2023-12-31 10:03:56 by Ryo ONODERA | Files touched by this commit (4) | |
Log message:
firefox: Update to 121.0
* CXXFLAGS has all CFLAGS values. Remove duplicated CXXFLAGS.
Changelog:
121.0
New
* Firefox now prompts Windows users to install the Microsoft AV1 Video
Extension to enable hardware decoding support for the AV1 video codec from
about:support if not already installed.
* Firefox now supports Voice Control commands on macOS systems.
* On Linux, Firefox now defaults to the Wayland compositor when available
instead of XWayland. This brings support for touchpad & touchscreen
gestures, swipe-to-nav, per-monitor DPI settings, better graphics
performance, and more.
Note that due to Wayland protocol limitations, Picture-in-Picture windows
require an extra user interaction (generally right-click on the window) or
a shell / desktop-environment tweak. See bug 1621261 for related discussion
and tracking, this post for a KDE configuration, and this extension for
GNOME. It is also a known issue that windows are not correctly placed when
restoring a previous session on launch.
* Firefox can now force links to always be underlined. This option can be
enabled in the Browsing section of the Firefox Settings menu.
* The PDF viewer now includes a floating button to simplify deleting
drawings, text, and images added in PDFs.
Fixed
* Various security fixes.
* Ubuntu Firefox Snap builds did not default to Wayland compositing on some
systems as expected when Firefox 121 was first released. This is now fixed
and updated builds can be installed with the Ubuntu Software Updater.
Security fixes:
Mozilla Foundation Security Advisory 2023-56
#CVE-2023-6856: Heap-buffer-overflow affecting WebGL DrawElementsInstanced
method with Mesa VM driver
#CVE-2023-6135: NSS susceptible to "Minerva" attack
#CVE-2023-6865: Potential exposure of uninitialized data in
EncryptingOutputStream
#CVE-2023-6857: Symlinks may resolve to smaller than expected buffers
#CVE-2023-6858: Heap buffer overflow in nsTextFragment
#CVE-2023-6859: Use-after-free in PR_GetIdentitiesLayer
#CVE-2023-6866: TypedArrays lack sufficient exception handling
#CVE-2023-6860: Potential sandbox escape due to VideoBridge lack of texture
validation
#CVE-2023-6867: Clickjacking permission prompts using the popup transition
#CVE-2023-6861: Heap buffer overflow affected nsWindow::PickerOpen(void) in
headless mode
#CVE-2023-6868: WebPush requests on Firefox for Android did not require VAPID
key
#CVE-2023-6869: Content can paint outside of sandboxed iframe
#CVE-2023-6870: Android Toast notifications may obscure fullscreen event
notifications
#CVE-2023-6871: Lack of protocol handler warning in some instances
#CVE-2023-6872: Browsing history leaked to syslogs via GNOME
#CVE-2023-6863: Undefined behavior in ShutdownObserver()
#CVE-2023-6864: Memory safety bugs fixed in Firefox 121, Firefox ESR 115.6, and
Thunderbird 115.6
#CVE-2023-6873: Memory safety bugs fixed in Firefox 121
|
2023-12-29 18:18:38 by Havard Eidnes | Files touched by this commit (2) |
Log message:
firefox: on i386, use -mstackrealign also in CFLAGS.
This forces stack re-alignment, so that we don't get
segfault when doing movdqa %xmm7,(%esp) and %esp is not
16-byte aligned.
Bump PKGREVISION.
|
2023-12-01 16:05:29 by Ryo ONODERA | Files touched by this commit (2) |
Log message:
firefox: Update to 120.0.1
Changelog:
Fixed
* Fixed a bug that was causing persistent startup slowdowns. (bug 1867095)
* Fixed an issue that was causing 100% CPU usage on sites such as Google
Maps. (bug 1866409)
* Fixed an issue that was causing YouTube videos to show a green screen when
hardware acceleration was enabled. (bug 1865928)
* Fixed an issue where the status bar was still visible when viewing
fullscreen video. (bug 1853896)
* Fixed a startup crash affecting Linux users on some aarch64 systems with
page sizes other than 4KB. (bug 1866025)
|
2023-11-23 06:03:38 by Soren Jacobsen | Files touched by this commit (2) |
Log message:
fix typo
|
2023-11-22 14:32:12 by Ryo ONODERA | Files touched by this commit (4) |
Log message:
firefox: Update to 120.0
Changelog:
120.0
New
* Firefox supports a new "Copy Link Without Site Tracking" feature in the
context menu which ensures that copied links no longer contain tracking
information.
Screenshot showing Copy Link feature
* Firefox now supports a setting (in Preferences -> Privacy & Security) to
enable Global Privacy Control. With this opt-in feature, Firefox informs
the websites that the user doesn't want their data to be shared or sold.
Screenshot showing GPC preference
* Firefox's private windows and ETP-Strict privacy configuration now enhance
the Canvas APIs with Fingerprinting Protection, thereby continuing to
protect our users' online privacy.
* Firefox has enabled Cookie Banner Blocker by default in private windows for
all users in Germany. Firefox will now auto-refuse cookies and dismiss
annoying cookie banners for supported sites.
* Firefox has enabled URL Tracking Protection by default in private windows
for all users in Germany. Firefox will remove non-essential URL query
parameters that are often used to track users across the web.
* Firefox now imports TLS trust anchors (e.g., certificates) from the
operating system root store. This will be enabled by default on Windows,
macOS, and Android, and if needed, can be turned off in settings
(Preferences -> Privacy & Security -> Certificates).
* Keyboard shortcuts have now been added for editing and deleting a selected
credential on about:logins. For editing - Alt + enter (Option + return on
macOS) and for deleting - Alt + Backspace (Option + Delete on macOS).
* Users on Ubuntu Linux now have the ability to import from Chromium when
both are installed as Snap packages.
* Picture-in-Picture now supports corner snapping on Windows and Linux - just
hold Ctrl as you move the PiP window.
Fixed
* Various security fixes.
Security fixes:
Mozilla Foundation Security Advisory 2023-49
#CVE-2023-6204: Out-of-bound memory access in WebGL2 blitFramebuffer
#CVE-2023-6205: Use-after-free in MessagePort::Entangled
#CVE-2023-6206: Clickjacking permission prompts using the fullscreen transition
#CVE-2023-6207: Use-after-free in ReadableByteStreamQueueEntry::Buffer
#CVE-2023-6208: Using Selection API would copy contents into X11 primary
selection.
#CVE-2023-6209: Incorrect parsing of relative URLs starting with "///"
#CVE-2023-6210: Mixed-content resources not blocked in a javascript: pop-up
#CVE-2023-6211: Clickjacking to load insecure pages in HTTPS-only mode
#CVE-2023-6212: Memory safety bugs fixed in Firefox 120, Firefox ESR 115.5, and
Thunderbird 115.5
#CVE-2023-6213: Memory safety bugs fixed in Firefox 120
|
2023-11-17 04:20:47 by Ryo ONODERA | Files touched by this commit (3) | |
Log message:
firefox: Update to 119.0.1
* Update nodejs kit to 119.0.1.
Changelog:
119.0.1:
Fixed
* Fixed a bug causing colors in the <select> HTML element to not be applied
to dropdown menu arrows. (bug 1861253)
* Fixed a bug with the <input> HTML element state not changing when
dynamically updating the disabled attribute on an ancestor <fieldset>. (bug
1861027)
* Fixed a bug causing elements with the indeterminate CSS selector in a radio
group to not update. (bug 1861346)
|
2023-11-14 15:03:25 by Thomas Klausner | Files touched by this commit (1145) |
Log message:
*: recursive bump for cairo dependency changes
|
2023-11-12 14:24:43 by Thomas Klausner | Files touched by this commit (2570) |
Log message:
*: revebump for new brotli option for freetype2
Addresses PR 57693
|
2023-11-09 01:04:43 by Thomas Klausner | Files touched by this commit (3) |
Log message:
firefox: clean some pkglint
|
2023-11-09 01:04:18 by Thomas Klausner | Files touched by this commit (2) |
Log message:
firefox: fix build with icu 74.1
|