Accepting request 1226801 from mozilla:Factory

- Mozilla Firefox 133.0 https://www.mozilla.org/en-US/firefox/133.0/releasenotes MFSA 2024-63 (bsc#1233695) * CVE-2024-11691 (bmo#1914707, bmo#1924184) Memory corruption in Apple GPU drivers * CVE-2024-11700 (bmo#1836921) Potential Tapjacking Exploit for Intent Confirmation on Android * CVE-2024-11692 (bmo#1909535) Select list elements could be shown over another site * CVE-2024-11701 (bmo#1914797) Misleading Address Bar State During Navigation Interruption * CVE-2024-11702 (bmo#1918884) Inadequate Clipboard Protection in Private Browsing Mode on Android * CVE-2024-11693 (bmo#1921458) Download Protections were bypassed by .library-ms files on Windows * CVE-2024-11694 (bmo#1924167) CSP Bypass and XSS Exposure via Web Compatibility Shims * CVE-2024-11695 (bmo#1925496) URL Bar Spoofing via Manipulated Punycode and Whitespace Characters * CVE-2024-11703 (bmo#1928779) Password access without authentication via PIN bypass on Android * CVE-2024-11696 (bmo#1929600) Unhandled Exception in Add-on Signature Verification * CVE-2024-11697 (bmo#1842187) Improper Keypress Handling in Executable File Confirmation Dialog * CVE-2024-11704 (bmo#1899402) Potential Double-Free Vulnerability in PKCS#7 Decryption Handling * CVE-2024-11698 (bmo#1916152) OBS-URL: https://build.opensuse.org/request/show/1226801 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaFirefox?expand=0&rev=443
- Mozilla Firefox 133.0
2024-11-28 23:08:13 +00:00 · 2024-11-27 07:41:19 +00:00 · 2024-11-25 10:56:51 +00:00 · 2024-11-18 18:56:43 +00:00 · 2024-11-15 13:48:17 +00:00 · 2024-11-11 12:43:37 +00:00
18 changed files with 538 additions and 2706 deletions
--- a/MozillaFirefox.changes
+++ b/MozillaFirefox.changes
@ -1,3 +1,256 @@
 -------------------------------------------------------------------
 Mon Nov 25 11:00:38 UTC 2024 - Wolfgang Rosenauer <wr@rosenauer.org>
 - Mozilla Firefox 133.0
  https://www.mozilla.org/en-US/firefox/133.0/releasenotes
  MFSA 2024-63 (bsc#1233695)
  * CVE-2024-11691 (bmo#1914707, bmo#1924184)
    Memory corruption in Apple GPU drivers
  * CVE-2024-11700 (bmo#1836921)
    Potential Tapjacking Exploit for Intent Confirmation on Android
  * CVE-2024-11692 (bmo#1909535)
    Select list elements could be shown over another site
  * CVE-2024-11701 (bmo#1914797)
    Misleading Address Bar State During Navigation Interruption
  * CVE-2024-11702 (bmo#1918884)
    Inadequate Clipboard Protection in Private Browsing Mode on
    Android
  * CVE-2024-11693 (bmo#1921458)
    Download Protections were bypassed by .library-ms files on
    Windows
  * CVE-2024-11694 (bmo#1924167)
    CSP Bypass and XSS Exposure via Web Compatibility Shims
  * CVE-2024-11695 (bmo#1925496)
    URL Bar Spoofing via Manipulated Punycode and Whitespace Characters
  * CVE-2024-11703 (bmo#1928779)
    Password access without authentication via PIN bypass on Android
  * CVE-2024-11696 (bmo#1929600)
    Unhandled Exception in Add-on Signature Verification
  * CVE-2024-11697 (bmo#1842187)
    Improper Keypress Handling in Executable File Confirmation Dialog
  * CVE-2024-11704 (bmo#1899402)
    Potential Double-Free Vulnerability in PKCS#7 Decryption Handling
  * CVE-2024-11698 (bmo#1916152)
    Fullscreen Lock-Up When Modal Dialog Interrupts Transition on macOS
  * CVE-2024-11705 (bmo#1921768)
    Null Pointer Dereference in NSC_DeriveKey
  * CVE-2024-11706 (bmo#1923767)
    Null Pointer Dereference in PKCS#12 Utility
  * CVE-2024-11708 (bmo#1922912)
    Data race with PlaybackParams
  * CVE-2024-11699 (bmo#1880582, bmo#1929911)
    Memory safety bugs fixed in Firefox 133, Firefox ESR 128.5,
    and Thunderbird 128.5
 - requires NSS 3.106
 - remove obsolete mozilla-python313.patch
 -------------------------------------------------------------------
 Sat Nov 23 17:52:32 UTC 2024 - Dirk Müller <dmueller@suse.com>
 - add mozilla-python313.patch to fix build with python 3.13+
 -------------------------------------------------------------------
 Fri Nov 15 13:37:19 UTC 2024 - Wolfgang Rosenauer <wr@rosenauer.org>
 - Mozilla Firefox 132.0.2
  * Fixed possible errors when playing encrypted media content
    through some streaming providers. (bmo#1929491)
  * Added a mitigation to help reduce the frequency of duplicated
    push notifications reported by some users. (bmo#1928868)
  * Fixed hangs when printing from some sites when using the system
    print dialog. (bmo#1898184)
  * Fixed a crash which could occur when using Microsoft SSO on macOS
    (bmo#1929622)
  * Fixed a crash in the Network Monitor developer tool which could
    occur in some circumstances. (bmo#1924882)
 -------------------------------------------------------------------
 Sun Nov 10 12:56:23 UTC 2024 - Wolfgang Rosenauer <wr@rosenauer.org>
 - require xdg-desktop-portal (boo#1233166)
 -------------------------------------------------------------------
 Tue Nov  5 08:54:03 UTC 2024 - Wolfgang Rosenauer <wr@rosenauer.org>
 - Mozilla Firefox 132.0.1
  * Fixed issues causing intermittent video playback problems on
    some sites. (bmo#1928484, bmo#1928798)
 - remove KDE integration patches
  - mozilla-kde.patch
  - firefox-kde.patch
  on KDE use these settings instead
  widget.use-xdg-desktop-portal.file-picker=1
  widget.use-xdg-desktop-portal.mime-handler=1
  (those are set by the latest branding package as well)
 -------------------------------------------------------------------
 Mon Oct 28 11:59:31 UTC 2024 - Wolfgang Rosenauer <wr@rosenauer.org>
 - Mozilla Firefox 132.0
  https://www.mozilla.org/en-US/firefox/132.0/releasenotes
  MFSA 2024-55 (bsc#1231879)
  * CVE-2024-10458 (bmo#1921733)
    Permission leak via embed or object elements
  * CVE-2024-10459 (bmo#1919087)
    Use-after-free in layout with accessibility
  * CVE-2024-10460 (bmo#1912537)
    Confusing display of origin for external protocol handler prompt
  * CVE-2024-10461 (bmo#1914521)
    XSS due to Content-Disposition being ignored in
    multipart/x-mixed-replace response
  * CVE-2024-10462 (bmo#1920423)
    Origin of permission prompt could be spoofed by long URL
  * CVE-2024-10463 (bmo#1920800)
    Cross origin video frame leak
  * CVE-2024-10468 (bmo#1914982)
    Race conditions in IndexedDB
  * CVE-2024-10464 (bmo#1913000)
    History interface could have been used to cause a Denial of
    Service condition in the browser
  * CVE-2024-10465 (bmo#1918853)
    Clipboard "paste" button persisted across tabs
  * CVE-2024-10466 (bmo#1924154)
    DOM push subscription message could hang Firefox
  * CVE-2024-10467 (bmo#1829029, bmo#1888538, bmo#1900394, bmo#1904059,
    bmo#1917742, bmo#1919809, bmo#1923706)
    Memory safety bugs fixed in Firefox 132, Thunderbird 132,
    Firefox ESR 128.4, and Thunderbird 128.4
 - requires NSS 3.105
 - rebased patches
 -------------------------------------------------------------------
 Thu Oct 17 06:18:12 UTC 2024 - Wolfgang Rosenauer <wr@rosenauer.org>
 - Mozilla Firefox 131.0.3
  * some users could not access the Bill Pay portion of their
    bank's site (bmo#1923500)
  * some VR180 and 360 videos were not properly rendering on YouTube
    (bmo#1922278)
  * Fixed a crash that Windows users with Avast or AVG security
    software were experiencing when visiting certain sites. (bmo#1919678)
  * "List all tabs" button was not able to be moved from the toolbar
    (bmo#1918681)
  NFSA 2024-53
  * CVE-2024-9936 (bmo#1920381)
    Undefined behavior in selection node cache
 - remove obsolete mozilla-rust-disable-future-incompat.patch
 -------------------------------------------------------------------
 Wed Oct  9 07:57:32 UTC 2024 - Wolfgang Rosenauer <wr@rosenauer.org>
 - Mozilla Firefox 131.0.2
  MFSA 2024-51 (bsc#1231413)
  * CVE-2024-9680 (bmo#1923344)
    Use-after-free in Animation timeline
 -------------------------------------------------------------------
 Sun Sep 29 10:38:36 UTC 2024 - Wolfgang Rosenauer <wr@rosenauer.org>
 - Firefox 131.0
  https://www.mozilla.org/en-US/firefox/131.0/releasenotes/
  MFSA 2024-46 (bsc#1230979)
  * CVE-2024-9391 (bmo#1892407)
    Prevent users from exiting full-screen mode in Firefox Focus
    for Android
  * CVE-2024-9392 (bmo#1899154, bmo#1905843)
    Compromised content process can bypass site isolation
  * CVE-2024-9393 (bmo#1918301)
    Cross-origin access to PDF contents through multipart responses
  * CVE-2024-9394 (bmo#1918874)
    Cross-origin access to JSON contents through multipart responses
  * CVE-2024-9395 (bmo#1906024)
    Specially crafted filename could be used to obscure download type
  * CVE-2024-9396 (bmo#1912471)
    Potential memory corruption may occur when cloning certain objects
  * CVE-2024-9397 (bmo#1916659)
    Potential directory upload bypass via clickjacking
  * CVE-2024-9398 (bmo#1881037)
    External protocol handlers could be enumerated via popups
  * CVE-2024-9399 (bmo#1907726)
    Specially crafted WebTransport requests could lead to denial
    of service
  * CVE-2024-9400 (bmo#1915249)
    Potential memory corruption during JIT compilation
  * CVE-2024-9401 (bmo#1872744, bmo#1897792, bmo#1911317, bmo#1916476)
    Memory safety bugs fixed in Firefox 131, Firefox ESR 115.16,
    Firefox ESR 128.3, Thunderbird 131, and Thunderbird 128.3
  * CVE-2024-9402 (bmo#1872744, bmo#1897792, bmo#1911317, bmo#1913445,
    bmo#1914106, bmo#1914475, bmo#1914963, bmo#1915008, bmo#1916476)
    Memory safety bugs fixed in Firefox 131, Firefox ESR 128.3,
    Thunderbird 131, and Thunderbird 128.3
  * CVE-2024-9403 (bmo#1917807)
    Memory safety bugs fixed in Firefox 131 and Thunderbird 131
 - requires NSS 3.104
 - rebased patches
 ------------------------------------------------------------------
 Sat Sep 21 08:14:29 UTC 2024 - Manfred Hollstein <manfred.h@gmx.net>
 - Don't use clang18-devel on Leap as they don't have that version.
 ------------------------------------------------------------------
 Wed Sep 18 06:20:01 UTC 2024 - Manfred Hollstein <manfred.h@gmx.net>
 - Firefox 130.0.1 Release
  https://www.mozilla.org/en-US/firefox/130.0.1/releasenotes
  * Enterprise: Added an enterprise policy to disable the
    *Firefox Labs* section in *Settings*. (bmo#1911826)
  * Fixed a recent regression causing some UI elements to
    be rendered as left-to-right instead of right-to-left for
    users of our Saraiki localization. (bmo#1917175)
  * Linux: Fixed black rendering of AVIF images when
    Firefox is built with GCC. (bmo#1916038)
 - removed obsolete patches
  mozilla-bmo1916038.patch
 -------------------------------------------------------------------
 Sat Sep  7 07:06:40 UTC 2024 - Wolfgang Rosenauer <wr@rosenauer.org>
 - Mozilla Firefox 130.0
  https://www.mozilla.org/en-US/firefox/130.0/releasenotes
  MFSA 2024-39 (bsc#1229821)
  * CVE-2024-8385 (bmo#1911909)
    WASM type confusion involving ArrayTypes
  * CVE-2024-8381 (bmo#1912715)
    Type confusion when looking up a property name in a "with" block
  * CVE-2024-8388 (bmo#1902996, bmo#1839074, bmo#1865413, bmo#1868970,
    bmo#1873367, bmo#1877820, bmo#1884642, bmo#1886469, bmo#1894326,
    bmo#1894891, bmo#1897648)
    Fullscreen notice on Android could be hidden under various
    panels and OS prompts
  * CVE-2024-8382 (bmo#1906744)
    Internal event interfaces were exposed to web content when
    browser EventHandler listener callbacks ran
  * CVE-2024-8383 (bmo#1908496)
    Firefox did not ask before openings news: links in an
    external application
  * CVE-2024-8384 (bmo#1911288)
    Garbage collection could mis-color cross-compartment objects
    in OOM conditions
  * CVE-2024-8386 (bmo#1907032, bmo#1909163, bmo#1909529)
    SelectElements could be shown over another site if popups are
    allowed
  * CVE-2024-8387 (bmo#1857607, bmo#1911858, bmo#1914009)
    Memory safety bugs fixed in Firefox 130, Firefox ESR 128.2,
    and Thunderbird 128.2
  * CVE-2024-8389 (bmo#1907230, bmo#1909367)
    Memory safety bugs fixed in Firefox 130
 - requires NSS 3.103
 - removed obsolete patches
  mozilla-bmo1898476.patch
  mozilla-bmo1907511.patch
 - added mozilla-bmo1916038.patch to fix AVIF decoding (bsc#1230500)
 -------------------------------------------------------------------
 Fri Sep  6 08:36:45 UTC 2024 - Marvin Friedrich <contact@marvinf.com>
 - Update dependency on clang-devel from LLVM15 to LLVM18
 -------------------------------------------------------------------
 Wed Sep  4 03:11:13 UTC 2024 - pallas wept <pallaswept@proton.me>
 - Added mozilla-bmo1746799.patch to fix incorrect audio volume scaling
 -------------------------------------------------------------------
 Sat Aug 24 19:41:08 UTC 2024 - Christian Boltz <suse-beta@cboltz.de>
--- a/MozillaFirefox.spec
+++ b/MozillaFirefox.spec
@ -28,9 +28,9 @@
 # orig_suffix b3
 # major 69
 # mainver %%major.99
-%define major          129
+%define major          133
-%define mainver        %major.0.1
+%define mainver        %major.0
-%define orig_version   129.0.1
+%define orig_version   133.0
 %define orig_suffix    %{nil}
 %define update_channel release
 %define branding       1
@ -114,7 +114,7 @@ BuildRequires:  libiw-devel
 BuildRequires:  libproxy-devel
 BuildRequires:  makeinfo
 BuildRequires:  mozilla-nspr-devel >= 4.35
-BuildRequires:  mozilla-nss-devel >= 3.102.1
+BuildRequires:  mozilla-nss-devel >= 3.106
 BuildRequires:  nasm >= 2.14
 BuildRequires:  nodejs >= 12.22.12
 %if 0%{?sle_version} >= 120000 && 0%{?sle_version} < 150000
@ -149,7 +149,11 @@ BuildRequires:  zip
 %if 0%{?suse_version} < 1550
 BuildRequires:  pkgconfig(gconf-2.0) >= 1.2.1
 %endif
 %if 0%{?suse_version} < 1599
 BuildRequires:  clang15-devel
 %else
 BuildRequires:  clang18-devel
 %endif
 BuildRequires:  pkgconfig(glib-2.0) >= 2.22
 BuildRequires:  pkgconfig(gobject-2.0)
 BuildRequires:  pkgconfig(gtk+-3.0) >= 3.14.0
@ -173,10 +177,6 @@ Provides:       firefox = %{version}-%{release}
 Provides:       web_browser
 Provides:       appdata()
 Provides:       appdata(firefox.appdata.xml)
 # this is needed to match this package with the kde4 helper package without the main package
 # having a hard requirement on the kde4 package
 %define kde_helper_version 6
 Provides:       mozilla-kde4-version = %{kde_helper_version}
 Summary:        Mozilla %{appname} Web Browser
 License:        MPL-2.0
 Group:          Productivity/Networking/Web/Browsers
@ -208,7 +208,6 @@ Source20:       https://ftp.mozilla.org/pub/%{srcname}/releases/%{version}%{orig
 Source21:       https://ftp.mozilla.org/pub/%{srcname}/releases/%{version}%{orig_suffix}/KEY#/mozilla.keyring
 # Gecko/Toolkit
 Patch1:         mozilla-nongnome-proxies.patch
 Patch2:         mozilla-kde.patch
 Patch3:         mozilla-ntlm-full-path.patch
 Patch4:         mozilla-aarch64-startup-crash.patch
 Patch6:         mozilla-s390-context.patch
@ -222,17 +221,15 @@ Patch18:        mozilla-silence-no-return-type.patch
 Patch19:        mozilla-bmo531915.patch
 Patch20:        one_swizzle_to_rule_them_all.patch
 Patch21:        svg-rendering.patch
-Patch23:        mozilla-rust-disable-future-incompat.patch
+Patch24:        mozilla-bmo1746799.patch
 Patch25:        mozilla-bmo1898476.patch
 Patch26:        mozilla-bmo1907511.patch
 # Firefox/browser
 Patch101:       firefox-kde.patch
 Patch102:       firefox-branded-icons.patch
 %endif
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 Requires(post): coreutils shared-mime-info desktop-file-utils
 Requires(postun): shared-mime-info desktop-file-utils
 Requires:       %{name}-branding >= 68
 Requires:       xdg-desktop-portal
 %requires_ge    mozilla-nspr
 %requires_ge    mozilla-nss
 %requires_ge    libfreetype6
@ -345,18 +342,11 @@ find . -regex ".*\.c\|.*\.cpp\|.*\.h" -exec sed -i "s/__DATE__/${DATE}/g;s/__TIM
 # SLE-12 provides python39, but that package does not provide a python3 binary
 %if 0%{?sle_version} >= 120000 && 0%{?sle_version} < 150000
 #sed -i "s/python3/python3.9/g" configure.in
 sed -i "s|/usr/bin/env python3|/usr/bin/env python3.9|" mach
 sed -i "s|potential_python_binary = f\"python3.{i}\"|potential_python_binary = f\"python3.9.{i}\"|" mach
 export PYTHON3=/usr/bin/python3.9
 %endif
 kdehelperversion=$(cat toolkit/xre/nsKDEUtils.cpp | grep '#define KMOZILLAHELPER_VERSION' | cut -d ' ' -f 3)
 if test "$kdehelperversion" != %{kde_helper_version}; then
  echo fix kde helper version in the .spec file
  exit 1
 fi
 # When doing only_print_mozconfig, this file isn't necessarily available, so skip it
 cp %{SOURCE4} .obsenv.sh
 %else
@ -734,7 +724,7 @@ exit 0
 %{progdir}/crashreporter
 #%{progdir}/crashreporter.ini
 #%{progdir}/Throbber-small.gif
-%{progdir}/minidump-analyzer
+#%{progdir}/minidump-analyzer
 #%{progdir}/browser/crashreporter-override.ini
 %endif
 %{_datadir}/applications/%{desktop_file_name}.desktop
--- a/firefox-129.0.1.source.tar.xz
+++ b/firefox-129.0.1.source.tar.xz
@ -1,3 +0,0 @@
 version https://git-lfs.github.com/spec/v1
 oid sha256:9ddfe823e4c22167a77e47f56a8afde0d9621784a9e4e5dba4906e758175c073
 size 561709736
--- a/firefox-129.0.1.source.tar.xz.asc
+++ b/firefox-129.0.1.source.tar.xz.asc
@ -1,16 +0,0 @@
 -----BEGIN PGP SIGNATURE-----
 iQIzBAABCgAdFiEErdcHlHlwDcrf3VM34207E/PZMnQFAma6BisACgkQ4207E/PZ
 MnQlDxAAzavl3Tkgdnpvx7YADuS7u/JIGhI1e6OyeNVzvXtSY4cyIYrFNVpH3qXx
 0vKdk2fyL2c3YYLkMP7BfNKgAhYQhALnvxoAVqocSRmVHRjGyewUM6iC3k/SpgIf
 r700/XNrq/Y++5zpvWO6P2fgipzaYVARyy2i5YUtsdYrNkAgEYYP1Qm4SM8gHg6e
 tyt99uEEyhiAHrW4m9cFm+BzsIg23JhreY0AA/4czTORIcd37Oj0r4CcH5Wkpa15
 N1yU33A+xhIreeNaZHCf9NJjQuP+TLjqZV13940tqe7BJl1Loaj9P68+g51/SEfq
 6ZuRQXQCMKPk/FJ7ZDZPMJpsI7ydvVHkBoWNBf6SeJqJblcguQucgL3q6KWkOauh
 Msy7opz2p1kp8SYGpDoKA+KOHq+kl3/GQe6ACfkjqlqOzrJeAx3E2Cm4puYuqMQe
 duCluu992WvzwDhEEkTaikWXw3MAeWe7wYCL+ya4rxRmjHptbde01XRM6LEXgb7f
 d3HBkxJczEuwYsnYmgWf7leBSf30VLRyegi4k5oJK0qiUeJ5uFj+vV3/6kzcu6KE
 gW6Z6Kr+IkrTGViQrj4z1qg5td6tO+rsfE983Sw2jjRMha9bRM+dGUHvFWXxt9Bo
 vCwDJr5Y4k+MkgQ4L6Fi8hurst3eONIVJrGMgRQJAAeeMUVXjG8=
 =mBRM
 -----END PGP SIGNATURE-----
--- a/firefox-133.0.source.tar.xz
+++ b/firefox-133.0.source.tar.xz
@ -0,0 +1,3 @@
 version https://git-lfs.github.com/spec/v1
 oid sha256:492b2c9a3b6d215e38ce490624e8b2b9473419accdeaddb24ba00bc6adc3cc60
 size 582165112
--- a/firefox-133.0.source.tar.xz.asc
+++ b/firefox-133.0.source.tar.xz.asc
@ -0,0 +1,16 @@
 -----BEGIN PGP SIGNATURE-----
 iQIzBAABCgAdFiEErdcHlHlwDcrf3VM34207E/PZMnQFAmc/e7sACgkQ4207E/PZ
 MnRqQw//TaAudMwOpvyStSBd1C+W0fOFV+aFNMLGdjflWwyPKt3qR59NcChlFivv
 dRx7ag9KKOFeECF661WXodC3l67f/DqxFsvJz6HM2WIE9XWUG3TxDLoSJyRtoiLQ
 MYZY3KrbiwFn+ZgCCp37UbJYlFZ1O7vWyoGaAOUA0sr7Mfizs2DWEzh4+u70RAgM
 EhpSCi2Vm3dPDVGDaLvT62JyS2F100bcdU6Wbae8UP3VarZCAl3J0JH8R9rEaj3R
 qjgCFUHe8i+U/GtTzgsbW7d3/hENj9HX+b9sLEImSqqX9Lo6YRlO09IrWwoHrijr
 MFUI/JgH52YTofB9ucvZfQkvyNEug0oFGhfTcYnyvOtDzE2oIjPVSSCgnkyXWxTm
 r/EKxN0zWTGRGaGBCtkcrsbMXaAxjfd71CkjsmoUdge5/nERBfUN1TGgZQrq/6Dh
 f/edsUiQxSIjTkI40Xt3NhXPQozWm8WSD87pVm2FSQH9k3rEGnUssLCIO4SRgrDL
 Evs5KBtJmasn8o/G4KQK08CzraPuDXEWqd7o8Tjz2fXnEDi6ChkJZyPMjnEFbwOy
 PvaN5YauaqgOKO3Uo408YE+zcTcSEEqiG+sBYOseMo/K1fmIBRhQxpYMU6r8FWiE
 XjfE63U5tk+LJl2RKNqdg4Dw6SBC5T7qfwpQXJfs/rdrImZ+fhE=
 =g/x2
 -----END PGP SIGNATURE-----
--- a/firefox-kde.patch
+++ b/firefox-kde.patch
@ -1,302 +0,0 @@
 From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
 From: Martin Sirringhaus <msirringhaus@suse.de>
 Date: Tue, 8 Aug 2023 16:18:24 +0300
 Subject: [PATCH] Add KDE integration to Firefox
 Bug: https://bugzilla.mozilla.org/show_bug.cgi?id=140751
 Bug: https://bugzilla.suse.com/show_bug.cgi?id=170055
 How to apply this patch:
 1. Import and apply it
 2. cp browser/base/content/browser.xul browser/base/content/browser-kde.xul
 3. Find editBookmarkPanelDoneButton
 4. Replace #ifndef with #ifdef in the line above (this hanges the button order from Gnome-style to KDE-style)
 5. hg qrefresh
 ---
 browser/components/preferences/main.js        |  18 +++
 browser/components/shell/moz.build            |   2 +
 .../components/shell/nsKDEShellService.cpp    | 109 ++++++++++++++++++
 browser/components/shell/nsKDEShellService.h  |  32 +++++
 .../components/shell/nsUnixShellService.cpp   |  22 ++++
 browser/components/shell/nsUnixShellService.h |  15 +++
 6 files changed, 198 insertions(+)
 create mode 100644 browser/components/shell/nsKDEShellService.cpp
 create mode 100644 browser/components/shell/nsKDEShellService.h
 create mode 100644 browser/components/shell/nsUnixShellService.cpp
 create mode 100644 browser/components/shell/nsUnixShellService.h
