| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Switch to an internal version of pthread_equal() without sanity checks.
Problems detected on NetBSD 9.99.46.
|
|
Changelog:
Fixed
Various stability fixes
Fixed issues opening files with spaces in their path (bug 1601905)
Fixed a hang opening about:logins when a master password is set (bug 1606992)
Fixed a web compatibility issue with CSS Shadow Parts which shipped in Firefox 72 (bug 1604989)
Fixed inconsistent playback performance for fullscreen 1080p videos on some systems (bug 1608485)
|
|
|
|
|
|
We no longer patch this in but it's still searching for the files if
you're using something FreeBSDish or Linuxish. This should resolve build
problems on these platforms.
On NetBSD this problem never appeared because it's been using native audio
instead of OSS for a while now.
from Michael Forney in PR pkg/54868
|
|
Bump PKGREVISION.
|
|
One file name changed amongst the extra files generated when the full
debugging option is set.
|
|
NSPR >= 4.24 and NSS >= 3.48 are now required. (Rust is unchanged at
>= 1.37.)
|
|
Changelog:
72.0.1
Security fixes:
#CVE-2019-17026: IonMonkey type confusion with StoreElementHole and FallibleStoreElement
72.0
New
Firefox’s Enhanced Tracking Protection marks a major new
milestone in our battle against cross-site tracking: we now
block fingerprinting scripts by default for all users, taking
a new bold step in the fight for our users’ privacy.
Firefox replaces annoying notification request pop-ups with a
more delightful experience, by default for all users. The
pop-ups no longer interrupt your browsing, in its place, a
speech bubble will appear in the address bar when you interact
with the site.
Picture-in-picture video is now also available in Firefox for
Mac and Linux: Select the blue icon from the right edge of a
video to pop open a floating window so you can keep watching
while working in other tabs or apps. Learn how the feature
works.
Security fixes:
#CVE-2019-17015: Memory corruption in parent process during new content process initialization on Windows
#CVE-2019-17016: Bypass of @namespace CSS sanitization during pasting
#CVE-2019-17017: Type Confusion in XPCVariant.cpp
#CVE-2019-17018: Windows Keyboard in Private Browsing Mode may retain word suggestions
#CVE-2019-17019: Python files could be inadvertently executed upon opening a download
#CVE-2019-17020: Content Security Policy not applied to XSL stylesheets applied to XML documents
#CVE-2019-17021: Heap address disclosure in parent process during content process initialization on Windows
#CVE-2019-17022: CSS sanitization does not escape HTML tags
#CVE-2019-17023: NSS may negotiate TLS 1.2 or below after a TLS 1.3 HelloRetryRequest had been sent
#CVE-2019-17024: Memory safety bugs fixed in Firefox 72 and Firefox ESR 68.4
#CVE-2019-17025: Memory safety bugs fixed in Firefox 72
|
|
|
|
Tested with Jitsi Meet.
|
|
Bump PKGREVISIONs
|
|
Firefox 71.0 now requires NSS>=3.47.1 and Rust >= 1.37. (I haven't
tested a build with Rust 1.37, but I have with 1.38.)
|
|
* Remove oss option. Its patch is not usable for 71.0.
Changelog:
New
Improvements to Lockwise, our integrated password manager:
Firefox now recognizes subdomains and will autofill domain logins from Lockwise
Integrated breach alerts from Firefox Monitor are now available to users with screen readers
More information about Enhanced Tracking Protection in action:
Notifications when Firefox blocks cryptominers
A running tally of blocked trackers in the protection panel accessed by clicking the address bar shield
Picture-in-picture video comes to Firefox for Windows: Select the blue icon from the right edge of a video to pop open a floating window so you can keep watching while working in other tabs. Learn how the feature works.
Native MP3 decoding on Windows, Linux, and macOS
Security fixes:
Not available yet.
|
|
|
|
Rust 1.36.0 is enough to build for now.
Reviewed and Tested by: gutteridge@
|
|
Reviewed by: maya@
|
|
|
|
pkglint -Wall -F --only aligned --only indent -r
Manually excluded phraseanet since pkglint got the indentation wrong.
|
|
|
|
* Try to use pkgsrc clang/clang++ explicitly
Changelog:
Fixed
Fix for an issue that caused some websites or page elements using dynamic JavaScript to fail to load. (Bug 1592136)
Update OpenH264 video plugin for macOS 10.15 users (Bug 1587543)
Title bar no longer shows in full screen view (Bug 1588747)
Changed
OpenH264 video codec version bump for macOS 10.15 users (Bug 1587543)
|
|
|
|
|
|
|
|
* Offline build is incomplete. However I cannot finish the fix.
Changelog:
New
More privacy protections from Enhanced Tracking Protection:
Social tracking protection, which blocks cross-site tracking cookies from sites like Facebook, Twitter, and LinkedIn, is now a standard feature of Enhanced Tracking Protection.
The Privacy Protections report shows an overview, with details, of the trackers Firefox has blocked. It provides consolidated reports from Monitor and Lockwise.
More security protections from Firefox Lockwise, our digital identity and password management tool:
Lockwise for desktop lets you create, update, and delete your logins and passwords to sync across all your devices, including the Lockwise mobile apps and Firefox mobile browsers
.
Integrated breach alerts from Firefox Monitor, to alert you when saved logins and passwords are compromised in online data breaches.
Complex password generation, to help you create and save strong passwords for new online accounts.
Improvements to core engine components, for better browsing on more sites
A faster Javascript Baseline Interpreter to handle the modern web’s
large codebases and improve page load performance by as much as 8
percent.
WebRender rolled out to more Firefox for Windows users, now available by default on Windows desktops with integrated Intel graphics cards and resolution of 1920x1200 or less) for improved graphics rendering.
Compositor improvements in Firefox for macOS that reduce power
consumption, speed up page load by as much as 22 percent, and reduce
resource use for video by up to 37 percent.
More browser features to help you get the most out of Firefox products and services
A stand-alone Firefox account menu for easy access to Firefox services like Monitor and Send.
A message panel accessed from the gift icon in the toolbar that offers a quick overview of new releases and key features.
When a website uses your geolocation, an indicator is shown in the
address bar.
Fixed
Various security fixes
Changed
Built-in Firefox pages now follow the system dark mode preference
Aliased theme properties have been removed, which may affect some themes
Passwords can now be imported from Chrome on macOS in addition to existing support for Windows
Readability is now greatly improved on under- or overlined texts, including links. The lines will now be interrupted instead of crossing over a glyph.
Improved privacy and security indicators
A new crossed-out lock icon will indicate sites delivered via
insecure HTTP
The formerly green lock icon is now grey
The Extended Validation (EV) indicator has been moved to the identity
popup that appears when clicking the lock icon
Security fixes:
#CVE-2018-6156: Heap buffer overflow in FEC processing in WebRTC
#CVE-2019-15903: Heap overflow in expat library in XML_GetCurrentLineNumber
#CVE-2019-11757: Use-after-free when creating index updates in IndexedDB
#CVE-2019-11759: Stack buffer overflow in HKDF output
#CVE-2019-11760: Stack buffer overflow in WebRTC networking
#CVE-2019-11761: Unintended access to a privileged JSONView object
#CVE-2019-11762: document.domain-based origin isolation has same-origin-property violation
#CVE-2019-11763: Incorrect HTML parsing results in XSS bypass technique
#CVE-2019-11765: Incorrect permissions could be granted to a website
#CVE-2019-17000: CSP bypass using object tag with data: URI
#CVE-2019-17001: CSP bypass using object tag when script-src 'none' is specified
#CVE-2019-17002: upgrade-insecure-requests was not being honored for links dragged and dropped
#CVE-2019-11764: Memory safety bugs fixed in Firefox 70 and Firefox ESR 68.2
|
|
|
|
Changelog:
Fixed
Fixed download errors for Windows 10 users with Parental Controls enabled (bug 1586228)
Fixed Yahoo mail users being prompted to download files when clicking on emails (bug 1582848)
|
|
Changelog:
Fixed
Fixed a crash when editing files on Office 365 websites (bug 1579858)
Fixed detection of the Windows 10 Parental Controls feature being enabled (bug 1584613)
Fixed a Linux-only crash when changing the playback speed while watching YouTube videos (bug 1582222)
|
|
(work around for libc++ vs netbsd headers).
|
|
Changelog:
Fixed
Fixed external programs launching in the background when clicking a link from inside Firefox to launch them (bug 1570845)
Usability improvements to the Add-ons Manager for users with screen readers (bug 1567600)
Fixed the Captive Portal notification bar not being dismissable in some situations after login is complete (bug 1578633)
Fixed the maximum size of fonts in Reader Mode when zoomed (bug 1578454)
Fixed missing stacks in the Developer Tools Performance section (bug 1578354)
Security and stability fixes
irefox 69.0.1
Security fixes:
#CVE-2019-11754: Pointer Lock is enabled with no user notification
|
|
|
|
|
|
Reported by David H. Gutteridge, thank you.
|
|
PeerConnectionIdp.jsm is installed universally, not just when webrtc is
an enabled option.
|
|
* Use clang to compile all files. Mix of gcc and clang causes some errors in
Rust c++ command invocation (C++ header mismatches).
Changelog:
New
Enhanced Tracking Protection (ETP) rolls out stronger privacy protections:
The default standard setting for this feature now blocks third-party tracking cookies and cryptominers.
The optional strict setting blocks fingerprinters as well as the items blocked in the standard setting.
The Block Autoplay feature is enhanced to give users the option to block any video that automatically starts playing, not just those that automatically play with sound.
For our users in the US or using the en-US browser, we are shipping a new “New Tab” page experience that connects you to the best of Pocket’s content.
Support for the Web Authentication HmacSecret extension via Windows Hello now comes with this release, for versions of Windows 10 May 2019 or newer, enabling more passwordless experiences on the web.
Support for receiving multiple video codecs with this release makes it easier for WebRTC conferencing services to mix video from different clients.
For our users on Windows 10, you’ll see performance and UI improvements:
Firefox will give Windows hints to appropriately set content process priority levels, meaning more processor time spent on the tasks you're actively working on, and less processor time spent on things in the background (with the exception of video and audio playback).
For our existing Windows 10 users, you can easily find and launch Firefox from a shortcut on the Win10 taskbar.
For our users on macOS, battery life and download UI are both improved:
macOS users on dual-graphics-card machines (like MacBook Pro) will switch back to the low-power GPU more aggressively, saving battery life.
Finder on macOS now displays download progress for files being downloaded.
JIT support comes to ARM64 for improved performance of our JavaScript Optimizing JIT compiler.
Fixed
Various security fixes
Changed
As previously announced in the Plugin Roadmap for Firefox, the "Always Activate" option for Flash plugin content has been removed. Firefox will now always ask for user permission before activating Flash content on a website.
With the deprecation of Adobe Flash Player, there is no longer a need to identify users on 32-bit version of the Firefox browser on 64-bit version operating systems reducing user agent fingerprinting factors providing greater level of privacy to our users as well as improving the experience of downloading other apps.
Firefox no longer loads userChrome.css or userContent.css by default improving start-up performance. Users who wish to customize Firefox by using these files can set the toolkit.legacyUserProfileCustomizations.stylesheets preference to true to restore this ability.
Enterprise
For Enterprise system administrators that manage macOS computers, we begin shipping a Mozilla signed PKG installer to simplify your deployments.
Developer
For our mobile web developers, we have migrated remote debugging from the old WebIDE into a re-designed about:debugging, making debugging GeckoView on remote devices via USB rock solid.
The network panel will now show blocked resources to allow developers to best understand the impact of content blocking and ad blocking extensions given our ongoing expansion of Enhanced Tracking Protection to all users with this release.
The new event listener breakpoint feature allows developers to pause on a host of different event types, whether it be related to animations, DOM, media, mouse, touch, worker, and many other event types.
Firefox Developer Tools now offers an audit for the presence of text alternatives for non-text content, the a11y panel checks toolbar has been augmented to better help developers adhere to WCAG Guideline 1.1.
Security fixes:
#CVE-2019-11751: Malicious code execution through command line parameters
#CVE-2019-11746: Use-after-free while manipulating video
#CVE-2019-11744: XSS by breaking out of title and textarea elements using innerHTML
#CVE-2019-11742: Same-origin policy violation with SVG filters and canvas to steal cross-origin images
#CVE-2019-11736: File manipulation and privilege escalation in Mozilla Maintenance Service
#CVE-2019-11753: Privilege escalation with Mozilla Maintenance Service in custom Firefox installation location
#CVE-2019-11752: Use-after-free while extracting a key value in IndexedDB
#CVE-2019-9812: Sandbox escape through Firefox Sync
#CVE-2019-11741: Isolate addons.mozilla.org and accounts.firefox.com
#CVE-2019-11743: Cross-origin access to unload event attributes
#CVE-2019-11749: Camera information available without prompting using getUserMedia
#CVE-2019-5849: Out-of-bounds read in Skia
#CVE-2019-11750: Type confusion in Spidermonkey
#CVE-2019-11737: Content security policy directives ignore port and path if host is a wildcard
#CVE-2019-11738: Content security policy bypass through hash-based sources in directives
#CVE-2019-11747: 'Forget about this site' removes sites from pre-loaded HSTS list
#CVE-2019-11734: Memory safety bugs fixed in Firefox 69
#CVE-2019-11735: Memory safety bugs fixed in Firefox 69 and Firefox ESR 68.1
#CVE-2019-11740: Memory safety bugs fixed in Firefox 69, Firefox ESR 68.1, and Firefox ESR 60.9
|
|
Changelog:
Fixed
Fixed a bug causing some special characters to be cut off from the end of the search terms when searching from the URL bar (bug 1560228)
Allow fonts to be loaded via file:// URLs when opening a page locally (bug 1565942)
Printing emails from the Outlook web app no longer prints only the header and footer (bug 1567105)
Fixed a bug causing some images not to be displayed on reload, including on Google Maps (bug 1565542)
Fixed an error when starting external applications configured as URI handlers (bug 1567614)
Security fixes
#CVE-2019-11733: Stored passwords in 'Saved Logins' can be copied without master password entry
|
|
Thanks to Santhosh Raju for information of the upstream fix.
|
|
|
|
Changelog:
Fixed
Fixed missing Full Screen button when watching videos in full
screen mode on HBO GO (bug 1562837)
Fixed a bug causing incorrect messages to appear for some
locales when sites try to request the use of the Storage Access
API (bug 1558503)
Users in Russian regions may have their default search engine
changed (bug 1565315)
Built-in search engines in some locales do not function correctly
(bug 1565779)
|
|
|
|
cbindgen is now >= 0.8.7 and NSS is now >= 3.44.1.
|
|
|
|
Changelog:
New
Dark mode in reader view expands so that windows are also dark on the controls, sidebars and toolbars.
Improved extension security and discovery:
New reporting feature in about:addons allows you to report security and performance issues with extensions and themes.
Redesigned extensions dashboard in about:addons provides easy access to information about your extensions, including data and settings access required by each extension.
Find high quality, secure extensions via the Recommended Extensions program in about:addons, which now displays user count and ratings for each extension. "Recommended” badges for these extensions also appear on AMO. More extensions will be added over time.
Cryptomining and fingerprinting protections are added to strict content blocking settings in Privacy & Security preferences.
WebRender will roll out to Windows 10 users with AMD graphics cards.
Windows Background Intelligent Transfer Service (BITS) update download support, which allows Firefox update downloads to continue when Firefox is closed.
Fixed
Various security fixes
Local files can no longer access other files in the same directory.
Security fixes:
#CVE-2019-9811: Sandbox escape via installation of malicious language pack
#CVE-2019-11711: Script injection within domain through inner window reuse
#CVE-2019-11712: Cross-origin POST requests can be made with NPAPI plugins by following 308 redirects
#CVE-2019-11713: Use-after-free with HTTP/2 cached stream
#CVE-2019-11714: NeckoChild can trigger crash when accessed off of main thread
#CVE-2019-11729: Empty or malformed p256-ECDH public keys may trigger a segmentation fault
#CVE-2019-11715: HTML parsing error can contribute to content XSS
#CVE-2019-11716: globalThis not enumerable until accessed
#CVE-2019-11717: Caret character improperly escaped in origins
#CVE-2019-11718: Activity Stream writes unsanitized content to innerHTML
#CVE-2019-11719: Out-of-bounds read when importing curve25519 private key
#CVE-2019-11720: Character encoding XSS vulnerability
#CVE-2019-11721: Domain spoofing through unicode latin 'kra' character
#CVE-2019-11730: Same-origin policy treats all files in a directory as having the same-origin
#CVE-2019-11723: Cookie leakage during add-on fetching across private browsing boundaries
#CVE-2019-11724: Retired site input.mozilla.org has remote troubleshooting permissions
#CVE-2019-11725: Websocket resources bypass safebrowsing protections
#CVE-2019-11727: PKCS#1 v1.5 signatures can be used for TLS 1.3
#CVE-2019-11728: Port scanning through Alt-Svc header
#CVE-2019-11710: Memory safety bugs fixed in Firefox 68
#CVE-2019-11709: Memory safety bugs fixed in Firefox 68 and Firefox ESR 60.8
|
|
Changelog:
#CVE-2019-11708: sandbox escape using Prompt:Open
|
|
Changelog:
Security fix:
#CVE-2019-11707: Type confusion in Array.pop
|
|
This was a precaution but actually seems to introduce frame drops
at the default audio latency.
|
|
This replaces the OSS backend with something that passes the unit tests,
supports additional channels, and supports recording. It will be included
with future versions of Firefox.
Tested with:
* YouTube audio-video sync test
* about:support device detection
* WebRTC microphone recording (using an USB microphone)
Note: you can select an audio backend using the about:config variable
media.cubeb.backend. This can be set to options such as sun/pulse/oss.
Let me know if you still need to use the oss backend. It's very
incomplete, buggy, and FreeBSD has already removed it - ideally we
should eventually.
Bump PKGREVISION.
|
|
Changelog:
Fixed
Fix JavaScript error ("TypeError: data is null in PrivacyFilter.jsm")
in console which may significantly degrade sessionstore
reliability and performance (bug 1553413)
Proxy authentication dialog box repeatedly pops up asking to
authenticate after upgrading to Firefox 67 (bug 1548804)
Pearson MyCloud breaks if FIDO U2F is not Chrome's implementation
(bug 1551282)
Starting in safe mode on Linux or macOS causes Firefox to think
on the subsequent launch that the profile is too recent to be
used with this version of Firefox (bug 1556612)
Linux distribution users can't easily install/use additional/different
languages using the built-in preferences UI (bug 1554744)
Developer tools users can't copy the href/src content from
various HTML tags via the context menu in the Inspector markup
view (bug 1552275)
Custom home page is broken with clearing data on shutdown
settings applied (bug 1554167)
Performance-regression for eclipse RAP based applications (bug
1555962)
macOS 10.15 crash fix (bug 1556076)
Can't start two downloads in parallel via <a download> anymore
(bug 1542912)
|
|
|
|
Noticed by szptvlfn@, thank you.
|
