| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Remove commented out lines.
|
|
|
|
|
|
Changelog:
New Share Hello URLs with social networks
New Project Silk: Smoother animation and scrolling (Mac OS X)
New Support for 'switch' role in ARIA 1.1 (web accessibility)
New SafeBrowsing malware detection lookups enabled for downloads (Mac OS X and Linux)
New Support for new Unicode 8.0 skin tone emoji
Changed Removed support for insecure SSLv3 for network communications
Changed Disable use of RC4 except for temporarily whitelisted hosts
Changed The malware detection service for downloads now covers common Mac file types (Bug 1138721)
Changed of displaying dashed lines is improved (Mac OS X) (Bug 1123019)
HTML5 List-style-type now accepts a string value
HTML5 Enable the Fetch API for network requests from dedicated, shared and service workers
HTML5 Cascading of CSS transitions and animations now matches the current spec
HTML5 Implement <link rel="preconnect">allowing anticipation of a future connection without revealing any information
HTML5 Added support for CSS Scroll Snap Points
Developer Drag and drop enabled for nodes in Inspector markup view
Developer Webconsole input history persists even after closing the toolbox
Developer Cubic bezier tooltip now shows a gallery of timing-function presets for use with CSS animations
Developer localhost is now available offline for WebSocket connections
Fixed Improve performance for IPv6 fallback to IPv4
Fixed Fix incomplete downloads being marked as complete by detecting broken HTTP1.1 transfers
Fixed The Security state indicator on a page now correctly ignores loads caused by previous pages
Fixed Fixed an issue where a Hello conversation window would sometimes fail to open
Fixed A regression that could lead to Flash not displaying has been fixed
Fixed Update to NSS 3.19.2
Fixed Various security fixes
Fixed in Firefox 39
2015-71 NSS incorrectly permits skipping of ServerKeyExchange
2015-70 NSS accepts export-length DHE keys with regular DHE cipher suites
2015-69 Privilege escalation in PDF.js
2015-68 OS X crash reports may contain entered key press information
2015-67 Key pinning is ignored when overridable errors are encountered
2015-66 Vulnerabilities found through code inspection
2015-65 Use-after-free in workers while using XMLHttpRequest
2015-64 ECDSA signature validation fails to handle some signatures correctly
2015-63 Use-after-free in Content Policy due to microtask execution error
2015-62 Out-of-bound read while computing an oscillator rendering range in Web Audio
2015-61 Type confusion in Indexed Database Manager
2015-60 Local files or privileged URLs in pages can be opened into new tabs
2015-59 Miscellaneous memory safety hazards (rv:39.0 / rv:31.8 / rv:38.1)
|
|
|
|
|
|
Changelog:
New: Keep track of articles and videos with Pocket
New: Clean formatting for articles and blog posts with Reader View
New: Share the active tab or window in a Hello conversation
Fixed: A race condition that would cause Firefox to stop painting when switching tabs (bug 1067470)
Fixed: Fixed graphics performance when using the built-in VGA driver on Windows 7 (Bug 1165732)
|
|
|
|
* Update nss requirement.
|
|
Changelog:
Fixed Systems with first generation NVidia Optimus graphics cards may crash on start-up
Fixed Users who import cookies from Google Chrome can end up with broken websites
Fixed WebRTC H264 video streams from CiscoSpark native clients are not decoded correctly. (Fixed in Firefox ESR 38.0.1; was already fixed in Firefox 38.0)
Fixed Large animated images may fail to play and may stop other images from loading
|
|
|
|
|
|
supported version on NetBSD. PKGREVISION++
|
|
Changelog:
New New tab-based preferences
New Ruby annotation support
New Base for the next ESR release.
