Hello community,
here is the log from the commit of package MozillaFirefox for openSUSE:Factory
checked in at 2020-05-07 17:51:04
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/MozillaFirefox (Old)
and /work/SRC/openSUSE:Factory/.MozillaFirefox.new.2738 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "MozillaFirefox"
Thu May 7 17:51:04 2020 rev:311 rq:800451 version:76.0
Changes:
--------
--- /work/SRC/openSUSE:Factory/MozillaFirefox/MozillaFirefox.changes
2020-04-13 12:49:23.200540101 +0200
+++ /work/SRC/openSUSE:Factory/.MozillaFirefox.new.2738/MozillaFirefox.changes
2020-05-07 17:51:10.281354991 +0200
@@ -1,0 +2,39 @@
+Fri May 1 11:59:58 UTC 2020 - Wolfgang Rosenauer <w...@rosenauer.org>
+
+- Mozilla Firefox 76.0
+ * Lockwise improvements
+ * Improvements in Picture-in-Picture feature
+ * Support Audio Worklets
+ MFSA-2020-16 (bsc#1171186)
+ * CVE-2020-12387 (bmo#1545345)
+ Use-after-free during worker shutdown
+ * CVE-2020-12388 (bmo#1618911)
+ Sandbox escape with improperly guarded Access Tokens
+ * CVE-2020-12389 (bmo#1554110)
+ Sandbox escape with improperly separated process types
+ * CVE-2020-6831 (bmo#1632241)
+ Buffer overflow in SCTP chunk input validation
+ * CVE-2020-12390 (bmo#1141959)
+ Incorrect serialization of nsIPrincipal.origin for IPv6 addresses
+ * CVE-2020-12391 (bmo#1457100)
+ Content-Security-Policy bypass using object elements
+ * CVE-2020-12392 (bmo#1614468)
+ Arbitrary local file access with 'Copy as cURL'
+ * CVE-2020-12393 (bmo#1615471)
+ Devtools' 'Copy as cURL' feature did not fully escape
+ website-controlled data, potentially leading to command injection
+ * CVE-2020-12394 (bmo#1628288)
+ URL spoofing in location bar when unfocussed
+ * CVE-2020-12395 (bmo#1595886, bmo#1611482, bmo#1614704, bmo#1624098,
+ bmo#1625749, bmo#1626382, bmo#1628076, bmo#1631508)
+ Memory safety bugs fixed in Firefox 76 and Firefox ESR 68.8
+ * CVE-2020-12396 (bmo#1339601, bmo#1611938, bmo#1620488,
+ bmo#1622291, bmo#1627644)
+ Memory safety bugs fixed in Firefox 76
+- requires
+ * NSS >= 3.51.1
+ * nasm >= 2.14
+- removed obsolete patch mozilla-bmo1622013.patch
+- fix URI creation for KDE file selector integration (boo#1160331)
+
+-------------------------------------------------------------------
Old:
----
firefox-75.0.source.tar.xz
firefox-75.0.source.tar.xz.asc
l10n-75.0.tar.xz
mozilla-bmo1622013.patch
New:
----
firefox-76.0.source.tar.xz
firefox-76.0.source.tar.xz.asc
l10n-76.0.tar.xz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ MozillaFirefox.spec ++++++
--- /var/tmp/diff_new_pack.gbsyCN/_old 2020-05-07 17:51:39.133416177 +0200
+++ /var/tmp/diff_new_pack.gbsyCN/_new 2020-05-07 17:51:39.137416185 +0200
@@ -18,9 +18,9 @@
# changed with every update
-%define major 75
+%define major 76
%define mainver %major.0
-%define orig_version 75.0
+%define orig_version 76.0
%define orig_suffix %{nil}
%define update_channel release
%define branding 1
@@ -84,8 +84,8 @@
BuildRequires: libproxy-devel
BuildRequires: makeinfo
BuildRequires: mozilla-nspr-devel >= 4.25
-BuildRequires: mozilla-nss-devel >= 3.51
-BuildRequires: nasm >= 2.13
+BuildRequires: mozilla-nss-devel >= 3.51.1
+BuildRequires: nasm >= 2.14
BuildRequires: nodejs10 >= 10.19.0
BuildRequires: python-devel
BuildRequires: python2-xml
@@ -186,7 +186,6 @@
Patch20: mozilla-fix-top-level-asm.patch
Patch21: mozilla-bmo1504834-part4.patch
Patch22: mozilla-bmo849632.patch
-Patch23: mozilla-bmo1622013.patch
# Firefox/browser
Patch101: firefox-kde.patch
Patch102: firefox-branded-icons.patch
@@ -322,7 +321,6 @@
%patch20 -p1
%patch21 -p1
%patch22 -p1
-%patch23 -p1
# Firefox
%patch101 -p1
%patch102 -p1
@@ -662,7 +660,6 @@
%{progdir}/browser/defaults
%{progdir}/browser/features/
%{progdir}/browser/chrome/icons
-%{progdir}/browser/blocklist.xml
%{progdir}/browser/omni.ja
%dir %{progdir}/distribution/
%{progdir}/distribution/extensions/
++++++ firefox-75.0.source.tar.xz -> firefox-76.0.source.tar.xz ++++++
/work/SRC/openSUSE:Factory/MozillaFirefox/firefox-75.0.source.tar.xz
/work/SRC/openSUSE:Factory/.MozillaFirefox.new.2738/firefox-76.0.source.tar.xz
differ: char 15, line 1
++++++ l10n-75.0.tar.xz -> l10n-76.0.tar.xz ++++++
/work/SRC/openSUSE:Factory/MozillaFirefox/l10n-75.0.tar.xz
/work/SRC/openSUSE:Factory/.MozillaFirefox.new.2738/l10n-76.0.tar.xz differ:
char 26, line 1
++++++ mozilla-bmo1463035.patch ++++++
--- /var/tmp/diff_new_pack.gbsyCN/_old 2020-05-07 17:51:39.365416669 +0200
+++ /var/tmp/diff_new_pack.gbsyCN/_new 2020-05-07 17:51:39.365416669 +0200
@@ -3,7 +3,7 @@
# User Mike Hommey <mh+mozi...@glandium.org>
# Date 1526871862 -32400
# Node ID 94f21505ff13cd089f7129cd24927cf8b31a0f43
-# Parent 71b9d492b739602dbfe713fd4de3205e9d485f18
+# Parent 0b7e1398ca2e15e27da93144ba9fb30db38367b1
Bug 1463035 - Remove MOZ_SIGNAL_TRAMPOLINE. r?darchons
For some reason, GNU as is not happy with the assembly generated after
@@ -12,30 +12,6 @@
OTOH, as mentioned in bug 1238661 comment 4, we actually don't need this
workaround anymore, so let's just kill it.
-diff --git a/mfbt/moz.build b/mfbt/moz.build
---- a/mfbt/moz.build
-+++ b/mfbt/moz.build
-@@ -131,20 +131,16 @@ EXPORTS["double-conversion"] = [
- LOCAL_INCLUDES += [
- '/mfbt/double-conversion',
- ]
-
- if CONFIG['OS_ARCH'] == 'WINNT':
- EXPORTS.mozilla += [
- 'WindowsVersion.h',
- ]
--elif CONFIG['OS_ARCH'] == 'Linux':
-- EXPORTS.mozilla += [
-- 'LinuxSignal.h',
-- ]
-
- UNIFIED_SOURCES += [
- 'Assertions.cpp',
- 'ChaosMode.cpp',
- 'double-conversion/double-conversion/bignum-dtoa.cc',
- 'double-conversion/double-conversion/bignum.cc',
- 'double-conversion/double-conversion/cached-powers.cc',
- 'double-conversion/double-conversion/double-to-string.cc',
diff --git a/mozglue/baseprofiler/core/platform-linux-android.cpp
b/mozglue/baseprofiler/core/platform-linux-android.cpp
--- a/mozglue/baseprofiler/core/platform-linux-android.cpp
+++ b/mozglue/baseprofiler/core/platform-linux-android.cpp
@@ -79,25 +55,7 @@
diff --git a/tools/profiler/core/platform-linux-android.cpp
b/tools/profiler/core/platform-linux-android.cpp
--- a/tools/profiler/core/platform-linux-android.cpp
+++ b/tools/profiler/core/platform-linux-android.cpp
-@@ -55,17 +55,16 @@
- #ifdef __GLIBC__
- # include <execinfo.h> // backtrace, backtrace_symbols
- #endif // def __GLIBC__
- #include <strings.h> // index
- #include <errno.h>
- #include <stdarg.h>
-
- #include "prenv.h"
--#include "mozilla/LinuxSignal.h"
- #include "mozilla/PodOperations.h"
- #include "mozilla/DebugOnly.h"
-
- #include <string.h>
- #include <list>
-
- using namespace mozilla;
-
-@@ -257,17 +256,17 @@ Sampler::Sampler(PSLockRef aLock)
+@@ -258,17 +258,17 @@ Sampler::Sampler(PSLockRef aLock)
// NOTE: We don't initialize LUL here, instead initializing it in
// SamplerThread's constructor. This is because with the
++++++ mozilla-kde.patch ++++++
--- /var/tmp/diff_new_pack.gbsyCN/_old 2020-05-07 17:51:39.409416763 +0200
+++ /var/tmp/diff_new_pack.gbsyCN/_new 2020-05-07 17:51:39.413416770 +0200
@@ -3,7 +3,7 @@
# Date 1559294891 -7200
# Fri May 31 11:28:11 2019 +0200
# Node ID c2aa7198fb925e7fde96abf65b6f68b9b755f112
-# Parent fbac8545cf6f461803505c2d1f57531798dee96a
+# Parent 04c2cbd396b26a8e08980304a436e5e12fb6a205
Description: Add KDE integration to Firefox (toolkit parts)
Author: Wolfgang Rosenauer <wolfg...@rosenauer.org>
Author: Lubos Lunak <lu...@suse.com>
@@ -31,7 +31,7 @@
#ifdef MOZ_MEMORY
# include "mozmemory.h"
#endif
-@@ -4535,25 +4536,37 @@ nsresult Preferences::InitInitialObjects
+@@ -4539,25 +4540,37 @@ nsresult Preferences::InitInitialObjects
// application pref files for backwards compatibility.
static const char* specialFiles[] = {
#if defined(XP_MACOSX)
@@ -69,7 +69,7 @@
// Load jar:$app/omni.jar!/defaults/preferences/*.js
// or jar:$gre/omni.jar!/defaults/preferences/*.js.
-@@ -4599,17 +4612,17 @@ nsresult Preferences::InitInitialObjects
+@@ -4603,17 +4616,17 @@ nsresult Preferences::InitInitialObjects
}
nsCOMPtr<nsIFile> path = do_QueryInterface(elem);
@@ -87,7 +87,7 @@
SetupTelemetryPref();
}
- NS_CreateServicesFromCategory(NS_PREFSERVICE_APPDEFAULTS_TOPIC_ID, nullptr,
+ if (aIsStartup) {
diff --git a/modules/libpref/moz.build b/modules/libpref/moz.build
--- a/modules/libpref/moz.build
+++ b/modules/libpref/moz.build
@@ -175,7 +175,7 @@
diff --git a/toolkit/mozapps/downloads/HelperAppDlg.jsm
b/toolkit/mozapps/downloads/HelperAppDlg.jsm
--- a/toolkit/mozapps/downloads/HelperAppDlg.jsm
+++ b/toolkit/mozapps/downloads/HelperAppDlg.jsm
-@@ -1209,36 +1209,66 @@ nsUnknownContentTypeDialog.prototype = {
+@@ -1205,36 +1205,66 @@ nsUnknownContentTypeDialog.prototype = {
params.handlerApp &&
params.handlerApp.executable &&
params.handlerApp.executable.isFile()
@@ -1104,7 +1104,7 @@
diff --git a/uriloader/exthandler/unix/nsMIMEInfoUnix.cpp
b/uriloader/exthandler/unix/nsMIMEInfoUnix.cpp
--- a/uriloader/exthandler/unix/nsMIMEInfoUnix.cpp
+++ b/uriloader/exthandler/unix/nsMIMEInfoUnix.cpp
-@@ -1,47 +1,50 @@
+@@ -1,46 +1,49 @@
/* -*- Mode: C++; tab-width: 3; indent-tabs-mode: nil; c-basic-offset: 2 -*-
*
* This Source Code Form is subject to the terms of the Mozilla Public
@@ -1117,7 +1117,6 @@
#include "nsIGIOService.h"
#include "nsNetCID.h"
#include "nsIIOService.h"
- #include "nsAutoPtr.h"
#ifdef MOZ_ENABLE_DBUS
# include "nsDBusHandlerApp.h"
#endif
@@ -1160,7 +1159,7 @@
if (*_retval) return NS_OK;
return NS_OK;
-@@ -51,16 +54,33 @@ nsresult nsMIMEInfoUnix::LaunchDefaultWi
+@@ -50,16 +53,33 @@ nsresult nsMIMEInfoUnix::LaunchDefaultWi
// if mDefaultApplication is set, it means the application has been set from
// either /etc/mailcap or ${HOME}/.mailcap, in which case we don't want to
// give the GNOME answer.
@@ -1216,7 +1215,7 @@
#include "nsIFileStreams.h"
#include "nsILineInputStream.h"
#include "nsIFile.h"
-@@ -1024,17 +1024,17 @@ nsresult nsOSHelperAppService::GetHandle
+@@ -1023,17 +1023,17 @@ nsresult nsOSHelperAppService::GetHandle
nsresult nsOSHelperAppService::OSProtocolHandlerExists(
const char* aProtocolScheme, bool* aHandlerExists) {
@@ -1235,7 +1234,7 @@
nsCOMPtr<nsIHandlerService> handlerSvc =
do_GetService(NS_HANDLERSERVICE_CONTRACTID, &rv);
if (NS_SUCCEEDED(rv) && handlerSvc) {
-@@ -1044,17 +1044,17 @@ nsresult nsOSHelperAppService::OSProtoco
+@@ -1043,17 +1043,17 @@ nsresult nsOSHelperAppService::OSProtoco
}
return rv;
@@ -1254,7 +1253,7 @@
NS_IMETHODIMP nsOSHelperAppService::IsCurrentAppOSDefaultForProtocol(
const nsACString& aScheme, bool* _retval) {
-@@ -1141,17 +1141,17 @@ already_AddRefed<nsMIMEInfoBase> nsOSHel
+@@ -1140,17 +1140,17 @@ already_AddRefed<nsMIMEInfoBase> nsOSHel
nsresult rv =
LookUpTypeAndDescription(NS_ConvertUTF8toUTF16(aFileExt), majorType,
minorType, mime_types_description, true);
@@ -1273,7 +1272,7 @@
rv = LookUpTypeAndDescription(NS_ConvertUTF8toUTF16(aFileExt), majorType,
minorType, mime_types_description, false);
-@@ -1253,17 +1253,17 @@ already_AddRefed<nsMIMEInfoBase> nsOSHel
+@@ -1252,17 +1252,17 @@ already_AddRefed<nsMIMEInfoBase> nsOSHel
// Now look up our extensions
nsAutoString extensions, mime_types_description;
@@ -1333,7 +1332,7 @@
#include "nsGtkUtils.h"
#include "nsIFileURL.h"
#include "nsIGIOService.h"
-@@ -20,16 +21,17 @@
+@@ -20,16 +21,18 @@
#include "nsArrayEnumerator.h"
#include "nsMemory.h"
#include "nsEnumeratorUtils.h"
@@ -1343,6 +1342,7 @@
#include "nsFilePicker.h"
+#include "nsKDEUtils.h"
++#include "nsURLHelper.h"
using namespace mozilla;
@@ -1351,7 +1351,7 @@
#define MAX_PREVIEW_SOURCE_SIZE 4096
nsIFile* nsFilePicker::mPrevDisplayDirectory = nullptr;
-@@ -227,17 +229,19 @@ nsFilePicker::AppendFilters(int32_t aFil
+@@ -227,17 +230,19 @@ nsFilePicker::AppendFilters(int32_t aFil
mAllowURLs = !!(aFilterMask & filterAllowURLs);
return nsBaseFilePicker::AppendFilters(aFilterMask);
}
@@ -1372,7 +1372,7 @@
mFilters.AppendElement(filter);
mFilterNames.AppendElement(name);
-@@ -337,16 +341,39 @@ nsresult nsFilePicker::Show(int16_t* aRe
+@@ -337,16 +342,39 @@ nsresult nsFilePicker::Show(int16_t* aRe
return NS_OK;
}
@@ -1412,7 +1412,7 @@
GtkFileChooserAction action = GetGtkFileChooserAction(mMode);
const gchar* accept_button;
-@@ -571,16 +598,240 @@ void nsFilePicker::Done(void* file_choos
+@@ -571,16 +599,244 @@ void nsFilePicker::Done(void* file_choos
mCallback->Done(result);
mCallback = nullptr;
} else {
@@ -1578,8 +1578,12 @@
+ mFileURL = output[ 0 ];
+ else // GetFile() actually requires it to be url even for local
files :-/
+ {
-+ mFileURL = nsCString( "file://" );
-+ mFileURL.Append( output[ 0 ] );
++ nsCOMPtr<nsIFile> localfile;
++ nsresult rv = NS_NewNativeLocalFile( output[ 0 ],
++ PR_FALSE,
++ getter_AddRefs(localfile));
++ if (NS_SUCCEEDED(rv))
++ rv = net_GetURLSpecFromActualFile(localfile, mFileURL);
+ }
+ }
+ // Remember last used directory.
++++++ tar_stamps ++++++
--- /var/tmp/diff_new_pack.gbsyCN/_old 2020-05-07 17:51:39.481416915 +0200
+++ /var/tmp/diff_new_pack.gbsyCN/_new 2020-05-07 17:51:39.481416915 +0200
@@ -1,11 +1,11 @@
PRODUCT="firefox"
CHANNEL="release"
-VERSION="75.0"
+VERSION="76.0"
VERSION_SUFFIX=""
-PREV_VERSION="75.0"
+PREV_VERSION="76.0"
PREV_VERSION_SUFFIX=""
#SKIP_LOCALES="" # Uncomment to skip l10n and compare-locales-generation
RELEASE_REPO="https://hg.mozilla.org/releases/mozilla-release";
-RELEASE_TAG="6200ca9b300670ec069cdbf6e4f05e6a0bca46f1"
-RELEASE_TIMESTAMP="20200403170909"
+RELEASE_TAG="cf326ad0bb298ee24b1abd9b1cb6513af4fa04ba"
+RELEASE_TIMESTAMP="20200429185419"
