- Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0), firefox56
authorzaitor@opensuse.org
Sun, 01 Oct 2017 23:13:44 +0200
branchfirefox56
changeset 996 84d25951c2db
parent 995 37c56dbf929f
child 997 ca8a6ac7fbf6
- Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
pkgconfig(gtk+-2.0), pkgconfig(gtk+-unix-print-2.0),
pkgconfig(glib-2.0), pkgconfig(gobject-2.0) and
pkgconfig(gdk-x11-2.0) BuildRequires, align with what configure
looks for.
MozillaFirefox/MozillaFirefox.changes
MozillaFirefox/MozillaFirefox.spec
MozillaFirefox/create-tar.sh
--- a/MozillaFirefox/MozillaFirefox.changes	Thu Sep 21 14:01:15 2017 +0200
+++ b/MozillaFirefox/MozillaFirefox.changes	Sun Oct 01 23:13:44 2017 +0200
@@ -1,11 +1,69 @@
 -------------------------------------------------------------------
-Sun Sep 17 08:07:43 UTC 2017 - wr@rosenauer.org
-
-- update to Firefox 56.0b12
+Sat Sep 30 20:10:50 UTC 2017 - zaitor@opensuse.org
+
+- Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
+  pkgconfig(gtk+-2.0), pkgconfig(gtk+-unix-print-2.0),
+  pkgconfig(glib-2.0), pkgconfig(gobject-2.0) and
+  pkgconfig(gdk-x11-2.0) BuildRequires, align with what configure
+  looks for.
+
+-------------------------------------------------------------------
+Thu Sep 28 08:28:29 UTC 2017 - wr@rosenauer.org
+
+- update to Firefox 56.0 (boo#1060445)
+  * Firefox Screenshots
   * Find Options/Preferences more quickly with new search function
   * Media is no longer auto-played when opened in a background tab
   * Enable CSS Grid Layout View
+  MFSA 2017-21
+  * CVE-2017-7793 (bmo#1371889)
+    Use-after-free with Fetch API
+  * CVE-2017-7817 (bmo#1356596) (Android-only)
+    Firefox for Android address bar spoofing through fullscreen mode
+  * CVE-2017-7818 (bmo#1363723)
+    Use-after-free during ARIA array manipulation
+  * CVE-2017-7819 (bmo#1380292)
+    Use-after-free while resizing images in design mode
+  * CVE-2017-7824 (bmo#1398381)
+    Buffer overflow when drawing and validating elements with ANGLE
+  * CVE-2017-7805 (bmo#1377618) (fixed via NSS requirement)
+    Use-after-free in TLS 1.2 generating handshake hashes
+  * CVE-2017-7812 (bmo#1379842)
+    Drag and drop of malicious page content to the tab bar can open locally stored files
+  * CVE-2017-7814 (bmo#1376036)
+    Blob and data URLs bypass phishing and malware protection warnings
+  * CVE-2017-7813 (bmo#1383951)
+    Integer truncation in the JavaScript parser
+  * CVE-2017-7825 (bmo#1393624, bmo#1390980) (OSX-only)
+    OS X fonts render some Tibetan and Arabic unicode characters as spaces
+  * CVE-2017-7815 (bmo#1368981)
+    Spoofing attack with modal dialogs on non-e10s installations
+  * CVE-2017-7816 (bmo#1380597)
+    WebExtensions can load about: URLs in extension UI
+  * CVE-2017-7821 (bmo#1346515)
+    WebExtensions can download and open non-executable files without user interaction
+  * CVE-2017-7823 (bmo#1396320)
+    CSP sandbox directive did not create a unique origin
+  * CVE-2017-7822 (bmo#1368859)
+    WebCrypto allows AES-GCM with 0-length IV
+  * CVE-2017-7820 (bmo#1378207)
+    Xray wrapper bypass with new tab and web console
+  * CVE-2017-7811
+    Memory safety bugs fixed in Firefox 56
+  * CVE-2017-7810
+    Memory safety bugs fixed in Firefox 56 and Firefox ESR 52.4
 - requires NSPR 4.16 and NSS 3.32.1
+- rebased patches
+
+-------------------------------------------------------------------
+Thu Sep 28 07:53:13 UTC 2017 - dimstar@opensuse.org
+
+- Add alsa-devel BuildRequires: we care for ALSA support to be
+  built and thus need to ensure we get the dependencies in place.
+  In the past, alsa-devel was pulled in by accident: we
+  buildrequire libgnome-devel. This required esound-devel and that
+  in turn pulled in alsa-devel for us. libgnome is being fixed to
+  no longer require esound-devel.
 
 -------------------------------------------------------------------
 Mon Sep  4 18:27:44 UTC 2017 - wr@rosenauer.org
--- a/MozillaFirefox/MozillaFirefox.spec	Thu Sep 21 14:01:15 2017 +0200
+++ b/MozillaFirefox/MozillaFirefox.spec	Sun Oct 01 23:13:44 2017 +0200
@@ -16,20 +16,21 @@
 # Please submit bugfixes or comments via http://bugs.opensuse.org/
 #
 
+
 # changed with every update
 %define major 56
 %define mainver %major.0
 %define update_channel release
 %define branding 1
-%define releasedate 20170918210324
+%define releasedate 20170926190823
 
 # PIE, full relro (x86_64 for now)
 %define build_hardened 1
 
 # Firefox only supports i686
 %ifarch %ix86
-ExclusiveArch: i586 i686
-BuildArch:     i686
+ExclusiveArch:  i586 i686
+BuildArch:      i686
 %{expand:%%global optflags %(echo "%optflags"|sed -e s/i586/i686/) -march=i686 -mtune=generic}
 %endif
 
@@ -54,6 +55,7 @@
 
 Name:           %{pkgname}
 BuildRequires:  Mesa-devel
+BuildRequires:  alsa-devel
 BuildRequires:  autoconf213
 BuildRequires:  dbus-1-glib-devel
 BuildRequires:  fdupes
@@ -62,9 +64,9 @@
 %else
 BuildRequires:  gcc-c++
 %endif
+BuildRequires:  cargo
 BuildRequires:  libXcomposite-devel
 BuildRequires:  libcurl-devel
-BuildRequires:  libgnomeui-devel
 BuildRequires:  libidl-devel
 BuildRequires:  libiw-devel
 BuildRequires:  libnotify-devel
@@ -73,21 +75,24 @@
 BuildRequires:  mozilla-nspr-devel >= 4.16
 BuildRequires:  mozilla-nss-devel >= 3.32.1
 BuildRequires:  python-devel
+BuildRequires:  rust >= 1.15.1
+BuildRequires:  rust-std
 BuildRequires:  startup-notification-devel
 BuildRequires:  unzip
 BuildRequires:  update-desktop-files
 BuildRequires:  xorg-x11-libXt-devel
 BuildRequires:  yasm
 BuildRequires:  zip
-BuildRequires:  pkgconfig(libpulse)
-BuildRequires:  pkgconfig(libffi)
-BuildRequires:  pkgconfig(glib-2.0)
+BuildRequires:  pkgconfig(gconf-2.0)
+BuildRequires:  pkgconfig(gdk-x11-2.0)
+BuildRequires:  pkgconfig(glib-2.0) >= 2.22
 BuildRequires:  pkgconfig(gobject-2.0)
+BuildRequires:  pkgconfig(gtk+-2.0) >= 2.18.0
 BuildRequires:  pkgconfig(gtk+-3.0) >= 3.4.0
+BuildRequires:  pkgconfig(gtk+-unix-print-2.0)
 BuildRequires:  pkgconfig(gtk+-unix-print-3.0)
-BuildRequires:  cargo
-BuildRequires:  rust >= 1.15.1
-BuildRequires:  rust-std
+BuildRequires:  pkgconfig(libffi)
+BuildRequires:  pkgconfig(libpulse)
 #BuildRequires:  llvm-clang-devel >= 3.9.0
 # libavcodec is required for H.264 support but the
 # openSUSE version is currently not able to play H.264
--- a/MozillaFirefox/create-tar.sh	Thu Sep 21 14:01:15 2017 +0200
+++ b/MozillaFirefox/create-tar.sh	Sun Oct 01 23:13:44 2017 +0200
@@ -7,7 +7,7 @@
 
 CHANNEL="release"
 BRANCH="releases/mozilla-$CHANNEL"
-RELEASE_TAG="2bb9e6526ce959abb5416e69226d4dac88851eda"  # 56 build1
+RELEASE_TAG="8fbf05f4b92125e081984f5e39b559b83e5cc729"  # 56 build6
 VERSION="56.0"
 
 # mozilla