From d8b75f888e5e76f615f8b1d1d44e8a2e2ef86a86ba613afd18cd44e0482e1a02 Mon Sep 17 00:00:00 2001 From: Wolfgang Rosenauer Date: Tue, 11 Dec 2018 07:45:25 +0000 Subject: [PATCH 1/3] Accepting request 652365 from home:Guillaume_G:branches:mozilla:Factory - Remove --disable-elf-hack when not available: on aarch64 and ppc64* OBS-URL: https://build.opensuse.org/request/show/652365 OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=698 --- MozillaFirefox.changes | 5 +++++ MozillaFirefox.spec | 2 ++ 2 files changed, 7 insertions(+) diff --git a/MozillaFirefox.changes b/MozillaFirefox.changes index e837edd..a3d7926 100644 --- a/MozillaFirefox.changes +++ b/MozillaFirefox.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Wed Nov 28 11:07:18 UTC 2018 - Guillaume GARDET + +- Remove --disable-elf-hack when not available: on aarch64 and ppc64* + ------------------------------------------------------------------- Mon Nov 26 09:46:02 UTC 2018 - Guillaume GARDET diff --git a/MozillaFirefox.spec b/MozillaFirefox.spec index 4f45a6e..9e82923 100644 --- a/MozillaFirefox.spec +++ b/MozillaFirefox.spec @@ -347,8 +347,10 @@ ac_add_options --enable-optimize="-g -O2" ac_add_options --disable-debug-symbols %endif %if 0%{?suse_version} > 1549 +%ifnarch aarch64 ppc64 ppc64le ac_add_options --disable-elf-hack %endif +%endif ac_add_options --with-system-nspr ac_add_options --with-system-nss %if %{localize} From 7d565ee4aa3ed2421ffaa0fbe1d34b056387200a64c0cc52124c1b8b94bfb056 Mon Sep 17 00:00:00 2001 From: Wolfgang Rosenauer Date: Wed, 12 Dec 2018 11:35:28 +0000 Subject: [PATCH 2/3] - update to Firefox 64.0 * Better recommendations: You may see suggestions in regular browsing mode for new and relevant Firefox features, services, and extensions based on how you use the web (for US users only) * Enhanced tab management: You can now select multiple tabs from the tab bar and close, move, bookmark, or pin them quickly and easily * Easier performance management: The new Task Manager page found at about:performance lets you see how much energy each open tab consumes and provides access to close tabs to conserve power * Improved performance for Mac and Linux users, by enabling link time optimization (Clang LTO). * Added option to remove add-ons using the context menu on their toolbar buttons * RSS feed preview and live bookmarks are available only via add-ons * TLS certificates issued by Symantec are no longer trusted by Firefox. Website operators are strongly encouraged to replace any remaining Symantec TLS certificates as soon as possible MFSA 2018-29 (bsc#1119105) * CVE-2018-12407 bmo#1505973 Buffer overflow with ANGLE library when using VertexBuffer11 module * CVE-2018-17466 bmo#1488295 Buffer overflow and out-of-bounds read in ANGLE library with TextureStorage11 * CVE-2018-18492 bmo#1499861 Use-after-free with select element * CVE-2018-18493 bmo#1504452 Buffer overflow in accelerated 2D canvas with Skia * CVE-2018-18494 bmo#1487964 Same-origin policy violation using location attribute and