| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
|
|
|
|
Firefox 4 is based on the Gecko 2.0 Web platform. This release features
JavaScript execution speeds up to six times faster than the previous
version, new capabilities for Web Developers and Add-on Developers such as
hardware accelerated graphics and HTML5 technologies, and a completely
revised user interface.
|
|
|
|
MFSA 2011-10 CSRF risk with plugins and 307 redirects
MFSA 2011-09 Crash caused by corrupted JPEG image
MFSA 2011-08 ParanoidFragmentSink allows javascript: URLs in chrome documents
MFSA 2011-07 Memory corruption during text run construction (Windows)
MFSA 2011-06 Use-after-free error using Web Workers
MFSA 2011-05 Buffer overflow in JavaScript atom map
MFSA 2011-04 Buffer overflow in JavaScript upvarMap
MFSA 2011-03 Use-after-free error in JSON.stringify
MFSA 2011-02 Recursive eval call causes confirm dialogs to evaluate to true
MFSA 2011-01 Miscellaneous memory safety hazards (rv:1.9.2.14/ 1.9.1.17)
|
|
|
|
|
|
MFSA 2010-84 XSS hazard in multiple character encodings
MFSA 2010-83 Location bar SSL spoofing using network error page
MFSA 2010-82 Incomplete fix for CVE-2010-0179
MFSA 2010-81 Integer overflow vulnerability in NewIdArray
MFSA 2010-80 Use-after-free error with nsDOMAttribute MutationObserver
MFSA 2010-79 Java security bypass from LiveConnect loaded via data: URL meta
refresh
MFSA 2010-78 Add support for OTS font sanitizer
MFSA 2010-77 Crash and remote code execution using HTML tags inside a XUL tree
MFSA 2010-76 Chrome privilege escalation with window.open and <isindex> element
MFSA 2010-75 Buffer overflow while line breaking after document.write with
long string
MFSA 2010-74 Miscellaneous memory safety hazards (rv:1.9.2.13/ 1.9.1.16)
|
|
|
|
like other distros have recently done. Bump package revisions.
Background:
The cairo-1.10 update caused multiple regressions in firefox, such as
flickering gif animations and crashes.
Mozilla doesn't seem interested in fixing it on the stable branches:
https://bugzilla.mozilla.org/show_bug.cgi?id=610107
Other references:
https://bugzilla.redhat.com/show_bug.cgi?id=628331
http://bugs.gentoo.org/show_bug.cgi?id=337813
https://bugzilla.mozilla.org/show_bug.cgi?id=597174
This workaround is guaranteed to cause other problems in the long run;
so we should attempt to switch back when we move to the mozilla-2.0 branch.
|
|
MFSA 2010-72 Insecure Diffie-Hellman key exchange
MFSA 2010-71 Unsafe library loading vulnerabilities
MFSA 2010-70 SSL wildcard certificate matching IP addresses
MFSA 2010-69 Cross-site information disclosure via modal calls
MFSA 2010-68 XSS in gopher parser when parsing hrefs
MFSA 2010-67 Dangling pointer vulnerability in LookupGetterOrSetter
MFSA 2010-66 Use-after-free error in nsBarProp
MFSA 2010-65 Buffer overflow and memory corruption using document.write
MFSA 2010-64 Miscellaneous memory safety hazards (rv:1.9.2.11/ 1.9.1.14)
|
|
version, and bump all depends.
Per discussion on pkgsrc-changes.
|
|
MFSA 2010-33 User tracking across sites using Math.random()
MFSA 2010-32 Content-Disposition: attachment ignored
if Content-Type: multipart also present
MFSA 2010-31 focus() behavior can be used to inject or steal keystrokes
MFSA 2010-30 Integer Overflow in XSLT Node Sorting
MFSA 2010-29 Heap buffer overflow in nsGenericDOMDataNode::SetTextInternal
MFSA 2010-28 Freed object reuse across plugin instances
MFSA 2010-26 Crashes with evidence of memory corruption
|
|
Also add some patches to remove use of deprecated symbols and fix other
problems when looking for or compiling against libpng-1.4.x.
|
|
run arbitrary code.
|
|
Also add patch for PR pkg/42988 crash, effectively disabling all
sound support until we decide on what sound API to use.
The current dlopen() guesswork is bad, mkay.
Bump PKGREVISION for this and previous changes.
|
|
|
|
.2 is not formally released yet, but is release tagged in the scm and I
want to get this update in before we freeze the tree.
"Firefox 3.6 is built on Mozilla's Gecko 1.9.2 web rendering platform,
which has been under development since early 2009 and contains many
improvements for web developers, add-on developers, and users."