 diff --git a/browser/components/preferences/main.js b/browser/components/preferences/main.js
 --- a/browser/components/preferences/main.js
 +++ b/browser/components/preferences/main.js
@@ -292,16 +292,23 @@ var gMainPane = {
         }, backoffTimes[this._backoffIndex + 1 < backoffTimes.length ? this._backoffIndex++ : backoffTimes.length - 1]);
       };
       window.setTimeout(() => {
         window.requestIdleCallback(pollForDefaultBrowser);
       }, backoffTimes[this._backoffIndex]);
     }
 +    var env = Components.classes["@mozilla.org/process/environment;1"]
 +      .getService(Components.interfaces.nsIEnvironment);
 +    var kde_session = 0;
 +    if (env.get('KDE_FULL_SESSION') == "true") {
 +      kde_session = 1;
 +    }
 +
     this.initBrowserContainers();
     this.buildContentProcessCountMenuList();
     this.updateDefaultPerformanceSettingsPref();
     let defaultPerformancePref = Preferences.get(
       "browser.preferences.defaultPerformanceSettings.enabled"
     );
@@ -1753,16 +1760,27 @@ var gMainPane = {
       // Disable the set default button, so that the user doesn't try to hit it again
       // while awaiting on setDefaultBrowser
       let setDefaultButton = document.getElementById("setDefaultButton");
       setDefaultButton.disabled = true;
       try {
         await shellSvc.setDefaultBrowser(false);
 +        if (kde_session == 1) {
 +          var shellObj = Components.classes["@mozilla.org/file/local;1"]
 +            .createInstance(Components.interfaces.nsILocalFile);
 +          shellObj.initWithPath("/usr/bin/kwriteconfig");
 +          var process = Components.classes["@mozilla.org/process/util;1"]
 +            .createInstance(Components.interfaces.nsIProcess);
 +          process.init(shellObj);
 +          var args = ["--file", "kdeglobals", "--group", "General", "--key",
 +              "BrowserApplication", "firefox"];
 +          process.run(false, args, args.length);
 +        }
       } catch (ex) {
         console.error(ex);
         return;
       } finally {
         // Make sure to re-enable the default button when we're finished, regardless of the outcome
         setDefaultButton.disabled = false;
       }
 diff --git a/browser/components/shell/moz.build b/browser/components/shell/moz.build
 --- a/browser/components/shell/moz.build
 +++ b/browser/components/shell/moz.build
@@ -31,16 +31,18 @@ if CONFIG["MOZ_WIDGET_TOOLKIT"] == "coco
     ]
 elif CONFIG["MOZ_WIDGET_TOOLKIT"] == "gtk":
     XPIDL_SOURCES += [
         "nsIGNOMEShellService.idl",
     ]
     SOURCES += [
         "nsGNOMEShellService.cpp",
 +        "nsKDEShellService.cpp",
 +        "nsUnixShellService.cpp",
     ]
     if CONFIG["MOZ_ENABLE_DBUS"]:
         SOURCES += [
             "nsGNOMEShellDBusHelper.cpp",
             "nsGNOMEShellSearchProvider.cpp",
         ]
         include("/ipc/chromium/chromium-config.mozbuild")
 diff --git a/browser/components/shell/nsKDEShellService.cpp b/browser/components/shell/nsKDEShellService.cpp
 new file mode 100644
 --- /dev/null
 +++ b/browser/components/shell/nsKDEShellService.cpp
@@ -0,0 +1,108 @@
 +/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
 +/* This Source Code Form is subject to the terms of the Mozilla Public
 + * License, v. 2.0. If a copy of the MPL was not distributed with this
 + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 +
 +#include "mozilla/ArrayUtils.h"
 +
 +#include "nsCOMPtr.h"
 +#include "nsKDEShellService.h"
 +#include "nsShellService.h"
 +#include "nsKDEUtils.h"
 +#include "nsIPrefService.h"
 +#include "nsIProcess.h"
 +#include "nsIFile.h"
 +#include "nsServiceManagerUtils.h"
 +#include "nsComponentManagerUtils.h"
 +#include "nsIMutableArray.h"
 +#include "nsISupportsPrimitives.h"
 +#include "nsArrayUtils.h"
 +
 +using namespace mozilla;
 +
 +nsresult
 +nsKDEShellService::Init()
 +{
 +    if( !nsKDEUtils::kdeSupport())
 +        return NS_ERROR_NOT_AVAILABLE;
 +    return NS_OK;
 +}
 +
 +NS_IMPL_ISUPPORTS(nsKDEShellService, nsIGNOMEShellService, nsIShellService)
 +
 +NS_IMETHODIMP
 +nsKDEShellService::IsDefaultBrowser(bool aForAllTypes,
 +                                    bool* aIsDefaultBrowser)
 +{
 +    *aIsDefaultBrowser = false;
 +
 +    nsCOMPtr<nsIMutableArray> command = do_CreateInstance( NS_ARRAY_CONTRACTID );
 +    if (!command)
 +        return NS_ERROR_FAILURE;
 +
 +    nsCOMPtr<nsISupportsCString> str = do_CreateInstance( NS_SUPPORTS_CSTRING_CONTRACTID );
 +    if (!str)
 +        return NS_ERROR_FAILURE;
 +
 +    str->SetData("ISDEFAULTBROWSER"_ns);
 +    command->AppendElement( str );
 +
 +    if( nsKDEUtils::command( command ))
 +        *aIsDefaultBrowser = true;
 +    return NS_OK;
 +}
 +
 +NS_IMETHODIMP
 +nsKDEShellService::SetDefaultBrowser(bool aForAllUsers)
 +{
 +    nsCOMPtr<nsIMutableArray> command = do_CreateInstance( NS_ARRAY_CONTRACTID );
 +    if (!command)
 +        return NS_ERROR_FAILURE;
 +
 +    nsCOMPtr<nsISupportsCString> cmdstr = do_CreateInstance( NS_SUPPORTS_CSTRING_CONTRACTID );
 +    nsCOMPtr<nsISupportsCString> paramstr = do_CreateInstance( NS_SUPPORTS_CSTRING_CONTRACTID );
 +    if (!cmdstr || !paramstr)
 +        return NS_ERROR_FAILURE;
 +
 +    cmdstr->SetData("SETDEFAULTBROWSER"_ns);
 +    command->AppendElement( cmdstr );
 +
 +    paramstr->SetData("ALLTYPES"_ns);
 +    command->AppendElement( paramstr );
 +
 +    return nsKDEUtils::command( command ) ? NS_OK : NS_ERROR_FAILURE;
 +}
 +
 +NS_IMETHODIMP
 +nsKDEShellService::GetCanSetDesktopBackground(bool* aResult)
 +{
 +  *aResult = true;
 +  return NS_OK;
 +}
 +
 +NS_IMETHODIMP
 +nsKDEShellService::SetDesktopBackground(dom::Element* aElement,
 +                                        int32_t aPosition,
 +                                        const nsACString& aImageName)
 +{
 +    return NS_ERROR_NOT_IMPLEMENTED;
 +}
 +
 +NS_IMETHODIMP
 +nsKDEShellService::GetDesktopBackgroundColor(PRUint32 *aColor)
 +{
 +    return NS_ERROR_NOT_IMPLEMENTED;
 +}
 +
 +NS_IMETHODIMP
 +nsKDEShellService::SetDesktopBackgroundColor(PRUint32 aColor)
 +{
 +    return NS_ERROR_NOT_IMPLEMENTED;
 +}
 +
 +NS_IMETHODIMP
 +nsKDEShellService::IsDefaultForScheme(nsTSubstring<char> const& aScheme, bool* aIsDefaultBrowser)
 +{
 +    return NS_ERROR_NOT_IMPLEMENTED;
 +}
 +
 diff --git a/browser/components/shell/nsKDEShellService.h b/browser/components/shell/nsKDEShellService.h
 new file mode 100644
 --- /dev/null
 +++ b/browser/components/shell/nsKDEShellService.h
@@ -0,0 +1,32 @@
 +/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
 +/* This Source Code Form is subject to the terms of the Mozilla Public
 + * License, v. 2.0. If a copy of the MPL was not distributed with this
 + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 +
 +#ifndef nskdeshellservice_h____
 +#define nskdeshellservice_h____
 +
 +#include "nsIGNOMEShellService.h"
 +#include "nsToolkitShellService.h"
 +#include "nsString.h"
 +#include "mozilla/Attributes.h"
 +
 +class nsKDEShellService final : public nsIGNOMEShellService,
 +                                public nsToolkitShellService
 +{
 +public:
 +  nsKDEShellService() : mCheckedThisSession(false) { }
 +
 +  NS_DECL_ISUPPORTS
 +  NS_DECL_NSISHELLSERVICE
 +  NS_DECL_NSIGNOMESHELLSERVICE
 +
 +  nsresult Init();
 +
 +private:
 +  ~nsKDEShellService() {}
 +
 +  bool mCheckedThisSession;
 +};
 +
 +#endif // nskdeshellservice_h____
 diff --git a/browser/components/shell/nsUnixShellService.cpp b/browser/components/shell/nsUnixShellService.cpp
 new file mode 100644
 --- /dev/null
 +++ b/browser/components/shell/nsUnixShellService.cpp
@@ -0,0 +1,22 @@
 +/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
 +/* This Source Code Form is subject to the terms of the Mozilla Public
 + * License, v. 2.0. If a copy of the MPL was not distributed with this
 + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 +
 +
 +#include "nsUnixShellService.h"
 +#include "nsGNOMEShellService.h"
 +#include "nsKDEShellService.h"
 +#include "nsKDEUtils.h"
 +#include "mozilla/ModuleUtils.h"
 +
 +NS_GENERIC_FACTORY_CONSTRUCTOR_INIT(nsGNOMEShellService, Init)
 +NS_GENERIC_FACTORY_CONSTRUCTOR_INIT(nsKDEShellService, Init)
 +
 +NS_IMETHODIMP
 +nsUnixShellServiceConstructor(REFNSIID aIID, void **aResult)
 +{
 +    if( nsKDEUtils::kdeSupport())
 +        return nsKDEShellServiceConstructor( aIID, aResult );
 +    return nsGNOMEShellServiceConstructor( aIID, aResult );
 +}
 diff --git a/browser/components/shell/nsUnixShellService.h b/browser/components/shell/nsUnixShellService.h
 new file mode 100644
 --- /dev/null
 +++ b/browser/components/shell/nsUnixShellService.h
@@ -0,0 +1,15 @@
 +/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
 +/* This Source Code Form is subject to the terms of the Mozilla Public
 + * License, v. 2.0. If a copy of the MPL was not distributed with this
 + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 +
 +
 +#ifndef nsunixshellservice_h____
 +#define nsunixshellservice_h____
 +
 +#include "nsIGNOMEShellService.h"
 +
 +NS_IMETHODIMP
 +nsUnixShellServiceConstructor(nsISupports *aOuter, REFNSIID aIID, void **aResult);
 +
 +#endif // nsunixshellservice_h____
--- a/l10n-129.0.1.tar.xz
+++ b/l10n-129.0.1.tar.xz
@ -1,3 +0,0 @@
 version https://git-lfs.github.com/spec/v1
 oid sha256:eeaffb7ee1447376e76ea12095541e6ec4e8d6148207c260da4da947b56d3ef6
 size 34484384
--- a/l10n-133.0.tar.xz
+++ b/l10n-133.0.tar.xz
@ -0,0 +1,3 @@
 version https://git-lfs.github.com/spec/v1
 oid sha256:767905b231198d4b0cdbc00970cd4de63315bf63fb1d88bf53c844d4e694f8fe
 size 35102084
--- a/mozilla-bmo1504834-part1.patch
+++ b/mozilla-bmo1504834-part1.patch
@ -1,11 +1,11 @@
 # HG changeset patch
-# Parent  125a78208d2cef58191a0328ffe894dd14c6b146
+# Parent  e31f5228a09ed69d7ac3c84e54f0faa6a5910ae0
 Taken from https://bugzilla.mozilla.org/show_bug.cgi?id=1504834
 diff --git a/gfx/2d/DrawTargetSkia.cpp b/gfx/2d/DrawTargetSkia.cpp
 --- a/gfx/2d/DrawTargetSkia.cpp
 +++ b/gfx/2d/DrawTargetSkia.cpp
-@@ -151,17 +151,18 @@ static IntRect CalculateSurfaceBounds(co
+@@ -155,17 +155,18 @@ static IntRect CalculateSurfaceBounds(co
   if (!sampledBounds.ToIntRect(&bounds)) {
     return surfaceBounds;
   }
@ -28,8 +28,8 @@ diff --git a/gfx/2d/DrawTargetSkia.cpp b/gfx/2d/DrawTargetSkia.cpp
 diff --git a/gfx/2d/Types.h b/gfx/2d/Types.h
 --- a/gfx/2d/Types.h
 +++ b/gfx/2d/Types.h
-@@ -84,28 +84,21 @@ enum class SurfaceFormat : int8_t {
+@@ -94,28 +94,21 @@ enum class SurfaceFormat : int8_t {
-   YUV422,  // Single plane YUV 4:2:2 interleaved as Y`0 Cb Y`1 Cr.
+               // this format.
   HSV,
   Lab,
   Depth,
--- a/mozilla-bmo1746799.patch
+++ b/mozilla-bmo1746799.patch
@ -0,0 +1,72 @@
 From 535dc3c97fd19a30a329a188786998ae00cdf017 Mon Sep 17 00:00:00 2001
 From: andrew <andrew@arobeia.co.uk>
 Date: Thu, 23 Dec 2021 16:18:30 +0000
 Subject: [PATCH] Map linearly from cubeb volume to pa volume
 Fixes incorrect volume mapping.
 Rebased to current SUSE sources and updated checksums Wed Sep 04 00:00:00 2024
 diff --git a/third_party/rust/cubeb-pulse/.cargo-checksum.json b/third_party/rust/cubeb-pulse/.cargo-checksum.json
 --- a/third_party/rust/cubeb-pulse/.cargo-checksum.json
 +++ b/third_party/rust/cubeb-pulse/.cargo-checksum.json
@@ -1,1 +1,1 @@
 -{"files":{".editorconfig":"bf047bd1da10cabb99eea666d1e57c321eba4716dccb3e4ed0e2c5fe3ca53858",".github/workflows/build.yml":"477366d58c9dc059dbe4a158a6e910f23a3e9ecac7411f73616e06375583b764","AUTHORS":"0e0ac930a68ce2f6b876126b195add177f0d3886facb9260f4d9b69f1988f0cc","Cargo.toml":"4dc677a2a769c0f1667c7ad52bc7b09d22ae8e47bb95389223a5075eb4228d13","LICENSE":"44c6b5ae5ec3fe2fbc608b00e6f4896f4d2d5c7e525fcbaa3eaa3cf2f3d5a983","README.md":"0079450bb4b013bac065ed1750851e461a3710ebad1f323817da1cb82db0bc4f","src/backend/context.rs":"c0db5f2447de1d6df5aa2812fa342a085e73156a072c221c7379b9a6a9b86786","src/backend/cork_state.rs":"4a0f1afc7d9f333dac89218cc56d7d32fbffb487cd48c1c9a4e03d79cb3b5e28","src/backend/intern.rs":"11ca424e4eb77f8eb9fd5a6717d1e791facf9743156a8534f0016fcf64d57b0f","src/backend/mod.rs":"dfb30ec497d6215e4535e936fea8fe3a407ef24dc1cec43b52c0ffa923d9229c","src/backend/stream.rs":"dfe5b747e100cae4aeae36cf2ebb9dc4715b411b4116721a40eec2944eb0ec23","src/capi.rs":"fa0fa020f0d0efe55aa0fc3596405e8407bbe2cbe6c7a558345304e6da87994e","src/lib.rs":"b41bbdc562cbfb130ed7c1e53fe69944774f515705341d8ce48a2f82c8c0c2c5"},"package":null}
 \ No newline at end of file
 +{"files":{".editorconfig":"bf047bd1da10cabb99eea666d1e57c321eba4716dccb3e4ed0e2c5fe3ca53858",".github/workflows/build.yml":"477366d58c9dc059dbe4a158a6e910f23a3e9ecac7411f73616e06375583b764","AUTHORS":"0e0ac930a68ce2f6b876126b195add177f0d3886facb9260f4d9b69f1988f0cc","Cargo.toml":"4dc677a2a769c0f1667c7ad52bc7b09d22ae8e47bb95389223a5075eb4228d13","LICENSE":"44c6b5ae5ec3fe2fbc608b00e6f4896f4d2d5c7e525fcbaa3eaa3cf2f3d5a983","README.md":"0079450bb4b013bac065ed1750851e461a3710ebad1f323817da1cb82db0bc4f","src/backend/context.rs":"c0db5f2447de1d6df5aa2812fa342a085e73156a072c221c7379b9a6a9b86786","src/backend/cork_state.rs":"4a0f1afc7d9f333dac89218cc56d7d32fbffb487cd48c1c9a4e03d79cb3b5e28","src/backend/intern.rs":"11ca424e4eb77f8eb9fd5a6717d1e791facf9743156a8534f0016fcf64d57b0f","src/backend/mod.rs":"dfb30ec497d6215e4535e936fea8fe3a407ef24dc1cec43b52c0ffa923d9229c","src/backend/stream.rs":"2dfc61c4eac69624558756d87283496d01f56f44bf311119eff0f1d124cd88f3","src/capi.rs":"fa0fa020f0d0efe55aa0fc3596405e8407bbe2cbe6c7a558345304e6da87994e","src/lib.rs":"b41bbdc562cbfb130ed7c1e53fe69944774f515705341d8ce48a2f82c8c0c2c5"},"package":null}
 diff --git a/third_party/rust/cubeb-pulse/src/backend/stream.rs b/third_party/rust/cubeb-pulse/src/backend/stream.rs
 --- a/third_party/rust/cubeb-pulse/src/backend/stream.rs
 +++ b/third_party/rust/cubeb-pulse/src/backend/stream.rs
@@ -760,18 +760,18 @@ impl<'ctx> StreamOps for PulseStream<'ct
                             _ => pulse::SinkFlags::empty(),
                         }
                     };
                     if flags.contains(pulse::SinkFlags::FLAT_VOLUME) {
                         self.volume = volume;
                     } else {
                         let channels = stm.get_sample_spec().channels;
 -                        let vol = pulse::sw_volume_from_linear(f64::from(volume));
 -                        cvol.set(u32::from(channels), vol);
 +                        let vol = volume * (PA_VOLUME_NORM as f32);
 +                        cvol.set(u32::from(channels), vol as pa_volume_t);
                         let index = stm.get_index();
                         let context_ptr = self.context as *const _ as *mut _;
                         if let Ok(o) = context.set_sink_input_volume(
                             index,
                             &cvol,
                             context_success,
 diff --git a/third_party/rust/pulse-ffi/.cargo-checksum.json b/third_party/rust/pulse-ffi/.cargo-checksum.json
 --- a/third_party/rust/pulse-ffi/.cargo-checksum.json
 +++ b/third_party/rust/pulse-ffi/.cargo-checksum.json
@@ -1,1 +1,1 @@
 -{"files":{"Cargo.toml":"d0d7e81366920147911554f68c95567cae0931950c6d96ccc2c986508473642e","src/ffi_funcs.rs":"a16646c5e7c49e94b907a7a404cfcadf3007688005c689cca936f0c2ee2e28e6","src/ffi_types.rs":"2ca56bc3638a40d331e53117a5dd175d0a6e102b1e0eccb9c2adc565c6861a33","src/lib.rs":"6aff308de11954a067d0f6ef95bf3126aabb6d928a5191e91d9a38ebadba91c2"},"package":null}
 \ No newline at end of file
 +{"files":{"Cargo.toml":"d0d7e81366920147911554f68c95567cae0931950c6d96ccc2c986508473642e","src/ffi_funcs.rs":"a16646c5e7c49e94b907a7a404cfcadf3007688005c689cca936f0c2ee2e28e6","src/ffi_types.rs":"f39a27712b17256583331f7ce5722413d0c7b51d73d8def8f50e839e23dfb411","src/lib.rs":"6aff308de11954a067d0f6ef95bf3126aabb6d928a5191e91d9a38ebadba91c2"},"package":null}
 diff --git a/third_party/rust/pulse-ffi/src/ffi_types.rs b/third_party/rust/pulse-ffi/src/ffi_types.rs
 --- a/third_party/rust/pulse-ffi/src/ffi_types.rs
 +++ b/third_party/rust/pulse-ffi/src/ffi_types.rs
@@ -17,16 +17,21 @@ pub const PA_SAMPLE_S32BE: c_int = 8;
 pub const PA_SAMPLE_S24LE: c_int = 9;
 pub const PA_SAMPLE_S24BE: c_int = 10;
 pub const PA_SAMPLE_S24_32LE: c_int = 11;
 pub const PA_SAMPLE_S24_32BE: c_int = 12;
 pub const PA_SAMPLE_MAX: c_int = 13;
 pub const PA_SAMPLE_INVALID: c_int = -1;
 pub type pa_sample_format_t = c_int;
 +pub const PA_VOLUME_MUTED: c_uint = 0;
 +pub const PA_VOLUME_NORM: c_uint = 0x10000;
 +pub const PA_VOLUME_MAX: c_uint = 0x7fffffff;
 +
 +
 #[repr(C)]
 #[derive(Copy, Clone, Debug)]
 pub struct Struct_pa_sample_spec {
     pub format: pa_sample_format_t,
     pub rate: u32,
     pub channels: u8,
 }
--- a/mozilla-bmo1898476.patch
+++ b/mozilla-bmo1898476.patch
@ -1,401 +0,0 @@
 # HG changeset patch
 # User stransky <stransky@redhat.com>
 # Date 1720609192 0
 # Node ID f9323daf7abeb19f69ac5762a0a442c0dc15636e
 # Parent  5afadee4e18fc5779d789d9371a3d2d67a29d1da
 Bug 1898476 [Wayland] Move MozContainerSurfaceLock from MozContainerWayland to MozContainerSurfaceLock module r=emilio
 Differential Revision: https://phabricator.services.mozilla.com/D214883
 diff --git a/widget/gtk/MozContainerSurfaceLock.cpp b/widget/gtk/MozContainerSurfaceLock.cpp
 new file mode 100644
 --- /dev/null
 +++ b/widget/gtk/MozContainerSurfaceLock.cpp
@@ -0,0 +1,31 @@
 +/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
 +/* This Source Code Form is subject to the terms of the Mozilla Public
 + * License, v. 2.0. If a copy of the MPL was not distributed with this
 + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 +
 +#include "MozContainerSurfaceLock.h"
 +#include "MozContainer.h"
 +#include "WidgetUtilsGtk.h"
 +
 +using namespace mozilla::widget;
 +
 +MozContainerSurfaceLock::MozContainerSurfaceLock(MozContainer* aContainer) {
 +#ifdef MOZ_WAYLAND
 +  mContainer = aContainer;
 +  if (GdkIsWaylandDisplay()) {
 +    // mSurface can be nullptr if we lock hidden MozContainer and
 +    // that's correct, MozContainer is still locked.
 +    mSurface = moz_container_wayland_surface_lock(aContainer);
 +  }
 +#endif
 +}
 +
 +MozContainerSurfaceLock::~MozContainerSurfaceLock() {
 +#ifdef MOZ_WAYLAND
 +  if (GdkIsWaylandDisplay()) {
 +    moz_container_wayland_surface_unlock(mContainer, &mSurface);
 +  }
 +#endif
 +}
 +
 +struct wl_surface* MozContainerSurfaceLock::GetSurface() { return mSurface; }
 diff --git a/widget/gtk/MozContainerSurfaceLock.h b/widget/gtk/MozContainerSurfaceLock.h
 new file mode 100644
 --- /dev/null
 +++ b/widget/gtk/MozContainerSurfaceLock.h
@@ -0,0 +1,28 @@
 +/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
 +/* This Source Code Form is subject to the terms of the Mozilla Public
 + * License, v. 2.0. If a copy of the MPL was not distributed with this
 + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 +
 +#ifndef widget_gtk_MozContainerSurfaceLock_h
 +#define widget_gtk_MozContainerSurfaceLock_h
 +
 +struct wl_surface;
 +struct _MozContainer;
 +typedef struct _MozContainer MozContainer;
 +
 +class MozContainerSurfaceLock {
 + public:
 +  explicit MozContainerSurfaceLock(MozContainer* aContainer);
 +  ~MozContainerSurfaceLock();
 +
 +  // wl_surface can be nullptr if we lock hidden MozContainer.
 +  struct wl_surface* GetSurface();
 +
 + private:
 +#ifdef MOZ_WAYLAND
 +  MozContainer* mContainer = nullptr;
 +#endif
 +  struct wl_surface* mSurface = nullptr;
 +};
 +
 +#endif  // widget_gtk_MozContainerSurfaceLock_h
 diff --git a/widget/gtk/MozContainerWayland.cpp b/widget/gtk/MozContainerWayland.cpp
 --- a/widget/gtk/MozContainerWayland.cpp
 +++ b/widget/gtk/MozContainerWayland.cpp
@@ -82,33 +82,16 @@ using namespace mozilla;
 using namespace mozilla::widget;
 static bool moz_container_wayland_surface_create_locked(
     const MutexAutoLock& aProofOfLock, MozContainer* container);
 static void moz_container_wayland_set_opaque_region_locked(
     const MutexAutoLock& aProofOfLock, MozContainer* container,
     const LayoutDeviceIntRegion&);
 -// Lock mozcontainer and get wayland surface of it. You need to pair with
 -// moz_container_wayland_surface_unlock() even
 -// if moz_container_wayland_surface_lock() fails and returns nullptr.
 -static struct wl_surface* moz_container_wayland_surface_lock(
 -    MozContainer* container);
 -static void moz_container_wayland_surface_unlock(MozContainer* container,
 -                                                 struct wl_surface** surface);
 -
 -MozContainerSurfaceLock::MozContainerSurfaceLock(MozContainer* aContainer) {
 -  mContainer = aContainer;
 -  mSurface = moz_container_wayland_surface_lock(aContainer);
 -}
 -MozContainerSurfaceLock::~MozContainerSurfaceLock() {
 -  moz_container_wayland_surface_unlock(mContainer, &mSurface);
 -}
 -struct wl_surface* MozContainerSurfaceLock::GetSurface() { return mSurface; }
 -
 // Invalidate gtk wl_surface to commit changes to wl_subsurface.
