From 31f1b363df739ed0bbaec6d9ee359c1f1f0bb68f74ea6f1e6461d09154b43bbf Mon Sep 17 00:00:00 2001 From: Wolfgang Rosenauer Date: Wed, 8 Jan 2020 11:59:18 +0000 Subject: [PATCH 1/3] - Mozilla Firefox 72.0.1 - Mozilla Firefox 72.0 * block fingerprinting scripts by default * new notification pop-ups * Picture-in-picture video MFSA 2020-01 * CVE-2019-17016 (bmo#1599181) Bypass of @namespace CSS sanitization during pasting * CVE-2019-17017 (bmo#1603055) Type Confusion in XPCVariant.cpp * CVE-2019-17020 (bmo#1597645) Content Security Policy not applied to XSL stylesheets applied to XML documents * CVE-2019-17022 (bmo#1602843) CSS sanitization does not escape HTML tags * CVE-2019-17023 (bmo#1590001) (fixed in NSS FIXME) NSS may negotiate TLS 1.2 or below after a TLS 1.3 HelloRetryRequest had been sent * CVE-2019-17024 (bmo#1507180,bmo#1595470,bmo#1598605,bmo#1601826) Memory safety bugs fixed in Firefox 72 and Firefox ESR 68.4 * CVE-2019-17025 (bmo#1328295,bmo#1328300,bmo#1590447,bmo#1590965 bmo#1595692,bmo#1597321,bmo#1597481) Memory safety bugs fixed in Firefox 72 - update create-tar.sh to skip compare-locales - requires NSPR 4.24 and NSS 3.48 - removed usage of browser-plugins convention for NPAPI plugins from start wrapper and changed the RPM macro to the /usr/$LIB/mozilla/plugins location (boo#1160302) OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=793 --- MozillaFirefox.changes | 36 ++++++++++++++++++++++ MozillaFirefox.spec | 16 +++++----- create-tar.sh | 14 +-------- firefox-71.0.source.tar.xz | 3 -- firefox-71.0.source.tar.xz.asc | 16 ---------- firefox-72.0.1.source.tar.xz | 3 ++ firefox-72.0.1.source.tar.xz.asc | 16 ++++++++++ l10n-71.0.tar.xz | 3 -- l10n-72.0.1.tar.xz | 3 ++ mozilla-bmo1005535.patch | 10 +++--- mozilla-bmo1463035.patch | 6 ++-- mozilla-bmo1504834-part1.patch | 42 ++++++++++++------------- mozilla-bmo1504834-part2.patch | 44 ++++++-------------------- mozilla-bmo1601707.patch | 53 +++++++++++++++++++++++--------- mozilla-kde.patch | 26 ++++++++-------- mozilla.sh.in | 21 ------------- tar_stamps | 8 ++--- 17 files changed, 161 insertions(+), 159 deletions(-) delete mode 100644 firefox-71.0.source.tar.xz delete mode 100644 firefox-71.0.source.tar.xz.asc create mode 100644 firefox-72.0.1.source.tar.xz create mode 100644 firefox-72.0.1.source.tar.xz.asc delete mode 100644 l10n-71.0.tar.xz create mode 100644 l10n-72.0.1.tar.xz diff --git a/MozillaFirefox.changes b/MozillaFirefox.changes index d30c95e..7cca129 100644 --- a/MozillaFirefox.changes +++ b/MozillaFirefox.changes @@ -1,3 +1,39 @@ +------------------------------------------------------------------- +Wed Jan 8 08:19:12 UTC 2020 - Wolfgang Rosenauer + +- Mozilla Firefox 72.0.1 + +------------------------------------------------------------------- +Tue Jan 7 13:03:50 UTC 2020 - Wolfgang Rosenauer + +- Mozilla Firefox 72.0 + * block fingerprinting scripts by default + * new notification pop-ups + * Picture-in-picture video + MFSA 2020-01 + * CVE-2019-17016 (bmo#1599181) + Bypass of @namespace CSS sanitization during pasting + * CVE-2019-17017 (bmo#1603055) + Type Confusion in XPCVariant.cpp + * CVE-2019-17020 (bmo#1597645) + Content Security Policy not applied to XSL stylesheets applied + to XML documents + * CVE-2019-17022 (bmo#1602843) + CSS sanitization does not escape HTML tags + * CVE-2019-17023 (bmo#1590001) (fixed in NSS FIXME) + NSS may negotiate TLS 1.2 or below after a TLS 1.3 + HelloRetryRequest had been sent + * CVE-2019-17024 (bmo#1507180,bmo#1595470,bmo#1598605,bmo#1601826) + Memory safety bugs fixed in Firefox 72 and Firefox ESR 68.4 + * CVE-2019-17025 (bmo#1328295,bmo#1328300,bmo#1590447,bmo#1590965 + bmo#1595692,bmo#1597321,bmo#1597481) + Memory safety bugs fixed in Firefox 72 +- update create-tar.sh to skip compare-locales +- requires NSPR 4.24 and NSS 3.48 +- removed usage of browser-plugins convention for NPAPI plugins + from start wrapper and changed the RPM macro to the + /usr/$LIB/mozilla/plugins location (boo#1160302) + ------------------------------------------------------------------- Mon Dec 2 08:24:05 UTC 2019 - Wolfgang Rosenauer diff --git a/MozillaFirefox.spec b/MozillaFirefox.spec index 685fe4b..d663c02 100644 --- a/MozillaFirefox.spec +++ b/MozillaFirefox.spec @@ -1,7 +1,7 @@ # # spec file for package MozillaFirefox # -# Copyright (c) 2019 SUSE LLC +# Copyright (c) 2020 SUSE LLC # 2006-2019 Wolfgang Rosenauer # # All modifications and additions to the file contributed by third parties @@ -18,9 +18,9 @@ # changed with every update -%define major 71 -%define mainver %major.0 -%define orig_version 71.0 +%define major 72 +%define mainver %major.0.1 +%define orig_version 72.0.1 %define orig_suffix %{nil} %define update_channel release %define branding 1 @@ -80,8 +80,8 @@ BuildRequires: libiw-devel BuildRequires: libnotify-devel BuildRequires: libproxy-devel BuildRequires: makeinfo -BuildRequires: mozilla-nspr-devel >= 4.23 -BuildRequires: mozilla-nss-devel >= 3.47.1 +BuildRequires: mozilla-nspr-devel >= 4.24 +BuildRequires: mozilla-nss-devel >= 3.48 BuildRequires: nasm >= 2.13 BuildRequires: nodejs8 >= 8.11 BuildRequires: python-devel @@ -150,7 +150,7 @@ Source9: firefox.js Source11: firefox.1 Source12: mozilla-get-app-id Source13: spellcheck.js -Source14: https://github.com/openSUSE/firefox-scripts/raw/d414e38/create-tar.sh +Source14: https://github.com/openSUSE/firefox-scripts/raw/8a54002/create-tar.sh Source15: firefox-appdata.xml Source16: %{name}.changes # Set up API keys, see http://www.chromium.org/developers/how-tos/api-keys @@ -603,7 +603,7 @@ cat <<'FIN' >%{buildroot}%{_sysconfdir}/rpm/macros.%{progname} %%firefox_version %{version} %%firefox_mainver %{mainver} %%firefox_mozillapath %%{_libdir}/%{progname} -%%firefox_pluginsdir %%{_libdir}/browser-plugins +%%firefox_pluginsdir %%{_libdir}/mozilla/plugins %%firefox_appid \{ec8030f7-c20a-464f-9b0e-13a3a9e97384\} %%firefox_extdir %%(if [ "%%_target_cpu" = "noarch" ]; then echo %%{_datadir}/mozilla/extensions/%%{firefox_appid}; else echo %%{_libdir}/mozilla/extensions/%%{firefox_appid}; fi) diff --git a/create-tar.sh b/create-tar.sh index 6e96cc5..4d78dae 100644 --- a/create-tar.sh +++ b/create-tar.sh @@ -14,7 +14,7 @@ VERSION_SUFFIX="esr" RELEASE_TAG="" # Needs only to be set if no tar-ball can be downloaded PREV_VERSION="60.6.3" # Prev. version only needed for locales (leave empty to force l10n-generation) PREV_VERSION_SUFFIX="esr" -#SKIP_LOCALES="" # Uncomment to skip l10n and compare-locales-generation +#SKIP_LOCALES="" # Uncomment to skip l10n-generation EOF exit 1 @@ -331,15 +331,3 @@ elif [ -f "l10n-$PREV_VERSION$PREV_VERSION_SUFFIX.tar.xz" ]; then echo "Moving l10n-$PREV_VERSION$PREV_VERSION_SUFFIX.tar.xz to l10n-$VERSION$VERSION_SUFFIX.tar.xz" mv "l10n-$PREV_VERSION$PREV_VERSION_SUFFIX.tar.xz" "l10n-$VERSION$VERSION_SUFFIX.tar.xz" fi - -# compare-locales -echo "creating compare-locales" -if [ -d compare-locales/.hg ]; then - pushd compare-locales || exit 1 - hg pull - popd || exit 1 -else - hg clone http://hg.mozilla.org/build/compare-locales -fi -tar $compression -cf compare-locales.tar.xz --exclude=.hgtags --exclude=.hgignore --exclude=.hg compare-locales - diff --git a/firefox-71.0.source.tar.xz b/firefox-71.0.source.tar.xz deleted file mode 100644 index f5ae59b..0000000 --- a/firefox-71.0.source.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:78304cd58229e7103b56b34718aad051c9a4db30c266512a64f501ba58da7fbe -size 312341460 diff --git a/firefox-71.0.source.tar.xz.asc b/firefox-71.0.source.tar.xz.asc deleted file mode 100644 index 1709863..0000000 --- a/firefox-71.0.source.tar.xz.asc +++ /dev/null @@ -1,16 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQIzBAABCgAdFiEECXsxMHeuYqAvhNpN8aZmj7t9Vy4FAl3lA28ACgkQ8aZmj7t9 -Vy5eEg//eGpfCJYD87DGGP9rzfCwr+MVAxQZyj4sWL8JPZ5GmoFFePsw2vSNh/Gj -TCE2ZbPVEaBUAcXyT3G9lf5s4a7/HXMgQjb95EUDn+DjymeI0MjmuG2aZTk4hY76 -OtSFjXIJ1JqMQH2xMHLtkwYRm8JVRH6HFCa0owqm/p2tK2Q5djxTieeiR3qQPXcX -gDF4SOA05WDOYYMpDf0jErXwCnHqWNJKJISsAh9q4yXKu+GoUiWr65Yf6QJRfKBL -yviYBslRYOnziQeRHO1v2v3hNZ67jcSMzUw85oJJjYAmiUn+jfe1C0D1Y/EPGiIu -llAXewHcatNjoecW2DdPgFSRv8JnoPklkeOIN20mB5YcG8XSnp/7ZxKpxeOsKwjp -+84gZVtOTE5MfH5SV4LpH1r4PAtnPJMZF9onOzVf2t1Rk0qRUVt3zsg+bBEvh/gR -5Ay2HtKDUJRw46riMLmtl/pb3IEivVgcQGxoblu+UVU5nTiHIATF/3UJsNtPLZgV -JqrMfnt1z6173m215p55QgCn0YP0W4FUOwHqcKkRsF7f4UYwvRXUQa0bRxnqzkJU -AJ27dcxg0KE/CxWMfEuoTd+beaimiZyZKfffW/WzCWS8uPYaQZ8c4E3ljhkLhjn2 -P2LTUeRL4F+7oj9dWlpMWTjfs9Jkq831oB+mZl4crHbgcxDJe1k= -=GTDV ------END PGP SIGNATURE----- diff --git a/firefox-72.0.1.source.tar.xz b/firefox-72.0.1.source.tar.xz new file mode 100644 index 0000000..f7aafd7 --- /dev/null +++ b/firefox-72.0.1.source.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:1fa59aedc8469c3e6ffb12449ab7de2f93776f7679eedebfb74aa309b694956f +size 314963588 diff --git a/firefox-72.0.1.source.tar.xz.asc b/firefox-72.0.1.source.tar.xz.asc new file mode 100644 index 0000000..7bcf40f --- /dev/null +++ b/firefox-72.0.1.source.tar.xz.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCgAdFiEECXsxMHeuYqAvhNpN8aZmj7t9Vy4FAl4VMBAACgkQ8aZmj7t9 +Vy6o4w//X6MCxFHfcDI0f2E3zXcfQOqGyRKOQer4tjQaz00M3fNvua0q6wHpQWga +jpfZfAdospevuo1RNVR1qWdwRDoQjFPYEewtaKEKppBCG+WTD0zHRBOkuJERgbl3 +zjPAmn58oVS3Vcysl1q31Z643cQ0cZesMvFEUDgH4oo/OEOK9j+xh71o58tW+R7B +KobSCwYwD9Fl7Jg9+9OafrvuxBye4D5iiNMWqn3hmNeB/2t/TD0xgc7GlvLsMphA +ZCfe3JPyWTo3pe2Go6IqSBTTNtiy1kKIlwZF/07Wxwq1T8EkfSse6Gv3pyAcLHVK +vgSg3LBQhLVLjXIvOQiv4iMtmIV3A+fsxjTk/NXBdNt15pDQqsWeLuGyDPQOgROL +KTkS46z3fc4EwH+6WePTH8YBagKTPyMcHmi4i4cKD0dewWkbom5WTIejlTCscn9S +3yagduYExhX/xReAmWaC65lLcopaBaaI2IsjK2BiINU+OPhnruGMfOoFs1iUcpYs +5/Q6DQJnzRho/2J0Gbq1+hyn92ZcxuEvsTmgBtRVIexZd6BKDFMyya5QvHhxgaBr +V5eDo/lj9kLpryFsCKkZWsjcvPDESXhMlDidHFOGYHWBdUqrDOEjXsTk4SgAeTl4 +Vh0Lx8XWBE+/y5ey217UCQVnm4SMkS5lZpjt0jl/17BkgnCZJro= +=DaZO +-----END PGP SIGNATURE----- diff --git a/l10n-71.0.tar.xz b/l10n-71.0.tar.xz deleted file mode 100644 index 237914c..0000000 --- a/l10n-71.0.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:e99281ff021803c3fbcf1e66d3f9ab76a23d5651baf89d3f9ea5ceb5044d8d8b -size 50890752 diff --git a/l10n-72.0.1.tar.xz b/l10n-72.0.1.tar.xz new file mode 100644 index 0000000..6e7c599 --- /dev/null +++ b/l10n-72.0.1.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:7a7fcbb2be07f9dc108c70ae75e052812c835df2b3054cd4d93f5d1c0e27f05f +size 51001860 diff --git a/mozilla-bmo1005535.patch b/mozilla-bmo1005535.patch index ddfa2da..8731d8c 100644 --- a/mozilla-bmo1005535.patch +++ b/mozilla-bmo1005535.patch @@ -3,13 +3,13 @@ # Date 1558451540 -7200 # Tue May 21 17:12:20 2019 +0200 # Node ID 433beec63e6b5f409683af20a0c1ab137cc7bfad -# Parent 42c99b59a87b904063bad3193f10c51d068d2eac +# Parent 0b9b94a6526d4f1aa6e23b95c1f5f7c0bef841a7 Bug 1005535 - Get skia GPU building on big endian. -diff -r 42c99b59a87b -r 433beec63e6b gfx/skia/skia/include/private/GrColor.h ---- a/gfx/skia/skia/include/private/GrColor.h Wed Jun 05 08:48:08 2019 +0200 -+++ b/gfx/skia/skia/include/private/GrColor.h Tue May 21 17:12:20 2019 +0200 -@@ -63,7 +63,7 @@ +diff -r 0b9b94a6526d gfx/skia/skia/src/gpu/GrColor.h +--- a/gfx/skia/skia/src/gpu/GrColor.h Tue May 21 17:26:58 2019 +0200 ++++ b/gfx/skia/skia/src/gpu/GrColor.h Wed Jan 08 12:14:52 2020 +0100 +@@ -64,7 +64,7 @@ * Since premultiplied means that alpha >= color, we construct a color with * each component==255 and alpha == 0 to be "illegal" */ diff --git a/mozilla-bmo1463035.patch b/mozilla-bmo1463035.patch index 932b50f..4642b9a 100644 --- a/mozilla-bmo1463035.patch +++ b/mozilla-bmo1463035.patch @@ -3,7 +3,7 @@ # User Mike Hommey # Date 1526871862 -32400 # Node ID 94f21505ff13cd089f7129cd24927cf8b31a0f43 -# Parent 5dc1d2186f44dd6ccfc4b28b9e1ed859cffc63bb +# Parent c2f46e526e92a1706d445f8e38a68bf90aee06f3 Bug 1463035 - Remove MOZ_SIGNAL_TRAMPOLINE. r?darchons For some reason, GNU as is not happy with the assembly generated after @@ -15,7 +15,7 @@ workaround anymore, so let's just kill it. diff --git a/mfbt/moz.build b/mfbt/moz.build --- a/mfbt/moz.build +++ b/mfbt/moz.build -@@ -122,20 +122,16 @@ EXPORTS["double-conversion"] = [ +@@ -132,20 +132,16 @@ EXPORTS["double-conversion"] = [ LOCAL_INCLUDES += [ '/mfbt/double-conversion', ] @@ -35,7 +35,7 @@ diff --git a/mfbt/moz.build b/mfbt/moz.build 'double-conversion/double-conversion/bignum-dtoa.cc', 'double-conversion/double-conversion/bignum.cc', 'double-conversion/double-conversion/cached-powers.cc', - 'double-conversion/double-conversion/diy-fp.cc', + 'double-conversion/double-conversion/double-to-string.cc', diff --git a/mozglue/baseprofiler/core/platform-linux-android.cpp b/mozglue/baseprofiler/core/platform-linux-android.cpp --- a/mozglue/baseprofiler/core/platform-linux-android.cpp +++ b/mozglue/baseprofiler/core/platform-linux-android.cpp diff --git a/mozilla-bmo1504834-part1.patch b/mozilla-bmo1504834-part1.patch index 7990ff5..b2d81ec 100644 --- a/mozilla-bmo1504834-part1.patch +++ b/mozilla-bmo1504834-part1.patch @@ -1,11 +1,11 @@ # HG changeset patch -# Parent 051b75a600dfbf7503c3485cebfd34d4eb29be96 +# Parent 83da7ee18178639b2a89d5e21f78e190e4e72d7e Taken from https://bugzilla.mozilla.org/show_bug.cgi?id=1504834 -diff -r 051b75a600df gfx/2d/DrawTargetSkia.cpp ---- a/gfx/2d/DrawTargetSkia.cpp Fri Jul 05 12:42:44 2019 +0200 -+++ b/gfx/2d/DrawTargetSkia.cpp Mon Jul 08 10:59:30 2019 +0200 -@@ -138,8 +138,7 @@ +diff -r 83da7ee18178 gfx/2d/DrawTargetSkia.cpp +--- a/gfx/2d/DrawTargetSkia.cpp Mon Jul 22 00:00:00 2019 +0200 ++++ b/gfx/2d/DrawTargetSkia.cpp Wed Jan 08 12:17:44 2020 +0100 +@@ -136,8 +136,7 @@ return surfaceBounds.Intersect(bounds); } @@ -15,38 +15,38 @@ diff -r 051b75a600df gfx/2d/DrawTargetSkia.cpp static bool VerifyRGBXFormat(uint8_t* aData, const IntSize& aSize, const int32_t aStride, SurfaceFormat aFormat) { -diff -r 051b75a600df gfx/2d/Types.h ---- a/gfx/2d/Types.h Fri Jul 05 12:42:44 2019 +0200 -+++ b/gfx/2d/Types.h Mon Jul 08 10:59:30 2019 +0200 -@@ -85,15 +85,8 @@ +diff -r 83da7ee18178 gfx/2d/Types.h +--- a/gfx/2d/Types.h Mon Jul 22 00:00:00 2019 +0200 ++++ b/gfx/2d/Types.h Wed Jan 08 12:17:44 2020 +0100 +@@ -86,15 +86,8 @@ // The following values are endian-independent synonyms. The _UINT32 suffix // indicates that the name reflects the layout when viewed as a uint32_t // value. -#if MOZ_LITTLE_ENDIAN A8R8G8B8_UINT32 = B8G8R8A8, // 0xAARRGGBB - X8R8G8B8_UINT32 = B8G8R8X8 // 0x00RRGGBB + X8R8G8B8_UINT32 = B8G8R8X8, // 0x00RRGGBB -#elif MOZ_BIG_ENDIAN - A8R8G8B8_UINT32 = A8R8G8B8, // 0xAARRGGBB -- X8R8G8B8_UINT32 = X8R8G8B8 // 0x00RRGGBB +- X8R8G8B8_UINT32 = X8R8G8B8, // 0x00RRGGBB -#else -# error "bad endianness" -#endif - }; - static inline int BytesPerPixel(SurfaceFormat aFormat) { -diff -r 051b75a600df gfx/skia/skia/third_party/skcms/skcms.cc ---- a/gfx/skia/skia/third_party/skcms/skcms.cc Fri Jul 05 12:42:44 2019 +0200 -+++ b/gfx/skia/skia/third_party/skcms/skcms.cc Mon Jul 08 10:59:30 2019 +0200 -@@ -17,6 +17,8 @@ - #include - #elif defined(__SSE__) - #include + // The following values are OS and endian-independent synonyms. + // +diff -r 83da7ee18178 gfx/skia/skia/third_party/skcms/skcms.cc +--- a/gfx/skia/skia/third_party/skcms/skcms.cc