Accepting request 314952 from mozilla:Factory

- update to Firefox 39.0 (bnc#935979) * Share Hello URLs with social networks * Support for 'switch' role in ARIA 1.1 (web accessibility) * SafeBrowsing malware detection lookups enabled for downloads (Mac OS X and Linux) * Support for new Unicode 8.0 skin tone emoji * Removed support for insecure SSLv3 for network communications * Disable use of RC4 except for temporarily whitelisted hosts * NPAPI Plug-in performance improved via asynchronous initialization security fixes: * MFSA 2015-59/CVE-2015-2724/CVE-2015-2725/CVE-2015-2726 Miscellaneous memory safety hazards * MFSA 2015-60/CVE-2015-2727 (bmo#1163422) Local files or privileged URLs in pages can be opened into new tabs * MFSA 2015-61/CVE-2015-2728 (bmo#1142210) Type confusion in Indexed Database Manager * MFSA 2015-62/CVE-2015-2729 (bmo#1122218) Out-of-bound read while computing an oscillator rendering range in Web Audio * MFSA 2015-63/CVE-2015-2731 (bmo#1149891) Use-after-free in Content Policy due to microtask execution error * MFSA 2015-64/CVE-2015-2730 (bmo#1125025) ECDSA signature validation fails to handle some signatures correctly (this fix is shipped by NSS 3.19.1 externally) * MFSA 2015-65/CVE-2015-2722/CVE-2015-2733 (bmo#1166924, bmo#1169867) Use-after-free in workers while using XMLHttpRequest * MFSA 2015-66/CVE-2015-2734/CVE-2015-2735/CVE-2015-2736/CVE-2015-2737 CVE-2015-2738/CVE-2015-2739/CVE-2015-2740 Vulnerabilities found through code inspection * MFSA 2015-67/CVE-2015-2741 (bmo#1147497) Key pinning is ignored when overridable errors are encountered OBS-URL: https://build.opensuse.org/request/show/314952 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaFirefox?expand=0&rev=215
2015-07-16 15:13:07 +00:00 · 2015-07-16 15:13:07 +00:00 · 812ef51b9d
commit 812ef51b9d
parent 060e998d19 ea519de414
13 changed files with 102 additions and 87 deletions
--- a/MozillaFirefox.changes
+++ b/MozillaFirefox.changes
@ -1,3 +1,57 @@
+-------------------------------------------------------------------
+Wed Jul  1 06:43:02 UTC 2015 - wr@rosenauer.org
+
+- update to Firefox 39.0 (bnc#935979)
+  * Share Hello URLs with social networks
+  * Support for 'switch' role in ARIA 1.1 (web accessibility)
+  * SafeBrowsing malware detection lookups enabled for downloads
+    (Mac OS X and Linux)
+  * Support for new Unicode 8.0 skin tone emoji
+  * Removed support for insecure SSLv3 for network communications
+  * Disable use of RC4 except for temporarily whitelisted hosts
+  * NPAPI Plug-in performance improved via asynchronous initialization
+  security fixes:
+  * MFSA 2015-59/CVE-2015-2724/CVE-2015-2725/CVE-2015-2726
+    Miscellaneous memory safety hazards
+  * MFSA 2015-60/CVE-2015-2727 (bmo#1163422)
+    Local files or privileged URLs in pages can be opened into new tabs
+  * MFSA 2015-61/CVE-2015-2728 (bmo#1142210)
+    Type confusion in Indexed Database Manager
+  * MFSA 2015-62/CVE-2015-2729 (bmo#1122218)
+    Out-of-bound read while computing an oscillator rendering range in Web Audio
+  * MFSA 2015-63/CVE-2015-2731 (bmo#1149891)
+    Use-after-free in Content Policy due to microtask execution error
+  * MFSA 2015-64/CVE-2015-2730 (bmo#1125025)
+    ECDSA signature validation fails to handle some signatures correctly
+    (this fix is shipped by NSS 3.19.1 externally)
+  * MFSA 2015-65/CVE-2015-2722/CVE-2015-2733 (bmo#1166924, bmo#1169867)
+    Use-after-free in workers while using XMLHttpRequest
+  * MFSA 2015-66/CVE-2015-2734/CVE-2015-2735/CVE-2015-2736/CVE-2015-2737
+    CVE-2015-2738/CVE-2015-2739/CVE-2015-2740
+    Vulnerabilities found through code inspection
+  * MFSA 2015-67/CVE-2015-2741 (bmo#1147497)
+    Key pinning is ignored when overridable errors are encountered
+  * MFSA 2015-68/CVE-2015-2742 (bmo#1138669)
+    OS X crash reports may contain entered key press information
+    (not relevant under Linux)
+  * MFSA 2015-69/CVE-2015-2743 (bmo#1163109)
+    Privilege escalation in PDF.js
+  * MFSA 2015-70/CVE-2015-4000 (bmo#1138554)
+    NSS accepts export-length DHE keys with regular DHE cipher suites
+    (this fix is shipped by NSS 3.19.1 externally)
+  * MFSA 2015-71/CVE-2015-2721 (bmo#1086145)
+    NSS incorrectly permits skipping of ServerKeyExchange
+    (this fix is shipped by NSS 3.19.1 externally)
+- dropped mozilla-prefer_plugin_pref.patch as this feature is
+  likely not worth maintaining further
+- rebased patches
+- require NSS 3.19.2
+
+-------------------------------------------------------------------
+Thu Jun 18 10:30:18 UTC 2015 - schwab@suse.de
+
+- mozilla-arm64-libjpeg-turbo.patch: fix libjpeg-turbo configuration
+
 -------------------------------------------------------------------
 Sun Jun  7 07:09:12 UTC 2015 - wr@rosenauer.org

