update to 1.9.2.20/3.6.20
mozilla-implicit-declarations.patch fixes gcc rpmlint issue
mozilla-curl.patch removes obsolete header dependency needed
--- a/MozillaFirefox/MozillaFirefox.changes Tue Jun 14 11:58:26 2011 +0200
+++ b/MozillaFirefox/MozillaFirefox.changes Fri Aug 12 08:47:59 2011 +0200
@@ -1,7 +1,27 @@
+-------------------------------------------------------------------
+Fri Aug 5 09:37:39 UTC 2011 - wr@rosenauer.org
+
+- security update to 3.6.20
+
-------------------------------------------------------------------
Tue Jun 14 09:54:04 UTC 2011 - wr@rosenauer.org
-- security update to 3.6.18 (bnc#)
+- security update to 3.6.18 (bnc#701296)
+ * MFSA 2011-19/CVE-2011-2374 CVE-2011-2376 CVE-2011-2364
+ CVE-2011-2365
+ Miscellaneous memory safety hazards
+ * MFSA 2011-20/CVE-2011-2373 (bmo#617247)
+ Use-after-free vulnerability when viewing XUL document with
+ script disabled
+ * MFSA 2011-21/CVE-2011-2377 (bmo#638018, bmo#639303)
+ Memory corruption due to multipart/x-mixed-replace images
+ * MFSA 2011-22/CVE-2011-2371 (bmo#664009)
+ Integer overflow and arbitrary code execution in
+ Array.reduceRight()
+ * MFSA 2011-23/CVE-2011-0083 CVE-2011-0085 CVE-2011-2363
+ Multiple dangling pointer vulnerabilities
+ * MFSA 2011-24/CVE-2011-2362 (bmo#616264)
+ Cookie isolation error
- speedier find-external-requires.sh
-------------------------------------------------------------------
--- a/MozillaFirefox/MozillaFirefox.spec Tue Jun 14 11:58:26 2011 +0200
+++ b/MozillaFirefox/MozillaFirefox.spec Fri Aug 12 08:47:59 2011 +0200
@@ -24,7 +24,7 @@
Name: MozillaFirefox
%define xulrunner mozilla-xulrunner192
BuildRequires: autoconf213 gcc-c++ libcurl-devel libgnomeui-devel libidl-devel libnotify-devel python unzip update-desktop-files zip
-BuildRequires: %{xulrunner}-devel = 1.9.2.18
+BuildRequires: %{xulrunner}-devel = 1.9.2.20
%if %suse_version > 1020
BuildRequires: fdupes
%endif
@@ -34,13 +34,13 @@
BuildRequires: wireless-tools
%endif
License: MPLv1.1 or GPLv2+ or LGPLv2+
-Version: %mainver.18
+Version: %mainver.20
Release: 1
Provides: web_browser
Provides: firefox = %{mainver}
Provides: firefox = %{version}-%{release}
Provides: firefox = %{version}
-%define releasedate 2011061300
+%define releasedate 2011080400
Summary: Mozilla Firefox Web Browser
Url: http://www.mozilla.org/
Group: Productivity/Networking/Web/Browsers
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/mozilla-curl.patch Fri Aug 12 08:47:59 2011 +0200
@@ -0,0 +1,89 @@
+# HG changeset patch
+# User Evan Shaw <edsrzf@gmail.com>
+# Parent 2d4a2ce9f921163094c9a29c776b2a6e986febe2
+bug 673072 - remove deprecated curl header curl/types.h from Breakpad includes. r=ted
+
+diff --git a/config/system-headers b/config/system-headers
+--- a/config/system-headers
++++ b/config/system-headers
+@@ -198,17 +198,16 @@ crt_externs.h
+ crypt.h
+ cstdio
+ cstdlib
+ cstring
+ ctime
+ ctype.h
+ curl/curl.h
+ curl/easy.h
+-curl/types.h
+ curses.h
+ cxxabi.h
+ DateTimeUtils.h
+ dbus/dbus.h
+ dbus/dbus-glib.h
+ dbus/dbus-glib-lowlevel.h
+ ddeml.h
+ Debug.h
+diff --git a/js/src/config/system-headers b/js/src/config/system-headers
+--- a/js/src/config/system-headers
++++ b/js/src/config/system-headers
+@@ -198,17 +198,16 @@ crt_externs.h
+ crypt.h
+ cstdio
+ cstdlib
+ cstring
+ ctime
+ ctype.h
+ curl/curl.h
+ curl/easy.h
+-curl/types.h
+ curses.h
+ cxxabi.h
+ DateTimeUtils.h
+ dbus/dbus.h
+ dbus/dbus-glib.h
+ dbus/dbus-glib-lowlevel.h
+ ddeml.h
+ Debug.h
+diff --git a/toolkit/crashreporter/google-breakpad/src/common/linux/http_upload.cc b/toolkit/crashreporter/google-breakpad/src/common/linux/http_upload.cc
+--- a/toolkit/crashreporter/google-breakpad/src/common/linux/http_upload.cc
++++ b/toolkit/crashreporter/google-breakpad/src/common/linux/http_upload.cc
+@@ -26,17 +26,16 @@
+ // THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ // (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ // OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+ #include <cassert>
+ #include <dlfcn.h>
+ #include <curl/curl.h>
+ #include <curl/easy.h>
+-#include <curl/types.h>
+
+ #include "common/linux/http_upload.h"
+
+ namespace {
+
+ // Callback to get the response data from server.
