From 3505fbb0316c29e5df0f4a389f304dac684bd467325fb30b613492cd78f5ce2e Mon Sep 17 00:00:00 2001 From: Wolfgang Rosenauer Date: Mon, 19 Oct 2020 20:37:04 +0000 Subject: [PATCH 1/3] - Mozilla Firefox 82.0 - requires * NSPR 4.29 * NSS 3.57 OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=863 --- MozillaFirefox.changes | 8 ++++++++ MozillaFirefox.spec | 11 +++++------ firefox-81.0.1.source.tar.xz | 3 --- firefox-81.0.1.source.tar.xz.asc | 16 ---------------- firefox-82.0.source.tar.xz | 3 +++ firefox-82.0.source.tar.xz.asc | 16 ++++++++++++++++ l10n-81.0.1.tar.xz | 3 --- l10n-82.0.tar.xz | 3 +++ tar_stamps | 8 ++++---- 9 files changed, 39 insertions(+), 32 deletions(-) delete mode 100644 firefox-81.0.1.source.tar.xz delete mode 100644 firefox-81.0.1.source.tar.xz.asc create mode 100644 firefox-82.0.source.tar.xz create mode 100644 firefox-82.0.source.tar.xz.asc delete mode 100644 l10n-81.0.1.tar.xz create mode 100644 l10n-82.0.tar.xz diff --git a/MozillaFirefox.changes b/MozillaFirefox.changes index 905c850..2f98558 100644 --- a/MozillaFirefox.changes +++ b/MozillaFirefox.changes @@ -1,3 +1,11 @@ +------------------------------------------------------------------- +Thu Oct 15 20:44:47 UTC 2020 - Wolfgang Rosenauer + +- Mozilla Firefox 82.0 +- requires + * NSPR 4.29 + * NSS 3.57 + ------------------------------------------------------------------- Thu Oct 1 20:00:27 UTC 2020 - Wolfgang Rosenauer diff --git a/MozillaFirefox.spec b/MozillaFirefox.spec index 226032c..c931bde 100644 --- a/MozillaFirefox.spec +++ b/MozillaFirefox.spec @@ -29,9 +29,9 @@ # orig_suffix b3 # major 69 # mainver %major.99 -%define major 81 -%define mainver %major.0.1 -%define orig_version 81.0.1 +%define major 82 +%define mainver %major.0 +%define orig_version 82.0 %define orig_suffix %{nil} %define update_channel release %define branding 1 @@ -100,8 +100,8 @@ BuildRequires: libidl-devel BuildRequires: libiw-devel BuildRequires: libproxy-devel BuildRequires: makeinfo -BuildRequires: mozilla-nspr-devel >= 4.28 -BuildRequires: mozilla-nss-devel >= 3.56 +BuildRequires: mozilla-nspr-devel >= 4.29 +BuildRequires: mozilla-nss-devel >= 3.57 BuildRequires: nasm >= 2.14 BuildRequires: nodejs10 >= 10.21.0 %if 0%{?sle_version} >= 120000 && 0%{?sle_version} < 150000 @@ -109,7 +109,6 @@ BuildRequires: python-libxml2 BuildRequires: python36 %else BuildRequires: python3 >= 3.5 -BuildRequires: python3-curses BuildRequires: python3-devel %endif BuildRequires: rust >= 1.43 diff --git a/firefox-81.0.1.source.tar.xz b/firefox-81.0.1.source.tar.xz deleted file mode 100644 index 075a340..0000000 --- a/firefox-81.0.1.source.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:7eac8d3eaaf580e0f30e9bd79d798c3138aaa5fa2737616fa08c588b730e8fff -size 338268036 diff --git a/firefox-81.0.1.source.tar.xz.asc b/firefox-81.0.1.source.tar.xz.asc deleted file mode 100644 index 913304b..0000000 --- a/firefox-81.0.1.source.tar.xz.asc +++ /dev/null @@ -1,16 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQIzBAABCgAdFiEECXsxMHeuYqAvhNpN8aZmj7t9Vy4FAl90xbEACgkQ8aZmj7t9 -Vy6qlw/9E81nELZCpAGu1jph9WaPlFUqoy3fPp8/CYcGJqWNhspanGfVHHWbX9Of -TZbzhzx4SU11F1ZfZ8JEDIuUgy7cEdUhWWviTVkeArp6KzGFOBBGasTLSH5FSHUW -efpzpkScOdn6xzVqSzxqwVh+pPwmPwzmUeDY+/ret5cD2u1XbuIxAxb64Qfrfv5p -sgoqYmmRCMvPDSakUn9if8gy9tCgoe8uwuX9sqiDjmKs/dEEXQN5OBV+564XvZZ+ -kfuAgCSWF5ZQGkKUIqLFkYKzGrPspB7xj0/sGroaAUFZzFv7z/Y7r5JayiYk38cT -Ntvr2dtn1Hw+sbc3ll89TlXqNH5y31yvem17w9+NfFYmQF1a6aEgpdWbZIeOpZN7 -vKh1D5np1l/edb83omCmN/I4V3t2tKNdkmXS4jvgS3M08MZS4QSAStSOaaqQJjpa -wEvWh7oPD4fFJCgXMkrdxTK4HstjtT/efd5nANfy+xI+/EHjVJuJ8Lbv3tQIhaOV -or4AG2kWBvcnOQ4oV2v3+WLxgWqDn4+LxOzF0qp9kYH2nEE7BnVknMi2qmlucEFB -47WtVDmuWPC8tlFAbl7PKz0EayYcfT16FgMHh7kTOQG63PiTZEb8jXJNwvYGelYs -irqnRLdemqR4UOwJCs2rcXFb/FulDWmwCecoOogKF0Xxgj20Ss0= -=1zoN ------END PGP SIGNATURE----- diff --git a/firefox-82.0.source.tar.xz b/firefox-82.0.source.tar.xz new file mode 100644 index 0000000..bd46d57 --- /dev/null +++ b/firefox-82.0.source.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:90c58707f5bd34978e2d1bcadbe463556edc0878430f969893ae2f89c5d464c2 +size 334793772 diff --git a/firefox-82.0.source.tar.xz.asc b/firefox-82.0.source.tar.xz.asc new file mode 100644 index 0000000..5c9720f --- /dev/null +++ b/firefox-82.0.source.tar.xz.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCgAdFiEECXsxMHeuYqAvhNpN8aZmj7t9Vy4FAl+HNGMACgkQ8aZmj7t9 +Vy6gQg/+JvhngW43mWfh69rXdVrlsCzV2CPRFxJF7PjHMRHZXSoIe/8zu6F7wS/7 +EUQURQWq62hHf4fJKJsgPqEkad5g/jxi7iluFEPz2OBXK0WP2rPRCioIkSfSYltq +XWyWxsLbC5tHwlOeIQHCuuNm92+kvz2YxpfUyLtgo2D8FSJ3TqP8aFTB558yuVqN +TxZJst+J2/n1XNF+Ke5hvN898321jMEqGR+wpTNr0s3/DQ5JBZ8qssBFpoMqnJWU +4Z37ZScTxBepAUMdyHcZHiDnHZuUC8pfRGtac560Mh36yGUW5XzIjQm42lM4iNZg +iXmjqJlNHMF9UkZFb3WLb4Eet33fE8DTpp8UznXsUaQvajIRLSYLb71Ci0jPaWNO +fntxL0Clt9ze1EgsF98Wn1MO8PQnVxOd5oLdIlrG4NF9qRk7uUPuBRV2bqE62+wo +MNi5XrjEIEwxtVzQLWkunIczGTtvuHvHCd5f1dDWAkiiFGM6oXbaR4GOk7cYknNs +zRHJxa74rfkSXA2IeXnA1oiVPKxpjeKdcgLoIjWjEghPpRpQrMv1aqIiqd5ajSfm +hFpP8jgLgpKlB+AyH9wtODMOa7MBb6C+e2/Sgoa/R/CEdPUPr4BSu+ZL3qzaMeQh +sN/aae3DOvXtT8h0N0bIssgWdqCfScbkkr/tFQ7d1LzDpfh24Iw= +=AiOD +-----END PGP SIGNATURE----- diff --git a/l10n-81.0.1.tar.xz b/l10n-81.0.1.tar.xz deleted file mode 100644 index 18b0e88..0000000 --- a/l10n-81.0.1.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:d04856a48619186e0a9b51f313e13ae031d33da8e5dae24c29fe472bad926ebb -size 48826756 diff --git a/l10n-82.0.tar.xz b/l10n-82.0.tar.xz new file mode 100644 index 0000000..e72af09 --- /dev/null +++ b/l10n-82.0.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:852dfac9e056c2a504f932340bd5b1b67c1af31aa9eb5d9973e9f1004ceb6a2d +size 49018680 diff --git a/tar_stamps b/tar_stamps index 44420a8..8dafd86 100644 --- a/tar_stamps +++ b/tar_stamps @@ -1,11 +1,11 @@ PRODUCT="firefox" CHANNEL="release" -VERSION="81.0.1" +VERSION="82.0" VERSION_SUFFIX="" -PREV_VERSION="81.0" +PREV_VERSION="" PREV_VERSION_SUFFIX="" #SKIP_LOCALES="" # Uncomment to skip l10n and compare-locales-generation RELEASE_REPO="https://hg.mozilla.org/releases/mozilla-release" -RELEASE_TAG="0df30c09d098468f2f4632e62aec0954b6174dc5" -RELEASE_TIMESTAMP="20200930150533" +RELEASE_TAG="bbdea0acf29a60ac9500439691337f3e0e96eb2f" +RELEASE_TIMESTAMP="20201014125134" From 9d0a0f01656dd7b810dbb02a448c19473923ff7d4f835856961c6d1ca76c0f4e Mon Sep 17 00:00:00 2001 From: Wolfgang Rosenauer Date: Wed, 21 Oct 2020 09:43:59 +0000 Subject: [PATCH 2/3] * https://www.mozilla.org/en-US/firefox/82.0/releasenotes/ MFSA 2020-45 (bsc#1177872) * CVE-2020-15969 (bmo#1666570) Use-after-free in usersctp * CVE-2020-15254 (bmo#1668514) Undefined behavior in bounded channel of crossbeam rust crate * CVE-2020-15680 (bmo#1658881) Presence of external protocol handlers could be determined through image tags * CVE-2020-15681 (bmo#1666568) Multiple WASM threads may have overwritten each others' stub table entries * CVE-2020-15682 (bmo#1636654) The domain associated with the prompt to open an external protocol could be spoofed to display the incorrect origin * CVE-2020-15683 (bmo#1576843, bmo#1656987, bmo#1660954, bmo#1662760, bmo#1663439, bmo#1666140) Memory safety bugs fixed in Firefox 82 and Firefox ESR 78.4 * CVE-2020-15684 (bmo#1653764, bmo#1661402, bmo#1662259, bmo#1664257) Memory safety bugs fixed in Firefox 82 OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=864 --- MozillaFirefox.changes | 21 +++++++++++++++++++++ MozillaFirefox.spec | 7 ++++++- 2 files changed, 27 insertions(+), 1 deletion(-) diff --git a/MozillaFirefox.changes b/MozillaFirefox.changes index 2f98558..f9af8f7 100644 --- a/MozillaFirefox.changes +++ b/MozillaFirefox.changes @@ -2,6 +2,27 @@ Thu Oct 15 20:44:47 UTC 2020 - Wolfgang Rosenauer - Mozilla Firefox 82.0 + * https://www.mozilla.org/en-US/firefox/82.0/releasenotes/ + MFSA 2020-45 (bsc#1177872) + * CVE-2020-15969 (bmo#1666570) + Use-after-free in usersctp + * CVE-2020-15254 (bmo#1668514) + Undefined behavior in bounded channel of crossbeam rust crate + * CVE-2020-15680 (bmo#1658881) + Presence of external protocol handlers could be determined + through image tags + * CVE-2020-15681 (bmo#1666568) + Multiple WASM threads may have overwritten each others' stub + table entries + * CVE-2020-15682 (bmo#1636654) + The domain associated with the prompt to open an external + protocol could be spoofed to display the incorrect origin + * CVE-2020-15683 (bmo#1576843, bmo#1656987, bmo#1660954, + bmo#1662760, bmo#1663439, bmo#1666140) + Memory safety bugs fixed in Firefox 82 and Firefox ESR 78.4 + * CVE-2020-15684 (bmo#1653764, bmo#1661402, bmo#1662259, + bmo#1664257) + Memory safety bugs fixed in Firefox 82 - requires * NSPR 4.29 * NSS 3.57 diff --git a/MozillaFirefox.spec b/MozillaFirefox.spec index c931bde..f3736b2 100644 --- a/MozillaFirefox.spec +++ b/MozillaFirefox.spec @@ -558,8 +558,13 @@ ac_add_options --enable-official-branding %endif EOF +%ifarch %ix86 +%define njobs 1 +%else +%define njobs 0%{?jobs:%jobs} +%endif sed -r '/^(ja-JP-mac|ga-IE|en-US|)$/d;s/ .*$//' $RPM_BUILD_DIR/%{srcname}-%{orig_version}/browser/locales/shipped-locales \ - | xargs -n 1 %{?jobs:-P %jobs} -I {} /bin/sh -c ' + | xargs -n 1 %{?njobs:-P %njobs} -I {} /bin/sh -c ' locale=$1 cp ${MOZCONFIG}_LANG ${MOZCONFIG}_$locale sed -i "s|obj_LANG|obj_$locale|" ${MOZCONFIG}_$locale From 07ba0d6bada18a138202189294d100314a041e19dafc6c252b33e7cce87e1b66 Mon Sep 17 00:00:00 2001 From: Wolfgang Rosenauer Date: Wed, 21 Oct 2020 20:15:44 +0000 Subject: [PATCH 3/3] MFSA 2020-45 (bsc#1177872) OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=865 --- MozillaFirefox.changes | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/MozillaFirefox.changes b/MozillaFirefox.changes index f9af8f7..b448f6d 100644 --- a/MozillaFirefox.changes +++ b/MozillaFirefox.changes @@ -3,7 +3,7 @@ Thu Oct 15 20:44:47 UTC 2020 - Wolfgang Rosenauer - Mozilla Firefox 82.0 * https://www.mozilla.org/en-US/firefox/82.0/releasenotes/ - MFSA 2020-45 (bsc#1177872) + MFSA 2020-45 (bsc#1177872) * CVE-2020-15969 (bmo#1666570) Use-after-free in usersctp * CVE-2020-15254 (bmo#1668514)