Mercurial Mercurial > hg > mozilla / changeset
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
enable LTO firefox93
authorWolfgang Rosenauer <wr@rosenauer.org>
Sat, 23 Oct 2021 08:46:52 +0200
branchfirefox93
changeset 1165 e009fde1282b
parent 1164 bb219fd0d646
child 1166 59c4b0a75ff4
enable LTO fix aarch64 build fix sandbox patch to detect FIPS mode in socket sandbox
MozillaFirefox/MozillaFirefox.changes file | annotate | diff | comparison | revisions
MozillaFirefox/MozillaFirefox.spec file | annotate | diff | comparison | revisions
MozillaFirefox/mozilla-bmo1729124.patch file | annotate | diff | comparison | revisions
mozilla-bmo1729124.patch file | annotate | diff | comparison | revisions
mozilla-sandbox-fips.patch file | annotate | diff | comparison | revisions
series file | annotate | diff | comparison | revisions 
--- a/MozillaFirefox/MozillaFirefox.changes	Sun Oct 17 20:19:48 2021 +0200
+++ b/MozillaFirefox/MozillaFirefox.changes	Sat Oct 23 08:46:52 2021 +0200
@@ -1,4 +1,18 @@
 -------------------------------------------------------------------
+Wed Oct 20 06:49:52 UTC 2021 - Martin Sirringhaus <martin.sirringhaus@suse.com>
+
+- Rebase mozilla-sandbox-fips.patch to punch another hole in the
+  sandbox containment, to be able to open /proc/sys/crypto/fips_enabled
+  from within the newly introduced socket process sandbox.
+  This fixes bsc#1191815 and bsc#1190141
+
+-------------------------------------------------------------------
+Mon Oct 18 12:44:44 UTC 2021 - Guillaume GARDET <guillaume.gardet@opensuse.org>
+
+- Add patch to fix build on aarch64 (bmo#1729124)
+  * mozilla-bmo1729124.patch
+
+-------------------------------------------------------------------
 Fri Oct  1 18:33:33 UTC 2021 - Wolfgang Rosenauer <wr@rosenauer.org>
 
 - Mozilla Firefox 93.0
--- a/MozillaFirefox/MozillaFirefox.spec	Sun Oct 17 20:19:48 2021 +0200
+++ b/MozillaFirefox/MozillaFirefox.spec	Sat Oct 23 08:46:52 2021 +0200
@@ -227,6 +227,7 @@
 Patch29:        mozilla-silence-no-return-type.patch
 Patch30:        mozilla-bmo1725828.patch
 Patch31:        mozilla-bmo531915.patch
+Patch32:        mozilla-bmo1729124.patch
 # Firefox/browser
 Patch101:       firefox-kde.patch
 Patch102:       firefox-branded-icons.patch
@@ -357,6 +358,7 @@
 %patch29 -p1
 %patch30 -p1
 %patch31 -p1
+%patch32 -p1
 # Firefox
 %patch101 -p1
 %patch102 -p1
@@ -520,7 +522,7 @@
 %endif
 %ifarch x86_64
 # LTO needs newer toolchain stack only (at least GCC 8.2.1 (r268506)
-%if 0%{?suse_version} > 1500 && 0%{?suse_version} < 1550
+%if 0%{?suse_version} > 1500
 ac_add_options --enable-lto
 %if 0%{?do_profiling}
 ac_add_options MOZ_PGO=1
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/MozillaFirefox/mozilla-bmo1729124.patch	Sat Oct 23 08:46:52 2021 +0200
@@ -0,0 +1,1 @@
+../mozilla-bmo1729124.patch
\ No newline at end of file
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mozilla-bmo1729124.patch	Sat Oct 23 08:46:52 2021 +0200
@@ -0,0 +1,50 @@
+
+# HG changeset patch
+# User Zhao Jiazhong <zhaojiazhong-hf@loongson.cn>
+# Date 1631000649 0
+# Node ID eac40293649628d32911c909219d514bebb8ce63
+# Parent  6582d77235867224aaf8621bad8ee167dfb31460
+Bug 1729124 - [MIPS64][ARM64] Fix gcc build issue. r=lth
+
+The SpecificRegs struct needs a constructor.
+
+Differential Revision: https://phabricator.services.mozilla.com/D124535
+
+diff --git a/js/src/wasm/WasmBCRegDefs.h b/js/src/wasm/WasmBCRegDefs.h
+--- a/js/src/wasm/WasmBCRegDefs.h
++++ b/js/src/wasm/WasmBCRegDefs.h
+@@ -374,25 +374,31 @@ struct SpecificRegs {
+ };
+ #elif defined(JS_CODEGEN_ARM)
+ struct SpecificRegs {
+   RegI64 abiReturnRegI64;
+ 
+   SpecificRegs() : abiReturnRegI64(ReturnReg64) {}
+ };
+ #elif defined(JS_CODEGEN_ARM64)
+-struct SpecificRegs {};
++struct SpecificRegs {
++  // Required by gcc.
++  SpecificRegs() {}
++};
+ #elif defined(JS_CODEGEN_MIPS32)
+ struct SpecificRegs {
+   RegI64 abiReturnRegI64;
+ 
+   SpecificRegs() : abiReturnRegI64(ReturnReg64) {}
+ };
+ #elif defined(JS_CODEGEN_MIPS64)
+-struct SpecificRegs {};
++struct SpecificRegs {
++  // Required by gcc.
++  SpecificRegs() {}
++};
+ #else
+ struct SpecificRegs {
+ #  ifndef JS_64BIT
+   RegI64 abiReturnRegI64;
+ #  endif
+ 
+   SpecificRegs() { MOZ_CRASH("BaseCompiler porting interface: SpecificRegs"); }
+ };
+
--- a/mozilla-sandbox-fips.patch	Sun Oct 17 20:19:48 2021 +0200
+++ b/mozilla-sandbox-fips.patch	Sat Oct 23 08:46:52 2021 +0200
@@ -4,15 +4,11 @@
 http://bugzilla.suse.com/show_bug.cgi?id=1167132
 bsc#1174284 - Firefox tab just crashed in FIPS mode
 
-diff --git a/security/sandbox/linux/Sandbox.cpp b/security/sandbox/linux/Sandbox.cpp
---- a/security/sandbox/linux/Sandbox.cpp
-+++ b/security/sandbox/linux/Sandbox.cpp
-@@ -650,16 +650,17 @@ void SetMediaPluginSandbox(const char* a
-     SANDBOX_LOG_ERROR("failed to open plugin file %s: %s", aFilePath,
-                       strerror(errno));
-     MOZ_CRASH("failed while trying to open the plugin file ");
-   }
- 
+Index: firefox-93.0/security/sandbox/linux/Sandbox.cpp
+===================================================================
+--- firefox-93.0.orig/security/sandbox/linux/Sandbox.cpp
++++ firefox-93.0/security/sandbox/linux/Sandbox.cpp
+@@ -655,6 +655,7 @@ void SetMediaPluginSandbox(const char* a
    auto files = new SandboxOpenedFiles();
    files->Add(std::move(plugin));
    files->Add("/dev/urandom", SandboxOpenedFile::Dup::YES);
@@ -20,20 +16,11 @@
    files->Add("/etc/ld.so.cache");  // Needed for NSS in clearkey.
    files->Add("/sys/devices/system/cpu/cpu0/tsc_freq_khz");
    files->Add("/sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq");
-   files->Add("/proc/cpuinfo");  // Info also available via CPUID instruction.
-   files->Add("/proc/sys/crypto/fips_enabled");  // Needed for NSS in clearkey.
- #ifdef __i386__
-   files->Add("/proc/self/auxv");  // Info also in process's address space.
- #endif
-diff --git a/security/sandbox/linux/broker/SandboxBrokerPolicyFactory.cpp b/security/sandbox/linux/broker/SandboxBrokerPolicyFactory.cpp
---- a/security/sandbox/linux/broker/SandboxBrokerPolicyFactory.cpp
-+++ b/security/sandbox/linux/broker/SandboxBrokerPolicyFactory.cpp
-@@ -315,16 +315,18 @@ void SandboxBrokerPolicyFactory::InitCon
-     policy->AddDir(rdwr, "/dev/dri");
-   }
- 
-   // Bug 1575985: WASM library sandbox needs RW access to /dev/null
-   policy->AddPath(rdwr, "/dev/null");
+Index: firefox-93.0/security/sandbox/linux/broker/SandboxBrokerPolicyFactory.cpp
+===================================================================
+--- firefox-93.0.orig/security/sandbox/linux/broker/SandboxBrokerPolicyFactory.cpp
++++ firefox-93.0/security/sandbox/linux/broker/SandboxBrokerPolicyFactory.cpp
+@@ -320,6 +320,8 @@ void SandboxBrokerPolicyFactory::InitCon
  
    // Read permissions
    policy->AddPath(rdonly, "/dev/urandom");
@@ -42,8 +29,12 @@
    policy->AddPath(rdonly, "/proc/cpuinfo");
    policy->AddPath(rdonly, "/proc/meminfo");
    policy->AddDir(rdonly, "/sys/devices/cpu");
-   policy->AddDir(rdonly, "/sys/devices/system/cpu");
-   policy->AddDir(rdonly, "/lib");
-   policy->AddDir(rdonly, "/lib64");
-   policy->AddDir(rdonly, "/usr/lib");
-   policy->AddDir(rdonly, "/usr/lib32");
+@@ -792,6 +794,8 @@ SandboxBrokerPolicyFactory::GetSocketPro
+   auto policy = MakeUnique<SandboxBroker::Policy>();
+ 
+   policy->AddPath(rdonly, "/dev/urandom");
++  policy->AddPath(rdonly, "/dev/random");
++  policy->AddPath(rdonly, "/proc/sys/crypto/fips_enabled");
+   policy->AddPath(rdonly, "/proc/cpuinfo");
+   policy->AddPath(rdonly, "/proc/meminfo");
+   policy->AddDir(rdonly, "/sys/devices/cpu");
--- a/series	Sun Oct 17 20:19:48 2021 +0200
+++ b/series	Sat Oct 23 08:46:52 2021 +0200
@@ -25,6 +25,7 @@
 mozilla-silence-no-return-type.patch
 mozilla-bmo1725828.patch
 mozilla-bmo531915.patch
+mozilla-bmo1729124.patch
 
 # Firefox patches
 firefox-kde.patch
mozilla