- Mozilla Firefox 86.0

* requires NSS >= 3.61 * requires rust-cbindgen >= 0.16.0 * Firefox now supports simultaneously watching multiple videos in Picture-in-Picture. * Total Cookie Protection to Strict Mode * https://www.mozilla.org/en-US/firefox/86.0/releasenotes MSFA 2021-07 (bsc#1182614) * CVE-2021-23969 (bmo#1542194) Content Security Policy violation report could have contained the destination of a redirect * CVE-2021-23970 (bmo#1681724) Multithreaded WASM triggered assertions validating separation of script domains * CVE-2021-23968 (bmo#1687342) Content Security Policy violation report could have contained the destination of a redirect * CVE-2021-23974 (bmo#1528997, bmo#1683627) noscript elements could have led to an HTML Sanitizer bypass * CVE-2021-23971 (bmo#1678545) A website's Referrer-Policy could have been be overridden, potentially resulting in the full URL being sent as a Referrer * CVE-2021-23976 (bmo#1684627) Local spoofing of web manifests for arbitrary pages in Firefox for Android * CVE-2021-23977 (bmo#1684761) Malicious application could read sensitive data from Firefox for Android's application directories * CVE-2021-23972 (bmo#1683536) HTTP Auth phishing warning was omitted when a redirect is OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=895
2021-02-24 11:49:39 +00:00 · 2021-02-24 11:49:39 +00:00 · e8a1c7a40b
commit e8a1c7a40b
parent 326240ab1d
12 changed files with 99 additions and 110 deletions
--- a/MozillaFirefox.changes
+++ b/MozillaFirefox.changes
@ -1,3 +1,56 @@
+-------------------------------------------------------------------
+Sun Feb 21 18:14:12 UTC 2021 - Wolfgang Rosenauer <wr@rosenauer.org>
+
+- Mozilla Firefox 86.0
+  * requires NSS >= 3.61
+  * requires rust-cbindgen >= 0.16.0
+  * Firefox now supports simultaneously watching multiple videos in
+    Picture-in-Picture.
+  * Total Cookie Protection to Strict Mode
+  * https://www.mozilla.org/en-US/firefox/86.0/releasenotes
+  MSFA 2021-07 (bsc#1182614)
+  * CVE-2021-23969 (bmo#1542194)
+    Content Security Policy violation report could have contained
+    the destination of a redirect
+  * CVE-2021-23970 (bmo#1681724)
+    Multithreaded WASM triggered assertions validating separation
+    of script domains
+  * CVE-2021-23968 (bmo#1687342)
+    Content Security Policy violation report could have contained
+    the destination of a redirect
+  * CVE-2021-23974 (bmo#1528997, bmo#1683627)
+    noscript elements could have led to an HTML Sanitizer bypass
+  * CVE-2021-23971 (bmo#1678545)
+    A website's Referrer-Policy could have been be overridden,
+    potentially resulting in the full URL being sent as a Referrer
+  * CVE-2021-23976 (bmo#1684627)
+    Local spoofing of web manifests for arbitrary pages in
+    Firefox for Android
+  * CVE-2021-23977 (bmo#1684761)
+    Malicious application could read sensitive data from Firefox
+    for Android's application directories
+  * CVE-2021-23972 (bmo#1683536)
+    HTTP Auth phishing warning was omitted when a redirect is
+    cached
+  * CVE-2021-23975 (bmo#1685145)
+    about:memory Measure function caused an incorrect pointer
+    operation
+  * CVE-2021-23973 (bmo#1690976)
+    MediaError message property could have leaked information
+    about cross-origin resources
+  * CVE-2021-23978 (bmo#1682928, bmo#1687391, bmo#1687597, bmo#786797)
+    Memory safety bugs fixed in Firefox 86 and Firefox ESR 78.8
+  * CVE-2021-23979 (bmo#1663222, bmo#1666607, bmo#1672120, bmo#1678463,
+    bmo#1678927, bmo#1679560, bmo#1681297, bmo#1681684, bmo#1683490,
+    bmo#1684377, bmo#1684902)
+    Memory safety bugs fixed in Firefox 86
+- updated create-tar.sh (bsc#1182357)
+- removed obsolete mozilla-bmo1554971.patch
+- remove buildsymbols subpackage
+  * we haven't done anything with it for years
+  * mozilla is collecting those from our debuginfo packages
+  * would require a local dump_syms tool
+
 -------------------------------------------------------------------
 Wed Feb 17 18:40:41 UTC 2021 - Andreas Stieger <andreas.stieger@gmx.de>

--- a/MozillaFirefox.spec
+++ b/MozillaFirefox.spec
@ -29,9 +29,9 @@
 # orig_suffix b3
 # major 69
 # mainver %major.99
-%define major          85
-%define mainver        %major.0.2
-%define orig_version   85.0.2
+%define major          86
+%define mainver        %major.0
+%define orig_version   86.0
 %define orig_suffix    %{nil}
 %define update_channel release
 %define branding       1
@ -101,7 +101,7 @@ BuildRequires:  libiw-devel
 BuildRequires:  libproxy-devel
 BuildRequires:  makeinfo
 BuildRequires:  mozilla-nspr-devel >= 4.29
-BuildRequires:  mozilla-nss-devel >= 3.60.1
+BuildRequires:  mozilla-nss-devel >= 3.61
 BuildRequires:  nasm >= 2.14
 BuildRequires:  nodejs10 >= 10.22.1
 %if 0%{?sle_version} >= 120000 && 0%{?sle_version} < 150000
@ -112,7 +112,7 @@ BuildRequires:  python3 >= 3.5
 BuildRequires:  python3-devel
 %endif
 BuildRequires:  rust >= 1.47
-BuildRequires:  rust-cbindgen >= 0.15.0
+BuildRequires:  rust-cbindgen >= 0.16.0
 BuildRequires:  unzip
 BuildRequires:  update-desktop-files
 BuildRequires:  xorg-x11-libXt-devel
@ -175,7 +175,7 @@ Source9:        firefox.js
 Source11:       firefox.1
 Source12:       mozilla-get-app-id
 Source13:       spellcheck.js
-Source14:       https://github.com/openSUSE/firefox-scripts/raw/5e54f4a/create-tar.sh
+Source14:       https://github.com/openSUSE/firefox-scripts/raw/4503820/create-tar.sh
 Source15:       firefox-appdata.xml
 Source16:       %{name}.changes
 Source17:       firefox-search-provider.ini
@ -202,7 +202,6 @@ Patch14:        mozilla-bmo1568145.patch
 Patch15:        mozilla-bmo1504834-part1.patch
 Patch16:        mozilla-bmo1504834-part2.patch
 Patch17:        mozilla-bmo1504834-part3.patch
-Patch18:        mozilla-bmo1554971.patch
 Patch19:        mozilla-bmo1512162.patch
 Patch20:        mozilla-fix-top-level-asm.patch
 Patch21:        mozilla-bmo1504834-part4.patch
@ -217,8 +216,8 @@ Patch101:       firefox-kde.patch
 Patch102:       firefox-branded-icons.patch
 %endif
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
-Requires(post):   coreutils shared-mime-info desktop-file-utils
-Requires(postun): shared-mime-info desktop-file-utils
+Requires(post): coreutils shared-mime-info desktop-file-utils
+Requires(postun):shared-mime-info desktop-file-utils
 Requires:       %{name}-branding >= 68
 %requires_ge    mozilla-nspr
 %requires_ge    mozilla-nss
@ -299,16 +298,6 @@ Supplements:    packageand(%{name}:branding-upstream)
 %description branding-upstream
 This package provides upstream look and feel for %{appname}.

-%if %crashreporter
-%package buildsymbols
-Summary:        Breakpad buildsymbols for %{appname}
-Group:          Development/Debug
-
-%description buildsymbols
-This subpackage contains the Breakpad created and compatible debugging
-symbols meant for upload to Mozilla's crash collector database.
-%endif
-
 %if !%{with only_print_mozconfig}
 %prep
 %if %localize
@ -341,7 +330,6 @@ cd $RPM_BUILD_DIR/%{srcname}-%{orig_version}
 %patch15 -p1
 %patch16 -p1
 %patch17 -p1
-%patch18 -p1
 %patch19 -p1
 %patch20 -p1
 %patch21 -p1
@ -706,18 +694,6 @@ FIN
 # fdupes
 %fdupes %{buildroot}%{progdir}
 %fdupes %{buildroot}%{_datadir}
-# create breakpad debugsymbols
-%if %crashreporter
-SYMBOLS_NAME="firefox-%{version}-` echo '%{release}' | sed 's@\.[^\.]\+$@@' `.%{_arch}-%{suse_version}-symbols"
-make buildsymbols \
-  SYMBOL_INDEX_NAME="$SYMBOLS_NAME.txt" \
-  SYMBOL_FULL_ARCHIVE_BASENAME="$SYMBOLS_NAME-full" \
-  SYMBOL_ARCHIVE_BASENAME="$SYMBOLS_NAME"
-if [ -e dist/*symbols.zip ]; then
-  mkdir -p %{buildroot}%{_datadir}/mozilla/
-  cp dist/*symbols.zip %{buildroot}%{_datadir}/mozilla/
-fi
-%endif

