Re: CVS commit: pkgsrc/www/firefox60

To: leot%NetBSD.org@localhost
Subject: Re: CVS commit: pkgsrc/www/firefox60
From: Ryo ONODERA <ryo%tetera.org@localhost>
Date: Tue, 26 Feb 2019 22:00:48 +0900 (JST)

Hi,

From: Leonardo Taccari <leot%NetBSD.org@localhost>, Date: Tue, 26 Feb 2019 13:54:29 +0100

> Hello Ryo,
> 
> Ryo ONODERA writes:
>> [...]
>> Log Message:
>> Update to 60.5.2
>>
>> Changelog:
>> 60.5.2
>> Fixed a frequent crash when reading various Reuters news articles (bug 1505844)
>>
>> 60.5.1
>> #CVE-2018-18356: Use-after-free in Skia
>> #CVE-2019-5785: Integer overflow in Skia
>> #CVE-2018-18335: Buffer overflow in Skia with accelerated Canvas 2D
>>
>> 60.5.0
>> #CVE-2018-18500: Use-after-free parsing HTML5 stream
>> #CVE-2018-18505: Privilege escalation through IPC channel messages
>> #CVE-2018-18501: Memory safety bugs fixed in Firefox 65 and Firefox ESR 60.5
>>
> 
> Thank you very much for updating it!
> 
> When trying to rebuild it I have noticed that
> patch-dom_fetch_FetchConsumer.cpp no longer applies.
> 
> Attached patch in this email adjust that (but the build of firefox60
> is still running so I haven't completely tested them).

patch-dom_fetch_FetchConsumer.cpp should be removed.
I will remove it.

> Another question/curiosity directly inline.

Like www/firefox, www/firefox60 uses internal libjpeg-turbo now.

>> Index: pkgsrc/www/firefox60/mozilla-common.mk
>> diff -u pkgsrc/www/firefox60/mozilla-common.mk:1.2 pkgsrc/www/firefox60/mozilla-common.mk:1.3
>> --- pkgsrc/www/firefox60/mozilla-common.mk:1.2       Tue Oct 23 12:33:04 2018
>> +++ pkgsrc/www/firefox60/mozilla-common.mk   Tue Feb 26 11:23:53 2019
>> @@ -1,4 +1,4 @@
>> -# $NetBSD: mozilla-common.mk,v 1.2 2018/10/23 12:33:04 jperkin Exp $
>> +# $NetBSD: mozilla-common.mk,v 1.3 2019/02/26 11:23:53 ryoon Exp $
>>  #
>>  # common Makefile fragment for mozilla packages based on gecko 2.0.
>>  #
>> @@ -66,14 +66,14 @@ CONFIGURE_ARGS+= --enable-system-ffi
>>  CONFIGURE_ARGS+=    --with-system-icu
>>  CONFIGURE_ARGS+=    --with-system-nss
>>  CONFIGURE_ARGS+=    --with-system-nspr
>> -CONFIGURE_ARGS+=    --with-system-jpeg
>> +#CONFIGURE_ARGS+=   --with-system-jpeg
>>  CONFIGURE_ARGS+=    --with-system-zlib
>>  CONFIGURE_ARGS+=    --with-system-bz2
>>  CONFIGURE_ARGS+=    --with-system-libevent=${BUILDLINK_PREFIX.libevent}
>>  CONFIGURE_ARGS+=    --disable-crashreporter
>>  CONFIGURE_ARGS+=    --disable-necko-wifi
>>  CONFIGURE_ARGS+=    --enable-chrome-format=flat
>> -CONFIGURE_ARGS+=    --disable-libjpeg-turbo
>> +#CONFIGURE_ARGS+=   --disable-libjpeg-turbo
>>  
>>  CONFIGURE_ARGS+=    --disable-gconf
>>  #CONFIGURE_ARGS+=   --enable-readline
>> @@ -196,7 +196,7 @@ BUILDLINK_API_DEPENDS.nspr+=     nspr>=4.18
>>  BUILDLINK_API_DEPENDS.nss+= nss>=3.35
>>  .include "../../devel/nss/buildlink3.mk"
>>  .include "../../devel/zlib/buildlink3.mk"
>> -.include "../../mk/jpeg.buildlink3.mk"
>> +#.include "../../mk/jpeg.buildlink3.mk"
>>  .include "../../graphics/MesaLib/buildlink3.mk"
>>  #BUILDLINK_API_DEPENDS.cairo+=      cairo>=1.10.2nb4
>>  #.include "../../graphics/cairo/buildlink3.mk"
>>
> 
> Why were these commented out?
> 
> 
> Thank you again!

--
Ryo ONODERA // ryo%tetera.org@localhost
PGP fingerprint = 82A2 DC91 76E0 A10A 8ABB  FD1B F404 27FA C7D1 15F3

References:
- CVS commit: pkgsrc/www/firefox60
  - From: Ryo ONODERA
- Re: CVS commit: pkgsrc/www/firefox60
  - From: Leonardo Taccari

Prev by Date: Re: CVS commit: pkgsrc/www/firefox60
Next by Date: CVS commit: pkgsrc/www/firefox60
Previous by Thread: Re: CVS commit: pkgsrc/www/firefox60
Next by Thread: CVS commit: pkgsrc/doc
Indexes:

Home | Main Index | Thread Index | Old Index