import firefox-91.13.0-1.el8_6

This commit is contained in:
CentOS Sources 2022-09-27 06:38:47 -04:00 committed by Stepan Oksanichenko
parent dd3f0d7a06
commit 75e4090cd9
11 changed files with 229 additions and 179 deletions

View File

@ -1,5 +1,5 @@
c822547dbc12e2baebdfdfb38b665e23f0c2513a SOURCES/cbindgen-vendor.tar.xz c822547dbc12e2baebdfdfb38b665e23f0c2513a SOURCES/cbindgen-vendor.tar.xz
322e0ffb8b442f599b0f5dd695e6f83050b3dc82 SOURCES/firefox-91.4.0esr.processed-source.tar.xz 0693b8482089631c9c1c2b3c521aa701013e8a06 SOURCES/firefox-91.13.0esr.processed-source.tar.xz
74a1b8c9a5f4a96f80af2d3fe542495e3af2423a SOURCES/firefox-langpacks-91.4.0esr-20211201.tar.xz 3ad70d1bac601289f0355fed936bfd61e2fbbfd5 SOURCES/firefox-langpacks-91.13.0esr-20220817.tar.xz
b5fd1332d8e0d37339ae170c7bebcb63a40b22e0 SOURCES/nspr-4.32.0-1.el8_1.src.rpm b5fd1332d8e0d37339ae170c7bebcb63a40b22e0 SOURCES/nspr-4.32.0-1.el8_1.src.rpm
8fff814901e03c2518ede2f8992d898f5ba61ed9 SOURCES/nss-3.67.0-7.el8_1.src.rpm 8fff814901e03c2518ede2f8992d898f5ba61ed9 SOURCES/nss-3.67.0-7.el8_1.src.rpm

4
.gitignore vendored
View File

@ -1,5 +1,5 @@
SOURCES/cbindgen-vendor.tar.xz SOURCES/cbindgen-vendor.tar.xz
SOURCES/firefox-91.4.0esr.processed-source.tar.xz SOURCES/firefox-91.13.0esr.processed-source.tar.xz
SOURCES/firefox-langpacks-91.4.0esr-20211201.tar.xz SOURCES/firefox-langpacks-91.13.0esr-20220817.tar.xz
SOURCES/nspr-4.32.0-1.el8_1.src.rpm SOURCES/nspr-4.32.0-1.el8_1.src.rpm
SOURCES/nss-3.67.0-7.el8_1.src.rpm SOURCES/nss-3.67.0-7.el8_1.src.rpm

