# HG changeset patch # User Wolfgang Rosenauer # Date 1353521088 -3600 # Node ID 5a44d417c9b50bed1730ba62c1e0d104a692fb21 # Parent d28dbaf20075e98280b9b7fa9ca042b4e7bb955f prepare for Beta 18 phase diff -r d28dbaf20075 -r 5a44d417c9b5 MozillaFirefox/MozillaFirefox.changes --- a/MozillaFirefox/MozillaFirefox.changes Mon Nov 19 14:25:17 2012 +0100 +++ b/MozillaFirefox/MozillaFirefox.changes Wed Nov 21 19:04:48 2012 +0100 @@ -1,10 +1,61 @@ ------------------------------------------------------------------- -Fri Oct 26 10:59:41 UTC 2012 - wr@rosenauer.org - -- update to Aurora 18 (20121025) +Wed Nov 21 08:54:09 UTC 2012 - wr@rosenauer.org + +- update to Firefox 18.0b1 * requires NSS 3.14 -- enable system NSPR + * removed obsolete SLE11 patches (mozilla-gcc43*) - ported patches +- reenable WebRTC + +------------------------------------------------------------------- +Tue Nov 20 19:52:02 UTC 2012 - wr@rosenauer.org + +- update to Firefox 17.0 (bnc#790140) + * MFSA 2012-91/CVE-2012-5842/CVE-2012-5843 + Miscellaneous memory safety hazards + * MFSA 2012-92/CVE-2012-4202 (bmo#758200) + Buffer overflow while rendering GIF images + * MFSA 2012-93/CVE-2012-4201 (bmo#747607) + evalInSanbox location context incorrectly applied + * MFSA 2012-94/CVE-2012-5836 (bmo#792857) + Crash when combining SVG text on path with CSS + * MFSA 2012-95/CVE-2012-4203 (bmo#765628) + Javascript: URLs run in privileged context on New Tab page + * MFSA 2012-96/CVE-2012-4204 (bmo#778603) + Memory corruption in str_unescape + * MFSA 2012-97/CVE-2012-4205 (bmo#779821) + XMLHttpRequest inherits incorrect principal within sandbox + * MFSA 2012-99/CVE-2012-4208 (bmo#798264) + XrayWrappers exposes chrome-only properties when not in chrome + compartment + * MFSA 2012-100/CVE-2012-5841 (bmo#805807) + Improper security filtering for cross-origin wrappers + * MFSA 2012-101/CVE-2012-4207 (bmo#801681) + Improper character decoding in HZ-GB-2312 charset + * MFSA 2012-102/CVE-2012-5837 (bmo#800363) + Script entered into Developer Toolbar runs with chrome privileges + * MFSA 2012-103/CVE-2012-4209 (bmo#792405) + Frames can shadow top.location + * MFSA 2012-104/CVE-2012-4210 (bmo#796866) + CSS and HTML injection through Style Inspector + * MFSA 2012-105/CVE-2012-4214/CVE-2012-4215/CVE-2012-4216/ + CVE-2012-5829/CVE-2012-5839/CVE-2012-5840/CVE-2012-4212/ + CVE-2012-4213/CVE-2012-4217/CVE-2012-4218 + Use-after-free and buffer overflow issues found using Address + Sanitizer + * MFSA 2012-106/CVE-2012-5830/CVE-2012-5833/CVE-2012-5835/CVE-2012-5838 + Use-after-free, buffer overflow, and memory corruption issues + found using Address Sanitizer +- rebased patches +- disabled WebRTC since build is broken (bmo#776877) + +------------------------------------------------------------------- +Tue Nov 20 15:42:55 UTC 2012 - pcerny@suse.com + +- build on SLE11 + * mozilla-gcc43-enums.patch + * mozilla-gcc43-template_hacks.patch + * mozilla-gcc43-templates_instantiation.patch ------------------------------------------------------------------- Wed Oct 24 08:27:29 UTC 2012 - wr@rosenauer.org diff -r d28dbaf20075 -r 5a44d417c9b5 MozillaFirefox/MozillaFirefox.spec --- a/MozillaFirefox/MozillaFirefox.spec Mon Nov 19 14:25:17 2012 +0100 +++ b/MozillaFirefox/MozillaFirefox.spec Wed Nov 21 19:04:48 2012 +0100 @@ -18,8 +18,8 @@ %define major 17 -%define mainver %major.98 -%define update_channel aurora +%define mainver %major.99 +%define update_channel beta Name: MozillaFirefox BuildRequires: Mesa-devel @@ -54,7 +54,7 @@ %endif Version: %{mainver} Release: 0 -%define releasedate 2012102500 +%define releasedate 2012112100 Provides: firefox = %{mainver} Provides: firefox = %{version}-%{release} Provides: web_browser @@ -131,7 +131,7 @@ %define desktop_file_name %{name} %endif ### build options -%define branding 0 +%define branding 1 %define localize 1 %ifarch ppc ppc64 s390 s390x ia64 %arm %define crashreporter 0 @@ -159,7 +159,7 @@ %if %localize %package translations-common -Summary: Common translations for MozillaFirefox +Summary: Common translations for Firefox Group: System/Localization Provides: locale(%{name}:ar;ca;cs;da;de;en_GB;es_AR;es_CL;es_ES;fi;fr;hu;it;ja;ko;nb_NO;nl;pl;pt_BR;pt_PT;ru;sv_SE;zh_CN;zh_TW) Requires: %{name} = %{version} @@ -167,10 +167,10 @@ %description translations-common This package contains several common languages for the user interface -of MozillaFirefox. +of Firefox. %package translations-other -Summary: Extra translations for MozillaFirefox +Summary: Extra translations for Firefox Group: System/Localization Provides: locale(%{name}:ach;af;ak;as;ast;be;bg;bn_BD;bn_IN;br;bs;csb;cy;el;en_ZA;eo;es_MX;et;eu;fa;ff;fy_NL;ga_IE;gd;gl;gu_IN;he;hi_IN;hr;hy_AM;id;is;kk;km;kn;ku;lg;lij;lt;lv;mai;mk;ml;mr;nn_NO;nso;or;pa_IN;rm;ro;si;sk;sl;son;sq;sr;ta;ta_LK;te;th;tr;uk;vi;zu) Requires: %{name} = %{version} @@ -178,11 +178,11 @@ %description translations-other This package contains rarely used languages for the user interface -of MozillaFirefox. +of Firefox. %endif %package branding-upstream -Summary: Upstream branding for MozillaFirefox +Summary: Upstream branding for Firefox Group: Productivity/Networking/Web/Browsers Provides: %{name}-branding = 5.0 Conflicts: otherproviders(%{name}-branding) @@ -198,7 +198,7 @@ #BRAND: It's also possible to drop files in /usr/lib/firefox/searchplugins %description branding-upstream -This package provides upstream look and feel for MozillaFirefox. +This package provides upstream look and feel for Firefox. %if %crashreporter diff -r d28dbaf20075 -r 5a44d417c9b5 MozillaFirefox/create-tar.sh --- a/MozillaFirefox/create-tar.sh Mon Nov 19 14:25:17 2012 +0100 +++ b/MozillaFirefox/create-tar.sh Wed Nov 21 19:04:48 2012 +0100 @@ -1,9 +1,9 @@ #!