rpms/firefox
7
0
Fork 0
Code Issues Pull Requests Releases Activity

import firefox-91.13.0-1.el8_6

Browse Source
This commit is contained in:
CentOS Sources 2022-09-27 06:38:47 -04:00 committed by Stepan Oksanichenko
parent dd3f0d7a06
commit 75e4090cd9
11 changed files with 229 additions and 179 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
.firefox.metadata
View File

@ -1,5 +1,5 @@
c822547dbc12e2baebdfdfb38b665e23f0c2513a SOURCES/cbindgen-vendor.tar.xz
322e0ffb8b442f599b0f5dd695e6f83050b3dc82 SOURCES/firefox-91.4.0esr.processed-source.tar.xz
74a1b8c9a5f4a96f80af2d3fe542495e3af2423a SOURCES/firefox-langpacks-91.4.0esr-20211201.tar.xz
0693b8482089631c9c1c2b3c521aa701013e8a06 SOURCES/firefox-91.13.0esr.processed-source.tar.xz
3ad70d1bac601289f0355fed936bfd61e2fbbfd5 SOURCES/firefox-langpacks-91.13.0esr-20220817.tar.xz
b5fd1332d8e0d37339ae170c7bebcb63a40b22e0 SOURCES/nspr-4.32.0-1.el8_1.src.rpm
8fff814901e03c2518ede2f8992d898f5ba61ed9 SOURCES/nss-3.67.0-7.el8_1.src.rpm

4
.gitignore vendored
View File

@ -1,5 +1,5 @@
SOURCES/cbindgen-vendor.tar.xz
SOURCES/firefox-91.4.0esr.processed-source.tar.xz
SOURCES/firefox-langpacks-91.4.0esr-20211201.tar.xz
SOURCES/firefox-91.13.0esr.processed-source.tar.xz
SOURCES/firefox-langpacks-91.13.0esr-20220817.tar.xz
SOURCES/nspr-4.32.0-1.el8_1.src.rpm
SOURCES/nss-3.67.0-7.el8_1.src.rpm

20
SOURCES/D110204-fscreen.diff
View File

@ -1,6 +1,5 @@
diff -up firefox-91.0/widget/gtk/nsWindow.cpp.D110204-fscreen.diff firefox-91.0/widget/gtk/nsWindow.cpp
--- firefox-91.0/widget/gtk/nsWindow.cpp.D110204-fscreen.diff 2021-07-27 23:31:38.000000000 +0200
+++ firefox-91.0/widget/gtk/nsWindow.cpp 2021-07-30 15:47:22.031795569 +0200
--- firefox-91.11.0/widget/gtk/nsWindow.cpp.D110204-fscreen.diff 2022-06-20 21:18:51.000000000 +0200
+++ firefox-91.11.0/widget/gtk/nsWindow.cpp 2022-06-21 12:21:44.892706641 +0200
@@ -91,6 +91,7 @@
#include "SystemTimeConverter.h"
#include "WidgetUtilsGtk.h"
@ -17,7 +16,7 @@ diff -up firefox-91.0/widget/gtk/nsWindow.cpp.D110204-fscreen.diff firefox-91.0/
mAspectRatio(0.0f),
mAspectRatioSaved(0.0f),
mLastScrollEventTime(GDK_CURRENT_TIME),
@@ -4626,6 +4628,19 @@ void nsWindow::OnWindowStateEvent(GtkWid
@@ -4618,6 +4620,19 @@ void nsWindow::OnWindowStateEvent(GtkWid
ClearTransparencyBitmap();
}
}
@ -37,7 +36,7 @@ diff -up firefox-91.0/widget/gtk/nsWindow.cpp.D110204-fscreen.diff firefox-91.0/
}
void nsWindow::OnDPIChanged() {
@@ -6880,6 +6895,19 @@ nsresult nsWindow::MakeFullScreen(bool a
@@ -6860,6 +6875,19 @@ nsresult nsWindow::MakeFullScreen(bool a
}
}
@ -57,14 +56,13 @@ diff -up firefox-91.0/widget/gtk/nsWindow.cpp.D110204-fscreen.diff firefox-91.0/
gtk_window_fullscreen(GTK_WINDOW(mShell));
} else {
mSizeMode = mLastSizeMode;
diff -up firefox-91.0/widget/gtk/nsWindow.h.D110204-fscreen.diff firefox-91.0/widget/gtk/nsWindow.h
--- firefox-91.0/widget/gtk/nsWindow.h.D110204-fscreen.diff 2021-07-27 23:31:38.000000000 +0200
+++ firefox-91.0/widget/gtk/nsWindow.h 2021-07-29 18:35:41.000639386 +0200
@@ -763,6 +763,7 @@ class nsWindow final : public nsBaseWidg
* move-to-rect callback we store it to mNewSizeAfterMoveToRect.
--- firefox-91.11.0/widget/gtk/nsWindow.h.D110204-fscreen.diff 2022-06-21 12:21:44.894706636 +0200
+++ firefox-91.11.0/widget/gtk/nsWindow.h 2022-06-21 12:25:20.985209461 +0200
@@ -767,6 +767,7 @@ class nsWindow final : public nsBaseWidg
* move-to-rect callback we set mResizedAfterMoveToRect.
*/
bool mWaitingForMoveToRectCallback;
+ bool mPendingFullscreen;
LayoutDeviceIntRect mNewSizeAfterMoveToRect;
bool mResizedAfterMoveToRect;
/**

49
SOURCES/expat-CVE-2022-25235.patch Normal file
View File

@ -0,0 +1,49 @@
diff -up firefox-91.7.0/parser/expat/lib/xmltok.c.expat-CVE-2022-25235 firefox-91.7.0/parser/expat/lib/xmltok.c
--- firefox-91.7.0/parser/expat/lib/xmltok.c.expat-CVE-2022-25235 2022-03-02 17:57:38.364361168 +0100
+++ firefox-91.7.0/parser/expat/lib/xmltok.c 2022-03-02 17:58:22.235512399 +0100
@@ -65,13 +65,6 @@
+ ((((byte)[2]) >> 5) & 1)] \
& (1u << (((byte)[2]) & 0x1F)))
-#define UTF8_GET_NAMING(pages, p, n) \
- ((n) == 2 \
- ? UTF8_GET_NAMING2(pages, (const unsigned char *)(p)) \
- : ((n) == 3 \
- ? UTF8_GET_NAMING3(pages, (const unsigned char *)(p)) \
- : 0))
-
/* Detection of invalid UTF-8 sequences is based on Table 3.1B
of Unicode 3.2: http://www.unicode.org/unicode/reports/tr28/
with the additional restriction of not allowing the Unicode
diff -up firefox-91.7.0/parser/expat/lib/xmltok_impl.c.expat-CVE-2022-25235 firefox-91.7.0/parser/expat/lib/xmltok_impl.c
--- firefox-91.7.0/parser/expat/lib/xmltok_impl.c.expat-CVE-2022-25235 2022-03-02 17:57:38.365361172 +0100
+++ firefox-91.7.0/parser/expat/lib/xmltok_impl.c 2022-03-02 18:04:51.240853247 +0100
@@ -34,7 +34,7 @@
case BT_LEAD ## n: \
if (end - ptr < n) \
return XML_TOK_PARTIAL_CHAR; \
- if (!IS_NAME_CHAR(enc, ptr, n)) { \
+ if (IS_INVALID_CHAR(enc, ptr, n) || ! IS_NAME_CHAR(enc, ptr, n)) { \
*nextTokPtr = ptr; \
return XML_TOK_INVALID; \
} \
@@ -62,7 +62,7 @@
case BT_LEAD ## n: \
if (end - ptr < n) \
return XML_TOK_PARTIAL_CHAR; \
- if (!IS_NMSTRT_CHAR(enc, ptr, n)) { \
+ if (IS_INVALID_CHAR(enc, ptr, n) || ! IS_NMSTRT_CHAR(enc, ptr, n)) { \
*nextTokPtr = ptr; \
return XML_TOK_INVALID; \
} \
@@ -1090,6 +1090,10 @@ PREFIX(prologTok)(const ENCODING *enc, c
case BT_LEAD ## n: \
if (end - ptr < n) \
return XML_TOK_PARTIAL_CHAR; \
+ if (IS_INVALID_CHAR(enc, ptr, n)) { \
+ *nextTokPtr = ptr; \
+ return XML_TOK_INVALID; \
+ } \
if (IS_NMSTRT_CHAR(enc, ptr, n)) { \
ptr += n; \
tok = XML_TOK_NAME; \

