--- a/MozillaFirefox/MozillaFirefox.changes Sat Jan 08 10:41:19 2022 +0100
+++ b/MozillaFirefox/MozillaFirefox.changes Sat Feb 05 15:04:53 2022 +0100
@@ -1,4 +1,107 @@
-------------------------------------------------------------------
+Sun Jan 30 23:58:34 UTC 2022 - Dirk Müller <dmueller@suse.com>
+
+- disable ccache, this adds about 1 minute of build time and
+ over 2 GB of disk space usage without benefit on OBS builds
+- build with rust-simd like upstream does
+- use -g1 for debuginfo generation as this is what upstream
+ does as well and it saves ~ 2GB of writes
+- use %limit on x86_64 to scale down to less capable workers
+- disable install stripping so that debuginfo is useful
+- use autopatch
+- cleanup constraints to specify only jobs, physicalmemory
+ and memoryperjob to be more flexible on which host to build
+ on
+
+-------------------------------------------------------------------
+Fri Jan 28 15:26:45 UTC 2022 - Wolfgang Rosenauer <wr@rosenauer.org>
+
+- Mozilla Firefox 96.0.3 (bsc#1195230)
+ * Fixed an issue that allowed unexpected data to be submitted in
+ some of our search telemetry (bmo#1752317)
+
+-------------------------------------------------------------------
+Mon Jan 24 07:42:03 UTC 2022 - Martin Liška <mliska@suse.cz>
+
+- Enable -fimplicit-constexpr for GCC 12+.
+
+-------------------------------------------------------------------
+Thu Jan 20 23:21:44 UTC 2022 - Andreas Stieger <andreas.stieger@gmx.de>
+
+- Mozilla Firefox 96.0.2
+ * Fix an issue that caused tab height to display inconsistently
+ on Linux when audio was played (bmo#1714276)
+ * Fix an issue that caused Lastpass dropdowns to appear blank in
+ Private Browsing mode (bmo#1748158)
+ * Fix a crash encountered when resizing a Facebook app
+ (bmo#1746084)
+
+-------------------------------------------------------------------
+Fri Jan 14 16:56:42 UTC 2022 - Andreas Stieger <andreas.stieger@gmx.de>
+
+- Mozilla Firefox 96.0.1
+ * Fixed: Improvements to make the parsing of content-length
+ headers more robust (bmo#1749957, boo#1194677)
+
+-------------------------------------------------------------------
+Sat Jan 8 10:32:46 UTC 2022 - Wolfgang Rosenauer <wr@rosenauer.org>
+
+- Mozilla Firefox 96.0
+ * https://www.mozilla.org/en-US/firefox/96.0/releasenotes
+ MFSA 2022-01 (bsc#1194547)
+ * CVE-2022-22746 (bmo#1735071)
+ Calling into reportValidity could have lead to fullscreen
+ window spoof
+ * CVE-2022-22743 (bmo#1739220)
+ Browser window spoof using fullscreen mode
+ * CVE-2022-22742 (bmo#1739923)
+ Out-of-bounds memory access when inserting text in edit mode
+ * CVE-2022-22741 (bmo#1740389)
+ Browser window spoof using fullscreen mode
+ * CVE-2022-22740 (bmo#1742334)
+ Use-after-free of ChannelEventQueue::mOwner
+ * CVE-2022-22738 (bmo#1742382)
+ Heap-buffer-overflow in blendGaussianBlur
+ * CVE-2022-22737 (bmo#1745874)
+ Race condition when playing audio files
+ * CVE-2021-4140 (bmo#1746720)
+ Iframe sandbox bypass with XSLT
+ * CVE-2022-22750 (bmo#1566608)
+ IPC passing of resource handles could have lead to sandbox
+ bypass
+ * CVE-2022-22749 (bmo#1705094)
+ Lack of URL restrictions when scanning QR codes
+ * CVE-2022-22748 (bmo#1705211)
+ Spoofed origin on external protocol launch dialog
+ * CVE-2022-22745 (bmo#1735856)
+ Leaking cross-origin URLs through securitypolicyviolation
+ event
+ * CVE-2022-22744 (bmo#1737252)
+ The 'Copy as curl' feature in DevTools did not fully escape
+ website-controlled data, potentially leading to command
+ injection
+ * CVE-2022-22747 (bmo#1735028)
+ Crash when handling empty pkcs7 sequence
+ * CVE-2022-22736 (bmo#1742692)
+ Potential local privilege escalation when loading modules
+ from the install directory.
+ * CVE-2022-22739 (bmo#1744158)
+ Missing throttling on external protocol launch dialog
+ * CVE-2022-22751 (bmo#1664149, bmo#1737816, bmo#1739366,
+ bmo#1740274, bmo#1740797, bmo#1741201, bmo#1741869,
+ bmo#1743221, bmo#1743515, bmo#1745373, bmo#1746011)
+ Memory safety bugs fixed in Firefox 96 and Firefox ESR 91.5
+ * CVE-2022-22752 (bmo#1740534, bmo#1741210, bmo#1742770)
+ Memory safety bugs fixed in Firefox 96
+- removed obsolete patches
+ * mozilla-bmo1745560.patch
+ * mozilla-bmo1744896.patch
+ * mozilla-sandbox-fips.patch
+- requires
+ NSPR >= 4.33
+ NSS >= 3.73.1
+
+-------------------------------------------------------------------
Tue Dec 28 17:45:28 UTC 2021 - Bjørn Lie <bjorn.lie@gmail.com>
- Add upstream patches:
--- a/MozillaFirefox/MozillaFirefox.spec Sat Jan 08 10:41:19 2022 +0100
+++ b/MozillaFirefox/MozillaFirefox.spec Sat Feb 05 15:04:53 2022 +0100
@@ -1,7 +1,7 @@
#
# spec file
#
-# Copyright (c) 2021 SUSE LLC
+# Copyright (c) 2022 SUSE LLC
# 2006-2021 Wolfgang Rosenauer <wr@rosenauer.org>
#
# All modifications and additions to the file contributed by third parties
@@ -28,9 +28,9 @@
# orig_suffix b3
# major 69
# mainver %major.99
-%define major 95
-%define mainver %major.0.2
-%define orig_version 95.0.2
+%define major 96
+%define mainver %major.0.3
+%define orig_version 96.0.3
%define orig_suffix %{nil}
%define update_channel release
%define branding 1
@@ -42,13 +42,10 @@
# upstream default is clang (to use gcc for large parts set to 0)
%define clang_build 0
-# PIE, full relro
-%define build_hardened 1
-
%bcond_with only_print_mozconfig
# define if ccache should be used or not
-%define useccache 1
+%define useccache 0
# SLE-12 doesn't have this macro
%{!?_rpmmacrodir: %global _rpmmacrodir %{_rpmconfigdir}/macros.d}
@@ -116,8 +113,8 @@
BuildRequires: libiw-devel
BuildRequires: libproxy-devel
BuildRequires: makeinfo
-BuildRequires: mozilla-nspr-devel >= 4.32
-BuildRequires: mozilla-nss-devel >= 3.71
+BuildRequires: mozilla-nspr-devel >= 4.33
+BuildRequires: mozilla-nss-devel >= 3.73.1
BuildRequires: nasm >= 2.14
BuildRequires: nodejs >= 10.22.1
%if 0%{?sle_version} >= 120000 && 0%{?sle_version} < 150000
@@ -203,28 +200,25 @@
Patch2: mozilla-kde.patch
Patch3: mozilla-ntlm-full-path.patch
Patch4: mozilla-aarch64-startup-crash.patch
-Patch6: mozilla-sandbox-fips.patch
-Patch7: mozilla-fix-aarch64-libopus.patch
-Patch9: mozilla-s390-context.patch
-Patch10: mozilla-pgo.patch
-Patch11: mozilla-reduce-rust-debuginfo.patch
-Patch13: mozilla-bmo1005535.patch
-Patch14: mozilla-bmo1568145.patch
-Patch15: mozilla-bmo1504834-part1.patch
-Patch16: mozilla-bmo1504834-part2.patch
-Patch17: mozilla-bmo1504834-part3.patch
-Patch19: mozilla-bmo1512162.patch
-Patch20: mozilla-fix-top-level-asm.patch
-Patch21: mozilla-bmo1504834-part4.patch
-Patch22: mozilla-bmo849632.patch
-Patch25: mozilla-bmo998749.patch
-Patch26: mozilla-bmo1626236.patch
-Patch27: mozilla-s390x-skia-gradient.patch
-Patch28: mozilla-libavcodec58_91.patch
-Patch29: mozilla-silence-no-return-type.patch
-Patch31: mozilla-bmo531915.patch
-Patch32: mozilla-bmo1745560.patch
-Patch33: mozilla-bmo1744896.patch
+Patch5: mozilla-fix-aarch64-libopus.patch
+Patch6: mozilla-s390-context.patch
+Patch7: mozilla-pgo.patch
+Patch8: mozilla-reduce-rust-debuginfo.patch
+Patch9: mozilla-bmo1005535.patch
+Patch10: mozilla-bmo1568145.patch
+Patch11: mozilla-bmo1504834-part1.patch
+Patch12: mozilla-bmo1504834-part2.patch
+Patch13: mozilla-bmo1504834-part3.patch
+Patch14: mozilla-bmo1512162.patch
+Patch15: mozilla-fix-top-level-asm.patch
+Patch16: mozilla-bmo1504834-part4.patch
+Patch17: mozilla-bmo849632.patch
+Patch18: mozilla-bmo998749.patch
+Patch19: mozilla-bmo1626236.patch
+Patch20: mozilla-s390x-skia-gradient.patch
+Patch21: mozilla-libavcodec58_91.patch
+Patch22: mozilla-silence-no-return-type.patch
+Patch23: mozilla-bmo531915.patch
# Firefox/browser
Patch101: firefox-kde.patch
Patch102: firefox-branded-icons.patch
@@ -329,35 +323,7 @@
%setup -q -n %{srcname}-%{orig_version}
%endif
cd $RPM_BUILD_DIR/%{srcname}-%{orig_version}
-%patch1 -p1
-%patch2 -p1
-%patch3 -p1
-%patch4 -p1
-%patch6 -p1
-%patch7 -p1
-%patch9 -p1
-%patch10 -p1
-%patch11 -p1
-%patch13 -p1
-%patch14 -p1
-%patch15 -p1
-%patch16 -p1
-%patch17 -p1
-%patch19 -p1
-%patch20 -p1
-%patch21 -p1
-%patch22 -p1
-%patch25 -p1
-%patch26 -p1
-%patch27 -p1
-%patch28 -p1
-%patch29 -p1
-%patch31 -p1
-%patch32 -p1
-%patch33 -p1
-# Firefox
-%patch101 -p1
-%patch102 -p1
+%autopatch -p1
%endif
%build
@@ -407,15 +373,16 @@
%if 0%{?clang_build} == 0
export CC=gcc
export CXX=g++
+%if 0%{?gcc_version:%{gcc_version}} >= 12
+export CFLAGS="$CFLAGS -fimplicit-constexpr"
+%endif
%endif
%endif
%ifarch %arm %ix86
# Limit RAM usage during link
export LDFLAGS="${LDFLAGS} -Wl,--no-keep-memory -Wl,--reduce-memory-overheads"
%endif
-%if 0%{?build_hardened}
export LDFLAGS="${LDFLAGS} -fPIC -Wl,-z,relro,-z,now"
-%endif
%ifarch ppc64 ppc64le
%if 0%{?clang_build} == 0
export CFLAGS="$CFLAGS -mminimal-toc"
@@ -441,8 +408,8 @@
echo ""
cat << EOF
%else
-%ifarch aarch64 %arm ppc64 ppc64le
-%limit_build -m 2000
+%ifarch aarch64 ppc64 ppc64le x86_64
+%limit_build -m 2048
%endif
cat << EOF > $MOZCONFIG
%endif
@@ -465,7 +432,8 @@
%ifarch %ix86 %arm
ac_add_options --disable-debug-symbols
%else
-ac_add_options --enable-debug-symbols
+ac_add_options --enable-debug-symbols=-g1
+ac_add_options --disable-install-strip
%endif
# building with elf-hack started to fail everywhere with FF73
#%if 0%{?suse_version} > 1549
@@ -488,7 +456,6 @@
ac_add_options --disable-tests
ac_add_options --enable-alsa
ac_add_options --disable-debug
-#ac_add_options --enable-chrome-format=jar
ac_add_options --enable-update-channel=%{update_channel}
ac_add_options --with-mozilla-api-keyfile=%{SOURCE18}
# Google-service currently not available for free anymore
@@ -498,6 +465,9 @@
ac_add_options --allow-addon-sideload
# at least temporary until the "wasi-sysroot" issue is solved
ac_add_options --without-wasm-sandboxed-libraries
+%ifarch x86_64 aarch64
+ac_add_options --enable-rust-simd
+%endif
%if %branding
ac_add_options --enable-official-branding
%endif
--- a/MozillaFirefox/_constraints Sat Jan 08 10:41:19 2022 +0100
+++ b/MozillaFirefox/_constraints Sat Feb 05 15:04:53 2022 +0100
@@ -1,15 +1,16 @@
<?xml version="1.0" encoding="UTF-8"?>
<constraints>
<hardware>
+ <jobs>4</jobs>
<disk>
- <size unit="G">36</size>
+ <size unit="G">24</size>
</disk>
- <memory>
+ <physicalmemory>
<size unit="G">8</size>
- </memory>
- <memoryperjob>
- <size unit="M">2000</size>
- </memoryperjob>
+ </physicalmemory>
+ <memoryperjob>
+ <size unit="M">1536</size>
+ </memoryperjob>
</hardware>
<overwrite>
<conditions>
@@ -17,9 +18,6 @@
<arch>armv7l</arch>
</conditions>
<hardware>
- <memoryperjob>
- <size unit="M">1000</size>
- </memoryperjob>
<disk>
<size unit="G">12</size>
</disk>
@@ -28,48 +26,4 @@
</physicalmemory>
</hardware>
</overwrite>
- <overwrite>
- <conditions>
- <arch>aarch64</arch>
- </conditions>
- <hardware>
- <processors>4</processors>
- <disk>
- <size unit="G">36</size>
- </disk>
- <memoryperjob>
- <size unit="M">1000</size>
- </memoryperjob>
- <physicalmemory>
- <size unit="G">12</size>
- </physicalmemory>
- </hardware>
- </overwrite>
- <overwrite>
- <conditions>
- <arch>x86_64</arch>
- </conditions>
- <hardware>
- <memory>
- <size unit="G">18</size>
- </memory>
- </hardware>
- </overwrite>
- <overwrite>
- <conditions>
- <arch>ppc64</arch>
- <arch>ppc64le</arch>
- </conditions>
- <hardware>
- <disk>
- <size unit="G">36</size>
- </disk>
- <physicalmemory>
- <size unit="G">11</size>
- </physicalmemory>
- <memoryperjob>
- <size unit="M">2500</size>
- </memoryperjob>
- </hardware>
- </overwrite>
</constraints>
--- a/MozillaFirefox/mozilla-bmo1744896.patch Sat Jan 08 10:41:19 2022 +0100
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,1 +0,0 @@
-../mozilla-bmo1744896.patch
\ No newline at end of file
--- a/MozillaFirefox/mozilla-bmo1745560.patch Sat Jan 08 10:41:19 2022 +0100
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,1 +0,0 @@
-../mozilla-bmo1745560.patch
\ No newline at end of file
--- a/MozillaFirefox/mozilla-sandbox-fips.patch Sat Jan 08 10:41:19 2022 +0100
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,1 +0,0 @@
-../mozilla-sandbox-fips.patch
\ No newline at end of file
--- a/MozillaFirefox/tar_stamps Sat Jan 08 10:41:19 2022 +0100
+++ b/MozillaFirefox/tar_stamps Sat Feb 05 15:04:53 2022 +0100
@@ -1,10 +1,10 @@
PRODUCT="firefox"
CHANNEL="release"
-VERSION="95.0.2"
+VERSION="96.0.3"
VERSION_SUFFIX=""
-PREV_VERSION="95.0.1"
+PREV_VERSION="96.0.2"
PREV_VERSION_SUFFIX=""
#SKIP_LOCALES="" # Uncomment to skip l10n and compare-locales-generation
RELEASE_REPO="https://hg.mozilla.org/releases/mozilla-release"
-RELEASE_TAG="1ff2cec0bb36e389df1a209a9f882b443ed48495"
-RELEASE_TIMESTAMP="20211218203254"
+RELEASE_TAG="08a730393ae6e9e8f7096f1a040dc66948f245b1"
+RELEASE_TIMESTAMP="20220126154723"
--- a/mozilla-bmo1744896.patch Sat Jan 08 10:41:19 2022 +0100
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,43 +0,0 @@
-diff -up firefox-95.0.2/widget/gtk/nsWindow.cpp.1744896 firefox-95.0.2/widget/gtk/nsWindow.cpp
---- firefox-95.0.2/widget/gtk/nsWindow.cpp.1744896 2021-12-23 11:54:31.522539340 +0100
-+++ firefox-95.0.2/widget/gtk/nsWindow.cpp 2021-12-23 11:55:56.070270174 +0100
-@@ -5765,6 +5765,17 @@ nsresult nsWindow::Create(nsIWidget* aPa
- }
- }
- #endif
-+#ifdef MOZ_WAYLAND
-+ // Initialize the window specific VsyncSource early in order to avoid races
-+ // with BrowserParent::UpdateVsyncParentVsyncSource().
-+ // Only use for toplevel windows for now, see bug 1619246.
-+ if (GdkIsWaylandDisplay() &&
-+ StaticPrefs::widget_wayland_vsync_enabled_AtStartup() &&
-+ mWindowType == eWindowType_toplevel) {
-+ mWaylandVsyncSource = new WaylandVsyncSource();
-+ MOZ_RELEASE_ASSERT(mWaylandVsyncSource);
-+ }
-+#endif
-
- // We create input contexts for all containers, except for
- // toplevel popup windows
-@@ -6077,19 +6088,12 @@ void nsWindow::ResumeCompositorFromCompo
-
- void nsWindow::WaylandStartVsync() {
- #ifdef MOZ_WAYLAND
-- // only use for toplevel windows for now - see bug 1619246
-- if (!GdkIsWaylandDisplay() ||
-- !StaticPrefs::widget_wayland_vsync_enabled_AtStartup() ||
-- mWindowType != eWindowType_toplevel) {
-+ if (!mWaylandVsyncSource) {
- return;
- }
-
- LOG("nsWindow::WaylandStartVsync() [%p]\n", (void*)this);
-
-- if (!mWaylandVsyncSource) {
-- mWaylandVsyncSource = new WaylandVsyncSource();
-- }
--
- WaylandVsyncSource::WaylandDisplay& display =
- static_cast<WaylandVsyncSource::WaylandDisplay&>(
- mWaylandVsyncSource->GetGlobalDisplay());
-
--- a/mozilla-bmo1745560.patch Sat Jan 08 10:41:19 2022 +0100
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,15 +0,0 @@
-diff --git a/widget/gtk/mozwayland/mozwayland.c b/widget/gtk/mozwayland/mozwayland.c
---- a/widget/gtk/mozwayland/mozwayland.c
-+++ b/widget/gtk/mozwayland/mozwayland.c
-@@ -200,3 +200,10 @@
-
- MOZ_EXPORT void wl_list_insert_list(struct wl_list* list,
- struct wl_list* other) {}
-+
-+MOZ_EXPORT struct wl_proxy* wl_proxy_marshal_flags(
-+ struct wl_proxy* proxy, uint32_t opcode,
-+ const struct wl_interface* interface, uint32_t version, uint32_t flags,
-+ ...) {
-+ return NULL;
-+}
-
--- a/mozilla-fix-top-level-asm.patch Sat Jan 08 10:41:19 2022 +0100
+++ b/mozilla-fix-top-level-asm.patch Sat Feb 05 15:04:53 2022 +0100
@@ -49,7 +49,7 @@
]
if CONFIG["CC_TYPE"] in ("clang", "gcc"):
- CXXFLAGS += ["-Wno-shadow", "-Wno-error=stack-protector"]
+ CXXFLAGS += ["-Wno-error=stack-protector"]
SOURCES["../chromium/sandbox/linux/services/syscall_wrappers.cc"].flags += [
"-Wno-empty-body",
]
--- a/mozilla-kde.patch Sat Jan 08 10:41:19 2022 +0100
+++ b/mozilla-kde.patch Sat Feb 05 15:04:53 2022 +0100
@@ -3,7 +3,7 @@
# Date 1559294891 -7200
# Fri May 31 11:28:11 2019 +0200
# Node ID c2aa7198fb925e7fde96abf65b6f68b9b755f112
-# Parent d065e5213c971b1f80d4a13458c412a3a25f7c1c
+# Parent 9db1669be16001a48b62d147070fb75f60bac251
Description: Add KDE integration to Firefox (toolkit parts)
Author: Wolfgang Rosenauer <wolfgang@rosenauer.org>
Author: Lubos Lunak <lunak@suse.com>
@@ -81,7 +81,7 @@
diff --git a/modules/libpref/moz.build b/modules/libpref/moz.build
--- a/modules/libpref/moz.build
+++ b/modules/libpref/moz.build
-@@ -118,16 +118,20 @@ EXPORTS.mozilla += [
+@@ -119,16 +119,20 @@ EXPORTS.mozilla += [
]
EXPORTS.mozilla += sorted(["!" + g for g in gen_h])
@@ -808,12 +808,12 @@
diff --git a/uriloader/exthandler/moz.build b/uriloader/exthandler/moz.build
--- a/uriloader/exthandler/moz.build
+++ b/uriloader/exthandler/moz.build
-@@ -80,17 +80,19 @@ else:
+@@ -78,17 +78,19 @@ elif CONFIG["MOZ_WIDGET_TOOLKIT"] == "ui
+ else:
+ # These files can't be built in unified mode because they redefine LOG.
SOURCES += [
osdir + "/nsOSHelperAppService.cpp",
]
- if CONFIG["CC_TYPE"] in ("clang", "gcc"):
- CXXFLAGS += ["-Wno-error=shadow"]
if CONFIG["MOZ_WIDGET_TOOLKIT"] == "gtk":
UNIFIED_SOURCES += [
@@ -828,7 +828,7 @@
]
elif CONFIG["MOZ_WIDGET_TOOLKIT"] == "windows":
UNIFIED_SOURCES += [
-@@ -128,16 +130,17 @@ include("/ipc/chromium/chromium-config.m
+@@ -126,16 +128,17 @@ include("/ipc/chromium/chromium-config.m
FINAL_LIBRARY = "xul"
LOCAL_INCLUDES += [
@@ -1260,7 +1260,7 @@
diff --git a/widget/gtk/moz.build b/widget/gtk/moz.build
--- a/widget/gtk/moz.build
+++ b/widget/gtk/moz.build
-@@ -136,16 +136,17 @@ FINAL_LIBRARY = "xul"
+@@ -135,16 +135,17 @@ FINAL_LIBRARY = "xul"
LOCAL_INCLUDES += [
"/layout/base",
--- a/mozilla-pgo.patch Sat Jan 08 10:41:19 2022 +0100
+++ b/mozilla-pgo.patch Sat Feb 05 15:04:53 2022 +0100
@@ -1,6 +1,6 @@
# HG changeset patch
# User Wolfgang Rosenauer <wr@rosenauer.org>
-# Parent 066aba2f6d1fbc0fe31d1864d539714041404fe6
+# Parent ebd7e379c85889b6f8dba0542479110ab1f6b059
diff --git a/build/moz.configure/lto-pgo.configure b/build/moz.configure/lto-pgo.configure
--- a/build/moz.configure/lto-pgo.configure
@@ -152,15 +152,15 @@
diff --git a/extensions/spellcheck/src/moz.build b/extensions/spellcheck/src/moz.build
--- a/extensions/spellcheck/src/moz.build
+++ b/extensions/spellcheck/src/moz.build
-@@ -26,8 +26,10 @@ LOCAL_INCLUDES += [
+@@ -23,8 +23,10 @@ LOCAL_INCLUDES += [
+ "../hunspell/glue",
+ "../hunspell/src",
+ "/dom/base",
]
EXPORTS.mozilla += [
"mozInlineSpellChecker.h",
"mozSpellChecker.h",
]
-
- if CONFIG["CC_TYPE"] in ("clang", "gcc"):
- CXXFLAGS += ["-Wno-error=shadow"]
+
+CXXFLAGS += ['-fno-devirtualize']
diff --git a/toolkit/components/terminator/nsTerminator.cpp b/toolkit/components/terminator/nsTerminator.cpp
--- a/mozilla-sandbox-fips.patch Sat Jan 08 10:41:19 2022 +0100
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,40 +0,0 @@
-From: meissner@suse.com, cgrobertson@suse.com
-Subject: allow Firefox to access addtional process information
-References:
-http://bugzilla.suse.com/show_bug.cgi?id=1167132
-bsc#1174284 - Firefox tab just crashed in FIPS mode
-
-Index: firefox-93.0/security/sandbox/linux/Sandbox.cpp
-===================================================================
---- firefox-93.0.orig/security/sandbox/linux/Sandbox.cpp
-+++ firefox-93.0/security/sandbox/linux/Sandbox.cpp
-@@ -655,6 +655,7 @@ void SetMediaPluginSandbox(const char* a
- auto files = new SandboxOpenedFiles();
- files->Add(std::move(plugin));
- files->Add("/dev/urandom", SandboxOpenedFile::Dup::YES);
-+ files->Add("/dev/random", SandboxOpenedFile::Dup::YES);
- files->Add("/etc/ld.so.cache"); // Needed for NSS in clearkey.
- files->Add("/sys/devices/system/cpu/cpu0/tsc_freq_khz");
- files->Add("/sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq");
-Index: firefox-93.0/security/sandbox/linux/broker/SandboxBrokerPolicyFactory.cpp
-===================================================================
---- firefox-93.0.orig/security/sandbox/linux/broker/SandboxBrokerPolicyFactory.cpp
-+++ firefox-93.0/security/sandbox/linux/broker/SandboxBrokerPolicyFactory.cpp
-@@ -320,6 +320,8 @@ void SandboxBrokerPolicyFactory::InitCon
-
- // Read permissions
- policy->AddPath(rdonly, "/dev/urandom");
-+ policy->AddPath(rdonly, "/dev/random");
-+ policy->AddPath(rdonly, "/proc/sys/crypto/fips_enabled");
- policy->AddPath(rdonly, "/proc/cpuinfo");
- policy->AddPath(rdonly, "/proc/meminfo");
- policy->AddDir(rdonly, "/sys/devices/cpu");
-@@ -792,6 +794,8 @@ SandboxBrokerPolicyFactory::GetSocketPro
- auto policy = MakeUnique<SandboxBroker::Policy>();
-
- policy->AddPath(rdonly, "/dev/urandom");
-+ policy->AddPath(rdonly, "/dev/random");
-+ policy->AddPath(rdonly, "/proc/sys/crypto/fips_enabled");
- policy->AddPath(rdonly, "/proc/cpuinfo");
- policy->AddPath(rdonly, "/proc/meminfo");
- policy->AddDir(rdonly, "/sys/devices/cpu");
--- a/series Sat Jan 08 10:41:19 2022 +0100
+++ b/series Sat Feb 05 15:04:53 2022 +0100
@@ -3,7 +3,6 @@
mozilla-kde.patch
mozilla-ntlm-full-path.patch
mozilla-aarch64-startup-crash.patch
-mozilla-sandbox-fips.patch
mozilla-fix-aarch64-libopus.patch
mozilla-s390-context.patch
mozilla-pgo.patch
@@ -23,8 +22,6 @@
mozilla-libavcodec58_91.patch
mozilla-silence-no-return-type.patch
mozilla-bmo531915.patch
-mozilla-bmo1745560.patch
-mozilla-bmo1744896.patch
# Firefox patches
firefox-kde.patch