Mon Jul 22 00:00:00 2019 +0200 ++++ b/gfx/skia/skia/third_party/skcms/skcms.cc Wed Jan 08 12:17:44 2020 +0100 +@@ -30,6 +30,8 @@ + #include + #include + #endif +#else + #define SKCMS_PORTABLE #endif // sizeof(x) will return size_t, which is 32-bit on some machines and 64-bit on others. -@@ -124,20 +126,28 @@ +@@ -280,20 +282,28 @@ static uint16_t read_big_u16(const uint8_t* ptr) { uint16_t be; memcpy(&be, ptr, sizeof(be)); diff --git a/mozilla-bmo1504834-part2.patch b/mozilla-bmo1504834-part2.patch index 6f699a2..1b13b21 100644 --- a/mozilla-bmo1504834-part2.patch +++ b/mozilla-bmo1504834-part2.patch @@ -1,19 +1,14 @@ # HG changeset patch -# Parent 6fa4b62427433e8f445d05c557e5db096667d880 +# Parent 0e579dcbf7328dda4512cbdafc9b42acec4935ea Skia does not support big endian. The places to fix are too numerous and upstream (skia, not Mozilla) has no interest in maintaining big endian. So here we try to swizzle the input for skia, so that skia always works on LE, and when it comes out again, we transform back to BE. -diff --git a/gfx/2d/ConvolutionFilter.cpp b/gfx/2d/ConvolutionFilter.cpp ---- a/gfx/2d/ConvolutionFilter.cpp -+++ b/gfx/2d/ConvolutionFilter.cpp -@@ -30,32 +30,79 @@ bool ConvolutionFilter::GetFilterOffsetA - int32_t* aResultLength) { - if (aRowIndex >= mFilter->numValues()) { - return false; - } - mFilter->FilterForValue(aRowIndex, aResultOffset, aResultLength); +diff -r 0e579dcbf732 gfx/2d/ConvolutionFilter.cpp +--- a/gfx/2d/ConvolutionFilter.cpp Wed Jan 08 12:17:44 2020 +0100 ++++ b/gfx/2d/ConvolutionFilter.cpp Wed Jan 08 12:17:49 2020 +0100 +@@ -35,9 +35,38 @@ return true; } @@ -52,11 +47,7 @@ diff --git a/gfx/2d/ConvolutionFilter.cpp b/gfx/2d/ConvolutionFilter.cpp } void ConvolutionFilter::ConvolveVertically(uint8_t* const* aSrc, uint8_t* aDst, - int32_t aRowIndex, int32_t aRowSize, - bool aHasAlpha) { - MOZ_ASSERT(aRowIndex < mFilter->numValues()); - - int32_t filterOffset; +@@ -49,8 +78,26 @@ int32_t filterLength; auto filterValues = mFilter->FilterForValue(aRowIndex, &filterOffset, &filterLength); @@ -83,20 +74,10 @@ diff --git a/gfx/2d/ConvolutionFilter.cpp b/gfx/2d/ConvolutionFilter.cpp } /* ConvolutionFilter::ComputeResizeFactor is derived from Skia's - * SkBitmapScaler/SkResizeFilter::computeFactors. It is governed by Skia's - * BSD-style license (see gfx/skia/LICENSE) and the following copyright: - * Copyright (c) 2015 Google Inc. - */ - bool ConvolutionFilter::ComputeResizeFilter(ResizeMethod aResizeMethod, -diff --git a/gfx/skia/skia/include/core/SkPreConfig.h b/gfx/skia/skia/include/core/SkPreConfig.h ---- a/gfx/skia/skia/include/core/SkPreConfig.h -+++ b/gfx/skia/skia/include/core/SkPreConfig.h -@@ -68,17 +68,17 @@ - #define SK_CPU_BENDIAN - #elif defined(__BYTE_ORDER__) && (__BYTE_ORDER__ == __ORDER_LITTLE_ENDIAN__) - #define SK_CPU_LENDIAN - #elif defined(__sparc) || defined(__sparc__) || \ - defined(_POWER) || defined(__powerpc__) || \ +diff -r 0e579dcbf732 gfx/skia/skia/include/core/SkPreConfig.h +--- a/gfx/skia/skia/include/core/SkPreConfig.h Wed Jan 08 12:17:44 2020 +0100 ++++ b/gfx/skia/skia/include/core/SkPreConfig.h Wed Jan 08 12:17:49 2020 +0100 +@@ -73,7 +73,7 @@ defined(__ppc__) || defined(__hppa) || \ defined(__PPC__) || defined(__PPC64__) || \ defined(_MIPSEB) || defined(__ARMEB__) || \ @@ -105,8 +86,3 @@ diff --git a/gfx/skia/skia/include/core/SkPreConfig.h b/gfx/skia/skia/include/co (defined(__sh__) && defined(__BIG_ENDIAN__)) || \ (defined(__ia64) && defined(__BIG_ENDIAN__)) #define SK_CPU_BENDIAN - #else - #define SK_CPU_LENDIAN - #endif - #endif - diff --git a/mozilla-bmo1601707.patch b/mozilla-bmo1601707.patch index c61a8cb..dde5201 100644 --- a/mozilla-bmo1601707.patch +++ b/mozilla-bmo1601707.patch @@ -1,7 +1,15 @@ +# HG changeset patch +# Parent 