Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package firefox-esr for openSUSE:Factory checked in at 2025-07-23 16:34:19 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/firefox-esr (Old) and /work/SRC/openSUSE:Factory/.firefox-esr.new.8875 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "firefox-esr" Wed Jul 23 16:34:19 2025 rev:15 rq:1295157 version:140.1.0 Changes: -------- New Changes file: --- /dev/null 2025-07-03 00:32:22.244000000 +0200 +++ /work/SRC/openSUSE:Factory/.firefox-esr.new.8875/MozillaFirefox.changes 2025-07-23 16:35:38.893082347 +0200 @@ -0,0 +1,12091 @@ +------------------------------------------------------------------- +Tue Jul 22 15:02:34 UTC 2025 - Manfred Hollstein <manfre...@gmx.net> + +- Avoid file conflict with MozillaFirefox regarding + firefox-search-provider.ini; assume MozillaFirefox gets installed + anyway, so omit traces here. Add Recommends: MozillaFirefox for + this. + +------------------------------------------------------------------- +Sat Jul 19 08:56:15 UTC 2025 - Manfred Hollstein <manfre...@gmx.net> + +- Firefox Extended Support Release 140.1.0 ESR + * Fixed: Various security fixes. +- Mozilla Firefox ESR 140.1.0 + https://www.mozilla.org/security/advisories/mfsa2025-59 + MFSA 2025-59 (boo#1246664) + * CVE-2025-8027 (bmo#1968423) + JavaScript engine only wrote partial return value to stack + * CVE-2025-8028 (bmo#1971581) + Large branch table could lead to truncated instruction + * CVE-2025-8029 (bmo#1928021) + javascript: URLs executed on object and embed tags + * CVE-2025-8036 (bmo#1960834) + DNS rebinding circumvents CORS + * CVE-2025-8037 (bmo#1964767) + Nameless cookies shadow secure cookies + * CVE-2025-8030 (bmo#1968414) + Potential user-assisted code execution in “Copy as cURL” + command + * CVE-2025-8031 (bmo#1971719) + Incorrect URL stripping in CSP reports + * CVE-2025-8032 (bmo#1974407) + XSLT documents could bypass CSP + * CVE-2025-8038 (bmo#1808979) + CSP frame-src was not correctly enforced for paths + * CVE-2025-8039 (bmo#1970997) + Search terms persisted in URL bar + * CVE-2025-8033 (bmo#1973990) + Incorrect JavaScript state machine for generators + * CVE-2025-8034 (bmo#1970422, bmo#1970422, bmo#1970422, + bmo#1970422) + Memory safety bugs fixed in Firefox ESR 115.26, Firefox ESR + 128.13, Thunderbird ESR 128.13, Firefox ESR 140.1, + Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141 + * CVE-2025-8040 (bmo#1975058, bmo#1975058, bmo#1975998, + bmo#1975998) + Memory safety bugs fixed in Firefox ESR 140.1, Thunderbird + ESR 140.1, Firefox 141 and Thunderbird 141 + * CVE-2025-8035 (bmo#1975961, bmo#1975961, bmo#1975961) + Memory safety bugs fixed in Firefox ESR 128.13, Thunderbird + ESR 128.13, Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox + 141 and Thunderbird 141 + +------------------------------------------------------------------- +Mon Jun 23 09:15:00 UTC 2025 - Manfred Hollstein <manfre...@gmx.net> + +- Firefox Extended Support Release 140.0esr ESR + * New: ###General + - Reader View now has an enhanced Text and Layout menu with + new options for character spacing, word spacing, and text + alignment. These changes offer a more accessible reading + experience. + - Reader View now has a Theme menu with additional Contrast + and Gray options. You can also select custom colors for text, + background, and links from the Custom tab. + - Firefox will now offer to temporarily remember when users + grant permissions to sites (e.g. geolocation). Temporary + permissions will be removed either after one hour or when the + tab is closed. + - Firefox now includes safeguards to prevent sites from + abusing the history API by generating excessive history + entries, which can make navigating with the back and forward + buttons difficult by cluttering the history. This + intervention ensures that such entries, unless interacted + with by the user, are skipped when using the back and forward + buttons. + - Firefox now identifies all links in PDFs and turns them + into hyperlinks. + - You can now copy links from background tabs using the + tabstrip context menu on macOS and Linux. + - Users on macOS and Linux are now given the option to close + only the current tab if the Quit keyboard shortcut is used + while multiple tabs are open in the window. + * New: ###Sidebar and Tabs + - You can now enable the updated Firefox sidebar in Settings + > General > Browser Layout to quickly access multiple tools + in one click, without leaving your main view. Sidebar tools + include an AI chatbot of your choice, bookmarks, history, and + tabs from devices you sync with your Mozilla account. + - Keep a lot of tabs open? Try our new vertical tabs layout + to quickly scan your list of tabs. With vertical tabs, your + open and pinned tabs appear in the sidebar instead of along + the top of the browser. To turn on vertical tabs, right-click + on the toolbar near the top of the browser and select Turn on + Vertical Tabs. If you’ve enabled the updated sidebar, you can + also go to Customize sidebar and check Vertical tabs. Early + testers report feeling more organized after using vertical + tabs for a few days. + - Stay productive and organized with less effort by grouping + related tabs together. One simple way to create a group is to + drag a tab onto another, pause until you see a highlight, + then drop to create the group. Tab groups can be named, + color-coded, and are always saved. You can close a group and + reopen it later. + - A tab preview is now displayed when hovering the mouse over + background tabs, making it easier to locate the desired tab + without needing to switch tabs. + - The sidebar to view tabs from other devices can now be + opened via the Tab overview menu. + * New: ###Security & Privacy + - HTTPS is replacing HTTP as the default protocol in the + address bar on non-local sites. If a site is not available + via HTTPS, Firefox will fall back to HTTP. + - Firefox now blocks third-party cookie access when Enhanced + Tracking Protection's Strict mode is enabled. + - Firefox now has a new anti-tracking feature, Bounce + Tracking Protection, which is now available in Enhanced + Tracking Protection's "Strict" mode. This feature detects + bounce trackers based on their redirect behavior and + periodically purges their cookies and site data to block + tracking. + - Firefox now enforces certificate transparency, requiring + web servers to provide sufficient proof that their + certificates were publicly disclosed before they will be + trusted. This only affects servers using certificates issued + by a certificate authority in Mozilla's Root CA Program. + - Smartblock Embeds allows users to selectively unblock + certain social media embeds that are blocked in ETP Strict + and Private Browsing modes. Currently, support is limited to + a few embed types, with more to be added in future updates. + - Firefox now upgrades page loads to HTTPS by default and + gracefully falls back to HTTP if the secure connection fails. + This behavior is known as HTTPS-First. + - The "Copy Without Site Tracking" menu item was renamed to + "Copy Clean Link" to help clarify expectations around what + the feature does. "Copy Clean Link" is a list based approach + to remove - known tracking parameters from links. This option + can also now be used on plain text links. + - The Clear browsing data and cookies dialog now allows + clearing saved form info separately from browsing history. + * New: ###Translations + - Firefox now allows translating selected text portions to + different languages after a full-page translation. + - Full-Page Translations are now available within Firefox + extension pages that start with the moz-extension:// URL + scheme. + - When suggesting a default translation language, Firefox + will now take into consideration languages you have + previously used for translations. + - Added support for many new languages in Firefox + translation. + * New: ###Windows + - Canvas2D switched from Direct2D to a platform independent + acceleration backend on Windows. + - Hardware-accelerated playback of HEVC video content is now + supported on Windows. + - Firefox on Windows 11 now uses acrylic-style menus for + popup windows, which better match the operating system’s + aesthetic. + * New: ###macOS + - Added support for multiple languages in the same document + spoken in macOS VoiceOver. + - The macOS session resume feature has been enhanced. Firefox + will now automatically relaunch if it was open before a + system restart, like after an OS update. + - The macOS DMG installer packages now use LZMA for + compression, reducing download size and installation time. + - Due to recent changes in macOS Sequoia, the shortcut for + completing search strings to .com addresses has been changed + from Ctrl+Enter to Cmd+Enter. + * New: ###Linux + - Firefox now supports touchpad hold gestures on Linux. This + means that kinetic (momentum) scrolling can now be + interrupted by placing two fingers on the touchpad. + * Developer: - Firefox now supports text fragments, which + allows users to link directly to a specific portion of text + in a web document via a special URL fragment. + - Debugger log-point values are now automatically converted + into profiler markers, making it easy to add information to + the marker timeline directly from the Debugger. + - The Debugger's directory root is now scoped to the specific + domain where it was set, which aligns with typical usage and + avoids applying it across unrelated domains. This builds on + previous improvements such as a redesigned UI and easier + removal of the root setting. Setting a directory root updates + the Source List to show only the selected directory and its + children. (Learn more) + - The Network Blocking feature in the Network panel now + blocks HTTP requests in addition to blocking responses. + - The Network panel displays information about Early Hints, + including a dedicated indicator for the 103 HTTP status code + in the user interface. + - The Network panel now allows overriding network request + responses with local files. + - The filter setting in the Network panel is now preserved + across DevTools Toolbox sessions. + - A new column has been added to the Network panel to display + the full path of the request URL. This enhancement makes + helps developers quickly view and analyze complete request + paths. + - Introduced a new console command `$$$` that allows + searching the page, including within shadow roots. + - Improved support for debugging web extensions, such as + automatically reloading the web extension's source code in + the Debugger when the extension is reloaded. Workers are now + available in the Console panel’s context selector and + breakpoints function correctly in content scripts. + - In the Inspector Fonts panel, we now display fonts + metadata, like the font version, designer, vendor, license, + etc. + - Added support for the import map integrity field, allowing + you to ensure the integrity of dynamically or statically + imported modules. + - Implemented support for `Error.isError`, enabling brand + checks to determine whether an object is an instance of + Error. (Learn more) + - Added support for the `error.captureStackTrace` extension + to improve compatibility with other browsers. (Learn more) + [5]: http://github.com/tc39/proposal-error- + capturestacktrace + * Enterprise: - The UserMessaging policy has been updated with + a new option to allow disabling Firefox Labs in preferences. + - The Preferences policy has been updated to allow setting + the preference security.pki.certificate_transparency.mode. + - HTTPS-First is now on by default. You can manage this + behavior using the HttpsOnlyMode and HttpAllowlist policies. + - An internal change has been made to Firefox that removes + `XPCOMUtils.defineLazyGetter`. For most people, this + shouldn't matter, but if you encounter problems with + AutoConfig or third party software like PolicyPak, this might + be the cause. You'll need to reach out to your provider. + - Firefox now supports the Content Analysis SDK for + integrating DLP software. For more information, see this + post. + - The SearchEngines policy is now available on all versions + of Firefox (not just the ESR). + * Fixed: Various security fixes. +- Mozilla Firefox ESR 140.0 + https://www.mozilla.org/security/advisories/mfsa2025-51 + MFSA 2025-51 (boo#1244670) + * CVE-2025-6424 (bmo#1966423) + Use-after-free in FontFaceSet + * CVE-2025-6425 (bmo#1717672) + The WebCompat WebExtension shipped with Firefox exposed a + persistent UUID + * CVE-2025-6426 (bmo#1964385) + No warning when opening executable terminal files on macOS + * CVE-2025-6427 (bmo#1966927) + connect-src Content Security Policy restriction could be + bypassed + * CVE-2025-6428 (bmo#1970151) + Firefox for Android opened URLs specified in a link + querystring parameter + * CVE-2025-6429 (bmo#1970658) + Incorrect parsing of URLs could have allowed embedding of + youtube.com + * CVE-2025-6430 (bmo#1971140) + Content-Disposition header ignored when a file is included in + an embed or object tag + * CVE-2025-6431 (bmo#1942716) + The prompt in Firefox for Android that asks before opening a + link in an external application could be bypassed + * CVE-2025-6432 (bmo#1943804) + DNS Requests leaked outside of a configured SOCKS proxy + * CVE-2025-6433 (bmo#1954033) + WebAuthn would allow a user to sign a challenge on a webpage + with an invalid TLS certificate + * CVE-2025-6434 (bmo#1955182) + HTTPS-Only exception screen lacked anti-clickjacking delay + * CVE-2025-6435 (bmo#1950056, bmo#1961777) + Save as in Devtools could download files without sanitizing + the extension + * CVE-2025-6436 (bmo#1941377, bmo#1960948, bmo#1966187, + bmo#1966505, bmo#1970764) + Memory safety bugs fixed in Firefox 140 and Thunderbird 140 +- Requires: + NSS >= 3.112 + cargo/rust 1.86 + rust-cbindgen >= 0.28 + +------------------------------------------------------------------- +Sun Jun 8 14:58:17 UTC 2025 - Bernhard Wiedemann <bwiedem...@suse.com> + +- Replace usage of %jobs for reproducible builds (boo#1237231) + +------------------------------------------------------------------- +Sun May 25 08:47:26 UTC 2025 - Manfred Hollstein <manfre...@gmx.net> + +- Firefox Extended Support Release 128.11.0 ESR + * Fixed: Various security fixes. +- Mozilla Firefox ESR 128.11.0 + https://www.mozilla.org/security/advisories/mfsa2025-44 + MFSA 2025-44 (boo#1243353) + * CVE-2025-5262 (bmo#1962421) + Double-free in libvpx encoder + * CVE-2025-5263 (bmo#1960745) + Error handling for script execution was incorrectly isolated ++++ 11794 more lines (skipped) ++++ between /dev/null ++++ and /work/SRC/openSUSE:Factory/.firefox-esr.new.8875/MozillaFirefox.changes --- /work/SRC/openSUSE:Factory/firefox-esr/firefox-esr.changes 2025-06-24 20:52:59.557783092 +0200 +++ /work/SRC/openSUSE:Factory/.firefox-esr.new.8875/firefox-esr.changes 2025-07-23 16:36:07.126201777 +0200 @@ -2 +2 @@ -Mon Jun 23 09:12:47 UTC 2025 - Manfred Hollstein <manfre...@gmx.net> +Tue Jul 22 15:02:34 UTC 2025 - Manfred Hollstein <manfre...@gmx.net> @@ -4 +4,9 @@ -- Firefox Extended Support Release 128.12.0 ESR +- Avoid file conflict with MozillaFirefox regarding + firefox-search-provider.ini; assume MozillaFirefox gets installed + anyway, so omit traces here. Add Recommends: MozillaFirefox for + this. + +------------------------------------------------------------------- +Sat Jul 19 08:56:15 UTC 2025 - Manfred Hollstein <manfre...@gmx.net> + +- Firefox Extended Support Release 140.1.0 ESR @@ -6,3 +14,227 @@ -- Mozilla Firefox ESR 128.12.0 - https://www.mozilla.org/security/advisories/mfsa2025-53 - MFSA 2025-53 (boo#1244670) +- Mozilla Firefox ESR 140.1.0 + https://www.mozilla.org/security/advisories/mfsa2025-59 + MFSA 2025-59 (boo#1246664) + * CVE-2025-8027 (bmo#1968423) + JavaScript engine only wrote partial return value to stack + * CVE-2025-8028 (bmo#1971581) + Large branch table could lead to truncated instruction + * CVE-2025-8029 (bmo#1928021) + javascript: URLs executed on object and embed tags + * CVE-2025-8036 (bmo#1960834) + DNS rebinding circumvents CORS + * CVE-2025-8037 (bmo#1964767) + Nameless cookies shadow secure cookies + * CVE-2025-8030 (bmo#1968414) + Potential user-assisted code execution in “Copy as cURL” + command + * CVE-2025-8031 (bmo#1971719) + Incorrect URL stripping in CSP reports + * CVE-2025-8032 (bmo#1974407) + XSLT documents could bypass CSP + * CVE-2025-8038 (bmo#1808979) + CSP frame-src was not correctly enforced for paths + * CVE-2025-8039 (bmo#1970997) + Search terms persisted in URL bar + * CVE-2025-8033 (bmo#1973990) + Incorrect JavaScript state machine for generators + * CVE-2025-8034 (bmo#1970422, bmo#1970422, bmo#1970422, + bmo#1970422) + Memory safety bugs fixed in Firefox ESR 115.26, Firefox ESR + 128.13, Thunderbird ESR 128.13, Firefox ESR 140.1, + Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141 + * CVE-2025-8040 (bmo#1975058, bmo#1975058, bmo#1975998, + bmo#1975998) + Memory safety bugs fixed in Firefox ESR 140.1, Thunderbird + ESR 140.1, Firefox 141 and Thunderbird 141 + * CVE-2025-8035 (bmo#1975961, bmo#1975961, bmo#1975961) + Memory safety bugs fixed in Firefox ESR 128.13, Thunderbird + ESR 128.13, Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox + 141 and Thunderbird 141 + +------------------------------------------------------------------- +Mon Jun 23 09:15:00 UTC 2025 - Manfred Hollstein <manfre...@gmx.net> + +- Firefox Extended Support Release 140.0esr ESR + * New: ###General + - Reader View now has an enhanced Text and Layout menu with + new options for character spacing, word spacing, and text + alignment. These changes offer a more accessible reading + experience. + - Reader View now has a Theme menu with additional Contrast + and Gray options. You can also select custom colors for text, + background, and links from the Custom tab. + - Firefox will now offer to temporarily remember when users + grant permissions to sites (e.g. geolocation). Temporary + permissions will be removed either after one hour or when the + tab is closed. + - Firefox now includes safeguards to prevent sites from + abusing the history API by generating excessive history + entries, which can make navigating with the back and forward + buttons difficult by cluttering the history. This + intervention ensures that such entries, unless interacted + with by the user, are skipped when using the back and forward + buttons. + - Firefox now identifies all links in PDFs and turns them + into hyperlinks. + - You can now copy links from background tabs using the + tabstrip context menu on macOS and Linux. + - Users on macOS and Linux are now given the option to close + only the current tab if the Quit keyboard shortcut is used + while multiple tabs are open in the window. + * New: ###Sidebar and Tabs + - You can now enable the updated Firefox sidebar in Settings + > General > Browser Layout to quickly access multiple tools + in one click, without leaving your main view. Sidebar tools + include an AI chatbot of your choice, bookmarks, history, and + tabs from devices you sync with your Mozilla account. + - Keep a lot of tabs open? Try our new vertical tabs layout + to quickly scan your list of tabs. With vertical tabs, your + open and pinned tabs appear in the sidebar instead of along + the top of the browser. To turn on vertical tabs, right-click + on the toolbar near the top of the browser and select Turn on + Vertical Tabs. If you’ve enabled the updated sidebar, you can + also go to Customize sidebar and check Vertical tabs. Early + testers report feeling more organized after using vertical + tabs for a few days. + - Stay productive and organized with less effort by grouping + related tabs together. One simple way to create a group is to + drag a tab onto another, pause until you see a highlight, + then drop to create the group. Tab groups can be named, + color-coded, and are always saved. You can close a group and + reopen it later. + - A tab preview is now displayed when hovering the mouse over + background tabs, making it easier to locate the desired tab + without needing to switch tabs. + - The sidebar to view tabs from other devices can now be + opened via the Tab overview menu. + * New: ###Security & Privacy + - HTTPS is replacing HTTP as the default protocol in the + address bar on non-local sites. If a site is not available + via HTTPS, Firefox will fall back to HTTP. + - Firefox now blocks third-party cookie access when Enhanced + Tracking Protection's Strict mode is enabled. + - Firefox now has a new anti-tracking feature, Bounce + Tracking Protection, which is now available in Enhanced + Tracking Protection's "Strict" mode. This feature detects + bounce trackers based on their redirect behavior and + periodically purges their cookies and site data to block + tracking. + - Firefox now enforces certificate transparency, requiring + web servers to provide sufficient proof that their + certificates were publicly disclosed before they will be + trusted. This only affects servers using certificates issued + by a certificate authority in Mozilla's Root CA Program. + - Smartblock Embeds allows users to selectively unblock + certain social media embeds that are blocked in ETP Strict + and Private Browsing modes. Currently, support is limited to + a few embed types, with more to be added in future updates. + - Firefox now upgrades page loads to HTTPS by default and + gracefully falls back to HTTP if the secure connection fails. + This behavior is known as HTTPS-First. + - The "Copy Without Site Tracking" menu item was renamed to + "Copy Clean Link" to help clarify expectations around what + the feature does. "Copy Clean Link" is a list based approach + to remove - known tracking parameters from links. This option + can also now be used on plain text links. + - The Clear browsing data and cookies dialog now allows + clearing saved form info separately from browsing history. + * New: ###Translations + - Firefox now allows translating selected text portions to + different languages after a full-page translation. + - Full-Page Translations are now available within Firefox + extension pages that start with the moz-extension:// URL + scheme. + - When suggesting a default translation language, Firefox + will now take into consideration languages you have + previously used for translations. + - Added support for many new languages in Firefox + translation. + * New: ###Windows + - Canvas2D switched from Direct2D to a platform independent + acceleration backend on Windows. + - Hardware-accelerated playback of HEVC video content is now + supported on Windows. + - Firefox on Windows 11 now uses acrylic-style menus for + popup windows, which better match the operating system’s + aesthetic. + * New: ###macOS + - Added support for multiple languages in the same document + spoken in macOS VoiceOver. + - The macOS session resume feature has been enhanced. Firefox + will now automatically relaunch if it was open before a + system restart, like after an OS update. + - The macOS DMG installer packages now use LZMA for + compression, reducing download size and installation time. + - Due to recent changes in macOS Sequoia, the shortcut for + completing search strings to .com addresses has been changed + from Ctrl+Enter to Cmd+Enter. + * New: ###Linux + - Firefox now supports touchpad hold gestures on Linux. This + means that kinetic (momentum) scrolling can now be + interrupted by placing two fingers on the touchpad. + * Developer: - Firefox now supports text fragments, which + allows users to link directly to a specific portion of text + in a web document via a special URL fragment. + - Debugger log-point values are now automatically converted + into profiler markers, making