From 20c3e1079745b0a552f17a770cf8bce4961dabcd7434affd33521c6ebe6527db Mon Sep 17 00:00:00 2001
From: Wolfgang Rosenauer <wolfgang@rosenauer.org>
Date: Tue, 21 May 2024 08:22:00 +0000
Subject: [PATCH] - Mozilla Firefox 126.0  
 https://www.mozilla.org/en-US/firefox/126.0/releasenotes   MFSA 2024-21
 (bsc#1224056)   * CVE-2024-4764 (bmo#1879093)     Use-after-free when audio
 input connected with multiple consumers   * CVE-2024-4367 (bmo#1893645)    
 Arbitrary JavaScript execution in PDF.js   * CVE-2024-4765 (bmo#1871109)    
 Web application manifests could have been overwritten via     hash collision 
  * CVE-2024-4766 (bmo#1871214, bmo#1871217)     Fullscreen notification could
 have been obscured on Firefox     for Android   * CVE-2024-4767 (bmo#1878577)
     IndexedDB files retained in private browsing mode   * CVE-2024-4768
 (bmo#1886082)     Potential permissions request bypass via clickjacking   *
 CVE-2024-4769 (bmo#1886108)     Cross-origin responses could be distinguished
 between script     and non-script content-types   * CVE-2024-4770
 (bmo#1893270)     Use-after-free could occur when printing to PDF   *
 CVE-2024-4771 (bmo#1893891)     Failed allocation could lead to
 use-after-free   * CVE-2024-4772 (bmo#1870579)     Use of insecure rand()
 function to generate nonce   * CVE-2024-4773 (bmo#1875248)     URL bar could
 be cleared after network error   * CVE-2024-4774 (bmo#1886598)     Undefined
 behavior in ShmemCharMapHashEntry()

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=1150
---
 MozillaFirefox.changes                     | 47 ++++++++++++++++++++++
 MozillaFirefox.spec                        | 15 ++++---
 firefox-125.0.3.source.tar.xz              |  3 --
 firefox-125.0.3.source.tar.xz.asc          | 16 --------
 firefox-126.0.source.tar.xz                |  3 ++
 firefox-126.0.source.tar.xz.asc            | 16 ++++++++
 l10n-125.0.3.tar.xz                        |  3 --
 l10n-126.0.tar.xz                          |  3 ++
 mozilla-kde.patch                          | 23 ++++++-----
 mozilla-libproxy-fix.patch                 | 25 ------------
 mozilla-rust-disable-future-incompat.patch | 15 +++----
 tar_stamps                                 |  8 ++--
 12 files changed, 102 insertions(+), 75 deletions(-)
 delete mode 100644 firefox-125.0.3.source.tar.xz
 delete mode 100644 firefox-125.0.3.source.tar.xz.asc
 create mode 100644 firefox-126.0.source.tar.xz
 create mode 100644 firefox-126.0.source.tar.xz.asc
 delete mode 100644 l10n-125.0.3.tar.xz
 create mode 100644 l10n-126.0.tar.xz
 delete mode 100644 mozilla-libproxy-fix.patch

diff --git a/MozillaFirefox.changes b/MozillaFirefox.changes
index ed7dcd76..5cdfed5a 100644
--- a/MozillaFirefox.changes
+++ b/MozillaFirefox.changes
@@ -1,3 +1,50 @@
+-------------------------------------------------------------------
+Wed May 15 08:46:30 UTC 2024 - Wolfgang Rosenauer <wr@rosenauer.org>
+
+- Mozilla Firefox 126.0
+  https://www.mozilla.org/en-US/firefox/126.0/releasenotes
+  MFSA 2024-21 (bsc#1224056)
+  * CVE-2024-4764 (bmo#1879093)
+    Use-after-free when audio input connected with multiple consumers
+  * CVE-2024-4367 (bmo#1893645)
+    Arbitrary JavaScript execution in PDF.js
+  * CVE-2024-4765 (bmo#1871109)
+    Web application manifests could have been overwritten via
+    hash collision
+  * CVE-2024-4766 (bmo#1871214, bmo#1871217)
+    Fullscreen notification could have been obscured on Firefox
+    for Android
+  * CVE-2024-4767 (bmo#1878577)
+    IndexedDB files retained in private browsing mode
+  * CVE-2024-4768 (bmo#1886082)
+    Potential permissions request bypass via clickjacking
+  * CVE-2024-4769 (bmo#1886108)
+    Cross-origin responses could be distinguished between script
+    and non-script content-types
+  * CVE-2024-4770 (bmo#1893270)
+    Use-after-free could occur when printing to PDF
+  * CVE-2024-4771 (bmo#1893891)
+    Failed allocation could lead to use-after-free
+  * CVE-2024-4772 (bmo#1870579)
+    Use of insecure rand() function to generate nonce
+  * CVE-2024-4773 (bmo#1875248)
+    URL bar could be cleared after network error
+  * CVE-2024-4774 (bmo#1886598)
+    Undefined behavior in ShmemCharMapHashEntry()
+  * CVE-2024-4775 (bmo#1887332)
+    Invalid memory access in the built-in profiler
+  * CVE-2024-4776 (bmo#1887343)
+    Window may remain disabled after file dialog is shown in
+    full-screen
+  * CVE-2024-4777 (bmo#1878199, bmo#1893340)
+    Memory safety bugs fixed in Firefox 126, Firefox ESR 115.11,
+    and Thunderbird 115.11
+  * CVE-2024-4778 (bmo#1838834, bmo#1889291, bmo#1889595,
+    bmo#1890204, bmo#1891545)
+    Memory safety bugs fixed in Firefox 126
+- requires NSS 3.100
+- removed obsolete mozilla-libproxy-fix.patch
+
 -------------------------------------------------------------------
 Mon Apr 29 18:17:48 UTC 2024 - Andreas Stieger <andreas.stieger@gmx.de>
 
