--- a/MozillaFirefox/MozillaFirefox.changes Mon Apr 17 09:40:14 2017 +0200
+++ b/MozillaFirefox/MozillaFirefox.changes Sun Jun 04 09:56:53 2017 +0200
@@ -1,7 +1,22 @@
-------------------------------------------------------------------
-Mon Apr 17 07:39:42 UTC 2017 - wr@rosenauer.org
-
-- update to Firefox 53.0b10
+Thu Jun 1 04:25:05 UTC 2017 - kah0922@gmail.com
+
+- remove -fno-inline-small-functions and explicitely optimize with
+ -O2 for openSUSE > 13.2/Leap 42 to work with gcc7 (boo#1040105)
+
+-------------------------------------------------------------------
+Wed Apr 26 12:37:38 UTC 2017 - wr@rosenauer.org
+
+- switch to Mozilla's geolocation service (boo#1026989)
+- removed mozilla-preferences.patch obsoleted by overriding via
+ firefox.js
+- fixed KDE integration to avoid crash caused by filepicker
+ (boo#1015998)
+
+-------------------------------------------------------------------
+Mon Apr 17 12:52:10 UTC 2017 - wr@rosenauer.org
+
+- update to Firefox 53.0
* requires NSS 3.29.5
* Lightweight themes are now applied in private browsing windows
* Reader Mode now displays estimated reading time for the page
@@ -15,6 +30,86 @@
* Media playback on new tabs is blocked until the tab is visible
* Permission notifications have a cleaner design and cannot be
easily missed
+ MFSA 2017-10
+ * CVE-2017-5456 (bmo#1344415)
+ Sandbox escape allowing local file system access
+ * CVE-2017-5442 (bmo#1347979)
+ Use-after-free during style changes
+ * CVE-2017-5443 (bmo#1342661)
+ Out-of-bounds write during BinHex decoding
+ * CVE-2017-5429 (bmo#1341096, bmo#1342823, bmo#1343261, bmo#1348894,
+ bmo#1348941, bmo#1349340, bmo#1350844, bmo#1352926, bmo#1353088)
+ Memory safety bugs fixed in Firefox 53, Firefox ESR 45.9, and
+ Firefox ESR 52.1
+ * CVE-2017-5464 (bmo#1347075)
+ Memory corruption with accessibility and DOM manipulation
+ * CVE-2017-5465 (bmo#1347617)
+ Out-of-bounds read in ConvolvePixel
+ * CVE-2017-5466 (bmo#1353975)
+ Origin confusion when reloading isolated data:text/html URL
+ * CVE-2017-5467 (bmo#1347262)
+ Memory corruption when drawing Skia content
+ * CVE-2017-5460 (bmo#1343642)
+ Use-after-free in frame selection
+ * CVE-2017-5461 (bmo#1344380)
+ Out-of-bounds write in Base64 encoding in NSS
+ * CVE-2017-5448 (bmo#1346648)
+ Out-of-bounds write in ClearKeyDecryptor
+ * CVE-2017-5449 (bmo#1340127)
+ Crash during bidirectional unicode manipulation with animation
+ * CVE-2017-5446 (bmo#1343505)
+ Out-of-bounds read when HTTP/2 DATA frames are sent with incorrect data
+ * CVE-2017-5447 (bmo#1343552)
+ Out-of-bounds read during glyph processing
+ * CVE-2017-5444 (bmo#1344461)
+ Buffer overflow while parsing application/http-index-format content
+ * CVE-2017-5445 (bmo#1344467)
+ Uninitialized values used while parsing application/http-index-format
+ content
+ * CVE-2017-5468 (bmo#1329521)
+ Incorrect ownership model for Private Browsing information
+ * CVE-2017-5469 (bmo#1292534)
+ Potential Buffer overflow in flex-generated code
+ * CVE-2017-5440 (bmo#1336832)
+ Use-after-free in txExecutionState destructor during XSLT processing
+ * CVE-2017-5441 (bmo#1343795)
+ Use-after-free with selection during scroll events
+ * CVE-2017-5439 (bmo#1336830)
+ Use-after-free in nsTArray Length() during XSLT processing
+ * CVE-2017-5438 (bmo#1336828)
+ Use-after-free in nsAutoPtr during XSLT processing
+ * CVE-2017-5437 (bmo#1343453)
+ Vulnerabilities in Libevent library