performance.getEntries to steal cross-origin URLs OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=699 --- MozillaFirefox.changes | 57 + MozillaFirefox.spec | 29 +- compare-locales.tar.xz | 4 +- create-tar.sh | 4 +- firefox-63.0.3.source.tar.xz | 3 - firefox-63.0.3.source.tar.xz.asc | 17 - firefox-64.0.source.tar.xz | 3 + firefox-64.0.source.tar.xz.asc | 17 + firefox-kde.patch | 240 +- l10n-63.0.3.tar.xz | 3 - l10n-64.0.tar.xz | 3 + mozilla-bmo1491289.patch | 24896 ----------------------------- mozilla-kde.patch | 64 +- source-stamp.txt | 2 +- 14 files changed, 268 insertions(+), 25074 deletions(-) delete mode 100644 firefox-63.0.3.source.tar.xz delete mode 100644 firefox-63.0.3.source.tar.xz.asc create mode 100644 firefox-64.0.source.tar.xz create mode 100644 firefox-64.0.source.tar.xz.asc delete mode 100644 l10n-63.0.3.tar.xz create mode 100644 l10n-64.0.tar.xz delete mode 100644 mozilla-bmo1491289.patch diff --git a/MozillaFirefox.changes b/MozillaFirefox.changes index a3d7926..31ad3c8 100644 --- a/MozillaFirefox.changes +++ b/MozillaFirefox.changes @@ -1,3 +1,60 @@ +------------------------------------------------------------------- +Tue Dec 11 08:45:56 UTC 2018 - Wolfgang Rosenauer + +- update to Firefox 64.0 + * Better recommendations: You may see suggestions in regular browsing + mode for new and relevant Firefox features, services, and extensions + based on how you use the web (for US users only) + * Enhanced tab management: You can now select multiple tabs from the + tab bar and close, move, bookmark, or pin them quickly and easily + * Easier performance management: The new Task Manager page found at + about:performance lets you see how much energy each open tab consumes + and provides access to close tabs to conserve power + * Improved performance for Mac and Linux users, by enabling link time + optimization (Clang LTO). + * Added option to remove add-ons using the context menu on their + toolbar buttons + * RSS feed preview and live bookmarks are available only via add-ons + * TLS certificates issued by Symantec are no longer trusted by Firefox. + Website operators are strongly encouraged to replace any remaining + Symantec TLS certificates as soon as possible + MFSA 2018-29 (bsc#1119105) + * CVE-2018-12407 bmo#1505973 + Buffer overflow with ANGLE library when using VertexBuffer11 module + * CVE-2018-17466 bmo#1488295 + Buffer overflow and out-of-bounds read in ANGLE library with + TextureStorage11 + * CVE-2018-18492 bmo#1499861 + Use-after-free with select element + * CVE-2018-18493 bmo#1504452 + Buffer overflow in accelerated 2D canvas with Skia + * CVE-2018-18494 bmo#1487964 + Same-origin policy violation using location attribute and + performance.getEntries to steal cross-origin URLs + * CVE-2018-18495 bmo#1427585 + WebExtension content scripts can be loaded in about: pages + * CVE-2018-18496 bmo#1422231 (Windows only) + Embedded feed preview page can be abused for clickjacking + * CVE-2018-18497 bmo#1488180 + WebExtensions can load arbitrary URLs through pipe