head	1.2;
access;
symbols;
locks; strict;
comment	@// @;


1.2
date	2022.12.11.13.49.09;	author ryoon;	state dead;
branches;
next	1.1;
commitid	6KfYZJgA5FaI195E;

1.1
date	2022.10.08.21.18.55;	author ryoon;	state Exp;
branches;
next	;
commitid	RHb00lnqGgHxzXWD;


desc
@@


1.2
log
@firefox: Update to 107.0.1

107.0.1:
Fixed

  * Fixed an issue with accessing some sites reliably in Private Browsing mode
    or Strict ETP due to anti-adblockers (bug 1717806).

  * Fixed an issue where Color Management was not available for some users (bug
    1799391).

  * Fixed an issue with text overlapping in the Settings Menu for some locales
    (bug 1800379).

  * Fixed an incompatibility with the new Windows 11 22H2 Suggested Actions
    feature resulting in hangs when copying phone number links (bug 1798098).

  * Fixed an issue where the DevTools UI is not accessible when an alert dialog
    is displayed (bug 1801840).

107.0:
New

  * Improved the performance of the instance when Microsoft's IME and Defender
    retrieve the URL of a focused document in Windows 11 version 22H2.

  * Power profiling -- visualizing performance data recorded from web browsers
    -- is now also supported on Linux and Mac with Intel CPUs, in addition to
    Windows 11 and Apple Silicon.

Fixed

  * Various security fixes.

Security fixes:
#CVE-2022-45403: Service Workers might have learned size of cross-origin media
 files
#CVE-2022-45404: Fullscreen notification bypass
#CVE-2022-45405: Use-after-free in InputStream implementation
#CVE-2022-45406: Use-after-free of a JavaScript Realm
#CVE-2022-45407: Loading fonts on workers was not thread-safe
#CVE-2022-45408: Fullscreen notification bypass via windowName
#CVE-2022-45409: Use-after-free in Garbage Collection
#CVE-2022-45410: ServiceWorker-intercepted requests bypassed SameSite cookie
 policy
#CVE-2022-45411: Cross-Site Tracing was possible via non-standard override
 headers
#CVE-2022-45412: Symlinks may resolve to partially uninitialized buffers
#CVE-2022-45413: SameSite=Strict cookies could have been sent cross-site via
 intent URLs
#CVE-2022-40674: Use-after-free vulnerability in expat
#CVE-2022-45415: Downloaded file may have been saved with malicious extension
#CVE-2022-45416: Keystroke Side-Channel Leakage
#CVE-2022-45417: Service Workers in Private Browsing Mode may have been written
 to disk
#CVE-2022-45418: Custom mouse cursor could have been drawn over browser UI
#CVE-2022-45419: Deleting a security exception did not take effect immediately
#CVE-2022-45420: Iframe contents could be rendered outside the iframe
#CVE-2022-45421: Memory safety bugs fixed in Firefox 107 and Firefox ESR 102.5

106.0.5:
Fixed

  * Addresses a crash experienced by users with Intel Gemini Lake CPUs.

106.0.4:
Fixed

  * Fixed an issue with DRM Video playback (bug 1797292).

  * Fixed broken layout of datetime input when switching types (bug 1797139).

  * Fixes Firefox hanging when there is a Direct3D device reset (bug 1792115).

106.0.3:
Fixed

  * Fix a startup crash for some users on Windows (bug 1797464).

  * Fixed an incompatibility with the new Windows 11 22H2 Suggested Actions
    feature resulting in hangs when copying text on a web page (bug 1774285).

106.0.2:
Fixed

  * Fix missing content on some PDF forms (bug 1794351).

  * Fix column width for the Notification sub-panel in Settings (bug 1793558).

  * Fix a browser freeze with accessibility enabled on some sites such as the
    Proxmox Web UI (bug 1793748).

  * Fix page reloading not working with Firefox View and not refreshing synced
    data (bug 1792680 and bug 1794474).

  * Fix browser not opening if installed from the Windows Store (Bug 1796391).

106.0.1:
Fixed

  * Addresses a crash experienced by users with AMD Zen 1 CPUs. (bug 1796126)

106.0:
New

  * It is now possible to edit PDFs: including writing text, drawing, and
    adding signatures.

  * Setting Firefox as your default browser now also makes it the default PDF
    application on Windows systems.

  * You can now pin private windows to your Windows taskbar on Window 10 and
    Windows 11 for simpler access. Also, private windows have been redesigned
    to increase the feeling of privacy.

  * Swipe-to-navigate (two fingers on a touchpad swiped left or right to
    perform history back or forward) now works for Linux users on Wayland.

  * Text Recognition in images allows users on macOS 10.15 and higher to
    extract text from the selected image (such as a meme or screenshot).

    Extracted text is copied to the clipboard in order to share, store, or
    search -- without needing to manually retype everything.

      + This feature is compatible with "VoiceOver," the built-in macOS
        screen reader.
      + For more information, check out our SUMO article.