View File

@ -1,6 +1,5 @@
diff -up firefox-91.0/widget/gtk/nsWindow.cpp.D110204-fscreen.diff firefox-91.0/widget/gtk/nsWindow.cpp --- firefox-91.11.0/widget/gtk/nsWindow.cpp.D110204-fscreen.diff 2022-06-20 21:18:51.000000000 +0200
--- firefox-91.0/widget/gtk/nsWindow.cpp.D110204-fscreen.diff 2021-07-27 23:31:38.000000000 +0200 +++ firefox-91.11.0/widget/gtk/nsWindow.cpp 2022-06-21 12:21:44.892706641 +0200
+++ firefox-91.0/widget/gtk/nsWindow.cpp 2021-07-30 15:47:22.031795569 +0200
@@ -91,6 +91,7 @@ @@ -91,6 +91,7 @@
#include "SystemTimeConverter.h" #include "SystemTimeConverter.h"
#include "WidgetUtilsGtk.h" #include "WidgetUtilsGtk.h"
@ -17,7 +16,7 @@ diff -up firefox-91.0/widget/gtk/nsWindow.cpp.D110204-fscreen.diff firefox-91.0/
mAspectRatio(0.0f), mAspectRatio(0.0f),
mAspectRatioSaved(0.0f), mAspectRatioSaved(0.0f),
mLastScrollEventTime(GDK_CURRENT_TIME), mLastScrollEventTime(GDK_CURRENT_TIME),
@@ -4626,6 +4628,19 @@ void nsWindow::OnWindowStateEvent(GtkWid @@ -4618,6 +4620,19 @@ void nsWindow::OnWindowStateEvent(GtkWid
ClearTransparencyBitmap(); ClearTransparencyBitmap();
} }
} }
@ -37,7 +36,7 @@ diff -up firefox-91.0/widget/gtk/nsWindow.cpp.D110204-fscreen.diff firefox-91.0/
} }
void nsWindow::OnDPIChanged() { void nsWindow::OnDPIChanged() {
@@ -6880,6 +6895,19 @@ nsresult nsWindow::MakeFullScreen(bool a @@ -6860,6 +6875,19 @@ nsresult nsWindow::MakeFullScreen(bool a
} }
} }
@ -57,14 +56,13 @@ diff -up firefox-91.0/widget/gtk/nsWindow.cpp.D110204-fscreen.diff firefox-91.0/
gtk_window_fullscreen(GTK_WINDOW(mShell)); gtk_window_fullscreen(GTK_WINDOW(mShell));
} else { } else {
mSizeMode = mLastSizeMode; mSizeMode = mLastSizeMode;
diff -up firefox-91.0/widget/gtk/nsWindow.h.D110204-fscreen.diff firefox-91.0/widget/gtk/nsWindow.h --- firefox-91.11.0/widget/gtk/nsWindow.h.D110204-fscreen.diff 2022-06-21 12:21:44.894706636 +0200
--- firefox-91.0/widget/gtk/nsWindow.h.D110204-fscreen.diff 2021-07-27 23:31:38.000000000 +0200 +++ firefox-91.11.0/widget/gtk/nsWindow.h 2022-06-21 12:25:20.985209461 +0200
+++ firefox-91.0/widget/gtk/nsWindow.h 2021-07-29 18:35:41.000639386 +0200 @@ -767,6 +767,7 @@ class nsWindow final : public nsBaseWidg
@@ -763,6 +763,7 @@ class nsWindow final : public nsBaseWidg * move-to-rect callback we set mResizedAfterMoveToRect.
* move-to-rect callback we store it to mNewSizeAfterMoveToRect.
*/ */
bool mWaitingForMoveToRectCallback; bool mWaitingForMoveToRectCallback;
+ bool mPendingFullscreen; + bool mPendingFullscreen;
LayoutDeviceIntRect mNewSizeAfterMoveToRect; bool mResizedAfterMoveToRect;
/** /**

View File

@ -0,0 +1,49 @@
diff -up firefox-91.7.0/parser/expat/lib/xmltok.c.expat-CVE-2022-25235 firefox-91.7.0/parser/expat/lib/xmltok.c
--- firefox-91.7.0/parser/expat/lib/xmltok.c.expat-CVE-2022-25235 2022-03-02 17:57:38.364361168 +0100
+++ firefox-91.7.0/parser/expat/lib/xmltok.c 2022-03-02 17:58:22.235512399 +0100
@@ -65,13 +65,6 @@
+ ((((byte)[2]) >> 5) & 1)] \
& (1u << (((byte)[2]) & 0x1F)))
-#define UTF8_GET_NAMING(pages, p, n) \
- ((n) == 2 \
- ? UTF8_GET_NAMING2(pages, (const unsigned char *)(p)) \
- : ((n) == 3 \
- ? UTF8_GET_NAMING3(pages, (const unsigned char *)(p)) \
- : 0))
-
/* Detection of invalid UTF-8 sequences is based on Table 3.1B
of Unicode 3.2: http://www.unicode.org/unicode/reports/tr28/
with the additional restriction of not allowing the Unicode
diff -up firefox-91.7.0/parser/expat/lib/xmltok_impl.c.expat-CVE-2022-25235 firefox-91.7.0/parser/expat/lib/xmltok_impl.c
--- firefox-91.7.0/parser/expat/lib/xmltok_impl.c.expat-CVE-2022-25235 2022-03-02 17:57:38.365361172 +0100
+++ firefox-91.7.0/parser/expat/lib/xmltok_impl.c 2022-03-02 18:04:51.240853247 +0100
@@ -34,7 +34,7 @@
case BT_LEAD ## n: \
if (end - ptr < n) \
return XML_TOK_PARTIAL_CHAR; \
- if (!IS_NAME_CHAR(enc, ptr, n)) { \
+ if (IS_INVALID_CHAR(enc, ptr, n) || ! IS_NAME_CHAR(enc, ptr, n)) { \
*nextTokPtr = ptr; \
return XML_TOK_INVALID; \
} \
@@ -62,7 +62,7 @@
case BT_LEAD ## n: \
if (end - ptr < n) \
return XML_TOK_PARTIAL_CHAR; \
- if (!IS_NMSTRT_CHAR(enc, ptr, n)) { \
+ if (IS_INVALID_CHAR(enc, ptr, n) || ! IS_NMSTRT_CHAR(enc, ptr, n)) { \
*nextTokPtr = ptr; \
return XML_TOK_INVALID; \
} \
@@ -1090,6 +1090,10 @@ PREFIX(prologTok)(const ENCODING *enc, c
case BT_LEAD ## n: \
if (end - ptr < n) \
return XML_TOK_PARTIAL_CHAR; \
+ if (IS_INVALID_CHAR(enc, ptr, n)) { \
+ *nextTokPtr = ptr; \
+ return XML_TOK_INVALID; \
+ } \
if (IS_NMSTRT_CHAR(enc, ptr, n)) { \
ptr += n; \
tok = XML_TOK_NAME; \

View File

@ -0,0 +1,40 @@
diff -up firefox-91.7.0/parser/expat/lib/xmlparse.c.expat-CVE-2022-25236 firefox-91.7.0/parser/expat/lib/xmlparse.c
--- firefox-91.7.0/parser/expat/lib/xmlparse.c.expat-CVE-2022-25236 2022-03-02 18:08:40.085642028 +0100
+++ firefox-91.7.0/parser/expat/lib/xmlparse.c 2022-03-02 18:13:31.838667958 +0100
@@ -700,8 +700,7 @@ XML_ParserCreate(const XML_Char *encodin
XML_Parser XMLCALL
XML_ParserCreateNS(const XML_Char *encodingName, XML_Char nsSep)
{
- XML_Char tmp[2];
- *tmp = nsSep;
+ XML_Char tmp[2] = {nsSep, 0};
return XML_ParserCreate_MM(encodingName, NULL, tmp);
}
#endif
@@ -1276,8 +1275,7 @@ XML_ExternalEntityParserCreate(XML_Parse
would be otherwise.
*/
if (ns) {
- XML_Char tmp[2];
- *tmp = namespaceSeparator;
+ XML_Char tmp[2] = {parser->m_namespaceSeparator, 0};
parser = parserCreate(encodingName, &parser->m_mem, tmp, newDtd);
}
else {
@@ -3667,6 +3665,16 @@ addBinding(XML_Parser parser, PREFIX *pr
if (!mustBeXML && isXMLNS
&& (len > xmlnsLen || uri[len] != xmlnsNamespace[len]))
isXMLNS = XML_FALSE;
+ // NOTE: While Expat does not validate namespace URIs against RFC 3986,
+ // we have to at least make sure that the XML processor on top of
+ // Expat (that is splitting tag names by namespace separator into
+ // 2- or 3-tuples (uri-local or uri-local-prefix)) cannot be confused
+ // by an attacker putting additional namespace separator characters
+ // into namespace declarations. That would be ambiguous and not to
+ // be expected.
+ if (parser->m_ns && (uri[len] == parser->m_namespaceSeparator)) {
+ return XML_ERROR_SYNTAX;
+ }
}
isXML = isXML && len == xmlLen;
isXMLNS = isXMLNS && len == xmlnsLen;

View File

@ -0,0 +1,24 @@
diff -up firefox-91.7.0/parser/expat/lib/xmlparse.c.expat-CVE-2022-25315 firefox-91.7.0/parser/expat/lib/xmlparse.c
--- firefox-91.7.0/parser/expat/lib/xmlparse.c.expat-CVE-2022-25315 2022-03-02 18:17:50.966583254 +0100
+++ firefox-91.7.0/parser/expat/lib/xmlparse.c 2022-03-02 18:19:27.636924735 +0100
@@ -2479,6 +2479,7 @@ storeRawNames(XML_Parser parser)
while (tag) {
int bufSize;
int nameLen = sizeof(XML_Char) * (tag->name.strLen + 1);
+ size_t rawNameLen;
char *rawNameBuf = tag->buf + nameLen;
/* Stop if already stored. Since tagStack is a stack, we can stop
at the first entry that has already been copied; everything
@@ -2490,7 +2491,11 @@ storeRawNames(XML_Parser parser)
/* For re-use purposes we need to ensure that the
size of tag->buf is a multiple of sizeof(XML_Char).
*/
- bufSize = nameLen + ROUND_UP(tag->rawNameLength, sizeof(XML_Char));
+ rawNameLen = ROUND_UP(tag->rawNameLength, sizeof(XML_Char));
+ /* Detect and prevent integer overflow. */
+ if (rawNameLen > (size_t)INT_MAX - nameLen)
+ return XML_FALSE;
+ bufSize = nameLen + (int)rawNameLen;
if (bufSize > tag->bufEnd - tag->buf) {
char *temp = (char *)REALLOC(tag->buf, bufSize);
if (temp == NULL)

