mirror of
https://github.com/archlinux/aur.git
synced 2026-02-04 06:19:38 +01:00
patches for FS#77796 and FS#77805
This commit is contained in:
Ewout van Mansom
parent
379f92cbb9
commit
da4e4c1622
5 changed files with 214 additions and 5 deletions
10
.SRCINFO
10
.SRCINFO
|
|
@ -1,7 +1,7 @@
|
|||
pkgbase = firefox-vaapi
|
||||
pkgdesc = Standalone web browser from mozilla.org (with VA-API patches)
|
||||
pkgver = 110.0.1
|
||||
pkgrel = 2
|
||||
pkgrel = 4
|
||||
url = https://www.mozilla.org/firefox/
|
||||
arch = x86_64
|
||||
license = GPL
|
||||
|
|
@ -55,19 +55,25 @@ pkgbase = firefox-vaapi
|
|||
source = firefox.desktop
|
||||
source = identity-icons-brand.svg
|
||||
source = 0001-libwebrtc-screen-cast-sync.patch
|
||||
source = 0003-enable-vaapi.patch
|
||||
source = 0003-Bug-1820416-Use-correct-FFVPX-headers-from-ffmpeg-6..patch
|
||||
source = 0004-Bug-1821359-Disable-TLS-Key-Pinning-for-Twitter-Doma.patch
|
||||
source = 0005-enable-vaapi.patch
|
||||
validpgpkeys = 14F26682D0916CDD81E37B6D61B7B526D98F0353
|
||||
sha256sums = f19bb74d684b992625abca68f5776198974cd2785eb5d02d51ba007fc998491f
|
||||
sha256sums = SKIP
|
||||
sha256sums = 298eae9de76ec53182f38d5c549d0379569916eebf62149f9d7f4a7edef36abf
|
||||
sha256sums = a9b8b4a0a1f4a7b4af77d5fc70c2686d624038909263c795ecc81e0aec7711e9
|
||||
sha256sums = 43c83101b7ad7dba6f5fffeb89b70a661a547d506a031ea2beada42ccf04eec7
|
||||
sha256sums = be9ba079a931d5e881ce38430d418cc834e8c6b157af6c79ea267998caece806
|
||||
sha256sums = e4193f0a31a11ec6f5e16ac8d25c866867742d2c6917f34a87d73fa35eb55c55
|
||||
sha256sums = f2b19e14d8add13930e2ce89fa5e1b252ac979c8177a78a6fa3eb4ae2ad56633
|
||||
b2sums = ff196016e0271f7828163b8f767f3321b5ee08ef6bd0b03b134e17a1e5b62666f10ae80a14569438f6ac1c995a7a8422265eaabbc505b6a86e95a66b5db07209
|
||||
b2sums = SKIP
|
||||
b2sums = e18f2c22e394ca3b6758bc130245b254947e4d15921be3da443d6d7c3c4b0d22ead1b39fbc10a4f896edd19e2a1dffbd1cbb34dc4beb0621a6ddb70ccc53b3a7
|
||||
b2sums = 63a8dd9d8910f9efb353bed452d8b4b2a2da435857ccee083fc0c557f8c4c1339ca593b463db320f70387a1b63f1a79e709e9d12c69520993e26d85a3d742e34
|
||||
b2sums = 2bf65874c8c1f41c9273b68d74f4fe5c81dca5acbad0b9a5f917df1d46e1b2a1fb25d42a419eb885e76f4d193483cdeb6294e14ed4b2e241c34b84565b6ffd72
|
||||
b2sums = be47c370c1b765921a6ffbb0eeaceaabc26483629b2ebd73c38f36b3ac418d1746fa021b5d444264641ff7c0c13e688a752758bd75c84e0297aceeaec0062ff2
|
||||
b2sums = 219ad84cbd9fe6284e61ded5813c1ca36158067e796ae6532cacfe9aeeb7c716c0382d991df5026c3f880dd39c271c6478bc4f56d4cecb14baa05921cf4dd567
|
||||
b2sums = 35a18c4fefac69bdbcabb5c0005a2cc3afb640a09ab92a9025c3d627a5be8857da7d182f203be55d1e64a07dd1d88d56247d8131bd45c7fa6e18526b30624a71
|
||||
|
||||
pkgname = firefox-vaapi
|
||||
|
|
|
|||
|
|
@ -0,0 +1,24 @@
|
|||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||
From: stransky <stransky@redhat.com>
|
||||
Date: Thu, 9 Mar 2023 13:16:19 +0000
|
||||
Subject: [PATCH] Bug 1820416 Use correct FFVPX headers from ffmpeg 6.0
|
||||
r=padenot
|
||||
|
||||
Differential Revision: https://phabricator.services.mozilla.com/D172116
|
||||
---
|
||||
dom/media/platforms/ffmpeg/ffvpx/moz.build | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/dom/media/platforms/ffmpeg/ffvpx/moz.build b/dom/media/platforms/ffmpeg/ffvpx/moz.build
|
||||
index 188b866fc9de..cda0960787a5 100644
|
||||
--- a/dom/media/platforms/ffmpeg/ffvpx/moz.build
|
||||
+++ b/dom/media/platforms/ffmpeg/ffvpx/moz.build
|
||||
@@ -20,7 +20,7 @@ SOURCES += [
|
||||
]
|
||||
LOCAL_INCLUDES += [
|
||||
"..",
|
||||
- "../ffmpeg59/include",
|
||||
+ "../ffmpeg60/include",
|
||||
"/media/mozva",
|
||||
]
|
||||
|
||||
165
0004-Bug-1821359-Disable-TLS-Key-Pinning-for-Twitter-Doma.patch
Normal file
165
0004-Bug-1821359-Disable-TLS-Key-Pinning-for-Twitter-Doma.patch
Normal file
|
|
@ -0,0 +1,165 @@
|
|||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||
From: Dennis Jackson <djackson@mozilla.com>
|
||||
Date: Thu, 9 Mar 2023 22:05:17 +0000
|
||||
Subject: [PATCH] Bug 1821359: Disable TLS Key Pinning for Twitter Domains.
|
||||
r=keeler, a=dmeehan
|
||||
|
||||
This patch removes Twitter domains from the list of sites we statically pin in Firefox
|
||||
and regenerates the associated headers. Note that the Twitter domains are still
|
||||
imported from Chrome's list of pins, but now have the test flag set, making them inert.
|
||||
|
||||
Differential Revision: https://phabricator.services.mozilla.com/D172161
|
||||
---
|
||||
security/manager/ssl/StaticHPKPins.h | 18 ++++++++--------
|
||||
security/manager/tools/PreloadedHPKPins.json | 22 ++------------------
|
||||
2 files changed, 11 insertions(+), 29 deletions(-)
|
||||
|
||||
diff --git a/security/manager/ssl/StaticHPKPins.h b/security/manager/ssl/StaticHPKPins.h
|
||||
index 3adda637832a..e558393a3218 100644
|
||||
--- a/security/manager/ssl/StaticHPKPins.h
|
||||
+++ b/security/manager/ssl/StaticHPKPins.h
|
||||
@@ -602,26 +602,26 @@ static const TransportSecurityPreload kPublicKeyPinningPreloadList[] = {
|
||||
{ "admin.google.com", true, false, false, -1, &kPinset_google_root_pems },
|
||||
{ "android.com", true, false, false, -1, &kPinset_google_root_pems },
|
||||
{ "api.accounts.firefox.com", true, false, true, 5, &kPinset_mozilla_services },
|
||||
- { "api.twitter.com", true, false, false, -1, &kPinset_twitterCDN },
|
||||
+ { "api.twitter.com", true, true, false, -1, &kPinset_twitterCDN },
|
||||
{ "apis.google.com", true, false, false, -1, &kPinset_google_root_pems },
|
||||
{ "appengine.google.com", true, false, false, -1, &kPinset_google_root_pems },
|
||||
{ "apps.facebook.com", true, false, false, -1, &kPinset_facebook },
|
||||
{ "appspot.com", true, false, false, -1, &kPinset_google_root_pems },
|
||||
{ "at.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
|
||||
{ "au.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
|
||||
{ "aus4.mozilla.org", true, true, true, 3, &kPinset_mozilla_services },
|
||||
{ "aus5.mozilla.org", true, true, true, 7, &kPinset_mozilla_services },
|
||||
{ "az.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
|
||||
{ "be.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
|
||||
{ "bi.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
|
||||
{ "blog.torproject.org", true, false, false, -1, &kPinset_tor },
|
||||
{ "blogger.com", true, false, false, -1, &kPinset_google_root_pems },
|
||||
{ "blogspot.com", true, false, false, -1, &kPinset_google_root_pems },
|
||||
{ "br.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
|
||||
{ "bugs.chromium.org", true, false, false, -1, &kPinset_google_root_pems },
|
||||
{ "build.chromium.org", true, false, false, -1, &kPinset_google_root_pems },
|
||||
{ "business.facebook.com", true, false, false, -1, &kPinset_facebook },
|
||||
- { "business.twitter.com", true, false, false, -1, &kPinset_twitterCom },
|
||||
+ { "business.twitter.com", true, true, false, -1, &kPinset_twitterCom },
|
||||
{ "ca.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
|
||||
{ "calendar.google.com", true, false, false, -1, &kPinset_google_root_pems },
|
||||
{ "cd.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
|
||||
@@ -661,7 +661,7 @@ static const TransportSecurityPreload kPublicKeyPinningPreloadList[] = {
|
||||
{ "ct.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
|
||||
{ "datastudio.google.com", true, false, false, -1, &kPinset_google_root_pems },
|
||||
{ "de.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
|
||||
- { "dev.twitter.com", true, false, false, -1, &kPinset_twitterCom },
|
||||
+ { "dev.twitter.com", true, true, false, -1, &kPinset_twitterCom },
|
||||
{ "developer.android.com", true, false, false, -1, &kPinset_google_root_pems },
|
||||
{ "developers.facebook.com", true, false, false, -1, &kPinset_facebook },
|
||||
{ "dist.torproject.org", true, false, false, -1, &kPinset_tor },
|
||||
@@ -973,34 +973,34 @@ static const TransportSecurityPreload kPublicKeyPinningPreloadList[] = {
|
||||
{ "mbasic.facebook.com", true, false, false, -1, &kPinset_facebook },
|
||||
{ "meet.google.com", true, false, false, -1, &kPinset_google_root_pems },
|
||||
{ "messenger.com", true, false, false, -1, &kPinset_facebook },
|
||||
- { "mobile.twitter.com", true, false, false, -1, &kPinset_twitterCom },
|
||||
+ { "mobile.twitter.com", true, true, false, -1, &kPinset_twitterCom },
|
||||
{ "mt.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
|
||||
{ "mtouch.facebook.com", true, false, false, -1, &kPinset_facebook },
|
||||
{ "mu.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
|
||||
{ "mw.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
|
||||
{ "mx.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
|
||||
{ "myaccount.google.com", true, false, false, -1, &kPinset_google_root_pems },
|
||||
{ "myactivity.google.com", true, false, false, -1, &kPinset_google_root_pems },
|
||||
{ "ni.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
|
||||
{ "nl.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
|
||||
{ "no.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
|
||||
{ "np.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
|
||||
{ "nz.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
|
||||
- { "oauth.twitter.com", true, false, false, -1, &kPinset_twitterCom },
|
||||
+ { "oauth.twitter.com", true, true, false, -1, &kPinset_twitterCom },
|
||||
{ "oauthaccountmanager.googleapis.com", true, false, false, -1, &kPinset_google_root_pems },
|
||||
{ "pa.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
|
||||
{ "passwords.google.com", true, false, false, -1, &kPinset_google_root_pems },
|
||||
{ "passwordsleakcheck-pa.googleapis.com", true, false, false, -1, &kPinset_google_root_pems },
|
||||
{ "payments.google.com", true, false, false, -1, &kPinset_google_root_pems },
|
||||
{ "pe.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
|
||||
{ "ph.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
|
||||
{ "pinning-test.badssl.com", true, false, false, -1, &kPinset_test },
|
||||
{ "pinningtest.appspot.com", true, false, false, -1, &kPinset_test },
|
||||
{ "pixel.facebook.com", true, false, false, -1, &kPinset_facebook },
|
||||
{ "pixel.google.com", true, false, false, -1, &kPinset_google_root_pems },
|
||||
{ "pk.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
|
||||
{ "pl.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
|
||||
- { "platform.twitter.com", true, false, false, -1, &kPinset_twitterCDN },
|
||||
+ { "platform.twitter.com", true, true, false, -1, &kPinset_twitterCDN },
|
||||
{ "play.google.com", true, false, false, -1, &kPinset_google_root_pems },
|
||||
{ "plus.google.com", true, false, false, -1, &kPinset_google_root_pems },
|
||||
{ "plus.sandbox.google.com", true, false, false, -1, &kPinset_google_root_pems },
|
||||
@@ -1043,8 +1043,8 @@ static const TransportSecurityPreload kPublicKeyPinningPreloadList[] = {
|
||||
{ "tunnel.googlezip.net", true, false, false, -1, &kPinset_google_root_pems },
|
||||
{ "tv.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
|
||||
{ "tw.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
|
||||
- { "twimg.com", true, false, false, -1, &kPinset_twitterCDN },
|
||||
- { "twitter.com", true, false, false, -1, &kPinset_twitterCDN },
|
||||
+ { "twimg.com", true, true, false, -1, &kPinset_twitterCDN },
|
||||
+ { "twitter.com", false, true, false, -1, &kPinset_twitterCom },
|
||||
{ "ua.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
|
||||
{ "ua5v.com", true, false, false, -1, &kPinset_google_root_pems },
|
||||
{ "uk.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
|
||||
@@ -1079,7 +1079,7 @@ static const TransportSecurityPreload kPublicKeyPinningPreloadList[] = {
|
||||
{ "www.googlemail.com", false, false, false, -1, &kPinset_google_root_pems },
|
||||
{ "www.messenger.com", true, false, false, -1, &kPinset_facebook },
|
||||
{ "www.torproject.org", true, false, false, -1, &kPinset_tor },
|
||||
- { "www.twitter.com", true, false, false, -1, &kPinset_twitterCom },
|
||||
+ { "www.twitter.com", true, true, false, -1, &kPinset_twitterCom },
|
||||
{ "xa.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
|
||||
{ "xbrlsuccess.appspot.com", true, false, false, -1, &kPinset_google_root_pems },
|
||||
{ "xn--7xa.google.com", true, false, false, -1, &kPinset_google_root_pems },
|
||||
diff --git a/security/manager/tools/PreloadedHPKPins.json b/security/manager/tools/PreloadedHPKPins.json
|
||||
index 243625852686..c7c20ea6f680 100644
|
||||
--- a/security/manager/tools/PreloadedHPKPins.json
|
||||
+++ b/security/manager/tools/PreloadedHPKPins.json
|
||||
@@ -44,29 +44,16 @@
|
||||
// Dropbox
|
||||
"dropbox.com",
|
||||
"www.dropbox.com",
|
||||
- // Twitter
|
||||
- "api.twitter.com",
|
||||
- "business.twitter.com",
|
||||
- "dev.twitter.com",
|
||||
- "mobile.twitter.com",
|
||||
- "oauth.twitter.com",
|
||||
- "platform.twitter.com",
|
||||
- "twimg.com",
|
||||
- "www.twitter.com",
|
||||
// Tor
|
||||
"torproject.org",
|
||||
"blog.torproject.org",
|
||||
"check.torproject.org",
|
||||
"dist.torproject.org",
|
||||
"www.torproject.org",
|
||||
// SpiderOak
|
||||
"spideroak.com"
|
||||
],
|
||||
- "exclude_domains" : [
|
||||
- // Chrome's entry for twitter.com doesn't include subdomains, so replace
|
||||
- // it with our own entry below which also uses an expanded pinset.
|
||||
- "twitter.com"
|
||||
- ]
|
||||
+ "exclude_domains" : []
|
||||
},
|
||||
"pinsets": [
|
||||
{
|
||||
@@ -193,12 +180,7 @@
|
||||
"include_subdomains": false, "pins": "mozilla_test",
|
||||
"test_mode": false },
|
||||
{ "name": "test-mode.pinning.example.com", "include_subdomains": true,
|
||||
- "pins": "mozilla_test", "test_mode": true },
|
||||
- // Expand twitter's pinset to include all of *.twitter.com and use
|
||||
- // twitterCDN. More specific rules take precedence because we search for
|
||||
- // exact domain name first.