it easy to add information to + the marker timeline directly from the Debugger. + - The Debugger's directory root is now scoped to the specific + domain where it was set, which aligns with typical usage and + avoids applying it across unrelated domains. This builds on + previous improvements such as a redesigned UI and easier + removal of the root setting. Setting a directory root updates + the Source List to show only the selected directory and its + children. (Learn more) + - The Network Blocking feature in the Network panel now + blocks HTTP requests in addition to blocking responses. + - The Network panel displays information about Early Hints, + including a dedicated indicator for the 103 HTTP status code + in the user interface. + - The Network panel now allows overriding network request + responses with local files. + - The filter setting in the Network panel is now preserved + across DevTools Toolbox sessions. + - A new column has been added to the Network panel to display + the full path of the request URL. This enhancement makes + helps developers quickly view and analyze complete request + paths. + - Introduced a new console command `$$$` that allows + searching the page, including within shadow roots. + - Improved support for debugging web extensions, such as + automatically reloading the web extension's source code in + the Debugger when the extension is reloaded. Workers are now + available in the Console panel’s context selector and + breakpoints function correctly in content scripts. + - In the Inspector Fonts panel, we now display fonts + metadata, like the font version, designer, vendor, license, + etc. + - Added support for the import map integrity field, allowing + you to ensure the integrity of dynamically or statically + imported modules. + - Implemented support for `Error.isError`, enabling brand + checks to determine whether an object is an instance of + Error. (Learn more) + - Added support for the `error.captureStackTrace` extension + to improve compatibility with other browsers. (Learn more) + [5]: http://github.com/tc39/proposal-error- + capturestacktrace + * Enterprise: - The UserMessaging policy has been updated with + a new option to allow disabling Firefox Labs in preferences. + - The Preferences policy has been updated to allow setting + the preference security.pki.certificate_transparency.mode. + - HTTPS-First is now on by default. You can manage this + behavior using the HttpsOnlyMode and HttpAllowlist policies. + - An internal change has been made to Firefox that removes + `XPCOMUtils.defineLazyGetter`. For most people, this + shouldn't matter, but if you encounter problems with + AutoConfig or third party software like PolicyPak, this might + be the cause. You'll need to reach out to your provider. + - Firefox now supports the Content Analysis SDK for + integrating DLP software. For more information, see this + post. + - The SearchEngines policy is now available on all versions + of Firefox (not just the ESR). + * Fixed: Various security fixes. +- Mozilla Firefox ESR 140.0 + https://www.mozilla.org/security/advisories/mfsa2025-51 + MFSA 2025-51 (boo#1244670) @@ -15,0 +248,6 @@ + * CVE-2025-6427 (bmo#1966927) + connect-src Content Security Policy restriction could be + bypassed + * CVE-2025-6428 (bmo#1970151) + Firefox for Android opened URLs specified in a link + querystring parameter @@ -22,7 +260,20 @@ - -------------------------------------------------------------------- -Tue Jun 17 08:18:37 UTC 2025 - Manfred Hollstein <manfre...@gmx.net> - -- Use these tools/versions unconditionally, package won't build on - Tumbleweed with new gcc15 otherwise: - gcc14, gcc14-c++, cargo1.84, rust1.84 + * CVE-2025-6431 (bmo#1942716) + The prompt in Firefox for Android that asks before opening a + link in an external application could be bypassed + * CVE-2025-6432 (bmo#1943804) + DNS Requests leaked outside of a configured SOCKS proxy + * CVE-2025-6433 (bmo#1954033) + WebAuthn would allow a user to sign a challenge on a webpage + with an invalid TLS certificate + * CVE-2025-6434 (bmo#1955182) + HTTPS-Only exception screen lacked anti-clickjacking delay + * CVE-2025-6435 (bmo#1950056, bmo#1961777) + Save as in Devtools could download files without sanitizing + the extension + * CVE-2025-6436 (bmo#1941377, bmo#1960948, bmo#1966187, + bmo#1966505, bmo#1970764) + Memory safety bugs fixed in Firefox 140 and Thunderbird 140 +- Requires: + NSS >= 3.112 + cargo/rust 1.86 + rust-cbindgen >= 0.28 @@ -431,0 +683,5 @@ + +------------------------------------------------------------------- +Wed Sep 4 03:11:13 UTC 2024 - pallas wept <pallasw...@proton.me> + +- Added mozilla-bmo1746799.patch to fix incorrect audio volume scaling Old: ---- firefox-128.12.0esr.source.tar.xz firefox-128.12.0esr.source.tar.xz.asc l10n-128.12.0esr.tar.xz mozilla-fix-cmath-issues.patch New: ---- MozillaFirefox.changes MozillaFirefox.desktop.in.in firefox-140.1.0esr.source.tar.xz firefox-140.1.0esr.source.tar.xz.asc l10n-140.1.0esr.tar.xz mozilla-bmo1746799.patch mozilla-bmo531915.patch ----------(Old B)---------- Old:/work/SRC/openSUSE:Factory/.firefox-esr.new.8875/MozillaFirefox.changes- /work/SRC/openSUSE:Factory/.firefox-esr.new.8875/MozillaFirefox.changes:- Add "mozilla-fix-cmath-issues.patch" to fix math issues on TW/i586 /work/SRC/openSUSE:Factory/.firefox-esr.new.8875/MozillaFirefox.changes- -- /work/SRC/openSUSE:Factory/.firefox-esr.new.8875/firefox-esr.changes- /work/SRC/openSUSE:Factory/.firefox-esr.new.8875/firefox-esr.changes:- Add "mozilla-fix-cmath-issues.patch" to fix math issues on TW/i586 /work/SRC/openSUSE:Factory/.firefox-esr.new.8875/firefox-esr.changes- ----------(Old E)---------- ----------(New B)---------- New:/work/SRC/openSUSE:Factory/.firefox-esr.new.8875/MozillaFirefox.changes- /work/SRC/openSUSE:Factory/.firefox-esr.new.8875/MozillaFirefox.changes:- Added mozilla-bmo1746799.patch to fix incorrect audio volume scaling /work/SRC/openSUSE:Factory/.firefox-esr.new.8875/MozillaFirefox.changes- -- /work/SRC/openSUSE:Factory/.firefox-esr.new.8875/firefox-esr.changes- /work/SRC/openSUSE:Factory/.firefox-esr.new.8875/firefox-esr.changes:- Added mozilla-bmo1746799.patch to fix incorrect audio volume scaling /work/SRC/openSUSE:Factory/.firefox-esr.new.8875/firefox-esr.changes- New:/work/SRC/openSUSE:Factory/.firefox-esr.new.8875/MozillaFirefox.changes- * mozilla-bmo1822730.patch /work/SRC/openSUSE:Factory/.firefox-esr.new.8875/MozillaFirefox.changes: * mozilla-bmo531915.patch /work/SRC/openSUSE:Factory/.firefox-esr.new.8875/MozillaFirefox.changes- * mozilla-fix-aarch64-libopus.patch -- /work/SRC/openSUSE:Factory/.firefox-esr.new.8875/firefox-esr.changes- * mozilla-bmo1822730.patch /work/SRC/openSUSE:Factory/.firefox-esr.new.8875/firefox-esr.changes: * mozilla-bmo531915.patch /work/SRC/openSUSE:Factory/.firefox-esr.new.8875/firefox-esr.changes- * mozilla-fix-aarch64-libopus.patch ----------(New E)---------- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ firefox-esr.spec ++++++ --- /var/tmp/diff_new_pack.2hOU6x/_old 2025-07-23 16:36:17.622610478 +0200 +++ /var/tmp/diff_new_pack.2hOU6x/_new 2025-07-23 16:36:17.622610478 +0200 @@ -40,9 +40,9 @@ # orig_suffix b3 # major 69 # mainver %%major.99 -%define major 128 -%define mainver %major.12.0 -%define orig_version 128.12.0 +%define major 140 +%define mainver %major.1.0 +%define orig_version 140.1.0 %define orig_suffix esr %define update_channel esr %define branding 1 @@ -113,10 +113,14 @@ BuildRequires: dejavu-fonts BuildRequires: fdupes BuildRequires: memory-constraints -BuildRequires: gcc14 -BuildRequires: gcc14-c++ -BuildRequires: cargo1.84 -BuildRequires: rust1.84 +%if 0%{?suse_version} < 1550 && 0%{?sle_version} <= 150600 +BuildRequires: gcc13 +BuildRequires: gcc13-c++ +%else +BuildRequires: gcc-c++ +%endif +BuildRequires: cargo1.86 +BuildRequires: rust1.86 %if 0%{useccache} != 0 BuildRequires: ccache %endif @@ -125,8 +129,8 @@ BuildRequires: libiw-devel BuildRequires: libproxy-devel BuildRequires: makeinfo -BuildRequires: mozilla-nspr-devel >= 4.35 -BuildRequires: mozilla-nss-devel >= 3.100 +BuildRequires: mozilla-nspr-devel >= 4.36 +BuildRequires: mozilla-nss-devel >= 3.110 BuildRequires: nasm >= 2.14 BuildRequires: nodejs >= 12.22.12 %if 0%{?sle_version} >= 120000 && 0%{?sle_version} < 150000 @@ -149,9 +153,11 @@ BuildRequires: python3-devel %endif %endif -BuildRequires: rust-cbindgen >= 0.26 +BuildRequires: rust-cbindgen >= 0.28 +%if 0%{?suse_version} > 1560 +BuildRequires: translate-suse-desktop +%endif BuildRequires: unzip -BuildRequires: update-desktop-files BuildRequires: xorg-x11-libXt-devel %if 0%{?do_profiling} BuildRequires: xvfb-run @@ -195,10 +201,13 @@ URL: http://www.mozilla.org/ %if !%{with only_print_mozconfig} Source: http://ftp.mozilla.org/pub/%{srcname}/releases/%{version}%{orig_suffix}/source/%{srcname}-%{orig_version}%{orig_suffix}.source.tar.xz -Source1: MozillaFirefox.desktop +Source1: MozillaFirefox.desktop.in.in Source2: MozillaFirefox-rpmlintrc Source3: mozilla.sh.in Source4: tar_stamps +# Ready made desktop file for products that don't support %%translate_suse_desktop. +# You can be prompted for the update during the Factory build. +Source5: MozillaFirefox.desktop %if %{localize} Source7: l10n-%{orig_version}%{orig_suffix}.tar.xz %endif @@ -209,7 +218,10 @@ Source13: spellcheck.js Source14: https://github.com/openSUSE/firefox-scripts/raw/913fab1/create-tar.sh Source15: firefox-appdata.xml -Source16: firefox-search-provider.ini +Source16: %{name}.changes +%if "%{pkgname}" != "firefox-esr" +Source17: firefox-search-provider.ini +%endif # Set up API keys, see http://www.chromium.org/developers/how-tos/api-keys # Note: these are for the openSUSE Firefox builds ONLY. For your own distribution, # please get your own set of keys. @@ -231,9 +243,10 @@ Patch15: mozilla-bmo998749.patch Patch17: mozilla-libavcodec58_91.patch Patch18: mozilla-silence-no-return-type.patch +Patch19: mozilla-bmo531915.patch Patch20: one_swizzle_to_rule_them_all.patch Patch21: svg-rendering.patch -Patch22: mozilla-fix-cmath-issues.patch +Patch24: mozilla-bmo1746799.patch # Firefox/browser Patch102: firefox-branded-icons.patch %endif @@ -255,6 +268,9 @@ %endif # addon leads to startup crash (bnc#908892) Obsoletes: tracker-miner-firefox < 0.15 +%if "%{pkgname}" == "firefox-esr" +Recommends: MozillaFirefox +%endif %if 0%{?devpkg} == 0 Obsoletes: %{name}-devel < %{version} %endif @@ -340,11 +356,33 @@ %else %setup -q -n %{srcname}-%{orig_version} %endif +%if 0%{?suse_version} > 1560 +cp %{SOURCE1} %{desktop_file_name}.desktop.in.in +%else +cp %{SOURCE5} %{desktop_file_name}.desktop +%endif cd $RPM_BUILD_DIR/%{srcname}-%{orig_version} %autopatch -p1 %endif %build +# desktop file +%if 0%{?suse_version} > 1560 +sed "s:%%NAME:%{appname}:g +s:%%EXEC:%{progname}:g +s:%%ICON:%{progname}:g +s:%%WMCLASS:%{progname}%{major}:g" \ + %{desktop_file_name}.desktop.in.in > %{desktop_file_name}.desktop.in +%translate_suse_desktop %{desktop_file_name}.desktop +if ! diff %{desktop_file_name}.desktop %{SOURCE5} ; then +cat <<EOF +A new version of desktop file exists. Please update MozillaFirefox.desktop +rpm source from $PWD/%{desktop_file_name}.desktop +to get translations to older products. +EOF + exit 1 +fi +%endif %if !%{with only_print_mozconfig} # Ensure both .changes files do exist: ln -f "%{_sourcedir}/firefox-esr.changes.txt" "%{_sourcedir}/%{pkgname}.changes" @@ -381,9 +419,14 @@ export MOZ_TELEMETRY_REPORTING=1 export MACH_BUILD_PYTHON_NATIVE_PACKAGE_SOURCE=system export CFLAGS="%{optflags}" +%if 0%{?suse_version} < 1550 && 0%{?sle_version} <= 150600 +export CC=gcc-13 +export CXX=g++-13 +%else %if 0%{?clang_build} == 0 -export CC=gcc-14 -export CXX=g++-14 +export CC=gcc +export CXX=g++ +%endif %endif %ifarch %arm %ix86 ### NOTE: these sections are not required anymore. Alson --no-keep-memory + -Wl,-z,pack-relative-relocs causes @@ -523,7 +566,6 @@ mk_add_options MOZILLA_OFFICIAL=1 mk_add_options BUILD_OFFICIAL=1 mk_add_options MOZ_OBJDIR=@TOPSRCDIR@/../obj_LANG -mk_add_options MOZ_MAKE_FLAGS=-j1 . \$topsrcdir/browser/config/mozconfig ac_add_options --prefix=%{_prefix} ac_add_options --with-l10n-base=$RPM_BUILD_DIR/l10n @@ -534,12 +576,11 @@ %endif EOF -# Let's not build the various langpacks in parallel. It may be the -# reason for random build failures as can be seen in boo#1239446 -# %define njobs 0%{?jobs:%%jobs} -# Unless the build failures will happen again even when building -# sequentially, we'll define njobs to 1: -%define njobs 1 +%if 0%{?suse_version} >= 1600 +%define njobs ${RPM_BUILD_NCPUS:-0} +%else +%define njobs 0%{?jobs:%jobs} +%endif mkdir -p $RPM_BUILD_DIR/langpacks_artifacts/ sed -r '/^(ja-JP-mac|ga-IE|en-US|)$/d;s/ .*$//' $RPM_BUILD_DIR/%{srcname}-%{orig_version}/browser/locales/shipped-locales \ | xargs -n 1 %{?njobs:-P %njobs} -I {} /bin/sh -c ' @@ -568,6 +609,7 @@ %endif %install +install -D -m 0644 %{desktop_file_name}.desktop %{buildroot}%{_datadir}/applications/%{desktop_file_name}.desktop cd $RPM_BUILD_DIR/obj source %{SOURCE4} export MOZ_SOURCE_STAMP=$RELEASE_TAG @@ -621,14 +663,6 @@ %{SOURCE3} > %{buildroot}%{progdir}/%{progname}.sh chmod 755 %{buildroot}%{progdir}/%{progname}.sh ln -sf ../..%{progdir}/%{progname}.sh %{buildroot}%{_bindir}/%{progname} -# desktop file -mkdir -p %{buildroot}%{_datadir}/applications -sed "s:%%NAME:%{appname}:g -s:%%EXEC:%{progname}:g -s:%%ICON:%{progname}:g -s:%%WMCLASS:%{progname}%{major}:g" \ - %{SOURCE1} > %{buildroot}%{_datadir}/applications/%{desktop_file_name}.desktop -%suse_update_desktop_file %{desktop_file_name} Network WebBrowser GTK # additional mime-types mkdir -p %{buildroot}%{_datadir}/mime/packages cp %{SOURCE8} %{buildroot}%{_datadir}/mime/packages/%{progname}.xml @@ -639,9 +673,11 @@ # install man-page mkdir -p %{buildroot}%{_mandir}/man1/ cp %{SOURCE11} %{buildroot}%{_mandir}/man1/%{progname}.1 -## install GNOME Shell search provider -#mkdir -p %{buildroot}%{_datadir}/gnome-shell/search-providers -#cp %{SOURCE16} %{buildroot}%{_datadir}/gnome-shell/search-providers +%if "%{pkgname}" != "firefox-esr" +# install GNOME Shell search provider +mkdir -p %{buildroot}%{_datadir}/gnome-shell/search-providers +cp %{SOURCE17} %{buildroot}%{_datadir}/gnome-shell/search-providers +%endif ########## # ADDONS # @@ -712,7 +748,6 @@ %dir %{progdir}/browser/ %dir %{progdir}/browser/chrome/ %{progdir}/browser/defaults -%{progdir}/browser/features/ %{progdir}/browser/chrome/icons %{progdir}/browser/omni.ja %dir %{progdir}/distribution/ @@ -737,17 +772,20 @@ %{progdir}/pingsender %{progdir}/platform.ini %if %crashreporter +%{progdir}/crashhelper %{progdir}/crashreporter -#%{progdir}/crashreporter.ini -#%{progdir}/Throbber-small.gif -%{progdir}/minidump-analyzer -#%{progdir}/browser/crashreporter-override.ini +#%%{progdir}/crashreporter.ini +#%%{progdir}/Throbber-small.gif +#%%{progdir}/minidump-analyzer +#%%{progdir}/browser/crashreporter-override.ini %endif %{_datadir}/applications/%{desktop_file_name}.desktop %{_datadir}/mime/packages/%{progname}.xml -#%dir %{_datadir}/gnome-shell -#%dir %{_datadir}/gnome-shell/search-providers -#%{_datadir}/gnome-shell/search-providers/*.ini +%if "%{pkgname}" != "firefox-esr" +%dir %{_datadir}/gnome-shell +%dir %{_datadir}/gnome-shell/search-providers +%{_datadir}/gnome-shell/search-providers/*.ini +%endif %dir %{_datadir}/mozilla %dir %{_datadir}/mozilla/extensions %dir %{_datadir}/mozilla/extensions/%{firefox_appid} ++++++ MozillaFirefox.changes.txt ++++++ --- /var/tmp/diff_new_pack.2hOU6x/_old 2025-07-23 16:36:17.714614061 +0200 +++ /var/tmp/diff_new_pack.2hOU6x/_new 2025-07-23 16:36:17.722614372 +0200 @@ -1,11 +1,243 @@ ------------------------------------------------------------------- -Mon Jun 23 09:12:47 UTC 2025 - Manfred Hollstein <manfre...@gmx.net> +Tue Jul 22 15:02:34 UTC 2025 - Manfred Hollstein <manfre...@gmx.net> -- Firefox Extended Support Release 128.12.0 ESR +- Avoid file conflict with MozillaFirefox regarding + firefox-search-provider.ini; assume MozillaFirefox gets installed + anyway, so omit traces here. Add Recommends: MozillaFirefox for + this. + +------------------------------------------------------------------- +Sat Jul 19 08:56:15 UTC 2025 - Manfred Hollstein <manfre...@gmx.net> + +- Firefox Extended Support Release 140.1.0 ESR * Fixed: Various security fixes. -- Mozilla Firefox ESR 128.12.0 - https://www.mozilla.org/security/advisories/mfsa2025-53 - MFSA 2025-53 (boo#1244670) +- Mozilla Firefox ESR 140.1.0 + https://www.mozilla.org/security/advisories/mfsa2025-59 + MFSA 2025-59 (boo#1246664) + * CVE-2025-8027 (bmo#1968423) + JavaScript engine only wrote partial return value to stack + * CVE-2025-8028 (bmo#1971581) + Large branch table could lead to truncated instruction + * CVE-2025-8029 (bmo#1928021) + javascript: URLs executed on object and embed tags + * CVE-2025-8036 (bmo#1960834) + DNS rebinding circumvents CORS + * CVE-2025-8037 (bmo#1964767) + Nameless cookies shadow secure cookies + * CVE-2025-8030 (bmo#1968414) + Potential user-assisted code execution in “Copy as cURL” + command + * CVE-2025-8031 (bmo#1971719) + Incorrect URL stripping in CSP reports + * CVE-2025-8032 (bmo#1974407) + XSLT documents could bypass CSP + * CVE-2025-8038 (bmo#1808979) + CSP frame-src was not correctly enforced for paths + * CVE-2025-8039 (bmo#1970997) + Search terms persisted in URL bar + * CVE-2025-8033 (bmo#1973990) + Incorrect JavaScript state machine for generators + * CVE-2025-8034 (bmo#1970422, bmo#1970422, bmo#1970422, + bmo#1970422) + Memory safety bugs fixed in Firefox ESR 115.26, Firefox ESR + 128.13, Thunderbird ESR 128.13, Firefox ESR 140.1, + Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141 + * CVE-2025-8040 (bmo#1975058, bmo#1975058, bmo#1975998, + bmo#1975998) + Memory safety bugs fixed in Firefox ESR 140.1, Thunderbird + ESR 140.1, Firefox 141 and Thunderbird 141 + * CVE-2025-8035 (bmo#1975961, bmo#1975961, bmo#1975961) + Memory safety bugs fixed in Firefox ESR 128.13, Thunderbird + ESR 128.13, Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox + 141 and Thunderbird 141 + +------------------------------------------------------------------- +Mon Jun 23 09:15:00 UTC 2025 - Manfred Hollstein <manfre...@gmx.net> + +- Firefox Extended Support Release 140.0esr ESR + * New: ###General + - Reader View now has an enhanced Text and Layout menu with + new options for character spacing, word spacing, and text + alignment. These changes offer a more accessible reading + experience. + - Reader View now has a Theme menu with additional Contrast + and Gray options. You can also select custom colors for text, + background, and links from the Custom tab. + - Firefox will now offer to temporarily remember when users + grant permissions to sites (e.g. geolocation). Temporary + permissions will be removed either after one hour or when the + tab is closed. + - Firefox now includes safeguards to prevent sites from + abusing the history API by generating excessive history + entries, which can make navigating with the back and forward + buttons difficult by cluttering the history. This + intervention ensures that such entries, unless interacted + with by the user, are skipped when using the back and forward + buttons. + - Firefox now identifies all links in PDFs and turns them + into hyperlinks. + - You can now copy links from background tabs using the + tabstrip context menu on macOS and Linux. + - Users on macOS and Linux are now given the option to close + only the current tab if the Quit keyboard shortcut is used + while multiple tabs are open in the window. + * New: ###Sidebar and Tabs + - You can now enable the updated Firefox sidebar in Settings + > General > Browser Layout to quickly access multiple tools + in one click, without leaving your main view. Sidebar tools + include an AI chatbot of your choice, bookmarks, history, and + tabs from devices you sync with your Mozilla account. + - Keep a lot of tabs open? Try our new vertical tabs layout + to quickly scan your list of tabs. With vertical tabs, your + open and pinned tabs appear in the sidebar instead of along + the top of the browser. To turn on vertical tabs, right-click + on the toolbar near the top of the browser and select Turn on + Vertical Tabs. If you’ve enabled the updated sidebar, you can + also go to Customize sidebar and check Vertical tabs. Early + testers report feeling more organized after using vertical + tabs for a few days. + - Stay productive and organized with less effort by grouping + related tabs together. One simple way to create a group is to + drag a tab onto another, pause until you see a highlight, + then drop to create the group. Tab groups can be named, + color-coded, and are always saved. You can close a group and + reopen it later. + - A tab preview is now displayed when hovering the mouse over + background tabs, making it easier to locate the desired tab + without needing to switch tabs. + - The sidebar to view tabs from other devices can now be + opened via the Tab overview menu. + * New: ###Security & Privacy + - HTTPS is replacing HTTP as the default protocol in the + address bar on non-local sites. If a site is not available + via HTTPS, Firefox will fall back to HTTP. + - Firefox now blocks third-party cookie access when Enhanced + Tracking Protection's Strict mode is enabled. + - Firefox now has a new anti-tracking feature, Bounce + Tracking Protection, which is now available in Enhanced + Tracking Protection's "Strict" mode. This feature detects + bounce trackers based on their redirect behavior and + periodically purges their cookies and site data to block + tracking. + - Firefox now enforces certificate transparency, requiring + web servers to provide sufficient proof that their + certificates were publicly disclosed before they will be + trusted. This only affects servers using certificates issued + by a certificate authority in Mozilla's Root CA Program. + - Smartblock Embeds allows users to selectively unblock + certain social media embeds that are blocked in ETP Strict + and Private Browsing modes. Currently, support is limited to + a few embed types, with more to be added in future updates. + - Firefox now upgrades page loads to HTTPS by default and + gracefully falls back to HTTP if the secure connection fails. + This behavior is known as HTTPS-First. + - The "Copy Without Site Tracking" menu item was renamed to + "Copy Clean Link" to help clarify expectations around what + the feature does. "Copy Clean Link" is a list based approach + to remove - known tracking parameters from links. This option + can also now be used on plain text links. + - The Clear browsing data and cookies dialog now allows + clearing saved form info separately from browsing history. + * New: ###Translations + - Firefox now allows translating selected text portions to + different languages after a full-page translation. + - Full-Page Translations are now available within Firefox + extension pages that start with the moz-extension:// URL + scheme. + - When suggesting a default translation language, Firefox + will now take into consideration languages you have + previously used for translations. + - Added support for many new languages in Firefox + translation. + * New: ###Windows + - Canvas2D switched from Direct2D to a platform independent + acceleration backend on Windows. + - Hardware-accelerated playback of HEVC video content is now + supported on Windows. + - Firefox on Windows 11 now uses acrylic-style menus for + popup windows, which better match the operating system’s + aesthetic. + * New: ###macOS + - Added support for multiple languages in the same document + spoken in macOS VoiceOver. + - The macOS session resume feature has been enhanced. Firefox + will now automatically relaunch if it was open before a + system restart, like after an OS update. + - The macOS DMG installer packages now use LZMA for + compression, reducing download size and installation time. + - Due to recent changes in macOS Sequoia, the shortcut for + completing search strings to .com addresses has been changed + from Ctrl+Enter to Cmd+Enter. + * New: ###Linux + - Firefox now supports touchpad hold gestures on Linux. This + means that kinetic (momentum) scrolling can now be + interrupted by placing two fingers on the touchpad. + * Developer: - Firefox now supports text fragments, which + allows users to link directly to a specific portion of text + in a web document via a special URL fragment. + - Debugger log-point values are now automatically converted + into profiler markers, making it easy to add information to + the marker timeline directly from the Debugger. + - The Debugger's directory root is now scoped to the specific + domain where it was set, which aligns with typical usage and + avoids applying it across unrelated domains. This builds on + previous improvements such as a redesigned UI and easier + removal of the root setting. Setting a directory root updates + the Source List to show only the selected directory and its + children. (Learn more) + - The Network Blocking feature in the Network panel now + blocks HTTP requests in addition to blocking responses. + - The Network panel displays information about Early Hints, + including a dedicated indicator for the 103 HTTP status code + in the user interface. + - The Network panel now allows overriding network request + responses with local files. + - The filter setting in the Network panel is now preserved + across DevTools Toolbox sessions. + - A new column has been added to the Network panel to display + the full path of the request URL. This enhancement makes + helps developers quickly view and analyze complete request + paths. + - Introduced a new console command `$$$` that allows + searching the page, including within shadow roots. + - Improved support for debugging web extensions, such as + automatically reloading the web extension's source code in + the Debugger when the extension is reloaded. Workers are now + available in the Console panel’s context selector and + breakpoints function correctly in content scripts. + - In the Inspector Fonts panel, we now display fonts + metadata, like the font version, designer, vendor, license, + etc. + - Added support for the import map integrity field, allowing + you to ensure the integrity of dynamically or statically + imported modules. + - Implemented support for `Error.isError`, enabling brand + checks to determine whether an object is an instance of + Error. (Learn more) + - Added support for the `error.captureStackTrace` extension + to improve compatibility with other browsers. (Learn more) + [5]: http://github.com/tc39/proposal-error- + capturestacktrace + * Enterprise: - The UserMessaging policy has been updated with + a new option to allow disabling Firefox Labs in preferences. + - The Preferences policy has been updated to allow setting + the preference security.pki.certificate_transparency.mode. + - HTTPS-First is now on by default. You can manage this + behavior using the HttpsOnlyMode and HttpAllowlist policies. + - An internal change has been made to Firefox that removes + `XPCOMUtils.defineLazyGetter`. For most people, this + shouldn't matter, but if you encounter problems with + AutoConfig or third party software like PolicyPak, this might + be the cause. You'll need to reach out to your provider. + - Firefox now supports the Content Analysis SDK for + integrating DLP software. For more information, see this + post. + - The SearchEngines policy is now available on all versions + of Firefox (not just the ESR). + * Fixed: Various security fixes. +- Mozilla Firefox ESR 140.0 + https://www.mozilla.org/security/advisories/mfsa2025-51 + MFSA 2025-51 (boo#1244670) * CVE-2025-6424 (bmo#1966423) Use-after-free in FontFaceSet * CVE-2025-6425 (bmo#1717672) @@ -13,19 +245,38 @@ persistent UUID * CVE-2025-6426 (bmo#1964385) No warning when opening executable terminal files on macOS + * CVE-2025-6427 (bmo#1966927) + connect-src Content Security Policy restriction could be + bypassed + * CVE-2025-6428 (bmo#1970151) + Firefox for Android opened URLs specified in a link + querystring parameter * CVE-2025-6429 (bmo#1970658) Incorrect parsing of URLs could have allowed embedding of youtube.com * CVE-2025-6430 (bmo#1971140) Content-Disposition header ignored when a file is included in an embed or object tag - -------------------------------------------------------------------- -Tue Jun 17 08:18:37 UTC 2025 - Manfred Hollstein <manfre...@gmx.net> - -- Use these tools/versions unconditionally, package won't build on - Tumbleweed with new gcc15 otherwise: - gcc14, gcc14-c++, cargo1.84, rust1.84 + * CVE-2025-6431 (bmo#1942716) + The prompt in Firefox for Android that asks before opening a + link in an external application could be bypassed + * CVE-2025-6432 (bmo#1943804) + DNS Requests leaked outside of a configured SOCKS proxy + * CVE-2025-6433 (bmo#1954033) + WebAuthn would allow a user to sign a challenge on a webpage + with an invalid TLS certificate + * CVE-2025-6434 (bmo#1955182) + HTTPS-Only exception screen lacked anti-clickjacking delay + * CVE-2025-6435 (bmo#1950056, bmo#1961777) + Save as in Devtools could download files without sanitizing + the extension + * CVE-2025-6436 (bmo#1941377, bmo#1960948, bmo#1966187, + bmo#1966505, bmo#1970764) + Memory safety bugs fixed in Firefox 140 and Thunderbird 140 +- Requires: + NSS >= 3.112 + cargo/rust 1.86 + rust-cbindgen >= 0.28 ------------------------------------------------------------------- Sun Jun 8 14:58:17 UTC 2025 - Bernhard Wiedemann <bwiedem...@suse.com> @@ -431,6 +682,11 @@ Thunderbird 131, and Thunderbird 128.3 ------------------------------------------------------------------- +Wed Sep 4 03:11:13 UTC 2024 - pallas wept <pallasw...@proton.me> + +- Added mozilla-bmo1746799.patch to fix incorrect audio volume scaling + +------------------------------------------------------------------- Tue Sep 3 05:21:00 UTC 2024 - Manfred Hollstein <manfre...@gmx.net> - Firefox Extended Support Release 128.2.0 ESR ++++++ MozillaFirefox.desktop ++++++ --- /var/tmp/diff_new_pack.2hOU6x/_old 2025-07-23 16:36:17.746615307 +0200 +++ /var/tmp/diff_new_pack.2hOU6x/_new 2025-07-23 16:36:17.750615462 +0200 @@ -1,39 +1,58 @@ [Desktop Entry] Encoding=UTF-8 -Name=%NAME +Name=Firefox ESR GenericName=Web Browser +GenericName[ar]=متصفّح وِب +GenericName[be]=Вэб-браўзер GenericName[ca]=Navegador web GenericName[cs]=Webový prohlížeč +GenericName[da]=Webbrowser +GenericName[de]=Web-Browser +GenericName[el]=Περιηγητής ιστοσελίδων GenericName[es]=Navegador web +GenericName[et]=Veebisirvik GenericName[fa]=مرورگر اینترنتی -GenericName[fi]=WWW-selain +GenericName[fi]=Verkkoselain GenericName[fr]=Navigateur Web +GenericName[gl]=Navegador Web GenericName[hu]=Webböngésző -GenericName[it]=Browser Web -GenericName[ja]=ウェブ・ブラウザ +GenericName[id]=Peramban Web +GenericName[it]=Navigatore web +GenericName[ja]=Web ブラウザ +GenericName[ka]=ბრაუზერი +GenericName[kab]=Sekker iminig n web +GenericName[km]=កម្មវិធីរុករកបណ្ដាញ GenericName[ko]=웹 브라우저 +GenericName[lt]=Žiniatinklio naršyklė GenericName[nb]=Nettleser GenericName[nl]=Webbrowser GenericName[nn]=Nettlesar GenericName[no]=Nettleser -GenericName[pl]=Przeglądarka WWW -GenericName[pt]=Navegador Web +GenericName[pl]=Przeglądarka internetowa +GenericName[pt]=Navegador de internet GenericName[pt_BR]=Navegador Web +GenericName[ro]=Navigator de web GenericName[ru]=Веб-браузер -GenericName[sk]=Internetový prehliadač +GenericName[sk]=Webový prehliadač GenericName[sv]=Webbläsare -GenericName[uk]=Веб-браузер +GenericName[tr]=Web Tarayıcı +GenericName[uk]=Навігатор Тенет +GenericName[wa]=Betchteu waibe +GenericName[zh_CN]=网页浏览器 +GenericName[zh_TW]=網頁瀏覽器 Comment=Browse the Web -Comment[ca]=Navegueu per el web +Comment[ca]=Navegueu per la xarxa Comment[cs]=Prohlížení stránek World Wide Webu Comment[de]=Im Internet surfen Comment[es]=Navegue por la web Comment[fa]=صفحات شبکه جهانی اینترنت را مرور نمایید Comment[fi]=Selaa Internetin WWW-sivuja Comment[fr]=Navigue sur Internet +Comment[gl]=Navegue pola web Comment[hu]=A világháló böngészése Comment[it]=Esplora il web -Comment[ja]=ウェブを閲覧します +Comment[ja]=Web を閲覧します +Comment[ka]=იმუშავეთ ინტერნეტში Comment[ko]=웹을 돌아 다닙니다 Comment[nb]=Surf på nettet Comment[nl]=Verken het internet @@ -43,14 +62,16 @@ Comment[pt]=Navegue na Internet Comment[pt_BR]=Navegue na Internet Comment[ru]=Просмотр веб-страниц -Comment[sk]=Prehliadanie internetu +Comment[sk]=Prehľadávanie webu Comment[sv]=Surfa på webben +Comment[tr]=Web'de gezinin Comment[uk]=Перегляд веб-сторінок -TryExec=%EXEC -Exec=%EXEC %u -Icon=%ICON +TryExec=firefox-esr +Exec=firefox-esr %u +Icon=firefox-esr Terminal=false StartupNotify=true +Categories=Network;WebBrowser;GTK; MimeType=text/html;text/xml;application/xhtml+xml;application/vnd.mozilla.xul+xml;text/mml;application/x-xpinstall;x-scheme-handler/http;x-scheme-handler/https; Type=Application @@ -67,8 +88,7 @@ Name[az]=Yeni Pəncərə Name[be]=Новае акно Name[bg]=Нов прозорец -Name[bn_BD]=নতুন উইন্ডো (N) -Name[bn_IN]=নতুন উইন্ডো +Name[bn]=নতুন উইন্ডো (N) Name[br]=Prenestr nevez Name[brx]=गोदान उइन्ड'(N) Name[bs]=Novi prozor @@ -80,37 +100,30 @@ Name[de]=Neues Fenster Name[dsb]=Nowe wokno Name[el]=Νέο παράθυρο -Name[en_GB]=New Window -Name[en_US]=New Window -Name[en_ZA]=New Window Name[eo]=Nova fenestro -Name[es_AR]=Nueva ventana -Name[es_CL]=Nueva ventana -Name[es_ES]=Nueva ventana -Name[es_MX]=Nueva ventana +Name[es]=Nueva Ventana Name[et]=Uus aken Name[eu]=Leiho berria Name[fa]=پنجره جدید Name[ff]=Henorde Hesere Name[fi]=Uusi ikkuna Name[fr]=Nouvelle fenêtre -Name[fy_NL]=Nij finster -Name[ga_IE]=Fuinneog Nua +Name[fy]=Nij finster +Name[ga]=Fuinneog Nua Name[gd]=Uinneag ùr Name[gl]=Nova xanela Name[gn]=Ovetã pyahu -Name[gu_IN]=નવી વિન્ડો +Name[gu]=નવી વિન્ડો Name[he]=חלון חדש -Name[hi_IN]=नया विंडो +Name[hi]=नया विंडो Name[hr]=Novi prozor Name[hsb]=Nowe wokno Name[hu]=Új ablak -Name[hy_AM]=Նոր Պատուհան +Name[hy]=Նոր Պատուհան Name[id]=Jendela Baru Name[is]=Nýr gluggi Name[it]=Nuova finestra Name[ja]=新しいウィンドウ -Name[ja_JP-mac]=新規ウインドウ Name[ka]=ახალი ფანჯარა Name[kk]=Жаңа терезе Name[km]=បង្អួចថ្មី @@ -129,15 +142,14 @@ Name[mr]=नवीन पटल Name[ms]=Tetingkap Baru Name[my]=ဝင်းဒိုးအသစ် -Name[nb_NO]=Nytt vindu -Name[ne_NP]=नयाँ सञ्झ्याल +Name[nb]=Nytt Vindu +Name[ne]=नयाँ सञ्झ्याल Name[nl]=Nieuw venster -Name[nn_NO]=Nytt vindauge +Name[nn]=Nytt vindauge Name[or]=ନୂତନ ୱିଣ୍ଡୋ -Name[pa_IN]=ਨਵੀਂ ਵਿੰਡੋ Name[pl]=Nowe okno +Name[pt]=Nova janela Name[pt_BR]=Nova janela -Name[pt_PT]=Nova janela Name[rm]=Nova fanestra Name[ro]=Fereastră nouă Name[ru]=Новое окно @@ -148,7 +160,7 @@ Name[son]=Zanfun taaga Name[sq]=Dritare e Re Name[sr]=Нови прозор -Name[sv_SE]=Nytt fönster +Name[sv]=Nytt fönster Name[ta]=புதிய சாளரம் Name[te]=కొత్త విండో Name[th]=หน้าต่างใหม่ @@ -162,25 +174,24 @@ Name[xh]=Ifestile entsha Name[zh_CN]=新建窗口 Name[zh_TW]=開新視窗 -Exec=%EXEC --new-window %u +Exec=firefox-esr --new-window %u [Desktop Action PrivateBrowsing] Name=New Private Browsing Window Name[ach]=Dirica manyen me mung Name[af]=Nuwe privaatvenster Name[an]=Nueva finestra privada -Name[ar]=نافذة خاصة جديدة +Name[ar]=نافذة تصفح خاصة الجديدة Name[as]=নতুন ব্যক্তিগত উইন্ডো Name[ast]=Ventana privada nueva Name[az]=Yeni Məxfi Pəncərə Name[be]=Новае акно адасаблення Name[bg]=Нов прозорец за поверително сърфиране -Name[bn_BD]=নতুন ব্যক্তিগত উইন্ডো -Name[bn_IN]=নতুন ব্যক্তিগত উইন্ডো +Name[bn]=নতুন ব্যক্তিগত উইন্ডো Name[br]=Prenestr merdeiñ prevez nevez Name[brx]=गोदान प्राइभेट उइन्ड' Name[bs]=Novi privatni prozor -Name[ca]=Finestra privada nova +Name[ca]=Finestra de navegació privada nova Name[cak]=K'ak'a' ichinan tzuwäch Name[cs]=Nové anonymní okno Name[cy]=Ffenestr Breifat Newydd @@ -188,37 +199,30 @@ Name[de]=Neues privates Fenster Name[dsb]=Nowe priwatne wokno Name[el]=Νέο παράθυρο ιδιωτικής περιήγησης -Name[en_GB]=New Private Window -Name[en_US]=New Private Window -Name[en_ZA]=New Private Window Name[eo]=Nova privata fenestro -Name[es_AR]=Nueva ventana privada -Name[es_CL]=Nueva ventana privada -Name[es_ES]=Nueva ventana privada -Name[es_MX]=Nueva ventana privada +Name[es]=Nueva Ventana de Navegación Privada Name[et]=Uus privaatne aken Name[eu]=Leiho pribatu berria Name[fa]=پنجره ناشناس جدید Name[ff]=Henorde Suturo Hesere Name[fi]=Uusi yksityinen ikkuna Name[fr]=Nouvelle fenêtre de navigation privée -Name[fy_NL]=Nij priveefinster -Name[ga_IE]=Fuinneog Nua Phríobháideach +Name[fy]=Nij priveefinster +Name[ga]=Fuinneog Nua Phríobháideach Name[gd]=Uinneag phrìobhaideach ùr -Name[gl]=Nova xanela privada +Name[gl]=Nova xanela de navegación privada Name[gn]=Ovetã ñemi pyahu -Name[gu_IN]=નવી ખાનગી વિન્ડો +Name[gu]=નવી ખાનગી વિન્ડો Name[he]=חלון פרטי חדש -Name[hi_IN]=नयी निजी विंडो +Name[hi]=नयी निजी विंडो Name[hr]=Novi privatni prozor Name[hsb]=Nowe priwatne wokno Name[hu]=Új privát ablak -Name[hy_AM]=Սկսել Գաղտնի դիտարկում +Name[hy]=Սկսել Գաղտնի դիտարկում Name[id]=Jendela Mode Pribadi Baru Name[is]=Nýr huliðsgluggi Name[it]=Nuova finestra anonima Name[ja]=新しいプライベートウィンドウ -Name[ja_JP-mac]=新規プライベートウインドウ Name[ka]=ახალი პირადი ფანჯარა Name[kk]=Жаңа жекелік терезе Name[km]=បង្អួចឯកជនថ្មី @@ -236,16 +240,14 @@ Name[ml]=പുതിയ സ്വകാര്യ ജാലകം Name[mr]=नवीन वैयक्तिक पटल Name[ms]=Tetingkap Persendirian Baharu -Name[my]=New Private Window -Name[nb_NO]=Nytt privat vindu -Name[ne_NP]=नयाँ निजी सञ्झ्याल +Name[nb]=Nytt privat nettlesingsvindu +Name[ne]=नयाँ निजी सञ्झ्याल Name[nl]=Nieuw privévenster -Name[nn_NO]=Nytt privat vindauge +Name[nn]=Nytt privat vindauge Name[or]=ନୂତନ ବ୍ୟକ୍ତିଗତ ୱିଣ୍ଡୋ -Name[pa_IN]=ਨਵੀਂ ਪ੍ਰਾਈਵੇਟ ਵਿੰਡੋ Name[pl]=Nowe okno prywatne +Name[pt]=Nova janela privada Name[pt_BR]=Nova janela privativa -Name[pt_PT]=Nova janela privada Name[rm]=Nova fanestra privata Name[ro]=Fereastră privată nouă Name[ru]=Новое приватное окно @@ -256,7 +258,7 @@ Name[son]=Sutura zanfun taaga Name[sq]=Dritare e Re Private Name[sr]=Нови приватан прозор -Name[sv_SE]=Nytt privat fönster +Name[sv]=Nytt privat surfningsfönster Name[ta]=புதிய தனிப்பட்ட சாளரம் Name[te]=కొత్త ఆంతరంగిక విండో Name[th]=หน้าต่างส่วนตัวใหม่ @@ -270,14 +272,23 @@ Name[xh]=Ifestile yangasese entsha Name[zh_CN]=新建隐私浏览窗口 Name[zh_TW]=新增隱私視窗 -Exec=%EXEC --private-window %u +Exec=firefox-esr --private-window %u [Desktop Action ProfileManager] Name=Profile Manager +Name[ca]=Gestor de perfils Name[cs]=Správa profilů Name[de]=Profilmanager +Name[es]=Gestor de Perfiles Name[fr]=Gestionnaire de profil +Name[gl]=Xestor de perfís +Name[ja]=プロファイルマネージャ +Name[ka]=პროფილების მმართველი +Name[nb]=Profilbehandler Name[ru]=Менеджер профилей +Name[sk]=Správca profilov +Name[sv]=Profilhanterare +Name[tr]=Profil Yöneticisi Name[uk]=Менеджер профілів -Exec=%EXEC --ProfileManager +Exec=firefox-esr --ProfileManager ++++++ MozillaFirefox.desktop.in.in ++++++ [Desktop Entry] Encoding=UTF-8 _Name=%NAME _GenericName=Web Browser _Comment=Browse the Web TryExec=%EXEC Exec=%EXEC %u Icon=%ICON Terminal=false StartupNotify=true Categories=Network;WebBrowser;GTK; MimeType=text/html;text/xml;application/xhtml+xml;application/vnd.mozilla.xul+xml;text/mml;application/x-xpinstall;x-scheme-handler/http;x-scheme-handler/https; Type=Application Actions=new-window;PrivateBrowsing;ProfileManager [Desktop Action new-window] _Name=New Window Exec=%EXEC --new-window %u [Desktop Action PrivateBrowsing] _Name=New Private Browsing Window Exec=%EXEC --private-window %u [Desktop Action ProfileManager] _Name=Profile Manager Exec=%EXEC --ProfileManager ++++++ _constraints ++++++ --- /var/tmp/diff_new_pack.2hOU6x/_old 2025-07-23 16:36:17.790617020 +0200 +++ /var/tmp/diff_new_pack.2hOU6x/_new 2025-07-23 16:36:17.790617020 +0200 @@ -44,7 +44,7 @@ </conditions> <hardware> <physicalmemory> - <size unit="G">8</size> + <size unit="G">12</size> </physicalmemory> </hardware> </overwrite> @@ -54,7 +54,7 @@ </conditions> <hardware> <physicalmemory> - <size unit="G">14</size> + <size unit="G">15</size> </physicalmemory> </hardware> </overwrite> ++++++ create-tar.sh ++++++ --- /var/tmp/diff_new_pack.2hOU6x/_old 2025-07-23 16:36:17.806617643 +0200 +++ /var/tmp/diff_new_pack.2hOU6x/_new 2025-07-23 16:36:17.810617799 +0200 @@ -26,8 +26,6 @@ printf "%-40s: User forced skip (SKIP_LOCALES set)\n" "locales" fi - update_key_file - clean_up_old_tarballs } @@ -84,13 +82,11 @@ TB_LOCALE_TARBALL="$PRODUCT-$VERSION$VERSION_SUFFIX.strings_all.tar.zst" fi FTP_URL="https://ftp.mozilla.org/pub/$PRODUCT/releases/$VERSION$VERSION_SUFFIX/source"; - KEY_FTP_URL="https://ftp.mozilla.org/pub/$PRODUCT/releases/$VERSION$VERSION_SUFFIX/KEY"; FTP_CANDIDATES_BASE_URL="https://ftp.mozilla.org/pub/%s/candidates"; LOCALES_URL="https://product-details.mozilla.org/1.0/l10n"; FF_L10N_MONOREPO="https://github.com/mozilla-l10n/firefox-l10n"; PRODUCT_URL="https://product-details.mozilla.org/1.0"; ALREADY_EXTRACTED_LOCALES_FILE=0 - PARSED_CANDIDATES_URL="" } function get_ftp_candidates_url() { @@ -370,8 +366,7 @@ if ! wget --quiet --show-progress --progress=bar "$FTP_URL/$upstream_file"; then local CANDIDATE_TARBALL_LOCATION="" - PARSED_CANDIDATES_URL="$(printf "%s/%s" "$(get_ftp_candidates_url "$PRODUCT" "$VERSION$VERSION_SUFFIX")" "$BUILD_ID")" - CANDIDATE_TARBALL_LOCATION="$(printf "%s/source/%s" "$PARSED_CANDIDATES_URL" "$upstream_file" )" + CANDIDATE_TARBALL_LOCATION="$(printf "%s/%s/source/%s" "$(get_ftp_candidates_url "$PRODUCT" "$VERSION$VERSION_SUFFIX")" "$BUILD_ID" "$upstream_file" )" wget --quiet --show-progress --progress=bar "$CANDIDATE_TARBALL_LOCATION" fi } @@ -577,32 +572,5 @@ fi } -function update_key_file() { - if [ -e "mozilla.keyring" ]; then - local UPSTREAM_KEYFILE="" - if [ -z "$PARSED_CANDIDATES_URL" ]; then - local UPSTREAM_KEYFILE=$(curl --silent --fail "$KEY_FTP_URL"); - else - CANDIDATES_KEY_URL="$(printf "%s/KEY" "$PARSED_CANDIDATES_URL")" - local UPSTREAM_KEYFILE=$(curl --silent --fail "$CANDIDATES_KEY_URL"); - fi - if [ -z "$UPSTREAM_KEYFILE" ]; then - echo "Failed to get upstream keyfile. Skipping." - return - fi - diff -y --suppress-common-lines -d <(cat mozilla.keyring) <(echo "$UPSTREAM_KEYFILE") > /dev/null - local KEYRING_CHANGED=$? - echo "" - if [ $KEYRING_CHANGED -eq 1 ]; then - echo "Keyring changed. Updating it." - echo "$UPSTREAM_KEYFILE" > mozilla.keyring - else - echo "Keyring did not change." - fi - else - echo "No local keyring found. Skipping keyring-check." - fi -} - main "$@" ++++++ firefox-128.12.0esr.source.tar.xz -> firefox-140.1.0esr.source.tar.xz ++++++ /work/SRC/openSUSE:Factory/firefox-esr/firefox-128.12.0esr.source.tar.xz /work/SRC/openSUSE:Factory/.firefox-esr.new.8875/firefox-140.1.0esr.source.tar.xz differ: char 15, line 1 ++++++ firefox-branded-icons.patch ++++++ --- /var/tmp/diff_new_pack.2hOU6x/_old 2025-07-23 16:36:17.850619356 +0200 +++ /var/tmp/diff_new_pack.2hOU6x/_new 2025-07-23 16:36:17.850619356 +0200 @@ -1,6 +1,6 @@ # HG changeset patch # Parent e0751ad74e835e80041a61ea00c2a63bf6fbe2de -# Parent ebf6598a9309200fcea0cedb08e39161b82a73f9 +# Parent 9309f1ac14b7173985576932c01874184be1dcf9 diff --git a/browser/branding/branding-common.mozbuild b/browser/branding/branding-common.mozbuild --- a/browser/branding/branding-common.mozbuild @@ -24,11 +24,11 @@ diff --git a/browser/installer/package-manifest.in b/browser/installer/package-manifest.in --- a/browser/installer/package-manifest.in +++ b/browser/installer/package-manifest.in -@@ -216,20 +216,23 @@ +@@ -221,20 +221,23 @@ + ; [Browser Chrome Files] + @RESPATH@/browser/chrome.manifest @RESPATH@/browser/chrome/browser@JAREXT@ @RESPATH@/browser/chrome/browser.manifest - @RESPATH@/chrome/pdfjs.manifest - @RESPATH@/chrome/pdfjs/* @RESPATH@/chrome/toolkit@JAREXT@ @RESPATH@/chrome/toolkit.manifest #ifdef MOZ_GTK @@ -41,11 +41,11 @@ @RESPATH@/browser/chrome/icons/default/default128.png +@RESPATH@/browser/chrome/icons/default/default256.png #endif - @RESPATH@/browser/features/* ; [DevTools Startup Files] @RESPATH@/browser/chrome/devtools-startup@JAREXT@ @RESPATH@/browser/chrome/devtools-startup.manifest ; DevTools + @RESPATH@/browser/chrome/devtools@JAREXT@ ++++++ firefox-esr.changes.txt ++++++ --- /var/tmp/diff_new_pack.2hOU6x/_old 2025-07-23 16:36:17.886620758 +0200 +++ /var/tmp/diff_new_pack.2hOU6x/_new 2025-07-23 16:36:17.894621070 +0200 @@ -1,11 +1,243 @@ ------------------------------------------------------------------- -Mon Jun 23 09:12:47 UTC 2025 - Manfred Hollstein <manfre...@gmx.net> +Tue Jul 22 15:02:34 UTC 2025 - Manfred Hollstein <manfre...@gmx.net> -- Firefox Extended Support Release 128.12.0 ESR +- Avoid file conflict with MozillaFirefox regarding + firefox-search-provider.ini; assume MozillaFirefox gets installed + anyway, so omit traces here. Add Recommends: MozillaFirefox for + this. + +------------------------------------------------------------------- +Sat Jul 19 08:56:15 UTC 2025 - Manfred Hollstein <manfre...@gmx.net> + +- Firefox Extended Support Release 140.1.0 ESR * Fixed: Various security fixes. -- Mozilla Firefox ESR 128.12.0 - https://www.mozilla.org/security/advisories/mfsa2025-53 - MFSA 2025-53 (boo#1244670) +- Mozilla Firefox ESR 140.1.0 + https://www.mozilla.org/security/advisories/mfsa2025-59 + MFSA 2025-59 (boo#1246664) + * CVE-2025-8027 (bmo#1968423) + JavaScript engine only wrote partial return value to stack + * CVE-2025-8028 (bmo#1971581) + Large branch table could lead to truncated instruction + * CVE-2025-8029 (bmo#1928021) + javascript: URLs executed on object and embed tags + * CVE-2025-8036 (bmo#1960834) + DNS rebinding circumvents CORS + * CVE-2025-8037 (bmo#1964767) + Nameless cookies shadow secure cookies + * CVE-2025-8030 (bmo#1968414) + Potential user-assisted code execution in “Copy as cURL” + command + * CVE-2025-8031 (bmo#1971719) + Incorrect URL stripping in CSP reports + * CVE-2025-8032 (bmo#1974407) + XSLT documents could bypass CSP + * CVE-2025-8038 (bmo#1808979) + CSP frame-src was not correctly enforced for paths + * CVE-2025-8039 (bmo#1970997) + Search terms persisted in URL bar + * CVE-2025-8033 (bmo#1973990) + Incorrect JavaScript state machine for generators + * CVE-2025-8034 (bmo#1970422, bmo#1970422, bmo#1970422, + bmo#1970422) + Memory safety bugs fixed in Firefox ESR 115.26, Firefox ESR + 128.13, Thunderbird ESR 128.13, Firefox ESR 140.1, + Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141 + * CVE-2025-8040 (bmo#1975058, bmo#1975058, bmo#1975998, + bmo#1975998) + Memory safety bugs fixed in Firefox ESR 140.1, Thunderbird + ESR 140.1, Firefox 141 and Thunderbird 141 + * CVE-2025-8035 (bmo#1975961, bmo#1975961, bmo#1975961) + Memory safety bugs fixed in Firefox ESR 128.13, Thunderbird + ESR 128.13, Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox + 141 and Thunderbird 141 + +------------------------------------------------------------------- +Mon Jun 23 09:15:00 UTC 2025 - Manfred Hollstein <manfre...@gmx.net> + +- Firefox Extended Support Release 140.0esr ESR + * New: ###General + - Reader View now has an enhanced Text and Layout menu with + new options for character spacing, word spacing, and text + alignment. These changes offer a more accessible reading + experience. + - Reader View now has a Theme menu with additional Contrast + and Gray options. You can also select custom colors for text, + background, and links from the Custom tab. + - Firefox will now offer to temporarily remember when users + grant permissions to sites (e.g. geolocation). Temporary + permissions will be removed either after one hour or when the + tab is closed. + - Firefox now includes safeguards to prevent sites from + abusing the history API by generating excessive history + entries, which can make navigating with the back and forward + buttons difficult by cluttering the history. This + intervention ensures that such entries, unless interacted + with by the user, are skipped when using the back and forward + buttons. + - Firefox now identifies all links in PDFs and turns them + into hyperlinks. + - You can now copy links from background tabs using the + tabstrip context menu on macOS and Linux. + - Users on macOS and Linux are now given the option to close + only the current tab if the Quit keyboard shortcut is used + while multiple tabs are open in the window. + * New: ###Sidebar and Tabs + - You can now enable the updated Firefox sidebar in Settings + > General > Browser Layout to quickly access multiple tools + in one click, without leaving your main view. Sidebar tools + include an AI chatbot of your choice, bookmarks, history, and + tabs from devices you sync with your Mozilla account. + - Keep a lot of tabs open? Try our new vertical tabs layout + to quickly scan your list of tabs. With vertical tabs, your + open and pinned tabs appear in the sidebar instead of along + the top of the browser. To turn on vertical tabs, right-click + on the toolbar near the top of the browser and select Turn on + Vertical Tabs. If you’ve enabled the updated sidebar, you can + also go to Customize sidebar and check Vertical tabs. Early + testers report feeling more organized after using vertical + tabs for a few days. + - Stay productive and organized with less effort by grouping + related tabs together. One simple way to create a group is to + drag a tab onto another, pause until you see a highlight, + then drop to create the group. Tab groups can be named, + color-coded, and are always saved. You can close a group and + reopen it later. + - A tab preview is now displayed when hovering the mouse over + background tabs, making it easier to locate the desired tab + without needing to switch tabs. + - The sidebar to view tabs from other devices can now be + opened via the Tab overview menu. + * New: ###Security & Privacy + - HTTPS is replacing HTTP as the default protocol in the + address bar on non-local sites. If a site is not available + via HTTPS, Firefox will fall back to HTTP. + - Firefox now blocks third-party cookie access when Enhanced + Tracking Protection's Strict mode is enabled. + - Firefox now has a new anti-tracking feature, Bounce + Tracking Protection, which is now available in Enhanced + Tracking Protection's "Strict" mode. This feature detects + bounce trackers based on their redirect behavior and + periodically purges their cookies and site data to block + tracking. + - Firefox now enforces certificate transparency, requiring + web servers to provide sufficient proof that their + certificates were publicly disclosed before they will be + trusted. This only affects servers using certificates issued + by a certificate authority in Mozilla's Root CA Program. + - Smartblock Embeds allows users to selectively unblock + certain social media embeds that are blocked in ETP Strict + and Private Browsing modes. Currently, support is limited to + a few embed types, with more to be added in future updates. + - Firefox now upgrades page loads to HTTPS by default and + gracefully falls back to HTTP if the secure connection fails. + This behavior is known as HTTPS-First. + - The "Copy Without Site Tracking" menu item was renamed to + "Copy Clean Link" to help clarify expectations around what + the feature does. "Copy Clean Link" is a list based approach + to remove - known tracking parameters from links. This option + can also now be used on plain text links. + - The Clear browsing data and cookies dialog now allows + clearing saved form info separately from browsing history. + * New: ###Translations + - Firefox now allows translating selected text portions to + different languages after a full-page translation. + - Full-Page Translations are now available within Firefox + extension pages that start with the moz-extension:// URL + scheme. + - When suggesting a default translation language, Firefox + will now take into consideration languages you have + previously used for translations. + - Added support for many new languages in Firefox + translation. + * New: ###Windows + - Canvas2D switched from Direct2D to a platform independent + acceleration backend on Windows. + - Hardware-accelerated playback of HEVC video content is now + supported on Windows. + - Firefox on Windows 11 now uses acrylic-style menus for + popup windows, which better match the operating system’s + aesthetic. + * New: ###macOS + - Added support for multiple languages in the same document + spoken in macOS VoiceOver. + - The macOS session resume feature has been enhanced. Firefox + will now automatically relaunch if it was open before a + system restart, like after an OS update. + - The macOS DMG installer packages now use LZMA for + compression, reducing download size and installation time. + - Due to recent changes in macOS Sequoia, the shortcut for + completing search strings to .com addresses has been changed + from Ctrl+Enter to Cmd+Enter. + * New: ###Linux + - Firefox now supports touchpad hold gestures on Linux. This + means that kinetic (momentum) scrolling can now be + interrupted by placing two fingers on the touchpad. + * Developer: - Firefox now supports text fragments, which + allows users to link directly to a specific portion of text + in a web document via a special URL fragment. + - Debugger log-point values are now automatically converted + into profiler markers, making it easy to add information to + the marker timeline directly from the Debugger. + - The Debugger's directory root is now scoped to the specific + domain where it was set, which aligns with typical usage and + avoids applying it across unrelated domains. This builds on + previous improvements such as a redesigned UI and easier + removal of the root setting. Setting a directory root updates + the Source List to show only the selected directory and its + children. (Learn more) + - The Network Blocking feature in the Network panel now + blocks HTTP requests in addition to blocking responses. + - The Network panel displays information about Early Hints, + including a dedicated indicator for the 103 HTTP status code + in the user interface. + - The Network panel now allows overriding network request + responses with local files. + - The filter setting in the Network panel is now preserved + across DevTools Toolbox sessions. + - A new column has been added to the Network panel to display + the full path of the request URL. This enhancement makes + helps developers quickly view and analyze complete request + paths. + - Introduced a new console command `$$$` that allows + searching the page, including within shadow roots. + - Improved support for debugging web extensions, such as + automatically reloading the web extension's source code in + the Debugger when the extension is reloaded. Workers are now + available in the Console panel’s context selector and + breakpoints function correctly in content scripts. + - In the Inspector Fonts panel, we now display fonts + metadata, like the font version, designer, vendor, license, + etc. + - Added support for the import map integrity field, allowing + you to ensure the integrity of dynamically or statically + imported modules. + - Implemented support for `Error.isError`, enabling brand + checks to determine whether an object is an instance of + Error. (Learn more) + - Added support for the `error.captureStackTrace` extension + to improve compatibility with other browsers. (Learn more) + [5]: http://github.com/tc39/proposal-error- + capturestacktrace + * Enterprise: - The UserMessaging policy has been updated with + a new option to allow disabling Firefox Labs in preferences. + - The Preferences policy has been updated to allow setting + the preference security.pki.certificate_transparency.mode. + - HTTPS-First is now on by default. You can manage this + behavior using the HttpsOnlyMode and HttpAllowlist policies. + - An internal change has been made to Firefox that removes + `XPCOMUtils.defineLazyGetter`. For most people, this + shouldn't matter, but if you encounter problems with + AutoConfig or third party software like PolicyPak, this might + be the cause. You'll need to reach out to your provider. + - Firefox now supports the Content Analysis SDK for + integrating DLP software. For more information, see this + post. + - The SearchEngines policy is now available on all versions + of Firefox (not just the ESR). + * Fixed: Various security fixes. +- Mozilla Firefox ESR 140.0 + https://www.mozilla.org/security/advisories/mfsa2025-51 + MFSA 2025-51 (boo#1244670) * CVE-2025-6424 (bmo#1966423) Use-after-free in FontFaceSet * CVE-2025-6425 (bmo#1717672) @@ -13,19 +245,38 @@ persistent UUID * CVE-2025-6426 (bmo#1964385) No warning when opening executable terminal files on macOS + * CVE-2025-6427 (bmo#1966927) + connect-src Content Security Policy restriction could be + bypassed + * CVE-2025-6428 (bmo#1970151) + Firefox for Android opened URLs specified in a link + querystring parameter * CVE-2025-6429 (bmo#1970658) Incorrect parsing of URLs could have allowed embedding of youtube.com * CVE-2025-6430 (bmo#1971140) Content-Disposition header ignored when a file is included in an embed or object tag - -------------------------------------------------------------------- -Tue Jun 17 08:18:37 UTC 2025 - Manfred Hollstein <manfre...@gmx.net> - -- Use these tools/versions unconditionally, package won't build on - Tumbleweed with new gcc15 otherwise: - gcc14, gcc14-c++, cargo1.84, rust1.84 + * CVE-2025-6431 (bmo#1942716) + The prompt in Firefox for Android that asks before opening a + link in an external application could be bypassed + * CVE-2025-6432 (bmo#1943804) + DNS Requests leaked outside of a configured SOCKS proxy + * CVE-2025-6433 (bmo#1954033) + WebAuthn would allow a user to sign a challenge on a webpage + with an invalid TLS certificate + * CVE-2025-6434 (bmo#1955182) + HTTPS-Only exception screen lacked anti-clickjacking delay + * CVE-2025-6435 (bmo#1950056, bmo#1961777) + Save as in Devtools could download files without sanitizing + the extension + * CVE-2025-6436 (bmo#1941377, bmo#1960948, bmo#1966187, + bmo#1966505, bmo#1970764) + Memory safety bugs fixed in Firefox 140 and Thunderbird 140 +- Requires: + NSS >= 3.112 + cargo/rust 1.86 + rust-cbindgen >= 0.28 ------------------------------------------------------------------- Sun Jun 8 14:58:17 UTC 2025 - Bernhard Wiedemann <bwiedem...@suse.com> @@ -431,6 +682,11 @@ Thunderbird 131, and Thunderbird 128.3 ------------------------------------------------------------------- +Wed Sep 4 03:11:13 UTC 2024 - pallas wept <pallasw...@proton.me> + +- Added mozilla-bmo1746799.patch to fix incorrect audio volume scaling + +------------------------------------------------------------------- Tue Sep 3 05:21:00 UTC 2024 - Manfred Hollstein <manfre...