--- a/MozillaFirefox/MozillaFirefox.changes Wed May 15 19:43:42 2019 +0200
+++ b/MozillaFirefox/MozillaFirefox.changes Thu May 23 09:16:13 2019 +0200
@@ -1,5 +1,5 @@
-------------------------------------------------------------------
-Tue May 14 10:34:08 UTC 2019 - Wolfgang Rosenauer <wr@rosenauer.org>
+Sun May 19 20:40:30 UTC 2019 - Wolfgang Rosenauer <wr@rosenauer.org>
- Mozilla Firefox 67.0
* Firefox 67 will be able to run different Firefox installs side by side
@@ -19,6 +19,56 @@
own avatar
* Enable FIDO U2F API, and permit registrations for Google Accounts
* Enabled AV1 support on Linux
+ MFSA 2019-13
+ * CVE-2019-9815 (bmo#1546544)
+ Disable hyperthreading on content JavaScript threads on macOS
+ * CVE-2019-9816 (bmo#1536768)
+ Type confusion with object groups and UnboxedObjects
+ * CVE-2019-9817 (bmo#1540221)
+ Stealing of cross-domain images using canvas
+ * CVE-2019-9818 (bmo#1542581) (Windows only)
+ Use-after-free in crash generation server
+ * CVE-2019-9819 (bmo#1532553)
+ Compartment mismatch with fetch API
+ * CVE-2019-9820 (bmo#1536405)
+ Use-after-free of ChromeEventHandler by DocShell
+ * CVE-2019-9821 (bmo#1539125)
+ Use-after-free in AssertWorkerThread
+ * CVE-2019-11691 (bmo#1542465)
+ Use-after-free in XMLHttpRequest
+ * CVE-2019-11692 (bmo#1544670)
+ Use-after-free removing listeners in the event listener manager
+ * CVE-2019-11693 (bmo#1532525)
+ Buffer overflow in WebGL bufferdata on Linux
+ * CVE-2019-7317 (bmo#1542829)
+ Use-after-free in png_image_free of libpng library
+ * CVE-2019-11694 (bmo#1534196) (Windows only)
+ Uninitialized memory memory leakage in Windows sandbox
+ * CVE-2019-11695 (bmo#1445844)
+ Custom cursor can render over user interface outside of web content
+ * CVE-2019-11696 (bmo#1392955)
+ Java web start .JNLP files are not recognized as executable files
+ for download prompts
+ * CVE-2019-11697 (bmo#1440079)
+ Pressing key combinations can bypass installation prompt delays and
+ install extensions
+ * CVE-2019-11698 (bmo#1543191)
+ Theft of user history data through drag and drop of hyperlinks
+ to and from bookmarks
+ * CVE-2019-11700 (bmo#1549833) (Windows only)
+ res: protocol can be used to open known local files
+ * CVE-2019-11699 (bmo#1528939)
+ Incorrect domain name highlighting during page navigation
+ * CVE-2019-11701 (bmo#1518627)
+ webcal: protocol default handler loads vulnerable web page
+ * CVE-2019-9814 (bmo#1527592, bmo#1534536, bmo#1520132, bmo#1543159,
+ bmo#1539393, bmo#1459932, bmo#1459182, bmo#1516425)
+ Memory safety bugs fixed in Firefox 67
+ * CVE-2019-9800 (bmo#1540166, bmo#1534593, bmo#1546327, bmo#1540136,
+ bmo#1538736, bmo#1538042, bmo#1535612, bmo#1499719, bmo#1499108,
+ bmo#1538619, bmo#1535194, bmo#1516325, bmo#1542324, bmo#1542097,
+ bmo#1532465, bmo#1533554, bmo#1541580)
+ Memory safety bugs fixed in Firefox 67 and Firefox ESR 60.7
- requires
* rust/cargo >= 1.32
* mozilla-nspr >= 4.21
@@ -28,6 +78,12 @@
- KDE integration for default browser detection is broken in this revision
