--- a/MozillaFirefox/MozillaFirefox.changes Tue Jan 24 22:19:01 2017 +0100
+++ b/MozillaFirefox/MozillaFirefox.changes Sun Feb 12 08:42:06 2017 +0100
@@ -1,7 +1,14 @@
-------------------------------------------------------------------
+Fri Jan 27 20:25:59 UTC 2017 - astieger@suse.com
+
+- Mozilla Firefox 51.0.1:
+ - Multiprocess incompatibility did not correctly register with
+ some add-ons (bmo#1333423)
+
+-------------------------------------------------------------------
Fri Jan 20 13:57:56 UTC 2017 - wr@rosenauer.org
-- update to Firefox 51.0 (boo#)
+- update to Firefox 51.0
* requires NSPR >= 4.13.1, NSS >= 3.28.1
* Added support for FLAC (Free Lossless Audio Codec) playback
* Added support for WebGL 2
@@ -13,11 +20,65 @@
* View passwords from the prompt before saving them
* Remove Belarusian (be) locale
* Use Skia for content rendering (Linux)
-- switch Firefox to Gtk3 for Tumbleweed and Leap >= 43
+ * MFSA 2017-01
+ CVE-2017-5375: Excessive JIT code allocation allows bypass of
+ ASLR and DEP (bmo#1325200, boo#1021814)
+ CVE-2017-5376: Use-after-free in XSL (bmo#1311687, boo#1021817)
+ CVE-2017-5377: Memory corruption with transforms to create
+ gradients in Skia (bmo#1306883, boo#1021826)
+ CVE-2017-5378: Pointer and frame data leakage of Javascript objects
+ (bmo#1312001, bmo#1330769, boo#1021818)
+ CVE-2017-5379: Use-after-free in Web Animations
+ (bmo#1309198,boo#1021827)
+ CVE-2017-5380: Potential use-after-free during DOM manipulations
+ (bmo#1322107, boo#1021819)
+ CVE-2017-5390: Insecure communication methods in Developer Tools
+ JSON viewer (bmo#1297361, boo#1021820)
+ CVE-2017-5389: WebExtensions can install additional add-ons via
+ modified host requests (bmo#1308688, boo#1021828)
+ CVE-2017-5396: Use-after-free with Media Decoder
+ (bmo#1329403, boo#1021821)
+ CVE-2017-5381: Certificate Viewer exporting can be used to navigate
+ and save to arbitrary filesystem locations
+ (bmo#1017616, boo#1021830)
+ CVE-2017-5382: Feed preview can expose privileged content errors
+ and exceptions (bmo#1295322, boo#1021831)
+ CVE-2017-5383: Location bar spoofing with unicode characters
+ (bmo#1323338, bmo#1324716, boo#1021822)
+ CVE-2017-5384: Information disclosure via Proxy Auto-Config (PAC)
+ (bmo#1255474, boo#1021832)
+ CVE-2017-5385: Data sent in multipart channels ignores referrer-policy
+ response headers (bmo#1295945, boo#1021833)
+ CVE-2017-5386: WebExtensions can use data: protocol to affect other
+ extensions (bmo#1319070, boo#1021823)
+ CVE-2017-5394: Android location bar spoofing using fullscreen and
+ JavaScript events (bmo#1222798)
+ CVE-2017-5391: Content about: pages can load privileged about: pages
+ (bmo#1309310, boo#1021835)
+ CVE-2017-5392: Weak references using multiple threads on weak proxy
+ objects lead to unsafe memory usage (bmo#1293709)
+ (Android only)
+ CVE-2017-5393: Remove addons.mozilla.org CDN from whitelist for
+ mozAddonManager (bmo#1309282, boo#1021837)
+ CVE-2017-5395: Android location bar spoofing during scrolling
+ (bmo#1293463) (Android only)
+ CVE-2017-5387: Disclosure of local file existence through TRACK
+ tag error messages (bmo#1295023, boo#1021839)
+ CVE-2017-5388: WebRTC can be used to generate a large amount of
+ UDP traffic for DDOS attacks
+ (bmo#1281482, boo#1021840)
+ CVE-2017-5374: Memory safety bugs fixed in Firefox 51 (boo#1021841)
+ CVE-2017-5373: Memory safety bugs fixed in Firefox 51 and
+ Firefox ESR 45.7 (boo#1021824)
+- switch Firefox to Gtk3 for Tumbleweed
- removed obsolete patches
* mozilla-flex_buffer_overrun.patch
- updated RPM locale support tag
- improve recognition of LANGUAGE env variable (boo#1017174)
+- add upstream patch to fix PPC64LE (bmo#1319389)
+ (mozilla-skia-ppc-endianess.patch)
+- fix build without skia (big endian archs) (bmo#1319374)
+ (mozilla-disable-skia-be.patch)
-------------------------------------------------------------------
Mon Dec 12 21:18:41 UTC 2016 - wr@rosenauer.org
--- a/MozillaFirefox/MozillaFirefox.spec Tue Jan 24 22:19:01 2017 +0100
+++ b/MozillaFirefox/MozillaFirefox.spec Sun Feb 12 08:42:06 2017 +0100
@@ -19,9 +19,9 @@
# changed with every update
%define major 51
-%define mainver %major.0
+%define mainver %major.0.1
%define update_channel release
-%define releasedate 20170119000000
+%define releasedate 20170126000000
# PIE, full relro (x86_64 for now)
%define build_hardened 1
@@ -150,6 +150,8 @@
Patch13: mozilla-check_return.patch
Patch14: mozilla-skia-overflow.patch
Patch17: mozilla-binutils-visibility.patch
+Patch18: mozilla-skia-ppc-endianess.patch
+Patch19: mozilla-disable-skia-be.patch
# Firefox/browser
Patch101: firefox-kde.patch
Patch102: firefox-no-default-ualocale.patch
@@ -264,6 +266,8 @@
%patch13 -p1
%patch14 -p1
%patch17 -p1
+%patch18 -p1
+%patch19 -p1
# Firefox
%patch101 -p1
%patch102 -p1
--- a/MozillaFirefox/create-tar.sh Tue Jan 24 22:19:01 2017 +0100
+++ b/MozillaFirefox/create-tar.sh Sun Feb 12 08:42:06 2017 +0100
@@ -7,8 +7,8 @@
CHANNEL="release"
BRANCH="releases/mozilla-$CHANNEL"
-RELEASE_TAG="ea82b5e20cbbd103f8fa65f0df0386ee4135cc47"
-VERSION="51.0"
+RELEASE_TAG="327e081221b064b05a302d7877c6e4be2949a617"
+VERSION="51.0.1"
# mozilla
if [ -d mozilla ]; then
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/MozillaFirefox/mozilla-disable-skia-be.patch Sun Feb 12 08:42:06 2017 +0100
@@ -0,0 +1,1 @@
+../mozilla-disable-skia-be.patch
\ No newline at end of file
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/MozillaFirefox/mozilla-skia-ppc-endianess.patch Sun Feb 12 08:42:06 2017 +0100
@@ -0,0 +1,1 @@
+../mozilla-skia-ppc-endianess.patch
\ No newline at end of file
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/mozilla-disable-skia-be.patch Sun Feb 12 08:42:06 2017 +0100
@@ -0,0 +1,292 @@
+
+# HG changeset patch
+# User Lee Salzman <lsalzman@mozilla.com>
+# Date 1484854371 18000
+# Node ID 42afdb8f7e6b3e8a465042f64c6c49782f231af4
+# Parent dfadd79c97458f898d542461033a61dd34d3a5f0
+Bug 1319374 - Wrap PaintCounter with ifdef USE_SKIA. r=mchang, a=jcristau
+
+diff --git a/gfx/2d/BorrowedContext.h b/gfx/2d/BorrowedContext.h
+--- a/gfx/2d/BorrowedContext.h
++++ b/gfx/2d/BorrowedContext.h
+@@ -190,18 +190,28 @@ public:
+ }
+
+ ~BorrowedCGContext() {
+ MOZ_ASSERT(!cg);
+ }
+
+ CGContextRef cg;
+ private:
++#ifdef USE_SKIA
+ static CGContextRef BorrowCGContextFromDrawTarget(DrawTarget *aDT);
+ static void ReturnCGContextToDrawTarget(DrawTarget *aDT, CGContextRef cg);
++#else
++ static CGContextRef BorrowCGContextFromDrawTarget(DrawTarget *aDT) {
