- Mozilla Firefox 120.0

https://www.mozilla.org/en-US/firefox/120.0/releasenotes
  MFSA 2023-49 (bsc#1217230)
  * CVE-2023-6204 (bmo#1841050)
    Out-of-bound memory access in WebGL2 blitFramebuffer
  * CVE-2023-6205 (bmo#1854076)
    Use-after-free in MessagePort::Entangled
  * CVE-2023-6206 (bmo#1857430)
    Clickjacking permission prompts using the fullscreen
    transition
  * CVE-2023-6207 (bmo#1861344)
    Use-after-free in ReadableByteStreamQueueEntry::Buffer
  * CVE-2023-6208 (bmo#1855345)
    Using Selection API would copy contents into X11 primary
    selection.
  * CVE-2023-6209 (bmo#1858570)
    Incorrect parsing of relative URLs starting with "///"
  * CVE-2023-6210 (bmo#1801501)
    Mixed-content resources not blocked in a javascript: pop-up
  * CVE-2023-6211 (bmo#1850200)
    Clickjacking to load insecure pages in HTTPS-only mode
  * CVE-2023-6212 (bmo#1658432, bmo#1820983, bmo#1829252,
    bmo#1856072, bmo#1856091, bmo#1859030, bmo#1860943,
    bmo#1862782)
    Memory safety bugs fixed in Firefox 120, Firefox ESR 115.5,
    and Thunderbird 115.5
  * CVE-2023-6213 (bmo#1849265, bmo#1851118, bmo#1854911)
    Memory safety bugs fixed in Firefox 120
- rebased patches

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=1120

MozillaFirefox.changes

@@ -1,3 +1,36 @@
+-------------------------------------------------------------------
+Wed Nov 22 06:57:37 UTC 2023 - Wolfgang Rosenauer <wr@rosenauer.org>
+
+- Mozilla Firefox 120.0
+  https://www.mozilla.org/en-US/firefox/120.0/releasenotes
+  MFSA 2023-49 (bsc#1217230)
+  * CVE-2023-6204 (bmo#1841050)
+    Out-of-bound memory access in WebGL2 blitFramebuffer
+  * CVE-2023-6205 (bmo#1854076)
+    Use-after-free in MessagePort::Entangled
+  * CVE-2023-6206 (bmo#1857430)
+    Clickjacking permission prompts using the fullscreen
+    transition
+  * CVE-2023-6207 (bmo#1861344)
+    Use-after-free in ReadableByteStreamQueueEntry::Buffer
+  * CVE-2023-6208 (bmo#1855345)
+    Using Selection API would copy contents into X11 primary
+    selection.
+  * CVE-2023-6209 (bmo#1858570)
+    Incorrect parsing of relative URLs starting with "///"
+  * CVE-2023-6210 (bmo#1801501)
+    Mixed-content resources not blocked in a javascript: pop-up
+  * CVE-2023-6211 (bmo#1850200)
+    Clickjacking to load insecure pages in HTTPS-only mode
+  * CVE-2023-6212 (bmo#1658432, bmo#1820983, bmo#1829252,
+    bmo#1856072, bmo#1856091, bmo#1859030, bmo#1860943,
+    bmo#1862782)
+    Memory safety bugs fixed in Firefox 120, Firefox ESR 115.5,
+    and Thunderbird 115.5
+  * CVE-2023-6213 (bmo#1849265, bmo#1851118, bmo#1854911)
+    Memory safety bugs fixed in Firefox 120
+- rebased patches
+
 -------------------------------------------------------------------
 Wed Nov  8 20:27:15 UTC 2023 - Andreas Stieger <andreas.stieger@gmx.de>
 

