--- a/MozillaFirefox/MozillaFirefox.changes Mon Nov 19 14:25:17 2012 +0100
+++ b/MozillaFirefox/MozillaFirefox.changes Wed Nov 21 19:04:48 2012 +0100
@@ -1,10 +1,61 @@
-------------------------------------------------------------------
-Fri Oct 26 10:59:41 UTC 2012 - wr@rosenauer.org
-
-- update to Aurora 18 (20121025)
+Wed Nov 21 08:54:09 UTC 2012 - wr@rosenauer.org
+
+- update to Firefox 18.0b1
* requires NSS 3.14
-- enable system NSPR
+ * removed obsolete SLE11 patches (mozilla-gcc43*)
- ported patches
+- reenable WebRTC
+
+-------------------------------------------------------------------
+Tue Nov 20 19:52:02 UTC 2012 - wr@rosenauer.org
+
+- update to Firefox 17.0 (bnc#790140)
+ * MFSA 2012-91/CVE-2012-5842/CVE-2012-5843
+ Miscellaneous memory safety hazards
+ * MFSA 2012-92/CVE-2012-4202 (bmo#758200)
+ Buffer overflow while rendering GIF images
+ * MFSA 2012-93/CVE-2012-4201 (bmo#747607)
+ evalInSanbox location context incorrectly applied
+ * MFSA 2012-94/CVE-2012-5836 (bmo#792857)
+ Crash when combining SVG text on path with CSS
+ * MFSA 2012-95/CVE-2012-4203 (bmo#765628)
+ Javascript: URLs run in privileged context on New Tab page
+ * MFSA 2012-96/CVE-2012-4204 (bmo#778603)
+ Memory corruption in str_unescape
+ * MFSA 2012-97/CVE-2012-4205 (bmo#779821)
+ XMLHttpRequest inherits incorrect principal within sandbox
+ * MFSA 2012-99/CVE-2012-4208 (bmo#798264)
+ XrayWrappers exposes chrome-only properties when not in chrome
+ compartment
+ * MFSA 2012-100/CVE-2012-5841 (bmo#805807)
+ Improper security filtering for cross-origin wrappers
+ * MFSA 2012-101/CVE-2012-4207 (bmo#801681)
+ Improper character decoding in HZ-GB-2312 charset
+ * MFSA 2012-102/CVE-2012-5837 (bmo#800363)
+ Script entered into Developer Toolbar runs with chrome privileges
+ * MFSA 2012-103/CVE-2012-4209 (bmo#792405)
+ Frames can shadow top.location
+ * MFSA 2012-104/CVE-2012-4210 (bmo#796866)
+ CSS and HTML injection through Style Inspector
+ * MFSA 2012-105/CVE-2012-4214/CVE-2012-4215/CVE-2012-4216/
+ CVE-2012-5829/CVE-2012-5839/CVE-2012-5840/CVE-2012-4212/
+ CVE-2012-4213/CVE-2012-4217/CVE-2012-4218
+ Use-after-free and buffer overflow issues found using Address
+ Sanitizer
+ * MFSA 2012-106/CVE-2012-5830/CVE-2012-5833/CVE-2012-5835/CVE-2012-5838
+ Use-after-free, buffer overflow, and memory corruption issues
+ found using Address Sanitizer
+- rebased patches
+- disabled WebRTC since build is broken (bmo#776877)
+
+-------------------------------------------------------------------
+Tue Nov 20 15:42:55 UTC 2012 - pcerny@suse.com
+
+- build on SLE11
+ * mozilla-gcc43-enums.patch
+ * mozilla-gcc43-template_hacks.patch
+ * mozilla-gcc43-templates_instantiation.patch
-------------------------------------------------------------------
Wed Oct 24 08:27:29 UTC 2012 - wr@rosenauer.org
--- a/MozillaFirefox/MozillaFirefox.spec Mon Nov 19 14:25:17 2012 +0100
+++ b/MozillaFirefox/MozillaFirefox.spec Wed Nov 21 19:04:48 2012 +0100
@@ -18,8 +18,8 @@
%define major 17
-%define mainver %major.98
-%define update_channel aurora
+%define mainver %major.99
+%define update_channel beta
Name: MozillaFirefox
BuildRequires: Mesa-devel
@@ -54,7 +54,7 @@
%endif
Version: %{mainver}
Release: 0
-%define releasedate 2012102500
+%define releasedate 2012112100
Provides: firefox = %{mainver}
Provides: firefox = %{version}-%{release}
Provides: web_browser
@@ -131,7 +131,7 @@
%define desktop_file_name %{name}
%endif
### build options
-%define branding 0
+%define branding 1
%define localize 1
%ifarch ppc ppc64 s390 s390x ia64 %arm
%define crashreporter 0
@@ -159,7 +159,7 @@
%if %localize
%package translations-common
-Summary: Common translations for MozillaFirefox
+Summary: Common translations for Firefox
Group: System/Localization
Provides: locale(%{name}:ar;ca;cs;da;de;en_GB;es_AR;es_CL;es_ES;fi;fr;hu;it;ja;ko;nb_NO;nl;pl;pt_BR;pt_PT;ru;sv_SE;zh_CN;zh_TW)
Requires: %{name} = %{version}
@@ -167,10 +167,10 @@
%description translations-common
This package contains several common languages for the user interface
-of MozillaFirefox.
+of Firefox.
%package translations-other
-Summary: Extra translations for MozillaFirefox
+Summary: Extra translations for Firefox
Group: System/Localization
Provides: locale(%{name}:ach;af;ak;as;ast;be;bg;bn_BD;bn_IN;br;bs;csb;cy;el;en_ZA;eo;es_MX;et;eu;fa;ff;fy_NL;ga_IE;gd;gl;gu_IN;he;hi_IN;hr;hy_AM;id;is;kk;km;kn;ku;lg;lij;lt;lv;mai;mk;ml;mr;nn_NO;nso;or;pa_IN;rm;ro;si;sk;sl;son;sq;sr;ta;ta_LK;te;th;tr;uk;vi;zu)
Requires: %{name} = %{version}
@@ -178,11 +178,11 @@
%description translations-other
This package contains rarely used languages for the user interface
-of MozillaFirefox.
+of Firefox.
%endif
%package branding-upstream
-Summary: Upstream branding for MozillaFirefox
+Summary: Upstream branding for Firefox
Group: Productivity/Networking/Web/Browsers
Provides: %{name}-branding = 5.0
Conflicts: otherproviders(%{name}-branding)
@@ -198,7 +198,7 @@
#BRAND: It's also possible to drop files in /usr/lib/firefox/searchplugins
%description branding-upstream
-This package provides upstream look and feel for MozillaFirefox.
+This package provides upstream look and feel for Firefox.
%if %crashreporter
--- a/MozillaFirefox/create-tar.sh Mon Nov 19 14:25:17 2012 +0100
+++ b/MozillaFirefox/create-tar.sh Wed Nov 21 19:04:48 2012 +0100
@@ -1,9 +1,9 @@
#!/bin/bash
-CHANNEL="aurora"
+CHANNEL="beta"
BRANCH="releases/mozilla-$CHANNEL"
RELEASE_TAG="default"
-VERSION="17.98"
+VERSION="17.99"
# mozilla
echo "cloning $BRANCH..."
