- Mozilla Firefox 127.0

https://www.mozilla.org/en-US/firefox/127.0/releasenotes MFSA 2024-25 (bsc#1226027) * CVE-2024-5687 (bmo#1889066) An incorrect principal could have been used when opening new tabs * CVE-2024-5688 (bmo#1895086) Use-after-free in JavaScript object transplant * CVE-2024-5689 (bmo#1389707) User confusion and possible phishing vector via Firefox Screenshots * CVE-2024-5690 (bmo#1883693) External protocol handlers leaked by timing attack * CVE-2024-5691 (bmo#1888695) Sandboxed iframes were able to bypass sandbox restrictions to open a new window * CVE-2024-5692 (bmo#1837514, bmo#1891234) Bypass of file name restrictions during saving * CVE-2024-5693 (bmo#1891319) Cross-Origin Image leak via Offscreen Canvas * CVE-2024-5694 (bmo#1895055) Use-after-free in JavaScript Strings * CVE-2024-5695 (bmo#1895579) Memory Corruption using allocation using out-of-memory conditions * CVE-2024-5696 (bmo#1896555) Memory Corruption in Text Fragments * CVE-2024-5697 (bmo#1414937) Website was able to detect when Firefox was taking a screenshot of them * CVE-2024-5698 (bmo#1828259) Data-list could have overlaid address bar * CVE-2024-5699 (bmo#1891349) OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=1155
2024-06-12 20:38:41 +00:00 · 2024-06-12 20:38:41 +00:00 · 8d549ff22f
commit 8d549ff22f
parent 7548fa49d0
12 changed files with 105 additions and 64 deletions
--- a/MozillaFirefox.changes
+++ b/MozillaFirefox.changes
@ -1,3 +1,45 @@
+-------------------------------------------------------------------
+Tue Jun 11 09:21:24 UTC 2024 - Wolfgang Rosenauer <wr@rosenauer.org>
+
+- Mozilla Firefox 127.0
+  https://www.mozilla.org/en-US/firefox/127.0/releasenotes
+  MFSA 2024-25 (bsc#1226027)
+  * CVE-2024-5687 (bmo#1889066)
+    An incorrect principal could have been used when opening new tabs
+  * CVE-2024-5688 (bmo#1895086)
+    Use-after-free in JavaScript object transplant
+  * CVE-2024-5689 (bmo#1389707)
+    User confusion and possible phishing vector via Firefox Screenshots
+  * CVE-2024-5690 (bmo#1883693)
+    External protocol handlers leaked by timing attack
+  * CVE-2024-5691 (bmo#1888695)
+    Sandboxed iframes were able to bypass sandbox restrictions to
+    open a new window
+  * CVE-2024-5692 (bmo#1837514, bmo#1891234)
+    Bypass of file name restrictions during saving
+  * CVE-2024-5693 (bmo#1891319)
+    Cross-Origin Image leak via Offscreen Canvas
+  * CVE-2024-5694 (bmo#1895055)
+    Use-after-free in JavaScript Strings
+  * CVE-2024-5695 (bmo#1895579)
+    Memory Corruption using allocation using out-of-memory conditions
+  * CVE-2024-5696 (bmo#1896555)
+    Memory Corruption in Text Fragments
+  * CVE-2024-5697 (bmo#1414937)
+    Website was able to detect when Firefox was taking a
+    screenshot of them
+  * CVE-2024-5698 (bmo#1828259)
+    Data-list could have overlaid address bar
+  * CVE-2024-5699 (bmo#1891349)
+    Cookie prefixes not treated as case-sensitive
+  * CVE-2024-5700 (bmo#1862809, bmo#1889355, bmo#1893388, bmo#1895123)
+    Memory safety bugs fixed in Firefox 127, Firefox ESR 115.12,
+    and Thunderbird 115.12
+  * CVE-2024-5701 (bmo#1890909, bmo#1891422, bmo#1893915,
+    bmo#1894047, bmo#1896024)
+    Memory safety bugs fixed in Firefox 127
+- removed obsolete mozilla-bmo1886378.patch
+
 -------------------------------------------------------------------
 Wed May 29 06:05:07 UTC 2024 - Wolfgang Rosenauer <wr@rosenauer.org>

--- a/MozillaFirefox.spec
+++ b/MozillaFirefox.spec
@ -28,9 +28,9 @@
 # orig_suffix b3
 # major 69
 # mainver %%major.99
-%define major          126
-%define mainver        %major.0.1
-%define orig_version   126.0.1
+%define major          127
+%define mainver        %major.0
+%define orig_version   127.0
 %define orig_suffix    %{nil}
 %define update_channel release
 %define branding       1
@ -229,7 +229,6 @@ Patch21:        svg-rendering.patch
 Patch22:        mozilla-partial-revert-1768632.patch
 Patch23:        mozilla-rust-disable-future-incompat.patch
 Patch24:        mozilla-bmo1822730.patch
-Patch25:        mozilla-bmo1886378.patch
 # Firefox/browser
 Patch101:       firefox-kde.patch
 Patch102:       firefox-branded-icons.patch
--- a/firefox-126.0.1.source.tar.xz
+++ b/firefox-126.0.1.source.tar.xz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:f63026359f678a5d45cea4c7744fcef512abbb58a5b016bbbb1c6ace723a263b
-size 552965660
--- a/firefox-126.0.1.source.tar.xz.asc
+++ b/firefox-126.0.1.source.tar.xz.asc
@ -1,16 +0,0 @@
-----BEGIN PGP SIGNATURE-----
-
-iQIzBAABCgAdFiEErdcHlHlwDcrf3VM34207E/PZMnQFAmZUvKsACgkQ4207E/PZ
-MnRyIA//RmJnrGX1k1J3T9zBknzbhFPxUu3HYp4D7kKrIMJKfzhXpsaIzMaP5AF+
-gYC8ixY7o3EbkJtMK8MDXV7Pq+Si+KEmMMgNT+2MQIgGodizBIxUDb+/q8Vl3SCk
-LyPAvLIN2nqfVIV3jZ2TNO3fa1U6mW1qswy38Gg0K+/lftG5oZt3nDkJ/Ieqr8Qj
-ll36Yoi1ClqD1DhAn5zRBfFpi3InuX7SRMyrNqi7xdo/4v9aG5aWHPn7EbH9LWmW
-vDVX1tMh7sWZqJxDT/hofoCuNxX9coS+8alCHSSTZt9DoKQmNjox1Xz/gaNL6xjz
-fuNC4WuWUs9/hYkxrRuHKWSzVxq5Qon6QssrrF3pfEXrDwQeb7txQlBesXRpwlq7
-LzgQaudIcRU3SgIS7qaUjS3uKNTV8Jivhm0PBuz+FvhuheXTYK0jnk1Ddkkv0Cfq
-0SZk4QiZG8Z73HHjEyifHT9QMe5hQbl132momsDRBhUrJpKXyPWNvcq6yxrWFOkL
-NWsrnHMDINbonkAgkX1JTxe5MbNts74INzGZJkIMsC/Y33+dmOhePySKd+OcG2eM
-DqdsrQLComWpye1FTwYzynR8yVqjbdUoLjfUFWQmliI/wwI7CYfxathxHV1Q5J3N
-101fLb5TR4tQOuw8zsnQCPKurVlztx2j/5K90WIL+s1fxnnPGwI=
-=gkjp
-----END PGP SIGNATURE-----
--- a/firefox-127.0.source.tar.xz
+++ b/firefox-127.0.source.tar.xz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:ea6b089ff046ca503978fdaf11ea123c64f66bbcdc4a968bed8f7c93e9994321
+size 558840124
--- a/firefox-127.0.source.tar.xz.asc
+++ b/firefox-127.0.source.tar.xz.asc
@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCgAdFiEErdcHlHlwDcrf3VM34207E/PZMnQFAmZiLSAACgkQ4207E/PZ
+MnSBbA//Xn5pxTREkgot1JwNl1JB3+uYqLjjDcTbZFWhJ/wf6gqokRSbGl+PSVGM
+5kOYvggfleRcqc8/OUicD2/SlCXAP/SnxZPmKQXhZJ5o6MLxLELWyeVpgQQNPQAM
+5FfkHDGWGyt2B7i5Zfh380IM5KsFso0sglAmeANngI66ePYx/0kOdvUa6YxM/uss
+4SjxO6JaquWnQFxG3tmknQZYMQ3u+Zfqq2D6wVD3B+j2oTToQTGXvWHIzT7VEyaj
+2xs7s0pecVYiWP92LJlrNV6vFnG8lVyv/zRQURdJ4UYmgRXx5/AZ+k8SFCvQwii3
+eHVDJ4IjG7fa36ttubaWf3HZYcWvVV7jnZhLF3MnRmTo0cbY9L4XHCWSEsUq5QnH
+q2BSRq+cjE0GwzBw1NFf5b0yIbzy3EQWdhAOH6jpaTZ4veb4yl9UNLg5ms2nkfv7
+dpwzhruDa7WWjICELcwyd420tMrL12EuvOORcenXsY+Mqz8k4DpiS5pmBxzN5o8q
+/vQbtuOQLM2ZzIjSYKv82egGvEOkuzTCR2UfN4QuWztLbp96PoCZ7No1j4cWjdUV
+A/UMT0CjG7G1DDndhMHMfQMFiIRNz0Sduy79PXsLWMtvtD1Y6Bf0PL5YmMbAQOU+
+adxeokSOc1WEXvw7N5T3BdWtqTDo4VF41tf/tDFDm+7YGvI3OmM=
+=tKU/
+-----END PGP SIGNATURE-----
--- a/l10n-126.0.1.tar.xz
+++ b/l10n-126.0.1.tar.xz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:7fb67354817ee6319fbe56189ef248105bc3025983dabfe654992f31a86c7f98
-size 31696716
--- a/l10n-127.0.tar.xz
+++ b/l10n-127.0.tar.xz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:68c4f9dc1ae31acaf51cde83abafad3f308211c260b398b2ac58e390344a4119
+size 31787988
--- a/mozilla-libavcodec58_91.patch
+++ b/mozilla-libavcodec58_91.patch
@ -1,16 +1,16 @@
 # HG changeset patch
-# Parent  60fc1933af9d4f1769025a6f1d9a60db6b899315
+# Parent  fdc16b43f28c2e974929ca702563aaac52799654

 diff --git a/dom/media/platforms/ffmpeg/FFmpegRuntimeLinker.cpp b/dom/media/platforms/ffmpeg/FFmpegRuntimeLinker.cpp
 --- a/dom/media/platforms/ffmpeg/FFmpegRuntimeLinker.cpp
 +++ b/dom/media/platforms/ffmpeg/FFmpegRuntimeLinker.cpp
-@@ -36,16 +36,18 @@ static const char* sLibs[] = {
-   "libavcodec.54.dylib",
+@@ -44,16 +44,18 @@ static const char* sLibs[] = {
   "libavcodec.53.dylib",
 #elif defined(XP_OPENBSD)
   "libavcodec.so", // OpenBSD hardly controls the major/minor library version
                    // of ffmpeg and update it regulary on ABI/API changes
 #else
+   "libavcodec.so.61",
   "libavcodec.so.60",
   "libavcodec.so.59",
 +  "libavcodec.so.58.134",
--- a/mozilla-rust-disable-future-incompat.patch
+++ b/mozilla-rust-disable-future-incompat.patch
@ -1,18 +1,18 @@
 # HG changeset patch
-# Parent  83a5e219b271976ee9dfa46b74ecc1c1c6d49f94
+# Parent  8c5b7b10f09b8cd6a8a6e0e29b92ec88cec6d4ce

 diff --git a/Cargo.toml b/Cargo.toml
 --- a/Cargo.toml
 +++ b/Cargo.toml
-@@ -234,8 +234,14 @@ mio_0_8 = { package = "mio", git = "http
- path = "third_party/rust/mio-0.6.23"
+@@ -238,8 +238,14 @@ mio_0_8 = { package = "mio", git = "http
+ # Patch `gpu-descriptor` 0.3.0 to remove unnecessary `allocator-api2` dep.:
+ # Still waiting for the now-merged <https://github.com/zakarumych/gpu-descriptor/pull/40> to be released.
+ gpu-descriptor = { git = "https://github.com/zakarumych/gpu-descriptor", rev = "7b71a4e47c81903ad75e2c53deb5ab1310f6ff4d" }
 
- [patch."https://github.com/mozilla/uniffi-rs.git"]
- uniffi = "0.27.1"
- uniffi_bindgen = "0.27.1"
- uniffi_build = "0.27.1"
- uniffi_macros = "0.27.1"
- weedle2 = "=5.0.0"
+ # Patch mio 0.6 to use winapi 0.3 and miow 0.3, getting rid of winapi 0.2.
+ # There is not going to be new version of mio 0.6, mio now being >= 0.7.11.
+ [patch.crates-io.mio]
+ path = "third_party/rust/mio-0.6.23"
 +
 +# Package code v0.1.4 uses code "that will be rejected by a future version of Rust"
 +# Shut up such messages for now to make the build succeed
--- a/mozilla-silence-no-return-type.patch
+++ b/mozilla-silence-no-return-type.patch
@ -1,5 +1,5 @@
 # HG changeset patch
-# Parent  af0655f894a27ef60aa8438af7939a5ebc498df0
+# Parent  45b7287e677b0d0a47091f763c19d75955c291a1

 diff --git a/gfx/skia/skia/include/codec/SkEncodedOrigin.h b/gfx/skia/skia/include/codec/SkEncodedOrigin.h
 --- a/gfx/skia/skia/include/codec/SkEncodedOrigin.h
@ -462,7 +462,7 @@ diff --git a/third_party/libwebrtc/api/adaptation/resource.cc b/third_party/libw
 diff --git a/third_party/libwebrtc/api/rtp_parameters.cc b/third_party/libwebrtc/api/rtp_parameters.cc
 --- a/third_party/libwebrtc/api/rtp_parameters.cc
 +++ b/third_party/libwebrtc/api/rtp_parameters.cc
-@@ -27,16 +27,17 @@ const char* DegradationPreferenceToStrin
+@@ -28,16 +28,17 @@ const char* DegradationPreferenceToStrin
     case DegradationPreference::MAINTAIN_FRAMERATE:
       return "maintain-framerate";
     case DegradationPreference::MAINTAIN_RESOLUTION:
@ -505,7 +505,7 @@ diff --git a/third_party/libwebrtc/api/video/video_frame_buffer.cc b/third_party
 diff --git a/third_party/libwebrtc/api/video_codecs/video_codec.cc b/third_party/libwebrtc/api/video_codecs/video_codec.cc
 --- a/third_party/libwebrtc/api/video_codecs/video_codec.cc
 +++ b/third_party/libwebrtc/api/video_codecs/video_codec.cc
-@@ -126,16 +126,17 @@ const char* CodecTypeToPayloadString(Vid
+@@ -156,16 +156,17 @@ const char* CodecTypeToPayloadString(Vid
     case kVideoCodecMultiplex:
       return kPayloadNameMultiplex;
     case kVideoCodecGeneric:
@ -526,7 +526,7 @@ diff --git a/third_party/libwebrtc/api/video_codecs/video_codec.cc b/third_party
 diff --git a/third_party/libwebrtc/api/video_codecs/video_encoder_software_fallback_wrapper.cc b/third_party/libwebrtc/api/video_codecs/video_encoder_software_fallback_wrapper.cc
 --- a/third_party/libwebrtc/api/video_codecs/video_encoder_software_fallback_wrapper.cc
 +++ b/third_party/libwebrtc/api/video_codecs/video_encoder_software_fallback_wrapper.cc
-@@ -183,16 +183,17 @@ class VideoEncoderSoftwareFallbackWrappe
+@@ -184,16 +184,17 @@ class VideoEncoderSoftwareFallbackWrappe
         [[fallthrough]];
       case EncoderState::kMainEncoderUsed:
         return encoder_.get();
@ -544,7 +544,7 @@ diff --git a/third_party/libwebrtc/api/video_codecs/video_encoder_software_fallb
 
   // Settings used in the last InitEncode call and used if a dynamic fallback to
   // software is required.
-@@ -363,16 +364,17 @@ int32_t VideoEncoderSoftwareFallbackWrap
+@@ -377,16 +378,17 @@ int32_t VideoEncoderSoftwareFallbackWrap
     case EncoderState::kMainEncoderUsed: {
       return EncodeWithMainEncoder(frame, frame_types);
     }
@ -684,7 +684,7 @@ diff --git a/third_party/libwebrtc/call/video_send_stream.cc b/third_party/libwe
 diff --git a/third_party/libwebrtc/media/base/codec.cc b/third_party/libwebrtc/media/base/codec.cc
 --- a/third_party/libwebrtc/media/base/codec.cc
 +++ b/third_party/libwebrtc/media/base/codec.cc
-@@ -200,16 +200,17 @@ bool Codec::Matches(const Codec& codec) 
+@@ -228,16 +228,17 @@ bool Codec::Matches(const Codec& codec) 
                (codec.bitrate == 0 || bitrate <= 0 ||
                 bitrate == codec.bitrate) &&
                ((codec.channels < 2 && channels < 2) ||
@ -765,7 +765,7 @@ diff --git a/third_party/libwebrtc/modules/audio_processing/agc2/rnn_vad/rnn_fc.
 diff --git a/third_party/libwebrtc/modules/audio_processing/audio_processing_impl.cc b/third_party/libwebrtc/modules/audio_processing/audio_processing_impl.cc
 --- a/third_party/libwebrtc/modules/audio_processing/audio_processing_impl.cc
 +++ b/third_party/libwebrtc/modules/audio_processing/audio_processing_impl.cc
-@@ -94,16 +94,17 @@ GainControl::Mode Agc1ConfigModeToInterf
+@@ -96,16 +96,17 @@ GainControl::Mode Agc1ConfigModeToInterf
     case Agc1Config::kAdaptiveAnalog:
       return GainControl::kAdaptiveAnalog;
     case Agc1Config::kAdaptiveDigital:
@ -783,7 +783,7 @@ diff --git a/third_party/libwebrtc/modules/audio_processing/audio_processing_imp
 
 // Maximum lengths that frame of samples being passed from the render side to
 // the capture side can have (does not apply to AEC3).
-@@ -161,17 +162,17 @@ int AudioFormatValidityToErrorCode(Audio
+@@ -163,17 +164,17 @@ int AudioFormatValidityToErrorCode(Audio
     case AudioFormatValidity::kValidAndSupported:
       return AudioProcessing::kNoError;
     case AudioFormatValidity::kValidButUnsupportedSampleRate:  // fall-through
@ -802,7 +802,7 @@ diff --git a/third_party/libwebrtc/modules/audio_processing/audio_processing_imp
     const StreamConfig& input_config,
     const StreamConfig& output_config) {
   AudioFormatValidity input_validity = ValidateAudioFormat(input_config);
-@@ -2416,16 +2417,17 @@ void AudioProcessingImpl::InitializeNois
+@@ -2420,16 +2421,17 @@ void AudioProcessingImpl::InitializeNois
             case NoiseSuppresionConfig::kModerate:
               return NsConfig::SuppressionLevel::k12dB;
             case NoiseSuppresionConfig::kHigh:
@ -921,12 +921,12 @@ diff --git a/third_party/libwebrtc/modules/desktop_capture/linux/wayland/screenc
 diff --git a/third_party/libwebrtc/modules/pacing/bitrate_prober.cc b/third_party/libwebrtc/modules/pacing/bitrate_prober.cc
 --- a/third_party/libwebrtc/modules/pacing/bitrate_prober.cc
 +++ b/third_party/libwebrtc/modules/pacing/bitrate_prober.cc
-@@ -64,16 +64,17 @@ bool BitrateProber::ReadyToSetActiveStat
-       return false;
-     case ProbingState::kInactive:
-       // If config_.min_packet_size > 0, a "large enough" packet must be sent
-       // first, before a probe can be generated and sent. Otherwise, send the
-       // probe asap.
+@@ -79,16 +79,17 @@ bool BitrateProber::ReadyToSetActiveStat
+         return true;
+       }
+       // If config_.min_packet_size > 0, a "large enough" packet must be
+       // sent first, before a probe can be generated and sent. Otherwise,
+       // send the probe asap.
       return packet_size >=
              std::min(RecommendedMinProbeSize(), config_.min_packet_size.Get());
   }
@ -934,18 +934,18 @@ diff --git a/third_party/libwebrtc/modules/pacing/bitrate_prober.cc b/third_part
 }
 
 void BitrateProber::OnIncomingPacket(DataSize packet_size) {
-   if (ReadyToSetActiveState(packet_size)) {
-     next_probe_time_ = Timestamp::MinusInfinity();
-     probing_state_ = ProbingState::kActive;
-   }
+   MaybeSetActiveState(packet_size);
 }
+ 
+ void BitrateProber::CreateProbeCluster(
+     const ProbeClusterConfig& cluster_config) {
 diff --git a/third_party/libwebrtc/modules/rtp_rtcp/source/create_video_rtp_depacketizer.cc b/third_party/libwebrtc/modules/rtp_rtcp/source/create_video_rtp_depacketizer.cc
 --- a/third_party/libwebrtc/modules/rtp_rtcp/source/create_video_rtp_depacketizer.cc
 +++ b/third_party/libwebrtc/modules/rtp_rtcp/source/create_video_rtp_depacketizer.cc
-@@ -36,11 +36,12 @@ std::unique_ptr<VideoRtpDepacketizer> Cr
-     case kVideoCodecH265:
-       // TODO(bugs.webrtc.org/13485): Implement VideoRtpDepacketizerH265.
+@@ -42,11 +42,12 @@ std::unique_ptr<VideoRtpDepacketizer> Cr
+ #else
       return nullptr;
+ #endif
     case kVideoCodecGeneric:
     case kVideoCodecMultiplex:
       return std::make_unique<VideoRtpDepacketizerGeneric>();
--- a/8
+++ b/8
@ -1,10 +1,10 @@
 PRODUCT="firefox"
 CHANNEL="release"
-VERSION="126.0.1"
+VERSION="127.0"
 VERSION_SUFFIX=""
-PREV_VERSION="126.0"
+PREV_VERSION="126.0.1"
 PREV_VERSION_SUFFIX=""
 #SKIP_LOCALES="" # Uncomment to skip l10n and compare-locales-generation
 RELEASE_REPO="https://hg.mozilla.org/releases/mozilla-release"
-RELEASE_TAG="6c033deedc28e5dadb0b99de7336cb6ebb336631"
-RELEASE_TIMESTAMP="20240526221752"
+RELEASE_TAG="cfd3e02d8411b3a938cda7242dcf044cf03c03d1"
+RELEASE_TIMESTAMP="20240606181944"