--- a/MozillaFirefox/MozillaFirefox.changes Sun May 01 18:18:56 2022 +0200
+++ b/MozillaFirefox/MozillaFirefox.changes Sun Jun 12 16:05:04 2022 +0200
@@ -1,4 +1,114 @@
-------------------------------------------------------------------
+Fri Jun 10 20:45:37 UTC 2022 - Andreas Stieger <andreas.stieger@gmx.de>
+
+- Mozilla Firefox 101.0.1:
+ * Fixed context menus not appearing when right-clicking
+ Picture-in-Picture windows on some Linux systems (bmo#1771914)
+ * Various stability fixes
+
+-------------------------------------------------------------------
+Sun May 29 08:02:45 UTC 2022 - Wolfgang Rosenauer <wr@rosenauer.org>
+
+- Mozilla Firefox 101.0
+ * Reading is now easier with the prefers-contrast media query,
+ which allows sites to detect if the user has requested that web
+ content is presented with a higher (or lower) contrast
+ * All non-configured MIME types can now be assigned a custom
+ action upon download completion
+ * allows users to use as many microphones as you want, at the
+ same time, during video conferencing. The most exciting benefit
+ is that you can easily switch your microphones at any time
+ (if your conferencing service provider enables this flexibility)
+ MFSA 2022-20 (bsc#1200027)
+ * CVE-2022-31736 (bmo#1735923)
+ Cross-Origin resource's length leaked
+ * CVE-2022-31737 (bmo#1743767)
+ Heap buffer overflow in WebGL
+ * CVE-2022-31738 (bmo#1756388)
+ Browser window spoof using fullscreen mode
+ * CVE-2022-31739 (bmo#1765049)
+ Attacker-influenced path traversal when saving downloaded files
+ * CVE-2022-31740 (bmo#1766806)
+ Register allocation problem in WASM on arm64
+ * CVE-2022-31741 (bmo#1767590)
+ Uninitialized variable leads to invalid memory read
+ * CVE-2022-31742 (bmo#1730434)
+ Querying a WebAuthn token with a large number of allowCredential
+ entries may have leaked cross-origin information
+ * CVE-2022-31743 (bmo#1747388)
+ HTML Parsing incorrectly ended HTML comments prematurely
+ * CVE-2022-31744 (bmo#1757604)
+ CSP bypass enabling stylesheet injection
+ * CVE-2022-31745 (bmo#1760944)
+ Incorrect Assertion caused by unoptimized array shift operations
+ * CVE-2022-1919 (bmo#1761275)
+ Memory Corruption when manipulating webp images
+ * CVE-2022-31747 (bmo#1760765, bmo#1765610, bmo#1766283,
+ bmo#1767365, bmo#1768559, bmo#1768734)
+ Memory safety bugs fixed in Firefox 101 and Firefox ESR 91.10
+ * CVE-2022-31748 (bmo#1713773, bmo#1762201, bmo#1762469,
+ bmo#1762770, bmo#1764878, bmo#1765226, bmo#1765782, bmo#1765973,
+ bmo#1767177, bmo#1767181, bmo#1768232, bmo#1768251, bmo#1769869)
+ Memory safety bugs fixed in Firefox 101
+- requires
+ * NSS 3.78.1
+ * rust-cbindgen 0.23.0
+ * rust 1.59
+
+-------------------------------------------------------------------
+Fri May 20 15:03:50 UTC 2022 - Wolfgang Rosenauer <wr@rosenauer.org>
+
+- Mozilla Firefox 100.0.2
+ MFSA 2022-19 (bsc#1199768)
+ * CVE-2022-1802 (bmo#1770137)
+ Prototype pollution in Top-Level Await implementation
+ * CVE-2022-1529 (bmo#1770048)
+ Untrusted input used in JavaScript object indexing, leading
+ to prototype pollution
+
+-------------------------------------------------------------------
+Wed May 18 20:27:49 UTC 2022 - Andreas Stieger <andreas.stieger@gmx.de>
+
+- Mozilla Firefox 100.0.1:
+ * Fixed: Fixed an issue with subtitles in Picture-in-Picture
+ mode while using Netflix (bmo#1768818)
+ * Fixed: Fixed an issue where some commands were unavailable in
+ the Picture-in-Picture window (bmo#1768201)
+
+-------------------------------------------------------------------
+Sun May 1 21:31:01 UTC 2022 - Wolfgang Rosenauer <wr@rosenauer.org>
+
+- Mozilla Firefox 100.0
+ * subtitle support in PiP
+ * spell checking supports multiple languages in parallel
+ * more details here
+ https://www.mozilla.org/en-US/firefox/100.0/releasenotes
+ MFSA 2022-16 (boo#1198970)
+ * CVE-2022-29914 (bmo#1746448)
+ Fullscreen notification bypass using popups
+ * CVE-2022-29909 (bmo#1755081)
+ Bypassing permission prompt in nested browsing contexts
+ * CVE-2022-29916 (bmo#1760674)
+ Leaking browser history with CSS variables
+ * CVE-2022-29911 (bmo#1761981)
+ iframe Sandbox bypass
+ * CVE-2022-29912 (bmo#1692655)
+ Reader mode bypassed SameSite cookies
+ * CVE-2022-29910 (bmo#1757138)
+ Firefox for Android forgot HTTP Strict Transport Security
+ settings
+ * CVE-2022-29915 (bmo#1751678)
+ Leaking cross-origin redirect through the Performance API
+ * CVE-2022-29917 (bmo#1684739, bmo#1706441, bmo#1753298,
+ bmo#1762614, bmo#1762620, bmo#1764778)
+ Memory safety bugs fixed in Firefox 100 and Firefox ESR 91.9
+ * CVE-2022-29918 (bmo#1744043, bmo#1747178, bmo#1753535,
+ bmo#1754017, bmo#1755847, bmo#1756172, bmo#1757477,
+ bmo#1758223, bmo#1760160, bmo#1761481, bmo#1761771)
+ Memory safety bugs fixed in Firefox 100
+- requires NSS 3.77
+
+-------------------------------------------------------------------
Tue Apr 12 19:30:30 UTC 2022 - Andreas Stieger <andreas.stieger@gmx.de>
- Mozilla Firefox 99.0.1
--- a/MozillaFirefox/MozillaFirefox.spec Sun May 01 18:18:56 2022 +0200
+++ b/MozillaFirefox/MozillaFirefox.spec Sun Jun 12 16:05:04 2022 +0200
@@ -28,9 +28,9 @@
# orig_suffix b3
# major 69
# mainver %major.99
-%define major 99
+%define major 101
%define mainver %major.0.1
-%define orig_version 99.0.1
+%define orig_version 101.0.1
%define orig_suffix %{nil}
%define update_channel release
%define branding 1
@@ -103,7 +103,7 @@
# Newer sle/leap/tw use parallel versioned rust releases which have
# a different method for provides that we can use to request a
# specific version
-BuildRequires: rust+cargo >= 1.57
+BuildRequires: rust+cargo >= 1.59
%endif
%if 0%{useccache} != 0
BuildRequires: ccache
