MozillaFirefox/mozilla-pgo.patch
Wolfgang Rosenauer 8c7db35439 - Mozilla Firefox 110.0
* https://www.mozilla.org/en-US/firefox/110.0/releasenotes
  MFSA 2023-05 (bsc#1208144)
  * CVE-2023-25728 (bmo#1790345)
    Content security policy leak in violation reports using iframes
  * CVE-2023-25730 (bmo#1794622)
    Screen hijack via browser fullscreen mode
  * CVE-2023-25743 (bmo#1800203)
    Fullscreen notification not shown in Firefox Focus
  * CVE-2023-0767 (bmo#1804640)
    Arbitrary memory write via PKCS 12 in NSS
  * CVE-2023-25735 (bmo#1810711)
    Potential use-after-free from compartment mismatch in SpiderMonkey
  * CVE-2023-25737 (bmo#1811464)
    Invalid downcast in SVGUtils::SetupStrokeGeometry
  * CVE-2023-25738 (bmo#1811852)
    Printing on Windows could potentially crash Firefox with some
    device drivers
  * CVE-2023-25739 (bmo#1811939)
    Use-after-free in mozilla::dom::ScriptLoadContext::~ScriptLoadContext
  * CVE-2023-25729 (bmo#1792138)
    Extensions could have opened external schemes without user knowledge
  * CVE-2023-25732 (bmo#1804564)
    Out of bounds memory write from EncodeInputStream
  * CVE-2023-25734 (bmo#1784451, bmo#1809923, bmo#1810143, bmo#1812338)
    Opening local .url files could cause unexpected network loads
  * CVE-2023-25740 (bmo#1812354)
    Opening local .scf files could cause unexpected network loads
  * CVE-2023-25731 (bmo#1801542)
    Prototype pollution when rendering URLPreview

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=1037
2023-02-15 21:11:31 +00:00

