- see http://www.mozilla.org/en-US/firefox/18.0/releasenotes/
- fixes MFSA 2013-14 -> 20
- build with clang on i386/amd64 and with gcc 4.6 on powerpc. Required
since upstream dropped support for gcc < 4.4.
- don't build against systemwide jpeg anymore since it now needs its
internal libjpeg-turbo.
- add a stub method to sydney_audio_sndio.c in post-patch. Cant add it
to the file in cvs directly otherwise it breaks other mozillas
- remove patch-ipc_chromium_src_base_atomicops_h, not needed anymore
ok sthen@
- Fixes bug #814101 - Font Issue
- Reverted user agent change (was bug #588909) causing some website
incompatibilities, see #815743
- Readd the --with-system-jpeg locally (to remove in 18), and remove all the
configure_env/args/build_depends stuff that moved to moz.port.mk.
- add @pkgpath/@conflict markers to update www/firefox35 users to the
latest and greatest !
- see http://www.mozilla.org/en-US/firefox/17.0/releasenotes/ for details
- enable the gio/libnotify interaction, since it brings no additional
dep. libnotify will be dlopened at runtime if present, and gio is
already in the dependency chain. The latter will interact with the gio mime
database for file associations, and firefox will ask the user if he
wants to register it as the default http:// handler. The former will
show a notify popup upon download completion, among others.
- add build depends on yasm in i386/amd64 for webm
- remove patch-browser_app_profile_firefox_js, the updater is already disabled
- remove gstreamer patches from #776838, #777696 & #747257, merged upstream
- remove ipc_message_utils.h patch from #775428, commited upstream
- remove mozalloc.cpp patch, <sys/types.h> is already included above
- remove xpcshell hang patchset from #706955, cant reproduce anymore
- remove patch-security_manager_ssl_src_Makefile_in, unneeded
- remove OS.File extra logging from #785200, merged upstream
- add patch-toolkit_system_gnome_nsGIOService_cpp, workaround for
#805202 (libgio-2.0.so dlopening), to be removed in fx 19
- remove xpcom arm patch from #783875, merged upstream
ok sthen@
- see http://www.mozilla.org/en-US/firefox/16.0/releasenotes/ for details
- install an icon into share/pixmaps to fix desktop file icon path
- garbage collect patch-browser_installer_Makefile_in, and
patch-browser_installer_package-manifest_in, were from upstream
- remove patch-build_unix_mozilla_in, useless since bin/firefox is not a
script anymore since a while
- remove patch-build_unix_run-mozilla_sh, firefox can be directly
debugged in gdb now. update README accordingly
- remove patch-config_autoconf_mk_in, XCFLAGS are already passed
- update patch-content_media_gstreamer_nsGStreamerReader_cpp to fix
gstreamer on BE archs (#777696)
- update patch-extensions_spellcheck_hunspell_src_mozHunspell_cpp after
nsILocalFile api removal
- remove useless patch-gfx_thebes_Makefile_in pangox patch
- fix PLIST to use proper MOZILLA_VERSION instead of beta MOZILLA_VER
- see http://www.mozilla.org/en-US/firefox/15.0/releasenotes/
- add -Os hack to fix a relocation error when linking on ppc (as was
done in tb since 10..)
- garbage collect nsSound.cpp, the original one uses libcanberra
properly and thus sndio.
- remove patch from #750620, merged upstream (mfbt/double-conversion)
- remove patches from #747257, merged upstream (gstreamer fix)
- remove patches from #691898, merged upstream (yarr jit ppc)
- see http://www.mozilla.org/en-US/firefox/14.0.1/releasenotes/
- enable H.264 video support through gstreamer. Mention that one needs to
manually install gstreamer-ffmpeg. Not all videos/sites will work.
- backport cset from #776838 & #747257 for various gst fixes.
- backport cset from #750620 to fix ppc (and other exotic archs) build.
- backport cset from #752895 to fix packaging issues.
- remove patch-content_xslt_src_base_txDouble_cpp, useless since mozilla
switched to mfbt/double-conversion.
- remove nss opening hack in Sync, it works fine without it.
