# HG changeset patch # User Wolfgang Rosenauer # Date 1379185367 -7200 # Node ID efc8a8a62a09371f94f97a718c75670f78e6df74 # Parent f812ab6b56ac4662f3b277e76112272f0caebedc 17.0.9esr diff -r f812ab6b56ac -r efc8a8a62a09 MozillaFirefox/create-tar.sh --- a/MozillaFirefox/create-tar.sh Mon Jun 24 12:09:20 2013 +0200 +++ b/MozillaFirefox/create-tar.sh Sat Sep 14 21:02:47 2013 +0200 @@ -2,8 +2,8 @@ CHANNEL="esr17" BRANCH="releases/mozilla-$CHANNEL" -RELEASE_TAG="FIREFOX_17_0_7esr_RELEASE" -VERSION="17.0.7" +RELEASE_TAG="FIREFOX_17_0_9esr_RELEASE" +VERSION="17.0.9" # mozilla echo "cloning $BRANCH..." diff -r f812ab6b56ac -r efc8a8a62a09 MozillaFirefox/firefox-esr.changes --- a/MozillaFirefox/firefox-esr.changes Mon Jun 24 12:09:20 2013 +0200 +++ b/MozillaFirefox/firefox-esr.changes Sat Sep 14 21:02:47 2013 +0200 @@ -1,7 +1,47 @@ ------------------------------------------------------------------- +Wed Sep 11 18:43:15 UTC 2013 - wr@rosenauer.org + +- update to Firefox 17.0.9esr (bnc#) + +------------------------------------------------------------------- +Fri Aug 2 09:58:06 UTC 2013 - wr@rosenauer.org + +- update to Firefox 17.0.8esr (bnc#833389) + * MFSA 2013-63/CVE-2013-1701 + Miscellaneous memory safety hazards + * MFSA 2013-68/CVE-2013-1709 (bmo#838253) + Document URI misrepresentation and masquerading + * MFSA 2013-69/CVE-2013-1710 (bmo#871368) + CRMF requests allow for code execution and XSS attacks + * MFSA 2013-72/CVE-2013-1713 (bmo#887098) + Wrong principal used for validating URI for some Javascript + components + * MFSA 2013-73/CVE-2013-1714 (bmo#879787) + Same-origin bypass with web workers and XMLHttpRequest + * MFSA 2013-75/CVE-2013-1717 (bmo#406541, bmo#738397) + Local Java applets may read contents of local file system + +------------------------------------------------------------------- Wed Jun 19 21:05:21 UTC 2013 - wr@rosenauer.org -- update to Firefox 17.0.7esr (bnc#) +- update to Firefox 17.0.7esr (bnc#825935) + * MFSA 2013-49/CVE-2013-1682 + Miscellaneous memory safety hazards + * MFSA 2013-50/CVE-2013-1684/CVE-2013-1685/CVE-2013-1686 + Memory corruption found using Address Sanitizer + * MFSA 2013-51/CVE-2013-1687 (bmo#863933, bmo#866823) + Privileged content access and execution via XBL + * MFSA 2013-53/CVE-2013-1690 (bmo#857883) + Execution of unmapped memory through onreadystatechange event + * MFSA 2013-54/CVE-2013-1692 (bmo#866915) + Data in the body of XHR HEAD requests leads to CSRF attacks + * MFSA 2013-55/CVE-2013-1693 (bmo#711043) + SVG filters can lead to information disclosure + * MFSA 2013-56/CVE-2013-1694 (bmo#848535) + PreserveWrapper has inconsistent behavior + * MFSA 2013-59/CVE-2013-1697 (bmo#858101) + XrayWrappers can be bypassed to run user defined methods in a + privileged context ------------------------------------------------------------------- Fri May 10 11:44:50 UTC 2013 - wr@rosenauer.org diff -r f812ab6b56ac -r efc8a8a62a09 MozillaFirefox/firefox-esr.spec --- a/MozillaFirefox/firefox-esr.spec Mon Jun 24 12:09:20 2013 +0200 +++ b/MozillaFirefox/firefox-esr.spec Sat Sep 14 21:02:47 2013 +0200 @@ -18,7 +18,7 @@ %define major 17 -%define mainver %major.0.7 +%define mainver %major.0.9 %define update_channel release Name: firefox-esr @@ -54,7 +54,7 @@ %endif Version: %{mainver} Release: 0 -%define releasedate 2013061900 +%define releasedate 2013091000 Provides: firefox-esr = %{mainver} Provides: web_browser Provides: browser(npapi) diff -r f812ab6b56ac -r efc8a8a62a09 ppc-xpcshell.patch --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/ppc-xpcshell.patch Sat Sep 14 21:02:47 2013 +0200 @@ -0,0 +1,71 @@ +Index: mozilla/js/src/gc/Heap.h +=================================================================== +--- mozilla.orig/js/src/gc/Heap.h ++++ mozilla/js/src/gc/Heap.h +@@ -110,19 +110,22 @@ struct Cell + */ + #if defined(SOLARIS) && (defined(__sparc) || defined(__sparcv9)) + const size_t PageShift = 13; ++const size_t ArenaShift = PageShift; ++#elif defined(__powerpc__) ++const size_t PageShift = 16; ++const size_t ArenaShift = 12; + #else + const size_t PageShift = 12; ++const size_t ArenaShift = PageShift; + #endif + const size_t PageSize = size_t(1) << PageShift; ++const size_t ArenaSize = size_t(1) << ArenaShift; ++const size_t ArenaMask = ArenaSize - 1; + + const size_t ChunkShift = 20; + const size_t ChunkSize = size_t(1) << ChunkShift; + const size_t ChunkMask = ChunkSize - 1; + +-const size_t ArenaShift = PageShift; +-const size_t ArenaSize = PageSize; +-const size_t ArenaMask = ArenaSize - 1; +- + /* + * This is the maximum number of arenas we allow in the FreeCommitted state + * before we trigger a GC_SHRINK to release free arenas to the OS. +Index: mozilla/js/src/gc/Memory.cpp +=================================================================== +--- mozilla.orig/js/src/gc/Memory.cpp ++++ mozilla/js/src/gc/Memory.cpp +@@ -15,6 +15,15 @@ + namespace js { + namespace gc { + ++/* Unused memory decommiting requires the arena size match the page size. */ ++extern const size_t PageSize; ++extern const size_t ArenaSize; ++static bool ++DecommitEnabled() ++{ ++ return PageSize == ArenaSize; ++} ++ + #if defined(XP_WIN) + #include "jswin.h" + #include +@@ -83,6 +92,9 @@ UnmapPages(void *p, size_t size) + bool + MarkPagesUnused(void *p, size_t size) + { ++ if (!DecommitEnabled()) ++ return false; ++ + JS_ASSERT(uintptr_t(p) % PageSize == 0); + LPVOID p2 = VirtualAlloc(p, size, MEM_RESET, PAGE_READWRITE); + return p2 == p; +@@ -352,6 +364,9 @@ UnmapPages(void *p, size_t size) + bool + MarkPagesUnused(void *p, size_t size) + { ++ if (!DecommitEnabled()) ++ return false; ++ + JS_ASSERT(uintptr_t(p) % PageSize == 0); + int result = madvise(p, size, MADV_DONTNEED); + return result != -1; diff -r f812ab6b56ac -r efc8a8a62a09 series --- a/series Mon Jun 24 12:09:20 2013 +0200 +++ b/series Sat Sep 14 21:02:47 2013 +0200 @@ -22,6 +22,7 @@ mozilla-gcc43-enums.patch mozilla-gcc43-template_hacks.patch mozilla-gcc43-templates_instantiation.patch +ppc-xpcshell.patch #mozilla-disable-neon-option.patch # Firefox patches diff -r f812ab6b56ac -r efc8a8a62a09 xulrunner/create-tar.sh --- a/xulrunner/create-tar.sh Mon Jun 24 12:09:20 2013 +0200 +++ b/xulrunner/create-tar.sh Sat Sep 14 21:02:47 2013 +0200 @@ -2,8 +2,8 @@ CHANNEL="esr17" BRANCH="releases/mozilla-$CHANNEL" -RELEASE_TAG="FIREFOX_17_0_7esr_RELEASE" -VERSION="17.0.7" +RELEASE_TAG="FIREFOX_17_0_9esr_RELEASE" +VERSION="17.0.9" # mozilla echo "cloning $BRANCH..." diff -r f812ab6b56ac -r efc8a8a62a09 xulrunner/ppc-xpcshell.patch --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/xulrunner/ppc-xpcshell.patch Sat Sep 14 21:02:47 2013 +0200 @@ -0,0 +1,1 @@ +../ppc-xpcshell.patch \ No newline at end of file diff -r f812ab6b56ac -r efc8a8a62a09 xulrunner/xulrunner-esr.changes --- a/xulrunner/xulrunner-esr.changes Mon Jun 24 