Sync from SUSE:SLFO:Main MozillaFirefox revision bebc0f387237256ebcb119bb7ad8c7d6

2024-07-22 16:57:40 +02:00 · 2024-07-22 16:57:40 +02:00 · cf740204ca
commit cf740204ca
parent 66e5d0d6a3
11 changed files with 119 additions and 75 deletions
--- a/MozillaFirefox.changes
+++ b/MozillaFirefox.changes
@ -1,25 +1,36 @@
+-------------------------------------------------------------------
+Wed Jul  3 07:12:36 UTC 2024 - Martin Sirringhaus <martin.sirringhaus@suse.com>
+
+- Firefox Extended Support Release 115.13.0 ESR
+  Placeholder changelog-entry (bsc#1226316)
+
+-------------------------------------------------------------------
+Mon Jul  1 14:01:17 UTC 2024 - Martin Sirringhaus <martin.sirringhaus@suse.com>
+
+- Fix GNOME search provider (boo#1225278)  
+
 -------------------------------------------------------------------
 Thu Jun  6 07:52:51 UTC 2024 - Martin Sirringhaus <martin.sirringhaus@suse.com>

 - Firefox Extended Support Release 115.12.0 ESR
  * Fixed: Various security fixes and other quality improvements.
  MFSA 2024-26 (bsc#1226027)
-  * MFSA-RESERVE-2024-1193389 (bmo#1193389)
+  * CVE-2024-5702 (bmo#1193389)
    Use-after-free in networking
-  * MFSA-RESERVE-2024-1895086 (bmo#1895086)
+  * CVE-2024-5688 (bmo#1895086)
    Use-after-free in JavaScript object transplant
-  * MFSA-RESERVE-2024-1883693 (bmo#1883693)
+  * CVE-2024-5690 (bmo#1883693)
    External protocol handlers leaked by timing attack
-  * MFSA-RESERVE-2024-1888695 (bmo#1888695)
-    Sandboxed iframe were able to bypass sandbox restrictions to
+  * CVE-2024-5691 (bmo#1888695)
+    Sandboxed iframes were able to bypass sandbox restrictions to
    open a new window
-  * MFSA-RESERVE-2024-1891234 (bmo#1891234)
+  * CVE-2024-5692 (bmo#1891234)
    Bypass of file name restrictions during saving
-  * MFSA-RESERVE-2024-1891319 (bmo#1891319)
+  * CVE-2024-5693 (bmo#1891319)
    Cross-Origin Image leak via Offscreen Canvas
-  * MFSA-RESERVE-2024-1896555 (bmo#1896555)
+  * CVE-2024-5696 (bmo#1896555)
    Memory Corruption in Text Fragments
-  * MFSA-RESERVE-2024-2 (bmo#1862809, bmo#1889355, bmo#1893388,
+  * CVE-2024-5700 (bmo#1862809, bmo#1889355, bmo#1893388,
    bmo#1895123)
    Memory safety bugs fixed in Firefox 127, Firefox ESR 115.12,
    and Thunderbird 115.12
--- a/MozillaFirefox.spec
+++ b/MozillaFirefox.spec
@ -29,8 +29,8 @@
 # major 69
 # mainver %%major.99
 %define major          115
-%define mainver        %major.12.0
-%define orig_version   115.12.0
+%define mainver        %major.13.0
+%define orig_version   115.13.0
 %define orig_suffix    esr
 %define update_channel release
 %define branding       1
@ -202,7 +202,7 @@ Source9:        firefox.js
 Source11:       firefox.1
 Source12:       mozilla-get-app-id
 Source13:       spellcheck.js
-Source14:       https://github.com/openSUSE/firefox-scripts/raw/9b77cf0/create-tar.sh
+Source14:       https://github.com/openSUSE/firefox-scripts/raw/913fab1/create-tar.sh
 Source15:       firefox-appdata.xml
 Source16:       %{name}.changes
 Source17:       firefox-search-provider.ini
--- a/create-tar.sh
+++ b/create-tar.sh
@ -78,9 +78,13 @@ function set_internal_variables() {

