- Mozilla Firefox 68.3.0esr

MFSA 2019-37
  * CVE-2019-17008 (bmo#1546331)
    Use-after-free in worker destruction
  * CVE-2019-13722 (bmo#1580156)
    Stack corruption due to incorrect number of arguments in WebRTC code
  * CVE-2019-11745 (bmo#1586176)
    Out of bounds write in NSS when encrypting with a block cipher
  * CVE-2019-17009 (bmo#1510494)
    Updater temporary files accessible to unprivileged processes
  * CVE-2019-17010 (bmo#1581084)
    Use-after-free when performing device orientation checks
  * CVE-2019-17005 (bmo#1584170)
    Buffer overflow in plain text serializer
  * CVE-2019-17011 (bmo#1591334)
    Use-after-free when retrieving a document in antitracking
  * CVE-2019-17012 (bmo#1449736, bmo#1533957, bmo#1560667, bmo#1567209,
    bmo#1580288, bmo#1585760, bmo#1592502)
    Memory safety bugs fixed in Firefox 71 and Firefox ESR 68.3
  * Various updates to improve performance and stability
- updated create-tar.sh to cover buildid and origin repo information
  -> removed obsolete source-stamp.txt
- changed locale building procedure
  * removed obsolete compare-locales.tar.xz

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/firefox-esr?expand=0&rev=17

compare-locales.tar.xz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:738b0d2cbce77f9f79edc902826da8184fe82ecfbe6c6136b8bb77132bb965db
-size 28500

create-tar.sh

@@ -14,7 +14,7 @@ VERSION_SUFFIX="esr"
 RELEASE_TAG="" # Needs only to be set if no tar-ball can be downloaded
 PREV_VERSION="60.6.3" # Prev. version only needed for locales (leave empty to force l10n-generation)
 PREV_VERSION_SUFFIX="esr"
-#SKIP_LOCALES="" # Uncomment to skip l10n and compare-locales-generation
+#SKIP_LOCALES="" # Uncomment to skip l10n-generation
 EOF
 
 exit 1
@@ -25,7 +25,8 @@ if [ $# -ne 1 ]; then
 fi
 
 # Sourcing the given tar_stamps-file to have the variables available
-source "$1" || print_usage_and_exit
+TAR_STAMP="$1"
+source "$TAR_STAMP" || print_usage_and_exit
 
 # Internal variables
 BRANCH="releases/mozilla-$CHANNEL"
@@ -37,12 +38,19 @@ fi
 
 SOURCE_TARBALL="$PRODUCT-$VERSION$VERSION_SUFFIX.source.tar.xz"
 FTP_URL="https://ftp.mozilla.org/pub/$PRODUCT/releases/$VERSION$VERSION_SUFFIX/source"
+FTP_CANDIDATES_BASE_URL="https://ftp.mozilla.org/pub/$PRODUCT/candidates"
 # Make first letter of PRODCUT upper case
 PRODUCT_CAP="${PRODUCT^}"
 LOCALES_URL="https://product-details.mozilla.org/1.0/l10n/$PRODUCT_CAP"
+PRODUCT_URL="https://product-details.mozilla.org/1.0/$PRODUCT.json"
 # Exit script on CTRL+C
 trap "exit" INT
 
+function get_ftp_candidates_url() {
+  VERSION_WITH_SUFFIX="$1"
+  echo "$FTP_CANDIDATES_BASE_URL/$VERSION_WITH_SUFFIX-candidates"
+}
+
 function check_tarball_source () {
   TARBALL=$1
   # Print out what is going to be done:
@@ -73,26 +81,64 @@ function check_for_binary() {
   fi
 }
 
