From bb531c97bb7b2fad1ee1a918dda1a149136539d8 Mon Sep 17 00:00:00 2001 From: MSVSphere Packaging Team Date: Fri, 10 Jan 2025 03:01:38 +0300 Subject: [PATCH] import firefox-128.6.0-1.el8_10 --- .firefox.metadata | 4 +- .gitignore | 4 +- ...when-goes-off-screen-or-is-invisible.patch | 116 ++++ ...onal-formats-and-fix-rgb-bgr-mapping.patch | 87 +++ ...ter-out-devices-without-capabilities.patch | 231 ++++++++ ...nformation-about-camera-availability.patch | 52 ++ ...eedback-for-newly-created-deviceinfo.patch | 293 ++++++++++ ...ariable-with-pipewire-status-updated.patch | 36 ++ ...port-for-device-change-notifications.patch | 190 +++++++ ...r-each-format-when-specified-as-list.patch | 52 ++ ...m-parameters-specified-by-capability.patch | 172 ++++++ ...nique-device-name-for-camera-devices.patch | 61 +++ ...-system-nss-replace-xyber-with-mlkem.patch | 507 ++++++++++++++++++ SPECS/firefox.spec | 84 ++- 14 files changed, 1875 insertions(+), 14 deletions(-) create mode 100644 SOURCES/001-libwebrtc-pipewire-screencast-hide-cursor-when-goes-off-screen-or-is-invisible.patch create mode 100644 SOURCES/002-libwebrtc-pipewire-camera-support-additional-formats-and-fix-rgb-bgr-mapping.patch create mode 100644 SOURCES/003-libwebrtc-pipewire-camera-filter-out-devices-without-capabilities.patch create mode 100644 SOURCES/004-firefox-always-query-information-about-camera-availability.patch create mode 100644 SOURCES/005-firefox-always-register-video-input-feedback-for-newly-created-deviceinfo.patch create mode 100644 SOURCES/006-libwebrtc-pipewire-camera-make-member-variable-with-pipewire-status-updated.patch create mode 100644 SOURCES/007-firefox-add-missing-support-for-device-change-notifications.patch create mode 100644 SOURCES/008-libwebrtc-pipewire-camera-get-max-fps-for-each-format-when-specified-as-list.patch create mode 100644 SOURCES/009-libwebrtc-pipewire-camera-use-exact-stream-parameters-specified-by-capability.patch create mode 100644 SOURCES/010-libwebrtc-pipewire-camera-use-better-unique-device-name-for-camera-devices.patch create mode 100644 SOURCES/firefox-system-nss-replace-xyber-with-mlkem.patch diff --git a/.firefox.metadata b/.firefox.metadata index 520e68b..0d52be0 100644 --- a/.firefox.metadata +++ b/.firefox.metadata @@ -1,6 +1,6 @@ 5012b69e54cbebe3b5e74011dacf3a2097f49921 SOURCES/cbindgen-vendor.tar.xz -2549991b68b27b820e92151e48f9f08da0cd55fb SOURCES/firefox-128.5.1esr.processed-source.tar.xz -76f0794bac607a730ea03dff8f804e09c9e0c962 SOURCES/firefox-langpacks-128.5.1esr-20241202.tar.xz +e7ed7ac1b931b5fa222caef5f168fadddb86b324 SOURCES/firefox-128.6.0esr.processed-source.tar.xz +798d35ab0e2ca81a9978c0514684f3d7fce0e384 SOURCES/firefox-langpacks-128.6.0esr-20241218.tar.xz 2d8a6b2b30d5496735f49ffe8c8a7ede3a78a5ca SOURCES/mochitest-python.tar.gz d744f92e874688cc4b5376477dfdd639a97a6cd4 SOURCES/nspr-4.35.0-1.el8_1.src.rpm f466d7213e85773e002c48897524eaf909480046 SOURCES/nss-3.101.0-7.el8_2.src.rpm diff --git a/.gitignore b/.gitignore index 1958cd9..8fb8497 100644 --- a/.gitignore +++ b/.gitignore @@ -1,6 +1,6 @@ SOURCES/cbindgen-vendor.tar.xz -SOURCES/firefox-128.5.1esr.processed-source.tar.xz -SOURCES/firefox-langpacks-128.5.1esr-20241202.tar.xz +SOURCES/firefox-128.6.0esr.processed-source.tar.xz +SOURCES/firefox-langpacks-128.6.0esr-20241218.tar.xz SOURCES/mochitest-python.tar.gz SOURCES/nspr-4.35.0-1.el8_1.src.rpm SOURCES/nss-3.101.0-7.el8_2.src.rpm diff --git a/SOURCES/001-libwebrtc-pipewire-screencast-hide-cursor-when-goes-off-screen-or-is-invisible.patch b/SOURCES/001-libwebrtc-pipewire-screencast-hide-cursor-when-goes-off-screen-or-is-invisible.patch new file mode 100644 index 0000000..c16dc91 --- /dev/null +++ b/SOURCES/001-libwebrtc-pipewire-screencast-hide-cursor-when-goes-off-screen-or-is-invisible.patch @@ -0,0 +1,116 @@ +From 92643d686bed8f3e4f2c1aae194925b6dc9dea86 Mon Sep 17 00:00:00 2001 +From: Jan Grulich +Date: Fri, 28 Jun 2024 18:13:15 +0000 +Subject: [PATCH] Bug 1905335 - WebRTC backport: PipeWire capture: hide cursor + when it goes off screen or is not visible r=pehrsons,webrtc-reviewers + +This is a simple backport of an WebRTC upstream change. + +Upstream commit: e6ad337d633c145c48a5a4ae54968c14c16081c7 + +Differential Revision: https://phabricator.services.mozilla.com/D215197 +--- + .../wayland/mouse_cursor_monitor_pipewire.cc | 14 +++-- + .../linux/wayland/shared_screencast_stream.cc | 52 +++++++++++-------- + .../e6ad337d63.no-op-cherry-pick-msg | 1 + + 3 files changed, 39 insertions(+), 28 deletions(-) + create mode 100644 third_party/libwebrtc/moz-patch-stack/e6ad337d63.no-op-cherry-pick-msg + +diff --git a/third_party/libwebrtc/modules/desktop_capture/linux/wayland/mouse_cursor_monitor_pipewire.cc b/third_party/libwebrtc/modules/desktop_capture/linux/wayland/mouse_cursor_monitor_pipewire.cc +index 3d33b0fbb8e6e..00b07f341b16a 100644 +--- a/third_party/libwebrtc/modules/desktop_capture/linux/wayland/mouse_cursor_monitor_pipewire.cc ++++ b/third_party/libwebrtc/modules/desktop_capture/linux/wayland/mouse_cursor_monitor_pipewire.cc +@@ -40,6 +40,14 @@ void MouseCursorMonitorPipeWire::Capture() { + RTC_DCHECK_RUN_ON(&sequence_checker_); + RTC_DCHECK(callback_); + ++ absl::optional mouse_cursor_position = ++ options_.screencast_stream()->CaptureCursorPosition(); ++ // Invalid cursor or position ++ if (!mouse_cursor_position) { ++ callback_->OnMouseCursor(nullptr); ++ return; ++ } ++ + std::unique_ptr mouse_cursor = + options_.screencast_stream()->CaptureCursor(); + +@@ -48,11 +56,7 @@ void MouseCursorMonitorPipeWire::Capture() { + } + + if (mode_ == SHAPE_AND_POSITION) { +- absl::optional mouse_cursor_position = +- options_.screencast_stream()->CaptureCursorPosition(); +- if (mouse_cursor_position) { +- callback_->OnMouseCursorPosition(mouse_cursor_position.value()); +- } ++ callback_->OnMouseCursorPosition(mouse_cursor_position.value()); + } + } + +diff --git a/third_party/libwebrtc/modules/desktop_capture/linux/wayland/shared_screencast_stream.cc b/third_party/libwebrtc/modules/desktop_capture/linux/wayland/shared_screencast_stream.cc +index ab9054f1a1676..b8cac318ffeb9 100644 +--- a/third_party/libwebrtc/modules/desktop_capture/linux/wayland/shared_screencast_stream.cc ++++ b/third_party/libwebrtc/modules/desktop_capture/linux/wayland/shared_screencast_stream.cc +@@ -690,32 +690,38 @@ void SharedScreenCastStreamPrivate::ProcessBuffer(pw_buffer* buffer) { + const struct spa_meta_cursor* cursor = + static_cast(spa_buffer_find_meta_data( + spa_buffer, SPA_META_Cursor, sizeof(*cursor))); +- if (cursor && spa_meta_cursor_is_valid(cursor)) { +- struct spa_meta_bitmap* bitmap = nullptr; +- +- if (cursor->bitmap_offset) +- bitmap = +- SPA_MEMBER(cursor, cursor->bitmap_offset, struct spa_meta_bitmap); +- +- if (bitmap && bitmap->size.width > 0 && bitmap->size.height > 0) { +- const uint8_t* bitmap_data = +- SPA_MEMBER(bitmap, bitmap->offset, uint8_t); +- BasicDesktopFrame* mouse_frame = new BasicDesktopFrame( +- DesktopSize(bitmap->size.width, bitmap->size.height)); +- mouse_frame->CopyPixelsFrom( +- bitmap_data, bitmap->stride, +- DesktopRect::MakeWH(bitmap->size.width, bitmap->size.height)); +- mouse_cursor_ = std::make_unique( +- mouse_frame, DesktopVector(cursor->hotspot.x, cursor->hotspot.y)); + +- if (observer_) { +- observer_->OnCursorShapeChanged(); ++ if (cursor) { ++ if (spa_meta_cursor_is_valid(cursor)) { ++ struct spa_meta_bitmap* bitmap = nullptr; ++ ++ if (cursor->bitmap_offset) ++ bitmap = ++ SPA_MEMBER(cursor, cursor->bitmap_offset, struct spa_meta_bitmap); ++ ++ if (bitmap && bitmap->size.width > 0 && bitmap->size.height > 0) { ++ const uint8_t* bitmap_data = ++ SPA_MEMBER(bitmap, bitmap->offset, uint8_t); ++ BasicDesktopFrame* mouse_frame = new BasicDesktopFrame( ++ DesktopSize(bitmap->size.width, bitmap->size.height)); ++ mouse_frame->CopyPixelsFrom( ++ bitmap_data, bitmap->stride, ++ DesktopRect::MakeWH(bitmap->size.width, bitmap->size.height)); ++ mouse_cursor_ = std::make_unique( ++ mouse_frame, DesktopVector(cursor->hotspot.x, cursor->hotspot.y)); ++ ++ if (observer_) { ++ observer_->OnCursorShapeChanged(); ++ } + } +- } +- mouse_cursor_position_.set(cursor->position.x, cursor->position.y); ++ mouse_cursor_position_.set(cursor->position.x, cursor->position.y); + +- if (observer_) { +- observer_->OnCursorPositionChanged(); ++ if (observer_) { ++ observer_->OnCursorPositionChanged(); ++ } ++ } else { ++ // Indicate an invalid cursor ++ mouse_cursor_position_.set(-1, -1); + } + } + } diff --git a/SOURCES/002-libwebrtc-pipewire-camera-support-additional-formats-and-fix-rgb-bgr-mapping.patch b/SOURCES/002-libwebrtc-pipewire-camera-support-additional-formats-and-fix-rgb-bgr-mapping.patch new file mode 100644 index 0000000..f6a2766 --- /dev/null +++ b/SOURCES/002-libwebrtc-pipewire-camera-support-additional-formats-and-fix-rgb-bgr-mapping.patch @@ -0,0 +1,87 @@ +From fef1904f95dc592deef7044debe71a02c5d7046c Mon Sep 17 00:00:00 2001 +From: Jan Grulich +Date: Sat, 20 Jul 2024 07:04:27 +0000 +Subject: [PATCH] Bug 1907013 - WebRTC backport: PipeWire camera: support + additional formats and fix RGB/BGR mapping r=jib,webrtc-reviewers + +This is a simple backprot of an WebRTC upstream change. + +Upstream commit: b1ebcfbfd6afb57f314b6689ca001aca1b13a5b4 + +Differential Revision: https://phabricator.services.mozilla.com/D216138 +--- + .../modules/video_capture/linux/pipewire_session.cc | 6 ++++++ + .../video_capture/linux/video_capture_pipewire.cc | 12 ++++++++++-- + .../moz-patch-stack/b1ebcfbfd6.no-op-cherry-pick-msg | 1 + + 3 files changed, 17 insertions(+), 2 deletions(-) + create mode 100644 third_party/libwebrtc/moz-patch-stack/b1ebcfbfd6.no-op-cherry-pick-msg + +diff --git a/third_party/libwebrtc/modules/video_capture/linux/pipewire_session.cc b/third_party/libwebrtc/modules/video_capture/linux/pipewire_session.cc +index d52d6aacc8005..107ea3dfbd954 100644 +--- a/third_party/libwebrtc/modules/video_capture/linux/pipewire_session.cc ++++ b/third_party/libwebrtc/modules/video_capture/linux/pipewire_session.cc +@@ -35,12 +35,18 @@ VideoType PipeWireRawFormatToVideoType(uint32_t id) { + return VideoType::kYUY2; + case SPA_VIDEO_FORMAT_UYVY: + return VideoType::kUYVY; ++ case SPA_VIDEO_FORMAT_RGB16: ++ return VideoType::kRGB565; + case SPA_VIDEO_FORMAT_RGB: ++ return VideoType::kBGR24; ++ case SPA_VIDEO_FORMAT_BGR: + return VideoType::kRGB24; + case SPA_VIDEO_FORMAT_BGRA: + return VideoType::kARGB; + case SPA_VIDEO_FORMAT_RGBA: + return VideoType::kABGR; ++ case SPA_VIDEO_FORMAT_ARGB: ++ return VideoType::kBGRA; + default: + return VideoType::kUnknown; + } +diff --git a/third_party/libwebrtc/modules/video_capture/linux/video_capture_pipewire.cc b/third_party/libwebrtc/modules/video_capture/linux/video_capture_pipewire.cc +index 9ff4fdb9b1c98..1672b7583f582 100644 +--- a/third_party/libwebrtc/modules/video_capture/linux/video_capture_pipewire.cc ++++ b/third_party/libwebrtc/modules/video_capture/linux/video_capture_pipewire.cc +@@ -34,10 +34,15 @@ struct { + {SPA_VIDEO_FORMAT_YUY2, VideoType::kYUY2}, + {SPA_VIDEO_FORMAT_UYVY, VideoType::kUYVY}, + // PipeWire is big-endian for the formats, while libyuv is little-endian +- // This means that BGRA == ARGB and RGBA == ABGR ++ // This means that BGRA == ARGB, RGBA == ABGR and similar ++ // This follows mapping in libcamera PipeWire plugin: ++ // https://gitlab.freedesktop.org/pipewire/pipewire/-/blob/master/spa/plugins/libcamera/libcamera-utils.cpp + {SPA_VIDEO_FORMAT_BGRA, VideoType::kARGB}, + {SPA_VIDEO_FORMAT_RGBA, VideoType::kABGR}, +- {SPA_VIDEO_FORMAT_RGB, VideoType::kRGB24}, ++ {SPA_VIDEO_FORMAT_ARGB, VideoType::kBGRA}, ++ {SPA_VIDEO_FORMAT_RGB, VideoType::kBGR24}, ++ {SPA_VIDEO_FORMAT_BGR, VideoType::kRGB24}, ++ {SPA_VIDEO_FORMAT_RGB16, VideoType::kRGB565}, + }; + + VideoType VideoCaptureModulePipeWire::PipeWireRawFormatToVideoType( +@@ -302,13 +307,16 @@ void VideoCaptureModulePipeWire::OnFormatChanged(const struct spa_pod* format) { + break; + case VideoType::kYUY2: + case VideoType::kUYVY: ++ case VideoType::kRGB565: + stride = configured_capability_.width * 2; + break; + case VideoType::kRGB24: ++ case VideoType::kBGR24: + stride = configured_capability_.width * 3; + break; + case VideoType::kARGB: + case VideoType::kABGR: ++ case VideoType::kBGRA: + stride = configured_capability_.width * 4; + break; + default: +diff --git a/third_party/libwebrtc/moz-patch-stack/b1ebcfbfd6.no-op-cherry-pick-msg b/third_party/libwebrtc/moz-patch-stack/b1ebcfbfd6.no-op-cherry-pick-msg +new file mode 100644 +index 0000000000000..e795b816b1382 +--- /dev/null ++++ b/third_party/libwebrtc/moz-patch-stack/b1ebcfbfd6.no-op-cherry-pick-msg +@@ -0,0 +1 @@ ++We cherry-picked this in bug 1907013. diff --git a/SOURCES/003-libwebrtc-pipewire-camera-filter-out-devices-without-capabilities.patch b/SOURCES/003-libwebrtc-pipewire-camera-filter-out-devices-without-capabilities.patch new file mode 100644 index 0000000..1f40f4f --- /dev/null +++ b/SOURCES/003-libwebrtc-pipewire-camera-filter-out-devices-without-capabilities.patch @@ -0,0 +1,231 @@ +From 286575b387cff9b3ec318d3cf90cf20d2f3c2ce4 Mon Sep 17 00:00:00 2001 +From: Jan Grulich +Date: Mon, 2 Sep 2024 11:07:20 +0000 +Subject: [PATCH] Bug 1913286 - WebRTC backport: PipeWire camera: filter out + devices with no capabilities r=pehrsons,webrtc-reviewers + +Filter out devices that do not support any format supported by WebRTC. +This will for example be IR cameras that show as duplicated in the list +of cameras, but support only GRAY8 format and for that reason do not +work at all. + +This is a simple backport of an WebRTC upstream change. + +Upstream commit: b4aba7834e6c94adace1cb4c20e2e1ee70eb9cc5 + +Differential Revision: https://phabricator.services.mozilla.com/D219224 +--- + .../linux/device_info_pipewire.cc | 20 ++++----- + .../video_capture/linux/pipewire_session.cc | 43 +++++++++++++------ + .../video_capture/linux/pipewire_session.h | 21 ++++++--- + .../b4aba7834e.no-op-cherry-pick-msg | 1 + + 4 files changed, 58 insertions(+), 27 deletions(-) + create mode 100644 third_party/libwebrtc/moz-patch-stack/b4aba7834e.no-op-cherry-pick-msg + +diff --git a/third_party/libwebrtc/modules/video_capture/linux/device_info_pipewire.cc b/third_party/libwebrtc/modules/video_capture/linux/device_info_pipewire.cc +index 31d922035b3f8..db2a3c7099169 100644 +--- a/third_party/libwebrtc/modules/video_capture/linux/device_info_pipewire.cc ++++ b/third_party/libwebrtc/modules/video_capture/linux/device_info_pipewire.cc +@@ -57,31 +57,31 @@ int32_t DeviceInfoPipeWire::GetDeviceName(uint32_t deviceNumber, + if (deviceNumber >= NumberOfDevices()) + return -1; + +- const PipeWireNode& node = pipewire_session_->nodes().at(deviceNumber); ++ const auto& node = pipewire_session_->nodes().at(deviceNumber); + +- if (deviceNameLength <= node.display_name().length()) { ++ if (deviceNameLength <= node->display_name().length()) { + RTC_LOG(LS_INFO) << "deviceNameUTF8 buffer passed is too small"; + return -1; + } +- if (deviceUniqueIdUTF8Length <= node.unique_id().length()) { ++ if (deviceUniqueIdUTF8Length <= node->unique_id().length()) { + RTC_LOG(LS_INFO) << "deviceUniqueIdUTF8 buffer passed is too small"; + return -1; + } + if (productUniqueIdUTF8 && +- productUniqueIdUTF8Length <= node.model_id().length()) { ++ productUniqueIdUTF8Length <= node->model_id().length()) { + RTC_LOG(LS_INFO) << "productUniqueIdUTF8 buffer passed is too small"; + return -1; + } + + memset(deviceNameUTF8, 0, deviceNameLength); +- node.display_name().copy(deviceNameUTF8, deviceNameLength); ++ node->display_name().copy(deviceNameUTF8, deviceNameLength); + + memset(deviceUniqueIdUTF8, 0, deviceUniqueIdUTF8Length); +- node.unique_id().copy(deviceUniqueIdUTF8, deviceUniqueIdUTF8Length); ++ node->unique_id().copy(deviceUniqueIdUTF8, deviceUniqueIdUTF8Length); + + if (productUniqueIdUTF8) { + memset(productUniqueIdUTF8, 0, productUniqueIdUTF8Length); +- node.model_id().copy(productUniqueIdUTF8, productUniqueIdUTF8Length); ++ node->model_id().copy(productUniqueIdUTF8, productUniqueIdUTF8Length); + } + + return 0; +@@ -92,11 +92,11 @@ int32_t DeviceInfoPipeWire::CreateCapabilityMap( + RTC_CHECK(pipewire_session_); + + for (auto& node : pipewire_session_->nodes()) { +- if (node.unique_id().compare(deviceUniqueIdUTF8) != 0) ++ if (node->unique_id().compare(deviceUniqueIdUTF8) != 0) + continue; + +- _captureCapabilities = node.capabilities(); +- _lastUsedDeviceNameLength = node.unique_id().length(); ++ _captureCapabilities = node->capabilities(); ++ _lastUsedDeviceNameLength = node->unique_id().length(); + _lastUsedDeviceName = static_cast( + realloc(_lastUsedDeviceName, _lastUsedDeviceNameLength + 1)); + memcpy(_lastUsedDeviceName, deviceUniqueIdUTF8, +diff --git a/third_party/libwebrtc/modules/video_capture/linux/pipewire_session.cc b/third_party/libwebrtc/modules/video_capture/linux/pipewire_session.cc +index 107ea3dfbd954..dbac09274bb31 100644 +--- a/third_party/libwebrtc/modules/video_capture/linux/pipewire_session.cc ++++ b/third_party/libwebrtc/modules/video_capture/linux/pipewire_session.cc +@@ -52,6 +52,19 @@ VideoType PipeWireRawFormatToVideoType(uint32_t id) { + } + } + ++void PipeWireNode::PipeWireNodeDeleter::operator()( ++ PipeWireNode* node) const noexcept { ++ pw_proxy_destroy(node->proxy_); ++ spa_hook_remove(&node->node_listener_); ++} ++ ++// static ++PipeWireNode::PipeWireNodePtr PipeWireNode::Create(PipeWireSession* session, ++ uint32_t id, ++ const spa_dict* props) { ++ return PipeWireNodePtr(new PipeWireNode(session, id, props)); ++} ++ + PipeWireNode::PipeWireNode(PipeWireSession* session, + uint32_t id, + const spa_dict* props) +@@ -73,11 +86,6 @@ PipeWireNode::PipeWireNode(PipeWireSession* session, + pw_node_add_listener(proxy_, &node_listener_, &node_events, this); + } + +-PipeWireNode::~PipeWireNode() { +- pw_proxy_destroy(proxy_); +- spa_hook_remove(&node_listener_); +-} +- + // static + void PipeWireNode::OnNodeInfo(void* data, const pw_node_info* info) { + PipeWireNode* that = static_cast(data); +@@ -99,7 +107,9 @@ void PipeWireNode::OnNodeInfo(void* data, const pw_node_info* info) { + pid.value()); + that->model_id_ = model_str; + } +- } else if (info->change_mask & PW_NODE_CHANGE_MASK_PARAMS) { ++ } ++ ++ if (info->change_mask & PW_NODE_CHANGE_MASK_PARAMS) { + for (uint32_t i = 0; i < info->n_params; i++) { + uint32_t id = info->params[i].id; + if (id == SPA_PARAM_EnumFormat && +@@ -350,6 +360,14 @@ void PipeWireSession::OnCoreDone(void* data, uint32_t id, int seq) { + if (id == PW_ID_CORE) { + if (seq == that->sync_seq_) { + RTC_LOG(LS_VERBOSE) << "Enumerating PipeWire camera devices complete."; ++ ++ // Remove camera devices with no capabilities ++ auto it = std::remove_if(that->nodes_.begin(), that->nodes_.end(), ++ [](const PipeWireNode::PipeWireNodePtr& node) { ++ return node->capabilities().empty(); ++ }); ++ that->nodes_.erase(it, that->nodes_.end()); ++ + that->Finish(VideoCaptureOptions::Status::SUCCESS); + } + } +@@ -366,8 +384,8 @@ void PipeWireSession::OnRegistryGlobal(void* data, + + // Skip already added nodes to avoid duplicate camera entries + if (std::find_if(that->nodes_.begin(), that->nodes_.end(), +- [id](const PipeWireNode& node) { +- return node.id() == id; ++ [id](const PipeWireNode::PipeWireNodePtr& node) { ++ return node->id() == id; + }) != that->nodes_.end()) + return; + +@@ -381,7 +399,7 @@ void PipeWireSession::OnRegistryGlobal(void* data, + if (!node_role || strcmp(node_role, "Camera")) + return; + +- that->nodes_.emplace_back(that, id, props); ++ that->nodes_.push_back(PipeWireNode::Create(that, id, props)); + that->PipeWireSync(); + } + +@@ -389,9 +407,10 @@ void PipeWireSession::OnRegistryGlobal(void* data, + void PipeWireSession::OnRegistryGlobalRemove(void* data, uint32_t id) { + PipeWireSession* that = static_cast(data); + +- auto it = std::remove_if( +- that->nodes_.begin(), that->nodes_.end(), +- [id](const PipeWireNode& node) { return node.id() == id; }); ++ auto it = std::remove_if(that->nodes_.begin(), that->nodes_.end(), ++ [id](const PipeWireNode::PipeWireNodePtr& node) { ++ return node->id() == id; ++ }); + that->nodes_.erase(it, that->nodes_.end()); + } + +diff --git a/third_party/libwebrtc/modules/video_capture/linux/pipewire_session.h b/third_party/libwebrtc/modules/video_capture/linux/pipewire_session.h +index fdc06a6b2a27a..84273ea695277 100644 +--- a/third_party/libwebrtc/modules/video_capture/linux/pipewire_session.h ++++ b/third_party/libwebrtc/modules/video_capture/linux/pipewire_session.h +@@ -37,8 +37,15 @@ class VideoCaptureModulePipeWire; + // So they all represent one camera that is available via PipeWire. + class PipeWireNode { + public: +- PipeWireNode(PipeWireSession* session, uint32_t id, const spa_dict* props); +- ~PipeWireNode(); ++ struct PipeWireNodeDeleter { ++ void operator()(PipeWireNode* node) const noexcept; ++ }; ++ ++ using PipeWireNodePtr = ++ std::unique_ptr; ++ static PipeWireNodePtr Create(PipeWireSession* session, ++ uint32_t id, ++ const spa_dict* props); + + uint32_t id() const { return id_; } + std::string display_name() const { return display_name_; } +@@ -48,6 +55,9 @@ class PipeWireNode { + return capabilities_; + } + ++ protected: ++ PipeWireNode(PipeWireSession* session, uint32_t id, const spa_dict* props); ++ + private: + static void OnNodeInfo(void* data, const pw_node_info* info); + static void OnNodeParam(void* data, +@@ -87,8 +97,9 @@ class PipeWireSession : public rtc::RefCountedNonVirtual { + + void Init(VideoCaptureOptions::Callback* callback, + int fd = kInvalidPipeWireFd); +- +- const std::deque& nodes() const { return nodes_; } ++ const std::deque& nodes() const { ++ return nodes_; ++ } + + friend class CameraPortalNotifier; + friend class PipeWireNode; +@@ -134,7 +145,7 @@ class PipeWireSession : public rtc::RefCountedNonVirtual { + + int sync_seq_ = 0; + +- std::deque nodes_; ++ std::deque nodes_; + std::unique_ptr portal_; + std::unique_ptr portal_notifier_; + }; diff --git a/SOURCES/004-firefox-always-query-information-about-camera-availability.patch b/SOURCES/004-firefox-always-query-information-about-camera-availability.patch new file mode 100644 index 0000000..e0b0ecd --- /dev/null +++ b/SOURCES/004-firefox-always-query-information-about-camera-availability.patch @@ -0,0 +1,52 @@ +From b10c1d09729794c46f9c04d04c07c18d514d396e Mon Sep 17 00:00:00 2001 +From: Jan Grulich +Date: Wed, 4 Sep 2024 13:43:29 +0000 +Subject: [PATCH] Bug 1912785 - Always query information about camera + availability r=pehrsons + +We have to always update camera availability information, even when we +don't request cameras, because the WebRTC backend automatically creates +camera video engine and not having this information we might hitting an +assert later, where we assume the status of camera availability is not +unknown. + +Differential Revision: https://phabricator.services.mozilla.com/D219062 +--- + dom/media/MediaManager.cpp | 17 ++++++++++++----- + 1 file changed, 12 insertions(+), 5 deletions(-) + +diff --git a/dom/media/MediaManager.cpp b/dom/media/MediaManager.cpp +index 2ade297d31e84..3cc716e6836ac 100644 +--- a/dom/media/MediaManager.cpp ++++ b/dom/media/MediaManager.cpp +@@ -2153,9 +2153,15 @@ MediaManager::MaybeRequestPermissionAndEnumerateRawDevices( + } + + if (!deviceAccessPromise) { +- // No device access request needed. Proceed directly. +- deviceAccessPromise = +- NativePromise::CreateAndResolve(CamerasAccessStatus::Granted, __func__); ++ // No device access request needed. We can proceed directly, but we still ++ // need to update camera availability, because the camera engine is always ++ // created together with the WebRTC backend, which is done because ++ // devicechange events must work before prompting in cases where persistent ++ // permission has already been given. Making a request to camera access not ++ // allowing a permission request does exactly what we need in this case. ++ ipc::PBackgroundChild* backgroundChild = ++ ipc::BackgroundChild::GetOrCreateForCurrentThread(); ++ deviceAccessPromise = backgroundChild->SendRequestCameraAccess(false); + } + + return deviceAccessPromise->Then( +@@ -2190,8 +2196,9 @@ MediaManager::MaybeRequestPermissionAndEnumerateRawDevices( + "rejected"); + } + +- if (aParams.mFlags.contains(EnumerationFlag::AllowPermissionRequest)) { +- MOZ_ASSERT(aValue.ResolveValue() == CamerasAccessStatus::Granted); ++ if (aParams.VideoInputType() == MediaSourceEnum::Camera && ++ aParams.mFlags.contains(EnumerationFlag::AllowPermissionRequest) && ++ aValue.ResolveValue() == CamerasAccessStatus::Granted) { + EnsureNoPlaceholdersInDeviceCache(); + } + diff --git a/SOURCES/005-firefox-always-register-video-input-feedback-for-newly-created-deviceinfo.patch b/SOURCES/005-firefox-always-register-video-input-feedback-for-newly-created-deviceinfo.patch new file mode 100644 index 0000000..836342e --- /dev/null +++ b/SOURCES/005-firefox-always-register-video-input-feedback-for-newly-created-deviceinfo.patch @@ -0,0 +1,293 @@ +From df57b21200c7cde7ac34705e8fceab2fbe933bc5 Mon Sep 17 00:00:00 2001 +From: Jan Grulich +Date: Tue, 3 Sep 2024 07:56:39 +0000 +Subject: [PATCH] Bug 1912778 - Always register video input feedback for newly + created DeviceInfo r=pehrsons + +Make sure to always register video input feedback when a new DeviceInfo +is created. We always destroy DeviceInfo once request to camera access +is resolved, making it to be created again, but this time skipping the +part where video input feedback is registered as we use already existing +VideoEngine. There is now just one place where DeviceInfo gets created +and the logic for video input feedback registration has been moved to +VideoEngine as it's the only place where we know when new DeviceInfo is +created. + +Differential Revision: https://phabricator.services.mozilla.com/D219060 +--- + dom/media/systemservices/CamerasParent.cpp | 164 ++++++++++----------- + dom/media/systemservices/CamerasParent.h | 5 + + dom/media/systemservices/VideoEngine.cpp | 7 +- + dom/media/systemservices/VideoEngine.h | 2 +- + 4 files changed, 91 insertions(+), 87 deletions(-) + +diff --git a/dom/media/systemservices/CamerasParent.cpp b/dom/media/systemservices/CamerasParent.cpp +index 048d07b7fa..d6fe5986da 100644 +--- a/dom/media/systemservices/CamerasParent.cpp ++++ b/dom/media/systemservices/CamerasParent.cpp +@@ -405,15 +405,25 @@ void CamerasParent::CloseEngines() { + Unused << ReleaseCapture(capEngine, streamNum); + } + +- if (VideoEngine* engine = mEngines->ElementAt(CameraEngine); engine) { +- auto device_info = engine->GetOrCreateVideoCaptureDeviceInfo(); +- MOZ_ASSERT(device_info); +- if (device_info) { +- device_info->DeRegisterVideoInputFeedBack(this); +- } ++ auto device_info = GetDeviceInfo(CameraEngine); ++ MOZ_ASSERT(device_info); ++ if (device_info) { ++ device_info->DeRegisterVideoInputFeedBack(this); + } + } + ++std::shared_ptr ++CamerasParent::GetDeviceInfo(int aEngine) { ++ MOZ_ASSERT(mVideoCaptureThread->IsOnCurrentThread()); ++ LOG_VERBOSE("CamerasParent(%p)::%s", this, __func__); ++ ++ auto* engine = EnsureInitialized(aEngine); ++ if (!engine) { ++ return nullptr; ++ } ++ return engine->GetOrCreateVideoCaptureDeviceInfo(this); ++} ++ + VideoEngine* CamerasParent::EnsureInitialized(int aEngine) { + MOZ_ASSERT(mVideoCaptureThread->IsOnCurrentThread()); + LOG_VERBOSE("CamerasParent(%p)::%s", this, __func__); +@@ -449,14 +459,6 @@ VideoEngine* CamerasParent::EnsureInitialized(int aEngine) { + return nullptr; + } + +- if (capEngine == CameraEngine) { +- auto device_info = engine->GetOrCreateVideoCaptureDeviceInfo(); +- MOZ_ASSERT(device_info); +- if (device_info) { +- device_info->RegisterVideoInputFeedBack(this); +- } +- } +- + return mEngines->ElementAt(capEngine) = std::move(engine); + } + +@@ -474,19 +476,16 @@ ipc::IPCResult CamerasParent::RecvNumberOfCaptureDevices( + LOG("CaptureEngine=%d", aCapEngine); + + using Promise = MozPromise; +- InvokeAsync( +- mVideoCaptureThread, __func__, +- [this, self = RefPtr(this), aCapEngine] { +- int num = -1; +- if (auto* engine = EnsureInitialized(aCapEngine)) { +- if (auto devInfo = engine->GetOrCreateVideoCaptureDeviceInfo()) { +- num = static_cast(devInfo->NumberOfDevices()); +- } +- } ++ InvokeAsync(mVideoCaptureThread, __func__, ++ [this, self = RefPtr(this), aCapEngine] { ++ int num = -1; ++ if (auto devInfo = GetDeviceInfo(aCapEngine)) { ++ num = static_cast(devInfo->NumberOfDevices()); ++ } + +- return Promise::CreateAndResolve( +- num, "CamerasParent::RecvNumberOfCaptureDevices"); +- }) ++ return Promise::CreateAndResolve( ++ num, "CamerasParent::RecvNumberOfCaptureDevices"); ++ }) + ->Then( + mPBackgroundEventTarget, __func__, + [this, self = RefPtr(this)](Promise::ResolveOrRejectValue&& aValue) { +@@ -558,10 +557,8 @@ ipc::IPCResult CamerasParent::RecvNumberOfCapabilities( + mVideoCaptureThread, __func__, + [this, self = RefPtr(this), id = nsCString(aUniqueId), aCapEngine]() { + int num = -1; +- if (auto* engine = EnsureInitialized(aCapEngine)) { +- if (auto devInfo = engine->GetOrCreateVideoCaptureDeviceInfo()) { +- num = devInfo->NumberOfCapabilities(id.get()); +- } ++ if (auto devInfo = GetDeviceInfo(aCapEngine)) { ++ num = devInfo->NumberOfCapabilities(id.get()); + } + return Promise::CreateAndResolve( + num, "CamerasParent::RecvNumberOfCapabilities"); +@@ -599,36 +596,34 @@ ipc::IPCResult CamerasParent::RecvGetCaptureCapability( + aIndex); + + using Promise = MozPromise; +- InvokeAsync( +- mVideoCaptureThread, __func__, +- [this, self = RefPtr(this), id = nsCString(aUniqueId), aCapEngine, +- aIndex] { +- webrtc::VideoCaptureCapability webrtcCaps; +- int error = -1; +- if (auto* engine = EnsureInitialized(aCapEngine)) { +- if (auto devInfo = engine->GetOrCreateVideoCaptureDeviceInfo()) { +- error = devInfo->GetCapability(id.get(), aIndex, webrtcCaps); +- } +- } ++ InvokeAsync(mVideoCaptureThread, __func__, ++ [this, self = RefPtr(this), id = nsCString(aUniqueId), aCapEngine, ++ aIndex] { ++ webrtc::VideoCaptureCapability webrtcCaps; ++ int error = -1; ++ if (auto devInfo = GetDeviceInfo(aCapEngine)) { ++ error = devInfo->GetCapability(id.get(), aIndex, webrtcCaps); ++ } + +- if (!error && aCapEngine == CameraEngine) { +- auto iter = mAllCandidateCapabilities.find(id); +- if (iter == mAllCandidateCapabilities.end()) { +- std::map +- candidateCapabilities; +- candidateCapabilities.emplace(aIndex, webrtcCaps); +- mAllCandidateCapabilities.emplace(id, candidateCapabilities); +- } else { +- (iter->second).emplace(aIndex, webrtcCaps); +- } +- } +- if (error) { +- return Promise::CreateAndReject( +- error, "CamerasParent::RecvGetCaptureCapability"); +- } +- return Promise::CreateAndResolve( +- webrtcCaps, "CamerasParent::RecvGetCaptureCapability"); +- }) ++ if (!error && aCapEngine == CameraEngine) { ++ auto iter = mAllCandidateCapabilities.find(id); ++ if (iter == mAllCandidateCapabilities.end()) { ++ std::map ++ candidateCapabilities; ++ candidateCapabilities.emplace(aIndex, webrtcCaps); ++ mAllCandidateCapabilities.emplace(id, ++ candidateCapabilities); ++ } else { ++ (iter->second).emplace(aIndex, webrtcCaps); ++ } ++ } ++ if (error) { ++ return Promise::CreateAndReject( ++ error, "CamerasParent::RecvGetCaptureCapability"); ++ } ++ return Promise::CreateAndResolve( ++ webrtcCaps, "CamerasParent::RecvGetCaptureCapability"); ++ }) + ->Then( + mPBackgroundEventTarget, __func__, + [this, self = RefPtr(this)](Promise::ResolveOrRejectValue&& aValue) { +@@ -664,33 +659,32 @@ ipc::IPCResult CamerasParent::RecvGetCaptureDevice( + + using Data = std::tuple; + using Promise = MozPromise; +- InvokeAsync( +- mVideoCaptureThread, __func__, +- [this, self = RefPtr(this), aCapEngine, aDeviceIndex] { +- char deviceName[MediaEngineSource::kMaxDeviceNameLength]; +- char deviceUniqueId[MediaEngineSource::kMaxUniqueIdLength]; +- nsCString name; +- nsCString uniqueId; +- pid_t devicePid = 0; +- bool placeholder = false; +- int error = -1; +- if (auto* engine = EnsureInitialized(aCapEngine)) { +- if (auto devInfo = engine->GetOrCreateVideoCaptureDeviceInfo()) { +- error = devInfo->GetDeviceName( +- aDeviceIndex, deviceName, sizeof(deviceName), deviceUniqueId, +- sizeof(deviceUniqueId), nullptr, 0, &devicePid, &placeholder); +- } +- } +- if (error == 0) { +- name.Assign(deviceName); +- uniqueId.Assign(deviceUniqueId); +- } ++ InvokeAsync(mVideoCaptureThread, __func__, ++ [this, self = RefPtr(this), aCapEngine, aDeviceIndex] { ++ char deviceName[MediaEngineSource::kMaxDeviceNameLength]; ++ char deviceUniqueId[MediaEngineSource::kMaxUniqueIdLength]; ++ nsCString name; ++ nsCString uniqueId; ++ pid_t devicePid = 0; ++ bool placeholder = false; ++ int error = -1; ++ if (auto devInfo = GetDeviceInfo(aCapEngine)) { ++ error = devInfo->GetDeviceName( ++ aDeviceIndex, deviceName, sizeof(deviceName), ++ deviceUniqueId, sizeof(deviceUniqueId), nullptr, 0, ++ &devicePid, &placeholder); ++ } + +- return Promise::CreateAndResolve( +- std::make_tuple(std::move(name), std::move(uniqueId), devicePid, +- placeholder, error), +- "CamerasParent::RecvGetCaptureDevice"); +- }) ++ if (error == 0) { ++ name.Assign(deviceName); ++ uniqueId.Assign(deviceUniqueId); ++ } ++ ++ return Promise::CreateAndResolve( ++ std::make_tuple(std::move(name), std::move(uniqueId), ++ devicePid, placeholder, error), ++ "CamerasParent::RecvGetCaptureDevice"); ++ }) + ->Then( + mPBackgroundEventTarget, __func__, + [this, self = RefPtr(this)](Promise::ResolveOrRejectValue&& aValue) { +diff --git a/dom/media/systemservices/CamerasParent.h b/dom/media/systemservices/CamerasParent.h +index 9d6a6f2f35..11a5229629 100644 +--- a/dom/media/systemservices/CamerasParent.h ++++ b/dom/media/systemservices/CamerasParent.h +@@ -144,6 +144,11 @@ class CamerasParent final : public PCamerasParent, + // VideoInputFeedBack + void OnDeviceChange() override; + ++ // Creates a new DeviceInfo or returns an existing DeviceInfo for given ++ // capture engine. Returns a nullptr in case capture engine failed to be ++ // initialized. Video capture thread only. ++ std::shared_ptr GetDeviceInfo( ++ int aEngine); + VideoEngine* EnsureInitialized(int aEngine); + + // Stops any ongoing capturing and releases resources. Called on +diff --git a/dom/media/systemservices/VideoEngine.cpp b/dom/media/systemservices/VideoEngine.cpp +index d03149e3ac..ec4657d755 100644 +--- a/dom/media/systemservices/VideoEngine.cpp ++++ b/dom/media/systemservices/VideoEngine.cpp +@@ -112,7 +112,8 @@ int VideoEngine::ReleaseVideoCapture(const int32_t aId) { + } + + std::shared_ptr +-VideoEngine::GetOrCreateVideoCaptureDeviceInfo() { ++VideoEngine::GetOrCreateVideoCaptureDeviceInfo( ++ webrtc::VideoInputFeedBack* callBack) { + LOG(("%s", __PRETTY_FUNCTION__)); + webrtc::Timestamp currentTime = webrtc::Timestamp::Micros(0); + +@@ -157,6 +158,10 @@ VideoEngine::GetOrCreateVideoCaptureDeviceInfo() { + mDeviceInfo = + mVideoCaptureFactory->CreateDeviceInfo(mId, mCaptureDevInfo.type); + ++ if (mDeviceInfo && mCaptureDevInfo.type == CaptureDeviceType::Camera) { ++ mDeviceInfo->RegisterVideoInputFeedBack(callBack); ++ } ++ + LOG(("EXIT %s", __PRETTY_FUNCTION__)); + return mDeviceInfo; + } +diff --git a/dom/media/systemservices/VideoEngine.h b/dom/media/systemservices/VideoEngine.h +index 588be92c27..289a1ab181 100644 +--- a/dom/media/systemservices/VideoEngine.h ++++ b/dom/media/systemservices/VideoEngine.h +@@ -88,7 +88,7 @@ class VideoEngine { + * @see bug 1305212 https://bugzilla.mozilla.org/show_bug.cgi?id=1305212 + */ + std::shared_ptr +- GetOrCreateVideoCaptureDeviceInfo(); ++ GetOrCreateVideoCaptureDeviceInfo(webrtc::VideoInputFeedBack* callBack); + + /** + * Destroys existing DeviceInfo. diff --git a/SOURCES/006-libwebrtc-pipewire-camera-make-member-variable-with-pipewire-status-updated.patch b/SOURCES/006-libwebrtc-pipewire-camera-make-member-variable-with-pipewire-status-updated.patch new file mode 100644 index 0000000..e4e2b84 --- /dev/null +++ b/SOURCES/006-libwebrtc-pipewire-camera-make-member-variable-with-pipewire-status-updated.patch @@ -0,0 +1,36 @@ +From 7dd135852be020d5755af42fa45470df259ba945 Mon Sep 17 00:00:00 2001 +From: Jan Grulich +Date: Wed, 4 Sep 2024 13:43:40 +0000 +Subject: [PATCH] Bug 1830275 - WebRTC backport: PipeWire camera: make member + variable with the PipeWire status updated r=pehrsons,webrtc-reviewers + +We keep information about the PipeWire camera status as a member of the +PipeWire session, but it's never updated and remains in uninitialized +state. Make sure it gets updated once PipeWire is initialized or when it +fails. There is currently no use for this member variable, but there is +a plan to use it so I'm rather keeping it instead of removing it. + +This is a simple backport of an WebRTC upstream change. + +Upstream commit: 3881cb65cfcec90b6f0a56ce7223a471aa0115f2 + +Differential Revision: https://phabricator.services.mozilla.com/D220895 +--- + .../libwebrtc/modules/video_capture/linux/pipewire_session.cc | 2 ++ + .../libwebrtc/moz-patch-stack/3881cb65cf.no-op-cherry-pick-msg | 1 + + 2 files changed, 3 insertions(+) + create mode 100644 third_party/libwebrtc/moz-patch-stack/3881cb65cf.no-op-cherry-pick-msg + +diff --git a/third_party/libwebrtc/modules/video_capture/linux/pipewire_session.cc b/third_party/libwebrtc/modules/video_capture/linux/pipewire_session.cc +index dbac09274bb31..ac12d0437290e 100644 +--- a/third_party/libwebrtc/modules/video_capture/linux/pipewire_session.cc ++++ b/third_party/libwebrtc/modules/video_capture/linux/pipewire_session.cc +@@ -415,6 +415,8 @@ void PipeWireSession::OnRegistryGlobalRemove(void* data, uint32_t id) { + } + + void PipeWireSession::Finish(VideoCaptureOptions::Status status) { ++ status_ = status; ++ + webrtc::MutexLock lock(&callback_lock_); + + if (callback_) { diff --git a/SOURCES/007-firefox-add-missing-support-for-device-change-notifications.patch b/SOURCES/007-firefox-add-missing-support-for-device-change-notifications.patch new file mode 100644 index 0000000..651068b --- /dev/null +++ b/SOURCES/007-firefox-add-missing-support-for-device-change-notifications.patch @@ -0,0 +1,190 @@ +From a4eb4517f2bdeb6591c05a09109b4b543b83fef1 Mon Sep 17 00:00:00 2001 +From: Jan Grulich +Date: Thu, 5 Sep 2024 16:04:48 +0000 +Subject: [PATCH] Bug 1830275 - Add missing support for device change + notifications r=pehrsons,webrtc-reviewers + +Registers each DeviceInfoPipeWire in PipeWireSession we use and calls +DeviceChange() for each once there is a new camera added or removed to +invoke OnDeviceChange() for every registered VideoInputFeedback. + +Differential Revision: https://phabricator.services.mozilla.com/D219218 +--- + .../linux/device_info_pipewire.cc | 10 +++- + .../video_capture/linux/pipewire_session.cc | 47 ++++++++++++++++++- + .../video_capture/linux/pipewire_session.h | 26 +++++++++- + 3 files changed, 79 insertions(+), 4 deletions(-) + +diff --git a/third_party/libwebrtc/modules/video_capture/linux/device_info_pipewire.cc b/third_party/libwebrtc/modules/video_capture/linux/device_info_pipewire.cc +index db2a3c7099..a0607b4aba 100644 +--- a/third_party/libwebrtc/modules/video_capture/linux/device_info_pipewire.cc ++++ b/third_party/libwebrtc/modules/video_capture/linux/device_info_pipewire.cc +@@ -29,13 +29,19 @@ + namespace webrtc { + namespace videocapturemodule { + DeviceInfoPipeWire::DeviceInfoPipeWire(VideoCaptureOptions* options) +- : DeviceInfoImpl(), pipewire_session_(options->pipewire_session()) {} ++ : DeviceInfoImpl(), pipewire_session_(options->pipewire_session()) { ++ const bool ret = pipewire_session_->RegisterDeviceInfo(this); ++ RTC_CHECK(ret); ++} + + int32_t DeviceInfoPipeWire::Init() { + return 0; + } + +-DeviceInfoPipeWire::~DeviceInfoPipeWire() = default; ++DeviceInfoPipeWire::~DeviceInfoPipeWire() { ++ const bool ret = pipewire_session_->DeRegisterDeviceInfo(this); ++ RTC_CHECK(ret); ++} + + uint32_t DeviceInfoPipeWire::NumberOfDevices() { + RTC_CHECK(pipewire_session_); +diff --git a/third_party/libwebrtc/modules/video_capture/linux/pipewire_session.cc b/third_party/libwebrtc/modules/video_capture/linux/pipewire_session.cc +index ac12d04372..0b78c16df2 100644 +--- a/third_party/libwebrtc/modules/video_capture/linux/pipewire_session.cc ++++ b/third_party/libwebrtc/modules/video_capture/linux/pipewire_session.cc +@@ -9,6 +9,7 @@ + */ + + #include "modules/video_capture/linux/pipewire_session.h" ++#include "modules/video_capture/linux/device_info_pipewire.h" + + #include + #include +@@ -274,6 +275,28 @@ void PipeWireSession::InitPipeWire(int fd) { + Finish(VideoCaptureOptions::Status::ERROR); + } + ++bool PipeWireSession::RegisterDeviceInfo(DeviceInfoPipeWire* device_info) { ++ RTC_CHECK(device_info); ++ MutexLock lock(&device_info_lock_); ++ auto it = std::find(device_info_list_.begin(), device_info_list_.end(), device_info); ++ if (it == device_info_list_.end()) { ++ device_info_list_.push_back(device_info); ++ return true; ++ } ++ return false; ++} ++ ++bool PipeWireSession::DeRegisterDeviceInfo(DeviceInfoPipeWire* device_info) { ++ RTC_CHECK(device_info); ++ MutexLock lock(&device_info_lock_); ++ auto it = std::find(device_info_list_.begin(), device_info_list_.end(), device_info); ++ if (it != device_info_list_.end()) { ++ device_info_list_.erase(it); ++ return true; ++ } ++ return false; ++} ++ + bool PipeWireSession::StartPipeWire(int fd) { + pw_init(/*argc=*/nullptr, /*argv=*/nullptr); + +@@ -344,6 +367,21 @@ void PipeWireSession::PipeWireSync() { + sync_seq_ = pw_core_sync(pw_core_, PW_ID_CORE, sync_seq_); + } + ++void PipeWireSession::NotifyDeviceChange() { ++ RTC_LOG(LS_INFO) << "Notify about device list changes"; ++ MutexLock lock(&device_info_lock_); ++ ++ // It makes sense to notify about device changes only once we are ++ // properly initialized. ++ if (status_ != VideoCaptureOptions::Status::SUCCESS) { ++ return; ++ } ++ ++ for (auto* deviceInfo : device_info_list_) { ++ deviceInfo->DeviceChange(); ++ } ++} ++ + // static + void PipeWireSession::OnCoreError(void* data, + uint32_t id, +@@ -401,6 +439,8 @@ void PipeWireSession::OnRegistryGlobal(void* data, + + that->nodes_.push_back(PipeWireNode::Create(that, id, props)); + that->PipeWireSync(); ++ ++ that->NotifyDeviceChange(); + } + + // static +@@ -412,10 +452,15 @@ void PipeWireSession::OnRegistryGlobalRemove(void* data, uint32_t id) { + return node->id() == id; + }); + that->nodes_.erase(it, that->nodes_.end()); ++ ++ that->NotifyDeviceChange(); + } + + void PipeWireSession::Finish(VideoCaptureOptions::Status status) { +- status_ = status; ++ { ++ MutexLock lock(&device_info_lock_); ++ status_ = status; ++ } + + webrtc::MutexLock lock(&callback_lock_); + +diff --git a/third_party/libwebrtc/modules/video_capture/linux/pipewire_session.h b/third_party/libwebrtc/modules/video_capture/linux/pipewire_session.h +index 84273ea695..1f3a00614f 100644 +--- a/third_party/libwebrtc/modules/video_capture/linux/pipewire_session.h ++++ b/third_party/libwebrtc/modules/video_capture/linux/pipewire_session.h +@@ -29,6 +29,7 @@ + namespace webrtc { + namespace videocapturemodule { + ++class DeviceInfoPipeWire; + class PipeWireSession; + class VideoCaptureModulePipeWire; + +@@ -97,6 +98,21 @@ class PipeWireSession : public rtc::RefCountedNonVirtual { + + void Init(VideoCaptureOptions::Callback* callback, + int fd = kInvalidPipeWireFd); ++ ++ // [De]Register DeviceInfo for device change updates ++ // These methods will add or remove references to DeviceInfo ++ // objects that we want to notify about device changes. ++ // NOTE: We do not take ownership of these objects and ++ // they should never be released by us. All the instances ++ // of DeviceInfoPipeWire must outlive their registration. ++ ++ // Returns true when DeviceInfo was successfuly registered ++ // or false otherwise, when it was already registered before. ++ bool RegisterDeviceInfo(DeviceInfoPipeWire* device_info); ++ // Returns true when DeviceInfo was successfuly unregistered ++ // or false otherwise, when it was not previously registered. ++ bool DeRegisterDeviceInfo(DeviceInfoPipeWire* device_info); ++ + const std::deque& nodes() const { + return nodes_; + } +@@ -111,6 +127,8 @@ class PipeWireSession : public rtc::RefCountedNonVirtual { + void StopPipeWire(); + void PipeWireSync(); + ++ void NotifyDeviceChange(); ++ + static void OnCoreError(void* data, + uint32_t id, + int seq, +@@ -133,7 +151,13 @@ class PipeWireSession : public rtc::RefCountedNonVirtual { + VideoCaptureOptions::Callback* callback_ RTC_GUARDED_BY(&callback_lock_) = + nullptr; + +- VideoCaptureOptions::Status status_; ++ webrtc::Mutex device_info_lock_; ++ std::vector device_info_list_ ++ RTC_GUARDED_BY(device_info_lock_); ++ // Guard with device_info_lock, because currently it's the only place where ++ // we use this status information. ++ VideoCaptureOptions::Status status_ ++ RTC_GUARDED_BY(device_info_lock_); + + struct pw_thread_loop* pw_main_loop_ = nullptr; + struct pw_context* pw_context_ = nullptr; diff --git a/SOURCES/008-libwebrtc-pipewire-camera-get-max-fps-for-each-format-when-specified-as-list.patch b/SOURCES/008-libwebrtc-pipewire-camera-get-max-fps-for-each-format-when-specified-as-list.patch new file mode 100644 index 0000000..306b46e --- /dev/null +++ b/SOURCES/008-libwebrtc-pipewire-camera-get-max-fps-for-each-format-when-specified-as-list.patch @@ -0,0 +1,52 @@ +From 9d035f728745f13311ed13d057565ca3b45523aa Mon Sep 17 00:00:00 2001 +From: Jan Grulich +Date: Tue, 24 Sep 2024 11:20:02 +0000 +Subject: [PATCH] Bug 1920460 - WebRTC backport: PipeWire camera: get max FPS + for each format when specified as list r=pehrsons,webrtc-reviewers + +In many cases, the framerate can be specified as list of possible values +and in that case, we would end up with max FPS to be set to 0 as this +case was not handled. + +This is a simple backport of an WebRTC upstream change. + +Upstream commit: 3aa47cfd30dc965446cf1405bb062b756a62e6d1 + +Differential Revision: https://phabricator.services.mozilla.com/D223112 +--- + .../modules/video_capture/linux/pipewire_session.cc | 12 ++++++++++-- + .../moz-patch-stack/3aa47cfd30.no-op-cherry-pick-msg | 1 + + 2 files changed, 11 insertions(+), 2 deletions(-) + create mode 100644 third_party/libwebrtc/moz-patch-stack/3aa47cfd30.no-op-cherry-pick-msg + +diff --git a/third_party/libwebrtc/modules/video_capture/linux/pipewire_session.cc b/third_party/libwebrtc/modules/video_capture/linux/pipewire_session.cc +index d9bc49d521b03..e5db278ff6a99 100644 +--- a/third_party/libwebrtc/modules/video_capture/linux/pipewire_session.cc ++++ b/third_party/libwebrtc/modules/video_capture/linux/pipewire_session.cc +@@ -17,6 +17,8 @@ + #include + #include + ++#include ++ + #include "common_video/libyuv/include/webrtc_libyuv.h" + #include "modules/video_capture/device_info_impl.h" + #include "rtc_base/logging.h" +@@ -152,9 +154,15 @@ void PipeWireNode::OnNodeParam(void* data, + + fract = static_cast(SPA_POD_BODY(val)); + +- if (choice == SPA_CHOICE_None) ++ if (choice == SPA_CHOICE_None) { + cap.maxFPS = 1.0 * fract[0].num / fract[0].denom; +- else if (choice == SPA_CHOICE_Range && fract[1].num > 0) ++ } else if (choice == SPA_CHOICE_Enum) { ++ for (uint32_t i = 1; i < n_items; i++) { ++ cap.maxFPS = std::max( ++ static_cast(1.0 * fract[i].num / fract[i].denom), ++ cap.maxFPS); ++ } ++ } else if (choice == SPA_CHOICE_Range && fract[1].num > 0) + cap.maxFPS = 1.0 * fract[1].num / fract[1].denom; + } + } diff --git a/SOURCES/009-libwebrtc-pipewire-camera-use-exact-stream-parameters-specified-by-capability.patch b/SOURCES/009-libwebrtc-pipewire-camera-use-exact-stream-parameters-specified-by-capability.patch new file mode 100644 index 0000000..fd85b01 --- /dev/null +++ b/SOURCES/009-libwebrtc-pipewire-camera-use-exact-stream-parameters-specified-by-capability.patch @@ -0,0 +1,172 @@ +From ca88b4994e140370ca5795c60f46559301458a98 Mon Sep 17 00:00:00 2001 +From: Jan Grulich +Date: Wed, 25 Sep 2024 06:52:35 +0000 +Subject: [PATCH] Bug 1920472 - WebRTC backport: PipeWire camera: use exact + stream parameters specified by capability r=pehrsons,webrtc-reviewers + +We currently specify stream parameters to be a range for both framerate +and resolution, where preferred value is specified. The preferred value +doesn't seem to be taken into account and we end up accepting resolution +from 1x1 to MAX_INTxMAX_INT. In case the other side tries to first match +with lower resolution than requested, we will happily match it and start +streaming low quality video. We should instead request the exact stream +parameters as specified by requested capability. This capability always +come from what has been originally reported as supported so it shouldn't +happen we don't find a matching stream. This also applies to requested +video format. We previously requested mjpg for streams with resolution +higher than 640x480, but it doesn't necessarily mean the camera supports +mjpg for the requested resolution. Again, refer to requested capability +in this case as it should indicate what is supported and we know we can +request exactly the same video format. It can happen that framerate is +set to 0 as unspecified. In that case keep using a range as before, but +with more sane values. + +This is a simple backport of an WebRTC upstream change. + +Upstream commit: 9703f8474f156e08e4a96dc36253f1cdccd549e1 + +Differential Revision: https://phabricator.services.mozilla.com/D223119 +--- + .../linux/video_capture_pipewire.cc | 85 +++++++++++-------- + .../linux/video_capture_pipewire.h | 1 + + .../9703f8474f.no-op-cherry-pick-msg | 1 + + 3 files changed, 52 insertions(+), 35 deletions(-) + create mode 100644 third_party/libwebrtc/moz-patch-stack/9703f8474f.no-op-cherry-pick-msg + +diff --git a/third_party/libwebrtc/modules/video_capture/linux/video_capture_pipewire.cc b/third_party/libwebrtc/modules/video_capture/linux/video_capture_pipewire.cc +index 1672b7583f..2338fa6d87 100644 +--- a/third_party/libwebrtc/modules/video_capture/linux/video_capture_pipewire.cc ++++ b/third_party/libwebrtc/modules/video_capture/linux/video_capture_pipewire.cc +@@ -51,10 +51,20 @@ VideoType VideoCaptureModulePipeWire::PipeWireRawFormatToVideoType( + if (spa_and_pixel_format.spa_format == spa_format) + return spa_and_pixel_format.video_type; + } +- RTC_LOG(LS_INFO) << "Unsupported pixel format: " << spa_format; ++ RTC_LOG(LS_WARNING) << "Unsupported pixel format: " << spa_format; + return VideoType::kUnknown; + } + ++uint32_t VideoCaptureModulePipeWire::VideoTypeToPipeWireRawFormat( ++ VideoType type) { ++ for (const auto& spa_and_pixel_format : kSupportedFormats) { ++ if (spa_and_pixel_format.video_type == type) ++ return spa_and_pixel_format.spa_format; ++ } ++ RTC_LOG(LS_WARNING) << "Unsupported video type: " << static_cast(type); ++ return SPA_VIDEO_FORMAT_UNKNOWN; ++} ++ + VideoCaptureModulePipeWire::VideoCaptureModulePipeWire( + VideoCaptureOptions* options) + : VideoCaptureImpl(), +@@ -87,45 +97,53 @@ int32_t VideoCaptureModulePipeWire::Init(const char* deviceUniqueId) { + } + + static spa_pod* BuildFormat(spa_pod_builder* builder, +- uint32_t format, ++ VideoType video_type, + uint32_t width, + uint32_t height, + float frame_rate) { +- spa_pod_frame frames[2]; ++ spa_pod_frame frame; ++ ++ const uint32_t media_subtype = video_type == VideoType::kMJPEG ++ ? SPA_MEDIA_SUBTYPE_mjpg ++ : SPA_MEDIA_SUBTYPE_raw; + +- spa_pod_builder_push_object(builder, &frames[0], SPA_TYPE_OBJECT_Format, ++ spa_pod_builder_push_object(builder, &frame, SPA_TYPE_OBJECT_Format, + SPA_PARAM_EnumFormat); + spa_pod_builder_add(builder, SPA_FORMAT_mediaType, + SPA_POD_Id(SPA_MEDIA_TYPE_video), SPA_FORMAT_mediaSubtype, +- SPA_POD_Id(format), 0); +- +- if (format == SPA_MEDIA_SUBTYPE_raw) { +- spa_pod_builder_prop(builder, SPA_FORMAT_VIDEO_format, 0); +- spa_pod_builder_push_choice(builder, &frames[1], SPA_CHOICE_Enum, 0); +- spa_pod_builder_id(builder, kSupportedFormats[0].spa_format); +- for (const auto& spa_and_pixel_format : kSupportedFormats) +- spa_pod_builder_id(builder, spa_and_pixel_format.spa_format); +- spa_pod_builder_pop(builder, &frames[1]); +- } ++ SPA_POD_Id(media_subtype), 0); + +- spa_rectangle preferred_size = spa_rectangle{width, height}; +- spa_rectangle min_size = spa_rectangle{1, 1}; +- spa_rectangle max_size = spa_rectangle{4096, 4096}; +- spa_pod_builder_add( +- builder, SPA_FORMAT_VIDEO_size, +- SPA_POD_CHOICE_RANGE_Rectangle(&preferred_size, &min_size, &max_size), 0); ++ if (media_subtype == SPA_MEDIA_SUBTYPE_raw) { ++ const uint32_t format = ++ VideoCaptureModulePipeWire::VideoTypeToPipeWireRawFormat(video_type); ++ RTC_CHECK(format != SPA_VIDEO_FORMAT_UNKNOWN); ++ spa_pod_builder_add(builder, SPA_FORMAT_VIDEO_format, SPA_POD_Id(format), ++ 0); ++ } + +- spa_fraction preferred_frame_rate = +- spa_fraction{static_cast(frame_rate), 1}; +- spa_fraction min_frame_rate = spa_fraction{0, 1}; +- spa_fraction max_frame_rate = spa_fraction{INT32_MAX, 1}; +- spa_pod_builder_add( +- builder, SPA_FORMAT_VIDEO_framerate, +- SPA_POD_CHOICE_RANGE_Fraction(&preferred_frame_rate, &min_frame_rate, +- &max_frame_rate), +- 0); ++ spa_rectangle resolution = spa_rectangle{width, height}; ++ spa_pod_builder_add(builder, SPA_FORMAT_VIDEO_size, ++ SPA_POD_Rectangle(&resolution), 0); ++ ++ // Framerate can be also set to 0 to be unspecified ++ if (frame_rate) { ++ spa_fraction framerate = spa_fraction{static_cast(frame_rate), 1}; ++ spa_pod_builder_add(builder, SPA_FORMAT_VIDEO_framerate, ++ SPA_POD_Fraction(&framerate), 0); ++ } else { ++ // Default to some reasonable values ++ spa_fraction preferred_frame_rate = ++ spa_fraction{static_cast(30), 1}; ++ spa_fraction min_frame_rate = spa_fraction{1, 1}; ++ spa_fraction max_frame_rate = spa_fraction{30, 1}; ++ spa_pod_builder_add( ++ builder, SPA_FORMAT_VIDEO_framerate, ++ SPA_POD_CHOICE_RANGE_Fraction(&preferred_frame_rate, &min_frame_rate, ++ &max_frame_rate), ++ 0); ++ } + +- return static_cast(spa_pod_builder_pop(builder, &frames[0])); ++ return static_cast(spa_pod_builder_pop(builder, &frame)); + } + + int32_t VideoCaptureModulePipeWire::StartCapture( +@@ -176,13 +194,10 @@ int32_t VideoCaptureModulePipeWire::StartCapture( + uint32_t width = capability.width; + uint32_t height = capability.height; + uint32_t frame_rate = capability.maxFPS; +- bool prefer_jpeg = (width > 640) || (height > 480); ++ VideoType video_type = capability.videoType; + + params.push_back( +- BuildFormat(&builder, SPA_MEDIA_SUBTYPE_raw, width, height, frame_rate)); +- params.insert( +- prefer_jpeg ? params.begin() : params.end(), +- BuildFormat(&builder, SPA_MEDIA_SUBTYPE_mjpg, width, height, frame_rate)); ++ BuildFormat(&builder, video_type, width, height, frame_rate)); + + int res = pw_stream_connect( + stream_, PW_DIRECTION_INPUT, node_id_, +diff --git a/third_party/libwebrtc/modules/video_capture/linux/video_capture_pipewire.h b/third_party/libwebrtc/modules/video_capture/linux/video_capture_pipewire.h +index eeb3b9497c..789f2034d3 100644 +--- a/third_party/libwebrtc/modules/video_capture/linux/video_capture_pipewire.h ++++ b/third_party/libwebrtc/modules/video_capture/linux/video_capture_pipewire.h +@@ -28,6 +28,7 @@ class VideoCaptureModulePipeWire : public VideoCaptureImpl { + int32_t CaptureSettings(VideoCaptureCapability& settings) override; + + static VideoType PipeWireRawFormatToVideoType(uint32_t format); ++ static uint32_t VideoTypeToPipeWireRawFormat(VideoType type); + + private: + static void OnStreamParamChanged(void* data, diff --git a/SOURCES/010-libwebrtc-pipewire-camera-use-better-unique-device-name-for-camera-devices.patch b/SOURCES/010-libwebrtc-pipewire-camera-use-better-unique-device-name-for-camera-devices.patch new file mode 100644 index 0000000..4cff2c5 --- /dev/null +++ b/SOURCES/010-libwebrtc-pipewire-camera-use-better-unique-device-name-for-camera-devices.patch @@ -0,0 +1,61 @@ +From 12b7d28d858fdcfa80795a2af49a71d3b5142733 Mon Sep 17 00:00:00 2001 +From: Jan Grulich +Date: Tue, 12 Nov 2024 12:28:19 +0000 +Subject: [PATCH] Bug 1930598 - WebRTC backport: PipeWire camera: use better + unique device name for camera devices r=pehrsons,webrtc-reviewers + +Originally we used node id from PipeWire as an unique device name and +while this works, it will change everytime PipeWire is restarted. This +has an impact on default camera selection, where for example Firefox can +automatically request a camera device that was used before, but this can +break with the next PipeWire restart. + +This is a simple backport of an WebRTC upstream change. + +Upstream commit: a5d71009ac1dce7da23813dc9413c03073cfa8ca + +Differential Revision: https://phabricator.services.mozilla.com/D228635 +--- + .../modules/video_capture/linux/pipewire_session.cc | 2 +- + .../video_capture/linux/video_capture_pipewire.cc | 11 +++++++---- + .../moz-patch-stack/a5d71009ac.no-op-cherry-pick-msg | 1 + + 3 files changed, 9 insertions(+), 5 deletions(-) + create mode 100644 third_party/libwebrtc/moz-patch-stack/a5d71009ac.no-op-cherry-pick-msg + +diff --git a/third_party/libwebrtc/modules/video_capture/linux/pipewire_session.cc b/third_party/libwebrtc/modules/video_capture/linux/pipewire_session.cc +index 641e5238ea..dd187c0358 100644 +--- a/third_party/libwebrtc/modules/video_capture/linux/pipewire_session.cc ++++ b/third_party/libwebrtc/modules/video_capture/linux/pipewire_session.cc +@@ -74,7 +74,7 @@ PipeWireNode::PipeWireNode(PipeWireSession* session, + : session_(session), + id_(id), + display_name_(spa_dict_lookup(props, PW_KEY_NODE_DESCRIPTION)), +- unique_id_(rtc::ToString(id)) { ++ unique_id_(spa_dict_lookup(props, PW_KEY_NODE_NAME)) { + RTC_LOG(LS_VERBOSE) << "Found Camera: " << display_name_; + + proxy_ = static_cast(pw_registry_bind( +diff --git a/third_party/libwebrtc/modules/video_capture/linux/video_capture_pipewire.cc b/third_party/libwebrtc/modules/video_capture/linux/video_capture_pipewire.cc +index 2338fa6d87..888b8f386f 100644 +--- a/third_party/libwebrtc/modules/video_capture/linux/video_capture_pipewire.cc ++++ b/third_party/libwebrtc/modules/video_capture/linux/video_capture_pipewire.cc +@@ -82,12 +82,15 @@ int32_t VideoCaptureModulePipeWire::Init(const char* deviceUniqueId) { + RTC_CHECK_RUNS_SERIALIZED(&capture_checker_); + RTC_DCHECK_RUN_ON(&api_checker_); + +- absl::optional id; +- id = rtc::StringToNumber(deviceUniqueId); +- if (id == absl::nullopt) ++ auto node = ++ std::find_if(session_->nodes_.begin(), session_->nodes_.end(), ++ [deviceUniqueId](const PipeWireNode::PipeWireNodePtr& node) { ++ return node->unique_id() == deviceUniqueId; ++ }); ++ if (node == session_->nodes_.end()) + return -1; + +- node_id_ = id.value(); ++ node_id_ = (*node)->id(); + + const int len = strlen(deviceUniqueId); + _deviceUniqueId = new (std::nothrow) char[len + 1]; diff --git a/SOURCES/firefox-system-nss-replace-xyber-with-mlkem.patch b/SOURCES/firefox-system-nss-replace-xyber-with-mlkem.patch new file mode 100644 index 0000000..655c3f5 --- /dev/null +++ b/SOURCES/firefox-system-nss-replace-xyber-with-mlkem.patch @@ -0,0 +1,507 @@ +diff --git a/modules/libpref/init/StaticPrefList.yaml b/modules/libpref/init/StaticPrefList.yaml +index 031ed0344d..4c652235d2 100644 +--- a/modules/libpref/init/StaticPrefList.yaml ++++ b/modules/libpref/init/StaticPrefList.yaml +@@ -13380,7 +13380,7 @@ + mirror: always + rust: true + +-# Whether to send a Xyber768 key share in HTTP/3 TLS handshakes. ++# Whether to send an mlkem768x25519 key share in HTTP/3 TLS handshakes. + # Has no effect unless security.tls.enable_kyber is true. + - name: network.http.http3.enable_kyber + type: RelaxedAtomicBool +diff --git a/netwerk/socket/neqo_glue/src/lib.rs b/netwerk/socket/neqo_glue/src/lib.rs +index 9d1fa68ed2..216a95553c 100644 +--- a/netwerk/socket/neqo_glue/src/lib.rs ++++ b/netwerk/socket/neqo_glue/src/lib.rs +@@ -202,7 +202,7 @@ impl NeqoHttp3Conn { + { + // These operations are infallible when conn.state == State::Init. + let _ = conn.set_groups(&[ +- neqo_crypto::TLS_GRP_KEM_XYBER768D00, ++ neqo_crypto::TLS_GRP_KEM_MLKEM768X25519, + neqo_crypto::TLS_GRP_EC_X25519, + neqo_crypto::TLS_GRP_EC_SECP256R1, + neqo_crypto::TLS_GRP_EC_SECP384R1, +diff --git a/netwerk/test/unit/test_http3_kyber.js b/netwerk/test/unit/test_http3_kyber.js +index 4b3f1cbc50..e3b77cce9b 100644 +--- a/netwerk/test/unit/test_http3_kyber.js ++++ b/netwerk/test/unit/test_http3_kyber.js +@@ -62,7 +62,11 @@ function makeChan(uri) { + + add_task(async function test_kyber_success() { + let listener = new Http3Listener(); +- listener.expectedKeaGroup = "xyber768d00"; ++ // Bug 1918532: change this from x25519 to mlkem768x25519. ++ // neqo_glue currently tries to negotiate xyber768d00, which is ++ // disabled by NSS policy. As such we expect to receive x25519 ++ // here. ++ listener.expectedKeaGroup = "x25519"; + let chan = makeChan("https://foo.example.com"); + await chanPromise(chan, listener); + }); +diff --git a/security/manager/ssl/NSSSocketControl.cpp b/security/manager/ssl/NSSSocketControl.cpp +index 64c999701a..c7abe78da8 100644 +--- a/security/manager/ssl/NSSSocketControl.cpp ++++ b/security/manager/ssl/NSSSocketControl.cpp +@@ -39,7 +39,7 @@ NSSSocketControl::NSSSocketControl(const nsCString& aHostName, int32_t aPort, + mIsFullHandshake(false), + mNotedTimeUntilReady(false), + mEchExtensionStatus(EchExtensionStatus::kNotPresent), +- mSentXyberShare(false), ++ mSentMlkemShare(false), + mHasTls13HandshakeSecrets(false), + mIsShortWritePending(false), + mShortWritePendingByte(0), +diff --git a/security/manager/ssl/NSSSocketControl.h b/security/manager/ssl/NSSSocketControl.h +index 9afae1926c..2701b7346e 100644 +--- a/security/manager/ssl/NSSSocketControl.h ++++ b/security/manager/ssl/NSSSocketControl.h +@@ -117,14 +117,14 @@ class NSSSocketControl final : public CommonSocketControl { + return mEchExtensionStatus; + } + +- void WillSendXyberShare() { ++ void WillSendMlkemShare() { + COMMON_SOCKET_CONTROL_ASSERT_ON_OWNING_THREAD(); +- mSentXyberShare = true; ++ mSentMlkemShare = true; + } + +- bool SentXyberShare() { ++ bool SentMlkemShare() { + COMMON_SOCKET_CONTROL_ASSERT_ON_OWNING_THREAD(); +- return mSentXyberShare; ++ return mSentMlkemShare; + } + + void SetHasTls13HandshakeSecrets() { +@@ -307,7 +307,7 @@ class NSSSocketControl final : public CommonSocketControl { + bool mIsFullHandshake; + bool mNotedTimeUntilReady; + EchExtensionStatus mEchExtensionStatus; // Currently only used for telemetry. +- bool mSentXyberShare; ++ bool mSentMlkemShare; + bool mHasTls13HandshakeSecrets; + + // True when SSL layer has indicated an "SSL short write", i.e. need +diff --git a/security/manager/ssl/metrics.yaml b/security/manager/ssl/metrics.yaml +index e25ab6a7e5..ce0177b384 100644 +--- a/security/manager/ssl/metrics.yaml ++++ b/security/manager/ssl/metrics.yaml +@@ -68,7 +68,7 @@ tls: + xyber_intolerance_reason: + type: labeled_counter + description: > +- The error that was returned from a failed TLS 1.3 handshake in which the client sent a Xyber key share (see tlsIntoleranceTelemetryBucket() in nsNSSIOLayer.cpp). ++ The error that was returned from a failed TLS 1.3 handshake in which the client sent a mlkem768x25519 key share (see tlsIntoleranceTelemetryBucket() in nsNSSIOLayer.cpp). + data_sensitivity: + - technical + bugs: +diff --git a/security/manager/ssl/nsNSSCallbacks.cpp b/security/manager/ssl/nsNSSCallbacks.cpp +index c3a23213c5..cb37603782 100644 +--- a/security/manager/ssl/nsNSSCallbacks.cpp ++++ b/security/manager/ssl/nsNSSCallbacks.cpp +@@ -656,8 +656,8 @@ nsCString getKeaGroupName(uint32_t aKeaGroup) { + case ssl_grp_ec_curve25519: + groupName = "x25519"_ns; + break; +- case ssl_grp_kem_xyber768d00: +- groupName = "xyber768d00"_ns; ++ case ssl_grp_kem_mlkem768x25519: ++ groupName = "mlkem768x25519"_ns; + break; + case ssl_grp_ffdhe_2048: + groupName = "FF 2048"_ns; +@@ -1045,7 +1045,6 @@ void HandshakeCallback(PRFileDesc* fd, void* client_data) { + channelInfo.keaKeyBits); + break; + case ssl_kea_ecdh_hybrid: +- // Bug 1874963: Add probes for Xyber768d00 + break; + default: + MOZ_CRASH("impossible KEA"); +@@ -1146,7 +1145,8 @@ void SecretCallback(PRFileDesc* fd, PRUint16 epoch, SSLSecretDirection dir, + if (epoch == 2 && dir == ssl_secret_read) { + // |secret| is the server_handshake_traffic_secret. Set a flag to indicate + // that the Server Hello has been processed successfully. We use this when +- // deciding whether to retry a connection in which a Xyber share was sent. ++ // deciding whether to retry a connection in which an mlkem768x25519 share ++ // was sent. + infoObject->SetHasTls13HandshakeSecrets(); + } + } +diff --git a/security/manager/ssl/nsNSSComponent.cpp b/security/manager/ssl/nsNSSComponent.cpp +index 5f3792fd52..1fff6de2d6 100644 +--- a/security/manager/ssl/nsNSSComponent.cpp ++++ b/security/manager/ssl/nsNSSComponent.cpp +@@ -1084,9 +1084,9 @@ void SetDeprecatedTLS1CipherPrefs() { + // static + void SetKyberPolicy() { + if (StaticPrefs::security_tls_enable_kyber()) { +- NSS_SetAlgorithmPolicy(SEC_OID_XYBER768D00, NSS_USE_ALG_IN_SSL_KX, 0); ++ NSS_SetAlgorithmPolicy(SEC_OID_MLKEM768X25519, NSS_USE_ALG_IN_SSL_KX, 0); + } else { +- NSS_SetAlgorithmPolicy(SEC_OID_XYBER768D00, 0, NSS_USE_ALG_IN_SSL_KX); ++ NSS_SetAlgorithmPolicy(SEC_OID_MLKEM768X25519, 0, NSS_USE_ALG_IN_SSL_KX); + } + } + +diff --git a/security/manager/ssl/nsNSSIOLayer.cpp b/security/manager/ssl/nsNSSIOLayer.cpp +index c31f3064ee..24ca99d0f4 100644 +--- a/security/manager/ssl/nsNSSIOLayer.cpp ++++ b/security/manager/ssl/nsNSSIOLayer.cpp +@@ -448,14 +448,15 @@ bool retryDueToTLSIntolerance(PRErrorCode err, NSSSocketControl* socketInfo) { + } + + if (!socketInfo->IsPreliminaryHandshakeDone() && +- !socketInfo->HasTls13HandshakeSecrets() && socketInfo->SentXyberShare()) { ++ !socketInfo->HasTls13HandshakeSecrets() && socketInfo->SentMlkemShare()) { + nsAutoCString errorName; + const char* prErrorName = PR_ErrorToName(err); + if (prErrorName) { + errorName.AppendASCII(prErrorName); + } + mozilla::glean::tls::xyber_intolerance_reason.Get(errorName).Add(1); +- // Don't record version intolerance if we sent Xyber, just force a retry. ++ // Don't record version intolerance if we sent mlkem768x25519, just force a ++ // retry. + return true; + } + +@@ -1561,7 +1562,7 @@ static nsresult nsSSLIOLayerSetOptions(PRFileDesc* fd, bool forSTARTTLS, + !(infoObject->GetProviderFlags() & + (nsISocketProvider::BE_CONSERVATIVE | nsISocketProvider::IS_RETRY))) { + const SSLNamedGroup namedGroups[] = { +- ssl_grp_kem_xyber768d00, ssl_grp_ec_curve25519, ssl_grp_ec_secp256r1, ++ ssl_grp_kem_mlkem768x25519, ssl_grp_ec_curve25519, ssl_grp_ec_secp256r1, + ssl_grp_ec_secp384r1, ssl_grp_ec_secp521r1, ssl_grp_ffdhe_2048, + ssl_grp_ffdhe_3072}; + if (SECSuccess != SSL_NamedGroupConfig(fd, namedGroups, +@@ -1573,12 +1574,12 @@ static nsresult nsSSLIOLayerSetOptions(PRFileDesc* fd, bool forSTARTTLS, + if (SECSuccess != SSL_SendAdditionalKeyShares(fd, 2)) { + return NS_ERROR_FAILURE; + } +- infoObject->WillSendXyberShare(); ++ infoObject->WillSendMlkemShare(); + } else { + const SSLNamedGroup namedGroups[] = { + ssl_grp_ec_curve25519, ssl_grp_ec_secp256r1, ssl_grp_ec_secp384r1, + ssl_grp_ec_secp521r1, ssl_grp_ffdhe_2048, ssl_grp_ffdhe_3072}; +- // Skip the |ssl_grp_kem_xyber768d00| entry. ++ // Skip the |ssl_grp_kem_mlkem768x25519| entry. + if (SECSuccess != SSL_NamedGroupConfig(fd, namedGroups, + mozilla::ArrayLength(namedGroups))) { + return NS_ERROR_FAILURE; +diff --git a/security/manager/ssl/tests/unit/test_faulty_server.js b/security/manager/ssl/tests/unit/test_faulty_server.js +index f617908e28..7e476a9688 100644 +--- a/security/manager/ssl/tests/unit/test_faulty_server.js ++++ b/security/manager/ssl/tests/unit/test_faulty_server.js +@@ -72,28 +72,28 @@ add_task( + { + skip_if: () => AppConstants.MOZ_SYSTEM_NSS, + }, +- async function testRetryXyber() { +- const retryDomain = "xyber-net-interrupt.example.com"; ++ async function testRetryMlkem768x25519() { ++ const retryDomain = "mlkem768x25519-net-interrupt.example.com"; + + Services.prefs.setBoolPref("security.tls.enable_kyber", true); + Services.prefs.setCharPref("network.dns.localDomains", [retryDomain]); + Services.prefs.setIntPref("network.http.speculative-parallel-limit", 0); + +- // Get the number of xyber / x25519 callbacks prior to making the request +- // ssl_grp_kem_xyber768d00 = 25497 ++ // Get the number of mlkem768x25519 and x25519 callbacks prior to making the request ++ // ssl_grp_kem_mlkem768x25519 = 4588 + // ssl_grp_ec_curve25519 = 29 +- let countOfXyber = handlerCount("/callback/25497"); ++ let countOfMlkem = handlerCount("/callback/4588"); + let countOfX25519 = handlerCount("/callback/29"); + let chan = makeChan(`https://${retryDomain}:8443`); + let [, buf] = await channelOpenPromise(chan, CL_ALLOW_UNKNOWN_CL); + ok(buf); +- // The server will make a xyber768d00 callback for the initial request, and ++ // The server will make a mlkem768x25519 callback for the initial request, and + // then an x25519 callback for the retry. Both callback counts should + // increment by one. + equal( +- handlerCount("/callback/25497"), +- countOfXyber + 1, +- "negotiated xyber768d00" ++ handlerCount("/callback/4588"), ++ countOfMlkem + 1, ++ "negotiated mlkem768x25519" + ); + equal(handlerCount("/callback/29"), countOfX25519 + 1, "negotiated x25519"); + if (!mozinfo.socketprocess_networking) { +@@ -111,27 +111,28 @@ add_task( + { + skip_if: () => AppConstants.MOZ_SYSTEM_NSS, + }, +- async function testNoRetryXyber() { +- const retryDomain = "xyber-alert-after-server-hello.example.com"; ++ async function testNoRetryMlkem768x25519() { ++ const retryDomain = "mlkem768x25519-alert-after-server-hello.example.com"; + + Services.prefs.setBoolPref("security.tls.enable_kyber", true); + Services.prefs.setCharPref("network.dns.localDomains", [retryDomain]); + Services.prefs.setIntPref("network.http.speculative-parallel-limit", 0); + +- // Get the number of xyber / x25519 / p256 callbacks prior to making the request +- // ssl_grp_kem_xyber768d00 = 25497 ++ // Get the number of mlkem768x25519 and x25519 callbacks prior to making ++ // the request ++ // ssl_grp_kem_mlkem768x25519 = 4588 + // ssl_grp_ec_curve25519 = 29 +- let countOfXyber = handlerCount("/callback/25497"); ++ let countOfMlkem = handlerCount("/callback/4588"); + let countOfX25519 = handlerCount("/callback/29"); + let chan = makeChan(`https://${retryDomain}:8443`); + let [req] = await channelOpenPromise(chan, CL_EXPECT_FAILURE); + equal(req.status, 0x805a2f4d); // psm::GetXPCOMFromNSSError(SSL_ERROR_HANDSHAKE_FAILED) +- // The server will make a xyber768d00 callback for the initial request and ++ // The server will make a mlkem768x25519 callback for the initial request and + // the client should not retry. + equal( +- handlerCount("/callback/25497"), +- countOfXyber + 1, +- "negotiated xyber768d00" ++ handlerCount("/callback/4588"), ++ countOfMlkem + 1, ++ "negotiated mlkem768x25519" + ); + equal( + handlerCount("/callback/29"), +diff --git a/security/manager/ssl/tests/unit/tlsserver/cmd/FaultyServer.cpp b/security/manager/ssl/tests/unit/tlsserver/cmd/FaultyServer.cpp +index 4764ed921d..ba48016f58 100644 +--- a/security/manager/ssl/tests/unit/tlsserver/cmd/FaultyServer.cpp ++++ b/security/manager/ssl/tests/unit/tlsserver/cmd/FaultyServer.cpp +@@ -21,7 +21,7 @@ enum FaultType { + None = 0, + ZeroRtt, + UnknownSNI, +- Xyber, ++ Mlkem768x25519, + }; + + struct FaultyServerHost { +@@ -38,9 +38,10 @@ const char* kHostZeroRttAlertVersion = + const char* kHostZeroRttAlertUnexpected = "0rtt-alert-unexpected.example.com"; + const char* kHostZeroRttAlertDowngrade = "0rtt-alert-downgrade.example.com"; + +-const char* kHostXyberNetInterrupt = "xyber-net-interrupt.example.com"; +-const char* kHostXyberAlertAfterServerHello = +- "xyber-alert-after-server-hello.example.com"; ++const char* kHostMlkem768x25519NetInterrupt = ++ "mlkem768x25519-net-interrupt.example.com"; ++const char* kHostMlkem768x25519AlertAfterServerHello = ++ "mlkem768x25519-alert-after-server-hello.example.com"; + + const char* kCertWildcard = "default-ee"; + +@@ -55,8 +56,8 @@ const FaultyServerHost sFaultyServerHosts[]{ + {kHostZeroRttAlertVersion, kCertWildcard, ZeroRtt}, + {kHostZeroRttAlertUnexpected, kCertWildcard, ZeroRtt}, + {kHostZeroRttAlertDowngrade, kCertWildcard, ZeroRtt}, +- {kHostXyberNetInterrupt, kCertWildcard, Xyber}, +- {kHostXyberAlertAfterServerHello, kCertWildcard, Xyber}, ++ {kHostMlkem768x25519NetInterrupt, kCertWildcard, Mlkem768x25519}, ++ {kHostMlkem768x25519AlertAfterServerHello, kCertWildcard, Mlkem768x25519}, + {nullptr, nullptr}, + }; + +@@ -168,21 +169,22 @@ SECStatus FailingWriteCallback(PRFileDesc* fd, PRUint16 epoch, + return SECFailure; + } + +-void SecretCallbackFailXyber(PRFileDesc* fd, PRUint16 epoch, +- SSLSecretDirection dir, PK11SymKey* secret, +- void* arg) { +- fprintf(stderr, "Xyber handler epoch=%d dir=%d\n", epoch, (uint32_t)dir); ++void SecretCallbackFailMlkem768x25519(PRFileDesc* fd, PRUint16 epoch, ++ SSLSecretDirection dir, ++ PK11SymKey* secret, void* arg) { ++ fprintf(stderr, "Mlkem768x25519 handler epoch=%d dir=%d\n", epoch, ++ (uint32_t)dir); + FaultyServerHost* host = static_cast(arg); + + if (epoch == 2 && dir == ssl_secret_write) { + sslSocket* ss = ssl_FindSocket(fd); + if (!ss) { +- fprintf(stderr, "Xyber handler, no ss!\n"); ++ fprintf(stderr, "Mlkem768x25519 handler, no ss!\n"); + return; + } + + if (!ss->sec.keaGroup) { +- fprintf(stderr, "Xyber handler, no ss->sec.keaGroup!\n"); ++ fprintf(stderr, "Mlkem768x25519 handler, no ss->sec.keaGroup!\n"); + return; + } + +@@ -190,17 +192,18 @@ void SecretCallbackFailXyber(PRFileDesc* fd, PRUint16 epoch, + SprintfLiteral(path, "/callback/%u", ss->sec.keaGroup->name); + DoCallback(path); + +- if (ss->sec.keaGroup->name != ssl_grp_kem_xyber768d00) { ++ if (ss->sec.keaGroup->name != ssl_grp_kem_mlkem768x25519) { + return; + } + +- fprintf(stderr, "Xyber handler, configuring alert\n"); +- if (strcmp(host->mHostName, kHostXyberNetInterrupt) == 0) { ++ fprintf(stderr, "Mlkem768x25519 handler, configuring alert\n"); ++ if (strcmp(host->mHostName, kHostMlkem768x25519NetInterrupt) == 0) { + // Install a record write callback that causes the next write to fail. + // The client will see this as a PR_END_OF_FILE / NS_ERROR_NET_INTERRUPT + // error. + ss->recordWriteCallback = FailingWriteCallback; +- } else if (!strcmp(host->mHostName, kHostXyberAlertAfterServerHello)) { ++ } else if (!strcmp(host->mHostName, ++ kHostMlkem768x25519AlertAfterServerHello)) { + SSL3_SendAlert(ss, alert_fatal, close_notify); + } + } +@@ -219,17 +222,17 @@ int32_t DoSNISocketConfig(PRFileDesc* aFd, const SECItem* aSrvNameArr, + fprintf(stderr, "found pre-defined host '%s'\n", host->mHostName); + } + +- const SSLNamedGroup xyberTestNamedGroups[] = {ssl_grp_kem_xyber768d00, ++ const SSLNamedGroup mlkemTestNamedGroups[] = {ssl_grp_kem_mlkem768x25519, + ssl_grp_ec_curve25519}; + + switch (host->mFaultType) { + case ZeroRtt: + SSL_SecretCallback(aFd, &SecretCallbackFailZeroRtt, (void*)host); + break; +- case Xyber: +- SSL_SecretCallback(aFd, &SecretCallbackFailXyber, (void*)host); +- SSL_NamedGroupConfig(aFd, xyberTestNamedGroups, +- mozilla::ArrayLength(xyberTestNamedGroups)); ++ case Mlkem768x25519: ++ SSL_SecretCallback(aFd, &SecretCallbackFailMlkem768x25519, (void*)host); ++ SSL_NamedGroupConfig(aFd, mlkemTestNamedGroups, ++ mozilla::ArrayLength(mlkemTestNamedGroups)); + break; + case None: + break; +diff --git a/security/manager/ssl/tests/unit/tlsserver/lib/TLSServer.cpp b/security/manager/ssl/tests/unit/tlsserver/lib/TLSServer.cpp +index e4aeda0e82..401b982346 100644 +--- a/security/manager/ssl/tests/unit/tlsserver/lib/TLSServer.cpp ++++ b/security/manager/ssl/tests/unit/tlsserver/lib/TLSServer.cpp +@@ -553,8 +553,6 @@ int StartServer(int argc, char* argv[], SSLSNISocketConfig sniSocketConfig, + return 1; + } + +- NSS_SetAlgorithmPolicy(SEC_OID_XYBER768D00, NSS_USE_ALG_IN_SSL_KX, 0); +- + if (SSL_ConfigServerSessionIDCache(0, 0, 0, nullptr) != SECSuccess) { + PrintPRError("SSL_ConfigServerSessionIDCache failed"); + return 1; +diff --git a/third_party/rust/neqo-crypto/.cargo-checksum.json b/third_party/rust/neqo-crypto/.cargo-checksum.json +index 188160d135..bea265565f 100644 +--- a/third_party/rust/neqo-crypto/.cargo-checksum.json ++++ b/third_party/rust/neqo-crypto/.cargo-checksum.json +@@ -1 +1 @@ +-{"files":{"Cargo.toml":"fa915d4cac0a051c77107dd6f74514915fe2924fe3eecaad10e995062767fbbb","bindings/bindings.toml":"56921b753535f899b8095df3e8af04b1dc2213c4808dfb39734a3c554454d01d","bindings/nspr_err.h":"2d5205d017b536c2d838bcf9bc4ec79f96dd50e7bb9b73892328781f1ee6629d","bindings/nspr_error.h":"e41c03c77b8c22046f8618832c9569fbcc7b26d8b9bbc35eea7168f35e346889","bindings/nspr_io.h":"085b289849ef0e77f88512a27b4d9bdc28252bd4d39c6a17303204e46ef45f72","bindings/nspr_time.h":"2e637fd338a5cf0fd3fb0070a47f474a34c2a7f4447f31b6875f5a9928d0a261","bindings/nss_ciphers.h":"95ec6344a607558b3c5ba8510f463b6295f3a2fb3f538a01410531045a5f62d1","bindings/nss_init.h":"ef49045063782fb612aff459172cc6a89340f15005808608ade5320ca9974310","bindings/nss_p11.h":"0b81e64fe6db49b2ecff94edd850be111ef99ec11220e88ceb1c67be90143a78","bindings/nss_secerr.h":"713e8368bdae5159af7893cfa517dabfe5103cede051dee9c9557c850a2defc6","bindings/nss_ssl.h":"af222fb957b989e392e762fa2125c82608a0053aff4fb97e556691646c88c335","bindings/nss_sslerr.h":"24b97f092183d8486f774cdaef5030d0249221c78343570d83a4ee5b594210ae","bindings/nss_sslopt.h":"b7807eb7abdad14db6ad7bc51048a46b065a0ea65a4508c95a12ce90e59d1eea","build.rs":"6c3e94359395cce5cb29bc0063ff930ffcd7edd50c040cb459acce6c80aa4ef4","min_version.txt":"7e98f86c69cddb4f65cf96a6de1f4297e3ce224a4c4628609e29042b6c4dcfb9","src/aead.rs":"fc42bc20b84d2e5ccfd56271ae2d2db082e55586ea2926470c102da177f22296","src/aead_null.rs":"3a553f21126c9ca0116c2be81e5a777011b33c159fd88c4f384614bbdb06bb2e","src/agent.rs":"0ef7b488480d12c01a122050e82809bc784443ef6277d75fce21d706fbf5eaaf","src/agentio.rs":"415f70b95312d3ee6d74ba6f28094246101ab6d535aa9df880c38d8bb5a9279e","src/auth.rs":"ced1a18f691894984244088020ea25dc1ee678603317f0c7dfc8b8842fa750b4","src/cert.rs":"8942cb3ce25a61f92b6ffc30fb286052ed6f56eeda3be12fd46ea76ceba6c1cf","src/constants.rs":"f5c779db128a8b0607841ca18c376971017eb327e102e5e6959a7d8effe4b3a6","src/ech.rs":"9d322fcc01c0886f1dfe9bb6273cb9f88a746452ac9a802761b1816a05930c1f","src/err.rs":"ae979f334604aba89640c4491262641910033f0bd790d58671f649f5039b291c","src/exp.rs":"cec59d61fc95914f9703d2fb6490a8507af993c9db710dde894f2f8fd38123c7","src/ext.rs":"cbf7d9f5ecabf4b8c9efd6c334637ab1596ec5266d38ab8d2d6ceae305283deb","src/hkdf.rs":"ef32f20e30a9bd7f094199536d19c87c4231b7fbbe4a9c54c70e84ca9c6575be","src/hp.rs":"644f1bed67f1c6189a67c8d02ab3358aaa7f63af4b913dd7395becbc01a84291","src/lib.rs":"1f2c171e76f353c99cebe66f9812d3021ab2914eb015fed6a07409b7cfa426e6","src/min_version.rs":"89b7ef6f9d2301db4f689f4d963b58375d577f705b92003a804048441e00cfd1","src/p11.rs":"704c5f164c4f195c8051c5bf1e69a912c34b613a8cf6bed5f577dc5674eea34e","src/prio.rs":"e5e169296c0ac69919c59fb6c1f8bd6bf079452eaa13d75da0edd41d435d3f6f","src/replay.rs":"96b7af8eff9e14313e79303092018b12e8834f780c96b8e247c497fdc680c696","src/result.rs":"0587cbb6aace71a7f9765ef7c01dcd9f73a49dcc6331e1d8fe4de2aef6ca65b6","src/secrets.rs":"4ffaa66f25df47dadf042063bff5953effa7bf2f4920cafe827757d6a659cb58","src/selfencrypt.rs":"b7cc1c896c7661c37461fc3a8bcbfdf2589433b907fa5f968ae4f6907704b441","src/ssl.rs":"c83baa5518b81dd06f2e4072ea3c2d666ccdeb8b1ff6e3746eea9f1af47023a6","src/time.rs":"c71a01ff8aa2c0e97fb16ad620df4ed6b7cc1819ff93f46634e2f1c9551627ec","tests/aead.rs":"e36ae77802df1ea6d17cfd1bd2178a3706089577d6fd1554ca86e748b8b235b9","tests/agent.rs":"824735f88e487a3748200844e9481e81a72163ad74d82faa9aa16594d9b9bb25","tests/ext.rs":"1b047d23d9b224ad06eb65d8f3a7b351e263774e404c79bbcbe8f43790e29c18","tests/handshake.rs":"e892a2839b31414be16e96cdf3b1a65978716094700c1a4989229f7edbf578a0","tests/hkdf.rs":"1d2098dc8398395864baf13e4886cfd1da6d36118727c3b264f457ee3da6b048","tests/hp.rs":"b24fec53771c169be788772532d2617a5349196cf87d6444dc74214f7c73e92c","tests/init.rs":"616313cb38eac44b8c71a1d23a52a7d7b4c7c07d4c20dc9ea6600c3317f92613","tests/selfencrypt.rs":"8d10840b41629bf449a6b3a551377315e8a05ca26c6b041548748196652c5909"},"package":null} +\ No newline at end of file ++{"files":{"Cargo.toml":"fa915d4cac0a051c77107dd6f74514915fe2924fe3eecaad10e995062767fbbb","bindings/bindings.toml":"56921b753535f899b8095df3e8af04b1dc2213c4808dfb39734a3c554454d01d","bindings/nspr_err.h":"2d5205d017b536c2d838bcf9bc4ec79f96dd50e7bb9b73892328781f1ee6629d","bindings/nspr_error.h":"e41c03c77b8c22046f8618832c9569fbcc7b26d8b9bbc35eea7168f35e346889","bindings/nspr_io.h":"085b289849ef0e77f88512a27b4d9bdc28252bd4d39c6a17303204e46ef45f72","bindings/nspr_time.h":"2e637fd338a5cf0fd3fb0070a47f474a34c2a7f4447f31b6875f5a9928d0a261","bindings/nss_ciphers.h":"95ec6344a607558b3c5ba8510f463b6295f3a2fb3f538a01410531045a5f62d1","bindings/nss_init.h":"ef49045063782fb612aff459172cc6a89340f15005808608ade5320ca9974310","bindings/nss_p11.h":"0b81e64fe6db49b2ecff94edd850be111ef99ec11220e88ceb1c67be90143a78","bindings/nss_secerr.h":"713e8368bdae5159af7893cfa517dabfe5103cede051dee9c9557c850a2defc6","bindings/nss_ssl.h":"af222fb957b989e392e762fa2125c82608a0053aff4fb97e556691646c88c335","bindings/nss_sslerr.h":"24b97f092183d8486f774cdaef5030d0249221c78343570d83a4ee5b594210ae","bindings/nss_sslopt.h":"b7807eb7abdad14db6ad7bc51048a46b065a0ea65a4508c95a12ce90e59d1eea","build.rs":"6c3e94359395cce5cb29bc0063ff930ffcd7edd50c040cb459acce6c80aa4ef4","min_version.txt":"7e98f86c69cddb4f65cf96a6de1f4297e3ce224a4c4628609e29042b6c4dcfb9","src/aead.rs":"fc42bc20b84d2e5ccfd56271ae2d2db082e55586ea2926470c102da177f22296","src/aead_null.rs":"3a553f21126c9ca0116c2be81e5a777011b33c159fd88c4f384614bbdb06bb2e","src/agent.rs":"0ef7b488480d12c01a122050e82809bc784443ef6277d75fce21d706fbf5eaaf","src/agentio.rs":"415f70b95312d3ee6d74ba6f28094246101ab6d535aa9df880c38d8bb5a9279e","src/auth.rs":"ced1a18f691894984244088020ea25dc1ee678603317f0c7dfc8b8842fa750b4","src/cert.rs":"8942cb3ce25a61f92b6ffc30fb286052ed6f56eeda3be12fd46ea76ceba6c1cf","src/constants.rs":"78df03f9209ff36279b75f88f6d3d15fed4a0fdd1f6edc8ea8100ed9ae34320f","src/ech.rs":"9d322fcc01c0886f1dfe9bb6273cb9f88a746452ac9a802761b1816a05930c1f","src/err.rs":"ae979f334604aba89640c4491262641910033f0bd790d58671f649f5039b291c","src/exp.rs":"cec59d61fc95914f9703d2fb6490a8507af993c9db710dde894f2f8fd38123c7","src/ext.rs":"cbf7d9f5ecabf4b8c9efd6c334637ab1596ec5266d38ab8d2d6ceae305283deb","src/hkdf.rs":"ef32f20e30a9bd7f094199536d19c87c4231b7fbbe4a9c54c70e84ca9c6575be","src/hp.rs":"644f1bed67f1c6189a67c8d02ab3358aaa7f63af4b913dd7395becbc01a84291","src/lib.rs":"f0d0b14c7330fa4040166953c4a428918ce78967fe500bfeaa5f2c10b64567b3","src/min_version.rs":"89b7ef6f9d2301db4f689f4d963b58375d577f705b92003a804048441e00cfd1","src/p11.rs":"704c5f164c4f195c8051c5bf1e69a912c34b613a8cf6bed5f577dc5674eea34e","src/prio.rs":"e5e169296c0ac69919c59fb6c1f8bd6bf079452eaa13d75da0edd41d435d3f6f","src/replay.rs":"96b7af8eff9e14313e79303092018b12e8834f780c96b8e247c497fdc680c696","src/result.rs":"0587cbb6aace71a7f9765ef7c01dcd9f73a49dcc6331e1d8fe4de2aef6ca65b6","src/secrets.rs":"4ffaa66f25df47dadf042063bff5953effa7bf2f4920cafe827757d6a659cb58","src/selfencrypt.rs":"b7cc1c896c7661c37461fc3a8bcbfdf2589433b907fa5f968ae4f6907704b441","src/ssl.rs":"c83baa5518b81dd06f2e4072ea3c2d666ccdeb8b1ff6e3746eea9f1af47023a6","src/time.rs":"c71a01ff8aa2c0e97fb16ad620df4ed6b7cc1819ff93f46634e2f1c9551627ec","tests/aead.rs":"e36ae77802df1ea6d17cfd1bd2178a3706089577d6fd1554ca86e748b8b235b9","tests/agent.rs":"824735f88e487a3748200844e9481e81a72163ad74d82faa9aa16594d9b9bb25","tests/ext.rs":"1b047d23d9b224ad06eb65d8f3a7b351e263774e404c79bbcbe8f43790e29c18","tests/handshake.rs":"e892a2839b31414be16e96cdf3b1a65978716094700c1a4989229f7edbf578a0","tests/hkdf.rs":"1d2098dc8398395864baf13e4886cfd1da6d36118727c3b264f457ee3da6b048","tests/hp.rs":"b24fec53771c169be788772532d2617a5349196cf87d6444dc74214f7c73e92c","tests/init.rs":"616313cb38eac44b8c71a1d23a52a7d7b4c7c07d4c20dc9ea6600c3317f92613","tests/selfencrypt.rs":"8d10840b41629bf449a6b3a551377315e8a05ca26c6b041548748196652c5909"},"package":null} +diff --git a/third_party/rust/neqo-crypto/src/constants.rs b/third_party/rust/neqo-crypto/src/constants.rs +index daef3d3c56..7e6823fd01 100644 +--- a/third_party/rust/neqo-crypto/src/constants.rs ++++ b/third_party/rust/neqo-crypto/src/constants.rs +@@ -62,7 +62,7 @@ remap_enum! { + TLS_GRP_EC_SECP384R1 = ssl_grp_ec_secp384r1, + TLS_GRP_EC_SECP521R1 = ssl_grp_ec_secp521r1, + TLS_GRP_EC_X25519 = ssl_grp_ec_curve25519, +- TLS_GRP_KEM_XYBER768D00 = ssl_grp_kem_xyber768d00, ++ TLS_GRP_KEM_MLKEM768X25519 = ssl_grp_kem_mlkem768x25519, + } + } + +diff --git a/third_party/rust/neqo-crypto/src/lib.rs b/third_party/rust/neqo-crypto/src/lib.rs +index 9b8a478294..cb94d1f32b 100644 +--- a/third_party/rust/neqo-crypto/src/lib.rs ++++ b/third_party/rust/neqo-crypto/src/lib.rs +@@ -122,13 +122,6 @@ pub fn init() -> Res<()> { + + secstatus_to_res(unsafe { nss::NSS_NoDB_Init(null()) })?; + secstatus_to_res(unsafe { nss::NSS_SetDomesticPolicy() })?; +- secstatus_to_res(unsafe { +- p11::NSS_SetAlgorithmPolicy( +- p11::SECOidTag::SEC_OID_XYBER768D00, +- p11::NSS_USE_ALG_IN_SSL_KX, +- 0, +- ) +- })?; + + Ok(NssLoaded::NoDb) + }); +diff --git a/third_party/rust/neqo-transport/.cargo-checksum.json b/third_party/rust/neqo-transport/.cargo-checksum.json +index 79d2126b4a..a67d56971b 100644 +--- a/third_party/rust/neqo-transport/.cargo-checksum.json ++++ b/third_party/rust/neqo-transport/.cargo-checksum.json +@@ -1 +1 @@ +-{"files":{"Cargo.toml":"2c18e43bca0b6e963cd3c169ed4b1dbf21de7e420b71be1d9cf1bf1bfcaa8d01","benches/range_tracker.rs":"590dd1f81c92e89ce28af1efdda583d85240438bd9c4c68767286d22a299ad4b","benches/rx_stream_orderer.rs":"53a008357703251a18100521a12d8fa9443c5601ddc3cbd1b3c2899074da4c4f","benches/transfer.rs":"94eb0ec1a0a7d0a4863ddc1c6d006521e52c1f2e7f03c69428b18f7eb827d33f","build.rs":"78ec79c93bf13c3a40ceef8bba1ea2eada61c8f2dfc15ea7bf117958d367949c","src/ackrate.rs":"4bb882e1069a0707dc85338b75327e2910c93ee5f36575767a0d58c4c41c9d4f","src/addr_valid.rs":"03c0b2ff85254179c5d425b12acfdcc6b1ea5735aeb0f604b9b3603451b3ef0a","src/cc/classic_cc.rs":"bd4999f21b6b7d754c8694345f40d0e99c1c3caba3d23a90bd9eb12798ef4979","src/cc/cubic.rs":"24c6913cc6346e5361007221c26e8096ece51583431fc3ab9c99e4ce4b0a9f5d","src/cc/mod.rs":"8031ed3d37bf780dd1364114149b1a1327656e7f481768548ad77db7006daf60","src/cc/new_reno.rs":"25d0921005688e0f0666efd0a4931b4f8cd44363587d98e5b6404818c5d05dd4","src/cc/tests/cubic.rs":"25ee2c60549bb8b3c1e9a915f148928a26b3f1c51e5f7fe6b646a437f520954c","src/cc/tests/mod.rs":"44f8df551e742ae1037cd1cdb85b2c1334c2e5ab3c23ed63d856dbc6b8743afc","src/cc/tests/new_reno.rs":"3cd7373063a3afecb6dfae7894edf959641d87d3de55d4abfa7742cd115fa358","src/cid.rs":"9686a3070c593cfca846d7549863728e31211b304b9fa876220f79bff5e24173","src/connection/dump.rs":"bd4fb55785fe42f5c94f7bcc14ccf4ae377d28b691fb55dbf1139ae9412b0ea9","src/connection/idle.rs":"6f588bab950620df322033abea5f8a731f5b6d88cbe68694b69ab8acea0745ae","src/connection/mod.rs":"72ab734a8d368b2f2d430899a65f5a8c64a21d797a0c3e6d3e53666ef8e0e740","src/connection/params.rs":"38e0b47c8cc5fbe602e3174d7a70df410829bc240b42f21cebd10818e606ef7c","src/connection/saved.rs":"97eb19792be3c4d721057021a43ea50a52f89a3cfa583d3d3dcf5d9144b332f5","src/connection/state.rs":"b1d4bdda3479e7957d1949a969281ecd8a3d88f4fbaff6dcf7ebbb576759339c","src/connection/test_internal.rs":"f3ebfe97b25c9c716d41406066295e5aff4e96a3051ef4e2b5fb258282bbc14c","src/connection/tests/ackrate.rs":"4a2b835575850ae4a14209d3e51883ecb1e69afb44ef91b5e13a5e6cb7174fab","src/connection/tests/cc.rs":"d9a0f00a8f439c4ea8d4b6fa689fbde8bd283256afdd68ec4a27f6638b729704","src/connection/tests/close.rs":"5f245fd134bc0759ef0c83a6d53e0a8d5a8e58dcdf203c750ec9121940272461","src/connection/tests/datagram.rs":"7d89e5293d5b50c7a54c9b48949c2c4c8ef5dc08f3e7e5f51654586578d65602","src/connection/tests/ecn.rs":"3ff05893154fb6a895fe4453db7cc54684ba3bdf268a36b69c36c4070768d7b4","src/connection/tests/handshake.rs":"67a6f090ed89ef6c63129f7e662dc1cfff3f291711a866dff3d779caa40e51c7","src/connection/tests/idle.rs":"2d588bd6570172ca08974931273b6c4645af3edca9ccac78499d7d2d5ecec86c","src/connection/tests/keys.rs":"7c58b255e9732711e13f2a3e1daa13ac9481d8c919a32ca62e70c850845a6b38","src/connection/tests/migration.rs":"40d4feba9957de7eef7391009996016af1a3052fabc7659680b64796cf9fb8bf","src/connection/tests/mod.rs":"43b7745e9722333f7bc851c70ccdfdd1dc4da3991a4b821fac677664719e760f","src/connection/tests/null.rs":"38f76a4ea15e6b11634d4374cb0f2a68bd250e5d35831edfce0fa48deeaa420d","src/connection/tests/priority.rs":"dd3504f52d3fce7a96441624bc1c82c733e6bb556b9b79d24d0f4fb4efaf5a9e","src/connection/tests/recovery.rs":"7f28767f3cca2ff60e3dcfa803e12ef043486a222f54681a8faf2ea2fee564a1","src/connection/tests/resumption.rs":"1a0de0993cd325224fc79a3c094d22636d5b122ab1123d16265d4fafb23574bd","src/connection/tests/stream.rs":"3a6b23be63e1901ea479749d8132db86959279329121fe5d51b34c3fef4d4d05","src/connection/tests/vn.rs":"92f61cfe4ccbb88f4f7c14f0e791bdece5368012922714d3dbd6a75bedb1b5a1","src/connection/tests/zerortt.rs":"139f25b992ee6f7e3cc31448f81e511386bb3b0e6691180c7f616b70c4864883","src/crypto.rs":"a0ff9053a13350e34aec02241eb2ae3e86d9f5af21065d5b8d71b7b229e00ced","src/ecn.rs":"2e54e0a57842070a80da61315b601085876351ef0272eaf65b8a59e32ecc4db8","src/events.rs":"3cdd7d5496b2745626db4ceb863b5a91ae943090a43a5816a1f9bcf873fba2be","src/fc.rs":"c8d10909912b6770e644aaec02cff6f89f557d5f40a246aa86654cf88c91d26e","src/frame.rs":"4262717662f155e62bb29c9f0cac295bbae96076eb2d92c27052a35f979aa196","src/lib.rs":"a8ab9b2204d50a3b6f6c1250ed0d47daafaef00c040b93dfa3c60195eeb07624","src/pace.rs":"86a674ac4d086148ea297214910458c3705918bd627b996ba8bbb12f2c4bf99e","src/packet/mod.rs":"16385a097363d3af6452c6dcb7f14fbd86e410dd42fa59435c5beea1699f77e9","src/packet/retry.rs":"d5f999485f21b388a7383cd011fc6e96109c1a9fb5aef79b19017df6844271ff","src/path.rs":"6a49a8a1cad609873f2cacca6489ba1a7a18cf238f7b8f6df2d0b0923edde3fd","src/qlog.rs":"07ea3a3e31ebf3819d40ff0dc4e4a88861db59f761542e9bc2e9e773eb555242","src/quic_datagrams.rs":"3d33ecb9e6e80c77b812e8260fc807352300fb2305a29b797259ae34c52b67c5","src/recovery/mod.rs":"4b1e45db1793785cda67fe804d1e6bc99b5f1a3ed3ff0f82e8164bc0aab11f8e","src/recovery/sent.rs":"959b70ed80b1061acf36bdd007f2b1baefbc8647c3a315d6fbd317884757beca","src/recovery/token.rs":"c1e4190c6733afd2bf5e60060d8ba3ab9fb136e02252e2480b281871a54d6066","src/recv_stream.rs":"f21ae0bb786901bb7d726a94cb3352607b0057128beaa331808137f2f57a330b","src/rtt.rs":"4635dc0c401b78a1fd9d34da6f9bf7f6e7f5be3a57ed9716e0efc8f0f94f1e47","src/send_stream.rs":"5b12a5543dd55d0d506eb64f828883b9761722a1558f16ecb90ce5a43587a2ff","src/sender.rs":"043be47e97d050532f12a564e78605cff7ff23e07639ea06059ebd85e0748f2f","src/server.rs":"3ededa0afd5e6b6888fc5ac9ce48e35e12974c338c7985f2b840e9dc76af0062","src/stats.rs":"257ab1242ea2e6bfac0900e6c4bdad794bc67b666930323d24e022e46b9be82b","src/stream_id.rs":"fd07cbb81709a54bdb0659f676ef851cd145c004b817044ede5b21e54fdb60e4","src/streams.rs":"f2e393dc73cc85c8339cb94daf6a09d3bde4d33d820fd6623ddd6b3d727d5fd5","src/tparams.rs":"592f29c9e2d2a63ff68b024ce23274896ed8ae83192b76b91f5e2991246682cd","src/tracking.rs":"c8581318cd7be3ca94ef4482341cfc1fdb70f934966c63a69335cb0bf5bd292a","src/version.rs":"182484ed9ecc2e17cab73cc61914a86a2d206936cab313825ae76fd37eeade77","tests/common/mod.rs":"7f9437d5efc38f4b9cabfece575e9168580e78e8638f46e538de58607f46ebb8","tests/conn_vectors.rs":"997702f4d8b8fa3b987b33077a0eb325e968b25b61fb4703532f8d97e1d4c98c","tests/connection.rs":"1c14853d61dad5f228a3e1a0becebb0c6826405de59ff601f43d5cb2fdb3f8ea","tests/network.rs":"04921aa5af583e842e6d2176a898fbfea747e831bbe292b5ef8441eaf546b93a","tests/retry.rs":"ace4a0baa36f7218c9942abc2b45b58f8c2dbd2b6004b469751e41b50f6f99d0","tests/server.rs":"9724460d7ac2f9d6af94baf6b3cf950900ae489412edc55d62609bacfcf02b09"},"package":null} +\ No newline at end of file ++{"files":{"Cargo.toml":"2c18e43bca0b6e963cd3c169ed4b1dbf21de7e420b71be1d9cf1bf1bfcaa8d01","benches/range_tracker.rs":"590dd1f81c92e89ce28af1efdda583d85240438bd9c4c68767286d22a299ad4b","benches/rx_stream_orderer.rs":"53a008357703251a18100521a12d8fa9443c5601ddc3cbd1b3c2899074da4c4f","benches/transfer.rs":"94eb0ec1a0a7d0a4863ddc1c6d006521e52c1f2e7f03c69428b18f7eb827d33f","build.rs":"78ec79c93bf13c3a40ceef8bba1ea2eada61c8f2dfc15ea7bf117958d367949c","src/ackrate.rs":"4bb882e1069a0707dc85338b75327e2910c93ee5f36575767a0d58c4c41c9d4f","src/addr_valid.rs":"03c0b2ff85254179c5d425b12acfdcc6b1ea5735aeb0f604b9b3603451b3ef0a","src/cc/classic_cc.rs":"bd4999f21b6b7d754c8694345f40d0e99c1c3caba3d23a90bd9eb12798ef4979","src/cc/cubic.rs":"24c6913cc6346e5361007221c26e8096ece51583431fc3ab9c99e4ce4b0a9f5d","src/cc/mod.rs":"8031ed3d37bf780dd1364114149b1a1327656e7f481768548ad77db7006daf60","src/cc/new_reno.rs":"25d0921005688e0f0666efd0a4931b4f8cd44363587d98e5b6404818c5d05dd4","src/cc/tests/cubic.rs":"25ee2c60549bb8b3c1e9a915f148928a26b3f1c51e5f7fe6b646a437f520954c","src/cc/tests/mod.rs":"44f8df551e742ae1037cd1cdb85b2c1334c2e5ab3c23ed63d856dbc6b8743afc","src/cc/tests/new_reno.rs":"3cd7373063a3afecb6dfae7894edf959641d87d3de55d4abfa7742cd115fa358","src/cid.rs":"9686a3070c593cfca846d7549863728e31211b304b9fa876220f79bff5e24173","src/connection/dump.rs":"bd4fb55785fe42f5c94f7bcc14ccf4ae377d28b691fb55dbf1139ae9412b0ea9","src/connection/idle.rs":"6f588bab950620df322033abea5f8a731f5b6d88cbe68694b69ab8acea0745ae","src/connection/mod.rs":"72ab734a8d368b2f2d430899a65f5a8c64a21d797a0c3e6d3e53666ef8e0e740","src/connection/params.rs":"38e0b47c8cc5fbe602e3174d7a70df410829bc240b42f21cebd10818e606ef7c","src/connection/saved.rs":"97eb19792be3c4d721057021a43ea50a52f89a3cfa583d3d3dcf5d9144b332f5","src/connection/state.rs":"b1d4bdda3479e7957d1949a969281ecd8a3d88f4fbaff6dcf7ebbb576759339c","src/connection/test_internal.rs":"f3ebfe97b25c9c716d41406066295e5aff4e96a3051ef4e2b5fb258282bbc14c","src/connection/tests/ackrate.rs":"4a2b835575850ae4a14209d3e51883ecb1e69afb44ef91b5e13a5e6cb7174fab","src/connection/tests/cc.rs":"d9a0f00a8f439c4ea8d4b6fa689fbde8bd283256afdd68ec4a27f6638b729704","src/connection/tests/close.rs":"5f245fd134bc0759ef0c83a6d53e0a8d5a8e58dcdf203c750ec9121940272461","src/connection/tests/datagram.rs":"7d89e5293d5b50c7a54c9b48949c2c4c8ef5dc08f3e7e5f51654586578d65602","src/connection/tests/ecn.rs":"3ff05893154fb6a895fe4453db7cc54684ba3bdf268a36b69c36c4070768