60.6 firefox60 tip
authorWolfgang Rosenauer <wr@rosenauer.org>
Tue, 19 Mar 2019 09:56:49 +0100
branchfirefox60
changeset 1091 cbed5671ff47
parent 1090 554cd9503f75
60.6
MozillaFirefox/MozillaFirefox.changes
MozillaFirefox/MozillaFirefox.spec
MozillaFirefox/_constraints
MozillaFirefox/create-tar.sh
MozillaFirefox/source-stamp.txt
firefox-branded-icons.patch
mozilla-bmo1375074.patch
mozilla-bmo1463035.patch
mozilla-bmo1464766.patch
--- a/MozillaFirefox/MozillaFirefox.changes	Tue Mar 19 09:49:20 2019 +0100
+++ b/MozillaFirefox/MozillaFirefox.changes	Tue Mar 19 09:56:49 2019 +0100
@@ -1,8 +1,42 @@
 -------------------------------------------------------------------
+Tue Mar 19 08:44:38 UTC 2019 - Wolfgang Rosenauer <wr@rosenauer.org>
+
+- Mozilla Firefox 60.6.0esr
+
+-------------------------------------------------------------------
+Fri Feb 22 21:16:02 UTC 2019 - Andreas Stieger <andreas.stieger@gmx.de>
+
+- Mozilla Firefox 60.5.2esr:
+  * Fix a frequent crash when reading various Reuters news articles
+    (bmo#1505844)
+
+-------------------------------------------------------------------
+Wed Feb 13 15:23:09 UTC 2019 - Wolfgang Rosenauer <wr@rosenauer.org>
+
+- Mozilla Firefox 60.5.1esr (bsc#1125330)
+  MFSA 2019-05
+  * CVE-2018-18356 bmo#1525817
+    Use-after-free in Skia
+  * CVE-2019-5785 bmo#1525433
+    Integer overflow in Skia
+  * CVE-2018-18335 bmo#1525815
+    Buffer overflow in Skia with accelerated Canvas 2D
+- increased disk space requirement to 20G for build
+
+-------------------------------------------------------------------
 Wed Jan 23 23:17:37 UTC 2019 - Wolfgang Rosenauer <wr@rosenauer.org>
 
 - Mozilla Firefox 60.5.0esr
+  MFSA 2019-02 (bsc#1122983)
+  * CVE-2018-18500 bmo#1510114
+    Use-after-free parsing HTML5 stream
+  * CVE-2018-18505 bmo#1497749
+    Privilege escalation through IPC channel messages
+  * CVE-2018-18501 bmo#1512450 bmo#1517542 bmo#1513201 bmo#1460619
+    bmo#1502871 bmo#1516738 bmo#1516514
+    Memory safety bugs fixed in Firefox 65 and Firefox ESR 60.5
 - requires NSS >= 3.36.7
+- rebased patches
 - removed obsolete patch:
   mozilla-no-stdcxx-check.patch
 
--- a/MozillaFirefox/MozillaFirefox.spec	Tue Mar 19 09:49:20 2019 +0100
+++ b/MozillaFirefox/MozillaFirefox.spec	Tue Mar 19 09:56:49 2019 +0100
@@ -19,10 +19,10 @@
 
 # changed with every update
 %define major 60
-%define mainver %major.5.0
+%define mainver %major.6.0
 %define update_channel esr
 %define branding 1
-%define releasedate 20190121141556
+%define releasedate 20190313191546
 %define source_prefix firefox-%{mainver}
 
 # PIE, full relro (x86_64 for now)
@@ -371,7 +371,8 @@
 #ac_add_options --enable-chrome-format=jar
 ac_add_options --enable-update-channel=%{update_channel}
 ac_add_options --with-mozilla-api-keyfile=%{SOURCE18}
-ac_add_options --with-google-api-keyfile=%{SOURCE19}
+ac_add_options --with-google-location-service-api-keyfile=%{SOURCE19}
+ac_add_options --with-google-safebrowsing-api-keyfile=%{SOURCE19}
 %if %branding
 ac_add_options --enable-official-branding
 %endif
--- a/MozillaFirefox/_constraints	Tue Mar 19 09:49:20 2019 +0100
+++ b/MozillaFirefox/_constraints	Tue Mar 19 09:56:49 2019 +0100
@@ -2,7 +2,7 @@
 <constraints>
   <hardware>
     <disk>
-      <size unit="G">16</size>
+      <size unit="G">20</size>
     </disk>
     <memory>
       <size unit="G">8</size>
--- a/MozillaFirefox/create-tar.sh	Tue Mar 19 09:49:20 2019 +0100
+++ b/MozillaFirefox/create-tar.sh	Tue Mar 19 09:56:49 2019 +0100
@@ -7,8 +7,8 @@
 
 CHANNEL="esr60"
 BRANCH="releases/mozilla-$CHANNEL"
-RELEASE_TAG="15cf33587a608bd7ab91a3cd4ae47dea66ce73db"
-VERSION="60.5.0"
+RELEASE_TAG="FIREFOX_60_6_0esr_RELEASE"
+VERSION="60.6.0"
 VERSION_SUFFIX="esr"
 LOCALE_FILE="firefox-$VERSION/browser/locales/l10n-changesets.json"
 
--- a/MozillaFirefox/source-stamp.txt	Tue Mar 19 09:49:20 2019 +0100
+++ b/MozillaFirefox/source-stamp.txt	Tue Mar 19 09:56:49 2019 +0100
@@ -1,2 +1,2 @@
-REV=15cf33587a60
+REV=7dc3b931ebe5
 REPO=http://hg.mozilla.org/releases/mozilla-esr60
--- a/firefox-branded-icons.patch	Tue Mar 19 09:49:20 2019 +0100
+++ b/firefox-branded-icons.patch	Tue Mar 19 09:56:49 2019 +0100
@@ -1,11 +1,11 @@
 # HG changeset patch
 # Parent e0751ad74e835e80041a61ea00c2a63bf6fbe2de
-# Parent  38e46d7f98d3e392de95d83660ecd147b30dc9aa
+# Parent  d86775f656fdd2748b573f0e7d68f838fb125f8d
 
 diff --git a/browser/branding/branding-common.mozbuild b/browser/branding/branding-common.mozbuild
 --- a/browser/branding/branding-common.mozbuild
 +++ b/browser/branding/branding-common.mozbuild
-@@ -17,12 +17,15 @@ def FirefoxBranding():
+@@ -22,12 +22,15 @@ def FirefoxBranding():
          FINAL_TARGET_FILES.VisualElements += [
              'VisualElements_150.png',
              'VisualElements_70.png',
@@ -24,7 +24,7 @@
 diff --git a/browser/installer/package-manifest.in b/browser/installer/package-manifest.in
 --- a/browser/installer/package-manifest.in
 +++ b/browser/installer/package-manifest.in
-@@ -601,20 +601,23 @@
+@@ -598,20 +598,23 @@
  @RESPATH@/browser/extensions/{972ce4c6-7e08-4474-a285-3208198ce6fd}/chrome.manifest
  @RESPATH@/browser/extensions/{972ce4c6-7e08-4474-a285-3208198ce6fd}/install.rdf
  @RESPATH@/chrome/toolkit@JAREXT@
--- a/mozilla-bmo1375074.patch	Tue Mar 19 09:49:20 2019 +0100
+++ b/mozilla-bmo1375074.patch	Tue Mar 19 09:56:49 2019 +0100
@@ -3,7 +3,7 @@
 # User Lars T Hansen <lhansen@mozilla.com>
 # Date 1519822672 -3600
 # Node ID 800abe66894d6b07b24bccecbf6a65e2261076f6
-# Parent  13ecd3214b18e4cab73c54e12e16071d58bed11e
+# Parent  6fbe9ec020d822b1deef5b0afe76b905b82308a1
 Bug 1375074 - Save and restore non-volatile x28 on ARM64 for generated unboxed object constructor.  r=sstangl
 
 diff --git a/js/src/jit-test/tests/bug1375074.js b/js/src/jit-test/tests/bug1375074.js
--- a/mozilla-bmo1463035.patch	Tue Mar 19 09:49:20 2019 +0100
+++ b/mozilla-bmo1463035.patch	Tue Mar 19 09:56:49 2019 +0100
@@ -3,7 +3,7 @@
 # User Mike Hommey <mh+mozilla@glandium.org>
 # Date 1526871862 -32400
 # Node ID 94f21505ff13cd089f7129cd24927cf8b31a0f43
-# Parent  4a2e8085417fe782738bfd736b69806d9ed19d6a
+# Parent  3075b562ca9b07ae037c427db6fdbc0ed1ad29a4
 Bug 1463035 - Remove MOZ_SIGNAL_TRAMPOLINE. r?darchons
 
 For some reason, GNU as is not happy with the assembly generated after
--- a/mozilla-bmo1464766.patch	Tue Mar 19 09:49:20 2019 +0100
+++ b/mozilla-bmo1464766.patch	Tue Mar 19 09:56:49 2019 +0100
@@ -3,13 +3,13 @@
 # User Mike Hommey <mh+mozilla@glandium.org>
 # Date 1527491713 -32400
 # Node ID c28becad0c10b906454d7e424f9a9402799ea8dd
-# Parent  a830c8302c71a45e019fe14e16945b32346b2253
+# Parent  906f5be6219677928f03318adb1d5e4eed96333c
 Bug 1464766 - Allow to relax the addon signature requirements. r?rhelmer
 
 diff --git a/modules/libpref/init/all.js b/modules/libpref/init/all.js
 --- a/modules/libpref/init/all.js
 +++ b/modules/libpref/init/all.js
-@@ -1256,16 +1256,19 @@ pref("print.print_via_parent", true);
+@@ -1254,16 +1254,19 @@ pref("print.print_via_parent", true);
  pref("print.print_via_parent", false);
  #endif
  
@@ -78,7 +78,7 @@
 diff --git a/toolkit/mozapps/extensions/internal/XPIProvider.jsm b/toolkit/mozapps/extensions/internal/XPIProvider.jsm
 --- a/toolkit/mozapps/extensions/internal/XPIProvider.jsm
 +++ b/toolkit/mozapps/extensions/internal/XPIProvider.jsm
-@@ -66,16 +66,17 @@ const PREF_XPI_STATE                  = 
+@@ -67,16 +67,17 @@ const PREF_XPI_STATE                  = 
  const PREF_BLOCKLIST_ITEM_URL         = "extensions.blocklist.itemURL";
  const PREF_BOOTSTRAP_ADDONS           = "extensions.bootstrappedAddons";
  const PREF_PENDING_OPERATIONS         = "extensions.pendingOperations";
@@ -96,7 +96,7 @@
  const PREF_XPI_FILE_WHITELISTED       = "xpinstall.whitelist.fileRequest";
  // xpinstall.signatures.required only supported in dev builds
  const PREF_XPI_SIGNATURES_REQUIRED    = "xpinstall.signatures.required";
-@@ -801,17 +802,19 @@ function isDisabledLegacy(addon) {
+@@ -803,17 +804,19 @@ function isDisabledLegacy(addon) {
   *         The add-on to check
   * @return true if the add-on should not be appDisabled
   */