pool/firefox-esr
SHA256
10
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
devel
firefox-esr/mozilla-bmo1504834-part1.patch
Manfred Hollstein 78e8532cd1 - Firefox Extended Support Release 140.1.0 ESR 
* Fixed: Various security fixes.
- Mozilla Firefox ESR 140.1.0
  https://www.mozilla.org/security/advisories/mfsa2025-59
  MFSA 2025-59 (boo#1246664)
  * CVE-2025-8027 (bmo#1968423)
    JavaScript engine only wrote partial return value to stack
  * CVE-2025-8028 (bmo#1971581)
    Large branch table could lead to truncated instruction
  * CVE-2025-8029 (bmo#1928021)
    javascript: URLs executed on object and embed tags
  * CVE-2025-8036 (bmo#1960834)
    DNS rebinding circumvents CORS
  * CVE-2025-8037 (bmo#1964767)
    Nameless cookies shadow secure cookies
  * CVE-2025-8030 (bmo#1968414)
    Potential user-assisted code execution in “Copy as cURL”
    command
  * CVE-2025-8031 (bmo#1971719)
    Incorrect URL stripping in CSP reports
  * CVE-2025-8032 (bmo#1974407)
    XSLT documents could bypass CSP
  * CVE-2025-8038 (bmo#1808979)
    CSP frame-src was not correctly enforced for paths
  * CVE-2025-8039 (bmo#1970997)
    Search terms persisted in URL bar
  * CVE-2025-8033 (bmo#1973990)
    Incorrect JavaScript state machine for generators
  * CVE-2025-8034 (bmo#1970422, bmo#1970422, bmo#1970422,
    bmo#1970422)
    Memory safety bugs fixed in Firefox ESR 115.26, Firefox ESR
    128.13, Thunderbird ESR 128.13, Firefox ESR 140.1,
    Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141
  * CVE-2025-8040 (bmo#1975058, bmo#1975058, bmo#1975998,
    bmo#1975998)
    Memory safety bugs fixed in Firefox ESR 140.1, Thunderbird
    ESR 140.1, Firefox 141 and Thunderbird 141
  * CVE-2025-8035 (bmo#1975961, bmo#1975961, bmo#1975961)
    Memory safety bugs fixed in Firefox ESR 128.13, Thunderbird
    ESR 128.13, Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox
    141 and Thunderbird 141

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/firefox-esr?expand=0&rev=63
2025-07-22 12:41:13 +00:00

130 lines
4.0 KiB
Diff
Raw Permalink Blame History

# HG changeset patch
# Parent e31f5228a09ed69d7ac3c84e54f0faa6a5910ae0
Taken from https://bugzilla.mozilla.org/show_bug.cgi?id=1504834
diff --git a/gfx/2d/DrawTargetSkia.cpp b/gfx/2d/DrawTargetSkia.cpp
--- a/gfx/2d/DrawTargetSkia.cpp
+++ b/gfx/2d/DrawTargetSkia.cpp
@@ -155,17 +155,18 @@ static IntRect CalculateSurfaceBounds(co
if (!sampledBounds.ToIntRect(&bounds)) {
return surfaceBounds;
}
return surfaceBounds.Intersect(bounds);
}
static const int kARGBAlphaOffset =
- SurfaceFormat::A8R8G8B8_UINT32 == SurfaceFormat::B8G8R8A8 ? 3 : 0;
+ 0; // Skia is always BGRA SurfaceFormat::A8R8G8B8_UINT32 ==
+ // SurfaceFormat::B8G8R8A8 ? 3 : 0;
static bool VerifyRGBXFormat(uint8_t* aData, const IntSize& aSize,
const int32_t aStride, SurfaceFormat aFormat) {
if (aFormat != SurfaceFormat::B8G8R8X8 || aSize.IsEmpty()) {
return true;
}
// We should've initialized the data to be opaque already
// On debug builds, verify that this is actually true.
diff --git a/gfx/2d/Types.h b/gfx/2d/Types.h
--- a/gfx/2d/Types.h
+++ b/gfx/2d/Types.h
@@ -94,28 +94,21 @@ enum class SurfaceFormat : int8_t {
// this format.
HSV,
Lab,
Depth,
// This represents the unknown format.
UNKNOWN, // TODO: Replace uses with Maybe<SurfaceFormat>.
-// The following values are endian-independent synonyms. The _UINT32 suffix
-// indicates that the name reflects the layout when viewed as a uint32_t
-// value.
-#if MOZ_LITTLE_ENDIAN()
+ // The following values are endian-independent synonyms. The _UINT32 suffix
+ // indicates that the name reflects the layout when viewed as a uint32_t
+ // value.
A8R8G8B8_UINT32 = B8G8R8A8, // 0xAARRGGBB
X8R8G8B8_UINT32 = B8G8R8X8, // 0x00RRGGBB
-#elif MOZ_BIG_ENDIAN()
- A8R8G8B8_UINT32 = A8R8G8B8, // 0xAARRGGBB
- X8R8G8B8_UINT32 = X8R8G8B8, // 0x00RRGGBB
-#else
-# error "bad endianness"
-#endif
// The following values are OS and endian-independent synonyms.
//
// TODO(aosmond): When everything blocking bug 1581828 has been resolved, we
// can make this use R8B8G8A8 and R8B8G8X8 for non-Windows platforms.
OS_RGBA = A8R8G8B8_UINT32,
OS_RGBX = X8R8G8B8_UINT32
};
diff --git a/gfx/skia/skia/modules/skcms/skcms.cc b/gfx/skia/skia/modules/skcms/skcms.cc
--- a/gfx/skia/skia/modules/skcms/skcms.cc
+++ b/gfx/skia/skia/modules/skcms/skcms.cc
@@ -26,16 +26,18 @@
// it'd be a lot slower. But we want all those headers included so we
// can use their features after runtime checks later.
#include <smmintrin.h>
#include <avxintrin.h>
#include <avx2intrin.h>
#include <avx512fintrin.h>
#include <avx512dqintrin.h>
#endif
+#else
+ #define SKCMS_PORTABLE
#endif
using namespace skcms_private;
static bool sAllowRuntimeCPUDetection = true;
void skcms_DisableRuntimeCPUDetection() {
sAllowRuntimeCPUDetection = false;
@@ -319,30 +321,38 @@ enum {
skcms_Signature_sf32 = 0x73663332,
// XYZ is also a PCS signature, so it's defined in skcms.h
// skcms_Signature_XYZ = 0x58595A20,
};
static uint16_t read_big_u16(const uint8_t* ptr) {
uint16_t be;
memcpy(&be, ptr, sizeof(be));
-#if defined(_MSC_VER)
- return _byteswap_ushort(be);
+#if __BYTE_ORDER__ == __ORDER_BIG_ENDIAN__
+ return be;
#else
- return __builtin_bswap16(be);
+ #if defined(_MSC_VER)
+ return _byteswap_ushort(be);
+ #else
+ return __builtin_bswap16(be);
+ #endif
#endif
}
static uint32_t read_big_u32(const uint8_t* ptr) {
uint32_t be;
memcpy(&be, ptr, sizeof(be));
-#if defined(_MSC_VER)
- return _byteswap_ulong(be);
+#if __BYTE_ORDER == __ORDER_BIG_ENDIAN__
+ return be;
#else
- return __builtin_bswap32(be);
+ #if defined(_MSC_VER)
+ return _byteswap_ulong(be);
+ #else
+ return __builtin_bswap32(be);
+ #endif
#endif
}
static int32_t read_big_i32(const uint8_t* ptr) {
return (int32_t)read_big_u32(ptr);
}
static float read_big_fixed(const uint8_t* ptr) {
Reference in New Issue View Git Blame Copy Permalink