rpms/firefox
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Update to 102.4.0

Browse Source
This commit is contained in:
Eike Rathke 2022-10-25 18:15:37 +00:00
parent c5077724c9
commit e460ab8b6c
7 changed files with 132 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.gitignore vendored
View File

@ -271,3 +271,5 @@
/firefox-102.3.0esr.source.tar.xz /firefox-102.3.0esr.source.tar.xz
/firefox-langpacks-102.3.0esr-20220913.tar.xz /firefox-langpacks-102.3.0esr-20220913.tar.xz
/firefox-102.3.0esr.processed-source.tar.xz /firefox-102.3.0esr.processed-source.tar.xz
/firefox-langpacks-102.4.0esr-20221012.tar.xz
/firefox-102.4.0esr.processed-source.tar.xz

25
D158770.diff Normal file
View File

@ -0,0 +1,25 @@
diff --git a/parser/expat/lib/xmlparse.c b/parser/expat/lib/xmlparse.c
--- a/parser/expat/lib/xmlparse.c
+++ b/parser/expat/lib/xmlparse.c
@@ -5652,12 +5652,18 @@
else
#endif /* XML_DTD */
{
processor = contentProcessor;
/* see externalEntityContentProcessor vs contentProcessor */
- return doContent(parser, parentParser ? 1 : 0, encoding, s, end,
- nextPtr, (XML_Bool)!ps_finalBuffer);
+ result = doContent(parser, parser->m_parentParser ? 1 : 0,
+ parser->m_encoding, s, end, nextPtr,
+ (XML_Bool)! parser->m_parsingStatus.finalBuffer);
+ if (result == XML_ERROR_NONE) {
+ if (! storeRawNames(parser))
+ return XML_ERROR_NO_MEMORY;
+ }
+ return result;
}
}
static enum XML_Error PTRCALL
errorProcessor(XML_Parser parser,

11
build-rhel7-lower-node-min-version.patch Normal file
View File

@ -0,0 +1,11 @@
--- firefox-102.4.0/python/mozbuild/mozbuild/nodeutil.py.lower-node-min-version 2022-10-10 17:55:56.000000000 +0200
+++ firefox-102.4.0/python/mozbuild/mozbuild/nodeutil.py 2022-10-17 14:57:47.476182627 +0200
@@ -13,7 +13,7 @@ from mozboot.util import get_tools_dir
from mozfile import which
from six import PY3
-NODE_MIN_VERSION = StrictVersion("10.24.1")
+NODE_MIN_VERSION = StrictVersion("10.24.0")
NPM_MIN_VERSION = StrictVersion("6.14.12")

