- Mozilla Firefox 100.0.2

MFSA 2022-19 (bsc#1199768)
  * CVE-2022-1802 (bmo#1770137)
    Prototype pollution in Top-Level Await implementation
  * CVE-2022-1529 (bmo#1770048)
    Untrusted input used in JavaScript object indexing, leading
    to prototype pollution

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=977

MozillaFirefox.changes

@@ -1,3 +1,14 @@
+-------------------------------------------------------------------
+Fri May 20 15:03:50 UTC 2022 - Wolfgang Rosenauer <wr@rosenauer.org>
+
+- Mozilla Firefox 100.0.2
+  MFSA 2022-19 (bsc#1199768)
+  * CVE-2022-1802 (bmo#1770137)
+    Prototype pollution in Top-Level Await implementation
+  * CVE-2022-1529 (bmo#1770048)
+    Untrusted input used in JavaScript object indexing, leading
+    to prototype pollution
+
 -------------------------------------------------------------------
 Wed May 18 20:27:49 UTC 2022 - Andreas Stieger <andreas.stieger@gmx.de>
 

MozillaFirefox.spec

@@ -29,8 +29,8 @@
 # major 69
 # mainver %major.99
 %define major          100
-%define mainver        %major.0.1
-%define orig_version   100.0.1
+%define mainver        %major.0.2
+%define orig_version   100.0.2
 %define orig_suffix    %{nil}
 %define update_channel release
 %define branding       1

firefox-100.0.1.source.tar.xz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:13bc55e1c32a6ad32b4a3b37296a0459f41b0981489fc22da491256773c51c9d
-size 490127024

firefox-100.0.1.source.tar.xz.asc

@@ -1,16 +0,0 @@
------BEGIN PGP SIGNATURE-----
-
-iQIzBAABCgAdFiEEQ2D+IQnEl2MYb44h6+QekPbxL20FAmJ+y18ACgkQ6+QekPbx
-L21i9A/+OHvC+5nLJ3rkX3TvzkPYsUKT2ZXTnoFBA0kvUC9niqSHqjTwIRGNd40N
-AoarbJC5VDf0j2u1HPoKcfUtIjPnHd7lOCInd3VtlLj+R2C6FrTmkiUcrPATVeuW
-1Lw0DOHd0E5udBRsy16+NvGWVzfw/5n0gqs5tCclWIvjqnpbMlM4HvZ4s48Mf5Qv
-eKh/IyNb0Tl0u2HaN/lkiJQ43HfTa8BmFJy0rv592sIy1Sar1zVQoJ9RhBqiLubb
-h3g01hgPBnA4lmqgLKTEVCZUIg7FWNoic4u82eOxVEb3xQ09lEwMWvUMA8FgKFYv
-lOW7cuAfExHgcr6oFdqYiPxnBrCocutFsHqokAFUzxYcCxibVm0Fx4zrJL4p63Pi
-YK1OGrn8Eyr+8bfxI1cqhsmlX/Jw72Y79Ybjxd8eMD3mTkLkoQbdKZ9caDLKViNV
-OIs6jsNqBGwrX5hfTyqBgkAKDi8KjHB1lRs2qRIimMhujD6z9332PqLhMzyvx8oQ
-tf4IOuTI6jQ9jIKPcYgix+mufWkou0iYf0By9ergmkDoHphQ7hnE2t0rZMMDOWL0
-SGgJgTpb7XYKhl6eHIRTreOoXGbCHPHFUWmw9aXXn4EdaH8tXRkQyEpmpjb5C+tO
-UzmcKLWjGsvf4wsbYIDx2Lqt0SlK60ni1N/S89fDmmRgLagAlrI=
-=vn99
------END PGP SIGNATURE-----

firefox-100.0.2.source.tar.xz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:dc109861204f6938fd8f147af89a694eb516f3d4bb64ce3f0116452d654a8417
+size 482708576

firefox-100.0.2.source.tar.xz.asc

@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCgAdFiEEQ2D+IQnEl2MYb44h6+QekPbxL20FAmKG9vEACgkQ6+QekPbx
+L23hBA//QKUM6apNd2eej4pXUdWxjHbVCqGsmK5hoBLpHj11n3b9YpYHNJaOMmRj
+uqK0anPUCEcTz7kT7liEjXAyGhzbdCjk2IzZ5RF214zcKgHElgp0zKzvvuVnkpfF
+ZA90JC2db2I6h/qFKQriohKCkPYKK32hKRj+t0cXq6yZMpaHKOjnvmBfFkLNm0y6
+YjIBHWGNrPyD7r+Z66UZE1N9catNwJYCFbHQfr0BSCcjNbSRyZMo8Spx2ObdbArL
+syPC408MRIGhgTHA/62u/8Z6YprQXCqg6fb9zJ+Ol6ZvFVdCkeLFQxKgAAa1lydK
+M1FOJ4PWe5+1bkih5C5McdWYGQkjpePjUIk0q/NGQj08zkfLbBBChtvrgC++WLjq
+7+fmILFSwyyemjH7WnG6u16gKNpW44tYfaYp0WWTghonmEAKAcj43Es3u1BIjpa2
+dtKx8R3PrOYtlnxirRyP0Si8hXAluMlf3YG8VIftDGZeAvfs3Mt5wYey3vWL5fFk
+d3U9WvjAaNPwsEmlwmhC0cv7/QwbxhDxI9nDIAeTohaWLyEktaLQ0HifKJEC0yZx
+PJTF6iDqE/P6cQBLAEU29O5KgfHyfee6S9iTER1nyEFM7Rwpd4B64Z1NhQGMK+d5
+uALQVPVybsBLI/pBat+FIy+6E5cZ6hBoJljr3aRRuCfjUTF7P24=
+=i3w3
+-----END PGP SIGNATURE-----

tar_stamps

@@ -1,10 +1,10 @@
 PRODUCT="firefox"
 CHANNEL="release"
-VERSION="100.0.1"
+VERSION="100.0.2"
 VERSION_SUFFIX=""
-PREV_VERSION="100.0"
+PREV_VERSION="100.0.1"
 PREV_VERSION_SUFFIX=""
 #SKIP_LOCALES="" # Uncomment to skip l10n and compare-locales-generation
 RELEASE_REPO="https://hg.mozilla.org/releases/mozilla-release"
-RELEASE_TAG="b1c0f261443931d2a01f2fdc7016db5424cb471d"
-RELEASE_TIMESTAMP="20220513165813"
+RELEASE_TAG="7ce9f0fe6cb4c4a2eb518c0add727a60d5672542"
+RELEASE_TIMESTAMP="20220519220738"