Accepting request 1160726 from mozilla:Factory

- Mozilla Firefox 124.0.1 https://www.mozilla.org/en-US/firefox/124.0.1/releasenotes/ MFSA 2024-15 (bsc#1221850) * CVE-2024-29943 (bmo#1886849) Out-of-bounds access via Range Analysis bypass * CVE-2024-29944 (bmo#1886852) Privileged JavaScript Execution via Event Handlers Mozilla Firefox 124.0 https://www.mozilla.org/en-US/firefox/124.0/releasenotes/ MFSA 2024-12 (bsc#1221327) * CVE-2024-2605 (bmo#1872920) Windows Error Reporter could be used as a Sandbox escape vector * CVE-2024-2606 (bmo#1879237) Mishandling of WASM register values * CVE-2024-2607 (bmo#1879939) JIT code failed to save return registers on Armv7-A * CVE-2024-2608 (bmo#1880692) Integer overflow could have led to out of bounds write * CVE-2023-5388 (bmo#1780432) NSS susceptible to timing attack against RSA decryption * CVE-2024-2609 (bmo#1866100) Permission prompt input delay could expire when not in focus * CVE-2024-2610 (bmo#1871112) Improper handling of html and body tags enabled CSP nonce leakage * CVE-2024-2611 (bmo#1876675) Clickjacking vulnerability could have led to a user accidentally granting permissions * CVE-2024-2612 (bmo#1879444) Self referencing object could have potentially led to a use- after-free OBS-URL: https://build.opensuse.org/request/show/1160726 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaFirefox?expand=0&rev=423
2024-03-25 20:06:23 +00:00 · 2024-03-25 20:06:23 +00:00 · 23c8d9fe7f
commit 23c8d9fe7f
parent 33f287025d 90db4db449
11 changed files with 109 additions and 43 deletions
--- a/MozillaFirefox.changes
+++ b/MozillaFirefox.changes
@ -1,3 +1,47 @@
 -------------------------------------------------------------------
 Fri Mar 22 09:53:26 UTC 2024 - Wolfgang Rosenauer <wr@rosenauer.org>
 - Mozilla Firefox 124.0.1
  https://www.mozilla.org/en-US/firefox/124.0.1/releasenotes/
  MFSA 2024-15 (bsc#1221850)
  * CVE-2024-29943 (bmo#1886849)
    Out-of-bounds access via Range Analysis bypass
  * CVE-2024-29944 (bmo#1886852)
    Privileged JavaScript Execution via Event Handlers
  Mozilla Firefox 124.0
  https://www.mozilla.org/en-US/firefox/124.0/releasenotes/
  MFSA 2024-12 (bsc#1221327)
  * CVE-2024-2605 (bmo#1872920)
    Windows Error Reporter could be used as a Sandbox escape vector
  * CVE-2024-2606 (bmo#1879237)
    Mishandling of WASM register values
  * CVE-2024-2607 (bmo#1879939)
    JIT code failed to save return registers on Armv7-A
  * CVE-2024-2608 (bmo#1880692)
    Integer overflow could have led to out of bounds write
  * CVE-2023-5388 (bmo#1780432)
    NSS susceptible to timing attack against RSA decryption
  * CVE-2024-2609 (bmo#1866100)
    Permission prompt input delay could expire when not in focus
  * CVE-2024-2610 (bmo#1871112)
    Improper handling of html and body tags enabled CSP nonce leakage
  * CVE-2024-2611 (bmo#1876675)
    Clickjacking vulnerability could have led to a user accidentally
    granting permissions
  * CVE-2024-2612 (bmo#1879444)
    Self referencing object could have potentially led to a use-
    after-free
  * CVE-2024-2613 (bmo#1875701)
    Improper handling of QUIC ACK frame data could have led to OOM
  * CVE-2024-2614 (bmo#1685358, bmo#1861016, bmo#1880405, bmo#1881093)
    Memory safety bugs fixed in Firefox 124, Firefox ESR 115.9,
    and Thunderbird 115.9
  * CVE-2024-2615 (bmo#1881074, bmo#1881650, bmo#1882438)
    Memory safety bugs fixed in Firefox 124
 - requires
  NSS = 3.98
  rust-cbindgen >= 0.26
 -------------------------------------------------------------------
 Fri Mar  8 06:16:48 UTC 2024 - Andreas Stieger <andreas.stieger@gmx.de>
--- a/MozillaFirefox.spec
+++ b/MozillaFirefox.spec
@ -2,7 +2,7 @@
 # spec file for package MozillaFirefox
 #
 # Copyright (c) 2024 SUSE LLC
-# Copyright (c) 2006-2023 Wolfgang Rosenauer <wr@rosenauer.org>
+# Copyright (c) 2006-2024 Wolfgang Rosenauer <wr@rosenauer.org>
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@ -28,9 +28,9 @@
 # orig_suffix b3
 # major 69
 # mainver %%major.99
-%define major          123
+%define major          124
 %define mainver        %major.0.1
-%define orig_version   123.0.1
+%define orig_version   124.0.1
 %define orig_suffix    %{nil}
 %define update_channel release
 %define branding       1
@ -114,7 +114,7 @@ BuildRequires:  libiw-devel
 BuildRequires:  libproxy-devel
 BuildRequires:  makeinfo
 BuildRequires:  mozilla-nspr-devel >= 4.35
-BuildRequires:  mozilla-nss-devel >= 3.97
+BuildRequires:  mozilla-nss-devel >= 3.98
 BuildRequires:  nasm >= 2.14
 BuildRequires:  nodejs >= 12.22.12
 %if 0%{?sle_version} >= 120000 && 0%{?sle_version} < 150000
@ -134,7 +134,7 @@ BuildRequires:  python3-curses
 BuildRequires:  python3-devel
 %endif
 %endif
-BuildRequires:  rust-cbindgen >= 0.24.3
+BuildRequires:  rust-cbindgen >= 0.26
 BuildRequires:  unzip
 BuildRequires:  update-desktop-files
 BuildRequires:  xorg-x11-libXt-devel
--- a/firefox-123.0.1.source.tar.xz
+++ b/firefox-123.0.1.source.tar.xz
@ -1,3 +0,0 @@
 version https://git-lfs.github.com/spec/v1
 oid sha256:d5dcb955b65e0f164a90cac0760724486e36e896221b98f244801dfd045d741c
 size 545230176
--- a/firefox-123.0.1.source.tar.xz.asc
+++ b/firefox-123.0.1.source.tar.xz.asc
@ -1,16 +0,0 @@
 -----BEGIN PGP SIGNATURE-----
 iQIzBAABCgAdFiEErdcHlHlwDcrf3VM34207E/PZMnQFAmXlv0EACgkQ4207E/PZ
 MnSVrA//aY2Ggkr5OBlPBaGPGqLRdOEYG7ZGOO11yOKTa0R8iLpJLdx1Zfs7DUut
 XG63VPONcC0JH5Qlo9u/OOK40axdA4LhtxVygCDDLlT1Myw9Pjil+ALzndDmLYiJ
