- Mozilla Firefox 127.0

https://www.mozilla.org/en-US/firefox/127.0/releasenotes
  MFSA 2024-25 (bsc#1226027)
  * CVE-2024-5687 (bmo#1889066)
    An incorrect principal could have been used when opening new tabs
  * CVE-2024-5688 (bmo#1895086)
    Use-after-free in JavaScript object transplant
  * CVE-2024-5689 (bmo#1389707)
    User confusion and possible phishing vector via Firefox Screenshots
  * CVE-2024-5690 (bmo#1883693)
    External protocol handlers leaked by timing attack
  * CVE-2024-5691 (bmo#1888695)
    Sandboxed iframes were able to bypass sandbox restrictions to
    open a new window
  * CVE-2024-5692 (bmo#1837514, bmo#1891234)
    Bypass of file name restrictions during saving
  * CVE-2024-5693 (bmo#1891319)
    Cross-Origin Image leak via Offscreen Canvas
  * CVE-2024-5694 (bmo#1895055)
    Use-after-free in JavaScript Strings
  * CVE-2024-5695 (bmo#1895579)
    Memory Corruption using allocation using out-of-memory conditions
  * CVE-2024-5696 (bmo#1896555)
    Memory Corruption in Text Fragments
  * CVE-2024-5697 (bmo#1414937)
    Website was able to detect when Firefox was taking a
    screenshot of them
  * CVE-2024-5698 (bmo#1828259)
    Data-list could have overlaid address bar
  * CVE-2024-5699 (bmo#1891349)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=1155
This commit is contained in:
Wolfgang Rosenauer 2024-06-12 20:38:41 +00:00 committed by Git OBS Bridge
parent 7548fa49d0
commit 8d549ff22f
12 changed files with 105 additions and 64 deletions

View File

@ -1,3 +1,45 @@
-------------------------------------------------------------------
Tue Jun 11 09:21:24 UTC 2024 - Wolfgang Rosenauer <wr@rosenauer.org>
- Mozilla Firefox 127.0
https://www.mozilla.org/en-US/firefox/127.0/releasenotes
MFSA 2024-25 (bsc#1226027)
* CVE-2024-5687 (bmo#1889066)
An incorrect principal could have been used when opening new tabs
* CVE-2024-5688 (bmo#1895086)
Use-after-free in JavaScript object transplant
* CVE-2024-5689 (bmo#1389707)
User confusion and possible phishing vector via Firefox Screenshots
* CVE-2024-5690 (bmo#1883693)
External protocol handlers leaked by timing attack
* CVE-2024-5691 (bmo#1888695)
Sandboxed iframes were able to bypass sandbox restrictions to
open a new window
* CVE-2024-5692 (bmo#1837514, bmo#1891234)
Bypass of file name restrictions during saving
* CVE-2024-5693 (bmo#1891319)
Cross-Origin Image leak via Offscreen Canvas
* CVE-2024-5694 (bmo#1895055)
Use-after-free in JavaScript Strings
* CVE-2024-5695 (bmo#1895579)
Memory Corruption using allocation using out-of-memory conditions
* CVE-2024-5696 (bmo#1896555)
Memory Corruption in Text Fragments
* CVE-2024-5697 (bmo#1414937)
Website was able to detect when Firefox was taking a
screenshot of them
* CVE-2024-5698 (bmo#1828259)
Data-list could have overlaid address bar
* CVE-2024-5699 (bmo#1891349)
Cookie prefixes not treated as case-sensitive
* CVE-2024-5700 (bmo#1862809, bmo#1889355, bmo#1893388, bmo#1895123)
Memory safety bugs fixed in Firefox 127, Firefox ESR 115.12,
and Thunderbird 115.12
* CVE-2024-5701 (bmo#1890909, bmo#1891422, bmo#1893915,
bmo#1894047, bmo#1896024)
Memory safety bugs fixed in Firefox 127
- removed obsolete mozilla-bmo1886378.patch
-------------------------------------------------------------------
Wed May 29 06:05:07 UTC 2024 - Wolfgang Rosenauer <wr@rosenauer.org>

View File

@ -28,9 +28,9 @@
# orig_suffix b3
# major 69
# mainver %%major.99
%define major 126
%define mainver %major.0.1
%define orig_version 126.0.1
%define major 127
%define mainver %major.0
%define orig_version 127.0
%define orig_suffix %{nil}
%define update_channel release
%define branding 1
@ -229,7 +229,6 @@ Patch21: svg-rendering.patch
Patch22: mozilla-partial-revert-1768632.patch
Patch23: mozilla-rust-disable-future-incompat.patch
Patch24: mozilla-bmo1822730.patch
Patch25: mozilla-bmo1886378.patch
# Firefox/browser
Patch101: firefox-kde.patch
Patch102: firefox-branded-icons.patch

View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:f63026359f678a5d45cea4c7744fcef512abbb58a5b016bbbb1c6ace723a263b
size 552965660

View File

@ -1,16 +0,0 @@
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEErdcHlHlwDcrf3VM34207E/PZMnQFAmZUvKsACgkQ4207E/PZ
MnRyIA//RmJnrGX1k1J3T9zBknzbhFPxUu3HYp4D7kKrIMJKfzhXpsaIzMaP5AF+
gYC8ixY7o3EbkJtMK8MDXV7Pq+Si+KEmMMgNT+2MQIgGodizBIxUDb+/q8Vl3SCk
LyPAvLIN2nqfVIV3jZ2TNO3fa1U6mW1qswy38Gg0K+/lftG5oZt3nDkJ/Ieqr8Qj
ll36Yoi1ClqD1DhAn5zRBfFpi3InuX7SRMyrNqi7xdo/4v9aG5aWHPn7EbH9LWmW
vDVX1tMh7sWZqJxDT/hofoCuNxX9coS+8alCHSSTZt9DoKQmNjox1Xz/gaNL6xjz
fuNC4WuWUs9/hYkxrRuHKWSzVxq5Qon6QssrrF3pfEXrDwQeb7txQlBesXRpwlq7
LzgQaudIcRU3SgIS7qaUjS3uKNTV8Jivhm0PBuz+FvhuheXTYK0jnk1Ddkkv0Cfq
0SZk4QiZG8Z73HHjEyifHT9QMe5hQbl132momsDRBhUrJpKXyPWNvcq6yxrWFOkL
NWsrnHMDINbonkAgkX1JTxe5MbNts74INzGZJkIMsC/Y33+dmOhePySKd+OcG2eM
DqdsrQLComWpye1FTwYzynR8yVqjbdUoLjfUFWQmliI/wwI7CYfxathxHV1Q5J3N
101fLb5TR4tQOuw8zsnQCPKurVlztx2j/5K90WIL+s1fxnnPGwI=
=gkjp
-----END PGP SIGNATURE-----

View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:ea6b089ff046ca503978fdaf11ea123c64f66bbcdc4a968bed8f7c93e9994321
size 558840124

View File

@ -0,0 +1,16 @@
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEErdcHlHlwDcrf3VM34207E/PZMnQFAmZiLSAACgkQ4207E/PZ
MnSBbA//Xn5pxTREkgot1JwNl1JB3+uYqLjjDcTbZFWhJ/wf6gqokRSbGl+PSVGM
5kOYvggfleRcqc8/OUicD2/SlCXAP/SnxZPmKQXhZJ5o6MLxLELWyeVpgQQNPQAM
5FfkHDGWGyt2B7i5Zfh380IM5KsFso0sglAmeANngI66ePYx/0kOdvUa6YxM/uss
4SjxO6JaquWnQFxG3tmknQZYMQ3u+Zfqq2D6wVD3B+j2oTToQTGXvWHIzT7VEyaj
2xs7s0pecVYiWP92LJlrNV6vFnG8lVyv/zRQURdJ4UYmgRXx5/AZ+k8SFCvQwii3
eHVDJ4IjG7fa36ttubaWf3HZYcWvVV7jnZhLF3MnRmTo0cbY9L4XHCWSEsUq5QnH
q2BSRq+cjE0GwzBw1NFf5b0yIbzy3EQWdhAOH6jpaTZ4veb4yl9UNLg5ms2nkfv7
dpwzhruDa7WWjICELcwyd420tMrL12EuvOORcenXsY+Mqz8k4DpiS5pmBxzN5o8q
/vQbtuOQLM2ZzIjSYKv82egGvEOkuzTCR2UfN4QuWztLbp96PoCZ7No1j4cWjdUV
A/UMT0CjG7G1DDndhMHMfQMFiIRNz0Sduy79PXsLWMtvtD1Y6Bf0PL5YmMbAQOU+
adxeokSOc1WEXvw7N5T3BdWtqTDo4VF41tf/tDFDm+7YGvI3OmM=
=tKU/
-----END PGP SIGNATURE-----

View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:7fb67354817ee6319fbe56189ef248105bc3025983dabfe654992f31a86c7f98
size 31696716

3
l10n-127.0.tar.xz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:68c4f9dc1ae31acaf51cde83abafad3f308211c260b398b2ac58e390344a4119
size 31787988

View File

@ -1,16 +1,16 @@
# HG changeset patch
# Parent 60fc1933af9d4f1769025a6f1d9a60db6b899315
# Parent fdc16b43f28c2e974929ca702563aaac52799654
diff --git a/dom/media/platforms/ffmpeg/FFmpegRuntimeLinker.cpp b/dom/media/platforms/ffmpeg/FFmpegRuntimeLinker.cpp
--- a/dom/media/platforms/ffmpeg/FFmpegRuntimeLinker.cpp
+++ b/dom/media/platforms/ffmpeg/FFmpegRuntimeLinker.cpp
@@ -36,16 +36,18 @@ static const char* sLibs[] = {
"libavcodec.54.dylib",
@@ -44,16 +44,18 @@ static const char* sLibs[] = {
"libavcodec.53.dylib",
#elif defined(XP_OPENBSD)
"libavcodec.so", // OpenBSD hardly controls the major/minor library version
// of ffmpeg and update it regulary on ABI/API changes
#else
"libavcodec.so.61",
"libavcodec.so.60",
"libavcodec.so.59",
+ "libavcodec.so.58.134",

View File

@ -1,18 +1,18 @@
# HG changeset patch
# Parent 83a5e219b271976ee9dfa46b74ecc1c1c6d49f94
# Parent 8c5b7b10f09b8cd6a8a6e0e29b92ec88cec6d4ce
diff --git a/Cargo.toml b/Cargo.toml
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -234,8 +234,14 @@ mio_0_8 = { package = "mio", git = "http
path = "third_party/rust/mio-0.6.23"
@@ -238,8 +238,14 @@ mio_0_8 = { package = "mio", git = "http
# Patch `gpu-descriptor` 0.3.0 to remove unnecessary `allocator-api2` dep.:
# Still waiting for the now-merged <https://github.com/zakarumych/gpu-descriptor/pull/40> to be released.
gpu-descriptor = { git = "https://github.com/zakarumych/gpu-descriptor", rev = "7b71a4e47c81903ad75e2c53deb5ab1310f6ff4d" }
[patch."https://github.com/mozilla/uniffi-rs.git"]
uniffi = "0.27.1"
uniffi_bindgen = "0.27.1"
uniffi_build = "0.27.1"
uniffi_macros = "0.27.1"
weedle2 = "=5.0.0"
# Patch mio 0.6 to use winapi 0.3 and miow 0.3, getting rid of winapi 0.2.
# There is not going to be new version of mio 0.6, mio now being >= 0.7.11.
[patch.crates-io.mio]
path = "third_party/rust/mio-0.6.23"
+
+# Package code v0.1.4 uses code "that will be rejected by a future version of Rust"
+# Shut up such messages for now to make the build succeed

