From 4bc2d6eb9587c0eaabb4d881406e3d34da0cf0d3 Mon Sep 17 00:00:00 2001 From: Jacob Wang Date: Tue, 6 May 2025 13:59:33 +0800 Subject: [PATCH 1/2] [CVE]update to firefox-128.10.0-1 to #IC5NJV update to firefox-128.10.0-1 for CVE-2025-2817 CVE-2025-4083 CVE-2025-4087 CVE-2025-4091 CVE-2025-4093 Project: TC2024080204 Signed-off-by: Jacob Wang --- download | 4 +- ...refs.js => firefox-redhat-default-prefs.js | 4 +- firefox.spec | 48 ++++++++----------- 3 files changed, 25 insertions(+), 31 deletions(-) rename firefox-anolis-default-prefs.js => firefox-redhat-default-prefs.js (93%) diff --git a/download b/download index 4db81da..77538c6 100644 --- a/download +++ b/download @@ -1,6 +1,6 @@ fc25f988b87b5187d4e2f006efa699a3 cbindgen-vendor.tar.xz -41b4ac80021f2f640d9ee7599f6dabb8 firefox-128.9.0esr.b2.processed-source.tar.xz -fcfc7957f33934068b81ef12265a3e96 firefox-langpacks-128.9.0esr-20250331.tar.xz +ec91207cf793227ad67dbbca0386c7ee firefox-128.10.0esr.processed-source.tar.xz +6d27d0be9d6201266fc07bf7d2a1230f firefox-langpacks-128.10.0esr-20250422.tar.xz b3c1d2ea615cb0195f4f62b005773262 mochitest-python.tar.gz 2d901c7a62fc68bbd8816e8c4c6276c1 wasi-sdk-20.tar.gz 7b35b9a003996b1f1dbc3cd936a609f2 nspr-4.35.0-1.el8_1.src.rpm diff --git a/firefox-anolis-default-prefs.js b/firefox-redhat-default-prefs.js similarity index 93% rename from firefox-anolis-default-prefs.js rename to firefox-redhat-default-prefs.js index ad8dbea..4263a3d 100644 --- a/firefox-anolis-default-prefs.js +++ b/firefox-redhat-default-prefs.js @@ -14,8 +14,8 @@ pref("browser.shell.checkDefaultBrowser", false); pref("network.manage-offline-status", true); pref("extensions.shownSelectionUI", true); pref("ui.SpellCheckerUnderlineStyle", 1); -pref("startup.homepage_override_url", "https://openanolis.cn/"); -pref("startup.homepage_welcome_url", "https://openanolis.cn/"); +pref("startup.homepage_override_url", "%HOMEPAGE%"); +pref("startup.homepage_welcome_url", "%HOMEPAGE%"); pref("browser.startup.homepage", "data:text/plain,browser.startup.homepage=file:///%PREFIX%/share/doc/HTML/index.html"); pref("media.gmp-gmpopenh264.autoupdate",true); pref("media.gmp-gmpopenh264.enabled",false); diff --git a/firefox.spec b/firefox.spec index b37bf0f..32f2659 100644 --- a/firefox.spec +++ b/firefox.spec @@ -1,4 +1,3 @@ -%define anolis_release .0.1 %define homepage %(grep '^HOME_URL\s*=' /etc/os-release | sed 's/^HOME_URL\s*=//;s/^\s*"//;s/"\s*$//') %global disable_toolsets 0 @@ -19,15 +18,15 @@ %{lua: function dist_to_rhel_minor(str, start) - match = string.match(str, ".module%+an8.%d+") + match = string.match(str, ".module%+el8.%d+") if match then return string.sub(match, 13) end - match = string.match(str, ".an8_%d+") + match = string.match(str, ".el8_%d+") if match then return string.sub(match, 6) end - match = string.match(str, ".an8") + match = string.match(str, ".el8") if match then return 10 end @@ -41,7 +40,7 @@ function dist_to_rhel_minor(str, start) end match = string.match(str, ".el9") if match then - return 6 + return 7 end match = string.match(str, ".el10_%d+") if match then @@ -49,7 +48,7 @@ function dist_to_rhel_minor(str, start) end match = string.match(str, ".el10") if match then - return 0 + return 1 end return -1 end} @@ -119,7 +118,7 @@ end} %if 0%{?rhel} > 7 && 0%{?rhel} < 10 %global use_gcc_ts 1 - %if 0%{?rhel} == 9 && %{rhel_minor_version} >= 6 + %if (0%{?rhel} == 9 && %{rhel_minor_version} >= 6) || (0%{?rhel} == 8 && %{rhel_minor_version} >= 10) # clang depends on gcc-toolset-14-gcc-c++ %global gts_version 14 %else @@ -157,7 +156,7 @@ end} # If set to .b2 or .b3 ... the processed source file needs to be renamed before upload, e.g. # firefox-102.8.0esr.b2.processed-source.tar.xz # When unset use processed source file name as is. -%global