Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package MozillaFirefox for openSUSE:Factory checked in at 2024-05-21 18:33:21 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/MozillaFirefox (Old) and /work/SRC/openSUSE:Factory/.MozillaFirefox.new.1880 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "MozillaFirefox" Tue May 21 18:33:21 2024 rev:427 rq:1175472 version:126.0 Changes: -------- --- /work/SRC/openSUSE:Factory/MozillaFirefox/MozillaFirefox.changes 2024-05-01 14:55:00.654770648 +0200 +++ /work/SRC/openSUSE:Factory/.MozillaFirefox.new.1880/MozillaFirefox.changes 2024-05-21 18:33:29.619941660 +0200 @@ -1,0 +2,47 @@ +Wed May 15 08:46:30 UTC 2024 - Wolfgang Rosenauer <w...@rosenauer.org> + +- Mozilla Firefox 126.0 + https://www.mozilla.org/en-US/firefox/126.0/releasenotes + MFSA 2024-21 (bsc#1224056) + * CVE-2024-4764 (bmo#1879093) + Use-after-free when audio input connected with multiple consumers + * CVE-2024-4367 (bmo#1893645) + Arbitrary JavaScript execution in PDF.js + * CVE-2024-4765 (bmo#1871109) + Web application manifests could have been overwritten via + hash collision + * CVE-2024-4766 (bmo#1871214, bmo#1871217) + Fullscreen notification could have been obscured on Firefox + for Android + * CVE-2024-4767 (bmo#1878577) + IndexedDB files retained in private browsing mode + * CVE-2024-4768 (bmo#1886082) + Potential permissions request bypass via clickjacking + * CVE-2024-4769 (bmo#1886108) + Cross-origin responses could be distinguished between script + and non-script content-types + * CVE-2024-4770 (bmo#1893270) + Use-after-free could occur when printing to PDF + * CVE-2024-4771 (bmo#1893891) + Failed allocation could lead to use-after-free + * CVE-2024-4772 (bmo#1870579) + Use of insecure rand() function to generate nonce + * CVE-2024-4773 (bmo#1875248) + URL bar could be cleared after network error + * CVE-2024-4774 (bmo#1886598) + Undefined behavior in ShmemCharMapHashEntry() + * CVE-2024-4775 (bmo#1887332) + Invalid memory access in the built-in profiler + * CVE-2024-4776 (bmo#1887343) + Window may remain disabled after file dialog is shown in + full-screen + * CVE-2024-4777 (bmo#1878199, bmo#1893340) + Memory safety bugs fixed in Firefox 126, Firefox ESR 115.11, + and Thunderbird 115.11 + * CVE-2024-4778 (bmo#1838834, bmo#1889291, bmo#1889595, + bmo#1890204, bmo#1891545) + Memory safety bugs fixed in Firefox 126 +- requires NSS 3.100 +- removed obsolete mozilla-libproxy-fix.patch + +------------------------------------------------------------------- Old: ---- firefox-125.0.3.source.tar.xz firefox-125.0.3.source.tar.xz.asc l10n-125.0.3.tar.xz mozilla-libproxy-fix.patch New: ---- firefox-126.0.source.tar.xz firefox-126.0.source.tar.xz.asc l10n-126.0.tar.xz BETA DEBUG BEGIN: Old:- requires NSS 3.100 - removed obsolete mozilla-libproxy-fix.patch BETA DEBUG END: ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ MozillaFirefox.spec ++++++ --- /var/tmp/diff_new_pack.LWak5m/_old 2024-05-21 18:33:44.892496950 +0200 +++ /var/tmp/diff_new_pack.LWak5m/_new 2024-05-21 18:33:44.900497240 +0200 @@ -28,9 +28,9 @@ # orig_suffix b3 # major 69 # mainver %%major.99 -%define major 125 -%define mainver %major.0.3 -%define orig_version 125.0.3 +%define major 126 +%define mainver %major.0 +%define orig_version 126.0 %define orig_suffix %{nil} %define update_channel release %define branding 1 @@ -114,7 +114,7 @@ BuildRequires: libproxy-devel BuildRequires: makeinfo BuildRequires: mozilla-nspr-devel >= 4.35 -BuildRequires: mozilla-nss-devel >= 3.99 +BuildRequires: mozilla-nss-devel >= 3.100 BuildRequires: nasm >= 2.14 BuildRequires: nodejs >= 12.22.12 %if 0%{?sle_version} >= 120000 && 0%{?sle_version} < 150000 @@ -229,7 +229,6 @@ Patch22: mozilla-partial-revert-1768632.patch Patch23: mozilla-rust-disable-future-incompat.patch Patch24: mozilla-bmo1822730.patch -Patch25: mozilla-libproxy-fix.patch # Firefox/browser Patch101: firefox-kde.patch Patch102: firefox-branded-icons.patch @@ -735,10 +734,10 @@ %{progdir}/platform.ini %if %crashreporter %{progdir}/crashreporter -%{progdir}/crashreporter.ini -%{progdir}/Throbber-small.gif +#%{progdir}/crashreporter.ini +#%{progdir}/Throbber-small.gif %{progdir}/minidump-analyzer -%{progdir}/browser/crashreporter-override.ini +#%{progdir}/browser/crashreporter-override.ini %endif %{_datadir}/applications/%{desktop_file_name}.desktop %{_datadir}/mime/packages/%{progname}.xml ++++++ firefox-125.0.3.source.tar.xz -> firefox-126.0.source.tar.xz ++++++ /work/SRC/openSUSE:Factory/MozillaFirefox/firefox-125.0.3.source.tar.xz /work/SRC/openSUSE:Factory/.MozillaFirefox.new.1880/firefox-126.0.source.tar.xz differ: char 15, line 1 ++++++ l10n-125.0.3.tar.xz -> l10n-126.0.tar.xz ++++++ /work/SRC/openSUSE:Factory/MozillaFirefox/l10n-125.0.3.tar.xz /work/SRC/openSUSE:Factory/.MozillaFirefox.new.1880/l10n-126.0.tar.xz differ: char 26, line 1 ++++++ mozilla-kde.patch ++++++ --- /var/tmp/diff_new_pack.LWak5m/_old 2024-05-21 18:33:45.676525456 +0200 +++ /var/tmp/diff_new_pack.LWak5m/_new 2024-05-21 18:33:45.680525601 +0200 @@ -50,7 +50,7 @@ diff --git a/modules/libpref/Preferences.cpp b/modules/libpref/Preferences.cpp --- a/modules/libpref/Preferences.cpp +++ b/modules/libpref/Preferences.cpp -@@ -90,16 +90,17 @@ +@@ -92,16 +92,17 @@ #include "PLDHashTable.h" #include "prdtoa.h" #include "prlink.h" @@ -727,7 +727,7 @@ using mozilla::dom::RemoteHandlerApp; namespace { -@@ -305,18 +305,18 @@ mozilla::ipc::IPCResult HandlerServicePa +@@ -309,18 +309,18 @@ mozilla::ipc::IPCResult HandlerServicePa mozilla::ipc::IPCResult HandlerServiceParent::RecvExistsForProtocolOS( const nsACString& aProtocolScheme, bool* aHandlerExists) { if (aProtocolScheme.Length() > MAX_SCHEME_LENGTH) { @@ -771,7 +771,7 @@ ] elif CONFIG["MOZ_WIDGET_TOOLKIT"] == "windows": UNIFIED_SOURCES += [ -@@ -129,15 +131,16 @@ include("/ipc/chromium/chromium-config.m +@@ -130,15 +132,16 @@ include("/ipc/chromium/chromium-config.m FINAL_LIBRARY = "xul" LOCAL_INCLUDES += [ @@ -991,7 +991,7 @@ diff --git a/uriloader/exthandler/unix/nsMIMEInfoUnix.cpp b/uriloader/exthandler/unix/nsMIMEInfoUnix.cpp --- a/uriloader/exthandler/unix/nsMIMEInfoUnix.cpp +++ b/uriloader/exthandler/unix/nsMIMEInfoUnix.cpp -@@ -1,48 +1,51 @@ +@@ -1,27 +1,30 @@ /* -*- Mode: C++; tab-width: 3; indent-tabs-mode: nil; c-basic-offset: 2 -*- * * This Source Code Form is