From 79dbc14d01ac5e8d311f0878d533f5927a1f33b3ca5c18d6f794dd88bdd7761e Mon Sep 17 00:00:00 2001 From: Wolfgang Rosenauer Date: Tue, 7 Dec 2021 21:12:25 +0000 Subject: [PATCH] - Mozilla Firefox 95.0 * You can now move the Picture-in-Picture toggle button to the opposite side of the video. Simply look for the new context menu option Move Picture-in-Picture Toggle to Left (Right) Side. * To better protect Firefox users against side-channel attacks such as Spectre, Site Isolation is now enabled for all Firefox 95 users. * https://www.mozilla.org/en-US/firefox/95.0/releasenotes MFSA 2021-52 (bsc#1193485) * CVE-2021-43536 (bmo#1730120) URL leakage when navigating while executing asynchronous function * CVE-2021-43537 (bmo#1738237) Heap buffer overflow when using structured clone * CVE-2021-43538 (bmo#1739091) Missing fullscreen and pointer lock notification when requesting both * CVE-2021-43539 (bmo#1739683) GC rooting failure when calling wasm instance methods * MOZ-2021-0010 (bmo#1735852) Use-after-free in fullscreen objects on MacOS * CVE-2021-43540 (bmo#1636629) WebExtensions could have installed persistent ServiceWorkers * CVE-2021-43541 (bmo#1696685) External protocol handler parameters were unescaped * CVE-2021-43542 (bmo#1723281) XMLHttpRequest error codes could have leaked the existence of an external protocol handler * CVE-2021-43543 (bmo#1738418) Bypass of CSP sandbox directive when embedding * CVE-2021-43544 (bmo#1739934) OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=947 --- MozillaFirefox.changes | 46 ++++++++++++++++++++++ MozillaFirefox.spec | 9 +++-- firefox-94.0.2.source.tar.xz | 3 -- firefox-94.0.2.source.tar.xz.asc | 16 -------- firefox-95.0.source.tar.xz | 3 ++ firefox-95.0.source.tar.xz.asc | 16 ++++++++ l10n-94.0.2.tar.xz | 3 -- l10n-95.0.tar.xz | 3 ++ mozilla-kde.patch | 10 ++--- mozilla-pgo.patch | 65 +++++++++++++++++++------------- tar_stamps | 8 ++-- 11 files changed, 121 insertions(+), 61 deletions(-) delete mode 100644 firefox-94.0.2.source.tar.xz delete mode 100644 firefox-94.0.2.source.tar.xz.asc create mode 100644 firefox-95.0.source.tar.xz create mode 100644 firefox-95.0.source.tar.xz.asc delete mode 100644 l10n-94.0.2.tar.xz create mode 100644 l10n-95.0.tar.xz diff --git a/MozillaFirefox.changes b/MozillaFirefox.changes index 3b91be7..a815824 100644 --- a/MozillaFirefox.changes +++ b/MozillaFirefox.changes @@ -1,3 +1,49 @@ +------------------------------------------------------------------- +Sat Dec 4 12:07:21 UTC 2021 - Wolfgang Rosenauer + +- Mozilla Firefox 95.0 + * You can now move the Picture-in-Picture toggle button to the + opposite side of the video. Simply look for the new context menu + option Move Picture-in-Picture Toggle to Left (Right) Side. + * To better protect Firefox users against side-channel attacks such + as Spectre, Site Isolation is now enabled for all Firefox 95 users. + * https://www.mozilla.org/en-US/firefox/95.0/releasenotes + MFSA 2021-52 (bsc#1193485) + * CVE-2021-43536 (bmo#1730120) + URL leakage when navigating while executing asynchronous + function + * CVE-2021-43537 (bmo#1738237) + Heap buffer overflow when using structured clone + * CVE-2021-43538 (bmo#1739091) + Missing fullscreen and pointer lock notification when + requesting both + * CVE-2021-43539 (bmo#1739683) + GC rooting failure when calling wasm instance methods + * MOZ-2021-0010 (bmo#1735852) + Use-after-free in fullscreen objects on MacOS + * CVE-2021-43540 (bmo#1636629) + WebExtensions could have installed persistent ServiceWorkers + * CVE-2021-43541 (bmo#1696685) + External protocol handler parameters were unescaped + * CVE-2021-43542 (bmo#1723281) + XMLHttpRequest error codes could have leaked the existence of + an external protocol handler + * CVE-2021-43543 (bmo#1738418) + Bypass of CSP sandbox directive when embedding + * CVE-2021-43544 (bmo#1739934) + Receiving a malicious URL as text through a SEND intent could + have led to XSS + * CVE-2021-43545 (bmo#1720926) + Denial of Service when using the Location API in a loop + * CVE-2021-43546 (bmo#1737751) + Cursor spoofing could overlay user interface when native + cursor is zoomed + * MOZ-2021-0009 (bmo#1393362, bmo#1736046, bmo#1736751, + bmo#1737009, bmo#1739372, bmo#1739421) + Memory safety bugs fixed in Firefox 95 and Firefox ESR 91.4 +- requires + NSS >= 3.72 + ------------------------------------------------------------------- Thu Dec 2 20:32:42 UTC 2021 - Andreas Stieger diff --git a/MozillaFirefox.spec b/MozillaFirefox.spec index 695dbd1..484d03d 100644 --- a/MozillaFirefox.spec +++ b/MozillaFirefox.spec @@ -28,9 +28,9 @@ # orig_suffix b3 # major 69 # mainver %major.99 -%define major 94 -%define mainver %major.0.2 -%define orig_version 94.0.2 +%define major 95 +%define mainver %major.0 +%define orig_version 95.0 %define orig_suffix %{nil} %define update_channel release %define branding 1 @@ -492,6 +492,8 @@ ac_add_options --with-mozilla-api-keyfile=%{SOURCE18} ac_add_options --with-google-safebrowsing-api-keyfile=%{SOURCE19} ac_add_options --with-unsigned-addon-scopes=app ac_add_options --allow-addon-sideload +# at least temporary until the "wasi-sysroot" issue is solved +ac_add_options --without-wasm-sandboxed-libraries %if %branding ac_add_options --enable-official-branding %endif @@ -548,6 +550,7 @@ mk_add_options MOZ_OBJDIR=@TOPSRCDIR@/../obj_LANG ac_add_options --prefix=%{_prefix} ac_add_options --with-l10n-base=$RPM_BUILD_DIR/l10n ac_add_options --disable-updater +ac_add_options --without-wasm-sandboxed-libraries %if %branding ac_add_options --enable-official-branding %endif diff --git a/firefox-94.0.2.source.tar.xz b/firefox-94.0.2.source.tar.xz deleted file mode 100644 index ace714b..0000000 --- a/firefox-94.0.2.source.