- Mozilla Firefox 123.0

https://www.mozilla.org/en-US/firefox/123.0/releasenotes/
  MFSA 2024-05 (bsc#1220048)
  * CVE-2024-1546 (bmo#1843752)
    Out-of-bounds memory read in networking channels
  * CVE-2024-1547 (bmo#1877879)
    Alert dialog could have been spoofed on another site
  * CVE-2024-1554 (bmo#1816390)
    fetch could be used to effect cache poisoning
  * CVE-2024-1548 (bmo#1832627)
    Fullscreen Notification could have been hidden by select element
  * CVE-2024-1549 (bmo#1833814)
    Custom cursor could obscure the permission dialog
  * CVE-2024-1550 (bmo#1860065)
    Mouse cursor re-positioned unexpectedly could have led to
    unintended permission grants
  * CVE-2024-1551 (bmo#1864385)
    Multipart HTTP Responses would accept the Set-Cookie header
    in response parts
  * CVE-2024-1555 (bmo#1873223)
    SameSite cookies were not properly respected when opening a
    website from an external browser
  * CVE-2024-1556 (bmo#1870414)
    Invalid memory access in the built-in profiler
  * CVE-2024-1552 (bmo#1874502)
    Incorrect code generation on 32-bit ARM devices
  * CVE-2024-1553 (bmo#1855686, bmo#1867982, bmo#1871498, bmo#1872296,
    bmo#1873521, bmo#1873577, bmo#1873597, bmo#1873866, bmo#1874080,
    bmo#1874740, bmo#1875795, bmo#1875906, bmo#1876425, bmo#1878211,
    bmo#1878286)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=1136

MozillaFirefox.changes

@@ -1,3 +1,43 @@
+-------------------------------------------------------------------
+Thu Feb 22 11:02:39 UTC 2024 - Wolfgang Rosenauer <wr@rosenauer.org>
+
+- Mozilla Firefox 123.0
+  https://www.mozilla.org/en-US/firefox/123.0/releasenotes/
+  MFSA 2024-05 (bsc#1220048)
+  * CVE-2024-1546 (bmo#1843752)
+    Out-of-bounds memory read in networking channels
+  * CVE-2024-1547 (bmo#1877879)
+    Alert dialog could have been spoofed on another site
+  * CVE-2024-1554 (bmo#1816390)
+    fetch could be used to effect cache poisoning
+  * CVE-2024-1548 (bmo#1832627)
+    Fullscreen Notification could have been hidden by select element
+  * CVE-2024-1549 (bmo#1833814)
+    Custom cursor could obscure the permission dialog
+  * CVE-2024-1550 (bmo#1860065)
+    Mouse cursor re-positioned unexpectedly could have led to
+    unintended permission grants
+  * CVE-2024-1551 (bmo#1864385)
+    Multipart HTTP Responses would accept the Set-Cookie header
+    in response parts
+  * CVE-2024-1555 (bmo#1873223)
+    SameSite cookies were not properly respected when opening a
+    website from an external browser
+  * CVE-2024-1556 (bmo#1870414)
+    Invalid memory access in the built-in profiler
+  * CVE-2024-1552 (bmo#1874502)
+    Incorrect code generation on 32-bit ARM devices
+  * CVE-2024-1553 (bmo#1855686, bmo#1867982, bmo#1871498, bmo#1872296,
+    bmo#1873521, bmo#1873577, bmo#1873597, bmo#1873866, bmo#1874080,
+    bmo#1874740, bmo#1875795, bmo#1875906, bmo#1876425, bmo#1878211,
+    bmo#1878286)
+    Memory safety bugs fixed in Firefox 123, Firefox ESR 115.8,
+    and Thunderbird 115.8
+  * CVE-2024-1557 (bmo#1746471, bmo#1848829, bmo#1864011, bmo#1869175,
+    bmo#1869455, bmo#1869938, bmo#1871606)
+    Memory safety bugs fixed in Firefox 123
+- requires NSS 3.97
+
 -------------------------------------------------------------------
 Tue Feb 13 21:21:15 UTC 2024 - Andreas Stieger <andreas.stieger@gmx.de>
 

MozillaFirefox.spec

@@ -28,9 +28,9 @@
 # orig_suffix b3
 # major 69
 # mainver %%major.99
-%define major          122
-%define mainver        %major.0.1
-%define orig_version   122.0.1
+%define major          123
+%define mainver        %major.0
+%define orig_version   123.0
 %define orig_suffix    %{nil}
 %define update_channel release
 %define branding       1
@@ -114,7 +114,7 @@ BuildRequires:  libiw-devel
 BuildRequires:  libproxy-devel
 BuildRequires:  makeinfo
 BuildRequires:  mozilla-nspr-devel >= 4.35
-BuildRequires:  mozilla-nss-devel >= 3.96.1
+BuildRequires:  mozilla-nss-devel >= 3.97
 BuildRequires:  nasm >= 2.14
 BuildRequires:  nodejs >= 12.22.12
 %if 0%{?sle_version} >= 120000 && 0%{?sle_version} < 150000

firefox-122.0.1.source.tar.xz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:36f19c9a748eec2fd6d3a1594d0f1d7b715eaa1d9ed6d7eeda9db8478dcf36d6
-size 533052916

firefox-122.0.1.source.tar.xz.asc

@@ -1,16 +0,0 @@
------BEGIN PGP SIGNATURE-----
-
-iQIzBAABCgAdFiEErdcHlHlwDcrf3VM34207E/PZMnQFAmXBJmYACgkQ4207E/PZ
-MnSzEBAA0Jg8a2wwljVEvPfj5xHg4hTGj6LWdBjoUBiRR/46y9y6lrr3bUBk9hmh
-Bee3uxRBb48ALw2zlf9IWQ5oXzrj1eS2kLy4jXvKuXQpF4ksfXAFGzDQnI3LJaGj
-Yz+RWL4DBmfK8N7s4ZOPEdYe7UqQL7O9ojY/MGiNPHozTHT1NoJKc305tQpiu40N
-+DMdf4aSki720TCWyB+MQIsMbsPDkBOdYg3kGE79zwV9UrWO3kGwaHg7bX6wONjn
-9bnDAms7asW5zdf0AGdxGQeuml3t/OvX99Cv5CkOb1OOfqvmYBkzd3Kk2xivpHq5
-OxcDtXowDmshXJP9bq3iaFVy95xfcNdOqKJgwEs0m9FqAJSq1kQMGVFIggdwJ+az
-0zWR+lEz8sIEOQtXo5bLPduflKQh7QHpOXteHwTWsEWvfpceSv2bZ006CPL8tghT
-tTFmmfy39OzbKGhoVy7XifLpmu+ndPt3FUO53YKpFsmQKUA34gs6nkjTtQ3byea3
-ewHr7fpQpAJnIVA00SVLqxYm6AYQuV8Vf27sEk2O9jyH5MNx3QlfsmqV7mPdU5EX
-IgnIuhFSwQmeMCFm232xg4Pt7PJ05Z21dUoYwhPCLb3zJbXVRg9RBUUDSKkR7LY+
-78NLeoZa+zO7cwy8GREyE9CfQKbT17Sw0G18hTAYuiVVON1OaNs=
-=J+o/
------END PGP SIGNATURE-----

firefox-123.0.source.tar.xz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:9e885abdaddb14cd4f313c1575282fec6af5901f445e9744fe24e2ea837d4cb7
+size 537279276

firefox-123.0.source.tar.xz.asc

@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCgAdFiEErdcHlHlwDcrf3VM34207E/PZMnQFAmXMa0oACgkQ4207E/PZ
+MnQxSg//cJOBdBbxOkfEt0aEV/WJGGLvt5TqGi/r2LhtqssQWcRpLNbDIkM36yQ9
+M7cMBzSoOhCPsDr8s2PNJXutX7Yr7LoHjYKE41zFG8iQdgQqV8AqrUTHCfVwI3Vw
+bL1Edg67QVUFXCCty38ZH1kz3IdYBnRMIgFipAWf/8Hn6qdiqGuFfD8IVTwgn9ED
+Npv46YixaYBsxK6zYPCJRA7r/VAXNbdevHOb07da36KJ28gxb5xF2xxJ8pzviVBU
+UkyF3pZaZZ2nwnLSnTigDpb/MsoTuOFN08+vM4bXtNl0gHYV2ZFVlCEr5jYnYg/R
+VsWDKSwyUVfsHzZjmVae6MjxyUZUIADsJJOfmbn2IB1x3gi0Qzr9Jc8EpwBsDXUS
+CMbzckK8szhm5M/bCYCy5V+l4iwJGQKyV5TlCkO6AsU8SriO9hud9uiialqueISF
+CRvz6dJd2TvFVCY3IqOgkYiZAA4+/GtVEHxJpi2+vzxrwGiqO2IYVM5/sYffXLxp
+UNzrkMapJWcuujhxQwbx094peugmmAGspyvSSbn93A8PlU9CmCK5pn/ClmQp3MFx
+hV/RZIYyvweOKiwTp6Cqkp4pRISkeKs437hg4IMJQbaHfINsH/TXrjRLzUJ6IA1d
+UnCsgQPn7KtBmzvviM883FBYPIOcswwSGJFSN1PgGr9XiVUNDpE=
+=Em8L
+-----END PGP SIGNATURE-----

l10n-122.0.1.tar.xz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:46fcbb122d6bc321c4f6be604a47d3107f5cabfbdbc9b6747b478c012780edf1
-size 31066796

