Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package MozillaFirefox for openSUSE:Factory checked in at 2021-08-19 10:00:42 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/MozillaFirefox (Old) and /work/SRC/openSUSE:Factory/.MozillaFirefox.new.1899 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "MozillaFirefox" Thu Aug 19 10:00:42 2021 rev:342 rq:912837 version:91.0.1 Changes: -------- --- /work/SRC/openSUSE:Factory/MozillaFirefox/MozillaFirefox.changes 2021-07-29 21:31:09.340830788 +0200 +++ /work/SRC/openSUSE:Factory/.MozillaFirefox.new.1899/MozillaFirefox.changes 2021-08-19 10:01:36.483220962 +0200 @@ -1,0 +2,54 @@ +Wed Aug 18 06:34:01 UTC 2021 - Wolfgang Rosenauer <w...@rosenauer.org> + +- Mozilla Firefox 91.0.1 + * Fixed an issue causing buttons on the tab bar to be resized when + loading certain websites (bmo#1704404) + * Fixed an issue which caused tabs from private windows to be + visible in non-private windows when viewing switch-to-tab results + in the address bar panel (bmo#1720369) + * Various stability fixes + MFSA 2021-37 (bsc#1189547) + * CVE-2021-29991 (bmo#1724896) + Header Splitting possible with HTTP/3 Responses + +------------------------------------------------------------------- +Mon Aug 9 14:55:22 UTC 2021 - Wolfgang Rosenauer <w...@rosenauer.org> + +- Mozilla Firefox 91.0 + MFSA 2021-33 (bsc#1188891) + * CVE-2021-29986 (bmo#1696138) + Race condition when resolving DNS names could have led to + memory corruption + * CVE-2021-29981 (bmo#1707774) + Live range splitting could have led to conflicting + assignments in the JIT + * CVE-2021-29988 (bmo#1717922) + Memory corruption as a result of incorrect style treatment + * CVE-2021-29983 (bmo#1719088) + Firefox for Android could get stuck in fullscreen mode + * CVE-2021-29984 (bmo#1720031) + Incorrect instruction reordering during JIT optimization + * CVE-2021-29980 (bmo#1722204) + Uninitialized memory in a canvas object could have led to + memory corruption + * CVE-2021-29987 (bmo#1716129) + Users could have been tricked into accepting unwanted + permissions on Linux + * CVE-2021-29985 (bmo#1722083) + Use-after-free media channels + * CVE-2021-29982 (bmo#1715318) + Single bit data leak due to incorrect JIT optimization and + type confusion + * CVE-2021-29989 (bmo#1662676, bmo#1666184, bmo#1719178, + bmo#1719998, bmo#1720568) + Memory safety bugs fixed in Firefox 91 and Firefox ESR 78.13 + * CVE-2021-29990 (bmo#1544190, bmo#1716481, bmo#1717778, + bmo#1719319, bmo#1722073) + Memory safety bugs fixed in Firefox 91 +- requires + * rustc/cargo >= 1.51 + * NSPR >= 4.32 + * NSS >= 3.68 +- force-disable webrender on BE platforms + +------------------------------------------------------------------- Old: ---- firefox-90.0.2.source.tar.xz firefox-90.0.2.source.tar.xz.asc l10n-90.0.2.tar.xz New: ---- firefox-91.0.1.source.tar.xz firefox-91.0.1.source.tar.xz.asc l10n-91.0.1.tar.xz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ MozillaFirefox.spec ++++++ --- /var/tmp/diff_new_pack.1AJX8K/_old 2021-08-19 10:01:47.355207747 +0200 +++ /var/tmp/diff_new_pack.1AJX8K/_new 2021-08-19 10:01:47.359207742 +0200 @@ -32,9 +32,9 @@ # orig_suffix b3 # major 69 # mainver %major.99 -%define major 90 -%define mainver %major.0.2 -%define orig_version 90.0.2 +%define major 91 +%define mainver %major.0.1 +%define orig_version 91.0.1 %define orig_suffix %{nil} %define update_channel release %define branding 1 @@ -54,6 +54,9 @@ # define if ccache should be used or not %define useccache 1 +# SLE-12 doesn't have this macro +%{!?_rpmmacrodir: %global _rpmmacrodir %{_rpmconfigdir}/macros.d} + # Firefox only supports i686 %ifarch %ix86 ExclusiveArch: i586 i686 @@ -100,7 +103,15 @@ %else BuildRequires: gcc-c++ %endif -BuildRequires: cargo >= 1.47 +%if 0%{?suse_version} < 1550 && 0%{?sle_version} < 150300 +BuildRequires: cargo >= 1.51 +BuildRequires: rust >= 1.51 +%else +# Newer sle/leap/tw use parallel versioned rust releases which have +# a different method for provides that we can use to request a +# specific version +BuildRequires: rust+cargo >= 1.51 +%endif %if 0%{useccache} != 0 BuildRequires: ccache %endif @@ -110,8 +121,8 @@ BuildRequires: libiw-devel BuildRequires: libproxy-devel BuildRequires: makeinfo -BuildRequires: mozilla-nspr-devel >= 4.31 -BuildRequires: mozilla-nss-devel >= 3.66 +BuildRequires: mozilla-nspr-devel >= 4.32 +BuildRequires: mozilla-nss-devel >= 3.68 BuildRequires: nasm >= 2.14 BuildRequires: nodejs >= 10.22.1 %if 0%{?sle_version} >= 120000 && 0%{?sle_version} < 150000 @@ -121,7 +132,6 @@ BuildRequires: python3 >= 3.5 BuildRequires: python3-devel %endif -BuildRequires: rust >= 1.47 BuildRequires: rust-cbindgen >= 0.19.0 BuildRequires: unzip BuildRequires: update-desktop-files @@ -367,6 +377,12 @@ export PYTHON3=/usr/bin/python36 %endif +# Webrender does not support big endian yet, so we are forcing it off +# see: https://bugzilla.mozilla.org/show_bug.cgi?id=1716707 +%ifarch s390x ppc64 +echo 'pref("gfx.webrender.force-disabled", true);' >> %{SOURCE9} +%endif + # kdehelperversion=$(cat toolkit/xre/nsKDEUtils.cpp | grep '#define KMOZILLAHELPER_VERSION' | cut -d ' ' -f 3) if test "$kdehelperversion" != %{kde_helper_version}; then @@ -652,11 +668,8 @@ # mkdir -p %{buildroot}%{_datadir}/mozilla/extensions/%{firefox_appid} mkdir -p %{buildroot}%{_libdir}/mozilla/extensions/%{firefox_appid} -%if %branding # Install symbolic icon for GNOME -mkdir -p %{buildroot}%{gnome_dir}/share/icons/hicolor/symbolic/apps/ -cp %{_builddir}/%{srcname}-%{orig_version}/browser/branding/official/content/identity-icons-brand.svg \ - %{buildroot}%{gnome_dir}/share/icons/hicolor/symbolic/apps/%{progname}-symbolic.svg +%if %branding for size in 16 22 24 32 48 64 128 256; do %else for size in 16 32 48; do ++++++ firefox-90.0.2.source.tar.xz -> firefox-91.0.1.source.tar.xz ++++++ /work/SRC/openSUSE:Factory/MozillaFirefox/firefox-90.0.2.source.tar.xz /work/SRC/openSUSE:Factory/.MozillaFirefox.new.1899/firefox-91.0.1.source.tar.xz differ: char 15, line 1 ++++++ l10n-90.0.2.tar.xz -> l10n-91.0.1.tar.xz ++++++ /work/SRC/openSUSE:Factory/MozillaFirefox/l10n-90.0.2.tar.xz /work/SRC/openSUSE:Factory/.MozillaFirefox.new.1899/l10n-91.0.1.tar.xz differ: char 26, line 1 ++++++ mozilla-reduce-rust-debuginfo.patch ++++++ --- /var/tmp/diff_new_pack.1AJX8K/_old 2021-08-19 10:01:47.667207368 +0200 +++ /var/tmp/diff_new_pack.1AJX8K/_new 2021-08-19 10:01:47.671207363 +0200 @@ -1,54 +1,28 @@ -# HG changeset patch -# User msirringh...@suse.de -# Date 1560754926 -7200 -# Mon Jun 17 09:02:06 2019 +0200 -# Node ID 428161c3b9599083e1b8710eda1760f1f707ab11 -# Parent d55730171edb1935dec80234eba336787ff0e4e8 -#Description: reduce the rust debuginfo level on selected architectures where -# compiling with debuginfo=2 causes the OOM killer to interrupt the build on -# launchpad builders. Initially this was only on 32 bit architectures, but with -# firefox 63 it started happening frequently on arm64 and ppc64el too. - diff --git a/build/moz.configure/rust.configure b/build/moz.configure/rust.configure --- a/build/moz.configure/rust.configure +++ b/build/moz.configure/rust.configure -@@ -603,18 +603,19 @@ set_config("CARGO_PROFILE_DEV_OPT_LEVEL" - - - @depends( - rustc_opt_level, - debug_rust, - target, - "--enable-debug-symbols", +@@ -610,6 +610,7 @@ set_config("CARGO_PROFILE_DEV_OPT_LEVEL" "--enable-frame-pointers", -+ host, + path_remapping, + path_remappings, ++ host ) --def rust_compile_flags(opt_level, debug_rust, target, debug_symbols, frame_pointers): -+def rust_compile_flags(opt_level, debug_rust, target, debug_symbols, frame_pointers, host): + def rust_compile_flags( + opt_level, +@@ -619,6 +620,7 @@ def rust_compile_flags( + frame_pointers, + path_remapping, + path_remappings, ++ host + ): # Cargo currently supports only two interesting profiles for building: # development and release. Those map (roughly) to --enable-debug and - # --disable-debug in Gecko, respectively. - # - # But we'd also like to support an additional axis of control for - # optimization level. Since Cargo only supports 2 profiles, we're in - # a bit of a bind. - # -@@ -627,16 +628,18 @@ def rust_compile_flags(opt_level, debug_ - - # opt-level=0 implies -C debug-assertions, which may not be desired - # unless Rust debugging is enabled. - if opt_level == "0" and not debug_rust: - debug_assertions = False +@@ -642,6 +644,8 @@ def rust_compile_flags( if debug_symbols: debug_info = "2" -+ if host.bitness == 32 or host.cpu == 'aarch64' or host.cpu == 'ppc64': ++ if host.bitness == 32 or host.cpu == 'aarch64' or host.cpu == 'ppc64' or host.cpu == 's390x': + debug_info = '1' opts = [] - if debug_assertions is not None: - opts.append("debug-assertions=%s" % ("yes" if debug_assertions else "no")) - if debug_info is not None: - opts.append("debuginfo=%s" % debug_info) - if frame_pointers: ++++++ tar_stamps ++++++ --- /var/tmp/diff_new_pack.1AJX8K/_old 2021-08-19 10:01:47.743207275 +0200 +++ /var/tmp/diff_new_pack.1AJX8K/_new 2021-08-19 10:01:47.743207275 +0200 @@ -1,11 +1,10 @@ PRODUCT="firefox" CHANNEL="release" -VERSION="90.0.2" +VERSION="91.0.1" VERSION_SUFFIX="" -PREV_VERSION="90.0.1" +PREV_VERSION="91.0" PREV_VERSION_SUFFIX="" #SKIP_LOCALES="" # Uncomment to skip l10n and compare-locales-generation - RELEASE_REPO="https://hg.mozilla.org/releases/mozilla-release" -RELEASE_TAG="cda19fb46018c9cb8dc5e6127ebb2cfd04aa9be4" -RELEASE_TIMESTAMP="20210721174149" +RELEASE_TAG="7dafd5f51c0afd1ae627bb4762ac0c140a6cd5f5" +RELEASE_TIMESTAMP="20210816143654"