diff --git a/.firefox.metadata b/.firefox.metadata index 1e6295c..62f2f5e 100644 --- a/.firefox.metadata +++ b/.firefox.metadata @@ -1,6 +1,6 @@ 52f2d51d0e17d137571bf3a766f514d34e28e556 SOURCES/cbindgen-vendor.tar.xz -8161b83c675a6a598a89e377bc50c675cb0bf43c SOURCES/firefox-102.3.0esr.processed-source.tar.xz -e7f01e90e3d0ca5dfa84d44e9e8b9a0770585d72 SOURCES/firefox-langpacks-102.3.0esr-20220913.tar.xz +c0e4d44aee25bed036ad1f534bbd53a395f77f3c SOURCES/firefox-102.5.0esr.processed-source.tar.xz +cd8dfecbe2062065caf994fba339d87e95342068 SOURCES/firefox-langpacks-102.5.0esr-20221109.tar.xz da39a3ee5e6b4b0d3255bfef95601890afd80709 SOURCES/mochitest-python.tar.gz af58b3c87a8b5491dde63b07efaeb3d7f1ec56c1 SOURCES/nspr-4.34.0-3.el8_1.src.rpm fc5297c6830f0a1e88f84b94b0b066487664061b SOURCES/nss-3.79.0-6.el8_1.src.rpm diff --git a/.gitignore b/.gitignore index e1d19cc..a84f1f1 100644 --- a/.gitignore +++ b/.gitignore @@ -1,6 +1,6 @@ SOURCES/cbindgen-vendor.tar.xz -SOURCES/firefox-102.3.0esr.processed-source.tar.xz -SOURCES/firefox-langpacks-102.3.0esr-20220913.tar.xz +SOURCES/firefox-102.5.0esr.processed-source.tar.xz +SOURCES/firefox-langpacks-102.5.0esr-20221109.tar.xz SOURCES/mochitest-python.tar.gz SOURCES/nspr-4.34.0-3.el8_1.src.rpm SOURCES/nss-3.79.0-6.el8_1.src.rpm diff --git a/README.debrand b/README.debrand deleted file mode 100644 index 01c46d2..0000000 --- a/README.debrand +++ /dev/null @@ -1,2 +0,0 @@ -Warning: This package was configured for automatic debranding, but the changes -failed to apply. diff --git a/SOURCES/D158770.diff b/SOURCES/D158770.diff new file mode 100644 index 0000000..1d76995 --- /dev/null +++ b/SOURCES/D158770.diff @@ -0,0 +1,25 @@ +diff --git a/parser/expat/lib/xmlparse.c b/parser/expat/lib/xmlparse.c +--- a/parser/expat/lib/xmlparse.c ++++ b/parser/expat/lib/xmlparse.c +@@ -5652,12 +5652,18 @@ + else + #endif /* XML_DTD */ + { + processor = contentProcessor; + /* see externalEntityContentProcessor vs contentProcessor */ +- return doContent(parser, parentParser ? 1 : 0, encoding, s, end, +- nextPtr, (XML_Bool)!ps_finalBuffer); ++ result = doContent(parser, parser->m_parentParser ? 1 : 0, ++ parser->m_encoding, s, end, nextPtr, ++ (XML_Bool)! parser->m_parsingStatus.finalBuffer); ++ if (result == XML_ERROR_NONE) { ++ if (! storeRawNames(parser)) ++ return XML_ERROR_NO_MEMORY; ++ } ++ return result; + } + } + + static enum XML_Error PTRCALL + errorProcessor(XML_Parser parser, + diff --git a/SOURCES/build-rhel7-lower-node-min-version.patch b/SOURCES/build-rhel7-lower-node-min-version.patch new file mode 100644 index 0000000..477847e --- /dev/null +++ b/SOURCES/build-rhel7-lower-node-min-version.patch @@ -0,0 +1,11 @@ +--- firefox-102.4.0/python/mozbuild/mozbuild/nodeutil.py.lower-node-min-version 2022-10-10 17:55:56.000000000 +0200 ++++ firefox-102.4.0/python/mozbuild/mozbuild/nodeutil.py 2022-10-17 14:57:47.476182627 +0200 +@@ -13,7 +13,7 @@ from mozboot.util import get_tools_dir + from mozfile import which + from six import PY3 + +-NODE_MIN_VERSION = StrictVersion("10.24.1") ++NODE_MIN_VERSION = StrictVersion("10.24.0") + NPM_MIN_VERSION = StrictVersion("6.14.12") + + diff --git a/SOURCES/webrtc-nss-fix.patch b/SOURCES/webrtc-nss-fix.patch new file mode 100644 index 0000000..78b458d --- /dev/null +++ b/SOURCES/webrtc-nss-fix.patch @@ -0,0 +1,25 @@ +diff -up