 // wl_subsurface changes are effective when parent surface is commited.
 static void moz_container_wayland_invalidate(MozContainer* container) {
   LOGWAYLAND("moz_container_wayland_invalidate [%p]\n",
              (void*)moz_container_get_nsWindow(container));
   GdkWindow* window = gtk_widget_get_window(GTK_WIDGET(container));
   if (!window) {
 diff --git a/widget/gtk/MozContainerWayland.h b/widget/gtk/MozContainerWayland.h
 --- a/widget/gtk/MozContainerWayland.h
 +++ b/widget/gtk/MozContainerWayland.h
@@ -8,16 +8,17 @@
 #ifndef __MOZ_CONTAINER_WAYLAND_H__
 #define __MOZ_CONTAINER_WAYLAND_H__
 #include <gtk/gtk.h>
 #include <functional>
 #include <vector>
 #include "mozilla/Mutex.h"
 #include "WindowSurface.h"
 +#include "MozContainerSurfaceLock.h"
 /*
  * MozContainer
  *
  * This class serves three purposes in the nsIWidget implementation.
  *
  *   - It provides objects to receive signals from GTK for events on native
  *     windows.
@@ -56,25 +57,22 @@ struct MozContainerWayland {
   mozilla::Mutex container_lock{"MozContainerWayland::container_lock"};
 };
 struct _MozContainer;
 struct _MozContainerClass;
 typedef struct _MozContainer MozContainer;
 typedef struct _MozContainerClass MozContainerClass;
 -class MozContainerSurfaceLock {
 -  MozContainer* mContainer;
 -  struct wl_surface* mSurface;
 -
 - public:
 -  explicit MozContainerSurfaceLock(MozContainer* aContainer);
 -  ~MozContainerSurfaceLock();
 -  struct wl_surface* GetSurface();
 -};
 +// Lock mozcontainer and get wayland surface of it. You need to pair with
 +// moz_container_wayland_surface_unlock() even
 +// if moz_container_wayland_surface_lock() fails and returns nullptr.
 +struct wl_surface* moz_container_wayland_surface_lock(MozContainer* container);
 +void moz_container_wayland_surface_unlock(MozContainer* container,
 +                                          struct wl_surface** surface);
 void moz_container_wayland_map(GtkWidget*);
 gboolean moz_container_wayland_map_event(GtkWidget*, GdkEventAny*);
 void moz_container_wayland_size_allocate(GtkWidget*, GtkAllocation*);
 void moz_container_wayland_unmap(GtkWidget*);
 struct wl_egl_window* moz_container_wayland_get_egl_window(
     MozContainer* container, double scale);
 diff --git a/widget/gtk/moz.build b/widget/gtk/moz.build
 --- a/widget/gtk/moz.build
 +++ b/widget/gtk/moz.build
@@ -28,16 +28,17 @@ if CONFIG["MOZ_WAYLAND"]:
 if CONFIG["MOZ_ENABLE_VAAPI"]:
     DIRS += ["vaapitest"]
 if CONFIG["MOZ_ENABLE_V4L2"]:
     DIRS += ["v4l2test"]
 EXPORTS += [
     "MozContainer.h",
 +    "MozContainerSurfaceLock.h",
     "nsGTKToolkit.h",
     "nsGtkUtils.h",
     "nsImageToPixbuf.h",
 ]
 EXPORTS.mozilla += [
     "GfxInfo.h",
     "GfxInfoUtils.h",
@@ -66,16 +67,17 @@ UNIFIED_SOURCES += [
     "DMABufLibWrapper.cpp",
     "DMABufSurface.cpp",
     "GfxInfo.cpp",
     "gtk3drawing.cpp",
     "GtkCompositorWidget.cpp",
     "IMContextWrapper.cpp",
     "InProcessGtkCompositorWidget.cpp",
     "MozContainer.cpp",
 +    "MozContainerSurfaceLock.cpp",
     "MPRISServiceHandler.cpp",
     "NativeKeyBindings.cpp",
     "NativeMenuGtk.cpp",
     "NativeMenuSupport.cpp",
     "nsApplicationChooser.cpp",
     "nsAppShell.cpp",
     "nsBidiKeyboard.cpp",
     "nsClipboard.cpp",
@@ -109,16 +111,17 @@ if CONFIG["MOZ_WAYLAND"]:
     UNIFIED_SOURCES += [
         "MozContainerWayland.cpp",
         "nsClipboardWayland.cpp",
         "nsWaylandDisplay.cpp",
         "WaylandBuffer.cpp",
         "WindowSurfaceWaylandMultiBuffer.cpp",
     ]
     EXPORTS.mozilla.widget += [
 +        "MozContainerSurfaceLock.h",
         "MozContainerWayland.h",
         "nsWaylandDisplay.h",
         "WaylandBuffer.h",
     ]
 if CONFIG["MOZ_X11"]:
     UNIFIED_SOURCES += [
         "nsClipboardX11.cpp",
 # HG changeset patch
 # User stransky <stransky@redhat.com>
 # Date 1720609193 0
 # Node ID a264ff9e9f6f87ca0520a884b29c4be90001533e
 # Parent  f9323daf7abeb19f69ac5762a0a442c0dc15636e
 Bug 1898476 [Wayland] Provide surface lock by GtkCompositorWidget r=emilio
 Depends on D214883
 Differential Revision: https://phabricator.services.mozilla.com/D214884
 diff --git a/widget/gtk/GtkCompositorWidget.cpp b/widget/gtk/GtkCompositorWidget.cpp
 --- a/widget/gtk/GtkCompositorWidget.cpp
 +++ b/widget/gtk/GtkCompositorWidget.cpp
@@ -206,10 +206,14 @@ void GtkCompositorWidget::SetRenderingSu
 }
 #ifdef MOZ_LOGGING
 bool GtkCompositorWidget::IsPopup() {
   return mWidget ? mWidget->IsPopup() : false;
 }
 #endif
 +UniquePtr<MozContainerSurfaceLock> GtkCompositorWidget::LockSurface() {
 +  return mWidget->LockSurface();
 +}
 +
 }  // namespace widget
 }  // namespace mozilla
 diff --git a/widget/gtk/GtkCompositorWidget.h b/widget/gtk/GtkCompositorWidget.h
 --- a/widget/gtk/GtkCompositorWidget.h
 +++ b/widget/gtk/GtkCompositorWidget.h
@@ -5,16 +5,18 @@
 #ifndef widget_gtk_GtkCompositorWidget_h
 #define widget_gtk_GtkCompositorWidget_h
 #include "GLDefs.h"
 #include "mozilla/DataMutex.h"
 #include "mozilla/widget/CompositorWidget.h"
 #include "WindowSurfaceProvider.h"
 +#include "mozilla/UniquePtr.h"
 +#include "MozContainerSurfaceLock.h"
 class nsIWidget;
 class nsWindow;
 namespace mozilla {
 namespace layers {
 class NativeLayerRootWayland;
@@ -91,16 +93,18 @@ class GtkCompositorWidget : public Compo
   RefPtr<mozilla::layers::NativeLayerRoot> GetNativeLayerRoot() override;
 #endif
   // PlatformCompositorWidgetDelegate Overrides
   void NotifyClientSizeChanged(const LayoutDeviceIntSize& aClientSize) override;
   GtkCompositorWidget* AsGtkCompositorWidget() override { return this; }
 +  UniquePtr<MozContainerSurfaceLock> LockSurface();
 +
  private:
 #if defined(MOZ_WAYLAND)
   void ConfigureWaylandBackend();
 #endif
 #if defined(MOZ_X11)
   void ConfigureX11Backend(Window aXWindow, bool aShaped);
 #endif
 #ifdef MOZ_LOGGING
 diff --git a/widget/gtk/nsWindow.cpp b/widget/gtk/nsWindow.cpp
 --- a/widget/gtk/nsWindow.cpp
 +++ b/widget/gtk/nsWindow.cpp
@@ -10271,8 +10271,15 @@ void nsWindow::SetDragSource(GdkDragCont
   mSourceDragContext = aSourceDragContext;
   if (IsPopup() &&
       (widget::GdkIsWaylandDisplay() || widget::IsXWaylandProtocol())) {
     if (auto* menuPopupFrame = GetMenuPopupFrame(GetFrame())) {
       menuPopupFrame->SetIsDragSource(!!aSourceDragContext);
     }
   }
 }
 +
 +UniquePtr<MozContainerSurfaceLock> nsWindow::LockSurface() {
 +  if (mIsDestroyed) {
 +    return nullptr;
 +  }
 +  return MakeUnique<MozContainerSurfaceLock>(mContainer);
 +}
 diff --git a/widget/gtk/nsWindow.h b/widget/gtk/nsWindow.h
 --- a/widget/gtk/nsWindow.h
 +++ b/widget/gtk/nsWindow.h
@@ -8,16 +8,17 @@
 #ifndef __nsWindow_h__
 #define __nsWindow_h__
 #include <gdk/gdk.h>
 #include <gtk/gtk.h>
 #include "CompositorWidget.h"
 #include "MozContainer.h"
 +#include "MozContainerSurfaceLock.h"
 #include "VsyncSource.h"
 #include "mozilla/EventForwards.h"
 #include "mozilla/Maybe.h"
 #include "mozilla/RefPtr.h"
 #include "mozilla/TouchEvents.h"
 #include "mozilla/UniquePtr.h"
 #include "mozilla/RWLock.h"
 #include "mozilla/widget/WindowSurface.h"
@@ -416,16 +417,18 @@ class nsWindow final : public nsBaseWidg
   static bool TitlebarUseShapeMask();
   bool IsRemoteContent() { return HasRemoteContent(); }
   void NativeMoveResizeWaylandPopupCallback(const GdkRectangle* aFinalSize,
                                             bool aFlippedX, bool aFlippedY);
   static bool IsToplevelWindowTransparent();
   static nsWindow* GetFocusedWindow();
 +  mozilla::UniquePtr<MozContainerSurfaceLock> LockSurface();
 +
 #ifdef MOZ_WAYLAND
   // Use xdg-activation protocol to transfer focus from gFocusWindow to aWindow.
   static void TransferFocusToWaylandWindow(nsWindow* aWindow);
   void FocusWaylandWindow(const char* aTokenID);
   bool GetCSDDecorationOffset(int* aDx, int* aDy);
   bool SetEGLNativeWindowSize(const LayoutDeviceIntSize& aEGLWindowSize);
   void WaylandDragWorkaround(GdkEventButton* aEvent);
 # HG changeset patch
 # User stransky <stransky@redhat.com>
 # Date 1720609193 0
 # Node ID eb230ecdf8eb26a9ed340873b58fe7b71f94f8e8
 # Parent  a264ff9e9f6f87ca0520a884b29c4be90001533e
 Bug 1898476 [Wayland] Lock Wayland surface before Swap buffers in RenderCompositorEGL r=emilio
 Depends on D214884
 Differential Revision: https://phabricator.services.mozilla.com/D214885
 diff --git a/gfx/webrender_bindings/RenderCompositorEGL.cpp b/gfx/webrender_bindings/RenderCompositorEGL.cpp
 --- a/gfx/webrender_bindings/RenderCompositorEGL.cpp
 +++ b/gfx/webrender_bindings/RenderCompositorEGL.cpp
@@ -149,16 +149,26 @@ RenderedFrameId RenderCompositorEGL::End
       const auto width = right - left;
       const auto height = bottom - top;
       bufferInvalid.OrWith(
           gfx::IntRect(left, (GetBufferSize().height - bottom), width, height));
     }
     gl()->SetDamage(bufferInvalid);
   }
 +
 +#ifdef MOZ_WIDGET_GTK
 +  // Rendering on Wayland has to be atomic (buffer attach + commit) and
 +  // wayland surface is also used by main thread so lock it before
 +  // we paint at SwapBuffers().
