# HG changeset patch # User Wolfgang Rosenauer # Date 1644069893 -3600 # Node ID f9b2d408b7ef6836437edf8c28a80065ed5730d7 # Parent 7481543bab31d337adfe9367db65cc5ccbcc11db Firefox 96.0.3 diff -r 7481543bab31 -r f9b2d408b7ef MozillaFirefox/MozillaFirefox.changes --- a/MozillaFirefox/MozillaFirefox.changes Sat Jan 08 10:41:19 2022 +0100 +++ b/MozillaFirefox/MozillaFirefox.changes Sat Feb 05 15:04:53 2022 +0100 @@ -1,4 +1,107 @@ ------------------------------------------------------------------- +Sun Jan 30 23:58:34 UTC 2022 - Dirk Müller + +- disable ccache, this adds about 1 minute of build time and + over 2 GB of disk space usage without benefit on OBS builds +- build with rust-simd like upstream does +- use -g1 for debuginfo generation as this is what upstream + does as well and it saves ~ 2GB of writes +- use %limit on x86_64 to scale down to less capable workers +- disable install stripping so that debuginfo is useful +- use autopatch +- cleanup constraints to specify only jobs, physicalmemory + and memoryperjob to be more flexible on which host to build + on + +------------------------------------------------------------------- +Fri Jan 28 15:26:45 UTC 2022 - Wolfgang Rosenauer + +- Mozilla Firefox 96.0.3 (bsc#1195230) + * Fixed an issue that allowed unexpected data to be submitted in + some of our search telemetry (bmo#1752317) + +------------------------------------------------------------------- +Mon Jan 24 07:42:03 UTC 2022 - Martin Liška + +- Enable -fimplicit-constexpr for GCC 12+. + +------------------------------------------------------------------- +Thu Jan 20 23:21:44 UTC 2022 - Andreas Stieger + +- Mozilla Firefox 96.0.2 + * Fix an issue that caused tab height to display inconsistently + on Linux when audio was played (bmo#1714276) + * Fix an issue that caused Lastpass dropdowns to appear blank in + Private Browsing mode (bmo#1748158) + * Fix a crash encountered when resizing a Facebook app + (bmo#1746084) + +------------------------------------------------------------------- +Fri Jan 14 16:56:42 UTC 2022 - Andreas Stieger + +- Mozilla Firefox 96.0.1 + * Fixed: Improvements to make the parsing of content-length + headers more robust (bmo#1749957, boo#1194677) + +------------------------------------------------------------------- +Sat Jan 8 10:32:46 UTC 2022 - Wolfgang Rosenauer + +- Mozilla Firefox 96.0 + * https://www.mozilla.org/en-US/firefox/96.0/releasenotes + MFSA 2022-01 (bsc#1194547) + * CVE-2022-22746 (bmo#1735071) + Calling into reportValidity could have lead to fullscreen + window spoof + * CVE-2022-22743 (bmo#1739220) + Browser window spoof using fullscreen mode + * CVE-2022-22742 (bmo#1739923) + Out-of-bounds memory access when inserting text in edit mode + * CVE-2022-22741 (bmo#1740389) + Browser window spoof using fullscreen mode + * CVE-2022-22740 (bmo#1742334) + Use-after-free of ChannelEventQueue::mOwner + * CVE-2022-22738 (bmo#1742382) + Heap-buffer-overflow in blendGaussianBlur + * CVE-2022-22737 (bmo#1745874) + Race condition when playing audio files + * CVE-2021-4140 (bmo#1746720) + Iframe sandbox bypass with XSLT + * CVE-2022-22750 (bmo#1566608) + IPC passing of resource handles could have lead to sandbox + bypass + * CVE-2022-22749 (bmo#1705094) + Lack of URL restrictions when scanning QR codes + * CVE-2022-22748 (bmo#1705211) + Spoofed origin on external protocol launch dialog + * CVE-2022-22745 (bmo#1735856) + Leaking cross-origin URLs through securitypolicyviolation + event + * CVE-2022-22744 (bmo#1737252) + The 'Copy as curl' feature in DevTools did not fully escape + website-controlled data, potentially leading to command + injection + * CVE-2022-22747 (bmo#1735028) + Crash when handling empty pkcs7 sequence + * CVE-2022-22736 (bmo#1742692) + Potential local privilege escalation when loading modules + from the install directory. + * CVE-2022-22739 (bmo#1744158) + Missing throttling on external protocol launch dialog + * CVE-2022-22751 (bmo#1664149, bmo#1737816, bmo#1739366, + bmo#1740274, bmo#1740797, bmo#1741201, bmo#1741869, + bmo#1743221, bmo#1743515, bmo#1745373, bmo#1746011) + Memory safety bugs fixed in Firefox 96 and Firefox ESR 91.5 + * CVE-2022-22752 (bmo#1740534, bmo#1741210, bmo#1742770) + Memory safety bugs fixed in Firefox 96 +- removed obsolete patches + * mozilla-bmo1745560.patch + * mozilla-bmo1744896.patch + * mozilla-sandbox-fips.patch +- requires + NSPR >= 4.33 + NSS >= 3.73.1 + +------------------------------------------------------------------- Tue Dec 28 17:45:28 UTC 2021 - Bjørn Lie - Add upstream patches: diff -r 7481543bab31 -r f9b2d408b7ef MozillaFirefox/MozillaFirefox.spec --- a/MozillaFirefox/MozillaFirefox.spec Sat Jan 08 10:41:19 2022 +0100 +++ b/MozillaFirefox/MozillaFirefox.spec Sat Feb 05 15:04:53 2022 +0100 @@ -1,7 +1,7 @@ # # spec file # -# Copyright (c) 2021 SUSE LLC +# Copyright (c) 2022 SUSE LLC # 2006-2021 Wolfgang Rosenauer # # All modifications and additions to the file contributed by third parties @@ -28,9 +28,9 @@ # orig_suffix b3 # major 69 # mainver %major.99 -%define major 95 -%define mainver %major.0.2 -%define orig_version 95.0.2 +%define major 96 +%define mainver %major.0.3 +%define orig_version 96.0.3 %define orig_suffix %{nil} %define update_channel release %define branding 1 @@ -42,13 +42,10 @@ # upstream default is clang (to use gcc for large parts set to 0) %define clang_build 0 -# PIE, full relro -%define build_hardened 1 - %bcond_with only_print_mozconfig # define if ccache should be used or not -%define useccache 1 +%define useccache 0 # SLE-12 doesn't have this macro %{!?