MozillaFirefox/mozilla-nongnome-proxies.patch

# HG changeset patch
# User Wolfgang Rosenauer
# Date 1558442915 -7200
#      Tue May 21 14:48:35 2019 +0200
# Node ID 6bcf2dfebc1ea2aa34e5cc61152709fc8e409dc5
# Parent  4c434d19d03d5461e54fa22dfb82eaed4cd6631b
Do not use gconf for proxy settings if not running within Gnome
Index: toolkit/system/unixproxy/nsUnixSystemProxySettings.cpp
===================================================================
RCS file: /cvsroot/mozilla/toolkit/system/unixproxy/nsUnixSystemProxySettings.cpp,v
retrieving revision 1.1

diff -r 4c434d19d03d -r 6bcf2dfebc1e toolkit/system/unixproxy/nsUnixSystemProxySettings.cpp
--- a/toolkit/system/unixproxy/nsUnixSystemProxySettings.cpp	Wed Jun 12 17:43:18 2019 +0000
+++ b/toolkit/system/unixproxy/nsUnixSystemProxySettings.cpp	Tue May 21 14:48:35 2019 +0200
@@ -55,11 +55,14 @@
 }
 
 void nsUnixSystemProxySettings::Init() {
-  mGSettings = do_GetService(NS_GSETTINGSSERVICE_CONTRACTID);
-  if (mGSettings) {
-    mGSettings->GetCollectionForSchema(
-        NS_LITERAL_CSTRING("org.gnome.system.proxy"),
-        getter_AddRefs(mProxySettings));
+  const char* sessionType = PR_GetEnv("DESKTOP_SESSION");
+  if (sessionType && !strcmp(sessionType, "gnome")) {
+    mGSettings = do_GetService(NS_GSETTINGSSERVICE_CONTRACTID);
+    if (mGSettings) {
+      mGSettings->GetCollectionForSchema(
+          NS_LITERAL_CSTRING("org.gnome.system.proxy"),
+          getter_AddRefs(mProxySettings));
+    }
   }
 }
- Mozilla Firefox 68.0 * Dark mode in reader view * Improved extension security and discovery * Cryptomining and fingerprinting protections are added to strict content blocking settings in Privacy & Security preferences * Camera and microphone access now require an HTTPS connection MFSA 2019-21 (bsc#1140868) * CVE-2019-9811 (bmo#1538007, bmo#1539598, bmo#1563327) Sandbox escape via installation of malicious languagepack * CVE-2019-11711 (bmo#1552541) Script injection within domain through inner window reuse * CVE-2019-11712 (bmo#1543804) Cross-origin POST requests can be made with NPAPI plugins by following 308 redirects * CVE-2019-11713 (bmo#1528481) Use-after-free with HTTP/2 cached stream * CVE-2019-11714 (bmo#1542593) NeckoChild can trigger crash when accessed off of main thread * CVE-2019-11729 (bmo#1515342) Empty or malformed p256-ECDH public keys may trigger a segmentation fault * CVE-2019-11715 (bmo#1555523) HTML parsing error can contribute to content XSS * CVE-2019-11716 (bmo#1552632) globalThis not enumerable until accessed * CVE-2019-11717 (bmo#1548306) Caret character improperly escaped in origins * CVE-2019-11718 (bmo#1408349) Activity Stream writes unsanitized content to innerHTML * CVE-2019-11719 (bmo#1540541) Out-of-bounds read when importing curve25519 private key OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=748 2019-07-09 23:21:11 +02:00			`# HG changeset patch`
			`# User Wolfgang Rosenauer`
			`# Date 1558442915 -7200`
			`# Tue May 21 14:48:35 2019 +0200`
			`# Node ID 6bcf2dfebc1ea2aa34e5cc61152709fc8e409dc5`
			`# Parent 4c434d19d03d5461e54fa22dfb82eaed4cd6631b`
			`Do not use gconf for proxy settings if not running within Gnome`
5.0b3 OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=202 2011-06-01 08:05:09 +02:00			`Index: toolkit/system/unixproxy/nsUnixSystemProxySettings.cpp`
			`===================================================================`
			`RCS file: /cvsroot/mozilla/toolkit/system/unixproxy/nsUnixSystemProxySettings.cpp,v`
			`retrieving revision 1.1`
- update to Firefox 10.0 (bnc#744275) * MFSA 2012-01/CVE-2012-0442/CVE-2012-0443 Miscellaneous memory safety hazards * MFSA 2012-03/CVE-2012-0445 (bmo#701071) <iframe> element exposed across domains via name attribute * MFSA 2012-04/CVE-2011-3659 (bmo#708198) Child nodes from nsDOMAttribute still accessible after removal of nodes * MFSA 2012-05/CVE-2012-0446 (bmo#705651) Frame scripts calling into untrusted objects bypass security checks * MFSA 2012-06/CVE-2012-0447 (bmo#710079) Uninitialized memory appended when encoding icon images may cause information disclosure * MFSA 2012-07/CVE-2012-0444 (bmo#719612) Potential Memory Corruption When Decoding Ogg Vorbis files * MFSA 2012-08/CVE-2012-0449 (bmo#701806, bmo#702466) Crash with malformed embedded XSLT stylesheets - KDE integration has been disabled since it needs refactoring - removed obsolete ppc64 patch - Disable neon for arm as it doesn't build correctly OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=252 2012-02-01 14:37:15 +01:00
- Mozilla Firefox 68.0 * Dark mode in reader view * Improved extension security and discovery * Cryptomining and fingerprinting protections are added to strict content blocking settings in Privacy & Security preferences * Camera and microphone access now require an HTTPS connection MFSA 2019-21 (bsc#1140868) * CVE-2019-9811 (bmo#1538007, bmo#1539598, bmo#1563327) Sandbox escape via installation of malicious languagepack * CVE-2019-11711 (bmo#1552541) Script injection within domain through inner window reuse * CVE-2019-11712 (bmo#1543804) Cross-origin POST requests can be made with NPAPI plugins by following 308 redirects * CVE-2019-11713 (bmo#1528481) Use-after-free with HTTP/2 cached stream * CVE-2019-11714 (bmo#1542593) NeckoChild can trigger crash when accessed off of main thread * CVE-2019-11729 (bmo#1515342) Empty or malformed p256-ECDH public keys may trigger a segmentation fault * CVE-2019-11715 (bmo#1555523) HTML parsing error can contribute to content XSS * CVE-2019-11716 (bmo#1552632) globalThis not enumerable until accessed * CVE-2019-11717 (bmo#1548306) Caret character improperly escaped in origins * CVE-2019-11718 (bmo#1408349) Activity Stream writes unsanitized content to innerHTML * CVE-2019-11719 (bmo#1540541) Out-of-bounds read when importing curve25519 private key OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=748 2019-07-09 23:21:11 +02:00			`diff -r 4c434d19d03d -r 6bcf2dfebc1e toolkit/system/unixproxy/nsUnixSystemProxySettings.cpp`
			`--- a/toolkit/system/unixproxy/nsUnixSystemProxySettings.cpp Wed Jun 12 17:43:18 2019 +0000`
			`+++ b/toolkit/system/unixproxy/nsUnixSystemProxySettings.cpp Tue May 21 14:48:35 2019 +0200`
			`@@ -55,11 +55,14 @@`
- update to Firefox 18.0 (bnc#796895) * requires NSS 3.14.1 * removed obsolete SLE11 patches (mozilla-gcc43*) - ported patches - reenable WebRTC OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=308 2013-01-07 21:49:28 +01:00			`}`
5.0b3 OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=202 2011-06-01 08:05:09 +02:00
- Mozilla Firefox 67.0 * Firefox 67 will be able to run different Firefox installs side by side https://blog.nightly.mozilla.org/2019/01/14/moving-to-a-profile-per-install-architecture/ * Tabs can now be pinned from the Page Actions menu in the address bar * Users can block known cryptominers and fingerprinters in the Custom settings or their Content Blocking preferences * The Import Data from Another Browser feature is now also available from the File menu * Firefox will now protect you against running older versions which can lead to data corruption and stability issues * Easier access to your list of saved logins from the main menu and login autocomplete * We’ve added a toolbar menu for your Firefox Account to provide more transparency for when you are synced, sharing data across devices and with Firefox. Personalize the appearance of the menu with your own avatar * Enable FIDO U2F API, and permit registrations for Google Accounts * Enabled AV1 support on Linux MFSA 2019-13 * CVE-2019-9815 (bmo#1546544) Disable hyperthreading on content JavaScript threads on macOS * CVE-2019-9816 (bmo#1536768) Type confusion with object groups and UnboxedObjects * CVE-2019-9817 (bmo#1540221) Stealing of cross-domain images using canvas * CVE-2019-9818 (bmo#1542581) (Windows only) Use-after-free in crash generation server * CVE-2019-9819 (bmo#1532553) Compartment mismatch with fetch API * CVE-2019-9820 (bmo#1536405) OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=736 2019-05-22 22:38:29 +02:00			`void nsUnixSystemProxySettings::Init() {`
- update to version 11.0b5 - ported and reenabled KDE integration (bnc#746591) - explicitely build-require X libs - better plugin directory resolution (bnc#747320) OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=264 2012-03-01 10:09:12 +01:00			`- mGSettings = do_GetService(NS_GSETTINGSSERVICE_CONTRACTID);`
- update to Firefox 13.0 (bnc#765204) * MFSA 2012-34/CVE-2012-1938/CVE-2012-1937/CVE-2011-3101 Miscellaneous memory safety hazards * MFSA 2012-36/CVE-2012-1944 (bmo#751422) Content Security Policy inline-script bypass * MFSA 2012-37/CVE-2012-1945 (bmo#670514) Information disclosure though Windows file shares and shortcut files * MFSA 2012-38/CVE-2012-1946 (bmo#750109) Use-after-free while replacing/inserting a node in a document * MFSA 2012-40/CVE-2012-1947/CVE-2012-1940/CVE-2012-1941 Buffer overflow and use-after-free issues found using Address Sanitizer - require NSS 3.13.4 * MFSA 2012-39/CVE-2012-0441 (bmo#715073) - fix sound notifications when filename/path contains a whitespace (bmo#749739) OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=280 2012-06-05 20:01:53 +02:00			`- if (mGSettings) {`
missing proper changelog before Factory submission - Mozilla Firefox 65.0 - requires NSS 3.41 rust/carge 1.30 rust-cbindgen 0.6.7 -rebased patches OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=709 2019-01-29 19:07:12 +01:00			`- mGSettings->GetCollectionForSchema(`
			`- NS_LITERAL_CSTRING("org.gnome.system.proxy"),`
			`- getter_AddRefs(mProxySettings));`
5.0b3 OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=202 2011-06-01 08:05:09 +02:00			`+ const char* sessionType = PR_GetEnv("DESKTOP_SESSION");`
			`+ if (sessionType && !strcmp(sessionType, "gnome")) {`
- update to version 11.0b5 - ported and reenabled KDE integration (bnc#746591) - explicitely build-require X libs - better plugin directory resolution (bnc#747320) OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=264 2012-03-01 10:09:12 +01:00			`+ mGSettings = do_GetService(NS_GSETTINGSSERVICE_CONTRACTID);`
- update to Firefox 13.0 (bnc#765204) * MFSA 2012-34/CVE-2012-1938/CVE-2012-1937/CVE-2011-3101 Miscellaneous memory safety hazards * MFSA 2012-36/CVE-2012-1944 (bmo#751422) Content Security Policy inline-script bypass * MFSA 2012-37/CVE-2012-1945 (bmo#670514) Information disclosure though Windows file shares and shortcut files * MFSA 2012-38/CVE-2012-1946 (bmo#750109) Use-after-free while replacing/inserting a node in a document * MFSA 2012-40/CVE-2012-1947/CVE-2012-1940/CVE-2012-1941 Buffer overflow and use-after-free issues found using Address Sanitizer - require NSS 3.13.4 * MFSA 2012-39/CVE-2012-0441 (bmo#715073) - fix sound notifications when filename/path contains a whitespace (bmo#749739) OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=280 2012-06-05 20:01:53 +02:00			`+ if (mGSettings) {`
- Mozilla Firefox 68.0 * Dark mode in reader view * Improved extension security and discovery * Cryptomining and fingerprinting protections are added to strict content blocking settings in Privacy & Security preferences * Camera and microphone access now require an HTTPS connection MFSA 2019-21 (bsc#1140868) * CVE-2019-9811 (bmo#1538007, bmo#1539598, bmo#1563327) Sandbox escape via installation of malicious languagepack * CVE-2019-11711 (bmo#1552541) Script injection within domain through inner window reuse * CVE-2019-11712 (bmo#1543804) Cross-origin POST requests can be made with NPAPI plugins by following 308 redirects * CVE-2019-11713 (bmo#1528481) Use-after-free with HTTP/2 cached stream * CVE-2019-11714 (bmo#1542593) NeckoChild can trigger crash when accessed off of main thread * CVE-2019-11729 (bmo#1515342) Empty or malformed p256-ECDH public keys may trigger a segmentation fault * CVE-2019-11715 (bmo#1555523) HTML parsing error can contribute to content XSS * CVE-2019-11716 (bmo#1552632) globalThis not enumerable until accessed * CVE-2019-11717 (bmo#1548306) Caret character improperly escaped in origins * CVE-2019-11718 (bmo#1408349) Activity Stream writes unsanitized content to innerHTML * CVE-2019-11719 (bmo#1540541) Out-of-bounds read when importing curve25519 private key OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=748 2019-07-09 23:21:11 +02:00			`+ mGSettings->GetCollectionForSchema(`
			`+ NS_LITERAL_CSTRING("org.gnome.system.proxy"),`
			`+ getter_AddRefs(mProxySettings));`
- update to Firefox 13.0 (bnc#765204) * MFSA 2012-34/CVE-2012-1938/CVE-2012-1937/CVE-2011-3101 Miscellaneous memory safety hazards * MFSA 2012-36/CVE-2012-1944 (bmo#751422) Content Security Policy inline-script bypass * MFSA 2012-37/CVE-2012-1945 (bmo#670514) Information disclosure though Windows file shares and shortcut files * MFSA 2012-38/CVE-2012-1946 (bmo#750109) Use-after-free while replacing/inserting a node in a document * MFSA 2012-40/CVE-2012-1947/CVE-2012-1940/CVE-2012-1941 Buffer overflow and use-after-free issues found using Address Sanitizer - require NSS 3.13.4 * MFSA 2012-39/CVE-2012-0441 (bmo#715073) - fix sound notifications when filename/path contains a whitespace (bmo#749739) OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=280 2012-06-05 20:01:53 +02:00			`+ }`
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=738 2019-05-24 12:52:31 +02:00			`}`
5.0b3 OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=202 2011-06-01 08:05:09 +02:00			`}`