--- a/MozillaFirefox/MozillaFirefox.changes Mon Dec 14 00:04:31 2015 +0100
+++ b/MozillaFirefox/MozillaFirefox.changes Thu Dec 31 10:00:30 2015 +0100
@@ -1,12 +1,69 @@
-------------------------------------------------------------------
-Sun Dec 13 12:48:28 UTC 2015 - wr@rosenauer.org
-
-- update to Firefox 43.0b9
+Thu Dec 31 08:45:14 UTC 2015 - wr@rosenauer.org
+
+- prepare mozilla-kde.patch for Gtk3 builds
+
+-------------------------------------------------------------------
+Tue Dec 29 20:29:35 UTC 2015 - wr@rosenauer.org
+
+- update to Firefox 43.0.3
+ * requires NSS 3.20.2 to fix
+ MFSA 2015-150/CVE-2015-7575 (bmo#1158489)
+ MD5 signatures accepted within TLS 1.2 ServerKeyExchange in
+ server signature
+ * various changes to support Windows update (SHA-1 vs. SHA-2)
+ * workaround Youtube user agent detection issue (bmo#1233970)
+- fix file download regression for multi user systems
+ (bmo#1233434) (mozilla-bmo1233434.patch)
+- explicitely requires libXcomposite-devel
+
+-------------------------------------------------------------------
+Sun Dec 13 23:07:56 UTC 2015 - wr@rosenauer.org
+
+- update to Firefox 43.0 (bnc#959277)
* Improved API support for m4v video playback
* Users can opt-in to receive search suggestions from the Awesome Bar
* WebRTC streaming on multiple monitors
* User selectable second block list for Private Browsing's Tracking
Protection
+ security fixes:
+ * MFSA 2015-134/CVE-2015-7201/CVE-2015-7202
+ Miscellaneous memory safety hazards
+ * MFSA 2015-135/CVE-2015-7204 (bmo#1216130)
+ Crash with JavaScript variable assignment with unboxed objects
+ * MFSA 2015-136/CVE-2015-7207 (bmo#1185256)
+ Same-origin policy violation using perfomance.getEntries and
+ history navigation
+ * MFSA 2015-137/CVE-2015-7208 (bmo#1191423)
+ Firefox allows for control characters to be set in cookies
+ * MFSA 2015-138/CVE-2015-7210 (bmo#1218326)
+ Use-after-free in WebRTC when datachannel is used after being
+ destroyed
+ * MFSA 2015-139/CVE-2015-7212 (bmo#1222809)
+ Integer overflow allocating extremely large textures
+ * MFSA 2015-140/CVE-2015-7215 (bmo#1160890)
+ Cross-origin information leak through web workers error events
+ * MFSA 2015-141/CVE-2015-7211 (bmo#1221444)
+ Hash in data URI is incorrectly parsed
+ * MFSA 2015-142/CVE-2015-7218/CVE-2015-7219 (bmo#1194818, bmo#1194820)
+ DOS due to malformed frames in HTTP/2
+ * MFSA 2015-143/CVE-2015-7216/CVE-2015-7217 (bmo#1197059, bmo#1203078)
+ Linux file chooser crashes on malformed images due to flaws in
+ Jasper library
+ * MFSA 2015-144/CVE-2015-7203/CVE-2015-7220/CVE-2015-7221
+ (bmo#1201183, bmo#1178033, bmo#1199400)
+ Buffer overflows found through code inspection
+ * MFSA 2015-145/CVE-2015-7205 (bmo#1220493)
+ Underflow through code inspection
+ * MFSA 2015-146/CVE-2015-7213 (bmo#1206211)
+ Integer overflow in MP4 playback in 64-bit versions
+ * MFSA 2015-147/CVE-2015-7222 (bmo#1216748)
+ Integer underflow and buffer overflow processing MP4 metadata in
+ libstagefright
+ * MFSA 2015-148/CVE-2015-7223 (bmo#1226423)
+ Privilege escalation vulnerabilities in WebExtension APIs
+ * MFSA 2015-149/CVE-2015-7214 (bmo#1228950)
+ Cross-site reading attack through data and view-source URIs
- rebased patches
-------------------------------------------------------------------
--- a/MozillaFirefox/MozillaFirefox.spec Mon Dec 14 00:04:31 2015 +0100
+++ b/MozillaFirefox/MozillaFirefox.spec Thu Dec 31 10:00:30 2015 +0100
@@ -18,10 +18,10 @@
# changed with every update
-%define major 42
+%define major 43
%define mainver %major.99
%define update_channel beta
-%define releasedate 2015120300
+%define releasedate 2015123000
# general build definitions
%if "%{update_channel}" != "aurora"
@@ -69,6 +69,7 @@
BuildRequires: dbus-1-glib-devel
BuildRequires: fdupes
BuildRequires: gcc-c++
+BuildRequires: libXcomposite-devel
BuildRequires: libcurl-devel
BuildRequires: libgnomeui-devel
BuildRequires: libidl-devel
@@ -76,8 +77,8 @@
BuildRequires: libnotify-devel
BuildRequires: libproxy-devel
BuildRequires: makeinfo
-BuildRequires: mozilla-nspr-devel >= 4.10.10
-BuildRequires: mozilla-nss-devel >= 3.19.4
+BuildRequires: mozilla-nspr-devel >= 4.11
+BuildRequires: mozilla-nss-devel >= 3.21
BuildRequires: nss-shared-helper-devel
BuildRequires: python-devel
BuildRequires: startup-notification-devel
@@ -90,6 +91,17 @@
BuildRequires: pkgconfig(gstreamer-app-%gstreamer_ver)
BuildRequires: pkgconfig(gstreamer-plugins-base-%gstreamer_ver)
BuildRequires: pkgconfig(libpulse)
+# libavcodec is already used if available for H.264 but
+# explicitely loaded by FF. For proper H.264 support the
+# openSUSE delivered version is not sufficient but currently
+# prevents even the use of the GStreamer method
+# https://bugzilla.mozilla.org/show_bug.cgi?id=1234157
+# to get H.264 working correctly libavcodec from packman
+# is required. As of today the following recommends will
+# pull in libavcodec52 from packman since it's the only
+# package providing libavcodec but it's not loaded from
+# Firefox as the minimal version is 53
+#Recommends: libavcodec
%if 0%{?gstreamer} == 1
Requires: libgstreamer-1_0-0
Recommends: gstreamer-fluendo-mp3
@@ -147,6 +159,7 @@
Patch8: mozilla-openaes-decl.patch
Patch10: mozilla-no-stdcxx-check.patch
Patch11: mozilla-libproxy.patch
+Patch12: mozilla-bmo1233434.patch
# Firefox/browser
Patch101: firefox-kde.patch
Patch102: firefox-no-default-ualocale.patch
@@ -256,6 +269,7 @@
%patch8 -p1
%patch10 -p1
%patch11 -p1
+%patch12 -p1
# Firefox
%patch101 -p1
%patch102 -p1
@@ -308,6 +322,9 @@
ac_add_options --mandir=%{_mandir}
ac_add_options --includedir=%{_includedir}
ac_add_options --enable-release
+%if 0%{?suse_version} > 1320
+#ac_add_options --enable-default-toolkit=cairo-gtk3
+%endif
%ifarch %ix86 %arm
%if 0%{?suse_version} > 1230
ac_add_options --disable-optimize
@@ -556,6 +573,10 @@
%{progdir}/components/
%{progdir}/defaults/
%{progdir}/dictionaries/
+%if 0%{?suse_version} > 1320
+#%dir %{progdir}/gtk2
+%{progdir}/gtk2/libmozgtk.so
+%endif
%{progdir}/webapprt/
%{progdir}/gmp-clearkey/
%attr(755,root,root) %{progdir}/%{progname}.sh
--- a/MozillaFirefox/create-tar.sh Mon Dec 14 00:04:31 2015 +0100
+++ b/MozillaFirefox/create-tar.sh Thu Dec 31 10:00:30 2015 +0100
@@ -2,8 +2,8 @@
CHANNEL="beta"
BRANCH="releases/mozilla-$CHANNEL"
-RELEASE_TAG="FIREFOX_43_0b9_RELEASE"
-VERSION="42.99"
+RELEASE_TAG="FIREFOX_44_0b4_RELEASE"
+VERSION="43.99"
# mozilla
if [ -d mozilla ]; then
--- a/MozillaFirefox/mozilla-bmo1005535.patch Mon Dec 14 00:04:31 2015 +0100
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,1 +0,0 @@
-../mozilla-bmo1005535.patch
\ No newline at end of file
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/MozillaFirefox/mozilla-bmo1233434.patch Thu Dec 31 10:00:30 2015 +0100
@@ -0,0 +1,1 @@
+../mozilla-bmo1233434.patch
\ No newline at end of file
--- a/mozilla-bmo1005535.patch Mon Dec 14 00:04:31 2015 +0100
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,152 +0,0 @@
-# HG changeset patch
-# Parent b7eb1ce0237d6125b75bc8ff1cb3afc328d6e78c
-# User Steve Singer <steve@ssinger.info>
-# Parent 4e6bb9847daccf128ad3eab9be087ef63f9b974c
-Bug 1005535 - Get skia GPU building on big endian.
