# HG changeset patch # User Wolfgang Rosenauer # Date 1616877950 -3600 # Node ID c3d884659acfa5db542edc41729a4cf9b0b660d6 # Parent b8c834aafde27bdb303409cf36ffdc07a1792e89 Firefox 87.0 diff -r b8c834aafde2 -r c3d884659acf MozillaFirefox/MozillaFirefox.changes --- a/MozillaFirefox/MozillaFirefox.changes Wed Mar 17 12:24:14 2021 +0100 +++ b/MozillaFirefox/MozillaFirefox.changes Sat Mar 27 21:45:50 2021 +0100 @@ -1,9 +1,41 @@ ------------------------------------------------------------------- -Wed Mar 17 09:18:35 UTC 2021 - Wolfgang Rosenauer +Sat Mar 27 10:40:46 UTC 2021 - Manfred Hollstein + +- Switch to clang_build globally; just on TW/x86_64 it does not work + due to unreolved externals `__rust_probestack' - disable clang_build + then. +- useccache: Add conditionals to enable/disable ccache. + +------------------------------------------------------------------- +Tue Mar 23 16:42:19 UTC 2021 - Wolfgang Rosenauer - Mozilla Firefox 87.0 -- requires NSS 3.62 -- removed obsolete BigEndian ICU build workaround + * requires NSS 3.62 + * removed obsolete BigEndian ICU build workaround + * rebased patches + MFSA 2021-10 (bsc#1183942) + * CVE-2021-23981 (bmo#1692832) + Texture upload into an unbound backing buffer resulted in an + out-of-bound read + * CVE-2021-23982 (bmo#1677046) + Internal network hosts could have been probed by a malicious + webpage + * CVE-2021-23983 (bmo#1692684) + Transitions for invalid ::marker properties resulted in memory + corruption + * CVE-2021-23984 (bmo#1693664) + Malicious extensions could have spoofed popup information + * CVE-2021-23985 (bmo#1659129) + Devtools remote debugging feature could have been enabled + without indication to the user + * CVE-2021-23986 (bmo#1692623) + A malicious extension could have performed credential-less + same origin policy violations + * CVE-2021-23987 (bmo#1513519, bmo#1683439, bmo#1690169, + bmo#1690718) + Memory safety bugs fixed in Firefox 87 and Firefox ESR 78.9 + * CVE-2021-23988 (bmo#1684994, bmo#1686653) + Memory safety bugs fixed in Firefox 87 ------------------------------------------------------------------- Tue Mar 16 14:26:35 UTC 2021 - Martin Liška diff -r b8c834aafde2 -r c3d884659acf MozillaFirefox/MozillaFirefox.spec --- a/MozillaFirefox/MozillaFirefox.spec Wed Mar 17 12:24:14 2021 +0100 +++ b/MozillaFirefox/MozillaFirefox.spec Sat Mar 27 21:45:50 2021 +0100 @@ -44,13 +44,23 @@ %define do_profiling 0 # upstream default is clang (to use gcc for large parts set to 0) -%define clang_build 0 +%define clang_build 1 +%if 0%{?is_opensuse} && 0%{?suse_version} >= 1550 +%ifarch x86_64 +# on Tumbleweed/x86_64 this does not work due to undefined +# references to `__rust_probestack' +%define clang_build 0 +%endif +%endif # PIE, full relro %define build_hardened 1 %bcond_with only_print_mozconfig +# define if ccache should be used or not +%define useccache 1 + # Firefox only supports i686 %ifarch %ix86 ExclusiveArch: i586 i686 @@ -96,7 +106,9 @@ BuildRequires: gcc-c++ %endif BuildRequires: cargo >= 1.47 +%if 0%{useccache} != 0 BuildRequires: ccache +%endif BuildRequires: libXcomposite-devel BuildRequires: libcurl-devel BuildRequires: libidl-devel @@ -455,7 +467,9 @@ #%endif ac_add_options --with-system-nspr ac_add_options --with-system-nss +%if 0%{useccache} != 0 ac_add_options --with-ccache +%endif %if %{localize} ac_add_options --with-l10n-base=$RPM_BUILD_DIR/l10n %endif @@ -505,7 +519,9 @@ %endif EOF %if !%{with only_print_mozconfig} +%if 0%{useccache} != 0 ccache -s +%endif %if 0%{?do_profiling} xvfb-run --server-args="-screen 0 1920x1080x24" \ %endif @@ -560,8 +576,10 @@ ' -- {} %endif +%if 0%{useccache} != 0 ccache -s %endif +%endif %install cd $RPM_BUILD_DIR/obj diff -r b8c834aafde2 -r c3d884659acf MozillaFirefox/tar_stamps --- a/MozillaFirefox/tar_stamps Wed Mar 17 12:24:14 2021 +0100 +++ b/MozillaFirefox/tar_stamps Sat Mar 27 21:45:50 2021 +0100 @@ -7,5 +7,5 @@ #SKIP_LOCALES="" # Uncomment to skip l10n and compare-locales-generation RELEASE_REPO="https://hg.mozilla.org/releases/mozilla-release" -RELEASE_TAG="7b73c14202a39e440f8eddd9b48ecf17b7b59eee" -RELEASE_TIMESTAMP="20210315170302" +RELEASE_TAG="bb9bf7e886787222b18094a4723949a29b4d329a" +RELEASE_TIMESTAMP="20210318103112" diff -r b8c834aafde2 -r c3d884659acf firefox-kde.patch --- a/firefox-kde.patch Wed Mar 17 12:24:14 2021 +0100 +++ b/firefox-kde.patch Sat Mar 27 21:45:50 2021 +0100 @@ -3,7 +3,7 @@ # Date 1559300151 -7200 # Fri May 31 12:55:51 2019 +0200 # Node ID 54d41b0033b8d649d842a1f862c6fed8b9874dec -# Parent 8310cc1a162e9dd066a20f6a3bbd271993b67fc6 +# Parent 856ef9c699423b1cd35e4df8745e78c409c8dbae How to apply this patch: 1. Import and apply it 2. cp browser/base/content/browser.xul browser/base/content/browser-kde.xul @@ -14,7 +14,7 @@ diff --git a/browser/components/preferences/main.js b/browser/components/preferences/main.js --- a/browser/components/preferences/main.js +++ b/browser/components/preferences/main.js -@@ -347,16 +347,23 @@ var gMainPane = { +@@ -338,16 +338,23 @@ var gMainPane = { }, backoffTimes[this._backoffIndex + 1 < backoffTimes.length ? this._backoffIndex++ : backoffTimes.length - 1]); }; @@ -38,7 +38,7 @@ ); let performanceSettingsUrl = Services.urlFormatter.formatURLPref("app.support.baseURL") + -@@ -1326,16 +1333,27 @@ var gMainPane = { +@@ -1313,16 +1320,27 @@ var gMainPane = { this._backoffIndex = 0; let shellSvc = getShellService(); @@ -63,9 +63,9 @@ return; } - let selectedIndex = shellSvc.isDefaultBrowser(false, true) ? 1 : 0; - document.getElementById("setDefaultPane").selectedIndex = selectedIndex; - } + let isDefault = shellSvc.isDefaultBrowser(false, true); + let setDefaultPane = document.getElementById("setDefaultPane"); + setDefaultPane.classList.toggle("is-default", isDefault); diff --git a/browser/components/shell/moz.build b/browser/components/shell/moz.build --- a/browser/components/shell/moz.build +++ b/browser/components/shell/moz.build diff -r b8c834aafde2 -r c3d884659acf mozilla-kde.patch --- a/mozilla-kde.patch Wed Mar 17 12:24:14 2021 +0100 +++ b/mozilla-kde.patch Sat Mar 27 21:45:50 2021 +0100 @@ -3,7 +3,7 @@ # Date 1559294891 -7200 # Fri May 31 11:28:11 2019 +0200 # Node ID c2aa7198fb925e7fde96abf65b6f68b9b755f112 -# Parent 4b9aa59b15c3247d263cc32804786b3a6bff7912 +# Parent 929fbcb071c2e1ff551c73e8c364e9c1f4495171 Description: Add KDE integration to Firefox (toolkit parts) Author: Wolfgang Rosenauer Author: Lubos Lunak @@ -13,15 +13,15 @@ diff --git a/modules/libpref/Preferences.cpp b/modules/libpref/Preferences.cpp --- a/modules/libpref/Preferences.cpp +++ b/modules/libpref/Preferences.cpp -@@ -82,16 +82,17 @@ - #include "nsXPCOM.h" - #include "nsXULAppAPI.h" - #include "nsZipArchive.h" +@@ -84,16 +84,17 @@ #include "plbase64.h" #include "PLDHashTable.h" #include "plstr.h" #include "prlink.h" #include "xpcpublic.h" + #ifdef MOZ_BACKGROUNDTASKS + # include "mozilla/BackgroundTasks.h" + #endif +#include "nsKDEUtils.h" #ifdef DEBUG @@ -31,7 +31,7 @@ #ifdef MOZ_MEMORY # include "mozmemory.h" #endif -@@ -4459,25 +4460,37 @@ nsresult Preferences::InitInitialObjects +@@ -4573,25 +4574,37 @@ nsresult Preferences::InitInitialObjects // application pref files for backwards compatibility. static const char* specialFiles[] = { #if defined(XP_MACOSX) @@ -69,7 +69,7 @@ // Load jar:$app/omni.jar!/defaults/preferences/*.js // or jar:$gre/omni.jar!/defaults/preferences/*.js. -@@ -4523,17 +4536,17 @@ nsresult Preferences::InitInitialObjects +@@ -4656,17 +4669,17 @@ nsresult Preferences::InitInitialObjects } nsCOMPtr path = do_QueryInterface(elem); @@ -91,7 +91,7 @@ diff --git a/modules/libpref/moz.build b/modules/libpref/moz.build --- a/modules/libpref/moz.build +++ b/modules/libpref/moz.build -@@ -116,16 +116,20 @@ EXPORTS.mozilla += [ +@@ -117,16 +117,20 @@ EXPORTS.mozilla += [ ] EXPORTS.mozilla += sorted(["!" + g for g in gen_h]) @@ -115,8 +115,7 @@ diff --git a/python/mozbuild/mozpack/chrome/flags.py b/python/mozbuild/mozpack/chrome/flags.py --- a/python/mozbuild/mozpack/chrome/flags.py +++ b/python/mozbuild/mozpack/chrome/flags.py -@@ -228,16 +228,17 @@ class Flags(OrderedDict): - "contentaccessible": Flag, +@@ -229,16 +229,17 @@ class Flags(OrderedDict): "os": StringFlag, "osversion": VersionFlag, "abi": StringFlag, @@ -124,7 +123,8 @@ "xpcnativewrappers": Flag, "tablet": Flag, "process": StringFlag, -+ "desktop": StringFlag, + "backgroundtask": StringFlag, ++ "desktop": StringFlag, } RE = re.compile(r"([!<>=]+)") @@ -136,8 +136,7 @@ diff --git a/python/mozbuild/mozpack/chrome/manifest.py b/python/mozbuild/mozpack/chrome/manifest.py --- a/python/mozbuild/mozpack/chrome/manifest.py +++ b/python/mozbuild/mozpack/chrome/manifest.py -@@ -38,16 +38,17 @@ class ManifestEntry(object): - "platformversion", +@@ -39,16 +39,17 @@ class ManifestEntry(object): "os", "osversion", "abi", @@ -145,6 +144,7 @@ "tablet", "process", "contentaccessible", + "backgroundtask", + "desktop", ] @@ -175,7 +175,7 @@ diff --git a/toolkit/mozapps/downloads/HelperAppDlg.jsm b/toolkit/mozapps/downloads/HelperAppDlg.jsm --- a/toolkit/mozapps/downloads/HelperAppDlg.jsm +++ b/toolkit/mozapps/downloads/HelperAppDlg.jsm -@@ -1243,36 +1243,66 @@ nsUnknownContentTypeDialog.prototype = { +@@ -1231,36 +1231,66 @@ nsUnknownContentTypeDialog.prototype = { params.handlerApp && params.handlerApp.executable && params.handlerApp.executable.isFile() @@ -356,7 +356,7 @@ diff --git a/toolkit/xre/moz.build b/toolkit/xre/moz.build --- a/toolkit/xre/moz.build +++ b/toolkit/xre/moz.build -@@ -91,17 +91,19 @@ elif CONFIG["MOZ_WIDGET_TOOLKIT"] == "co +@@ -92,17 +92,19 @@ elif CONFIG["MOZ_WIDGET_TOOLKIT"] == "co "../components/printingui", ] elif CONFIG["MOZ_WIDGET_TOOLKIT"] == "uikit": @@ -1214,7 +1214,7 @@ #include "nsIFileStreams.h" #include "nsILineInputStream.h" #include "nsIFile.h" -@@ -1019,17 +1019,17 @@ nsresult nsOSHelperAppService::GetHandle +@@ -1020,17 +1020,17 @@ nsresult nsOSHelperAppService::GetHandle nsresult nsOSHelperAppService::OSProtocolHandlerExists( const char* aProtocolScheme, bool* aHandlerExists) { @@ -1233,7 +1233,7 @@ nsCOMPtr handlerSvc = do_GetService(NS_HANDLERSERVICE_CONTRACTID, &rv); if (NS_SUCCEEDED(rv) && handlerSvc) { -@@ -1039,17 +1039,17 @@ nsresult nsOSHelperAppService::OSProtoco +@@ -1040,17 +1040,17 @@ nsresult nsOSHelperAppService::OSProtoco } return rv; @@ -1252,7 +1252,7 @@ NS_IMETHODIMP nsOSHelperAppService::IsCurrentAppOSDefaultForProtocol( const nsACString& aScheme, bool* _retval) { -@@ -1136,17 +1136,17 @@ already_AddRefed nsOSHel +@@ -1137,17 +1137,17 @@ already_AddRefed nsOSHel nsresult rv = LookUpTypeAndDescription(NS_ConvertUTF8toUTF16(aFileExt), majorType, minorType, mime_types_description, true); @@ -1271,7 +1271,7 @@ rv = LookUpTypeAndDescription(NS_ConvertUTF8toUTF16(aFileExt), majorType, minorType, mime_types_description, false); -@@ -1247,17 +1247,17 @@ already_AddRefed nsOSHel +@@ -1248,17 +1248,17 @@ already_AddRefed nsOSHel // Now look up our extensions nsAutoString extensions, mime_types_description; @@ -1293,7 +1293,7 @@ diff --git a/widget/gtk/moz.build b/widget/gtk/moz.build --- a/widget/gtk/moz.build +++ b/widget/gtk/moz.build -@@ -138,16 +138,17 @@ FINAL_LIBRARY = "xul" +@@ -137,16 +137,17 @@ FINAL_LIBRARY = "xul" LOCAL_INCLUDES += [ "/layout/base", @@ -1685,7 +1685,7 @@ diff --git a/xpcom/components/ManifestParser.cpp b/xpcom/components/ManifestParser.cpp --- a/xpcom/components/ManifestParser.cpp +++ b/xpcom/components/ManifestParser.cpp -@@ -34,16 +34,17 @@ +@@ -38,16 +38,17 @@ #include "nsTextFormatter.h" #include "nsVersionComparator.h" #include "nsXPCOMCIDInternal.h" @@ -1703,7 +1703,7 @@ int argc; bool ischrome; -@@ -393,16 +394,17 @@ void ParseManifest(NSLocationType aType, +@@ -397,16 +398,17 @@ void ParseManifest(NSLocationType aType, constexpr auto kRemoteEnabled = u"remoteenabled"_ns; constexpr auto kRemoteRequired = u"remoterequired"_ns; constexpr auto kApplication = u"application"_ns; @@ -1717,11 +1717,11 @@ #if defined(MOZ_WIDGET_ANDROID) constexpr auto kTablet = u"tablet"_ns; #endif - - constexpr auto kMain = u"main"_ns; - constexpr auto kContent = u"content"_ns; - -@@ -448,39 +450,44 @@ void ParseManifest(NSLocationType aType, + // You might expect this to be guarded by MOZ_BACKGROUNDTASKS, but it's not + // possible to have conditional manifest contents, so we need to recognize and + // discard these tokens even when MOZ_BACKGROUNDTASKS is not set. + constexpr auto kBackgroundTask = u"backgroundtask"_ns; +@@ -456,39 +458,44 @@ void ParseManifest(NSLocationType aType, CopyUTF8toUTF16(s, abi); abi.Insert(char16_t('_'), 0); abi.Insert(osTarget, 0); @@ -1766,13 +1766,13 @@ process = kMain; } -@@ -567,25 +574,27 @@ void ParseManifest(NSLocationType aType, - TriState stOsVersion = eUnspecified; - TriState stOs = eUnspecified; - TriState stABI = eUnspecified; - TriState stProcess = eUnspecified; - #if defined(MOZ_WIDGET_ANDROID) - TriState stTablet = eUnspecified; +@@ -583,25 +590,27 @@ void ParseManifest(NSLocationType aType, + // When in background task mode, default to not registering + // category directivies unless backgroundtask=1 is specified. + TriState stBackgroundTask = (BackgroundTasks::IsBackgroundTaskMode() && + strcmp("category", directive->directive) == 0) + ? eBad + : eUnspecified; #endif int flags = 0; + TriState stDesktop = eUnspecified; @@ -1794,7 +1794,7 @@ continue; } -@@ -622,17 +631,17 @@ void ParseManifest(NSLocationType aType, +@@ -650,17 +659,17 @@ void ParseManifest(NSLocationType aType, } LogMessageWithContext( @@ -1808,11 +1808,11 @@ #ifdef MOZ_WIDGET_ANDROID stTablet == eBad || #endif + #ifdef MOZ_BACKGROUNDTASKS + stBackgroundTask == eBad || + #endif stABI == eBad || stProcess == eBad) { continue; - } - - if (directive->regfunc) { diff --git a/xpcom/components/moz.build b/xpcom/components/moz.build --- a/xpcom/components/moz.build +++ b/xpcom/components/moz.build @@ -1833,7 +1833,7 @@ if CONFIG["MOZ_ENABLE_DBUS"]: CXXFLAGS += CONFIG["MOZ_DBUS_GLIB_CFLAGS"] - include("/ipc/chromium/chromium-config.mozbuild") + if CONFIG["MOZ_BACKGROUNDTASKS"]: diff --git a/xpcom/io/nsLocalFileUnix.cpp b/xpcom/io/nsLocalFileUnix.cpp --- a/xpcom/io/nsLocalFileUnix.cpp +++ b/xpcom/io/nsLocalFileUnix.cpp @@ -1855,7 +1855,7 @@ # include "prmem.h" # include "plbase64.h" -@@ -1968,62 +1969,77 @@ nsLocalFile::SetPersistentDescriptor(con +@@ -2001,62 +2002,77 @@ nsLocalFile::SetPersistentDescriptor(con NS_IMETHODIMP nsLocalFile::Reveal() {