pkgsrc-Changes archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
CVS commit: pkgsrc/www/firefox
Module Name: pkgsrc
Committed By: ryoon
Date: Wed Apr 30 03:10:40 UTC 2025
Modified Files:
pkgsrc/www/firefox: Makefile distinfo
pkgsrc/www/firefox/files: node-wrapper.sh
pkgsrc/www/firefox/patches: patch-config_makefiles_rust.mk
patch-media_ffvpx_libavutil_arm_bswap.h
Added Files:
pkgsrc/www/firefox/patches:
patch-third__party_abseil-cpp_absl_debugging_internal_elf__mem__image.cc
patch-third__party_abseil-cpp_absl_debugging_internal_vdso__support.cc
Log Message:
www/firefox: Update to 136.0.4
Changelog:
136.0.4:
Fixed
* Security fix.
Security fixes:
Mozilla Foundation Security Advisory 2025-19
#CVE-2025-2857: Incorrect handle could lead to sandbox escapes
136.0.3:
Fixed
* Significantly improved responsiveness on TikTok by improving the speed of
date formatting. (Bug 1954323)
136.0.2:
Fixed
* Fixed a bug where "Cookies and site data" and "Temporary cached files and
pages" were unexpectedly enabled after updating to Firefox 136 for users
with "History" and/or "Site settings" set to clear on shutdown in previous
versions. (Bug 1952564)
Affected users already on Firefox 136 can disable these settings in
"Privacy & Security".
* Fixed an issue where the Primary Password prompt appeared in unexpected
situations. (Bug 1946121)
* Fixed visibility issues with radio buttons on dark backgrounds. (Bug
1951930)
* Fixed high CPU usage on Windows when the screen was locked or the laptop
lid was closed. (Bug 1924932)
136.0.1:
Fixed
* Fixed an issue where a cookie size limit caused problems with website
cookie management when using the CookieStore API. This could cause login
and other state-related issues. (Bug 1950565)
* Fixed an issue where Control/Command+L did not focus the address bar in new
windows. (Bug 1947723)
136.0:
New
* You can now enable the updated Firefox sidebar in Settings > General >
Browser Layout to quickly access multiple tools in one click, without
leaving your main view. Sidebar tools include an AI chatbot of your choice,
bookmarks, history, and tabs from devices you sync with your Mozilla
account.
* Keep a lot of tabs open? Try our new vertical tabs layout to quickly scan
your list of tabs. With vertical tabs, your open and pinned tabs appear in
the sidebar instead of along the top of the browser. To turn on vertical
tabs, right-click on the toolbar near the top of the browser and select
Turn on Vertical Tabs. If you??ve enabled the updated sidebar, you can also
go to Customize sidebar and check Vertical tabs. Early testers report
feeling more organized after using vertical tabs for a few days.
* The Clear browsing data and cookies dialog now allows clearing saved form
info separately from browsing history.
* Smartblock Embeds allows users to selectively unblock certain social media
embeds that are blocked in ETP Strict and Private Browsing modes.
Currently, support is limited to a few embed types, with more to be added
in future updates.
* Firefox now upgrades page loads to HTTPS by default and gracefully falls
back to HTTP if the secure connection fails. This behavior is known as
HTTPS-First.
* On macOS, some background tabs will be moved to lower power cores, reducing
energy usage.
* Hardware-accelerated playback of HEVC video content is now supported on
macOS.
* Hardware video decoding is now enabled for AMD GPUs on Linux.
* On Linux, Firefox is now available on ARM64 (AArch64), with installation
options via APT and tarballs. Flatpak support is coming soon.
* The Weather forecast on the New Tab page is expanding to additional
regions, including Mexico, Brazil, Argentina, and Chile, as part of an
ongoing regional rollout.
* Address autofill enabled for users in the United Kingdom.
Fixed
* Firefox will now prefer the PNG format when copying images out of Firefox,
allowing the preservation of transparency.
