CVS commit: pkgsrc/www/firefox

To: pkgsrc-changes%NetBSD.org@localhost
Subject: CVS commit: pkgsrc/www/firefox
From: "Ryo ONODERA" <ryoon%netbsd.org@localhost>
Date: Tue, 18 Apr 2023 14:00:11 +0000

Module Name:    pkgsrc
Committed By:   ryoon
Date:           Tue Apr 18 14:00:11 UTC 2023

Modified Files:
        pkgsrc/www/firefox: Makefile distinfo
        pkgsrc/www/firefox/patches:
            patch-third__party_libwebrtc_modules_desktop__capture_linux_wayland_egl__dmabuf.cc
            patch-widget_gtk_DMABufSurface.cpp
Removed Files:
        pkgsrc/www/firefox/patches: patch-media_libcubeb_src_cubeb__alsa.c

Log Message:
firefox: Update to 112.0.1

Changelog:
112.0.1
Fixed

  * Fixed a bug where cookie dates appear to be set in the far future after
    updating Firefox. This may have caused cookies to be unintentionally
    purged. (bug 1827669).

112.0
New

  * Right-clicking on password fields now shows an option to reveal the
    password.

  * Ubuntu Linux users can now import their browser data from the Chromium Snap
    package. Currently, this will only work if Firefox is not also installed as
    a Snap package, but work is underway to address this!

  * Do you use the tab list panel in the tab bar? If so, you can now close tabs
    by middle-clicking items in that list.

  * You've always been able to un-close a tab by using (Cmd/Ctrl)-Shift-T. Now,
    that same shortcut will restore the previous session if there are no more
    closed tabs from the same session to re-open.

  * For all ETP Strict users, we extended the list of known tracking parameters
    that are removed from URLs to further protect our users from cross-site
    tracking.

  * Enables overlay of software-decoded video on Intel GPUs in Windows.
    Improves video down scaling quality and reduces GPU usage.

  * Private windows and ETP set to strict will now include email tracking
    protection. This will make it harder for email trackers to learn the
    browsing habits of Firefox users. You can check the Tracking Content in the
    sub-panel on the shield icon panel.

Fixed

  * Various security fixes.

Changed

  * The deprecated U2F Javascript API is now disabled by default. The U2F
    protocol remains usable through the WebAuthn API. The U2F API can be
    re-enabled using the security.webauth.u2f preference.

Security fixes:
#CVE-2023-29531: Out-of-bound memory access in WebGL on macOS
#CVE-2023-29532: Mozilla Maintenance Service Write-lock bypass
#CVE-2023-29533: Fullscreen notification obscured
#CVE-2023-29534: Fullscreen notification could have been obscured on Firefox
 for Android
#CVE-2023-1999: Double-free in libwebp
#CVE-2023-29535: Potential Memory Corruption following Garbage Collector
 compaction
#CVE-2023-29536: Invalid free from JavaScript code
#CVE-2023-29537: Data Races in font initialization code
#CVE-2023-29538: Directory information could have been leaked to WebExtensions
#CVE-2023-29539: Content-Disposition filename truncation leads to Reflected
 File Download
#CVE-2023-29540: Iframe sandbox bypass using redirects and sourceMappingUrls
#CVE-2023-29541: Files with malicious extensions could have been downloaded
 unsafely on Linux
#CVE-2023-29542: Bypass of file download extension restrictions
#CVE-2023-29543: Use-after-free in debugging APIs
#CVE-2023-29544: Memory Corruption in garbage collector
#CVE-2023-29545: Windows Save As dialog resolved environment variables
#CVE-2023-29546: Screen recording in Private Browsing included address bar on
 Android
#CVE-2023-29547: Secure document cookie could be spoofed with insecure cookie
#CVE-2023-29548: Incorrect optimization result on ARM64
#CVE-2023-29549: Javascript's bind function may have failed
#CVE-2023-29550: Memory safety bugs fixed in Firefox 112 and Firefox ESR 102.10
#CVE-2023-29551: Memory safety bugs fixed in Firefox 112


To generate a diff of this commit:
cvs rdiff -u -r1.550 -r1.551 pkgsrc/www/firefox/Makefile
cvs rdiff -u -r1.494 -r1.495 pkgsrc/www/firefox/distinfo
cvs rdiff -u -r1.32 -r0 \
    pkgsrc/www/firefox/patches/patch-media_libcubeb_src_cubeb__alsa.c
cvs rdiff -u -r1.1 -r1.2 \
    pkgsrc/www/firefox/patches/patch-third__party_libwebrtc_modules_desktop__capture_linux_wayland_egl__dmabuf.cc
cvs rdiff -u -r1.4 -r1.5 \
    pkgsrc/www/firefox/patches/patch-widget_gtk_DMABufSurface.cpp

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/www/firefox/Makefile
diff -u pkgsrc/www/firefox/Makefile:1.550 pkgsrc/www/firefox/Makefile:1.551
--- pkgsrc/www/firefox/Makefile:1.550   Wed Apr  5 14:22:35 2023
+++ pkgsrc/www/firefox/Makefile Tue Apr 18 14:00:11 2023
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.550 2023/04/05 14:22:35 ryoon Exp $
+# $NetBSD: Makefile,v 1.551 2023/04/18 14:00:11 ryoon Exp $
 
 FIREFOX_VER=           ${MOZ_BRANCH}${MOZ_BRANCH_MINOR}
-MOZ_BRANCH=            111.0
+MOZ_BRANCH=            112.0
 MOZ_BRANCH_MINOR=      .1
 
 DISTNAME=      firefox-${FIREFOX_VER}.source

Index: pkgsrc/www/firefox/distinfo
diff -u pkgsrc/www/firefox/distinfo:1.494 pkgsrc/www/firefox/distinfo:1.495
--- pkgsrc/www/firefox/distinfo:1.494   Wed Apr  5 14:22:35 2023
+++ pkgsrc/www/firefox/distinfo Tue Apr 18 14:00:11 2023
@@ -1,8 +1,8 @@
-$NetBSD: distinfo,v 1.494 2023/04/05 14:22:35 ryoon Exp $
+$NetBSD: distinfo,v 1.495 2023/04/18 14:00:11 ryoon Exp $
 
-BLAKE2s (firefox-111.0.1.source.tar.xz) = 064fd7728894107ce1ad41b382c2d153aacdb6382bbdd4c6f1b1db2b1f654f5f
-SHA512 (firefox-111.0.1.source.tar.xz) = b16c9399a19cb1de2d865a023d54fbe71c23a363ea4d36cd58f41f64f7ad04bc1b9d8a8448943417516e17337e0ee2afd370c29a72b51b0947161f4ffab6935f
-Size (firefox-111.0.1.source.tar.xz) = 496209640 bytes
+BLAKE2s (firefox-112.0.1.source.tar.xz) = e0ea6615a9eb3b64e8888527ab2b17d1ea530bbd9f98aae36981dc8f51cc7aef
+SHA512 (firefox-112.0.1.source.tar.xz) = 23a5cd9c1f165275d8ca7465bebce86018441c72292421f4ed56d7ad8ada9402dc8d22a08467d9d0ef3ef8c62338006dfa3bcbddf12cb8a59eafa0bd7d0cda50
+Size (firefox-112.0.1.source.tar.xz) = 506649248 bytes
 BLAKE2s (nodejs-output-111.0.tgz) = 5e61c766822fdb7f5ef9e358de2ed00ba1c5074a2dad1e1d491772532f2bfe09
 SHA512 (nodejs-output-111.0.tgz) = 79ff7d122c48453a10312918b315acbe8dff6695042311be1b4aaa69c59fb77c7c14affc4f24fe23d9a6707d4c4dccf90c063e0f3af7de5807cdc45df5d0829e
 Size (nodejs-output-111.0.tgz) = 208870 bytes
@@ -24,7 +24,6 @@ SHA1 (patch-js_src_jit_ProcessExecutable
 SHA1 (patch-js_src_util_NativeStack.cpp) = a0a16d8d8d78d3cc3f4d2a508586f1a7821f7dba
 SHA1 (patch-js_src_vm_ArrayBufferObject.cpp) = 374ffc0ce12e1c5babf2e553aba96612b0a30b1e
 SHA1 (patch-media_ffvpx_libavutil_arm_bswap.h) = de58daa0fd23d4fec50426602b65c9ea5862558a
-SHA1 (patch-media_libcubeb_src_cubeb__alsa.c) = e827ae7db2407f27e0310a17c690452276a70389
 SHA1 (patch-media_libpng_pngpriv.h) = c8084332560017cd7c9b519b61d125fa28af0dbc
 SHA1 (patch-media_libtheora_lib_info.c) = f6dbf536d73859a1ff78304c2e9f6a6f74dac01f
 SHA1 (patch-modules_fdlibm_src_math__private.h) = e20b6c23011d7123cbbd64a500eb8ce8c426620e
@@ -32,7 +31,7 @@ SHA1 (patch-mozglue_misc_Uptime.cpp) = d
 SHA1 (patch-nsprpub_pr_src_pthreads_ptsynch.c) = b0d1f6a6e0eb852b0fd0238ad3f8ed3166c60a50
 SHA1 (patch-security_nss_lib_freebl_mpi_mpi.c) = a7cd867916524770609d1c307a65b315b88456f4
 SHA1 (patch-third__party_js_cfworker_build.sh) = 46cdf97b99cf01080f290ae8d9a33b5f869fc3e4
-SHA1 (patch-third__party_libwebrtc_modules_desktop__capture_linux_wayland_egl__dmabuf.cc) = 8bae28e76062b12b06ba20db675cd9dc947e1034
+SHA1 (patch-third__party_libwebrtc_modules_desktop__capture_linux_wayland_egl__dmabuf.cc) = 455be625b5de2f6f1f4b2dbb6c8cb33ca16c2583
 SHA1 (patch-third__party_libwebrtc_modules_video__capture_linux_device__info__v4l2.cc) = 8848fb05c1e8b45234f74db71602a8a84c0404a4
 SHA1 (patch-third__party_libwebrtc_modules_video__capture_linux_video__capture__v4l2.cc) = 8111952a107eb2cd665525ddd0e27c79eee3c1cd
 SHA1 (patch-third__party_libwebrtc_system__wrappers_source_cpu__features__linux.cc) = b90e22b50879f7adcc1da3a993f52c0701b720f8
@@ -41,6 +40,6 @@ SHA1 (patch-toolkit_components_terminato
 SHA1 (patch-toolkit_modules_subprocess_subprocess__shared__unix.js) = 2303b753066298305ccae80d72765dbc4da5e0dc
 SHA1 (patch-toolkit_moz.configure) = c183f8b1566ffed0df17bf856f693b3a288affeb
 SHA1 (patch-toolkit_mozapps_installer_packager.mk) = 706635b76a7b525794aba95e95544f09e18bb662
-SHA1 (patch-widget_gtk_DMABufSurface.cpp) = a953dd0ddf37a3719c61e60b8e89f1216e3be876
+SHA1 (patch-widget_gtk_DMABufSurface.cpp) = b07836c49c0c9c85e7923d3297ad674453165522
 SHA1 (patch-xpcom_base_nscore.h) = 1ac4d34d3c9e80bc1ac966c6c84cb320bc0fa1ec
 SHA1 (patch-xpcom_reflect_xptcall_md_unix_moz.build) = 81d43a046fcef6bf6717d52485686ba8e8738254

Index: pkgsrc/www/firefox/patches/patch-third__party_libwebrtc_modules_desktop__capture_linux_wayland_egl__dmabuf.cc
diff -u pkgsrc/www/firefox/patches/patch-third__party_libwebrtc_modules_desktop__capture_linux_wayland_egl__dmabuf.cc:1.1 
pkgsrc/www/firefox/patches/patch-third__party_libwebrtc_modules_desktop__capture_linux_wayland_egl__dmabuf.cc:1.2
--- pkgsrc/www/firefox/patches/patch-third__party_libwebrtc_modules_desktop__capture_linux_wayland_egl__dmabuf.cc:1.1   Wed Apr  5 14:22:36 2023
+++ pkgsrc/www/firefox/patches/patch-third__party_libwebrtc_modules_desktop__capture_linux_wayland_egl__dmabuf.cc       Tue Apr 18 14:00:11 2023
@@ -1,8 +1,8 @@
-$NetBSD: patch-third__party_libwebrtc_modules_desktop__capture_linux_wayland_egl__dmabuf.cc,v 1.1 2023/04/05 14:22:36 ryoon Exp $
+$NetBSD: patch-third__party_libwebrtc_modules_desktop__capture_linux_wayland_egl__dmabuf.cc,v 1.2 2023/04/18 14:00:11 ryoon Exp $
 
---- third_party/libwebrtc/modules/desktop_capture/linux/wayland/egl_dmabuf.cc.orig     2023-03-02 21:15:55.000000000 +0000
+--- third_party/libwebrtc/modules/desktop_capture/linux/wayland/egl_dmabuf.cc.orig     2023-03-30 21:16:09.000000000 +0000
 +++ third_party/libwebrtc/modules/desktop_capture/linux/wayland/egl_dmabuf.cc
-@@ -10,11 +10,15 @@
+@@ -10,12 +10,16 @@
  
  #include "modules/desktop_capture/linux/wayland/egl_dmabuf.h"
  
@@ -11,6 +11,7 @@ $NetBSD: patch-third__party_libwebrtc_mo
 +#endif
  #include <dlfcn.h>
  #include <fcntl.h>
+ #include <gdk/gdk.h>
  #include <libdrm/drm_fourcc.h>
 +#if defined(__linux__)
  #include <linux/types.h>

Index: pkgsrc/www/firefox/patches/patch-widget_gtk_DMABufSurface.cpp
diff -u pkgsrc/www/firefox/patches/patch-widget_gtk_DMABufSurface.cpp:1.4 pkgsrc/www/firefox/patches/patch-widget_gtk_DMABufSurface.cpp:1.5
--- pkgsrc/www/firefox/patches/patch-widget_gtk_DMABufSurface.cpp:1.4   Wed Apr  5 14:22:36 2023
+++ pkgsrc/www/firefox/patches/patch-widget_gtk_DMABufSurface.cpp       Tue Apr 18 14:00:11 2023
@@ -1,8 +1,8 @@
-$NetBSD: patch-widget_gtk_DMABufSurface.cpp,v 1.4 2023/04/05 14:22:36 ryoon Exp $
+$NetBSD: patch-widget_gtk_DMABufSurface.cpp,v 1.5 2023/04/18 14:00:11 ryoon Exp $
 
 No eventfd on NetBSD 9 and older, fix build
 
---- widget/gtk/DMABufSurface.cpp.orig  2023-03-02 21:15:57.000000000 +0000
+--- widget/gtk/DMABufSurface.cpp.orig  2023-03-30 21:16:10.000000000 +0000
 +++ widget/gtk/DMABufSurface.cpp
 @@ -6,6 +6,9 @@
  
@@ -24,15 +24,15 @@ No eventfd on NetBSD 9 and older, fix bu
  #include <poll.h>
  #include <sys/ioctl.h>
  
-@@ -128,6 +133,7 @@ void DMABufSurface::GlobalRefAdd() {
+@@ -134,6 +139,7 @@ void DMABufSurface::GlobalRefAdd() {
  }
  
  void DMABufSurface::GlobalRefCountCreate() {
 +#if !(defined(__NetBSD__) && (__NetBSD_Version__ - 0 < 1000000000))
    MOZ_ASSERT(!mGlobalRefCountFd);
-   mGlobalRefCountFd = eventfd(0, EFD_CLOEXEC | EFD_NONBLOCK | EFD_SEMAPHORE);
-   if (mGlobalRefCountFd < 0) {
-@@ -137,6 +143,7 @@ void DMABufSurface::GlobalRefCountCreate
+   // Create global ref count initialized to 0,
+   // i.e. is not referenced after create.
+@@ -145,6 +151,7 @@ void DMABufSurface::GlobalRefCountCreate
      mGlobalRefCountFd = 0;
      return;
    }

Prev by Date: CVS commit: pkgsrc/doc
Next by Date: CVS commit: pkgsrc/doc
Previous by Thread: CVS commit: pkgsrc/doc
Next by Thread: CVS commit: pkgsrc/doc
Indexes:

Home | Main Index | Thread Index | Old Index