pkgsrc/www/firefox/patches/patch-media_libcubeb_update.sh
ryoon 3093ecfe32 Update to 50.0.2
* Change default audio support to ALSA.
  You can use OSS or pulseaudio via ALSA plugin package.

Changelog:
50.0.2:
Fixed in Firefox 50.0.2
 #CVE-2016-9079: Use-after-free in SVG Animation

50.0.1:
Fixed
   *Firefox crashes with 3rd party Chinese IME when using IME text

Security vulnerabilities fixed in Firefox 50.0.1:
 #CVE-2016-9078: data: URL can inherit wrong origin after an HTTP redirect

50.0:

New
   *Playback video on more sites without plugins with WebM EME Support for Widevine on Windows and Mac
   *Improved performance for SDK extensions or extensions using the SDK module loader
   *Added download protection for a large number of executable file types on Windows, Mac and Linux
   *Increased availability of WebGL to more than 98 percent of users on Windows 7 and newer
   *Added Guarani (gn) locale
   *Added option to Find in page that allows users to limit search to whole words only
   *Updates to keyboard shortcuts
       *Set a preference to have Ctrl+Tab cycle through tabs in recently used order
       *View a page in Reader Mode by using Ctrl+Alt+R (command+alt+r on Mac)

Fixed
   *Login cookies are now saved for sites with a high number of cookies (Bug 1264192)
   *Various security fixes

   *Fixed rendering of dashed and dotted borders with rounded corners (border-radius)

Changed
   *The link to check for plugin security updates has been removed from the addon manager as Firefox automatically checks for plugin updates
   *Blocked versions of libavcodec older than 54.35.1
   *Added a built-in Emoji set for operating systems without native Emoji fonts (Windows 8.0 and lower and Linux)

Developer
   *Changes for web developers

Security vulnerabilities fixed in Firefox 50:
 #CVE-2016-5296: Heap-buffer-overflow WRITE in rasterize_edges_1
 #CVE-2016-5292: URL parsing causes crash
 #CVE-2016-5293: Write to arbitrary file with Mozilla Updater and Maintenance Service using updater.log hardlink
 #CVE-2016-5294: Arbitrary target directory for result files of update process
 #CVE-2016-5297: Incorrect argument length checking in JavaScript
 #CVE-2016-9064: Add-ons update must verify IDs match between current and new versions
 #CVE-2016-9065: Firefox for Android location bar spoofing using fullscreen
 #CVE-2016-9066: Integer overflow leading to a buffer overflow in nsScriptLoadHandler
 #CVE-2016-9067: heap-use-after-free in nsINode::ReplaceOrInsertBefore
 #CVE-2016-9068: heap-use-after-free in nsRefreshDriver
 #CVE-2016-9072: 64-bit NPAPI sandbox isn't enabled on fresh profile
 #CVE-2016-9075: WebExtensions can access the mozAddonManager API and use it to gain elevated privileges
 #CVE-2016-9077: Canvas filters allow feDisplacementMaps to be applied to cross-origin images, allowing timing attacks on them
 #CVE-2016-5291: Same-origin policy violation using local HTML file and saved shortcut file
 #CVE-2016-5295: Mozilla Maintenance Service: Ability to read arbitrary files as SYSTEM
 #CVE-2016-5298: SSL indicator can mislead the user about the real URL visited
 #CVE-2016-5299: Firefox AuthToken in broadcast protected with signature-level permission can be accessed by an application installed beforehand that defines the same permissionsPI key (glocation) in broadcast protected with signature-level permission can be accessed by an application installed beforehand that defines the same permissions
 #CVE-2016-9062: Private browsing browser traces (Android) in browser.db and wal file
 #CVE-2016-9070: Sidebar bookmark can have reference to chrome window
 #CVE-2016-9073: windows.create schema doesn't specify "format": "relativeUrl"
 #CVE-2016-9074: Insufficient timing side-channel resistance in divSpoiler
 #CVE-2016-9076: select dropdown menu can be used for URL bar spoofing on e10s
 #CVE-2016-9063: Possible integer overflow to fix inside XML_Parse in Expat
 #CVE-2016-9071: Probe browser history via HSTS/301 redirect + CSP
 #CVE-2016-5289: Memory safety bugs fixed in Firefox 50
 #CVE-2016-5290: Memory safety bugs fixed in Firefox 50 and Firefox ESR 45.5
2016-12-03 09:58:25 +00:00

12 lines
444 B
Bash

$NetBSD: patch-media_libcubeb_update.sh,v 1.1 2016/12/03 09:58:26 ryoon Exp $
--- media/libcubeb/update.sh.orig 2016-10-31 20:15:39.000000000 +0000
+++ media/libcubeb/update.sh
@@ -16,6 +16,7 @@ cp $1/src/cubeb_audiounit.cpp src
cp $1/src/cubeb_osx_run_loop.h src
cp $1/src/cubeb_jack.cpp src
cp $1/src/cubeb_opensl.c src
+cp $1/src/cubeb_oss.c src
cp $1/src/cubeb_panner.cpp src
cp $1/src/cubeb_panner.h src
cp $1/src/cubeb_pulse.c src