# HG changeset patch # User Wolfgang Rosenauer # Date 1713674785 -7200 # Node ID 28ebbea625bd65f4301e0361edb0334136692077 # Parent 3a2c95022db2798e7dc519d329c0d8d786e11a1e 124.0.2 diff -r 3a2c95022db2 -r 28ebbea625bd MozillaFirefox/MozillaFirefox.changes --- a/MozillaFirefox/MozillaFirefox.changes Fri Mar 22 10:02:25 2024 +0100 +++ b/MozillaFirefox/MozillaFirefox.changes Sun Apr 21 06:46:25 2024 +0200 @@ -1,4 +1,63 @@ ------------------------------------------------------------------- +Wed Apr 3 12:50:27 UTC 2024 - Martin Sirringhaus + +- Mozilla Firefox 124.0.2 + https://www.mozilla.org/en-US/firefox/124.0.2/releasenotes/ + * Fixed an issue where users with a large amount of bookmarks would + be unable to restore a bookmarks backup. (bmo#1884308) + * Fixed an issue that would cause open Firefox windows + to go blank or crash during video playback on sites such as + Netflix. (bmo#1883932) + * Fixed a crash that affected Linux AArch64 builds. (bmo#1866396) + * Fixed an issue where some users experienced difficulties loading + webpages due to changes made to the default AppArmor configuration + shipping in Ubuntu 24.04. (bmo#1884347) + +------------------------------------------------------------------- +Fri Mar 22 09:53:26 UTC 2024 - Wolfgang Rosenauer + +- Mozilla Firefox 124.0.1 + https://www.mozilla.org/en-US/firefox/124.0.1/releasenotes/ + MFSA 2024-15 (bsc#1221850) + * CVE-2024-29943 (bmo#1886849) + Out-of-bounds access via Range Analysis bypass + * CVE-2024-29944 (bmo#1886852) + Privileged JavaScript Execution via Event Handlers + Mozilla Firefox 124.0 + https://www.mozilla.org/en-US/firefox/124.0/releasenotes/ + MFSA 2024-12 (bsc#1221327) + * CVE-2024-2605 (bmo#1872920) + Windows Error Reporter could be used as a Sandbox escape vector + * CVE-2024-2606 (bmo#1879237) + Mishandling of WASM register values + * CVE-2024-2607 (bmo#1879939) + JIT code failed to save return registers on Armv7-A + * CVE-2024-2608 (bmo#1880692) + Integer overflow could have led to out of bounds write + * CVE-2023-5388 (bmo#1780432) + NSS susceptible to timing attack against RSA decryption + * CVE-2024-2609 (bmo#1866100) + Permission prompt input delay could expire when not in focus + * CVE-2024-2610 (bmo#1871112) + Improper handling of html and body tags enabled CSP nonce leakage + * CVE-2024-2611 (bmo#1876675) + Clickjacking vulnerability could have led to a user accidentally + granting permissions + * CVE-2024-2612 (bmo#1879444) + Self referencing object could have potentially led to a use- + after-free + * CVE-2024-2613 (bmo#1875701) + Improper handling of QUIC ACK frame data could have led to OOM + * CVE-2024-2614 (bmo#1685358, bmo#1861016, bmo#1880405, bmo#1881093) + Memory safety bugs fixed in Firefox 124, Firefox ESR 115.9, + and Thunderbird 115.9 + * CVE-2024-2615 (bmo#1881074, bmo#1881650, bmo#1882438) + Memory safety bugs fixed in Firefox 124 +- requires + NSS = 3.98 + rust-cbindgen >= 0.26 + +------------------------------------------------------------------- Fri Mar 8 06:16:48 UTC 2024 - Andreas Stieger - Mozilla Firefox 123.0.1 diff -r 3a2c95022db2 -r 28ebbea625bd MozillaFirefox/MozillaFirefox.spec --- a/MozillaFirefox/MozillaFirefox.spec Fri Mar 22 10:02:25 2024 +0100 +++ b/MozillaFirefox/MozillaFirefox.spec Sun Apr 21 06:46:25 2024 +0200 @@ -2,7 +2,7 @@ # spec file for package MozillaFirefox # # Copyright (c) 2024 SUSE LLC -# Copyright (c) 2006-2023 Wolfgang Rosenauer +# Copyright (c) 2006-2024 Wolfgang Rosenauer # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -28,9 +28,9 @@ # orig_suffix b3 # major 69 # mainver %%major.99 -%define major 123 -%define mainver %major.0.1 -%define orig_version 123.0.1 +%define major 124 +%define mainver %major.0.2 +%define orig_version 124.0.2 %define orig_suffix %{nil} %define update_channel release %define branding 1 @@ -114,7 +114,7 @@ BuildRequires: libproxy-devel BuildRequires: makeinfo BuildRequires: mozilla-nspr-devel >= 4.35 -BuildRequires: mozilla-nss-devel >= 3.97 +BuildRequires: mozilla-nss-devel >= 3.98 BuildRequires: nasm >= 2.14 BuildRequires: nodejs >= 12.22.12 %if 0%{?sle_version} >= 120000 && 0%{?sle_version} < 150000 @@ -134,7 +134,7 @@ BuildRequires: python3-devel %endif %endif -BuildRequires: rust-cbindgen >= 0.24.3 +BuildRequires: rust-cbindgen >= 0.26 BuildRequires: unzip BuildRequires: update-desktop-files BuildRequires: xorg-x11-libXt-devel diff -r 3a2c95022db2 -r 28ebbea625bd MozillaFirefox/tar_stamps --- a/MozillaFirefox/tar_stamps Fri Mar 22 10:02:25 2024 +0100 +++ b/MozillaFirefox/tar_stamps Sun Apr 21 06:46:25 2024 +0200 @@ -1,10 +1,10 @@ PRODUCT="firefox" CHANNEL="release" -VERSION="123.0.1" +VERSION="124.0.2" VERSION_SUFFIX="" -PREV_VERSION="123.0" +PREV_VERSION="124.0.1" PREV_VERSION_SUFFIX="" #SKIP_LOCALES="" # Uncomment to skip l10n and compare-locales-generation RELEASE_REPO="https://hg.mozilla.org/releases/mozilla-release" -RELEASE_TAG="652f653a58f0acdc1413e45ab35eae68a95cd1af" -RELEASE_TIMESTAMP="20240304104836" +RELEASE_TAG="2718fafaf6b2e4137cff8a71794487d25057e688" +RELEASE_TIMESTAMP="20240401114208" diff -r 3a2c95022db2 -r 28ebbea625bd mozilla-kde.patch --- a/mozilla-kde.patch Fri Mar 22 10:02:25 2024 +0100 +++ b/mozilla-kde.patch Sun Apr 21 06:46:25 2024 +0200 @@ -283,7 +283,7 @@ nsUnixSystemProxySettings::GetMainThreadOnly(bool* aMainThreadOnly) { // dbus prevents us from being threadsafe, but this routine should not block // anyhow -@@ -391,21 +395,46 @@ nsresult nsUnixSystemProxySettings::GetP +@@ -388,21 +392,46 @@ nsresult nsUnixSystemProxySettings::GetP return NS_OK; } @@ -1255,15 +1255,15 @@ mFilters.AppendElement(filter); mFilterNames.AppendElement(name); -@@ -412,16 +416,39 @@ nsresult nsFilePicker::Show(nsIFilePicke - return NS_OK; - } - - NS_IMETHODIMP +@@ -416,16 +420,39 @@ NS_IMETHODIMP nsFilePicker::Open(nsIFilePickerShownCallback* aCallback) { // Can't show two dialogs concurrently with the same filepicker if (mFileChooser) return NS_ERROR_NOT_AVAILABLE; + if (MaybeBlockFilePicker(aCallback)) { + return NS_OK; + } + + // KDE file picker is not handled via callback + if (nsKDEUtils::kdeSupport()) { + mCallback = aCallback; @@ -1295,7 +1295,7 @@ GtkFileChooserAction action = GetGtkFileChooserAction(mMode); const gchar* accept_button; -@@ -703,16 +730,215 @@ void nsFilePicker::Done(void* file_choos +@@ -707,16 +734,215 @@ void nsFilePicker::Done(void* file_choos mCallback->Done(result); mCallback = nullptr; } else { @@ -1670,13 +1670,13 @@ diff --git a/xpcom/components/moz.build b/xpcom/components/moz.build --- a/xpcom/components/moz.build +++ b/xpcom/components/moz.build -@@ -66,16 +66,17 @@ LOCAL_INCLUDES += [ - "!..", +@@ -67,16 +67,17 @@ LOCAL_INCLUDES += [ "../base", "../build", "../ds", "/chrome", "/js/xpconnect/loader", + "/js/xpconnect/src", "/layout/build", "/modules/libjar", + "/toolkit/xre", diff -r 3a2c95022db2 -r 28ebbea625bd mozilla-silence-no-return-type.patch --- a/mozilla-silence-no-return-type.patch Fri Mar 22 10:02:25 2024 +0100 +++ b/mozilla-silence-no-return-type.patch Sun Apr 21 06:46:25 2024 +0200 @@ -1,5 +1,5 @@ # HG changeset patch -# Parent d1908d68e16e148fcc012caac881a03417eccc7e +# Parent 831d03cde86aa6b8803d5ac431e2d28bf85c9289 diff --git a/gfx/skia/skia/include/codec/SkEncodedOrigin.h b/gfx/skia/skia/include/codec/SkEncodedOrigin.h --- a/gfx/skia/skia/include/codec/SkEncodedOrigin.h @@ -875,6 +875,28 @@ int sample_rate_hz, int detector_rate_hz, int num_channels) +diff --git a/third_party/libwebrtc/modules/congestion_controller/goog_cc/goog_cc_network_control.cc b/third_party/libwebrtc/modules/congestion_controller/goog_cc/goog_cc_network_control.cc +--- a/third_party/libwebrtc/modules/congestion_controller/goog_cc/goog_cc_network_control.cc ++++ b/third_party/libwebrtc/modules/congestion_controller/goog_cc/goog_cc_network_control.cc +@@ -90,16 +90,18 @@ BandwidthLimitedCause GetBandwidthLimite + // Probes may not be sent in this state. + return BandwidthLimitedCause::kLossLimitedBwe; + case LossBasedState::kIncreasing: + // Probes may be sent in this state. + return BandwidthLimitedCause::kLossLimitedBweIncreasing; + case LossBasedState::kDelayBasedEstimate: + return BandwidthLimitedCause::kDelayBasedLimited; + } ++ // just return something by default ++ return BandwidthLimitedCause::kLossLimitedBwe; + } + + } // namespace + + GoogCcNetworkController::GoogCcNetworkController(NetworkControllerConfig config, + GoogCcConfig goog_cc_config) + : key_value_config_(config.key_value_config ? config.key_value_config + : &trial_based_config_), diff --git a/third_party/libwebrtc/modules/desktop_capture/linux/wayland/screencast_portal.cc b/third_party/libwebrtc/modules/desktop_capture/linux/wayland/screencast_portal.cc --- a/third_party/libwebrtc/modules/desktop_capture/linux/wayland/screencast_portal.cc +++ b/third_party/libwebrtc/modules/desktop_capture/linux/wayland/screencast_portal.cc @@ -957,7 +979,7 @@ diff --git a/third_party/libwebrtc/modules/rtp_rtcp/source/rtp_sender_audio.cc b/third_party/libwebrtc/modules/rtp_rtcp/source/rtp_sender_audio.cc --- a/third_party/libwebrtc/modules/rtp_rtcp/source/rtp_sender_audio.cc +++ b/third_party/libwebrtc/modules/rtp_rtcp/source/rtp_sender_audio.cc -@@ -41,16 +41,17 @@ namespace { +@@ -42,16 +42,17 @@ namespace { case AudioFrameType::kEmptyFrame: return "empty"; case AudioFrameType::kAudioFrameSpeech: @@ -1020,7 +1042,7 @@ diff --git a/third_party/libwebrtc/video/adaptation/video_stream_encoder_resource_manager.cc b/third_party/libwebrtc/video/adaptation/video_stream_encoder_resource_manager.cc --- a/third_party/libwebrtc/video/adaptation/video_stream_encoder_resource_manager.cc +++ b/third_party/libwebrtc/video/adaptation/video_stream_encoder_resource_manager.cc -@@ -58,16 +58,17 @@ bool IsFramerateScalingEnabled(Degradati +@@ -59,16 +59,17 @@ bool IsFramerateScalingEnabled(Degradati std::string ToString(VideoAdaptationReason reason) { switch (reason) { case VideoAdaptationReason::kQuality: