%define rname firefox
%set_verify_elf_method unresolved=strict
%define firefox_cid \{ec8030f7-c20a-464f-9b0e-13a3a9e97384\}
%define firefox_prefix %_libdir/firefox
%define firefox_datadir %_datadir/firefox
%define gst_version 1.0
%define nspr_version 4.15
%define nss_version 3.31.0
Summary: The Mozilla Firefox project is a redesign of Mozilla's browser
Summary(ru_RU.UTF-8): Интернет-браузер Mozilla Firefox
Name: firefox-esr
Version: 52.9.0
Release: alt1.E2K.8
License: MPL/GPL/LGPL
Group: Networking/WWW
URL: http://www.mozilla.org/projects/firefox/
Packager: Andrey Savchenko <bircoph@altlinux.org>
Source0: firefox-source.tar
Source1: rpm-build.tar
Source2: searchplugins.tar
Source4: firefox-mozconfig
Source6: firefox.desktop
Source7: firefox.c
Source8: firefox-prefs.js
Source10: tango.tar
# Alt general patches (000xx)
Patch00006: 00006-firefox-alt-disable-werror.patch
Patch00014: 00014-firefox-fix-install.patch
Patch00016: 00016-firefox-cross-desktop.patch
Patch00017: 00017-firefox-mediasource-crash.patch
# Upstream patches (002xx)
Patch00200: 00200-mozilla-bug-256180.patch
Patch00201: 00201-mozilla-bug-1196777.patch
Patch00202: 00202-mozilla-bug-1430274.patch
# Red Hat patches (003xx)
Patch00301: 00301-rhbz-1291190-appchooser-crash.patch
Patch00302: 00302-rhbz-966424.patch
# MCST base tango patchset: 10000 + MCST tango patch number (10xxx)
Patch10001: 10001-tango_lcc123.patch
Patch10002: 10002-diff.patch
Patch10003: 10003-180918_181012.patch
Patch10004: 10004-181012_181022.patch
Patch10005: 10005-Reserve_uses_vector_capacity.patch
Patch10006: 10006-181129.patch
Patch10007: 10007-181212.patch
Patch10008: 10008-181219.patch
Patch10009: 10009-190120.patch
Patch10010: 10010-190131.patch
Patch10011: 10011-190306.patch
Patch10012: 10012-190320.patch
Patch10013: 10013-br_registers.patch
Patch10014: 10014-190422.patch
Patch10015: 10015-190603.patch
Patch10016: 10016-190607.patch
Patch10017: 10017-190627_81c0721.patch
Patch10018: 10018-190716.patch
Patch10019: 10019-190724_19cddfbc.patch
Patch10020: 10020-0da5f40f.patch
Patch10021: 10021-ed058485.patch
Patch10022: 10022-rvm-4671-3849ab86.patch
Patch10023: 10023-rvm-4628-d27fd5e9.patch
Patch10024: 10024-bacb21ff.patch
Patch10025: 10025-rvm-4680-c060f630.patch
Patch10026: 10026-99b6d205.patch
Patch10027: 10027-b5497500.patch
Patch10028: 10028-bbd468f1.patch
Patch10029: 10029-db218cdf.patch
Patch10030: 10030-781d984b.patch
Patch10031: 10031-3d56884a.patch
Patch10032: 10032-f5d0eb02.patch
Patch10033: 10033-17432e076.patch
Patch10034: 10034-lcc121.patch
Patch10035: 10035-dd45b15e.patch
Patch10036: 10036-a103c7d2.patch
### MCST general patches: 20000 + MCST patch number
# MCST base patches (20xxx)
Patch20001: 20001-libpixman_optimizations_from-0.34.patch
Patch20002: 20002-Skia_for_e2k_base.patch
Patch20003: 20003-ycbcr_sse_e2k_optimization.patch
Patch20004: 20004-common_e2k_sse_optimizations.patch
Patch20005: 20005-bug105479.patch
Patch20006: 20006-e2k_defenition.patch
Patch20007: 20007-icu_patch_for_e2k.patch
Patch20008: 20008-double_slash_bug.patch
Patch20009: 20009-disabling_owerflow_builtins_for_lcc.patch
Patch20010: 20010-mozilla_bug998926.patch
Patch20011: 20011-bug95374.patch
Patch20012: 20012-delete_progbits_in_gnu_asm.patch
Patch20013: 20013-va_copy_for_lcc.patch
Patch20014: 20014-remove_bom_for_lcc.patch
Patch20015: 20015-c++14_only.patch
Patch20016: 20016-e2k_xptcall_implementation.patch
Patch20017: 20017-libyuv_sse_for_e2k.patch
Patch20018: 20018-atomics_for_e2k.patch
Patch20019: 20019-non_cont_initializer_for_constexpr_constructor.patch
Patch20020: 20020-bug84233.patch
Patch20021: 20021-goto_const_void_bug.patch
Patch20022: 20022-3.17_kernel_only_bug.patch
Patch20023: 20023-russian_localization.patch
Patch20025: 20025-webrtc_e2k_port.patch
# MCST/unipro tango/ion JIT patches (21xxx)
Patch21001: 21001-baseline-52.6.0.patch
Patch21002: 21002-WasmSignalHandler.patch
Patch21003: 21003-revision_709.patch
Patch21004: 21004-ion_config.patch
Patch21005: 21005-revision_710_756.patch
Patch21006: 21006-revision_757_773.patch
Patch21007: 21007-revision_774_776.patch
Patch21008: 21008-revision_777_788.patch
Patch21009: 21009-revision_789_792.patch
Patch21010: 21010-revision_795.patch
Patch21011: 21011-revision_796.patch
Patch21012: 21012-revision_797_808.patch
Patch21013: 21013-revision_809.patch
Patch21014: 21014-revision_810.patch
Patch21015: 21015-revision_812_821.patch
Patch21016: 21016-revision_822_827.patch
Patch21017: 21017-revision_828_849.patch
Patch21018: 21018-revision_850_853.patch
Patch21019: 21019-revision_854_855.patch
Patch21020: 21020-revision_856_868.patch
Patch21021: 21021-revision_869_872.patch
Patch21022: 21022-revision_873_884.patch
Patch21023: 21023-revision_885_892.patch
Patch21024: 21024-revision_893.patch
Patch21025: 21025-revision_894.patch
Patch21026: 21026-revision-895.patch
Patch21027: 21027-revision-896.patch
Patch21028: 21028-revision-897.patch