@@ -114,7 +114,7 @@
BuildRequires: libproxy-devel
BuildRequires: makeinfo
BuildRequires: mozilla-nspr-devel >= 4.33
-BuildRequires: mozilla-nss-devel >= 3.76.1
+BuildRequires: mozilla-nss-devel >= 3.78.1
BuildRequires: nasm >= 2.14
BuildRequires: nodejs >= 10.22.1
%if 0%{?sle_version} >= 120000 && 0%{?sle_version} < 150000
@@ -124,7 +124,7 @@
BuildRequires: python3 >= 3.5
BuildRequires: python3-devel
%endif
-BuildRequires: rust-cbindgen >= 0.19.0
+BuildRequires: rust-cbindgen >= 0.23.0
BuildRequires: unzip
BuildRequires: update-desktop-files
BuildRequires: xorg-x11-libXt-devel
--- a/MozillaFirefox/create-tar.sh Sun May 01 18:18:56 2022 +0200
+++ b/MozillaFirefox/create-tar.sh Sun Jun 12 16:05:04 2022 +0200
@@ -37,7 +37,6 @@
fi
SOURCE_TARBALL="$PRODUCT-$VERSION$VERSION_SUFFIX.source.tar.xz"
-PREV_SOURCE_TARBALL="$PRODUCT-$PREV_VERSION$PREV_VERSION_SUFFIX.source.tar.xz"
FTP_URL="https://ftp.mozilla.org/pub/$PRODUCT/releases/$VERSION$VERSION_SUFFIX/source"
FTP_CANDIDATES_BASE_URL="https://ftp.mozilla.org/pub/$PRODUCT/candidates"
# Make first letter of PRODCUT upper case
@@ -146,48 +145,22 @@
fi
}
-function locales_parse_file() {
- FILE="$1"
- cat "$FILE" | python -c "import json; import sys; \
- print('\n'.join(['{} {}'.format(key, value['revision']) \
- for key, value in sorted(json.load(sys.stdin).items())]));"
-}
-
-function locales_parse_url() {
+function locales_parse() {
URL="$1"
curl -s "$URL" | python -c "import json; import sys; \
print('\n'.join(['{} {}'.format(key, value['changeset']) \
for key, value in sorted(json.load(sys.stdin)['locales'].items())]));"
}
-function extract_locales_file() {
- # still need to extract the locale information from the archive
- echo "extract locale changesets"
- tar -xf $SOURCE_TARBALL $LOCALE_FILE
-}
-
function locales_unchanged() {
BUILD_ID="$1"
PREV_BUILD_ID=$(get_build_number "$PREV_VERSION$PREV_VERSION_SUFFIX")
# If no json-file for one of the versions can be found, we say "they changed"
prev_url=$(locales_get "$PREV_VERSION$PREV_VERSION_SUFFIX" "$PREV_BUILD_ID") || return 1
- prev_content=$(locales_parse_url "$prev_url") || exit 1
+ curr_url=$(locales_get "$VERSION$VERSION_SUFFIX" "$BUILD_ID") || return 1
- curr_url=$(locales_get "$VERSION$VERSION_SUFFIX" "$BUILD_ID")
- if [ $? -ne 0 ]; then
- # We did not find a locales file upstream on the servers
- if [ -e $SOURCE_TARBALL ]; then
- # We can find out what the locales are, by extracting the json-file from the tar-ball
- # instead of getting it from the server
- extract_locales_file || return 1
- curr_content=$(locales_parse_file "$LOCALE_FILE") || exit 1
- else
- # We can't know what the locales are in the current version
- return 1
- fi
- else
- curr_content=$(locales_parse_url "$curr_url") || exit 1
- fi
+ prev_content=$(locales_parse "$prev_url") || exit 1
