Log message:
firefox: fix whitespace pkglint

Log message:
firefox: add cbindgen upper bound

doesn't currently build with cbindgen 0.29.4, but binary packages
of that might exist

Log message:
gtk3: bump PKGREVISION for wayland option default change

Recursive bump to hopefully fix bulk build fallout due to the
unversioned change.

Log message:
firefox: recent releases require Rust >= 1.90

Log message:
firefox: 151.0.x requires nss>=3.123.1

Log message:
www/firefox: Update to 151.0.2

* Broken builds on NetBSD 9. I should revisit later.
* Fix WebRTC Webcam support under NetBSD.

Changelog:
151.0.2:
Fixed

 * Fixed an issue on macOS where smart cards and security keys could fail to \ 
load certificates automatically. (
 Bug 2041208)

 * Fixed an issue where adding another tab to an existing Split View could \ 
unexpectedly close it. (Bug 2039795)

 * Fixed an issue where Split View would close instead of switching tabs when \ 
using the "Switch to Tab" option
 from the address bar. (Bug 2039787)

 * Fixed a crash on Windows that occurred when using the Sogou input method to \ 
type Simplified Chinese. (Bug
 2039203)

 * Fixed an issue where Firefox stopped caching new content once the disk cache \ 
was full, causing pages and
 resources to be re-downloaded from the network on every visit. (Bug 2031577)

 * Fixed an issue where some websites could render incorrectly or fail to load \ 
when they used JavaScript to
 insert WebKit-specific style rules. (Bug 2040693)

 * Fixed an issue where clicking and selecting text in some input fields and \ 
text areas did not work on pages
 that styled them with certain CSS rules. (Bug 2039504)

 * Fixed an issue where the up and down buttons on number input fields could \ 
overlap and hide the value when
 sites sized the field to fit its contents. (Bug 2039315)

 * Fixed an issue where sorting strings that include numbers could produce an \ 
incorrect order on some websites
 and web applications. (Bug 2027078)

 * Fixed an issue where dropdown menus would not open for <select> \ 
elements created inside an iframe and then
 moved into the parent page. (Bug 2041720)

151.0.1:
Fixed

 * Fixed a crash experienced by users with Intel Raptor Lake CPUs. (Bug 1950764)

 * Fixed an issue on Windows where some websites using WebSerial to flash \ 
device firmware could fail
 unexpectedly. (Bug 2040754)

151.0:
New

 * Firefox Home (New Tab) has a fresh, new look and feel. The layout and design \ 
will enable upcoming features,
 from widgets to shortcuts improvements, launching between 151 and 152. \ 
Included are some new and exciting
 Wallpapers, such as the one below. Use the pencil icon in the lower right to \ 
check them out.

 * Private Browsing Mode now allows you to instantly clear all data from your \ 
current session without closing
 the entire window. When you select the End Private Session button (the fire \ 
icon) to the right of the URL
 bar, Firefox will ask you to confirm to clear your session. Once confirmed, \ 
it will wipe all of your private
 browsing data and open a fresh new Private Browsing Mode session for you.

 * Firefox now strengthens protection against fingerprinting in Standard \ 
Enhanced Tracking Protection, making
 it harder for websites to track you across sites by limiting the amount of \ 
information revealed about your
 device and browser. This reduces the number of users uniquely identifiable \ 
by common fingerprinting
 techniques by an average of ~14%, and by ~49% on macOS.

 * You can now merge multiple PDFs directly in Firefox PDF. Combine separate \ 
PDF files into a single document
 without ever leaving Firefox or relying on third-party tools.

 * The Translations page (about:translations) is now accessible through the \ 
More Tools section of the
 Application Menu.

 * Local Firefox profile backups are now available on Linux in addition to \ 
Windows, and you can restore them
 across platforms.

 * On macOS, URLs copied from iOS devices using Apple’s Universal Clipboard \ 
now paste correctly in Firefox.

 * On macOS, dropdown menus on web pages now use the native macOS menu style, \ 
matching the look and behavior of
 the rest of the system.

 * Address Autofill is enabled for users in the Netherlands.