 +  UniquePtr<MozContainerSurfaceLock> lock;
 +  if (auto* gtkWidget = mWidget->AsGTK()) {
 +    lock = gtkWidget->LockSurface();
 +  }
 +#endif
   gl()->SwapBuffers();
   return frameId;
 }
 void RenderCompositorEGL::Pause() { DestroyEGLSurface(); }
 bool RenderCompositorEGL::Resume() {
   if (kIsAndroid) {
--- a/mozilla-bmo1907511.patch
+++ b/mozilla-bmo1907511.patch
@ -1,29 +0,0 @@
 # HG changeset patch
 # User stransky <stransky@redhat.com>
 # Date 1720807971 0
 # Node ID d8a0164db5db7090fd7549b03dd0391f7151649c
 # Parent  e243955016ffa880296b8d82cf531887dfb3ac22
 Bug 1907511 [Linux/X11] Check mWindow at GtkCompositorWidget::LockSurface() r=emilio
 Differential Revision: https://phabricator.services.mozilla.com/D216380
 diff --git a/widget/gtk/GtkCompositorWidget.cpp b/widget/gtk/GtkCompositorWidget.cpp
 --- a/widget/gtk/GtkCompositorWidget.cpp
 +++ b/widget/gtk/GtkCompositorWidget.cpp
@@ -207,13 +207,13 @@ void GtkCompositorWidget::SetRenderingSu
 #ifdef MOZ_LOGGING
 bool GtkCompositorWidget::IsPopup() {
   return mWidget ? mWidget->IsPopup() : false;
 }
 #endif
 UniquePtr<MozContainerSurfaceLock> GtkCompositorWidget::LockSurface() {
 -  return mWidget->LockSurface();
 +  return mWidget ? mWidget->LockSurface() : nullptr;
 }
 }  // namespace widget
 }  // namespace mozilla
--- a/mozilla-kde.patch
+++ b/mozilla-kde.patch
--- a/mozilla-ntlm-full-path.patch
+++ b/mozilla-ntlm-full-path.patch
@ -1,18 +1,28 @@
 # HG changeset patch
 # User Petr Cerny <pcerny@novell.com>
 # Parent 7308e4a7c1f769f4bbbc90870b849cadd99495a6
-# Parent  1c6a565013e4c5f3494f964269783939cd5ed0b8
+# Parent  3399aced682c232525633755ff79b37a0be75548
 Bug 634334 - call to the ntlm_auth helper fails
 diff --git a/extensions/auth/nsAuthSambaNTLM.cpp b/extensions/auth/nsAuthSambaNTLM.cpp
 --- a/extensions/auth/nsAuthSambaNTLM.cpp
 +++ b/extensions/auth/nsAuthSambaNTLM.cpp
-@@ -160,7 +160,7 @@ nsresult nsAuthSambaNTLM::SpawnNTLMAuthH
+@@ -148,17 +148,17 @@ nsresult nsAuthSambaNTLM::SpawnNTLMAuthH
-   const char* username = PR_GetEnv("USER");
+     }
-   if (!username) return NS_ERROR_FAILURE;
+ 
     base::LaunchOptions options;
     options.fds_to_remap.push_back(
         std::pair{toChildPipeRead.get(), STDIN_FILENO});
     options.fds_to_remap.push_back(
         std::pair{fromChildPipeWrite.get(), STDOUT_FILENO});
 -    std::vector<std::string> argvVec{"ntlm_auth",        "--helper-protocol",
 +    std::vector<std::string> argvVec{"/usr/bin/ntlm_auth",        "--helper-protocol",
                                      "ntlmssp-client-1", "--use-cached-creds",
                                      "--username",       username};
     auto result = base::LaunchApp(argvVec, std::move(options), &mChildPID);
     if (result.isErr()) {
       return NS_ERROR_FAILURE;
     }
 -  const char* const args[] = {"ntlm_auth",
 +  const char* const args[] = {"/usr/bin/ntlm_auth",
                               "--helper-protocol",
                               "ntlmssp-client-1",
                               "--use-cached-creds",
--- a/mozilla-rust-disable-future-incompat.patch
+++ b/mozilla-rust-disable-future-incompat.patch
@ -1,16 +0,0 @@
 # HG changeset patch
 # Parent  83a5e219b271976ee9dfa46b74ecc1c1c6d49f94
 Index: firefox-128.0/Cargo.toml
 ===================================================================
 --- firefox-128.0.orig/Cargo.toml
 +++ firefox-128.0/Cargo.toml
@@ -236,3 +236,8 @@ mio_0_8 = { package = "mio", git = "http
 # Patch `gpu-descriptor` 0.3.0 to remove unnecessary `allocator-api2` dep.:
 # Still waiting for the now-merged <https://github.com/zakarumych/gpu-descriptor/pull/40> to be released.
 gpu-descriptor = { git = "https://github.com/zakarumych/gpu-descriptor", rev = "7b71a4e47c81903ad75e2c53deb5ab1310f6ff4d" }
 +
 +# Package code v0.1.4 uses code "that will be rejected by a future version of Rust"
 +# Shut up such messages for now to make the build succeed
 +[future-incompat-report]
 +frequency = "never"
--- a/mozilla-silence-no-return-type.patch
+++ b/mozilla-silence-no-return-type.patch
@ -1,5 +1,5 @@
 # HG changeset patch
-# Parent  ed4bafa3b0d1f1da83e0a81545a0144602530a80
+# Parent  5cc2e34f46adee952bab6c6955d5b2d5a248d06a
 diff --git a/gfx/skia/skia/include/codec/SkEncodedOrigin.h b/gfx/skia/skia/include/codec/SkEncodedOrigin.h
 --- a/gfx/skia/skia/include/codec/SkEncodedOrigin.h
@ -363,7 +363,7 @@ diff --git a/intl/icu/source/i18n/number_rounding.cpp b/intl/icu/source/i18n/num
 diff --git a/js/src/irregexp/imported/regexp-parser.cc b/js/src/irregexp/imported/regexp-parser.cc
 --- a/js/src/irregexp/imported/regexp-parser.cc
 +++ b/js/src/irregexp/imported/regexp-parser.cc
-@@ -2776,16 +2776,17 @@ bool MayContainStrings(ClassSetOperandTy
+@@ -2780,16 +2780,17 @@ bool MayContainStrings(ClassSetOperandTy
       return false;
     case ClassSetOperandType::kCharacterClassEscape:
     case ClassSetOperandType::kClassStringDisjunction:
@ -405,7 +405,7 @@ diff --git a/third_party/libwebrtc/api/adaptation/resource.cc b/third_party/libw
 diff --git a/third_party/libwebrtc/api/rtp_parameters.cc b/third_party/libwebrtc/api/rtp_parameters.cc
 --- a/third_party/libwebrtc/api/rtp_parameters.cc
 +++ b/third_party/libwebrtc/api/rtp_parameters.cc
-@@ -28,16 +28,17 @@ const char* DegradationPreferenceToStrin
+@@ -32,16 +32,17 @@ const char* DegradationPreferenceToStrin
     case DegradationPreference::MAINTAIN_FRAMERATE:
       return "maintain-framerate";
     case DegradationPreference::MAINTAIN_RESOLUTION:
@ -426,7 +426,7 @@ diff --git a/third_party/libwebrtc/api/rtp_parameters.cc b/third_party/libwebrtc
 diff --git a/third_party/libwebrtc/api/video/video_frame_buffer.cc b/third_party/libwebrtc/api/video/video_frame_buffer.cc
 --- a/third_party/libwebrtc/api/video/video_frame_buffer.cc
 +++ b/third_party/libwebrtc/api/video/video_frame_buffer.cc
-@@ -101,16 +101,18 @@ const char* VideoFrameBufferTypeToString
+@@ -107,16 +107,18 @@ const char* VideoFrameBufferTypeToString
       return "kI210";
     case VideoFrameBuffer::Type::kI410:
       return "kI410";
@ -469,7 +469,7 @@ diff --git a/third_party/libwebrtc/api/video_codecs/video_codec.cc b/third_party
 diff --git a/third_party/libwebrtc/api/video_codecs/video_encoder_software_fallback_wrapper.cc b/third_party/libwebrtc/api/video_codecs/video_encoder_software_fallback_wrapper.cc
 --- a/third_party/libwebrtc/api/video_codecs/video_encoder_software_fallback_wrapper.cc
 +++ b/third_party/libwebrtc/api/video_codecs/video_encoder_software_fallback_wrapper.cc
-@@ -187,16 +187,17 @@ class VideoEncoderSoftwareFallbackWrappe
+@@ -186,16 +186,17 @@ class VideoEncoderSoftwareFallbackWrappe
         [[fallthrough]];
       case EncoderState::kMainEncoderUsed:
         return encoder_.get();
@ -487,7 +487,7 @@ diff --git a/third_party/libwebrtc/api/video_codecs/video_encoder_software_fallb
   // Settings used in the last InitEncode call and used if a dynamic fallback to
   // software is required.
-@@ -382,16 +383,17 @@ int32_t VideoEncoderSoftwareFallbackWrap
+@@ -381,16 +382,17 @@ int32_t VideoEncoderSoftwareFallbackWrap
     case EncoderState::kMainEncoderUsed: {
       return EncodeWithMainEncoder(frame, frame_types);
     }
@ -627,7 +627,7 @@ diff --git a/third_party/libwebrtc/call/video_send_stream.cc b/third_party/libwe
 diff --git a/third_party/libwebrtc/media/base/codec.cc b/third_party/libwebrtc/media/base/codec.cc
 --- a/third_party/libwebrtc/media/base/codec.cc
 +++ b/third_party/libwebrtc/media/base/codec.cc
-@@ -257,16 +257,17 @@ bool Codec::Matches(const Codec& codec) 
+@@ -267,16 +267,17 @@ bool Codec::Matches(const Codec& codec) 
                (codec.bitrate == 0 || bitrate <= 0 ||
                 bitrate == codec.bitrate) &&
                ((codec.channels < 2 && channels < 2) ||
@ -745,7 +745,7 @@ diff --git a/third_party/libwebrtc/modules/audio_processing/audio_processing_imp
     const StreamConfig& input_config,
     const StreamConfig& output_config) {
   AudioFormatValidity input_validity = ValidateAudioFormat(input_config);
-@@ -2420,16 +2421,17 @@ void AudioProcessingImpl::InitializeNois
+@@ -2176,16 +2177,17 @@ void AudioProcessingImpl::InitializeNois
             case NoiseSuppresionConfig::kModerate:
               return NsConfig::SuppressionLevel::k12dB;
             case NoiseSuppresionConfig::kHigh:
@ -763,40 +763,6 @@ diff --git a/third_party/libwebrtc/modules/audio_processing/audio_processing_imp
         cfg, proc_sample_rate_hz(), num_proc_channels());
   }
 }
 diff --git a/third_party/libwebrtc/modules/audio_processing/include/audio_processing.cc b/third_party/libwebrtc/modules/audio_processing/include/audio_processing.cc
 --- a/third_party/libwebrtc/modules/audio_processing/include/audio_processing.cc
 +++ b/third_party/libwebrtc/modules/audio_processing/include/audio_processing.cc
@@ -27,28 +27,30 @@ std::string NoiseSuppressionLevelToStrin
     case AudioProcessing::Config::NoiseSuppression::Level::kModerate:
       return "Moderate";
     case AudioProcessing::Config::NoiseSuppression::Level::kHigh:
       return "High";
     case AudioProcessing::Config::NoiseSuppression::Level::kVeryHigh:
       return "VeryHigh";
   }
   RTC_CHECK_NOTREACHED();
 +  return "";
 }
 std::string GainController1ModeToString(const Agc1Config::Mode& mode) {
   switch (mode) {
     case Agc1Config::Mode::kAdaptiveAnalog:
       return "AdaptiveAnalog";
     case Agc1Config::Mode::kAdaptiveDigital:
       return "AdaptiveDigital";
     case Agc1Config::Mode::kFixedDigital:
       return "FixedDigital";
   }
   RTC_CHECK_NOTREACHED();
 +  return "";
 }
 }  // namespace
 constexpr int AudioProcessing::kNativeSampleRatesHz[];
 void CustomProcessing::SetRuntimeSetting(
     AudioProcessing::RuntimeSetting setting) {}
 diff --git a/third_party/libwebrtc/modules/audio_processing/transient/transient_suppressor_impl.cc b/third_party/libwebrtc/modules/audio_processing/transient/transient_suppressor_impl.cc
 --- a/third_party/libwebrtc/modules/audio_processing/transient/transient_suppressor_impl.cc
 +++ b/third_party/libwebrtc/modules/audio_processing/transient/transient_suppressor_impl.cc
@ -821,7 +787,7 @@ diff --git a/third_party/libwebrtc/modules/audio_processing/transient/transient_
 diff --git a/third_party/libwebrtc/modules/congestion_controller/goog_cc/goog_cc_network_control.cc b/third_party/libwebrtc/modules/congestion_controller/goog_cc/goog_cc_network_control.cc
 --- a/third_party/libwebrtc/modules/congestion_controller/goog_cc/goog_cc_network_control.cc
 +++ b/third_party/libwebrtc/modules/congestion_controller/goog_cc/goog_cc_network_control.cc
-@@ -90,16 +90,18 @@ BandwidthLimitedCause GetBandwidthLimite
+@@ -81,16 +81,18 @@ BandwidthLimitedCause GetBandwidthLimite
       // Probes may not be sent in this state.
