testing/firefox: security upgrade to 72.0.1

Co-authored-by: Rasmus Thomsen <oss@cogitri.dev>
author: J0WI <J0WI@users.noreply.github.com> 2020-01-09 02:18:09 +0100
committer: Rasmus Thomsen <oss@cogitri.dev> 2020-01-09 18:57:32 +0100
commit: af0d1d1edd77beb85efb9bbf0ad15000eb319170 (patch)
tree: bd50b1bcdd27c06b4243dca050223ce038b93652 /testing
parent: 2c35602849abdd45c6fd5050bc6e42a2a390fe99 (diff)
download: aports-af0d1d1edd77beb85efb9bbf0ad15000eb319170.tar.bz2
aports-af0d1d1edd77beb85efb9bbf0ad15000eb319170.tar.xz
4 files changed, 97 insertions, 111 deletions
diff --git a/testing/firefox/8e71fa07fe00.patch b/testing/firefox/8e71fa07fe00.patch
new file mode 100644
index 0000000000..17f274e564
--- /dev/null
+++ b/testing/firefox/8e71fa07fe00.patch
@@ -0,0 +1,83 @@
+
+# HG changeset patch
+# User Simon Giesecke <sgiesecke@mozilla.com>
+# Date 1576592608 0
+# Node ID 8e71fa07fe004c2e4d04db6b9e77cdfbc7810d6a
+# Parent  23dbcfafb3b73d6c1c26c5021199b6fa608150c4
+Bug 1601707 - Workaround for compilers that do not extend the lifetime of temporaries resulting from ?: expressions. r=janv, a=RyanVM
+
+Differential Revision: https://phabricator.services.mozilla.com/D56873
+
+diff --git a/dom/indexedDB/ActorsParent.cpp b/dom/indexedDB/ActorsParent.cpp
+--- a/dom/indexedDB/ActorsParent.cpp
++++ b/dom/indexedDB/ActorsParent.cpp
+@@ -24578,19 +24578,19 @@ nsresult ObjectStoreAddOrPutRequestOp::D
+     }
+   }
+ 
+   // The "|| keyUnset" here is mostly a debugging tool. If a key isn't
+   // specified we should never have a collision and so it shouldn't matter
+   // if we allow overwrite or not. By not allowing overwrite we raise
+   // detectable errors rather than corrupting data.
+   DatabaseConnection::CachedStatement stmt;
+-  const auto& optReplaceDirective = (!mOverwrite || keyUnset)
+-                                        ? NS_LITERAL_CSTRING("")
+-                                        : NS_LITERAL_CSTRING("OR REPLACE ");
++  const auto optReplaceDirective = (!mOverwrite || keyUnset)
++                                       ? NS_LITERAL_CSTRING("")
++                                       : NS_LITERAL_CSTRING("OR REPLACE ");
+   rv = aConnection->GetCachedStatement(
+       NS_LITERAL_CSTRING("INSERT ") + optReplaceDirective +
+           NS_LITERAL_CSTRING("INTO object_data "
+                              "(object_store_id, key, file_ids, data) "
+                              "VALUES (:") +
+           kStmtParamNameObjectStoreId + NS_LITERAL_CSTRING(", :") +
+           kStmtParamNameKey + NS_LITERAL_CSTRING(", :") +
+           kStmtParamNameFileIds + NS_LITERAL_CSTRING(", :") +
+@@ -26422,19 +26422,19 @@ nsresult Cursor::OpenOp::DoIndexDatabase
+   MOZ_ASSERT(mCursor->mType == OpenCursorParams::TIndexOpenCursorParams);
+   MOZ_ASSERT(mCursor->mObjectStoreId);
+   MOZ_ASSERT(mCursor->mIndexId);
+ 
+   AUTO_PROFILER_LABEL("Cursor::OpenOp::DoIndexDatabaseWork", DOM);
+ 
+   const bool usingKeyRange = mOptionalKeyRange.isSome();
+ 
+-  const auto& indexTable = mCursor->mUniqueIndex
+-                               ? NS_LITERAL_CSTRING("unique_index_data")
+-                               : NS_LITERAL_CSTRING("index_data");
++  const auto indexTable = mCursor->mUniqueIndex
++                              ? NS_LITERAL_CSTRING("unique_index_data")
++                              : NS_LITERAL_CSTRING("index_data");
+ 
+   // The result of MakeColumnPairSelectionList is stored in a local variable,
+   // since inlining it into the next statement causes a crash on some Mac OS X
+   // builds (see https://bugzilla.mozilla.org/show_bug.cgi?id=1168606#c110).
