Mercurial Mercurial > hg > mozilla / changeset
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
52.1.0 including esr variants and proper changelogs firefox52
authorWolfgang Rosenauer <wr@rosenauer.org>
Fri, 28 Apr 2017 19:49:33 +0200
branchfirefox52
changeset 969 8d48ef5efb59
parent 968 5581eb3d07e1
child 970 453fc9b5eb53
52.1.0 including esr variants and proper changelogs
MozillaFirefox/MozillaFirefox.changes file | annotate | diff | comparison | revisions
MozillaFirefox/MozillaFirefox.spec file | annotate | diff | comparison | revisions
MozillaFirefox/create-tar.sh file | annotate | diff | comparison | revisions
MozillaFirefox/firefox-esr.changes file | annotate | diff | comparison | revisions
MozillaFirefox/firefox-esr.spec file | annotate | diff | comparison | revisions 
--- a/MozillaFirefox/MozillaFirefox.changes	Fri Apr 28 19:40:59 2017 +0200
+++ b/MozillaFirefox/MozillaFirefox.changes	Fri Apr 28 19:49:33 2017 +0200
@@ -1,7 +1,80 @@
 -------------------------------------------------------------------
 Wed Apr 12 21:43:16 UTC 2017 - wr@rosenauer.org
 
-- update to Firefox 52.1.0esr
+- update to Firefox 52.1.0esr (boo#1035082)
+  MFSA 2017-12
+  * CVE-2017-5443 (bmo#1342661)
+    Out-of-bounds write during BinHex decoding
+  * CVE-2017-5429 (bmo#1341096, bmo#1342823, bmo#1343261, bmo#1348894,
+     bmo#1348941, bmo#1349340, bmo#1350844, bmo#1352926, bmo#1353088)
+    Memory safety bugs fixed in Firefox 53, Firefox ESR 45.9, and
+    Firefox ESR 52.1
+  * CVE-2017-5464 (bmo#1347075)
+    Memory corruption with accessibility and DOM manipulation
+  * CVE-2017-5465 (bmo#1347617)
+    Out-of-bounds read in ConvolvePixel
+  * CVE-2017-5466 (bmo#1353975)
+    Origin confusion when reloading isolated data:text/html URL
+  * CVE-2017-5467 (bmo#1347262)
+    Memory corruption when drawing Skia content
+  * CVE-2017-5460 (bmo#1343642)
+    Use-after-free in frame selection
+  * CVE-2017-5461 (bmo#1344380)
+    Out-of-bounds write in Base64 encoding in NSS
+  * CVE-2017-5448 (bmo#1346648)
+    Out-of-bounds write in ClearKeyDecryptor
+  * CVE-2017-5449 (bmo#1340127)
+    Crash during bidirectional unicode manipulation with animation
+  * CVE-2017-5446 (bmo#1343505)
+    Out-of-bounds read when HTTP/2 DATA frames are sent with incorrect data
+  * CVE-2017-5447 (bmo#1343552)
+    Out-of-bounds read during glyph processing
+  * CVE-2017-5444 (bmo#1344461)
+    Buffer overflow while parsing application/http-index-format content
+  * CVE-2017-5445 (bmo#1344467)
+    Uninitialized values used while parsing application/http-index-format
+    content
+  * CVE-2017-5442 (bmo#1347979)
+    Use-after-free during style changes
+  * CVE-2017-5469 (bmo#1292534)
+    Potential Buffer overflow in flex-generated code
+  * CVE-2017-5440 (bmo#1336832)
+    Use-after-free in txExecutionState destructor during XSLT processing
+  * CVE-2017-5441 (bmo#1343795)
+    Use-after-free with selection during scroll events
+  * CVE-2017-5439 (bmo#1336830)
+    Use-after-free in nsTArray Length() during XSLT processing
+  * CVE-2017-5438 (bmo#1336828)
+    Use-after-free in nsAutoPtr during XSLT processing
+  * CVE-2017-5437 (bmo#1343453)
+    Vulnerabilities in Libevent library
+  * CVE-2017-5436 (bmo#1345461)
+    Out-of-bounds write with malicious font in Graphite 2
+  * CVE-2017-5435 (bmo#1350683)
+    Use-after-free during transaction processing in the editor
+  * CVE-2017-5434 (bmo#1349946)
+    Use-after-free during focus handling
+  * CVE-2017-5433 (bmo#1347168)
+    Use-after-free in SMIL animation functions
+  * CVE-2017-5432 (bmo#1346654)
+    Use-after-free in text input selection
+  * CVE-2017-5430 (bmo#1329796, bmo#1337418, bmo#1339722, bmo#1340482,
+     bmo#1342101, bmo#1344081, bmo#1344305, bmo#1344686, bmo#1346140,
+     bmo#1346419, bmo#1348143, bmo#1349621, bmo#1349719, bmo#1353476)
+    Memory safety bugs fixed in Firefox 53 and Firefox ESR 52.1
+  * CVE-2017-5459 (bmo#1333858)
+    Buffer overflow in WebGL
+  * CVE-2017-5462 (bmo#1345089)
+    DRBG flaw in NSS
+  * CVE-2017-5455 (bmo#1341191)
+    Sandbox escape through internal feed reader APIs
+  * CVE-2017-5454 (bmo#1349276)
+    Sandbox escape allowing file system read access through file
+    picker
+  * CVE-2017-5456 (bmo#1344415)
+    Sandbox escape allowing local file system access
+  * CVE-2017-5451 (bmo#1273537)
+    Addressbar spoofing with onblur event
 - requires NSS 3.28.4
 - rebased patches
 
--- a/MozillaFirefox/MozillaFirefox.spec	Fri Apr 28 19:40:59 2017 +0200
+++ b/MozillaFirefox/MozillaFirefox.spec	Fri Apr 28 19:49:33 2017 +0200
@@ -91,8 +91,8 @@
 BuildRequires:  xorg-x11-libXt-devel
 BuildRequires:  yasm
 BuildRequires:  zip
+BuildRequires:  pkgconfig(libffi)
 BuildRequires:  pkgconfig(libpulse)
-BuildRequires:  pkgconfig(libffi)
 %if 0%{?firefox_use_gtk3}
 BuildRequires:  pkgconfig(glib-2.0)
 BuildRequires:  pkgconfig(gobject-2.0)
--- a/MozillaFirefox/create-tar.sh	Fri Apr 28 19:40:59 2017 +0200
+++ b/MozillaFirefox/create-tar.sh	Fri Apr 28 19:49:33 2017 +0200
@@ -7,7 +7,7 @@
 
 CHANNEL="esr52"
 BRANCH="releases/mozilla-$CHANNEL"
-RELEASE_TAG="aaa0bba23803d2fcf283040f123915cf98a7eef0"
+RELEASE_TAG="3ea0e075203185d7f2d42f439455e97735bd1b20"
 VERSION="52.1.0"
 
 # mozilla
--- a/MozillaFirefox/firefox-esr.changes	Fri Apr 28 19:40:59 2017 +0200
+++ b/MozillaFirefox/firefox-esr.changes	Fri Apr 28 19:49:33 2017 +0200
@@ -1,7 +1,80 @@
 -------------------------------------------------------------------
-Mon Apr 17 07:05:43 UTC 2017 - wr@rosenauer.org
-
-- update to Firefox 52.1.0esr
+Wed Apr 12 21:43:16 UTC 2017 - wr@rosenauer.org
+
+- update to Firefox 52.1.0esr (boo#1035082)
+  MFSA 2017-12
+  * CVE-2017-5443 (bmo#1342661)
+    Out-of-bounds write during BinHex decoding
+  * CVE-2017-5429 (bmo#1341096, bmo#1342823, bmo#1343261, bmo#1348894,
+     bmo#1348941, bmo#1349340, bmo#1350844, bmo#1352926, bmo#1353088)
+    Memory safety bugs fixed in Firefox 53, Firefox ESR 45.9, and
+    Firefox ESR 52.1
+  * CVE-2017-5464 (bmo#1347075)
+    Memory corruption with accessibility and DOM manipulation
+  * CVE-2017-5465 (bmo#1347617)
+    Out-of-bounds read in ConvolvePixel
+  * CVE-2017-5466 (bmo#1353975)
+    Origin confusion when reloading isolated data:text/html URL
+  * CVE-2017-5467 (bmo#1347262)
+    Memory corruption when drawing Skia content
+  * CVE-2017-5460 (bmo#1343642)
+    Use-after-free in frame selection
+  * CVE-2017-5461 (bmo#1344380)
+    Out-of-bounds write in Base64 encoding in NSS
+  * CVE-2017-5448 (bmo#1346648)
+    Out-of-bounds write in ClearKeyDecryptor
+  * CVE-2017-5449 (bmo#1340127)
+    Crash during bidirectional unicode manipulation with animation
+  * CVE-2017-5446 (bmo#1343505)
+    Out-of-bounds read when HTTP/2 DATA frames are sent with incorrect data
+  * CVE-2017-5447 (bmo#1343552)
+    Out-of-bounds read during glyph processing
+  * CVE-2017-5444 (bmo#1344461)
+    Buffer overflow while parsing application/http-index-format content
+  * CVE-2017-5445 (bmo#1344467)
+    Uninitialized values used while parsing application/http-index-format
+    content
+  * CVE-2017-5442 (bmo#1347979)
+    Use-after-free during style changes
+  * CVE-2017-5469 (bmo#1292534)
+    Potential Buffer overflow in flex-generated code
+  * CVE-2017-5440 (bmo#1336832)
+    Use-after-free in txExecutionState destructor during XSLT processing
+  * CVE-2017-5441 (bmo#1343795)
+    Use-after-free with selection during scroll events
+  * CVE-2017-5439 (bmo#1336830)
+    Use-after-free in nsTArray Length() during XSLT processing
+  * CVE-2017-5438 (bmo#1336828)
+    Use-after-free in nsAutoPtr during XSLT processing
+  * CVE-2017-5437 (bmo#1343453)
+    Vulnerabilities in Libevent library
+  * CVE-2017-5436 (bmo#1345461)
+    Out-of-bounds write with malicious font in Graphite 2
+  * CVE-2017-5435 (bmo#1350683)
+    Use-after-free during transaction processing in the editor
+  * CVE-2017-5434 (bmo#1349946)
+    Use-after-free during focus handling
+  * CVE-2017-5433 (bmo#1347168)
+    Use-after-free in SMIL animation functions
+  * CVE-2017-5432 (bmo#1346654)
+    Use-after-free in text input selection
+  * CVE-2017-5430 (bmo#1329796, bmo#1337418, bmo#1339722, bmo#1340482,
+     bmo#1342101, bmo#1344081, bmo#1344305, bmo#1344686, bmo#1346140,
+     bmo#1346419, bmo#1348143, bmo#1349621, bmo#1349719, bmo#1353476)
+    Memory safety bugs fixed in Firefox 53 and Firefox ESR 52.1
+  * CVE-2017-5459 (bmo#1333858)
+    Buffer overflow in WebGL
+  * CVE-2017-5462 (bmo#1345089)
+    DRBG flaw in NSS
+  * CVE-2017-5455 (bmo#1341191)
+    Sandbox escape through internal feed reader APIs
+  * CVE-2017-5454 (bmo#1349276)
+    Sandbox escape allowing file system read access through file
+    picker
+  * CVE-2017-5456 (bmo#1344415)
+    Sandbox escape allowing local file system access
+  * CVE-2017-5451 (bmo#1273537)
+    Addressbar spoofing with onblur event
 - requires NSS 3.28.4
 - rebased patches
 
--- a/MozillaFirefox/firefox-esr.spec	Fri Apr 28 19:40:59 2017 +0200
+++ b/MozillaFirefox/firefox-esr.spec	Fri Apr 28 19:49:33 2017 +0200
@@ -29,7 +29,7 @@
 %if 0%{?suse_version} > 1320
 %define firefox_use_gtk3 1
 %ifarch %ix86 x86_64
-%define firefox_use_rust 1
+%define firefox_use_rust 0
 %endif
 %endif
 
@@ -91,8 +91,8 @@
 BuildRequires:  xorg-x11-libXt-devel
 BuildRequires:  yasm
 BuildRequires:  zip
+BuildRequires:  pkgconfig(libffi)
 BuildRequires:  pkgconfig(libpulse)
-BuildRequires:  pkgconfig(libffi)
 %if 0%{?firefox_use_gtk3}
 BuildRequires:  pkgconfig(glib-2.0)
 BuildRequires:  pkgconfig(gobject-2.0)
mozilla