Subject: CVS commit: pkgsrc/www/firefox
From: Ryo ONODERA
Date: 2018-12-12 15:08:50
Message id: 20181212140850.F355FFB16@cvs.NetBSD.org
Log Message:
Update to 64.0

Changelog:
New
    Better recommendations: You may see suggestions in regular browsing mode for \ 
new and relevant Firefox features, services, and extensions based on how you use \ 
the web (for US users only)

    Enhanced tab management: You can now select multiple tabs from the tab bar \ 
and close, move, bookmark, or pin them quickly and easily

    Easier performance management: The new Task Manager page found at \ 
about:performance lets you see how much energy each open tab consumes and \ 
provides access to close tabs to conserve power

    Improved performance for Mac and Linux users, by enabling link time \ 
optimization (Clang LTO). (Clang LTO was enabled for Windows users in Firefox \ 
63.)

    More seamless sharing on Windows: Windows users can now share web pages \ 
using the native sharing experience. You can access Share in the Page Actions \ 
menu

    Added option to remove add-ons using the context menu on their toolbar buttons

    New for enterprise users: Updated the policy engine on macOS to allow using \ 
configuration profiles to customize Firefox for enterprise deployments

Fixed
    Various security fixes

Changed
    RSS feed preview and live bookmarks are available only via add-ons

    TLS certificates issued by Symantec are no longer trusted by Firefox. \ 
Website operators are strongly encouraged to replace any remaining Symantec TLS \ 
certificates as soon as possible.

    about:crashes has been redesigned to make it clear when a crash is being \ 
submitted to Mozilla, as well as being clear that removing crashes locally does \ 
not remove them from crash-stats.mozilla.com

    The macOS keyboard shortcut to add "www" and ".com" to a \ 
URL is now ctrl-enter instead of [apple]-enter

Security fixes:
#CVE-2018-12407: Buffer overflow with ANGLE library when using VertexBuffer11 module
#CVE-2018-17466: Buffer overflow and out-of-bounds read in ANGLE library with \ 
TextureStorage11
#CVE-2018-18492: Use-after-free with select element
#CVE-2018-18493: Buffer overflow in accelerated 2D canvas with Skia
#CVE-2018-18494: Same-origin policy violation using location attribute and \ 
performance.getEntries to steal cross-origin URLs
#CVE-2018-18495: WebExtension content scripts can be loaded in about: pages
#CVE-2018-18496: Embedded feed preview page can be abused for clickjacking
#CVE-2018-18497: WebExtensions can load arbitrary URLs through pipe separators
#CVE-2018-18498: Integer overflow when calculating buffer sizes for images
#CVE-2018-12406: Memory safety bugs fixed in Firefox 64
#CVE-2018-12405: Memory safety bugs fixed in Firefox 64 and Firefox ESR 60.4
Files:
RevisionActionfile
1.353modifypkgsrc/www/firefox/Makefile
1.134modifypkgsrc/www/firefox/PLIST
1.334modifypkgsrc/www/firefox/distinfo
1.121modifypkgsrc/www/firefox/mozilla-common.mk
1.10modifypkgsrc/www/firefox/patches/patch-browser_app_profile_firefox.js
1.3modifypkgsrc/www/firefox/patches/patch-servo_components_style_build__gecko.rs
1.1removepkgsrc/www/firefox/patches/patch-js_src_wasm_WasmSignalHandlers.cpp