Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package MozillaFirefox for openSUSE:Factory checked in at 2024-06-14 18:57:28 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/MozillaFirefox (Old) and /work/SRC/openSUSE:Factory/.MozillaFirefox.new.19518 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "MozillaFirefox" Fri Jun 14 18:57:28 2024 rev:429 rq:1180696 version:127.0 Changes: -------- --- /work/SRC/openSUSE:Factory/MozillaFirefox/MozillaFirefox.changes 2024-05-30 15:32:12.487698934 +0200 +++ /work/SRC/openSUSE:Factory/.MozillaFirefox.new.19518/MozillaFirefox.changes 2024-06-14 18:57:30.841634768 +0200 @@ -1,0 +2,42 @@ +Tue Jun 11 09:21:24 UTC 2024 - Wolfgang Rosenauer <w...@rosenauer.org> + +- Mozilla Firefox 127.0 + https://www.mozilla.org/en-US/firefox/127.0/releasenotes + MFSA 2024-25 (bsc#1226027) + * CVE-2024-5687 (bmo#1889066) + An incorrect principal could have been used when opening new tabs + * CVE-2024-5688 (bmo#1895086) + Use-after-free in JavaScript object transplant + * CVE-2024-5689 (bmo#1389707) + User confusion and possible phishing vector via Firefox Screenshots + * CVE-2024-5690 (bmo#1883693) + External protocol handlers leaked by timing attack + * CVE-2024-5691 (bmo#1888695) + Sandboxed iframes were able to bypass sandbox restrictions to + open a new window + * CVE-2024-5692 (bmo#1837514, bmo#1891234) + Bypass of file name restrictions during saving + * CVE-2024-5693 (bmo#1891319) + Cross-Origin Image leak via Offscreen Canvas + * CVE-2024-5694 (bmo#1895055) + Use-after-free in JavaScript Strings + * CVE-2024-5695 (bmo#1895579) + Memory Corruption using allocation using out-of-memory conditions + * CVE-2024-5696 (bmo#1896555) + Memory Corruption in Text Fragments + * CVE-2024-5697 (bmo#1414937) + Website was able to detect when Firefox was taking a + screenshot of them + * CVE-2024-5698 (bmo#1828259) + Data-list could have overlaid address bar + * CVE-2024-5699 (bmo#1891349) + Cookie prefixes not treated as case-sensitive + * CVE-2024-5700 (bmo#1862809, bmo#1889355, bmo#1893388, bmo#1895123) + Memory safety bugs fixed in Firefox 127, Firefox ESR 115.12, + and Thunderbird 115.12 + * CVE-2024-5701 (bmo#1890909, bmo#1891422, bmo#1893915, + bmo#1894047, bmo#1896024) + Memory safety bugs fixed in Firefox 127 +- removed obsolete mozilla-bmo1886378.patch + +------------------------------------------------------------------- Old: ---- firefox-126.0.1.source.tar.xz firefox-126.0.1.source.tar.xz.asc l10n-126.0.1.tar.xz mozilla-bmo1886378.patch New: ---- firefox-127.0.source.tar.xz firefox-127.0.source.tar.xz.asc l10n-127.0.tar.xz BETA DEBUG BEGIN: Old: Memory safety bugs fixed in Firefox 127 - removed obsolete mozilla-bmo1886378.patch BETA DEBUG END: ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ MozillaFirefox.spec ++++++ --- /var/tmp/diff_new_pack.eaqlpn/_old 2024-06-14 18:57:45.590167529 +0200 +++ /var/tmp/diff_new_pack.eaqlpn/_new 2024-06-14 18:57:45.614168396 +0200 @@ -28,9 +28,9 @@ # orig_suffix b3 # major 69 # mainver %%major.99 -%define major 126 -%define mainver %major.0.1 -%define orig_version 126.0.1 +%define major 127 +%define mainver %major.0 +%define orig_version 127.0 %define orig_suffix %{nil} %define update_channel release %define branding 1 @@ -229,7 +229,6 @@ Patch22: mozilla-partial-revert-1768632.patch