- Mozilla Firefox 98.0

* Firefox has a new optimized download flow * other changes as documented here https://www.mozilla.org/en-US/firefox/98.0/releasenotes MFSA 2022-10 (bsc#1196900) * CVE-2022-26383 (bmo#1742421) Browser window spoof using fullscreen mode * CVE-2022-26384 (bmo#1744352) iframe allow-scripts sandbox bypass * CVE-2022-26387 (bmo#1752979) Time-of-check time-of-use bug when verifying add-on signatures * CVE-2022-26381 (bmo#1736243) Use-after-free in text reflows * CVE-2022-26382 (bmo#1741888) Autofill Text could be exfiltrated via side-channel attacks * CVE-2022-26385 (bmo#1747526) Use-after-free in thread shutdown * CVE-2022-0843 (bmo#1746523, bmo#1749062, bmo#1749164, bmo#1749214, bmo#1749610, bmo#1750032, bmo#1752100, bmo#1752405, bmo#1753612, bmo#1754508) Memory safety bugs fixed in Firefox 98 - requires NSS 3.75 OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=961
2022-03-09 09:44:23 +00:00 · 2022-03-09 09:44:23 +00:00 · b0ba7186c6
commit b0ba7186c6
parent 5614e0ad85
10 changed files with 60 additions and 40 deletions
--- a/MozillaFirefox.changes
+++ b/MozillaFirefox.changes
@ -1,3 +1,29 @@
+-------------------------------------------------------------------
+Tue Mar  8 10:27:16 UTC 2022 - Wolfgang Rosenauer <wr@rosenauer.org>
+
+- Mozilla Firefox 98.0
+  * Firefox has a new optimized download flow
+  * other changes as documented here
+    https://www.mozilla.org/en-US/firefox/98.0/releasenotes
+  MFSA 2022-10 (bsc#1196900)
+  * CVE-2022-26383 (bmo#1742421)
+    Browser window spoof using fullscreen mode
+  * CVE-2022-26384 (bmo#1744352)
+    iframe allow-scripts sandbox bypass
+  * CVE-2022-26387 (bmo#1752979)
+    Time-of-check time-of-use bug when verifying add-on signatures
+  * CVE-2022-26381 (bmo#1736243)
+    Use-after-free in text reflows
+  * CVE-2022-26382 (bmo#1741888)
+    Autofill Text could be exfiltrated via side-channel attacks
+  * CVE-2022-26385 (bmo#1747526)
+    Use-after-free in thread shutdown
+  * CVE-2022-0843 (bmo#1746523, bmo#1749062, bmo#1749164, bmo#1749214,
+    bmo#1749610, bmo#1750032, bmo#1752100, bmo#1752405, bmo#1753612,
+    bmo#1754508)
+    Memory safety bugs fixed in Firefox 98
+- requires NSS 3.75
+
 -------------------------------------------------------------------
 Fri Feb 18 20:38:22 UTC 2022 - Andreas Stieger <andreas.stieger@gmx.de>

--- a/MozillaFirefox.spec
+++ b/MozillaFirefox.spec
@ -28,9 +28,9 @@
 # orig_suffix b3
 # major 69
 # mainver %major.99
-%define major          97
-%define mainver        %major.0.1
-%define orig_version   97.0.1