View File

@ -12,7 +12,6 @@ ac_add_options --enable-chrome-format=omni
ac_add_options --enable-pulseaudio ac_add_options --enable-pulseaudio
ac_add_options --without-system-icu ac_add_options --without-system-icu
ac_add_options --enable-release ac_add_options --enable-release
ac_add_options --update-channel=release
ac_add_options --allow-addon-sideload ac_add_options --allow-addon-sideload
ac_add_options --with-system-jpeg ac_add_options --with-system-jpeg
ac_add_options --enable-js-shell ac_add_options --enable-js-shell

View File

@ -0,0 +1,19 @@
diff -up firefox-84.0.2/security/certverifier/NSSCertDBTrustDomain.cpp.nss-hack firefox-84.0.2/security/certverifier/NSSCertDBTrustDomain.cpp
--- firefox-84.0.2/security/certverifier/NSSCertDBTrustDomain.cpp.nss-hack 2021-01-11 12:12:02.585514543 +0100
+++ firefox-84.0.2/security/certverifier/NSSCertDBTrustDomain.cpp 2021-01-11 12:47:50.345984582 +0100
@@ -1619,6 +1619,15 @@ SECStatus InitializeNSS(const nsACString
return srv;
}
+ /* Sets the NSS_USE_ALG_IN_ANY_SIGNATURE bit.
+ * does not change NSS_USE_ALG_IN_CERT_SIGNATURE,
+ * so policy will still disable use of sha1 in
+ * certificate related signature processing. */
+ srv = NSS_SetAlgorithmPolicy(SEC_OID_SHA1, NSS_USE_ALG_IN_ANY_SIGNATURE, 0);
+ if (srv != SECSuccess) {
+ NS_WARNING("Unable to use SHA1 for Add-ons, expect broken/disabled Add-ons. See https://bugzilla.redhat.com/show_bug.cgi?id=1908018 for details.");
+ }
+
if (nssDbConfig == NSSDBConfig::ReadWrite) {
UniquePK11SlotInfo slot(PK11_GetInternalKeySlot());
if (!slot) {

View File

@ -61,8 +61,6 @@ if [ ! -r $MOZ_LIB_DIR/firefox/$MOZ_FIREFOX_FILE ]; then
MOZ_LIB_DIR="$SECONDARY_LIB_DIR" MOZ_LIB_DIR="$SECONDARY_LIB_DIR"
fi fi
MOZ_DIST_BIN="$MOZ_LIB_DIR/firefox" MOZ_DIST_BIN="$MOZ_LIB_DIR/firefox"
MOZ_LANGPACKS_DIR="$MOZ_DIST_BIN/langpacks"
MOZ_EXTENSIONS_PROFILE_DIR="$HOME/.mozilla/extensions/{ec8030f7-c20a-464f-9b0e-13a3a9e97384}"
MOZ_PROGRAM="$MOZ_DIST_BIN/$MOZ_FIREFOX_FILE" MOZ_PROGRAM="$MOZ_DIST_BIN/$MOZ_FIREFOX_FILE"
MOZ_LAUNCHER="$MOZ_DIST_BIN/run-mozilla.sh" MOZ_LAUNCHER="$MOZ_DIST_BIN/run-mozilla.sh"
@ -100,12 +98,6 @@ export MOZ_PLUGIN_PATH
## ##
export MOZ_APP_LAUNCHER="%PREFIX%/bin/firefox" export MOZ_APP_LAUNCHER="%PREFIX%/bin/firefox"
##
## Set FONTCONFIG_PATH for Xft/fontconfig
##
FONTCONFIG_PATH="/etc/fonts:${MOZILLA_FIVE_HOME}/res/Xft"
export FONTCONFIG_PATH
## ##
## In order to better support certain scripts (such as Indic and some CJK ## In order to better support certain scripts (such as Indic and some CJK
## scripts), Fedora builds its Firefox, with permission from the Mozilla ## scripts), Fedora builds its Firefox, with permission from the Mozilla
@ -135,76 +127,6 @@ export G_SLICE=always-malloc
## ##
export MOZ_USE_XINPUT2=1 export MOZ_USE_XINPUT2=1
# OK, here's where all the real work gets done
##
## To disable the use of Firefox localization, set MOZ_DISABLE_LANGPACKS=1
## in your environment before launching Firefox.
##
#
# MOZ_DISABLE_LANGPACKS=1
# export MOZ_DISABLE_LANGPACKS
#
##
## Automatically installed langpacks are tracked by .fedora-langpack-install
## config file.
##
FEDORA_LANGPACK_CONFIG="$MOZ_EXTENSIONS_PROFILE_DIR/.fedora-langpack-install"
MOZILLA_DOWN=0
if ! [ $MOZ_DISABLE_LANGPACKS ] || [ $MOZ_DISABLE_LANGPACKS -eq 0 ]; then
if [ -x $MOZ_DIST_BIN/$MOZ_FIREFOX_FILE ]; then
# Is firefox running?
pidof firefox > /dev/null 2>&1
MOZILLA_DOWN=$?
fi
fi
# Modify language pack configuration only when firefox is not running
# and language packs are not disabled
if [ $MOZILLA_DOWN -ne 0 ]; then
# Clear already installed langpacks
mkdir -p $MOZ_EXTENSIONS_PROFILE_DIR
if [ -f $FEDORA_LANGPACK_CONFIG ]; then
rm `cat $FEDORA_LANGPACK_CONFIG` > /dev/null 2>&1
rm $FEDORA_LANGPACK_CONFIG > /dev/null 2>&1
# remove all empty langpacks dirs while they block installation of langpacks
rmdir $MOZ_EXTENSIONS_PROFILE_DIR/langpack* > /dev/null 2>&1
fi
# Get locale from system
CURRENT_LOCALE=$LC_ALL
CURRENT_LOCALE=${CURRENT_LOCALE:-$LC_MESSAGES}
CURRENT_LOCALE=${CURRENT_LOCALE:-$LANG}
# Try with a local variant first, then without a local variant
SHORTMOZLOCALE=`echo $CURRENT_LOCALE | sed "s|_\([^.]*\).*||g"`
MOZLOCALE=`echo $CURRENT_LOCALE | sed "s|_\([^.]*\).*|-\1|g"`
function create_langpack_link() {
local language=$*
local langpack=langpack-${language}@firefox.mozilla.org.xpi
if [ -f $MOZ_LANGPACKS_DIR/$langpack ]; then
rm -rf $MOZ_EXTENSIONS_PROFILE_DIR/$langpack
# If the target file is a symlink (the fallback langpack),
# install the original file instead of the fallback one
if [ -h $MOZ_LANGPACKS_DIR/$langpack ]; then
langpack=`readlink $MOZ_LANGPACKS_DIR/$langpack`
fi
ln -s $MOZ_LANGPACKS_DIR/$langpack \
$MOZ_EXTENSIONS_PROFILE_DIR/$langpack
echo $MOZ_EXTENSIONS_PROFILE_DIR/$langpack > $FEDORA_LANGPACK_CONFIG
return 0
fi
return 1
}
create_langpack_link $MOZLOCALE || create_langpack_link $SHORTMOZLOCALE || true
fi
# BEAST fix (rhbz#1005611) # BEAST fix (rhbz#1005611)
NSS_SSL_CBC_RANDOM_IV=${NSS_SSL_CBC_RANDOM_IV-1} NSS_SSL_CBC_RANDOM_IV=${NSS_SSL_CBC_RANDOM_IV-1}
export NSS_SSL_CBC_RANDOM_IV export NSS_SSL_CBC_RANDOM_IV
@ -244,28 +166,5 @@ done
# Don't throw "old profile" dialog box. # Don't throw "old profile" dialog box.
export MOZ_ALLOW_DOWNGRADE=1 export MOZ_ALLOW_DOWNGRADE=1
# Make sure at-spi-bus is running
if ! dbus-send --session \
--dest=org.freedesktop.DBus \
--type=method_call \
--print-reply \
/org/freedesktop/DBus \
org.freedesktop.DBus.ListNames \
| grep org.a11y.Bus > /dev/null; then
if [ -f "$MOZ_LIB_DIR/firefox/bundled/libexec/at-spi-bus-launcher" ]; then
echo "Starting a11y dbus service..."
$MOZ_LIB_DIR/firefox/bundled/libexec/at-spi-bus-launcher &
else
echo "Running without a11y support!"
fi
fi
# Run the browser # Run the browser
debugging=0
if [ $debugging = 1 ]
then
echo $MOZ_LAUNCHER $script_args $MOZ_PROGRAM "$@"
fi
exec $MOZ_LAUNCHER $script_args $MOZ_PROGRAM "$@" exec $MOZ_LAUNCHER $script_args $MOZ_PROGRAM "$@"

