search

classilla / tenfourfox

Mozilla for Power Macintosh.
http://www.tenfourfox.com/
Other
270 stars 38 forks source link

candidate patches #651

Open classilla opened 2 years ago

classilla commented 2 years ago

https://hg.mozilla.org/releases/mozilla-esr91/rev/cee76519645b (regression)

https://hg.mozilla.org/releases/mozilla-esr91/rev/b6173cd78c9d522f2e3257c408933db4f9cedc13 (NSS) https://hg.mozilla.org/releases/mozilla-esr91/rev/45d3fd63bd24f66072a16d23fefc01c3c68a0bb1 https://bugzilla.mozilla.org/show_bug.cgi?id=1719150 https://hg.mozilla.org/releases/mozilla-esr91/rev/b2ce3f908336fe51762dfcea6c4f950841e174d5 https://hg.mozilla.org/releases/mozilla-esr91/rev/3eef2fe29d57c10fb53bab5000c948ee82b82c5e https://hg.mozilla.org/releases/mozilla-esr91/rev/ec4389b44990 (OS X specific, may help with our widget weirdness) https://hg.mozilla.org/releases/mozilla-esr91/rev/d350a75e651733f936836057c59a4e8f63a1d266 https://hg.mozilla.org/releases/mozilla-esr91/rev/da53bf5bac5da0dbc69fa6ec8c01afeaf187829a https://hg.mozilla.org/releases/mozilla-esr91/rev/bd4d7d89779a2299d2b0e00049d951956f5a8735 https://hg.mozilla.org/releases/mozilla-esr91/rev/4b0d941ab1a32ee34cd62086aca5102a154cf1a4 (low priority) https://hg.mozilla.org/releases/mozilla-esr91/rev/daa65d44963e88bcc4c4c295aa54116560087e5d

roytam1 commented 2 years ago

maybe also https://hg.mozilla.org/projects/nss/rev/7d4f221b1fffcad72b18175b89e4d310307277ef for accessing microsoft.com

classilla commented 2 years ago

https://hg.mozilla.org/releases/mozilla-esr91/rev/aecc104f3229 https://hg.mozilla.org/releases/mozilla-esr91/rev/0fdb433668d85d55fd8616a35da6744932d43816 https://hg.mozilla.org/releases/mozilla-esr91/rev/0592ba15e779a54d0c40c2cf72c25f2875a77dcd https://hg.mozilla.org/releases/mozilla-esr91/rev/a582903d08214edb92209a63768ed783245e3546 ???

classilla commented 2 years ago

Dropped for not relevant: https://hg.mozilla.org/releases/mozilla-esr91/rev/45d3fd63bd24f66072a16d23fefc01c3c68a0bb1 https://hg.mozilla.org/releases/mozilla-esr91/rev/ba2641b50a76 (M1719150) https://hg.mozilla.org/releases/mozilla-esr91/rev/b2ce3f908336fe51762dfcea6c4f950841e174d5 https://hg.mozilla.org/releases/mozilla-esr91/rev/3eef2fe29d57c10fb53bab5000c948ee82b82c5e https://hg.mozilla.org/releases/mozilla-esr91/rev/0fdb433668d85d55fd8616a35da6744932d43816 https://hg.mozilla.org/releases/mozilla-esr91/rev/a582903d08214edb92209a63768ed783245e3546

Dropped to reconsider: https://hg.mozilla.org/releases/mozilla-esr91/rev/0592ba15e779a54d0c40c2cf72c25f2875a77dcd

roytam1 commented 2 years ago

maybe also https://hg.mozilla.org/projects/nss/rev/7d4f221b1fffcad72b18175b89e4d310307277ef for accessing microsoft.com

regarding rev fd2b82f13ad0ccf943bb0f03c0c2a8dffa0e1f47 , security/pkix need same fix as well.

classilla commented 2 years ago

Moar candidates. Through 4f04e2ff2289d04791cbe08b6b385d1a5eef350d

https://hg.mozilla.org/releases/mozilla-esr91/rev/5a03174e6432045adcc57d5ec545519c2e4981f2 https://hg.mozilla.org/releases/mozilla-esr91/rev/d39b3f8cdf1eb4d946d2084d4ce0bf1f101c7e9a (to dom/media/MP3Demuxer.cpp) https://hg.mozilla.org/releases/mozilla-esr91/rev/e47b5b8be2786fd0d7be288ee471a58840fd345a https://hg.mozilla.org/releases/mozilla-esr91/rev/0568371e8077958b2d3ef3c6d84c7ee920448d6b https://hg.mozilla.org/releases/mozilla-esr91/rev/7310b48db9839e0d1a7c78bc35b84dc21f125fea https://hg.mozilla.org/releases/mozilla-esr91/rev/24f825282ceac2a85f7f86f7c34224000f17beec vs https://hg.mozilla.org/releases/mozilla-esr91/rev/de8c6a1ba2c7f6003e795e63647f6ca1d3caccb0 plus backbugs https://hg.mozilla.org/releases/mozilla-esr91/rev/f8c4d04f3a4ec233dbba71ec36a1b942b9213dd0 for completeness even though it is effectively no-op

Also look at https://bugzilla.mozilla.org/show_bug.cgi?id=1543191 based on https://hg.mozilla.org/releases/mozilla-esr91/rev/d50dfa8274c2a11e4e4ec25888cebd38439a92c2

Haven't decided about https://hg.mozilla.org/releases/mozilla-esr91/rev/4f04e2ff2289d04791cbe08b6b385d1a5eef350d . May be better just to fix call sites.

roytam1 commented 2 years ago

XSLT: https://hg.mozilla.org/releases/mozilla-esr91/rev/153b3922a318fdbd7f5cc9e9e2ec8d7d4eb8aa44

expat: https://hg.mozilla.org/releases/mozilla-esr91/rev/c084e1e90301ca414be9dee690a3ca9ebc2a0a0e https://hg.mozilla.org/releases/mozilla-esr91/rev/1ff49f5abe2f44fb90250abac9e71204e1e55ea2 https://hg.mozilla.org/releases/mozilla-esr91/rev/4a180bbf2d1b4114f66be985e35e2642a902aa19

for CVE-2022-26485

EDIT: ported to my tree: https://github.com/roytam1/mozilla45esr/commit/ab2c4b048d22fcb77f5df4f44d78b3655c99cc17

classilla commented 2 years ago

https://hg.mozilla.org/releases/mozilla-esr91/rev/3b54d6b5407fca03efdb2e2f57a9838498e0d038 (and backbug on aRead = 0) https://hg.mozilla.org/releases/mozilla-esr91/diff/d8503523b4cc610ec3bade0787f200afdef738e6/security/nss/lib/pki/trustdomain.c (simplify, we don't need all the (void) casts) https://hg.mozilla.org/releases/mozilla-esr91/rev/d6b476cadd24b6e845de7853a19e71ba62c8a58d Not sure if this actually fixes anything, but it seems "right": https://hg.mozilla.org/mozilla-central/rev/d8b66c3db775

Finally, add the DoubleCondition branch fix discovered on the POWER9 JIT, and look to see if the f32 bailout problem affects us as well.

We also need to wholesale pull-up modules/zlib to get bug 1761799. That might be a little later.

classilla commented 2 years ago

After testing, the DoubleCondition branch fix seems to go into an infinite loop on some sites, so deferring that; the branching code is somewhat different. But it does have the F32 bailout problem, and fixing that seems to stick.

classilla commented 1 year ago

ESR91 rollup through 54db1a154eb727e00d7911d10dca0ef47bb72599

modified https://hg.mozilla.org/releases/mozilla-esr91/rev/ef64358e527c39caf3f301a76d1c8ce692e34131 (we do have IsScriptEnabled())

https://hg.mozilla.org/releases/mozilla-esr91/rev/e70578598718b5b263d6a88bec3c1deccbb82e4a needs backbugs from https://bugzilla.mozilla.org/show_bug.cgi?id=1714081 (specifically https://hg.mozilla.org/releases/mozilla-esr91/annotate/e70578598718b5b263d6a88bec3c1deccbb82e4a/gfx/2d/BaseRect.h#l131

with changes https://hg.mozilla.org/releases/mozilla-esr91/rev/dddc25fd9e036de7730025f86a6c426e77d9c330

https://hg.mozilla.org/releases/mozilla-esr91/rev/60a5196e74adada73150e6519d57ffca3eccd94c as MOZ_RELEASE_ASSERT()s

https://hg.mozilla.org/releases/mozilla-esr91/rev/7ac9b20c412b4641bd732e789a3be532fe3d4c43

https://hg.mozilla.org/releases/mozilla-esr91/rev/2f6ff5dba74d0eef844239f72412c039dabc97bc (create new URI from spec, then use manual SetQuery and SetRef)

https://hg.mozilla.org/releases/mozilla-esr91/rev/b40d2204f6ce6174b6aad942332acdcfabb4e0f4 (JS)

This seems very extensive https://hg.mozilla.org/releases/mozilla-esr91/rev/7d69277b335be5a5076e21c0fe9b73e85677e7ff

classilla commented 1 year ago

EV roots: update /security/certverifier/ExtendedValidation.cpp to 102 update /security/nss/lib/ckfw/builtins/certdata.txt to 102 add fx102 key to user agents update STS preload script and upcert scripts set CLOBBER

classilla commented 1 year ago

Through b07b4373ed3f7b392b2457b535c953176491de7b

https://hg.mozilla.org/releases/mozilla-esr102/rev/7b43b4ab4275 (different files in dom/html, note nsCOMPtr versions of CSP objects) https://hg.mozilla.org/releases/mozilla-esr102/rev/80ecb3c8668b to nsCookieService.cpp https://hg.mozilla.org/releases/mozilla-esr102/rev/084a542649289e7f4ad7636e24bb6588b1c2c63a target[size] to target[written] (readlink is called in two places but only one is wrong) https://hg.mozilla.org/releases/mozilla-esr102/rev/c8dab52e2ead50f94859600571b48d9ac491c854 (we do have nsCCharSeparatedTokenizer, definitely want Xhr portion) (separate patch) https://hg.mozilla.org/releases/mozilla-esr102/rev/bedc23ef1e13 (applies cleanly) https://hg.mozilla.org/releases/mozilla-esr102/rev/b8cf39722afa (applies cleanly) https://hg.mozilla.org/releases/mozilla-esr102/rev/47feff550f43 (applies cleanly) https://hg.mozilla.org/releases/mozilla-esr102/rev/9968c9743e6aa71d64fefb57aff9242bebb801d9 https://hg.mozilla.org/releases/mozilla-esr102/rev/db6a4af87843519ecf8ce9d1285e38fafc484181 (nsPresShell.cpp:6599) https://hg.mozilla.org/releases/mozilla-esr102/rev/f9180d5446f2b219dc06f2eafc3e14e987266f7a (add the new *loc entries to xpcom/io/nsLocalFileUnix.cpp) https://hg.mozilla.org/releases/mozilla-esr102/rev/a6a77bf24308ab50226595c7623ff47c6bd606c3 (in dom/base)

deferred :: https://hg.mozilla.org/releases/mozilla-esr102/rev/a4167befb70526e788c4eba9ee12925c764d40a0 needs plumbing apparently but we might want it :: I don't think we're affected by https://hg.mozilla.org/releases/mozilla-esr102/rev/db9a92d5466c11e09d0e0c9a2813df175e7c7d42 but marking here for future check when the bug is open. :: https://hg.mozilla.org/releases/mozilla-esr102/rev/c581112d97d4 if testcase https://bugzilla.mozilla.org/show_bug.cgi?id=1787633 generates debug assert (probably separate patch) :: not sure what https://hg.mozilla.org/releases/mozilla-esr102/rev/48049cc5b3a854e027d8e3812fcaa07ec3670443 is fixing :: not sure what https://hg.mozilla.org/releases/mozilla-esr102/rev/69926147e2c52ccd18f99944370ab6e6c3870077 is fixing, we go through the queue twice

classilla commented 1 year ago

Deciding to defer https://hg.mozilla.org/releases/mozilla-esr102/rev/7b43b4ab4275 and https://hg.mozilla.org/releases/mozilla-esr102/rev/c8dab52e2ead50f94859600571b48d9ac491c854 to next ESR/clobber.