# HG changeset patch # User Wolfgang Rosenauer # Date 1346436139 -7200 # Node ID 6bcb1bfae08e073044535a2484048a71b035c1ae # Parent 4812378b5646bb58ddf3ad2c7443c95159725c33 16.0b1 diff -r 4812378b5646 -r 6bcb1bfae08e MozillaFirefox/MozillaFirefox.changes --- a/MozillaFirefox/MozillaFirefox.changes Mon Aug 20 08:55:43 2012 +0200 +++ b/MozillaFirefox/MozillaFirefox.changes Fri Aug 31 20:02:19 2012 +0200 @@ -1,13 +1,48 @@ ------------------------------------------------------------------- -Mon Aug 20 06:53:05 UTC 2012 - wr@rosenauer.org - -- update to Aurora 16.0 +Fri Aug 31 17:52:11 UTC 2012 - wr@rosenauer.org + +- update to Firefox 16.0b1 +- requires NSPR 4.9.2 - improve GStreamer integration (bmo#760140) +- removed upstreamed mozilla-crashreporter-restart-args.patch +- webapprt now included ------------------------------------------------------------------- -Fri Aug 10 17:13:28 UTC 2012 - wr@rosenauer.org - -- update to Firefox 15.0b4 +Sun Aug 26 13:47:43 UTC 2012 - wr@rosenauer.org + +- update to Firefox 15.0 (bnc#777588) + * MFSA 2012-57/CVE-2012-1970 + Miscellaneous memory safety hazards + * MFSA 2012-58/CVE-2012-1972/CVE-2012-1973/CVE-2012-1974/CVE-2012-1975 + CVE-2012-1976/CVE-2012-3956/CVE-2012-3957/CVE-2012-3958/CVE-2012-3959 + CVE-2012-3960/CVE-2012-3961/CVE-2012-3962/CVE-2012-3963/CVE-2012-3964 + Use-after-free issues found using Address Sanitizer + * MFSA 2012-59/CVE-2012-1956 (bmo#756719) + Location object can be shadowed using Object.defineProperty + * MFSA 2012-60/CVE-2012-3965 (bmo#769108) + Escalation of privilege through about:newtab + * MFSA 2012-61/CVE-2012-3966 (bmo#775794, bmo#775793) + Memory corruption with bitmap format images with negative height + * MFSA 2012-62/CVE-2012-3967/CVE-2012-3968 + WebGL use-after-free and memory corruption + * MFSA 2012-63/CVE-2012-3969/CVE-2012-3970 + SVG buffer overflow and use-after-free issues + * MFSA 2012-64/CVE-2012-3971 + Graphite 2 memory corruption + * MFSA 2012-65/CVE-2012-3972 (bmo#746855) + Out-of-bounds read in format-number in XSLT + * MFSA 2012-66/CVE-2012-3973 (bmo#757128) + HTTPMonitor extension allows for remote debugging without explicit + activation + * MFSA 2012-68/CVE-2012-3975 (bmo#770684) + DOMParser loads linked resources in extensions when parsing + text/html + * MFSA 2012-69/CVE-2012-3976 (bmo#768568) + Incorrect site SSL certificate data display + * MFSA 2012-70/CVE-2012-3978 (bmo#770429) + Location object security checks bypassed by chrome code + * MFSA 2012-72/CVE-2012-3980 (bmo#771859) + Web console eval capable of executing chrome-privileged code - fix HTML5 video crash with GStreamer enabled (bmo#761030) - GStreamer is only used for MP4 (no WebM, OGG) - updated filelist diff -r 4812378b5646 -r 6bcb1bfae08e MozillaFirefox/MozillaFirefox.spec --- a/MozillaFirefox/MozillaFirefox.spec Mon Aug 20 08:55:43 2012 +0200 +++ b/MozillaFirefox/MozillaFirefox.spec Fri Aug 31 20:02:19 2012 +0200 @@ -18,8 +18,8 @@ %define major 15 -%define mainver %major.98 -%define update_channel aurora +%define mainver %major.99 +%define update_channel beta Name: MozillaFirefox BuildRequires: Mesa-devel @@ -54,7 +54,7 @@ %endif Version: %{mainver} Release: 0 -%define releasedate 2012081500 +%define releasedate 2012082800 Provides: firefox = %{mainver} Provides: firefox = %{version}-%{release} Provides: web_browser @@ -125,7 +125,7 @@ %define desktop_file_name %{name} %endif ### build options -%define branding 0 +%define branding 1 %define localize 1 %ifarch ppc ppc64 s390 s390x ia64 %arm %define crashreporter 0 diff -r 4812378b5646 -r 6bcb1bfae08e MozillaFirefox/create-tar.sh --- a/MozillaFirefox/create-tar.sh Mon Aug 20 08:55:43 2012 +0200 +++ b/MozillaFirefox/create-tar.sh Fri Aug 31 20:02:19 2012 +0200 @@ -1,9 +1,9 @@ #!