CVS commit: pkgsrc/www/firefox

["Ryo ONODERA" <ryoon%netbsd.org@localhost>]

Module Name:    pkgsrc
Committed By:   ryoon
Date:           Fri Nov  3 10:20:03 UTC 2023

Modified Files:
        pkgsrc/www/firefox: Makefile PLIST distinfo mozilla-common.mk
        pkgsrc/www/firefox/patches: patch-browser_app_profile_firefox.js
Removed Files:
        pkgsrc/www/firefox/patches: patch-widget_gtk_v4l2test_v4l2test.cpp

Log Message:
firefox: Update 119.0

* Enable WebGL with information by Paul Ripke. Thank you.

Changelog:
119.0
New

  * Gradually rolling out in Fx119, Firefox View includes more content. You can
    now see all open tabs, from all windows. If you sync open tabs, you??ll see
    all tabs from other devices. Browsing history is now listed and you can
    sort by date or by site. As before, recently closed tabs are also listed on
    Firefox View.

    To access Firefox View, select the file folder icon at the top left of your
    tab strip.

    screenshot of Firefox View displaying open tabs and tabs from other devices

  * Gradually rolling out in Fx119, Firefox now allows you to edit PDFs by
    adding images and alt text, in addition to text and drawings.

    screenshot of a photo of a red fox being added to a PDF. The alt text tool
    is open to the left of the photo, ready for a description to be added.

  * Recently closed tabs now persist between sessions that don't have automatic
    session restore enabled. Manually restoring a previous session will
    continue to reopen any previously open tabs or windows.

  * If you're migrating your data from Chrome, Firefox now offers the ability
    to import some of your extensions as well.

  * As part of Total Cookie Protection, Firefox now supports the partitioning
    of Blob URLs, this mitigates a potential tracking vector that third-party
    agents could use to track an individual.

  * The visibility of fonts to websites has been restricted to system fonts and
    language pack fonts in Enhanced Tracking Protection strict mode to mitigate
    font fingerprinting.

  * The Storage Access API web standard was updated to improve security while
    mitigating website breakages and further enabling the phase out of
    third-party cookies in Firefox.

  * Encrypted Client Hello (ECH) is now available to Firefox users, delivering
    a more private browsing experience. ECH extends the encryption used in TLS
    connections to cover more of the handshake and better protect sensitive
    fields. Read more about the launch of ECH on Mozilla Distilled.

  * Media sniffing is no longer applied to files served as type application/
    octet-stream, this allows these files to be downloaded instead of
    attempting playback.

  * On Windows, the mouse pointer will disappear while typing if the relevant
    Windows mouse properties system setting is enabled.

  * Firefox is now available in the Santali (sat) language.

Fixed

  * Fixed an issue causing unexpected jumps in scroll position on Facebook.

  * Various security fixes.

Developer

  * Developer Information
  * Several enhancements have been made to the Inactive CSS styles feature.
    This feature assists in identifying CSS properties that have no effect on
    an element. Pseudo-elements such as ::first-letter, ::cue, and
    ::placeholder are now fully supported.

  * The JSON viewer is particularly useful for debugging REST APIs, as it
    displays formatted JSON responses. Now, if the JSON is invalid or broken,
    it automatically switches to a raw data view, improving the user
    experience.

Web Platform

  * ARIA reflection for simple attributes and default Accessibility Semantics
    for Custom Elements are now supported. Note this includes boolean, enum,
    number, and string attributes, but not attributes that reference other
    elements.

  * credentialless is now supported in Cross-Origin-Embedder-Policy.

  * The CSS attr() function now supports a fallback parameter, for example attr
    (foobar, "Default value").

  * Grouping of items in an array (and iterables) is now easier by using the
    methods Object.groupBy or Map.groupBy.

Security fixes:
#CVE-2023-5721: Queued up rendering could have allowed websites to clickjack
#CVE-2023-5722: Cross-Origin size and header leakage
#CVE-2023-5723: Invalid cookie characters could have led to unexpected errors
#CVE-2023-5724: Large WebGL draw could have led to a crash
#CVE-2023-5725: WebExtensions could open arbitrary URLs
#CVE-2023-5726: Full screen notification obscured by file open dialog on macOS
#CVE-2023-5727: Download Protections were bypassed by .msix, .msixbundle,
 .appx, and .appxbundle files on Windows
#CVE-2023-5728: Improper object tracking during GC in the JavaScript engine
 could have led to a crash.
#CVE-2023-5729: Fullscreen notification dialog could have been obscured by
 WebAuthn prompts
#CVE-2023-5730: Memory safety bugs fixed in Firefox 119, Firefox ESR 115.4, and
 Thunderbird 115.4.1
#CVE-2023-5731: Memory safety bugs fixed in Firefox 119


