- Mozilla Firefox 108.0

https://www.mozilla.org/en-US/firefox/108.0/releasenotes/ MFSA 2022-51 (bsc#1206242) * CVE-2022-46871 (bmo#1795697) libusrsctp library out of date * CVE-2022-46872 (bmo#1799156) Arbitrary file read from a compromised content process * CVE-2022-46873 (bmo#1644790) Firefox did not implement the CSP directive unsafe-hashes * CVE-2022-46874 (bmo#1746139) Drag and Dropped Filenames could have been truncated to malicious extensions * CVE-2022-46875 (bmo#1786188) Download Protections were bypassed by .atloc and .ftploc files on Mac OS * CVE-2022-46877 (bmo#1795139) Fullscreen notification bypass * CVE-2022-46878 (bmo#1782219, bmo#1797370, bmo#1797685, bmo#1801102, bmo#1801315, bmo#1802395) Memory safety bugs fixed in Firefox 108 and Firefox ESR 102.6 * CVE-2022-46879 (bmo#1736224, bmo#1793407, bmo#1794249, bmo#1795845, bmo#1797682, bmo#1797720, bmo#1798494, bmo#1799479) Memory safety bugs fixed in Firefox 108 - requires NSS >= 3.85 rustc/cargo 1.65 OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=1024
2022-12-13 21:48:56 +00:00 · 2022-12-13 21:48:56 +00:00 · 1c9c2f3dd5
commit 1c9c2f3dd5
parent 948218484d
11 changed files with 91 additions and 60 deletions
--- a/MozillaFirefox.changes
+++ b/MozillaFirefox.changes
@ -1,3 +1,33 @@
+-------------------------------------------------------------------
+Tue Dec 13 13:54:35 UTC 2022 - Wolfgang Rosenauer <wr@rosenauer.org>
+
+- Mozilla Firefox 108.0
+  https://www.mozilla.org/en-US/firefox/108.0/releasenotes/
+  MFSA 2022-51 (bsc#1206242)
+  * CVE-2022-46871 (bmo#1795697)
+    libusrsctp library out of date
+  * CVE-2022-46872 (bmo#1799156)
+    Arbitrary file read from a compromised content process
+  * CVE-2022-46873 (bmo#1644790)
+    Firefox did not implement the CSP directive unsafe-hashes
+  * CVE-2022-46874 (bmo#1746139)
+    Drag and Dropped Filenames could have been truncated to
+    malicious extensions
+  * CVE-2022-46875 (bmo#1786188)
+    Download Protections were bypassed by .atloc and .ftploc
+    files on Mac OS
+  * CVE-2022-46877 (bmo#1795139)
+    Fullscreen notification bypass
+  * CVE-2022-46878 (bmo#1782219, bmo#1797370, bmo#1797685,
+    bmo#1801102, bmo#1801315, bmo#1802395)
+    Memory safety bugs fixed in Firefox 108 and Firefox ESR 102.6
+  * CVE-2022-46879 (bmo#1736224, bmo#1793407, bmo#1794249, bmo#1795845,
+    bmo#1797682, bmo#1797720, bmo#1798494, bmo#1799479)
+    Memory safety bugs fixed in Firefox 108
+- requires
+  NSS >= 3.85
+  rustc/cargo 1.65
+
 -------------------------------------------------------------------
 Thu Dec  8 08:42:14 UTC 2022 - Milachew <milachew@mail.lv>

--- a/MozillaFirefox.spec
+++ b/MozillaFirefox.spec
@ -1,5 +1,5 @@
 #
-# spec file for package MozillaFirefox
+# spec file
 #
 # Copyright (c) 2022 SUSE LLC
 # Copyright (c) 2006-2022 Wolfgang Rosenauer <wr@rosenauer.org>
@ -28,9 +28,9 @@
 # orig_suffix b3
 # major 69
 # mainver %major.99
-%define major          107
-%define mainver        %major.0.1
-%define orig_version   107.0.1
+%define major          108
+%define mainver        %major.0
+%define orig_version   108.0
 %define orig_suffix    %{nil}
 %define update_channel release
 %define branding       1
@ -99,17 +99,17 @@ BuildRequires:  gcc11-c++
 BuildRequires:  gcc-c++
 %endif
 %if 0%{?suse_version} < 1550 && 0%{?sle_version} < 150300
-BuildRequires:  cargo >= 1.61
-BuildRequires:  rust >= 1.61
+BuildRequires:  cargo >= 1.63
+BuildRequires:  rust >= 1.63
 %else
 # Newer sle/leap/tw use parallel versioned rust releases which have
 # a different method for provides that we can use to request a
 # specific version
 # minimal requirement:
-BuildRequires:  rust+cargo >= 1.61
+BuildRequires:  rust+cargo >= 1.63
 # actually used upstream:
-BuildRequires:  cargo1.64
-BuildRequires:  rust1.64
+BuildRequires:  cargo1.65
+BuildRequires:  rust1.65
 %endif
 %if 0%{useccache} != 0
 BuildRequires:  ccache
@ -120,7 +120,7 @@ BuildRequires:  libiw-devel
 BuildRequires:  libproxy-devel
 BuildRequires:  makeinfo
 BuildRequires:  mozilla-nspr-devel >= 4.35
-BuildRequires:  mozilla-nss-devel >= 3.84
+BuildRequires:  mozilla-nss-devel >= 3.85
 BuildRequires:  nasm >= 2.14
 BuildRequires:  nodejs >= 10.22.1
 %if 0%{?sle_version} >= 120000 && 0%{?sle_version} < 150000
@ -128,6 +128,7 @@ BuildRequires:  python-libxml2
 BuildRequires:  python36
 %else
 BuildRequires:  python3 >= 3.5
+BuildRequires:  python3-curses
 BuildRequires:  python3-devel
 %endif
 BuildRequires:  rust-cbindgen >= 0.24.3
@ -372,7 +373,7 @@ export MOZ_BUILD_DATE=\$RELEASE_TIMESTAMP
 export MOZILLA_OFFICIAL=1
 export BUILD_OFFICIAL=1
 export MOZ_TELEMETRY_REPORTING=1
-export MACH_USE_SYSTEM_PYTHON=1
+export MACH_BUILD_PYTHON_NATIVE_PACKAGE_SOURCE=system
 export CFLAGS="%{optflags}"
 %if 0%{?suse_version} < 1550 && 0%{?sle_version} <= 150400
 export CC=gcc-11
--- a/firefox-107.0.1.source.tar.xz
+++ b/firefox-107.0.1.source.tar.xz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:e29950b9ba9143b0d683dc18779bbe70bbd082533aff8f6a7af69b19533e0647
-size 508678860
--- a/firefox-107.0.1.source.tar.xz.asc
+++ b/firefox-107.0.1.source.tar.xz.asc
@ -1,16 +0,0 @@
-----BEGIN PGP SIGNATURE-----
-
-iQIzBAABCgAdFiEEQ2D+IQnEl2MYb44h6+QekPbxL20FAmOE6H4ACgkQ6+QekPbx
-L210nw//UBxJ7afkn/gZGTLswu7KwjOERkZzC7DkGNaBhm6RdlAZNUDnl/dhdesj
-PfgrJ98MmhXu4v69+HtqWacquGS8wYNAIdVYcPsvAy7urGPft4/jeMWjkg/PmWVN
-m3pxPHXwtH8AaYnfKPoYV0WeM0EWyaxTbK/cHMufzL4LpuC3151dKwJdmXCHq7qm
-sw4U/Sea5K0eboOqSMY1PR4thdVh8gG/CO4vIlvMiGj9TTnwEqs8bTbwQIGkIDnf
-iI+vfEj1VioifM4cpktHk5zuWMqXb4Gh7cqDhzcSkW0kClFutwjyCja1bfsXla0h
-Pg4fBt4xLay/b+RPXaPZXSBXSUxyGD37futaBPZZsv2goeoo/IVGqpa83rMYAB5j
-b8c8AnRJozUc33oQYZdLFstl9+syvmQWZGEwP8/tWRrzbvDzwpYsKuKPXtmBcnSl
-m/z2ezkiyo1hZHa8ruivimMiQY+BLfvXlIH3fE0JJpVX2cPeHL9up7Up3sypNNwx
-j9RoMT7JZN5pTN22m82WrhKvt0aHQqkTxbVOYYIy8pY+dHSxSzOEtBA7aIO1I1Yr
-gVpuNzPyZJJiVlXTzeUwhHWFslc7BwoszjPYhZEr6BOPGi/JDL39GBhdkWuvU155
-QB4ghHZ8LE8HRHULRbuQPbhv0Wx1XNIhaK8T7ur5nteYyhPopCw=
-=H1qL
-----END PGP SIGNATURE-----
--- a/firefox-108.0.source.tar.xz
+++ b/firefox-108.0.source.tar.xz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:ce0d31f89111fcce9e2dd490d810b6a704f7214ba0186fa2d2ec960099808e63
+size 503688784
--- a/firefox-108.0.source.tar.xz.asc
+++ b/firefox-108.0.source.tar.xz.asc
@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCgAdFiEEQ2D+IQnEl2MYb44h6+QekPbxL20FAmOSEiAACgkQ6+QekPbx
+L215kg//Uov6JUYkGwZ/LF1qR6uNnnrHudAt+jbpSQDZWWE+f3y0ToOeEHheKSDm
+0fsdtfwiS/tmIspFUIgMCFqIZZLOaajhjkRKag59oPtl930xrpRnYi8ue6wLo6f5
+dL5Ek4ezC/4QUhdChCfMoE8HMA/pnzFxV8OpLBv9j3S+NqBvbpbGKHgWr+4HIUEU
+f1ZTtQv+jXs/q7wMt3cXxsQNL6+R/Eilc+KBSnIkHPgUxpzhjnsZKvOKY31BuU/V
+0l0Icth3Bvxh+B5W1qvV6g1TEoLh4etBXvb7sbUc9GyyllwcjZM+8xiF0ROxrn4C
+hmDOu7sGSWu/QJY3lhLy/NK/GghGP6Bqd6G85F5p+imeNwMphhNuKIFzv95DCOtA
+5mokzzHpsWuNSPwhPmMEQVVSx896TwnjXNSARs2E81n0QgrysDJWz+ojsc/4vrZC
+OzaredKelalqjMDLZYyshQhpoDKGVVXRSSxZiMowkXvU2aqmuKoFLEwdm6MAwboh
+bEt6yUR0wYtZlPA9JqOydtq2LvAOANCuIixVu90knCVRbwUf8Mkzxcx++6FMrmpr
+2PgegfysXAqWJumjanHkRC4F3CtuH/rK5USnWUcwF+J0Waxv3V+h85mXqv8ObbNB
+M1kTtKr3fTWh+JZ4UP4QWbOhY/GEaMUfj+9yIA/q6hV/kwbeXi4=
+=INvY
+-----END PGP SIGNATURE-----
--- a/l10n-107.0.1.tar.xz
+++ b/l10n-107.0.1.tar.xz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:6b5391a7c4c28a3cd26b65930112dfb462b4052b236580c89564e3996e71dc6b
-size 49488580
--- a/l10n-108.0.tar.xz
+++ b/l10n-108.0.tar.xz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:933641ebd898ed18d4f64b75f44f1c12ae3c7154946b98572d56e36d61c4e95f
+size 49742312
--- a/mozilla-kde.patch
+++ b/mozilla-kde.patch
@ -3,7 +3,7 @@
 # Date 1559294891 -7200
 #      Fri May 31 11:28:11 2019 +0200
 # Node ID c2aa7198fb925e7fde96abf65b6f68b9b755f112
-# Parent  36f9c3a81777563ef87663a210b1cd38fdd734d9
+# Parent  e8919158faed3f4a08289fb293dd87ce56bdcc4d
 Description: Add KDE integration to Firefox (toolkit parts)
 Author: Wolfgang Rosenauer <wolfgang@rosenauer.org>
 Author: Lubos Lunak <lunak@suse.com>
@ -31,7 +31,7 @@ diff --git a/modules/libpref/Preferences.cpp b/modules/libpref/Preferences.cpp
 #ifdef MOZ_MEMORY
 #  include "mozmemory.h"
 #endif
-@@ -4849,16 +4850,27 @@ nsresult Preferences::InitInitialObjects
+@@ -4847,16 +4848,27 @@ nsresult Preferences::InitInitialObjects
     "unix.js"
 #  if defined(_AIX)
     ,
@ -57,9 +57,9 @@ diff --git a/modules/libpref/Preferences.cpp b/modules/libpref/Preferences.cpp
     NS_WARNING("Error parsing application default preferences.");
   }
 
-   // Load jar:$app/omni.jar!/defaults/preferences/*.js
-   // or jar:$gre/omni.jar!/defaults/preferences/*.js.
-@@ -4923,17 +4935,17 @@ nsresult Preferences::InitInitialObjects
+ #if defined(MOZ_WIDGET_GTK)
+   // Under Flatpak/Snap package, load /etc/firefox/defaults/pref/*.js.
+@@ -4938,17 +4950,17 @@ nsresult Preferences::InitInitialObjects
       }
 
       nsCOMPtr<nsIFile> path = do_QueryInterface(elem);
@ -81,7 +81,7 @@ diff --git a/modules/libpref/Preferences.cpp b/modules/libpref/Preferences.cpp
 diff --git a/modules/libpref/moz.build b/modules/libpref/moz.build
 --- a/modules/libpref/moz.build
 +++ b/modules/libpref/moz.build
-@@ -123,16 +123,20 @@ EXPORTS.mozilla += [
+@@ -122,16 +122,20 @@ EXPORTS.mozilla += [
 ]
 EXPORTS.mozilla += sorted(["!" + g for g in gen_h])
 
@ -151,7 +151,7 @@ diff --git a/toolkit/components/downloads/moz.build b/toolkit/components/downloa
 
 if CONFIG["MOZ_PLACES"]:
     EXTRA_JS_MODULES += [
-         "DownloadHistory.jsm",
+         "DownloadHistory.sys.mjs",
     ]
 
 FINAL_LIBRARY = "xul"
@ -255,8 +255,7 @@ diff --git a/toolkit/mozapps/downloads/HelperAppDlg.jsm b/toolkit/mozapps/downlo
 diff --git a/toolkit/system/unixproxy/nsUnixSystemProxySettings.cpp b/toolkit/system/unixproxy/nsUnixSystemProxySettings.cpp
 --- a/toolkit/system/unixproxy/nsUnixSystemProxySettings.cpp
 +++ b/toolkit/system/unixproxy/nsUnixSystemProxySettings.cpp
-@@ -10,16 +10,18 @@
- #include "prnetdb.h"
+@@ -11,16 +11,18 @@
 #include "prenv.h"
 #include "nsInterfaceHashtable.h"
 #include "nsHashtablesFwd.h"
@ -264,6 +263,7 @@ diff --git a/toolkit/system/unixproxy/nsUnixSystemProxySettings.cpp b/toolkit/sy
 #include "nsNetUtil.h"
 #include "nsISupportsPrimitives.h"
 #include "nsIGSettingsService.h"
+ #include "nsReadableUtils.h"
 +#include "nsPrintfCString.h"
 +#include "nsKDEUtils.h"
 
@ -274,7 +274,7 @@ diff --git a/toolkit/system/unixproxy/nsUnixSystemProxySettings.cpp b/toolkit/sy
   NS_DECL_ISUPPORTS
   NS_DECL_NSISYSTEMPROXYSETTINGS
 
-@@ -33,16 +35,18 @@ class nsUnixSystemProxySettings final : 
+@@ -34,16 +36,18 @@ class nsUnixSystemProxySettings final : 
   nsCOMPtr<nsIGSettingsCollection> mProxySettings;
   nsInterfaceHashtable<nsCStringHashKey, nsIGSettingsCollection>
       mSchemeProxySettings;
@ -293,7 +293,7 @@ diff --git a/toolkit/system/unixproxy/nsUnixSystemProxySettings.cpp b/toolkit/sy
 nsUnixSystemProxySettings::GetMainThreadOnly(bool* aMainThreadOnly) {
   // dbus prevents us from being threadsafe, but this routine should not block
   // anyhow
-@@ -378,21 +382,50 @@ nsresult nsUnixSystemProxySettings::GetP
+@@ -392,21 +396,50 @@ nsresult nsUnixSystemProxySettings::GetP
   return NS_OK;
 }
 
@ -1785,7 +1785,7 @@ diff --git a/xpcom/components/moz.build b/xpcom/components/moz.build
     if CONFIG["MOZ_ENABLE_DBUS"]:
         CXXFLAGS += CONFIG["MOZ_DBUS_GLIB_CFLAGS"]
 
- if CONFIG["MOZ_BACKGROUNDTASKS"]:
+ include("/ipc/chromium/chromium-config.mozbuild")
 diff --git a/xpcom/io/nsLocalFileUnix.cpp b/xpcom/io/nsLocalFileUnix.cpp
 --- a/xpcom/io/nsLocalFileUnix.cpp
 +++ b/xpcom/io/nsLocalFileUnix.cpp
@ -1807,7 +1807,7 @@ diff --git a/xpcom/io/nsLocalFileUnix.cpp b/xpcom/io/nsLocalFileUnix.cpp
 #  include "prmem.h"
 #  include "plbase64.h"
 
-@@ -2088,20 +2089,29 @@ nsLocalFile::SetPersistentDescriptor(con
+@@ -2094,20 +2095,29 @@ nsLocalFile::SetPersistentDescriptor(con
 
 NS_IMETHODIMP
 nsLocalFile::Reveal() {
@ -1839,7 +1839,7 @@ diff --git a/xpcom/io/nsLocalFileUnix.cpp b/xpcom/io/nsLocalFileUnix.cpp
     ::CFRelease(url);
     return rv;
   }
-@@ -2113,16 +2123,23 @@ nsLocalFile::Reveal() {
+@@ -2119,16 +2129,23 @@ nsLocalFile::Reveal() {
 
