Request 897726 (accepted)

This request supersedes: request 897528 (Show diff)

Overview

Request 897726 accepted

- Mozilla Firefox 89.0
* UI redesign
* The Event Timing API is now supported
* The CSS forced-colors media query is now supported
MFSA 2021-23 (bsc#1186696)
* CVE-2021-29965 (bmo#1709257)
Password Manager on Firefox for Android susceptible to domain
spoofing
* CVE-2021-29960 (bmo#1675965)
Filenames printed from private browsing mode incorrectly
retained in preferences
* CVE-2021-29961 (bmo#1700235)
Firefox UI spoof using `` elements and CSS scaling
* CVE-2021-29963 (bmo#1705068)
Shared cookies for search suggestions in private browsing mode
* CVE-2021-29964 (bmo#1706501)
Out of bounds-read when parsing a `WM_COPYDATA` message
* CVE-2021-29959 (bmo#1395819)
Devices could be re-enabled without additional permission prompt
* CVE-2021-29962 (bmo#1701673)
No rate-limiting for popups on Firefox for Android
* CVE-2021-29967 (bmo#1602862, bmo#1703191, bmo#1703760,
bmo#1704722, bmo#1706041)
Memory safety bugs fixed in Firefox 89 and Firefox ESR 78.11
* CVE-2021-29966 (bmo#1660307, bmo#1686154, bmo#1702948, bmo#1708124)
Memory safety bugs fixed in Firefox 89
- require
NSS >= 3.64
rust-cbindgen >= 0.19.0
- do not rely on nodejs10 packagename anymore

Created by wrosenauer almost 3 years ago
In state accepted
Supersedes 897528

Submit MozillaFirefox

Comments for request 897726 3
Comments for request 897528 8

Hans-Peter Jansen (frispete) - almost 3 years ago

Dear Wolfgang,

I just wanted to let you know, that this release suffers from a significant performance regression relative to 88.0.1 here.

This is a traditional X based desktop with admittedly rather heavy (some may call this pathological) firefox setup. Let's say, I have many windows open, each with many tabs.

The effect is, that switching between windows creates huge lags, during which Xorg.bin(!) is under fire. Also memory allocation went through the roof (11.9G of 64G, Ryzen 9, NVidia).

Switched swap off, and still it lags. Selecting a room in meet.opensuse.org takes 15 secs, enabling the camera 2, joining the selected room another 15, switching back to this window 15, during which the video frame rate drops to ~0.2 (eg. a new video frame every 5 secs). It looks like something is serializing all X calls and the js engine, now. If you feel like it, I can show you this live.

Will revert to 88.0.1-2.3 now (hopefully, they didn't migrated the databases to a new layout between these versions (again)).

Wolfgang Rosenauer (wrosenauer) - almost 3 years ago

author source maintainer

I'm on TW with Xfce and Gnome (different machines) w/o wayland and I don't see what you are describing. This could be anything incl. nvidia related. I would propose to open a bugreport first. Just not sure if we are able to find the issue. One thing which changed is that this release switched from gcc to clang and we had to turn off LTO/PGO due to toolchain issues. I never noticed such a noticable impact caused by this though.

Hans-Peter Jansen (frispete) - almost 3 years ago

[rewritten, because OBS login lost, and firefox has thrown away the almost finished text]

Not many users hit firefox as hard as me.

For the record, reverting MozillaFirefox-88.0.1-2.3.x86_64, MozillaFirefox-translations-common-88.0.1-2.2.x86_64 and restoring Monday's backup ~/.mozilla/firefox fixed things for me.

firefox responsiveness is back to normal, same setup +/- one or two windows, Xorg contention disappeared completely, memory allocation after about a day (~8G) seems a lot lower than with v89.

So, yes, v89 is completely messed up from my POV. I cannot imagine, that changing the compiler makes such a big difference. I would expect significant differences in a prominent layer, like Javascript, X/Wayland integration being the cause for such a change. If you have some more ideas, let me know, please.

I will record an upstream issue and let's see, what that results in.

https://bugzilla.mozilla.org/show_bug.cgi?id=1716989

Dominique Leuenberger (dimstar) - almost 3 years ago

reviewer

https://build.opensuse.org/packages/MozillaFirefox/job_history/mozilla:Factory/openSUSE_Factory/x86_64

That does not look promising

Dominique Leuenberger (dimstar) - almost 3 years ago

reviewer

[  227s]  1:51.82 /home/abuild/rpmbuild/BUILD/obj/dist/include/nsTHashtable.h:317:27: error: no matching function for call to ‘nsTHashtable<detail::VoidPtrHashKey>::WithEntryHandle(const void*&, const fallible_t&, nsTHashtable<detail::VoidPtrHashKey>::PutEntry(nsTHashtable<detail::VoidPtrHashKey>::KeyType, const fallible_t&)::<lambda(auto:7)>)’

Wolfgang Rosenauer (wrosenauer) - almost 3 years ago

author source maintainer

Hmm, the first build after the source change worked. So is there a way to find out what changed between 1st and 2nd build?

Dominique Leuenberger (dimstar) - almost 3 years ago

reviewer

not straight forward - after the first failure osc triggerreason would have given away what the meta change was to rebuild the package.

I 'think' by exploring the content of the _builenv https://build.opensuse.org/package/binary/download/mozilla:Factory/MozillaFirefox/openSUSE_Factory/x86_64/_buildenv vs osc buildinfo we should be able to identify some changes

Dominique Leuenberger (dimstar) - almost 3 years ago

reviewer

The most notable difference is gcc10 vs gcc11

Ismail Dönmez (namtrac) - almost 3 years ago

Looks like a GCC bug: https://bugs.gentoo.org/792705#c2

Wolfgang Rosenauer (wrosenauer) - almost 3 years ago

author source maintainer

Thanks. Nice though that TW/x86_64 is the only platform which still uses gcc. The others had to switch to clang before but TW/x86_64 had build issues before with clang. So for completeness trying clang now.

Wolfgang Rosenauer (wrosenauer) - almost 3 years ago

author source maintainer

The clang build fails because of https://bugs.llvm.org/show_bug.cgi?id=47872 Now trying to build with clang but w/o LTO to get something out of the door if possible.