--- a/MozillaFirefox/MozillaFirefox.changes Mon Nov 25 08:41:45 2019 +0100
+++ b/MozillaFirefox/MozillaFirefox.changes Wed Dec 18 02:16:48 2019 +0100
@@ -1,7 +1,36 @@
-------------------------------------------------------------------
-Tue Nov 19 09:30:19 UTC 2019 - Wolfgang Rosenauer <wr@rosenauer.org>
-
-- Mozilla Firefox 71.0b11
+Mon Dec 2 08:24:05 UTC 2019 - Wolfgang Rosenauer <wr@rosenauer.org>
+
+- Mozilla Firefox 71.0
+ * Improvements to Lockwise, our integrated password manager
+ * More information about Enhanced Tracking Protection in action
+ * Native MP3 decoding on Windows, Linux, and macOS
+ * Configuration page (about:config) reimplemented in HTML
+ * New kiosk mode functionality, which allows maximum screen space
+ for customer-facing displays
+ MFSA 2019-36
+ * CVE-2019-11756 (bmo#1508776)
+ Use-after-free of SFTKSession object
+ * CVE-2019-17008 (bmo#1546331)
+ Use-after-free in worker destruction
+ * CVE-2019-13722 (bmo#1580156) (Windows only)
+ Stack corruption due to incorrect number of arguments in WebRTC code
+ * CVE-2019-17014 (bmo#1322864)
+ Dragging and dropping a cross-origin resource, incorrectly loaded
+ as an image, could result in information disclosure
+ * CVE-2019-17010 (bmo#1581084)
+ Use-after-free when performing device orientation checks
+ * CVE-2019-17005 (bmo#1584170)
+ Buffer overflow in plain text serializer
+ * CVE-2019-17011 (bmo#1591334)
+ Use-after-free when retrieving a document in antitracking
+ * CVE-2019-17012 (bmo#1449736, bmo#1533957, bmo#1560667, bmo#1567209
+ bmo#1580288, bmo#1585760, bmo#1592502)
+ Memory safety bugs fixed in Firefox 71 and Firefox ESR 68.3
+ * CVE-2019-17013 (bmo#1298509, bmo#1472328, bmo#1577439, bmo#1577937
+ bmo#1580320, bmo#1584195, bmo#1585106, bmo#1586293, bmo#1593865
+ bmo#1594181)
+ Memory safety bugs fixed in Firefox 71
- requires
NSPR >= 4.23
NSS >= 3.47.1
@@ -12,6 +41,13 @@
- removed obsolete patches
mozilla-bmo1511604.patch
mozilla-openaes-decl.patch
+- changed locale building procedure
+ * removed obsolete compare-locales.tar.xz
+- added mozilla-gcc9-lto.patch to fix LTO builds with gcc9 but also
+ switched from gcc to clang for now since gcc builds are broken
+ in some ways (bmo#1601707, boo#1158466)
+- added mozilla-bmo849632.patch to fix big endian issues in skia
+ used for WebGL
-------------------------------------------------------------------
Fri Nov 1 14:16:39 UTC 2019 - Wolfgang Rosenauer <wr@rosenauer.org>
--- a/MozillaFirefox/MozillaFirefox.spec Mon Nov 25 08:41:45 2019 +0100
+++ b/MozillaFirefox/MozillaFirefox.spec Wed Dec 18 02:16:48 2019 +0100
@@ -1,7 +1,7 @@
#
# spec file for package MozillaFirefox
#
-# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2019 SUSE LLC
# 2006-2019 Wolfgang Rosenauer <wr@rosenauer.org>
#
# All modifications and additions to the file contributed by third parties
@@ -18,16 +18,16 @@
# changed with every update
-%define major 70
-%define mainver %major.99
+%define major 71
+%define mainver %major.0
%define orig_version 71.0
-%define orig_suffix b11
