From 1ec6880184ba7ac70798bafff87a14ce4bab8adb0096063dc33fabde48e9cc0f Mon Sep 17 00:00:00 2001 From: Wolfgang Rosenauer Date: Tue, 31 May 2022 21:18:50 +0000 Subject: [PATCH] - Mozilla Firefox 101.0 * Reading is now easier with the prefers-contrast media query, which allows sites to detect if the user has requested that web content is presented with a higher (or lower) contrast * All non-configured MIME types can now be assigned a custom action upon download completion * allows users to use as many microphones as you want, at the same time, during video conferencing. The most exciting benefit is that you can easily switch your microphones at any time (if your conferencing service provider enables this flexibility) MFSA 2022-20 (bsc#1200027) * CVE-2022-31736 (bmo#1735923) Cross-Origin resource's length leaked * CVE-2022-31737 (bmo#1743767) Heap buffer overflow in WebGL * CVE-2022-31738 (bmo#1756388) Browser window spoof using fullscreen mode * CVE-2022-31739 (bmo#1765049) Attacker-influenced path traversal when saving downloaded files * CVE-2022-31740 (bmo#1766806) Register allocation problem in WASM on arm64 * CVE-2022-31741 (bmo#1767590) Uninitialized variable leads to invalid memory read * CVE-2022-31742 (bmo#1730434) Querying a WebAuthn token with a large number of allowCredential entries may have leaked cross-origin information * CVE-2022-31743 (bmo#1747388) HTML Parsing incorrectly ended HTML comments prematurely * CVE-2022-31744 (bmo#1757604) CSP bypass enabling stylesheet injection OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=979 --- MozillaFirefox.changes | 49 +++++++++++++++++ MozillaFirefox.spec | 12 ++--- firefox-100.0.2.source.tar.xz | 3 -- firefox-100.0.2.source.tar.xz.asc | 16 ------ firefox-101.0.source.tar.xz | 3 ++ firefox-101.0.source.tar.xz.asc | 16 ++++++ l10n-100.0.2.tar.xz | 3 -- l10n-101.0.tar.xz | 3 ++ mozilla-kde.patch | 80 +++++++++------------------- mozilla-silence-no-return-type.patch | 13 +++-- tar_stamps | 8 +-- 11 files changed, 113 insertions(+), 93 deletions(-) delete mode 100644 firefox-100.0.2.source.tar.xz delete mode 100644 firefox-100.0.2.source.tar.xz.asc create mode 100644 firefox-101.0.source.tar.xz create mode 100644 firefox-101.0.source.tar.xz.asc delete mode 100644 l10n-100.0.2.tar.xz create mode 100644 l10n-101.0.tar.xz diff --git a/MozillaFirefox.changes b/MozillaFirefox.changes index 96bb7aba..8879ab89 100644 --- a/MozillaFirefox.changes +++ b/MozillaFirefox.changes @@ -1,3 +1,52 @@ +------------------------------------------------------------------- +Sun May 29 08:02:45 UTC 2022 - Wolfgang Rosenauer + +- Mozilla Firefox 101.0 + * Reading is now easier with the prefers-contrast media query, + which allows sites to detect if the user has requested that web + content is presented with a higher (or lower) contrast + * All non-configured MIME types can now be assigned a custom + action upon download completion + * allows