From 13e2ddea0fd2a4cd5864385180c7ddade9c65c1311b13e6fceb99970dc569219 Mon Sep 17 00:00:00 2001
From: Wolfgang Rosenauer <wolfgang@rosenauer.org>
Date: Fri, 3 Jul 2020 06:52:59 +0000
Subject: [PATCH] - Mozilla Firefox 78.0.1   * Fixed an issue which could cause
 installed search engines to not     be visible when upgrading from a previous
 release. - enable MOZ_USE_XINPUT2 for TW (boo#1173320)   * Protections
 Dashboard (about:protections)   * WebRTC not interrupted by screensaver
 anymore   * disabled TLS 1.0 and 1.1 by default   MFSA 2020-24 (bsc#1173576) 
  * CVE-2020-12415 (bmo#1586630)     AppCache manifest poisoning due to url
 encoded character processing   * CVE-2020-12416 (bmo#1639734)    
 Use-after-free in WebRTC VideoBroadcaster   * CVE-2020-12417 (bmo#1640737)   
  Memory corruption due to missing sign-extension for ValueTags     on ARM64  
 * CVE-2020-12418 (bmo#1641303)     Information disclosure due to manipulated
 URL object   * CVE-2020-12419 (bmo#1643874)     Use-after-free in
 nsGlobalWindowInner   * CVE-2020-12420 (bmo#1643437)     Use-After-Free when
 trying to connect to a STUN server   * CVE-2020-12402 (bmo#1631597)     RSA
 Key Generation vulnerable to side-channel attack   * CVE-2020-12421
 (bmo#1308251)     Add-On updates did not respect the same certificate trust  
   rules as software updates   * CVE-2020-12422 (bmo#1450353)     Integer
 overflow in nsJPEGEncoder::emptyOutputBuffer   * CVE-2020-12423 (bmo#1642400)
     DLL Hijacking due to searching %PATH% for a library

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=835
---
 MozillaFirefox.changes                 | 41 ++++++++++++++++++++++++++
 MozillaFirefox.spec                    |  4 +--
 firefox-78.0.1.source.tar.xz           |  3 ++
 firefox-78.0.1.source.tar.xz.asc       | 16 ++++++++++
 firefox-78.0.source.tar.xz             |  3 --
 firefox-78.0.source.tar.xz.asc         | 16 ----------
 l10n-78.0.tar.xz => l10n-78.0.1.tar.xz |  0
 mozilla.sh.in                          |  8 +++--
 tar_stamps                             |  4 +--
 9 files changed, 69 insertions(+), 26 deletions(-)
 create mode 100644 firefox-78.0.1.source.tar.xz
 create mode 100644 firefox-78.0.1.source.tar.xz.asc
 delete mode 100644 firefox-78.0.source.tar.xz
 delete mode 100644 firefox-78.0.source.tar.xz.asc
 rename l10n-78.0.tar.xz => l10n-78.0.1.tar.xz (100%)

diff --git a/MozillaFirefox.changes b/MozillaFirefox.changes
index aac456b1..eea600c6 100644
--- a/MozillaFirefox.changes
+++ b/MozillaFirefox.changes
@@ -1,9 +1,50 @@
+-------------------------------------------------------------------
+Wed Jul  1 07:15:02 UTC 2020 - Wolfgang Rosenauer <wr@rosenauer.org>
+
+- Mozilla Firefox 78.0.1
+  * Fixed an issue which could cause installed search engines to not
+    be visible when upgrading from a previous release.
+- enable MOZ_USE_XINPUT2 for TW (boo#1173320)
+
 -------------------------------------------------------------------
 Sun Jun 28 07:17:13 UTC 2020 - Wolfgang Rosenauer <wr@rosenauer.org>
 
 - Mozilla Firefox 78.0
   * startup notifications now using Gtk instead of libnotify
   * PDF downloads now show an option to open the PDF directly in Firefox
+  * Protections Dashboard (about:protections)
+  * WebRTC not interrupted by screensaver anymore
+  * disabled TLS 1.0 and 1.1 by default
+  MFSA 2020-24 (bsc#1173576)
+  * CVE-2020-12415 (bmo#1586630)
+    AppCache manifest poisoning due to url encoded character processing
+  * CVE-2020-12416 (bmo#1639734)
+    Use-after-free in WebRTC VideoBroadcaster
+  * CVE-2020-12417 (bmo#1640737)
+    Memory corruption due to missing sign-extension for ValueTags
+    on ARM64
+  * CVE-2020-12418 (bmo#1641303)
+    Information disclosure due to manipulated URL object
+  * CVE-2020-12419 (bmo#1643874)
+    Use-after-free in nsGlobalWindowInner
+  * CVE-2020-12420 (bmo#1643437)
+    Use-After-Free when trying to connect to a STUN server
+  * CVE-2020-12402 (bmo#1631597)
+    RSA Key Generation vulnerable to side-channel attack
+  * CVE-2020-12421 (bmo#1308251)
+    Add-On updates did not respect the same certificate trust
+    rules as software updates
+  * CVE-2020-12422 (bmo#1450353)
+    Integer overflow in nsJPEGEncoder::emptyOutputBuffer
+  * CVE-2020-12423 (bmo#1642400)
+    DLL Hijacking due to searching %PATH% for a library
+  * CVE-2020-12424 (bmo#1562600)
+    WebRTC permission prompt could have been bypassed by a
+    compromised content process
+  * CVE-2020-12425 (bmo#1634738)
+    Out of bound read in Date.parse()
+  * CVE-2020-12426 (bmo#1608068, bmo#1609951, bmo#1631187, bmo#1637682)
+    Memory safety bugs fixed in Firefox 78
 - requires
   * NSS >= 3.53.1
   * nodejs >= 10.21
diff --git a/MozillaFirefox.spec b/MozillaFirefox.spec
index 450af97b..b68030b7 100644
--- a/MozillaFirefox.spec
+++ b/MozillaFirefox.spec
@@ -26,8 +26,8 @@
 # major 69
 # mainver %major.99
 %define major          78
-%define mainver        %major.0
-%define orig_version   78.0
+%define mainver        %major.0.1
+%define orig_version   78.0.1
 %define orig_suffix    %{nil}
 %define update_channel release
 %define branding       1
diff --git a/firefox-78.0.1.source.tar.xz b/firefox-78.0.1.source.tar.xz
new file mode 100644
index 00000000..b21d9c32
--- /dev/null
+++ b/firefox-78.0.1.source.tar.xz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:494d277b120028e036e2aee3f658d79afc895457dc6aadb1c02f0547ef1d66ca
+size 334523644
diff --git a/firefox-78.0.1.source.tar.xz.asc b/firefox-78.0.1.source.tar.xz.asc
new file mode 100644
index 00000000..394e6a72
--- /dev/null
+++ b/firefox-78.0.1.source.tar.xz.asc
@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCgAdFiEECXsxMHeuYqAvhNpN8aZmj7t9Vy4FAl772cYACgkQ8aZmj7t9
+Vy4ExxAAlNStxBXW0u1WtdvxDofC3GODPf6XcMdZVJc45JKJy3hLeBXk26NsaXki
+pxE0ySHKEdzdGMYG5U6JDP3XbUpEQcsazjLdeHERvxYsZBvy41sCRkQu+XITSP5z
+HmbvYA1r+H7j2+yPkbSkyjtZONADbRwnnhwCWpo5gRhny3v17EQy6vUFYHANxtDI