+   const auto columnPairSelectionList = MakeColumnPairSelectionList(
+       NS_LITERAL_CSTRING("index_table.value"),
+       NS_LITERAL_CSTRING("index_table.value_locale"), kColumnNameAliasSortKey,
+       mCursor->IsLocaleAware());
+@@ -26528,19 +26528,19 @@ nsresult Cursor::OpenOp::DoIndexKeyDatab
+   MOZ_ASSERT(mCursor->mType == OpenCursorParams::TIndexOpenKeyCursorParams);
+   MOZ_ASSERT(mCursor->mObjectStoreId);
+   MOZ_ASSERT(mCursor->mIndexId);
+ 
+   AUTO_PROFILER_LABEL("Cursor::OpenOp::DoIndexKeyDatabaseWork", DOM);
+ 
+   const bool usingKeyRange = mOptionalKeyRange.isSome();
+ 
+-  const auto& table = mCursor->mUniqueIndex
+-                          ? NS_LITERAL_CSTRING("unique_index_data")
+-                          : NS_LITERAL_CSTRING("index_data");
++  const auto table = mCursor->mUniqueIndex
++                         ? NS_LITERAL_CSTRING("unique_index_data")
++                         : NS_LITERAL_CSTRING("index_data");
+ 
+   // The result of MakeColumnPairSelectionList is stored in a local variable,
+   // since inlining it into the next statement causes a crash on some Mac OS X
+   // builds (see https://bugzilla.mozilla.org/show_bug.cgi?id=1168606#c110).
+   const auto columnPairSelectionList = MakeColumnPairSelectionList(
+       NS_LITERAL_CSTRING("value"), NS_LITERAL_CSTRING("value_locale"),
+       kColumnNameAliasSortKey, mCursor->IsLocaleAware());
+   const nsCString sortColumnAlias = NS_LITERAL_CSTRING("SELECT ") +
+
diff --git a/testing/firefox/APKBUILD b/testing/firefox/APKBUILD
index 044043cbda..65d38bbacc 100644
--- a/testing/firefox/APKBUILD
+++ b/testing/firefox/APKBUILD
@@ -1,8 +1,8 @@
 # Contributor: Sören Tempel <soeren+alpine@soeren-tempel.net>
 # Maintainer: Natanael Copa <ncopa@alpinelinux.org>
 pkgname=firefox
-pkgver=71.0
-pkgrel=1
+pkgver=72.0.1
+pkgrel=0
 pkgdesc="Firefox web browser"
 url="https://www.firefox.com/"
 arch="all !s390x !armhf" # limited by rust and cargo, build failure on armhf due to wasm
@@ -60,10 +60,9 @@ source="https://ftp.mozilla.org/pub/firefox/releases/$pkgver/source/firefox-$pkg
 	disable-moz-stackwalk.patch
 	fix-rust-target.patch
 	fix-webrtc-glibcisms.patch
-	fix-sandbox-membarrier.patch
+	8e71fa07fe00.patch
 	rust_audio-thread-priority.patch
 	fd6847c9416f9eebde636e21d794d25d1be8791d.patch
-	firefox-71.0-bug1602358-fix-older-builds-with-newer-cbindgen.patch
 
 	x86_64-alpine-linux-musl.json
 	firefox.desktop
@@ -76,6 +75,15 @@ _mozappdir=/usr/lib/firefox
 ldpath="$_mozappdir"
 
 # secfixes:
+#   71.0.1-r0:
+#     - CVE-2019-17016
+#     - CVE-2019-17017
+#     - CVE-2019-17020
+#     - CVE-2019-17022
+#     - CVE-2019-17023
+#     - CVE-2019-17024
+#     - CVE-2019-17025
+#     - CVE-2019-17026
 #   70.0-r0:
 #     - CVE-2018-6156
 #     - CVE-2019-15903
@@ -261,7 +269,7 @@ __EOF__
 	rm -f "$pkgdir"/${_mozappdirdev}/sdk/lib/libxul.so
 }
 
-sha512sums="2f60bb7513dc2e730d8d558faad30367e12d27cb24b630aaebeb0473d0a202a3d4838b253d631722d57fb26f54145e296a710ec1714d3ba27dd71c6c1c52e920  firefox-71.0.source.tar.xz
+sha512sums="8df6a64cde4bdb879c3cb9df7f8b43c7d67c47502e2dce1d3ee82de433931435963b3e51c99035a78f0a997bc934a838d198f2a1cd6a624441769d37b1469fcf  firefox-72.0.1.source.tar.xz
 0b3f1e4b9fdc868e4738b5c81fd6c6128ce8885b260affcb9a65ff9d164d7232626ce1291aaea70132b3e3124f5e13fef4d39326b8e7173e362a823722a85127  stab.h
 2f4f15974d52de4bb273b62a332d13620945d284bbc6fe6bd0a1f58ff7388443bc1d3bf9c82cc31a8527aad92b0cd3a1bc41d0af5e1800e0dcbd7033e58ffd71  fix-fortify-system-wrappers.patch
 84b84d2d7dbc16002510bf856796ad345ac38ef6d3254670230189bba7c2d4781714d231236d5a3d70129a4597b430c3171644b01ad0f5a5bb13b55d407337a4  fix-seccomp-bpf.patch
@@ -271,10 +279,9 @@ a4a3e062661bda64d502d426c480ac9645345860118de9df9ffe6e0597738c70c11e5cdef2d4fd12
 454ea3263cabce099accbdc47aaf83be26a19f8b5a4568c01a7ef0384601cf8315efd86cd917f9c8bf419c2c845db89a905f3ff9a8eb0c8e41042e93aa96a85c  disable-moz-stackwalk.patch
 089c97e6011e86a9b9d9e7b0c8ba3af0519d1ce4e2b1e9ab7719762d6968388bfa47dad3bf23a6d41c3d66fdcc6c15e2c926e3ff9500bfd4fbf1b53e6d19dc57  fix-rust-target.patch
 d35cacb9ede80e6bfbef0709823e536dddfb1c02d776275b0b7adb5969e9927d8c6117df96873569c3f3db0a18ee5db24f8086a9311a05077892be43a3dd8d79  fix-webrtc-glibcisms.patch
-f85f2c19c3dafab915bcb40e580fc442fd9eab5916696849edf0b105c758dd807dfe23a6479935613c81496711eb377c73227c03eb8582204c3442a4d0e397a2  fix-sandbox-membarrier.patch
+0518e66c58cbf0615af396ab962104780995eadb748254cc3a0864155e65d6132d4d6d872501f791aec552a8fc6aac8d478efc03e2203012fc1dab228b329088  8e71fa07fe00.patch
 18098bae18ce9ead6bca0d93d28e634495fa08a4c0707057f72a9e34205a64a0ce5ab98a4cfc2d492412725b14447eb9553b2976d9620c3d71eba2135c6ba211  rust_audio-thread-priority.patch
 60845dcb034b2c4459c30f7d5f25c8176cf42df794e2cc0e86c3e2abb6541c24b962f3a16ca70a288d4d6f377b68d00b2904b22463108559612053d835d9bff1  fd6847c9416f9eebde636e21d794d25d1be8791d.patch
-5fa62e873a8481b9f0299efef01be494997a01937d54ff1ecab486c5a227dba8d5f5efe0d988fc92446eafaa354e067ce2e2d8c0b40e490cef1c06d30cde4690  firefox-71.0-bug1602358-fix-older-builds-with-newer-cbindgen.patch
 0dfa633abf3f411c90a030c46ee7f8fdde6fdd9f3a0c493599a58633e09b183d6c04590fc1984256e514c1da4f72f43dde3f5dbceef888b08262952b4f894919  x86_64-alpine-linux-musl.json
 f3b7c3e804ce04731012a46cb9e9a6b0769e3772aef9c0a4a8c7520b030fdf6cd703d5e9ff49275f14b7d738fe82a0a4fde3bc3219dff7225d5db0e274987454  firefox.desktop
 5dcb6288d0444a8a471d669bbaf61cdb1433663eff38b72ee5e980843f5fc07d0d60c91627a2c1159215d0ad77ae3f115dcc5fdfe87e64ca704b641aceaa44ed  firefox-safe.desktop"
diff --git a/testing/firefox/firefox-71.0-bug1602358-fix-older-builds-with-newer-cbindgen.patch b/testing/firefox/firefox-71.0-bug1602358-fix-older-builds-with-newer-cbindgen.patch
deleted file mode 100644
index 117b98caf3..0000000000
--- a/testing/firefox/firefox-71.0-bug1602358-fix-older-builds-with-newer-cbindgen.patch
+++ /dev/null
@@ -1,50 +0,0 @@
-From 2683aaa789cfeb8c31a2d94ed972642421768a4b Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Emilio=20Cobos=20=C3=81lvarez?= <emilio@crisal.io>
-Date: Thu, 1 Jan 1970 00:00:00 +0000
-Subject: [PATCH] Bug 1602358 - Fix older builds with newer cbindgen. r=jwatt,
- a=jcristau
-
-This should be fine to uplift so that downstream doesn't need multiple cbindgen
-versions.
-
-Differential Revision: https://phabricator.services.mozilla.com/D56346
----
- layout/generic/WritingModes.h      |  3 ++-
- servo/ports/geckolib/cbindgen.toml | 10 ----------
- 2 files changed, 2 insertions(+), 11 deletions(-)
-
-diff --git a/layout/generic/WritingModes.h b/layout/generic/WritingModes.h
-index 1a8d08b191b..0671388902f 100644
---- a/layout/generic/WritingModes.h
-+++ b/layout/generic/WritingModes.h
-@@ -518,7 +518,8 @@ class WritingMode {
-    */
-   void SetDirectionFromBidiLevel(uint8_t level) {
-     if (IS_LEVEL_RTL(level) == IsBidiLTR()) {
--      mWritingMode ^= StyleWritingMode_RTL | StyleWritingMode_INLINE_REVERSED;
-+      mWritingMode.bits ^= static_cast<uint8_t>(
-+          (StyleWritingMode_RTL | StyleWritingMode_INLINE_REVERSED).bits);
-     }
-   }
- 
-diff --git a/servo/ports/geckolib/cbindgen.toml b/servo/ports/geckolib/cbindgen.toml
-index bed86498ea1..8a7a9cd7998 100644
---- a/servo/ports/geckolib/cbindgen.toml
-+++ b/servo/ports/geckolib/cbindgen.toml
-@@ -616,13 +616,3 @@ renaming_overrides_prefixing = true
-   // Get the layout rect, replacing auto right / bottom values for aAutoSize.
-   inline nsRect ToLayoutRect(nscoord aAutoSize = NS_MAXSIZE) const;
- """
--
--"WritingMode" = """
--  StyleWritingMode operator^(const StyleWritingMode& other) const {
--    return {static_cast<decltype(bits)>(this->bits ^ other.bits)};
--  }
--  StyleWritingMode& operator^=(const StyleWritingMode& other) {
--    *this = (*this ^ other);
--    return *this;
--  }
--"""
--- 
-2.20.1
-
diff --git a/testing/firefox/fix-sandbox-membarrier.patch b/testing/firefox/fix-sandbox-membarrier.patch
deleted file mode 100644
index 4bd3b80d2a..0000000000
--- a/testing/firefox/fix-sandbox-membarrier.patch
+++ /dev/null
@@ -1,54 +0,0 @@
-allow usage of SYS_membarrier, needed since musl-1.1.22
-
-Taken from voidlinux: https://github.com/void-linux/void-packages/commit/4198411ac3b9e2620e171c662df82008da0faebb
-
---- a/security/sandbox/linux/SandboxFilter.cpp
-+++ b/security/sandbox/linux/SandboxFilter.cpp
-@@ -572,6 +572,8 @@
-       case __NR_set_tid_address:
-         return Allow();
- #endif
-+      case __NR_membarrier:
-+        return Allow();
- 
-         // prctl
-       case __NR_prctl: {
-
---- a/security/sandbox/chromium/sandbox/linux/system_headers/arm_linux_syscalls.h
-+++ b/security/sandbox/chromium/sandbox/linux/system_headers/arm_linux_syscalls.h
-@@ -1385,6 +1385,10 @@
- #define __NR_memfd_create (__NR_SYSCALL_BASE+385)
- #endif
- 
-+#if !defined(__NR_membarrier)
-+#define __NR_membarrier (__NR_SYSCALL_BASE+389)
-+#endif
-+
- // ARM private syscalls.
- #if !defined(__ARM_NR_BASE)
- #define __ARM_NR_BASE (__NR_SYSCALL_BASE + 0xF0000)
-
---- a/security/sandbox/chromium/sandbox/linux/system_headers/x86_64_linux_syscalls.h
-+++ b/security/sandbox/chromium/sandbox/linux/system_headers/x86_64_linux_syscalls.h
-@@ -1290,5 +1290,9 @@
- #define __NR_memfd_create 319
- #endif
- 
-+#if !defined(__NR_membarrier)
-+#define __NR_membarrier 324
-+#endif
-+
- #endif  // SANDBOX_LINUX_SYSTEM_HEADERS_X86_64_LINUX_SYSCALLS_H_
- 
---- a/security/sandbox/chromium/sandbox/linux/system_headers/x86_32_linux_syscalls.h
-+++ b/security/sandbox/chromium/sandbox/linux/system_headers/x86_32_linux_syscalls.h
-@@ -1490,5 +1490,9 @@
- #define __NR_shutdown 373
- #endif
- 
-+#if !defined(__NR_membarrier)
-+#define __NR_membarrier 375
-+#endif
-+
- #endif  // SANDBOX_LINUX_SYSTEM_HEADERS_X86_32_LINUX_SYSCALLS_H_
-
author	J0WI <J0WI@users.noreply.github.com>	2020-01-09 02:18:09 +0100
committer	Rasmus Thomsen <oss@cogitri.dev>	2020-01-09 18:57:32 +0100
commit	af0d1d1edd77beb85efb9bbf0ad15000eb319170 (patch)
tree	bd50b1bcdd27c06b4243dca050223ce038b93652 /testing
parent	2c35602849abdd45c6fd5050bc6e42a2a390fe99 (diff)
download	aports-af0d1d1edd77beb85efb9bbf0ad15000eb319170.tar.bz2 aports-af0d1d1edd77beb85efb9bbf0ad15000eb319170.tar.xz