• https://releases.mozilla.org/pub/firefox/releases/109.0/source/ (Download)
• https://ftp.mozilla.org/pub/firefox/releases/109.0/source/ (Download)

• (2023-01-17) Updated to version: firefox-109.0
• (2023-01-06) Updated to version: firefox-108.0.2
• (2022-12-17) Updated to version: firefox-108.0.1
• (2022-12-14) Updated to version: firefox-108.0
• (2022-11-30) Updated to version: firefox-107.0.1
• (2022-11-15) Updated to version: firefox-107.0
• (2022-10-26) Updated to version: firefox-106.0.2
• (2022-10-18) Updated to version: firefox-106.0
• (2022-10-05) Updated to version: firefox-105.0.2
• (2022-09-23) Updated to version: firefox-105.0.1

Log message:
www/mozilla-firefox: MFC rerolled distfile upstream
bump REVISION to force a rebuild

Log message:
www/mozilla-firefox: rerolled distfile for 94.0.2 (rc1->rc2)
rc2 includes #1741997, final release was postponed for tomorrow.

Log message:
www/mozilla-firefox: MFC update to 94.0.2.
See https://www.mozilla.org/en-US/firefox/94.0.2/releasenotes/

Log message:
www/mozilla-firefox: update to 94.0.2.
See https://www.mozilla.org/en-US/firefox/94.0.2/releasenotes/
note that 94.0.1 was skipped for being macos-bugfix only

Log message:
www/mozilla-firefox: MFC: update to 94.0.
See https://www.mozilla.org/en-US/firefox/94.0/releasenotes/
Fixes https://www.mozilla.org/en-US/security/advisories/mfsa2021-48/
loosen the check for nss version, technically there's not much in nss
3.71 to warrant such a strong requirement.

Log message:
www/mozilla-firefox: update to 94.0.
See https://www.mozilla.org/en-US/firefox/94.0/releasenotes/
Fixes https://www.mozilla.org/en-US/security/advisories/mfsa2021-48/

Log message:
www/mozilla-firefox: MFC update to 93.0.
See https://www.mozilla.org/en-US/firefox/93.0/releasenotes/
Fixes https://www.mozilla.org/en-US/security/advisories/mfsa2021-43/
add a patch to prevent a sysctl call with KERN_PROC_ARGV triggering
pledge violations.

Log message:
www/mozilla-firefox: update to 93.0.
See https://www.mozilla.org/en-US/firefox/93.0/releasenotes/
Fixes https://www.mozilla.org/en-US/security/advisories/mfsa2021-43/
add a patch to prevent a sysctl call with KERN_PROC_ARGV triggering
pledge violations.

Log message:
Add unveil for ~/.config/fcitx to make the input method work when
using fcitx.
Reported by Yifei Zhan.
ok sthen@

Log message:
www/mozilla-firefox: update to firefox 92.0.
See https://www.mozilla.org/en-US/firefox/92.0/releasenotes/
Fixes https://www.mozilla.org/en-US/security/advisories/mfsa2021-38/
tested by (at least) naddy@

Log message:
www/mozilla-firefox: update to 91.0.
See https://www.mozilla.org/en-US/firefox/91.0/releasenotes/
Fixes https://www.mozilla.org/en-US/security/advisories/mfsa2021-33/
remove patches from #1713742, #1713745, #1713999, #1623086, #1706261 and
#1633769, all pushed/merged upstream.
tested at least by naddy@

Log message:
www/mozilla-firefox: update to 90.0.2.
See https://www.mozilla.org/en-US/firefox/90.0.2/releasenotes/

Log message:
www/mozilla-firefox: update to 90.0.1.
See https://www.mozilla.org/en-US/firefox/90.0.1/releasenotes/

Log message:
www/mozilla-firefox: update to firefox 90.0.
See https://www.mozilla.org/en-US/firefox/90.0/releasenotes/
Fixes https://www.mozilla.org/en-US/security/advisories/mfsa2021-28/
most of the added patches are already upstreamed and will go away in 91:
- build forkserver (#1713742, not enabled by default upstream yet, but
decreases memory usage, enable with dom.ipc.forkserver.enable)
- enable the remote data decoder process, and sandbox it (#1713745) -
tested with a wide variety of video/audio files.
- sandbox the new socket process (#1713999). Not enabled by default
upstream yet, but at least can be tested.
- add pledge/unveil config files for rdd & socket processes
- drop /dev/drm0 from unveil config files
- drop the Gtk2 lib/dependency
- amend README wrt debug-firefox package
tested by at least tb@ & naddy@, thanks !

Log message:
www/mozilla-firefox: update to 89.0.2.
See https://www.mozilla.org/en-US/firefox/89.0.2/releasenotes/
Fixes occasional hangs with Software WebRender
(https://bugzilla.mozilla.org/show_bug.cgi?id=1708224)

Log message:
www/mozilla-firefox: update to 89.0.1.
See https://www.mozilla.org/en-US/firefox/89.0.1/releasenotes/
Fixes https://www.mozilla.org/en-US/security/advisories/mfsa2021-27/ (windows-only)

Log message:
www/mozilla-firefox: update to 89.0.
See https://www.mozilla.org/en-US/firefox/89.0/releasenotes/
Fixes https://www.mozilla.org/en-US/security/advisories/mfsa2021-23/
- depend on cbindgen 0.19 (#1695313)
- remove patch-mozglue_misc_Uptime_cpp, merged upstream in #1686405
- remove patch-xpcom_io_nsLocalFileUnix_cpp, merged upstream in #1697721
- fix path to readme in mozilla-firefox.1, from Joren Van Onder, thanks!
- update patch-dom_ipc_ContentChild_cpp to fix dconf error messages
(tons of "unable to create file '/var/run/user/1000/dconf/user':
Permission Denied.") on stderr when running within ck-launch-session;
the latter sets XDG_RUNTIME_DIR in the env to /var/run/user/$uid, and
dconf uses that to create a temporary database, with the current unveil
config preventing it.
- if XDG_RUNTIME_DIR is unset, fallback to ~/.cache, which is where dconf
defaults.
- update unveil.main to use $XDG_RUNTIME_DIR instead of wrong $XDG_CACHE_HOME.

Log message:
disable on i386: mozilla-related ports appear to run out of memory in
rust compilation; chromium has a "reference to type XX could not bind
to an lvalue of type YY" error

Log message:
www/mozilla-firefox: MFC update to 88.0.1.
See https://www.mozilla.org/en-US/firefox/88.0.1/releasenotes/
Fixes https://www.mozilla.org/en-US/security/advisories/mfsa2021-20/ (not there yet)
while here backport webrtc patch from jca fixing race conditions leading
to crashes with multiple jitsi users in a conference, cf #1706261

Log message:
www/mozilla-firefox: update to 88.0.1.
See https://www.mozilla.org/en-US/firefox/88.0.1/releasenotes/
Fixes https://www.mozilla.org/en-US/security/advisories/mfsa2021-20/ (not there yet)

Log message:
Avoid a crash in libwebrtc threading code
The code on libwebrtc depends on unportable behavior, namely that
pthread_create(3) updates *thread before the child is run.  This happens
on Linux/glibc, FreeBSD and Illumos, but not on OpenBSD or NetBSD.
POSIX only says that *thread is updated after a successful call.
This fixes crashes with Firefox when using Jitsi with several users in
the room.  Input from jmatthew@ and kettenis@, tests by mpi@, ok landry@
(maintainer).

Log message:
www/mozilla-firefox: update to 88.0
See https://www.mozilla.org/en-US/firefox/88.0/releasenotes/
Fixes https://www.mozilla.org/en-US/security/advisories/mfsa2021-14/ (not there yet)
- update patch-mozglue_misc_Uptime_cpp to what was commited upstream
- add link to upstream commit in patch-xpcom_io_nsLocalFileUnix_cpp, merged in 89
discussed with/ok naddy@ sthen@

Log message:
www/mozilla-firefox: update to 87.0
see https://www.mozilla.org/en-US/firefox/87.0/releasenotes/
fixes https://www.mozilla.org/en-US/security/advisories/mfsa2021-10/
- revert parts of #1696958 breaking downloads to ~/Downloads because of
unveil() interaction, until a better fix is found. Or unveil support
being ripped out, out of frustration.
- patch out toolkit/components/downloads/DownloadUIHelper.jsm to make
sure strings["downloadsFolder"] isnt localized, which would break
downloads for users with a langpack installed/enabled (as
~/Telechargements isnt unveiled by default)
- include patch from RJ Johnson in #1697721, fixing various web developer
issues with profiles created after unveil() integration (missing
<profile>/storage/permanent dir)
- add a blurb to README about creating/using ~/Downloads with unveil()

Log message:
www/mozilla-firefox: bugfix update to 86.0.1.
See https://www.mozilla.org/en-US/firefox/86.0.1/releasenotes/

Log message:
Reverse the polarity of MODPY_VERSION; default is now 3.x,
if a port needs 2.x then set MODPY_VERSION=${MODPY_DEFAULT_VERSION_2}.
This commit doesn't change any versions currently used; it may be that
some ports have MODPY_DEFAULT_VERSION_2 but don't require it, those
should be cleaned up in the course of updating ports where possible.
Python module ports providing py3-* packages should still use
FLAVOR=python3 so that we don't have a mixture of dependencies some
using ${MODPY_FLAVOR} and others not.

Log message:
www/mozilla-firefox: update to 86.0.
See https://www.mozilla.org/en-US/firefox/86.0/releasenotes/
Fixes https://www.mozilla.org/en-US/security/advisories/mfsa2021-07/
- drop patch-Cargo_toml, was from upstream in #1684261
- add patch from #1686405 to fix the build on non-tier1

Log message:
allow /dev/dri/card0 where /dev/drm0 was allowed
ok landry@

Log message:
www/mozilla-firefox: preemptively fix built with rust 1.50.
from/ok semarie@, same fix as found in #1684261

Log message:
www/mozilla-firefox: update to 85.0.2.
See https://www.mozilla.org/en-US/firefox/85.0.2/releasenotes/
Fixes https://bugzilla.mozilla.org/show_bug.cgi?id=1689032 (occasional
freeze at a startup)

Log message:
www/mozilla-firefox: update to 85.0.1.
See https://www.mozilla.org/en-US/firefox/85.0.1/releasenotes/
Fixes https://www.mozilla.org/security/advisories/mfsa2021-06/
(Windows-only 'Prevent access to NTFS special paths that could lead to
filesystem corruption.')

Log message:
www/mozilla-firefox: update to 85.0.
See https://www.mozilla.org/en-US/firefox/85.0/releasenotes/
Fixes https://www.mozilla.org/en-US/security/advisories/mfsa2021-03/
remove patch from #1677715, merged upstream.

Log message:
Add /etc/resolv.conf to files allowed by unveil for all Firefox-based ports.
Normally this file is exempted from unveil by "pledge dns", but if the user
has disabled pledge (which is required for using some features) it will no
longer be exempted, so must be handled explicitly by unveil.
Problem reported by Stefan Hagen, ok jcs landry

Log message:
www/mozilla-firefox: security update to 84.0.2.
See https://www.mozilla.org/en-US/firefox/84.0.2/releasenotes/
Fixes CVE-2020-16044 / https://www.mozilla.org/en-US/security/advisories/mfsa2021-01/

Log message:
www/mozilla-firefox: update to 84.0.1.
See https://www.mozilla.org/en-US/firefox/84.0.1/releasenotes/

Log message:
www/{mozilla-firefox,firefox-i18n}: update to 84.0.
See https://www.mozilla.org/en-US/firefox/84.0/releasenotes/
Fixes https://www.mozilla.org/en-US/security/advisories/mfsa2020-54/
- add /dev/drm0 & /usr/lib to main unveil file for proper webgl reporting
in about:support (see #1680946)
- add patch from #1677715 to fix the build, remove in 85.

Log message:
Update to firefox 83.0.
See https://www.mozilla.org/en-US/firefox/83.0/releasenotes/
Fixes https://www.mozilla.org/security/advisories/mfsa2020-50/
* remove all the MOZILLA_USE_* and the common BUILD_DEPENDS bits that
were removed from mozilla.port.mk
* properly install share/pixmaps/firefox.png and point at it in the
desktop file, should ease icon overriding by third-party themes
* drop patch fixing build on arm64 from #1672619 merged upstream
* drop patches from #1666701, merged upstream

Log message:
MFC: Security update to firefox 82.0.3.
Fixes https://www.mozilla.org/en-US/security/advisories/mfsa2020-49/

Log message:
Security update to firefox 82.0.3.
Fixes https://www.mozilla.org/en-US/security/advisories/mfsa2020-49/

Log message:
Add link to upstream commit

Log message:
sync distinfo, noticed by solene@

Log message:
MFC: Bugfix update to firefox 82.0.2.
See https://www.mozilla.org/en-US/firefox/82.0.2/releasenotes/
Fixes websocket regressions (cf https://bugzilla.mozilla.org/show_bug.cgi?id=1673340)

Log message:
Bugfix update to firefox 82.0.2.
See https://www.mozilla.org/en-US/firefox/82.0.2/releasenotes/
Fixes websocket regressions (cf https://bugzilla.mozilla.org/show_bug.cgi?id=1673340)

Log message:
MFC: update to firefox 82.0.1
See https://www.mozilla.org/en-US/firefox/82.0.1/releasenotes/
Add a patch from #1672619 to fix build failure reported by solene@ on
arm64, tested by solene@ and phessler@ (thanks !) - should get us a
firefox 82.0.1 package in -stable for arm64..

Log message:
Bugfix update to firefox 82.0.1.
See https://www.mozilla.org/en-US/firefox/82.0.1/releasenotes/
While here add a patch from #1672619 to fix build on arm64, tested by
solene@ and phessler@ (thanks !) - first patch on an arch i dont have..