/bin/bash -CHANNEL="aurora" +CHANNEL="beta" BRANCH="releases/mozilla-$CHANNEL" RELEASE_TAG="default" -VERSION="17.98" +VERSION="17.99" # mozilla echo "cloning $BRANCH..." diff -r d28dbaf20075 -r 5a44d417c9b5 mozilla-pkgconfig.patch --- a/mozilla-pkgconfig.patch Mon Nov 19 14:25:17 2012 +0100 +++ b/mozilla-pkgconfig.patch Wed Nov 21 19:04:48 2012 +0100 @@ -14,7 +14,7 @@ # Add pkg-config files to the install:: target +# the apilibdir always ends with 1.9 as every patch update will provide a link -+apilibdir = $(dir $(installdir))xulrunner-17 ++apilibdir = $(dir $(installdir))xulrunner-18 + pkg_config_files = \ libxul.pc \ diff -r d28dbaf20075 -r 5a44d417c9b5 mozilla-shared-nss-db.patch --- a/mozilla-shared-nss-db.patch Mon Nov 19 14:25:17 2012 +0100 +++ b/mozilla-shared-nss-db.patch Wed Nov 21 19:04:48 2012 +0100 @@ -7,7 +7,7 @@ diff --git a/configure.in b/configure.in --- a/configure.in +++ b/configure.in -@@ -8089,16 +8089,31 @@ AC_SUBST(QCMS_LIBS) +@@ -8099,16 +8099,31 @@ AC_SUBST(QCMS_LIBS) dnl ======================================================== dnl HarfBuzz @@ -42,20 +42,18 @@ diff --git a/security/manager/ssl/src/Makefile.in b/security/manager/ssl/src/Makefile.in --- a/security/manager/ssl/src/Makefile.in +++ b/security/manager/ssl/src/Makefile.in -@@ -91,12 +91,14 @@ DEFINES += \ +@@ -90,10 +90,13 @@ DEFINES += \ + -DDLL_SUFFIX=\"$(DLL_SUFFIX)\" \ + $(NULL) EXPORTS += \ nsNSSShutDown.h \ ScopedNSSTypes.h \ $(NULL) - # Use local includes because they are inserted before INCLUDES - # so that Mozilla's nss.h is used, not glibc's --LOCAL_INCLUDES += $(NSS_CFLAGS) -+LOCAL_INCLUDES += $(NSS_CFLAGS) $(NSSHELPER_CFLAGS) ++LOCAL_INCLUDES += $(NSSHELPER_CFLAGS) ++EXTRA_DSO_LDOPTS += $(NSSHELPER_LIBS) + -+EXTRA_DSO_LDOPTS += $(NSSHELPER_LIBS) - include $(topsrcdir)/config/rules.mk diff --git a/security/manager/ssl/src/nsNSSComponent.cpp b/security/manager/ssl/src/nsNSSComponent.cpp diff -r d28dbaf20075 -r 5a44d417c9b5 xulrunner/create-tar.sh --- a/xulrunner/create-tar.sh Mon Nov 19 14:25:17 2012 +0100 +++ b/xulrunner/create-tar.sh Wed Nov 21 19:04:48 2012 +0100 @@ -1,9 +1,9 @@ #!/bin/bash -CHANNEL="aurora" +CHANNEL="beta" BRANCH="releases/mozilla-$CHANNEL" -RELEASE_TAG="default" -VERSION="16.98" +RELEASE_TAG="FIREFOX_18_0b1_RELEASE" +VERSION="17.99" # mozilla echo "cloning $BRANCH..." diff -r d28dbaf20075 -r 5a44d417c9b5 xulrunner/xulrunner.changes --- a/xulrunner/xulrunner.changes Mon Nov 19 14:25:17 2012 +0100 +++ b/xulrunner/xulrunner.changes Wed Nov 21 19:04:48 2012 +0100 @@ -1,7 +1,99 @@ ------------------------------------------------------------------- -Tue Sep 11 09:26:09 UTC 2012 - wr@rosenauer.org +Tue Nov 20 20:15:23 UTC 2012 - wr@rosenauer.org + +- update to 17.0 (bnc#790140) + * MFSA 2012-91/CVE-2012-5842/CVE-2012-5843 + Miscellaneous memory safety hazards + * MFSA 2012-92/CVE-2012-4202 (bmo#758200) + Buffer overflow while rendering GIF images + * MFSA 2012-93/CVE-2012-4201 (bmo#747607) + evalInSanbox location context incorrectly applied + * MFSA 2012-94/CVE-2012-5836 (bmo#792857) + Crash when combining SVG text on path with CSS + * MFSA 2012-95/CVE-2012-4203 (bmo#765628) + Javascript: URLs run in privileged context on New Tab page + * MFSA 2012-96/CVE-2012-4204 (bmo#778603) + Memory corruption