-%define update_channel beta
+%define orig_suffix %{nil}
+%define update_channel release
%define branding 1
%define devpkg 1
# always build with GCC as SUSE Security Team requires that
-%define clang_build 0
+%define clang_build 1
# PIE, full relro
%define build_hardened 1
@@ -137,7 +137,7 @@
Summary: Mozilla %{appname} Web Browser
License: MPL-2.0
Group: Productivity/Networking/Web/Browsers
-Url: http://www.mozilla.org/
+URL: http://www.mozilla.org/
%if !%{with only_print_mozconfig}
Source: http://ftp.mozilla.org/pub/%{srcname}/releases/%{version}%{orig_suffix}/source/%{srcname}-%{orig_version}%{orig_suffix}.source.tar.xz
Source1: MozillaFirefox.desktop
@@ -147,11 +147,10 @@
Source7: l10n-%{orig_version}%{orig_suffix}.tar.xz
Source8: firefox-mimeinfo.xml
Source9: firefox.js
-Source10: compare-locales.tar.xz
Source11: firefox.1
Source12: mozilla-get-app-id
Source13: spellcheck.js
-Source14: https://github.com/openSUSE/firefox-scripts/raw/04d38e104a6ecdea33442755282688e8090ffa66/create-tar.sh
+Source14: https://github.com/openSUSE/firefox-scripts/raw/d414e38/create-tar.sh
Source15: firefox-appdata.xml
Source16: %{name}.changes
# Set up API keys, see http://www.chromium.org/developers/how-tos/api-keys
@@ -184,6 +183,7 @@
Patch20: mozilla-fix-top-level-asm.patch
Patch21: mozilla-bmo1504834-part4.patch
Patch22: mozilla-bmo849632.patch
+Patch23: mozilla-gcc9-lto.patch
# Firefox/browser
Patch101: firefox-kde.patch
Patch102: firefox-branded-icons.patch
@@ -290,7 +290,7 @@
exit 1
fi
-%setup -q -n %{srcname}-%{orig_version} -b 7 -b 10
+%setup -q -n %{srcname}-%{orig_version} -b 7
%else
%setup -q -n %{srcname}-%{orig_version}
%endif
@@ -319,6 +319,7 @@
%patch20 -p1
%patch21 -p1
%patch22 -p1
+%patch23 -p1
# Firefox
%patch101 -p1
%patch102 -p1
@@ -471,6 +472,31 @@
xvfb-run --server-args="-screen 0 1920x1080x24" \
%endif
./mach build -v
+
+# build additional locales
+%if %localize
+mkdir -p %{buildroot}%{progdir}/browser/extensions
+truncate -s 0 %{_tmppath}/translations.{common,other}
+sed -r '/^(ja-JP-mac|en-US|)$/d;s/ .*$//' $RPM_BUILD_DIR/%{srcname}-%{orig_version}/browser/locales/shipped-locales \
+ | xargs -n 1 -I {} /bin/sh -c '
+ locale=$1
+ ./mach build langpack-$locale
+ cp -rL ../obj/dist/xpi-stage/locale-$locale \
+ %{buildroot}%{progdir}/browser/extensions/langpack-$locale@firefox.mozilla.org
+ # remove prefs, profile defaults, and hyphenation from langpack
+ rm -rf %{buildroot}%{progdir}/browser/extensions/langpack-$locale@firefox.mozilla.org/defaults
+ rm -rf %{buildroot}%{progdir}/browser/extensions/langpack-$locale@firefox.mozilla.org/hyphenation
+ # check against the fixed common list and sort into the right filelist
+ _matched=0
+ for _match in ar ca cs da de el en-GB es-AR es-CL es-ES fi fr hu it ja ko nb-NO nl pl pt-BR pt-PT ru sv-SE zh-CN zh-TW; do
+ [ "$_match" = "$locale" ] && _matched=1
+ done
+ [ $_matched -eq 1 ] && _l10ntarget=common || _l10ntarget=other
+ echo %{progdir}/browser/extensions/langpack-$locale@firefox.mozilla.org \
