From a4caa64ef939d7cbbe7c28cedc4a44205522b9bbef63a6e24773c9833077344e Mon Sep 17 00:00:00 2001
From: Wolfgang Rosenauer <wolfgang@rosenauer.org>
Date: Tue, 8 Mar 2016 22:37:32 +0000
Subject: [PATCH] - update to Firefox 45.0 (boo#969894)   * MFSA
 2016-16/CVE-2016-1952/CVE-2016-1953     Miscellaneous memory safety hazards  
 * MFSA 2016-17/CVE-2016-1954 (bmo#1243178)     Local file overwriting and
 potential privilege escalation through     CSP reports   * MFSA
 2016-18/CVE-2016-1955 (bmo#1208946)     CSP reports fail to strip location
 information for embedded iframe pages   * MFSA 2016-19/CVE-2016-1956
 (bmo#1199923)     Linux video memory DOS with Intel drivers   * MFSA
 2016-20/CVE-2016-1957 (bmo#1227052)     Memory leak in libstagefright when
 deleting an array during MP4     processing   * MFSA 2016-21/CVE-2016-1958
 (bmo#1228754)     Displayed page address can be overridden   * MFSA
 2016-22/CVE-2016-1959 (bmo#1234949)     Service Worker Manager out-of-bounds
 read in Service Worker Manager   * MFSA 2016-23/CVE-2016-1960/ZDI-CAN-3545
 (bmo#1246014)     Use-after-free in HTML5 string parser   * MFSA
 2016-24/CVE-2016-1961/ZDI-CAN-3574 (bmo#1249377)     Use-after-free in
 SetBody   * MFSA 2016-25/CVE-2016-1962 (bmo#1240760)     Use-after-free when
 using multiple WebRTC data channels   * MFSA 2016-26/CVE-2016-1963
 (bmo#1238440)     Memory corruption when modifying a file being read by
 FileReader   * MFSA 2016-27/CVE-2016-1964 (bmo#1243335)     Use-after-free
 during XML transformations   * MFSA 2016-28/CVE-2016-1965 (bmo#1245264)    
 Addressbar spoofing though history navigation and Location protocol    
 property

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=491
---
 MozillaFirefox.changes | 56 ++++++++++++++++++++++++++-
 firefox-kde.patch      | 87 +++++-------------------------------------
 2 files changed, 64 insertions(+), 79 deletions(-)

diff --git a/MozillaFirefox.changes b/MozillaFirefox.changes
index 13fc6c6..4f920d4 100644
--- a/MozillaFirefox.changes
+++ b/MozillaFirefox.changes
@@ -1,7 +1,7 @@
 -------------------------------------------------------------------
 Sun Mar  6 19:52:13 UTC 2016 - wr@rosenauer.org
 
-- update to Firefox 45.0
+- update to Firefox 45.0 (boo#969894)
   * requires NSPR 4.12 / NSS 3.21.1
   * Instant browser tab sharing through Hello
   * Synced Tabs button in button bar
@@ -10,6 +10,60 @@ Sun Mar  6 19:52:13 UTC 2016 - wr@rosenauer.org
   * Introduce a new preference (network.dns.blockDotOnion) to allow
     blocking .onion at the DNS level
   * Tab Groups (Panorama) feature removed
+  * MFSA 2016-16/CVE-2016-1952/CVE-2016-1953
+    Miscellaneous memory safety hazards
+  * MFSA 2016-17/CVE-2016-1954 (bmo#1243178)
+    Local file overwriting and potential privilege escalation through
+    CSP reports
+  * MFSA 2016-18/CVE-2016-1955 (bmo#1208946)
+    CSP reports fail to strip location information for embedded iframe pages
+  * MFSA 2016-19/CVE-2016-1956 (bmo#1199923)
+    Linux video memory DOS with Intel drivers
+  * MFSA 2016-20/CVE-2016-1957 (bmo#1227052)
+    Memory leak in libstagefright when deleting an array during MP4
+    processing
+  * MFSA 2016-21/CVE-2016-1958 (bmo#1228754)
+    Displayed page address can be overridden
+  * MFSA 2016-22/CVE-2016-1959 (bmo#1234949)
+    Service Worker Manager out-of-bounds read in Service Worker Manager
+  * MFSA 2016-23/CVE-2016-1960/ZDI-CAN-3545 (bmo#1246014)
+    Use-after-free in HTML5 string parser
+  * MFSA 2016-24/CVE-2016-1961/ZDI-CAN-3574 (bmo#1249377)
+    Use-after-free in SetBody
+  * MFSA 2016-25/CVE-2016-1962 (bmo#1240760)
+    Use-after-free when using multiple WebRTC data channels
+  * MFSA 2016-26/CVE-2016-1963 (bmo#1238440)
+    Memory corruption when modifying a file being read by FileReader
+  * MFSA 2016-27/CVE-2016-1964 (bmo#1243335)
+    Use-after-free during XML transformations
+  * MFSA 2016-28/CVE-2016-1965 (bmo#1245264)
+    Addressbar spoofing though history navigation and Location protocol
+    property
+  * MFSA 2016-29/CVE-2016-1967 (bmo#1246956)
+    Same-origin policy violation using perfomance.getEntries and
+    history navigation with session restore
+  * MFSA 2016-30/CVE-2016-1968 (bmo#1246742)
+    Buffer overflow in Brotli decompression
+  * MFSA 2016-31/CVE-2016-1966 (bmo#1246054)
+    Memory corruption with malicious NPAPI plugin
+  * MFSA 2016-32/CVE-2016-1970/CVE-2016-1971/CVE-2016-1975/
+    CVE-2016-1976/CVE-2016-1972
+    WebRTC and LibVPX vulnerabilities found through code inspection
+  * MFSA 2016-33/CVE-2016-1973 (bmo#1219339)
+    Use-after-free in GetStaticInstance in WebRTC
+  * MFSA 2016-34/CVE-2016-1974 (bmo#1228103)
+    Out-of-bounds read in HTML parser following a failed allocation
+  * MFSA 2016-35/CVE-2016-1950 (bmo#1245528)
+    Buffer overflow during ASN.1 decoding in NSS
+    (fixed by requiring 3.21.1)
+  * MFSA 2016-36/CVE-2016-1979 (bmo#1185033)
+    Use-after-free during processing of DER encoded keys in NSS
+    (fixed by requiring 3.21.1)
+  * MFSA 2016-37/CVE-2016-1977/CVE-2016-2790/CVE-2016-2791/
+    CVE-2016-2792/CVE-2016-2793/CVE-2016-2794/CVE-2016-2795/
+    CVE-2016-2796/CVE-2016-2797/CVE-2016-2798/CVE-2016-2799/
+    CVE-2016-2800/CVE-2016-2801/CVE-2016-2802
+    Font vulnerabilities in the Graphite 2 library
 
 -------------------------------------------------------------------
 Sat Mar  5 15:27:00 UTC 2016 - olaf@aepfle.de
diff --git a/firefox-kde.patch b/firefox-kde.patch
index 38865f4..cc19b79 100644
--- a/firefox-kde.patch
+++ b/firefox-kde.patch
@@ -1,11 +1,11 @@
 # HG changeset patch
-# Parent  816422471b9d80e8302d4347d32bc929d0c0dfe7
+# Parent  25d63ce139ad6e957d2565e3b83d01dfa36ea314
 
 diff --git a/browser/base/content/browser-kde.xul b/browser/base/content/browser-kde.xul
 new file mode 100644
 --- /dev/null
 +++ b/browser/base/content/browser-kde.xul
-@@ -0,0 +1,1250 @@
+@@ -0,0 +1,1181 @@
 +#filter substitution
 +<?xml version="1.0"?>
 +# -*- Mode: HTML -*-
@@ -99,15 +99,6 @@ new file mode 100644
 +      <menuitem id="context_unpinTab" label="&unpinTab.label;" hidden="true"
 +                accesskey="&unpinTab.accesskey;"
 +                oncommand="gBrowser.unpinTab(TabContextMenu.contextTab);"/>
-+      <menu id="context_tabViewMenu" label="&moveToGroup.label;"
-+            accesskey="&moveToGroup.accesskey;">
-+        <menupopup id="context_tabViewMenuPopup"
-+                   onpopupshowing="if (event.target == this) TabView.moveToGroupPopupShowing(event);">
-+          <menuseparator id="context_tabViewNamedGroups" hidden="true"/>
-+          <menuitem id="context_tabViewNewGroup" label="&moveToNewGroup.label;"
-+                    oncommand="TabView.moveTabTo(TabContextMenu.contextTab, null);"/>
-+        </menupopup>
-+      </menu>
 +      <menuitem id="context_openTabInWindow" label="&moveToNewWindow.label;"
 +                accesskey="&moveToNewWindow.accesskey;"
 +                tbattr="tabbrowser-multiple"
@@ -127,7 +118,7 @@ new file mode 100644
 +                accesskey="&bookmarkAllTabs.accesskey;"
 +                command="Browser:BookmarkAllTabs"/>
 +      <menuitem id="context_closeTabsToTheEnd" label="&closeTabsToTheEnd.label;" accesskey="&closeTabsToTheEnd.accesskey;"
-+                oncommand="gBrowser.removeTabsToTheEndFrom(TabContextMenu.contextTab);"/>
++                oncommand="gBrowser.removeTabsToTheEndFrom(TabContextMenu.contextTab, {animate: true});"/>
 +      <menuitem id="context_closeOtherTabs" label="&closeOtherTabs.label;" accesskey="&closeOtherTabs.accesskey;"
 +                oncommand="gBrowser.removeAllTabsBut(TabContextMenu.contextTab);"/>
 +      <menuseparator/>
@@ -269,14 +260,6 @@ new file mode 100644
 +      <box id="UITourHighlight"></box>
 +    </panel>
 +
-+    <panel id="abouthome-search-panel" orient="vertical" type="arrow" hidden="true"
-+           onclick="this.hidePopup()">
-+      <hbox id="abouthome-search-panel-manage"
-+            onclick="openPreferences('paneSearch')">
-+        <label>&changeSearchSettings.button;</label>
-+      </hbox>
-+    </panel>
-+
 +    <panel id="social-share-panel"
 +           class="social-panel"
 +           type="arrow"
@@ -327,26 +310,6 @@ new file mode 100644
 +           orient="horizontal"
 +           hidden="true"/>
 +
-+    <menupopup id="processHangOptions"
-+               onpopupshowing="ProcessHangMonitor.refreshMenu(window);">
-+      <menuitem id="processHangTerminateScript"
-+                oncommand="ProcessHangMonitor.terminateScript(window)"
-+                accesskey="&processHang.terminateScript.accessKey;"
-+                label="&processHang.terminateScript.label;"/>
-+      <menuitem id="processHangDebugScript"
-+                oncommand="ProcessHangMonitor.debugScript(window)"
-+                accesskey="&processHang.debugScript.accessKey;"
-+                label="&processHang.debugScript.label;"/>
-+      <menuitem id="processHangTerminatePlugin"
-+                oncommand="ProcessHangMonitor.terminatePlugin(window)"
-+                accesskey="&processHang.terminatePlugin.accessKey;"
-+                label="&processHang.terminatePlugin.label;"/>
-+      <menuitem id="processHangTerminateProcess"
-+                oncommand="ProcessHangMonitor.terminateProcess(window)"
-+                accesskey="&processHang.terminateProcess.accessKey;"
-+                label="&processHang.terminateProcess.label;"/>
-+    </menupopup>
-+
 +    <menupopup id="toolbar-context-menu"
 +               onpopupshowing="onViewToolbarsPopupShowing(event, document.getElementById('viewToolbarsMenuSeparator'));">
 +      <menuitem oncommand="gCustomizeMode.addToPanel(document.popupNode)"
@@ -508,17 +471,6 @@ new file mode 100644
 +
 +    <tooltip id="dynamic-shortcut-tooltip"
 +             onpopupshowing="UpdateDynamicShortcutTooltipText(this);"/>
-+
-+    <menupopup id="emeNotificationsPopup">
-+      <menuitem id="emeNotificationsNotNow"
-+                label="&emeNotificationsNotNow.label;"
-+                acceskey="&emeNotificationsNotNow.accesskey;"
-+                oncommand="gEMEHandler.onNotNow(this);"/>
-+      <menuitem id="emeNotificationsDontAskAgain"
-+                label="&emeNotificationsDontAskAgain.label;"
-+                acceskey="&emeNotificationsDontAskAgain.accesskey;"
-+                oncommand="gEMEHandler.onDontAskAgain(this);"/>
-+    </menupopup>
 +  </popupset>
 +
 +#ifdef CAN_DRAW_IN_TITLEBAR
@@ -626,12 +578,6 @@ new file mode 100644
 +                     removable="false">
 +        <menupopup id="alltabs-popup"
 +                   position="after_end">
-+          <menuitem id="menu_tabview"
-+                    class="menuitem-iconic"
-+                    key="key_tabview"
-+                    label="&viewTabGroups.label;"
-+                    command="Browser:ToggleTabView"
-+                    observes="tabviewGroupsNumber"/>
 +          <menuitem id="alltabs_undoCloseTab"
 +                    class="menuitem-iconic"
 +                    key="key_undoCloseTab"
@@ -740,7 +686,7 @@ new file mode 100644
 +                <image id="plugins-notification-icon" class="notification-anchor-icon" role="button"
 +                       aria-label="&urlbar.pluginsNotificationAnchor.label;"/>
 +                <image id="web-notifications-notification-icon" class="notification-anchor-icon" role="button"
-+                       aria-label="&urlbar.webNotsNotificationAnchor.label;"/>
++                       aria-label="&urlbar.webNotsNotificationAnchor3.label;"/>
 +                <image id="webRTC-shareDevices-notification-icon" class="notification-anchor-icon" role="button"
 +                       aria-label="&urlbar.webRTCShareDevicesNotificationAnchor.label;"/>
 +                <image id="webRTC-sharingDevices-notification-icon" class="notification-anchor-icon" role="button"
@@ -774,13 +720,11 @@ new file mode 100644
 +                   onclick="gIdentityHandler.handleIdentityButtonEvent(event);"
 +                   onkeypress="gIdentityHandler.handleIdentityButtonEvent(event);"
 +                   ondragstart="gIdentityHandler.onDragStart(event);">
-+                <hbox id="identity-icons"
-+                      consumeanchor="identity-box">
-+                  <image id="tracking-protection-icon"/>
-+                  <image id="page-proxy-favicon"
-+                         onclick="PageProxyClickHandler(event);"
-+                         pageproxystate="invalid"/>
-+                </hbox>
++                <image id="identity-icon"
++                       consumeanchor="identity-box"
++                       onclick="PageProxyClickHandler(event);"/>
++                <image id="tracking-protection-icon"/>
++                <image id="connection-icon"/>
 +                <hbox id="identity-icon-labels">
 +                  <label id="identity-icon-label" class="plain" flex="1"/>
 +                  <label id="identity-icon-country-label" class="plain"/>
@@ -1091,19 +1035,6 @@ new file mode 100644
 +                     type="checkbox"
 +                     label="&fullScreenCmd.label;"
 +                     tooltip="dynamic-shortcut-tooltip"/>
-+
-+#ifdef MOZ_SERVICES_SYNC
-+      <toolbarbutton id="sync-button"
-+                     class="toolbarbutton-1 chromeclass-toolbar-additional"
-+                     label="&syncToolbarButton.label;"
-+                     oncommand="gSyncUI.handleToolbarButton()"/>
-+#endif
-+
-+      <toolbarbutton id="tabview-button" class="toolbarbutton-1 chromeclass-toolbar-additional"
-+                     label="&tabGroupsButton.label;"
-+                     command="Browser:ToggleTabView"
-+                     tooltip="dynamic-shortcut-tooltip"
-+                     observes="tabviewGroupsNumber"/>
 +    </toolbarpalette>
 +  </toolbox>
 +