diff --git a/MozillaFirefox.spec b/MozillaFirefox.spec
index f2387167..a8039b5b 100644
--- a/MozillaFirefox.spec
+++ b/MozillaFirefox.spec
@@ -28,9 +28,9 @@
 # orig_suffix b3
 # major 69
 # mainver %%major.99
-%define major          125
-%define mainver        %major.0.3
-%define orig_version   125.0.3
+%define major          126
+%define mainver        %major.0
+%define orig_version   126.0
 %define orig_suffix    %{nil}
 %define update_channel release
 %define branding       1
@@ -114,7 +114,7 @@ BuildRequires:  libiw-devel
 BuildRequires:  libproxy-devel
 BuildRequires:  makeinfo
 BuildRequires:  mozilla-nspr-devel >= 4.35
-BuildRequires:  mozilla-nss-devel >= 3.99
+BuildRequires:  mozilla-nss-devel >= 3.100
 BuildRequires:  nasm >= 2.14
 BuildRequires:  nodejs >= 12.22.12
 %if 0%{?sle_version} >= 120000 && 0%{?sle_version} < 150000
@@ -229,7 +229,6 @@ Patch21:        svg-rendering.patch
 Patch22:        mozilla-partial-revert-1768632.patch
 Patch23:        mozilla-rust-disable-future-incompat.patch
 Patch24:        mozilla-bmo1822730.patch
-Patch25:        mozilla-libproxy-fix.patch
 # Firefox/browser
 Patch101:       firefox-kde.patch
 Patch102:       firefox-branded-icons.patch
@@ -735,10 +734,10 @@ exit 0
 %{progdir}/platform.ini
 %if %crashreporter
 %{progdir}/crashreporter
-%{progdir}/crashreporter.ini
-%{progdir}/Throbber-small.gif
+#%{progdir}/crashreporter.ini
+#%{progdir}/Throbber-small.gif
 %{progdir}/minidump-analyzer
-%{progdir}/browser/crashreporter-override.ini
+#%{progdir}/browser/crashreporter-override.ini
 %endif
 %{_datadir}/applications/%{desktop_file_name}.desktop
 %{_datadir}/mime/packages/%{progname}.xml
diff --git a/firefox-125.0.3.source.tar.xz b/firefox-125.0.3.source.tar.xz
deleted file mode 100644
index 53ebe41e..00000000
--- a/firefox-125.0.3.source.tar.xz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:461c66b85e4a0345dcce422d3b66212489f3cca8f22a9a8f43a07a0c98bd5616
-size 551590872
diff --git a/firefox-125.0.3.source.tar.xz.asc b/firefox-125.0.3.source.tar.xz.asc
deleted file mode 100644
index 25f6bf20..00000000
--- a/firefox-125.0.3.source.tar.xz.asc
+++ /dev/null
@@ -1,16 +0,0 @@
------BEGIN PGP SIGNATURE-----
-
-iQIzBAABCgAdFiEErdcHlHlwDcrf3VM34207E/PZMnQFAmYtMEEACgkQ4207E/PZ
-MnSBeA/9E8S6inlmYrxQ2wf0LKnDKZmT06XUvlcKWy68F1RdEWNLqjMOV+o60rug
-/Gjnp6DT2yTMsXnoaO1Re89HGKHkZ1KbuevzjLUyXvQzNUbkCuA+5zqZEwa+16g7
-rxFpho7iEO5LkYB7PoQxks8AY+JaXlZreXMJ8I5wQ5+KnM8tQE1ZcoAFz2J5Oc9Y
-DHtVbzq09V6dh5B0oTjGxsWB65YqhxTc3zCpQ8nNB5IV6MwU99emfcI7usLWtdyP
-goTDXYCYlsORn0pTGkAL5GeXWgh4yAxOW5Fr3Cfv9oADFCTVFK07A7n8Y9fbuT5b
-9ZgUkBPjuwf3pFcQAXRerrPCbbo4SqMY88tcUNXhOjbwxGXplxBd+A1v/3I3wv5y
-jk3FGLHrlUX4AvBhMsajvUu6cpqPfVfDaKDRLpvJkPMTFz0Gv9Log8BnhQ852hkq