+ curr_content=$(locales_parse "$curr_url") || exit 1
diff -y --suppress-common-lines -d <(echo "$prev_content") <(echo "$curr_content")
}
@@ -238,7 +211,9 @@
# we might have an upstream archive already and can skip the checkout
if [ -e $SOURCE_TARBALL ]; then
if [ -z ${SKIP_LOCALES+x} ] && [ $LOCALES_CHANGED -ne 0 ]; then
- extract_locales_file
+ # still need to extract the locale information from the archive
+ echo "extract locale changesets"
+ tar -xf $SOURCE_TARBALL $LOCALE_FILE
fi
get_source_stamp "$BUILD_ID"
else
@@ -353,11 +328,3 @@
echo "Moving l10n-$PREV_VERSION$PREV_VERSION_SUFFIX.tar.xz to l10n-$VERSION$VERSION_SUFFIX.tar.xz"
mv "l10n-$PREV_VERSION$PREV_VERSION_SUFFIX.tar.xz" "l10n-$VERSION$VERSION_SUFFIX.tar.xz"
fi
-
-if [ -e $PREV_SOURCE_TARBALL ]; then
- echo ""
- echo "Deleting old sources tarball $PREV_SOURCE_TARBALL"
- $(ask_cont_abort_question "Is this ok?") || exit 0
- rm "$PREV_SOURCE_TARBALL"
- rm "$PREV_SOURCE_TARBALL.asc"
-fi
--- a/MozillaFirefox/tar_stamps Sun May 01 18:18:56 2022 +0200
+++ b/MozillaFirefox/tar_stamps Sun Jun 12 16:05:04 2022 +0200
@@ -1,10 +1,10 @@
PRODUCT="firefox"
CHANNEL="release"
-VERSION="99.0.1"
+VERSION="101.0.1"
VERSION_SUFFIX=""
-PREV_VERSION="99.0"
+PREV_VERSION="101.0"
PREV_VERSION_SUFFIX=""
#SKIP_LOCALES="" # Uncomment to skip l10n and compare-locales-generation
RELEASE_REPO="https://hg.mozilla.org/releases/mozilla-release"
-RELEASE_TAG="0f814a8ab240bb6df6bbc5a88865f979e03f0f68"
-RELEASE_TIMESTAMP="20220411174855"
+RELEASE_TAG="c66093146ac832a0748f0f8a31139664abf73a42"
+RELEASE_TIMESTAMP="20220608170832"
--- a/mozilla-kde.patch Sun May 01 18:18:56 2022 +0200
+++ b/mozilla-kde.patch Sun Jun 12 16:05:04 2022 +0200
@@ -3,7 +3,7 @@
# Date 1559294891 -7200
# Fri May 31 11:28:11 2019 +0200
# Node ID c2aa7198fb925e7fde96abf65b6f68b9b755f112
-# Parent 8d1110b6918acc4e7d3f655d1e55f4b4ff630abe
+# Parent eeedc49c16aba3b50d1547315a88091a1c765904
Description: Add KDE integration to Firefox (toolkit parts)
Author: Wolfgang Rosenauer <wolfgang@rosenauer.org>
Author: Lubos Lunak <lunak@suse.com>
@@ -13,12 +13,12 @@
diff --git a/modules/libpref/Preferences.cpp b/modules/libpref/Preferences.cpp
--- a/modules/libpref/Preferences.cpp
+++ b/modules/libpref/Preferences.cpp
-@@ -84,16 +84,17 @@
- #include "plbase64.h"
+@@ -88,16 +88,17 @@
#include "PLDHashTable.h"
#include "plstr.h"
#include "prlink.h"
#include "xpcpublic.h"
+ #include "js/RootingAPI.h"
#ifdef MOZ_BACKGROUNDTASKS
# include "mozilla/BackgroundTasks.h"
#endif
@@ -31,7 +31,7 @@
#ifdef MOZ_MEMORY
# include "mozmemory.h"
#endif
-@@ -4634,16 +4635,27 @@ nsresult Preferences::InitInitialObjects
+@@ -4767,16 +4768,27 @@ nsresult Preferences::InitInitialObjects
"unix.js"
# if defined(_AIX)
,
@@ -59,7 +59,7 @@
// Load jar:$app/omni.jar!/defaults/preferences/*.js
// or jar:$gre/omni.jar!/defaults/preferences/*.js.
