pool/MozillaFirefox
SHA256
5
0
Fork 1
Code Issues Pull Requests Packages Projects Releases Wiki Activity
8d549ff22f
MozillaFirefox/mozilla-rust-disable-future-incompat.patch
Wolfgang Rosenauer 8d549ff22f - Mozilla Firefox 127.0 
https://www.mozilla.org/en-US/firefox/127.0/releasenotes
  MFSA 2024-25 (bsc#1226027)
  * CVE-2024-5687 (bmo#1889066)
    An incorrect principal could have been used when opening new tabs
  * CVE-2024-5688 (bmo#1895086)
    Use-after-free in JavaScript object transplant
  * CVE-2024-5689 (bmo#1389707)
    User confusion and possible phishing vector via Firefox Screenshots
  * CVE-2024-5690 (bmo#1883693)
    External protocol handlers leaked by timing attack
  * CVE-2024-5691 (bmo#1888695)
    Sandboxed iframes were able to bypass sandbox restrictions to
    open a new window
  * CVE-2024-5692 (bmo#1837514, bmo#1891234)
    Bypass of file name restrictions during saving
  * CVE-2024-5693 (bmo#1891319)
    Cross-Origin Image leak via Offscreen Canvas
  * CVE-2024-5694 (bmo#1895055)
    Use-after-free in JavaScript Strings
  * CVE-2024-5695 (bmo#1895579)
    Memory Corruption using allocation using out-of-memory conditions
  * CVE-2024-5696 (bmo#1896555)
    Memory Corruption in Text Fragments
  * CVE-2024-5697 (bmo#1414937)
    Website was able to detect when Firefox was taking a
    screenshot of them
  * CVE-2024-5698 (bmo#1828259)
    Data-list could have overlaid address bar
  * CVE-2024-5699 (bmo#1891349)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=1155
2024-06-12 20:38:41 +00:00

22 lines
926 B
Diff
Raw Blame History

# HG changeset patch
# Parent 8c5b7b10f09b8cd6a8a6e0e29b92ec88cec6d4ce
diff --git a/Cargo.toml b/Cargo.toml
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -238,8 +238,14 @@ mio_0_8 = { package = "mio", git = "http
# Patch `gpu-descriptor` 0.3.0 to remove unnecessary `allocator-api2` dep.:
# Still waiting for the now-merged <https://github.com/zakarumych/gpu-descriptor/pull/40> to be released.
gpu-descriptor = { git = "https://github.com/zakarumych/gpu-descriptor", rev = "7b71a4e47c81903ad75e2c53deb5ab1310f6ff4d" }
# Patch mio 0.6 to use winapi 0.3 and miow 0.3, getting rid of winapi 0.2.
# There is not going to be new version of mio 0.6, mio now being >= 0.7.11.
[patch.crates-io.mio]
path = "third_party/rust/mio-0.6.23"
+
+# Package code v0.1.4 uses code "that will be rejected by a future version of Rust"
+# Shut up such messages for now to make the build succeed
+[future-incompat-report]
+frequency = "never"
+
Reference in New Issue View Git Blame Copy Permalink