in str_unescape + * MFSA 2012-97/CVE-2012-4205 (bmo#779821) + XMLHttpRequest inherits incorrect principal within sandbox + * MFSA 2012-99/CVE-2012-4208 (bmo#798264) + XrayWrappers exposes chrome-only properties when not in chrome + compartment + * MFSA 2012-100/CVE-2012-5841 (bmo#805807) + Improper security filtering for cross-origin wrappers + * MFSA 2012-101/CVE-2012-4207 (bmo#801681) + Improper character decoding in HZ-GB-2312 charset + * MFSA 2012-102/CVE-2012-5837 (bmo#800363) + Script entered into Developer Toolbar runs with chrome privileges + * MFSA 2012-103/CVE-2012-4209 (bmo#792405) + Frames can shadow top.location + * MFSA 2012-104/CVE-2012-4210 (bmo#796866) + CSS and HTML injection through Style Inspector + * MFSA 2012-105/CVE-2012-4214/CVE-2012-4215/CVE-2012-4216/ + CVE-2012-5829/CVE-2012-5839/CVE-2012-5840/CVE-2012-4212/ + CVE-2012-4213/CVE-2012-4217/CVE-2012-4218 + Use-after-free and buffer overflow issues found using Address + Sanitizer + * MFSA 2012-106/CVE-2012-5830/CVE-2012-5833/CVE-2012-5835/CVE-2012-5838 + Use-after-free, buffer overflow, and memory corruption issues + found using Address Sanitizer +- rebased patches +- disabled WebRTC since build is broken (bmo#776877) + +------------------------------------------------------------------- +Wed Oct 24 08:28:49 UTC 2012 - wr@rosenauer.org -- update to 16.0b2 +- update to 16.0.2 (bnc#786522) + * MFSA 2012-90/CVE-2012-4194/CVE-2012-4195/CVE-2012-4196 + (bmo#800666, bmo#793121, bmo#802557) + Fixes for Location object issues + +------------------------------------------------------------------- +Thu Oct 11 01:50:19 UTC 2012 - wr@rosenauer.org + +- update to 16.0.1 (bnc#783533) + * MFSA 2012-88/CVE-2012-4191 (bmo#798045) + Miscellaneous memory safety hazards + * MFSA 2012-89/CVE-2012-4192/CVE-2012-4193 (bmo#799952, bmo#720619) + defaultValue security checks not applied + +------------------------------------------------------------------- +Sun Oct 7 21:41:01 UTC 2012 - wr@rosenauer.org + +- update to 16.0 (bnc#783533) + * MFSA 2012-74/CVE-2012-3982/CVE-2012-3983 + Miscellaneous memory safety hazards + * MFSA 2012-75/CVE-2012-3984 (bmo#575294) + select element persistance allows for attacks + * MFSA 2012-76/CVE-2012-3985 (bmo#655649) + Continued access to initial origin after setting document.domain + * MFSA 2012-77/CVE-2012-3986 (bmo#775868) + Some DOMWindowUtils methods bypass security checks + * MFSA 2012-79/CVE-2012-3988 (bmo#725770) + DOS and crash with full screen and history navigation + * MFSA 2012-80/CVE-2012-3989 (bmo#783867) + Crash with invalid cast when using instanceof operator + * MFSA 2012-81/CVE-2012-3991 (bmo#783260) + GetProperty function can bypass security checks + * MFSA 2012-82/CVE-2012-3994 (bmo#765527) + top object and location property accessible by plugins + * MFSA 2012-83/CVE-2012-3993/CVE-2012-4184 (bmo#768101, bmo#780370) + Chrome Object Wrapper (COW) does not disallow acces to privileged + functions or properties + * MFSA 2012-84/CVE-2012-3992 (bmo#775009) + Spoofing and script injection through location.hash + * MFSA 2012-85/CVE-2012-3995/CVE-2012-4179/CVE-2012-4180/ + CVE-2012-4181/CVE-2012-4182/CVE-2012-4183 + Use-after-free, buffer overflow, and out of bounds read issues + found using Address Sanitizer + * MFSA 2012-86/CVE-2012-4185/CVE-2012-4186/CVE-2012-4187/ + CVE-2012-4188 + Heap memory corruption issues found using Address Sanitizer + * MFSA 2012-87/CVE-2012-3990 (bmo#787704) + Use-after-free in the IME State Manager +- requires NSPR 4.9.2 +- removed upstreamed mozilla-crashreporter-restart-args.patch +- updated translations-other with new languages ------------------------------------------------------------------- Sun Aug 26 13:48:04 UTC 2012 - wr@rosenauer.org diff -r d28dbaf20075 -r 5a44d417c9b5 xulrunner/xulrunner.spec --- a/xulrunner/xulrunner.spec Mon Nov 19 14:25:17 2012 +0100 +++ b/xulrunner/xulrunner.spec Wed Nov 21 19:04:48 2012 +0100 @@ -43,13 +43,13 @@ BuildRequires: wireless-tools %endif BuildRequires: mozilla-nspr-devel >= 4.9.2 -BuildRequires: mozilla-nss-devel >= 3.13.6 -Version: 16.98 +BuildRequires: mozilla-nss-devel >= 3.14 +Version: 18.0 Release: 0 -%define releasedate 2012091000 -%define version_internal 17.0 -%define apiversion 17 -%define uaweight 1700000 +%define releasedate 2012112100 +%define version_internal 18.0 +%define apiversion 18 +%define uaweight 1800000 Summary: Mozilla Runtime Environment License: MPL-2.0 Group: Productivity/Other @@ -156,7 +156,7 @@ Summary: Extra translations for XULRunner Group: System/Localization Requires: %{name} = %{version} -Provides: locale(%{name}:af;ak;as;ast;be;bg;bn_BD;bn_IN;br;bs;csb;cy;el;en_ZA;eo;es_MX;et;eu;fa;fy_NL;ga_IE;gd;gl;gu_IN;he;hi_IN;hr;hy_AM;id;is;kk;kn;ku;lg;lij;lt;lv;mai;mk;ml;mn;mr;nn_NO;nso;or;pa_IN;rm;ro;si;sk;sl;son;sq;sr;sw;ta;ta_LK;te;th;tr;uk;vi;zu) +Provides: locale(%{name}:ach;af;ak;as;ast;be;bg;bn_BD;bn_IN;br;bs;csb;cy;el;en_ZA;eo;es_MX;et;eu;fa;ff;fy_NL;ga_IE;gd;gl;gu_IN;he;hi_IN;hr;hy_AM;id;is;kk;km;kn;ku;lg;lij;lt;lv;mai;mk;ml;mr;nn_NO;nso;or;pa_IN;rm;ro;si;sk;sl;son;sq;sr;ta;ta_LK;te;th;tr;uk;vi;zu) Obsoletes: %{name}-translations < %{version}-%{release} %description translations-other @@ -243,6 +243,7 @@ ac_add_options --enable-system-hunspell ac_add_options --enable-startup-notification ac_add_options --enable-shared-js +ac_add_options --disable-webrtc # does not build with system NSPR #ac_add_options --enable-debug EOF %if %suse_version > 1130 @@ -313,6 +314,8 @@ -type f -perm -111 -exec chmod a-x {} \; find $RPM_BUILD_ROOT%{_libdir}/xulrunner-%{version_internal}/ \ -name "*.js" -o -name "*.xpm" -o -name "*.png" | xargs chmod a-x +# remove mkdir.done files from installed base +find $RPM_BUILD_ROOT%{_libdir}/xulrunner-%{version_internal} -name ".mkdir.done" | xargs rm mkdir -p $RPM_BUILD_ROOT%{_libdir}/xulrunner-%{version_internal}/extensions # fixing SDK dynamic libs (symlink instead of copy) rm $RPM_BUILD_ROOT%{_libdir}/xulrunner-devel-%{version_internal}/sdk/lib/*.so