Accepting request 874847 from mozilla:Factory

- Mozilla Firefox 86.0 * requires NSS >= 3.61 * requires rust-cbindgen >= 0.16.0 * Firefox now supports simultaneously watching multiple videos in Picture-in-Picture. * Total Cookie Protection to Strict Mode * https://www.mozilla.org/en-US/firefox/86.0/releasenotes MSFA 2021-07 (bsc#1182614) * CVE-2021-23969 (bmo#1542194) Content Security Policy violation report could have contained the destination of a redirect * CVE-2021-23970 (bmo#1681724) Multithreaded WASM triggered assertions validating separation of script domains * CVE-2021-23968 (bmo#1687342) Content Security Policy violation report could have contained the destination of a redirect * CVE-2021-23974 (bmo#1528997, bmo#1683627) noscript elements could have led to an HTML Sanitizer bypass * CVE-2021-23971 (bmo#1678545) A website's Referrer-Policy could have been be overridden, potentially resulting in the full URL being sent as a Referrer * CVE-2021-23976 (bmo#1684627) Local spoofing of web manifests for arbitrary pages in Firefox for Android * CVE-2021-23977 (bmo#1684761) Malicious application could read sensitive data from Firefox for Android's application directories * CVE-2021-23972 (bmo#1683536) HTTP Auth phishing warning was omitted when a redirect is OBS-URL: https://build.opensuse.org/request/show/874847 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaFirefox?expand=0&rev=330
2021-03-02 11:27:21 +00:00 · 2021-03-02 11:27:21 +00:00 · 2643a7c981
commit 2643a7c981
parent 318b36af09 b4482da8fa
12 changed files with 99 additions and 110 deletions
--- a/MozillaFirefox.changes
+++ b/MozillaFirefox.changes
@ -1,3 +1,56 @@
+-------------------------------------------------------------------
+Sun Feb 21 18:14:12 UTC 2021 - Wolfgang Rosenauer <wr@rosenauer.org>
+
+- Mozilla Firefox 86.0
+  * requires NSS >= 3.61
+  * requires rust-cbindgen >= 0.16.0
+  * Firefox now supports simultaneously watching multiple videos in
+    Picture-in-Picture.
+  * Total Cookie Protection to Strict Mode
+  * https://www.mozilla.org/en-US/firefox/86.0/releasenotes
+  MSFA 2021-07 (bsc#1182614)
+  * CVE-2021-23969 (bmo#1542194)
+    Content Security Policy violation report could have contained
+    the destination of a redirect
+  * CVE-2021-23970 (bmo#1681724)
+    Multithreaded WASM triggered assertions validating separation
+    of script domains
+  * CVE-2021-23968 (bmo#1687342)
+    Content Security Policy violation report could have contained
+    the destination of a redirect
+  * CVE-2021-23974 (bmo#1528997, bmo#1683627)
+    noscript elements could have led to an HTML Sanitizer bypass
+  * CVE-2021-23971 (bmo#1678545)
+    A website's Referrer-Policy could have been be overridden,
+    potentially resulting in the full URL being sent as a Referrer
+  * CVE-2021-23976 (bmo#1684627)
+    Local spoofing of web manifests for arbitrary pages in
+    Firefox for Android
+  * CVE-2021-23977 (bmo#1684761)
+    Malicious application could read sensitive data from Firefox
+    for Android's application directories
+  * CVE-2021-23972 (bmo#1683536)
+    HTTP Auth phishing warning was omitted when a redirect is
+    cached
+  * CVE-2021-23975 (bmo#1685145)
+    about:memory Measure function caused an incorrect pointer
+    operation
+  * CVE-2021-23973 (bmo#1690976)
+    MediaError message property could have leaked information
+    about cross-origin resources
+  * CVE-2021-23978 (bmo#1682928, bmo#1687391, bmo#1687597, bmo#786797)
+    Memory safety bugs fixed in Firefox 86 and Firefox ESR 78.8
+  * CVE-2021-23979 (bmo#1663222, bmo#1666607, bmo#1672120, bmo#1678463,
+    bmo#1678927, bmo#1679560, bmo#1681297, bmo#1681684, bmo#1683490,
+    bmo#1684377, bmo#1684902)
+    Memory safety bugs fixed in Firefox 86
+- updated create-tar.sh (bsc#1182357)
+- removed obsolete mozilla-bmo1554971.patch
+- remove buildsymbols subpackage
+  * we haven't done anything with it for years
+  * mozilla is collecting those from our debuginfo packages
+  * would require a local dump_syms tool
+
 -------------------------------------------------------------------
 Wed Feb 17 18:40:41 UTC 2021 - Andreas Stieger <andreas.stieger@gmx.de>

