Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package MozillaFirefox for openSUSE:Factory
checked in at 2021-08-19 10:00:42
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/MozillaFirefox (Old)
and /work/SRC/openSUSE:Factory/.MozillaFirefox.new.1899 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "MozillaFirefox"
Thu Aug 19 10:00:42 2021 rev:342 rq:912837 version:91.0.1
Changes:
--------
--- /work/SRC/openSUSE:Factory/MozillaFirefox/MozillaFirefox.changes
2021-07-29 21:31:09.340830788 +0200
+++ /work/SRC/openSUSE:Factory/.MozillaFirefox.new.1899/MozillaFirefox.changes
2021-08-19 10:01:36.483220962 +0200
@@ -1,0 +2,54 @@
+Wed Aug 18 06:34:01 UTC 2021 - Wolfgang Rosenauer <w...@rosenauer.org>
+
+- Mozilla Firefox 91.0.1
+ * Fixed an issue causing buttons on the tab bar to be resized when
+ loading certain websites (bmo#1704404)
+ * Fixed an issue which caused tabs from private windows to be
+ visible in non-private windows when viewing switch-to-tab results
+ in the address bar panel (bmo#1720369)
+ * Various stability fixes
+ MFSA 2021-37 (bsc#1189547)
+ * CVE-2021-29991 (bmo#1724896)
+ Header Splitting possible with HTTP/3 Responses
+
+-------------------------------------------------------------------
+Mon Aug 9 14:55:22 UTC 2021 - Wolfgang Rosenauer <w...@rosenauer.org>
+
+- Mozilla Firefox 91.0
+ MFSA 2021-33 (bsc#1188891)
+ * CVE-2021-29986 (bmo#1696138)
+ Race condition when resolving DNS names could have led to
+ memory corruption
+ * CVE-2021-29981 (bmo#1707774)
+ Live range splitting could have led to conflicting
+ assignments in the JIT
+ * CVE-2021-29988 (bmo#1717922)
+ Memory corruption as a result of incorrect style treatment
+ * CVE-2021-29983 (bmo#1719088)
+ Firefox for Android could get stuck in fullscreen mode
+ * CVE-2021-29984 (bmo#1720031)
+ Incorrect instruction reordering during JIT optimization
+ * CVE-2021-29980 (bmo#1722204)
+ Uninitialized memory in a canvas object could have led to
+ memory corruption
+ * CVE-2021-29987 (bmo#1716129)
+ Users could have been tricked into accepting unwanted
+ permissions on Linux
+ * CVE-2021-29985 (bmo#1722083)
+ Use-after-free media channels
+ * CVE-2021-29982 (bmo#1715318)
+ Single bit data leak due to incorrect JIT optimization and
+ type confusion
+ * CVE-2021-29989 (bmo#1662676, bmo#1666184, bmo#1719178,
+ bmo#1719998, bmo#1720568)
+ Memory safety bugs fixed in Firefox 91 and Firefox ESR 78.13
+ * CVE-2021-29990 (bmo#1544190, bmo#1716481, bmo#1717778,
+ bmo#1719319, bmo#1722073)
+ Memory safety bugs fixed in Firefox 91
+- requires
+ * rustc/cargo >= 1.51
+ * NSPR >= 4.32
+ * NSS >= 3.68
+- force-disable webrender on BE platforms
+
+-------------------------------------------------------------------
Old:
----
firefox-90.0.2.source.tar.xz
firefox-90.0.2.source.tar.xz.asc
l10n-90.0.2.tar.xz
New:
----
firefox-91.0.1.source.tar.xz
firefox-91.0.1.source.tar.xz.asc
l10n-91.0.1.tar.xz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ MozillaFirefox.spec ++++++
--- /var/tmp/diff_new_pack.1AJX8K/_old 2021-08-19 10:01:47.355207747 +0200
+++ /var/tmp/diff_new_pack.1AJX8K/_new 2021-08-19 10:01:47.359207742 +0200
@@ -32,9 +32,9 @@
# orig_suffix b3
# major 69
# mainver %major.99
-%define major 90
-%define mainver %major.0.2
-%define orig_version 90.0.2
+%define major 91
+%define mainver %major.0.1
+%define orig_version 91.0.1
%define orig_suffix %{nil}
%define update_channel release
%define branding 1
@@ -54,6 +54,9 @@
# define if ccache should be used or not
%define useccache 1
+# SLE-12 doesn't have this macro
+%{!?_rpmmacrodir: %global _rpmmacrodir %{_rpmconfigdir}/macros.d}
+
# Firefox only supports i686
%ifarch %ix86
ExclusiveArch: i586 i686
@@ -100,7 +103,15 @@
%else
BuildRequires: gcc-c++
%endif
-BuildRequires: cargo >= 1.47
+%if 0%{?suse_version} < 1550 && 0%{?sle_version} < 150300
+BuildRequires: cargo >= 1.51
+BuildRequires: rust >= 1.51
+%else
+# Newer sle/leap/tw use parallel versioned rust releases which have
+# a different method for provides that we can use to request a
+# specific version
+BuildRequires: rust+cargo >= 1.51
+%endif
%if 0%{useccache} != 0
BuildRequires: ccache
%endif
@@ -110,8 +121,8 @@
BuildRequires: libiw-devel
BuildRequires: libproxy-devel
BuildRequires: makeinfo
-BuildRequires: mozilla-nspr-devel >= 4.31
-BuildRequires: mozilla-nss-devel >= 3.66
+BuildRequires: mozilla-nspr-devel >= 4.32
+BuildRequires: mozilla-nss-devel >= 3.68
BuildRequires: nasm >= 2.14
BuildRequires: nodejs >= 10.22.1
%if 0%{?sle_version} >= 120000 && 0%{?sle_version} < 150000
@@ -121,7 +132,6 @@
BuildRequires: python3 >= 3.5
BuildRequires: python3-devel
%endif
-BuildRequires: rust >= 1.47
BuildRequires: rust-cbindgen >= 0.19.0
BuildRequires: unzip
BuildRequires: update-desktop-files
@@ -367,6 +377,12 @@
export PYTHON3=/usr/bin/python36
%endif
+# Webrender does not support big endian yet, so we are forcing it off
+# see: https://bugzilla.mozilla.org/show_bug.cgi?id=1716707
+%ifarch s390x ppc64
+echo 'pref("gfx.webrender.force-disabled", true);' >> %{SOURCE9}
+%endif
+
#
kdehelperversion=$(cat toolkit/xre/nsKDEUtils.cpp | grep '#define
KMOZILLAHELPER_VERSION' | cut -d ' ' -f 3)
if test "$kdehelperversion" != %{kde_helper_version}; then
@@ -652,11 +668,8 @@
#
mkdir -p %{buildroot}%{_datadir}/mozilla/extensions/%{firefox_appid}
mkdir -p %{buildroot}%{_libdir}/mozilla/extensions/%{firefox_appid}
-%if %branding
# Install symbolic icon for GNOME
-mkdir -p %{buildroot}%{gnome_dir}/share/icons/hicolor/symbolic/apps/
-cp
%{_builddir}/%{srcname}-%{orig_version}/browser/branding/official/content/identity-icons-brand.svg
\
-
%{buildroot}%{gnome_dir}/share/icons/hicolor/symbolic/apps/%{progname}-symbolic.svg
+%if %branding
for size in 16 22 24 32 48 64 128 256; do
%else
for size in 16 32 48; do
++++++ firefox-90.0.2.source.tar.xz -> firefox-91.0.1.source.tar.xz ++++++
/work/SRC/openSUSE:Factory/MozillaFirefox/firefox-90.0.2.source.tar.xz
/work/SRC/openSUSE:Factory/.MozillaFirefox.new.1899/firefox-91.0.1.source.tar.xz
differ: char 15, line 1
++++++ l10n-90.0.2.tar.xz -> l10n-91.0.1.tar.xz ++++++
/work/SRC/openSUSE:Factory/MozillaFirefox/l10n-90.0.2.tar.xz
/work/SRC/openSUSE:Factory/.MozillaFirefox.new.1899/l10n-91.0.1.tar.xz differ:
char 26, line 1
++++++ mozilla-reduce-rust-debuginfo.patch ++++++
--- /var/tmp/diff_new_pack.1AJX8K/_old 2021-08-19 10:01:47.667207368 +0200
+++ /var/tmp/diff_new_pack.1AJX8K/_new 2021-08-19 10:01:47.671207363 +0200
@@ -1,54 +1,28 @@
-# HG changeset patch
-# User msirringh...@suse.de
-# Date 1560754926 -7200
-# Mon Jun 17 09:02:06 2019 +0200
-# Node ID 428161c3b9599083e1b8710eda1760f1f707ab11
-# Parent d55730171edb1935dec80234eba336787ff0e4e8
-#Description: reduce the rust debuginfo level on selected architectures where
-# compiling with debuginfo=2 causes the OOM killer to interrupt the build on
-# launchpad builders. Initially this was only on 32 bit architectures, but with
-# firefox 63 it started happening frequently on arm64 and ppc64el too.
-
diff --git a/build/moz.configure/rust.configure
b/build/moz.configure/rust.configure
--- a/build/moz.configure/rust.configure
+++ b/build/moz.configure/rust.configure
-@@ -603,18 +603,19 @@ set_config("CARGO_PROFILE_DEV_OPT_LEVEL"
-
-
- @depends(
- rustc_opt_level,
- debug_rust,
- target,
- "--enable-debug-symbols",
+@@ -610,6 +610,7 @@ set_config("CARGO_PROFILE_DEV_OPT_LEVEL"
"--enable-frame-pointers",
-+ host,
+ path_remapping,
+ path_remappings,
++ host
)
--def rust_compile_flags(opt_level, debug_rust, target, debug_symbols,
frame_pointers):
-+def rust_compile_flags(opt_level, debug_rust, target, debug_symbols,
frame_pointers, host):
+ def rust_compile_flags(
+ opt_level,
+@@ -619,6 +620,7 @@ def rust_compile_flags(
+ frame_pointers,
+ path_remapping,
+ path_remappings,
++ host
+ ):
# Cargo currently supports only two interesting profiles for building:
# development and release. Those map (roughly) to --enable-debug and
- # --disable-debug in Gecko, respectively.
- #
- # But we'd also like to support an additional axis of control for
- # optimization level. Since Cargo only supports 2 profiles, we're in
- # a bit of a bind.
- #
-@@ -627,16 +628,18 @@ def rust_compile_flags(opt_level, debug_
-
- # opt-level=0 implies -C debug-assertions, which may not be desired
- # unless Rust debugging is enabled.
- if opt_level == "0" and not debug_rust:
- debug_assertions = False
+@@ -642,6 +644,8 @@ def rust_compile_flags(
if debug_symbols:
debug_info = "2"
-+ if host.bitness == 32 or host.cpu == 'aarch64' or host.cpu == 'ppc64':
++ if host.bitness == 32 or host.cpu == 'aarch64' or host.cpu == 'ppc64'
or host.cpu == 's390x':
+ debug_info = '1'
opts = []
- if debug_assertions is not None:
- opts.append("debug-assertions=%s" % ("yes" if debug_assertions else
"no"))
- if debug_info is not None:
- opts.append("debuginfo=%s" % debug_info)
- if frame_pointers:
++++++ tar_stamps ++++++
--- /var/tmp/diff_new_pack.1AJX8K/_old 2021-08-19 10:01:47.743207275 +0200
+++ /var/tmp/diff_new_pack.1AJX8K/_new 2021-08-19 10:01:47.743207275 +0200
@@ -1,11 +1,10 @@
PRODUCT="firefox"
CHANNEL="release"
-VERSION="90.0.2"
+VERSION="91.0.1"
VERSION_SUFFIX=""
-PREV_VERSION="90.0.1"
+PREV_VERSION="91.0"
PREV_VERSION_SUFFIX=""
#SKIP_LOCALES="" # Uncomment to skip l10n and compare-locales-generation
-
RELEASE_REPO="https://hg.mozilla.org/releases/mozilla-release";
-RELEASE_TAG="cda19fb46018c9cb8dc5e6127ebb2cfd04aa9be4"
-RELEASE_TIMESTAMP="20210721174149"
+RELEASE_TAG="7dafd5f51c0afd1ae627bb4762ac0c140a6cd5f5"
+RELEASE_TIMESTAMP="20210816143654"