- Improved JavaScript performance, overall browser responsiveness,
and startup time.
- The ability for web developers to indicate that scripts should run
asynchronously to speed up page load times.
- Continued support for downloadable web fonts using the new WOFF font format.
- Support for new CSS attributes such as gradients, background sizing,
and pointer events.
- Support for new DOM and HTML5 specifications including the Drag & Drop API
and the File API, which allow for more interactive web pages.
|
|
Security and bugfix release. (no MFSAs released at time of writing)
While here drop defunct debug option from firefox and reduce diff to wip/
|
|
Exact dependencies make upgrading through binary packages impossible
because we don't have a way to do multipackage transactional updates.
You still need to have the same mozilla platform version of xulrunner
and firefox installed or there will be an error message at run time.
|
|
- Fixed a common stability issue.
- Fixed a problem with how updates were being presented to users.
Approved by Tobias Nygren.
|
|
|
|
|
|
While here, switch NetBSD build from sunaudio to OSS emulation.
This greatly improves HTML5 video playback.
(Yes, we ought to fix the busted sunaudio support or PKG_OPTIONalize this.
Perhaps another day.)
Advisories relating to this release:
MFSA 2009-71 GeckoActiveXObject exception messages can be used to
enumerate installed COM objects
MFSA 2009-70 Privilege escalation via chrome window.opener
MFSA 2009-69 Location bar spoofing vulnerabilities
MFSA 2009-68 NTLM reflection vulnerability
MFSA 2009-67 Integer overflow, crash in libtheora video library
MFSA 2009-66 Memory safety fixes in liboggplay media library
MFSA 2009-65 Crashes with evidence of memory corruption (rv:1.9.1.6/ 1.9.0.16)
|
|
|
|
|
|
pkgsrc changes:
- assign devel/xulrunner maintainership to tnn@
- mozilla-common.mk: work around gcc __thread support misdetection on NetBSD
- separate distinfo related stuff into dist.mk for sharing with nss & nspr
"topcrash" bugs fixed:
468562 "ASSERTION: Inserting multiple children without flushing"
521750 Put a runtime NS_IsMainThread check in nsCycleCollector::Suspect2 ...
524462 startup crash [@ gfxWindowsFontGroup::WhichFontSupportsChar(nsTAr ...
525326 Crashes in gif decoder [@ xul.dll@0x348945][@ xul.dll@0x348864][@ ...
525276 crashes [@ nsDocument::RegisterNamedItems(nsIContent*)]
|
|
Also fix broken DESTDIR support.
Fixes the following security issues:
MFSA 2009-64 Crashes with evidence of memory corruption (rv:1.9.1.4/ 1.9.0.15)
MFSA 2009-63 Upgrade media libraries to fix memory safety bugs
MFSA 2009-62 Download filename spoofing with RTL override
MFSA 2009-61 Cross-origin data theft through document.getSelection()
MFSA 2009-59 Heap buffer overflow in string to number conversion
MFSA 2009-57 Chrome privilege escalation in XPCVariant::VariantDataToJS()
MFSA 2009-56 Heap buffer overflow in GIF color map parser
MFSA 2009-55 Crash in proxy auto-configuration regexp parsing
MFSA 2009-54 Crash with recursive web-worker calls
MFSA 2009-53 Local downloaded file tampering
MFSA 2009-52 Form history vulnerable to stealing
|
|
- install headers for plugin and liveconnect (needed by openjdk7-icedtea-plugin)
- bump revision for both packages
|
|
|
|
- set the default start page to something more sensible.
- Bump PKGREVISION
|
|
|
|
|
|
|
|
Bump PKGREVISION.
|
|
and friends. Include <stdint.h> instead. Might fix PR pkg/42033.
|
|
MFSA 2009-51 Chrome privilege escalation with FeedWriter
MFSA 2009-50 Location bar spoofing via tall line-height Unicode characters
MFSA 2009-49 TreeColumns dangling pointer vulnerability
MFSA 2009-47 Crashes with evidence of memory corruption (rv:1.9.1.3/1.9.0.14)
|
|
|
|
only affects platforms that would not previously complete building, so no
PKGREVISION++ required.
|
|
|
|
left disabled by default. Correct me if I'm wrong but it feels like
most pkgsrc users don't use gnome. If someone can comment on the
benefits of these dependencies in the GNOME environment, speak up.
|
|
|
|
Enable this by default.
Bump revision.
|
|
|
|
|
|
|
|
make it deal properly at least on 64 bit archs (natural alignment seems
to fit for all substructures for 32bit archs)
|
|
|
|
|
|
|