 %clean
 rm -rf %{buildroot}
@ -812,10 +788,4 @@ exit 0
 %defattr(-,root,root)
 %dir %{progdir}

-%if %crashreporter
-%files buildsymbols
-%defattr(-,root,root)
-%{_datadir}/mozilla/*.zip
-%endif
-
 %changelog
--- a/create-tar.sh
+++ b/create-tar.sh
@ -239,9 +239,9 @@ else
  fi
  if [ ! -d $PRODUCT-$VERSION ]; then
    echo "cloning new $BRANCH..."
-    hg clone http://hg.mozilla.org/$BRANCH $PRODUCT-$VERSION
+    hg clone https://hg.mozilla.org/$BRANCH $PRODUCT-$VERSION
    if [ "$PRODUCT" = "thunderbird" ]; then
-      hg clone http://hg.mozilla.org/releases/comm-$CHANNEL $PRODUCT-$VERSION/comm
+      hg clone https://hg.mozilla.org/releases/comm-$CHANNEL $PRODUCT-$VERSION/comm
    fi
  fi
  pushd $PRODUCT-$VERSION || exit 1
@ -258,7 +258,7 @@ else
  [ "$FF_RELEASE_TAG" == "default" ] || hg update -r $FF_RELEASE_TAG
  # get repo and source stamp
  REV=$(hg -R . parent --template="{node|short}\n")
-  SOURCE_REPO=$(hg showconfig paths.default 2>/dev/null | head -n1 | sed -e "s/^ssh:/http:/")
+  SOURCE_REPO=$(hg showconfig paths.default 2>/dev/null | head -n1 | sed -e "s/^ssh:/https:/")
  TIMESTAMP=$(date +%Y%m%d%H%M%S)