Patch21029: 21029-revision-898.patch
Patch21030: 21030-revision-899.patch
Patch21031: 21031-revision-900.patch
Patch21032: 21032-revision-901.patch
Patch21033: 21033-revision-902.patch
Patch21034: 21034-revision-903.patch
Patch21035: 21035-revision-904.patch
Patch21036: 21036-revision-905.patch
Patch21037: 21037-revision-906.patch
Patch21038: 21038-revision-907.patch
Patch21039: 21039-revision-908.patch
Patch21040: 21040-revision-909.patch
Patch21041: 21041-revision-910.patch
Patch21042: 21042-revision-911.patch
Patch21043: 21043-revision-912.patch
Patch21044: 21044-revision-913.patch
Patch21045: 21045-revision-914.patch
Patch21046: 21046-revision-915.patch
Patch21047: 21047-revision-917.patch
Patch21048: 21048-revision-918.patch
Patch21049: 21049-revision-920.patch
Patch21050: 21050-code_compacting.patch
Patch21051: 21051-revision_925_929.patch
Patch21052: 21052-revision_936.patch
Patch21053: 21053-revision_937.patch
Patch21054: 21054-revision_938_944.patch
Patch21055: 21055-revision_945_946.patch
Patch21056: 21056-revision_947_950.patch
Patch21057: 21057-revision_951_955.patch
Patch21058: 21058-sparc_support.patch
Patch21059: 21059-revision_956_993.patch
Patch21060: 21060-revision_996.patch
Patch21061: 21061-revision_997_1031.patch
Patch21062: 21062-patch.patch
Patch21063: 21063-revision_1046.patch
Patch21064: 21064-revision_1047.patch
Patch21065: 21065-revision_1048.patch
Patch21066: 21066-revision_1049-1051.patch
Patch21067: 21067-revision_1052.patch
Patch21068: 21068-revision_1053-1071.patch
Patch21069: 21069-revision_1087.patch
Patch21070: 21070-12b3e0b0.patch
Patch21071: 21071-bug4716.patch
Patch21072: 21072-bug4716-regexp.patch
# MCST version patch (22xxx)
Patch22000: 22000-version.patch
# MCST breakpad patches (23xxx)
Patch23001: 23001-breakpad_e2k_simple_implement.patch
Patch23002: 23002-breakpad_e2k_minidump.patch
# MCST patches for lcc 1.25 build fixup (24xxx)
Patch24000: 24000-lcc1.25-bug5396.patch
Patch24001: 24001-lcc1.25-bug5404.patch
# Alt e2k specific patches (30xxx)
Patch30001: 30001-python-virtualenv.patch
Patch30002: 30002-old-configure-Use-O3-instead-of-Os.patch
Patch30003: 30003-mozbuild-encoding.patch
Patch30004: 30004-js-preprocessor.patch
BuildRequires(pre): mozilla-common-devel
BuildRequires(pre): rpm-build-mozilla.org
BuildRequires(pre): browser-plugins-npapi-devel
BuildRequires: rpm-macros-alternatives
BuildRequires: doxygen gcc-c++ imake libIDL-devel makedepend glibc-kernheaders
BuildRequires: libXt-devel libX11-devel libXext-devel libXft-devel libXScrnSaver-devel
BuildRequires: libXcomposite-devel
BuildRequires: libXdamage-devel
BuildRequires: libcurl-devel libgtk+2-devel libgtk+3-devel libhunspell-devel libjpeg-devel
BuildRequires: xorg-cf-files chrpath alternatives yasm
BuildRequires: zip unzip
BuildRequires: bzlib-devel zlib-devel
BuildRequires: libcairo-devel libpixman-devel
BuildRequires: libGL-devel
BuildRequires: libwireless-devel
BuildRequires: libalsa-devel
BuildRequires: libnotify-devel
BuildRequires: libevent-devel
BuildRequires: libproxy-devel
BuildRequires: libshell
BuildRequires: libvpx-devel
BuildRequires: libgio-devel
BuildRequires: libfreetype-devel fontconfig-devel
BuildRequires: libstartup-notification-devel
BuildRequires: libffi-devel
BuildRequires: gstreamer%gst_version-devel gst-plugins%gst_version-devel
BuildRequires: libopus-devel
BuildRequires: libpulseaudio-devel
#BuildRequires: libicu-devel
BuildRequires: libdbus-devel libdbus-glib-devel
# Python requires
BuildRequires: python-module-distribute
BuildRequires: python-modules-compiler
BuildRequires: python-modules-logging
BuildRequires: python-modules-sqlite3
BuildRequires: python-modules-json
# Mozilla requires
BuildRequires: pkgconfig(nspr) >= %nspr_version
BuildRequires: pkgconfig(nss) >= %nss_version
BuildRequires: libnss-devel-static
BuildRequires: autoconf_2.13
%set_autoconf_version 2.13
Obsoletes: firefox-3.6 firefox-4.0 firefox-5.0
Conflicts: firefox-settings-desktop
Provides: webclient
Provides: firefox = %EVR
Conflicts: firefox
Requires: mozilla-common
# ALT#30732
Requires: gst-plugins-ugly%gst_version
# Require fresh nss for correct https open
Requires: libnspr >= %nspr_version
Requires: libnss >= %nss_version
%description
The Mozilla Firefox project is a redesign of Mozilla's browser
component, written using the XUL user interface language and designed to
be cross-platform.
%description -l ru_RU.UTF8
Интернет-браузер Mozilla Firefox - кроссплатформенная модификация
браузера Mozilla, созданная с использованием языка XUL для описания
интерфейса пользователя.
%package -n rpm-build-firefox
Summary: RPM helper macros to rebuild firefox packages
Group: Development/Other
BuildArch: noarch
Requires: mozilla-common-devel
Requires: rpm-build-mozilla.org
%description -n rpm-build-firefox
These helper macros provide possibility to rebuild
firefox packages by some Alt Linux Team Policy compatible way.
%prep
%setup -q -n firefox-%version -c
%ifarch %e2k
tar xf %SOURCE10
%endif
cd mozilla
tar -xf %SOURCE1
tar -xf %SOURCE2
%patch00006 -p1
%patch00014 -p1
%patch00016 -p1
%patch00017 -p2
%patch00200 -p1
%patch00201 -p1
%patch00202 -p1
%patch00301 -p1
%patch00302 -p1
%ifarch %e2k
mkdir config/external/tango
ln -s ../../../../tango config/external/tango/tango
pushd config/external/tango/tango
%patch10001 -p1
%patch10002 -p1
%patch10003 -p1
%patch10004 -p1
%patch10005 -p1
%patch10006 -p1
%patch10007 -p1
%patch10008 -p1
%patch10009 -p1
%patch10010 -p1
%patch10011 -p1
%patch10012 -p1
%patch10013 -p1
%patch10014 -p1
%patch10015 -p1
%patch10016 -p1
%patch10017 -p1
%patch10018 -p1
%patch10019 -p1
%patch10020 -p1
%patch10021 -p1
%patch10022 -p1
%patch10023 -p1
%patch10024 -p1
%patch10025 -p1
%patch10026 -p1
%patch10027 -p1
%patch10028 -p1
%patch10029 -p1
%patch10030 -p1
%patch10031 -p1
%patch10032 -p1
%patch10033 -p1
%patch10034 -p1
%patch10035 -p1
%patch10036 -p1
popd
%patch20001 -p1
%patch20002 -p1
%patch20003 -p1
%patch20004 -p1
%patch20005 -p1
%patch20006 -p1
%patch20007 -p1
%patch20008 -p1
%patch20009 -p1
%patch20010 -p1
%patch20011 -p1
%patch20012 -p1
%patch20013 -p1
%patch20014 -p1
%patch20015 -p1
%patch20016 -p1
%patch20017 -p1
%patch20018 -p1
%patch20019 -p1
%patch20020 -p1
%patch20021 -p1
%patch20022 -p1
%patch20023 -p1
%patch20025 -p1
%patch21001 -p1
%patch21002 -p1
%patch21003 -p1
%patch21004 -p1
%patch21005 -p1
%patch21006 -p1
%patch21007 -p1
%patch21008 -p1
%patch21009 -p1
%patch21010 -p1
%patch21011 -p1
%patch21012 -p1
%patch21013 -p1
%patch21014 -p1
%patch21015 -p1
%patch21016 -p1
%patch21017 -p1
%patch21018 -p1
%patch21019 -p1
%patch21020 -p1
%patch21021 -p1
%patch21022 -p1
%patch21023 -p1
%patch21024 -p1
%patch21025 -p1
%patch21026 -p1
%patch21027 -p1
%patch21028 -p1
%patch21029 -p1
%patch21030 -p1
%patch21031 -p1
%patch21032 -p1
%patch21033 -p1
%patch21034 -p1
%patch21035 -p1
%patch21036 -p1
%patch21037 -p1
%patch21038 -p1
%patch21039 -p1
%patch21040 -p1
%patch21041 -p1
%patch21042 -p1
%patch21043 -p1
%patch21044 -p1
%patch21045 -p1
%patch21046 -p1
%patch21047 -p1
%patch21048 -p1
%patch21049 -p1
%patch21050 -p1
%patch21051 -p1
%patch21052 -p1
%patch21053 -p1
%patch21054 -p1
%patch21055 -p1
%patch21056 -p1
%patch21057 -p1
%patch21058 -p1
%patch21059 -p1
%patch21060 -p1
%patch21061 -p1
%patch21062 -p1
%patch21063 -p1
%patch21064 -p1
%patch21065 -p1
%patch21066 -p1
%patch21067 -p1
%patch21068 -p1
%patch21069 -p1
%patch21070 -p1
%patch21071 -p1
%patch21072 -p1
%patch22000 -p1
%patch23001 -p1
%patch23002 -p1
%patch24000 -p1
%patch24001 -p1
%patch30001 -p2
%patch30002 -p2
%patch30003 -p2
%patch30004 -p2
# http://bugzilla.mozilla.org/show_bug.cgi?id=1371991#c14
sed -i 's, -lcrmf,,' old-configure*
sed -i '/-lcrmf/d' config/external/nss/crmf/moz.build
%endif
cp -f %SOURCE4 .mozconfig
%ifnarch %{ix86} x86_64 armh %e2k
echo "ac_add_options --disable-methodjit" >> .mozconfig
echo "ac_add_options --disable-monoic" >> .mozconfig
echo "ac_add_options --disable-polyic" >> .mozconfig
echo "ac_add_options --disable-tracejit" >> .mozconfig
%endif
%ifarch %e2k
# TODO: http://bugs.mcst.ru/bugzilla/show_bug.cgi?id=2142#c8
sed -i \
-e "s/'-Wno-shadow-compatible-local',*//" \
-e "s/'-Wno-shadow-local',*//" \
`find -name moz.build`
%endif
%build
cd mozilla
%ifarch %e2k
%add_optflags -fno-ipo-region -fforce-inline -fno-error-always-inline
%endif
%add_optflags %optflags_shared
%add_findprov_lib_path %firefox_prefix
export MOZ_BUILD_APP=browser
cat >> browser/confvars.sh <<EOF
MOZ_UPDATER=
MOZ_JAVAXPCOM=
MOZ_EXTENSIONS_DEFAULT=' gio'
MOZ_CHROME_FILE_FORMAT=jar
EOF
MOZ_OPT_FLAGS="$RPM_OPT_FLAGS"
# PIE, full relro
MOZ_OPT_FLAGS="$MOZ_OPT_FLAGS -fPIC -Wl,-z,relro -Wl,-z,now"
%ifnarch %e2k
# add -fno-delete-null-pointer-checks and -fno-inline-small-functions for gcc6
MOZ_OPT_FLAGS="$MOZ_OPT_FLAGS -fno-delete-null-pointer-checks"
MOZ_OPT_FLAGS="$MOZ_OPT_FLAGS -fno-inline-small-functions"
%endif
%ifarch armh
MOZ_OPT_FLAGS="$MOZ_OPT_FLAGS -fno-schedule-insns"
%endif
# Mozilla builds with -Wall with exception of a few warnings which show up
# everywhere in the code; so, don't override that.
#
# Disable C++ exceptions since Mozilla code is not exception-safe
#
MOZ_OPT_FLAGS=$(echo $MOZ_OPT_FLAGS | \
sed \
-e 's/-Wall//' \
-e 's/-fexceptions/-fno-exceptions/g'
)
export CFLAGS="$MOZ_OPT_FLAGS"
export CXXFLAGS="$MOZ_OPT_FLAGS"
# Add fake RPATH
rpath="/$(printf %%s '%firefox_prefix' |tr '[:print:]' '_')"
export LDFLAGS="$LDFLAGS -Wl,-rpath,$rpath"
export PREFIX="%_prefix"
export LIBDIR="%_libdir"
export LIBIDL_CONFIG=/usr/bin/libIDL-config-2
export srcdir="$PWD"
export SHELL=/bin/sh
%ifarch %e2k
sed -i 's/without-system-nspr/with-system-nspr/' .mozconfig
sed -i 's/without-system-nss/with-system-nss/' .mozconfig
echo "ac_add_options --disable-libproxy" >> .mozconfig
echo "ac_add_options --disable-updater" >> .mozconfig
echo "ac_add_options --disable-skia" >> .mozconfig
echo "ac_add_options --disable-gold" >> .mozconfig
echo "ac_add_options --disable-install-strip" >> .mozconfig
echo "ac_add_options --disable-accessibility" >> .mozconfig
%endif
%__autoconf
# On x86 architectures, Mozilla can build up to 4 jobs at once in parallel,
# however builds tend to fail on other arches when building in parallel.
MOZ_SMP_FLAGS=-j1
%ifarch %{ix86} x86_64
[ "${NPROCS:+0}" -ge 2 ] && MOZ_SMP_FLAGS=-j2
[ "${NPROCS:+0}" -ge 4 ] && MOZ_SMP_FLAGS=-j4
[ "${NPROCS:+0}" -ge 6 ] && MOZ_SMP_FLAGS=-j6
%endif
%ifarch %e2k
MOZ_SMP_FLAGS=-j%__nprocs
%endif
make -f client.mk \
MAKENSISU= \
STRIP="/bin/true" \
MOZ_MAKE_FLAGS="$MOZ_SMP_FLAGS" \
mozappdir=%buildroot/%firefox_prefix \
libdir=%_libdir \
build
%__cc %optflags \
-Wall -Wextra \
-DMOZ_PLUGIN_PATH=\"%browser_plugins_path\" \
-DMOZ_PROGRAM=\"%firefox_prefix/firefox-bin\" \
-DMOZ_DIST_BIN=\"%firefox_prefix\"\
%SOURCE7 -o firefox
%install
cd mozilla
export SHELL=/bin/sh
%__mkdir_p \
%buildroot/%mozilla_arch_extdir/%firefox_cid \
%buildroot/%mozilla_noarch_extdir/%firefox_cid \
#
make -C objdir \
DESTDIR=%buildroot \
INSTALL="/bin/install -p" \
mozappdir=%firefox_prefix \
libdir=%_libdir \
install
# install altlinux-specific configuration
install -D -m 644 %SOURCE8 %buildroot/%firefox_prefix/browser/defaults/preferences/all-altlinux.js
cat > %buildroot/%firefox_prefix/browser/defaults/preferences/firefox-l10n.js <<EOF
pref("intl.locale.matchOS", true);
pref("general.useragent.locale", "chrome://global/locale/intl.properties");
EOF
# icons
for s in 16 22 24 32 48 256; do
install -D -m 644 \
browser/branding/official/default$s.png \
%buildroot/%_iconsdir/hicolor/${s}x${s}/apps/firefox.png
done
# ALT#30572
if [ ! -e "%buildroot/%firefox_prefix/plugins" ]; then
what="$(relative %browser_plugins_path %firefox_prefix/plugins)"
ln -s -- "$what" %buildroot/%firefox_prefix/plugins
fi
# install rpm-build-firefox
mkdir -p -- \
%buildroot/%_rpmmacrosdir
sed \
-e 's,@firefox_version@,%version,' \
-e 's,@firefox_release@,%release,' \
rpm-build/rpm.macros.firefox.standalone > %buildroot/%_rpmmacrosdir/firefox
install -m755 firefox %buildroot/%_bindir/firefox
cd %buildroot
mv -f ./%firefox_prefix/application.ini ./%firefox_prefix/browser/application.ini
# install menu file
%__install -D -m 644 %SOURCE6 ./%_datadir/applications/firefox.desktop
# Add alternatives
mkdir -p ./%_altdir
printf '%_bindir/xbrowser\t%_bindir/firefox\t100\n' >./%_altdir/firefox
rm -f -- \
./%firefox_prefix/firefox \
./%firefox_prefix/removed-files
# Remove devel files
rm -rf -- \
./%_includedir/%rname \
./%_datadir/idl/%rname \
./%_libdir/%rname-devel \
#
# Add real RPATH
rpath="/$(printf %%s '%firefox_prefix' |tr '[:print:]' '_')"
find \
%buildroot/%firefox_prefix \
-type f -print0 |
(set +x
while read -r -d '' f; do
t="$(readlink -ev -- "$f")"
file -- "$t" | fgrep -qs ELF || continue
if chrpath -l "$t" | fgrep -qs "PATH=$rpath"; then
chrpath -r "%firefox_prefix" "$t"
fi
done
)
%pre
for n in defaults browserconfig.properties; do
[ ! -L "%firefox_prefix/$n" ] || rm -f "%firefox_prefix/$n"
done
%files
%_altdir/firefox
%_bindir/firefox
%firefox_prefix
%mozilla_arch_extdir/%firefox_cid
%mozilla_noarch_extdir/%firefox_cid
%_datadir/applications/firefox.desktop
%_iconsdir/hicolor/16x16/apps/firefox.png
%_iconsdir/hicolor/22x22/apps/firefox.png
%_iconsdir/hicolor/24x24/apps/firefox.png
%_iconsdir/hicolor/32x32/apps/firefox.png
%_iconsdir/hicolor/48x48/apps/firefox.png
%_iconsdir/hicolor/256x256/apps/firefox.png
%files -n rpm-build-firefox
%_rpmmacrosdir/firefox
%changelog
* Mon Nov 02 2020 Michael Shigorin <mike@altlinux.org> 52.9.0-alt1.E2K.8
- Don't force build with lcc 1.24 (mcst#5396, mcst#5404)
* Mon Oct 19 2020 Michael Shigorin <mike@altlinux.org> 52.9.0-alt1.E2K.7
- Enable libproxy
* Mon Oct 19 2020 Michael Shigorin <mike@altlinux.org> 52.9.0-alt1.E2K.6
- Update MCST patchset (sem@)
- Force build with lcc 1.24 (mcst#5396)
* Mon Sep 07 2020 Michael Shigorin <mike@altlinux.org> 52.9.0-alt1.E2K.5
- Do not link against -lcrmf lacking in current system libnss
ang generally obsolete (see also bmo#1371991)
* Fri Dec 20 2019 Andrew Savchenko <bircoph@altlinux.org> 52.9.0-alt1.E2K.4
- Update tango and firefox patchsets to the latest versions from MCST.
- Fully enable debug information.
- Save firefox rpm macro in a separate subpackage.
- Fully enable webrtc support.
* Tue May 14 2019 Andrew Savchenko <bircoph@altlinux.org> 52.9.0-alt1.E2K.3
- Reenable -g on e2k, since rpm was fixed to handle large files.
* Mon Apr 15 2019 Andrew Savchenko <bircoph@altlinux.org> 52.9.0-alt1.E2K.2
- Enable E2K optimized JIT using MCST/Unipro tango/ion.
* Thu Apr 11 2019 Andrew Savchenko <bircoph@altlinux.org> 52.9.0-alt1.E2K.1
- Apply 52.9 upstream changes. Enable webrtc.
* Tue Apr 09 2019 Andrew Savchenko <bircoph@altlinux.org> 52.9.0-alt1.E2K.0
- Build 52.9.0 for e2k in basic configuration (same as 52.8.0,
no accelerated jit).
* Fri Sep 07 2018 Mikhail Efremov <sem@altlinux.org> 52.8.0-alt1.E2K.1
- Build 52.8.0 for e2k.
* Thu Apr 05 2018 Mikhail Efremov <sem@altlinux.org> 52.7.3-alt1.e2k.1
- Build 52.7.3 for e2k.
- Don't require libnss if without_system_nss defined.
* Wed Apr 04 2018 Mikhail Efremov <sem@altlinux.org> 52.6.0-alt2.e2k.1
- Don't use -g.
- Define without system_nss.
- Hackaround for lcc.
- Use %%__nprocs on e2k.
- Disable/enable some options in mozconfig.
- Don't use -fno-inline-small-functions on e2k.
- Use lcc-spicific options.
- Don't use -Wno-shadow-*.
- Don't non-existent options.
- Don't use some libraries on e2k.
- firefox-mozconfig: Change for e2k.
- old-configure: Use -O3 instead of -Os.
- Fix preprocessor issue.
- Patches from MCST.
* Mon Mar 26 2018 Andrey Cherepanov <cas@altlinux.org> 52.7.3-alt1
- New ESR version (52.7.3)
- Fixes:
+ CVE-2018-5148 Use-after-free in compositor
* Fri Mar 16 2018 Andrey Cherepanov <cas@altlinux.org> 52.7.2-alt1
- New ESR version (52.7.2)
* Thu Mar 15 2018 Andrey Cherepanov <cas@altlinux.org> 52.7.1-alt1
- New ESR version (52.7.1)
* Wed Mar 14 2018 Andrey Cherepanov <cas@altlinux.org> 52.7.0-alt0.M80C.1
- Backport new version with security fixes to c8 branch
* Sat Mar 10 2018 Andrey Cherepanov <cas@altlinux.org> 52.7.0-alt1
- New ESR version (52.7.0).
- Fixes:
+ CVE-2018-5127 Buffer overflow manipulating SVG animatedPathSegList
+ CVE-2018-5129 Out-of-bounds write with malformed IPC messages
+ CVE-2018-5130 Mismatched RTP payload type can trigger memory corruption
+ CVE-2018-5131 Fetch API improperly returns cached copies of no-store/no-cache resources
+ CVE-2018-5144 Integer overflow during Unicode conversion
+ CVE-2018-5125 Memory safety bugs fixed in Firefox 59 and Firefox ESR 52.7
+ CVE-2018-5145 Memory safety bugs fixed in Firefox ESR 52.7
* Mon Mar 05 2018 Andrey Cherepanov <cas@altlinux.org> 52.6.0-alt2
- Enable ALSA support (ALT #34608)
* Wed Feb 07 2018 Andrey Cherepanov <cas@altlinux.org> 52.6.0-alt0.M80C.2
- Rebuild for put CVEs in spec changelog
* Wed Jan 24 2018 Andrey Cherepanov <cas@altlinux.org> 52.6.0-alt0.M80C.1
- Backport new version to c8 branch
* Mon Jan 22 2018 Andrey Cherepanov <cas@altlinux.org> 52.6.0-alt1
- New ESR version (52.6.0)
- Fixes:
+ CVE-2018-5095 Integer overflow in Skia library during edge builder allocation
+ CVE-2018-5096 Use-after-free while editing form elements
+ CVE-2018-5097 Use-after-free when source document is manipulated during XSLT
+ CVE-2018-5098 Use-after-free while manipulating form input elements
+ CVE-2018-5099 Use-after-free with widget listener
+ CVE-2018-5102 Use-after-free in HTML media elements
+ CVE-2018-5103 Use-after-free during mouse event handling
+ CVE-2018-5104 Use-after-free during font face manipulation
+ CVE-2018-5117 URL spoofing with right-to-left text aligned left-to-right
+ CVE-2018-5089 Memory safety bugs fixed in Firefox 58 and Firefox ESR 52.6
- Continue fix of Speculative execution side-channel attack ("Spectre")
* Fri Jan 12 2018 Andrey Cherepanov <cas@altlinux.org> 52.5.3-alt0.M80C.1
- Backport new version to c8 branch
* Wed Jan 10 2018 Andrey Cherepanov <cas@altlinux.org> 52.5.3-alt1
- New ESR version (52.5.3)
- Fixes:
+ Speculative execution side-channel attack ("Spectre")
* Tue Dec 19 2017 Andrey Cherepanov <cas@altlinux.org> 52.5.2-alt0.M80C.1
- Backport new version to c8 branch
* Sun Dec 10 2017 Andrey Cherepanov <cas@altlinux.org> 52.5.2-alt1
- New ESR version (52.5.2)
- Fixes:
+ CVE-2017-7843 Web worker in Private Browsing mode can write IndexedDB data
- Build with DBUS support (ALT #34302)
* Wed Nov 15 2017 Andrey Cherepanov <cas@altlinux.org> 52.5.0-alt1
- New ESR version (52.5.0)
- Fixes:
+ CVE-2017-7828 Use-after-free of PressShell while restyling layout
+ CVE-2017-7830 Cross-origin URL information leak through Resource
+ CVE-2017-7826 Memory safety bugs fixed in Firefox 57 and Firefox ESR
* Wed Oct 04 2017 Andrey Cherepanov <cas@altlinux.org> 52.4.0-alt0.M80C.1
- Backport new version to c8 branch
* Fri Sep 29 2017 Andrey Cherepanov <cas@altlinux.org> 52.4.0-alt1
- New ESR version (52.4.0)
- Fixes:
+ CVE-2017-7793 Use-after-free with Fetch API
+ CVE-2017-7818 Use-after-free during ARIA array manipulation
+ CVE-2017-7819 Use-after-free while resizing images in design mode
+ CVE-2017-7824 Buffer overflow when drawing and validating elements with ANGLE
+ CVE-2017-7805 Use-after-free in TLS 1.2 generating handshake hashes
+ CVE-2017-7814 Blob and data URLs bypass phishing and malware protection warnings
+ CVE-2017-7825 OS X fonts render some Tibetan and Arabic unicode characters as spaces
+ CVE-2017-7823 CSP sandbox directive did not create a unique origin
+ CVE-2017-7810 Memory safety bugs fixed in Firefox 56 and Firefox ESR 52.4
* Tue Sep 19 2017 Andrey Cherepanov <cas@altlinux.org> 52.3.0-alt0.M80C.1
- Backport new version to c8 branch
* Tue Aug 08 2017 Andrey Cherepanov <cas@altlinux.org> 52.3.0-alt1
- New ESR version (52.3.0)
- Security fixes:
+ CVE-2017-7798: XUL injection in the style editor in devtools
+ CVE-2017-7800: Use-after-free in WebSockets during disconnection
+ CVE-2017-7801: Use-after-free with marquee during window resizing
+ CVE-2017-7809: Use-after-free while deleting attached editor DOM node
+ CVE-2017-7784: Use-after-free with image observers
+ CVE-2017-7802: Use-after-free resizing image elements
+ CVE-2017-7785: Buffer overflow manipulating ARIA attributes in DOM
+ CVE-2017-7786: Buffer overflow while painting non-displayable SVG
+ CVE-2017-7753: Out-of-bounds read with cached style data and pseudo-elements
+ CVE-2017-7787: Same-origin policy bypass with iframes through page reloads
+ CVE-2017-7807: Domain hijacking through AppCache fallback
+ CVE-2017-7792: Buffer overflow viewing certificates with an extremely long OID
+ CVE-2017-7804: Memory protection bypass through WindowsDllDetourPatcher
+ CVE-2017-7791: Spoofing following page navigation with data: protocol and modal alerts
+ CVE-2017-7782: WindowsDllDetourPatcher allocates memory without DEP protections
+ CVE-2017-7803: CSP containing 'sandbox' improperly applied
+ CVE-2017-7779: Memory safety bugs fixed in Firefox 55 and Firefox ESR 52.3
* Tue Jul 11 2017 Andrey Cherepanov <cas@altlinux.org> 52.2.1-alt1
- New ESR version (52.2.1)
* Wed Jun 21 2017 Andrey Cherepanov <cas@altlinux.org> 52.2.0-alt1
- New ESR version (52.2.0)
- Security fixes:
+ CVE-2017-5472: Use-after-free using destroyed node when regenerating trees
+ CVE-2017-7749: Use-after-free during docshell reloading
+ CVE-2017-7750: Use-after-free with track elements
+ CVE-2017-7751: Use-after-free with content viewer listeners
+ CVE-2017-7752: Use-after-free with IME input
+ CVE-2017-7754: Out-of-bounds read in WebGL with ImageInfo object
+ CVE-2017-7755: Privilege escalation through Firefox Installer with same directory DLL files
+ CVE-2017-7756: Use-after-free and use-after-scope logging XHR header errors
+ CVE-2017-7757: Use-after-free in IndexedDB
+ CVE-2017-7778: Vulnerabilities in the Graphite 2 library
+ CVE-2017-7758: Out-of-bounds read in Opus encoder
+ CVE-2017-7760: File manipulation and privilege escalation via callback parameter in Mozilla Windows Updater and Maintenance Service
+ CVE-2017-7761: File deletion and privilege escalation through Mozilla Maintenance Service helper.exe application
+ CVE-2017-7763: Mac fonts render some unicode characters as spaces
+ CVE-2017-7764: Domain spoofing with combination of Canadian Syllabics and other unicode blocks
+ CVE-2017-7765: Mark of the Web bypass when saving executable files
+ CVE-2017-7766: File execution and privilege escalation through updater.ini, Mozilla Windows Updater, and Mozilla Maintenance Service
