- update to Firefox 52.2esr (boo#1043960)

MFSA 2017-16
  * CVE-2017-5472 (bmo#1365602)
    Use-after-free using destroyed node when regenerating trees
  * CVE-2017-7749 (bmo#1355039)
    Use-after-free during docshell reloading
  * CVE-2017-7750 (bmo#1356558)
    Use-after-free with track elements
  * CVE-2017-7751 (bmo#1363396)
    Use-after-free with content viewer listeners
  * CVE-2017-7752 (bmo#1359547)
    Use-after-free with IME input
  * CVE-2017-7754 (bmo#1357090)
    Out-of-bounds read in WebGL with ImageInfo object
  * CVE-2017-7755 (bmo#1361326)
    Privilege escalation through Firefox Installer with same
    directory DLL files (Windows only)
  * CVE-2017-7756 (bmo#1366595)
    Use-after-free and use-after-scope logging XHR header errors
  * CVE-2017-7757 (bmo#1356824)
    Use-after-free in IndexedDB
  * CVE-2017-7778, CVE-2017-7778, CVE-2017-7771, CVE-2017-7772,
    CVE-2017-7773, CVE-2017-7774, CVE-2017-7775, CVE-2017-7776,
    CVE-2017-7777
    Vulnerabilities in the Graphite 2 library
  * CVE-2017-7758 (bmo#1368490)
    Out-of-bounds read in Opus encoder
  * CVE-2017-7760 (bmo#1348645)
    File manipulation and privilege escalation via callback parameter
    in Mozilla Windows Updater and Maintenance Service (Windows only)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=594

MozillaFirefox.changes

@@ -1,3 +1,58 @@
+-------------------------------------------------------------------
+Wed Jun 14 07:08:29 UTC 2017 - wr@rosenauer.org
+
+- update to Firefox 52.2esr (boo#1043960)
+  MFSA 2017-16
+  * CVE-2017-5472 (bmo#1365602)
+    Use-after-free using destroyed node when regenerating trees
+  * CVE-2017-7749 (bmo#1355039)
+    Use-after-free during docshell reloading
+  * CVE-2017-7750 (bmo#1356558)
+    Use-after-free with track elements
+  * CVE-2017-7751 (bmo#1363396)
+    Use-after-free with content viewer listeners
+  * CVE-2017-7752 (bmo#1359547)
+    Use-after-free with IME input
+  * CVE-2017-7754 (bmo#1357090)
+    Out-of-bounds read in WebGL with ImageInfo object
+  * CVE-2017-7755 (bmo#1361326)
+    Privilege escalation through Firefox Installer with same
+    directory DLL files (Windows only)
+  * CVE-2017-7756 (bmo#1366595)
+    Use-after-free and use-after-scope logging XHR header errors
+  * CVE-2017-7757 (bmo#1356824)
+    Use-after-free in IndexedDB
+  * CVE-2017-7778, CVE-2017-7778, CVE-2017-7771, CVE-2017-7772,
+    CVE-2017-7773, CVE-2017-7774, CVE-2017-7775, CVE-2017-7776,
+    CVE-2017-7777
+    Vulnerabilities in the Graphite 2 library
+  * CVE-2017-7758 (bmo#1368490)
+    Out-of-bounds read in Opus encoder
+  * CVE-2017-7760 (bmo#1348645)
+    File manipulation and privilege escalation via callback parameter
+    in Mozilla Windows Updater and Maintenance Service (Windows only)
+  * CVE-2017-7761 (bmo#1215648)
+    File deletion and privilege escalation through Mozilla Maintenance
+    Service helper.exe application (Windows only)
+  * CVE-2017-7764 (bmo#1364283)
+    Domain spoofing with combination of Canadian Syllabics and other
+    unicode blocks
+  * CVE-2017-7765 (bmo#1273265)
+    Mark of the Web bypass when saving executable files (Windows only)
+  * CVE-2017-7766 (bmo#1342742)
+    File execution and privilege escalation through updater.ini,
+    Mozilla Windows Updater, and Mozilla Maintenance Service
+    (Windows only)
+  * CVE-2017-7767 (bmo#1336964)
+    Privilege escalation and arbitrary file overwrites through Mozilla
+    Windows Updater and Mozilla Maintenance Service (Windows only)
+  * CVE-2017-7768 (bmo#1336979)
+    32 byte arbitrary file read through Mozilla Maintenance Service
+    (Windows only)
+  * CVE-2017-5470
+    Memory safety bugs fixed in Firefox 54 and Firefox ESR 52.2
+- requires NSS 3.28.5
+
 -------------------------------------------------------------------
 Tue May 23 14:00:40 UTC 2017 - wr@rosenauer.org
 

MozillaFirefox.spec

@@ -19,9 +19,9 @@
 
 # changed with every update
 %define major 52
-%define mainver %major.1.1
+%define mainver %major.2
 %define update_channel esr52
-%define releasedate 20170504000000
+%define releasedate 20170612000000
 
 # PIE, full relro (x86_64 for now)
 %define build_hardened 1
@@ -82,7 +82,7 @@ BuildRequires:  libnotify-devel
 BuildRequires:  libproxy-devel
 BuildRequires:  makeinfo
 BuildRequires:  mozilla-nspr-devel >= 4.13.1
-BuildRequires:  mozilla-nss-devel >= 3.28.4
+BuildRequires:  mozilla-nss-devel >= 3.28.5
 BuildRequires:  nss-shared-helper-devel
 BuildRequires:  python-devel
 BuildRequires:  startup-notification-devel

compare-locales.tar.xz

@@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:e214ffffe1a35265eb8ea61ba630866a252b2402ecbec6e7137868b4edebafe2
-size 28356
+oid sha256:c120f40aa9fa97dc2e9debb0398514dc5873481b65322b645186a476cd49f555
+size 28380

create-tar.sh

@@ -7,8 +7,8 @@
 
 CHANNEL="esr52"
 BRANCH="releases/mozilla-$CHANNEL"
-RELEASE_TAG="FIREFOX_52_1_1esr_RELEASE"
-VERSION="52.1.1"
+RELEASE_TAG="FIREFOX_52_2_0esr_RELEASE"
+VERSION="52.2"
 
 # mozilla
 if [ -d mozilla ]; then

firefox-52.1.1-source.tar.xz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:1ccdee46cb8d78145281de57501dee34f4e5eb71f6e98746e3d4b1b6faf09920
-size 222469016

firefox-52.2-source.tar.xz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:298e38ec2f230482e081693ebf27add8b4de68782639ec5446102a5e42847b3b
+size 222356940

l10n-52.1.1.tar.xz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:a856562b32f7d214bd71f756e2e360c702faebc2b739ddbd2adc77063f893cc0
-size 45025968

l10n-52.2.tar.xz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:508eaf325e8fec62e5147c3ade233b7a32afedc06fff2262115174ffab66c36b
+size 45016424

source-stamp.txt

@@ -1,2 +1,2 @@
-REV=120111e65bc4
+REV=f68e0d98a22a
 REPO=http://hg.mozilla.org/releases/mozilla-esr52