40
SOURCES/expat-CVE-2022-25236.patch Normal file
View File

@ -0,0 +1,40 @@
diff -up firefox-91.7.0/parser/expat/lib/xmlparse.c.expat-CVE-2022-25236 firefox-91.7.0/parser/expat/lib/xmlparse.c
--- firefox-91.7.0/parser/expat/lib/xmlparse.c.expat-CVE-2022-25236 2022-03-02 18:08:40.085642028 +0100
+++ firefox-91.7.0/parser/expat/lib/xmlparse.c 2022-03-02 18:13:31.838667958 +0100
@@ -700,8 +700,7 @@ XML_ParserCreate(const XML_Char *encodin
XML_Parser XMLCALL
XML_ParserCreateNS(const XML_Char *encodingName, XML_Char nsSep)
{
- XML_Char tmp[2];
- *tmp = nsSep;
+ XML_Char tmp[2] = {nsSep, 0};
return XML_ParserCreate_MM(encodingName, NULL, tmp);
}
#endif
@@ -1276,8 +1275,7 @@ XML_ExternalEntityParserCreate(XML_Parse
would be otherwise.
*/
if (ns) {
- XML_Char tmp[2];
- *tmp = namespaceSeparator;
+ XML_Char tmp[2] = {parser->m_namespaceSeparator, 0};
parser = parserCreate(encodingName, &parser->m_mem, tmp, newDtd);
}
else {
@@ -3667,6 +3665,16 @@ addBinding(XML_Parser parser, PREFIX *pr
if (!mustBeXML && isXMLNS
&& (len > xmlnsLen || uri[len] != xmlnsNamespace[len]))
isXMLNS = XML_FALSE;
+ // NOTE: While Expat does not validate namespace URIs against RFC 3986,
+ // we have to at least make sure that the XML processor on top of
+ // Expat (that is splitting tag names by namespace separator into
+ // 2- or 3-tuples (uri-local or uri-local-prefix)) cannot be confused
+ // by an attacker putting additional namespace separator characters
+ // into namespace declarations. That would be ambiguous and not to
+ // be expected.
+ if (parser->m_ns && (uri[len] == parser->m_namespaceSeparator)) {
+ return XML_ERROR_SYNTAX;
+ }
}
isXML = isXML && len == xmlLen;
isXMLNS = isXMLNS && len == xmlnsLen;

24
SOURCES/expat-CVE-2022-25315.patch Normal file
View File

@ -0,0 +1,24 @@
diff -up firefox-91.7.0/parser/expat/lib/xmlparse.c.expat-CVE-2022-25315 firefox-91.7.0/parser/expat/lib/xmlparse.c
--- firefox-91.7.0/parser/expat/lib/xmlparse.c.expat-CVE-2022-25315 2022-03-02 18:17:50.966583254 +0100
+++ firefox-91.7.0/parser/expat/lib/xmlparse.c 2022-03-02 18:19:27.636924735 +0100
@@ -2479,6 +2479,7 @@ storeRawNames(XML_Parser parser)
while (tag) {
int bufSize;
int nameLen = sizeof(XML_Char) * (tag->name.strLen + 1);
+ size_t rawNameLen;
char *rawNameBuf = tag->buf + nameLen;
/* Stop if already stored. Since tagStack is a stack, we can stop
at the first entry that has already been copied; everything
@@ -2490,7 +2491,11 @@ storeRawNames(XML_Parser parser)
/* For re-use purposes we need to ensure that the
size of tag->buf is a multiple of sizeof(XML_Char).
*/
- bufSize = nameLen + ROUND_UP(tag->rawNameLength, sizeof(XML_Char));
+ rawNameLen = ROUND_UP(tag->rawNameLength, sizeof(XML_Char));
+ /* Detect and prevent integer overflow. */
+ if (rawNameLen > (size_t)INT_MAX - nameLen)
+ return XML_FALSE;
+ bufSize = nameLen + (int)rawNameLen;
if (bufSize > tag->bufEnd - tag->buf) {
char *temp = (char *)REALLOC(tag->buf, bufSize);
if (temp == NULL)

1
SOURCES/firefox-mozconfig
View File

@ -12,7 +12,6 @@ ac_add_options --enable-chrome-format=omni
ac_add_options --enable-pulseaudio
ac_add_options --without-system-icu
ac_add_options --enable-release
ac_add_options --update-channel=release
ac_add_options --allow-addon-sideload
ac_add_options --with-system-jpeg
ac_add_options --enable-js-shell

19
SOURCES/firefox-nss-addon-hack.patch Normal file
View File

@ -0,0 +1,19 @@
diff -up firefox-84.0.2/security/certverifier/NSSCertDBTrustDomain.cpp.nss-hack firefox-84.0.2/security/certverifier/NSSCertDBTrustDomain.cpp
--- firefox-84.0.2/security/certverifier/NSSCertDBTrustDomain.cpp.nss-hack 2021-01-11 12:12:02.585514543 +0100
+++ firefox-84.0.2/security/certverifier/NSSCertDBTrustDomain.cpp 2021-01-11 12:47:50.345984582 +0100
@@ -1619,6 +1619,15 @@ SECStatus InitializeNSS(const nsACString
return srv;
}
+ /* Sets the NSS_USE_ALG_IN_ANY_SIGNATURE bit.
+ * does not change NSS_USE_ALG_IN_CERT_SIGNATURE,
+ * so policy will still disable use of sha1 in
+ * certificate related signature processing. */
+ srv = NSS_SetAlgorithmPolicy(SEC_OID_SHA1, NSS_USE_ALG_IN_ANY_SIGNATURE, 0);
+ if (srv != SECSuccess) {
+ NS_WARNING("Unable to use SHA1 for Add-ons, expect broken/disabled Add-ons. See https://bugzilla.redhat.com/show_bug.cgi?id=1908018 for details.");
+ }
+
if (nssDbConfig == NSSDBConfig::ReadWrite) {
UniquePK11SlotInfo slot(PK11_GetInternalKeySlot());
if (!slot) {

101
SOURCES/firefox.sh.in
View File

@ -61,8 +61,6 @@ if [ ! -r $MOZ_LIB_DIR/firefox/$MOZ_FIREFOX_FILE ]; then
MOZ_LIB_DIR="$SECONDARY_LIB_DIR"
fi
MOZ_DIST_BIN="$MOZ_LIB_DIR/firefox"
MOZ_LANGPACKS_DIR="$MOZ_DIST_BIN/langpacks"
MOZ_EXTENSIONS_PROFILE_DIR="$HOME/.mozilla/extensions/{ec8030f7-c20a-464f-9b0e-13a3a9e97384}"
MOZ_PROGRAM="$MOZ_DIST_BIN/$MOZ_FIREFOX_FILE"
MOZ_LAUNCHER="$MOZ_DIST_BIN/run-mozilla.sh"
@ -100,12 +98,6 @@ export MOZ_PLUGIN_PATH
##
export MOZ_APP_LAUNCHER="%PREFIX%/bin/firefox"
##
## Set FONTCONFIG_PATH for Xft/fontconfig
##
FONTCONFIG_PATH="/etc/fonts:${MOZILLA_FIVE_HOME}/res/Xft"
export FONTCONFIG_PATH
##
## In order to better support certain scripts (such as Indic and some CJK
## scripts), Fedora builds its Firefox, with permission from the Mozilla
@ -135,76 +127,6 @@ export G_SLICE=always-malloc
##
export MOZ_USE_XINPUT2=1
# OK, here's where all the real work gets done
##
## To disable the use of Firefox localization, set MOZ_DISABLE_LANGPACKS=1
## in your environment before launching Firefox.
##
#
# MOZ_DISABLE_LANGPACKS=1
# export MOZ_DISABLE_LANGPACKS
#
##
## Automatically installed langpacks are tracked by .fedora-langpack-install
## config file.
##
FEDORA_LANGPACK_CONFIG="$MOZ_EXTENSIONS_PROFILE_DIR/.fedora-langpack-install"
MOZILLA_DOWN=0
if ! [ $MOZ_DISABLE_LANGPACKS ] || [ $MOZ_DISABLE_LANGPACKS -eq 0 ]; then
if [ -x $MOZ_DIST_BIN/$MOZ_FIREFOX_FILE ]; then
# Is firefox running?
pidof firefox > /dev/null 2>&1
MOZILLA_DOWN=$?
fi
fi
# Modify language pack configuration only when firefox is not running
# and language packs are not disabled
if [ $MOZILLA_DOWN -ne 0 ]; then
# Clear already installed langpacks
mkdir -p $MOZ_EXTENSIONS_PROFILE_DIR
if [ -f $FEDORA_LANGPACK_CONFIG ]; then
rm `cat $FEDORA_LANGPACK_CONFIG` > /dev/null 2>&1
rm $FEDORA_LANGPACK_CONFIG > /dev/null 2>&1
# remove all empty langpacks dirs while they block installation of langpacks
rmdir $MOZ_EXTENSIONS_PROFILE_DIR/langpack* > /dev/null 2>&1
fi
# Get locale from system
CURRENT_LOCALE=$LC_ALL
CURRENT_LOCALE=${CURRENT_LOCALE:-$LC_MESSAGES}
CURRENT_LOCALE=${CURRENT_LOCALE:-$LANG}
# Try with a local variant first, then without a local variant
SHORTMOZLOCALE=`echo $CURRENT_LOCALE | sed "s|_\([^.]*\).*||g"`
MOZLOCALE=`echo $CURRENT_LOCALE | sed "s|_\([^.]*\).*|-\1|g"`
function create_langpack_link() {
local language=$*
local langpack=langpack-${language}@firefox.mozilla.org.xpi
if [ -f $MOZ_LANGPACKS_DIR/$langpack ]; then
rm -rf $MOZ_EXTENSIONS_PROFILE_DIR/$langpack
# If the target file is a symlink (the fallback langpack),
# install the original file instead of the fallback one
if [ -h $MOZ_LANGPACKS_DIR/$langpack ]; then
langpack=`readlink $MOZ_LANGPACKS_DIR/$langpack`
fi
ln -s $MOZ_LANGPACKS_DIR/$langpack \
$MOZ_EXTENSIONS_PROFILE_DIR/$langpack
echo $MOZ_EXTENSIONS_PROFILE_DIR/$langpack > $FEDORA_LANGPACK_CONFIG
return 0
fi
return 1
}
create_langpack_link $MOZLOCALE || create_langpack_link $SHORTMOZLOCALE || true
fi
# BEAST fix (rhbz#1005611)
NSS_SSL_CBC_RANDOM_IV=${NSS_SSL_CBC_RANDOM_IV-1}
export NSS_SSL_CBC_RANDOM_IV
@ -244,28 +166,5 @@ done
# Don't throw "old profile" dialog box.
export MOZ_ALLOW_DOWNGRADE=1
# Make sure at-spi-bus is running
if ! dbus-send --session \
--dest=org.freedesktop.DBus \
--type=method_call \
--print-reply \
/org/freedesktop/DBus \
org.freedesktop.DBus.ListNames \
| grep org.a11y.Bus > /dev/null; then
if [ -f "$MOZ_LIB_DIR/firefox/bundled/libexec/at-spi-bus-launcher" ]; then
echo "Starting a11y dbus service..."
$MOZ_LIB_DIR/firefox/bundled/libexec/at-spi-bus-launcher &
else
echo "Running without a11y support!"
fi
fi
# Run the browser
debugging=0
if [ $debugging = 1 ]
then
echo $MOZ_LAUNCHER $script_args $MOZ_PROGRAM "$@"
fi
exec $MOZ_LAUNCHER $script_args $MOZ_PROGRAM "$@"

52
SOURCES/mozilla-s390x-skia-gradient.patch
View File

@ -1,52 +0,0 @@
# HG changeset patch
# Parent acf59ea86dd1d878b43920832093f082dcfc61c0
diff -r acf59ea86dd1 gfx/skia/skia/src/shaders/gradients/Sk4fLinearGradient.cpp
--- a/gfx/skia/skia/src/shaders/gradients/Sk4fLinearGradient.cpp Mon Mar 09 08:26:10 2020 +0100
+++ b/gfx/skia/skia/src/shaders/gradients/Sk4fLinearGradient.cpp Fri Mar 27 13:30:28 2020 +0100
@@ -7,7 +7,7 @@
#include "include/core/SkPaint.h"
#include "src/shaders/gradients/Sk4fLinearGradient.h"
-
+#include "src/core/SkEndian.h"
#include <cmath>
#include <utility>
@@ -28,6 +28,9 @@
while (n >= 4) {
DstTraits<premul>::store4x(c0, c1, c2, c3, dst, bias0, bias1);
+#ifdef SK_CPU_BENDIAN
+ SkEndianSwap32s(dst, 4);
+#endif
dst += 4;
c0 = c0 + dc4;
@@ -37,12 +40,23 @@
n -= 4;
}
if (n & 2) {
- DstTraits<premul>::store(c0, dst++, bias0);
- DstTraits<premul>::store(c1, dst++, bias1);
+ DstTraits<premul>::store(c0, dst, bias0);
+#ifdef SK_CPU_BENDIAN
+ *dst = SkEndianSwap32(*dst);
+#endif
+ ++dst;
+ DstTraits<premul>::store(c1, dst, bias1);
+#ifdef SK_CPU_BENDIAN
+ *dst = SkEndianSwap32(*dst);
+#endif
+ ++dst;
c0 = c0 + dc2;
}
if (n & 1) {
DstTraits<premul>::store(c0, dst, bias0);
+#ifdef SK_CPU_BENDIAN
+ *dst = SkEndianSwap32(*dst);
+#endif
}
}