Changed autocomplete=off is no longer supported for username/password fields
Changed URL parser avoids doing percent encoding when setting the Fragment part of the URL, and percent decoding when getting the Fragment in line with the URL spec
Changed RegExp.prototype.source now returns "(?:)" instead of the empty string for empty regular expressions
Changed Improved page load times via speculative connection warmup
HTML5 WebSocket now available in Web Workers
HTML5 BroadcastChannel API implemented
HTML5 Implemented srcset attribute and <picture> element for responsive images
HTML5 Implemented DOM3 Events KeyboardEvent.code
HTML5 Mac OS X: Implemented a subset of the Media Source Extensions (MSE) API to allow native HTML5 playback on YouTube
HTML5 Implemented Encrypted Media Extensions (EME) API to support encrypted HTML5 video/audio playback (Windows Vista or later only)
HTML5 Automatically download Adobe Primetime Content Decryption Module (CDM) for DRM playback through EME (Windows Vista or later only)
Developer Optimized-out variables are now visible in Debugger UI
Developer XMLHttpRequest logs in the web console are now visually labelled and can be filtered separately from regular network requests
Developer WebRTC now has multistream and renegotiation support
Developer copy command added to console
Fixed Various security fixes
Fixed in Firefox 38
2015-58 Mozilla Windows updater can be run outside of application directory
2015-57 Privilege escalation through IPC channel messages
2015-56 Untrusted site hosting trusted page can intercept webchannel responses
2015-55 Buffer overflow and out-of-bounds read while parsing MP4 video metadata
2015-54 Buffer overflow when parsing compressed XML
2015-53 Use-after-free due to Media Decoder Thread creation during shutdown
2015-52 Sensitive URL encoded information written to Android logcat
2015-51 Use-after-free during text processing with vertical text enabled
2015-50 Out-of-bounds read and write in asm.js validation
2015-49 Referrer policy ignored when links opened by middle-click and context menu
2015-48 Buffer overflow with SVG content and CSS
2015-47 Buffer overflow parsing H.264 video with Linux Gstreamer
2015-46 Miscellaneous memory safety hazards (rv:38.0 / rv:31.7)
|
|
|
|
Changelog:
Fixed Request Desktop Site feature does not work as expected
|
|
Because this package does not use gnomevfs, libnkgnomevfs.so is
not installed.
|
|
From hiramatsu@. Thank you.
|
|
|
|
JIT support). Better fix upstream in all newer branches already.
|
|
|
|
- Disabled HTTP/2 AltSvc
- Start-up crash due to graphics hardware and third party software
- Various security fixes
|
|
|
|
* Bump nspr requirement.
Changelog:
New Heartbeat user rating system - your feedback about Firefox
New Yandex set as default search provider for the Turkish locale
New Bing search now uses HTTPS for secure searching
New Improved protection against site impersonation via OneCRL centralized certificate revocation
New Opportunistically encrypt HTTP traffic where the server supports HTTP/2 AltSvc
Changed Disabled insecure TLS version fallback for site security
Changed Extended SSL error reporting for reporting non-certificate errors
Changed TLS False Start optimization now requires a cipher suite using AEAD construction
Changed Improved certificate and TLS communication security by removing support for DSA
Changed Improved performance of WebGL rendering on Windows
HTML5 Implemented a subset of the Media Source Extensions (MSE) API to allow native HTML5 playback on YouTube (Windows only)
HTML5 Added support for CSS display:contents
HTML5 IndexedDB now accessible from worker threads
HTML5 New SDP/JSEP implementation in WebRTC
Developer Debug tabs opened in Chrome Desktop, Chrome for Android, and Safari for iOS
Developer New Inspector animations panel to control element animations
Developer New Security Panel included in Network Panel
Developer Debugger panel support for chrome:// and about:// URIs
Developer Added logging of weak ciphers to the web console
Fixed Various security fixes
Fixed in Firefox 37
2015-42 Windows can retain access to privileged content on navigation to unprivileged pages
2015-41 PRNG weakness allows for DNS poisoning on Android
2015-40 Same-origin bypass through anchor navigation
2015-39 Use-after-free due to type confusion flaws
2015-38 Memory corruption crashes in Off Main Thread Compositing
2015-37 CORS requests should not follow 30x redirections after preflight
2015-36 Incorrect memory management for simple-type arrays in WebRTC
2015-35 Cursor clickjacking with flash and images
2015-34 Out of bounds read in QCMS library
2015-33 resource:// documents can load privileged pages
2015-32 Add-on lightweight theme installation approval bypassed through MITM attack
2015-31 Use-after-free when using the Fluendo MP3 GStreamer plugin
2015-30 Miscellaneous memory safety hazards (rv:37.0 / rv:31.6)
|
|
|
|
Changelog:
Fixed 36.0.4: Security fixes for issues disclosed at HP Zero Day Initiative's Pwn2Own contest
Fixed in Firefox 36.0.4
2015-28 Privilege escalation through SVG navigation
Fixed in Firefox 36.0.3
2015-29 Code execution through incorrect JavaScript bounds checking elimination
|
|
Changelog:
Fixed 36.0.3: Security fixes for issues disclosed at HP Zero Day Initiative's Pwn2Own contest
|
|
|
|
|
|
Changelog:
Fixed 36.0.1 - Disable the usage of the ANY DNS query type (1093983)
Fixed 36.0.1 - Fixed a startup crash with EMET (1137050)
Fixed 36.0.1 - Hello may become inactive until restart (1137469)
Fixed 36.0.1 - Print preferences may not be preserved (1136855)
Fixed 36.0.1 - Hello contact tabs may not be visible (1137141)
Fixed 36.0.1 - Accept hostnames that include an underscore character ("_") (1136616)
Fixed 36.0.1 - WebGL may use significant memory with Canvas2d (1137251)
Fixed 36.0.1 - Option -remote has been restored (1080319)
Fixed 36.0.1 - Fix a top crash
|
|
* Fix segfault under NetBSD/i386 6.
From tsutsui@. Thank you.
|
|
Thank you, wiz@.
|
|
It seems that near Japan Mozilla CDN mirror has much bigger tarball...
|
|
From rjs@. Thank you.
|
|
Changelog:
New Pinned tiles on the new tab page can be synced
New Support for the full HTTP/2 protocol. HTTP/2 enables a faster, more scalable, and more responsive web.
New Locale added: Uzbek (uz)
Changed -remote option removed
Changed No longer accept insecure RC4 ciphers whenever possible
Changed Phasing out Certificates with 1024-bit RSA Keys
Changed Shut down hangs will now show the crash reporter before exiting the program
Changed Add-on Compatibility
HTML5 Support for the ECMAScript 6 Symbol data type added
HTML5 unicode-range CSS descriptor implemented
HTML5 CSSOM-View scroll behavior implemented allowing smooth scrolling of content without custom libraries
HTML5 object-fit and object-position implemented.
Defines how and where the content of a replaced element is displayed
HTML5 isolation CSS property implemented.
Create a new stacking context to isolate groups of boxes to control which blend together
HTML5 CSS3 will-change property implemented.
Hints the browser of elements that will be modified. The browser will perform some performance optimization for these
HTML5 Changed JavaScript 'const' semantics to conform better to the ES6 specification.
The const declaration is now block-scoped and requires an initializer. It also can not be redeclared anymore.
HTML5 Improved ES6 generators for better performance
Developer Eval sources now appear in the Debugger
Debug JavaScript code that is evaluated dynamically, either as a string passed to eval() or as a string passed to the Function constructor
Developer DOM Promises inspection
Developer Inspector: More paste options in markup view
Fixed CSS gradients work on premultiplied colors
Fixed Fix some unexpected logout from Facebook or Google after restart
Fixed Various security fixes
Fixed in Firefox 36
2015-27 Caja Compiler JavaScript sandbox bypass
2015-26 UI Tour whitelisted sites in background tab can spoof foreground tabs
2015-25 Local files or privileged URLs in pages can be opened into new tabs
2015-24 Reading of local files through manipulation of form autocomplete
2015-23 Use-after-free in Developer Console date with OpenType Sanitiser
2015-22 Crash using DrawTarget in Cairo graphics library
2015-21 Buffer underflow during MP3 playback
2015-20 Buffer overflow during CSS restyling
2015-19 Out-of-bounds read and write while rendering SVG content
2015-18 Double-free when using non-default memory allocators with a zero-length XHR
2015-17 Buffer overflow in libstagefright during MP4 video playback
2015-16 Use-after-free in IndexedDB
2015-15 TLS TURN and STUN connections silently fail to simple TCP connections
2015-14 Malicious WebGL content crash when writing strings
2015-13 Appended period to hostnames can bypass HPKP and HSTS protections
2015-12 Invoking Mozilla updater will load locally stored DLL files
2015-11 Miscellaneous memory safety hazards (rv:36.0 / rv:31.5)
|
|
|
|
|
|
just a change in a diagnostic message.
|
|
Per discussion with ryoon@.
Bump PKGREVISION for this and the previous two commits.
|
|
pthread_cond_destroy() triggers. Convert that into a call to perror() so
that firefox doesn't constantly abort when using ALSA instead of pulseaudio.
|
|
to #include <spawn.h> on NetBSD 5.x release. So I don't know how the
submitter came to claim that this compiled on NetBSD 5.x.
|
|
* Remove -Werror=char-subscripts from js/src
|
|
|
|
author).
Bump PKGREVISION.
|
|
|
|
* Fix merge mistake.
|
|
PLIST:
* lib/firefox/libmozglue.so is built and installed as a shared
library on some platforms including Darwin.
mozilla-common.mk:
* Sandboxing support is only available when the toolkit is
cairo-cocoa.
* It tries to use MacOS X 10.6 SDK by default, which is not always
possible.
patches/patch-build_gyp.mozbuild:
* Don't assume iOS just because the toolkit is not cocoa. Ideally
there should be an AC_SUBST just like 'ARM_ARCH' but nothing
exists currently.
* MacOS X SDK version should be able to configure with ./configure
--enable-macos-target=VER
patches/patch-extensions_spellcheck_hunspell_src_mozHunspell.cpp:
* NS_NewNativeLocalFile() can fail and leave hunDir null, so we must
check if it succeeded. This is not Darwin specific though.
* "%%LOCALBASE%%" in the hunspell path is currently not substituted,
which looks very erroneous to me. But since I don't know why
ryoon@ changed it from "@PREFIX@" to "%%LOCALBASE%%" I leave it as
it is.
patches/patch-ipc_glue_moz.build:
* Don't assume cocoa toolkit just because OS_ARCH is Darwin.
patches/patch-js_src_asmjs_AsmJSSignalHandlers.cpp:
* Increase portability for non-x86 Darwin by not hardwiring
x86_THREAD_STATE.
patches/patch-js_xpconnect_src_xpcprivate.h:
* The declaration has to be C++11 'extern template', otherwise
non-weak symbol collision will occur between libmozjs and
libxul. We can't easily test if the feature is supported by
compiler due to GCC bug #1773:
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=1773
patches/patch-memory_mozalloc_VolatileBufferOSX.cpp:
* Try to fallback to valloc(3) if posix_memalign(3) is not
avialble. It has been added since MacOS 10.6.
patches/patch-toolkit_library_moz.build:
* GSTREAMER_LIBS are linked to libxul on Darwin, while they are
dlopen(3)'ed at runtime on other platforms. The problem is that
the toolkit being cocoa isn't relevant at all. It's Darwin that
needs the special handling, not Cocoa.
patches/patch-toolkit_xre_nsAppRunner.cpp:
* MacOS X < 10.6 had an undocumented behavior concerning execve(2)
inside a threaded process. If a process tried to call execve(2)
and had more than one active thread, the kernel returned
ENOTSUP. So we have to either fork(2) or vfork(2) before calling
execve(2) to make sure the caller is single-threaded as otherwise
the application fails to restart itself.
patches/patch-xpcom_base_nsStackWalk.cpp,
patches/patch-xpcom_build_PoisonIOInterposer.h:
* Replace XP_MACOSX with XP_DARWIN as the former is not defined when
the toolkit is not cocoa.
patches/patch-xpcom_glue_standalone_nsXPCOMGlue.cpp:
* Fix inconsistent use of XP_DARWIN and XP_MACOSX:
LEADING_UNDERSCORE should be empty when we are going to load XPCOM
using dlopen(3), not NSAddImage().
|
|
%%LOCALBASE%%/lib/browser_plugins/symlinks/gecko. Nothing installs
any files there, nor does is this directory created by anything.
|
|
|
|
|
