From 2db411fcaea7451b02a6ea68a35f0a4bbfd2c061 Mon Sep 17 00:00:00 2001 From: James Antill Date: Mon, 27 Feb 2023 13:00:15 -0500 Subject: [PATCH] Import rpm: c8s --- .gitignore | 11 +- ...fix-mozillaSignalTrampoline-to-work-.patch | 12 +++ Bug-1526653---fix_user_vfp_armv7.patch | 35 ++++++ firefox-centos-default-prefs.js | 35 ++++++ firefox-mozconfig | 1 + firefox.sh.in | 101 ++++++++++++++++++ firefox.spec | 89 +++------------ sources | 6 +- 8 files changed, 208 insertions(+), 82 deletions(-) create mode 100644 Bug-1238661---fix-mozillaSignalTrampoline-to-work-.patch create mode 100644 Bug-1526653---fix_user_vfp_armv7.patch create mode 100644 firefox-centos-default-prefs.js diff --git a/.gitignore b/.gitignore index 143af6a..15e2d33 100644 --- a/.gitignore +++ b/.gitignore @@ -1,5 +1,10 @@ +SOURCES/cbindgen-vendor.tar.xz +SOURCES/firefox-91.2.0esr.processed-source.tar.xz +SOURCES/firefox-langpacks-91.2.0esr-20210929.tar.xz +SOURCES/nspr-4.32.0-1.el8_1.src.rpm +SOURCES/nss-3.67.0-6.el8_1.src.rpm /cbindgen-vendor.tar.xz -/firefox-91.8.0esr.processed-source.tar.xz -/firefox-langpacks-91.8.0esr-20220405.tar.xz +/firefox-91.2.0esr.processed-source.tar.xz +/firefox-langpacks-91.2.0esr-20210929.tar.xz /nspr-4.32.0-1.el8_1.src.rpm -/nss-3.67.0-7.el8_1.src.rpm +/nss-3.67.0-6.el8_1.src.rpm diff --git a/Bug-1238661---fix-mozillaSignalTrampoline-to-work-.patch b/Bug-1238661---fix-mozillaSignalTrampoline-to-work-.patch new file mode 100644 index 0000000..6dfe2ad --- /dev/null +++ b/Bug-1238661---fix-mozillaSignalTrampoline-to-work-.patch @@ -0,0 +1,12 @@ +diff -up firefox-60.0/mfbt/LinuxSignal.h.mozilla-1238661 firefox-60.0/mfbt/LinuxSignal.h +--- firefox-60.0/mfbt/LinuxSignal.h.mozilla-1238661 2018-04-27 08:55:38.848241768 +0200 ++++ firefox-60.0/mfbt/LinuxSignal.h 2018-04-27 09:06:47.946769859 +0200 +@@ -22,7 +22,7 @@ __attribute__((naked)) void SignalTrampo + void* aContext) { + asm volatile("nop; nop; nop; nop" : : : "memory"); + +- asm volatile("b %0" : : "X"(H) : "memory"); ++ asm volatile("bx %0" : : "r"(H), "l"(aSignal), "l"(aInfo), "l"(aContext) : "memory"); + } + + # define MOZ_SIGNAL_TRAMPOLINE(h) (mozilla::SignalTrampoline) diff --git a/Bug-1526653---fix_user_vfp_armv7.patch b/Bug-1526653---fix_user_vfp_armv7.patch new file mode 100644 index 0000000..3f84f95 --- /dev/null +++ b/Bug-1526653---fix_user_vfp_armv7.patch @@ -0,0 +1,35 @@ +From fd6847c9416f9eebde636e21d794d25d1be8791d Mon Sep 17 00:00:00 2001 +From: Mike Hommey +Date: Sat, 1 Jun 2019 09:06:01 +0900 +Subject: [PATCH] Bug 1526653 - Include struct definitions for user_vfp and + user_vfp_exc. + +--- + js/src/wasm/WasmSignalHandlers.cpp | 11 ++++++++++- + 1 file changed, 10 insertions(+), 1 deletion(-) + +diff --git a/js/src/wasm/WasmSignalHandlers.cpp b/js/src/wasm/WasmSignalHandlers.cpp +index 636537f8478..383c380f04c 100644 +--- a/js/src/wasm/WasmSignalHandlers.cpp ++++ b/js/src/wasm/WasmSignalHandlers.cpp +@@ -248,7 +248,16 @@ using