- Mozilla Firefox 66.0.1

MFSA 2019-09 (bsc#1130262) * CVE-2019-9810 (bmo#1537924) IonMonkey MArraySlice has incorrect alias information * CVE-2019-9813 (bmo#1538006) Ionmonkey type confusion with __proto__ mutations OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=724
2019-03-23 07:56:11 +00:00 · 2019-03-23 07:56:11 +00:00 · 7e741ea41d
commit 7e741ea41d
parent c35c1573d5
11 changed files with 41 additions and 78 deletions
--- a/MozillaFirefox.changes
+++ b/MozillaFirefox.changes
@ -1,3 +1,13 @@
+-------------------------------------------------------------------
+Fri Mar 22 22:22:08 UTC 2019 - Wolfgang Rosenauer <wr@rosenauer.org>
+
+- Mozilla Firefox 66.0.1
+  MFSA 2019-09 (bsc#1130262)
+  * CVE-2019-9810 (bmo#1537924)
+    IonMonkey MArraySlice has incorrect alias information
+  * CVE-2019-9813 (bmo#1538006)
+    Ionmonkey type confusion with __proto__ mutations
+
 -------------------------------------------------------------------
 Sun Mar 17 10:08:51 UTC 2019 - Wolfgang Rosenauer <wr@rosenauer.org>

@ -23,53 +33,6 @@ Sun Mar 17 10:08:51 UTC 2019 - Wolfgang Rosenauer <wr@rosenauer.org>
    can add individual sites to an exceptions list or turn the blocking
    off.
  * System title bar is hidden by default to match Gnome guideline
-  MFSA 2019-07 (bsc#1129821)
-  * CVE-2019-9790 (bmo#1525145)
-    Use-after-free when removing in-use DOM elements
-  * CVE-2019-9791 (bmo#1530958)
-    Type inference is incorrect for constructors entered through on-stack
-    replacement with IonMonkey
-  * CVE-2019-9792 (bmo#1532599)
-    IonMonkey leaks JS_OPTIMIZED_OUT magic value to script
-  * CVE-2019-9793 (bmo#1528829)
-    Improper bounds checks when Spectre mitigations are disabled
-  * CVE-2019-9794 (bmo#1530103) (Windows only)
-    Command line arguments not discarded during execution
-  * CVE-2019-9795 (bmo#1514682)
-    Type-confusion in IonMonkey JIT compiler
-  * CVE-2019-9796 (bmo#1531277)
-    Use-after-free with SMIL animation controller
-  * CVE-2019-9797 (bmo#1528909)
-    Cross-origin theft of images with createImageBitmap
-  * CVE-2019-9798 (bmo#1527534) (Android only)
-    Library is loaded from world writable APITRACE_LIB location
-  * CVE-2019-9799 (bmo#1505678)
-    Information disclosure via IPC channel messages
-  * CVE-2019-9801 (bmo#1527717) (Windows only)
-    Windows programs that are not 'URL Handlers' are exposed to web content
-  * CVE-2019-9802 (bmo#1415508)
-    Chrome process information leak
-  * CVE-2019-9803 (bmo#1515863, bmo#1437009)
-    Upgrade-Insecure-Requests incorrectly enforced for same-origin navigation
-  * CVE-2019-9804 (bmo#1518026) (MacOS only)
-    Code execution through 'Copy as cURL' in Firefox Developer Tools on macOS
-  * CVE-2019-9805 (bmo#1521360)
-    Potential use of uninitialized memory in Prio
-  * CVE-2019-9806 (bmo#1525267)
-    Denial of service through successive FTP authorization prompts
-  * CVE-2019-9807 (bmo#1362050)
-    Text sent through FTP connection can be incorporated into alert messages
-  * CVE-2019-9809 (bmo#1282430, bmo#1523249)
-    Denial of service through FTP modal alert error messages
-  * CVE-2019-9808 (bmo#1434634)
-    WebRTC permissions can display incorrect origin with data: and blob: URLs
-  * CVE-2019-9789 bmo#1520483, bmo#1522987, bmo#1528199, bmo#1519337,
-    bmo#1525549, bmo#1516179, bmo#1518524, bmo#1518331, bmo#1526579,
-    bmo#1512567, bmo#1524335, bmo#1448505, bmo#1518821
-    Memory safety bugs fixed in Firefox 66
-  * CVE-2019-9788 bmo#1518001, bmo#1521304, bmo#1521214, bmo#1506665,
-    bmo#1516834, bmo#1518774, bmo#1524755, bmo#1523362, bmo#1524214, bmo#1529203
-    Memory safety bugs fixed in Firefox 66 and Firefox ESR 60.6
 - updated build/runtime requirements
  * mozilla-nss >= 3.42.1
  * cargo/rust >= 1.31
--- a/MozillaFirefox.spec
+++ b/MozillaFirefox.spec
@ -19,12 +19,12 @@

 # changed with every update
 %define major          66
-%define mainver        %major.0
-%define orig_version   66.0
+%define mainver        %major.0.1
+%define orig_version   66.0.1
 %define orig_suffix    %{nil}
 %define update_channel release
 %define branding       1
-%define releasedate    20190314174725
+%define releasedate    20190322013140
 %define source_prefix  firefox-%{orig_version}

 # always build with GCC as SUSE Security Team requires that
--- a/compare-locales.tar.xz
+++ b/compare-locales.tar.xz
@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:0d8caf841081c71595005496010130f394420abb1597d461a1a5ef4e53f9ec0c
-size 28392
+oid sha256:d7530257de76fe1f757b65d426e38bed888ea25532bc40d5d2eb2072f9a16339
+size 28380
--- a/create-tar.sh
+++ b/create-tar.sh
@ -7,8 +7,8 @@

 CHANNEL="release"
 BRANCH="releases/mozilla-$CHANNEL"
-RELEASE_TAG="164a57c0cdf0088e786e6b966e34fdd3799671d1"
-VERSION="66.0"
+RELEASE_TAG="662e97c691037298df2971fea3def0bb19fe3f93"
+VERSION="66.0.1"
 VERSION_SUFFIX=""
 LOCALE_FILE="firefox-$VERSION/browser/locales/l10n-changesets.json"

--- a/firefox-66.0.1.source.tar.xz
+++ b/firefox-66.0.1.source.tar.xz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:5dd072db4e96f8bbedc62cfab0de3c710d95f7c65fc676f90e1e86bc4b46fab2
+size 281257896
--- a/firefox-66.0.1.source.tar.xz.asc
+++ b/firefox-66.0.1.source.tar.xz.asc
@ -0,0 +1,17 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v2.0.14 (GNU/Linux)
+
+iQIcBAABCAAGBQJclHAbAAoJELu+vbskxvNVlaEQAKFdsTRaL5I5HIZ9IIxB33UQ
+64DWQrHO678XP5UZrokfeNyS2cKpTmUoNjBfsJMZ0yntPE0pMvyZHTL+qonV6OMZ
+83lP2z5pXp5j2opH9AkS+SadwaUeAowVd+5/bYBVNg/VnkojovxWIeH4K3SpEvRE
+jWAh51KD/d+1cAQv0isIYAG0C+yRqObi+VAVazqU32IYvJbSXTN3o5gNq+uAEuUM
+ImLabH03lcWszysCjEFntA6Sj1HGoPfElawbWILwUg02wOE4ymL4vRDg+XEch+9S
+jTPV9DmHFTKN0Faph/UC8+CoHGFgl31j5vrDDUx+i0979pJlNofeZM08IEJh1WmZ
+1UmhECz6NaUJlcG3gJo2BfW07z57VSSoFW5oBDG7dkFgsV/8pX4oKUlGtCdfK4WF
+bH3RxXzT9HK9eqpUQ986vJrI8PfmeWwjFKmBV69ipewahJAPXToWNSLFTBzNU0z4
+xRxj6m+4Wo7Uoa+IDv8/GX3YkSOwmHSIeNpcEGwOWwfzymZu9XvBvVYSBNtIoful
+4Zi+7pewpDjWBg2qJg0VQO6xnyEAcpCjFRdyGBlzZMRv03KI2ELro6Ur4CLBPJwJ
+P4rJ9lAzGzYiESx2L2MtxxY+w0RtU4cfdIFHHplBAHSNjGnIEq0yQEpTyMuv7maS
+aetq6TPqpoafj3AiF3aF
+=g2o5
+-----END PGP SIGNATURE-----
--- a/firefox-66.0.source.tar.xz
+++ b/firefox-66.0.source.tar.xz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:c37b253294826b6d14864dc38342edd5b174e76a272a7e5dbaca007eb2cac7b0
-size 281516416
--- a/firefox-66.0.source.tar.xz.asc
+++ b/firefox-66.0.source.tar.xz.asc
@ -1,17 +0,0 @@
-----BEGIN PGP SIGNATURE-----
-Version: GnuPG v2.0.14 (GNU/Linux)
-
-iQIcBAABCAAGBQJcitNSAAoJELu+vbskxvNVvXkP/3rShiOGBcBZTf/pFHVbv6ZH
-BqVjaFusWpnyz3DvFkSyVLOgqW0lSytL66SYP0xqCIvngmiT8xNTX4Z8gX7F77xw
-W0yYdH7trNbB4otHD7fzWiP2qV+d1Un8PsJHyOayPFM6Vccg0IXkrD0t7fgtZSLq
-zN2ahURRVLXMHouE7bQKFL6X3DLf2R0Rk4sCOn/q0K/ENoXdVLNLcpELzAQLxboZ
-yRPDv2fv/+bBxdgxbeT2i2beyuKw6iZ2VmlOhr92Qt92XHw533j5Cd3meWxzDK0l
-Sk4PYZBn4D1y9yb2OHzONNQMlyThy+sLKp5pRf3FcTSbVxoI9Tr4vg/s1pbzhN/F
-Mjd8kMZMPvUyeT4t3WOEyF+lHPmgcMXLYSdisPV1dNo7x53LNp0+avur29x9Ljtb
-+U4s9S5/Oz5TXvxW3Lkyikw7hGkB82QxS3/TmxSthgx1Gz046uUY9eRd1wQlQKeX
-v6PKmXGnYSwoT6qBX6ohA2LXHPseQ6tRc0EkRH36NlugjuVNPCU03BF/9xSw55Dq
-EFH/KefH3X7KbUWqHUBeg1Q/74FLTHSUfpDZ45CfczciL7HRCWXbkLVPeP2I2SR2
-hyhUQ4i8ya+uZ3tS6LyMu3J3LCQCTYV3sNq0phub6su4yqXslDSns4uz6+LOHwNk
-zTZRJb/k/lDBBCzb2l7f
-=NjX9
-----END PGP SIGNATURE-----
--- a/l10n-66.0.1.tar.xz
+++ b/l10n-66.0.1.tar.xz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:0b6deba5a184f55aa6eceb6bafabb6ed9c40ae0395ad70ec53b0d48d3d6de959
+size 50124412
--- a/l10n-66.0.tar.xz
+++ b/l10n-66.0.tar.xz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:783874b8ba8eca7427f6a9c121296339785e42a766a54c5b07766500c18b1e4f
-size 50126040
--- a/source-stamp.txt
+++ b/source-stamp.txt
@ -1,2 +1,2 @@
-REV=164a57c0cdf0
+REV=662e97c69103
 REPO=http://hg.mozilla.org/releases/mozilla-release