# HG changeset patch # User Wolfgang Rosenauer # Date 1576631808 -3600 # Node ID d6a688186de0b31fbaff66c62e1f6c8603e0d8c1 # Parent 52b1745787cf1565d8be4ae1c6ef85f3390bc20c beta -> release diff -r 52b1745787cf -r d6a688186de0 MozillaFirefox/MozillaFirefox.changes --- a/MozillaFirefox/MozillaFirefox.changes Mon Nov 25 08:41:45 2019 +0100 +++ b/MozillaFirefox/MozillaFirefox.changes Wed Dec 18 02:16:48 2019 +0100 @@ -1,7 +1,36 @@ ------------------------------------------------------------------- -Tue Nov 19 09:30:19 UTC 2019 - Wolfgang Rosenauer - -- Mozilla Firefox 71.0b11 +Mon Dec 2 08:24:05 UTC 2019 - Wolfgang Rosenauer + +- Mozilla Firefox 71.0 + * Improvements to Lockwise, our integrated password manager + * More information about Enhanced Tracking Protection in action + * Native MP3 decoding on Windows, Linux, and macOS + * Configuration page (about:config) reimplemented in HTML + * New kiosk mode functionality, which allows maximum screen space + for customer-facing displays + MFSA 2019-36 + * CVE-2019-11756 (bmo#1508776) + Use-after-free of SFTKSession object + * CVE-2019-17008 (bmo#1546331) + Use-after-free in worker destruction + * CVE-2019-13722 (bmo#1580156) (Windows only) + Stack corruption due to incorrect number of arguments in WebRTC code + * CVE-2019-17014 (bmo#1322864) + Dragging and dropping a cross-origin resource, incorrectly loaded + as an image, could result in information disclosure + * CVE-2019-17010 (bmo#1581084) + Use-after-free when performing device orientation checks + * CVE-2019-17005 (bmo#1584170) + Buffer overflow in plain text serializer + * CVE-2019-17011 (bmo#1591334) + Use-after-free when retrieving a document in antitracking + * CVE-2019-17012 (bmo#1449736, bmo#1533957, bmo#1560667, bmo#1567209 + bmo#1580288, bmo#1585760, bmo#1592502) + Memory safety bugs fixed in Firefox 71 and Firefox ESR 68.3 + * CVE-2019-17013 (bmo#1298509, bmo#1472328, bmo#1577439, bmo#1577937 + bmo#1580320, bmo#1584195, bmo#1585106, bmo#1586293, bmo#1593865 + bmo#1594181) + Memory safety bugs fixed in Firefox 71 - requires NSPR >= 4.23 NSS >= 3.47.1 @@ -12,6 +41,13 @@ - removed obsolete patches mozilla-bmo1511604.patch mozilla-openaes-decl.patch +- changed locale building procedure + * removed obsolete compare-locales.tar.xz +- added mozilla-gcc9-lto.patch to fix LTO builds with gcc9 but also + switched from gcc to clang for now since gcc builds are broken + in some ways (bmo#1601707, boo#1158466) +- added mozilla-bmo849632.patch to fix big endian issues in skia + used for WebGL ------------------------------------------------------------------- Fri Nov 1 14:16:39 UTC 2019 - Wolfgang Rosenauer diff -r 52b1745787cf -r d6a688186de0 MozillaFirefox/MozillaFirefox.spec --- a/MozillaFirefox/MozillaFirefox.spec Mon Nov 25 08:41:45 2019 +0100 +++ b/MozillaFirefox/MozillaFirefox.spec Wed Dec 18 02:16:48 2019 +0100 @@ -1,7 +1,7 @@ # # spec file for package MozillaFirefox # -# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2019 SUSE LLC # 2006-2019 Wolfgang Rosenauer # # All modifications and additions to the file contributed by third parties @@ -18,16 +18,16 @@ # changed with every update -%define major 70 -%define mainver %major.99 +%define major 71 +%define mainver %major.0 %define orig_version 71.0 -%define orig_suffix b11 -%define update_channel beta +%define orig_suffix %{nil} +%define update_channel release %define branding 1 %define devpkg 1 # always build with GCC as SUSE Security Team requires that -%define clang_build 0 +%define clang_build 1 # PIE, full relro %define build_hardened 1 @@ -137,7 +137,7 @@ Summary: Mozilla %{appname} Web Browser License: MPL-2.0 Group: Productivity/Networking/Web/Browsers -Url: http://www.mozilla.org/ +URL: http://www.mozilla.org/ %if !%{with only_print_mozconfig} Source: http://ftp.mozilla.org/pub/%{srcname}/releases/%{version}%{orig_suffix}/source/%{srcname}-%{orig_version}%{orig_suffix}.source.tar.xz Source1: MozillaFirefox.desktop @@ -147,11 +147,10 @@ Source7: l10n-%{orig_version}%{orig_suffix}.tar.xz Source8: firefox-mimeinfo.xml Source9: firefox.js -Source10: compare-locales.tar.xz Source11: firefox.1 Source12: mozilla-get-app-id Source13: spellcheck.js -Source14: https://github.com/openSUSE/firefox-scripts/raw/04d38e104a6ecdea33442755282688e8090ffa66/create-tar.sh +Source14: https://github.com/openSUSE/firefox-scripts/raw/d414e38/create-tar.sh Source15: firefox-appdata.xml Source16: %{name}.changes # Set up API keys, see http://www.chromium.org/developers/how-tos/api-keys @@ -184,6 +183,7 @@ Patch20: mozilla-fix-top-level-asm.patch Patch21: mozilla-bmo1504834-part4.patch Patch22: mozilla-bmo849632.patch +Patch23: mozilla-gcc9-lto.patch # Firefox/browser Patch101: firefox-kde.patch Patch102: firefox-branded-icons.patch @@ -290,7 +290,7 @@ exit 1 fi -%setup -q -n %{srcname}-%{orig_version} -b 7 -b 10 +%setup -q -n %{srcname}-%{orig_version} -b 7 %else %setup -q -n %{srcname}-%{orig_version} %endif @@ -319,6 +319,7 @@ %patch20 -p1 %patch21 -p1 %patch22 -p1 +%patch23 -p1 # Firefox %patch101 -p1 %patch102 -p1 @@ -471,6 +472,31 @@ xvfb-run --server-args="-screen 0 1920x1080x24" \ %endif ./mach build -v + +# build additional locales +%if %localize +mkdir -p %{buildroot}%{progdir}/browser/extensions +truncate -s 0 %{_tmppath}/translations.{common,other} +sed -r '/^(ja-JP-mac|en-US|)$/d;s/ .*$//' $RPM_BUILD_DIR/%{srcname}-%{orig_version}/browser/locales/shipped-locales \ + | xargs -n 1 -I {} /bin/sh -c ' + locale=$1 + ./mach build langpack-$locale + cp -rL ../obj/dist/xpi-stage/locale-$locale \ + %{buildroot}%{progdir}/browser/extensions/langpack-$locale@firefox.mozilla.org + # remove prefs, profile defaults, and hyphenation from langpack + rm -rf %{buildroot}%{progdir}/browser/extensions/langpack-$locale@firefox.mozilla.org/defaults + rm -rf %{buildroot}%{progdir}/browser/extensions/langpack-$locale@firefox.mozilla.org/hyphenation + # check against the fixed common list and sort into the right filelist + _matched=0 + for _match in ar ca cs da de el en-GB es-AR es-CL es-ES fi fr hu it ja ko nb-NO nl pl pt-BR pt-PT ru sv-SE zh-CN zh-TW; do + [ "$_match" = "$locale" ] && _matched=1 + done + [ $_matched -eq 1 ] && _l10ntarget=common || _l10ntarget=other + echo %{progdir}/browser/extensions/langpack-$locale@firefox.mozilla.org \ + >> %{_tmppath}/translations.$_l10ntarget +' -- {} +%endif + %endif # only_print_mozconfig %install @@ -499,35 +525,7 @@ install -m 644 %{SOURCE13} %{buildroot}%{progdir}/defaults/pref/ # install browser prefs install -m 644 %{SOURCE9} %{buildroot}%{progdir}/browser/defaults/preferences/firefox.js -# build additional locales -%if %localize -mkdir -p %{buildroot}%{progdir}/browser/extensions -truncate -s 0 %{_tmppath}/translations.{common,other} -sed -r '/^(ja-JP-mac|en-US|)$/d;s/ .*$//' $RPM_BUILD_DIR/%{srcname}-%{orig_version}/browser/locales/shipped-locales \ - | xargs -n 1 -I {} /bin/sh -c ' - locale=$1 - pushd $RPM_BUILD_DIR/compare-locales - PYTHONPATH=lib \ - scripts/compare-locales -m ../l10n-merged/$locale \ - ../%{srcname}-%{orig_version}/browser/locales/l10n.ini ../l10n $locale - popd - LOCALE_MERGEDIR=$RPM_BUILD_DIR/l10n-merged/$locale \ - make -C browser/locales langpack-$locale - cp -rL dist/xpi-stage/locale-$locale \ - %{buildroot}%{progdir}/browser/extensions/langpack-$locale@firefox.mozilla.org - # remove prefs, profile defaults, and hyphenation from langpack - rm -rf %{buildroot}%{progdir}/browser/extensions/langpack-$locale@firefox.mozilla.org/defaults - rm -rf %{buildroot}%{progdir}/browser/extensions/langpack-$locale@firefox.mozilla.org/hyphenation - # check against the fixed common list and sort into the right filelist - _matched=0 - for _match in ar ca cs da de el en-GB es-AR es-CL es-ES fi fr hu it ja ko nb-NO nl pl pt-BR pt-PT ru sv-SE zh-CN zh-TW; do - [ "$_match" = "$locale" ] && _matched=1 - done - [ $_matched -eq 1 ] && _l10ntarget=common || _l10ntarget=other - echo %{progdir}/browser/extensions/langpack-$locale@firefox.mozilla.org \ - >> %{_tmppath}/translations.$_l10ntarget -' -- {} -%endif + # remove some executable permissions find %{buildroot}%{progdir} \ -name "*.js" -o \ diff -r 52b1745787cf -r d6a688186de0 MozillaFirefox/create-tar.sh --- a/MozillaFirefox/create-tar.sh Mon Nov 25 08:41:45 2019 +0100 +++ b/MozillaFirefox/create-tar.sh Wed Dec 18 02:16:48 2019 +0100 @@ -42,6 +42,7 @@ # Make first letter of PRODCUT upper case PRODUCT_CAP="${PRODUCT^}" LOCALES_URL="https://product-details.mozilla.org/1.0/l10n/$PRODUCT_CAP" +PRODUCT_URL="https://product-details.mozilla.org/1.0/$PRODUCT.json" # Exit script on CTRL+C trap "exit" INT @@ -83,7 +84,7 @@ function get_source_stamp() { BUILD_ID="$1" FTP_CANDIDATES_BASE_URL=$(get_ftp_candidates_url $VERSION$VERSION_SUFFIX) - FTP_CANDIDATES_JSON_SUFFIX="${BUILD_ID}/linux-x86_64/en-US/firefox-$VERSION$VERSION_SUFFIX.json" + FTP_CANDIDATES_JSON_SUFFIX="${BUILD_ID}/linux-x86_64/en-US/$PRODUCT-$VERSION$VERSION_SUFFIX.json" BUILD_JSON=$(curl --silent --fail "$FTP_CANDIDATES_BASE_URL/$FTP_CANDIDATES_JSON_SUFFIX") || return 1; REV=$(echo "$BUILD_JSON" | jq .moz_source_stamp) SOURCE_REPO=$(echo "$BUILD_JSON" | jq .moz_source_repo) @@ -104,12 +105,21 @@ function get_build_number() { LAST_FOUND="" VERSION_WITH_SUFFIX="$1" - FTP_CANDIDATES_BASE_URL=$(get_ftp_candidates_url $VERSION_WITH_SUFFIX) - # Unfortunately, locales-files are not associated to releases, but to builds. - # And since we don't know which build was the final build, we grep them all from - # the candidates-page, sort them and take the last one which should be the oldest - # Error only if not even the first one exists - LAST_FOUND=$(curl --silent --fail "$FTP_CANDIDATES_BASE_URL/" | grep -o "build[0-9]*/" | sort | uniq | tail -n 1 | cut -d "/" -f 1) + + BUILD_ID=$(curl --silent "$PRODUCT_URL" | jq -e '.