# HG changeset patch # User Wolfgang Rosenauer # Date 1380367315 -7200 # Node ID 0b1f7ee785d32ab3bac9b2e63f84a96ed38df959 # Parent 4b65b5cfd428bf7b8f1356c2021287a11ae06d3b update xulrunner base to 24.0 diff -r 4b65b5cfd428 -r 0b1f7ee785d3 xulrunner/_constraints --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/xulrunner/_constraints Sat Sep 28 13:21:55 2013 +0200 @@ -0,0 +1,11 @@ + + + + + 9 + + + 3500 + + + diff -r 4b65b5cfd428 -r 0b1f7ee785d3 xulrunner/create-tar.sh --- a/xulrunner/create-tar.sh Wed Sep 18 16:26:48 2013 +0200 +++ b/xulrunner/create-tar.sh Sat Sep 28 13:21:55 2013 +0200 @@ -1,14 +1,33 @@ #!/bin/bash -CHANNEL="beta" +CHANNEL="release" BRANCH="releases/mozilla-$CHANNEL" -RELEASE_TAG="FIREFOX_18_0b2_RELEASE" -VERSION="17.99" +RELEASE_TAG="FIREFOX_24_0_RELEASE" +VERSION="24.0" # mozilla -echo "cloning $BRANCH..." -hg clone http://hg.mozilla.org/$BRANCH mozilla +if [ -d mozilla ]; then + pushd mozilla + _repourl=$(hg paths) + case "$_repourl" in + *$BRANCH*) + echo "updating previous tree" + hg pull + popd + ;; + * ) + echo "removing obsolete tree" + popd + rm -rf mozilla + ;; + esac +fi +if [ ! -d mozilla ]; then + echo "cloning new $BRANCH..." + hg clone http://hg.mozilla.org/$BRANCH mozilla +fi pushd mozilla +hg update --check [ "$RELEASE_TAG" == "default" ] || hg update -r $RELEASE_TAG # get repo and source stamp echo -n "REV=" > ../source-stamp.txt diff -r 4b65b5cfd428 -r 0b1f7ee785d3 xulrunner/mozilla-libproxy-compat.patch --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/xulrunner/mozilla-libproxy-compat.patch Sat Sep 28 13:21:55 2013 +0200 @@ -0,0 +1,1 @@ +../mozilla-libproxy-compat.patch \ No newline at end of file diff -r 4b65b5cfd428 -r 0b1f7ee785d3 xulrunner/xulrunner.changes --- a/xulrunner/xulrunner.changes Wed Sep 18 16:26:48 2013 +0200 +++ b/xulrunner/xulrunner.changes Sat Sep 28 13:21:55 2013 +0200 @@ -1,3 +1,186 @@ +------------------------------------------------------------------- +Wed Sep 18 14:39:34 UTC 2013 - wr@rosenauer.org + +- update to 24.0 (bnc#840485) + * MFSA 2013-76/CVE-2013-1718/CVE-2013-1719 + Miscellaneous memory safety hazards + * MFSA 2013-77/CVE-2013-1720 (bmo#888820) + Improper state in HTML5 Tree Builder with templates + * MFSA 2013-78/CVE-2013-1721 (bmo#890277) + Integer overflow in ANGLE library + * MFSA 2013-79/CVE-2013-1722 (bmo#893308) + Use-after-free in Animation Manager during stylesheet cloning + * MFSA 2013-80/CVE-2013-1723 (bmo#891292) + NativeKey continues handling key messages after widget is destroyed + * MFSA 2013-81/CVE-2013-1724 (bmo#894137) + Use-after-free with select element + * MFSA 2013-82/CVE-2013-1725 (bmo#876762) + Calling scope for new Javascript objects can lead to memory corruption + * MFSA 2013-85/CVE-2013-1728 (bmo#883686) + Uninitialized data in IonMonkey + * MFSA 2013-88/CVE-2013-1730 (bmo#851353) + Compartment mismatch re-attaching XBL-backed nodes + * MFSA 2013-89/CVE-2013-1732 (bmo#883514) + Buffer overflow with multi-column, lists, and floats + * MFSA 2013-90/CVE-2013-1735/CVE-2013-1736 (bmo#898871, bmo#906301) + Memory corruption involving scrolling + * MFSA 2013-91/CVE-2013-1737 (bmo#907727) + User-defined properties on DOM proxies get the wrong "this" object + * MFSA 2013-92/CVE-2013-1738 (bmo#887334, bmo#882897) + GC hazard with default compartments and frame chain restoration +- require NSPR 4.10 and NSS 3.15.1 + +------------------------------------------------------------------- +Fri Aug 2 10:56:43 UTC 2013 - wr@rosenauer.org + +- update to 17.0.8esr (bnc#833389) + * MFSA 2013-63/CVE-2013-1701 + Miscellaneous memory safety hazards + * MFSA 2013-68/CVE-2013-1709 (bmo#838253) + Document URI misrepresentation and masquerading + * MFSA 2013-69/CVE-2013-1710 (bmo#871368) + CRMF requests allow for code execution and XSS attacks + * MFSA 2013-72/CVE-2013-1713 (bmo#887098) + Wrong principal used for validating URI for some Javascript + components + * MFSA 2013-73/CVE-2013-1714 (bmo#879787) + Same-origin bypass with web workers and XMLHttpRequest + * MFSA 2013-75/CVE-2013-1717 (bmo#406541, bmo#738397) + Local Java applets may read contents of local file system + +------------------------------------------------------------------- +Mon Jun 24 15:26:27 UTC 2013 - wr@rosenauer.org + +- update to 17.0.7esr (bnc#825935) + * MFSA 2013-49/CVE-2013-1682 + Miscellaneous memory safety hazards + * MFSA 2013-50/CVE-2013-1684/CVE-2013-1685/CVE-2013-1686 + Memory corruption found using Address Sanitizer + * MFSA 2013-51/CVE-2013-1687 (bmo#863933, bmo#866823) + Privileged content access and execution via XBL + * MFSA 2013-53/CVE-2013-1690 (bmo#857883) + Execution of unmapped memory through onreadystatechange event + * MFSA 2013-54/CVE-2013-1692 (bmo#866915) + Data in the body of XHR HEAD requests leads to CSRF attacks + * MFSA 2013-55/CVE-2013-1693 (bmo#711043) + SVG filters can lead to information disclosure + * MFSA 2013-56/CVE-2013-1694 (bmo#848535) + PreserveWrapper has inconsistent behavior + * MFSA 2013-59/CVE-2013-1697 (bmo#858101) + XrayWrappers can be bypassed to run user defined methods in a + privileged context + +------------------------------------------------------------------- +Tue Jun 4 16:24:51 UTC 2013 - dvaleev@suse.com + +- Fix build on powerpc (ppc-xpcshell.patch) + +------------------------------------------------------------------- +Fri May 10 17:27:23 UTC 2013 - wr@rosenauer.org + +- update to 17.0.6esr (bnc#819204) + * MFSA 2013-41/CVE-2013-0801/CVE-2013-1669 + Miscellaneous memory safety hazards + * MFSA 2013-42/CVE-2013-1670 (bmo#853709) + Privileged access for content level constructor + * MFSA 2013-46/CVE-2013-1674 (bmo#860971) + Use-after-free with video and onresize event + * MFSA 2013-47/CVE-2013-1675 (bmo#866825) + Uninitialized functions in DOMSVGZoomEvent + * MFSA 2013-48/CVE-2013-1676/CVE-2013-1677/CVE-2013-1678/ + CVE-2013-1679/CVE-2013-1680/CVE-2013-1681 + Memory corruption found using Address Sanitizer + +------------------------------------------------------------------- +Fri Mar 29 16:27:59 UTC 2013 - wr@rosenauer.org + +- update to 17.0.5esr (bnc#813026) + * requires NSPR 4.9.5 and NSS 3.14.3 + * MFSA 2013-30/CVE-2013-0788 + Miscellaneous memory safety hazards + * MFSA 2013-31/CVE-2013-0800 (bmo#825721) + Out-of-bounds write in Cairo library + * MFSA 2013-35/CVE-2013-0796 (bmo#827106) + WebGL crash with Mesa graphics driver on Linux + * MFSA 2013-36/CVE-2013-0795 (bmo#825697) + Bypass of SOW protections allows cloning of protected nodes + * MFSA 2013-37/CVE-2013-0794 (bmo#626775) + Bypass of tab-modal dialog origin disclosure + * MFSA 2013-38/CVE-2013-0793 (bmo#803870) + Cross-site scripting (XSS) using timed history navigations + +------------------------------------------------------------------- +Fri Mar 8 09:00:09 UTC 2013 - wr@rosenauer.org + +- update to 17.0.4esr (bnc#808243) + * MFSA 2013-29/CVE-2013-0787 (bmo#848644) + Use-after-free in HTML Editor + +------------------------------------------------------------------- +Sat Feb 16 17:38:21 UTC 2013 - wr@rosenauer.org + +- update to 17.0.3esr (bnc#804248) + * MFSA 2013-21/CVE-2013-0783 + Miscellaneous memory safety hazards + * MFSA 2013-24/CVE-2013-0773 (bmo#809652) + Web content bypass of COW and SOW security wrappers + * MFSA 2013-25/CVE-2013-0774 (bmo#827193) + Privacy leak in JavaScript Workers + * MFSA 2013-26/CVE-2013-0775 (bmo#831095) + Use-after-free in nsImageLoadingContent + * MFSA 2013-27/CVE-2013-0776 (bmo#796475) + Phishing on HTTPS connection through malicious proxy + * MFSA 2013-28/CVE-2013-0780/CVE-2013-0782 + Use-after-free, out of bounds read, and buffer overflow issues + found using Address Sanitizer + +------------------------------------------------------------------- +Sat Jan 5 14:46:06 UTC 2013 - wr@rosenauer.org + +- update to 17.0.2esr (bnc#796895) + * MFSA 2013-01/CVE-2013-0749/CVE-2013-0769/CVE-2013-0770 + Miscellaneous memory safety hazards + * MFSA 2013-02/CVE-2013-0760/CVE-2013-0762/CVE-2013-0766/CVE-2013-0767 + CVE-2013-0761/CVE-2013-0763/CVE-2013-0771/CVE-2012-5829 + Use-after-free and buffer overflow issues found using Address Sanitizer + * MFSA 2013-03/CVE-2013-0768 (bmo#815795) + Buffer Overflow in Canvas + * MFSA 2013-04/CVE-2012-0759 (bmo#802026) + URL spoofing in addressbar during page loads + * MFSA 2013-05/CVE-2013-0744 (bmo#814713) + Use-after-free when displaying table with many columns and column groups + * MFSA 2013-07/CVE-2013-0764 (bmo#804237) + Crash due to handling of SSL on threads + * MFSA 2013-08/CVE-2013-0745 (bmo#794158) + AutoWrapperChanger fails to keep objects alive during garbage collection + * MFSA 2013-09/CVE-2013-0746 (bmo#816842) + Compartment mismatch with quickstubs returned values + * MFSA 2013-10/CVE-2013-0747 (bmo#733305) + Event manipulation in plugin handler to bypass same-origin policy + * MFSA 2013-11/CVE-2013-0748 (bmo#806031) + Address space layout leaked in XBL objects + * MFSA 2013-12/CVE-2013-0750 (bmo#805121) + Buffer overflow in Javascript string concatenation + * MFSA 2013-13/CVE-2013-0752 (bmo#805024) + Memory corruption in XBL with XML bindings containing SVG + * MFSA 2013-14/CVE-2013-0757 (bmo#813901) + Chrome Object Wrapper (COW) bypass through changing prototype + * MFSA 2013-15/CVE-2013-0758 (bmo#813906) + Privilege escalation through plugin objects + * MFSA 2013-16/CVE-2013-0753 (bmo#814001) + Use-after-free in serializeToStream + * MFSA 2013-17/CVE-2013-0754 (bmo#814026) + Use-after-free in ListenerManager + * MFSA 2013-18/CVE-2013-0755 (bmo#814027) + Use-after-free in Vibrate + * MFSA 2013-19/CVE-2013-0756 (bmo#814029) + Use-after-free in Javascript Proxy objects +- requires NSS 3.14.1 (MFSA 2013-20, CVE-2013-0743) +- build on SLE11 + * mozilla-gcc43-enums.patch + * mozilla-gcc43-template_hacks.patch + * mozilla-gcc43-templates_instantiation.patch + ------------------------------------------------------------------- Thu Nov 29 20:04:34 UTC 2012 - wr@rosenauer.org diff -r 4b65b5cfd428 -r 0b1f7ee785d3 xulrunner/xulrunner.spec --- a/xulrunner/xulrunner.spec Wed Sep 18 16:26:48 2013 +0200 +++ b/xulrunner/xulrunner.spec Sat Sep 28 13:21:55 2013 +0200 @@ -1,8 +1,8 @@ # # spec file for package xulrunner # -# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany. -# 2006-2012 Wolfgang Rosenauer +# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany. +# 2006-2013 Wolfgang Rosenauer # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -16,6 +16,11 @@ # Please submit bugfixes or comments via http://bugs.opensuse.org/ # +%if %suse_version > 1220 +%define gstreamer_ver 0.10 +%else +%define gstreamer_ver 0.10 +%endif Name: xulrunner BuildRequires: Mesa-devel @@ -42,14 +47,19 @@ %else BuildRequires: wireless-tools %endif -BuildRequires: mozilla-nspr-devel >= 4.9.2 -BuildRequires: mozilla-nss-devel >= 3.14 -Version: 17.99 +BuildRequires: mozilla-nspr-devel >= 4.10 +BuildRequires: mozilla-nss-devel >= 3.15.1 +%if %suse_version > 1210 +BuildRequires: pkgconfig(gstreamer-%gstreamer_ver) +BuildRequires: pkgconfig(gstreamer-app-%gstreamer_ver) +BuildRequires: pkgconfig(gstreamer-plugins-base-%gstreamer_ver) +%endif +Version: 24.0 Release: 0 -%define releasedate 2012112800 -%define version_internal 18.0 -%define apiversion 18 -%define uaweight 1800000 +%define releasedate 2013091000 +%define version_internal 24.0 +%define apiversion 24 +%define uaweight 2400000 Summary: Mozilla Runtime Environment License: MPL-2.0 Group: Productivity/Other @@ -76,16 +86,19 @@ Patch6: mozilla-language.patch Patch7: mozilla-ntlm-full-path.patch Patch9: mozilla-sle11.patch -Patch14: mozilla-ppc.patch +Patch10: mozilla-ppc.patch +Patch11: mozilla-libproxy-compat.