CVS commit: pkgsrc/www/firefox

To: pkgsrc-changes%NetBSD.org@localhost
Subject: CVS commit: pkgsrc/www/firefox
From: "Ryo ONODERA" <ryoon%netbsd.org@localhost>
Date: Thu, 26 Feb 2026 13:23:09 +0000

Module Name:    pkgsrc
Committed By:   ryoon
Date:           Thu Feb 26 13:23:09 UTC 2026

Modified Files:
        pkgsrc/www/firefox: Makefile distinfo mozilla-common.mk
        pkgsrc/www/firefox/files: node-wrapper.sh

Log Message:
www/firefox: Update to 148.0

* Use nodejs* in the standard way.

Chnagelog:
148.0:
New

  * Added an AI Controls section to Settings for managing AI-enhanced features.
    Learn more.

  * Firefox now has improved support for screen readers accessing mathematical
    formulas embedded in PDFs.

  * Remote improvements are now decoupled from telemetry requirements in
    Firefox Settings. You can now opt into receiving remote browser changes
    even if you have opted out of sharing telemetry or participating in our
    experimental studies.

  * Firefox Backup is now available on Windows 10 to users who also use the ??
    Clear history when Firefox closes?? capability. Backups will not include
    any data which is set to be cleared when Firefox is closed.

  * The following languages are now available for translation:

      + Translation into and from Traditional Chinese.
      + Translation into Vietnamese.

  * New Tab wallpapers will now appear on new container tabs as well as new
    default tabs.

Fixed

  * Fixed an issue where a language pack could become disabled after a major
    update, causing Firefox to display in the wrong language.

  * On Windows, dragging a downloaded image to Adobe Illustrator now correctly
    inserts the image instead of its URL.

  * Various security fixes.

Security fixes:
Mozilla Foundation Security Advisory 2026-13
#CVE-2026-2757: Incorrect boundary conditions in the WebRTC: Audio/Video
 component
#CVE-2026-2794: Information disclosure due to uninitialized memory in Firefox
 and Firefox Focus for Android
#CVE-2026-2758: Use-after-free in the JavaScript: GC component
#CVE-2026-2759: Incorrect boundary conditions in the Graphics: ImageLib
 component
#CVE-2026-2795: Use-after-free in the JavaScript: GC component
#CVE-2026-2760: Sandbox escape due to incorrect boundary conditions in the
 Graphics: WebRender component
#CVE-2026-2761: Sandbox escape in the Graphics: WebRender component
#CVE-2026-2762: Integer overflow in the JavaScript: Standard Library component
#CVE-2026-2763: Use-after-free in the JavaScript Engine component
#CVE-2026-2764: JIT miscompilation, use-after-free in the JavaScript Engine:
 JIT component
#CVE-2026-2796: JIT miscompilation in the JavaScript: WebAssembly component
#CVE-2026-2797: Use-after-free in the JavaScript: GC component
#CVE-2026-2765: Use-after-free in the JavaScript Engine component
#CVE-2026-2766: Use-after-free in the JavaScript Engine: JIT component
#CVE-2026-2767: Use-after-free in the JavaScript: WebAssembly component
#CVE-2026-2768: Sandbox escape in the Storage: IndexedDB component
#CVE-2026-2798: Use-after-free in the DOM: Core & HTML component
#CVE-2026-2769: Use-after-free in the Storage: IndexedDB component
#CVE-2026-2799: Use-after-free in the DOM: Core & HTML component
#CVE-2026-2770: Use-after-free in the DOM: Bindings (WebIDL) component
#CVE-2026-2771: Undefined behavior in the DOM: Core & HTML component
#CVE-2026-2772: Use-after-free in the Audio/Video: Playback component
#CVE-2026-2773: Incorrect boundary conditions in the Web Audio component
#CVE-2026-2774: Integer overflow in the Audio/Video component
#CVE-2026-2775: Mitigation bypass in the DOM: HTML Parser component
#CVE-2026-2776: Sandbox escape due to incorrect boundary conditions in the
 Telemetry component in External Software
#CVE-2026-2777: Privilege escalation in the Messaging System component
#CVE-2026-2778: Sandbox escape due to incorrect boundary conditions in the DOM:
 Core & HTML component
#CVE-2026-2779: Incorrect boundary conditions in the Networking: JAR component
#CVE-2026-2800: Spoofing issue in the WebAuthn component in Firefox for Android
#CVE-2026-2780: Privilege escalation in the Netmonitor component
#CVE-2026-2781: Integer overflow in the Libraries component in NSS
#CVE-2026-2801: Incorrect boundary conditions in the JavaScript: WebAssembly
 component
#CVE-2026-2782: Privilege escalation in the Netmonitor component
#CVE-2026-2783: Information disclosure due to JIT miscompilation in the
 JavaScript Engine: JIT component
#CVE-2026-2802: Race condition in the JavaScript: GC component
#CVE-2026-2803: Information disclosure, mitigation bypass in the Settings UI
 component
#CVE-2026-2784: Mitigation bypass in the DOM: Security component
#CVE-2026-2785: Invalid pointer in the JavaScript Engine component
#CVE-2026-2804: Use-after-free in the JavaScript: WebAssembly component
#CVE-2026-2786: Use-after-free in the JavaScript Engine component
#CVE-2026-2805: Invalid pointer in the DOM: Core & HTML component
#CVE-2026-2787: Use-after-free in the DOM: Window and Location component
#CVE-2026-2788: Incorrect boundary conditions in the Audio/Video: GMP component
#CVE-2026-2789: Use-after-free in the Graphics: ImageLib component
#CVE-2026-2806: Uninitialized memory in the Graphics: Text component
#CVE-2026-2790: Same-origin policy bypass in the Networking: JAR component
#CVE-2026-2791: Mitigation bypass in the Networking: Cache component
#CVE-2026-2807: Memory safety bugs fixed in Firefox 148 and Thunderbird 148
#CVE-2026-2792: Memory safety bugs fixed in Firefox ESR 140.8, Thunderbird ESR
 140.8, Firefox 148 and Thunderbird 148
#CVE-2026-2793: Memory safety bugs fixed in Firefox ESR 115.33, Firefox ESR
 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148


To generate a diff of this commit:
cvs rdiff -u -r1.658 -r1.659 pkgsrc/www/firefox/Makefile
cvs rdiff -u -r1.578 -r1.579 pkgsrc/www/firefox/distinfo
cvs rdiff -u -r1.308 -r1.309 pkgsrc/www/firefox/mozilla-common.mk
cvs rdiff -u -r1.36 -r1.37 pkgsrc/www/firefox/files/node-wrapper.sh

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/www/firefox/Makefile
diff -u pkgsrc/www/firefox/Makefile:1.658 pkgsrc/www/firefox/Makefile:1.659
--- pkgsrc/www/firefox/Makefile:1.658   Mon Feb  9 17:03:42 2026
+++ pkgsrc/www/firefox/Makefile Thu Feb 26 13:23:09 2026
@@ -1,8 +1,8 @@
-# $NetBSD: Makefile,v 1.658 2026/02/09 17:03:42 ryoon Exp $
+# $NetBSD: Makefile,v 1.659 2026/02/26 13:23:09 ryoon Exp $
 
 FIREFOX_VER=           ${MOZ_BRANCH}${MOZ_BRANCH_MINOR}
-MOZ_BRANCH=            147.0
-MOZ_BRANCH_MINOR=      .3
+MOZ_BRANCH=            148.0
+MOZ_BRANCH_MINOR=      
 
 DISTNAME=      firefox-${FIREFOX_VER}.source
 PKGNAME=       ${DISTNAME:S/.source//:S/b/beta/:S/esr//}
@@ -11,7 +11,7 @@ MASTER_SITES+=        ${MASTER_SITE_MOZILLA:=fi
 MASTER_SITES+= ${MASTER_SITE_MOZILLA_ALL:=firefox/releases/${FIREFOX_VER}/source/}
 EXTRACT_SUFX=  .tar.xz
 
-NODEJSKIT=             nodejs-output-147.0.tgz
+NODEJSKIT=             nodejs-output-148.0.tgz
 DISTFILES=             ${DEFAULT_DISTFILES} ${NODEJSKIT}
 SITES.${NODEJSKIT}=    ${MASTER_SITE_LOCAL}
 

Index: pkgsrc/www/firefox/distinfo
diff -u pkgsrc/www/firefox/distinfo:1.578 pkgsrc/www/firefox/distinfo:1.579
--- pkgsrc/www/firefox/distinfo:1.578   Mon Feb  9 17:03:42 2026
+++ pkgsrc/www/firefox/distinfo Thu Feb 26 13:23:09 2026
@@ -1,11 +1,11 @@
-$NetBSD: distinfo,v 1.578 2026/02/09 17:03:42 ryoon Exp $
+$NetBSD: distinfo,v 1.579 2026/02/26 13:23:09 ryoon Exp $
 
-BLAKE2s (firefox-147.0.3.source.tar.xz) = 8856a155d088c9249a357499fa20b01bc32b8c9bd14de96774703821f364ebc7
-SHA512 (firefox-147.0.3.source.tar.xz) = 37e39c47d694eccdcabb7d8a0a4cfe1b02860a97f604653f364c60f4e98796ffc7f1c6ab51226b2e5034a4b4805ccc6ec3983f0d830c9f36692df2ec261273d9
-Size (firefox-147.0.3.source.tar.xz) = 658641660 bytes
-BLAKE2s (nodejs-output-147.0.tgz) = e88c1c8c5117fbfb4fd089267b9a0a6882520ed7bcc1dc494b734b491b448892
-SHA512 (nodejs-output-147.0.tgz) = e99a5de23ad0aa5ab0f040bfe400c1ed210547421fa19026efe280c522773faa8b76106952bbc42c7bb765349c6a3ca9cc3b76d8cfcbbff5d72db65054e44339
-Size (nodejs-output-147.0.tgz) = 249306 bytes
+BLAKE2s (firefox-148.0.source.tar.xz) = 33f76276fd34a473954fe1946ff9fc641d50d3a2bc2d4e21d22cf4817ad6e3fd
+SHA512 (firefox-148.0.source.tar.xz) = b0e862091f3a07a02890f6414e77b433893364a8beaf522d440e97ed0060c9b14bdb2fffdecdf12dca849efce8c57d95a534b23e04259d83a96ee8f29e078349
+Size (firefox-148.0.source.tar.xz) = 660022936 bytes
+BLAKE2s (nodejs-output-148.0.tgz) = f67838f30f27cd499d638f32ce6271c2bdec15b853b6e39d5a75b8e67a8d119d
+SHA512 (nodejs-output-148.0.tgz) = 003027b283110e1aca1d46ec3f576c7d9d6be03eeead93ffde47cc2ac0f01a533d3409d8caf2671a9473d7479b3d7d61030d287cbbb01480a0668a4fc4d1c40e
+Size (nodejs-output-148.0.tgz) = 249268 bytes
 SHA1 (patch-browser_app_profile_firefox.js) = 1eaa674c0aa8279e2f9dc2eda582650a08156d65
 SHA1 (patch-build_gn__processor.py) = 078f773104bf4c1b30584564aefe365db6ba6daf
 SHA1 (patch-build_moz.configure_init.configure) = 65deb3c233df0aab81eb1fca05d708e5a4ed169a

Index: pkgsrc/www/firefox/mozilla-common.mk
diff -u pkgsrc/www/firefox/mozilla-common.mk:1.308 pkgsrc/www/firefox/mozilla-common.mk:1.309
--- pkgsrc/www/firefox/mozilla-common.mk:1.308  Mon Jan 19 13:43:00 2026
+++ pkgsrc/www/firefox/mozilla-common.mk        Thu Feb 26 13:23:09 2026
@@ -1,4 +1,4 @@
-# $NetBSD: mozilla-common.mk,v 1.308 2026/01/19 13:43:00 tsutsui Exp $
+# $NetBSD: mozilla-common.mk,v 1.309 2026/02/26 13:23:09 ryoon Exp $
 #
 # common Makefile fragment for mozilla packages based on gecko 2.0.
 #
@@ -28,7 +28,8 @@ GCC_REQD+=            10
 TOOL_DEPENDS+=         cbindgen>=0.29.1:../../devel/cbindgen
 
 .if defined(FIREFOX_MAINTAINER) && !defined(MAINTAINER_INTERNAL)
-TOOL_DEPENDS+=         nodejs-[0-9]*:../../lang/nodejs
+BUILDLINK_DEPMETHOD.nodejs=    build
+.include "../../lang/nodejs/nodeversion.mk"
 USE_TOOLS+=            diff
 .else
 CONFIGURE_ENV+=                NODEJS="${FILESDIR}/node-wrapper.sh"
@@ -260,7 +261,7 @@ BUILDLINK_API_DEPENDS.nspr+=        nspr>=4.34
 BUILDLINK_API_DEPENDS.icu+=    icu>=78.1
 .include "../../textproc/icu/buildlink3.mk"
 # See build/moz.configure/nss.configure
-BUILDLINK_API_DEPENDS.nss+=    nss>=3.119
+BUILDLINK_API_DEPENDS.nss+=    nss>=3.120.1
 .include "../../devel/nss/buildlink3.mk"
 .include "../../devel/zlib/buildlink3.mk"
 #.include "../../mk/jpeg.buildlink3.mk"

Index: pkgsrc/www/firefox/files/node-wrapper.sh
diff -u pkgsrc/www/firefox/files/node-wrapper.sh:1.36 pkgsrc/www/firefox/files/node-wrapper.sh:1.37
--- pkgsrc/www/firefox/files/node-wrapper.sh:1.36       Mon Jan 19 12:06:03 2026
+++ pkgsrc/www/firefox/files/node-wrapper.sh    Thu Feb 26 13:23:09 2026
@@ -1,6 +1,6 @@
 #! /bin/sh
 
-VERS=v25.3.0
+VERS=v25.6.1
 
 if [ "$1" = "-v" ] || [ "$1" = "--version" ]; then
        printf "${VERS}\n"

Prev by Date: CVS commit: pkgsrc/doc
Next by Date: CVS commit: pkgsrc/doc
Previous by Thread: CVS commit: pkgsrc/doc
Next by Thread: CVS commit: pkgsrc/doc
Indexes:

Home | Main Index | Thread Index | Old Index