-@@ -4708,17 +4720,17 @@ nsresult Preferences::InitInitialObjects
+@@ -4841,17 +4853,17 @@ nsresult Preferences::InitInitialObjects
}
nsCOMPtr<nsIFile> path = do_QueryInterface(elem);
@@ -81,7 +81,7 @@
diff --git a/modules/libpref/moz.build b/modules/libpref/moz.build
--- a/modules/libpref/moz.build
+++ b/modules/libpref/moz.build
-@@ -118,16 +118,20 @@ EXPORTS.mozilla += [
+@@ -120,16 +120,20 @@ EXPORTS.mozilla += [
]
EXPORTS.mozilla += sorted(["!" + g for g in gen_h])
@@ -828,7 +828,7 @@
]
elif CONFIG["MOZ_WIDGET_TOOLKIT"] == "windows":
UNIFIED_SOURCES += [
-@@ -126,16 +128,17 @@ include("/ipc/chromium/chromium-config.m
+@@ -130,16 +132,17 @@ include("/ipc/chromium/chromium-config.m
FINAL_LIBRARY = "xul"
LOCAL_INCLUDES += [
@@ -1263,7 +1263,7 @@
diff --git a/widget/gtk/moz.build b/widget/gtk/moz.build
--- a/widget/gtk/moz.build
+++ b/widget/gtk/moz.build
-@@ -136,16 +136,17 @@ FINAL_LIBRARY = "xul"
+@@ -154,16 +154,17 @@ FINAL_LIBRARY = "xul"
LOCAL_INCLUDES += [
"/layout/base",
@@ -1277,7 +1277,7 @@
"/widget/headless",
]
- if CONFIG["MOZ_X11"]:
+ if CONFIG["MOZ_X11"] or CONFIG["MOZ_WAYLAND"]:
LOCAL_INCLUDES += [
"/widget/x11",
]
@@ -1825,7 +1825,7 @@
# include "prmem.h"
# include "plbase64.h"
-@@ -2071,62 +2072,77 @@ nsLocalFile::SetPersistentDescriptor(con
+@@ -2071,20 +2072,29 @@ nsLocalFile::SetPersistentDescriptor(con
NS_IMETHODIMP
nsLocalFile::Reveal() {
@@ -1834,47 +1834,10 @@
}
#ifdef MOZ_WIDGET_GTK
-- nsCOMPtr<nsIGIOService> giovfs = do_GetService(NS_GIOSERVICE_CONTRACTID);
++ nsAutoCString url;
+ nsCOMPtr<nsIGIOService> giovfs = do_GetService(NS_GIOSERVICE_CONTRACTID);
- if (!giovfs) {
-- return NS_ERROR_FAILURE;
-- }
-+ nsAutoCString url;
-
- bool isDirectory;
- if (NS_FAILED(IsDirectory(&isDirectory))) {
- return NS_ERROR_FAILURE;
- }
-
-+ nsCOMPtr<nsIGIOService> giovfs = do_GetService(NS_GIOSERVICE_CONTRACTID);
- if (isDirectory) {
-- return giovfs->ShowURIForInput(mPath);
-+ url = mPath;
- }
- if (NS_SUCCEEDED(giovfs->OrgFreedesktopFileManager1ShowItems(mPath))) {
- return NS_OK;
- }
- nsCOMPtr<nsIFile> parentDir;
- nsAutoCString dirPath;
- if (NS_FAILED(GetParent(getter_AddRefs(parentDir)))) {
- return NS_ERROR_FAILURE;
- }
- if (NS_FAILED(parentDir->GetNativePath(dirPath))) {
- return NS_ERROR_FAILURE;
- }
-
-- return giovfs->ShowURIForInput(dirPath);
-+ url = dirPath;
- #elif defined(MOZ_WIDGET_COCOA)
- CFURLRef url;
- if (NS_SUCCEEDED(GetCFURL(&url))) {
- nsresult rv = CocoaFileUtils::RevealFileInFinder(url);
- ::CFRelease(url);
- return rv;
- }
- return NS_ERROR_FAILURE;
- #else
- return NS_ERROR_FAILURE;
- #endif
++ url = mPath;
+ if(nsKDEUtils::kdeSupport()) {
+ nsTArray<nsCString> command;
+ command.AppendElement( "REVEAL"_ns );
@@ -1883,10 +1846,18 @@
+ }
+
+ if (!giovfs)
-+ return NS_ERROR_FAILURE;
+ return NS_ERROR_FAILURE;
+- }
+
-+ return giovfs->ShowURIForInput(url);
- }
+ return giovfs->RevealFile(this);
+ #elif defined(MOZ_WIDGET_COCOA)
+ CFURLRef url;
+ if (NS_SUCCEEDED(GetCFURL(&url))) {
+ nsresult rv = CocoaFileUtils::RevealFileInFinder(url);
+ ::CFRelease(url);
+ return rv;
+ }
+@@ -2096,16 +2106,23 @@ nsLocalFile::Reveal() {
NS_IMETHODIMP
nsLocalFile::Launch() {
@@ -1901,11 +1872,12 @@
+ command.AppendElement( mPath );
+ return nsKDEUtils::command( command ) ? NS_OK : NS_ERROR_FAILURE;
+ }
++
nsCOMPtr<nsIGIOService> giovfs = do_GetService(NS_GIOSERVICE_CONTRACTID);
if (!giovfs) {
return NS_ERROR_FAILURE;
}
- return giovfs->ShowURIForInput(mPath);
+ return giovfs->LaunchFile(mPath);
#elif defined(MOZ_WIDGET_ANDROID)
// Not supported on GeckoView
--- a/mozilla-silence-no-return-type.patch Sun May 01 18:18:56 2022 +0200
+++ b/mozilla-silence-no-return-type.patch Sun Jun 12 16:05:04 2022 +0200
@@ -1,10 +1,10 @@
# HG changeset patch
-# Parent 1191efd2ea64c4081a1825176a50e872a525d4da
+# Parent 6d59717f59a1c0dc50140e750d665c7e98de3e66
diff --git a/Cargo.lock b/Cargo.lock
--- a/Cargo.lock
+++ b/Cargo.lock
-@@ -2196,18 +2196,16 @@ name = "glsl-to-cxx"
+@@ -2207,18 +2207,16 @@ name = "glsl-to-cxx"
version = "0.1.0"
dependencies = [
"glsl",
@@ -26,16 +26,15 @@
diff --git a/Cargo.toml b/Cargo.toml
--- a/Cargo.toml
+++ b/Cargo.toml
-@@ -106,13 +106,13 @@ moz_asserts = { path = "mozglue/static/r
- async-task = { git = "https://github.com/smol-rs/async-task", rev="f6488e35beccb26eb6e85847b02aa78a42cd3d0e" }
- chardetng = { git = "https://github.com/hsivonen/chardetng", rev="3484d3e3ebdc8931493aa5df4d7ee9360a90e76b" }
+@@ -109,12 +109,13 @@ chardetng = { git = "https://github.com/
chardetng_c = { git = "https://github.com/hsivonen/chardetng_c", rev="ed8a4c6f900a90d4dbc1d64b856e61490a1c3570" }
coremidi = { git = "https://github.com/chris-zen/coremidi.git", rev="fc68464b5445caf111e41f643a2e69ccce0b4f83" }
+ fog = { path = "toolkit/components/glean/api" }
libudev-sys = { path = "dom/webauthn/libudev-sys" }
- packed_simd = { git = "https://github.com/hsivonen/packed_simd", rev="8b4bd7d8229660a749dbe419a57ea01df9de5453" }
+ packed_simd = { package = "packed_simd_2", git = "https://github.com/hsivonen/packed_simd", rev="c149d0a519bf878567c7630096737669ec2ff15f" }
midir = { git = "https://github.com/mozilla/midir.git", rev = "4c11f0ffb5d6a10de4aff40a7b81218b33b94e6f" }
minidump_writer_linux = { git = "https://github.com/msirringhaus/minidump_writer_linux.git", rev = "029ac0d54b237f27dc7d8d4e51bc0fb076e5e852" }
--
+
+glslopt = { path = "third_party/rust/glslopt/" }
# Patch mio 0.6 to use winapi 0.3 and miow 0.3, getting rid of winapi 0.2.
# There is not going to be new version of mio 0.6, mio now being >= 0.7.11.