pool/MozillaFirefox
SHA256
4
0
Fork 1
Code Issues Pull Requests Packages Projects Releases Wiki Activity
4e431c39c0
MozillaFirefox/mozilla-pgo.patch

191 lines
7.1 KiB
Diff
Raw Normal View History

- Mozilla Firefox 84.0 * Firefox 84 is the final release to support Adobe Flash * WebRender is enabled by default when run on GNOME-based X11 Linux desktops MFSA 2020-54 (bsc#1180039)) * CVE-2020-16042 (bmo#1679003) Operations on a BigInt could have caused uninitialized memory to be exposed * CVE-2020-26971 (bmo#1663466) Heap buffer overflow in WebGL * CVE-2020-26972 (bmo#1671382) Use-After-Free in WebGL * CVE-2020-26973 (bmo#1680084) CSS Sanitizer performed incorrect sanitization * CVE-2020-26974 (bmo#1681022) Incorrect cast of StyleGenericFlexBasis resulted in a heap use-after-free * CVE-2020-26975 (bmo#1661071) Malicious applications on Android could have induced Firefox for Android into sending arbitrary attacker-specified headers * CVE-2020-26976 (bmo#1674343) HTTPS pages could have been intercepted by a registered service worker when they should not have been * CVE-2020-26977 (bmo#1676311) URL spoofing via unresponsive port in Firefox for Android * CVE-2020-26978 (bmo#1677047) Internal network hosts could have been probed by a malicious webpage * CVE-2020-26979 (bmo#1641287, bmo#1673299) When entering an address in the address or search bars, a OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=880
2020-12-16 23:40:17 +01:00
# HG changeset patch
# User Wolfgang Rosenauer <wr@rosenauer.org>
- Mozilla Firefox 96.0 * https://www.mozilla.org/en-US/firefox/96.0/releasenotes MFSA 2022-01 (bsc#1194547) * CVE-2022-22746 (bmo#1735071) Calling into reportValidity could have lead to fullscreen window spoof * CVE-2022-22743 (bmo#1739220) Browser window spoof using fullscreen mode * CVE-2022-22742 (bmo#1739923) Out-of-bounds memory access when inserting text in edit mode * CVE-2022-22741 (bmo#1740389) Browser window spoof using fullscreen mode * CVE-2022-22740 (bmo#1742334) Use-after-free of ChannelEventQueue::mOwner * CVE-2022-22738 (bmo#1742382) Heap-buffer-overflow in blendGaussianBlur * CVE-2022-22737 (bmo#1745874) Race condition when playing audio files * CVE-2021-4140 (bmo#1746720) Iframe sandbox bypass with XSLT * CVE-2022-22750 (bmo#1566608) IPC passing of resource handles could have lead to sandbox bypass * CVE-2022-22749 (bmo#1705094) Lack of URL restrictions when scanning QR codes * CVE-2022-22748 (bmo#1705211) Spoofed origin on external protocol launch dialog * CVE-2022-22745 (bmo#1735856) Leaking cross-origin URLs through securitypolicyviolation event OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=951
2022-01-11 23:06:33 +01:00
# Parent ebd7e379c85889b6f8dba0542479110ab1f6b059
- Mozilla Firefox 84.0 * Firefox 84 is the final release to support Adobe Flash * WebRender is enabled by default when run on GNOME-based X11 Linux desktops MFSA 2020-54 (bsc#1180039)) * CVE-2020-16042 (bmo#1679003) Operations on a BigInt could have caused uninitialized memory to be exposed * CVE-2020-26971 (bmo#1663466) Heap buffer overflow in WebGL * CVE-2020-26972 (bmo#1671382) Use-After-Free in WebGL * CVE-2020-26973 (bmo#1680084) CSS Sanitizer performed incorrect sanitization * CVE-2020-26974 (bmo#1681022) Incorrect cast of StyleGenericFlexBasis resulted in a heap use-after-free * CVE-2020-26975 (bmo#1661071) Malicious applications on Android could have induced Firefox for Android into sending arbitrary attacker-specified headers * CVE-2020-26976 (bmo#1674343) HTTPS pages could have been intercepted by a registered service worker when they should not have been * CVE-2020-26977 (bmo#1676311) URL spoofing via unresponsive port in Firefox for Android * CVE-2020-26978 (bmo#1677047) Internal network hosts could have been probed by a malicious webpage * CVE-2020-26979 (bmo#1641287, bmo#1673299) When entering an address in the address or search bars, a OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=880
2020-12-16 23:40:17 +01:00
diff --git a/build/moz.configure/lto-pgo.configure b/build/moz.configure/lto-pgo.configure
--- a/build/moz.configure/lto-pgo.configure
+++ b/build/moz.configure/lto-pgo.configure
- Mozilla Firefox 95.0 * You can now move the Picture-in-Picture toggle button to the opposite side of the video. Simply look for the new context menu option Move Picture-in-Picture Toggle to Left (Right) Side. * To better protect Firefox users against side-channel attacks such as Spectre, Site Isolation is now enabled for all Firefox 95 users. * https://www.mozilla.org/en-US/firefox/95.0/releasenotes MFSA 2021-52 (bsc#1193485) * CVE-2021-43536 (bmo#1730120) URL leakage when navigating while executing asynchronous function * CVE-2021-43537 (bmo#1738237) Heap buffer overflow when using structured clone * CVE-2021-43538 (bmo#1739091) Missing fullscreen and pointer lock notification when requesting both * CVE-2021-43539 (bmo#1739683) GC rooting failure when calling wasm instance methods * MOZ-2021-0010 (bmo#1735852) Use-after-free in fullscreen objects on MacOS * CVE-2021-43540 (bmo#1636629) WebExtensions could have installed persistent ServiceWorkers * CVE-2021-43541 (bmo#1696685) External protocol handler parameters were unescaped * CVE-2021-43542 (bmo#1723281) XMLHttpRequest error codes could have leaked the existence of an external protocol handler * CVE-2021-43543 (bmo#1738418) Bypass of CSP sandbox directive when embedding * CVE-2021-43544 (bmo#1739934) OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=947
2021-12-07 22:12:25 +01:00
@@ -243,34 +243,34 @@ def lto(
"configure."
)
if c_compiler.type == "clang":
if value == "full":
cflags.append("-flto")
ldflags.append("-flto")
else:
- cflags.append("-flto=thin")
- ldflags.append("-flto=thin")
+ cflags.append("-flto")
+ ldflags.append("-flto")
if target.os == "Android" and value == "cross":
# Work around https://github.com/rust-lang/rust/issues/90088
# by enabling the highest level of SSE the rust targets default
# to.
# https://github.com/rust-lang/rust/blob/bdfcb88e8b6203ccb46a2fb6649979b773efc8ac/compiler/rustc_target/src/spec/i686_linux_android.rs#L13
# https://github.com/rust-lang/rust/blob/8d1083e319841624f64400e1524805a40d725439/compiler/rustc_target/src/spec/x86_64_linux_android.rs#L7
if target.cpu == "x86":
ldflags.append("-Wl,-plugin-opt=-mattr=+ssse3")
elif target.cpu == "x86_64":
ldflags.append("-Wl,-plugin-opt=-mattr=+sse4.2")
elif c_compiler.type == "clang-cl":
if value == "full":
cflags.append("-flto")
else:
- cflags.append("-flto=thin")
+ cflags.append("-flto")
