* Merge some patches via FreeBSD ports.
* Tested on NetBSD/amd64 6.99.23 and DragonFly/amd64 3.4.1.
* Use system hunspell dictionaries.
* DuckDuckGo search window.
* Enable system icu support.
Changelog:
NEW
Support for new scrollbar style in Mac OS X 10.7 and newer
NEW
Implemented Close tabs to the right
NEW
Social: Ability to tear-off chat windows to view separately by simply dragging them out
CHANGED
Accessibility related improvements on using pinned tabs (see 577727)
CHANGED
Removed support for Revocation Lists feature (see 867465)
CHANGED
Performance improvements on New Tab Page loads (see 791670)
DEVELOPER
Major SVG rendering improvements around Image tiling and scaling (see 600207 )
DEVELOPER
Improved and unified Browser console for enhanced debugging experience, replacing existing Error console
DEVELOPER
Removed support for sherlock files that are loaded from application or profile directory
FIXED
Replace fixed-ratio audio resampler in webrtc.org capture code with Speex resampler and eliminate pseudo-44000Hz rate ( see 886886)
FIXED
24.0: Security fixes can be found here
Fixed in Firefox 24
MFSA 2013-92 GC hazard with default compartments and frame chain restoration
MFSA 2013-91 User-defined properties on DOM proxies get the wrong "this" object
MFSA 2013-90 Memory corruption involving scrolling
MFSA 2013-89 Buffer overflow with multi-column, lists, and floats
MFSA 2013-88 compartment mismatch re-attaching XBL-backed nodes
MFSA 2013-87 Shared object library loading from writable location
MFSA 2013-86 WebGL Information disclosure through OS X NVIDIA graphic drivers
MFSA 2013-85 Uninitialized data in IonMonkey
MFSA 2013-84 Same-origin bypass through symbolic links
MFSA 2013-83 Mozilla Updater does not lock MAR file after signature verification
MFSA 2013-82 Calling scope for new Javascript objects can lead to memory corruption
MFSA 2013-81 Use-after-free with select element
MFSA 2013-80 NativeKey continues handling key messages after widget is destroyed
MFSA 2013-79 Use-after-free in Animation Manager during stylesheet cloning
MFSA 2013-78 Integer overflow in ANGLE library
MFSA 2013-77 Improper state in HTML5 Tree Builder with templates
MFSA 2013-76 Miscellaneous memory safety hazards (rv:24.0 / rv:17.0.9)
Changelog:
FIXED
23.0.1 - Rendering glitches on H.264 video only in FF23 on Vista (901944)
FIXED
23.0.1 - Spellchecking broken with non-ASCII characters in profile path (902532)
FIXED
23.0.1 - Audio static/"burble"/breakup in Firefox to Firefox WebRTC calls (901527)
* Install SDK to firefox-sdk directory.
* Split multiple CONFIGURE_ARS's arguments.
* Enable libmozjs.so build.
Changelog:
NEW
Mixed content blocking enabled to protects users from man-in-the-middle attacks and eavesdroppers on HTTPS pages (learn more)
NEW
Options panel created for Web Developer Toolbox
CHANGED
"Enable JavaScript" preference checkbox has been removed and user-set values will be reset to the default
CHANGED
Updated Firefox Logo
CHANGED
Improved about:memory's functional UI
CHANGED
Simplified interface for notifications of plugin installation
CHANGED
Enabled DXVA2 on Windows Vista+ to accelerate H.264 video decoding
CHANGED
Users can now switch to a new search provider across the entire browser
CHANGED
CSP policies using the standard syntax and semantics will now be enforced
CHANGED
<input type='file'> rendering improvements (see bug 838675)
CHANGED
Replace fixed-ratio audio resampler in webrtc.org capture code with Speex resampler and eliminate pseudo-44000Hz rate
CHANGED
"Load images automatically" and Always show the tab bar" checkboxes removed from preferences and reset to defaults
DEVELOPER
HTML5 <input type="range"> form control implemented
DEVELOPER
Write more accessible pages on touch interfaces with new ARIA role for key buttons
DEVELOPER
Social share functionality
DEVELOPER
Added unprefixed requestAnimationFrame
DEVELOPER
Implemented a global browser console
DEVELOPER
Dropped blink effect from text-decoration: blink; and completely removed <blink> element
DEVELOPER
New feature in toolbox: Network Monitor
FIXED
Various security fixes
n Firefox 23
MFSA 2013-75 Local Java applets may read contents of local file system
MFSA 2013-74 Firefox full and stub installer DLL hijacking
MFSA 2013-73 Same-origin bypass with web workers and XMLHttpRequest
MFSA 2013-72 Wrong principal used for validating URI for some Javascript components
MFSA 2013-71 Further Privilege escalation through Mozilla Updater
MFSA 2013-70 Bypass of XrayWrappers using XBL Scopes
MFSA 2013-69 CRMF requests allow for code execution and XSS attacks
MFSA 2013-68 Document URI misrepresentation and masquerading
MFSA 2013-67 Crash during WAV audio file decoding
MFSA 2013-66 Buffer overflow in Mozilla Maintenance Service and Mozilla Updater
MFSA 2013-65 Buffer underflow when generating CRMF requests
MFSA 2013-64 Use after free mutating DOM during SetBody
MFSA 2013-63 Miscellaneous memory safety hazards (rv:23.0 / rv:17.0.8)
* On NetBSD WebRTC support is disabled, because libxul.so has some errors
in link stage. WebRTC support should be tested on non-NetBSD platforms.
* It seems that OSS sound support is not working properly on NetBSD.
Changelog:
NEW
WebRTC is now enabled by default!
NEW
Windows: Firefox now follows display scaling options to render text larger on high-res displays
NEW
Mac OS X: Download progress in Dock application icon
NEW
HTML5 audio/video playback rate can now be changed
NEW
Social services management implemented in Add-ons Manager
NEW
asm.js optimizations (OdinMonkey) enabled for major performance improvements
CHANGED
Improved WebGL rendering performance through asynchronous canvas updates
CHANGED
Plain text files displayed within Firefox will now word-wrap
CHANGED
For user security, the |Components| object is no longer accessible from web content
CHANGED
Pointer Lock API can now be used outside of fullscreen
DEVELOPER
CSS3 Flexbox implemented and enabled by default
DEVELOPER
New Web Notifications API implemented
DEVELOPER
Added clipboardData API for JavaScript access to a user's clipboard
DEVELOPER
New built-in font inspector
HTML5
New HTML5 <data> and <time> elements
FIXED
Various security fixes
FIXED
Scrolling using some high-resolution-scroll aware touchpads feels slow (829952)
Fixed in Firefox 22
MFSA 2013-62 Inaccessible updater can lead to local privilege escalation
MFSA 2013-61 Homograph domain spoofing in .com, .net and .name
MFSA 2013-60 getUserMedia permission dialog incorrectly displays location
MFSA 2013-59 XrayWrappers can be bypassed to run user defined methods in a privileged context
MFSA 2013-58 X-Frame-Options ignored when using server push with multi-part responses
MFSA 2013-57 Sandbox restrictions not applied to nested frame elements
MFSA 2013-56 PreserveWrapper has inconsistent behavior
MFSA 2013-55 SVG filters can lead to information disclosure
MFSA 2013-54 Data in the body of XHR HEAD requests leads to CSRF attacks
MFSA 2013-53 Execution of unmapped memory through onreadystatechange event
MFSA 2013-52 Arbitrary code execution within Profiler
MFSA 2013-51 Privileged content access and execution via XBL
MFSA 2013-50 Memory corruption found using Address Sanitizer
MFSA 2013-49 Miscellaneous memory safety hazards (rv:22.0 / rv:17.0.7)
* Add NetBSD/sparc64 support from martin@.
Almost all functionalities work fine, but https handling.
* Enable system jpeg support. This is accidentally disabled.
to address issues with NetBSD-6(and earlier)'s fontconfig not being
new enough for pango.
While doing that, also bump freetype2 dependency to current pkgsrc
version.
Suggested by tron in PR 47882
a) refer 'perl' in their Makefile, or
b) have a directory name of p5-*, or
c) have any dependency on any p5-* package
Like last time, where this caused no complaints.
* Remove reference to devel/xulrunner.
* Move some common files for firefox/xulrunner-21.0.
* Move patches from devel/sulrunner.
* Take MAINTAINERship.
* This release of firefox is built with internal xulrunner.
