# HG changeset patch # User Wolfgang Rosenauer # Date 1451552430 -3600 # Node ID 1d01621f95355c0e78300205802ad78088bd065c # Parent de3a92aed25980d8569aa02bd87751ded9b6f263# Parent 2b664b26b6b2a58c003238b5ac4b8fe9bd6eff7e merge from firefox43 branch diff -r de3a92aed259 -r 1d01621f9535 MozillaFirefox/MozillaFirefox.changes --- a/MozillaFirefox/MozillaFirefox.changes Mon Dec 14 00:04:31 2015 +0100 +++ b/MozillaFirefox/MozillaFirefox.changes Thu Dec 31 10:00:30 2015 +0100 @@ -1,12 +1,69 @@ ------------------------------------------------------------------- -Sun Dec 13 12:48:28 UTC 2015 - wr@rosenauer.org - -- update to Firefox 43.0b9 +Thu Dec 31 08:45:14 UTC 2015 - wr@rosenauer.org + +- prepare mozilla-kde.patch for Gtk3 builds + +------------------------------------------------------------------- +Tue Dec 29 20:29:35 UTC 2015 - wr@rosenauer.org + +- update to Firefox 43.0.3 + * requires NSS 3.20.2 to fix + MFSA 2015-150/CVE-2015-7575 (bmo#1158489) + MD5 signatures accepted within TLS 1.2 ServerKeyExchange in + server signature + * various changes to support Windows update (SHA-1 vs. SHA-2) + * workaround Youtube user agent detection issue (bmo#1233970) +- fix file download regression for multi user systems + (bmo#1233434) (mozilla-bmo1233434.patch) +- explicitely requires libXcomposite-devel + +------------------------------------------------------------------- +Sun Dec 13 23:07:56 UTC 2015 - wr@rosenauer.org + +- update to Firefox 43.0 (bnc#959277) * Improved API support for m4v video playback * Users can opt-in to receive search suggestions from the Awesome Bar * WebRTC streaming on multiple monitors * User selectable second block list for Private Browsing's Tracking Protection + security fixes: + * MFSA 2015-134/CVE-2015-7201/CVE-2015-7202 + Miscellaneous memory safety hazards + * MFSA 2015-135/CVE-2015-7204 (bmo#1216130) + Crash with JavaScript variable assignment with unboxed objects + * MFSA 2015-136/CVE-2015-7207 (bmo#1185256) + Same-origin policy violation using perfomance.getEntries and + history navigation + * MFSA 2015-137/CVE-2015-7208 (bmo#1191423) + Firefox allows for control characters to be set in cookies + * MFSA 2015-138/CVE-2015-7210 (bmo#1218326) + Use-after-free in WebRTC when datachannel is used after being + destroyed + * MFSA 2015-139/CVE-2015-7212 (bmo#1222809) + Integer overflow allocating extremely large textures + * MFSA 2015-140/CVE-2015-7215 (bmo#1160890) + Cross-origin information leak through web workers error events + * MFSA 2015-141/CVE-2015-7211 (bmo#1221444) + Hash in data URI is incorrectly parsed + * MFSA 2015-142/CVE-2015-7218/CVE-2015-7219 (bmo#1194818, bmo#1194820) + DOS due to malformed frames in HTTP/2 + * MFSA 2015-143/CVE-2015-7216/CVE-2015-7217 (bmo#1197059, bmo#1203078) + Linux file chooser crashes on malformed images due to flaws in + Jasper library + * MFSA 2015-144/CVE-2015-7203/CVE-2015-7220/CVE-2015-7221 + (bmo#1201183, bmo#1178033, bmo#1199400) + Buffer overflows found through code inspection + * MFSA 2015-145/CVE-2015-7205 (bmo#1220493) + Underflow through code inspection + * MFSA 2015-146/CVE-2015-7213 (bmo#1206211) + Integer overflow in MP4 playback in 64-bit versions + * MFSA 2015-147/CVE-2015-7222 (bmo#1216748) + Integer underflow and buffer overflow processing MP4 metadata in + libstagefright + * MFSA 2015-148/CVE-2015-7223 (bmo#1226423) + Privilege escalation vulnerabilities in WebExtension APIs + * MFSA 2015-149/CVE-2015-7214 (bmo#1228950) + Cross-site reading attack through data and view-source URIs - rebased patches ------------------------------------------------------------------- diff -r de3a92aed259 -r 1d01621f9535 MozillaFirefox/MozillaFirefox.spec --- a/MozillaFirefox/MozillaFirefox.spec Mon Dec 14 00:04:31 2015 +0100 +++ b/MozillaFirefox/MozillaFirefox.spec Thu Dec 31 10:00:30 2015 +0100 @@ -18,10 +18,10 @@ # changed with every update -%define major 42 +%define major 43 %define mainver %major.99 %define update_channel beta -%define releasedate 2015120300 +%define releasedate 2015123000 # general build definitions %if "%{update_channel}" != "aurora" @@ -69,6 +69,7 @@ BuildRequires: dbus-1-glib-devel BuildRequires: fdupes BuildRequires: gcc-c++ +BuildRequires: libXcomposite-devel BuildRequires: libcurl-devel BuildRequires: libgnomeui-devel BuildRequires: libidl-devel @@ -76,8 +77,8 @@ BuildRequires: libnotify-devel BuildRequires: libproxy-devel BuildRequires: makeinfo -BuildRequires: mozilla-nspr-devel >= 4.10.10 -BuildRequires: mozilla-nss-devel >= 3.19.4 +BuildRequires: mozilla-nspr-devel >= 4.11 +BuildRequires: mozilla-nss-devel >= 3.21 BuildRequires: nss-shared-helper-devel BuildRequires: python-devel BuildRequires: startup-notification-devel @@ -90,6 +91,17 @@ BuildRequires: pkgconfig(gstreamer-app-%gstreamer_ver) BuildRequires: pkgconfig(gstreamer-plugins-base-%gstreamer_ver) BuildRequires: pkgconfig(libpulse) +# libavcodec is already used if available for H.264 but +# explicitely loaded by FF. For proper H.264 support the +# openSUSE delivered version is not sufficient but currently +# prevents even the use of the GStreamer method +# https://bugzilla.mozilla.org/show_bug.cgi?id=1234157 +# to get H.264 working correctly libavcodec from packman +# is required. As of today the following recommends will +# pull in libavcodec52 from packman since it's the only +# package providing libavcodec but it's not loaded from +# Firefox as the minimal version is 53 +#Recommends: libavcodec %if 0%{?gstreamer} == 1 Requires: libgstreamer-1_0-0 Recommends: gstreamer-fluendo-mp3 @@ -147,6 +159,7 @@ Patch8: mozilla-openaes-decl.patch Patch10: mozilla-no-stdcxx-check.patch Patch11: mozilla-libproxy.patch +Patch12: mozilla-bmo1233434.patch # Firefox/browser Patch101: firefox-kde.patch Patch102: firefox-no-default-ualocale.patch @@ -256,6 +269,7 @@ %patch8 -p1 %patch10 -p1 %patch11 -p1 +%patch12 -p1 # Firefox %patch101 -p1 %patch102 -p1 @@ -308,6 +322,9 @@ ac_add_options --mandir=%{_mandir} ac_add_options --includedir=%{_includedir} ac_add_options --enable-release +%if 0%{?suse_version} > 1320 +#ac_add_options --enable-default-toolkit=cairo-gtk3 +%endif %ifarch %ix86 %arm %if 0%{?suse_version} > 1230 ac_add_options --disable-optimize @@ -556,6 +573,10 @@ %{progdir}/components/ %{progdir}/defaults/ %{progdir}/dictionaries/ +%if 0%{?suse_version} > 1320 +#%dir %{progdir}/gtk2 +%{progdir}/gtk2/libmozgtk.so +%endif %{progdir}/webapprt/ %{progdir}/gmp-clearkey/ %attr(755,root,root) %{progdir}/%{progname}.sh diff -r de3a92aed259 -r 1d01621f9535 MozillaFirefox/create-tar.sh --- a/MozillaFirefox/create-tar.sh Mon Dec 14 00:04:31 2015 +0100 +++ b/MozillaFirefox/create-tar.sh Thu Dec 31 10:00:30 2015 +0100 @@ -2,8 +2,8 @@ CHANNEL="beta" BRANCH="releases/mozilla-$CHANNEL" -RELEASE_TAG="FIREFOX_43_0b9_RELEASE" -VERSION="42.99" +RELEASE_TAG="FIREFOX_44_0b4_RELEASE" +VERSION="43.99" # mozilla