pool/firefox-esr
SHA256
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

- Disable/remove patches no longer needed:

Browse Source 
mozilla-bmo1511604.patch
    mozilla-bmo1583471.patch
- Added mozilla-bmo1602730.patch to fix another LE<->BE issue (bmo#1602730)

- Mozilla Firefox 68.4.1esr
  MFSA 2020-03 (bsc#1160498)
  * CVE-2019-17026 (bmo#1607443)
    IonMonkey type confusion with StoreElementHole and FallibleStoreElement

- Mozilla Firefox 68.4.0esr
  MFSA 2020-02 (bsc#1160305)
  * CVE-2019-17015 (bmo#1599005)
    Memory corruption in parent process during new content process
    initialization on Windows
  * CVE-2019-17016 (bmo#1599181)
    Bypass of @namespace CSS sanitization during pasting
  * CVE-2019-17017 (bmo#1603055)
    Type Confusion in XPCVariant.cpp
  * CVE-2019-17021 (bmo#1599008)
    Heap address disclosure in parent process during content process
    initialization on Windows
  * CVE-2019-17022 (bmo#1602843)
    CSS sanitization does not escape HTML tags
  * CVE-2019-17024 (bmo#1507180, bmo#1595470, bmo#1598605, bmo#1601826)
    Memory safety bugs fixed in Firefox 72 and Firefox ESR 68.4
------------------------------------------------------------------

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/firefox-esr?expand=0&rev=20
This commit is contained in:
Wolfgang Rosenauer 2020-01-09 21:31:21 +00:00 committed by Git OBS Bridge
parent 25ef0f15a6
commit d8a78670a6
11 changed files with 90 additions and 1442 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
firefox-68.3.0esr.source.tar.xz
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:e131149a70e7ae867d9b0ea081e8c081d056500ee51bb9270df247e977badc69
size 312378276

16
firefox-68.3.0esr.source.tar.xz.asc
View File

@ -1,16 +0,0 @@
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEECXsxMHeuYqAvhNpN8aZmj7t9Vy4FAl3cpbgACgkQ8aZmj7t9
Vy5FjA//asuNFCQYkpglWuEnnuP+k74QXvPL02mFhISSyukJVuWV8O0Pw2JObdev
Tt2nG46TTKiD/ahKSv+utZ+skxqu5SuRyrGO8g/u5mGndUkGhmDpKh4mrqblaK2h
yUDqVwyHN/ckVI0TWlpUKq+Ow916nfEPcdgP++P3we1Da6p1ZIMDRQtB5GNMOAJt
5Jf/7yja504MNuRJh5AHEfN9rIzdNMdXs59/CNDL3Tr9MC785+jyU8efhM0RD403
iMMW3dWAZW/dvVm247WnBkCk/dje8M24iwqiSh3SBAytOjEzXc018qrTKbHIQ9FY
ycc4p5fHYBht2NaEnauaQlnIX2Mwi4uYpktqfLKBlPj2szbfxqpWodUDuABgGOEx
bCu2AKhJGqP/NXkzRpFJTRr3LtiWQX/ZCHecwS5yDkCVQywcIgHEnTeSNi273CBe
OOlbHqjL3Bo9FnLQCpZVls+H0lxuSBXavTS+Zpa/nMNitbat3/GW89vJfS/v1Po1
gDtiaEV5jLF3ndEMxyMJhq2xBnUtLNRkGyMozmnNy5dkHwdJUl3FemgAtCgIFtmW
MI7nZBGHoI1LGfQVFR4At7PcOn4iusy6sgrY2G0nCddm5sCrLAYpiHUxzHow9M4S
2AvxKXjaW4nku1IBVPTe5IYTec76ukx3LvlqgeiKSkkk04t6zDE=
=Qu/m
-----END PGP SIGNATURE-----

3
firefox-68.4.1esr.source.tar.xz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:a00a7712d0f919162ce8181a9a3fc3e9ef37adf1caff0945a863b4c0c1d9f360
size 318559576

16
firefox-68.4.1esr.source.tar.xz.asc Normal file
View File

@ -0,0 +1,16 @@
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEECXsxMHeuYqAvhNpN8aZmj7t9Vy4FAl4VMc4ACgkQ8aZmj7t9
Vy7UAA/9EBN51JdLRfJGOhXRTZtlwVzHkWz5NU2TqY4mwyOh7hp4t8Ip3NqMuGNS
vP8ApZz3gTIzisi/pnR89eCGrT3HvoWo9wOrlbaQNZJaN705/NOkN+2uzBV1TreL
yZVNaj9h6qP6Qgbk5nhhxygIFoDBv4BioJS6Z7bYxST9l/wKs5bfMSZ3IldTDN40
/qdkr1z5Z3uvuENNDxVgUlWhUfPj8wLVtNXY8XQfKMFntouX6CJP6uramB3bUCq/
W2O0Si9JDlrqNo6o13O3tjHhgLoplqD7jIdnJjLM7WocjtJT53b9wEFIHN8bc7qM
eBHOlaZ+7mITGQm4W7XRx2lkSPRy+Hw8Gv5D+9HTTzWcZViGKayz2r8FbwumU7+N
FGunBYDd9ip0ku2E9oZjOpJiWjbS9kt+HKh1Zy7PijjuDY7EEy/C58HbwYzZwru4
hlVXSffgfSmCODDS44miiYV+/BFABjPj5XbwLniG6WrwE5pMsb3Z13kHDCdEBSsp
hG0fTZbJujb/iB2XpygV68pJXCucr67FLPZsrwaMMZbbVhpDpdkLl0XvqpEkOn/B
10LKx8QrS7B1kBX+Yozj8YqOIK/YnrnqrSq9rPekplvE4eLk/23RDewtmVqhU1uR
yCpdi+IZ3cHYRPTDdsrciEzcT2BfkVAAlPDnSRhinFBUsK1vTJ0=
=o4gD
-----END PGP SIGNATURE-----

36
firefox-esr.changes
View File

@ -1,4 +1,40 @@
-------------------------------------------------------------------
Thu Jan 9 12:51:42 UTC 2020 - Manfred Hollstein <manfred.h@gmx.net>
- Disable/remove patches no longer needed:
mozilla-bmo1511604.patch
mozilla-bmo1583471.patch
- Added mozilla-bmo1602730.patch to fix another LE<->BE issue (bmo#1602730)
-------------------------------------------------------------------
Thu Jan 9 11:07:33 UTC 2020 - Manfred Hollstein <manfred.h@gmx.net>
- Mozilla Firefox 68.4.1esr
MFSA 2020-03 (bsc#1160498)
* CVE-2019-17026 (bmo#1607443)
IonMonkey type confusion with StoreElementHole and FallibleStoreElement
-------------------------------------------------------------------
Thu Jan 8 09:11:54 UTC 2020 - Manfred Hollstein <manfred.h@gmx.net>
- Mozilla Firefox 68.4.0esr
MFSA 2020-02 (bsc#1160305)
* CVE-2019-17015 (bmo#1599005)
Memory corruption in parent process during new content process
initialization on Windows
* CVE-2019-17016 (bmo#1599181)
Bypass of @namespace CSS sanitization during pasting
* CVE-2019-17017 (bmo#1603055)
Type Confusion in XPCVariant.cpp
* CVE-2019-17021 (bmo#1599008)
Heap address disclosure in parent process during content process
initialization on Windows
* CVE-2019-17022 (bmo#1602843)
CSS sanitization does not escape HTML tags
* CVE-2019-17024 (bmo#1507180, bmo#1595470, bmo#1598605, bmo#1601826)
Memory safety bugs fixed in Firefox 72 and Firefox ESR 68.4
------------------------------------------------------------------
Sun Dec 29 19:02:31 UTC 2019 - Wolfgang Rosenauer <wr@rosenauer.org>
- add mozilla-bmo1583471.patch to allow building with rust 1.39

9
firefox-esr.spec
View File

@ -36,8 +36,8 @@
# major 69
# mainver %major.99
%define major 68
%define mainver %major.3.0
%define orig_version 68.3.0
%define mainver %major.4.1
%define orig_version 68.4.1
%define orig_suffix esr
%define update_channel esr68
%define branding 1
@ -210,14 +210,12 @@ Patch16: mozilla-bmo849632.patch
Patch17: mozilla-bmo1504834-part1.patch
Patch18: mozilla-bmo1504834-part2.patch
Patch19: mozilla-bmo1504834-part3.patch
Patch20: mozilla-bmo1511604.patch
Patch20: mozilla-bmo1602730.patch
Patch21: mozilla-bmo1554971.patch
Patch22: mozilla-nestegg-big-endian.patch
Patch24: mozilla-fix-top-level-asm.patch
Patch25: mozilla-sle12-lower-python-requirement.patch
Patch26: mozilla-bmo1504834-part4.patch
# allows building with rust 1.39 (landed upstream for next cycle)
Patch27: mozilla-bmo1583471.patch
# Firefox/browser
Patch101: firefox-kde.patch
Patch102: firefox-branded-icons.patch
@ -358,7 +356,6 @@ cd $RPM_BUILD_DIR/%{srcname}-%{orig_version}
%patch24 -p1
%patch25 -p1
%patch26 -p1
%patch27 -p1
# Firefox
%patch101 -p1
%patch102 -p1