191 lines
7.1 KiB
Diff

# HG changeset patch
# User Wolfgang Rosenauer <wr@rosenauer.org>
# Parent d6f551c7b3dc20bb47526e06c44646fd159f3dd1
diff --git a/build/moz.configure/lto-pgo.configure b/build/moz.configure/lto-pgo.configure
--- a/build/moz.configure/lto-pgo.configure
+++ b/build/moz.configure/lto-pgo.configure
@@ -242,34 +242,34 @@ def lto(
"configure."
)
if c_compiler.type == "clang":
if value == "full":
cflags.append("-flto")
ldflags.append("-flto")
else:
- cflags.append("-flto=thin")
- ldflags.append("-flto=thin")
+ cflags.append("-flto")
+ ldflags.append("-flto")
if target.os == "Android" and value == "cross":
# Work around https://github.com/rust-lang/rust/issues/90088
# by enabling the highest level of SSE the rust targets default
# to.
# https://github.com/rust-lang/rust/blob/bdfcb88e8b6203ccb46a2fb6649979b773efc8ac/compiler/rustc_target/src/spec/i686_linux_android.rs#L13
# https://github.com/rust-lang/rust/blob/8d1083e319841624f64400e1524805a40d725439/compiler/rustc_target/src/spec/x86_64_linux_android.rs#L7
if target.cpu == "x86":
ldflags.append("-Wl,-plugin-opt=-mattr=+ssse3")
elif target.cpu == "x86_64":
ldflags.append("-Wl,-plugin-opt=-mattr=+sse4.2")
elif c_compiler.type == "clang-cl":
if value == "full":
cflags.append("-flto")
else:
- cflags.append("-flto=thin")
+ cflags.append("-flto")
# With clang-cl, -flto can only be used with -c or -fuse-ld=lld.
# AC_TRY_LINKs during configure don't have -c, so pass -fuse-ld=lld.
cflags.append("-fuse-ld=lld")
# Explicitly set the CPU to optimize for so the linker doesn't
# choose a poor default. Rust compilation by default uses the
# pentium4 CPU on x86:
#
diff --git a/build/pgo/profileserver.py b/build/pgo/profileserver.py
--- a/build/pgo/profileserver.py
+++ b/build/pgo/profileserver.py
@@ -6,17 +6,17 @@
import glob
import json
import os
import subprocess
import sys
import mozcrash
-from mozbuild.base import BinaryNotFoundException, MozbuildObject
+from mozbuild.base import BinaryNotFoundException, MozbuildObject, BuildEnvironmentNotFoundException
from mozfile import TemporaryDirectory
from mozhttpd import MozHttpd
from mozprofile import FirefoxProfile, Preferences
from mozprofile.permissions import ServerLocations
from mozrunner import CLI, FirefoxRunner
from six import string_types
PORT = 8888
@@ -82,19 +82,32 @@ if __name__ == "__main__":
docroot=os.path.join(build.topsrcdir, "build", "pgo"),
path_mappings=path_mappings,
)
httpd.start(block=False)
locations = ServerLocations()
locations.add_host(host="127.0.0.1", port=PORT, options="primary,privileged")
- old_profraw_files = glob.glob("*.profraw")
- for f in old_profraw_files:
- os.remove(f)
+ using_gcc = False
+ try:
+ if build.config_environment.substs.get('CC_TYPE') == 'gcc':
+ using_gcc = True
+ except BuildEnvironmentNotFoundException:
+ pass
+
+ if using_gcc:
+ for dirpath, _, filenames in os.walk('.'):
+ for f in filenames:
+ if f.endswith('.gcda'):
+ os.remove(os.path.join(dirpath, f))
+ else:
+ old_profraw_files = glob.glob('*.profraw')
+ for f in old_profraw_files:
+ os.remove(f)
with TemporaryDirectory() as profilePath:
# TODO: refactor this into mozprofile
profile_data_dir = os.path.join(build.topsrcdir, "testing", "profiles")
with open(os.path.join(profile_data_dir, "profiles.json"), "r") as fh:
base_profiles = json.load(fh)["profileserver"]
prefpaths = [
@@ -208,16 +221,20 @@ if __name__ == "__main__":
# Try to move the crash reports to the artifacts even if Firefox appears
# to exit successfully, in case there's a crash that doesn't set the
# return code to non-zero for some reason.
if get_crashreports(profilePath, name="Firefox exited successfully?") != 0:
print("Firefox exited successfully, but produced a crashreport")
sys.exit(1)
+ print('Copying profile data....')
+ os.system('pwd');
+ os.system('tar cf profdata.tar.gz `find . -name "*.gcda"`; cd ..; tar xf instrumented/profdata.tar.gz;');
+
llvm_profdata = env.get("LLVM_PROFDATA")
if llvm_profdata:
profraw_files = glob.glob("*.profraw")
if not profraw_files:
print(
"Could not find profraw files in the current directory: %s"
% os.getcwd()
)
diff --git a/build/unix/mozconfig.unix b/build/unix/mozconfig.unix
--- a/build/unix/mozconfig.unix
+++ b/build/unix/mozconfig.unix
@@ -1,14 +1,23 @@
. "$topsrcdir/build/mozconfig.common"
if [ -n "$FORCE_GCC" ]; then
CC="$MOZ_FETCHES_DIR/gcc/bin/gcc"
CXX="$MOZ_FETCHES_DIR/gcc/bin/g++"
+ if [ -n "$MOZ_PGO" ]; then
+ if [ -z "$USE_ARTIFACT" ]; then
+ ac_add_options --enable-lto
+ fi
+ export AR="$topsrcdir/gcc/bin/gcc-ar"
+ export NM="$topsrcdir/gcc/bin/gcc-nm"
+ export RANLIB="$topsrcdir/gcc/bin/gcc-ranlib"
+ fi
+
# We want to make sure we use binutils and other binaries in the tooltool
# package.
mk_add_options "export PATH=$MOZ_FETCHES_DIR/gcc/bin:$MOZ_FETCHES_DIR/binutils/bin:$PATH"
else
# For some builds we don't want to have Clang based static-analysis activated
if [ -z "$DISABLE_CLANG_PLUGIN" ]; then
export ENABLE_CLANG_PLUGIN=1
fi
diff --git a/extensions/spellcheck/src/moz.build b/extensions/spellcheck/src/moz.build
--- a/extensions/spellcheck/src/moz.build
+++ b/extensions/spellcheck/src/moz.build
@@ -23,8 +23,10 @@ LOCAL_INCLUDES += [
"../hunspell/glue",
"../hunspell/src",
"/dom/base",
]
EXPORTS.mozilla += [
"mozInlineSpellChecker.h",
"mozSpellChecker.h",
]
+
+CXXFLAGS += ['-fno-devirtualize']
diff --git a/toolkit/components/terminator/nsTerminator.cpp b/toolkit/components/terminator/nsTerminator.cpp
--- a/toolkit/components/terminator/nsTerminator.cpp
+++ b/toolkit/components/terminator/nsTerminator.cpp
@@ -455,16 +455,21 @@ void nsTerminator::StartWatchdog() {
// Defend against overflow
crashAfterMS = INT32_MAX;
} else {
crashAfterMS *= scaleUp;
}
}
#endif
+ // Disable watchdog for PGO train builds - writting profile information at
+ // exit may take time and it is better to make build hang rather than
+ // silently produce poorly performing binary.
+ crashAfterMS = INT32_MAX;
+
UniquePtr<Options> options(new Options());
// crashAfterTicks is guaranteed to be > 0 as
// crashAfterMS >= ADDITIONAL_WAIT_BEFORE_CRASH_MS >> HEARTBEAT_INTERVAL_MS
options->crashAfterTicks = crashAfterMS / HEARTBEAT_INTERVAL_MS;
DebugOnly<PRThread*> watchdogThread =
CreateSystemThread(RunWatchdog, options.release());
MOZ_ASSERT(watchdogThread);