# HG changeset patch # User Wolfgang Rosenauer # Date 1497440848 -7200 # Node ID c0c95a18e37c1257dd920150fafac30a1f5c6be1 # Parent 14640a79141fb40c05d95d0bba4a42905c181656 Firefox 52.2esr diff -r 14640a79141f -r c0c95a18e37c MozillaFirefox/MozillaFirefox.changes --- a/MozillaFirefox/MozillaFirefox.changes Sun Jun 04 09:48:10 2017 +0200 +++ b/MozillaFirefox/MozillaFirefox.changes Wed Jun 14 13:47:28 2017 +0200 @@ -1,4 +1,59 @@ ------------------------------------------------------------------- +Wed Jun 14 07:08:29 UTC 2017 - wr@rosenauer.org + +- update to Firefox 52.2esr (boo#1043960) + MFSA 2017-16 + * CVE-2017-5472 (bmo#1365602) + Use-after-free using destroyed node when regenerating trees + * CVE-2017-7749 (bmo#1355039) + Use-after-free during docshell reloading + * CVE-2017-7750 (bmo#1356558) + Use-after-free with track elements + * CVE-2017-7751 (bmo#1363396) + Use-after-free with content viewer listeners + * CVE-2017-7752 (bmo#1359547) + Use-after-free with IME input + * CVE-2017-7754 (bmo#1357090) + Out-of-bounds read in WebGL with ImageInfo object + * CVE-2017-7755 (bmo#1361326) + Privilege escalation through Firefox Installer with same + directory DLL files (Windows only) + * CVE-2017-7756 (bmo#1366595) + Use-after-free and use-after-scope logging XHR header errors + * CVE-2017-7757 (bmo#1356824) + Use-after-free in IndexedDB + * CVE-2017-7778, CVE-2017-7778, CVE-2017-7771, CVE-2017-7772, + CVE-2017-7773, CVE-2017-7774, CVE-2017-7775, CVE-2017-7776, + CVE-2017-7777 + Vulnerabilities in the Graphite 2 library + * CVE-2017-7758 (bmo#1368490) + Out-of-bounds read in Opus encoder + * CVE-2017-7760 (bmo#1348645) + File manipulation and privilege escalation via callback parameter + in Mozilla Windows Updater and Maintenance Service (Windows only) + * CVE-2017-7761 (bmo#1215648) + File deletion and privilege escalation through Mozilla Maintenance + Service helper.exe application (Windows only) + * CVE-2017-7764 (bmo#1364283) + Domain spoofing with combination of Canadian Syllabics and other + unicode blocks + * CVE-2017-7765 (bmo#1273265) + Mark of the Web bypass when saving executable files (Windows only) + * CVE-2017-7766 (bmo#1342742) + File execution and privilege escalation through updater.ini, + Mozilla Windows Updater, and Mozilla Maintenance Service + (Windows only) + * CVE-2017-7767 (bmo#1336964) + Privilege escalation and arbitrary file overwrites through Mozilla + Windows Updater and Mozilla Maintenance Service (Windows only) + * CVE-2017-7768 (bmo#1336979) + 32 byte arbitrary file read through Mozilla Maintenance Service + (Windows only) + * CVE-2017-5470 + Memory safety bugs fixed in Firefox 54 and Firefox ESR 52.2 +- requires NSS 3.28.5 + +------------------------------------------------------------------- Tue May 23 14:00:40 UTC 2017 - wr@rosenauer.org - remove -fno-inline-small-functions and explicitely optimize with diff -r 14640a79141f -r c0c95a18e37c MozillaFirefox/MozillaFirefox.spec --- a/MozillaFirefox/MozillaFirefox.spec Sun Jun 04 09:48:10 2017 +0200 +++ b/MozillaFirefox/MozillaFirefox.spec Wed Jun 14 13:47:28 2017 +0200 @@ -19,9 +19,9 @@ # changed with every update %define major 52 -%define mainver %major.1.1 +%define mainver %major.2 %define update_channel esr52 -%define releasedate 20170504000000 +%define releasedate 20170612000000 # PIE, full relro (x86_64 for now) %define build_hardened 1 @@ -82,7 +82,7 @@ BuildRequires: libproxy-devel BuildRequires: makeinfo BuildRequires: mozilla-nspr-devel >= 4.13.1 -BuildRequires: mozilla-nss-devel >= 3.28.4 +BuildRequires: mozilla-nss-devel >= 3.28.5 BuildRequires: nss-shared-helper-devel BuildRequires: python-devel BuildRequires: startup-notification-devel diff -r 14640a79141f -r c0c95a18e37c MozillaFirefox/create-tar.sh --- a/MozillaFirefox/create-tar.sh Sun Jun 04 09:48:10 2017 +0200 +++ b/MozillaFirefox/create-tar.sh Wed Jun 14 13:47:28 2017 +0200 @@ -7,8 +7,8 @@ CHANNEL="esr52" BRANCH="releases/mozilla-$CHANNEL" -RELEASE_TAG="FIREFOX_52_1_1esr_RELEASE" -VERSION="52.1.1" +RELEASE_TAG="FIREFOX_52_2_0esr_RELEASE" +VERSION="52.2" # mozilla if [ -d mozilla ]; then diff -r 14640a79141f -r c0c95a18e37c MozillaFirefox/firefox-esr.changes --- a/MozillaFirefox/firefox-esr.changes Sun Jun 04 09:48:10 2017 +0200 +++ b/MozillaFirefox/firefox-esr.changes Wed Jun 14 13:47:28 2017 +0200 @@ -1,4 +1,59 @@ ------------------------------------------------------------------- +Wed Jun 14 07:08:29 UTC 2017 - wr@rosenauer.org + +- update to Firefox 52.2esr (boo#1043960) + MFSA 2017-16 + * CVE-2017-5472 (bmo#1365602) + Use-after-free using destroyed node when regenerating trees + * CVE-2017-7749 (bmo#1355039) + Use-after-free during docshell reloading + * CVE-2017-7750 (bmo#1356558) + Use-after-free with track elements + * CVE-2017-7751 (bmo#1363396) + Use-after-free with content viewer listeners + * CVE-2017-7752 (bmo#1359547) + Use-after-free with IME input + * CVE-2017-7754 (bmo#1357090) + Out-of-bounds read in WebGL with ImageInfo object + * CVE-2017-7755 (bmo#1361326) + Privilege escalation through Firefox Installer with same + directory DLL files (Windows only) + * CVE-2017-7756 (bmo#1366595) + Use-after-free and use-after-scope logging XHR header errors + * CVE-2017-7757 (bmo#1356824) + Use-after-free in IndexedDB + * CVE-2017-7778, CVE-2017-7778, CVE-2017-7771, CVE-2017-7772, + CVE-2017-7773, CVE-2017-7774, CVE-2017-7775, CVE-2017-7776, + CVE-2017-7777 + Vulnerabilities in the Graphite 2 library + * CVE-2017-7758 (bmo#1368490) + Out-of-bounds read in Opus encoder + * CVE-2017-7760 (bmo#1348645) + File manipulation and privilege escalation via callback parameter + in Mozilla Windows Updater and Maintenance Service (Windows only) + * CVE-2017-7761 (bmo#1215648) + File deletion and privilege escalation through Mozilla Maintenance + Service helper.exe application (Windows only) + * CVE-2017-7764 (bmo#1364283) + Domain spoofing with combination of Canadian Syllabics and other + unicode blocks + * CVE-2017-7765 (bmo#1273265) + Mark of the Web bypass when saving executable files (Windows only) + * CVE-2017-7766 (bmo#1342742) + File execution and privilege escalation through updater.ini, + Mozilla Windows Updater, and Mozilla Maintenance Service + (Windows only) + * CVE-2017-7767 (bmo#1336964) + Privilege escalation and arbitrary file overwrites through Mozilla + Windows Updater and Mozilla Maintenance Service (Windows only) + * CVE-2017-7768 (bmo#1336979) + 32 byte arbitrary file read through Mozilla Maintenance Service + (Windows only) + * CVE-2017-5470 + Memory safety bugs fixed in Firefox 54 and Firefox ESR 52.2 +- requires NSS 3.28.5 + +------------------------------------------------------------------- Tue May 23 14:00:40 UTC 2017 - wr@rosenauer.org - remove -fno-inline-small-functions and explicitely optimize with diff -r 14640a79141f -r c0c95a18e37c MozillaFirefox/firefox-esr.spec --- a/MozillaFirefox/firefox-esr.spec Sun Jun 04 09:48:10 2017 +0200 +++ b/MozillaFirefox/firefox-esr.spec Wed Jun 14 13:47:28 2017 +0200 @@ -19,9 +19,9 @@ # changed with every update %define major 52 -%define mainver %major.1.1 +%define mainver %major.2 %define update_channel esr52 -%define releasedate 20170504000000 +%define releasedate 20170612000000 # PIE, full relro (x86_64 for now) %define build_hardened 1 @@ -82,7 +82,7 @@ BuildRequires: libproxy-devel BuildRequires: makeinfo BuildRequires: mozilla-nspr-devel >= 4.13.1 -BuildRequires: mozilla-nss-devel >= 3.28.4 +BuildRequires: mozilla-nss-devel >= 3.28.5 BuildRequires: nss-shared-helper-devel BuildRequires: python-devel BuildRequires: startup-notification-devel