--- a/MozillaFirefox.spec
+++ b/MozillaFirefox.spec
@ -18,10 +18,10 @@


 # changed with every update
-%define major 38
-%define mainver %major.0.6
+%define major 39
+%define mainver %major.0
 %define update_channel release
-%define releasedate 2015060500
+%define releasedate 2015063000

 # general build definitions
 %if "%{update_channel}" != "aurora"
@ -77,7 +77,7 @@ BuildRequires:  libnotify-devel
 BuildRequires:  libproxy-devel
 BuildRequires:  makeinfo
 BuildRequires:  mozilla-nspr-devel >= 4.10.8
-BuildRequires:  mozilla-nss-devel >= 3.18.1
+BuildRequires:  mozilla-nss-devel >= 3.19.2
 BuildRequires:  nss-shared-helper-devel
 BuildRequires:  python-devel
 BuildRequires:  startup-notification-devel
@ -135,7 +135,6 @@ Source16:       MozillaFirefox.changes
 # Gecko/Toolkit
 Patch1:         toolkit-download-folder.patch
 Patch2:         mozilla-nongnome-proxies.patch
-Patch3:         mozilla-prefer_plugin_pref.patch
 Patch4:         mozilla-shared-nss-db.patch
 Patch5:         mozilla-kde.patch
 Patch6:         mozilla-preferences.patch
@ -148,6 +147,7 @@ Patch12:        mozilla-openaes-decl.patch
 Patch14:        mozilla-skia-be-le.patch
 Patch15:        mozilla-bmo1005535.patch
 Patch16:        mozilla-add-glibcxx_use_cxx11_abi.patch
+Patch17:        mozilla-arm64-libjpeg-turbo.patch
 # Firefox/browser
 Patch101:       firefox-kde.patch
 Patch102:       firefox-no-default-ualocale.patch
@ -250,7 +250,6 @@ symbols meant for upload to Mozilla's crash collector database.
 cd $RPM_BUILD_DIR/mozilla
 %patch1 -p1
 %patch2 -p1
-%patch3 -p1
 %patch4 -p1
 %patch5 -p1
 %patch6 -p1
@ -263,6 +262,7 @@ cd $RPM_BUILD_DIR/mozilla
 %patch14 -p1
 %patch15 -p1
 %patch16 -p1
+%patch17 -p1
 # Firefox
 %patch101 -p1
 %patch102 -p1
--- a/compare-locales.tar.xz
+++ b/compare-locales.tar.xz
@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:0cbb10f35168010d25744cee97c8cebfa0346f6fbd864b54b28e8be0cdc2c6f8
-size 28472
+oid sha256:7d81026bcb6180f233d685249992000512792b599de71e85b15f2a4319706b7e
+size 28448
--- a/create-tar.sh
+++ b/create-tar.sh
@ -2,8 +2,8 @@

 CHANNEL="release"
 BRANCH="releases/mozilla-$CHANNEL"
-RELEASE_TAG="FIREFOX_38_0_6_RELEASE"
-VERSION="38.0.6"
+RELEASE_TAG="FIREFOX_39_0_RELEASE"
+VERSION="39.0"