* Various security fixes.
#
Changed
* For New Tab stories, the Save to Pocket action was moved from a button to
the context menu along with other actions, such as Bookmark.
* The macOS DMG installer packages now use LZMA for compression, reducing
download size and installation time.
* Due to recent changes in macOS Sequoia, the shortcut for completing search
strings to .com addresses has been changed from Ctrl+Enter to Cmd+Enter.
Security fixes:
Mozilla Foundation Security Advisory 2025-14
#CVE-2025-1930: AudioIPC StreamData could trigger a use-after-free in the
Browser process
#CVE-2025-1939: Tapjacking in Android Custom Tabs using transition animations
#CVE-2025-1931: Use-after-free in WebTransportChild
#CVE-2025-1932: Inconsistent comparator in XSLT sorting led to out-of-bounds
access
#CVE-2025-1933: JIT corruption of WASM i32 return values on 64-bit CPUs
#CVE-2025-1940: Android Intent confirmation prompt tapjacking using Select
options
#CVE-2024-9956: Passkey phishing within Bluetooth range
#CVE-2025-1934: Unexpected GC during RegExp bailout processing
#CVE-2025-1941: Lock screen setting bypass in Firefox Focus for Android
#CVE-2025-1942: Disclosure of uninitialized memory when .toUpperCase() causes
string to get longer
#CVE-2025-1935: Clickjacking the registerProtocolHandler info-bar
#CVE-2025-1936: Adding %00 and a fake extension to a jar: URL changed the
interpretation of the contents
#CVE-2025-1937: Memory safety bugs fixed in Firefox 136, Thunderbird 136,
Firefox ESR 115.21, Firefox ESR 128.8, and Thunderbird 128.8
#CVE-2025-1938: Memory safety bugs fixed in Firefox 136, Thunderbird 136,
Firefox ESR 128.8, and Thunderbird 128.8
#CVE-2025-1943: Memory safety bugs fixed in Firefox 136 and Thunderbird 136
To generate a diff of this commit:
cvs rdiff -u -r1.630 -r1.631 pkgsrc/www/firefox/Makefile
cvs rdiff -u -r1.553 -r1.554 pkgsrc/www/firefox/distinfo
cvs rdiff -u -r1.26 -r1.27 pkgsrc/www/firefox/files/node-wrapper.sh
cvs rdiff -u -r1.13 -r1.14 \
pkgsrc/www/firefox/patches/patch-config_makefiles_rust.mk
cvs rdiff -u -r1.1 -r1.2 \
pkgsrc/www/firefox/patches/patch-media_ffvpx_libavutil_arm_bswap.h
cvs rdiff -u -r0 -r1.1 \
pkgsrc/www/firefox/patches/patch-third__party_abseil-cpp_absl_debugging_internal_elf__mem__image.cc \
pkgsrc/www/firefox/patches/patch-third__party_abseil-cpp_absl_debugging_internal_vdso__support.cc
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: pkgsrc/www/firefox/Makefile
diff -u pkgsrc/www/firefox/Makefile:1.630 pkgsrc/www/firefox/Makefile:1.631
--- pkgsrc/www/firefox/Makefile:1.630 Thu Apr 24 14:16:03 2025
+++ pkgsrc/www/firefox/Makefile Wed Apr 30 03:10:40 2025
@@ -1,18 +1,17 @@
-# $NetBSD: Makefile,v 1.630 2025/04/24 14:16:03 wiz Exp $
+# $NetBSD: Makefile,v 1.631 2025/04/30 03:10:40 ryoon Exp $
FIREFOX_VER= ${MOZ_BRANCH}${MOZ_BRANCH_MINOR}
-MOZ_BRANCH= 135.0
-MOZ_BRANCH_MINOR= .1
+MOZ_BRANCH= 136.0
+MOZ_BRANCH_MINOR= .4
DISTNAME= firefox-${FIREFOX_VER}.source
PKGNAME= ${DISTNAME:S/.source//:S/b/beta/:S/esr//}
-PKGREVISION= 3
CATEGORIES= www
MASTER_SITES+= ${MASTER_SITE_MOZILLA:=firefox/releases/${FIREFOX_VER}/source/}
MASTER_SITES+= ${MASTER_SITE_MOZILLA_ALL:=firefox/releases/${FIREFOX_VER}/source/}
EXTRACT_SUFX= .tar.xz
-NODEJSKIT= nodejs-output-135.0.tgz
+NODEJSKIT= nodejs-output-136.0.2.tgz
DISTFILES= ${DEFAULT_DISTFILES} ${NODEJSKIT}
SITES.${NODEJSKIT}= ${MASTER_SITE_LOCAL}
@@ -162,6 +161,10 @@ pre-patch:
do \
${AWK} -f ${FILESDIR}/replace-moz.build.awk $$f > $$f.new; mv $$f.new $$f ; \
done
+ for f in $$(find ${WRKSRC}/third_party/abseil-cpp -name moz.build -type f) ; \
+ do \
+ ${AWK} -f ${FILESDIR}/replace-moz.build.awk $$f > $$f.new; mv $$f.new $$f ; \
+ done
post-build:
${SED} -e 's|@MOZILLA@|${MOZILLA}|g' \
Index: pkgsrc/www/firefox/distinfo
diff -u pkgsrc/www/firefox/distinfo:1.553 pkgsrc/www/firefox/distinfo:1.554
--- pkgsrc/www/firefox/distinfo:1.553 Wed Feb 26 16:05:08 2025
+++ pkgsrc/www/firefox/distinfo Wed Apr 30 03:10:40 2025
@@ -1,16 +1,16 @@
-$NetBSD: distinfo,v 1.553 2025/02/26 16:05:08 ryoon Exp $
+$NetBSD: distinfo,v 1.554 2025/04/30 03:10:40 ryoon Exp $
-BLAKE2s (firefox-135.0.1.source.tar.xz) = a447c6cf3e67192062dbcef05c1802bf8c5cfa6ac28f36a53990422d84e3cb5e
-SHA512 (firefox-135.0.1.source.tar.xz) = 9ff7c2ab6bc1660e339cdcd7745f8bdac5be25d3a79b9f0393385935270d7ef488599856bc38c22ae0b067389fa71a6999703b74804a6e0ea8265eb99788cea9
-Size (firefox-135.0.1.source.tar.xz) = 599617332 bytes
-BLAKE2s (nodejs-output-135.0.tgz) = 26886f878dfa807508af768ced79c944b47fe491a83c63d1cd1570f4347bc360
-SHA512 (nodejs-output-135.0.tgz) = 293ce8b0bc818470e30c327794aae9c21df4ee9dbaddcc07be507799def22b8a3c8dc3fb7c7bb2d41338855c7b48dc2edbfa110bc1c438a7d48d0f96bf1c994e
-Size (nodejs-output-135.0.tgz) = 251502 bytes
+BLAKE2s (firefox-136.0.4.source.tar.xz) = 74d0b7a6bed0022ae03b32b71371d7ddfcab4544fb8247803f5e8e1932869d69
+SHA512 (firefox-136.0.4.source.tar.xz) = c2252aa62d015ced6534cb2ac071f68089997b46690083cc1eff4bad306ae6c86543719ed2d35f6f973bf74467d6a04aba460d309c06dea425e76c720e344e28
+Size (firefox-136.0.4.source.tar.xz) = 605975980 bytes
+BLAKE2s (nodejs-output-136.0.2.tgz) = c549d59e4ed7b5f6d7e404468e3dc553641dcb20c5e3df97366fd4f22fcf719d
+SHA512 (nodejs-output-136.0.2.tgz) = b0e5678a9daa867fb99aad64c0242f087486a69f095080c33364df5a090c9ca250f1a3db70659d59f7e936c40f02583b658239eb955f72a322f78134bc22c11d
+Size (nodejs-output-136.0.2.tgz) = 252142 bytes
SHA1 (patch-browser_app_profile_firefox.js) = bc719edef37d18655ba79b030270438ee166fdaf
SHA1 (patch-build_moz.configure_init.configure) = 65deb3c233df0aab81eb1fca05d708e5a4ed169a
SHA1 (patch-build_moz.configure_rust.configure) = 25ddfacd29cebbc6db005dbe61a2a7446d480678
SHA1 (patch-config_gcc-stl-wrapper.template.h) = 9d1f15ff487efa9202114d19ed5668b4e7aa032a
-SHA1 (patch-config_makefiles_rust.mk) = 95184af03c73ac732b6a7377efda8a0c3fc3bff2
+SHA1 (patch-config_makefiles_rust.mk) = 3366ab089a23e66230e7e23749c10db38018fdd4
SHA1 (patch-dom_base_nsAttrName.h) = ac7ba441a3b27df2855cf2673eea36b1cb44ad49
SHA1 (patch-dom_webtransport_api_WebTransportDatagramDuplexStream.cpp) = b93b4c6367bd2fb3d1868ab7d97ca56c100be414
SHA1 (patch-gfx_angle_checkout_src_common_third__party_smhasher_src_PMurHash.cpp) = e458c9c8dc66edc69c1874734af28a77fc5e3993
@@ -23,12 +23,14 @@ SHA1 (patch-js_public_Utility.h) = bb546
SHA1 (patch-js_src_jit_FlushICache.cpp) = d1e611eaf7d7be22abfac6b39fbcd99df3570e47
SHA1 (patch-js_src_util_NativeStack.cpp) = a0a16d8d8d78d3cc3f4d2a508586f1a7821f7dba
SHA1 (patch-js_src_vm_TypedArrayObject-inl.h) = e7913c8d4b2b05b67040baa64dae62d6ba40390e
-SHA1 (patch-media_ffvpx_libavutil_arm_bswap.h) = de58daa0fd23d4fec50426602b65c9ea5862558a
+SHA1 (patch-media_ffvpx_libavutil_arm_bswap.h) = 019677e249e744baea857ca17ef69d977f43b3a4
SHA1 (patch-media_libpng_pngpriv.h) = 8320a1f7534ed5c4914b597bb3d6117d0060318f
SHA1 (patch-modules_fdlibm_src_math__private.h) = e20b6c23011d7123cbbd64a500eb8ce8c426620e
SHA1 (patch-netwerk_protocol_http_nsHttpHandler.cpp) = 67493b4635041d21ff9fbfda80b3197fed542a26
SHA1 (patch-nsprpub_pr_src_pthreads_ptsynch.c) = 753fd4d62088c870aefe7c4b739286259848446e
SHA1 (patch-python_mozbuild_mozbuild_backend_recursivemake.py) = 5be4183d9075f5a3a3c6b3e0338473af185fb50e
+SHA1 (patch-third__party_abseil-cpp_absl_debugging_internal_elf__mem__image.cc) = 2b5955027add79d1b8709667b0433b2d19fbd1bc
+SHA1 (patch-third__party_abseil-cpp_absl_debugging_internal_vdso__support.cc) = f9c44d0d6fd952296f23c24f56053958b30d8e5c
SHA1 (patch-third__party_js_cfworker_build.sh) = 46cdf97b99cf01080f290ae8d9a33b5f869fc3e4
SHA1 (patch-third__party_libwebrtc_modules_desktop__capture_desktop__capture__gn_moz.build) = d0454784eb72be49162f619579e060a0de3c480f
SHA1 (patch-third__party_libwebrtc_modules_desktop__capture_linux_wayland_egl__dmabuf.cc) = 455be625b5de2f6f1f4b2dbb6c8cb33ca16c2583
Index: pkgsrc/www/firefox/files/node-wrapper.sh
diff -u pkgsrc/www/firefox/files/node-wrapper.sh:1.26 pkgsrc/www/firefox/files/node-wrapper.sh:1.27
--- pkgsrc/www/firefox/files/node-wrapper.sh:1.26 Thu Feb 6 03:11:29 2025
+++ pkgsrc/www/firefox/files/node-wrapper.sh Wed Apr 30 03:10:40 2025
@@ -1,6 +1,6 @@
#! /bin/sh
-VERS=v23.7.0
+VERS=v23.9.0
if [ "$1" = "-v" ] || [ "$1" = "--version" ]; then
printf "${VERS}\n"
Index: pkgsrc/www/firefox/patches/patch-config_makefiles_rust.mk
diff -u pkgsrc/www/firefox/patches/patch-config_makefiles_rust.mk:1.13 pkgsrc/www/firefox/patches/patch-config_makefiles_rust.mk:1.14
--- pkgsrc/www/firefox/patches/patch-config_makefiles_rust.mk:1.13 Thu Aug 1 15:41:09 2024
+++ pkgsrc/www/firefox/patches/patch-config_makefiles_rust.mk Wed Apr 30 03:10:40 2025
@@ -1,4 +1,4 @@
-$NetBSD: patch-config_makefiles_rust.mk,v 1.13 2024/08/01 15:41:09 ryoon Exp $
+$NetBSD: patch-config_makefiles_rust.mk,v 1.14 2025/04/30 03:10:40 ryoon Exp $
NetBSD doesn't get along with parallel rust builds (it causes issues
with ld.so) which are the default. Force -j1.
@@ -6,7 +6,7 @@ with ld.so) which are the default. Force
Use less memory to fix build under NetBSD/i386.
From: https://bugzilla.mozilla.org/show_bug.cgi?id=1644409
---- config/makefiles/rust.mk.orig 2024-07-04 17:04:12.000000000 +0000
+--- config/makefiles/rust.mk.orig 2025-02-21 13:24:16.000000000 +0000
+++ config/makefiles/rust.mk
@@ -60,6 +60,9 @@ ifdef MOZ_TSAN
cargo_build_flags += -Zbuild-std=std,panic_abort
@@ -17,8 +17,8 @@ From: https://bugzilla.mozilla.org/show_
+endif
rustflags_sancov =
- ifdef LIBFUZZER
-@@ -92,7 +95,7 @@ ifndef rustflags_sancov
+ ifndef MOZ_TSAN
+@@ -101,7 +104,7 @@ ifndef rustflags_sancov
# Never enable when coverage is enabled to work around https://github.com/rust-lang/rust/issues/90045.
ifndef MOZ_CODE_COVERAGE
ifeq (,$(findstring gkrust_gtest,$(RUST_LIBRARY_FILE)))
Index: pkgsrc/www/firefox/patches/patch-media_ffvpx_libavutil_arm_bswap.h
diff -u pkgsrc/www/firefox/patches/patch-media_ffvpx_libavutil_arm_bswap.h:1.1 pkgsrc/www/firefox/patches/patch-media_ffvpx_libavutil_arm_bswap.h:1.2
--- pkgsrc/www/firefox/patches/patch-media_ffvpx_libavutil_arm_bswap.h:1.1 Wed Nov 27 15:31:09 2019
+++ pkgsrc/www/firefox/patches/patch-media_ffvpx_libavutil_arm_bswap.h Wed Apr 30 03:10:40 2025
@@ -1,8 +1,8 @@
-$NetBSD: patch-media_ffvpx_libavutil_arm_bswap.h,v 1.1 2019/11/27 15:31:09 jmcneill Exp $
+$NetBSD: patch-media_ffvpx_libavutil_arm_bswap.h,v 1.2 2025/04/30 03:10:40 ryoon Exp $
Fix NetBSD aarch64 build.