+%define major          98
+%define mainver        %major.0
+%define orig_version   98.0
 %define orig_suffix    %{nil}
 %define update_channel release
 %define branding       1
@ -114,7 +114,7 @@ BuildRequires:  libiw-devel
 BuildRequires:  libproxy-devel
 BuildRequires:  makeinfo
 BuildRequires:  mozilla-nspr-devel >= 4.33
-BuildRequires:  mozilla-nss-devel >= 3.74
+BuildRequires:  mozilla-nss-devel >= 3.75
 BuildRequires:  nasm >= 2.14
 BuildRequires:  nodejs >= 10.22.1
 %if 0%{?sle_version} >= 120000 && 0%{?sle_version} < 150000
@ -685,12 +685,6 @@ FIN
 %fdupes %{buildroot}%{progdir}
 %fdupes %{buildroot}%{_datadir}

-%clean
-rm -rf %{buildroot}
-%if %localize
-rm -rf %{_tmppath}/translations.*
-%endif
-
 %post
 # update mime and desktop database
 %mime_database_post
--- a/firefox-97.0.1.source.tar.xz
+++ b/firefox-97.0.1.source.tar.xz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:3f2c87cf28645130777e875ddc9c67e8994c8d5c859f425f3ddced6fecb78d45
-size 476866824
--- a/firefox-97.0.1.source.tar.xz.asc
+++ b/firefox-97.0.1.source.tar.xz.asc
@ -1,16 +0,0 @@
-----BEGIN PGP SIGNATURE-----
-
-iQIzBAABCgAdFiEEQ2D+IQnEl2MYb44h6+QekPbxL20FAmINWcwACgkQ6+QekPbx
-L203Gg/8DP7jFalA6S3lU6dw5KN2+nUaPwITuzTEi66nnynUl/e4/A/tCjPsjKbA
-ZL6he7/yPbQkShImLw4mM1NX9vxCyfzJsMW+bP1Xc/tqSVhGTAEko+tKK6qnwq60
-qO1QLvFues02FERcwdXFKa8Wx9jkJwhTIG2NLGL5uEu55geGydlyDM8P8HYCrabJ
-qcViPkaPMPGWuENm8qOKLxtN/fWSAT9uOcX2ntA+dIJl0ZP8FWMR+Y4krKtVQuyp
-MIOqTGaAqK+MW0r5p7zY40yEQpRA3nJAVBhXy1BF6GDSVIRlyx0GcD4SZ1+tQW7h
-zxXKQ4glFY5oc01BW/z9NLpHldVt8unosi+EZHbapLFAxT2tm7UdwumZ/3rP1rra
-OAV+4vCiAKIiRCF3D2r30HCDk9i4zWQ+jeb4Wtf6nGNEMCIA3qY0VR5a5uod7u+b
-emKGlORxiwPDPyLEptZumvJMjIMN9KWLC86JpDVt5QT6mSBYNyVrMCCq/AYwkIny
-gJAGXybLRKU6r63MPg10eHXU+3IP5ZH3R27gHYv3IOSFC8RQnPPNhpBYSI5n0z0G
-m3Y8/Ie3LjTYx5duLQ8Dy+PF9GW7cE/MRb0RtqkvQebANQ5Eukh+iSXoa+Mf4vLU
-O6wPvncqT18apuxKfqtjOJ88aI8mqAuLXr4+wxK1lVEfHB6jH6M=
-=ekHH
-----END PGP SIGNATURE-----
--- a/firefox-98.0.source.tar.xz
+++ b/firefox-98.0.source.tar.xz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:fd0a4c11d007d9045706667eb0f99f9b7422945188424cb937bfef530cb6f4dd
+size 480141332
--- a/firefox-98.0.source.tar.xz.asc
+++ b/firefox-98.0.source.tar.xz.asc
@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCgAdFiEEQ2D+IQnEl2MYb44h6+QekPbxL20FAmIirQMACgkQ6+QekPbx
+L21y5A//a0zP75A9SFClAWPd347F+DzZoVAr9L0TL8DaN6x9h9j/yvPHKDPhHwlc
+ftHi4+34I4Pq6i+D55aXTQtU6+AkVKfD8x5JUqwTCD+GrmxpaE6WMSFdPDMMmcBA
+PV2ZUjJkGXVTpI/UnhvXBMElmglcVkv1uiivhTWyAwlce+IgBBazLV9nRJEui4iE
+bZ6Bpi+fy7tC216ZRELMkR07CWU3v7B/d+DVKaarPB6PwHJ0EFIlkGLjp1/xmqjI
