# HG changeset patch # User Wolfgang Rosenauer # Date 1568014211 -7200 # Node ID a2aa55e10564aa7ce07c492037e72454ad74a7cb # Parent 6c6375987b6c97e5c52b7215a9b2a525b6ff60f8 Firefox 69 as submitted to TW diff -r 6c6375987b6c -r a2aa55e10564 MozillaFirefox/MozillaFirefox.changes --- a/MozillaFirefox/MozillaFirefox.changes Fri Sep 06 18:28:48 2019 +0200 +++ b/MozillaFirefox/MozillaFirefox.changes Mon Sep 09 09:30:11 2019 +0200 @@ -12,6 +12,20 @@ * Support for receiving multiple video codecs with this release makes it easier for WebRTC conferencing services to mix video from different clients. + MFSA 2019-25 (boo#1149324) + * CVE-2019-11741 (bmo#1539595) + Isolate addons.mozilla.org and accounts.firefox.com + * CVE-2019-5849 (bmo#1555838) + Out-of-bounds read in Skia + * CVE-2019-11737 (bmo#1388015) + Content security policy directives ignore port and path if host is a wildcard + * CVE-2019-11734 (bmo#1352875,bmo#1536227,bmo#1557208,bmo#1560641) + Memory safety bugs fixed in Firefox 69 + * CVE-2019-11735 (bmo#1561404,bmo#1561484,bmo#1568047,bmo#1561912, + bmo#1565744,bmo#1568858,bmo#1570358) + Memory safety bugs fixed in Firefox 69 and Firefox ESR 68.1 + * CVE-2019-11740 (bmo#1563133,bmo#1573160) + Memory safety bugs fixed in Firefox 69, Firefox ESR 68.1, and Firefox ESR 60.9 - requires * rust/cargo >= 1.35 * rust-cbindgen >= 0.9.0 @@ -22,9 +36,9 @@ Wed Sep 4 15:38:40 UTC 2019 - Wolfgang Rosenauer - added a bunch of patches mainly for big endian platforms - * mozilla-bmo1504834-part1.patch - * mozilla-bmo1504834-part2.patch - * mozilla-bmo1504834-part3.patch + * mozilla-bmo1504834-part1.patch (currently unused as it breaks LE) + * mozilla-bmo1504834-part2.patch (currently unused as it breaks LE) + * mozilla-bmo1504834-part3.patch (currently unused as it breaks LE) * mozilla-bmo1511604.patch * mozilla-bmo1554971.patch * mozilla-bmo1573381.patch diff -r 6c6375987b6c -r a2aa55e10564 MozillaFirefox/MozillaFirefox.spec --- a/MozillaFirefox/MozillaFirefox.spec Fri Sep 06 18:28:48 2019 +0200 +++ b/MozillaFirefox/MozillaFirefox.spec Mon Sep 09 09:30:11 2019 +0200 @@ -313,9 +313,9 @@ %patch14 -p1 %patch15 -p1 %patch16 -p1 -%patch17 -p1 -%patch18 -p1 -%patch19 -p1 +#%patch17 -p1 +#%patch18 -p1 +#%patch19 -p1 %patch20 -p1 %patch21 -p1 %patch22 -p1 diff -r 6c6375987b6c -r a2aa55e10564 mozilla-bmo1463035.patch --- a/mozilla-bmo1463035.patch Fri Sep 06 18:28:48 2019 +0200 +++ b/mozilla-bmo1463035.patch Mon Sep 09 09:30:11 2019 +0200 @@ -3,7 +3,7 @@ # User Mike Hommey # Date 1526871862 -32400 # Node ID 94f21505ff13cd089f7129cd24927cf8b31a0f43 -# Parent fc741a5ea37dbe145e0ca5f85e5dfb100f3c9091 +# Parent 5dc1d2186f44dd6ccfc4b28b9e1ed859cffc63bb Bug 1463035 - Remove MOZ_SIGNAL_TRAMPOLINE. r?darchons For some reason, GNU as is not happy with the assembly generated after @@ -36,6 +36,46 @@ 'double-conversion/double-conversion/bignum.cc', 'double-conversion/double-conversion/cached-powers.cc', 'double-conversion/double-conversion/diy-fp.cc', +diff --git a/mozglue/baseprofiler/core/platform-linux-android.cpp b/mozglue/baseprofiler/core/platform-linux-android.cpp +--- a/mozglue/baseprofiler/core/platform-linux-android.cpp ++++ b/mozglue/baseprofiler/core/platform-linux-android.cpp +@@ -55,17 +55,16 @@ + #ifdef __GLIBC__ + # include // backtrace, backtrace_symbols + #endif // def __GLIBC__ + #include // index + #include + #include + + #include "prenv.h" +-#include "mozilla/LinuxSignal.h" + #include "mozilla/PodOperations.h" + #include "mozilla/DebugOnly.h" + + #include + #include + + using namespace mozilla; + +@@ -266,17 +265,17 @@ Sampler::Sampler(PSLockRef aLock) + + // NOTE: We don't initialize LUL here, instead initializing it in + // SamplerThread's constructor. This is because with the + // profiler_suspend_and_sample_thread entry point, we want to be able to + // sample without waiting for LUL to be initialized. + + // Request profiling signals. + struct sigaction sa; +- sa.sa_sigaction = MOZ_SIGNAL_TRAMPOLINE(SigprofHandler); ++ sa.sa_sigaction = SigprofHandler; + sigemptyset(&sa.sa_mask); + sa.sa_flags = SA_RESTART | SA_SIGINFO; + if (sigaction(SIGPROF, &sa, &mOldSigprofHandler) != 0) { + MOZ_CRASH("Error installing SIGPROF handler in the profiler"); + } + } + + void Sampler::Disable(PSLockRef aLock) { diff --git a/tools/profiler/core/platform-linux-android.cpp b/tools/profiler/core/platform-linux-android.cpp --- a/tools/profiler/core/platform-linux-android.cpp +++ b/tools/profiler/core/platform-linux-android.cpp @@ -57,7 +97,7 @@ using namespace mozilla; -@@ -248,17 +247,17 @@ Sampler::Sampler(PSLockRef aLock) +@@ -257,17 +256,17 @@ Sampler::Sampler(PSLockRef aLock) // NOTE: We don't initialize LUL here, instead initializing it in // SamplerThread's constructor. This is because with the