Log message:
MFC: Update to firefox 82.0.
See https://www.mozilla.org/en-US/firefox/82.0/releasenotes/
Fixes https://www.mozilla.org/en-US/security/advisories/mfsa2020-45/
Add two patches for #1666701 that didnt make it in time for 82.0.
Add BDEP on GNU m4 for #1670807
It's unlikely that 83.0 will be backported to 6.8-stable as it will
require cbindgen 0.15.0 (among other probable requirements)

Log message:
Add /usr/lib r to unveil.gpu, apparently that helps with gpu
acceleration on inteldrm with layers.acceleration.force-enabled set to
true. swrast tries to load libelf and libLLVM.
From tb@

Log message:
Update to firefox 82.0.
See https://www.mozilla.org/en-US/firefox/82.0/releasenotes/
Fixes https://www.mozilla.org/en-US/security/advisories/mfsa2020-45/
Add two patches for #1666701 that didnt make it in time for 82.0.
Add BDEP on GNU m4 for #1670807

Log message:
MFC: Bugfix update to firefox 81.0.2.
See https://www.mozilla.org/en-US/firefox/81.0.2/releasenotes/
Fixes a regression on twitter about 'network protocol violation'
(https://bugzilla.mozilla.org/show_bug.cgi?id=1665368)

Log message:
Bugfix update to firefox 81.0.2.
See https://www.mozilla.org/en-US/firefox/81.0.2/releasenotes/
Fixes a regression on twitter about 'network protocol violation'
(https://bugzilla.mozilla.org/show_bug.cgi?id=1665368)
note that 82.0 is due next tuesday.

Log message:
Use 'ln -f' to ensure "make repackage" works.
ok landry

Log message:
Bugfix update to firefox 81.0.1.
See https://www.mozilla.org/en-US/firefox/81.0.1/releasenotes/

Log message:
Update to firefox 81.0.
See https://www.mozilla.org/en-US/firefox/81.0/releasenotes/
Fixes https://www.mozilla.org/en-US/security/advisories/mfsa2020-42/
Remove patch-media_ffvpx_ffvpxcommon_mozbuild from #1657321, merged
upstream.

Log message:
Add /usr/lib r to unveil.content to unbreak WebGL on some configurations
Reported/tested by Jesper Wellin and Joe Gidi, also discussed on bugs@.
Seems i had completely forgot about this one..

Log message:
Update to firefox 80.0.1.
See https://www.mozilla.org/en-US/firefox/80.0.1/releasenotes/

Log message:
Update to firefox 80.0.
See https://www.mozilla.org/en-US/firefox/80.0/releasenotes/
Fixes https://www.mozilla.org/en-US/security/advisories/mfsa2020-36/
- build with ports-clang by default to match the version used by
rust/cbindgen, fixes weird build issues as noted during the LLVM 10
upgrade. From semarie@, thanks !
- add patch from #1657321 removing -ffreestanding, allowing to build
with ports-clang, also from semarie@ and already pushed upstream.

Log message:
README improvements, mostly from Laurence Tratt with tweaks by me -
thanks!

Log message:
Some assorted fixes/cleanup:
- tweak COMMENT
- ensure BDEP on rust 1.43 (#1648343)
- drop useless/duplicated SUBST_VARS addition
- stop installing a mozilla-firefox symlink to firefox, i doubt anyone
uses the old command anymore - ditto, drop the mozilla-firefox.1 link
- consistently use ${MOZILLA_PROJECT} in PLIST to reduce differences
with firefox-esr

Log message:
Update to firefox 79.0.
See https://www.mozilla.org/en-US/firefox/79.0/releasenotes/
Fixes https://www.mozilla.org/en-US/security/advisories/mfsa2020-30/
add a jumbo patch trying to fix the 'open with' MIME handling mess,
broken since glib 2.64 upgrade - gio-launch-desktop has been replaced by
/bin/sh (see https://gitlab.gnome.org/GNOME/glib/-/merge_requests/1362/)
which is not unveiled. xdg-open calls gio which calls
g_app_info_launch_uris() which now fails.
Try to replace this fragile contraption with simpler (?) plain glib
code directly spawning a previously unveiled mime handler.  Rewrite
README section wrt this new handling.
WORKSFORME, havent got much feedback on the patch sadly, and the
developer who wrote the unveil() integration is MIA...

Log message:
prepare firefox to be buildable with rustc 1.45.0
https://bugzilla.mozilla.org/show_bug.cgi?id=1640982

Log message:
Update to firefox 78.0.2.
See https://www.mozilla.org/en-US/firefox/78.0.2/releasenotes/
Fixes https://www.mozilla.org/en-US/security/advisories/mfsa2020-28/

Log message:
Bugfix update to firefox 78.0.1.
See https://www.mozilla.org/en-US/firefox/78.0.1/releasenotes/
Disable 'search modernization' as it breaks in some rare circumstances.
https://bugzilla.mozilla.org/show_bug.cgi?id=1649393

Log message:
Update to firefox 78.0.
See https://www.mozilla.org/en-US/firefox/78.0/releasenotes/
Fixes https://www.mozilla.org/security/advisories/mfsa2020-24/
- add patch from semarie@ to use -C lto=thin when building rust code,
should consume less resources. See #1644409.
- drop BDEP on py2, only py3 is required now.

Log message:
Bugfix update to firefox 77.0.1.
See https://www.mozilla.org/en-US/firefox/77.0.1/releasenotes/
Fixes an issue with DNS over HTTPS rollout but TRR is disabled by
default for us anyway.

Log message:
Update to firefox 77.0.
See https://www.mozilla.org/en-US/firefox/77.0/releasenotes/
Fixes https://www.mozilla.org/en-US/security/advisories/mfsa2020-20/
* remove patches from https://hg.mozilla.org/mozilla-central/rev/463069687b3d
* add $OpenBSD$ CVS IDs to pledge/unveil config files, from kn@
- link to pkg-readme in mozilla-firefox(1) - this manpage shoplifted
somewhere on the interweb could   definitely need a proper rewrite..
tested by naddy@

Log message:
Fix webrtc audio/video on bigbluebutton, broken by the nss 3.52 update on some
sites.
* From FreeBSD via jbeich@, cf https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=246363
* backports https://hg.mozilla.org/mozilla-central/rev/463069687b3d from
https://bugzilla.mozilla.org/show_bug.cgi?id=1624128
Issue reported by Andrea Biscuola.
Fix confirmed working by ratchov@, thanks !
To be backported to -esr once someone confirms the patch fixes the issue
there too..

Log message:
76.0rc2 has been promoted to 76.0 on the mirrors, same distfile
discussed with sthen@ & naddy@

Log message:
Update to mozilla-firefox 76.0rc2
Relnotes will be at
https://www.mozilla.org/en-US/firefox/76.0/releasenotes/, and MFSAs
will be listed on https://www.mozilla.org/en-US/security/advisories/
- remove cubeb patch from #1610550, merged upstream
- remove libvpx patch from #1622013, merged upstream
commiting now to make sure we get some testing for 6.7 as discussed with
sthen@ and naddy@

Log message:
add link to upstream bug report

Log message:
Limit playback to 8 and recording to 2 channels.
This fixes certain video-conferencing sites. Related discussion is
here:
https://bugzilla.mozilla.org/show_bug.cgi?id=1633769
ok sthen, landry

Log message:
Remove audio from main process pledge.
this was only here to support a corner usercase and is now broken due to
unveil integration, and nobody noticed.
direct access to hardware is more or less forbidden now, just use sndiod
if you want to play sound from firefox.
ok tb@ ratchov@

Log message:
remove /usr/local/firefox from unveil() paths for the main process, this dir doesnt exist.

Log message:
remove patches unneeded since we dont build against systemwide sqlite
they didnt apply anymore anyway, cvs fooled me.
reported by pvk@, thanks!

Log message:
Update to firefox 75.0.
See https://www.mozilla.org/en-US/firefox/75.0/releasenotes/
Fixes https://www.mozilla.org/en-US/security/advisories/mfsa2020-12/
- headsup: now pledge/unveil config files are @sampled by default in
/etc/firefox, this way it's easier for end users to customize them at
will. yeah, everyone can change his mind..
- add a note in the README that WebRTC screen sharing requires disabling
pledge as it relies on shmget() (reported by Andrea Biscuola, thanks!)
- stop linking against systemwide sqlite library, the possibility was
removed in #1611386
- add a patch from tb@ to fix broken sandboxing when pledge/unveil
config files werent found in /etc/firefox (#1623086)
- add a patch from jbeich@freebsd to fix libvpx build on i386 (#1622013)
tested by tb@ and naddy@, thanks!

Log message:
Security update to firefox 74.0.1.
Fixes https://www.mozilla.org/en-US/security/advisories/mfsa2020-11/

Log message:
neuter dwz preventively since it doesn't work with those 4 ports
(it's likely the debug info is bogus)

Log message:
Now that reyk's changes are fully merged upstream, make /dev/fido
available so they can be used out of the box.
From Greg Steuck, "fine with it" landry

Log message:
Update to firefox 74.0.
See https://www.mozilla.org/en-US/firefox/74.0/releasenotes/
Fixes https://www.mozilla.org/en-US/security/advisories/mfsa2020-08/

Log message:
Fix path to dbus pkg-readme.
ok landry (maintainer)

Log message:
Update to firefox 73.0.1.
See https://www.mozilla.org/en-US/firefox/73.0.1/releasenotes/

Log message:
Fix audio recording for WebRTC, from ratchov (this time with the patch)

Log message:
Fix audio recording for WebRTC, from ratchov@ (cf #1610550)

Log message:
rust 1.39 is required for gecko 73 since #1594538

Log message:
Update to firefox 73.0.
See https://www.mozilla.org/en-US/firefox/73.0/releasenotes/
Fixes https://www.mozilla.org/en-US/security/advisories/mfsa2020-05/
- remove useless intl/icu/source/Makefile.in patch from #990196
- remove patches from #1594342m the slice-deque dependency was removed
note that i'm not going to backport this to -stable, but anybody is
welcome to do so, or at least try :)

Log message:
MFC: update to firefox 72.0.2.
See https://www.mozilla.org/en-US/firefox/72.0.2/releasenotes/
(thx solene@ for backporting 72.0.1 to make my life easier.. and note
that it might be hard to backport 73 as it requires newer cbindgen)

Log message:
Update to firefox 72.0.2.
See https://www.mozilla.org/en-US/firefox/72.0.2/releasenotes/

Log message:
Update to firefox-72.0.1
tested by many on amd64, thank you
hints from sthen@
help and "ok if it works" from landry@

Log message:
Update to firefox 72.0.1.
See https://www.mozilla.org/en-US/firefox/72.0.1/releasenotes/
Fixes https://www.mozilla.org/en-US/security/advisories/mfsa2020-03/

Log message:
Update to firefox 72.0
See https://www.mozilla.org/en-US/firefox/72.0/releasenotes/
Fixes https://www.mozilla.org/security/advisories/mfsa2020-01/
Remove patches merged upstream:
- unveil/pledge work from #1584839, #1580271, #1580268
- jit fix from #1586912
- build fix with cbinding 0.11.1 from #1602358
- sndio/unveil fix from #1596546
- arm64 fix from #1587116
Add two patches from #1594342 by semarie@ to fix slice_deque build,
pending fix/merge upstream.

Log message:
Add 'uses pledge()' comments, from Caspar Schutijser.

Log message:
Backport https://hg.mozilla.org/releases/mozilla-beta/raw-rev/4b7a8631178f to fix build with cbindgen 0.11.1

Log message:
regen patches

Log message:
Update to firefox 71.0.
See https://www.mozilla.org/en-US/firefox/71.0/releasenotes/
Fixes https://www.mozilla.org/en-US/security/advisories/mfsa2019-36/
- Adds unveil support (cf #1580271): firefox can now only access files
from /tmp & ~/Download by default, as chrome does
- pledge the gpu process (cf #1580268)
- overhaul pledge configuration which now lives in root-owned files and
can be overriden in /etc/firefox, cf #1584839.
- fix sound with unveil by disabling sndio lazy loading, cf #1596546
most of the work done by jcs@, upstreaming by yours truly - this has
been commited to firefox 72, but backport it to 71 so that it gets wider
testing. See /usr/local/share/doc/pkg-readmes/firefox for configuration
changes.
Note that security.sandbox.pledge.main & security.sandbox.pledge.content
about:config keys are now useless.
Add 3 patches to fix the build with upcoming rust 1.39, from semarie@.

Log message:
Use plain --enable-debug-symbols, the debug pkg goes from 90mb to 360mb
but at least the traces should provide local symbols, while -ggdb1 only
provided function names.
Add a comment about --enable-debug, which i wont use as it makes a wayys
larger binary/package, and enables too many different codepaths.
While here, replace the arm64 build fix from #1587116 with the one which
got commited upstream, thanks phessler@ for testing it.

Log message:
The list of files/libs with debug symbols is automagic now.

Log message:
Build debug-firefox.
ok ajacoutot@

Log message:
add links to upstream review/commit

Log message:
Update to firefox 70.0.1.
See https://www.mozilla.org/en-US/firefox/70.0.1/releasenotes/
While here use provided firefox.desktop instead of providing an outdated one.

Log message:
Document upstream bug report for mmap change in
ProcessExecutableMemory.cpp. okay landry@

Log message:
Remove patch from #1579323, was merged in 70 via
https://hg.mozilla.org/releases/mozilla-beta/rev/e0b6137d8d2e
reminded by jcs@, thanks!

Log message:
Update to firefox 70.0.
See https://www.mozilla.org/en-US/firefox/70.0/releasenotes/
Fixes https://www.mozilla.org/en-US/security/advisories/mfsa2019-34/

Log message:
Update to firefox 69.0.3.
See https://www.mozilla.org/en-US/firefox/69.0.3/releasenotes/

Log message:
Fix Firefox build on aarch64, Makefile parts from kurt@, build patch from me.
In conjunction with the JIT issue that kurt@ tracked down recently, Firefox
now runs on this arch. ok kurt@ landry@

Log message:
Allow mmap(2) to select a suitable random address by providing NULL as
the hint address. okay sthen@

Log message:
Update to firefox 69.0.2.
See https://www.mozilla.org/en-US/firefox/69.0.2/releasenotes/

Log message:
factor some common parts into mozilla.port.mk and fix DPB_PROPERTIES which
is supposed to be "lonesome" on i386 because parts of the build take a lot of
ram, but actually ended up as "lonesome parallel" due to a +=. hoping this
will reduce the frequent build failures on i386.  ok landry

Log message:
add link to upstream commit

Log message:
Update to firefox 69.0.1.
See https://www.mozilla.org/en-US/firefox/69.0.1/releasenotes/
Fixes https://www.mozilla.org/en-US/security/advisories/mfsa2019-31/

Log message:
Disable DoH by default.  While encrypting DNS might be a good thing,
sending all DNS traffic to Cloudflare by default is not a good idea.
Applications should respect OS configured settings.
The DoH settings still can be overriden if needed. ok landry@ job@

Log message:
Upstream combined --enable-sandbox and --enable-content-sandbox and
in the process, broke enabling the sandbox (pledge) on OpenBSD.
https://bugzilla.mozilla.org/show_bug.cgi?id=1579323
ok landry

Log message:
Update to firefox 69.0.
See https://www.mozilla.org/en-US/firefox/69.0/releasenotes/
Fixes https://www.mozilla.org/en-US/security/advisories/mfsa2019-25/

Log message:
Update to firefox 68.0.2.
See https://www.mozilla.org/en-US/firefox/68.0.2/releasenotes/
Fixes https://www.mozilla.org/en-US/security/advisories/mfsa2019-24/

Log message:
add comment to make it clear that DPB_PROPERTIES=lonesome on i386 intentionally overrides "parallel"

Log message:
Update to firefox 68.0.1.
See https://www.mozilla.org/en-US/firefox/68.0.1/releasenotes/

Log message:
replace simple PERMIT_PACKAGE_CDROM=Yes with PERMIT_PACKAGE=Yes

Log message:
Update to firefox 68.0.
See https://www.mozilla.org/en-US/firefox/68.0/releasenotes/
Fixes https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/
Remove servo patches finally unneeded with rust 1.36.0.
Note that it is very unlikely this will get backported to 6.5-stable, as
this new release requires cbindgen 0.8.7 and rust 1.34, which are not
going to get backported either. Which also means no 68.0esr for -stable.

