--- a/MozillaFirefox/MozillaFirefox.changes Sat Dec 19 17:36:33 2015 +0100
+++ b/MozillaFirefox/MozillaFirefox.changes Tue Mar 15 11:47:14 2016 +0100
@@ -1,4 +1,59 @@
-------------------------------------------------------------------
+Tue Mar 8 06:58:55 UTC 2016 - wr@rosenauer.org
+
+- update to Firefox 38.7.0 (boo#969894)
+ * MFSA 2015-81/CVE-2015-4477 (bmo#1179484)
+ Use-after-free in MediaStream playback
+ * MFSA 2015-136/CVE-2015-7207 (bmo#1185256)
+ Same-origin policy violation using performance.getEntries and
+ history navigation
+ * MFSA 2016-16/CVE-2016-1952
+ Miscellaneous memory safety hazards
+ * MFSA 2016-17/CVE-2016-1954 (bmo#1243178)
+ Local file overwriting and potential privilege escalation through
+ CSP reports
+ * MFSA 2016-20/CVE-2016-1957 (bmo#1227052)
+ Memory leak in libstagefright when deleting an array during MP4
+ processing
+ * MFSA 2016-21/CVE-2016-1958 (bmo#1228754)
+ Displayed page address can be overridden
+ * MFSA 2016-23/CVE-2016-1960/ZDI-CAN-3545 (bmo#1246014)
+ Use-after-free in HTML5 string parser
+ * MFSA 2016-24/CVE-2016-1961/ZDI-CAN-3574 (bmo#1249377)
+ Use-after-free in SetBody
+ * MFSA 2016-25/CVE-2016-1962 (bmo#1240760)
+ Use-after-free when using multiple WebRTC data channels
+ * MFSA 2016-27/CVE-2016-1964 (bmo#1243335)
+ Use-after-free during XML transformations
+ * MFSA 2016-28/CVE-2016-1965 (bmo#1245264)
+ Addressbar spoofing though history navigation and Location protocol
+ property
+ * MFSA 2016-31/CVE-2016-1966 (bmo#1246054)
+ Memory corruption with malicious NPAPI plugin
+ * MFSA 2016-34/CVE-2016-1974 (bmo#1228103)
+ Out-of-bounds read in HTML parser following a failed allocation
+ * MFSA 2016-37/CVE-2016-1977/CVE-2016-2790/CVE-2016-2791/
+ CVE-2016-2792/CVE-2016-2793/CVE-2016-2794/CVE-2016-2795/
+ CVE-2016-2796/CVE-2016-2797/CVE-2016-2798/CVE-2016-2799/
+ CVE-2016-2800/CVE-2016-2801/CVE-2016-2802
+ Font vulnerabilities in the Graphite 2 library
+
+-------------------------------------------------------------------
+Mon Jan 25 10:29:11 UTC 2016 - wr@rosenauer.org
+
+- update to Firefox 38.6.0esr (boo#963520)
+ * MFSA 2016-01/CVE-2016-1930
+ Miscellaneous memory safety hazards
+ * MFSA 2016-03/CVE-2016-1935 (bmo#1220450)
+ Buffer overflow in WebGL after out of memory allocation
+
+-------------------------------------------------------------------
+Tue Dec 29 20:43:18 UTC 2015 - wr@rosenauer.org
+
+- update to Firefox 38.5.2
+- some spec file changes to support 11.4 again
+
+-------------------------------------------------------------------
Sat Dec 12 09:09:25 UTC 2015 - wr@rosenauer.org
- update to Firefox 38.5.0 (bnc#959277)
--- a/MozillaFirefox/MozillaFirefox.spec Sat Dec 19 17:36:33 2015 +0100
+++ b/MozillaFirefox/MozillaFirefox.spec Tue Mar 15 11:47:14 2016 +0100
@@ -2,7 +2,7 @@
# spec file for package MozillaFirefox
#
# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany.