862430a659a4f1fcbbbbfcf1cba98eb7e31035dc + diff --git a/dom/indexedDB/ActorsParent.cpp b/dom/indexedDB/ActorsParent.cpp --- a/dom/indexedDB/ActorsParent.cpp +++ b/dom/indexedDB/ActorsParent.cpp -@@ -24311,9 +24311,9 @@ +@@ -24612,19 +24612,19 @@ nsresult ObjectStoreAddOrPutRequestOp::D + } + } + + // The "|| keyUnset" here is mostly a debugging tool. If a key isn't + // specified we should never have a collision and so it shouldn't matter // if we allow overwrite or not. By not allowing overwrite we raise // detectable errors rather than corrupting data. DatabaseConnection::CachedStatement stmt; @@ -14,16 +22,17 @@ diff --git a/dom/indexedDB/ActorsParent.cpp b/dom/indexedDB/ActorsParent.cpp rv = aConnection->GetCachedStatement( NS_LITERAL_CSTRING("INSERT ") + optReplaceDirective + NS_LITERAL_CSTRING("INTO object_data " -@@ -25869,7 +25869,7 @@ - } - } + "(object_store_id, key, file_ids, data) " + "VALUES (:") + + kStmtParamNameObjectStoreId + NS_LITERAL_CSTRING(", :") + + kStmtParamNameKey + NS_LITERAL_CSTRING(", :") + + kStmtParamNameFileIds + NS_LITERAL_CSTRING(", :") + +@@ -26452,19 +26452,19 @@ nsresult Cursor::OpenOp::DoIndexDatabase + MOZ_ASSERT(mCursor->mType == OpenCursorParams::TIndexOpenCursorParams); + MOZ_ASSERT(mCursor->mObjectStoreId); + MOZ_ASSERT(mCursor->mIndexId); -- const auto& comparisonChar = -+ const auto comparisonChar = - isIncreasingOrder ? NS_LITERAL_CSTRING(">") : NS_LITERAL_CSTRING("<"); - - mCursor->mContinueToQuery = -@@ -26076,9 +26076,9 @@ + AUTO_PROFILER_LABEL("Cursor::OpenOp::DoIndexDatabaseWork", DOM); const bool usingKeyRange = mOptionalKeyRange.isSome(); @@ -34,9 +43,19 @@ diff --git a/dom/indexedDB/ActorsParent.cpp b/dom/indexedDB/ActorsParent.cpp + ? NS_LITERAL_CSTRING("unique_index_data") + : NS_LITERAL_CSTRING("index_data"); - NS_NAMED_LITERAL_CSTRING(sortColumn, "sort_column"); + // The result of MakeColumnPairSelectionList is stored in a local variable, + // since inlining it into the next statement causes a crash on some Mac OS X + // builds (see https://bugzilla.mozilla.org/show_bug.cgi?id=1168606#c110). + const auto columnPairSelectionList = MakeColumnPairSelectionList( + NS_LITERAL_CSTRING("index_table.value"), + NS_LITERAL_CSTRING("index_table.value_locale"), kColumnNameAliasSortKey, + mCursor->IsLocaleAware()); +@@ -26558,19 +26558,19 @@ nsresult Cursor::OpenOp::DoIndexKeyDatab + MOZ_ASSERT(mCursor->mType == OpenCursorParams::TIndexOpenKeyCursorParams); + MOZ_ASSERT(mCursor->mObjectStoreId); + MOZ_ASSERT(mCursor->mIndexId); -@@ -26198,9 +26198,9 @@ + AUTO_PROFILER_LABEL("Cursor::OpenOp::DoIndexKeyDatabaseWork", DOM); const bool usingKeyRange = mOptionalKeyRange.isSome(); @@ -47,6 +66,10 @@ diff --git a/dom/indexedDB/ActorsParent.cpp b/dom/indexedDB/ActorsParent.cpp + ? NS_LITERAL_CSTRING("unique_index_data") + : NS_LITERAL_CSTRING("index_data"); - NS_NAMED_LITERAL_CSTRING(sortColumn, "sort_column"); - - + // The result of MakeColumnPairSelectionList is stored in a local variable, + // since inlining it into the next statement causes a crash on some Mac OS X + // builds (see https://bugzilla.mozilla.org/show_bug.cgi?id=1168606#c110). + const auto columnPairSelectionList = MakeColumnPairSelectionList( + NS_LITERAL_CSTRING("value"), NS_LITERAL_CSTRING("value_locale"), + kColumnNameAliasSortKey, mCursor->IsLocaleAware()); + const nsCString sortColumnAlias = NS_LITERAL_CSTRING("SELECT ") + diff --git a/mozilla-kde.patch b/mozilla-kde.patch index 7a41dad..5c8aff9 100644 --- a/mozilla-kde.patch +++ b/mozilla-kde.patch @@ -3,7 +3,7 @@ # Date 1559294891 -7200 # Fri May 31 11:28:11 2019 +0200 # Node ID c2aa7198fb925e7fde96abf65b6f68b9b755f112 -# Parent 86d7ace0b36abf542e56fbb702a5f9b308b9bf77 +# Parent 52a515e07938d75f7c33e7b724845ce6dc315c0c Description: Add KDE integration to Firefox (toolkit parts) Author: Wolfgang Rosenauer Author: Lubos Lunak @@ -31,7 +31,7 @@ diff --git a/modules/libpref/Preferences.cpp b/modules/libpref/Preferences.cpp #ifdef MOZ_MEMORY # include "mozmemory.h" #endif -@@ -4542,25 +4543,37 @@ nsresult Preferences::InitInitialObjects +@@ -4543,25 +4544,37 @@ nsresult Preferences::InitInitialObjects // application pref files for backwards compatibility. static const char* specialFiles[] = { #if defined(XP_MACOSX) @@ -69,7 +69,7 @@ diff --git a/modules/libpref/Preferences.cpp b/modules/libpref/Preferences.cpp // Load jar:$app/omni.jar!/defaults/preferences/*.js // or jar:$gre/omni.jar!/defaults/preferences/*.js. -@@ -4606,17 +4619,17 @@ nsresult Preferences::InitInitialObjects +@@ -4607,17 +4620,17 @@ nsresult Preferences::InitInitialObjects } nsCOMPtr path = do_QueryInterface(elem); @@ -91,7 +91,7 @@ diff --git a/modules/libpref/Preferences.cpp b/modules/libpref/Preferences.cpp diff --git a/modules/libpref/moz.build b/modules/libpref/moz.build --- a/modules/libpref/moz.build +++ b/modules/libpref/moz.build -@@ -110,16 +110,20 @@ EXPORTS.mozilla += [ +@@ -113,16 +113,20 @@ EXPORTS.mozilla += [ ] EXPORTS.mozilla += sorted(['!' + g for g in gen_h]) @@ -356,7 +356,7 @@ diff --git a/toolkit/system/unixproxy/nsUnixSystemProxySettings.cpp b/toolkit/sy diff --git a/toolkit/xre/moz.build b/toolkit/xre/moz.build --- a/toolkit/xre/moz.build +++ b/toolkit/xre/moz.build -@@ -85,17 +85,19 @@ elif CONFIG['MOZ_WIDGET_TOOLKIT'] == 'co +@@ -87,17 +87,19 @@ elif CONFIG['MOZ_WIDGET_TOOLKIT'] == 'co '../components/printingui', ] elif CONFIG['MOZ_WIDGET_TOOLKIT'] == 'uikit': @@ -841,7 +841,7 @@ diff --git a/uriloader/exthandler/HandlerServiceParent.cpp b/uriloader/exthandle diff --git a/uriloader/exthandler/moz.build b/uriloader/exthandler/moz.build --- a/uriloader/exthandler/moz.build +++ b/uriloader/exthandler/moz.build -@@ -83,17 +83,19 @@ else: +@@ -85,17 +85,19 @@ else: SOURCES += [ osdir + '/nsOSHelperAppService.cpp', ] @@ -861,7 +861,7 @@ diff --git a/uriloader/exthandler/moz.build b/uriloader/exthandler/moz.build 'android/nsExternalURLHandlerService.cpp', 'android/nsMIMEInfoAndroid.cpp', ] -@@ -133,16 +135,17 @@ include('/ipc/chromium/chromium-config.m +@@ -135,16 +137,17 @@ include('/ipc/chromium/chromium-config.m FINAL_LIBRARY = 'xul' LOCAL_INCLUDES += [ @@ -1252,9 +1252,9 @@ diff --git a/uriloader/exthandler/unix/nsOSHelperAppService.cpp b/uriloader/exth #endif } - nsresult nsOSHelperAppService::GetFileTokenForPath( - const char16_t* platformAppPath, nsIFile** aFile) { -@@ -1136,17 +1136,17 @@ already_AddRefed nsOSHel + NS_IMETHODIMP nsOSHelperAppService::IsCurrentAppOSDefaultForProtocol( + const nsACString& aScheme, bool* _retval) { +@@ -1142,17 +1142,17 @@ already_AddRefed nsOSHel nsresult rv = LookUpTypeAndDescription(NS_ConvertUTF8toUTF16(aFileExt), majorType, minorType, mime_types_description, true); @@ -1273,7 +1273,7 @@ diff --git a/uriloader/exthandler/unix/nsOSHelperAppService.cpp b/uriloader/exth rv = LookUpTypeAndDescription(NS_ConvertUTF8toUTF16(aFileExt), majorType, minorType, mime_types_description, false); -@@ -1248,17 +1248,17 @@ already_AddRefed nsOSHel +@@ -1254,17 +1254,17 @@ already_AddRefed nsOSHel // Now look up our extensions nsAutoString extensions, mime_types_description; @@ -1295,7 +1295,7 @@ diff --git a/uriloader/exthandler/unix/nsOSHelperAppService.cpp b/uriloader/exth diff --git a/widget/gtk/moz.build b/widget/gtk/moz.build --- a/widget/gtk/moz.build +++ b/widget/gtk/moz.build -@@ -126,16 +126,17 @@ include('/ipc/chromium/chromium-config.m +@@ -127,16 +127,17 @@ include('/ipc/chromium/chromium-config.m FINAL_LIBRARY = 'xul' @@ -1814,7 +1814,7 @@ diff --git a/xpcom/components/ManifestParser.cpp b/xpcom/components/ManifestPars diff --git a/xpcom/components/moz.build b/xpcom/components/moz.build --- a/xpcom/components/moz.build +++ b/xpcom/components/moz.build -@@ -66,16 +66,17 @@ LOCAL_INCLUDES += [ +@@ -62,16 +62,17 @@ LOCAL_INCLUDES += [ '!..', '../base', '../build', diff --git a/mozilla.sh.in b/mozilla.sh.in index 6510bac..9b59da4 100644 --- a/mozilla.sh.in +++ b/mozilla.sh.in @@ -70,15 +70,6 @@ else export MOZ_APP_LAUNCHER="/usr/bin/$MOZ_APPNAME" fi -mozilla_lib=`file $MOZ_PROGRAM` -LIB=lib -echo $mozilla_lib | grep -q -E 'ELF.64-bit.