+ * CVE-2017-5436 (bmo#1345461)
+ Out-of-bounds write with malicious font in Graphite 2
+ * CVE-2017-5435 (bmo#1350683)
+ Use-after-free during transaction processing in the editor
+ * CVE-2017-5434 (bmo#1349946)
+ Use-after-free during focus handling
+ * CVE-2017-5433 (bmo#1347168)
+ Use-after-free in SMIL animation functions
+ * CVE-2017-5432 (bmo#1346654)
+ Use-after-free in text input selection
+ * CVE-2017-5430 (bmo#1329796, bmo#1337418, bmo#1339722, bmo#1340482,
+ bmo#1342101, bmo#1344081, bmo#1344305, bmo#1344686,
+ bmo#1346140, bmo#1346419, bmo#1348143, bmo#1349621,
+ bmo#1349719, bmo#1353476)
+ Memory safety bugs fixed in Firefox 53 and Firefox ESR 52.1
+ * CVE-2017-5459 (bmo#1333858)
+ Buffer overflow in WebGL
+ * CVE-2017-5458 (bmo#1229426)
+ Drag and drop of javascript: URLs can allow for self-XSS
+ * CVE-2017-5455 (bmo#1341191)
+ Sandbox escape through internal feed reader APIs
+ * CVE-2017-5454 (bmo#1349276)
+ Sandbox escape allowing file system read access through file picker
+ * CVE-2017-5451 (bmo#1273537)
+ Addressbar spoofing with onblur event
+ * CVE-2017-5453 (bmo#1321247)
+ HTML injection into RSS Reader feed preview page through
+ TITLE element
+ * CVE-2017-5462 (bmo#1345089)
+ DRBG flaw in NSS
- removed browser(npapi) provides as these plugins are deprecated
- switch used compiler to gcc5 (FF requires gcc >= 4.9 now) for
Leap 42
--- a/MozillaFirefox/MozillaFirefox.spec Mon Apr 17 09:40:14 2017 +0200
+++ b/MozillaFirefox/MozillaFirefox.spec Sun Jun 04 09:56:53 2017 +0200
@@ -18,10 +18,11 @@
# changed with every update
-%define major 52
+%define major 53
%define mainver %major.99
%define update_channel beta
-%define releasedate 20170404000000
+%define branding 1
+%define releasedate 20170602000000
# PIE, full relro (x86_64 for now)
%define build_hardened 1
@@ -33,15 +34,9 @@
%endif
# general build definitions
-%if "%{update_channel}" != "aurora"
%define progname firefox
%define pkgname MozillaFirefox
%define appname Firefox
-%else
-%define progname firefox-dev
-%define pkgname firefox-dev-edition
-%define appname Firefox Developer Edition
-%endif
%define progdir %{_prefix}/%_lib/%{progname}
%define gnome_dir %{_prefix}
%define desktop_file_name %{progname}
@@ -54,11 +49,6 @@
# Note: these are for the openSUSE Firefox builds ONLY. For your own distribution,
# please get your own set of keys.
%define _google_api_key AIzaSyD1hTe85_a14kr1Ks8T3Ce75rvbR1_Dx7Q
-%if %update_channel == "aurora"
-%define branding 0
-%else
-%define branding 1
-%endif
%define localize 1
%ifarch %ix86 x86_64
%define crashreporter 1
@@ -117,10 +107,8 @@
Provides: firefox = %{version}-%{release}
%endif
Provides: web_browser
-%if "%{update_channel}" != "aurora"
Provides: appdata()
Provides: appdata(firefox.appdata.xml)
-%endif
# this is needed to match this package with the kde4 helper package without the main package
# having a hard requirement on the kde4 package
%define kde_helper_version 6
@@ -147,11 +135,11 @@
Source15: firefox-appdata.xml
Source16: MozillaFirefox.changes
Source17: l10n_changesets.txt
+Source18: mozilla-api-key
# Gecko/Toolkit
Patch1: mozilla-nongnome-proxies.patch
Patch2: mozilla-shared-nss-db.patch
Patch3: mozilla-kde.patch
-Patch4: mozilla-preferences.patch
Patch5: mozilla-language.patch
Patch6: mozilla-ntlm-full-path.patch
Patch7: mozilla-openaes-decl.patch
@@ -179,6 +167,7 @@
%if 0%{?suse_version} < 1220
Obsoletes: libproxy1-pacrunner-mozjs <= 0.4.7
%endif
+##BuildArch: i686 x86_64 aarch64 ppc64le
%description
Mozilla Firefox is a standalone web browser, designed for standards
@@ -261,12 +250,13 @@
%patch1 -p1
%patch2 -p1
%patch3 -p1
-%patch4 -p1
%patch5 -p1
%patch6 -p1
%patch7 -p1
%patch8 -p1
-#%patch9 -p1
+%ifarch %ix86
+%patch9 -p1
+%endif
%patch10 -p1
# Firefox
%patch101 -p1
@@ -299,9 +289,9 @@
export CC=gcc-5
%endif
export CFLAGS="%{optflags} -fno-strict-aliasing"
-# boo#986541: add -fno-delete-null-pointer-checks and -fno-inline-small-functions for gcc6
+# boo#986541: add -fno-delete-null-pointer-checks for gcc6
%if 0%{?suse_version} > 1320
-export CFLAGS="$CFLAGS -fno-delete-null-pointer-checks -fno-inline-small-functions"
+export CFLAGS="$CFLAGS -fno-delete-null-pointer-checks"
%endif
%ifarch %arm
export CFLAGS="${CFLAGS/-g / }"
@@ -338,6 +328,10 @@
%if 0%{?build_hardened}
ac_add_options --enable-pie
%endif
+# gcc7 (boo#104105)
+%if 0%{?suse_version} > 1320
+ac_add_options --enable-optimize="-g -O2"
+%endif
%ifarch %ix86 %arm
%if 0%{?suse_version} > 1230
ac_add_options --disable-optimize
@@ -361,6 +355,7 @@
ac_add_options --enable-startup-notification
#ac_add_options --enable-chrome-format=jar
ac_add_options --enable-update-channel=%{update_channel}
+ac_add_options --with-mozilla-api-keyfile=%{SOURCE18}
%if %branding
ac_add_options --enable-official-branding
%endif
@@ -465,10 +460,8 @@
mkdir -p %{buildroot}%{_datadir}/mime/packages
cp %{SOURCE8} %{buildroot}%{_datadir}/mime/packages/%{progname}.xml
# appdata
-%if "%{update_channel}" != "aurora"
mkdir -p %{buildroot}%{_datadir}/appdata
cp %{SOURCE15} %{buildroot}%{_datadir}/appdata/%{desktop_file_name}.appdata.xml
-%endif
# install man-page
mkdir -p %{buildroot}%{_mandir}/man1/
cp %{SOURCE11} %{buildroot}%{_mandir}/man1/%{progname}.1
@@ -613,9 +606,7 @@
%{gnome_dir}/share/icons/hicolor/
%{_bindir}/%{progname}
%doc %{_mandir}/man1/%{progname}.1.gz
-%if "%{update_channel}" != "aurora"
%{_datadir}/appdata/
-%endif
%files devel
%defattr(-,root,root)
--- a/MozillaFirefox/create-tar.sh Mon Apr 17 09:40:14 2017 +0200
+++ b/MozillaFirefox/create-tar.sh Sun Jun 04 09:56:53 2017 +0200
@@ -7,8 +7,8 @@
CHANNEL="beta"
BRANCH="releases/mozilla-$CHANNEL"
-RELEASE_TAG="FIREFOX_53_0b10_RELEASE"
-VERSION="52.99"
+RELEASE_TAG="FIREFOX_54_0b13_RELEASE"
+VERSION="53.99"
# mozilla
if [ -d mozilla ]; then
--- a/MozillaFirefox/firefox.js Mon Apr 17 09:40:14 2017 +0200
+++ b/MozillaFirefox/firefox.js Sun Jun 04 09:56:53 2017 +0200
@@ -1,1 +1,3 @@
+pref("intl.locale.matchOS", true);
pref("browser.preferences.instantApply", true);
+pref("geo.wifi.uri", "https://location.services.mozilla.com/v1/geolocate?key=%MOZILLA_API_KEY%");
--- a/MozillaFirefox/l10n_changesets.txt Mon Apr 17 09:40:14 2017 +0200
+++ b/MozillaFirefox/l10n_changesets.txt Sun Jun 04 09:56:53 2017 +0200
@@ -31,7 +31,7 @@
ff fd37d118280c
fi db0a67c30074
fr 54307652740e
-fy-NL c4757daf69d7
+fy-NL 085a47bc877c
ga-IE 8d20d03ac938
gd fc9ab54d84a9
gl 849e4e3a3fc9
@@ -46,8 +46,8 @@
id f390b2688780
is 9ee7f7c99512
it ed1aa37dd8c7
-ja 3ef479bfde1a
-ja-JP-mac 80958cf82100
+ja ed7c7ca5cbd2
+ja-JP-mac c95055d36190
ka 3b036c9e61a6
kab 364adce77c72
kk 08696f7c8a1a
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/MozillaFirefox/mozilla-api-key Sun Jun 04 09:56:53 2017 +0200
@@ -0,0 +1,1 @@
+4605624048be48fda932495844d16fbb
--- a/MozillaFirefox/mozilla-preferences.patch Mon Apr 17 09:40:14 2017 +0200
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,1 +0,0 @@
-../mozilla-preferences.patch
\ No newline at end of file
--- a/mozilla-kde.patch Mon Apr 17 09:40:14 2017 +0200
+++ b/mozilla-kde.patch Sun Jun 04 09:56:53 2017 +0200
@@ -1,5 +1,5 @@
# HG changeset patch
-# Parent 2b1505c8ca6fc80da9cf517b029a93c452cb9876
+# Parent 564e9441f71b5bc368c33697428f756f5914eb04
Description: Add KDE integration to Firefox (toolkit parts)
Author: Wolfgang Rosenauer <wolfgang@rosenauer.org>
Author: Lubos Lunak <lunak@suse.com>
@@ -3325,7 +3325,7 @@
mFilters.AppendElement(filter);
mFilterNames.AppendElement(name);
-@@ -371,16 +375,32 @@ nsFilePicker::Show(int16_t *aReturn)
+@@ -371,16 +375,34 @@ nsFilePicker::Show(int16_t *aReturn)
NS_IMETHODIMP
nsFilePicker::Open(nsIFilePickerShownCallback *aCallback)
@@ -3339,6 +3339,7 @@
+ int16_t result;
+ mCallback = aCallback;
+ mRunning = true;
++ NS_ADDREF_THIS();
+ kdeFileDialog(&result);
+ if (mCallback) {
+ mCallback->Done(result);
@@ -3347,6 +3348,7 @@
+ mResult = result;
+ }
+ mRunning = false;
++ NS_RELEASE_THIS();
+ return NS_OK;
+ }
+
@@ -3358,7 +3360,7 @@
GtkFileChooserAction action = GetGtkFileChooserAction(mMode);
-@@ -603,8 +623,235 @@ nsFilePicker::Done(GtkWidget* file_choos
+@@ -603,8 +625,235 @@ nsFilePicker::Done(GtkWidget* file_choos
if (mCallback) {
mCallback->Done(result);
mCallback = nullptr;
--- a/mozilla-preferences.patch Mon Apr 17 09:40:14 2017 +0200
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,32 +0,0 @@
-From: Wolfgang Rosenauer <wr@rosenauer.org>
-Subject: use system locale if available
-This setting used to live in the branding-openSUSE package but this is causing too much
-confusion and therefore is currently the only setting we switch in the unbranded
-package unconditionally.
-
-# HG changeset patch
-# Parent 8c1bfc96b05ef1836aad6e9f2af323f63ed1b69c
-# Parent 35b625807600ea4a5a3c49bd1cab22fac5188406
-
-diff --git a/modules/libpref/init/all.js b/modules/libpref/init/all.js
---- a/modules/libpref/init/all.js
-+++ b/modules/libpref/init/all.js
-@@ -1790,17 +1790,17 @@ pref("converter.html2txt.always_include_
-
- pref("intl.accept_languages", "chrome://global/locale/intl.properties");
- pref("intl.menuitems.alwaysappendaccesskeys","chrome://global/locale/intl.properties");
- pref("intl.menuitems.insertseparatorbeforeaccesskeys","chrome://global/locale/intl.properties");
- pref("intl.charset.detector", "chrome://global/locale/intl.properties");
- pref("intl.charset.fallback.override", "");
- pref("intl.charset.fallback.tld", true);
- pref("intl.ellipsis", "chrome://global-platform/locale/intl.properties");
--pref("intl.locale.matchOS", false);
-+pref("intl.locale.matchOS", true);
- // fallback charset list for Unicode conversion (converting from Unicode)
- // currently used for mail send only to handle symbol characters (e.g Euro, trademark, smartquotes)
- // for ISO-8859-1
- pref("intl.fallbackCharsetList.ISO-8859-1", "windows-1252");
- pref("font.language.group", "chrome://global/locale/intl.properties");
-
- // Android-specific pref to use key-events-only mode for IME-unaware webapps.
- #ifdef MOZ_WIDGET_ANDROID
--- a/series Mon Apr 17 09:40:14 2017 +0200
+++ b/series Sun Jun 04 09:56:53 2017 +0200
@@ -2,7 +2,6 @@
mozilla-nongnome-proxies.patch
mozilla-shared-nss-db.patch
mozilla-kde.patch
-mozilla-preferences.patch
mozilla-language.patch
mozilla-ntlm-full-path.patch
mozilla-idldir.patch