--- a/MozillaFirefox/MozillaFirefox.changes Tue Oct 09 13:43:09 2012 +0200
+++ b/MozillaFirefox/MozillaFirefox.changes Mon Oct 15 16:08:40 2012 +0200
@@ -1,19 +1,59 @@
-------------------------------------------------------------------
-Thu Oct 4 04:51:23 UTC 2012 - wr@rosenauer.org
-
-- update to Aurora 17 (20121003)
+Mon Oct 15 14:07:12 UTC 2012 - wr@rosenauer.org
+
+- update to Firefox 17.0b1
- use internal NSPR for now (bmo#776877)
-------------------------------------------------------------------
-Thu Sep 27 18:20:18 UTC 2012 - wr@rosenauer.org
-
-- update to Firefox 16.0b5
+Thu Oct 11 01:51:16 UTC 2012 - wr@rosenauer.org
+
+- update to Firefox 16.0.1 (bnc#783533)
+ * MFSA 2012-88/CVE-2012-4191 (bmo#798045)
+ Miscellaneous memory safety hazards
+ * MFSA 2012-89/CVE-2012-4192/CVE-2012-4193 (bmo#799952, bmo#720619)
+ defaultValue security checks not applied
+
+-------------------------------------------------------------------
+Sun Oct 7 21:40:14 UTC 2012 - wr@rosenauer.org
+
+- update to Firefox 16.0 (bnc#783533)
+ * MFSA 2012-74/CVE-2012-3982/CVE-2012-3983
+ Miscellaneous memory safety hazards
+ * MFSA 2012-75/CVE-2012-3984 (bmo#575294)
+ select element persistance allows for attacks
+ * MFSA 2012-76/CVE-2012-3985 (bmo#655649)
+ Continued access to initial origin after setting document.domain
+ * MFSA 2012-77/CVE-2012-3986 (bmo#775868)
+ Some DOMWindowUtils methods bypass security checks
+ * MFSA 2012-79/CVE-2012-3988 (bmo#725770)
+ DOS and crash with full screen and history navigation
+ * MFSA 2012-80/CVE-2012-3989 (bmo#783867)
+ Crash with invalid cast when using instanceof operator
+ * MFSA 2012-81/CVE-2012-3991 (bmo#783260)
+ GetProperty function can bypass security checks
+ * MFSA 2012-82/CVE-2012-3994 (bmo#765527)
+ top object and location property accessible by plugins
+ * MFSA 2012-83/CVE-2012-3993/CVE-2012-4184 (bmo#768101, bmo#780370)
+ Chrome Object Wrapper (COW) does not disallow acces to privileged
+ functions or properties
+ * MFSA 2012-84/CVE-2012-3992 (bmo#775009)
+ Spoofing and script injection through location.hash
+ * MFSA 2012-85/CVE-2012-3995/CVE-2012-4179/CVE-2012-4180/
+ CVE-2012-4181/CVE-2012-4182/CVE-2012-4183
+ Use-after-free, buffer overflow, and out of bounds read issues
+ found using Address Sanitizer
+ * MFSA 2012-86/CVE-2012-4185/CVE-2012-4186/CVE-2012-4187/
+ CVE-2012-4188
+ Heap memory corruption issues found using Address Sanitizer
+ * MFSA 2012-87/CVE-2012-3990 (bmo#787704)
+ Use-after-free in the IME State Manager
- requires NSPR 4.9.2
- improve GStreamer integration (bmo#760140)
- removed upstreamed mozilla-crashreporter-restart-args.patch
- webapprt now included
- use kmozillahelper's new REVEAL command (bnc#777415)
(requires mozilla-kde4-integration >= 0.6.4)
+- updated translations-other with new languages
-------------------------------------------------------------------
Mon Sep 10 19:37:56 UTC 2012 - wr@rosenauer.org
--- a/MozillaFirefox/MozillaFirefox.spec Tue Oct 09 13:43:09 2012 +0200
+++ b/MozillaFirefox/MozillaFirefox.spec Mon Oct 15 16:08:40 2012 +0200
@@ -18,8 +18,8 @@
%define major 16
-%define mainver %major.98
-%define update_channel aurora
+%define mainver %major.99
+%define update_channel beta
Name: MozillaFirefox
BuildRequires: Mesa-devel
@@ -54,7 +54,7 @@
%endif
Version: %{mainver}
Release: 0
-%define releasedate 2012100300
+%define releasedate 2012100900
Provides: firefox = %{mainver}
Provides: firefox = %{version}-%{release}
Provides: web_browser
@@ -94,10 +94,10 @@
Patch9: mozilla-repo.patch
Patch10: mozilla-sle11.patch
Patch11: mozilla-disable-neon-option.patch
-Patch13: mozilla-arm-disable-edsp.patch
-Patch15: mozilla-gstreamer.patch
-Patch16: mozilla-ppc.patch
-Patch17: mozilla-gstreamer-760140.patch
+Patch12: mozilla-arm-disable-edsp.patch
+Patch13: mozilla-gstreamer.patch
+Patch14: mozilla-ppc.patch
+Patch15: mozilla-gstreamer-760140.patch
# Firefox/browser
Patch30: firefox-browser-css.patch
Patch31: firefox-kde.patch
@@ -126,7 +126,7 @@
%define desktop_file_name %{name}
%endif
### build options
-%define branding 0
+%define branding 1
%define localize 1
%ifarch ppc ppc64 s390 s390x ia64 %arm
%define crashreporter 0
@@ -223,10 +223,10 @@
%patch10 -p1
%endif
#%patch11 -p1
+%patch12 -p1
%patch13 -p1
+%patch14 -p1
%patch15 -p1
-%patch16 -p1
-%patch17 -p1
#
%patch30 -p1
%if %suse_version >= 1110
--- a/MozillaFirefox/create-tar.sh Tue Oct 09 13:43:09 2012 +0200
+++ b/MozillaFirefox/create-tar.sh Mon Oct 15 16:08:40 2012 +0200
@@ -1,9 +1,9 @@
#!/bin/bash
-CHANNEL="aurora"
+CHANNEL="beta"
BRANCH="releases/mozilla-$CHANNEL"
-RELEASE_TAG="default"
-VERSION="16.98"
+RELEASE_TAG="FIREFOX_17_0b1_RELEASE"
+VERSION="16.99"
# mozilla
echo "cloning $BRANCH..."
--- a/firefox-kde.patch Tue Oct 09 13:43:09 2012 +0200
+++ b/firefox-kde.patch Mon Oct 15 16:08:40 2012 +0200
@@ -2,7 +2,7 @@
new file mode 100644
--- /dev/null
+++ b/browser/base/content/browser-kde.xul
-@@ -0,0 +1,1264 @@
+@@ -0,0 +1,1261 @@
+#filter substitution
+<?xml version="1.0"?>
+# -*- Mode: HTML -*-
@@ -221,7 +221,7 @@
+ </hbox>
+ </panel>
+
-+ <panel id="editSharePopup"
++ <panel id="unsharePopup"
+ type="arrow"
+ orient="vertical"
+ ignorekeys="true"
@@ -229,54 +229,54 @@
+ onpopupshown="SocialShareButton.panelShown(event);"
+ consumeoutsideclicks="true"
+ level="top">
-+ <row id="editSharePopupHeader" align="center">
++ <!-- Note that 'label', 'accesskey', 'value' and 'aria-label' attributes
++ for many of these elements are supplied by the provider and filled
++ in at runtime
++ -->
++ <row id="unsharePopupHeader" align="center">
+ <vbox align="center">
-+ <image id="socialUserPortrait" onclick="SocialUI.showProfile();"
-+ aria-label="&social.sharePopup.portrait.arialabel;"/>
++ <image id="socialUserPortrait" onclick="SocialUI.showProfile();"/>
+ </vbox>
-+ <vbox id="editSharePopupText">
-+ <button id="socialUserDisplayName"
++ <vbox id="unsharePopupText">
++ <button id="socialUserDisplayName" pack="start"
+ oncommand="SocialUI.showProfile();"/>
+ <spacer flex="1"/>
-+ <label id="socialUserRecommendedText"
-+ value="&social.sharePopup.shared.label;"/>
++ <label id="socialUserRecommendedText"/>
+ </vbox>
+ </row>
-+ <hbox id="editSharePopupBottomButtons" pack="end">
++ <hbox id="unsharePopupBottomButtons" pack="end">
+#ifdef XP_UNIX
-+ <button id="editSharePopupUndoButton"
-+ class="editSharePopupBottomButton"
-+ label="&social.sharePopup.undo.label;"
-+ accesskey="&social.sharePopup.undo.accesskey;"
++ <button id="unsharePopupStopSharingButton"
++ class="unsharePopupBottomButton"
+ command="Social:UnsharePage"/>
-+ <button id="editSharePopupOkButton"
-+ class="editSharePopupBottomButton"
++ <button id="unsharePopupContinueSharingButton"
++ class="unsharePopupBottomButton"
+ default="true"
+ autofocus="autofocus"
-+ label="&social.ok.label;"
-+ accesskey="&social.ok.accesskey;"
-+ oncommand="SocialShareButton.dismissSharePopup();"/>
++ oncommand="SocialShareButton.dismissUnsharePopup();"/>
+#else
-+ <button id="editSharePopupOkButton"
-+ class="editSharePopupBottomButton"
++ <button id="unsharePopupContinueSharingButton"
++ class="unsharePopupBottomButton"
+ default="true"
+ autofocus="autofocus"
-+ label="&social.ok.label;"
-+ accesskey="&social.ok.accesskey;"
-+ oncommand="SocialShareButton.dismissSharePopup();"/>
-+ <button id="editSharePopupUndoButton"
-+ class="editSharePopupBottomButton"
-+ label="&social.sharePopup.undo.label;"
-+ accesskey="&social.sharePopup.undo.accesskey;"
++ oncommand="SocialShareButton.dismissUnsharePopup();"/>
++ <button id="unsharePopupStopSharingButton"
++ class="unsharePopupBottomButton"
+ command="Social:UnsharePage"/>
+#endif
+ </hbox>
+ </panel>
+
-+ <panel id="social-notification-panel" type="arrow" hidden="true" noautofocus="true">
++ <panel id="social-notification-panel"
++ class="social-panel"
++ type="arrow"
++ hidden="true"
++ consumeoutsideclicks="true"
++ noautofocus="true">
+ <box id="social-notification-box" flex="1"></box>
+ </panel>
+ <panel id="social-flyout-panel"
++ class="social-panel"
+ onpopupshown="SocialFlyout.onShown()"
+ onpopuphidden="SocialFlyout.onHidden()"
+ side="right"
@@ -669,35 +669,32 @@
+ onclick="BrowserGoHome(event);"
+ aboutHomeOverrideTooltip="&abouthome.pageTitle;"/>
+
-+ <toolbaritem id="social-toolbar-button"
-+ class="toolbarbutton-1 chromeclass-toolbar-additional"
++ <toolbaritem id="social-toolbar-item"
++ class="chromeclass-toolbar-additional"
+ removable="false"
-+ pack="center"
+ title="&socialToolbar.title;"
+ hidden="true">
-+ <hbox id="social-toolbar-button-box" class="social-statusarea-container">
-+ <button id="social-provider-image" type="menu">
-+ <menupopup id="social-statusarea-popup">
-+ <hbox id="social-statusarea-user" pack="left" align="center">
-+ <image id="social-statusarea-user-portrait"/>
-+ <vbox>
-+ <label id="social-statusarea-notloggedin"
-+ value="&social.notLoggedIn.label;"/>
-+ <button id="social-statusarea-username"
-+ oncommand="SocialUI.showProfile(); document.getElementById('social-statusarea-popup').hidePopup();"/>
-+ </vbox>
-+ </hbox>
-+ <menuitem id="social-toggle-sidebar-menuitem"
-+ type="checkbox"
-+ autocheck="false"
-+ command="Social:ToggleSidebar"
-+ label="&social.toggleSidebar.label;"
-+ accesskey="&social.toggleSidebar.accesskey;"/>
-+ </menupopup>
-+ </button>
-+ <hbox id="social-status-iconbox" flex="1">
-+ </hbox>
-+ </hbox>
++ <toolbarbutton id="social-provider-button"
++ class="toolbarbutton-1"
++ type="menu">
++ <menupopup id="social-statusarea-popup">
++ <hbox id="social-statusarea-user" pack="start" align="center"
++ onclick="SocialUI.showProfile(); document.getElementById('social-statusarea-popup').hidePopup();">
++ <image id="social-statusarea-user-portrait"/>
++ <vbox>
++ <button id="social-statusarea-notloggedin"
++ class="link" label="&social.notLoggedIn.label;"/>
++ <button id="social-statusarea-username" class="link"/>
++ </vbox>
++ </hbox>
++ <menuitem id="social-toggle-sidebar-menuitem"
++ type="checkbox"
++ autocheck="false"
++ command="Social:ToggleSidebar"
++ label="&social.toggleSidebar.label;"
++ accesskey="&social.toggleSidebar.accesskey;"/>
++ </menupopup>
++ </toolbarbutton>
+ </toolbaritem>
+
+ <toolbaritem id="bookmarks-menu-button-container"
@@ -1270,12 +1267,12 @@
diff --git a/browser/base/jar.mn b/browser/base/jar.mn
--- a/browser/base/jar.mn
+++ b/browser/base/jar.mn
-@@ -35,16 +35,18 @@ browser.jar:
- content/browser/abouthome/restore-large.png (content/abouthome/restore-large.png)
+@@ -36,16 +36,18 @@ browser.jar:
content/browser/abouthome/mozilla.png (content/abouthome/mozilla.png)
content/browser/abouthome/noise.png (content/abouthome/noise.png)
content/browser/aboutRobots-icon.png (content/aboutRobots-icon.png)
content/browser/aboutRobots-widget-left.png (content/aboutRobots-widget-left.png)
+ content/browser/aboutSocialError.xhtml (content/aboutSocialError.xhtml)
* content/browser/browser.css (content/browser.css)
* content/browser/browser.js (content/browser.js)
* content/browser/browser.xul (content/browser.xul)
--- a/xulrunner/create-tar.sh Tue Oct 09 13:43:09 2012 +0200
+++ b/xulrunner/create-tar.sh Mon Oct 15 16:08:40 2012 +0200
@@ -1,9 +1,9 @@
#!/bin/bash
-CHANNEL="aurora"
+CHANNEL="beta"
BRANCH="releases/mozilla-$CHANNEL"
-RELEASE_TAG="default"
-VERSION="16.98"
+RELEASE_TAG="FIREFOX_17_0b1_RELEASE"
+VERSION="16.99"
# mozilla
echo "cloning $BRANCH..."
