Hello community,
here is the log from the commit of package MozillaFirefox for openSUSE:Factory checked in at 2017-01-29 10:30:32
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/MozillaFirefox (Old)
and /work/SRC/openSUSE:Factory/.MozillaFirefox.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "MozillaFirefox"
Changes:
--------
--- /work/SRC/openSUSE:Factory/MozillaFirefox/MozillaFirefox.changes 2016-12-16 12:04:56.845467773 +0100
+++ /work/SRC/openSUSE:Factory/.MozillaFirefox.new/MozillaFirefox.changes 2017-02-03 17:30:24.918573722 +0100
@@ -1,0 +2,82 @@
+Fri Jan 27 20:25:59 UTC 2017 - astieger@suse.com
+
+- Mozilla Firefox 51.0.1:
+ - Multiprocess incompatibility did not correctly register with
+ some add-ons (bmo#1333423)
+
+-------------------------------------------------------------------
+Fri Jan 20 13:57:56 UTC 2017 - wr@rosenauer.org
+
+- update to Firefox 51.0
+ * requires NSPR >= 4.13.1, NSS >= 3.28.1
+ * Added support for FLAC (Free Lossless Audio Codec) playback
+ * Added support for WebGL 2
+ * Added Georgian (ka) and Kabyle (kab) locales
+ * Support saving passwords for forms without 'submit' events
+ * Improved video performance for users without GPU acceleration
+ * Zoom indicator is shown in the URL bar if the zoom level is not
+ at default level
+ * View passwords from the prompt before saving them
+ * Remove Belarusian (be) locale
+ * Use Skia for content rendering (Linux)
+ * MFSA 2017-01
+ CVE-2017-5375: Excessive JIT code allocation allows bypass of
+ ASLR and DEP (bmo#1325200, boo#1021814)
+ CVE-2017-5376: Use-after-free in XSL (bmo#1311687, boo#1021817)
+ CVE-2017-5377: Memory corruption with transforms to create
+ gradients in Skia (bmo#1306883, boo#1021826)
+ CVE-2017-5378: Pointer and frame data leakage of Javascript objects
+ (bmo#1312001, bmo#1330769, boo#1021818)
+ CVE-2017-5379: Use-after-free in Web Animations
+ (bmo#1309198,boo#1021827)
+ CVE-2017-5380: Potential use-after-free during DOM manipulations
+ (bmo#1322107, boo#1021819)
+ CVE-2017-5390: Insecure communication methods in Developer Tools
+ JSON viewer (bmo#1297361, boo#1021820)
+ CVE-2017-5389: WebExtensions can install additional add-ons via
+ modified host requests (bmo#1308688, boo#1021828)
+ CVE-2017-5396: Use-after-free with Media Decoder
+ (bmo#1329403, boo#1021821)
+ CVE-2017-5381: Certificate Viewer exporting can be used to navigate
+ and save to arbitrary filesystem locations
+ (bmo#1017616, boo#1021830)
+ CVE-2017-5382: Feed preview can expose privileged content errors
+ and exceptions (bmo#1295322, boo#1021831)
+ CVE-2017-5383: Location bar spoofing with unicode characters
+ (bmo#1323338, bmo#1324716, boo#1021822)
+ CVE-2017-5384: Information disclosure via Proxy Auto-Config (PAC)
+ (bmo#1255474, boo#1021832)
+ CVE-2017-5385: Data sent in multipart channels ignores referrer-policy
+ response headers (bmo#1295945, boo#1021833)
+ CVE-2017-5386: WebExtensions can use data: protocol to affect other
+ extensions (bmo#1319070, boo#1021823)
+ CVE-2017-5394: Android location bar spoofing using fullscreen and
+ JavaScript events (bmo#1222798)
+ CVE-2017-5391: Content about: pages can load privileged about: pages
+ (bmo#1309310, boo#1021835)
+ CVE-2017-5392: Weak references using multiple threads on weak proxy
