Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package MozillaFirefox for openSUSE:Factory
checked in at 2023-09-29 11:43:11
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/MozillaFirefox (Old)
and /work/SRC/openSUSE:Factory/.MozillaFirefox.new.28202 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "MozillaFirefox"
Fri Sep 29 11:43:11 2023 rev:410 rq:1114282 version:118.0.1
Changes:
--------
--- /work/SRC/openSUSE:Factory/MozillaFirefox/MozillaFirefox.changes
2023-09-13 20:43:58.620828375 +0200
+++ /work/SRC/openSUSE:Factory/.MozillaFirefox.new.28202/MozillaFirefox.changes
2023-09-29 12:01:24.880678550 +0200
@@ -1,0 +2,38 @@
+Fri Sep 29 06:50:26 UTC 2023 - Wolfgang Rosenauer <w...@rosenauer.org>
+
+- Mozilla Firefox 118.0.1
+ MFSA 2023-44 (bsc#1215814)
+ * CVE-2023-5217 (bmo#1855550),
+ Heap buffer overflow in libvpx
+
+-------------------------------------------------------------------
+Mon Sep 25 06:35:49 UTC 2023 - Wolfgang Rosenauer <w...@rosenauer.org>
+
+- Mozilla Firefox 118.0
+ MFSA 2023-41 (bsc#1215575)
+ * CVE-2023-5168 (bmo#1846683)
+ Out-of-bounds write in FilterNodeD2D1
+ * CVE-2023-5169 (bmo#1846685)
+ Out-of-bounds write in PathOps
+ * CVE-2023-5170 (bmo#1846686)
+ Memory leak from a privileged process
+ * CVE-2023-5171 (bmo#1851599)
+ Use-after-free in Ion Compiler
+ * CVE-2023-5172 (bmo#1852218)
+ Memory Corruption in Ion Hints
+ * CVE-2023-5173 (bmo#1823172)
+ Out-of-bounds write in HTTP Alternate Services
+ * CVE-2023-5174 (bmo#1848454)
+ Double-free in process spawning on Windows
+ * CVE-2023-5175 (bmo#1849704)
+ Use-after-free of ImageBitmap during process shutdown
+ * CVE-2023-5176 (bmo#1836353, bmo#1842674, bmo#1843824, bmo#1843962,
+ bmo#1848890, bmo#1850180, bmo#1850983, bmo#1851195)
+ Memory safety bugs fixed in Firefox 118, Firefox ESR 115.3,
+ and Thunderbird 115.3
+- requires NSS 3.93
+- add mozilla-bmo1822730.patch
+- deactivated KDE integration temporarily
+ (removed mozilla-kde.patch and firefox-kde.patch for now)
+
+-------------------------------------------------------------------
Old:
----
firefox-117.0.1.source.tar.xz
firefox-117.0.1.source.tar.xz.asc
firefox-kde.patch
l10n-117.0.1.tar.xz
mozilla-kde.patch
New:
----
firefox-118.0.1.source.tar.xz
firefox-118.0.1.source.tar.xz.asc
l10n-118.0.1.tar.xz
mozilla-bmo1822730.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ MozillaFirefox.spec ++++++
--- /var/tmp/diff_new_pack.OrypPh/_old 2023-09-29 12:01:38.769180256 +0200
+++ /var/tmp/diff_new_pack.OrypPh/_new 2023-09-29 12:01:38.773180400 +0200
@@ -28,9 +28,9 @@
# orig_suffix b3
# major 69
# mainver %%major.99
-%define major 117
+%define major 118
%define mainver %major.0.1
-%define orig_version 117.0.1
+%define orig_version 118.0.1
%define orig_suffix %{nil}
%define update_channel release
%define branding 1
@@ -73,7 +73,7 @@
%define desktop_file_name %{progname}
%define firefox_appid \{ec8030f7-c20a-464f-9b0e-13a3a9e97384\}
%define __provides_exclude ^lib.*\\.so.*$
-%define __requires_exclude ^(libmoz.*|liblgpllibs.*|libxul.*)$
+%define __requires_exclude ^(libmoz.*|liblgpllibs.*|libxul.*|libgk.*)$
%define localize 1
%ifarch %ix86 x86_64
%define crashreporter 1
@@ -114,7 +114,7 @@
BuildRequires: libproxy-devel
BuildRequires: makeinfo
BuildRequires: mozilla-nspr-devel >= 4.35
-BuildRequires: mozilla-nss-devel >= 3.92
