--- a/MozillaFirefox/MozillaFirefox.changes Thu Mar 25 20:10:44 2010 +0100
+++ b/MozillaFirefox/MozillaFirefox.changes Sun Apr 04 09:41:55 2010 +0200
@@ -1,7 +1,44 @@
+-------------------------------------------------------------------
+Thu Apr 1 11:15:38 UTC 2010 - wr@rosenauer.org
+
+- security update to 3.6.3
+ * MFSA 2010-25/CVE-2010-1121 (bmo#555109)
+ Re-use of freed object due to scope confusion
+
-------------------------------------------------------------------
Thu Mar 18 06:43:33 CET 2010 - wr@rosenauer.org
- security update to version 3.6.2 (bnc#586567)
+ * MFSA 2010-08/CVE-2010-1028
+ WOFF heap corruption due to integer overflow
+ * MFSA 2010-09/CVE-2010-0164 (bmo#547143)
+ Deleted frame reuse in multipart/x-mixed-replace image
+ * MFSA 2010-10/CVE-2010-0170 (bmo#541530)
+ XSS via plugins and unprotected Location object
+ * MFSA 2010-11/CVE-2010-0165/CVE-2010-0166/CVE-2010-0167
+ Crashes with evidence of memory corruption
+ * MFSA 2010-12/CVE-2010-0171 (bmo#531364)
+ XSS using addEventListener and setTimeout on a wrapped object
+ * MFSA 2010-13/CVE-2010-0168 (bmo#540642)
+ Content policy bypass with image preloading
+ * MFSA 2010-14/CVE-2010-0169 (bmo#535806)
+ Browser chrome defacement via cached XUL stylesheets
+ * MFSA 2010-15/CVE-2010-0172 (bmo#537862)
+ Asynchronous Auth Prompt attaches to wrong window
+ * MFSA 2010-16/CVE-2010-0173/CVE-2010-0174
+ Crashes with evidence of memory corruption
+ * MFSA 2010-18/CVE-2010-0176 (bmo#538308)
+ Dangling pointer vulnerability in nsTreeContentView
+ * MFSA 2010-19/CVE-2010-0177 (bmo#538310)
+ Dangling pointer vulnerability in nsPluginArray
+ * MFSA 2010-20/CVE-2010-0178 (bmo#546909)
+ Chrome privilege escalation via forced URL drag and drop
+ * MFSA 2010-22/CVE-2009-3555 (bmo#545755)
+ Update NSS to support TLS renegotiation indication
+ * MFSA 2010-23/CVE-2010-0181 (bmo#452093)
+ Image src redirect to mailto: URL opens email editor
+ * MFSA 2010-24/CVE-2010-0182 (bmo#490790)
+ XMLDocument::load() doesn't check nsIContentPolicy
-------------------------------------------------------------------
Mon Jan 18 09:42:50 CET 2010 - wr@rosenauer.org
--- a/MozillaFirefox/MozillaFirefox.spec Thu Mar 25 20:10:44 2010 +0100
+++ b/MozillaFirefox/MozillaFirefox.spec Sun Apr 04 09:41:55 2010 +0200
@@ -1,5 +1,5 @@
#
-# spec file for package MozillaFirefox (Version 3.6.2)
+# spec file for package MozillaFirefox (Version 3.6.3)
#
# Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany.
# 2006-2010 Wolfgang Rosenauer
@@ -22,7 +22,7 @@
Name: MozillaFirefox
%define xulrunner mozilla-xulrunner192
BuildRequires: autoconf213 gcc-c++ libcurl-devel libgnomeui-devel libidl-devel libnotify-devel python unzip update-desktop-files zip
-BuildRequires: %{xulrunner}-devel = 1.9.2.2
+BuildRequires: %{xulrunner}-devel = 1.9.2.3
%if %suse_version > 1020
BuildRequires: fdupes
%endif
@@ -34,9 +34,9 @@
License: GPLv2+ ; LGPLv2.1+ ; MPLv1.1+
Provides: web_browser
Provides: firefox
-Version: 3.6.2
+Version: 3.6.3
Release: 1
-%define releasedate 2010031700
+%define releasedate 2010040100
Summary: Mozilla Firefox Web Browser
Url: http://www.mozilla.org/
Group: Productivity/Networking/Web/Browsers
@@ -96,6 +96,7 @@
%if %localize
+
%package translations-common
Summary: Common translations for MozillaFirefox
License: GPLv2+ ; LGPLv2.1+ ; MPLv1.1+
@@ -371,6 +372,7 @@
%doc %{_mandir}/man1/%{progname}.1.gz
%if %localize
+
%files translations-common -f %{_tmppath}/translations.common
%defattr(-,root,root)
%dir %{progdir}
--- a/mozilla-xulrunner192/create-tar.sh Thu Mar 25 20:10:44 2010 +0100
+++ b/mozilla-xulrunner192/create-tar.sh Sun Apr 04 09:41:55 2010 +0200
@@ -1,7 +1,7 @@
#!/bin/bash
-RELEASE_TAG="FIREFOX_3_6_2_RELEASE"
-VERSION="1.9.2.2"
+RELEASE_TAG="FIREFOX_3_6_3_RELEASE"
+VERSION="1.9.2.3"
# mozilla
hg clone http://hg.mozilla.org/releases/mozilla-1.9.2 mozilla
--- a/mozilla-xulrunner192/mozilla-xulrunner192.changes Thu Mar 25 20:10:44 2010 +0100