separators + * CVE-2018-18498 bmo#1500011 + Integer overflow when calculating buffer sizes for images + * CVE-2018-12406 bmo#1456947 bmo#1475669 bmo#1504816 bmo#1502886 + bmo#1500064 bmo#1500310 bmo#1500696 bmo#1498765 bmo#1499198 bmo#1434490 + bmo#1481745 bmo#1458129 + Memory safety bugs fixed in Firefox 64 + * CVE-2018-12405 bmo#1494752 bmo#1503326 bmo#1505181 bmo#1500759 + bmo#1504365 bmo#1506640 bmo#1503082 bmo#1502013 bmo#1510471 + Memory safety bugs fixed in Firefox 64 and Firefox ESR 60.4 +- requires + * rust/cargo >= 1.29 + * mozilla-nss >= 3.40.1 + * rust-cbindgen >= 0.6.4 +- rebased patches +- removed obsolete patch + * mozilla-bmo1491289.patch +- now uses clang primarily for compilation + ------------------------------------------------------------------- Wed Nov 28 11:07:18 UTC 2018 - Guillaume GARDET diff --git a/MozillaFirefox.spec b/MozillaFirefox.spec index 9e82923..14df649 100644 --- a/MozillaFirefox.spec +++ b/MozillaFirefox.spec @@ -18,15 +18,20 @@ # changed with every update -%define major 63 -%define mainver %major.0.3 -%define orig_version 63.0.3 +%define major 64 +%define mainver %major.0 +%define orig_version 64.0 %define orig_suffix %{nil} %define update_channel release %define branding 1 -%define releasedate 20181114214635 +%define releasedate 20181206201918 %define source_prefix firefox-%{orig_version} +# use clang (upstream default since 64.0) +%if 0%{?suse_version} > 1320 +%define clang_build 1 +%endif + # PIE, full relro (x86_64 for now) %define build_hardened 1 @@ -66,7 +71,7 @@ BuildRequires: gcc7-c++ %else BuildRequires: gcc-c++ %endif -BuildRequires: cargo >= 1.28 +BuildRequires: cargo >= 1.29 BuildRequires: libXcomposite-devel BuildRequires: libcurl-devel BuildRequires: libidl-devel @@ -75,13 +80,13 @@ BuildRequires: libnotify-devel BuildRequires: libproxy-devel BuildRequires: makeinfo BuildRequires: mozilla-nspr-devel >= 4.20 -BuildRequires: mozilla-nss-devel >= 3.39 +BuildRequires: mozilla-nss-devel >= 3.40.1 BuildRequires: nodejs8 >= 8.11 BuildRequires: python-devel BuildRequires: python2-xml BuildRequires: python3 >= 3.5 -BuildRequires: rust >= 1.28 -BuildRequires: rust-cbindgen >= 0.6.2 +BuildRequires: rust >= 1.29 +BuildRequires: rust-cbindgen >= 0.6.4 BuildRequires: startup-notification-devel BuildRequires: unzip BuildRequires: update-desktop-files @@ -160,8 +165,7 @@ Patch6: mozilla-reduce-files-per-UnifiedBindings.patch Patch7: mozilla-aarch64-startup-crash.patch Patch8: mozilla-bmo256180.patch Patch9: mozilla-bmo1463035.patch -Patch10: mozilla-bmo1491289.patch -Patch11: mozilla-cubeb-noreturn.patch +Patch10: mozilla-cubeb-noreturn.patch # Firefox/browser Patch101: firefox-kde.patch Patch102: firefox-branded-icons.patch @@ -272,7 +276,6 @@ cd $RPM_BUILD_DIR/%{source_prefix} %patch8 -p1 %patch9 -p1 %patch10 -p1 -%patch11 -p1 # Firefox %patch101 -p1 %patch102 -p1 @@ -303,9 +306,11 @@ export CC=gcc-7 %endif export CFLAGS="%{optflags} -fno-strict-aliasing" # boo#986541: add -fno-delete-null-pointer-checks for gcc6 +%if 