+DxRi6Uccko4kV4y8hdw/rdT+IxHJAvtucJFMONUgm1DUdy5QV1BuMAxHru3CW1NK
+7YlODbG/+u6OiTJdoczVjSxmLPlH4f02pAcWsijXDBeVSVwUI4ATckbPVIY/HL/U
+Z6n4c8jXeN/pkdEr4+jUENCqKP3JDq6bEPsD1c3megnhqtLN4gR1bTp7fS8Cm1gG
+8Nv34x/deg8LADyYMIS8arduYfzKgRt28cduGeqSdtjWQR7SqrQ1OXGP2npEp/wc
+xS+Q9WPh9BNfDuOWw87BdI+UZ/BdX2PTTTvdXlMCTU9wvjs7DGYeMFiSHCVkBoFZ
+c/We+9dHreTA0qiM1K/O2iwdbH0JF4yjfnqTQUqXVjtFQJRk/xtZ6Fd3Ddwhmmtb
+FGRkOjN9Z07NjXsos5dp3Qj7PFOlMwbYDlJ5oQGYZxo6qWKUkJoZSDv1DnWDwUVc
+dP9tJy/RQ+5AeKZVauqOdgVOyTKENEOhtsf0AJ+scnryJSH4mic=
+=vbhv
+-----END PGP SIGNATURE-----
diff --git a/firefox-78.0.source.tar.xz b/firefox-78.0.source.tar.xz
deleted file mode 100644
index 449b091f..00000000
--- a/firefox-78.0.source.tar.xz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:291a593151e476e6c4b61e48a3bdd5a11896fbde6261dcad347d5b7df265a058
-size 333422136
diff --git a/firefox-78.0.source.tar.xz.asc b/firefox-78.0.source.tar.xz.asc
deleted file mode 100644
index 11190f6b..00000000
--- a/firefox-78.0.source.tar.xz.asc
+++ /dev/null
@@ -1,16 +0,0 @@
------BEGIN PGP SIGNATURE-----
-
-iQIzBAABCgAdFiEECXsxMHeuYqAvhNpN8aZmj7t9Vy4FAl706/oACgkQ8aZmj7t9
-Vy7BQQ//e9w8ZTou1TaKhI8Wkd+NwpmqPgqpkqlfZ39/G0TACqEQQnUJh6EmYmxc
-lr3U82ePOoT0pOaH1qOJpoBQUlgODqxkL/RQjrkUnY+MfWvhdQqM3X7OaqOrVYue
-pwpNQ7wWCzirIgzVdHOD8CLw0aqYfJwu8Hbnu4kEadXWEck05YDcGHvpDdpfbQ3Z
-+DmkgIRGUjed1PCZxrB4rwFE4VWzPhKByLGBtfSbI+49AwXXt/TRzCYC8y0sfl1+
-mzLMO7K02xfquWpXwSY+cyDHW1WM76BdTKOCqswD3lsB7MJiA+HZ+h6HfVRGK4ov
-VLh2H1/0RfvjO9VUOtrSRUAevFpmRMuBHwtRNF0Zp2mjunSNeHRHIndWUPSbMp6F
-Ecvm+RNAIUHOtgi+mrzq9NIVIoi4F2KYNOTJQPR/vGGbvDUmnyXm0y5wLt7pAyIv
-d7LBV7BcTmCjmnWQG40QbhLpDyFF/wUoKkxXWySnPBu5V2UD2OzBnlQ+BIZyvSar
-jjGNLlWcwQ9TIZUFqYa3J3JQ23BRHYh4Nr40YDuEGZCJcdAslbFSRUeII0XxVa1k
-YqVHSU/C1Vsumxe/Yh5s2CppZAs+KyZ5YkRlZebBR+7mRd52fuoOSMgNbiSV5aOw
-qEV4RV82Cph/uITGPzxAn3TatGRP/tGdz3b5mi+Bwmveq+9Z1Q8=
-=FBW2
------END PGP SIGNATURE-----
diff --git a/l10n-78.0.tar.xz b/l10n-78.0.1.tar.xz
similarity index 100%
rename from l10n-78.0.tar.xz
rename to l10n-78.0.1.tar.xz
diff --git a/mozilla.sh.in b/mozilla.sh.in
index e433b97f..b3bf186f 100644
--- a/mozilla.sh.in
+++ b/mozilla.sh.in
@@ -87,9 +87,11 @@ if [ "$XDG_SESSION_TYPE" = "wayland" ]; then
   export MOZ_ENABLE_WAYLAND=1
 fi
 
-# enable xinput2 (boo#1032003)
-# breaks too many things right now (boo#1053959)
-#export MOZ_USE_XINPUT2=1
+# xinput2 (boo#1173320)
+source /etc/os-release
+if [ "$ID" = "opensuse-tumbleweed" ]; then
+  export MOZ_USE_XINPUT2=1
+fi
 
 moz_debug=0
 script_args=""
diff --git a/tar_stamps b/tar_stamps
index 2d461ae8..f8a46e96 100644
--- a/tar_stamps
+++ b/tar_stamps
@@ -1,8 +1,8 @@
 PRODUCT="firefox"
 CHANNEL="release"
-VERSION="78.0"
+VERSION="78.0.1"
 VERSION_SUFFIX=""
-PREV_VERSION="78.0b8"
+PREV_VERSION="78.0"
 PREV_VERSION_SUFFIX=""
 #SKIP_LOCALES="" # Uncomment to skip l10n and compare-locales-generation