mozilla::DebugOnly; + #endif + + #ifdef WASM_EMULATE_ARM_UNALIGNED_FP_ACCESS +-# include ++struct user_vfp { ++ unsigned long long fpregs[32]; ++ unsigned long fpscr; ++}; ++ ++struct user_vfp_exc { ++ unsigned long fpexc; ++ unsigned long fpinst; ++ unsigned long fpinst2; ++}; + #endif + + #if defined(ANDROID) +-- +2.20.1 + diff --git a/firefox-centos-default-prefs.js b/firefox-centos-default-prefs.js new file mode 100644 index 0000000..ea10021 --- /dev/null +++ b/firefox-centos-default-prefs.js @@ -0,0 +1,35 @@ +pref("app.update.auto", false); +pref("app.update.enabled", false); +pref("app.update.autoInstallEnabled", false); +pref("general.smoothScroll", true); +pref("intl.locale.matchOS", true); +pref("toolkit.storage.synchronous", 0); +pref("toolkit.networkmanager.disable", false); +pref("offline.autoDetect", true); +pref("browser.backspace_action", 2); +pref("browser.display.use_system_colors", true); +pref("browser.download.folderList", 1); +pref("browser.link.open_external", 3); +pref("browser.shell.checkDefaultBrowser", false); +pref("network.manage-offline-status", true); +pref("extensions.shownSelectionUI", true); +pref("ui.SpellCheckerUnderlineStyle", 1); +pref("startup.homepage_override_url", "http://www.centos.org"); +pref("startup.homepage_welcome_url", "http://www.centos.org"); +pref("browser.startup.homepage", "data:text/plain,browser.startup.homepage=file:///usr/share/doc/HTML/index.html"); +pref("geo.wifi.uri", "https://location.services.mozilla.com/v1/geolocate?key=%MOZILLA_API_KEY%"); +pref("media.gmp-gmpopenh264.provider.enabled",false); +pref("media.gmp-gmpopenh264.autoupdate",false); +pref("media.gmp-gmpopenh264.enabled",false); +pref("media.gmp-gmpopenh264.enabled",false); +pref("plugins.notifyMissingFlash", false); +/* See https://bugzilla.redhat.com/show_bug.cgi?id=1226489 */ +pref("browser.display.use_system_colors", false); +pref("layers.use-image-offscreen-surfaces", false); +/* Allow sending credetials to all https:// sites */ +pref("network.negotiate-auth.trusted-uris", "https://"); +pref("security.use_sqldb", false); +/* Use OS settings for UI language */ +pref("intl.locale.requested", ""); +/* See https://bugzilla.redhat.com/show_bug.cgi?id=1672424 */ +pref("storage.nfs_filesystem", true); diff --git a/firefox-mozconfig b/firefox-mozconfig index 6c7afd7..9e8a32f 100644 --- a/firefox-mozconfig +++ b/firefox-mozconfig @@ -12,6 +12,7 @@ ac_add_options --enable-chrome-format=omni ac_add_options --enable-pulseaudio ac_add_options --without-system-icu ac_add_options --enable-release +ac_add_options --update-channel=release ac_add_options --allow-addon-sideload ac_add_options --with-system-jpeg ac_add_options --enable-js-shell diff --git a/firefox.sh.in b/firefox.sh.in index 06c10ed..ecff558 100644 --- a/firefox.sh.in +++ b/firefox.sh.in @@ -61,6 +61,8 @@ if [ ! -r $MOZ_LIB_DIR/firefox/$MOZ_FIREFOX_FILE ]; then MOZ_LIB_DIR="$SECONDARY_LIB_DIR" fi MOZ_DIST_BIN="$MOZ_LIB_DIR/firefox" +MOZ_LANGPACKS_DIR="$MOZ_DIST_BIN/langpacks" +MOZ_EXTENSIONS_PROFILE_DIR="$HOME/.mozilla/extensions/{ec8030f7-c20a-464f-9b0e-13a3a9e97384}" MOZ_PROGRAM="$MOZ_DIST_BIN/$MOZ_FIREFOX_FILE" MOZ_LAUNCHER="$MOZ_DIST_BIN/run-mozilla.sh" @@ -98,6 +100,12 @@ export MOZ_PLUGIN_PATH ## export MOZ_APP_LAUNCHER="%PREFIX%/bin/firefox" +## +## Set FONTCONFIG_PATH for Xft/fontconfig +## +FONTCONFIG_PATH="/etc/fonts:${MOZILLA_FIVE_HOME}/res/Xft" +export FONTCONFIG_PATH + ## ## In order to better support certain scripts (such as Indic and some CJK ## scripts), Fedora builds its Firefox, with permission from the Mozilla @@ -127,6 +135,76 @@ export G_SLICE=always-malloc ## export MOZ_USE_XINPUT2=1 +# OK, here's where all the real work gets done + + +## +## To disable the use of Firefox localization, set MOZ_DISABLE_LANGPACKS=1 +## in your environment before launching Firefox. +## +# +# MOZ_DISABLE_LANGPACKS=1 +# export MOZ_DISABLE_LANGPACKS +# + +## +## Automatically installed langpacks are tracked by .fedora-langpack-install +## config file. +## +FEDORA_LANGPACK_CONFIG="$MOZ_EXTENSIONS_PROFILE_DIR/.fedora-langpack-install" + +MOZILLA_DOWN=0 +if ! [ $MOZ_DISABLE_LANGPACKS ] || [ $MOZ_DISABLE_LANGPACKS -eq 0 ]; then + if [ -x $MOZ_DIST_BIN/$MOZ_FIREFOX_FILE ]; then + # Is firefox running? + pidof firefox > /dev/null 2>&1 + MOZILLA_DOWN=$? + fi +fi + +# Modify language pack configuration only when firefox is not running +# and language packs are not disabled +if [ $MOZILLA_DOWN -ne 0 ]; then + + # Clear already installed langpacks + mkdir -p $MOZ_EXTENSIONS_PROFILE_DIR + if [ -f $FEDORA_LANGPACK_CONFIG ]; then + rm `cat $FEDORA_LANGPACK_CONFIG` > /dev/null 2>&1 + rm $FEDORA_LANGPACK_CONFIG > /dev/null 2>&1 + # remove all empty langpacks dirs while they block installation of langpacks + rmdir $MOZ_EXTENSIONS_PROFILE_DIR/langpack* > /dev/null 2>&1 + fi + + # Get locale from system + CURRENT_LOCALE=$LC_ALL + CURRENT_LOCALE=${CURRENT_LOCALE:-$LC_MESSAGES} + CURRENT_LOCALE=${CURRENT_LOCALE:-$LANG} + + # Try with a local variant first, then without a local variant + SHORTMOZLOCALE=`echo $CURRENT_LOCALE | sed "s|_\([^.]*\).*||g"` + MOZLOCALE=`echo $CURRENT_LOCALE | sed "s|_\([^.]*\).*|-\1|g"` + + function create_langpack_link() { + local language=$* + local langpack=langpack-${language}@firefox.mozilla.org.xpi + if [ -f $MOZ_LANGPACKS_DIR/$langpack ]; then + rm -rf $MOZ_EXTENSIONS_PROFILE_DIR/$langpack + # If the target file is a symlink (the fallback langpack), + # install the original file instead of the fallback one + if [ -h $MOZ_LANGPACKS_DIR/$langpack ]; then + langpack=`readlink $MOZ_LANGPACKS_DIR/$langpack` + fi + ln -s $MOZ_LANGPACKS_DIR/$langpack \ + $MOZ_EXTENSIONS_PROFILE_DIR/$langpack + echo $MOZ_EXTENSIONS_PROFILE_DIR/$langpack > $FEDORA_LANGPACK_CONFIG + return 0 + fi + return 1 + } + + create_langpack_link $MOZLOCALE || create_langpack_link $SHORTMOZLOCALE || true +fi + # BEAST fix (rhbz#1005611) NSS_SSL_CBC_RANDOM_IV=${NSS_SSL_CBC_RANDOM_IV-1} export NSS_SSL_CBC_RANDOM_IV @@ -166,5 +244,28 @@ done # Don't throw "old profile" dialog box. export MOZ_ALLOW_DOWNGRADE=1 +# Make sure at-spi-bus is running +if ! dbus-send --session \ + --dest=org.freedesktop.DBus \ + --type=method_call \ + --print-reply \ + /org/freedesktop/DBus \ + org.freedesktop.DBus.ListNames \ + | grep org.a11y.Bus > /dev/null; then + if [ -f "$MOZ_LIB_DIR/firefox/bundled/libexec/at-spi-bus-launcher" ]; then + echo "Starting a11y dbus service..." + $MOZ_LIB_DIR/firefox/bundled/libexec/at-spi-bus-launcher & + else + echo "Running without a11y support!" + fi +fi + # Run the browser +debugging=0 +if [ $debugging = 1 ] +then + echo $MOZ_LAUNCHER $script_args $MOZ_PROGRAM "$@" +fi + + exec $MOZ_LAUNCHER $script_args $MOZ_PROGRAM "$@" diff --git a/firefox.spec b/firefox.spec index ac49416..cd840a8 100644 --- a/firefox.spec +++ b/firefox.spec @@ -18,7 +18,7 @@ function dist_to_rhel_minor(str, start) end match = string.match(str, ".el8") if match then - return 6 + return 5 end return -1 end} @@ -97,12 +97,12 @@ end} # Minimal required versions %if 0%{?system_nss} -%global nspr_version 4.32 +%global nspr_version 4.25 # NSS/NSPR quite often ends in build override, so as requirement the version # we're building against could bring us some broken dependencies from time to time. #%global nspr_build_version %(pkg-config --silence-errors --modversion nspr 2>/dev/null || echo 65536) %global nspr_build_version %{nspr_version} -%global nss_version 3.67 +%global nss_version 3.53.1 #%global nss_build_version %(pkg-config --silence-errors --modversion nss 2>/dev/null || echo 65536) %global nss_build_version %{nss_version} %endif @@ -119,7 +119,7 @@ end} %global mozappdir %{_libdir}/%{name} %global mozappdirdev %{_libdir}/%{name}-devel-%{version} -%global langpackdir %{mozappdir}/browser/extensions +%global langpackdir %{mozappdir}/langpacks %global tarballdir %{name}-%{version} %global pre_version esr @@ -128,7 +128,7 @@ end} Summary: Mozilla Firefox Web browser Name: firefox -Version: 91.8.0 +Version: 91.2.0 Release: 1%{?dist} URL: https://www.mozilla.org/firefox/ License: MPLv1.1 or GPLv2+ or LGPLv2+ @@ -136,14 +136,10 @@ License: MPLv1.1 or GPLv2+ or LGPLv2+ ExcludeArch: %{ix86} %endif %if 0%{?rhel} == 8 - %if %{rhel_minor_version} == 1 -ExcludeArch: %{ix86} aarch64 s390x - %else ExcludeArch: %{ix86} - %endif %endif %if 0%{?rhel} == 7 -ExcludeArch: aarch64 s390 ppc +ExcludeArch: s390 ppc %endif # We can't use the official tarball as it contains some test files that use @@ -153,8 +149,7 @@ ExcludeArch: aarch64 s390 ppc # Link to official tarball: https://hg.mozilla.org/releases/mozilla-release/archive/firefox-%%{version}%%{?pre_version}.source.tar.xz Source0: firefox-%{version}%{?pre_version}.processed-source.tar.xz %if %{build_langpacks} -Source1: firefox-langpacks-%{version}%{?pre_version}-20220405.tar.xz - +Source1: firefox-langpacks-%{version}%{?pre_version}-20210929.tar.xz %endif Source2: cbindgen-vendor.tar.xz Source3: process-official-tarball @@ -173,7 +168,7 @@ Source26: distribution.ini Source27: google-api-key Source28: node-stdout-nonblocking-wrapper -Source403: nss-3.67.0-7.el8_1.src.rpm +Source403: nss-3.67.0-6.el8_1.src.rpm Source401: nss-setup-flags-env.inc Source402: nspr-4.32.0-1.el8_1.src.rpm @@ -189,7 +184,6 @@ Patch6: build-nss-version.patch Patch215: firefox-enable-addons.patch Patch219: rhbz-1173156.patch Patch224: mozilla-1170092.patch -Patch225: firefox-nss-addon-hack.patch # Upstream patches @@ -206,9 +200,6 @@ Patch513: mozilla-bmo998749.patch Patch514: mozilla-s390x-skia-gradient.patch Patch515: mozilla-bmo1626236.patch Patch518: D110204-fscreen.diff -Patch519: expat-CVE-2022-25235.patch -Patch520: expat-CVE-2022-25236.patch -Patch521: expat-CVE-2022-25315.patch # Flatpak patches @@ -434,11 +425,6 @@ echo "use_rustts %{?use_rustts}" %patch219 -p1 -b .rhbz-1173156 %patch224 -p1 -b .1170092 -# the nss changed in 8.6 and later, so addons are working in older releases -%if 0%{?rhel_minor_version} >= 6 -%patch225 -p1 -b .firefox-nss-addon-hack -%endif - # Patch for big endian platforms only %if 0%{?big_endian} %endif @@ -453,12 +439,9 @@ echo "use_rustts %{?use_rustts}" %patch511 -p1 -b .mozilla-bmo1602730 %patch512 -p1 -b .mozilla-bmo849632 %patch513 -p1 -b .mozilla-bmo998749 -#%patch514 -p1 -b .mozilla-s390x-skia-gradient +%patch514 -p1 -b .mozilla-s390x-skia-gradient %patch515 -p1 -b .mozilla-bmo1626236 %patch518 -p1 -b .D110204-fscreen.diff -%patch519 -p1 -b .expat-CVE-2022-25235 -%patch520 -p1 -b .expat-CVE-2022-25236 -%patch521 -p1 -b .expat-CVE-2022-25315 %patch1001 -p1 -b .ppc64le-inline @@ -660,7 +643,7 @@ function build_bundled_package() { echo $PKG_CONFIG_PATH rpm -ivh %{SOURCE403} - rpmbuild --nodeps --define '_prefix %{bundled_install_path}' --without=tests -ba %{_specdir}/nss.spec + rpmbuild --nodeps --define '_prefix %{bundled_install_path}' -ba %{_specdir}/nss.spec pushd %{_buildrootdir} #cleanup #rm -rf {_buildrootdir}/usr/lib/debug/* @@ -894,9 +877,9 @@ ls %{_buildrootdir} export MACH_USE_SYSTEM_PYTHON=1 %if 0%{?use_llvmts} #scl enable llvm-toolset-%{llvm_version} './mach build -v' - ./mach build -v || exit 1 + ./mach build -v %else - ./mach build -v || exit 1 + ./mach build -v %endif # Look for the reason we get: /usr/lib/rpm/debugedit: canonicalization unexpectedly shrank by one character readelf -wl objdir/dist/bin/libxul.so | grep "/" @@ -1122,11 +1105,6 @@ sed -i -e 's|%PREFIX%|%{_prefix}|' %{buildroot}%{mozappdir}/defaults/preferences echo 'pref("security.pki.use_modern_crypto_with_pkcs12", true);' >> %{buildroot}%{mozappdir}/defaults/preferences/all-redhat.js %endif -%ifarch s390x ppc64 - echo 'pref("gfx.webrender.force-disabled", true);' >> %{buildroot}%{mozappdir}/defaults/preferences/all-redhat.js -%endif - - # System config dir %{__mkdir_p} %{buildroot}/%{_sysconfdir}/%{name}/pref @@ -1264,48 +1242,7 @@ gtk-update-icon-cache %{_datadir}/icons/hicolor &>/dev/null || : #--------------------------------------------------------------------- %changelog -* Tue Apr 05 2022 Eike Rathke - 91.8.0-1 -- Update to 91.8.0 - -* Mon Mar 07 2022 Eike Rathke - 91.7.0-3 -- Update to 91.7.0 build3 - -* Wed Mar 02 2022 Jan Horak - 91.7.0-2 -- Added expat backports of CVE-2022-25235, CVE-2022-25236 and CVE-2022-25315 - -* Tue Mar 01 2022 Eike Rathke - 91.7.0-1 -- Update to 91.7.0 build2 - -* Fri Feb 25 2022 Jan Horak - 91.6.0-2 -- Install langpacks to the browser/extensions to make them available in UI: - rhbz#2030190 - -* Wed Feb 02 2022 Eike Rathke - 91.6.0-1 -- Update to 91.6.0 build1 - -* Wed Feb 02 2022 Jan Horak - 91.5.0-2 -- Use default update channel to fix non working enterprise policies: - rhbz#2044667 - -* Thu Jan 06 2022 Eike Rathke - 91.5.0-1 -- Update to 91.5.0 build1 - -* Mon Dec 13 2021 Jan Horak - 91.4.0-2 -- Added fix for failing addons signatures. - -* Wed Dec 01 2021 Eike Rathke - 91.4.0-1 -- Update to 91.4.0 build1 - -* Mon Nov 01 2021 Eike Rathke - 91.3.0-1 -- Update to 91.3.0 build1 - -* Thu Oct 21 2021 Jan Horak - 91.2.0-5 -- Fixed crashes when FIPS is enabled. - -* Mon Oct 04 2021 Jan Horak - 91.2.0-4 -- Disable webrender on the s390x due to wrong colors: rhbz#2009503 - -* Wed Sep 29 2021 Jan Horak - 91.2.0-3 +* Wed Sep 29 2021 Jan Horak - 91.2.0-1 - Update to 91.2.0 build1 * Wed Sep 15 2021 Jan Horak - 91.1.0-1 diff --git a/sources b/sources index a113e12..6c2a4c9 100644 --- a/sources +++ b/sources @@ -1,5 +1,5 @@ SHA512 (cbindgen-vendor.tar.xz) = 9cb4a590584c53386a14deb1f1faf7b67ff8f312eff4a8dccab710738183c504387d69fa660021b495ed61603f4df1db689f35234c61e2e886962e40aab20c95 -SHA512 (firefox-91.8.0esr.processed-source.tar.xz) = a72807923bd13795cc4cadaee37463fc53775392a435537c91d414fc9ca4890f27bd54bbe08b3117909fa9c8c0306211c020391736925b109cab644a4b3ee4d5 -SHA512 (firefox-langpacks-91.8.0esr-20220405.tar.xz) = 114fec654e745f5ffff75a166151170cc33eba8cfa993e58d62f443f1a84a86a86e0dcc1fee61c1439de491928e43eca198c6d3da85b3b7a69cfe53b42014456 +SHA512 (firefox-91.2.0esr.processed-source.tar.xz) = 5e6b1b550eacd12a06efc2b52ff71b313dfea411202d1c61e6b8abb0a441e444eeb7e8dcbf5e6b30638cfb92e9aec59092f0bb36c0a7a224fa631e81aa6991d4 +SHA512 (firefox-langpacks-91.2.0esr-20210929.tar.xz) = e865fee858f3ff4fd0b18e5c09e227062a21307b8cd99a5f5c1e375fd5009c93f29b797c09b9653138075aa6c3c4fae07998476335955cae8cb80fd738441758 SHA512 (nspr-4.32.0-1.el8_1.src.rpm) = c181a19bc24aeb62aed1745a6a43ae8aa2ee0d903aa16cb6ec7d385286e60f6426049cc9669459434377a215f329502ffe6fc48a1edc52d5b3283ebc259e9dca -SHA512 (nss-3.67.0-7.el8_1.src.rpm) = 15361c596fc4f2e4afc7d40d48c37886cad93849821d2bcad8213f34035a6951be127b436b6799083f2b4adb18a68870dbe273177d2d670eda9cc9680e6d6f63 +SHA512 (nss-3.67.0-6.el8_1.src.rpm) = 6697fef5517c8c1d8c881243d60e35494fb6c11537467a38ce281d49fade5780764e81f5c044fe11dd020bc6c5655b77e65105c677a7812718cbc42061b3b5da