=1 AC_DEFINE(MOZ_WEBRTC_SIGNALING) -@@ -2936,7 +2935,7 @@ dnl Use integers over floats for audio o +@@ -2860,7 +2859,7 @@ dnl Use integers over floats for audio o dnl (regarless of the CPU architecture, because audio dnl backends for those platforms don't support floats. We also dnl use integers on ARM with other OS, because it's more efficient. @@ -39,7 +39,7 @@ $NetBSD: patch-aa,v 1.50 2017/03/07 20:45:43 ryoon Exp $ MOZ_SAMPLE_TYPE_S16=1 AC_DEFINE(MOZ_SAMPLE_TYPE_S16) AC_SUBST(MOZ_SAMPLE_TYPE_S16) -@@ -3044,6 +3043,111 @@ if test -n "$MOZ_OMX_PLUGIN"; then +@@ -2968,6 +2967,111 @@ if test -n "$MOZ_OMX_PLUGIN"; then fi fi @@ -151,7 +151,7 @@ $NetBSD: patch-aa,v 1.50 2017/03/07 20:45:43 ryoon Exp $ dnl system libvpx Support dnl ======================================================== MOZ_ARG_WITH_BOOL(system-libvpx, -@@ -3208,6 +3312,67 @@ AC_DEFINE(MOZ_WEBM_ENCODER) +@@ -3128,6 +3232,67 @@ AC_DEFINE(MOZ_WEBM_ENCODER) AC_SUBST(MOZ_WEBM_ENCODER) dnl ================================== @@ -219,8 +219,8 @@ $NetBSD: patch-aa,v 1.50 2017/03/07 20:45:43 ryoon Exp $ dnl = Check alsa availability on Linux dnl ================================== -@@ -5023,6 +5188,27 @@ if test "$USE_FC_FREETYPE"; then - fi +@@ -4860,6 +5025,27 @@ dnl ==================================== + AC_SUBST(MOZ_LINUX_32_SSE2_STARTUP_ERROR) dnl ======================================================== +dnl Check for graphite2 |