From 2e3fd693c19a8260eea649b051e9c404d971b65dd24a3fdce2785dcbac06134d Mon Sep 17 00:00:00 2001 From: Wolfgang Rosenauer Date: Wed, 7 Aug 2013 12:18:59 +0000 Subject: [PATCH] - update to Firefox 23.0 (bnc#833389) * MFSA 2013-63/CVE-2013-1701/CVE-2013-1702 Miscellaneous memory safety hazards * MFSA 2013-64/CVE-2013-1704 (bmo#883313) Use after free mutating DOM during SetBody * MFSA 2013-65/CVE-2013-1705 (bmo#882865) Buffer underflow when generating CRMF requests * MFSA 2013-67/CVE-2013-1708 (bmo#879924) Crash during WAV audio file decoding * MFSA 2013-68/CVE-2013-1709 (bmo#838253) Document URI misrepresentation and masquerading * MFSA 2013-69/CVE-2013-1710 (bmo#871368) CRMF requests allow for code execution and XSS attacks * MFSA 2013-70/CVE-2013-1711 (bmo#843829) Bypass of XrayWrappers using XBL Scopes * MFSA 2013-72/CVE-2013-1713 (bmo#887098) Wrong principal used for validating URI for some Javascript components * MFSA 2013-73/CVE-2013-1714 (bmo#879787) Same-origin bypass with web workers and XMLHttpRequest * MFSA 2013-75/CVE-2013-1717 (bmo#406541, bmo#738397) Local Java applets may read contents of local file system - requires NSPR 4.10 and NSS 3.15 OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=345 --- MozillaFirefox.changes | 27 +++ MozillaFirefox.spec | 9 +- compare-locales.tar.bz2 | 4 +- create-tar.sh | 4 +- firefox-22.0-source.tar.bz2 | 3 - firefox-23.0-source.tar.bz2 | 3 + firefox-branded-icons.patch | 10 +- firefox-kde.patch | 311 ++++++++++++++---------------- firefox-multilocale-chrome.patch | 34 ++-- firefox-no-default-ualocale.patch | 10 +- l10n-22.0.tar.bz2 | 3 - l10n-23.0.tar.bz2 | 3 + mozilla-kde.patch | 44 ++--- mozilla-shared-nss-db.patch | 28 ++- source-stamp.txt | 2 +- 15 files changed, 242 insertions(+), 253 deletions(-) delete mode 100644 firefox-22.0-source.tar.bz2 create mode 100644 firefox-23.0-source.tar.bz2 delete mode 100644 l10n-22.0.tar.bz2 create mode 100644 l10n-23.0.tar.bz2 diff --git a/MozillaFirefox.changes b/MozillaFirefox.changes index 1f6577c..2e634cc 100644 --- a/MozillaFirefox.changes +++ b/MozillaFirefox.changes @@ -1,3 +1,30 @@ +------------------------------------------------------------------- +Sun Aug 4 18:30:11 UTC 2013 - wr@rosenauer.org + +- update to Firefox 23.0 (bnc#833389) + * MFSA 2013-63/CVE-2013-1701/CVE-2013-1702 + Miscellaneous memory safety hazards + * MFSA 2013-64/CVE-2013-1704 (bmo#883313) + Use after free mutating DOM during SetBody + * MFSA 2013-65/CVE-2013-1705 (bmo#882865) + Buffer underflow when generating CRMF requests + * MFSA 2013-67/CVE-2013-1708 (bmo#879924) + Crash during WAV audio file decoding + * MFSA 2013-68/CVE-2013-1709 (bmo#838253) + Document URI misrepresentation and masquerading + * MFSA 2013-69/CVE-2013-1710 (bmo#871368) + CRMF requests allow for code execution and XSS attacks + * MFSA 2013-70/CVE-2013-1711 (bmo#843829) + Bypass of XrayWrappers using XBL Scopes + * MFSA 2013-72/CVE-2013-1713 (bmo#887098) + Wrong principal used for validating URI for some Javascript + components + * MFSA 2013-73/CVE-2013-1714 (bmo#879787) + Same-origin bypass with web workers and XMLHttpRequest + * MFSA 2013-75/CVE-2013-1717 (bmo#406541, bmo#738397) + Local Java applets may read contents of local file system +- requires NSPR 4.10 and NSS 3.15 + ------------------------------------------------------------------- Wed Jul 3 17:14:35 UTC 2013 - dmueller@suse.com diff --git a/MozillaFirefox.spec b/MozillaFirefox.spec index e09ada5..11c82cc 100644 --- a/MozillaFirefox.spec +++ b/MozillaFirefox.spec @@ -17,7 +17,7 @@ # -%define major 22 +%define major 23 %define mainver %major.0 %define update_channel release @@ -50,8 +50,8 @@ BuildRequires: libproxy-devel %else BuildRequires: wireless-tools %endif -BuildRequires: mozilla-nspr-devel >= 4.9.6 -BuildRequires: mozilla-nss-devel >= 3.14.3 +BuildRequires: mozilla-nspr-devel >= 4.10 +BuildRequires: mozilla-nss-devel >= 3.15 BuildRequires: nss-shared-helper-devel %if %suse_version > 1210 BuildRequires: pkgconfig(gstreamer-%gstreamer_ver) @@ -60,7 +60,7 @@ BuildRequires: pkgconfig(gstreamer-plugins-base-%gstreamer_ver) %endif Version: %{mainver} Release: 0 -%define releasedate 2013062200 +%define releasedate 2013080200 Provides: firefox = %{mainver} Provides: firefox = %{version}-%{release} Provides: web_browser @@ -553,7 +553,6 @@ exit 0 %{progdir}/browser/defaults %{progdir}/browser/icons/ %{progdir}/browser/chrome/icons -#%{progdir}/browser/distribution/ %{progdir}/browser/extensions/{972ce4c6-7e08-4474-a285-3208198ce6fd} %{progdir}/browser/searchplugins/ %{progdir}/browser/blocklist.xml diff --git a/compare-locales.tar.bz2 b/compare-locales.tar.bz2 index a99e15b..769a2c7 100644 --- a/compare-locales.tar.bz2 +++ b/compare-locales.tar.bz2 @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:a468c61153c99687cbed6e5e6554e7faf61005a35e6a08a119b623d08c6c4018 -size 29912 +oid sha256:34148975da7c5dcdb35064b99fbc499948d452cd30948bdb1a22711187b4f98a +size 29940 diff --git a/create-tar.sh b/create-tar.sh index 414d7ef..9247652 100644 --- a/create-tar.sh +++ b/create-tar.sh @@ -2,8 +2,8 @@ CHANNEL="release" BRANCH="releases/mozilla-$CHANNEL" -RELEASE_TAG="FIREFOX_22_0_RELEASE" -VERSION="22.0" +RELEASE_TAG="FIREFOX_23_0_RELEASE" +VERSION="23.0" # mozilla if [ -d mozilla ]; then diff --git a/firefox-22.0-source.tar.bz2 b/firefox-22.0-source.tar.bz2 deleted file mode 100644 index e6df16a..0000000 --- a/firefox-22.0-source.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:bc2f8ebd513c6a99ddb09f36d8bf20ca2aa1f7445d088dccbfaa2293939141f9 -size 112536902 diff --git a/firefox-23.0-source.tar.bz2 b/firefox-23.0-source.tar.bz2 new file mode 100644 index 0000000..fcbda76 --- /dev/null +++ b/firefox-23.0-source.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:0138d96e446d8e03e17d5ff5ca1950aed03d88fae68b5cbc455bf50146a048be +size 116960774 diff --git a/firefox-branded-icons.patch b/firefox-branded-icons.patch index 9e2763a..8931d6a 100644 --- a/firefox-branded-icons.patch +++ b/firefox-branded-icons.patch @@ -1,10 +1,10 @@ # HG changeset patch -# Parent c2eac57908647987ed11893ad45262a32122dff4 +# Parent a5cc092ab98bc6d4c1b09b5cc86791bae1313c73 diff --git a/browser/app/Makefile.in b/browser/app/Makefile.in --- a/browser/app/Makefile.in +++ b/browser/app/Makefile.in -@@ -134,16 +134,21 @@ GARBAGE += $(addprefix $(FINAL_TARGET)/d +@@ -136,16 +136,21 @@ GARBAGE += $(addprefix $(FINAL_TARGET)/d endif ifeq ($(MOZ_WIDGET_TOOLKIT),gtk2) @@ -54,9 +54,9 @@ diff --git a/browser/branding/official/Makefile.in b/browser/branding/official/M diff --git a/browser/installer/package-manifest.in b/browser/installer/package-manifest.in --- a/browser/installer/package-manifest.in +++ b/browser/installer/package-manifest.in -@@ -572,18 +572,21 @@ - @BINPATH@/browser/distribution/extensions/testpilot@labs.mozilla.com.xpi - #endif +@@ -574,18 +574,21 @@ + @BINPATH@/browser/extensions/{972ce4c6-7e08-4474-a285-3208198ce6fd}/install.rdf + @BINPATH@/browser/extensions/{972ce4c6-7e08-4474-a285-3208198ce6fd}/icon.png @BINPATH@/chrome/toolkit@JAREXT@ @BINPATH@/chrome/toolkit.manifest @BINPATH@/chrome/recording.manifest diff --git a/firefox-kde.patch b/firefox-kde.patch index 9842ed7..6b7a0aa 100644 --- a/firefox-kde.patch +++ b/firefox-kde.patch @@ -2,7 +2,7 @@ diff --git a/browser/base/content/browser-kde.xul b/browser/base/content/browser new file mode 100644 --- /dev/null +++ b/browser/base/content/browser-kde.xul -@@ -0,0 +1,1225 @@ +@@ -0,0 +1,1196 @@ +#filter substitution + +# -*- Mode: HTML -*- @@ -187,83 +187,40 @@ new file mode 100644 + hidden="true" + consumeoutsideclicks="true" + align="start" ++ orient="horizontal" + role="alert"> -+ -+ -+ -+ ++ ++ ++ &social.activated.description; ++ ++ ++