--- a/xulrunner/xulrunner.changes Tue Oct 09 13:43:09 2012 +0200
+++ b/xulrunner/xulrunner.changes Mon Oct 15 16:08:40 2012 +0200
@@ -1,7 +1,49 @@
-------------------------------------------------------------------
-Tue Sep 11 09:26:09 UTC 2012 - wr@rosenauer.org
+Thu Oct 11 01:50:19 UTC 2012 - wr@rosenauer.org
+
+- update to 16.0.1 (bnc#783533)
+ * MFSA 2012-88/CVE-2012-4191 (bmo#798045)
+ Miscellaneous memory safety hazards
+ * MFSA 2012-89/CVE-2012-4192/CVE-2012-4193 (bmo#799952, bmo#720619)
+ defaultValue security checks not applied
+
+-------------------------------------------------------------------
+Sun Oct 7 21:41:01 UTC 2012 - wr@rosenauer.org
-- update to 16.0b2
+- update to 16.0 (bnc#783533)
+ * MFSA 2012-74/CVE-2012-3982/CVE-2012-3983
+ Miscellaneous memory safety hazards
+ * MFSA 2012-75/CVE-2012-3984 (bmo#575294)
+ select element persistance allows for attacks
+ * MFSA 2012-76/CVE-2012-3985 (bmo#655649)
+ Continued access to initial origin after setting document.domain
+ * MFSA 2012-77/CVE-2012-3986 (bmo#775868)
+ Some DOMWindowUtils methods bypass security checks
+ * MFSA 2012-79/CVE-2012-3988 (bmo#725770)
+ DOS and crash with full screen and history navigation
+ * MFSA 2012-80/CVE-2012-3989 (bmo#783867)
+ Crash with invalid cast when using instanceof operator
+ * MFSA 2012-81/CVE-2012-3991 (bmo#783260)
+ GetProperty function can bypass security checks
+ * MFSA 2012-82/CVE-2012-3994 (bmo#765527)
+ top object and location property accessible by plugins
+ * MFSA 2012-83/CVE-2012-3993/CVE-2012-4184 (bmo#768101, bmo#780370)
+ Chrome Object Wrapper (COW) does not disallow acces to privileged
+ functions or properties
+ * MFSA 2012-84/CVE-2012-3992 (bmo#775009)
+ Spoofing and script injection through location.hash
+ * MFSA 2012-85/CVE-2012-3995/CVE-2012-4179/CVE-2012-4180/
+ CVE-2012-4181/CVE-2012-4182/CVE-2012-4183
+ Use-after-free, buffer overflow, and out of bounds read issues
+ found using Address Sanitizer
+ * MFSA 2012-86/CVE-2012-4185/CVE-2012-4186/CVE-2012-4187/
+ CVE-2012-4188
+ Heap memory corruption issues found using Address Sanitizer
+ * MFSA 2012-87/CVE-2012-3990 (bmo#787704)
+ Use-after-free in the IME State Manager
+- requires NSPR 4.9.2
+- removed upstreamed mozilla-crashreporter-restart-args.patch
+- updated translations-other with new languages
-------------------------------------------------------------------
Sun Aug 26 13:48:04 UTC 2012 - wr@rosenauer.org
--- a/xulrunner/xulrunner.spec Tue Oct 09 13:43:09 2012 +0200
+++ b/xulrunner/xulrunner.spec Mon Oct 15 16:08:40 2012 +0200
@@ -44,9 +44,9 @@
%endif
BuildRequires: mozilla-nspr-devel >= 4.9.2
BuildRequires: mozilla-nss-devel >= 3.13.6
-Version: 16.98
+Version: 16.99
Release: 0
-%define releasedate 2012091000
+%define releasedate 2012101100
%define version_internal 17.0
%define apiversion 17
%define uaweight 1700000
@@ -156,7 +156,7 @@
Summary: Extra translations for XULRunner
Group: System/Localization
Requires: %{name} = %{version}
-Provides: locale(%{name}:af;ak;as;ast;be;bg;bn_BD;bn_IN;br;bs;csb;cy;el;en_ZA;eo;es_MX;et;eu;fa;fy_NL;ga_IE;gd;gl;gu_IN;he;hi_IN;hr;hy_AM;id;is;kk;kn;ku;lg;lij;lt;lv;mai;mk;ml;mn;mr;nn_NO;nso;or;pa_IN;rm;ro;si;sk;sl;son;sq;sr;sw;ta;ta_LK;te;th;tr;uk;vi;zu)
+Provides: locale(%{name}:ach;af;ak;as;ast;be;bg;bn_BD;bn_IN;br;bs;csb;cy;el;en_ZA;eo;es_MX;et;eu;fa;ff;fy_NL;ga_IE;gd;gl;gu_IN;he;hi_IN;hr;hy_AM;id;is;kk;km;kn;ku;lg;lij;lt;lv;mai;mk;ml;mr;nn_NO;nso;or;pa_IN;rm;ro;si;sk;sl;son;sq;sr;ta;ta_LK;te;th;tr;uk;vi;zu)
Obsoletes: %{name}-translations < %{version}-%{release}
%description translations-other