Hello community, here is the log from the commit of package xulrunner for openSUSE:Factory checked in at 2012-10-11 11:35:02 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/xulrunner (Old) and /work/SRC/openSUSE:Factory/.xulrunner.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "xulrunner", Maintainer is "gnome-maintain...@suse.de" Changes: -------- --- /work/SRC/openSUSE:Factory/xulrunner/xulrunner.changes 2012-09-12 07:15:16.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.xulrunner.new/xulrunner.changes 2012-10-11 11:38:32.000000000 +0200 @@ -1,0 +2,38 @@ +Sun Oct 7 21:41:01 UTC 2012 - w...@rosenauer.org + +- update to 16.0 (bnc#783533) + * MFSA 2012-74/CVE-2012-3982/CVE-2012-3983 + Miscellaneous memory safety hazards + * MFSA 2012-75/CVE-2012-3984 (bmo#575294) + select element persistance allows for attacks + * MFSA 2012-76/CVE-2012-3985 (bmo#655649) + Continued access to initial origin after setting document.domain + * MFSA 2012-77/CVE-2012-3986 (bmo#775868) + Some DOMWindowUtils methods bypass security checks + * MFSA 2012-79/CVE-2012-3988 (bmo#725770) + DOS and crash with full screen and history navigation + * MFSA 2012-80/CVE-2012-3989 (bmo#783867) + Crash with invalid cast when using instanceof operator + * MFSA 2012-81/CVE-2012-3991 (bmo#783260) + GetProperty function can bypass security checks + * MFSA 2012-82/CVE-2012-3994 (bmo#765527) + top object and location property accessible by plugins + * MFSA 2012-83/CVE-2012-3993/CVE-2012-4184 (bmo#768101, bmo#780370) + Chrome Object Wrapper (COW) does not disallow acces to privileged + functions or properties + * MFSA 2012-84/CVE-2012-3992 (bmo#775009) + Spoofing and script injection through location.hash + * MFSA 2012-85/CVE-2012-3995/CVE-2012-4179/CVE-2012-4180/ + CVE-2012-4181/CVE-2012-4182/CVE-2012-4183 + Use-after-free, buffer overflow, and out of bounds read issues + found using Address Sanitizer + * MFSA 2012-86/CVE-2012-4185/CVE-2012-4186/CVE-2012-4187/ + CVE-2012-4188 + Heap memory corruption issues found using Address Sanitizer + * MFSA 2012-87/CVE-2012-3990 (bmo#787704) + Use-after-free in the IME State Manager +- requires NSPR 4.9.2 +- removed upstreamed mozilla-crashreporter-restart-args.patch +- updated translations-other with new languages + +------------------------------------------------------------------- Old: ---- idldir.patch l10n-15.0.tar.bz2 mozilla-crashreporter-restart-args.patch xulrunner-15.0-source.tar.bz2 New: ---- l10n-16.0.tar.bz2 mozilla-idldir.patch xulrunner-16.0-source.tar.bz2 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ xulrunner.spec ++++++ --- /var/tmp/diff_new_pack.21FTC5/_old 2012-10-11 11:38:35.000000000 +0200 +++ /var/tmp/diff_new_pack.21FTC5/_new 2012-10-11 11:38:35.000000000 +0200 @@ -42,14 +42,14 @@ %else BuildRequires: wireless-tools %endif -BuildRequires: mozilla-nspr-devel >= 4.9.1 +BuildRequires: mozilla-nspr-devel >= 4.9.2 BuildRequires: mozilla-nss-devel >= 3.13.6 -Version: 15.0 +Version: 16.0 Release: 0 -%define releasedate 2012082500 -%define version_internal 15.0 -%define apiversion 15 -%define uaweight 1500000 +%define releasedate 2012100700 +%define version_internal 16.0 +%define apiversion 16 +%define uaweight 1600000 Summary: Mozilla Runtime Environment License: MPL-2.0 Group: Productivity/Other @@ -70,13 +70,12 @@ Source9: compare-locales.tar.bz2 Patch1: toolkit-download-folder.patch Patch2: mozilla-pkgconfig.patch -Patch3: idldir.patch +Patch3: mozilla-idldir.patch Patch4: mozilla-nongnome-proxies.patch Patch5: mozilla-prefer_plugin_pref.patch Patch6: mozilla-language.patch Patch7: mozilla-ntlm-full-path.patch Patch9: mozilla-sle11.patch -Patch12: mozilla-crashreporter-restart-args.patch Patch14: mozilla-ppc.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build Requires: mozilla-js = %{version} @@ -157,7 +156,7 @@ Summary: Extra translations for XULRunner Group: System/Localization Requires: %{name} = %{version} -Provides: locale(%{name}:af;ak;as;ast;be;bg;bn_BD;bn_IN;br;bs;csb;cy;el;en_ZA;eo;es_MX;et;eu;fa;fy_NL;ga_IE;gd;gl;gu_IN;he;hi_IN;hr;hy_AM;id;is;kk;kn;ku;lg;lij;lt;lv;mai;mk;ml;mn;mr;nn_NO;nso;or;pa_IN;rm;ro;si;sk;sl;son;sq;sr;sw;ta;ta_LK;te;th;tr;uk;vi;zu) +Provides: locale(%{name}:ach;af;ak;as;ast;be;bg;bn_BD;bn_IN;br;bs;csb;cy;el;en_ZA;eo;es_MX;et;eu;fa;ff;fy_NL;ga_IE;gd;gl;gu_IN;he;hi_IN;hr;hy_AM;id;is;kk;km;kn;ku;lg;lij;lt;lv;mai;mk;ml;mr;nn_NO;nso;or;pa_IN;rm;ro;si;sk;sl;son;sq;sr;ta;ta_LK;te;th;tr;uk;vi;zu) Obsoletes: %{name}-translations < %{version}-%{release} %description translations-other @@ -191,7 +190,6 @@ %if %suse_version < 1120 %patch9 -p1 %endif -%patch12 -p1 %patch14 -p1 %build @@ -209,7 +207,7 @@ %endif export LDFLAGS=" -Wl,-rpath -Wl,${MOZ_APP_DIR}" %ifarch %arm -# debug symbols require too much memory during building +# debug symbols require too much memory during build export CFLAGS="${CFLAGS/-g/}" LDFLAGS+="-Wl,--reduce-memory-overheads -Wl,--no-keep-memory" %endif ++++++ compare-locales.tar.bz2 ++++++ ++++++ create-tar.sh ++++++ --- /var/tmp/diff_new_pack.21FTC5/_old 2012-10-11 11:38:36.000000000 +0200 +++ /var/tmp/diff_new_pack.21FTC5/_new 2012-10-11 11:38:36.000000000 +0200 @@ -2,10 +2,11 @@ CHANNEL="release" BRANCH="releases/mozilla-$CHANNEL" -RELEASE_TAG="FIREFOX_15_0_RELEASE" -VERSION="15.0" +RELEASE_TAG="FIREFOX_16_0_RELEASE" +VERSION="16.0" # mozilla +echo "cloning $BRANCH..." hg clone http://hg.mozilla.org/$BRANCH mozilla pushd mozilla [ "$RELEASE_TAG" == "default" ] || hg update -r $RELEASE_TAG @@ -15,23 +16,28 @@ echo -n "REPO=" >> ../source-stamp.txt hg showconfig paths.default 2>/dev/null | head -n1 | sed -e "s/^ssh:/http:/" >> ../source-stamp.txt popd +echo "creating archive..." tar cjf xulrunner-$VERSION-source.tar.bz2 --exclude=.hgtags --exclude=.hgignore --exclude=.hg --exclude=CVS mozilla # l10n +echo "fetching locales..." test ! -d l10n && mkdir l10n for locale in $(awk '{ print $1; }' mozilla/browser/locales/shipped-locales); do case $locale in ja-JP-mac|en-US) ;; *) + echo "fetching $locale ..." hg clone http://hg.mozilla.org/releases/l10n/mozilla-$CHANNEL/$locale l10n/$locale [ "$RELEASE_TAG" == "default" ] || hg -R l10n/$locale up -C -r $RELEASE_TAG ;; esac done +echo "creating l10n archive..." tar cjf l10n-$VERSION.tar.bz2 --exclude=.hgtags --exclude=.hgignore --exclude=.hg l10n # compare-locales +echo "creating compare-locales" hg clone http://hg.mozilla.org/build/compare-locales tar cjf compare-locales.tar.bz2 --exclude=.hgtags --exclude=.hgignore --exclude=.hg compare-locales ++++++ l10n-15.0.tar.bz2 -> l10n-16.0.tar.bz2 ++++++ /work/SRC/openSUSE:Factory/xulrunner/l10n-15.0.tar.bz2 /work/SRC/openSUSE:Factory/.xulrunner.new/l10n-16.0.tar.bz2 differ: char 11, line 1 ++++++ mozilla-idldir.patch ++++++ # HG changeset patch # Parent 2b6d21723804b8b5a73a2fe675ee9ce25f788229 # User Wolfgang Rosenauer <w...@rosenauer.org> Install IDL files to includedir instead of /usr/share/idl diff --git a/config/baseconfig.mk b/config/baseconfig.mk --- a/config/baseconfig.mk +++ b/config/baseconfig.mk @@ -1,12 +1,12 @@ INCLUDED_AUTOCONF_MK = 1 includedir := $(includedir)/$(MOZ_APP_NAME)-$(MOZ_APP_VERSION) -idldir = $(datadir)/idl/$(MOZ_APP_NAME)-$(MOZ_APP_VERSION) +idldir = $(includedir) installdir = $(libdir)/$(MOZ_APP_NAME)-$(MOZ_APP_VERSION) sdkdir = $(libdir)/$(MOZ_APP_NAME)-devel-$(MOZ_APP_VERSION) DIST = $(DEPTH)/dist # We do magic with OBJ_SUFFIX in config.mk, the following ensures we don't # manually use it before config.mk inclusion _OBJ_SUFFIX := $(OBJ_SUFFIX) OBJ_SUFFIX = $(error config/config.mk needs to be included before using OBJ_SUFFIX) ++++++ mozilla-ntlm-full-path.patch ++++++ --- /var/tmp/diff_new_pack.21FTC5/_old 2012-10-11 11:38:36.000000000 +0200 +++ /var/tmp/diff_new_pack.21FTC5/_new 2012-10-11 11:38:36.000000000 +0200 @@ -1,12 +1,12 @@ # HG changeset patch # User Petr Cerny <pce...@novell.com> -# Parent a843037ea4cee813a68dd529e7a503d1e40b81e4 +# Parent 4f5fe2278cd5cff898ad762457312f60a7e82a67 Bug 634334 - call to the ntlm_auth helper fails diff --git a/extensions/auth/nsAuthSambaNTLM.cpp b/extensions/auth/nsAuthSambaNTLM.cpp --- a/extensions/auth/nsAuthSambaNTLM.cpp +++ b/extensions/auth/nsAuthSambaNTLM.cpp -@@ -200,17 +200,17 @@ static PRUint8* ExtractMessage(const nsA +@@ -168,17 +168,17 @@ static PRUint8* ExtractMessage(const nsA nsresult nsAuthSambaNTLM::SpawnNTLMAuthHelper() { @@ -14,14 +14,14 @@ if (!username) return NS_ERROR_FAILURE; - char* args[] = { + const char* const args[] = { - "ntlm_auth", + "/usr/bin/ntlm_auth", "--helper-protocol", "ntlmssp-client-1", "--use-cached-creds", - "--username", const_cast<char*>(username), + "--username", username, nsnull }; - bool isOK = SpawnIOChild(args, &mChildPID, &mFromChildFD, &mToChildFD); + bool isOK = SpawnIOChild(const_cast<char* const*>(args), &mChildPID, &mFromChildFD, &mToChildFD); if (!isOK) ++++++ mozilla-pkgconfig.patch ++++++ --- /var/tmp/diff_new_pack.21FTC5/_old 2012-10-11 11:38:36.000000000 +0200 +++ /var/tmp/diff_new_pack.21FTC5/_new 2012-10-11 11:38:36.000000000 +0200 @@ -14,7 +14,7 @@ # Add pkg-config files to the install:: target +# the apilibdir always ends with 1.9 as every patch update will provide a link -+apilibdir = $(dir $(installdir))xulrunner-15 ++apilibdir = $(dir $(installdir))xulrunner-16 + pkg_config_files = \ libxul.pc \ ++++++ mozilla-ppc.patch ++++++ --- /var/tmp/diff_new_pack.21FTC5/_old 2012-10-11 11:38:36.000000000 +0200 +++ /var/tmp/diff_new_pack.21FTC5/_new 2012-10-11 11:38:36.000000000 +0200 @@ -1,5 +1,5 @@ # HG changeset patch -# Parent 0f6722dd9d75458124795d22e9240887c9b4aeca +# Parent 58ae98c85e39def96a90cb21c90e871f41a03a71 # User Wolfgang Rosenauer <w...@rosenauer.org> Bug 746112 - RegExp hang on ppc64 in execute. Bug 750620 - Make double-conversion portable to exotic architectures. TM: mozilla15 @@ -67,9 +67,9 @@ parentheses.subpatternId = subpatternId; parentheses.isCopy = false; parentheses.isTerminal = false; -diff --git a/memory/jemalloc/jemalloc.c b/memory/jemalloc/jemalloc.c ---- a/memory/jemalloc/jemalloc.c -+++ b/memory/jemalloc/jemalloc.c +diff --git a/memory/mozjemalloc/jemalloc.c b/memory/mozjemalloc/jemalloc.c +--- a/memory/mozjemalloc/jemalloc.c ++++ b/memory/mozjemalloc/jemalloc.c @@ -1086,17 +1086,19 @@ struct arena_s { static unsigned ncpus; #endif ++++++ source-stamp.txt ++++++ --- /var/tmp/diff_new_pack.21FTC5/_old 2012-10-11 11:38:36.000000000 +0200 +++ /var/tmp/diff_new_pack.21FTC5/_new 2012-10-11 11:38:36.000000000 +0200 @@ -1,2 +1,2 @@ -REV=450143d2d810 +REV=10fe550fadc6 REPO=http://hg.mozilla.org/releases/mozilla-release ++++++ xulrunner-15.0-source.tar.bz2 -> xulrunner-16.0-source.tar.bz2 ++++++ /work/SRC/openSUSE:Factory/xulrunner/xulrunner-15.0-source.tar.bz2 /work/SRC/openSUSE:Factory/.xulrunner.new/xulrunner-16.0-source.tar.bz2 differ: char 11, line 1 -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org