From b2497b835b7f117eafda5b05ffbe54346ea159d4510ee8047cb7bc6b48976d9b Mon Sep 17 00:00:00 2001
From: Wolfgang Rosenauer <wolfgang@rosenauer.org>
Date: Wed, 18 May 2022 20:54:37 +0000
Subject: [PATCH 1/2] Accepting request 978002 from
 home:AndreasStieger:branches:mozilla:Factory

Mozilla Firefox 100.0.1

OBS-URL: https://build.opensuse.org/request/show/978002
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=976
---
 MozillaFirefox.changes                   |  9 +++++
 MozillaFirefox.spec                      |  4 +-
 create-tar.sh                            | 47 ++++--------------------
 firefox-100.0.1.source.tar.xz            |  3 ++
 firefox-100.0.1.source.tar.xz.asc        | 16 ++++++++
 firefox-100.0.source.tar.xz              |  3 --
 firefox-100.0.source.tar.xz.asc          | 16 --------
 l10n-100.0.tar.xz => l10n-100.0.1.tar.xz |  0
 tar_stamps                               |  8 ++--
 9 files changed, 41 insertions(+), 65 deletions(-)
 create mode 100644 firefox-100.0.1.source.tar.xz
 create mode 100644 firefox-100.0.1.source.tar.xz.asc
 delete mode 100644 firefox-100.0.source.tar.xz
 delete mode 100644 firefox-100.0.source.tar.xz.asc
 rename l10n-100.0.tar.xz => l10n-100.0.1.tar.xz (100%)

diff --git a/MozillaFirefox.changes b/MozillaFirefox.changes
index f3569bb..d458758 100644
--- a/MozillaFirefox.changes
+++ b/MozillaFirefox.changes
@@ -1,3 +1,12 @@
+-------------------------------------------------------------------
+Wed May 18 20:27:49 UTC 2022 - Andreas Stieger <andreas.stieger@gmx.de>
+
+- Mozilla Firefox 100.0.1:
+  * Fixed: Fixed an issue with subtitles in Picture-in-Picture
+    mode while using Netflix (bmo#1768818)
+  * Fixed: Fixed an issue where some commands were unavailable in
+    the Picture-in-Picture window (bmo#1768201)
+
 -------------------------------------------------------------------
 Sun May  1 21:31:01 UTC 2022 - Wolfgang Rosenauer <wr@rosenauer.org>
 
diff --git a/MozillaFirefox.spec b/MozillaFirefox.spec
index 90328ae..1e0dd51 100644
--- a/MozillaFirefox.spec
+++ b/MozillaFirefox.spec
@@ -29,8 +29,8 @@
 # major 69
 # mainver %major.99
 %define major          100
-%define mainver        %major.0
-%define orig_version   100.0
+%define mainver        %major.0.1
+%define orig_version   100.0.1
 %define orig_suffix    %{nil}
 %define update_channel release
 %define branding       1
diff --git a/create-tar.sh b/create-tar.sh
index 8dc9977..65cf69f 100644
--- a/create-tar.sh
+++ b/create-tar.sh
@@ -37,7 +37,6 @@ else
 fi
 
 SOURCE_TARBALL="$PRODUCT-$VERSION$VERSION_SUFFIX.source.tar.xz"
-PREV_SOURCE_TARBALL="$PRODUCT-$PREV_VERSION$PREV_VERSION_SUFFIX.source.tar.xz"
 FTP_URL="https://ftp.mozilla.org/pub/$PRODUCT/releases/$VERSION$VERSION_SUFFIX/source"
 FTP_CANDIDATES_BASE_URL="https://ftp.mozilla.org/pub/$PRODUCT/candidates"
 # Make first letter of PRODCUT upper case
@@ -146,48 +145,22 @@ function locales_get() {
   fi
 }
 
-function locales_parse_file() {
-  FILE="$1"
-  cat "$FILE" | python -c "import json; import sys; \
-             print('\n'.join(['{} {}'.format(key, value['revision']) \
-                for key, value in sorted(json.load(sys.stdin).items())]));"
-}
-
-function locales_parse_url() {
+function locales_parse() {
   URL="$1"
   curl -s "$URL" | python -c "import json; import sys; \
              print('\n'.join(['{} {}'.format(key, value['changeset']) \
                 for key, value in sorted(json.load(sys.stdin)['locales'].items())]));"
 }
 
-function extract_locales_file() {
-    # still need to extract the locale information from the archive
-    echo "extract locale changesets"
-    tar -xf $SOURCE_TARBALL $LOCALE_FILE
-}
-
 function locales_unchanged() {
   BUILD_ID="$1"
   PREV_BUILD_ID=$(get_build_number "$PREV_VERSION$PREV_VERSION_SUFFIX")
   # If no json-file for one of the versions can be found, we say "they changed"
   prev_url=$(locales_get "$PREV_VERSION$PREV_VERSION_SUFFIX" "$PREV_BUILD_ID") || return 1
-  prev_content=$(locales_parse_url "$prev_url") || exit 1
+  curr_url=$(locales_get "$VERSION$VERSION_SUFFIX" "$BUILD_ID")           || return 1
 
-  curr_url=$(locales_get "$VERSION$VERSION_SUFFIX" "$BUILD_ID")
-  if [ $? -ne 0 ]; then
-    # We did not find a locales file upstream on the servers
-    if [ -e $SOURCE_TARBALL ]; then
-        # We can find out what the locales are, by extracting the json-file from the tar-ball
-        # instead of getting it from the server
-        extract_locales_file || return 1
-        curr_content=$(locales_parse_file "$LOCALE_FILE") || exit 1
-      else 
-        # We can't know what the locales are in the current version
-        return 1
-      fi
-  else
-    curr_content=$(locales_parse_url "$curr_url") || exit 1
-  fi
+  prev_content=$(locales_parse "$prev_url") || exit 1
+  curr_content=$(locales_parse "$curr_url") || exit 1
 
   diff -y --suppress-common-lines -d <(echo "$prev_content") <(echo "$curr_content")
 }
@@ -238,7 +211,9 @@ fi
 # we might have an upstream archive already and can skip the checkout
 if [ -e $SOURCE_TARBALL ]; then
   if [ -z ${SKIP_LOCALES+x} ] && [ $LOCALES_CHANGED -ne 0 ]; then
-    extract_locales_file
+    # still need to extract the locale information from the archive
+    echo "extract locale changesets"
+    tar -xf $SOURCE_TARBALL $LOCALE_FILE
   fi
   get_source_stamp "$BUILD_ID"
 else
@@ -353,11 +328,3 @@ elif [ -f "l10n-$PREV_VERSION$PREV_VERSION_SUFFIX.tar.xz" ]; then
   echo "Moving l10n-$PREV_VERSION$PREV_VERSION_SUFFIX.tar.xz to l10n-$VERSION$VERSION_SUFFIX.tar.xz"
   mv "l10n-$PREV_VERSION$PREV_VERSION_SUFFIX.tar.xz" "l10n-$VERSION$VERSION_SUFFIX.tar.xz"
 fi
-
-if [ -e $PREV_SOURCE_TARBALL ]; then
-    echo ""
-    echo "Deleting old sources tarball $PREV_SOURCE_TARBALL"
-    $(ask_cont_abort_question "Is this ok?") || exit 0
-    rm "$PREV_SOURCE_TARBALL"
-    rm "$PREV_SOURCE_TARBALL.asc"
-fi
diff --git a/firefox-100.0.1.source.tar.xz b/firefox-100.0.1.source.tar.xz
new file mode 100644
index 0000000..ab9d2c3
--- /dev/null
+++ b/firefox-100.0.1.source.tar.xz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:13bc55e1c32a6ad32b4a3b37296a0459f41b0981489fc22da491256773c51c9d
+size 490127024
diff --git a/firefox-100.0.1.source.tar.xz.asc b/firefox-100.0.1.source.tar.xz.asc
new file mode 100644
index 0000000..0845672
--- /dev/null
+++ b/firefox-100.0.1.source.tar.xz.asc
@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCgAdFiEEQ2D+IQnEl2MYb44h6+QekPbxL20FAmJ+y18ACgkQ6+QekPbx
+L21i9A/+OHvC+5nLJ3rkX3TvzkPYsUKT2ZXTnoFBA0kvUC9niqSHqjTwIRGNd40N
+AoarbJC5VDf0j2u1HPoKcfUtIjPnHd7lOCInd3VtlLj+R2C6FrTmkiUcrPATVeuW
+1Lw0DOHd0E5udBRsy16+NvGWVzfw/5n0gqs5tCclWIvjqnpbMlM4HvZ4s48Mf5Qv
+eKh/IyNb0Tl0u2HaN/lkiJQ43HfTa8BmFJy0rv592sIy1Sar1zVQoJ9RhBqiLubb
+h3g01hgPBnA4lmqgLKTEVCZUIg7FWNoic4u82eOxVEb3xQ09lEwMWvUMA8FgKFYv
+lOW7cuAfExHgcr6oFdqYiPxnBrCocutFsHqokAFUzxYcCxibVm0Fx4zrJL4p63Pi
+YK1OGrn8Eyr+8bfxI1cqhsmlX/Jw72Y79Ybjxd8eMD3mTkLkoQbdKZ9caDLKViNV
+OIs6jsNqBGwrX5hfTyqBgkAKDi8KjHB1lRs2qRIimMhujD6z9332PqLhMzyvx8oQ
+tf4IOuTI6jQ9jIKPcYgix+mufWkou0iYf0By9ergmkDoHphQ7hnE2t0rZMMDOWL0
