# HG changeset patch
# User Wolfgang Rosenauer <wr@rosenauer.org>
# Date 1350310120 -7200
# Node ID 9069817b5cacd8f274a0523f635a29c240ae94b8
# Parent  a30fcfcd2e53c4db1a09cea433ef04342d02fa3b
Firefox 17.0b1 release

diff -r a30fcfcd2e53 -r 9069817b5cac MozillaFirefox/MozillaFirefox.changes
--- a/MozillaFirefox/MozillaFirefox.changes	Tue Oct 09 13:43:09 2012 +0200
+++ b/MozillaFirefox/MozillaFirefox.changes	Mon Oct 15 16:08:40 2012 +0200
@@ -1,19 +1,59 @@
 -------------------------------------------------------------------
-Thu Oct  4 04:51:23 UTC 2012 - wr@rosenauer.org
-
-- update to Aurora 17 (20121003)
+Mon Oct 15 14:07:12 UTC 2012 - wr@rosenauer.org
+
+- update to Firefox 17.0b1
 - use internal NSPR for now (bmo#776877)
 
 -------------------------------------------------------------------
-Thu Sep 27 18:20:18 UTC 2012 - wr@rosenauer.org
-
-- update to Firefox 16.0b5
+Thu Oct 11 01:51:16 UTC 2012 - wr@rosenauer.org
+
+- update to Firefox 16.0.1 (bnc#783533)
+  * MFSA 2012-88/CVE-2012-4191 (bmo#798045)
+    Miscellaneous memory safety hazards
+  * MFSA 2012-89/CVE-2012-4192/CVE-2012-4193 (bmo#799952, bmo#720619)
+    defaultValue security checks not applied
+
+-------------------------------------------------------------------
+Sun Oct  7 21:40:14 UTC 2012 - wr@rosenauer.org
+
+- update to Firefox 16.0 (bnc#783533)
+  * MFSA 2012-74/CVE-2012-3982/CVE-2012-3983
+    Miscellaneous memory safety hazards
+  * MFSA 2012-75/CVE-2012-3984 (bmo#575294)
+    select element persistance allows for attacks
+  * MFSA 2012-76/CVE-2012-3985 (bmo#655649)
+    Continued access to initial origin after setting document.domain
+  * MFSA 2012-77/CVE-2012-3986 (bmo#775868)
+    Some DOMWindowUtils methods bypass security checks
+  * MFSA 2012-79/CVE-2012-3988 (bmo#725770)
+    DOS and crash with full screen and history navigation
+  * MFSA 2012-80/CVE-2012-3989 (bmo#783867)
+    Crash with invalid cast when using instanceof operator
+  * MFSA 2012-81/CVE-2012-3991 (bmo#783260)
+    GetProperty function can bypass security checks
+  * MFSA 2012-82/CVE-2012-3994 (bmo#765527)
+    top object and location property accessible by plugins
+  * MFSA 2012-83/CVE-2012-3993/CVE-2012-4184 (bmo#768101, bmo#780370)
+    Chrome Object Wrapper (COW) does not disallow acces to privileged
+    functions or properties
+  * MFSA 2012-84/CVE-2012-3992 (bmo#775009)
+    Spoofing and script injection through location.hash
+  * MFSA 2012-85/CVE-2012-3995/CVE-2012-4179/CVE-2012-4180/
+    CVE-2012-4181/CVE-2012-4182/CVE-2012-4183
+    Use-after-free, buffer overflow, and out of bounds read issues
+    found using Address Sanitizer
+  * MFSA 2012-86/CVE-2012-4185/CVE-2012-4186/CVE-2012-4187/
+    CVE-2012-4188
+    Heap memory corruption issues found using Address Sanitizer
+  * MFSA 2012-87/CVE-2012-3990 (bmo#787704)
+    Use-after-free in the IME State Manager
 - requires NSPR 4.9.2
 - improve GStreamer integration (bmo#760140)
 - removed upstreamed mozilla-crashreporter-restart-args.patch
 - webapprt now included
 - use kmozillahelper's new REVEAL command (bnc#777415)
   (requires mozilla-kde4-integration >= 0.6.4)
+- updated translations-other with new languages
 