  * "Firefox View" helps you get back to content you previously discovered. A
    pinned tab allows you to find and open recently closed tabs on your current
    device, access tabs from other devices (via our "Tab Pickup" feature),
    and change the look of the browser (with Colorways).

      + For more information, read our SUMO article.

  * With the launch of the "Independent Voices" collection, Firefox is
    introducing 18 new "Colorways." You can now access a "Colorways" modal
    experience via "Firefox View"; each new color is accompanied with a
    bespoke graphic and a text description that speaks to its deeper meaning.
    The collection will be available through Jan 16.

      + For more information, check out our SUMO article.

Fixed

  * Various security fixes.

Security fixes:
#CVE-2022-42927: Same-origin policy violation could have leaked cross-origin
 URLs
#CVE-2022-42928: Memory Corruption in JS Engine
#CVE-2022-42929: Denial of Service via window.print
#CVE-2022-42930: Race condition in DOM Workers
#CVE-2022-42931: Username saved to a plaintext file on disk
#CVE-2022-42932: Memory safety bugs fixed in Firefox 106 and Firefox ESR 102.4
@
text
@$NetBSD: patch-mozglue_misc_SIMD__avx2.cpp,v 1.1 2022/10/08 21:18:55 ryoon Exp $

Fix build under NetBSD/i386 9 with GCC.
From: https://bugzilla.mozilla.org/show_bug.cgi?id=1792158

--- mozglue/misc/SIMD_avx2.cpp.orig	2022-10-07 15:25:41.000000000 +0000
+++ mozglue/misc/SIMD_avx2.cpp
@@@@ -8,7 +8,10 @@@@
 #include "mozilla/SSE.h"
 #include "mozilla/Assertions.h"
 
-#ifdef MOZILLA_MAY_SUPPORT_AVX2
+// Restricting to x86_64 simplifies things, and we're not particularly
+// worried about slightly degraded performance on 32 bit processors which
+// support AVX2, as this should be quite a minority.
+#if defined(MOZILLA_MAY_SUPPORT_AVX2) && defined(__x86_64__)
 
 #  include <cstring>
 #  include <immintrin.h>
@


1.1
log
@firefox: Update to 105.0.3

* Add --enable-new-pass-manager.
* Disable sysutils/dbus dependency for non-Linux platforms by default.

Changelog:
105.0.3:
Fixed
  * Mitigated frequent crashes for Windows users with Avast or AVG Antivirus
    software installed (bug 1794064)

105.0.2:
Fixed
  * Fixed poor contrast on various menu items with certain themes on Linux
    systems (bug 1792063)

  * Fixed the scrollbar appearing on the wrong side of select elements in
    right-to-left locales (bug 1791219)

  * Fixed a possible deadlock when loading some sites in Troubleshoot Mode (bug
    1786259)

  * Fixed a bug causing some dynamic appearance changes to not appear when
    expected (bug 1786521)

  * Fixed a bug causing theme styling to not be properly applied to sidebars
    for some add-ons in Private Browsing Mode (bug 1787543)

105.0.1:
Fixed
  * Reverted focus behavior for new windows back to the content area
    instead of the address bar (bug 1784692)

105.0:
New
  * Added an option to print only the current page from the print preview
    dialog.

  * Firefox now supports partitioned service workers in third-party contexts.
    You can register service workers in a third-party iframe and it will be
    partitioned under the top-level domain.

  * Swipe to navigate (two fingers on a touchpad swiped left or right to
    perform history back or forward) on Windows is now enabled.

  * Firefox is now compliant with the User Timing L3 specification, which adds
    additional optional arguments to the performance.mark and
    performance.measure methods to provide custom start times, end times,
    duration, and attached details.

  * Searching in large lists for individual items is now 2x faster. This
    performance enhancement replaces array.includes and array.indexOf with an
    optimized SIMD version.

Fixed
  * Stability on Windows is significantly improved as Firefox handles
    low-memory situations much better.

  * Touchpad scrolling on macOS was made more accessible by reducing unintended
    diagonal scrolling opposite of the intended scroll axis.

  * Firefox is less likely to run out of memory on Linux and performs more
    efficiently for the rest of the system when memory runs low.

  * Various security fixes.

Web Platform
  * Support for the Offscreen Canvas DOM API with full context and font
    support. The OffscreenCanvas API provides a canvas that can be rendered
    off-screen in both Window and Web Worker contexts.

Security fixes:
#CVE-2022-40959: Bypassing FeaturePolicy restrictions on transient pages
#CVE-2022-40960: Data-race when parsing non-UTF-8 URLs in threads
#CVE-2022-40958: Bypassing Secure Context restriction for cookies with __Host
 and __Secure prefix
#CVE-2022-40961: Stack-buffer overflow when initializing Graphics
#CVE-2022-40956: Content-Security-Policy base-uri bypass
#CVE-2022-40957: Incoherent instruction cache when building WASM on ARM64
#CVE-2022-40962: Memory safety bugs fixed in Firefox 105 and Firefox ESR 102.3
@
text
@d1 1
a1 1
$NetBSD$
@