 * Firefox’s built-in VPN now lets you choose your browsing location, giving \ 
you more control over how and
 where your traffic appears online. You can select from available countries \ 
or use Recommended to
 automatically choose the best connection for your network.

Fixed

 * Fixed incorrect screen resolution reporting to websites in multi-monitor setups.

 * Fixed an issue on macOS where maximized Firefox windows could reopen on the \ 
wrong monitor after relaunching
 in multi-monitor setups.

 * Improved color management for copied and pasted images on macOS.

 * Various security fixes.

Security fixes:
Mozilla Foundation Security Advisory 2026-46
#CVE-2026-8945: Sandbox escape in Firefox and Firefox Focus for Android
#CVE-2026-8946: Incorrect boundary conditions in the Audio/Video: Web Codecs \ 
component
#CVE-2026-8947: Use-after-free in the DOM: Bindings (WebIDL) component
#CVE-2026-8948: Same-origin policy bypass in the DOM: Networking component
#CVE-2026-8949: Integer overflow in the Widget: Win32 component
#CVE-2026-8950: Same-origin policy bypass in the Networking: HTTP component
#CVE-2026-8951: Spoofing issue in the Toolbar component in Firefox for Android
#CVE-2026-8952: Privilege escalation in the Application Update component
#CVE-2026-8953: Sandbox escape due to use-after-free in the Disability Access \ 
APIs component
#CVE-2026-8954: Incorrect boundary conditions, integer overflow in the \ 
Audio/Video component
#CVE-2026-8955: Privilege escalation in the DOM: Workers component
#CVE-2026-8956: Integer overflow in the Networking: JAR component
#CVE-2026-8957: Privilege escalation in the Enterprise Policies component
#CVE-2026-8958: Information disclosure, sandbox escape in the Security: Process \ 
Sandboxing component
#CVE-2026-8959: Sandbox escape due to incorrect boundary conditions in the \ 
Widget: Win32 component
#CVE-2026-8960: Spoofing issue in WebExtensions
#CVE-2026-8961: Spoofing issue in the Form Autofill component
#CVE-2026-8962: Mitigation bypass in the DOM: Security component
#CVE-2026-8963: Spoofing issue in the Web Speech component
#CVE-2026-8964: Spoofing issue in the Popup Blocker component
#CVE-2026-8965: Information disclosure in the DOM: Security component
#CVE-2026-8966: Information disclosure in the IP Protection component
#CVE-2026-8967: Information disclosure in the Graphics: WebGPU component
#CVE-2026-8968: Denial-of-service due to invalid pointer in the Audio/Video: Web \ 
Codecs component
#CVE-2026-8969: Mitigation bypass in the DOM: Security component
#CVE-2026-8970: Privilege escalation in the Security component
#CVE-2026-8971: Same-origin policy bypass in the Networking: JAR component
#CVE-2026-8972: Privilege escalation in the WebRTC: Audio/Video component
#CVE-2026-8973: Memory safety bugs fixed in Firefox 151
#CVE-2026-8974: Memory safety bugs fixed in Firefox ESR 140.11 and Firefox 151
#CVE-2026-8975: Memory safety bugs fixed in Firefox ESR 115.36, Firefox ESR \ 
140.11 and Firefox 151

Log message:
firefox: 150.0.x requires nss>=3.122.2

Log message:
www/firefox: Update to 150.0.3

* Builds on NetBSD 9 is broken. It is C++ issue in Rust style module.
 It seems that Rust build module does not select newer GCC from
 pkgsrc. I will revisit this later.
* Webcam input is broken under NetBSD-current. It will be fixed in 151.

Changelog:
150.0.3:
Fixed

 * Fixed an issue where characters entered into password fields could appear
 unmasked in print preview and printed pages. (Bug 2037803)

 * Various security fixes.