_rpmmacrodir: %global _rpmmacrodir %{_rpmconfigdir}/macros.d} @@ -116,8 +113,8 @@ BuildRequires: libiw-devel BuildRequires: libproxy-devel BuildRequires: makeinfo -BuildRequires: mozilla-nspr-devel >= 4.32 -BuildRequires: mozilla-nss-devel >= 3.71 +BuildRequires: mozilla-nspr-devel >= 4.33 +BuildRequires: mozilla-nss-devel >= 3.73.1 BuildRequires: nasm >= 2.14 BuildRequires: nodejs >= 10.22.1 %if 0%{?sle_version} >= 120000 && 0%{?sle_version} < 150000 @@ -203,28 +200,25 @@ Patch2: mozilla-kde.patch Patch3: mozilla-ntlm-full-path.patch Patch4: mozilla-aarch64-startup-crash.patch -Patch6: mozilla-sandbox-fips.patch -Patch7: mozilla-fix-aarch64-libopus.patch -Patch9: mozilla-s390-context.patch -Patch10: mozilla-pgo.patch -Patch11: mozilla-reduce-rust-debuginfo.patch -Patch13: mozilla-bmo1005535.patch -Patch14: mozilla-bmo1568145.patch -Patch15: mozilla-bmo1504834-part1.patch -Patch16: mozilla-bmo1504834-part2.patch -Patch17: mozilla-bmo1504834-part3.patch -Patch19: mozilla-bmo1512162.patch -Patch20: mozilla-fix-top-level-asm.patch -Patch21: mozilla-bmo1504834-part4.patch -Patch22: mozilla-bmo849632.patch -Patch25: mozilla-bmo998749.patch -Patch26: mozilla-bmo1626236.patch -Patch27: mozilla-s390x-skia-gradient.patch -Patch28: mozilla-libavcodec58_91.patch -Patch29: mozilla-silence-no-return-type.patch -Patch31: mozilla-bmo531915.patch -Patch32: mozilla-bmo1745560.patch -Patch33: mozilla-bmo1744896.patch +Patch5: mozilla-fix-aarch64-libopus.patch +Patch6: mozilla-s390-context.patch +Patch7: mozilla-pgo.patch +Patch8: mozilla-reduce-rust-debuginfo.patch +Patch9: mozilla-bmo1005535.patch +Patch10: mozilla-bmo1568145.patch +Patch11: mozilla-bmo1504834-part1.patch +Patch12: mozilla-bmo1504834-part2.patch +Patch13: mozilla-bmo1504834-part3.patch +Patch14: mozilla-bmo1512162.patch +Patch15: mozilla-fix-top-level-asm.patch +Patch16: mozilla-bmo1504834-part4.patch +Patch17: mozilla-bmo849632.patch +Patch18: mozilla-bmo998749.patch +Patch19: mozilla-bmo1626236.patch +Patch20: mozilla-s390x-skia-gradient.patch +Patch21: mozilla-libavcodec58_91.patch +Patch22: mozilla-silence-no-return-type.patch +Patch23: mozilla-bmo531915.patch # Firefox/browser Patch101: firefox-kde.patch Patch102: firefox-branded-icons.patch @@ -329,35 +323,7 @@ %setup -q -n %{srcname}-%{orig_version} %endif cd $RPM_BUILD_DIR/%{srcname}-%{orig_version} -%patch1 -p1 -%patch2 -p1 -%patch3 -p1 -%patch4 -p1 -%patch6 -p1 -%patch7 -p1 -%patch9 -p1 -%patch10 -p1 -%patch11 -p1 -%patch13 -p1 -%patch14 -p1 -%patch15 -p1 -%patch16 -p1 -%patch17 -p1 -%patch19 -p1 -%patch20 -p1 -%patch21 -p1 -%patch22 -p1 -%patch25 -p1 -%patch26 -p1 -%patch27 -p1 -%patch28 -p1 -%patch29 -p1 -%patch31 -p1 -%patch32 -p1 -%patch33 -p1 -# Firefox -%patch101 -p1 -%patch102 -p1 +%autopatch -p1 %endif %build @@ -407,15 +373,16 @@ %if 0%{?clang_build} == 0 export CC=gcc export CXX=g++ +%if 0%{?gcc_version:%{gcc_version}} >= 12 +export CFLAGS="$CFLAGS -fimplicit-constexpr" +%endif %endif %endif %ifarch %arm %ix86 # Limit RAM usage during link export LDFLAGS="${LDFLAGS} -Wl,--no-keep-memory -Wl,--reduce-memory-overheads" %endif -%if 0%{?build_hardened} export LDFLAGS="${LDFLAGS} -fPIC -Wl,-z,relro,-z,now" -%endif %ifarch ppc64 