- Mozilla Firefox 81.0

* https://www.mozilla.org/en-US/firefox/81.0/releasenotes MFSA 2020-42 (bsc#1176756) * CVE-2020-15675 (bmo#1654211) Use-After-Free in WebGL * CVE-2020-15677 (bmo#1641487) Download origin spoofing via redirect * CVE-2020-15676 (bmo#1646140) XSS when pasting attacker-controlled data into a contenteditable element * CVE-2020-15678 (bmo#1660211) When recursing through layers while scrolling, an iterator may have become invalid, resulting in a potential use-after- free scenario * CVE-2020-15673 (bmo#1648493, bmo#1660800) Memory safety bugs fixed in Firefox 81 and Firefox ESR 78.3 * CVE-2020-15674 (bmo#1656063, bmo#1656064, bmo#1656067, bmo#1660293) Memory safety bugs fixed in Firefox 81 - requires NSPR 4.28 NSS 3.56 - removed obsolete patches * mozilla-system-nspr.patch * mozilla-bmo1661715.patch * mozilla-silence-no-return-type.patch - skip post-build-checks for 15.0 and 15.1 - add revert-795c8762b16b.patch to fix LTO builds with gcc (related to bmo#1644409) - Use %limit_build macro again for aarch64 and armv7, instead of OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=858
2020-09-22 14:04:54 +00:00 · 2020-09-22 14:04:54 +00:00 · 3415bda243
commit 3415bda243
parent ceeb898e2b
14 changed files with 210 additions and 129 deletions
--- a/MozillaFirefox.changes
+++ b/MozillaFirefox.changes
@ -1,9 +1,68 @@
+-------------------------------------------------------------------
+Fri Sep 18 06:22:40 UTC 2020 - Wolfgang Rosenauer <wr@rosenauer.org>
+
+- Mozilla Firefox 81.0
+  * https://www.mozilla.org/en-US/firefox/81.0/releasenotes
+  MFSA 2020-42 (bsc#1176756)
+  * CVE-2020-15675 (bmo#1654211)
+    Use-After-Free in WebGL
+  * CVE-2020-15677 (bmo#1641487)
+    Download origin spoofing via redirect
+  * CVE-2020-15676 (bmo#1646140)
+    XSS when pasting attacker-controlled data into a
+    contenteditable element
+  * CVE-2020-15678 (bmo#1660211)
+    When recursing through layers while scrolling, an iterator
+    may have become invalid, resulting in a potential use-after-
+    free scenario
+  * CVE-2020-15673 (bmo#1648493, bmo#1660800)
+    Memory safety bugs fixed in Firefox 81 and Firefox ESR 78.3
+  * CVE-2020-15674 (bmo#1656063, bmo#1656064, bmo#1656067, bmo#1660293)
+    Memory safety bugs fixed in Firefox 81
+- requires
+  NSPR 4.28
+  NSS 3.56
+- removed obsolete patches
+  * mozilla-system-nspr.patch
+  * mozilla-bmo1661715.patch
+  * mozilla-silence-no-return-type.patch
+- skip post-build-checks for 15.0 and 15.1
+- add revert-795c8762b16b.patch to fix LTO builds with gcc
+  (related to bmo#1644409)
+
 -------------------------------------------------------------------
 Thu Sep 17 11:45:31 UTC 2020 - Guillaume GARDET <guillaume.gardet@opensuse.org>

- Use %limit_build macro again for aarch64 and armv7, instead of 
+- Use %limit_build macro again for aarch64 and armv7, instead of
  the new memoryperjob _constraints to use more workers

+-------------------------------------------------------------------
+Sat Sep  5 17:43:26 UTC 2020 - Wolfgang Rosenauer <wr@rosenauer.org>
+
+- add mozilla-bmo1661715.patch to fix Flash plugin
+
+-------------------------------------------------------------------
+Wed Sep  2 17:11:19 UTC 2020 - Manfred Hollstein <manfred.h@gmx.net>
+
+- Mozilla Firefox 80.0.1: Bug fixes:
+  * Fixed a performance regression when encountering new intermediate
+    CA certificates (bmo#1661543)
+  * Fixed crashes possibly related to GPU resets (bmo#1627616)
+  * Fixed rendering on some sites using WebGL (bmo#1659225)
+  * Fixed the zoom-in keyboard shortcut on Japanese language builds
+    (bmo#1661895)
+  * Fixed download issues related to extensions and cookies
+    (bmo#1655190)
+- added mozilla-silence-no-return-type.patch
+
+-------------------------------------------------------------------
+Tue Aug 25 19:30:15 UTC 2020 - Wolfgang Rosenauer <wr@rosenauer.org>
+
+- more whitelisting (/dev/random) for sandbox in relation to FIPS
+  (bsc#1174284)
+- improve langpack builds to use dedicated objdirs and make it
+  parallel again
+
 -------------------------------------------------------------------
 Sat Aug 22 06:52:01 UTC 2020 - Wolfgang Rosenauer <wr@rosenauer.org>

--- a/MozillaFirefox.spec
+++ b/MozillaFirefox.spec
@ -17,6 +17,10 @@
 #


+%if 0%{?suse_version} < 1550 && 0%{?sle_version} <= 150100
+#!BuildIgnore: post-build-checks
+%endif
+
 # changed with every update
 # orig_version vs. mainver: To have beta-builds
 # FF70beta3 would be released as FF69.99
@ -25,9 +29,9 @@
 # orig_suffix b3
 # major 69
 # mainver %major.99
-%define major          80
+%define major          81
 %define mainver        %major.0
-%define orig_version   80.0
+%define orig_version   81.0
 %define orig_suffix    %{nil}
 %define update_channel release
 %define branding       1
@ -96,8 +100,8 @@ BuildRequires:  libidl-devel
 BuildRequires:  libiw-devel
 BuildRequires:  libproxy-devel
 BuildRequires:  makeinfo
-BuildRequires:  mozilla-nspr-devel >= 4.27
-BuildRequires:  mozilla-nss-devel >= 3.55
+BuildRequires:  mozilla-nspr-devel >= 4.28
+BuildRequires:  mozilla-nss-devel >= 3.56
 BuildRequires:  nasm >= 2.14
 BuildRequires:  nodejs10 >= 10.21.0
 BuildRequires:  python-devel
@ -209,11 +213,11 @@ Patch25:        mozilla-bmo998749.patch
 Patch26:        mozilla-bmo1626236.patch
 Patch27:        mozilla-s390x-skia-gradient.patch
 Patch28:        mozilla-libavcodec58_91.patch
-Patch29:        mozilla-system-nspr.patch
+Patch29:        revert-795c8762b16b.patch
 # Firefox/browser
 Patch101:       firefox-kde.patch
 Patch102:       firefox-branded-icons.patch
-%endif # only_print_mozconfig
+%endif
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 Requires(post):   coreutils shared-mime-info desktop-file-utils
 Requires(postun): shared-mime-info desktop-file-utils
@ -352,11 +356,11 @@ cd $RPM_BUILD_DIR/%{srcname}-%{orig_version}
 %patch26 -p1
 %patch27 -p1
 %patch28 -p1
-%patch29 -p1
+%patch29 -p1 -R
 # Firefox
 %patch101 -p1
 %patch102 -p1
-%endif # only_print_mozconfig
+%endif

 %build
 %if !%{with only_print_mozconfig}
@ -379,9 +383,9 @@ if test "$kdehelperversion" != %{kde_helper_version}; then
  echo fix kde helper version in the .spec file
  exit 1
 fi
-%endif # only_print_mozconfig

 source %{SOURCE4}
+%endif

 export CARGO_HOME=${RPM_BUILD_DIR}/%{srcname}-%{orig_version}/.cargo
 export MOZ_SOURCE_CHANGESET=$RELEASE_TAG
@ -392,6 +396,7 @@ export MOZ_BUILD_DATE=$RELEASE_TIMESTAMP
 export MOZILLA_OFFICIAL=1
 export BUILD_OFFICIAL=1
 export MOZ_TELEMETRY_REPORTING=1
+export MACH_USE_SYSTEM_PYTHON=1
 %if 0%{?suse_version} <= 1320
 export CC=gcc-9
 %else
@ -479,6 +484,7 @@ ac_add_options --disable-debug
 #ac_add_options --enable-chrome-format=jar
 ac_add_options --enable-update-channel=%{update_channel}
 ac_add_options --with-mozilla-api-keyfile=%{SOURCE18}
+# Google-service currently not available for free anymore
 #ac_add_options --with-google-location-service-api-keyfile=%{SOURCE19}
 ac_add_options --with-google-safebrowsing-api-keyfile=%{SOURCE19}
 ac_add_options --with-unsigned-addon-scopes=app
@ -532,22 +538,36 @@ xvfb-run --server-args="-screen 0 1920x1080x24" \

