./www/firefox78, Web browser with support for extensions (version 78ESR)

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: CURRENT, Version: 78.5.0, Package name: firefox78-78.5.0, Maintainer: ryoon

Mozilla Firefox is a free, open-source and cross-platform web browser
for Windows, Linux, MacOS X and many other operating systems.

It is fast and easy to use, and offers many advantages over other web
browsers, such as tabbed browsing and the ability to block pop-up
windows.

Firefox also offers excellent bookmark and history management, and it
can be extended by developers using industry standards such as XML,
CSS, JavaScript, C++, etc. Many extensions are available.

This package provides Firefox 78 ESR.



Package options: dbus

Master sites:

SHA1: ae46913563ffe92efa7cdaacb818435a4c3d4492
RMD160: 53bf565b08f8c743f22e5f61fca8fd98da062a6c
Filesize: 326167.273 KB

Version history: (Expand)


CVS history: (Expand)


   2020-11-18 23:38:22 by Taylor R Campbell | Files touched by this commit (4)
Log message:
www/firefox*: Use -Og for debug option and -O2 for debug-info option.
   2020-11-18 13:33:45 by Nia Alarie | Files touched by this commit (2) | Package updated
Log message:
firefox78: Update to 78.5.0

Security Vulnerabilities fixed in Firefox ESR 78.5

    #CVE-2020-26951: Parsing mismatches could confuse and bypass security
    sanitizer for chrome privileged code

    #CVE-2020-16012: Variable time processing of cross-origin images during
    drawImage calls

    #CVE-2020-26953: Fullscreen could be enabled without displaying the security
    UI

    #CVE-2020-26956: XSS through paste (manual and clipboard API)

    #CVE-2020-26958: Requests intercepted through ServiceWorkers lacked MIME
    type restrictions

    #CVE-2020-26959: Use-after-free in WebRequestService

    #CVE-2020-26960: Potential use-after-free in uses of nsTArray

    #CVE-2020-15999: Heap buffer overflow in freetype

    #CVE-2020-26961: DoH did not filter IPv4 mapped IP Addresses

    #CVE-2020-26965: Software keyboards may have remembered typed passwords

    #CVE-2020-26966: Single-word search queries were also broadcast to local
    network

    #CVE-2020-26968: Memory safety bugs fixed in Firefox 83 and Firefox ESR 78.5
   2020-11-16 21:21:30 by Nia Alarie | Files touched by this commit (1)
Log message:
firefox78: Needs py-expat to build (sometimes?)

Reported by Riastradh
   2020-11-12 11:03:24 by Nia Alarie | Files touched by this commit (4)
Log message:
firefox*: DLL_SUFFIX no longer used in PLIST
   2020-11-12 00:04:44 by Thomas Klausner | Files touched by this commit (1)
Log message:
firefox78: one INSTALLATION_DIRS line per dir

for easier syncing with other packages
   2020-11-11 20:10:06 by Nia Alarie | Files touched by this commit (2)
Log message:
firefox78: Honor user's compiler choice again, don't require Python 2.

The python 2 dependency was seemingly removed in Firefox 78.0 so we
can remove those old hacks.

Firefox needs clang for some unknown part of the build process (rust
related?), even if building with GCC.

The previous solution in pkgsrc was to force the use of clang, because
pkgsrc provides cwrappers which provided gcc-as-clang, which broke
everything. Instead, override the clang wrapper with the actual clang
executable.

This means the majority of the build happens with GCC (or ccache, distcc,
whatever the user chooses, rather than overriding it with clang). Should help
sparc64, where clang doesn't work too well.

Full build tested on NetBSD/amd64.
   2020-11-11 17:13:51 by Ryo ONODERA | Files touched by this commit (1)
Log message:
firefox78: Fix build

mk/endian.mk included mk/compiler.mk and PKG_CC and PKG_CXX were
effective.
Now mk/endian.mk has been removed and include mk/compiler.mk
explicitly to use clang only.
   2020-11-11 11:13:29 by Nia Alarie | Files touched by this commit (3)
Log message:
firefox78: Clean up some problems identified by pkglint.

Most of these PLIST variables are no longer used.