db2c7e2e1d
* https://www.mozilla.org/en-US/firefox/74.0/releasenotes/ MFSA 2020-08 (bsc#1166238) * CVE-2020-6805 (bmo#1610880) Use-after-free when removing data about origins * CVE-2020-6806 (bmo#1612308) BodyStream::OnInputStreamReady was missing protections against state confusion * CVE-2020-6807 (bmo#1614971) Use-after-free in cubeb during stream destruction * CVE-2020-6808 (bmo#1247968) URL Spoofing via javascript: URL * CVE-2020-6809 (bmo#1420296) Web Extensions with the all-urls permission could access local files * CVE-2020-6810 (bmo#1432856) Focusing a popup while in fullscreen could have obscured the fullscreen notification * CVE-2020-6811 (bmo#1607742) Devtools' 'Copy as cURL' feature did not fully escape website-controlled data, potentially leading to command injection * CVE-2019-20503 (bmo#1613765) Out of bounds reads in sctp_load_addresses_from_init * CVE-2020-6812 (bmo#1616661) The names of AirPods with personally identifiable information were exposed to websites with camera or microphone permission * CVE-2020-6813 (bmo#1605814) @import statements in CSS could bypass the Content Security Policy nonce feature * CVE-2020-6814 (bmo#1592078,bmo#1604847,bmo#1608256,bmo#1612636, OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=809
122 lines
3.9 KiB
Diff
122 lines
3.9 KiB
Diff
# HG changeset patch
|
|
# Parent b5471d23321d16a0bacc25b7afd27d2e16adba1a
|
|
Taken from https://bugzilla.mozilla.org/show_bug.cgi?id=1504834
|
|
|
|
diff --git a/gfx/2d/DrawTargetSkia.cpp b/gfx/2d/DrawTargetSkia.cpp
|
|
--- a/gfx/2d/DrawTargetSkia.cpp
|
|
+++ b/gfx/2d/DrawTargetSkia.cpp
|
|
@@ -130,18 +130,17 @@ static IntRect CalculateSurfaceBounds(co
|
|
Rect sampledBounds = inverse.TransformBounds(*aBounds);
|
|
if (!sampledBounds.ToIntRect(&bounds)) {
|
|
return surfaceBounds;
|
|
}
|
|
|
|
return surfaceBounds.Intersect(bounds);
|
|
}
|
|
|
|
-static const int kARGBAlphaOffset =
|
|
- SurfaceFormat::A8R8G8B8_UINT32 == SurfaceFormat::B8G8R8A8 ? 3 : 0;
|
|
+static const int kARGBAlphaOffset = 0; // Skia is always BGRA SurfaceFormat::A8R8G8B8_UINT32 == SurfaceFormat::B8G8R8A8 ? 3 : 0;
|
|
|
|
static bool VerifyRGBXFormat(uint8_t* aData, const IntSize& aSize,
|
|
const int32_t aStride, SurfaceFormat aFormat) {
|
|
if (aFormat != SurfaceFormat::B8G8R8X8 || aSize.IsEmpty()) {
|
|
return true;
|
|
}
|
|
// We should've initialized the data to be opaque already
|
|
// On debug builds, verify that this is actually true.
|
|
diff --git a/gfx/2d/Types.h b/gfx/2d/Types.h
|
|
--- a/gfx/2d/Types.h
|
|
+++ b/gfx/2d/Types.h
|
|
@@ -84,25 +84,18 @@ enum class SurfaceFormat : int8_t {
|
|
Depth,
|
|
|
|
// This represents the unknown format.
|
|
UNKNOWN,
|
|
|
|
// The following values are endian-independent synonyms. The _UINT32 suffix
|
|
// indicates that the name reflects the layout when viewed as a uint32_t
|
|
// value.
