51.0.1 firefox51
authorWolfgang Rosenauer <wr@rosenauer.org>
Sun, 12 Feb 2017 08:42:06 +0100
branchfirefox51
changeset 940 f63a4ac0fe06
parent 939 3604ed712e16
child 941 ff9e20146e8b
51.0.1
MozillaFirefox/MozillaFirefox.changes
MozillaFirefox/MozillaFirefox.spec
MozillaFirefox/create-tar.sh
MozillaFirefox/mozilla-disable-skia-be.patch
MozillaFirefox/mozilla-skia-ppc-endianess.patch
mozilla-disable-skia-be.patch
mozilla-skia-ppc-endianess.patch
series
--- a/MozillaFirefox/MozillaFirefox.changes	Tue Jan 24 22:19:01 2017 +0100
+++ b/MozillaFirefox/MozillaFirefox.changes	Sun Feb 12 08:42:06 2017 +0100
@@ -1,7 +1,14 @@
+-------------------------------------------------------------------
+Fri Jan 27 20:25:59 UTC 2017 - astieger@suse.com
+
+- Mozilla Firefox 51.0.1:
+  - Multiprocess incompatibility did not correctly register with
+    some add-ons (bmo#1333423)
+
 -------------------------------------------------------------------
 Fri Jan 20 13:57:56 UTC 2017 - wr@rosenauer.org
 
-- update to Firefox 51.0 (boo#)
+- update to Firefox 51.0
   * requires NSPR >= 4.13.1, NSS >= 3.28.1
   * Added support for FLAC (Free Lossless Audio Codec) playback
   * Added support for WebGL 2
@@ -13,11 +20,65 @@
   * View passwords from the prompt before saving them
   * Remove Belarusian (be) locale
   * Use Skia for content rendering (Linux)
-- switch Firefox to Gtk3 for Tumbleweed and Leap >= 43
+  * MFSA 2017-01
+    CVE-2017-5375: Excessive JIT code allocation allows bypass of
+                   ASLR and DEP (bmo#1325200, boo#1021814)
+    CVE-2017-5376: Use-after-free in XSL (bmo#1311687, boo#1021817)
+    CVE-2017-5377: Memory corruption with transforms to create
+                   gradients in Skia (bmo#1306883, boo#1021826)
+    CVE-2017-5378: Pointer and frame data leakage of Javascript objects
+                   (bmo#1312001, bmo#1330769, boo#1021818)
+    CVE-2017-5379: Use-after-free in Web Animations
+                   (bmo#1309198,boo#1021827)
+    CVE-2017-5380: Potential use-after-free during DOM manipulations
+                   (bmo#1322107, boo#1021819)
+    CVE-2017-5390: Insecure communication methods in Developer Tools
+                   JSON viewer (bmo#1297361, boo#1021820)
+    CVE-2017-5389: WebExtensions can install additional add-ons via
+                   modified host requests (bmo#1308688, boo#1021828)
+    CVE-2017-5396: Use-after-free with Media Decoder
+                   (bmo#1329403, boo#1021821)
+    CVE-2017-5381: Certificate Viewer exporting can be used to navigate
+                   and save to arbitrary filesystem locations
+		   (bmo#1017616, boo#1021830)
+    CVE-2017-5382: Feed preview can expose privileged content errors
+                   and exceptions (bmo#1295322, boo#1021831)
+    CVE-2017-5383: Location bar spoofing with unicode characters
+                   (bmo#1323338, bmo#1324716, boo#1021822)
+    CVE-2017-5384: Information disclosure via Proxy Auto-Config (PAC)
+                   (bmo#1255474, boo#1021832)
+    CVE-2017-5385: Data sent in multipart channels ignores referrer-policy
+                   response headers (bmo#1295945, boo#1021833)
