- Mozilla Firefox 77.0

* view and manage web certificates more easily on the new about:certificate page * improvements in accessibility * significant improvements to JavaScript debugging MFSA 2020-20 (bsc#1172402) * CVE-2020-12399 (bmo#1631576) Timing attack on DSA signatures in NSS library (fixed with external NSS >= 3.52.1) * CVE-2020-12405 (bmo#1631618) Use-after-free in SharedWorkerService * CVE-2020-12406 (bmo#1639590) JavaScript type confusion with NativeTypes * CVE-2020-12407 (bmo#1637112) WebRender leaking GPU memory when using border-image CSS directive * CVE-2020-12408 (bmo#1623888) URL spoofing when using IP addresses * CVE-2020-12409 (bmo#1619305, bmo#1632717) Memory safety bugs fixed in Firefox 77 and Firefox ESR 68.9 * CVE-2020-12411 (bmo#1620972, bmo#1625333) Memory safety bugs fixed in Firefox 77 - requires * NSS >= 3.52.1 * rust-cbindgen >= 1.14.1 * clang >= 5 - added mozilla-bmo1634646.patch as part of fixing PGO build (still not working) OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=830
2020-06-02 14:55:49 +00:00 · 2020-06-02 14:55:49 +00:00 · 5c3bb08acd
commit 5c3bb08acd
parent 15bd5b7707
12 changed files with 118 additions and 64 deletions
--- a/MozillaFirefox.changes
+++ b/MozillaFirefox.changes
@ -1,3 +1,35 @@
+-------------------------------------------------------------------
+Fri May 29 11:49:36 UTC 2020 - Wolfgang Rosenauer <wr@rosenauer.org>
+
+- Mozilla Firefox 77.0
+  * view and manage web certificates more easily on the new
+    about:certificate page
+  * improvements in accessibility
+  * significant improvements to JavaScript debugging
+  MFSA 2020-20 (bsc#1172402)
+  * CVE-2020-12399 (bmo#1631576)
+    Timing attack on DSA signatures in NSS library
+    (fixed with external NSS >= 3.52.1)
+  * CVE-2020-12405 (bmo#1631618)
+    Use-after-free in SharedWorkerService
+  * CVE-2020-12406 (bmo#1639590)
+    JavaScript type confusion with NativeTypes
+  * CVE-2020-12407 (bmo#1637112)
+    WebRender leaking GPU memory when using border-image CSS
+    directive
+  * CVE-2020-12408 (bmo#1623888)
+    URL spoofing when using IP addresses
+  * CVE-2020-12409 (bmo#1619305, bmo#1632717)
+    Memory safety bugs fixed in Firefox 77 and Firefox ESR 68.9
+  * CVE-2020-12411 (bmo#1620972, bmo#1625333)
+    Memory safety bugs fixed in Firefox 77
+- requires
+  * NSS >= 3.52.1
+  * rust-cbindgen >= 1.14.1
+  * clang >= 5
+- added mozilla-bmo1634646.patch as part of fixing PGO build
+  (still not working)
+
 -------------------------------------------------------------------
 Wed May 13 12:21:13 UTC 2020 - Michel Normand <normand@linux.vnet.ibm.com>

--- a/MozillaFirefox.spec
+++ b/MozillaFirefox.spec
@ -18,18 +18,18 @@


 # changed with every update
-%define major          76
-%define mainver        %major.0.1
-%define orig_version   76.0.1
+%define major          77
+%define mainver        %major.0
+%define orig_version   77.0
 %define orig_suffix    %{nil}
 %define update_channel release
 %define branding       1
 %define devpkg         1

-# disable for FF73 for now as it fails for unknown reason
+# PGO builds do not work in TW currently (bmo#1642410)
 %define do_profiling   0

-# always build with GCC as SUSE Security Team requires that
+# upstream default is clang (to use gcc for large parts set to 0)
 %define clang_build 0

 # PIE, full relro
@ -84,14 +84,14 @@ BuildRequires:  libnotify-devel
 BuildRequires:  libproxy-devel
 BuildRequires:  makeinfo
 BuildRequires:  mozilla-nspr-devel >= 4.25
-BuildRequires:  mozilla-nss-devel >= 3.51.1
+BuildRequires:  mozilla-nss-devel >= 3.52.1
 BuildRequires:  nasm >= 2.14
 BuildRequires:  nodejs10 >= 10.19.0
 BuildRequires:  python-devel
 BuildRequires:  python2-xml
 BuildRequires:  python3 >= 3.5
 BuildRequires:  rust >= 1.41
-BuildRequires:  rust-cbindgen >= 0.13.1
+BuildRequires:  rust-cbindgen >= 0.14.1
 BuildRequires:  startup-notification-devel
 BuildRequires:  unzip
 BuildRequires:  update-desktop-files
@ -104,6 +104,7 @@ BuildRequires:  zip
 %if 0%{?suse_version} < 1550
 BuildRequires:  pkgconfig(gconf-2.0) >= 1.2.1
 %endif
+BuildRequires:  clang-devel >= 5
 BuildRequires:  pkgconfig(gdk-x11-2.0)
 BuildRequires:  pkgconfig(glib-2.0) >= 2.22
 BuildRequires:  pkgconfig(gobject-2.0)
@ -113,12 +114,6 @@ BuildRequires:  pkgconfig(gtk+-unix-print-2.0)
 BuildRequires:  pkgconfig(gtk+-unix-print-3.0)
 BuildRequires:  pkgconfig(libffi)
 BuildRequires:  pkgconfig(libpulse)
-%if 0%{?suse_version} > 1320
-BuildRequires:  llvm-clang-devel >= 3.9.0
-%else
-# this covers the workaround to compile on Leap 42 in OBS
-BuildRequires:  clang4-devel
-%endif
 # libavcodec is required for H.264 support but the
 # openSUSE version is currently not able to play H.264
 # therefore the Packman version is required
@ -186,6 +181,7 @@ Patch19:        mozilla-bmo1512162.patch
 Patch20:        mozilla-fix-top-level-asm.patch
 Patch21:        mozilla-bmo1504834-part4.patch
 Patch22:        mozilla-bmo849632.patch
+Patch23:        mozilla-bmo1634646.patch
 # Firefox/browser
 Patch101:       firefox-kde.patch
 Patch102:       firefox-branded-icons.patch
@ -321,6 +317,7 @@ cd $RPM_BUILD_DIR/%{srcname}-%{orig_version}
 %patch20 -p1
 %patch21 -p1
 %patch22 -p1
+%patch23 -p1
 # Firefox
 %patch101 -p1
 %patch102 -p1
--- a/firefox-76.0.1.source.tar.xz
+++ b/firefox-76.0.1.source.tar.xz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:f61761e32774a6bdfedd5937c4992fbe5e24c3df057c2b9a559fcd0d038777c3
-size 323251680
--- a/firefox-76.0.1.source.tar.xz.asc
+++ b/firefox-76.0.1.source.tar.xz.asc
@ -1,16 +0,0 @@
-----BEGIN PGP SIGNATURE-----
-
-iQIzBAABCgAdFiEECXsxMHeuYqAvhNpN8aZmj7t9Vy4FAl60YFUACgkQ8aZmj7t9
-Vy6MNA//UcG2MRCmif6Jd1RzYrN+9RWBRz5ybnVpnLVyAMy3rRW3obhflxbcHhEy
-Z0ZcIPOK/MBd+cZHD07/z0sP5eXYa3hrO1HzBtprYKCZmzj84/lnjnBUxHshvzgq
-ga0WeQpbVroXNJzS60LezU4iBPb2tgElbHZ/Gngm591dCznOWHFmo2dG+9Un3P3y
-BAP0mFEAGW0NNbhBV8lHuNuMTa+A+QU6xEpcEmclfp5I7/CBz7FtpX06KPLdLuAA
-PFp1xbPIa4OVGed2eJfL9VxDQPwcznPzj+wevM258I9GYoKrGyPa5TqzK3ThtLeV
-mtugj2y+IZ7hBeZVZmrPg4Oy1EEPLfrp6SVdj9R9mWfLwprd5AQgcluY/5FO2bZK
-pvcaJNfj5/0v8NMunx93V9AQsYDar3o0dPh1/KYZggObk34g+JZCXaYYlGDQvbop
-AyEe60R82PJMrtzDoWNefC9kDFiepi/PWWWmUadp3oJ48IiRaaTCOYMsNMoTKH0L
-yqv77pya6J9vezkCSXMxaW9GtEbgd8ofPhuWi3GjUMOIBgp2aKC+HuD+kLqVwlG1
-xOkSDPHb65k6eRkmxU8wl0q8nDUpKd8XxK6I85h9RiSSsrLasyPk7ubwUq0aI44W
-r2j8Ncblqar8dGSGcUNOhaTCQ7CqVjb3NNNbdqtJeZCkzSZmtQo=
-=68qN
-----END PGP SIGNATURE-----
--- a/firefox-77.0.source.tar.xz
+++ b/firefox-77.0.source.tar.xz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:b534794c493d8698dfb6c852af52b49540afdf88dc50451f42d6591de93291e8
+size 329713656
--- a/firefox-77.0.source.tar.xz.asc
+++ b/firefox-77.0.source.tar.xz.asc
@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCgAdFiEECXsxMHeuYqAvhNpN8aZmj7t9Vy4FAl7Qp50ACgkQ8aZmj7t9
+Vy45TQ/+MR9Y4vXi7gNPtkSF6Ey5bowYADh9BPe0jMU9g2LrrNxVK5rD+3OHlMAd
+ghjCIix+b36pfJJ1/Pb5RgimC8qQs9UUCfWkU2tVtn9K95Vwa7cn15lwfNCB3Gkb
+u713FOjk+Aw3DfgUmvyI2dtQ4G87RclL6EdzOGSGIfdXRKEe315wJyOVLSGzOUjt
+Q1D9NXQVqt1GZNvpOyFruM9Crqf/bmzr5gP6RRn5aja9QO150RSAcf6AApaiZGWB
+YwINaiCB+S7hT3JnI7m4ax4vkNSGYR/ddG3Lnz9q5kFlZSBtLwA91+ffJEpzvFge
+GLNrq8oOJVIzFx4FwM8VWZ613gUn0yr7mUGNGBBLE0d79o5R46PY+TF1afdL98Kp
+yAHdEj4muj2/DD9A7KokIM0bJMDfKFk11Di+CgtlmyzrqGUtE/XEHE1gloutmBtp
+1YWMHMuNrbGDJW1nFl8jUerED/jI46KAPd/7Z6a+rPdAsgjUZ4APNm1re6kR1q0C
+xWEaqnwmWEJ206APy1nrjDhNdVj/DPCJ3LPQPr2FQWLr+kZhM2f3sHhsu/gdyMEk
+CM3Nnf5YJCZcZj6SSgBF2eYXxdq68XIwM/01X7ccUpwIlOT2BgzVp2FcWvzweJ02
+gmX1pcCcGaVS8u+LVAVr8KX151h7Ve1t488O8y33aJ4qoVheRk4=
+=SQpJ
+-----END PGP SIGNATURE-----
--- a/firefox-kde.patch
+++ b/firefox-kde.patch
@ -3,7 +3,7 @@
 # Date 1559300151 -7200
 #      Fri May 31 12:55:51 2019 +0200
 # Node ID 54d41b0033b8d649d842a1f862c6fed8b9874dec
-# Parent  5db49d25901f390e985c8e4bb5e0ec0b22cadeec
+# Parent  0fd58e0df883086574263e0881e1503cf110562a
 How to apply this patch:
 1. Import and apply it
 2. cp browser/base/content/browser.xul browser/base/content/browser-kde.xul
@ -11,10 +11,10 @@ How to apply this patch:
 4. Replace #ifndef with #ifdef in the line above (this hanges the button order from Gnome-style to KDE-style)
 5. hg qrefresh

-diff --git a/browser/components/preferences/in-content/main.js b/browser/components/preferences/in-content/main.js
--- a/browser/components/preferences/in-content/main.js
-+++ b/browser/components/preferences/in-content/main.js
-@@ -333,16 +333,23 @@ var gMainPane = {
+diff --git a/browser/components/preferences/main.js b/browser/components/preferences/main.js
+--- a/browser/components/preferences/main.js
+++ b/browser/components/preferences/main.js
+@@ -336,16 +336,23 @@ var gMainPane = {
         }, backoffTimes[this._backoffIndex + 1 < backoffTimes.length ? this._backoffIndex++ : backoffTimes.length - 1]);
       };
 
@ -38,7 +38,7 @@ diff --git a/browser/components/preferences/in-content/main.js b/browser/compone
     );
     let performanceSettingsUrl =
       Services.urlFormatter.formatURLPref("app.support.baseURL") +
-@@ -1296,16 +1303,27 @@ var gMainPane = {
+@@ -1301,16 +1308,27 @@ var gMainPane = {
       this._backoffIndex = 0;
 
       let shellSvc = getShellService();
@ -69,7 +69,7 @@ diff --git a/browser/components/preferences/in-content/main.js b/browser/compone
 diff --git a/browser/components/shell/moz.build b/browser/components/shell/moz.build
 --- a/browser/components/shell/moz.build
 +++ b/browser/components/shell/moz.build
-@@ -28,16 +28,18 @@ if CONFIG['MOZ_WIDGET_TOOLKIT'] == 'coco
+@@ -34,16 +34,18 @@ if CONFIG['MOZ_WIDGET_TOOLKIT'] == 'coco
     ]
 elif CONFIG['MOZ_WIDGET_TOOLKIT'] == 'gtk':
     XPIDL_SOURCES += [
@ -81,13 +81,13 @@ diff --git a/browser/components/shell/moz.build b/browser/components/shell/moz.b
 +        'nsKDEShellService.cpp',
 +        'nsUnixShellService.cpp',
     ]
- elif CONFIG['OS_ARCH'] == 'WINNT':
-     XPIDL_SOURCES += [
-         'nsIWindowsShellService.idl',
-     ]
+     if CONFIG['MOZ_ENABLE_DBUS']:
         SOURCES += [
-         'nsWindowsShellService.cpp',
+             'nsGNOMEShellDBusHelper.cpp',
+             'nsGNOMEShellSearchProvider.cpp',
         ]
+         include('/ipc/chromium/chromium-config.mozbuild')
+ 
 diff --git a/browser/components/shell/nsKDEShellService.cpp b/browser/components/shell/nsKDEShellService.cpp
 new file mode 100644
 --- /dev/null
--- a/l10n-76.0.1.tar.xz
+++ b/l10n-76.0.1.tar.xz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:d803b25ffe8ec3c7c5901dcd11cd5f804af75f6190c6a25cf63c6ac8e405c734
-size 51967492
--- a/l10n-77.0.tar.xz
+++ b/l10n-77.0.tar.xz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:c1c0834bc57b7dd8bbefcb31abe08530cab24ff537f4c48bea7dfb8714e22b73
+size 52244764
--- a/mozilla-bmo1634646.patch
+++ b/mozilla-bmo1634646.patch
@ -0,0 +1,26 @@
+# HG changeset patch
+# User Wolfgang Rosenauer <wr@rosenauer.org>
+# Parent  43820d9e289abee98a2e3cdb4314848de3bc8622
+
+diff --git a/build/pgo/profileserver.py b/build/pgo/profileserver.py
+--- a/build/pgo/profileserver.py
+++ b/build/pgo/profileserver.py
+@@ -127,17 +127,17 @@ if __name__ == '__main__':
+         # Bug 1553850 considers fixing this.
+         env["MOZ_DISABLE_CONTENT_SANDBOX"] = "1"
+         env["MOZ_DISABLE_RDD_SANDBOX"] = "1"
+ 
+         # Ensure different pids write to different files
+         env["LLVM_PROFILE_FILE"] = "default_%p_random_%m.profraw"
+ 
+         # Write to an output file if we're running in automation
+-        process_args = {}
+        process_args = {'universal_newlines': True}
+         if 'UPLOAD_PATH' in env:
+             process_args['logfile'] = os.path.join(env['UPLOAD_PATH'], 'profile-run-1.log')
+ 
+         # Run Firefox a first time to initialize its profile
+         runner = FirefoxRunner(profile=profile,
+                                binary=binary,
+                                cmdargs=['data:text/html,<script>Quitter.quit()</script>'],
+                                env=env,
--- a/mozilla-kde.patch
+++ b/mozilla-kde.patch
@ -3,7 +3,7 @@
 # Date 1559294891 -7200
 #      Fri May 31 11:28:11 2019 +0200
 # Node ID c2aa7198fb925e7fde96abf65b6f68b9b755f112
-# Parent  04c2cbd396b26a8e08980304a436e5e12fb6a205
+# Parent  b517aa8dfa37d729db9590fe699caa38f899dfba
 Description: Add KDE integration to Firefox (toolkit parts)
 Author: Wolfgang Rosenauer <wolfgang@rosenauer.org>
 Author: Lubos Lunak <lunak@suse.com>
@ -31,7 +31,7 @@ diff --git a/modules/libpref/Preferences.cpp b/modules/libpref/Preferences.cpp
 #ifdef MOZ_MEMORY
 #  include "mozmemory.h"
 #endif
-@@ -4539,25 +4540,37 @@ nsresult Preferences::InitInitialObjects
+@@ -4566,25 +4567,37 @@ nsresult Preferences::InitInitialObjects
   // application pref files for backwards compatibility.
   static const char* specialFiles[] = {
 #if defined(XP_MACOSX)
@ -69,7 +69,7 @@ diff --git a/modules/libpref/Preferences.cpp b/modules/libpref/Preferences.cpp
 
   // Load jar:$app/omni.jar!/defaults/preferences/*.js
   // or jar:$gre/omni.jar!/defaults/preferences/*.js.
-@@ -4603,17 +4616,17 @@ nsresult Preferences::InitInitialObjects
+@@ -4630,17 +4643,17 @@ nsresult Preferences::InitInitialObjects
       }
 
       nsCOMPtr<nsIFile> path = do_QueryInterface(elem);
@ -302,7 +302,7 @@ diff --git a/toolkit/system/unixproxy/nsUnixSystemProxySettings.cpp b/toolkit/sy
 nsUnixSystemProxySettings::GetMainThreadOnly(bool* aMainThreadOnly) {
   // dbus prevents us from being threadsafe, but this routine should not block
   // anyhow
-@@ -380,21 +383,50 @@ nsresult nsUnixSystemProxySettings::GetP
+@@ -384,21 +387,50 @@ nsresult nsUnixSystemProxySettings::GetP
   return NS_OK;
 }
 
@ -974,7 +974,7 @@ diff --git a/uriloader/exthandler/unix/nsKDERegistry.cpp b/uriloader/exthandler/
 new file mode 100644
 --- /dev/null
 +++ b/uriloader/exthandler/unix/nsKDERegistry.cpp
-@@ -0,0 +1,87 @@
+@@ -0,0 +1,86 @@
 +/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
 +/* This Source Code Form is subject to the terms of the Mozilla Public
 + * License, v. 2.0. If a copy of the MPL was not distributed with this
@ -985,7 +985,6 @@ new file mode 100644
 +#include "prmem.h"
 +#include "nsString.h"
 +#include "nsMIMEInfoUnix.h"
-+#include "nsAutoPtr.h"
 +#include "nsKDEUtils.h"
 +
 +/* static */ bool
@ -1351,7 +1350,7 @@ diff --git a/widget/gtk/nsFilePicker.cpp b/widget/gtk/nsFilePicker.cpp
 #define MAX_PREVIEW_SOURCE_SIZE 4096
 
 nsIFile* nsFilePicker::mPrevDisplayDirectory = nullptr;
-@@ -227,17 +230,19 @@ nsFilePicker::AppendFilters(int32_t aFil
+@@ -223,17 +226,19 @@ nsFilePicker::AppendFilters(int32_t aFil
   mAllowURLs = !!(aFilterMask & filterAllowURLs);
   return nsBaseFilePicker::AppendFilters(aFilterMask);
 }
@ -1372,7 +1371,7 @@ diff --git a/widget/gtk/nsFilePicker.cpp b/widget/gtk/nsFilePicker.cpp
 
   mFilters.AppendElement(filter);
   mFilterNames.AppendElement(name);
-@@ -337,16 +342,39 @@ nsresult nsFilePicker::Show(int16_t* aRe
+@@ -333,16 +338,39 @@ nsresult nsFilePicker::Show(int16_t* aRe
   return NS_OK;
 }
 
@ -1412,7 +1411,7 @@ diff --git a/widget/gtk/nsFilePicker.cpp b/widget/gtk/nsFilePicker.cpp
   GtkFileChooserAction action = GetGtkFileChooserAction(mMode);
 
   const gchar* accept_button;
-@@ -571,16 +599,244 @@ void nsFilePicker::Done(void* file_choos
+@@ -562,16 +590,244 @@ void nsFilePicker::Done(void* file_choos
     mCallback->Done(result);
     mCallback = nullptr;
   } else {
@ -1831,10 +1830,10 @@ diff --git a/xpcom/components/moz.build b/xpcom/components/moz.build
 
 if CONFIG['MOZ_WIDGET_TOOLKIT'] == 'gtk':
     CXXFLAGS += CONFIG['TK_CFLAGS']
+     if CONFIG['MOZ_ENABLE_DBUS']:
+         CXXFLAGS += CONFIG['MOZ_DBUS_GLIB_CFLAGS']
 
 if CONFIG['MOZ_LAYOUT_DEBUGGER']:
-     DEFINES['MOZ_LAYOUT_DEBUGGER'] = True
- 
 diff --git a/xpcom/io/nsLocalFileUnix.cpp b/xpcom/io/nsLocalFileUnix.cpp
 --- a/xpcom/io/nsLocalFileUnix.cpp
 +++ b/xpcom/io/nsLocalFileUnix.cpp
--- a/8
+++ b/8
@ -1,11 +1,11 @@
 PRODUCT="firefox"
 CHANNEL="release"
-VERSION="76.0.1"
+VERSION="77.0"
 VERSION_SUFFIX=""
-PREV_VERSION="76.0"
+PREV_VERSION="76.0.1"
 PREV_VERSION_SUFFIX=""
 #SKIP_LOCALES="" # Uncomment to skip l10n and compare-locales-generation

 RELEASE_REPO="https://hg.mozilla.org/releases/mozilla-release"
-RELEASE_TAG="e2de5f11bc0afd9a3024d32b83cb9f0ada95717a"
-RELEASE_TIMESTAMP="20200507114007"
+RELEASE_TAG="54aaeaedcf47d75d19e9b9f90c31801434404537"
+RELEASE_TIMESTAMP="20200528194502"