--- a/MozillaFirefox/MozillaFirefox.changes Mon Aug 09 09:14:17 2021 +0200
+++ b/MozillaFirefox/MozillaFirefox.changes Fri Aug 13 23:47:08 2021 +0200
@@ -1,4 +1,44 @@
-------------------------------------------------------------------
+Mon Aug 9 14:55:22 UTC 2021 - Wolfgang Rosenauer <wr@rosenauer.org>
+
+- Mozilla Firefox 91.0
+ MFSA 2021-33 (bsc#1188891)
+ * CVE-2021-29986 (bmo#1696138)
+ Race condition when resolving DNS names could have led to
+ memory corruption
+ * CVE-2021-29981 (bmo#1707774)
+ Live range splitting could have led to conflicting
+ assignments in the JIT
+ * CVE-2021-29988 (bmo#1717922)
+ Memory corruption as a result of incorrect style treatment
+ * CVE-2021-29983 (bmo#1719088)
+ Firefox for Android could get stuck in fullscreen mode
+ * CVE-2021-29984 (bmo#1720031)
+ Incorrect instruction reordering during JIT optimization
+ * CVE-2021-29980 (bmo#1722204)
+ Uninitialized memory in a canvas object could have led to
+ memory corruption
+ * CVE-2021-29987 (bmo#1716129)
+ Users could have been tricked into accepting unwanted
+ permissions on Linux
+ * CVE-2021-29985 (bmo#1722083)
+ Use-after-free media channels
+ * CVE-2021-29982 (bmo#1715318)
+ Single bit data leak due to incorrect JIT optimization and
+ type confusion
+ * CVE-2021-29989 (bmo#1662676, bmo#1666184, bmo#1719178,
+ bmo#1719998, bmo#1720568)
+ Memory safety bugs fixed in Firefox 91 and Firefox ESR 78.13
+ * CVE-2021-29990 (bmo#1544190, bmo#1716481, bmo#1717778,
+ bmo#1719319, bmo#1722073)
+ Memory safety bugs fixed in Firefox 91
+- requires
+ * rustc/cargo >= 1.51
+ * NSPR >= 4.32
+ * NSS >= 3.68
+- force-disable webrender on BE platforms
+
+-------------------------------------------------------------------
Sat Jul 24 07:15:54 UTC 2021 - Andreas Stieger <andreas.stieger@gmx.de>
- Mozilla Firefox 90.0.2:
--- a/MozillaFirefox/MozillaFirefox.spec Mon Aug 09 09:14:17 2021 +0200
+++ b/MozillaFirefox/MozillaFirefox.spec Fri Aug 13 23:47:08 2021 +0200
@@ -32,9 +32,9 @@
# orig_suffix b3
# major 69
# mainver %major.99
-%define major 90
-%define mainver %major.0.2
-%define orig_version 90.0.2
+%define major 91
+%define mainver %major.0
+%define orig_version 91.0
%define orig_suffix %{nil}
%define update_channel release
%define branding 1
@@ -54,6 +54,9 @@
# define if ccache should be used or not
%define useccache 1
+# SLE-12 doesn't have this macro
+%{!?_rpmmacrodir: %global _rpmmacrodir %{_rpmconfigdir}/macros.d}
+
# Firefox only supports i686
%ifarch %ix86
ExclusiveArch: i586 i686
@@ -100,7 +103,15 @@
%else
BuildRequires: gcc-c++
%endif
-BuildRequires: cargo >= 1.47
+%if 0%{?suse_version} < 1550 && 0%{?sle_version} < 150300
+BuildRequires: cargo >= 1.51
+BuildRequires: rust >= 1.51
+%else
+# Newer sle/leap/tw use parallel versioned rust releases which have
+# a different method for provides that we can use to request a
+# specific version
+BuildRequires: rust+cargo >= 1.51
+%endif
%if 0%{useccache} != 0
BuildRequires: ccache
%endif
@@ -110,8 +121,8 @@
BuildRequires: libiw-devel
BuildRequires: libproxy-devel
BuildRequires: makeinfo
-BuildRequires: mozilla-nspr-devel >= 4.31
-BuildRequires: mozilla-nss-devel >= 3.66
+BuildRequires: mozilla-nspr-devel >= 4.32
+BuildRequires: mozilla-nss-devel >= 3.68
BuildRequires: nasm >= 2.14
BuildRequires: nodejs >= 10.22.1
%if 0%{?sle_version} >= 120000 && 0%{?sle_version} < 150000
@@ -121,7 +132,6 @@
BuildRequires: python3 >= 3.5
BuildRequires: python3-devel
%endif
-BuildRequires: rust >= 1.47
BuildRequires: rust-cbindgen >= 0.19.0
BuildRequires: unzip
BuildRequires: update-desktop-files
@@ -367,6 +377,12 @@
export PYTHON3=/usr/bin/python36
%endif
+# Webrender does not support big endian yet, so we are forcing it off
+# see: https://bugzilla.mozilla.org/show_bug.cgi?id=1716707
+%ifarch s390x ppc64
+echo 'pref("gfx.webrender.force-disabled", true);' >> %{SOURCE9}
+%endif
+
#
kdehelperversion=$(cat toolkit/xre/nsKDEUtils.cpp | grep '#define KMOZILLAHELPER_VERSION' | cut -d ' ' -f 3)
if test "$kdehelperversion" != %{kde_helper_version}; then
@@ -652,11 +668,8 @@
#
mkdir -p %{buildroot}%{_datadir}/mozilla/extensions/%{firefox_appid}
mkdir -p %{buildroot}%{_libdir}/mozilla/extensions/%{firefox_appid}
+# Install symbolic icon for GNOME
%if %branding
-# Install symbolic icon for GNOME
-mkdir -p %{buildroot}%{gnome_dir}/share/icons/hicolor/symbolic/apps/
-cp %{_builddir}/%{srcname}-%{orig_version}/browser/branding/official/content/identity-icons-brand.svg \
- %{buildroot}%{gnome_dir}/share/icons/hicolor/symbolic/apps/%{progname}-symbolic.svg
for size in 16 22 24 32 48 64 128 256; do
%else
for size in 16 32 48; do
--- a/MozillaFirefox/tar_stamps Mon Aug 09 09:14:17 2021 +0200
+++ b/MozillaFirefox/tar_stamps Fri Aug 13 23:47:08 2021 +0200
@@ -1,11 +1,10 @@
PRODUCT="firefox"
CHANNEL="release"
-VERSION="90.0.2"
+VERSION="91.0"
VERSION_SUFFIX=""
-PREV_VERSION="90.0.1"
+PREV_VERSION="90.0.2"
PREV_VERSION_SUFFIX=""
#SKIP_LOCALES="" # Uncomment to skip l10n and compare-locales-generation
-
RELEASE_REPO="https://hg.mozilla.org/releases/mozilla-release"
-RELEASE_TAG="cda19fb46018c9cb8dc5e6127ebb2cfd04aa9be4"
-RELEASE_TIMESTAMP="20210721174149"
+RELEASE_TAG="f51367289e745398258bb394fe2001e807faa048"
+RELEASE_TIMESTAMP="20210804193234"
--- a/mozilla-reduce-rust-debuginfo.patch Mon Aug 09 09:14:17 2021 +0200
+++ b/mozilla-reduce-rust-debuginfo.patch Fri Aug 13 23:47:08 2021 +0200
@@ -1,54 +1,28 @@
-# HG changeset patch
-# User msirringhaus@suse.de
-# Date 1560754926 -7200
-# Mon Jun 17 09:02:06 2019 +0200
-# Node ID 428161c3b9599083e1b8710eda1760f1f707ab11
-# Parent d55730171edb1935dec80234eba336787ff0e4e8
-#Description: reduce the rust debuginfo level on selected architectures where
-# compiling with debuginfo=2 causes the OOM killer to interrupt the build on
-# launchpad builders. Initially this was only on 32 bit architectures, but with
-# firefox 63 it started happening frequently on arm64 and ppc64el too.
-
diff --git a/build/moz.configure/rust.configure b/build/moz.configure/rust.configure
--- a/build/moz.configure/rust.configure
+++ b/build/moz.configure/rust.configure
-@@ -603,18 +603,19 @@ set_config("CARGO_PROFILE_DEV_OPT_LEVEL"
-
-
- @depends(
- rustc_opt_level,
- debug_rust,
- target,
- "--enable-debug-symbols",
+@@ -610,6 +610,7 @@ set_config("CARGO_PROFILE_DEV_OPT_LEVEL"
"--enable-frame-pointers",
-+ host,
+ path_remapping,
+ path_remappings,
++ host
)
--def rust_compile_flags(opt_level, debug_rust, target, debug_symbols, frame_pointers):
-+def rust_compile_flags(opt_level, debug_rust, target, debug_symbols, frame_pointers, host):
+ def rust_compile_flags(
+ opt_level,
+@@ -619,6 +620,7 @@ def rust_compile_flags(
+ frame_pointers,
+ path_remapping,
+ path_remappings,
++ host
+ ):
# Cargo currently supports only two interesting profiles for building:
# development and release. Those map (roughly) to --enable-debug and
- # --disable-debug in Gecko, respectively.
- #
- # But we'd also like to support an additional axis of control for
- # optimization level. Since Cargo only supports 2 profiles, we're in
- # a bit of a bind.
- #
-@@ -627,16 +628,18 @@ def rust_compile_flags(opt_level, debug_
-
- # opt-level=0 implies -C debug-assertions, which may not be desired
- # unless Rust debugging is enabled.
- if opt_level == "0" and not debug_rust:
- debug_assertions = False
+@@ -642,6 +644,8 @@ def rust_compile_flags(
if debug_symbols:
debug_info = "2"
-+ if host.bitness == 32 or host.cpu == 'aarch64' or host.cpu == 'ppc64':
++ if host.bitness == 32 or host.cpu == 'aarch64' or host.cpu == 'ppc64' or host.cpu == 's390x':
+ debug_info = '1'
opts = []
- if debug_assertions is not None:
- opts.append("debug-assertions=%s" % ("yes" if debug_assertions else "no"))
- if debug_info is not None:
- opts.append("debuginfo=%s" % debug_info)
- if frame_pointers: