2020-12-16 23:40:17 +01:00
|
|
|
# HG changeset patch
|
|
|
|
# User Wolfgang Rosenauer <wr@rosenauer.org>
|
2023-02-15 22:11:31 +01:00
|
|
|
# Parent d6f551c7b3dc20bb47526e06c44646fd159f3dd1
|
2020-12-16 23:40:17 +01:00
|
|
|
|
|
|
|
diff --git a/build/moz.configure/lto-pgo.configure b/build/moz.configure/lto-pgo.configure
|
|
|
|
--- a/build/moz.configure/lto-pgo.configure
|
|
|
|
+++ b/build/moz.configure/lto-pgo.configure
|
2022-04-05 22:51:21 +02:00
|
|
|
@@ -242,34 +242,34 @@ def lto(
|
2021-12-07 22:12:25 +01:00
|
|
|
"configure."
|
|
|
|
)
|
|
|
|
|
|
|
|
if c_compiler.type == "clang":
|
|
|
|
if value == "full":
|
|
|
|
cflags.append("-flto")
|
|
|
|
ldflags.append("-flto")
|
|
|
|
else:
|
|
|
|
- cflags.append("-flto=thin")
|
|
|
|
- ldflags.append("-flto=thin")
|
|
|
|
+ cflags.append("-flto")
|
|
|
|
+ ldflags.append("-flto")
|
|
|
|
|
|
|
|
if target.os == "Android" and value == "cross":
|
|
|
|
# Work around https://github.com/rust-lang/rust/issues/90088
|
|
|
|
# by enabling the highest level of SSE the rust targets default
|
|
|
|
# to.
|
|
|
|
# https://github.com/rust-lang/rust/blob/bdfcb88e8b6203ccb46a2fb6649979b773efc8ac/compiler/rustc_target/src/spec/i686_linux_android.rs#L13
|
|
|
|
# https://github.com/rust-lang/rust/blob/8d1083e319841624f64400e1524805a40d725439/compiler/rustc_target/src/spec/x86_64_linux_android.rs#L7
|
|
|
|
if target.cpu == "x86":
|
|
|
|
ldflags.append("-Wl,-plugin-opt=-mattr=+ssse3")
|
|
|
|
elif target.cpu == "x86_64":
|
|
|
|
ldflags.append("-Wl,-plugin-opt=-mattr=+sse4.2")
|
|
|
|
elif c_compiler.type == "clang-cl":
|
|
|
|
if value == "full":
|
|
|
|
cflags.append("-flto")
|
|
|
|
else:
|
|
|
|
- cflags.append("-flto=thin")
|
|
|
|
+ cflags.append("-flto")
|
|
|
|
# With clang-cl, -flto can only be used with -c or -fuse-ld=lld.
|
|
|
|
# AC_TRY_LINKs during configure don't have -c, so pass -fuse-ld=lld.
|
|
|
|
cflags.append("-fuse-ld=lld")
|
|
|
|
|
|
|
|
# Explicitly set the CPU to optimize for so the linker doesn't
|
|
|
|
# choose a poor default. Rust compilation by default uses the
|
|
|
|
# pentium4 CPU on x86:
|
|
|
|
#
|
2020-12-16 23:40:17 +01:00
|
|
|
diff --git a/build/pgo/profileserver.py b/build/pgo/profileserver.py
|
|
|
|
--- a/build/pgo/profileserver.py
|
|
|
|
+++ b/build/pgo/profileserver.py
|
|
|
|
@@ -6,17 +6,17 @@
|
|
|
|
|
- Mozilla Firefox 109.0
MFSA 2023-01 (bsc#1207119)
* CVE-2023-23597 (bmo#1538028)
Logic bug in process allocation allowed to read arbitrary
files
* CVE-2023-23598 (bmo#1800425)
Arbitrary file read from GTK drag and drop on Linux
* CVE-2023-23599 (bmo#1777800)
Malicious command could be hidden in devtools output on
Windows
* CVE-2023-23600 (bmo#1787034)
Notification permissions persisted between Normal and Private
Browsing on Android
* CVE-2023-23601 (bmo#1794268)
URL being dragged from cross-origin iframe into same tab
triggers navigation
* CVE-2023-23602 (bmo#1800890)
Content Security Policy wasn't being correctly applied to
WebSockets in WebWorkers
* CVE-2023-23603 (bmo#1800832)
Calls to <code>console.log</code> allowed bypasing Content
Security Policy via format directive
* CVE-2023-23604 (bmo#1802346)
Creation of duplicate <code>SystemPrincipal</code> from less
secure contexts
* CVE-2023-23605 (bmo#1764921, bmo#1802690, bmo#1806974)
Memory safety bugs fixed in Firefox 109 and Firefox ESR 102.7
* CVE-2023-23606 (bmo#1764974, bmo#1798591, bmo#1799201,
bmo#1800446, bmo#1801248, bmo#1802100, bmo#1803393,
bmo#1804626, bmo#1804971, bmo#1807004)
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=1033
2023-01-18 08:21:07 +01:00
|
|
|
import glob
|
2020-12-16 23:40:17 +01:00
|
|
|
import json
|
|
|
|
import os
|
|
|
|
import subprocess
|
- Mozilla Firefox 109.0
MFSA 2023-01 (bsc#1207119)
* CVE-2023-23597 (bmo#1538028)
Logic bug in process allocation allowed to read arbitrary
files
* CVE-2023-23598 (bmo#1800425)
Arbitrary file read from GTK drag and drop on Linux
* CVE-2023-23599 (bmo#1777800)
Malicious command could be hidden in devtools output on
Windows
* CVE-2023-23600 (bmo#1787034)
Notification permissions persisted between Normal and Private
Browsing on Android
* CVE-2023-23601 (bmo#1794268)
URL being dragged from cross-origin iframe into same tab
triggers navigation
* CVE-2023-23602 (bmo#1800890)
Content Security Policy wasn't being correctly applied to
WebSockets in WebWorkers
* CVE-2023-23603 (bmo#1800832)
Calls to <code>console.log</code> allowed bypasing Content
Security Policy via format directive
* CVE-2023-23604 (bmo#1802346)
Creation of duplicate <code>SystemPrincipal</code> from less
secure contexts
* CVE-2023-23605 (bmo#1764921, bmo#1802690, bmo#1806974)
Memory safety bugs fixed in Firefox 109 and Firefox ESR 102.7
* CVE-2023-23606 (bmo#1764974, bmo#1798591, bmo#1799201,
bmo#1800446, bmo#1801248, bmo#1802100, bmo#1803393,
bmo#1804626, bmo#1804971, bmo#1807004)
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=1033
2023-01-18 08:21:07 +01:00
|
|
|
import sys
|
2020-12-16 23:40:17 +01:00
|
|
|
|
|
|
|
import mozcrash
|
- Mozilla Firefox 109.0
MFSA 2023-01 (bsc#1207119)
* CVE-2023-23597 (bmo#1538028)
Logic bug in process allocation allowed to read arbitrary
files
* CVE-2023-23598 (bmo#1800425)
Arbitrary file read from GTK drag and drop on Linux
* CVE-2023-23599 (bmo#1777800)
Malicious command could be hidden in devtools output on
Windows
* CVE-2023-23600 (bmo#1787034)
Notification permissions persisted between Normal and Private
Browsing on Android
* CVE-2023-23601 (bmo#1794268)
URL being dragged from cross-origin iframe into same tab
triggers navigation
* CVE-2023-23602 (bmo#1800890)
Content Security Policy wasn't being correctly applied to
WebSockets in WebWorkers
* CVE-2023-23603 (bmo#1800832)
Calls to <code>console.log</code> allowed bypasing Content
Security Policy via format directive
* CVE-2023-23604 (bmo#1802346)
Creation of duplicate <code>SystemPrincipal</code> from less
secure contexts
* CVE-2023-23605 (bmo#1764921, bmo#1802690, bmo#1806974)
Memory safety bugs fixed in Firefox 109 and Firefox ESR 102.7
* CVE-2023-23606 (bmo#1764974, bmo#1798591, bmo#1799201,
bmo#1800446, bmo#1801248, bmo#1802100, bmo#1803393,
bmo#1804626, bmo#1804971, bmo#1807004)
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=1033
2023-01-18 08:21:07 +01:00
|
|
|
-from mozbuild.base import BinaryNotFoundException, MozbuildObject
|
|
|
|
+from mozbuild.base import BinaryNotFoundException, MozbuildObject, BuildEnvironmentNotFoundException
|
2020-12-16 23:40:17 +01:00
|
|
|
from mozfile import TemporaryDirectory
|
|
|
|
from mozhttpd import MozHttpd
|
|
|
|
from mozprofile import FirefoxProfile, Preferences
|
|
|
|
from mozprofile.permissions import ServerLocations
|
- Mozilla Firefox 109.0
MFSA 2023-01 (bsc#1207119)
* CVE-2023-23597 (bmo#1538028)
Logic bug in process allocation allowed to read arbitrary
files
* CVE-2023-23598 (bmo#1800425)
Arbitrary file read from GTK drag and drop on Linux
* CVE-2023-23599 (bmo#1777800)
Malicious command could be hidden in devtools output on
Windows
* CVE-2023-23600 (bmo#1787034)
Notification permissions persisted between Normal and Private
Browsing on Android
* CVE-2023-23601 (bmo#1794268)
URL being dragged from cross-origin iframe into same tab
triggers navigation
* CVE-2023-23602 (bmo#1800890)
Content Security Policy wasn't being correctly applied to
WebSockets in WebWorkers
* CVE-2023-23603 (bmo#1800832)
Calls to <code>console.log</code> allowed bypasing Content
Security Policy via format directive
* CVE-2023-23604 (bmo#1802346)
Creation of duplicate <code>SystemPrincipal</code> from less
secure contexts
* CVE-2023-23605 (bmo#1764921, bmo#1802690, bmo#1806974)
Memory safety bugs fixed in Firefox 109 and Firefox ESR 102.7
* CVE-2023-23606 (bmo#1764974, bmo#1798591, bmo#1799201,
bmo#1800446, bmo#1801248, bmo#1802100, bmo#1803393,
bmo#1804626, bmo#1804971, bmo#1807004)
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=1033
2023-01-18 08:21:07 +01:00
|
|
|
from mozrunner import CLI, FirefoxRunner
|
2020-12-16 23:40:17 +01:00
|
|
|
from six import string_types
|
|
|
|
|
|
|
|
PORT = 8888
|
|
|
|
@@ -82,19 +82,32 @@ if __name__ == "__main__":
|
|
|
|
docroot=os.path.join(build.topsrcdir, "build", "pgo"),
|
|
|
|
path_mappings=path_mappings,
|
|
|
|
)
|
|
|
|
httpd.start(block=False)
|
|
|
|
|
|
|
|
locations = ServerLocations()
|
|
|
|
locations.add_host(host="127.0.0.1", port=PORT, options="primary,privileged")
|
|
|
|
|
|
|
|
- old_profraw_files = glob.glob("*.profraw")
|
|
|
|
- for f in old_profraw_files:
|
|
|
|
- os.remove(f)
|
|
|
|
+ using_gcc = False
|
|
|
|
+ try:
|
|
|
|
+ if build.config_environment.substs.get('CC_TYPE') == 'gcc':
|
|
|
|
+ using_gcc = True
|
|
|
|
+ except BuildEnvironmentNotFoundException:
|
|
|
|
+ pass
|
|
|
|
+
|
|
|
|
+ if using_gcc:
|
|
|
|
+ for dirpath, _, filenames in os.walk('.'):
|
|
|
|
+ for f in filenames:
|
|
|
|
+ if f.endswith('.gcda'):
|
|
|
|
+ os.remove(os.path.join(dirpath, f))
|
|
|
|
+ else:
|
|
|
|
+ old_profraw_files = glob.glob('*.profraw')
|
|
|
|
+ for f in old_profraw_files:
|
|
|
|
+ os.remove(f)
|
|
|
|
|
|
|
|
with TemporaryDirectory() as profilePath:
|
|
|
|
# TODO: refactor this into mozprofile
|
|
|
|
profile_data_dir = os.path.join(build.topsrcdir, "testing", "profiles")
|
|
|
|
with open(os.path.join(profile_data_dir, "profiles.json"), "r") as fh:
|
|
|
|
base_profiles = json.load(fh)["profileserver"]
|
|
|
|
|
|
|
|
prefpaths = [
|
- Mozilla Firefox 109.0
MFSA 2023-01 (bsc#1207119)
* CVE-2023-23597 (bmo#1538028)
Logic bug in process allocation allowed to read arbitrary
files
* CVE-2023-23598 (bmo#1800425)
Arbitrary file read from GTK drag and drop on Linux
* CVE-2023-23599 (bmo#1777800)
Malicious command could be hidden in devtools output on
Windows
* CVE-2023-23600 (bmo#1787034)
Notification permissions persisted between Normal and Private
Browsing on Android
* CVE-2023-23601 (bmo#1794268)
URL being dragged from cross-origin iframe into same tab
triggers navigation
* CVE-2023-23602 (bmo#1800890)
Content Security Policy wasn't being correctly applied to
WebSockets in WebWorkers
* CVE-2023-23603 (bmo#1800832)
Calls to <code>console.log</code> allowed bypasing Content
Security Policy via format directive
* CVE-2023-23604 (bmo#1802346)
Creation of duplicate <code>SystemPrincipal</code> from less
secure contexts
* CVE-2023-23605 (bmo#1764921, bmo#1802690, bmo#1806974)
Memory safety bugs fixed in Firefox 109 and Firefox ESR 102.7
* CVE-2023-23606 (bmo#1764974, bmo#1798591, bmo#1799201,
bmo#1800446, bmo#1801248, bmo#1802100, bmo#1803393,
bmo#1804626, bmo#1804971, bmo#1807004)
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=1033
2023-01-18 08:21:07 +01:00
|
|
|
@@ -208,16 +221,20 @@ if __name__ == "__main__":
|
2020-12-16 23:40:17 +01:00
|
|
|
|
|
|
|
# Try to move the crash reports to the artifacts even if Firefox appears
|
|
|
|
# to exit successfully, in case there's a crash that doesn't set the
|
|
|
|
# return code to non-zero for some reason.
|
|
|
|
if get_crashreports(profilePath, name="Firefox exited successfully?") != 0:
|
|
|
|
print("Firefox exited successfully, but produced a crashreport")
|
|
|
|
sys.exit(1)
|
|
|
|
|
|
|
|
+ print('Copying profile data....')
|
|
|
|
+ os.system('pwd');
|
|
|
|
+ os.system('tar cf profdata.tar.gz `find . -name "*.gcda"`; cd ..; tar xf instrumented/profdata.tar.gz;');
|
|
|
|
+
|
|
|
|
llvm_profdata = env.get("LLVM_PROFDATA")
|
|
|
|
if llvm_profdata:
|
|
|
|
profraw_files = glob.glob("*.profraw")
|
|
|
|
if not profraw_files:
|
|
|
|
print(
|
|
|
|
"Could not find profraw files in the current directory: %s"
|
|
|
|
% os.getcwd()
|
|
|
|
)
|
|
|
|
diff --git a/build/unix/mozconfig.unix b/build/unix/mozconfig.unix
|
|
|
|
--- a/build/unix/mozconfig.unix
|
|
|
|
+++ b/build/unix/mozconfig.unix
|
2021-02-24 12:49:39 +01:00
|
|
|
@@ -1,14 +1,23 @@
|
2020-12-16 23:40:17 +01:00
|
|
|
. "$topsrcdir/build/mozconfig.common"
|
|
|
|
|
|
|
|
if [ -n "$FORCE_GCC" ]; then
|
|
|
|
CC="$MOZ_FETCHES_DIR/gcc/bin/gcc"
|
|
|
|
CXX="$MOZ_FETCHES_DIR/gcc/bin/g++"
|
|
|
|
|
|
|
|
+ if [ -n "$MOZ_PGO" ]; then
|
2023-02-15 22:11:31 +01:00
|
|
|
+ if [ -z "$USE_ARTIFACT" ]; then
|
|
|
|
+ ac_add_options --enable-lto
|
|
|
|
+ fi
|
|
|
|
+ export AR="$topsrcdir/gcc/bin/gcc-ar"
|
|
|
|
+ export NM="$topsrcdir/gcc/bin/gcc-nm"
|
|
|
|
+ export RANLIB="$topsrcdir/gcc/bin/gcc-ranlib"
