Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package MozillaFirefox for openSUSE:Factory checked in at 2024-10-06 17:51:24 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/MozillaFirefox (Old) and /work/SRC/openSUSE:Factory/.MozillaFirefox.new.19354 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "MozillaFirefox" Sun Oct 6 17:51:24 2024 rev:438 rq:1205704 version:131.0 Changes: -------- --- /work/SRC/openSUSE:Factory/MozillaFirefox/MozillaFirefox.changes 2024-09-22 11:05:24.467084579 +0200 +++ /work/SRC/openSUSE:Factory/.MozillaFirefox.new.19354/MozillaFirefox.changes 2024-10-06 17:51:31.603994746 +0200 @@ -0,0 +1,45 @@ +------------------------------------------------------------------- +Sun Sep 29 10:38:36 UTC 2024 - Wolfgang Rosenauer <wr@rosenauer.org> + +- Firefox 131.0 + https://www.mozilla.org/en-US/firefox/131.0/releasenotes/ + MFSA 2024-46 (bsc#1230979) + * CVE-2024-9391 (bmo#1892407) + Prevent users from exiting full-screen mode in Firefox Focus + for Android + * CVE-2024-9392 (bmo#1899154, bmo#1905843) + Compromised content process can bypass site isolation + * CVE-2024-9393 (bmo#1918301) + Cross-origin access to PDF contents through multipart responses + * CVE-2024-9394 (bmo#1918874) + Cross-origin access to JSON contents through multipart responses + * CVE-2024-9395 (bmo#1906024) + Specially crafted filename could be used to obscure download type + * CVE-2024-9396 (bmo#1912471) + Potential memory corruption may occur when cloning certain objects + * CVE-2024-9397 (bmo#1916659) + Potential directory upload bypass via clickjacking + * CVE-2024-9398 (bmo#1881037) + External protocol handlers could be enumerated via popups + * CVE-2024-9399 (bmo#1907726) + Specially crafted WebTransport requests could lead to denial + of service + * CVE-2024-9400 (bmo#1915249) + Potential memory corruption during JIT compilation + * CVE-2024-9401 (bmo#1872744, bmo#1897792, bmo#1911317, bmo#1916476) + Memory safety bugs fixed in Firefox 131, Firefox ESR 115.16, + Firefox ESR 128.3, Thunderbird 131, and Thunderbird 128.3 + * CVE-2024-9402 (bmo#1872744, bmo#1897792, bmo#1911317, bmo#1913445, + bmo#1914106, bmo#1914475, bmo#1914963, bmo#1915008, bmo#1916476) + Memory safety bugs fixed in Firefox 131, Firefox ESR 128.3, + Thunderbird 131, and Thunderbird 128.3 + * CVE-2024-9403 (bmo#1917807) + Memory safety bugs fixed in Firefox 131 and Thunderbird 131 +- requires NSS 3.104 +- rebased patches + +------------------------------------------------------------------ +Sat Sep 21 08:14:29 UTC 2024 - Manfred Hollstein <manfred.h@gmx.net> + +- Don't use clang18-devel on Leap as they don't have that version. + Old: ---- firefox-130.0.1.source.tar.xz firefox-130.0.1.source.tar.xz.asc l10n-130.0.1.tar.xz New: ---- firefox-131.0.source.tar.xz firefox-131.0.source.tar.xz.asc l10n-131.0.tar.xz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ MozillaFirefox.spec ++++++ --- /var/tmp/diff_new_pack.FA7Mqg/_old 2024-10-06 17:51:44.520531508 +0200 +++ /var/tmp/diff_new_pack.FA7Mqg/_new 2024-10-06 17:51:44.520531508 +0200 @@ -28,9 +28,9 @@ # orig_suffix b3 # major 69 # mainver %%major.99 -%define major 130 -%define mainver %major.0.1 -%define orig_version 130.0.1 +%define major 131 +%define mainver %major.0 +%define orig_version 131.0 %define orig_suffix %{nil} %define update_channel release %define branding 1 @@ -114,7 +114,7 @@ BuildRequires: libproxy-devel BuildRequires: makeinfo BuildRequires: mozilla-nspr-devel >= 4.35 -BuildRequires: mozilla-nss-devel >= 3.103 +BuildRequires: mozilla-nss-devel >= 3.104 BuildRequires: nasm >= 2.14 BuildRequires: nodejs >= 12.22.12 %if 0%{?sle_version} >= 120000 && 0%{?sle_version} < 150000 @@ -149,7 +149,11 @@ %if 0%{?suse_version} < 1550 BuildRequires: pkgconfig(gconf-2.0) >= 1.2.1 %endif +%if 0%{?suse_version} < 1599 +BuildRequires: clang15-devel +%else BuildRequires: clang18-devel +%endif BuildRequires: pkgconfig(glib-2.0) >= 2.22 BuildRequires: pkgconfig(gobject-2.0) BuildRequires: pkgconfig(gtk+-3.0) >= 3.14.0 ++++++ firefox-130.0.1.source.tar.xz -> firefox-131.0.source.tar.xz ++++++ /work/SRC/openSUSE:Factory/MozillaFirefox/firefox-130.0.1.source.tar.xz /work/SRC/openSUSE:Factory/.MozillaFirefox.new.19354/firefox-131.0.source.tar.xz differ: char 16, line 1 ++++++ l10n-130.0.1.tar.xz -> l10n-131.0.tar.xz ++++++ /work/SRC/openSUSE:Factory/MozillaFirefox/l10n-130.0.1.tar.xz /work/SRC/openSUSE:Factory/.MozillaFirefox.new.19354/l10n-131.0.tar.xz differ: char 15, line 1 ++++++ mozilla-bmo1504834-part1.patch ++++++ --- /var/tmp/diff_new_pack.FA7Mqg/_old 2024-10-06 17:51:44.800543145 +0200 +++ /var/tmp/diff_new_pack.FA7Mqg/_new 2024-10-06 17:51:44.804543311 +0200 @@ -1,11 +1,11 @@ # HG changeset patch -# Parent 125a78208d2cef58191a0328ffe894dd14c6b146 +# Parent e31f5228a09ed69d7ac3c84e54f0faa6a5910ae0 Taken from https://bugzilla.mozilla.org/show_bug.cgi?id=1504834 diff --git a/gfx/2d/DrawTargetSkia.cpp b/gfx/2d/DrawTargetSkia.cpp --- a/gfx/2d/DrawTargetSkia.cpp +++ b/gfx/2d/DrawTargetSkia.cpp -@@ -151,17 +151,18 @@ static IntRect CalculateSurfaceBounds(co +@@ -155,17 +155,18 @@ static IntRect CalculateSurfaceBounds(co if (!sampledBounds.ToIntRect(&bounds)) { return surfaceBounds; } @@ -28,8 +28,8 @@ diff --git a/gfx/2d/Types.h b/gfx/2d/Types.h --- a/gfx/2d/Types.h +++ b/gfx/2d/Types.h -@@ -84,28 +84,21 @@ enum class SurfaceFormat : int8_t { - YUV422, // Single plane YUV 4:2:2 interleaved as Y`0 Cb Y`1 Cr. +@@ -94,28 +94,21 @@ enum class SurfaceFormat : int8_t { + // this format. HSV, Lab, Depth, ++++++ mozilla-silence-no-return-type.patch ++++++ --- /var/tmp/diff_new_pack.FA7Mqg/_old 2024-10-06 17:51:44.868545971 +0200 +++ /var/tmp/diff_new_pack.FA7Mqg/_new 2024-10-06 17:51:44.872546137 +0200 @@ -1,5 +1,5 @@ # HG changeset patch -# Parent 1bc018c4fee525f3a9dfafdb9550e53b6d82fd65 +# Parent 104c34af9ec233f7cd5e8dc955ba7ee763f47a21 diff --git a/gfx/skia/skia/include/codec/SkEncodedOrigin.h b/gfx/skia/skia/include/codec/SkEncodedOrigin.h --- a/gfx/skia/skia/include/codec/SkEncodedOrigin.h @@ -363,7 +363,7 @@ diff --git a/js/src/irregexp/imported/regexp-parser.cc b/js/src/irregexp/imported/regexp-parser.cc --- a/js/src/irregexp/imported/regexp-parser.cc +++ b/js/src/irregexp/imported/regexp-parser.cc -@@ -2776,16 +2776,17 @@ bool MayContainStrings(ClassSetOperandTy +@@ -2780,16 +2780,17 @@ bool MayContainStrings(ClassSetOperandTy return false; case ClassSetOperandType::kCharacterClassEscape: case ClassSetOperandType::kClassStringDisjunction: @@ -627,7 +627,7 @@ diff --git a/third_party/libwebrtc/media/base/codec.cc b/third_party/libwebrtc/media/base/codec.cc --- a/third_party/libwebrtc/media/base/codec.cc +++ b/third_party/libwebrtc/media/base/codec.cc -@@ -257,16 +257,17 @@ bool Codec::Matches(const Codec& codec) +@@ -267,16 +267,17 @@ bool Codec::Matches(const Codec& codec) (codec.bitrate == 0 || bitrate <= 0 || bitrate == codec.bitrate) && ((codec.channels < 2 && channels < 2) || @@ -787,7 +787,7 @@ diff --git a/third_party/libwebrtc/modules/congestion_controller/goog_cc/goog_cc_network_control.cc b/third_party/libwebrtc/modules/congestion_controller/goog_cc/goog_cc_network_control.cc --- a/third_party/libwebrtc/modules/congestion_controller/goog_cc/goog_cc_network_control.cc +++ b/third_party/libwebrtc/modules/congestion_controller/goog_cc/goog_cc_network_control.cc -@@ -82,16 +82,18 @@ BandwidthLimitedCause GetBandwidthLimite +@@ -81,16 +81,18 @@ BandwidthLimitedCause GetBandwidthLimite // Probes may not be sent in this state. return BandwidthLimitedCause::kLossLimitedBwe; case LossBasedState::kIncreasing: @@ -804,8 +804,8 @@ GoogCcNetworkController::GoogCcNetworkController(NetworkControllerConfig config, GoogCcConfig goog_cc_config) - : key_value_config_(config.key_value_config ? config.key_value_config - : &trial_based_config_), + : env_(config.env), + packet_feedback_only_(goog_cc_config.feedback_only), diff --git a/third_party/libwebrtc/modules/desktop_capture/linux/wayland/screencast_portal.cc b/third_party/libwebrtc/modules/desktop_capture/linux/wayland/screencast_portal.cc --- a/third_party/libwebrtc/modules/desktop_capture/linux/wayland/screencast_portal.cc +++ b/third_party/libwebrtc/modules/desktop_capture/linux/wayland/screencast_portal.cc @@ -830,7 +830,7 @@ diff --git a/third_party/libwebrtc/modules/pacing/bitrate_prober.cc b/third_party/libwebrtc/modules/pacing/bitrate_prober.cc --- a/third_party/libwebrtc/modules/pacing/bitrate_prober.cc +++ b/third_party/libwebrtc/modules/pacing/bitrate_prober.cc -@@ -79,16 +79,17 @@ bool BitrateProber::ReadyToSetActiveStat +@@ -80,16 +80,17 @@ bool BitrateProber::ReadyToSetActiveStat return true; } // If config_.min_packet_size > 0, a "large enough" packet must be ++++++ tar_stamps ++++++ --- /var/tmp/diff_new_pack.FA7Mqg/_old 2024-10-06 17:51:44.940548963 +0200 +++ /var/tmp/diff_new_pack.FA7Mqg/_new 2024-10-06 17:51:44.944549129 +0200 @@ -1,11 +1,11 @@ PRODUCT="firefox" CHANNEL="release" -VERSION="130.0.1" +VERSION="131.0" VERSION_SUFFIX="" -PREV_VERSION="130.0" +PREV_VERSION="130.0.1" PREV_VERSION_SUFFIX="" #SKIP_LOCALES="" # Uncomment to skip l10n and compare-locales-generation RELEASE_REPO="https://hg.mozilla.org/releases/mozilla-release" -RELEASE_TAG="2f6d80ae5a069caeed2c79987422bfae1d8facc3" -RELEASE_TIMESTAMP="20240913135723" +RELEASE_TAG="61268a890b3c86ab4f5cfd7c6e1e3d14cc68f0b6" +RELEASE_TIMESTAMP="20240923135042"