+ objects lead to unsafe memory usage (bmo#1293709)
+ (Android only)
+ CVE-2017-5393: Remove addons.mozilla.org CDN from whitelist for
+ mozAddonManager (bmo#1309282, boo#1021837)
+ CVE-2017-5395: Android location bar spoofing during scrolling
+ (bmo#1293463) (Android only)
+ CVE-2017-5387: Disclosure of local file existence through TRACK
+ tag error messages (bmo#1295023, boo#1021839)
+ CVE-2017-5388: WebRTC can be used to generate a large amount of
+ UDP traffic for DDOS attacks
+ (bmo#1281482, boo#1021840)
+ CVE-2017-5374: Memory safety bugs fixed in Firefox 51 (boo#1021841)
+ CVE-2017-5373: Memory safety bugs fixed in Firefox 51 and
+ Firefox ESR 45.7 (boo#1021824)
+- switch Firefox to Gtk3 for Tumbleweed
+- removed obsolete patches
+ * mozilla-flex_buffer_overrun.patch
+- updated RPM locale support tag
+- improve recognition of LANGUAGE env variable (boo#1017174)
+- add upstream patch to fix PPC64LE (bmo#1319389)
+ (mozilla-skia-ppc-endianess.patch)
+- fix build without skia (big endian archs) (bmo#1319374)
+ (mozilla-disable-skia-be.patch)
+
+-------------------------------------------------------------------
Old:
----
firefox-50.1.0-source.tar.xz
l10n-50.1.0.tar.xz
mozilla-flex_buffer_overrun.patch
New:
----
firefox-51.0.1-source.tar.xz
l10n-51.0.1.tar.xz
mozilla-disable-skia-be.patch
mozilla-skia-ppc-endianess.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ MozillaFirefox.spec ++++++
--- /var/tmp/diff_new_pack.VKSR2V/_old 2017-02-03 17:30:35.801033481 +0100
+++ /var/tmp/diff_new_pack.VKSR2V/_new 2017-02-03 17:30:35.805032915 +0100
@@ -1,8 +1,8 @@
#
# spec file for package MozillaFirefox
#
-# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany.
-# 2006-2016 Wolfgang Rosenauer
+# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany.
+# 2006-2017 Wolfgang Rosenauer
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -18,10 +18,10 @@
# changed with every update
-%define major 50
-%define mainver %major.1.0
+%define major 51
+%define mainver %major.0.1
%define update_channel release
-%define releasedate 20161212000000
+%define releasedate 20170126000000
# PIE, full relro (x86_64 for now)
%define build_hardened 1
@@ -36,6 +36,9 @@
%define pkgname firefox-dev-edition
%define appname Firefox Developer Edition
%endif
+%if 0%{?suse_version} > 1320
+%define firefox_use_gtk3 1
+%endif
%define progdir %{_prefix}/%_lib/%{progname}
%define gnome_dir %{_prefix}
%define desktop_file_name %{progname}
@@ -74,8 +77,8 @@
BuildRequires: libnotify-devel
BuildRequires: libproxy-devel
BuildRequires: makeinfo
-BuildRequires: mozilla-nspr-devel >= 4.12
-BuildRequires: mozilla-nss-devel >= 3.26.2
+BuildRequires: mozilla-nspr-devel >= 4.13.1
+BuildRequires: mozilla-nss-devel >= 3.28.1
BuildRequires: nss-shared-helper-devel
BuildRequires: python-devel
BuildRequires: startup-notification-devel
@@ -147,12 +150,13 @@
Patch13: mozilla-check_return.patch
Patch14: mozilla-skia-overflow.patch
Patch17: mozilla-binutils-visibility.patch
+Patch18: mozilla-skia-ppc-endianess.patch
+Patch19: mozilla-disable-skia-be.patch
# Firefox/browser
Patch101: firefox-kde.patch
Patch102: firefox-no-default-ualocale.patch
Patch103: firefox-branded-icons.patch
# hotfix
-Patch150: mozilla-flex_buffer_overrun.patch
Patch200: mozilla-aarch64-startup-crash.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
@@ -203,7 +207,7 @@
%package translations-other
Summary: Extra translations for %{appname}
Group: System/Localization
-Provides: locale(%{name}:ach;af;an;as;ast;az;be;bg;bn_BD;bn_IN;br;bs;cak;cy;dsb;en_ZA;eo;es_MX;et;eu;fa;ff;fy_NL;ga_IE;gd;gl;gn;gu_IN;he;hi_IN;hr;hsb;hy_AM;id;is;kk;km;kn;lij;lt;lv;mai;mk;ml;mr;ms;nn_NO;or;pa_IN;rm;ro;si;sk;sl;son;sq;sr;ta;te;th;tr;uk;uz;vi;xh)
+Provides: locale(%{name}:ach;af;an;as;ast;az;bg;bn_BD;bn_IN;br;bs;cak;cy;dsb;en_ZA;eo;es_MX;et;eu;fa;ff;fy_NL;ga_IE;gd;gl;gn;gu_IN;he;hi_IN;hr;hsb;hy_AM;id;is;ka;kab;kk;km;kn;lij;lt;lv;mai;mk;ml;mr;ms;nn_NO;or;pa_IN;rm;ro;si;sk;sl;son;sq;sr;ta;te;th;tr;uk;uz;vi;xh)
Requires: %{name} = %{version}
Obsoletes: %{name}-translations < %{version}-%{release}
@@ -262,11 +266,12 @@
%patch13 -p1
%patch14 -p1
%patch17 -p1
+%patch18 -p1
+%patch19 -p1
# Firefox
%patch101 -p1
%patch102 -p1
%patch103 -p1
-%patch150 -p1
%patch200 -p1
%build
@@ -397,9 +402,9 @@
%if %localize
rm -f %{_tmppath}/translations.*
touch %{_tmppath}/translations.{common,other}
-for locale in $(awk '{ print $1; }' ../mozilla/browser/locales/shipped-locales); do
+for locale in $(awk '{ print $1; }' %{SOURCE17}); do
case $locale in
- ja-JP-mac|en-US)
+ ja-JP-mac|en-US|'')
;;
*)
pushd $RPM_BUILD_DIR/compare-locales
++++++ compare-locales.tar.xz ++++++
++++++ create-tar.sh ++++++
--- /var/tmp/diff_new_pack.VKSR2V/_old 2017-02-03 17:30:35.993006310 +0100
+++ /var/tmp/diff_new_pack.VKSR2V/_new 2017-02-03 17:30:35.993006310 +0100
@@ -7,8 +7,8 @@
CHANNEL="release"
BRANCH="releases/mozilla-$CHANNEL"
-RELEASE_TAG="8612c3320053b796678921f8f23358e3e9df997e"
-VERSION="50.1.0"
+RELEASE_TAG="327e081221b064b05a302d7877c6e4be2949a617"
+VERSION="51.0.1"
# mozilla
if [ -d mozilla ]; then
++++++ firefox-50.1.0-source.tar.xz -> firefox-51.0.1-source.tar.xz ++++++
/work/SRC/openSUSE:Factory/MozillaFirefox/firefox-50.1.0-source.tar.xz /work/SRC/openSUSE:Factory/.MozillaFirefox.new/firefox-51.0.1-source.tar.xz differ: char 26, line 1
++++++ firefox-kde.patch ++++++
--- /var/tmp/diff_new_pack.VKSR2V/_old 2017-02-03 17:30:36.048998386 +0100
+++ /var/tmp/diff_new_pack.VKSR2V/_new 2017-02-03 17:30:36.048998386 +0100
@@ -1,11 +1,11 @@
# HG changeset patch
-# Parent 2cb2f829aabd7e3efaa973a0a8cf99aca9605bdc
+# Parent 2cae514c05c8836ca5b69884d3a07998a5d53e8b
diff --git a/browser/base/content/browser-kde.xul b/browser/base/content/browser-kde.xul
new file mode 100644
--- /dev/null
+++ b/browser/base/content/browser-kde.xul
-@@ -0,0 +1,1200 @@
+@@ -0,0 +1,1119 @@
+#filter substitution
+<?xml version="1.0"?>
+# -*- Mode: HTML -*-
@@ -160,14 +160,7 @@
+ noautofocus="true"
+ hidden="true"
+ flip="none"
-+ level="parent">
-+#ifdef NIGHTLY_BUILD
-+ <hbox id="urlbar-search-footer" flex="1" align="stretch" pack="end">
-+
-+ </hbox>
-+#endif
-+ </panel>
++ level="parent"/>
+
+ <!-- for select dropdowns. The menupopup is what shows the list of options,
+ and the popuponly menulist makes things like the menuactive attributes
@@ -175,7 +168,7 @@
+ popuponly menulist to be its immediate parent. -->
+ <menulist popuponly="true" id="ContentSelectDropdown" hidden="true">
+