firefox-102.3.0/third_party/libsrtp/src/crypto/cipher/aes_gcm_nss.c.webrtc-fix firefox-102.3.0/third_party/libsrtp/src/crypto/cipher/aes_gcm_nss.c +--- firefox-102.3.0/third_party/libsrtp/src/crypto/cipher/aes_gcm_nss.c.webrtc-fix 2022-10-04 18:58:30.563683229 +0200 ++++ firefox-102.3.0/third_party/libsrtp/src/crypto/cipher/aes_gcm_nss.c 2022-10-04 18:58:44.583652963 +0200 +@@ -293,7 +293,7 @@ static srtp_err_status_t srtp_aes_gcm_ns + + int rv; + SECItem param = { siBuffer, (unsigned char *)&c->params, +- sizeof(CK_GCM_PARAMS) }; ++ sizeof(CK_NSS_GCM_PARAMS) }; + if (encrypt) { + rv = PK11_Encrypt(c->key, CKM_AES_GCM, ¶m, buf, enc_len, + *enc_len + 16, buf, *enc_len); +diff -up firefox-102.3.0/third_party/libsrtp/src/crypto/include/aes_gcm.h.webrtc-fix firefox-102.3.0/third_party/libsrtp/src/crypto/include/aes_gcm.h +--- firefox-102.3.0/third_party/libsrtp/src/crypto/include/aes_gcm.h.webrtc-fix 2022-10-04 18:59:16.635583764 +0200 ++++ firefox-102.3.0/third_party/libsrtp/src/crypto/include/aes_gcm.h 2022-10-04 18:59:31.848550924 +0200 +@@ -101,7 +101,7 @@ typedef struct { + uint8_t iv[12]; + uint8_t aad[MAX_AD_SIZE]; + int aad_size; +- CK_GCM_PARAMS params; ++ CK_NSS_GCM_PARAMS params; + uint8_t tag[16]; + } srtp_aes_gcm_ctx_t; + +diff -up firefox-102.3.0/third_party/prio/prio/encrypt.c.webrtc-fix firefox-102.3.0/third_party/prio/prio/encrypt.c diff --git a/SPECS/firefox.spec b/SPECS/firefox.spec index 2548e30..a60529b 100644 --- a/SPECS/firefox.spec +++ b/SPECS/firefox.spec @@ -200,8 +200,8 @@ end} Summary: Mozilla Firefox Web browser Name: firefox -Version: 102.3.0 -Release: 6%{?dist} +Version: 102.5.0 +Release: 1%{?dist} URL: https://www.mozilla.org/firefox/ License: MPLv1.1 or GPLv2+ or LGPLv2+ @@ -225,7 +225,7 @@ ExcludeArch: aarch64 s390 ppc # Link to original tarball: https://archive.mozilla.org/pub/firefox/releases/%{version}%{?pre_version}/source/firefox-%{version}%{?pre_version}.source.tar.xz Source0: firefox-%{version}%{?pre_version}.processed-source.tar.xz %if %{with langpacks} -Source1: firefox-langpacks-%{version}%{?pre_version}-20220913.tar.xz +Source1: firefox-langpacks-%{version}%{?pre_version}-20221109.tar.xz %endif Source2: cbindgen-vendor.tar.xz Source3: process-official-tarball @@ -272,6 +272,7 @@ Patch73: build-ascii-decode-fail-rhel7.patch Patch75: build-big-endian-errors.patch Patch76: firefox-nss-version.patch Patch77: mozilla-1775202.patch +Patch78: build-rhel7-lower-node-min-version.patch # Test patches @@ -289,6 +290,7 @@ Patch226: rhbz-1354671.patch Patch228: disable-openh264-download.patch Patch229: firefox-nss-addon-hack.patch Patch230: D110204-fscreen.diff +Patch231: webrtc-nss-fix.patch # Upstream patches Patch415: mozilla-1670333.patch @@ -300,6 +302,7 @@ Patch420: mozilla-bmo998749.patch Patch421: mozilla-s390x-skia-gradient.patch Patch422: one_swizzle_to_rule_them_all.patch Patch423: svg-rendering.patch +Patch424: D158770.diff # PGO/LTO patches Patch600: pgo.patch @@ -513,50 +516,66 @@ BuildRequires: gcc-toolset-12-annobin-plugin-gcc # Bundled libraries Provides: bundled(angle) +Provides: bundled(audioipc-2) +Provides: bundled(brotli) Provides: bundled(cairo) +Provides: bundled(cfworker) +Provides: bundled(d3.js) +Provides: bundled(double-conversion) +Provides: bundled(expat) +Provides: bundled(fdlibm) +Provides: bundled(ffvpx) +Provides: bundled(freetype2) Provides: bundled(graphite2) Provides: bundled(harfbuzz) -Provides: bundled(ots) -Provides: bundled(sfntly) -Provides: bundled(skia) -Provides: bundled(thebes) -Provides: bundled(WebRender) -Provides: bundled(audioipc-2) -Provides: bundled(ffvpx) +Provides: bundled(highway) +Provides: bundled(intgemm) Provides: bundled(kissfft) Provides: bundled(libaom) Provides: bundled(libcubeb) Provides: bundled(libdav1d) Provides: bundled(libjpeg) +Provides: bundled(libjxl) +Provides: bundled(libjxl) +Provides: bundled(libmar) Provides: bundled(libmkv) Provides: bundled(libnestegg) Provides: bundled(libogg) Provides: bundled(libopus) Provides: bundled(libpng) +Provides: bundled(libprio) Provides: bundled(libsoundtouch) Provides: bundled(libspeex_resampler) +Provides: bundled(libsrtp) Provides: bundled(libtheora) Provides: bundled(libtremor) Provides: bundled(libvorbis) Provides: bundled(libvpx) Provides: bundled(libwebp) +Provides: bundled(libwebrtc) Provides: bundled(libyuv) Provides: bundled(mp4parse-rust) +Provides: bundled(mp4parse-rust) +Provides: bundled(msgpack-c) +Provides: bundled(msgpack-c) Provides: bundled(mtransport) Provides: bundled(openmax_dl) -Provides: bundled(double-conversion) -Provides: bundled(brotli) -Provides: bundled(fdlibm) -Provides: bundled(freetype2) -Provides: bundled(libmar) +Provides: bundled(openmax_il) +Provides: bundled(openmax_il) +Provides: bundled(ots) +Provides: bundled(qcms) +Provides: bundled(rlbox_sandboxing_api) +Provides: bundled(sfntly) +Provides: bundled(sipcc) +Provides: bundled(skia) +Provides: bundled(sqlite3) +Provides: bundled(thebes) +Provides: bundled(wasm2c) +Provides: bundled(WebRender) Provides: bundled(woff2) Provides: bundled(xz-embedded) +Provides: bundled(ycbcr) Provides: bundled(zlib) -Provides: bundled(expat) -Provides: bundled(msgpack-c) -Provides: bundled(libprio) -Provides: bundled(rlbox_sandboxing_api) -Provides: bundled(sqlite3) %if 0%{?bundle_nss} Provides: bundled(nss) = 3.79.0 @@ -618,6 +637,9 @@ echo "use_rustts %{?use_rustts}" %patch77 -p1 -b .mozilla-1775202 %patch73 -p1 -b .build-ascii-decode-fail-rhel7 +%if 0%{?rhel} == 7 +%patch78 -p1 -b .build-rhel7-lower-node-min-version +%endif # Test patches %patch102 -p1 -b .firefox-tests-xpcshell-freeze @@ -633,6 +655,7 @@ echo "use_rustts %{?use_rustts}" %patch228 -p1 -b .disable-openh264-download %patch229 -p1 -b .firefox-nss-addon-hack %patch230 -p1 -b .D110204-fscreen.diff +%patch231 -p1 -b .webrtc-nss-fix %patch415 -p1 -b .1670333 %patch416 -p1 -b .mozilla-bmo1005535 @@ -643,6 +666,7 @@ echo "use_rustts %{?use_rustts}" %patch421 -p1 -b .mozilla-s390x-skia-gradient %patch422 -p1 -b .one_swizzle_to_rule_them_all %patch423 -p1 -b .svg-rendering +%patch424 -p1 -b .D158770.diff # PGO patches %if %{build_with_pgo} @@ -1401,8 +1425,14 @@ gtk-update-icon-cache %{_datadir}/icons/hicolor &>/dev/null || : #--------------------------------------------------------------------- %changelog -* Tue Nov 15 2022 CentOS Sources - 102.3.0-6.el9.centos -- Apply debranding changes +* Wed Nov 09 2022 Eike Rathke - 102.5.0-1 +- Update to 102.5.0 build1 + +* Wed Oct 12 2022 Eike Rathke - 102.4.0-1 +- Update to 102.4.0 build1 + +* Tue Oct 11 2022 Jan Horak - 102.3.0-7 +- Fix for expat CVE-2022-40674 and non functional webrtc * Tue Sep 13 2022 Jan Horak - 102.3.0-6 - Update to 102.3.0 build1