Log message:
bump REVISION in a bunch of ports known or likely to use struct kinfo_proc,
there may be some missing as my unpacked ports source is a little out of date
but this should catch the main things people might run into
the struct was reordered a second time in sysctl.h r1.192 to improve
compatibility but amd64 snapshot packages made it out before that happened
so the bumps are still needed

Log message:
MFC: update to firefox 67.0.4.
Fixes https://www.mozilla.org/en-US/security/advisories/mfsa2019-19/
6.5-stable packages being built..

Log message:
Update to firefox 67.0.4.
Fixes https://www.mozilla.org/en-US/security/advisories/mfsa2019-19/
Same diff sent by Henry Jensen.

Log message:
MFC: update to firefox 67.0.3.
Fixes https://www.mozilla.org/en-US/security/advisories/mfsa2019-18/

Log message:
Update to firefox 67.0.3.
Fixes https://www.mozilla.org/en-US/security/advisories/mfsa2019-18/

Log message:
MFC: Update to firefox 67.0.2.
See https://www.mozilla.org/en-US/firefox/67.0.2/releasenotes/

Log message:
Update to firefox 67.0.2.
See https://www.mozilla.org/en-US/firefox/67.0.2/releasenotes/

Log message:
MFC: Update to firefox 67.0.1.
See https://www.mozilla.org/en-US/firefox/67.0.1/releasenotes/

Log message:
Update to firefox 67.0.1 'Trailhead'
See https://www.mozilla.org/en-US/firefox/67.0.1/releasenotes/

Log message:
MFC: update to firefox 67.0.
Cf https://www.mozilla.org/en-US/firefox/67.0/releasenotes/
Fixes https://www.mozilla.org/en-US/security/advisories/mfsa2019-13/
6.5-stable amd64 & i386 pkgs at the usual location.

Log message:
Update to firefox 67.0.
See https://www.mozilla.org/en-US/firefox/67.0/releasenotes/
Fixes https://www.mozilla.org/en-US/security/advisories/mfsa2019-13/
Add patch to relax sqlite runtime-check for SECURE_DELETE.
Add BDEP on nasm for bundled dav1d (reminded by naddy@)

Log message:
Update to firefox 66.0.5.
See https://www.mozilla.org/en-US/firefox/66.0.5/releasenotes/
6.5-stable packages at the usual spot.

Log message:
Update to firefox 66.0.5.
See https://www.mozilla.org/en-US/firefox/66.0.5/releasenotes/

Log message:
Update to firefox 66.0.4.
See https://www.mozilla.org/en-US/firefox/66.0.4/releasenotes/
Fixes the addons issue seen all around, cf
https://blog.mozilla.org/addons/2019/05/04/update-regarding-add-ons-in-firefox/
6.5-stable packages available at https://packages.rhaalovely.net, signed
with https://packages.rhaalovely.net/landry-mozilla-pkg.pub. i386 still
building.
ppl running 6.5-release not wanting to install 3rd-party packages from a
potentially untrusted source (ie, me) can temporarly enable studies to
get the hotfix, or manually install
https://storage.googleapis.com/moz-fx-normandy-prod-addons/extensions/hotfix-update-xpi-intermediate%40mozilla.com-1.0.2-signed.xpi

Log message:
Update to firefox 66.0.4.
See https://www.mozilla.org/en-US/firefox/66.0.4/releasenotes/
Fixes the addons issue seen all around, cf
https://blog.mozilla.org/addons/2019/05/04/update-regarding-add-ons-in-firefox/
Repackage i18n langpacks from 66.0.3 as they're not available for this
release.

Log message:
bump all the py3 things, _SYSTEM_VERSION didn't quite work out how
we expected and it's easier|safer to do it this way than fiddle with
pkg_add now. thanks aja for update tests with a quick bulk.

Log message:
Bugfix update to firefox 66.0.3.
See https://www.mozilla.org/en-US/firefox/66.0.3/releasenotes/
Might get to 6.5-stable once i get some vm updated..

Log message:
Bugfix update to firefox 66.0.2.
See https://www.mozilla.org/en-US/firefox/66.0.2/releasenotes/

Log message:
Update to firefox 66.0.1.
See https://www.mozilla.org/en-US/firefox/66.0.1/releasenotes/
Fixes https://www.mozilla.org/en-US/security/advisories/mfsa2019-09/

Log message:
Update to firefx 66.0.
See https://www.mozilla.org/en-US/firefox/66.0/releasenotes/
Fixes https://www.mozilla.org/security/advisories/mfsa2019-07/
Note that per
http://www.erahm.org/2019/03/13/doubling-the-number-of-content-processes-in-firefox/
the default number of content processes is now 8, change it via
dom.ipc.processCount in about:config if this is too much for your
resources.
Disable debug symbols on amd64 too, this allows to build with rust >=
1.32 with 4gb memory...

Log message:
prepare firefox (all versions) to be compiled using rust-1.33
ok landry@

Log message:
Bugfix update to firefox 65.0.1.
See https://www.mozilla.org/en-US/firefox/65.0.1/releasenotes/
Fixes https://www.mozilla.org/en-US/security/advisories/mfsa2019-04/

Log message:
Update to firefox 65.0.
See https://www.mozilla.org/en-US/firefox/65.0/releasenotes/
Fixes https://www.mozilla.org/en-US/security/advisories/mfsa2019-01/
* link against systemwide icu4c now that it's been updated
* add 'video' to main process pledge: note that by default on OpenBSD
only root can access the video device, so this changes nothing.
* document how to enable audio recording and changing video/webcam
device ownership for proper WebRTC usage.
beware if you try building this: in -current, rust fails to build any
mozilla since the devel/llvm update, but this is known and being worked on.

Log message:
Bugfix update to firefox 64.0.2.
See https://www.mozilla.org/en-US/firefox/64.0.2/releasenotes/

Log message:
Update to firefox 64.0.
See https://www.mozilla.org/en-US/firefox/64.0/releasenotes/
Note that this version won't be backported to 6.4-stable as this
requires newer cbingen. -stable users should fallback to firefox-esr..

Log message:
Bump requirement to nss 3.40.1 to ensure consumers pick it up.
Will be a hard requirement for upcoming 64 anyway.

Log message:
MFC: update to firefox 63.0.3.
See https://www.mozilla.org/en-US/firefox/63.0.3/releasenotes/
-stable packages at the usual spot.

Log message:
Bugfix update to firefox 63.0.3.
See https://www.mozilla.org/en-US/firefox/63.0.3/releasenotes/

Log message:
Bugfix update to firefox 63.0.1.
See https://www.mozilla.org/en-US/firefox/63.0.1/releasenotes/
- fix build with cbindgen 0.6.7
- really disable media autoplay by default, the knob changed (cf #1470082)
- use about:blank as default homepage/new tab page in new profiles.
Rationale: some parts of Activity Stream (the new Firefox Home) are nice
(ie searchbox, highlights, topsites from browsing history, etc) but
'snippets' is invasive (them being broken is a driver for this version,
cf #1503047, where comments are.. worrying), as is 'Recommended by
pocket' content shown to some countries (DE, CA, US..) - sadly, those
two sections cant easily be disabled (cf #1504279) on about:newtab, so
use the about:blank big hammer for privacy. Existing profiles still
using the default 'Firefox Home' are advised to visit
about:preferences#home and uncheck 'snippets' and 'pages saved to
pocket'... and read https://www.mozilla.org/en-US/privacy/firefox/.
While here add a section in pkg/README advising users using NIS or with
profiles on NFS to add getpw to the content process pledge, as it's
apparently needed in those conditions.

Log message:
MFC: Update to firefox 63.0.
See https://www.mozilla.org/en-US/firefox/63.0/releasenotes/
Fixes https://www.mozilla.org/en-US/security/advisories/mfsa2018-26/
Remove pledge patches from #1466593 & #1457092, they were all merged
upstream.
6.4-stable packages available at https://packages.rhaalovely.net/%m as usual.

Log message:
Update to firefox 63.0.
See https://www.mozilla.org/en-US/firefox/63.0/releasenotes/
Fixes https://www.mozilla.org/en-US/security/advisories/mfsa2018-26/
Remove pledge patches from #1466593 & #1457092, they were all merged
upstream.

Log message:
Bump all ports using rust to ensure they get rebuilt/updated.

Log message:
MFC: update to firefox 60.2.2.
See https://www.mozilla.org/en-US/firefox/60.2.2/releasenotes/
Fixes https://www.mozilla.org/en-US/security/advisories/mfsa2018-24/
-stable packages for 6.3 at the usual location

Log message:
Update to firefox 62.0.3.
See https://www.mozilla.org/en-US/firefox/62.0.3/releasenotes/
Fixes https://www.mozilla.org/en-US/security/advisories/mfsa2018-24/

Log message:
bump REVISION on ports using rust, to ensure that they pick up the fix
for out of bounds write due to integer overflow that was fixed in rust's
libstd (which is statically linked).

Log message:
MFC: update to firefox 60.2.1.
See https://www.mozilla.org/en-US/firefox/60.2.1/releasenotes/
Fixes https://www.mozilla.org/en-US/security/advisories/mfsa2018-23/

Log message:
Update to firefox 62.0.2.
See https://www.mozilla.org/en-US/firefox/62.0.2/releasenotes/
Fixes https://www.mozilla.org/en-US/security/advisories/mfsa2018-22/
Remove patch fixing build with rust 1.29, merged upstream in the
-release branch.

Log message:
Backport https://hg.mozilla.org/mozilla-central/rev/36f4ba2fb6f5
Fixes the build with upcoming rust 1.29.
with semarie@

Log message:
MFC: update to firefox 60.2.0esr
See https://www.mozilla.org/en-US/firefox/60.2.0esr/releasenotes/
Fixes https://www.mozilla.org/en-US/security/advisories/mfsa2018-21/
i386 & amd64 packages at the usual location.
Note that the esr52 branch is now dead, so if you were using
www/firefox-esr, you should move to www/mozilla-firefox.

Log message:
Update to firefox 62.0.
See https://www.mozilla.org/en-US/firefox/62.0/releasenotes/
Fixes https://www.mozilla.org/en-US/security/advisories/mfsa2018-20/
* remove sndio patch from #1467882, merged upstream
* update sandboxing patches to match what was commited in #1457092. Set
MOZ_LOG=SandboxPledge:5 in the env if you want to debug pledge calls.
* add aarch64 to ONLY_FOR_ARCHS. Probably doesnt build/package, but ppl
interested may try to improve the situation.

Log message:
convert to PKGSTEM

Log message:
Remove patch that was meant to be removed when updating to 61.
ComputeUptime is called before pledge().. so no need to neuter this sysctl()

Log message:
Update to firefox 61.0.1.
See https://www.mozilla.org/en-US/firefox/61.0.1/releasenotes/

Log message:
first tag: update-desktop-database

Log message:
Update to firefox 60.1.0.
See https://www.mozilla.org/en-US/firefox/60.1.0/releasenotes/
See https://www.mozilla.org/en-US/security/advisories/mfsa2018-16/
Note that i'm not going to backport new versions to -stable, this is
technically challenging, so better move the mainline port to esr
releases.
signed 6.3 -stable packages for i386 & amd64 at the usual spot.

Log message:
Update to firefox 61.
See https://www.mozilla.org/en-US/firefox/61.0/releasenotes/
Fixes https://www.mozilla.org/en-US/security/advisories/mfsa2018-15/
- build against bundled hunspell (#1460600), build against system
hunspell is unsupported
- build depend on python3 in addition to python2. sigh.
- improve pledge messages to show the process id, and put the debugging
ones behind MOZ_SANDBOX_LOGGING env var being set
- workaround content process 'proc' pledge violations by faking a
session dbus if one isnt running, see #1466593. idea from semarie@
- backport patch from #1467882 that improves sndio volume handling, from
ratchov@

Log message:
MFC: Update to firefox 60.0.2.
See https://www.mozilla.org/en-US/firefox/60.0.2/releasenotes/
Fixes https://www.mozilla.org/en-US/security/advisories/mfsa2018-14/
-stable packages at the usual spot.

Log message:
Update to firefox 60.0.2.
See https://www.mozilla.org/en-US/firefox/60.0.2/releasenotes/
Fixes https://www.mozilla.org/en-US/security/advisories/mfsa2018-14/

Log message:
spello

Log message:
Bump the remaining ports to trigger updates following cpu stats
changes (CPUSTATES/etc). Last part.
- some of these might be in code that's not actually built or rarely
used but it's not worth the hassle evaluating that, i'm just bumping &
moving on.
- as mentioned before, there might still be runtime problems relating
to the addition or renumbering.

Log message:
Bugfix update to firefox 60.0.1.
See https://www.mozilla.org/en-US/firefox/60.0.1/releasenotes/.
Readd nsprpub/pr/src/linking/prlink.c patch from devel/nspr to tweak
PRLoadLibrary() for our specific library naming, should at least fix
video playback in the browser via ffmpeg/libavcodec dlopen'ing. Sorry
for breaking it with 60.0 when switching to internal nspr.
Packages for 6.3 at the usual spot.

Log message:
Bugfix update to firefox 60.0.1.
See https://www.mozilla.org/en-US/firefox/60.0.1/releasenotes/
After numerous reports of pledge aborts when saving files (while for
some reason i'm not experiencing it) add 'getpw' to main process
promises. Also add 'mcast', because sometimes a setsockopt() seems to be
called with IP_MULTICAST_TTL.
Improve README:
- drop the now deprecated section about plugins
- improve section about debugging with pledge info
- add a section advising users to make sure a session dbus instance is
running when starting their X session, otherwise for some reason the
content process might try to spawn one via glib, and this is forbidden
by pledge. You don't want the content process to be able to spawn
processes, right ?

Log message:
Oops, forgot to bump SO_VERSION - not that it matters, but oh well..
No bump since it was just commited.

Log message:
MFC (sortof): update to firefox-60.0.
See https://www.mozilla.org/en-US/firefox/60.0/releasenotes/
Fixes https://www.mozilla.org/en-US/security/advisories/mfsa2018-11/
Build against bundled nss/nspr as nss 3.36.1 is now a requirement.
Packages for 6.3 at the usual spot.

Log message:
Update to firefox 60.
See https://www.mozilla.org/en-US/firefox/60.0/releasenotes/
Fixes https://www.mozilla.org/en-US/security/advisories/mfsa2018-11/
- Add initial/wip pledge() support, with distinct subsets for main &
content processes. The promises are runtime-configurable for now via
about:config knobs to ease debugging/testing. They're printed on stderr
when applied by the sandboxing codepaths (cf
patch-toolkit_xre_nsAppRunner_cpp and patch-dom_ipc_ContentChild_cpp).
- Add a bunch of patches (patch-widget_nsShmImage_cpp,
patch-xpcom_base_nsDebugImpl_cpp, patch-mozglue_misc_TimeStamp_posix_cpp and
patch-xpcom_base_nsMemoryReporterManager_cpp) to neuter non-critical
codepaths that calls pledge-forbidden syscalls.
- All this pledge() stuff being currently discussed upstream in
https://bugzilla.mozilla.org/show_bug.cgi?id=1457092 and done at p2k18.
Been running with it since then, and i'm fairly confident the pledge
subsets i come up with are now enough for most usages.
If you encounter crashes due to pledge, look into your kernel log, and
try to figure out what missing pledge is needed or what firefox codepath
hits it.
So far i know 'getpw' might be needed when uploading files but i havent
hit it, and 'proc' might be needed by the content process when there's
no dbus daemon running, but they're not needed in the 'common case', and
too broad.
- While here, tweak defaults to disable the pocket extension, and try to
disable the activity-stream/sponsored content that is being shown by
default on the new tab page in new profiles. Stop the madness, plz.

Log message:
MFC: Update to firefox 59.0.2.
See https://www.mozilla.org/en-US/firefox/59.0.2/releasenotes/
(security advisories not up yet, packages being built)

Log message:
Update to firefox 59.0.2.
See https://www.mozilla.org/en-US/firefox/59.0.2/releasenotes/
(security advisories not up yet)

Log message:
MFC: Update to firefox 59.0.1.
https://www.mozilla.org/en-US/firefox/59.0.1/releasenotes/
Fixes https://www.mozilla.org/en-US/security/advisories/mfsa2018-08/
Diversions from -current:
- Now builds against bundled cairo/sqlite
- Use selfhosted tarball
- Partly revert commits from #1423236 & #1424280 to build with rust 1.20
(yeah, gross)
Tested by thuban on amd64, & myself on amd64/i386. I called for testing
one week ago, and got *one* reply. Wonder why i'm doing this..
Packages for 6.2 on their way.

Log message:
Update to firefox 59.0.1.
Fixes https://www.mozilla.org/en-US/security/advisories/mfsa2018-08/
from Pwn2own - "Out of bounds memory write while processing Vorbis audio
data".

Log message:
Properly define DISTFILES where appropriate when MOZILLA_COMMIT is set.
Dammit.

Log message:
Update to firefox 59.0.
See https://www.mozilla.org/en-US/firefox/59.0/releasenotes/
Fixes https://www.mozilla.org/en-US/security/advisories/mfsa2018-06/
- Selfhost the source tarball temporarly until bug #1432591 is fixed
- add show-commit convenience target
- use bundled cairo, system cairo is broken and the option to build
against a it is being removed in #1432751
- remove version from the install dir (per #445128)
- in the README, remove now useless section about e10s (it's enabled by
default) and replace it by a section explaining how to enable GL
compositing and WebRender.
Note that backporting it to 6.2 might not be possible. Currently hacking
various options.

Log message:
MFC: update to 58.0.2.
See https://www.mozilla.org/en-US/firefox/58.0.2/releasenotes/
6.2-stable amd64/i386 pkgs at the usual spot.

Log message:
Bugfix update to firefox 58.0.2.
See https://www.mozilla.org/en-US/firefox/58.0.2/releasenotes/

Log message:
MFC: security update to firefox 58.0.1.
See https://www.mozilla.org/en-US/firefox/58.0.1/releasenotes/
Fixes https://www.mozilla.org/en-US/security/advisories/mfsa2018-05/
Note that ESR isn't affected.
6.2-stable amd64/i386 pkgs at the usual spot.

Log message:
Security update to firefox 58.0.1.
See https://www.mozilla.org/en-US/firefox/58.0.1/releasenotes/
Fixes https://www.mozilla.org/en-US/security/advisories/mfsa2018-05/

Log message:
Set DPB_PROPERTIES=lonesome on i386 so that no new jobs are sent to the
worker building firefox. Fixes firefox packaging on i386, but for how long...
same diff/ok sthen@

Log message:
Pass --disable-debug-symbols to CONFIGURE_ARGS on i386, removes -C
debuginfo=2 from rust build flags and allows me to build firefox on i386
with recent rust. Somehow i had it locally but never commited it..

Log message:
MFC: update to firefox 58.0.
See https://www.mozilla.org/en-US/firefox/58.0/releasenotes/
Fixes https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/
Add two ugly hacks to loosen the dependency or recent rust/nss we don't
have in -stable.. somewhat gross, but it builds and runs.
6.2 packages for i386 & amd64 at the usual place.

Log message:
Also remove this one, was merged upstream in #1341234

Log message:
Update to firefox 58.0.
See https://www.mozilla.org/en-US/firefox/58.0/releasenotes/
Fixes https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/
Remove rust/i386 related patch from #1401093, doesnt apply and i'm not
really sure of the situation of rust on i386 anyway..
Remove sndio-related patches from #1221580 (merged upstream)

Log message:
MFC: Security update to firefox 57.0.4.
See https://www.mozilla.org/en-US/firefox/57.0.4/releasenotes/
Fixes https://www.mozilla.org/en-US/security/advisories/mfsa2018-01/
https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-timing-attack/
Note that ESR doesn't need such fix.
6.2-stable amd64/i386 pkgs at the usual spot.

Log message:
Security update to firefox 57.0.4.
See https://www.mozilla.org/en-US/firefox/57.0.4/releasenotes/
Fixes https://www.mozilla.org/en-US/security/advisories/mfsa2018-01/
https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-timing-attack/
Note that ESR doesn't need such fix.

Log message:
MFC: Update to firefox 57.0.3.
See https://www.mozilla.org/en-US/firefox/57.0.3/releasenotes/
6.2 packages for i386 & amd64 at the usual place.

Log message:
Bugfix update to firefox 57.0.3.
See https://www.mozilla.org/en-US/firefox/57.0.3/releasenotes/
(probably doesnt affect us since crashreporter related, but who knows..)

Log message:
Out-out from shield/studies by default in new profiles.
For existing profiles, visit about:preferences#privacy to disable it (cf
https://support.mozilla.org/en-US/kb/shield)
Users just want to browse the web, not be opted-in by default to random UI
experiments. See https://wiki.mozilla.org/Firefox/Shield/Shield_Studies
for details.
While i usually don't like diverting from upstream defaults, something
that automagically loads unwanted add-ons isn't right, so i'm making an
exception here.

Log message:
MFC: bugfix update to firefox 55.0.3.
While here add mozsqlite3 to SHARED_LIBS and update PLIST to unbreak
runtime which was broken since 55.0 update - sorry for the inconvenience.
"Stable" packages for i386 and amd64 available at
https://packages.rhaalovely.net/
signed with https://packages.rhaalovely.net/landry-mozilla-pkg.pub

Log message:
Bugfix update to firefox 55.0.3.
See https://www.mozilla.org/en-US/firefox/55.0.3/releasenotes/ and
https://www.mozilla.org/en-US/firefox/55.0.2/releasenotes/

Log message:
bump; textproc/icu4c now uses multi-packages for -wwwdata

Log message:
MFC: Bugfix update to 55.0.1.
See https://www.mozilla.org/en-US/firefox/55.0.1/releasenotes/
* Fix a regression the tab restoration process (bug 1388160)
* Fix a problem causing What's new pages not to be displayed (bug 1386224)
* Fix a rendering issue with some PKCS#11 libraries (bug 1388370)
* Disable the predictor prefetch (bug 1388160)
"Stable" packages for i386 and amd64 available at https://packages.rhaalovely.net/
signed with https://packages.rhaalovely.net/landry-mozilla-pkg.pub

Log message:
Bugfix update to 55.0.1.
See https://www.mozilla.org/en-US/firefox/55.0.1/releasenotes/
* Fix a regression the tab restoration process (bug 1388160)
* Fix a problem causing What's new pages not to be displayed (bug 1386224)
* Fix a rendering issue with some PKCS#11 libraries (bug 1388370)
* Disable the predictor prefetch (bug 1388160)
-stable commit awaiting packages...

Log message:
MFC: update to firefox 55.0.
See https://www.mozilla.org/en-US/firefox/55.0/releasenotes/
Switch to use bundled sqlite as it requires 3.19.3.
"Stable" packages for i386 and amd64 available at
https://packages.rhaalovely.net/
signed with https://packages.rhaalovely.net/landry-mozilla-pkg.pub

Log message:
Update to firefox 55.0.
See https://www.mozilla.org/en-US/firefox/55.0/releasenotes/
Set ONLY_FOR_ARCHS properly - all the world is x86 anyway.
Ditch --disable-debug-symbols on i386, it links fine without it.

Log message:
Update BDEP now that cargo lives in lang/rust

Log message:
bump LIBCXX/LIBECXX/COMPILER_LIBCXX ports.

Log message:
use COMPILER_LIBCXX where applicable

Log message:
MFC: update to firefox 54.0.1.
See https://www.mozilla.org/en-US/firefox/54.0.1/releasenotes/
"Stable" packages for i386 and amd64 available at https://packages.rhaalovely.net/
signed with https://packages.rhaalovely.net/landry-mozilla-pkg.pub

Log message:
Update to firefox 54.0.1.
See https://www.mozilla.org/en-US/firefox/54.0.1/releasenotes/

Log message:
MFC: update to firefox 54.0.
See https://www.mozilla.org/en-US/firefox/54.0/releasenotes/
Fixes https://www.mozilla.org/en-US/security/advisories/mfsa2017-15/
"Stable" packages for i386 and amd64 available at https://packages.rhaalovely.net/
signed with https://packages.rhaalovely.net/landry-mozilla-pkg.pub
Note that i might not be able to keep updating this port in -stable, as
upstream plans to hard-require rust 1.17 or 1.18 (see
https://bugzilla.mozilla.org/show_bug.cgi?id=1370874) which would mean
updating rust/cargo in -stable...

Log message:
Update to firefox 54.0.
See https://www.mozilla.org/en-US/firefox/54.0/releasenotes/
Fixes https://www.mozilla.org/en-US/security/advisories/mfsa2017-15/
- move ulimit patch around (#1347139)
- Remove Cargo.toml patch, merged upstream in #1360521
tested by several, thanks!

Log message:
switch everything to new COMPILER idiom, even stuff that won't build with clang
yet, but at least that part is done.

Log message:
allow build with clang, be explicit about the C++ lib

Log message:
MFC: bugfix update to firefox 53.0.3.
See https://www.mozilla.org/en-US/firefox/53.0.3/releasenotes/
Packages for -stable available at
https://packages.rhaalovely.net/pub/OpenBSD/6.1/packages/${ARCH}

Log message:
Bugfix update to firefox 53.0.3.
See https://www.mozilla.org/en-US/firefox/53.0.3/releasenotes/

Log message:
MFC: update to firefox 53.0.2.
Stable packages for i386 and amd64 available at https://packages.rhaalovely.net/

Log message:
Bugfix update to firefox 53.0.2.
See https://www.mozilla.org/en-US/firefox/53.0.2/releasenotes/
Fixes MFSA2017-14, but that only affects Windows.

Log message:
Add patch to fix build with upcoming cargo 0.17, from semarie@.
See https://bugzilla.mozilla.org/show_bug.cgi?id=1360521

Log message:
MFC: update to firefox 53.0.
Over time i'll see if i keep doing this in -stable or give up.
"Stable" packages for i386 and amd64 available at https://packages.rhaalovely.net/
signed with https://packages.rhaalovely.net/landry-mozilla-pkg.pub
Changes from -current include:
- dont bump SO_VERSION
- build against bundled nss/nspr (53 wants nss 3.29.5)
- add selected patches from devel/nspr and security/nss
- build against bundled hunspell (53 wants 1.6)
- add BDEP on rust/cargo

Log message:
Update to firefox 53.0.
See https://www.mozilla.org/en-US/firefox/53.0/releasenotes/ and
https://www.mozilla.org/en-US/security/advisories/mfsa2017-10/.
- Now depends on rust and cargo to build.
- Remove patch-browser_installer_Makefile_in, sdk was removed in #1333826
- Ship a small distribution.ini to show package source in about dialog
- Add a blurb from Michael Reed about installing ffmpeg package to play
HTML5 audio/video.
Tested by several

Log message:
Fix WANTLIB and bump REVISION for all ports depending on hunspell.
While here enforce dependency on hunspell 1.6 in mozilla.port.mk, as
it's a requirement for 53.

Log message:
Bugfix update to firefox 52.0.2.
See https://www.mozilla.org/en-US/firefox/52.0.2/releasenotes/

Log message:
Update to firefox 52.0.1.
Fixes MFSA 2017-08/CVE-2017-5428, see
https://www.mozilla.org/en-US/security/advisories/mfsa2017-08/
While here, add a patch from semarie@ (tested by and ok danj@) to tweak
a last-minute change in the jit engine memory allocator that happened to
fix a security issue in 52 branch (bug #1334933/CVE-2017-5400) - see
https://hg.mozilla.org/releases/mozilla-esr52/rev/6b35bbf96b67.
Sadly, this change resulted in a browser crashing at startup
on OpenBSD with the default limits, because the jit engine tried to
allocate 1Gb (previously 640Mb in #1334933, then 1Gb because of
#1337561, see
https://hg.mozilla.org/releases/mozilla-esr52/rev/65bb26d07408) and hit
the default datasize ulimit of 768Mb. The patch makes it allocate 128Mb
instead (as it's done on 32bit architectures), while a better (?) fix
might be devised in bug #1347139.
Generally speaking, if you see firefox crashing with ENOMEM errors,
raise the datasize limit for your login class, write your own wrapper
script to temporarly raise the limit when starting firefox, or stop
using the modern web. Websites are ginormous, deal with it.

Log message:
Update mozilla-firefox to 52.0.
See https://www.mozilla.org/en-US/firefox/52.0/releasenotes/
Remove patch for #1335827, merged upstream.
Note that this release removes support for NPAPI plugins (java, etc..) -
users relying on those should migrate to firefox-esr, where NPAPI
plugins will be supported for the lifetime of 52esr branch.
Tested by several, thanks!

Log message:
Backport fix for #1335827 - frequent crashes with "ABORT:
RenderFreePicture: RenderBadPicture", reported and testing by semarie@

Log message:
Consolidate textproc/icu4c common dependency into mozilla.port.mk, and
allow to build against bundled icu4c by setting MOZILLA_USE_BUNDLED_ICU.

Log message:
Update to firefox 51.0.
See https://www.mozilla.org/en-US/firefox/51.0/releasenotes/ and MFSA
2017-01 (https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/)
Remove patch-netwerk_protocol_http_Http2Session_cpp (#1290037)

Log message:
Fix NS_ERROR_NET_INADEQUATE_SECURITY error messages on
wikipedia|google|cnn|various sites (http/2?) broken by the nss 3.28
update, my bad - totally forgot about this when updating.
Backport https://hg.mozilla.org/mozilla-central/rev/361ac226da2a
See https://bugzilla.mozilla.org/show_bug.cgi?id=1290037 &
https://bugzilla.mozilla.org/show_bug.cgi?id=1323209
Reported by Solene Rapenne and others, fix tested by danj@

Log message:
Bugfix update to firefox 50.1.0.
See https://www.mozilla.org/en-US/firefox/50.1.0/releasenotes/ and
https://www.mozilla.org/en-US/security/advisories/mfsa2016-94/.

Log message:
Security update to firefox 50.0.2.
See https://www.mozilla.org/en-US/firefox/50.0.2/releasenotes/ and
https://www.mozilla.org/en-US/security/advisories/mfsa2016-92/ (link not
up yet). A javascript exploit for windows was found in the wild, and the
vulnerability could technically be exploited on other platforms..

Log message:
Bugfix update to firefox 50.0.1.
See https://www.mozilla.org/en-US/firefox/50.0.1/releasenotes/ and
https://www.mozilla.org/en-US/security/advisories/mfsa2016-91/

Log message:
Update to firefox 50.0.
See https://www.mozilla.org/en-US/firefox/50.0/releasenotes/
and https://www.mozilla.org/en-US/security/advisories/mfsa2016-89/
Switch back to build against systemwide sqlite3 coming from the
ports-tree. Remove the build goo for macppc|sparc64|alpha, it's unlikely
this will ever come back...

Log message:
Update to firefox 49.0.2.
See https://www.mozilla.org/en-US/firefox/49.0.2/releasenotes/ and
https://www.mozilla.org/en-US/security/advisories/mfsa2016-87/
Fixes MFSA-2016-87:
- CVE-2016-5287 / bugzil.la/1309823
- CVE-2016-5288 / bugzil.la/1310183 (bug information private)
prodded by naddy@

Log message:
Update to firefox 49.0.1.
See https://www.mozilla.org/en-US/firefox/49.0/releasenotes/ (.1 is for
a windows-only fix) - not that 'loop' (ex-firefox hello) was removed
from the browser.
- Fixes MFSA 2016-85
- Remove media/ffvpx/config.h patch, merged upstream/fixed differently in
bug #1239550
- Set media.autoplay.enabled to false by default, i'm usually wary of
changing upstream defaults, but this one is unfuriating with "the
modern web and all this funky video ads".. this one got support from
many.
- Add a blurb to README explaining how to enable/test e10s/multi-process
support.

Log message:
Update to firefox 48.0.
- See https://www.mozilla.org/en-US/firefox/48.0/releasenotes/
- Fixes MFSA 2016-62->84
- See
https://blog.mozilla.org/blog/2016/08/02/exciting-improvements-in-firefox-for-desktop-and-android/
for user-facing changes
- Switch CONFIGURE_STYLE to simple as it's really not a gnu script
anymore..
- Remove gtk 3.20 jumbo patch, most gtk3 issues are either fixed or
being worked on, and the patch isnt maintainable
- Remove patch-gfx_skia_moz_build, it isn't needed anymore on i386, and
SSE2 will soon be a hard runtime requirement anyway
- Remove patch-media_libcubeb_src_cubeb_sndio_c, merged upstream (#1153151 & #1153179)
- Remove
patch-toolkit_components_protobuf_src_google_protobuf_stubs_atomicops_h,
merged upstream (#1192556)
- Note that WebRT was removed

Log message:
Minor bugfix update to firefox 47.0.1.
- See https://www.mozilla.org/en-US/firefox/47.0.1/releasenotes/
- Fixes #1278605 & #1277522

Log message:
Update patch fuzz. Even if this patch is now useless since we build
against bundled sqlite, let's keep it around for a while in case...

Log message:
Update to firefox 47.0.
- See https://www.mozilla.org/en-US/firefox/47.0/releasenotes/
- Fixes MFSA 2016-49->61

Log message:
Bugfix update to firefox 46.0.1.
- See https://www.mozilla.org/en-US/firefox/46.0.1/releasenotes/

Log message:
Readd mozgtk to MOZILLA_LIBS to fix packaging - thx sthen@ for the
testing.

Log message:
Remove patches merged upstream/that dont apply anymore. Fuck you CVS.

Log message:
Update to firefox 46.0.
- See https://www.mozilla.org/en-US/firefox/46.0/releasenotes/
- Fixes MFSA 2016-39 -> 48
- Switch to use Gtk3 by default (finally!), following the upstream move
- Add a jumbo patch from Fedora to fix several issues with Gtk 3.20
(#1234158)
- Leave WebRTC enabled. The code builds, sort-of works, sound support
is not really there, but this way ppl will dogfood/test it. If you
encounter issues, go to bugzilla.mozilla.org and get involved with
upstream.
- If you want to disable WebRTC, just toggle media.peerconnection.enabled
to false in about:config.
- Stop using systemwide sqlite, build the bundled one instead. Simpler,
as it often forced us to update sqlite in base...
- Add patch from #1239550 to fix the build in ffvpx
- Backport two cubeb patches from ratchov@ already commited upstream
(#1153151 & #1153179)
- Remove the obsolete gstreamer section from README, from Brad (and others)

Log message:
Bugfix update to firefox 45.0.1.
See https://www.mozilla.org/en-US/firefox/45.0.1/releasenotes/

Log message:
Remove BROKEN-i386 marker. Whatever happened with fx 44 & llvm 3.7.1 has
autofixed itself with fx 45, which just builds & runs fine on i386.

Log message:
Forgot to cvs rm the patch cliking on the ssl exception button. Didnt
apply anymore anyway. Reported by nigel@, thanks!

Log message:
Update to firefox 45.0.
- See https://www.mozilla.org/en-US/firefox/45.0/releasenotes/
- Fixes MFSA 2016-16->38
- libmozgnome was removed upstream
- gtk3 is still not enabled by default upstream
- Remove dependency on gstreamer1, ffmpeg/libavcodec is opened on the fly
if available, as tested by naddy@
Sidenote: no, i havent looked at i386/llvm breakage yet. i386 is the new vax.

Log message:
Add link to upstream commit, patch to remove in fx 48.

Log message:
all the world's an amd64
disable these ports to save time in bulk builds until i386 can be repaired

Log message:
Bump REVISION for lang/clang MODULE changes.

Log message:
Security update to firefox 44.0.2.
See https://www.mozilla.org/en-US/firefox/44.0.2/releasenotes/
Fixes MFSA2016-13.
ok sthen@ naddy@

Log message:
Bugfix update to firefox 44.0.1.
See https://www.mozilla.org/en-US/firefox/44.0.1/releasenotes/
ok sthen@ naddy@

Log message:
Update to firefox-44.0.
* See https://www.mozilla.org/en-US/firefox/44.0/releasenotes/
* Fixes MFSA 2016-01 -> 12
* Fix CONFIGURE_STYLE, no need for autohell?
* Use bundled libevent
* Remove useless MOZILLA_AUTOCONF_DIRS
Note that starting with fx 45, gstreamer will be deprecated in favor of
ffmpeg. If it works, haven't tested it yet...
Tested by/discussed with naddy@

Log message:
Minor update to firefox 43.0.4.
See https://www.mozilla.org/en-US/firefox/43.0.4/releasenotes/

Log message:
Update to firefox 43.0.2.
See https://www.mozilla.org/en-US/firefox/43.0.2/releasenotes/
No binary change for us since this is only to force updates for poor
windows users, because microsoft now requires SHA256 certs. But ppl
wont complain that OpenBSD doesn't ship the latest and greatest!

Log message:
Update to firefox 43.0.
See https://www.mozilla.org/en-US/firefox/43.0/releasenotes/
Fixes MFSA 2015-134 -> 149
- Remove merged patch about freetype paths/versions
- Remove outdated mention of 'disable anti-aliasing', from matthieu@
Tested (among others) by benoit@, mmcc@ and naddy@

Log message:
Update to firefox 42.0.
- See https://www.mozilla.org/en-US/firefox/42.0/releasenotes/
- Fixes MFSA-2015-116 -> 133
- Tested by several, thanks!

Log message:
Enable option to mark JIT pages as non-writable.
We're enabling this now so people can test and eventual regressions
can be catched and reported upstream.
There's a bug opened on Bugzilla@Mozilla:
https://bugzilla.mozilla.org/show_bug.cgi?id=1215479
OK landry@, sthen@
deraadt@ also agrees

Log message:
Preventive fixes for the upcoming update to freetype-2.6.1

Log message:
Security update to firefox 41.0.2.
Fixes MFSA 2015-115 / CVE-2015-7184 (Cross-origin restriction bypass using Fetch)
https://www.mozilla.org/en-US/security/advisories/mfsa2015-115/

Log message:
Bugfix update to firefox 41.0.1.
- See https://www.mozilla.org/en-US/firefox/41.0.1/releasenotes/
- Mostly windows-only bugfixes but a bookmark handling regression might
affect us (see #1206376)

Log message:
Update to firefox 41.0.
- See https://www.mozilla.org/en-US/firefox/41.0/releasenotes/
- Fixes MFSA 2015-96->114
- Add patch to workaround build failure on 32-bits (#1192556)
- Note that powerpc still fails due to the same issue but a
hack^Wworkaround hasnt been found yet.
Firefox 42 will probably default to build with Gtk3.

Log message:
Update to firefox 40.0.3.
- See https://www.mozilla.org/en-US/firefox/40.0.3/releasenotes/
- Fixes MFSA-2015-94 & 95

Log message:
Update to firefox{,-i18n} 40.0.
- See https://www.mozilla.org/en-US/firefox/40.0/releasenotes/
- Fixes MFSA-2015-79->92

Log message:
SECURITY update to firefox 39.0.3 & firefox-esr 38.1.1.
Fixes MFSA2015-78, see
https://blog.mozilla.org/security/2015/08/06/firefox-exploit-found-in-the-wild/
and https://www.mozilla.org/en-US/security/advisories/mfsa2015-78/
ok naddy@ sthen@

Log message:
Face reality, mark as BROKEN-sparc64. xpcshell SIGBUSes during fake, and
nobody cares. No point in wasting hours during bulk builds....
If you want a graphical browser on sparc64, try netsurf.

Log message:
Remove patches from #1144087 and #1143411 which were merged in 39.
Both reported by David Hill and Pavel Korovin.
Because cvs...

Log message:
Update to firefix{,-i18n} 39.0.
- See https://www.mozilla.org/en-US/firefox/39.0/releasenotes/
- Fixes MFSA 2015-59 -> 71

Log message:
Fix building with freetype-2.6 or later
https://hg.mozilla.org/mozilla-central/rev/afd840d66e6a

Log message:
gcc4 bumps, reminded by aja@

Log message:
Update to firefox 38.0.1.
- See https://www.mozilla.org/en-US/firefox/38.0.1/releasenotes/ and
https://www.mozilla.org/en-US/firefox/38.0/releasenotes/
- Fixes MFSA 2015-46->58

Log message:
Add information about using Firefox with heimdal; adapted from a diff that
Jiri B wrote at my request. Feedback/ok ajacoutot@ landry@.

Log message:
Bugfix update to firefox 37.0.1.
- See https://www.mozilla.org/en-US/firefox/37.0.1/releasenotes/
- Fixes MFSA 2015-43 & 44

Log message:
Update to firefox 37.0.
- See https://www.mozilla.org/en-US/firefox/37.0/releasenotes/
- Fixes MFSA 2015-30 -> 42

Log message:
Security update to firefox 36.0.4.
- See https://www.mozilla.org/en-US/firefox/36.0.4/releasenotes/
- Fixes MFSA 2015-28/29 (Pwn2Own)
- While here, backport commit from ratchov@ in #1144087 fixing audio
glitches in the sndio backend when playing youtube videos

Log message:
Move i386 back to build with clang. The issues we had in the past seem
to have resolved, 37.0beta5 builds and runs with clang, and the build
of 36 with gcc4 is broken anyway because of #1028827 and #1122745. Boo
SSSE3/SSE4.1.

Log message:
Update to firefox-36.0.1.
- See https://www.mozilla.org/en-US/firefox/36.0.1/releasenotes/
- Fixes MFSA 2015-11->27
- widget code moved, move nsPrintSettingsImpl.cpp patch around
- remove patch-xpcom_reflect_xptcall_md_unix_moz_build, merged in #971897

Log message:
fix a confusing README typo; ok landry@

Log message:
Update to firefox 35.0.1.
- See https://www.mozilla.org/en-US/firefox/35.0.1/releasenotes/
- while here, demote gstreamer1-plugins-good from RUN_DEPENDS to a
simple note in the README. It seems having a fully working
out-of-the-box multimedia experience is not worth the attack surface
this brings via all its dependencies.
Note: this doesnt change anything for existing installs, if
gstreamer1-plugins-good/libav is found at runtime firefox will still use
it to play html audio/video. If you dont want that behaviour, have a
look in about:config for the various media.*.enabled keys. Or use lynx.
prodded by tedu@

Log message:
Update to firefox 35.0.
- See https://www.mozilla.org/en-US/firefox/35.0/releasenotes/
- Fixes MFSA 2015-01 -> 09
- Remove patch-js_src_jscpucfg_h, merged upstream in #1065055
- Fix patch-gfx_skia_moz_build to use the correct SSE4_1 macro
tested by at least bcallah@, brett@, patrick keshishian and RD Thrush, thx!

Log message:
Fix build on i386 by applying more -msse4.1 (or is it SSSE4_1 ?) parts from
the pending patch in bug #1028827, mostly from Fabian Raetz.
Breakage noticed by sthen@, thanks!

Log message:
browser/searchplugins/ddg.xml was added late in the 34 beta cycle,
and i forgot to update the PLIST.. adds duckduckgo to the list of
default available search engines.

Log message:
Update to firefox 34.0.
- See https://www.mozilla.org/en-US/firefox/34.0/releasenotes/
- Fixes MFSA-2014-83->91
- Remove patch-toolkit_library_libxul_mk, merged (#1036832)
- Remove patch-gfx_skia_trunk_src_opts_SkBitmapProcState_opts_SSSE3_cpp,
merged upstream (but the root issue on i386 is still being worked on, #1028827)
- Add patch-xpcom_reflect_xptcall_md_unix_moz_build from (#971897),
fixes the download progressbars. Nice work from Fabian Raetz, thanks!

Log message:
Update to firefox 33.1.
- See https://www.mozilla.org/en-US/firefox/33.1/releasenotes/,
, https://www.mozilla.org/en-US/firefox/tiles/ and
https://support.mozilla.org/en-US/kb/forget-button-quickly-delete-your-browsing-history
This is a special release celebrating the 10 years anniversary of the
release of firefox 1.0. 34.0 will be released on the regular schedule in ~ two weeks.

Log message:
Update to firefox 33.0.
- See https://www.mozilla.org/en-US/firefox/33.0/releasenotes/
- Fixes MFSA 2014-74-->82
- build with systemwide icu4c, workarounds #1064665 (and as a side
effect shrinks the libs/packages by 1 or 2 megs)
- add patch-toolkit_library_libxul_mk from bug #1036832 to workaround a
linking failure with our ancient binutils
- remove patch-media_libvpx_Makefile_in from #982693 fixing libvpx build
on i386, a variation of it was merged upstream
tested by bcallah@, benoit@ and Fabian Raetz, thanks!

Log message:
Security fix for CVE-2011-2691 backported from png 1.4.8, from naddy@.
See https://bugzilla.mozilla.org/show_bug.cgi?id=669863 for details.
firefox35, firefox36 and sunbird use png 1.2.35 and will need other fixes.

Log message:
Add an @pkgpath on www/firefox4. This package path never existed in the
ports tree but was used in some early packages mentioned on ports@ and
several testers have reported not being able to update firefox automatically
so this helps them out.  ok landry@

Log message:
Rename mozilla-{firefox,thunderbird} packages to {firefox,thunderbird}.
Apparently required by many at c2k11.

Log message:
Talk about Firefox 5 in DESCR, reported by John Taylor (thanks!)

Log message:
Add archivers/unzip to BUILD_DEPENDS, reported by Mark Patruck (thanks!)

Log message:
Update to mozilla-firefox 5.0:
That's the first release following the new fast scheme of one major
release every 6 weeks..
Check out http://www.mozilla.com/en-US/firefox/5.0/releasenotes/ for
release notes. Note that it's still badly broken on sparc64, and
unlikely to be fixed soon... you still have www/firefox36.
Tested by (at least, probably forgetting some..) rpointel@, pea@,
ckuethe@ and myself on amd64, bluhm@ on i386 and ajacoutot@ on macppc
(thanks!)
ok rpointel@

Log message:
Bump REVISION after spring cleanup in patches

Log message:
Remove patches - let's stick to the sane defaults upstream provides.

Log message:
Remove useless patch, crashreporter is disabled anyways through
CONFIGURE_ARGS as breakpad doesn't have a bsd backend..

Log message:
A patch reordering sonames to pass to PR_LoadLibrary() makes no sense
when we know one will match in our case anyway. Remove.

Log message:
Remove duplicate/unused patches - they are in security/nss, which
mozilla ports uses.

Log message:
Useless patch patching a comment iz useless

Log message:
libplayback-1.so is for the binary flash support, we will never support
that so no need to fix the PR_LoadLibrary() call.

Log message:
Remove patch, we don't build on arm atm, and when someone comes back to
that more work will be needed anyway.

Log message:
Add comments to the local modifications for https:// cert warning
handling for dummies.

Log message:
Load the correct libGL. WebGL doesn't work (yet), but at least it can go
further.

Log message:
bump after default python version switch

Log message:
Add a consistent header that substitutes FULLPKGNAME for the READMEs.
ok jasper@ sthen@

Log message:
Ensure mozilla-firefox and fennec depends on the cairo lib with tee
backend enabled.
ok/discussed with dcoppa@

Log message:
Build firefox4 and fennec against systemwide cairo.
OK landry@

Log message:
regen patches

Log message:
Update to mozilla-firefox 4.0.1.
Fixes MFSA 2011-12, 2011-17, 2011-18.

Log message:
Let's use a common DIST_SUBDIR for all mozilla ports so that it's easier
to clean the gigabytes of src tarballs previously piling up in distfiles/.
Update distinfo accordingly.
Looks sane to jasper@.

Log message:
SECURITY UPDATE to mozilla-firefox-3.6.16
ok jasper landry
thanks to landry for doing all the work in -current's www/firefox36,
which this was based on.

Log message:
Moar links to reported bugz:
https://bugzilla.mozilla.org/show_bug.cgi?id=650772
https://bugzilla.mozilla.org/show_bug.cgi?id=651444
https://bugzilla.mozilla.org/show_bug.cgi?id=651461

Log message:
link default48.png to default.png to be used by non-icccm compliant wm
for the application icon. It seems they use the first in the icon list
passed to X, which in our case is the 16x16 one.
reported by claudio@

Log message:
Add comments/links to bugzilla for a bunch of patches pushed upstream:
https://bugzilla.mozilla.org/show_bug.cgi?id=546162
https://bugzilla.mozilla.org/show_bug.cgi?id=589754
https://bugzilla.mozilla.org/show_bug.cgi?id=648721
https://bugzilla.mozilla.org/show_bug.cgi?id=650742
https://bugzilla.mozilla.org/show_bug.cgi?id=650749
Add patch for https://bugzilla.mozilla.org/show_bug.cgi?id=633193

Log message:
Remove, unneeded since the better rpath-link fix went to configure.in patch.

Log message:
Better patches for rpath-link as submitted upstream, cf
https://bugzilla.mozilla.org/show_bug.cgi?id=648721
While here grab js/src/Makefile.in patch from
https://bug638056.bugzilla.mozilla.org/attachment.cgi?id=520157
and add the hg rev of the commited sparc64 fix for opentype

Log message:
- allow internal libffi to compile on mips64* by syncing patches with our libffi port.
ffx is not enabled on mips64* yet, though.
ok landry@

Log message:
Better patches for sndio integration and kerberos/gssapi authentication
as pushed upstream, see
https://bugzilla.mozilla.org/show_bug.cgi?id=648726 and
https://bugzilla.mozilla.org/show_bug.cgi?id=648730
No binary change..

Log message:
Add patches to let mozilla-firefox 4.0 at least build on sparc64.
- disable tracejit/methodjit
- add fix for https://bugzilla.mozilla.org/show_bug.cgi?id=618485
- add fix for https://bugzilla.mozilla.org/show_bug.cgi?id=589754
- don't force-enable assembler/jit on sparc64
It still doesn't run (endless loop at startup) due to 64-bits
jsval_layout (see https://bugzilla.mozilla.org/show_bug.cgi?id=577056)
but at least patches are in cvs, and the js shell can run simple things.
No change for other archs.

Log message:
Lo and behold, update to mozilla-firefox 4.0 !
Too much changes to list them, just enjoy it. Thanks to the ones who
tested the betas/rc.
ok jasper@

Log message:
Assorted fixes for:
https://bugzilla.mozilla.org/show_bug.cgi?id=643137 (crash on sparc64
when displaying opentypes fonts, fix from tobias ulmer)
https://bugzilla.mozilla.org/show_bug.cgi?id=644012 (crash on ssl certs
with empty issuer name, pointed our by roberth at openbsd dot pap dot st
and mikolaj kucharski)

Log message:
Updates to firefox35 3.5.18, mozilla-firefox 3.6.16 & seamonkey 2.0.3.
All fixing MFSA-2011-11, see
http://blog.mozilla.com/security/2011/03/22/firefox-blocking-fraudulent-certificates/ and
https://blog.torproject.org/blog/detecting-certificate-authority-compromises-and-web-browser-collusion

Log message:
Remove the .if for system sqlite, now every port using mozilla MODULE
uses it. Bump dependency to 3.7.5 to ensure it has unlock_notify for
ffx4, and bump all corresponding REVISIONs.

Log message:
Add reminder comments for sunbird & xulrunner.

Log message:
Adopt a patch that fixes a bug causing animated gifs to flicker
when using cairo 1.10.x and make mozilla-firefox and mozilla-thunderbird
build against systemwide cairo as it was with cairo 1.8.x.
Patch backported from FF4 branch by Rafal Muzylo <galtgendo@o2.pl>
https://bugzilla.mozilla.org/show_bug.cgi?id=597174
http://sources.gentoo.org/cgi-bin/viewvc.cgi/gentoo-x86/net-libs/xulrunner/files/fix-animated-gifs.patch
OK landry@

Log message:
Update to firefox 3.6.14. (Fixes MFSA-2011-01->11)
Patches for https://bugzilla.mozilla.org/show_bug.cgi?id=573039 merged
upstream.

Log message:
Fix an unaligned access on sparc64 leading to random crashes when
mozilla tries to read a malformed ICC profile on random image content
found on the web.
backport of http://hg.mozilla.org/mozilla-central/rev/e8207773d54d
ref: https://bugzilla.mozilla.org/show_bug.cgi?id=629057
issue reported and fix found by naddy@
ok naddy@ ajacoutot@

Log message:
Bump after LIB_DEPENDS changed, and add an empty
sa_stream_get_min_write() func to sydney_audio_sndio.c, required by
ffx4.0b9. (ofc it doesn't confuse other mozilla ports)

Log message:
Add a patch doing PRAGMA secure_delete ON when opening connection to
sqlite database. Allows us to build against system sqlite3 again, and
get rid of the infamous symbol size mismatch warning reported several
times on ports@.
See https://bugzilla.mozilla.org/show_bug.cgi?id=445164 for why mozilla
now hard-requires secure_delete, and
https://bugzilla.mozilla.org/show_bug.cgi?id=546162 for the reasons they
don't want to make that an option and forces us to do such hacks.
ok jasper@

Log message:
Apply patch from upstream to fix the "Print" and "Print Preview" crashes.
https://bugzilla.mozilla.org/show_bug.cgi?id=573039
https://bug573039.bugzilla.mozilla.org/attachment.cgi?id=499233
suggested by and ok landry@

Log message:
Update to mozilla-firefox 3.6.13:
Fixes MFSA 2010-74->84
http://www.mozilla.org/security/known-vulnerabilities/firefox36.html

Log message:
Fix Kerberos/GSSAPI authentication within mozilla ports.
OpenBSD does not have gssapi_krb5. So, to avoid undefined symbol
errors, link libxul with "-lkrb5 -lcrypto".
OK phessler@, landry@ (MAINTAINER)

Log message:
new depends

Log message:
- switch to pkg-readmes
ok landry@ (MAINTAINER)

Log message:
Security update to mozilla-firefox 3.6.12.
Fixes MFSA2010-73/CVE-2010-3765/bz #607222.

Log message:
Add a patch so that run-mozilla.sh finds our gdb by default. Amend
README.OpenBSD to teach users how to properly report bugs.

Log message:
Add patches to allow building a debug-flavoured working package (at
least on amd64). Codepaths only used in that case.

Log message:
Remove USE_X11.

Log message:
Update to mozilla-firefox 3.6.11, tested by various on ports@ (thanks!)
Fixes (valid for other moz updates):
MFSA 2010-72 Insecure Diffie-Hellman key exchange
MFSA 2010-71 Unsafe library loading vulnerabilities
MFSA 2010-70 SSL wildcard certificate matching IP addresses
MFSA 2010-69 Cross-site information disclosure via modal calls
MFSA 2010-68 XSS in gopher parser when parsing hrefs
MFSA 2010-67 Dangling pointer vulnerability in LookupGetterOrSetter
MFSA 2010-66 Use-after-free error in nsBarProp
MFSA 2010-65 Buffer overflow and memory corruption using document.write
MFSA 2010-64 Miscellaneous memory safety hazards

Log message:
USE_GROFF=Yes

Log message:
Fix WANTLIB again after cairo's last commit where X11-xcb went away.
Bump REVISIONs.

Log message:
Switch all mozilla-based ports to using the bundled cairo, mozilla doesn't
like the systemwide cairo since 1.10.x update (crashes,gifs not displaying
properly), and there's few hope it will be fixed in 1.9.2.x branch.
Fix WANTLIB while here and bump REVISIONs.
Reported by dcoppa@, also found in upstream bz #597174 and various linux
vendors bugzillas (red hat #628331, mdv #60738, gentoo #337813).
devel/xulrunner will follow in a few..

Log message:
- fix WANTLIB after cairo update.
(please note chromium is still broken, but will be dealt with soon)

Log message:
Fix crash on firefox if the audio handler is null. Bump.
eric@ ok.

Log message:
Bugfix update to mozilla-firefox 3.6.10

Log message:
Update firefox35 port to 3.5.12, fixing a whole bunch of MFSA (2010-49->63)

Log message:
simplify and improve sndio backend:
- do not use threads
- report current position correctly (fixes A/V sync)
input from jakemsr@, ratchov@
ok landry@

Log message:
Bump for python. These are the last bits.

Log message:
Moore's law reloaded: When you commit a firefox update, a new bugfix
release will be out within 24h. Doh!
So here comes 3.6.8, fixing MFSA-2010-48/critical bug 575836
Reminded by naddy@/dhill@/Patrick Keshishian
Proactive ok naddy@

Log message:
Security/Reliability update to firefox 3.6.7, fixes MFSA-2010-34 -> 47
http://www.mozilla.org/security/known-vulnerabilities/firefox36.html
ok naddy@

Log message:
Add -Wl,-rpath,'$(installdir)' to LDFLAGS when linking mozilla libs, so
that when they are dlopen()'ed they can tell ld.so where to go hunt for
the other mozilla libs they depend on.
Similar fix as done in xulrunner 1.8 patch-config_rules_mk 2 years ago
by martynas@, needed to convert py-gnome-extras to xulrunner 1.9.
No fallout on firefox.

