./www/firefox, Web browser with support for extensions (version 52)

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]

Branch: CURRENT, Version: 52.0.2nb1, Package name: firefox-52.0.2nb1, Maintainer: ryoon

Mozilla Firefox is a free, open-source and cross-platform web browser
for Windows, Linux, MacOS X and many other operating systems.

It is fast and easy to use, and offers many advantages over other web
browsers, such as tabbed browsing and the ability to block pop-up

Firefox also offers excellent bookmark and history management, and it
can be extended by developers using industry standards such as XML,
CSS, JavaScript, C++, etc. Many extensions are available.

Required to run:
[sysutils/desktop-file-utils] [sysutils/dbus-glib] [textproc/icu] [graphics/MesaLib] [graphics/cairo] [graphics/jpeg] [net/libIDL] [devel/nspr] [devel/libffi] [devel/nss] [x11/gtk2] [textproc/hunspell] [x11/pixman] [audio/alsa-lib] [multimedia/libvpx] [x11/gtk3] [lang/gcc48-libs] [multimedia/ffmpeg3]

Required to build:
[pkgtools/x11-links] [devel/yasm] [x11/compositeproto] [x11/glproto] [x11/renderproto] [x11/xproto] [x11/xf86vidmodeproto] [x11/xf86driproto] [x11/damageproto] [x11/inputproto] [x11/xextproto] [x11/randrproto] [x11/dri2proto] [x11/xcb-proto] [x11/fixesproto4] [lang/gcc48] [pkgtools/cwrappers]

Package options: alsa, dbus, gtk3

Master sites: (Expand)

SHA1: 5631e49d8ae064764b64643534acfdd619061ba9
RMD160: 2a02867e597ba41fa1048c9b9458449b8c63f8b9
Filesize: 206453.008 KB

Version history: (Expand)

CVS history: (Expand)

   2017-04-22 23:04:05 by Adam Ciarcinski | Files touched by this commit (670) | Package updated
Log message:
Revbump after icu update
   2017-03-30 21:11:14 by Ryo ONODERA | Files touched by this commit (3) | Package updated
Log message:
Update to 52.0.2

    Use Nirmala UI as fallback font for additional Indic languages (Bug 1342787)

    Fix loading tab icons on session restore (Bug 1338009)

    Fix a crash on startup on Linux (Bug 1345413)

    Fix new installs erroneously not prompting to change the default browser \ 
setting (Bug 1343938)
   2017-03-20 14:39:33 by Ryo ONODERA | Files touched by this commit (1)
Log message:
gtk2 is still required from gtk3 option. Fix configure
   2017-03-20 11:54:46 by Ryosuke Moro | Files touched by this commit (2)
Log message:
reduce gtk2 include, move comment to options.mk
   2017-03-19 00:00:12 by Ryo ONODERA | Files touched by this commit (2) | Package updated
Log message:
Update to 52.0.1

Security fix:
 #CVE-2017-5428: integer overflow in createImageBitmap()
   2017-03-17 11:24:11 by Maya Rashish | Files touched by this commit (1) | Package updated
Log message:
Bump pkgrevision with no changes for libvdpau/libva screwup, as this
package built with changed options.
   2017-03-07 23:28:01 by Soren Jacobsen | Files touched by this commit (2)
Log message:
bring back patch-ipc_chromium_src_base_message__pump__libevent.cc to
fix build on netbsd-7
   2017-03-07 21:45:43 by Ryo ONODERA | Files touched by this commit (65) | Package removed
Log message:
Update to 52.0

* Switch to GTK3 build
* Remove py-sqlite2 dependency, fix PR pkg/52032

    Added support for WebAssembly, an emerging standard that brings near-native \ 
performance to Web-based games, apps, and software libraries without the use of \ 

    Added automatic captive portal detection, for easier access to Wi-Fi \ 
hotspots. When accessing the Internet via a captive portal, Firefox will alert \ 
users and open the portal login page in a new tab.

    Added user warnings for non-secure HTTP pages with logins. Firefox now \ 
displays a "This connection is not secure" message when users click \ 
into the username and password fields on pages that don't use HTTPS.

