Received: by mail.netbsd.org (Postfix, from userid 605)
	id 0BC1384F08; Mon, 16 May 2022 21:15:31 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
	by mail.netbsd.org (Postfix) with ESMTP id 4477F84EC9
	for <pkgsrc-changes@NetBSD.org>; Mon, 16 May 2022 21:15:30 +0000 (UTC)
X-Virus-Scanned: amavisd-new at netbsd.org
Received: from mail.netbsd.org ([127.0.0.1])
	by localhost (mail.netbsd.org [127.0.0.1]) (amavisd-new, port 10025)
	with ESMTP id IAHF9D4s0fsr for <pkgsrc-changes@netbsd.org>;
	Mon, 16 May 2022 21:15:29 +0000 (UTC)
Received: from cvs.NetBSD.org (ivanova.NetBSD.org [IPv6:2001:470:a085:999:28c:faff:fe03:5984])
	by mail.netbsd.org (Postfix) with ESMTP id 64E1184EC0
	for <pkgsrc-changes@NetBSD.org>; Mon, 16 May 2022 21:15:29 +0000 (UTC)
Received: by cvs.NetBSD.org (Postfix, from userid 500)
	id 19B8AFAEB; Mon, 16 May 2022 21:16:00 +0000 (UTC)
Content-Transfer-Encoding: 7bit
Content-Type: multipart/mixed; boundary="_----------=_1652735760192510"
MIME-Version: 1.0
Date: Mon, 16 May 2022 21:16:00 +0000
From: "Nia Alarie" <nia@netbsd.org>
Subject: CVS commit: pkgsrc/www/firefox91
To: pkgsrc-changes@NetBSD.org
Reply-To: nia@netbsd.org
X-Mailer: log_accum
Message-Id: <20220516211600.19B8AFAEB@cvs.NetBSD.org>
Sender: pkgsrc-changes-owner@NetBSD.org
List-Id: <pkgsrc-changes.NetBSD.org>
Precedence: bulk
List-Unsubscribe: <mailto:majordomo@NetBSD.org?subject=Unsubscribe%20pkgsrc-changes&body=unsubscribe%20pkgsrc-changes>

This is a multi-part message in MIME format.

--_----------=_1652735760192510
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
Content-Type: text/plain; charset="US-ASCII"

Module Name:	pkgsrc
Committed By:	nia
Date:		Mon May 16 21:16:00 UTC 2022

Modified Files:
	pkgsrc/www/firefox91: Makefile distinfo
	pkgsrc/www/firefox91/patches: patch-browser_app_profile_firefox.js

Log Message:
firefox91: update to 91.9.0

Security Vulnerabilities fixed in Firefox ESR 91.9

    #CVE-2022-29914: Fullscreen notification bypass using popups

    #CVE-2022-29909: Bypassing permission prompt in nested browsing contexts

    #CVE-2022-29916: Leaking browser history with CSS variables

    #CVE-2022-29911: iframe Sandbox bypass

    #CVE-2022-29912: Reader mode bypassed SameSite cookies

    #CVE-2022-29917: Memory safety bugs fixed in Firefox 100 and Firefox ESR
    91.9


To generate a diff of this commit:
cvs rdiff -u -r1.17 -r1.18 pkgsrc/www/firefox91/Makefile
cvs rdiff -u -r1.12 -r1.13 pkgsrc/www/firefox91/distinfo
cvs rdiff -u -r1.1 -r1.2 \
    pkgsrc/www/firefox91/patches/patch-browser_app_profile_firefox.js

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


--_----------=_1652735760192510
Content-Disposition: inline
Content-Length: 4449
Content-Transfer-Encoding: binary
Content-Type: text/x-diff; charset=us-ascii

Modified files:

Index: pkgsrc/www/firefox91/Makefile
diff -u pkgsrc/www/firefox91/Makefile:1.17 pkgsrc/www/firefox91/Makefile:1.18
--- pkgsrc/www/firefox91/Makefile:1.17	Mon Apr 18 19:12:17 2022
+++ pkgsrc/www/firefox91/Makefile	Mon May 16 21:15:59 2022
@@ -1,12 +1,11 @@
-# $NetBSD: Makefile,v 1.17 2022/04/18 19:12:17 adam Exp $
+# $NetBSD: Makefile,v 1.18 2022/05/16 21:15:59 nia Exp $
 
 FIREFOX_VER=		${MOZ_BRANCH}${MOZ_BRANCH_MINOR}
-MOZ_BRANCH=		91.8
+MOZ_BRANCH=		91.9
 MOZ_BRANCH_MINOR=	.0esr
 
 DISTNAME=	firefox-${FIREFOX_VER}.source
 PKGNAME=	${DISTNAME:S/.source//:S/b/beta/:S/esr//:S/firefox-/firefox91-/}
-PKGREVISION=	1
 CATEGORIES=	www
 MASTER_SITES+=	${MASTER_SITE_MOZILLA:=firefox/releases/${FIREFOX_VER}/source/}
 EXTRACT_SUFX=	.tar.xz