Patch23: mozilla-rust-disable-future-incompat.patch Patch24: mozilla-bmo1822730.patch -Patch25: mozilla-bmo1886378.patch # Firefox/browser Patch101: firefox-kde.patch Patch102: firefox-branded-icons.patch ++++++ firefox-126.0.1.source.tar.xz -> firefox-127.0.source.tar.xz ++++++ /work/SRC/openSUSE:Factory/MozillaFirefox/firefox-126.0.1.source.tar.xz /work/SRC/openSUSE:Factory/.MozillaFirefox.new.19518/firefox-127.0.source.tar.xz differ: char 15, line 1 ++++++ l10n-126.0.1.tar.xz -> l10n-127.0.tar.xz ++++++ /work/SRC/openSUSE:Factory/MozillaFirefox/l10n-126.0.1.tar.xz /work/SRC/openSUSE:Factory/.MozillaFirefox.new.19518/l10n-127.0.tar.xz differ: char 26, line 1 ++++++ mozilla-libavcodec58_91.patch ++++++ --- /var/tmp/diff_new_pack.eaqlpn/_old 2024-06-14 18:57:47.750245558 +0200 +++ /var/tmp/diff_new_pack.eaqlpn/_new 2024-06-14 18:57:47.786246858 +0200 @@ -1,16 +1,16 @@ # HG changeset patch -# Parent 60fc1933af9d4f1769025a6f1d9a60db6b899315 +# Parent fdc16b43f28c2e974929ca702563aaac52799654 diff --git a/dom/media/platforms/ffmpeg/FFmpegRuntimeLinker.cpp b/dom/media/platforms/ffmpeg/FFmpegRuntimeLinker.cpp --- a/dom/media/platforms/ffmpeg/FFmpegRuntimeLinker.cpp +++ b/dom/media/platforms/ffmpeg/FFmpegRuntimeLinker.cpp -@@ -36,16 +36,18 @@ static const char* sLibs[] = { - "libavcodec.54.dylib", +@@ -44,16 +44,18 @@ static const char* sLibs[] = { "libavcodec.53.dylib", #elif defined(XP_OPENBSD) "libavcodec.so", // OpenBSD hardly controls the major/minor library version // of ffmpeg and update it regulary on ABI/API changes #else + "libavcodec.so.61", "libavcodec.so.60", "libavcodec.so.59", + "libavcodec.so.58.134", ++++++ mozilla-rust-disable-future-incompat.patch ++++++ --- /var/tmp/diff_new_pack.eaqlpn/_old 2024-06-14 18:57:48.086257695 +0200 +++ /var/tmp/diff_new_pack.eaqlpn/_new 2024-06-14 18:57:48.102258274 +0200 @@ -1,18 +1,18 @@ # HG changeset patch -# Parent 83a5e219b271976ee9dfa46b74ecc1c1c6d49f94 +# Parent 8c5b7b10f09b8cd6a8a6e0e29b92ec88cec6d4ce diff --git a/Cargo.toml b/Cargo.toml --- a/Cargo.toml +++ b/Cargo.toml -@@ -234,8 +234,14 @@ mio_0_8 = { package = "mio", git = "http - path = "third_party/rust/mio-0.6.23" +@@ -238,8 +238,14 @@ mio_0_8 = { package = "mio", git = "http + # Patch `gpu-descriptor` 0.3.0 to remove unnecessary `allocator-api2` dep.: + # Still waiting for the now-merged <https://github.com/zakarumych/gpu-descriptor/pull/40> to be released. + gpu-descriptor = { git = "https://github.com/zakarumych/gpu-descriptor";, rev = "7b71a4e47c81903ad75e2c53deb5ab1310f6ff4d" } - [patch."https://github.com/mozilla/uniffi-rs.git";] - uniffi = "0.27.1" - uniffi_bindgen = "0.27.1" - uniffi_build = "0.27.1" - uniffi_macros = "0.27.1" - weedle2 = "=5.0.0" + # Patch mio 0.6 to use winapi 0.3 and miow 0.3, getting rid of winapi 0.2. + # There is not going to be new version of mio 0.6, mio now being >= 0.7.11. + [patch.crates-io.mio] + path = "third_party/rust/mio-0.6.23" + +# Package code v0.1.4 uses code "that will be rejected by a future version of Rust" +# Shut up such messages for now to make the build succeed ++++++ mozilla-silence-no-return-type.patch ++++++ --- /var/tmp/diff_new_pack.eaqlpn/_old 2024-06-14 18:57:48.130259285 +0200 +++ /var/tmp/diff_new_pack.eaqlpn/_new 2024-06-14 18:57:48.142259718 +0200 @@ -1,5 +1,5 @@ # HG