diff --git a/.firefox.metadata b/.firefox.metadata index 47dd99d..21b1f96 100644 --- a/.firefox.metadata +++ b/.firefox.metadata @@ -1,6 +1,6 @@ 18a8f30a0356c751b8d0ea6f76e764cab13ee046 SOURCES/Python-2.7.13.tar.xz -efe1e11501ff3d30b96ece94f6a73e21f31f28c9 SOURCES/firefox-60.2.2esr.source.tar.xz -6b8cc9281137b633d377c5ea1e9aca3afa27f2f1 SOURCES/firefox-langpacks-60.2.2esr-20181002.tar.xz +bac0745b6abdd5887ec0a46041a8252c344cdc64 SOURCES/firefox-60.3.0esr.source.tar.xz +a744c490b8bac8f14a4f3d9513731ed58004f30a SOURCES/firefox-langpacks-60.3.0esr-20181019.tar.xz 6724218efbb1f3fa14541cb2f255970b98446a45 SOURCES/firefox-symbolic.svg 0de63f863b158454b9429234b52ed28a397ec45c SOURCES/gtk3-private-3.22.26-1.el6.src.rpm e188ab1a444697bc649e223c28389d82ca94c472 SOURCES/libffi-3.0.13-18.el7_3.src.rpm diff --git a/.gitignore b/.gitignore index 4936acf..5426600 100644 --- a/.gitignore +++ b/.gitignore @@ -1,6 +1,6 @@ SOURCES/Python-2.7.13.tar.xz -SOURCES/firefox-60.2.2esr.source.tar.xz -SOURCES/firefox-langpacks-60.2.2esr-20181002.tar.xz +SOURCES/firefox-60.3.0esr.source.tar.xz +SOURCES/firefox-langpacks-60.3.0esr-20181019.tar.xz SOURCES/firefox-symbolic.svg SOURCES/gtk3-private-3.22.26-1.el6.src.rpm SOURCES/libffi-3.0.13-18.el7_3.src.rpm diff --git a/README.debrand b/README.debrand deleted file mode 100644 index 01c46d2..0000000 --- a/README.debrand +++ /dev/null @@ -1,2 +0,0 @@ -Warning: This package was configured for automatic debranding, but the changes -failed to apply. diff --git a/SOURCES/firefox-mozconfig b/SOURCES/firefox-mozconfig old mode 100755 new mode 100644 diff --git a/SOURCES/mozilla-1475775-key3-revert.patch b/SOURCES/mozilla-1475775-key3-revert.patch new file mode 100644 index 0000000..5ab7cbc --- /dev/null +++ b/SOURCES/mozilla-1475775-key3-revert.patch @@ -0,0 +1,66 @@ +diff --git a/security/manager/ssl/nsNSSComponent.cpp b/security/manager/ssl/nsNSSComponent.cpp +--- a/security/manager/ssl/nsNSSComponent.cpp ++++ b/security/manager/ssl/nsNSSComponent.cpp +@@ -1654,6 +1654,51 @@ + } + return AttemptToRenamePKCS11ModuleDB(profilePath, sqlModuleDBFilename); + } ++ ++// When we changed from the old dbm database format to the newer sqlite ++// implementation, the upgrade process left behind the existing files. Suppose a ++// user had not set a password for the old key3.db (which is about 99% of ++// users). After upgrading, both the old database and the new database are ++// unprotected. If the user then sets a password for the new database, the old ++// one will not be protected. In this scenario, we should probably just remove ++// the old database (it would only be relevant if the user downgraded to a ++// version of Firefox before 58, but we have to trade this off against the ++// user's old private keys being unexpectedly unprotected after setting a ++// password). ++// This was never an issue on Android because we always used the new ++// implementation. ++static void ++MaybeCleanUpOldNSSFiles(const nsACString& profilePath) ++{ ++ UniquePK11SlotInfo slot(PK11_GetInternalKeySlot()); ++ if (!slot) { ++ return; ++ } ++ // Unfortunately we can't now tell the difference between "there already was a ++ // password when the upgrade happened" and "there was not a password but then ++ // the user added one after upgrading". ++ bool hasPassword = PK11_NeedLogin(slot.get()) && ++ !PK11_NeedUserInit(slot.get()); ++ if (!hasPassword) { ++ return; ++ } ++ nsCOMPtr dbFile = do_CreateInstance("@mozilla.org/file/local;1"); ++ if (!dbFile) { ++ return; ++ } ++ nsresult rv = dbFile->InitWithNativePath(profilePath); ++ if (NS_FAILED(rv)) { ++ return; ++ } ++ NS_NAMED_LITERAL_CSTRING(keyDBFilename, "key3.db"); ++ rv = dbFile->AppendNative(keyDBFilename); ++ if (NS_FAILED(rv)) { ++ return; ++ } ++ // Since this isn't a directory, the `recursive` argument to `Remove` is ++ // irrelevant. ++ Unused << dbFile->Remove(false); ++} + #endif // ifndef ANDROID + + // Given a profile directory, attempt to initialize NSS. If nocertdb is true, +@@ -1685,6 +1730,9 @@ + SECStatus srv = ::mozilla::psm::InitializeNSS(profilePath, false, !safeMode); + if (srv == SECSuccess) { + MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("initialized NSS in r/w mode")); ++#ifndef ANDROID ++ MaybeCleanUpOldNSSFiles(profilePath); ++#endif // ifndef ANDROID + return NS_OK; + } + #ifndef ANDROID + diff --git a/SPECS/firefox.spec b/SPECS/firefox.spec index 1a8ff00..dc6c20d 100644 --- a/SPECS/firefox.spec +++ b/SPECS/firefox.spec @@ -23,6 +23,11 @@ %global use_rustts 1 %global dts_version 7 %global rst_version 7 +%global llvm_version 7 +%if 0%{?rhel} == 8 +%global rst_version 1.26 +%global llvm_version 6.0 +%endif # Use system cairo? %global system_cairo 0 @@ -122,7 +127,7 @@ Summary: Mozilla Firefox Web browser Name: firefox -Version: 60.2.2 +Version: 60.3.0 Release: 1%{?pre_tag}%{?dist} URL: https://www.mozilla.org/firefox/ License: MPLv1.1 or GPLv2+ or LGPLv2+ @@ -135,7 +140,7 @@ ExclusiveArch: i686 x86_64 ppc64 s390x Source0: https://hg.mozilla.org/releases/mozilla-release/archive/firefox-%{version}%{?pre_version}.source.tar.xz %if %{build_langpacks} -Source1: firefox-langpacks-%{version}%{?pre_version}-20181002.tar.xz +Source1: firefox-langpacks-%{version}%{?pre_version}-20181019.tar.xz %endif Source10: firefox-mozconfig Source12: firefox-redhat-default-prefs.js @@ -189,6 +194,8 @@ Patch402: mozilla-1196777.patch Patch406: mozilla-256180.patch Patch413: mozilla-1353817.patch Patch415: mozilla-1436242.patch +# Removing this patch could lead to deletion of passwords from user profile! +Patch416: mozilla-1475775-key3-revert.patch # Debian patches @@ -239,18 +246,18 @@ BuildRequires: devtoolset-%{dts_version}-gcc-c++ BuildRequires: devtoolset-%{dts_version}-gcc BuildRequires: devtoolset-%{dts_version}-binutils BuildRequires: devtoolset-%{dts_version}-libatomic-devel -%if 0%{?rhel} > 6 -BuildRequires: llvm-toolset-%{dts_version} -BuildRequires: llvm-toolset-%{dts_version}-llvm-devel +%if 0%{?rhel} == 7 +BuildRequires: llvm-toolset-%{llvm_version} +BuildRequires: llvm-toolset-%{llvm_version}-llvm-devel %endif %endif %if 0%{?use_rustts} BuildRequires: rust-toolset-%{rst_version}-cargo -BuildRequires: rust-toolset-%{rst_version}-rust +BuildRequires: rust-toolset-%{rst_version}-rust >= 1.24 %endif %if 0%{?rhel} == 8 -BuildRequires: llvm-toolset-%{dts_version} -BuildRequires: llvm-toolset-%{dts_version}-llvm-devel +BuildRequires: llvm-toolset-%{llvm_version} +BuildRequires: llvm-toolset-%{llvm_version}-llvm-devel %endif %if 0%{?use_bundled_python} #%if 0%{?rhel} == 6 @@ -404,6 +411,7 @@ This package contains results of tests executed during build. # This needs to stay for the future releases %if 0%{?rhel} < 8 %patch230 -p1 -b .1503632-nss +%patch416 -R -p1 -b .1475775-key3-revert %endif #ARM run-time patch @@ -416,6 +424,7 @@ This package contains results of tests executed during build. %patch413 -p1 -b .1353817 %patch415 -p1 -b .1436242 + # Patch for big endian platforms only %if 0%{?big_endian} %patch26 -p1 -b .icu @@ -1142,6 +1151,12 @@ gtk-update-icon-cache %{_datadir}/icons/hicolor &>/dev/null || : #--------------------------------------------------------------------- %changelog +* Fri Oct 19 2018 Jan Horak - 60.3.0-1 +- Update to 60.3.0 ESR + +* Wed Oct 10 2018 Jan Horak - 60.2.2-2 +- Added patch for rhbz#1633932 + * Tue Oct 2 2018 Jan Horak - 60.2.2-1 - Update to 60.2.2 ESR