-# 2006-2015 Wolfgang Rosenauer
+# 2006-2016 Wolfgang Rosenauer
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -19,9 +19,9 @@
# changed with every update
%define major 38
-%define mainver %major.5.0
+%define mainver %major.7.0
%define update_channel esr38
-%define releasedate 2015121000
+%define releasedate 2016030700
# general build definitions
%if "%{update_channel}" != "aurora"
@@ -75,7 +75,9 @@
BuildRequires: libiw-devel
BuildRequires: libnotify-devel
BuildRequires: libproxy-devel
+%if 0%{?suse_version} > 1140
BuildRequires: makeinfo
+%endif
BuildRequires: mozilla-nspr-devel >= 4.10.10
BuildRequires: mozilla-nss-devel >= 3.19.2.1
BuildRequires: nss-shared-helper-devel
@@ -84,6 +86,7 @@
BuildRequires: unzip
BuildRequires: update-desktop-files
BuildRequires: xorg-x11-libXt-devel
+BuildRequires: xz
BuildRequires: yasm
BuildRequires: zip
BuildRequires: pkgconfig(gstreamer-%gstreamer_ver)
--- a/MozillaFirefox/create-tar.sh Sat Dec 19 17:36:33 2015 +0100
+++ b/MozillaFirefox/create-tar.sh Tue Mar 15 11:47:14 2016 +0100
@@ -2,8 +2,8 @@
CHANNEL="esr38"
BRANCH="releases/mozilla-$CHANNEL"
-RELEASE_TAG="FIREFOX_38_5_0esr_RELEASE"
-VERSION="38.5.0"
+RELEASE_TAG="FIREFOX_38_7_0esr_RELEASE"
+VERSION="38.7.0"
# mozilla
if [ -d mozilla ]; then
--- a/MozillaFirefox/firefox-esr.changes Sat Dec 19 17:36:33 2015 +0100
+++ b/MozillaFirefox/firefox-esr.changes Tue Mar 15 11:47:14 2016 +0100
@@ -1,7 +1,78 @@
-------------------------------------------------------------------
+Tue Mar 8 06:58:55 UTC 2016 - wr@rosenauer.org
+
+- update to Firefox 38.7.0 (boo#969894)
+ * MFSA 2015-81/CVE-2015-4477 (bmo#1179484)
+ Use-after-free in MediaStream playback
+ * MFSA 2015-136/CVE-2015-7207 (bmo#1185256)
+ Same-origin policy violation using performance.getEntries and
+ history navigation
+ * MFSA 2016-16/CVE-2016-1952
+ Miscellaneous memory safety hazards
+ * MFSA 2016-17/CVE-2016-1954 (bmo#1243178)
+ Local file overwriting and potential privilege escalation through
+ CSP reports
+ * MFSA 2016-20/CVE-2016-1957 (bmo#1227052)
+ Memory leak in libstagefright when deleting an array during MP4
+ processing
+ * MFSA 2016-21/CVE-2016-1958 (bmo#1228754)
+ Displayed page address can be overridden
+ * MFSA 2016-23/CVE-2016-1960/ZDI-CAN-3545 (bmo#1246014)
+ Use-after-free in HTML5 string parser
+ * MFSA 2016-24/CVE-2016-1961/ZDI-CAN-3574 (bmo#1249377)
+ Use-after-free in SetBody
+ * MFSA 2016-25/CVE-2016-1962 (bmo#1240760)
+ Use-after-free when using multiple WebRTC data channels
+ * MFSA 2016-27/CVE-2016-1964 (bmo#1243335)
+ Use-after-free during XML transformations
+ * MFSA 2016-28/CVE-2016-1965 (bmo#1245264)
+ Addressbar spoofing though history navigation and Location protocol
+ property
+ * MFSA 2016-31/CVE-2016-1966 (bmo#1246054)
+ Memory corruption with malicious NPAPI plugin
+ * MFSA 2016-34/CVE-2016-1974 (bmo#1228103)
+ Out-of-bounds read in HTML parser following a failed allocation
+ * MFSA 2016-37/CVE-2016-1977/CVE-2016-2790/CVE-2016-2791/