d7b4","src/connection/tests/handshake.rs":"67a6f090ed89ef6c63129f7e662dc1cfff3f291711a866dff3d779caa40e51c7","src/connection/tests/idle.rs":"2d588bd6570172ca08974931273b6c4645af3edca9ccac78499d7d2d5ecec86c","src/connection/tests/keys.rs":"7c58b255e9732711e13f2a3e1daa13ac9481d8c919a32ca62e70c850845a6b38","src/connection/tests/migration.rs":"40d4feba9957de7eef7391009996016af1a3052fabc7659680b64796cf9fb8bf","src/connection/tests/mod.rs":"43b7745e9722333f7bc851c70ccdfdd1dc4da3991a4b821fac677664719e760f","src/connection/tests/null.rs":"38f76a4ea15e6b11634d4374cb0f2a68bd250e5d35831edfce0fa48deeaa420d","src/connection/tests/priority.rs":"dd3504f52d3fce7a96441624bc1c82c733e6bb556b9b79d24d0f4fb4efaf5a9e","src/connection/tests/recovery.rs":"7f28767f3cca2ff60e3dcfa803e12ef043486a222f54681a8faf2ea2fee564a1","src/connection/tests/resumption.rs":"1a0de0993cd325224fc79a3c094d22636d5b122ab1123d16265d4fafb23574bd","src/connection/tests/stream.rs":"3a6b23be63e1901ea479749d8132db86959279329121fe5d51b34c3fef4d4d05","src/connection/tests/vn.rs":"92f61cfe4ccbb88f4f7c14f0e791bdece5368012922714d3dbd6a75bedb1b5a1","src/connection/tests/zerortt.rs":"139f25b992ee6f7e3cc31448f81e511386bb3b0e6691180c7f616b70c4864883","src/crypto.rs":"033db48824fa541db728b43f25d5852d4c4de735c35d89151336649dd8d2429a","src/ecn.rs":"2e54e0a57842070a80da61315b601085876351ef0272eaf65b8a59e32ecc4db8","src/events.rs":"3cdd7d5496b2745626db4ceb863b5a91ae943090a43a5816a1f9bcf873fba2be","src/fc.rs":"c8d10909912b6770e644aaec02cff6f89f557d5f40a246aa86654cf88c91d26e","src/frame.rs":"4262717662f155e62bb29c9f0cac295bbae96076eb2d92c27052a35f979aa196","src/lib.rs":"a8ab9b2204d50a3b6f6c1250ed0d47daafaef00c040b93dfa3c60195eeb07624","src/pace.rs":"86a674ac4d086148ea297214910458c3705918bd627b996ba8bbb12f2c4bf99e","src/packet/mod.rs":"16385a097363d3af6452c6dcb7f14fbd86e410dd42fa59435c5beea1699f77e9","src/packet/retry.rs":"d5f999485f21b388a7383cd011fc6e96109c1a9fb5aef79b19017df6844271ff","src/path.rs":"6a49a8a1cad609873f2cacca6489ba1a7a18cf238f7b8f6df2d0b0923edde3fd","src/qlog.rs":"07ea3a3e31ebf3819d40ff0dc4e4a88861db59f761542e9bc2e9e773eb555242","src/quic_datagrams.rs":"3d33ecb9e6e80c77b812e8260fc807352300fb2305a29b797259ae34c52b67c5","src/recovery/mod.rs":"4b1e45db1793785cda67fe804d1e6bc99b5f1a3ed3ff0f82e8164bc0aab11f8e","src/recovery/sent.rs":"959b70ed80b1061acf36bdd007f2b1baefbc8647c3a315d6fbd317884757beca","src/recovery/token.rs":"c1e4190c6733afd2bf5e60060d8ba3ab9fb136e02252e2480b281871a54d6066","src/recv_stream.rs":"f21ae0bb786901bb7d726a94cb3352607b0057128beaa331808137f2f57a330b","src/rtt.rs":"4635dc0c401b78a1fd9d34da6f9bf7f6e7f5be3a57ed9716e0efc8f0f94f1e47","src/send_stream.rs":"5b12a5543dd55d0d506eb64f828883b9761722a1558f16ecb90ce5a43587a2ff","src/sender.rs":"043be47e97d050532f12a564e78605cff7ff23e07639ea06059ebd85e0748f2f","src/server.rs":"3ededa0afd5e6b6888fc5ac9ce48e35e12974c338c7985f2b840e9dc76af0062","src/stats.rs":"257ab1242ea2e6bfac0900e6c4bdad794bc67b666930323d24e022e46b9be82b","src/stream_id.rs":"fd07cbb81709a54bdb0659f676ef851cd145c004b817044ede5b21e54fdb60e4","src/streams.rs":"f2e393dc73cc85c8339cb94daf6a09d3bde4d33d820fd6623ddd6b3d727d5fd5","src/tparams.rs":"592f29c9e2d2a63ff68b024ce23274896ed8ae83192b76b91f5e2991246682cd","src/tracking.rs":"c8581318cd7be3ca94ef4482341cfc1fdb70f934966c63a69335cb0bf5bd292a","src/version.rs":"182484ed9ecc2e17cab73cc61914a86a2d206936cab313825ae76fd37eeade77","tests/common/mod.rs":"7f9437d5efc38f4b9cabfece575e9168580e78e8638f46e538de58607f46ebb8","tests/conn_vectors.rs":"997702f4d8b8fa3b987b33077a0eb325e968b25b61fb4703532f8d97e1d4c98c","tests/connection.rs":"c6755968255fb68795d9f1ae4ece73d7b674d8616d3512757309efd2c42c39d1","tests/network.rs":"04921aa5af583e842e6d2176a898fbfea747e831bbe292b5ef8441eaf546b93a","tests/retry.rs":"ace4a0baa36f7218c9942abc2b45b58f8c2dbd2b6004b469751e41b50f6f99d0","tests/server.rs":"9724460d7ac2f9d6af94baf6b3cf950900ae489412edc55d62609bacfcf02b09"},"package":null} +diff --git a/third_party/rust/neqo-transport/src/crypto.rs b/third_party/rust/neqo-transport/src/crypto.rs +index aca76b8bb9..3bfe7057bc 100644 +--- a/third_party/rust/neqo-transport/src/crypto.rs ++++ b/third_party/rust/neqo-transport/src/crypto.rs +@@ -21,7 +21,7 @@ use neqo_crypto::{ + TLS_AES_128_GCM_SHA256, TLS_AES_256_GCM_SHA384, TLS_CHACHA20_POLY1305_SHA256, TLS_CT_HANDSHAKE, + TLS_EPOCH_APPLICATION_DATA, TLS_EPOCH_HANDSHAKE, TLS_EPOCH_INITIAL, TLS_EPOCH_ZERO_RTT, + TLS_GRP_EC_SECP256R1, TLS_GRP_EC_SECP384R1, TLS_GRP_EC_SECP521R1, TLS_GRP_EC_X25519, +- TLS_GRP_KEM_XYBER768D00, TLS_VERSION_1_3, ++ TLS_GRP_KEM_MLKEM768X25519, TLS_VERSION_1_3, + }; + + use crate::{ +@@ -78,9 +78,10 @@ impl Crypto { + ])?; + match &mut agent { + Agent::Server(c) => { +- // Clients do not send xyber shares by default, but servers should accept them. ++ // Clients do not send mlkem768x25519 shares by default, but servers should accept ++ // them. + c.set_groups(&[ +- TLS_GRP_KEM_XYBER768D00, ++ TLS_GRP_KEM_MLKEM768X25519, + TLS_GRP_EC_X25519, + TLS_GRP_EC_SECP256R1, + TLS_GRP_EC_SECP384R1, +diff --git a/third_party/rust/neqo-transport/tests/connection.rs b/third_party/rust/neqo-transport/tests/connection.rs +index 35167d0abd..7f9304e9c8 100644 +--- a/third_party/rust/neqo-transport/tests/connection.rs ++++ b/third_party/rust/neqo-transport/tests/connection.rs +@@ -279,12 +279,12 @@ fn overflow_crypto() { + } + + #[test] +-fn test_handshake_xyber() { ++fn handshake_mlkem768x25519() { + let mut client = default_client(); + let mut server = default_server(); + + client +- .set_groups(&[neqo_crypto::TLS_GRP_KEM_XYBER768D00]) ++ .set_groups(&[neqo_crypto::TLS_GRP_KEM_MLKEM768X25519]) + .ok(); + client.send_additional_key_shares(0).ok(); + +@@ -293,10 +293,10 @@ fn test_handshake_xyber() { + assert_eq!(*server.state(), State::Confirmed); + assert_eq!( + client.tls_info().unwrap().key_exchange(), +- neqo_crypto::TLS_GRP_KEM_XYBER768D00 ++ neqo_crypto::TLS_GRP_KEM_MLKEM768X25519 + ); + assert_eq!( + server.tls_info().unwrap().key_exchange(), +- neqo_crypto::TLS_GRP_KEM_XYBER768D00 ++ neqo_crypto::TLS_GRP_KEM_MLKEM768X25519 + ); + } diff --git a/SPECS/firefox.spec b/SPECS/firefox.spec index cd64b64..96eb5c4 100644 --- a/SPECS/firefox.spec +++ b/SPECS/firefox.spec @@ -13,7 +13,8 @@ %endif # wasi_sdk is for sandboxing third party c/c++ libs by using rlbox, exclude s390x on the f39. -%bcond_with wasi_sdk + +%global with_wasi_sdk 0 %{lua: function dist_to_rhel_minor(str, start) @@ -54,6 +55,12 @@ end} %global rhel_minor_version %{lua:print(dist_to_rhel_minor(rpm.expand("%dist")))} +%if 0%{?rhel} == 10 +%global use_pipewire_camera 1 +%else +%global use_pipewire_camera 0 +%endif + # System libraries options %global system_nss 1 %global bundle_nss 0 @@ -69,7 +76,9 @@ end} %global system_nss 1 %endif %if %{rhel_minor_version} >= 10 - %global with_wasi_sdk 1 + %ifnarch s390x + %global with_wasi_sdk 1 + %endif %endif %endif @@ -79,7 +88,9 @@ end} %global system_nss 1 %endif %if %{rhel_minor_version} > 5 - %global with_wasi_sdk 1 + %ifnarch s390x + %global with_wasi_sdk 1 + %endif %endif %endif @@ -149,7 +160,7 @@ end} Summary: Mozilla Firefox Web browser Name: firefox -Version: 128.5.1 +Version: 128.6.0 Release: 1%{?dist}.inferit URL: https://www.mozilla.org/firefox/ License: MPLv1.1 or GPLv2+ or LGPLv2+ @@ -180,7 +191,7 @@ ExcludeArch: aarch64 s390 ppc # Link to original tarball: https://archive.mozilla.org/pub/firefox/releases/%%{version}%%{?pre_version}/source/firefox-%%{version}%%{?pre_version}.source.tar.xz Source0: firefox-%{version}%{?pre_version}%{?buildnum}.processed-source.tar.xz %if %{with langpacks} -Source1: firefox-langpacks-%{version}%{?pre_version}-20241202.tar.xz +Source1: firefox-langpacks-%{version}%{?pre_version}-20241218.tar.xz %endif Source2: cbindgen-vendor.tar.xz Source3: process-official-tarball @@ -235,6 +246,7 @@ Patch08: disable-pipewire.patch Patch09: rhbz-2131158-webrtc-nss-fix.patch Patch10: build-ffvpx.patch Patch11: build-disable-gamepad.patch +Patch12: firefox-system-nss-replace-xyber-with-mlkem.patch # -- Upstreamed patches -- Patch51: mozilla-bmo1170092.patch @@ -268,6 +280,28 @@ Patch201: D224587.1728128070.diff Patch202: D224588.1728128098.diff Patch203: wasi.patch +# --- Upstream PipeWire camera and screencast fixes ---- +# https://phabricator.services.mozilla.com/D215197 +Patch250: 001-libwebrtc-pipewire-screencast-hide-cursor-when-goes-off-screen-or-is-invisible.patch +# https://phabricator.services.mozilla.com/D216138 +Patch251: 002-libwebrtc-pipewire-camera-support-additional-formats-and-fix-rgb-bgr-mapping.patch +# https://phabricator.services.mozilla.com/D219224 +Patch252: 003-libwebrtc-pipewire-camera-filter-out-devices-without-capabilities.patch +# https://phabricator.services.mozilla.com/D219062 +Patch253: 004-firefox-always-query-information-about-camera-availability.patch +# https://phabricator.services.mozilla.com/D219060 +Patch254: 005-firefox-always-register-video-input-feedback-for-newly-created-deviceinfo.patch +# https://phabricator.services.mozilla.com/D220895 +Patch255: 006-libwebrtc-pipewire-camera-make-member-variable-with-pipewire-status-updated.patch +# https://phabricator.services.mozilla.com/D219218 +Patch256: 007-firefox-add-missing-support-for-device-change-notifications.patch +# https://phabricator.services.mozilla.com/D223112 +Patch257: 008-libwebrtc-pipewire-camera-get-max-fps-for-each-format-when-specified-as-list.patch +# https://phabricator.services.mozilla.com/D223119 +Patch258: 009-libwebrtc-pipewire-camera-use-exact-stream-parameters-specified-by-capability.patch +# https://phabricator.services.mozilla.com/D228635 +Patch259: 010-libwebrtc-pipewire-camera-use-better-unique-device-name-for-camera-devices.patch + # ---- Test patches ---- # Generate without context by # GENDIFF_DIFF_ARGS=-U0 gendiff firefox-xxxx .firefox-tests-xpcshell @@ -389,7 +423,7 @@ BuildRequires: xmlto BuildRequires: zlib-devel %endif -%if %{with wasi_sdk} +%if %{with_wasi_sdk} BuildRequires: lld BuildRequires: clang cmake ninja-build %endif @@ -1163,7 +1197,7 @@ echo "--------------------------------------------" #clang -print-search-dirs %setup -q -n %{name}-%{version} -%if %{with wasi_sdk} +%if %{with_wasi_sdk} %setup -q -T -D -a 50 %endif @@ -1191,9 +1225,12 @@ echo "--------------------------------------------" %endif %patch -P9 -p1 -b .rhbz-2131158-webrtc-nss-fix %patch -P10 -p1 -b .build-ffvpx +%if 0%{?rhel} == 10 +%patch -P12 -p1 -b .system-nss-replace-xyber-with-mlkem +%endif # We need to create the wasi.patch with the correct path to the wasm libclang_rt. -%if %{with wasi_sdk} +%if %{with_wasi_sdk} export LIBCLANG_RT=`pwd`/wasi-sdk-20/build/compiler-rt/lib/wasi/libclang_rt.builtins-wasm32.a; cat %{SOURCE38} | envsubst > %{_sourcedir}/wasi.patch %patch -P203 -p1 -b .wasi %endif @@ -1229,6 +1266,20 @@ export LIBCLANG_RT=`pwd`/wasi-sdk-20/build/compiler-rt/lib/wasi/libclang_rt.buil %patch -P202 -p1 -b .D224588 %endif +# --- Upstream PipeWire camera and screencast fixes ---- +%if %{?use_pipewire_camera} +%patch -P250 -p1 -b .pipewire-screencast-hide-cursor-when-goes-off-screen-or-is-invisible +%patch -P251 -p1 -b .pipewire-camera-support-additional-formats-and-fix-rgb-bgr-mapping +%patch -P252 -p1 -b .pipewire-camera-filter-out-devices-without-capabilities +%patch -P253 -p1 -b .always-query-information-about-camera-availability +%patch -P254 -p1 -b .always-register-video-input-feedback-for-newly-created-deviceinfo +%patch -P255 -p1 -b .pipewire-camera-make-member-variable-with-pipewire-status-updated +%patch -P256 -p1 -b .add-missing-support-for-device-change-notifications +%patch -P257 -p1 -b .pipewire-camera-get-max-fps-for-each-format-when-specified-as-list +%patch -P258 -p1 -b .pipewire-camera-use-exact-stream-parameters-specified-by-capability +%patch -P259 -p1 -b .pipewire-camera-use-better-unique-device-name-for-camera-devices +%endif + # ---- Security patches ---- # MSVSphere @@ -1313,7 +1364,7 @@ echo "ac_add_options --with-google-safebrowsing-api-keyfile=`pwd`/google-api-key # Clang 17 upstream's detection fails, tell it where to look. echo "ac_add_options --with-libclang-path=`llvm-config --libdir`" >> .mozconfig -%if %{with wasi_sdk} +%if %{with_wasi_sdk} echo "ac_add_options --with-wasi-sysroot=`pwd`/wasi-sdk-20/build/install/opt/wasi-sdk/share/wasi-sysroot" >> .mozconfig %else echo "ac_add_options --without-sysroot" >> .mozconfig @@ -1340,7 +1391,7 @@ python3 %{SOURCE503} %define _lto_cflags %{nil} #WASI SDK -%if %{with wasi_sdk} +%if %{with_wasi_sdk} pushd wasi-sdk-20 sed -i -e "s|VERSION=.*|VERSION=20|g" tar_from_installation.sh cat tar_from_installation.sh @@ -1805,6 +1856,11 @@ ln -s %{_datadir}/myspell %{buildroot}%{mozappdir}/dictionaries %{__cp} failures-* %{buildroot}/%{version}-%{release}/ || true %endif + +%if %{?use_pipewire_camera} +echo 'pref("media.webrtc.camera.allow-pipewire", true);' >> %{buildroot}%{mozappdir}/defaults/preferences/all-redhat.js +%endif + # Add distribution.ini %{__mkdir_p} %{buildroot}%{mozappdir}/distribution %{__sed} -e "s/__NAME__/%(source /etc/os-release; echo ${NAME})/g" \ @@ -1948,12 +2004,20 @@ gtk-update-icon-cache %{_datadir}/icons/hicolor &>/dev/null || : #--------------------------------------------------------------------- %changelog +* Wed Dec 18 2024 Eike Rathke - 128.6.0-1 +- Update to 128.6.0 build1 + * Mon Dec 02 2024 Eike Rathke - 128.5.1-1 - Update to 128.5.1 * Tue Nov 19 2024 Eike Rathke - 128.5.0-1 - Update to 128.5.0 build1 +* Mon Nov 18 2024 Jan Grulich - 128.4.0-1 - Update to 128.4.0 build1