From 9a9faccc26e4e3ef00186530e235cb074743b450896c24c6352c6491699ab02f Mon Sep 17 00:00:00 2001 From: Wolfgang Rosenauer Date: Mon, 27 Nov 2023 14:33:21 +0000 Subject: [PATCH] - Mozilla Firefox 120.0 https://www.mozilla.org/en-US/firefox/120.0/releasenotes MFSA 2023-49 (bsc#1217230) * CVE-2023-6204 (bmo#1841050) Out-of-bound memory access in WebGL2 blitFramebuffer * CVE-2023-6205 (bmo#1854076) Use-after-free in MessagePort::Entangled * CVE-2023-6206 (bmo#1857430) Clickjacking permission prompts using the fullscreen transition * CVE-2023-6207 (bmo#1861344) Use-after-free in ReadableByteStreamQueueEntry::Buffer * CVE-2023-6208 (bmo#1855345) Using Selection API would copy contents into X11 primary selection. * CVE-2023-6209 (bmo#1858570) Incorrect parsing of relative URLs starting with "///" * CVE-2023-6210 (bmo#1801501) Mixed-content resources not blocked in a javascript: pop-up * CVE-2023-6211 (bmo#1850200) Clickjacking to load insecure pages in HTTPS-only mode * CVE-2023-6212 (bmo#1658432, bmo#1820983, bmo#1829252, bmo#1856072, bmo#1856091, bmo#1859030, bmo#1860943, bmo#1862782) Memory safety bugs fixed in Firefox 120, Firefox ESR 115.5, and Thunderbird 115.5 * CVE-2023-6213 (bmo#1849265, bmo#1851118, bmo#1854911) Memory safety bugs fixed in Firefox 120 - rebased patches OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=1120 --- MozillaFirefox.changes | 33 ++++++++++++++++++ MozillaFirefox.spec | 6 ++-- firefox-119.0.1.source.tar.xz | 3 -- firefox-119.0.1.source.tar.xz.asc | 16 --------- firefox-120.0.source.tar.xz | 3 ++ firefox-120.0.source.tar.xz.asc | 16 +++++++++ firefox-kde.patch | 51 ++++++++++++++++++++-------- l10n-119.0.1.tar.xz | 3 -- l10n-120.0.tar.xz | 3 ++ mozilla-silence-no-return-type.patch | 27 +++++++++++++-- tar_stamps | 8 ++--- 11 files changed, 123 insertions(+), 46 deletions(-) delete mode 100644 firefox-119.0.1.source.tar.xz delete mode 100644 firefox-119.0.1.source.tar.xz.asc create mode 100644 firefox-120.0.source.tar.xz create mode 100644 firefox-120.0.source.tar.xz.asc delete mode 100644 l10n-119.0.1.tar.xz create mode 100644 l10n-120.0.tar.xz diff --git a/MozillaFirefox.changes b/MozillaFirefox.changes index 0b8fdc77..792c5909 100644 --- a/MozillaFirefox.changes +++ b/MozillaFirefox.changes @@ -1,3 +1,36 @@ +------------------------------------------------------------------- +Wed Nov 22 06:57:37 UTC 2023 - Wolfgang Rosenauer + +- Mozilla Firefox 120.0 + https://www.mozilla.org/en-US/firefox/120.0/releasenotes + MFSA 2023-49 (bsc#1217230) + * CVE-2023-6204 (bmo#1841050) + Out-of-bound memory access in WebGL2 blitFramebuffer + * CVE-2023-6205 (bmo#1854076) + Use-after-free in MessagePort::Entangled + * CVE-2023-6206 (bmo#1857430) + Clickjacking permission prompts using the fullscreen + transition + * CVE-2023-6207 (bmo#1861344) + Use-after-free in ReadableByteStreamQueueEntry::Buffer + * CVE-2023-6208 (bmo#1855345) + Using Selection API would copy contents into X11 primary + selection. + * CVE-2023-6209 (bmo#1858570) + Incorrect parsing of relative URLs starting with "///" + * CVE-2023-6210 (bmo#1801501) + Mixed-content resources not blocked in a javascript: pop-up + * CVE-2023-6211 (bmo#1850200) + Clickjacking to load insecure pages in HTTPS-only mode + * CVE-2023-6212 (bmo#1658432, bmo#1820983, bmo#1829252, + bmo#1856072, bmo#1856091, bmo#1859030, bmo#1860943, + bmo#1862782) + Memory safety bugs fixed in Firefox 120, Firefox ESR 115.5, + and Thunderbird 115.5 + * CVE-2023-6213 (bmo#1849265, bmo#1851118, bmo#1854911) + Memory safety bugs fixed in Firefox 120 +- rebased patches + ------------------------------------------------------------------- Wed Nov 8 20:27:15 UTC 2023 - Andreas Stieger diff --git a/MozillaFirefox.spec b/MozillaFirefox.spec index f9b377e8..a6daba34 100644 --- a/MozillaFirefox.spec +++ b/MozillaFirefox.spec @@ -28,9 +28,9 @@ # orig_suffix b3 # major 69 # mainver %%major.99 -%define major 119 -%define mainver %major.0.1 -%define orig_version 119.0.1 +%define major 120 +%define mainver %major.0 +%define orig_version 120.0 %define orig_suffix %{nil} %define update_channel release %define branding 1 diff --git a/firefox-119.0.1.source.tar.xz b/firefox-119.0.1.source.tar.xz deleted file mode 100644 index d2bd343d..00000000 --- a/firefox-119.0.1.source.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:48cc43cab060e97467e9a17617f511a177e7b91b7e77e408425351a2cbb07f70 -size 524717896 diff --git a/firefox-119.0.1.source.tar.xz.asc b/firefox-119.0.1.source.tar.xz.asc deleted file mode 100644 index f63cea4f..00000000 --- a/firefox-119.0.1.source.tar.xz.asc +++ /dev/null @@ -1,16 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQIzBAABCgAdFiEErdcHlHlwDcrf3VM34207E/PZMnQFAmVJPZsACgkQ4207E/PZ -MnQJBxAAnLfI92Dtrn2DYP9qz7QTadoLIO7jrbTchmr0yb995sU8KCVz4vRa21CJ -0NHvVUXTDfCbGnoqK+i0f/pPBk9dtdQcwOFSqRTu6Z4cUqFaMEjLFRmOpgNyeP6A -pZ8ur/eoVdsd3Il29hzneOaS/DrAL29Vc7thw3hndyS/U7kz6YVbgswlfZ3b788p -5KgwvfwGEoO7eYBs5id2iVXFBv9+tNvQ+IKq36rTmg3nF16xg5TboOc6MJEHgie2 -ifNNpPtLxueYiCJrUaso+nn8q9DORCZhCExHII3+WZEghPLnp3PuKS3/7s7WRm9a -nhFrLymXsXScLX7S0yVm/VFKv2qvB31LxviXlGGADZY3URXVN8pMA69MWQt4pJ3D -iY8nuJNM4TeJV92robhIoNvSlIGid+VfAd/QnJQfD5rS7k/JyENRcPX20nvTHNBu -vNMMh5INVh2cNSzrHC6tJ27cJJVnqeWqR96YGfJb3uanwpTBl043RQ3HvT8wjiPY -IDt1r0NeRjlHPpCqs+yU4/L56gwB6YFuMBT/Wkq+w4RJwM314bKI7jWnm+j3IOGz -lDFxZTaJOe6Qs82A04JeNrv99q9twCGMeYAnzzs9LCORr/BHpxlQ4uBEF+AAyeo4 -xIvfNz8RQrvVC7qo9PFud/4L3Xx20NEKzTk/VeZ2p1ptuMGo8J4= -=YHYk ------END PGP SIGNATURE----- diff --git a/firefox-120.0.source.tar.xz b/firefox-120.0.source.tar.xz new file mode 100644 index 00000000..75f88eaa --- /dev/null +++ b/firefox-120.0.source.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:e710058701074eda53ca9f5fd52c57254858a027984f735bdcd58d6906f6b574 +size 534394880 diff --git a/firefox-120.0.source.tar.xz.asc b/firefox-120.0.source.tar.xz.asc new file mode 100644 index 00000000..c5f9bddd --- /dev/null +++ b/firefox-120.0.source.tar.xz.