12:09:20 2013 +0200 +++ b/xulrunner/xulrunner-esr.changes Sat Sep 14 21:02:47 2013 +0200 @@ -1,7 +1,52 @@ ------------------------------------------------------------------- -Fri Jun 21 05:49:37 UTC 2013 - wr@rosenauer.org +Thu Sep 12 10:07:45 UTC 2013 - wr@rosenauer.org + +- update to 17.0.9esr (bnc#) + +------------------------------------------------------------------- +Fri Aug 2 11:51:23 UTC 2013 - wr@rosenauer.org + +- update to 17.0.8esr (bnc#833389) + * MFSA 2013-63/CVE-2013-1701 + Miscellaneous memory safety hazards + * MFSA 2013-68/CVE-2013-1709 (bmo#838253) + Document URI misrepresentation and masquerading + * MFSA 2013-69/CVE-2013-1710 (bmo#871368) + CRMF requests allow for code execution and XSS attacks + * MFSA 2013-72/CVE-2013-1713 (bmo#887098) + Wrong principal used for validating URI for some Javascript + components + * MFSA 2013-73/CVE-2013-1714 (bmo#879787) + Same-origin bypass with web workers and XMLHttpRequest + * MFSA 2013-75/CVE-2013-1717 (bmo#406541, bmo#738397) + Local Java applets may read contents of local file system + +------------------------------------------------------------------- +Mon Jun 24 15:26:27 UTC 2013 - wr@rosenauer.org - update to 17.0.7esr (bnc#825935) + * MFSA 2013-49/CVE-2013-1682 + Miscellaneous memory safety hazards + * MFSA 2013-50/CVE-2013-1684/CVE-2013-1685/CVE-2013-1686 + Memory corruption found using Address Sanitizer + * MFSA 2013-51/CVE-2013-1687 (bmo#863933, bmo#866823) + Privileged content access and execution via XBL + * MFSA 2013-53/CVE-2013-1690 (bmo#857883) + Execution of unmapped memory through onreadystatechange event + * MFSA 2013-54/CVE-2013-1692 (bmo#866915) + Data in the body of XHR HEAD requests leads to CSRF attacks + * MFSA 2013-55/CVE-2013-1693 (bmo#711043) + SVG filters can lead to information disclosure + * MFSA 2013-56/CVE-2013-1694 (bmo#848535) + PreserveWrapper has inconsistent behavior + * MFSA 2013-59/CVE-2013-1697 (bmo#858101) + XrayWrappers can be bypassed to run user defined methods in a + privileged context + +------------------------------------------------------------------- +Tue Jun 4 16:24:51 UTC 2013 - dvaleev@suse.com + +- Fix build on powerpc (ppc-xpcshell.patch) ------------------------------------------------------------------- Fri May 10 17:27:58 UTC 2013 - wr@rosenauer.org diff -r f812ab6b56ac -r efc8a8a62a09 xulrunner/xulrunner-esr.spec --- a/xulrunner/xulrunner-esr.spec Mon Jun 24 12:09:20 2013 +0200 +++ b/xulrunner/xulrunner-esr.spec Sat Sep 14 21:02:47 2013 +0200 @@ -44,12 +44,12 @@ %endif BuildRequires: mozilla-nspr-devel >= 4.9.5 BuildRequires: mozilla-nss-devel >= 3.14.3 -Version: 17.0.7 +Version: 17.0.9 Release: 0 -%define releasedate 2013062000 -%define version_internal 17.0.7 +%define releasedate 2013091000 +%define version_internal 17.0.9 %define apiversion 17 -%define uaweight 1700007 +%define uaweight 1700009 Summary: Mozilla Runtime Environment License: MPL-2.0 Group: Productivity/Other @@ -83,6 +83,7 @@ Patch20: mozilla-gcc43-enums.patch Patch21: mozilla-gcc43-template_hacks.patch Patch22: mozilla-gcc43-templates_instantiation.patch +Patch23: ppc-xpcshell.