+ CVE-2017-7767: Privilege escalation and arbitrary file overwrites through Mozilla Windows Updater and Mozilla Maintenance Service
+ CVE-2017-7768: 32 byte arbitrary file read through Mozilla Maintenance Service
+ CVE-2017-5470: Memory safety bugs fixed in Firefox 54 and Firefox ESR 52.2
* Wed May 10 2017 Andrey Cherepanov <cas@altlinux.org> 52.1.1-alt0.M80P.1
- Backport new version to p8 branch
* Mon May 08 2017 Andrey Cherepanov <cas@altlinux.org> 52.1.1-alt1
- New ESR version (52.1.1)
- Set plugin.load_flash_only setting to false to allow use all NPAPI plugins
- Security fixes since 52.0:
+ CVE-2016-10196: Vulnerabilities in Libevent library
+ CVE-2017-5031: Use after free in ANGLE
+ CVE-2017-5428: integer overflow in createImageBitmap()
+ CVE-2017-5429: Memory safety bugs fixed in Firefox 53, Firefox ESR
+ CVE-2017-5430: Memory safety bugs fixed in Firefox 53 and Firefox ESR
+ CVE-2017-5435: Use-after-free during transaction processing in the
+ CVE-2017-5439: Use-after-free in nsTArray Length() during XSLT
+ CVE-2017-5440: Use-after-free in txExecutionState destructor during
+ CVE-2017-5444: Buffer overflow while parsing
+ CVE-2017-5446: Out-of-bounds read when HTTP/2 DATA frames are sent
+ CVE-2017-5451: Addressbar spoofing with onblur event
+ CVE-2017-5454: Sandbox escape allowing file system read access through
+ CVE-2017-5455: Sandbox escape through internal feed reader APIs
+ CVE-2017-5456: Sandbox escape allowing local file system access
+ CVE-2017-5464: Memory corruption with accessibility and DOM
+ CVE-2017-5466: Origin confusion when reloading isolated data:text/html
+ CVE-2017-5467: Memory corruption when drawing Skia content
* Mon May 08 2017 Andrey Cherepanov <cas@altlinux.org> 52.0-alt1
- New release (52.0) based on legion@ build.
- Built with internal icu.
- Fixed:
+ CVE-2017-5400: asm.js JIT-spray bypass of ASLR and DEP
+ CVE-2017-5401: Memory Corruption when handling ErrorResult
+ CVE-2017-5402: Use-after-free working with events in FontFace objects
+ CVE-2017-5403: Use-after-free using addRange to add range to an incorrect root object
+ CVE-2017-5404: Use-after-free working with ranges in selections
+ CVE-2017-5406: Segmentation fault in Skia with canvas operations
+ CVE-2017-5407: Pixel and history stealing via floating-point timing side channel with SVG filters
+ CVE-2017-5410: Memory corruption during JavaScript garbage collection incremental sweeping
+ CVE-2017-5411: Use-after-free in Buffer Storage in libGLES
+ CVE-2017-5409: File deletion via callback parameter in Mozilla Windows Updater and Maintenance Service
+ CVE-2017-5408: Cross-origin reading of video captions in violation of CORS
+ CVE-2017-5412: Buffer overflow read in SVG filters
+ CVE-2017-5413: Segmentation fault during bidirectional operations
+ CVE-2017-5414: File picker can choose incorrect default directory
+ CVE-2017-5415: Addressbar spoofing through blob URL
+ CVE-2017-5416: Null dereference crash in HttpChannel
+ CVE-2017-5417: Addressbar spoofing by draging and dropping URLs
+ CVE-2017-5425: Overly permissive Gecko Media Plugin sandbox regular expression access
+ CVE-2017-5426: Gecko Media Plugin sandbox is not started if seccomp-bpf filter is running
+ CVE-2017-5427: Non-existent chrome.manifest file loaded during startup
+ CVE-2017-5418: Out of bounds read when parsing HTTP digest authorization responses
+ CVE-2017-5419: Repeated authentication prompts lead to DOS attack
+ CVE-2017-5420: Javascript: URLs can obfuscate addressbar location
+ CVE-2017-5405: FTP response codes can cause use of uninitialized values for ports
+ CVE-2017-5421: Print preview spoofing
+ CVE-2017-5422: DOS attack by using view-source: protocol repeatedly in one hyperlink
+ CVE-2017-5399: Memory safety bugs fixed in Firefox 52
+ CVE-2017-5398: Memory safety bugs fixed in Firefox 52 and Firefox ESR 45.8
* Thu Apr 27 2017 Andrey Cherepanov <cas@altlinux.org> 45.9.0-alt0.M80P.1
- Backport new version to p8 branch
* Thu Apr 20 2017 Andrey Cherepanov <cas@altlinux.org> 45.9.0-alt1
- New ESR version
- Security fixes:
+ CVE-2017-5429: Memory safety bugs fixed in Firefox 53, Firefox ESR 45.9,
+ CVE-2017-5462: DRBG flaw in NSS
+ CVE-2017-5445: Uninitialized values used while parsing
+ CVE-2017-5469: Potential Buffer overflow in flex-generated code
+ CVE-2017-5437: Vulnerabilities in Libevent library
+ CVE-2017-5448: Out-of-bounds write in ClearKeyDecryptor
+ CVE-2017-5465: Out-of-bounds read in ConvolvePixel
+ CVE-2017-5447: Out-of-bounds read during glyph processing
+ CVE-2017-5446: Out-of-bounds read when HTTP/2 DATA frames are sent with
+ CVE-2017-5444: Buffer overflow while parsing application/http-index-format
+ CVE-2017-5443: Out-of-bounds write during BinHex decoding
+ CVE-2017-5464: Memory corruption with accessibility and DOM manipulation
+ CVE-2017-5442: Use-after-free during style changes
+ CVE-2017-5441: Use-after-free with selection during scroll events
+ CVE-2017-5440: Use-after-free in txExecutionState destructor during XSLT
+ CVE-2017-5439: Use-after-free in nsTArray Length() during XSLT processing
+ CVE-2017-5438: Use-after-free in nsAutoPtr during XSLT processing
+ CVE-2017-5460: Use-after-free in frame selection
+ CVE-2017-5432: Use-after-free in text input selection
+ CVE-2017-5434: Use-after-free during focus handling
+ CVE-2017-5459: Buffer overflow in WebGL
+ CVE-2017-5461: Out-of-bounds write in Base64 encoding in NSS
+ CVE-2017-5436: Out-of-bounds write with malicious font in Graphite 2
+ CVE-2017-5435: Use-after-free during transaction processing in the editor
+ CVE-2017-5433: Use-after-free in SMIL animation functions
* Tue Mar 07 2017 Andrey Cherepanov <cas@altlinux.org> 45.8.0-alt0.M80P.1
- Backport new version to p8 branch
* Tue Mar 07 2017 Andrey Cherepanov <cas@altlinux.org> 45.8.0-alt1
- New ESR version
- Require fresh libnss for correct https open
* Thu Jan 26 2017 Andrey Cherepanov <cas@altlinux.org> 45.7.0-alt0.M80P.1
- Backport new version to p8 branch
* Wed Jan 25 2017 Andrey Cherepanov <cas@altlinux.org> 45.7.0-alt1
- New ESR version
* Fri Jan 20 2017 Andrey Cherepanov <cas@altlinux.org> 45.6.0-alt2
- Fix build with GCC 6.1
* Sat Dec 17 2016 Andrey Cherepanov <cas@altlinux.org> 45.6.0-alt0.M80P.1
- Backport new version to p8 branch
* Fri Dec 16 2016 Andrey Cherepanov <cas@altlinux.org> 45.6.0-alt1
- New ESR version
* Fri Dec 9 2016 Ivan Zakharyaschev <imz@altlinux.org> 45.5.1-alt1.M80P.1
- Build for p8.
