pool/MozillaFirefox
SHA256
5
0
Fork 1
Code Issues Pull Requests Packages Projects Releases Wiki Activity
7938696dc2
MozillaFirefox/mozilla-pgo.patch
Wolfgang Rosenauer b45fd771cd - Mozilla Firefox 109.0 
MFSA 2023-01 (bsc#1207119)
  * CVE-2023-23597 (bmo#1538028)
    Logic bug in process allocation allowed to read arbitrary
    files
  * CVE-2023-23598 (bmo#1800425)
    Arbitrary file read from GTK drag and drop on Linux
  * CVE-2023-23599 (bmo#1777800)
    Malicious command could be hidden in devtools output on
    Windows
  * CVE-2023-23600 (bmo#1787034)
    Notification permissions persisted between Normal and Private
    Browsing on Android
  * CVE-2023-23601 (bmo#1794268)
    URL being dragged from cross-origin iframe into same tab
    triggers navigation
  * CVE-2023-23602 (bmo#1800890)
    Content Security Policy wasn't being correctly applied to
    WebSockets in WebWorkers
  * CVE-2023-23603 (bmo#1800832)
    Calls to <code>console.log</code> allowed bypasing Content
    Security Policy via format directive
  * CVE-2023-23604 (bmo#1802346)
    Creation of duplicate <code>SystemPrincipal</code> from less
    secure contexts
  * CVE-2023-23605 (bmo#1764921, bmo#1802690, bmo#1806974)
    Memory safety bugs fixed in Firefox 109 and Firefox ESR 102.7
  * CVE-2023-23606 (bmo#1764974, bmo#1798591, bmo#1799201,
    bmo#1800446, bmo#1801248, bmo#1802100, bmo#1803393,
    bmo#1804626, bmo#1804971, bmo#1807004)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=1033
2023-01-18 07:21:07 +00:00

191 lines
7.1 KiB
Diff
Raw Blame History

# HG changeset patch
# User Wolfgang Rosenauer <wr@rosenauer.org>
# Parent 855b1f176633af8ae11c0d791c8b33e9a2ae88e0
diff --git a/build/moz.configure/lto-pgo.configure b/build/moz.configure/lto-pgo.configure
--- a/build/moz.configure/lto-pgo.configure
+++ b/build/moz.configure/lto-pgo.configure
@@ -242,34 +242,34 @@ def lto(
"configure."
)
if c_compiler.type == "clang":
if value == "full":
cflags.append("-flto")
ldflags.append("-flto")
else:
- cflags.append("-flto=thin")
- ldflags.append("-flto=thin")
+ cflags.append("-flto")
+ ldflags.append("-flto")
if target.os == "Android" and value == "cross":
# Work around https://github.com/rust-lang/rust/issues/90088
# by enabling the highest level of SSE the rust targets default
# to.
# https://github.com/rust-lang/rust/blob/bdfcb88e8b6203ccb46a2fb6649979b773efc8ac/compiler/rustc_target/src/spec/i686_linux_android.rs#L13
# https://github.com/rust-lang/rust/blob/8d1083e319841624f64400e1524805a40d725439/compiler/rustc_target/src/spec/x86_64_linux_android.rs#L7
if target.cpu == "x86":
ldflags.append("-Wl,-plugin-opt=-mattr=+ssse3")
elif target.cpu == "x86_64":
ldflags.append("-Wl,-plugin-opt=-mattr=+sse4.2")
elif c_compiler.type == "clang-cl":
if value == "full":
cflags.append("-flto")
else:
- cflags.append("-flto=thin")
+ cflags.append("-flto")