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build Requires: mozilla-js = %{version} Requires(post): update-alternatives coreutils @@ -203,6 +204,7 @@ %patch21 -p1 %patch22 -p1 %endif +%patch23 -p1 %build # no need to add build time to binaries diff -r f812ab6b56ac -r efc8a8a62a09 xulrunner/xulrunner.changes --- a/xulrunner/xulrunner.changes Mon Jun 24 12:09:20 2013 +0200 +++ b/xulrunner/xulrunner.changes Sat Sep 14 21:02:47 2013 +0200 @@ -1,7 +1,52 @@ ------------------------------------------------------------------- -Fri Jun 21 05:49:58 UTC 2013 - wr@rosenauer.org +Thu Sep 12 10:06:08 UTC 2013 - wr@rosenauer.org + +- update to 17.0.9esr (bnc#) + +------------------------------------------------------------------- +Fri Aug 2 10:56:43 UTC 2013 - wr@rosenauer.org + +- update to 17.0.8esr (bnc#833389) + * MFSA 2013-63/CVE-2013-1701 + Miscellaneous memory safety hazards + * MFSA 2013-68/CVE-2013-1709 (bmo#838253) + Document URI misrepresentation and masquerading + * MFSA 2013-69/CVE-2013-1710 (bmo#871368) + CRMF requests allow for code execution and XSS attacks + * MFSA 2013-72/CVE-2013-1713 (bmo#887098) + Wrong principal used for validating URI for some Javascript + components + * MFSA 2013-73/CVE-2013-1714 (bmo#879787) + Same-origin bypass with web workers and XMLHttpRequest + * MFSA 2013-75/CVE-2013-1717 (bmo#406541, bmo#738397) + Local Java applets may read contents of local file system + +------------------------------------------------------------------- +Mon Jun 24 15:26:27 UTC 2013 - wr@rosenauer.org - update to 17.0.7esr (bnc#825935) + * MFSA 2013-49/CVE-2013-1682 + Miscellaneous memory safety hazards + * MFSA 2013-50/CVE-2013-1684/CVE-2013-1685/CVE-2013-1686 + Memory corruption found using Address Sanitizer + * MFSA 2013-51/CVE-2013-1687 (bmo#863933, bmo#866823) + Privileged content access and execution via XBL + * MFSA 2013-53/CVE-2013-1690 (bmo#857883) + Execution of unmapped memory through onreadystatechange event + * MFSA 2013-54/CVE-2013-1692 (bmo#866915) + Data in the body of XHR HEAD requests leads to CSRF attacks + * MFSA 2013-55/CVE-2013-1693 (bmo#711043) + SVG filters can lead to information disclosure + * MFSA 2013-56/CVE-2013-1694 (bmo#848535) + PreserveWrapper has inconsistent behavior + * MFSA 2013-59/CVE-2013-1697 (bmo#858101) + XrayWrappers can be bypassed to run user defined methods in a + privileged context + +------------------------------------------------------------------- +Tue Jun 4 16:24:51 UTC 2013 - dvaleev@suse.com + +- Fix build on powerpc (ppc-xpcshell.patch) ------------------------------------------------------------------- Fri May 10 17:27:23 UTC 2013 - wr@rosenauer.org diff -r f812ab6b56ac -r efc8a8a62a09 xulrunner/xulrunner.spec --- a/xulrunner/xulrunner.spec Mon Jun 24 12:09:20 2013 +0200 +++ b/xulrunner/xulrunner.spec Sat Sep 14 21:02:47 2013 +0200 @@ -44,12 +44,12 @@ %endif BuildRequires: mozilla-nspr-devel >= 4.9.5 BuildRequires: mozilla-nss-devel >= 3.14.3 -Version: 17.0.7 +Version: 17.0.9 Release: 0 -%define releasedate 2013062000 -%define version_internal 17.0.7 +%define releasedate 2013091000 +%define version_internal 17.0.9 %define apiversion 17 -%define uaweight 1700007 +%define uaweight 1700009 Summary: Mozilla Runtime Environment License: MPL-2.0 Group: Productivity/Other @@ -81,6 +81,7 @@ Patch20: mozilla-gcc43-enums.patch Patch21: mozilla-gcc43-template_hacks.patch Patch22: mozilla-gcc43-templates_instantiation.patch +Patch23: ppc-xpcshell.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build Requires: mozilla-js = %{version} Requires(post): update-alternatives coreutils @@ -201,6 +202,7 @@ %patch21 -p1 %patch22 -p1 %endif +%patch23 -p1 %build # no need to add build time to binaries