|
2020-12-16 23:40:17 +01:00
|
|
|
+ fi
|
|
|
|
+
|
|
|
|
# We want to make sure we use binutils and other binaries in the tooltool
|
|
|
|
# package.
|
2023-02-15 22:11:31 +01:00
|
|
|
mk_add_options "export PATH=$MOZ_FETCHES_DIR/gcc/bin:$MOZ_FETCHES_DIR/binutils/bin:$PATH"
|
2020-12-16 23:40:17 +01:00
|
|
|
else
|
2021-02-24 12:49:39 +01:00
|
|
|
# For some builds we don't want to have Clang based static-analysis activated
|
|
|
|
if [ -z "$DISABLE_CLANG_PLUGIN" ]; then
|
|
|
|
export ENABLE_CLANG_PLUGIN=1
|
|
|
|
fi
|
2020-12-16 23:40:17 +01:00
|
|
|
diff --git a/extensions/spellcheck/src/moz.build b/extensions/spellcheck/src/moz.build
|
|
|
|
--- a/extensions/spellcheck/src/moz.build
|
|
|
|
+++ b/extensions/spellcheck/src/moz.build
|
2022-01-11 23:06:33 +01:00
|
|
|
@@ -23,8 +23,10 @@ LOCAL_INCLUDES += [
|
|
|
|
"../hunspell/glue",
|
|
|
|
"../hunspell/src",
|
|
|
|
"/dom/base",
|
2020-12-16 23:40:17 +01:00
|
|
|
]
|
|
|
|
EXPORTS.mozilla += [
|
|
|
|
"mozInlineSpellChecker.h",
|
|
|
|
"mozSpellChecker.h",
|
|
|
|
]
|
|
|
|
+
|
|
|
|
+CXXFLAGS += ['-fno-devirtualize']
|
|
|
|
diff --git a/toolkit/components/terminator/nsTerminator.cpp b/toolkit/components/terminator/nsTerminator.cpp
|
|
|
|
--- a/toolkit/components/terminator/nsTerminator.cpp
|
|
|
|
+++ b/toolkit/components/terminator/nsTerminator.cpp
|
- Mozilla Firefox 109.0
MFSA 2023-01 (bsc#1207119)
* CVE-2023-23597 (bmo#1538028)
Logic bug in process allocation allowed to read arbitrary
files
* CVE-2023-23598 (bmo#1800425)
Arbitrary file read from GTK drag and drop on Linux
* CVE-2023-23599 (bmo#1777800)
Malicious command could be hidden in devtools output on
Windows
* CVE-2023-23600 (bmo#1787034)
Notification permissions persisted between Normal and Private
Browsing on Android
* CVE-2023-23601 (bmo#1794268)
URL being dragged from cross-origin iframe into same tab
triggers navigation
* CVE-2023-23602 (bmo#1800890)
Content Security Policy wasn't being correctly applied to
WebSockets in WebWorkers
* CVE-2023-23603 (bmo#1800832)
Calls to <code>console.log</code> allowed bypasing Content
Security Policy via format directive
* CVE-2023-23604 (bmo#1802346)
Creation of duplicate <code>SystemPrincipal</code> from less
secure contexts
* CVE-2023-23605 (bmo#1764921, bmo#1802690, bmo#1806974)
Memory safety bugs fixed in Firefox 109 and Firefox ESR 102.7
* CVE-2023-23606 (bmo#1764974, bmo#1798591, bmo#1799201,
bmo#1800446, bmo#1801248, bmo#1802100, bmo#1803393,
bmo#1804626, bmo#1804971, bmo#1807004)
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=1033
2023-01-18 08:21:07 +01:00
|
|
|
@@ -455,16 +455,21 @@ void nsTerminator::StartWatchdog() {
|
2020-12-16 23:40:17 +01:00
|
|
|
// Defend against overflow
|
|
|
|
crashAfterMS = INT32_MAX;
|
|
|
|
} else {
|
|
|
|
crashAfterMS *= scaleUp;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
#endif
|
|
|
|
|
|
|
|
+ // Disable watchdog for PGO train builds - writting profile information at
|
|
|
|
+ // exit may take time and it is better to make build hang rather than
|
|
|
|
+ // silently produce poorly performing binary.
|
|
|
|
+ crashAfterMS = INT32_MAX;
|
|
|
|
+
|
|
|
|
UniquePtr<Options> options(new Options());
|
2022-04-05 22:51:21 +02:00
|
|
|
// crashAfterTicks is guaranteed to be > 0 as
|
|
|
|
// crashAfterMS >= ADDITIONAL_WAIT_BEFORE_CRASH_MS >> HEARTBEAT_INTERVAL_MS
|
|
|
|
options->crashAfterTicks = crashAfterMS / HEARTBEAT_INTERVAL_MS;
|
|
|
|
|
|
|
|
DebugOnly<PRThread*> watchdogThread =
|
|
|
|
CreateSystemThread(RunWatchdog, options.release());
|
|
|
|
MOZ_ASSERT(watchdogThread);
|