if [ -d mozilla ]; then diff -r de3a92aed259 -r 1d01621f9535 MozillaFirefox/mozilla-bmo1005535.patch --- a/MozillaFirefox/mozilla-bmo1005535.patch Mon Dec 14 00:04:31 2015 +0100 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,1 +0,0 @@ -../mozilla-bmo1005535.patch \ No newline at end of file diff -r de3a92aed259 -r 1d01621f9535 MozillaFirefox/mozilla-bmo1233434.patch --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/MozillaFirefox/mozilla-bmo1233434.patch Thu Dec 31 10:00:30 2015 +0100 @@ -0,0 +1,1 @@ +../mozilla-bmo1233434.patch \ No newline at end of file diff -r de3a92aed259 -r 1d01621f9535 mozilla-bmo1005535.patch --- a/mozilla-bmo1005535.patch Mon Dec 14 00:04:31 2015 +0100 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,152 +0,0 @@ -# HG changeset patch -# Parent b7eb1ce0237d6125b75bc8ff1cb3afc328d6e78c -# User Steve Singer -# Parent 4e6bb9847daccf128ad3eab9be087ef63f9b974c -Bug 1005535 - Get skia GPU building on big endian. - -diff --git a/configure.in b/configure.in ---- a/configure.in -+++ b/configure.in -@@ -8208,21 +8208,21 @@ dnl Skia - dnl ======================================================== - if test "$MOZ_ENABLE_SKIA"; then - AC_DEFINE(MOZ_ENABLE_SKIA) - AC_DEFINE(USE_SKIA) - if test "${MOZ_WIDGET_TOOLKIT}" = "android" -o x"$MOZ_WIDGET_TOOLKIT" = x"gonk"; then - AC_DEFINE(SK_BUILD_FOR_ANDROID_NDK) - fi - -- if test "${CPU_ARCH}" != "ppc" -a "${CPU_ARCH}" != "ppc64" -a "${CPU_ARCH}" != "sparc" -a -z "$MOZ_DISABLE_SKIA_GPU" ; then -+ #if test "${CPU_ARCH}" != "ppc" -a "${CPU_ARCH}" != "ppc64" -a "${CPU_ARCH}" != "sparc" -a -z "$MOZ_DISABLE_SKIA_GPU" ; then - MOZ_ENABLE_SKIA_GPU=1 - AC_DEFINE(USE_SKIA_GPU) - AC_SUBST(MOZ_ENABLE_SKIA_GPU) -- fi -+ #fi - fi - AC_SUBST(MOZ_ENABLE_SKIA) - - dnl ======================================================== - dnl Check for nss-shared-helper - dnl ======================================================== - - PKG_CHECK_MODULES(NSSHELPER, nss-shared-helper, -diff --git a/gfx/skia/trunk/include/config/SkUserConfig.h b/gfx/skia/trunk/include/config/SkUserConfig.h ---- a/gfx/skia/trunk/include/config/SkUserConfig.h -+++ b/gfx/skia/trunk/include/config/SkUserConfig.h -@@ -192,16 +192,17 @@ - - #if defined(SK_CPU_ARM32) || defined(SK_CPU_ARM64) - # define SK_BARRIERS_PLATFORM_H "skia/SkBarriers_arm.h" - #else - # define SK_BARRIERS_PLATFORM_H "skia/SkBarriers_x86.h" - #endif - - // On all platforms we have this byte order -+ - #define SK_A32_SHIFT 24 - #define SK_R32_SHIFT 16 - #define SK_G32_SHIFT 8 - #define SK_B32_SHIFT 0 - - #define SK_ALLOW_STATIC_GLOBAL_INITIALIZERS 0 - - #define SK_SUPPORT_LEGACY_GETDEVICE -diff --git a/gfx/skia/trunk/include/core/SkColorPriv.h b/gfx/skia/trunk/include/core/SkColorPriv.h ---- a/gfx/skia/trunk/include/core/SkColorPriv.h -+++ b/gfx/skia/trunk/include/core/SkColorPriv.h -@@ -27,37 +27,27 @@ - * For easier compatibility with Skia's GPU backend, we further restrict these - * to either (in memory-byte-order) RGBA or BGRA. Note that this "order" does - * not directly correspond to the same shift-order, since we have to take endianess - * into account. - * - * Here we enforce this constraint. - */ - --#ifdef SK_CPU_BENDIAN -- #define SK_RGBA_R32_SHIFT 24 -- #define SK_RGBA_G32_SHIFT 16 -- #define SK_RGBA_B32_SHIFT 8 -- #define SK_RGBA_A32_SHIFT 0 - -- #define SK_BGRA_B32_SHIFT 24 -- #define SK_BGRA_G32_SHIFT 16 -- #define SK_BGRA_R32_SHIFT 8 -- #define SK_BGRA_A32_SHIFT 0 --#else - #define SK_RGBA_R32_SHIFT 0 - #define SK_RGBA_G32_SHIFT 8 - #define SK_RGBA_B32_SHIFT 16 - #define SK_RGBA_A32_SHIFT 24 - - #define SK_BGRA_B32_SHIFT 0 - #define SK_BGRA_G32_SHIFT 8 - #define SK_BGRA_R32_SHIFT 16 - #define SK_BGRA_A32_SHIFT 24 --#endif -+ - - #if defined(SK_PMCOLOR_IS_RGBA) && defined(SK_PMCOLOR_IS_BGRA) - #error "can't define PMCOLOR to be RGBA and BGRA" - #endif - - #define LOCAL_PMCOLOR_SHIFTS_EQUIVALENT_TO_RGBA \ - (SK_A32_SHIFT == SK_RGBA_A32_SHIFT && \ - SK_R32_SHIFT == SK_RGBA_R32_SHIFT && \ -diff --git a/gfx/skia/trunk/include/core/SkImageInfo.h b/gfx/skia/trunk/include/core/SkImageInfo.h ---- a/gfx/skia/trunk/include/core/SkImageInfo.h -+++ b/gfx/skia/trunk/include/core/SkImageInfo.h -@@ -83,19 +83,20 @@ enum SkColorType { - - kLastEnum_SkColorType = kIndex_8_SkColorType, - - #if SK_PMCOLOR_BYTE_ORDER(B,G,R,A) - kN32_SkColorType = kBGRA_8888_SkColorType, - #elif SK_PMCOLOR_BYTE_ORDER(R,G,B,A) - kN32_SkColorType = kRGBA_8888_SkColorType, - #else --#error "SK_*32_SHFIT values must correspond to BGRA or RGBA byte order" -+ kN32_SkColorType = kBGRA_8888_SkColorType - #endif - -+ - #ifdef SK_SUPPORT_LEGACY_N32_NAME - kPMColor_SkColorType = kN32_SkColorType - #endif - }; - - static int SkColorTypeBytesPerPixel(SkColorType ct) { - static const uint8_t gSize[] = { - 0, // Unknown -diff --git a/gfx/skia/trunk/include/gpu/GrTypes.h b/gfx/skia/trunk/include/gpu/GrTypes.h ---- a/gfx/skia/trunk/include/gpu/GrTypes.h -+++ b/gfx/skia/trunk/include/gpu/GrTypes.h -@@ -304,25 +304,23 @@ enum GrPixelConfig { - * Byte order is r, g, b, a. This color format is 32 bits per channel - */ - kRGBA_float_GrPixelConfig, - kLast_GrPixelConfig = kRGBA_float_GrPixelConfig - }; - static const int kGrPixelConfigCnt = kLast_GrPixelConfig + 1; - - // Aliases for pixel configs that match skia's byte order. --#ifndef SK_CPU_LENDIAN -- #error "Skia gpu currently assumes little endian" --#endif -+ - #if SK_PMCOLOR_BYTE_ORDER(B,G,R,A) - static const GrPixelConfig kSkia8888_GrPixelConfig = kBGRA_8888_GrPixelConfig; - #elif SK_PMCOLOR_BYTE_ORDER(R,G,B,A) - static const GrPixelConfig kSkia8888_GrPixelConfig = kRGBA_8888_GrPixelConfig; - #else -- #error "SK_*32_SHIFT values must correspond to GL_BGRA or GL_RGBA format." -+ static const GrPixelConfig kSkia8888_GrPixelConfig = kBGRA_8888_GrPixelConfig; - #endif - - // Returns true if the pixel config is a GPU-specific compressed format - // representation. - static inline bool GrPixelConfigIsCompressed(GrPixelConfig config) { - switch (config) { - case kETC1_GrPixelConfig: - case kLATC_GrPixelConfig: diff -r de3a92aed259 -r 1d01621f9535 mozilla-bmo1233434.patch --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/mozilla-bmo1233434.patch Thu Dec 31 10:00:30 2015 +0100 @@ -0,0 +1,45 @@ + +# HG changeset patch +# User Aidin Gharibnavaz +# Date 1450550460 -12600 +# Node ID 07ec362866977f37e638fc88e3079621fd7aef96 +# Parent cb66ffeb6725e8344818e8e2f707ae2eaeb953b4 +Bug 1233434 - Fixing download failure on a multi-user GNU/Linux machine. r?bagder + +diff -r cb66ffeb6725 -r 07ec36286697 uriloader/exthandler/nsExternalHelperAppService.cpp +--- a/uriloader/exthandler/nsExternalHelperAppService.cpp Tue Dec 15 14:45:06 2015 +0100 ++++ b/uriloader/exthandler/nsExternalHelperAppService.cpp Sat Dec 19 22:11:00 2015 +0330 +@@ -416,12 +416,12 @@ + const char* userName = PR_GetEnv("USERNAME"); + if (!userName || !