--- a/mozilla-pkgconfig.patch Mon Nov 19 14:25:17 2012 +0100
+++ b/mozilla-pkgconfig.patch Wed Nov 21 19:04:48 2012 +0100
@@ -14,7 +14,7 @@
# Add pkg-config files to the install:: target
+# the apilibdir always ends with 1.9 as every patch update will provide a link
-+apilibdir = $(dir $(installdir))xulrunner-17
++apilibdir = $(dir $(installdir))xulrunner-18
+
pkg_config_files = \
libxul.pc \
--- a/mozilla-shared-nss-db.patch Mon Nov 19 14:25:17 2012 +0100
+++ b/mozilla-shared-nss-db.patch Wed Nov 21 19:04:48 2012 +0100
@@ -7,7 +7,7 @@
diff --git a/configure.in b/configure.in
--- a/configure.in
+++ b/configure.in
-@@ -8089,16 +8089,31 @@ AC_SUBST(QCMS_LIBS)
+@@ -8099,16 +8099,31 @@ AC_SUBST(QCMS_LIBS)
dnl ========================================================
dnl HarfBuzz
@@ -42,20 +42,18 @@
diff --git a/security/manager/ssl/src/Makefile.in b/security/manager/ssl/src/Makefile.in
--- a/security/manager/ssl/src/Makefile.in
+++ b/security/manager/ssl/src/Makefile.in
-@@ -91,12 +91,14 @@ DEFINES += \
+@@ -90,10 +90,13 @@ DEFINES += \
+ -DDLL_SUFFIX=\"$(DLL_SUFFIX)\" \
+ $(NULL)
EXPORTS += \
nsNSSShutDown.h \
ScopedNSSTypes.h \
$(NULL)
- # Use local includes because they are inserted before INCLUDES
- # so that Mozilla's nss.h is used, not glibc's
--LOCAL_INCLUDES += $(NSS_CFLAGS)
-+LOCAL_INCLUDES += $(NSS_CFLAGS) $(NSSHELPER_CFLAGS)
++LOCAL_INCLUDES += $(NSSHELPER_CFLAGS)
++EXTRA_DSO_LDOPTS += $(NSSHELPER_LIBS)
+
-+EXTRA_DSO_LDOPTS += $(NSSHELPER_LIBS)
-
include $(topsrcdir)/config/rules.mk
diff --git a/security/manager/ssl/src/nsNSSComponent.cpp b/security/manager/ssl/src/nsNSSComponent.cpp
--- a/xulrunner/create-tar.sh Mon Nov 19 14:25:17 2012 +0100
+++ b/xulrunner/create-tar.sh Wed Nov 21 19:04:48 2012 +0100
@@ -1,9 +1,9 @@
#!/bin/bash
-CHANNEL="aurora"
+CHANNEL="beta"
BRANCH="releases/mozilla-$CHANNEL"
-RELEASE_TAG="default"
-VERSION="16.98"
+RELEASE_TAG="FIREFOX_18_0b1_RELEASE"
+VERSION="17.99"
# mozilla
echo "cloning $BRANCH..."
--- a/xulrunner/xulrunner.changes Mon Nov 19 14:25:17 2012 +0100
+++ b/xulrunner/xulrunner.changes Wed Nov 21 19:04:48 2012 +0100
@@ -1,7 +1,99 @@
-------------------------------------------------------------------
-Tue Sep 11 09:26:09 UTC 2012 - wr@rosenauer.org
+Tue Nov 20 20:15:23 UTC 2012 - wr@rosenauer.org
+
+- update to 17.0 (bnc#790140)
+ * MFSA 2012-91/CVE-2012-5842/CVE-2012-5843
+ Miscellaneous memory safety hazards
+ * MFSA 2012-92/CVE-2012-4202 (bmo#758200)
+ Buffer overflow while rendering GIF images
+ * MFSA 2012-93/CVE-2012-4201 (bmo#747607)
+ evalInSanbox location context incorrectly applied
+ * MFSA 2012-94/CVE-2012-5836 (bmo#792857)
+ Crash when combining SVG text on path with CSS
+ * MFSA 2012-95/CVE-2012-4203 (bmo#765628)
+ Javascript: URLs run in privileged context on New Tab page
+ * MFSA 2012-96/CVE-2012-4204 (bmo#778603)
+ Memory corruption in str_unescape
+ * MFSA 2012-97/CVE-2012-4205 (bmo#779821)
+ XMLHttpRequest inherits incorrect principal within sandbox
+ * MFSA 2012-99/CVE-2012-4208 (bmo#798264)
+ XrayWrappers exposes chrome-only properties when not in chrome
+ compartment
+ * MFSA 2012-100/CVE-2012-5841 (bmo#805807)
+ Improper security filtering for cross-origin wrappers
+ * MFSA 2012-101/CVE-2012-4207 (bmo#801681)
+ Improper character decoding in HZ-GB-2312 charset
+ * MFSA 2012-102/CVE-2012-5837 (bmo#800363)
+ Script entered into Developer Toolbar runs with chrome privileges
+ * MFSA 2012-103/CVE-2012-4209 (bmo#792405)
+ Frames can shadow top.location
+ * MFSA 2012-104/CVE-2012-4210 (bmo#796866)
+ CSS and HTML injection through Style Inspector
+ * MFSA 2012-105/CVE-2012-4214/CVE-2012-4215/CVE-2012-4216/
+ CVE-2012-5829/CVE-2012-5839/CVE-2012-5840/CVE-2012-4212/
+ CVE-2012-4213/CVE-2012-4217/CVE-2012-4218
+ Use-after-free and buffer overflow issues found using Address
+ Sanitizer
+ * MFSA 2012-106/CVE-2012-5830/CVE-2012-5833/CVE-2012-5835/CVE-2012-5838
+ Use-after-free, buffer overflow, and memory corruption issues
+ found using Address Sanitizer
+- rebased patches
+- disabled WebRTC since build is broken (bmo#776877)
+
+-------------------------------------------------------------------
+Wed Oct 24 08:28:49 UTC 2012 - wr@rosenauer.org
-- update to 16.0b2
+- update to 16.0.2 (bnc#786522)
+ * MFSA 2012-90/CVE-2012-4194/CVE-2012-4195/CVE-2012-4196
+ (bmo#800666, bmo#793121, bmo#802557)
+ Fixes for Location object issues
+
+-------------------------------------------------------------------
+Thu Oct 11 01:50:19 UTC 2012 - wr@rosenauer.org
+
+- update to 16.0.1 (bnc#783533)
+ * MFSA 2012-88/CVE-2012-4191 (bmo#798045)
+ Miscellaneous memory safety hazards
+ * MFSA 2012-89/CVE-2012-4192/CVE-2012-4193 (bmo#799952, bmo#720619)
+ defaultValue security checks not applied
+
+-------------------------------------------------------------------
+Sun Oct 7 21:41:01 UTC 2012 - wr@rosenauer.org
+
+- update to 16.0 (bnc#783533)
+ * MFSA 2012-74/CVE-2012-3982/CVE-2012-3983
+ Miscellaneous memory safety hazards
+ * MFSA 2012-75/CVE-2012-3984 (bmo#575294)
+ select element persistance allows for attacks
+ * MFSA 2012-76/CVE-2012-3985 (bmo#655649)
+ Continued access to initial origin after setting document.domain
+ * MFSA 2012-77/CVE-2012-3986 (bmo#775868)
+ Some DOMWindowUtils methods bypass security checks
+ * MFSA 2012-79/CVE-2012-3988 (bmo#725770)
+ DOS and crash with full screen and history navigation
+ * MFSA 2012-80/CVE-2012-3989 (bmo#783867)
+ Crash with invalid cast when using instanceof operator
+ * MFSA 2012-81/CVE-2012-3991 (bmo#783260)
+ GetProperty function can bypass security checks
+ * MFSA 2012-82/CVE-2012-3994 (bmo#765527)
+ top object and location property accessible by plugins
+ * MFSA 2012-83/CVE-2012-3993/CVE-2012-4184 (bmo#768101, bmo#780370)
+ Chrome Object Wrapper (COW) does not disallow acces to privileged
+ functions or properties
+ * MFSA 2012-84/CVE-2012-3992 (bmo#775009)
+ Spoofing and script injection through location.hash
+ * MFSA 2012-85/CVE-2012-3995/CVE-2012-4179/CVE-2012-4180/
+ CVE-2012-4181/CVE-2012-4182/CVE-2012-4183
+ Use-after-free, buffer overflow, and out of bounds read issues
+ found using Address Sanitizer
+ * MFSA 2012-86/CVE-2012-4185/CVE-2012-4186/CVE-2012-4187/
+ CVE-2012-4188
+ Heap memory corruption issues found using Address Sanitizer
+ * MFSA 2012-87/CVE-2012-3990 (bmo#787704)
+ Use-after-free in the IME State Manager
+- requires NSPR 4.9.2
+- removed upstreamed mozilla-crashreporter-restart-args.patch
+- updated translations-other with new languages
-------------------------------------------------------------------
Sun Aug 26 13:48:04 UTC 2012 - wr@rosenauer.org
--- a/xulrunner/xulrunner.spec Mon Nov 19 14:25:17 2012 +0100
+++ b/xulrunner/xulrunner.spec Wed Nov 21 19:04:48 2012 +0100
@@ -43,13 +43,13 @@
BuildRequires: wireless-tools
%endif
BuildRequires: mozilla-nspr-devel >= 4.9.2
-BuildRequires: mozilla-nss-devel >= 3.13.6
-Version: 16.98
+BuildRequires: mozilla-nss-devel >= 3.14
+Version: 18.0
Release: 0
-%define releasedate 2012091000
-%define version_internal 17.0
-%define apiversion 17
-%define uaweight 1700000
+%define releasedate 2012112100
+%define version_internal 18.0
+%define apiversion 18
+%define uaweight 1800000
Summary: Mozilla Runtime Environment
License: MPL-2.0
Group: Productivity/Other
@@ -156,7 +156,7 @@
Summary: Extra translations for XULRunner
Group: System/Localization
Requires: %{name} = %{version}
-Provides: locale(%{name}:af;ak;as;ast;be;bg;bn_BD;bn_IN;br;bs;csb;cy;el;en_ZA;eo;es_MX;et;eu;fa;fy_NL;ga_IE;gd;gl;gu_IN;he;hi_IN;hr;hy_AM;id;is;kk;kn;ku;lg;lij;lt;lv;mai;mk;ml;mn;mr;nn_NO;nso;or;pa_IN;rm;ro;si;sk;sl;son;sq;sr;sw;ta;ta_LK;te;th;tr;uk;vi;zu)
+Provides: locale(%{name}:ach;af;ak;as;ast;be;bg;bn_BD;bn_IN;br;bs;csb;cy;el;en_ZA;eo;es_MX;et;eu;fa;ff;fy_NL;ga_IE;gd;gl;gu_IN;he;hi_IN;hr;hy_AM;id;is;kk;km;kn;ku;lg;lij;lt;lv;mai;mk;ml;mr;nn_NO;nso;or;pa_IN;rm;ro;si;sk;sl;son;sq;sr;ta;ta_LK;te;th;tr;uk;vi;zu)
Obsoletes: %{name}-translations < %{version}-%{release}
%description translations-other
@@ -243,6 +243,7 @@
ac_add_options --enable-system-hunspell
ac_add_options --enable-startup-notification
ac_add_options --enable-shared-js
+ac_add_options --disable-webrtc # does not build with system NSPR
#ac_add_options --enable-debug
EOF
%if %suse_version > 1130
@@ -313,6 +314,8 @@
-type f -perm -111 -exec chmod a-x {} \;
find $RPM_BUILD_ROOT%{_libdir}/xulrunner-%{version_internal}/ \
-name "*.js" -o -name "*.xpm" -o -name "*.png" | xargs chmod a-x
+# remove mkdir.done files from installed base
+find $RPM_BUILD_ROOT%{_libdir}/xulrunner-%{version_internal} -name ".mkdir.done" | xargs rm
mkdir -p $RPM_BUILD_ROOT%{_libdir}/xulrunner-%{version_internal}/extensions
# fixing SDK dynamic libs (symlink instead of copy)
rm $RPM_BUILD_ROOT%{_libdir}/xulrunner-devel-%{version_internal}/sdk/lib/*.so