1
0

new features

* Updated Firefox Login Manager to allow HTTPS pages to use saved
    HTTP logins.
  * Added features to Reader Mode that make it easier on the eyes and
    the ears
  * Improved video performance for users on systems that support
    SSE3 without hardware acceleration
  * Added context menu controls to HTML5 audio and video that let users
    loops files or play files at 1.25x speed
  * Improvements in about:memory reports for tracking font memory usage
  security related
  * MFSA 2016-85
    CVE-2016-2827 (bmo#1289085) - Out-of-bounds read in
    mozilla::net::IsValidReferrerPolicy
    CVE-2016-5270 (bmo#1291016) - Heap-buffer-overflow in
    nsCaseTransformTextRunFactory::TransformString
    CVE-2016-5271 (bmo#1288946) - Out-of-bounds read in
    PropertyProvider::GetSpacingInternal
    CVE-2016-5272 (bmo#1297934) - Bad cast in nsImageGeometryMixin
    CVE-2016-5273 (bmo#1280387) - crash in
    mozilla::a11y::HyperTextAccessible::GetChildOffset
    CVE-2016-5276 (bmo#1287721) - Heap-use-after-free in
    mozilla::a11y::DocAccessible::ProcessInvalidationList
    CVE-2016-5274 (bmo#1282076) - use-after-free in
    nsFrameManager::CaptureFrameState
    CVE-2016-5277 (bmo#1291665) - Heap-use-after-free in nsRefreshDriver::Tick
    CVE-2016-5275 (bmo#1287316) - global-buffer-overflow in
    mozilla::gfx::FilterSupport::ComputeSourceNeededRegions
    CVE-2016-5278 (bmo#1294677) - Heap-buffer-overflow in
    nsBMPEncoder::AddImageFrame

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=548
This commit is contained in:
Wolfgang Rosenauer 2016-09-21 21:34:48 +00:00 committed by Git OBS Bridge
parent 23d3134ccb
commit ad9a2b532d
3 changed files with 77 additions and 0 deletions

View File

@ -2,10 +2,53 @@
Tue Sep 20 07:09:52 UTC 2016 - wr@rosenauer.org
- update to Firefox 49.0 (boo#999701)
new features
* Updated Firefox Login Manager to allow HTTPS pages to use saved
HTTP logins.
* Added features to Reader Mode that make it easier on the eyes and
the ears
* Improved video performance for users on systems that support
SSE3 without hardware acceleration
* Added context menu controls to HTML5 audio and video that let users
loops files or play files at 1.25x speed
* Improvements in about:memory reports for tracking font memory usage
security related
* MFSA 2016-85
CVE-2016-2827 (bmo#1289085) - Out-of-bounds read in
mozilla::net::IsValidReferrerPolicy
CVE-2016-5270 (bmo#1291016) - Heap-buffer-overflow in
nsCaseTransformTextRunFactory::TransformString
CVE-2016-5271 (bmo#1288946) - Out-of-bounds read in
PropertyProvider::GetSpacingInternal
CVE-2016-5272 (bmo#1297934) - Bad cast in nsImageGeometryMixin
CVE-2016-5273 (bmo#1280387) - crash in
mozilla::a11y::HyperTextAccessible::GetChildOffset
CVE-2016-5276 (bmo#1287721) - Heap-use-after-free in
mozilla::a11y::DocAccessible::ProcessInvalidationList
CVE-2016-5274 (bmo#1282076) - use-after-free in
nsFrameManager::CaptureFrameState
CVE-2016-5277 (bmo#1291665) - Heap-use-after-free in nsRefreshDriver::Tick
CVE-2016-5275 (bmo#1287316) - global-buffer-overflow in
mozilla::gfx::FilterSupport::ComputeSourceNeededRegions
CVE-2016-5278 (bmo#1294677) - Heap-buffer-overflow in
nsBMPEncoder::AddImageFrame
CVE-2016-5279 (bmo#1249522) - Full local path of files is available
to web pages after drag and drop
CVE-2016-5280 (bmo#1289970) - Use-after-free in
mozilla::nsTextNodeDirectionalityMap::RemoveElementFromMap
CVE-2016-5281 (bmo#1284690) - use-after-free in DOMSVGLength
CVE-2016-5282 (bmo#932335) - Don't allow content to request favicons
from non-whitelisted schemes
CVE-2016-5283 (bmo#928187) - <iframe src> fragment timing attack can
reveal cross-origin data
CVE-2016-5284 (bmo#1303127) - Add-on update site certificate pin expiration
CVE-2016-5256 - Memory safety bugs fixed in Firefox 49
CVE-2016-5257 - Memory safety bugs fixed in Firefox 49 and Firefox ESR 45.4
- removed obsolete patches:
* mozilla-aarch64-48bit-va.patch
* mozilla-exclude-nametablecpp.patch
* mozilla-old_configure-bmo1282843.patch
- added patch mozilla-skia-overflow.patch (bmo#1304114)
- requires NSS 3.25
-------------------------------------------------------------------

View File

@ -146,6 +146,7 @@ Patch10: mozilla-no-stdcxx-check.patch
Patch11: mozilla-reduce-files-per-UnifiedBindings.patch
Patch12: mozilla-gtk3_20.patch
Patch13: mozilla-check_return.patch
Patch14: mozilla-skia-overflow.patch
Patch17: mozilla-binutils-visibility.patch
# Firefox/browser
Patch101: firefox-kde.patch
@ -262,6 +263,7 @@ cd $RPM_BUILD_DIR/mozilla
%patch12 -p1
%endif
%patch13 -p1
%patch14 -p1
%patch17 -p1
# Firefox
%patch101 -p1

View File

@ -0,0 +1,32 @@
# HG changeset patch
# User Lee Salzman <lsalzman@mozilla.com>
# Date 1474489725 14400
# Wed Sep 21 16:28:45 2016 -0400
# Node ID 38a427a913b57080374b9966466b8f436ec39eb8
# Parent 4dfd3f00543d1d7adc3f0f852e6f32fbca6f3420
fix invalid Sk4f store to SkColor in SkPixmap::erase
MozReview-Commit-ID: 840x1nXgYns
diff --git a/gfx/skia/skia/src/core/SkPixmap.cpp b/gfx/skia/skia/src/core/SkPixmap.cpp
--- a/gfx/skia/skia/src/core/SkPixmap.cpp
+++ b/gfx/skia/skia/src/core/SkPixmap.cpp
@@ -221,17 +221,17 @@ bool SkPixmap::erase(const SkColor4f& or
pm = *this;
}
const SkColor4f color = origColor.pin();
if (kRGBA_F16_SkColorType != pm.colorType()) {
Sk4f c4 = Sk4f::Load(color.vec());
SkColor c;
- (c4 * Sk4f(255) + Sk4f(0.5f)).store(&c);
+ SkNx_cast<uint8_t>(c4 * Sk4f(255) + Sk4f(0.5f)).store(&c);
return pm.erase(c);
}
const uint64_t half4 = color.premul().toF16();
for (int y = 0; y < pm.height(); ++y) {
sk_memset64(pm.writable_addr64(0, y), half4, pm.width());
}
return true;