-------------------------------------------------------------------
+Fri May 17 12:04:49 UTC 2019 - Guillaume GARDET <guillaume.gardet@opensuse.org>
+
+- Fix armv7 build with:
+ * mozilla-disable-wasm-emulate-arm-unaligned-fp-access.patch
+
+-------------------------------------------------------------------
Fri May 10 10:30:05 UTC 2019 - Manfred Hollstein <manfred.h@gmx.net>
- Mozilla Firefox 66.0.5
--- a/MozillaFirefox/MozillaFirefox.spec Wed May 15 19:43:42 2019 +0200
+++ b/MozillaFirefox/MozillaFirefox.spec Thu May 23 09:16:13 2019 +0200
@@ -24,7 +24,7 @@
%define orig_suffix %{nil}
%define update_channel release
%define branding 1
-%define releasedate 20190513195729
+%define releasedate 20190516215225
%define source_prefix firefox-%{orig_version}
# always build with GCC as SUSE Security Team requires that
@@ -164,6 +164,7 @@
Patch9: mozilla-bmo1463035.patch
Patch10: mozilla-cubeb-noreturn.patch
Patch11: mozilla-fix-aarch64-libopus.patch
+Patch12: mozilla-disable-wasm-emulate-arm-unaligned-fp-access.patch
# Firefox/browser
Patch101: firefox-kde.patch
Patch102: firefox-branded-icons.patch
@@ -271,6 +272,7 @@
%patch9 -p1
%patch10 -p1
%patch11 -p1
+%patch12 -p1
# Firefox
%patch101 -p1
%patch102 -p1
--- a/MozillaFirefox/create-tar.sh Wed May 15 19:43:42 2019 +0200
+++ b/MozillaFirefox/create-tar.sh Thu May 23 09:16:13 2019 +0200
@@ -7,7 +7,7 @@
CHANNEL="release"
BRANCH="releases/mozilla-$CHANNEL"
-RELEASE_TAG="3126a5c2560c34a8acb33d62e54b2be0f704a190"
+RELEASE_TAG="2a7896ba9aa5d982abe01f859d771d411fda8101"
VERSION="67.0"
VERSION_SUFFIX=""
LOCALE_FILE="firefox-$VERSION/browser/locales/l10n-changesets.json"
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/MozillaFirefox/mozilla-disable-wasm-emulate-arm-unaligned-fp-access.patch Thu May 23 09:16:13 2019 +0200
@@ -0,0 +1,1 @@
+../mozilla-disable-wasm-emulate-arm-unaligned-fp-access.patch
\ No newline at end of file
--- a/MozillaFirefox/source-stamp.txt Wed May 15 19:43:42 2019 +0200
+++ b/MozillaFirefox/source-stamp.txt Thu May 23 09:16:13 2019 +0200
@@ -1,2 +1,2 @@
-REV=3126a5c2560c34a8acb33d62e54b2be0f704a190
+REV=2a7896ba9aa5d982abe01f859d771d411fda8101
REPO=http://hg.mozilla.org/releases/mozilla-release
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/mozilla-disable-wasm-emulate-arm-unaligned-fp-access.patch Thu May 23 09:16:13 2019 +0200
@@ -0,0 +1,11 @@
+--- a/js/src/wasm/WasmSignalHandlers.cpp 2019-05-16 11:25:13.260881532 +0200
++++ b/js/src/wasm/WasmSignalHandlers.cpp 2019-05-16 11:24:35.164589301 +0200
+@@ -243,7 +243,7 @@ using mozilla::DebugOnly;
+ // emulation here.
+
+ #if defined(__linux__) && defined(__arm__)
+-# define WASM_EMULATE_ARM_UNALIGNED_FP_ACCESS
++// # define WASM_EMULATE_ARM_UNALIGNED_FP_ACCESS
+ #endif
+
+ #ifdef WASM_EMULATE_ARM_UNALIGNED_FP_ACCESS
--- a/series Wed May 15 19:43:42 2019 +0200
+++ b/series Thu May 23 09:16:13 2019 +0200
@@ -7,6 +7,7 @@
mozilla-bmo1463035.patch
mozilla-cubeb-noreturn.patch
mozilla-fix-aarch64-libopus.patch
+mozilla-disable-wasm-emulate-arm-unaligned-fp-access.patch
# Firefox patches
firefox-kde.patch