94
SPECS/firefox.spec
View File

@ -18,7 +18,7 @@ function dist_to_rhel_minor(str, start)
end
match = string.match(str, ".el8")
if match then
return 6
return 7
end
return -1
end}
@ -119,16 +119,23 @@ end}
%global mozappdir %{_libdir}/%{name}
%global mozappdirdev %{_libdir}/%{name}-devel-%{version}
%global langpackdir %{mozappdir}/langpacks
%global langpackdir %{mozappdir}/browser/extensions
%global tarballdir %{name}-%{version}
%global pre_version esr
%global official_branding 1
%global build_langpacks 1
# Workaround the dreaded "upstream source file changed content" rpmdiff failure that only secalert can waive.
# If set to .b2 or .b3 ... the processed source file needs to be renamed before upload, e.g.
# firefox-91.9.0esr.b2.processed-source.tar.xz
# With does_not_exist it's empty and source file name as is.
#global buildnum %{?does_not_exist}
%global buildnum %{?does_not_exist}
Summary: Mozilla Firefox Web browser
Name: firefox
Version: 91.4.0
Version: 91.13.0
Release: 1%{?dist}
URL: https://www.mozilla.org/firefox/
License: MPLv1.1 or GPLv2+ or LGPLv2+
@ -136,10 +143,14 @@ License: MPLv1.1 or GPLv2+ or LGPLv2+
ExcludeArch: %{ix86}
%endif
%if 0%{?rhel} == 8
%if %{rhel_minor_version} == 1
ExcludeArch: %{ix86} aarch64 s390x
%else
ExcludeArch: %{ix86}
%endif
%endif
%if 0%{?rhel} == 7
ExcludeArch: s390 ppc
ExcludeArch: aarch64 s390 ppc
%endif
# We can't use the official tarball as it contains some test files that use
@ -147,9 +158,10 @@ ExcludeArch: s390 ppc
# The official tarball has to be always processed by the process-official-tarball
# script.
# Link to official tarball: https://hg.mozilla.org/releases/mozilla-release/archive/firefox-%%{version}%%{?pre_version}.source.tar.xz
Source0: firefox-%{version}%{?pre_version}.processed-source.tar.xz
Source0: firefox-%{version}%{?pre_version}%{?buildnum}.processed-source.tar.xz
%if %{build_langpacks}
Source1: firefox-langpacks-%{version}%{?pre_version}-20211201.tar.xz
Source1: firefox-langpacks-%{version}%{?pre_version}-20220817.tar.xz
%endif
Source2: cbindgen-vendor.tar.xz
Source3: process-official-tarball
@ -184,6 +196,7 @@ Patch6: build-nss-version.patch
Patch215: firefox-enable-addons.patch
Patch219: rhbz-1173156.patch
Patch224: mozilla-1170092.patch
Patch225: firefox-nss-addon-hack.patch
# Upstream patches
@ -197,9 +210,12 @@ Patch510: mozilla-bmo1554971.patch
Patch511: mozilla-bmo1602730.patch
Patch512: mozilla-bmo849632.patch
Patch513: mozilla-bmo998749.patch
Patch514: mozilla-s390x-skia-gradient.patch
#Patch514: mozilla-s390x-skia-gradient.patch
Patch515: mozilla-bmo1626236.patch
Patch518: D110204-fscreen.diff
Patch519: expat-CVE-2022-25235.patch
Patch520: expat-CVE-2022-25236.patch
Patch521: expat-CVE-2022-25315.patch
# Flatpak patches
@ -425,6 +441,11 @@ echo "use_rustts %{?use_rustts}"
%patch219 -p1 -b .rhbz-1173156
%patch224 -p1 -b .1170092
# Enable workaround for RHEL >= 8: rhbz#2043303
%if 0%{?rhel} == 8 || 0%{?rhel} >= 9
%patch225 -p1 -b .firefox-nss-addon-hack
%endif
# Patch for big endian platforms only
%if 0%{?big_endian}
%endif
@ -442,6 +463,9 @@ echo "use_rustts %{?use_rustts}"
#%patch514 -p1 -b .mozilla-s390x-skia-gradient
%patch515 -p1 -b .mozilla-bmo1626236
%patch518 -p1 -b .D110204-fscreen.diff
%patch519 -p1 -b .expat-CVE-2022-25235
%patch520 -p1 -b .expat-CVE-2022-25236
%patch521 -p1 -b .expat-CVE-2022-25315
%patch1001 -p1 -b .ppc64le-inline
@ -643,7 +667,7 @@ function build_bundled_package() {
echo $PKG_CONFIG_PATH
rpm -ivh %{SOURCE403}
rpmbuild --nodeps --define '_prefix %{bundled_install_path}' -ba %{_specdir}/nss.spec
rpmbuild --nodeps --define '_prefix %{bundled_install_path}' --without=tests -ba %{_specdir}/nss.spec
pushd %{_buildrootdir}
#cleanup
#rm -rf {_buildrootdir}/usr/lib/debug/*
@ -877,9 +901,9 @@ ls %{_buildrootdir}
export MACH_USE_SYSTEM_PYTHON=1
%if 0%{?use_llvmts}
#scl enable llvm-toolset-%{llvm_version} './mach build -v'
./mach build -v
./mach build -v || exit 1
%else
./mach build -v
./mach build -v || exit 1
%endif
# Look for the reason we get: /usr/lib/rpm/debugedit: canonicalization unexpectedly shrank by one character
readelf -wl objdir/dist/bin/libxul.so | grep "/"
@ -1247,6 +1271,56 @@ gtk-update-icon-cache %{_datadir}/icons/hicolor &>/dev/null || :
#---------------------------------------------------------------------
%changelog
* Wed Aug 17 2022 Eike Rathke <erack@redhat.com> - 91.13.0-1
- Update to 91.13.0 build1
* Thu Jul 21 2022 Eike Rathke <erack@redhat.com> - 91.12.0-1
- Update to 91.12.0 build1
* Thu Jun 23 2022 Eike Rathke <erack@redhat.com> - 91.11.0-2
- Update to 91.11.0 build2
* Tue Jun 21 2022 Eike Rathke <erack@redhat.com> - 91.11.0-1
- Update to 91.11.0 build1
* Tue May 24 2022 Eike Rathke <erack@redhat.com> - 91.10.0-1
- Update to 91.10.0 build1
* Fri May 20 2022 Jan Horak <jhorak@redhat.com> - 91.9.1-1
- Update to 91.9.1 build1
* Tue Apr 26 2022 Eike Rathke <erack@redhat.com> - 91.9.0-1
- Update to 91.9.0
* Tue Apr 05 2022 Eike Rathke <erack@redhat.com> - 91.8.0-1
- Update to 91.8.0
* Mon Mar 07 2022 Eike Rathke <erack@redhat.com> - 91.7.0-3
- Update to 91.7.0 build3
* Wed Mar 02 2022 Jan Horak <jhorak@redhat.com> - 91.7.0-2
- Added expat backports of CVE-2022-25235, CVE-2022-25236 and CVE-2022-25315
* Tue Mar 01 2022 Eike Rathke <erack@redhat.com> - 91.7.0-1
- Update to 91.7.0 build2
* Fri Feb 25 2022 Jan Horak <jhorak@redhat.com> - 91.6.0-2
- Install langpacks to the browser/extensions to make them available in UI:
rhbz#2030190
* Wed Feb 02 2022 Eike Rathke <erack@redhat.com> - 91.6.0-1
- Update to 91.6.0 build1
* Wed Feb 02 2022 Jan Horak <jhorak@redhat.com> - 91.5.0-2
- Use default update channel to fix non working enterprise policies:
rhbz#2044667
* Thu Jan 06 2022 Eike Rathke <erack@redhat.com> - 91.5.0-1
- Update to 91.5.0 build1
* Mon Dec 13 2021 Jan Horak <jhorak@redhat.com> - 91.4.0-2
- Added fix for failing addons signatures.
* Wed Dec 01 2021 Eike Rathke <erack@redhat.com> - 91.4.0-1
- Update to 91.4.0 build1