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:899ba1c806549034793d7e8ca53f4c845d783c810338f314f3d653d39649e575 -size 382896780 diff --git a/firefox-94.0.2.source.tar.xz.asc b/firefox-94.0.2.source.tar.xz.asc deleted file mode 100644 index 514e117..0000000 --- a/firefox-94.0.2.source.tar.xz.asc +++ /dev/null @@ -1,16 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQIzBAABCgAdFiEEQ2D+IQnEl2MYb44h6+QekPbxL20FAmGX42UACgkQ6+QekPbx -L20fTg/9GdNWBx4O/+pVOxbaWOWn4w+aD0XuBLdTge4+c2u7hxtaMqGKyWFYDVq1 -5/TkpO5miNj7yb+Jgj7KRA8Mo6FLhEQVnox3YjndYE9rseGxiDzVBFf/NCX6gJLU -beCEZ0VPXgXu6iA1PtW8Hs0Npq3o8NtrDyw+RVxZWH7clRPTFxnibBauPTNC+H5U -BIe+exHSD984s7535DnDvK+C6YBe/Y8E/mPlcQLnGbAUzexU+3mB79bEGNwdI5gv -X/YJtcf6Kmo4MDxEdKnE/eTDSr6u9AEpG0CYRiu3k9QcwiFTN5wpYxj+G5HeL8rF -p6Y4xXnGbloMWwA9hNoYGyr0Iq6tLDWdpJKR7w7v/sXGujdf++7svDvGdup4r8VL -Avu5RVAli+gMhFwkNnwWMfOHukH/09xNBfGjaTcdliDNcUyVgL82ZQ2oF36demrh -1mVtJnEE2R8HIM/klAuu3Hz+rEam8kXmBA64zfXrbmTdAiymBKtF1gf82dJFMa3/ -7fbzSHQVBSpy3mzOphifUYvyxjR9a2OgxS5uKe4Ere5E0b+CvLEMzOSsVgP4Ilnb -hjnXKRdG1js0AKKT9RrleNXJamn1LBIom5zLcMKqRBnYqHZDuVzanPt7MbJB7SvW -+DcDfQ0YRYJbnQ/XJg9+J4xhcIcjdUdj61rPd6HK3zESqU7hUyU= -=8S/P ------END PGP SIGNATURE----- diff --git a/firefox-95.0.source.tar.xz b/firefox-95.0.source.tar.xz new file mode 100644 index 0000000..f5152b8 --- /dev/null +++ b/firefox-95.0.source.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:7fa3e43f6ec710b2ebba0e99db713a56d13d85f1f23c4a1399bb594fd74864de +size 382853940 diff --git a/firefox-95.0.source.tar.xz.asc b/firefox-95.0.source.tar.xz.asc new file mode 100644 index 0000000..1a9bfe6 --- /dev/null +++ b/firefox-95.0.source.tar.xz.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCgAdFiEEQ2D+IQnEl2MYb44h6+QekPbxL20FAmGk/KQACgkQ6+QekPbx +L20H4A//eZmrO5kJF2ISDsZGF7tV+EjP0hlNqBLsUkZUXvcldpzG8Fo3d4wqe27y +ROdFyvuMlvAKNS3ZFzS47Q5mTc7nZ3KoI68Q4RTN+mk0VrHjQ+nLXFdennp6NWLs +WAbtsVUgRiV9R8hZlWm69hWa/p22duc0lz9D7gGHSycTGKWqaacKCisXBNmV5UD1 +0ooD/maOYgLnedaZu2K2OOPZArHchZnrsMz7NG0DBXEY2yaTXyjVBtnSoo8bBrkv +95XFwEVGZCGuc/OK9iBzIynRlKHV4mg0dsIayb/JpNnHdEGWFRLd6PulELdGPcvq +msPl9kcHZX8M07Ha6gB3WB31M0COsTDraBvIZrfSBm+7XOF8QtYKjKV7SrlG9hLz +KjkKDRVZBZPrGbol7IPaZQ1MKMmR/ifc33Azd0S+6v8VNxOUVmK18AxORj4/hEAy +0FGiUkYAQKI6o2WLbAV5WOZGnlT4YyHUjNXH/yQXMlMelJS/5NSeSgmpRWWX6uhr +li45wabZg11TMZ0a17w3ZYZZLN56jOsKbaglKI/MznpJB8pQYs8yTblFj0FfWxbT +qlLtsmwvLMQYNr5lcfu7DYZGsGD47Dq3/Uo5jKFS7TQ68wLKHbtHJAXuEZkPpp/v +drysMCzF78fx0tg0Lw7J2wvkYavSdensHSfkb6A8bGvBRbN/Eds= +=/gW4 +-----END PGP SIGNATURE----- diff --git a/l10n-94.0.2.tar.xz b/l10n-94.0.2.tar.xz deleted file mode 100644 index 0bac08b..0000000 --- a/l10n-94.0.2.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:7ea87cc125b67cd1802b5895ca64b9e71df6966c9c0ac13376545da4ca727626 -size 48450876 diff --git a/l10n-95.0.tar.xz b/l10n-95.0.tar.xz new file mode 100644 index 0000000..661b2cc --- /dev/null +++ b/l10n-95.0.