View File

@ -1,5 +1,5 @@
# HG changeset patch
# Parent af0655f894a27ef60aa8438af7939a5ebc498df0
# Parent 45b7287e677b0d0a47091f763c19d75955c291a1
diff --git a/gfx/skia/skia/include/codec/SkEncodedOrigin.h b/gfx/skia/skia/include/codec/SkEncodedOrigin.h
--- a/gfx/skia/skia/include/codec/SkEncodedOrigin.h
@ -462,7 +462,7 @@ diff --git a/third_party/libwebrtc/api/adaptation/resource.cc b/third_party/libw
diff --git a/third_party/libwebrtc/api/rtp_parameters.cc b/third_party/libwebrtc/api/rtp_parameters.cc
--- a/third_party/libwebrtc/api/rtp_parameters.cc
+++ b/third_party/libwebrtc/api/rtp_parameters.cc
@@ -27,16 +27,17 @@ const char* DegradationPreferenceToStrin
@@ -28,16 +28,17 @@ const char* DegradationPreferenceToStrin
case DegradationPreference::MAINTAIN_FRAMERATE:
return "maintain-framerate";
case DegradationPreference::MAINTAIN_RESOLUTION:
@ -505,7 +505,7 @@ diff --git a/third_party/libwebrtc/api/video/video_frame_buffer.cc b/third_party
diff --git a/third_party/libwebrtc/api/video_codecs/video_codec.cc b/third_party/libwebrtc/api/video_codecs/video_codec.cc
--- a/third_party/libwebrtc/api/video_codecs/video_codec.cc
+++ b/third_party/libwebrtc/api/video_codecs/video_codec.cc
@@ -126,16 +126,17 @@ const char* CodecTypeToPayloadString(Vid
@@ -156,16 +156,17 @@ const char* CodecTypeToPayloadString(Vid
case kVideoCodecMultiplex:
return kPayloadNameMultiplex;
case kVideoCodecGeneric:
@ -526,7 +526,7 @@ diff --git a/third_party/libwebrtc/api/video_codecs/video_codec.cc b/third_party
diff --git a/third_party/libwebrtc/api/video_codecs/video_encoder_software_fallback_wrapper.cc b/third_party/libwebrtc/api/video_codecs/video_encoder_software_fallback_wrapper.cc
--- a/third_party/libwebrtc/api/video_codecs/video_encoder_software_fallback_wrapper.cc
+++ b/third_party/libwebrtc/api/video_codecs/video_encoder_software_fallback_wrapper.cc
@@ -183,16 +183,17 @@ class VideoEncoderSoftwareFallbackWrappe
@@ -184,16 +184,17 @@ class VideoEncoderSoftwareFallbackWrappe
[[fallthrough]];
case EncoderState::kMainEncoderUsed:
return encoder_.get();
@ -544,7 +544,7 @@ diff --git a/third_party/libwebrtc/api/video_codecs/video_encoder_software_fallb
// Settings used in the last InitEncode call and used if a dynamic fallback to
// software is required.
@@ -363,16 +364,17 @@ int32_t VideoEncoderSoftwareFallbackWrap
@@ -377,16 +378,17 @@ int32_t VideoEncoderSoftwareFallbackWrap
case EncoderState::kMainEncoderUsed: {
return EncodeWithMainEncoder(frame, frame_types);
}
@ -684,7 +684,7 @@ diff --git a/third_party/libwebrtc/call/video_send_stream.cc b/third_party/libwe
diff --git a/third_party/libwebrtc/media/base/codec.cc b/third_party/libwebrtc/media/base/codec.cc
--- a/third_party/libwebrtc/media/base/codec.cc
+++ b/third_party/libwebrtc/media/base/codec.cc
@@ -200,16 +200,17 @@ bool Codec::Matches(const Codec& codec)
@@ -228,16 +228,17 @@ bool Codec::Matches(const Codec& codec)
(codec.bitrate == 0 || bitrate <= 0 ||
bitrate == codec.bitrate) &&
((codec.channels < 2 && channels < 2) ||
@ -765,7 +765,7 @@ diff --git a/third_party/libwebrtc/modules/audio_processing/agc2/rnn_vad/rnn_fc.
diff --git a/third_party/libwebrtc/modules/audio_processing/audio_processing_impl.cc b/third_party/libwebrtc/modules/audio_processing/audio_processing_impl.cc
--- a/third_party/libwebrtc/modules/audio_processing/audio_processing_impl.cc
+++ b/third_party/libwebrtc/modules/audio_processing/audio_processing_impl.cc
@@ -94,16 +94,17 @@ GainControl::Mode Agc1ConfigModeToInterf
@@ -96,16 +96,17 @@ GainControl::Mode Agc1ConfigModeToInterf
case Agc1Config::kAdaptiveAnalog:
return GainControl::kAdaptiveAnalog;
case Agc1Config::kAdaptiveDigital:
@ -783,7 +783,7 @@ diff --git a/third_party/libwebrtc/modules/audio_processing/audio_processing_imp
// Maximum lengths that frame of samples being passed from the render side to
// the capture side can have (does not apply to AEC3).
@@ -161,17 +162,17 @@ int AudioFormatValidityToErrorCode(Audio
@@ -163,17 +164,17 @@ int AudioFormatValidityToErrorCode(Audio
case AudioFormatValidity::kValidAndSupported:
return AudioProcessing::kNoError;
case AudioFormatValidity::kValidButUnsupportedSampleRate: // fall-through
@ -802,7 +802,7 @@ diff --git a/third_party/libwebrtc/modules/audio_processing/audio_processing_imp
const StreamConfig& input_config,
const StreamConfig& output_config) {
AudioFormatValidity input_validity = ValidateAudioFormat(input_config);
@@ -2416,16 +2417,17 @@ void AudioProcessingImpl::InitializeNois
@@ -2420,16 +2421,17 @@ void AudioProcessingImpl::InitializeNois
case NoiseSuppresionConfig::kModerate:
return NsConfig::SuppressionLevel::k12dB;
case NoiseSuppresionConfig::kHigh:
@ -921,12 +921,12 @@ diff --git a/third_party/libwebrtc/modules/desktop_capture/linux/wayland/screenc
diff --git a/third_party/libwebrtc/modules/pacing/bitrate_prober.cc b/third_party/libwebrtc/modules/pacing/bitrate_prober.cc
--- a/third_party/libwebrtc/modules/pacing/bitrate_prober.cc
+++ b/third_party/libwebrtc/modules/pacing/bitrate_prober.cc
@@ -64,16 +64,17 @@ bool BitrateProber::ReadyToSetActiveStat
return false;
case ProbingState::kInactive:
// If config_.min_packet_size > 0, a "large enough" packet must be sent
// first, before a probe can be generated and sent. Otherwise, send the
// probe asap.
@@ -79,16 +79,17 @@ bool BitrateProber::ReadyToSetActiveStat
return true;
}
// If config_.min_packet_size > 0, a "large enough" packet must be
// sent first, before a probe can be generated and sent. Otherwise,
// send the probe asap.
return packet_size >=
std::min(RecommendedMinProbeSize(), config_.min_packet_size.Get());
}
@ -934,18 +934,18 @@ diff --git a/third_party/libwebrtc/modules/pacing/bitrate_prober.cc b/third_part
}
void BitrateProber::OnIncomingPacket(DataSize packet_size) {
if (ReadyToSetActiveState(packet_size)) {
next_probe_time_ = Timestamp::MinusInfinity();
probing_state_ = ProbingState::kActive;
}
MaybeSetActiveState(packet_size);
}
void BitrateProber::CreateProbeCluster(
const ProbeClusterConfig& cluster_config) {
diff --git a/third_party/libwebrtc/modules/rtp_rtcp/source/create_video_rtp_depacketizer.cc b/third_party/libwebrtc/modules/rtp_rtcp/source/create_video_rtp_depacketizer.cc
--- a/third_party/libwebrtc/modules/rtp_rtcp/source/create_video_rtp_depacketizer.cc
+++ b/third_party/libwebrtc/modules/rtp_rtcp/source/create_video_rtp_depacketizer.cc
@@ -36,11 +36,12 @@ std::unique_ptr<VideoRtpDepacketizer> Cr
case kVideoCodecH265:
// TODO(bugs.webrtc.org/13485): Implement VideoRtpDepacketizerH265.
@@ -42,11 +42,12 @@ std::unique_ptr<VideoRtpDepacketizer> Cr
#else
return nullptr;
#endif
case kVideoCodecGeneric:
case kVideoCodecMultiplex:
return std::make_unique<VideoRtpDepacketizerGeneric>();

View File

@ -1,10 +1,10 @@
PRODUCT="firefox"
CHANNEL="release"
VERSION="126.0.1"
VERSION="127.0"
VERSION_SUFFIX=""
PREV_VERSION="126.0"
PREV_VERSION="126.0.1"
PREV_VERSION_SUFFIX=""
#SKIP_LOCALES="" # Uncomment to skip l10n and compare-locales-generation
RELEASE_REPO="https://hg.mozilla.org/releases/mozilla-release"
RELEASE_TAG="6c033deedc28e5dadb0b99de7336cb6ebb336631"
RELEASE_TIMESTAMP="20240526221752"
RELEASE_TAG="cfd3e02d8411b3a938cda7242dcf044cf03c03d1"
RELEASE_TIMESTAMP="20240606181944"