*userName) { + userName = PR_GetEnv("USER"); +- if (!userName || !*userName) { +- userName = PR_GetEnv("LOGNAME"); +- } +- else { +- userName = "mozillaUser"; +- } ++ } ++ if (!userName || !*userName) { ++ userName = PR_GetEnv("LOGNAME"); ++ } ++ if (!userName || !*userName) { ++ userName = "mozillaUser"; + } + + nsAutoString userDir; +@@ -447,7 +447,12 @@ + rv = finalPath->GetPermissions(&permissions); + NS_ENSURE_SUCCESS(rv, rv); + +- if (permissions == PR_IRWXU) { ++ // Ensuring the path is writable by the current user. ++ bool isWritable; ++ rv = finalPath->IsWritable(&isWritable); ++ NS_ENSURE_SUCCESS(rv, rv); ++ ++ if (permissions == PR_IRWXU && isWritable) { + dir = finalPath; + break; + } + diff -r de3a92aed259 -r 1d01621f9535 mozilla-kde.patch --- a/mozilla-kde.patch Mon Dec 14 00:04:31 2015 +0100 +++ b/mozilla-kde.patch Thu Dec 31 10:00:30 2015 +0100 @@ -1,5 +1,5 @@ # HG changeset patch -# Parent 1e6ab61ae64f601da61197f34ad145f54a400b1f +# Parent fc87d8519207c57c22fb5a01243722be530679fa Description: Add KDE integration to Firefox (toolkit parts) Author: Wolfgang Rosenauer Author: Lubos Lunak @@ -2503,12 +2503,12 @@ + } + + -+bool nsKDEUtils::commandBlockUi( const nsTArray& command, const GtkWindow* parent, nsTArray* output ) ++bool nsKDEUtils::commandBlockUi( const nsTArray& command, GtkWindow* parent, nsTArray* output ) + { + return self()->internalCommand( command, parent, true, output ); + } + -+bool nsKDEUtils::internalCommand( const nsTArray& command, const GtkWindow* parent, bool blockUi, ++bool nsKDEUtils::internalCommand( const nsTArray& command, GtkWindow* parent, bool blockUi, + nsTArray* output ) + { + if( !startHelper()) @@ -2524,8 +2524,8 @@ + { + data.loop = g_main_loop_new( NULL, FALSE ); + GtkWidget* window = gtk_window_new( GTK_WINDOW_TOPLEVEL ); -+ if( parent && parent->group ) -+ gtk_window_group_add_window( parent->group, GTK_WINDOW( window )); ++ if( parent && gtk_window_get_group(parent) ) ++ gtk_window_group_add_window( gtk_window_get_group(parent), GTK_WINDOW( window )); + gtk_widget_realize( window ); + gtk_widget_set_sensitive( window, TRUE ); + gtk_grab_add( window ); @@ -2678,7 +2678,7 @@ + /* Like command(), but additionally blocks the parent widget like if there was + a modal dialog shown and enters the event loop (i.e. there are still paint updates, + this is for commands that take long). */ -+ static bool commandBlockUi( const nsTArray& command, const GtkWindow* parent, nsTArray* output = NULL ); ++ static bool commandBlockUi( const nsTArray& command, GtkWindow* parent, nsTArray* output = NULL ); + + private: + nsKDEUtils(); @@ -2687,7 +2687,7 @@ + bool startHelper(); + void closeHelper(); + void feedCommand( const nsTArray& command ); -+ bool internalCommand( const nsTArray& command, const GtkWindow* parent, bool isParent, ++ bool internalCommand( const nsTArray& command, GtkWindow* parent, bool isParent, + nsTArray* output ); + FILE* commandFile; + FILE* replyFile; diff -r de3a92aed259 -r 1d01621f9535 series --- a/series Mon Dec 14 00:04:31 2015 +0100 +++ b/series Thu Dec 31 10:00:30 2015 +0100 @@ -12,6 +12,7 @@ #mozilla-bmo1005535.patch mozilla-no-stdcxx-check.patch mozilla-libproxy.patch +mozilla-bmo1233434.patch # Firefox patches firefox-kde.patch