-function locales_get() {
+function get_source_stamp() {
-  TMP_VERSION="$1"
+  BUILD_ID="$1"
-  URL_TO_CHECK="${LOCALES_URL}-${TMP_VERSION}"
+  FTP_CANDIDATES_BASE_URL=$(get_ftp_candidates_url $VERSION$VERSION_SUFFIX)
+  FTP_CANDIDATES_JSON_SUFFIX="${BUILD_ID}/linux-x86_64/en-US/$PRODUCT-$VERSION$VERSION_SUFFIX.json"
+  BUILD_JSON=$(curl --silent --fail "$FTP_CANDIDATES_BASE_URL/$FTP_CANDIDATES_JSON_SUFFIX") || return 1;
+  REV=$(echo "$BUILD_JSON" | jq .moz_source_stamp)
+  SOURCE_REPO=$(echo "$BUILD_JSON" | jq .moz_source_repo)
+  TIMESTAMP=$(echo "$BUILD_JSON" | jq .buildid)
+  echo "Extending $TAR_STAMP with:"
+  echo "RELEASE_REPO=${SOURCE_REPO}"
+  echo "RELEASE_TAG=${REV}"
+  echo "RELEASE_TIMESTAMP=${TIMESTAMP}"
+  # We "remove and add" instead of "replace" in case the entries are not there yet
+  # Removing the old RELEASE_-tags
+  sed -i "/RELEASE_\(TAG\|REPO\|TIMESTAMP\)=.*/d" "$TAR_STAMP"
+  # Appending the new 
+  echo "RELEASE_REPO=$SOURCE_REPO" >> "$TAR_STAMP"
+  echo "RELEASE_TAG=$REV" >> "$TAR_STAMP"
+  echo "RELEASE_TIMESTAMP=$TIMESTAMP" >> "$TAR_STAMP"
+}
 
+function get_build_number() {
   LAST_FOUND=""
-  # Unfortunately, locales-files are not associated to releases, but to builds.
+  VERSION_WITH_SUFFIX="$1"
-  # And since we don't know which build was the final build, we go from 9 downwards
+
-  # try to find the latest one that exists (assuming there are no more than 9 builds).
+  BUILD_ID=$(curl --silent "$PRODUCT_URL" | jq -e '.["releases"] | .["'$PRODUCT-$VERSION_WITH_SUFFIX'"] | .["build_number"]')
-  # Error only if not even the first one exists
+
-  for BUILD_ID in $(seq 9 -1 0); do
+  # Slow fall-back
-    FINAL_URL="${URL_TO_CHECK}-build${BUILD_ID}.json"
+  if [ $? -ne 0 ]; then
-    if wget --quiet --spider "$FINAL_URL"; then
+      echo "Build number not found in product URL, falling back to slow FTP-parsing." 1>&2
-      LAST_FOUND="$FINAL_URL"
+      FTP_CANDIDATES_BASE_URL=$(get_ftp_candidates_url $VERSION_WITH_SUFFIX)
-      break
+      # Unfortunately, locales-files are not associated to releases, but to builds.
-    fi
+      # And since we don't know which build was the final build, we grep them all from
-  done
+      # the candidates-page, sort them and take the last one which should be the oldest
+      # Error only if not even the first one exists
+      LAST_FOUND=$(curl --silent --fail "$FTP_CANDIDATES_BASE_URL/" | grep -o "build[0-9]*/" | sort | uniq | tail -n 1 | cut -d "/" -f 1)
+  else
+      LAST_FOUND="build$BUILD_ID"
+  fi
 
   if [ "$LAST_FOUND" != "" ]; then
     echo "$LAST_FOUND"
     return 0
+  else
+    echo "Error: Could not find build-number for Firefox $VERSION_WITH_SUFFIX !"  1>&2
+    return 1
+  fi
+}
+
+
+function locales_get() {
+  TMP_VERSION="$1"
+  BUILD_ID="$2"
+  URL_TO_CHECK="${LOCALES_URL}-${TMP_VERSION}"
+  FINAL_URL="${URL_TO_CHECK}-${BUILD_ID}.json"
+  if wget --quiet --spider "$FINAL_URL"; then
+    echo "$FINAL_URL"
+    return 0
   else
     echo "Error: Could not find locales-file (json) for Firefox $TMP_VERSION !"  1>&2
     return 1
@@ -107,9 +153,11 @@ function locales_parse() {
 }
 
