commit xulrunner for openSUSE:Factory

h_root Thu, 11 Oct 2012 02:38:41 -0700

Hello community,

here is the log from the commit of package xulrunner for openSUSE:Factory 
checked in at 2012-10-11 11:35:02
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/xulrunner (Old)
 and      /work/SRC/openSUSE:Factory/.xulrunner.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


Package is "xulrunner", Maintainer is "gnome-maintain...@suse.de"

Changes:
--------
--- /work/SRC/openSUSE:Factory/xulrunner/xulrunner.changes      2012-09-12 
07:15:16.000000000 +0200
+++ /work/SRC/openSUSE:Factory/.xulrunner.new/xulrunner.changes 2012-10-11 
11:38:32.000000000 +0200
@@ -1,0 +2,38 @@
+Sun Oct  7 21:41:01 UTC 2012 - w...@rosenauer.org
+
+- update to 16.0 (bnc#783533)
+  * MFSA 2012-74/CVE-2012-3982/CVE-2012-3983
+    Miscellaneous memory safety hazards
+  * MFSA 2012-75/CVE-2012-3984 (bmo#575294)
+    select element persistance allows for attacks
+  * MFSA 2012-76/CVE-2012-3985 (bmo#655649)
+    Continued access to initial origin after setting document.domain
+  * MFSA 2012-77/CVE-2012-3986 (bmo#775868)
+    Some DOMWindowUtils methods bypass security checks
+  * MFSA 2012-79/CVE-2012-3988 (bmo#725770)
+    DOS and crash with full screen and history navigation
+  * MFSA 2012-80/CVE-2012-3989 (bmo#783867)
+    Crash with invalid cast when using instanceof operator
+  * MFSA 2012-81/CVE-2012-3991 (bmo#783260)
+    GetProperty function can bypass security checks
+  * MFSA 2012-82/CVE-2012-3994 (bmo#765527)
+    top object and location property accessible by plugins
+  * MFSA 2012-83/CVE-2012-3993/CVE-2012-4184 (bmo#768101, bmo#780370)
+    Chrome Object Wrapper (COW) does not disallow acces to privileged
+    functions or properties
+  * MFSA 2012-84/CVE-2012-3992 (bmo#775009)
+    Spoofing and script injection through location.hash
+  * MFSA 2012-85/CVE-2012-3995/CVE-2012-4179/CVE-2012-4180/
+    CVE-2012-4181/CVE-2012-4182/CVE-2012-4183
+    Use-after-free, buffer overflow, and out of bounds read issues
+    found using Address Sanitizer
+  * MFSA 2012-86/CVE-2012-4185/CVE-2012-4186/CVE-2012-4187/
+    CVE-2012-4188
+    Heap memory corruption issues found using Address Sanitizer
+  * MFSA 2012-87/CVE-2012-3990 (bmo#787704)
+    Use-after-free in the IME State Manager
+- requires NSPR 4.9.2
+- removed upstreamed mozilla-crashreporter-restart-args.patch
+- updated translations-other with new languages
+
+-------------------------------------------------------------------

Old:
----
  idldir.patch
  l10n-15.0.tar.bz2
  mozilla-crashreporter-restart-args.patch
  xulrunner-15.0-source.tar.bz2

New:
----
  l10n-16.0.tar.bz2
  mozilla-idldir.patch
  xulrunner-16.0-source.tar.bz2

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ xulrunner.spec ++++++
--- /var/tmp/diff_new_pack.21FTC5/_old  2012-10-11 11:38:35.000000000 +0200
+++ /var/tmp/diff_new_pack.21FTC5/_new  2012-10-11 11:38:35.000000000 +0200
@@ -42,14 +42,14 @@
 %else
 BuildRequires:  wireless-tools
 %endif
-BuildRequires:  mozilla-nspr-devel >= 4.9.1
+BuildRequires:  mozilla-nspr-devel >= 4.9.2
 BuildRequires:  mozilla-nss-devel >= 3.13.6
-Version:        15.0
+Version:        16.0
 Release:        0
-%define         releasedate 2012082500
-%define         version_internal 15.0
-%define         apiversion 15
-%define         uaweight 1500000
+%define         releasedate 2012100700
+%define         version_internal 16.0
+%define         apiversion 16
+%define         uaweight 1600000
 Summary:        Mozilla Runtime Environment
 License:        MPL-2.0
 Group:          Productivity/Other
@@ -70,13 +70,12 @@
 Source9:        compare-locales.tar.bz2
 Patch1:         toolkit-download-folder.patch
 Patch2:         mozilla-pkgconfig.patch
-Patch3:         idldir.patch
+Patch3:         mozilla-idldir.patch
 Patch4:         mozilla-nongnome-proxies.patch
 Patch5:         mozilla-prefer_plugin_pref.patch
 Patch6:         mozilla-language.patch
 Patch7:         mozilla-ntlm-full-path.patch
 Patch9:         mozilla-sle11.patch
-Patch12:        mozilla-crashreporter-restart-args.patch
 Patch14:        mozilla-ppc.patch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 Requires:       mozilla-js = %{version}
@@ -157,7 +156,7 @@
 Summary:        Extra translations for XULRunner
 Group:          System/Localization
 Requires:       %{name} = %{version}
-Provides:       
locale(%{name}:af;ak;as;ast;be;bg;bn_BD;bn_IN;br;bs;csb;cy;el;en_ZA;eo;es_MX;et;eu;fa;fy_NL;ga_IE;gd;gl;gu_IN;he;hi_IN;hr;hy_AM;id;is;kk;kn;ku;lg;lij;lt;lv;mai;mk;ml;mn;mr;nn_NO;nso;or;pa_IN;rm;ro;si;sk;sl;son;sq;sr;sw;ta;ta_LK;te;th;tr;uk;vi;zu)
+Provides:       
locale(%{name}:ach;af;ak;as;ast;be;bg;bn_BD;bn_IN;br;bs;csb;cy;el;en_ZA;eo;es_MX;et;eu;fa;ff;fy_NL;ga_IE;gd;gl;gu_IN;he;hi_IN;hr;hy_AM;id;is;kk;km;kn;ku;lg;lij;lt;lv;mai;mk;ml;mr;nn_NO;nso;or;pa_IN;rm;ro;si;sk;sl;son;sq;sr;ta;ta_LK;te;th;tr;uk;vi;zu)
 Obsoletes:      %{name}-translations < %{version}-%{release}
 
 %description translations-other
@@ -191,7 +190,6 @@
 %if %suse_version < 1120
 %patch9 -p1
 %endif
-%patch12 -p1
 %patch14 -p1
 
 %build
@@ -209,7 +207,7 @@
 %endif
 export LDFLAGS="  -Wl,-rpath -Wl,${MOZ_APP_DIR}"
 %ifarch %arm
-# debug symbols require too much memory during building
+# debug symbols require too much memory during build
 export CFLAGS="${CFLAGS/-g/}"
 LDFLAGS+="-Wl,--reduce-memory-overheads -Wl,--no-keep-memory"
 %endif

++++++ compare-locales.tar.bz2 ++++++

++++++ create-tar.sh ++++++
--- /var/tmp/diff_new_pack.21FTC5/_old  2012-10-11 11:38:36.000000000 +0200
+++ /var/tmp/diff_new_pack.21FTC5/_new  2012-10-11 11:38:36.000000000 +0200
@@ -2,10 +2,11 @@
 
 CHANNEL="release"
 BRANCH="releases/mozilla-$CHANNEL"
-RELEASE_TAG="FIREFOX_15_0_RELEASE"
-VERSION="15.0"
+RELEASE_TAG="FIREFOX_16_0_RELEASE"
+VERSION="16.0"
 
