# HG changeset patch # User Wolfgang Rosenauer # Date 1313131679 -7200 # Node ID 9a09a02dff6042f4007496b432881fd11a87ca3a # Parent 436c76ab5f253bd9d5ac0c60e6c2ed4e48ca0dd2 update to 1.9.2.20/3.6.20 mozilla-implicit-declarations.patch fixes gcc rpmlint issue mozilla-curl.patch removes obsolete header dependency needed diff -r 436c76ab5f25 -r 9a09a02dff60 MozillaFirefox/MozillaFirefox.changes --- a/MozillaFirefox/MozillaFirefox.changes Tue Jun 14 11:58:26 2011 +0200 +++ b/MozillaFirefox/MozillaFirefox.changes Fri Aug 12 08:47:59 2011 +0200 @@ -1,7 +1,27 @@ +------------------------------------------------------------------- +Fri Aug 5 09:37:39 UTC 2011 - wr@rosenauer.org + +- security update to 3.6.20 + ------------------------------------------------------------------- Tue Jun 14 09:54:04 UTC 2011 - wr@rosenauer.org -- security update to 3.6.18 (bnc#) +- security update to 3.6.18 (bnc#701296) + * MFSA 2011-19/CVE-2011-2374 CVE-2011-2376 CVE-2011-2364 + CVE-2011-2365 + Miscellaneous memory safety hazards + * MFSA 2011-20/CVE-2011-2373 (bmo#617247) + Use-after-free vulnerability when viewing XUL document with + script disabled + * MFSA 2011-21/CVE-2011-2377 (bmo#638018, bmo#639303) + Memory corruption due to multipart/x-mixed-replace images + * MFSA 2011-22/CVE-2011-2371 (bmo#664009) + Integer overflow and arbitrary code execution in + Array.reduceRight() + * MFSA 2011-23/CVE-2011-0083 CVE-2011-0085 CVE-2011-2363 + Multiple dangling pointer vulnerabilities + * MFSA 2011-24/CVE-2011-2362 (bmo#616264) + Cookie isolation error - speedier find-external-requires.sh ------------------------------------------------------------------- diff -r 436c76ab5f25 -r 9a09a02dff60 MozillaFirefox/MozillaFirefox.spec --- a/MozillaFirefox/MozillaFirefox.spec Tue Jun 14 11:58:26 2011 +0200 +++ b/MozillaFirefox/MozillaFirefox.spec Fri Aug 12 08:47:59 2011 +0200 @@ -24,7 +24,7 @@ Name: MozillaFirefox %define xulrunner mozilla-xulrunner192 BuildRequires: autoconf213 gcc-c++ libcurl-devel libgnomeui-devel libidl-devel libnotify-devel python unzip update-desktop-files zip -BuildRequires: %{xulrunner}-devel = 1.9.2.18 +BuildRequires: %{xulrunner}-devel = 1.9.2.20 %if %suse_version > 1020 BuildRequires: fdupes %endif @@ -34,13 +34,13 @@ BuildRequires: wireless-tools %endif License: MPLv1.1 or GPLv2+ or LGPLv2+ -Version: %mainver.18 +Version: %mainver.20 Release: 1 Provides: web_browser Provides: firefox = %{mainver} Provides: firefox = %{version}-%{release} Provides: firefox = %{version} -%define releasedate 2011061300 +%define releasedate 2011080400 Summary: Mozilla Firefox Web Browser Url: http://www.mozilla.org/ Group: Productivity/Networking/Web/Browsers diff -r 436c76ab5f25 -r 9a09a02dff60 mozilla-curl.patch --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/mozilla-curl.patch Fri Aug 12 08:47:59 2011 +0200 @@ -0,0 +1,89 @@ +# HG changeset patch +# User Evan Shaw +# Parent 2d4a2ce9f921163094c9a29c776b2a6e986febe2 +bug 673072 - remove deprecated curl header curl/types.h from Breakpad includes. r=ted + +diff --git a/config/system-headers b/config/system-headers +--- a/config/system-headers ++++ b/config/system-headers +@@ -198,17 +198,16 @@ crt_externs.h + crypt.h + cstdio + cstdlib + cstring + ctime + ctype.h + curl/curl.h + curl/easy.h +-curl/types.h + curses.h + cxxabi.h + DateTimeUtils.h + dbus/dbus.h + dbus/dbus-glib.h + dbus/dbus-glib-lowlevel.h + ddeml.h + Debug.h +diff --git a/js/src/config/system-headers b/js/src/config/system-headers +--- a/js/src/config/system-headers ++++ b/js/src/config/system-headers +@@ -198,17 +198,16 @@ crt_externs.h + crypt.h + cstdio + cstdlib + cstring + ctime + ctype.h + curl/curl.h + curl/easy.h +-curl/types.h + curses.h + cxxabi.h + DateTimeUtils.h + dbus/dbus.h + dbus/dbus-glib.h + dbus/dbus-glib-lowlevel.h + ddeml.h + Debug.h +diff --git a/toolkit/crashreporter/google-breakpad/src/common/linux/http_upload.cc b/toolkit/crashreporter/google-breakpad/src/common/linux/http_upload.cc +--- a/toolkit/crashreporter/google-breakpad/src/common/linux/http_upload.cc ++++ b/toolkit/crashreporter/google-breakpad/src/common/linux/http_upload.cc +@@ -26,17 +26,16 @@ + // THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + // (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + // OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + + #include + #include + #include + #include +-#include + + #include "common/linux/http_upload.h" + + namespace { + + // Callback to get the response data from server. + static size_t WriteCallback(void *ptr, size_t size, + size_t nmemb, void *userp) { +diff --git a/toolkit/crashreporter/google-breakpad/src/common/linux/libcurl_wrapper.cc b/toolkit/crashreporter/google-breakpad/src/common/linux/libcurl_wrapper.cc +--- a/toolkit/crashreporter/google-breakpad/src/common/linux/libcurl_wrapper.cc ++++ b/toolkit/crashreporter/google-breakpad/src/common/linux/libcurl_wrapper.cc +@@ -24,17 +24,16 @@ + // LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + // DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + // THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + // (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + // OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + + #include + #include +-#include + #include + + #include + + #include "common/linux/libcurl_wrapper.h" + #include "third_party/linux/include/glog/logging.h" + + namespace google_breakpad { diff -r 436c76ab5f25 -r 9a09a02dff60 mozilla-dump_syms-static.patch --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/mozilla-dump_syms-static.patch Fri Aug 12 08:47:59 2011 +0200 @@ -0,0 +1,20 @@ +# HG changeset patch +# Parent e589abb2c4d6aaa6083d254416211ac90360dbdd +NO-BUG: Ignore a hack which is not needed in distribution build environments. + +diff --git a/toolkit/crashreporter/google-breakpad/src/tools/linux/dump_syms/Makefile.in b/toolkit/crashreporter/google-breakpad/src/tools/linux/dump_syms/Makefile.in +--- a/toolkit/crashreporter/google-breakpad/src/tools/linux/dump_syms/Makefile.in ++++ b/toolkit/crashreporter/google-breakpad/src/tools/linux/dump_syms/Makefile.in +@@ -59,11 +59,11 @@ HOST_LIBS += \ + $(NULL) + + # force C++ linking + CPP_PROG_LINK = 1 + FORCE_USE_PIC = 1 + + #XXX: bug 554854 causes us to be unable to run binaries on the build slaves + # due to them having an older libstdc++ +-HOST_LDFLAGS += -static ++#HOST_LDFLAGS += -static + + include $(topsrcdir)/config/rules.mk diff -r 436c76ab5f25 -r 9a09a02dff60 mozilla-implicit-declarations.patch --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/mozilla-implicit-declarations.patch Fri Aug 12 08:47:59 2011 +0200 @@ -0,0 +1,23 @@ +# HG changeset patch +# Parent e3c883f8276a5fd4afab00e226cf19031d6fc5ae +diff --git a/gfx/qcms/iccread.c b/gfx/qcms/iccread.c +--- a/gfx/qcms/iccread.c ++++ b/gfx/qcms/iccread.c +@@ -18,16 +18,17 @@ + // NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE + // LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION + // OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION + // WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + + #include + #include + #include ++#include + #include "qcmsint.h" + + //XXX: use a better typename + typedef uint32_t __be32; + typedef uint16_t __be16; + + #if 0 + not used yet diff -r 436c76ab5f25 -r 9a09a02dff60 mozilla-xulrunner192/create-tar.sh --- a/mozilla-xulrunner192/create-tar.sh Tue Jun 14 11:58:26 2011 +0200 +++ b/mozilla-xulrunner192/create-tar.sh Fri Aug 12 08:47:59 2011 +0200 @@ -1,7 +1,7 @@ #!/bin/bash -RELEASE_TAG="FIREFOX_3_6_18_RELEASE" -VERSION="1.9.2.18" +RELEASE_TAG="FIREFOX_3_6_20_RELEASE" +VERSION="1.9.2.20" # mozilla hg clone http://hg.mozilla.org/releases/mozilla-1.9.2 mozilla diff -r 436c76ab5f25 -r 9a09a02dff60 mozilla-xulrunner192/mozilla-curl.patch --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/mozilla-xulrunner192/mozilla-curl.patch Fri Aug 12 08:47:59 2011 +0200 @@ -0,0 +1,1 @@ +../mozilla-curl.patch \ No newline at end of file diff -r 436c76ab5f25 -r 9a09a02dff60 mozilla-xulrunner192/mozilla-dump_syms-static.patch --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/mozilla-xulrunner192/mozilla-dump_syms-static.patch Fri Aug 12 08:47:59 2011 +0200 @@ -0,0 +1,1 @@ +../mozilla-dump_syms-static.patch \ No newline at end of file diff -r 436c76ab5f25 -r 9a09a02dff60 mozilla-xulrunner192/mozilla-implicit-declarations.patch --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/mozilla-xulrunner192/mozilla-implicit-declarations.patch Fri Aug 12 08:47:59 2011 +0200 @@ -0,0 +1,1 @@ +../mozilla-implicit-declarations.patch \ No newline at end of file diff -r 436c76ab5f25 -r 9a09a02dff60 mozilla-xulrunner192/mozilla-xulrunner192.changes --- a/mozilla-xulrunner192/mozilla-xulrunner192.changes Tue Jun 14 11:58:26 2011 +0200 +++ b/mozilla-xulrunner192/mozilla-xulrunner192.changes Fri Aug 12 08:47:59 2011 +0200 @@ -1,8 +1,33 @@ ------------------------------------------------------------------- -Tue Jun 14 09:36:29 UTC 2011 - wr@rosenauer.org +Fri Aug 5 09:35:34 UTC 2011 - wr@rosenauer.org + +- security update to 1.9.2.20 +- added mozilla-implicit-declarations.patch to fix rpmlint/gcc + checks +- added mozilla-curl.patch to remove obsolete header dependency + +------------------------------------------------------------------- +Mon Jun 20 09:32:58 UTC 2011 - wr@rosenauer.org -- security update to 1.9.2.18 (bnc#) +- security update to 1.9.2.18 (bnc#701296) + * MFSA 2011-19/CVE-2011-2374 CVE-2011-2376 CVE-2011-2364 + CVE-2011-2365 + Miscellaneous memory safety hazards + * MFSA 2011-20/CVE-2011-2373 (bmo#617247) + Use-after-free vulnerability when viewing XUL document with + script disabled + * MFSA 2011-21/CVE-2011-2377 (bmo#638018, bmo#639303) + Memory corruption due to multipart/x-mixed-replace images + * MFSA 2011-22/CVE-2011-2371 (bmo#664009) + Integer overflow and arbitrary code execution in + Array.reduceRight() + * MFSA 2011-23/CVE-2011-0083 CVE-2011-0085 CVE-2011-2363 + Multiple dangling pointer vulnerabilities + * MFSA 2011-24/CVE-2011-2362 (bmo#616264) + Cookie isolation error - speedier find-external-requires.sh +- do not build dump_syms static as it is not needed for us + -> fixes build for 12.1 and above ------------------------------------------------------------------- Wed May 11 09:44:20 UTC 2011 - cgiboudeaux@gmx.com diff -r 436c76ab5f25 -r 9a09a02dff60 mozilla-xulrunner192/mozilla-xulrunner192.spec --- a/mozilla-xulrunner192/mozilla-xulrunner192.spec Tue Jun 14 11:58:26 2011 +0200 +++ b/mozilla-xulrunner192/mozilla-xulrunner192.spec Fri Aug 12 08:47:59 2011 +0200 @@ -39,12 +39,12 @@ BuildRequires: wireless-tools %endif License: MPLv1.1 or GPLv2+ or LGPLv2+ -Version: 1.9.2.18 +Version: 1.9.2.20 Release: 1 -%define releasedate 2011061300 -%define version_internal 1.9.2.18 +%define releasedate 2011080400 +%define version_internal 1.9.2.20 %define apiversion 1.9.2 -%define uaweight 192180 +%define uaweight 192200 Summary: Mozilla Runtime Environment 1.9.2 Url: http://www.mozilla.org Group: Productivity/Other @@ -72,6 +72,7 @@ Patch3: mozilla-pkgconfig.patch Patch4: idldir.patch Patch5: mozilla-nongnome-proxies.patch +Patch6: mozilla-dump_syms-static.patch Patch7: mozilla-prefer_plugin_pref.patch Patch8: mozilla-shared-nss-db.patch Patch10: mozilla-kde.patch @@ -87,6 +88,8 @@ Patch18: mozilla-prlog.patch Patch19: mozilla-ntlm-full-path.patch Patch20: mozilla-gcc46.patch +Patch21: mozilla-implicit-declarations.patch +Patch22: mozilla-curl.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build Requires: mozilla-js192 = %{version} Requires(post): update-alternatives coreutils @@ -223,6 +226,7 @@ %patch3 -p1 %patch4 -p1 %patch5 -p1 +%patch6 -p1 %patch7 -p1 %patch8 -p1 %if %suse_version >= 1110 @@ -239,6 +243,8 @@ %patch18 -p1 %patch19 -p1 %patch20 -p1 +%patch21 -p1 +%patch22 -p1 %build %if %suse_version >= 1110 diff -r 436c76ab5f25 -r 9a09a02dff60 series --- a/series Tue Jun 14 11:58:26 2011 +0200 +++ b/series Fri Aug 12 08:47:59 2011 +0200 @@ -4,6 +4,7 @@ mozilla-pkgconfig.patch idldir.patch mozilla-nongnome-proxies.patch +mozilla-dump_syms-static.patch mozilla-prefer_plugin_pref.patch mozilla-shared-nss-db.patch mozilla-kde.patch @@ -17,6 +18,8 @@ mozilla-prlog.patch mozilla-ntlm-full-path.patch mozilla-gcc46.patch +mozilla-implicit-declarations.patch +mozilla-curl.patch # Firefox patches firefox-libxul-sdk.patch