head 1.1; access; symbols pkgsrc-2026Q1:1.1.0.6 pkgsrc-2026Q1-base:1.1 pkgsrc-2025Q4:1.1.0.4 pkgsrc-2025Q4-base:1.1 pkgsrc-2025Q3:1.1.0.2 pkgsrc-2025Q3-base:1.1; locks; strict; comment @// @; 1.1 date 2025.07.26.14.12.54; author ryoon; state Exp; branches; next ; commitid qgtBeh6ODgcFmg4G; desc @@ 1.1 log @www/firefox: Update to 141.0 * Try to fix some runtime errors related to ctype(3) under NetBSD-current. Changelog: 141.0: New * Now Firefox can help you keep your tabs organized, automatically. A local AI model identifies similar tabs, automatically organizes them into groups, and even suggests group names. Everything happens on your device to respect your privacy. Learn more here. * Vertical tabs users can now adjust the size of the tools areas at the bottom of the sidebar. To see fewer tools and more tabs, drag down the divider line which pushes extra tools into an overflow menu. * On Linux, Firefox uses less memory and no longer requires a forced restart after an update has been applied by a package manager. * Address autofill has been enabled for users in Brazil, Spain and Japan. * The Firefox address bar can now be used as a unit converter. The unit converter supports converting units of length, temperature, mass, force, and angular measurement, as well as timezones (e.g. ??now in GMT?? , ??10am EDT to CET??). Selecting the result will copy it to your clipboard. Learn more here. * Firefox builds in Valencian now come with a built-in Catalan (Valencian variant) dictionary for the Firefox spellchecker. * The following languages are now available for translation: + Albanian + Gujarati + Hebrew + Hindi + Kannada + Malay + Malayalam + Persian + Telugu Fixed * Various security fixes. Security fixes: Mozilla Foundation Security Advisory 2025-56 #CVE-2025-8027: JavaScript engine only wrote partial return value to stack #CVE-2025-8028: Large branch table could lead to truncated instruction #CVE-2025-8041: Incorrect URL truncation in Firefox for Android #CVE-2025-8042: Sandboxed iframe could start downloads #CVE-2025-8029: javascript: URLs executed on object and embed tags #CVE-2025-8036: DNS rebinding circumvents CORS #CVE-2025-8037: Nameless cookies shadow secure cookies #CVE-2025-8030: Potential user-assisted code execution in ??Copy as cURL?? command #CVE-2025-8043: Incorrect URL truncation #CVE-2025-8031: Incorrect URL stripping in CSP reports #CVE-2025-8032: XSLT documents could bypass CSP #CVE-2025-8038: CSP frame-src was not correctly enforced for paths #CVE-2025-8039: Search terms persisted in URL bar #CVE-2025-8033: Incorrect JavaScript state machine for generators #CVE-2025-8044: Memory safety bugs fixed in Firefox 141 and Thunderbird 141 #CVE-2025-8034: Memory safety bugs fixed in Firefox ESR 115.26, Firefox ESR 128.13, Thunderbird ESR 128.13, Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141 #CVE-2025-8040: Memory safety bugs fixed in Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141 #CVE-2025-8035: Memory safety bugs fixed in Firefox ESR 128.13, Thunderbird ESR 128.13, Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141 @ text @$NetBSD$ --- gfx/skia/skia/src/sksl/codegen/SkSLSPIRVCodeGenerator.cpp.orig 2025-07-26 13:25:51.000473818 +0000 +++ gfx/skia/skia/src/sksl/codegen/SkSLSPIRVCodeGenerator.cpp @@@@ -4405,7 +4405,7 @@@@ void SPIRVCodeGenerator::writeFunctionSt f, fSpecializationInfo, fActiveSpecializationIndex, [&](int, const Variable*, const Expression* expr) { std::string name = expr->description(); - std::replace_if(name.begin(), name.end(), [](char c) { return !isalnum(c); }, '_'); + std::replace_if(name.begin(), name.end(), [](char c) { return !isalnum(i(unsigned char)c); }, '_'); mangledName += "_" + name; }); @