Subject: CVS commit: pkgsrc/www/firefox
From: Ryo ONODERA
Date: 2021-08-13 16:57:52
Message id: 20210813145752.F2570FA97@cvs.NetBSD.org
Log Message:
firefox: Update to 91.0

* Convert to --enable-chrome-format=omni.
  It is not necessary to modify JavaScript files to improve support recently.
* Fix build under NetBSD/i386 like lang/mozjs78.

Changelog:
New

  * Building on Total Cookie Protection, we've added a more comprehensive logic
    for clearing cookies that prevents hidden data leaks and makes it easy for
    users to understand which websites are storing local information. Learn
    more

  * Firefox now supports logging into Microsoft, work, and school accounts
    using Windows single sign-on. Learn more

  * The simplify page when printing feature is back! When printing, under More
    settings > Format select the Simplified option when available to get a
    clutter-free page. Learn more

  * HTTPS-First Policy: Firefox Private Browsing windows now attempt to make
    all connections to websites secure, and fall back to insecure connections
    only when websites do not support it. Learn more

  * We've added a new locale: Scots (sco)

  * The address bar now provides Switch to Tab results also in Private Browsing
    windows.

  * Firefox now automatically enables High Contrast Mode when "Increase
    Contrast" is checked on MacOS

  * Firefox now does catch-up paints for almost all user interactions, enabling
    a 10-20% improvement in response time to most user interactions.

Fixed

  * Various security fixes

Enterprise

  * Various bug fixes and new policies have been implemented in the latest
    version of Firefox. See more details in the Firefox for Enterprise 91
    Release Notes.

Developer

  * Developer Information

Web Platform

  * The Visual Viewport API is now supported on desktop platforms

Security fixes:
#CVE-2021-29986: Race condition when resolving DNS names could have led to
 memory corruption
#CVE-2021-29981: Live range splitting could have led to conflicting assignments
 in the JIT
#CVE-2021-29988: Memory corruption as a result of incorrect style treatment
#CVE-2021-29983: Firefox for Android could get stuck in fullscreen mode
#CVE-2021-29984: Incorrect instruction reordering during JIT optimization
#CVE-2021-29980: Uninitialized memory in a canvas object could have led to
 memory corruption
#CVE-2021-29987: Users could have been tricked into accepting unwanted
 permissions on Linux
#CVE-2021-29985: Use-after-free media channels
#CVE-2021-29982: Single bit data leak due to incorrect JIT optimization and
 type confusion
#CVE-2021-29989: Memory safety bugs fixed in Firefox 91 and Firefox ESR 78.13
#CVE-2021-29990: Memory safety bugs fixed in Firefox 91
Files:
RevisionActionfile
1.488modifypkgsrc/www/firefox/Makefile
1.177modifypkgsrc/www/firefox/PLIST
1.441modifypkgsrc/www/firefox/distinfo
1.204modifypkgsrc/www/firefox/mozilla-common.mk
1.63modifypkgsrc/www/firefox/options.mk
1.3modifypkgsrc/www/firefox/files/node-wrapper.sh