+ CVE-2016-2792/CVE-2016-2793/CVE-2016-2794/CVE-2016-2795/
+ CVE-2016-2796/CVE-2016-2797/CVE-2016-2798/CVE-2016-2799/
+ CVE-2016-2800/CVE-2016-2801/CVE-2016-2802
+ Font vulnerabilities in the Graphite 2 library
+
+-------------------------------------------------------------------
+Mon Jan 25 10:29:11 UTC 2016 - wr@rosenauer.org
+
+- update to Firefox 38.6.0esr (boo#963520)
+ * MFSA 2016-01/CVE-2016-1930
+ Miscellaneous memory safety hazards
+ * MFSA 2016-03/CVE-2016-1935 (bmo#1220450)
+ Buffer overflow in WebGL after out of memory allocation
+
+-------------------------------------------------------------------
+Tue Dec 29 20:43:18 UTC 2015 - wr@rosenauer.org
+
+- update to Firefox 38.5.2
+- some spec file changes to support 11.4 again
+
+-------------------------------------------------------------------
Sat Dec 12 09:09:25 UTC 2015 - wr@rosenauer.org
-- update to Firefox 38.5.0 (bnc#)
+- update to Firefox 38.5.0 (bnc#959277)
+ * MFSA 2015-134/CVE-2015-7201
+ Miscellaneous memory safety hazards
+ * MFSA 2015-138/CVE-2015-7210 (bmo#1218326)
+ Use-after-free in WebRTC when datachannel is used after being
+ destroyed
+ * MFSA 2015-139/CVE-2015-7212 (bmo#1222809)
+ Integer overflow allocating extremely large textures
+ * MFSA 2015-145/CVE-2015-7205 (bmo#1220493)
+ Underflow through code inspection
+ * MFSA 2015-146/CVE-2015-7213 (bmo#1206211)
+ Integer overflow in MP4 playback in 64-bit versions
+ * MFSA 2015-147/CVE-2015-7222 (bmo#1216748)
+ Integer underflow and buffer overflow processing MP4 metadata in
+ libstagefright
+ * MFSA 2015-149/CVE-2015-7214 (bmo#1228950)
+ Cross-site reading attack through data and view-source URIs
-------------------------------------------------------------------
Fri Oct 30 21:31:52 UTC 2015 - wr@rosenauer.org
--- a/MozillaFirefox/firefox-esr.spec Sat Dec 19 17:36:33 2015 +0100
+++ b/MozillaFirefox/firefox-esr.spec Tue Mar 15 11:47:14 2016 +0100
@@ -1,8 +1,8 @@
#
# spec file for package firefox-esr
#
-# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany.
-# 2006-2015 Wolfgang Rosenauer
+# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany.
+# 2006-2016 Wolfgang Rosenauer
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -19,9 +19,9 @@
# changed with every update
%define major 38
-%define mainver %major.5.0
+%define mainver %major.7.0
%define update_channel esr38
-%define releasedate 2015121000
+%define releasedate 2016030700
# general build definitions
%if "%{update_channel}" != "aurora"
@@ -75,7 +75,9 @@
BuildRequires: libiw-devel
BuildRequires: libnotify-devel
BuildRequires: libproxy-devel
+%if 0%{?suse_version} > 1140
BuildRequires: makeinfo
+%endif
BuildRequires: mozilla-nspr-devel >= 4.10.10
BuildRequires: mozilla-nss-devel >= 3.19.2.1
BuildRequires: nss-shared-helper-devel
@@ -84,6 +86,7 @@
BuildRequires: unzip
BuildRequires: update-desktop-files
BuildRequires: xorg-x11-libXt-devel
+BuildRequires: xz
BuildRequires: yasm
BuildRequires: zip
BuildRequires: pkgconfig(gstreamer-%gstreamer_ver)