Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package MozillaFirefox for openSUSE:Factory checked in at 2023-12-22 22:41:04 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/MozillaFirefox (Old) and /work/SRC/openSUSE:Factory/.MozillaFirefox.new.28375 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "MozillaFirefox" Fri Dec 22 22:41:04 2023 rev:415 rq:1134603 version:121.0 Changes: -------- --- /work/SRC/openSUSE:Factory/MozillaFirefox/MozillaFirefox.changes 2023-12-09 22:49:58.832424365 +0100 +++ /work/SRC/openSUSE:Factory/.MozillaFirefox.new.28375/MozillaFirefox.changes 2023-12-22 22:41:10.947668916 +0100 @@ -1,0 +2,50 @@ +Wed Dec 20 12:59:57 UTC 2023 - Wolfgang Rosenauer <w...@rosenauer.org> + +- Mozilla Firefox 121.0 + https://www.mozilla.org/en-US/firefox/121.0/releasenotes + MFSA 2023-56 (bsc#1217974) + * CVE-2023-6856 (bmo#1843782) + Heap-buffer-overflow affecting WebGL DrawElementsInstanced + method with Mesa VM driver + * CVE-2023-6135 (bmo#1853908) + NSS susceptible to "Minerva" attack + * CVE-2023-6865 (bmo#1864123) + Potential exposure of uninitialized data in EncryptingOutputStream + * CVE-2023-6857 (bmo#1796023) + Symlinks may resolve to smaller than expected buffers + * CVE-2023-6858 (bmo#1826791) + Heap buffer overflow in nsTextFragment + * CVE-2023-6859 (bmo#1840144) + Use-after-free in PR_GetIdentitiesLayer + * CVE-2023-6866 (bmo#1849037) + TypedArrays lack sufficient exception handling + * CVE-2023-6860 (bmo#1854669) + Potential sandbox escape due to VideoBridge lack of texture + validation + * CVE-2023-6867 (bmo#1863863) + Clickjacking permission prompts using the popup transition + * CVE-2023-6861 (bmo#1864118) + Heap buffer overflow affected nsWindow::PickerOpen(void) in + headless mode + * CVE-2023-6868 (bmo#1865488) + WebPush requests on Firefox for Android did not require VAPID key + * CVE-2023-6869 (bmo#1799036) + Content can paint outside of sandboxed iframe + * CVE-2023-6870 (bmo#1823316) + Android Toast notifications may obscure fullscreen event + notifications + * CVE-2023-6871 (bmo#1828334) + Lack of protocol handler warning in some instances + * CVE-2023-6872 (bmo#1849186) + Browsing history leaked to syslogs via GNOME + * CVE-2023-6863 (bmo#1868901) + Undefined behavior in ShutdownObserver() + * CVE-2023-6864 (bmo#1736385, bmo#1810805, bmo#1846328, bmo#1856090, + bmo#1858033, bmo#1858509, bmo#1862777, bmo#1864015) + Memory safety bugs fixed in Firefox 121, Firefox ESR 115.6, + and Thunderbird 115.6 + * CVE-2023-6873 (bmo#1855327, bmo#1862089, bmo#1862723) + Memory safety bugs fixed in Firefox 121 +- requires NSS 3.95 + +------------------------------------------------------------------- Old: ---- firefox-120.0.1.source.tar.xz firefox-120.0.1.source.tar.xz.asc l10n-120.0.1.tar.xz New: ---- firefox-121.0.source.tar.xz firefox-121.0.source.tar.xz.asc l10n-121.0.tar.xz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ MozillaFirefox.spec ++++++ --- /var/tmp/diff_new_pack.GODS7l/_old 2023-12-22 22:41:28.320305373 +0100 +++ /var/tmp/diff_new_pack.GODS7l/_new 2023-12-22 22:41:28.320305373 +0100 @@ -28,9 +28,9 @@ # orig_suffix b3 # major 69 # mainver %%major.99 -%define major 120 -%define mainver %major.0.1 -%define orig_version 120.0.1 +%define major 121 +%define mainver %major.0 +%define orig_version 121.0 %define orig_suffix %{nil} %define update_channel release %define branding 1 @@ -114,7 +114,7 @@ BuildRequires: libproxy-devel BuildRequires: makeinfo BuildRequires: mozilla-nspr-devel >= 4.35 -BuildRequires: mozilla-nss-devel >= 3.94 +BuildRequires: mozilla-nss-devel >= 3.95 BuildRequires: nasm >= 2.14 BuildRequires: nodejs >= 12.22.12 %if 0%{?sle_version} >= 120000 && 0%{?sle_version} < 150000 ++++++ firefox-120.0.1.source.tar.xz -> firefox-121.0.source.tar.xz ++++++ /work/SRC/openSUSE:Factory/MozillaFirefox/firefox-120.0.1.source.tar.xz /work/SRC/openSUSE:Factory/.MozillaFirefox.new.28375/firefox-121.0.source.tar.xz differ: char 15, line 1 ++++++ l10n-120.0.1.tar.xz -> l10n-121.0.tar.xz ++++++ /work/SRC/openSUSE:Factory/MozillaFirefox/l10n-120.0.1.tar.xz /work/SRC/openSUSE:Factory/.MozillaFirefox.new.28375/l10n-121.0.tar.xz differ: char 26, line 1 ++++++ mozilla-kde.patch ++++++ ++++ 888 lines (skipped) ++++ between /work/SRC/openSUSE:Factory/MozillaFirefox/mozilla-kde.patch ++++ and /work/SRC/openSUSE:Factory/.MozillaFirefox.new.28375/mozilla-kde.patch ++++++ tar_stamps ++++++ --- /var/tmp/diff_new_pack.GODS7l/_old 2023-12-22 22:41:28.720320036 +0100 +++ /var/tmp/diff_new_pack.GODS7l/_new 2023-12-22 22:41:28.724320183 +0100 @@ -1,11 +1,11 @@ PRODUCT="firefox" CHANNEL="release" -VERSION="120.0.1" +VERSION="121.0" VERSION_SUFFIX="" -PREV_VERSION="120.0" +PREV_VERSION="120.0.1" PREV_VERSION_SUFFIX="" #SKIP_LOCALES="" # Uncomment to skip l10n and compare-locales-generation RELEASE_REPO="https://hg.mozilla.org/releases/mozilla-release"; -RELEASE_TAG="d80eefe94738ab6bd35cca64747d877c49337318" -RELEASE_TIMESTAMP="20231129155202" +RELEASE_TAG="8b7f7fd1873f56a4d755ea1fdcf46cbb18f9af27" +RELEASE_TIMESTAMP="20231211174248"
