From a9fdf6b5ecae8c3eea5caa9ff8e168286f31404ca6a1ebb62119825cdb31c3e0 Mon Sep 17 00:00:00 2001
From: Wolfgang Rosenauer <wolfgang@rosenauer.org>
Date: Fri, 15 May 2015 09:20:13 +0000
Subject: [PATCH] - update to Firefox 38.0.1   stability and regression fixes  
 * Systems with first generation NVidia Optimus graphics cards     may crash
 on start-up   * Users who import cookies from Google Chrome can end up with  
   broken websites   * Large animated images may fail to play and may stop
 other     images from loading - update to Firefox 38.0 (bnc#930622)   * New
 tab-based preferences   * Ruby annotation support   * more info:
 https://www.mozilla.org/en-US/firefox/38.0/releasenotes/   security fixes:  
 * MFSA 2015-46/CVE-2015-2708/CVE-2015-2709     Miscellaneous memory safety
 hazards   * MFSA 2015-47/VE-2015-0797 (bmo#1080995)     Buffer overflow
 parsing H.264 video with Linux Gstreamer   * MFSA 2015-48/CVE-2015-2710
 (bmo#1149542)     Buffer overflow with SVG content and CSS   * MFSA
 2015-49/CVE-2015-2711 (bmo#1113431)     Referrer policy ignored when links
 opened by middle-click and     context menu   * MFSA 2015-50/CVE-2015-2712
 (bmo#1152280)     Out-of-bounds read and write in asm.js validation   * MFSA
 2015-51/CVE-2015-2713 (bmo#1153478)     Use-after-free during text processing
 with vertical text enabled   * MFSA 2015-53/CVE-2015-2715 (bmo#988698)    
 Use-after-free due to Media Decoder Thread creation during shutdown   * MFSA
 2015-54/CVE-2015-2716 (bmo#1140537)     Buffer overflow when parsing
 compressed XML

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=441
---
 MozillaFirefox.changes       | 43 +++++++++++++++++++++++++++++++++++-
 MozillaFirefox.spec          |  4 ++--
 compare-locales.tar.xz       |  2 +-
 create-tar.sh                |  4 ++--
 firefox-38.0-source.tar.xz   |  3 ---
 firefox-38.0.1-source.tar.xz |  3 +++
 l10n-38.0.1.tar.xz           |  3 +++
 l10n-38.0.tar.xz             |  3 ---
 source-stamp.txt             |  2 +-
 9 files changed, 54 insertions(+), 13 deletions(-)
 delete mode 100644 firefox-38.0-source.tar.xz
 create mode 100644 firefox-38.0.1-source.tar.xz
 create mode 100644 l10n-38.0.1.tar.xz
 delete mode 100644 l10n-38.0.tar.xz

diff --git a/MozillaFirefox.changes b/MozillaFirefox.changes
index 1f40e6d..8cbbcc3 100644
--- a/MozillaFirefox.changes
+++ b/MozillaFirefox.changes
@@ -1,7 +1,48 @@
+-------------------------------------------------------------------
+Fri May 15 07:37:46 UTC 2015 - wr@rosenauer.org
+
+- update to Firefox 38.0.1
+  stability and regression fixes
+  * Systems with first generation NVidia Optimus graphics cards
+    may crash on start-up
+  * Users who import cookies from Google Chrome can end up with
+    broken websites
+  * Large animated images may fail to play and may stop other
+    images from loading
+
 -------------------------------------------------------------------
 Sun May 10 07:07:49 UTC 2015 - wr@rosenauer.org
 
-- update to Firefox 38.0 (bnc#)
+- update to Firefox 38.0 (bnc#930622)
+  * New tab-based preferences
+  * Ruby annotation support
+  * more info: https://www.mozilla.org/en-US/firefox/38.0/releasenotes/
+  security fixes:
+  * MFSA 2015-46/CVE-2015-2708/CVE-2015-2709
+    Miscellaneous memory safety hazards
+  * MFSA 2015-47/VE-2015-0797 (bmo#1080995)
+    Buffer overflow parsing H.264 video with Linux Gstreamer
+  * MFSA 2015-48/CVE-2015-2710 (bmo#1149542)
+    Buffer overflow with SVG content and CSS
+  * MFSA 2015-49/CVE-2015-2711 (bmo#1113431)
+    Referrer policy ignored when links opened by middle-click and
+    context menu
+  * MFSA 2015-50/CVE-2015-2712 (bmo#1152280)
+    Out-of-bounds read and write in asm.js validation
+  * MFSA 2015-51/CVE-2015-2713 (bmo#1153478)
+    Use-after-free during text processing with vertical text enabled
+  * MFSA 2015-53/CVE-2015-2715 (bmo#988698)
+    Use-after-free due to Media Decoder Thread creation during shutdown
+  * MFSA 2015-54/CVE-2015-2716 (bmo#1140537)
+    Buffer overflow when parsing compressed XML
+  * MFSA 2015-55/CVE-2015-2717 (bmo#1154683)
+    Buffer overflow and out-of-bounds read while parsing MP4 video
+    metadata
+  * MFSA 2015-56/CVE-2015-2718 (bmo#1146724)
+    Untrusted site hosting trusted page can intercept webchannel
+    responses
+  * MFSA 2015-57/CVE-2011-3079 (bmo#1087565)
+    Privilege escalation through IPC channel messages
 - requires NSS 3.18.1
 - removed obsolete patches:
   * mozilla-skia-bmo1136958.patch
diff --git a/MozillaFirefox.spec b/MozillaFirefox.spec
index e2f8f2f..5f0a439 100644
--- a/MozillaFirefox.spec
+++ b/MozillaFirefox.spec
@@ -19,9 +19,9 @@
 
 # changed with every update
 %define major 38
-%define mainver %major.0
+%define mainver %major.0.1
 %define update_channel release
-%define releasedate 2015050900
+%define releasedate 2015051400
 
 # general build definitions
 %if "%{update_channel}" != "aurora"
diff --git a/compare-locales.tar.xz b/compare-locales.tar.xz
index 98e2d1c..5d296fc 100644
--- a/compare-locales.tar.xz
+++ b/compare-locales.tar.xz
@@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:ef59c69e2e03697acc6593656ad5b7fd7c9da33cb4fd3abbe3da42b43f6dad02
+oid sha256:554dc858bdf51da453d404a4db1f63ae13b66bc293794e5b5d9f1ae705430c5c
 size 28424
diff --git a/create-tar.sh b/create-tar.sh
index 2bf916d..4c6fad0 100644
--- a/create-tar.sh
+++ b/create-tar.sh
@@ -2,8 +2,8 @@
 
 CHANNEL="release"
 BRANCH="releases/mozilla-$CHANNEL"
-RELEASE_TAG="FIREFOX_38_0_RELEASE"
-VERSION="38.0"
+RELEASE_TAG="FIREFOX_38_0_1_RELEASE"
+VERSION="38.0.1"
 
 # mozilla
 if [ -d mozilla ]; then
diff --git a/firefox-38.0-source.tar.xz b/firefox-38.0-source.tar.xz
deleted file mode 100644
index bb407e4..0000000
--- a/firefox-38.0-source.tar.xz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:07d6e4ed2e1fb8c74fa0c181e58d797a1a6007e6e2c932d941555423606d08cf
-size 154668044
diff --git a/firefox-38.0.1-source.tar.xz b/firefox-38.0.1-source.tar.xz
new file mode 100644
index 0000000..337e9ad
--- /dev/null
+++ b/firefox-38.0.1-source.tar.xz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:35ce3a749708d48f503ed98e279ca84cebf8d14cd34a168d41974d0c559799ce
+size 154301356
diff --git a/l10n-38.0.1.tar.xz b/l10n-38.0.1.tar.xz
new file mode 100644
index 0000000..950892a
--- /dev/null
+++ b/l10n-38.0.1.tar.xz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:07054adb03febcc11451f523916c94dbb35f0d3a1e819869bf639e3f38f87664
+size 42023448
diff --git a/l10n-38.0.tar.xz b/l10n-38.0.tar.xz
deleted file mode 100644
index 1496b36..0000000
--- a/l10n-38.0.tar.xz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:73b39fcfb76f1fa51f2d8297b7f028a971b9d993d9513efb83ce9af53d209be0
-size 42048468
diff --git a/source-stamp.txt b/source-stamp.txt
index be1ff11..91604d6 100644
--- a/source-stamp.txt
+++ b/source-stamp.txt
@@ -1,2 +1,2 @@
-REV=4c4dc6640c7e
+REV=62bee8cdd19f
 REPO=http://hg.mozilla.org/releases/mozilla-release