diff --git a/MozillaFirefox.changes b/MozillaFirefox.changes index 85a4b3a..05904f4 100644 --- a/MozillaFirefox.changes +++ b/MozillaFirefox.changes @@ -1,3 +1,35 @@ +------------------------------------------------------------------- +Mon Dec 12 21:18:41 UTC 2016 - wr@rosenauer.org + +- update to Firefox 50.1.0 (boo#1015422) + * MFSA 2016-94 + CVE-2016-9894: Buffer overflow in SkiaGL (bmo#1306628) + CVE-2016-9899: Use-after-free while manipulating DOM events and + audio elements (bmo#1317409) + CVE-2016-9895: CSP bypass using marquee tag (bmo#1312272) + CVE-2016-9896: Use-after-free with WebVR (bmo#1315543) + CVE-2016-9897: Memory corruption in libGLES (bmo#1301381) + CVE-2016-9898: Use-after-free in Editor while manipulating + DOM subtrees (bmo#1314442) + CVE-2016-9900: Restricted external resources can be loaded by + SVG images through data URLs (bmo#1319122) + CVE-2016-9904: Cross-origin information leak in shared atoms + (bmo#1317936) + CVE-2016-9901: Data from Pocket server improperly sanitized + before execution (bmo#1320057) + CVE-2016-9902: Pocket extension does not validate the origin + of events (bmo#1320039) + CVE-2016-9903: XSS injection vulnerability in add-ons SDK + (bmo#1315435) + CVE-2016-9080: Memory safety bugs fixed in Firefox 50.1 + CVE-2016-9893: Memory safety bugs fixed in Firefox 50.1 and + Firefox ESR 45.6 + +------------------------------------------------------------------- +Fri Dec 9 17:57:22 UTC 2016 - cgrobertson@novell.com + +- added patch mozilla-aarch64-startup-crash.patch (bsc#1011922) + ------------------------------------------------------------------- Thu Dec 1 02:49:45 UTC 2016 - wr@rosenauer.org diff --git a/MozillaFirefox.spec b/MozillaFirefox.spec index 3478c3b..206c66a 100644 --- a/MozillaFirefox.spec +++ b/MozillaFirefox.spec @@ -19,9 +19,9 @@ # changed with every update %define major 50 -%define mainver %major.0.2 +%define mainver %major.1.0 %define update_channel release -%define releasedate 20161201000000 +%define releasedate 20161212000000 # PIE, full relro (x86_64 for now) %define build_hardened 1 @@ -153,6 +153,7 @@ Patch102: firefox-no-default-ualocale.patch Patch103: firefox-branded-icons.patch # hotfix Patch150: mozilla-flex_buffer_overrun.patch +Patch200: mozilla-aarch64-startup-crash.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build Requires(post): coreutils shared-mime-info desktop-file-utils @@ -266,6 +267,7 @@ cd $RPM_BUILD_DIR/mozilla %patch102 -p1 %patch103 -p1 %patch150 -p1 +%patch200 -p1 %build # no need to add build time to binaries diff --git a/compare-locales.tar.xz b/compare-locales.tar.xz index 6e5ebaa..b283d28 100644 --- a/compare-locales.tar.xz +++ b/compare-locales.tar.xz @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:fddd6b05e350038d420599e70f4cd5ec28bed7b7747c6f13fb447cc13703eaa6 -size 28356 +oid sha256:117aadfa96671239dd02fd11b3cfcd219fb5b3637a2400f532169dbd38d1729c +size 28352 diff --git a/create-tar.sh b/create-tar.sh index eecc506..e2cbf04 100644 --- a/create-tar.sh +++ b/create-tar.sh @@ -7,8 +7,8 @@ CHANNEL="release" BRANCH="releases/mozilla-$CHANNEL" -RELEASE_TAG="FIREFOX_50_0_2_RELEASE" -VERSION="50.0.2" +RELEASE_TAG="8612c3320053b796678921f8f23358e3e9df997e" +VERSION="50.1.0" # mozilla if [ -d mozilla ]; then diff --git a/firefox-50.0.2-source.tar.xz b/firefox-50.0.2-source.tar.xz deleted file mode 100644 index 6dcb18a..0000000 --- a/firefox-50.0.2-source.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:ecec51f1e66dba7c966d951228c398609661115f5dc5057c22f4beb32d23ea96 -size 205253552 diff --git a/firefox-50.1.0-source.tar.xz b/firefox-50.1.0-source.tar.xz new file mode 100644 index 0000000..a996a7e --- /dev/null +++ b/firefox-50.1.0-source.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:0d45f1d01b6375aa3323f8f457d7ee85c5bf7bb9acdfdd51a366d808c2f10d04 +size 206009156 diff --git a/l10n-50.0.2.tar.xz b/l10n-50.1.0.tar.xz similarity index 100% rename from l10n-50.0.2.tar.xz rename to l10n-50.1.0.tar.xz diff --git a/mozilla-aarch64-startup-crash.patch b/mozilla-aarch64-startup-crash.patch new file mode 100644 index 0000000..e1c1876 --- /dev/null +++ b/mozilla-aarch64-startup-crash.patch @@ -0,0 +1,31 @@ +# HG changeset patch +# Parent a5cfa3aa11a9d3391df49de6fc5a0e5232c12c10 +Bug 991344 - Rpi3: Firefox crashes after a few seconds of usage + +diff --git a/netwerk/base/nsIOService.cpp b/netwerk/base/nsIOService.cpp +--- a/netwerk/base/nsIOService.cpp ++++ b/netwerk/base/nsIOService.cpp +@@ -830,17 +830,23 @@ nsIOService::NewChannelFromURIWithProxyF + consoleService->LogStringMessage(NS_LITERAL_STRING( + "Http channel implementation doesn't support nsIUploadChannel2. An extension has supplied a non-functional http protocol handler. This will break behavior and in future releases not work at all." + ).get()); + } + gHasWarnedUploadChannel2 = true; + } + } + ++#if defined(__aarch64__) ++ if (result) { ++ channel.forget(result); ++ } ++#else + channel.forget(result); ++#endif + return NS_OK; + } + + NS_IMETHODIMP + nsIOService::NewChannelFromURIWithProxyFlags2(nsIURI* aURI, + nsIURI* aProxyURI, + uint32_t aProxyFlags, + nsIDOMNode* aLoadingNode, diff --git a/source-stamp.txt b/source-stamp.txt index 3c4caf1..42726fc 100644 --- a/source-stamp.txt +++ b/source-stamp.txt @@ -1,2 +1,2 @@ -REV=cc272f7d48d3 +REV=8612c3320053 REPO=http://hg.mozilla.org/releases/mozilla-release