Security fixes:
Mozilla Foundation Security Advisory 2026-45
#CVE-2026-8388: Incorrect boundary conditions in the JavaScript Engine: JIT
 component
#CVE-2026-8389: JIT miscompilation in the JavaScript Engine: JIT component
#CVE-2026-8390: Use-after-free in the JavaScript: WebAssembly component
#CVE-2026-8391: Other issue in the JavaScript Engine component
#CVE-2026-8401: Sandbox escape in the Profile Backup component

150.0.2:
Fixed

 * Fixed an issue where websites on internal or corporate networks that
 require a login prompt would show a blank page. (Bug 2034752)

 * Fixed an issue that prevented highlighting from working on scanned images
 in the built-in PDF viewer. (Bug 2034980)

 * Fixed an issue where the "New" badge persisted on Split View menu \ 
items. (
 Bug 2027793)

 * Fixed an issue that prevented some webcams from working correctly in video
 calls. (Bug 2034722)

 * Fixed an issue where a tab would crash when dragging and dropping nested
 folders onto a webpage. (Bug 2030461)

 * Improved how Firefox displays websites with advanced 3D effects, fixing
 cases where parts of the page could disappear or appear incorrectly. (Bug
 2034283)

 * Fixed an issue that could prevent Firefox??s local backup feature from
 completing successfully. (Bug 2029240)

 * Fixed an issue where the status and navigation bars would flicker or show
 mismatched colors when editing a page??s address. (Bug 2021596)

 * Improved the appearance of search suggestions in the address bar by
 preventing icons from appearing stretched or distorted. (Bug 2035353)

 * Various security fixes.

Security fixes:
Mozilla Foundation Security Advisory 2026-40
#CVE-2026-8090: Use-after-free in the DOM: Networking component
#CVE-2026-8092: Memory safety bugs fixed in Firefox ESR 115.35.2, Firefox ESR
 140.10.2 and Firefox 150.0.2
#CVE-2026-8093: Memory safety bugs fixed in Firefox 150.0.2

150.0.1:
Fixed

 * Fixed an issue where Facebook and other websites might not load properly
 for users with Bitdefender security software installed. (Bug 2034178)

 * Fixed an issue where denying a geolocation permission prompt could cause
 Firefox to show the system permission dialog again on a second attempt. (
 Bug 2034120)

 * Fixed an issue that prevented tabs from being added to some older saved tab
 groups. (Bug 2031961)

 * Fixed a layout issue where some drop-down menus expanded to display all
 list items at once. (Bug 2033117)

 * Fixed an issue where borders and outlines on some page elements disappeared
 when pinch zooming or smart zooming on macOS and Windows. (Bug 2030043)

 * Various security fixes.

Security fixes:
Mozilla Foundation Security Advisory 2026-35
#CVE-2026-7320: Information disclosure due to incorrect boundary conditions in
 the Audio/Video component
#CVE-2026-7322: Memory safety bugs fixed in Firefox ESR 115.35.1, Firefox ESR
 140.10.1 and Firefox 150.0.1
#CVE-2026-7323: Memory safety bugs fixed in Firefox ESR 140.10.1 and Firefox
 150.0.1
#CVE-2026-7324: Memory safety bugs fixed in Firefox 150.0.1

150.0:
New

 * Split View just got better: You can now right-click any link and choose
 Open Link in Split View to open it alongside your current tab. You can also
 search open tabs when creating a split view and quickly reverse tab
 positions using the new Reverse Tabs option in the tab context menu.

 * Share multiple tabs in a single step. Select several tabs, right-click, and
 choose Copy X Links (for Windows and Linux) or choose Share ?? Copy X Links
 (for MacOS). When pasted into other apps that support rich text, links
 include both the page title and the URL for easy reading.

 * You can now use Firefox??s built-in PDF editor to reorder, copy, paste,
 delete, and export pages in a PDF.

 * Try out real-time, private translations in Firefox Desktop with the
 about:translations page. Start typing the word "translate" into \ 
the URL bar
 for a quick-action shortcut to the page.

 * Added support for the GTK emoji picker on Linux, allowing users to insert
 emoji using the system shortcut (typically Ctrl+.).

 * Firefox web apps are now available to Windows users who installed Firefox
 through the Microsoft Store.

 * The new Firefox Profile management system is now available to all users,
 including users on Windows 10.

 * Backing up a profile to a file is now available to all Windows 10 and 11
 users, including those who use the new profile management system.

 * Firefox now ships with a new .rpm package for Linux users on Red Hat,
 Fedora, openSUSE, and other RPM-based distributions.

