Firefox 88.0.1 firefox88 tip
authorWolfgang Rosenauer <wr@rosenauer.org>
Sat, 29 May 2021 22:52:13 +0200
branchfirefox88
changeset 1157 57fc0524b50c
parent 1156 c3d884659acf
Firefox 88.0.1
MozillaFirefox/MozillaFirefox.changes
MozillaFirefox/MozillaFirefox.spec
MozillaFirefox/_constraints
MozillaFirefox/mozilla.sh.in
MozillaFirefox/tar_stamps
mozilla-kde.patch
mozilla-libavcodec58_91.patch
mozilla-pgo.patch
--- a/MozillaFirefox/MozillaFirefox.changes	Sat Mar 27 21:45:50 2021 +0100
+++ b/MozillaFirefox/MozillaFirefox.changes	Sat May 29 22:52:13 2021 +0200
@@ -1,4 +1,110 @@
 -------------------------------------------------------------------
+Tue May 11 14:17:33 UTC 2021 - Wolfgang Rosenauer <wr@rosenauer.org>
+
+- do not rely on nodejs10 anymore
+
+-------------------------------------------------------------------
+Thu May  6 13:40:10 UTC 2021 - Guillaume GARDET <guillaume.gardet@opensuse.org>
+
+- Relax RAM and disk constraints for aarch64
+
+-------------------------------------------------------------------
+Wed May  5 15:13:20 UTC 2021 - Andreas Stieger <andreas.stieger@gmx.de>
+
+- Mozilla Firefox 88.0.1
+  * Fixed: Resolved an issue caused by a recent Widevine plugin
+    update which prevented some purchased video content from
+    playing correctly (bmo#1705138)
+  * Fixed: Fixed corruption of videos playing on Twitter or
+    WebRTC calls on some Gen6 Intel graphics chipsets
+    (bmo#1708937)
+  * Fixed: Fixed menulists in Preferences being unreadable for
+    users with High Contrast Mode enabled (bmo#1706496)
+  MFSA 2021-20 (bsc#1185633)
+  * CVE-2021-29952 (bmo#1704227)
+    Race condition in Web Render Components
+- devel package: move macros to /usr/lib/rpm/macros.d (boo#1185658)
+
+-------------------------------------------------------------------
+Sun May  2 12:03:26 UTC 2021 - Wolfgang Rosenauer <wr@rosenauer.org>
+
+- add compatibility for libavcodec58_134
+
+-------------------------------------------------------------------
+Sun Apr 18 09:01:32 UTC 2021 - Wolfgang Rosenauer <wr@rosenauer.org>
+
+- Mozilla Firefox 88.0
+  * New: PDF forms now support JavaScript embedded in PDF files.
+    Some PDF forms use JavaScript for validation and other
+    interactive features
+  * New: Print updates: Margin units are now localized
+  * New: Smooth pinch-zooming using a touchpad is now supported
+    on Linux
+  * New: To protect against cross-site privacy leaks, Firefox now
+    isolates window.name data to the website that created it.
+    Learn more
+  * Changed: Firefox will not prompt for access to your
+    microphone or camera if you’ve already granted access to the
+    same device on the same site in the same tab within the past
+    50 seconds. This new grace period reduces the number of times
+    you’re prompted to grant device access
+  * Changed: The ‘Take a Screenshot’ feature was removed from the
+    Page Actions menu in the url bar. To take a screenshot,
+    right-click to open the context menu. You can also add a
+    screenshots shortcut directly to your toolbar via the
+    Customize menu. Open the Firefox menu and select Customize…
+  * Changed: FTP support has been disabled, and its full removal
+    is planned for an upcoming release. Addressing this security
+    risk reduces the likelihood of an attack while also removing
+    support for a non-encrypted protocol
+  * Developer: Introduced a new toggle button in the Network
+    panel for switching between JSON formatted HTTP response and
+    raw data (as received over the wire).
+    !enter image description here
+  * Enterprise: Various bug fixes and new policies have been
+    implemented in the latest version of Firefox. You can see
+    more details in the Firefox for Enterprise 88 Release Notes.
+  * Fixed: Screen readers no longer incorrectly read content that
+    websites have visually hidden, as in the case of articles in
+    the Google Help panel
+  MFSA 2021-16 (bsc#1184960)
+  * CVE-2021-23994 (bmo#1699077)
+    Out of bound write due to lazy initialization
+  * CVE-2021-23995 (bmo#1699835)
+    Use-after-free in Responsive Design Mode
+  * CVE-2021-23996 (bmo#1701834)
+    Content rendered outside of webpage viewport
+  * CVE-2021-23997 (bmo#1701942)
+    Use-after-free when freeing fonts from cache
+  * CVE-2021-23998 (bmo#1667456)
+    Secure Lock icon could have been spoofed
+  * CVE-2021-23999 (bmo#1691153)
+    Blob URLs may have been granted additional privileges
+  * CVE-2021-24000 (bmo#1694698)
+    requestPointerLock() could be applied to a tab different from
+    the visible tab
+  * CVE-2021-24001 (bmo#1694727)
+    Testing code could have enabled session history manipulations
+    by a compromised content process
+  * CVE-2021-24002 (bmo#1702374)
+    Arbitrary FTP command execution on FTP servers using an
+    encoded URL
+  * CVE-2021-29945 (bmo#1700690)
+    Incorrect size computation in WebAssembly JIT could lead to
+    null-reads
+  * CVE-2021-29944 (bmo#1697604)
+    HTML injection vulnerability in Firefox for Android's Reader View
+  * CVE-2021-29946 (bmo#1698503)
+    Port blocking could be bypassed
+  * CVE-2021-29947 (bmo#1651449, bmo#1674142, bmo#1693476,
+    bmo#1696886, bmo#1700091)
+    Memory safety bugs fixed in Firefox 88
+- requires
+  * NSPR 4.30
+  * NSS 3.63.1
+- align wayland support logic
+
+-------------------------------------------------------------------
 Sat Mar 27 10:40:46 UTC 2021 - Manfred Hollstein <manfred.h@gmx.net>
 
 - Switch to clang_build globally; just on TW/x86_64 it does not work
--- a/MozillaFirefox/MozillaFirefox.spec	Sat Mar 27 21:45:50 2021 +0100
+++ b/MozillaFirefox/MozillaFirefox.spec	Sat May 29 22:52:13 2021 +0200
@@ -32,9 +32,9 @@
 # orig_suffix b3
 # major 69
 # mainver %major.99
-%define major          87
-%define mainver        %major.0
-%define orig_version   87.0
+%define major          88
+%define mainver        %major.0.1
+%define orig_version   88.0.1
 %define orig_suffix    %{nil}
 %define update_channel release
 %define branding       1
@@ -85,11 +85,13 @@
 %else
 %define crashreporter 0
 %endif
-%if 0%{?suse_version} < 1550 && 0%{?sle_version} <= 150100
-# pipewire is too old on Leap <15.1
+%define with_pipewire0_3  1
+%define wayland_supported 1
+%if 0%{?sle_version} > 0 && 0%{?sle_version} < 150200
+# pipewire is too old on Leap <=15.1
 %define with_pipewire0_3 0
-%else
-%define with_pipewire0_3 1
+# Wayland is too old on Leap <=15.1 as well
+%define wayland_supported 0
 %endif
 
 Name:           %{pkgname}
@@ -115,10 +117,10 @@
 BuildRequires:  libiw-devel
 BuildRequires:  libproxy-devel
 BuildRequires:  makeinfo
-BuildRequires:  mozilla-nspr-devel >= 4.29
-BuildRequires:  mozilla-nss-devel >= 3.62
+BuildRequires:  mozilla-nspr-devel >= 4.30
+BuildRequires:  mozilla-nss-devel >= 3.63.1
 BuildRequires:  nasm >= 2.14
-BuildRequires:  nodejs10 >= 10.22.1
+BuildRequires:  nodejs >= 10.22.1
 %if 0%{?sle_version} >= 120000 && 0%{?sle_version} < 150000
 BuildRequires:  python-libxml2
 BuildRequires:  python36
@@ -448,10 +450,10 @@
 ac_add_options --libdir=%{_libdir}
 ac_add_options --includedir=%{_includedir}
 ac_add_options --enable-release
-%if 0%{?sle_version} >= 120000 && 0%{?sle_version} < 150000
+%if 0%{wayland_supported}
+ac_add_options --enable-default-toolkit=cairo-gtk3-wayland
+%else
 ac_add_options --enable-default-toolkit=cairo-gtk3
-%else
-ac_add_options --enable-default-toolkit=cairo-gtk3-wayland
 %endif
 # bmo#1441155 - Disable the generation of Rust debug symbols on Linux32
 %ifarch %ix86 %arm
@@ -628,6 +630,7 @@
 sed "s:%%PREFIX:%{_prefix}:g
 s:%%PROGDIR:%{progdir}:g
 s:%%APPNAME:%{progname}:g
+s:%%WAYLAND_SUPPORTED:%{wayland_supported}:g
 s:%%PROFILE:.mozilla/firefox:g" \
   %{SOURCE3} > %{buildroot}%{progdir}/%{progname}.sh
 chmod 755 %{buildroot}%{progdir}/%{progname}.sh
@@ -684,8 +687,8 @@
 mkdir -p %{buildroot}%{_bindir}
 install -m 755 %SOURCE12 %{buildroot}%{_bindir}
 # inspired by mandriva
-mkdir -p %{buildroot}%{_sysconfdir}/rpm
-cat <<'FIN' >%{buildroot}%{_sysconfdir}/rpm/macros.%{progname}
+mkdir -p %{buildroot}%{_rpmmacrodir}
+cat <<'FIN' >%{buildroot}%{_rpmmacrodir}/macros.%{progname}
 # Macros from %{name} package
 %%firefox_major              %{major}
 %%firefox_version            %{version}
@@ -778,7 +781,7 @@
 %files devel
 %defattr(-,root,root)
 %{_bindir}/mozilla-get-app-id
-%config %{_sysconfdir}/rpm/macros.%{progname}
+%{_rpmmacrodir}/macros.%{progname}
 %endif
 
 %if %localize
--- a/MozillaFirefox/_constraints	Sat Mar 27 21:45:50 2021 +0100
+++ b/MozillaFirefox/_constraints	Sat May 29 22:52:13 2021 +0200
@@ -34,11 +34,14 @@
     </conditions>
     <hardware>
       <processors>4</processors>
+      <disk>
+        <size unit="G">30</size>
+      </disk>
       <memoryperjob>
         <size unit="M">1000</size>
       </memoryperjob>
       <physicalmemory>
-        <size unit="G">12</size>
+        <size unit="G">9</size>
       </physicalmemory>
     </hardware>
   </overwrite>
--- a/MozillaFirefox/mozilla.sh.in	Sat Mar 27 21:45:50 2021 +0100
+++ b/MozillaFirefox/mozilla.sh.in	Sat May 29 22:52:13 2021 +0200
@@ -84,8 +84,11 @@
 export GNOME_DISABLE_CRASH_DIALOG=1
 
 # Wayland
+# Only supported on newer systems
+WAYLAND_SUPPORTED=%WAYLAND_SUPPORTED
+
 # $XDG_SESSION_TYPE should contain either x11 or wayland
-if [ "$XDG_SESSION_TYPE" = "wayland" ]; then
+if [ $WAYLAND_SUPPORTED -eq 1 ] && [ "$XDG_SESSION_TYPE" = "wayland" ]; then
   export MOZ_ENABLE_WAYLAND=1
 fi
 
--- a/MozillaFirefox/tar_stamps	Sat Mar 27 21:45:50 2021 +0100
+++ b/MozillaFirefox/tar_stamps	Sat May 29 22:52:13 2021 +0200
@@ -1,11 +1,11 @@
 PRODUCT="firefox"
 CHANNEL="release"
-VERSION="87.0"
+VERSION="88.0.1"
 VERSION_SUFFIX=""
-PREV_VERSION="86.0.1"
+PREV_VERSION="88.0"
 PREV_VERSION_SUFFIX=""
 #SKIP_LOCALES="" # Uncomment to skip l10n and compare-locales-generation
 
 RELEASE_REPO="https://hg.mozilla.org/releases/mozilla-release"
-RELEASE_TAG="bb9bf7e886787222b18094a4723949a29b4d329a"
-RELEASE_TIMESTAMP="20210318103112"
+RELEASE_TAG="179e1482851c07d65bf29a21c9e42ea312fc87fa"
+RELEASE_TIMESTAMP="20210504152106"
--- a/mozilla-kde.patch	Sat Mar 27 21:45:50 2021 +0100
+++ b/mozilla-kde.patch	Sat May 29 22:52:13 2021 +0200
@@ -3,7 +3,7 @@
 # Date 1559294891 -7200
 #      Fri May 31 11:28:11 2019 +0200
 # Node ID c2aa7198fb925e7fde96abf65b6f68b9b755f112
-# Parent  929fbcb071c2e1ff551c73e8c364e9c1f4495171
+# Parent  53e325f006bd6a31f6f3d40ae248e4058897055a
 Description: Add KDE integration to Firefox (toolkit parts)
 Author: Wolfgang Rosenauer <wolfgang@rosenauer.org>
 Author: Lubos Lunak <lunak@suse.com>
@@ -31,7 +31,7 @@
  #ifdef MOZ_MEMORY
  #  include "mozmemory.h"
  #endif
-@@ -4573,25 +4574,37 @@ nsresult Preferences::InitInitialObjects
+@@ -4635,25 +4636,37 @@ nsresult Preferences::InitInitialObjects
    // application pref files for backwards compatibility.
    static const char* specialFiles[] = {
  #if defined(XP_MACOSX)
@@ -69,7 +69,7 @@
  
    // Load jar:$app/omni.jar!/defaults/preferences/*.js
    // or jar:$gre/omni.jar!/defaults/preferences/*.js.
-@@ -4656,17 +4669,17 @@ nsresult Preferences::InitInitialObjects
+@@ -4718,17 +4731,17 @@ nsresult Preferences::InitInitialObjects
        }
  
        nsCOMPtr<nsIFile> path = do_QueryInterface(elem);
@@ -841,7 +841,7 @@
 diff --git a/uriloader/exthandler/moz.build b/uriloader/exthandler/moz.build
 --- a/uriloader/exthandler/moz.build
 +++ b/uriloader/exthandler/moz.build
-@@ -86,17 +86,19 @@ else:
+@@ -77,17 +77,19 @@ else:
      SOURCES += [
          osdir + "/nsOSHelperAppService.cpp",
      ]
@@ -857,11 +857,11 @@
      ]
  elif CONFIG["MOZ_WIDGET_TOOLKIT"] == "android":
      UNIFIED_SOURCES += [
-         "android/nsAndroidHandlerApp.cpp",
-         "android/nsExternalURLHandlerService.cpp",
          "android/nsMIMEInfoAndroid.cpp",
      ]
-@@ -136,16 +138,17 @@ include("/ipc/chromium/chromium-config.m
+ elif CONFIG["MOZ_WIDGET_TOOLKIT"] == "windows":
+     UNIFIED_SOURCES += [
+@@ -125,16 +127,17 @@ include("/ipc/chromium/chromium-config.m
  FINAL_LIBRARY = "xul"
  
  LOCAL_INCLUDES += [
@@ -1837,7 +1837,7 @@
 diff --git a/xpcom/io/nsLocalFileUnix.cpp b/xpcom/io/nsLocalFileUnix.cpp
 --- a/xpcom/io/nsLocalFileUnix.cpp
 +++ b/xpcom/io/nsLocalFileUnix.cpp
-@@ -49,16 +49,17 @@
+@@ -53,16 +53,17 @@
  #include "prproces.h"
  #include "nsIDirectoryEnumerator.h"
  #include "nsSimpleEnumerator.h"
@@ -1855,7 +1855,7 @@
  #  include "prmem.h"
  #  include "plbase64.h"
  
-@@ -2001,62 +2002,77 @@ nsLocalFile::SetPersistentDescriptor(con
+@@ -2021,62 +2022,77 @@ nsLocalFile::SetPersistentDescriptor(con
  