-
-diff --git a/configure.in b/configure.in
---- a/configure.in
-+++ b/configure.in
-@@ -8208,21 +8208,21 @@ dnl Skia
- dnl ========================================================
- if test "$MOZ_ENABLE_SKIA"; then
- AC_DEFINE(MOZ_ENABLE_SKIA)
- AC_DEFINE(USE_SKIA)
- if test "${MOZ_WIDGET_TOOLKIT}" = "android" -o x"$MOZ_WIDGET_TOOLKIT" = x"gonk"; then
- AC_DEFINE(SK_BUILD_FOR_ANDROID_NDK)
- fi
-
-- if test "${CPU_ARCH}" != "ppc" -a "${CPU_ARCH}" != "ppc64" -a "${CPU_ARCH}" != "sparc" -a -z "$MOZ_DISABLE_SKIA_GPU" ; then
-+ #if test "${CPU_ARCH}" != "ppc" -a "${CPU_ARCH}" != "ppc64" -a "${CPU_ARCH}" != "sparc" -a -z "$MOZ_DISABLE_SKIA_GPU" ; then
- MOZ_ENABLE_SKIA_GPU=1
- AC_DEFINE(USE_SKIA_GPU)
- AC_SUBST(MOZ_ENABLE_SKIA_GPU)
-- fi
-+ #fi
- fi
- AC_SUBST(MOZ_ENABLE_SKIA)
-
- dnl ========================================================
- dnl Check for nss-shared-helper
- dnl ========================================================
-
- PKG_CHECK_MODULES(NSSHELPER, nss-shared-helper,
-diff --git a/gfx/skia/trunk/include/config/SkUserConfig.h b/gfx/skia/trunk/include/config/SkUserConfig.h
---- a/gfx/skia/trunk/include/config/SkUserConfig.h
-+++ b/gfx/skia/trunk/include/config/SkUserConfig.h
-@@ -192,16 +192,17 @@
-
- #if defined(SK_CPU_ARM32) || defined(SK_CPU_ARM64)
- # define SK_BARRIERS_PLATFORM_H "skia/SkBarriers_arm.h"
- #else
- # define SK_BARRIERS_PLATFORM_H "skia/SkBarriers_x86.h"
- #endif
-
- // On all platforms we have this byte order
-+
- #define SK_A32_SHIFT 24
- #define SK_R32_SHIFT 16
- #define SK_G32_SHIFT 8
- #define SK_B32_SHIFT 0
-
- #define SK_ALLOW_STATIC_GLOBAL_INITIALIZERS 0
-
- #define SK_SUPPORT_LEGACY_GETDEVICE
-diff --git a/gfx/skia/trunk/include/core/SkColorPriv.h b/gfx/skia/trunk/include/core/SkColorPriv.h
---- a/gfx/skia/trunk/include/core/SkColorPriv.h
-+++ b/gfx/skia/trunk/include/core/SkColorPriv.h
-@@ -27,37 +27,27 @@
- * For easier compatibility with Skia's GPU backend, we further restrict these
- * to either (in memory-byte-order) RGBA or BGRA. Note that this "order" does
- * not directly correspond to the same shift-order, since we have to take endianess
- * into account.
- *
- * Here we enforce this constraint.
- */
-
--#ifdef SK_CPU_BENDIAN
-- #define SK_RGBA_R32_SHIFT 24
-- #define SK_RGBA_G32_SHIFT 16
-- #define SK_RGBA_B32_SHIFT 8
-- #define SK_RGBA_A32_SHIFT 0
-
-- #define SK_BGRA_B32_SHIFT 24
-- #define SK_BGRA_G32_SHIFT 16
-- #define SK_BGRA_R32_SHIFT 8
-- #define SK_BGRA_A32_SHIFT 0
--#else
- #define SK_RGBA_R32_SHIFT 0
- #define SK_RGBA_G32_SHIFT 8
- #define SK_RGBA_B32_SHIFT 16
- #define SK_RGBA_A32_SHIFT 24
-
- #define SK_BGRA_B32_SHIFT 0
- #define SK_BGRA_G32_SHIFT 8
- #define SK_BGRA_R32_SHIFT 16
- #define SK_BGRA_A32_SHIFT 24
--#endif
-+
-
- #if defined(SK_PMCOLOR_IS_RGBA) && defined(SK_PMCOLOR_IS_BGRA)
- #error "can't define PMCOLOR to be RGBA and BGRA"
- #endif
-
- #define LOCAL_PMCOLOR_SHIFTS_EQUIVALENT_TO_RGBA \
- (SK_A32_SHIFT == SK_RGBA_A32_SHIFT && \
- SK_R32_SHIFT == SK_RGBA_R32_SHIFT && \
-diff --git a/gfx/skia/trunk/include/core/SkImageInfo.h b/gfx/skia/trunk/include/core/SkImageInfo.h
---- a/gfx/skia/trunk/include/core/SkImageInfo.h
-+++ b/gfx/skia/trunk/include/core/SkImageInfo.h
-@@ -83,19 +83,20 @@ enum SkColorType {
-
- kLastEnum_SkColorType = kIndex_8_SkColorType,
-
- #if SK_PMCOLOR_BYTE_ORDER(B,G,R,A)
- kN32_SkColorType = kBGRA_8888_SkColorType,
- #elif SK_PMCOLOR_BYTE_ORDER(R,G,B,A)
- kN32_SkColorType = kRGBA_8888_SkColorType,
- #else
--#error "SK_*32_SHFIT values must correspond to BGRA or RGBA byte order"
-+ kN32_SkColorType = kBGRA_8888_SkColorType
- #endif
-
-+
- #ifdef SK_SUPPORT_LEGACY_N32_NAME
- kPMColor_SkColorType = kN32_SkColorType
- #endif
- };
-
- static int SkColorTypeBytesPerPixel(SkColorType ct) {
- static const uint8_t gSize[] = {
- 0, // Unknown
-diff --git a/gfx/skia/trunk/include/gpu/GrTypes.h b/gfx/skia/trunk/include/gpu/GrTypes.h
---- a/gfx/skia/trunk/include/gpu/GrTypes.h
-+++ b/gfx/skia/trunk/include/gpu/GrTypes.h
-@@ -304,25 +304,23 @@ enum GrPixelConfig {
- * Byte order is r, g, b, a. This color format is 32 bits per channel
- */
- kRGBA_float_GrPixelConfig,
- kLast_GrPixelConfig = kRGBA_float_GrPixelConfig
- };
- static const int kGrPixelConfigCnt = kLast_GrPixelConfig + 1;
-
- // Aliases for pixel configs that match skia's byte order.
--#ifndef SK_CPU_LENDIAN
-- #error "Skia gpu currently assumes little endian"
--#endif
-+
- #if SK_PMCOLOR_BYTE_ORDER(B,G,R,A)
- static const GrPixelConfig kSkia8888_GrPixelConfig = kBGRA_8888_GrPixelConfig;
- #elif SK_PMCOLOR_BYTE_ORDER(R,G,B,A)
- static const GrPixelConfig kSkia8888_GrPixelConfig = kRGBA_8888_GrPixelConfig;
- #else
-- #error "SK_*32_SHIFT values must correspond to GL_BGRA or GL_RGBA format."
-+ static const GrPixelConfig kSkia8888_GrPixelConfig = kBGRA_8888_GrPixelConfig;
- #endif
-
- // Returns true if the pixel config is a GPU-specific compressed format
- // representation.
- static inline bool GrPixelConfigIsCompressed(GrPixelConfig config) {
- switch (config) {
- case kETC1_GrPixelConfig:
- case kLATC_GrPixelConfig:
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/mozilla-bmo1233434.patch Thu Dec 31 10:00:30 2015 +0100
@@ -0,0 +1,45 @@
+
+# HG changeset patch
+# User Aidin Gharibnavaz <aidin@aidinhut.com>
+# Date 1450550460 -12600
+# Node ID 07ec362866977f37e638fc88e3079621fd7aef96
+# Parent cb66ffeb6725e8344818e8e2f707ae2eaeb953b4
+Bug 1233434 - Fixing download failure on a multi-user GNU/Linux machine. r?bagder
+
+diff -r cb66ffeb6725 -r 07ec36286697 uriloader/exthandler/nsExternalHelperAppService.cpp
+--- a/uriloader/exthandler/nsExternalHelperAppService.cpp Tue Dec 15 14:45:06 2015 +0100
++++ b/uriloader/exthandler/nsExternalHelperAppService.cpp Sat Dec 19 22:11:00 2015 +0330
+@@ -416,12 +416,12 @@
+ const char* userName = PR_GetEnv("USERNAME");
+ if (!userName || !*userName) {
+ userName = PR_GetEnv("USER");
+- if (!userName || !*userName) {
+- userName = PR_GetEnv("LOGNAME");
+- }
+- else {
+- userName = "mozillaUser";
+- }
++ }
++ if (!userName || !*userName) {
++ userName = PR_GetEnv("LOGNAME");
++ }
++ if (!userName || !*userName) {
++ userName = "mozillaUser";
+ }
+
+ nsAutoString userDir;
+@@ -447,7 +447,12 @@
+ rv = finalPath->GetPermissions(&permissions);
+ NS_ENSURE_SUCCESS(rv, rv);
+
+- if (permissions == PR_IRWXU) {
++ // Ensuring the path is writable by the current user.
++ bool isWritable;
++ rv = finalPath->IsWritable(&isWritable);
++ NS_ENSURE_SUCCESS(rv, rv);
++
++ if (permissions == PR_IRWXU && isWritable) {
+ dir = finalPath;
+ break;
+ }
+
--- a/mozilla-kde.patch Mon Dec 14 00:04:31 2015 +0100
+++ b/mozilla-kde.patch Thu Dec 31 10:00:30 2015 +0100
@@ -1,5 +1,5 @@
# HG changeset patch
-# Parent 1e6ab61ae64f601da61197f34ad145f54a400b1f
+# Parent fc87d8519207c57c22fb5a01243722be530679fa
Description: Add KDE integration to Firefox (toolkit parts)
Author: Wolfgang Rosenauer <wolfgang@rosenauer.org>
Author: Lubos Lunak <lunak@suse.com>
@@ -2503,12 +2503,12 @@
+ }
+
+
-+bool nsKDEUtils::commandBlockUi( const nsTArray<nsCString>& command, const GtkWindow* parent, nsTArray<nsCString>* output )
++bool nsKDEUtils::commandBlockUi( const nsTArray<nsCString>& command, GtkWindow* parent, nsTArray<nsCString>* output )
+ {
+ return self()->internalCommand( command, parent, true, output );
+ }
+
-+bool nsKDEUtils::internalCommand( const nsTArray<nsCString>& command, const GtkWindow* parent, bool blockUi,
++bool nsKDEUtils::internalCommand( const nsTArray<nsCString>& command, GtkWindow* parent, bool blockUi,
+ nsTArray<nsCString>* output )
+ {
+ if( !startHelper())
@@ -2524,8 +2524,8 @@
+ {
+ data.loop = g_main_loop_new( NULL, FALSE );
+ GtkWidget* window = gtk_window_new( GTK_WINDOW_TOPLEVEL );
-+ if( parent && parent->group )
-+ gtk_window_group_add_window( parent->group, GTK_WINDOW( window ));
++ if( parent && gtk_window_get_group(parent) )
++ gtk_window_group_add_window( gtk_window_get_group(parent), GTK_WINDOW( window ));
+ gtk_widget_realize( window );
+ gtk_widget_set_sensitive( window, TRUE );
+ gtk_grab_add( window );
@@ -2678,7 +2678,7 @@
+ /* Like command(), but additionally blocks the parent widget like if there was
+ a modal dialog shown and enters the event loop (i.e. there are still paint updates,
+ this is for commands that take long). */
-+ static bool commandBlockUi( const nsTArray<nsCString>& command, const GtkWindow* parent, nsTArray<nsCString>* output = NULL );
++ static bool commandBlockUi( const nsTArray<nsCString>& command, GtkWindow* parent, nsTArray<nsCString>* output = NULL );
+
+ private:
+ nsKDEUtils();
@@ -2687,7 +2687,7 @@
+ bool startHelper();
+ void closeHelper();
+ void feedCommand( const nsTArray<nsCString>& command );
-+ bool internalCommand( const nsTArray<nsCString>& command, const GtkWindow* parent, bool isParent,
++ bool internalCommand( const nsTArray<nsCString>& command, GtkWindow* parent, bool isParent,
+ nsTArray<nsCString>* output );
+ FILE* commandFile;
+ FILE* replyFile;
--- a/series Mon Dec 14 00:04:31 2015 +0100
+++ b/series Thu Dec 31 10:00:30 2015 +0100
@@ -12,6 +12,7 @@
#mozilla-bmo1005535.patch
mozilla-no-stdcxx-check.patch
mozilla-libproxy.patch
+mozilla-bmo1233434.patch
# Firefox patches
firefox-kde.patch