--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/xulrunner/_constraints Sat Sep 28 13:21:55 2013 +0200
@@ -0,0 +1,11 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<constraints>
+ <hardware>
+ <disk>
+ <size unit="G">9</size>
+ </disk>
+ <memory>
+ <size unit="M">3500</size>
+ </memory>
+ </hardware>
+</constraints>
--- a/xulrunner/create-tar.sh Wed Sep 18 16:26:48 2013 +0200
+++ b/xulrunner/create-tar.sh Sat Sep 28 13:21:55 2013 +0200
@@ -1,14 +1,33 @@
#!/bin/bash
-CHANNEL="beta"
+CHANNEL="release"
BRANCH="releases/mozilla-$CHANNEL"
-RELEASE_TAG="FIREFOX_18_0b2_RELEASE"
-VERSION="17.99"
+RELEASE_TAG="FIREFOX_24_0_RELEASE"
+VERSION="24.0"
# mozilla
-echo "cloning $BRANCH..."
-hg clone http://hg.mozilla.org/$BRANCH mozilla
+if [ -d mozilla ]; then
+ pushd mozilla
+ _repourl=$(hg paths)
+ case "$_repourl" in
+ *$BRANCH*)
+ echo "updating previous tree"
+ hg pull
+ popd
+ ;;
+ * )
+ echo "removing obsolete tree"
+ popd
+ rm -rf mozilla
+ ;;
+ esac
+fi
+if [ ! -d mozilla ]; then
+ echo "cloning new $BRANCH..."
+ hg clone http://hg.mozilla.org/$BRANCH mozilla
+fi
pushd mozilla
+hg update --check
[ "$RELEASE_TAG" == "default" ] || hg update -r $RELEASE_TAG
# get repo and source stamp
echo -n "REV=" > ../source-stamp.txt
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/xulrunner/mozilla-libproxy-compat.patch Sat Sep 28 13:21:55 2013 +0200
@@ -0,0 +1,1 @@
+../mozilla-libproxy-compat.patch
\ No newline at end of file
--- a/xulrunner/xulrunner.changes Wed Sep 18 16:26:48 2013 +0200
+++ b/xulrunner/xulrunner.changes Sat Sep 28 13:21:55 2013 +0200
@@ -1,3 +1,186 @@
+-------------------------------------------------------------------
+Wed Sep 18 14:39:34 UTC 2013 - wr@rosenauer.org
+
+- update to 24.0 (bnc#840485)
+ * MFSA 2013-76/CVE-2013-1718/CVE-2013-1719
+ Miscellaneous memory safety hazards
+ * MFSA 2013-77/CVE-2013-1720 (bmo#888820)
+ Improper state in HTML5 Tree Builder with templates
+ * MFSA 2013-78/CVE-2013-1721 (bmo#890277)
+ Integer overflow in ANGLE library
+ * MFSA 2013-79/CVE-2013-1722 (bmo#893308)
+ Use-after-free in Animation Manager during stylesheet cloning
+ * MFSA 2013-80/CVE-2013-1723 (bmo#891292)
+ NativeKey continues handling key messages after widget is destroyed
+ * MFSA 2013-81/CVE-2013-1724 (bmo#894137)
+ Use-after-free with select element
+ * MFSA 2013-82/CVE-2013-1725 (bmo#876762)
+ Calling scope for new Javascript objects can lead to memory corruption
+ * MFSA 2013-85/CVE-2013-1728 (bmo#883686)
+ Uninitialized data in IonMonkey
+ * MFSA 2013-88/CVE-2013-1730 (bmo#851353)
+ Compartment mismatch re-attaching XBL-backed nodes
+ * MFSA 2013-89/CVE-2013-1732 (bmo#883514)
+ Buffer overflow with multi-column, lists, and floats
+ * MFSA 2013-90/CVE-2013-1735/CVE-2013-1736 (bmo#898871, bmo#906301)
+ Memory corruption involving scrolling
+ * MFSA 2013-91/CVE-2013-1737 (bmo#907727)
+ User-defined properties on DOM proxies get the wrong "this" object
+ * MFSA 2013-92/CVE-2013-1738 (bmo#887334, bmo#882897)
+ GC hazard with default compartments and frame chain restoration
+- require NSPR 4.10 and NSS 3.15.1
+
+-------------------------------------------------------------------
+Fri Aug 2 10:56:43 UTC 2013 - wr@rosenauer.org
+
+- update to 17.0.8esr (bnc#833389)
+ * MFSA 2013-63/CVE-2013-1701
+ Miscellaneous memory safety hazards
+ * MFSA 2013-68/CVE-2013-1709 (bmo#838253)
+ Document URI misrepresentation and masquerading
+ * MFSA 2013-69/CVE-2013-1710 (bmo#871368)
+ CRMF requests allow for code execution and XSS attacks
+ * MFSA 2013-72/CVE-2013-1713 (bmo#887098)
+ Wrong principal used for validating URI for some Javascript
+ components
+ * MFSA 2013-73/CVE-2013-1714 (bmo#879787)
+ Same-origin bypass with web workers and XMLHttpRequest
+ * MFSA 2013-75/CVE-2013-1717 (bmo#406541, bmo#738397)
+ Local Java applets may read contents of local file system
+
+-------------------------------------------------------------------
+Mon Jun 24 15:26:27 UTC 2013 - wr@rosenauer.org
+
+- update to 17.0.7esr (bnc#825935)
+ * MFSA 2013-49/CVE-2013-1682
+ Miscellaneous memory safety hazards
+ * MFSA 2013-50/CVE-2013-1684/CVE-2013-1685/CVE-2013-1686
+ Memory corruption found using Address Sanitizer
+ * MFSA 2013-51/CVE-2013-1687 (bmo#863933, bmo#866823)
+ Privileged content access and execution via XBL
+ * MFSA 2013-53/CVE-2013-1690 (bmo#857883)
+ Execution of unmapped memory through onreadystatechange event
+ * MFSA 2013-54/CVE-2013-1692 (bmo#866915)
+ Data in the body of XHR HEAD requests leads to CSRF attacks
+ * MFSA 2013-55/CVE-2013-1693 (bmo#711043)
+ SVG filters can lead to information disclosure
+ * MFSA 2013-56/CVE-2013-1694 (bmo#848535)
+ PreserveWrapper has inconsistent behavior
+ * MFSA 2013-59/CVE-2013-1697 (bmo#858101)
+ XrayWrappers can be bypassed to run user defined methods in a
+ privileged context
+
+-------------------------------------------------------------------
+Tue Jun 4 16:24:51 UTC 2013 - dvaleev@suse.com
+
+- Fix build on powerpc (ppc-xpcshell.patch)
+
+-------------------------------------------------------------------
+Fri May 10 17:27:23 UTC 2013 - wr@rosenauer.org
+
+- update to 17.0.6esr (bnc#819204)
+ * MFSA 2013-41/CVE-2013-0801/CVE-2013-1669
+ Miscellaneous memory safety hazards
+ * MFSA 2013-42/CVE-2013-1670 (bmo#853709)
+ Privileged access for content level constructor
+ * MFSA 2013-46/CVE-2013-1674 (bmo#860971)
+ Use-after-free with video and onresize event
+ * MFSA 2013-47/CVE-2013-1675 (bmo#866825)
+ Uninitialized functions in DOMSVGZoomEvent
+ * MFSA 2013-48/CVE-2013-1676/CVE-2013-1677/CVE-2013-1678/
+ CVE-2013-1679/CVE-2013-1680/CVE-2013-1681
+ Memory corruption found using Address Sanitizer
+
+-------------------------------------------------------------------
+Fri Mar 29 16:27:59 UTC 2013 - wr@rosenauer.org
+
+- update to 17.0.5esr (bnc#813026)
+ * requires NSPR 4.9.5 and NSS 3.14.3
+ * MFSA 2013-30/CVE-2013-0788
+ Miscellaneous memory safety hazards
+ * MFSA 2013-31/CVE-2013-0800 (bmo#825721)
+ Out-of-bounds write in Cairo library
+ * MFSA 2013-35/CVE-2013-0796 (bmo#827106)
+ WebGL crash with Mesa graphics driver on Linux
+ * MFSA 2013-36/CVE-2013-0795 (bmo#825697)
+ Bypass of SOW protections allows cloning of protected nodes
+ * MFSA 2013-37/CVE-2013-0794 (bmo#626775)
+ Bypass of tab-modal dialog origin disclosure
+ * MFSA 2013-38/CVE-2013-0793 (bmo#803870)
+ Cross-site scripting (XSS) using timed history navigations
+
+-------------------------------------------------------------------
+Fri Mar 8 09:00:09 UTC 2013 - wr@rosenauer.org
+
+- update to 17.0.4esr (bnc#808243)
+ * MFSA 2013-29/CVE-2013-0787 (bmo#848644)
+ Use-after-free in HTML Editor
+
+-------------------------------------------------------------------
+Sat Feb 16 17:38:21 UTC 2013 - wr@rosenauer.org
+
+- update to 17.0.3esr (bnc#804248)
+ * MFSA 2013-21/CVE-2013-0783
+ Miscellaneous memory safety hazards
+ * MFSA 2013-24/CVE-2013-0773 (bmo#809652)
+ Web content bypass of COW and SOW security wrappers
+ * MFSA 2013-25/CVE-2013-0774 (bmo#827193)
+ Privacy leak in JavaScript Workers
+ * MFSA 2013-26/CVE-2013-0775 (bmo#831095)
+ Use-after-free in nsImageLoadingContent
+ * MFSA 2013-27/CVE-2013-0776 (bmo#796475)
+ Phishing on HTTPS connection through malicious proxy
+ * MFSA 2013-28/CVE-2013-0780/CVE-2013-0782
+ Use-after-free, out of bounds read, and buffer overflow issues
+ found using Address Sanitizer
+
+-------------------------------------------------------------------
+Sat Jan 5 14:46:06 UTC 2013 - wr@rosenauer.org
+
+- update to 17.0.2esr (bnc#796895)
+ * MFSA 2013-01/CVE-2013-0749/CVE-2013-0769/CVE-2013-0770
+ Miscellaneous memory safety hazards
+ * MFSA 2013-02/CVE-2013-0760/CVE-2013-0762/CVE-2013-0766/CVE-2013-0767
+ CVE-2013-0761/CVE-2013-0763/CVE-2013-0771/CVE-2012-5829
+ Use-after-free and buffer overflow issues found using Address Sanitizer
+ * MFSA 2013-03/CVE-2013-0768 (bmo#815795)
+ Buffer Overflow in Canvas
+ * MFSA 2013-04/CVE-2012-0759 (bmo#802026)
+ URL spoofing in addressbar during page loads
+ * MFSA 2013-05/CVE-2013-0744 (bmo#814713)
+ Use-after-free when displaying table with many columns and column groups
+ * MFSA 2013-07/CVE-2013-0764 (bmo#804237)
+ Crash due to handling of SSL on threads
+ * MFSA 2013-08/CVE-2013-0745 (bmo#794158)
+ AutoWrapperChanger fails to keep objects alive during garbage collection
+ * MFSA 2013-09/CVE-2013-0746 (bmo#816842)
+ Compartment mismatch with quickstubs returned values
+ * MFSA 2013-10/CVE-2013-0747 (bmo#733305)
+ Event manipulation in plugin handler to bypass same-origin policy
+ * MFSA 2013-11/CVE-2013-0748 (bmo#806031)
+ Address space layout leaked in XBL objects
+ * MFSA 2013-12/CVE-2013-0750 (bmo#805121)
+ Buffer overflow in Javascript string concatenation
+ * MFSA 2013-13/CVE-2013-0752 (bmo#805024)
+ Memory corruption in XBL with XML bindings containing SVG
+ * MFSA 2013-14/CVE-2013-0757 (bmo#813901)
+ Chrome Object Wrapper (COW) bypass through changing prototype
+ * MFSA 2013-15/CVE-2013-0758 (bmo#813906)
+ Privilege escalation through plugin objects
+ * MFSA 2013-16/CVE-2013-0753 (bmo#814001)
+ Use-after-free in serializeToStream
+ * MFSA 2013-17/CVE-2013-0754 (bmo#814026)
+ Use-after-free in ListenerManager
+ * MFSA 2013-18/CVE-2013-0755 (bmo#814027)
+ Use-after-free in Vibrate
+ * MFSA 2013-19/CVE-2013-0756 (bmo#814029)
+ Use-after-free in Javascript Proxy objects
+- requires NSS 3.14.1 (MFSA 2013-20, CVE-2013-0743)
+- build on SLE11
+ * mozilla-gcc43-enums.patch
+ * mozilla-gcc43-template_hacks.patch
+ * mozilla-gcc43-templates_instantiation.patch
+
-------------------------------------------------------------------
Thu Nov 29 20:04:34 UTC 2012 - wr@rosenauer.org
--- a/xulrunner/xulrunner.spec Wed Sep 18 16:26:48 2013 +0200
+++ b/xulrunner/xulrunner.spec Sat Sep 28 13:21:55 2013 +0200
@@ -1,8 +1,8 @@
#
# spec file for package xulrunner
#
-# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany.
-# 2006-2012 Wolfgang Rosenauer
+# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# 2006-2013 Wolfgang Rosenauer
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -16,6 +16,11 @@
# Please submit bugfixes or comments via http://bugs.opensuse.org/
#
+%if %suse_version > 1220
+%define gstreamer_ver 0.10
+%else
+%define gstreamer_ver 0.10
+%endif
Name: xulrunner
BuildRequires: Mesa-devel
@@ -42,14 +47,19 @@
%else
BuildRequires: wireless-tools
%endif
-BuildRequires: mozilla-nspr-devel >= 4.9.2
-BuildRequires: mozilla-nss-devel >= 3.14
-Version: 17.99
+BuildRequires: mozilla-nspr-devel >= 4.10
+BuildRequires: mozilla-nss-devel >= 3.15.1
+%if %suse_version > 1210
+BuildRequires: pkgconfig(gstreamer-%gstreamer_ver)
+BuildRequires: pkgconfig(gstreamer-app-%gstreamer_ver)
+BuildRequires: pkgconfig(gstreamer-plugins-base-%gstreamer_ver)
+%endif
+Version: 24.0
Release: 0
-%define releasedate 2012112800
-%define version_internal 18.0
-%define apiversion 18
-%define uaweight 1800000
+%define releasedate 2013091000
+%define version_internal 24.0
+%define apiversion 24
+%define uaweight 2400000
Summary: Mozilla Runtime Environment
License: MPL-2.0
Group: Productivity/Other
@@ -76,16 +86,19 @@
Patch6: mozilla-language.patch
Patch7: mozilla-ntlm-full-path.patch
Patch9: mozilla-sle11.patch
-Patch14: mozilla-ppc.patch
+Patch10: mozilla-ppc.patch
+Patch11: mozilla-libproxy-compat.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
Requires: mozilla-js = %{version}
Requires(post): update-alternatives coreutils
Requires(preun): update-alternatives coreutils
+Provides: xulrunner-esr = %{version}
+Obsoletes: xulrunner-esr < 24.0
### build configuration ###
%define has_system_nspr 1
%define has_system_nss 1
%define has_system_cairo 0
-%define localize 0
+%define localize 1
%ifarch ppc ppc64 s390 s390x ia64 %arm
%define crashreporter 0
%else
@@ -140,7 +153,7 @@
Summary: Common translations for XULRunner
Group: System/Localization
Requires: %{name} = %{version}
-Provides: locale(%{name}:ar;ca;cs;da;de;en_GB;es_AR;es_CL;es_ES;fi;fr;hu;it;ja;ko;nb_NO;nl;pl;pt_BR;pt_PT;ru;sv_SE;zh_CN;zh_TW)
+Provides: locale(%{name}:ar;ca;cs;da;de;el;en_GB;es_AR;es_CL;es_ES;fi;fr;hu;it;ja;ko;nb_NO;nl;pl;pt_BR;pt_PT;ru;sv_SE;zh_CN;zh_TW)
Obsoletes: %{name}-translations < %{version}-%{release}
%description translations-common
@@ -156,7 +169,7 @@
Summary: Extra translations for XULRunner
Group: System/Localization
Requires: %{name} = %{version}
-Provides: locale(%{name}:ach;af;ak;as;ast;be;bg;bn_BD;bn_IN;br;bs;csb;cy;el;en_ZA;eo;es_MX;et;eu;fa;ff;fy_NL;ga_IE;gd;gl;gu_IN;he;hi_IN;hr;hy_AM;id;is;kk;km;kn;ku;lg;lij;lt;lv;mai;mk;ml;mr;nn_NO;nso;or;pa_IN;rm;ro;si;sk;sl;son;sq;sr;ta;ta_LK;te;th;tr;uk;vi;zu)
+Provides: locale(%{name}:ach;af;ak;as;ast;be;bg;bn_BD;bn_IN;br;bs;csb;cy;en_ZA;eo;es_MX;et;eu;fa;ff;fy_NL;ga_IE;gd;gl;gu_IN;he;hi_IN;hr;hy_AM;id;is;kk;km;kn;ku;lg;lij;lt;lv;mai;mk;ml;mr;nn_NO;nso;or;pa_IN;rm;ro;si;sk;sl;son;sq;sr;ta;ta_LK;te;th;tr;uk;vi;zu)
Obsoletes: %{name}-translations < %{version}-%{release}
%description translations-other
@@ -190,7 +203,8 @@
%if %suse_version < 1120
%patch9 -p1
%endif
-%patch14 -p1
+%patch10 -p1
+%patch11 -p1
%build
# no need to add build time to binaries
@@ -243,7 +257,6 @@
ac_add_options --enable-system-hunspell
ac_add_options --enable-startup-notification
ac_add_options --enable-shared-js
-ac_add_options --disable-webrtc # does not build with system NSPR
#ac_add_options --enable-debug
EOF
%if %suse_version > 1130
@@ -252,6 +265,11 @@
ac_add_options --enable-gio
EOF
%endif
+%if %suse_version < 1220
+cat << EOF >> $MOZCONFIG
+ac_add_options --disable-gstreamer
+EOF
+%endif
%if %has_system_nspr
cat << EOF >> $MOZCONFIG
ac_add_options --with-system-nspr
@@ -277,27 +295,15 @@
ac_add_options --disable-crashreporter
EOF
%endif
-# S/390
-%ifarch s390 s390x
-cat << EOF >> $MOZCONFIG
-ac_add_options --disable-jemalloc
-EOF
-%endif
# ARM
%ifarch %arm
cat << EOF >> $MOZCONFIG
-%ifarch armv7l armv7hl
-ac_add_options --with-arch=armv7-a
-ac_add_options --with-float-abi=hard
-ac_add_options --with-fpu=vfpv3-d16
-ac_add_options --with-thumb=yes
-ac_add_options --disable-debug
+ac_add_options --disable-neon
+EOF
%endif
-%ifarch armv5tel
-ac_add_options --with-arch=armv5te
-ac_add_options --with-float-abi=soft
-ac_add_options --with-thumb=no
-%endif
+%ifnarch %ix86 x86_64
+cat << EOF >> $MOZCONFIG
+ac_add_options --disable-webrtc
EOF
%endif
make -f client.mk build
@@ -315,14 +321,12 @@
find $RPM_BUILD_ROOT%{_libdir}/xulrunner-%{version_internal}/ \
-name "*.js" -o -name "*.xpm" -o -name "*.png" | xargs chmod a-x
# remove mkdir.done files from installed base
-find $RPM_BUILD_ROOT%{_libdir}/xulrunner-%{version_internal} -name ".mkdir.done" | xargs rm
+#find $RPM_BUILD_ROOT%{_libdir}/xulrunner-%{version_internal} -name ".mkdir.done" | xargs rm
mkdir -p $RPM_BUILD_ROOT%{_libdir}/xulrunner-%{version_internal}/extensions
# fixing SDK dynamic libs (symlink instead of copy)
rm $RPM_BUILD_ROOT%{_libdir}/xulrunner-devel-%{version_internal}/sdk/lib/*.so
ln -sf ../../../xulrunner-%{version_internal}/libmozjs.so \
$RPM_BUILD_ROOT%{_libdir}/xulrunner-devel-%{version_internal}/sdk/lib/
-ln -sf ../../../xulrunner-%{version_internal}/libxpcom.so \
- $RPM_BUILD_ROOT%{_libdir}/xulrunner-devel-%{version_internal}/sdk/lib/
ln -sf ../../../xulrunner-%{version_internal}/libxul.so \
$RPM_BUILD_ROOT%{_libdir}/xulrunner-devel-%{version_internal}/sdk/lib/
# include basic buildenv for xulapps to use
@@ -331,7 +335,7 @@
# this list has been compiled by trial and error for prism
tar --exclude=*.cpp --exclude=*.mm \
-cvjf $RPM_BUILD_ROOT%{_datadir}/xulrunner-%{version_internal}/mozilla-src.tar.bz2 \
- mozilla/configure.in mozilla/Makefile.in mozilla/client.py mozilla/allmakefiles.sh \
+ mozilla/configure.in mozilla/Makefile.in mozilla/client.py \
mozilla/config mozilla/client.mk mozilla/aclocal.m4 mozilla/build mozilla/js/src/* \
mozilla/testing mozilla/toolkit/mozapps/installer mozilla/probes mozilla/memory \
mozilla/toolkit/xre mozilla/nsprpub/config mozilla/tools mozilla/xpcom/build
@@ -364,7 +368,7 @@
rm -rf $RPM_BUILD_ROOT%{_libdir}/xulrunner-%{version_internal}/extensions/langpack-$locale@firefox.mozilla.org/defaults
# check against the fixed common list and sort into the right filelist
_matched=0
- for _match in ar ca cs da de en-GB es-AR es-CL es-ES fi fr hu it ja ko nb-NO nl pl pt-BR pt-PT ru sv-SE zh-CN zh-TW; do
+ for _match in ar ca cs da de el en-GB es-AR es-CL es-ES fi fr hu it ja ko nb-NO nl pl pt-BR pt-PT ru sv-SE zh-CN zh-TW; do
[ "$_match" = "$locale" ] && _matched=1
done
[ $_matched -eq 1 ] && _l10ntarget=common || _l10ntarget=other
@@ -453,7 +457,6 @@
%dir %{_libdir}/xulrunner-%{version_internal}/extensions/
%{_libdir}/xulrunner-%{version_internal}/chrome/icons/
%{_libdir}/xulrunner-%{version_internal}/components/
-%{_libdir}/xulrunner-%{version_internal}/plugins/
%{_libdir}/xulrunner-%{version_internal}/*.so
%exclude %{_libdir}/xulrunner-%{version_internal}/libmozjs.so
%{_libdir}/xulrunner-%{version_internal}/add-plugins.sh
@@ -493,6 +496,7 @@
%files devel
%defattr(-,root,root)
%{_libdir}/xulrunner-devel-%{version_internal}/
+%{_libdir}/xulrunner-%{version_internal}/js-gdb.py
# FIXME symlink dynamic libs below sdk/lib
%attr(644,root,root) %{_libdir}/pkgconfig/*
%{_includedir}/xulrunner-%{version_internal}/