@gmx.net> - Firefox Extended Support Release 128.2.0 ESR ++++++ l10n-128.12.0esr.tar.xz -> l10n-140.1.0esr.tar.xz ++++++ /work/SRC/openSUSE:Factory/firefox-esr/l10n-128.12.0esr.tar.xz /work/SRC/openSUSE:Factory/.firefox-esr.new.8875/l10n-140.1.0esr.tar.xz differ: char 15, line 1 ++++++ mozilla-bmo1504834-part1.patch ++++++ --- /var/tmp/diff_new_pack.2hOU6x/_old 2025-07-23 16:36:17.982624497 +0200 +++ /var/tmp/diff_new_pack.2hOU6x/_new 2025-07-23 16:36:17.986624652 +0200 @@ -1,12 +1,16 @@ # HG changeset patch -# Parent 9fcbd287056a40084b1e679f787bf683b291f323 +# Parent e31f5228a09ed69d7ac3c84e54f0faa6a5910ae0 Taken from https://bugzilla.mozilla.org/show_bug.cgi?id=1504834 -Index: firefox-128.0/gfx/2d/DrawTargetSkia.cpp -=================================================================== ---- firefox-128.0.orig/gfx/2d/DrawTargetSkia.cpp -+++ firefox-128.0/gfx/2d/DrawTargetSkia.cpp -@@ -156,7 +156,8 @@ static IntRect CalculateSurfaceBounds(co +diff --git a/gfx/2d/DrawTargetSkia.cpp b/gfx/2d/DrawTargetSkia.cpp +--- a/gfx/2d/DrawTargetSkia.cpp ++++ b/gfx/2d/DrawTargetSkia.cpp +@@ -155,17 +155,18 @@ static IntRect CalculateSurfaceBounds(co + if (!sampledBounds.ToIntRect(&bounds)) { + return surfaceBounds; + } + + return surfaceBounds.Intersect(bounds); } static const int kARGBAlphaOffset = @@ -16,11 +20,20 @@ static bool VerifyRGBXFormat(uint8_t* aData, const IntSize& aSize, const int32_t aStride, SurfaceFormat aFormat) { -Index: firefox-128.0/gfx/2d/Types.h -=================================================================== ---- firefox-128.0.orig/gfx/2d/Types.h -+++ firefox-128.0/gfx/2d/Types.h -@@ -89,18 +89,11 @@ enum class SurfaceFormat : int8_t { + if (aFormat != SurfaceFormat::B8G8R8X8 || aSize.IsEmpty()) { + return true; + } + // We should've initialized the data to be opaque already + // On debug builds, verify that this is actually true. +diff --git a/gfx/2d/Types.h b/gfx/2d/Types.h +--- a/gfx/2d/Types.h ++++ b/gfx/2d/Types.h +@@ -94,28 +94,21 @@ enum class SurfaceFormat : int8_t { + // this format. + HSV, + Lab, + Depth, + // This represents the unknown format. UNKNOWN, // TODO: Replace uses with Maybe<SurfaceFormat>. @@ -42,11 +55,20 @@ // The following values are OS and endian-independent synonyms. // -Index: firefox-128.0/gfx/skia/skia/modules/skcms/skcms.cc -=================================================================== ---- firefox-128.0.orig/gfx/skia/skia/modules/skcms/skcms.cc -+++ firefox-128.0/gfx/skia/skia/modules/skcms/skcms.cc -@@ -31,6 +31,8 @@ + // TODO(aosmond): When everything blocking bug 1581828 has been resolved, we + // can make this use R8B8G8A8 and R8B8G8X8 for non-Windows platforms. + OS_RGBA = A8R8G8B8_UINT32, + OS_RGBX = X8R8G8B8_UINT32 + }; +diff --git a/gfx/skia/skia/modules/skcms/skcms.cc b/gfx/skia/skia/modules/skcms/skcms.cc +--- a/gfx/skia/skia/modules/skcms/skcms.cc ++++ b/gfx/skia/skia/modules/skcms/skcms.cc +@@ -26,16 +26,18 @@ + // it'd be a lot slower. But we want all those headers included so we + // can use their features after runtime checks later. + #include <smmintrin.h> + #include <avxintrin.h> + #include <avx2intrin.h> #include <avx512fintrin.h> #include <avx512dqintrin.h> #endif @@ -55,7 +77,17 @@ #endif using namespace skcms_private; -@@ -324,20 +326,28 @@ enum { + + static bool sAllowRuntimeCPUDetection = true; + + void skcms_DisableRuntimeCPUDetection() { + sAllowRuntimeCPUDetection = false; +@@ -319,30 +321,38 @@ enum { + skcms_Signature_sf32 = 0x73663332, + // XYZ is also a PCS signature, so it's defined in skcms.h + // skcms_Signature_XYZ = 0x58595A20, + }; + static uint16_t read_big_u16(const uint8_t* ptr) { uint16_t be; memcpy(&be, ptr, sizeof(be)); @@ -90,4 +122,9 @@ #endif } + static int32_t read_big_i32(const uint8_t* ptr) { + return (int32_t)read_big_u32(ptr); + } + + static float read_big_fixed(const uint8_t* ptr) { ++++++ mozilla-bmo1746799.patch ++++++ >From 535dc3c97fd19a30a329a188786998ae00cdf017 Mon Sep 17 00:00:00 2001 From: andrew <and...@arobeia.co.uk> Date: Thu, 23 Dec 2021 16:18:30 +0000 Subject: [PATCH] Map linearly from cubeb volume to pa volume Fixes incorrect volume mapping. Rebased to current SUSE sources and updated checksums Wed Sep 04 00:00:00 2024 diff --git a/third_party/rust/cubeb-pulse/.cargo-checksum.json b/third_party/rust/cubeb-pulse/.cargo-checksum.json --- a/third_party/rust/cubeb-pulse/.cargo-checksum.json +++ b/third_party/rust/cubeb-pulse/.cargo-checksum.json @@ -1,1 +1,1 @@ -{"files":{".editorconfig":"bf047bd1da10cabb99eea666d1e57c321eba4716dccb3e4ed0e2c5fe3ca53858",".github/workflows/build.yml":"477366d58c9dc059dbe4a158a6e910f23a3e9ecac7411f73616e06375583b764","AUTHORS":"0e0ac930a68ce2f6b876126b195add177f0d3886facb9260f4d9b69f1988f0cc","Cargo.toml":"37491c1b911bcedf99e624fbfb100aa6ecaa357d0d048dc9ff0da341d35f687c","LICENSE":"44c6b5ae5ec3fe2fbc608b00e6f4896f4d2d5c7e525fcbaa3eaa3cf2f3d5a983","README.md":"0079450bb4b013bac065ed1750851e461a3710ebad1f323817da1cb82db0bc4f","src/backend/context.rs":"c0db5f2447de1d6df5aa2812fa342a085e73156a072c221c7379b9a6a9b86786","src/backend/cork_state.rs":"4a0f1afc7d9f333dac89218cc56d7d32fbffb487cd48c1c9a4e03d79cb3b5e28","src/backend/intern.rs":"11ca424e4eb77f8eb9fd5a6717d1e791facf9743156a8534f0016fcf64d57b0f","src/backend/mod.rs":"dfb30ec497d6215e4535e936fea8fe3a407ef24dc1cec43b52c0ffa923d9229c","src/backend/stream.rs":"dfe5b747e100cae4aeae36cf2ebb9dc4715b411b4116721a40eec2944eb0ec23","src/capi.rs":"fa0fa020f0d0efe55aa0fc 3596405e8407bbe2cbe6c7a558345304e6da87994e","src/lib.rs":"b41bbdc562cbfb130ed7c1e53fe69944774f515705341d8ce48a2f82c8c0c2c5"},"package":null} \ No newline at end of file +{"files":{".editorconfig":"bf047bd1da10cabb99eea666d1e57c321eba4716dccb3e4ed0e2c5fe3ca53858",".github/workflows/build.yml":"477366d58c9dc059dbe4a158a6e910f23a3e9ecac7411f73616e06375583b764","AUTHORS":"0e0ac930a68ce2f6b876126b195add177f0d3886facb9260f4d9b69f1988f0cc","Cargo.toml":"37491c1b911bcedf99e624fbfb100aa6ecaa357d0d048dc9ff0da341d35f687c","LICENSE":"44c6b5ae5ec3fe2fbc608b00e6f4896f4d2d5c7e525fcbaa3eaa3cf2f3d5a983","README.md":"0079450bb4b013bac065ed1750851e461a3710ebad1f323817da1cb82db0bc4f","src/backend/context.rs":"c0db5f2447de1d6df5aa2812fa342a085e73156a072c221c7379b9a6a9b86786","src/backend/cork_state.rs":"4a0f1afc7d9f333dac89218cc56d7d32fbffb487cd48c1c9a4e03d79cb3b5e28","src/backend/intern.rs":"11ca424e4eb77f8eb9fd5a6717d1e791facf9743156a8534f0016fcf64d57b0f","src/backend/mod.rs":"dfb30ec497d6215e4535e936fea8fe3a407ef24dc1cec43b52c0ffa923d9229c","src/backend/stream.rs":"2dfc61c4eac69624558756d87283496d01f56f44bf311119eff0f1d124cd88f3","src/capi.rs":"fa0fa020f0d0efe55aa0fc 3596405e8407bbe2cbe6c7a558345304e6da87994e","src/lib.rs":"b41bbdc562cbfb130ed7c1e53fe69944774f515705341d8ce48a2f82c8c0c2c5"},"package":null} diff --git a/third_party/rust/cubeb-pulse/src/backend/stream.rs b/third_party/rust/cubeb-pulse/src/backend/stream.rs --- a/third_party/rust/cubeb-pulse/src/backend/stream.rs +++ b/third_party/rust/cubeb-pulse/src/backend/stream.rs @@ -760,18 +760,18 @@ impl<'ctx> StreamOps for PulseStream<'ct _ => pulse::SinkFlags::empty(), } }; if flags.contains(pulse::SinkFlags::FLAT_VOLUME) { self.volume = volume; } else { let channels = stm.get_sample_spec().channels; - let vol = pulse::sw_volume_from_linear(f64::from(volume)); - cvol.set(u32::from(channels), vol); + let vol = volume * (PA_VOLUME_NORM as f32); + cvol.set(u32::from(channels), vol as pa_volume_t); let index = stm.get_index(); let context_ptr = self.context as *const _ as *mut _; if let Ok(o) = context.set_sink_input_volume( index, &cvol, context_success, diff --git a/third_party/rust/pulse-ffi/.cargo-checksum.json b/third_party/rust/pulse-ffi/.cargo-checksum.json --- a/third_party/rust/pulse-ffi/.cargo-checksum.json +++ b/third_party/rust/pulse-ffi/.cargo-checksum.json @@ -1,1 +1,1 @@ -{"files":{"Cargo.toml":"f8cc9775a76c5fa246bb44a6a603bd0e7b2f0f068b4d9f40b68bac9ba777dd83","src/ffi_funcs.rs":"a16646c5e7c49e94b907a7a404cfcadf3007688005c689cca936f0c2ee2e28e6","src/ffi_types.rs":"2ca56bc3638a40d331e53117a5dd175d0a6e102b1e0eccb9c2adc565c6861a33","src/lib.rs":"6aff308de11954a067d0f6ef95bf3126aabb6d928a5191e91d9a38ebadba91c2"},"package":null} \ No newline at end of file +{"files":{"Cargo.toml":"f8cc9775a76c5fa246bb44a6a603bd0e7b2f0f068b4d9f40b68bac9ba777dd83","src/ffi_funcs.rs":"a16646c5e7c49e94b907a7a404cfcadf3007688005c689cca936f0c2ee2e28e6","src/ffi_types.rs":"f39a27712b17256583331f7ce5722413d0c7b51d73d8def8f50e839e23dfb411","src/lib.rs":"6aff308de11954a067d0f6ef95bf3126aabb6d928a5191e91d9a38ebadba91c2"},"package":null} diff --git a/third_party/rust/pulse-ffi/src/ffi_types.rs b/third_party/rust/pulse-ffi/src/ffi_types.rs --- a/third_party/rust/pulse-ffi/src/ffi_types.rs +++ b/third_party/rust/pulse-ffi/src/ffi_types.rs @@ -17,16 +17,21 @@ pub const PA_SAMPLE_S32BE: c_int = 8; pub const PA_SAMPLE_S24LE: c_int = 9; pub const PA_SAMPLE_S24BE: c_int = 10; pub const PA_SAMPLE_S24_32LE: c_int = 11; pub const PA_SAMPLE_S24_32BE: c_int = 12; pub const PA_SAMPLE_MAX: c_int = 13; pub const PA_SAMPLE_INVALID: c_int = -1; pub type pa_sample_format_t = c_int; +pub const PA_VOLUME_MUTED: c_uint = 0; +pub const PA_VOLUME_NORM: c_uint = 0x10000; +pub const PA_VOLUME_MAX: c_uint = 0x7fffffff; + + #[repr(C)] #[derive(Copy, Clone, Debug)] pub struct Struct_pa_sample_spec { pub format: pa_sample_format_t, pub rate: u32, pub channels: u8, } ++++++ mozilla-bmo531915.patch ++++++ # HG changeset patch # User Wolfgang Rosenauer <w...@rosenauer.org> # Parent fa8a5832a374ccd7af5db927b992b5d9f15273ef diff --git a/modules/fdlibm/src/math_private.h b/modules/fdlibm/src/math_private.h --- a/modules/fdlibm/src/math_private.h +++ b/modules/fdlibm/src/math_private.h @@ -25,19 +25,24 @@ #include "fdlibm.h" /* * Emulate FreeBSD internal double types. * Adapted from https://github.com/freebsd/freebsd-src/search?q=__double_t */ +#ifdef __i386__ +typedef long double __double_t; +typedef long double __float_t; +#else typedef double __double_t; +typedef float __float_t; +#endif typedef __double_t double_t; -typedef float __float_t; /* * The original fdlibm code used statements like: * n0 = ((*(int*)&one)>>29)^1; * index of high word * * ix0 = *(n0+(int*)&x); * high word of x * * ix1 = *((1-n0)+(int*)&x); * low word of x * * to dig two 32 bit words out of the 64 bit IEEE floating point * value. That is non-ANSI, and, moreover, the gcc instruction ++++++ mozilla-ntlm-full-path.patch ++++++ --- /var/tmp/diff_new_pack.2hOU6x/_old 2025-07-23 16:36:18.046626988 +0200 +++ /var/tmp/diff_new_pack.2hOU6x/_new 2025-07-23 16:36:18.046626988 +0200 @@ -1,19 +1,29 @@ # HG changeset patch # User Petr Cerny <pce...@novell.com> # Parent 7308e4a7c1f769f4bbbc90870b849cadd99495a6 -# Parent 1c6a565013e4c5f3494f964269783939cd5ed0b8 +# Parent 3399aced682c232525633755ff79b37a0be75548 Bug 634334 - call to the ntlm_auth helper fails diff --git a/extensions/auth/nsAuthSambaNTLM.cpp b/extensions/auth/nsAuthSambaNTLM.cpp --- a/extensions/auth/nsAuthSambaNTLM.cpp +++ b/extensions/auth/nsAuthSambaNTLM.cpp -@@ -160,7 +160,7 @@ nsresult nsAuthSambaNTLM::SpawnNTLMAuthH - const char* username = PR_GetEnv("USER"); - if (!username) return NS_ERROR_FAILURE; +@@ -148,17 +148,17 @@ nsresult nsAuthSambaNTLM::SpawnNTLMAuthH + } + + base::LaunchOptions options; + options.fds_to_remap.push_back( + std::pair{toChildPipeRead.get(), STDIN_FILENO}); + options.fds_to_remap.push_back( + std::pair{fromChildPipeWrite.get(), STDOUT_FILENO}); + +- std::vector<std::string> argvVec{"ntlm_auth", "--helper-protocol", ++ std::vector<std::string> argvVec{"/usr/bin/ntlm_auth", "--helper-protocol", + "ntlmssp-client-1", "--use-cached-creds", + "--username", username}; + + auto result = base::LaunchApp(argvVec, std::move(options), &mChildPID); + if (result.isErr()) { + return NS_ERROR_FAILURE; + } -- const char* const args[] = {"ntlm_auth", -+ const char* const args[] = {"/usr/bin/ntlm_auth", - "--helper-protocol", - "ntlmssp-client-1", - "--use-cached-creds", ++++++ mozilla-silence-no-return-type.patch ++++++ ++++ 1296 lines (skipped) ++++ between /work/SRC/openSUSE:Factory/firefox-esr/mozilla-silence-no-return-type.patch ++++ and /work/SRC/openSUSE:Factory/.firefox-esr.new.8875/mozilla-silence-no-return-type.patch ++++++ tar_stamps ++++++ --- /var/tmp/diff_new_pack.2hOU6x/_old 2025-07-23 16:36:18.126630104 +0200 +++ /var/tmp/diff_new_pack.2hOU6x/_new 2025-07-23 16:36:18.130630259 +0200 @@ -1,11 +1,11 @@ PRODUCT="firefox" -CHANNEL="esr128" -VERSION="128.12.0" +CHANNEL="esr140" +VERSION="140.1.0" VERSION_SUFFIX="esr" -PREV_VERSION="128.11.0" +PREV_VERSION="140.0" PREV_VERSION_SUFFIX="esr" #SKIP_LOCALES="" # Uncomment to skip l10n and compare-locales-generation -RELEASE_REPO="https://hg.mozilla.org/releases/mozilla-esr128"; -RELEASE_TAG="f3f836bf735d55fcfdf97dd3788f7952419dea1f" -RELEASE_TIMESTAMP="20250616190003" +RELEASE_REPO="https://hg.mozilla.org/releases/mozilla-esr140"; +RELEASE_TAG="0c53463d0e61c036c08be46403e896e174f2182e" +RELEASE_TIMESTAMP="20250714132824"