changeset patch -# Parent af0655f894a27ef60aa8438af7939a5ebc498df0 +# Parent 45b7287e677b0d0a47091f763c19d75955c291a1 diff --git a/gfx/skia/skia/include/codec/SkEncodedOrigin.h b/gfx/skia/skia/include/codec/SkEncodedOrigin.h --- a/gfx/skia/skia/include/codec/SkEncodedOrigin.h @@ -462,7 +462,7 @@ diff --git a/third_party/libwebrtc/api/rtp_parameters.cc b/third_party/libwebrtc/api/rtp_parameters.cc --- a/third_party/libwebrtc/api/rtp_parameters.cc +++ b/third_party/libwebrtc/api/rtp_parameters.cc -@@ -27,16 +27,17 @@ const char* DegradationPreferenceToStrin +@@ -28,16 +28,17 @@ const char* DegradationPreferenceToStrin case DegradationPreference::MAINTAIN_FRAMERATE: return "maintain-framerate"; case DegradationPreference::MAINTAIN_RESOLUTION: @@ -505,7 +505,7 @@ diff --git a/third_party/libwebrtc/api/video_codecs/video_codec.cc b/third_party/libwebrtc/api/video_codecs/video_codec.cc --- a/third_party/libwebrtc/api/video_codecs/video_codec.cc +++ b/third_party/libwebrtc/api/video_codecs/video_codec.cc -@@ -126,16 +126,17 @@ const char* CodecTypeToPayloadString(Vid +@@ -156,16 +156,17 @@ const char* CodecTypeToPayloadString(Vid case kVideoCodecMultiplex: return kPayloadNameMultiplex; case kVideoCodecGeneric: @@ -526,7 +526,7 @@ diff --git a/third_party/libwebrtc/api/video_codecs/video_encoder_software_fallback_wrapper.cc b/third_party/libwebrtc/api/video_codecs/video_encoder_software_fallback_wrapper.cc --- a/third_party/libwebrtc/api/video_codecs/video_encoder_software_fallback_wrapper.cc +++ b/third_party/libwebrtc/api/video_codecs/video_encoder_software_fallback_wrapper.cc -@@ -183,16 +183,17 @@ class VideoEncoderSoftwareFallbackWrappe +@@ -184,16 +184,17 @@ class VideoEncoderSoftwareFallbackWrappe [[fallthrough]]; case EncoderState::kMainEncoderUsed: return encoder_.get(); @@ -544,7 +544,7 @@ // Settings used in the last InitEncode call and used if a dynamic fallback to // software is required. -@@ -363,16 +364,17 @@ int32_t VideoEncoderSoftwareFallbackWrap +@@ -377,16 +378,17 @@ int32_t VideoEncoderSoftwareFallbackWrap case EncoderState::kMainEncoderUsed: { return EncodeWithMainEncoder(frame, frame_types); } @@ -684,7 +684,7 @@ diff --git a/third_party/libwebrtc/media/base/codec.cc b/third_party/libwebrtc/media/base/codec.cc --- a/third_party/libwebrtc/media/base/codec.cc +++ b/third_party/libwebrtc/media/base/codec.cc -@@ -200,16 +200,17 @@ bool Codec::Matches(const Codec& codec) +@@ -228,16 +228,17 @@ bool Codec::Matches(const Codec& codec) (codec.bitrate == 0 || bitrate <= 0 || bitrate == codec.bitrate) && ((codec.channels < 2 && channels < 2) || @@ -765,7 +765,7 @@ diff --git a/third_party/libwebrtc/modules/audio_processing/audio_processing_impl.cc b/third_party/libwebrtc/modules/audio_processing/audio_processing_impl.cc --- a/third_party/libwebrtc/modules/audio_processing/audio_processing_impl.cc +++ b/third_party/libwebrtc/modules/audio_processing/audio_processing_impl.cc -@@ -94,16 +94,17 @@ GainControl::Mode Agc1ConfigModeToInterf +@@ -96,16 +96,17 @@ GainControl::Mode Agc1ConfigModeToInterf case Agc1Config::kAdaptiveAnalog: return GainControl::kAdaptiveAnalog; case Agc1Config::kAdaptiveDigital: @@ -783,7 +783,7 @@ // Maximum lengths that frame of samples being passed from the render side to // the capture side can have (does not apply to AEC3). -@@ -161,17 +162,17 @@ int AudioFormatValidityToErrorCode(Audio +@@ -163,17 +164,17 @@ int AudioFormatValidityToErrorCode(Audio case AudioFormatValidity::kValidAndSupported: return AudioProcessing::kNoError; case AudioFormatValidity::kValidButUnsupportedSampleRate: // fall-through @@ -802,7 +802,7 @@ const StreamConfig& input_config, const StreamConfig& output_config) { AudioFormatValidity input_validity = ValidateAudioFormat(input_config); -@@ -2416,16 +2417,17 @@ void AudioProcessingImpl::InitializeNois +@@ -2420,16 +2421,17 @@ void AudioProcessingImpl::InitializeNois case NoiseSuppresionConfig::kModerate: return NsConfig::SuppressionLevel::k12dB; case NoiseSuppresionConfig::kHigh: @@ -921,12 +921,12 @@ diff --git a/third_party/libwebrtc/modules/pacing/bitrate_prober.cc b/third_party/libwebrtc/modules/pacing/bitrate_prober.cc --- a/third_party/libwebrtc/modules/pacing/bitrate_prober.cc +++ b/third_party/libwebrtc/modules/pacing/bitrate_prober.cc -@@ -64,16 +64,17 @@ bool BitrateProber::ReadyToSetActiveStat - return false; - case ProbingState::kInactive: - // If config_.min_packet_size > 0, a "large enough" packet must be sent - // first, before a probe can be generated and sent. Otherwise, send the - // probe asap. +@@ -79,16 +79,17 @@ bool BitrateProber::ReadyToSetActiveStat + return true; + } + // If config_.min_packet_size > 0, a "large enough" packet must be + // sent first, before a probe can be generated and sent. Otherwise, + // send the probe asap. return packet_size >= std::min(RecommendedMinProbeSize(), config_.min_packet_size.Get()); } @@ -934,18 +934,18 @@ } void BitrateProber::OnIncomingPacket(DataSize packet_size) { - if (ReadyToSetActiveState(packet_size)) { - next_probe_time_ = Timestamp::MinusInfinity(); - probing_state_ = ProbingState::kActive; - } + MaybeSetActiveState(packet_size); } + + void BitrateProber::CreateProbeCluster( + const ProbeClusterConfig& cluster_config) { diff --git a/third_party/libwebrtc/modules/rtp_rtcp/source/create_video_rtp_depacketizer.cc b/third_party/libwebrtc/modules/rtp_rtcp/source/create_video_rtp_depacketizer.cc --- a/third_party/libwebrtc/modules/rtp_rtcp/source/create_video_rtp_depacketizer.cc +++ b/third_party/libwebrtc/modules/rtp_rtcp/source/create_video_rtp_depacketizer.cc -@@ -36,11 +36,12 @@ std::unique_ptr<VideoRtpDepacketizer> Cr - case kVideoCodecH265: - // TODO(bugs.webrtc.org/13485): Implement VideoRtpDepacketizerH265. +@@ -42,11 +42,12 @@ std::unique_ptr<VideoRtpDepacketizer> Cr + #else return nullptr; + #endif case kVideoCodecGeneric: case kVideoCodecMultiplex: return std::make_unique<VideoRtpDepacketizerGeneric>(); ++++++ tar_stamps ++++++ --- /var/tmp/diff_new_pack.eaqlpn/_old 2024-06-14 18:57:48.454270989 +0200 +++ /var/tmp/diff_new_pack.eaqlpn/_new 2024-06-14 18:57:48.486272145 +0200 @@ -1,11 +1,11 @@ PRODUCT="firefox" CHANNEL="release" -VERSION="126.0.1" +VERSION="127.0" VERSION_SUFFIX="" -PREV_VERSION="126.0" +PREV_VERSION="126.0.1" PREV_VERSION_SUFFIX="" #SKIP_LOCALES="" # Uncomment to skip l10n and compare-locales-generation RELEASE_REPO="https://hg.mozilla.org/releases/mozilla-release"; -RELEASE_TAG="6c033deedc28e5dadb0b99de7336cb6ebb336631" -RELEASE_TIMESTAMP="20240526221752" +RELEASE_TAG="cfd3e02d8411b3a938cda7242dcf044cf03c03d1" +RELEASE_TIMESTAMP="20240606181944"