|
|
-#if MOZ_LITTLE_ENDIAN()
|
|
A8R8G8B8_UINT32 = B8G8R8A8, // 0xAARRGGBB
|
|
X8R8G8B8_UINT32 = B8G8R8X8, // 0x00RRGGBB
|
|
-#elif MOZ_BIG_ENDIAN()
|
|
- A8R8G8B8_UINT32 = A8R8G8B8, // 0xAARRGGBB
|
|
- X8R8G8B8_UINT32 = X8R8G8B8, // 0x00RRGGBB
|
|
-#else
|
|
-# error "bad endianness"
|
|
-#endif
|
|
|
|
// The following values are OS and endian-independent synonyms.
|
|
//
|
|
// TODO(aosmond): When everything blocking bug 1581828 has been resolved, we
|
|
// can make this use R8B8G8A8 and R8B8G8X8 for non-Windows platforms.
|
|
OS_RGBA = A8R8G8B8_UINT32,
|
|
OS_RGBX = X8R8G8B8_UINT32
|
|
};
|
|
diff --git a/gfx/skia/skia/third_party/skcms/skcms.cc b/gfx/skia/skia/third_party/skcms/skcms.cc
|
|
--- a/gfx/skia/skia/third_party/skcms/skcms.cc
|
|
+++ b/gfx/skia/skia/third_party/skcms/skcms.cc
|
|
@@ -25,16 +25,18 @@
|
|
// it'd be a lot slower. But we want all those headers included so we
|
|
// can use their features after runtime checks later.
|
|
#include <smmintrin.h>
|
|
#include <avxintrin.h>
|
|
#include <avx2intrin.h>
|
|
#include <avx512fintrin.h>
|
|
#include <avx512dqintrin.h>
|
|
#endif
|
|
+#else
|
|
+ #define SKCMS_PORTABLE
|
|
#endif
|
|
|
|
// sizeof(x) will return size_t, which is 32-bit on some machines and 64-bit on others.
|
|
// We have better testing on 64-bit machines, so force 32-bit machines to behave like 64-bit.
|
|
//
|
|
// Please do not use sizeof() directly, and size_t only when required.
|
|
// (We have no way of enforcing these requests...)
|
|
#define SAFE_SIZEOF(x) ((uint64_t)sizeof(x))
|
|
@@ -275,30 +277,38 @@ enum {
|
|
skcms_Signature_sf32 = 0x73663332,
|
|
// XYZ is also a PCS signature, so it's defined in skcms.h
|
|
// skcms_Signature_XYZ = 0x58595A20,
|
|
};
|
|
|
|
static uint16_t read_big_u16(const uint8_t* ptr) {
|
|
uint16_t be;
|
|
memcpy(&be, ptr, sizeof(be));
|
|
-#if defined(_MSC_VER)
|
|
+#if __BYTE_ORDER__ == __ORDER_BIG_ENDIAN__
|
|
+ return be;
|
|
+#else
|
|
+ #if defined(_MSC_VER)
|
|
return _byteswap_ushort(be);
|
|
-#else
|
|
+ #else
|
|
return __builtin_bswap16(be);
|
|
+ #endif
|
|
#endif
|
|
}
|
|
|
|
static uint32_t read_big_u32(const uint8_t* ptr) {
|
|
uint32_t be;
|
|
memcpy(&be, ptr, sizeof(be));
|
|
-#if defined(_MSC_VER)
|
|
+#if __BYTE_ORDER == __ORDER_BIG_ENDIAN__
|
|
+ return be;
|
|
+#else
|
|
+ #if defined(_MSC_VER)
|
|
return _byteswap_ulong(be);
|
|
-#else
|
|
+ #else
|
|
return __builtin_bswap32(be);
|
|
+ #endif
|
|
#endif
|
|
}
|
|
|
|
static int32_t read_big_i32(const uint8_t* ptr) {
|
|
return (int32_t)read_big_u32(ptr);
|
|
}
|
|
|
|
static float read_big_fixed(const uint8_t* ptr) {
|