firefox-91.1.0esr and 78.14.0esr, JS-78.14.0

[ken@…]

Now released.

The js/src part of 78.14.0 is identical to 78.13.0.

For 91.1.0 the glibc-2.34 patch is included upstream, and following Doug's comments re using system libvpx we can reinstate that for both (it was removed in early 2019 for FTBFS when we moved to 1.7.0 and firefox-60.3.0 was still on 1.6.1 - they are currently on 1.8.2 and we are on 1.10.0 but it builds ok).

Release notes due some time tomorrow, I assume their will probably be security fixes.

[ken@…]

Release notes now available, again the current esr notes are not linked from the main page ​https://www.mozilla.org/en-US/firefox/releases/ but are at ​https://www.mozilla.org/en-US/firefox/91.1.0/releasenotes/.

91.1.0 - unspecified stability and functionality fixes, security fixes detailed at ​https://www.mozilla.org/en-US/security/advisories/mfsa2021-40/ - one moderate windows-only bug, the usual 'memory safety bugs fixed' CVE-2021-38495 - but the advisory for 92.0 ​https://www.mozilla.org/en-US/security/advisories/mfsa2021-38/ says the memory safety bugs fixed in 92.0, 91.1.0, 78.14 is CVE-2021-38493 and FWIW 92.0 had another similar CVE. Advisory for 78.14.0 ​https://www.mozilla.org/en-US/security/advisories/mfsa2021-39/ also says it is CVE-2021-38493.

[ken@…]

In reordering the recommended deps, I've moved nss from required to recommended.

[ken@…]

Updated @ 569d33641ead1766f19567d808361e4a0945d625 11.0-15

I know Doug has an advisory pending, I'll do this after he's finished.

[ken@…]

Advisory 11.0-002 created.