-/y0vvdY8znIvWM9pca97AtQVhhamKuAo7kqh996g8eT5Wa2pBbSuuKWteT1i+61Z
-iLsg8mcfnEgoP7w+KOgiSKvuG738MHvxMV/aQdR2AXLOCkltr4gqXytXhYsPLvJg
-qfeUdLqgYPu64vyhETzdfxqL4Ivaj25ikSXILO+iKJo5cMQP4j7g1oZAq7Qtt/Yi
-wC2cgmMKhn0fNB7f9csyyJV33jI55u56A7iO6p1Z4HCFbbTtI8k=
-=0RYQ
------END PGP SIGNATURE-----
diff --git a/firefox-126.0.source.tar.xz b/firefox-126.0.source.tar.xz
new file mode 100644
index 00000000..d6387274
--- /dev/null
+++ b/firefox-126.0.source.tar.xz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:910e82a1999ec229e5bc5090a39cec9c575e8bafcac2c54f9bb5c699bd868526
+size 552065476
diff --git a/firefox-126.0.source.tar.xz.asc b/firefox-126.0.source.tar.xz.asc
new file mode 100644
index 00000000..f431cb67
--- /dev/null
+++ b/firefox-126.0.source.tar.xz.asc
@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCgAdFiEErdcHlHlwDcrf3VM34207E/PZMnQFAmY9XrkACgkQ4207E/PZ
+MnT6RQ//S0b1dy2LR3WqwnZvdZRjT9jbmdJw7RKopN4KAaZmeL5qo4eBOWxkECqw
+TrZZiqX44Mm1DdIJG0NKP7D95WMAJuJQntV5VFJMZKtdtmD1UHMymMKOqYia21tr
+5pxrwEYAPP7t3zZIoCDmcgdwArWkdt+wJSNCTrTjaJQdygP02bex2lZl7HE7wsrp
+02/SAjl83iOkx2x+W9LeR889PGrrOe4c2Z0fHaqGtBJVOBR/1JJwjJT2td0CCjmD
+wAsI/O2nxwL+kMTB/8sexcYFdM2QDBmMOYJb82sb7mkc3y1xsCMhpGylmhXGFS3c
+en44BdNAHCTn91g/MlhIjUCPljWG+YkitE2/7GKotpOQTNH9rr2UET3aPzvwAZyf
+Gl5U9VN8u++ZCvVXrtmve1P2vOkJnUcq+MBxTgiBlFyqhvhww9KP7nIQslBzUhWc
+X25OKQVXHyfYLS3s+xP2ynCG7cXXbV3jSDBS7FcbiHqdaL4d1d9gnGj1/+77KOJA
+3aZ8ARLc1x9V/mc9HuyLrcletcpMhhusgY2fc/ae8i6Dh5nL+GY06x1Fv5JtNDR0
+XgJR6IflalT2EDeMOvRHWuWl1wPi8KVD3DRZiOKqBOuln2nZSyV2cpXozAgA87zE
+qanJq7bkFkl4YFMkBBytDUq85t4K9ztAlzTR0UeyKR4AuLRZuww=
+=5nXv
+-----END PGP SIGNATURE-----
diff --git a/l10n-125.0.3.tar.xz b/l10n-125.0.3.tar.xz
deleted file mode 100644
index aef35497..00000000
--- a/l10n-125.0.3.tar.xz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:67744c91e271a3e28c59a5b7d4136c0f338fdee73c633ebfcb350cb9a05a4df7
-size 31332840
diff --git a/l10n-126.0.tar.xz b/l10n-126.0.tar.xz
new file mode 100644
index 00000000..8de18dbb
--- /dev/null
+++ b/l10n-126.0.tar.xz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:7fb67354817ee6319fbe56189ef248105bc3025983dabfe654992f31a86c7f98
+size 31696716
diff --git a/mozilla-kde.patch b/mozilla-kde.patch
index bf2723ea..b5b9b92c 100644
--- a/mozilla-kde.patch
+++ b/mozilla-kde.patch
@@ -50,7 +50,7 @@ Co-authored-by: Björn Bidar <bjorn.bidar@thaodan.de>
 diff --git a/modules/libpref/Preferences.cpp b/modules/libpref/Preferences.cpp
 --- a/modules/libpref/Preferences.cpp
 +++ b/modules/libpref/Preferences.cpp
-@@ -90,16 +90,17 @@
+@@ -92,16 +92,17 @@
  #include "PLDHashTable.h"
  #include "prdtoa.h"
  #include "prlink.h"
@@ -727,7 +727,7 @@ diff --git a/uriloader/exthandler/HandlerServiceParent.cpp b/uriloader/exthandle
  using mozilla::dom::RemoteHandlerApp;
  