  SOURCE_TARBALL="$PRODUCT-$VERSION$VERSION_SUFFIX.source.tar.xz"
  PREV_SOURCE_TARBALL="$PRODUCT-$PREV_VERSION$PREV_VERSION_SUFFIX.source.tar.xz"
+  if [ "$PRODUCT" = "thunderbird" ]; then
+    TB_LOCALE_TARBALL="$PRODUCT-$VERSION$VERSION_SUFFIX.strings_all.tar.zst"
+  fi
  FTP_URL="https://ftp.mozilla.org/pub/$PRODUCT/releases/$VERSION$VERSION_SUFFIX/source"
  FTP_CANDIDATES_BASE_URL="https://ftp.mozilla.org/pub/%s/candidates"
  LOCALES_URL="https://product-details.mozilla.org/1.0/l10n"
+  FF_L10N_MONOREPO="https://github.com/mozilla-l10n/firefox-l10n"
  PRODUCT_URL="https://product-details.mozilla.org/1.0"
  ALREADY_EXTRACTED_LOCALES_FILE=0
 }
@ -134,7 +138,7 @@ function get_source_stamp() {
  local BUILD_JSON=$(curl --silent --fail "$FTP_CANDIDATES_BASE_URL/$FTP_CANDIDATES_JSON_SUFFIX") || return 1;
  local REV=$(echo "$BUILD_JSON" | jq .moz_source_stamp)
  local SOURCE_REPO=$(echo "$BUILD_JSON" | jq .moz_source_repo)
-  local TIMESTAMP=$(echo "$BUILD_JSON" | jq .buildid)
+  TIMESTAMP=$(echo "$BUILD_JSON" | jq .buildid)
  echo "Extending $TAR_STAMP with:"
  echo "RELEASE_REPO=${SOURCE_REPO}"
  echo "RELEASE_TAG=${REV}"
@ -302,10 +306,18 @@ function check_what_to_do_with_source_tarballs() {
    printf "%-40s: %s\n" "$ff" "$(check_tarball_source $ff)"
  done

+  if [ "$PRODUCT" = "thunderbird" ]; then
+    printf "%-40s: %s\n" "$TB_LOCALE_TARBALL" "$(check_tarball_source $TB_LOCALE_TARBALL)"
+  fi
+
  ask_cont_abort_question "Is this ok?" || exit 0
 }

 function check_what_to_do_with_locales_tarballs() {
+  if [ -e "$TB_LOCALE_TARBALL" ]; then
+    return;
+  fi
+
  LOCALES_CHANGED=1

  extract_locales_file
@ -364,6 +376,10 @@ function download_upstream_source_tarballs() {
  download_release_or_candidate_file "$SOURCE_TARBALL"
  download_release_or_candidate_file "$SOURCE_TARBALL.asc"

+  if [ "$PRODUCT" = "thunderbird" ]; then
+    download_release_or_candidate_file "$TB_LOCALE_TARBALL"
+  fi
+
  # we might have an upstream archive already and can skip the checkout
  if [ -e "$SOURCE_TARBALL" ]; then
    get_source_stamp "$BUILD_ID"
@ -413,7 +429,7 @@ function clone_and_repackage_sources() {
  # get repo and source stamp
  local REV=$(hg -R . parent --template="{node|short}\n")
  local SOURCE_REPO=$(hg showconfig paths.default 2>/dev/null | head -n1 | sed -e "s/^ssh:/https:/")
-  local TIMESTAMP=$(date +%Y%m%d%H%M%S)
+  TIMESTAMP=$(date +%Y%m%d%H%M%S)

  if [ "$PRODUCT" = "thunderbird" ]; then
    pushd comm || exit 1
@ -447,13 +463,18 @@ function create_locales_tarballs() {
    exit 0
  fi