Index: pkgsrc/www/firefox91/distinfo
diff -u pkgsrc/www/firefox91/distinfo:1.12 pkgsrc/www/firefox91/distinfo:1.13
--- pkgsrc/www/firefox91/distinfo:1.12	Sun Apr 10 13:43:43 2022
+++ pkgsrc/www/firefox91/distinfo	Mon May 16 21:15:59 2022
@@ -1,13 +1,13 @@
-$NetBSD: distinfo,v 1.12 2022/04/10 13:43:43 nia Exp $
+$NetBSD: distinfo,v 1.13 2022/05/16 21:15:59 nia Exp $
 
-BLAKE2s (firefox-91.8.0esr.source.tar.xz) = 7d5e0d909d4a7e71e011dfe2c08802bb12aeb5fc5a807a57a30b9430e87c8de6
-SHA512 (firefox-91.8.0esr.source.tar.xz) = edea2c7d4d3d0322091b20b623019ef041090d9f89f33c8e3140f66a54624261f278257393db70d2038154de8ee02da0bee6ecf85c281f3558338da71fc173c3
-Size (firefox-91.8.0esr.source.tar.xz) = 380325092 bytes
+BLAKE2s (firefox-91.9.0esr.source.tar.xz) = 36fec9568a45386572e6383d942a091718db5bca2aad13a1bc4448beb45995f1
+SHA512 (firefox-91.9.0esr.source.tar.xz) = fd69d489429052013d2c1b8b766a47920ecee62f0688505758f593b27ae66d6343b9107163749406251aedebdf836147e4d562415a811b04d7ab2ae31e32f133
+Size (firefox-91.9.0esr.source.tar.xz) = 384516460 bytes
 BLAKE2s (nodejs-output-91.0.tgz) = 5007b8d20d6264a4cd573b465643cff83c2adc75ad7dd9fba97ff5fcae787c9f
 SHA512 (nodejs-output-91.0.tgz) = 3a457101a4aaa5ae955b77c41ba6b0d98eb5dd0ae9d6d8cc77c0c7bc0e844238a9c0d86cd1838ffb6a37ad8851f871c21e4ca1bb59d11e58fc42c5fec88c298c
 Size (nodejs-output-91.0.tgz) = 201061 bytes
 SHA1 (patch-aa) = 15b8567cee2af9853f6949c80345ffcb1fd3852a
-SHA1 (patch-browser_app_profile_firefox.js) = 89cea0a66457c96ad0b94aaa524aa5942ad781d0
+SHA1 (patch-browser_app_profile_firefox.js) = 7f6b4361fe62ccc2d1c092a5ace97ea2085727bf
 SHA1 (patch-build_moz.configure_rust.configure) = 25ddfacd29cebbc6db005dbe61a2a7446d480678
 SHA1 (patch-config_gcc-stl-wrapper.template.h) = 9d88c7b1ccfdd3c6bd2dcd9530a36ad4a501d97a
 SHA1 (patch-config_makefiles_rust.mk) = 72d7e9ecee3ccf7ef5f741aac8e35509b41ab7b8

Index: pkgsrc/www/firefox91/patches/patch-browser_app_profile_firefox.js
diff -u pkgsrc/www/firefox91/patches/patch-browser_app_profile_firefox.js:1.1 pkgsrc/www/firefox91/patches/patch-browser_app_profile_firefox.js:1.2
--- pkgsrc/www/firefox91/patches/patch-browser_app_profile_firefox.js:1.1	Wed Sep  8 22:19:50 2021
+++ pkgsrc/www/firefox91/patches/patch-browser_app_profile_firefox.js	Mon May 16 21:15:59 2022
@@ -1,8 +1,11 @@
-$NetBSD: patch-browser_app_profile_firefox.js,v 1.1 2021/09/08 22:19:50 nia Exp $
+$NetBSD: patch-browser_app_profile_firefox.js,v 1.2 2022/05/16 21:15:59 nia Exp $
 
---- browser/app/profile/firefox.js.orig	2019-07-06 01:48:29.000000000 +0000
+This patch modifies default Firefox settings - see the comments above
+each one.
+
+--- browser/app/profile/firefox.js.orig	2022-04-28 23:01:46.000000000 +0000
 +++ browser/app/profile/firefox.js
-@@ -1851,6 +1851,12 @@ pref("fission.frontend.simulate-messages
+@@ -2205,6 +2205,20 @@ pref("fission.frontend.simulate-messages
  pref("toolkit.coverage.enabled", false);
  pref("toolkit.coverage.endpoint.base", "https://coverage.mozilla.org");
  
@@ -12,6 +15,14 @@ $NetBSD: patch-browser_app_profile_firef
 +// Enable system addons, for example langpacks from www/firefox-l10n
 +pref("extensions.autoDisableScopes", 11);
 +
++// Firefox includes a complex mechanism for "blacklisting" GPUs that
++// appears to fail on a NetBSD system where the only available OpenGL
++// implementations are all from Mesa.  WebRender was supposed to be
++// enabled by default from Firefox 91 onwards and appears to greatly
++// improve performance even with acceleration disabled at the kernel
++// level.
++pref("gfx.webrender.all", true);
++
  // Discovery prefs
  pref("browser.discovery.enabled", true);
  pref("browser.discovery.containers.enabled", true);


--_----------=_1652735760192510--