["releases"] | .["'$PRODUCT-$VERSION_WITH_SUFFIX'"] | .["build_number"]') + + # Slow fall-back + if [ $? -ne 0 ]; then + echo "Build number not found in product URL, falling back to slow FTP-parsing." 1>&2 + FTP_CANDIDATES_BASE_URL=$(get_ftp_candidates_url $VERSION_WITH_SUFFIX) + # Unfortunately, locales-files are not associated to releases, but to builds. + # And since we don't know which build was the final build, we grep them all from + # the candidates-page, sort them and take the last one which should be the oldest + # Error only if not even the first one exists + LAST_FOUND=$(curl --silent --fail "$FTP_CANDIDATES_BASE_URL/" | grep -o "build[0-9]*/" | sort | uniq | tail -n 1 | cut -d "/" -f 1) + else + LAST_FOUND="build$BUILD_ID" + fi if [ "$LAST_FOUND" != "" ]; then echo "$LAST_FOUND" @@ -250,10 +260,9 @@ hg update --check $FF_RELEASE_TAG [ "$FF_RELEASE_TAG" == "default" ] || hg update -r $FF_RELEASE_TAG # get repo and source stamp - echo -n "REV=" > ../source-stamp.txt - hg -R . parent --template="{node|short}\n" >> ../source-stamp.txt - echo -n "REPO=" >> ../source-stamp.txt - hg showconfig paths.default 2>/dev/null | head -n1 | sed -e "s/^ssh:/http:/" >> ../source-stamp.txt + REV=$(hg -R . parent --template="{node|short}\n") + SOURCE_REPO=$(hg showconfig paths.default 2>/dev/null | head -n1 | sed -e "s/^ssh:/http:/") + TIMESTAMP=$(date +%Y%m%d%H%M%S) if [ "$PRODUCT" = "thunderbird" ]; then pushd comm || exit 1 @@ -263,6 +272,19 @@ fi popd || exit 1 + echo "Extending $TAR_STAMP with:" + echo "RELEASE_REPO=${SOURCE_REPO}" + echo "RELEASE_TAG=${REV}" + echo "RELEASE_TIMESTAMP=${TIMESTAMP}" + + # We "remove and add" instead of "replace" in case the entries are not there yet + # Removing the old RELEASE_-tags + sed -i "/RELEASE_\(TAG\|REPO\|TIMESTAMP\)=.*/d" "$TAR_STAMP" + # Appending the new + echo "RELEASE_REPO=$SOURCE_REPO" >> "$TAR_STAMP" + echo "RELEASE_TAG=$REV" >> "$TAR_STAMP" + echo "RELEASE_TIMESTAMP=$TIMESTAMP" >> "$TAR_STAMP" + echo "creating archive..." tar $compression -cf $PRODUCT-$VERSION$VERSION_SUFFIX.source.tar.xz --exclude=.hgtags --exclude=.hgignore --exclude=.hg --exclude=CVS $PRODUCT-$VERSION fi diff -r 52b1745787cf -r d6a688186de0 MozillaFirefox/mozilla-gcc9-lto.patch --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/MozillaFirefox/mozilla-gcc9-lto.patch Wed Dec 18 02:16:48 2019 +0100 @@ -0,0 +1,1 @@ +../mozilla-gcc9-lto.patch \ No newline at end of file diff -r 52b1745787cf -r d6a688186de0 MozillaFirefox/tar_stamps --- a/MozillaFirefox/tar_stamps Mon Nov 25 08:41:45 2019 +0100 +++ b/MozillaFirefox/tar_stamps Wed Dec 18 02:16:48 2019 +0100 @@ -1,11 +1,11 @@ PRODUCT="firefox" -CHANNEL="beta" +CHANNEL="release" VERSION="71.0" -VERSION_SUFFIX="b11" +VERSION_SUFFIX="" PREV_VERSION="70.0.1" PREV_VERSION_SUFFIX="" #SKIP_LOCALES="" # Uncomment to skip l10n and compare-locales-generation -RELEASE_REPO="https://hg.mozilla.org/releases/mozilla-beta" -RELEASE_TAG="5c921325dd03885c3392512722c7cede4ed9e00e" -RELEASE_TIMESTAMP="20191118154140" +RELEASE_REPO="https://hg.mozilla.org/releases/mozilla-release" +RELEASE_TAG="501aef7fe1d9622236600a7e53843d40d163a123" +RELEASE_TIMESTAMP="20191202093317" diff -r 52b1745787cf -r d6a688186de0 mozilla-gcc9-lto.patch --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/mozilla-gcc9-lto.patch Wed Dec 18 02:16:48 2019 +0100 @@ -0,0 +1,71 @@ +Workaround GCC/Clang6 not supporting class-temporary#6.7 [1] +Bugs: ++ https://bugzilla.mozilla.org/show_bug.cgi?id=1601707 ++ http://gcc.gnu.org/PR92831 ++ https://bugzilla.redhat.com/show_bug.cgi?id=1779082 + +[1] http://eel.is/c++draft/class.temporary#6.7 + +diff --git a/dom/indexedDB/ActorsParent.cpp b/dom/indexedDB/ActorsParent.cpp +--- a/dom/indexedDB/ActorsParent.cpp ++++ b/dom/indexedDB/ActorsParent.cpp +@@ -24311,11 +24311,11 @@ + // if we allow overwrite or not. By not allowing overwrite we raise + // detectable errors rather than corrupting data. + DatabaseConnection::CachedStatement stmt; +- const auto& optReplaceDirective = (!mOverwrite || keyUnset) +- ? NS_LITERAL_CSTRING("") +- : NS_LITERAL_CSTRING("OR REPLACE "); + rv = aConnection->GetCachedStatement( +- NS_LITERAL_CSTRING("INSERT ") + optReplaceDirective + ++ NS_LITERAL_CSTRING("INSERT ") + ++ ((!mOverwrite || keyUnset) ++ ? NS_LITERAL_CSTRING("") ++ : NS_LITERAL_CSTRING("OR REPLACE ")) + + NS_LITERAL_CSTRING("INTO object_data " + "(object_store_id, key, file_ids, data) " + "VALUES (:") + +@@ -26076,9 +26076,6 @@ + + const bool usingKeyRange = mOptionalKeyRange.isSome(); + +- const auto& indexTable = mCursor->mUniqueIndex +- ? NS_LITERAL_CSTRING("unique_index_data") +- : NS_LITERAL_CSTRING("index_data"); + + NS_NAMED_LITERAL_CSTRING(sortColumn, "sort_column"); + +@@ -26099,7 +26096,9 @@ + "object_data.file_ids, " + "object_data.data " + "FROM ") + +- indexTable + ++ (mCursor->mUniqueIndex ++ ? NS_LITERAL_CSTRING("unique_index_data") ++ : NS_LITERAL_CSTRING("index_data")) + + NS_LITERAL_CSTRING( + " AS index_table " + "JOIN object_data " +@@ -26198,9 +26197,6 @@ + + const bool usingKeyRange = mOptionalKeyRange.isSome(); + +- const auto& table = mCursor->mUniqueIndex +- ? NS_LITERAL_CSTRING("unique_index_data") +- : NS_LITERAL_CSTRING("index_data"); + + NS_NAMED_LITERAL_CSTRING(sortColumn, "sort_column"); + +@@ -26218,7 +26214,10 @@ + NS_LITERAL_CSTRING( + "object_data_key " + " FROM ") + +- table + NS_LITERAL_CSTRING(" WHERE index_id = :") + ++ (mCursor->mUniqueIndex ++ ? NS_LITERAL_CSTRING("unique_index_data") ++ : NS_LITERAL_CSTRING("index_data")) + ++ NS_LITERAL_CSTRING(" WHERE index_id = :") + + kStmtParamNameId; + + const auto keyRangeClause = + diff -r 52b1745787cf -r d6a688186de0 series --- a/series Mon Nov 25 08:41:45 2019 +0100 +++ b/series Wed Dec 18 02:16:48 2019 +0100 @@ -21,6 +21,7 @@ mozilla-fix-top-level-asm.patch mozilla-bmo1504834-part4.patch mozilla-bmo849632.patch +mozilla-gcc9-lto.patch # Firefox patches firefox-kde.patch