ppc64le %if 0%{?clang_build} == 0 export CFLAGS="$CFLAGS -mminimal-toc" @@ -441,8 +408,8 @@ echo "" cat << EOF %else -%ifarch aarch64 %arm ppc64 ppc64le -%limit_build -m 2000 +%ifarch aarch64 ppc64 ppc64le x86_64 +%limit_build -m 2048 %endif cat << EOF > $MOZCONFIG %endif @@ -465,7 +432,8 @@ %ifarch %ix86 %arm ac_add_options --disable-debug-symbols %else -ac_add_options --enable-debug-symbols +ac_add_options --enable-debug-symbols=-g1 +ac_add_options --disable-install-strip %endif # building with elf-hack started to fail everywhere with FF73 #%if 0%{?suse_version} > 1549 @@ -488,7 +456,6 @@ ac_add_options --disable-tests ac_add_options --enable-alsa ac_add_options --disable-debug -#ac_add_options --enable-chrome-format=jar ac_add_options --enable-update-channel=%{update_channel} ac_add_options --with-mozilla-api-keyfile=%{SOURCE18} # Google-service currently not available for free anymore @@ -498,6 +465,9 @@ ac_add_options --allow-addon-sideload # at least temporary until the "wasi-sysroot" issue is solved ac_add_options --without-wasm-sandboxed-libraries +%ifarch x86_64 aarch64 +ac_add_options --enable-rust-simd +%endif %if %branding ac_add_options --enable-official-branding %endif diff -r 7481543bab31 -r f9b2d408b7ef MozillaFirefox/_constraints --- a/MozillaFirefox/_constraints Sat Jan 08 10:41:19 2022 +0100 +++ b/MozillaFirefox/_constraints Sat Feb 05 15:04:53 2022 +0100 @@ -1,15 +1,16 @@ + 4 - 36 + 24 - + 8 - - - 2000 - + + + 1536 + @@ -17,9 +18,6 @@ armv7l - - 1000 - 12 @@ -28,48 +26,4 @@ - - - aarch64 - - - 4 - - 36 - - - 1000 - - - 12 - - - - - - x86_64 - - - - 18 - - - - - - ppc64 - ppc64le - - - - 36 - - - 11 - - - 2500 - - - diff -r 7481543bab31 -r f9b2d408b7ef MozillaFirefox/mozilla-bmo1744896.patch --- a/MozillaFirefox/mozilla-bmo1744896.patch Sat Jan 08 10:41:19 2022 +0100 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,1 +0,0 @@ -../mozilla-bmo1744896.patch \ No newline at end of file diff -r 7481543bab31 -r f9b2d408b7ef MozillaFirefox/mozilla-bmo1745560.patch --- a/MozillaFirefox/mozilla-bmo1745560.patch Sat Jan 08 10:41:19 2022 +0100 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,1 +0,0 @@ -../mozilla-bmo1745560.patch \ No newline at end of file diff -r 7481543bab31 -r f9b2d408b7ef MozillaFirefox/mozilla-sandbox-fips.patch --- a/MozillaFirefox/mozilla-sandbox-fips.patch Sat Jan 08 10:41:19 2022 +0100 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,1 +0,0 @@ -../mozilla-sandbox-fips.patch \ No newline at end of file diff -r 7481543bab31 -r f9b2d408b7ef MozillaFirefox/tar_stamps --- a/MozillaFirefox/tar_stamps Sat Jan 08 10:41:19 2022 +0100 +++ b/MozillaFirefox/tar_stamps Sat Feb 05 15:04:53 2022 +0100 @@ -1,10 +1,10 @@ PRODUCT="firefox" CHANNEL="release" -VERSION="95.0.2" +VERSION="96.0.3" VERSION_SUFFIX="" -PREV_VERSION="95.0.1" +PREV_VERSION="96.0.2" PREV_VERSION_SUFFIX="" #SKIP_LOCALES="" # Uncomment to skip l10n and compare-locales-generation RELEASE_REPO="https://hg.mozilla.org/releases/mozilla-release" -RELEASE_TAG="1ff2cec0bb36e389df1a209a9f882b443ed48495" -RELEASE_TIMESTAMP="20211218203254" +RELEASE_TAG="08a730393ae6e9e8f7096f1a040dc66948f245b1" +RELEASE_TIMESTAMP="20220126154723" diff -r 7481543bab31 -r f9b2d408b7ef mozilla-bmo1744896.patch --- a/mozilla-bmo1744896.patch Sat Jan 08 10:41:19 2022 +0100 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,43 +0,0 @@ -diff -up firefox-95.0.2/widget/gtk/nsWindow.cpp.1744896 firefox-95.0.2/widget/gtk/nsWindow.cpp ---- firefox-95.0.2/widget/gtk/nsWindow.cpp.1744896 2021-12-23 11:54:31.522539340 +0100 -+++ firefox-95.0.2/widget/gtk/nsWindow.cpp 2021-12-23 11:55:56.070270174 +0100 -@@ -5765,6 +5765,17 @@ nsresult nsWindow::Create(nsIWidget* aPa - } - } - #endif -+#ifdef MOZ_WAYLAND -+ // Initialize the window specific VsyncSource early in order to avoid races -+ // with BrowserParent::UpdateVsyncParentVsyncSource(). -+ // Only use for toplevel windows for now, see bug 1619246. -+ if (GdkIsWaylandDisplay() && -+ StaticPrefs::widget_wayland_vsync_enabled_AtStartup() && -+ mWindowType == eWindowType_toplevel) { -+ mWaylandVsyncSource = new WaylandVsyncSource(); -+ MOZ_RELEASE_ASSERT(mWaylandVsyncSource); -+ } -+#endif - - // We create input contexts for all containers, except for - // toplevel popup windows -@@ -6077,19 +6088,12 @@ void nsWindow::ResumeCompositorFromCompo - - void nsWindow::WaylandStartVsync() { - #ifdef MOZ_WAYLAND -- // only use for toplevel windows for now - see bug 1619246 -- if (!GdkIsWaylandDisplay() || -- !StaticPrefs::widget_wayland_vsync_enabled_AtStartup() || -- mWindowType != eWindowType_toplevel) { -+ if (!mWaylandVsyncSource) { - return; - } - - LOG("nsWindow::WaylandStartVsync() [%p]\n", (void*)this); - -- if (!mWaylandVsyncSource) { -- mWaylandVsyncSource = new WaylandVsyncSource(); -- } -- - WaylandVsyncSource::WaylandDisplay& display = - static_cast( - mWaylandVsyncSource->GetGlobalDisplay()); - diff -r 7481543bab31 -r f9b2d408b7ef mozilla-bmo1745560.patch --- a/mozilla-bmo1745560.patch Sat Jan 08 10:41:19 2022 +0100 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,15 +0,0 @@ -diff --git a/widget/gtk/mozwayland/mozwayland.c b/widget/gtk/mozwayland/mozwayland.c ---- a/widget/gtk/mozwayland/mozwayland.c -+++ b/widget/gtk/mozwayland/mozwayland.c -@@ -200,3 +200,10 @@ - - MOZ_EXPORT void wl_list_insert_list(struct wl_list* list, - struct wl_list* other) {} -+ -+MOZ_EXPORT struct wl_proxy* wl_proxy_marshal_flags( -+ struct wl_proxy* proxy, uint32_t opcode, -+ const struct wl_interface* interface, uint32_t version, uint32_t flags, -+ ...) { -+ return NULL; -+} - diff -r 7481543bab31 -r f9b2d408b7ef mozilla-fix-top-level-asm.patch --- a/mozilla-fix-top-level-asm.patch Sat Jan 08 10:41:19 2022 +0100 +++ b/mozilla-fix-top-level-asm.patch Sat Feb 05 15:04:53 2022 +0100 @@ -49,7 +49,7 @@ ] if CONFIG["CC_TYPE"] in ("clang", "gcc"): - CXXFLAGS += ["-Wno-shadow", "-Wno-error=stack-protector"] + CXXFLAGS += ["-Wno-error=stack-protector"] SOURCES["../chromium/sandbox/linux/services/syscall_wrappers.cc"].flags += [ "-Wno-empty-body", ] diff -r 7481543bab31 -r f9b2d408b7ef mozilla-kde.patch --- a/mozilla-kde.patch Sat Jan 08 10:41:19 2022 +0100 +++ b/mozilla-kde.patch Sat Feb 05 15:04:53 2022 +0100 @@ -3,7 +3,7 @@ # Date 1559294891 -7200 # Fri May 31 11:28:11 2019 +0200 # Node ID c2aa7198fb925e7fde96abf65b6f68b9b755f112 -# Parent d065e5213c971b1f80d4a13458c412a3a25f7c1c +# Parent 9db1669be16001a48b62d147070fb75f60bac251 Description: Add KDE integration to Firefox (toolkit parts) Author: Wolfgang Rosenauer Author: Lubos Lunak @@ -81,7 +81,7 @@ diff --git a/modules/libpref/moz.build b/modules/libpref/moz.build --- a/modules/libpref/moz.build +++ b/modules/libpref/moz.build -@@ -118,16 +118,20 @@ EXPORTS.mozilla += [ +@@ -119,16 +119,20 @@ EXPORTS.mozilla += [ ] EXPORTS.mozilla += sorted(["!" + g for g in gen_h]) @@ -808,12 +808,12 @@ diff --git a/uriloader/exthandler/moz.build b/uriloader/exthandler/moz.build --- a/uriloader/exthandler/moz.build +++ b/uriloader/exthandler/moz.build -@@ -80,17 +80,19 @@ else: +@@ -78,17 +78,19 @@ elif CONFIG["MOZ_WIDGET_TOOLKIT"] == "ui + else: + # These files can't be built in unified mode because they redefine LOG. SOURCES += [ osdir + "/nsOSHelperAppService.cpp", ] - if CONFIG["CC_TYPE"] in ("clang", "gcc"): - CXXFLAGS += ["-Wno-error=shadow"] if CONFIG["MOZ_WIDGET_TOOLKIT"] == "gtk": UNIFIED_SOURCES += [ @@ -828,7 +828,7 @@ ] elif CONFIG["MOZ_WIDGET_TOOLKIT"] == "windows": UNIFIED_SOURCES += [ -@@ -128,16 +130,17 @@ include("/ipc/chromium/chromium-config.m +@@ -126,16 +128,17 @@ include("/ipc/chromium/chromium-config.m FINAL_LIBRARY = "xul" LOCAL_INCLUDES += [ @@ -1260,7 +1260,7 @@ diff --git a/widget/gtk/moz.build b/widget/gtk/moz.build --- a/widget/gtk/moz.build +++ b/widget/gtk/moz.build -@@ -136,16 +136,17 @@ FINAL_LIBRARY = "xul" +@@ -135,16 +135,17 @@ FINAL_LIBRARY = "xul" LOCAL_INCLUDES += [ "/layout/base", diff -r 7481543bab31 -r f9b2d408b7ef mozilla-pgo.patch --- a/mozilla-pgo.patch Sat Jan 08 10:41:19 2022 +0100 +++ b/mozilla-pgo.patch Sat Feb 05 15:04:53 2022 +0100 @@ -1,6 +1,6 @@ # HG changeset patch # User Wolfgang Rosenauer -# Parent 066aba2f6d1fbc0fe31d1864d539714041404fe6 +# Parent ebd7e379c85889b6f8dba0542479110ab1f6b059 diff --git a/build/moz.configure/lto-pgo.configure b/build/moz.configure/lto-pgo.configure --- a/build/moz.configure/lto-pgo.configure @@ -152,15 +152,15 @@ diff --git a/extensions/spellcheck/src/moz.build b/extensions/spellcheck/src/moz.build --- a/extensions/spellcheck/src/moz.build +++ b/extensions/spellcheck/src/moz.build -@@ -26,8 +26,10 @@ LOCAL_INCLUDES += [ +@@ -23,8 +23,10 @@ LOCAL_INCLUDES += [ + "../hunspell/glue", + "../hunspell/src", + "/dom/base", ] EXPORTS.mozilla += [ "mozInlineSpellChecker.h", "mozSpellChecker.h", ] - - if