+SGgJgTpb7XYKhl6eHIRTreOoXGbCHPHFUWmw9aXXn4EdaH8tXRkQyEpmpjb5C+tO
+UzmcKLWjGsvf4wsbYIDx2Lqt0SlK60ni1N/S89fDmmRgLagAlrI=
+=vn99
+-----END PGP SIGNATURE-----
diff --git a/firefox-100.0.source.tar.xz b/firefox-100.0.source.tar.xz
deleted file mode 100644
index 8bce992..0000000
--- a/firefox-100.0.source.tar.xz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:664c0cc4e0fb70886aa4e652d144996045d533a18eebc7d61093103cbb2d5e7f
-size 487179576
diff --git a/firefox-100.0.source.tar.xz.asc b/firefox-100.0.source.tar.xz.asc
deleted file mode 100644
index e91f761..0000000
--- a/firefox-100.0.source.tar.xz.asc
+++ /dev/null
@@ -1,16 +0,0 @@
------BEGIN PGP SIGNATURE-----
-
-iQIzBAABCgAdFiEEQ2D+IQnEl2MYb44h6+QekPbxL20FAmJrHk8ACgkQ6+QekPbx
-L21ybg//UB24hAPWkUvbFBDe2XU+uVyIvUCu9n3+6srAg9pkbZrSRPu6PeLzutDM
-QjgtWDD2Wh9yboOak6ev/iaZTJMJz/SOU9UhZaT0MAA88aheciMLQXzdqMl6tAjr
-RJqotzqF1jUT/np+0BpDGmJR6WgMznHzFtn6Lxum91SYUyRJkUgo0nmAWtShJo+A
-Y4m3v9um3oKfWPmplAwOvMsFB6VAFPuYcvIVcQW/LBipnTXOnbwT7dqnRuWx4PGY
-k0WAMBOJM4gIcaaSREssObTRjLhnOlmBhopCag/R4+oS2/3kc0TbkVGiWGXeCkEy
-2RtDg8MVKqC9QVHlE5amG3JRmk8qrvzfj9C8UQoL7dv2MSjdE90Tc2XajeZwt2cn
-tulClkS+/4Gu4FD/prRNSnGaRyyHmGx0IYQvcHKGyCFspjz5DyPn1Cdjt/BHAMUU
-Ji5nM0Gipp0yhVs5jMnABQSvPtwDnlTrw9DtSLzIe/OLTZawRIMa/Xo9Xo6P1gIf
-8ld2K3wy2pAYPE+GPXU+JX7uLS7JvIaE2AvxpnYoTUhv5sDdLN5NQTcY0bY4AjMS
-ym03DrIIrQq1NfHwWEzPvpiypcRg3LzK3Zkf7BLYfboPT5dsO2/aiaEEZRyhhDZS
-4NZ7BKvrGx3wP90y2H2Mrpy0v6/FGXF/0iR8Ekd/zWtXGI7DIww=
-=Uc4J
------END PGP SIGNATURE-----
diff --git a/l10n-100.0.tar.xz b/l10n-100.0.1.tar.xz
similarity index 100%
rename from l10n-100.0.tar.xz
rename to l10n-100.0.1.tar.xz
diff --git a/tar_stamps b/tar_stamps
index a5c6c47..da16961 100644
--- a/tar_stamps
+++ b/tar_stamps
@@ -1,10 +1,10 @@
 PRODUCT="firefox"
 CHANNEL="release"
-VERSION="100.0"
+VERSION="100.0.1"
 VERSION_SUFFIX=""
-PREV_VERSION="99.0.1"
+PREV_VERSION="100.0"
 PREV_VERSION_SUFFIX=""
 #SKIP_LOCALES="" # Uncomment to skip l10n and compare-locales-generation
 RELEASE_REPO="https://hg.mozilla.org/releases/mozilla-release"
-RELEASE_TAG="1c7f7adc90e2b4c8d64548938bb1499033c5be8f"
-RELEASE_TIMESTAMP="20220428192727"
+RELEASE_TAG="b1c0f261443931d2a01f2fdc7016db5424cb471d"
+RELEASE_TIMESTAMP="20220513165813"

