# HG changeset patch # User Wolfgang Rosenauer # Date 1493401773 -7200 # Node ID 8d48ef5efb599e1840ab7636c041359430401ee2 # Parent 5581eb3d07e1bf5e640527a203de1213f44531d2 52.1.0 including esr variants and proper changelogs diff -r 5581eb3d07e1 -r 8d48ef5efb59 MozillaFirefox/MozillaFirefox.changes --- a/MozillaFirefox/MozillaFirefox.changes Fri Apr 28 19:40:59 2017 +0200 +++ b/MozillaFirefox/MozillaFirefox.changes Fri Apr 28 19:49:33 2017 +0200 @@ -1,7 +1,80 @@ ------------------------------------------------------------------- Wed Apr 12 21:43:16 UTC 2017 - wr@rosenauer.org -- update to Firefox 52.1.0esr +- update to Firefox 52.1.0esr (boo#1035082) + MFSA 2017-12 + * CVE-2017-5443 (bmo#1342661) + Out-of-bounds write during BinHex decoding + * CVE-2017-5429 (bmo#1341096, bmo#1342823, bmo#1343261, bmo#1348894, + bmo#1348941, bmo#1349340, bmo#1350844, bmo#1352926, bmo#1353088) + Memory safety bugs fixed in Firefox 53, Firefox ESR 45.9, and + Firefox ESR 52.1 + * CVE-2017-5464 (bmo#1347075) + Memory corruption with accessibility and DOM manipulation + * CVE-2017-5465 (bmo#1347617) + Out-of-bounds read in ConvolvePixel + * CVE-2017-5466 (bmo#1353975) + Origin confusion when reloading isolated data:text/html URL + * CVE-2017-5467 (bmo#1347262) + Memory corruption when drawing Skia content + * CVE-2017-5460 (bmo#1343642) + Use-after-free in frame selection + * CVE-2017-5461 (bmo#1344380) + Out-of-bounds write in Base64 encoding in NSS + * CVE-2017-5448 (bmo#1346648) + Out-of-bounds write in ClearKeyDecryptor + * CVE-2017-5449 (bmo#1340127) + Crash during bidirectional unicode manipulation with animation + * CVE-2017-5446 (bmo#1343505) + Out-of-bounds read when HTTP/2 DATA frames are sent with incorrect data + * CVE-2017-5447 (bmo#1343552) + Out-of-bounds read during glyph processing + * CVE-2017-5444 (bmo#1344461) + Buffer overflow while parsing application/http-index-format content + * CVE-2017-5445 (bmo#1344467) + Uninitialized values used while parsing application/http-index-format + content + * CVE-2017-5442 (bmo#1347979) + Use-after-free during style changes + * CVE-2017-5469 (bmo#1292534) + Potential Buffer overflow in flex-generated code + * CVE-2017-5440 (bmo#1336832) + Use-after-free in txExecutionState destructor during XSLT processing + * CVE-2017-5441 (bmo#1343795) + Use-after-free with selection during scroll events + * CVE-2017-5439 (bmo#1336830) + Use-after-free in nsTArray Length() during XSLT processing + * CVE-2017-5438 (bmo#1336828) + Use-after-free in nsAutoPtr during XSLT processing + * CVE-2017-5437 (bmo#1343453) + Vulnerabilities in Libevent library + * CVE-2017-5436 (bmo#1345461) + Out-of-bounds write with malicious font in Graphite 2 + * CVE-2017-5435 (bmo#1350683) + Use-after-free during transaction processing in the editor + * CVE-2017-5434 (bmo#1349946) + Use-after-free during focus handling + * CVE-2017-5433 (bmo#1347168) + Use-after-free in SMIL animation functions + * CVE-2017-5432 (bmo#1346654) + Use-after-free in text input selection + * CVE-2017-5430 (bmo#1329796, bmo#1337418, bmo#1339722, bmo#1340482, + bmo#1342101, bmo#1344081, bmo#1344305, bmo#1344686, bmo#1346140, + bmo#1346419, bmo#1348143, bmo#1349621, bmo#1349719, bmo#1353476) + Memory safety bugs fixed in Firefox 53 and Firefox ESR 52.1 + * CVE-2017-5459 (bmo#1333858) + Buffer overflow in WebGL + * CVE-2017-5462 (bmo#1345089) + DRBG flaw in NSS + * CVE-2017-5455 (bmo#1341191) + Sandbox escape through internal feed reader APIs + * CVE-2017-5454 (bmo#1349276) + Sandbox escape allowing file system read access through file + picker + * CVE-2017-5456 (bmo#1344415) + Sandbox escape allowing local file system access + * CVE-2017-5451 (bmo#1273537) + Addressbar spoofing with onblur event - requires NSS 3.28.4 - rebased patches diff -r 5581eb3d07e1 -r 8d48ef5efb59 MozillaFirefox/MozillaFirefox.spec --- a/MozillaFirefox/MozillaFirefox.spec Fri Apr 28 19:40:59 2017 +0200 +++ b/MozillaFirefox/MozillaFirefox.spec Fri Apr 28 19:49:33 2017 +0200 @@ -91,8 +91,8 @@ BuildRequires: xorg-x11-libXt-devel BuildRequires: yasm BuildRequires: zip +BuildRequires: pkgconfig(libffi) BuildRequires: pkgconfig(libpulse) -BuildRequires: pkgconfig(libffi) %if 0%{?firefox_use_gtk3} BuildRequires: pkgconfig(glib-2.0) BuildRequires: pkgconfig(gobject-2.0) diff -r 5581eb3d07e1 -r 8d48ef5efb59 MozillaFirefox/create-tar.sh --- a/MozillaFirefox/create-tar.sh Fri Apr 28 19:40:59 2017 +0200 +++ b/MozillaFirefox/create-tar.sh Fri Apr 28 19:49:33 2017 +0200 @@ -7,7 +7,7 @@ CHANNEL="esr52" BRANCH="releases/mozilla-$CHANNEL" -RELEASE_TAG="aaa0bba23803d2fcf283040f123915cf98a7eef0" +RELEASE_TAG="3ea0e075203185d7f2d42f439455e97735bd1b20" VERSION="52.1.0" # mozilla diff -r 5581eb3d07e1 -r 8d48ef5efb59 MozillaFirefox/firefox-esr.changes --- a/MozillaFirefox/firefox-esr.changes Fri Apr 28 19:40:59 2017 +0200 +++ b/MozillaFirefox/firefox-esr.changes Fri Apr 28 19:49:33 2017 +0200 @@ -1,7 +1,80 @@ ------------------------------------------------------------------- -Mon Apr 17 07:05:43 UTC 2017 - wr@rosenauer.org - -- update to Firefox 52.1.0esr +Wed Apr 12 21:43:16 UTC 2017 - wr@rosenauer.org + +- update to Firefox 52.1.0esr (boo#1035082) + MFSA 2017-12 + * CVE-2017-5443 (bmo#1342661) + Out-of-bounds write during BinHex decoding + * CVE-2017-5429 (bmo#1341096, bmo#1342823, bmo#1343261, bmo#1348894, + bmo#1348941, bmo#1349340, bmo#1350844, bmo#1352926, bmo#1353088) + Memory safety bugs fixed in Firefox 53, Firefox ESR 45.9, and + Firefox ESR 52.1 + * CVE-2017-5464 (bmo#1347075) + Memory corruption with accessibility and DOM manipulation + * CVE-2017-5465 (bmo#1347617) + Out-of-bounds read in ConvolvePixel + * CVE-2017-5466 (bmo#1353975) + Origin confusion when reloading isolated data:text/html URL + * CVE-2017-5467 (bmo#1347262) + Memory corruption when drawing Skia content + * CVE-2017-5460 (bmo#1343642) + Use-after-free in frame selection + * CVE-2017-5461 (bmo#1344380) + Out-of-bounds write in Base64 encoding in NSS + * CVE-2017-5448 (bmo#1346648) + Out-of-bounds write in ClearKeyDecryptor + * CVE-2017-5449 (bmo#1340127) + Crash during bidirectional unicode manipulation with animation + * CVE-2017-5446 (bmo#1343505) + Out-of-bounds read when HTTP/2 DATA frames are sent with incorrect data + * CVE-2017-5447 (bmo#1343552) + Out-of-bounds read during glyph processing + * CVE-2017-5444 (bmo#1344461) + Buffer overflow while parsing application/http-index-format content + * CVE-2017-5445 (bmo#1344467) + Uninitialized values used while parsing application/http-index-format + content + * CVE-2017-5442 (bmo#1347979) + Use-after-free during style changes + * CVE-2017-5469 (bmo#1292534) + Potential Buffer overflow in flex-generated code + * CVE-2017-5440 (bmo#1336832) + Use-after-free in txExecutionState destructor during XSLT processing + * CVE-2017-5441 (bmo#1343795) + Use-after-free with selection during scroll events + * CVE-2017-5439 (bmo#1336830) + Use-after-free in nsTArray Length() during XSLT processing + * CVE-2017-5438 (bmo#1336828) + Use-after-free in nsAutoPtr during XSLT processing + * CVE-2017-5437 (bmo#1343453) + Vulnerabilities in Libevent library + * CVE-2017-5436 (bmo#1345461) + Out-of-bounds write with malicious font in Graphite 2 + * CVE-2017-5435 (bmo#1350683) + Use-after-free during transaction processing in the editor + * CVE-2017-5434 (bmo#1349946) + Use-after-free during focus handling + * CVE-2017-5433 (bmo#1347168) + Use-after-free in SMIL animation functions + * CVE-2017-5432 (bmo#1346654) + Use-after-free in text input selection + * CVE-2017-5430 (bmo#1329796, bmo#1337418, bmo#1339722, bmo#1340482, + bmo#1342101, bmo#1344081, bmo#1344305, bmo#1344686, bmo#1346140, + bmo#1346419, bmo#1348143, bmo#1349621, bmo#1349719, bmo#1353476) + Memory safety bugs fixed in Firefox 53 and Firefox ESR 52.1 + * CVE-2017-5459 (bmo#1333858) + Buffer overflow in WebGL + * CVE-2017-5462 (bmo#1345089) + DRBG flaw in NSS + * CVE-2017-5455 (bmo#1341191) + Sandbox escape through internal feed reader APIs + * CVE-2017-5454 (bmo#1349276) + Sandbox escape allowing file system read access through file + picker + * CVE-2017-5456 (bmo#1344415) + Sandbox escape allowing local file system access + * CVE-2017-5451 (bmo#1273537) + Addressbar spoofing with onblur event - requires NSS 3.28.4 - rebased patches diff -r 5581eb3d07e1 -r 8d48ef5efb59 MozillaFirefox/firefox-esr.spec --- a/MozillaFirefox/firefox-esr.spec Fri Apr 28 19:40:59 2017 +0200 +++ b/MozillaFirefox/firefox-esr.spec Fri Apr 28 19:49:33 2017 +0200 @@ -29,7 +29,7 @@ %if 0%{?suse_version} > 1320 %define firefox_use_gtk3 1 %ifarch %ix86 x86_64 -%define firefox_use_rust 1 +%define firefox_use_rust 0 %endif %endif @@ -91,8 +91,8 @@ BuildRequires: xorg-x11-libXt-devel BuildRequires: yasm BuildRequires: zip +BuildRequires: pkgconfig(libffi) BuildRequires: pkgconfig(libpulse) -BuildRequires: pkgconfig(libffi) %if 0%{?firefox_use_gtk3} BuildRequires: pkgconfig(glib-2.0) BuildRequires: pkgconfig(gobject-2.0)