View File

@ -1,52 +0,0 @@
# HG changeset patch
# Parent acf59ea86dd1d878b43920832093f082dcfc61c0
diff -r acf59ea86dd1 gfx/skia/skia/src/shaders/gradients/Sk4fLinearGradient.cpp
--- a/gfx/skia/skia/src/shaders/gradients/Sk4fLinearGradient.cpp Mon Mar 09 08:26:10 2020 +0100
+++ b/gfx/skia/skia/src/shaders/gradients/Sk4fLinearGradient.cpp Fri Mar 27 13:30:28 2020 +0100
@@ -7,7 +7,7 @@
#include "include/core/SkPaint.h"
#include "src/shaders/gradients/Sk4fLinearGradient.h"
-
+#include "src/core/SkEndian.h"
#include <cmath>
#include <utility>
@@ -28,6 +28,9 @@
while (n >= 4) {
DstTraits<premul>::store4x(c0, c1, c2, c3, dst, bias0, bias1);
+#ifdef SK_CPU_BENDIAN
+ SkEndianSwap32s(dst, 4);
+#endif
dst += 4;
c0 = c0 + dc4;
@@ -37,12 +40,23 @@
n -= 4;
}
if (n & 2) {
- DstTraits<premul>::store(c0, dst++, bias0);
- DstTraits<premul>::store(c1, dst++, bias1);
+ DstTraits<premul>::store(c0, dst, bias0);
+#ifdef SK_CPU_BENDIAN
+ *dst = SkEndianSwap32(*dst);
+#endif
+ ++dst;
+ DstTraits<premul>::store(c1, dst, bias1);
+#ifdef SK_CPU_BENDIAN
+ *dst = SkEndianSwap32(*dst);
+#endif
+ ++dst;
c0 = c0 + dc2;
}
if (n & 1) {
DstTraits<premul>::store(c0, dst, bias0);
+#ifdef SK_CPU_BENDIAN
+ *dst = SkEndianSwap32(*dst);
+#endif
}
}

View File

@ -18,7 +18,7 @@ function dist_to_rhel_minor(str, start)
end end
match = string.match(str, ".el8") match = string.match(str, ".el8")
if match then if match then
return 6 return 7
end end
return -1 return -1
end} end}
@ -119,16 +119,23 @@ end}
%global mozappdir %{_libdir}/%{name} %global mozappdir %{_libdir}/%{name}
%global mozappdirdev %{_libdir}/%{name}-devel-%{version} %global mozappdirdev %{_libdir}/%{name}-devel-%{version}
%global langpackdir %{mozappdir}/langpacks %global langpackdir %{mozappdir}/browser/extensions
%global tarballdir %{name}-%{version} %global tarballdir %{name}-%{version}
%global pre_version esr %global pre_version esr
%global official_branding 1 %global official_branding 1
%global build_langpacks 1 %global build_langpacks 1
# Workaround the dreaded "upstream source file changed content" rpmdiff failure that only secalert can waive.
# If set to .b2 or .b3 ... the processed source file needs to be renamed before upload, e.g.
# firefox-91.9.0esr.b2.processed-source.tar.xz
# With does_not_exist it's empty and source file name as is.
#global buildnum %{?does_not_exist}
%global buildnum %{?does_not_exist}
Summary: Mozilla Firefox Web browser Summary: Mozilla Firefox Web browser
Name: firefox Name: firefox
Version: 91.4.0 Version: 91.13.0
Release: 1%{?dist} Release: 1%{?dist}
URL: https://www.mozilla.org/firefox/ URL: https://www.mozilla.org/firefox/
License: MPLv1.1 or GPLv2+ or LGPLv2+ License: MPLv1.1 or GPLv2+ or LGPLv2+
@ -136,10 +143,14 @@ License: MPLv1.1 or GPLv2+ or LGPLv2+
ExcludeArch: %{ix86} ExcludeArch: %{ix86}
%endif %endif
%if 0%{?rhel} == 8 %if 0%{?rhel} == 8
%if %{rhel_minor_version} == 1
ExcludeArch: %{ix86} aarch64 s390x
%else
ExcludeArch: %{ix86} ExcludeArch: %{ix86}
%endif
%endif %endif
%if 0%{?rhel} == 7 %if 0%{?rhel} == 7
ExcludeArch: s390 ppc ExcludeArch: aarch64 s390 ppc
%endif %endif
# We can't use the official tarball as it contains some test files that use # We can't use the official tarball as it contains some test files that use
@ -147,9 +158,10 @@ ExcludeArch: s390 ppc
# The official tarball has to be always processed by the process-official-tarball # The official tarball has to be always processed by the process-official-tarball
# script. # script.
# Link to official tarball: https://hg.mozilla.org/releases/mozilla-release/archive/firefox-%%{version}%%{?pre_version}.source.tar.xz # Link to official tarball: https://hg.mozilla.org/releases/mozilla-release/archive/firefox-%%{version}%%{?pre_version}.source.tar.xz
Source0: firefox-%{version}%{?pre_version}.processed-source.tar.xz Source0: firefox-%{version}%{?pre_version}%{?buildnum}.processed-source.tar.xz
%if %{build_langpacks} %if %{build_langpacks}
Source1: firefox-langpacks-%{version}%{?pre_version}-20211201.tar.xz Source1: firefox-langpacks-%{version}%{?pre_version}-20220817.tar.xz
%endif %endif
Source2: cbindgen-vendor.tar.xz Source2: cbindgen-vendor.tar.xz
Source3: process-official-tarball Source3: process-official-tarball
@ -184,6 +196,7 @@ Patch6: build-nss-version.patch
Patch215: firefox-enable-addons.patch Patch215: firefox-enable-addons.patch
Patch219: rhbz-1173156.patch Patch219: rhbz-1173156.patch
Patch224: mozilla-1170092.patch Patch224: mozilla-1170092.patch
Patch225: firefox-nss-addon-hack.patch
# Upstream patches # Upstream patches
@ -197,9 +210,12 @@ Patch510: mozilla-bmo1554971.patch
Patch511: mozilla-bmo1602730.patch Patch511: mozilla-bmo1602730.patch
Patch512: mozilla-bmo849632.patch Patch512: mozilla-bmo849632.patch
Patch513: mozilla-bmo998749.patch Patch513: mozilla-bmo998749.patch
Patch514: mozilla-s390x-skia-gradient.patch #Patch514: mozilla-s390x-skia-gradient.patch
Patch515: mozilla-bmo1626236.patch Patch515: mozilla-bmo1626236.patch
Patch518: D110204-fscreen.diff Patch518: D110204-fscreen.diff
Patch519: expat-CVE-2022-25235.patch
Patch520: expat-CVE-2022-25236.patch
Patch521: expat-CVE-2022-25315.patch
# Flatpak patches # Flatpak patches
@ -425,6 +441,11 @@ echo "use_rustts %{?use_rustts}"
%patch219 -p1 -b .rhbz-1173156 %patch219 -p1 -b .rhbz-1173156
%patch224 -p1 -b .1170092 %patch224 -p1 -b .1170092
# Enable workaround for RHEL >= 8: rhbz#2043303
%if 0%{?rhel} == 8 || 0%{?rhel} >= 9
%patch225 -p1 -b .firefox-nss-addon-hack
%endif
# Patch for big endian platforms only # Patch for big endian platforms only
%if 0%{?big_endian} %if 0%{?big_endian}
%endif %endif
@ -442,6 +463,9 @@ echo "use_rustts %{?use_rustts}"
#%patch514 -p1 -b .mozilla-s390x-skia-gradient #%patch514 -p1 -b .mozilla-s390x-skia-gradient
%patch515 -p1 -b .mozilla-bmo1626236 %patch515 -p1 -b .mozilla-bmo1626236
%patch518 -p1 -b .D110204-fscreen.diff %patch518 -p1 -b .D110204-fscreen.diff
%patch519 -p1 -b .expat-CVE-2022-25235
%patch520 -p1 -b .expat-CVE-2022-25236
%patch521 -p1 -b .expat-CVE-2022-25315
%patch1001 -p1 -b .ppc64le-inline %patch1001 -p1 -b .ppc64le-inline
@ -643,7 +667,7 @@ function build_bundled_package() {
echo $PKG_CONFIG_PATH echo $PKG_CONFIG_PATH
rpm -ivh %{SOURCE403} rpm -ivh %{SOURCE403}
rpmbuild --nodeps --define '_prefix %{bundled_install_path}' -ba %{_specdir}/nss.spec rpmbuild --nodeps --define '_prefix %{bundled_install_path}' --without=tests -ba %{_specdir}/nss.spec
pushd %{_buildrootdir} pushd %{_buildrootdir}
#cleanup #cleanup
#rm -rf {_buildrootdir}/usr/lib/debug/* #rm -rf {_buildrootdir}/usr/lib/debug/*
@ -877,9 +901,9 @@ ls %{_buildrootdir}
export MACH_USE_SYSTEM_PYTHON=1 export MACH_USE_SYSTEM_PYTHON=1
%if 0%{?use_llvmts} %if 0%{?use_llvmts}
#scl enable llvm-toolset-%{llvm_version} './mach build -v' #scl enable llvm-toolset-%{llvm_version} './mach build -v'
./mach build -v ./mach build -v || exit 1
%else %else
./mach build -v ./mach build -v || exit 1
%endif %endif
# Look for the reason we get: /usr/lib/rpm/debugedit: canonicalization unexpectedly shrank by one character # Look for the reason we get: /usr/lib/rpm/debugedit: canonicalization unexpectedly shrank by one character
readelf -wl objdir/dist/bin/libxul.so | grep "/" readelf -wl objdir/dist/bin/libxul.so | grep "/"
@ -1247,6 +1271,56 @@ gtk-update-icon-cache %{_datadir}/icons/hicolor &>/dev/null || :
#--------------------------------------------------------------------- #---------------------------------------------------------------------
%changelog %changelog
* Wed Aug 17 2022 Eike Rathke <erack@redhat.com> - 91.13.0-1
- Update to 91.13.0 build1
* Thu Jul 21 2022 Eike Rathke <erack@redhat.com> - 91.12.0-1
- Update to 91.12.0 build1
* Thu Jun 23 2022 Eike Rathke <erack@redhat.com> - 91.11.0-2
- Update to 91.11.0 build2
* Tue Jun 21 2022 Eike Rathke <erack@redhat.com> - 91.11.0-1
- Update to 91.11.0 build1
* Tue May 24 2022 Eike Rathke <erack@redhat.com> - 91.10.0-1
- Update to 91.10.0 build1
* Fri May 20 2022 Jan Horak <jhorak@redhat.com> - 91.9.1-1
- Update to 91.9.1 build1
* Tue Apr 26 2022 Eike Rathke <erack@redhat.com> - 91.9.0-1
- Update to 91.9.0
* Tue Apr 05 2022 Eike Rathke <erack@redhat.com> - 91.8.0-1
- Update to 91.8.0
* Mon Mar 07 2022 Eike Rathke <erack@redhat.com> - 91.7.0-3
- Update to 91.7.0 build3
* Wed Mar 02 2022 Jan Horak <jhorak@redhat.com> - 91.7.0-2
- Added expat backports of CVE-2022-25235, CVE-2022-25236 and CVE-2022-25315
* Tue Mar 01 2022 Eike Rathke <erack@redhat.com> - 91.7.0-1
- Update to 91.7.0 build2
* Fri Feb 25 2022 Jan Horak <jhorak@redhat.com> - 91.6.0-2
- Install langpacks to the browser/extensions to make them available in UI:
rhbz#2030190
* Wed Feb 02 2022 Eike Rathke <erack@redhat.com> - 91.6.0-1
- Update to 91.6.0 build1
* Wed Feb 02 2022 Jan Horak <jhorak@redhat.com> - 91.5.0-2
- Use default update channel to fix non working enterprise policies:
rhbz#2044667
* Thu Jan 06 2022 Eike Rathke <erack@redhat.com> - 91.5.0-1
- Update to 91.5.0 build1
* Mon Dec 13 2021 Jan Horak <jhorak@redhat.com> - 91.4.0-2
- Added fix for failing addons signatures.
* Wed Dec 01 2021 Eike Rathke <erack@redhat.com> - 91.4.0-1 * Wed Dec 01 2021 Eike Rathke <erack@redhat.com> - 91.4.0-1
- Update to 91.4.0 build1 - Update to 91.4.0 build1