 # build additional locales
 %if %localize
-# The file obj/browser/locales/bookmarks.html will be overwritten by each langpack-build with the current translation
-# Thus we save here the original, to restore it afterwards, so that the default installation will not have zh-TW
-# bookmarks
-# See also https://bugzilla.opensuse.org/show_bug.cgi?id=1167976
-cp ../obj/browser/locales/bookmarks.html ../obj/browser/locales/bookmarks.html_ORIG
-
 mkdir -p %{buildroot}%{progdir}/browser/extensions
 truncate -s 0 %{_tmppath}/translations.{common,other}
-# Adding "-P 0" would give us parallel builds of langpacks. Unfortunately, mach currently doesn't support
-# building them in parallel. If we do, we get race-conditions and have mixed languages in the langpacks.
-# See https://bugzilla.suse.com/show_bug.cgi?id=1173986
+# langpack-build can not be done in parallel easily (see https://bugzilla.mozilla.org/show_bug.cgi?id=1660943)
+# Therefore, we have to have a separate obj-dir for each language
+# We do this, by creating a mozconfig-template with the necessary switches
+# and a placeholder obj-dir, which gets copied and modified for each language
+
+# Create mozconfig-template for langbuild
+cat << EOF > ${MOZCONFIG}_LANG
+mk_add_options MOZILLA_OFFICIAL=1
+mk_add_options BUILD_OFFICIAL=1
+mk_add_options MOZ_OBJDIR=@TOPSRCDIR@/../obj_LANG
+. \$topsrcdir/browser/config/mozconfig
+ac_add_options --prefix=%{_prefix}
+ac_add_options --with-l10n-base=$RPM_BUILD_DIR/l10n
+ac_add_options --disable-updater
+%if %branding
+ac_add_options --enable-official-branding
+%endif
+EOF
+
 sed -r '/^(ja-JP-mac|ga-IE|en-US|)$/d;s/ .*$//' $RPM_BUILD_DIR/%{srcname}-%{orig_version}/browser/locales/shipped-locales \
-    | xargs -n 1 -I {} /bin/sh -c '
+    | xargs -n 1 %{?jobs:-P %jobs} -I {} /bin/sh -c '
        locale=$1
-        ./mach build langpack-$locale
-        cp -L ../obj/dist/linux-*/xpi/firefox-%{orig_version}.$locale.langpack.xpi \
+        cp ${MOZCONFIG}_LANG ${MOZCONFIG}_$locale
+        sed -i "s|obj_LANG|obj_$locale|" ${MOZCONFIG}_$locale
+        export MOZCONFIG=${MOZCONFIG}_$locale
+        # nsinstall is needed for langpack-build. It is already built by `./mach build`, but building it again is very fast
+        ./mach build config/nsinstall langpack-$locale
+        cp -L ../obj_$locale/dist/linux-*/xpi/firefox-%{orig_version}.$locale.langpack.xpi \
            %{buildroot}%{progdir}/browser/extensions/langpack-$locale@firefox.mozilla.org.xpi
        # remove prefs, profile defaults, and hyphenation from langpack
        #rm -rf %{buildroot}%{progdir}/browser/extensions/langpack-$locale@firefox.mozilla.org/defaults
@ -561,13 +581,10 @@ sed -r '/^(ja-JP-mac|ga-IE|en-US|)$/d;s/ .*$//' $RPM_BUILD_DIR/%{srcname}-%{orig
        echo %{progdir}/browser/extensions/langpack-$locale@firefox.mozilla.org.xpi \
            >> %{_tmppath}/translations.$_l10ntarget
 ' -- {}
-
-# Restoring the original bookmarksfile
-cp ../obj/browser/locales/bookmarks.html_ORIG ../obj/browser/locales/bookmarks.html
 %endif

 ccache -s
-%endif # only_print_mozconfig
+%endif

 %install
 cd $RPM_BUILD_DIR/obj
@ -777,12 +794,12 @@ exit 0
 %files translations-common -f %{_tmppath}/translations.common
 %defattr(-,root,root)
 %dir %{progdir}
-%dir %{progdir}/browser/extensions
+%dir %{progdir}/browser/extensions/

 %files translations-other -f %{_tmppath}/translations.other
 %defattr(-,root,root)
 %dir %{progdir}
-%dir %{progdir}/browser/extensions
+%dir %{progdir}/browser/extensions/
 %endif

 # this package does not need to provide files but is needed to fulfill
--- a/firefox-80.0.source.tar.xz
+++ b/firefox-80.0.source.tar.xz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:380d9853e0712442ba2d4acd85c0e09c19ad36561a3ea8932705ad6b8a91146a
-size 335316448
--- a/firefox-80.0.source.tar.xz.asc
+++ b/firefox-80.0.source.tar.xz.asc
@ -1,16 +0,0 @@
-----BEGIN PGP SIGNATURE-----
-
-iQIzBAABCgAdFiEECXsxMHeuYqAvhNpN8aZmj7t9Vy4FAl88jDEACgkQ8aZmj7t9
-Vy7ASg//fLaiXd9rA7/DVLu3TPXAkjCHzgvmH6Y/nwL/Q1Dztv/MxzbBWDRdqP0G
-LYm2aYP7iRQCxe5qk3VLgshaRzS+GCkzcz8k2zlEbeTJ8i8Yrs4XF3gETmuorU+2
-ZSzDyK9/RAviDpVa7iRSX5PVBMlBI0j5os3X13ipjRxnYnQnesvV+4/YRblX8W/o
-3GjLrm8eRPzglZyxrD6Q2fSPJAGkY/lfJqekkMI3iyq/DPFi3wXPSmiw8r8HFbb9
-Lx6WNF78Tl8aNgsOBHUdYo6qk1v00sejP4OUls9o+VWQOMdVRocoqXo4g7U8Zk+j
-P2Tsu4RDsGDo8H3MtG/oRz4RM+wTSVxNC59FWKHsRlPS5q1OmQRltL/ZE0K3+A0z
-0S8rHUT9XMWHSmVvqlAOXHPXy0C050j8NXxMhST3vGC8dHpmUAPOHGQUrLRkHucn
-uidMFANuvN9QVh5QjYAddA0yHqqkZonPVIKWAv7Den2daS9Hnw1n33XnQIzuggkD
-gDTT9hfcxp0Vk0TGR5WXlpku9BBHIUOrmV3MnfN+vHXyrTONrx2Q3JwhzgCCvNTr
-mTf8MEOyjo8NdSQ1IwI5vmi48XLnO/XyvBQmiP2YLzx3G2mgZPFiwdauKT0dQset
-enamKTFG3DUoOxW/yFxAwxwW5l/44z8Rv82FPUFp7Kgz5wrR7oI=
-=/g2L
-----END PGP SIGNATURE-----
--- a/firefox-81.0.source.tar.xz
+++ b/firefox-81.0.source.tar.xz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:9328745012178aee5a4f47c833539f7872cc6e0f20a853568a313e60cabd1ec8
+size 340347916
--- a/firefox-81.0.source.tar.xz.asc
+++ b/firefox-81.0.source.tar.xz.asc
@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCgAdFiEECXsxMHeuYqAvhNpN8aZmj7t9Vy4FAl9ixfMACgkQ8aZmj7t9
+Vy4wERAAhWxZWDjUP5GgFvvXvN03ESS6AEZqtrl2r09tfEEe10CM9PtuiXL6HAyW
+JR8IDN22aheZJaCDDBxyq7HfkO0xkGypAWEl6pTrw8o0vwxoQ1qYa8/7uy5vyI0w
+FX4cm2GNqiE8Lm0uujvMqY6yEivvOgZEYYoph7+7IH2zm6ruiirCcLFH4GairTOQ
+eROJatUC9HO3pp4Lg3x2YrbcuS5GG6JHkaMe5l0MNlk3he9YUCJ9I2Dscg4lWC4P
+gfig9LuX3UHwTxERpQevM18N3mzQNxG6LfghzyFfgDAjvgMqVnZ5uKqp5E6nVUiq
+nvPl7Idt1+rh1cJtO1/EjEQYWEdGM7IFafuxGnx9nBtUm1rVmDHNHPPm6ocJb5M7
+iII4prXNMajjgzzzRfRC2rixPn4hplgKo7YTxx1IF4h6XMxE4cTQ+WfTT0IddaF
+NNJRirDFIdeJ3DPSb7pJoO+U8TvZmQ3GUch5Tw4vFAFbSrc8tqWoZI9RXe50gMqJ
+eIOFggS6zK+p1E81nA8napzfGkSpNpmUuZ1fSvkWlBjcaTne8QW+stwUW/r78OnF
+uVCScaQ428b4FsKaMf9/faO6/wJI4eImjrPfYV9PHs67G8H66Hw1DW0QVuNZnaa1
+pcRG743EcjYcrsgB/oTFaF31V9ZOJsBTWXdbOMViAtTIkPOOiPA=
+=Wh4b
+-----END PGP SIGNATURE-----
--- a/l10n-80.0.tar.xz
+++ b/l10n-80.0.tar.xz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:fe3ea0d8cec71c6d8b6b4d642e2c0bb115bdafa106085e7cd3cccea43c992150
-size 53010496
--- a/l10n-81.0.tar.xz
+++ b/l10n-81.0.tar.xz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:c593ee1a7a399ec3d057ff8682f231a7ba9b47079ab9572753db2126fdfa3fbc
+size 48859784
--- a/mozilla-kde.patch
+++ b/mozilla-kde.patch
@ -3,7 +3,7 @@
 # Date 1559294891 -7200
 #      Fri May 31 11:28:11 2019 +0200
 # Node ID c2aa7198fb925e7fde96abf65b6f68b9b755f112
-# Parent  a22a4c4e41107a0809c33a83e9d14916738c5a82
+# Parent  e89d21ead66fbb34b6349edda42748a3ad9e6136
 Description: Add KDE integration to Firefox (toolkit parts)
 Author: Wolfgang Rosenauer <wolfgang@rosenauer.org>
 Author: Lubos Lunak <lunak@suse.com>
@ -31,7 +31,7 @@ diff --git a/modules/libpref/Preferences.cpp b/modules/libpref/Preferences.cpp
 #ifdef MOZ_MEMORY
 #  include "mozmemory.h"
 #endif
-@@ -4530,25 +4531,37 @@ nsresult Preferences::InitInitialObjects
+@@ -4536,25 +4537,37 @@ nsresult Preferences::InitInitialObjects
   // application pref files for backwards compatibility.
   static const char* specialFiles[] = {
 #if defined(XP_MACOSX)
@ -69,7 +69,7 @@ diff --git a/modules/libpref/Preferences.cpp b/modules/libpref/Preferences.cpp
 
   // Load jar:$app/omni.jar!/defaults/preferences/*.js
   // or jar:$gre/omni.jar!/defaults/preferences/*.js.
-@@ -4594,17 +4607,17 @@ nsresult Preferences::InitInitialObjects
+@@ -4600,17 +4613,17 @@ nsresult Preferences::InitInitialObjects
       }
 
       nsCOMPtr<nsIFile> path = do_QueryInterface(elem);
@ -175,7 +175,7 @@ diff --git a/toolkit/components/downloads/moz.build b/toolkit/components/downloa
 diff --git a/toolkit/mozapps/downloads/HelperAppDlg.jsm b/toolkit/mozapps/downloads/HelperAppDlg.jsm
 --- a/toolkit/mozapps/downloads/HelperAppDlg.jsm
 +++ b/toolkit/mozapps/downloads/HelperAppDlg.jsm
-@@ -1203,36 +1203,66 @@ nsUnknownContentTypeDialog.prototype = {
+@@ -1239,36 +1239,66 @@ nsUnknownContentTypeDialog.prototype = {
         params.handlerApp &&
         params.handlerApp.executable &&
         params.handlerApp.executable.isFile()
@ -1293,11 +1293,11 @@ diff --git a/uriloader/exthandler/unix/nsOSHelperAppService.cpp b/uriloader/exth
 diff --git a/widget/gtk/moz.build b/widget/gtk/moz.build
 --- a/widget/gtk/moz.build
 +++ b/widget/gtk/moz.build
-@@ -133,16 +133,17 @@ include('/ipc/chromium/chromium-config.m
- FINAL_LIBRARY = 'xul'
+@@ -134,16 +134,17 @@ FINAL_LIBRARY = 'xul'
 
 LOCAL_INCLUDES += [
     '/layout/base',
+     '/layout/forms',
     '/layout/generic',
     '/layout/xul',
     '/other-licenses/atk-1.0',
--- a/mozilla-pipewire-0-3.patch
+++ b/mozilla-pipewire-0-3.patch
@ -1,5 +1,5 @@
 # HG changeset patch
-# Parent  f530b1587cd1c0a79c34f91a9690c4cc4c33ac31
+# Parent  5bd7b491505076dc38ba1efc7c406b9c53ba8389

 diff --git a/config/system-headers.mozbuild b/config/system-headers.mozbuild
 --- a/config/system-headers.mozbuild
@ -65,13 +65,13 @@ diff --git a/media/webrtc/trunk/webrtc/modules/desktop_capture/BUILD.gn b/media/
 diff --git a/media/webrtc/trunk/webrtc/modules/desktop_capture/desktop_capture_generic_gn/moz.build b/media/webrtc/trunk/webrtc/modules/desktop_capture/desktop_capture_generic_gn/moz.build
 --- a/media/webrtc/trunk/webrtc/modules/desktop_capture/desktop_capture_generic_gn/moz.build
 +++ b/media/webrtc/trunk/webrtc/modules/desktop_capture/desktop_capture_generic_gn/moz.build
-@@ -289,16 +289,40 @@ if CONFIG["OS_TARGET"] == "WINNT":
-         "/media/webrtc/trunk/webrtc/modules/desktop_capture/win/screen_capturer_win_directx.cc",
-         "/media/webrtc/trunk/webrtc/modules/desktop_capture/win/screen_capturer_win_magnifier.cc",
-         "/media/webrtc/trunk/webrtc/modules/desktop_capture/win/win_shared.cc",
-         "/media/webrtc/trunk/webrtc/modules/desktop_capture/win/window_capture_utils.cc",
-         "/media/webrtc/trunk/webrtc/modules/desktop_capture/window_capturer_win.cc",
-         "/media/webrtc/trunk/webrtc/modules/desktop_capture/window_finder_win.cc"
+@@ -112,16 +112,39 @@ if CONFIG["OS_TARGET"] == "DragonFly":
+         "/media/webrtc/trunk/webrtc/modules/desktop_capture/linux/x_atom_cache.cc",
+         "/media/webrtc/trunk/webrtc/modules/desktop_capture/linux/x_error_trap.cc",
+         "/media/webrtc/trunk/webrtc/modules/desktop_capture/linux/x_server_pixel_buffer.cc",
+         "/media/webrtc/trunk/webrtc/modules/desktop_capture/mouse_cursor_monitor_linux.cc",
+         "/media/webrtc/trunk/webrtc/modules/desktop_capture/screen_capturer_linux.cc",
+         "/media/webrtc/trunk/webrtc/modules/desktop_capture/window_capturer_linux.cc"
     ]
 
 +# PipeWire specific files
@ -97,8 +97,7 @@ diff --git a/media/webrtc/trunk/webrtc/modules/desktop_capture/desktop_capture_g
 +        "/media/webrtc/trunk/webrtc/modules/desktop_capture/linux/window_capturer_pipewire.cc"
 +    ]
 +
-+
- if CONFIG["OS_TARGET"] == "NetBSD":
+ if CONFIG["OS_TARGET"] == "FreeBSD":
 
     DEFINES["USE_X11"] = "1"
     DEFINES["WEBRTC_BSD"] = True
--- a/mozilla-sandbox-fips.patch
+++ b/mozilla-sandbox-fips.patch
@ -1,16 +1,49 @@
-From: meissner@suse.com
+From: meissner@suse.com, cgrobertson@suse.com
 Subject: allow Firefox to access addtional process information
-Reference: http://bugzilla.suse.com/show_bug.cgi?id=1167132
+References:
+http://bugzilla.suse.com/show_bug.cgi?id=1167132
+bsc#1174284 - Firefox tab just crashed in FIPS mode

-Index: firefox-74.0/security/sandbox/linux/broker/SandboxBrokerPolicyFactory.cpp
-===================================================================
--- firefox-74.0.orig/security/sandbox/linux/broker/SandboxBrokerPolicyFactory.cpp
-+++ firefox-74.0/security/sandbox/linux/broker/SandboxBrokerPolicyFactory.cpp
-@@ -276,6 +276,7 @@ SandboxBrokerPolicyFactory::SandboxBroke
+diff --git a/security/sandbox/linux/Sandbox.cpp b/security/sandbox/linux/Sandbox.cpp
+--- a/security/sandbox/linux/Sandbox.cpp
+++ b/security/sandbox/linux/Sandbox.cpp
+@@ -647,16 +647,17 @@ void SetMediaPluginSandbox(const char* a
+     SANDBOX_LOG_ERROR("failed to open plugin file %s: %s", aFilePath,
+                       strerror(errno));
+     MOZ_CRASH("failed while trying to open the plugin file ");
+   }
+ 
+   auto files = new SandboxOpenedFiles();
+   files->Add(std::move(plugin));
+   files->Add("/dev/urandom", true);
+  files->Add("/dev/random", true);
+   files->Add("/etc/ld.so.cache");  // Needed for NSS in clearkey.
+   files->Add("/sys/devices/system/cpu/cpu0/tsc_freq_khz");
+   files->Add("/sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq");
+   files->Add("/proc/cpuinfo");  // Info also available via CPUID instruction.
+   files->Add("/proc/sys/crypto/fips_enabled");  // Needed for NSS in clearkey.
+ #ifdef __i386__
+   files->Add("/proc/self/auxv");  // Info also in process's address space.
+ #endif
+diff --git a/security/sandbox/linux/broker/SandboxBrokerPolicyFactory.cpp b/security/sandbox/linux/broker/SandboxBrokerPolicyFactory.cpp
+--- a/security/sandbox/linux/broker/SandboxBrokerPolicyFactory.cpp
+++ b/security/sandbox/linux/broker/SandboxBrokerPolicyFactory.cpp
+@@ -308,16 +308,18 @@ void SandboxBrokerPolicyFactory::InitCon
+     policy->AddDir(rdwr, "/dev/dri");
+   }
+ 
+   // Bug 1575985: WASM library sandbox needs RW access to /dev/null
+   policy->AddPath(rdwr, "/dev/null");
 
   // Read permissions
   policy->AddPath(rdonly, "/dev/urandom");
+  policy->AddPath(rdonly, "/dev/random");
 +  policy->AddPath(rdonly, "/proc/sys/crypto/fips_enabled");
   policy->AddPath(rdonly, "/proc/cpuinfo");
   policy->AddPath(rdonly, "/proc/meminfo");
   policy->AddDir(rdonly, "/sys/devices/cpu");
+   policy->AddDir(rdonly, "/sys/devices/system/cpu");
+   policy->AddDir(rdonly, "/lib");
+   policy->AddDir(rdonly, "/lib64");
+   policy->AddDir(rdonly, "/usr/lib");
+   policy->AddDir(rdonly, "/usr/lib32");
--- a/mozilla-system-nspr.patch
+++ b/mozilla-system-nspr.patch
@ -1,52 +0,0 @@
-# HG changeset patch
-# User Wolfgang Rosenauer <wr@rosenauer.org>
-# Parent  3804871eac4171b99e9049dbc881b5304b5ac207
-
-diff --git a/dom/system/IOUtils.cpp b/dom/system/IOUtils.cpp
--- a/dom/system/IOUtils.cpp
-+++ b/dom/system/IOUtils.cpp
-@@ -9,19 +9,19 @@
- #include "mozilla/dom/IOUtils.h"
- #include "mozilla/dom/Promise.h"
- #include "mozilla/ErrorNames.h"
- #include "mozilla/Result.h"
- #include "mozilla/ResultExtensions.h"
- #include "mozilla/Services.h"
- #include "mozilla/Span.h"
- #include "mozilla/TextUtils.h"
-#include "nspr/prio.h"
-#include "nspr/private/pprio.h"
-#include "nspr/prtypes.h"
-+#include "prio.h"
-+#include "private/pprio.h"
-+#include "prtypes.h"
- #include "nsDirectoryServiceDefs.h"
- #include "nsIFile.h"
- #include "nsIGlobalObject.h"
- #include "nsNativeCharsetUtils.h"
- #include "nsReadableUtils.h"
- #include "nsString.h"
- #include "nsThreadManager.h"
- #include "SpecialSystemDirectory.h"
-diff --git a/dom/system/IOUtils.h b/dom/system/IOUtils.h
--- a/dom/system/IOUtils.h
-+++ b/dom/system/IOUtils.h
-@@ -9,17 +9,17 @@
- 
- #include "mozilla/AlreadyAddRefed.h"
- #include "mozilla/DataMutex.h"
- #include "mozilla/dom/BindingDeclarations.h"
- #include "mozilla/dom/IOUtilsBinding.h"
- #include "mozilla/dom/TypedArray.h"
- #include "mozilla/ErrorResult.h"
- #include "mozilla/MozPromise.h"
-#include "nspr/prio.h"
-+#include "prio.h"
- #include "nsIAsyncShutdown.h"
- #include "nsISerialEventTarget.h"
- #include "nsLocalFile.h"
- 
- namespace mozilla {
- 
- /**
-  * Utility class to be used with |UniquePtr| to automatically close NSPR file
--- a/revert-795c8762b16b.patch
+++ b/revert-795c8762b16b.patch
@ -0,0 +1,25 @@
+diff --git a/build/moz.configure/lto-pgo.configure b/build/moz.configure/lto-pgo.configure
+--- a/build/moz.configure/lto-pgo.configure
+++ b/build/moz.configure/lto-pgo.configure
+@@ -224,17 +224,20 @@ def lto(value, c_compiler, ld64_known_go
+             #
+             # https://github.com/llvm/llvm-project/blob/e7694f34ab6a12b8bb480cbfcb396d0a64fe965f/llvm/lib/Target/X86/X86.td#L1165-L1187
+             if target.cpu == 'x86_64':
+                 ldflags.append('-mllvm:-mcpu=x86-64')
+             # We do not need special flags for arm64.  Hooray for fixed-length
+             # instruction sets.
+         else:
+             num_cores = multiprocessing.cpu_count()
+-            cflags.append("-flto")
+            if len(value) and value[0].lower() == 'full':
+                cflags.append("-flto")
+            else:
+                cflags.append("-flto=thin")
+             cflags.append("-flifetime-dse=1")
+ 
+             ldflags.append("-flto=%s" % num_cores)
+             ldflags.append("-flifetime-dse=1")
+ 
+         # Tell LTO not to inline functions above a certain size, to mitigate
+         # binary size growth while still getting good performance.
+         # (For hot functions, PGO will put a multiplier on this limit.)
--- a/8
+++ b/8
@ -1,11 +1,11 @@
 PRODUCT="firefox"
 CHANNEL="release"
-VERSION="80.0"
+VERSION="81.0"
 VERSION_SUFFIX=""
-PREV_VERSION="79.0"
+PREV_VERSION="80.0.1"
 PREV_VERSION_SUFFIX=""
 #SKIP_LOCALES="" # Uncomment to skip l10n and compare-locales-generation

 RELEASE_REPO="https://hg.mozilla.org/releases/mozilla-release"
-RELEASE_TAG="bd5d1f49975deb730064a16b3079edb53c4a5f84"
-RELEASE_TIMESTAMP="20200818235255"
+RELEASE_TAG="080f865dcb5a2427138f686afa8e72ba81936743"
+RELEASE_TIMESTAMP="20200917005511"