--- a/MozillaFirefox/MozillaFirefox.changes Sun Mar 05 20:50:55 2017 +0100
+++ b/MozillaFirefox/MozillaFirefox.changes Sat Mar 11 16:31:55 2017 +0100
@@ -1,16 +1,66 @@
-------------------------------------------------------------------
+Thu Mar 9 12:30:14 UTC 2017 - wr@rosenauer.org
+
+- reenable ALSA support which was removed by default upstream
+
+-------------------------------------------------------------------
Sat Mar 4 16:57:45 UTC 2017 - wr@rosenauer.org
-- update to Firefox 52.0
+- update to Firefox 52.0 (boo#1028391)
* requires NSS >= 3.28.3
* Pages containing insecure password fields now display a warning
directly within username and password fields.
- * Windows 8 touch screen support for multiprocess Firefox
* Send and open a tab from one device to another with Sync
* Removed NPAPI support for plugins other than Flash. Silverlight,
Java, Acrobat and the like are no longer supported.
* Removed Battery Status API to reduce fingerprinting of users by
trackers
+ * MFSA 2017-05
+ CVE-2017-5400: asm.js JIT-spray bypass of ASLR and DEP
+ (bmo#1334933)
+ CVE-2017-5401: Memory Corruption when handling ErrorResult
+ (bmo#1328861)
+ CVE-2017-5402: Use-after-free working with events in FontFace
+ objects (bmo#1334876)
+ CVE-2017-5403: Use-after-free using addRange to add range to an
+ incorrect root object (bmo#1340186)
+ CVE-2017-5404: Use-after-free working with ranges in selections
+ (bmo#1340138)
+ CVE-2017-5406: Segmentation fault in Skia with canvas operations
+ (bmo#1306890)
+ CVE-2017-5407: Pixel and history stealing via floating-point
+ timing side channel with SVG filters (bmo#1336622)
+ CVE-2017-5410: Memory corruption during JavaScript garbage
+ collection incremental sweeping (bmo#1330687)
+ CVE-2017-5408: Cross-origin reading of video captions in violation
+ of CORS (bmo#1313711)
+ CVE-2017-5412: Buffer overflow read in SVG filters (bmo#1328323)
+ CVE-2017-5413: Segmentation fault during bidirectional operations
+ (bmo#1337504)
+ CVE-2017-5414: File picker can choose incorrect default directory
+ (bmo#1319370)
+ CVE-2017-5415: Addressbar spoofing through blob URL (bmo#1321719)
+ CVE-2017-5416: Null dereference crash in HttpChannel (bmo#1328121)
+ CVE-2017-5417: Addressbar spoofing by draging and dropping URLs
+ (bmo#791597)
+ CVE-2017-5426: Gecko Media Plugin sandbox is not started if
+ seccomp-bpf filter is running (bmo#1257361)
+ CVE-2017-5427: Non-existent chrome.manifest file loaded during
+ startup (bmo#1295542)
+ CVE-2017-5418: Out of bounds read when parsing HTTP digest
+ authorization responses (bmo#1338876)
+ CVE-2017-5419: Repeated authentication prompts lead to DOS
+ attack (bmo#1312243)
+ CVE-2017-5420: Javascript: URLs can obfuscate addressbar
+ location (bmo#1284395)
+ CVE-2017-5405: FTP response codes can cause use of
+ uninitialized values for ports (bmo#1336699)
+ CVE-2017-5421: Print preview spoofing (bmo#1301876)
+ CVE-2017-5422: DOS attack by using view-source: protocol
+ repeatedly in one hyperlink (bmo#1295002)
+ CVE-2017-5399: Memory safety bugs fixed in Firefox 52
+ CVE-2017-5398: Memory safety bugs fixed in Firefox 52 and
+ Firefox ESR 45.8
- removed obsolete patches
* mozilla-binutils-visibility.patch
* mozilla-check_return.patch
--- a/MozillaFirefox/MozillaFirefox.spec Sun Mar 05 20:50:55 2017 +0100
+++ b/MozillaFirefox/MozillaFirefox.spec Sat Mar 11 16:31:55 2017 +0100
@@ -353,6 +353,7 @@
ac_add_options --with-system-zlib
ac_add_options --disable-updater
ac_add_options --disable-tests
+ac_add_options --enable-alsa
ac_add_options --disable-debug
ac_add_options --enable-startup-notification
#ac_add_options --enable-chrome-format=jar