subject to the terms of the Mozilla Public @@ -1004,6 +1004,8 @@ #include "nsIGIOService.h" #include "nsNetCID.h" #include "nsIIOService.h" + #include "nsLocalFile.h" + #ifdef MOZ_ENABLE_DBUS # include "nsDBusHandlerApp.h" #endif @@ -1016,10 +1018,13 @@ + return nsCommonRegistry::LoadURL(aURI); } - NS_IMETHODIMP - nsMIMEInfoUnix::GetHasDefaultHandler(bool* _retval) { - // if a default app is set, it means the application has been set from - // either /etc/mailcap or ${HOME}/.mailcap, in which case we don't want to + NS_IMETHODIMP nsMIMEInfoUnix::GetDefaultExecutable(nsIFile** aExecutable) { + // This needs to be implemented before FirefoxBridge will work on Linux. + // To implement this and be consistent, GetHasDefaultHandler and + // LaunchDefaultWithFile should probably be made to be consistent. + // Right now, they aren't. GetHasDefaultHandler reports true in cases + // where calling LaunchDefaultWithFile will fail due to not finding the +@@ -37,25 +40,25 @@ nsMIMEInfoUnix::GetHasDefaultHandler(boo // give the GNOME answer. if (GetDefaultApplication()) { return nsMIMEInfoImpl::GetHasDefaultHandler(_retval); @@ -1048,7 +1053,7 @@ if (*_retval) return NS_OK; return NS_OK; -@@ -54,16 +57,31 @@ nsresult nsMIMEInfoUnix::LaunchDefaultWi +@@ -67,16 +70,31 @@ nsresult nsMIMEInfoUnix::LaunchDefaultWi // give the GNOME answer. if (GetDefaultApplication()) { return nsMIMEInfoImpl::LaunchDefaultWithFile(aFile); ++++++ mozilla-rust-disable-future-incompat.patch ++++++ --- /var/tmp/diff_new_pack.LWak5m/_old 2024-05-21 18:33:45.708526619 +0200 +++ /var/tmp/diff_new_pack.LWak5m/_new 2024-05-21 18:33:45.716526910 +0200 @@ -1,21 +1,22 @@ # HG changeset patch -# Parent fa3b49f090f8b4a1af0510a675d2674a420fcbc6 +# Parent 83a5e219b271976ee9dfa46b74ecc1c1c6d49f94 diff --git a/Cargo.toml b/Cargo.toml --- a/Cargo.toml +++ b/Cargo.toml -@@ -219,8 +219,13 @@ webext-storage = { git = "https://github +@@ -234,8 +234,14 @@ mio_0_8 = { package = "mio", git = "http path = "third_party/rust/mio-0.6.23" [patch."https://github.com/mozilla/uniffi-rs.git"] - uniffi = "=0.25.3" - uniffi_bindgen = "=0.25.3" - uniffi_build = "=0.25.3" - uniffi_macros = "=0.25.3" - weedle2 = "=4.0.0" + uniffi = "0.27.1" + uniffi_bindgen = "0.27.1" + uniffi_build = "0.27.1" + uniffi_macros = "0.27.1" + weedle2 = "=5.0.0" + +# Package code v0.1.4 uses code "that will be rejected by a future version of Rust" +# Shut up such messages for now to make the build succeed +[future-incompat-report] +frequency = "never" ++ ++++++ tar_stamps ++++++ --- /var/tmp/diff_new_pack.LWak5m/_old 2024-05-21 18:33:45.776529092 +0200 +++ /var/tmp/diff_new_pack.LWak5m/_new 2024-05-21 18:33:45.780529238 +0200 @@ -1,11 +1,11 @@ PRODUCT="firefox" CHANNEL="release" -VERSION="125.0.3" +VERSION="126.0" VERSION_SUFFIX="" -PREV_VERSION="125.0.2" +PREV_VERSION="125.0.3" PREV_VERSION_SUFFIX="" #SKIP_LOCALES="" # Uncomment to skip l10n and compare-locales-generation RELEASE_REPO="https://hg.mozilla.org/releases/mozilla-release" -RELEASE_TAG="899257fc1af08f2b141cd16d4b6151c0e0b47a9a" -RELEASE_TIMESTAMP="20240425211020" +RELEASE_TAG="3db775a2083d15ae699bdc129ad9c51f323ace70" +RELEASE_TIMESTAMP="20240509170740"