diff --git a/MozillaFirefox.changes b/MozillaFirefox.changes index 4fbee522..c0499dbe 100644 --- a/MozillaFirefox.changes +++ b/MozillaFirefox.changes @@ -1,3 +1,45 @@ +------------------------------------------------------------------- +Tue Jun 11 09:21:24 UTC 2024 - Wolfgang Rosenauer + +- Mozilla Firefox 127.0 + https://www.mozilla.org/en-US/firefox/127.0/releasenotes + MFSA 2024-25 (bsc#1226027) + * CVE-2024-5687 (bmo#1889066) + An incorrect principal could have been used when opening new tabs + * CVE-2024-5688 (bmo#1895086) + Use-after-free in JavaScript object transplant + * CVE-2024-5689 (bmo#1389707) + User confusion and possible phishing vector via Firefox Screenshots + * CVE-2024-5690 (bmo#1883693) + External protocol handlers leaked by timing attack + * CVE-2024-5691 (bmo#1888695) + Sandboxed iframes were able to bypass sandbox restrictions to + open a new window + * CVE-2024-5692 (bmo#1837514, bmo#1891234) + Bypass of file name restrictions during saving + * CVE-2024-5693 (bmo#1891319) + Cross-Origin Image leak via Offscreen Canvas + * CVE-2024-5694 (bmo#1895055) + Use-after-free in JavaScript Strings + * CVE-2024-5695 (bmo#1895579) + Memory Corruption using allocation using out-of-memory conditions + * CVE-2024-5696 (bmo#1896555) + Memory Corruption in Text Fragments + * CVE-2024-5697 (bmo#1414937) + Website was able to detect when Firefox was taking a + screenshot of them + * CVE-2024-5698 (bmo#1828259) + Data-list could have overlaid address bar + * CVE-2024-5699 (bmo#1891349) + Cookie prefixes not treated as case-sensitive + * CVE-2024-5700 (bmo#1862809, bmo#1889355, bmo#1893388, bmo#1895123) + Memory safety bugs fixed in Firefox 127, Firefox ESR 115.12, + and Thunderbird 115.12 + * CVE-2024-5701 (bmo#1890909, bmo#1891422, bmo#1893915, + bmo#1894047, bmo#1896024) + Memory safety bugs fixed in Firefox 127 +- removed obsolete mozilla-bmo1886378.patch + ------------------------------------------------------------------- Wed May 29 06:05:07 UTC 2024 - Wolfgang Rosenauer diff --git a/MozillaFirefox.spec b/MozillaFirefox.spec index fedc7505..54e39f0b 100644 --- a/MozillaFirefox.spec +++ b/MozillaFirefox.spec @@ -28,9 +28,9 @@ # orig_suffix b3 # major 69 # mainver %%major.99 -%define major 126 -%define mainver %major.0.1 -%define orig_version 126.0.1 +%define major 127 +%define mainver %major.0 +%define orig_version 127.0 %define orig_suffix %{nil} %define update_channel release %define branding 1 @@ -229,7 +229,6 @@ Patch21: svg-rendering.patch Patch22: mozilla-partial-revert-1768632.patch Patch23: mozilla-rust-disable-future-incompat.patch Patch24: mozilla-bmo1822730.patch -Patch25: mozilla-bmo1886378.patch # Firefox/browser Patch101: firefox-kde.patch Patch102: firefox-branded-icons.patch diff --git a/firefox-126.0.1.source.tar.xz b/firefox-126.0.1.source.tar.xz deleted file mode 100644 index 82418a26..00000000 --- a/firefox-126.0.1.source.