  namespace {
-@@ -305,18 +305,18 @@ mozilla::ipc::IPCResult HandlerServicePa
+@@ -309,18 +309,18 @@ mozilla::ipc::IPCResult HandlerServicePa
  mozilla::ipc::IPCResult HandlerServiceParent::RecvExistsForProtocolOS(
      const nsACString& aProtocolScheme, bool* aHandlerExists) {
    if (aProtocolScheme.Length() > MAX_SCHEME_LENGTH) {
@@ -771,7 +771,7 @@ diff --git a/uriloader/exthandler/moz.build b/uriloader/exthandler/moz.build
      ]
  elif CONFIG["MOZ_WIDGET_TOOLKIT"] == "windows":
      UNIFIED_SOURCES += [
-@@ -129,15 +131,16 @@ include("/ipc/chromium/chromium-config.m
+@@ -130,15 +132,16 @@ include("/ipc/chromium/chromium-config.m
  FINAL_LIBRARY = "xul"
  
  LOCAL_INCLUDES += [
@@ -991,7 +991,7 @@ new file mode 100644
 diff --git a/uriloader/exthandler/unix/nsMIMEInfoUnix.cpp b/uriloader/exthandler/unix/nsMIMEInfoUnix.cpp
 --- a/uriloader/exthandler/unix/nsMIMEInfoUnix.cpp
 +++ b/uriloader/exthandler/unix/nsMIMEInfoUnix.cpp
-@@ -1,48 +1,51 @@
+@@ -1,27 +1,30 @@
  /* -*- Mode: C++; tab-width: 3; indent-tabs-mode: nil; c-basic-offset: 2 -*-
   *
   * This Source Code Form is subject to the terms of the Mozilla Public
@@ -1004,6 +1004,8 @@ diff --git a/uriloader/exthandler/unix/nsMIMEInfoUnix.cpp b/uriloader/exthandler
  #include "nsIGIOService.h"
  #include "nsNetCID.h"
  #include "nsIIOService.h"
+ #include "nsLocalFile.h"
+ 
  #ifdef MOZ_ENABLE_DBUS
  #  include "nsDBusHandlerApp.h"
  #endif
@@ -1016,10 +1018,13 @@ diff --git a/uriloader/exthandler/unix/nsMIMEInfoUnix.cpp b/uriloader/exthandler
 +  return nsCommonRegistry::LoadURL(aURI);
  }
  
- NS_IMETHODIMP
- nsMIMEInfoUnix::GetHasDefaultHandler(bool* _retval) {
-   // if a default app is set, it means the application has been set from
-   // either /etc/mailcap or ${HOME}/.mailcap, in which case we don't want to
+ NS_IMETHODIMP nsMIMEInfoUnix::GetDefaultExecutable(nsIFile** aExecutable) {
+   // This needs to be implemented before FirefoxBridge will work on Linux.
+   // To implement this and be consistent, GetHasDefaultHandler and
+   // LaunchDefaultWithFile should probably be made to be consistent.
+   // Right now, they aren't. GetHasDefaultHandler reports true in cases
+   // where calling LaunchDefaultWithFile will fail due to not finding the
+@@ -37,25 +40,25 @@ nsMIMEInfoUnix::GetHasDefaultHandler(boo
    // give the GNOME answer.
    if (GetDefaultApplication()) {
      return nsMIMEInfoImpl::GetHasDefaultHandler(_retval);
@@ -1048,7 +1053,7 @@ diff --git a/uriloader/exthandler/unix/nsMIMEInfoUnix.cpp b/uriloader/exthandler
    if (*_retval) return NS_OK;
  