 NS_IMETHODIMP
 nsLocalFile::Launch() {
--- a/mozilla-silence-no-return-type.patch
+++ b/mozilla-silence-no-return-type.patch
@ -1,10 +1,10 @@
 # HG changeset patch
-# Parent  de9644d7851feebc84a70c3d513b8342211acf60
+# Parent  b1cfd1fa113437854cff1f201e2e9721104d2f61

 diff --git a/Cargo.lock b/Cargo.lock
 --- a/Cargo.lock
 +++ b/Cargo.lock
-@@ -2298,18 +2298,16 @@ name = "glsl-to-cxx"
+@@ -2318,18 +2318,16 @@ name = "glsl-to-cxx"
 version = "0.1.0"
 dependencies = [
  "glsl",
@ -26,7 +26,7 @@ diff --git a/Cargo.lock b/Cargo.lock
 diff --git a/Cargo.toml b/Cargo.toml
 --- a/Cargo.toml
 +++ b/Cargo.toml
-@@ -150,16 +150,17 @@ async-task = { git = "https://github.com
+@@ -151,16 +151,17 @@ async-task = { git = "https://github.com
 chardetng = { git = "https://github.com/hsivonen/chardetng", rev="3484d3e3ebdc8931493aa5df4d7ee9360a90e76b" }
 chardetng_c = { git = "https://github.com/hsivonen/chardetng_c", rev="ed8a4c6f900a90d4dbc1d64b856e61490a1c3570" }
 coremidi = { git = "https://github.com/chris-zen/coremidi.git", rev="fc68464b5445caf111e41f643a2e69ccce0b4f83" }
@ -38,12 +38,12 @@ diff --git a/Cargo.toml b/Cargo.toml
 +glslopt = { path = "third_party/rust/glslopt/" }
 
 # application-services overrides to make updating them all simpler.
- interrupt-support = { git = "https://github.com/mozilla/application-services", rev = "d8503475f43dbf1d78eef4e23b0578d0fada3f39" }
- sql-support = { git = "https://github.com/mozilla/application-services", rev = "d8503475f43dbf1d78eef4e23b0578d0fada3f39" }
- sync15 = { git = "https://github.com/mozilla/application-services", rev = "d8503475f43dbf1d78eef4e23b0578d0fada3f39" }
- viaduct = { git = "https://github.com/mozilla/application-services", rev = "d8503475f43dbf1d78eef4e23b0578d0fada3f39" }
- webext-storage = { git = "https://github.com/mozilla/application-services", rev = "d8503475f43dbf1d78eef4e23b0578d0fada3f39" }
- 
+ interrupt-support = { git = "https://github.com/mozilla/application-services", rev = "b09ffe23ee60a066176e5d7f9f2c6cd95c528ceb" }
+ sql-support = { git = "https://github.com/mozilla/application-services", rev = "b09ffe23ee60a066176e5d7f9f2c6cd95c528ceb" }
+ sync15 = { git = "https://github.com/mozilla/application-services", rev = "b09ffe23ee60a066176e5d7f9f2c6cd95c528ceb" }
+ tabs = { git = "https://github.com/mozilla/application-services", rev = "b09ffe23ee60a066176e5d7f9f2c6cd95c528ceb" }
+ viaduct = { git = "https://github.com/mozilla/application-services", rev = "b09ffe23ee60a066176e5d7f9f2c6cd95c528ceb" }
+ webext-storage = { git = "https://github.com/mozilla/application-services", rev = "b09ffe23ee60a066176e5d7f9f2c6cd95c528ceb" }
 diff --git a/gfx/skia/skia/include/codec/SkEncodedOrigin.h b/gfx/skia/skia/include/codec/SkEncodedOrigin.h
 --- a/gfx/skia/skia/include/codec/SkEncodedOrigin.h
 +++ b/gfx/skia/skia/include/codec/SkEncodedOrigin.h
--- a/8
+++ b/8
@ -1,10 +1,10 @@
 PRODUCT="firefox"
 CHANNEL="release"
-VERSION="107.0.1"
+VERSION="108.0"
 VERSION_SUFFIX=""
-PREV_VERSION="107.0"
+PREV_VERSION="107.0.1"
 PREV_VERSION_SUFFIX=""
 #SKIP_LOCALES="" # Uncomment to skip l10n and compare-locales-generation
 RELEASE_REPO="https://hg.mozilla.org/releases/mozilla-release"
-RELEASE_TAG="a9a9c8c68badf2c5ce288111cfa036e332617e63"
-RELEASE_TIMESTAMP="20221128144904"
+RELEASE_TAG="bea9aed6d796a9f4641c848e5e7a71e97591db4a"
+RELEASE_TIMESTAMP="20221208122842"