CONFIG["CC_TYPE"] in ("clang", "gcc"): - CXXFLAGS += ["-Wno-error=shadow"] + +CXXFLAGS += ['-fno-devirtualize'] diff --git a/toolkit/components/terminator/nsTerminator.cpp b/toolkit/components/terminator/nsTerminator.cpp diff -r 7481543bab31 -r f9b2d408b7ef mozilla-sandbox-fips.patch --- a/mozilla-sandbox-fips.patch Sat Jan 08 10:41:19 2022 +0100 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,40 +0,0 @@ -From: meissner@suse.com, cgrobertson@suse.com -Subject: allow Firefox to access addtional process information -References: -http://bugzilla.suse.com/show_bug.cgi?id=1167132 -bsc#1174284 - Firefox tab just crashed in FIPS mode - -Index: firefox-93.0/security/sandbox/linux/Sandbox.cpp -=================================================================== ---- firefox-93.0.orig/security/sandbox/linux/Sandbox.cpp -+++ firefox-93.0/security/sandbox/linux/Sandbox.cpp -@@ -655,6 +655,7 @@ void SetMediaPluginSandbox(const char* a - auto files = new SandboxOpenedFiles(); - files->Add(std::move(plugin)); - files->Add("/dev/urandom", SandboxOpenedFile::Dup::YES); -+ files->Add("/dev/random", SandboxOpenedFile::Dup::YES); - files->Add("/etc/ld.so.cache"); // Needed for NSS in clearkey. - files->Add("/sys/devices/system/cpu/cpu0/tsc_freq_khz"); - files->Add("/sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq"); -Index: firefox-93.0/security/sandbox/linux/broker/SandboxBrokerPolicyFactory.cpp -=================================================================== ---- firefox-93.0.orig/security/sandbox/linux/broker/SandboxBrokerPolicyFactory.cpp -+++ firefox-93.0/security/sandbox/linux/broker/SandboxBrokerPolicyFactory.cpp -@@ -320,6 +320,8 @@ void SandboxBrokerPolicyFactory::InitCon - - // Read permissions - policy->AddPath(rdonly, "/dev/urandom"); -+ policy->AddPath(rdonly, "/dev/random"); -+ policy->AddPath(rdonly, "/proc/sys/crypto/fips_enabled"); - policy->AddPath(rdonly, "/proc/cpuinfo"); - policy->AddPath(rdonly, "/proc/meminfo"); - policy->AddDir(rdonly, "/sys/devices/cpu"); -@@ -792,6 +794,8 @@ SandboxBrokerPolicyFactory::GetSocketPro - auto policy = MakeUnique(); - - policy->AddPath(rdonly, "/dev/urandom"); -+ policy->AddPath(rdonly, "/dev/random"); -+ policy->AddPath(rdonly, "/proc/sys/crypto/fips_enabled"); - policy->AddPath(rdonly, "/proc/cpuinfo"); - policy->AddPath(rdonly, "/proc/meminfo"); - policy->AddDir(rdonly, "/sys/devices/cpu"); diff -r 7481543bab31 -r f9b2d408b7ef series --- a/series Sat Jan 08 10:41:19 2022 +0100 +++ b/series Sat Feb 05 15:04:53 2022 +0100 @@ -3,7 +3,6 @@ mozilla-kde.patch mozilla-ntlm-full-path.patch mozilla-aarch64-startup-crash.patch -mozilla-sandbox-fips.patch mozilla-fix-aarch64-libopus.patch mozilla-s390-context.patch mozilla-pgo.patch @@ -23,8 +22,6 @@ mozilla-libavcodec58_91.patch mozilla-silence-no-return-type.patch mozilla-bmo531915.patch -mozilla-bmo1745560.patch -mozilla-bmo1744896.patch # Firefox patches firefox-kde.patch