| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
firefox91, but webrtc video calls are absolutely perfect with sunaudio in
firefox102 and newer.
|
|
due to a change to the collections library. Right now commit a workaround
until a proper fix appears.
|
|
|
|
|
|
|
|
|
|
|
|
the next version will support 3.10
(Only relevant if you set your default to python 3.10)
|
|
This is the last version of Firefox where microphone input isn't broken
on NetBSD, see PR pkg/56587
|
|
Sorry, everyone.
|
|
|
|
All checksums have been double-checked against existing RMD160 and
SHA512 hashes
Not committed (merge conflicts):
www/nghttp2/distinfo
Unfetchable distfiles (almost certainly fetched conditionally...):
./www/nginx-devel/distinfo array-var-nginx-module-0.05.tar.gz
./www/nginx-devel/distinfo echo-nginx-module-0.62.tar.gz
./www/nginx-devel/distinfo encrypted-session-nginx-module-0.08.tar.gz
./www/nginx-devel/distinfo form-input-nginx-module-0.12.tar.gz
./www/nginx-devel/distinfo headers-more-nginx-module-0.33.tar.gz
./www/nginx-devel/distinfo lua-nginx-module-0.10.19.tar.gz
./www/nginx-devel/distinfo naxsi-1.3.tar.gz
./www/nginx-devel/distinfo nginx-dav-ext-module-3.0.0.tar.gz
./www/nginx-devel/distinfo nginx-rtmp-module-1.2.2.tar.gz
./www/nginx-devel/distinfo nginx_http_push_module-1.2.10.tar.gz
./www/nginx-devel/distinfo ngx_cache_purge-2.5.1.tar.gz
./www/nginx-devel/distinfo ngx_devel_kit-0.3.1.tar.gz
./www/nginx-devel/distinfo ngx_http_geoip2_module-3.3.tar.gz
./www/nginx-devel/distinfo njs-0.5.0.tar.gz
./www/nginx-devel/distinfo set-misc-nginx-module-0.32.tar.gz
./www/nginx/distinfo array-var-nginx-module-0.05.tar.gz
./www/nginx/distinfo echo-nginx-module-0.62.tar.gz
./www/nginx/distinfo encrypted-session-nginx-module-0.08.tar.gz
./www/nginx/distinfo form-input-nginx-module-0.12.tar.gz
./www/nginx/distinfo headers-more-nginx-module-0.33.tar.gz
./www/nginx/distinfo lua-nginx-module-0.10.19.tar.gz
./www/nginx/distinfo naxsi-1.3.tar.gz
./www/nginx/distinfo nginx-dav-ext-module-3.0.0.tar.gz
./www/nginx/distinfo nginx-rtmp-module-1.2.2.tar.gz
./www/nginx/distinfo nginx_http_push_module-1.2.10.tar.gz
./www/nginx/distinfo ngx_cache_purge-2.5.1.tar.gz
./www/nginx/distinfo ngx_devel_kit-0.3.1.tar.gz
./www/nginx/distinfo ngx_http_geoip2_module-3.3.tar.gz
./www/nginx/distinfo njs-0.5.0.tar.gz
./www/nginx/distinfo set-misc-nginx-module-0.32.tar.gz
|
|
|
|
Security Vulnerabilities fixed in Firefox ESR 78.15
#CVE-2021-38496: Use-after-free in MessageTask
#CVE-2021-38500: Memory safety bugs fixed in Firefox 93, Firefox ESR 78.15,
and Firefox ESR 91.2
|
|
|
|
|
|
Bump PKGREVISION.
|
|
Fixes CVE-2021-38493
|
|
|
|
Changelog:
Various stability, functionality, and security fixes
Security fixes:
#CVE-2021-29986: Race condition when resolving DNS names could have led to
memory corruption
#CVE-2021-29988: Memory corruption as a result of incorrect style treatment
#CVE-2021-29984: Incorrect instruction reordering during JIT optimization
#CVE-2021-29980: Uninitialized memory in a canvas object could have led to
memory corruption
#CVE-2021-29985: Use-after-free media channels
#CVE-2021-29989: Memory safety bugs fixed in Firefox 91 and Firefox ESR 78.13
|
|
|
|
Security Vulnerabilities fixed in Firefox ESR 78.12
#CVE-2021-29970: Use-after-free in accessibility features of a document
#CVE-2021-30547: Out of bounds write in ANGLE
#CVE-2021-29976: Memory safety bugs fixed in Firefox 90 and Firefox ESR
78.12
|
|
|
|
Security fixes:
https://www.mozilla.org/en-US/security/advisories/mfsa2021-24/
|
|
|
|
|
|
Changelog:
Version 78.10.1, first offered to ESR channel users on May 4, 2021
Fixed
* Resolved an issue caused by a recent Widevine plugin update which prevented
some purchased video content from playing correctly (bug 1705138)
* Security fix
Security fixes:
#CVE-2021-29951: Mozilla Maintenance Service could have been started or stopped
by domain users
|
|
|
|
security fixes:
https://www.mozilla.org/en-US/security/advisories/mfsa2021-15/
|
|
|
|
|
|
Changelog:
Security fixes:
#CVE-2021-23981: Texture upload into an unbound backing buffer resulted in an
out-of-bound read
#CVE-2021-23982: Internal network hosts could have been probed by a malicious
webpage
#CVE-2021-23984: Malicious extensions could have spoofed popup information
#CVE-2021-23987: Memory safety bugs fixed in Firefox 87 and Firefox ESR 78.9
|
|
|
|
Security Vulnerabilities fixed in Firefox ESR 78.8
#CVE-2021-23969: Content Security Policy violation report could have
contained the destination of a redirect
#CVE-2021-23968: Content Security Policy violation report could have
contained the destination of a redirect
#CVE-2021-23973: MediaError message property could have leaked
information about cross-origin resources
#CVE-2021-23978: Memory safety bugs fixed in Firefox 86 and Firefox ESR
78.8
|
|
|
|
Changelog:
Fixed
Security fix
Prevent access to NTFS special paths that could lead to filesystem corruption.
Security fix:
#MOZ-2021-0001: Buffer overflow in depth pitch calculations for compressed textures
|
|
changes:
https://www.mozilla.org/en-US/security/advisories/mfsa2021-04/
|
|
|
|
Changelog:
* Fix: Fixed a crash during video playback on Apple Silicon devices (bug 1683579)
* Secrity fix:
#CVE-2020-16044: Use-after-free write when handling a malicious COOKIE-ECHO SCTP chunk
|
|
|
|
|
|
|
|
|
|
Security Vulnerabilities fixed in Firefox ESR 78.6
#CVE-2020-16042: Operations on a BigInt could have caused uninitialized
memory to be exposed
#CVE-2020-26971: Heap buffer overflow in WebGL
#CVE-2020-26973: CSS Sanitizer performed incorrect sanitization
#CVE-2020-26974: Incorrect cast of StyleGenericFlexBasis resulted in a heap
use-after-free
#CVE-2020-26978: Internal network hosts could have been probed by a
malicious webpage
#CVE-2020-35111: The proxy.onRequest API did not catch view-source URLs
#CVE-2020-35112: Opening an extension-less download may have inadvertently
launched an executable instead
#CVE-2020-35113: Memory safety bugs fixed in Firefox 84 and Firefox ESR 78.6
|
|
|
|
Security Vulnerabilities fixed in Firefox ESR 78.5
#CVE-2020-26951: Parsing mismatches could confuse and bypass security
sanitizer for chrome privileged code
#CVE-2020-16012: Variable time processing of cross-origin images during
drawImage calls
#CVE-2020-26953: Fullscreen could be enabled without displaying the security
UI
#CVE-2020-26956: XSS through paste (manual and clipboard API)
#CVE-2020-26958: Requests intercepted through ServiceWorkers lacked MIME
type restrictions
#CVE-2020-26959: Use-after-free in WebRequestService
#CVE-2020-26960: Potential use-after-free in uses of nsTArray
#CVE-2020-15999: Heap buffer overflow in freetype
#CVE-2020-26961: DoH did not filter IPv4 mapped IP Addresses
#CVE-2020-26965: Software keyboards may have remembered typed passwords
#CVE-2020-26966: Single-word search queries were also broadcast to local
network
#CVE-2020-26968: Memory safety bugs fixed in Firefox 83 and Firefox ESR 78.5
|
|
Reported by Riastradh
|
|
|
|
for easier syncing with other packages
|
|
The python 2 dependency was seemingly removed in Firefox 78.0 so we
can remove those old hacks.
Firefox needs clang for some unknown part of the build process (rust
related?), even if building with GCC.
The previous solution in pkgsrc was to force the use of clang, because
pkgsrc provides cwrappers which provided gcc-as-clang, which broke
everything. Instead, override the clang wrapper with the actual clang
executable.
This means the majority of the build happens with GCC (or ccache, distcc,
whatever the user chooses, rather than overriding it with clang). Should help
sparc64, where clang doesn't work too well.
Full build tested on NetBSD/amd64.
|
