Subject: CVS commit: pkgsrc/www/firefox
From: Ryo ONODERA
Date: 2025-01-14 14:36:15
Message id: 20250114133615.B8CE5FC1D@cvs.NetBSD.org
Log Message:
www/firefox: Update to 134.0

Changelog:
134.0:
New

  * Firefox now supports touchpad hold gestures on Linux. This means that
    kinetic (momentum) scrolling can now be interrupted by placing two fingers
    on the touchpad.

  * Hardware-accelerated playback of HEVC video content is now supported on
    Windows.

  * Ecosia's availability has been expanded to all languages in the German
    region along with Austria, Belgium, Italy, Netherlands, Spain, Sweden and
    Switzerland.

Fixed

  * Various security fixes.

Changed

  * Firefox now follows the model HTML specification for transient user
    activation more closely. This change makes popup blocking less strict in
    cases where previous versions of Firefox were overly aggressive, reducing
    erroneous blocking prompts.

  * A refreshed New Tab layout is being rolled out to users in the US and
    Canada, featuring a repositioned logo and weather widget to prioritize Web
    Search, Shortcuts, and Recommended Stories at the top. The update includes
    changes to the card UI for recommended stories and allows users with larger
    screens to see up to four columns, making better use of space.

    Currently available in: Canada, United States
    [progressiv]

    This feature is part of a progressive roll out.

Security fixes:
Mozilla Foundation Security Advisory 2025-01
#CVE-2025-0244: Address bar spoofing using an invalid protocol scheme on
 Firefox for Android
#CVE-2025-0245: Lock screen setting bypass in Firefox Focus for Android
#CVE-2025-0246: Address bar spoofing using an invalid protocol scheme on
 Firefox for Android
#CVE-2025-0237: WebChannel APIs susceptible to confused deputy attack
#CVE-2025-0238: Use-after-free when breaking lines in text
#CVE-2025-0239: Alt-Svc ALPN validation failure when redirected
#CVE-2025-0240: Compartment mismatch when parsing JavaScript JSON module
#CVE-2025-0241: Memory corruption when using JavaScript Text Segmentation
#CVE-2025-0242: Memory safety bugs fixed in Firefox 134, Thunderbird 134,
 Firefox ESR 115.19, Firefox ESR 128.6, Thunderbird 115.19, and Thunderbird
 128.6
#CVE-2025-0243: Memory safety bugs fixed in Firefox 134, Thunderbird 134,
 Firefox ESR 128.6, and Thunderbird 128.6
#CVE-2025-0247: Memory safety bugs fixed in Firefox 134 and Thunderbird 134
Files:
RevisionActionfile
1.622modifypkgsrc/www/firefox/Makefile
1.549modifypkgsrc/www/firefox/distinfo
1.292modifypkgsrc/www/firefox/mozilla-common.mk
1.25modifypkgsrc/www/firefox/files/node-wrapper.sh
1.5modifypkgsrc/www/firefox/patches/patch-netwerk_protocol_http_nsHttpHandler.cpp
1.1addpkgsrc/www/firefox/patches/patch-third__party_rust_quinn-udp_src_unix.rs
1.1removepkgsrc/www/firefox/patches/patch-intl_lwbrk_LineBreaker.cpp
1.1removepkgsrc/www/firefox/patches/patch-js_src_tests_lib_results.py
1.1removepkgsrc/www/firefox/patches/patch-testing_mozbase_mozdevice_mozdevice_adb.py
1.1removepkgsrc/www/firefox/patches/patch-testing_xpcshell_runxpcshelltests.py