From 859ad6e039489b4e445a0f2b47ba95f88cd3fefe9396e7670e973cc19fb789d4 Mon Sep 17 00:00:00 2001 From: Wolfgang Rosenauer Date: Tue, 2 Jun 2020 14:55:49 +0000 Subject: [PATCH] - Mozilla Firefox 77.0 * view and manage web certificates more easily on the new about:certificate page * improvements in accessibility * significant improvements to JavaScript debugging MFSA 2020-20 (bsc#1172402) * CVE-2020-12399 (bmo#1631576) Timing attack on DSA signatures in NSS library (fixed with external NSS >= 3.52.1) * CVE-2020-12405 (bmo#1631618) Use-after-free in SharedWorkerService * CVE-2020-12406 (bmo#1639590) JavaScript type confusion with NativeTypes * CVE-2020-12407 (bmo#1637112) WebRender leaking GPU memory when using border-image CSS directive * CVE-2020-12408 (bmo#1623888) URL spoofing when using IP addresses * CVE-2020-12409 (bmo#1619305, bmo#1632717) Memory safety bugs fixed in Firefox 77 and Firefox ESR 68.9 * CVE-2020-12411 (bmo#1620972, bmo#1625333) Memory safety bugs fixed in Firefox 77 - requires * NSS >= 3.52.1 * rust-cbindgen >= 1.14.1 * clang >= 5 - added mozilla-bmo1634646.patch as part of fixing PGO build (still not working) OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=830 --- MozillaFirefox.changes | 32 ++++++++++++++++++++++++++++++++ MozillaFirefox.spec | 23 ++++++++++------------- firefox-76.0.1.source.tar.xz | 3 --- firefox-76.0.1.source.tar.xz.asc | 16 ---------------- firefox-77.0.source.tar.xz | 3 +++ firefox-77.0.source.tar.xz.asc | 16 ++++++++++++++++ firefox-kde.patch | 28 ++++++++++++++-------------- l10n-76.0.1.tar.xz | 3 --- l10n-77.0.tar.xz | 3 +++ mozilla-bmo1634646.patch | 26 ++++++++++++++++++++++++++ mozilla-kde.patch | 21 ++++++++++----------- tar_stamps | 8 ++++---- 12 files changed, 118 insertions(+), 64 deletions(-) delete mode 100644 firefox-76.0.1.source.tar.xz delete mode 100644 firefox-76.0.1.source.tar.xz.asc create mode 100644 firefox-77.0.source.tar.xz create mode 100644 firefox-77.0.source.tar.xz.asc delete mode 100644 l10n-76.0.1.tar.xz create mode 100644 l10n-77.0.tar.xz create mode 100644 mozilla-bmo1634646.patch diff --git a/MozillaFirefox.changes b/MozillaFirefox.changes index 85313352..0f7a0b2b 100644 --- a/MozillaFirefox.changes +++ b/MozillaFirefox.changes @@ -1,3 +1,35 @@ +------------------------------------------------------------------- +Fri May 29 11:49:36 UTC 2020 - Wolfgang Rosenauer + +- Mozilla Firefox 77.0 + * view and manage web certificates more easily on the new + about:certificate page + * improvements in accessibility + * significant improvements to JavaScript debugging + MFSA 2020-20 (bsc#1172402) + * CVE-2020-12399 (bmo#1631576) + Timing attack on DSA signatures in NSS library + (fixed with external NSS >= 3.52.1) + * CVE-2020-12405 (bmo#1631618) + Use-after-free in SharedWorkerService + * CVE-2020-12406 (bmo#1639590) + JavaScript type confusion with NativeTypes + * CVE-2020-12407 (bmo#1637112) + WebRender leaking GPU memory when using border-image CSS + directive + * CVE-2020-12408 (bmo#1623888) + URL spoofing when using IP addresses + * CVE-2020-12409 (bmo#1619305, bmo#1632717) + Memory safety bugs fixed in Firefox 77 and Firefox ESR 68.9 + * CVE-2020-12411 (bmo#1620972, bmo#1625333) + Memory safety bugs fixed in Firefox 77 +- requires + * NSS >= 3.52.1 + * rust-cbindgen >= 1.14.1 + * clang >= 5 +- added mozilla-bmo1634646.patch as part of fixing PGO build + (still not working) + ------------------------------------------------------------------- Wed May 13 12:21:13 UTC 2020 - Michel Normand diff --git a/MozillaFirefox.spec b/MozillaFirefox.spec index 29752985..ed93c7cf 100644 --- a/MozillaFirefox.spec +++ b/MozillaFirefox.spec @@ -18,18 +18,18 @@ # changed with every update -%define major 76 -%define mainver %major.0.1 -%define orig_version 76.0.1 +%define major 77 +%define mainver %major.0 +%define orig_version 77.0 %define orig_suffix %{nil} %define update_channel release %define branding 1 %define devpkg 1 -# disable for FF73 for now as it fails for unknown reason +# PGO builds do not work in TW currently (bmo#1642410) %define do_profiling 0 -# always build with GCC as SUSE Security Team requires that +# upstream default is clang (to use gcc for large parts set to 0) %define clang_build 0 # PIE, full relro @@ -84,14 +84,14 @@ BuildRequires: libnotify-devel BuildRequires: libproxy-devel BuildRequires: makeinfo BuildRequires: mozilla-nspr-devel >= 4.25 -BuildRequires: mozilla-nss-devel >= 3.51.1 +BuildRequires: mozilla-nss-devel >= 3.52.1 BuildRequires: nasm >= 2.14 BuildRequires: nodejs10 >= 10.19.0 BuildRequires: python-devel BuildRequires: python2-xml BuildRequires: python3 >= 3.5 BuildRequires: rust >= 1.41 -BuildRequires: rust-cbindgen >= 0.13.1 +BuildRequires: rust-cbindgen >= 0.14.1 BuildRequires: startup-notification-devel BuildRequires: unzip BuildRequires: update-desktop-files @@ -104,6 +104,7 @@ BuildRequires: zip %if 0%{?suse_version} < 1550 BuildRequires: pkgconfig(gconf-2.0) >= 1.2.1 %endif +BuildRequires: clang-devel >= 5 BuildRequires: pkgconfig(gdk-x11-2.0) BuildRequires: pkgconfig(glib-2.0) >= 2.22 BuildRequires: pkgconfig(gobject-2.0) @@ -113,12 +114,6 @@ BuildRequires: pkgconfig(gtk+-unix-print-2.0) BuildRequires: pkgconfig(gtk+-unix-print-3.0) BuildRequires: pkgconfig(libffi) BuildRequires: pkgconfig(libpulse) -%if 0%{?suse_version} > 1320 -BuildRequires: llvm-clang-devel >= 3.9.0 -%else -# this covers the workaround to compile on Leap 42 in OBS -BuildRequires: clang4-devel -%endif # libavcodec is required for H.264 support but the # openSUSE version is currently not able to play H.264 # therefore the Packman version is required @@ -186,6 +181,7 @@ Patch19: mozilla-bmo1512162.patch Patch20: mozilla-fix-top-level-asm.patch Patch21: mozilla-bmo1504834-part4.patch Patch22: mozilla-bmo849632.patch +Patch23: mozilla-bmo1634646.patch # Firefox/browser Patch101: firefox-kde.patch Patch102: firefox-branded-icons.patch @@ -321,6 +317,7 @@ cd $RPM_BUILD_DIR/%{srcname}-%{orig_version} %patch20 -p1 %patch21 -p1 %patch22 -p1 +%patch23 -p1 # Firefox %patch101 -p1 %patch102 -p1 diff --git a/firefox-76.0.1.source.tar.xz b/firefox-76.0.1.source.tar.xz deleted file mode 100644 index 389debd3..00000000 --- a/firefox-76.0.1.source.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:f61761e32774a6bdfedd5937c4992fbe5e24c3df057c2b9a559fcd0d038777c3 -size 323251680 diff --git a/firefox-76.0.1.source.tar.xz.asc b/firefox-76.0.1.source.tar.xz.asc deleted file mode 100644 index 123eefc3..00000000 --- a/firefox-76.0.1.source.tar.xz.asc +++ /dev/null @@ -1,16 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQIzBAABCgAdFiEECXsxMHeuYqAvhNpN8aZmj7t9Vy4FAl60YFUACgkQ8aZmj7t9 -Vy6MNA//UcG2MRCmif6Jd1RzYrN+9RWBRz5ybnVpnLVyAMy3rRW3obhflxbcHhEy -Z0ZcIPOK/MBd+cZHD07/z0sP5eXYa3hrO1HzBtprYKCZmzj84/lnjnBUxHshvzgq -ga0WeQpbVroXNJzS60LezU4iBPb2tgElbHZ/Gngm591dCznOWHFmo2dG+9Un3P3y -BAP0mFEAGW0NNbhBV8lHuNuMTa+A+QU6xEpcEmclfp5I7/CBz7FtpX06KPLdLuAA -PFp1xbPIa4OVGed2eJfL9VxDQPwcznPzj+wevM258I9GYoKrGyPa5TqzK3ThtLeV -mtugj2y+IZ7hBeZVZmrPg4Oy1EEPLfrp6SVdj9R9mWfLwprd5AQgcluY/5FO2bZK -pvcaJNfj5/0v8NMunx93V9AQsYDar3o0dPh1/KYZggObk34g+JZCXaYYlGDQvbop -AyEe60R82PJMrtzDoWNefC9kDFiepi/PWWWmUadp3oJ48IiRaaTCOYMsNMoTKH0L -yqv77pya6J9vezkCSXMxaW9GtEbgd8ofPhuWi3GjUMOIBgp2aKC+HuD+kLqVwlG1 -xOkSDPHb65k6eRkmxU8wl0q8nDUpKd8XxK6I85h9RiSSsrLasyPk7ubwUq0aI44W -r2j8Ncblqar8dGSGcUNOhaTCQ7CqVjb3NNNbdqtJeZCkzSZmtQo= -=68qN ------END PGP SIGNATURE----- diff --git a/firefox-77.0.source.tar.xz b/firefox-77.0.source.tar.xz new file mode 100644 index 00000000..4d15cb98 --- /dev/null +++ b/firefox-77.0.source.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:b534794c493d8698dfb6c852af52b49540afdf88dc50451f42d6591de93291e8 +size 329713656 diff --git a/firefox-77.0.source.tar.xz.asc b/firefox-77.0.source.tar.xz.asc new file mode 100644 index 00000000..02ee97c6 --- /dev/null +++ b/firefox-77.0.source.tar.xz.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCgAdFiEECXsxMHeuYqAvhNpN8aZmj7t9Vy4FAl7Qp50ACgkQ8aZmj7t9 +Vy45TQ/+MR9Y4vXi7gNPtkSF6Ey5bowYADh9BPe0jMU9g2LrrNxVK5rD+3OHlMAd +ghjCIix+b36pfJJ1/Pb5RgimC8qQs9UUCfWkU2tVtn9K95Vwa7cn15lwfNCB3Gkb +u713FOjk+Aw3DfgUmvyI2dtQ4G87RclL6EdzOGSGIfdXRKEe315wJyOVLSGzOUjt +Q1D9NXQVqt1GZNvpOyFruM9Crqf/bmzr5gP6RRn5aja9QO150RSAcf6AApaiZGWB +YwINaiCB+S7hT3JnI7m4ax4vkNSGYR/ddG3Lnz9q5kFlZSBtLwA91+ffJEpzvFge +GLNrq8oOJVIzFx4FwM8VWZ613gUn0yr7mUGNGBBLE0d79o5R46PY+TF1afdL98Kp +yAHdEj4muj2/DD9A7KokIM0bJMDfKFk11Di+CgtlmyzrqGUtE/XEHE1gloutmBtp +1YWMHMuNrbGDJW1nFl8jUerED/jI46KAPd/7Z6a+rPdAsgjUZ4APNm1re6kR1q0C +xWEaqnwmWEJ206APy1nrjDhNdVj/DPCJ3LPQPr2FQWLr+kZhM2f3sHhsu/gdyMEk +CM3Nnf5YJCZcZj6SSgBF2eYXxdq68XIwM/01X7ccUpwIlOT2BgzVp2FcWvzweJ02 +gmX1pcCcGaVS8u+LVAVr8KX151h7Ve1t488O8y33aJ4qoVheRk4= +=SQpJ +-----END PGP SIGNATURE----- diff --git a/firefox-kde.patch b/firefox-kde.patch index 5ee4a332..dd5dde80 100644 --- a/firefox-kde.patch +++ b/firefox-kde.patch @@ -3,7 +3,7 @@ # Date 1559300151 -7200 # Fri May 31 12:55:51 2019 +0200 # Node ID 54d41b0033b8d649d842a1f862c6fed8b9874dec -# Parent 5db49d25901f390e985c8e4bb5e0ec0b22cadeec +# Parent 0fd58e0df883086574263e0881e1503cf110562a How to apply this patch: 1. Import and apply it 2. cp browser/base/content/browser.xul browser/base/content/browser-kde.xul @@ -11,10 +11,10 @@ How to apply this patch: 4. Replace #ifndef with #ifdef in the line above (this hanges the button order from Gnome-style to KDE-style) 5. hg qrefresh -diff --git a/browser/components/preferences/in-content/main.js b/browser/components/preferences/in-content/main.js ---- a/browser/components/preferences/in-content/main.js -+++ b/browser/components/preferences/in-content/main.js -@@ -333,16 +333,23 @@ var gMainPane = { +diff --git a/browser/components/preferences/main.js b/browser/components/preferences/main.js +--- a/browser/components/preferences/main.js ++++ b/browser/components/preferences/main.js +@@ -336,16 +336,23 @@ var gMainPane = { }, backoffTimes[this._backoffIndex + 1 < backoffTimes.length ? this._backoffIndex++ : backoffTimes.length - 1]); }; @@ -38,7 +38,7 @@ diff --git a/browser/components/preferences/in-content/main.js b/browser/compone ); let performanceSettingsUrl = Services.urlFormatter.formatURLPref("app.support.baseURL") + -@@ -1296,16 +1303,27 @@ var gMainPane = { +@@ -1301,16 +1308,27 @@ var gMainPane = { this._backoffIndex = 0; let shellSvc = getShellService(); @@ -69,7 +69,7 @@ diff --git a/browser/components/preferences/in-content/main.js b/browser/compone diff --git a/browser/components/shell/moz.build b/browser/components/shell/moz.build --- a/browser/components/shell/moz.build +++ b/browser/components/shell/moz.build -@@ -28,16 +28,18 @@ if CONFIG['MOZ_WIDGET_TOOLKIT'] == 'coco +@@ -34,16 +34,18 @@ if CONFIG['MOZ_WIDGET_TOOLKIT'] == 'coco ] elif CONFIG['MOZ_WIDGET_TOOLKIT'] == 'gtk': XPIDL_SOURCES += [ @@ -81,13 +81,13 @@ diff --git a/browser/components/shell/moz.build b/browser/components/shell/moz.b + 'nsKDEShellService.cpp', + 'nsUnixShellService.cpp', ] - elif CONFIG['OS_ARCH'] == 'WINNT': - XPIDL_SOURCES += [ - 'nsIWindowsShellService.idl', - ] - SOURCES += [ - 'nsWindowsShellService.cpp', - ] + if CONFIG['MOZ_ENABLE_DBUS']: + SOURCES += [ + 'nsGNOMEShellDBusHelper.cpp', + 'nsGNOMEShellSearchProvider.cpp', + ] + include('/ipc/chromium/chromium-config.mozbuild') + diff --git a/browser/components/shell/nsKDEShellService.cpp b/browser/components/shell/nsKDEShellService.cpp new file mode 100644 --- /dev/null diff --git a/l10n-76.0.1.tar.xz b/l10n-76.0.1.tar.xz deleted file mode 100644 index 7ebd71e6..00000000 --- a/l10n-76.0.1.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:d803b25ffe8ec3c7c5901dcd11cd5f804af75f6190c6a25cf63c6ac8e405c734 -size 51967492 diff --git a/l10n-77.0.tar.xz b/l10n-77.0.tar.xz new file mode 100644 index 00000000..f5238a18 --- /dev/null +++ b/l10n-77.0.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:c1c0834bc57b7dd8bbefcb31abe08530cab24ff537f4c48bea7dfb8714e22b73 +size 52244764 diff --git a/mozilla-bmo1634646.patch b/mozilla-bmo1634646.patch new file mode 100644 index 00000000..c98e41da --- /dev/null +++ b/mozilla-bmo1634646.patch @@ -0,0 +1,26 @@ +# HG changeset patch +# User Wolfgang Rosenauer +# Parent 43820d9e289abee98a2e3cdb4314848de3bc8622 + +diff --git a/build/pgo/profileserver.py b/build/pgo/profileserver.py +--- a/build/pgo/profileserver.py ++++ b/build/pgo/profileserver.py +@@ -127,17 +127,17 @@ if __name__ == '__main__': + # Bug 1553850 considers fixing this. + env["MOZ_DISABLE_CONTENT_SANDBOX"] = "1" + env["MOZ_DISABLE_RDD_SANDBOX"] = "1" + + # Ensure different pids write to different files + env["LLVM_PROFILE_FILE"] = "default_%p_random_%m.profraw" + + # Write to an output file if we're running in automation +- process_args = {} ++ process_args = {'universal_newlines': True} + if 'UPLOAD_PATH' in env: + process_args['logfile'] = os.path.join(env['UPLOAD_PATH'], 'profile-run-1.log') + + # Run Firefox a first time to initialize its profile + runner = FirefoxRunner(profile=profile, + binary=binary, + cmdargs=['data:text/html,'], + env=env, diff --git a/mozilla-kde.patch b/mozilla-kde.patch index 5b266753..a076caa4 100644 --- a/mozilla-kde.patch +++ b/mozilla-kde.patch @@ -3,7 +3,7 @@ # Date 1559294891 -7200 # Fri May 31 11:28:11 2019 +0200 # Node ID c2aa7198fb925e7fde96abf65b6f68b9b755f112 -# Parent 04c2cbd396b26a8e08980304a436e5e12fb6a205 +# Parent b517aa8dfa37d729db9590fe699caa38f899dfba Description: Add KDE integration to Firefox (toolkit parts) Author: Wolfgang Rosenauer Author: Lubos Lunak @@ -31,7 +31,7 @@ diff --git a/modules/libpref/Preferences.cpp b/modules/libpref/Preferences.cpp #ifdef MOZ_MEMORY # include "mozmemory.h" #endif -@@ -4539,25 +4540,37 @@ nsresult Preferences::InitInitialObjects +@@ -4566,25 +4567,37 @@ nsresult Preferences::InitInitialObjects // application pref files for backwards compatibility. static const char* specialFiles[] = { #if defined(XP_MACOSX) @@ -69,7 +69,7 @@ diff --git a/modules/libpref/Preferences.cpp b/modules/libpref/Preferences.cpp // Load jar:$app/omni.jar!/defaults/preferences/*.js // or jar:$gre/omni.jar!/defaults/preferences/*.js. -@@ -4603,17 +4616,17 @@ nsresult Preferences::InitInitialObjects +@@ -4630,17 +4643,17 @@ nsresult Preferences::InitInitialObjects } nsCOMPtr path = do_QueryInterface(elem); @@ -302,7 +302,7 @@ diff --git a/toolkit/system/unixproxy/nsUnixSystemProxySettings.cpp b/toolkit/sy nsUnixSystemProxySettings::GetMainThreadOnly(bool* aMainThreadOnly) { // dbus prevents us from being threadsafe, but this routine should not block // anyhow -@@ -380,21 +383,50 @@ nsresult nsUnixSystemProxySettings::GetP +@@ -384,21 +387,50 @@ nsresult nsUnixSystemProxySettings::GetP return NS_OK; } @@ -974,7 +974,7 @@ diff --git a/uriloader/exthandler/unix/nsKDERegistry.cpp b/uriloader/exthandler/ new file mode 100644 --- /dev/null +++ b/uriloader/exthandler/unix/nsKDERegistry.cpp -@@ -0,0 +1,87 @@ +@@ -0,0 +1,86 @@ +/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this @@ -985,7 +985,6 @@ new file mode 100644 +#include "prmem.h" +#include "nsString.h" +#include "nsMIMEInfoUnix.h" -+#include "nsAutoPtr.h" +#include "nsKDEUtils.h" + +/* static */ bool @@ -1351,7 +1350,7 @@ diff --git a/widget/gtk/nsFilePicker.cpp b/widget/gtk/nsFilePicker.cpp #define MAX_PREVIEW_SOURCE_SIZE 4096 nsIFile* nsFilePicker::mPrevDisplayDirectory = nullptr; -@@ -227,17 +230,19 @@ nsFilePicker::AppendFilters(int32_t aFil +@@ -223,17 +226,19 @@ nsFilePicker::AppendFilters(int32_t aFil mAllowURLs = !!(aFilterMask & filterAllowURLs); return nsBaseFilePicker::AppendFilters(aFilterMask); } @@ -1372,7 +1371,7 @@ diff --git a/widget/gtk/nsFilePicker.cpp b/widget/gtk/nsFilePicker.cpp mFilters.AppendElement(filter); mFilterNames.AppendElement(name); -@@ -337,16 +342,39 @@ nsresult nsFilePicker::Show(int16_t* aRe +@@ -333,16 +338,39 @@ nsresult nsFilePicker::Show(int16_t* aRe return NS_OK; } @@ -1412,7 +1411,7 @@ diff --git a/widget/gtk/nsFilePicker.cpp b/widget/gtk/nsFilePicker.cpp GtkFileChooserAction action = GetGtkFileChooserAction(mMode); const gchar* accept_button; -@@ -571,16 +599,244 @@ void nsFilePicker::Done(void* file_choos +@@ -562,16 +590,244 @@ void nsFilePicker::Done(void* file_choos mCallback->Done(result); mCallback = nullptr; } else { @@ -1831,10 +1830,10 @@ diff --git a/xpcom/components/moz.build b/xpcom/components/moz.build if CONFIG['MOZ_WIDGET_TOOLKIT'] == 'gtk': CXXFLAGS += CONFIG['TK_CFLAGS'] + if CONFIG['MOZ_ENABLE_DBUS']: + CXXFLAGS += CONFIG['MOZ_DBUS_GLIB_CFLAGS'] if CONFIG['MOZ_LAYOUT_DEBUGGER']: - DEFINES['MOZ_LAYOUT_DEBUGGER'] = True - diff --git a/xpcom/io/nsLocalFileUnix.cpp b/xpcom/io/nsLocalFileUnix.cpp --- a/xpcom/io/nsLocalFileUnix.cpp +++ b/xpcom/io/nsLocalFileUnix.cpp diff --git a/tar_stamps b/tar_stamps index 96317984..2de4e3b1 100644 --- a/tar_stamps +++ b/tar_stamps @@ -1,11 +1,11 @@ PRODUCT="firefox" CHANNEL="release" -VERSION="76.0.1" +VERSION="77.0" VERSION_SUFFIX="" -PREV_VERSION="76.0" +PREV_VERSION="76.0.1" PREV_VERSION_SUFFIX="" #SKIP_LOCALES="" # Uncomment to skip l10n and compare-locales-generation RELEASE_REPO="https://hg.mozilla.org/releases/mozilla-release" -RELEASE_TAG="e2de5f11bc0afd9a3024d32b83cb9f0ada95717a" -RELEASE_TIMESTAMP="20200507114007" +RELEASE_TAG="54aaeaedcf47d75d19e9b9f90c31801434404537" +RELEASE_TIMESTAMP="20200528194502"