Hello community,
here is the log from the commit of package MozillaFirefox for openSUSE:Factory checked in at 2016-08-12 15:35:01
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/MozillaFirefox (Old)
and /work/SRC/openSUSE:Factory/.MozillaFirefox.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "MozillaFirefox"
Changes:
--------
--- /work/SRC/openSUSE:Factory/MozillaFirefox/MozillaFirefox.changes 2016-07-27 16:08:48.000000000 +0200
+++ /work/SRC/openSUSE:Factory/.MozillaFirefox.new/MozillaFirefox.changes 2016-08-12 15:35:03.000000000 +0200
@@ -1,0 +2,81 @@
+Fri Aug 5 13:47:12 UTC 2016 - pcerny@suse.com
+
+- Fix for possible buffer overrun (bsc#990856)
+ CVE-2016-6354 (bmo#1292534)
+ [mozilla-flex_buffer_overrun.patch]
+
+-------------------------------------------------------------------
+Wed Aug 3 03:38:47 UTC 2016 - badshah400@gmail.com
+
+- Update mozilla-gtk3_20.patch to latest version from Fedora.
+
+-------------------------------------------------------------------
+Mon Aug 1 12:37:05 UTC 2016 - wr@rosenauer.org
+
+- update to Firefox 48.0 (boo#991809)
+ * requires NSS 3.24
+ * Process separation (e10s) is enabled for some of you
+ * Add-ons that have not been verified and signed by Mozilla will not load
+ * WebRTC embetterments
+ * The media parser has been redeveloped using the Rust programming
+ language
+ * better Canvas performance with speedy Skia support
+ security fixes:
+ * MFSA 2016-62/CVE-2016-2835/CVE-2016-2836
+ Miscellaneous memory safety hazards
+ * MFSA 2016-63/CVE-2016-2830 (bmo#1255270)
+ Favicon network connection can persist when page is closed
+ * MFSA 2016-64/CVE-2016-2838 (bmo#1279814)
+ Buffer overflow rendering SVG with bidirectional content
+ * MFSA 2016-65/CVE-2016-2839 (bmo#1275339)
+ Cairo rendering crash due to memory allocation issue with FFmpeg 0.10
+ * MFSA 2016-66/CVE-2016-5251 (bmo#1255570)
+ Location bar spoofing via data URLs with malformed/invalid mediatypes
+ * MFSA 2016-67/CVE-2016-5252 (bmo#1268854)
+ Stack underflow during 2D graphics rendering
+ * MFSA 2016-68/CVE-2016-0718 (bmo#1236923)
+ Out-of-bounds read during XML parsing in Expat library
+ * MFSA 2016-69/CVE-2016-5253 (bmo#1246944)
+ Arbitrary file manipulation by local user through Mozilla updater
+ and callback application path parameter (Windows-only)
+ * MFSA 2016-70/CVE-2016-5254 (bmo#1266963)
+ Use-after-free when using alt key and toplevel menus
+ * MFSA 2016-71/CVE-2016-5255 (bmo#1212356)
+ Crash in incremental garbage collection in JavaScript
+ * MFSA 2016-72/CVE-2016-5258 (bmo#1279146)
+ Use-after-free in DTLS during WebRTC session shutdown
+ * MFSA 2016-73/CVE-2016-5259 (bmo#1282992)
+ Use-after-free in service workers with nested sync events
+ * MFSA 2016-74/CVE-2016-5260 (bmo#1280294)
+ Form input type change from password to text can store plain
+ text password in session restore file
+ * MFSA 2016-75/CVE-2016-5261 (bmo#1287266)
+ Integer overflow in WebSockets during data buffering
+ * MFSA 2016-76/CVE-2016-5262 (bmo#1277475)
+ Scripts on marquee tag can execute in sandboxed iframes
+ * MFSA 2016-77/CVE-2016-2837 (bmo#1274637)
+ Buffer overflow in ClearKey Content Decryption Module (CDM)
+ during video playback
+ * MFSA 2016-78/CVE-2016-5263 (bmo#1276897)
+ Type confusion in display transformation
+ * MFSA 2016-79/CVE-2016-5264 (bmo#1286183)
+ Use-after-free when applying SVG effects
+ * MFSA 2016-80/CVE-2016-5265 (bmo#1278013)
+ Same-origin policy violation using local HTML file and saved shortcut file
+ * MFSA 2016-81/CVE-2016-5266 (bmo#1226977)
+ Information disclosure and local file manipulation through drag and drop
+ * MFSA 2016-82/CVE-2016-5267 (bmo#1284372)
+ Addressbar spoofing with right-to-left characters on Firefox for Android
+ (Android only)
+ * MFSA 2016-83/CVE-2016-5268 (bmo#1253673)
+ Spoofing attack through text injection into internal error pages
+ * MFSA 2016-84/CVE-2016-5250 (bmo#1254688)
+ Information disclosure through Resource Timing API during page navigation
+- removed obsolete mozilla-gcc6.patch
+
+-------------------------------------------------------------------
+Fri Jul 29 01:26:13 UTC 2016 - badshah400@gmail.com
+
+- Update description and screenshots in appdata.xml file.
+
+-------------------------------------------------------------------
Old:
----
firefox-47.0.1-source.tar.xz
l10n-47.0.1.tar.xz
mozilla-gcc6.patch
New:
----
firefox-48.0-source.tar.xz
l10n-48.0.tar.xz
mozilla-flex_buffer_overrun.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ MozillaFirefox.spec ++++++
--- /var/tmp/diff_new_pack.A3qkPk/_old 2016-08-12 15:35:17.000000000 +0200
+++ /var/tmp/diff_new_pack.A3qkPk/_new 2016-08-12 15:35:17.000000000 +0200
@@ -1,7 +1,7 @@
#
# spec file for package MozillaFirefox
#
-# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2016 SUSE LINUX Products GmbH, Nuernberg, Germany.
# 2006-2016 Wolfgang Rosenauer
#
# All modifications and additions to the file contributed by third parties
@@ -18,10 +18,10 @@
# changed with every update
-%define major 47
-%define mainver %major.0.1
+%define major 48
+%define mainver %major.0
%define update_channel release
-%define releasedate 20160628000000
+%define releasedate 20160730000000
# PIE, full relro (x86_64 for now)
%define build_hardened 1
@@ -75,7 +75,7 @@
BuildRequires: libproxy-devel
BuildRequires: makeinfo
BuildRequires: mozilla-nspr-devel >= 4.12
-BuildRequires: mozilla-nss-devel >= 3.23
+BuildRequires: mozilla-nss-devel >= 3.24
BuildRequires: nss-shared-helper-devel
BuildRequires: python-devel
BuildRequires: startup-notification-devel
@@ -146,7 +146,6 @@
Patch11: mozilla-reduce-files-per-UnifiedBindings.patch
Patch12: mozilla-gtk3_20.patch
Patch13: mozilla-check_return.patch
-Patch14: mozilla-gcc6.patch
Patch15: mozilla-exclude-nametablecpp.patch
Patch16: mozilla-aarch64-48bit-va.patch
Patch17: mozilla-binutils-visibility.patch
@@ -154,6 +153,9 @@
Patch101: firefox-kde.patch
Patch102: firefox-no-default-ualocale.patch
Patch103: firefox-branded-icons.patch
+# hotfix
+Patch150: mozilla-flex_buffer_overrun.patch
+
BuildRoot: %{_tmppath}/%{name}-%{version}-build
Requires(post): coreutils shared-mime-info desktop-file-utils
Requires(postun): shared-mime-info desktop-file-utils
@@ -262,7 +264,6 @@
%patch12 -p1
%endif
%patch13 -p1
-%patch14 -p1
%patch15 -p1
%patch16 -p1
%patch17 -p1
@@ -270,6 +271,7 @@
%patch101 -p1
%patch102 -p1
%patch103 -p1
+%patch150 -p1
%build
# no need to add build time to binaries
@@ -322,10 +324,6 @@
mk_add_options MOZ_OBJDIR=@TOPSRCDIR@/../obj
. \$topsrcdir/browser/config/mozconfig
ac_add_options --prefix=%{_prefix}
-ac_add_options --libdir=%{_libdir}
-ac_add_options --sysconfdir=%{_sysconfdir}
-ac_add_options --mandir=%{_mandir}
-ac_add_options --includedir=%{_includedir}
ac_add_options --enable-release
%if 0%{?firefox_use_gtk3}
ac_add_options --enable-default-toolkit=cairo-gtk3
@@ -580,7 +578,6 @@
%dir %{progdir}/gtk2
%{progdir}/gtk2/libmozgtk.so
%endif
-%{progdir}/webapprt/
%{progdir}/gmp-clearkey/
%attr(755,root,root) %{progdir}/%{progname}.sh
%{progdir}/firefox
@@ -588,10 +585,10 @@
%{progdir}/application.ini
%{progdir}/dependentlibs.list
%{progdir}/*.so
+%{progdir}/icudt56l.dat
%{progdir}/omni.ja
%{progdir}/platform.ini
%{progdir}/plugin-container
-%{progdir}/webapprt-stub
%if %crashreporter
%{progdir}/crashreporter
%{progdir}/crashreporter.ini
++++++ compare-locales.tar.xz ++++++
++++++ create-tar.sh ++++++
--- /var/tmp/diff_new_pack.A3qkPk/_old 2016-08-12 15:35:17.000000000 +0200
+++ /var/tmp/diff_new_pack.A3qkPk/_new 2016-08-12 15:35:17.000000000 +0200
@@ -1,14 +1,14 @@
#!/bin/bash
# TODO
-# http://ftp.mozilla.org/pub/firefox/candidates/46.0-candidates/build5/linux-x...
-# "moz_source_stamp": "078baf501b55eaa47f3b189fda4dd28dae1fa257"
-# http://ftp.mozilla.org/pub/firefox/candidates/46.0-candidates/build5/l10n_ch...
+# http://ftp.mozilla.org/pub/firefox/candidates/48.0-candidates/build2/linux-x...
+# "moz_source_stamp": "c1de04f39fa956cfce83f6065b0e709369215ed5"
+# http://ftp.mozilla.org/pub/firefox/candidates/48.0-candidates/build2/l10n_ch...
CHANNEL="release"
BRANCH="releases/mozilla-$CHANNEL"
-RELEASE_TAG="FIREFOX_47_0_1_RELEASE"
-VERSION="47.0.1"
+RELEASE_TAG="c1de04f39fa956cfce83f6065b0e709369215ed5"
+VERSION="48.0"
# mozilla
if [ -d mozilla ]; then
++++++ firefox-47.0.1-source.tar.xz -> firefox-48.0-source.tar.xz ++++++
/work/SRC/openSUSE:Factory/MozillaFirefox/firefox-47.0.1-source.tar.xz /work/SRC/openSUSE:Factory/.MozillaFirefox.new/firefox-48.0-source.tar.xz differ: char 26, line 1
++++++ firefox-appdata.xml ++++++
--- /var/tmp/diff_new_pack.A3qkPk/_old 2016-08-12 15:35:17.000000000 +0200
+++ /var/tmp/diff_new_pack.A3qkPk/_new 2016-08-12 15:35:17.000000000 +0200
@@ -4,19 +4,45 @@
so maintain a stub in here.
-->
-<application>
+<component>
<id type="desktop">firefox.desktop</id>