diff --git a/MozillaFirefox.changes b/MozillaFirefox.changes index 0d82d64..91eb69d 100644 --- a/MozillaFirefox.changes +++ b/MozillaFirefox.changes @@ -1,8 +1,118 @@ +------------------------------------------------------------------- +Mon Dec 2 11:14:39 UTC 2024 - Martin Sirringhaus + +- Firefox Extended Support Release 128.5.1 ESR + * Fixed: Fixed an issue that prevented some websites from + loading when using SSL Inspection. (bmo#1933747) + +------------------------------------------------------------------- +Mon Nov 25 07:35:12 UTC 2024 - Martin Sirringhaus + +- Firefox Extended Support Release 128.5.0 ESR + * Fixed: Various security fixes and other quality improvements. + MFSA 2024-64 (bsc#1233695) + * CVE-2024-11691 (bmo#1914707, bmo#1924184) + Out-of-bounds write in Apple GPU drivers via WebGL + * CVE-2024-11692 (bmo#1909535) + Select list elements could be shown over another site + * CVE-2024-11693 (bmo#1921458) + Download Protections were bypassed by .library-ms files on + Windows + * CVE-2024-11694 (bmo#1924167) + CSP Bypass and XSS Exposure via Web Compatibility Shims + * CVE-2024-11695 (bmo#1925496) + URL Bar Spoofing via Manipulated Punycode and Whitespace + Characters + * CVE-2024-11696 (bmo#1929600) + Unhandled Exception in Add-on Signature Verification + * CVE-2024-11697 (bmo#1842187) + Improper Keypress Handling in Executable File Confirmation + Dialog + * CVE-2024-11698 (bmo#1916152) + Fullscreen Lock-Up When Modal Dialog Interrupts Transition on + macOS + * CVE-2024-11699 (bmo#1880582, bmo#1929911) + Memory safety bugs fixed in Firefox 133, Firefox ESR 128.5, + and Thunderbird 128.5 + +------------------------------------------------------------------- +Tue Oct 22 06:30:36 UTC 2024 - Martin Sirringhaus + +- Firefox Extended Support Release 128.4.0 ESR + * Fixed: Various security fixes and other quality improvements. + MFSA 2024-56 (bsc#1231879) + * CVE-2024-10458 (bmo#1921733) + Permission leak via embed or object elements + * CVE-2024-10459 (bmo#1919087) + Use-after-free in layout with accessibility + * CVE-2024-10460 (bmo#1912537) + Confusing display of origin for external protocol handler + prompt + * CVE-2024-10461 (bmo#1914521) + XSS due to Content-Disposition being ignored in + multipart/x-mixed-replace response + * CVE-2024-10462 (bmo#1920423) + Origin of permission prompt could be spoofed by long URL + * CVE-2024-10463 (bmo#1920800) + Cross origin video frame leak + * CVE-2024-10464 (bmo#1913000) + History interface could have been used to cause a Denial of + Service condition in the browser + * CVE-2024-10465 (bmo#1918853) + Clipboard "paste" button persisted across tabs + * CVE-2024-10466 (bmo#1924154) + DOM push subscription message could hang Firefox + * CVE-2024-10467 (bmo#1829029, bmo#1888538, bmo#1900394, + bmo#1904059, bmo#1917742, bmo#1919809, bmo#1923706) + Memory safety bugs fixed in Firefox 132, Thunderbird 132, + Firefox ESR 128.4, and Thunderbird 128.4 +- Rebase mozilla-rust-disable-future-incompat.patch + +------------------------------------------------------------------- +Wed Oct 9 07:11:07 UTC 2024 - Martin Sirringhaus + +- Firefox Extended Support Release 128.3.1 ESR + MFSA 2024-51 (bsc#1231413) + * CVE-2024-9680 (bmo#1923344) + Use-after-free in Animation timeline + ------------------------------------------------------------------- Wed Sep 25 11:30:58 UTC 2024 - Martin Sirringhaus - Firefox Extended Support Release 128.3.0 ESR - Placeholder changelog-entry (bsc#1230979) + * Fixed: Various security fixes and other quality improvements. + MFSA 2024-47 (bsc#1230979) + * CVE-2024-9392 (bmo#1899154, bmo#1905843) + Compromised content process can bypass site isolation + * CVE-2024-9393 (bmo#1918301) + Cross-origin access to PDF contents through multipart + responses + * CVE-2024-9394 (bmo#1918874) + Cross-origin access to JSON contents through multipart + responses + * CVE-2024-8900 (bmo#1872841) + Clipboard write permission bypass + * CVE-2024-9396 (bmo#1912471) + Potential memory corruption may occur when cloning certain + objects + * CVE-2024-9397 (bmo#1916659) + Potential directory upload bypass via clickjacking + * CVE-2024-9398 (bmo#1881037) + External protocol handlers could be enumerated via popups + * CVE-2024-9399 (bmo#1907726) + Specially crafted WebTransport requests could lead to denial + of service + * CVE-2024-9400 (bmo#1915249) + Potential memory corruption during JIT compilation + * CVE-2024-9401 (bmo#1872744, bmo#1897792, bmo#1911317, + bmo#1916476) + Memory safety bugs fixed in Firefox 131, Firefox ESR 115.16, + Firefox ESR 128.3, Thunderbird 131, and Thunderbird 128.3 + * CVE-2024-9402 (bmo#1872744, bmo#1897792, bmo#1911317, + bmo#1913445, bmo#1914106, bmo#1914475, bmo#1914963, + bmo#1915008, bmo#1916476) + Memory safety bugs fixed in Firefox 131, Firefox ESR 128.3, + Thunderbird 131, and Thunderbird 128.3 ------------------------------------------------------------------- Mon Sep 9 20:57:49 UTC 2024 - Charles Robertson diff --git a/MozillaFirefox.spec b/MozillaFirefox.spec index ceae170..cade594 100644 --- a/MozillaFirefox.spec +++ b/MozillaFirefox.spec @@ -29,8 +29,8 @@ # major 69 # mainver %%major.99 %define major 128 -%define mainver %major.3.0 -%define orig_version 128.3.0 +%define mainver %major.5.1 +%define orig_version 128.5.1 %define orig_suffix esr %define update_channel release %define branding 1 diff --git a/firefox-128.3.0esr.source.tar.xz b/firefox-128.3.0esr.source.tar.xz deleted file mode 100644 index b4f0aef..0000000 --- a/firefox-128.3.0esr.source.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:53f5564d74b61a83a0bc817779e5d4e7d7d7bb6fb83b4622af1abee865a4f3ac -size 560960556 diff --git a/firefox-128.3.0esr.source.tar.xz.asc b/firefox-128.3.0esr.source.tar.xz.asc deleted file mode 100644 index c2d8893..0000000 --- a/firefox-128.3.0esr.source.tar.xz.asc +++ /dev/null @@ -1,16 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQIzBAABCgAdFiEErdcHlHlwDcrf3VM34207E/PZMnQFAmbxkrMACgkQ4207E/PZ -MnQ8khAA0WUg/6Ykv2Mbxq1840nUwoTqBy2OMyqCR4kuqHVJlKIbTn8U1Fqde4RS -qwgqkQ+eJUk6IAG/32KBZWJHsTFTUs+D0GYB+xqJnFGHDBcaK9IdvQz7SIIqzJUu -MlAqqbQm/vXfrVqjyIEvvG9dIaYVe85L3/KKGDcHQOSMGZxsTX/MvqOMMjGH7J6w -/kTFVjMcbrpjs1w1ovDtanNe66JNvuEnR5mdLvXa9o7Dg90ujJxq1jC/Z6h7A17f -lsey0v+7nbUBINhdiFNgg3HBlm6aj4axghd4SkEKB1Vb4eCZmlzqY0JgKY6Xw8FM -w9kKPAntGMaUXlSn0yR+XFlrwngTpi48+Ljgi/SxnKEGGOnWOj8XPpx0uxiRrIfp -xNpK/rDUT+5EEFkap7Prr0huIBzYE50H/JKx8hVIwHQFbPe/oLZE1IAwepG8wcxv -HQuYcYh+L+LG1uKqdLSlMi5EmLizobU0JWw+t989eR6wEPAyp5w+FZmYdNt9dgrk -33nc72RdaCFmkDOpF++uLf8I/s4hrpIEQ4DU5XHnaHdUFg0W7B6/BR7d1YACljHs -CkNm3XKcgYJJBeKHEskU5NozMpBbDC0OoXNzgGwpT1z2AmvsCI7JdAHTgSflTXe7 -wX/7t30hbGGzFdC9fJ6ZqUsC7EmZzPtpDmY5XI50yx9uZL32rhk= -=1kCT ------END PGP SIGNATURE----- diff --git a/firefox-128.5.1esr.source.tar.xz b/firefox-128.5.1esr.source.tar.xz new file mode 100644 index 0000000..4e9acc7 --- /dev/null +++ b/firefox-128.5.1esr.source.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:5fc6ac442b8817aab109a6afa9aeb997c50708cf897f7387c02399cda00794ab +size 559760256 diff --git a/firefox-128.5.1esr.source.tar.xz.asc b/firefox-128.5.1esr.source.tar.xz.asc new file mode 100644 index 0000000..153a8d0 --- /dev/null +++ b/firefox-128.5.1esr.source.tar.xz.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCgAdFiEErdcHlHlwDcrf3VM34207E/PZMnQFAmdIvLkACgkQ4207E/PZ +MnTntg//WWqNvoivQlg1oQTnYMfYp670oB3DkJvC0LnsGGLrPCqvlgQQxUBgFP2R +fP7PIoZWUZR5yFBuX/81uYrIL2svM5BVIqEec5swXe32gmuK14R3jG0IIeh5d3hu +oSVRL9/j+jQXe/sFIwqutCcr3WABhOPjEmCfjcDOO6SqKChe3XfTo7y0IEBq+pHI +acuhw6RwfBZr8smMMWSPvolKJaGs/Nl2ZEAvgjPwfgTVwZt8+2lVg831kzxd/iXf +1tsikXtslJsUVj7Yx1L8opnG51QBwIUxGGcoJUGFkY8ce9zM+z5OgEIwWqqFMjtA +gfrvH0iy659q960Y/wF00EzH6vno3LFH4/CMQG04IURViyFqEGOgQi7lD2+Q4EMp +CN08V5GOQ1n6CukSHx3CF8ujQavhdUrFlfB+pNsc6zJSsr/FTV2CD6HEgclh0bBc +tMDCICV4A/eVQ8vG3fZIzV/vNv0qZsY+dvJ7RHE6qbTaL3VmrmF4iyrm+avPcZQG +Aee3dKmD6uhzEKNNxvPkbvHVkwuffS9RX6Dc75vp3Sw2cgba8lW5URRk+NtpiWHQ +pq7rRSPgCAtt+k0FtryGVeckGjvz/K11azGxOU0EoD/SM6hX0keoDrqalrxgDDtk +FJmkIu6Po3W0EyexaFBYbFxxTg1MVCT+TbJdY0woxcBc2WttapQ= +=MRPV +-----END PGP SIGNATURE----- diff --git a/l10n-128.3.0esr.tar.xz b/l10n-128.3.0esr.tar.xz deleted file mode 100644 index fd9ef6e..0000000 --- a/l10n-128.3.0esr.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:98b473941ef4ab5cc646b18ded11ac57760c5bd27c48879074b58787469211ed -size 34630904 diff --git a/l10n-128.5.1esr.tar.xz b/l10n-128.5.1esr.tar.xz new file mode 100644 index 0000000..514169d --- /dev/null +++ b/l10n-128.5.1esr.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:14605b3f49010dce73ebfcf2d55c058549bccc3ff8af6e0415e820a18a2d6b28 +size 34931656 diff --git a/mozilla-rust-disable-future-incompat.patch b/mozilla-rust-disable-future-incompat.patch index d7c432d..77efdae 100644 --- a/mozilla-rust-disable-future-incompat.patch +++ b/mozilla-rust-disable-future-incompat.patch @@ -1,14 +1,14 @@ # HG changeset patch # Parent 83a5e219b271976ee9dfa46b74ecc1c1c6d49f94 -Index: firefox-128.0/Cargo.toml +Index: firefox-128.4.0/Cargo.toml =================================================================== ---- firefox-128.0.orig/Cargo.toml -+++ firefox-128.0/Cargo.toml -@@ -236,3 +236,8 @@ mio_0_8 = { package = "mio", git = "http - # Patch `gpu-descriptor` 0.3.0 to remove unnecessary `allocator-api2` dep.: - # Still waiting for the now-merged to be released. - gpu-descriptor = { git = "https://github.com/zakarumych/gpu-descriptor", rev = "7b71a4e47c81903ad75e2c53deb5ab1310f6ff4d" } +--- firefox-128.4.0.orig/Cargo.toml ++++ firefox-128.4.0/Cargo.toml +@@ -244,3 +244,8 @@ neqo-crypto = { path = "third_party/rust + neqo-http3 = { path = "third_party/rust/neqo-http3" } + neqo-qpack = { path = "third_party/rust/neqo-qpack" } + neqo-transport = { path = "third_party/rust/neqo-transport" } + +# Package code v0.1.4 uses code "that will be rejected by a future version of Rust" +# Shut up such messages for now to make the build succeed diff --git a/tar_stamps b/tar_stamps index 7b1e999..64eb04f 100644 --- a/tar_stamps +++ b/tar_stamps @@ -1,10 +1,10 @@ PRODUCT="firefox" CHANNEL="release" -VERSION="128.3.0" +VERSION="128.5.1" VERSION_SUFFIX="esr" -PREV_VERSION="128.2.0" +PREV_VERSION="128.5.0" PREV_VERSION_SUFFIX="esr" #SKIP_LOCALES="" # Uncomment to skip l10n and compare-locales-generation RELEASE_REPO="https://hg.mozilla.org/releases/mozilla-esr128" -RELEASE_TAG="e2cb3d9c8cfc18acad7f77add351416dc95b67c4" -RELEASE_TIMESTAMP="20240923123820" +RELEASE_TAG="a6cdcd2ed9ec3e256f358010672bafd1674b0b8b" +RELEASE_TIMESTAMP="20241128151741"