./www/firefox, Web browser with support for extensions (version 50)

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: CURRENT, Version: 50.0.2, Package name: firefox-50.0.2, Maintainer: ryoon

Mozilla Firefox is a free, open-source and cross-platform web browser
for Windows, Linux, MacOS X and many other operating systems.

It is fast and easy to use, and offers many advantages over other web
browsers, such as tabbed browsing and the ability to block pop-up
windows.

Firefox also offers excellent bookmark and history management, and it
can be extended by developers using industry standards such as XML,
CSS, JavaScript, C++, etc. Many extensions are available.


Required to run:
[sysutils/desktop-file-utils] [sysutils/dbus-glib] [textproc/icu] [graphics/MesaLib] [graphics/cairo] [graphics/jpeg] [net/libIDL] [devel/nspr] [devel/libffi] [devel/nss] [x11/gtk2] [textproc/hunspell] [x11/pixman] [audio/pulseaudio] [multimedia/libvpx] [lang/gcc48-libs] [multimedia/ffmpeg3]

Required to build:
[databases/py-sqlite2] [pkgtools/x11-links] [devel/yasm] [x11/compositeproto] [x11/glproto] [x11/renderproto] [x11/xproto] [x11/xf86vidmodeproto] [x11/recordproto] [x11/xf86driproto] [x11/damageproto] [x11/inputproto] [x11/xextproto] [x11/randrproto] [x11/dri2proto] [x11/xcb-proto] [x11/fixesproto4] [lang/python27] [lang/gcc48] [pkgtools/cwrappers]

Package options: dbus, pulseaudio

Master sites: (Expand)

SHA1: 083b9a803b25064b2d7d43e289797a9f2a2e9e5d
RMD160: 67395703c955b3285237b66317df13229aeec479
Filesize: 191040.773 KB

Version history: (Expand)


CVS history: (Expand)


   2016-12-03 12:30:28 by Ryo ONODERA | Files touched by this commit (2) | Package updated
Log message:
Bump PKGREVISION. On NetBSD use alsa by default.
   2016-12-03 10:58:26 by Ryo ONODERA | Files touched by this commit (51) | Package updated
Log message:
Update to 50.0.2

* Change default audio support to ALSA.
  You can use OSS or pulseaudio via ALSA plugin package.

Changelog:
50.0.2:
Fixed in Firefox 50.0.2
 #CVE-2016-9079: Use-after-free in SVG Animation

50.0.1:
Fixed
   *Firefox crashes with 3rd party Chinese IME when using IME text

Security vulnerabilities fixed in Firefox 50.0.1:
 #CVE-2016-9078: data: URL can inherit wrong origin after an HTTP redirect

50.0:

New
   *Playback video on more sites without plugins with WebM EME Support for \ 
Widevine on Windows and Mac
   *Improved performance for SDK extensions or extensions using the SDK module loader
   *Added download protection for a large number of executable file types on \ 
Windows, Mac and Linux
   *Increased availability of WebGL to more than 98 percent of users on Windows \ 
7 and newer
   *Added Guarani (gn) locale
   *Added option to Find in page that allows users to limit search to whole \ 
words only
   *Updates to keyboard shortcuts
       *Set a preference to have Ctrl+Tab cycle through tabs in recently used order
       *View a page in Reader Mode by using Ctrl+Alt+R (command+alt+r on Mac)

Fixed
   *Login cookies are now saved for sites with a high number of cookies (Bug 1264192)
   *Various security fixes

   *Fixed rendering of dashed and dotted borders with rounded corners (border-radius)

Changed
   *The link to check for plugin security updates has been removed from the \ 
addon manager as Firefox automatically checks for plugin updates
   *Blocked versions of libavcodec older than 54.35.1
   *Added a built-in Emoji set for operating systems without native Emoji fonts \ 
(Windows 8.0 and lower and Linux)

Developer
   *Changes for web developers

Security vulnerabilities fixed in Firefox 50:
 #CVE-2016-5296: Heap-buffer-overflow WRITE in rasterize_edges_1
 #CVE-2016-5292: URL parsing causes crash
 #CVE-2016-5293: Write to arbitrary file with Mozilla Updater and Maintenance \ 
Service using updater.log hardlink
 #CVE-2016-5294: Arbitrary target directory for result files of update process
 #CVE-2016-5297: Incorrect argument length checking in JavaScript
 #CVE-2016-9064: Add-ons update must verify IDs match between current and new \ 
versions
 #CVE-2016-9065: Firefox for Android location bar spoofing using fullscreen
 #CVE-2016-9066: Integer overflow leading to a buffer overflow in nsScriptLoadHandler
 #CVE-2016-9067: heap-use-after-free in nsINode::ReplaceOrInsertBefore
 #CVE-2016-9068: heap-use-after-free in nsRefreshDriver
 #CVE-2016-9072: 64-bit NPAPI sandbox isn't enabled on fresh profile
 #CVE-2016-9075: WebExtensions can access the mozAddonManager API and use it to \ 
gain elevated privileges
 #CVE-2016-9077: Canvas filters allow feDisplacementMaps to be applied to \ 
cross-origin images, allowing timing attacks on them
 #CVE-2016-5291: Same-origin policy violation using local HTML file and saved \ 
shortcut file
 #CVE-2016-5295: Mozilla Maintenance Service: Ability to read arbitrary files as \ 
SYSTEM
 #CVE-2016-5298: SSL indicator can mislead the user about the real URL visited
 #CVE-2016-5299: Firefox AuthToken in broadcast protected with signature-level \ 
permission can be accessed by an application installed beforehand that defines \ 
the same permissionsPI key (glocation) in broadcast protected with \ 
signature-level permission can be accessed by an application installed \ 
beforehand that defines the same permissions
 #CVE-2016-9062: Private browsing browser traces (Android) in browser.db and wal file
 #CVE-2016-9070: Sidebar bookmark can have reference to chrome window
 #CVE-2016-9073: windows.create schema doesn't specify "format": \ 
"relativeUrl"
 #CVE-2016-9074: Insufficient timing side-channel resistance in divSpoiler
 #CVE-2016-9076: select dropdown menu can be used for URL bar spoofing on e10s
 #CVE-2016-9063: Possible integer overflow to fix inside XML_Parse in Expat
 #CVE-2016-9071: Probe browser history via HSTS/301 redirect + CSP
 #CVE-2016-5289: Memory safety bugs fixed in Firefox 50
 #CVE-2016-5290: Memory safety bugs fixed in Firefox 50 and Firefox ESR 45.5
   2016-11-09 20:33:24 by Maya Rashish | Files touched by this commit (2)
Log message:
firefox: clean up my previous patch mess up (hopefully)
   2016-11-09 18:41:08 by Maya Rashish | Files touched by this commit (3) | Package updated
Log message:
firefox: adjust our OSS patch to saturate as opposed to overflowing
the buffer.

this fixes the problem of random noise sometimes when playing
bass-heavy music.

minor pkglint nits.

bump PKGREVISION
   2016-11-09 17:59:46 by Maya Rashish | Files touched by this commit (2)
Log message:
firefox: don't try to use a non-existent member of cubeb_stream.

Not build tested yet, but this is reverting back to the original field
used here, so is safe.

PR pkg/51618
   2016-11-03 23:46:43 by Joerg Sonnenberger | Files touched by this commit (7)
Log message:
Consistently move and patch yuv_row_arm.S.
   2016-10-30 02:10:10 by Kamil Rytarowski | Files touched by this commit (2)
Log message:
Sync new hmac name as ffhmac
   2016-10-30 02:06:26 by Kamil Rytarowski | Files touched by this commit (3)
Log message:
Fix conflicting hmac symbol name with <stdlib.h> on NetBSD.

This helps webrtc option on NetBSD.