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:f63026359f678a5d45cea4c7744fcef512abbb58a5b016bbbb1c6ace723a263b -size 552965660 diff --git a/firefox-126.0.1.source.tar.xz.asc b/firefox-126.0.1.source.tar.xz.asc deleted file mode 100644 index 6e7c711a..00000000 --- a/firefox-126.0.1.source.tar.xz.asc +++ /dev/null @@ -1,16 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQIzBAABCgAdFiEErdcHlHlwDcrf3VM34207E/PZMnQFAmZUvKsACgkQ4207E/PZ -MnRyIA//RmJnrGX1k1J3T9zBknzbhFPxUu3HYp4D7kKrIMJKfzhXpsaIzMaP5AF+ -gYC8ixY7o3EbkJtMK8MDXV7Pq+Si+KEmMMgNT+2MQIgGodizBIxUDb+/q8Vl3SCk -LyPAvLIN2nqfVIV3jZ2TNO3fa1U6mW1qswy38Gg0K+/lftG5oZt3nDkJ/Ieqr8Qj -ll36Yoi1ClqD1DhAn5zRBfFpi3InuX7SRMyrNqi7xdo/4v9aG5aWHPn7EbH9LWmW -vDVX1tMh7sWZqJxDT/hofoCuNxX9coS+8alCHSSTZt9DoKQmNjox1Xz/gaNL6xjz -fuNC4WuWUs9/hYkxrRuHKWSzVxq5Qon6QssrrF3pfEXrDwQeb7txQlBesXRpwlq7 -LzgQaudIcRU3SgIS7qaUjS3uKNTV8Jivhm0PBuz+FvhuheXTYK0jnk1Ddkkv0Cfq -0SZk4QiZG8Z73HHjEyifHT9QMe5hQbl132momsDRBhUrJpKXyPWNvcq6yxrWFOkL -NWsrnHMDINbonkAgkX1JTxe5MbNts74INzGZJkIMsC/Y33+dmOhePySKd+OcG2eM -DqdsrQLComWpye1FTwYzynR8yVqjbdUoLjfUFWQmliI/wwI7CYfxathxHV1Q5J3N -101fLb5TR4tQOuw8zsnQCPKurVlztx2j/5K90WIL+s1fxnnPGwI= -=gkjp ------END PGP SIGNATURE----- diff --git a/firefox-127.0.source.tar.xz b/firefox-127.0.source.tar.xz new file mode 100644 index 00000000..18407c03 --- /dev/null +++ b/firefox-127.0.source.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:ea6b089ff046ca503978fdaf11ea123c64f66bbcdc4a968bed8f7c93e9994321 +size 558840124 diff --git a/firefox-127.0.source.tar.xz.asc b/firefox-127.0.source.tar.xz.asc new file mode 100644 index 00000000..e79aa876 --- /dev/null +++ b/firefox-127.0.source.tar.xz.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCgAdFiEErdcHlHlwDcrf3VM34207E/PZMnQFAmZiLSAACgkQ4207E/PZ +MnSBbA//Xn5pxTREkgot1JwNl1JB3+uYqLjjDcTbZFWhJ/wf6gqokRSbGl+PSVGM +5kOYvggfleRcqc8/OUicD2/SlCXAP/SnxZPmKQXhZJ5o6MLxLELWyeVpgQQNPQAM +5FfkHDGWGyt2B7i5Zfh380IM5KsFso0sglAmeANngI66ePYx/0kOdvUa6YxM/uss +4SjxO6JaquWnQFxG3tmknQZYMQ3u+Zfqq2D6wVD3B+j2oTToQTGXvWHIzT7VEyaj +2xs7s0pecVYiWP92LJlrNV6vFnG8lVyv/zRQURdJ4UYmgRXx5/AZ+k8SFCvQwii3 +eHVDJ4IjG7fa36ttubaWf3HZYcWvVV7jnZhLF3MnRmTo0cbY9L4XHCWSEsUq5QnH +q2BSRq+cjE0GwzBw1NFf5b0yIbzy3EQWdhAOH6jpaTZ4veb4yl9UNLg5ms2nkfv7 +dpwzhruDa7WWjICELcwyd420tMrL12EuvOORcenXsY+Mqz8k4DpiS5pmBxzN5o8q +/vQbtuOQLM2ZzIjSYKv82egGvEOkuzTCR2UfN4QuWztLbp96PoCZ7No1j4cWjdUV +A/UMT0CjG7G1DDndhMHMfQMFiIRNz0Sduy79PXsLWMtvtD1Y6Bf0PL5YmMbAQOU+ +adxeokSOc1WEXvw7N5T3BdWtqTDo4VF41tf/tDFDm+7YGvI3OmM= +=tKU/ +-----END PGP SIGNATURE----- diff --git a/l10n-126.0.1.tar.xz b/l10n-126.0.1.tar.xz deleted file mode 100644 index 8de18dbb..00000000 --- a/l10n-126.0.1.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:7fb67354817ee6319fbe56189ef248105bc3025983dabfe654992f31a86c7f98 -size 31696716 diff --git a/l10n-127.0.tar.xz b/l10n-127.0.tar.xz new file mode 100644 index 00000000..7164b27c --- /dev/null +++ b/l10n-127.0.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:68c4f9dc1ae31acaf51cde83abafad3f308211c260b398b2ac58e390344a4119 +size 31787988 diff --git a/mozilla-libavcodec58_91.patch b/mozilla-libavcodec58_91.patch index 06bce77d..3c171404 100644 --- a/mozilla-libavcodec58_91.patch +++ b/mozilla-libavcodec58_91.patch @@ -1,16 +1,16 @@ # HG changeset patch -# Parent 60fc1933af9d4f1769025a6f1d9a60db6b899315 +# Parent fdc16b43f28c2e974929ca702563aaac52799654 diff --git a/dom/media/platforms/ffmpeg/FFmpegRuntimeLinker.cpp b/dom/media/platforms/ffmpeg/FFmpegRuntimeLinker.cpp --- a/dom/media/platforms/ffmpeg/FFmpegRuntimeLinker.cpp +++ b/dom/media/platforms/ffmpeg/FFmpegRuntimeLinker.cpp -@@ -36,16 +36,18 @@ static const char* sLibs[] = { - "libavcodec.54.dylib", +@@ -44,16 +44,18 @@ static const char* sLibs[] = { "libavcodec.53.dylib", #elif defined(XP_OPENBSD) "libavcodec.so", // OpenBSD hardly controls the major/minor library version // of ffmpeg and update it regulary on ABI/API changes #else + "libavcodec.so.61", "libavcodec.so.60", "libavcodec.so.59", + "libavcodec.so.58.134", diff --git a/mozilla-rust-disable-future-incompat.patch b/mozilla-rust-disable-future-incompat.patch index 75a1200a..272d96cb 100644 --- a/mozilla-rust-disable-future-incompat.patch +++ b/mozilla-rust-disable-future-incompat.patch @@ -1,18 +1,18 @@ # HG changeset patch -# Parent 83a5e219b271976ee9dfa46b74ecc1c1c6d49f94 +# Parent 8c5b7b10f09b8cd6a8a6e0e29b92ec88cec6d4ce diff --git a/Cargo.toml b/Cargo.toml --- a/Cargo.toml +++ b/Cargo.toml -@@ -234,8 +234,14 @@ mio_0_8 = { package = "mio", git = "http - path = "third_party/rust/mio-0.6.23" +@@ -238,8 +238,14 @@ mio_0_8 = { package = "mio", git = "http + # Patch `gpu-descriptor` 0.3.0 to remove unnecessary `allocator-api2` dep.: + # Still waiting for the now-merged to be released. + gpu-descriptor = { git = "https://github.com/zakarumych/gpu-descriptor", rev = "7b71a4e47c81903ad75e2c53deb5ab1310f6ff4d" } - [patch."https://github.com/mozilla/uniffi-rs.git"] - uniffi = "0.27.1" - uniffi_bindgen = "0.27.1" - uniffi_build = "0.27.1" - uniffi_macros = "0.27.1" - weedle2 = "=5.0.0" + # Patch mio 0.6 to use winapi 0.3 and miow 0.3, getting rid of winapi 0.2. + # There is not going to be new version of mio 0.6, mio now being >= 0.7.11. + [patch.crates-io.mio] + path = "third_party/rust/mio-0.6.23" + +# Package code v0.1.4 uses code "that will be rejected by a future version of Rust" +# Shut up such messages for now to make the build succeed diff --git a/mozilla-silence-no-return-type.patch b/mozilla-silence-no-return-type.patch index d4436719..1bb97ff6 100644 --- a/mozilla-silence-no-return-type.patch +++ b/mozilla-silence-no-return-type.patch @@ -1,5 +1,5 @@ # HG changeset patch -# Parent af0655f894a27ef60aa8438af7939a5ebc498df0 +# Parent 45b7287e677b0d0a47091f763c19d75955c291a1 diff --git a/gfx/skia/skia/include/codec/SkEncodedOrigin.h b/gfx/skia/skia/include/codec/SkEncodedOrigin.h --- a/gfx/skia/skia/include/codec/SkEncodedOrigin.h @@ -462,7 +462,7 @@ diff --git a/third_party/libwebrtc/api/adaptation/resource.cc b/third_party/libw diff --git a/third_party/libwebrtc/api/rtp_parameters.cc b/third_party/libwebrtc/api/rtp_parameters.cc --- a/third_party/libwebrtc/api/rtp_parameters.cc +++ b/third_party/libwebrtc/api/rtp_parameters.cc -@@ -27,16 +27,17 @@ const char* DegradationPreferenceToStrin +@@ -28,16 +28,17 @@ const char* DegradationPreferenceToStrin case DegradationPreference::MAINTAIN_FRAMERATE: return "maintain-framerate"; case DegradationPreference::MAINTAIN_RESOLUTION: @@ -505,7 +505,7 @@ diff --git a/third_party/libwebrtc/api/video/video_frame_buffer.cc b/third_party diff --git