See https://www.mozilla.org/en-US/firefox/63.0.1/releasenotes/
- fix build with cbindgen 0.6.7
- really disable media autoplay by default, the knob changed (cf #1470082)
- use about:blank as default homepage/new tab page in new profiles.
Rationale: some parts of Activity Stream (the new Firefox Home) are nice
(ie searchbox, highlights, topsites from browsing history, etc) but
'snippets' is invasive (them being broken is a driver for this version,
cf #1503047, where comments are.. worrying), as is 'Recommended by
pocket' content shown to some countries (DE, CA, US..) - sadly, those
two sections cant easily be disabled (cf #1504279) on about:newtab, so
use the about:blank big hammer for privacy. Existing profiles still
using the default 'Firefox Home' are advised to visit
about:preferences#home and uncheck 'snippets' and 'pages saved to
pocket'... and read https://www.mozilla.org/en-US/privacy/firefox/.
While here add a section in pkg/README advising users using NIS or with
profiles on NFS to add getpw to the content process pledge, as it's
apparently needed in those conditions.
This fixes CVE-2018-18074: "before 2.20.0 sends an HTTP Authorization header to
an http URI upon receiving a same-hostname https-to-http redirect, which makes
it easier for remote attackers to discover credentials by sniffing the
network."
Based on a diff from Edward Lopez-Acosta
- Out-of-bounds write in uriComposeQuery* and uriComposeQueryEx*
- Detect integer overflow in uriComposeQuery* and uriComposeQueryEx*
- Protect uriResetUri* against acting on NULL input
some existing COMPILER lines with arch restrictions etc. In the usual
case this is now using "COMPILER = base-clang ports-gcc base-gcc" on
ports with c++ libraries in WANTLIB.
This is basically intended to be a noop on architectures using clang
as the system compiler, but help with other architectures where we
currently have many ports knocked out due to building with an unsuitable
compiler -
- some ports require c++11/newer so the GCC version in base that is used
on these archirtectures is too old.
- some ports have conflicts where an executable is built with one compiler
(e.g. gcc from base) but a library dependency is built with a different
one (e.g. gcc from ports), resulted in mixing incompatible libraries in the
same address space.
devel/gmp is intentionally skipped as it's on the path to building gcc -
the c++ library there is unused in ports (and not built by default upstream)
so intending to disable building gmpcxx in a future commit.
Since we no longer have Apache 1.x there's no point renaming most of the
installed files any more, only the ones that conflict with base (httpd and
htpasswd), which avoids some tiresome hand merges that are needed in the
manpages for most updates. Courtesy symlinks added for now so that the
'xxx2' variants still work.