+    CVE-2017-5386: WebExtensions can use data: protocol to affect other
+                   extensions (bmo#1319070, boo#1021823)
+    CVE-2017-5394: Android location bar spoofing using fullscreen and
+                   JavaScript events (bmo#1222798)
+    CVE-2017-5391: Content about: pages can load privileged about: pages
+                   (bmo#1309310, boo#1021835)
+    CVE-2017-5392: Weak references using multiple threads on weak proxy
+                   objects lead to unsafe memory usage (bmo#1293709)
+		   (Android only)
+    CVE-2017-5393: Remove addons.mozilla.org CDN from whitelist for
+                   mozAddonManager (bmo#1309282, boo#1021837)
+    CVE-2017-5395: Android location bar spoofing during scrolling
+                   (bmo#1293463) (Android only)
+    CVE-2017-5387: Disclosure of local file existence through TRACK
+                   tag error messages (bmo#1295023, boo#1021839)
+    CVE-2017-5388: WebRTC can be used to generate a large amount of
+                   UDP traffic for DDOS attacks
+		   (bmo#1281482, boo#1021840)
+    CVE-2017-5374: Memory safety bugs fixed in Firefox 51 (boo#1021841)
+    CVE-2017-5373: Memory safety bugs fixed in Firefox 51 and
+                   Firefox ESR 45.7 (boo#1021824)
+- switch Firefox to Gtk3 for Tumbleweed
 - removed obsolete patches
   * mozilla-flex_buffer_overrun.patch
 - updated RPM locale support tag
 - improve recognition of LANGUAGE env variable (boo#1017174)
+- add upstream patch to fix PPC64LE (bmo#1319389)
+  (mozilla-skia-ppc-endianess.patch)
+- fix build without skia (big endian archs) (bmo#1319374)
+  (mozilla-disable-skia-be.patch)
 
 -------------------------------------------------------------------
 Mon Dec 12 21:18:41 UTC 2016 - wr@rosenauer.org
--- a/MozillaFirefox/MozillaFirefox.spec	Tue Jan 24 22:19:01 2017 +0100
+++ b/MozillaFirefox/MozillaFirefox.spec	Sun Feb 12 08:42:06 2017 +0100
@@ -19,9 +19,9 @@
 
 # changed with every update
 %define major 51
-%define mainver %major.0
+%define mainver %major.0.1
 %define update_channel release
-%define releasedate 20170119000000
+%define releasedate 20170126000000
 
 # PIE, full relro (x86_64 for now)
 %define build_hardened 1
@@ -150,6 +150,8 @@
 Patch13:        mozilla-check_return.patch
 Patch14:        mozilla-skia-overflow.patch
 Patch17:        mozilla-binutils-visibility.patch
+Patch18:        mozilla-skia-ppc-endianess.patch
+Patch19:        mozilla-disable-skia-be.patch
 # Firefox/browser
 Patch101:       firefox-kde.patch
 Patch102:       firefox-no-default-ualocale.patch
@@ -264,6 +266,8 @@
 %patch13 -p1
 %patch14 -p1
 %patch17 -p1
+%patch18 -p1
+%patch19 -p1
 # Firefox
 %patch101 -p1
 %patch102 -p1
--- a/MozillaFirefox/create-tar.sh	Tue Jan 24 22:19:01 2017 +0100
+++ b/MozillaFirefox/create-tar.sh	Sun Feb 12 08:42:06 2017 +0100
@@ -7,8 +7,8 @@
 
 CHANNEL="release"
 BRANCH="releases/mozilla-$CHANNEL"
-RELEASE_TAG="ea82b5e20cbbd103f8fa65f0df0386ee4135cc47"
-VERSION="51.0"
+RELEASE_TAG="327e081221b064b05a302d7877c6e4be2949a617"
+VERSION="51.0.1"
 
 # mozilla
 if [ -d mozilla ]; then
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/MozillaFirefox/mozilla-disable-skia-be.patch	Sun Feb 12 08:42:06 2017 +0100
@@ -0,0 +1,1 @@
+../mozilla-disable-skia-be.patch
\ No newline at end of file
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/MozillaFirefox/mozilla-skia-ppc-endianess.patch	Sun Feb 12 08:42:06 2017 +0100
@@ -0,0 +1,1 @@
+../mozilla-skia-ppc-endianess.patch
\ No newline at end of file
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mozilla-disable-skia-be.patch	Sun Feb 12 08:42:06 2017 +0100
@@ -0,0 +1,292 @@
+
+# HG changeset patch
+# User Lee Salzman <lsalzman@mozilla.com>
+# Date 1484854371 18000
+# Node ID 42afdb8f7e6b3e8a465042f64c6c49782f231af4
+# Parent  dfadd79c97458f898d542461033a61dd34d3a5f0
+Bug 1319374 - Wrap PaintCounter with ifdef USE_SKIA. r=mchang, a=jcristau
+
+diff --git a/gfx/2d/BorrowedContext.h b/gfx/2d/BorrowedContext.h
+--- a/gfx/2d/BorrowedContext.h
++++ b/gfx/2d/BorrowedContext.h
+@@ -190,18 +190,28 @@ public:
+   }
+ 
+   ~BorrowedCGContext() {
+     MOZ_ASSERT(!cg);
+   }
+ 
+   CGContextRef cg;
+ private:
++#ifdef USE_SKIA
+   static CGContextRef BorrowCGContextFromDrawTarget(DrawTarget *aDT);
+   static void ReturnCGContextToDrawTarget(DrawTarget *aDT, CGContextRef cg);
++#else
++  static CGContextRef BorrowCGContextFromDrawTarget(DrawTarget *aDT) {
++    MOZ_CRASH("Not supported without Skia");
++  }
++
++  static void ReturnCGContextToDrawTarget(DrawTarget *aDT, CGContextRef cg) {
++    MOZ_CRASH("not supported without Skia");
++  }
++#endif
+   DrawTarget *mDT;
+ };
+ #endif
+ 
+ } // namespace gfx
+ } // namespace mozilla
+ 
+ #endif // _MOZILLA_GFX_BORROWED_CONTEXT_H
+diff --git a/gfx/layers/composite/LayerManagerComposite.cpp b/gfx/layers/composite/LayerManagerComposite.cpp
+--- a/gfx/layers/composite/LayerManagerComposite.cpp
++++ b/gfx/layers/composite/LayerManagerComposite.cpp
+@@ -7,17 +7,16 @@
+ #include <stddef.h>                     // for size_t
+ #include <stdint.h>                     // for uint16_t, uint32_t
+ #include "CanvasLayerComposite.h"       // for CanvasLayerComposite
+ #include "ColorLayerComposite.h"        // for ColorLayerComposite
+ #include "Composer2D.h"                 // for Composer2D
+ #include "CompositableHost.h"           // for CompositableHost
+ #include "ContainerLayerComposite.h"    // for ContainerLayerComposite, etc
+ #include "FPSCounter.h"                 // for FPSState, FPSCounter
+-#include "PaintCounter.h"               // For PaintCounter
+ #include "FrameMetrics.h"               // for FrameMetrics
+ #include "GeckoProfiler.h"              // for profiler_set_frame_number, etc
+ #include "ImageLayerComposite.h"        // for ImageLayerComposite
+ #include "Layers.h"                     // for Layer, ContainerLayer, etc
+ #include "LayerScope.h"                 // for LayerScope Tool
+ #include "protobuf/LayerScopePacket.pb.h" // for protobuf (LayerScope)
+ #include "PaintedLayerComposite.h"      // for PaintedLayerComposite
+ #include "TiledContentHost.h"
+@@ -68,16 +67,20 @@
+ #include "nsScreenManagerGonk.h"
+ #include "nsWindow.h"
+ #endif
+ #include "GeckoProfiler.h"
+ #include "TextRenderer.h"               // for TextRenderer
+ #include "mozilla/layers/CompositorBridgeParent.h"
+ #include "TreeTraversal.h"              // for ForEachNode
+ 
++#ifdef USE_SKIA
++#include "PaintCounter.h"               // For PaintCounter
++#endif
++
+ class gfxContext;
+ 
+ namespace mozilla {
+ namespace layers {
+ 
+ class ImageLayer;
+ 
+ using namespace mozilla::gfx;
+@@ -128,16 +131,20 @@ LayerManagerComposite::LayerManagerCompo
+ , mGeometryChanged(true)
+ , mLastFrameMissedHWC(false)
+ , mWindowOverlayChanged(false)
+ , mLastPaintTime(TimeDuration::Forever())
+ , mRenderStartTime(TimeStamp::Now())
+ {
+   mTextRenderer = new TextRenderer(aCompositor);
+   MOZ_ASSERT(aCompositor);
++
++#ifdef USE_SKIA
++  mPaintCounter = nullptr;
++#endif
+ }
+ 
+ LayerManagerComposite::~LayerManagerComposite()
+ {
+   Destroy();
+ }
+ 
+ 
+@@ -146,18 +153,21 @@ LayerManagerComposite::Destroy()
+ {
+   if (!mDestroyed) {
+     mCompositor->GetWidget()->CleanupWindowEffects();
+     if (mRoot) {
+       RootLayer()->Destroy();
+     }
+     mRoot = nullptr;
+     mClonedLayerTreeProperties = nullptr;
++    mDestroyed = true;
++
++#ifdef USE_SKIA
+     mPaintCounter = nullptr;
+-    mDestroyed = true;
++#endif
+   }
+ }
+ 
+ void
+ LayerManagerComposite::UpdateRenderBounds(const IntRect& aRect)
+ {
+   mRenderBounds = aRect;
+ }
+@@ -559,48 +569,52 @@ LayerManagerComposite::RootLayer() const
+ #endif
+ 
+ void
+ LayerManagerComposite::InvalidateDebugOverlay(nsIntRegion& aInvalidRegion, const IntRect& aBounds)
+ {
+   bool drawFps = gfxPrefs::LayersDrawFPS();
+   bool drawFrameCounter = gfxPrefs::DrawFrameCounter();
+   bool drawFrameColorBars = gfxPrefs::CompositorDrawColorBars();
+-  bool drawPaintTimes = gfxPrefs::AlwaysPaint();
+ 
+   if (drawFps || drawFrameCounter) {
+     aInvalidRegion.Or(aInvalidRegion, nsIntRect(0, 0, 256, 256));
+   }
+   if (drawFrameColorBars) {
+     aInvalidRegion.Or(aInvalidRegion, nsIntRect(0, 0, 10, aBounds.height));
+   }
++
++#ifdef USE_SKIA
++  bool drawPaintTimes = gfxPrefs::AlwaysPaint();
+   if (drawPaintTimes) {
+     aInvalidRegion.Or(aInvalidRegion, nsIntRect(PaintCounter::GetPaintRect()));
+   }
++#endif
+ }
+ 
++#ifdef USE_SKIA
+ void
+ LayerManagerComposite::DrawPaintTimes(Compositor* aCompositor)
+ {
+   if (!mPaintCounter) {
+     mPaintCounter = new PaintCounter();
+   }
+ 
+   TimeDuration compositeTime = TimeStamp::Now() - mRenderStartTime;
+   mPaintCounter->Draw(aCompositor, mLastPaintTime, compositeTime);
+ }
++#endif
+ 
+ static uint16_t sFrameCount = 0;
+ void
+ LayerManagerComposite::RenderDebugOverlay(const IntRect& aBounds)
+ {
+   bool drawFps = gfxPrefs::LayersDrawFPS();
+   bool drawFrameCounter = gfxPrefs::DrawFrameCounter();
+   bool drawFrameColorBars = gfxPrefs::CompositorDrawColorBars();
+-  bool drawPaintTimes = gfxPrefs::AlwaysPaint();
+ 
+   TimeStamp now = TimeStamp::Now();
+ 
+   if (drawFps) {
+     if (!mFPS) {
+       mFPS = MakeUnique<FPSState>();
+     }
+ 
+@@ -731,19 +745,22 @@ LayerManagerComposite::RenderDebugOverla
+   }
+ #endif
+ 
+   if (drawFrameColorBars || drawFrameCounter) {
+     // We intentionally overflow at 2^16.
+     sFrameCount++;
+   }
+ 
++#ifdef USE_SKIA
++  bool drawPaintTimes = gfxPrefs::AlwaysPaint();
+   if (drawPaintTimes) {
+     DrawPaintTimes(mCompositor);
+   }
++#endif
+ }
+ 
+ RefPtr<CompositingRenderTarget>
+ LayerManagerComposite::PushGroupForLayerEffects()
+ {
+   // This is currently true, so just making sure that any new use of this
+   // method is flagged for investigation
+   MOZ_ASSERT(gfxPrefs::LayersEffectInvert() ||
+diff --git a/gfx/layers/composite/LayerManagerComposite.h b/gfx/layers/composite/LayerManagerComposite.h
+--- a/gfx/layers/composite/LayerManagerComposite.h
++++ b/gfx/layers/composite/LayerManagerComposite.h
+@@ -326,21 +326,16 @@ private:
+    * Render the current layer tree to the active target.
+    */
+   void Render(const nsIntRegion& aInvalidRegion, const nsIntRegion& aOpaqueRegion);
+ #if defined(MOZ_WIDGET_ANDROID) || defined(MOZ_WIDGET_GONK)
+   void RenderToPresentationSurface();
+ #endif
+ 
+   /**
+-   * Render paint and composite times above the frame.
+-   */
+-  void DrawPaintTimes(Compositor* aCompositor);
+-
+-  /**
+    * We need to know our invalid region before we're ready to render.
+    */
+   void InvalidateDebugOverlay(nsIntRegion& aInvalidRegion, const gfx::IntRect& aBounds);
+ 
+   /**
+    * Render debug overlays such as the FPS/FrameCounter above the frame.
+    */
+   void RenderDebugOverlay(const gfx::IntRect& aBounds);
+@@ -386,19 +381,26 @@ private:
+   RefPtr<TextRenderer> mTextRenderer;
+   bool mGeometryChanged;
+ 
+   // Testing property. If hardware composer is supported, this will return
+   // true if the last frame was deemed 'too complicated' to be rendered.
+   bool mLastFrameMissedHWC;
+ 
+   bool mWindowOverlayChanged;
+-  RefPtr<PaintCounter> mPaintCounter;
+   TimeDuration mLastPaintTime;
+   TimeStamp mRenderStartTime;
++
++#ifdef USE_SKIA
++  /**
++   * Render paint and composite times above the frame.
++   */
++  void DrawPaintTimes(Compositor* aCompositor);
++  RefPtr<PaintCounter> mPaintCounter;
++#endif
+ };
+ 
+ /**
+  * Composite layers are for use with OMTC on the compositor thread only. There
+  * must be corresponding Basic layers on the content thread. For composite
+  * layers, the layer manager only maintains the layer tree, all rendering is
+  * done by a Compositor (see Compositor.h). As such, composite layers are
+  * platform-independent and can be used on any platform for which there is a
+diff --git a/gfx/layers/moz.build b/gfx/layers/moz.build
+--- a/gfx/layers/moz.build
++++ b/gfx/layers/moz.build
+@@ -335,17 +335,16 @@ UNIFIED_SOURCES += [
+     'composite/CompositableHost.cpp',
+     'composite/ContainerLayerComposite.cpp',
+     'composite/ContentHost.cpp',
+     'composite/FPSCounter.cpp',
+     'composite/FrameUniformityData.cpp',
+     'composite/ImageHost.cpp',
+     'composite/ImageLayerComposite.cpp',
+     'composite/LayerManagerComposite.cpp',
+-    'composite/PaintCounter.cpp',
+     'composite/PaintedLayerComposite.cpp',
+     'composite/TextRenderer.cpp',
+     'composite/TextureHost.cpp',
+     'composite/TiledContentHost.cpp',
+     'Compositor.cpp',
+     'CopyableCanvasLayer.cpp',
+     'Effects.cpp',
+     'FrameMetrics.cpp',
+@@ -480,8 +479,13 @@ MOCHITEST_CHROME_MANIFESTS += ['apz/test
+ 
+ CXXFLAGS += CONFIG['MOZ_CAIRO_CFLAGS']
+ CXXFLAGS += CONFIG['TK_CFLAGS']
+ 
+ LOCAL_INCLUDES += CONFIG['SKIA_INCLUDES']
+ 
+ if CONFIG['GNU_CXX']:
+     CXXFLAGS += ['-Wno-error=shadow']
++
++if CONFIG['MOZ_ENABLE_SKIA']:
++  UNIFIED_SOURCES += [
++    'composite/PaintCounter.cpp',
++  ]
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mozilla-skia-ppc-endianess.patch	Sun Feb 12 08:42:06 2017 +0100
@@ -0,0 +1,45 @@
+
+# HG changeset patch
+# User Mike Hommey <mh+mozilla@glandium.org>
+# Date 1479812942 -32400
+# Node ID a6d015fd1add5e16cf37f5868cd2734bafb709b4
+# Parent  319e03b9e8a22a8fba3756cb1afc8b9e7a6724c8
+Bug 1319389 - Generically set SK_CPU_[BL]ENDIAN based on __BYTE_ORDER__ when available. r?jrmuizel
+
+
+diff --git a/gfx/skia/skia/include/core/SkPreConfig.h b/gfx/skia/skia/include/core/SkPreConfig.h
+--- a/gfx/skia/skia/include/core/SkPreConfig.h
++++ b/gfx/skia/skia/include/core/SkPreConfig.h
+@@ -67,25 +67,29 @@
+ 
+ #if !defined(SK_WARN_UNUSED_RESULT)
+     #define SK_WARN_UNUSED_RESULT __attribute__((warn_unused_result))
+ #endif
+ 
+ //////////////////////////////////////////////////////////////////////
+ 
+ #if !defined(SK_CPU_BENDIAN) && !defined(SK_CPU_LENDIAN)
+-    #if defined(__sparc) || defined(__sparc__) || \
++    #if defined(__BYTE_ORDER__) && (__BYTE_ORDER__ == __ORDER_BIG_ENDIAN__)
++        #define SK_CPU_BENDIAN
++    #elif defined(__BYTE_ORDER__) && (__BYTE_ORDER__ == __ORDER_LITTLE_ENDIAN__)
++        #define SK_CPU_LENDIAN
++    #elif defined(__sparc) || defined(__sparc__) || \
+       defined(_POWER) || defined(__powerpc__) || \
+       defined(__ppc__) || defined(__hppa) || \
+       defined(__PPC__) || defined(__PPC64__) || \
+       defined(_MIPSEB) || defined(__ARMEB__) || \
+       defined(__s390__) || \
+       (defined(__sh__) && defined(__BIG_ENDIAN__)) || \
+       (defined(__ia64) && defined(__BIG_ENDIAN__))
+-         #define SK_CPU_BENDIAN
++        #define SK_CPU_BENDIAN
+     #else
+         #define SK_CPU_LENDIAN
+     #endif
+ #endif
+ 
+ //////////////////////////////////////////////////////////////////////
+ 
+ #if defined(__i386) || defined(_M_IX86) ||  defined(__x86_64__) || defined(_M_X64)
+
--- a/series	Tue Jan 24 22:19:01 2017 +0100
+++ b/series	Sun Feb 12 08:42:06 2017 +0100
@@ -13,6 +13,8 @@
 mozilla-skia-overflow.patch
 mozilla-binutils-visibility.patch
 mozilla-aarch64-startup-crash.patch
+mozilla-skia-ppc-endianess.patch
+mozilla-disable-skia-be.patch
 
 # Firefox patches
 firefox-kde.patch