 -------------------------------------------------------------------
 Mon Sep 10 19:37:56 UTC 2012 - wr@rosenauer.org
diff -r a30fcfcd2e53 -r 9069817b5cac MozillaFirefox/MozillaFirefox.spec
--- a/MozillaFirefox/MozillaFirefox.spec	Tue Oct 09 13:43:09 2012 +0200
+++ b/MozillaFirefox/MozillaFirefox.spec	Mon Oct 15 16:08:40 2012 +0200
@@ -18,8 +18,8 @@
 
 
 %define major 16
-%define mainver %major.98
-%define update_channel aurora
+%define mainver %major.99
+%define update_channel beta
 
 Name:           MozillaFirefox
 BuildRequires:  Mesa-devel
@@ -54,7 +54,7 @@
 %endif
 Version:        %{mainver}
 Release:        0
-%define         releasedate 2012100300
+%define         releasedate 2012100900
 Provides:       firefox = %{mainver}
 Provides:       firefox = %{version}-%{release}
 Provides:       web_browser
@@ -94,10 +94,10 @@
 Patch9:         mozilla-repo.patch
 Patch10:        mozilla-sle11.patch
 Patch11:        mozilla-disable-neon-option.patch
-Patch13:        mozilla-arm-disable-edsp.patch
-Patch15:        mozilla-gstreamer.patch
-Patch16:        mozilla-ppc.patch
-Patch17:        mozilla-gstreamer-760140.patch
+Patch12:        mozilla-arm-disable-edsp.patch
+Patch13:        mozilla-gstreamer.patch
+Patch14:        mozilla-ppc.patch
+Patch15:        mozilla-gstreamer-760140.patch
 # Firefox/browser
 Patch30:        firefox-browser-css.patch
 Patch31:        firefox-kde.patch
@@ -126,7 +126,7 @@
 %define desktop_file_name %{name}
 %endif
 ### build options
-%define branding 0
+%define branding 1
 %define localize 1
 %ifarch ppc ppc64 s390 s390x ia64 %arm
 %define crashreporter 0
@@ -223,10 +223,10 @@
 %patch10 -p1
 %endif
 #%patch11 -p1
+%patch12 -p1
 %patch13 -p1
+%patch14 -p1
 %patch15 -p1
-%patch16 -p1
-%patch17 -p1
 #
 %patch30 -p1
 %if %suse_version >= 1110
diff -r a30fcfcd2e53 -r 9069817b5cac MozillaFirefox/create-tar.sh
--- a/MozillaFirefox/create-tar.sh	Tue Oct 09 13:43:09 2012 +0200
+++ b/MozillaFirefox/create-tar.sh	Mon Oct 15 16:08:40 2012 +0200
@@ -1,9 +1,9 @@
 #!/bin/bash
 
-CHANNEL="aurora"
+CHANNEL="beta"
 BRANCH="releases/mozilla-$CHANNEL"
-RELEASE_TAG="default"
-VERSION="16.98"
+RELEASE_TAG="FIREFOX_17_0b1_RELEASE"
+VERSION="16.99"
 