*(x86-64|S/390|PowerPC|ARM aarch64)' && LIB=lib64 - -BROWSER_PLUGIN_DIR=/usr/$LIB/browser-plugins -if [ ! -d $BROWSER_PLUGIN_DIR ]; then - BROWSER_PLUGIN_DIR=/opt/netscape/plugins -fi - MOZILLA_FIVE_HOME="$MOZ_DIST_LIB" export MOZILLA_FIVE_HOME LD_LIBRARY_PATH=$MOZ_DIST_LIB${LD_LIBRARY_PATH:+:$LD_LIBRARY_PATH} @@ -87,18 +78,6 @@ export LD_LIBRARY_PATH # needed for SUN Java under Xorg >= 7.2 export LIBXCB_ALLOW_SLOPPY_LOCK=1 -## -if [ -z "$MOZ_PLUGIN_PATH" ]; then - export MOZ_PLUGIN_PATH=$BROWSER_PLUGIN_DIR -else - # make sure that BROWSER_PLUGIN_DIR is in MOZ_PLUGIN_PATH - echo "$MOZ_PLUGIN_PATH" | grep "$BROWSER_PLUGIN_DIR" 2>&1 >/dev/null - _retval=$? - if [ ${_retval} -ne 0 ]; then - export MOZ_PLUGIN_PATH=$MOZ_PLUGIN_PATH:$BROWSER_PLUGIN_DIR - fi -fi - # disable Gnome crash dialog (doesn't make sense anyway) export GNOME_DISABLE_CRASH_DIALOG=1 diff --git a/tar_stamps b/tar_stamps index 790227c..883fb15 100644 --- a/tar_stamps +++ b/tar_stamps @@ -1,11 +1,11 @@ PRODUCT="firefox" CHANNEL="release" -VERSION="71.0" +VERSION="72.0.1" VERSION_SUFFIX="" -PREV_VERSION="70.0.1" +PREV_VERSION="72.0" PREV_VERSION_SUFFIX="" #SKIP_LOCALES="" # Uncomment to skip l10n and compare-locales-generation RELEASE_REPO="https://hg.mozilla.org/releases/mozilla-release" -RELEASE_TAG="501aef7fe1d9622236600a7e53843d40d163a123" -RELEASE_TIMESTAMP="20191202093317" +RELEASE_TAG="8260da04c9b13f7c0e9cc6984a75e689b5fcb8c8" +RELEASE_TIMESTAMP="20200107212822" From e6daec17eeebd4f33b1d94c9ae2d570fffe8a0db452911c7e505cf2eefbe5878 Mon Sep 17 00:00:00 2001 From: Wolfgang Rosenauer Date: Thu, 9 Jan 2020 07:31:08 +0000 Subject: [PATCH 2/3] MFSA 2020-03 (bsc#1160498) * CVE-2019-17026 (bmo#1607443) IonMonkey type confusion with StoreElementHole and FallibleStoreElement OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=794 --- MozillaFirefox.changes | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/MozillaFirefox.changes b/MozillaFirefox.changes index 7cca129..9e45775 100644 --- a/MozillaFirefox.changes +++ b/MozillaFirefox.changes @@ -2,10 +2,9 @@ Wed Jan 8 08:19:12 UTC 2020 - Wolfgang Rosenauer - Mozilla Firefox 72.0.1 - -------------------------------------------------------------------- -Tue Jan 7 13:03:50 UTC 2020 - Wolfgang Rosenauer - + MFSA 2020-03 (bsc#1160498) + * CVE-2019-17026 (bmo#1607443) + IonMonkey type confusion with StoreElementHole and FallibleStoreElement - Mozilla Firefox 72.0 * block fingerprinting scripts by default * new notification pop-ups From 84f4043538f61654a198a55fca811097bd62eb6ac7be02609343d2f17bfc02a3 Mon Sep 17 00:00:00 2001 From: Wolfgang Rosenauer Date: Thu, 9 Jan 2020 07:35:03 +0000 Subject: [PATCH 3/3] MFSA 2020-01 (bsc#1160305) OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=795 --- MozillaFirefox.changes | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/MozillaFirefox.changes b/MozillaFirefox.changes index 9e45775..54e795a 100644 --- a/MozillaFirefox.changes +++ b/MozillaFirefox.changes @@ -9,7 +9,7 @@ Wed Jan 8 08:19:12 UTC 2020 - Wolfgang Rosenauer * block fingerprinting scripts by default * new notification pop-ups * Picture-in-picture video - MFSA 2020-01 + MFSA 2020-01 (bsc#1160305) * CVE-2019-17016 (bmo#1599181) Bypass of @namespace CSS sanitization during pasting * CVE-2019-17017 (bmo#1603055)