 YrqROMCaQ1dZUGIU2ygM59r73NZi5RL22ERxU7HRmzRpXNLz05qe13NUFbaGThEu
 jPqL2xLggifAdVAE47MzGFo4/pZWX1/0dkwXrPDymhB7CkTeGvRVlid6x/WCjGS8
 A5Tw0Ta5TWbY6s4CDdJQMgvogscc4WoruR3/flZbxth2leOowWDqcLjT2mhawkgE
 ewlrlAx64lGwqliinZiSk90DslRCFLXk3EcMHnp7+hOzp0l65HfV5dgFxbX9DesG
 b0DK3jJJegPfFpI3dLbXEcvZE87OJHSCslZuor0HS67ptImXY+ZYjz30YxtGnC45
 8hoyOLSePHkdDrFFcTJBbsMj5eIpFTGxblzA3y6CL7Go2sRnF2VylGTB0lXnDaAS
 ve97nEQIhZY2mNWFgZMINe/CouCX0/7y8rnoPr2RAPG4Zmf1mHbuMpCuUpgMF6Wa
 JxfHgPyzmdaTnhHbuj/Yf1sCZPPh5o/HIkOaNihxfe/tBgADWEiaZDjfmsp4qX8a
 NOKnqvKgxSEK+jVyrgaU9I1XrQwk/wnhfS6FMk5yo1hM6hHjYEo=
 =NmM8
 -----END PGP SIGNATURE-----
--- a/firefox-124.0.1.source.tar.xz
+++ b/firefox-124.0.1.source.tar.xz
@ -0,0 +1,3 @@
 version https://git-lfs.github.com/spec/v1
 oid sha256:ddac16aea855e057ff6be3c143f7155cc20f452e1f45eb6288ff27e9346ab843
 size 545772696
--- a/firefox-124.0.1.source.tar.xz.asc
+++ b/firefox-124.0.1.source.tar.xz.asc
@ -0,0 +1,16 @@
 -----BEGIN PGP SIGNATURE-----
 iQIzBAABCgAdFiEErdcHlHlwDcrf3VM34207E/PZMnQFAmX9BREACgkQ4207E/PZ
 MnS6Wg//ZhAUGE9w8UO6FCksRmZjSZF6aMfmEX/8v5D3gpPXK68gQDZR4vGvGedM
 aNNmvlP6s6/xBPZfkiriRsq+c+N4Ls6MUfSvis7AjbyNAAVFp1UdlFLlCGrCrIxI
 Wt9pyD/IDPHwg6aktLRw+BcqnPLhdlOZ5xYbUp2PMbjNNHwFphOMCQWsvj7fbkfl
 OoKAQvrT/MeFVQV3lp6TX8WU0773Zlbsu355t8ZnQEZV4eiZeZh9jRU8HjaWYmU/
 yinP346y7CdVrfPt6c/ROB8Z0Noz5mrBqJ7DDzHffq1GRCeFxaM4bBy0dNAh7t87
 kErkdHFRh28WkWlfcmoe6uiW4ZLluAFxwnGftw9fSDZA1gAUwoj4qQmWB5RpI1lm
 tODN3vOqqSEGB5VQ53b6/HMZeCX7m6eKu9JsCS9PStLLdWM+JrlfVIvX3c4Hcpud
 ifHFZNufdaf5wQqzwwJnUaikyYfhk4oJOPZxKnfhdLoHzw9QcptHTtpn56r71g6l
 Hzhshl62Lpg7GU6CVxyaxYLiwtPY75LmFqK2GTolmfKGgNQzZTuq+jsmEMbxEbTW
 S5V3wRimggfVVj3MO7ybkwWVRKR5BqNzc+ArZ/b8BjMgABSfCiD/9uGwNhLgoBOZ
 35ZSTzcRIKm9uX8bRvnrFenkkMMX2BXJBlX0LLDzRs21c7FGk0U=
 =7WuV
 -----END PGP SIGNATURE-----
--- a/l10n-123.0.1.tar.xz
+++ b/l10n-123.0.1.tar.xz
@ -1,3 +0,0 @@
 version https://git-lfs.github.com/spec/v1
 oid sha256:db489606750a6d8b1752d6f99228cb5811ca0f8bbc5a9c576f892220f4326b9d
 size 31107184
--- a/l10n-124.0.1.tar.xz
+++ b/l10n-124.0.1.tar.xz
@ -0,0 +1,3 @@
 version https://git-lfs.github.com/spec/v1
 oid sha256:b5a2654acb77950eb3b18d4418cf338194e838a0f3dbd26dff52ede3d6c7cb18
 size 32588820
--- a/mozilla-kde.patch
+++ b/mozilla-kde.patch
@ -283,7 +283,7 @@ diff --git a/toolkit/system/unixproxy/nsUnixSystemProxySettings.cpp b/toolkit/sy
 nsUnixSystemProxySettings::GetMainThreadOnly(bool* aMainThreadOnly) {
   // dbus prevents us from being threadsafe, but this routine should not block
   // anyhow
-@@ -391,21 +395,46 @@ nsresult nsUnixSystemProxySettings::GetP
+@@ -388,21 +392,46 @@ nsresult nsUnixSystemProxySettings::GetP
   return NS_OK;
 }
@ -1255,15 +1255,15 @@ diff --git a/widget/gtk/nsFilePicker.cpp b/widget/gtk/nsFilePicker.cpp
   mFilters.AppendElement(filter);
   mFilterNames.AppendElement(name);
-@@ -412,16 +416,39 @@ nsresult nsFilePicker::Show(nsIFilePicke
+@@ -416,16 +420,39 @@ NS_IMETHODIMP
   return NS_OK;
 }
 NS_IMETHODIMP
 nsFilePicker::Open(nsIFilePickerShownCallback* aCallback) {
   // Can't show two dialogs concurrently with the same filepicker
   if (mFileChooser) return NS_ERROR_NOT_AVAILABLE;
   if (MaybeBlockFilePicker(aCallback)) {
     return NS_OK;
   }
 +  // KDE file picker is not handled via callback
 +  if (nsKDEUtils::kdeSupport()) {
 +    mCallback = aCallback;
@ -1295,7 +1295,7 @@ diff --git a/widget/gtk/nsFilePicker.cpp b/widget/gtk/nsFilePicker.cpp
   GtkFileChooserAction action = GetGtkFileChooserAction(mMode);
   const gchar* accept_button;
-@@ -703,16 +730,215 @@ void nsFilePicker::Done(void* file_choos
+@@ -707,16 +734,215 @@ void nsFilePicker::Done(void* file_choos
     mCallback->Done(result);
     mCallback = nullptr;
   } else {
@ -1670,13 +1670,13 @@ diff --git a/xpcom/components/ManifestParser.cpp b/xpcom/components/ManifestPars
 diff --git a/xpcom/components/moz.build b/xpcom/components/moz.build
 --- a/xpcom/components/moz.build
 +++ b/xpcom/components/moz.build
-@@ -66,16 +66,17 @@ LOCAL_INCLUDES += [
+@@ -67,16 +67,17 @@ LOCAL_INCLUDES += [
     "!..",
     "../base",
     "../build",
     "../ds",
     "/chrome",
     "/js/xpconnect/loader",
     "/js/xpconnect/src",
     "/layout/build",
     "/modules/libjar",
 +    "/toolkit/xre",
--- a/mozilla-silence-no-return-type.patch
+++ b/mozilla-silence-no-return-type.patch
@ -1,5 +1,5 @@
 # HG changeset patch
-# Parent  d1908d68e16e148fcc012caac881a03417eccc7e
+# Parent  831d03cde86aa6b8803d5ac431e2d28bf85c9289
 diff --git a/gfx/skia/skia/include/codec/SkEncodedOrigin.h b/gfx/skia/skia/include/codec/SkEncodedOrigin.h
 --- a/gfx/skia/skia/include/codec/SkEncodedOrigin.h
@ -875,6 +875,28 @@ diff --git a/third_party/libwebrtc/modules/audio_processing/transient/transient_
                                                  int sample_rate_hz,
                                                  int detector_rate_hz,
                                                  int num_channels)
 diff --git a/third_party/libwebrtc/modules/congestion_controller/goog_cc/goog_cc_network_control.cc b/third_party/libwebrtc/modules/congestion_controller/goog_cc/goog_cc_network_control.cc
 --- a/third_party/libwebrtc/modules/congestion_controller/goog_cc/goog_cc_network_control.cc
 +++ b/third_party/libwebrtc/modules/congestion_controller/goog_cc/goog_cc_network_control.cc
@@ -90,16 +90,18 @@ BandwidthLimitedCause GetBandwidthLimite
       // Probes may not be sent in this state.
       return BandwidthLimitedCause::kLossLimitedBwe;
     case LossBasedState::kIncreasing:
       // Probes may be sent in this state.
       return BandwidthLimitedCause::kLossLimitedBweIncreasing;
     case LossBasedState::kDelayBasedEstimate:
       return BandwidthLimitedCause::kDelayBasedLimited;
   }
 +  // just return something by default
 +  return BandwidthLimitedCause::kLossLimitedBwe;
 }
 }  // namespace
 GoogCcNetworkController::GoogCcNetworkController(NetworkControllerConfig config,
                                                  GoogCcConfig goog_cc_config)
     : key_value_config_(config.key_value_config ? config.key_value_config
                                                 : &trial_based_config_),
 diff --git a/third_party/libwebrtc/modules/desktop_capture/linux/wayland/screencast_portal.cc b/third_party/libwebrtc/modules/desktop_capture/linux/wayland/screencast_portal.cc
 --- a/third_party/libwebrtc/modules/desktop_capture/linux/wayland/screencast_portal.cc
 +++ b/third_party/libwebrtc/modules/desktop_capture/linux/wayland/screencast_portal.cc
@ -957,7 +979,7 @@ diff --git a/third_party/libwebrtc/modules/rtp_rtcp/source/rtp_sender.cc b/third
 diff --git a/third_party/libwebrtc/modules/rtp_rtcp/source/rtp_sender_audio.cc b/third_party/libwebrtc/modules/rtp_rtcp/source/rtp_sender_audio.cc
 --- a/third_party/libwebrtc/modules/rtp_rtcp/source/rtp_sender_audio.cc
 +++ b/third_party/libwebrtc/modules/rtp_rtcp/source/rtp_sender_audio.cc
-@@ -41,16 +41,17 @@ namespace {
+@@ -42,16 +42,17 @@ namespace {
     case AudioFrameType::kEmptyFrame:
       return "empty";
     case AudioFrameType::kAudioFrameSpeech:
@ -1020,7 +1042,7 @@ diff --git a/third_party/libwebrtc/modules/video_coding/codecs/vp8/temporal_laye
 diff --git a/third_party/libwebrtc/video/adaptation/video_stream_encoder_resource_manager.cc b/third_party/libwebrtc/video/adaptation/video_stream_encoder_resource_manager.cc
 --- a/third_party/libwebrtc/video/adaptation/video_stream_encoder_resource_manager.cc
 +++ b/third_party/libwebrtc/video/adaptation/video_stream_encoder_resource_manager.cc
-@@ -58,16 +58,17 @@ bool IsFramerateScalingEnabled(Degradati
+@@ -59,16 +59,17 @@ bool IsFramerateScalingEnabled(Degradati
 std::string ToString(VideoAdaptationReason reason) {
   switch (reason) {
     case VideoAdaptationReason::kQuality:
--- a/8
+++ b/8
@ -1,10 +1,10 @@
 PRODUCT="firefox"
 CHANNEL="release"
-VERSION="123.0.1"
+VERSION="124.0.1"
 VERSION_SUFFIX=""
-PREV_VERSION="123.0"
+PREV_VERSION="123.0.1"
 PREV_VERSION_SUFFIX=""
 #SKIP_LOCALES="" # Uncomment to skip l10n and compare-locales-generation
 RELEASE_REPO="https://hg.mozilla.org/releases/mozilla-release"
-RELEASE_TAG="652f653a58f0acdc1413e45ab35eae68a95cd1af"
+RELEASE_TAG="f0a24d8f29033faf04f6fe98453cdb5c2ac4a96f"
-RELEASE_TIMESTAMP="20240304104836"
+RELEASE_TIMESTAMP="20240321230221"