  if [ "$PRODUCT" = "thunderbird" ]; then
@ -308,7 +308,7 @@ if [ $LOCALES_CHANGED -ne 0 ]; then
            hg pull
            popd || exit 1
          else
-            hg clone "http://hg.mozilla.org/l10n-central/$locale" "l10n/$locale"
+            hg clone "https://hg.mozilla.org/l10n-central/$locale" "l10n/$locale"
          fi
          [ "$RELEASE_TAG" == "default" ] || hg -R "l10n/$locale" up -C -r "$changeset"
          ;;
--- a/firefox-85.0.2.source.tar.xz
+++ b/firefox-85.0.2.source.tar.xz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:b157cdc265daa6140ec8daef2bc98d335f871e7e9ac235287fb199e11c164287
-size 372234168
--- a/firefox-85.0.2.source.tar.xz.asc
+++ b/firefox-85.0.2.source.tar.xz.asc
@ -1,16 +0,0 @@
-----BEGIN PGP SIGNATURE-----
-
-iQIzBAABCgAdFiEECXsxMHeuYqAvhNpN8aZmj7t9Vy4FAmAhbT8ACgkQ8aZmj7t9
-Vy5+4xAAqFQIiPLySIop6zAfBKyBYkbyZLDLHnZlRxttUQMPkwqcGyIdwD00tc6k
-WoCqHl3fyK3gBcHuV0spdFca8vPKa1fDh4FOfBWdKA34B3D0O4wRwB9COdm+M+Q2
-GhGVFj9V0L8g/vNzBLP/fdPy2ayFo82WBJ0XhI+jTu7GnIDRPI5z845Dp7m1+4e6
-6mShydcINeQ2DrUKDWju9+opaOc9ewlTeLf2gxVWv7/i4Dqzlr50DcwIhdm5+Km9
-cDDsiIxwVe7G3oOTJv9Bhe9obDN3gQWBVlYKEamG0k1b07kkuEW+OiplzYsslgMW
-mv/jHyVLhssRYSDEWTAp4Lxv16JNcPZVXmnlNqXu/MwWffthwoPtCy42EBTD63zI
-1geInqxtK5MsLFipQOBarl7bXiyWoCpRdrs73HBYQJGV5fOwzsM61F8kh4J7eMyq
-sZPvy4Qt9Qt5/mU1xxF7rZ+KfTN/s42GfprwfxoeeEcrzG8tz5Cha5NLW2dXBGeE
-ETGxokt0AlgGJLMW1a3h0uSyfcHTCQMn2R+LNHRJh3avhOQu9IQJq51m7ur4pvC2
-8HAtuRpq2MUxjdQDVGZcqFRTZofy8eT1qYnThSX8nqdbX1hWGWyJpYzOvZfWhFU8
-+KXjyTPP46xKqhRKxHes7Ey8h9DzRVvYiJywV51o3oSKGU0FUP8=
-=qr+A
-----END PGP SIGNATURE-----
--- a/firefox-86.0.source.tar.xz
+++ b/firefox-86.0.source.tar.xz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:c748cd5c900038f3ddcbb33dd53e67329e4e8bc8f73ba145fe4b29276bae2c4e
+size 370225732
--- a/firefox-86.0.source.tar.xz.asc
+++ b/firefox-86.0.source.tar.xz.asc
@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCgAdFiEECXsxMHeuYqAvhNpN8aZmj7t9Vy4FAmAtlLAACgkQ8aZmj7t9
+Vy7NyBAAoZKM+SF1S0NQnDxbo3V+KVIHsrjrCxmYRB8SglWgyJEthMnEIl63+IR1
+4rZoQNkywLbZTd4sYHPTIalSFFQIrheGhK+jWb/bNO+ZtqXNJzyw5e6n1tgYN241
+QLUTHg7SwRsxHwtP9Ik5HPbaU8rYLI3ubGgmvcFRQt3vf7SZH0zXbSz2MWRll8yp
+fjaXLuVj/mCnpZh6o94TMpkbdvPyehrwoa8jO93lshNe3vPDoNS/ScDBHYB8HtW9
+oTikufQ1GBb4KN8V+LEvETsVcVefBc4SQ0Pn+VnUNtMa9fqSuHjPjTYU9fWImQzy
+CFpEehlJMRzEJsd7YI+w2YziG/uO9dO3mnadSC4Xt5nQefRAtCHO8i850m/wCyj9
+WyDFBg6idj/tBIMEsW9syiypAbFj/TYX2Kh13XlPo843DZm4aFb9rVvqwlI6zIS6
+kQDrgRskhxuPj+yL3XCsFNcslGtceLA6Y96odP/ov/8/qzSlCxzlJ4J0V3v0O+v4
+JqikL9h9Ww3WerziojckNIuVcUM4c5okkIG3+sGqftBsxEkLvVN4WdfNOW96v9Bb
+M/zis0mj+niPLuKay51CLRMTvRuc3gke7S39z9qJk39VCpSEE0q2D34Ru68kx9uZ
+0V/5HGz6x6BKm2beH/ZAr7+3S9PoumSZiSVegBV8syWrN2VGtbE=
+=LS2/
+-----END PGP SIGNATURE-----
--- a/l10n-85.0.2.tar.xz
+++ b/l10n-85.0.2.tar.xz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:c52a7466b6caab04b31915c399316ecdb339dc1ffda249a1651ce4fa6fb348b8
-size 49861480
--- a/l10n-86.0.tar.xz
+++ b/l10n-86.0.tar.xz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:a45488ba617018c5f9d6e36fae3ca7cbb9f2eb62646ff80d87b73254382d2884
+size 49801236
--- a/mozilla-bmo1554971.patch
+++ b/mozilla-bmo1554971.patch
@ -1,32 +0,0 @@
-# HG changeset patch
-# Parent  38d48db62539afe61d542c9d21e32d57d4b00a73
-Eliminate startup error message:
-JavaScript error: , line 0: Error: Type error for platformInfo value (Error processing arch: Invalid enumeration value "s390x") for runtime.getPlatformInfo.
-
-Reported here: https://bugzilla.mozilla.org/show_bug.cgi?id=1554971
-
-Uncertain if this is causing real problems or not. Also uncertain if the fix actually fixes anything.
-No response from upstream yet.
-
-diff --git a/toolkit/components/extensions/schemas/runtime.json b/toolkit/components/extensions/schemas/runtime.json
--- a/toolkit/components/extensions/schemas/runtime.json
-+++ b/toolkit/components/extensions/schemas/runtime.json
-@@ -59,17 +59,17 @@
-         "type": "string",
-         "allowedContexts": ["content", "devtools"],
-         "description": "The operating system the browser is running on.",
-         "enum": ["mac", "win", "android", "cros", "linux", "openbsd"]
-       },
-       {
-         "id": "PlatformArch",
-         "type": "string",
-        "enum": ["arm", "x86-32", "x86-64"],
-+        "enum": ["arm", "x86-32", "x86-64", "s390x", "aarch64", "ppc64le"],
-         "allowedContexts": ["content", "devtools"],
-         "description": "The machine's processor architecture."
-       },
-       {
-         "id": "PlatformInfo",
-         "type": "object",
-         "allowedContexts": ["content", "devtools"],
-         "description": "An object containing information about the current platform.",
--- a/mozilla-pgo.patch
+++ b/mozilla-pgo.patch
@ -1,6 +1,6 @@
 # HG changeset patch
 # User Wolfgang Rosenauer <wr@rosenauer.org>
-# Parent  41df71ef2798d6bd6a67cfc4c4f26b8d41b8ccca
+# Parent  07b5ae8ccc4806fcc5ad74e32a2d3fb2b9d605d0

 diff --git a/build/moz.configure/lto-pgo.configure b/build/moz.configure/lto-pgo.configure
 --- a/build/moz.configure/lto-pgo.configure
@ -114,11 +114,9 @@ diff --git a/build/pgo/profileserver.py b/build/pgo/profileserver.py
 diff --git a/build/unix/mozconfig.unix b/build/unix/mozconfig.unix
 --- a/build/unix/mozconfig.unix
 +++ b/build/unix/mozconfig.unix
-@@ -1,16 +1,25 @@
+@@ -1,14 +1,23 @@
 . "$topsrcdir/build/mozconfig.common"
 
- TOOLTOOL_DIR=${TOOLTOOL_DIR:-$topsrcdir}
- 
 if [ -n "$FORCE_GCC" ]; then
     CC="$MOZ_FETCHES_DIR/gcc/bin/gcc"
     CXX="$MOZ_FETCHES_DIR/gcc/bin/g++"
@ -126,8 +124,8 @@ diff --git a/build/unix/mozconfig.unix b/build/unix/mozconfig.unix
 +    if [ -n "$MOZ_PGO" ]; then
 +        if [ -z "$USE_ARTIFACT" ]; then
 +            ac_add_options --enable-lto
-+        fi
-+        export AR="$topsrcdir/gcc/bin/gcc-ar"
+	fi
+	export AR="$topsrcdir/gcc/bin/gcc-ar"
 +        export NM="$topsrcdir/gcc/bin/gcc-nm"
 +        export RANLIB="$topsrcdir/gcc/bin/gcc-ranlib"
 +    fi
@ -135,11 +133,11 @@ diff --git a/build/unix/mozconfig.unix b/build/unix/mozconfig.unix
     # We want to make sure we use binutils and other binaries in the tooltool
     # package.
     mk_add_options "export PATH=$MOZ_FETCHES_DIR/gcc/bin:$PATH"
-     ac_add_options --with-clang-path=$MOZ_FETCHES_DIR/clang/bin/clang
 else
-     CC="$MOZ_FETCHES_DIR/clang/bin/clang"
-     CXX="$MOZ_FETCHES_DIR/clang/bin/clang++"
- 
+     # For some builds we don't want to have Clang based static-analysis activated
+     if [ -z "$DISABLE_CLANG_PLUGIN" ]; then
+         export ENABLE_CLANG_PLUGIN=1
+     fi
 diff --git a/extensions/spellcheck/src/moz.build b/extensions/spellcheck/src/moz.build
 --- a/extensions/spellcheck/src/moz.build
 +++ b/extensions/spellcheck/src/moz.build
--- a/8
+++ b/8
@ -1,11 +1,11 @@
 PRODUCT="firefox"
 CHANNEL="release"
-VERSION="85.0.2"
+VERSION="86.0"
 VERSION_SUFFIX=""
-PREV_VERSION="85.0.1"
+PREV_VERSION="85.0.2"
 PREV_VERSION_SUFFIX=""
 #SKIP_LOCALES="" # Uncomment to skip l10n and compare-locales-generation

 RELEASE_REPO="https://hg.mozilla.org/releases/mozilla-release"
-RELEASE_TAG="f48eab99cc33d79d1ad62211c1f8d9d9c1cb6727"
-RELEASE_TIMESTAMP="20210208133944"
+RELEASE_TAG="6bda263953c01750e53c6fbac982ae048e2d68f0"
+RELEASE_TIMESTAMP="20210217195321"