From 3415bda243e1551e46d19ede223187b40d93c5df5017b28893e77b3965d680c2 Mon Sep 17 00:00:00 2001 From: Wolfgang Rosenauer Date: Tue, 22 Sep 2020 14:04:54 +0000 Subject: [PATCH] - Mozilla Firefox 81.0 * https://www.mozilla.org/en-US/firefox/81.0/releasenotes MFSA 2020-42 (bsc#1176756) * CVE-2020-15675 (bmo#1654211) Use-After-Free in WebGL * CVE-2020-15677 (bmo#1641487) Download origin spoofing via redirect * CVE-2020-15676 (bmo#1646140) XSS when pasting attacker-controlled data into a contenteditable element * CVE-2020-15678 (bmo#1660211) When recursing through layers while scrolling, an iterator may have become invalid, resulting in a potential use-after- free scenario * CVE-2020-15673 (bmo#1648493, bmo#1660800) Memory safety bugs fixed in Firefox 81 and Firefox ESR 78.3 * CVE-2020-15674 (bmo#1656063, bmo#1656064, bmo#1656067, bmo#1660293) Memory safety bugs fixed in Firefox 81 - requires NSPR 4.28 NSS 3.56 - removed obsolete patches * mozilla-system-nspr.patch * mozilla-bmo1661715.patch * mozilla-silence-no-return-type.patch - skip post-build-checks for 15.0 and 15.1 - add revert-795c8762b16b.patch to fix LTO builds with gcc (related to bmo#1644409) - Use %limit_build macro again for aarch64 and armv7, instead of OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=858 --- MozillaFirefox.changes | 61 ++++++++++++++++++++++++++++- MozillaFirefox.spec | 71 +++++++++++++++++++++------------- firefox-80.0.source.tar.xz | 3 -- firefox-80.0.source.tar.xz.asc | 16 -------- firefox-81.0.source.tar.xz | 3 ++ firefox-81.0.source.tar.xz.asc | 16 ++++++++ l10n-80.0.tar.xz | 3 -- l10n-81.0.tar.xz | 3 ++ mozilla-kde.patch | 12 +++--- mozilla-pipewire-0-3.patch | 19 +++++---- mozilla-sandbox-fips.patch | 47 ++++++++++++++++++---- mozilla-system-nspr.patch | 52 ------------------------- revert-795c8762b16b.patch | 25 ++++++++++++ tar_stamps | 8 ++-- 14 files changed, 210 insertions(+), 129 deletions(-) delete mode 100644 firefox-80.0.source.tar.xz delete mode 100644 firefox-80.0.source.tar.xz.asc create mode 100644 firefox-81.0.source.tar.xz create mode 100644 firefox-81.0.source.tar.xz.asc delete mode 100644 l10n-80.0.tar.xz create mode 100644 l10n-81.0.tar.xz delete mode 100644 mozilla-system-nspr.patch create mode 100644 revert-795c8762b16b.patch diff --git a/MozillaFirefox.changes b/MozillaFirefox.changes index d0b800b8..a9e67053 100644 --- a/MozillaFirefox.changes +++ b/MozillaFirefox.changes @@ -1,9 +1,68 @@ +------------------------------------------------------------------- +Fri Sep 18 06:22:40 UTC 2020 - Wolfgang Rosenauer + +- Mozilla Firefox 81.0 + * https://www.mozilla.org/en-US/firefox/81.0/releasenotes + MFSA 2020-42 (bsc#1176756) + * CVE-2020-15675 (bmo#1654211) + Use-After-Free in WebGL + * CVE-2020-15677 (bmo#1641487) + Download origin spoofing via redirect + * CVE-2020-15676 (bmo#1646140) + XSS when pasting attacker-controlled data into a + contenteditable element + * CVE-2020-15678 (bmo#1660211) + When recursing through layers while scrolling, an iterator + may have become invalid, resulting in a potential use-after- + free scenario + * CVE-2020-15673 (bmo#1648493, bmo#1660800) + Memory safety bugs fixed in Firefox 81 and Firefox ESR 78.3 + * CVE-2020-15674 (bmo#1656063, bmo#1656064, bmo#1656067, bmo#1660293) + Memory safety bugs fixed in Firefox 81 +- requires + NSPR 4.28 + NSS 3.56 +- removed obsolete patches + * mozilla-system-nspr.patch + * mozilla-bmo1661715.patch + * mozilla-silence-no-return-type.patch +- skip post-build-checks for 15.0 and 15.1 +- add revert-795c8762b16b.patch to fix LTO builds with gcc + (related to bmo#1644409) + ------------------------------------------------------------------- Thu Sep 17 11:45:31 UTC 2020 - Guillaume GARDET -- Use %limit_build macro again for aarch64 and armv7, instead of +- Use %limit_build macro again for aarch64 and armv7, instead of the new memoryperjob _constraints to use more workers +------------------------------------------------------------------- +Sat Sep 5 17:43:26 UTC 2020 - Wolfgang Rosenauer + +- add mozilla-bmo1661715.patch to fix Flash plugin + +------------------------------------------------------------------- +Wed Sep 2 17:11:19 UTC 2020 - Manfred Hollstein + +- Mozilla Firefox 80.0.1: Bug fixes: + * Fixed a performance regression when encountering new intermediate + CA certificates (bmo#1661543) + * Fixed crashes possibly related to GPU resets (bmo#1627616) + * Fixed rendering on some sites using WebGL (bmo#1659225) + * Fixed the zoom-in keyboard shortcut on Japanese language builds + (bmo#1661895) + * Fixed download issues related to extensions and cookies + (bmo#1655190) +- added mozilla-silence-no-return-type.patch + +------------------------------------------------------------------- +Tue Aug 25 19:30:15 UTC 2020 - Wolfgang Rosenauer + +- more whitelisting (/dev/random) for sandbox in relation to FIPS + (bsc#1174284) +- improve langpack builds to use dedicated objdirs and make it + parallel again + ------------------------------------------------------------------- Sat Aug 22 06:52:01 UTC 2020 - Wolfgang Rosenauer diff --git a/MozillaFirefox.spec b/MozillaFirefox.spec index 72c121f5..b9e07778 100644 --- a/MozillaFirefox.spec +++ b/MozillaFirefox.spec @@ -17,6 +17,10 @@ # +%if 0%{?suse_version} < 1550 && 0%{?sle_version} <= 150100 +#!BuildIgnore: post-build-checks +%endif + # changed with every update # orig_version vs. mainver: To have beta-builds # FF70beta3 would be released as FF69.99 @@ -25,9 +29,9 @@ # orig_suffix b3 # major 69 # mainver %major.99 -%define major 80 +%define major 81 %define mainver %major.0 -%define orig_version 80.0 +%define orig_version 81.0 %define orig_suffix %{nil} %define update_channel release %define branding 1 @@ -96,8 +100,8 @@ BuildRequires: libidl-devel BuildRequires: libiw-devel BuildRequires: libproxy-devel BuildRequires: makeinfo -BuildRequires: mozilla-nspr-devel >= 4.27 -BuildRequires: mozilla-nss-devel >= 3.55 +BuildRequires: mozilla-nspr-devel >= 4.28 +BuildRequires: mozilla-nss-devel >= 3.56 BuildRequires: nasm >= 2.14 BuildRequires: nodejs10 >= 10.21.0 BuildRequires: python-devel @@ -209,11 +213,11 @@ Patch25: mozilla-bmo998749.patch Patch26: mozilla-bmo1626236.patch Patch27: mozilla-s390x-skia-gradient.patch Patch28: mozilla-libavcodec58_91.patch -Patch29: mozilla-system-nspr.patch +Patch29: revert-795c8762b16b.patch # Firefox/browser Patch101: firefox-kde.patch Patch102: firefox-branded-icons.patch -%endif # only_print_mozconfig +%endif BuildRoot: %{_tmppath}/%{name}-%{version}-build Requires(post): coreutils shared-mime-info desktop-file-utils Requires(postun): shared-mime-info desktop-file-utils @@ -352,11 +356,11 @@ cd $RPM_BUILD_DIR/%{srcname}-%{orig_version} %patch26 -p1 %patch27 -p1 %patch28 -p1 -%patch29 -p1 +%patch29 -p1 -R # Firefox %patch101 -p1 %patch102 -p1 -%endif # only_print_mozconfig +%endif %build %if !%{with only_print_mozconfig} @@ -379,9 +383,9 @@ if test "$kdehelperversion" != %{kde_helper_version}; then echo fix kde helper version in the .spec file exit 1 fi -%endif # only_print_mozconfig source %{SOURCE4} +%endif export CARGO_HOME=${RPM_BUILD_DIR}/%{srcname}-%{orig_version}/.cargo export MOZ_SOURCE_CHANGESET=$RELEASE_TAG @@ -392,6 +396,7 @@ export MOZ_BUILD_DATE=$RELEASE_TIMESTAMP export MOZILLA_OFFICIAL=1 export BUILD_OFFICIAL=1 export MOZ_TELEMETRY_REPORTING=1 +export MACH_USE_SYSTEM_PYTHON=1 %if 0%{?suse_version} <= 1320 export CC=gcc-9 %else @@ -479,6 +484,7 @@ ac_add_options --disable-debug #ac_add_options --enable-chrome-format=jar ac_add_options --enable-update-channel=%{update_channel} ac_add_options --with-mozilla-api-keyfile=%{SOURCE18} +# Google-service currently not available for free anymore #ac_add_options --with-google-location-service-api-keyfile=%{SOURCE19} ac_add_options --with-google-safebrowsing-api-keyfile=%{SOURCE19} ac_add_options --with-unsigned-addon-scopes=app @@ -532,22 +538,36 @@ xvfb-run --server-args="-screen 0 1920x1080x24" \ # build additional locales %if %localize -# The file obj/browser/locales/bookmarks.html will be overwritten by each langpack-build with the current translation -# Thus we save here the original, to restore it afterwards, so that the default installation will not have zh-TW -# bookmarks -# See also https://bugzilla.opensuse.org/show_bug.cgi?id=1167976 -cp ../obj/browser/locales/bookmarks.html ../obj/browser/locales/bookmarks.html_ORIG - mkdir -p %{buildroot}%{progdir}/browser/extensions truncate -s 0 %{_tmppath}/translations.{common,other} -# Adding "-P 0" would give us parallel builds of langpacks. Unfortunately, mach currently doesn't support -# building them in parallel. If we do, we get race-conditions and have mixed languages in the langpacks. -# See https://bugzilla.suse.com/show_bug.cgi?id=1173986 +# langpack-build can not be done in parallel easily (see https://bugzilla.mozilla.org/show_bug.cgi?id=1660943) +# Therefore, we have to have a separate obj-dir for each language +# We do this, by creating a mozconfig-template with the necessary switches +# and a placeholder obj-dir, which gets copied and modified for each language + +# Create mozconfig-template for langbuild +cat << EOF > ${MOZCONFIG}_LANG +mk_add_options MOZILLA_OFFICIAL=1 +mk_add_options BUILD_OFFICIAL=1 +mk_add_options MOZ_OBJDIR=@TOPSRCDIR@/../obj_LANG +. \$topsrcdir/browser/config/mozconfig +ac_add_options --prefix=%{_prefix} +ac_add_options --with-l10n-base=$RPM_BUILD_DIR/l10n +ac_add_options --disable-updater +%if %branding +ac_add_options --enable-official-branding +%endif +EOF + sed -r '/^(ja-JP-mac|ga-IE|en-US|)$/d;s/ .*$//' $RPM_BUILD_DIR/%{srcname}-%{orig_version}/browser/locales/shipped-locales \ - | xargs -n 1 -I {} /bin/sh -c ' + | xargs -n 1 %{?jobs:-P %jobs} -I {} /bin/sh -c ' locale=$1 - ./mach build langpack-$locale - cp -L ../obj/dist/linux-*/xpi/firefox-%{orig_version}.$locale.langpack.xpi \ + cp ${MOZCONFIG}_LANG ${MOZCONFIG}_$locale + sed -i "s|obj_LANG|obj_$locale|" ${MOZCONFIG}_$locale + export MOZCONFIG=${MOZCONFIG}_$locale + # nsinstall is needed for langpack-build. It is already built by `./mach build`, but building it again is very fast + ./mach build config/nsinstall langpack-$locale + cp -L ../obj_$locale/dist/linux-*/xpi/firefox-%{orig_version}.$locale.langpack.xpi \ %{buildroot}%{progdir}/browser/extensions/langpack-$locale@firefox.mozilla.org.xpi # remove prefs, profile defaults, and hyphenation from langpack #rm -rf %{buildroot}%{progdir}/browser/extensions/langpack-$locale@firefox.mozilla.org/defaults @@ -561,13 +581,10 @@ sed -r '/^(ja-JP-mac|ga-IE|en-US|)$/d;s/ .*$//' $RPM_BUILD_DIR/%{srcname}-%{orig echo %{progdir}/browser/extensions/langpack-$locale@firefox.mozilla.org.xpi \ >> %{_tmppath}/translations.$_l10ntarget ' -- {} - -# Restoring the original bookmarksfile -cp ../obj/browser/locales/bookmarks.html_ORIG ../obj/browser/locales/bookmarks.html %endif ccache -s -%endif # only_print_mozconfig +%endif %install cd $RPM_BUILD_DIR/obj @@ -777,12 +794,12 @@ exit 0 %files translations-common -f %{_tmppath}/translations.common %defattr(-,root,root) %dir %{progdir} -%dir %{progdir}/browser/extensions +%dir %{progdir}/browser/extensions/ %files translations-other -f %{_tmppath}/translations.other %defattr(-,root,root) %dir %{progdir} -%dir %{progdir}/browser/extensions +%dir %{progdir}/browser/extensions/ %endif # this package does not need to provide files but is needed to fulfill diff --git a/firefox-80.0.source.tar.xz b/firefox-80.0.source.tar.xz deleted file mode 100644 index 157d5720..00000000 --- a/firefox-80.0.source.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:380d9853e0712442ba2d4acd85c0e09c19ad36561a3ea8932705ad6b8a91146a -size 335316448 diff --git a/firefox-80.0.source.tar.xz.asc b/firefox-80.0.source.tar.xz.asc deleted file mode 100644 index f38177c0..00000000 --- a/firefox-80.0.source.tar.xz.asc +++ /dev/null @@ -1,16 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQIzBAABCgAdFiEECXsxMHeuYqAvhNpN8aZmj7t9Vy4FAl88jDEACgkQ8aZmj7t9 -Vy7ASg//fLaiXd9rA7/DVLu3TPXAkjCHzgvmH6Y/nwL/Q1Dztv/MxzbBWDRdqP0G -LYm2aYP7iRQCxe5qk3VLgshaRzS+GCkzcz8k2zlEbeTJ8i8Yrs4XF3gETmuorU+2 -ZSzDyK9/RAviDpVa7iRSX5PVBMlBI0j5os3X13ipjRxnYnQnesvV+4/YRblX8W/o -3GjLrm8eRPzglZyxrD6Q2fSPJAGkY/lfJqekkMI3iyq/DPFi3wXPSmiw8r8HFbb9 -Lx6WNF78Tl8aNgsOBHUdYo6qk1v00sejP4OUls9o+VWQOMdVRocoqXo4g7U8Zk+j -P2Tsu4RDsGDo8H3MtG/oRz4RM+wTSVxNC59FWKHsRlPS5q1OmQRltL/ZE0K3+A0z -0S8rHUT9XMWHSmVvqlAOXHPXy0C050j8NXxMhST3vGC8dHpmUAPOHGQUrLRkHucn -uidMFANuvN9QVh5QjYAddA0yHqqkZonPVIKWAv7Den2daS9Hnw1n33XnQIzuggkD -gDTT9hfcxp0Vk0TGR5WXlpku9BBHIUOrmV3MnfN+vHXyrTONrx2Q3JwhzgCCvNTr -mTf8MEOyjo8NdSQ1IwI5vmi48XLnO/XyvBQmiP2YLzx3G2mgZPFiwdauKT0dQset -enamKTFG3DUoOxW/yFxAwxwW5l/44z8Rv82FPUFp7Kgz5wrR7oI= -=/g2L ------END PGP SIGNATURE----- diff --git a/firefox-81.0.source.tar.xz b/firefox-81.0.source.tar.xz new file mode 100644 index 00000000..f3a1e2ec --- /dev/null +++ b/firefox-81.0.source.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:9328745012178aee5a4f47c833539f7872cc6e0f20a853568a313e60cabd1ec8 +size 340347916 diff --git a/firefox-81.0.source.tar.xz.asc b/firefox-81.0.source.tar.xz.asc new file mode 100644 index 00000000..781d3959 --- /dev/null +++ b/firefox-81.0.source.tar.xz.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCgAdFiEECXsxMHeuYqAvhNpN8aZmj7t9Vy4FAl9ixfMACgkQ8aZmj7t9 +Vy4wERAAhWxZWDjUP5GgFvvXvN03ESS6AEZqtrl2r09tfEEe10CM9PtuiXL6HAyW +JR8IDN22aheZJaCDDBxyq7HfkO0xkGypAWEl6pTrw8o0vwxoQ1qYa8/7uy5vyI0w +FX4cm2GNqiE8Lm0uujvMqY6yEivvOgZEYYoph7+7IH2zm6ruiirCcLFH4GairTOQ +eROJatUC9HO3pp4Lg3x2YrbcuS5GG6JHkaMe5l0MNlk3he9YUCJ9I2Dscg4lWC4P +gfig9LuX3UHwTxERpQevM18N3mzQNxG6LfghzyFfgDAjvgMqVnZ5uKqp5E6nVUiq +nvPl7Idt1+rh1cJtO1/EjEQYWEdGM7IFafuxGnx9nBtUm1rVmDHNHPPm6ocJb5M7 ++iII4prXNMajjgzzzRfRC2rixPn4hplgKo7YTxx1IF4h6XMxE4cTQ+WfTT0IddaF +NNJRirDFIdeJ3DPSb7pJoO+U8TvZmQ3GUch5Tw4vFAFbSrc8tqWoZI9RXe50gMqJ +eIOFggS6zK+p1E81nA8napzfGkSpNpmUuZ1fSvkWlBjcaTne8QW+stwUW/r78OnF +uVCScaQ428b4FsKaMf9/faO6/wJI4eImjrPfYV9PHs67G8H66Hw1DW0QVuNZnaa1 +pcRG743EcjYcrsgB/oTFaF31V9ZOJsBTWXdbOMViAtTIkPOOiPA= +=Wh4b +-----END PGP SIGNATURE----- diff --git a/l10n-80.0.tar.xz b/l10n-80.0.tar.xz deleted file mode 100644 index 6529238a..00000000 --- a/l10n-80.0.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:fe3ea0d8cec71c6d8b6b4d642e2c0bb115bdafa106085e7cd3cccea43c992150 -size 53010496 diff --git a/l10n-81.0.tar.xz b/l10n-81.0.tar.xz new file mode 100644 index 00000000..c12a94f6 --- /dev/null +++ b/l10n-81.0.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:c593ee1a7a399ec3d057ff8682f231a7ba9b47079ab9572753db2126fdfa3fbc +size 48859784 diff --git a/mozilla-kde.patch b/mozilla-kde.patch index 6faf17c1..caa3c4c8 100644 --- a/mozilla-kde.patch +++ b/mozilla-kde.patch @@ -3,7 +3,7 @@ # Date 1559294891 -7200 # Fri May 31 11:28:11 2019 +0200 # Node ID c2aa7198fb925e7fde96abf65b6f68b9b755f112 -# Parent a22a4c4e41107a0809c33a83e9d14916738c5a82 +# Parent e89d21ead66fbb34b6349edda42748a3ad9e6136 Description: Add KDE integration to Firefox (toolkit parts) Author: Wolfgang Rosenauer Author: Lubos Lunak @@ -31,7 +31,7 @@ diff --git a/modules/libpref/Preferences.cpp b/modules/libpref/Preferences.cpp #ifdef MOZ_MEMORY # include "mozmemory.h" #endif -@@ -4530,25 +4531,37 @@ nsresult Preferences::InitInitialObjects +@@ -4536,25 +4537,37 @@ nsresult Preferences::InitInitialObjects // application pref files for backwards compatibility. static const char* specialFiles[] = { #if defined(XP_MACOSX) @@ -69,7 +69,7 @@ diff --git a/modules/libpref/Preferences.cpp b/modules/libpref/Preferences.cpp // Load jar:$app/omni.jar!/defaults/preferences/*.js // or jar:$gre/omni.jar!/defaults/preferences/*.js. -@@ -4594,17 +4607,17 @@ nsresult Preferences::InitInitialObjects +@@ -4600,17 +4613,17 @@ nsresult Preferences::InitInitialObjects } nsCOMPtr path = do_QueryInterface(elem); @@ -175,7 +175,7 @@ diff --git a/toolkit/components/downloads/moz.build b/toolkit/components/downloa diff --git a/toolkit/mozapps/downloads/HelperAppDlg.jsm b/toolkit/mozapps/downloads/HelperAppDlg.jsm --- a/toolkit/mozapps/downloads/HelperAppDlg.jsm +++ b/toolkit/mozapps/downloads/HelperAppDlg.jsm -@@ -1203,36 +1203,66 @@ nsUnknownContentTypeDialog.prototype = { +@@ -1239,36 +1239,66 @@ nsUnknownContentTypeDialog.prototype = { params.handlerApp && params.handlerApp.executable && params.handlerApp.executable.isFile() @@ -1293,11 +1293,11 @@ diff --git a/uriloader/exthandler/unix/nsOSHelperAppService.cpp b/uriloader/exth diff --git a/widget/gtk/moz.build b/widget/gtk/moz.build --- a/widget/gtk/moz.build +++ b/widget/gtk/moz.build -@@ -133,16 +133,17 @@ include('/ipc/chromium/chromium-config.m - FINAL_LIBRARY = 'xul' +@@ -134,16 +134,17 @@ FINAL_LIBRARY = 'xul' LOCAL_INCLUDES += [ '/layout/base', + '/layout/forms', '/layout/generic', '/layout/xul', '/other-licenses/atk-1.0', diff --git a/mozilla-pipewire-0-3.patch b/mozilla-pipewire-0-3.patch index 6cb41b65..3efcb288 100644 --- a/mozilla-pipewire-0-3.patch +++ b/mozilla-pipewire-0-3.patch @@ -1,5 +1,5 @@ # HG changeset patch -# Parent f530b1587cd1c0a79c34f91a9690c4cc4c33ac31 +# Parent 5bd7b491505076dc38ba1efc7c406b9c53ba8389 diff --git a/config/system-headers.mozbuild b/config/system-headers.mozbuild --- a/config/system-headers.mozbuild @@ -65,13 +65,13 @@ diff --git a/media/webrtc/trunk/webrtc/modules/desktop_capture/BUILD.gn b/media/ diff --git a/media/webrtc/trunk/webrtc/modules/desktop_capture/desktop_capture_generic_gn/moz.build b/media/webrtc/trunk/webrtc/modules/desktop_capture/desktop_capture_generic_gn/moz.build --- a/media/webrtc/trunk/webrtc/modules/desktop_capture/desktop_capture_generic_gn/moz.build +++ b/media/webrtc/trunk/webrtc/modules/desktop_capture/desktop_capture_generic_gn/moz.build -@@ -289,16 +289,40 @@ if CONFIG["OS_TARGET"] == "WINNT": - "/media/webrtc/trunk/webrtc/modules/desktop_capture/win/screen_capturer_win_directx.cc", - "/media/webrtc/trunk/webrtc/modules/desktop_capture/win/screen_capturer_win_magnifier.cc", - "/media/webrtc/trunk/webrtc/modules/desktop_capture/win/win_shared.cc", - "/media/webrtc/trunk/webrtc/modules/desktop_capture/win/window_capture_utils.cc", - "/media/webrtc/trunk/webrtc/modules/desktop_capture/window_capturer_win.cc", - "/media/webrtc/trunk/webrtc/modules/desktop_capture/window_finder_win.cc" +@@ -112,16 +112,39 @@ if CONFIG["OS_TARGET"] == "DragonFly": + "/media/webrtc/trunk/webrtc/modules/desktop_capture/linux/x_atom_cache.cc", + "/media/webrtc/trunk/webrtc/modules/desktop_capture/linux/x_error_trap.cc", + "/media/webrtc/trunk/webrtc/modules/desktop_capture/linux/x_server_pixel_buffer.cc", + "/media/webrtc/trunk/webrtc/modules/desktop_capture/mouse_cursor_monitor_linux.cc", + "/media/webrtc/trunk/webrtc/modules/desktop_capture/screen_capturer_linux.cc", + "/media/webrtc/trunk/webrtc/modules/desktop_capture/window_capturer_linux.cc" ] +# PipeWire specific files @@ -97,8 +97,7 @@ diff --git a/media/webrtc/trunk/webrtc/modules/desktop_capture/desktop_capture_g + "/media/webrtc/trunk/webrtc/modules/desktop_capture/linux/window_capturer_pipewire.cc" + ] + -+ - if CONFIG["OS_TARGET"] == "NetBSD": + if CONFIG["OS_TARGET"] == "FreeBSD": DEFINES["USE_X11"] = "1" DEFINES["WEBRTC_BSD"] = True diff --git a/mozilla-sandbox-fips.patch b/mozilla-sandbox-fips.patch index b442676c..7c75bb7f 100644 --- a/mozilla-sandbox-fips.patch +++ b/mozilla-sandbox-fips.patch @@ -1,16 +1,49 @@ -From: meissner@suse.com +From: meissner@suse.com, cgrobertson@suse.com Subject: allow Firefox to access addtional process information -Reference: http://bugzilla.suse.com/show_bug.cgi?id=1167132 +References: +http://bugzilla.suse.com/show_bug.cgi?id=1167132 +bsc#1174284 - Firefox tab just crashed in FIPS mode -Index: firefox-74.0/security/sandbox/linux/broker/SandboxBrokerPolicyFactory.cpp -=================================================================== ---- firefox-74.0.orig/security/sandbox/linux/broker/SandboxBrokerPolicyFactory.cpp -+++ firefox-74.0/security/sandbox/linux/broker/SandboxBrokerPolicyFactory.cpp -@@ -276,6 +276,7 @@ SandboxBrokerPolicyFactory::SandboxBroke +diff --git a/security/sandbox/linux/Sandbox.cpp b/security/sandbox/linux/Sandbox.cpp +--- a/security/sandbox/linux/Sandbox.cpp ++++ b/security/sandbox/linux/Sandbox.cpp +@@ -647,16 +647,17 @@ void SetMediaPluginSandbox(const char* a + SANDBOX_LOG_ERROR("failed to open plugin file %s: %s", aFilePath, + strerror(errno)); + MOZ_CRASH("failed while trying to open the plugin file "); + } + + auto files = new SandboxOpenedFiles(); + files->Add(std::move(plugin)); + files->Add("/dev/urandom", true); ++ files->Add("/dev/random", true); + files->Add("/etc/ld.so.cache"); // Needed for NSS in clearkey. + files->Add("/sys/devices/system/cpu/cpu0/tsc_freq_khz"); + files->Add("/sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq"); + files->Add("/proc/cpuinfo"); // Info also available via CPUID instruction. + files->Add("/proc/sys/crypto/fips_enabled"); // Needed for NSS in clearkey. + #ifdef __i386__ + files->Add("/proc/self/auxv"); // Info also in process's address space. + #endif +diff --git a/security/sandbox/linux/broker/SandboxBrokerPolicyFactory.cpp b/security/sandbox/linux/broker/SandboxBrokerPolicyFactory.cpp +--- a/security/sandbox/linux/broker/SandboxBrokerPolicyFactory.cpp ++++ b/security/sandbox/linux/broker/SandboxBrokerPolicyFactory.cpp +@@ -308,16 +308,18 @@ void SandboxBrokerPolicyFactory::InitCon + policy->AddDir(rdwr, "/dev/dri"); + } + + // Bug 1575985: WASM library sandbox needs RW access to /dev/null + policy->AddPath(rdwr, "/dev/null"); // Read permissions policy->AddPath(rdonly, "/dev/urandom"); ++ policy->AddPath(rdonly, "/dev/random"); + policy->AddPath(rdonly, "/proc/sys/crypto/fips_enabled"); policy->AddPath(rdonly, "/proc/cpuinfo"); policy->AddPath(rdonly, "/proc/meminfo"); policy->AddDir(rdonly, "/sys/devices/cpu"); + policy->AddDir(rdonly, "/sys/devices/system/cpu"); + policy->AddDir(rdonly, "/lib"); + policy->AddDir(rdonly, "/lib64"); + policy->AddDir(rdonly, "/usr/lib"); + policy->AddDir(rdonly, "/usr/lib32"); diff --git a/mozilla-system-nspr.patch b/mozilla-system-nspr.patch deleted file mode 100644 index ffe774ba..00000000 --- a/mozilla-system-nspr.patch +++ /dev/null @@ -1,52 +0,0 @@ -# HG changeset patch -# User Wolfgang Rosenauer -# Parent 3804871eac4171b99e9049dbc881b5304b5ac207 - -diff --git a/dom/system/IOUtils.cpp b/dom/system/IOUtils.cpp ---- a/dom/system/IOUtils.cpp -+++ b/dom/system/IOUtils.cpp -@@ -9,19 +9,19 @@ - #include "mozilla/dom/IOUtils.h" - #include "mozilla/dom/Promise.h" - #include "mozilla/ErrorNames.h" - #include "mozilla/Result.h" - #include "mozilla/ResultExtensions.h" - #include "mozilla/Services.h" - #include "mozilla/Span.h" - #include "mozilla/TextUtils.h" --#include "nspr/prio.h" --#include "nspr/private/pprio.h" --#include "nspr/prtypes.h" -+#include "prio.h" -+#include "private/pprio.h" -+#include "prtypes.h" - #include "nsDirectoryServiceDefs.h" - #include "nsIFile.h" - #include "nsIGlobalObject.h" - #include "nsNativeCharsetUtils.h" - #include "nsReadableUtils.h" - #include "nsString.h" - #include "nsThreadManager.h" - #include "SpecialSystemDirectory.h" -diff --git a/dom/system/IOUtils.h b/dom/system/IOUtils.h ---- a/dom/system/IOUtils.h -+++ b/dom/system/IOUtils.h -@@ -9,17 +9,17 @@ - - #include "mozilla/AlreadyAddRefed.h" - #include "mozilla/DataMutex.h" - #include "mozilla/dom/BindingDeclarations.h" - #include "mozilla/dom/IOUtilsBinding.h" - #include "mozilla/dom/TypedArray.h" - #include "mozilla/ErrorResult.h" - #include "mozilla/MozPromise.h" --#include "nspr/prio.h" -+#include "prio.h" - #include "nsIAsyncShutdown.h" - #include "nsISerialEventTarget.h" - #include "nsLocalFile.h" - - namespace mozilla { - - /** - * Utility class to be used with |UniquePtr| to automatically close NSPR file diff --git a/revert-795c8762b16b.patch b/revert-795c8762b16b.patch new file mode 100644 index 00000000..d3644f72 --- /dev/null +++ b/revert-795c8762b16b.patch @@ -0,0 +1,25 @@ +diff --git a/build/moz.configure/lto-pgo.configure b/build/moz.configure/lto-pgo.configure +--- a/build/moz.configure/lto-pgo.configure ++++ b/build/moz.configure/lto-pgo.configure +@@ -224,17 +224,20 @@ def lto(value, c_compiler, ld64_known_go + # + # https://github.com/llvm/llvm-project/blob/e7694f34ab6a12b8bb480cbfcb396d0a64fe965f/llvm/lib/Target/X86/X86.td#L1165-L1187 + if target.cpu == 'x86_64': + ldflags.append('-mllvm:-mcpu=x86-64') + # We do not need special flags for arm64. Hooray for fixed-length + # instruction sets. + else: + num_cores = multiprocessing.cpu_count() +- cflags.append("-flto") ++ if len(value) and value[0].lower() == 'full': ++ cflags.append("-flto") ++ else: ++ cflags.append("-flto=thin") + cflags.append("-flifetime-dse=1") + + ldflags.append("-flto=%s" % num_cores) + ldflags.append("-flifetime-dse=1") + + # Tell LTO not to inline functions above a certain size, to mitigate + # binary size growth while still getting good performance. + # (For hot functions, PGO will put a multiplier on this limit.) diff --git a/tar_stamps b/tar_stamps index 2e6958a6..6371e665 100644 --- a/tar_stamps +++ b/tar_stamps @@ -1,11 +1,11 @@ PRODUCT="firefox" CHANNEL="release" -VERSION="80.0" +VERSION="81.0" VERSION_SUFFIX="" -PREV_VERSION="79.0" +PREV_VERSION="80.0.1" PREV_VERSION_SUFFIX="" #SKIP_LOCALES="" # Uncomment to skip l10n and compare-locales-generation RELEASE_REPO="https://hg.mozilla.org/releases/mozilla-release" -RELEASE_TAG="bd5d1f49975deb730064a16b3079edb53c4a5f84" -RELEASE_TIMESTAMP="20200818235255" +RELEASE_TAG="080f865dcb5a2427138f686afa8e72ba81936743" +RELEASE_TIMESTAMP="20200917005511"