- remove the -rpath hack, not needed since matthew's ld.so fix from 12/06
- see http://www.mozilla.org/en-US/firefox/12.0/releasenotes/ for details
- two patches moved (patch-widget_src_xpwidgets_nsPrintSettingsImpl_cpp
and patch-widget_src_gtk2_Makefile_in)
- add two new patches for bug #691898 (patch-js_src_jsapi_cpp and
/patch-js_src_jsprvtd_h)
- add patch-gfx_thebes_gfxPlatform_cpp to workaround regression
introduced in bug #715658, which prevents one from building against
systemwide cairo.
- patch-extensions_auth_nsAuthGSSAPI_cpp from bug #667325 got merged
- patch-js_src_js-config_h_in and patch-js_src_jscpucfg_h from #714312 got
merged
- patch-ipc_chromium_src_base_dir_reader_posix_ -from #714315 got merged
- Fixes MFSA 2012-12->19
- see http://www.mozilla.org/en-US/firefox/11.0/releasenotes/
- complete patchset for #691898, still fixes build on ppc (and hopefully
commited in firefox 14...)
- add patchset from #706955, workarounds #669050 (xpcshell hangs during
make install and chokes on CSPUtils.csm, threads related..)
- remove obsolete/commited patches
- Fixes MFSA-2012-01..11
- remove patch-gfx_qcms_qcmstypes_h & patch-toolkit_xre_glxtest_cpp,
were commited upstream (bugs #651444 & #687320)
- remove patch-js_src_xpconnect_src_Makefile_in, dom_quickstubs.cpp hack
was apparently only needed with gcc3
- remove patch-xpcom_base_nsStackWalk_cpp, codepath not reached/solaris
only.
- add https://bug691898.bugzilla.mozilla.org/attachment.cgi?id=588391 to
use yarr interpreter on ppc, bug #691898 still being worked on
- backport https://hg.mozilla.org/mozilla-central/rev/9cfdb612a026, fixes
endianess detection on BSDs using machine/endian.h (bug #714312)
That's the first release following the new fast scheme of one major
release every 6 weeks..
Check out http://www.mozilla.com/en-US/firefox/5.0/releasenotes/ for
release notes. Note that it's still badly broken on sparc64, and
unlikely to be fixed soon... you still have www/firefox36.
Tested by (at least, probably forgetting some..) rpointel@, pea@,
ckuethe@ and myself on amd64, bluhm@ on i386 and ajacoutot@ on macppc
(thanks!)
ok rpointel@
release will be out within 24h. Doh!
So here comes 3.6.8, fixing MFSA-2010-48/critical bug 575836
Reminded by naddy@/dhill@/Patrick Keshishian
Proactive ok naddy@
http://www.mozilla.org/security/known-vulnerabilities/firefox36.html
The new plugin sandboxing code is disabled because :
- it only supports binary blobs plugins we don't have
- it is an horrible maze of #ifdef linux-apple-win32 coming straight
from an old version of chromium. Future versions should have better BSD
support..
tested by several on ports@, thanks!
www/firefox36 mostly by martynas@ and naddy@.
Note that the java plugin from devel/jdk currently doesn't work with this
version of firefox, in the meantime users really needed it will have to
use www/firefox35.
ok naddy@
MFSA 2010-20 Chrome privilege escalation via forced URL drag and drop
MFSA 2010-19 Dangling pointer vulnerability in nsPluginArray
MFSA 2010-18 Dangling pointer vulnerability in nsTreeContentView
MFSA 2010-17 Remote code execution with use-after-free in nsTreeSelection
MFSA 2010-16 Crashes with evidence of memory corruption
MFSA 2010-05 XSS hazard using SVG document and binary Content-Type
MFSA 2010-04 XSS due to window.dialogArguments being readable cross-domain
MFSA 2010-03 Use-after-free crash in HTML parser
MFSA 2010-01 Crashes with evidence of memory corruption
Also fix some corrupted $OpenBSD keywords, pointed out by sthen@
ok sthen@
MFSA 2009-71 GeckoActiveXObject exception messages can be used to enumerate installed COM objects
MFSA 2009-70 Privilege escalation via chrome window.opener
MFSA 2009-69 Location bar spoofing vulnerabilities
MFSA 2009-68 NTLM reflection vulnerability
MFSA 2009-65 Crashes with evidence of memory corruption