# With clang-cl, -flto can only be used with -c or -fuse-ld=lld.
# AC_TRY_LINKs during configure don't have -c, so pass -fuse-ld=lld.
cflags.append("-fuse-ld=lld")
# Explicitly set the CPU to optimize for so the linker doesn't
# choose a poor default. Rust compilation by default uses the
# pentium4 CPU on x86:
#
- Mozilla Firefox 84.0 * Firefox 84 is the final release to support Adobe Flash * WebRender is enabled by default when run on GNOME-based X11 Linux desktops MFSA 2020-54 (bsc#1180039)) * CVE-2020-16042 (bmo#1679003) Operations on a BigInt could have caused uninitialized memory to be exposed * CVE-2020-26971 (bmo#1663466) Heap buffer overflow in WebGL * CVE-2020-26972 (bmo#1671382) Use-After-Free in WebGL * CVE-2020-26973 (bmo#1680084) CSS Sanitizer performed incorrect sanitization * CVE-2020-26974 (bmo#1681022) Incorrect cast of StyleGenericFlexBasis resulted in a heap use-after-free * CVE-2020-26975 (bmo#1661071) Malicious applications on Android could have induced Firefox for Android into sending arbitrary attacker-specified headers * CVE-2020-26976 (bmo#1674343) HTTPS pages could have been intercepted by a registered service worker when they should not have been * CVE-2020-26977 (bmo#1676311) URL spoofing via unresponsive port in Firefox for Android * CVE-2020-26978 (bmo#1677047) Internal network hosts could have been probed by a malicious webpage * CVE-2020-26979 (bmo#1641287, bmo#1673299) When entering an address in the address or search bars, a OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=880
2020-12-16 23:40:17 +01:00
diff --git a/build/pgo/profileserver.py b/build/pgo/profileserver.py
--- a/build/pgo/profileserver.py
+++ b/build/pgo/profileserver.py
@@ -6,17 +6,17 @@
import json
import os
import sys
import glob
import subprocess
import mozcrash
-from mozbuild.base import MozbuildObject, BinaryNotFoundException
+from mozbuild.base import MozbuildObject, BinaryNotFoundException, BuildEnvironmentNotFoundException
from mozfile import TemporaryDirectory
from mozhttpd import MozHttpd
from mozprofile import FirefoxProfile, Preferences
from mozprofile.permissions import ServerLocations
from mozrunner import FirefoxRunner, CLI
from six import string_types
PORT = 8888
@@ -82,19 +82,32 @@ if __name__ == "__main__":
docroot=os.path.join(build.topsrcdir, "build", "pgo"),
path_mappings=path_mappings,
)
httpd.start(block=False)
locations = ServerLocations()
locations.add_host(host="127.0.0.1", port=PORT, options="primary,privileged")
- old_profraw_files = glob.glob("*.profraw")
- for f in old_profraw_files:
- os.remove(f)
+ using_gcc = False
+ try:
+ if build.config_environment.substs.get('CC_TYPE') == 'gcc':
+ using_gcc = True
+ except BuildEnvironmentNotFoundException:
+ pass
+
+ if using_gcc:
+ for dirpath, _, filenames in os.walk('.'):
+ for f in filenames:
+ if f.endswith('.gcda'):
+ os.remove(os.path.join(dirpath, f))
+ else:
+ old_profraw_files = glob.glob('*.profraw')
+ for f in old_profraw_files:
+ os.remove(f)
with TemporaryDirectory() as profilePath:
# TODO: refactor this into mozprofile
profile_data_dir = os.path.join(build.topsrcdir, "testing", "profiles")
with open(os.path.join(profile_data_dir, "profiles.json"), "r") as fh:
base_profiles = json.load(fh)["profileserver"]
prefpaths = [
@@ -207,16 +220,20 @@ if __name__ == "__main__":
# Try to move the crash reports to the artifacts even if Firefox appears
# to exit successfully, in case there's a crash that doesn't set the
# return code to non-zero for some reason.
if get_crashreports(profilePath, name="Firefox exited successfully?") != 0:
print("Firefox exited successfully, but produced a crashreport")
sys.exit(1)
+ print('Copying profile data....')
+ os.system('pwd');
+ os.system('tar cf profdata.tar.gz `find . -name "*.gcda"`; cd ..; tar xf instrumented/profdata.tar.gz;');
+
llvm_profdata = env.get("LLVM_PROFDATA")
if llvm_profdata:
profraw_files = glob.glob("*.profraw")
if not profraw_files:
print(
"Could not find profraw files in the current directory: %s"
% os.getcwd()
)
diff --git a/build/unix/mozconfig.unix b/build/unix/mozconfig.unix
--- a/build/unix/mozconfig.unix
+++ b/build/unix/mozconfig.unix
- Mozilla Firefox 86.0 * requires NSS >= 3.61 * requires rust-cbindgen >= 0.16.0 * Firefox now supports simultaneously watching multiple videos in Picture-in-Picture. * Total Cookie Protection to Strict Mode * https://www.mozilla.org/en-US/firefox/86.0/releasenotes MSFA 2021-07 (bsc#1182614) * CVE-2021-23969 (bmo#1542194) Content Security Policy violation report could have contained the destination of a redirect * CVE-2021-23970 (bmo#1681724) Multithreaded WASM triggered assertions validating separation of script domains * CVE-2021-23968 (bmo#1687342) Content Security Policy violation report could have contained the destination of a redirect * CVE-2021-23974 (bmo#1528997, bmo#1683627) noscript elements could have led to an HTML Sanitizer bypass * CVE-2021-23971 (bmo#1678545) A website's Referrer-Policy could have been be overridden, potentially resulting in the full URL being sent as a Referrer * CVE-2021-23976 (bmo#1684627) Local spoofing of web manifests for arbitrary pages in Firefox for Android * CVE-2021-23977 (bmo#1684761) Malicious application could read sensitive data from Firefox for Android's application directories * CVE-2021-23972 (bmo#1683536) HTTP Auth phishing warning was omitted when a redirect is OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=895
2021-02-24 12:49:39 +01:00
@@ -1,14 +1,23 @@
- Mozilla Firefox 84.0 * Firefox 84 is the final release to support Adobe Flash * WebRender is enabled by default when run on GNOME-based X11 Linux desktops MFSA 2020-54 (bsc#1180039)) * CVE-2020-16042 (bmo#1679003) Operations on a BigInt could have caused uninitialized memory to be exposed * CVE-2020-26971 (bmo#1663466) Heap buffer overflow in WebGL * CVE-2020-26972 (bmo#1671382) Use-After-Free in WebGL * CVE-2020-26973 (bmo#1680084) CSS Sanitizer performed incorrect sanitization * CVE-2020-26974 (bmo#1681022) Incorrect cast of StyleGenericFlexBasis resulted in a heap use-after-free * CVE-2020-26975 (bmo#1661071) Malicious applications on Android could have induced Firefox for Android into sending arbitrary attacker-specified headers * CVE-2020-26976 (bmo#1674343) HTTPS pages could have been intercepted by a registered service worker when they should not have been * CVE-2020-26977 (bmo#1676311) URL spoofing via unresponsive port in Firefox for Android * CVE-2020-26978 (bmo#1677047) Internal network hosts could have been probed by a malicious webpage * CVE-2020-26979 (bmo#1641287, bmo#1673299) When entering an address in the address or search bars, a OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=880
2020-12-16 23:40:17 +01:00
. "$topsrcdir/build/mozconfig.common"
if [ -n "$FORCE_GCC" ]; then
CC="$MOZ_FETCHES_DIR/gcc/bin/gcc"
CXX="$MOZ_FETCHES_DIR/gcc/bin/g++"
+ if [ -n "$MOZ_PGO" ]; then
+ if [ -z "$USE_ARTIFACT" ]; then
+ ac_add_options --enable-lto
- Mozilla Firefox 86.0 * requires NSS >= 3.61 * requires rust-cbindgen >= 0.16.0 * Firefox now supports simultaneously watching multiple videos in Picture-in-Picture. * Total Cookie Protection to Strict Mode * https://www.mozilla.org/en-US/firefox/86.0/releasenotes MSFA 2021-07 (bsc#1182614) * CVE-2021-23969 (bmo#1542194) Content Security Policy violation report could have contained the destination of a redirect * CVE-2021-23970 (bmo#1681724) Multithreaded WASM triggered assertions validating separation of script domains * CVE-2021-23968 (bmo#1687342) Content Security Policy violation report could have contained the destination of a redirect * CVE-2021-23974 (bmo#1528997, bmo#1683627) noscript elements could have led to an HTML Sanitizer bypass * CVE-2021-23971 (bmo#1678545) A website's Referrer-Policy could have been be overridden, potentially resulting in the full URL being sent as a Referrer * CVE-2021-23976 (bmo#1684627) Local spoofing of web manifests for arbitrary pages in Firefox for Android * CVE-2021-23977 (bmo#1684761) Malicious application could read sensitive data from Firefox for Android's application directories * CVE-2021-23972 (bmo#1683536) HTTP Auth phishing warning was omitted when a redirect is OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=895
2021-02-24 12:49:39 +01:00
+ fi
+ export AR="$topsrcdir/gcc/bin/gcc-ar"
- Mozilla Firefox 84.0 * Firefox 84 is the final release to support Adobe Flash * WebRender is enabled by default when run on GNOME-based X11 Linux desktops MFSA 2020-54 (bsc#1180039)) * CVE-2020-16042 (bmo#1679003) Operations on a BigInt could have caused uninitialized memory to be exposed * CVE-2020-26971 (bmo#1663466) Heap buffer overflow in WebGL * CVE-2020-26972 (bmo#1671382) Use-After-Free in WebGL * CVE-2020-26973 (bmo#1680084) CSS Sanitizer performed incorrect sanitization * CVE-2020-26974 (bmo#1681022) Incorrect cast of StyleGenericFlexBasis resulted in a heap use-after-free * CVE-2020-26975 (bmo#1661071) Malicious applications on Android could have induced Firefox for Android into sending arbitrary attacker-specified headers * CVE-2020-26976 (bmo#1674343) HTTPS pages could have been intercepted by a registered service worker when they should not have been * CVE-2020-26977 (bmo#1676311) URL spoofing via unresponsive port in Firefox for Android * CVE-2020-26978 (bmo#1677047) Internal network hosts could have been probed by a malicious webpage * CVE-2020-26979 (bmo#1641287, bmo#1673299) When entering an address in the address or search bars, a OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=880
2020-12-16 23:40:17 +01:00
+ export NM="$topsrcdir/gcc/bin/gcc-nm"
+ export RANLIB="$topsrcdir/gcc/bin/gcc-ranlib"
+ fi
+
# We want to make sure we use binutils and other binaries in the tooltool
# package.
mk_add_options "export PATH=$MOZ_FETCHES_DIR/gcc/bin:$PATH"
else
- Mozilla Firefox 86.0 * requires NSS >= 3.61 * requires rust-cbindgen >= 0.16.0 * Firefox now supports simultaneously watching multiple videos in Picture-in-Picture. * Total Cookie Protection to Strict Mode * https://www.mozilla.org/en-US/firefox/86.0/releasenotes MSFA 2021-07 (bsc#1182614) * CVE-2021-23969 (bmo#1542194) Content Security Policy violation report could have contained the destination of a redirect * CVE-2021-23970 (bmo#1681724) Multithreaded WASM triggered assertions validating separation of script domains * CVE-2021-23968 (bmo#1687342) Content Security Policy violation report could have contained the destination of a redirect * CVE-2021-23974 (bmo#1528997, bmo#1683627) noscript elements could have led to an HTML Sanitizer bypass * CVE-2021-23971 (bmo#1678545) A website's Referrer-Policy could have been be overridden, potentially resulting in the full URL being sent as a Referrer * CVE-2021-23976 (bmo#1684627) Local spoofing of web manifests for arbitrary pages in Firefox for Android * CVE-2021-23977 (bmo#1684761) Malicious application could read sensitive data from Firefox for Android's application directories * CVE-2021-23972 (bmo#1683536) HTTP Auth phishing warning was omitted when a redirect is OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=895
2021-02-24 12:49:39 +01:00
# For some builds we don't want to have Clang based static-analysis activated
if [ -z "$DISABLE_CLANG_PLUGIN" ]; then
export ENABLE_CLANG_PLUGIN=1
fi
- Mozilla Firefox 84.0 * Firefox 84 is the final release to support Adobe Flash * WebRender is enabled by default when run on GNOME-based X11 Linux desktops MFSA 2020-54 (bsc#1180039)) * CVE-2020-16042 (bmo#1679003) Operations on a BigInt could have caused uninitialized memory to be exposed * CVE-2020-26971 (bmo#1663466) Heap buffer overflow in WebGL * CVE-2020-26972 (bmo#1671382) Use-After-Free in WebGL * CVE-2020-26973 (bmo#1680084) CSS Sanitizer performed incorrect sanitization * CVE-2020-26974 (bmo#1681022) Incorrect cast of StyleGenericFlexBasis resulted in a heap use-after-free * CVE-2020-26975 (bmo#1661071) Malicious applications on Android could have induced Firefox for Android into sending arbitrary attacker-specified headers * CVE-2020-26976 (bmo#1674343) HTTPS pages could have been intercepted by a registered service worker when they should not have been * CVE-2020-26977 (bmo#1676311) URL spoofing via unresponsive port in Firefox for Android * CVE-2020-26978 (bmo#1677047) Internal network hosts could have been probed by a malicious webpage * CVE-2020-26979 (bmo#1641287, bmo#1673299) When entering an address in the address or search bars, a OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=880
2020-12-16 23:40:17 +01:00
diff --git a/extensions/spellcheck/src/moz.build b/extensions/spellcheck/src/moz.build
--- a/extensions/spellcheck/src/moz.build
+++ b/extensions/spellcheck/src/moz.build
- Mozilla Firefox 96.0 * https://www.mozilla.org/en-US/firefox/96.0/releasenotes MFSA 2022-01 (bsc#1194547) * CVE-2022-22746 (bmo#1735071) Calling into reportValidity could have lead to fullscreen window spoof * CVE-2022-22743 (bmo#1739220) Browser window spoof using fullscreen mode * CVE-2022-22742 (bmo#1739923) Out-of-bounds memory access when inserting text in edit mode * CVE-2022-22741 (bmo#1740389) Browser window spoof using fullscreen mode * CVE-2022-22740 (bmo#1742334) Use-after-free of ChannelEventQueue::mOwner * CVE-2022-22738 (bmo#1742382) Heap-buffer-overflow in blendGaussianBlur * CVE-2022-22737 (bmo#1745874) Race condition when playing audio files * CVE-2021-4140 (bmo#1746720) Iframe sandbox bypass with XSLT * CVE-2022-22750 (bmo#1566608) IPC passing of resource handles could have lead to sandbox bypass * CVE-2022-22749 (bmo#1705094) Lack of URL restrictions when scanning QR codes * CVE-2022-22748 (bmo#1705211) Spoofed origin on external protocol launch dialog * CVE-2022-22745 (bmo#1735856) Leaking cross-origin URLs through securitypolicyviolation event OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=951
2022-01-11 23:06:33 +01:00
@@ -23,8 +23,10 @@ LOCAL_INCLUDES += [
"../hunspell/glue",
"../hunspell/src",
"/dom/base",
- Mozilla Firefox 84.0 * Firefox 84 is the final release to support Adobe Flash * WebRender is enabled by default when run on GNOME-based X11 Linux desktops MFSA 2020-54 (bsc#1180039)) * CVE-2020-16042 (bmo#1679003) Operations on a BigInt could have caused uninitialized memory to be exposed * CVE-2020-26971 (bmo#1663466) Heap buffer overflow in WebGL * CVE-2020-26972 (bmo#1671382) Use-After-Free in WebGL * CVE-2020-26973 (bmo#1680084) CSS Sanitizer performed incorrect sanitization * CVE-2020-26974 (bmo#1681022) Incorrect cast of StyleGenericFlexBasis resulted in a heap use-after-free * CVE-2020-26975 (bmo#1661071) Malicious applications on Android could have induced Firefox for Android into sending arbitrary attacker-specified headers * CVE-2020-26976 (bmo#1674343) HTTPS pages could have been intercepted by a registered service worker when they should not have been * CVE-2020-26977 (bmo#1676311) URL spoofing via unresponsive port in Firefox for Android * CVE-2020-26978 (bmo#1677047) Internal network hosts could have been probed by a malicious webpage * CVE-2020-26979 (bmo#1641287, bmo#1673299) When entering an address in the address or search bars, a OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=880
2020-12-16 23:40:17 +01:00
]
EXPORTS.mozilla += [
"mozInlineSpellChecker.h",
"mozSpellChecker.h",
]
+
+CXXFLAGS += ['-fno-devirtualize']
diff --git a/toolkit/components/terminator/nsTerminator.cpp b/toolkit/components/terminator/nsTerminator.cpp
--- a/toolkit/components/terminator/nsTerminator.cpp
+++ b/toolkit/components/terminator/nsTerminator.cpp
- Mozilla Firefox 95.0 * You can now move the Picture-in-Picture toggle button to the opposite side of the video. Simply look for the new context menu option Move Picture-in-Picture Toggle to Left (Right) Side. * To better protect Firefox users against side-channel attacks such as Spectre, Site Isolation is now enabled for all Firefox 95 users. * https://www.mozilla.org/en-US/firefox/95.0/releasenotes MFSA 2021-52 (bsc#1193485) * CVE-2021-43536 (bmo#1730120) URL leakage when navigating while executing asynchronous function * CVE-2021-43537 (bmo#1738237) Heap buffer overflow when using structured clone * CVE-2021-43538 (bmo#1739091) Missing fullscreen and pointer lock notification when requesting both * CVE-2021-43539 (bmo#1739683) GC rooting failure when calling wasm instance methods * MOZ-2021-0010 (bmo#1735852) Use-after-free in fullscreen objects on MacOS * CVE-2021-43540 (bmo#1636629) WebExtensions could have installed persistent ServiceWorkers * CVE-2021-43541 (bmo#1696685) External protocol handler parameters were unescaped * CVE-2021-43542 (bmo#1723281) XMLHttpRequest error codes could have leaked the existence of an external protocol handler * CVE-2021-43543 (bmo#1738418) Bypass of CSP sandbox directive when embedding * CVE-2021-43544 (bmo#1739934) OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=947
2021-12-07 22:12:25 +01:00
@@ -461,16 +461,21 @@ void nsTerminator::StartWatchdog() {
- Mozilla Firefox 84.0 * Firefox 84 is the final release to support Adobe Flash * WebRender is enabled by default when run on GNOME-based X11 Linux desktops MFSA 2020-54 (bsc#1180039)) * CVE-2020-16042 (bmo#1679003) Operations on a BigInt could have caused uninitialized memory to be exposed * CVE-2020-26971 (bmo#1663466) Heap buffer overflow in WebGL * CVE-2020-26972 (bmo#1671382) Use-After-Free in WebGL * CVE-2020-26973 (bmo#1680084) CSS Sanitizer performed incorrect sanitization * CVE-2020-26974 (bmo#1681022) Incorrect cast of StyleGenericFlexBasis resulted in a heap use-after-free * CVE-2020-26975 (bmo#1661071) Malicious applications on Android could have induced Firefox for Android into sending arbitrary attacker-specified headers * CVE-2020-26976 (bmo#1674343) HTTPS pages could have been intercepted by a registered service worker when they should not have been * CVE-2020-26977 (bmo#1676311) URL spoofing via unresponsive port in Firefox for Android * CVE-2020-26978 (bmo#1677047) Internal network hosts could have been probed by a malicious webpage * CVE-2020-26979 (bmo#1641287, bmo#1673299) When entering an address in the address or search bars, a OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=880
2020-12-16 23:40:17 +01:00
// Defend against overflow
crashAfterMS = INT32_MAX;
} else {
crashAfterMS *= scaleUp;
}
}
#endif
+ // Disable watchdog for PGO train builds - writting profile information at
+ // exit may take time and it is better to make build hang rather than
+ // silently produce poorly performing binary.
+ crashAfterMS = INT32_MAX;
+
UniquePtr<Options> options(new Options());
- Mozilla Firefox 88.0 * New: PDF forms now support JavaScript embedded in PDF files. Some PDF forms use JavaScript for validation and other interactive features * New: Print updates: Margin units are now localized * New: Smooth pinch-zooming using a touchpad is now supported on Linux * New: To protect against cross-site privacy leaks, Firefox now isolates window.name data to the website that created it. Learn more * Changed: Firefox will not prompt for access to your microphone or camera if you’ve already granted access to the same device on the same site in the same tab within the past 50 seconds. This new grace period reduces the number of times you’re prompted to grant device access * Changed: The ‘Take a Screenshot’ feature was removed from the Page Actions menu in the url bar. To take a screenshot, right-click to open the context menu. You can also add a screenshots shortcut directly to your toolbar via the Customize menu. Open the Firefox menu and select Customize… * Changed: FTP support has been disabled, and its full removal is planned for an upcoming release. Addressing this security risk reduces the likelihood of an attack while also removing support for a non-encrypted protocol * Developer: Introduced a new toggle button in the Network panel for switching between JSON formatted HTTP response and raw data (as received over the wire). !enter image description here * Enterprise: Various bug fixes and new policies have been implemented in the latest version of Firefox. You can see OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=904
2021-04-20 09:57:25 +02:00
const PRIntervalTime ticksDuration =
PR_MillisecondsToInterval(HEARTBEAT_INTERVAL_MS);
- Mozilla Firefox 84.0 * Firefox 84 is the final release to support Adobe Flash * WebRender is enabled by default when run on GNOME-based X11 Linux desktops MFSA 2020-54 (bsc#1180039)) * CVE-2020-16042 (bmo#1679003) Operations on a BigInt could have caused uninitialized memory to be exposed * CVE-2020-26971 (bmo#1663466) Heap buffer overflow in WebGL * CVE-2020-26972 (bmo#1671382) Use-After-Free in WebGL * CVE-2020-26973 (bmo#1680084) CSS Sanitizer performed incorrect sanitization * CVE-2020-26974 (bmo#1681022) Incorrect cast of StyleGenericFlexBasis resulted in a heap use-after-free * CVE-2020-26975 (bmo#1661071) Malicious applications on Android could have induced Firefox for Android into sending arbitrary attacker-specified headers * CVE-2020-26976 (bmo#1674343) HTTPS pages could have been intercepted by a registered service worker when they should not have been * CVE-2020-26977 (bmo#1676311) URL spoofing via unresponsive port in Firefox for Android * CVE-2020-26978 (bmo#1677047) Internal network hosts could have been probed by a malicious webpage * CVE-2020-26979 (bmo#1641287, bmo#1673299) When entering an address in the address or search bars, a OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=880
2020-12-16 23:40:17 +01:00
options->crashAfterTicks = crashAfterMS / ticksDuration;
// Handle systems where ticksDuration is greater than crashAfterMS.
if (options->crashAfterTicks == 0) {
- Mozilla Firefox 88.0 * New: PDF forms now support JavaScript embedded in PDF files. Some PDF forms use JavaScript for validation and other interactive features * New: Print updates: Margin units are now localized * New: Smooth pinch-zooming using a touchpad is now supported on Linux * New: To protect against cross-site privacy leaks, Firefox now isolates window.name data to the website that created it. Learn more * Changed: Firefox will not prompt for access to your microphone or camera if you’ve already granted access to the same device on the same site in the same tab within the past 50 seconds. This new grace period reduces the number of times you’re prompted to grant device access * Changed: The ‘Take a Screenshot’ feature was removed from the Page Actions menu in the url bar. To take a screenshot, right-click to open the context menu. You can also add a screenshots shortcut directly to your toolbar via the Customize menu. Open the Firefox menu and select Customize… * Changed: FTP support has been disabled, and its full removal is planned for an upcoming release. Addressing this security risk reduces the likelihood of an attack while also removing support for a non-encrypted protocol * Developer: Introduced a new toggle button in the Network panel for switching between JSON formatted HTTP response and raw data (as received over the wire). !enter image description here * Enterprise: Various bug fixes and new policies have been implemented in the latest version of Firefox. You can see OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=904
2021-04-20 09:57:25 +02:00
options->crashAfterTicks = crashAfterMS / HEARTBEAT_INTERVAL_MS;
- Mozilla Firefox 84.0 * Firefox 84 is the final release to support Adobe Flash * WebRender is enabled by default when run on GNOME-based X11 Linux desktops MFSA 2020-54 (bsc#1180039)) * CVE-2020-16042 (bmo#1679003) Operations on a BigInt could have caused uninitialized memory to be exposed * CVE-2020-26971 (bmo#1663466) Heap buffer overflow in WebGL * CVE-2020-26972 (bmo#1671382) Use-After-Free in WebGL * CVE-2020-26973 (bmo#1680084) CSS Sanitizer performed incorrect sanitization * CVE-2020-26974 (bmo#1681022) Incorrect cast of StyleGenericFlexBasis resulted in a heap use-after-free * CVE-2020-26975 (bmo#1661071) Malicious applications on Android could have induced Firefox for Android into sending arbitrary attacker-specified headers * CVE-2020-26976 (bmo#1674343) HTTPS pages could have been intercepted by a registered service worker when they should not have been * CVE-2020-26977 (bmo#1676311) URL spoofing via unresponsive port in Firefox for Android * CVE-2020-26978 (bmo#1677047) Internal network hosts could have been probed by a malicious webpage * CVE-2020-26979 (bmo#1641287, bmo#1673299) When entering an address in the address or search bars, a OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=880
2020-12-16 23:40:17 +01:00
}
Reference in New Issue Copy Permalink