# HG changeset patch # User Wolfgang Rosenauer # Date 1486885326 -3600 # Node ID f63a4ac0fe061feeda14104dea0b6b39a44f6a83 # Parent 3604ed712e1690b2bfcaff9939237068b54460f8 51.0.1 diff -r 3604ed712e16 -r f63a4ac0fe06 MozillaFirefox/MozillaFirefox.changes --- a/MozillaFirefox/MozillaFirefox.changes Tue Jan 24 22:19:01 2017 +0100 +++ b/MozillaFirefox/MozillaFirefox.changes Sun Feb 12 08:42:06 2017 +0100 @@ -1,7 +1,14 @@ ------------------------------------------------------------------- +Fri Jan 27 20:25:59 UTC 2017 - astieger@suse.com + +- Mozilla Firefox 51.0.1: + - Multiprocess incompatibility did not correctly register with + some add-ons (bmo#1333423) + +------------------------------------------------------------------- Fri Jan 20 13:57:56 UTC 2017 - wr@rosenauer.org -- update to Firefox 51.0 (boo#) +- update to Firefox 51.0 * requires NSPR >= 4.13.1, NSS >= 3.28.1 * Added support for FLAC (Free Lossless Audio Codec) playback * Added support for WebGL 2 @@ -13,11 +20,65 @@ * View passwords from the prompt before saving them * Remove Belarusian (be) locale * Use Skia for content rendering (Linux) -- switch Firefox to Gtk3 for Tumbleweed and Leap >= 43 + * MFSA 2017-01 + CVE-2017-5375: Excessive JIT code allocation allows bypass of + ASLR and DEP (bmo#1325200, boo#1021814) + CVE-2017-5376: Use-after-free in XSL (bmo#1311687, boo#1021817) + CVE-2017-5377: Memory corruption with transforms to create + gradients in Skia (bmo#1306883, boo#1021826) + CVE-2017-5378: Pointer and frame data leakage of Javascript objects + (bmo#1312001, bmo#1330769, boo#1021818) + CVE-2017-5379: Use-after-free in Web Animations + (bmo#1309198,boo#1021827) + CVE-2017-5380: Potential use-after-free during DOM manipulations + (bmo#1322107, boo#1021819) + CVE-2017-5390: Insecure communication methods in Developer Tools + JSON viewer (bmo#1297361, boo#1021820) + CVE-2017-5389: WebExtensions can install additional add-ons via + modified host requests (bmo#1308688, boo#1021828) + CVE-2017-5396: Use-after-free with Media Decoder + (bmo#1329403, boo#1021821) + CVE-2017-5381: Certificate Viewer exporting can be used to navigate + and save to arbitrary filesystem locations + (bmo#1017616, boo#1021830) + CVE-2017-5382: Feed preview can expose privileged content errors + and exceptions (bmo#1295322, boo#1021831) + CVE-2017-5383: Location bar spoofing with unicode characters + (bmo#1323338, bmo#1324716, boo#1021822) + CVE-2017-5384: Information disclosure via Proxy Auto-Config (PAC) + (bmo#1255474, boo#1021832) + CVE-2017-5385: Data sent in multipart channels ignores referrer-policy + response headers (bmo#1295945, boo#1021833) + CVE-2017-5386: WebExtensions can use data: protocol to affect other + extensions (bmo#1319070, boo#1021823) + CVE-2017-5394: Android location bar spoofing using fullscreen and + JavaScript events (bmo#1222798) + CVE-2017-5391: Content about: pages can load privileged about: pages + (bmo#1309310, boo#1021835) + CVE-2017-5392: Weak references using multiple threads on weak proxy + objects lead to unsafe memory usage (bmo#1293709) + (Android only) + CVE-2017-5393: Remove addons.mozilla.org CDN from whitelist for + mozAddonManager (bmo#1309282, boo#1021837) + CVE-2017-5395: Android location bar spoofing during scrolling + (bmo#1293463) (Android only) + CVE-2017-5387: Disclosure of local file existence through TRACK + tag error messages (bmo#1295023, boo#1021839) + CVE-2017-5388: WebRTC can be used to generate a large amount of + UDP traffic for DDOS attacks + (bmo#1281482, boo#1021840) + CVE-2017-5374: Memory safety bugs fixed in Firefox 51 (boo#1021841) + CVE-2017-5373: Memory safety bugs fixed in Firefox 51 and + Firefox ESR 45.7 (boo#1021824) +- switch Firefox to Gtk3 for Tumbleweed - removed obsolete patches * mozilla-flex_buffer_overrun.patch - updated RPM locale support tag - improve recognition of LANGUAGE env variable (boo#1017174) +- add upstream patch to fix PPC64LE (bmo#1319389) + (mozilla-skia-ppc-endianess.patch) +- fix build without skia (big endian archs) (bmo#1319374) + (mozilla-disable-skia-be.patch) ------------------------------------------------------------------- Mon Dec 12 21:18:41 UTC 2016 - wr@rosenauer.org diff -r 3604ed712e16 -r f63a4ac0fe06 MozillaFirefox/MozillaFirefox.spec --- a/MozillaFirefox/MozillaFirefox.spec Tue Jan 24 22:19:01 2017 +0100 +++ b/MozillaFirefox/MozillaFirefox.spec Sun Feb 12 08:42:06 2017 +0100 @@ -19,9 +19,9 @@ # changed with every update %define major 51 -%define mainver %major.0 +%define mainver %major.0.1 %define update_channel release -%define releasedate 20170119000000 +%define releasedate 20170126000000 # PIE, full relro (x86_64 for now) %define build_hardened 1 @@ -150,6 +150,8 @@ Patch13: mozilla-check_return.patch Patch14: mozilla-skia-overflow.patch Patch17: mozilla-binutils-visibility.patch +Patch18: mozilla-skia-ppc-endianess.patch +Patch19: mozilla-disable-skia-be.patch # Firefox/browser Patch101: firefox-kde.patch Patch102: firefox-no-default-ualocale.patch @@ -264,6 +266,8 @@ %patch13 -p1 %patch14 -p1 %patch17 -p1 +%patch18 -p1 +%patch19 -p1 # Firefox %patch101 -p1 %patch102 -p1 diff -r 3604ed712e16 -r f63a4ac0fe06 MozillaFirefox/create-tar.sh --- a/MozillaFirefox/create-tar.sh Tue Jan 24 22:19:01 2017 +0100 +++ b/MozillaFirefox/create-tar.sh Sun Feb 12 08:42:06 2017 +0100 @@ -7,8 +7,8 @@ CHANNEL="release" BRANCH="releases/mozilla-$CHANNEL" -RELEASE_TAG="ea82b5e20cbbd103f8fa65f0df0386ee4135cc47" -VERSION="51.0" +RELEASE_TAG="327e081221b064b05a302d7877c6e4be2949a617" +VERSION="51.0.1" # mozilla if [ -d mozilla ]; then diff -r 3604ed712e16 -r f63a4ac0fe06 MozillaFirefox/mozilla-disable-skia-be.patch --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/MozillaFirefox/mozilla-disable-skia-be.patch Sun Feb 12 08:42:06 2017 +0100 @@ -0,0 +1,1 @@ +../mozilla-disable-skia-be.patch \ No newline at end of file diff -r 3604ed712e16 -r f63a4ac0fe06 MozillaFirefox/mozilla-skia-ppc-endianess.patch --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/MozillaFirefox/mozilla-skia-ppc-endianess.patch Sun Feb 12 08:42:06 2017 +0100 @@ -0,0 +1,1 @@ +../mozilla-skia-ppc-endianess.patch \ No newline at end of file diff -r 3604ed712e16 -r f63a4ac0fe06 mozilla-disable-skia-be.patch --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/mozilla-disable-skia-be.patch Sun Feb 12 08:42:06 2017 +0100 @@ -0,0 +1,292 @@ + +# HG changeset patch +# User Lee Salzman +# Date 1484854371 18000 +# Node ID 42afdb8f7e6b3e8a465042f64c6c49782f231af4 +# Parent dfadd79c97458f898d542461033a61dd34d3a5f0 +Bug 1319374 - Wrap PaintCounter with ifdef USE_SKIA. r=mchang, a=jcristau + +diff --git a/gfx/2d/BorrowedContext.h b/gfx/2d/BorrowedContext.h +--- a/gfx/2d/BorrowedContext.h ++++ b/gfx/2d/BorrowedContext.h +@@ -190,18 +190,28 @@ public: + } + + ~BorrowedCGContext() { + MOZ_ASSERT(!cg); + } + + CGContextRef cg; + private: ++#ifdef