users to use as many microphones as you want, at the + same time, during video conferencing. The most exciting benefit + is that you can easily switch your microphones at any time + (if your conferencing service provider enables this flexibility) + MFSA 2022-20 (bsc#1200027) + * CVE-2022-31736 (bmo#1735923) + Cross-Origin resource's length leaked + * CVE-2022-31737 (bmo#1743767) + Heap buffer overflow in WebGL + * CVE-2022-31738 (bmo#1756388) + Browser window spoof using fullscreen mode + * CVE-2022-31739 (bmo#1765049) + Attacker-influenced path traversal when saving downloaded files + * CVE-2022-31740 (bmo#1766806) + Register allocation problem in WASM on arm64 + * CVE-2022-31741 (bmo#1767590) + Uninitialized variable leads to invalid memory read + * CVE-2022-31742 (bmo#1730434) + Querying a WebAuthn token with a large number of allowCredential + entries may have leaked cross-origin information + * CVE-2022-31743 (bmo#1747388) + HTML Parsing incorrectly ended HTML comments prematurely + * CVE-2022-31744 (bmo#1757604) + CSP bypass enabling stylesheet injection + * CVE-2022-31745 (bmo#1760944) + Incorrect Assertion caused by unoptimized array shift operations + * CVE-2022-1919 (bmo#1761275) + Memory Corruption when manipulating webp images + * CVE-2022-31747 (bmo#1760765, bmo#1765610, bmo#1766283, + bmo#1767365, bmo#1768559, bmo#1768734) + Memory safety bugs fixed in Firefox 101 and Firefox ESR 91.10 + * CVE-2022-31748 (bmo#1713773, bmo#1762201, bmo#1762469, + bmo#1762770, bmo#1764878, bmo#1765226, bmo#1765782, bmo#1765973, + bmo#1767177, bmo#1767181, bmo#1768232, bmo#1768251, bmo#1769869) + Memory safety bugs fixed in Firefox 101 +- requires + * NSS 3.78.1 + * rust-cbindgen 0.23.0 + * rust 1.59 + ------------------------------------------------------------------- Fri May 20 15:03:50 UTC 2022 - Wolfgang Rosenauer diff --git a/MozillaFirefox.spec b/MozillaFirefox.spec index 1d328345..b5e81ee0 100644 --- a/MozillaFirefox.spec +++ b/MozillaFirefox.spec @@ -28,9 +28,9 @@ # orig_suffix b3 # major 69 # mainver %major.99 -%define major 100 -%define mainver %major.0.2 -%define orig_version 100.0.2 +%define major 101 +%define mainver %major.0 +%define orig_version 101.0 %define orig_suffix %{nil} %define update_channel release %define branding 1 @@ -103,7 +103,7 @@ BuildRequires: rust >= 1.57 # Newer sle/leap/tw use parallel versioned rust releases which have # a different method for provides that we can use to request a # specific version -BuildRequires: rust+cargo >= 1.57 +BuildRequires: rust+cargo >= 1.59 %endif %if 0%{useccache} != 0 BuildRequires: ccache @@ -114,7 +114,7 @@ BuildRequires: libiw-devel BuildRequires: libproxy-devel BuildRequires: makeinfo BuildRequires: mozilla-nspr-devel >= 4.33 -BuildRequires: mozilla-nss-devel >= 3.77 +BuildRequires: mozilla-nss-devel >= 3.78.1 BuildRequires: nasm >= 2.14 BuildRequires: nodejs >= 10.22.1 %if 0%{?sle_version} >= 120000 && 0%{?sle_version} < 150000 @@ -124,7 +124,7 @@ BuildRequires: python36 BuildRequires: python3 >= 3.5 BuildRequires: python3-devel %endif -BuildRequires: rust-cbindgen >= 0.19.0 +BuildRequires: rust-cbindgen >= 0.23.0 BuildRequires: unzip BuildRequires: update-desktop-files BuildRequires: xorg-x11-libXt-devel diff --git a/firefox-100.0.2.source.tar.xz b/firefox-100.0.2.source.tar.xz deleted file mode 100644 index 943efc79..00000000 --- a/firefox-100.0.2.source.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:dc109861204f6938fd8f147af89a694eb516f3d4bb64ce3f0116452d654a8417 -size 482708576 diff --git a/firefox-100.0.2.source.tar.xz.asc b/firefox-100.0.2.source.tar.xz.asc deleted file mode 100644 index 9873bb68..00000000 --- a/firefox-100.0.2.source.tar.xz.asc +++ /dev/null @@ -1,16 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQIzBAABCgAdFiEEQ2D+IQnEl2MYb44h6+QekPbxL20FAmKG9vEACgkQ6+QekPbx -L23hBA//QKUM6apNd2eej4pXUdWxjHbVCqGsmK5hoBLpHj11n3b9YpYHNJaOMmRj -uqK0anPUCEcTz7kT7liEjXAyGhzbdCjk2IzZ5RF214zcKgHElgp0zKzvvuVnkpfF -ZA90JC2db2I6h/qFKQriohKCkPYKK32hKRj+t0cXq6yZMpaHKOjnvmBfFkLNm0y6 -YjIBHWGNrPyD7r+Z66UZE1N9catNwJYCFbHQfr0BSCcjNbSRyZMo8Spx2ObdbArL -syPC408MRIGhgTHA/62u/8Z6YprQXCqg6fb9zJ+Ol6ZvFVdCkeLFQxKgAAa1lydK -M1FOJ4PWe5+1bkih5C5McdWYGQkjpePjUIk0q/NGQj08zkfLbBBChtvrgC++WLjq -7+fmILFSwyyemjH7WnG6u16gKNpW44tYfaYp0WWTghonmEAKAcj43Es3u1BIjpa2 -dtKx8R3PrOYtlnxirRyP0Si8hXAluMlf3YG8VIftDGZeAvfs3Mt5wYey3vWL5fFk -d3U9WvjAaNPwsEmlwmhC0cv7/QwbxhDxI9nDIAeTohaWLyEktaLQ0HifKJEC0yZx -PJTF6iDqE/P6cQBLAEU29O5KgfHyfee6S9iTER1nyEFM7Rwpd4B64Z1NhQGMK+d5 -uALQVPVybsBLI/pBat+FIy+6E5cZ6hBoJljr3aRRuCfjUTF7P24= -=i3w3 ------END PGP SIGNATURE----- diff --git a/firefox-101.0.source.tar.xz b/firefox-101.0.source.tar.xz new file mode 100644 index 00000000..c1691890 --- /dev/null +++ b/firefox-101.0.source.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:55ab5b517d58bbcbc837640263a8371cf1fba3d9f508e54537c4d2cbbfb86095 +size 490975228 diff --git a/firefox-101.0.source.tar.xz.asc b/firefox-101.0.source.tar.xz.asc new file mode 100644 index 00000000..eb0264dd --- /dev/null +++ b/firefox-101.0.source.tar.xz.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCgAdFiEEQ2D+IQnEl2MYb44h6+QekPbxL20FAmKQC4IACgkQ6+QekPbx +L23CXQ//UoQerap0tAeT7sVMGPih6knlnS5vPnqAHFIihgVIMagqmg60BMiTp+y4 +z4Ax8btlnBiS/nH3QoQtVfWwqjXdmE9MRlKkFKUhsoFDrDZwLHv9eda6TtZnHpxR +TJAGGOGGLX6DQePOikzGDX9qcmstspxgpbNRuWD7tMRVlT9+L6JfK9zdmItl514b +WORhj/zBTqVmDEV38Yp8Zf0JuiUX0WOng7Bf0A5ITSuJjMy7H0s0M2NtxcmaSuDE +g1ZZimCvXVt9BXwVPXgkZNyI5fUXY0INa0xqEd8MQxLjnxCEnoXD/Tgeg80kGPDx +kXTEpS3Nt9oAloXW7V8Zdna3LOx54gigzr3HclJw5G/+nFXedMYFSXFAmZeZxCg0 +hhWCk5yKl+88ZVFR4rY0HAm/wz7lmr7F3MnvbrV1DDSNijy4Nnxq/u3kPLeAv+R6 +6UyIKaUZr9ZXxxj9IWKhEoyhuN/jPoNnk8f89erQYzBQWCHprMI81kjwEq1gcNKj +GO/aL7/+xEWlNI/CUxh7sOXlXMraGfTW0Lk4lI2KwU0fA4INQKJWFvfL6uD/0tl7 +Kj3rlJLJxiEn0AzKminVSLeL6bFaYKxySOEiNzU2ckB96jGwgjikWiEKEENPjNFQ +OO9TTNurjWXZGtvVnCAm0SFs9wikYVPSWMLUIKPiDj0x4TB9bSQ= +=lp45 +-----END PGP SIGNATURE----- diff --git a/l10n-100.0.2.tar.xz b/l10n-100.0.2.tar.xz deleted file mode 100644 index 7ac12a13..00000000 --- a/l10n-100.0.2.