See https://www.mozilla.org/en-US/firefox/63.0.1/releasenotes/
- fix build with cbindgen 0.6.7
- really disable media autoplay by default, the knob changed (cf #1470082)
- use about:blank as default homepage/new tab page in new profiles.
Rationale: some parts of Activity Stream (the new Firefox Home) are nice
(ie searchbox, highlights, topsites from browsing history, etc) but
'snippets' is invasive (them being broken is a driver for this version,
cf #1503047, where comments are.. worrying), as is 'Recommended by
pocket' content shown to some countries (DE, CA, US..) - sadly, those
two sections cant easily be disabled (cf #1504279) on about:newtab, so
use the about:blank big hammer for privacy. Existing profiles still
using the default 'Firefox Home' are advised to visit
about:preferences#home and uncheck 'snippets' and 'pages saved to
pocket'... and read https://www.mozilla.org/en-US/privacy/firefox/.
While here add a section in pkg/README advising users using NIS or with
profiles on NFS to add getpw to the content process pledge, as it's
apparently needed in those conditions.
This fixes CVE-2018-18074: "before 2.20.0 sends an HTTP Authorization header to
an http URI upon receiving a same-hostname https-to-http redirect, which makes
it easier for remote attackers to discover credentials by sniffing the
network."
Based on a diff from Edward Lopez-Acosta
- Out-of-bounds write in uriComposeQuery* and uriComposeQueryEx*
- Detect integer overflow in uriComposeQuery* and uriComposeQueryEx*
- Protect uriResetUri* against acting on NULL input
some existing COMPILER lines with arch restrictions etc. In the usual
case this is now using "COMPILER = base-clang ports-gcc base-gcc" on
ports with c++ libraries in WANTLIB.
This is basically intended to be a noop on architectures using clang
as the system compiler, but help with other architectures where we
currently have many ports knocked out due to building with an unsuitable
compiler -
- some ports require c++11/newer so the GCC version in base that is used
on these archirtectures is too old.
- some ports have conflicts where an executable is built with one compiler
(e.g. gcc from base) but a library dependency is built with a different
one (e.g. gcc from ports), resulted in mixing incompatible libraries in the
same address space.
devel/gmp is intentionally skipped as it's on the path to building gcc -
the c++ library there is unused in ports (and not built by default upstream)
so intending to disable building gmpcxx in a future commit.