USE_SKIA + static CGContextRef BorrowCGContextFromDrawTarget(DrawTarget *aDT); + static void ReturnCGContextToDrawTarget(DrawTarget *aDT, CGContextRef cg); ++#else ++ static CGContextRef BorrowCGContextFromDrawTarget(DrawTarget *aDT) { ++ MOZ_CRASH("Not supported without Skia"); ++ } ++ ++ static void ReturnCGContextToDrawTarget(DrawTarget *aDT, CGContextRef cg) { ++ MOZ_CRASH("not supported without Skia"); ++ } ++#endif + DrawTarget *mDT; + }; + #endif + + } // namespace gfx + } // namespace mozilla + + #endif // _MOZILLA_GFX_BORROWED_CONTEXT_H +diff --git a/gfx/layers/composite/LayerManagerComposite.cpp b/gfx/layers/composite/LayerManagerComposite.cpp +--- a/gfx/layers/composite/LayerManagerComposite.cpp ++++ b/gfx/layers/composite/LayerManagerComposite.cpp +@@ -7,17 +7,16 @@ + #include // for size_t + #include // for uint16_t, uint32_t + #include "CanvasLayerComposite.h" // for CanvasLayerComposite + #include "ColorLayerComposite.h" // for ColorLayerComposite + #include "Composer2D.h" // for Composer2D + #include "CompositableHost.h" // for CompositableHost + #include "ContainerLayerComposite.h" // for ContainerLayerComposite, etc + #include "FPSCounter.h" // for FPSState, FPSCounter +-#include "PaintCounter.h" // For PaintCounter + #include "FrameMetrics.h" // for FrameMetrics + #include "GeckoProfiler.h" // for profiler_set_frame_number, etc + #include "ImageLayerComposite.h" // for ImageLayerComposite + #include "Layers.h" // for Layer, ContainerLayer, etc + #include "LayerScope.h" // for LayerScope Tool + #include "protobuf/LayerScopePacket.pb.h" // for protobuf (LayerScope) + #include "PaintedLayerComposite.h" // for PaintedLayerComposite + #include "TiledContentHost.h" +@@ -68,16 +67,20 @@ + #include "nsScreenManagerGonk.h" + #include "nsWindow.h" + #endif + #include "GeckoProfiler.h" + #include "TextRenderer.h" // for TextRenderer + #include "mozilla/layers/CompositorBridgeParent.h" + #include "TreeTraversal.h" // for ForEachNode + ++#ifdef USE_SKIA ++#include "PaintCounter.h" // For PaintCounter ++#endif ++ + class gfxContext; + + namespace mozilla { + namespace layers { + + class ImageLayer; + + using namespace mozilla::gfx; +@@ -128,16 +131,20 @@ LayerManagerComposite::LayerManagerCompo + , mGeometryChanged(true) + , mLastFrameMissedHWC(false) + , mWindowOverlayChanged(false) + , mLastPaintTime(TimeDuration::Forever()) + , mRenderStartTime(TimeStamp::Now()) + { + mTextRenderer = new TextRenderer(aCompositor); + MOZ_ASSERT(aCompositor); ++ ++#ifdef USE_SKIA ++ mPaintCounter = nullptr; ++#endif + } + + LayerManagerComposite::~LayerManagerComposite() + { + Destroy(); + } + + +@@ -146,18 +153,21 @@ LayerManagerComposite::Destroy() + { + if (!mDestroyed) { + mCompositor->GetWidget()->CleanupWindowEffects(); + if (mRoot) { + RootLayer()->Destroy(); + } + mRoot = nullptr; + mClonedLayerTreeProperties = nullptr; ++ mDestroyed = true; ++ ++#ifdef USE_SKIA + mPaintCounter = nullptr; +- mDestroyed = true; ++#endif + } + } + + void + LayerManagerComposite::UpdateRenderBounds(const IntRect& aRect) + { + mRenderBounds = aRect; + } +@@ -559,48 +569,52 @@ LayerManagerComposite::RootLayer() const + #endif + + void + LayerManagerComposite::InvalidateDebugOverlay(nsIntRegion& aInvalidRegion, const IntRect& aBounds) + { + bool drawFps = gfxPrefs::LayersDrawFPS(); + bool drawFrameCounter = gfxPrefs::DrawFrameCounter(); + bool drawFrameColorBars = gfxPrefs::CompositorDrawColorBars(); +- bool drawPaintTimes = gfxPrefs::AlwaysPaint(); + + if (drawFps || drawFrameCounter) { + aInvalidRegion.Or(aInvalidRegion, nsIntRect(0, 0, 256, 256)); + } + if (drawFrameColorBars) { + aInvalidRegion.Or(aInvalidRegion, nsIntRect(0, 0, 10, aBounds.height)); + } ++ ++#ifdef USE_SKIA ++ bool drawPaintTimes = gfxPrefs::AlwaysPaint(); + if (drawPaintTimes) { + aInvalidRegion.Or(aInvalidRegion, nsIntRect(PaintCounter::GetPaintRect())); + } ++#endif + } + ++#ifdef USE_SKIA + void + LayerManagerComposite::DrawPaintTimes(Compositor* aCompositor) + { + if (!mPaintCounter) { + mPaintCounter = new PaintCounter(); + } + + TimeDuration compositeTime = TimeStamp::Now() - mRenderStartTime; + mPaintCounter->Draw(aCompositor, mLastPaintTime, compositeTime); + } ++#endif + + static uint16_t sFrameCount = 0; + void + LayerManagerComposite::RenderDebugOverlay(const IntRect& aBounds) + { + bool drawFps = gfxPrefs::LayersDrawFPS(); + bool drawFrameCounter = gfxPrefs::DrawFrameCounter(); + bool drawFrameColorBars = gfxPrefs::CompositorDrawColorBars(); +- bool drawPaintTimes = gfxPrefs::AlwaysPaint(); + + TimeStamp now = TimeStamp::Now(); + + if (drawFps) { + if (!mFPS) { + mFPS = MakeUnique(); + } + +@@ -731,19 +745,22 @@ LayerManagerComposite::RenderDebugOverla + } + #endif + + if (drawFrameColorBars || drawFrameCounter) { + // We intentionally overflow at 2^16. + sFrameCount++; + } + ++#ifdef USE_SKIA ++ bool drawPaintTimes = gfxPrefs::AlwaysPaint(); + if (drawPaintTimes) { + DrawPaintTimes(mCompositor); + } ++#endif + } + + RefPtr + LayerManagerComposite::PushGroupForLayerEffects() + { + // This is currently true, so just making sure that any new use of this + // method is flagged for investigation + MOZ_ASSERT(gfxPrefs::LayersEffectInvert() || +diff --git a/gfx/layers/composite/LayerManagerComposite.h b/gfx/layers/composite/LayerManagerComposite.h +--- a/gfx/layers/composite/LayerManagerComposite.h ++++ b/gfx/layers/composite/LayerManagerComposite.h +@@ -326,21 +326,16 @@ private: + * Render the current layer tree to the active target. + */ + void Render(const nsIntRegion& aInvalidRegion, const nsIntRegion& aOpaqueRegion); + #if defined(MOZ_WIDGET_ANDROID) || defined(MOZ_WIDGET_GONK) + void RenderToPresentationSurface(); + #endif + + /** +- * Render paint and composite times above the frame. +- */ +- void DrawPaintTimes(Compositor* aCompositor); +- +- /** + * We need to know our invalid region before we're ready to render. + */ + void InvalidateDebugOverlay(nsIntRegion& aInvalidRegion, const gfx::IntRect& aBounds); + + /** + * Render debug overlays such as the FPS/FrameCounter above the frame. + */ + void RenderDebugOverlay(const gfx::IntRect& aBounds); +@@ -386,19 +381,26 @@ private: + RefPtr mTextRenderer; + bool mGeometryChanged; + + // Testing property. If hardware composer is supported, this will return + // true if the last frame was deemed 'too complicated' to be rendered. + bool mLastFrameMissedHWC; + + bool mWindowOverlayChanged; +- RefPtr mPaintCounter; + TimeDuration mLastPaintTime; + TimeStamp mRenderStartTime; ++ ++#ifdef USE_SKIA ++ /** ++ * Render paint and composite times above the frame. ++ */ ++ void DrawPaintTimes(Compositor* aCompositor); ++ RefPtr mPaintCounter; ++#endif + }; + + /** + * Composite layers are for use with OMTC on the compositor thread only. There + * must be corresponding Basic layers on the content thread. For composite + * layers, the layer manager only maintains the layer tree, all rendering is + * done by a Compositor (see Compositor.h). As such, composite layers are + * platform-independent and can be used on any platform for which there is a +diff --git a/gfx/layers/moz.build b/gfx/layers/moz.build +--- a/gfx/layers/moz.build ++++ b/gfx/layers/moz.build +@@ -335,17 +335,16 @@ UNIFIED_SOURCES += [ + 'composite/CompositableHost.cpp', + 'composite/ContainerLayerComposite.cpp', + 'composite/ContentHost.cpp', + 'composite/FPSCounter.cpp', + 'composite/FrameUniformityData.cpp', + 'composite/ImageHost.cpp', + 'composite/ImageLayerComposite.cpp', + 'composite/LayerManagerComposite.cpp', +- 'composite/PaintCounter.cpp', + 'composite/PaintedLayerComposite.cpp', + 'composite/TextRenderer.cpp', + 'composite/TextureHost.cpp', + 'composite/TiledContentHost.cpp', + 'Compositor.cpp', + 'CopyableCanvasLayer.cpp', + 'Effects.cpp', + 'FrameMetrics.cpp', +@@ -480,8 +479,13 @@ MOCHITEST_CHROME_MANIFESTS += ['apz/test + + CXXFLAGS += CONFIG['MOZ_CAIRO_CFLAGS'] + CXXFLAGS += CONFIG['TK_CFLAGS'] + + LOCAL_INCLUDES += CONFIG['SKIA_INCLUDES'] + + if CONFIG['GNU_CXX']: + CXXFLAGS += ['-Wno-error=shadow'] ++ ++if CONFIG['MOZ_ENABLE_SKIA']: ++ UNIFIED_SOURCES += [ ++ 'composite/PaintCounter.cpp', ++ ] diff -r 3604ed712e16 -r f63a4ac0fe06 mozilla-skia-ppc-endianess.patch --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/mozilla-skia-ppc-endianess.patch Sun Feb 12 08:42:06 2017 +0100 @@ -0,0 +1,45 @@ + +# HG changeset patch +# User Mike Hommey +# Date 1479812942 -32400 +# Node ID a6d015fd1add5e16cf37f5868cd2734bafb709b4 +# Parent 319e03b9e8a22a8fba3756cb1afc8b9e7a6724c8 +Bug 1319389 - Generically set SK_CPU_[BL]ENDIAN based on __BYTE_ORDER__ when available. r?jrmuizel + + +diff --git a/gfx/skia/skia/include/core/SkPreConfig.h b/gfx/skia/skia/include/core/SkPreConfig.h +--- a/gfx/skia/skia/include/core/SkPreConfig.h ++++ b/gfx/skia/skia/include/core/SkPreConfig.h +@@ -67,25 +67,29 @@ + + #if !defined(SK_WARN_UNUSED_RESULT) + #define SK_WARN_UNUSED_RESULT __attribute__((warn_unused_result)) + #endif + + ////////////////////////////////////////////////////////////////////// + + #if !defined(SK_CPU_BENDIAN) && !defined(SK_CPU_LENDIAN) +- #if defined(__sparc) || defined(__sparc__) || \ ++ #if defined(__BYTE_ORDER__) && (__BYTE_ORDER__ == __ORDER_BIG_ENDIAN__) ++ #define SK_CPU_BENDIAN ++ #elif defined(__BYTE_ORDER__) && (__BYTE_ORDER__ == __ORDER_LITTLE_ENDIAN__) ++ #define SK_CPU_LENDIAN ++ #elif defined(__sparc) || defined(__sparc__) || \ + defined(_POWER) || defined(__powerpc__) || \ + defined(__ppc__) || defined(__hppa) || \ + defined(__PPC__) || defined(__PPC64__) || \ + defined(_MIPSEB) || defined(__ARMEB__) || \ + defined(__s390__) || \ + (defined(__sh__) && defined(__BIG_ENDIAN__)) || \ + (defined(__ia64) && defined(__BIG_ENDIAN__)) +- #define SK_CPU_BENDIAN ++ #define SK_CPU_BENDIAN + #else + #define SK_CPU_LENDIAN + #endif + #endif + + ////////////////////////////////////////////////////////////////////// + + #if defined(__i386) || defined(_M_IX86) || defined(__x86_64__) || defined(_M_X64) + diff -r 3604ed712e16 -r f63a4ac0fe06 series --- a/series Tue Jan 24 22:19:01 2017 +0100 +++ b/series Sun Feb 12 08:42:06 2017 +0100 @@ -13,6 +13,8 @@ mozilla-skia-overflow.patch mozilla-binutils-visibility.patch mozilla-aarch64-startup-crash.patch +mozilla-skia-ppc-endianess.patch +mozilla-disable-skia-be.patch # Firefox patches firefox-kde.patch