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:131c6ea39bf44e0d55d176151b8f002d0394a7bc50568ddb197d238abeed4f70 -size 49952564 diff --git a/l10n-101.0.tar.xz b/l10n-101.0.tar.xz new file mode 100644 index 00000000..31b8a58f --- /dev/null +++ b/l10n-101.0.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:afcc91cfc8920c3343deabf634d83d5d6e1517f8b3f659941959b9dbfdd84da2 +size 48915416 diff --git a/mozilla-kde.patch b/mozilla-kde.patch index a7014ee6..4b4a25b6 100644 --- a/mozilla-kde.patch +++ b/mozilla-kde.patch @@ -3,7 +3,7 @@ # Date 1559294891 -7200 # Fri May 31 11:28:11 2019 +0200 # Node ID c2aa7198fb925e7fde96abf65b6f68b9b755f112 -# Parent 8d1110b6918acc4e7d3f655d1e55f4b4ff630abe +# Parent eeedc49c16aba3b50d1547315a88091a1c765904 Description: Add KDE integration to Firefox (toolkit parts) Author: Wolfgang Rosenauer Author: Lubos Lunak @@ -13,12 +13,12 @@ Bug: https://bugzilla.mozilla.org/show_bug.cgi?id=140751 diff --git a/modules/libpref/Preferences.cpp b/modules/libpref/Preferences.cpp --- a/modules/libpref/Preferences.cpp +++ b/modules/libpref/Preferences.cpp -@@ -84,16 +84,17 @@ - #include "plbase64.h" +@@ -88,16 +88,17 @@ #include "PLDHashTable.h" #include "plstr.h" #include "prlink.h" #include "xpcpublic.h" + #include "js/RootingAPI.h" #ifdef MOZ_BACKGROUNDTASKS # include "mozilla/BackgroundTasks.h" #endif @@ -31,7 +31,7 @@ diff --git a/modules/libpref/Preferences.cpp b/modules/libpref/Preferences.cpp #ifdef MOZ_MEMORY # include "mozmemory.h" #endif -@@ -4634,16 +4635,27 @@ nsresult Preferences::InitInitialObjects +@@ -4767,16 +4768,27 @@ nsresult Preferences::InitInitialObjects "unix.js" # if defined(_AIX) , @@ -59,7 +59,7 @@ diff --git a/modules/libpref/Preferences.cpp b/modules/libpref/Preferences.cpp // Load jar:$app/omni.jar!/defaults/preferences/*.js // or jar:$gre/omni.jar!/defaults/preferences/*.js. -@@ -4708,17 +4720,17 @@ nsresult Preferences::InitInitialObjects +@@ -4841,17 +4853,17 @@ nsresult Preferences::InitInitialObjects } nsCOMPtr path = do_QueryInterface(elem); @@ -81,7 +81,7 @@ diff --git a/modules/libpref/Preferences.cpp b/modules/libpref/Preferences.cpp diff --git a/modules/libpref/moz.build b/modules/libpref/moz.build --- a/modules/libpref/moz.build +++ b/modules/libpref/moz.build -@@ -118,16 +118,20 @@ EXPORTS.mozilla += [ +@@ -120,16 +120,20 @@ EXPORTS.mozilla += [ ] EXPORTS.mozilla += sorted(["!" + g for g in gen_h]) @@ -828,7 +828,7 @@ diff --git a/uriloader/exthandler/moz.build b/uriloader/exthandler/moz.build ] elif CONFIG["MOZ_WIDGET_TOOLKIT"] == "windows": UNIFIED_SOURCES += [ -@@ -126,16 +128,17 @@ include("/ipc/chromium/chromium-config.m +@@ -130,16 +132,17 @@ include("/ipc/chromium/chromium-config.m FINAL_LIBRARY = "xul" LOCAL_INCLUDES += [ @@ -1263,7 +1263,7 @@ diff --git a/uriloader/exthandler/unix/nsOSHelperAppService.cpp b/uriloader/exth diff --git a/widget/gtk/moz.build b/widget/gtk/moz.build --- a/widget/gtk/moz.build +++ b/widget/gtk/moz.build -@@ -136,16 +136,17 @@ FINAL_LIBRARY = "xul" +@@ -154,16 +154,17 @@ FINAL_LIBRARY = "xul" LOCAL_INCLUDES += [ "/layout/base", @@ -1277,7 +1277,7 @@ diff --git a/widget/gtk/moz.build b/widget/gtk/moz.build "/widget/headless", ] - if CONFIG["MOZ_X11"]: + if CONFIG["MOZ_X11"] or CONFIG["MOZ_WAYLAND"]: LOCAL_INCLUDES += [ "/widget/x11", ] @@ -1825,7 +1825,7 @@ diff --git a/xpcom/io/nsLocalFileUnix.cpp b/xpcom/io/nsLocalFileUnix.cpp # include "prmem.h" # include "plbase64.h" -@@ -2071,62 +2072,77 @@ nsLocalFile::SetPersistentDescriptor(con +@@ -2071,20 +2072,29 @@ nsLocalFile::SetPersistentDescriptor(con NS_IMETHODIMP nsLocalFile::Reveal() { @@ -1834,47 +1834,10 @@ diff --git a/xpcom/io/nsLocalFileUnix.cpp b/xpcom/io/nsLocalFileUnix.cpp } #ifdef MOZ_WIDGET_GTK -- nsCOMPtr giovfs = do_GetService(NS_GIOSERVICE_CONTRACTID); -- if (!giovfs) { -- return NS_ERROR_FAILURE; -- } + nsAutoCString url; - - bool isDirectory; - if (NS_FAILED(IsDirectory(&isDirectory))) { - return NS_ERROR_FAILURE; - } - -+ nsCOMPtr giovfs = do_GetService(NS_GIOSERVICE_CONTRACTID); - if (isDirectory) { -- return giovfs->ShowURIForInput(mPath); -+ url = mPath; - } - if (NS_SUCCEEDED(giovfs->OrgFreedesktopFileManager1ShowItems(mPath))) { - return NS_OK; - } - nsCOMPtr parentDir; - nsAutoCString dirPath; - if (NS_FAILED(GetParent(getter_AddRefs(parentDir)))) { - return NS_ERROR_FAILURE; - } - if (NS_FAILED(parentDir->GetNativePath(dirPath))) { - return NS_ERROR_FAILURE; - } - -- return giovfs->ShowURIForInput(dirPath); -+ url = dirPath; - #elif defined(MOZ_WIDGET_COCOA) - CFURLRef url; - if (NS_SUCCEEDED(GetCFURL(&url))) { - nsresult rv = CocoaFileUtils::RevealFileInFinder(url); - ::CFRelease(url); - return rv; - } - return NS_ERROR_FAILURE; - #else - return NS_ERROR_FAILURE; - #endif + nsCOMPtr giovfs = do_GetService(NS_GIOSERVICE_CONTRACTID); +- if (!giovfs) { ++ url = mPath; + if(nsKDEUtils::kdeSupport()) { + nsTArray command; + command.AppendElement( "REVEAL"_ns ); @@ -1883,10 +1846,18 @@ diff --git a/xpcom/io/nsLocalFileUnix.cpp b/xpcom/io/nsLocalFileUnix.cpp + } + + if (!giovfs) -+ return NS_ERROR_FAILURE; + return NS_ERROR_FAILURE; +- } + -+ return giovfs->ShowURIForInput(url); - } + return giovfs->RevealFile(this); + #elif defined(MOZ_WIDGET_COCOA) + CFURLRef url; + if (NS_SUCCEEDED(GetCFURL(&url))) { + nsresult rv = CocoaFileUtils::RevealFileInFinder(url); + ::CFRelease(url); + return rv; + } +@@ -2096,16 +2106,23 @@ nsLocalFile::Reveal() { NS_IMETHODIMP nsLocalFile::Launch() { @@ -1901,11 +1872,12 @@ diff --git a/xpcom/io/nsLocalFileUnix.cpp b/xpcom/io/nsLocalFileUnix.cpp + command.AppendElement( mPath ); + return nsKDEUtils::command( command ) ? NS_OK : NS_ERROR_FAILURE; + } ++ nsCOMPtr giovfs = do_GetService(NS_GIOSERVICE_CONTRACTID); if (!giovfs) { return NS_ERROR_FAILURE; } - return giovfs->ShowURIForInput(mPath); + return giovfs->LaunchFile(mPath); #elif defined(MOZ_WIDGET_ANDROID) // Not supported on GeckoView diff --git a/mozilla-silence-no-return-type.patch b/mozilla-silence-no-return-type.patch index 2c4ae1c8..817f73a6 100644 --- a/mozilla-silence-no-return-type.patch +++ b/mozilla-silence-no-return-type.patch @@ -1,10 +1,10 @@ # HG changeset patch -# Parent 1191efd2ea64c4081a1825176a50e872a525d4da +# Parent 6d59717f59a1c0dc50140e750d665c7e98de3e66 diff --git a/Cargo.lock b/Cargo.lock --- a/Cargo.lock +++ b/Cargo.lock -@@ -2196,18 +2196,16 @@ name = "glsl-to-cxx" +@@ -2207,18 +2207,16 @@ name = "glsl-to-cxx" version = "0.1.0" dependencies = [ "glsl", @@ -26,16 +26,15 @@ diff --git a/Cargo.lock b/Cargo.lock diff --git a/Cargo.toml b/Cargo.toml --- a/Cargo.toml +++ b/Cargo.toml -@@ -106,13 +106,13 @@ moz_asserts = { path = "mozglue/static/r - async-task = { git = "https://github.com/smol-rs/async-task", rev="f6488e35beccb26eb6e85847b02aa78a42cd3d0e" } - chardetng = { git = "https://github.com/hsivonen/chardetng", rev="3484d3e3ebdc8931493aa5df4d7ee9360a90e76b" } +@@ -109,12 +109,13 @@ chardetng = { git = "https://github.com/ chardetng_c = { git = "https://github.com/hsivonen/chardetng_c", rev="ed8a4c6f900a90d4dbc1d64b856e61490a1c3570" } coremidi = { git = "https://github.com/chris-zen/coremidi.git", rev="fc68464b5445caf111e41f643a2e69ccce0b4f83" } + fog = { path = "toolkit/components/glean/api" } libudev-sys = { path = "dom/webauthn/libudev-sys" } - packed_simd = { git = "https://github.com/hsivonen/packed_simd", rev="8b4bd7d8229660a749dbe419a57ea01df9de5453" } + packed_simd = { package = "packed_simd_2", git = "https://github.com/hsivonen/packed_simd", rev="c149d0a519bf878567c7630096737669ec2ff15f" } midir = { git = "https://github.com/mozilla/midir.git", rev = "4c11f0ffb5d6a10de4aff40a7b81218b33b94e6f" } minidump_writer_linux = { git = "https://github.com/msirringhaus/minidump_writer_linux.git", rev = "029ac0d54b237f27dc7d8d4e51bc0fb076e5e852" } -- + +glslopt = { path = "third_party/rust/glslopt/" } # Patch mio 0.6 to use winapi 0.3 and miow 0.3, getting rid of winapi 0.2. # There is not going to be new version of mio 0.6, mio now being >= 0.7.11. diff --git a/tar_stamps b/tar_stamps index ef3ad691..cf1df989 100644 --- a/tar_stamps +++ b/tar_stamps @@ -1,10 +1,10 @@ PRODUCT="firefox" CHANNEL="release" -VERSION="100.0.2" +VERSION="101.0" VERSION_SUFFIX="" -PREV_VERSION="100.0.1" +PREV_VERSION="100.0.2" PREV_VERSION_SUFFIX="" #SKIP_LOCALES="" # Uncomment to skip l10n and compare-locales-generation RELEASE_REPO="https://hg.mozilla.org/releases/mozilla-release" -RELEASE_TAG="7ce9f0fe6cb4c4a2eb518c0add727a60d5672542" -RELEASE_TIMESTAMP="20220519220738" +RELEASE_TAG="bd46064a613aac667555769b4c804a3d757cb7c5" +RELEASE_TIMESTAMP="20220526203855"