Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package MozillaFirefox for openSUSE:Factory checked in at 2026-01-14 16:20:44 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/MozillaFirefox (Old) and /work/SRC/openSUSE:Factory/.MozillaFirefox.new.1928 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "MozillaFirefox" Wed Jan 14 16:20:44 2026 rev:474 rq:1327189 version:147.0 Changes: -------- --- /work/SRC/openSUSE:Factory/MozillaFirefox/MozillaFirefox.changes 2025-12-20 21:45:12.468009568 +0100 +++ /work/SRC/openSUSE:Factory/.MozillaFirefox.new.1928/MozillaFirefox.changes 2026-01-14 16:20:48.711282952 +0100 @@ -1,0 +2,49 @@ +Sun Jan 11 08:55:43 UTC 2026 - Wolfgang Rosenauer <[email protected]> + +- Mozilla Firefox 147.0 + https://www.firefox.com/en-US/firefox/147.0/releasenotes + MFSA 2026-01 (bsc#1256340) + * CVE-2026-0877 (bmo#1999257) + Mitigation bypass in the DOM: Security component + * CVE-2026-0878 (bmo#2003989) + Sandbox escape due to incorrect boundary conditions in the + Graphics: CanvasWebGL component + * CVE-2026-0879 (bmo#2004602) + Sandbox escape due to incorrect boundary conditions in the + Graphics component + * CVE-2026-0880 (bmo#2005014) + Sandbox escape due to integer overflow in the Graphics + component + * CVE-2026-0881 (bmo#2005845) + Sandbox escape in the Messaging System component + * CVE-2026-0882 (bmo#1924125) + Use-after-free in the IPC component + * CVE-2026-0883 (bmo#1989340) + Information disclosure in the Networking component + * CVE-2026-0884 (bmo#2003588) + Use-after-free in the JavaScript Engine component + * CVE-2026-0885 (bmo#2003607) + Use-after-free in the JavaScript: GC component + * CVE-2026-0886 (bmo#2005658) + Incorrect boundary conditions in the Graphics component + * CVE-2026-0887 (bmo#2006500) + Clickjacking issue, information disclosure in the PDF Viewer + component + * CVE-2026-0888 (bmo#1985996) + Information disclosure in the XML component + * CVE-2026-0889 (bmo#1999084) + Denial-of-service in the DOM: Service Workers component + * CVE-2026-0890 (bmo#2005081) + Spoofing issue in the DOM: Copy & Paste and Drag & Drop + component + * CVE-2026-0891 (bmo#1964722, bmo#2000981, bmo#2003100, + bmo#2003278) + Memory safety bugs fixed in Firefox ESR 140.7, Thunderbird + ESR 140.7, Firefox 147 and Thunderbird 147 + * CVE-2026-0892 (bmo#1986912, bmo#1996718, bmo#1999633, + bmo#2001081, bmo#2004443) + Memory safety bugs fixed in Firefox 147 and Thunderbird 147 +- requires NSS >= 3.119 +- Added upstream patch mozilla-bmo2008777.patch to fix KDE crash (boo#1256513) + +------------------------------------------------------------------- Old: ---- firefox-146.0.1.source.tar.xz firefox-146.0.1.source.tar.xz.asc l10n-146.0.1.tar.xz New: ---- firefox-147.0.source.tar.xz firefox-147.0.source.tar.xz.asc l10n-147.0.tar.xz mozilla-bmo2008777.patch ----------(New B)---------- New:- requires NSS >= 3.119 - Added upstream patch mozilla-bmo2008777.patch to fix KDE crash (boo#1256513) ----------(New E)---------- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ MozillaFirefox.spec ++++++ --- /var/tmp/diff_new_pack.crlRwH/_old 2026-01-14 16:21:39.357388633 +0100 +++ /var/tmp/diff_new_pack.crlRwH/_new 2026-01-14 16:21:39.361388799 +0100 @@ -1,8 +1,8 @@ # # spec file for package MozillaFirefox # -# Copyright (c) 2025 SUSE LLC and contributors -# Copyright (c) 2006-2025 Wolfgang Rosenauer <[email protected]> +# Copyright (c) 2026 SUSE LLC and contributors +# Copyright (c) 2006-2026 Wolfgang Rosenauer <[email protected]> # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -28,9 +28,9 @@ # orig_suffix b3 # major 69 # mainver %%major.99 -%define major 146 -%define mainver %major.0.1 -%define orig_version 146.0.1 +%define major 147 +%define mainver %major.0 +%define orig_version 147.0 %define orig_suffix %{nil} %define update_channel release %define branding 1 @@ -114,7 +114,7 @@ BuildRequires: libproxy-devel BuildRequires: makeinfo BuildRequires: mozilla-nspr-devel >= 4.38.2 -BuildRequires: mozilla-nss-devel >= 3.118 +BuildRequires: mozilla-nss-devel >= 3.119 BuildRequires: nasm >= 2.14 BuildRequires: nodejs >= 12.22.12 %if 0%{?sle_version} >= 120000 && 0%{?sle_version} < 150000 @@ -229,6 +229,7 @@ Patch20: one_swizzle_to_rule_them_all.patch Patch21: svg-rendering.patch Patch24: mozilla-bmo1746799.patch +Patch25: mozilla-bmo2008777.patch # Firefox/browser Patch102: firefox-branded-icons.patch %endif ++++++ firefox-146.0.1.source.tar.xz -> firefox-147.0.source.tar.xz ++++++ /work/SRC/openSUSE:Factory/MozillaFirefox/firefox-146.0.1.source.tar.xz /work/SRC/openSUSE:Factory/.MozillaFirefox.new.1928/firefox-147.0.source.tar.xz differ: char 15, line 1 ++++++ l10n-146.0.1.tar.xz -> l10n-147.0.tar.xz ++++++ /work/SRC/openSUSE:Factory/MozillaFirefox/l10n-146.0.1.tar.xz /work/SRC/openSUSE:Factory/.MozillaFirefox.new.1928/l10n-147.0.tar.xz differ: char 15, line 1 ++++++ mozilla-bmo2008777.patch ++++++ diff --git a/widget/gtk/nsWaylandDisplay.cpp b/widget/gtk/nsWaylandDisplay.cpp --- a/widget/gtk/nsWaylandDisplay.cpp +++ b/widget/gtk/nsWaylandDisplay.cpp @@ -801,24 +801,25 @@ registry, id, &zwp_pointer_gestures_v1_interface, ZWP_POINTER_GESTURES_V1_GET_HOLD_GESTURE_SINCE_VERSION); display->SetPointerGestures(gestures); } else if (iface.EqualsLiteral("wp_color_manager_v1")) { auto* colorManager = WaylandRegistryBind<wp_color_manager_v1>( - registry, id, &wp_color_manager_v1_interface, version); + registry, id, &wp_color_manager_v1_interface, 1); display->SetColorManager(colorManager); } else if (iface.EqualsLiteral("wp_color_representation_manager_v1")) { auto* colorRepresentationManager = WaylandRegistryBind<wp_color_representation_manager_v1>( registry, id, &wp_color_representation_manager_v1_interface, 1); display->SetColorRepresentationManager(colorRepresentationManager); } else if (iface.EqualsLiteral("xx_pip_shell_v1")) { auto* pipShell = WaylandRegistryBind<xx_pip_shell_v1>( - registry, id, &xx_pip_shell_v1_interface, version); + registry, id, &xx_pip_shell_v1_interface, 1); display->SetPipShell(pipShell); } else if (iface.EqualsLiteral("xdg_wm_base")) { + uint32_t vers = MIN(version, (uint32_t)xdg_wm_base_interface.version); auto* xdgWm = WaylandRegistryBind<xdg_wm_base>( - registry, id, &xdg_wm_base_interface, version); + registry, id, &xdg_wm_base_interface, vers); display->SetXdgWm(xdgWm); } else if (iface.EqualsLiteral("wl_output") && version > 1) { auto* output = WaylandRegistryBind<wl_output>(registry, id, &wl_output_interface, 2); display->AddWlOutput(output, id); ++++++ mozilla-silence-no-return-type.patch ++++++ --- /var/tmp/diff_new_pack.crlRwH/_old 2026-01-14 16:21:39.693402571 +0100 +++ /var/tmp/diff_new_pack.crlRwH/_new 2026-01-14 16:21:39.697402736 +0100 @@ -1,5 +1,5 @@ # HG changeset patch -# Parent 41e111c9b1b0e1a27baf311089787df66216bfb0 +# Parent a05bd055f1c92d210fa44a3071a17a3bd4df3a93 diff --git a/gfx/skia/skia/include/codec/SkEncodedOrigin.h b/gfx/skia/skia/include/codec/SkEncodedOrigin.h --- a/gfx/skia/skia/include/codec/SkEncodedOrigin.h @@ -461,7 +461,7 @@ VideoStreamInputState input_state) : validation_id_(validation_id), status_(Status::kValid), -@@ -394,16 +395,17 @@ VideoStreamAdapter::RestrictionsOrState +@@ -395,16 +396,17 @@ VideoStreamAdapter::RestrictionsOrState case DegradationPreference::MAINTAIN_RESOLUTION: { // Scale up framerate. return IncreaseFramerate(input_state, current_restrictions_); @@ -479,7 +479,7 @@ ++adaptation_validation_id_; RestrictionsOrState restrictions_or_state = GetAdaptationDownStep(input_state, current_restrictions_); -@@ -474,16 +476,17 @@ VideoStreamAdapter::GetAdaptationDownSte +@@ -475,16 +477,17 @@ VideoStreamAdapter::GetAdaptationDownSte } case DegradationPreference::MAINTAIN_RESOLUTION: { return DecreaseFramerate(input_state, current_restrictions); @@ -497,7 +497,7 @@ int target_pixels = GetLowerResolutionThan(input_state.frame_size_pixels().value()); // Use single active stream if set, this stream could be lower than the input. -@@ -627,16 +630,18 @@ Adaptation VideoStreamAdapter::GetAdaptD +@@ -628,16 +631,18 @@ Adaptation VideoStreamAdapter::GetAdaptD case DegradationPreference::MAINTAIN_FRAMERATE: return GetAdaptationDown(); case DegradationPreference::BALANCED: { @@ -584,7 +584,7 @@ diff --git a/third_party/libwebrtc/modules/audio_processing/agc2/clipping_predictor.cc b/third_party/libwebrtc/modules/audio_processing/agc2/clipping_predictor.cc --- a/third_party/libwebrtc/modules/audio_processing/agc2/clipping_predictor.cc +++ b/third_party/libwebrtc/modules/audio_processing/agc2/clipping_predictor.cc -@@ -380,12 +380,12 @@ std::unique_ptr<ClippingPredictor> Creat +@@ -382,12 +382,12 @@ std::unique_ptr<ClippingPredictor> Creat config.reference_window_delay, config.clipping_threshold, /*adaptive_step_estimation=*/true); case ClippingPredictorMode::kFixedStepClippingPeakPrediction: @@ -838,10 +838,10 @@ } // namespace - constexpr size_t DefaultTemporalLayers::kNumReferenceBuffers; - std::vector<DefaultTemporalLayers::DependencyInfo> DefaultTemporalLayers::GetDependencyInfo(size_t num_layers) { + // For indexing in the patterns described below (which temporal layers they + // belong to), see the diagram above. diff --git a/third_party/libwebrtc/modules/video_coding/codecs/vp8/temporal_layers_checker.cc b/third_party/libwebrtc/modules/video_coding/codecs/vp8/temporal_layers_checker.cc --- a/third_party/libwebrtc/modules/video_coding/codecs/vp8/temporal_layers_checker.cc +++ b/third_party/libwebrtc/modules/video_coding/codecs/vp8/temporal_layers_checker.cc @@ -887,7 +887,7 @@ diff --git a/third_party/libwebrtc/net/dcsctp/packet/parameter/reconfiguration_response_parameter.cc b/third_party/libwebrtc/net/dcsctp/packet/parameter/reconfiguration_response_parameter.cc --- a/third_party/libwebrtc/net/dcsctp/packet/parameter/reconfiguration_response_parameter.cc +++ b/third_party/libwebrtc/net/dcsctp/packet/parameter/reconfiguration_response_parameter.cc -@@ -56,16 +56,17 @@ absl::string_view ToString(Reconfigurati +@@ -55,16 +55,17 @@ absl::string_view ToString(Reconfigurati case ReconfigurationResponseParameter::Result:: kErrorRequestAlreadyInProgress: return "Error: request already in progress"; @@ -929,7 +929,7 @@ diff --git a/third_party/libwebrtc/net/dcsctp/rx/data_tracker.cc b/third_party/libwebrtc/net/dcsctp/rx/data_tracker.cc --- a/third_party/libwebrtc/net/dcsctp/rx/data_tracker.cc +++ b/third_party/libwebrtc/net/dcsctp/rx/data_tracker.cc -@@ -355,16 +355,17 @@ absl::string_view DataTracker::ToString( +@@ -352,16 +352,17 @@ absl::string_view DataTracker::ToString( return "IDLE"; case AckState::kBecomingDelayed: return "BECOMING_DELAYED"; @@ -1035,11 +1035,11 @@ } } // namespace - constexpr TimeDelta Timer::kMaxTimerDuration; - Timer::Timer(TimerID id, absl::string_view name, OnExpired on_expired, + UnregisterHandler unregister_handler, + std::unique_ptr<Timeout> timeout, diff --git a/third_party/libwebrtc/video/adaptation/video_stream_encoder_resource_manager.cc b/third_party/libwebrtc/video/adaptation/video_stream_encoder_resource_manager.cc --- a/third_party/libwebrtc/video/adaptation/video_stream_encoder_resource_manager.cc +++ b/third_party/libwebrtc/video/adaptation/video_stream_encoder_resource_manager.cc ++++++ tar_stamps ++++++ --- /var/tmp/diff_new_pack.crlRwH/_old 2026-01-14 16:21:39.769405723 +0100 +++ /var/tmp/diff_new_pack.crlRwH/_new 2026-01-14 16:21:39.773405889 +0100 @@ -1,11 +1,11 @@ PRODUCT="firefox" CHANNEL="release" -VERSION="146.0.1" +VERSION="147.0" VERSION_SUFFIX="" -PREV_VERSION="146.0" +PREV_VERSION="146.0.1" PREV_VERSION_SUFFIX="" #SKIP_LOCALES="" # Uncomment to skip l10n and compare-locales-generation RELEASE_REPO="https://hg.mozilla.org/releases/mozilla-release"; -RELEASE_TAG="86bb7f6af6312ba3c0161085f854bcdff68f1a91" -RELEASE_TIMESTAMP="20251217121356" +RELEASE_TAG="7797f9c423177e9425de47ea4a1fd944653c5661" +RELEASE_TIMESTAMP="20260105210555"
