forked from pool/MozillaFirefox
new features
* Updated Firefox Login Manager to allow HTTPS pages to use saved HTTP logins. * Added features to Reader Mode that make it easier on the eyes and the ears * Improved video performance for users on systems that support SSE3 without hardware acceleration * Added context menu controls to HTML5 audio and video that let users loops files or play files at 1.25x speed * Improvements in about:memory reports for tracking font memory usage security related * MFSA 2016-85 CVE-2016-2827 (bmo#1289085) - Out-of-bounds read in mozilla::net::IsValidReferrerPolicy CVE-2016-5270 (bmo#1291016) - Heap-buffer-overflow in nsCaseTransformTextRunFactory::TransformString CVE-2016-5271 (bmo#1288946) - Out-of-bounds read in PropertyProvider::GetSpacingInternal CVE-2016-5272 (bmo#1297934) - Bad cast in nsImageGeometryMixin CVE-2016-5273 (bmo#1280387) - crash in mozilla::a11y::HyperTextAccessible::GetChildOffset CVE-2016-5276 (bmo#1287721) - Heap-use-after-free in mozilla::a11y::DocAccessible::ProcessInvalidationList CVE-2016-5274 (bmo#1282076) - use-after-free in nsFrameManager::CaptureFrameState CVE-2016-5277 (bmo#1291665) - Heap-use-after-free in nsRefreshDriver::Tick CVE-2016-5275 (bmo#1287316) - global-buffer-overflow in mozilla::gfx::FilterSupport::ComputeSourceNeededRegions CVE-2016-5278 (bmo#1294677) - Heap-buffer-overflow in nsBMPEncoder::AddImageFrame OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=548
This commit is contained in:
parent
23d3134ccb
commit
ad9a2b532d
@ -2,10 +2,53 @@
|
||||
Tue Sep 20 07:09:52 UTC 2016 - wr@rosenauer.org
|
||||
|
||||
- update to Firefox 49.0 (boo#999701)
|
||||
new features
|
||||
* Updated Firefox Login Manager to allow HTTPS pages to use saved
|
||||
HTTP logins.
|
||||
* Added features to Reader Mode that make it easier on the eyes and
|
||||
the ears
|
||||
* Improved video performance for users on systems that support
|
||||
SSE3 without hardware acceleration
|
||||
* Added context menu controls to HTML5 audio and video that let users
|
||||
loops files or play files at 1.25x speed
|
||||
* Improvements in about:memory reports for tracking font memory usage
|
||||
security related
|
||||
* MFSA 2016-85
|
||||
CVE-2016-2827 (bmo#1289085) - Out-of-bounds read in
|
||||
mozilla::net::IsValidReferrerPolicy
|
||||
CVE-2016-5270 (bmo#1291016) - Heap-buffer-overflow in
|
||||
nsCaseTransformTextRunFactory::TransformString
|
||||
CVE-2016-5271 (bmo#1288946) - Out-of-bounds read in
|
||||
PropertyProvider::GetSpacingInternal
|
||||
CVE-2016-5272 (bmo#1297934) - Bad cast in nsImageGeometryMixin
|
||||
CVE-2016-5273 (bmo#1280387) - crash in
|
||||
mozilla::a11y::HyperTextAccessible::GetChildOffset
|
||||
CVE-2016-5276 (bmo#1287721) - Heap-use-after-free in
|
||||
mozilla::a11y::DocAccessible::ProcessInvalidationList
|
||||
CVE-2016-5274 (bmo#1282076) - use-after-free in
|
||||
nsFrameManager::CaptureFrameState
|
||||
CVE-2016-5277 (bmo#1291665) - Heap-use-after-free in nsRefreshDriver::Tick
|
||||
CVE-2016-5275 (bmo#1287316) - global-buffer-overflow in
|
||||
mozilla::gfx::FilterSupport::ComputeSourceNeededRegions
