Accepting request 978314 from mozilla:Factory

- Mozilla Firefox 100.0.2 MFSA 2022-19 (bsc#1199768) * CVE-2022-1802 (bmo#1770137) Prototype pollution in Top-Level Await implementation * CVE-2022-1529 (bmo#1770048) Untrusted input used in JavaScript object indexing, leading to prototype pollution - Mozilla Firefox 100.0.1: * Fixed: Fixed an issue with subtitles in Picture-in-Picture mode while using Netflix (bmo#1768818) * Fixed: Fixed an issue where some commands were unavailable in the Picture-in-Picture window (bmo#1768201) OBS-URL: https://build.opensuse.org/request/show/978314 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaFirefox?expand=0&rev=366
2022-05-21 17:05:45 +00:00 · 2022-05-21 17:05:45 +00:00 · 0f98512910
commit 0f98512910
parent d7f7b04864 9498fa4a6a
9 changed files with 52 additions and 65 deletions
--- a/MozillaFirefox.changes
+++ b/MozillaFirefox.changes
@ -1,3 +1,23 @@
+-------------------------------------------------------------------
+Fri May 20 15:03:50 UTC 2022 - Wolfgang Rosenauer <wr@rosenauer.org>
+
+- Mozilla Firefox 100.0.2
+  MFSA 2022-19 (bsc#1199768)
+  * CVE-2022-1802 (bmo#1770137)
+    Prototype pollution in Top-Level Await implementation
+  * CVE-2022-1529 (bmo#1770048)
+    Untrusted input used in JavaScript object indexing, leading
+    to prototype pollution
+
+-------------------------------------------------------------------
+Wed May 18 20:27:49 UTC 2022 - Andreas Stieger <andreas.stieger@gmx.de>
+
+- Mozilla Firefox 100.0.1:
+  * Fixed: Fixed an issue with subtitles in Picture-in-Picture
+    mode while using Netflix (bmo#1768818)
+  * Fixed: Fixed an issue where some commands were unavailable in
+    the Picture-in-Picture window (bmo#1768201)
+
 -------------------------------------------------------------------
 Sun May  1 21:31:01 UTC 2022 - Wolfgang Rosenauer <wr@rosenauer.org>

--- a/MozillaFirefox.spec
+++ b/MozillaFirefox.spec
@ -29,8 +29,8 @@
 # major 69
 # mainver %major.99
 %define major          100
-%define mainver        %major.0
-%define orig_version   100.0
+%define mainver        %major.0.2
+%define orig_version   100.0.2
 %define orig_suffix    %{nil}
 %define update_channel release
 %define branding       1
--- a/create-tar.sh
+++ b/create-tar.sh
@ -37,7 +37,6 @@ else
 fi

 SOURCE_TARBALL="$PRODUCT-$VERSION$VERSION_SUFFIX.source.tar.xz"
-PREV_SOURCE_TARBALL="$PRODUCT-$PREV_VERSION$PREV_VERSION_SUFFIX.source.tar.xz"
 FTP_URL="https://ftp.mozilla.org/pub/$PRODUCT/releases/$VERSION$VERSION_SUFFIX/source"
 FTP_CANDIDATES_BASE_URL="https://ftp.mozilla.org/pub/$PRODUCT/candidates"
 # Make first letter of PRODCUT upper case
@ -146,48 +145,22 @@ function locales_get() {
  fi
 }

-function locales_parse_file() {
-  FILE="$1"
-  cat "$FILE" | python -c "import json; import sys; \
-             print('\n'.join(['{} {}'.format(key, value['revision']) \
-                for key, value in sorted(json.load(sys.stdin).items())]));"
-}
-
-function locales_parse_url() {
+function locales_parse() {
  URL="$1"
  curl -s "$URL" | python -c "import json; import sys; \
             print('\n'.join(['{} {}'.format(key, value['changeset']) \
                for key, value in sorted(json.load(sys.stdin)['locales'].items())]));"
 }

-function extract_locales_file() {
-    # still need to extract the locale information from the archive
-    echo "extract locale changesets"
-    tar -xf $SOURCE_TARBALL $LOCALE_FILE
-}
-
 function locales_unchanged() {
  BUILD_ID="$1"
  PREV_BUILD_ID=$(get_build_number "$PREV_VERSION$PREV_VERSION_SUFFIX")
  # If no json-file for one of the versions can be found, we say "they changed"
  prev_url=$(locales_get "$PREV_VERSION$PREV_VERSION_SUFFIX" "$PREV_BUILD_ID") || return 1
-  prev_content=$(locales_parse_url "$prev_url") || exit 1
+  curr_url=$(locales_get "$VERSION$VERSION_SUFFIX" "$BUILD_ID")           || return 1

-  curr_url=$(locales_get "$VERSION$VERSION_SUFFIX" "$BUILD_ID")
-  if [ $? -ne 0 ]; then
-    # We did not find a locales file upstream on the servers
-    if [ -e $SOURCE_TARBALL ]; then
-        # We can find out what the locales are, by extracting the json-file from the tar-ball
-        # instead of getting it from the server
-        extract_locales_file || return 1
-        curr_content=$(locales_parse_file "$LOCALE_FILE") || exit 1
-      else 
-        # We can't know what the locales are in the current version
-        return 1
-      fi
-  else
-    curr_content=$(locales_parse_url "$curr_url") || exit 1
-  fi
+  prev_content=$(locales_parse "$prev_url") || exit 1
+  curr_content=$(locales_parse "$curr_url") || exit 1

  diff -y --suppress-common-lines -d <(echo "$prev_content") <(echo "$curr_content")
 }
@ -238,7 +211,9 @@ fi
 # we might have an upstream archive already and can skip the checkout
 if [ -e $SOURCE_TARBALL ]; then
  if [ -z ${SKIP_LOCALES+x} ] && [ $LOCALES_CHANGED -ne 0 ]; then
-    extract_locales_file
+    # still need to extract the locale information from the archive
+    echo "extract locale changesets"
+    tar -xf $SOURCE_TARBALL $LOCALE_FILE
  fi
  get_source_stamp "$BUILD_ID"
 else
@ -353,11 +328,3 @@ elif [ -f "l10n-$PREV_VERSION$PREV_VERSION_SUFFIX.tar.xz" ]; then
  echo "Moving l10n-$PREV_VERSION$PREV_VERSION_SUFFIX.tar.xz to l10n-$VERSION$VERSION_SUFFIX.tar.xz"
  mv "l10n-$PREV_VERSION$PREV_VERSION_SUFFIX.tar.xz" "l10n-$VERSION$VERSION_SUFFIX.tar.xz"
 fi
-
-if [ -e $PREV_SOURCE_TARBALL ]; then
-    echo ""
-    echo "Deleting old sources tarball $PREV_SOURCE_TARBALL"
-    $(ask_cont_abort_question "Is this ok?") || exit 0
-    rm "$PREV_SOURCE_TARBALL"
-    rm "$PREV_SOURCE_TARBALL.asc"
-fi
--- a/firefox-100.0.2.source.tar.xz
+++ b/firefox-100.0.2.source.tar.xz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:dc109861204f6938fd8f147af89a694eb516f3d4bb64ce3f0116452d654a8417
+size 482708576
--- a/firefox-100.0.2.source.tar.xz.asc
+++ b/firefox-100.0.2.source.tar.xz.asc
@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCgAdFiEEQ2D+IQnEl2MYb44h6+QekPbxL20FAmKG9vEACgkQ6+QekPbx
+L23hBA//QKUM6apNd2eej4pXUdWxjHbVCqGsmK5hoBLpHj11n3b9YpYHNJaOMmRj
+uqK0anPUCEcTz7kT7liEjXAyGhzbdCjk2IzZ5RF214zcKgHElgp0zKzvvuVnkpfF
+ZA90JC2db2I6h/qFKQriohKCkPYKK32hKRj+t0cXq6yZMpaHKOjnvmBfFkLNm0y6
+YjIBHWGNrPyD7r+Z66UZE1N9catNwJYCFbHQfr0BSCcjNbSRyZMo8Spx2ObdbArL
+syPC408MRIGhgTHA/62u/8Z6YprQXCqg6fb9zJ+Ol6ZvFVdCkeLFQxKgAAa1lydK
+M1FOJ4PWe5+1bkih5C5McdWYGQkjpePjUIk0q/NGQj08zkfLbBBChtvrgC++WLjq
+7+fmILFSwyyemjH7WnG6u16gKNpW44tYfaYp0WWTghonmEAKAcj43Es3u1BIjpa2
+dtKx8R3PrOYtlnxirRyP0Si8hXAluMlf3YG8VIftDGZeAvfs3Mt5wYey3vWL5fFk
+d3U9WvjAaNPwsEmlwmhC0cv7/QwbxhDxI9nDIAeTohaWLyEktaLQ0HifKJEC0yZx
+PJTF6iDqE/P6cQBLAEU29O5KgfHyfee6S9iTER1nyEFM7Rwpd4B64Z1NhQGMK+d5
+uALQVPVybsBLI/pBat+FIy+6E5cZ6hBoJljr3aRRuCfjUTF7P24=
+=i3w3
+-----END PGP SIGNATURE-----
--- a/firefox-100.0.source.tar.xz
+++ b/firefox-100.0.source.tar.xz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:664c0cc4e0fb70886aa4e652d144996045d533a18eebc7d61093103cbb2d5e7f
-size 487179576
--- a/firefox-100.0.source.tar.xz.asc
+++ b/firefox-100.0.source.tar.xz.asc
@ -1,16 +0,0 @@
-----BEGIN PGP SIGNATURE-----
-
-iQIzBAABCgAdFiEEQ2D+IQnEl2MYb44h6+QekPbxL20FAmJrHk8ACgkQ6+QekPbx
-L21ybg//UB24hAPWkUvbFBDe2XU+uVyIvUCu9n3+6srAg9pkbZrSRPu6PeLzutDM
-QjgtWDD2Wh9yboOak6ev/iaZTJMJz/SOU9UhZaT0MAA88aheciMLQXzdqMl6tAjr
-RJqotzqF1jUT/np+0BpDGmJR6WgMznHzFtn6Lxum91SYUyRJkUgo0nmAWtShJo+A
-Y4m3v9um3oKfWPmplAwOvMsFB6VAFPuYcvIVcQW/LBipnTXOnbwT7dqnRuWx4PGY
-k0WAMBOJM4gIcaaSREssObTRjLhnOlmBhopCag/R4+oS2/3kc0TbkVGiWGXeCkEy
-2RtDg8MVKqC9QVHlE5amG3JRmk8qrvzfj9C8UQoL7dv2MSjdE90Tc2XajeZwt2cn
-tulClkS+/4Gu4FD/prRNSnGaRyyHmGx0IYQvcHKGyCFspjz5DyPn1Cdjt/BHAMUU
-Ji5nM0Gipp0yhVs5jMnABQSvPtwDnlTrw9DtSLzIe/OLTZawRIMa/Xo9Xo6P1gIf
-8ld2K3wy2pAYPE+GPXU+JX7uLS7JvIaE2AvxpnYoTUhv5sDdLN5NQTcY0bY4AjMS
-ym03DrIIrQq1NfHwWEzPvpiypcRg3LzK3Zkf7BLYfboPT5dsO2/aiaEEZRyhhDZS
-4NZ7BKvrGx3wP90y2H2Mrpy0v6/FGXF/0iR8Ekd/zWtXGI7DIww=
-=Uc4J
-----END PGP SIGNATURE-----
--- a/l10n-100.0.2.tar.xz
+++ b/l10n-100.0.2.tar.xz
--- a/8
+++ b/8
@ -1,10 +1,10 @@
 PRODUCT="firefox"
 CHANNEL="release"
-VERSION="100.0"
+VERSION="100.0.2"
 VERSION_SUFFIX=""
-PREV_VERSION="99.0.1"
+PREV_VERSION="100.0.1"
 PREV_VERSION_SUFFIX=""
 #SKIP_LOCALES="" # Uncomment to skip l10n and compare-locales-generation
 RELEASE_REPO="https://hg.mozilla.org/releases/mozilla-release"
-RELEASE_TAG="1c7f7adc90e2b4c8d64548938bb1499033c5be8f"
-RELEASE_TIMESTAMP="20220428192727"
+RELEASE_TAG="7ce9f0fe6cb4c4a2eb518c0add727a60d5672542"
+RELEASE_TIMESTAMP="20220519220738"