--- a/MozillaFirefox/MozillaFirefox.changes Tue Jan 23 22:04:56 2018 +0100
+++ b/MozillaFirefox/MozillaFirefox.changes Tue Jan 23 22:05:20 2018 +0100
@@ -1,10 +1,79 @@
-------------------------------------------------------------------
-Wed Jan 10 21:39:09 UTC 2018 - wr@rosenauer.org
-
-- update to Firefox 58.0b15
+Tue Jan 23 20:40:57 UTC 2018 - wr@rosenauer.org
+
+- update to Firefox 58.0 (bsc#1077291)
* Added Nepali (ne-NP) locale
* Added support for form autofill for credit card
* Optimize page load by caching JavaScript internal representation
+ MFSA 2018-02
+ * CVE-2018-5091 (bmo#1423086)
+ Use-after-free with DTMF timers
+ * CVE-2018-5092 (bmo#1418074)
+ Use-after-free in Web Workers
+ * CVE-2018-5093 (bmo#1415291)
+ Buffer overflow in WebAssembly during Memory/Table resizing
+ * CVE-2018-5094 (bmo#1415883)
+ Buffer overflow in WebAssembly with garbage collection on
+ uninitialized memory
+ * CVE-2018-5095 (bmo#1418447)
+ Integer overflow in Skia library during edge builder allocation
+ * CVE-2018-5097 (bmo#1387427)
+ Use-after-free when source document is manipulated during XSLT
+ * CVE-2018-5098 (bmo#1399400)
+ Use-after-free while manipulating form input elements
+ * CVE-2018-5099 (bmo#1416878)
+ Use-after-free with widget listener
+ * CVE-2018-5100 (bmo#1417405)
+ Use-after-free when IsPotentiallyScrollable arguments are freed
+ from memory
+ * CVE-2018-5101 (bmo#1417661)
+ Use-after-free with floating first-letter style elements
+ * CVE-2018-5102 (bmo#1419363)
+ Use-after-free in HTML media elements
+ * CVE-2018-5103 (bmo#1423159)
+ Use-after-free during mouse event handling
+ * CVE-2018-5104 (bmo#1425000)
+ Use-after-free during font face manipulation
+ * CVE-2018-5105 (bmo#1390882)
+ WebExtensions can save and execute files on local file system
+ without user prompts
+ * CVE-2018-5106 (bmo#1408708)
+ Developer Tools can expose style editor information cross-origin
+ through service worker
+ * CVE-2018-5107 (bmo#1379276)
+ Printing process will follow symlinks for local file access
+ * CVE-2018-5108 (bmo#1421099)
+ Manually entered blob URL can be accessed by subsequent private browsing tabs
+ * CVE-2018-5109 (bmo#1405599)
+ Audio capture prompts and starts with incorrect origin attribution
+ * CVE-2018-5110 (bmo#1423275) (affects only OS X)
+ Cursor can be made invisible on OS X
+ * CVE-2018-5111 (bmo#1321619)
+ URL spoofing in addressbar through drag and drop
+ * CVE-2018-5112 (bmo#1425224)
+ Extension development tools panel can open a non-relative URL in the panel
+ * CVE-2018-5113 (bmo#1425267)
+ WebExtensions can load non-HTTPS pages with browser.identity.launchWebAuthFlow
+ * CVE-2018-5114 (bmo#1421324)
+ The old value of a cookie changed to HttpOnly remains accessible to scripts
+ * CVE-2018-5115 (bmo#1409449)
+ Background network requests can open HTTP authentication in unrelated foreground tabs
+ * CVE-2018-5116 (bmo#1396399)
+ WebExtension ActiveTab permission allows cross-origin frame content access
+ * CVE-2018-5117 (bmo#1395508)
+ URL spoofing with right-to-left text aligned left-to-right
+ * CVE-2018-5118 (bmo#1420049)
+ Activity Stream images can attempt to load local content through file:
+ * CVE-2018-5119 (bmo#1420507)
+ Reader view will load cross-origin content in violation of CORS headers
+ * CVE-2018-5121 (bmo#1402368) (affects only OS X)
+ OS X Tibetan characters render incompletely in the addressbar
+ * CVE-2018-5122 (bmo#1413841)
+ Potential integer overflow in DoCrypt
+ * CVE-2018-5090
+ Memory safety bugs fixed in Firefox 58
+ * CVE-2018-5089
+ Memory safety bugs fixed in Firefox 58 and Firefox ESR 52.6
- requires NSS 3.34.1
- requires rust 1.21
- removed obsolete patches:
--- a/MozillaFirefox/MozillaFirefox.spec Tue Jan 23 22:04:56 2018 +0100
+++ b/MozillaFirefox/MozillaFirefox.spec Tue Jan 23 22:05:20 2018 +0100
@@ -18,11 +18,11 @@
# changed with every update
-%define major 57
-%define mainver %major.99
-%define update_channel beta
+%define major 58
+%define mainver %major.0
+%define update_channel release
%define branding 1
-%define releasedate 20180108140638
+%define releasedate 20180118215408
# PIE, full relro (x86_64 for now)
%define build_hardened 1
--- a/MozillaFirefox/create-tar.sh Tue Jan 23 22:04:56 2018 +0100
+++ b/MozillaFirefox/create-tar.sh Tue Jan 23 22:05:20 2018 +0100
@@ -5,10 +5,10 @@
# "moz_source_stamp": "c1de04f39fa956cfce83f6065b0e709369215ed5"
# http://ftp.mozilla.org/pub/firefox/candidates/48.0-candidates/build2/l10n_changesets.txt
-CHANNEL="beta"
+CHANNEL="release"
BRANCH="releases/mozilla-$CHANNEL"
-RELEASE_TAG="FIREFOX_58_0b15_RELEASE"
-VERSION="57.99"
+RELEASE_TAG="40755aa80f41ee6df8995ae44044caf7a024b128"
+VERSION="58.0"
# mozilla
if [ -d mozilla ]; then
--- a/MozillaFirefox/l10n_changesets.txt Tue Jan 23 22:04:56 2018 +0100
+++ b/MozillaFirefox/l10n_changesets.txt Tue Jan 23 22:05:20 2018 +0100
@@ -1,97 +1,97 @@
ach 51053376f3b4
af 9699e648d04f
an 35bf2af54c6e
-ar 18e0fe1f77af
+ar 11e28461eedd
as f48681f3cb1c
ast a0365b2d2204
az c9f8178b760e
-be 18548e3b4c7d
-bg d74448447ec4
-bn-BD 3775531f087a
+be 6a81fe13730e
+bg f5f7827ddaf6
+bn-BD 40173c2773dc
bn-IN 8a4d7efa4656
br 87dd84f3fb15
-bs 0fa5c5c498f1
-ca e9108f454291
-cak 037fa4cc0de7
-cs 3574c5626c21
-cy c91a567d32d7
-da f3010a97d2e5
+bs f9194e1b9d1f
+ca 2393377daf04
+cak 358337cd8e62
+cs b2f2d66e474f
+cy cd528119b1f0
+da 3d4f38f6c602
de c4580757245b
-dsb 38971ef44ffc
+dsb 6cae073a841f
el 7c198d3d5d8c
en-GB 108b5a928fb5
en-ZA 5b50bebf4e4f
-eo 9f05d54432b0
-es-AR 3a197d57ec4c
+eo eb148ada0d56
+es-AR 08d927e7ad92
es-CL 02584a2d25b7
es-ES 1c9d3c3c689d
-es-MX 34a4e978e28e
+es-MX 6435282dbc75
et e29f6a05d5a8
-eu 8e603c97e31c
+eu 756e60b234ec
fa 8aee74bd73fe
ff b529c4fc084b
-fi 85224ec9f9d6
+fi 124ad6d2caeb
fr 87ec33d89386
-fy-NL 9bf0802a31d8
+fy-NL 3705ebdd28f5
ga-IE 2453123d83ab
gd da7de9b6e635
gl 99003c9cd063
gn 54547111d875
-gu-IN fbd546c0da2a
+gu-IN 88180147b7f5
he 9837e2cc4a95
hi-IN e1dddb32c7d0
hr 1699e5d11dfc
-hsb 56456696b55c
+hsb b779311b0bd0
hu 5f446a971f03
hy-AM 024da8b34b46
-id b782e4d9b6a6
-is 565cadb6758e
-it 00f4de3aba14
-ja ae05620172df
-ja-JP-mac 3a189aca7466
-ka 9d0112651a6f
-kab a558f864ce7c
-kk b4cb376272cf
-km 49d745556f4e
+id 0f0141ed9bb6
+is 4b3c58c9d645
+it 6e2c7978b0e7
+ja f30c0c2f2bc4
+ja-JP-mac 4230da7b0695
+ka 6650158784f6
+kab 6b3c6e707013
+kk 1e85339bcb5c
+km d934d1e2fbba
kn 9d356f38d208
-ko f6b025aac29f
+ko 6370c2a0f030
lij 0ab26fda46bc
-lt d82f8f2933b8
-lv ff8bed2caedd
+lt 450e1219d46f
+lv 78a846f93b16
mai 53cf7cd14176
mk 3d22bc5b8e99
ml 128c7b806403
mr 074d705e44b7
-ms 58d9543d90aa
+ms 7fa602755a3b
my eee9ab816d7c
-nb-NO dfa15b2830ca
+nb-NO 963968719128
ne-NP c318f683bdb7
-nl d9160f9af08a
-nn-NO e1d2d5f62b8d
+nl fca30e75c8a2
+nn-NO 484b14dee153
or 9420e75f84ba
pa-IN 5634ac6e7d9b
pl 45fa8ed87819
-pt-BR 3c1f75571616
-pt-PT 28b28e71f40c
+pt-BR 38d2f920e7b1
+pt-PT 60446c901737
rm cf0859e63177
-ro ce4a00c06847
-ru 1caf2ee86cdc
+ro 7fea5671214f
+ru 67b070efcbd9
si 5b5533ef2e97
-sk cfc3d731a936
-sl cc7e13e52830
+sk 4c17a502b748
+sl 8c446da2c7c5
son 914d74ec145e
sq 704b52416e5e
-sr 437a6f8a9d2c
-sv-SE 4a250a2a3388
+sr cbf4a5eafb4d
+sv-SE 2e8d40795c69
ta 26d7cbe37e4a
-te d30aefb49f2f
+te 9338813fedc1
th aa91b43781fe
-tr 860f0ea58677
-uk 9dba20dbbdaf
+tr a392fcf83ab9
+uk 214311bf7877
ur 60247a51a921
uz 51175e255277
-vi 5d5d980a351f
+vi 2731355cccc7
xh a756d272d1fe
zh-CN 9ab59b4c446a
-zh-TW fd0c8d18944d
+zh-TW a56ff00fa7b0