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCgAdFiEErdcHlHlwDcrf3VM34207E/PZMnQFAmVWVjoACgkQ4207E/PZ +MnQOKxAAhMNvQMzvg2jAchYwpQeeRed3DyBK6RmJfYk5ifSl/0AodovItGwZwNxm +Y4PXny/xt8Gned9VEMX8xN3CPSRTiGZKZxCK6JBd5+2LH8e0ILyghjsOuZEPxbm1 +tSz2Iz7/w126ZeTkYdLY8rNMCS8l78PcAxQlPUbkKLdeC0uif9eBYnuJqaIHJqr6 +QUVkf3nno380KXA0hPBqGyAEBRlJBJgen+LYkfe0fgZ9Q3RbXZLybg1R3SIC3jbQ +Hf8wYbjO8CG90W9ffz5EXDCscUgcVkxpTYgNi6GF1aK4+w2O6274viPBzr5PoBwb +yC0QrClTiPoQreBfUhI9xbypJmlPfUa2+lz1eVfw6Z2Vd5QWA9b8jNgOsvBrCRDw +99JW/LtYHv1xiNTMYnAcS4NbmIUhfvUv2F0TzROhdK4sDAQANtHiCHN+5yURERLm +Ta8mC6/MFRQ1KsbFns0wXVBK9ASK/X4qmZnv6HKyuqowVQNlU/NX0HXsyLSceq2H +KfADdQl3ORXDmSgOEzrghWl4ZZhINZEyTLwU4RR71ZzM9t2eknse2QvYYTbsUkoQ +Iej/SFByibAKH0t5d8ETknEvJOZD9PI88U+KUIsfhsXgvrSGpkHbqOPrTP7lSppe +Cnrzx4TmS0vTId5t7bYGFyJc5AEi3pl9P+8L7D6j//Y2CGfE/VM= +=5fKk +-----END PGP SIGNATURE----- diff --git a/firefox-kde.patch b/firefox-kde.patch index 95349bc7..229e298d 100644 --- a/firefox-kde.patch +++ b/firefox-kde.patch @@ -27,10 +27,14 @@ How to apply this patch: create mode 100644 browser/components/shell/nsUnixShellService.h diff --git a/browser/components/preferences/main.js b/browser/components/preferences/main.js -index 609b9a9d06178b42b0ba8509500a1b72d8bd3b88..05df0fc6ce279ab6161a3f93450e7296c95a371f 100644 --- a/browser/components/preferences/main.js +++ b/browser/components/preferences/main.js -@@ -294,6 +294,13 @@ var gMainPane = { +@@ -291,16 +291,23 @@ var gMainPane = { + }, backoffTimes[this._backoffIndex + 1 < backoffTimes.length ? this._backoffIndex++ : backoffTimes.length - 1]); + }; + + window.setTimeout(() => { + window.requestIdleCallback(pollForDefaultBrowser); }, backoffTimes[this._backoffIndex]); } @@ -44,10 +48,20 @@ index 609b9a9d06178b42b0ba8509500a1b72d8bd3b88..05df0fc6ce279ab6161a3f93450e7296 this.initBrowserContainers(); this.buildContentProcessCountMenuList(); -@@ -1725,6 +1732,17 @@ var gMainPane = { + this.updateDefaultPerformanceSettingsPref(); + + let defaultPerformancePref = Preferences.get( + "browser.preferences.defaultPerformanceSettings.enabled" + ); +@@ -1744,16 +1751,27 @@ var gMainPane = { + this._backoffIndex = 0; + + let shellSvc = getShellService(); + if (!shellSvc) { + return; } try { - shellSvc.setDefaultBrowser(true, false); + shellSvc.setDefaultBrowser(false); + if (kde_session == 1) { + var shellObj = Components.classes["@mozilla.org/file/local;1"] + .createInstance(Components.interfaces.nsILocalFile); @@ -62,11 +76,20 @@ index 609b9a9d06178b42b0ba8509500a1b72d8bd3b88..05df0fc6ce279ab6161a3f93450e7296 } catch (ex) { console.error(ex); return; + } + + let isDefault = shellSvc.isDefaultBrowser(false, true); + let setDefaultPane = document.getElementById("setDefaultPane"); + setDefaultPane.classList.toggle("is-default", isDefault); diff --git a/browser/components/shell/moz.build b/browser/components/shell/moz.build -index eb88cb287dc3f04022b74b978666118bbd5fa6b2..95277533781a7224d108e3c45731a6d9a89ba1a0 100644 --- a/browser/components/shell/moz.build +++ b/browser/components/shell/moz.build -@@ -36,6 +36,8 @@ elif CONFIG["MOZ_WIDGET_TOOLKIT"] == "gtk": +@@ -31,16 +31,18 @@ if CONFIG["MOZ_WIDGET_TOOLKIT"] == "coco + ] + elif CONFIG["MOZ_WIDGET_TOOLKIT"] == "gtk": + XPIDL_SOURCES += [ + "nsIGNOMEShellService.idl", + ] SOURCES += [ "nsGNOMEShellService.cpp", @@ -75,12 +98,16 @@ index eb88cb287dc3f04022b74b978666118bbd5fa6b2..95277533781a7224d108e3c45731a6d9 ] if CONFIG["MOZ_ENABLE_DBUS"]: SOURCES += [ + "nsGNOMEShellDBusHelper.cpp", + "nsGNOMEShellSearchProvider.cpp", + ] + include("/ipc/chromium/chromium-config.mozbuild") + diff --git a/browser/components/shell/nsKDEShellService.cpp