Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package MozillaFirefox for openSUSE:Factory checked in at 2021-03-02 12:27:21 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/MozillaFirefox (Old) and /work/SRC/openSUSE:Factory/.MozillaFirefox.new.2378 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "MozillaFirefox" Tue Mar 2 12:27:21 2021 rev:330 rq:874847 version:86.0 Changes: -------- --- /work/SRC/openSUSE:Factory/MozillaFirefox/MozillaFirefox.changes 2021-02-22 14:58:15.397780500 +0100 +++ /work/SRC/openSUSE:Factory/.MozillaFirefox.new.2378/MozillaFirefox.changes 2021-03-02 12:30:36.363588331 +0100 @@ -1,0 +2,53 @@ +Sun Feb 21 18:14:12 UTC 2021 - Wolfgang Rosenauer <w...@rosenauer.org> + +- Mozilla Firefox 86.0 + * requires NSS >= 3.61 + * requires rust-cbindgen >= 0.16.0 + * Firefox now supports simultaneously watching multiple videos in + Picture-in-Picture. + * Total Cookie Protection to Strict Mode + * https://www.mozilla.org/en-US/firefox/86.0/releasenotes + MSFA 2021-07 (bsc#1182614) + * CVE-2021-23969 (bmo#1542194) + Content Security Policy violation report could have contained + the destination of a redirect + * CVE-2021-23970 (bmo#1681724) + Multithreaded WASM triggered assertions validating separation + of script domains + * CVE-2021-23968 (bmo#1687342) + Content Security Policy violation report could have contained + the destination of a redirect + * CVE-2021-23974 (bmo#1528997, bmo#1683627) + noscript elements could have led to an HTML Sanitizer bypass + * CVE-2021-23971 (bmo#1678545) + A website's Referrer-Policy could have been be overridden, + potentially resulting in the full URL being sent as a Referrer + * CVE-2021-23976 (bmo#1684627) + Local spoofing of web manifests for arbitrary pages in + Firefox for Android + * CVE-2021-23977 (bmo#1684761) + Malicious application could read sensitive data from Firefox + for Android's application directories + * CVE-2021-23972 (bmo#1683536) + HTTP Auth phishing warning was omitted when a redirect is + cached + * CVE-2021-23975 (bmo#1685145) + about:memory Measure function caused an incorrect pointer + operation + * CVE-2021-23973 (bmo#1690976) + MediaError message property could have leaked information + about cross-origin resources + * CVE-2021-23978 (bmo#1682928, bmo#1687391, bmo#1687597, bmo#786797) + Memory safety bugs fixed in Firefox 86 and Firefox ESR 78.8 + * CVE-2021-23979 (bmo#1663222, bmo#1666607, bmo#1672120, bmo#1678463, + bmo#1678927, bmo#1679560, bmo#1681297, bmo#1681684, bmo#1683490, + bmo#1684377, bmo#1684902) + Memory safety bugs fixed in Firefox 86 +- updated create-tar.sh (bsc#1182357) +- removed obsolete mozilla-bmo1554971.patch +- remove buildsymbols subpackage + * we haven't done anything with it for years + * mozilla is collecting those from our debuginfo packages + * would require a local dump_syms tool + +------------------------------------------------------------------- Old: ---- firefox-85.0.2.source.tar.xz firefox-85.0.2.source.tar.xz.asc l10n-85.0.2.tar.xz mozilla-bmo1554971.patch New: ---- firefox-86.0.source.tar.xz firefox-86.0.source.tar.xz.asc l10n-86.0.tar.xz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ MozillaFirefox.spec ++++++ --- /var/tmp/diff_new_pack.XzLTSS/_old 2021-03-02 12:30:52.799599737 +0100 +++ /var/tmp/diff_new_pack.XzLTSS/_new 2021-03-02 12:30:52.803599740 +0100 @@ -29,9 +29,9 @@ # orig_suffix b3 # major 69 # mainver %major.99 -%define major 85 -%define mainver %major.0.2 -%define orig_version 85.0.2 +%define major 86 +%define mainver %major.0 +%define orig_version 86.0 %define orig_suffix %{nil} %define update_channel release %define branding 1 @@ -101,7 +101,7 @@ BuildRequires: libproxy-devel BuildRequires: makeinfo BuildRequires: mozilla-nspr-devel >= 4.29 -BuildRequires: mozilla-nss-devel >= 3.60.1 +BuildRequires: mozilla-nss-devel >= 3.61 BuildRequires: nasm >= 2.14 BuildRequires: nodejs10 >= 10.22.1 %if 0%{?sle_version} >= 120000 && 0%{?sle_version} < 150000 @@ -112,7 +112,7 @@ BuildRequires: python3-devel %endif BuildRequires: rust >= 1.47 -BuildRequires: rust-cbindgen >= 0.15.0 +BuildRequires: rust-cbindgen >= 0.16.0 BuildRequires: unzip BuildRequires: update-desktop-files BuildRequires: xorg-x11-libXt-devel @@ -175,7 +175,7 @@ Source11: firefox.1 Source12: mozilla-get-app-id Source13: spellcheck.js -Source14: https://github.com/openSUSE/firefox-scripts/raw/5e54f4a/create-tar.sh +Source14: https://github.com/openSUSE/firefox-scripts/raw/4503820/create-tar.sh Source15: firefox-appdata.xml Source16: %{name}.changes Source17: firefox-search-provider.ini @@ -202,7 +202,6 @@ Patch15: mozilla-bmo1504834-part1.patch Patch16: mozilla-bmo1504834-part2.patch Patch17: mozilla-bmo1504834-part3.patch -Patch18: mozilla-bmo1554971.patch Patch19: mozilla-bmo1512162.patch Patch20: mozilla-fix-top-level-asm.patch Patch21: mozilla-bmo1504834-part4.patch @@ -218,7 +217,7 @@ %endif BuildRoot: %{_tmppath}/%{name}-%{version}-build Requires(post): coreutils shared-mime-info desktop-file-utils -Requires(postun): shared-mime-info desktop-file-utils +Requires(postun):shared-mime-info desktop-file-utils Requires: %{name}-branding >= 68 %requires_ge mozilla-nspr %requires_ge mozilla-nss @@ -299,16 +298,6 @@ %description branding-upstream This package provides upstream look and feel for %{appname}. -%if %crashreporter -%package buildsymbols -Summary: Breakpad buildsymbols for %{appname} -Group: Development/Debug - -%description buildsymbols -This subpackage contains the Breakpad created and compatible debugging -symbols meant for upload to Mozilla's crash collector database. -%endif - %if !%{with only_print_mozconfig} %prep %if %localize @@ -341,7 +330,6 @@ %patch15 -p1 %patch16 -p1 %patch17 -p1 -%patch18 -p1 %patch19 -p1 %patch20 -p1 %patch21 -p1 @@ -706,18 +694,6 @@ # fdupes %fdupes %{buildroot}%{progdir} %fdupes %{buildroot}%{_datadir} -# create breakpad debugsymbols -%if %crashreporter -SYMBOLS_NAME="firefox-%{version}-` echo '%{release}' | sed 's@\.[^\.]\+$@@' `.%{_arch}-%{suse_version}-symbols" -make buildsymbols \ - SYMBOL_INDEX_NAME="$SYMBOLS_NAME.txt" \ - SYMBOL_FULL_ARCHIVE_BASENAME="$SYMBOLS_NAME-full" \ - SYMBOL_ARCHIVE_BASENAME="$SYMBOLS_NAME" -if [ -e dist/*symbols.zip ]; then - mkdir -p %{buildroot}%{_datadir}/mozilla/ - cp dist/*symbols.zip %{buildroot}%{_datadir}/mozilla/ -fi -%endif %clean rm -rf %{buildroot} @@ -812,10 +788,4 @@ %defattr(-,root,root) %dir %{progdir} -%if %crashreporter -%files buildsymbols -%defattr(-,root,root) -%{_datadir}/mozilla/*.zip -%endif - %changelog ++++++ create-tar.sh ++++++ --- /var/tmp/diff_new_pack.XzLTSS/_old 2021-03-02 12:30:52.979599862 +0100 +++ /var/tmp/diff_new_pack.XzLTSS/_new 2021-03-02 12:30:52.983599865 +0100 @@ -239,9 +239,9 @@ fi if [ ! -d $PRODUCT-$VERSION ]; then echo "cloning new $BRANCH..." - hg clone http://hg.mozilla.org/$BRANCH $PRODUCT-$VERSION + hg clone https://hg.mozilla.org/$BRANCH $PRODUCT-$VERSION if [ "$PRODUCT" = "thunderbird" ]; then - hg clone http://hg.mozilla.org/releases/comm-$CHANNEL $PRODUCT-$VERSION/comm + hg clone https://hg.mozilla.org/releases/comm-$CHANNEL $PRODUCT-$VERSION/comm fi fi pushd $PRODUCT-$VERSION || exit 1 @@ -258,7 +258,7 @@ [ "$FF_RELEASE_TAG" == "default" ] || hg update -r $FF_RELEASE_TAG # get repo and source stamp REV=$(hg -R . parent --template="{node|short}\n") - SOURCE_REPO=$(hg showconfig paths.default 2>/dev/null | head -n1 | sed -e "s/^ssh:/http:/") + SOURCE_REPO=$(hg showconfig paths.default 2>/dev/null | head -n1 | sed -e "s/^ssh:/https:/") TIMESTAMP=$(date +%Y%m%d%H%M%S) if [ "$PRODUCT" = "thunderbird" ]; then @@ -308,7 +308,7 @@ hg pull popd || exit 1 else - hg clone "http://hg.mozilla.org/l10n-central/$locale"; "l10n/$locale" + hg clone "https://hg.mozilla.org/l10n-central/$locale"; "l10n/$locale" fi [ "$RELEASE_TAG" == "default" ] || hg -R "l10n/$locale" up -C -r "$changeset" ;; ++++++ firefox-85.0.2.source.tar.xz -> firefox-86.0.source.tar.xz ++++++ /work/SRC/openSUSE:Factory/MozillaFirefox/firefox-85.0.2.source.tar.xz /work/SRC/openSUSE:Factory/.MozillaFirefox.new.2378/firefox-86.0.source.tar.xz differ: char 15, line 1 ++++++ l10n-85.0.2.tar.xz -> l10n-86.0.tar.xz ++++++ /work/SRC/openSUSE:Factory/MozillaFirefox/l10n-85.0.2.tar.xz /work/SRC/openSUSE:Factory/.MozillaFirefox.new.2378/l10n-86.0.tar.xz differ: char 26, line 1 ++++++ mozilla-pgo.patch ++++++ --- /var/tmp/diff_new_pack.XzLTSS/_old 2021-03-02 12:30:53.275600068 +0100 +++ /var/tmp/diff_new_pack.XzLTSS/_new 2021-03-02 12:30:53.275600068 +0100 @@ -1,6 +1,6 @@ # HG changeset patch # User Wolfgang Rosenauer <w...@rosenauer.org> -# Parent 41df71ef2798d6bd6a67cfc4c4f26b8d41b8ccca +# Parent 07b5ae8ccc4806fcc5ad74e32a2d3fb2b9d605d0 diff --git a/build/moz.configure/lto-pgo.configure b/build/moz.configure/lto-pgo.configure --- a/build/moz.configure/lto-pgo.configure @@ -114,11 +114,9 @@ diff --git a/build/unix/mozconfig.unix b/build/unix/mozconfig.unix --- a/build/unix/mozconfig.unix +++ b/build/unix/mozconfig.unix -@@ -1,16 +1,25 @@ +@@ -1,14 +1,23 @@ . "$topsrcdir/build/mozconfig.common" - TOOLTOOL_DIR=${TOOLTOOL_DIR:-$topsrcdir} - if [ -n "$FORCE_GCC" ]; then CC="$MOZ_FETCHES_DIR/gcc/bin/gcc" CXX="$MOZ_FETCHES_DIR/gcc/bin/g++" @@ -126,8 +124,8 @@ + if [ -n "$MOZ_PGO" ]; then + if [ -z "$USE_ARTIFACT" ]; then + ac_add_options --enable-lto -+ fi -+ export AR="$topsrcdir/gcc/bin/gcc-ar" ++ fi ++ export AR="$topsrcdir/gcc/bin/gcc-ar" + export NM="$topsrcdir/gcc/bin/gcc-nm" + export RANLIB="$topsrcdir/gcc/bin/gcc-ranlib" + fi @@ -135,11 +133,11 @@ # We want to make sure we use binutils and other binaries in the tooltool # package. mk_add_options "export PATH=$MOZ_FETCHES_DIR/gcc/bin:$PATH" - ac_add_options --with-clang-path=$MOZ_FETCHES_DIR/clang/bin/clang else - CC="$MOZ_FETCHES_DIR/clang/bin/clang" - CXX="$MOZ_FETCHES_DIR/clang/bin/clang++" - + # For some builds we don't want to have Clang based static-analysis activated + if [ -z "$DISABLE_CLANG_PLUGIN" ]; then + export ENABLE_CLANG_PLUGIN=1 + fi diff --git a/extensions/spellcheck/src/moz.build b/extensions/spellcheck/src/moz.build --- a/extensions/spellcheck/src/moz.build +++ b/extensions/spellcheck/src/moz.build ++++++ tar_stamps ++++++ --- /var/tmp/diff_new_pack.XzLTSS/_old 2021-03-02 12:30:53.379600140 +0100 +++ /var/tmp/diff_new_pack.XzLTSS/_new 2021-03-02 12:30:53.379600140 +0100 @@ -1,11 +1,11 @@ PRODUCT="firefox" CHANNEL="release" -VERSION="85.0.2" +VERSION="86.0" VERSION_SUFFIX="" -PREV_VERSION="85.0.1" +PREV_VERSION="85.0.2" PREV_VERSION_SUFFIX="" #SKIP_LOCALES="" # Uncomment to skip l10n and compare-locales-generation RELEASE_REPO="https://hg.mozilla.org/releases/mozilla-release"; -RELEASE_TAG="f48eab99cc33d79d1ad62211c1f8d9d9c1cb6727" -RELEASE_TIMESTAMP="20210208133944" +RELEASE_TAG="89345511871ef6489580b994be21189e84462393" +RELEASE_TIMESTAMP="20210222142601"
