Mon Mar 26 22:24:45 2018 UTC ()
firefox: update to 59.0.2

CVE-2018-5148: Use-after-free in compositor

Invalid page rendering with hardware acceleration enabled (Bug 1435472)

Windows 7 users with touch screens or certain 3rd party desktop applications which interact with Firefox through accessibility services may experience random browser crashes. Known 3rd party applicatioins with issues: StickyPassword, Windows 7 touch screen. (Bug 1424505)

Browser keyboard shortcuts (eg copy Ctrl+C) don't work on sites that use those keys with resistFingerprinting enabled (Bug 1433592)

High CPU / memory churn caused by third-party software on some computers (Bug 1446280)

Users who have configured an "automatic proxy configuration URL" and want to reload their proxy settings from the URL will find the Reload button disabled in the Connection Settings dialog when they select Preferences/Options > Network Proxy > Settings... (Bug 1445991)

URL Fragment Identifiers Break Service Worker Responses (Bug 1443850)

User's trying to cancel a print around the time it completes will continue to get intermittent crashes (Bug 1441598)

Broken getUserMedia (audio) on DragonFly, FreeBSD, NetBSD, OpenBSD. Video chat apps either wouldn't work or be always muted (Bug 1444074)


(maya)
diff -r1.324 -r1.325 pkgsrc/www/firefox/Makefile
diff -r1.309 -r1.310 pkgsrc/www/firefox/distinfo
diff -r1.7 -r1.8 pkgsrc/www/firefox/patches/patch-modules_libpref_init_all.js
cvs diff -r1.324 -r1.325 pkgsrc/www/firefox/Makefile (expand / switch to unified diff)

--- pkgsrc/www/firefox/Makefile 2018/03/17 00:59:02 1.324
+++ pkgsrc/www/firefox/Makefile 2018/03/26 22:24:45 1.325
@@ -1,17 +1,17 @@ @@ -1,17 +1,17 @@
1# $NetBSD: Makefile,v 1.324 2018/03/17 00:59:02 ryoon Exp $ 1# $NetBSD: Makefile,v 1.325 2018/03/26 22:24:45 maya Exp $
2 2
3FIREFOX_HGREV= 3db9e3d52b17563efca181ccbb50deb8660c59ae 3FIREFOX_HGREV= 239e434d6d2b8e1e2b697c3416d1e96d48fe98e5
4FIREFOX_VER= 59.0.1 4FIREFOX_VER= 59.0.2
5 5
6DISTNAME= firefox-${FIREFOX_VER} 6DISTNAME= firefox-${FIREFOX_VER}
7CATEGORIES= www 7CATEGORIES= www
8MASTER_SITES+= -https://hg.mozilla.org/releases/mozilla-release/archive/${FIREFOX_HGREV}${EXTRACT_SUFX} 8MASTER_SITES+= -https://hg.mozilla.org/releases/mozilla-release/archive/${FIREFOX_HGREV}${EXTRACT_SUFX}
9EXTRACT_SUFX= .tar.bz2 9EXTRACT_SUFX= .tar.bz2
10 10
11MAINTAINER= ryoon@NetBSD.org 11MAINTAINER= ryoon@NetBSD.org
12HOMEPAGE= http://www.mozilla.com/en-US/firefox/ 12HOMEPAGE= http://www.mozilla.com/en-US/firefox/
13COMMENT= Web browser with support for extensions (version ${FIREFOX_VER:C/\..*//}) 13COMMENT= Web browser with support for extensions (version ${FIREFOX_VER:C/\..*//})
14LICENSE= mpl-1.1 14LICENSE= mpl-1.1
15 15
16WRKSRC= ${WRKDIR}/mozilla-release-${FIREFOX_HGREV} 16WRKSRC= ${WRKDIR}/mozilla-release-${FIREFOX_HGREV}
17 17
cvs diff -r1.309 -r1.310 pkgsrc/www/firefox/distinfo (expand / switch to unified diff)

--- pkgsrc/www/firefox/distinfo 2018/03/17 00:59:02 1.309
+++ pkgsrc/www/firefox/distinfo 2018/03/26 22:24:45 1.310
@@ -1,19 +1,19 @@ @@ -1,19 +1,19 @@
1$NetBSD: distinfo,v 1.309 2018/03/17 00:59:02 ryoon Exp $ 1$NetBSD: distinfo,v 1.310 2018/03/26 22:24:45 maya Exp $
2 2
3SHA1 (firefox-59.0.1.tar.bz2) = cdaf28a784fa14cf4bc3e7e111406a9fcf273cc5 3SHA1 (firefox-59.0.2.tar.bz2) = 8fcf726b4d23716c7ff2b7ebc6527782b5bafe9c
4RMD160 (firefox-59.0.1.tar.bz2) = 64f4696e2206cec4fbd5610c2138a3c7d89fd21f 4RMD160 (firefox-59.0.2.tar.bz2) = ff7ab2f9da93eda98de8aecb4563cfd176b896d9
5SHA512 (firefox-59.0.1.tar.bz2) = 5c1a5e19db6c08091d2c50b5763a7f0542d9d28bf5fc5d293f29b74764df38f4963d3eb96f3b7ecca2e980000e3e52ba2daf442bcd4ae87a69aa94d8aebea1da 5SHA512 (firefox-59.0.2.tar.bz2) = db8f55954df3af554e7a614eaece4aed995794dac6e2d828b2f9c175d8a6b89e109c26ced41a43df9ad24e01d079cadf13d16c6a9bdd1887bc9898d34408e8e6
6Size (firefox-59.0.1.tar.bz2) = 304965726 bytes 6Size (firefox-59.0.2.tar.bz2) = 304965099 bytes
7SHA1 (patch-aa) = aca3d55271df926da793d7a0543f522d42e67f9d 7SHA1 (patch-aa) = aca3d55271df926da793d7a0543f522d42e67f9d
8SHA1 (patch-build_gyp.mozbuild) = 77e0954a796337b24572674cd1d14d4a5cab8e6e 8SHA1 (patch-build_gyp.mozbuild) = 77e0954a796337b24572674cd1d14d4a5cab8e6e
9SHA1 (patch-build_moz.configure_init.configure) = 5ec8da6b5aad7682a88b010a99e19f5d4403e6db 9SHA1 (patch-build_moz.configure_init.configure) = 5ec8da6b5aad7682a88b010a99e19f5d4403e6db
10SHA1 (patch-build_moz.configure_keyfiles.configure) = 5aeb43299430a7289f114945095ff7bdb723f726 10SHA1 (patch-build_moz.configure_keyfiles.configure) = 5aeb43299430a7289f114945095ff7bdb723f726
11SHA1 (patch-build_moz.configure_old.configure) = 2f452e717f0c9dc8224019b58e531e5e95cc7697 11SHA1 (patch-build_moz.configure_old.configure) = 2f452e717f0c9dc8224019b58e531e5e95cc7697
12SHA1 (patch-config_external_moz.build) = 41eef447166279f124a64444ce2a1f6a1f7cf975 12SHA1 (patch-config_external_moz.build) = 41eef447166279f124a64444ce2a1f6a1f7cf975
13SHA1 (patch-config_stl__wrappers_ios) = 00d723e2f2f252485350ede5833f0bb84c1235c1 13SHA1 (patch-config_stl__wrappers_ios) = 00d723e2f2f252485350ede5833f0bb84c1235c1
14SHA1 (patch-config_stl__wrappers_ostream) = 7be7fe36704ffbdc070a113b46b4f391a598206b 14SHA1 (patch-config_stl__wrappers_ostream) = 7be7fe36704ffbdc070a113b46b4f391a598206b
15SHA1 (patch-config_system-headers.mozbuild) = adf2fd70379165672b3b27215ffc18de178152cd 15SHA1 (patch-config_system-headers.mozbuild) = adf2fd70379165672b3b27215ffc18de178152cd
16SHA1 (patch-config_system__wrappers_unwind.h) = b3bdac0710179b9c8f8eabd824216d0114504491 16SHA1 (patch-config_system__wrappers_unwind.h) = b3bdac0710179b9c8f8eabd824216d0114504491
17SHA1 (patch-dom_base_moz.build) = 5200cbfcf7b781324dca4c55d01bc8559a56aa4c 17SHA1 (patch-dom_base_moz.build) = 5200cbfcf7b781324dca4c55d01bc8559a56aa4c