b/browser/components/shell/nsKDEShellService.cpp new file mode 100644 -index 0000000000000000000000000000000000000000..152a3aca87ea73477bc75c4e93c01e5a52dda102 --- /dev/null +++ b/browser/components/shell/nsKDEShellService.cpp -@@ -0,0 +1,109 @@ +@@ -0,0 +1,108 @@ +/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this @@ -136,8 +163,7 @@ index 0000000000000000000000000000000000000000..152a3aca87ea73477bc75c4e93c01e5a +} + +NS_IMETHODIMP -+nsKDEShellService::SetDefaultBrowser(bool aClaimAllTypes, -+ bool aForAllUsers) ++nsKDEShellService::SetDefaultBrowser(bool aForAllUsers) +{ + nsCOMPtr command = do_CreateInstance( NS_ARRAY_CONTRACTID ); + if (!command) @@ -151,7 +177,7 @@ index 0000000000000000000000000000000000000000..152a3aca87ea73477bc75c4e93c01e5a + cmdstr->SetData("SETDEFAULTBROWSER"_ns); + command->AppendElement( cmdstr ); + -+ paramstr->SetData( aClaimAllTypes ? "ALLTYPES"_ns : "NORMAL"_ns ); ++ paramstr->SetData("ALLTYPES"_ns); + command->AppendElement( paramstr ); + + return nsKDEUtils::command( command ) ? NS_OK : NS_ERROR_FAILURE; @@ -192,7 +218,6 @@ index 0000000000000000000000000000000000000000..152a3aca87ea73477bc75c4e93c01e5a + diff --git a/browser/components/shell/nsKDEShellService.h b/browser/components/shell/nsKDEShellService.h new file mode 100644 -index 0000000000000000000000000000000000000000..8b0bb19164352453cfa453dd87c19263160b9ad8 --- /dev/null +++ b/browser/components/shell/nsKDEShellService.h @@ -0,0 +1,32 @@ @@ -230,7 +255,6 @@ index 0000000000000000000000000000000000000000..8b0bb19164352453cfa453dd87c19263 +#endif // nskdeshellservice_h____ diff --git a/browser/components/shell/nsUnixShellService.cpp b/browser/components/shell/nsUnixShellService.cpp new file mode 100644 -index 0000000000000000000000000000000000000000..abf266ebdc52e136f495911da3454e69c770c6db --- /dev/null +++ b/browser/components/shell/nsUnixShellService.cpp @@ -0,0 +1,22 @@ @@ -258,7 +282,6 @@ index 0000000000000000000000000000000000000000..abf266ebdc52e136f495911da3454e69 +} diff --git a/browser/components/shell/nsUnixShellService.h b/browser/components/shell/nsUnixShellService.h new file mode 100644 -index 0000000000000000000000000000000000000000..26b5dbac47dd9a8ec1fcb6c93575cca750692735 --- /dev/null +++ b/browser/components/shell/nsUnixShellService.h @@ -0,0 +1,15 @@ diff --git a/l10n-119.0.1.tar.xz b/l10n-119.0.1.tar.xz deleted file mode 100644 index e8b917fb..00000000 --- a/l10n-119.0.1.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:411c128505c49ebcb462a1bb0cce3402624cbbb06a6cc222f7249c212e474719 -size 30476444 diff --git a/l10n-120.0.tar.xz b/l10n-120.0.tar.xz new file mode 100644 index 00000000..34de71d2 --- /dev/null +++ b/l10n-120.0.