MozillaFirefox.spec

@@ -28,9 +28,9 @@
 # orig_suffix b3
 # major 69
 # mainver %%major.99
-%define major          119
-%define mainver        %major.0.1
-%define orig_version   119.0.1
+%define major          120
+%define mainver        %major.0
+%define orig_version   120.0
 %define orig_suffix    %{nil}
 %define update_channel release
 %define branding       1

firefox-119.0.1.source.tar.xz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:48cc43cab060e97467e9a17617f511a177e7b91b7e77e408425351a2cbb07f70
-size 524717896

firefox-119.0.1.source.tar.xz.asc

@@ -1,16 +0,0 @@
------BEGIN PGP SIGNATURE-----
-
-iQIzBAABCgAdFiEErdcHlHlwDcrf3VM34207E/PZMnQFAmVJPZsACgkQ4207E/PZ
-MnQJBxAAnLfI92Dtrn2DYP9qz7QTadoLIO7jrbTchmr0yb995sU8KCVz4vRa21CJ
-0NHvVUXTDfCbGnoqK+i0f/pPBk9dtdQcwOFSqRTu6Z4cUqFaMEjLFRmOpgNyeP6A
-pZ8ur/eoVdsd3Il29hzneOaS/DrAL29Vc7thw3hndyS/U7kz6YVbgswlfZ3b788p
-5KgwvfwGEoO7eYBs5id2iVXFBv9+tNvQ+IKq36rTmg3nF16xg5TboOc6MJEHgie2
-ifNNpPtLxueYiCJrUaso+nn8q9DORCZhCExHII3+WZEghPLnp3PuKS3/7s7WRm9a
-nhFrLymXsXScLX7S0yVm/VFKv2qvB31LxviXlGGADZY3URXVN8pMA69MWQt4pJ3D
-iY8nuJNM4TeJV92robhIoNvSlIGid+VfAd/QnJQfD5rS7k/JyENRcPX20nvTHNBu
-vNMMh5INVh2cNSzrHC6tJ27cJJVnqeWqR96YGfJb3uanwpTBl043RQ3HvT8wjiPY
-IDt1r0NeRjlHPpCqs+yU4/L56gwB6YFuMBT/Wkq+w4RJwM314bKI7jWnm+j3IOGz
-lDFxZTaJOe6Qs82A04JeNrv99q9twCGMeYAnzzs9LCORr/BHpxlQ4uBEF+AAyeo4
-xIvfNz8RQrvVC7qo9PFud/4L3Xx20NEKzTk/VeZ2p1ptuMGo8J4=
-=YHYk
------END PGP SIGNATURE-----

firefox-120.0.source.tar.xz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:e710058701074eda53ca9f5fd52c57254858a027984f735bdcd58d6906f6b574
+size 534394880

firefox-120.0.source.tar.xz.asc

@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCgAdFiEErdcHlHlwDcrf3VM34207E/PZMnQFAmVWVjoACgkQ4207E/PZ
+MnQOKxAAhMNvQMzvg2jAchYwpQeeRed3DyBK6RmJfYk5ifSl/0AodovItGwZwNxm
+Y4PXny/xt8Gned9VEMX8xN3CPSRTiGZKZxCK6JBd5+2LH8e0ILyghjsOuZEPxbm1
+tSz2Iz7/w126ZeTkYdLY8rNMCS8l78PcAxQlPUbkKLdeC0uif9eBYnuJqaIHJqr6
+QUVkf3nno380KXA0hPBqGyAEBRlJBJgen+LYkfe0fgZ9Q3RbXZLybg1R3SIC3jbQ
+Hf8wYbjO8CG90W9ffz5EXDCscUgcVkxpTYgNi6GF1aK4+w2O6274viPBzr5PoBwb
+yC0QrClTiPoQreBfUhI9xbypJmlPfUa2+lz1eVfw6Z2Vd5QWA9b8jNgOsvBrCRDw
+99JW/LtYHv1xiNTMYnAcS4NbmIUhfvUv2F0TzROhdK4sDAQANtHiCHN+5yURERLm
+Ta8mC6/MFRQ1KsbFns0wXVBK9ASK/X4qmZnv6HKyuqowVQNlU/NX0HXsyLSceq2H
+KfADdQl3ORXDmSgOEzrghWl4ZZhINZEyTLwU4RR71ZzM9t2eknse2QvYYTbsUkoQ
+Iej/SFByibAKH0t5d8ETknEvJOZD9PI88U+KUIsfhsXgvrSGpkHbqOPrTP7lSppe
+Cnrzx4TmS0vTId5t7bYGFyJc5AEi3pl9P+8L7D6j//Y2CGfE/VM=
+=5fKk
+-----END PGP SIGNATURE-----