a/third_party/libwebrtc/api/video_codecs/video_codec.cc b/third_party/libwebrtc/api/video_codecs/video_codec.cc --- a/third_party/libwebrtc/api/video_codecs/video_codec.cc +++ b/third_party/libwebrtc/api/video_codecs/video_codec.cc -@@ -126,16 +126,17 @@ const char* CodecTypeToPayloadString(Vid +@@ -156,16 +156,17 @@ const char* CodecTypeToPayloadString(Vid case kVideoCodecMultiplex: return kPayloadNameMultiplex; case kVideoCodecGeneric: @@ -526,7 +526,7 @@ diff --git a/third_party/libwebrtc/api/video_codecs/video_codec.cc b/third_party diff --git a/third_party/libwebrtc/api/video_codecs/video_encoder_software_fallback_wrapper.cc b/third_party/libwebrtc/api/video_codecs/video_encoder_software_fallback_wrapper.cc --- a/third_party/libwebrtc/api/video_codecs/video_encoder_software_fallback_wrapper.cc +++ b/third_party/libwebrtc/api/video_codecs/video_encoder_software_fallback_wrapper.cc -@@ -183,16 +183,17 @@ class VideoEncoderSoftwareFallbackWrappe +@@ -184,16 +184,17 @@ class VideoEncoderSoftwareFallbackWrappe [[fallthrough]]; case EncoderState::kMainEncoderUsed: return encoder_.get(); @@ -544,7 +544,7 @@ diff --git a/third_party/libwebrtc/api/video_codecs/video_encoder_software_fallb // Settings used in the last InitEncode call and used if a dynamic fallback to // software is required. -@@ -363,16 +364,17 @@ int32_t VideoEncoderSoftwareFallbackWrap +@@ -377,16 +378,17 @@ int32_t VideoEncoderSoftwareFallbackWrap case EncoderState::kMainEncoderUsed: { return EncodeWithMainEncoder(frame, frame_types); } @@ -684,7 +684,7 @@ diff --git a/third_party/libwebrtc/call/video_send_stream.cc b/third_party/libwe diff --git a/third_party/libwebrtc/media/base/codec.cc b/third_party/libwebrtc/media/base/codec.cc --- a/third_party/libwebrtc/media/base/codec.cc +++ b/third_party/libwebrtc/media/base/codec.cc -@@ -200,16 +200,17 @@ bool Codec::Matches(const Codec& codec) +@@ -228,16 +228,17 @@ bool Codec::Matches(const Codec& codec) (codec.bitrate == 0 || bitrate <= 0 || bitrate == codec.bitrate) && ((codec.channels < 2 && channels < 2) || @@ -765,7 +765,7 @@ diff --git a/third_party/libwebrtc/modules/audio_processing/agc2/rnn_vad/rnn_fc. diff --git a/third_party/libwebrtc/modules/audio_processing/audio_processing_impl.cc b/third_party/libwebrtc/modules/audio_processing/audio_processing_impl.cc --- a/third_party/libwebrtc/modules/audio_processing/audio_processing_impl.cc +++ b/third_party/libwebrtc/modules/audio_processing/audio_processing_impl.cc -@@ -94,16 +94,17 @@ GainControl::Mode Agc1ConfigModeToInterf +@@ -96,16 +96,17 @@ GainControl::Mode Agc1ConfigModeToInterf case Agc1Config::kAdaptiveAnalog: return GainControl::kAdaptiveAnalog; case Agc1Config::kAdaptiveDigital: @@ -783,7 +783,7 @@ diff --git a/third_party/libwebrtc/modules/audio_processing/audio_processing_imp // Maximum lengths that frame of samples being passed from the render side to // the capture side can have (does not apply to AEC3). -@@ -161,17 +162,17 @@ int AudioFormatValidityToErrorCode(Audio +@@ -163,17 +164,17 @@ int AudioFormatValidityToErrorCode(Audio case AudioFormatValidity::kValidAndSupported: return AudioProcessing::kNoError; case