---- media/ffvpx/libavutil/arm/bswap.h.orig 2019-10-30 17:35:56.000000000 +0000
+--- media/ffvpx/libavutil/arm/bswap.h.orig 2025-02-21 13:24:25.000000000 +0000
+++ media/ffvpx/libavutil/arm/bswap.h
@@ -23,6 +23,8 @@
#include "config.h"
@@ -13,8 +13,8 @@ Fix NetBSD aarch64 build.
#ifdef __ARMCC_VERSION
#if HAVE_ARMV6
-@@ -64,4 +66,6 @@ static av_always_inline av_const uint32_
-
+@@ -47,4 +49,6 @@ static av_always_inline av_const unsigne
+ #endif
#endif /* __ARMCC_VERSION */
+#endif /* __aarch64__ */
Added files:
Index: pkgsrc/www/firefox/patches/patch-third__party_abseil-cpp_absl_debugging_internal_elf__mem__image.cc
diff -u /dev/null pkgsrc/www/firefox/patches/patch-third__party_abseil-cpp_absl_debugging_internal_elf__mem__image.cc:1.1
--- /dev/null Wed Apr 30 03:10:41 2025
+++ pkgsrc/www/firefox/patches/patch-third__party_abseil-cpp_absl_debugging_internal_elf__mem__image.cc Wed Apr 30 03:10:40 2025
@@ -0,0 +1,17 @@
+$NetBSD: patch-third__party_abseil-cpp_absl_debugging_internal_elf__mem__image.cc,v 1.1 2025/04/30 03:10:40 ryoon Exp $
+
+* NetBSD has no DT_GNU_HASH definition.
+
+--- third_party/abseil-cpp/absl/debugging/internal/elf_mem_image.cc.orig 2025-03-05 13:29:06.318414617 +0000
++++ third_party/abseil-cpp/absl/debugging/internal/elf_mem_image.cc
+@@ -221,6 +221,10 @@ void ElfMemImage::Init(const void *base)
+ for (; dynamic_entry->d_tag != DT_NULL; ++dynamic_entry) {
+ const auto value =
+ static_cast<intptr_t>(dynamic_entry->d_un.d_val) + relocation;
++/* For NetBSD 9 */
++#if !defined(DT_GNU_HASH)
++#define DT_GNU_HASH 0x6ffffef5
++#endif
+ switch (dynamic_entry->d_tag) {
+ case DT_HASH:
+ sysv_hash = reinterpret_cast<uint32_t *>(value);
Index: pkgsrc/www/firefox/patches/patch-third__party_abseil-cpp_absl_debugging_internal_vdso__support.cc
diff -u /dev/null pkgsrc/www/firefox/patches/patch-third__party_abseil-cpp_absl_debugging_internal_vdso__support.cc:1.1
--- /dev/null Wed Apr 30 03:10:41 2025
+++ pkgsrc/www/firefox/patches/patch-third__party_abseil-cpp_absl_debugging_internal_vdso__support.cc Wed Apr 30 03:10:40 2025
@@ -0,0 +1,18 @@
+$NetBSD: patch-third__party_abseil-cpp_absl_debugging_internal_vdso__support.cc,v 1.1 2025/04/30 03:10:40 ryoon Exp $
+
+* Do not find system_wrappers/syscall.h generated by Firefox.
+
+--- third_party/abseil-cpp/absl/debugging/internal/vdso_support.cc.orig 2025-03-01 04:07:45.625009806 +0000
++++ third_party/abseil-cpp/absl/debugging/internal/vdso_support.cc
+@@ -26,9 +26,9 @@
+
+ #include <errno.h>
+ #include <fcntl.h>
+-#if __has_include(<syscall.h>)
++#if defined(__linux__)
+ #include <syscall.h>
+-#elif __has_include(<sys/syscall.h>)
++#elif defined(__NetBSD__) || defined(__FreeBSD__) || defined(__OpenBSD__)
+ #include <sys/syscall.h>
+ #endif
+ #include <unistd.h>
Home |
Main Index |
Thread Index |
Old Index