--- - branch: MAIN date: Thu Jul 11 11:32:40 UTC 2019 files: - new: '1.388' old: '1.387' path: pkgsrc/www/firefox/Makefile pathrev: pkgsrc/www/firefox/Makefile@1.388 type: modified - new: '1.141' old: '1.140' path: pkgsrc/www/firefox/PLIST pathrev: pkgsrc/www/firefox/PLIST@1.141 type: modified - new: '1.361' old: '1.360' path: pkgsrc/www/firefox/distinfo pathrev: pkgsrc/www/firefox/distinfo@1.361 type: modified - new: '1.13' old: '1.12' path: pkgsrc/www/firefox/patches/patch-browser_app_profile_firefox.js pathrev: pkgsrc/www/firefox/patches/patch-browser_app_profile_firefox.js@1.13 type: modified - new: '1.10' old: '1.9' path: pkgsrc/www/firefox/patches/patch-build_moz.configure_old.configure pathrev: pkgsrc/www/firefox/patches/patch-build_moz.configure_old.configure@1.10 type: modified - new: '1.4' old: '1.3' path: pkgsrc/www/firefox/patches/patch-dom_media_CubebUtils.cpp pathrev: pkgsrc/www/firefox/patches/patch-dom_media_CubebUtils.cpp@1.4 type: modified - new: '1.4' old: '1.3' path: pkgsrc/www/firefox/patches/patch-gfx_angle_checkout_src_common_third__party_smhasher_src_PMurHash.cpp pathrev: pkgsrc/www/firefox/patches/patch-gfx_angle_checkout_src_common_third__party_smhasher_src_PMurHash.cpp@1.4 type: modified - new: '0' old: '1.2' path: pkgsrc/www/firefox/patches/patch-js_xpconnect_src_XPCMaps.cpp pathrev: pkgsrc/www/firefox/patches/patch-js_xpconnect_src_XPCMaps.cpp@0 type: deleted - new: '0' old: '1.1' path: pkgsrc/www/firefox/patches/patch-python_mozbuild_mozbuild_action_check__binary.py pathrev: pkgsrc/www/firefox/patches/patch-python_mozbuild_mozbuild_action_check__binary.py@0 type: deleted - new: '0' old: '1.1' path: pkgsrc/www/firefox/patches/patch-third__party_rust_libc_src_unix_bsd_netbsdlike_netbsd_mod.rs pathrev: pkgsrc/www/firefox/patches/patch-third__party_rust_libc_src_unix_bsd_netbsdlike_netbsd_mod.rs@0 type: deleted - new: '0' old: '1.1' path: pkgsrc/www/firefox/patches/patch-third__party_rust_libc_src_unix_bsd_netbsdlike_netbsd_other_mod.rs pathrev: pkgsrc/www/firefox/patches/patch-third__party_rust_libc_src_unix_bsd_netbsdlike_netbsd_other_mod.rs@0 type: deleted - new: '0' old: '1.1' path: pkgsrc/www/firefox/patches/patch-xpcom_reflect_xptcall_md_unix_xptcinvoke__sparc64__openbsd.cpp pathrev: pkgsrc/www/firefox/patches/patch-xpcom_reflect_xptcall_md_unix_xptcinvoke__sparc64__openbsd.cpp@0 type: deleted - new: '0' old: '1.4' path: pkgsrc/www/firefox/patches/patch-servo_components_style_build__gecko.rs pathrev: pkgsrc/www/firefox/patches/patch-servo_components_style_build__gecko.rs@0 type: deleted - new: '0' old: '1.4' path: pkgsrc/www/firefox/patches/patch-xpcom_components_nsComponentManager.cpp pathrev: pkgsrc/www/firefox/patches/patch-xpcom_components_nsComponentManager.cpp@0 type: deleted - new: '1.2' old: '1.1' path: pkgsrc/www/firefox/patches/patch-toolkit_modules_subprocess_subprocess__shared__unix.js pathrev: pkgsrc/www/firefox/patches/patch-toolkit_modules_subprocess_subprocess__shared__unix.js@1.2 type: modified - new: '1.12' old: '1.11' path: pkgsrc/www/firefox/patches/patch-xpcom_reflect_xptcall_md_unix_moz.build pathrev: pkgsrc/www/firefox/patches/patch-xpcom_reflect_xptcall_md_unix_moz.build@1.12 type: modified id: 20190711T113240Z.63b0b2ee78d9b81b7f915de0897051d11a527e87 log: "Update to 68.0\n\nChangelog:\n\nNew\n Dark mode in reader view expands so that windows are also dark on the controls, sidebars and toolbars.\n\n Improved extension security and discovery:\n New reporting feature in about:addons allows you to report security and performance issues with extensions and themes.\n \ Redesigned extensions dashboard in about:addons provides easy access to information about your extensions, including data and settings access required by each extension.\n Find high quality, secure extensions via the Recommended Extensions program in about:addons, which now displays user count and ratings for each extension. \"Recommendedâ\x80\x9D badges for these extensions also appear on AMO. More extensions will be added over time.\n\n Cryptomining and fingerprinting protections are added to strict content blocking settings in Privacy & Security preferences.\n\n WebRender will roll out to Windows 10 users with AMD graphics cards.\n\n Windows Background Intelligent Transfer Service (BITS) update download support, which allows Firefox update downloads to continue when Firefox is closed.\n\nFixed\n\n \ Various security fixes\n\n Local files can no longer access other files in the same directory.\n\nSecurity fixes:\n#CVE-2019-9811: Sandbox escape via installation of malicious language pack\n#CVE-2019-11711: Script injection within domain through inner window reuse\n#CVE-2019-11712: Cross-origin POST requests can be made with NPAPI plugins by following 308 redirects\n#CVE-2019-11713: Use-after-free with HTTP/2 cached stream\n#CVE-2019-11714: NeckoChild can trigger crash when accessed off of main thread\n#CVE-2019-11729: Empty or malformed p256-ECDH public keys may trigger a segmentation fault\n#CVE-2019-11715: HTML parsing error can contribute to content XSS\n#CVE-2019-11716: globalThis not enumerable until accessed\n#CVE-2019-11717: Caret character improperly escaped in origins\n#CVE-2019-11718: Activity Stream writes unsanitized content to innerHTML\n#CVE-2019-11719: Out-of-bounds read when importing curve25519 private key\n#CVE-2019-11720: Character encoding XSS vulnerability\n#CVE-2019-11721: Domain spoofing through unicode latin 'kra' character\n#CVE-2019-11730: Same-origin policy treats all files in a directory as having the same-origin\n#CVE-2019-11723: Cookie leakage during add-on fetching across private browsing boundaries\n#CVE-2019-11724: Retired site input.mozilla.org has remote troubleshooting permissions\n#CVE-2019-11725: Websocket resources bypass safebrowsing protections\n#CVE-2019-11727: PKCS#1 v1.5 signatures can be used for TLS 1.3\n#CVE-2019-11728: Port scanning through Alt-Svc header\n#CVE-2019-11710: Memory safety bugs fixed in Firefox 68\n#CVE-2019-11709: Memory safety bugs fixed in Firefox 68 and Firefox ESR 60.8\n" module: pkgsrc subject: 'CVS commit: pkgsrc/www/firefox' unixtime: '1562844760' user: ryoon