Log message:
firefox: 128 requires nss>=3.101

Log message:
firefox: fix unportable test(1) operator

Log message:
www/firefox: Update to 128.0

* Use multimedia/ffmpeg7.

Changelog:
New

  * Firefox can now translate selections of text and hyperlinked text to other
    languages from the context menu.

  * For users in the US and Canada, Firefox will now show your recent searches
    or currently trending searches when you open the Address Bar to get you
    back to your previous search session or inspire your next one.

  * Firefox now has a simpler and more unified dialog for clearing user data.
    In addition to streamlining data categories, the new dialog also provides
    insights into the site data size corresponding to the selected time range.

  * Firefox now supports playback of protected content from streaming sites
    like Netflix while in Private Browsing mode.

  * Firefox now supports the experimental Privacy Preserving Attribution API,
    which provides an alternative to user tracking for ad attribution. This
    experiment is only enabled via origin trial and can be disabled in the new
    Website Advertising Preferences section in the Privacy and Security
    settings.

  * On macOS, microphone capture through getUserMedia will now use
    system-provided voice processing when applicable, improving audio quality.

  * Firefox is now available in the Saraiki (skr) language.

Fixed

  * Firefox now proxies DNS by default when using SOCKS v5, avoiding leaking
    DNS queries to the network when using SOCKS v5 proxies.

  * Various security fixes.

Security fixes:
Mozilla Foundation Security Advisory 2024-29
#CVE-2024-6605: Firefox Android missed activation delay to prevent tapjacking
#CVE-2024-6606: Out-of-bounds read in clipboard component
#CVE-2024-6607: Leaving pointerlock by pressing the escape key could be
 prevented
#CVE-2024-6608: Cursor could be moved out of the viewport using pointerlock.
#CVE-2024-6609: Memory corruption in NSS
#CVE-2024-6610: Form validation popups could block exiting full-screen mode
#CVE-2024-6600: Memory corruption in WebGL API
#CVE-2024-6601: Race condition in permission assignment
#CVE-2024-6602: Memory corruption in NSS
#CVE-2024-6603: Memory corruption in thread creation
#CVE-2024-6611: Incorrect handling of SameSite cookies
#CVE-2024-6612: CSP violation leakage when using devtools
#CVE-2024-6613: Incorrect listing of stack frames
#CVE-2024-6614: Incorrect listing of stack frames
#CVE-2024-6604: Memory safety bugs fixed in Firefox 128, Firefox ESR 115.13,
 and Thunderbird 115.13
#CVE-2024-6615: Memory safety bugs fixed in Firefox 128

Log message:
firefox: reflect correct minimums for 127

Log message:
www/firefox: Update to 127.0.2

Changelog:
127.0.2:
Fixed

  * Fixed an issue where YouTube playback may experience stalling under certain
    conditions (bug 1900191, bug 1878510).

  * Fixed an issue where the Private Window icon was displayed in the taskbar
    on Windows when browser.privateWindowSeparation.enabled was set to false (
    bug 1901840).

127.0.1:
Fixed

  * Fixed an issue where users with a primary password set on their profile
    could lose their previous session of tabs upon upgrading if they dismissed
    the primary password prompt (bug 1901899).

  * Fixed an issue where Linux users with accessibility.monoaudio.enable set to
    true were experiencing slow audio speeds (bug 1900972).

  * Fixed an issue where, in some circumstances, the Firefox installer on
    Windows failed to complete the installation (bug 1896868).

  * Fixed an issue causing Firefox to incorrectly reject cookies for certain
    websites (bug 1901325).

127.0:
New

  * You can now set Firefox to automatically launch whenever you start or
    restart your Windows computer. Setting Firefox to auto-launch optimizes
    efficiency in our browser-centric digital routines, eliminating manual
    startup delays and facilitating immediate web access. (Learn more)

  * We completed work to optimize and enable DNS prefetching for HTTPS
    documents via the rel="dns-prefetch" link hint. This standard \ 
allows web
    developers to specify domain names for important assets that should be
    resolved preemptively.

  * It is now possible to close all duplicate tabs in a window with the Close
    duplicate tabs command available from the List all tabs widget in the tab
    bar or a tab context menu.

  * Firefox will now automatically try to upgrade <img>, <audio>, \ 
and <video>
    elements from HTTP to HTTPS if they are embedded within an HTTPS page. If
    these so-called mixed content elements do not support HTTPS, they will no
    longer load.

  * For added protection on MacOS and Windows, a device sign in (e.g. your
    operating system password, fingerprint, face or voice login if enabled) can
    be required when accessing and filling stored passwords in the Firefox
    Password Manager about:logins page.

Fixed

  * Various security fixes.

Changed

  * To reduce user fingerprinting information and the risk of some website
    compatibility issues, the CPU architecture for 32-bit x86 Linux will now be
    reported as x86_64 in Firefox's User-Agent string and navigator.platform
    and navigator.oscpu Web APIs.

  * Links and other focusable elements are now tab-navigable by default on
    macOS, instead of following macOS' "Keyboard navigation" setting. \ 
This is a
    more accessible default and matches the default in all other platforms. A
    checkbox in the settings page still allows users to restore the old
    behavior.