 # mozilla
+echo "cloning $BRANCH..."
 hg clone http://hg.mozilla.org/$BRANCH mozilla
 pushd mozilla
 [ "$RELEASE_TAG" == "default" ] || hg update -r $RELEASE_TAG
@@ -15,23 +16,28 @@
 echo -n "REPO=" >> ../source-stamp.txt
 hg showconfig paths.default 2>/dev/null | head -n1 | sed -e "s/^ssh:/http:/" 
>> ../source-stamp.txt
 popd
+echo "creating archive..."
 tar cjf xulrunner-$VERSION-source.tar.bz2 --exclude=.hgtags 
--exclude=.hgignore --exclude=.hg --exclude=CVS mozilla
 
 # l10n
+echo "fetching locales..."
 test ! -d l10n && mkdir l10n
 for locale in $(awk '{ print $1; }' mozilla/browser/locales/shipped-locales); 
do
   case $locale in
     ja-JP-mac|en-US)
       ;;
     *)
+      echo "fetching $locale ..."
       hg clone http://hg.mozilla.org/releases/l10n/mozilla-$CHANNEL/$locale 
l10n/$locale
       [ "$RELEASE_TAG" == "default" ] || hg -R l10n/$locale up -C -r 
$RELEASE_TAG
       ;;
   esac
 done
+echo "creating l10n archive..."
 tar cjf l10n-$VERSION.tar.bz2 --exclude=.hgtags --exclude=.hgignore 
--exclude=.hg l10n
 
 # compare-locales
+echo "creating compare-locales"
 hg clone http://hg.mozilla.org/build/compare-locales
 tar cjf compare-locales.tar.bz2 --exclude=.hgtags --exclude=.hgignore 
--exclude=.hg compare-locales
 

++++++ l10n-15.0.tar.bz2 -> l10n-16.0.tar.bz2 ++++++
/work/SRC/openSUSE:Factory/xulrunner/l10n-15.0.tar.bz2 
/work/SRC/openSUSE:Factory/.xulrunner.new/l10n-16.0.tar.bz2 differ: char 11, 
line 1

++++++ mozilla-idldir.patch ++++++
# HG changeset patch
# Parent 2b6d21723804b8b5a73a2fe675ee9ce25f788229
# User Wolfgang Rosenauer <w...@rosenauer.org>
Install IDL files to includedir instead of /usr/share/idl

diff --git a/config/baseconfig.mk b/config/baseconfig.mk
--- a/config/baseconfig.mk
+++ b/config/baseconfig.mk
@@ -1,12 +1,12 @@
 INCLUDED_AUTOCONF_MK = 1
 
 includedir := $(includedir)/$(MOZ_APP_NAME)-$(MOZ_APP_VERSION)
-idldir = $(datadir)/idl/$(MOZ_APP_NAME)-$(MOZ_APP_VERSION)
+idldir = $(includedir)
 installdir = $(libdir)/$(MOZ_APP_NAME)-$(MOZ_APP_VERSION)
 sdkdir = $(libdir)/$(MOZ_APP_NAME)-devel-$(MOZ_APP_VERSION)
 DIST = $(DEPTH)/dist
 
 # We do magic with OBJ_SUFFIX in config.mk, the following ensures we don't
 # manually use it before config.mk inclusion
 _OBJ_SUFFIX := $(OBJ_SUFFIX)
 OBJ_SUFFIX = $(error config/config.mk needs to be included before using 
OBJ_SUFFIX)
++++++ mozilla-ntlm-full-path.patch ++++++
--- /var/tmp/diff_new_pack.21FTC5/_old  2012-10-11 11:38:36.000000000 +0200
+++ /var/tmp/diff_new_pack.21FTC5/_new  2012-10-11 11:38:36.000000000 +0200
@@ -1,12 +1,12 @@
 # HG changeset patch
 # User Petr Cerny <pce...@novell.com>
-# Parent a843037ea4cee813a68dd529e7a503d1e40b81e4
+# Parent 4f5fe2278cd5cff898ad762457312f60a7e82a67
 Bug 634334 - call to the ntlm_auth helper fails
 
 diff --git a/extensions/auth/nsAuthSambaNTLM.cpp 
b/extensions/auth/nsAuthSambaNTLM.cpp
 --- a/extensions/auth/nsAuthSambaNTLM.cpp
 +++ b/extensions/auth/nsAuthSambaNTLM.cpp
-@@ -200,17 +200,17 @@ static PRUint8* ExtractMessage(const nsA
+@@ -168,17 +168,17 @@ static PRUint8* ExtractMessage(const nsA
  nsresult
  nsAuthSambaNTLM::SpawnNTLMAuthHelper()
  {
@@ -14,14 +14,14 @@
      if (!username)
          return NS_ERROR_FAILURE;
  
-     char* args[] = {
+     const char* const args[] = {
 -        "ntlm_auth",
 +        "/usr/bin/ntlm_auth",
          "--helper-protocol", "ntlmssp-client-1",
          "--use-cached-creds",
-         "--username", const_cast<char*>(username),
+         "--username", username,
          nsnull
      };
  
-     bool isOK = SpawnIOChild(args, &mChildPID, &mFromChildFD, &mToChildFD);
+     bool isOK = SpawnIOChild(const_cast<char* const*>(args), &mChildPID, 
&mFromChildFD, &mToChildFD);
      if (!isOK)  

++++++ mozilla-pkgconfig.patch ++++++
--- /var/tmp/diff_new_pack.21FTC5/_old  2012-10-11 11:38:36.000000000 +0200
+++ /var/tmp/diff_new_pack.21FTC5/_new  2012-10-11 11:38:36.000000000 +0200
@@ -14,7 +14,7 @@
  # Add pkg-config files to the install:: target
  
 +# the apilibdir always ends with 1.9 as every patch update will provide a link
-+apilibdir = $(dir $(installdir))xulrunner-15
++apilibdir = $(dir $(installdir))xulrunner-16
 +
  pkg_config_files = \
        libxul.pc \

++++++ mozilla-ppc.patch ++++++
--- /var/tmp/diff_new_pack.21FTC5/_old  2012-10-11 11:38:36.000000000 +0200
+++ /var/tmp/diff_new_pack.21FTC5/_new  2012-10-11 11:38:36.000000000 +0200
@@ -1,5 +1,5 @@
 # HG changeset patch
-# Parent 0f6722dd9d75458124795d22e9240887c9b4aeca
+# Parent 58ae98c85e39def96a90cb21c90e871f41a03a71
 # User Wolfgang Rosenauer <w...@rosenauer.org>
 Bug 746112 - RegExp hang on ppc64 in execute.
 Bug 750620 - Make double-conversion portable to exotic architectures. TM: 
mozilla15
@@ -67,9 +67,9 @@
          parentheses.subpatternId = subpatternId;
          parentheses.isCopy = false;
          parentheses.isTerminal = false;
-diff --git a/memory/jemalloc/jemalloc.c b/memory/jemalloc/jemalloc.c
---- a/memory/jemalloc/jemalloc.c
-+++ b/memory/jemalloc/jemalloc.c
+diff --git a/memory/mozjemalloc/jemalloc.c b/memory/mozjemalloc/jemalloc.c
+--- a/memory/mozjemalloc/jemalloc.c
++++ b/memory/mozjemalloc/jemalloc.c
 @@ -1086,17 +1086,19 @@ struct arena_s {
  static unsigned               ncpus;
  #endif

++++++ source-stamp.txt ++++++
--- /var/tmp/diff_new_pack.21FTC5/_old  2012-10-11 11:38:36.000000000 +0200
+++ /var/tmp/diff_new_pack.21FTC5/_new  2012-10-11 11:38:36.000000000 +0200
@@ -1,2 +1,2 @@
-REV=450143d2d810
+REV=10fe550fadc6
 REPO=http://hg.mozilla.org/releases/mozilla-release

++++++ xulrunner-15.0-source.tar.bz2 -> xulrunner-16.0-source.tar.bz2 ++++++
/work/SRC/openSUSE:Factory/xulrunner/xulrunner-15.0-source.tar.bz2 
/work/SRC/openSUSE:Factory/.xulrunner.new/xulrunner-16.0-source.tar.bz2 differ: 
char 11, line 1

-- 
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org

commit xulrunner for openSUSE:Factory

Reply via email to