# HG changeset patch
# User Wolfgang Rosenauer <wr@rosenauer.org>
# Date 1439224580 -7200
# Node ID b8713c1e21560e24fd3a916aafb65cdd3c090a97
# Parent  646495e9e7219371d241c00967f3422eee6b80c0
38.1.1

diff -r 646495e9e721 -r b8713c1e2156 MozillaFirefox/MozillaFirefox.changes
--- a/MozillaFirefox/MozillaFirefox.changes	Sun Jun 28 09:17:38 2015 +0200
+++ b/MozillaFirefox/MozillaFirefox.changes	Mon Aug 10 18:36:20 2015 +0200
@@ -1,7 +1,42 @@
 -------------------------------------------------------------------
+Fri Aug  7 09:24:56 UTC 2015 - wr@rosenauer.org
+
+- security update to Firefox 38.1.1 (bnc#940918)
+  * MFSA 2015-78/CVE-2015-4495 (bmo#1179262, bmo#1178058)
+    Same origin violation and local file stealing via PDF reader
+
+-------------------------------------------------------------------
 Sat Jun 27 21:19:48 UTC 2015 - wr@rosenauer.org
 
 - update to Firefox 38.1.0 (bnc#935979)
+  * MFSA 2015-59/CVE-2015-2724/CVE-2015-2725
+    Miscellaneous memory safety hazards
+  * MFSA 2015-60/CVE-2015-2727 (bmo#1163422)
+    Local files or privileged URLs in pages can be opened into new tabs
+  * MFSA 2015-61/CVE-2015-2728 (bmo#1142210)
+    Type confusion in Indexed Database Manager
+  * MFSA 2015-62/CVE-2015-2729 (bmo#1122218)
+    Out-of-bound read while computing an oscillator rendering range in Web Audio
+  * MFSA 2015-63/CVE-2015-2731 (bmo#1149891)
+    Use-after-free in Content Policy due to microtask execution error
+  * MFSA 2015-64/CVE-2015-2730 (bmo#1125025)
+    ECDSA signature validation fails to handle some signatures correctly
+    (this fix is shipped by NSS 3.19.1 externally)
+  * MFSA 2015-65/CVE-2015-2722/CVE-2015-2733 (bmo#1166924, bmo#1169867)
+    Use-after-free in workers while using XMLHttpRequest
+  * MFSA 2015-66/CVE-2015-2734/CVE-2015-2735/CVE-2015-2736/CVE-2015-2737
+    CVE-2015-2738/CVE-2015-2739/CVE-2015-2740
+    Vulnerabilities found through code inspection
+  * MFSA 2015-67/CVE-2015-2741 (bmo#1147497)
+    Key pinning is ignored when overridable errors are encountered
+  * MFSA 2015-69/CVE-2015-2743 (bmo#1163109)
+    Privilege escalation in PDF.js
+  * MFSA 2015-70/CVE-2015-4000 (bmo#1138554)
+    NSS accepts export-length DHE keys with regular DHE cipher suites
+    (this fix is shipped by NSS 3.19.1 externally)
+  * MFSA 2015-71/CVE-2015-2721 (bmo#1086145)
+    NSS incorrectly permits skipping of ServerKeyExchange
+    (this fix is shipped by NSS 3.19.1 externally)
 - requires NSS 3.19.2
 
 -------------------------------------------------------------------
diff -r 646495e9e721 -r b8713c1e2156 MozillaFirefox/MozillaFirefox.spec
--- a/MozillaFirefox/MozillaFirefox.spec	Sun Jun 28 09:17:38 2015 +0200
+++ b/MozillaFirefox/MozillaFirefox.spec	Mon Aug 10 18:36:20 2015 +0200
@@ -19,9 +19,9 @@
 
 # changed with every update
 %define major 38
-%define mainver %major.1.0
+%define mainver %major.1.1
 %define update_channel esr38
-%define releasedate 2015062600
+%define releasedate 2015080600
 
 # general build definitions
 %if "%{update_channel}" != "aurora"
diff -r 646495e9e721 -r b8713c1e2156 MozillaFirefox/create-tar.sh
--- a/MozillaFirefox/create-tar.sh	Sun Jun 28 09:17:38 2015 +0200
+++ b/MozillaFirefox/create-tar.sh	Mon Aug 10 18:36:20 2015 +0200
@@ -2,8 +2,8 @@
 
 CHANNEL="esr38"
 BRANCH="releases/mozilla-$CHANNEL"
-RELEASE_TAG="FIREFOX_38_1_0esr_RELEASE"
-VERSION="38.1.0"
+RELEASE_TAG="FIREFOX_38_1_1esr_RELEASE"
+VERSION="38.1.1"
 
 # mozilla
 if [ -d mozilla ]; then
diff -r 646495e9e721 -r b8713c1e2156 MozillaFirefox/firefox-esr.changes
--- a/MozillaFirefox/firefox-esr.changes	Sun Jun 28 09:17:38 2015 +0200
+++ b/MozillaFirefox/firefox-esr.changes	Mon Aug 10 18:36:20 2015 +0200
@@ -1,4 +1,11 @@
 -------------------------------------------------------------------
+Fri Aug  7 09:24:56 UTC 2015 - wr@rosenauer.org
+
+- security update to Firefox 38.1.1 (bnc#940918)
+  * MFSA 2015-78/CVE-2015-4495 (bmo#1179262, bmo#1178058)
+    Same origin violation and local file stealing via PDF reader
+
+-------------------------------------------------------------------
 Sun Jun 28 07:11:18 UTC 2015 - wr@rosenauer.org
 
 - renamed package to firefox-esr for ESR 38 cycle
@@ -7,6 +14,34 @@
 Sat Jun 27 21:19:48 UTC 2015 - wr@rosenauer.org
 
 - update to Firefox 38.1.0 (bnc#935979)
+  * MFSA 2015-59/CVE-2015-2724/CVE-2015-2725
+    Miscellaneous memory safety hazards
+  * MFSA 2015-60/CVE-2015-2727 (bmo#1163422)
+    Local files or privileged URLs in pages can be opened into new tabs
+  * MFSA 2015-61/CVE-2015-2728 (bmo#1142210)
+    Type confusion in Indexed Database Manager
+  * MFSA 2015-62/CVE-2015-2729 (bmo#1122218)
+    Out-of-bound read while computing an oscillator rendering range in Web Audio
+  * MFSA 2015-63/CVE-2015-2731 (bmo#1149891)
+    Use-after-free in Content Policy due to microtask execution error
+  * MFSA 2015-64/CVE-2015-2730 (bmo#1125025)
+    ECDSA signature validation fails to handle some signatures correctly
+    (this fix is shipped by NSS 3.19.1 externally)
+  * MFSA 2015-65/CVE-2015-2722/CVE-2015-2733 (bmo#1166924, bmo#1169867)
+    Use-after-free in workers while using XMLHttpRequest
+  * MFSA 2015-66/CVE-2015-2734/CVE-2015-2735/CVE-2015-2736/CVE-2015-2737
+    CVE-2015-2738/CVE-2015-2739/CVE-2015-2740
+    Vulnerabilities found through code inspection
+  * MFSA 2015-67/CVE-2015-2741 (bmo#1147497)
+    Key pinning is ignored when overridable errors are encountered
+  * MFSA 2015-69/CVE-2015-2743 (bmo#1163109)
+    Privilege escalation in PDF.js
+  * MFSA 2015-70/CVE-2015-4000 (bmo#1138554)
+    NSS accepts export-length DHE keys with regular DHE cipher suites
+    (this fix is shipped by NSS 3.19.1 externally)
+  * MFSA 2015-71/CVE-2015-2721 (bmo#1086145)
+    NSS incorrectly permits skipping of ServerKeyExchange
+    (this fix is shipped by NSS 3.19.1 externally)
 - requires NSS 3.19.2
 
 -------------------------------------------------------------------
diff -r 646495e9e721 -r b8713c1e2156 MozillaFirefox/firefox-esr.spec
--- a/MozillaFirefox/firefox-esr.spec	Sun Jun 28 09:17:38 2015 +0200
+++ b/MozillaFirefox/firefox-esr.spec	Mon Aug 10 18:36:20 2015 +0200
@@ -19,9 +19,9 @@
 
 # changed with every update
 %define major 38
-%define mainver %major.1.0
+%define mainver %major.1.1
 %define update_channel esr38
-%define releasedate 2015062600
+%define releasedate 2015080600
 
 # general build definitions
 %if "%{update_channel}" != "aurora"
@@ -132,7 +132,7 @@
 Source13:       spellcheck.js
 Source14:       create-tar.sh
 Source15:       firefox-appdata.xml
-Source16:       MozillaFirefox.changes
+Source16:       firefox-esr.changes
 # Gecko/Toolkit
 Patch1:         toolkit-download-folder.patch
 Patch2:         mozilla-nongnome-proxies.patch
@@ -274,7 +274,7 @@
 
 %build
 # no need to add build time to binaries
-modified="$(sed -n '/^----/n;s/ - .*$//;p;q' "%{_sourcedir}/MozillaFirefox.changes")"
+modified="$(sed -n '/^----/n;s/ - .*$//;p;q' "%{S:16}")"
 DATE="\"$(date -d "${modified}" "+%%b %%e %%Y")\""
 TIME="\"$(date -d "${modified}" "+%%R")\""
 find . -regex ".*\.c\|.*\.cpp\|.*\.h" -exec sed -i "s/__DATE__/${DATE}/g;s/__TIME__/${TIME}/g" {} +
diff -r 646495e9e721 -r b8713c1e2156 firefox-kde.patch
--- a/firefox-kde.patch	Sun Jun 28 09:17:38 2015 +0200
+++ b/firefox-kde.patch	Mon Aug 10 18:36:20 2015 +0200
@@ -1,11 +1,11 @@
 # HG changeset patch
-# Parent  37dd974224e6c52f4bccc1ea6cef65b0e0add838
+# Parent  1cde29cae06548395356e5a5dc0cfb8a42597c65
 
 diff --git a/browser/base/content/browser-kde.xul b/browser/base/content/browser-kde.xul
 new file mode 100644
 --- /dev/null
 +++ b/browser/base/content/browser-kde.xul
-@@ -0,0 +1,1311 @@
+@@ -0,0 +1,1302 @@
 +#filter substitution
 +<?xml version="1.0"?>
 +# -*- Mode: HTML -*-
@@ -738,9 +738,9 @@
 +             fullscreentoolbar="true" mode="icons" customizable="true"
 +             iconsize="small"
 +#ifdef MOZ_DEV_EDITION
-+             defaultset="urlbar-container,search-container,developer-button,bookmarks-menu-button,pocket-button,downloads-button,home-button,loop-button"
++             defaultset="urlbar-container,search-container,developer-button,bookmarks-menu-button,downloads-button,home-button,loop-button"
 +#else
-+             defaultset="urlbar-container,search-container,bookmarks-menu-button,pocket-button,downloads-button,home-button,loop-button"
++             defaultset="urlbar-container,search-container,bookmarks-menu-button,downloads-button,home-button,loop-button"
 +#endif
 +             customizationtarget="nav-bar-customization-target"
 +             overflowable="true"
@@ -890,7 +890,6 @@
 +                     oncommand="BookmarksEventHandler.onCommand(event, this.parentNode._placesView);"
 +                     onclick="BookmarksEventHandler.onClick(event, this.parentNode._placesView);"
 +                     onpopupshowing="BookmarkingUI.onPopupShowing(event);
-+                                     BookmarkingUI.updatePocketItemVisibility('BMB_');
 +                                     BookmarkingUI.attachPlacesView(event, this);"
 +                     tooltip="bhTooltip" popupsinherittooltip="true">
 +            <menuitem id="BMB_viewBookmarksSidebar"
@@ -907,11 +906,6 @@
 +                      command="Browser:ShowAllBookmarks"
 +                      key="manBookmarkKb"/>
 +            <menuseparator/>
-+            <menuitem id="BMB_pocket"
-+                      class="menuitem-iconic bookmark-item subviewbutton"
-+                      label="&pocketMenuitem.label;"
-+                      oncommand="openUILink(Pocket.listURL, event);"/>
-+            <menuseparator id="BMB_pocketSeparator"/>
 +            <menuitem id="BMB_subscribeToPageMenuitem"
 +#ifndef XP_MACOSX
 +                      class="menuitem-iconic subviewbutton"
@@ -1313,9 +1307,6 @@
 +#     starting with an empty iframe here in browser.xul from a Ts standpoint.
 +</deck>
 +
-+<script type="application/javascript" src="chrome://browser/content/pocket/pktApi.js"/>
-+<script type="application/javascript" src="chrome://browser/content/pocket/main.js"/>
-+
 +</window>
 diff --git a/browser/base/content/browser.xul b/browser/base/content/browser.xul
 --- a/browser/base/content/browser.xul