0
l10n-68.3.0esr.tar.xz → l10n-68.4.1esr.tar.xz
View File

53
mozilla-bmo1511604.patch
View File

@ -1,53 +0,0 @@
# HG changeset patch
# User A. Wilcox <AWilcox@Wilcox-Tech.com>
# Date 1543674229 0
# Sat Dec 01 14:23:49 2018 +0000
# Node ID 0309ff19e46b126c527e633518d7de8570442114
# Parent 5b5a6a164acbd4da6131808bd12e42e7b0a33c2a
Bug 1511604 - Swizzle YCbCr->RGB data on big-endian machines
Taken from https://bugzilla.mozilla.org/show_bug.cgi?id=1511604
This is very closely related to mozilla-bmo1504834
Again, input for skia is swizzled to LE, as skia only understands LE.
diff -r 5b5a6a164acb gfx/ycbcr/YCbCrUtils.cpp
--- a/gfx/ycbcr/YCbCrUtils.cpp Mon Sep 09 17:59:29 2019 +0200
+++ b/gfx/ycbcr/YCbCrUtils.cpp Tue Sep 10 08:22:10 2019 +0200
@@ -3,7 +3,9 @@
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+#include "mozilla/EndianUtils.h"
#include "gfx2DGlue.h"
+#include "mozilla/gfx/Swizzle.h"
#include "YCbCrUtils.h"
#include "yuv_convert.h"
@@ -236,6 +238,13 @@
yuvtype,
srcData.mYUVColorSpace);
}
+#if MOZ_BIG_ENDIAN
+ // libyuv makes endian-correct result, which needs to be swapped to BGRX
+ if (aDestFormat != SurfaceFormat::R5G6B5_UINT16)
+ gfx::SwizzleData(aDestBuffer, aStride, gfx::SurfaceFormat::X8R8G8B8,
+ aDestBuffer, aStride, gfx::SurfaceFormat::B8G8R8X8,
+ srcData.mPicSize);
+#endif
}
void
@@ -257,6 +266,12 @@
aSrcStrideYA,
aSrcStrideUV,
aDstStrideARGB);
+#if MOZ_BIG_ENDIAN
+ // libyuv makes endian-correct result, which needs to be swapped to BGRA
+ gfx::SwizzleData(aDstARGB, aDstStrideARGB, gfx::SurfaceFormat::A8R8G8B8,
+ aDstARGB, aDstStrideARGB, gfx::SurfaceFormat::B8G8R8A8,
+ IntSize(aWidth, aHeight));
+#endif
}
} // namespace gfx

1360
mozilla-bmo1583471.patch
View File

File diff suppressed because it is too large Load Diff

28
mozilla-bmo1602730.patch Normal file
View File

@ -0,0 +1,28 @@
diff -r 6ef20eee3f8f gfx/layers/basic/BasicCompositor.cpp
--- a/gfx/layers/basic/BasicCompositor.cpp Thu Oct 31 09:11:56 2019 +0100
+++ b/gfx/layers/basic/BasicCompositor.cpp Wed Dec 11 16:16:09 2019 +0100
@@ -693,9 +693,13 @@
RefPtr<SourceSurface> sourceMask;
Matrix maskTransform;
+ // Setting an alpha-mask here breaks the URL-bar on big endian (s390x)
+ // if the typed URL is too long for the textbox (automatic scrolling needed)
+#if MOZ_LITTLE_ENDIAN
if (aTransform.Is2D()) {
SetupMask(aEffectChain, dest, offset, sourceMask, maskTransform);
}
+#endif
CompositionOp blendMode = CompositionOp::OP_OVER;
if (Effect* effect =
diff -r 6ef20eee3f8f gfx/layers/composite/CompositableHost.cpp
--- a/gfx/layers/composite/CompositableHost.cpp Thu Oct 31 09:11:56 2019 +0100
+++ b/gfx/layers/composite/CompositableHost.cpp Wed Dec 11 16:16:09 2019 +0100
@@ -91,6 +91,7 @@
}
MOZ_ASSERT(source);
+ // Alternatively: Comment out these lines where the alpha-mask is set
RefPtr<EffectMask> effect =
new EffectMask(source, source->GetSize(), aTransform);
aEffects.mSecondaryEffects[EffectTypes::MASK] = effect;

8
tar_stamps
View File

@ -1,10 +1,10 @@
PRODUCT="firefox"
CHANNEL="esr68"
VERSION="68.3.0"
VERSION="68.4.1"
VERSION_SUFFIX="esr"
PREV_VERSION="68.2.0"
PREV_VERSION="68.4.0"
PREV_VERSION_SUFFIX="esr"
#SKIP_LOCALES="" # Uncomment to skip l10n and compare-locales-generation
RELEASE_REPO="https://hg.mozilla.org/releases/mozilla-esr68"
RELEASE_TAG="fd17b62d5247816244c319271800ef1df2697c82"
RELEASE_TIMESTAMP="20191126000427"
RELEASE_TAG="8b51bf38ddbb00131188d833c1441bb37128634b"
RELEASE_TIMESTAMP="20200107212959"