 # mozilla
 echo "cloning $BRANCH..."
diff -r a30fcfcd2e53 -r 9069817b5cac firefox-kde.patch
--- a/firefox-kde.patch	Tue Oct 09 13:43:09 2012 +0200
+++ b/firefox-kde.patch	Mon Oct 15 16:08:40 2012 +0200
@@ -2,7 +2,7 @@
 new file mode 100644
 --- /dev/null
 +++ b/browser/base/content/browser-kde.xul
-@@ -0,0 +1,1264 @@
+@@ -0,0 +1,1261 @@
 +#filter substitution
 +<?xml version="1.0"?>
 +# -*- Mode: HTML -*-
@@ -221,7 +221,7 @@
 +      </hbox>
 +    </panel>
 +
-+    <panel id="editSharePopup"
++    <panel id="unsharePopup"
 +           type="arrow"
 +           orient="vertical"
 +           ignorekeys="true"
@@ -229,54 +229,54 @@
 +           onpopupshown="SocialShareButton.panelShown(event);"
 +           consumeoutsideclicks="true"
 +           level="top">
-+      <row id="editSharePopupHeader" align="center">
++      <!-- Note that 'label', 'accesskey', 'value' and 'aria-label' attributes
++           for many of these elements are supplied by the provider and filled
++           in at runtime
++      -->
++      <row id="unsharePopupHeader" align="center">
 +        <vbox align="center">
-+          <image id="socialUserPortrait" onclick="SocialUI.showProfile();"
-+                 aria-label="&social.sharePopup.portrait.arialabel;"/>
++          <image id="socialUserPortrait" onclick="SocialUI.showProfile();"/>
 +        </vbox>
-+        <vbox id="editSharePopupText">
-+          <button id="socialUserDisplayName"
++        <vbox id="unsharePopupText">
++          <button id="socialUserDisplayName" pack="start"
 +                  oncommand="SocialUI.showProfile();"/>
 +          <spacer flex="1"/>
-+          <label id="socialUserRecommendedText"
-+                 value="&social.sharePopup.shared.label;"/>
++          <label id="socialUserRecommendedText"/>
 +        </vbox>
 +      </row>
-+      <hbox id="editSharePopupBottomButtons" pack="end">
++      <hbox id="unsharePopupBottomButtons" pack="end">
 +#ifdef XP_UNIX
-+        <button id="editSharePopupUndoButton"
-+                class="editSharePopupBottomButton"
-+                label="&social.sharePopup.undo.label;"
-+                accesskey="&social.sharePopup.undo.accesskey;"
++        <button id="unsharePopupStopSharingButton"
++                class="unsharePopupBottomButton"
 +                command="Social:UnsharePage"/>
-+        <button id="editSharePopupOkButton"
-+                class="editSharePopupBottomButton"
++        <button id="unsharePopupContinueSharingButton"
++                class="unsharePopupBottomButton"
 +                default="true"
 +                autofocus="autofocus"
-+                label="&social.ok.label;"
-+                accesskey="&social.ok.accesskey;"
-+                oncommand="SocialShareButton.dismissSharePopup();"/>
++                oncommand="SocialShareButton.dismissUnsharePopup();"/>
 +#else
-+        <button id="editSharePopupOkButton"
-+                class="editSharePopupBottomButton"
++        <button id="unsharePopupContinueSharingButton"
++                class="unsharePopupBottomButton"
 +                default="true"
 +                autofocus="autofocus"
-+                label="&social.ok.label;"
-+                accesskey="&social.ok.accesskey;"
-+                oncommand="SocialShareButton.dismissSharePopup();"/>
-+        <button id="editSharePopupUndoButton"
-+                class="editSharePopupBottomButton"
-+                label="&social.sharePopup.undo.label;"
-+                accesskey="&social.sharePopup.undo.accesskey;"
++                oncommand="SocialShareButton.dismissUnsharePopup();"/>
++        <button id="unsharePopupStopSharingButton"
++                class="unsharePopupBottomButton"
 +                command="Social:UnsharePage"/>
 +#endif
 +      </hbox>
 +    </panel>
 +
-+    <panel id="social-notification-panel" type="arrow" hidden="true" noautofocus="true">
++    <panel id="social-notification-panel"
++           class="social-panel"
++           type="arrow"
++           hidden="true"
++           consumeoutsideclicks="true"
++           noautofocus="true">
 +      <box id="social-notification-box" flex="1"></box>
 +    </panel>
 +    <panel id="social-flyout-panel"
++           class="social-panel"
 +           onpopupshown="SocialFlyout.onShown()"
 +           onpopuphidden="SocialFlyout.onHidden()"
 +           side="right"
@@ -669,35 +669,32 @@
 +                     onclick="BrowserGoHome(event);"
 +                     aboutHomeOverrideTooltip="&abouthome.pageTitle;"/>
 +
-+      <toolbaritem id="social-toolbar-button"
-+                   class="toolbarbutton-1 chromeclass-toolbar-additional"
++      <toolbaritem id="social-toolbar-item"
++                   class="chromeclass-toolbar-additional"
 +                   removable="false"
-+                   pack="center"
 +                   title="&socialToolbar.title;"
 +                   hidden="true">
-+        <hbox id="social-toolbar-button-box" class="social-statusarea-container">
-+          <button id="social-provider-image" type="menu">
-+            <menupopup id="social-statusarea-popup">
-+              <hbox id="social-statusarea-user" pack="left" align="center">
-+                <image id="social-statusarea-user-portrait"/>
-+                <vbox>
-+                  <label id="social-statusarea-notloggedin"
-+                         value="&social.notLoggedIn.label;"/>
-+                  <button id="social-statusarea-username"
-+                          oncommand="SocialUI.showProfile(); document.getElementById('social-statusarea-popup').hidePopup();"/>
-+                </vbox>
-+              </hbox>
-+              <menuitem id="social-toggle-sidebar-menuitem"
-+                        type="checkbox"
-+                        autocheck="false"
-+                        command="Social:ToggleSidebar"
-+                        label="&social.toggleSidebar.label;"
-+                        accesskey="&social.toggleSidebar.accesskey;"/>
-+            </menupopup>
-+          </button>
-+          <hbox id="social-status-iconbox" flex="1">
-+          </hbox>
-+        </hbox>
++        <toolbarbutton id="social-provider-button"
++                       class="toolbarbutton-1"
++                       type="menu">
++          <menupopup id="social-statusarea-popup">
++            <hbox id="social-statusarea-user" pack="start" align="center"
++                  onclick="SocialUI.showProfile(); document.getElementById('social-statusarea-popup').hidePopup();">
++              <image id="social-statusarea-user-portrait"/>
++              <vbox>
++                <button id="social-statusarea-notloggedin"
++                        class="link" label="&social.notLoggedIn.label;"/>
++                <button id="social-statusarea-username" class="link"/>
++              </vbox>
++            </hbox>
++            <menuitem id="social-toggle-sidebar-menuitem"
++                      type="checkbox"
++                      autocheck="false"
++                      command="Social:ToggleSidebar"
++                      label="&social.toggleSidebar.label;"
++                      accesskey="&social.toggleSidebar.accesskey;"/>
++          </menupopup>
++        </toolbarbutton>
 +      </toolbaritem>
 +
 +      <toolbaritem id="bookmarks-menu-button-container"
@@ -1270,12 +1267,12 @@
 diff --git a/browser/base/jar.mn b/browser/base/jar.mn
 --- a/browser/base/jar.mn
 +++ b/browser/base/jar.mn
-@@ -35,16 +35,18 @@ browser.jar:
-         content/browser/abouthome/restore-large.png   (content/abouthome/restore-large.png)
+@@ -36,16 +36,18 @@ browser.jar:
          content/browser/abouthome/mozilla.png         (content/abouthome/mozilla.png)
          content/browser/abouthome/noise.png           (content/abouthome/noise.png)
          content/browser/aboutRobots-icon.png          (content/aboutRobots-icon.png)
          content/browser/aboutRobots-widget-left.png   (content/aboutRobots-widget-left.png)
+         content/browser/aboutSocialError.xhtml        (content/aboutSocialError.xhtml)
  *       content/browser/browser.css                   (content/browser.css)
  *       content/browser/browser.js                    (content/browser.js)
  *       content/browser/browser.xul                   (content/browser.xul)
diff -r a30fcfcd2e53 -r 9069817b5cac xulrunner/create-tar.sh
--- a/xulrunner/create-tar.sh	Tue Oct 09 13:43:09 2012 +0200
+++ b/xulrunner/create-tar.sh	Mon Oct 15 16:08:40 2012 +0200
@@ -1,9 +1,9 @@
 #!/bin/bash
 
-CHANNEL="aurora"
+CHANNEL="beta"
 BRANCH="releases/mozilla-$CHANNEL"
-RELEASE_TAG="default"
-VERSION="16.98"
+RELEASE_TAG="FIREFOX_17_0b1_RELEASE"
+VERSION="16.99"
 
 # mozilla
 echo "cloning $BRANCH..."
diff -r a30fcfcd2e53 -r 9069817b5cac xulrunner/xulrunner.changes
--- a/xulrunner/xulrunner.changes	Tue Oct 09 13:43:09 2012 +0200
+++ b/xulrunner/xulrunner.changes	Mon Oct 15 16:08:40 2012 +0200
@@ -1,7 +1,49 @@
 -------------------------------------------------------------------
-Tue Sep 11 09:26:09 UTC 2012 - wr@rosenauer.org
+Thu Oct 11 01:50:19 UTC 2012 - wr@rosenauer.org
+
+- update to 16.0.1 (bnc#783533)
+  * MFSA 2012-88/CVE-2012-4191 (bmo#798045)
+    Miscellaneous memory safety hazards
+  * MFSA 2012-89/CVE-2012-4192/CVE-2012-4193 (bmo#799952, bmo#720619)
+    defaultValue security checks not applied
+
+-------------------------------------------------------------------
+Sun Oct  7 21:41:01 UTC 2012 - wr@rosenauer.org
 