70
firefox.spec
View File

@ -200,8 +200,8 @@ end}
Summary: Mozilla Firefox Web browser Summary: Mozilla Firefox Web browser
Name: firefox Name: firefox
Version: 102.3.0 Version: 102.4.0
Release: 6%{?dist} Release: 1%{?dist}
URL: https://www.mozilla.org/firefox/ URL: https://www.mozilla.org/firefox/
License: MPLv1.1 or GPLv2+ or LGPLv2+ License: MPLv1.1 or GPLv2+ or LGPLv2+
@ -225,7 +225,7 @@ ExcludeArch: aarch64 s390 ppc
# Link to original tarball: https://archive.mozilla.org/pub/firefox/releases/%{version}%{?pre_version}/source/firefox-%{version}%{?pre_version}.source.tar.xz # Link to original tarball: https://archive.mozilla.org/pub/firefox/releases/%{version}%{?pre_version}/source/firefox-%{version}%{?pre_version}.source.tar.xz
Source0: firefox-%{version}%{?pre_version}.processed-source.tar.xz Source0: firefox-%{version}%{?pre_version}.processed-source.tar.xz
%if %{with langpacks} %if %{with langpacks}
Source1: firefox-langpacks-%{version}%{?pre_version}-20220913.tar.xz Source1: firefox-langpacks-%{version}%{?pre_version}-20221012.tar.xz
%endif %endif
Source2: cbindgen-vendor.tar.xz Source2: cbindgen-vendor.tar.xz
Source3: process-official-tarball Source3: process-official-tarball
@ -272,6 +272,7 @@ Patch73: build-ascii-decode-fail-rhel7.patch
Patch75: build-big-endian-errors.patch Patch75: build-big-endian-errors.patch
Patch76: firefox-nss-version.patch Patch76: firefox-nss-version.patch
Patch77: mozilla-1775202.patch Patch77: mozilla-1775202.patch
Patch78: build-rhel7-lower-node-min-version.patch
# Test patches # Test patches
@ -289,6 +290,7 @@ Patch226: rhbz-1354671.patch
Patch228: disable-openh264-download.patch Patch228: disable-openh264-download.patch
Patch229: firefox-nss-addon-hack.patch Patch229: firefox-nss-addon-hack.patch
Patch230: D110204-fscreen.diff Patch230: D110204-fscreen.diff
Patch231: webrtc-nss-fix.patch
# Upstream patches # Upstream patches
Patch415: mozilla-1670333.patch Patch415: mozilla-1670333.patch
@ -300,6 +302,7 @@ Patch420: mozilla-bmo998749.patch
Patch421: mozilla-s390x-skia-gradient.patch Patch421: mozilla-s390x-skia-gradient.patch
Patch422: one_swizzle_to_rule_them_all.patch Patch422: one_swizzle_to_rule_them_all.patch
Patch423: svg-rendering.patch Patch423: svg-rendering.patch
Patch424: D158770.diff
# PGO/LTO patches # PGO/LTO patches
Patch600: pgo.patch Patch600: pgo.patch
@ -513,50 +516,66 @@ BuildRequires: gcc-toolset-12-annobin-plugin-gcc
# Bundled libraries # Bundled libraries
Provides: bundled(angle) Provides: bundled(angle)
Provides: bundled(audioipc-2)
Provides: bundled(brotli)
Provides: bundled(cairo) Provides: bundled(cairo)
Provides: bundled(cfworker)
Provides: bundled(d3.js)
Provides: bundled(double-conversion)
Provides: bundled(expat)
Provides: bundled(fdlibm)
Provides: bundled(ffvpx)
Provides: bundled(freetype2)
Provides: bundled(graphite2) Provides: bundled(graphite2)
Provides: bundled(harfbuzz) Provides: bundled(harfbuzz)
Provides: bundled(ots) Provides: bundled(highway)
Provides: bundled(sfntly) Provides: bundled(intgemm)
Provides: bundled(skia)
Provides: bundled(thebes)
Provides: bundled(WebRender)
Provides: bundled(audioipc-2)
Provides: bundled(ffvpx)
Provides: bundled(kissfft) Provides: bundled(kissfft)
Provides: bundled(libaom) Provides: bundled(libaom)
Provides: bundled(libcubeb) Provides: bundled(libcubeb)
Provides: bundled(libdav1d) Provides: bundled(libdav1d)
Provides: bundled(libjpeg) Provides: bundled(libjpeg)
Provides: bundled(libjxl)
Provides: bundled(libjxl)
Provides: bundled(libmar)
Provides: bundled(libmkv) Provides: bundled(libmkv)
Provides: bundled(libnestegg) Provides: bundled(libnestegg)
Provides: bundled(libogg) Provides: bundled(libogg)
Provides: bundled(libopus) Provides: bundled(libopus)
