- update to Firefox 38.0.1

stability and regression fixes
  * Systems with first generation NVidia Optimus graphics cards
    may crash on start-up
  * Users who import cookies from Google Chrome can end up with
    broken websites
  * Large animated images may fail to play and may stop other
    images from loading
- update to Firefox 38.0 (bnc#930622)
  * New tab-based preferences
  * Ruby annotation support
  * more info: https://www.mozilla.org/en-US/firefox/38.0/releasenotes/
  security fixes:
  * MFSA 2015-46/CVE-2015-2708/CVE-2015-2709
    Miscellaneous memory safety hazards
  * MFSA 2015-47/VE-2015-0797 (bmo#1080995)
    Buffer overflow parsing H.264 video with Linux Gstreamer
  * MFSA 2015-48/CVE-2015-2710 (bmo#1149542)
    Buffer overflow with SVG content and CSS
  * MFSA 2015-49/CVE-2015-2711 (bmo#1113431)
    Referrer policy ignored when links opened by middle-click and
    context menu
  * MFSA 2015-50/CVE-2015-2712 (bmo#1152280)
    Out-of-bounds read and write in asm.js validation
  * MFSA 2015-51/CVE-2015-2713 (bmo#1153478)
    Use-after-free during text processing with vertical text enabled
  * MFSA 2015-53/CVE-2015-2715 (bmo#988698)
    Use-after-free due to Media Decoder Thread creation during shutdown
  * MFSA 2015-54/CVE-2015-2716 (bmo#1140537)
    Buffer overflow when parsing compressed XML

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=441

MozillaFirefox.changes

@@ -1,7 +1,48 @@
+-------------------------------------------------------------------
+Fri May 15 07:37:46 UTC 2015 - wr@rosenauer.org
+
+- update to Firefox 38.0.1
+  stability and regression fixes
+  * Systems with first generation NVidia Optimus graphics cards
+    may crash on start-up
+  * Users who import cookies from Google Chrome can end up with
+    broken websites
+  * Large animated images may fail to play and may stop other
+    images from loading
+
 -------------------------------------------------------------------
 Sun May 10 07:07:49 UTC 2015 - wr@rosenauer.org
 
-- update to Firefox 38.0 (bnc#)
+- update to Firefox 38.0 (bnc#930622)
+  * New tab-based preferences
+  * Ruby annotation support
+  * more info: https://www.mozilla.org/en-US/firefox/38.0/releasenotes/
+  security fixes:
+  * MFSA 2015-46/CVE-2015-2708/CVE-2015-2709
+    Miscellaneous memory safety hazards
+  * MFSA 2015-47/VE-2015-0797 (bmo#1080995)
+    Buffer overflow parsing H.264 video with Linux Gstreamer
+  * MFSA 2015-48/CVE-2015-2710 (bmo#1149542)
+    Buffer overflow with SVG content and CSS
+  * MFSA 2015-49/CVE-2015-2711 (bmo#1113431)
+    Referrer policy ignored when links opened by middle-click and
+    context menu
+  * MFSA 2015-50/CVE-2015-2712 (bmo#1152280)
+    Out-of-bounds read and write in asm.js validation
+  * MFSA 2015-51/CVE-2015-2713 (bmo#1153478)
+    Use-after-free during text processing with vertical text enabled
+  * MFSA 2015-53/CVE-2015-2715 (bmo#988698)
+    Use-after-free due to Media Decoder Thread creation during shutdown
+  * MFSA 2015-54/CVE-2015-2716 (bmo#1140537)
+    Buffer overflow when parsing compressed XML
+  * MFSA 2015-55/CVE-2015-2717 (bmo#1154683)
+    Buffer overflow and out-of-bounds read while parsing MP4 video
+    metadata
+  * MFSA 2015-56/CVE-2015-2718 (bmo#1146724)
+    Untrusted site hosting trusted page can intercept webchannel
+    responses
+  * MFSA 2015-57/CVE-2011-3079 (bmo#1087565)
+    Privilege escalation through IPC channel messages
 - requires NSS 3.18.1
 - removed obsolete patches:
   * mozilla-skia-bmo1136958.patch

MozillaFirefox.spec

@@ -19,9 +19,9 @@
 
 # changed with every update
 %define major 38
-%define mainver %major.0
+%define mainver %major.0.1
 %define update_channel release
-%define releasedate 2015050900
+%define releasedate 2015051400
 
 # general build definitions
 %if "%{update_channel}" != "aurora"

compare-locales.tar.xz

@@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:ef59c69e2e03697acc6593656ad5b7fd7c9da33cb4fd3abbe3da42b43f6dad02
+oid sha256:554dc858bdf51da453d404a4db1f63ae13b66bc293794e5b5d9f1ae705430c5c
 size 28424

create-tar.sh

@@ -2,8 +2,8 @@
 
 CHANNEL="release"
 BRANCH="releases/mozilla-$CHANNEL"
-RELEASE_TAG="FIREFOX_38_0_RELEASE"
-VERSION="38.0"
+RELEASE_TAG="FIREFOX_38_0_1_RELEASE"
+VERSION="38.0.1"
 
 # mozilla
 if [ -d mozilla ]; then

firefox-38.0-source.tar.xz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:07d6e4ed2e1fb8c74fa0c181e58d797a1a6007e6e2c932d941555423606d08cf
-size 154668044

firefox-38.0.1-source.tar.xz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:35ce3a749708d48f503ed98e279ca84cebf8d14cd34a168d41974d0c559799ce
+size 154301356

l10n-38.0.1.tar.xz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:07054adb03febcc11451f523916c94dbb35f0d3a1e819869bf639e3f38f87664
+size 42023448

l10n-38.0.tar.xz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:73b39fcfb76f1fa51f2d8297b7f028a971b9d993d9513efb83ce9af53d209be0
-size 42048468

source-stamp.txt

@@ -1,2 +1,2 @@
-REV=4c4dc6640c7e
+REV=62bee8cdd19f
 REPO=http://hg.mozilla.org/releases/mozilla-release