diff --git a/MozillaFirefox.changes b/MozillaFirefox.changes index eb3eaf1..d0dfc3e 100644 --- a/MozillaFirefox.changes +++ b/MozillaFirefox.changes @@ -1,8 +1,120 @@ +------------------------------------------------------------------- +Thu Jun 6 07:52:51 UTC 2024 - Martin Sirringhaus + +- Firefox Extended Support Release 115.12.0 ESR + * Fixed: Various security fixes and other quality improvements. + MFSA 2024-26 (bsc#1226027) + * MFSA-RESERVE-2024-1193389 (bmo#1193389) + Use-after-free in networking + * MFSA-RESERVE-2024-1895086 (bmo#1895086) + Use-after-free in JavaScript object transplant + * MFSA-RESERVE-2024-1883693 (bmo#1883693) + External protocol handlers leaked by timing attack + * MFSA-RESERVE-2024-1888695 (bmo#1888695) + Sandboxed iframe were able to bypass sandbox restrictions to + open a new window + * MFSA-RESERVE-2024-1891234 (bmo#1891234) + Bypass of file name restrictions during saving + * MFSA-RESERVE-2024-1891319 (bmo#1891319) + Cross-Origin Image leak via Offscreen Canvas + * MFSA-RESERVE-2024-1896555 (bmo#1896555) + Memory Corruption in Text Fragments + * MFSA-RESERVE-2024-2 (bmo#1862809, bmo#1889355, bmo#1893388, + bmo#1895123) + Memory safety bugs fixed in Firefox 127, Firefox ESR 115.12, + and Thunderbird 115.12 + +------------------------------------------------------------------- +Wed May 8 13:34:00 UTC 2024 - Martin Sirringhaus + +- Firefox Extended Support Release 115.11.0 ESR + * Fixed: Various security fixes and other quality improvements. + MFSA 2024-22 (bsc#1224056) + * CVE-2024-4367 (bmo#1893645) + Arbitrary JavaScript execution in PDF.js + * CVE-2024-4767 (bmo#1878577) + IndexedDB files retained in private browsing mode + * CVE-2024-4768 (bmo#1886082) + Potential permissions request bypass via clickjacking + * CVE-2024-4769 (bmo#1886108) + Cross-origin responses could be distinguished between script + and non-script content-types + * CVE-2024-4770 (bmo#1893270) + Use-after-free could occur when printing to PDF + * CVE-2024-4777 (bmo#1878199, bmo#1893340) + Memory safety bugs fixed in Firefox 126, Firefox ESR 115.11, + and Thunderbird 115.11 + +------------------------------------------------------------------- +Tue Apr 9 10:34:07 UTC 2024 - Martin Sirringhaus + +- Firefox Extended Support Release 115.10.0 ESR + * Fixed: Various security fixes and other quality improvements. + MFSA 2024-19 (bsc#1222535) + * CVE-2024-3852 (bmo#1883542) + GetBoundName in the JIT returned the wrong object + * CVE-2024-3854 (bmo#1884552) + Out-of-bounds-read after mis-optimized switch statement + * CVE-2024-3857 (bmo#1886683) + Incorrect JITting of arguments led to use-after-free during + garbage collection + * CVE-2024-2609 (bmo#1866100) + Permission prompt input delay could expire when not in focus + * CVE-2024-3859 (bmo#1874489) + Integer-overflow led to out-of-bounds-read in the OpenType + sanitizer + * CVE-2024-3861 (bmo#1883158) + Potential use-after-free due to AlignedBuffer self-move + * CVE-2024-3863 (bmo#1885855) + Download Protections were bypassed by .xrm-ms files on + Windows + * CVE-2024-3302 (bmo#1881183, https://kb.cert.org/vuls/id/421644) + Denial of Service using HTTP/2 CONTINUATION frames + * CVE-2024-3864 (bmo#1888333) + Memory safety bug fixed in Firefox 125, Firefox ESR 115.10, + and Thunderbird 115.10 + +------------------------------------------------------------------- +Fri Mar 22 08:11:15 UTC 2024 - Martin Sirringhaus + +- Firefox Extended Support Release 115.9.1esr ESR + * Fixed: Security fix. + MFSA 2024-16 (bsc#1221850) + * CVE-2024-29944 (bmo#1886852) + Privileged JavaScript Execution via Event Handlers + ------------------------------------------------------------------- Wed Mar 13 08:25:10 UTC 2024 - Martin Sirringhaus - Firefox Extended Support Release 115.9.0 ESR - Placeholder changelog-entry (bsc#1221327) + * Fixed: Various security fixes and other quality improvements. + MFSA 2024-13 (bsc#1221327) + * CVE-2024-0743 (bmo#1867408) + Crash in NSS TLS method + * CVE-2024-2605 (bmo#1872920) + Windows Error Reporter could be used as a Sandbox escape + vector + * CVE-2024-2607 (bmo#1879939) + JIT code failed to save return registers on Armv7-A + * CVE-2024-2608 (bmo#1880692) + Integer overflow could have led to out of bounds write + * CVE-2024-2616 (bmo#1846197) + Improve handling of out-of-memory conditions in ICU + * CVE-2023-5388 (bmo#1780432) + NSS susceptible to timing attack against RSA decryption + * CVE-2024-2610 (bmo#1871112) + Improper handling of html and body tags enabled CSP nonce + leakage + * CVE-2024-2611 (bmo#1876675) + Clickjacking vulnerability could have led to a user + accidentally granting permissions + * CVE-2024-2612 (bmo#1879444) + Self referencing object could have potentially led to a use- + after-free + * CVE-2024-2614 (bmo#1685358, bmo#1861016, bmo#1880405, + bmo#1881093) + Memory safety bugs fixed in Firefox 124, Firefox ESR 115.9, + and Thunderbird 115.9 ------------------------------------------------------------------- Mon Feb 19 07:18:16 UTC 2024 - Martin Sirringhaus diff --git a/MozillaFirefox.spec b/MozillaFirefox.spec index 3013ddc..483f320 100644 --- a/MozillaFirefox.spec +++ b/MozillaFirefox.spec @@ -29,8 +29,8 @@ # major 69 # mainver %%major.99 %define major 115 -%define mainver %major.9.0 -%define orig_version 115.9.0 +%define mainver %major.12.0 +%define orig_version 115.12.0 %define orig_suffix esr %define update_channel release %define branding 1 diff --git a/firefox-115.12.0esr.source.tar.xz b/firefox-115.12.0esr.source.tar.xz new file mode 100644 index 0000000..a62f398 --- /dev/null +++ b/firefox-115.12.0esr.source.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:b59e1625a0bb2f0565a737394f2bf8a7ce3171314b0d871bde533a101847a8ef +size 505219784 diff --git a/firefox-115.12.0esr.source.tar.xz.asc b/firefox-115.12.0esr.source.tar.xz.asc new file mode 100644 index 0000000..90c65f5 --- /dev/null +++ b/firefox-115.12.0esr.source.tar.xz.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCgAdFiEErdcHlHlwDcrf3VM34207E/PZMnQFAmZd9scACgkQ4207E/PZ +MnSujA/8CPJt/HWe7h11g7s3QmhbP8KR2k7XrEwZZCRvEBmD21a46JsAs/hg1Dci +QRjtJuh5dFyKiW+H+52w5A5nPFJqE0kInvdro4ag2mwOjIYHsWw9PiGcYQ/gxmvQ +OZqx+GqgsuAZzsg3z9IRt7faFydpwr/BIfjWnJCENU2s6/HGlUzM9oT1CLKG9aDZ +iXxdgJ76EZTOdAUr3ZT8sDNwmFdGYxdMuKOt2MoOiZ2JZOUfHm0+mNyXQQ9z8WK7 +w0fxsntaqwF5F2ISA2G5sjG8R0cLwWM4t5xcD71UrMF8OK60HzyiA0K73mNbAoUK +/9YJvcHOFjbVCRMkbTr05HJjricqfVWYPrzIfpMK6olmWmtu5DDtkacZkg78HPca +4Y+k7Z8NqDDQy3EJ3p4gV116hxhAQpQNddNda1i/QO3I4gRPeNug1cbQvtvGi3Jo +Yijw2VOODOxR525ZCvnSyM9ovT4pZjbqx8mSuMNFft5MgMdXCeW4+Kr57iOUWDXw +sR3dOhJwUoVvsQCtlrEXUm90f/KHr/ggd1zHXaQkb9BqRR2BLLiKK6cJTpzZxvcN +MOSNRJT4R1RkkRXCwHgwFo5MgbsEKGTQdIllneGT2J0qLqbutYfSfiDuJIzt0u73 +g8T11OyayQhc8YRbG/lKbcwXjeemPIxvnS0T5yIjNSNyD0ntIHs= +=5hQj +-----END PGP SIGNATURE----- diff --git a/firefox-115.9.0esr.source.tar.xz b/firefox-115.9.0esr.source.tar.xz deleted file mode 100644 index 28f6588..0000000 --- a/firefox-115.9.0esr.source.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:db3b3371c5e6636de73798635531df137b17c5b78bdee03810930b29e8212803 -size 507156076 diff --git a/firefox-115.9.0esr.source.tar.xz.asc b/firefox-115.9.0esr.source.tar.xz.asc deleted file mode 100644 index cd613d9..0000000 --- a/firefox-115.9.0esr.source.tar.xz.asc +++ /dev/null @@ -1,16 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQIzBAABCgAdFiEErdcHlHlwDcrf3VM34207E/PZMnQFAmXyisMACgkQ4207E/PZ -MnTDRhAAmTBt2/CYTWrNfBxz71vSR/brjJJHTSavv3M/VvgQl8iLMh4DOrCX6J+I -bAoRXjmlmv2nwUITQZgkMZ0spnhhJ9eIN4U0yBSwrBWk2Fe3sPwPWp97vdg9PsRG -xYFIhFFLzxep/9F0Dktw8/hy6hV00utOcr9qBTlG07PQQRv5wQVCFtFtGOJYu4hi -qTdJIvlnOj8ZEgv0cNtVmpLqbD/7hspapVfACiQ8LvgggTD33Yx/QQ1SaRRla+p9 -YOd2Mwyyb7/MZHfypM0qDvtU0uOyZp6HB0ca40L4VPfrYi42JKfmDgGuDmww1Nnk -DPOzTWjZ57eCgAHxW5zvqu7XA6TgOT7mqRlRYv5GX+uo+YXsp4mYcaKZqwyX25P8 -c3aQfNdwSzX8K31qLlh3XaeX+xObNDus6u2paPmIkjo48nJV9Bu18/mHAQJ5p+7c -MgtVGpiK4u8/dcpgmIpjiL/S+Srg/anjPchV3DPSusb7d3eEIpSat46u98718Zbj -d+oM0oURd4ErtgtovsLqWkqrA/PE/qeFriZfywGvMWpUb5rhWPOsz4HLP7dAqFKi -yLGe+U7owcffEslvpgyliuUnbef5rGxbthEKEp+uJ4iq9Hpvp6PY1Tjm3JuWC/0M -0vhjYo/TxInfjobdS8oGolp1r1NOArXuJ6l6n/qIN9ESu75lIP8= -=WePS ------END PGP SIGNATURE----- diff --git a/l10n-115.12.0esr.tar.xz b/l10n-115.12.0esr.tar.xz new file mode 100644 index 0000000..552278b --- /dev/null +++ b/l10n-115.12.0esr.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:e113e1fb23923e2264f039f176df4a9cff8d3c52bf65151c98515a2c20bba295 +size 30683340 diff --git a/l10n-115.9.0esr.tar.xz b/l10n-115.9.0esr.tar.xz deleted file mode 100644 index 078d751..0000000 --- a/l10n-115.9.0esr.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:87849e8612f53329b233d6ef3937ec6adba2d01a6934f8e7a5c1ceccb71e8a0c -size 32733692 diff --git a/tar_stamps b/tar_stamps index 514b623..19cfcc7 100644 --- a/tar_stamps +++ b/tar_stamps @@ -1,10 +1,10 @@ PRODUCT="firefox" CHANNEL="release" -VERSION="115.9.0" +VERSION="115.12.0" VERSION_SUFFIX="esr" -PREV_VERSION="115.8.0" +PREV_VERSION="115.11.0" PREV_VERSION_SUFFIX="esr" #SKIP_LOCALES="" # Uncomment to skip l10n and compare-locales-generation RELEASE_REPO="https://hg.mozilla.org/releases/mozilla-esr115" -RELEASE_TAG="423e963b3d9b923e3c7fae8eae2f626f02c15cf2" -RELEASE_TIMESTAMP="20240314014136" +RELEASE_TAG="6b05ad1f5f2dbb0d47ac169115e250ff3776289c" +RELEASE_TIMESTAMP="20240603145132"