AudioFormatValidity::kValidButUnsupportedSampleRate: // fall-through @@ -802,7 +802,7 @@ diff --git a/third_party/libwebrtc/modules/audio_processing/audio_processing_imp const StreamConfig& input_config, const StreamConfig& output_config) { AudioFormatValidity input_validity = ValidateAudioFormat(input_config); -@@ -2416,16 +2417,17 @@ void AudioProcessingImpl::InitializeNois +@@ -2420,16 +2421,17 @@ void AudioProcessingImpl::InitializeNois case NoiseSuppresionConfig::kModerate: return NsConfig::SuppressionLevel::k12dB; case NoiseSuppresionConfig::kHigh: @@ -921,12 +921,12 @@ diff --git a/third_party/libwebrtc/modules/desktop_capture/linux/wayland/screenc diff --git a/third_party/libwebrtc/modules/pacing/bitrate_prober.cc b/third_party/libwebrtc/modules/pacing/bitrate_prober.cc --- a/third_party/libwebrtc/modules/pacing/bitrate_prober.cc +++ b/third_party/libwebrtc/modules/pacing/bitrate_prober.cc -@@ -64,16 +64,17 @@ bool BitrateProber::ReadyToSetActiveStat - return false; - case ProbingState::kInactive: - // If config_.min_packet_size > 0, a "large enough" packet must be sent - // first, before a probe can be generated and sent. Otherwise, send the - // probe asap. +@@ -79,16 +79,17 @@ bool BitrateProber::ReadyToSetActiveStat + return true; + } + // If config_.min_packet_size > 0, a "large enough" packet must be + // sent first, before a probe can be generated and sent. Otherwise, + // send the probe asap. return packet_size >= std::min(RecommendedMinProbeSize(), config_.min_packet_size.Get()); } @@ -934,18 +934,18 @@ diff --git a/third_party/libwebrtc/modules/pacing/bitrate_prober.cc b/third_part } void BitrateProber::OnIncomingPacket(DataSize packet_size) { - if (ReadyToSetActiveState(packet_size)) { - next_probe_time_ = Timestamp::MinusInfinity(); - probing_state_ = ProbingState::kActive; - } + MaybeSetActiveState(packet_size); } + + void BitrateProber::CreateProbeCluster( + const ProbeClusterConfig& cluster_config) { diff --git a/third_party/libwebrtc/modules/rtp_rtcp/source/create_video_rtp_depacketizer.cc b/third_party/libwebrtc/modules/rtp_rtcp/source/create_video_rtp_depacketizer.cc --- a/third_party/libwebrtc/modules/rtp_rtcp/source/create_video_rtp_depacketizer.cc +++ b/third_party/libwebrtc/modules/rtp_rtcp/source/create_video_rtp_depacketizer.cc -@@ -36,11 +36,12 @@ std::unique_ptr Cr - case kVideoCodecH265: - // TODO(bugs.webrtc.org/13485): Implement VideoRtpDepacketizerH265. +@@ -42,11 +42,12 @@ std::unique_ptr Cr + #else return nullptr; + #endif case kVideoCodecGeneric: case kVideoCodecMultiplex: return std::make_unique(); diff --git a/tar_stamps b/tar_stamps index f63ac9a6..bfeddfe7 100644 --- a/tar_stamps +++ b/tar_stamps @@ -1,10 +1,10 @@ PRODUCT="firefox" CHANNEL="release" -VERSION="126.0.1" +VERSION="127.0" VERSION_SUFFIX="" -PREV_VERSION="126.0" +PREV_VERSION="126.0.1" PREV_VERSION_SUFFIX="" #SKIP_LOCALES="" # Uncomment to skip l10n and compare-locales-generation RELEASE_REPO="https://hg.mozilla.org/releases/mozilla-release" -RELEASE_TAG="6c033deedc28e5dadb0b99de7336cb6ebb336631" -RELEASE_TIMESTAMP="20240526221752" +RELEASE_TAG="cfd3e02d8411b3a938cda7242dcf044cf03c03d1" +RELEASE_TIMESTAMP="20240606181944"