Log message:
Switch www/mozilla-firefox to www/mozilla MODULE. Makefile is now much
more sane : 31 insertions(+), 141 deletions(-)
Switch pkg/PLIST to MOZILLA_PROJECT, and correctly patch
config/autoconf.mk.in.

Log message:
- add a reminder for landry

Log message:
Update to mozilla-firefox 3.6.6. Fixes a bunch of MFSA, see
http://www.mozilla.org/security/known-vulnerabilities/firefox36.html
The new plugin sandboxing code is disabled because :
- it only supports binary blobs plugins we don't have
- it is an horrible maze of #ifdef linux-apple-win32 coming straight
from an old version of chromium. Future versions should have better BSD
support..
tested by several on ports@, thanks!

Log message:
Remove all patches applying to local copy of nss/nspr, as we now use the
systemwide on (which have all those patches). Don't call autoconf in
nsprpub/ while here, and bump PKGNAME to be on the safe side.

Log message:
Switch mozilla-firefox to use systemwide nss/nspr, and remove the
corresponding libs from SHARED_LIBS/PLIST. Bump minor and PKGNAME.
Bring in a pair of patches from xulrunner, and add a DIRECTORY variable
as done in xulrunner that is subst'ed in config/autoconf.mk.in.
sthen@ likes.

Log message:
gcc3 and gcc4 disagree, so put a common cast to make them compile.
(also compile some file with -O1 in moz)

Log message:
Adjust WANTLIB.
OK landry@, sthen@, ajacoutot@

Log message:
Various cleanups, as done in www/firefox35 :
- use SUBST_CMD instead of perl -pi -e
- use ${LOCALBASE}/${TRUEPREFIX}/${X11BASE} instead of the handpatched
_XXX_ ones
- harmonize default systemwide plugins/extensions search path to
lib/mozilla/{plugins,extensions} as done in other mozilla ports

Log message:
Firefox uses its own libpng (for animated png support), and apparently
it breaks loading png icons through gdk_pixbuf_new_from_file as gtk is
linked with systemwide png. This went unnoticed so far as firefox always
shipped a fallback xpm icon, but this is not the case anymore, so now
gtk_window_set_icon_list() is not called anymore, and the window manager
shows the default icon for firefox windows in taskbar/tasklists..
So add graphics/netpbm as a build dependency, do the necessary netpbm
magic in do-install to create the default.xpm from mozicon128.png, and
patch widget/src/gtk2/nsWindow.cpp to not try to load png icons.
While here fix icon path in desktop file, and add a comment about why we
don't use systemwide png.

Log message:
Update www/mozilla-firefox from 3.0.19 to 3.6.3, merging the wip done in
www/firefox36 mostly by martynas@ and naddy@.
Note that the java plugin from devel/jdk currently doesn't work with this
version of firefox, in the meantime users really needed it will have to
use www/firefox35.
ok naddy@

Log message:
path to distfiles changed; no changes to the distfiles themselves

Log message:
SECURITY update to 3.0.19:
MFSA 2010-20 Chrome privilege escalation via forced URL drag and drop
MFSA 2010-19 Dangling pointer vulnerability in nsPluginArray
MFSA 2010-18 Dangling pointer vulnerability in nsTreeContentView
MFSA 2010-17 Remote code execution with use-after-free in nsTreeSelection
MFSA 2010-16 Crashes with evidence of memory corruption

Log message:
SECURITY update to 3.0.18:
MFSA 2010-05 XSS hazard using SVG document and binary Content-Type
MFSA 2010-04 XSS due to window.dialogArguments being readable cross-domain
MFSA 2010-03 Use-after-free crash in HTML parser
MFSA 2010-01 Crashes with evidence of memory corruption
Also fix some corrupted $OpenBSD keywords, pointed out by sthen@
ok sthen@

Log message:
minor reliability update to 3.0.17

Log message:
Use @unexec-delete instead of @unexec for the *-update-* goos.
prodded by espie@
discussed with espie@ ajacoutot@ landry@

Log message:
SECURITY update to 3.0.16:
MFSA 2009-71 GeckoActiveXObject exception messages can be used to enumerate installed COM objects
MFSA 2009-70 Privilege escalation via chrome window.opener
MFSA 2009-69 Location bar spoofing vulnerabilities
MFSA 2009-68 NTLM reflection vulnerability
MFSA 2009-65 Crashes with evidence of memory corruption

Log message:
SECURITY update to 3.0.15.  For the list of horrors, see
http://www.mozilla.org/security/known-vulnerabilities/firefox30.html#firefox3.0.15

Log message:
- create downloads dir with mode 0700 instead
- pass --disable-crashreporter

Log message:
- create downloads dir with mode 0700 instead
- pass --disable-crashreporter

Log message:
security update to mozilla-firefox-3.0.14.  MFSA 2009-51, MFSA
2009-50, MFSA 2009-49, MFSA 2009-48, MFSA 2009-47
http://www.mozilla.org/security/known-vulnerabilities/firefox30.html#firefox3.0.14

Log message:
WANTLIB changes after xcb addition and bump.

Log message:
depend on more recent nss and nspr
help and ok martynas@

Log message:
security update to mozilla-firefox-3.0.13

Log message:
security update to mozilla-firefox-3.0.12

Log message:
mozilla-firefox-3.0.11

Log message:
MFC:
security update to mozilla-firefox-3.0.10.  from robert at openbsd.pap.st
MFSA 2009-23  Crash in nsTextFrame::ClearTextRun()
http://www.mozilla.org/security/known-vulnerabilities/firefox30.html#firefox3.0.10
This update also resolves MFSA 2009-07 through MFSA 2009-22, and includes
the following fixes:
turn off Ignore Scaling and Shrink to fit page width.  fixes printing
for beck@.
sync switches w/ ff3
update about url
ok robert@

Log message:
implement sndio backend and get rid of esound.  ok jakemsr@

Log message:
security update to mozilla-firefox-3.0.10.  from robert at openbsd.pap.st
MFSA 2009-23  Crash in nsTextFrame::ClearTextRun()
http://www.mozilla.org/security/known-vulnerabilities/firefox30.html#firefox3.0.10
ok kurt@, naddy@

Log message:
CONFIGURE_ENV += PYTHON="${MODPY_BIN}" is inherited from the python module

Log message:
security update to mozilla-firefox-3.0.9.  MFSA 2009-22, MFSA
2009-21, MFSA 2009-20, MFSA 2009-19, MFSA 2009-18, MFSA 2009-17,
MFSA 2009-16, MFSA 2009-15, MFSA 2009-14:
"go ahead" naddy@

Log message:
turn off Ignore Scaling and Shrink to fit page width.  fixes printing
for beck@.  ok kurt@, "no objections" naddy@

Log message:
sync switches w/ ff3
update about url
ok naddy@

Log message:
mozilla-firefox-3.0.8:  forced release after security bugs got
attention
MFSA 2009-12 Mozilla Firefox XSL Parsing 'root' XML Tag Remote
Memory Corruption Vulnerability
* http://www.securityfocus.com/bid/34235/exploit
* https://bugzilla.mozilla.org/show_bug.cgi?id=485217
* CVE-2009-1169
MFSA 2009-12 covers the Pwn2Own bug, which is a crash involving the XUL
<tree> widget.
* https://bugzilla.mozilla.org/show_bug.cgi?id=484320
* CVE-2009-1044
ok naddy@

Log message:
fix wantlib and bump package.
ok martynas@

Log message:
security update to mozilla-firefox-3.0.7.  MFSA 2009-11, MFSA
2009-10, MFSA 2009-09, MFSA 2009-08, MFSA 2009-07.
http://www.mozilla.org/security/known-vulnerabilities/firefox30.html#firefox3.0.7
includes security update to the png library
ok naddy@

Log message:
security/stability update to mozilla-firefox-3.0.6.  MFSA 2009-06;
MFSA 2009-05; MFSA 2009-04; MFSA 2009-03; MFSA 2009-02; MFSA 2009-01
http://www.mozilla.org/security/known-vulnerabilities/firefox30.html#firefox3.0.6
ok naddy@

Log message:
- do not run with a predictable directory as root:  firefox,
thunderbird, seamonkey, xulrunner
- add comment for xulrunner why -devel needs to be bumped
suggested and ok naddy@;  ok kurt@

Log message:
security update to mozilla-firefox-3.0.5.  MFSA 2008-69; MFSA
2008-68; MFSA 2008-67; MFSA 2008-66; MFSA 2008-65; MFSA 2008-64;
MFSA 2008-63; MFSA 2008-60.
tested by sthen@ and naddy@.  ok naddy@

Log message:
The Gtk+2 printing default has been fixed to include lpr.  ok martynas@

Log message:
it is the right time to update to mozilla-firefox-3.0.4, which has
been tested good enough, and i've fixed all the issues i'm aware
of.  furthermore 2.0 branch has basically reached eol, since there
will be only one minor update (2.0.0.19)
discussed with kurt@, naddy@ and porters
pkgname change handling help naddy@
ok naddy@

Log message:
security update to mozilla-firefox-2.0.0.18.  MFSA 2008-58; MFSA
2008-57; MFSA 2008-56; MFSA 2008-55; MFSA 2008-54; MFSA 2008-53;
MFSA 2008-52; MFSA 2008-50; MFSA 2008-49; MFSA 2008-48; MFSA 2008-47.
http://www.mozilla.org/security/known-vulnerabilities/firefox20.html#firefox2.0.0.18
ok naddy@

Log message:
security update to mozilla-firefox-2.0.0.17.  MFSA 2008-45, MFSA
2008-44, MFSA 2008-43, MFSA 2008-42, MFSA 2008-41, MFSA 2008-40,
MFSA 2008-39, MFSA 2008-38, MFSA 2008-37
http://www.mozilla.org/security/known-vulnerabilities/firefox20.html#firefox2.0.0.17
ok naddy@.  looks good to kurt@

Log message:
- SYSCONFDIR and LOCALBASE are already part of the generic SUBST_VARS
looks good to landry@

Log message:
use system libm.  was ok naddy@, kurt@

Log message:
- s/PREFIX/LOCALBASE
ok martynas@

Log message:
document the new MOZ_PLUGIN_PATH behavior, bump pkgnames
pointed out, and looks good to landry@

Log message:
@conflict firefox3-*
bump pkgname

Log message:
Don't overwrite MOZ_PLUGIN_PATH in the startup script if it has been already
been set. This allows to load plugins on demand, especially interesting when
using multiple profiles with the -no-remote option.
OK martynas@

Log message:
security update to mozilla-firefox-2.0.0.16.  MFSA 2008-35, MFSA 2008-34
ok kurt@, naddy@, bernd@

Log message:
security update to mozilla-firefox-2.0.0.15, fixes MFSA 2008-33,
MFSA 2008-32, MFSA 2008-31, MFSA 2008-30, MFSA 2008-29, MFSA 2008-28,
MFSA 2008-27, MFSA 2008-25, MFSA 2008-24, MFSA 2008-23, MFSA 2008-22,
MFSA 2008-21
http://www.mozilla.org/projects/security/known-vulnerabilities.html#Firefox2.0.0.15
ok kurt@, naddy@

Log message:
oops missing distinfo change from previous commit

Log message:
security update to 2.0.0.14; MFSA 2008-20
from William Yodlowsky

Log message:
security update to mozilla-firefox-2.0.0.14;  MFSA 2008-20
ok kurt@, naddy@

Log message:
SECURITY UPDATE to mozilla-firefox 2.0.0.13
fixes multiple vulnerabilities: http://secunia.com/advisories/29526/
ok landry@ martynas@

Log message:
Security update to mozilla-firefox-2.0.0.12.
Fixes multiple vulnerabilities:
CVE-2008-0412
CVE-2008-0413
CVE-2008-0414
CVE-2008-0415
CVE-2008-0419
CVE-2008-0591
CVE-2008-0593
More infos:
http://secunia.com/advisories/28758/
Tested by some people on ports@. Thanks!
ok martynas@, laurent@, steven@

Log message:
- drop -devel
- move libraries to PLIST
improvements, testing and ok kurt@ and naddy@

Log message:
bring back the browser.startup.homepage behavior after 1.82
requested by deraadt@;  ok naddy@

Log message:
add back in the directory entries that were accidentally removed in the
last commit.