# With clang-cl, -flto can only be used with -c or -fuse-ld=lld.
# AC_TRY_LINKs during configure don't have -c, so pass -fuse-ld=lld.
cflags.append("-fuse-ld=lld")
# Explicitly set the CPU to optimize for so the linker doesn't
# choose a poor default. Rust compilation by default uses the
# pentium4 CPU on x86:
#
diff --git a/build/pgo/profileserver.py b/build/pgo/profileserver.py
--- a/build/pgo/profileserver.py
+++ b/build/pgo/profileserver.py
@@ -6,17 +6,17 @@
import glob
import json
import os
import subprocess
import sys
import mozcrash
-from mozbuild.base import BinaryNotFoundException, MozbuildObject
+from mozbuild.base import BinaryNotFoundException, MozbuildObject, BuildEnvironmentNotFoundException
from mozfile import TemporaryDirectory
from mozhttpd import MozHttpd
from mozprofile import FirefoxProfile, Preferences
from mozprofile.permissions import ServerLocations
from mozrunner import CLI, FirefoxRunner
from six import string_types
PORT = 8888
@@ -82,19 +82,32 @@ if __name__ == "__main__":
docroot=os.path.join(build.topsrcdir, "build", "pgo"),
path_mappings=path_mappings,
)
httpd.start(block=False)
locations = ServerLocations()
locations.add_host(host="127.0.0.1", port=PORT, options="primary,privileged")
- old_profraw_files = glob.glob("*.profraw")
- for f in old_profraw_files:
- os.remove(f)
+ using_gcc = False
+ try:
+ if build.config_environment.substs.get('CC_TYPE') == 'gcc':
+ using_gcc = True
+ except BuildEnvironmentNotFoundException:
+ pass
+
+ if using_gcc:
+ for dirpath, _, filenames in os.walk('.'):
+ for f in filenames:
+ if f.endswith('.gcda'):
+ os.remove(os.path.join(dirpath, f))
+ else:
+ old_profraw_files = glob.glob('*.profraw')
+ for f in old_profraw_files:
+ os.remove(f)
with TemporaryDirectory() as profilePath:
# TODO: refactor this into mozprofile
profile_data_dir = os.path.join(build.topsrcdir, "testing", "profiles")
with open(os.path.join(profile_data_dir, "profiles.json"), "r") as fh:
base_profiles = json.load(fh)["profileserver"]
prefpaths = [
@@ -208,16 +221,20 @@ if __name__ == "__main__":
# Try to move the crash reports to the artifacts even if Firefox appears
# to exit successfully, in case there's a crash that doesn't set the
# return code to non-zero for some reason.
if get_crashreports(profilePath, name="Firefox exited successfully?") != 0:
print("Firefox exited successfully, but produced a crashreport")
sys.exit(1)
+ print('Copying profile data....')
+ os.system('pwd');
+ os.system('tar cf profdata.tar.gz `find . -name "*.gcda"`; cd ..; tar xf instrumented/profdata.tar.gz;');
+
llvm_profdata = env.get("LLVM_PROFDATA")
if llvm_profdata:
profraw_files = glob.glob("*.profraw")
if not profraw_files:
print(
"Could not find profraw files in the current directory: %s"
% os.getcwd()
)
diff --git a/build/unix/mozconfig.unix b/build/unix/mozconfig.unix
--- a/build/unix/mozconfig.unix
+++ b/build/unix/mozconfig.unix
@@ -1,14 +1,23 @@
. "$topsrcdir/build/mozconfig.common"
if [ -n "$FORCE_GCC" ]; then
CC="$MOZ_FETCHES_DIR/gcc/bin/gcc"
CXX="$MOZ_FETCHES_DIR/gcc/bin/g++"
+ if [ -n "$MOZ_PGO" ]; then
+ if [ -z "$USE_ARTIFACT" ]; then
+ ac_add_options --enable-lto
+ fi
+ export AR="$topsrcdir/gcc/bin/gcc-ar"
+ export NM="$topsrcdir/gcc/bin/gcc-nm"
+ export RANLIB="$topsrcdir/gcc/bin/gcc-ranlib"
+ fi
+
# We want to make sure we use binutils and other binaries in the tooltool
# package.
mk_add_options "export PATH=$MOZ_FETCHES_DIR/gcc/bin:$PATH"
else
# For some builds we don't want to have Clang based static-analysis activated
if [ -z "$DISABLE_CLANG_PLUGIN" ]; then
export ENABLE_CLANG_PLUGIN=1
fi
diff --git a/extensions/spellcheck/src/moz.build b/extensions/spellcheck/src/moz.build
--- a/extensions/spellcheck/src/moz.build
+++ b/extensions/spellcheck/src/moz.build
@@ -23,8 +23,10 @@ LOCAL_INCLUDES += [
"../hunspell/glue",
"../hunspell/src",
"/dom/base",
]
EXPORTS.mozilla += [
"mozInlineSpellChecker.h",
"mozSpellChecker.h",
]
+
+CXXFLAGS += ['-fno-devirtualize']
diff --git a/toolkit/components/terminator/nsTerminator.cpp b/toolkit/components/terminator/nsTerminator.cpp
--- a/toolkit/components/terminator/nsTerminator.cpp
+++ b/toolkit/components/terminator/nsTerminator.cpp
@@ -455,16 +455,21 @@ void nsTerminator::StartWatchdog() {
// Defend against overflow
crashAfterMS = INT32_MAX;
} else {
crashAfterMS *= scaleUp;
}
}
#endif
+ // Disable watchdog for PGO train builds - writting profile information at
+ // exit may take time and it is better to make build hang rather than
+ // silently produce poorly performing binary.
+ crashAfterMS = INT32_MAX;
+
UniquePtr<Options> options(new Options());
// crashAfterTicks is guaranteed to be > 0 as
// crashAfterMS >= ADDITIONAL_WAIT_BEFORE_CRASH_MS >> HEARTBEAT_INTERVAL_MS
options->crashAfterTicks = crashAfterMS / HEARTBEAT_INTERVAL_MS;
DebugOnly<PRThread*> watchdogThread =
CreateSystemThread(RunWatchdog, options.release());
MOZ_ASSERT(watchdogThread);
Reference in New Issue View Git Blame Copy Permalink