l10n-123.0.tar.xz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:db489606750a6d8b1752d6f99228cb5811ca0f8bbc5a9c576f892220f4326b9d
+size 31107184

mozilla-silence-no-return-type.patch

@@ -1,5 +1,5 @@
 # HG changeset patch
-# Parent  f5fd2bbd77ef4b6554a7180c9c4768e64aca3b2a
+# Parent  d1908d68e16e148fcc012caac881a03417eccc7e
 
 diff --git a/gfx/skia/skia/include/codec/SkEncodedOrigin.h b/gfx/skia/skia/include/codec/SkEncodedOrigin.h
 --- a/gfx/skia/skia/include/codec/SkEncodedOrigin.h
@@ -505,13 +505,13 @@ diff --git a/third_party/libwebrtc/api/video/video_frame_buffer.cc b/third_party
 diff --git a/third_party/libwebrtc/api/video_codecs/video_codec.cc b/third_party/libwebrtc/api/video_codecs/video_codec.cc
 --- a/third_party/libwebrtc/api/video_codecs/video_codec.cc
 +++ b/third_party/libwebrtc/api/video_codecs/video_codec.cc
-@@ -113,16 +113,17 @@ const char* CodecTypeToPayloadString(Vid
-     case kVideoCodecH264:
-       return kPayloadNameH264;
+@@ -126,16 +126,17 @@ const char* CodecTypeToPayloadString(Vid
      case kVideoCodecMultiplex:
        return kPayloadNameMultiplex;
      case kVideoCodecGeneric:
        return kPayloadNameGeneric;
+     case kVideoCodecH265:
+       return kPayloadNameH265;
    }
    RTC_CHECK_NOTREACHED();
 +  return "";
@@ -641,12 +641,12 @@ diff --git a/third_party/libwebrtc/call/adaptation/video_stream_adapter.cc b/thi
 diff --git a/third_party/libwebrtc/call/rtp_payload_params.cc b/third_party/libwebrtc/call/rtp_payload_params.cc
 --- a/third_party/libwebrtc/call/rtp_payload_params.cc
 +++ b/third_party/libwebrtc/call/rtp_payload_params.cc
-@@ -400,17 +400,17 @@ absl::optional<FrameDependencyStructure>
-       }
+@@ -405,17 +405,17 @@ absl::optional<FrameDependencyStructure>
        return structure;
      }
      case VideoCodecType::kVideoCodecAV1:
      case VideoCodecType::kVideoCodecH264:
+     case VideoCodecType::kVideoCodecH265:
      case VideoCodecType::kVideoCodecMultiplex:
        return absl::nullopt;
    }
@@ -920,10 +920,10 @@ diff --git a/third_party/libwebrtc/modules/pacing/bitrate_prober.cc b/third_part
 diff --git a/third_party/libwebrtc/modules/rtp_rtcp/source/create_video_rtp_depacketizer.cc b/third_party/libwebrtc/modules/rtp_rtcp/source/create_video_rtp_depacketizer.cc
 --- a/third_party/libwebrtc/modules/rtp_rtcp/source/create_video_rtp_depacketizer.cc
 +++ b/third_party/libwebrtc/modules/rtp_rtcp/source/create_video_rtp_depacketizer.cc
-@@ -33,11 +33,12 @@ std::unique_ptr<VideoRtpDepacketizer> Cr
-       return std::make_unique<VideoRtpDepacketizerVp9>();
-     case kVideoCodecAV1:
-       return std::make_unique<VideoRtpDepacketizerAv1>();
+@@ -36,11 +36,12 @@ std::unique_ptr<VideoRtpDepacketizer> Cr
+     case kVideoCodecH265:
+       // TODO(bugs.webrtc.org/13485): Implement VideoRtpDepacketizerH265.
+       return nullptr;
      case kVideoCodecGeneric:
      case kVideoCodecMultiplex:
        return std::make_unique<VideoRtpDepacketizerGeneric>();

tar_stamps

@@ -1,10 +1,10 @@
 PRODUCT="firefox"
 CHANNEL="release"
-VERSION="122.0.1"
+VERSION="123.0"
 VERSION_SUFFIX=""
-PREV_VERSION="122.0"
+PREV_VERSION="122.0.1"
 PREV_VERSION_SUFFIX=""
 #SKIP_LOCALES="" # Uncomment to skip l10n and compare-locales-generation
 RELEASE_REPO="https://hg.mozilla.org/releases/mozilla-release"
-RELEASE_TAG="5eb7272884b4ce02cffab7900e41551608885492"
-RELEASE_TIMESTAMP="20240205133611"
+RELEASE_TAG="d3c71a6fc9a1aecf1fe04f8de2fc0b816588e677"
+RELEASE_TIMESTAMP="20240213221259"