  * The Screenshots feature in Firefox has gotten a big update! It now supports
    taking screenshots of file types like SVG, XML, and more as well as various
    about: pages within Firefox. We've also made the screenshot tool more
    accessible to everyone by implementing new keyboard shortcuts and adding
    theme compatibility and High Contrast Mode (HCM) support. And finally,
    performance for capturing large screenshots has been improved.

Security fixes:
Mozilla Foundation Security Advisory 2024-25
#CVE-2024-5687: An incorrect principal could have been used when opening new
 tabs
#CVE-2024-5688: Use-after-free in JavaScript object transplant
#CVE-2024-5689: User confusion and possible phishing vector via Firefox
 Screenshots
#CVE-2024-5690: External protocol handlers leaked by timing attack
#CVE-2024-5691: Sandboxed iframes were able to bypass sandbox restrictions to
 open a new window
#CVE-2024-5692: Bypass of file name restrictions during saving
#CVE-2024-5693: Cross-Origin Image leak via Offscreen Canvas
#CVE-2024-5694: Use-after-free in JavaScript Strings
#CVE-2024-5695: Memory Corruption using allocation using out-of-memory
 conditions
#CVE-2024-5696: Memory Corruption in Text Fragments
#CVE-2024-5697: Website was able to detect when Firefox was taking a screenshot
 of them
#CVE-2024-5698: Data-list could have overlaid address bar
#CVE-2024-5699: Cookie prefixes not treated as case-sensitive
#CVE-2024-5700: Memory safety bugs fixed in Firefox 127, Firefox ESR 115.12,
 and Thunderbird 115.12
#CVE-2024-5701: Memory safety bugs fixed in Firefox 127

Log message:
firefox*: Prune -Wl,-rpath-link on SunOS.

Log message:
revbump after icu and protobuf updates

Log message:
www/firefox: Update to 126.0

CHangelog:
126.0:
New

  * The Copy Without Site Tracking option can now remove parameters from nested
    URLs. It also includes expanded support for blocking over 300 tracking
    parameters from copied links, including those from major shopping websites.
    Keep those trackers away when sharing links!

  * Firefox now supports Content-encoding: zstd (zstandard compression). This
    is an alternative to broti and gzip compression for web content, and can
    provide higher compression levels for the same CPU used, or conversely
    lower server CPU use to get the same compression. This is heavily used on
    sites such as Facebook.

  * Catalan is now available in Firefox Translations.

  * Enabled AV1 hardware decode acceleration on macOS for M3 Macs.

  * Telemetry was added to create an aggregate count of searches by category to
    broadly inform search feature development. These categories are based on 20
    high-level content types, such as "sports,?? "business," and \ 
"travel". This
    data will not be associated with specific users and will be collected using
    OHTTP to remove IP addresses as potentially identifying metadata. No
    profiling will be performed, and no data will be shared with third parties.
    (read more)

  * NVIDIA RTX Video Super Resolution (??VSR??) is now available in Firefox.
    RTX VSR enhances and sharpens lower resolution video when upscaled to
    higher resolutions and also removes blocky artifacts commonly visible on
    low bitrate streamed video. VSR requires at least a 20-series or higher
    NVIDIA RTX GPU, Microsoft Windows 10/11 64-bit, and NVIDIA driver version
    R530 or higher. The feature can be enabled in the NVIDIA control panel.

  * NVIDIA RTX Video HDR is now available in Firefox. RTX Video HDR
    automatically converts SDR video to vibrant HDR10 in real time, letting you
    enjoy video with improved clarity on your HDR10 panel. It requires at least
    a 20-series NVIDIA RTX GPU, Microsoft Windows 10/11 64-bit, and NVIDIA
    driver version 550 or higher. The feature can be enabled in the NVIDIA
    control panel.

Fixed

  * Various security fixes.

Changed

  * The URL Paste Suggestion feature added in Fx125 was temporarily disabled
    while the team investigates a potential performance issue. The feature will
    be re-enabled in a future release once the performance issue is addressed.

Security fixes:
Mozilla Foundation Security Advisory 2024-21
#CVE-2024-4764: Use-after-free when audio input connected with multiple
 consumers
#CVE-2024-4367: Arbitrary JavaScript execution in PDF.js
#CVE-2024-4765: Web application manifests could have been overwritten via hash
 collision
#CVE-2024-4766: Fullscreen notification could have been obscured on Firefox for
#CVE-2024-4767: IndexedDB files retained in private browsing mode
#CVE-2024-4768: Potential permissions request bypass via clickjacking
#CVE-2024-4769: Cross-origin responses could be distinguished between script
 and non-script content-types
#CVE-2024-4770: Use-after-free could occur when printing to PDF
#CVE-2024-4771: Failed allocation could lead to use-after-free
#CVE-2024-4772: Use of insecure rand() function to generate nonce
#CVE-2024-4773: URL bar could be cleared after network error
#CVE-2024-4774: Undefined behavior in ShmemCharMapHashEntry()
#CVE-2024-4775: Invalid memory access in the built-in profiler
#CVE-2024-4776: Window may remain disabled after file dialog is shown in
 full-screen
#CVE-2024-4777: Memory safety bugs fixed in Firefox 126, Firefox ESR 115.11,
 and Thunderbird 115.11
#CVE-2024-4778: Memory safety bugs fixed in Firefox 126

Log message:
mozilla: Support illumos triple.

Log message:
mozilla: Support config-override.