  NS_IMETHODIMP
  nsLocalFile::Reveal() {
@@ -1938,4 +1938,4 @@
  
    return giovfs->ShowURIForInput(mPath);
  #elif defined(MOZ_WIDGET_ANDROID)
-   // Try to get a mimetype, if this fails just use the file uri alone
+   // Not supported on GeckoView
--- a/mozilla-libavcodec58_91.patch	Sat Mar 27 21:45:50 2021 +0100
+++ b/mozilla-libavcodec58_91.patch	Sat May 29 22:52:13 2021 +0200
@@ -1,20 +1,34 @@
-Index: firefox-78.0.2/dom/media/platforms/ffmpeg/FFmpegRuntimeLinker.cpp
-===================================================================
---- firefox-78.0.2.orig/dom/media/platforms/ffmpeg/FFmpegRuntimeLinker.cpp
-+++ firefox-78.0.2/dom/media/platforms/ffmpeg/FFmpegRuntimeLinker.cpp
-@@ -30,6 +30,7 @@ static FFmpegLibWrapper sLibAV;
+# HG changeset patch
+# Parent  e4abeadbbb7a0c63c17177f1d14ea04c77c6128e
+
+diff --git a/dom/media/platforms/ffmpeg/FFmpegRuntimeLinker.cpp b/dom/media/platforms/ffmpeg/FFmpegRuntimeLinker.cpp
+--- a/dom/media/platforms/ffmpeg/FFmpegRuntimeLinker.cpp
++++ b/dom/media/platforms/ffmpeg/FFmpegRuntimeLinker.cpp
+@@ -22,23 +22,27 @@ class FFmpegDecoderModule {
+   static already_AddRefed<PlatformDecoderModule> Create(FFmpegLibWrapper*);
+ };
+ 
+ static FFmpegLibWrapper sLibAV;
+ 
  static const char* sLibs[] = {
  // clang-format off
  #if defined(XP_DARWIN)
++  "libavcodec.58.134.dylib",
 +  "libavcodec.58.91.dylib",
    "libavcodec.58.dylib",
    "libavcodec.57.dylib",
    "libavcodec.56.dylib",
-@@ -37,6 +38,7 @@ static const char* sLibs[] = {
+   "libavcodec.55.dylib",
    "libavcodec.54.dylib",
    "libavcodec.53.dylib",
  #else
++  "libavcodec.so.58.134",
 +  "libavcodec.so.58.91",
    "libavcodec.so.58",
    "libavcodec-ffmpeg.so.58",
    "libavcodec-ffmpeg.so.57",
+   "libavcodec-ffmpeg.so.56",
+   "libavcodec.so.57",
+   "libavcodec.so.56",
+   "libavcodec.so.55",
+   "libavcodec.so.54",
--- a/mozilla-pgo.patch	Sat Mar 27 21:45:50 2021 +0100
+++ b/mozilla-pgo.patch	Sat May 29 22:52:13 2021 +0200
@@ -1,6 +1,6 @@
 # HG changeset patch
 # User Wolfgang Rosenauer <wr@rosenauer.org>
-# Parent  07b5ae8ccc4806fcc5ad74e32a2d3fb2b9d605d0
+# Parent  ed9681bd4359b83145247fb6b01a56a2c84879fd
 
 diff --git a/build/moz.configure/lto-pgo.configure b/build/moz.configure/lto-pgo.configure
 --- a/build/moz.configure/lto-pgo.configure
@@ -155,7 +155,7 @@
 diff --git a/toolkit/components/terminator/nsTerminator.cpp b/toolkit/components/terminator/nsTerminator.cpp
 --- a/toolkit/components/terminator/nsTerminator.cpp
 +++ b/toolkit/components/terminator/nsTerminator.cpp
-@@ -425,16 +425,21 @@ void nsTerminator::StartWatchdog() {
+@@ -451,16 +451,21 @@ void nsTerminator::StartWatchdog() {
        // Defend against overflow
        crashAfterMS = INT32_MAX;
      } else {
@@ -170,10 +170,10 @@
 +  crashAfterMS = INT32_MAX;
 +
    UniquePtr<Options> options(new Options());
-   const PRIntervalTime ticksDuration = PR_MillisecondsToInterval(1000);
+   const PRIntervalTime ticksDuration =
+       PR_MillisecondsToInterval(HEARTBEAT_INTERVAL_MS);
    options->crashAfterTicks = crashAfterMS / ticksDuration;
    // Handle systems where ticksDuration is greater than crashAfterMS.
    if (options->crashAfterTicks == 0) {
-     options->crashAfterTicks = crashAfterMS / 1000;
+     options->crashAfterTicks = crashAfterMS / HEARTBEAT_INTERVAL_MS;
    }
-