# HG changeset patch # User Wolfgang Rosenauer # Date 1357916318 -3600 # Node ID 36ec036ad04d20d04292697bc008e3944d9828b3 # Parent 9124c1a643c5eb1b20c9a1617d8ee814b115eeaf# Parent bd89d2f9ea1d2c90969305d8cc2bdb667a61360a merge from firefox18 diff -r 9124c1a643c5 -r 36ec036ad04d MozillaFirefox/MozillaFirefox.changes --- a/MozillaFirefox/MozillaFirefox.changes Mon Dec 24 11:48:38 2012 +0100 +++ b/MozillaFirefox/MozillaFirefox.changes Fri Jan 11 15:58:38 2013 +0100 @@ -1,11 +1,53 @@ ------------------------------------------------------------------- -Thu Nov 29 20:22:22 UTC 2012 - wr@rosenauer.org - -- update to Firefox 18.0b2 - * requires NSS 3.14 - * removed obsolete SLE11 patches (mozilla-gcc43*) -- ported patches +Sun Jan 6 21:54:18 UTC 2013 - wr@rosenauer.org + +- update to Firefox 18.0 (bnc#796895) + * MFSA 2013-01/CVE-2013-0749/CVE-2013-0769/CVE-2013-0770 + Miscellaneous memory safety hazards + * MFSA 2013-02/CVE-2013-0760/CVE-2013-0762/CVE-2013-0766/CVE-2013-0767 + CVE-2013-0761/CVE-2013-0763/CVE-2013-0771/CVE-2012-5829 + Use-after-free and buffer overflow issues found using Address Sanitizer + * MFSA 2013-03/CVE-2013-0768 (bmo#815795) + Buffer Overflow in Canvas + * MFSA 2013-04/CVE-2012-0759 (bmo#802026) + URL spoofing in addressbar during page loads + * MFSA 2013-05/CVE-2013-0744 (bmo#814713) + Use-after-free when displaying table with many columns and column groups + * MFSA 2013-06/CVE-2013-0751 (bmo#790454) + Touch events are shared across iframes + * MFSA 2013-07/CVE-2013-0764 (bmo#804237) + Crash due to handling of SSL on threads + * MFSA 2013-08/CVE-2013-0745 (bmo#794158) + AutoWrapperChanger fails to keep objects alive during garbage collection + * MFSA 2013-09/CVE-2013-0746 (bmo#816842) + Compartment mismatch with quickstubs returned values + * MFSA 2013-10/CVE-2013-0747 (bmo#733305) + Event manipulation in plugin handler to bypass same-origin policy + * MFSA 2013-11/CVE-2013-0748 (bmo#806031) + Address space layout leaked in XBL objects + * MFSA 2013-12/CVE-2013-0750 (bmo#805121) + Buffer overflow in Javascript string concatenation + * MFSA 2013-13/CVE-2013-0752 (bmo#805024) + Memory corruption in XBL with XML bindings containing SVG + * MFSA 2013-14/CVE-2013-0757 (bmo#813901) + Chrome Object Wrapper (COW) bypass through changing prototype + * MFSA 2013-15/CVE-2013-0758 (bmo#813906) + Privilege escalation through plugin objects + * MFSA 2013-16/CVE-2013-0753 (bmo#814001) + Use-after-free in serializeToStream + * MFSA 2013-17/CVE-2013-0754 (bmo#814026) + Use-after-free in ListenerManager + * MFSA 2013-18/CVE-2013-0755 (bmo#814027) + Use-after-free in Vibrate + * MFSA 2013-19/CVE-2013-0756 (bmo#814029) + Use-after-free in Javascript Proxy objects +- requires NSS 3.14.1 (MFSA 2013-20, CVE-2013-0743) +- removed obsolete SLE11 patches (mozilla-gcc43*) - reenable WebRTC +- added mozilla-libproxy-compat.patch for libproxy API compat + on openSUSE 11.2 and earlier +- backed out restartless language packs as it broke multi-locale + setup (bmo#677092, bmo#818468) ------------------------------------------------------------------- Thu Nov 29 19:56:51 UTC 2012 - wr@rosenauer.org diff -r 9124c1a643c5 -r 36ec036ad04d MozillaFirefox/MozillaFirefox.spec --- a/MozillaFirefox/MozillaFirefox.spec Mon Dec 24 11:48:38 2012 +0100 +++ b/MozillaFirefox/MozillaFirefox.spec Fri Jan 11 15:58:38 2013 +0100 @@ -1,7 +1,7 @@ # # spec file for package MozillaFirefox # -# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany. # 2006-2012 Wolfgang Rosenauer # # All modifications and additions to the file contributed by third parties @@ -17,9 +17,9 @@ # -%define major 17 -%define mainver %major.99 -%define update_channel beta +%define major 18 +%define mainver %major.0 +%define update_channel release Name: MozillaFirefox BuildRequires: Mesa-devel @@ -45,7 +45,7 @@ BuildRequires: wireless-tools %endif BuildRequires: mozilla-nspr-devel >= 4.9.4 -BuildRequires: mozilla-nss-devel >= 3.14 +BuildRequires: mozilla-nss-devel >= 3.14.1 BuildRequires: nss-shared-helper-devel %if %suse_version > 1140 BuildRequires: pkgconfig(gstreamer-0.10) @@ -54,7 +54,7 @@ %endif Version: %{mainver} Release: 0 -%define releasedate 2012122200 +%define releasedate 2013010500 Provides: firefox = %{mainver} Provides: firefox = %{version}-%{release} Provides: web_browser @@ -99,6 +99,8 @@ Patch14: mozilla-ppc.patch Patch15: mozilla-gstreamer-760140.patch Patch16: mozilla-webrtc.patch +Patch17: mozilla-libproxy-compat.patch +Patch18: mozilla-backout-677092.patch # Firefox/browser Patch30: firefox-browser-css.patch Patch31: firefox-kde.patch @@ -233,6 +235,8 @@ %patch14 -p1 %patch15 -p1 %patch16 -p1 +%patch17 -p1 +%patch18 -p1 # %patch30 -p1 %if %suse_version >= 1110 diff -r 9124c1a643c5 -r 36ec036ad04d MozillaFirefox/create-tar.sh --- a/MozillaFirefox/create-tar.sh Mon Dec 24 11:48:38 2012 +0100 +++ b/MozillaFirefox/create-tar.sh Fri Jan 11 15:58:38 2013 +0100 @@ -1,9 +1,9 @@ #!/bin/bash -CHANNEL="beta" +CHANNEL="release" BRANCH="releases/mozilla-$CHANNEL" -RELEASE_TAG="FIREFOX_18_0b5_RELEASE" -VERSION="17.99" +RELEASE_TAG="FIREFOX_18_0_RELEASE" +VERSION="18.0" # mozilla echo "cloning $BRANCH..." diff -r 9124c1a643c5 -r 36ec036ad04d MozillaFirefox/mozilla-backout-677092.patch --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/MozillaFirefox/mozilla-backout-677092.patch Fri Jan 11 15:58:38 2013 +0100 @@ -0,0 +1,1 @@ +../mozilla-backout-677092.patch \ No newline at end of file diff -r 9124c1a643c5 -r 36ec036ad04d MozillaFirefox/mozilla-libproxy-compat.patch --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/MozillaFirefox/mozilla-libproxy-compat.patch Fri Jan 11 15:58:38 2013 +0100 @@ -0,0 +1,1 @@ +../mozilla-libproxy-compat.patch \ No newline at end of file diff -r 9124c1a643c5 -r 36ec036ad04d mozilla-backout-677092.patch --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/mozilla-backout-677092.patch Fri Jan 11 15:58:38 2013 +0100 @@ -0,0 +1,296 @@ +# HG changeset patch +# Parent 297b3a7802b2488cca8f2e6febc77e9dbf7f16e0 +# User Wolfgang Rosenauer +Bug 818468 - Langpacks bundled in distribution/extensions are registered but disabled even if shown enabled +(backing out Bug 677092 - Make language packs restartless by default) + +diff --git a/toolkit/mozapps/extensions/XPIProvider.jsm b/toolkit/mozapps/extensions/XPIProvider.jsm +--- a/toolkit/mozapps/extensions/XPIProvider.jsm ++++ b/toolkit/mozapps/extensions/XPIProvider.jsm +@@ -757,18 +757,18 @@ function loadManifestFromRDF(aUri, aStre + if (addon.optionsType && + addon.optionsType != AddonManager.OPTIONS_TYPE_DIALOG && + addon.optionsType != AddonManager.OPTIONS_TYPE_INLINE && + addon.optionsType != AddonManager.OPTIONS_TYPE_TAB) { + throw new Error("Install manifest specifies unknown type: " + addon.optionsType); + } + } + else { +- // spell check dictionaries and language packs never require a restart +- if (addon.type == "dictionary" || addon.type == "locale") ++ // spell check dictionaries never require a restart ++ if (addon.type == "dictionary") + addon.bootstrap = true; + + // Only extensions are allowed to provide an optionsURL, optionsType or aboutURL. For + // all other types they are silently ignored + addon.optionsURL = null; + addon.optionsType = null; + addon.aboutURL = null; + +@@ -3712,21 +3712,16 @@ var XPIProvider = { + // Never call any bootstrap methods in safe mode + if (Services.appinfo.inSafeMode) + return; + + if (aMethod == "startup") + Components.manager.addBootstrappedManifestLocation(aFile); + + try { +- // Don't call bootstrap.js methods for language packs, +- // they only contain chrome. +- if (aType == "locale") +- return; +- + // Load the scope if it hasn't already been loaded + if (!(aId in this.bootstrapScopes)) + this.loadBootstrapScope(aId, aFile, aVersion, aType); + + if (!(aMethod in this.bootstrapScopes[aId])) { + WARN("Add-on " + aId + " is missing bootstrap method " + aMethod); + return; + } +diff --git a/toolkit/mozapps/extensions/test/xpcshell/test_dictionary.js b/toolkit/mozapps/extensions/test/xpcshell/test_dictionary.js +--- a/toolkit/mozapps/extensions/test/xpcshell/test_dictionary.js ++++ b/toolkit/mozapps/extensions/test/xpcshell/test_dictionary.js +@@ -4,19 +4,16 @@ + + // This verifies that bootstrappable add-ons can be used without restarts. + Components.utils.import("resource://gre/modules/Services.jsm"); + + // Enable loading extensions from the user scopes + Services.prefs.setIntPref("extensions.enabledScopes", + AddonManager.SCOPE_PROFILE + AddonManager.SCOPE_USER); + +-// The test extension uses an insecure update url. +-Services.prefs.setBoolPref(PREF_EM_CHECK_UPDATE_SECURITY, false); +- + createAppInfo("xpcshell@tests.mozilla.org", "XPCShell", "1", "1.9.2"); + + const profileDir = gProfD.clone(); + profileDir.append("extensions"); + const userExtDir = gProfD.clone(); + userExtDir.append("extensions2"); + userExtDir.append(gAppInfo.ID); + registerDirectory("XREUSysExt", userExtDir.parent); +@@ -98,17 +95,16 @@ var HunspellEngine = { + } + }; + + function run_test() { + do_test_pending(); + + // Create and configure the HTTP server. + testserver = new HttpServer(); +- testserver.registerDirectory("/data/", do_get_file("data")); + testserver.registerDirectory("/addons/", do_get_file("addons")); + testserver.start(4444); + + startupManager(); + + run_test_1(); + } + +@@ -563,17 +559,17 @@ function check_test_23() { + AddonManager.getAddonsWithOperationsByTypes(null, function(list) { + do_check_eq(list.length, 0); + + restartManager(); + AddonManager.getAddonByID("ab-CD@dictionaries.addons.mozilla.org", function(b1) { + b1.uninstall(); + restartManager(); + +- run_test_25(); ++ testserver.stop(run_test_25); + }); + }); + }); + }); + } + + // Tests that updating from a bootstrappable