 # mozilla
 if [ -d mozilla ]; then
--- a/firefox-38.0.6-source.tar.xz
+++ b/firefox-38.0.6-source.tar.xz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:cbd312631111b1cbee2b503161e8244849d5cdd613904fd9b6cd3ee66532e9b1
-size 155466612
--- a/firefox-39.0-source.tar.xz
+++ b/firefox-39.0-source.tar.xz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:b0c4457706a43832e166902a53cb61531fc446a5039c41d051e4b989817da101
+size 156760208
--- a/firefox-kde.patch
+++ b/firefox-kde.patch
@ -1,11 +1,11 @@
 # HG changeset patch
-# Parent  14be97741eabce611c291418a4c1774cae8b29ff
+# Parent  cd94ee18bd0cdda7f5eb5503d8d072efe02a8033

 diff --git a/browser/base/content/browser-kde.xul b/browser/base/content/browser-kde.xul
 new file mode 100644
 --- /dev/null
 +++ b/browser/base/content/browser-kde.xul
-@@ -0,0 +1,1311 @@
+@@ -0,0 +1,1308 @@
 +#filter substitution
 +<?xml version="1.0"?>
 +# -*- Mode: HTML -*-
@ -669,7 +669,7 @@ new file mode 100644
 +            setfocus="false"
 +            tooltip="tabbrowser-tab-tooltip"
 +            stopwatchid="FX_TAB_CLICK_MS">
-+        <tab class="tabbrowser-tab" selected="true" fadein="true"/>
+        <tab class="tabbrowser-tab" selected="true" visuallyselected="true" fadein="true"/>
 +      </tabs>
 +
 +      <toolbarbutton id="new-tab-button"
@ -1313,9 +1313,6 @@ new file mode 100644
 +#     starting with an empty iframe here in browser.xul from a Ts standpoint.
 +</deck>
 +
-+<script type="application/javascript" src="chrome://browser/content/pocket/pktApi.js"/>
-+<script type="application/javascript" src="chrome://browser/content/pocket/main.js"/>
-+
 +</window>
 diff --git a/browser/base/content/browser.xul b/browser/base/content/browser.xul
 --- a/browser/base/content/browser.xul
--- a/l10n-38.0.6.tar.xz
+++ b/l10n-38.0.6.tar.xz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:feb36822b5fe564a6386b5c6cb94f1f6c2ae26b4248118e05d949eea354c1577
-size 42055888
--- a/l10n-39.0.tar.xz
+++ b/l10n-39.0.tar.xz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:00ffedb90fe76f706bef76208716a5350c3f10e4c8aa5a1608e5f43fb361c69b
+size 42221112
--- a/mozilla-arm64-libjpeg-turbo.patch
+++ b/mozilla-arm64-libjpeg-turbo.patch
@ -0,0 +1,22 @@
+Index: mozilla/configure.in
+===================================================================
+--- mozilla.orig/configure.in
+++ mozilla/configure.in
+@@ -6241,7 +6241,7 @@ fi
+ 
+ dnl If we're on an ARM system which supports libjpeg-turbo's asm routines and
+ dnl --disable-libjpeg-turbo wasn't passed, use the C compiler as the assembler.
+-if test -n "$LIBJPEG_TURBO_ARM_ASM" ; then
+if test -n "$LIBJPEG_TURBO_ARM_ASM" -o -n "$LIBJPEG_TURBO_ARM64_ASM" ; then
+     echo "Using $AS as the assembler for ARM code."
+     LIBJPEG_TURBO_AS=$AS
+ fi
+@@ -6252,6 +6252,8 @@ elif test -n "$LIBJPEG_TURBO_X64_ASM"; t
+     AC_DEFINE(LIBJPEG_TURBO_X64_ASM)
+ elif test -n "$LIBJPEG_TURBO_ARM_ASM"; then
+     AC_DEFINE(LIBJPEG_TURBO_ARM_ASM)
+elif test -n "$LIBJPEG_TURBO_ARM64_ASM"; then
+    AC_DEFINE(LIBJPEG_TURBO_ARM64_ASM)
+ elif test -n "$MOZ_LIBJPEG_TURBO"; then
+     dnl Warn if we're not building the optimized routines, even though the user
+     dnl didn't specify --disable-libjpeg-turbo.
--- a/mozilla-prefer_plugin_pref.patch
+++ b/mozilla-prefer_plugin_pref.patch
@ -1,58 +0,0 @@
-From: Ubuntu
-Subject: introduce a pref to prefer certain plugins for mime-types
-
-diff --git a/dom/plugins/base/nsPluginHost.cpp b/dom/plugins/base/nsPluginHost.cpp
--- a/dom/plugins/base/nsPluginHost.cpp
-+++ b/dom/plugins/base/nsPluginHost.cpp
-@@ -1334,17 +1334,51 @@ nsPluginHost::FindPluginForType(const ch
-   if (!aMimeType) {
-     return nullptr;
-   }
- 
-   LoadPlugins();
- 
-   InfallibleTArray<nsPluginTag*> matchingPlugins;
- 
-+  char *preferredPluginPath = nullptr;
-+  nsAutoCString mimetypePrefString ("modules.plugins.mimetype.");
-+  mimetypePrefString.Append(aMimeType);
-+  const char *mimetypePrefChar = mimetypePrefString.get();
-+  nsAdoptingCString pluginPath = Preferences::GetCString(mimetypePrefChar);
-+  preferredPluginPath = (char*) pluginPath.get();
-+
-   nsPluginTag *plugin = mPlugins;
-+
-+  if(preferredPluginPath) {
-+    while (plugin) {
-+      if (!aCheckEnabled || plugin->IsEnabled()) {
-+        if (0 == PL_strcasecmp(plugin->mFileName.get(), preferredPluginPath) ||
-+            0 == PL_strcasecmp(plugin->mFullPath.get(), preferredPluginPath)) {
-+          matchingPlugins.AppendElement(plugin);
-+        }
-+      }
-+      plugin = plugin->mNext;
-+    }
-+
-+    // now lets search for substrings
-+    plugin = mPlugins;
-+    while (plugin) {
-+      if (!aCheckEnabled || plugin->IsEnabled()) {
-+        if (nullptr != PL_strstr(plugin->mFileName.get(), preferredPluginPath) ||
-+            nullptr != PL_strstr(plugin->mFullPath.get(), preferredPluginPath)) {
-+          matchingPlugins.AppendElement(plugin);
-+        }
-+      }
-+      plugin = plugin->mNext;
-+    }
-+
-+    return FindPreferredPlugin(matchingPlugins);
-+  }
-+
-   while (plugin) {
-     if (!aCheckEnabled || plugin->IsActive()) {
-       int32_t mimeCount = plugin->mMimeTypes.Length();
-       for (int32_t i = 0; i < mimeCount; i++) {
-         if (0 == PL_strcasecmp(plugin->mMimeTypes[i].get(), aMimeType)) {
-           matchingPlugins.AppendElement(plugin);
-           break;
-         }
--- a/mozilla-shared-nss-db.patch
+++ b/mozilla-shared-nss-db.patch
@ -7,7 +7,7 @@ References:
 diff --git a/configure.in b/configure.in
 --- a/configure.in
 +++ b/configure.in
-@@ -8207,16 +8207,31 @@ if test "$MOZ_ENABLE_SKIA"; then
+@@ -8247,16 +8247,31 @@ if test "$MOZ_ENABLE_SKIA"; then
     MOZ_ENABLE_SKIA_GPU=1
     AC_DEFINE(USE_SKIA_GPU)
     AC_SUBST(MOZ_ENABLE_SKIA_GPU)
@ -42,9 +42,9 @@ diff --git a/configure.in b/configure.in
 diff --git a/security/manager/ssl/src/moz.build b/security/manager/ssl/src/moz.build
 --- a/security/manager/ssl/src/moz.build
 +++ b/security/manager/ssl/src/moz.build
-@@ -77,16 +77,19 @@ SOURCES += [
-     'nsNSSVersion.cpp',
-     'PSMContentListener.cpp',
+@@ -74,16 +74,19 @@ UNIFIED_SOURCES += [
+ SOURCES += [
+     'nsNSSCertificateDB.cpp',
 ]
 
 LOCAL_INCLUDES += [
@ -87,7 +87,7 @@ diff --git a/security/manager/ssl/src/nsNSSComponent.cpp b/security/manager/ssl/
 #include "nsAppDirectoryServiceDefs.h"
 #include "nsCertVerificationThread.h"
 #include "nsAppDirectoryServiceDefs.h"
-@@ -996,17 +1003,31 @@ nsNSSComponent::InitializeNSS()
+@@ -997,17 +1004,31 @@ nsNSSComponent::InitializeNSS()
   if (NS_FAILED(rv)) {
     nsPSMInitPanic::SetPanic();
     return NS_ERROR_NOT_AVAILABLE;
@ -123,7 +123,7 @@ diff --git a/security/manager/ssl/src/nsNSSComponent.cpp b/security/manager/ssl/
 diff --git a/toolkit/library/moz.build b/toolkit/library/moz.build
 --- a/toolkit/library/moz.build
 +++ b/toolkit/library/moz.build
-@@ -208,16 +208,18 @@ if CONFIG['MOZ_B2G_CAMERA']:
+@@ -207,16 +207,18 @@ if CONFIG['MOZ_B2G_CAMERA'] and CONFIG['
         'stagefright_omx',
     ]
 
--- a/source-stamp.txt
+++ b/source-stamp.txt
@ -1,2 +1,2 @@
-REV=76f8f33b6577
+REV=d3b3e57e8088
 REPO=http://hg.mozilla.org/releases/mozilla-release