Navigation:
Browse pkgsrc
(this page)| 2020-12-31 21:04:14 by Nia Alarie | Files touched by this commit (38) |
Log message: Normalize handling packages that require 64-bit atomic ops. |
| 2020-12-26 11:35:17 by Nia Alarie | Files touched by this commit (6) |
Log message: Remove now-actively-harmful 32-bit ARM hack from Mozilla packages. |
| 2020-12-17 14:24:30 by Nia Alarie | Files touched by this commit (2) |
Log message: firefox78: Update to 78.6.0 Security Vulnerabilities fixed in Firefox ESR 78.6 #CVE-2020-16042: Operations on a BigInt could have caused uninitialized memory to be exposed #CVE-2020-26971: Heap buffer overflow in WebGL #CVE-2020-26973: CSS Sanitizer performed incorrect sanitization #CVE-2020-26974: Incorrect cast of StyleGenericFlexBasis resulted in a heap use-after-free #CVE-2020-26978: Internal network hosts could have been probed by a malicious webpage #CVE-2020-35111: The proxy.onRequest API did not catch view-source URLs #CVE-2020-35112: Opening an extension-less download may have inadvertently launched an executable instead #CVE-2020-35113: Memory safety bugs fixed in Firefox 84 and Firefox ESR 78.6 |
| 2020-11-18 23:38:22 by Taylor R Campbell | Files touched by this commit (4) |
Log message: www/firefox*: Use -Og for debug option and -O2 for debug-info option. |
| 2020-11-18 13:33:45 by Nia Alarie | Files touched by this commit (2) |
Log message:
firefox78: Update to 78.5.0
Security Vulnerabilities fixed in Firefox ESR 78.5
#CVE-2020-26951: Parsing mismatches could confuse and bypass security
sanitizer for chrome privileged code
#CVE-2020-16012: Variable time processing of cross-origin images during
drawImage calls
#CVE-2020-26953: Fullscreen could be enabled without displaying the security
UI
#CVE-2020-26956: XSS through paste (manual and clipboard API)
#CVE-2020-26958: Requests intercepted through ServiceWorkers lacked MIME
type restrictions
#CVE-2020-26959: Use-after-free in WebRequestService
#CVE-2020-26960: Potential use-after-free in uses of nsTArray
#CVE-2020-15999: Heap buffer overflow in freetype
#CVE-2020-26961: DoH did not filter IPv4 mapped IP Addresses
#CVE-2020-26965: Software keyboards may have remembered typed passwords
#CVE-2020-26966: Single-word search queries were also broadcast to local
network
#CVE-2020-26968: Memory safety bugs fixed in Firefox 83 and Firefox ESR 78.5
|
| 2020-11-16 21:21:30 by Nia Alarie | Files touched by this commit (1) |
Log message: firefox78: Needs py-expat to build (sometimes?) Reported by Riastradh |
| 2020-11-12 11:03:24 by Nia Alarie | Files touched by this commit (4) |
Log message: firefox*: DLL_SUFFIX no longer used in PLIST |
| 2020-11-12 00:04:44 by Thomas Klausner | Files touched by this commit (1) |
Log message: firefox78: one INSTALLATION_DIRS line per dir for easier syncing with other packages |
| 2020-11-11 20:10:06 by Nia Alarie | Files touched by this commit (2) |
Log message: firefox78: Honor user's compiler choice again, don't require Python 2. The python 2 dependency was seemingly removed in Firefox 78.0 so we can remove those old hacks. Firefox needs clang for some unknown part of the build process (rust related?), even if building with GCC. The previous solution in pkgsrc was to force the use of clang, because pkgsrc provides cwrappers which provided gcc-as-clang, which broke everything. Instead, override the clang wrapper with the actual clang executable. This means the majority of the build happens with GCC (or ccache, distcc, whatever the user chooses, rather than overriding it with clang). Should help sparc64, where clang doesn't work too well. Full build tested on NetBSD/amd64. |
| 2020-11-11 17:13:51 by Ryo ONODERA | Files touched by this commit (1) |
Log message: firefox78: Fix build mk/endian.mk included mk/compiler.mk and PKG_CC and PKG_CXX were effective. Now mk/endian.mk has been removed and include mk/compiler.mk explicitly to use clang only. |
New packages: