Accepting request 1251116 from mozilla:Factory

- Mozilla Firefox 136.0
  https://www.mozilla.org/en-US/firefox/136.0/releasenotes/
  MFSA 2025-14 (bsc#1237683)
  * CVE-2025-1930 (bmo#1902309)
    AudioIPC StreamData could trigger a use-after-free in the
    Browser process
  * CVE-2025-1939 (bmo#1928334)
    Tapjacking in Android Custom Tabs using transition animations
  * CVE-2025-1931 (bmo#1944126)
    Use-after-free in WebTransportChild
  * CVE-2025-1932 (bmo#1944313)
    Inconsistent comparator in XSLT sorting led to out-of-bounds access
  * CVE-2025-1933 (bmo#1946004)
    JIT corruption of WASM i32 return values on 64-bit CPUs
  * CVE-2025-1940 (bmo#1908488)
    Android Intent confirmation prompt tapjacking using Select options
  * CVE-2024-9956 (bmo#1922357)
    Passkey phishing within Bluetooth range
  * CVE-2025-1934 (bmo#1942881)
    Unexpected GC during RegExp bailout processing
  * CVE-2025-1941 (bmo#1944665)
    Lock screen setting bypass in Firefox Focus for Android
  * CVE-2025-1942 (bmo#1947139)
    Disclosure of uninitialized memory when .toUpperCase() causes
    string to get longer
  * CVE-2025-1935 (bmo#1866661)
    Clickjacking the registerProtocolHandler info-bar
  * CVE-2025-1936 (bmo#1940027)
    Adding %00 and a fake extension to a jar: URL  changed the
    interpretation of the contents

OBS-URL: https://build.opensuse.org/request/show/1251116
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaFirefox?expand=0&rev=449

MozillaFirefox.changes

@@ -1,3 +1,50 @@
+-------------------------------------------------------------------
+Thu Mar  6 07:18:59 UTC 2025 - Wolfgang Rosenauer <wr@rosenauer.org>
+
+- Mozilla Firefox 136.0
+  https://www.mozilla.org/en-US/firefox/136.0/releasenotes/
+  MFSA 2025-14 (bsc#1237683)
+  * CVE-2025-1930 (bmo#1902309)
+    AudioIPC StreamData could trigger a use-after-free in the
+    Browser process
+  * CVE-2025-1939 (bmo#1928334)
+    Tapjacking in Android Custom Tabs using transition animations
+  * CVE-2025-1931 (bmo#1944126)
+    Use-after-free in WebTransportChild
+  * CVE-2025-1932 (bmo#1944313)
+    Inconsistent comparator in XSLT sorting led to out-of-bounds access
+  * CVE-2025-1933 (bmo#1946004)
+    JIT corruption of WASM i32 return values on 64-bit CPUs
+  * CVE-2025-1940 (bmo#1908488)
+    Android Intent confirmation prompt tapjacking using Select options
+  * CVE-2024-9956 (bmo#1922357)
+    Passkey phishing within Bluetooth range
+  * CVE-2025-1934 (bmo#1942881)
+    Unexpected GC during RegExp bailout processing
+  * CVE-2025-1941 (bmo#1944665)
+    Lock screen setting bypass in Firefox Focus for Android
+  * CVE-2025-1942 (bmo#1947139)
+    Disclosure of uninitialized memory when .toUpperCase() causes
+    string to get longer
+  * CVE-2025-1935 (bmo#1866661)
+    Clickjacking the registerProtocolHandler info-bar
+  * CVE-2025-1936 (bmo#1940027)
+    Adding %00 and a fake extension to a jar: URL  changed the
+    interpretation of the contents
+  * CVE-2025-1937 (bmo#1938471, bmo#1940716)
+    Memory safety bugs fixed in Firefox 136, Thunderbird 136,
+    Firefox ESR 115.21, Firefox ESR 128.8, and Thunderbird 128.8
+  * CVE-2025-1938 (bmo#1922889, bmo#1935004, bmo#1943586,
+    bmo#1943912, bmo#1948111)
+    Memory safety bugs fixed in Firefox 136, Thunderbird 136,
+    Firefox ESR 128.8, and Thunderbird 128.8
+  * CVE-2025-1943 (bmo#1869650, bmo#1938451, bmo#1940326,
+    bmo#1944052, bmo#1944063, bmo#1947281)
+    Memory safety bugs fixed in Firefox 136 and Thunderbird 136
+- requires
+  * NSS 3.108
+  * rust 1.84
+
 -------------------------------------------------------------------
 Mon Feb  3 10:55:18 UTC 2025 - Wolfgang Rosenauer <wr@rosenauer.org>
 

MozillaFirefox.spec

@@ -28,9 +28,9 @@
 # orig_suffix b3
 # major 69
 # mainver %%major.99
-%define major          135
+%define major          136
 %define mainver        %major.0
-%define orig_version   135.0
+%define orig_version   136.0
 %define orig_suffix    %{nil}
 %define update_channel release
 %define branding       1
@@ -103,8 +103,8 @@ BuildRequires:  gcc13-c++
 %else
 BuildRequires:  gcc-c++
 %endif
-BuildRequires:  cargo1.83
-BuildRequires:  rust1.83
+BuildRequires:  cargo1.84
+BuildRequires:  rust1.84
 %if 0%{useccache} != 0
 BuildRequires:  ccache
 %endif
@@ -114,7 +114,7 @@ BuildRequires:  libiw-devel
 BuildRequires:  libproxy-devel
 BuildRequires:  makeinfo
 BuildRequires:  mozilla-nspr-devel >= 4.36
-BuildRequires:  mozilla-nss-devel >= 3.107
+BuildRequires:  mozilla-nss-devel >= 3.108
 BuildRequires:  nasm >= 2.14
 BuildRequires:  nodejs >= 12.22.12
 %if 0%{?sle_version} >= 120000 && 0%{?sle_version} < 150000
@@ -722,10 +722,10 @@ exit 0
 %{progdir}/platform.ini
 %if %crashreporter
 %{progdir}/crashreporter
-#%{progdir}/crashreporter.ini
-#%{progdir}/Throbber-small.gif
-#%{progdir}/minidump-analyzer
-#%{progdir}/browser/crashreporter-override.ini
+#%%{progdir}/crashreporter.ini
+#%%{progdir}/Throbber-small.gif
+#%%{progdir}/minidump-analyzer
+#%%{progdir}/browser/crashreporter-override.ini
 %endif
 %{_datadir}/applications/%{desktop_file_name}.desktop
 %{_datadir}/mime/packages/%{progname}.xml

firefox-135.0.source.tar.xz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:827e12a962ef47511089af4498f65ebf42fa57ca31db790bfd7e9a820d16b960
-size 613526736

firefox-135.0.source.tar.xz.asc

@@ -1,16 +0,0 @@
------BEGIN PGP SIGNATURE-----
-
-iQIzBAABCgAdFiEErdcHlHlwDcrf3VM34207E/PZMnQFAmecC28ACgkQ4207E/PZ
-MnTnFA/+PihW3lZ57SMQZ36BOLkmBOdSb0BatS3G7l0Hwaz1AAOJWW7UMv1InfIC
-/RWknMRAQvalG1VFj2U3Ev3gROAOn1TVmPZHO7EdPRahwyTPfrZfu7rrSHkepKhr
-laAzDi3fB4mU95KySOxRFrCD7UT5wNfoC+qMoLdp7hQyLIiYhuXKveridn7yNfQv
-B6vjc0xCzX+6exSbUzAck5xjr5ZlfMAgzTc/3TK16pf3AZFjTHFerQzoSHuj1+QI
-YsgenjfLKxxkjen6/xeu1hxSvMSKUZdHwO5NW519y/sIsDquRBUQlWPRJVwqP/If
-qLiRNmhF+Id3SehjaeFgSvEjbxXAPZI6QIJMWKAF7xFrDtH/pIjKhUECKcD97qwR
-D8WlpZ4ivB8Yw1gm3dK9zh6+Aypf7iiX5lAqDu5S+Dn3mKuXDqKtSkRkd1PHLidn
-nBmBa+CLxR+Xy+WTCMY6uILsgjjGWLoAzxlseoVcBzg1TK3DdEtlbY5jt6iBOhs4
-Tz/lqLmxdB5S9gpFjIl0EQtv7FiASb2rqdbBzVm5o8rbLvxMgXspvFPtHEW5G1Pn
-dHHCOQXyaozDIRDgzVw9nGXua6YvXLNVCwFUZ28EJC6eMwqVqObxGKgUvG7mMTN0
-oOkdq9pZTwqNWlc1RFO1yPEwP+c21VRsFFnXPaa+Y4VjTICpQuw=
-=gatF
------END PGP SIGNATURE-----