To generate a diff of this commit:
cvs rdiff -u -r1.574 -r1.575 pkgsrc/www/firefox/Makefile
cvs rdiff -u -r1.186 -r1.187 pkgsrc/www/firefox/PLIST
cvs rdiff -u -r1.512 -r1.513 pkgsrc/www/firefox/distinfo
cvs rdiff -u -r1.265 -r1.266 pkgsrc/www/firefox/mozilla-common.mk
cvs rdiff -u -r1.21 -r1.22 \
    pkgsrc/www/firefox/patches/patch-browser_app_profile_firefox.js
cvs rdiff -u -r1.1 -r0 \
    pkgsrc/www/firefox/patches/patch-widget_gtk_v4l2test_v4l2test.cpp

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/www/firefox/Makefile
diff -u pkgsrc/www/firefox/Makefile:1.574 pkgsrc/www/firefox/Makefile:1.575
--- pkgsrc/www/firefox/Makefile:1.574   Tue Oct 24 22:11:26 2023
+++ pkgsrc/www/firefox/Makefile Fri Nov  3 10:20:03 2023
@@ -1,12 +1,11 @@
-# $NetBSD: Makefile,v 1.574 2023/10/24 22:11:26 wiz Exp $
+# $NetBSD: Makefile,v 1.575 2023/11/03 10:20:03 ryoon Exp $
 
 FIREFOX_VER=           ${MOZ_BRANCH}${MOZ_BRANCH_MINOR}
-MOZ_BRANCH=            118.0
-MOZ_BRANCH_MINOR=      .2
+MOZ_BRANCH=            119.0
+MOZ_BRANCH_MINOR=      
 
 DISTNAME=      firefox-${FIREFOX_VER}.source
 PKGNAME=       ${DISTNAME:S/.source//:S/b/beta/:S/esr//}
-PKGREVISION=   1
 CATEGORIES=    www
 MASTER_SITES+= ${MASTER_SITE_MOZILLA:=firefox/releases/${FIREFOX_VER}/source/}
 MASTER_SITES+= ${MASTER_SITE_MOZILLA_ALL:=firefox/releases/${FIREFOX_VER}/source/}
@@ -68,8 +67,6 @@ LDFLAGS.FreeBSD+=     -lplc4 -lnspr4
 LDFLAGS.Linux+=                -lnspr4
 LDFLAGS.SunOS+=                -lm
 
-# XXX not sure how to test this! likely unnecessary
-NOT_PAX_MPROTECT_SAFE+=        lib/${PKGBASE}/plugin-container
 # Should revisit to complete mprotect support.
 NOT_PAX_MPROTECT_SAFE+=        lib/${PKGBASE}/firefox
 NOT_PAX_MPROTECT_SAFE+=        lib/${PKGBASE}/firefox-bin

Index: pkgsrc/www/firefox/PLIST
diff -u pkgsrc/www/firefox/PLIST:1.186 pkgsrc/www/firefox/PLIST:1.187
--- pkgsrc/www/firefox/PLIST:1.186      Sun Oct 15 07:40:10 2023
+++ pkgsrc/www/firefox/PLIST    Fri Nov  3 10:20:03 2023
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.186 2023/10/15 07:40:10 ryoon Exp $
+@comment $NetBSD: PLIST,v 1.187 2023/11/03 10:20:03 ryoon Exp $
 bin/firefox
 lib/firefox/application.ini
 lib/firefox/browser/chrome/icons/default/default128.png
@@ -32,7 +32,6 @@ lib/firefox/libxul.so
 lib/firefox/omni.ja
 lib/firefox/pingsender
 lib/firefox/platform.ini
-lib/firefox/plugin-container
 lib/firefox/removed-files
 ${PLIST.v4l2_decode}lib/firefox/v4l2test
 lib/firefox/vaapitest

Index: pkgsrc/www/firefox/distinfo
diff -u pkgsrc/www/firefox/distinfo:1.512 pkgsrc/www/firefox/distinfo:1.513
--- pkgsrc/www/firefox/distinfo:1.512   Sun Oct 15 07:41:16 2023
+++ pkgsrc/www/firefox/distinfo Fri Nov  3 10:20:03 2023
@@ -1,12 +1,12 @@
-$NetBSD: distinfo,v 1.512 2023/10/15 07:41:16 ryoon Exp $
+$NetBSD: distinfo,v 1.513 2023/11/03 10:20:03 ryoon Exp $
 