+ static size_t WriteCallback(void *ptr, size_t size,
+ size_t nmemb, void *userp) {
+diff --git a/toolkit/crashreporter/google-breakpad/src/common/linux/libcurl_wrapper.cc b/toolkit/crashreporter/google-breakpad/src/common/linux/libcurl_wrapper.cc
+--- a/toolkit/crashreporter/google-breakpad/src/common/linux/libcurl_wrapper.cc
++++ b/toolkit/crashreporter/google-breakpad/src/common/linux/libcurl_wrapper.cc
+@@ -24,17 +24,16 @@
+ // LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ // DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ // THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ // (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ // OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+ #include <curl/curl.h>
+ #include <curl/easy.h>
+-#include <curl/types.h>
+ #include <dlfcn.h>
+
+ #include <string>
+
+ #include "common/linux/libcurl_wrapper.h"
+ #include "third_party/linux/include/glog/logging.h"
+
+ namespace google_breakpad {
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/mozilla-dump_syms-static.patch Fri Aug 12 08:47:59 2011 +0200
@@ -0,0 +1,20 @@
+# HG changeset patch
+# Parent e589abb2c4d6aaa6083d254416211ac90360dbdd
+NO-BUG: Ignore a hack which is not needed in distribution build environments.
+
+diff --git a/toolkit/crashreporter/google-breakpad/src/tools/linux/dump_syms/Makefile.in b/toolkit/crashreporter/google-breakpad/src/tools/linux/dump_syms/Makefile.in
+--- a/toolkit/crashreporter/google-breakpad/src/tools/linux/dump_syms/Makefile.in
++++ b/toolkit/crashreporter/google-breakpad/src/tools/linux/dump_syms/Makefile.in
+@@ -59,11 +59,11 @@ HOST_LIBS += \
+ $(NULL)
+
+ # force C++ linking
+ CPP_PROG_LINK = 1
+ FORCE_USE_PIC = 1
+
+ #XXX: bug 554854 causes us to be unable to run binaries on the build slaves
+ # due to them having an older libstdc++
+-HOST_LDFLAGS += -static
++#HOST_LDFLAGS += -static
+
+ include $(topsrcdir)/config/rules.mk
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/mozilla-implicit-declarations.patch Fri Aug 12 08:47:59 2011 +0200
@@ -0,0 +1,23 @@
+# HG changeset patch
+# Parent e3c883f8276a5fd4afab00e226cf19031d6fc5ae
+diff --git a/gfx/qcms/iccread.c b/gfx/qcms/iccread.c
+--- a/gfx/qcms/iccread.c
++++ b/gfx/qcms/iccread.c
+@@ -18,16 +18,17 @@
+ // NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+ // LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+ // OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+ // WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+ #include <math.h>
+ #include <assert.h>
+ #include <stdlib.h>
++#include <string.h>
+ #include "qcmsint.h"
+
+ //XXX: use a better typename
+ typedef uint32_t __be32;
+ typedef uint16_t __be16;
+
+ #if 0
+ not used yet
--- a/mozilla-xulrunner192/create-tar.sh Tue Jun 14 11:58:26 2011 +0200
+++ b/mozilla-xulrunner192/create-tar.sh Fri Aug 12 08:47:59 2011 +0200
@@ -1,7 +1,7 @@
#!/bin/bash
-RELEASE_TAG="FIREFOX_3_6_18_RELEASE"
-VERSION="1.9.2.18"
+RELEASE_TAG="FIREFOX_3_6_20_RELEASE"
+VERSION="1.9.2.20"
# mozilla
hg clone http://hg.mozilla.org/releases/mozilla-1.9.2 mozilla
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/mozilla-xulrunner192/mozilla-curl.patch Fri Aug 12 08:47:59 2011 +0200
@@ -0,0 +1,1 @@
+../mozilla-curl.patch
\ No newline at end of file
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/mozilla-xulrunner192/mozilla-dump_syms-static.patch Fri Aug 12 08:47:59 2011 +0200
@@ -0,0 +1,1 @@
+../mozilla-dump_syms-static.patch
\ No newline at end of file
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/mozilla-xulrunner192/mozilla-implicit-declarations.patch Fri Aug 12 08:47:59 2011 +0200
@@ -0,0 +1,1 @@
+../mozilla-implicit-declarations.patch
\ No newline at end of file
--- a/mozilla-xulrunner192/mozilla-xulrunner192.changes Tue Jun 14 11:58:26 2011 +0200
+++ b/mozilla-xulrunner192/mozilla-xulrunner192.changes Fri Aug 12 08:47:59 2011 +0200
@@ -1,8 +1,33 @@
-------------------------------------------------------------------
-Tue Jun 14 09:36:29 UTC 2011 - wr@rosenauer.org
+Fri Aug 5 09:35:34 UTC 2011 - wr@rosenauer.org
+
+- security update to 1.9.2.20
+- added mozilla-implicit-declarations.patch to fix rpmlint/gcc
+ checks
+- added mozilla-curl.patch to remove obsolete header dependency
+
+-------------------------------------------------------------------
+Mon Jun 20 09:32:58 UTC 2011 - wr@rosenauer.org
-- security update to 1.9.2.18 (bnc#)
+- security update to 1.9.2.18 (bnc#701296)
+ * MFSA 2011-19/CVE-2011-2374 CVE-2011-2376 CVE-2011-2364
+ CVE-2011-2365
+ Miscellaneous memory safety hazards
+ * MFSA 2011-20/CVE-2011-2373 (bmo#617247)
+ Use-after-free vulnerability when viewing XUL document with
+ script disabled
+ * MFSA 2011-21/CVE-2011-2377 (bmo#638018, bmo#639303)
+ Memory corruption due to multipart/x-mixed-replace images
+ * MFSA 2011-22/CVE-2011-2371 (bmo#664009)
+ Integer overflow and arbitrary code execution in
+ Array.reduceRight()
+ * MFSA 2011-23/CVE-2011-0083 CVE-2011-0085 CVE-2011-2363
+ Multiple dangling pointer vulnerabilities
+ * MFSA 2011-24/CVE-2011-2362 (bmo#616264)
+ Cookie isolation error
- speedier find-external-requires.sh
+- do not build dump_syms static as it is not needed for us
+ -> fixes build for 12.1 and above
-------------------------------------------------------------------
Wed May 11 09:44:20 UTC 2011 - cgiboudeaux@gmx.com
--- a/mozilla-xulrunner192/mozilla-xulrunner192.spec Tue Jun 14 11:58:26 2011 +0200
+++ b/mozilla-xulrunner192/mozilla-xulrunner192.spec Fri Aug 12 08:47:59 2011 +0200
@@ -39,12 +39,12 @@
BuildRequires: wireless-tools
%endif
License: MPLv1.1 or GPLv2+ or LGPLv2+
-Version: 1.9.2.18
+Version: 1.9.2.20
Release: 1
-%define releasedate 2011061300
-%define version_internal 1.9.2.18
+%define releasedate 2011080400
+%define version_internal 1.9.2.20
%define apiversion 1.9.2
-%define uaweight 192180
+%define uaweight 192200
Summary: Mozilla Runtime Environment 1.9.2
Url: http://www.mozilla.org
Group: Productivity/Other
@@ -72,6 +72,7 @@
Patch3: mozilla-pkgconfig.patch
Patch4: idldir.patch
Patch5: mozilla-nongnome-proxies.patch
+Patch6: mozilla-dump_syms-static.patch
Patch7: mozilla-prefer_plugin_pref.patch
Patch8: mozilla-shared-nss-db.patch
Patch10: mozilla-kde.patch
@@ -87,6 +88,8 @@
Patch18: mozilla-prlog.patch
Patch19: mozilla-ntlm-full-path.patch
Patch20: mozilla-gcc46.patch
+Patch21: mozilla-implicit-declarations.patch
+Patch22: mozilla-curl.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
Requires: mozilla-js192 = %{version}
Requires(post): update-alternatives coreutils
@@ -223,6 +226,7 @@
%patch3 -p1
%patch4 -p1
%patch5 -p1
+%patch6 -p1
%patch7 -p1
%patch8 -p1
%if %suse_version >= 1110
@@ -239,6 +243,8 @@
%patch18 -p1
%patch19 -p1
%patch20 -p1
+%patch21 -p1
+%patch22 -p1
%build
%if %suse_version >= 1110
--- a/series Tue Jun 14 11:58:26 2011 +0200
+++ b/series Fri Aug 12 08:47:59 2011 +0200
@@ -4,6 +4,7 @@
mozilla-pkgconfig.patch
idldir.patch
mozilla-nongnome-proxies.patch
+mozilla-dump_syms-static.patch
mozilla-prefer_plugin_pref.patch
mozilla-shared-nss-db.patch
mozilla-kde.patch
@@ -17,6 +18,8 @@
mozilla-prlog.patch
mozilla-ntlm-full-path.patch
mozilla-gcc46.patch
+mozilla-implicit-declarations.patch
+mozilla-curl.patch
# Firefox patches
firefox-libxul-sdk.patch