- Correct version in Provides: firefox.
* Tue Dec 6 2016 Ivan Zakharyaschev <imz@altlinux.org> 45.5.1-alt2
- Make it pass strict verification of unresolved ELF symbols; this will also
protect us from missing dependencies on libgtk symbols. (Thx legion@ for
the original hack, removed in 44.0.2-alt3, but found to be restorable by
ruslandh@'s work on strict unresolved symbols verification in palemoon.)
* Thu Dec 01 2016 Andrey Cherepanov <cas@altlinux.org> 45.5.1-alt0.M80P.1
- Backport new version to p8 branch
* Thu Dec 01 2016 Andrey Cherepanov <cas@altlinux.org> 45.5.1-alt1
- New ESR version
- Security fixes:
+ MFSA 2016-92 Firefox SVG Animation Remote Code Execution
* Thu Nov 17 2016 Andrey Cherepanov <cas@altlinux.org> 45.5.0-alt0.M80P.1
- Backport new version to p8 branch
* Thu Nov 17 2016 Andrey Cherepanov <cas@altlinux.org> 45.5.0-alt1
- New ESR version
* Tue Sep 20 2016 Andrey Cherepanov <cas@altlinux.org> 45.4.0-alt0.M80P.1
- Backport new version to p8 branch
* Tue Sep 20 2016 Andrey Cherepanov <cas@altlinux.org> 45.4.0-alt1
- New ESR version
* Tue Aug 02 2016 Andrey Cherepanov <cas@altlinux.org> 45.3.0-alt1
- New ESR version
- Security fixes:
+ MFSA 2016-80 Same-origin policy violation using local HTML file and saved shortcut file
+ MFSA 2016-79 Use-after-free when applying SVG effects
+ MFSA 2016-78 Type confusion in display transformation
+ MFSA 2016-77 Buffer overflow in ClearKey Content Decryption Module (CDM) during video playback
+ MFSA 2016-76 Scripts on marquee tag can execute in sandboxed iframes
+ MFSA 2016-73 Use-after-free in service workers with nested sync events
+ MFSA 2016-72 Use-after-free in DTLS during WebRTC session shutdown
+ MFSA 2016-70 Use-after-free when using alt key and toplevel menus
+ MFSA 2016-67 Stack underflow during 2D graphics rendering
+ MFSA 2016-65 Cairo rendering crash due to memory allocation issue with FFmpeg 0.10
+ MFSA 2016-64 Buffer overflow rendering SVG with bidirectional content
+ MFSA 2016-63 Favicon network connection can persist when page is closed
* Sun Jun 12 2016 Andrey Cherepanov <cas@altlinux.org> 45.2.0-alt1
- New ESR version
- Security fixes:
+ MFSA 2016-58 Entering fullscreen and persistent pointerlock without user permission
+ MFSA 2016-56 Use-after-free when textures are used in WebGL operations after recycle pool destruction
+ MFSA 2016-55 File overwrite and privilege escalation through Mozilla Windows updater
+ MFSA 2016-53 Out-of-bounds write with WebGL shader
+ MFSA 2016-52 Addressbar spoofing though the SELECT element
+ MFSA 2016-51 Use-after-free deleting tables from a contenteditable document
+ MFSA 2016-50 Buffer overflow parsing HTML5 fragments
* Tue May 24 2016 Andrey Cherepanov <cas@altlinux.org> 45.1.1-alt2
- Build with GTK+ 2.x (ALT #32120)
* Wed May 04 2016 Andrey Cherepanov <cas@altlinux.org> 45.1.1-alt1
- New ESR version
* Mon May 02 2016 Andrey Cherepanov <cas@altlinux.org> 45.1.0-alt1
- New ESR version
- Security fixes:
+ MFSA 2016-47 Write to invalid HashMap entry through JavaScript.watch()
+ MFSA 2016-44 Buffer overflow in libstagefright with CENC offsets
+ MFSA 2016-39 Miscellaneous memory safety hazards
* Fri Apr 15 2016 Andrey Cherepanov <cas@altlinux.org> 45.0.2-alt1
- New ESR version (switch to 45.x)
* Thu Mar 24 2016 Andrey Cherepanov <cas@altlinux.org> 38.7.1-alt1
- New ESR version
* Thu Mar 10 2016 Andrey Cherepanov <cas@altlinux.org> 38.7.0-alt2
- Rebuild with new rpm
* Wed Mar 09 2016 Andrey Cherepanov <cas@altlinux.org> 38.7.0-alt1
- New ESR version
- Security fixes:
+ MFSA 2016-37 Font vulnerabilities in the Graphite 2 library
+ MFSA 2016-35 Buffer overflow during ASN.1 decoding in NSS
+ MFSA 2016-34 Out-of-bounds read in HTML parser following a failed allocation
+ MFSA 2016-31 Memory corruption with malicious NPAPI plugin
+ MFSA 2016-28 Addressbar spoofing though history navigation and Location protocol property
+ MFSA 2016-27 Use-after-free during XML transformations
+ MFSA 2016-25 Use-after-free when using multiple WebRTC data channels
+ MFSA 2016-24 Use-after-free in SetBody
+ MFSA 2016-23 Use-after-free in HTML5 string parser
+ MFSA 2016-21 Displayed page address can be overridden
+ MFSA 2016-20 Memory leak in libstagefright when deleting an array during MP4 processing
+ MFSA 2016-17 Local file overwriting and potential privilege escalation through CSP reports
+ MFSA 2016-16 Miscellaneous memory safety hazards
+ MFSA 2015-136 Same-origin policy violation using performance.getEntries and history navigation
+ MFSA 2015-81 Use-after-free in MediaStream playback
* Fri Feb 12 2016 Andrey Cherepanov <cas@altlinux.org> 38.6.1-alt1
- New ESR version
- Security fixes:
+ MFSA 2016-14 Vulnerabilities in Graphite 2
* Thu Jan 28 2016 Andrey Cherepanov <cas@altlinux.org> 38.6.0-alt1
- New ESR version
- Security fixes:
+ MFSA 2016-03 Buffer overflow in WebGL after out of memory allocation
+ MFSA 2016-01 Miscellaneous memory safety hazards (rv:44.0 / rv:38.6)
