# HG changeset patch # User Wolfgang Rosenauer # Date 1458038834 -3600 # Node ID 47f0968a649196ae63eebe1533fb2c183e3e792a # Parent 2fa2f92f6f37864d6a915123c579f0bec5d59ac2 38.7.0 release diff -r 2fa2f92f6f37 -r 47f0968a6491 MozillaFirefox/MozillaFirefox.changes --- a/MozillaFirefox/MozillaFirefox.changes Sat Dec 19 17:36:33 2015 +0100 +++ b/MozillaFirefox/MozillaFirefox.changes Tue Mar 15 11:47:14 2016 +0100 @@ -1,4 +1,59 @@ ------------------------------------------------------------------- +Tue Mar 8 06:58:55 UTC 2016 - wr@rosenauer.org + +- update to Firefox 38.7.0 (boo#969894) + * MFSA 2015-81/CVE-2015-4477 (bmo#1179484) + Use-after-free in MediaStream playback + * MFSA 2015-136/CVE-2015-7207 (bmo#1185256) + Same-origin policy violation using performance.getEntries and + history navigation + * MFSA 2016-16/CVE-2016-1952 + Miscellaneous memory safety hazards + * MFSA 2016-17/CVE-2016-1954 (bmo#1243178) + Local file overwriting and potential privilege escalation through + CSP reports + * MFSA 2016-20/CVE-2016-1957 (bmo#1227052) + Memory leak in libstagefright when deleting an array during MP4 + processing + * MFSA 2016-21/CVE-2016-1958 (bmo#1228754) + Displayed page address can be overridden + * MFSA 2016-23/CVE-2016-1960/ZDI-CAN-3545 (bmo#1246014) + Use-after-free in HTML5 string parser + * MFSA 2016-24/CVE-2016-1961/ZDI-CAN-3574 (bmo#1249377) + Use-after-free in SetBody + * MFSA 2016-25/CVE-2016-1962 (bmo#1240760) + Use-after-free when using multiple WebRTC data channels + * MFSA 2016-27/CVE-2016-1964 (bmo#1243335) + Use-after-free during XML transformations + * MFSA 2016-28/CVE-2016-1965 (bmo#1245264) + Addressbar spoofing though history navigation and Location protocol + property + * MFSA 2016-31/CVE-2016-1966 (bmo#1246054) + Memory corruption with malicious NPAPI plugin + * MFSA 2016-34/CVE-2016-1974 (bmo#1228103) + Out-of-bounds read in HTML parser following a failed allocation + * MFSA 2016-37/CVE-2016-1977/CVE-2016-2790/CVE-2016-2791/ + CVE-2016-2792/CVE-2016-2793/CVE-2016-2794/CVE-2016-2795/ + CVE-2016-2796/CVE-2016-2797/CVE-2016-2798/CVE-2016-2799/ + CVE-2016-2800/CVE-2016-2801/CVE-2016-2802 + Font vulnerabilities in the Graphite 2 library + +------------------------------------------------------------------- +Mon Jan 25 10:29:11 UTC 2016 - wr@rosenauer.org + +- update to Firefox 38.6.0esr (boo#963520) + * MFSA 2016-01/CVE-2016-1930 + Miscellaneous memory safety hazards + * MFSA 2016-03/CVE-2016-1935 (bmo#1220450) + Buffer overflow in WebGL after out of memory allocation + +------------------------------------------------------------------- +Tue Dec 29 20:43:18 UTC 2015 - wr@rosenauer.org + +- update to Firefox 38.5.2 +- some spec file changes to support 11.4 again + +------------------------------------------------------------------- Sat Dec 12 09:09:25 UTC 2015 - wr@rosenauer.org - update to Firefox 38.5.0 (bnc#959277) diff -r 2fa2f92f6f37 -r 47f0968a6491 MozillaFirefox/MozillaFirefox.spec --- a/MozillaFirefox/MozillaFirefox.spec Sat Dec 19 17:36:33 2015 +0100 +++ b/MozillaFirefox/MozillaFirefox.spec Tue Mar 15 11:47:14 2016 +0100 @@ -2,7 +2,7 @@ # spec file for package MozillaFirefox # # Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany. -# 2006-2015 Wolfgang Rosenauer +# 2006-2016 Wolfgang Rosenauer # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -19,9 +19,9 @@ # changed with every update %define major 38 -%define mainver %major.5.0 +%define mainver %major.7.0 %define update_channel esr38 -%define releasedate 2015121000 +%define releasedate 2016030700 # general build definitions %if "%{update_channel}" != "aurora" @@ -75,7 +75,9 @@ BuildRequires: libiw-devel BuildRequires: libnotify-devel BuildRequires: libproxy-devel +%if 0%{?suse_version} > 1140 BuildRequires: makeinfo +%endif BuildRequires: mozilla-nspr-devel >= 4.10.10 BuildRequires: mozilla-nss-devel >= 3.19.2.1 BuildRequires: nss-shared-helper-devel @@ -84,6 +86,7 @@ BuildRequires: unzip BuildRequires: update-desktop-files BuildRequires: xorg-x11-libXt-devel +BuildRequires: xz BuildRequires: yasm BuildRequires: zip BuildRequires: pkgconfig(gstreamer-%gstreamer_ver) diff -r 2fa2f92f6f37 -r 47f0968a6491 MozillaFirefox/create-tar.sh --- a/MozillaFirefox/create-tar.sh Sat Dec 19 17:36:33 2015 +0100 +++ b/MozillaFirefox/create-tar.sh Tue Mar 15 11:47:14 2016 +0100 @@ -2,8 +2,8 @@ CHANNEL="esr38" BRANCH="releases/mozilla-$CHANNEL" -RELEASE_TAG="FIREFOX_38_5_0esr_RELEASE" -VERSION="38.5.0" +RELEASE_TAG="FIREFOX_38_7_0esr_RELEASE" +VERSION="38.7.0" # mozilla if [ -d mozilla ]; then diff -r 2fa2f92f6f37 -r 47f0968a6491 MozillaFirefox/firefox-esr.changes --- a/MozillaFirefox/firefox-esr.changes Sat Dec 19 17:36:33 2015 +0100 +++ b/MozillaFirefox/firefox-esr.changes Tue Mar 15 11:47:14 2016 +0100 @@ -1,7 +1,78 @@ ------------------------------------------------------------------- +Tue Mar 8 06:58:55 UTC 2016 - wr@rosenauer.org + +- update to Firefox 38.7.0 (boo#969894) + * MFSA 2015-81/CVE-2015-4477 (bmo#1179484) + Use-after-free in MediaStream playback + * MFSA 2015-136/CVE-2015-7207 (bmo#1185256) + Same-origin policy violation using performance.getEntries and + history navigation + * MFSA 2016-16/CVE-2016-1952 + Miscellaneous memory safety hazards + * MFSA 2016-17/CVE-2016-1954 (bmo#1243178) + Local file overwriting and potential privilege escalation through + CSP reports + * MFSA 2016-20/CVE-2016-1957 (bmo#1227052) + Memory leak in libstagefright when deleting an array during MP4 + processing + * MFSA 2016-21/CVE-2016-1958 (bmo#1228754) + Displayed page address can be overridden + * MFSA 2016-23/CVE-2016-1960/ZDI-CAN-3545 (bmo#1246014) + Use-after-free in HTML5 string parser + * MFSA 2016-24/CVE-2016-1961/ZDI-CAN-3574 (bmo#1249377) + Use-after-free in SetBody + * MFSA 2016-25/CVE-2016-1962 (bmo#1240760) + Use-after-free when using multiple WebRTC data channels + * MFSA 2016-27/CVE-2016-1964 (bmo#1243335) + Use-after-free during XML transformations + * MFSA 2016-28/CVE-2016-1965 (bmo#1245264) + Addressbar spoofing though history navigation and Location protocol + property + * MFSA 2016-31/CVE-2016-1966 (bmo#1246054) + Memory corruption with malicious NPAPI plugin + * MFSA 2016-34/CVE-2016-1974 (bmo#1228103) + Out-of-bounds read in HTML parser following a failed allocation + * MFSA 2016-37/CVE-2016-1977/CVE-2016-2790/CVE-2016-2791/ + CVE-2016-2792/CVE-2016-2793/CVE-2016-2794/CVE-2016-2795/ + CVE-2016-2796/CVE-2016-2797/CVE-2016-2798/CVE-2016-2799/ + CVE-2016-2800/CVE-2016-2801/CVE-2016-2802 + Font vulnerabilities in the Graphite 2 library + +------------------------------------------------------------------- +Mon Jan 25 10:29:11 UTC 2016 - wr@rosenauer.org + +- update to Firefox 38.6.0esr (boo#963520) + * MFSA 2016-01/CVE-2016-1930 + Miscellaneous memory safety hazards + * MFSA 2016-03/CVE-2016-1935 (bmo#1220450) + Buffer overflow in WebGL after out of memory allocation + +------------------------------------------------------------------- +Tue Dec 29 20:43:18 UTC 2015 - wr@rosenauer.org + +- update to Firefox 38.5.2 +- some spec file changes to support 11.4 again + +------------------------------------------------------------------- Sat Dec 12 09:09:25 UTC 2015 - wr@rosenauer.org -- update to Firefox 38.5.0 (bnc#) +- update to Firefox 38.5.0 (bnc#959277) + * MFSA 2015-134/CVE-2015-7201 + Miscellaneous memory safety hazards + * MFSA 2015-138/CVE-2015-7210 (bmo#1218326) + Use-after-free in WebRTC when datachannel is used after being + destroyed + * MFSA 2015-139/CVE-2015-7212 (bmo#1222809) + Integer overflow allocating extremely large textures + * MFSA 2015-145/CVE-2015-7205 (bmo#1220493) + Underflow through code inspection + * MFSA 2015-146/CVE-2015-7213 (bmo#1206211) + Integer overflow in MP4 playback in 64-bit versions + * MFSA 2015-147/CVE-2015-7222 (bmo#1216748) + Integer underflow and buffer overflow processing MP4 metadata in + libstagefright + * MFSA 2015-149/CVE-2015-7214 (bmo#1228950) + Cross-site reading attack through data and view-source URIs ------------------------------------------------------------------- Fri Oct 30 21:31:52 UTC 2015 - wr@rosenauer.org diff -r 2fa2f92f6f37 -r 47f0968a6491 MozillaFirefox/firefox-esr.spec --- a/MozillaFirefox/firefox-esr.spec Sat Dec 19 17:36:33 2015 +0100 +++ b/MozillaFirefox/firefox-esr.spec Tue Mar 15 11:47:14 2016 +0100 @@ -1,8 +1,8 @@ # # spec file for package firefox-esr # -# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany. -# 2006-2015 Wolfgang Rosenauer +# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany. +# 2006-2016 Wolfgang Rosenauer # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -19,9 +19,9 @@ # changed with every update %define major 38 -%define mainver %major.5.0 +%define mainver %major.7.0 %define update_channel esr38 -%define releasedate 2015121000 +%define releasedate 2016030700 # general build definitions %if "%{update_channel}" != "aurora" @@ -75,7 +75,9 @@ BuildRequires: libiw-devel BuildRequires: libnotify-devel BuildRequires: libproxy-devel +%if 0%{?suse_version} > 1140 BuildRequires: makeinfo +%endif BuildRequires: mozilla-nspr-devel >= 4.10.10 BuildRequires: mozilla-nss-devel >= 3.19.2.1 BuildRequires: nss-shared-helper-devel @@ -84,6 +86,7 @@ BuildRequires: unzip BuildRequires: update-desktop-files BuildRequires: xorg-x11-libXt-devel +BuildRequires: xz BuildRequires: yasm BuildRequires: zip BuildRequires: pkgconfig(gstreamer-%gstreamer_ver)