+ >> %{_tmppath}/translations.$_l10ntarget
+' -- {}
+%endif
+
%endif # only_print_mozconfig
%install
@@ -499,35 +525,7 @@
install -m 644 %{SOURCE13} %{buildroot}%{progdir}/defaults/pref/
# install browser prefs
install -m 644 %{SOURCE9} %{buildroot}%{progdir}/browser/defaults/preferences/firefox.js
-# build additional locales
-%if %localize
-mkdir -p %{buildroot}%{progdir}/browser/extensions
-truncate -s 0 %{_tmppath}/translations.{common,other}
-sed -r '/^(ja-JP-mac|en-US|)$/d;s/ .*$//' $RPM_BUILD_DIR/%{srcname}-%{orig_version}/browser/locales/shipped-locales \
- | xargs -n 1 -I {} /bin/sh -c '
- locale=$1
- pushd $RPM_BUILD_DIR/compare-locales
- PYTHONPATH=lib \
- scripts/compare-locales -m ../l10n-merged/$locale \
- ../%{srcname}-%{orig_version}/browser/locales/l10n.ini ../l10n $locale
- popd
- LOCALE_MERGEDIR=$RPM_BUILD_DIR/l10n-merged/$locale \
- make -C browser/locales langpack-$locale
- cp -rL dist/xpi-stage/locale-$locale \
- %{buildroot}%{progdir}/browser/extensions/langpack-$locale@firefox.mozilla.org
- # remove prefs, profile defaults, and hyphenation from langpack
- rm -rf %{buildroot}%{progdir}/browser/extensions/langpack-$locale@firefox.mozilla.org/defaults
- rm -rf %{buildroot}%{progdir}/browser/extensions/langpack-$locale@firefox.mozilla.org/hyphenation
- # check against the fixed common list and sort into the right filelist
- _matched=0
- for _match in ar ca cs da de el en-GB es-AR es-CL es-ES fi fr hu it ja ko nb-NO nl pl pt-BR pt-PT ru sv-SE zh-CN zh-TW; do
- [ "$_match" = "$locale" ] && _matched=1
- done
- [ $_matched -eq 1 ] && _l10ntarget=common || _l10ntarget=other
- echo %{progdir}/browser/extensions/langpack-$locale@firefox.mozilla.org \
- >> %{_tmppath}/translations.$_l10ntarget
-' -- {}
-%endif
+
# remove some executable permissions
find %{buildroot}%{progdir} \
-name "*.js" -o \
--- a/MozillaFirefox/create-tar.sh Mon Nov 25 08:41:45 2019 +0100
+++ b/MozillaFirefox/create-tar.sh Wed Dec 18 02:16:48 2019 +0100
@@ -42,6 +42,7 @@
# Make first letter of PRODCUT upper case
PRODUCT_CAP="${PRODUCT^}"
LOCALES_URL="https://product-details.mozilla.org/1.0/l10n/$PRODUCT_CAP"
+PRODUCT_URL="https://product-details.mozilla.org/1.0/$PRODUCT.json"
# Exit script on CTRL+C
trap "exit" INT
@@ -83,7 +84,7 @@
function get_source_stamp() {
BUILD_ID="$1"
FTP_CANDIDATES_BASE_URL=$(get_ftp_candidates_url $VERSION$VERSION_SUFFIX)
- FTP_CANDIDATES_JSON_SUFFIX="${BUILD_ID}/linux-x86_64/en-US/firefox-$VERSION$VERSION_SUFFIX.json"
+ FTP_CANDIDATES_JSON_SUFFIX="${BUILD_ID}/linux-x86_64/en-US/$PRODUCT-$VERSION$VERSION_SUFFIX.json"
BUILD_JSON=$(curl --silent --fail "$FTP_CANDIDATES_BASE_URL/$FTP_CANDIDATES_JSON_SUFFIX") || return 1;
REV=$(echo "$BUILD_JSON" | jq .moz_source_stamp)
SOURCE_REPO=$(echo "$BUILD_JSON" | jq .moz_source_repo)
@@ -104,12 +105,21 @@
function get_build_number() {
LAST_FOUND=""
VERSION_WITH_SUFFIX="$1"
- FTP_CANDIDATES_BASE_URL=$(get_ftp_candidates_url $VERSION_WITH_SUFFIX)
- # Unfortunately, locales-files are not associated to releases, but to builds.
- # And since we don't know which build was the final build, we grep them all from
- # the candidates-page, sort them and take the last one which should be the oldest
- # Error only if not even the first one exists
- LAST_FOUND=$(curl --silent --fail "$FTP_CANDIDATES_BASE_URL/" | grep -o "build[0-9]*/" | sort | uniq | tail -n 1 | cut -d "/" -f 1)
+
+ BUILD_ID=$(curl --silent "$PRODUCT_URL" | jq -e '.["releases"] | .["'$PRODUCT-$VERSION_WITH_SUFFIX'"] | .["build_number"]')
+
+ # Slow fall-back
+ if [ $? -ne 0 ]; then
+ echo "Build number not found in product URL, falling back to slow FTP-parsing." 1>&2
+ FTP_CANDIDATES_BASE_URL=$(get_ftp_candidates_url $VERSION_WITH_SUFFIX)
+ # Unfortunately, locales-files are not associated to releases, but to builds.
+ # And since we don't know which build was the final build, we grep them all from
+ # the candidates-page, sort them and take the last one which should be the oldest
+ # Error only if not even the first one exists
+ LAST_FOUND=$(curl --silent --fail "$FTP_CANDIDATES_BASE_URL/" | grep -o "build[0-9]*/" | sort | uniq | tail -n 1 | cut -d "/" -f 1)
+ else
+ LAST_FOUND="build$BUILD_ID"
+ fi
if [ "$LAST_FOUND" != "" ]; then
echo "$LAST_FOUND"
@@ -250,10 +260,9 @@
hg update --check $FF_RELEASE_TAG
[ "$FF_RELEASE_TAG" == "default" ] || hg update -r $FF_RELEASE_TAG
# get repo and source stamp
- echo -n "REV=" > ../source-stamp.txt
- hg -R . parent --template="{node|short}\n" >> ../source-stamp.txt
- echo -n "REPO=" >> ../source-stamp.txt
- hg showconfig paths.default 2>/dev/null | head -n1 | sed -e "s/^ssh:/http:/" >> ../source-stamp.txt
+ REV=$(hg -R . parent --template="{node|short}\n")
+ SOURCE_REPO=$(hg showconfig paths.default 2>/dev/null | head -n1 | sed -e "s/^ssh:/http:/")
+ TIMESTAMP=$(date +%Y%m%d%H%M%S)
if [ "$PRODUCT" = "thunderbird" ]; then
pushd comm || exit 1
@@ -263,6 +272,19 @@
fi
popd || exit 1
+ echo "Extending $TAR_STAMP with:"
+ echo "RELEASE_REPO=${SOURCE_REPO}"
+ echo "RELEASE_TAG=${REV}"
+ echo "RELEASE_TIMESTAMP=${TIMESTAMP}"
+
+ # We "remove and add" instead of "replace" in case the entries are not there yet
+ # Removing the old RELEASE_-tags
+ sed -i "/RELEASE_\(TAG\|REPO\|TIMESTAMP\)=.*/d" "$TAR_STAMP"
+ # Appending the new
+ echo "RELEASE_REPO=$SOURCE_REPO" >> "$TAR_STAMP"
+ echo "RELEASE_TAG=$REV" >> "$TAR_STAMP"
+ echo "RELEASE_TIMESTAMP=$TIMESTAMP" >> "$TAR_STAMP"
+
echo "creating archive..."
tar $compression -cf $PRODUCT-$VERSION$VERSION_SUFFIX.source.tar.xz --exclude=.hgtags --exclude=.hgignore --exclude=.hg --exclude=CVS $PRODUCT-$VERSION
fi
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/MozillaFirefox/mozilla-gcc9-lto.patch Wed Dec 18 02:16:48 2019 +0100
@@ -0,0 +1,1 @@
+../mozilla-gcc9-lto.patch
\ No newline at end of file
--- a/MozillaFirefox/tar_stamps Mon Nov 25 08:41:45 2019 +0100
+++ b/MozillaFirefox/tar_stamps Wed Dec 18 02:16:48 2019 +0100
@@ -1,11 +1,11 @@
PRODUCT="firefox"
-CHANNEL="beta"
+CHANNEL="release"
VERSION="71.0"
-VERSION_SUFFIX="b11"
+VERSION_SUFFIX=""
PREV_VERSION="70.0.1"
PREV_VERSION_SUFFIX=""
#SKIP_LOCALES="" # Uncomment to skip l10n and compare-locales-generation
-RELEASE_REPO="https://hg.mozilla.org/releases/mozilla-beta"
-RELEASE_TAG="5c921325dd03885c3392512722c7cede4ed9e00e"
-RELEASE_TIMESTAMP="20191118154140"
+RELEASE_REPO="https://hg.mozilla.org/releases/mozilla-release"
+RELEASE_TAG="501aef7fe1d9622236600a7e53843d40d163a123"
+RELEASE_TIMESTAMP="20191202093317"
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/mozilla-gcc9-lto.patch Wed Dec 18 02:16:48 2019 +0100
@@ -0,0 +1,71 @@
+Workaround GCC/Clang6 not supporting class-temporary#6.7 [1]
+Bugs:
++ https://bugzilla.mozilla.org/show_bug.cgi?id=1601707
++ http://gcc.gnu.org/PR92831
++ https://bugzilla.redhat.com/show_bug.cgi?id=1779082
+
+[1] http://eel.is/c++draft/class.temporary#6.7
+
+diff --git a/dom/indexedDB/ActorsParent.cpp b/dom/indexedDB/ActorsParent.cpp
+--- a/dom/indexedDB/ActorsParent.cpp
++++ b/dom/indexedDB/ActorsParent.cpp
+@@ -24311,11 +24311,11 @@
+ // if we allow overwrite or not. By not allowing overwrite we raise
+ // detectable errors rather than corrupting data.
+ DatabaseConnection::CachedStatement stmt;
+- const auto& optReplaceDirective = (!mOverwrite || keyUnset)
+- ? NS_LITERAL_CSTRING("")
+- : NS_LITERAL_CSTRING("OR REPLACE ");
+ rv = aConnection->GetCachedStatement(
+- NS_LITERAL_CSTRING("INSERT ") + optReplaceDirective +
++ NS_LITERAL_CSTRING("INSERT ") +
++ ((!mOverwrite || keyUnset)
++ ? NS_LITERAL_CSTRING("")
++ : NS_LITERAL_CSTRING("OR REPLACE ")) +
+ NS_LITERAL_CSTRING("INTO object_data "
+ "(object_store_id, key, file_ids, data) "
+ "VALUES (:") +
+@@ -26076,9 +26076,6 @@
+
+ const bool usingKeyRange = mOptionalKeyRange.isSome();
+
+- const auto& indexTable = mCursor->mUniqueIndex
+- ? NS_LITERAL_CSTRING("unique_index_data")
+- : NS_LITERAL_CSTRING("index_data");
+
+ NS_NAMED_LITERAL_CSTRING(sortColumn, "sort_column");
+
+@@ -26099,7 +26096,9 @@
+ "object_data.file_ids, "
+ "object_data.data "
+ "FROM ") +
+- indexTable +
++ (mCursor->mUniqueIndex
++ ? NS_LITERAL_CSTRING("unique_index_data")
++ : NS_LITERAL_CSTRING("index_data")) +
+ NS_LITERAL_CSTRING(
+ " AS index_table "
+ "JOIN object_data "
+@@ -26198,9 +26197,6 @@
+
+ const bool usingKeyRange = mOptionalKeyRange.isSome();
+
+- const auto& table = mCursor->mUniqueIndex
+- ? NS_LITERAL_CSTRING("unique_index_data")
+- : NS_LITERAL_CSTRING("index_data");
+
+ NS_NAMED_LITERAL_CSTRING(sortColumn, "sort_column");
+
+@@ -26218,7 +26214,10 @@
+ NS_LITERAL_CSTRING(
+ "object_data_key "
+ " FROM ") +
+- table + NS_LITERAL_CSTRING(" WHERE index_id = :") +
++ (mCursor->mUniqueIndex
++ ? NS_LITERAL_CSTRING("unique_index_data")
++ : NS_LITERAL_CSTRING("index_data")) +
++ NS_LITERAL_CSTRING(" WHERE index_id = :") +
+ kStmtParamNameId;
+
+ const auto keyRangeClause =
+
--- a/series Mon Nov 25 08:41:45 2019 +0100
+++ b/series Wed Dec 18 02:16:48 2019 +0100
@@ -21,6 +21,7 @@
mozilla-fix-top-level-asm.patch
mozilla-bmo1504834-part4.patch
mozilla-bmo849632.patch
+mozilla-gcc9-lto.patch
# Firefox patches
firefox-kde.patch