/bin/bash -CHANNEL="aurora" +CHANNEL="beta" BRANCH="releases/mozilla-$CHANNEL" -RELEASE_TAG="default" -VERSION="15.98" +RELEASE_TAG="FIREFOX_16_0b1_RELEASE" +VERSION="15.99" # mozilla echo "cloning $BRANCH..." diff -r 4812378b5646 -r 6bcb1bfae08e mozilla-pkgconfig.patch --- a/mozilla-pkgconfig.patch Mon Aug 20 08:55:43 2012 +0200 +++ b/mozilla-pkgconfig.patch Fri Aug 31 20:02:19 2012 +0200 @@ -14,7 +14,7 @@ # Add pkg-config files to the install:: target +# the apilibdir always ends with 1.9 as every patch update will provide a link -+apilibdir = $(dir $(installdir))xulrunner-15 ++apilibdir = $(dir $(installdir))xulrunner-16 + pkg_config_files = \ libxul.pc \ diff -r 4812378b5646 -r 6bcb1bfae08e xulrunner/create-tar.sh --- a/xulrunner/create-tar.sh Mon Aug 20 08:55:43 2012 +0200 +++ b/xulrunner/create-tar.sh Fri Aug 31 20:02:19 2012 +0200 @@ -2,10 +2,11 @@ CHANNEL="beta" BRANCH="releases/mozilla-$CHANNEL" -RELEASE_TAG="FIREFOX_15_0b1_RELEASE" -VERSION="14.99" +RELEASE_TAG="FIREFOX_16_0b1_RELEASE" +VERSION="15.99" # mozilla +echo "cloning $BRANCH..." hg clone http://hg.mozilla.org/$BRANCH mozilla pushd mozilla [ "$RELEASE_TAG" == "default" ] || hg update -r $RELEASE_TAG @@ -15,23 +16,28 @@ echo -n "REPO=" >> ../source-stamp.txt hg showconfig paths.default 2>/dev/null | head -n1 | sed -e "s/^ssh:/http:/" >> ../source-stamp.txt popd +echo "creating archive..." tar cjf xulrunner-$VERSION-source.tar.bz2 --exclude=.hgtags --exclude=.hgignore --exclude=.hg --exclude=CVS mozilla # l10n +echo "fetching locales..." test ! -d l10n && mkdir l10n for locale in $(awk '{ print $1; }' mozilla/browser/locales/shipped-locales); do case $locale in ja-JP-mac|en-US) ;; *) + echo "fetching $locale ..." hg clone http://hg.mozilla.org/releases/l10n/mozilla-$CHANNEL/$locale l10n/$locale [ "$RELEASE_TAG" == "default" ] || hg -R l10n/$locale up -C -r $RELEASE_TAG ;; esac done +echo "creating l10n archive..." tar cjf l10n-$VERSION.tar.bz2 --exclude=.hgtags --exclude=.hgignore --exclude=.hg l10n # compare-locales +echo "creating compare-locales" hg clone http://hg.mozilla.org/build/compare-locales tar cjf compare-locales.tar.bz2 --exclude=.hgtags --exclude=.hgignore --exclude=.hg compare-locales diff -r 4812378b5646 -r 6bcb1bfae08e xulrunner/xulrunner.changes --- a/xulrunner/xulrunner.changes Mon Aug 20 08:55:43 2012 +0200 +++ b/xulrunner/xulrunner.changes Fri Aug 31 20:02:19 2012 +0200 @@ -1,7 +1,41 @@ ------------------------------------------------------------------- -Fri Jul 20 07:39:54 UTC 2012 - wr@rosenauer.org +Sun Aug 26 13:48:04 UTC 2012 - wr@rosenauer.org -- update to 15.0b1 +- update to 15.0 (bnc#777588) + * MFSA 2012-57/CVE-2012-1970 + Miscellaneous memory safety hazards + * MFSA 2012-58/CVE-2012-1972/CVE-2012-1973/CVE-2012-1974/CVE-2012-1975 + CVE-2012-1976/CVE-2012-3956/CVE-2012-3957/CVE-2012-3958/CVE-2012-3959 + CVE-2012-3960/CVE-2012-3961/CVE-2012-3962/CVE-2012-3963/CVE-2012-3964 + Use-after-free issues found using Address Sanitizer + * MFSA 2012-59/CVE-2012-1956 (bmo#756719) + Location object can be shadowed using Object.defineProperty + * MFSA 2012-60/CVE-2012-3965 (bmo#769108) + Escalation of privilege through about:newtab + * MFSA 2012-61/CVE-2012-3966 (bmo#775794, bmo#775793) + Memory corruption with bitmap format images with negative height + * MFSA 2012-62/CVE-2012-3967/CVE-2012-3968 + WebGL use-after-free and memory corruption + * MFSA 2012-63/CVE-2012-3969/CVE-2012-3970 + SVG buffer overflow and use-after-free issues + * MFSA 2012-64/CVE-2012-3971 + Graphite 2 memory corruption + * MFSA 2012-65/CVE-2012-3972 (bmo#746855) + Out-of-bounds read in format-number in XSLT + * MFSA 2012-66/CVE-2012-3973 (bmo#757128) + HTTPMonitor extension allows for remote debugging without explicit + activation + * MFSA 2012-68/CVE-2012-3975 (bmo#770684) + DOMParser loads linked resources in extensions when parsing + text/html + * MFSA 2012-69/CVE-2012-3976 (bmo#768568) + Incorrect site SSL certificate data display + * MFSA 2012-70/CVE-2012-3978 (bmo#770429) + Location object security checks bypassed by chrome code + * MFSA 2012-72/CVE-2012-3980 (bmo#771859) + Web console eval capable of executing chrome-privileged code +- fix HTML5 video crash with GStreamer enabled (bmo#761030) +- fixed filelist ------------------------------------------------------------------- Sat Jul 14 19:33:44 UTC 2012 - wr@rosenauer.org diff -r 4812378b5646 -r 6bcb1bfae08e xulrunner/xulrunner.spec --- a/xulrunner/xulrunner.spec Mon Aug 20 08:55:43 2012 +0200 +++ b/xulrunner/xulrunner.spec Fri Aug 31 20:02:19 2012 +0200 @@ -42,14 +42,14 @@ %else BuildRequires: wireless-tools %endif -BuildRequires: mozilla-nspr-devel >= 4.9.1 +BuildRequires: mozilla-nspr-devel >= 4.9.2 BuildRequires: mozilla-nss-devel >= 3.13.6 -Version: 15.98 +Version: 15.99 Release: 0 -%define releasedate 2012071800 -%define version_internal 15.0 -%define apiversion 15 -%define uaweight 1500000 +%define releasedate 2012082800 +%define version_internal 16.0 +%define apiversion 16 +%define uaweight 1600000 Summary: Mozilla Runtime Environment License: MPL-2.0 Group: Productivity/Other @@ -70,12 +70,13 @@ Source9: compare-locales.tar.bz2 Patch1: toolkit-download-folder.patch Patch2: mozilla-pkgconfig.patch +Patch3: idldir.patch Patch4: mozilla-nongnome-proxies.patch Patch5: mozilla-prefer_plugin_pref.patch Patch6: mozilla-language.patch Patch7: mozilla-ntlm-full-path.patch Patch9: mozilla-sle11.patch -Patch13: mozilla-gstreamer.patch +Patch12: mozilla-crashreporter-restart-args.patch Patch14: mozilla-ppc.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build Requires: mozilla-js = %{version} @@ -182,6 +183,7 @@ %setup -n mozilla -q -b 1 -b 9 %patch1 -p1 %patch2 -p1 +%patch3 -p1 %patch4 -p1 %patch5 -p1 %patch6 -p1 @@ -189,7 +191,7 @@ %if %suse_version < 1120 %patch9 -p1 %endif -%patch13 -p1 +%patch12 -p1 %patch14 -p1 %build @@ -452,9 +454,7 @@ %{_libdir}/xulrunner-%{version_internal}/dependentlibs.list %{_libdir}/xulrunner-%{version_internal}/mozilla-xremote-client %{_libdir}/xulrunner-%{version_internal}/plugin-container -%{_libdir}/xulrunner-%{version_internal}/run-mozilla.sh %{_libdir}/xulrunner-%{version_internal}/xulrunner -%{_libdir}/xulrunner-%{version_internal}/xulrunner-bin %{_libdir}/xulrunner-%{version_internal}/xulrunner-stub %{_libdir}/xulrunner-%{version_internal}/platform.ini %{_libdir}/xulrunner-%{version_internal}/omni.ja