Log message:
oops, wrong dependency

Log message:
- install a .desktop file, so that a firefox entry will appear in menus
like gnome's.
- tweak PLIST (from kurt@)
requested by fkr@
feedback and ok kurt@ martynas@

Log message:
- security update to mozilla-firefox-2.0.0.10:
http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox2.0.0.10
- fix canvas.drawImage regression.
ok kurt@, kili@

Log message:
update to 2.0.0.9, a regression fix release:
http://developer.mozilla.org/devnews/index.php/2007/10/22/firefox-2008-update-to-be-updated/
ok kurt@, naddy@

Log message:
- fix WANTLIB
"go ahead" robert@

Log message:
security update to mozilla-firefox-2.0.0.8:
http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox2.0.0.8
ok kurt@, naddy@

Log message:
Re-add browserconfig.properties, otherwise you may encounter some issues
on fresh installations; bump package.
discussed an ok kurt@ martynas@

Log message:
- fix a 64-bit problem with the LiveConnect feature. From mozilla
bug report: https://bugzilla.mozilla.org/show_bug.cgi?id=345866
Eventually the java plugin will need this on amd64. okay martynas@

Log message:
MFC (original commit martynas@):
update to 2.0.0.7;  fixes MFSA 2007-28:
http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox2.0.0.7
ok sturm@

Log message:
update to 2.0.0.7;  fixes MFSA 2007-28:
http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox2.0.0.7
ok kurt@; naddy@.  similar diff from bernd@

Log message:
Remove surrounding quotes in COMMENT-*

Log message:
Remove surrounding quotes from
COMMENT-*/ERRORS/NO_REGRESS/PERMIT_*/REGRESS_IS_INTERACTIVE
Change '.include "bsd.port.mk"' to '.include <bsd.port.mk>' while here
(ok naddy@)

Log message:
cumulative security update to firefox 2.0.0.6
MFC:
SECURITY update to 2.0.0.5.
Fixes a rash of security vulnerabilities and bugs.
-----
security update to 2.0.0.6:
http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox2.0.0.6

Log message:
security update to 2.0.0.6:
http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox2.0.0.6
the diff matches with naddy@'s, ok kurt@

Log message:
SECURITY update to 2.0.0.5.
Fixes a rash of security vulnerabilities and bugs.  ok kurt@

Log message:
MFC:
- set fd soft limit to 128 if it's lower

Log message:
security update to firefox 1.5.0.12
set soft fd to 128
backport an nss fix for a deadlock

Log message:
MFC:
security update to mozilla-firefox-2.0.0.4
http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox2.0.0.4
- use the combination of find(1) and install(1) to install the
{DATA,DIST}FILES, as suggested by kurt@;
- remove the two patches that are already upstream;
- fmt;

Log message:
- set fd soft limit to 128 if it's lower: helps for people who
upgraded and didn't use mergemaster;
- remove lines, related to debug build and fd in README.OpenBSD;
help from sturm@, kurt@, espie@, naddy@
ok kurt@, sturm@

Log message:
security update to mozilla-firefox-2.0.0.4
http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox2.0.0.4
- WANTLIB for xenocara;
- use the combination of find(1) and install(1) to install the
{DATA,DIST}FILES, as suggested by kurt@;
- remove the two patches that are already upstream;
- fmt;
ok kurt@, naddy@

Log message:
MFC:
- update to 2.0.0.3;
- don't force -Os;

Log message:
-devel has -main in it's plist, so bump it, too.
ok, martynas@

Log message:
- make it check LOCALBASE/share/mozilla-dicts, the global dictionaries
location for all mozilla ports;
- regen patches (due to the current changes);
- bump pkgname;
discussed with naddy@, kurt@, ajacoutot@
ok naddy@

Log message:
more base64 checksums

Log message:
remove patch-widget_src_gtk_nsSound_cpp, because
patch-widget_src_gtk2_nsSound_cpp does the job.
no pkgname bump -- the file was not being compiled.
ok wilfried@

Log message:
security update to 1.5.0.11

Log message:
security update to 1.5.0.11

Log message:
- update to 2.0.0.3;
- don't force -Os;
ok naddy@, kurt@

Log message:
Security update to firefox 1.5.0.10
see http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox1.5.0.10
for details

Log message:
Security update to firefox 1.5.0.10
see http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox1.5.0.10
for details

Log message:
fix @pkgpath for debug flavor, unconfuses pkg_add -u.
okay pvalchev@

Log message:
Fix permissions to /usr/local/mozilla (where ~/.mozilla inherits them
from) to allow owner writes. This was broken in the last commit... now
it allows users to save bookmarks, preferences, etc. From martynas

Log message:
- update to version 2.0.0.2 and apply several security fixes,
therefore bump the PKGNAME to p0 now;
- enable official branding by default
- fix some WANTLIB markers
work done by Martynas Venckus; thanks.
tested by many many people; ok pvalchev@

Log message:
implement xptcinvoke and xptcstubs for arm based on the linux code,
and fix an endianess issue that makes minimo work on arm based
architectures; bump PKGNAME

Log message:
fix live bookmarks on sparc64
from Martynas Venckus <martynas at altroot.org>

Log message:
add man page; from Martynas Venckus <martynas@altroot.org>, ok kurt@

Log message:
resurrect COREXFONTS, so that GDK_USE_XFT works again. Needs linking fixes
(+pangox-1.0).
Adjust README.OpenBSD, and provide a debug flavor

Log message:
- update to 2.0.0.1 from Martynas Venckus <martynas at altroot.org>
- add a -devel sub-package for vlc plugin
input and testing from many - thanks! okay naddy@ pvalchev@

Log message:
MFC:
Security update to firefox 1.5.0.9.
More info:
http://www.mozilla.org/projects/security/known-vulnerabilities.html#Firefox

Log message:
MFC:
Security update to firefox 1.5.0.9.
More info:
http://www.mozilla.org/projects/security/known-vulnerabilities.html#Firefox

Log message:
Security update to firefox 1.5.0.9.
More info:
http://www.mozilla.org/projects/security/known-vulnerabilities.html#Firefox
ok steven@

Log message:
say goodbye to GNU land.

Log message:
- require nspr with PR_GetLibraryName fix
- bump major due to previous nspr removal

Log message:
use devel/nspr instead of internal nspr. now using libc strtod and __dtoa
via devel/nspr. okay pvalchev@

Log message:
MFC:
SECURITY update to 1.5.0.8
see http://www.mozilla.org/projects/security/known-vulnerabilities.html
for details

Log message:
MFC:
SECURITY update to 1.5.0.8
see http://www.mozilla.org/projects/security/known-vulnerabilities.html
for details

Log message:
SECURITY update to 1.5.0.8
see http://www.mozilla.org/projects/security/known-vulnerabilities.html
for details

Log message:
MFC:
SECURITY update to firefox 1.5.0.7
see http://www.mozilla.org/projects/security/known-vulnerabilities.html
for details

Log message:
stop using the gcc3 module on the alpha architecture.

Log message:
MFC:
SECURITY update to firefox 1.5.0.7
see http://www.mozilla.org/projects/security/known-vulnerabilities.html
for details

Log message:
zap .0.0

Log message:
SECURITY update to firefox 1.5.0.7
see http://www.mozilla.org/projects/security/known-vulnerabilities.html
for details
ok bernd@

Log message:
MFC:
Security update to mozilla-firefox-1.5.0.5.
This update fixes multiple security vulnerabilities.
For detailed information see:
http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox1.5.0.5

Log message:
Security update to mozilla-firefox-1.5.0.5.
This update fixes multiple security vulnerabilities.
For detailed information see:
http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox1.5.0.5
ok steven@

Log message:
MFC:
Security update to mozilla-firefox-1.5.0.4.
Fixes multiple security vulnerabilities. For detailed information see:
http://secunia.com/advisories/20376/
http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox1.5.0.4

Log message:
Security update to mozilla-firefox-1.5.0.4.
Fixes multiple security vulnerabilities. For detailed information see:
http://secunia.com/advisories/20376/
http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox1.5.0.4
ok steven@

Log message:
- better pkg/MESSAGE, from Deanna Phillips <deanna at sdf.lonestar.org>
- fix some typos in files/README.OpenBSD
- bump PKGNAME accordingly
ok wilfried@, kurt@

Log message:
MFC:
Update to 1.5.0.3. Security fixes inside...
More info:
CVE-2006-1993
http://secunia.com/advisories/19802/

Log message:
Update to 1.5.0.3. Security fixes inside...
More info:
CVE-2006-1993
http://secunia.com/advisories/19802/
tested by many
"go ahead" jolan@

Log message:
MFC:
update to 1.5.0.2
fixes multiple critical vulnerabilities

Log message:
update to firefox 1.0.8
several security related fixes

Log message:
update to firefox 1.0.8
several security related fixes

Log message:
update to 1.5.0.2
fixes multiple critical vulnerabilities

Log message:
check XftLockFace() for NULL return to avoid a crash, see
https://bugzilla.mozilla.org/show_bug.cgi?id=331077
from Tobias Ulmer <tobiasu@tmux.org>

Log message:
Firefox 1.5.0.1 is a stability-and-security update to Firefox 1.5.
It also includes a number of low-risk fixes for other types of bugs.

Log message:
fix WANTLIB after gtk+2 downgrade
"looks good" espie@

Log message:
more C++ libs bumps. Done thru mail, plus lizards.

Log message:
SHARED_LIBS
note that we keep the mozilla ports at a single SO_VERSION, too many
libraries, too little gain otherwise

Log message:
Add README.OpenBSD with more details on email, Java, etc.; shorten
MESSAGE accordingly to refer to new file; patchlevel bump for new file.
ok bernd@, kurt@.

Log message:
- Fix startup DoS. overlong document.title setting can corrupt history
data, causing non-responsive temporary hang on subsequent startups
patches from https://bugzilla.mozilla.org/show_bug.cgi?id=319004
- Fix use after free segfault after printing reported by Andy Wingate.
FT_Done_Face was being called twice on the same mFace.

Log message:
Update to Firefox 1.5.
Team work by wilfried@, kurt@ and me.
Tested by many. Thanks a lot!
ok kurt@ krw@ jolan@ ian@ pvalchev@

Log message:
fix packages-specs brain fart from yesterday and bump

Log message:
fix wantlib + bump

Log message:
Fix a crash in prdtoa.c:mult() where there is an off-by-some bytes
in memory accessed during some very fucked up pointer acrobatics.
Allocate 2 bytes extra for that case, which seems to be a
sufficient hack to keep this working.
Debugged by me with minimo on zaurus/arm (pain!), seen also by krw@
and others on amd64, who helped with testing.  Due to random malloc
this of course did not show up everywhere all the time.

Log message:
SECURITY: disable IDN due to buffer overflow (CAN-2005-2871)
https://addons.mozilla.org/messages/307259.html
Mozilla.org bug 210658:
Fix hanging with non-standard HTML elements parsererror, sourcetext.

Log message:
Mozilla.org bug 210658:
Fix hanging with non-standard HTML elements parsererror, sourcetext.
ok brad@

Log message:
Mozilla.org bug 210658:
Fix hanging with non-standard HTML elements parsererror, sourcetext.
ok wilfried@

Log message:
remove 'don't close dlopened objects' type ld.so work-arounds

Log message:
If we start a second firefox, don't show the profile chooser but open a
new browser window instead. (The same for thunderbird and mozilla.)
Idea from Marc Winiger <mw at msys.ch>, thanks!
suggestions, tests & ok kurt@

Log message:
update to mozilla-firefox-1.0.7
comments & ok kurt@

Log message:
MFC:
SECURITY: disable IDN due to buffer overflow (CAN-2005-2871)
https://addons.mozilla.org/messages/307259.html
ok brad@

Log message:
SECURITY: disable IDN due to buffer overflow (CAN-2005-2871)
https://addons.mozilla.org/messages/307259.html
tested by bernd@

Log message:
- switch from gtk1 to gtk2. tested by many (thanks!)
- fix backup mastersite
- fix gdk_property_get warnings (from marcm@)
some feedback marcm@, okay brad@ pvalchev@

Log message:
updated packages for these ports where not build in a sane environment
bump PKGNAME for fixed packages

Log message:
Sync the port with the current one. It takes the port to firefox 1.0.6
It fixes a lot of security vulnerabilities. For more information please visit:
http://www.mozilla.org/projects/security/known-vulnerabilities.html
ok brad@

Log message:
Switch back to gtk1, as there are side-effects that need to be discussed
more and it's too close to release to be having such discussions, showing
this was not thought out very well.
Bump PKGNAME and shlibs again

Log message:
-switch to gtk2 (originally from msf@) tested by many
some minor scrolling issues noticed my naddy@
-fix US master site
ok msf@, fine by me naddy@, go ahead wilfried@

Log message:
- update to 1.0.6 from Bernd Ahlers
- remove "Extentions don't work" from DESCR
tested on i386/amd64/macppc by myself, naddy@ and/or Bernd

Log message:
Sync the port with the current one. It takes the port to firefox 1.0.4.
It fixes a lot of security vulnerabilities. For more information please visit:
http://www.mozilla.org/projects/security/known-vulnerabilities.html
ok brad@

Log message:
- USE_SYSTRACE was written to be transparent to the port author. Adding i
${_SYSTRACE_CMD} to any target in a port Makefile is a mistake.
ok sturm@ kurt@

Log message:
update to firefox 1.0.4
fixed remote code execution of Javascript and DHTML errors.

Log message:
update firefox to 1.0.3

Log message:
- make the build OFFICAL. This enables firefox to detect and upgrade
profiles that need to be upgraded automatically. Many annoying profile
issues will be gone now.
- Mention deleting extensions/Extensions.rdf and also the old ~/.firefox
as a location for profiles in MESSAGE. ~/.firefox will continue to be used
on systems that have been upgraded from older firefox versions.
OFFICAL build okay wilfried@

Log message:
- bump major shlib version
- move INSTALL/DEINSTALL code to PLIST
- remove unused ldap config/patches

Log message:
- fix CUPS printing: fix partial so version and don't dlclose lib.
- remove partial so version on freetype
CUPS testing and ok by mbalmer@ idea from wilfried@

Log message:
- don't unload dependent libs (avoid dlclose bug)
- fix alpha wantlib
- adjust depends for esound & ORBit
okay alek@

Log message:
update firefox to 1.0.2

Log message:
disable thread priority scheduling as moz doesn't
cope with round-robin priority scheduling, from kettenis@

Log message:
Tentative step for extensions, at least firefox stops whining.
From jamesw at bsdhosting.co.za, cleanup by me.
ok pval@, naddy@

Log message:
document that extensions don't work; should calm fgsch@

Log message:
* Update to 1.0.1.  Fixes IDN spoofing and other vulnerabilities.
* Dependency fixes from alek@
* Don't install world-writable files and directories related to
extensions.  Breaks functionality in that area.

Log message:
fix system png include path

Log message:
bump pkgname

Log message:
always use own nspr

Log message:
SIZE

Log message:
let's make some noise, using esound

Log message:
sync with update-patches

Log message:
sync with thunderbird

Log message:
fix SUBST_VARS

Log message:
Add WANTLIB markers

Log message:
Do not disable ProPolice, we have reports of success for most platforms.
ok pvalchev@

Log message:
mozilla-firefox-1.0; based on work by wilfried/robert/naddy

Log message:
i386 gcc3 support.
ok wilfried@

Log message:
fix building againt new freetype, sync w/update-patches

Log message:
fix build now that we have getproto*_r

Log message:
gcc3/powerpc

Log message:
new style conflicts

Log message:
SECURITY:
The added patch fixes some libpng buffer overflow vulnerabilities in
mozilla's png decoder module.
http://bugzilla.mozilla.org/show_bug.cgi?id=251381
new-style PLIST

Log message:
fix up MODGNU_CONFIG_GUESS_DIRS

Log message:
Sync DESCR with reality.
"Free commits :-)" MAINTAINER

Log message:
use no-autoheader and explicitly set autoconf version

Log message:
disable IPv6 for 3.5 as it presents dns-resolution problems (and there is no time
for other fixes)
numerous people report success with this reverted.

Log message:
enable propolice on sparc64; ok pvalchev@

Log message:
Patches to make firefox work on OpenBSD/macppc

Log message:
spacing

Log message:
amd64 support from FreeBSD & bugzilla

Log message:
resolve more than one host name simultaneously, needed with last patch
from netbsd

Log message:
enable ipv6

Log message:
The sparc64 compiler is gcc3 now; don't require the gcc3 module.

Log message:
forgot to remove graphics/libmng dependency