|
||||
CVE-2016-5278 (bmo#1294677) - Heap-buffer-overflow in
|
||||
nsBMPEncoder::AddImageFrame
|
||||
CVE-2016-5279 (bmo#1249522) - Full local path of files is available
|
||||
to web pages after drag and drop
|
||||
CVE-2016-5280 (bmo#1289970) - Use-after-free in
|
||||
mozilla::nsTextNodeDirectionalityMap::RemoveElementFromMap
|
||||
CVE-2016-5281 (bmo#1284690) - use-after-free in DOMSVGLength
|
||||
CVE-2016-5282 (bmo#932335) - Don't allow content to request favicons
|
||||
from non-whitelisted schemes
|
||||
CVE-2016-5283 (bmo#928187) - <iframe src> fragment timing attack can
|
||||
reveal cross-origin data
|
||||
CVE-2016-5284 (bmo#1303127) - Add-on update site certificate pin expiration
|
||||
CVE-2016-5256 - Memory safety bugs fixed in Firefox 49
|
||||
CVE-2016-5257 - Memory safety bugs fixed in Firefox 49 and Firefox ESR 45.4
|
||||
- removed obsolete patches:
|
||||
* mozilla-aarch64-48bit-va.patch
|
||||
* mozilla-exclude-nametablecpp.patch
|
||||
* mozilla-old_configure-bmo1282843.patch
|
||||
- added patch mozilla-skia-overflow.patch (bmo#1304114)
|
||||
- requires NSS 3.25
|
||||
|
||||
-------------------------------------------------------------------
|
||||
|
@ -146,6 +146,7 @@ Patch10: mozilla-no-stdcxx-check.patch
|
||||
Patch11: mozilla-reduce-files-per-UnifiedBindings.patch
|
||||
Patch12: mozilla-gtk3_20.patch
|
||||
Patch13: mozilla-check_return.patch
|
||||
Patch14: mozilla-skia-overflow.patch
|
||||
Patch17: mozilla-binutils-visibility.patch
|
||||
# Firefox/browser
|
||||
Patch101: firefox-kde.patch
|
||||
@ -262,6 +263,7 @@ cd $RPM_BUILD_DIR/mozilla
|
||||
%patch12 -p1
|
||||
%endif
|
||||
%patch13 -p1
|
||||
%patch14 -p1
|
||||
%patch17 -p1
|
||||
# Firefox
|
||||
%patch101 -p1
|
||||
|
32
mozilla-skia-overflow.patch
Normal file
32
mozilla-skia-overflow.patch
Normal file
@ -0,0 +1,32 @@
|
||||
# HG changeset patch
|
||||
# User Lee Salzman <lsalzman@mozilla.com>
|
||||
# Date 1474489725 14400
|
||||
# Wed Sep 21 16:28:45 2016 -0400
|
||||
# Node ID 38a427a913b57080374b9966466b8f436ec39eb8
|
||||
# Parent 4dfd3f00543d1d7adc3f0f852e6f32fbca6f3420
|
||||
fix invalid Sk4f store to SkColor in SkPixmap::erase
|
||||
|
||||
MozReview-Commit-ID: 840x1nXgYns
|
||||
|
||||
diff --git a/gfx/skia/skia/src/core/SkPixmap.cpp b/gfx/skia/skia/src/core/SkPixmap.cpp
|
||||
--- a/gfx/skia/skia/src/core/SkPixmap.cpp
|
||||
+++ b/gfx/skia/skia/src/core/SkPixmap.cpp
|
||||
@@ -221,17 +221,17 @@ bool SkPixmap::erase(const SkColor4f& or
|
||||
pm = *this;
|
||||
}
|
||||
|
||||
const SkColor4f color = origColor.pin();
|
||||
|
||||
if (kRGBA_F16_SkColorType != pm.colorType()) {
|
||||
Sk4f c4 = Sk4f::Load(color.vec());
|
||||
SkColor c;
|
||||
- (c4 * Sk4f(255) + Sk4f(0.5f)).store(&c);
|
||||
+ SkNx_cast<uint8_t>(c4 * Sk4f(255) + Sk4f(0.5f)).store(&c);
|
||||
return pm.erase(c);
|
||||
}
|
||||
|
||||
const uint64_t half4 = color.premul().toF16();
|
||||
for (int y = 0; y < pm.height(); ++y) {
|
||||
sk_memset64(pm.writable_addr64(0, y), half4, pm.width());
|
||||
}
|
||||
return true;
|
Loading…
Reference in New Issue
Block a user