From a7b507dd7603d06d5bc6d25ce4691374184927a5ddbee9ab6bc7e3e6459fc4e2 Mon Sep 17 00:00:00 2001 From: Wolfgang Rosenauer Date: Mon, 12 Dec 2016 18:36:34 +0000 Subject: [PATCH 1/3] Accepting request 445492 from home:cgrobertson:branches:mozilla:Factory - added patch mozilla-aarch64-startup-crash.patch (bsc#1011922) OBS-URL: https://build.opensuse.org/request/show/445492 OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=562 --- MozillaFirefox.changes | 5 +++++ MozillaFirefox.spec | 4 +++- mozilla-aarch64-startup-crash.patch | 31 +++++++++++++++++++++++++++++ 3 files changed, 39 insertions(+), 1 deletion(-) create mode 100644 mozilla-aarch64-startup-crash.patch diff --git a/MozillaFirefox.changes b/MozillaFirefox.changes index 85a4b3a..0d518ab 100644 --- a/MozillaFirefox.changes +++ b/MozillaFirefox.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Fri Dec 9 17:57:22 UTC 2016 - cgrobertson@novell.com + +- added patch mozilla-aarch64-startup-crash.patch (bsc#1011922) + ------------------------------------------------------------------- Thu Dec 1 02:49:45 UTC 2016 - wr@rosenauer.org diff --git a/MozillaFirefox.spec b/MozillaFirefox.spec index 3478c3b..602565d 100644 --- a/MozillaFirefox.spec +++ b/MozillaFirefox.spec @@ -1,7 +1,7 @@ # # spec file for package MozillaFirefox # -# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2016 SUSE LINUX Products GmbH, Nuernberg, Germany. # 2006-2016 Wolfgang Rosenauer # # All modifications and additions to the file contributed by third parties @@ -153,6 +153,7 @@ Patch102: firefox-no-default-ualocale.patch Patch103: firefox-branded-icons.patch # hotfix Patch150: mozilla-flex_buffer_overrun.patch +Patch200: mozilla-aarch64-startup-crash.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build Requires(post): coreutils shared-mime-info desktop-file-utils @@ -266,6 +267,7 @@ cd $RPM_BUILD_DIR/mozilla %patch102 -p1 %patch103 -p1 %patch150 -p1 +%patch200 -p1 %build # no need to add build time to binaries diff --git a/mozilla-aarch64-startup-crash.patch b/mozilla-aarch64-startup-crash.patch new file mode 100644 index 0000000..e1c1876 --- /dev/null +++ b/mozilla-aarch64-startup-crash.patch @@ -0,0 +1,31 @@ +# HG changeset patch +# Parent a5cfa3aa11a9d3391df49de6fc5a0e5232c12c10 +Bug 991344 - Rpi3: Firefox crashes after a few seconds of usage + +diff --git a/netwerk/base/nsIOService.cpp b/netwerk/base/nsIOService.cpp +--- a/netwerk/base/nsIOService.cpp ++++ b/netwerk/base/nsIOService.cpp +@@ -830,17 +830,23 @@ nsIOService::NewChannelFromURIWithProxyF + consoleService->LogStringMessage(NS_LITERAL_STRING( + "Http channel implementation doesn't support nsIUploadChannel2. An extension has supplied a non-functional http protocol handler. This will break behavior and in future releases not work at all." + ).get()); + } + gHasWarnedUploadChannel2 = true; + } + } + ++#if defined(__aarch64__) ++ if (result) { ++ channel.forget(result); ++ } ++#else + channel.forget(result); ++#endif + return NS_OK; + } + + NS_IMETHODIMP + nsIOService::NewChannelFromURIWithProxyFlags2(nsIURI* aURI, + nsIURI* aProxyURI, + uint32_t aProxyFlags, + nsIDOMNode* aLoadingNode, From 0e804587d57d2be1f2c449b821651d2c29d95cea51a4cdf8f9192173f1a5d07d Mon Sep 17 00:00:00 2001 From: Wolfgang Rosenauer Date: Mon, 12 Dec 2016 21:26:20 +0000 Subject: [PATCH 2/3] - update to Firefox 50.1.0 (boo#) OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=563 --- MozillaFirefox.changes | 5 +++++ MozillaFirefox.spec | 6 +++--- compare-locales.tar.xz | 4 ++-- create-tar.sh | 4 ++-- firefox-50.0.2-source.tar.xz | 3 --- firefox-50.1.0-source.tar.xz | 3 +++ l10n-50.0.2.tar.xz => l10n-50.1.0.tar.xz | 0 source-stamp.txt | 2 +- 8 files changed, 16 insertions(+), 11 deletions(-) delete mode 100644 firefox-50.0.2-source.tar.xz create mode 100644 firefox-50.1.0-source.tar.xz rename l10n-50.0.2.tar.xz => l10n-50.1.0.tar.xz (100%) diff --git a/MozillaFirefox.changes b/MozillaFirefox.changes index 0d518ab..106f81b 100644 --- a/MozillaFirefox.changes +++ b/MozillaFirefox.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Mon Dec 12 21:18:41 UTC 2016 - wr@rosenauer.org + +- update to Firefox 50.1.0 (boo#) + ------------------------------------------------------------------- Fri Dec 9 17:57:22 UTC 2016 - cgrobertson@novell.com diff --git a/MozillaFirefox.spec b/MozillaFirefox.spec index 602565d..206c66a 100644 --- a/MozillaFirefox.spec +++ b/MozillaFirefox.spec @@ -1,7 +1,7 @@ # # spec file for package MozillaFirefox # -# Copyright (c) 2016 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany. # 2006-2016 Wolfgang Rosenauer # # All modifications and additions to the file contributed by third parties @@ -19,9 +19,9 @@ # changed with every update %define major 50 -%define mainver %major.0.2 +%define mainver %major.1.0 %define update_channel release -%define releasedate 20161201000000 +%define releasedate 20161212000000 # PIE, full relro (x86_64 for now) %define build_hardened 1 diff --git a/compare-locales.tar.xz b/compare-locales.tar.xz index 6e5ebaa..b283d28 100644 --- a/compare-locales.tar.xz +++ b/compare-locales.tar.xz @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:fddd6b05e350038d420599e70f4cd5ec28bed7b7747c6f13fb447cc13703eaa6 -size 28356 +oid sha256:117aadfa96671239dd02fd11b3cfcd219fb5b3637a2400f532169dbd38d1729c +size 28352 diff --git a/create-tar.sh b/create-tar.sh index eecc506..e2cbf04 100644 --- a/create-tar.sh +++ b/create-tar.sh @@ -7,8 +7,8 @@ CHANNEL="release" BRANCH="releases/mozilla-$CHANNEL" -RELEASE_TAG="FIREFOX_50_0_2_RELEASE" -VERSION="50.0.2" +RELEASE_TAG="8612c3320053b796678921f8f23358e3e9df997e" +VERSION="50.1.0" # mozilla if [ -d mozilla ]; then diff --git a/firefox-50.0.2-source.tar.xz b/firefox-50.0.2-source.tar.xz deleted file mode 100644 index 6dcb18a..0000000 --- a/firefox-50.0.2-source.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:ecec51f1e66dba7c966d951228c398609661115f5dc5057c22f4beb32d23ea96 -size 205253552 diff --git a/firefox-50.1.0-source.tar.xz b/firefox-50.1.0-source.tar.xz new file mode 100644 index 0000000..a996a7e --- /dev/null +++ b/firefox-50.1.0-source.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:0d45f1d01b6375aa3323f8f457d7ee85c5bf7bb9acdfdd51a366d808c2f10d04 +size 206009156 diff --git a/l10n-50.0.2.tar.xz b/l10n-50.1.0.tar.xz similarity index 100% rename from l10n-50.0.2.tar.xz rename to l10n-50.1.0.tar.xz diff --git a/source-stamp.txt b/source-stamp.txt index 3c4caf1..42726fc 100644 --- a/source-stamp.txt +++ b/source-stamp.txt @@ -1,2 +1,2 @@ -REV=cc272f7d48d3 +REV=8612c3320053 REPO=http://hg.mozilla.org/releases/mozilla-release From 47ea133150e2d09909c2883692aa65a4e4cec36f14ac4eb21bf8e3487536a144 Mon Sep 17 00:00:00 2001 From: Wolfgang Rosenauer Date: Tue, 13 Dec 2016 21:10:19 +0000 Subject: [PATCH 3/3] - update to Firefox 50.1.0 (boo#1015422) * MFSA 2016-94 CVE-2016-9894: Buffer overflow in SkiaGL (bmo#1306628) CVE-2016-9899: Use-after-free while manipulating DOM events and audio elements (bmo#1317409) CVE-2016-9895: CSP bypass using marquee tag (bmo#1312272) CVE-2016-9896: Use-after-free with WebVR (bmo#1315543) CVE-2016-9897: Memory corruption in libGLES (bmo#1301381) CVE-2016-9898: Use-after-free in Editor while manipulating DOM subtrees (bmo#1314442) CVE-2016-9900: Restricted external resources can be loaded by SVG images through data URLs (bmo#1319122) CVE-2016-9904: Cross-origin information leak in shared atoms (bmo#1317936) CVE-2016-9901: Data from Pocket server improperly sanitized before execution (bmo#1320057) CVE-2016-9902: Pocket extension does not validate the origin of events (bmo#1320039) CVE-2016-9903: XSS injection vulnerability in add-ons SDK (bmo#1315435) CVE-2016-9080: Memory safety bugs fixed in Firefox 50.1 CVE-2016-9893: Memory safety bugs fixed in Firefox 50.1 and Firefox ESR 45.6 OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=564 --- MozillaFirefox.changes | 24 +++++++++++++++++++++++- 1 file changed, 23 insertions(+), 1 deletion(-) diff --git a/MozillaFirefox.changes b/MozillaFirefox.changes index 106f81b..05904f4 100644 --- a/MozillaFirefox.changes +++ b/MozillaFirefox.changes @@ -1,7 +1,29 @@ ------------------------------------------------------------------- Mon Dec 12 21:18:41 UTC 2016 - wr@rosenauer.org -- update to Firefox 50.1.0 (boo#) +- update to Firefox 50.1.0 (boo#1015422) + * MFSA 2016-94 + CVE-2016-9894: Buffer overflow in SkiaGL (bmo#1306628) + CVE-2016-9899: Use-after-free while manipulating DOM events and + audio elements (bmo#1317409) + CVE-2016-9895: CSP bypass using marquee tag (bmo#1312272) + CVE-2016-9896: Use-after-free with WebVR (bmo#1315543) + CVE-2016-9897: Memory corruption in libGLES (bmo#1301381) + CVE-2016-9898: Use-after-free in Editor while manipulating + DOM subtrees (bmo#1314442) + CVE-2016-9900: Restricted external resources can be loaded by + SVG images through data URLs (bmo#1319122) + CVE-2016-9904: Cross-origin information leak in shared atoms + (bmo#1317936) + CVE-2016-9901: Data from Pocket server improperly sanitized + before execution (bmo#1320057) + CVE-2016-9902: Pocket extension does not validate the origin + of events (bmo#1320039) + CVE-2016-9903: XSS injection vulnerability in add-ons SDK + (bmo#1315435) + CVE-2016-9080: Memory safety bugs fixed in Firefox 50.1 + CVE-2016-9893: Memory safety bugs fixed in Firefox 50.1 and + Firefox ESR 45.6 ------------------------------------------------------------------- Fri Dec 9 17:57:22 UTC 2016 - cgrobertson@novell.com