From 09b85d1e8091f847b5cbf46ee83b2981ce0f6ad3ec5357d21dffbff62923d522 Mon Sep 17 00:00:00 2001 From: Wolfgang Rosenauer Date: Wed, 14 Jun 2017 09:43:07 +0000 Subject: [PATCH] - update to Firefox 52.2esr (boo#1043960) MFSA 2017-16 * CVE-2017-5472 (bmo#1365602) Use-after-free using destroyed node when regenerating trees * CVE-2017-7749 (bmo#1355039) Use-after-free during docshell reloading * CVE-2017-7750 (bmo#1356558) Use-after-free with track elements * CVE-2017-7751 (bmo#1363396) Use-after-free with content viewer listeners * CVE-2017-7752 (bmo#1359547) Use-after-free with IME input * CVE-2017-7754 (bmo#1357090) Out-of-bounds read in WebGL with ImageInfo object * CVE-2017-7755 (bmo#1361326) Privilege escalation through Firefox Installer with same directory DLL files (Windows only) * CVE-2017-7756 (bmo#1366595) Use-after-free and use-after-scope logging XHR header errors * CVE-2017-7757 (bmo#1356824) Use-after-free in IndexedDB * CVE-2017-7778, CVE-2017-7778, CVE-2017-7771, CVE-2017-7772, CVE-2017-7773, CVE-2017-7774, CVE-2017-7775, CVE-2017-7776, CVE-2017-7777 Vulnerabilities in the Graphite 2 library * CVE-2017-7758 (bmo#1368490) Out-of-bounds read in Opus encoder * CVE-2017-7760 (bmo#1348645) File manipulation and privilege escalation via callback parameter in Mozilla Windows Updater and Maintenance Service (Windows only) OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=594 --- MozillaFirefox.changes | 55 ++++++++++++++++++++++++++++++++++++ MozillaFirefox.spec | 6 ++-- compare-locales.tar.xz | 4 +-- create-tar.sh | 4 +-- firefox-52.1.1-source.tar.xz | 3 -- firefox-52.2-source.tar.xz | 3 ++ l10n-52.1.1.tar.xz | 3 -- l10n-52.2.tar.xz | 3 ++ source-stamp.txt | 2 +- 9 files changed, 69 insertions(+), 14 deletions(-) delete mode 100644 firefox-52.1.1-source.tar.xz create mode 100644 firefox-52.2-source.tar.xz delete mode 100644 l10n-52.1.1.tar.xz create mode 100644 l10n-52.2.tar.xz diff --git a/MozillaFirefox.changes b/MozillaFirefox.changes index 68f9c82..1f006ed 100644 --- a/MozillaFirefox.changes +++ b/MozillaFirefox.changes @@ -1,3 +1,58 @@ +------------------------------------------------------------------- +Wed Jun 14 07:08:29 UTC 2017 - wr@rosenauer.org + +- update to Firefox 52.2esr (boo#1043960) + MFSA 2017-16 + * CVE-2017-5472 (bmo#1365602) + Use-after-free using destroyed node when regenerating trees + * CVE-2017-7749 (bmo#1355039) + Use-after-free during docshell reloading + * CVE-2017-7750 (bmo#1356558) + Use-after-free with track elements + * CVE-2017-7751 (bmo#1363396) + Use-after-free with content viewer listeners + * CVE-2017-7752 (bmo#1359547) + Use-after-free with IME input + * CVE-2017-7754 (bmo#1357090) + Out-of-bounds read in WebGL with ImageInfo object + * CVE-2017-7755 (bmo#1361326) + Privilege escalation through Firefox Installer with same + directory DLL files (Windows only) + * CVE-2017-7756 (bmo#1366595) + Use-after-free and use-after-scope logging XHR header errors + * CVE-2017-7757 (bmo#1356824) + Use-after-free in IndexedDB + * CVE-2017-7778, CVE-2017-7778, CVE-2017-7771, CVE-2017-7772, + CVE-2017-7773, CVE-2017-7774, CVE-2017-7775, CVE-2017-7776, + CVE-2017-7777 + Vulnerabilities in the Graphite 2 library + * CVE-2017-7758 (bmo#1368490) + Out-of-bounds read in Opus encoder + * CVE-2017-7760 (bmo#1348645) + File manipulation and privilege escalation via callback parameter + in Mozilla Windows Updater and Maintenance Service (Windows only) + * CVE-2017-7761 (bmo#1215648) + File deletion and privilege escalation through Mozilla Maintenance + Service helper.exe application (Windows only) + * CVE-2017-7764 (bmo#1364283) + Domain spoofing with combination of Canadian Syllabics and other + unicode blocks + * CVE-2017-7765 (bmo#1273265) + Mark of the Web bypass when saving executable files (Windows only) + * CVE-2017-7766 (bmo#1342742) + File execution and privilege escalation through updater.ini, + Mozilla Windows Updater, and Mozilla Maintenance Service + (Windows only) + * CVE-2017-7767 (bmo#1336964) + Privilege escalation and arbitrary file overwrites through Mozilla + Windows Updater and Mozilla Maintenance Service (Windows only) + * CVE-2017-7768 (bmo#1336979) + 32 byte arbitrary file read through Mozilla Maintenance Service + (Windows only) + * CVE-2017-5470 + Memory safety bugs fixed in Firefox 54 and Firefox ESR 52.2 +- requires NSS 3.28.5 + ------------------------------------------------------------------- Tue May 23 14:00:40 UTC 2017 - wr@rosenauer.org diff --git a/MozillaFirefox.spec b/MozillaFirefox.spec index 3a05e69..c8d15cc 100644 --- a/MozillaFirefox.spec +++ b/MozillaFirefox.spec @@ -19,9 +19,9 @@ # changed with every update %define major 52 -%define mainver %major.1.1 +%define mainver %major.2 %define update_channel esr52 -%define releasedate 20170504000000 +%define releasedate 20170612000000 # PIE, full relro (x86_64 for now) %define build_hardened 1 @@ -82,7 +82,7 @@ BuildRequires: libnotify-devel BuildRequires: libproxy-devel BuildRequires: makeinfo BuildRequires: mozilla-nspr-devel >= 4.13.1 -BuildRequires: mozilla-nss-devel >= 3.28.4 +BuildRequires: mozilla-nss-devel >= 3.28.5 BuildRequires: nss-shared-helper-devel BuildRequires: python-devel BuildRequires: startup-notification-devel diff --git a/compare-locales.tar.xz b/compare-locales.tar.xz index c75806e..313a8f8 100644 --- a/compare-locales.tar.xz +++ b/compare-locales.tar.xz @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:e214ffffe1a35265eb8ea61ba630866a252b2402ecbec6e7137868b4edebafe2 -size 28356 +oid sha256:c120f40aa9fa97dc2e9debb0398514dc5873481b65322b645186a476cd49f555 +size 28380 diff --git a/create-tar.sh b/create-tar.sh index 3267f04..5ccefae 100644 --- a/create-tar.sh +++ b/create-tar.sh @@ -7,8 +7,8 @@ CHANNEL="esr52" BRANCH="releases/mozilla-$CHANNEL" -RELEASE_TAG="FIREFOX_52_1_1esr_RELEASE" -VERSION="52.1.1" +RELEASE_TAG="FIREFOX_52_2_0esr_RELEASE" +VERSION="52.2" # mozilla if [ -d mozilla ]; then diff --git a/firefox-52.1.1-source.tar.xz b/firefox-52.1.1-source.tar.xz deleted file mode 100644 index 8a538cc..0000000 --- a/firefox-52.1.1-source.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:1ccdee46cb8d78145281de57501dee34f4e5eb71f6e98746e3d4b1b6faf09920 -size 222469016 diff --git a/firefox-52.2-source.tar.xz b/firefox-52.2-source.tar.xz new file mode 100644 index 0000000..1c21be0 --- /dev/null +++ b/firefox-52.2-source.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:298e38ec2f230482e081693ebf27add8b4de68782639ec5446102a5e42847b3b +size 222356940 diff --git a/l10n-52.1.1.tar.xz b/l10n-52.1.1.tar.xz deleted file mode 100644 index a7b4e54..0000000 --- a/l10n-52.1.1.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:a856562b32f7d214bd71f756e2e360c702faebc2b739ddbd2adc77063f893cc0 -size 45025968 diff --git a/l10n-52.2.tar.xz b/l10n-52.2.tar.xz new file mode 100644 index 0000000..410a3cc --- /dev/null +++ b/l10n-52.2.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:508eaf325e8fec62e5147c3ade233b7a32afedc06fff2262115174ffab66c36b +size 45016424 diff --git a/source-stamp.txt b/source-stamp.txt index efdaa44..6340b2f 100644 --- a/source-stamp.txt +++ b/source-stamp.txt @@ -1,2 +1,2 @@ -REV=120111e65bc4 +REV=f68e0d98a22a REPO=http://hg.mozilla.org/releases/mozilla-esr52