# HG changeset patch # User Wolfgang Rosenauer # Date 1489832281 -3600 # Node ID f7a8fa97a57e00bf34034888956c6202361d03f4 # Parent ace605efe50fdeccb6854dabf444ff42057b2f6f# Parent 34bd1eb1cbd7a7599932b2a31dc529fb481d73a6 merge latest changes from firefox52 prepare 53.0beta cycle diff -r ace605efe50f -r f7a8fa97a57e MozillaFirefox/MozillaFirefox.changes --- a/MozillaFirefox/MozillaFirefox.changes Sat Mar 04 17:54:44 2017 +0100 +++ b/MozillaFirefox/MozillaFirefox.changes Sat Mar 18 11:18:01 2017 +0100 @@ -1,16 +1,92 @@ ------------------------------------------------------------------- -Sat Feb 25 15:19:15 UTC 2017 - wr@rosenauer.org - -- update to Firefox 52.0b9 - * requires NSS >= 3.28.2 +Sat Mar 18 10:12:59 UTC 2017 - wr@rosenauer.org + +- update to Firefox 53.0b4 + * requires NSS 3.29.3 + * Lightweight themes are now applied in private browsing windows + * Reader Mode now displays estimated reading time for the page + * Two new 'compact' themes available in Firefox, dark and light, + based on the Firefox Developer Edition theme + * Ended Firefox Linux support for processors older than Pentium 4 + and AMD Opteron + * Refresh of the media controls user interface + * Shortened titles on tabs are faded out instead of using ellipsis + for improved readability + * Media playback on new tabs is blocked until the tab is visible + * Permission notifications have a cleaner design and cannot be + easily missed +- removed browser(npapi) provides as these plugins are deprecated + +------------------------------------------------------------------- +Fri Mar 17 15:43:29 UTC 2017 - wr@rosenauer.org + +- update to Firefox 52.0.1 (boo#1029822) + MFSA 2017-08 + CVE-2017-5428: integer overflow in createImageBitmap() (bmo#1348168) + +------------------------------------------------------------------- +Thu Mar 9 12:30:14 UTC 2017 - wr@rosenauer.org + +- reenable ALSA support which was removed by default upstream + +------------------------------------------------------------------- +Sat Mar 4 16:57:45 UTC 2017 - wr@rosenauer.org + +- update to Firefox 52.0 (boo#1028391) + * requires NSS >= 3.28.3 * Pages containing insecure password fields now display a warning directly within username and password fields. - * Windows 8 touch screen support for multiprocess Firefox * Send and open a tab from one device to another with Sync * Removed NPAPI support for plugins other than Flash. Silverlight, Java, Acrobat and the like are no longer supported. * Removed Battery Status API to reduce fingerprinting of users by trackers + * MFSA 2017-05 + CVE-2017-5400: asm.js JIT-spray bypass of ASLR and DEP + (bmo#1334933) + CVE-2017-5401: Memory Corruption when handling ErrorResult + (bmo#1328861) + CVE-2017-5402: Use-after-free working with events in FontFace + objects (bmo#1334876) + CVE-2017-5403: Use-after-free using addRange to add range to an + incorrect root object (bmo#1340186) + CVE-2017-5404: Use-after-free working with ranges in selections + (bmo#1340138) + CVE-2017-5406: Segmentation fault in Skia with canvas operations + (bmo#1306890) + CVE-2017-5407: Pixel and history stealing via floating-point + timing side channel with SVG filters (bmo#1336622) + CVE-2017-5410: Memory corruption during JavaScript garbage + collection incremental sweeping (bmo#1330687) + CVE-2017-5408: Cross-origin reading of video captions in violation + of CORS (bmo#1313711) + CVE-2017-5412: Buffer overflow read in SVG filters (bmo#1328323) + CVE-2017-5413: Segmentation fault during bidirectional operations + (bmo#1337504) + CVE-2017-5414: File picker can choose incorrect default directory + (bmo#1319370) + CVE-2017-5415: Addressbar spoofing through blob URL (bmo#1321719) + CVE-2017-5416: Null dereference crash in HttpChannel (bmo#1328121) + CVE-2017-5417: Addressbar spoofing by draging and dropping URLs + (bmo#791597) + CVE-2017-5426: Gecko Media Plugin sandbox is not started if + seccomp-bpf filter is running (bmo#1257361) + CVE-2017-5427: Non-existent chrome.manifest file loaded during + startup (bmo#1295542) + CVE-2017-5418: Out of bounds read when parsing HTTP digest + authorization responses (bmo#1338876) + CVE-2017-5419: Repeated authentication prompts lead to DOS + attack (bmo#1312243) + CVE-2017-5420: Javascript: URLs can obfuscate addressbar + location (bmo#1284395) + CVE-2017-5405: FTP response codes can cause use of + uninitialized values for ports (bmo#1336699) + CVE-2017-5421: Print preview spoofing (bmo#1301876) + CVE-2017-5422: DOS attack by using view-source: protocol + repeatedly in one hyperlink (bmo#1295002) + CVE-2017-5399: Memory safety bugs fixed in Firefox 52 + CVE-2017-5398: Memory safety bugs fixed in Firefox 52 and + Firefox ESR 45.8 - removed obsolete patches * mozilla-binutils-visibility.patch * mozilla-check_return.patch diff -r ace605efe50f -r f7a8fa97a57e MozillaFirefox/MozillaFirefox.spec --- a/MozillaFirefox/MozillaFirefox.spec Sat Mar 04 17:54:44 2017 +0100 +++ b/MozillaFirefox/MozillaFirefox.spec Sat Mar 18 11:18:01 2017 +0100 @@ -18,10 +18,10 @@ # changed with every update -%define major 51 +%define major 52 %define mainver %major.99 %define update_channel beta -%define releasedate 20170224000000 +%define releasedate 20170317000000 # PIE, full relro (x86_64 for now) %define build_hardened 1 @@ -31,7 +31,6 @@ %define firefox_use_rust 1 %endif - # general build definitions %if "%{update_channel}" != "aurora" %define progname firefox @@ -81,7 +80,7 @@ BuildRequires: libproxy-devel BuildRequires: makeinfo BuildRequires: mozilla-nspr-devel >= 4.13.1 -BuildRequires: mozilla-nss-devel >= 3.28.2 +BuildRequires: mozilla-nss-devel >= 3.29.3 BuildRequires: nss-shared-helper-devel BuildRequires: python-devel BuildRequires: startup-notification-devel @@ -100,6 +99,7 @@ %if 0%{?firefox_use_rust} BuildRequires: cargo BuildRequires: rust >= 1.10 +BuildRequires: rust-std %endif # libavcodec is required for H.264 support but the # openSUSE version is currently not able to play H.264 @@ -113,7 +113,6 @@ Provides: firefox = %{version}-%{release} %endif Provides: web_browser -Provides: browser(npapi) %if "%{update_channel}" != "aurora" Provides: appdata() Provides: appdata(firefox.appdata.xml) @@ -353,6 +352,7 @@ ac_add_options --with-system-zlib ac_add_options --disable-updater ac_add_options --disable-tests +ac_add_options --enable-alsa ac_add_options --disable-debug ac_add_options --enable-startup-notification #ac_add_options --enable-chrome-format=jar diff -r ace605efe50f -r f7a8fa97a57e MozillaFirefox/create-tar.sh --- a/MozillaFirefox/create-tar.sh Sat Mar 04 17:54:44 2017 +0100 +++ b/MozillaFirefox/create-tar.sh Sat Mar 18 11:18:01 2017 +0100 @@ -7,8 +7,8 @@ CHANNEL="beta" BRANCH="releases/mozilla-$CHANNEL" -RELEASE_TAG="FIREFOX_52_0b9_RELEASE" -VERSION="51.99" +RELEASE_TAG="FIREFOX_53_0b4_RELEASE" +VERSION="52.99" # mozilla if [ -d mozilla ]; then diff -r ace605efe50f -r f7a8fa97a57e MozillaFirefox/l10n_changesets.txt --- a/MozillaFirefox/l10n_changesets.txt Sat Mar 04 17:54:44 2017 +0100 +++ b/MozillaFirefox/l10n_changesets.txt Sat Mar 18 11:18:01 2017 +0100 @@ -1,93 +1,94 @@ -ach 34c236a22596 -af 90f7ccd90de4 -an 10f71571821e -ar 0edb7b32133a -as ee642d74fde9 -ast 80b866a98b5a -az 07778ef756d4 -bg 3e1affaac949 -bn-BD 6182802acd04 -bn-IN 0775fc62a38e -br 88938f2eb7e2 -bs afe1158833f4 -ca c49b6bb37779 -cak 30c024aa79ef -cs 392a1ff68cfd -cy e9cc2975266f -da cb1423eac811 -de 6535fbec1846 -dsb bbdbee2ecc9f -el 4232653d09a7 -en-GB 3b1783bdb6fd -en-ZA 86f98526de2f -eo d478da264502 -es-AR adc3a9f3054e -es-CL 8ce5a00c2709 -es-ES 3debdad3d876 -es-MX c2d80c000c8c -et 5ce460a1227b -eu 55202a38f74c -fa de4daf555606 -ff 98974e0270a8 -fi 903b0416494a -fr 7e9efb5f39b1 -fy-NL 551f14553b31 -ga-IE 94a750872504 -gd b2e4e78a85cf -gl 79eda21c5b0b -gn 8448413afd01 -gu-IN ef0d3c1d041a -he 31df213cf89d -hi-IN 6578b433d66e -hr 77f103c07be0 -hsb 99f7c592ff8c -hu 7ec46b30e96d -hy-AM ee9609100a98 -id 584289a98164 -is 0de2039f0ead -it ac8abee179d4 -ja c596f800130a -ja-JP-mac e3b94e022b7d -ka fd11643d032b -kab 89a29ca718ef -kk bbde07088662 -km 1d78cae948e2 -kn ceb699bfc19e -ko ab9bc02a8c39 -lij 221601dc2320 -lt 1c563aa726f8 -lv 33dd8fbeb14e -mai 4974d9967e3a -mk 85557d511a18 -ml 3ac6473b90b8 -mr 9c8106a513fd -ms f5ed710c8534 -nb-NO c84b8fb6b939 -nl b3c2ab953068 -nn-NO bc795ce8885a -or ad0d79e1df34 -pa-IN 7a7d721c7f47 -pl 42ea1da43a3b -pt-BR e9eaef0caba5 -pt-PT 5deb6216933d -rm 4981325b9462 -ro 952587a63617 -ru 3d319dcf82c7 -si ea8510d62e56 -sk 968ee9fbd8ba -sl e398e25297bc -son a071d439a5f3 -sq c526b7451403 -sr 3fb1197cc3f3 -sv-SE 2d93a3f0c284 -ta e5fbcf49496f -te d4cabe943952 -th e66a11b8da51 -tr 2ec45f681bb0 -uk d3ccc79b70b2 -uz 53122cc7d6ad -vi e4f8d820bef2 -xh 6ba5a5671721 -zh-CN fb21432035d2 -zh-TW d17da9c45a93 +ach ad4861cc8b97 +af ed2ad4994929 +an 99f7617b5ca8 +ar 2f28d11d1657 +as ec72c8873d6f +ast 234a91384f3a +az 65e7cd3b577c +bg 3869be765a85 +bn-BD 53c25d5b4589 +bn-IN 9f8087a5f6cd +br 276a0bd1ddec +bs bd981c758c72 +ca 799630b0c669 +cak 3ad4113a7360 +cs b2f1daccfa0d +cy 09de6e11eb03 +da e0a49a797d36 +de 23defb0cb991 +dsb c53dc817114e +el 5c938eaf3701 +en-GB 26cd2b7806cc +en-ZA 3e25fa2becca +eo 93972005d33e +es-AR 3ed4ba3e0fcb +es-CL 58ac3780452e +es-ES 6f99cb5c975b +es-MX 826be6e20d6c +et 4aa55cdd1504 +eu 2333c4822f7c +fa d5f8a48f15d2 +ff fd37d118280c +fi db0a67c30074 +fr 54307652740e +fy-NL 7645530de622 +ga-IE 8d20d03ac938 +gd fc9ab54d84a9 +gl 849e4e3a3fc9 +gn 51054649b046 +gu-IN c713ea51e83a +he 68f368c165a5 +hi-IN 24a69ca3f8ea +hr 5e08e334a84c +hsb 393c98c68916 +hu 97f36446d52a +hy-AM d467bd690878 +id f390b2688780 +is 9ee7f7c99512 +it ed1aa37dd8c7 +ja 3ef479bfde1a +ja-JP-mac 80958cf82100 +ka 3b036c9e61a6 +kab 364adce77c72 +kk 08696f7c8a1a +km c68136590500 +kn 6160ec938484 +ko 936eb0ebb2da +lij 6f8083311567 +lt 2b1cbb210da2 +lv 10389753c571 +mai 7e4a8262ce47 +mk 123d0c7a029e +ml 6489a17e1231 +mr 6e618c26bbbc +ms f1b58ca03654 +nb-NO e87d4d61a15e +nl 095e7caafd73 +nn-NO dd567e171cc0 +or 16dd77306673 +pa-IN f25671183bb9 +pl e0cb50020774 +pt-BR 291efbc7eda6 +pt-PT 8ba304b52d98 +rm ec384cb407d1 +ro d8c54284d42c +ru 72f076d6157a +si d0ecb8470e6b +sk 9489c3379fe7 +sl 5057b16cc0a4 +son 8a18464fb645 +sq 8dcd80c157b4 +sr 49f0c3635d34 +sv-SE ba8c81281095 +ta 1e7e519542ff +te 510cff80cfbe +th 5aa843627cdb +tr 33ade23966b0 +uk 7db099371772 +ur 8916a4a4ac78 +uz 4f2be0c7cf61 +vi a0e2d5d10028 +xh 0bbddd61bf1d +zh-CN 0a704c7c84a1 +zh-TW 93c4d7dc2c0a diff -r ace605efe50f -r f7a8fa97a57e mozilla-kde.patch --- a/mozilla-kde.patch Sat Mar 04 17:54:44 2017 +0100 +++ b/mozilla-kde.patch Sat Mar 18 11:18:01 2017 +0100 @@ -1,5 +1,5 @@ # HG changeset patch -# Parent 0e88a32ef7263e76f6970bab17458130d1f3677f +# Parent 5c8ae59424f5318bf7a387257771bf95d3893063 Description: Add KDE integration to Firefox (toolkit parts) Author: Wolfgang Rosenauer Author: Lubos Lunak @@ -2200,6 +2200,117 @@ +# PrefWindow II (???) +# PrefWindow I (June 4, 1999) +# +diff --git a/toolkit/mozapps/downloads/nsHelperAppDlg.js b/toolkit/mozapps/downloads/nsHelperAppDlg.js +--- a/toolkit/mozapps/downloads/nsHelperAppDlg.js ++++ b/toolkit/mozapps/downloads/nsHelperAppDlg.js +@@ -627,17 +627,17 @@ nsUnknownContentTypeDialog.prototype = { + else + typeString = mimeInfo.MIMEType; + } + // When the length is unknown, contentLength would be -1 + if (this.mLauncher.contentLength >= 0) { + let [size, unit] = DownloadUtils. + convertByteUnits(this.mLauncher.contentLength); + type.value = this.dialogElement("strings") +- .getFormattedString("orderedFileSizeWithType", ++ .getFormattedString("orderedFileSizeWithType", + [typeString, size, unit]); + } + else { + type.value = typeString; + } + }, + + // Returns true if opening the default application makes sense. +@@ -801,17 +801,17 @@ nsUnknownContentTypeDialog.prototype = { + switch (this.dialogElement("openHandler").selectedIndex) { + case 0: + // No app need be specified in this case. + ok = true; + break; + case 1: + // only enable the OK button if we have a default app to use or if + // the user chose an app.... +- ok = this.chosenApp || /\S/.test(this.dialogElement("otherHandler").getAttribute("path")); ++ ok = this.chosenApp || /\S/.test(this.dialogElement("otherHandler").getAttribute("path")); + break; + } + } + + // Enable Ok button if ok to press. + this.mDialog.document.documentElement.getButton("accept").disabled = !ok; + }, + +@@ -1068,30 +1068,56 @@ nsUnknownContentTypeDialog.prototype = { + params.handlerApp.executable && + params.handlerApp.executable.isFile()) { + // Remember the file they chose to run. + this.chosenApp = params.handlerApp; + } + } + else { + #if MOZ_WIDGET_GTK == 3 +- var nsIApplicationChooser = Components.interfaces.nsIApplicationChooser; +- var appChooser = Components.classes["@mozilla.org/applicationchooser;1"] +- .createInstance(nsIApplicationChooser); +- appChooser.init(this.mDialog, this.dialogElement("strings").getString("chooseAppFilePickerTitle")); +- var contentTypeDialogObj = this; +- let appChooserCallback = function appChooserCallback_done(aResult) { +- if (aResult) { +- contentTypeDialogObj.chosenApp = aResult.QueryInterface(Components.interfaces.nsILocalHandlerApp); ++ // handle the KDE case which is implemented in the filepicker ++ // therefore falling back to Gtk2 like behaviour if KDE is running ++ // FIXME this should be better handled in the nsIApplicationChooser interface ++ var env = Components.classes["@mozilla.org/process/environment;1"] ++ .getService(Components.interfaces.nsIEnvironment); ++ if (env.get('KDE_FULL_SESSION') == "true") ++ { ++ var nsIFilePicker = Components.interfaces.nsIFilePicker; ++ var fp = Components.classes["@mozilla.org/filepicker;1"] ++ .createInstance(nsIFilePicker); ++ fp.init(this.mDialog, ++ this.dialogElement("strings").getString("chooseAppFilePickerTitle"), ++ nsIFilePicker.modeOpen); ++ ++ fp.appendFilters(nsIFilePicker.filterApps); ++ ++ if (fp.show() == nsIFilePicker.returnOK && fp.file) { ++ // Remember the file they chose to run. ++ var localHandlerApp = ++ Components.classes["@mozilla.org/uriloader/local-handler-app;1"]. ++ createInstance(Components.interfaces.nsILocalHandlerApp); ++ localHandlerApp.executable = fp.file; ++ this.chosenApp = localHandlerApp; + } +- contentTypeDialogObj.finishChooseApp(); +- }; +- appChooser.open(this.mLauncher.MIMEInfo.MIMEType, appChooserCallback); +- // The finishChooseApp is called from appChooserCallback +- return; ++ } else { ++ var nsIApplicationChooser = Components.interfaces.nsIApplicationChooser; ++ var appChooser = Components.classes["@mozilla.org/applicationchooser;1"] ++ .createInstance(nsIApplicationChooser); ++ appChooser.init(this.mDialog, this.dialogElement("strings").getString("chooseAppFilePickerTitle")); ++ var contentTypeDialogObj = this; ++ let appChooserCallback = function appChooserCallback_done(aResult) { ++ if (aResult) { ++ contentTypeDialogObj.chosenApp = aResult.QueryInterface(Components.interfaces.nsILocalHandlerApp); ++ } ++ contentTypeDialogObj.finishChooseApp(); ++ }; ++ appChooser.open(this.mLauncher.MIMEInfo.MIMEType, appChooserCallback); ++ // The finishChooseApp is called from appChooserCallback ++ return; ++ } + #else + var nsIFilePicker = Components.interfaces.nsIFilePicker; + var fp = Components.classes["@mozilla.org/filepicker;1"] + .createInstance(nsIFilePicker); + fp.init(this.mDialog, + this.dialogElement("strings").getString("chooseAppFilePickerTitle"), + nsIFilePicker.modeOpen); + diff --git a/toolkit/system/unixproxy/nsUnixSystemProxySettings.cpp b/toolkit/system/unixproxy/nsUnixSystemProxySettings.cpp --- a/toolkit/system/unixproxy/nsUnixSystemProxySettings.cpp +++ b/toolkit/system/unixproxy/nsUnixSystemProxySettings.cpp @@ -3696,7 +3807,7 @@ diff --git a/xpcom/io/nsLocalFileUnix.cpp b/xpcom/io/nsLocalFileUnix.cpp --- a/xpcom/io/nsLocalFileUnix.cpp +++ b/xpcom/io/nsLocalFileUnix.cpp -@@ -45,16 +45,17 @@ +@@ -46,16 +46,17 @@ #include "prproces.h" #include "nsIDirectoryEnumerator.h" #include "nsISimpleEnumerator.h" @@ -3714,7 +3825,7 @@ #include "prmem.h" #include "plbase64.h" -@@ -1947,42 +1948,52 @@ nsLocalFile::SetPersistentDescriptor(con +@@ -1948,42 +1949,52 @@ nsLocalFile::SetPersistentDescriptor(con return InitWithNativePath(aPersistentDescriptor); #endif } @@ -3773,7 +3884,7 @@ return rv; } return NS_ERROR_FAILURE; -@@ -1990,16 +2001,22 @@ nsLocalFile::Reveal() +@@ -1991,16 +2002,22 @@ nsLocalFile::Reveal() return NS_ERROR_FAILURE; #endif }