18SHA1 (patch-dom_media_AudioStream.cpp) = 5ccc3b6a09e869a5a50998118157da7d6cc517ef 18SHA1 (patch-dom_media_AudioStream.cpp) = 5ccc3b6a09e869a5a50998118157da7d6cc517ef
19SHA1 (patch-dom_media_AudioStream.h) = dec0f7e4ec7541b3e5b5574b6ebfae9a8957e165 19SHA1 (patch-dom_media_AudioStream.h) = dec0f7e4ec7541b3e5b5574b6ebfae9a8957e165
@@ -53,27 +53,27 @@ SHA1 (patch-media_libcubeb_src_cubeb__os @@ -53,27 +53,27 @@ SHA1 (patch-media_libcubeb_src_cubeb__os
53SHA1 (patch-media_libcubeb_src_moz.build) = 5fca6701cc890120a04483f52c25242ee7b1c051 53SHA1 (patch-media_libcubeb_src_moz.build) = 5fca6701cc890120a04483f52c25242ee7b1c051
54SHA1 (patch-media_libcubeb_update.sh) = e8babe57ea7f0f32658b391e9c4f6310e57fc38c 54SHA1 (patch-media_libcubeb_update.sh) = e8babe57ea7f0f32658b391e9c4f6310e57fc38c
55SHA1 (patch-media_libsoundtouch_src_soundtouch__perms.h) = 2d08a3b4176c155c57b458cb78043318b68d8fe2 55SHA1 (patch-media_libsoundtouch_src_soundtouch__perms.h) = 2d08a3b4176c155c57b458cb78043318b68d8fe2
56SHA1 (patch-media_libtheora_lib_arm_armcpu.c) = 3ef05c05799d56b3c160634327d90dd33764c3df 56SHA1 (patch-media_libtheora_lib_arm_armcpu.c) = 3ef05c05799d56b3c160634327d90dd33764c3df
57SHA1 (patch-media_libtheora_moz.build) = 27924593cfe223643d83270cad5f80eec9c42a6b 57SHA1 (patch-media_libtheora_moz.build) = 27924593cfe223643d83270cad5f80eec9c42a6b
58SHA1 (patch-media_libtremor_moz.build) = 87f66296be4db8487eae95b2779a9c02463555cf 58SHA1 (patch-media_libtremor_moz.build) = 87f66296be4db8487eae95b2779a9c02463555cf
59SHA1 (patch-media_libvorbis_moz.build) = 4d18f38471c32c478e58172dd20c3a3e703718e3 59SHA1 (patch-media_libvorbis_moz.build) = 4d18f38471c32c478e58172dd20c3a3e703718e3
60SHA1 (patch-media_libyuv_libyuv_source_mjpeg__decoder.cc) = 8a264c439fa4749cd7c5acf96e1ae3f9bae0a886 60SHA1 (patch-media_libyuv_libyuv_source_mjpeg__decoder.cc) = 8a264c439fa4749cd7c5acf96e1ae3f9bae0a886
61SHA1 (patch-media_openmax__dl_dl_api_armCOMM__s.h) = 40b3fa8aaec77d3bfec810f0bc4e76eae449d7c7 61SHA1 (patch-media_openmax__dl_dl_api_armCOMM__s.h) = 40b3fa8aaec77d3bfec810f0bc4e76eae449d7c7
62SHA1 (patch-media_webrtc_trunk_webrtc_modules_audio__device_linux_audio__device__alsa__linux.cc) = 91e8ce496c1f4dbbd0a463d83cb033afd1de3f49 62SHA1 (patch-media_webrtc_trunk_webrtc_modules_audio__device_linux_audio__device__alsa__linux.cc) = 91e8ce496c1f4dbbd0a463d83cb033afd1de3f49
63SHA1 (patch-media_webrtc_trunk_webrtc_modules_video__capture_linux_device__info__linux.cc) = 0141dd1372c13ea1fce6e2f5ffb65e0cb0f3a13e 63SHA1 (patch-media_webrtc_trunk_webrtc_modules_video__capture_linux_device__info__linux.cc) = 0141dd1372c13ea1fce6e2f5ffb65e0cb0f3a13e
64SHA1 (patch-media_webrtc_trunk_webrtc_modules_video__capture_linux_video__capture__linux.cc) = a69bc7b7096b410582e725f9dbec57fee90d6686 64SHA1 (patch-media_webrtc_trunk_webrtc_modules_video__capture_linux_video__capture__linux.cc) = a69bc7b7096b410582e725f9dbec57fee90d6686
