--- - branch: MAIN date: Mon Oct 28 13:03:27 UTC 2019 files: - new: '1.399' old: '1.398' path: pkgsrc/www/firefox/Makefile pathrev: pkgsrc/www/firefox/Makefile@1.399 type: modified - new: '1.147' old: '1.146' path: pkgsrc/www/firefox/PLIST pathrev: pkgsrc/www/firefox/PLIST@1.147 type: modified - new: '1.370' old: '1.369' path: pkgsrc/www/firefox/distinfo pathrev: pkgsrc/www/firefox/distinfo@1.370 type: modified - new: '0' old: '1.1' path: pkgsrc/www/firefox/patches/patch-js_src_threading_posix_Thread.cpp pathrev: pkgsrc/www/firefox/patches/patch-js_src_threading_posix_Thread.cpp@0 type: deleted id: 20191028T130327Z.6756addc9767457551fe05038f03ff239c98d85f log: | Update to 70.0 * Offline build is incomplete. However I cannot finish the fix. Changelog: New More privacy protections from Enhanced Tracking Protection: Social tracking protection, which blocks cross-site tracking cookies from sites like Facebook, Twitter, and LinkedIn, is now a standard feature of Enhanced Tracking Protection. The Privacy Protections report shows an overview, with details, of the trackers Firefox has blocked. It provides consolidated reports from Monitor and Lockwise. More security protections from Firefox Lockwise, our digital identity and password management tool: Lockwise for desktop lets you create, update, and delete your logins and passwords to sync across all your devices, including the Lockwise mobile apps and Firefox mobile browsers���. Integrated breach alerts from Firefox Monitor, to alert you when saved logins and passwords are compromised in online data breaches. Complex password generation, to help you create and save strong passwords for new online accounts. Improvements to core engine components, for better browsing on more sites A faster Javascript Baseline Interpreter to handle the modern web���s large codebases and improve page load performance by as much as 8 percent. WebRender rolled out to more Firefox for Windows users, now available by default on Windows desktops with integrated Intel graphics cards and resolution of 1920x1200 or less) for improved graphics rendering. Compositor improvements in Firefox for macOS that reduce power consumption, speed up page load by as much as 22 percent, and reduce resource use for video by up to 37 percent. More browser features to help you get the most out of Firefox products and services A stand-alone Firefox account menu for easy access to Firefox services like Monitor and Send. A message panel accessed from the gift icon in the toolbar that offers a quick overview of new releases and key features. When a website uses your geolocation, an indicator is shown in the address bar. Fixed Various security fixes Changed Built-in Firefox pages now follow the system dark mode preference Aliased theme properties have been removed, which may affect some themes Passwords can now be imported from Chrome on macOS in addition to existing support for Windows Readability is now greatly improved on under- or overlined texts, including links. The lines will now be interrupted instead of crossing over a glyph. Improved privacy and security indicators A new crossed-out lock icon will indicate sites delivered via insecure HTTP The formerly green lock icon is now grey The Extended Validation (EV) indicator has been moved to the identity popup that appears when clicking the lock icon Security fixes: #CVE-2018-6156: Heap buffer overflow in FEC processing in WebRTC #CVE-2019-15903: Heap overflow in expat library in XML_GetCurrentLineNumber #CVE-2019-11757: Use-after-free when creating index updates in IndexedDB #CVE-2019-11759: Stack buffer overflow in HKDF output #CVE-2019-11760: Stack buffer overflow in WebRTC networking #CVE-2019-11761: Unintended access to a privileged JSONView object #CVE-2019-11762: document.domain-based origin isolation has same-origin-property violation #CVE-2019-11763: Incorrect HTML parsing results in XSS bypass technique #CVE-2019-11765: Incorrect permissions could be granted to a website #CVE-2019-17000: CSP bypass using object tag with data: URI #CVE-2019-17001: CSP bypass using object tag when script-src 'none' is specified #CVE-2019-17002: upgrade-insecure-requests was not being honored for links dragged and dropped #CVE-2019-11764: Memory safety bugs fixed in Firefox 70 and Firefox ESR 68.2 module: pkgsrc subject: 'CVS commit: pkgsrc/www/firefox' unixtime: '1572267807' user: ryoon