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:3cb6fc2fd5484e9a1b277c8878c17c2bc8b222b5bdd72ae346e9ba4da16e8154 +size 30685716 diff --git a/mozilla-silence-no-return-type.patch b/mozilla-silence-no-return-type.patch index 784c166f..54b9754f 100644 --- a/mozilla-silence-no-return-type.patch +++ b/mozilla-silence-no-return-type.patch @@ -1,5 +1,5 @@ # HG changeset patch -# Parent f809af927a59e945c76f51c25b1044fb42748c24 +# Parent e7eb7e9e99204275532b04de030879c9548b88a3 diff --git a/gfx/skia/skia/include/codec/SkEncodedOrigin.h b/gfx/skia/skia/include/codec/SkEncodedOrigin.h --- a/gfx/skia/skia/include/codec/SkEncodedOrigin.h @@ -387,7 +387,7 @@ diff --git a/gfx/skia/skia/src/utils/SkShadowUtils.cpp b/gfx/skia/skia/src/utils diff --git a/intl/icu/source/i18n/number_rounding.cpp b/intl/icu/source/i18n/number_rounding.cpp --- a/intl/icu/source/i18n/number_rounding.cpp +++ b/intl/icu/source/i18n/number_rounding.cpp -@@ -278,27 +278,29 @@ Precision IncrementPrecision::withMinFra +@@ -282,27 +282,29 @@ Precision IncrementPrecision::withMinFra } FractionPrecision Precision::constructFraction(int32_t minFrac, int32_t maxFrac) { @@ -681,6 +681,27 @@ diff --git a/third_party/libwebrtc/call/video_send_stream.cc b/third_party/libwe VideoSendStream::StreamStats::~StreamStats() = default; std::string VideoSendStream::StreamStats::ToString() const { +diff --git a/third_party/libwebrtc/media/base/codec.cc b/third_party/libwebrtc/media/base/codec.cc +--- a/third_party/libwebrtc/media/base/codec.cc ++++ b/third_party/libwebrtc/media/base/codec.cc +@@ -195,16 +195,17 @@ bool Codec::Matches(const Codec& codec, + (codec.bitrate == 0 || bitrate <= 0 || + bitrate == codec.bitrate) && + ((codec.channels < 2 && channels < 2) || + channels == codec.channels); + + case Type::kVideo: + return IsSameCodecSpecific(name, params, codec.name, codec.params); + } ++ return false; // unreached + }; + + return matches_id && matches_type_specific(); + } + + bool Codec::MatchesCapability( + const webrtc::RtpCodecCapability& codec_capability) const { + webrtc::RtpCodecParameters codec_parameters = ToCodecParameters(); diff --git a/third_party/libwebrtc/modules/audio_processing/agc2/clipping_predictor.cc b/third_party/libwebrtc/modules/audio_processing/agc2/clipping_predictor.cc --- a/third_party/libwebrtc/modules/audio_processing/agc2/clipping_predictor.cc +++ b/third_party/libwebrtc/modules/audio_processing/agc2/clipping_predictor.cc @@ -915,7 +936,7 @@ diff --git a/third_party/libwebrtc/modules/rtp_rtcp/source/create_video_rtp_depa diff --git a/third_party/libwebrtc/modules/rtp_rtcp/source/rtp_sender.cc b/third_party/libwebrtc/modules/rtp_rtcp/source/rtp_sender.cc --- a/third_party/libwebrtc/modules/rtp_rtcp/source/rtp_sender.cc +++ b/third_party/libwebrtc/modules/rtp_rtcp/source/rtp_sender.cc -@@ -135,16 +135,17 @@ bool IsNonVolatile(RTPExtensionType type +@@ -133,16 +133,17 @@ bool IsNonVolatile(RTPExtensionType type #if defined(WEBRTC_MOZILLA_BUILD) case kRtpExtensionCsrcAudioLevel: // TODO: Mozilla implement for CsrcAudioLevel diff --git a/tar_stamps b/tar_stamps index fb0b013a..0f4ad171 100644 --- a/tar_stamps +++ b/tar_stamps @@ -1,10 +1,10 @@ PRODUCT="firefox" CHANNEL="release" -VERSION="119.0.1" +VERSION="120.0" VERSION_SUFFIX="" -PREV_VERSION="119.0" +PREV_VERSION="119.0.1" PREV_VERSION_SUFFIX="" #SKIP_LOCALES="" # Uncomment to skip l10n and compare-locales-generation RELEASE_REPO="https://hg.mozilla.org/releases/mozilla-release" -RELEASE_TAG="b8f0d32ac6a5c34db8692ed382c3018e6309ea09" -RELEASE_TIMESTAMP="20231106151204" +RELEASE_TAG="5ae4969c2b0450edbe68bd94b613f1f30f8a3fcb" +RELEASE_TIMESTAMP="20231116134553"