firefox-kde.patch

@@ -27,10 +27,14 @@ How to apply this patch:
  create mode 100644 browser/components/shell/nsUnixShellService.h
 
 diff --git a/browser/components/preferences/main.js b/browser/components/preferences/main.js
-index 609b9a9d06178b42b0ba8509500a1b72d8bd3b88..05df0fc6ce279ab6161a3f93450e7296c95a371f 100644
 --- a/browser/components/preferences/main.js
 +++ b/browser/components/preferences/main.js
-@@ -294,6 +294,13 @@ var gMainPane = {
+@@ -291,16 +291,23 @@ var gMainPane = {
+         }, backoffTimes[this._backoffIndex + 1 < backoffTimes.length ? this._backoffIndex++ : backoffTimes.length - 1]);
+       };
+ 
+       window.setTimeout(() => {
+         window.requestIdleCallback(pollForDefaultBrowser);
        }, backoffTimes[this._backoffIndex]);
      }
  
@@ -44,10 +48,20 @@ index 609b9a9d06178b42b0ba8509500a1b72d8bd3b88..05df0fc6ce279ab6161a3f93450e7296
      this.initBrowserContainers();
      this.buildContentProcessCountMenuList();
  
-@@ -1725,6 +1732,17 @@ var gMainPane = {
+     this.updateDefaultPerformanceSettingsPref();
+ 
+     let defaultPerformancePref = Preferences.get(
+       "browser.preferences.defaultPerformanceSettings.enabled"
+     );
+@@ -1744,16 +1751,27 @@ var gMainPane = {
+       this._backoffIndex = 0;
+ 
+       let shellSvc = getShellService();
+       if (!shellSvc) {
+         return;
        }
        try {
-         shellSvc.setDefaultBrowser(true, false);
+         shellSvc.setDefaultBrowser(false);
 +        if (kde_session == 1) {
 +          var shellObj = Components.classes["@mozilla.org/file/local;1"]
 +            .createInstance(Components.interfaces.nsILocalFile);
@@ -62,11 +76,20 @@ index 609b9a9d06178b42b0ba8509500a1b72d8bd3b88..05df0fc6ce279ab6161a3f93450e7296
        } catch (ex) {
          console.error(ex);
          return;
+       }
+ 
+       let isDefault = shellSvc.isDefaultBrowser(false, true);
+       let setDefaultPane = document.getElementById("setDefaultPane");
+       setDefaultPane.classList.toggle("is-default", isDefault);
 diff --git a/browser/components/shell/moz.build b/browser/components/shell/moz.build
-index eb88cb287dc3f04022b74b978666118bbd5fa6b2..95277533781a7224d108e3c45731a6d9a89ba1a0 100644
 --- a/browser/components/shell/moz.build
 +++ b/browser/components/shell/moz.build
-@@ -36,6 +36,8 @@ elif CONFIG["MOZ_WIDGET_TOOLKIT"] == "gtk":
+@@ -31,16 +31,18 @@ if CONFIG["MOZ_WIDGET_TOOLKIT"] == "coco
+     ]
+ elif CONFIG["MOZ_WIDGET_TOOLKIT"] == "gtk":
+     XPIDL_SOURCES += [
+         "nsIGNOMEShellService.idl",
+     ]
  
      SOURCES += [
          "nsGNOMEShellService.cpp",
@@ -75,12 +98,16 @@ index eb88cb287dc3f04022b74b978666118bbd5fa6b2..95277533781a7224d108e3c45731a6d9
      ]
      if CONFIG["MOZ_ENABLE_DBUS"]:
          SOURCES += [
+             "nsGNOMEShellDBusHelper.cpp",
+             "nsGNOMEShellSearchProvider.cpp",
+         ]
+         include("/ipc/chromium/chromium-config.mozbuild")
+ 
 diff --git a/browser/components/shell/nsKDEShellService.cpp b/browser/components/shell/nsKDEShellService.cpp
 new file mode 100644
-index 0000000000000000000000000000000000000000..152a3aca87ea73477bc75c4e93c01e5a52dda102
 --- /dev/null
 +++ b/browser/components/shell/nsKDEShellService.cpp
-@@ -0,0 +1,109 @@
+@@ -0,0 +1,108 @@
 +/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
 +/* This Source Code Form is subject to the terms of the Mozilla Public
 + * License, v. 2.0. If a copy of the MPL was not distributed with this
@@ -136,8 +163,7 @@ index 0000000000000000000000000000000000000000..152a3aca87ea73477bc75c4e93c01e5a
 +}
 +
 +NS_IMETHODIMP
-+nsKDEShellService::SetDefaultBrowser(bool aClaimAllTypes,
-+                                     bool aForAllUsers)
++nsKDEShellService::SetDefaultBrowser(bool aForAllUsers)
 +{
 +    nsCOMPtr<nsIMutableArray> command = do_CreateInstance( NS_ARRAY_CONTRACTID );
 +    if (!command)
@@ -151,7 +177,7 @@ index 0000000000000000000000000000000000000000..152a3aca87ea73477bc75c4e93c01e5a
 +    cmdstr->SetData("SETDEFAULTBROWSER"_ns);
 +    command->AppendElement( cmdstr );
 +
-+    paramstr->SetData( aClaimAllTypes ? "ALLTYPES"_ns : "NORMAL"_ns );
++    paramstr->SetData("ALLTYPES"_ns);
 +    command->AppendElement( paramstr );
 +
 +    return nsKDEUtils::command( command ) ? NS_OK : NS_ERROR_FAILURE;
@@ -192,7 +218,6 @@ index 0000000000000000000000000000000000000000..152a3aca87ea73477bc75c4e93c01e5a
 +
 diff --git a/browser/components/shell/nsKDEShellService.h b/browser/components/shell/nsKDEShellService.h
 new file mode 100644
-index 0000000000000000000000000000000000000000..8b0bb19164352453cfa453dd87c19263160b9ad8
 --- /dev/null
 +++ b/browser/components/shell/nsKDEShellService.h
 @@ -0,0 +1,32 @@
@@ -230,7 +255,6 @@ index 0000000000000000000000000000000000000000..8b0bb19164352453cfa453dd87c19263
 +#endif // nskdeshellservice_h____
 diff --git a/browser/components/shell/nsUnixShellService.cpp b/browser/components/shell/nsUnixShellService.cpp
 new file mode 100644
-index 0000000000000000000000000000000000000000..abf266ebdc52e136f495911da3454e69c770c6db
 --- /dev/null
 +++ b/browser/components/shell/nsUnixShellService.cpp
 @@ -0,0 +1,22 @@
@@ -258,7 +282,6 @@ index 0000000000000000000000000000000000000000..abf266ebdc52e136f495911da3454e69
 +}
 diff --git a/browser/components/shell/nsUnixShellService.h b/browser/components/shell/nsUnixShellService.h
 new file mode 100644
-index 0000000000000000000000000000000000000000..26b5dbac47dd9a8ec1fcb6c93575cca750692735
 --- /dev/null
 +++ b/browser/components/shell/nsUnixShellService.h
 @@ -0,0 +1,15 @@

l10n-119.0.1.tar.xz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:411c128505c49ebcb462a1bb0cce3402624cbbb06a6cc222f7249c212e474719
-size 30476444

l10n-120.0.tar.xz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:3cb6fc2fd5484e9a1b277c8878c17c2bc8b222b5bdd72ae346e9ba4da16e8154
+size 30685716

mozilla-silence-no-return-type.patch

@@ -1,5 +1,5 @@
 # HG changeset patch
-# Parent  f809af927a59e945c76f51c25b1044fb42748c24
+# Parent  e7eb7e9e99204275532b04de030879c9548b88a3
 
 diff --git a/gfx/skia/skia/include/codec/SkEncodedOrigin.h b/gfx/skia/skia/include/codec/SkEncodedOrigin.h
 --- a/gfx/skia/skia/include/codec/SkEncodedOrigin.h
@@ -387,7 +387,7 @@ diff --git a/gfx/skia/skia/src/utils/SkShadowUtils.cpp b/gfx/skia/skia/src/utils
 diff --git a/intl/icu/source/i18n/number_rounding.cpp b/intl/icu/source/i18n/number_rounding.cpp
 --- a/intl/icu/source/i18n/number_rounding.cpp
 +++ b/intl/icu/source/i18n/number_rounding.cpp
-@@ -278,27 +278,29 @@ Precision IncrementPrecision::withMinFra
+@@ -282,27 +282,29 @@ Precision IncrementPrecision::withMinFra
  }
  