 * Firefox now prompts you to enable location access in Windows settings when
 granting a website permission to use your location, if geolocation hasn't
 already been allowed. This behavior, previously limited to some Windows 11
 versions, now applies to all supported Windows versions.

 * The built-in VPN is now available for users in Canada. Note: This feature
 is not available in enterprise environments.

Fixed

 * Fixed an issue on macOS where, when macOS Lockdown mode is enabled, emoji
 characters are not displayed in web content.

 * Various security fixes.

Security fixes:
Mozilla Foundation Security Advisory 2026-30
#CVE-2026-6746: Use-after-free in the DOM: Core & HTML component
#CVE-2026-6747: Use-after-free in the WebRTC component
#CVE-2026-6748: Uninitialized memory in the Audio/Video: Web Codecs component
#CVE-2026-6749: Information disclosure due to uninitialized memory in the
 Graphics: Canvas2D component
#CVE-2026-6750: Privilege escalation in the Graphics: WebRender component
#CVE-2026-6751: Uninitialized memory in the Audio/Video: Web Codecs component
#CVE-2026-6752: Incorrect boundary conditions in the WebRTC component
#CVE-2026-6753: Incorrect boundary conditions in the WebRTC component
#CVE-2026-6754: Use-after-free in the JavaScript Engine component
#CVE-2026-6755: Mitigation bypass in the DOM: postMessage component
#CVE-2026-6756: Mitigation bypass in Firefox for Android
#CVE-2026-6757: Invalid pointer in the JavaScript: WebAssembly component
#CVE-2026-6758: Use-after-free in the JavaScript: WebAssembly component
#CVE-2026-6759: Use-after-free in the Widget: Cocoa component
#CVE-2026-6760: Mitigation bypass in the Networking: Cookies component
#CVE-2026-6761: Privilege escalation in the Networking component
#CVE-2026-6762: Spoofing issue in the DOM: Core & HTML component
#CVE-2026-6763: Mitigation bypass in the File Handling component
#CVE-2026-6764: Incorrect boundary conditions in the DOM: Device Interfaces
 component
#CVE-2026-6765: Information disclosure in the Form Autofill component
#CVE-2026-6766: Incorrect boundary conditions in the Libraries component in NSS
#CVE-2026-6767: Other issue in the Libraries component in NSS
#CVE-2026-6768: Mitigation bypass in the Networking: Cookies component
#CVE-2026-6769: Privilege escalation in the Debugger component
#CVE-2026-6770: Other issue in the Storage: IndexedDB component
#CVE-2026-6771: Mitigation bypass in the DOM: Security component
#CVE-2026-6772: Incorrect boundary conditions in the Libraries component in NSS
#CVE-2026-6773: Denial-of-service due to integer overflow in the Graphics:
 WebGPU component
#CVE-2026-6774: Mitigation bypass in the DOM: Security component
#CVE-2026-6775: Incorrect boundary conditions in the WebRTC component
#CVE-2026-6776: Incorrect boundary conditions in the WebRTC: Networking
 component
#CVE-2026-6777: Other issue in the Networking: DNS component
#CVE-2026-6778: Invalid pointer in the Audio/Video: Playback component
#CVE-2026-6779: Other issue in the JavaScript Engine component
#CVE-2026-6780: Denial-of-service in the Audio/Video: Playback component
#CVE-2026-6781: Denial-of-service in the Audio/Video: Playback component
#CVE-2026-6782: Information disclosure in the IP Protection component
#CVE-2026-6783: Incorrect boundary conditions, integer overflow in the Audio/
 Video: Playback component
#CVE-2026-7321: Sandbox escape due to incorrect boundary conditions in the
 WebRTC: Networking component
#CVE-2026-8091: Incorrect boundary conditions in the Audio/Video: Playback
 component
#CVE-2026-6784: Memory safety bugs fixed in Firefox 150 and Thunderbird 150
#CVE-2026-6785: Memory safety bugs fixed in Firefox ESR 115.35, Firefox ESR
 140.10, Thunderbird ESR 140.10, Firefox 150 and Thunderbird 150
#CVE-2026-6786: Memory safety bugs fixed in Firefox ESR 140.10, Thunderbird ESR
 140.10, Firefox 150 and Thunderbird 150