Mercurial Mercurial > hg > mozilla / changeset
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
38.7.0 release firefox38
authorWolfgang Rosenauer <wr@rosenauer.org>
Tue, 15 Mar 2016 11:47:14 +0100
branchfirefox38
changeset 905 47f0968a6491
parent 891 2fa2f92f6f37
child 912 e4de90d18024
38.7.0 release
MozillaFirefox/MozillaFirefox.changes file | annotate | diff | comparison | revisions
MozillaFirefox/MozillaFirefox.spec file | annotate | diff | comparison | revisions
MozillaFirefox/create-tar.sh file | annotate | diff | comparison | revisions
MozillaFirefox/firefox-esr.changes file | annotate | diff | comparison | revisions
MozillaFirefox/firefox-esr.spec file | annotate | diff | comparison | revisions 
--- a/MozillaFirefox/MozillaFirefox.changes	Sat Dec 19 17:36:33 2015 +0100
+++ b/MozillaFirefox/MozillaFirefox.changes	Tue Mar 15 11:47:14 2016 +0100
@@ -1,4 +1,59 @@
 -------------------------------------------------------------------
+Tue Mar  8 06:58:55 UTC 2016 - wr@rosenauer.org
+
+- update to Firefox 38.7.0 (boo#969894)
+  * MFSA 2015-81/CVE-2015-4477 (bmo#1179484)
+    Use-after-free in MediaStream playback
+  * MFSA 2015-136/CVE-2015-7207 (bmo#1185256)
+    Same-origin policy violation using performance.getEntries and
+    history navigation
+  * MFSA 2016-16/CVE-2016-1952
+    Miscellaneous memory safety hazards
+  * MFSA 2016-17/CVE-2016-1954 (bmo#1243178)
+    Local file overwriting and potential privilege escalation through
+    CSP reports
+  * MFSA 2016-20/CVE-2016-1957 (bmo#1227052)
+    Memory leak in libstagefright when deleting an array during MP4
+    processing
+  * MFSA 2016-21/CVE-2016-1958 (bmo#1228754)
+    Displayed page address can be overridden
+  * MFSA 2016-23/CVE-2016-1960/ZDI-CAN-3545 (bmo#1246014)
+    Use-after-free in HTML5 string parser
+  * MFSA 2016-24/CVE-2016-1961/ZDI-CAN-3574 (bmo#1249377)
+    Use-after-free in SetBody
+  * MFSA 2016-25/CVE-2016-1962 (bmo#1240760)
+    Use-after-free when using multiple WebRTC data channels
+  * MFSA 2016-27/CVE-2016-1964 (bmo#1243335)
+    Use-after-free during XML transformations
+  * MFSA 2016-28/CVE-2016-1965 (bmo#1245264)
+    Addressbar spoofing though history navigation and Location protocol
+    property
+  * MFSA 2016-31/CVE-2016-1966 (bmo#1246054)
+    Memory corruption with malicious NPAPI plugin
+  * MFSA 2016-34/CVE-2016-1974 (bmo#1228103)
+    Out-of-bounds read in HTML parser following a failed allocation
+  * MFSA 2016-37/CVE-2016-1977/CVE-2016-2790/CVE-2016-2791/
+    CVE-2016-2792/CVE-2016-2793/CVE-2016-2794/CVE-2016-2795/
+    CVE-2016-2796/CVE-2016-2797/CVE-2016-2798/CVE-2016-2799/
+    CVE-2016-2800/CVE-2016-2801/CVE-2016-2802
+    Font vulnerabilities in the Graphite 2 library
+
+-------------------------------------------------------------------
+Mon Jan 25 10:29:11 UTC 2016 - wr@rosenauer.org
+
+- update to Firefox 38.6.0esr (boo#963520)
+  * MFSA 2016-01/CVE-2016-1930
+    Miscellaneous memory safety hazards
+  * MFSA 2016-03/CVE-2016-1935 (bmo#1220450)
+    Buffer overflow in WebGL after out of memory allocation
+
+-------------------------------------------------------------------
+Tue Dec 29 20:43:18 UTC 2015 - wr@rosenauer.org
+
+- update to Firefox 38.5.2
+- some spec file changes to support 11.4 again
+
+-------------------------------------------------------------------
 Sat Dec 12 09:09:25 UTC 2015 - wr@rosenauer.org
 
 - update to Firefox 38.5.0 (bnc#959277)
--- a/MozillaFirefox/MozillaFirefox.spec	Sat Dec 19 17:36:33 2015 +0100
+++ b/MozillaFirefox/MozillaFirefox.spec	Tue Mar 15 11:47:14 2016 +0100
@@ -2,7 +2,7 @@
 # spec file for package MozillaFirefox
 #
 # Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany.
-#               2006-2015 Wolfgang Rosenauer
+#               2006-2016 Wolfgang Rosenauer
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -19,9 +19,9 @@
 
 # changed with every update
 %define major 38
-%define mainver %major.5.0
+%define mainver %major.7.0
 %define update_channel esr38
-%define releasedate 2015121000
+%define releasedate 2016030700
 
 # general build definitions
 %if "%{update_channel}" != "aurora"
@@ -75,7 +75,9 @@
 BuildRequires:  libiw-devel
 BuildRequires:  libnotify-devel
 BuildRequires:  libproxy-devel
+%if 0%{?suse_version} > 1140
 BuildRequires:  makeinfo
+%endif
 BuildRequires:  mozilla-nspr-devel >= 4.10.10
 BuildRequires:  mozilla-nss-devel >= 3.19.2.1
 BuildRequires:  nss-shared-helper-devel
@@ -84,6 +86,7 @@
 BuildRequires:  unzip
 BuildRequires:  update-desktop-files
 BuildRequires:  xorg-x11-libXt-devel
+BuildRequires:  xz
 BuildRequires:  yasm
 BuildRequires:  zip
 BuildRequires:  pkgconfig(gstreamer-%gstreamer_ver)
--- a/MozillaFirefox/create-tar.sh	Sat Dec 19 17:36:33 2015 +0100
+++ b/MozillaFirefox/create-tar.sh	Tue Mar 15 11:47:14 2016 +0100
@@ -2,8 +2,8 @@
 
 CHANNEL="esr38"
 BRANCH="releases/mozilla-$CHANNEL"
-RELEASE_TAG="FIREFOX_38_5_0esr_RELEASE"
-VERSION="38.5.0"
+RELEASE_TAG="FIREFOX_38_7_0esr_RELEASE"
+VERSION="38.7.0"
 
 # mozilla
 if [ -d mozilla ]; then
--- a/MozillaFirefox/firefox-esr.changes	Sat Dec 19 17:36:33 2015 +0100
+++ b/MozillaFirefox/firefox-esr.changes	Tue Mar 15 11:47:14 2016 +0100
@@ -1,7 +1,78 @@
 -------------------------------------------------------------------
+Tue Mar  8 06:58:55 UTC 2016 - wr@rosenauer.org
+
+- update to Firefox 38.7.0 (boo#969894)
+  * MFSA 2015-81/CVE-2015-4477 (bmo#1179484)
+    Use-after-free in MediaStream playback
+  * MFSA 2015-136/CVE-2015-7207 (bmo#1185256)
+    Same-origin policy violation using performance.getEntries and
+    history navigation
+  * MFSA 2016-16/CVE-2016-1952
+    Miscellaneous memory safety hazards
+  * MFSA 2016-17/CVE-2016-1954 (bmo#1243178)
+    Local file overwriting and potential privilege escalation through
+    CSP reports
+  * MFSA 2016-20/CVE-2016-1957 (bmo#1227052)
+    Memory leak in libstagefright when deleting an array during MP4
+    processing
+  * MFSA 2016-21/CVE-2016-1958 (bmo#1228754)
+    Displayed page address can be overridden
+  * MFSA 2016-23/CVE-2016-1960/ZDI-CAN-3545 (bmo#1246014)
+    Use-after-free in HTML5 string parser
+  * MFSA 2016-24/CVE-2016-1961/ZDI-CAN-3574 (bmo#1249377)
+    Use-after-free in SetBody
+  * MFSA 2016-25/CVE-2016-1962 (bmo#1240760)
+    Use-after-free when using multiple WebRTC data channels
+  * MFSA 2016-27/CVE-2016-1964 (bmo#1243335)
+    Use-after-free during XML transformations
+  * MFSA 2016-28/CVE-2016-1965 (bmo#1245264)
+    Addressbar spoofing though history navigation and Location protocol
+    property
+  * MFSA 2016-31/CVE-2016-1966 (bmo#1246054)
+    Memory corruption with malicious NPAPI plugin
+  * MFSA 2016-34/CVE-2016-1974 (bmo#1228103)
+    Out-of-bounds read in HTML parser following a failed allocation
+  * MFSA 2016-37/CVE-2016-1977/CVE-2016-2790/CVE-2016-2791/
+    CVE-2016-2792/CVE-2016-2793/CVE-2016-2794/CVE-2016-2795/
+    CVE-2016-2796/CVE-2016-2797/CVE-2016-2798/CVE-2016-2799/
+    CVE-2016-2800/CVE-2016-2801/CVE-2016-2802
+    Font vulnerabilities in the Graphite 2 library
+
+-------------------------------------------------------------------
+Mon Jan 25 10:29:11 UTC 2016 - wr@rosenauer.org
+
+- update to Firefox 38.6.0esr (boo#963520)
+  * MFSA 2016-01/CVE-2016-1930
+    Miscellaneous memory safety hazards
+  * MFSA 2016-03/CVE-2016-1935 (bmo#1220450)
+    Buffer overflow in WebGL after out of memory allocation
+
+-------------------------------------------------------------------
+Tue Dec 29 20:43:18 UTC 2015 - wr@rosenauer.org
+
+- update to Firefox 38.5.2
+- some spec file changes to support 11.4 again
+
+-------------------------------------------------------------------
 Sat Dec 12 09:09:25 UTC 2015 - wr@rosenauer.org
 
-- update to Firefox 38.5.0 (bnc#)
+- update to Firefox 38.5.0 (bnc#959277)
+  * MFSA 2015-134/CVE-2015-7201
+    Miscellaneous memory safety hazards
+  * MFSA 2015-138/CVE-2015-7210 (bmo#1218326)
+    Use-after-free in WebRTC when datachannel is used after being
+    destroyed
+  * MFSA 2015-139/CVE-2015-7212 (bmo#1222809)
+    Integer overflow allocating extremely large textures
+  * MFSA 2015-145/CVE-2015-7205 (bmo#1220493)
+    Underflow through code inspection
+  * MFSA 2015-146/CVE-2015-7213 (bmo#1206211)
+    Integer overflow in MP4 playback in 64-bit versions
+  * MFSA 2015-147/CVE-2015-7222 (bmo#1216748)
+    Integer underflow and buffer overflow processing MP4 metadata in
+    libstagefright
+  * MFSA 2015-149/CVE-2015-7214 (bmo#1228950)
+    Cross-site reading attack through data and view-source URIs
 
 -------------------------------------------------------------------
 Fri Oct 30 21:31:52 UTC 2015 - wr@rosenauer.org
--- a/MozillaFirefox/firefox-esr.spec	Sat Dec 19 17:36:33 2015 +0100
+++ b/MozillaFirefox/firefox-esr.spec	Tue Mar 15 11:47:14 2016 +0100
@@ -1,8 +1,8 @@
 #
 # spec file for package firefox-esr
 #
-# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany.
-#               2006-2015 Wolfgang Rosenauer
+# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany.
+#               2006-2016 Wolfgang Rosenauer
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -19,9 +19,9 @@
 
 # changed with every update
 %define major 38
-%define mainver %major.5.0
+%define mainver %major.7.0
 %define update_channel esr38
-%define releasedate 2015121000
+%define releasedate 2016030700
 
 # general build definitions
 %if "%{update_channel}" != "aurora"
@@ -75,7 +75,9 @@
 BuildRequires:  libiw-devel
 BuildRequires:  libnotify-devel
 BuildRequires:  libproxy-devel
+%if 0%{?suse_version} > 1140
 BuildRequires:  makeinfo
+%endif
 BuildRequires:  mozilla-nspr-devel >= 4.10.10
 BuildRequires:  mozilla-nss-devel >= 3.19.2.1
 BuildRequires:  nss-shared-helper-devel
@@ -84,6 +86,7 @@
 BuildRequires:  unzip
 BuildRequires:  update-desktop-files
 BuildRequires:  xorg-x11-libXt-devel
+BuildRequires:  xz
 BuildRequires:  yasm
 BuildRequires:  zip
 BuildRequires:  pkgconfig(gstreamer-%gstreamer_ver)
mozilla