--- a/MozillaFirefox.spec
+++ b/MozillaFirefox.spec
@ -29,9 +29,9 @@
 # orig_suffix b3
 # major 69
 # mainver %major.99
-%define major          85
-%define mainver        %major.0.2
-%define orig_version   85.0.2
+%define major          86
+%define mainver        %major.0
+%define orig_version   86.0
 %define orig_suffix    %{nil}
 %define update_channel release
 %define branding       1
@ -101,7 +101,7 @@ BuildRequires:  libiw-devel
 BuildRequires:  libproxy-devel
 BuildRequires:  makeinfo
 BuildRequires:  mozilla-nspr-devel >= 4.29
-BuildRequires:  mozilla-nss-devel >= 3.60.1
+BuildRequires:  mozilla-nss-devel >= 3.61
 BuildRequires:  nasm >= 2.14
 BuildRequires:  nodejs10 >= 10.22.1
 %if 0%{?sle_version} >= 120000 && 0%{?sle_version} < 150000
@ -112,7 +112,7 @@ BuildRequires:  python3 >= 3.5
 BuildRequires:  python3-devel
 %endif
 BuildRequires:  rust >= 1.47
-BuildRequires:  rust-cbindgen >= 0.15.0
+BuildRequires:  rust-cbindgen >= 0.16.0
 BuildRequires:  unzip
 BuildRequires:  update-desktop-files
 BuildRequires:  xorg-x11-libXt-devel
@ -175,7 +175,7 @@ Source9:        firefox.js
 Source11:       firefox.1
 Source12:       mozilla-get-app-id
 Source13:       spellcheck.js
-Source14:       https://github.com/openSUSE/firefox-scripts/raw/5e54f4a/create-tar.sh
+Source14:       https://github.com/openSUSE/firefox-scripts/raw/4503820/create-tar.sh
 Source15:       firefox-appdata.xml
 Source16:       %{name}.changes
 Source17:       firefox-search-provider.ini
@ -202,7 +202,6 @@ Patch14:        mozilla-bmo1568145.patch
 Patch15:        mozilla-bmo1504834-part1.patch
 Patch16:        mozilla-bmo1504834-part2.patch
 Patch17:        mozilla-bmo1504834-part3.patch
-Patch18:        mozilla-bmo1554971.patch
 Patch19:        mozilla-bmo1512162.patch
 Patch20:        mozilla-fix-top-level-asm.patch
 Patch21:        mozilla-bmo1504834-part4.patch
@ -217,8 +216,8 @@ Patch101:       firefox-kde.patch
 Patch102:       firefox-branded-icons.patch
 %endif
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
-Requires(post):   coreutils shared-mime-info desktop-file-utils
-Requires(postun): shared-mime-info desktop-file-utils
+Requires(post): coreutils shared-mime-info desktop-file-utils
+Requires(postun):shared-mime-info desktop-file-utils
 Requires:       %{name}-branding >= 68
 %requires_ge    mozilla-nspr
 %requires_ge    mozilla-nss
@ -299,16 +298,6 @@ Supplements:    packageand(%{name}:branding-upstream)
 %description branding-upstream
 This package provides upstream look and feel for %{appname}.

-%if %crashreporter
-%package buildsymbols
-Summary:        Breakpad buildsymbols for %{appname}
-Group:          Development/Debug
-
-%description buildsymbols
-This subpackage contains the Breakpad created and compatible debugging
-symbols meant for upload to Mozilla's crash collector database.
-%endif
-
 %if !%{with only_print_mozconfig}
 %prep
 %if %localize
@ -341,7 +330,6 @@ cd $RPM_BUILD_DIR/%{srcname}-%{orig_version}
 %patch15 -p1
 %patch16 -p1
 %patch17 -p1
-%patch18 -p1
 %patch19 -p1
 %patch20 -p1
 %patch21 -p1
@ -706,18 +694,6 @@ FIN
 # fdupes
 %fdupes %{buildroot}%{progdir}
 %fdupes %{buildroot}%{_datadir}
-# create breakpad debugsymbols
-%if %crashreporter
-SYMBOLS_NAME="firefox-%{version}-` echo '%{release}' | sed 's@\.[^\.]\+$@@' `.%{_arch}-%{suse_version}-symbols"
-make buildsymbols \
-  SYMBOL_INDEX_NAME="$SYMBOLS_NAME.txt" \
-  SYMBOL_FULL_ARCHIVE_BASENAME="$SYMBOLS_NAME-full" \
-  SYMBOL_ARCHIVE_BASENAME="$SYMBOLS_NAME"
-if [ -e dist/*symbols.zip ]; then
-  mkdir -p %{buildroot}%{_datadir}/mozilla/
-  cp dist/*symbols.zip %{buildroot}%{_datadir}/mozilla/
-fi
-%endif

 %clean
 rm -rf %{buildroot}
@ -812,10 +788,4 @@ exit 0
 %defattr(-,root,root)
 %dir %{progdir}

-%if %crashreporter
-%files buildsymbols
-%defattr(-,root,root)
-%{_datadir}/mozilla/*.zip
-%endif
-
 %changelog
--- a/create-tar.sh
+++ b/create-tar.sh
@ -239,9 +239,9 @@ else
  fi
  if [ ! -d $PRODUCT-$VERSION ]; then
    echo "cloning new $BRANCH..."
-    hg clone http://hg.mozilla.org/$BRANCH $PRODUCT-$VERSION
+    hg clone https://hg.mozilla.org/$BRANCH $PRODUCT-$VERSION
    if [ "$PRODUCT" = "thunderbird" ]; then
-      hg clone http://hg.mozilla.org/releases/comm-$CHANNEL $PRODUCT-$VERSION/comm
+      hg clone https://hg.mozilla.org/releases/comm-$CHANNEL $PRODUCT-$VERSION/comm
    fi
  fi
  pushd $PRODUCT-$VERSION || exit 1
@ -258,7 +258,7 @@ else
  [ "$FF_RELEASE_TAG" == "default" ] || hg update -r $FF_RELEASE_TAG
  # get repo and source stamp
  REV=$(hg -R . parent --template="{node|short}\n")
-  SOURCE_REPO=$(hg showconfig paths.default 2>/dev/null | head -n1 | sed -e "s/^ssh:/http:/")
+  SOURCE_REPO=$(hg showconfig paths.default 2>/dev/null | head -n1 | sed -e "s/^ssh:/https:/")
  TIMESTAMP=$(date +%Y%m%d%H%M%S)

