# HG changeset patch # User Wolfgang Rosenauer # Date 1628891228 -7200 # Node ID b28cf22ff7cf40a811aebd5afb552995c7d6573b # Parent c4aba2fa09086c5bba1ebb181f2d9e5fa8a6d3c4 Firefox 91.0 diff -r c4aba2fa0908 -r b28cf22ff7cf MozillaFirefox/MozillaFirefox.changes --- a/MozillaFirefox/MozillaFirefox.changes Mon Aug 09 09:14:17 2021 +0200 +++ b/MozillaFirefox/MozillaFirefox.changes Fri Aug 13 23:47:08 2021 +0200 @@ -1,4 +1,44 @@ ------------------------------------------------------------------- +Mon Aug 9 14:55:22 UTC 2021 - Wolfgang Rosenauer + +- Mozilla Firefox 91.0 + MFSA 2021-33 (bsc#1188891) + * CVE-2021-29986 (bmo#1696138) + Race condition when resolving DNS names could have led to + memory corruption + * CVE-2021-29981 (bmo#1707774) + Live range splitting could have led to conflicting + assignments in the JIT + * CVE-2021-29988 (bmo#1717922) + Memory corruption as a result of incorrect style treatment + * CVE-2021-29983 (bmo#1719088) + Firefox for Android could get stuck in fullscreen mode + * CVE-2021-29984 (bmo#1720031) + Incorrect instruction reordering during JIT optimization + * CVE-2021-29980 (bmo#1722204) + Uninitialized memory in a canvas object could have led to + memory corruption + * CVE-2021-29987 (bmo#1716129) + Users could have been tricked into accepting unwanted + permissions on Linux + * CVE-2021-29985 (bmo#1722083) + Use-after-free media channels + * CVE-2021-29982 (bmo#1715318) + Single bit data leak due to incorrect JIT optimization and + type confusion + * CVE-2021-29989 (bmo#1662676, bmo#1666184, bmo#1719178, + bmo#1719998, bmo#1720568) + Memory safety bugs fixed in Firefox 91 and Firefox ESR 78.13 + * CVE-2021-29990 (bmo#1544190, bmo#1716481, bmo#1717778, + bmo#1719319, bmo#1722073) + Memory safety bugs fixed in Firefox 91 +- requires + * rustc/cargo >= 1.51 + * NSPR >= 4.32 + * NSS >= 3.68 +- force-disable webrender on BE platforms + +------------------------------------------------------------------- Sat Jul 24 07:15:54 UTC 2021 - Andreas Stieger - Mozilla Firefox 90.0.2: diff -r c4aba2fa0908 -r b28cf22ff7cf MozillaFirefox/MozillaFirefox.spec --- a/MozillaFirefox/MozillaFirefox.spec Mon Aug 09 09:14:17 2021 +0200 +++ b/MozillaFirefox/MozillaFirefox.spec Fri Aug 13 23:47:08 2021 +0200 @@ -32,9 +32,9 @@ # orig_suffix b3 # major 69 # mainver %major.99 -%define major 90 -%define mainver %major.0.2 -%define orig_version 90.0.2 +%define major 91 +%define mainver %major.0 +%define orig_version 91.0 %define orig_suffix %{nil} %define update_channel release %define branding 1 @@ -54,6 +54,9 @@ # define if ccache should be used or not %define useccache 1 +# SLE-12 doesn't have this macro +%{!?_rpmmacrodir: %global _rpmmacrodir %{_rpmconfigdir}/macros.d} + # Firefox only supports i686 %ifarch %ix86 ExclusiveArch: i586 i686 @@ -100,7 +103,15 @@ %else BuildRequires: gcc-c++ %endif -BuildRequires: cargo >= 1.47 +%if 0%{?suse_version} < 1550 && 0%{?sle_version} < 150300 +BuildRequires: cargo >= 1.51 +BuildRequires: rust >= 1.51 +%else +# Newer sle/leap/tw use parallel versioned rust releases which have +# a different method for provides that we can use to request a +# specific version +BuildRequires: rust+cargo >= 1.51 +%endif %if 0%{useccache} != 0 BuildRequires: ccache %endif @@ -110,8 +121,8 @@ BuildRequires: libiw-devel BuildRequires: libproxy-devel BuildRequires: makeinfo -BuildRequires: mozilla-nspr-devel >= 4.31 -BuildRequires: mozilla-nss-devel >= 3.66 +BuildRequires: mozilla-nspr-devel >= 4.32 +BuildRequires: mozilla-nss-devel >= 3.68 BuildRequires: nasm >= 2.14 BuildRequires: nodejs >= 10.22.1 %if 0%{?sle_version} >= 120000 && 0%{?sle_version} < 150000 @@ -121,7 +132,6 @@ BuildRequires: python3 >= 3.5 BuildRequires: python3-devel %endif -BuildRequires: rust >= 1.47 BuildRequires: rust-cbindgen >= 0.19.0 BuildRequires: unzip BuildRequires: update-desktop-files @@ -367,6 +377,12 @@ export PYTHON3=/usr/bin/python36 %endif +# Webrender does not support big endian yet, so we are forcing it off +# see: https://bugzilla.mozilla.org/show_bug.cgi?id=1716707 +%ifarch s390x ppc64 +echo 'pref("gfx.webrender.force-disabled", true);' >> %{SOURCE9} +%endif + # kdehelperversion=$(cat toolkit/xre/nsKDEUtils.cpp | grep '#define KMOZILLAHELPER_VERSION' | cut -d ' ' -f 3) if test "$kdehelperversion" != %{kde_helper_version}; then @@ -652,11 +668,8 @@ # mkdir -p %{buildroot}%{_datadir}/mozilla/extensions/%{firefox_appid} mkdir -p %{buildroot}%{_libdir}/mozilla/extensions/%{firefox_appid} +# Install symbolic icon for GNOME %if %branding -# Install symbolic icon for GNOME -mkdir -p %{buildroot}%{gnome_dir}/share/icons/hicolor/symbolic/apps/ -cp %{_builddir}/%{srcname}-%{orig_version}/browser/branding/official/content/identity-icons-brand.svg \ - %{buildroot}%{gnome_dir}/share/icons/hicolor/symbolic/apps/%{progname}-symbolic.svg for size in 16 22 24 32 48 64 128 256; do %else for size in 16 32 48; do diff -r c4aba2fa0908 -r b28cf22ff7cf MozillaFirefox/tar_stamps --- a/MozillaFirefox/tar_stamps Mon Aug 09 09:14:17 2021 +0200 +++ b/MozillaFirefox/tar_stamps Fri Aug 13 23:47:08 2021 +0200 @@ -1,11 +1,10 @@ PRODUCT="firefox" CHANNEL="release" -VERSION="90.0.2" +VERSION="91.0" VERSION_SUFFIX="" -PREV_VERSION="90.0.1" +PREV_VERSION="90.0.2" PREV_VERSION_SUFFIX="" #SKIP_LOCALES="" # Uncomment to skip l10n and compare-locales-generation - RELEASE_REPO="https://hg.mozilla.org/releases/mozilla-release" -RELEASE_TAG="cda19fb46018c9cb8dc5e6127ebb2cfd04aa9be4" -RELEASE_TIMESTAMP="20210721174149" +RELEASE_TAG="f51367289e745398258bb394fe2001e807faa048" +RELEASE_TIMESTAMP="20210804193234" diff -r c4aba2fa0908 -r b28cf22ff7cf mozilla-reduce-rust-debuginfo.patch --- a/mozilla-reduce-rust-debuginfo.patch Mon Aug 09 09:14:17 2021 +0200 +++ b/mozilla-reduce-rust-debuginfo.patch Fri Aug 13 23:47:08 2021 +0200 @@ -1,54 +1,28 @@ -# HG changeset patch -# User msirringhaus@suse.de -# Date 1560754926 -7200 -# Mon Jun 17 09:02:06 2019 +0200 -# Node ID 428161c3b9599083e1b8710eda1760f1f707ab11 -# Parent d55730171edb1935dec80234eba336787ff0e4e8 -#Description: reduce the rust debuginfo level on selected architectures where -# compiling with debuginfo=2 causes the OOM killer to interrupt the build on -# launchpad builders. Initially this was only on 32 bit architectures, but with -# firefox 63 it started happening frequently on arm64 and ppc64el too. - diff --git a/build/moz.configure/rust.configure b/build/moz.configure/rust.configure --- a/build/moz.configure/rust.configure +++ b/build/moz.configure/rust.configure -@@ -603,18 +603,19 @@ set_config("CARGO_PROFILE_DEV_OPT_LEVEL" - - - @depends( - rustc_opt_level, - debug_rust, - target, - "--enable-debug-symbols", +@@ -610,6 +610,7 @@ set_config("CARGO_PROFILE_DEV_OPT_LEVEL" "--enable-frame-pointers", -+ host, + path_remapping, + path_remappings, ++ host ) --def rust_compile_flags(opt_level, debug_rust, target, debug_symbols, frame_pointers): -+def rust_compile_flags(opt_level, debug_rust, target, debug_symbols, frame_pointers, host): + def rust_compile_flags( + opt_level, +@@ -619,6 +620,7 @@ def rust_compile_flags( + frame_pointers, + path_remapping, + path_remappings, ++ host + ): # Cargo currently supports only two interesting profiles for building: # development and release. Those map (roughly) to --enable-debug and - # --disable-debug in Gecko, respectively. - # - # But we'd also like to support an additional axis of control for - # optimization level. Since Cargo only supports 2 profiles, we're in - # a bit of a bind. - # -@@ -627,16 +628,18 @@ def rust_compile_flags(opt_level, debug_ - - # opt-level=0 implies -C debug-assertions, which may not be desired - # unless Rust debugging is enabled. - if opt_level == "0" and not debug_rust: - debug_assertions = False +@@ -642,6 +644,8 @@ def rust_compile_flags( if debug_symbols: debug_info = "2" -+ if host.bitness == 32 or host.cpu == 'aarch64' or host.cpu == 'ppc64': ++ if host.bitness == 32 or host.cpu == 'aarch64' or host.cpu == 'ppc64' or host.cpu == 's390x': + debug_info = '1' opts = [] - if debug_assertions is not None: - opts.append("debug-assertions=%s" % ("yes" if debug_assertions else "no")) - if debug_info is not None: - opts.append("debuginfo=%s" % debug_info) - if frame_pointers: