# HG changeset patch # User Wolfgang Rosenauer # Date 1666033682 -7200 # Node ID c19c9e7820ef0aed51d74f0ef3fb913074879122 # Parent e27c6e9c5c638646aad3c8a38a416b003e7a1ef2 Firefox 105.0.3 diff -r e27c6e9c5c63 -r c19c9e7820ef MozillaFirefox/MozillaFirefox.changes --- a/MozillaFirefox/MozillaFirefox.changes Sat Sep 17 23:09:48 2022 +0200 +++ b/MozillaFirefox/MozillaFirefox.changes Mon Oct 17 21:08:02 2022 +0200 @@ -1,4 +1,61 @@ ------------------------------------------------------------------- +Sat Oct 8 13:41:12 UTC 2022 - Andreas Stieger + +- Mozilla Firefox 105.0.3: + * Fixes for other platforms + +------------------------------------------------------------------- +Wed Oct 5 18:27:01 UTC 2022 - Andreas Stieger + +- Mozilla Firefox 105.0.2: + * Fixed poor contrast on various menu items with certain + themes on Linux systems (bmo#1792063) + * Fixed the scrollbar appearing on the wrong side of + `select` elements in right-to-left locales (bmo#1791219) + * Fixed a possible deadlock when loading some sites in + Troubleshoot Mode (bmo#1786259) + * Fixed a bug causing some dynamic appearance changes to + not appear when expected (bmo#1786521) + * Fixed a bug causing theme styling to not be properly applied + to sidebars for some add-ons in Private Browsing Mode + (bmo#1787543) + +------------------------------------------------------------------- +Thu Sep 22 22:12:39 UTC 2022 - Wolfgang Rosenauer + +- Mozilla Firefox 105.0.1 + * Reverted focus behavior for new windows back to the content + area instead of the address bar (bmo#1784692) +- added mozilla-i686-build.patch to avoid using avx2 + +------------------------------------------------------------------- +Sat Sep 17 21:01:10 UTC 2022 - Wolfgang Rosenauer + +- Mozilla Firefox 105.0 + https://www.mozilla.org/en-US/firefox/105.0/releasenotes + MFSA 2022-40 (bsc#1203477) + * CVE-2022-40959 (bmo#1782211) + Bypassing FeaturePolicy restrictions on transient pages + * CVE-2022-40960 (bmo#1787633) + Data-race when parsing non-UTF-8 URLs in threads + * CVE-2022-40958 (bmo#1779993) + Bypassing Secure Context restriction for cookies with __Host + and __Secure prefix + * CVE-2022-40961 (bmo#1784588) + Stack-buffer overflow when initializing Graphics + * CVE-2022-40956 (bmo#1770094) + Content-Security-Policy base-uri bypass + * CVE-2022-40957 (bmo#1777604) + Incoherent instruction cache when building WASM on ARM64 + * CVE-2022-40962 (bmo#1767360, bmo#1776655, bmo#1777574, + bmo#1784835, bmo#1785109, bmo#1786502, bmo#1789440) + Memory safety bugs fixed in Firefox 105 and Firefox ESR 102.3 +- requires + NSS 3.82 + Rust 1.63 (1.61) +- removed obsolete mozilla-glibc236.patch + +------------------------------------------------------------------- Fri Sep 9 05:59:03 UTC 2022 - Guillaume GARDET - Adjust memory requirements to fix build on aarch64 diff -r e27c6e9c5c63 -r c19c9e7820ef MozillaFirefox/MozillaFirefox.spec --- a/MozillaFirefox/MozillaFirefox.spec Sat Sep 17 23:09:48 2022 +0200 +++ b/MozillaFirefox/MozillaFirefox.spec Mon Oct 17 21:08:02 2022 +0200 @@ -28,9 +28,9 @@ # orig_suffix b3 # major 69 # mainver %major.99 -%define major 104 -%define mainver %major.0.2 -%define orig_version 104.0.2 +%define major 105 +%define mainver %major.0.3 +%define orig_version 105.0.3 %define orig_suffix %{nil} %define update_channel release %define branding 1 @@ -104,10 +104,10 @@ # a different method for provides that we can use to request a # specific version # minimal requirement: -BuildRequires: rust+cargo >= 1.59 +BuildRequires: rust+cargo >= 1.61 # actually used upstream: -BuildRequires: cargo1.62 -BuildRequires: rust1.62 +BuildRequires: cargo1.63 +BuildRequires: rust1.63 %endif %if 0%{useccache} != 0 BuildRequires: ccache @@ -118,7 +118,7 @@ BuildRequires: libproxy-devel BuildRequires: makeinfo BuildRequires: mozilla-nspr-devel >= 4.34.1 -BuildRequires: mozilla-nss-devel >= 3.81 +BuildRequires: mozilla-nss-devel >= 3.82 BuildRequires: nasm >= 2.14 BuildRequires: nodejs >= 10.22.1 %if 0%{?sle_version} >= 120000 && 0%{?sle_version} < 150000 @@ -224,7 +224,7 @@ Patch23: mozilla-bmo531915.patch Patch25: one_swizzle_to_rule_them_all.patch Patch26: svg-rendering.patch -Patch27: mozilla-glibc236.patch +Patch27: mozilla-i686-build.patch # Firefox/browser Patch101: firefox-kde.patch Patch102: firefox-branded-icons.patch diff -r e27c6e9c5c63 -r c19c9e7820ef MozillaFirefox/mozilla-glibc236.patch --- a/MozillaFirefox/mozilla-glibc236.patch Sat Sep 17 23:09:48 2022 +0200 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,1 +0,0 @@ -../mozilla-glibc236.patch \ No newline at end of file diff -r e27c6e9c5c63 -r c19c9e7820ef MozillaFirefox/mozilla-i686-build.patch --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/MozillaFirefox/mozilla-i686-build.patch Mon Oct 17 21:08:02 2022 +0200 @@ -0,0 +1,1 @@ +../mozilla-i686-build.patch \ No newline at end of file diff -r e27c6e9c5c63 -r c19c9e7820ef MozillaFirefox/tar_stamps --- a/MozillaFirefox/tar_stamps Sat Sep 17 23:09:48 2022 +0200 +++ b/MozillaFirefox/tar_stamps Mon Oct 17 21:08:02 2022 +0200 @@ -1,10 +1,10 @@ PRODUCT="firefox" CHANNEL="release" -VERSION="104.0.2" +VERSION="105.0.3" VERSION_SUFFIX="" -PREV_VERSION="104.0.1" +PREV_VERSION="105.0.2" PREV_VERSION_SUFFIX="" #SKIP_LOCALES="" # Uncomment to skip l10n and compare-locales-generation RELEASE_REPO="https://hg.mozilla.org/releases/mozilla-release" -RELEASE_TAG="a265a43e0445cef2e57a792a0dc6d0429b082736" -RELEASE_TIMESTAMP="20220902153754" +RELEASE_TAG="5a2af3ed86a64618b34bde6f427f2132b13f6bed" +RELEASE_TIMESTAMP="20221007134813" diff -r e27c6e9c5c63 -r c19c9e7820ef firefox-branded-icons.patch --- a/firefox-branded-icons.patch Sat Sep 17 23:09:48 2022 +0200 +++ b/firefox-branded-icons.patch Mon Oct 17 21:08:02 2022 +0200 @@ -1,12 +1,12 @@ # HG changeset patch # Parent e0751ad74e835e80041a61ea00c2a63bf6fbe2de -# Parent 30e1a232528000620a3874de06ea515e5ef8e77f +# Parent fe7e6fdd75484993420740244f21b5b41d6e0fa1 diff --git a/browser/branding/branding-common.mozbuild b/browser/branding/branding-common.mozbuild --- a/browser/branding/branding-common.mozbuild +++ b/browser/branding/branding-common.mozbuild -@@ -22,12 +22,15 @@ def FirefoxBranding(): - FINAL_TARGET_FILES.VisualElements += [ +@@ -25,12 +25,15 @@ def FirefoxBranding(): + 'PrivateBrowsing_70.png', 'VisualElements_150.png', 'VisualElements_70.png', ] @@ -24,7 +24,7 @@ diff --git a/browser/installer/package-manifest.in b/browser/installer/package-manifest.in --- a/browser/installer/package-manifest.in +++ b/browser/installer/package-manifest.in -@@ -236,20 +236,23 @@ +@@ -221,20 +221,23 @@ @RESPATH@/browser/chrome/browser@JAREXT@ @RESPATH@/browser/chrome/browser.manifest @RESPATH@/chrome/pdfjs.manifest diff -r e27c6e9c5c63 -r c19c9e7820ef mozilla-bmo531915.patch --- a/mozilla-bmo531915.patch Sat Sep 17 23:09:48 2022 +0200 +++ b/mozilla-bmo531915.patch Mon Oct 17 21:08:02 2022 +0200 @@ -1,13 +1,13 @@ # HG changeset patch # User Wolfgang Rosenauer -# Parent 7332dfc4c47d73f1b88850b7727d33096d68e329 +# Parent 5573047016750e02413781dac0ac4c2361946ed2 diff --git a/modules/fdlibm/src/math_private.h b/modules/fdlibm/src/math_private.h --- a/modules/fdlibm/src/math_private.h +++ b/modules/fdlibm/src/math_private.h -@@ -25,17 +25,21 @@ +@@ -25,19 +25,24 @@ - #include "mozilla/EndianUtils.h" + #include "fdlibm.h" /* * Emulate FreeBSD internal double types. @@ -16,10 +16,14 @@ +#ifdef __i386__ +typedef long double __double_t; ++typedef long double __float_t; +#else typedef double __double_t; ++typedef float __float_t; +#endif typedef __double_t double_t; +-typedef float __float_t; + typedef __float_t float_t; /* * The original fdlibm code used statements like: diff -r e27c6e9c5c63 -r c19c9e7820ef mozilla-glibc236.patch --- a/mozilla-glibc236.patch Sat Sep 17 23:09:48 2022 +0200 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,101 +0,0 @@ - -# HG changeset patch -# User Mike Hommey -# Date 1660077764 0 -# Node ID 970ebbe54477a0e518bfee8aeddf487ad9bd4365 -# Parent caca601f2f5e87dd660434f3db2156e950151adb -Bug 1782988 - Avoid build bustage when building against glibc 2.36 or newer. r=RyanVM - -Differential Revision: https://phabricator.services.mozilla.com/D153716 - -diff --git a/ipc/chromium/src/third_party/libevent/README.mozilla b/ipc/chromium/src/third_party/libevent/README.mozilla ---- a/ipc/chromium/src/third_party/libevent/README.mozilla -+++ b/ipc/chromium/src/third_party/libevent/README.mozilla -@@ -17,11 +17,15 @@ evconfig-private.h can be found in the r - - You then need to modify the EVENT__SIZEOF_* constants in the generated Linux, - Android, and BSD headers to be appropriate for both 32-bit and 64-bit platforms. - Mac doesn't need this since only 64-bit is supported. Use __LP64__ to - distinguish the two cases. If you get something wrong, the CHECK_EVENT_SIZEOF - static assertions in message_pump_libevent.cc will fail. If a new constant is - added, also add a static assertion for it to message_pump_libevent.cc. - -+You also need to modify the EVENT__HAVE_ARC4RANDOM and EVENT__HAVE_ARC4RANDOM_BUF -+constants in the generated Linux header to account for the results of the