       return BandwidthLimitedCause::kLossLimitedBwe;
     case LossBasedState::kIncreasing:
@ -838,8 +804,8 @@ diff --git a/third_party/libwebrtc/modules/congestion_controller/goog_cc/goog_cc
 GoogCcNetworkController::GoogCcNetworkController(NetworkControllerConfig config,
                                                  GoogCcConfig goog_cc_config)
-     : key_value_config_(config.key_value_config ? config.key_value_config
+     : env_(config.env),
-                                                 : &trial_based_config_),
+       packet_feedback_only_(goog_cc_config.feedback_only),
 diff --git a/third_party/libwebrtc/modules/desktop_capture/linux/wayland/screencast_portal.cc b/third_party/libwebrtc/modules/desktop_capture/linux/wayland/screencast_portal.cc
 --- a/third_party/libwebrtc/modules/desktop_capture/linux/wayland/screencast_portal.cc
 +++ b/third_party/libwebrtc/modules/desktop_capture/linux/wayland/screencast_portal.cc
@ -864,7 +830,7 @@ diff --git a/third_party/libwebrtc/modules/desktop_capture/linux/wayland/screenc
 diff --git a/third_party/libwebrtc/modules/pacing/bitrate_prober.cc b/third_party/libwebrtc/modules/pacing/bitrate_prober.cc
 --- a/third_party/libwebrtc/modules/pacing/bitrate_prober.cc
 +++ b/third_party/libwebrtc/modules/pacing/bitrate_prober.cc
-@@ -79,16 +79,17 @@ bool BitrateProber::ReadyToSetActiveStat
+@@ -80,16 +80,17 @@ bool BitrateProber::ReadyToSetActiveStat
         return true;
       }
       // If config_.min_packet_size > 0, a "large enough" packet must be
@ -898,6 +864,27 @@ diff --git a/third_party/libwebrtc/modules/rtp_rtcp/source/create_video_rtp_depa
 }
 }  // namespace webrtc
 diff --git a/third_party/libwebrtc/modules/rtp_rtcp/source/rtcp_packet/congestion_control_feedback.cc b/third_party/libwebrtc/modules/rtp_rtcp/source/rtcp_packet/congestion_control_feedback.cc
 --- a/third_party/libwebrtc/modules/rtp_rtcp/source/rtcp_packet/congestion_control_feedback.cc
 +++ b/third_party/libwebrtc/modules/rtp_rtcp/source/rtcp_packet/congestion_control_feedback.cc
@@ -105,16 +105,17 @@ uint16_t To2BitEcn(rtc::EcnMarking ecn_m
       return 0;
     case rtc::EcnMarking::kEct1:
       return kEcnEct1 << 13;
     case rtc::EcnMarking::kEct0:
       return kEcnEct0 << 13;
     case rtc::EcnMarking::kCe:
       return kEcnCe << 13;
   }
 +  return 0; // should not be reached
 }
 rtc::EcnMarking ToEcnMarking(uint16_t receive_info) {
   const uint16_t ecn = (receive_info >> 13) & 0b11;
   if (ecn == kEcnEct1) {
     return rtc::EcnMarking::kEct1;
   }
   if (ecn == kEcnEct0) {
 diff --git a/third_party/libwebrtc/modules/rtp_rtcp/source/rtp_sender.cc b/third_party/libwebrtc/modules/rtp_rtcp/source/rtp_sender.cc
 --- a/third_party/libwebrtc/modules/rtp_rtcp/source/rtp_sender.cc
 +++ b/third_party/libwebrtc/modules/rtp_rtcp/source/rtp_sender.cc
@ -922,7 +909,7 @@ diff --git a/third_party/libwebrtc/modules/rtp_rtcp/source/rtp_sender.cc b/third
 diff --git a/third_party/libwebrtc/modules/video_coding/codecs/vp8/default_temporal_layers.cc b/third_party/libwebrtc/modules/video_coding/codecs/vp8/default_temporal_layers.cc
 --- a/third_party/libwebrtc/modules/video_coding/codecs/vp8/default_temporal_layers.cc
 +++ b/third_party/libwebrtc/modules/video_coding/codecs/vp8/default_temporal_layers.cc
-@@ -105,16 +105,17 @@ size_t BufferToIndex(Vp8BufferReference 
+@@ -104,16 +104,17 @@ size_t BufferToIndex(Vp8BufferReference 
       return 0;
     case Vp8FrameConfig::Vp8BufferReference::kGolden:
       return 1;
@ -964,7 +951,7 @@ diff --git a/third_party/libwebrtc/modules/video_coding/codecs/vp8/temporal_laye
 diff --git a/third_party/libwebrtc/modules/video_coding/h26x_packet_buffer.cc b/third_party/libwebrtc/modules/video_coding/h26x_packet_buffer.cc
 --- a/third_party/libwebrtc/modules/video_coding/h26x_packet_buffer.cc
 +++ b/third_party/libwebrtc/modules/video_coding/h26x_packet_buffer.cc
-@@ -66,16 +66,17 @@ bool BeginningOfIdr(const H26xPacketBuff
+@@ -58,16 +58,17 @@ bool BeginningOfIdr(const H26xPacketBuff
     case kH264StapA:
     case kH264SingleNalu: {
       return contains_idr_nalu;
@ -979,7 +966,7 @@ diff --git a/third_party/libwebrtc/modules/video_coding/h26x_packet_buffer.cc b/
 bool HasSps(const H26xPacketBuffer::Packet& packet) {
   auto& h264_header =
       absl::get<RTPVideoHeaderH264>(packet.video_header.video_type_header);
-   return absl::c_any_of(GetNaluInfos(h264_header), [](const auto& nalu_info) {
+   return absl::c_any_of(h264_header.nalus, [](const auto& nalu_info) {
     return nalu_info.type == H264::NaluType::kSps;
   });
 diff --git a/third_party/libwebrtc/video/adaptation/video_stream_encoder_resource_manager.cc b/third_party/libwebrtc/video/adaptation/video_stream_encoder_resource_manager.cc
@ -1003,3 +990,45 @@ diff --git a/third_party/libwebrtc/video/adaptation/video_stream_encoder_resourc
     flags.resize(codec.VP9().numberOfSpatialLayers);
     for (size_t i = 0; i < flags.size(); ++i) {
       flags[i] = codec.spatialLayers[i].active;
 diff --git a/third_party/libwebrtc/video/config/encoder_stream_factory.cc b/third_party/libwebrtc/video/config/encoder_stream_factory.cc
 --- a/third_party/libwebrtc/video/config/encoder_stream_factory.cc
 +++ b/third_party/libwebrtc/video/config/encoder_stream_factory.cc
@@ -104,16 +104,17 @@ int GetDefaultMaxQp(webrtc::VideoCodecTy
     case webrtc::kVideoCodecH265:
       return kDefaultVideoMaxQpH26x;
     case webrtc::kVideoCodecVP8:
     case webrtc::kVideoCodecVP9:
     case webrtc::kVideoCodecAV1:
     case webrtc::kVideoCodecGeneric:
       return kDefaultVideoMaxQpVpx;
   }
 +  return kDefaultVideoMaxQpVpx; // fake return for hopefully not reached
 }
 // Round size to nearest simulcast-friendly size.
 // Simulcast stream width and height must both be dividable by
 // |2 ^ (simulcast_layers - 1)|.
 int NormalizeSimulcastSize(const FieldTrialsView& field_trials,
                            int size,
                            size_t simulcast_layers) {
 diff --git a/third_party/libwebrtc/video/quality_convergence_controller.cc b/third_party/libwebrtc/video/quality_convergence_controller.cc
 --- a/third_party/libwebrtc/video/quality_convergence_controller.cc
 +++ b/third_party/libwebrtc/video/quality_convergence_controller.cc
@@ -31,16 +31,17 @@ int GetDefaultStaticQpThreshold(VideoCod
       return kAv1DefaultStaticQpThreshold;
     case kVideoCodecGeneric:
     case kVideoCodecH264:
     case kVideoCodecH265:
       // -1 will effectively disable the static QP threshold since QP values are
       // always >= 0.
       return -1;
   }
 +  return -1;
 }
 }  // namespace
 void QualityConvergenceController::Initialize(
     int number_of_layers,
     absl::optional<int> static_qp_threshold,
     VideoCodecType codec,
     const FieldTrialsView& trials) {
--- a/8
+++ b/8
@ -1,10 +1,10 @@
 PRODUCT="firefox"
 CHANNEL="release"
-VERSION="129.0.1"
+VERSION="133.0"
 VERSION_SUFFIX=""
-PREV_VERSION="129.0"
+PREV_VERSION="132.0.2"
 PREV_VERSION_SUFFIX=""
 #SKIP_LOCALES="" # Uncomment to skip l10n and compare-locales-generation
 RELEASE_REPO="https://hg.mozilla.org/releases/mozilla-release"
-RELEASE_TAG="9a56b747aa5f53cb8784337f8c5d6a056d11c5e7"
+RELEASE_TAG="8141aab3ba856d7cbae6c851dd71f2e0cb69649c"
-RELEASE_TIMESTAMP="20240812083845"
+RELEASE_TIMESTAMP="20241121140525"
Author	SHA256	Message	Date
Ana Guerrero	d1d6a0968b	Accepting request 1226801 from mozilla:Factory - Mozilla Firefox 133.0 https://www.mozilla.org/en-US/firefox/133.0/releasenotes MFSA 2024-63 (bsc#1233695) * CVE-2024-11691 (bmo#1914707, bmo#1924184) Memory corruption in Apple GPU drivers * CVE-2024-11700 (bmo#1836921) Potential Tapjacking Exploit for Intent Confirmation on Android * CVE-2024-11692 (bmo#1909535) Select list elements could be shown over another site * CVE-2024-11701 (bmo#1914797) Misleading Address Bar State During Navigation Interruption * CVE-2024-11702 (bmo#1918884) Inadequate Clipboard Protection in Private Browsing Mode on Android * CVE-2024-11693 (bmo#1921458) Download Protections were bypassed by .library-ms files on Windows * CVE-2024-11694 (bmo#1924167) CSP Bypass and XSS Exposure via Web Compatibility Shims * CVE-2024-11695 (bmo#1925496) URL Bar Spoofing via Manipulated Punycode and Whitespace Characters * CVE-2024-11703 (bmo#1928779) Password access without authentication via PIN bypass on Android * CVE-2024-11696 (bmo#1929600) Unhandled Exception in Add-on Signature Verification * CVE-2024-11697 (bmo#1842187) Improper Keypress Handling in Executable File Confirmation Dialog * CVE-2024-11704 (bmo#1899402) Potential Double-Free Vulnerability in PKCS#7 Decryption Handling * CVE-2024-11698 (bmo#1916152) OBS-URL: https://build.opensuse.org/request/show/1226801 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaFirefox?expand=0&rev=443	2024-11-28 23:08:13 +00:00
Wolfgang Rosenauer	9e86c649c9	- Mozilla Firefox 133.0 https://www.mozilla.org/en-US/firefox/133.0/releasenotes MFSA 2024-63 (bsc#1233695) * CVE-2024-11691 (bmo#1914707, bmo#1924184) Memory corruption in Apple GPU drivers * CVE-2024-11700 (bmo#1836921) Potential Tapjacking Exploit for Intent Confirmation on Android * CVE-2024-11692 (bmo#1909535) Select list elements could be shown over another site * CVE-2024-11701 (bmo#1914797) Misleading Address Bar State During Navigation Interruption * CVE-2024-11702 (bmo#1918884) Inadequate Clipboard Protection in Private Browsing Mode on Android * CVE-2024-11693 (bmo#1921458) Download Protections were bypassed by .library-ms files on Windows * CVE-2024-11694 (bmo#1924167) CSP Bypass and XSS Exposure via Web Compatibility Shims * CVE-2024-11695 (bmo#1925496) URL Bar Spoofing via Manipulated Punycode and Whitespace Characters * CVE-2024-11703 (bmo#1928779) Password access without authentication via PIN bypass on Android * CVE-2024-11696 (bmo#1929600) Unhandled Exception in Add-on Signature Verification * CVE-2024-11697 (bmo#1842187) Improper Keypress Handling in Executable File Confirmation Dialog * CVE-2024-11704 (bmo#1899402) Potential Double-Free Vulnerability in PKCS#7 Decryption Handling * CVE-2024-11698 (bmo#1916152) OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=1191	2024-11-27 07:41:19 +00:00
Wolfgang Rosenauer	a409d8adda	- add mozilla-python313.patch to fix build with python 3.13+ * CVE-2018-12371 (bmo#1465686) * modifies the crash protection feature to increase the amount of time that plugins are allowed to be non-responsive before * firefox-bug506901.patch - improve UI colors to be usable with dark themes at all - added KDE integration patch from llunak@novell.com (firefox-kde.patch) * support for knotify, making -kde4-addon obsolete especially KDE integration: * added the ability to set the KDE default browser * MFSA 2009-05/CVE-2009-0357: XMLHttpRequest allows reading * MFSA 2009-04/CVE-2009-0356: Chrome privilege escalation via * MFSA 2009-02/CVE-2009-0354: XSS using a chrome XBL method * MFSA 2009-01/CVE-2009-0352 - CVE-2009-0353: Crashes with evidence of memory corruption (rv:1.9.0.6) (bmo#452913, * Make sure the search bar is not put back when resetting the - Update to stability/security release 3.0.1 (bnc#407573) + MFSA 2008-35 Command-line URLs launch multiple tabs when - Set browser.shell.checkDefaultBrowser to true (bnc#404119) - fix hardlinks accross partitions - move last change a bit further in specfile - Mark a .png file as nonexecutable. * MFSA 2007-26 Privilege escalation through chrome-loaded - Fixes bnc #295677 - added unzip to BuildRequires - updated tango theme Resuming your browsing session, Previewing and subscribing Improved Add-ons manager, JavaScript 1.7, Extended search OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=1190	2024-11-25 10:56:51 +00:00
Ana Guerrero	78130d13f6	Accepting request 1224785 from mozilla:Factory - Mozilla Firefox 132.0.2 * Fixed possible errors when playing encrypted media content through some streaming providers. (bmo#1929491) * Added a mitigation to help reduce the frequency of duplicated push notifications reported by some users. (bmo#1928868) * Fixed hangs when printing from some sites when using the system print dialog. (bmo#1898184) * Fixed a crash which could occur when using Microsoft SSO on macOS (bmo#1929622) * Fixed a crash in the Network Monitor developer tool which could occur in some circumstances. (bmo#1924882) OBS-URL: https://build.opensuse.org/request/show/1224785 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaFirefox?expand=0&rev=442	2024-11-18 18:56:43 +00:00
Wolfgang Rosenauer	df90b62ed6	- Mozilla Firefox 132.0.2 * Fixed possible errors when playing encrypted media content through some streaming providers. (bmo#1929491) * Added a mitigation to help reduce the frequency of duplicated push notifications reported by some users. (bmo#1928868) * Fixed hangs when printing from some sites when using the system print dialog. (bmo#1898184) * Fixed a crash which could occur when using Microsoft SSO on macOS (bmo#1929622) * Fixed a crash in the Network Monitor developer tool which could occur in some circumstances. (bmo#1924882) OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=1188	2024-11-15 13:48:17 +00:00
Dominique Leuenberger	cd12b8e0e6	Accepting request 1223284 from mozilla:Factory - require xdg-desktop-portal (boo#1233166) - Mozilla Firefox 132.0.1 * Fixed issues causing intermittent video playback problems on some sites. (bmo#1928484, bmo#1928798) - remove KDE integration patches - mozilla-kde.patch - firefox-kde.patch on KDE use these settings instead widget.use-xdg-desktop-portal.file-picker=1 widget.use-xdg-desktop-portal.mime-handler=1 (those are set by the latest branding package as well) - Mozilla Firefox 132.0 https://www.mozilla.org/en-US/firefox/132.0/releasenotes MFSA 2024-55 (bsc#1231879) * CVE-2024-10458 (bmo#1921733) Permission leak via embed or object elements * CVE-2024-10459 (bmo#1919087) Use-after-free in layout with accessibility * CVE-2024-10460 (bmo#1912537) Confusing display of origin for external protocol handler prompt * CVE-2024-10461 (bmo#1914521) XSS due to Content-Disposition being ignored in multipart/x-mixed-replace response * CVE-2024-10462 (bmo#1920423) Origin of permission prompt could be spoofed by long URL * CVE-2024-10463 (bmo#1920800) Cross origin video frame leak * CVE-2024-10468 (bmo#1914982) OBS-URL: https://build.opensuse.org/request/show/1223284 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaFirefox?expand=0&rev=441	2024-11-11 12:43:37 +00:00
Wolfgang Rosenauer	f50f411e72	- require xdg-desktop-portal (boo#1233166) OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=1186	2024-11-11 07:13:08 +00:00
Wolfgang Rosenauer	944ffaaffb	OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=1185	2024-11-06 08:15:15 +00:00
Wolfgang Rosenauer	d5ecca7d59	- Mozilla Firefox 132.0.1 * Fixed issues causing intermittent video playback problems on some sites. (bmo#1928484, bmo#1928798) - remove KDE integration patches - mozilla-kde.patch - firefox-kde.patch on KDE use these settings instead widget.use-xdg-desktop-portal.file-picker=1 widget.use-xdg-desktop-portal.mime-handler=1 (those are set by the latest branding package as well) - Mozilla Firefox 132.0 https://www.mozilla.org/en-US/firefox/132.0/releasenotes MFSA 2024-55 (bsc#1231879) * CVE-2024-10458 (bmo#1921733) Permission leak via embed or object elements * CVE-2024-10459 (bmo#1919087) Use-after-free in layout with accessibility * CVE-2024-10460 (bmo#1912537) Confusing display of origin for external protocol handler prompt * CVE-2024-10461 (bmo#1914521) XSS due to Content-Disposition being ignored in multipart/x-mixed-replace response * CVE-2024-10462 (bmo#1920423) Origin of permission prompt could be spoofed by long URL * CVE-2024-10463 (bmo#1920800) Cross origin video frame leak * CVE-2024-10468 (bmo#1914982) Race conditions in IndexedDB * CVE-2024-10464 (bmo#1913000) OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=1184	2024-11-05 10:48:26 +00:00
Ana Guerrero	446a0e7696	Accepting request 1208839 from mozilla:Factory - Mozilla Firefox 131.0.3 * some users could not access the Bill Pay portion of their bank's site (bmo#1923500) * some VR180 and 360 videos were not properly rendering on YouTube (bmo#1922278) * Fixed a crash that Windows users with Avast or AVG security software were experiencing when visiting certain sites. (bmo#1919678) * "List all tabs" button was not able to be moved from the toolbar (bmo#1918681) NFSA 2024-53 * CVE-2024-9936 (bmo#1920381) Undefined behavior in selection node cache - remove obsolete mozilla-rust-disable-future-incompat.patch OBS-URL: https://build.opensuse.org/request/show/1208839 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaFirefox?expand=0&rev=440	2024-10-20 08:13:22 +00:00
Wolfgang Rosenauer	46b65f8c49	- Mozilla Firefox 131.0.3 * some users could not access the Bill Pay portion of their bank's site (bmo#1923500) * some VR180 and 360 videos were not properly rendering on YouTube (bmo#1922278) * Fixed a crash that Windows users with Avast or AVG security software were experiencing when visiting certain sites. (bmo#1919678) * "List all tabs" button was not able to be moved from the toolbar (bmo#1918681) NFSA 2024-53 * CVE-2024-9936 (bmo#1920381) Undefined behavior in selection node cache - remove obsolete mozilla-rust-disable-future-incompat.patch OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=1182	2024-10-18 10:29:37 +00:00
Ana Guerrero	51bca241c8	Accepting request 1206551 from mozilla:Factory - Mozilla Firefox 131.0.2 MFSA 2024-51 (bsc#1231413) * CVE-2024-9680 (bmo#1923344) Use-after-free in Animation timeline OBS-URL: https://build.opensuse.org/request/show/1206551 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaFirefox?expand=0&rev=439	2024-10-11 15:01:08 +00:00
Wolfgang Rosenauer	fe2ab4d47d	- Mozilla Firefox 131.0.2 MFSA 2024-51 (bsc#1231413) * CVE-2024-9680 (bmo#1923344) Use-after-free in Animation timeline OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=1180	2024-10-09 14:55:13 +00:00
Ana Guerrero	b292b641fd	Accepting request 1205704 from mozilla:Factory - Firefox 131.0 https://www.mozilla.org/en-US/firefox/131.0/releasenotes/ MFSA 2024-46 (bsc#1230979) * CVE-2024-9391 (bmo#1892407) Prevent users from exiting full-screen mode in Firefox Focus for Android * CVE-2024-9392 (bmo#1899154, bmo#1905843) Compromised content process can bypass site isolation * CVE-2024-9393 (bmo#1918301) Cross-origin access to PDF contents through multipart responses * CVE-2024-9394 (bmo#1918874) Cross-origin access to JSON contents through multipart responses * CVE-2024-9395 (bmo#1906024) Specially crafted filename could be used to obscure download type * CVE-2024-9396 (bmo#1912471) Potential memory corruption may occur when cloning certain objects * CVE-2024-9397 (bmo#1916659) Potential directory upload bypass via clickjacking * CVE-2024-9398 (bmo#1881037) External protocol handlers could be enumerated via popups * CVE-2024-9399 (bmo#1907726) Specially crafted WebTransport requests could lead to denial of service * CVE-2024-9400 (bmo#1915249) Potential memory corruption during JIT compilation * CVE-2024-9401 (bmo#1872744, bmo#1897792, bmo#1911317, bmo#1916476) Memory safety bugs fixed in Firefox 131, Firefox ESR 115.16, Firefox ESR 128.3, Thunderbird 131, and Thunderbird 128.3 * CVE-2024-9402 (bmo#1872744, bmo#1897792, bmo#1911317, bmo#1913445, OBS-URL: https://build.opensuse.org/request/show/1205704 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaFirefox?expand=0&rev=438	2024-10-06 15:51:24 +00:00
Wolfgang Rosenauer	d873e57e81	- Firefox 131.0 https://www.mozilla.org/en-US/firefox/131.0/releasenotes/ MFSA 2024-46 (bsc#1230979) * CVE-2024-9391 (bmo#1892407) Prevent users from exiting full-screen mode in Firefox Focus for Android * CVE-2024-9392 (bmo#1899154, bmo#1905843) Compromised content process can bypass site isolation * CVE-2024-9393 (bmo#1918301) Cross-origin access to PDF contents through multipart responses * CVE-2024-9394 (bmo#1918874) Cross-origin access to JSON contents through multipart responses * CVE-2024-9395 (bmo#1906024) Specially crafted filename could be used to obscure download type * CVE-2024-9396 (bmo#1912471) Potential memory corruption may occur when cloning certain objects * CVE-2024-9397 (bmo#1916659) Potential directory upload bypass via clickjacking * CVE-2024-9398 (bmo#1881037) External protocol handlers could be enumerated via popups * CVE-2024-9399 (bmo#1907726) Specially crafted WebTransport requests could lead to denial of service * CVE-2024-9400 (bmo#1915249) Potential memory corruption during JIT compilation * CVE-2024-9401 (bmo#1872744, bmo#1897792, bmo#1911317, bmo#1916476) Memory safety bugs fixed in Firefox 131, Firefox ESR 115.16, Firefox ESR 128.3, Thunderbird 131, and Thunderbird 128.3 * CVE-2024-9402 (bmo#1872744, bmo#1897792, bmo#1911317, bmo#1913445, bmo#1914106, bmo#1914475, bmo#1914963, bmo#1915008, bmo#1916476) OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=1178	2024-10-04 13:15:49 +00:00
Ana Guerrero	e21c4e6bf7	Accepting request 1202047 from mozilla:Factory ------------------------------------------------------------------ - Firefox 130.0.1 Release https://www.mozilla.org/en-US/firefox/130.0.1/releasenotes * Enterprise: Added an enterprise policy to disable the Firefox Labs section in Settings. (bmo#1911826) * Fixed a recent regression causing some UI elements to be rendered as left-to-right instead of right-to-left for users of our Saraiki localization. (bmo#1917175) * Linux: Fixed black rendering of AVIF images when Firefox is built with GCC. (bmo#1916038) - removed obsolete patches mozilla-bmo1916038.patch - Mozilla Firefox 130.0 https://www.mozilla.org/en-US/firefox/130.0/releasenotes MFSA 2024-39 (bsc#1229821) * CVE-2024-8385 (bmo#1911909) WASM type confusion involving ArrayTypes * CVE-2024-8381 (bmo#1912715) Type confusion when looking up a property name in a "with" block * CVE-2024-8388 (bmo#1902996, bmo#1839074, bmo#1865413, bmo#1868970, bmo#1873367, bmo#1877820, bmo#1884642, bmo#1886469, bmo#1894326, bmo#1894891, bmo#1897648) Fullscreen notice on Android could be hidden under various panels and OS prompts * CVE-2024-8382 (bmo#1906744) Internal event interfaces were exposed to web content when browser EventHandler listener callbacks ran * CVE-2024-8383 (bmo#1908496) Firefox did not ask before openings news: links in an OBS-URL: https://build.opensuse.org/request/show/1202047 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaFirefox?expand=0&rev=437	2024-09-22 09:05:23 +00:00
Wolfgang Rosenauer	4ad63c96a3	- Update dependency on clang-devel from LLVM15 to LLVM18 - Added mozilla-bmo1746799.patch to fix incorrect audio volume scaling OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=1176	2024-09-19 20:06:25 +00:00
Wolfgang Rosenauer	1b43cd3da8	https://www.mozilla.org/en-US/firefox/130.0.1/releasenotes https://www.mozilla.org/en-US/firefox/130.0/releasenotes OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=1175	2024-09-19 16:55:30 +00:00
Wolfgang Rosenauer	f2f6b49a7f	------------------------------------------------------------------ - Firefox 130.0.1 Release * Enterprise: Added an enterprise policy to disable the Firefox Labs section in Settings. (bmo#1911826) * Fixed a recent regression causing some UI elements to be rendered as left-to-right instead of right-to-left for users of our Saraiki localization. (bmo#1917175) * Linux: Fixed black rendering of AVIF images when Firefox is built with GCC. (bmo#1916038) - removed obsolete patches mozilla-bmo1916038.patch - Mozilla Firefox 130.0 MFSA 2024-39 (bsc#1229821) * CVE-2024-8385 (bmo#1911909) WASM type confusion involving ArrayTypes * CVE-2024-8381 (bmo#1912715) Type confusion when looking up a property name in a "with" block * CVE-2024-8388 (bmo#1902996, bmo#1839074, bmo#1865413, bmo#1868970, bmo#1873367, bmo#1877820, bmo#1884642, bmo#1886469, bmo#1894326, bmo#1894891, bmo#1897648) Fullscreen notice on Android could be hidden under various panels and OS prompts * CVE-2024-8382 (bmo#1906744) Internal event interfaces were exposed to web content when browser EventHandler listener callbacks ran * CVE-2024-8383 (bmo#1908496) Firefox did not ask before openings news: links in an external application * CVE-2024-8384 (bmo#1911288) OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=1174	2024-09-19 16:43:14 +00:00