CVS commit: pkgsrc/www/firefox

To: pkgsrc-changes%NetBSD.org@localhost
Subject: CVS commit: pkgsrc/www/firefox
From: "Ryo ONODERA" <ryoon%netbsd.org@localhost>
Date: Sat, 15 Jan 2022 15:57:39 +0000

Module Name:    pkgsrc
Committed By:   ryoon
Date:           Sat Jan 15 15:57:38 UTC 2022

Modified Files:
        pkgsrc/www/firefox: Makefile distinfo mozilla-common.mk
        pkgsrc/www/firefox/patches: patch-ipc_glue_GeckoChildProcessHost.cpp
            patch-media_webrtc_trunk_webrtc_modules_video__capture_linux_device__info__linux.cc
Added Files:
        pkgsrc/www/firefox/patches: patch-libwebrtc.diff
            patch-third__party_libwebrtc_system__wrappers_source_cpu__features__linux.cc
Removed Files:
        pkgsrc/www/firefox/patches: patch-layout_style_extra-bindgen-flags.in
            patch-third__party_libwebrtc_webrtc_modules_audio__processing_echo__detector_mean__variance__estimator.cc

Log Message:
firefox: Update to 96.0.1

Changelog:
Version 96.0.1, first offered to Release channel users on January 14, 2022
Fixed

  * Addresses proxy rule exceptions not working on Windows systems when "Use
    system proxy settings" is set (bug 1749501)

  * Improvements to make the parsing of content-length headers more robust (bug
    1749957)

Version 96.0, first offered to Release channel users on January 11, 2022
New

  * We've made significant improvements in noise-suppression and
    auto-gain-control as well as slight improvements in echo-cancellation to
    provide you with a better overall experience.

  * We've also significantly reduced main-thread load.

  * Firefox will now default all cookies to having a SameSite=lax attribute
    which helps defend against Cross-Site Request Forgery (CSRF) attacks.

  * When printing, you can now choose to print only the odd/even pages.

Fixed

  * On macOS, command-clicking links in Gmail now opens them in a new tab as
    expected.

  * Our newest release fixes an issue where video intermittently drops SSRC.

  * It also fixes an issue where WebRTC downgrades screen sharing resolution to
    provide you with a clearer browsing experience.

  * Plus, we've fixed video quality degradation issues on certain sites.

  * Detached video in fullscreen on macOS has been temporarily disabled to
    avoid some issues with corruption, brightness changes, missing subtitles
    and high cpu usage.

  * Various security fixes

Security fixes:
#CVE-2022-22746: Calling into reportValidity could have lead to fullscreen
 window spoof
#CVE-2022-22743: Browser window spoof using fullscreen mode
#CVE-2022-22742: Out-of-bounds memory access when inserting text in edit mode
#CVE-2022-22741: Browser window spoof using fullscreen mode
#CVE-2022-22740: Use-after-free of ChannelEventQueue::mOwner
#CVE-2022-22738: Heap-buffer-overflow in blendGaussianBlur
#CVE-2022-22737: Race condition when playing audio files
#CVE-2021-4140: Iframe sandbox bypass with XSLT
#CVE-2022-22750: IPC passing of resource handles could have lead to sandbox
 bypass
#CVE-2022-22749: Lack of URL restrictions when scanning QR codes
#CVE-2022-22748: Spoofed origin on external protocol launch dialog
#CVE-2022-22745: Leaking cross-origin URLs through securitypolicyviolation
 event
#CVE-2022-22744: The 'Copy as curl' feature in DevTools did not fully escape
 website-controlled data, potentially leading to command injection
#CVE-2022-22747: Crash when handling empty pkcs7 sequence
#CVE-2022-22736: Potential local privilege escalation when loading modules from
 the install directory.
#CVE-2022-22739: Missing throttling on external protocol launch dialog
#CVE-2022-22751: Memory safety bugs fixed in Firefox 96 and Firefox ESR 91.5
#CVE-2022-22752: Memory safety bugs fixed in Firefox 96


To generate a diff of this commit:
cvs rdiff -u -r1.507 -r1.508 pkgsrc/www/firefox/Makefile
cvs rdiff -u -r1.456 -r1.457 pkgsrc/www/firefox/distinfo
cvs rdiff -u -r1.220 -r1.221 pkgsrc/www/firefox/mozilla-common.mk
cvs rdiff -u -r1.13 -r1.14 \
    pkgsrc/www/firefox/patches/patch-ipc_glue_GeckoChildProcessHost.cpp
cvs rdiff -u -r1.1 -r0 \
    pkgsrc/www/firefox/patches/patch-layout_style_extra-bindgen-flags.in \
    pkgsrc/www/firefox/patches/patch-third__party_libwebrtc_webrtc_modules_audio__processing_echo__detector_mean__variance__estimator.cc
cvs rdiff -u -r0 -r1.1 pkgsrc/www/firefox/patches/patch-libwebrtc.diff \
    pkgsrc/www/firefox/patches/patch-third__party_libwebrtc_system__wrappers_source_cpu__features__linux.cc
cvs rdiff -u -r1.19 -r1.20 \
    pkgsrc/www/firefox/patches/patch-media_webrtc_trunk_webrtc_modules_video__capture_linux_device__info__linux.cc

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

diffs are larger than 1MB and have been omitted

Prev by Date: CVS commit: pkgsrc/www/curl
Next by Date: CVS commit: pkgsrc/doc
Previous by Thread: CVS commit: pkgsrc/www/curl
Next by Thread: CVS commit: pkgsrc/doc
Indexes:

Home | Main Index | Thread Index | Old Index