 function locales_unchanged() {
+  BUILD_ID="$1"
+  PREV_BUILD_ID=$(get_build_number "$PREV_VERSION$PREV_VERSION_SUFFIX")
   # If no json-file for one of the versions can be found, we say "they changed"
-  prev_url=$(locales_get "$PREV_VERSION$PREV_VERSION_SUFFIX") || return 1
+  prev_url=$(locales_get "$PREV_VERSION$PREV_VERSION_SUFFIX" "$PREV_BUILD_ID") || return 1
-  curr_url=$(locales_get "$VERSION$VERSION_SUFFIX")      || return 1
+  curr_url=$(locales_get "$VERSION$VERSION_SUFFIX" "$BUILD_ID")           || return 1
 
   prev_content=$(locales_parse "$prev_url") || exit 1
   curr_content=$(locales_parse "$curr_url") || exit 1
@@ -129,11 +177,14 @@ if (($? != 127)); then
   compression='-Ipixz'
 fi
 
+# Get ID 
+BUILD_ID=$(get_build_number "$VERSION$VERSION_SUFFIX")
+
 if [ -z ${SKIP_LOCALES+x} ]; then
   # TODO: Thunderbird has usually "default" as locale entry. 
   # There we probably need to double-check Firefox-locals
   # For now, just download every time for Thunderbird
-  if [ "$PRODUCT" = "firefox" ] && [ "$PREV_VERSION" != "" ] && locales_unchanged; then
+  if [ "$PRODUCT" = "firefox" ] && [ "$PREV_VERSION" != "" ] && locales_unchanged "$BUILD_ID"; then
     printf "%-40s: Did not change. Skipping.\n" "locales"
     LOCALES_CHANGED=0
   else
@@ -167,6 +218,7 @@ if [ -e $SOURCE_TARBALL ]; then
     echo "extract locale changesets"
     tar -xf $SOURCE_TARBALL $LOCALE_FILE
   fi
+  get_source_stamp "$BUILD_ID"
 else
   # We are working on a version that is not yet published on the mozilla mirror
   # so we have to actually check out the repo
@@ -208,10 +260,9 @@ else
   hg update --check $FF_RELEASE_TAG
   [ "$FF_RELEASE_TAG" == "default" ] || hg update -r $FF_RELEASE_TAG
   # get repo and source stamp
-  echo -n "REV=" > ../source-stamp.txt
+  REV=$(hg -R . parent --template="{node|short}\n")
-  hg -R . parent --template="{node|short}\n" >> ../source-stamp.txt
+  SOURCE_REPO=$(hg showconfig paths.default 2>/dev/null | head -n1 | sed -e "s/^ssh:/http:/")
-  echo -n "REPO=" >> ../source-stamp.txt
+  TIMESTAMP=$(date +%Y%m%d%H%M%S)
-  hg showconfig paths.default 2>/dev/null | head -n1 | sed -e "s/^ssh:/http:/" >> ../source-stamp.txt
 
   if [ "$PRODUCT" = "thunderbird" ]; then
     pushd comm || exit 1
@@ -221,6 +272,19 @@ else
   fi
   popd || exit 1
 
+  echo "Extending $TAR_STAMP with:"
+  echo "RELEASE_REPO=${SOURCE_REPO}"
+  echo "RELEASE_TAG=${REV}"
+  echo "RELEASE_TIMESTAMP=${TIMESTAMP}"
+
+  # We "remove and add" instead of "replace" in case the entries are not there yet
+  # Removing the old RELEASE_-tags
+  sed -i "/RELEASE_\(TAG\|REPO\|TIMESTAMP\)=.*/d" "$TAR_STAMP"
+  # Appending the new 
+  echo "RELEASE_REPO=$SOURCE_REPO" >> "$TAR_STAMP"
+  echo "RELEASE_TAG=$REV" >> "$TAR_STAMP"
+  echo "RELEASE_TIMESTAMP=$TIMESTAMP" >> "$TAR_STAMP"
+
   echo "creating archive..."
   tar $compression -cf $PRODUCT-$VERSION$VERSION_SUFFIX.source.tar.xz --exclude=.hgtags --exclude=.hgignore --exclude=.hg --exclude=CVS $PRODUCT-$VERSION
 fi
@@ -267,15 +331,3 @@ elif [ -f "l10n-$PREV_VERSION$PREV_VERSION_SUFFIX.tar.xz" ]; then
   echo "Moving l10n-$PREV_VERSION$PREV_VERSION_SUFFIX.tar.xz to l10n-$VERSION$VERSION_SUFFIX.tar.xz"
   mv "l10n-$PREV_VERSION$PREV_VERSION_SUFFIX.tar.xz" "l10n-$VERSION$VERSION_SUFFIX.tar.xz"
 fi
-
-# compare-locales
-echo "creating compare-locales"
-if [ -d compare-locales/.hg ]; then
-  pushd compare-locales || exit 1
-  hg pull
-  popd || exit 1
-else
-  hg clone http://hg.mozilla.org/build/compare-locales
-fi
-tar $compression -cf compare-locales.tar.xz --exclude=.hgtags --exclude=.hgignore --exclude=.hg compare-locales
-

firefox-68.2.0esr.source.tar.xz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:85f1c2eaf68ebedcbc0b78a342f6d16ef0865dedd426a1bba94b75c85f716f38
-size 312103756

firefox-68.2.0esr.source.tar.xz.asc

@@ -1,16 +0,0 @@
------BEGIN PGP SIGNATURE-----
-
-iQIzBAABCgAdFiEECXsxMHeuYqAvhNpN8aZmj7t9Vy4FAl2ncUYACgkQ8aZmj7t9
-Vy4E0A/8DpD0vJ0cMz3LSslD5xkj+h3CQ+dX8NJOZnWZ4I03VsTHkbkD7pRfcLuz
-e5O7jswbkb9osUxK4FBoNTznQWSkwSbByyd92/c31LDCHhxerzIcJ8K3gsxnb6Mx
-Z4PMCYfg2DypUcfktxFP5g9Tlel7ooFS/vZV8ClmaszbBCIo2UrlYDYoozxaqnJ7
-fVsuWfFfMtOOer3iIRd362HRxBcr41Bie1xX+VCoKN+zMUjscRun00i61XQAK9UN
-vOONywCJrp12Hmk+RCvY7r3e043qj8f1HZ1BWO0dgq5HItlt/xAkX4/w3u2dNVL5
-LDNPebACJe73f7PfmwESILxJgR+aN/7K20uOLW5Y/hjgJ0VRQqQFWyqPX45agiea
-EvDoykZq73IVz8t1ZNXl3QwaVYxqHYIByeuW/VLQmRrz2iDGNmIn/DwjehpOBzNK
-ZRAfreypYvVYQLVKgvRuA2R9A8qj9Tl+XDqdLm76vtSrbOnFHM7SEmKbhSJorLKh
-KhF5FN35+55JrV+rAlnyuYiE0uPiETtRuKg4UkkgSvT7z64+svln5St0pw/NWSTx
-k7RHrWUQExFkzSKGfvMO9b1b8KT/kQJHHQrnFQOOVd34rSMw4AtpHaZgH+GMu/qn
-z7AdhJc+k6eKbQlUDNY3GLfVWo6K2i0wAoBKdnZRzMT/EhMCSXs=
-=xq+p
------END PGP SIGNATURE-----

firefox-68.3.0esr.source.tar.xz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:e131149a70e7ae867d9b0ea081e8c081d056500ee51bb9270df247e977badc69
+size 312378276

firefox-68.3.0esr.source.tar.xz.asc

@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCgAdFiEECXsxMHeuYqAvhNpN8aZmj7t9Vy4FAl3cpbgACgkQ8aZmj7t9
+Vy5FjA//asuNFCQYkpglWuEnnuP+k74QXvPL02mFhISSyukJVuWV8O0Pw2JObdev
+Tt2nG46TTKiD/ahKSv+utZ+skxqu5SuRyrGO8g/u5mGndUkGhmDpKh4mrqblaK2h
+yUDqVwyHN/ckVI0TWlpUKq+Ow916nfEPcdgP++P3we1Da6p1ZIMDRQtB5GNMOAJt
+5Jf/7yja504MNuRJh5AHEfN9rIzdNMdXs59/CNDL3Tr9MC785+jyU8efhM0RD403
+iMMW3dWAZW/dvVm247WnBkCk/dje8M24iwqiSh3SBAytOjEzXc018qrTKbHIQ9FY
+ycc4p5fHYBht2NaEnauaQlnIX2Mwi4uYpktqfLKBlPj2szbfxqpWodUDuABgGOEx
+bCu2AKhJGqP/NXkzRpFJTRr3LtiWQX/ZCHecwS5yDkCVQywcIgHEnTeSNi273CBe
+OOlbHqjL3Bo9FnLQCpZVls+H0lxuSBXavTS+Zpa/nMNitbat3/GW89vJfS/v1Po1
+gDtiaEV5jLF3ndEMxyMJhq2xBnUtLNRkGyMozmnNy5dkHwdJUl3FemgAtCgIFtmW
+MI7nZBGHoI1LGfQVFR4At7PcOn4iusy6sgrY2G0nCddm5sCrLAYpiHUxzHow9M4S
+2AvxKXjaW4nku1IBVPTe5IYTec76ukx3LvlqgeiKSkkk04t6zDE=
+=Qu/m
+-----END PGP SIGNATURE-----

firefox-esr.changes

@@ -1,3 +1,31 @@
+-------------------------------------------------------------------
+Thu Dec  5 07:27:54 UTC 2019 - Manfred Hollstein <manfred.h@gmx.net>
+
+- Mozilla Firefox 68.3.0esr
+  MFSA 2019-37
+  * CVE-2019-17008 (bmo#1546331)
+    Use-after-free in worker destruction
+  * CVE-2019-13722 (bmo#1580156)
+    Stack corruption due to incorrect number of arguments in WebRTC code
+  * CVE-2019-11745 (bmo#1586176)
+    Out of bounds write in NSS when encrypting with a block cipher
+  * CVE-2019-17009 (bmo#1510494)
+    Updater temporary files accessible to unprivileged processes
+  * CVE-2019-17010 (bmo#1581084)
+    Use-after-free when performing device orientation checks
+  * CVE-2019-17005 (bmo#1584170)
+    Buffer overflow in plain text serializer
+  * CVE-2019-17011 (bmo#1591334)
+    Use-after-free when retrieving a document in antitracking
+  * CVE-2019-17012 (bmo#1449736, bmo#1533957, bmo#1560667, bmo#1567209,
+    bmo#1580288, bmo#1585760, bmo#1592502)
+    Memory safety bugs fixed in Firefox 71 and Firefox ESR 68.3
+  * Various updates to improve performance and stability
+- updated create-tar.sh to cover buildid and origin repo information
+  -> removed obsolete source-stamp.txt
+- changed locale building procedure
+  * removed obsolete compare-locales.tar.xz
+
 -------------------------------------------------------------------
 Tue Nov 19 09:19:29 UTC 2019 - Wolfgang Rosenauer <wr@rosenauer.org>
 

firefox-esr.spec

@@ -36,13 +36,12 @@
 # major 69
 # mainver %major.99
 %define major          68
-%define mainver        %major.2.0
+%define mainver        %major.3.0
-%define orig_version   68.2.0
+%define orig_version   68.3.0
 %define orig_suffix    esr
 %define update_channel esr68
 %define branding       1
 %define devpkg         0
-%define releasedate    20191016163237
 