|
||||
- { "name": "twitter.com", "include_subdomains": true,
|
||||
- "pins": "twitterCDN", "test_mode": false }
|
||||
+ "pins": "mozilla_test", "test_mode": true }
|
||||
],
|
||||
// When pinning to non-root certs, like intermediates,
|
||||
// place the PEM of the pinned certificate in this array
|
||||
20
PKGBUILD
20
PKGBUILD
|
|
@ -6,7 +6,7 @@
|
|||
pkgname=firefox-vaapi
|
||||
_pkgname=firefox
|
||||
pkgver=110.0.1
|
||||
pkgrel=2
|
||||
pkgrel=4
|
||||
pkgdesc="Standalone web browser from mozilla.org (with VA-API patches)"
|
||||
url="https://www.mozilla.org/firefox/"
|
||||
arch=(x86_64)
|
||||
|
|
@ -71,7 +71,9 @@ source=(
|
|||
$_pkgname.desktop
|
||||
identity-icons-brand.svg
|
||||
0001-libwebrtc-screen-cast-sync.patch
|
||||
0003-enable-vaapi.patch
|
||||
0003-Bug-1820416-Use-correct-FFVPX-headers-from-ffmpeg-6..patch
|
||||
0004-Bug-1821359-Disable-TLS-Key-Pinning-for-Twitter-Doma.patch
|
||||
0005-enable-vaapi.patch
|
||||
)
|
||||
validpgpkeys=(
|
||||
'14F26682D0916CDD81E37B6D61B7B526D98F0353' # Mozilla Software Releases <release@mozilla.com>
|
||||
|
|
@ -81,12 +83,16 @@ sha256sums=('f19bb74d684b992625abca68f5776198974cd2785eb5d02d51ba007fc998491f'
|
|||
'298eae9de76ec53182f38d5c549d0379569916eebf62149f9d7f4a7edef36abf'
|
||||
'a9b8b4a0a1f4a7b4af77d5fc70c2686d624038909263c795ecc81e0aec7711e9'
|
||||
'43c83101b7ad7dba6f5fffeb89b70a661a547d506a031ea2beada42ccf04eec7'
|
||||
'be9ba079a931d5e881ce38430d418cc834e8c6b157af6c79ea267998caece806'
|
||||
'e4193f0a31a11ec6f5e16ac8d25c866867742d2c6917f34a87d73fa35eb55c55'
|
||||
'f2b19e14d8add13930e2ce89fa5e1b252ac979c8177a78a6fa3eb4ae2ad56633')
|
||||
b2sums=('ff196016e0271f7828163b8f767f3321b5ee08ef6bd0b03b134e17a1e5b62666f10ae80a14569438f6ac1c995a7a8422265eaabbc505b6a86e95a66b5db07209'
|
||||
'SKIP'
|
||||
'e18f2c22e394ca3b6758bc130245b254947e4d15921be3da443d6d7c3c4b0d22ead1b39fbc10a4f896edd19e2a1dffbd1cbb34dc4beb0621a6ddb70ccc53b3a7'
|
||||
'63a8dd9d8910f9efb353bed452d8b4b2a2da435857ccee083fc0c557f8c4c1339ca593b463db320f70387a1b63f1a79e709e9d12c69520993e26d85a3d742e34'
|
||||
'2bf65874c8c1f41c9273b68d74f4fe5c81dca5acbad0b9a5f917df1d46e1b2a1fb25d42a419eb885e76f4d193483cdeb6294e14ed4b2e241c34b84565b6ffd72'
|
||||
'be47c370c1b765921a6ffbb0eeaceaabc26483629b2ebd73c38f36b3ac418d1746fa021b5d444264641ff7c0c13e688a752758bd75c84e0297aceeaec0062ff2'
|
||||
'219ad84cbd9fe6284e61ded5813c1ca36158067e796ae6532cacfe9aeeb7c716c0382d991df5026c3f880dd39c271c6478bc4f56d4cecb14baa05921cf4dd567'
|
||||
'35a18c4fefac69bdbcabb5c0005a2cc3afb640a09ab92a9025c3d627a5be8857da7d182f203be55d1e64a07dd1d88d56247d8131bd45c7fa6e18526b30624a71')
|
||||
|
||||
# Google API keys (see http://www.chromium.org/developers/how-tos/api-keys)
|
||||
|
|
@ -115,10 +121,18 @@ prepare() {
|
|||
# https://bugzilla.mozilla.org/show_bug.cgi?id=1819374
|
||||
patch -Np1 -i 0002-Bug-1819374-Squashed-ffmpeg-6.0-update.patch
|
||||
|
||||
# https://bugs.archlinux.org/task/77796
|
||||
# https://bugzilla.mozilla.org/show_bug.cgi?id=1820416
|
||||
patch -Np1 -i ../0003-Bug-1820416-Use-correct-FFVPX-headers-from-ffmpeg-6..patch
|
||||
|
||||
# https://bugs.archlinux.org/task/77805
|
||||
# https://bugzilla.mozilla.org/show_bug.cgi?id=1821359
|
||||
patch -Np1 -i ../0004-Bug-1821359-Disable-TLS-Key-Pinning-for-Twitter-Doma.patch
|
||||
|
||||
# https://bugzilla.mozilla.org/show_bug.cgi?id=1809068
|
||||
# https://bbs.archlinux.org/viewtopic.php?id=281398
|
||||
# https://src.fedoraproject.org/rpms/firefox/blob/rawhide/f/firefox-enable-vaapi.patch
|
||||
patch -Np1 -i ../0003-enable-vaapi.patch
|
||||
patch -Np1 -i ../0005-enable-vaapi.patch
|
||||
|
||||
echo -n "$_google_api_key" >google-api-key
|
||||
echo -n "$_mozilla_api_key" >mozilla-api-key
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue