Hello community, here is the log from the commit of package MozillaFirefox for openSUSE:Factory checked in at 2020-05-07 17:51:04 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/MozillaFirefox (Old) and /work/SRC/openSUSE:Factory/.MozillaFirefox.new.2738 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "MozillaFirefox" Thu May 7 17:51:04 2020 rev:311 rq:800451 version:76.0 Changes: -------- --- /work/SRC/openSUSE:Factory/MozillaFirefox/MozillaFirefox.changes 2020-04-13 12:49:23.200540101 +0200 +++ /work/SRC/openSUSE:Factory/.MozillaFirefox.new.2738/MozillaFirefox.changes 2020-05-07 17:51:10.281354991 +0200 @@ -1,0 +2,39 @@ +Fri May 1 11:59:58 UTC 2020 - Wolfgang Rosenauer <w...@rosenauer.org> + +- Mozilla Firefox 76.0 + * Lockwise improvements + * Improvements in Picture-in-Picture feature + * Support Audio Worklets + MFSA-2020-16 (bsc#1171186) + * CVE-2020-12387 (bmo#1545345) + Use-after-free during worker shutdown + * CVE-2020-12388 (bmo#1618911) + Sandbox escape with improperly guarded Access Tokens + * CVE-2020-12389 (bmo#1554110) + Sandbox escape with improperly separated process types + * CVE-2020-6831 (bmo#1632241) + Buffer overflow in SCTP chunk input validation + * CVE-2020-12390 (bmo#1141959) + Incorrect serialization of nsIPrincipal.origin for IPv6 addresses + * CVE-2020-12391 (bmo#1457100) + Content-Security-Policy bypass using object elements + * CVE-2020-12392 (bmo#1614468) + Arbitrary local file access with 'Copy as cURL' + * CVE-2020-12393 (bmo#1615471) + Devtools' 'Copy as cURL' feature did not fully escape + website-controlled data, potentially leading to command injection + * CVE-2020-12394 (bmo#1628288) + URL spoofing in location bar when unfocussed + * CVE-2020-12395 (bmo#1595886, bmo#1611482, bmo#1614704, bmo#1624098, + bmo#1625749, bmo#1626382, bmo#1628076, bmo#1631508) + Memory safety bugs fixed in Firefox 76 and Firefox ESR 68.8 + * CVE-2020-12396 (bmo#1339601, bmo#1611938, bmo#1620488, + bmo#1622291, bmo#1627644) + Memory safety bugs fixed in Firefox 76 +- requires + * NSS >= 3.51.1 + * nasm >= 2.14 +- removed obsolete patch mozilla-bmo1622013.patch +- fix URI creation for KDE file selector integration (boo#1160331) + +------------------------------------------------------------------- Old: ---- firefox-75.0.source.tar.xz firefox-75.0.source.tar.xz.asc l10n-75.0.tar.xz mozilla-bmo1622013.patch New: ---- firefox-76.0.source.tar.xz firefox-76.0.source.tar.xz.asc l10n-76.0.tar.xz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ MozillaFirefox.spec ++++++ --- /var/tmp/diff_new_pack.gbsyCN/_old 2020-05-07 17:51:39.133416177 +0200 +++ /var/tmp/diff_new_pack.gbsyCN/_new 2020-05-07 17:51:39.137416185 +0200 @@ -18,9 +18,9 @@ # changed with every update -%define major 75 +%define major 76 %define mainver %major.0 -%define orig_version 75.0 +%define orig_version 76.0 %define orig_suffix %{nil} %define update_channel release %define branding 1 @@ -84,8 +84,8 @@ BuildRequires: libproxy-devel BuildRequires: makeinfo BuildRequires: mozilla-nspr-devel >= 4.25 -BuildRequires: mozilla-nss-devel >= 3.51 -BuildRequires: nasm >= 2.13 +BuildRequires: mozilla-nss-devel >= 3.51.1 +BuildRequires: nasm >= 2.14 BuildRequires: nodejs10 >= 10.19.0 BuildRequires: python-devel BuildRequires: python2-xml @@ -186,7 +186,6 @@ Patch20: mozilla-fix-top-level-asm.patch Patch21: mozilla-bmo1504834-part4.patch Patch22: mozilla-bmo849632.patch -Patch23: mozilla-bmo1622013.patch # Firefox/browser Patch101: firefox-kde.patch Patch102: firefox-branded-icons.patch @@ -322,7 +321,6 @@ %patch20 -p1 %patch21 -p1 %patch22 -p1 -%patch23 -p1 # Firefox %patch101 -p1 %patch102 -p1 @@ -662,7 +660,6 @@ %{progdir}/browser/defaults %{progdir}/browser/features/ %{progdir}/browser/chrome/icons -%{progdir}/browser/blocklist.xml %{progdir}/browser/omni.ja %dir %{progdir}/distribution/ %{progdir}/distribution/extensions/ ++++++ firefox-75.0.source.tar.xz -> firefox-76.0.source.tar.xz ++++++ /work/SRC/openSUSE:Factory/MozillaFirefox/firefox-75.0.source.tar.xz /work/SRC/openSUSE:Factory/.MozillaFirefox.new.2738/firefox-76.0.source.tar.xz differ: char 15, line 1 ++++++ l10n-75.0.tar.xz -> l10n-76.0.tar.xz ++++++ /work/SRC/openSUSE:Factory/MozillaFirefox/l10n-75.0.tar.xz /work/SRC/openSUSE:Factory/.MozillaFirefox.new.2738/l10n-76.0.tar.xz differ: char 26, line 1 ++++++ mozilla-bmo1463035.patch ++++++ --- /var/tmp/diff_new_pack.gbsyCN/_old 2020-05-07 17:51:39.365416669 +0200 +++ /var/tmp/diff_new_pack.gbsyCN/_new 2020-05-07 17:51:39.365416669 +0200 @@ -3,7 +3,7 @@ # User Mike Hommey <mh+mozi...@glandium.org> # Date 1526871862 -32400 # Node ID 94f21505ff13cd089f7129cd24927cf8b31a0f43 -# Parent 71b9d492b739602dbfe713fd4de3205e9d485f18 +# Parent 0b7e1398ca2e15e27da93144ba9fb30db38367b1 Bug 1463035 - Remove MOZ_SIGNAL_TRAMPOLINE. r?darchons For some reason, GNU as is not happy with the assembly generated after @@ -12,30 +12,6 @@ OTOH, as mentioned in bug 1238661 comment 4, we actually don't need this workaround anymore, so let's just kill it. -diff --git a/mfbt/moz.build b/mfbt/moz.build ---- a/mfbt/moz.build -+++ b/mfbt/moz.build -@@ -131,20 +131,16 @@ EXPORTS["double-conversion"] = [ - LOCAL_INCLUDES += [ - '/mfbt/double-conversion', - ] - - if CONFIG['OS_ARCH'] == 'WINNT': - EXPORTS.mozilla += [ - 'WindowsVersion.h', - ] --elif CONFIG['OS_ARCH'] == 'Linux': -- EXPORTS.mozilla += [ -- 'LinuxSignal.h', -- ] - - UNIFIED_SOURCES += [ - 'Assertions.cpp', - 'ChaosMode.cpp', - 'double-conversion/double-conversion/bignum-dtoa.cc', - 'double-conversion/double-conversion/bignum.cc', - 'double-conversion/double-conversion/cached-powers.cc', - 'double-conversion/double-conversion/double-to-string.cc', diff --git a/mozglue/baseprofiler/core/platform-linux-android.cpp b/mozglue/baseprofiler/core/platform-linux-android.cpp --- a/mozglue/baseprofiler/core/platform-linux-android.cpp +++ b/mozglue/baseprofiler/core/platform-linux-android.cpp @@ -79,25 +55,7 @@ diff --git a/tools/profiler/core/platform-linux-android.cpp b/tools/profiler/core/platform-linux-android.cpp --- a/tools/profiler/core/platform-linux-android.cpp +++ b/tools/profiler/core/platform-linux-android.cpp -@@ -55,17 +55,16 @@ - #ifdef __GLIBC__ - # include <execinfo.h> // backtrace, backtrace_symbols - #endif // def __GLIBC__ - #include <strings.h> // index - #include <errno.h> - #include <stdarg.h> - - #include "prenv.h" --#include "mozilla/LinuxSignal.h" - #include "mozilla/PodOperations.h" - #include "mozilla/DebugOnly.h" - - #include <string.h> - #include <list> - - using namespace mozilla; - -@@ -257,17 +256,17 @@ Sampler::Sampler(PSLockRef aLock) +@@ -258,17 +258,17 @@ Sampler::Sampler(PSLockRef aLock) // NOTE: We don't initialize LUL here, instead initializing it in // SamplerThread's constructor. This is because with the ++++++ mozilla-kde.patch ++++++ --- /var/tmp/diff_new_pack.gbsyCN/_old 2020-05-07 17:51:39.409416763 +0200 +++ /var/tmp/diff_new_pack.gbsyCN/_new 2020-05-07 17:51:39.413416770 +0200 @@ -3,7 +3,7 @@ # Date 1559294891 -7200 # Fri May 31 11:28:11 2019 +0200 # Node ID c2aa7198fb925e7fde96abf65b6f68b9b755f112 -# Parent fbac8545cf6f461803505c2d1f57531798dee96a +# Parent 04c2cbd396b26a8e08980304a436e5e12fb6a205 Description: Add KDE integration to Firefox (toolkit parts) Author: Wolfgang Rosenauer <wolfg...@rosenauer.org> Author: Lubos Lunak <lu...@suse.com> @@ -31,7 +31,7 @@ #ifdef MOZ_MEMORY # include "mozmemory.h" #endif -@@ -4535,25 +4536,37 @@ nsresult Preferences::InitInitialObjects +@@ -4539,25 +4540,37 @@ nsresult Preferences::InitInitialObjects // application pref files for backwards compatibility. static const char* specialFiles[] = { #if defined(XP_MACOSX) @@ -69,7 +69,7 @@ // Load jar:$app/omni.jar!/defaults/preferences/*.js // or jar:$gre/omni.jar!/defaults/preferences/*.js. -@@ -4599,17 +4612,17 @@ nsresult Preferences::InitInitialObjects +@@ -4603,17 +4616,17 @@ nsresult Preferences::InitInitialObjects } nsCOMPtr<nsIFile> path = do_QueryInterface(elem); @@ -87,7 +87,7 @@ SetupTelemetryPref(); } - NS_CreateServicesFromCategory(NS_PREFSERVICE_APPDEFAULTS_TOPIC_ID, nullptr, + if (aIsStartup) { diff --git a/modules/libpref/moz.build b/modules/libpref/moz.build --- a/modules/libpref/moz.build +++ b/modules/libpref/moz.build @@ -175,7 +175,7 @@ diff --git a/toolkit/mozapps/downloads/HelperAppDlg.jsm b/toolkit/mozapps/downloads/HelperAppDlg.jsm --- a/toolkit/mozapps/downloads/HelperAppDlg.jsm +++ b/toolkit/mozapps/downloads/HelperAppDlg.jsm -@@ -1209,36 +1209,66 @@ nsUnknownContentTypeDialog.prototype = { +@@ -1205,36 +1205,66 @@ nsUnknownContentTypeDialog.prototype = { params.handlerApp && params.handlerApp.executable && params.handlerApp.executable.isFile() @@ -1104,7 +1104,7 @@ diff --git a/uriloader/exthandler/unix/nsMIMEInfoUnix.cpp b/uriloader/exthandler/unix/nsMIMEInfoUnix.cpp --- a/uriloader/exthandler/unix/nsMIMEInfoUnix.cpp +++ b/uriloader/exthandler/unix/nsMIMEInfoUnix.cpp -@@ -1,47 +1,50 @@ +@@ -1,46 +1,49 @@ /* -*- Mode: C++; tab-width: 3; indent-tabs-mode: nil; c-basic-offset: 2 -*- * * This Source Code Form is subject to the terms of the Mozilla Public @@ -1117,7 +1117,6 @@ #include "nsIGIOService.h" #include "nsNetCID.h" #include "nsIIOService.h" - #include "nsAutoPtr.h" #ifdef MOZ_ENABLE_DBUS # include "nsDBusHandlerApp.h" #endif @@ -1160,7 +1159,7 @@ if (*_retval) return NS_OK; return NS_OK; -@@ -51,16 +54,33 @@ nsresult nsMIMEInfoUnix::LaunchDefaultWi +@@ -50,16 +53,33 @@ nsresult nsMIMEInfoUnix::LaunchDefaultWi // if mDefaultApplication is set, it means the application has been set from // either /etc/mailcap or ${HOME}/.mailcap, in which case we don't want to // give the GNOME answer. @@ -1216,7 +1215,7 @@ #include "nsIFileStreams.h" #include "nsILineInputStream.h" #include "nsIFile.h" -@@ -1024,17 +1024,17 @@ nsresult nsOSHelperAppService::GetHandle +@@ -1023,17 +1023,17 @@ nsresult nsOSHelperAppService::GetHandle nsresult nsOSHelperAppService::OSProtocolHandlerExists( const char* aProtocolScheme, bool* aHandlerExists) { @@ -1235,7 +1234,7 @@ nsCOMPtr<nsIHandlerService> handlerSvc = do_GetService(NS_HANDLERSERVICE_CONTRACTID, &rv); if (NS_SUCCEEDED(rv) && handlerSvc) { -@@ -1044,17 +1044,17 @@ nsresult nsOSHelperAppService::OSProtoco +@@ -1043,17 +1043,17 @@ nsresult nsOSHelperAppService::OSProtoco } return rv; @@ -1254,7 +1253,7 @@ NS_IMETHODIMP nsOSHelperAppService::IsCurrentAppOSDefaultForProtocol( const nsACString& aScheme, bool* _retval) { -@@ -1141,17 +1141,17 @@ already_AddRefed<nsMIMEInfoBase> nsOSHel +@@ -1140,17 +1140,17 @@ already_AddRefed<nsMIMEInfoBase> nsOSHel nsresult rv = LookUpTypeAndDescription(NS_ConvertUTF8toUTF16(aFileExt), majorType, minorType, mime_types_description, true); @@ -1273,7 +1272,7 @@ rv = LookUpTypeAndDescription(NS_ConvertUTF8toUTF16(aFileExt), majorType, minorType, mime_types_description, false); -@@ -1253,17 +1253,17 @@ already_AddRefed<nsMIMEInfoBase> nsOSHel +@@ -1252,17 +1252,17 @@ already_AddRefed<nsMIMEInfoBase> nsOSHel // Now look up our extensions nsAutoString extensions, mime_types_description; @@ -1333,7 +1332,7 @@ #include "nsGtkUtils.h" #include "nsIFileURL.h" #include "nsIGIOService.h" -@@ -20,16 +21,17 @@ +@@ -20,16 +21,18 @@ #include "nsArrayEnumerator.h" #include "nsMemory.h" #include "nsEnumeratorUtils.h" @@ -1343,6 +1342,7 @@ #include "nsFilePicker.h" +#include "nsKDEUtils.h" ++#include "nsURLHelper.h" using namespace mozilla; @@ -1351,7 +1351,7 @@ #define MAX_PREVIEW_SOURCE_SIZE 4096 nsIFile* nsFilePicker::mPrevDisplayDirectory = nullptr; -@@ -227,17 +229,19 @@ nsFilePicker::AppendFilters(int32_t aFil +@@ -227,17 +230,19 @@ nsFilePicker::AppendFilters(int32_t aFil mAllowURLs = !!(aFilterMask & filterAllowURLs); return nsBaseFilePicker::AppendFilters(aFilterMask); } @@ -1372,7 +1372,7 @@ mFilters.AppendElement(filter); mFilterNames.AppendElement(name); -@@ -337,16 +341,39 @@ nsresult nsFilePicker::Show(int16_t* aRe +@@ -337,16 +342,39 @@ nsresult nsFilePicker::Show(int16_t* aRe return NS_OK; } @@ -1412,7 +1412,7 @@ GtkFileChooserAction action = GetGtkFileChooserAction(mMode); const gchar* accept_button; -@@ -571,16 +598,240 @@ void nsFilePicker::Done(void* file_choos +@@ -571,16 +599,244 @@ void nsFilePicker::Done(void* file_choos mCallback->Done(result); mCallback = nullptr; } else { @@ -1578,8 +1578,12 @@ + mFileURL = output[ 0 ]; + else // GetFile() actually requires it to be url even for local files :-/ + { -+ mFileURL = nsCString( "file://" ); -+ mFileURL.Append( output[ 0 ] ); ++ nsCOMPtr<nsIFile> localfile; ++ nsresult rv = NS_NewNativeLocalFile( output[ 0 ], ++ PR_FALSE, ++ getter_AddRefs(localfile)); ++ if (NS_SUCCEEDED(rv)) ++ rv = net_GetURLSpecFromActualFile(localfile, mFileURL); + } + } + // Remember last used directory. ++++++ tar_stamps ++++++ --- /var/tmp/diff_new_pack.gbsyCN/_old 2020-05-07 17:51:39.481416915 +0200 +++ /var/tmp/diff_new_pack.gbsyCN/_new 2020-05-07 17:51:39.481416915 +0200 @@ -1,11 +1,11 @@ PRODUCT="firefox" CHANNEL="release" -VERSION="75.0" +VERSION="76.0" VERSION_SUFFIX="" -PREV_VERSION="75.0" +PREV_VERSION="76.0" PREV_VERSION_SUFFIX="" #SKIP_LOCALES="" # Uncomment to skip l10n and compare-locales-generation RELEASE_REPO="https://hg.mozilla.org/releases/mozilla-release" -RELEASE_TAG="6200ca9b300670ec069cdbf6e4f05e6a0bca46f1" -RELEASE_TIMESTAMP="20200403170909" +RELEASE_TAG="cf326ad0bb298ee24b1abd9b1cb6513af4fa04ba" +RELEASE_TIMESTAMP="20200429185419"