Provides: bundled(libpng) Provides: bundled(libpng)
Provides: bundled(libprio)
Provides: bundled(libsoundtouch) Provides: bundled(libsoundtouch)
Provides: bundled(libspeex_resampler) Provides: bundled(libspeex_resampler)
Provides: bundled(libsrtp)
Provides: bundled(libtheora) Provides: bundled(libtheora)
Provides: bundled(libtremor) Provides: bundled(libtremor)
Provides: bundled(libvorbis) Provides: bundled(libvorbis)
Provides: bundled(libvpx) Provides: bundled(libvpx)
Provides: bundled(libwebp) Provides: bundled(libwebp)
Provides: bundled(libwebrtc)
Provides: bundled(libyuv) Provides: bundled(libyuv)
Provides: bundled(mp4parse-rust) Provides: bundled(mp4parse-rust)
Provides: bundled(mp4parse-rust)
Provides: bundled(msgpack-c)
Provides: bundled(msgpack-c)
Provides: bundled(mtransport) Provides: bundled(mtransport)
Provides: bundled(openmax_dl) Provides: bundled(openmax_dl)
Provides: bundled(double-conversion) Provides: bundled(openmax_il)
Provides: bundled(brotli) Provides: bundled(openmax_il)
Provides: bundled(fdlibm) Provides: bundled(ots)
Provides: bundled(freetype2) Provides: bundled(qcms)
Provides: bundled(libmar) Provides: bundled(rlbox_sandboxing_api)
Provides: bundled(sfntly)
Provides: bundled(sipcc)
Provides: bundled(skia)
Provides: bundled(sqlite3)
Provides: bundled(thebes)
Provides: bundled(wasm2c)
Provides: bundled(WebRender)
Provides: bundled(woff2) Provides: bundled(woff2)
Provides: bundled(xz-embedded) Provides: bundled(xz-embedded)
Provides: bundled(ycbcr)
Provides: bundled(zlib) Provides: bundled(zlib)
Provides: bundled(expat)
Provides: bundled(msgpack-c)
Provides: bundled(libprio)
Provides: bundled(rlbox_sandboxing_api)
Provides: bundled(sqlite3)
%if 0%{?bundle_nss} %if 0%{?bundle_nss}
Provides: bundled(nss) = 3.79.0 Provides: bundled(nss) = 3.79.0
@ -618,6 +637,9 @@ echo "use_rustts %{?use_rustts}"
%patch77 -p1 -b .mozilla-1775202 %patch77 -p1 -b .mozilla-1775202
%patch73 -p1 -b .build-ascii-decode-fail-rhel7 %patch73 -p1 -b .build-ascii-decode-fail-rhel7
%if 0%{?rhel} == 7
%patch78 -p1 -b .build-rhel7-lower-node-min-version
%endif
# Test patches # Test patches
%patch102 -p1 -b .firefox-tests-xpcshell-freeze %patch102 -p1 -b .firefox-tests-xpcshell-freeze
@ -633,6 +655,7 @@ echo "use_rustts %{?use_rustts}"
%patch228 -p1 -b .disable-openh264-download %patch228 -p1 -b .disable-openh264-download
%patch229 -p1 -b .firefox-nss-addon-hack %patch229 -p1 -b .firefox-nss-addon-hack
%patch230 -p1 -b .D110204-fscreen.diff %patch230 -p1 -b .D110204-fscreen.diff
%patch231 -p1 -b .webrtc-nss-fix
%patch415 -p1 -b .1670333 %patch415 -p1 -b .1670333
%patch416 -p1 -b .mozilla-bmo1005535 %patch416 -p1 -b .mozilla-bmo1005535
@ -643,6 +666,7 @@ echo "use_rustts %{?use_rustts}"
%patch421 -p1 -b .mozilla-s390x-skia-gradient %patch421 -p1 -b .mozilla-s390x-skia-gradient
%patch422 -p1 -b .one_swizzle_to_rule_them_all %patch422 -p1 -b .one_swizzle_to_rule_them_all
%patch423 -p1 -b .svg-rendering %patch423 -p1 -b .svg-rendering
%patch424 -p1 -b .D158770.diff
# PGO patches # PGO patches
%if %{build_with_pgo} %if %{build_with_pgo}
@ -1401,6 +1425,12 @@ gtk-update-icon-cache %{_datadir}/icons/hicolor &>/dev/null || :
#--------------------------------------------------------------------- #---------------------------------------------------------------------
%changelog %changelog
* Wed Oct 12 2022 Eike Rathke <erack@redhat.com> - 102.4.0-1
- Update to 102.4.0 build1
* Tue Oct 11 2022 Jan Horak <jhorak@redhat.com> - 102.3.0-7
- Fix for expat CVE-2022-40674 and non functional webrtc
* Tue Sep 13 2022 Jan Horak <jhorak@redhat.com> - 102.3.0-6 * Tue Sep 13 2022 Jan Horak <jhorak@redhat.com> - 102.3.0-6
- Update to 102.3.0 build1 - Update to 102.3.0 build1

