# HG changeset patch # User Wolfgang Rosenauer # Date 1440227399 -7200 # Node ID 946a110f020d426727b4ee25f1950f785a68197e # Parent e893bdc9bf06f3ddd5f2b9702dbdf7aaf12e4ea2 xulrunner 38.2.0 diff -r e893bdc9bf06 -r 946a110f020d xulrunner/create-tar.sh --- a/xulrunner/create-tar.sh Mon Aug 10 18:47:18 2015 +0200 +++ b/xulrunner/create-tar.sh Sat Aug 22 09:09:59 2015 +0200 @@ -1,9 +1,9 @@ #!/bin/bash -CHANNEL="esr31" +CHANNEL="esr38" BRANCH="releases/mozilla-$CHANNEL" -RELEASE_TAG="FIREFOX_31_8_0esr_RELEASE" -VERSION="31.8.0" +RELEASE_TAG="FIREFOX_38_2_0esr_RELEASE" +VERSION="38.2.0" # mozilla if [ -d mozilla ]; then diff -r e893bdc9bf06 -r 946a110f020d xulrunner/mozilla-arm-disable-edsp.patch --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/xulrunner/mozilla-arm-disable-edsp.patch Sat Aug 22 09:09:59 2015 +0200 @@ -0,0 +1,1 @@ +../mozilla-arm-disable-edsp.patch \ No newline at end of file diff -r e893bdc9bf06 -r 946a110f020d xulrunner/mozilla-icu-strncat.patch --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/xulrunner/mozilla-icu-strncat.patch Sat Aug 22 09:09:59 2015 +0200 @@ -0,0 +1,1 @@ +../mozilla-icu-strncat.patch \ No newline at end of file diff -r e893bdc9bf06 -r 946a110f020d xulrunner/mozilla-preferences.patch --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/xulrunner/mozilla-preferences.patch Sat Aug 22 09:09:59 2015 +0200 @@ -0,0 +1,1 @@ +../mozilla-preferences.patch \ No newline at end of file diff -r e893bdc9bf06 -r 946a110f020d xulrunner/mozilla-repo.patch --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/xulrunner/mozilla-repo.patch Sat Aug 22 09:09:59 2015 +0200 @@ -0,0 +1,1 @@ +../mozilla-repo.patch \ No newline at end of file diff -r e893bdc9bf06 -r 946a110f020d xulrunner/spellcheck.js --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/xulrunner/spellcheck.js Sat Aug 22 09:09:59 2015 +0200 @@ -0,0 +1,1 @@ +pref("spellchecker.dictionary_path", "/usr/share/myspell"); diff -r e893bdc9bf06 -r 946a110f020d xulrunner/xulrunner.changes --- a/xulrunner/xulrunner.changes Mon Aug 10 18:47:18 2015 +0200 +++ b/xulrunner/xulrunner.changes Sat Aug 22 09:09:59 2015 +0200 @@ -1,9 +1,81 @@ +------------------------------------------------------------------- +Mon Aug 10 16:40:17 UTC 2015 - wr@rosenauer.org + +- update to xulrunner 38.2.0esr (bnc#940806) + * MFSA 2015-79/CVE-2015-4473 + Miscellaneous memory safety hazards + * MFSA 2015-80/CVE-2015-4475 (bmo#1175396) + Out-of-bounds read with malformed MP3 file + * MFSA 2015-82/CVE-2015-4478 (bmo#1105914) + Redefinition of non-configurable JavaScript object properties + * MFSA 2015-83/CVE-2015-4479/CVE-2015-4480/CVE-2015-4493 + Overflow issues in libstagefright + * MFSA 2015-84/CVE-2015-4481 (bmo1171518) + Arbitrary file overwriting through Mozilla Maintenance Service + with hard links (only affected Windows) + * MFSA 2015-85/CVE-2015-4482 (bmo#1184500) + Out-of-bounds write with Updater and malicious MAR file + (does not affect openSUSE RPM packages which do not ship the + updater) + * MFSA 2015-87/CVE-2015-4484 (bmo#1171540) + Crash when using shared memory in JavaScript + * MFSA 2015-88/CVE-2015-4491 (bmo#1184009) + Heap overflow in gdk-pixbuf when scaling bitmap images + * MFSA 2015-89/CVE-2015-4485/CVE-2015-4486 (bmo#1177948, bmo#1178148) + Buffer overflows on Libvpx when decoding WebM video + * MFSA 2015-90/CVE-2015-4487/CVE-2015-4488/CVE-2015-4489 + Vulnerabilities found through code inspection + * MFSA 2015-92/CVE-2015-4492 (bmo#1185820) + Use-after-free in XMLHttpRequest with shared workers +- rebased all patches +- dropped obsolete patches: + * mozilla-sle11.patch + * mozilla-ppc.patch + * mozilla-nullptr-gcc45.patch + * mozilla-libproxy-compat.patch + * mozilla-fix-compilation-gcc5-bmo-1021171.patch + * mozilla-fix-compilation-gcc5-bmo-1153109.patch + * mozilla-aarch64-bmo-810631.patch +- added platform specific patches from Firefox package: + * mozilla-skia-be-le.patch + * mozilla-bmo1005535.patch + * mozilla-add-glibcxx_use_cxx11_abi.patch + * mozilla-arm64-libjpeg-turbo.patch + * mozilla-shared-nss-db.patch + ------------------------------------------------------------------- Sat Jun 27 15:26:00 UTC 2015 - wr@rosenauer.org - update to 31.8.0 (bnc#935979) + * MFSA 2015-59/CVE-2015-2724 + Miscellaneous memory safety hazards + * MFSA 2015-61/CVE-2015-2728 (bmo#1142210) + Type confusion in Indexed Database Manager + * MFSA 2015-64/CVE-2015-2730 (bmo#1125025) + ECDSA signature validation fails to handle some signatures correctly + (this fix is shipped by NSS 3.19.1 externally) + * MFSA 2015-65/CVE-2015-2722/CVE-2015-2733 (bmo#1166924, bmo#1169867) + Use-after-free in workers while using XMLHttpRequest + * MFSA 2015-66/CVE-2015-2734/CVE-2015-2735/CVE-2015-2736/CVE-2015-2737 + CVE-2015-2738/CVE-2015-2739/CVE-2015-2740 + Vulnerabilities found through code inspection + * MFSA 2015-69/CVE-2015-2743 (bmo#1163109) + Privilege escalation in PDF.js + * MFSA 2015-70/CVE-2015-4000 (bmo#1138554) + NSS accepts export-length DHE keys with regular DHE cipher suites + (this fix is shipped by NSS 3.19.1 externally) + * MFSA 2015-71/CVE-2015-2721 (bmo#1086145) + NSS incorrectly permits skipping of ServerKeyExchange + (this fix is shipped by NSS 3.19.1 externally) - requires NSS 3.19.2 +-------------------------------------------------------------------- +Sun Jun 21 09:39:51 UTC 2015 - antoine.belvire@laposte.net + +- Fix compilation with GCC5 (bmo#1153109, bmo#1021171) + * add mozilla-fix-compilation-gcc5-bmo-1153109.patch + * add mozilla-fix-compilation-gcc5-bmo-1021171.patch + ------------------------------------------------------------------- Wed May 6 07:49:53 UTC 2015 - wr@rosenauer.org diff -r e893bdc9bf06 -r 946a110f020d xulrunner/xulrunner.spec --- a/xulrunner/xulrunner.spec Mon Aug 10 18:47:18 2015 +0200 +++ b/xulrunner/xulrunner.spec Sat Aug 22 09:09:59 2015 +0200 @@ -17,10 +17,10 @@ # -%define version_internal 31.8.0 -%define apiversion 31 -%define uaweight 3180000 -%define releasedate 2015062600 +%define version_internal 38.2.0 +%define apiversion 38 +%define uaweight 3820000 +%define releasedate 2015080900 %define shared_js 0 %define has_system_nspr 1 %define has_system_nss 1 @@ -67,7 +67,7 @@ %else BuildRequires: wireless-tools %endif -BuildRequires: mozilla-nspr-devel >= 4.10.6 +BuildRequires: mozilla-nspr-devel >= 4.10.8 BuildRequires: mozilla-nss-devel >= 3.19.2 BuildRequires: pkgconfig(libpulse) %if %suse_version > 1210 @@ -105,23 +105,21 @@ Source8: source-stamp.txt Source9: compare-locales.tar.xz Patch1: toolkit-download-folder.patch -Patch2: mozilla-nongnome-proxies.patch -Patch3: mozilla-prefer_plugin_pref.patch -Patch4: mozilla-pkgconfig.patch +Patch2: mozilla-pkgconfig.patch +Patch3: mozilla-nongnome-proxies.patch +Patch4: mozilla-prefer_plugin_pref.patch +Patch5: mozilla-shared-nss-db.patch Patch6: mozilla-preferences.patch Patch7: mozilla-language.patch Patch8: mozilla-ntlm-full-path.patch Patch9: mozilla-repo.patch -Patch10: mozilla-sle11.patch -Patch11: mozilla-icu-strncat.patch -Patch12: mozilla-arm-disable-edsp.patch -Patch13: mozilla-ppc.patch -Patch14: mozilla-libproxy-compat.patch -Patch15: mozilla-nullptr-gcc45.patch -Patch16: mozilla-idldir.patch -# Gecko/Toolkit AArch64 Porting -Patch30: mozilla-aarch64-bmo-810631.patch - +Patch10: mozilla-icu-strncat.patch +Patch11: mozilla-arm-disable-edsp.patch +Patch12: mozilla-idldir.patch +Patch13: mozilla-skia-be-le.patch +Patch14: mozilla-bmo1005535.patch +Patch15: mozilla-add-glibcxx_use_cxx11_abi.patch +Patch16: mozilla-arm64-libjpeg-turbo.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build %if 0%{?shared_js} == 1 Requires: mozilla-js = %{version} @@ -220,20 +218,18 @@ %patch2 -p1 %patch3 -p1 %patch4 -p1 +%patch5 -p1 %patch6 -p1 %patch7 -p1 %patch8 -p1 %patch9 -p1 -%if %suse_version < 1120 %patch10 -p1 -%endif %patch11 -p1 %patch12 -p1 %patch13 -p1 %patch14 -p1 %patch15 -p1 %patch16 -p1 -%patch30 -p1 %build # no need to add build time to binaries @@ -431,6 +427,8 @@ rm -f $RPM_BUILD_ROOT%{_libdir}/xulrunner-%{version_internal}/dictionaries/en-US* rm -f $RPM_BUILD_ROOT%{_libdir}/xulrunner-%{version_internal}/nspr-config rm -f $RPM_BUILD_ROOT%{_libdir}/pkgconfig/mozilla-plugin.pc +rm -rf $RPM_BUILD_ROOT%{_libdir}/xulrunner-%{version_internal}/gmp-fake/ +rm -rf $RPM_BUILD_ROOT%{_libdir}/xulrunner-%{version_internal}/gmp-fakeopenh264/ # fdupes %fdupes $RPM_BUILD_ROOT%{_includedir}/xulrunner-%{version_internal}/ %fdupes $RPM_BUILD_ROOT%{_libdir}/xulrunner-%{version_internal}/ @@ -483,12 +481,12 @@ %{_libdir}/xulrunner-%{version_internal}/chrome/icons/ %{_libdir}/xulrunner-%{version_internal}/components/ %{_libdir}/xulrunner-%{version_internal}/*.so +%{_libdir}/xulrunner-%{version_internal}/gmp-clearkey/ %if 0%{?shared_js} == 1 %exclude %{_libdir}/xulrunner-%{version_internal}/libmozjs.so %endif %{_libdir}/xulrunner-%{version_internal}/chrome.manifest %{_libdir}/xulrunner-%{version_internal}/dependentlibs.list -%{_libdir}/xulrunner-%{version_internal}/mozilla-xremote-client %{_libdir}/xulrunner-%{version_internal}/plugin-container %{_libdir}/xulrunner-%{version_internal}/xulrunner %{_libdir}/xulrunner-%{version_internal}/xulrunner-stub