-  if [ "$LOCALES_CHANGED" -ne 0 ]; then
-    clone_and_repackage_locales
-  elif [ -f "l10n-$PREV_VERSION$PREV_VERSION_SUFFIX.tar.xz" ]; then
-    # Locales did not change, but the old tar-ball is in this directory
-    # Simply rename it:
-    echo "Moving l10n-$PREV_VERSION$PREV_VERSION_SUFFIX.tar.xz to l10n-$VERSION$VERSION_SUFFIX.tar.xz"
-    mv "l10n-$PREV_VERSION$PREV_VERSION_SUFFIX.tar.xz" "l10n-$VERSION$VERSION_SUFFIX.tar.xz"
+  if [ -e "$TB_LOCALE_TARBALL" ]; then
+    echo "Repackaging upstream lang-tarball."
+    zstd -dcf "$TB_LOCALE_TARBALL" | xz > "l10n-$VERSION$VERSION_SUFFIX.tar.xz"
+  else 
+    if [ "$LOCALES_CHANGED" -ne 0 ]; then
+      clone_and_repackage_locales
+    elif [ -f "l10n-$PREV_VERSION$PREV_VERSION_SUFFIX.tar.xz" ]; then
+      # Locales did not change, but the old tar-ball is in this directory
+      # Simply rename it:
+      echo "Moving l10n-$PREV_VERSION$PREV_VERSION_SUFFIX.tar.xz to l10n-$VERSION$VERSION_SUFFIX.tar.xz"
+      mv "l10n-$PREV_VERSION$PREV_VERSION_SUFFIX.tar.xz" "l10n-$VERSION$VERSION_SUFFIX.tar.xz"
+    fi
  fi
 }

@ -480,10 +501,6 @@ function clone_and_repackage_locales() {
    FF_L10N_BASE="l10n_ff"
  fi

-  test ! -d $FF_L10N_BASE && mkdir $FF_L10N_BASE
-  # No-op, if we are building FF:
-  test ! -d $FINAL_L10N_BASE && mkdir $FINAL_L10N_BASE
-
  # This is only relevant for Thunderbird-builds
  # Here, the relevant directories we need to copy from FF and from TB
  # are specified in a python-file in the tarball
@ -492,33 +509,42 @@ function clone_and_repackage_locales() {
  tb_locale_template=$(get_locales_directories "COMM_STRINGS_PATTERNS")

  echo "Fetching Browser locales..."
-  jq -r 'to_entries[]| "\(.key) \(.value|.revision)"' "$FF_LOCALE_FILE" | \
-    while read -r locale changeset ; do
-      case $locale in
-        ja-JP-mac|en-US)
-          ;;
-        *)
-          echo "reading changeset information for $locale"
-          echo "fetching $locale changeset $changeset ..."
-          if [ -d "$FF_L10N_BASE/$locale/.hg" ]; then
-            pushd "$FF_L10N_BASE/$locale" || exit 1
-            hg pull || exit 1
-            popd || exit 1
-          else
-            hg clone "https://hg.mozilla.org/l10n-central/$locale" "$FF_L10N_BASE/$locale" || exit 1
-          fi
-          [ "$RELEASE_TAG" == "default" ] || hg -R "$FF_L10N_BASE/$locale" up -C -r "$changeset" || exit 1
+  if [ -d "$FF_L10N_BASE/.git" ]; then
+    pushd "$FF_L10N_BASE/" || exit 1
+    git fetch -a || exit 1
+    popd || exit 1
+  else
+    git clone "$FF_L10N_MONOREPO" "$FF_L10N_BASE" || exit 1
+  fi
+  # Currently all locales show the same changeset-hash, as they moved to a monorepo. We just take the first one.
+  changeset=$(jq -r 'to_entries[0]| "\(.key) \(.value|.revision)"' "$FF_LOCALE_FILE" | cut -d " " -f 2)
+  [ "$RELEASE_TAG" == "default" ] || git -C "$FF_L10N_BASE/" switch --detach "$changeset" || exit 1

-          # If we are doing TB, we have to merge both l10n-repos
-          if [ "$PRODUCT" = "thunderbird" ] && test -d "$TB_L10N_BASE/$locale/" ; then
+  # No-op, if we are building FF:
+  test ! -d $FINAL_L10N_BASE && mkdir $FINAL_L10N_BASE
+
+  # If we are doing TB, we have to merge both l10n-repos
+  if [ "$PRODUCT" = "thunderbird" ] && test -d "$TB_L10N_BASE/$locale/" ; then
+    jq -r 'to_entries[]| "\(.key) \(.value|.revision)"' "$FF_LOCALE_FILE" | \
+      while read -r locale changeset ; do
+        case $locale in
+          ja-JP-mac|en-US)
+            ;;
+          *)
            create_and_copy_locales "$locale" "$FF_L10N_BASE" "$ff_locale_template" "$FINAL_L10N_BASE"
            create_and_copy_locales "$locale" "$TB_L10N_BASE" "$tb_locale_template" "$FINAL_L10N_BASE"
-          fi
-          ;;
-      esac
-    done
+            ;;
+        esac
+      done
+  fi
+
  echo "creating l10n archive..."
  local TAR_FLAGS="--exclude-vcs"
+  # For reproducable tarballs
+  # Convert TIMESTAMP to ISO-format, so tar can understand it, then set mtime to it
+  local MTIME=$(python3 -c "from datetime import datetime; print(datetime.strptime(${TIMESTAMP}, '%Y%m%d%H%M%S').isoformat())")
+  TAR_FLAGS="$TAR_FLAGS --sort=name --format=posix --pax-option=delete=atime,delete=ctime,exthdr.name=%d/PaxHeaders/%f --numeric-owner --owner=0 --group=0 --mode=go+u,go-w --clamp-mtime --mtime=$MTIME"
+
  if [ "$PRODUCT" = "thunderbird" ]; then
    TAR_FLAGS="$TAR_FLAGS --exclude=suite"
  fi
@ -537,6 +563,13 @@ function clean_up_old_tarballs() {
          rm "l10n-$PREV_VERSION$PREV_VERSION_SUFFIX.tar.xz"
      fi
  fi
+  # If we downloaded the upstream zstd-tarball and repackaged it, remove it now
+  if [ -f "$TB_LOCALE_TARBALL" ] && [ -f "l10n-$VERSION$VERSION_SUFFIX.tar.xz" ]; then 
+      echo ""
+      echo "Deleting old sources tarball $TB_LOCALE_TARBALL"
+      ask_cont_abort_question "Is this ok?" || exit 0
+      rm "$TB_LOCALE_TARBALL"
+  fi
 }

 main "$@"
--- a/firefox-115.12.0esr.source.tar.xz
+++ b/firefox-115.12.0esr.source.tar.xz
--- a/firefox-115.12.0esr.source.tar.xz.asc
+++ b/firefox-115.12.0esr.source.tar.xz.asc
@ -1,16 +0,0 @@
-----BEGIN PGP SIGNATURE-----
-
-iQIzBAABCgAdFiEErdcHlHlwDcrf3VM34207E/PZMnQFAmZd9scACgkQ4207E/PZ
-MnSujA/8CPJt/HWe7h11g7s3QmhbP8KR2k7XrEwZZCRvEBmD21a46JsAs/hg1Dci
-QRjtJuh5dFyKiW+H+52w5A5nPFJqE0kInvdro4ag2mwOjIYHsWw9PiGcYQ/gxmvQ
-OZqx+GqgsuAZzsg3z9IRt7faFydpwr/BIfjWnJCENU2s6/HGlUzM9oT1CLKG9aDZ
-iXxdgJ76EZTOdAUr3ZT8sDNwmFdGYxdMuKOt2MoOiZ2JZOUfHm0+mNyXQQ9z8WK7
-w0fxsntaqwF5F2ISA2G5sjG8R0cLwWM4t5xcD71UrMF8OK60HzyiA0K73mNbAoUK
-/9YJvcHOFjbVCRMkbTr05HJjricqfVWYPrzIfpMK6olmWmtu5DDtkacZkg78HPca
-4Y+k7Z8NqDDQy3EJ3p4gV116hxhAQpQNddNda1i/QO3I4gRPeNug1cbQvtvGi3Jo
-Yijw2VOODOxR525ZCvnSyM9ovT4pZjbqx8mSuMNFft5MgMdXCeW4+Kr57iOUWDXw
-sR3dOhJwUoVvsQCtlrEXUm90f/KHr/ggd1zHXaQkb9BqRR2BLLiKK6cJTpzZxvcN
-MOSNRJT4R1RkkRXCwHgwFo5MgbsEKGTQdIllneGT2J0qLqbutYfSfiDuJIzt0u73
-g8T11OyayQhc8YRbG/lKbcwXjeemPIxvnS0T5yIjNSNyD0ntIHs=
-=5hQj
-----END PGP SIGNATURE-----
--- a/firefox-115.13.0esr.source.tar.xz
+++ b/firefox-115.13.0esr.source.tar.xz
--- a/firefox-115.13.0esr.source.tar.xz.asc
+++ b/firefox-115.13.0esr.source.tar.xz.asc
@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCgAdFiEErdcHlHlwDcrf3VM34207E/PZMnQFAmaF+98ACgkQ4207E/PZ
+MnRX3w/9GO5IkWE3cMK2ri0xdqYQhA0tN9/Vqi+axg7qR3bZ1tzgh7Hk+kEVhWqm
+Zda3+8TGkGPSFn0TlgG+PaejnPtxfIDAjzuzdTntQ3o6i/cQzb+Uw9SfAI2UzEVG
+Q9uQUsBU0d0JgUabUBkx3Bm0MBDLSy8kveRnX9nsNLkoIkEvFgsUn2aYh7CXIUXE
+WVzSjWfEKv2+Km0iMqn5pMbbf1WgiMHMRCmttv2X0Y7sGc8whsSvhkSInNBLIp7+
+2KYbgy5zIcc7H4fFubRLoDUbeB/7vb/lACSQWk3MYO1OzOAaJmnNGVApCDBn3mXR
+HS996EbUSQL+D5S9wEdTKX0WLNyw3rlQ7/y9ZGhVH2i6sZjtHBZBwTm4+R1jJzdV
+xchiAR7x233dm/iB4HQzJ4zd0WVplFNF00nlKCAStOgF7r2TCOKSOiuCI0texMqJ
+Kgt4bmG3bxyCwE/lgUUOoT8oXym1xog+569F7k7aA+I3Fxc0ZoJR5josVQde42YB
+5HWDlTbw1RWl3OWf3sYvmnulq67td2RSZDrbBHGk/tPQpDN/mXzaoBAwqedRQ/1E
+UKv+H8aUKbmXCLgRUjzQlvJWJt4c94adXcqWQIm87ZEduxCTeh+ZieQmCjn+39tD
+FHUUSYNITHIAI3Q+g1ApBHbtmZa3ESIID2Jgq7/uuMd9LjRqBFw=
+=aTpP
+-----END PGP SIGNATURE-----
--- a/firefox-search-provider.ini
+++ b/firefox-search-provider.ini
@ -1,5 +1,5 @@
 [Shell Search Provider]
 DesktopId=firefox.desktop
-BusName=org.mozilla.Firefox.SearchProvider
-ObjectPath=/org/mozilla/Firefox/SearchProvider
+BusName=org.mozilla.firefox.SearchProvider
+ObjectPath=/org/mozilla/firefox/SearchProvider
 Version=2
--- a/l10n-115.12.0esr.tar.xz
+++ b/l10n-115.12.0esr.tar.xz
--- a/l10n-115.13.0esr.tar.xz
+++ b/l10n-115.13.0esr.tar.xz
--- a/8
+++ b/8
@ -1,10 +1,10 @@
 PRODUCT="firefox"
 CHANNEL="release"
-VERSION="115.12.0"
+VERSION="115.13.0"
 VERSION_SUFFIX="esr"
-PREV_VERSION="115.11.0"
+PREV_VERSION="115.12.0"
 PREV_VERSION_SUFFIX="esr"
 #SKIP_LOCALES="" # Uncomment to skip l10n and compare-locales-generation
 RELEASE_REPO="https://hg.mozilla.org/releases/mozilla-esr115"
-RELEASE_TAG="6b05ad1f5f2dbb0d47ac169115e250ff3776289c"
-RELEASE_TIMESTAMP="20240603145132"
+RELEASE_TAG="2ac22c53b238cae73c2e72915e2a423dcfa7f099"
+RELEASE_TIMESTAMP="20240703222632"