firefox-136.0.source.tar.xz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:3bee314eb7934451be4e2c7ecac38b382f8422fed8287e05be26fe94dd286f57
+size 603708216

firefox-136.0.source.tar.xz.asc

@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCgAdFiEErdcHlHlwDcrf3VM34207E/PZMnQFAmfArZwACgkQ4207E/PZ
+MnTz4g/9EuFjBd9m8T1lrM9C4nJ24DZBA4dUiTA1TUaRPRAYDxynbVG/HMfb8M3u
+9ytY6h/+mRZihAbItRKgO8TFs/t4paPTGakP1gMmYylTECnAtJ91ofE0Rqt8HIVF
+4wOkU0gyscr9UGomKxPWIC8YSCf1PM8qeiPxCbYQqeN+UE0nEmw+ZZXMLzgdAM6T
+SfXb33fut0UstfExHDLkYQ8HF+icl66m7HBm13QIqLwdER+CXLjxfyLumeVicQbo
+6vZfHdYCj1P0Ty/AOxaskgy5p+Q8MRS2sQN8l1VaZB2Gqdgl4IwXdmghbZlQYJBv
+D54sI7vs7NbOlMSixAEPleTD88MJUYer3tmvRIzgXT9YKmsFpvembqvXUAgJglne
+x176DRHf98CndIGWG31Y1fVC94RDpFuGCqToifxuKMAVcfXckc4TEejcAqn1G7WE
+CuuHGquTE5rx5fht17JKepNE/dXJfJu24DN0pe7nWv9qUJM/AyGdsb4woZXChSAq
+NqO1OupGxYosK4rFl39tVj+1y3dlmG1oOUZJ//NcucSdrmHsStkRC4Va4DZzzUrz
+VP84RUqcCnI0BDAR/rmZB9xdWgXieBhONWUc/SRw6gutORAmwtxGTq3M/XWD1XvI
+udCBHbSeixxmgY8EGEFqaGdQun1ut0AJZisIm9yld4pRFj5a70M=
+=7DfH
+-----END PGP SIGNATURE-----

l10n-135.0.tar.xz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:3117a9697601069159fc3aae36263e4c602fa8b2a3dc908f8c189a75540889f9
-size 35199464

l10n-136.0.tar.xz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:3ec3a6fa146fc1fa7805e94f15e89e77b52adaa6a1b7697052f3d19476cebffa
+size 35303352

tar_stamps

@@ -1,10 +1,10 @@
 PRODUCT="firefox"
 CHANNEL="release"
-VERSION="135.0"
+VERSION="136.0"
 VERSION_SUFFIX=""
-PREV_VERSION="134.0.2"
+PREV_VERSION="1354.0"
 PREV_VERSION_SUFFIX=""
 #SKIP_LOCALES="" # Uncomment to skip l10n and compare-locales-generation
 RELEASE_REPO="https://hg.mozilla.org/releases/mozilla-release"
-RELEASE_TAG="17c38d56ca552e154046a33a3ec8d3bb56ae00a1"
-RELEASE_TIMESTAMP="20250130195129"
+RELEASE_TAG="2da0b1797683d2fa353390e70080c29b97a63a91"
+RELEASE_TIMESTAMP="20250227124745"