 # always build with GCC as SUSE Security Team requires that
 %define clang_build 0
@@ -175,15 +174,13 @@ Source1:        MozillaFirefox.desktop
 Source2:        MozillaFirefox-rpmlintrc
 Source3:        mozilla.sh.in
 Source4:        tar_stamps
-Source5:        source-stamp.txt
 Source7:        l10n-%{orig_version}%{orig_suffix}.tar.xz
 Source8:        firefox-mimeinfo.xml
 Source9:        firefox.js
-Source10:       compare-locales.tar.xz
 Source11:       firefox.1
 Source12:       mozilla-get-app-id
 Source13:       spellcheck.js
-Source14:       https://github.com/openSUSE/firefox-scripts/raw/master/create-tar.sh
+Source14:       https://github.com/openSUSE/firefox-scripts/raw/35ade35/create-tar.sh
 Source15:       firefox-appdata.xml
 Source16:       %{name}.changes
 # Set up API keys, see http://www.chromium.org/developers/how-tos/api-keys
@@ -327,7 +324,7 @@ if (( $(stat -Lc%s "%{SOURCE7}") < MINSIZE)); then
     exit 1
 fi
 
-%setup -q -n %{srcname}-%{orig_version} -b 7 -b 10
+%setup -q -n %{srcname}-%{orig_version} -b 7
 %else
 %setup -q -n %{srcname}-%{orig_version}
 %endif
@@ -377,14 +374,15 @@ if test "$kdehelperversion" != %{kde_helper_version}; then
   echo fix kde helper version in the .spec file
   exit 1
 fi
-source %{SOURCE5}
+source %{SOURCE4}
 %endif # only_print_mozconfig
 
-export MOZ_SOURCE_CHANGESET=$REV
+export CARGO_HOME=${RPM_BUILD_DIR}/%{srcname}-%{orig_version}/.cargo
-export SOURCE_REPO=$REPO
+export MOZ_SOURCE_CHANGESET=$RELEASE_TAG
-export source_repo=$REPO
+export SOURCE_REPO=$RELEASE_REPO
-export MOZ_SOURCE_REPO=$REPO
+export source_repo=$RELEASE_REPO
-export MOZ_BUILD_DATE=%{releasedate}
+export MOZ_SOURCE_REPO=$RELEASE_REPO
+export MOZ_BUILD_DATE=$RELEASE_TIMESTAMP
 export MOZILLA_OFFICIAL=1
 export BUILD_OFFICIAL=1
 export MOZ_TELEMETRY_REPORTING=1
@@ -515,13 +513,37 @@ export PKG_CONFIG_PATH=/usr/%_lib/firefox/%_lib/pkgconfig/
 xvfb-run --server-args="-screen 0 1920x1080x24" \
 %endif
 ./mach build
+# build additional locales
+%if %localize
+mkdir -p %{buildroot}%{progdir}/browser/extensions
+truncate -s 0 %{_tmppath}/translations.{common,other}
+sed -r '/^(ja-JP-mac|en-US|)$/d;s/ .*$//' $RPM_BUILD_DIR/%{srcname}-%{orig_version}/browser/locales/shipped-locales \
+    | xargs -n 1 -I {} /bin/sh -c '
+        locale=$1
+        ./mach build langpack-$locale
+        cp -rL ../obj/dist/xpi-stage/locale-$locale \
+            %{buildroot}%{progdir}/browser/extensions/langpack-$locale@firefox.mozilla.org
+        # remove prefs, profile defaults, and hyphenation from langpack
+        rm -rf %{buildroot}%{progdir}/browser/extensions/langpack-$locale@firefox.mozilla.org/defaults
+        rm -rf %{buildroot}%{progdir}/browser/extensions/langpack-$locale@firefox.mozilla.org/hyphenation
+        # check against the fixed common list and sort into the right filelist
+        _matched=0
+        for _match in ar ca cs da de el en-GB es-AR es-CL es-ES fi fr hu it ja ko nb-NO nl pl pt-BR pt-PT ru sv-SE zh-CN zh-TW; do
+            [ "$_match" = "$locale" ] && _matched=1
+        done
+        [ $_matched -eq 1 ] && _l10ntarget=common || _l10ntarget=other
+        echo %{progdir}/browser/extensions/langpack-$locale@firefox.mozilla.org \
+            >> %{_tmppath}/translations.$_l10ntarget
+' -- {}
+%endif
+
 %endif # only_print_mozconfig
 