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build Requires: mozilla-js = %{version} Requires(post): update-alternatives coreutils Requires(preun): update-alternatives coreutils +Provides: xulrunner-esr = %{version} +Obsoletes: xulrunner-esr < 24.0 ### build configuration ### %define has_system_nspr 1 %define has_system_nss 1 %define has_system_cairo 0 -%define localize 0 +%define localize 1 %ifarch ppc ppc64 s390 s390x ia64 %arm %define crashreporter 0 %else @@ -140,7 +153,7 @@ Summary: Common translations for XULRunner Group: System/Localization Requires: %{name} = %{version} -Provides: locale(%{name}:ar;ca;cs;da;de;en_GB;es_AR;es_CL;es_ES;fi;fr;hu;it;ja;ko;nb_NO;nl;pl;pt_BR;pt_PT;ru;sv_SE;zh_CN;zh_TW) +Provides: locale(%{name}:ar;ca;cs;da;de;el;en_GB;es_AR;es_CL;es_ES;fi;fr;hu;it;ja;ko;nb_NO;nl;pl;pt_BR;pt_PT;ru;sv_SE;zh_CN;zh_TW) Obsoletes: %{name}-translations < %{version}-%{release} %description translations-common @@ -156,7 +169,7 @@ Summary: Extra translations for XULRunner Group: System/Localization Requires: %{name} = %{version} -Provides: locale(%{name}:ach;af;ak;as;ast;be;bg;bn_BD;bn_IN;br;bs;csb;cy;el;en_ZA;eo;es_MX;et;eu;fa;ff;fy_NL;ga_IE;gd;gl;gu_IN;he;hi_IN;hr;hy_AM;id;is;kk;km;kn;ku;lg;lij;lt;lv;mai;mk;ml;mr;nn_NO;nso;or;pa_IN;rm;ro;si;sk;sl;son;sq;sr;ta;ta_LK;te;th;tr;uk;vi;zu) +Provides: locale(%{name}:ach;af;ak;as;ast;be;bg;bn_BD;bn_IN;br;bs;csb;cy;en_ZA;eo;es_MX;et;eu;fa;ff;fy_NL;ga_IE;gd;gl;gu_IN;he;hi_IN;hr;hy_AM;id;is;kk;km;kn;ku;lg;lij;lt;lv;mai;mk;ml;mr;nn_NO;nso;or;pa_IN;rm;ro;si;sk;sl;son;sq;sr;ta;ta_LK;te;th;tr;uk;vi;zu) Obsoletes: %{name}-translations < %{version}-%{release} %description translations-other @@ -190,7 +203,8 @@ %if %suse_version < 1120 %patch9 -p1 %endif -%patch14 -p1 +%patch10 -p1 +%patch11 -p1 %build # no need to add build time to binaries @@ -243,7 +257,6 @@ ac_add_options --enable-system-hunspell ac_add_options --enable-startup-notification ac_add_options --enable-shared-js -ac_add_options --disable-webrtc # does not build with system NSPR #ac_add_options --enable-debug EOF %if %suse_version > 1130 @@ -252,6 +265,11 @@ ac_add_options --enable-gio EOF %endif +%if %suse_version < 1220 +cat << EOF >> $MOZCONFIG +ac_add_options --disable-gstreamer +EOF +%endif %if %has_system_nspr cat << EOF >> $MOZCONFIG ac_add_options --with-system-nspr @@ -277,27 +295,15 @@ ac_add_options --disable-crashreporter EOF %endif -# S/390 -%ifarch s390 s390x -cat << EOF >> $MOZCONFIG -ac_add_options --disable-jemalloc -EOF -%endif # ARM %ifarch %arm cat << EOF >> $MOZCONFIG -%ifarch armv7l armv7hl -ac_add_options --with-arch=armv7-a -ac_add_options --with-float-abi=hard -ac_add_options --with-fpu=vfpv3-d16 -ac_add_options --with-thumb=yes -ac_add_options --disable-debug +ac_add_options --disable-neon +EOF %endif -%ifarch armv5tel -ac_add_options --with-arch=armv5te -ac_add_options --with-float-abi=soft -ac_add_options --with-thumb=no -%endif +%ifnarch %ix86 x86_64 +cat << EOF >> $MOZCONFIG +ac_add_options --disable-webrtc