--- a/MozillaFirefox/MozillaFirefox.changes Tue Aug 28 16:04:36 2012 +0200
+++ b/MozillaFirefox/MozillaFirefox.changes Tue Aug 28 20:27:48 2012 +0200
@@ -1,7 +1,39 @@
-------------------------------------------------------------------
-Tue Aug 21 04:34:36 UTC 2012 - wr@rosenauer.org
-
-- update to Firefox 15.0b5
+Sun Aug 26 13:47:43 UTC 2012 - wr@rosenauer.org
+
+- update to Firefox 15.0 (bnc#777588)
+ * MFSA 2012-57/CVE-2012-1970
+ Miscellaneous memory safety hazards
+ * MFSA 2012-58/CVE-2012-1972/CVE-2012-1973/CVE-2012-1974/CVE-2012-1975
+ CVE-2012-1976/CVE-2012-3956/CVE-2012-3957/CVE-2012-3958/CVE-2012-3959
+ CVE-2012-3960/CVE-2012-3961/CVE-2012-3962/CVE-2012-3963/CVE-2012-3964
+ Use-after-free issues found using Address Sanitizer
+ * MFSA 2012-59/CVE-2012-1956 (bmo#756719)
+ Location object can be shadowed using Object.defineProperty
+ * MFSA 2012-60/CVE-2012-3965 (bmo#769108)
+ Escalation of privilege through about:newtab
+ * MFSA 2012-61/CVE-2012-3966 (bmo#775794, bmo#775793)
+ Memory corruption with bitmap format images with negative height
+ * MFSA 2012-62/CVE-2012-3967/CVE-2012-3968
+ WebGL use-after-free and memory corruption
+ * MFSA 2012-63/CVE-2012-3969/CVE-2012-3970
+ SVG buffer overflow and use-after-free issues
+ * MFSA 2012-64/CVE-2012-3971
+ Graphite 2 memory corruption
+ * MFSA 2012-65/CVE-2012-3972 (bmo#746855)
+ Out-of-bounds read in format-number in XSLT
+ * MFSA 2012-66/CVE-2012-3973 (bmo#757128)
+ HTTPMonitor extension allows for remote debugging without explicit
+ activation
+ * MFSA 2012-68/CVE-2012-3975 (bmo#770684)
+ DOMParser loads linked resources in extensions when parsing
+ text/html
+ * MFSA 2012-69/CVE-2012-3976 (bmo#768568)
+ Incorrect site SSL certificate data display
+ * MFSA 2012-70/CVE-2012-3978 (bmo#770429)
+ Location object security checks bypassed by chrome code
+ * MFSA 2012-72/CVE-2012-3980 (bmo#771859)
+ Web console eval capable of executing chrome-privileged code
- fix HTML5 video crash with GStreamer enabled (bmo#761030)
- GStreamer is only used for MP4 (no WebM, OGG)
- updated filelist
--- a/MozillaFirefox/MozillaFirefox.spec Tue Aug 28 16:04:36 2012 +0200
+++ b/MozillaFirefox/MozillaFirefox.spec Tue Aug 28 20:27:48 2012 +0200
@@ -17,9 +17,9 @@
#
-%define major 14
-%define mainver %major.99
-%define update_channel beta
+%define major 15
+%define mainver %major.0
+%define update_channel release
Name: MozillaFirefox
BuildRequires: Mesa-devel
@@ -54,7 +54,7 @@
%endif
Version: %{mainver}
Release: 0
-%define releasedate 2012081500
+%define releasedate 2012082500
Provides: firefox = %{mainver}
Provides: firefox = %{version}-%{release}
Provides: web_browser
@@ -166,7 +166,7 @@
%package translations-other
Summary: Extra translations for MozillaFirefox
Group: System/Localization
-Provides: locale(%{name}:af;ak;as;ast;be;bg;bn_BD;bn_IN;br;bs;csb;cy;el;en_ZA;eo;es_MX;et;eu;fa;ff;fy_NL;ga_IE;gd;gl;gu_IN;he;hi_IN;hr;hy_AM;id;is;kk;km;kn;ku;lg;lij;lt;lv;mai;mk;ml;mn;mr;nn_NO;nso;or;pa_IN;rm;ro;si;sk;sl;son;sq;sr;sw;ta;ta_LK;te;th;tr;uk;vi;zu)
+Provides: locale(%{name}:af;ak;as;ast;be;bg;bn_BD;bn_IN;br;bs;csb;cy;el;en_ZA;eo;es_MX;et;eu;fa;ff;fy_NL;ga_IE;gd;gl;gu_IN;he;hi_IN;hr;hy_AM;id;is;kk;km;kn;ku;lg;lij;lt;lv;mai;mk;ml;mr;nn_NO;nso;or;pa_IN;rm;ro;si;sk;sl;son;sq;sr;ta;ta_LK;te;th;tr;uk;vi;zu)
Requires: %{name} = %{version}
Obsoletes: %{name}-translations < %{version}-%{release}
--- a/MozillaFirefox/create-tar.sh Tue Aug 28 16:04:36 2012 +0200
+++ b/MozillaFirefox/create-tar.sh Tue Aug 28 20:27:48 2012 +0200
@@ -1,9 +1,9 @@
#!/bin/bash
-CHANNEL="beta"
+CHANNEL="release"
BRANCH="releases/mozilla-$CHANNEL"
-RELEASE_TAG="FIREFOX_15_0b5_RELEASE"
-VERSION="14.99"
+RELEASE_TAG="FIREFOX_15_0_RELEASE"
+VERSION="15.0"
# mozilla
echo "cloning $BRANCH..."
--- a/xulrunner/create-tar.sh Tue Aug 28 16:04:36 2012 +0200
+++ b/xulrunner/create-tar.sh Tue Aug 28 20:27:48 2012 +0200
@@ -1,9 +1,9 @@
#!/bin/bash
-CHANNEL="beta"
+CHANNEL="release"
BRANCH="releases/mozilla-$CHANNEL"
-RELEASE_TAG="FIREFOX_15_0b5_RELEASE"
-VERSION="14.99"
+RELEASE_TAG="FIREFOX_15_0_RELEASE"
+VERSION="15.0"
# mozilla
hg clone http://hg.mozilla.org/$BRANCH mozilla
--- a/xulrunner/mozilla-gstreamer.patch Tue Aug 28 16:04:36 2012 +0200
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,1 +0,0 @@
-../mozilla-gstreamer.patch
\ No newline at end of file
--- a/xulrunner/xulrunner.changes Tue Aug 28 16:04:36 2012 +0200
+++ b/xulrunner/xulrunner.changes Tue Aug 28 20:27:48 2012 +0200
@@ -1,8 +1,41 @@
-------------------------------------------------------------------
-Tue Aug 21 05:08:37 UTC 2012 - wr@rosenauer.org
+Sun Aug 26 13:48:04 UTC 2012 - wr@rosenauer.org
-- update to 15.0b5
+- update to 15.0 (bnc#777588)
+ * MFSA 2012-57/CVE-2012-1970
+ Miscellaneous memory safety hazards
+ * MFSA 2012-58/CVE-2012-1972/CVE-2012-1973/CVE-2012-1974/CVE-2012-1975
+ CVE-2012-1976/CVE-2012-3956/CVE-2012-3957/CVE-2012-3958/CVE-2012-3959
+ CVE-2012-3960/CVE-2012-3961/CVE-2012-3962/CVE-2012-3963/CVE-2012-3964
+ Use-after-free issues found using Address Sanitizer
+ * MFSA 2012-59/CVE-2012-1956 (bmo#756719)
+ Location object can be shadowed using Object.defineProperty
+ * MFSA 2012-60/CVE-2012-3965 (bmo#769108)
+ Escalation of privilege through about:newtab
+ * MFSA 2012-61/CVE-2012-3966 (bmo#775794, bmo#775793)
+ Memory corruption with bitmap format images with negative height
+ * MFSA 2012-62/CVE-2012-3967/CVE-2012-3968
+ WebGL use-after-free and memory corruption
+ * MFSA 2012-63/CVE-2012-3969/CVE-2012-3970
+ SVG buffer overflow and use-after-free issues
+ * MFSA 2012-64/CVE-2012-3971
+ Graphite 2 memory corruption
+ * MFSA 2012-65/CVE-2012-3972 (bmo#746855)
+ Out-of-bounds read in format-number in XSLT
+ * MFSA 2012-66/CVE-2012-3973 (bmo#757128)
+ HTTPMonitor extension allows for remote debugging without explicit
+ activation
+ * MFSA 2012-68/CVE-2012-3975 (bmo#770684)
+ DOMParser loads linked resources in extensions when parsing
+ text/html
+ * MFSA 2012-69/CVE-2012-3976 (bmo#768568)
+ Incorrect site SSL certificate data display
+ * MFSA 2012-70/CVE-2012-3978 (bmo#770429)
+ Location object security checks bypassed by chrome code
+ * MFSA 2012-72/CVE-2012-3980 (bmo#771859)
+ Web console eval capable of executing chrome-privileged code
- fix HTML5 video crash with GStreamer enabled (bmo#761030)
+- fixed filelist
-------------------------------------------------------------------
Sat Jul 14 19:33:44 UTC 2012 - wr@rosenauer.org
--- a/xulrunner/xulrunner.spec Tue Aug 28 16:04:36 2012 +0200
+++ b/xulrunner/xulrunner.spec Tue Aug 28 20:27:48 2012 +0200
@@ -44,9 +44,9 @@
%endif
BuildRequires: mozilla-nspr-devel >= 4.9.1
BuildRequires: mozilla-nss-devel >= 3.13.6
-Version: 14.99
+Version: 15.0
Release: 0
-%define releasedate 2012081500
+%define releasedate 2012082500
%define version_internal 15.0
%define apiversion 15
%define uaweight 1500000
@@ -454,9 +454,7 @@
%{_libdir}/xulrunner-%{version_internal}/dependentlibs.list
%{_libdir}/xulrunner-%{version_internal}/mozilla-xremote-client
%{_libdir}/xulrunner-%{version_internal}/plugin-container
-%{_libdir}/xulrunner-%{version_internal}/run-mozilla.sh
%{_libdir}/xulrunner-%{version_internal}/xulrunner
-%{_libdir}/xulrunner-%{version_internal}/xulrunner-bin
%{_libdir}/xulrunner-%{version_internal}/xulrunner-stub
%{_libdir}/xulrunner-%{version_internal}/platform.ini
%{_libdir}/xulrunner-%{version_internal}/omni.ja