+ MFSA 2015-150 MD5 signatures accepted within TLS 1.2 ServerKeyExchange in server signature
* Sat Dec 26 2015 Andrey Cherepanov <cas@altlinux.org> 38.5.2-alt1
- New ESR version
- Security fixes:
+ MFSA 2015-150 MD5 signatures accepted within TLS 1.2 ServerKeyExchange in server signature
* Tue Dec 22 2015 Andrey Cherepanov <cas@altlinux.org> 38.5.1-alt1
- New ESR version
* Wed Dec 16 2015 Andrey Cherepanov <cas@altlinux.org> 38.5.0-alt1
- New ESR version
- Security fixes:
+ MFSA 2015-149 Cross-site reading attack through data and view-source URIs
+ MFSA 2015-147 Integer underflow and buffer overflow processing MP4 metadata in libstagefright
+ MFSA 2015-146 Integer overflow in MP4 playback in 64-bit versions
+ MFSA 2015-145 Underflow through code inspection
+ MFSA 2015-139 Integer overflow allocating extremely large textures
+ MFSA 2015-138 Use-after-free in WebRTC when datachannel is used after being destroyed
* Wed Nov 04 2015 Andrey Cherepanov <cas@altlinux.org> 38.4.0-alt1
- New ESR version
- Security fixes:
+ MFSA 2015-133 NSS and NSPR memory corruption issues
+ MFSA 2015-132 Mixed content WebSocket policy bypass through workers
+ MFSA 2015-131 Vulnerabilities found through code inspection
+ MFSA 2015-130 JavaScript garbage collection crash with Java applet
+ MFSA 2015-128 Memory corruption in libjar through zip files
+ MFSA 2015-127 CORS preflight is bypassed when non-standard Content-Type headers are received
+ MFSA 2015-123 Buffer overflow during image interactions in canvas
+ MFSA 2015-122 Trailing whitespace in IP address hostnames can bypass same-origin policy
* Mon Sep 28 2015 Andrey Cherepanov <cas@altlinux.org> 38.3.0-alt2
- Use GStreamer 1.0 (ALT #31305)
* Wed Sep 23 2015 Andrey Cherepanov <cas@altlinux.org> 38.3.0-alt1
- New ESR version
- Security fixes:
+ MFSA 2015-113 Memory safety errors in libGLES in the ANGLE graphics library
+ MFSA 2015-112 Vulnerabilities found through code inspection
+ MFSA 2015-111 Errors in the handling of CORS preflight request headers
+ MFSA 2015-110 Dragging and dropping images exposes final URL after redirects
+ MFSA 2015-106 Use-after-free while manipulating HTML media content
+ MFSA 2015-105 Buffer overflow while decoding WebM video
+ MFSA 2015-101 Buffer overflow in libvpx while parsing vp9 format video
+ MFSA 2015-100 Arbitrary file manipulation by local user through Mozilla updater
* Fri Aug 28 2015 Andrey Cherepanov <cas@altlinux.org> 38.2.1-alt1
- New ESR version
- Security fixes:
+ MFSA 2015-95 Add-on notification bypass through data URLs
+ MFSA 2015-94 Use-after-free when resizing canvas element during restyling
* Wed Aug 12 2015 Andrey Cherepanov <cas@altlinux.org> 38.2.0-alt1
- New ESR version
- Security fixes:
+ MFSA 2015-92 Use-after-free in XMLHttpRequest with shared workers
+ MFSA 2015-90 Vulnerabilities found through code inspection
+ MFSA 2015-89 Buffer overflows on Libvpx when decoding WebM video
+ MFSA 2015-88 Heap overflow in gdk-pixbuf when scaling bitmap images
+ MFSA 2015-87 Crash when using shared memory in JavaScript
+ MFSA 2015-85 Out-of-bounds write with Updater and malicious MAR file
+ MFSA 2015-84 Arbitrary file overwriting through Mozilla Maintenance
Service with hard links
+ MFSA 2015-83 Overflow issues in libstagefright
+ MFSA 2015-82 Redefinition of non-configurable JavaScript object
properties
+ MFSA 2015-80 Out-of-bounds read with malformed MP3 file
* Sat Aug 08 2015 Andrey Cherepanov <cas@altlinux.org> 38.1.1-alt1
- New ESR version
- Security fixes:
+ MFSA 2015-78 Same origin violation and local file stealing via PDF reader
* Thu Jul 16 2015 Andrey Cherepanov <cas@altlinux.org> 38.1.0-alt1
- New ESR version
- Security fixes:
+ MFSA 2015-70 NSS accepts export-length DHE keys with regular DHE cipher suites
+ MFSA 2015-69 Privilege escalation through internal workers
+ MFSA 2015-67 Key pinning is ignored when overridable errors are encountered
+ MFSA 2015-66 Vulnerabilities found through code inspection
+ MFSA 2015-65 Use-after-free in workers while using XMLHttpRequest
+ MFSA 2015-64 ECDSA signature validation fails to handle some signatures correctly
+ MFSA 2015-63 Use-after-free in Content Policy due to microtask execution error
+ MFSA 2015-62 Out-of-bound read while computing an oscillator rendering range in Web Audio
+ MFSA 2015-61 Type confusion in Indexed Database Manager
+ MFSA 2015-60 Local files or privileged URLs in pages can be opened into new tabs
* Mon May 25 2015 Andrey Cherepanov <cas@altlinux.org> 38.0.1-alt1
- New ESR version
+ 2015-19 Out-of-bounds read and write while rendering SVG content
+ 2015-16 Use-after-free in IndexedDB
+ 2015-12 Invoking Mozilla updater will load locally stored DLL files
* Sun Feb 08 2015 Andrey Cherepanov <cas@altlinux.org> 31.4.0-alt1
- Package ESR version as firefox-esr
- Fixed:
+ MFSA 2015-06 Read-after-free in WebRTC
+ MFSA 2015-04 Cookie injection through Proxy Authenticate responses
+ MFSA 2015-03 sendBeacon requests lack an Origin header