1 -------------------------------------------------------------------

     2 Mon Apr 29 18:17:48 UTC 2024 - Andreas Stieger <andreas.stieger@gmx.de>

     3 

     4 - Mozilla Firefox 125.0.3

     5   * Fixed: Fixed an extra blank tab with an address of

     6     `https://0.0.0.1` sometimes appearing when attempting to

     7     launch Firefox when it is already running (bmo#1892612).

     8   * Fixed: Fixed an issue that could cause incorrect font

     9     selection in some situations for users with the Japanese

    10     locale set (bmo#1892363).

    11   * Fixed: Fixed text corruption when dragging text containing

    12     unicode characters on Linux systems (bmo#1888202).

    13   * Fixed: Fixed a correctness error when checking

    14     `arguments.length` (and not using arguments otherwise) inside

    15     of a generator or async function (bmo#1892699).

    16   * Fixed: Fixed an issue that could lead to inconsistent focus

    17     handling of `<select>` elements when opened (bmo#1893177).

    18 

    19 -------------------------------------------------------------------

    20 Wed Apr 24 08:43:53 UTC 2024 - Manfred Hollstein <manfred.h@gmx.net>

    21 

    22 - Fix build on Leap by requiring gcc13 which has been made available

    23   as an update.

    24 

    25 -------------------------------------------------------------------

    26 Sun Apr 21 04:49:23 UTC 2024 - Wolfgang Rosenauer <wr@rosenauer.org>

    27 

    28 - Mozilla Firefox 125.0.2

    29   * The 125.0 and 125.0.1 releases were skipped due to problems

    30     with a feature that proactively blocked downloads from

    31     potentially untrustworthy URLs.

    32   * New: Firefox now supports the AV1 codec for Encrypted Media

    33     Extensions (EME), enabling higher-quality playback from video

    34     streaming providers

    35   * New: The Firefox PDF viewer now supports text highlighting.

    36   * New: Firefox View now displays pinned tabs in the Open tabs

    37     section. Tab indicators have also been added to Open tabs, so

    38     users can do things like see which tabs are playing media and

    39     quickly mute or unmute across windows. Indicators were also

    40     added for bookmarks, tabs with notifications, and more!

    41     their addresses upon submitting an address form, allowing

    42     Firefox to autofill stored address information in the future.

    43   * New: The URL Paste Suggestion feature provides a convenient

    44     way for users to quickly visit URLs copied to the clipboard

    45     in the address bar of Firefox. When the clipboard contains a

    46     URL and the URL bar is focused, an autocomplete result

    47     appears automatically. Activating the clipboard suggestion

    48     will navigate the user to the URL with 1 click.

    49   * New: Users of tab-specific Container add-ons can now search

    50     in the Address Bar for tabs that are open in different

    51     containers. Special thanks to volunteer contributor atararx

    52     for kicking off the work on this feature!

    53   * New: Firefox now provides an option to enable Web Proxy Auto-

    54     Discovery (WPAD) while configured to use system proxy

    55     settings.

    56   * Changed: In a group of radio buttons where no option is

    57     selected, the tab key now only reaches the first option

    58     rather than cycling through all available options. The arrow

    59     keys navigate between options as they do when there is a

    60     selected option. This makes keyboard navigation more

    61     efficient and consistent

    62   * HTML5: Firefox now supports the `popover` global attribute

    63     used for designating an element as a popover element. The

    64     element won't be rendered until it is made visible, after

    65     which it will appear on top of other page content.

    66   * HTML5: WebAssembly multi-memory is now enabled by default.

    67     Wasm multi-memory allows wasm modules to use and import

    68     multiple independent linear memories. This enables more

    69     efficient interoperability between modules and provides

    70     better polyfills for upcoming wasm standards, such as the

    71     component model.

    72   * HTML5: Added support for Unicode Text Segmentation to

    73     JavaScript.

    74   * HTML5: Added support for `contextlost` and `contextrestored`

    75     events on HTMLCanvasElement and OffscreenCanvas to allow user

    76     code to recover from context loss with hardware accelerated

    77     2d canvas.

    78   * HTML5: Firefox now supports the

    79     `navigator.clipboard.readText()` web API. A paste context

    80     menu will appear for the user to confirm when attempting to

    81     read clipboard data not provided by the same-origin page.

    82   * HTML5: Added support for the `content-box` and `stroke-box`

    83     keywords of the `transform-box` CSS property.

    84   * HTML5: The `align-content` property now works in block

    85     layout, allowing block direction alignment without needing a

    86     flex or grid container.

    87   * HTML5: Support for `SVGAElement.text` was removed in favor of

    88     the more widely-implemented `SVGAElement.textContent` method.

    89   * Developer: Following several requests, we have reintroduced

    90     the option to disable the Pause Debugger Overlay

    91     (`devtools.debugger.features.overlay`). This overlay appears

    92     over the page content when the debugger pauses JavaScript

    93     execution. In certain scenarios, the overlay can be

    94     intrusive, making it challenging to interact with the page,

    95     for instance, evaluating shades of color underneath.

    96   * Developer: We've added a new drop-down menu button at the

    97     bottom of the source view in the Debugger panel, specifically

    98     designed for Source Map related actions. Users can now easily

    99     disable or enable Source Maps support, open the Source Map

   100     file in a new tab, switch between the original source and the

   101     generated bundle, toggle the "open original source by

   102     default" option, and view the Source Map status such as

   103     errors, loading status, etc.

   104     MFSA 2024-18 (bsc#1221327)

   105   * CVE-2024-3852 (bmo#1883542)

   106     GetBoundName in the JIT returned the wrong object

   107   * CVE-2024-3853 (bmo#1884427)

   108     Use-after-free if garbage collection runs during realm

   109     initialization

   110   * CVE-2024-3854 (bmo#1884552)

   111     Out-of-bounds-read after mis-optimized switch statement

   112   * CVE-2024-3855 (bmo#1885828)

   113     Incorrect JIT optimization of MSubstr leads to out-of-bounds

   114     reads

   115   * CVE-2024-3856 (bmo#1885829)

   116     Use-after-free in WASM garbage collection

   117   * CVE-2024-3857 (bmo#1886683)

   118     Incorrect JITting of arguments led to use-after-free during

   119     garbage collection

   120   * CVE-2024-3858 (bmo#1888892)

   121     Corrupt pointer dereference in

   122     js::CheckTracedThing<js::Shape>

   123   * CVE-2024-3859 (bmo#1874489)

   124     Integer-overflow led to out-of-bounds-read in the OpenType

   125     sanitizer

   126   * CVE-2024-3860 (bmo#1881417)

   127     Crash when tracing empty shape lists

   128   * CVE-2024-3861 (bmo#1883158)

   129     Potential use-after-free due to AlignedBuffer self-move

   130   * CVE-2024-3862 (bmo#1884457)

   131     Potential use of uninitialized memory in MarkStack assignment

   132     operator on self-assignment

   133   * CVE-2024-3863 (bmo#1885855)

   134     Download Protections were bypassed by .xrm-ms files on

   135     Windows

   136   * CVE-2024-3302 (bmo#1881183,

   137     bmo#https://kb.cert.org/vuls/id/421644)

   138     Denial of Service using HTTP/2 CONTINUATION frames

   139   * CVE-2024-3864 (bmo#1888333)

   140     Memory safety bug fixed in Firefox 125, Firefox ESR 115.10,

   141     and Thunderbird 115.10

   142   * CVE-2024-3865 (bmo#1881076, bmo#1884887, bmo#1885359,

   143     bmo#1889049)

   144     Memory safety bugs fixed in Firefox 125

   145 - requires

   146   NSS 3.99

   147   rust 1.76

   148 - add mozilla-libproxy-fix.patch to fix with-libproxy build variant

   149