# HG changeset patch # User Wolfgang Rosenauer # Date 1516741520 -3600 # Node ID 963c89cda54b5375d6000b12678cabcb5454eee2 # Parent 108497b98e440b53547667b29e918b61450ac918 update to 58.0 final diff -r 108497b98e44 -r 963c89cda54b MozillaFirefox/MozillaFirefox.changes --- a/MozillaFirefox/MozillaFirefox.changes Tue Jan 23 22:04:56 2018 +0100 +++ b/MozillaFirefox/MozillaFirefox.changes Tue Jan 23 22:05:20 2018 +0100 @@ -1,10 +1,79 @@ ------------------------------------------------------------------- -Wed Jan 10 21:39:09 UTC 2018 - wr@rosenauer.org - -- update to Firefox 58.0b15 +Tue Jan 23 20:40:57 UTC 2018 - wr@rosenauer.org + +- update to Firefox 58.0 (bsc#1077291) * Added Nepali (ne-NP) locale * Added support for form autofill for credit card * Optimize page load by caching JavaScript internal representation + MFSA 2018-02 + * CVE-2018-5091 (bmo#1423086) + Use-after-free with DTMF timers + * CVE-2018-5092 (bmo#1418074) + Use-after-free in Web Workers + * CVE-2018-5093 (bmo#1415291) + Buffer overflow in WebAssembly during Memory/Table resizing + * CVE-2018-5094 (bmo#1415883) + Buffer overflow in WebAssembly with garbage collection on + uninitialized memory + * CVE-2018-5095 (bmo#1418447) + Integer overflow in Skia library during edge builder allocation + * CVE-2018-5097 (bmo#1387427) + Use-after-free when source document is manipulated during XSLT + * CVE-2018-5098 (bmo#1399400) + Use-after-free while manipulating form input elements + * CVE-2018-5099 (bmo#1416878) + Use-after-free with widget listener + * CVE-2018-5100 (bmo#1417405) + Use-after-free when IsPotentiallyScrollable arguments are freed + from memory + * CVE-2018-5101 (bmo#1417661) + Use-after-free with floating first-letter style elements + * CVE-2018-5102 (bmo#1419363) + Use-after-free in HTML media elements + * CVE-2018-5103 (bmo#1423159) + Use-after-free during mouse event handling + * CVE-2018-5104 (bmo#1425000) + Use-after-free during font face manipulation + * CVE-2018-5105 (bmo#1390882) + WebExtensions can save and execute files on local file system + without user prompts + * CVE-2018-5106 (bmo#1408708) + Developer Tools can expose style editor information cross-origin + through service worker + * CVE-2018-5107 (bmo#1379276) + Printing process will follow symlinks for local file access + * CVE-2018-5108 (bmo#1421099) + Manually entered blob URL can be accessed by subsequent private browsing tabs + * CVE-2018-5109 (bmo#1405599) + Audio capture prompts and starts with incorrect origin attribution + * CVE-2018-5110 (bmo#1423275) (affects only OS X) + Cursor can be made invisible on OS X + * CVE-2018-5111 (bmo#1321619) + URL spoofing in addressbar through drag and drop + * CVE-2018-5112 (bmo#1425224) + Extension development tools panel can open a non-relative URL in the panel + * CVE-2018-5113 (bmo#1425267) + WebExtensions can load non-HTTPS pages with browser.identity.launchWebAuthFlow + * CVE-2018-5114 (bmo#1421324) + The old value of a cookie changed to HttpOnly remains accessible to scripts + * CVE-2018-5115 (bmo#1409449) + Background network requests can open HTTP authentication in unrelated foreground tabs + * CVE-2018-5116 (bmo#1396399) + WebExtension ActiveTab permission allows cross-origin frame content access + * CVE-2018-5117 (bmo#1395508) + URL spoofing with right-to-left text aligned left-to-right + * CVE-2018-5118 (bmo#1420049) + Activity Stream images can attempt to load local content through file: + * CVE-2018-5119 (bmo#1420507) + Reader view will load cross-origin content in violation of CORS headers + * CVE-2018-5121 (bmo#1402368) (affects only OS X) + OS X Tibetan characters render incompletely in the addressbar + * CVE-2018-5122 (bmo#1413841) + Potential integer overflow in DoCrypt + * CVE-2018-5090 + Memory safety bugs fixed in Firefox 58 + * CVE-2018-5089 + Memory safety bugs fixed in Firefox 58 and Firefox ESR 52.6 - requires NSS 3.34.1 - requires rust 1.21 - removed obsolete patches: diff -r 108497b98e44 -r 963c89cda54b MozillaFirefox/MozillaFirefox.spec --- a/MozillaFirefox/MozillaFirefox.spec Tue Jan 23 22:04:56 2018 +0100 +++ b/MozillaFirefox/MozillaFirefox.spec Tue Jan 23 22:05:20 2018 +0100 @@ -18,11 +18,11 @@ # changed with every update -%define major 57 -%define mainver %major.99 -%define update_channel beta +%define major 58 +%define mainver %major.0 +%define update_channel release %define branding 1 -%define releasedate 20180108140638 +%define releasedate 20180118215408 # PIE, full relro (x86_64 for now) %define build_hardened 1 diff -r 108497b98e44 -r 963c89cda54b MozillaFirefox/create-tar.sh --- a/MozillaFirefox/create-tar.sh Tue Jan 23 22:04:56 2018 +0100 +++ b/MozillaFirefox/create-tar.sh Tue Jan 23 22:05:20 2018 +0100 @@ -5,10 +5,10 @@ # "moz_source_stamp": "c1de04f39fa956cfce83f6065b0e709369215ed5" # http://ftp.mozilla.org/pub/firefox/candidates/48.0-candidates/build2/l10n_changesets.txt -CHANNEL="beta" +CHANNEL="release" BRANCH="releases/mozilla-$CHANNEL" -RELEASE_TAG="FIREFOX_58_0b15_RELEASE" -VERSION="57.99" +RELEASE_TAG="40755aa80f41ee6df8995ae44044caf7a024b128" +VERSION="58.0" # mozilla if [ -d mozilla ]; then diff -r 108497b98e44 -r 963c89cda54b MozillaFirefox/l10n_changesets.txt --- a/MozillaFirefox/l10n_changesets.txt Tue Jan 23 22:04:56 2018 +0100 +++ b/MozillaFirefox/l10n_changesets.txt Tue Jan 23 22:05:20 2018 +0100 @@ -1,97 +1,97 @@ ach 51053376f3b4 af 9699e648d04f an 35bf2af54c6e -ar 18e0fe1f77af +ar 11e28461eedd as f48681f3cb1c ast a0365b2d2204 az c9f8178b760e -be 18548e3b4c7d -bg d74448447ec4 -bn-BD 3775531f087a +be 6a81fe13730e +bg f5f7827ddaf6 +bn-BD 40173c2773dc bn-IN 8a4d7efa4656 br 87dd84f3fb15 -bs 0fa5c5c498f1 -ca e9108f454291 -cak 037fa4cc0de7 -cs 3574c5626c21 -cy c91a567d32d7 -da f3010a97d2e5 +bs f9194e1b9d1f +ca 2393377daf04 +cak 358337cd8e62 +cs b2f2d66e474f +cy cd528119b1f0 +da 3d4f38f6c602 de c4580757245b -dsb 38971ef44ffc +dsb 6cae073a841f el 7c198d3d5d8c en-GB 108b5a928fb5 en-ZA 5b50bebf4e4f -eo 9f05d54432b0 -es-AR 3a197d57ec4c +eo eb148ada0d56 +es-AR 08d927e7ad92 es-CL 02584a2d25b7 es-ES 1c9d3c3c689d -es-MX 34a4e978e28e +es-MX 6435282dbc75 et e29f6a05d5a8 -eu 8e603c97e31c +eu 756e60b234ec fa 8aee74bd73fe ff b529c4fc084b -fi 85224ec9f9d6 +fi 124ad6d2caeb fr 87ec33d89386 -fy-NL 9bf0802a31d8 +fy-NL 3705ebdd28f5 ga-IE 2453123d83ab gd da7de9b6e635 gl 99003c9cd063 gn 54547111d875 -gu-IN fbd546c0da2a +gu-IN 88180147b7f5 he 9837e2cc4a95 hi-IN e1dddb32c7d0 hr 1699e5d11dfc -hsb 56456696b55c +hsb b779311b0bd0 hu 5f446a971f03 hy-AM 024da8b34b46 -id b782e4d9b6a6 -is 565cadb6758e -it 00f4de3aba14 -ja ae05620172df -ja-JP-mac 3a189aca7466 -ka 9d0112651a6f -kab a558f864ce7c -kk b4cb376272cf -km 49d745556f4e +id 0f0141ed9bb6 +is 4b3c58c9d645 +it 6e2c7978b0e7 +ja f30c0c2f2bc4 +ja-JP-mac 4230da7b0695 +ka 6650158784f6 +kab 6b3c6e707013 +kk 1e85339bcb5c +km d934d1e2fbba kn 9d356f38d208 -ko f6b025aac29f +ko 6370c2a0f030 lij 0ab26fda46bc -lt d82f8f2933b8 -lv ff8bed2caedd +lt 450e1219d46f +lv 78a846f93b16 mai 53cf7cd14176 mk 3d22bc5b8e99 ml 128c7b806403 mr 074d705e44b7 -ms 58d9543d90aa +ms 7fa602755a3b my eee9ab816d7c -nb-NO dfa15b2830ca +nb-NO 963968719128 ne-NP c318f683bdb7 -nl d9160f9af08a -nn-NO e1d2d5f62b8d +nl fca30e75c8a2 +nn-NO 484b14dee153 or 9420e75f84ba pa-IN 5634ac6e7d9b pl 45fa8ed87819 -pt-BR 3c1f75571616 -pt-PT 28b28e71f40c +pt-BR 38d2f920e7b1 +pt-PT 60446c901737 rm cf0859e63177 -ro ce4a00c06847 -ru 1caf2ee86cdc +ro 7fea5671214f +ru 67b070efcbd9 si 5b5533ef2e97 -sk cfc3d731a936 -sl cc7e13e52830 +sk 4c17a502b748 +sl 8c446da2c7c5 son 914d74ec145e sq 704b52416e5e -sr 437a6f8a9d2c -sv-SE 4a250a2a3388 +sr cbf4a5eafb4d +sv-SE 2e8d40795c69 ta 26d7cbe37e4a -te d30aefb49f2f +te 9338813fedc1 th aa91b43781fe -tr 860f0ea58677 -uk 9dba20dbbdaf +tr a392fcf83ab9 +uk 214311bf7877 ur 60247a51a921 uz 51175e255277 -vi 5d5d980a351f +vi 2731355cccc7 xh a756d272d1fe zh-CN 9ab59b4c446a -zh-TW fd0c8d18944d +zh-TW a56ff00fa7b0