2019-09-04 10:35:37 +02:00
|
|
|
Author: Bernhard M. Wiedemann <bwiedemann suse de>
|
|
|
|
Date: 2019-07-22
|
|
|
|
|
|
|
|
Allow to override build date with SOURCE_DATE_EPOCH
|
|
|
|
in order to make builds reproducible.
|
|
|
|
See https://reproducible-builds.org/ for why this is good
|
|
|
|
and https://reproducible-builds.org/specs/source-date-epoch/
|
|
|
|
for the definition of this variable.
|
|
|
|
|
|
|
|
diff --git a/python/mozbuild/mozbuild/action/langpack_manifest.py b/python/mozbuild/mozbuild/action/langpack_manifest.py
|
|
|
|
--- a/python/mozbuild/mozbuild/action/langpack_manifest.py
|
|
|
|
+++ b/python/mozbuild/mozbuild/action/langpack_manifest.py
|
2023-02-15 22:11:31 +01:00
|
|
|
@@ -13,16 +13,17 @@
|
2020-03-12 20:14:24 +01:00
|
|
|
|
|
|
|
import argparse
|
2019-09-04 10:35:37 +02:00
|
|
|
import datetime
|
- Mozilla Firefox 109.0
MFSA 2023-01 (bsc#1207119)
* CVE-2023-23597 (bmo#1538028)
Logic bug in process allocation allowed to read arbitrary
files
* CVE-2023-23598 (bmo#1800425)
Arbitrary file read from GTK drag and drop on Linux
* CVE-2023-23599 (bmo#1777800)
Malicious command could be hidden in devtools output on
Windows
* CVE-2023-23600 (bmo#1787034)
Notification permissions persisted between Normal and Private
Browsing on Android
* CVE-2023-23601 (bmo#1794268)
URL being dragged from cross-origin iframe into same tab
triggers navigation
* CVE-2023-23602 (bmo#1800890)
Content Security Policy wasn't being correctly applied to
WebSockets in WebWorkers
* CVE-2023-23603 (bmo#1800832)
Calls to <code>console.log</code> allowed bypasing Content
Security Policy via format directive
* CVE-2023-23604 (bmo#1802346)
Creation of duplicate <code>SystemPrincipal</code> from less
secure contexts
* CVE-2023-23605 (bmo#1764921, bmo#1802690, bmo#1806974)
Memory safety bugs fixed in Firefox 109 and Firefox ESR 102.7
* CVE-2023-23606 (bmo#1764974, bmo#1798591, bmo#1799201,
bmo#1800446, bmo#1801248, bmo#1802100, bmo#1803393,
bmo#1804626, bmo#1804971, bmo#1807004)
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=1033
2023-01-18 08:21:07 +01:00
|
|
|
import io
|
|
|
|
import json
|
|
|
|
import logging
|
|
|
|
import os
|
|
|
|
import sys
|
2019-09-04 10:35:37 +02:00
|
|
|
+import time
|
- Mozilla Firefox 109.0
MFSA 2023-01 (bsc#1207119)
* CVE-2023-23597 (bmo#1538028)
Logic bug in process allocation allowed to read arbitrary
files
* CVE-2023-23598 (bmo#1800425)
Arbitrary file read from GTK drag and drop on Linux
* CVE-2023-23599 (bmo#1777800)
Malicious command could be hidden in devtools output on
Windows
* CVE-2023-23600 (bmo#1787034)
Notification permissions persisted between Normal and Private
Browsing on Android
* CVE-2023-23601 (bmo#1794268)
URL being dragged from cross-origin iframe into same tab
triggers navigation
* CVE-2023-23602 (bmo#1800890)
Content Security Policy wasn't being correctly applied to
WebSockets in WebWorkers
* CVE-2023-23603 (bmo#1800832)
Calls to <code>console.log</code> allowed bypasing Content
Security Policy via format directive
* CVE-2023-23604 (bmo#1802346)
Creation of duplicate <code>SystemPrincipal</code> from less
secure contexts
* CVE-2023-23605 (bmo#1764921, bmo#1802690, bmo#1806974)
Memory safety bugs fixed in Firefox 109 and Firefox ESR 102.7
* CVE-2023-23606 (bmo#1764974, bmo#1798591, bmo#1799201,
bmo#1800446, bmo#1801248, bmo#1802100, bmo#1803393,
bmo#1804626, bmo#1804971, bmo#1807004)
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=1033
2023-01-18 08:21:07 +01:00
|
|
|
|
|
|
|
import fluent.syntax.ast as FTL
|
2019-09-04 10:35:37 +02:00
