See https://www.mozilla.org/en-US/firefox/63.0.1/releasenotes/
- fix build with cbindgen 0.6.7
- really disable media autoplay by default, the knob changed (cf #1470082)
- use about:blank as default homepage/new tab page in new profiles.
Rationale: some parts of Activity Stream (the new Firefox Home) are nice
(ie searchbox, highlights, topsites from browsing history, etc) but
'snippets' is invasive (them being broken is a driver for this version,
cf #1503047, where comments are.. worrying), as is 'Recommended by
pocket' content shown to some countries (DE, CA, US..) - sadly, those
two sections cant easily be disabled (cf #1504279) on about:newtab, so
use the about:blank big hammer for privacy. Existing profiles still
using the default 'Firefox Home' are advised to visit
about:preferences#home and uncheck 'snippets' and 'pages saved to
pocket'... and read https://www.mozilla.org/en-US/privacy/firefox/.
While here add a section in pkg/README advising users using NIS or with
profiles on NFS to add getpw to the content process pledge, as it's
apparently needed in those conditions.
See https://www.mozilla.org/en-US/firefox/61.0/releasenotes/
Fixes https://www.mozilla.org/en-US/security/advisories/mfsa2018-15/
- build against bundled hunspell (#1460600), build against system
hunspell is unsupported
- build depend on python3 in addition to python2. sigh.
- improve pledge messages to show the process id, and put the debugging
ones behind MOZ_SANDBOX_LOGGING env var being set
- workaround content process 'proc' pledge violations by faking a
session dbus if one isnt running, see #1466593. idea from semarie@
- backport patch from #1467882 that improves sndio volume handling, from
ratchov@
changes (CPUSTATES/etc). Last part.
- some of these might be in code that's not actually built or rarely
used but it's not worth the hassle evaluating that, i'm just bumping &
moving on.
- as mentioned before, there might still be runtime problems relating
to the addition or renumbering.
See https://www.mozilla.org/en-US/firefox/60.0.1/releasenotes/
After numerous reports of pledge aborts when saving files (while for
some reason i'm not experiencing it) add 'getpw' to main process
promises. Also add 'mcast', because sometimes a setsockopt() seems to be
called with IP_MULTICAST_TTL.
Improve README:
- drop the now deprecated section about plugins
- improve section about debugging with pledge info
- add a section advising users to make sure a session dbus instance is
running when starting their X session, otherwise for some reason the
content process might try to spawn one via glib, and this is forbidden
by pledge. You don't want the content process to be able to spawn
processes, right ?
See https://www.mozilla.org/en-US/firefox/60.0/releasenotes/
Fixes https://www.mozilla.org/en-US/security/advisories/mfsa2018-11/
- Add initial/wip pledge() support, with distinct subsets for main &
content processes. The promises are runtime-configurable for now via
about:config knobs to ease debugging/testing. They're printed on stderr
when applied by the sandboxing codepaths (cf
patch-toolkit_xre_nsAppRunner_cpp and patch-dom_ipc_ContentChild_cpp).
- Add a bunch of patches (patch-widget_nsShmImage_cpp,
patch-xpcom_base_nsDebugImpl_cpp, patch-mozglue_misc_TimeStamp_posix_cpp and
patch-xpcom_base_nsMemoryReporterManager_cpp) to neuter non-critical
codepaths that calls pledge-forbidden syscalls.
- All this pledge() stuff being currently discussed upstream in
https://bugzilla.mozilla.org/show_bug.cgi?id=1457092 and done at p2k18.
Been running with it since then, and i'm fairly confident the pledge
subsets i come up with are now enough for most usages.
If you encounter crashes due to pledge, look into your kernel log, and
try to figure out what missing pledge is needed or what firefox codepath
hits it.
So far i know 'getpw' might be needed when uploading files but i havent
hit it, and 'proc' might be needed by the content process when there's
no dbus daemon running, but they're not needed in the 'common case', and
too broad.
- While here, tweak defaults to disable the pocket extension, and try to
disable the activity-stream/sponsored content that is being shown by
default on the new tab page in new profiles. Stop the madness, plz.
See https://www.mozilla.org/en-US/firefox/59.0/releasenotes/
Fixes https://www.mozilla.org/en-US/security/advisories/mfsa2018-06/
- Selfhost the source tarball temporarly until bug #1432591 is fixed
- add show-commit convenience target
- use bundled cairo, system cairo is broken and the option to build
against a it is being removed in #1432751
- remove version from the install dir (per #445128)
- in the README, remove now useless section about e10s (it's enabled by
default) and replace it by a section explaining how to enable GL
compositing and WebRender.
Note that backporting it to 6.2 might not be possible. Currently hacking
various options.
For existing profiles, visit about:preferences#privacy to disable it (cf
https://support.mozilla.org/en-US/kb/shield)
Users just want to browse the web, not be opted-in by default to random UI
experiments. See https://wiki.mozilla.org/Firefox/Shield/Shield_Studies
for details.
While i usually don't like diverting from upstream defaults, something
that automagically loads unwanted add-ons isn't right, so i'm making an
exception here.
way simd builds and we shouldnt suffer from runtime performance issues
using encoding_rs. Who would use firefox on a pentium 2 nowadays?
If your build fails, max out ulimit -d. At least 3Gig. Yes...
from semarie@
See https://www.mozilla.org/en-US/firefox/57.0/releasenotes/
Fixes MFSA2017-24, see https://www.mozilla.org/en-US/security/advisories/mfsa2017-24/
- Legacy extensions are now unsupported and will stop working - you've
been warned, deal with it
- a separate single content process is now enabled by default
- remove gettext MODULE (reminded by naddy@)
- build stylo css engine (for that, add patches from #1401093 and #1341234)
- remove debugger.js patch, merged upstream (#1400197)
- build webrender, it's not enabled by default at runtime yet, but one
can test it by setting MOZ_WEBRENDER=1 in the env; See
https://wiki.mozilla.org/Platform/GFX/Quantum_Render for details.
- backport patch from ratchov@ (#1221580) enabling full-duplex audio in
cubeb, for a working audio webrtc experience ! Try it...
Tested by many, thanks!
See https://www.mozilla.org/en-US/firefox/55.0.1/releasenotes/
* Fix a regression the tab restoration process (bug 1388160)
* Fix a problem causing What's new pages not to be displayed (bug 1386224)
* Fix a rendering issue with some PKCS#11 libraries (bug 1388370)
* Disable the predictor prefetch (bug 1388160)
-stable commit awaiting packages...