  FractionPrecision Precision::constructFraction(int32_t minFrac, int32_t maxFrac) {
@@ -681,6 +681,27 @@ diff --git a/third_party/libwebrtc/call/video_send_stream.cc b/third_party/libwe
  VideoSendStream::StreamStats::~StreamStats() = default;
  
  std::string VideoSendStream::StreamStats::ToString() const {
+diff --git a/third_party/libwebrtc/media/base/codec.cc b/third_party/libwebrtc/media/base/codec.cc
+--- a/third_party/libwebrtc/media/base/codec.cc
++++ b/third_party/libwebrtc/media/base/codec.cc
+@@ -195,16 +195,17 @@ bool Codec::Matches(const Codec& codec,
+                (codec.bitrate == 0 || bitrate <= 0 ||
+                 bitrate == codec.bitrate) &&
+                ((codec.channels < 2 && channels < 2) ||
+                 channels == codec.channels);
+ 
+       case Type::kVideo:
+         return IsSameCodecSpecific(name, params, codec.name, codec.params);
+     }
++    return false; // unreached
+   };
+ 
+   return matches_id && matches_type_specific();
+ }
+ 
+ bool Codec::MatchesCapability(
+     const webrtc::RtpCodecCapability& codec_capability) const {
+   webrtc::RtpCodecParameters codec_parameters = ToCodecParameters();
 diff --git a/third_party/libwebrtc/modules/audio_processing/agc2/clipping_predictor.cc b/third_party/libwebrtc/modules/audio_processing/agc2/clipping_predictor.cc
 --- a/third_party/libwebrtc/modules/audio_processing/agc2/clipping_predictor.cc
 +++ b/third_party/libwebrtc/modules/audio_processing/agc2/clipping_predictor.cc
@@ -915,7 +936,7 @@ diff --git a/third_party/libwebrtc/modules/rtp_rtcp/source/create_video_rtp_depa
 diff --git a/third_party/libwebrtc/modules/rtp_rtcp/source/rtp_sender.cc b/third_party/libwebrtc/modules/rtp_rtcp/source/rtp_sender.cc
 --- a/third_party/libwebrtc/modules/rtp_rtcp/source/rtp_sender.cc
 +++ b/third_party/libwebrtc/modules/rtp_rtcp/source/rtp_sender.cc
-@@ -135,16 +135,17 @@ bool IsNonVolatile(RTPExtensionType type
+@@ -133,16 +133,17 @@ bool IsNonVolatile(RTPExtensionType type
  #if defined(WEBRTC_MOZILLA_BUILD)
      case kRtpExtensionCsrcAudioLevel:
        // TODO: Mozilla implement for CsrcAudioLevel

tar_stamps

@@ -1,10 +1,10 @@
 PRODUCT="firefox"
 CHANNEL="release"
-VERSION="119.0.1"
+VERSION="120.0"
 VERSION_SUFFIX=""
-PREV_VERSION="119.0"
+PREV_VERSION="119.0.1"
 PREV_VERSION_SUFFIX=""
 #SKIP_LOCALES="" # Uncomment to skip l10n and compare-locales-generation
 RELEASE_REPO="https://hg.mozilla.org/releases/mozilla-release"
-RELEASE_TAG="b8f0d32ac6a5c34db8692ed382c3018e6309ea09"
-RELEASE_TIMESTAMP="20231106151204"
+RELEASE_TAG="5ae4969c2b0450edbe68bd94b613f1f30f8a3fcb"
+RELEASE_TIMESTAMP="20231116134553"