-BLAKE2s (firefox-118.0.2.source.tar.xz) = 4615d3f03d8debf66cf9088934478099e557dbc5cb419765fb0dc91296221697
-SHA512 (firefox-118.0.2.source.tar.xz) = fe9d7951927e44aee98a15840820251b779cc427f27597951497bd01fde3c3f2857942535c64c9d1a64f877c43802771304ed97254bffd9216f554e1af9efbf4
-Size (firefox-118.0.2.source.tar.xz) = 520864692 bytes
+BLAKE2s (firefox-119.0.source.tar.xz) = b245ce806b81cb9a40d6015e5e584b8856b71d9833bd150012fd54e1e8e258be
+SHA512 (firefox-119.0.source.tar.xz) = 4b555c444add36567fd538752b122f227cf78bb70b72c79e6d8ae8d9c2e61c3cdacfae79c37970753b8b5c7716b28c686071eb7b551773c30a76852f3550676c
+Size (firefox-119.0.source.tar.xz) = 523093112 bytes
 BLAKE2s (nodejs-output-118.0.tgz) = cf37a3b8777d485547352627b59b894a28b6eb49edf19b5045bca24b843f602b
 SHA512 (nodejs-output-118.0.tgz) = 08186ec85863a3bac0a6f882d2684685b91eb1f7a24ad292bc7ceb1498b1ecf6a7c084b27a70d693ff38234386a014f8fbdbcc46f09d097b6605b62eee648ee6
 Size (nodejs-output-118.0.tgz) = 220005 bytes
-SHA1 (patch-browser_app_profile_firefox.js) = 948ed3ae6cfb8e2eb4ca4d4082491a71d637cc31
+SHA1 (patch-browser_app_profile_firefox.js) = a0a3d429f9eb5e0c95a94efed407a18e5e12328d
 SHA1 (patch-build_moz.configure_rust.configure) = 25ddfacd29cebbc6db005dbe61a2a7446d480678
 SHA1 (patch-config_gcc-stl-wrapper.template.h) = 9d1f15ff487efa9202114d19ed5668b4e7aa032a
 SHA1 (patch-config_makefiles_rust.mk) = 788ab8fed45625bc5552c56a3ab05b5ed7d49a8f
@@ -41,6 +41,5 @@ SHA1 (patch-toolkit_modules_subprocess_s
 SHA1 (patch-toolkit_moz.configure) = 1306e7ac3c3939886aff38a58dd3162e6517409b
 SHA1 (patch-toolkit_mozapps_installer_packager.mk) = 706635b76a7b525794aba95e95544f09e18bb662
 SHA1 (patch-toolkit_xre_glxtest.cpp) = adcd5b05fcbd7b41c01a2aa66f3e8f05ed230444
-SHA1 (patch-widget_gtk_v4l2test_v4l2test.cpp) = a9ed8692a703d3b31bdbc8d0582a60540922a1dd
 SHA1 (patch-xpcom_base_nscore.h) = 1ac4d34d3c9e80bc1ac966c6c84cb320bc0fa1ec
 SHA1 (patch-xpcom_reflect_xptcall_md_unix_moz.build) = 81d43a046fcef6bf6717d52485686ba8e8738254

Index: pkgsrc/www/firefox/mozilla-common.mk
diff -u pkgsrc/www/firefox/mozilla-common.mk:1.265 pkgsrc/www/firefox/mozilla-common.mk:1.266
--- pkgsrc/www/firefox/mozilla-common.mk:1.265  Mon Oct 23 06:37:56 2023
+++ pkgsrc/www/firefox/mozilla-common.mk        Fri Nov  3 10:20:03 2023
@@ -1,4 +1,4 @@
-# $NetBSD: mozilla-common.mk,v 1.265 2023/10/23 06:37:56 wiz Exp $
+# $NetBSD: mozilla-common.mk,v 1.266 2023/11/03 10:20:03 ryoon Exp $
 #
 # common Makefile fragment for mozilla packages based on gecko 2.0.
 #
@@ -6,7 +6,7 @@
 
 .include "../../mk/bsd.prefs.mk"
 
-PYTHON_VERSIONS_INCOMPATIBLE=  27
+PYTHON_VERSIONS_INCOMPATIBLE=  27 312 # 120.0 will accept Python 3.12.
 PYTHON_FOR_BUILD_ONLY=         tool
 ALL_ENV+=                      PYTHON3=${PYTHONBIN}
 

Index: pkgsrc/www/firefox/patches/patch-browser_app_profile_firefox.js
diff -u pkgsrc/www/firefox/patches/patch-browser_app_profile_firefox.js:1.21 pkgsrc/www/firefox/patches/patch-browser_app_profile_firefox.js:1.22
--- pkgsrc/www/firefox/patches/patch-browser_app_profile_firefox.js:1.21        Mon Sep 18 06:12:47 2023
+++ pkgsrc/www/firefox/patches/patch-browser_app_profile_firefox.js     Fri Nov  3 10:20:03 2023
@@ -1,4 +1,4 @@
-$NetBSD: patch-browser_app_profile_firefox.js,v 1.21 2023/09/18 06:12:47 ryoon Exp $
+$NetBSD: patch-browser_app_profile_firefox.js,v 1.22 2023/11/03 10:20:03 ryoon Exp $
 
 This patch modifies default Firefox settings - see the comments above
 each one.
@@ -30,8 +30,8 @@ each one.
 +pref("midi.prompt.testing", true);
 +pref("media.navigator.permission.disabled", true);
 +
-+// Disable WebGL for NetBSD systems
-+pref("webgl.disabled", true);
++// Avoid runtime error from WebGL for NetBSD systems
++pref("webgl.out-of-process", false);
 +
 +// On NetBSD, many web applications (e.g. Telegram, Mastodon, Twitter)
 +// will freeze until the service worker is restarted in about:serviceworkers.