Accepting request 555866 from mozilla:Factory

- Explicitly buildrequires python2-xml: The build system relies on it. We wrongly relied on other packages pulling it in for us. - Escape the usage of %{VERSION} when calling out to rpm. RPM 4.14 has %{VERSION} defined as 'the main packages version'. * CVE-2017-7843: Web worker in Private Browsing mode can write IndexedDB data (bsc#1072034, bmo#1410106) * CVE-2017-7844: Visited history information leak through SVG image (bsc#1072036, bmo#1420001) OBS-URL: https://build.opensuse.org/request/show/555866 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaFirefox?expand=0&rev=262
2017-12-12 20:20:59 +00:00 · 2017-12-12 20:20:59 +00:00 · 820de17727
commit 820de17727
parent 3a200887ad ef7f78afd2
2 changed files with 19 additions and 2 deletions
--- a/MozillaFirefox.changes
+++ b/MozillaFirefox.changes
@ -1,7 +1,23 @@
+-------------------------------------------------------------------
+Fri Dec  8 15:52:17 UTC 2017 - dimstar@opensuse.org
+
+- Explicitly buildrequires python2-xml: The build system relies on
+  it. We wrongly relied on other packages pulling it in for us.
+
+-------------------------------------------------------------------
+Thu Dec  7 11:12:31 UTC 2017 - dimstar@opensuse.org
+
+- Escape the usage of %{VERSION} when calling out to rpm.
+  RPM 4.14 has %{VERSION} defined as 'the main packages version'.
+
 -------------------------------------------------------------------
 Wed Nov 29 23:45:03 UTC 2017 - wr@rosenauer.org

 - update to Firefox 57.0.1
+  * CVE-2017-7843: Web worker in Private Browsing mode can write
+    IndexedDB data (bsc#1072034, bmo#1410106)
+  * CVE-2017-7844: Visited history information leak through SVG
+    image (bsc#1072036, bmo#1420001)
  * Fix a video color distortion issue on YouTube and other video
    sites with some AMD devices (bmo#1417442)
  * Fix an issue with prefs.js when the profile path has non-ascii
--- a/MozillaFirefox.spec
+++ b/MozillaFirefox.spec
@ -75,6 +75,7 @@ BuildRequires:  makeinfo
 BuildRequires:  mozilla-nspr-devel >= 4.17
 BuildRequires:  mozilla-nss-devel >= 3.33
 BuildRequires:  python-devel
+BuildRequires:  python2-xml
 BuildRequires:  rust >= 1.19
 BuildRequires:  rust-std
 BuildRequires:  startup-notification-devel
@ -166,8 +167,8 @@ Requires(postun): shared-mime-info desktop-file-utils
 %if %branding
 Requires:       %{name}-branding > 44.0
 %endif
-Requires:       mozilla-nspr >= %(rpm -q --queryformat '%{VERSION}' mozilla-nspr)
-Requires:       mozilla-nss >= %(rpm -q --queryformat '%{VERSION}' mozilla-nss)
+Requires:       mozilla-nspr >= %(rpm -q --queryformat '%%{VERSION}' mozilla-nspr)
+Requires:       mozilla-nss >= %(rpm -q --queryformat '%%{VERSION}' mozilla-nss)
 Recommends:     libcanberra0
 Recommends:     libpulse0
 # addon leads to startup crash (bnc#908892)