+EL7xNpI96trlDzZsPZMatJdNJeiAeCnsi3yT4wawJ0MDGczcwFp5ZTs4mPgNvbnc
+JzaWaPURzBskTIB/krSw/iMf76efda8RH0s2uzYPydVF1UV8mki6fxA+uzIEHAky
+xnDD4sMVeBU582kDlmGK3MuLCxScXOXxTecBBrPlzd/ZZ7djJXgUeNZpWpW+GXs7
+jHEMHTHZr0mIiZyyTXu0pHp9oI4xAPDwN/EARdjaCD9DZtsRZOErdqK4OzV0IBtV
+Q3Uj6GW5L9DuNTEbnKSW8Sm6rj9crsLhYYUly4yx8mZZM3HpyK4P6ArO6OyjQtqj
+XAu571pZ9CiVtE8XUZn5S8N78c1WVAdbPkmw7U3jXtp3hqHqoqkE2CFK5sOPc5aD
+lBa+K51TpCmBUoTmmUp8PL9ZlR3x4jL36onn4wZ97LntaPGfo8Q=
+=67il
+-----END PGP SIGNATURE-----
--- a/l10n-97.0.1.tar.xz
+++ b/l10n-97.0.1.tar.xz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:4f25795ef08179f70f67ceed07a66535e8d48ca586f3bbc32fc06799f9a96c20
-size 49611916
--- a/l10n-98.0.tar.xz
+++ b/l10n-98.0.tar.xz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:00d26e0a3bd24efc94be9abf574c0f2669b90d7f164111eee8dbac3290dea778
+size 49698184
--- a/mozilla-silence-no-return-type.patch
+++ b/mozilla-silence-no-return-type.patch
@ -1,10 +1,10 @@
 # HG changeset patch
-# Parent  216843712d6d6cd9d5bd519f6ef564d00406b43f
+# Parent  1191efd2ea64c4081a1825176a50e872a525d4da

 diff --git a/Cargo.lock b/Cargo.lock
 --- a/Cargo.lock
 +++ b/Cargo.lock
-@@ -2165,18 +2165,16 @@ name = "glsl-to-cxx"
+@@ -2196,18 +2196,16 @@ name = "glsl-to-cxx"
 version = "0.1.0"
 dependencies = [
  "glsl",
@ -26,8 +26,8 @@ diff --git a/Cargo.lock b/Cargo.lock
 diff --git a/Cargo.toml b/Cargo.toml
 --- a/Cargo.toml
 +++ b/Cargo.toml
-@@ -102,13 +102,13 @@ moz_asserts = { path = "mozglue/static/r
- # Other overrides
+@@ -106,13 +106,13 @@ moz_asserts = { path = "mozglue/static/r
+ async-task = { git = "https://github.com/smol-rs/async-task", rev="f6488e35beccb26eb6e85847b02aa78a42cd3d0e" }
 chardetng = { git = "https://github.com/hsivonen/chardetng", rev="3484d3e3ebdc8931493aa5df4d7ee9360a90e76b" }
 chardetng_c = { git = "https://github.com/hsivonen/chardetng_c", rev="ed8a4c6f900a90d4dbc1d64b856e61490a1c3570" }
 coremidi = { git = "https://github.com/chris-zen/coremidi.git", rev="fc68464b5445caf111e41f643a2e69ccce0b4f83" }
--- a/8
+++ b/8
@ -1,10 +1,10 @@
 PRODUCT="firefox"
 CHANNEL="release"
-VERSION="97.0.1"
+VERSION="98.0"
 VERSION_SUFFIX=""
-PREV_VERSION="97.0"
+PREV_VERSION="97.0.1"
 PREV_VERSION_SUFFIX=""
 #SKIP_LOCALES="" # Uncomment to skip l10n and compare-locales-generation
 RELEASE_REPO="https://hg.mozilla.org/releases/mozilla-release"
-RELEASE_TAG="0f0ba6e8029d8148743c4aa50c2be4c4c643f8a4"
-RELEASE_TIMESTAMP="20220216172458"
+RELEASE_TAG="829802cfd689497a5e8fd978bbb3099245bd131c"
+RELEASE_TIMESTAMP="20220304153049"