arc4random -+and arc4random_buf configure checks. -+ - 2. No additional patches are needed at this time, but be careful to avoid - clobbering changes to the various event-config.h files which have been customized - over time to avoid various build bustages. -diff --git a/ipc/chromium/src/third_party/libevent/linux/event2/event-config.h b/ipc/chromium/src/third_party/libevent/linux/event2/event-config.h ---- a/ipc/chromium/src/third_party/libevent/linux/event2/event-config.h -+++ b/ipc/chromium/src/third_party/libevent/linux/event2/event-config.h -@@ -24,24 +24,28 @@ - /* #undef EVENT__DISABLE_THREAD_SUPPORT */ - - /* Define to 1 if you have the `accept4' function. */ - #define EVENT__HAVE_ACCEPT4 1 - - /* Define to 1 if you have the header file. */ - /* #undef EVENT__HAVE_AFUNIX_H 1 */ - -+#ifdef HAVE_ARC4RANDOM - /* Define to 1 if you have the `arc4random' function. */ --/* #undef EVENT__HAVE_ARC4RANDOM */ -+#define EVENT__HAVE_ARC4RANDOM 1 -+#endif - - /* Define to 1 if you have the `arc4random_addrandom' function. */ - /* #undef EVENT__HAVE_ARC4RANDOM_ADDRANDOM */ - -+#ifdef HAVE_ARC4RANDOM_BUF - /* Define to 1 if you have the `arc4random_buf' function. */ --/* #undef EVENT__HAVE_ARC4RANDOM_BUF */ -+#define EVENT__HAVE_ARC4RANDOM_BUF 1 -+#endif - - /* Define to 1 if you have the header file. */ - #define EVENT__HAVE_ARPA_INET_H 1 - - /* Define to 1 if you have the `clock_gettime' function. */ - #define EVENT__HAVE_CLOCK_GETTIME 1 - - /* Define to 1 if you have the declaration of `CTL_KERN', and to 0 if you - - -# HG changeset patch -# User Mike Hommey -# Date 1660077764 0 -# Node ID a61813bd9f0a0048b84a2c56a77a06eb5e269ab2 -# Parent 970ebbe54477a0e518bfee8aeddf487ad9bd4365 -Bug 1782988 - Fix use of arc4random_buf use in ping.cpp. r=gsvelto - -The code was probably never built before glibc 2.36, because before -that, only Android and some BSDs had arc4random_buf, but none of those -actually built this code. - -Differential Revision: https://phabricator.services.mozilla.com/D154024 - -diff --git a/toolkit/crashreporter/client/ping.cpp b/toolkit/crashreporter/client/ping.cpp ---- a/toolkit/crashreporter/client/ping.cpp -+++ b/toolkit/crashreporter/client/ping.cpp -@@ -48,17 +48,17 @@ static string GenerateUUID() { - return ""; - } - - CFUUIDBytes bytes = CFUUIDGetUUIDBytes(uuid); - memcpy(&id, &bytes, sizeof(UUID)); - - CFRelease(uuid); - #elif defined(HAVE_ARC4RANDOM_BUF) // Android, BSD, ... -- arc4random_buf(id, sizeof(UUID)); -+ arc4random_buf(&id, sizeof(UUID)); - #else // Linux - int fd = open("/dev/urandom", O_RDONLY); - - if (fd == -1) { - return ""; - } - - if (read(fd, &id, sizeof(UUID)) != sizeof(UUID)) { - diff -r e27c6e9c5c63 -r c19c9e7820ef mozilla-i686-build.patch --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/mozilla-i686-build.patch Mon Oct 17 21:08:02 2022 +0200 @@ -0,0 +1,49 @@ +# HG changeset patch +# User Wolfgang Rosenauer +# Parent 63af48397aee6985bb8d711bd918a201e5c8c282 +# References: bmo#1792159 - Add missing includes to AtomicOperationsGenerated.h + +diff --git a/js/src/jit/GenerateAtomicOperations.py b/js/src/jit/GenerateAtomicOperations.py +--- a/js/src/jit/GenerateAtomicOperations.py ++++ b/js/src/jit/GenerateAtomicOperations.py +@@ -702,16 +702,18 @@ HEADER_TEMPLATE = """\ + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + + #ifndef jit_AtomicOperationsGenerated_h + #define jit_AtomicOperationsGenerated_h + + /* This file is generated by jit/GenerateAtomicOperations.py. Do not edit! */ + ++#include "mozilla/Attributes.h" ++ + namespace js { + namespace jit { + + %(contents)s + + } // namespace jit + } // namespace js + +diff --git a/mozglue/misc/SIMD_avx2.cpp b/mozglue/misc/SIMD_avx2.cpp +--- a/mozglue/misc/SIMD_avx2.cpp ++++ b/mozglue/misc/SIMD_avx2.cpp +@@ -50,17 +50,17 @@ template + } + if (sizeof(TValue) == 2) { + return _mm256_cmpeq_epi16(a, b); + } + + return _mm256_cmpeq_epi64(a, b); + } + +-# if defined(__GNUC__) && !defined(__clang__) ++# if 0 + + // See the comment in SIMD.cpp over Load32BitsIntoXMM. This is just adapted + // from that workaround. Testing this, it also yields the correct instructions + // across all tested compilers. + __m128i Load64BitsIntoXMM(uintptr_t ptr) { + int64_t tmp; + memcpy(&tmp, reinterpret_cast(ptr), sizeof(tmp)); + return _mm_cvtsi64_si128(tmp); diff -r e27c6e9c5c63 -r c19c9e7820ef mozilla-kde.patch --- a/mozilla-kde.patch Sat Sep 17 23:09:48 2022 +0200 +++ b/mozilla-kde.patch Mon Oct 17 21:08:02 2022 +0200 @@ -3,7 +3,7 @@ # Date 1559294891 -7200 # Fri May 31 11:28:11 2019 +0200 # Node ID c2aa7198fb925e7fde96abf65b6f68b9b755f112 -# Parent 65e96e081f6f4b68d6b7998f4182a3764832c2ce +# Parent b8fad36c438a0d20ffe73630e35c17addb4ee57d Description: Add KDE integration to Firefox (toolkit parts) Author: Wolfgang Rosenauer Author: Lubos Lunak @@ -31,7 +31,7 @@ #ifdef MOZ_MEMORY # include "mozmemory.h" #endif -@@ -4791,16 +4792,27 @@ nsresult Preferences::InitInitialObjects +@@ -4823,16 +4824,27 @@ nsresult Preferences::InitInitialObjects "unix.js" # if defined(_AIX) , @@ -59,7 +59,7 @@ // Load jar:$app/omni.jar!/defaults/preferences/*.js // or jar:$gre/omni.jar!/defaults/preferences/*.js. -@@ -4865,17 +4877,17 @@ nsresult Preferences::InitInitialObjects +@@ -4897,17 +4909,17 @@ nsresult Preferences::InitInitialObjects } nsCOMPtr path = do_QueryInterface(elem); @@ -81,7 +81,7 @@ diff --git a/modules/libpref/moz.build b/modules/libpref/moz.build --- a/modules/libpref/moz.build +++ b/modules/libpref/moz.build -@@ -120,16 +120,20 @@ EXPORTS.mozilla += [ +@@ -121,16 +121,20 @@ EXPORTS.mozilla += [ ] EXPORTS.mozilla += sorted(["!" + g for g in gen_h]) @@ -165,7 +165,7 @@ diff --git a/toolkit/mozapps/downloads/HelperAppDlg.jsm b/toolkit/mozapps/downloads/HelperAppDlg.jsm --- a/toolkit/mozapps/downloads/HelperAppDlg.jsm +++ b/toolkit/mozapps/downloads/HelperAppDlg.jsm -@@ -1254,36 +1254,66 @@ nsUnknownContentTypeDialog.prototype = { +@@ -1265,36 +1265,66 @@ nsUnknownContentTypeDialog.prototype = { params.handlerApp && params.handlerApp.executable && params.handlerApp.executable.isFile() @@ -768,17 +768,17 @@ using mozilla::dom::RemoteHandlerApp; namespace { -@@ -299,17 +299,17 @@ mozilla::ipc::IPCResult HandlerServicePa - mozilla::ipc::IPCResult HandlerServiceParent::RecvExistsForProtocolOS( - const nsCString& aProtocolScheme, bool* aHandlerExists) { +@@ -300,17 +300,17 @@ mozilla::ipc::IPCResult HandlerServicePa + const nsACString& aProtocolScheme, bool* aHandlerExists) { if (aProtocolScheme.Length() > MAX_SCHEME_LENGTH) { *aHandlerExists = false; return IPC_OK(); } #ifdef MOZ_WIDGET_GTK // Check the GNOME registry for a protocol handler -- *aHandlerExists = nsGNOMERegistry::HandlerExists(aProtocolScheme.get()); -+ *aHandlerExists = nsCommonRegistry::HandlerExists(aProtocolScheme.get()); + *aHandlerExists = +- nsGNOMERegistry::HandlerExists(PromiseFlatCString(aProtocolScheme).get()); ++ nsCommonRegistry::HandlerExists(PromiseFlatCString(aProtocolScheme).get()); #else *aHandlerExists = false; #endif diff -r e27c6e9c5c63 -r c19c9e7820ef mozilla-silence-no-return-type.patch --- a/mozilla-silence-no-return-type.patch Sat Sep 17 23:09:48 2022 +0200 +++ b/mozilla-silence-no-return-type.patch Mon Oct 17 21:08:02 2022 +0200 @@ -1,10 +1,10 @@ # HG changeset patch -# Parent baaeb7c2d2540633134a74438dab2768ea4c97ef +# Parent 602c790a8615e43dbfe8ce15a30d020e0fb4f5e7 diff --git a/Cargo.lock b/Cargo.lock --- a/Cargo.lock +++ b/Cargo.lock -@@ -2363,18 +2363,16 @@ name = "glsl-to-cxx" +@@ -2298,18 +2298,16 @@ name = "glsl-to-cxx" version = "0.1.0" dependencies = [ "glsl", @@ -26,13 +26,13 @@ diff --git a/Cargo.toml b/Cargo.toml --- a/Cargo.toml +++ b/Cargo.toml -@@ -143,16 +143,17 @@ async-task = { git = "https://github.com +@@ -146,16 +146,17 @@ async-task = { git = "https://github.com chardetng = { git = "https://github.com/hsivonen/chardetng", rev="3484d3e3ebdc8931493aa5df4d7ee9360a90e76b" } chardetng_c = { git = "https://github.com/hsivonen/chardetng_c", rev="ed8a4c6f900a90d4dbc1d64b856e61490a1c3570" } coremidi = { git = "https://github.com/chris-zen/coremidi.git", rev="fc68464b5445caf111e41f643a2e69ccce0b4f83" } fog = { path = "toolkit/components/glean/api" } libudev-sys = { path = "dom/webauthn/libudev-sys" } - packed_simd = { package = "packed_simd_2", git = "https://github.com/hsivonen/packed_simd", rev="90eebb82a107cbec1c8e406d9223819417e96de1" } + packed_simd = { package = "packed_simd_2", git = "https://github.com/hsivonen/packed_simd", rev="412f9a0aa556611de021bde89dee8fefe6e0fbbd" } midir = { git = "https://github.com/mozilla/midir.git", rev = "e1b4dcb767f9e69afe95a860374aaa9635d81e3d" } minidump_writer_linux = { git = "https://github.com/rust-minidump/minidump-writer.git", rev = "75ada456c92a429704691a85e1cb42fef8cafc0d" } +glslopt = { path = "third_party/rust/glslopt/" } diff -r e27c6e9c5c63 -r c19c9e7820ef series --- a/series Sat Sep 17 23:09:48 2022 +0200 +++ b/series Mon Oct 17 21:08:02 2022 +0200 @@ -21,7 +21,7 @@ mozilla-bmo531915.patch one_swizzle_to_rule_them_all.patch svg-rendering.patch -mozilla-glibc236.patch +mozilla-i686-build.patch # Firefox patches firefox-kde.patch