++ MOZ_CRASH("Not supported without Skia");
++ }
++
++ static void ReturnCGContextToDrawTarget(DrawTarget *aDT, CGContextRef cg) {
++ MOZ_CRASH("not supported without Skia");
++ }
++#endif
+ DrawTarget *mDT;
+ };
+ #endif
+
+ } // namespace gfx
+ } // namespace mozilla
+
+ #endif // _MOZILLA_GFX_BORROWED_CONTEXT_H
+diff --git a/gfx/layers/composite/LayerManagerComposite.cpp b/gfx/layers/composite/LayerManagerComposite.cpp
+--- a/gfx/layers/composite/LayerManagerComposite.cpp
++++ b/gfx/layers/composite/LayerManagerComposite.cpp
+@@ -7,17 +7,16 @@
+ #include <stddef.h> // for size_t
+ #include <stdint.h> // for uint16_t, uint32_t
+ #include "CanvasLayerComposite.h" // for CanvasLayerComposite
+ #include "ColorLayerComposite.h" // for ColorLayerComposite
+ #include "Composer2D.h" // for Composer2D
+ #include "CompositableHost.h" // for CompositableHost
+ #include "ContainerLayerComposite.h" // for ContainerLayerComposite, etc
+ #include "FPSCounter.h" // for FPSState, FPSCounter
+-#include "PaintCounter.h" // For PaintCounter
+ #include "FrameMetrics.h" // for FrameMetrics
+ #include "GeckoProfiler.h" // for profiler_set_frame_number, etc
+ #include "ImageLayerComposite.h" // for ImageLayerComposite
+ #include "Layers.h" // for Layer, ContainerLayer, etc
+ #include "LayerScope.h" // for LayerScope Tool
+ #include "protobuf/LayerScopePacket.pb.h" // for protobuf (LayerScope)
+ #include "PaintedLayerComposite.h" // for PaintedLayerComposite
+ #include "TiledContentHost.h"
+@@ -68,16 +67,20 @@
+ #include "nsScreenManagerGonk.h"
+ #include "nsWindow.h"
+ #endif
+ #include "GeckoProfiler.h"
+ #include "TextRenderer.h" // for TextRenderer
+ #include "mozilla/layers/CompositorBridgeParent.h"
+ #include "TreeTraversal.h" // for ForEachNode
+
++#ifdef USE_SKIA
++#include "PaintCounter.h" // For PaintCounter
++#endif
++
+ class gfxContext;
+
+ namespace mozilla {
+ namespace layers {
+
+ class ImageLayer;
+
+ using namespace mozilla::gfx;
+@@ -128,16 +131,20 @@ LayerManagerComposite::LayerManagerCompo
+ , mGeometryChanged(true)
+ , mLastFrameMissedHWC(false)
+ , mWindowOverlayChanged(false)
+ , mLastPaintTime(TimeDuration::Forever())
+ , mRenderStartTime(TimeStamp::Now())
+ {
+ mTextRenderer = new TextRenderer(aCompositor);
+ MOZ_ASSERT(aCompositor);
++
++#ifdef USE_SKIA
++ mPaintCounter = nullptr;
++#endif
+ }
+
+ LayerManagerComposite::~LayerManagerComposite()
+ {
+ Destroy();
+ }
+
+
+@@ -146,18 +153,21 @@ LayerManagerComposite::Destroy()
+ {
+ if (!mDestroyed) {
+ mCompositor->GetWidget()->CleanupWindowEffects();
+ if (mRoot) {
+ RootLayer()->Destroy();
+ }
+ mRoot = nullptr;
+ mClonedLayerTreeProperties = nullptr;
++ mDestroyed = true;
++
++#ifdef USE_SKIA
+ mPaintCounter = nullptr;
+- mDestroyed = true;
++#endif
+ }
+ }
+
+ void
+ LayerManagerComposite::UpdateRenderBounds(const IntRect& aRect)
+ {
+ mRenderBounds = aRect;
+ }
+@@ -559,48 +569,52 @@ LayerManagerComposite::RootLayer() const
+ #endif
+
+ void
+ LayerManagerComposite::InvalidateDebugOverlay(nsIntRegion& aInvalidRegion, const IntRect& aBounds)
+ {
+ bool drawFps = gfxPrefs::LayersDrawFPS();
+ bool drawFrameCounter = gfxPrefs::DrawFrameCounter();
+ bool drawFrameColorBars = gfxPrefs::CompositorDrawColorBars();
+- bool drawPaintTimes = gfxPrefs::AlwaysPaint();
+
+ if (drawFps || drawFrameCounter) {
+ aInvalidRegion.Or(aInvalidRegion, nsIntRect(0, 0, 256, 256));
+ }
+ if (drawFrameColorBars) {
+ aInvalidRegion.Or(aInvalidRegion, nsIntRect(0, 0, 10, aBounds.height));
+ }
++
++#ifdef USE_SKIA
++ bool drawPaintTimes = gfxPrefs::AlwaysPaint();
+ if (drawPaintTimes) {
+ aInvalidRegion.Or(aInvalidRegion, nsIntRect(PaintCounter::GetPaintRect()));
+ }
++#endif
+ }
+
++#ifdef USE_SKIA
+ void
+ LayerManagerComposite::DrawPaintTimes(Compositor* aCompositor)
+ {
+ if (!mPaintCounter) {
+ mPaintCounter = new PaintCounter();
+ }
+
+ TimeDuration compositeTime = TimeStamp::Now() - mRenderStartTime;
+ mPaintCounter->Draw(aCompositor, mLastPaintTime, compositeTime);
+ }
++#endif
+
+ static uint16_t sFrameCount = 0;
+ void
+ LayerManagerComposite::RenderDebugOverlay(const IntRect& aBounds)
+ {
+ bool drawFps = gfxPrefs::LayersDrawFPS();
+ bool drawFrameCounter = gfxPrefs::DrawFrameCounter();
+ bool drawFrameColorBars = gfxPrefs::CompositorDrawColorBars();
+- bool drawPaintTimes = gfxPrefs::AlwaysPaint();
+
+ TimeStamp now = TimeStamp::Now();
+
+ if (drawFps) {
+ if (!mFPS) {
+ mFPS = MakeUnique<FPSState>();
+ }
+
+@@ -731,19 +745,22 @@ LayerManagerComposite::RenderDebugOverla
+ }
+ #endif
+
+ if (drawFrameColorBars || drawFrameCounter) {
+ // We intentionally overflow at 2^16.
+ sFrameCount++;
+ }
+
++#ifdef USE_SKIA
++ bool drawPaintTimes = gfxPrefs::AlwaysPaint();
+ if (drawPaintTimes) {
+ DrawPaintTimes(mCompositor);
+ }
++#endif
+ }
+
+ RefPtr<CompositingRenderTarget>
+ LayerManagerComposite::PushGroupForLayerEffects()
+ {
+ // This is currently true, so just making sure that any new use of this
+ // method is flagged for investigation
+ MOZ_ASSERT(gfxPrefs::LayersEffectInvert() ||
+diff --git a/gfx/layers/composite/LayerManagerComposite.h b/gfx/layers/composite/LayerManagerComposite.h
+--- a/gfx/layers/composite/LayerManagerComposite.h
++++ b/gfx/layers/composite/LayerManagerComposite.h
+@@ -326,21 +326,16 @@ private:
+ * Render the current layer tree to the active target.
+ */
+ void Render(const nsIntRegion& aInvalidRegion, const nsIntRegion& aOpaqueRegion);
+ #if defined(MOZ_WIDGET_ANDROID) || defined(MOZ_WIDGET_GONK)
+ void RenderToPresentationSurface();
+ #endif
+
+ /**
+- * Render paint and composite times above the frame.
+- */
+- void DrawPaintTimes(Compositor* aCompositor);
+-
+- /**
+ * We need to know our invalid region before we're ready to render.
+ */
+ void InvalidateDebugOverlay(nsIntRegion& aInvalidRegion, const gfx::IntRect& aBounds);
+
+ /**
+ * Render debug overlays such as the FPS/FrameCounter above the frame.
+ */
+ void RenderDebugOverlay(const gfx::IntRect& aBounds);
+@@ -386,19 +381,26 @@ private:
+ RefPtr<TextRenderer> mTextRenderer;
+ bool mGeometryChanged;
+
+ // Testing property. If hardware composer is supported, this will return
+ // true if the last frame was deemed 'too complicated' to be rendered.
+ bool mLastFrameMissedHWC;
+
+ bool mWindowOverlayChanged;
+- RefPtr<PaintCounter> mPaintCounter;
+ TimeDuration mLastPaintTime;
+ TimeStamp mRenderStartTime;
++
++#ifdef USE_SKIA
++ /**
++ * Render paint and composite times above the frame.
++ */
++ void DrawPaintTimes(Compositor* aCompositor);
++ RefPtr<PaintCounter> mPaintCounter;
++#endif
+ };
+
+ /**
+ * Composite layers are for use with OMTC on the compositor thread only. There
+ * must be corresponding Basic layers on the content thread. For composite
+ * layers, the layer manager only maintains the layer tree, all rendering is
+ * done by a Compositor (see Compositor.h). As such, composite layers are
+ * platform-independent and can be used on any platform for which there is a
+diff --git a/gfx/layers/moz.build b/gfx/layers/moz.build
+--- a/gfx/layers/moz.build
++++ b/gfx/layers/moz.build
+@@ -335,17 +335,16 @@ UNIFIED_SOURCES += [
+ 'composite/CompositableHost.cpp',
+ 'composite/ContainerLayerComposite.cpp',
+ 'composite/ContentHost.cpp',
+ 'composite/FPSCounter.cpp',
+ 'composite/FrameUniformityData.cpp',
+ 'composite/ImageHost.cpp',
+ 'composite/ImageLayerComposite.cpp',
+ 'composite/LayerManagerComposite.cpp',
+- 'composite/PaintCounter.cpp',
+ 'composite/PaintedLayerComposite.cpp',
+ 'composite/TextRenderer.cpp',
+ 'composite/TextureHost.cpp',
+ 'composite/TiledContentHost.cpp',
+ 'Compositor.cpp',
+ 'CopyableCanvasLayer.cpp',
+ 'Effects.cpp',
+ 'FrameMetrics.cpp',
+@@ -480,8 +479,13 @@ MOCHITEST_CHROME_MANIFESTS += ['apz/test
+
+ CXXFLAGS += CONFIG['MOZ_CAIRO_CFLAGS']
+ CXXFLAGS += CONFIG['TK_CFLAGS']
+
+ LOCAL_INCLUDES += CONFIG['SKIA_INCLUDES']
+
+ if CONFIG['GNU_CXX']:
+ CXXFLAGS += ['-Wno-error=shadow']
++
++if CONFIG['MOZ_ENABLE_SKIA']:
++ UNIFIED_SOURCES += [
++ 'composite/PaintCounter.cpp',
++ ]
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/mozilla-skia-ppc-endianess.patch Sun Feb 12 08:42:06 2017 +0100
@@ -0,0 +1,45 @@
+
+# HG changeset patch
+# User Mike Hommey <mh+mozilla@glandium.org>
+# Date 1479812942 -32400
+# Node ID a6d015fd1add5e16cf37f5868cd2734bafb709b4
+# Parent 319e03b9e8a22a8fba3756cb1afc8b9e7a6724c8
+Bug 1319389 - Generically set SK_CPU_[BL]ENDIAN based on __BYTE_ORDER__ when available. r?jrmuizel
+
+
+diff --git a/gfx/skia/skia/include/core/SkPreConfig.h b/gfx/skia/skia/include/core/SkPreConfig.h
+--- a/gfx/skia/skia/include/core/SkPreConfig.h
++++ b/gfx/skia/skia/include/core/SkPreConfig.h
+@@ -67,25 +67,29 @@
+
+ #if !defined(SK_WARN_UNUSED_RESULT)
+ #define SK_WARN_UNUSED_RESULT __attribute__((warn_unused_result))
+ #endif
+
+ //////////////////////////////////////////////////////////////////////
+
+ #if !defined(SK_CPU_BENDIAN) && !defined(SK_CPU_LENDIAN)
+- #if defined(__sparc) || defined(__sparc__) || \
++ #if defined(__BYTE_ORDER__) && (__BYTE_ORDER__ == __ORDER_BIG_ENDIAN__)
++ #define SK_CPU_BENDIAN
++ #elif defined(__BYTE_ORDER__) && (__BYTE_ORDER__ == __ORDER_LITTLE_ENDIAN__)
++ #define SK_CPU_LENDIAN
++ #elif defined(__sparc) || defined(__sparc__) || \
+ defined(_POWER) || defined(__powerpc__) || \
+ defined(__ppc__) || defined(__hppa) || \
+ defined(__PPC__) || defined(__PPC64__) || \
+ defined(_MIPSEB) || defined(__ARMEB__) || \
+ defined(__s390__) || \
+ (defined(__sh__) && defined(__BIG_ENDIAN__)) || \
+ (defined(__ia64) && defined(__BIG_ENDIAN__))
+- #define SK_CPU_BENDIAN
++ #define SK_CPU_BENDIAN
+ #else
+ #define SK_CPU_LENDIAN
+ #endif
+ #endif
+
+ //////////////////////////////////////////////////////////////////////
+
+ #if defined(__i386) || defined(_M_IX86) || defined(__x86_64__) || defined(_M_X64)
+
--- a/series Tue Jan 24 22:19:01 2017 +0100
+++ b/series Sun Feb 12 08:42:06 2017 +0100
@@ -13,6 +13,8 @@
mozilla-skia-overflow.patch
mozilla-binutils-visibility.patch
mozilla-aarch64-startup-crash.patch
+mozilla-skia-ppc-endianess.patch
+mozilla-disable-skia-be.patch
# Firefox patches
firefox-kde.patch