+BuildRequires: mozilla-nss-devel >= 3.93
BuildRequires: nasm >= 2.14
BuildRequires: nodejs >= 12.22.12
%if 0%{?sle_version} >= 120000 && 0%{?sle_version} < 150000
@@ -209,7 +209,7 @@
Source21:
https://ftp.mozilla.org/pub/%{srcname}/releases/%{version}%{orig_suffix}/KEY#/mozilla.keyring
# Gecko/Toolkit
Patch1: mozilla-nongnome-proxies.patch
-Patch2: mozilla-kde.patch
+#Patch2: mozilla-kde.patch
Patch3: mozilla-ntlm-full-path.patch
Patch4: mozilla-aarch64-startup-crash.patch
Patch5: mozilla-fix-aarch64-libopus.patch
@@ -228,8 +228,9 @@
Patch21: svg-rendering.patch
Patch22: mozilla-partial-revert-1768632.patch
Patch23: mozilla-rust-disable-future-incompat.patch
+Patch24: mozilla-bmo1822730.patch
# Firefox/browser
-Patch101: firefox-kde.patch
+#Patch101: firefox-kde.patch
Patch102: firefox-branded-icons.patch
%endif
BuildRoot: %{_tmppath}/%{name}-%{version}-build
@@ -348,11 +349,11 @@
export PYTHON3=/usr/bin/python3.9
%endif
-kdehelperversion=$(cat toolkit/xre/nsKDEUtils.cpp | grep '#define
KMOZILLAHELPER_VERSION' | cut -d ' ' -f 3)
-if test "$kdehelperversion" != %{kde_helper_version}; then
- echo fix kde helper version in the .spec file
- exit 1
-fi
+#kdehelperversion=$(cat toolkit/xre/nsKDEUtils.cpp | grep '#define
KMOZILLAHELPER_VERSION' | cut -d ' ' -f 3)
+#if test "$kdehelperversion" != %{kde_helper_version}; then
+# echo fix kde helper version in the .spec file
+# exit 1
+#fi
# When doing only_print_mozconfig, this file isn't necessarily available, so
skip it
cp %{SOURCE4} .obsenv.sh
++++++ firefox-117.0.1.source.tar.xz -> firefox-118.0.1.source.tar.xz ++++++
/work/SRC/openSUSE:Factory/MozillaFirefox/firefox-117.0.1.source.tar.xz
/work/SRC/openSUSE:Factory/.MozillaFirefox.new.28202/firefox-118.0.1.source.tar.xz
differ: char 15, line 1
++++++ l10n-117.0.1.tar.xz -> l10n-118.0.1.tar.xz ++++++
/work/SRC/openSUSE:Factory/MozillaFirefox/l10n-117.0.1.tar.xz
/work/SRC/openSUSE:Factory/.MozillaFirefox.new.28202/l10n-118.0.1.tar.xz
differ: char 26, line 1
++++++ mozilla-bmo1822730.patch ++++++
# HG changeset patch
# User Rob Krum <biggestsonic...@gmail.com>
# Date 1695432215 25200
# Fri Sep 22 18:23:35 2023 -0700
# Node ID e6a8a9f0956d124e8de34eb4bcf09d8e17077d9d
# Parent 677cbf2e64cdcd3a93e644f781be2bdc2529ba1a
Bug 1822730 - Add basic blob protocol handling for blob URIs that contain
parsable http/s protocols
diff --git a/toolkit/mozapps/downloads/DownloadLastDir.sys.mjs
b/toolkit/mozapps/downloads/DownloadLastDir.sys.mjs
--- a/toolkit/mozapps/downloads/DownloadLastDir.sys.mjs
+++ b/toolkit/mozapps/downloads/DownloadLastDir.sys.mjs
@@ -221,11 +221,13 @@ export class DownloadLastDir {
/**
* Pre-processor to extract a domain name to be used with the content-prefs
- * service. This specially handles data and file URIs so that the download
- * dirs are recalled in a more consistent way:
+ * service. This specially handles data, file and blob URIs so that the
+ * download dirs are recalled in a more consistent way:
* - all file:/// URIs share the same folder
* - data: URIs share a folder per mime-type. If a mime-type is not
* specified text/plain is assumed.
+ * - blob: blob URIs are tested for http/https and the blob protocol
+ * is stripped.
* In any other case the original URL is returned as a string and
ContentPrefs
* will do its usual parsing.
*
@@ -234,6 +236,9 @@ export class DownloadLastDir {
*/
#cpsGroupFromURL(url) {
if (typeof url == "string") {
+ if (url.startsWith("blob:http://";) || url.startsWith("blob:https://";)) {
+ url = url.replace("blob:", "");
+ }
url = new URL(url);
} else if (url instanceof Ci.nsIURI) {
url = URL.fromURI(url);
@@ -241,6 +246,14 @@ export class DownloadLastDir {
if (!URL.isInstance(url)) {
return url;
}
+ if (url.protocol == "blob:") {
+ if (
+ url.href.startsWith("blob:http://";) ||
+ url.href.startsWith("blob:https://";)
+ ) {
+ return url.href.replace("blob:", "");
+ }
+ }
if (url.protocol == "data:") {
return url.href.match(/^data:[^;,]*/i)[0].replace(/:$/, ":text/plain");
}
++++++ mozilla-silence-no-return-type.patch ++++++
--- /var/tmp/diff_new_pack.OrypPh/_old 2023-09-29 12:01:39.049190371 +0200
+++ /var/tmp/diff_new_pack.OrypPh/_new 2023-09-29 12:01:39.049190371 +0200
@@ -1,5 +1,5 @@
# HG changeset patch
-# Parent 505c5ac5cad0268fe81c67d39f70cbab3bff616a
+# Parent f809af927a59e945c76f51c25b1044fb42748c24
diff --git a/gfx/skia/skia/include/codec/SkEncodedOrigin.h
b/gfx/skia/skia/include/codec/SkEncodedOrigin.h
--- a/gfx/skia/skia/include/codec/SkEncodedOrigin.h
@@ -722,7 +722,7 @@
diff --git
a/third_party/libwebrtc/modules/audio_processing/agc2/rnn_vad/rnn_fc.cc
b/third_party/libwebrtc/modules/audio_processing/agc2/rnn_vad/rnn_fc.cc
--- a/third_party/libwebrtc/modules/audio_processing/agc2/rnn_vad/rnn_fc.cc
+++ b/third_party/libwebrtc/modules/audio_processing/agc2/rnn_vad/rnn_fc.cc
-@@ -54,16 +54,18 @@ std::vector<float> PreprocessWeights(rtc
+@@ -55,16 +55,18 @@ std::vector<float> PreprocessWeights(rtc
rtc::FunctionView<float(float)> GetActivationFunction(
ActivationFunction activation_function) {
switch (activation_function) {
@@ -948,12 +948,12 @@
+ return "";
}
- constexpr char kIncludeCaptureClockOffset[] =
- "WebRTC-IncludeCaptureClockOffset";
-
} // namespace
RTPSenderAudio::RTPSenderAudio(Clock* clock, RTPSender* rtp_sender)
+ : clock_(clock),
+ rtp_sender_(rtp_sender),
+ absolute_capture_time_sender_(clock) {
diff --git
a/third_party/libwebrtc/modules/video_coding/codecs/vp8/default_temporal_layers.cc
b/third_party/libwebrtc/modules/video_coding/codecs/vp8/default_temporal_layers.cc
---
a/third_party/libwebrtc/modules/video_coding/codecs/vp8/default_temporal_layers.cc
+++
b/third_party/libwebrtc/modules/video_coding/codecs/vp8/default_temporal_layers.cc
++++++ tar_stamps ++++++
--- /var/tmp/diff_new_pack.OrypPh/_old 2023-09-29 12:01:39.105192394 +0200
+++ /var/tmp/diff_new_pack.OrypPh/_new 2023-09-29 12:01:39.109192538 +0200
@@ -1,11 +1,11 @@
PRODUCT="firefox"
CHANNEL="release"
-VERSION="117.0.1"
+VERSION="118.0.1"
VERSION_SUFFIX=""
-PREV_VERSION="117.0"
+PREV_VERSION="118.0"
PREV_VERSION_SUFFIX=""
#SKIP_LOCALES="" # Uncomment to skip l10n and compare-locales-generation
RELEASE_REPO="https://hg.mozilla.org/releases/mozilla-release";
-RELEASE_TAG="e245ca2125a6eb1e2d08cc9e5824f15e1e67a566"
-RELEASE_TIMESTAMP="20230912013654"
+RELEASE_TAG="68e4c357d26c5a1f075a1ec0c696d4fe684ed881"
+RELEASE_TIMESTAMP="20230927232528"