0%{?clang_build} == 0 %if 0%{?suse_version} > 1320 export CFLAGS="$CFLAGS -fno-delete-null-pointer-checks" %endif +%endif %ifarch %arm %ix86 # Limit RAM usage during link export LDFLAGS="${LDFLAGS} -Wl,--no-keep-memory -Wl,--reduce-memory-overheads" @@ -336,8 +341,10 @@ ac_add_options --enable-default-toolkit=cairo-gtk3 ac_add_options --disable-gconf %endif %if 0%{?build_hardened} +%if 0%{?clang_build} == 0 ac_add_options --enable-pie %endif +%endif # gcc7 (boo#104105) %if 0%{?suse_version} > 1320 ac_add_options --enable-optimize="-g -O2" diff --git a/compare-locales.tar.xz b/compare-locales.tar.xz index 5f82009..3495ea7 100644 --- a/compare-locales.tar.xz +++ b/compare-locales.tar.xz @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:d7aee0b0e97dac740d3ac9468f952b1e8f32a7e8f63a9bfe9bfdf864db431fc6 -size 28404 +oid sha256:08c89c246ee082e7b61a333ee0d0a2e6ddf8c9ac12688cbf4ad50dafb0de7ad5 +size 28388 diff --git a/create-tar.sh b/create-tar.sh index 1545b16..f20723a 100644 --- a/create-tar.sh +++ b/create-tar.sh @@ -7,8 +7,8 @@ CHANNEL="release" BRANCH="releases/mozilla-$CHANNEL" -RELEASE_TAG="FIREFOX_63.0.3_RELEASE" -VERSION="63.0.3" +RELEASE_TAG="8337ebb86a425a1c65467fc68eb7c26b9046159e" +VERSION="64.0" VERSION_SUFFIX="" LOCALE_FILE="firefox-$VERSION/browser/locales/l10n-changesets.json" diff --git a/firefox-63.0.3.source.tar.xz b/firefox-63.0.3.source.tar.xz deleted file mode 100644 index 4941939..0000000 --- a/firefox-63.0.3.source.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:48a834daa9c5773272a30933936ea8a78b217494355749ee68996639451d0931 -size 266109244 diff --git a/firefox-63.0.3.source.tar.xz.asc b/firefox-63.0.3.source.tar.xz.asc deleted file mode 100644 index a1aa9c5..0000000 --- a/firefox-63.0.3.source.tar.xz.asc +++ /dev/null @@ -1,17 +0,0 @@ ------BEGIN PGP SIGNATURE----- -Version: GnuPG v2.0.14 (GNU/Linux) - -iQIcBAABCAAGBQJb7L81AAoJELu+vbskxvNVQNAQAJDg4T7R4EBE2vt6NK091Uir -lpVsEVYzsnIalHZ3IzbBm0tJvZ2m4LdulH8+l4fy6Oh2/qgBMaWcbb7T4xPDCf5T -Uierlw7LasM8g9Hrfpz0cvuqxXZZ+HYOMstR59FdND+fLi13JEoH+vKy2nuWNOEP -1NeJsu7mjSvugz4QSs+A7C2vxWn2uUkdajex8sT5140iabV1q8YD4J4pQbIdreY4 -BciHm5Fo6SBp3rSyiNCUcGo1gfCnnMfruoNe5gg5Wh5aLTrf1ivBfPyLr1T/STp9 -LrEYX1qVrWsfSHr8E4jEUWGLFe6g6OT6eTkXiwKf9UChRP7NI+5LDDJ0sWw+V2MQ -MBNrCKXDYm3KojvHKwhEoCFLdxtcglwoZ/Ovhz854xhhertx5JjifA7ZI7YsJP8Q -HMWTtqRc+jtYtXWwrtDmUFXHFh/t++T4FHiGWRgZ0JAcO/ePsWzLC5KJEyDcCxs8 -lA+lcicyRVU91NPG9ZwUxb/C9XNx8AHDwagLud4CVrPqfC+2RbLawoV9j9fkfjz6 -sEcGRD2nqLKarlNxL8Ks5KIzimhFhLm3Fe63S1gPtHMEvstWw3JsLGzHK7tLhtOK -QOpOT18xY8pf88BFz66uw1bwXL6t9AQfUOEtl662jbX+1inRmepgyJo/oO/lFnV7 -u65dm6DmmrO/DoFARj+n -=ipWm ------END PGP SIGNATURE----- diff --git a/firefox-64.0.source.tar.xz b/firefox-64.0.source.tar.xz new file mode 100644 index 0000000..0c64d74 --- /dev/null +++ b/firefox-64.0.source.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:da40f2f8f1cbf0ddb3454aa9f65bb1a2b2043ca9b1724aecd016337be77d537f +size 271865888 diff --git a/firefox-64.0.source.tar.xz.asc b/firefox-64.0.source.tar.xz.asc new file mode 100644 index 0000000..670fd03 --- /dev/null +++ b/firefox-64.0.source.tar.xz.asc @@ -0,0 +1,17 @@ +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v2.0.14 (GNU/Linux) + +iQIcBAABCAAGBQJcCeLpAAoJELu+vbskxvNVG04QAKA6B6cBMdQIHAjxkIrWS9nQ +rprO4iQlLhI0OHVxc5aKpG2/dhA3QffmQ/PdlZQZ5Y4hKKyJhQYXeQC4I7aaUmND +FzEqEtdAkGLNInkcT4wdTs0qR8pTh5QpuM/wzUWUlpkJz5RKGN4aMCzG6Ls5ciKT +BBE153MHwCuIlE+dnlYfgOu4ljjqW/diHRFcUcg/hPK/twnPXzWszaJwWjjCfHcy +tMYqDKI+GEbUSVRdM9gWy6rEXTBJ9HhCRth2PVfH9WxAesGJFw34Q0sn1EYbkrKM +AiT+GKGJqNr/jbZMhOtiJJM1ORK2gGTnTDJnOHO0CXJKn6lYNQz/mBgrKK7Fr/L7 +9Dn27+ub7OM/XctfVsv02VMPKHSzh+81Eh/53ea1W/IK/BKzuXvx9kc3czzDuDHb ++e11gQepxi8RGIRiy+mzLga2mp0Y4ihddbaZXVqJBN9vPMAEm+50wjATOYpTWZya +JBs4XCIthJbzrOSEafqhZY6bJS7u4i2yKFmjscmf1S0AnETTE3v+ykWp3eX4UTcc +IQD8mlOMuV6vq1uEmGObdl9YUzhVA0N14jJwYW5x9MKqI14gg76VbN49mlFq7boq +EKilKGBsgDsdIgOuKjx6e4gkopnhxVwupaj0pNGNjp1qTvdZNqqp9oUUWWfaCM+L +pdlP7yJCMnBYjcU6fncZ +=wngo +-----END PGP SIGNATURE----- diff --git a/firefox-kde.patch b/firefox-kde.patch index e07965b..be379b5 100644 --- a/firefox-kde.patch +++ b/firefox-kde.patch @@ -1,11 +1,11 @@ # HG changeset patch -# Parent fdf78810e83396d10418791fbe32bed6bfe1558b +# Parent f2429084f187d5758508ae547c411943cba60fcf diff --git a/browser/base/content/browser-kde.xul b/browser/base/content/browser-kde.xul new file mode 100644 --- /dev/null +++ b/browser/base/content/browser-kde.xul -@@ -0,0 +1,1317 @@ +@@ -0,0 +1,1384 @@ +#filter substitution + +# -*- Mode: HTML -*- @@ -19,6 +19,12 @@ new file mode 100644 + both "content" and "skin" packages, which bug 1385444 will unify later. --> + + ++ ++ ++ ++ + + + @@ -72,7 +78,11 @@ new file mode 100644 + fullscreenbutton="true" + sizemode="normal" + retargetdocumentfocus="urlbar" -+ persist="screenX screenY width height sizemode"> ++ persist="screenX screenY width height sizemode" ++#ifdef BROWSER_XHTML ++ hidden="true" ++#endif ++ > + +# All JS files which are needed by browser.xul and other top level windows to +# support MacOS specific features *must* go into the global-scripts.inc file so @@ -90,9 +100,14 @@ new file mode 100644 + window.onload = gBrowserInit.onLoad.bind(gBrowserInit); + window.onunload = gBrowserInit.onUnload.bind(gBrowserInit); + window.onclose = WindowIsClosing; ++ +#ifdef BROWSER_XHTML -+ window.addEventListener("DOMContentLoaded", -+ gBrowserInit.onBeforeInitialXULLayout.bind(gBrowserInit), { once: true }); ++ window.addEventListener("readystatechange", () => { ++ // We initially hide the window to prevent layouts during parse. This lets us ++ // avoid accidental XBL construction and better match browser.xul (see Bug 1497975). ++ gBrowserInit.onBeforeInitialXULLayout(); ++ document.documentElement.removeAttribute("hidden"); ++ }, { once: true, capture: true }); +#else + window.addEventListener("MozBeforeInitialXULLayout", + gBrowserInit.onBeforeInitialXULLayout.bind(gBrowserInit), { once: true }); @@ -116,13 +131,12 @@ new file mode 100644 + onpopuphidden="if (event.target == this) TabContextMenu.contextTab = null;"> + -+