17
rpminspect.yaml Normal file
View File

@ -0,0 +1,17 @@
---
inspections:
# this inspection is taking way too long and causing timeouts
abidiff: off
# the badfunc is triggered by inet_addr and inet_ntoa which is in the third party
# libraries bundled to firefox sources.
badfuncs:
ignore:
- /usr/lib*/firefox/libxul.so
# We don't plan to build Firefox with the LTO because it brings more problems
# than benefits to the package.
annocheck:
- hardened: --ignore-unknown --verbose --skip-lto --skip-cf-protection --skip-property-note
runpath:
# rpath to bundled content
allowed_paths:
- /usr/lib64/firefox/bundled/lib64

4
sources
View File

@ -1,5 +1,5 @@
SHA512 (cbindgen-vendor.tar.xz) = ba8967007c7545fcf62a392e745b19188d883428adb5e9abd102cc6ad5d50891e9d38a7a20ee7a91e99d6340e9490a6b8bcc4c7175f3bb3a698841b816966385 SHA512 (cbindgen-vendor.tar.xz) = ba8967007c7545fcf62a392e745b19188d883428adb5e9abd102cc6ad5d50891e9d38a7a20ee7a91e99d6340e9490a6b8bcc4c7175f3bb3a698841b816966385
SHA512 (nss-3.79.0-6.el8_1.src.rpm) = 5887d0f306045adf7c6f3389840fff2e2732e5a15ec5e22cf885e578105b54d9e753c237e7730c2d3f0990728b10123c653e8d18a8b8dd0174bfb5b443eab7ef SHA512 (nss-3.79.0-6.el8_1.src.rpm) = 5887d0f306045adf7c6f3389840fff2e2732e5a15ec5e22cf885e578105b54d9e753c237e7730c2d3f0990728b10123c653e8d18a8b8dd0174bfb5b443eab7ef
SHA512 (nspr-4.34.0-3.el8_1.src.rpm) = fe4715694c297cd8cefa577946358a90103bde73e78a3fdf13d202a3791736e8a48fbece09ee3d15f6d81ae051e26d96400b03bb6bf8630715746c5e1a643543 SHA512 (nspr-4.34.0-3.el8_1.src.rpm) = fe4715694c297cd8cefa577946358a90103bde73e78a3fdf13d202a3791736e8a48fbece09ee3d15f6d81ae051e26d96400b03bb6bf8630715746c5e1a643543
SHA512 (firefox-langpacks-102.3.0esr-20220913.tar.xz) = 5bf7183e3587c897339cbb0f133d3648b74dbd28feb19de6c9c0d3f5a852bee8dbbf8b92ba92e2c1eeb98c6f647e828e9bd2beb4768034f9d64cf42043937c76 SHA512 (firefox-102.4.0esr.processed-source.tar.xz) = 28e8ab46f15f088134ca91eb517861535dc8e645f1e00d5effb710689eca6dca698ed8988d65285695c6611e1b388f1d492f7622d61ff4a0261b91c0e2a2c808
SHA512 (firefox-102.3.0esr.processed-source.tar.xz) = 1a30fafc2c01f5b6c781a762ada299a313a910cc7d24fbfe8fcb7bfdfc7adfeef920c17a335eea611e282855a59f3e66ea49818c714da4636e3a9ef9f2fc01ed SHA512 (firefox-langpacks-102.4.0esr-20221012.tar.xz) = 20fb183b6e9197301a3b13bd467b90bbe4f25b6d5df876eb736f590ebb1ca925b69db53b08767c6715909a38221a53cc0f3f79c76157cf414b23ab245d5d4052

25
webrtc-nss-fix.patch Normal file
View File

@ -0,0 +1,25 @@
diff -up firefox-102.3.0/third_party/libsrtp/src/crypto/cipher/aes_gcm_nss.c.webrtc-fix firefox-102.3.0/third_party/libsrtp/src/crypto/cipher/aes_gcm_nss.c
--- firefox-102.3.0/third_party/libsrtp/src/crypto/cipher/aes_gcm_nss.c.webrtc-fix 2022-10-04 18:58:30.563683229 +0200
+++ firefox-102.3.0/third_party/libsrtp/src/crypto/cipher/aes_gcm_nss.c 2022-10-04 18:58:44.583652963 +0200
@@ -293,7 +293,7 @@ static srtp_err_status_t srtp_aes_gcm_ns
int rv;
SECItem param = { siBuffer, (unsigned char *)&c->params,
- sizeof(CK_GCM_PARAMS) };
+ sizeof(CK_NSS_GCM_PARAMS) };
if (encrypt) {
rv = PK11_Encrypt(c->key, CKM_AES_GCM, &param, buf, enc_len,
*enc_len + 16, buf, *enc_len);
diff -up firefox-102.3.0/third_party/libsrtp/src/crypto/include/aes_gcm.h.webrtc-fix firefox-102.3.0/third_party/libsrtp/src/crypto/include/aes_gcm.h
--- firefox-102.3.0/third_party/libsrtp/src/crypto/include/aes_gcm.h.webrtc-fix 2022-10-04 18:59:16.635583764 +0200
+++ firefox-102.3.0/third_party/libsrtp/src/crypto/include/aes_gcm.h 2022-10-04 18:59:31.848550924 +0200
@@ -101,7 +101,7 @@ typedef struct {
uint8_t iv[12];
uint8_t aad[MAX_AD_SIZE];
int aad_size;
- CK_GCM_PARAMS params;
+ CK_NSS_GCM_PARAMS params;
uint8_t tag[16];
} srtp_aes_gcm_ctx_t;
diff -up firefox-102.3.0/third_party/prio/prio/encrypt.c.webrtc-fix firefox-102.3.0/third_party/prio/prio/encrypt.c