add-on to a normal add-on calls + // the uninstall method +@@ -631,160 +627,15 @@ function run_test_26() { + + AddonManager.getAddonByID("ab-CD@dictionaries.addons.mozilla.org", function(b1) { + do_check_neq(b1, null); + do_check_eq(b1.version, "1.0"); + do_check_true(b1.isActive); + do_check_eq(b1.pendingOperations, AddonManager.PENDING_NONE); + + HunspellEngine.deactivate(); +- b1.uninstall(); +- restartManager(); +- run_test_27(); ++ ++ do_test_finished(); + }); + }); + }); + } + +-// Tests that an update check from a normal add-on to a bootstrappable add-on works +-function run_test_27() { +- writeInstallRDFForExtension({ +- id: "ab-CD@dictionaries.addons.mozilla.org", +- version: "1.0", +- updateURL: "http://localhost:4444/data/test_dictionary.rdf", +- targetApplications: [{ +- id: "xpcshell@tests.mozilla.org", +- minVersion: "1", +- maxVersion: "1" +- }], +- name: "Test Dictionary", +- }, profileDir); +- restartManager(); +- +- prepare_test({ +- "ab-CD@dictionaries.addons.mozilla.org": [ +- "onInstalling" +- ] +- }, [ +- "onNewInstall", +- "onDownloadStarted", +- "onDownloadEnded", +- "onInstallStarted", +- "onInstallEnded" +- ], check_test_27); +- +- AddonManagerPrivate.backgroundUpdateCheck(); +-} +- +-function check_test_27(install) { +- do_check_eq(install.existingAddon.pendingUpgrade.install, install); +- +- restartManager(); +- AddonManager.getAddonByID("ab-CD@dictionaries.addons.mozilla.org", function(b1) { +- do_check_neq(b1, null); +- do_check_eq(b1.version, "2.0"); +- do_check_eq(b1.type, "dictionary"); +- b1.uninstall(); +- restartManager(); +- +- run_test_28(); +- }); +-} +- +-// Tests that an update check from a bootstrappable add-on to a normal add-on works +-function run_test_28() { +- writeInstallRDFForExtension({ +- id: "ef@dictionaries.addons.mozilla.org", +- version: "1.0", +- type: "64", +- updateURL: "http://localhost:4444/data/test_dictionary.rdf", +- targetApplications: [{ +- id: "xpcshell@tests.mozilla.org", +- minVersion: "1", +- maxVersion: "1" +- }], +- name: "Test Dictionary ef", +- }, profileDir); +- restartManager(); +- +- prepare_test({ +- "ef@dictionaries.addons.mozilla.org": [ +- "onInstalling" +- ] +- }, [ +- "onNewInstall", +- "onDownloadStarted", +- "onDownloadEnded", +- "onInstallStarted", +- "onInstallEnded" +- ], check_test_28); +- +- AddonManagerPrivate.backgroundUpdateCheck(); +-} +- +-function check_test_28(install) { +- do_check_eq(install.existingAddon.pendingUpgrade.install, install); +- +- restartManager(); +- AddonManager.getAddonByID("ef@dictionaries.addons.mozilla.org", function(b2) { +- do_check_neq(b2, null); +- do_check_eq(b2.version, "2.0"); +- do_check_eq(b2.type, "extension"); +- b2.uninstall(); +- restartManager(); +- +- run_test_29(); +- }); +-} +- +-// Tests that an update check from a bootstrappable add-on to a bootstrappable add-on works +-function run_test_29() { +- writeInstallRDFForExtension({ +- id: "gh@dictionaries.addons.mozilla.org", +- version: "1.0", +- type: "64", +- updateURL: "http://localhost:4444/data/test_dictionary.rdf", +- targetApplications: [{ +- id: "xpcshell@tests.mozilla.org", +- minVersion: "1", +- maxVersion: "1" +- }], +- name: "Test Dictionary gh", +- }, profileDir); +- restartManager(); +- +- prepare_test({ +- "gh@dictionaries.addons.mozilla.org": [ +- ["onInstalling", false /* = no restart */], +- ["onInstalled", false] +- ] +- }, [ +- "onNewInstall", +- "onDownloadStarted", +- "onDownloadEnded", +- "onInstallStarted", +- "onInstallEnded" +- ], check_test_29); +- +- AddonManagerPrivate.backgroundUpdateCheck(); +-} +- +-function check_test_29(install) { +- AddonManager.getAddonByID("gh@dictionaries.addons.mozilla.org", function(b2) { +- do_check_neq(b2, null); +- do_check_eq(b2.version, "2.0"); +- do_check_eq(b2.type, "dictionary"); +- +- prepare_test({ +- "gh@dictionaries.addons.mozilla.org": [ +- ["onUninstalling", false], +- ["onUninstalled", false], +- ] +- }, [ +- ], finish_test_29); +- +- b2.uninstall(); +- }); +-} +- +-function finish_test_29() { +- testserver.stop(do_test_finished); +-} +diff --git a/toolkit/mozapps/extensions/test/xpcshell/xpcshell.ini b/toolkit/mozapps/extensions/test/xpcshell/xpcshell.ini +--- a/toolkit/mozapps/extensions/test/xpcshell/xpcshell.ini ++++ b/toolkit/mozapps/extensions/test/xpcshell/xpcshell.ini +@@ -136,17 +136,16 @@ fail-if = os == "android" + [test_cacheflush.js] + [test_checkcompatibility.js] + [test_ChromeManifestParser.js] + [test_compatoverrides.js] + [test_corrupt.js] + [test_corrupt_strictcompat.js] + [test_db_sanity.js] + [test_dictionary.js] +-[test_langpack.js] + [test_disable.js] + [test_distribution.js] + [test_dss.js] + # Bug 676992: test consistently fails on Android + fail-if = os == "android" + [test_duplicateplugins.js] + # Bug 676992: test consistently hangs on Android + skip-if = os == "android" diff -r 9124c1a643c5 -r 36ec036ad04d mozilla-libproxy-compat.patch --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/mozilla-libproxy-compat.patch Fri Jan 11 15:58:38 2013 +0100 @@ -0,0 +1,28 @@ +# HG changeset patch +# Parent 99164862ccce7947259465dcf9edbf6375d56413 +# User Wolfgang Rosenauer +No bug - libproxy API change picked up in bmo#769764 but fails in openSUSE 11.2 and earlier. Still cast to char* to make "all" happy +Note: Remove that patch when openSUSE 11.2 runs out of any support! + +diff --git a/toolkit/system/unixproxy/nsLibProxySettings.cpp b/toolkit/system/unixproxy/nsLibProxySettings.cpp +--- a/toolkit/system/unixproxy/nsLibProxySettings.cpp ++++ b/toolkit/system/unixproxy/nsLibProxySettings.cpp +@@ -67,17 +67,17 @@ nsUnixSystemProxySettings::GetProxyForUR + + if (!mProxyFactory) { + mProxyFactory = px_proxy_factory_new(); + } + NS_ENSURE_TRUE(mProxyFactory, NS_ERROR_NOT_AVAILABLE); + + char **proxyArray = nullptr; + proxyArray = px_proxy_factory_get_proxies(mProxyFactory, +- PromiseFlatCString(aSpec).get()); ++ (char *) (PromiseFlatCString(aSpec).get())); + NS_ENSURE_TRUE(proxyArray, NS_ERROR_NOT_AVAILABLE); + + // Translate libproxy's output to PAC string as expected + // libproxy returns an array of proxies in the format: + // ://[username:password@]proxy:port + // or + // direct:// + // diff -r 9124c1a643c5 -r 36ec036ad04d series --- a/series Mon Dec 24 11:48:38 2012 +0100 +++ b/series Fri Jan 11 15:58:38 2013 +0100 @@ -19,6 +19,8 @@ mozilla-ppc.patch mozilla-idldir.patch mozilla-webrtc.patch +mozilla-libproxy-compat.patch +mozilla-backout-677092.patch #mozilla-disable-neon-option.patch # Firefox patches