  if [ "$PRODUCT" = "thunderbird" ]; then
@ -308,7 +308,7 @@ if [ $LOCALES_CHANGED -ne 0 ]; then
            hg pull
            popd || exit 1
          else
-            hg clone "http://hg.mozilla.org/l10n-central/$locale" "l10n/$locale"
+            hg clone "https://hg.mozilla.org/l10n-central/$locale" "l10n/$locale"
          fi
          [ "$RELEASE_TAG" == "default" ] || hg -R "l10n/$locale" up -C -r "$changeset"
          ;;
--- a/firefox-85.0.2.source.tar.xz
+++ b/firefox-85.0.2.source.tar.xz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:b157cdc265daa6140ec8daef2bc98d335f871e7e9ac235287fb199e11c164287
-size 372234168
--- a/firefox-85.0.2.source.tar.xz.asc
+++ b/firefox-85.0.2.source.tar.xz.asc
@ -1,16 +0,0 @@
-----BEGIN PGP SIGNATURE-----
-
-iQIzBAABCgAdFiEECXsxMHeuYqAvhNpN8aZmj7t9Vy4FAmAhbT8ACgkQ8aZmj7t9
-Vy5+4xAAqFQIiPLySIop6zAfBKyBYkbyZLDLHnZlRxttUQMPkwqcGyIdwD00tc6k
-WoCqHl3fyK3gBcHuV0spdFca8vPKa1fDh4FOfBWdKA34B3D0O4wRwB9COdm+M+Q2
-GhGVFj9V0L8g/vNzBLP/fdPy2ayFo82WBJ0XhI+jTu7GnIDRPI5z845Dp7m1+4e6
-6mShydcINeQ2DrUKDWju9+opaOc9ewlTeLf2gxVWv7/i4Dqzlr50DcwIhdm5+Km9
-cDDsiIxwVe7G3oOTJv9Bhe9obDN3gQWBVlYKEamG0k1b07kkuEW+OiplzYsslgMW
-mv/jHyVLhssRYSDEWTAp4Lxv16JNcPZVXmnlNqXu/MwWffthwoPtCy42EBTD63zI
-1geInqxtK5MsLFipQOBarl7bXiyWoCpRdrs73HBYQJGV5fOwzsM61F8kh4J7eMyq
-sZPvy4Qt9Qt5/mU1xxF7rZ+KfTN/s42GfprwfxoeeEcrzG8tz5Cha5NLW2dXBGeE
-ETGxokt0AlgGJLMW1a3h0uSyfcHTCQMn2R+LNHRJh3avhOQu9IQJq51m7ur4pvC2
-8HAtuRpq2MUxjdQDVGZcqFRTZofy8eT1qYnThSX8nqdbX1hWGWyJpYzOvZfWhFU8
-+KXjyTPP46xKqhRKxHes7Ey8h9DzRVvYiJywV51o3oSKGU0FUP8=
-=qr+A
-----END PGP SIGNATURE-----
--- a/firefox-86.0.source.tar.xz
+++ b/firefox-86.0.source.tar.xz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:c3ac474a2cf6a8e31a962f57c7357dbe67b5088b6aceea9980f25ce7a99b58dd
+size 371929688
--- a/firefox-86.0.source.tar.xz.asc
+++ b/firefox-86.0.source.tar.xz.asc
@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCgAdFiEECXsxMHeuYqAvhNpN8aZmj7t9Vy4FAmAzxNEACgkQ8aZmj7t9
+Vy778A//QW/sIUa6WLKXXFkYpiTb6NSDxamtVrlfHZjjG1wmMmYbqR1ZaF8jimZR
+vn0APYeBEwula5aKces5UE1AUc6sdE26DCOhO4l8VKiaVW+m6XK1QdxmorCSUtqc
+C1fE43+g0N4YTZEreHHSitNrgMu7EjnazicCu2tLc+138ihB8zf1Dt7zC00XgLes
+ssQW0Lsrfj0yQ91MnEDsAXevd5MWnYQJVduunAZTyiD6Ad/lmwiYaes+PkbKw0iR
+qTxp7FNdrOgqJjihlzgOkjabu60Naejd2xP1dnjv+LAbjmRYA3EgUHveBpMv0RFV
+rzqp/i/p1KUGt7K3VWmqCgVNu2wSi4ASnhn0uzPPl/oZNm09Pyf9fLWEXE+vJXQE
+z+6cB5Nc+D4Tf890XaR9JWXxGr2M3uvGAhaD8K0B1YlhN0GVr9BPfgzIQ7uOEAFP
+tsw3Jt/p5rQjTaEBZLyWmL389gSk93EF7OKNob+kDy8ISi++ikmkWUllOFWmaNmS
+Km3LU3S0j8q0gikQwgm4G8JTzcm/ksvZ93mk+kLS4rS1/gtMKWJ/UroSDoVbFXmv
+yZjgx0e24tpoj7JvbwzT26rmF8+E2+ZeMOnW0s6vJLUPKEWa4Da0kY8QDQQV1sOv
+7UQJ+PJnIZCC/XmSZThKmGbkTd3vC8G5GZFUCVyEghLJdLTANio=
+=iYBA
+-----END PGP SIGNATURE-----
--- a/l10n-85.0.2.tar.xz
+++ b/l10n-85.0.2.tar.xz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:c52a7466b6caab04b31915c399316ecdb339dc1ffda249a1651ce4fa6fb348b8
-size 49861480
--- a/l10n-86.0.tar.xz
+++ b/l10n-86.0.tar.xz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:d00e8e8b87a8195f757ac135c7814bffe8df0b029602a44a1e6849403e2322b3
+size 49760280
--- a/mozilla-bmo1554971.patch
+++ b/mozilla-bmo1554971.patch
@ -1,32 +0,0 @@
-# HG changeset patch
-# Parent  38d48db62539afe61d542c9d21e32d57d4b00a73
-Eliminate startup error message:
-JavaScript error: , line 0: Error: Type error for platformInfo value (Error processing arch: Invalid enumeration value "s390x") for runtime.getPlatformInfo.
-
-Reported here: https://bugzilla.mozilla.org/show_bug.cgi?id=1554971
-
-Uncertain if this is causing real problems or not. Also uncertain if the fix actually fixes anything.
-No response from upstream yet.
-
-diff --git a/toolkit/components/extensions/schemas/runtime.json b/toolkit/components/extensions/schemas/runtime.json
--- a/toolkit/components/extensions/schemas/runtime.json
-+++ b/toolkit/components/extensions/schemas/runtime.json
-@@ -59,17 +59,17 @@
-         "type": "string",
-         "allowedContexts": ["content", "devtools"],
-         "description": "The operating system the browser is running on.",
-         "enum": ["mac", "win", "android", "cros", "linux", "openbsd"]
-       },
-       {
-         "id": "PlatformArch",
-         "type": "string",
-        "enum": ["arm", "x86-32", "x86-64"],
-+        "enum": ["arm", "x86-32", "x86-64", "s390x", "aarch64", "ppc64le"],
-         "allowedContexts": ["content", "devtools"],
-         "description": "The machine's processor architecture."
-       },
-       {
-         "id": "PlatformInfo",
-         "type": "object",
-         "allowedContexts": ["content", "devtools"],
-         "description": "An object containing information about the current platform.",
--- a/mozilla-pgo.patch
+++ b/mozilla-pgo.patch
@ -1,6 +1,6 @@
 # HG changeset patch
 # User Wolfgang Rosenauer <wr@rosenauer.org>
-# Parent  41df71ef2798d6bd6a67cfc4c4f26b8d41b8ccca
+# Parent  07b5ae8ccc4806fcc5ad74e32a2d3fb2b9d605d0

 diff --git a/build/moz.configure/lto-pgo.configure b/build/moz.configure/lto-pgo.configure
 --- a/build/moz.configure/lto-pgo.configure
@ -114,11 +114,9 @@ diff --git a/build/pgo/profileserver.py b/build/pgo/profileserver.py
 diff --git a/build/unix/mozconfig.unix b/build/unix/mozconfig.unix
 --- a/build/unix/mozconfig.unix
 +++ b/build/unix/mozconfig.unix
-@@ -1,16 +1,25 @@
+@@ -1,14 +1,23 @@
 . "$topsrcdir/build/mozconfig.common"
 
- TOOLTOOL_DIR=${TOOLTOOL_DIR:-$topsrcdir}
- 
 if [ -n "$FORCE_GCC" ]; then
     CC="$MOZ_FETCHES_DIR/gcc/bin/gcc"
     CXX="$MOZ_FETCHES_DIR/gcc/bin/g++"
@ -126,8 +124,8 @@ diff --git a/build/unix/mozconfig.unix b/build/unix/mozconfig.unix
 +    if [ -n "$MOZ_PGO" ]; then
 +        if [ -z "$USE_ARTIFACT" ]; then
 +            ac_add_options --enable-lto
-+        fi
-+        export AR="$topsrcdir/gcc/bin/gcc-ar"
+	fi
+	export AR="$topsrcdir/gcc/bin/gcc-ar"
 +        export NM="$topsrcdir/gcc/bin/gcc-nm"
 +        export RANLIB="$topsrcdir/gcc/bin/gcc-ranlib"
 +    fi
@ -135,11 +133,11 @@ diff --git a/build/unix/mozconfig.unix b/build/unix/mozconfig.unix
     # We want to make sure we use binutils and other binaries in the tooltool
     # package.
     mk_add_options "export PATH=$MOZ_FETCHES_DIR/gcc/bin:$PATH"
-     ac_add_options --with-clang-path=$MOZ_FETCHES_DIR/clang/bin/clang
 else
-     CC="$MOZ_FETCHES_DIR/clang/bin/clang"
-     CXX="$MOZ_FETCHES_DIR/clang/bin/clang++"
- 
+     # For some builds we don't want to have Clang based static-analysis activated
+     if [ -z "$DISABLE_CLANG_PLUGIN" ]; then
+         export ENABLE_CLANG_PLUGIN=1
+     fi
 diff --git a/extensions/spellcheck/src/moz.build b/extensions/spellcheck/src/moz.build
 --- a/extensions/spellcheck/src/moz.build
 +++ b/extensions/spellcheck/src/moz.build
--- a/8
+++ b/8
@ -1,11 +1,11 @@
 PRODUCT="firefox"
 CHANNEL="release"
-VERSION="85.0.2"
+VERSION="86.0"
 VERSION_SUFFIX=""
-PREV_VERSION="85.0.1"
+PREV_VERSION="85.0.2"
 PREV_VERSION_SUFFIX=""
 #SKIP_LOCALES="" # Uncomment to skip l10n and compare-locales-generation

 RELEASE_REPO="https://hg.mozilla.org/releases/mozilla-release"
-RELEASE_TAG="f48eab99cc33d79d1ad62211c1f8d9d9c1cb6727"
-RELEASE_TIMESTAMP="20210208133944"
+RELEASE_TAG="89345511871ef6489580b994be21189e84462393"
+RELEASE_TIMESTAMP="20210222142601"