Subject: CVS commit: pkgsrc/www/firefox
From: Ryo ONODERA
Date: 2021-11-11 17:48:04
Message id: 20211111164804.8284EFAEC@cvs.NetBSD.org

Log Message:
firefox: Update to 94.0.1

Changelog:
94.0.1
Fixed
* Fixed browser hangs when viewing fullscreen videos on macOS 10.12 (bug 1737998)

94.0
New
  * Colorways animated screenshot

    With 94, you'll find a selection of six fun seasonal Colorways (available
    for a limited time only). Now you can find a color to suit (or lift) your
    every mood.
    Fun fact: Did you know we have more daily users with color themes than dark
    or Alpenglow on Beta? With Firefox 89, 32% of users clicked through to
    customize their color theme. And that was just on the first day! We decided
    to introduce these new Colorways to give our users more to love.

  * Firefox macOS now uses Apple's low power mode for fullscreen video on sites
    such as YouTube and Twitch. This meaningfully extends battery life in long
    viewing sessions. Now your kids can find out what the fox says on a loop
    without you ever missing a beat'

  * With this release, power users can use about:unloads to release system
    resources by manually unloading tabs without closing them.

  * On Windows, there will now be fewer interruptions because Firefox won't
    prompt you for updates. Instead, a background agent will download and
    install updates even if Firefox is closed.

  * And on Linux, we've improved WebGL performance and reduced power
    consumption for many users.

  * To better protect all Firefox users against side-channel attacks such as
    Spectre, we're introducing Site Isolation. It will be rolled out to
    Firefox 94 users over the next few weeks. We've got your
    back...errr...side!

  * We're rolling out the Firefox Multi-Account Containers extension with
    Mozilla VPN integration. This lets you use a different server location for
    each container.

  * Firefox no longer warns you by default when you exit the browser or close a
    window using a menu, button, or three-key command. This should cut back on
    unwelcome notifications which is always nice--however, if you prefer a bit
    of notice, you'll still have full control over the quit/close modal
    behavior. All warnings can be managed within Firefox Settings. No worries!
    (More details)

  * And now, Firefox supports the new Snap Layouts menus when running on
    Windows 11.

Fixed

  * We've reduced the overhead of using performance.mark() and
    performance.measure() APIs with a large set of performance entries.

  * Plus, we've modified paint suppression during load to greatly improve
    warmload performance in Site Isolation mode.

  * You'll also notice a small reduction in Javascript memory usage.

  * With this release, you'll notice faster Javascript property enumeration as
    well.

  * We've also implemented better scheduling of garbage collection which has
    improved some pageload benchmarks.

  * This release also sees reduced CPU usage during socket polling for HTTPS
    connections.

  * Additionally, you'll notice faster storage initialization.

  * We've also improved cold startup by reducing main thread I/O.

  * Plus, closing devtools now reclaims more memory than ever before.

  * And we've improved pageload (especially with Site Isolation mode) by
    setting a higher priority for loading and displaying images.

  * Various security fixes

Enterprise

  * Enterprise users now have more control over Firefox deployments with the
    availability of our MSIX package on Windows platforms.

  * You'll also notice various bug fixes and new policies have been
    implemented in this latest version of Firefox. See more details in the
    Firefox for Enterprise 94 Release Notes.

Security fixes:
#CVE-2021-38503: iframe sandbox rules did not apply to XSLT stylesheets
#CVE-2021-38504: Use-after-free in file picker dialog
#CVE-2021-38505: Windows 10 Cloud Clipboard may have recorded sensitive user
 data
#CVE-2021-38506: Firefox could be coaxed into going into fullscreen mode
 without notification or warning
#CVE-2021-38507: Opportunistic Encryption in HTTP2 could be used to bypass the
 Same-Origin-Policy on services hosted on other ports
#MOZ-2021-0003: Universal XSS in Firefox for Android via QR Code URLs
#CVE-2021-38508: Permission Prompt could be overlaid, resulting in user
 confusion and potential spoofing
#MOZ-2021-0004: Web Extensions could access pre-redirect URL when their context
 menu was triggered by a user
#CVE-2021-38509: Javascript alert box could have been spoofed onto an arbitrary
 domain
#CVE-2021-38510: Download Protections were bypassed by .inetloc files on Mac OS
#MOZ-2021-0005: 'Copy Image Link' context menu action could have been abused to
 see authentication tokens
#MOZ-2021-0006: URL Parsing may incorrectly parse internationalized domains
#MOZ-2021-0007: Memory safety bugs fixed in Firefox 94 and Firefox ESR 91.3

Files:
RevisionActionfile
1.1removepkgsrc/www/firefox/patches/patch-js_src_wasm_WasmBCRegDefs.h
1.3modifypkgsrc/www/firefox/patches/patch-gfx_angle_checkout_src_compiler_translator_InfoSink.h
1.8modifypkgsrc/www/firefox/patches/patch-config_makefiles_rust.mk
1.5modifypkgsrc/www/firefox/files/node-wrapper.sh
1.453modifypkgsrc/www/firefox/distinfo
1.179modifypkgsrc/www/firefox/PLIST
1.500modifypkgsrc/www/firefox/Makefile