From b7e1035064474ce67c2068e4428de2d3b1fa341329dec679241e1800af41ba66 Mon Sep 17 00:00:00 2001
From: Wolfgang Rosenauer <wolfgang@rosenauer.org>
Date: Tue, 8 Aug 2017 19:59:47 +0000
Subject: [PATCH] - update to Firefox 52.3esr (boo#1052829)   MFSA 2017-19   *
 CVE-2017-7798 (bmo#1371586, bmo#1372112)     XUL injection in the style
 editor in devtools   * CVE-2017-7800 (bmo#1374047)     Use-after-free in
 WebSockets during disconnection   * CVE-2017-7801 (bmo#1371259)    
 Use-after-free with marquee during window resizing   * CVE-2017-7784
 (bmo#1376087)     Use-after-free with image observers   * CVE-2017-7802
 (bmo#1378147)     Use-after-free resizing image elements   * CVE-2017-7785
 (bmo#1356985)     Buffer overflow manipulating ARIA attributes in DOM   *
 CVE-2017-7786 (bmo#1365189)     Buffer overflow while painting
 non-displayable SVG   * CVE-2017-7753 (bmo#1353312)     Out-of-bounds read
 with cached style data and pseudo-elements#   * CVE-2017-7787 (bmo#1322896)  
   Same-origin policy bypass with iframes through page reloads   *
 CVE-2017-7807 (bmo#1376459)     Domain hijacking through AppCache fallback  
 * CVE-2017-7792 (bmo#1368652)     Buffer overflow viewing certificates with
 an extremely long OID   * CVE-2017-7804 (bmo#1372849)     Memory protection
 bypass through WindowsDllDetourPatcher   * CVE-2017-7791 (bmo#1365875)    
 Spoofing following page navigation with data: protocol and modal alerts   *
 CVE-2017-7782 (bmo#1344034)     WindowsDllDetourPatcher allocates memory
 without DEP protections

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=598
---
 MozillaFirefox.changes       | 38 ++++++++++++++++++++++++++++++++++++
 MozillaFirefox.spec          |  4 ++--
 compare-locales.tar.xz       |  4 ++--
 create-tar.sh                |  4 ++--
 firefox-52.2.1-source.tar.xz |  3 ---
 firefox-52.3.0-source.tar.xz |  3 +++
 l10n-52.2.1.tar.xz           |  3 ---
 l10n-52.3.0.tar.xz           |  3 +++
 source-stamp.txt             |  2 +-
 9 files changed, 51 insertions(+), 13 deletions(-)
 delete mode 100644 firefox-52.2.1-source.tar.xz
 create mode 100644 firefox-52.3.0-source.tar.xz
 delete mode 100644 l10n-52.2.1.tar.xz
 create mode 100644 l10n-52.3.0.tar.xz

diff --git a/MozillaFirefox.changes b/MozillaFirefox.changes
index 4b8eb3c7..78a6dcb4 100644
--- a/MozillaFirefox.changes
+++ b/MozillaFirefox.changes
@@ -1,3 +1,41 @@
+-------------------------------------------------------------------
+Tue Aug  8 18:13:34 UTC 2017 - wr@rosenauer.org
+
+- update to Firefox 52.3esr (boo#1052829)
+  MFSA 2017-19
+  * CVE-2017-7798 (bmo#1371586, bmo#1372112)
+    XUL injection in the style editor in devtools
+  * CVE-2017-7800 (bmo#1374047)
+    Use-after-free in WebSockets during disconnection
+  * CVE-2017-7801 (bmo#1371259)
+    Use-after-free with marquee during window resizing
+  * CVE-2017-7784 (bmo#1376087)
+    Use-after-free with image observers
+  * CVE-2017-7802 (bmo#1378147)
+    Use-after-free resizing image elements
+  * CVE-2017-7785 (bmo#1356985)
+    Buffer overflow manipulating ARIA attributes in DOM
+  * CVE-2017-7786 (bmo#1365189)
+    Buffer overflow while painting non-displayable SVG
+  * CVE-2017-7753 (bmo#1353312)
+    Out-of-bounds read with cached style data and pseudo-elements#
+  * CVE-2017-7787 (bmo#1322896)
+    Same-origin policy bypass with iframes through page reloads
+  * CVE-2017-7807 (bmo#1376459)
+    Domain hijacking through AppCache fallback
+  * CVE-2017-7792 (bmo#1368652)
+    Buffer overflow viewing certificates with an extremely long OID
+  * CVE-2017-7804 (bmo#1372849)
+    Memory protection bypass through WindowsDllDetourPatcher
+  * CVE-2017-7791 (bmo#1365875)
+    Spoofing following page navigation with data: protocol and modal alerts
+  * CVE-2017-7782 (bmo#1344034)
+    WindowsDllDetourPatcher allocates memory without DEP protections
+  * CVE-2017-7803 (bmo#1377426)
+    CSP containing 'sandbox' improperly applied
+  * CVE-2017-7779
+    Memory safety bugs fixed in Firefox 55 and Firefox ESR 52.3
+
 -------------------------------------------------------------------
 Wed Jul  5 07:26:32 UTC 2017 - astieger@suse.com
 
diff --git a/MozillaFirefox.spec b/MozillaFirefox.spec
index bec71f57..764c651a 100644
--- a/MozillaFirefox.spec
+++ b/MozillaFirefox.spec
@@ -19,9 +19,9 @@
 
 # changed with every update
 %define major 52
-%define mainver %major.2.1
+%define mainver %major.3.0
 %define update_channel esr52
-%define releasedate 20170629000000
+%define releasedate 20170807000000
 
 # PIE, full relro (x86_64 for now)
 %define build_hardened 1
diff --git a/compare-locales.tar.xz b/compare-locales.tar.xz
index a36a7515..eb66ea38 100644
--- a/compare-locales.tar.xz
+++ b/compare-locales.tar.xz
@@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:b14ec1fcbda280d664f73c0cc109dfe70dfd9c82ee73e6b6effcfb91b683e974
-size 28824
+oid sha256:0c012241138a66dea1995518f245898791d94cb31d11b2472c889dbe464418bb
+size 28392
diff --git a/create-tar.sh b/create-tar.sh
index e5aae72b..f24c3ea3 100644
--- a/create-tar.sh
+++ b/create-tar.sh
@@ -7,8 +7,8 @@
 
 CHANNEL="esr52"
 BRANCH="releases/mozilla-$CHANNEL"
-RELEASE_TAG="FIREFOX_52_2_1esr_RELEASE"
-VERSION="52.2.1"
+RELEASE_TAG="FIREFOX_52_3_0esr_RELEASE"
+VERSION="52.3.0"
 
 # mozilla
 if [ -d mozilla ]; then
diff --git a/firefox-52.2.1-source.tar.xz b/firefox-52.2.1-source.tar.xz
deleted file mode 100644
index 5dccf44b..00000000
--- a/firefox-52.2.1-source.tar.xz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:ba0a07c30a18029a82304b99ab6d309e297fd4daf154b28dd3fd355b2da58b61
-size 228016352
diff --git a/firefox-52.3.0-source.tar.xz b/firefox-52.3.0-source.tar.xz
new file mode 100644
index 00000000..f45968ba
--- /dev/null
+++ b/firefox-52.3.0-source.tar.xz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:81cda681a593c1737ff6a448e73288beab6e1499f638002f5cfaa6726896420b
+size 223189032
diff --git a/l10n-52.2.1.tar.xz b/l10n-52.2.1.tar.xz
deleted file mode 100644
index 5533b143..00000000
--- a/l10n-52.2.1.tar.xz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:fcc7a6c7f1666fc216a43418dcb698001ca97e1ad2de1620364b50ef79d6c9a7
-size 49291392
diff --git a/l10n-52.3.0.tar.xz b/l10n-52.3.0.tar.xz
new file mode 100644
index 00000000..7b8c7341
--- /dev/null
+++ b/l10n-52.3.0.tar.xz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:20761eb9dd53c5880410fa1a94574f14b75e443b5bc8efe383d27c40a3e241c9
+size 45075116
diff --git a/source-stamp.txt b/source-stamp.txt
index 3fbcfd0a..afd795f7 100644
--- a/source-stamp.txt
+++ b/source-stamp.txt
@@ -1,2 +1,2 @@
-REV=512efd480dac
+REV=20a1a6ad46d5
 REPO=http://hg.mozilla.org/releases/mozilla-esr52