+++ b/mozilla-xulrunner192/mozilla-xulrunner192.changes Sun Apr 04 09:41:55 2010 +0200
@@ -1,10 +1,44 @@
+-------------------------------------------------------------------
+Thu Apr 1 11:15:38 UTC 2010 - wr@rosenauer.org
+
+- security update to 1.9.2.3
+ * MFSA 2010-25/CVE-2010-1121 (bmo#555109)
+ Re-use of freed object due to scope confusion
+
-------------------------------------------------------------------
Thu Mar 25 20:04:41 CET 2010 - wr@rosenauer.org
- security update to 1.9.2.2 (bnc#586567)
- * requires NSS 3.12.6
- * MFSA 2010-08/CVE-2010-1028 (bmo#552216)
+ * MFSA 2010-08/CVE-2010-1028
WOFF heap corruption due to integer overflow
+ * MFSA 2010-09/CVE-2010-0164 (bmo#547143)
+ Deleted frame reuse in multipart/x-mixed-replace image
+ * MFSA 2010-10/CVE-2010-0170 (bmo#541530)
+ XSS via plugins and unprotected Location object
+ * MFSA 2010-11/CVE-2010-0165/CVE-2010-0166/CVE-2010-0167
+ Crashes with evidence of memory corruption
+ * MFSA 2010-12/CVE-2010-0171 (bmo#531364)
+ XSS using addEventListener and setTimeout on a wrapped object
+ * MFSA 2010-13/CVE-2010-0168 (bmo#540642)
+ Content policy bypass with image preloading
+ * MFSA 2010-14/CVE-2010-0169 (bmo#535806)
+ Browser chrome defacement via cached XUL stylesheets
+ * MFSA 2010-15/CVE-2010-0172 (bmo#537862)
+ Asynchronous Auth Prompt attaches to wrong window
+ * MFSA 2010-16/CVE-2010-0173/CVE-2010-0174
+ Crashes with evidence of memory corruption
+ * MFSA 2010-18/CVE-2010-0176 (bmo#538308)
+ Dangling pointer vulnerability in nsTreeContentView
+ * MFSA 2010-19/CVE-2010-0177 (bmo#538310)
+ Dangling pointer vulnerability in nsPluginArray
+ * MFSA 2010-20/CVE-2010-0178 (bmo#546909)
+ Chrome privilege escalation via forced URL drag and drop
+ * MFSA 2010-22/CVE-2009-3555 (bmo#545755)
+ Update NSS to support TLS renegotiation indication
+ * MFSA 2010-23/CVE-2010-0181 (bmo#452093)
+ Image src redirect to mailto: URL opens email editor
+ * MFSA 2010-24/CVE-2010-0182 (bmo#490790)
+ XMLDocument::load() doesn't check nsIContentPolicy
- general.useragent.locale in profile overrides
intl.locale.matchOS (bmo#542999)
- split mozilla-js192 package which contains libmozjs only
--- a/mozilla-xulrunner192/mozilla-xulrunner192.spec Thu Mar 25 20:10:44 2010 +0100
+++ b/mozilla-xulrunner192/mozilla-xulrunner192.spec Sun Apr 04 09:41:55 2010 +0200
@@ -1,5 +1,5 @@
#
-# spec file for package mozilla-xulrunner192 (Version 1.9.2.2)
+# spec file for package mozilla-xulrunner192 (Version 1.9.2.3)
#
# Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany.
# 2006-2010 Wolfgang Rosenauer
@@ -39,12 +39,12 @@
BuildRequires: wireless-tools
%endif
License: GPLv2+ ; LGPLv2.1+ ; MPLv1.1+
-Version: 1.9.2.2
+Version: 1.9.2.3
Release: 1
-%define releasedate 2010031700
-%define version_internal 1.9.2.2
+%define releasedate 2010040100
+%define version_internal 1.9.2.3
%define apiversion 1.9.2
-%define uaweight 192020
+%define uaweight 192030
Summary: Mozilla Runtime Environment 1.9.2
Url: http://www.mozilla.org
Group: Productivity/Other
@@ -154,6 +154,7 @@
Software Development Kit to embed XUL or Gecko into other applications.
%if %localize
+
%package translations-common
License: GPLv2+ ; LGPLv2.1+ ; MPLv1.1+
Summary: Common translations for XULRunner 1.9.2
@@ -202,6 +203,7 @@
%if %crashreporter
+
%package buildsymbols
License: GPLv2+ ; LGPLv2.1+ ; MPLv1.1+
Summary: Breakpad buildsymbols for %{name}
@@ -212,7 +214,6 @@
symbols meant for upload to Mozilla's crash collector database.
%endif
-
%prep
%setup -n mozilla -q -b 1
%patch1 -p1
@@ -564,6 +565,7 @@
%{_libdir}/xulrunner-%{version_internal}/components/libnkgnomevfs.so
%if %localize
+
%files translations-common -f %{_tmppath}/translations.common
%defattr(-,root,root)
%dir %{_libdir}/xulrunner-%{version_internal}/
@@ -576,6 +578,7 @@
%endif
%if %crashreporter
+
%files buildsymbols
%defattr(-,root,root)
%{_datadir}/mozilla/