|
|
|
import mozpack.path as mozpath
|
- Mozilla Firefox 109.0
MFSA 2023-01 (bsc#1207119)
* CVE-2023-23597 (bmo#1538028)
Logic bug in process allocation allowed to read arbitrary
files
* CVE-2023-23598 (bmo#1800425)
Arbitrary file read from GTK drag and drop on Linux
* CVE-2023-23599 (bmo#1777800)
Malicious command could be hidden in devtools output on
Windows
* CVE-2023-23600 (bmo#1787034)
Notification permissions persisted between Normal and Private
Browsing on Android
* CVE-2023-23601 (bmo#1794268)
URL being dragged from cross-origin iframe into same tab
triggers navigation
* CVE-2023-23602 (bmo#1800890)
Content Security Policy wasn't being correctly applied to
WebSockets in WebWorkers
* CVE-2023-23603 (bmo#1800832)
Calls to <code>console.log</code> allowed bypasing Content
Security Policy via format directive
* CVE-2023-23604 (bmo#1802346)
Creation of duplicate <code>SystemPrincipal</code> from less
secure contexts
* CVE-2023-23605 (bmo#1764921, bmo#1802690, bmo#1806974)
Memory safety bugs fixed in Firefox 109 and Firefox ESR 102.7
* CVE-2023-23606 (bmo#1764974, bmo#1798591, bmo#1799201,
bmo#1800446, bmo#1801248, bmo#1802100, bmo#1803393,
bmo#1804626, bmo#1804971, bmo#1807004)
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=1033
2023-01-18 08:21:07 +01:00
|
|
|
import mozversioncontrol
|
|
|
|
import requests
|
|
|
|
from fluent.syntax.parser import FluentParser
|
|
|
|
from mozpack.chrome.manifest import Manifest, ManifestLocale, parse_manifest
|
2023-02-15 22:11:31 +01:00
|
|
|
|
|
|
|
@@ -101,17 +102,17 @@ def get_dt_from_hg(path):
|
2020-03-12 20:14:24 +01:00
|
|
|
# ts == "20170914215617"
|
|
|
|
###
|
|
|
|
def get_timestamp_for_locale(path):
|
|
|
|
dt = None
|
2020-12-16 23:40:17 +01:00
|
|
|
if os.path.isdir(os.path.join(path, ".hg")):
|
2019-09-04 10:35:37 +02:00
|
|
|
dt = get_dt_from_hg(path)
|
|
|
|
|
|
|
|
if dt is None:
|
|
|
|
- dt = datetime.datetime.utcnow()
|
|
|
|
+ dt = datetime.datetime.utcfromtimestamp(int(os.environ.get('SOURCE_DATE_EPOCH', time.time())))
|
|
|
|
|
|
|
|
dt = dt.replace(microsecond=0)
|
|
|
|
return dt.strftime("%Y%m%d%H%M%S")
|
2020-03-12 20:14:24 +01:00
|
|
|
|
|
|
|
|
|
|
|
###
|
- Mozilla Firefox 109.0
MFSA 2023-01 (bsc#1207119)
* CVE-2023-23597 (bmo#1538028)
Logic bug in process allocation allowed to read arbitrary
files
* CVE-2023-23598 (bmo#1800425)
Arbitrary file read from GTK drag and drop on Linux
* CVE-2023-23599 (bmo#1777800)
Malicious command could be hidden in devtools output on
Windows
* CVE-2023-23600 (bmo#1787034)
Notification permissions persisted between Normal and Private
Browsing on Android
* CVE-2023-23601 (bmo#1794268)
URL being dragged from cross-origin iframe into same tab
triggers navigation
* CVE-2023-23602 (bmo#1800890)
Content Security Policy wasn't being correctly applied to
WebSockets in WebWorkers
* CVE-2023-23603 (bmo#1800832)
Calls to <code>console.log</code> allowed bypasing Content
Security Policy via format directive
* CVE-2023-23604 (bmo#1802346)
Creation of duplicate <code>SystemPrincipal</code> from less
secure contexts
* CVE-2023-23605 (bmo#1764921, bmo#1802690, bmo#1806974)
Memory safety bugs fixed in Firefox 109 and Firefox ESR 102.7
* CVE-2023-23606 (bmo#1764974, bmo#1798591, bmo#1799201,
bmo#1800446, bmo#1801248, bmo#1802100, bmo#1803393,
bmo#1804626, bmo#1804971, bmo#1807004)
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=1033
2023-01-18 08:21:07 +01:00
|
|
|
# Parses an FTL file into a key-value pair object.
|
|
|
|
# Does not support attributes, terms, variables, functions or selectors;
|