Subject: CVS commit: pkgsrc/www/firefox
From: Ryo ONODERA
Date: 2024-08-12 16:03:33
Message id: 20240812140333.21FB6FC74@cvs.NetBSD.org
Log Message:
www/firefox: Update to 129.0

Changelog:
129.0:
New

  * Reader View now has an enhanced Text and Layout menu with new options for
    character spacing, word spacing, and text alignment. These changes offer a
    more accessible reading experience.

  * Reader View now has a Theme menu with additional Contrast and Gray options.
    You can also select custom colors for text, background, and links from the
    Custom tab.

  * A tab preview is now displayed when hovering the mouse over background
    tabs, making it easier to locate the desired tab without needing to switch
    tabs.

    This feature is part of a progressive roll out.

  * HTTPS is replacing HTTP as the default protocol in the address bar on
    non-local sites. If a site is not available via HTTPS, Firefox will fall
    back to HTTP.

  * HTTPS DNS records can now be resolved with the operating system's DNS
    resolver on specific platforms (Windows 11, Linux, Android 10+). Previously
    this required DNS over HTTPS to be enabled. This capability allows the use
    of HTTP/3 without needing to use the Alt-Svc header, upgrades requests to
    HTTPS when the DNS record is present, and enables wider use of ECH.

  * Added support for multiple languages in the same document spoken in macOS
    VoiceOver.

  * Address Autofill is now enabled for users in France and Germany.

Fixed

  * Various security fixes.

#

Enterprise

  * You can find information about policy updates and enterprise specific bug
    fixes in the Firefox for Enterprise 129 Release Notes.

Security fixes:
Mozilla Foundation Security Advisory 2024-33
#CVE-2024-7518: Fullscreen notification dialog can be obscured by document
 content
#CVE-2024-7519: Out of bounds memory access in graphics shared memory handling
#CVE-2024-7520: Type confusion in WebAssembly
#CVE-2024-7521: Incomplete WebAssembly exception handing
#CVE-2024-7522: Out of bounds read in editor component
#CVE-2024-7523: Document content could partially obscure security prompts
#CVE-2024-7524: CSP strict-dynamic bypass using web-compatibility shims
#CVE-2024-7525: Missing permission check when creating a StreamFilter
#CVE-2024-7526: Uninitialized memory used by WebGL
#CVE-2024-7527: Use-after-free in JavaScript garbage collection
#CVE-2024-7528: Use-after-free in IndexedDB
#CVE-2024-7529: Document content could partially obscure security prompts
#CVE-2024-7530: Use-after-free in JavaScript code coverage collection
#CVE-2024-7531: PK11_Encrypt using CKM_CHACHA20 can reveal plaintext on Intel
 Sandy Bridge machines
Files:
RevisionActionfile
1.606modifypkgsrc/www/firefox/Makefile
1.537modifypkgsrc/www/firefox/distinfo
1.21modifypkgsrc/www/firefox/files/node-wrapper.sh
1.1addpkgsrc/www/firefox/patches/patch-python_mozbuild_mozbuild_backend_recursivemake.py
1.1addpkgsrc/www/firefox/patches/patch-third__party_sqlite3_ext_moz.build