-- update to 16.0b2
+- update to 16.0 (bnc#783533)
+  * MFSA 2012-74/CVE-2012-3982/CVE-2012-3983
+    Miscellaneous memory safety hazards
+  * MFSA 2012-75/CVE-2012-3984 (bmo#575294)
+    select element persistance allows for attacks
+  * MFSA 2012-76/CVE-2012-3985 (bmo#655649)
+    Continued access to initial origin after setting document.domain
+  * MFSA 2012-77/CVE-2012-3986 (bmo#775868)
+    Some DOMWindowUtils methods bypass security checks
+  * MFSA 2012-79/CVE-2012-3988 (bmo#725770)
+    DOS and crash with full screen and history navigation
+  * MFSA 2012-80/CVE-2012-3989 (bmo#783867)
+    Crash with invalid cast when using instanceof operator
+  * MFSA 2012-81/CVE-2012-3991 (bmo#783260)
+    GetProperty function can bypass security checks
+  * MFSA 2012-82/CVE-2012-3994 (bmo#765527)
+    top object and location property accessible by plugins
+  * MFSA 2012-83/CVE-2012-3993/CVE-2012-4184 (bmo#768101, bmo#780370)
+    Chrome Object Wrapper (COW) does not disallow acces to privileged
+    functions or properties
+  * MFSA 2012-84/CVE-2012-3992 (bmo#775009)
+    Spoofing and script injection through location.hash
+  * MFSA 2012-85/CVE-2012-3995/CVE-2012-4179/CVE-2012-4180/
+    CVE-2012-4181/CVE-2012-4182/CVE-2012-4183
+    Use-after-free, buffer overflow, and out of bounds read issues
+    found using Address Sanitizer
+  * MFSA 2012-86/CVE-2012-4185/CVE-2012-4186/CVE-2012-4187/
+    CVE-2012-4188
+    Heap memory corruption issues found using Address Sanitizer
+  * MFSA 2012-87/CVE-2012-3990 (bmo#787704)
+    Use-after-free in the IME State Manager
+- requires NSPR 4.9.2
+- removed upstreamed mozilla-crashreporter-restart-args.patch
+- updated translations-other with new languages
 
 -------------------------------------------------------------------
 Sun Aug 26 13:48:04 UTC 2012 - wr@rosenauer.org
diff -r a30fcfcd2e53 -r 9069817b5cac xulrunner/xulrunner.spec
--- a/xulrunner/xulrunner.spec	Tue Oct 09 13:43:09 2012 +0200
+++ b/xulrunner/xulrunner.spec	Mon Oct 15 16:08:40 2012 +0200
@@ -44,9 +44,9 @@
 %endif
 BuildRequires:  mozilla-nspr-devel >= 4.9.2
 BuildRequires:  mozilla-nss-devel >= 3.13.6
-Version:        16.98
+Version:        16.99
 Release:        0
-%define         releasedate 2012091000
+%define         releasedate 2012101100
 %define         version_internal 17.0
 %define         apiversion 17
 %define         uaweight 1700000
@@ -156,7 +156,7 @@
 Summary:        Extra translations for XULRunner
 Group:          System/Localization
 Requires:       %{name} = %{version}
-Provides:       locale(%{name}:af;ak;as;ast;be;bg;bn_BD;bn_IN;br;bs;csb;cy;el;en_ZA;eo;es_MX;et;eu;fa;fy_NL;ga_IE;gd;gl;gu_IN;he;hi_IN;hr;hy_AM;id;is;kk;kn;ku;lg;lij;lt;lv;mai;mk;ml;mn;mr;nn_NO;nso;or;pa_IN;rm;ro;si;sk;sl;son;sq;sr;sw;ta;ta_LK;te;th;tr;uk;vi;zu)
+Provides:       locale(%{name}:ach;af;ak;as;ast;be;bg;bn_BD;bn_IN;br;bs;csb;cy;el;en_ZA;eo;es_MX;et;eu;fa;ff;fy_NL;ga_IE;gd;gl;gu_IN;he;hi_IN;hr;hy_AM;id;is;kk;km;kn;ku;lg;lij;lt;lv;mai;mk;ml;mr;nn_NO;nso;or;pa_IN;rm;ro;si;sk;sl;son;sq;sr;ta;ta_LK;te;th;tr;uk;vi;zu)
 Obsoletes:      %{name}-translations < %{version}-%{release}
 
 %description translations-other