 %install
 cd $RPM_BUILD_DIR/obj
-source %{SOURCE5}
+source %{SOURCE4}
-export MOZ_SOURCE_STAMP=$REV
+export MOZ_SOURCE_STAMP=$RELEASE_TAG
-export MOZ_SOURCE_REPO=$REPO
+export MOZ_SOURCE_REPO=$RELEASE_REPO
 # need to remove default en-US firefox-l10n.js before it gets
 # populated into browser's omni.ja; it only contains general.useragent.locale
 # which should be loaded from each language pack (set in firefox.js)
@@ -543,35 +565,6 @@ mv %{buildroot}%{progdir}/%{srcname}-bin %{buildroot}%{progdir}/%{progname}-bin
 install -m 644 %{SOURCE13} %{buildroot}%{progdir}/defaults/pref/
 # install browser prefs
 install -m 644 %{SOURCE9} %{buildroot}%{progdir}/browser/defaults/preferences/firefox.js
-# build additional locales
-%if %localize
-mkdir -p %{buildroot}%{progdir}/browser/extensions
-truncate -s 0 %{_tmppath}/translations.{common,other}
-sed -r '/^(ja-JP-mac|en-US|)$/d;s/ .*$//' $RPM_BUILD_DIR/%{srcname}-%{orig_version}/browser/locales/shipped-locales \
-    | xargs -n 1 -I {} /bin/sh -c '
-        locale=$1
-        pushd $RPM_BUILD_DIR/compare-locales
-        PYTHONPATH=lib \
-            scripts/compare-locales -m ../l10n-merged/$locale \
-            ../%{srcname}-%{orig_version}/browser/locales/l10n.ini ../l10n $locale
-        popd
-        LOCALE_MERGEDIR=$RPM_BUILD_DIR/l10n-merged/$locale \
-            make -C browser/locales langpack-$locale
-        cp -rL dist/xpi-stage/locale-$locale \
-            %{buildroot}%{progdir}/browser/extensions/langpack-$locale@firefox.mozilla.org
-        # remove prefs, profile defaults, and hyphenation from langpack
-        rm -rf %{buildroot}%{progdir}/browser/extensions/langpack-$locale@firefox.mozilla.org/defaults
-        rm -rf %{buildroot}%{progdir}/browser/extensions/langpack-$locale@firefox.mozilla.org/hyphenation
-        # check against the fixed common list and sort into the right filelist
-        _matched=0
-        for _match in ar ca cs da de el en-GB es-AR es-CL es-ES fi fr hu it ja ko nb-NO nl pl pt-BR pt-PT ru sv-SE zh-CN zh-TW; do
-            [ "$_match" = "$locale" ] && _matched=1
-        done
-        [ $_matched -eq 1 ] && _l10ntarget=common || _l10ntarget=other
-        echo %{progdir}/browser/extensions/langpack-$locale@firefox.mozilla.org \
-            >> %{_tmppath}/translations.$_l10ntarget
-' -- {}
-%endif
 # remove some executable permissions
 find %{buildroot}%{progdir} \
      -name "*.js" -o \

l10n-68.2.0esr.tar.xz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:bf1908adee88e669b5db6460c35a2d0dbc9788c596bcb91c6209c15b174e1b8e
-size 49148316

source-stamp.txt

@@ -1,2 +0,0 @@
-REV=ce462a42d4f7aa92e526fab29baea17ab5985841
-REPO=http://hg.mozilla.org/releases/mozilla-esr68

tar_stamps

@@ -1,8 +1,10 @@
 PRODUCT="firefox"
 CHANNEL="esr68"
-VERSION="68.2.0"
+VERSION="68.3.0"
 VERSION_SUFFIX="esr"
-RELEASE_TAG="ce462a42d4f7aa92e526fab29baea17ab5985841"
+PREV_VERSION="68.2.0"
-PREV_VERSION="68.1.0"
 PREV_VERSION_SUFFIX="esr"
 #SKIP_LOCALES="" # Uncomment to skip l10n and compare-locales-generation
+RELEASE_REPO="https://hg.mozilla.org/releases/mozilla-esr68"
+RELEASE_TAG="fd17b62d5247816244c319271800ef1df2697c82"
+RELEASE_TIMESTAMP="20191126000427"