From 9498fa4a6adcae7dd605d4ae74948b3587518340800f1dd1df2f2939df45c0ad Mon Sep 17 00:00:00 2001
From: Wolfgang Rosenauer <wolfgang@rosenauer.org>
Date: Fri, 20 May 2022 15:13:51 +0000
Subject: [PATCH 2/2] - Mozilla Firefox 100.0.2   MFSA 2022-19 (bsc#1199768)  
 * CVE-2022-1802 (bmo#1770137)     Prototype pollution in Top-Level Await
 implementation   * CVE-2022-1529 (bmo#1770048)     Untrusted input used in
 JavaScript object indexing, leading     to prototype pollution

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=977
---
 MozillaFirefox.changes                     | 11 +++++++++++
 MozillaFirefox.spec                        |  4 ++--
 firefox-100.0.1.source.tar.xz              |  3 ---
 firefox-100.0.1.source.tar.xz.asc          | 16 ----------------
 firefox-100.0.2.source.tar.xz              |  3 +++
 firefox-100.0.2.source.tar.xz.asc          | 16 ++++++++++++++++
 l10n-100.0.1.tar.xz => l10n-100.0.2.tar.xz |  0
 tar_stamps                                 |  8 ++++----
 8 files changed, 36 insertions(+), 25 deletions(-)
 delete mode 100644 firefox-100.0.1.source.tar.xz
 delete mode 100644 firefox-100.0.1.source.tar.xz.asc
 create mode 100644 firefox-100.0.2.source.tar.xz
 create mode 100644 firefox-100.0.2.source.tar.xz.asc
 rename l10n-100.0.1.tar.xz => l10n-100.0.2.tar.xz (100%)

diff --git a/MozillaFirefox.changes b/MozillaFirefox.changes
index d458758..96bb7ab 100644
--- a/MozillaFirefox.changes
+++ b/MozillaFirefox.changes
@@ -1,3 +1,14 @@
+-------------------------------------------------------------------
+Fri May 20 15:03:50 UTC 2022 - Wolfgang Rosenauer <wr@rosenauer.org>
+
+- Mozilla Firefox 100.0.2
+  MFSA 2022-19 (bsc#1199768)
+  * CVE-2022-1802 (bmo#1770137)
+    Prototype pollution in Top-Level Await implementation
+  * CVE-2022-1529 (bmo#1770048)
+    Untrusted input used in JavaScript object indexing, leading
+    to prototype pollution
+
 -------------------------------------------------------------------
 Wed May 18 20:27:49 UTC 2022 - Andreas Stieger <andreas.stieger@gmx.de>
 
diff --git a/MozillaFirefox.spec b/MozillaFirefox.spec
index 1e0dd51..1d32834 100644
--- a/MozillaFirefox.spec
+++ b/MozillaFirefox.spec
@@ -29,8 +29,8 @@
 # major 69
 # mainver %major.99
 %define major          100
-%define mainver        %major.0.1
-%define orig_version   100.0.1
+%define mainver        %major.0.2
+%define orig_version   100.0.2
 %define orig_suffix    %{nil}
 %define update_channel release
 %define branding       1
diff --git a/firefox-100.0.1.source.tar.xz b/firefox-100.0.1.source.tar.xz
deleted file mode 100644
index ab9d2c3..0000000
--- a/firefox-100.0.1.source.tar.xz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:13bc55e1c32a6ad32b4a3b37296a0459f41b0981489fc22da491256773c51c9d
-size 490127024
diff --git a/firefox-100.0.1.source.tar.xz.asc b/firefox-100.0.1.source.tar.xz.asc
deleted file mode 100644
index 0845672..0000000
--- a/firefox-100.0.1.source.tar.xz.asc
+++ /dev/null
@@ -1,16 +0,0 @@
------BEGIN PGP SIGNATURE-----
-
-iQIzBAABCgAdFiEEQ2D+IQnEl2MYb44h6+QekPbxL20FAmJ+y18ACgkQ6+QekPbx
-L21i9A/+OHvC+5nLJ3rkX3TvzkPYsUKT2ZXTnoFBA0kvUC9niqSHqjTwIRGNd40N
-AoarbJC5VDf0j2u1HPoKcfUtIjPnHd7lOCInd3VtlLj+R2C6FrTmkiUcrPATVeuW
-1Lw0DOHd0E5udBRsy16+NvGWVzfw/5n0gqs5tCclWIvjqnpbMlM4HvZ4s48Mf5Qv
-eKh/IyNb0Tl0u2HaN/lkiJQ43HfTa8BmFJy0rv592sIy1Sar1zVQoJ9RhBqiLubb
-h3g01hgPBnA4lmqgLKTEVCZUIg7FWNoic4u82eOxVEb3xQ09lEwMWvUMA8FgKFYv
-lOW7cuAfExHgcr6oFdqYiPxnBrCocutFsHqokAFUzxYcCxibVm0Fx4zrJL4p63Pi
-YK1OGrn8Eyr+8bfxI1cqhsmlX/Jw72Y79Ybjxd8eMD3mTkLkoQbdKZ9caDLKViNV
-OIs6jsNqBGwrX5hfTyqBgkAKDi8KjHB1lRs2qRIimMhujD6z9332PqLhMzyvx8oQ
-tf4IOuTI6jQ9jIKPcYgix+mufWkou0iYf0By9ergmkDoHphQ7hnE2t0rZMMDOWL0
-SGgJgTpb7XYKhl6eHIRTreOoXGbCHPHFUWmw9aXXn4EdaH8tXRkQyEpmpjb5C+tO
-UzmcKLWjGsvf4wsbYIDx2Lqt0SlK60ni1N/S89fDmmRgLagAlrI=
-=vn99
------END PGP SIGNATURE-----
diff --git a/firefox-100.0.2.source.tar.xz b/firefox-100.0.2.source.tar.xz
new file mode 100644
index 0000000..943efc7
--- /dev/null
+++ b/firefox-100.0.2.source.tar.xz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:dc109861204f6938fd8f147af89a694eb516f3d4bb64ce3f0116452d654a8417
+size 482708576
diff --git a/firefox-100.0.2.source.tar.xz.asc b/firefox-100.0.2.source.tar.xz.asc
new file mode 100644
index 0000000..9873bb6
--- /dev/null
+++ b/firefox-100.0.2.source.tar.xz.asc
@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCgAdFiEEQ2D+IQnEl2MYb44h6+QekPbxL20FAmKG9vEACgkQ6+QekPbx
+L23hBA//QKUM6apNd2eej4pXUdWxjHbVCqGsmK5hoBLpHj11n3b9YpYHNJaOMmRj
+uqK0anPUCEcTz7kT7liEjXAyGhzbdCjk2IzZ5RF214zcKgHElgp0zKzvvuVnkpfF
+ZA90JC2db2I6h/qFKQriohKCkPYKK32hKRj+t0cXq6yZMpaHKOjnvmBfFkLNm0y6
+YjIBHWGNrPyD7r+Z66UZE1N9catNwJYCFbHQfr0BSCcjNbSRyZMo8Spx2ObdbArL
+syPC408MRIGhgTHA/62u/8Z6YprQXCqg6fb9zJ+Ol6ZvFVdCkeLFQxKgAAa1lydK
+M1FOJ4PWe5+1bkih5C5McdWYGQkjpePjUIk0q/NGQj08zkfLbBBChtvrgC++WLjq
+7+fmILFSwyyemjH7WnG6u16gKNpW44tYfaYp0WWTghonmEAKAcj43Es3u1BIjpa2
+dtKx8R3PrOYtlnxirRyP0Si8hXAluMlf3YG8VIftDGZeAvfs3Mt5wYey3vWL5fFk
+d3U9WvjAaNPwsEmlwmhC0cv7/QwbxhDxI9nDIAeTohaWLyEktaLQ0HifKJEC0yZx
+PJTF6iDqE/P6cQBLAEU29O5KgfHyfee6S9iTER1nyEFM7Rwpd4B64Z1NhQGMK+d5
+uALQVPVybsBLI/pBat+FIy+6E5cZ6hBoJljr3aRRuCfjUTF7P24=
+=i3w3
+-----END PGP SIGNATURE-----
diff --git a/l10n-100.0.1.tar.xz b/l10n-100.0.2.tar.xz
similarity index 100%
rename from l10n-100.0.1.tar.xz
rename to l10n-100.0.2.tar.xz
diff --git a/tar_stamps b/tar_stamps
index da16961..ef3ad69 100644
--- a/tar_stamps
+++ b/tar_stamps
@@ -1,10 +1,10 @@
 PRODUCT="firefox"
 CHANNEL="release"
-VERSION="100.0.1"
+VERSION="100.0.2"
 VERSION_SUFFIX=""
-PREV_VERSION="100.0"
+PREV_VERSION="100.0.1"
 PREV_VERSION_SUFFIX=""
 #SKIP_LOCALES="" # Uncomment to skip l10n and compare-locales-generation
 RELEASE_REPO="https://hg.mozilla.org/releases/mozilla-release"
-RELEASE_TAG="b1c0f261443931d2a01f2fdc7016db5424cb471d"
-RELEASE_TIMESTAMP="20220513165813"
+RELEASE_TAG="7ce9f0fe6cb4c4a2eb518c0add727a60d5672542"
+RELEASE_TIMESTAMP="20220519220738"