Accepting request 445658 from mozilla:Factory

- update to Firefox 50.1.0 (boo#1015422) * MFSA 2016-94 CVE-2016-9894: Buffer overflow in SkiaGL (bmo#1306628) CVE-2016-9899: Use-after-free while manipulating DOM events and audio elements (bmo#1317409) CVE-2016-9895: CSP bypass using marquee tag (bmo#1312272) CVE-2016-9896: Use-after-free with WebVR (bmo#1315543) CVE-2016-9897: Memory corruption in libGLES (bmo#1301381) CVE-2016-9898: Use-after-free in Editor while manipulating DOM subtrees (bmo#1314442) CVE-2016-9900: Restricted external resources can be loaded by SVG images through data URLs (bmo#1319122) CVE-2016-9904: Cross-origin information leak in shared atoms (bmo#1317936) CVE-2016-9901: Data from Pocket server improperly sanitized before execution (bmo#1320057) CVE-2016-9902: Pocket extension does not validate the origin of events (bmo#1320039) CVE-2016-9903: XSS injection vulnerability in add-ons SDK (bmo#1315435) CVE-2016-9080: Memory safety bugs fixed in Firefox 50.1 CVE-2016-9893: Memory safety bugs fixed in Firefox 50.1 and Firefox ESR 45.6 - added patch mozilla-aarch64-startup-crash.patch (bsc#1011922) OBS-URL: https://build.opensuse.org/request/show/445658 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaFirefox?expand=0&rev=248
2016-12-16 11:06:20 +00:00 · 2016-12-16 11:06:20 +00:00 · 632398f15d
commit 632398f15d
parent aaaf9c5abf 47ea133150
9 changed files with 75 additions and 10 deletions
--- a/MozillaFirefox.changes
+++ b/MozillaFirefox.changes
@ -1,3 +1,35 @@
+-------------------------------------------------------------------
+Mon Dec 12 21:18:41 UTC 2016 - wr@rosenauer.org
+
+- update to Firefox 50.1.0 (boo#1015422)
+  * MFSA 2016-94
+    CVE-2016-9894: Buffer overflow in SkiaGL (bmo#1306628)
+    CVE-2016-9899: Use-after-free while manipulating DOM events and
+                   audio elements (bmo#1317409)
+    CVE-2016-9895: CSP bypass using marquee tag (bmo#1312272)
+    CVE-2016-9896: Use-after-free with WebVR (bmo#1315543)
+    CVE-2016-9897: Memory corruption in libGLES (bmo#1301381)
+    CVE-2016-9898: Use-after-free in Editor while manipulating
+                   DOM subtrees (bmo#1314442)
+    CVE-2016-9900: Restricted external resources can be loaded by
+                   SVG images through data URLs (bmo#1319122)
+    CVE-2016-9904: Cross-origin information leak in shared atoms
+                   (bmo#1317936)
+    CVE-2016-9901: Data from Pocket server improperly sanitized
+                   before execution (bmo#1320057)
+    CVE-2016-9902: Pocket extension does not validate the origin
+                   of events (bmo#1320039)
+    CVE-2016-9903: XSS injection vulnerability in add-ons SDK
+                   (bmo#1315435)
+    CVE-2016-9080: Memory safety bugs fixed in Firefox 50.1
+    CVE-2016-9893: Memory safety bugs fixed in Firefox 50.1 and
+                   Firefox ESR 45.6
+
+-------------------------------------------------------------------
+Fri Dec  9 17:57:22 UTC 2016 - cgrobertson@novell.com
+
+- added patch mozilla-aarch64-startup-crash.patch (bsc#1011922)
+
 -------------------------------------------------------------------
 Thu Dec  1 02:49:45 UTC 2016 - wr@rosenauer.org

--- a/MozillaFirefox.spec
+++ b/MozillaFirefox.spec
@ -19,9 +19,9 @@

 # changed with every update
 %define major 50
-%define mainver %major.0.2
+%define mainver %major.1.0
 %define update_channel release
-%define releasedate 20161201000000
+%define releasedate 20161212000000

 # PIE, full relro (x86_64 for now)
 %define build_hardened 1
@ -153,6 +153,7 @@ Patch102:       firefox-no-default-ualocale.patch
 Patch103:       firefox-branded-icons.patch
 # hotfix
 Patch150:       mozilla-flex_buffer_overrun.patch
+Patch200:       mozilla-aarch64-startup-crash.patch

 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 Requires(post):   coreutils shared-mime-info desktop-file-utils
@ -266,6 +267,7 @@ cd $RPM_BUILD_DIR/mozilla
 %patch102 -p1
 %patch103 -p1
 %patch150 -p1
+%patch200 -p1

 %build
 # no need to add build time to binaries
--- a/compare-locales.tar.xz
+++ b/compare-locales.tar.xz
@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:fddd6b05e350038d420599e70f4cd5ec28bed7b7747c6f13fb447cc13703eaa6
-size 28356
+oid sha256:117aadfa96671239dd02fd11b3cfcd219fb5b3637a2400f532169dbd38d1729c
+size 28352
--- a/create-tar.sh
+++ b/create-tar.sh
@ -7,8 +7,8 @@

 CHANNEL="release"
 BRANCH="releases/mozilla-$CHANNEL"
-RELEASE_TAG="FIREFOX_50_0_2_RELEASE"
-VERSION="50.0.2"
+RELEASE_TAG="8612c3320053b796678921f8f23358e3e9df997e"
+VERSION="50.1.0"

 # mozilla
 if [ -d mozilla ]; then
--- a/firefox-50.0.2-source.tar.xz
+++ b/firefox-50.0.2-source.tar.xz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:ecec51f1e66dba7c966d951228c398609661115f5dc5057c22f4beb32d23ea96
-size 205253552
--- a/firefox-50.1.0-source.tar.xz
+++ b/firefox-50.1.0-source.tar.xz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:0d45f1d01b6375aa3323f8f457d7ee85c5bf7bb9acdfdd51a366d808c2f10d04
+size 206009156
--- a/l10n-50.1.0.tar.xz
+++ b/l10n-50.1.0.tar.xz
--- a/mozilla-aarch64-startup-crash.patch
+++ b/mozilla-aarch64-startup-crash.patch
@ -0,0 +1,31 @@
+# HG changeset patch
+# Parent a5cfa3aa11a9d3391df49de6fc5a0e5232c12c10
+Bug 991344 - Rpi3: Firefox crashes after a few seconds of usage
+
+diff --git a/netwerk/base/nsIOService.cpp b/netwerk/base/nsIOService.cpp
+--- a/netwerk/base/nsIOService.cpp
+++ b/netwerk/base/nsIOService.cpp
+@@ -830,17 +830,23 @@ nsIOService::NewChannelFromURIWithProxyF
+                 consoleService->LogStringMessage(NS_LITERAL_STRING(
+                     "Http channel implementation doesn't support nsIUploadChannel2. An extension has supplied a non-functional http protocol handler. This will break behavior and in future releases not work at all."
+                                                                    ).get());
+             }
+             gHasWarnedUploadChannel2 = true;
+         }
+     }
+ 
+#if defined(__aarch64__)
+    if (result) {
+        channel.forget(result);
+    }
+#else
+     channel.forget(result);
+#endif
+     return NS_OK;
+ }
+ 
+ NS_IMETHODIMP
+ nsIOService::NewChannelFromURIWithProxyFlags2(nsIURI* aURI,
+                                               nsIURI* aProxyURI,
+                                               uint32_t aProxyFlags,
+                                               nsIDOMNode* aLoadingNode,
--- a/source-stamp.txt
+++ b/source-stamp.txt
@ -1,2 +1,2 @@
-REV=cc272f7d48d3
+REV=8612c3320053
 REPO=http://hg.mozilla.org/releases/mozilla-release