./www/firefox45, Web browser with support for extensions (version 45)

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: CURRENT, Version: 45.9.0nb1, Package name: firefox45-45.9.0nb1, Maintainer: ryoon

Mozilla Firefox is a free, open-source and cross-platform web browser
for Windows, Linux, MacOS X and many other operating systems.

It is fast and easy to use, and offers many advantages over other web
browsers, such as tabbed browsing and the ability to block pop-up
windows.

Firefox also offers excellent bookmark and history management, and it
can be extended by developers using industry standards such as XML,
CSS, JavaScript, C++, etc. Many extensions are available.

This package tracks Firefox 45 ESR branch.

Changelog from www/firefox 45.0.2:
Fixed in Firefox ESR 45.1
2016-47 Write to invalid HashMap entry through JavaScript.watch()
2016-44 Buffer overflow in libstagefright with CENC offsets
2016-39 Miscellaneous memory safety hazards (rv:46.0 / rv:45.1 / rv:38.8)



Required to run:
[sysutils/desktop-file-utils] [textproc/icu] [graphics/MesaLib] [graphics/cairo] [graphics/jpeg] [net/libIDL] [devel/nspr] [devel/libffi] [devel/nss] [x11/gtk2] [textproc/hunspell] [x11/pixman] [audio/pulseaudio] [multimedia/libvpx] [graphics/graphite2] [multimedia/ffmpeg3]

Required to build:
[pkgtools/x11-links] [devel/yasm] [x11/compositeproto] [x11/glproto] [x11/renderproto] [x11/xproto] [x11/xf86vidmodeproto] [x11/recordproto] [x11/xf86driproto] [x11/damageproto] [x11/inputproto] [x11/xextproto] [x11/randrproto] [x11/dri2proto] [x11/xcb-proto] [x11/fixesproto4] [lang/python27] [pkgtools/cwrappers]

Package options: pulseaudio

Master sites: (Expand)

SHA1: bef87fc7c9b1b787e847b8b8744af494774a1d6b
RMD160: d20e4dc4c5c7b65b590b9b46e7d46cfc4daf3a05
Filesize: 180270.723 KB

Version history: (Expand)


CVS history: (Expand)


   2017-09-08 04:38:46 by Ryo ONODERA | Files touched by this commit (132)
Log message:
Recursive revbump from audio/pulseaudio-11.0
   2017-07-09 11:04:00 by Maya Rashish | Files touched by this commit (3) | Package updated
Log message:
firefox{,45,52}: bump pkgrevision with no change.

these packages pull in GCC_REQD+=4.9 via mozilla-common.mk, and
are very widely used (I suspect only www/firefox actually needs it)

this will take care of most of the fallout from major bumping
pkgsrc-gcc-libstdc++ to 7 on netbsd. these are the most widely
used packages setting GCC_REQD>4.8.
   2017-05-13 04:34:30 by Pierre Pronchery | Files touched by this commit (2)
Log message:
Add dependency to multimedia/ffmpeg3

This fixes audio and H.264 support. From ryoon@ originally, on 46.0nb1 at
the time.

"commit" maya@
   2017-05-12 22:21:27 by Pierre Pronchery | Files touched by this commit (1)
Log message:
Register more binaries as not safe for PaX mprotect

This also reflects the current situation in www/firefox.

Bumps PKGREVISION.
   2017-05-10 16:13:26 by Ryo ONODERA | Files touched by this commit (2) | Package updated
Log message:
Update to 45.9.0

Changelog:
Security fixes:
 #CVE-2017-5433: Use-after-free in SMIL animation functions
 #CVE-2017-5435: Use-after-free during transaction processing in the editor
 #CVE-2017-5436: Out-of-bounds write with malicious font in Graphite 2
 #CVE-2017-5461: Out-of-bounds write in Base64 encoding in NSS
 #CVE-2017-5459: Buffer overflow in WebGL
 #CVE-2017-5434: Use-after-free during focus handling
 #CVE-2017-5432: Use-after-free in text input selection
 #CVE-2017-5460: Use-after-free in frame selection
 #CVE-2017-5438: Use-after-free in nsAutoPtr during XSLT processing
 #CVE-2017-5439: Use-after-free in nsTArray Length() during XSLT processing
 #CVE-2017-5440: Use-after-free in txExecutionState destructor during XSLT processing
 #CVE-2017-5441: Use-after-free with selection during scroll events
 #CVE-2017-5442: Use-after-free during style changes
 #CVE-2017-5464: Memory corruption with accessibility and DOM manipulation
 #CVE-2017-5443: Out-of-bounds write during BinHex decoding
 #CVE-2017-5444: Buffer overflow while parsing application/http-index-format content
 #CVE-2017-5446: Out-of-bounds read when HTTP/2 DATA frames are sent with \ 
incorrect data
 #CVE-2017-5447: Out-of-bounds read during glyph processing
 #CVE-2017-5465: Out-of-bounds read in ConvolvePixel
 #CVE-2017-5448: Out-of-bounds write in ClearKeyDecryptor
 #CVE-2016-10196: Vulnerabilities in Libevent library
 #CVE-2017-5469: Potential Buffer overflow in flex-generated code
 #CVE-2017-5445: Uninitialized values used while parsing \ 
application/http-index-format content
 #CVE-2017-5462: DRBG flaw in NSS
 #CVE-2017-5429: Memory safety bugs fixed in Firefox 53, Firefox ESR 45.9, and \ 
Firefox ESR 52.1
   2017-04-22 23:04:05 by Adam Ciarcinski | Files touched by this commit (670) | Package updated
Log message:
Revbump after icu update
   2017-03-26 05:54:37 by Ryo ONODERA | Files touched by this commit (1)
Log message:
Remove PKGREVISION
   2017-03-26 05:53:34 by Ryo ONODERA | Files touched by this commit (4) | Package updated
Log message:
Update to 45.8.0

Changelog:
 #CVE-2017-5400: asm.js JIT-spray bypass of ASLR and DEP
 #CVE-2017-5401: Memory Corruption when handling ErrorResult
 #CVE-2017-5402: Use-after-free working with events in FontFace objects
 #CVE-2017-5404: Use-after-free working with ranges in selections
 #CVE-2017-5407: Pixel and history stealing via floating-point timing side \ 
channel with SVG filters
 #CVE-2017-5410: Memory corruption during JavaScript garbage collection \ 
incremental sweeping
 #CVE-2017-5409: File deletion via callback parameter in Mozilla Windows Updater \ 
and Maintenance Service
 #CVE-2017-5408: Cross-origin reading of video captions in violation of CORS
 #CVE-2017-5405: FTP response codes can cause use of uninitialized values for ports
 #CVE-2017-5398: Memory safety bugs fixed in Firefox 52 and Firefox ESR 45.8