Because separated (system) xulrunner has prefs and chrome load problem.
* gnome option is broken in libnkmozgnomevfs.so build.
Changelog:
NEW
The Social API now supports multiple providers
NEW
Enhanced three-state UI for Do Not Track (DNT)
NEW
Firefox will suggest how to improve your application startup time if needed
NEW
Preliminary implementation of Firefox Health Report
CHANGED
Ability to restore removed thumbnails on New Tab Page
CHANGED
CSS -moz-user-select:none selection changed to improve compatibility with -webkit-user-select:none (bug 816298)
CHANGED
Graphics related performance improvements (bug 809821)
CHANGED
Removed E4X support from Spidermonkey
DEVELOPER
Implemented Remote Profiling
DEVELOPER
Integrated add-on SDK loader and API libraries into Firefox
HTML5
Added support for <main> element
HTML5
Implemented scoped stylesheets
HTML5
Added support for window.crypto.getRandomValues
FIXED
Some function keys may not work when pressed (833719)
FIXED
Browsing and Download history clearing needs unification to avoid confusion on clearing download history (847627)
FIXED
21.0: Security fixes can be found here
Fixed in Firefox 21
MFSA 2013-48 Memory corruption found using Address Sanitizer
MFSA 2013-47 Uninitialized functions in DOMSVGZoomEvent
MFSA 2013-46 Use-after-free with video and onresize event
MFSA 2013-45 Mozilla Updater fails to update some Windows Registry entries
MFSA 2013-44 Local privilege escalation through Mozilla Maintenance Service
MFSA 2013-43 File input control has access to full path
MFSA 2013-42 Privileged access for content level constructor
MFSA 2013-41 Miscellaneous memory safety hazards (rv:21.0 / rv:17.0.6)
Changelog:
NEW
Per-window Private Browsing. Learn more.
NEW
New download experience. Learn more.
NEW
Ability to close hanging plugins, without the browser hanging
CHANGED
Continued performance improvements around common browser tasks (page loads, downloads, shutdown, etc.)
DEVELOPER
Continued implementation of draft ECMAScript 6 - clear() and Math.imul
DEVELOPER
New JavaScript Profiler tool
HTML5
getUserMedia implemented for web access to the user's camera and microphone (with user permission)
HTML5
<canvas> now supports blend modes
HTML5
Various <audio> and <video> improvements
FIXED
Details button on Crash Reporter (793972)
FIXED
Unity plugin doesn't display in HiDPI mode (829284)
FIXED
20.0: Security fixes can be found here
Fixed in Firefox 20
MFSA 2013-40 Out-of-bounds array read in CERT_DecodeCertPackage
MFSA 2013-39 Memory corruption while rendering grayscale PNG images
MFSA 2013-38 Cross-site scripting (XSS) using timed history navigations
MFSA 2013-37 Bypass of tab-modal dialog origin disclosure
MFSA 2013-36 Bypass of SOW protections allows cloning of protected nodes
MFSA 2013-35 WebGL crash with Mesa graphics driver on Linux
MFSA 2013-34 Privilege escalation through Mozilla Updater
MFSA 2013-33 World read and write access to app_tmp directory on Android
MFSA 2013-32 Privilege escalation through Mozilla Maintenance Service
MFSA 2013-31 Out-of-bounds write in Cairo library
MFSA 2013-30 Miscellaneous memory safety hazards (rv:20.0 / rv:17.0.5)
* Add --enable-pulseaudio configure option (functionality is not tested)
Changelog:
NEW
First revision of the Social API and support for Facebook Messenger
NEW
Click-to-play blocklisting implemented to prevent vulnerable plugin versions from running without the user's permission (see blog post)
CHANGED
Updated Awesome Bar experience with larger icons
CHANGED
Mac OS X 10.5 is no longer supported
DEVELOPER
JavaScript Maps and Sets are now iterable
DEVELOPER
SVG FillPaint and StrokePaint implemented
DEVELOPER
Improvements that make the Web Console, Debugger and Developer Toolbar faster and easier to use
DEVELOPER
New Markup panel in the Page Inspector allows easy editing of the DOM
HTML5
Sandbox attribute for iframes implemented, enabling increased security
FIXED
Over twenty performance improvements, including fixes around the New Tab page
FIXED
Pointer lock doesn't work in web apps (769150)
FIXED
Page scrolling on sites with fixed headers (780345)
Changelog:
FIXED
16.0.1: Vulnerability outlined here
https://blog.mozilla.org/security/2012/10/10/security-vulnerability-in-firefox-16/
NEW
Firefox on Mac OS X now has preliminary VoiceOver support turned on by default
NEW
Initial web app support (Windows/Mac/Linux)
NEW
Acholi and Kazakh localizations added
CHANGED
Improvements around JavaScript responsiveness through incremental garbage collection
DEVELOPER
New Developer Toolbar with buttons for quick access to tools, error count for the Web Console, and a new command line for quick keyboard access
DEVELOPER
CSS3 Animations, Transitions, Transforms and Gradients unprefixed in Firefox 16
DEVELOPER
Recently opened files list in Scratchpad implemented
FIXED
16.0.1: Vulnerability outlined here
https://blog.mozilla.org/security/2012/10/10/security-vulnerability-in-firefox-16/
FIXED
Debugger breakpoints do not catch on page reload (783393)
FIXED
No longer supporting MD5 as a hash algorithm in digital signatures (650355)
FIXED
Opus support by default (772341)
FIXED
Reverse animation direction has been implemented (655920)
FIXED
Per tab reporting in about:memory (687724)
FIXED
User Agent strings for pre-release Firefox versions now show only major version (728831)
Changelog:
FIXED Sites visited while in Private Browsing mode could be found through manual browser cache inspection (787743)
NEW Silent, background updates
NEW Support for SPDY networking protocol v3
NEW WebGL enhancements, including compressed textures for better performance
NEW Localization in Maithili (see all available locales)
CHANGED Optimized memory usage for add-ons
DEVELOPER JavaScript debugger integrated into developer tools
DEVELOPER New layout view added to Inspector
DEVELOPER High precision event timer implemented
DEVELOPER The CSS word-break property has been implemented.
DEVELOPER New responsive design tool allows web developers to switch between desktop and mobile views of sites
HTML5 Native support for the Opus audio codec added
HTML5 The <audio> and <video> elements now support the played attribute
HTML5 The <source> element now supports the media attribute
FIXED Focus rings keep growing when repeatedly tabbing through elements (720987)
* Use patches from https://bugzilla.mozilla.org/show_bug.cgi?id=753046
* Fix firefox.sh
Changelog:
NEW Preliminary native PDF support (Aurora/Beta only)
NEW Support for SPDY networking protocol v3
NEW WebGL enhancements, including compressed textures for better performance
CHANGED Optimized memory usage for add-ons
DEVELOPER JavaScript debugger integrated into developer tools
DEVELOPER New layout view added to Inspector
DEVELOPER The CSS word-break property has been implemented.
DEVELOPER High precision event timer implemented
DEVELOPER New responsive design tool allows web developers to switch between desktop and mobile views of sites
HTML5 Native support for the Opus audio codec added
HTML5 The <source> element now supports the media attribute
HTML5 The <audio> and <video> elements now support the played attribute
Changelog:
NEW
Google searches now utilize HTTPS
NEW
Full screen support for Mac OS X Lion implemented
NEW
Plugins can now be configured to only load on click (requires an about:config change)
NEW
The Awesome Bar now auto-completes typed URLs
CHANGED
Improved site identity manager, to prevent spoofing of an SSL connection with favicons
DEVELOPER
Pointer Lock API implemented
DEVELOPER
New API to prevent your display from sleeping
DEVELOPER
New text-transform and font-variant CSS improvements for Turkic languages and Greek
FIXED
Various security fixes
FIXED
GIF animation can gets stuck when src and image size are changed (743598)
FIXED
OS X: nsCocoaWindow::ConstrainPosition uses wrong screen in multi-display setup (752149)
FIXED
CSS :hover regression when an element's class name is set by Javascript (758885
Changelog:
* Page Source now has line numbers
* Line breaks are now supported in the title attribute
* Improvements to "Find in Page" to center search result
* URLs pasted into the download manager window are now automatically downloaded
* Support for the text-align-last CSS property has been added
* Various security fixes
* Some TinyMCE-based editors failed to load (739141)
XXX Set MAKE_JOBS_SAFE=no for now. Should investigate why it fails
without it as it prolongs build time significantly.
