--- a/MozillaFirefox/create-tar.sh Mon Jun 24 12:09:20 2013 +0200
+++ b/MozillaFirefox/create-tar.sh Sat Sep 14 21:02:47 2013 +0200
@@ -2,8 +2,8 @@
CHANNEL="esr17"
BRANCH="releases/mozilla-$CHANNEL"
-RELEASE_TAG="FIREFOX_17_0_7esr_RELEASE"
-VERSION="17.0.7"
+RELEASE_TAG="FIREFOX_17_0_9esr_RELEASE"
+VERSION="17.0.9"
# mozilla
echo "cloning $BRANCH..."
--- a/MozillaFirefox/firefox-esr.changes Mon Jun 24 12:09:20 2013 +0200
+++ b/MozillaFirefox/firefox-esr.changes Sat Sep 14 21:02:47 2013 +0200
@@ -1,7 +1,47 @@
-------------------------------------------------------------------
+Wed Sep 11 18:43:15 UTC 2013 - wr@rosenauer.org
+
+- update to Firefox 17.0.9esr (bnc#)
+
+-------------------------------------------------------------------
+Fri Aug 2 09:58:06 UTC 2013 - wr@rosenauer.org
+
+- update to Firefox 17.0.8esr (bnc#833389)
+ * MFSA 2013-63/CVE-2013-1701
+ Miscellaneous memory safety hazards
+ * MFSA 2013-68/CVE-2013-1709 (bmo#838253)
+ Document URI misrepresentation and masquerading
+ * MFSA 2013-69/CVE-2013-1710 (bmo#871368)
+ CRMF requests allow for code execution and XSS attacks
+ * MFSA 2013-72/CVE-2013-1713 (bmo#887098)
+ Wrong principal used for validating URI for some Javascript
+ components
+ * MFSA 2013-73/CVE-2013-1714 (bmo#879787)
+ Same-origin bypass with web workers and XMLHttpRequest
+ * MFSA 2013-75/CVE-2013-1717 (bmo#406541, bmo#738397)
+ Local Java applets may read contents of local file system
+
+-------------------------------------------------------------------
Wed Jun 19 21:05:21 UTC 2013 - wr@rosenauer.org
-- update to Firefox 17.0.7esr (bnc#)
+- update to Firefox 17.0.7esr (bnc#825935)
+ * MFSA 2013-49/CVE-2013-1682
+ Miscellaneous memory safety hazards
+ * MFSA 2013-50/CVE-2013-1684/CVE-2013-1685/CVE-2013-1686
+ Memory corruption found using Address Sanitizer
+ * MFSA 2013-51/CVE-2013-1687 (bmo#863933, bmo#866823)
+ Privileged content access and execution via XBL
+ * MFSA 2013-53/CVE-2013-1690 (bmo#857883)
+ Execution of unmapped memory through onreadystatechange event
+ * MFSA 2013-54/CVE-2013-1692 (bmo#866915)
+ Data in the body of XHR HEAD requests leads to CSRF attacks
+ * MFSA 2013-55/CVE-2013-1693 (bmo#711043)
+ SVG filters can lead to information disclosure
+ * MFSA 2013-56/CVE-2013-1694 (bmo#848535)
+ PreserveWrapper has inconsistent behavior
+ * MFSA 2013-59/CVE-2013-1697 (bmo#858101)
+ XrayWrappers can be bypassed to run user defined methods in a
+ privileged context
-------------------------------------------------------------------
Fri May 10 11:44:50 UTC 2013 - wr@rosenauer.org
--- a/MozillaFirefox/firefox-esr.spec Mon Jun 24 12:09:20 2013 +0200
+++ b/MozillaFirefox/firefox-esr.spec Sat Sep 14 21:02:47 2013 +0200
@@ -18,7 +18,7 @@
%define major 17
-%define mainver %major.0.7
+%define mainver %major.0.9
%define update_channel release
Name: firefox-esr
@@ -54,7 +54,7 @@
%endif
Version: %{mainver}
Release: 0
-%define releasedate 2013061900
+%define releasedate 2013091000
Provides: firefox-esr = %{mainver}
Provides: web_browser
Provides: browser(npapi)
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/ppc-xpcshell.patch Sat Sep 14 21:02:47 2013 +0200
@@ -0,0 +1,71 @@
+Index: mozilla/js/src/gc/Heap.h
+===================================================================
+--- mozilla.orig/js/src/gc/Heap.h
++++ mozilla/js/src/gc/Heap.h
+@@ -110,19 +110,22 @@ struct Cell
+ */
+ #if defined(SOLARIS) && (defined(__sparc) || defined(__sparcv9))
+ const size_t PageShift = 13;
++const size_t ArenaShift = PageShift;
++#elif defined(__powerpc__)
++const size_t PageShift = 16;
++const size_t ArenaShift = 12;
+ #else
+ const size_t PageShift = 12;
++const size_t ArenaShift = PageShift;
+ #endif
+ const size_t PageSize = size_t(1) << PageShift;
++const size_t ArenaSize = size_t(1) << ArenaShift;
++const size_t ArenaMask = ArenaSize - 1;
+
+ const size_t ChunkShift = 20;
+ const size_t ChunkSize = size_t(1) << ChunkShift;
+ const size_t ChunkMask = ChunkSize - 1;
+
+-const size_t ArenaShift = PageShift;
+-const size_t ArenaSize = PageSize;
+-const size_t ArenaMask = ArenaSize - 1;
+-
+ /*
+ * This is the maximum number of arenas we allow in the FreeCommitted state
+ * before we trigger a GC_SHRINK to release free arenas to the OS.
+Index: mozilla/js/src/gc/Memory.cpp
+===================================================================
+--- mozilla.orig/js/src/gc/Memory.cpp
++++ mozilla/js/src/gc/Memory.cpp
+@@ -15,6 +15,15 @@
+ namespace js {
+ namespace gc {
+
++/* Unused memory decommiting requires the arena size match the page size. */
++extern const size_t PageSize;
++extern const size_t ArenaSize;
++static bool
++DecommitEnabled()
++{
++ return PageSize == ArenaSize;
++}
++
+ #if defined(XP_WIN)
+ #include "jswin.h"
+ #include <psapi.h>
+@@ -83,6 +92,9 @@ UnmapPages(void *p, size_t size)
+ bool
+ MarkPagesUnused(void *p, size_t size)
+ {
++ if (!DecommitEnabled())
++ return false;
++
+ JS_ASSERT(uintptr_t(p) % PageSize == 0);
+ LPVOID p2 = VirtualAlloc(p, size, MEM_RESET, PAGE_READWRITE);
+ return p2 == p;
+@@ -352,6 +364,9 @@ UnmapPages(void *p, size_t size)
+ bool
+ MarkPagesUnused(void *p, size_t size)
+ {
++ if (!DecommitEnabled())
++ return false;
++
+ JS_ASSERT(uintptr_t(p) % PageSize == 0);
+ int result = madvise(p, size, MADV_DONTNEED);
+ return result != -1;
--- a/series Mon Jun 24 12:09:20 2013 +0200
+++ b/series Sat Sep 14 21:02:47 2013 +0200
@@ -22,6 +22,7 @@
mozilla-gcc43-enums.patch
mozilla-gcc43-template_hacks.patch
mozilla-gcc43-templates_instantiation.patch
+ppc-xpcshell.patch
#mozilla-disable-neon-option.patch
# Firefox patches
--- a/xulrunner/create-tar.sh Mon Jun 24 12:09:20 2013 +0200
+++ b/xulrunner/create-tar.sh Sat Sep 14 21:02:47 2013 +0200
@@ -2,8 +2,8 @@
CHANNEL="esr17"
BRANCH="releases/mozilla-$CHANNEL"
-RELEASE_TAG="FIREFOX_17_0_7esr_RELEASE"
-VERSION="17.0.7"
+RELEASE_TAG="FIREFOX_17_0_9esr_RELEASE"
+VERSION="17.0.9"
# mozilla
echo "cloning $BRANCH..."
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/xulrunner/ppc-xpcshell.patch Sat Sep 14 21:02:47 2013 +0200
@@ -0,0 +1,1 @@
+../ppc-xpcshell.patch
\ No newline at end of file
--- a/xulrunner/xulrunner-esr.changes Mon Jun 24 12:09:20 2013 +0200
+++ b/xulrunner/xulrunner-esr.changes Sat Sep 14 21:02:47 2013 +0200
@@ -1,7 +1,52 @@
-------------------------------------------------------------------
-Fri Jun 21 05:49:37 UTC 2013 - wr@rosenauer.org
+Thu Sep 12 10:07:45 UTC 2013 - wr@rosenauer.org
+
+- update to 17.0.9esr (bnc#)
+
+-------------------------------------------------------------------
+Fri Aug 2 11:51:23 UTC 2013 - wr@rosenauer.org
+
+- update to 17.0.8esr (bnc#833389)
+ * MFSA 2013-63/CVE-2013-1701
+ Miscellaneous memory safety hazards
+ * MFSA 2013-68/CVE-2013-1709 (bmo#838253)
+ Document URI misrepresentation and masquerading
+ * MFSA 2013-69/CVE-2013-1710 (bmo#871368)
+ CRMF requests allow for code execution and XSS attacks
+ * MFSA 2013-72/CVE-2013-1713 (bmo#887098)
+ Wrong principal used for validating URI for some Javascript
+ components
+ * MFSA 2013-73/CVE-2013-1714 (bmo#879787)
+ Same-origin bypass with web workers and XMLHttpRequest
+ * MFSA 2013-75/CVE-2013-1717 (bmo#406541, bmo#738397)
+ Local Java applets may read contents of local file system
+
+-------------------------------------------------------------------
+Mon Jun 24 15:26:27 UTC 2013 - wr@rosenauer.org
- update to 17.0.7esr (bnc#825935)
+ * MFSA 2013-49/CVE-2013-1682
+ Miscellaneous memory safety hazards
+ * MFSA 2013-50/CVE-2013-1684/CVE-2013-1685/CVE-2013-1686
+ Memory corruption found using Address Sanitizer
+ * MFSA 2013-51/CVE-2013-1687 (bmo#863933, bmo#866823)
+ Privileged content access and execution via XBL
+ * MFSA 2013-53/CVE-2013-1690 (bmo#857883)
+ Execution of unmapped memory through onreadystatechange event
+ * MFSA 2013-54/CVE-2013-1692 (bmo#866915)
+ Data in the body of XHR HEAD requests leads to CSRF attacks
+ * MFSA 2013-55/CVE-2013-1693 (bmo#711043)
+ SVG filters can lead to information disclosure
+ * MFSA 2013-56/CVE-2013-1694 (bmo#848535)
+ PreserveWrapper has inconsistent behavior
+ * MFSA 2013-59/CVE-2013-1697 (bmo#858101)
+ XrayWrappers can be bypassed to run user defined methods in a
+ privileged context
+
+-------------------------------------------------------------------
+Tue Jun 4 16:24:51 UTC 2013 - dvaleev@suse.com
+
+- Fix build on powerpc (ppc-xpcshell.patch)
-------------------------------------------------------------------
Fri May 10 17:27:58 UTC 2013 - wr@rosenauer.org
--- a/xulrunner/xulrunner-esr.spec Mon Jun 24 12:09:20 2013 +0200
+++ b/xulrunner/xulrunner-esr.spec Sat Sep 14 21:02:47 2013 +0200
@@ -44,12 +44,12 @@
%endif
BuildRequires: mozilla-nspr-devel >= 4.9.5
BuildRequires: mozilla-nss-devel >= 3.14.3
-Version: 17.0.7
+Version: 17.0.9
Release: 0
-%define releasedate 2013062000
-%define version_internal 17.0.7
+%define releasedate 2013091000
+%define version_internal 17.0.9
%define apiversion 17
-%define uaweight 1700007
+%define uaweight 1700009
Summary: Mozilla Runtime Environment
License: MPL-2.0
Group: Productivity/Other
@@ -83,6 +83,7 @@
Patch20: mozilla-gcc43-enums.patch
Patch21: mozilla-gcc43-template_hacks.patch
Patch22: mozilla-gcc43-templates_instantiation.patch
+Patch23: ppc-xpcshell.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
Requires: mozilla-js = %{version}
Requires(post): update-alternatives coreutils
@@ -203,6 +204,7 @@
%patch21 -p1
%patch22 -p1
%endif
+%patch23 -p1
%build
# no need to add build time to binaries
--- a/xulrunner/xulrunner.changes Mon Jun 24 12:09:20 2013 +0200
+++ b/xulrunner/xulrunner.changes Sat Sep 14 21:02:47 2013 +0200
@@ -1,7 +1,52 @@
-------------------------------------------------------------------
-Fri Jun 21 05:49:58 UTC 2013 - wr@rosenauer.org
+Thu Sep 12 10:06:08 UTC 2013 - wr@rosenauer.org
+
+- update to 17.0.9esr (bnc#)
+
+-------------------------------------------------------------------
+Fri Aug 2 10:56:43 UTC 2013 - wr@rosenauer.org
+
+- update to 17.0.8esr (bnc#833389)
+ * MFSA 2013-63/CVE-2013-1701
+ Miscellaneous memory safety hazards
+ * MFSA 2013-68/CVE-2013-1709 (bmo#838253)
+ Document URI misrepresentation and masquerading
+ * MFSA 2013-69/CVE-2013-1710 (bmo#871368)
+ CRMF requests allow for code execution and XSS attacks
+ * MFSA 2013-72/CVE-2013-1713 (bmo#887098)
+ Wrong principal used for validating URI for some Javascript
+ components
+ * MFSA 2013-73/CVE-2013-1714 (bmo#879787)
+ Same-origin bypass with web workers and XMLHttpRequest
+ * MFSA 2013-75/CVE-2013-1717 (bmo#406541, bmo#738397)
+ Local Java applets may read contents of local file system
+
+-------------------------------------------------------------------
+Mon Jun 24 15:26:27 UTC 2013 - wr@rosenauer.org
- update to 17.0.7esr (bnc#825935)
+ * MFSA 2013-49/CVE-2013-1682
+ Miscellaneous memory safety hazards
+ * MFSA 2013-50/CVE-2013-1684/CVE-2013-1685/CVE-2013-1686
+ Memory corruption found using Address Sanitizer
+ * MFSA 2013-51/CVE-2013-1687 (bmo#863933, bmo#866823)
+ Privileged content access and execution via XBL
+ * MFSA 2013-53/CVE-2013-1690 (bmo#857883)
+ Execution of unmapped memory through onreadystatechange event
+ * MFSA 2013-54/CVE-2013-1692 (bmo#866915)
+ Data in the body of XHR HEAD requests leads to CSRF attacks
+ * MFSA 2013-55/CVE-2013-1693 (bmo#711043)
+ SVG filters can lead to information disclosure
+ * MFSA 2013-56/CVE-2013-1694 (bmo#848535)
+ PreserveWrapper has inconsistent behavior
+ * MFSA 2013-59/CVE-2013-1697 (bmo#858101)
+ XrayWrappers can be bypassed to run user defined methods in a
+ privileged context
+
+-------------------------------------------------------------------
+Tue Jun 4 16:24:51 UTC 2013 - dvaleev@suse.com
+
+- Fix build on powerpc (ppc-xpcshell.patch)
-------------------------------------------------------------------
Fri May 10 17:27:23 UTC 2013 - wr@rosenauer.org
--- a/xulrunner/xulrunner.spec Mon Jun 24 12:09:20 2013 +0200
+++ b/xulrunner/xulrunner.spec Sat Sep 14 21:02:47 2013 +0200
@@ -44,12 +44,12 @@
%endif
BuildRequires: mozilla-nspr-devel >= 4.9.5
BuildRequires: mozilla-nss-devel >= 3.14.3
-Version: 17.0.7
+Version: 17.0.9
Release: 0
-%define releasedate 2013062000
-%define version_internal 17.0.7
+%define releasedate 2013091000
+%define version_internal 17.0.9
%define apiversion 17
-%define uaweight 1700007
+%define uaweight 1700009
Summary: Mozilla Runtime Environment
License: MPL-2.0
Group: Productivity/Other
@@ -81,6 +81,7 @@
Patch20: mozilla-gcc43-enums.patch
Patch21: mozilla-gcc43-template_hacks.patch
Patch22: mozilla-gcc43-templates_instantiation.patch
+Patch23: ppc-xpcshell.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
Requires: mozilla-js = %{version}
Requires(post): update-alternatives coreutils
@@ -201,6 +202,7 @@
%patch21 -p1
%patch22 -p1
%endif
+%patch23 -p1
%build
# no need to add build time to binaries