    return NS_OK;
-@@ -54,16 +57,31 @@ nsresult nsMIMEInfoUnix::LaunchDefaultWi
+@@ -67,16 +70,31 @@ nsresult nsMIMEInfoUnix::LaunchDefaultWi
    // give the GNOME answer.
    if (GetDefaultApplication()) {
      return nsMIMEInfoImpl::LaunchDefaultWithFile(aFile);
diff --git a/mozilla-libproxy-fix.patch b/mozilla-libproxy-fix.patch
deleted file mode 100644
index 3789564a..00000000
--- a/mozilla-libproxy-fix.patch
+++ /dev/null
@@ -1,25 +0,0 @@
-# HG changeset patch
-# User Wolfgang Rosenauer <wr@rosenauer.org>
-# Parent  302a32e4a14475d3bae305decad92870ec37bbe5
-
-diff --git a/toolkit/system/unixproxy/nsLibProxySettings.cpp b/toolkit/system/unixproxy/nsLibProxySettings.cpp
---- a/toolkit/system/unixproxy/nsLibProxySettings.cpp
-+++ b/toolkit/system/unixproxy/nsLibProxySettings.cpp
-@@ -94,11 +94,17 @@ nsresult nsUnixSystemProxySettings::GetP
- 
-     c++;
-   }
- 
-   free(proxyArray);
-   return NS_OK;
- }
- 
-+NS_IMETHODIMP
-+nsUnixSystemProxySettings::GetSystemWPADSetting(bool* aSystemWPADSetting) {
-+  *aSystemWPADSetting = false;
-+  return NS_OK;
-+}
-+
- NS_IMPL_COMPONENT_FACTORY(nsUnixSystemProxySettings) {
-   return do_AddRef(new nsUnixSystemProxySettings()).downcast<nsISupports>();
- }
diff --git a/mozilla-rust-disable-future-incompat.patch b/mozilla-rust-disable-future-incompat.patch
index 522e3559..75a1200a 100644
--- a/mozilla-rust-disable-future-incompat.patch
+++ b/mozilla-rust-disable-future-incompat.patch
@@ -1,20 +1,21 @@
 # HG changeset patch
-# Parent  fa3b49f090f8b4a1af0510a675d2674a420fcbc6
+# Parent  83a5e219b271976ee9dfa46b74ecc1c1c6d49f94
 
 diff --git a/Cargo.toml b/Cargo.toml
 --- a/Cargo.toml
 +++ b/Cargo.toml
-@@ -219,8 +219,13 @@ webext-storage = { git = "https://github
+@@ -234,8 +234,14 @@ mio_0_8 = { package = "mio", git = "http
  path = "third_party/rust/mio-0.6.23"
  
  [patch."https://github.com/mozilla/uniffi-rs.git"]
- uniffi = "=0.25.3"
- uniffi_bindgen = "=0.25.3"
- uniffi_build = "=0.25.3"
- uniffi_macros = "=0.25.3"
- weedle2 = "=4.0.0"
+ uniffi = "0.27.1"
+ uniffi_bindgen = "0.27.1"
+ uniffi_build = "0.27.1"
+ uniffi_macros = "0.27.1"
+ weedle2 = "=5.0.0"
 +
 +# Package code v0.1.4 uses code "that will be rejected by a future version of Rust"
 +# Shut up such messages for now to make the build succeed
 +[future-incompat-report]
 +frequency = "never"
++
diff --git a/tar_stamps b/tar_stamps
index d7d6c8ae..8f08aa24 100644
--- a/tar_stamps
+++ b/tar_stamps
@@ -1,10 +1,10 @@
 PRODUCT="firefox"
 CHANNEL="release"
-VERSION="125.0.3"
+VERSION="126.0"
 VERSION_SUFFIX=""
-PREV_VERSION="125.0.2"
+PREV_VERSION="125.0.3"
 PREV_VERSION_SUFFIX=""
 #SKIP_LOCALES="" # Uncomment to skip l10n and compare-locales-generation
 RELEASE_REPO="https://hg.mozilla.org/releases/mozilla-release"
-RELEASE_TAG="899257fc1af08f2b141cd16d4b6151c0e0b47a9a"
-RELEASE_TIMESTAMP="20240425211020"
+RELEASE_TAG="3db775a2083d15ae699bdc129ad9c51f323ace70"
+RELEASE_TIMESTAMP="20240509170740"