Upstream changes:
Add-ons installed by third party programs are now disabled by default
Added a one-time add-on selection dialog to manage previously installed add-ons
Added Twitter to the search bar for select locales. Additional locale support
will be added in the future
Added a preference to load tabs on demand, improving start-up time when
windows are restored
Improved performance and memory handling when using <audio> and <video>
elements
Added CORS support for cross-domain textures in WebGL
Added support for HTML5 context menus
Added support for insertAdjacentHTML
Improved CSS hyphen support for many languages
Improved WebSocket support
Fixed several stability issues
Fixed several security issues
Drastically improved memory handling for certain use cases
Added a new rendering backend to speed up Canvas operations on Windows systems
Bookmark and password changes now sync almost instantly when using Firefox Sync
The 'http://' URL prefix is now hidden by default
Added support for text-overflow: ellipsis
Added support for the Web Timing specification
Enhanced support for MathML
The WebSocket protocol has been updated from version 7 to version 8
Added an opt-in system for users to send performance data back to Mozilla
to improve future versions of Firefox
Fixed several stability issues
Fixed several security issues
Major changes include:
The address bar now highlights the domain of the website you're visiting
Streamlined the look of the site identity block
Added support for the latest draft version of WebSockets with a prefixed API
Added support for EventSource / server-sent events
Added support for window.matchMedia
Added Scratchpad, an interactive JavaScript prototyping environment
Added a new Web Developer menu item and moved development-related items into it
Improved usability of the Web Console
Improved the discoverability of Firefox Sync
Reduced browser startup time when using Panorama
Fixed several stability issues
Fixed several security issues
Firefox 4 is based on the Gecko 2.0 Web platform. This release features
JavaScript execution speeds up to six times faster than the previous
version, new capabilities for Web Developers and Add-on Developers such as
hardware accelerated graphics and HTML5 technologies, and a completely
revised user interface.
MFSA 2010-84 XSS hazard in multiple character encodings
MFSA 2010-83 Location bar SSL spoofing using network error page
MFSA 2010-82 Incomplete fix for CVE-2010-0179
MFSA 2010-81 Integer overflow vulnerability in NewIdArray
MFSA 2010-80 Use-after-free error with nsDOMAttribute MutationObserver
MFSA 2010-79 Java security bypass from LiveConnect loaded via data: URL meta
refresh
MFSA 2010-78 Add support for OTS font sanitizer
MFSA 2010-77 Crash and remote code execution using HTML tags inside a XUL tree
MFSA 2010-76 Chrome privilege escalation with window.open and <isindex> element
MFSA 2010-75 Buffer overflow while line breaking after document.write with
long string
MFSA 2010-74 Miscellaneous memory safety hazards (rv:1.9.2.13/ 1.9.1.16)
MFSA 2010-33 User tracking across sites using Math.random()
MFSA 2010-32 Content-Disposition: attachment ignored
if Content-Type: multipart also present
MFSA 2010-31 focus() behavior can be used to inject or steal keystrokes
MFSA 2010-30 Integer Overflow in XSLT Node Sorting
MFSA 2010-29 Heap buffer overflow in nsGenericDOMDataNode::SetTextInternal
MFSA 2010-28 Freed object reuse across plugin instances
MFSA 2010-26 Crashes with evidence of memory corruption
Also add patch for PR pkg/42988 crash, effectively disabling all
sound support until we decide on what sound API to use.
The current dlopen() guesswork is bad, mkay.
Bump PKGREVISION for this and previous changes.
.2 is not formally released yet, but is release tagged in the scm and I
want to get this update in before we freeze the tree.
"Firefox 3.6 is built on Mozilla's Gecko 1.9.2 web rendering platform,
which has been under development since early 2009 and contains many
improvements for web developers, add-on developers, and users."
- Improved JavaScript performance, overall browser responsiveness,
and startup time.
- The ability for web developers to indicate that scripts should run
asynchronously to speed up page load times.
- Continued support for downloadable web fonts using the new WOFF font format.
- Support for new CSS attributes such as gradients, background sizing,
and pointer events.
- Support for new DOM and HTML5 specifications including the Drag & Drop API
and the File API, which allow for more interactive web pages.
Exact dependencies make upgrading through binary packages impossible
because we don't have a way to do multipackage transactional updates.