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:c350d342122846ce53c4c07b594b93406829e77545a3911743587f7018328e33 +size 49001020 diff --git a/mozilla-kde.patch b/mozilla-kde.patch index bfb1db6..c7af69e 100644 --- a/mozilla-kde.patch +++ b/mozilla-kde.patch @@ -3,7 +3,7 @@ # Date 1559294891 -7200 # Fri May 31 11:28:11 2019 +0200 # Node ID c2aa7198fb925e7fde96abf65b6f68b9b755f112 -# Parent 9eb4df0e07175ce38fc6699b2b8544b9eda7f0ad +# Parent d065e5213c971b1f80d4a13458c412a3a25f7c1c Description: Add KDE integration to Firefox (toolkit parts) Author: Wolfgang Rosenauer Author: Lubos Lunak @@ -31,7 +31,7 @@ diff --git a/modules/libpref/Preferences.cpp b/modules/libpref/Preferences.cpp #ifdef MOZ_MEMORY # include "mozmemory.h" #endif -@@ -4634,16 +4635,27 @@ nsresult Preferences::InitInitialObjects +@@ -4635,16 +4636,27 @@ nsresult Preferences::InitInitialObjects "unix.js" # if defined(_AIX) , @@ -59,7 +59,7 @@ diff --git a/modules/libpref/Preferences.cpp b/modules/libpref/Preferences.cpp // Load jar:$app/omni.jar!/defaults/preferences/*.js // or jar:$gre/omni.jar!/defaults/preferences/*.js. -@@ -4708,17 +4720,17 @@ nsresult Preferences::InitInitialObjects +@@ -4709,17 +4721,17 @@ nsresult Preferences::InitInitialObjects } nsCOMPtr path = do_QueryInterface(elem); @@ -346,7 +346,7 @@ diff --git a/toolkit/system/unixproxy/nsUnixSystemProxySettings.cpp b/toolkit/sy diff --git a/toolkit/xre/moz.build b/toolkit/xre/moz.build --- a/toolkit/xre/moz.build +++ b/toolkit/xre/moz.build -@@ -91,17 +91,19 @@ elif CONFIG["MOZ_WIDGET_TOOLKIT"] == "co +@@ -92,17 +92,19 @@ elif CONFIG["MOZ_WIDGET_TOOLKIT"] == "co "../components/printingui", ] elif CONFIG["MOZ_WIDGET_TOOLKIT"] == "uikit": @@ -360,12 +360,12 @@ diff --git a/toolkit/xre/moz.build b/toolkit/xre/moz.build + "nsKDEUtils.cpp", "nsNativeAppSupportUnix.cpp", ] + CXXFLAGS += CONFIG["MOZ_X11_SM_CFLAGS"] else: UNIFIED_SOURCES += [ "nsNativeAppSupportDefault.cpp", ] - if CONFIG["MOZ_HAS_REMOTE"]: diff --git a/toolkit/xre/nsKDEUtils.cpp b/toolkit/xre/nsKDEUtils.cpp new file mode 100644 --- /dev/null diff --git a/mozilla-pgo.patch b/mozilla-pgo.patch index 2c453dd..3143bfc 100644 --- a/mozilla-pgo.patch +++ b/mozilla-pgo.patch @@ -1,37 +1,48 @@ # HG changeset patch # User Wolfgang Rosenauer -# Parent ed9681bd4359b83145247fb6b01a56a2c84879fd +# Parent 066aba2f6d1fbc0fe31d1864d539714041404fe6 diff --git a/build/moz.configure/lto-pgo.configure b/build/moz.configure/lto-pgo.configure --- a/build/moz.configure/lto-pgo.configure +++ b/build/moz.configure/lto-pgo.configure -@@ -235,23 +235,23 @@ def lto( - "configure." - ) +@@ -243,34 +243,34 @@ def lto( + "configure." + ) - if c_compiler.type == "clang": - if len(value) and value[0].lower() == "full": - cflags.append("-flto") - ldflags.append("-flto") - else: -- cflags.append("-flto=thin") -- ldflags.append("-flto=thin") -+ cflags.append("-flto") -+ ldflags.append("-flto") - elif c_compiler.type == "clang-cl": - if len(value) and value[0].lower() == "full": - cflags.append("-flto") - else: -- cflags.append("-flto=thin") -+ cflags.append("-flto") - # With clang-cl, -flto can only be used with -c or -fuse-ld=lld. - # AC_TRY_LINKs during configure don't have -c, so pass -fuse-ld=lld. - cflags.append("-fuse-ld=lld") + if c_compiler.type == "clang": + if value == "full": + cflags.append("-flto") + ldflags.append("-flto") + else: +- cflags.append("-flto=thin") +- ldflags.append("-flto=thin") ++ cflags.append("-flto") ++ ldflags.append("-flto") - # Explicitly set the CPU to optimize for so the linker doesn't - # choose a poor default. Rust compilation by default uses the - # pentium4 CPU on x86: - # + if target.os == "Android" and value == "cross": + # Work around https://github.com/rust-lang/rust/issues/90088 + # by enabling the highest level of SSE the rust targets default + # to. + # https://github.com/rust-lang/rust/blob/bdfcb88e8b6203ccb46a2fb6649979b773efc8ac/compiler/rustc_target/src/spec/i686_linux_android.rs#L13 + # https://github.com/rust-lang/rust/blob/8d1083e319841624f64400e1524805a40d725439/compiler/rustc_target/src/spec/x86_64_linux_android.rs#L7 + if target.cpu == "x86": + ldflags.append("-Wl,-plugin-opt=-mattr=+ssse3") + elif target.cpu == "x86_64": + ldflags.append("-Wl,-plugin-opt=-mattr=+sse4.2") + elif c_compiler.type == "clang-cl": + if value == "full": + cflags.append("-flto") + else: +- cflags.append("-flto=thin") ++ cflags.append("-flto") + # With clang-cl, -flto can only be used with -c or -fuse-ld=lld. + # AC_TRY_LINKs during configure don't have -c, so pass -fuse-ld=lld. + cflags.append("-fuse-ld=lld") + + # Explicitly set the CPU to optimize for so the linker doesn't + # choose a poor default. Rust compilation by default uses the + # pentium4 CPU on x86: + # diff --git a/build/pgo/profileserver.py b/build/pgo/profileserver.py --- a/build/pgo/profileserver.py +++ b/build/pgo/profileserver.py @@ -155,7 +166,7 @@ diff --git a/extensions/spellcheck/src/moz.build b/extensions/spellcheck/src/moz diff --git a/toolkit/components/terminator/nsTerminator.cpp b/toolkit/components/terminator/nsTerminator.cpp --- a/toolkit/components/terminator/nsTerminator.cpp +++ b/toolkit/components/terminator/nsTerminator.cpp -@@ -451,16 +451,21 @@ void nsTerminator::StartWatchdog() { +@@ -461,16 +461,21 @@ void nsTerminator::StartWatchdog() { // Defend against overflow crashAfterMS = INT32_MAX; } else { diff --git a/tar_stamps b/tar_stamps index 88a07c5..ccaa78c 100644 --- a/tar_stamps +++ b/tar_stamps @@ -1,10 +1,10 @@ PRODUCT="firefox" CHANNEL="release" -VERSION="94.0.2" +VERSION="95.0" VERSION_SUFFIX="" -PREV_VERSION="94.0.1" +PREV_VERSION="94.0.2" PREV_VERSION_SUFFIX="" #SKIP_LOCALES="" # Uncomment to skip l10n and compare-locales-generation RELEASE_REPO="https://hg.mozilla.org/releases/mozilla-release" -RELEASE_TAG="f09593707108af9f9f4d580cf748c3537639ecd4" -RELEASE_TIMESTAMP="20211119140621" +RELEASE_TAG="5a1a2f3b06c23a27532ba48f9999c59c643f3f36" +RELEASE_TIMESTAMP="20211129150630"