EOF %endif make -f client.mk build @@ -315,14 +321,12 @@ find $RPM_BUILD_ROOT%{_libdir}/xulrunner-%{version_internal}/ \ -name "*.js" -o -name "*.xpm" -o -name "*.png" | xargs chmod a-x # remove mkdir.done files from installed base -find $RPM_BUILD_ROOT%{_libdir}/xulrunner-%{version_internal} -name ".mkdir.done" | xargs rm +#find $RPM_BUILD_ROOT%{_libdir}/xulrunner-%{version_internal} -name ".mkdir.done" | xargs rm mkdir -p $RPM_BUILD_ROOT%{_libdir}/xulrunner-%{version_internal}/extensions # fixing SDK dynamic libs (symlink instead of copy) rm $RPM_BUILD_ROOT%{_libdir}/xulrunner-devel-%{version_internal}/sdk/lib/*.so ln -sf ../../../xulrunner-%{version_internal}/libmozjs.so \ $RPM_BUILD_ROOT%{_libdir}/xulrunner-devel-%{version_internal}/sdk/lib/ -ln -sf ../../../xulrunner-%{version_internal}/libxpcom.so \ - $RPM_BUILD_ROOT%{_libdir}/xulrunner-devel-%{version_internal}/sdk/lib/ ln -sf ../../../xulrunner-%{version_internal}/libxul.so \ $RPM_BUILD_ROOT%{_libdir}/xulrunner-devel-%{version_internal}/sdk/lib/ # include basic buildenv for xulapps to use @@ -331,7 +335,7 @@ # this list has been compiled by trial and error for prism tar --exclude=*.cpp --exclude=*.mm \ -cvjf $RPM_BUILD_ROOT%{_datadir}/xulrunner-%{version_internal}/mozilla-src.tar.bz2 \ - mozilla/configure.in mozilla/Makefile.in mozilla/client.py mozilla/allmakefiles.sh \ + mozilla/configure.in mozilla/Makefile.in mozilla/client.py \ mozilla/config mozilla/client.mk mozilla/aclocal.m4 mozilla/build mozilla/js/src/* \ mozilla/testing mozilla/toolkit/mozapps/installer mozilla/probes mozilla/memory \ mozilla/toolkit/xre mozilla/nsprpub/config mozilla/tools mozilla/xpcom/build @@ -364,7 +368,7 @@ rm -rf $RPM_BUILD_ROOT%{_libdir}/xulrunner-%{version_internal}/extensions/langpack-$locale@firefox.mozilla.org/defaults # check against the fixed common list and sort into the right filelist _matched=0 - for _match in ar ca cs da de en-GB es-AR es-CL es-ES fi fr hu it ja ko nb-NO nl pl pt-BR pt-PT ru sv-SE zh-CN zh-TW; do + for _match in ar ca cs da de el en-GB es-AR es-CL es-ES fi fr hu it ja ko nb-NO nl pl pt-BR pt-PT ru sv-SE zh-CN zh-TW; do [ "$_match" = "$locale" ] && _matched=1 done [ $_matched -eq 1 ] && _l10ntarget=common || _l10ntarget=other @@ -453,7 +457,6 @@ %dir %{_libdir}/xulrunner-%{version_internal}/extensions/ %{_libdir}/xulrunner-%{version_internal}/chrome/icons/ %{_libdir}/xulrunner-%{version_internal}/components/ -%{_libdir}/xulrunner-%{version_internal}/plugins/ %{_libdir}/xulrunner-%{version_internal}/*.so %exclude %{_libdir}/xulrunner-%{version_internal}/libmozjs.so %{_libdir}/xulrunner-%{version_internal}/add-plugins.sh @@ -493,6 +496,7 @@ %files devel %defattr(-,root,root) %{_libdir}/xulrunner-devel-%{version_internal}/ +%{_libdir}/xulrunner-%{version_internal}/js-gdb.py # FIXME symlink dynamic libs below sdk/lib %attr(644,root,root) %{_libdir}/pkgconfig/* %{_includedir}/xulrunner-%{version_internal}/