    Implemented the Strict Secure Cookies specification which forbids insecure \ 
HTTP sites from setting cookies with the "secure" attribute. In some \ 
cases, this will prevent an insecure site from setting a cookie with the same \ 
name as an existing "secure" cookie from the same base domain.

    Enhanced Sync to allow users to send and open tabs from one device to another.

    Various security fixes

    Improved text input for third-party keyboard layouts on Windows. This will \ 
address some keyboard layouts that
      * have chained dead keys
      * input two or more characters with a non-printable key or a dead key sequence
      * input a character even when a dead key sequence failed to compose a character

    Removed support for Netscape Plugin API (NPAPI) plugins other than Flash. \ 
Silverlight, Java, Acrobat and the like are no longer supported.

    Removed Battery Status API to reduce fingerprinting of users by trackers

    Improved experience for downloads:
      * Notification in the toolbar when a download fails
      * Quick access to five most recent downloads rather than three
      * Larger buttons for canceling and restarting downloads

    Display (but allow users to override) an "Untrusted Connection" \ 
error when encountering SHA-1 certificates that chain up to a root certificate \ 
included in Mozilla's CA Certificate Program. (Note: Firefox continues to permit \ 
SHA-1 certificates that chain to manually imported root certificates.) Read more \ 
about the Mozilla Security Team's plans to deprecate SHA-1

    Migrated Firefox users on Windows XP and Windows Vista operating systems to \ 
the extended support release (ESR) version of Firefox.

    When not using Direct2D on Windows, Skia is used for content rendering

    Enabled CSS Grid Layout, opening up a world of new possibilities for graphic \ 

    Redesigned Responsive Design Mode to include device selection, network \ 
throttling, and more

    Improved security for screen sharing, which now shows a preview and no \ 
longer requires a whitelisted domain

    Google Hangouts temporarily won't work

Security fixes:
 #CVE-2017-5400: asm.js JIT-spray bypass of ASLR and DEP
 #CVE-2017-5401: Memory Corruption when handling ErrorResult
 #CVE-2017-5402: Use-after-free working with events in FontFace objects
 #CVE-2017-5403: Use-after-free using addRange to add range to an incorrect root \ 
 #CVE-2017-5404: Use-after-free working with ranges in selections
 #CVE-2017-5406: Segmentation fault in Skia with canvas operations
 #CVE-2017-5407: Pixel and history stealing via floating-point timing side \ 
channel with SVG filters
 #CVE-2017-5410: Memory corruption during JavaScript garbage collection \ 
incremental sweeping
 #CVE-2017-5411: Use-after-free in Buffer Storage in libGLES
 #CVE-2017-5409: File deletion via callback parameter in Mozilla Windows Updater \ 
and Maintenance Service
 #CVE-2017-5408: Cross-origin reading of video captions in violation of CORS
 #CVE-2017-5412: Buffer overflow read in SVG filters
 #CVE-2017-5413: Segmentation fault during bidirectional operations
 #CVE-2017-5414: File picker can choose incorrect default directory
 #CVE-2017-5415: Addressbar spoofing through blob URL
 #CVE-2017-5416: Null dereference crash in HttpChannel
 #CVE-2017-5417: Addressbar spoofing by draging and dropping URLs
 #CVE-2017-5425: Overly permissive Gecko Media Plugin sandbox regular expression \ 
 #CVE-2017-5426: Gecko Media Plugin sandbox is not started if seccomp-bpf filter \ 
is running
 #CVE-2017-5427: Non-existent chrome.manifest file loaded during startup
 #CVE-2017-5418: Out of bounds read when parsing HTTP digest authorization responses
 #CVE-2017-5419: Repeated authentication prompts lead to DOS attack
 #CVE-2017-5420: Javascript: URLs can obfuscate addressbar location
 #CVE-2017-5405: FTP response codes can cause use of uninitialized values for ports
 #CVE-2017-5421: Print preview spoofing
 #CVE-2017-5422: DOS attack by using view-source: protocol repeatedly in one \ 
 #CVE-2017-5399: Memory safety bugs fixed in Firefox 52
 #CVE-2017-5398: Memory safety bugs fixed in Firefox 52 and Firefox ESR 45.8