buildnum .b2 +#%%global buildnum .b2 %bcond_without langpacks @@ -167,13 +166,11 @@ end} Summary: Mozilla Firefox Web browser Name: firefox -Version: 128.9.0 -Release: 2%{anolis_release}%{?dist} +Version: 128.10.0 +Release: 1%{?dist} URL: https://www.mozilla.org/firefox/ License: MPLv1.1 or GPLv2+ or LGPLv2+ -ExcludeArch: loongarch64 - %if 0%{?rhel} >= 9 ExcludeArch: %{ix86} %endif @@ -200,12 +197,12 @@ ExcludeArch: aarch64 s390 ppc # Link to original tarball: https://archive.mozilla.org/pub/firefox/releases/%%{version}%%{?pre_version}/source/firefox-%%{version}%%{?pre_version}.source.tar.xz Source0: firefox-%{version}%{?pre_version}%{?buildnum}.processed-source.tar.xz %if %{with langpacks} -Source1: firefox-langpacks-%{version}%{?pre_version}-20250331.tar.xz +Source1: firefox-langpacks-%{version}%{?pre_version}-20250422.tar.xz %endif Source2: cbindgen-vendor.tar.xz Source3: process-official-tarball Source10: firefox-mozconfig -Source12: firefox-anolis-default-prefs.js +Source12: firefox-redhat-default-prefs.js Source20: firefox.desktop Source21: firefox.sh.in Source23: firefox.1 @@ -428,10 +425,10 @@ BuildRequires: lld BuildRequires: clang cmake ninja-build %endif -#%if !0%{?flatpak} +%if !0%{?flatpak} #TODO -#BuildRequires: system-bookmarks -#%endif +BuildRequires: system-bookmarks +%endif %if 0%{?test_on_wayland} BuildRequires: dbus-x11 @@ -488,7 +485,6 @@ BuildRequires: gcc-toolset-%{gts_version}-gcc BuildRequires: gcc-toolset-%{gts_version}-gcc-plugin-annobin # Do not explicitly require gcc-toolset-%{gts_version}-gcc-g++ instead fail # when clang is upgraded to depend on a later toolset and adjust version. -BuildRequires: gcc-toolset-%{gts_version}-gcc-c++ %endif Requires: mozilla-filesystem @@ -1694,10 +1690,10 @@ EOF %endif # set up our default bookmarks -#%if !0%{?flatpak} - #%global default_bookmarks_file /usr/share/bookmarks/default-bookmarks.html - #%{__cp} -p %{default_bookmarks_file} objdir/dist/bin/browser/chrome/browser/content/browser/default-bookmarks.html -#%endif +%if !0%{?flatpak} + %global default_bookmarks_file /usr/share/bookmarks/default-bookmarks.html + %{__cp} -p %{default_bookmarks_file} objdir/dist/bin/browser/chrome/browser/content/browser/default-bookmarks.html +%endif # Make sure locale works for langpacks %{__cat} > objdir/dist/bin/browser/defaults/preferences/firefox-l10n.js << EOF @@ -1970,7 +1966,7 @@ gtk-update-icon-cache %{_datadir}/icons/hicolor &>/dev/null || : %{mozappdir}/fonts/TwemojiMozilla.ttf %{mozappdir}/glxtest %{mozappdir}/vaapitest -%ifarch aarch64 +%ifarch aarch64 riscv64 %{mozappdir}/v4l2test %endif @@ -1992,10 +1988,8 @@ gtk-update-icon-cache %{_datadir}/icons/hicolor &>/dev/null || : #--------------------------------------------------------------------- %changelog -* Mon Apr 07 2025 Liwei Ge - 128.9.0-2.0.1 -- Add firefox-anolis-default-prefs.js -- Remove bookmarks and loongarch64 -- Add BuildRequires gcc-toolset-13-gcc-c++ +* Tue Apr 22 2025 Eike Rathke - 128.10.0-1 +- Update to 128.10.0 build1 * Mon Mar 31 2025 Eike Rathke - 128.9.0-2 - Update to 128.9.0 build2 -- Gitee From af43f0fe2b4eeed29ac7c01ee6eab3e9f0b19239 Mon Sep 17 00:00:00 2001 From: Zhao Hang Date: Thu, 16 Dec 2021 06:12:47 +0000 Subject: [PATCH 2/2] rebrand: add firefox-anolis-default-prefs.js --- ...refs.js => firefox-anolis-default-prefs.js | 4 +-- firefox.spec | 35 ++++++++++++------- 2 files changed, 24 insertions(+), 15 deletions(-) rename firefox-redhat-default-prefs.js => firefox-anolis-default-prefs.js (93%) diff --git a/firefox-redhat-default-prefs.js b/firefox-anolis-default-prefs.js similarity index 93% rename from firefox-redhat-default-prefs.js rename to firefox-anolis-default-prefs.js index 4263a3d..ad8dbea 100644 --- a/firefox-redhat-default-prefs.js +++ b/firefox-anolis-default-prefs.js @@ -14,8 +14,8 @@ pref("browser.shell.checkDefaultBrowser", false); pref("network.manage-offline-status", true); pref("extensions.shownSelectionUI", true); pref("ui.SpellCheckerUnderlineStyle", 1); -pref("startup.homepage_override_url", "%HOMEPAGE%"); -pref("startup.homepage_welcome_url", "%HOMEPAGE%"); +pref("startup.homepage_override_url", "https://openanolis.cn/"); +pref("startup.homepage_welcome_url", "https://openanolis.cn/"); pref("browser.startup.homepage", "data:text/plain,browser.startup.homepage=file:///%PREFIX%/share/doc/HTML/index.html"); pref("media.gmp-gmpopenh264.autoupdate",true); pref("media.gmp-gmpopenh264.enabled",false); diff --git a/firefox.spec b/firefox.spec index 32f2659..586cbd7 100644 --- a/firefox.spec +++ b/firefox.spec @@ -1,3 +1,4 @@ +%define anolis_release .0.1 %define homepage %(grep '^HOME_URL\s*=' /etc/os-release | sed 's/^HOME_URL\s*=//;s/^\s*"//;s/"\s*$//') %global disable_toolsets 0 @@ -18,17 +19,17 @@ %{lua: function dist_to_rhel_minor(str, start) - match = string.match(str, ".module%+el8.%d+") + match = string.match(str, ".module%+an8.%d+") if match then return string.sub(match, 13) end - match = string.match(str, ".el8_%d+") + match = string.match(str, ".an8_%d+") if match then return string.sub(match, 6) end - match = string.match(str, ".el8") + match = string.match(str, ".an8") if match then - return 10 + return 8 end match = string.match(str, ".module%+el9.%d+") if match then @@ -167,10 +168,12 @@ end} Summary: Mozilla Firefox Web browser Name: firefox Version: 128.10.0 -Release: 1%{?dist} +Release: 1%{anolis_release}%{?dist} URL: https://www.mozilla.org/firefox/ License: MPLv1.1 or GPLv2+ or LGPLv2+ +ExcludeArch: loongarch64 + %if 0%{?rhel} >= 9 ExcludeArch: %{ix86} %endif @@ -202,7 +205,7 @@ Source1: firefox-langpacks-%{version}%{?pre_version}-20250422.tar.xz Source2: cbindgen-vendor.tar.xz Source3: process-official-tarball Source10: firefox-mozconfig -Source12: firefox-redhat-default-prefs.js +Source12: firefox-anolis-default-prefs.js Source20: firefox.desktop Source21: firefox.sh.in Source23: firefox.1 @@ -425,10 +428,10 @@ BuildRequires: lld BuildRequires: clang cmake ninja-build %endif -%if !0%{?flatpak} +#%if !0%{?flatpak} #TODO -BuildRequires: system-bookmarks -%endif +#BuildRequires: system-bookmarks +#%endif %if 0%{?test_on_wayland} BuildRequires: dbus-x11 @@ -485,6 +488,7 @@ BuildRequires: gcc-toolset-%{gts_version}-gcc BuildRequires: gcc-toolset-%{gts_version}-gcc-plugin-annobin # Do not explicitly require gcc-toolset-%{gts_version}-gcc-g++ instead fail # when clang is upgraded to depend on a later toolset and adjust version. +BuildRequires: gcc-toolset-%{gts_version}-gcc-c++ %endif Requires: mozilla-filesystem @@ -1690,10 +1694,10 @@ EOF %endif # set up our default bookmarks -%if !0%{?flatpak} - %global default_bookmarks_file /usr/share/bookmarks/default-bookmarks.html - %{__cp} -p %{default_bookmarks_file} objdir/dist/bin/browser/chrome/browser/content/browser/default-bookmarks.html -%endif +#%if !0%{?flatpak} + #%global default_bookmarks_file /usr/share/bookmarks/default-bookmarks.html + #%{__cp} -p %{default_bookmarks_file} objdir/dist/bin/browser/chrome/browser/content/browser/default-bookmarks.html +#%endif # Make sure locale works for langpacks %{__cat} > objdir/dist/bin/browser/defaults/preferences/firefox-l10n.js << EOF @@ -1988,6 +1992,11 @@ gtk-update-icon-cache %{_datadir}/icons/hicolor &>/dev/null || : #--------------------------------------------------------------------- %changelog +* Tue May 06 2025 Liwei Ge - 128.10.0-1.0.1 +- Add firefox-anolis-default-prefs.js +- Remove bookmarks and loongarch64 +- Add BuildRequires gcc-toolset-13-gcc-c++ + * Tue Apr 22 2025 Eike Rathke - 128.10.0-1 - Update to 128.10.0 build1 -- Gitee