65SHA1 (patch-media_webrtc_trunk_webrtc_modules_video__capture_video__capture.gypi) = 772a858fb74d404a6b86e5634bc3eec586a1b06a 65SHA1 (patch-media_webrtc_trunk_webrtc_modules_video__capture_video__capture.gypi) = 772a858fb74d404a6b86e5634bc3eec586a1b06a
66SHA1 (patch-modules_libpref_init_all.js) = aaf450596244fb25136e428589d81a008cf1e54c 66SHA1 (patch-modules_libpref_init_all.js) = 4c265ca5d45943fcfb7e75b0f0e5b918643bcd6c
67SHA1 (patch-modules_pdfium_update.sh) = b0bf091325c9322c54880de067871354cd689038 67SHA1 (patch-modules_pdfium_update.sh) = b0bf091325c9322c54880de067871354cd689038
68SHA1 (patch-mozglue_build_arm.cpp) = f41ace63b3f1d2a8ccaffc98c3c64d1e22af5249 68SHA1 (patch-mozglue_build_arm.cpp) = f41ace63b3f1d2a8ccaffc98c3c64d1e22af5249
69SHA1 (patch-mozglue_build_arm.h) = 5e272f4e19b9681d43a63c45d78b0e44a392c7dc 69SHA1 (patch-mozglue_build_arm.h) = 5e272f4e19b9681d43a63c45d78b0e44a392c7dc
70SHA1 (patch-netwerk_dns_moz.build) = 919951177a182a5d242789ad313502d33a9602b5 70SHA1 (patch-netwerk_dns_moz.build) = 919951177a182a5d242789ad313502d33a9602b5
71SHA1 (patch-servo_components_style_build__gecko.rs) = fca2260a70b496fc010f165ff4d68788b7e28632 71SHA1 (patch-servo_components_style_build__gecko.rs) = fca2260a70b496fc010f165ff4d68788b7e28632
72SHA1 (patch-third__party_python_futures_concurrent_futures_process.py) = 5e5c77334d29814f7548450163b625f451b74942 72SHA1 (patch-third__party_python_futures_concurrent_futures_process.py) = 5e5c77334d29814f7548450163b625f451b74942
73SHA1 (patch-third__party_rust_simd_.cargo-checksum.json) = 117ba033158711ab6b539d1631e7c9d3034f6f2d 73SHA1 (patch-third__party_rust_simd_.cargo-checksum.json) = 117ba033158711ab6b539d1631e7c9d3034f6f2d
74SHA1 (patch-third__party_rust_simd_src_x86_avx2.rs) = 0169ad4ef8ff5107fc826336d025c6260bb84704 74SHA1 (patch-third__party_rust_simd_src_x86_avx2.rs) = 0169ad4ef8ff5107fc826336d025c6260bb84704
75SHA1 (patch-toolkit_components_protobuf_src_google_protobuf_stubs_atomicops.h) = e79aad01ad230e265717bd2eccbedcdd092d12d6 75SHA1 (patch-toolkit_components_protobuf_src_google_protobuf_stubs_atomicops.h) = e79aad01ad230e265717bd2eccbedcdd092d12d6
76SHA1 (patch-toolkit_components_terminator_nsTerminator.cpp) = 5b6d2e5c9f685d32894898d3ef3aec09a1a1e5ce 76SHA1 (patch-toolkit_components_terminator_nsTerminator.cpp) = 5b6d2e5c9f685d32894898d3ef3aec09a1a1e5ce
77SHA1 (patch-toolkit_library_moz.build) = 34e757ad08ebaee1cbc69993ec0f6774d41a14a2 77SHA1 (patch-toolkit_library_moz.build) = 34e757ad08ebaee1cbc69993ec0f6774d41a14a2
78SHA1 (patch-toolkit_modules_GMPUtils.jsm) = 85883d2064f7bb135913ee2019200a1caf48efe7 78SHA1 (patch-toolkit_modules_GMPUtils.jsm) = 85883d2064f7bb135913ee2019200a1caf48efe7
79SHA1 (patch-toolkit_moz.configure) = 78f5c46931ae3426e65eddbea7e0552bcc6a19e0 79SHA1 (patch-toolkit_moz.configure) = 78f5c46931ae3426e65eddbea7e0552bcc6a19e0
cvs diff -r1.7 -r1.8 pkgsrc/www/firefox/patches/Attic/patch-modules_libpref_init_all.js (expand / switch to unified diff)

--- pkgsrc/www/firefox/patches/Attic/patch-modules_libpref_init_all.js 2018/03/17 00:59:03 1.7
+++ pkgsrc/www/firefox/patches/Attic/patch-modules_libpref_init_all.js 2018/03/26 22:24:45 1.8
@@ -1,43 +1,29 @@ @@ -1,43 +1,29 @@
1$NetBSD: patch-modules_libpref_init_all.js,v 1.7 2018/03/17 00:59:03 ryoon Exp $ 1$NetBSD: patch-modules_libpref_init_all.js,v 1.8 2018/03/26 22:24:45 maya Exp $
 2
 3Else case same as linux for duplex audio, capture_delay, and disabling
 4custom styling to workaround a GTK bug
2 5
3--- modules/libpref/init/all.js.orig 2018-03-10 02:54:17.000000000 +0000 6--- modules/libpref/init/all.js.orig 2018-03-10 02:54:17.000000000 +0000
4+++ modules/libpref/init/all.js 7+++ modules/libpref/init/all.js
5@@ -522,25 +522,18 @@ pref("media.getusermedia.agc", 3); // kA 8@@ -532,7 +532,10 @@ pref("media.peerconnection.capture_delay
6 // capture_delay: Adjustments for OS-specific input delay (lower bound) 
7 // playout_delay: Adjustments for OS-specific AudioStream+cubeb+output delay (lower bound) 
8 // full_duplex: enable cubeb full-duplex capture/playback 
9+pref("media.navigator.audio.full_duplex", true); 
10 #if defined(XP_MACOSX) 
11 pref("media.peerconnection.capture_delay", 50); 
12-pref("media.navigator.audio.full_duplex", true); 
13 #elif defined(XP_WIN) 
14 pref("media.peerconnection.capture_delay", 50); 
15-pref("media.navigator.audio.full_duplex", true); 
16 #elif defined(ANDROID) 
17 pref("media.peerconnection.capture_delay", 100); 
18-pref("media.navigator.audio.full_duplex", true); 
19 pref("media.navigator.hardware.vp8_encode.acceleration_enabled", true); 9 pref("media.navigator.hardware.vp8_encode.acceleration_enabled", true);
20 pref("media.navigator.hardware.vp8_encode.acceleration_remote_enabled", true); 10 pref("media.navigator.hardware.vp8_encode.acceleration_remote_enabled", true);
21 pref("media.navigator.hardware.vp8_decode.acceleration_enabled", false); 11 pref("media.navigator.hardware.vp8_decode.acceleration_enabled", false);
22-#elif defined(XP_LINUX) || defined(MOZ_SNDIO) 12+#elif defined(XP_LINUX) || defined(MOZ_SNDIO)
23-pref("media.peerconnection.capture_delay", 70); 
24-pref("media.navigator.audio.full_duplex", true); 
25 #else 
26-// *BSD, others - merely a guess for now 
27-pref("media.peerconnection.capture_delay", 50); 
28-pref("media.navigator.audio.full_duplex", false); 
29+pref("media.peerconnection.capture_delay", 70); 13+pref("media.peerconnection.capture_delay", 70);
 14 #else
 15+// *BSD, others - merely a guess for now
 16 pref("media.peerconnection.capture_delay", 70);
30 #endif 17 #endif
31 // Use MediaDataDecoder API for WebRTC, this includes hardware acceleration for 18 // Use MediaDataDecoder API for WebRTC, this includes hardware acceleration for
32 // decoding. 19@@ -1331,8 +1334,8 @@ pref("dom.forms.autocomplete.formautofil
33@@ -1338,8 +1331,8 @@ pref("dom.forms.autocomplete.formautofil 
34 // Enable search in <select> dropdowns (more than 40 options) 20 // Enable search in <select> dropdowns (more than 40 options)
35 pref("dom.forms.selectSearch", false); 21 pref("dom.forms.selectSearch", false);
36 // Allow for webpages to provide custom styling for <select> 22 // Allow for webpages to provide custom styling for <select>
37-// popups. Disabled on Linux due to bug 1338283. 23-// popups. Disabled on Linux due to bug 1338283.
38-#ifdef XP_LINUX 24-#ifdef XP_LINUX
39+// popups. Disabled on GTK due to bug 1338283. 25+// popups. Disabled on GTK due to bug 1338283.
40+#ifdef MOZ_WIDGET_GTK 26+#ifdef MOZ_WIDGET_GTK
41 pref("dom.forms.select.customstyling", false); 27 pref("dom.forms.select.customstyling", false);
42 #else 28 #else
43 pref("dom.forms.select.customstyling", true); 29 pref("dom.forms.select.customstyling", true);