You still need to have the same mozilla platform version of xulrunner
and firefox installed or there will be an error message at run time.
While here, switch NetBSD build from sunaudio to OSS emulation.
This greatly improves HTML5 video playback.
(Yes, we ought to fix the busted sunaudio support or PKG_OPTIONalize this.
Perhaps another day.)
Advisories relating to this release:
MFSA 2009-71 GeckoActiveXObject exception messages can be used to
enumerate installed COM objects
MFSA 2009-70 Privilege escalation via chrome window.opener
MFSA 2009-69 Location bar spoofing vulnerabilities
MFSA 2009-68 NTLM reflection vulnerability
MFSA 2009-67 Integer overflow, crash in libtheora video library
MFSA 2009-66 Memory safety fixes in liboggplay media library
MFSA 2009-65 Crashes with evidence of memory corruption (rv:1.9.1.6/ 1.9.0.16)
pkgsrc changes:
- assign devel/xulrunner maintainership to tnn@
- mozilla-common.mk: work around gcc __thread support misdetection on NetBSD
- separate distinfo related stuff into dist.mk for sharing with nss & nspr
"topcrash" bugs fixed:
468562 "ASSERTION: Inserting multiple children without flushing"
521750 Put a runtime NS_IsMainThread check in nsCycleCollector::Suspect2 ...
524462 startup crash [@ gfxWindowsFontGroup::WhichFontSupportsChar(nsTAr ...
525326 Crashes in gif decoder [@ xul.dll@0x348945][@ xul.dll@0x348864][@ ...
525276 crashes [@ nsDocument::RegisterNamedItems(nsIContent*)]
Also fix broken DESTDIR support.
Fixes the following security issues:
MFSA 2009-64 Crashes with evidence of memory corruption (rv:1.9.1.4/ 1.9.0.15)
MFSA 2009-63 Upgrade media libraries to fix memory safety bugs
MFSA 2009-62 Download filename spoofing with RTL override
MFSA 2009-61 Cross-origin data theft through document.getSelection()
MFSA 2009-59 Heap buffer overflow in string to number conversion
MFSA 2009-57 Chrome privilege escalation in XPCVariant::VariantDataToJS()
MFSA 2009-56 Heap buffer overflow in GIF color map parser
MFSA 2009-55 Crash in proxy auto-configuration regexp parsing
MFSA 2009-54 Crash with recursive web-worker calls
MFSA 2009-53 Local downloaded file tampering
MFSA 2009-52 Form history vulnerable to stealing
left disabled by default. Correct me if I'm wrong but it feels like
most pkgsrc users don't use gnome. If someone can comment on the
benefits of these dependencies in the GNOME environment, speak up.
Firefox 3.5 is based on the Gecko 1.9.1 rendering platform.
Firefox 3.5 offers many changes over the previous version, supporting new web
technologies, improving performance and ease of use.
Some of the notable features are:
* Support for the HTML5 <video> and <audio> elements
* Improved tools for controlling your private data
* Better web application performance using the new TraceMonkey JavaScript engine
* The ability to share your location with websites using Location Aware Browsing
* Support for native JSON, and web worker threads.
* Improvements to the Gecko layout engine, including speculative parsing for
faster content rendering.
* Support for new web technologies such as: downloadable fonts, CSS media
queries, new transformations and properties, JavaScript query selectors,
HTML5 local storage and offline application storage, <canvas> text,
ICC profiles, and SVG transforms.
(I opted for removing and re-importing instead of a plain update due to
extensive patch rototil)
We may encounter minor turbulence as dependent packages are sorted out.
Thank you for flying pkgsrc-current.
This changes the buildlink3.mk files to use an include guard for the
recursive include. The use of BUILDLINK_DEPTH, BUILDLINK_DEPENDS,
BUILDLINK_PACKAGES and BUILDLINK_ORDER is handled by a single new
variable BUILDLINK_TREE. Each buildlink3.mk file adds a pair of
enter/exit marker, which can be used to reconstruct the tree and
to determine first level includes. Avoiding := for large variables
(BUILDLINK_ORDER) speeds up parse time as += has linear complexity.
The include guard reduces system time by avoiding reading files over and
over again. For complex packages this reduces both %user and %sys time to
half of the former time.
