pkgsrc.se | The NetBSD package collection

./www/firefox68, Web browser with support for extensions (version 68)

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]

Branch: pkgsrc-2019Q4, Version: 68.6.0, Package name: firefox68-68.6.0, Maintainer: ryoon

Mozilla Firefox is a free, open-source and cross-platform web browser
for Windows, Linux, MacOS X and many other operating systems.

It is fast and easy to use, and offers many advantages over other web
browsers, such as tabbed browsing and the ability to block pop-up
windows.

Firefox also offers excellent bookmark and history management, and it
can be extended by developers using industry standards such as XML,
CSS, JavaScript, C++, etc. Many extensions are available.

This package provides Firefox 68 ESR.

Required to run:
[net/libIDL] [graphics/libwebp] [graphics/MesaLib] [multimedia/ffmpeg4] [textproc/icu] [sysutils/desktop-file-utils] [sysutils/dbus-glib] [devel/nspr] [devel/nss] [devel/libffi] [x11/gtk3] [x11/gtk2] [x11/pixman] [lang/gcc6-libs]

Required to build:
[pkgtools/cwrappers] [pkgtools/x11-links] [devel/yasm] [devel/nasm] [x11/xorgproto] [x11/fixesproto4] [x11/xcb-proto] [lang/rust] [lang/gcc6] [lang/clang]

Package options: dbus, wayland

Master sites:

SHA1: 85d35d0a0190d56585f93c9f117d5c0f52bcbc44
RMD160: d11d44f5400ca1f5c3b721dd974a77fbf7cf7e7a
Filesize: 306459.371 KB

Version history: (Expand)

(2020-03-14) Updated to version: firefox68-68.6.0
(2020-02-23) Updated to version: firefox68-68.5.0
(2020-01-10) Updated to version: firefox68-68.4.1
(2020-01-02) Package added to pkgsrc.se, version firefox68-68.3.0 (created)

CVS history: (Expand)

2020-03-13 21:02:45 by Benny Siegert | Files touched by this commit (13) | Package updated

Log message:
Pullup ticket #6145 - requested by nia
www/firefox68: security fix

Revisions pulled up:
- www/firefox68/Makefile                                        1.15
- www/firefox68/PLIST                                           1.5
- www/firefox68/distinfo                                        1.11
- www/firefox68/mozilla-common.mk                               1.7
- www/firefox68/options.mk                                      1.8
- www/firefox68/patches/patch-aa                                1.2
- www/firefox68/patches/patch-build_moz.configure_old.configure deleted
- www/firefox68/patches/patch-dom_media_CubebUtils.cpp          1.2
- www/firefox68/patches/patch-media_libcubeb_src_cubeb.c        1.2
- www/firefox68/patches/patch-media_libcubeb_src_cubeb__oss.c   deleted
- www/firefox68/patches/patch-media_libcubeb_src_moz.build      1.2
- www/firefox68/patches/patch-media_libcubeb_update.sh          1.2
- www/firefox68/patches/patch-toolkit_library_moz.build         1.2

---
   Module Name:	pkgsrc
   Committed By:	nia
   Date:		Thu Mar 12 19:39:35 UTC 2020

   Modified Files:
   	pkgsrc/www/firefox68: Makefile PLIST distinfo mozilla-common.mk
   	    options.mk
   	pkgsrc/www/firefox68/patches: patch-aa patch-dom_media_CubebUtils.cpp
   	    patch-media_libcubeb_src_cubeb.c patch-media_libcubeb_src_moz.build
   	    patch-media_libcubeb_update.sh patch-toolkit_library_moz.build
   Removed Files:
   	pkgsrc/www/firefox68/patches: patch-build_moz.configure_old.configure
   	    patch-media_libcubeb_src_cubeb__oss.c

   Log message:
   firefox68: Update to 68.6.0

   While here,

   - Remove OSS support now that cubeb_sun has been stable for a long while
   - Appease pkglint

   Security fixes in this release:

   #CVE-2020-6805: Use-after-free when removing data about origins
   #CVE-2020-6806: BodyStream::OnInputStreamReady was missing protections
   #CVE-2020-6807: Use-after-free in cubeb during stream destruction
   #CVE-2020-6811: Devtools' 'Copy as cURL' feature did not fully escape
   #CVE-2019-20503: Out of bounds reads in sctp_load_addresses_from_init
   #CVE-2020-6812: The names of AirPods with personally identifiable
   #CVE-2020-6814: Memory safety bugs fixed in Firefox 74 and Firefox ESR 68.6

2020-02-23 12:50:10 by Benny Siegert | Files touched by this commit (3)

Log message:
Pullup ticket #6134 - requested by nia
www/firefox68: security fix

Revisions pulled up:
- www/firefox68/Makefile                                        1.12
- www/firefox68/PLIST                                           1.4
- www/firefox68/distinfo                                        1.10

---
   Module Name:	pkgsrc
   Committed By:	nia
   Date:		Sat Feb 15 12:48:22 UTC 2020

   Modified Files:
   	pkgsrc/www/firefox68: Makefile PLIST distinfo

   Log message:
   firefox68: Update to 68.5.0

   Security Vulnerabilities fixed in Firefox ESR68.5

   # CVE-2020-6796: Missing bounds check on shared memory read in the parent process
   # CVE-2020-6797: Extensions granted downloads.open permission could open \ 
arbitrary applications on Mac OSX
   # CVE-2020-6798: Incorrect parsing of template tag could result in JavaScript \ 
injection
   # CVE-2020-6799: Arbitrary code execution when opening pdf links from other \ 
applications, when Firefox is configured as default pdf reader
   	Note: This issue only affects Windows operating systems and when Firefox is \ 
configured as the default handler for non-default filetypes. Other operating \ 
systems are unaffected.
   # CVE-2020-6800: Memory safety bugs fixed in Firefox 73 and Firefox ESR 68.5

2020-01-10 14:56:19 by Benny Siegert | Files touched by this commit (3)

Log message:
Pullup ticket #6113 - requested by nia
www/firefox68: security fix (zero-day)

Revisions pulled up:
- www/firefox68/Makefile                                        1.7-1.8
- www/firefox68/distinfo                                        1.6-1.7
- www/firefox68/patches/patch-rust-1.39.0                       deleted

---
   Module Name:	pkgsrc
   Committed By:	nia
   Date:		Wed Jan  8 21:49:32 UTC 2020

   Modified Files:
   	pkgsrc/www/firefox68: Makefile distinfo
   Removed Files:
   	pkgsrc/www/firefox68/patches: patch-rust-1.39.0

   Log message:
   firefox68: Update to 68.4.0

   Security Vulnerabilities fixed in Firefox ESR 68.4:

   # CVE-2019-17015: Memory corruption in parent process during new content \ 
process initialization on Windows
   # CVE-2019-17016: Bypass of @namespace CSS sanitization during pasting
   # CVE-2019-17017: Type Confusion in XPCVariant.cpp
   # CVE-2019-17021: Heap address disclosure in parent process during content \ 
process initialization on Windows
   # CVE-2019-17022: CSS sanitization does not escape HTML tags
   # CVE-2019-17024: Memory safety bugs fixed in Firefox 72 and Firefox ESR 68.4

---
   Module Name:	pkgsrc
   Committed By:	nia
   Date:		Thu Jan  9 20:51:59 UTC 2020

   Modified Files:
   	pkgsrc/www/firefox68: Makefile distinfo

   Log message:
   firefox68: Update to 68.4.1

   This release fixes one zero-day vulnerability:

   CVE-2019-17026: IonMonkey type confusion with StoreElementHole and \ 
FallibleStoreElement

   Incorrect alias information in IonMonkey JIT compiler for setting array \ 
elements could lead to a type confusion.
   We are aware of targeted attacks in the wild abusing this flaw