# HG changeset patch # User Wolfgang Rosenauer # Date 1270366915 -7200 # Node ID 9213a0672227aab0de28e0b2aacdfb2e32b37b00 # Parent cbbe8d04403d40e7066e2d4c987f541080eb2622 Update to 1.9.2.3/3.6.3 diff -r cbbe8d04403d -r 9213a0672227 MozillaFirefox/MozillaFirefox.changes --- a/MozillaFirefox/MozillaFirefox.changes Thu Mar 25 20:10:44 2010 +0100 +++ b/MozillaFirefox/MozillaFirefox.changes Sun Apr 04 09:41:55 2010 +0200 @@ -1,7 +1,44 @@ +------------------------------------------------------------------- +Thu Apr 1 11:15:38 UTC 2010 - wr@rosenauer.org + +- security update to 3.6.3 + * MFSA 2010-25/CVE-2010-1121 (bmo#555109) + Re-use of freed object due to scope confusion + ------------------------------------------------------------------- Thu Mar 18 06:43:33 CET 2010 - wr@rosenauer.org - security update to version 3.6.2 (bnc#586567) + * MFSA 2010-08/CVE-2010-1028 + WOFF heap corruption due to integer overflow + * MFSA 2010-09/CVE-2010-0164 (bmo#547143) + Deleted frame reuse in multipart/x-mixed-replace image + * MFSA 2010-10/CVE-2010-0170 (bmo#541530) + XSS via plugins and unprotected Location object + * MFSA 2010-11/CVE-2010-0165/CVE-2010-0166/CVE-2010-0167 + Crashes with evidence of memory corruption + * MFSA 2010-12/CVE-2010-0171 (bmo#531364) + XSS using addEventListener and setTimeout on a wrapped object + * MFSA 2010-13/CVE-2010-0168 (bmo#540642) + Content policy bypass with image preloading + * MFSA 2010-14/CVE-2010-0169 (bmo#535806) + Browser chrome defacement via cached XUL stylesheets + * MFSA 2010-15/CVE-2010-0172 (bmo#537862) + Asynchronous Auth Prompt attaches to wrong window + * MFSA 2010-16/CVE-2010-0173/CVE-2010-0174 + Crashes with evidence of memory corruption + * MFSA 2010-18/CVE-2010-0176 (bmo#538308) + Dangling pointer vulnerability in nsTreeContentView + * MFSA 2010-19/CVE-2010-0177 (bmo#538310) + Dangling pointer vulnerability in nsPluginArray + * MFSA 2010-20/CVE-2010-0178 (bmo#546909) + Chrome privilege escalation via forced URL drag and drop + * MFSA 2010-22/CVE-2009-3555 (bmo#545755) + Update NSS to support TLS renegotiation indication + * MFSA 2010-23/CVE-2010-0181 (bmo#452093) + Image src redirect to mailto: URL opens email editor + * MFSA 2010-24/CVE-2010-0182 (bmo#490790) + XMLDocument::load() doesn't check nsIContentPolicy ------------------------------------------------------------------- Mon Jan 18 09:42:50 CET 2010 - wr@rosenauer.org diff -r cbbe8d04403d -r 9213a0672227 MozillaFirefox/MozillaFirefox.spec --- a/MozillaFirefox/MozillaFirefox.spec Thu Mar 25 20:10:44 2010 +0100 +++ b/MozillaFirefox/MozillaFirefox.spec Sun Apr 04 09:41:55 2010 +0200 @@ -1,5 +1,5 @@ # -# spec file for package MozillaFirefox (Version 3.6.2) +# spec file for package MozillaFirefox (Version 3.6.3) # # Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany. # 2006-2010 Wolfgang Rosenauer @@ -22,7 +22,7 @@ Name: MozillaFirefox %define xulrunner mozilla-xulrunner192 BuildRequires: autoconf213 gcc-c++ libcurl-devel libgnomeui-devel libidl-devel libnotify-devel python unzip update-desktop-files zip -BuildRequires: %{xulrunner}-devel = 1.9.2.2 +BuildRequires: %{xulrunner}-devel = 1.9.2.3 %if %suse_version > 1020 BuildRequires: fdupes %endif @@ -34,9 +34,9 @@ License: GPLv2+ ; LGPLv2.1+ ; MPLv1.1+ Provides: web_browser Provides: firefox -Version: 3.6.2 +Version: 3.6.3 Release: 1 -%define releasedate 2010031700 +%define releasedate 2010040100 Summary: Mozilla Firefox Web Browser Url: http://www.mozilla.org/ Group: Productivity/Networking/Web/Browsers @@ -96,6 +96,7 @@ %if %localize + %package translations-common Summary: Common translations for MozillaFirefox License: GPLv2+ ; LGPLv2.1+ ; MPLv1.1+ @@ -371,6 +372,7 @@ %doc %{_mandir}/man1/%{progname}.1.gz %if %localize + %files translations-common -f %{_tmppath}/translations.common %defattr(-,root,root) %dir %{progdir} diff -r cbbe8d04403d -r 9213a0672227 mozilla-xulrunner192/create-tar.sh --- a/mozilla-xulrunner192/create-tar.sh Thu Mar 25 20:10:44 2010 +0100 +++ b/mozilla-xulrunner192/create-tar.sh Sun Apr 04 09:41:55 2010 +0200 @@ -1,7 +1,7 @@ #!/bin/bash -RELEASE_TAG="FIREFOX_3_6_2_RELEASE" -VERSION="1.9.2.2" +RELEASE_TAG="FIREFOX_3_6_3_RELEASE" +VERSION="1.9.2.3" # mozilla hg clone http://hg.mozilla.org/releases/mozilla-1.9.2 mozilla diff -r cbbe8d04403d -r 9213a0672227 mozilla-xulrunner192/mozilla-xulrunner192.changes --- a/mozilla-xulrunner192/mozilla-xulrunner192.changes Thu Mar 25 20:10:44 2010 +0100 +++ b/mozilla-xulrunner192/mozilla-xulrunner192.changes Sun Apr 04 09:41:55 2010 +0200 @@ -1,10 +1,44 @@ +------------------------------------------------------------------- +Thu Apr 1 11:15:38 UTC 2010 - wr@rosenauer.org + +- security update to 1.9.2.3 + * MFSA 2010-25/CVE-2010-1121 (bmo#555109) + Re-use of freed object due to scope confusion + ------------------------------------------------------------------- Thu Mar 25 20:04:41 CET 2010 - wr@rosenauer.org - security update to 1.9.2.2 (bnc#586567) - * requires NSS 3.12.6 - * MFSA 2010-08/CVE-2010-1028 (bmo#552216) + * MFSA 2010-08/CVE-2010-1028 WOFF heap corruption due to integer overflow + * MFSA 2010-09/CVE-2010-0164 (bmo#547143) + Deleted frame reuse in multipart/x-mixed-replace image + * MFSA 2010-10/CVE-2010-0170 (bmo#541530) + XSS via plugins and unprotected Location object + * MFSA 2010-11/CVE-2010-0165/CVE-2010-0166/CVE-2010-0167 + Crashes with evidence of memory corruption + * MFSA 2010-12/CVE-2010-0171 (bmo#531364) + XSS using addEventListener and setTimeout on a wrapped object + * MFSA 2010-13/CVE-2010-0168 (bmo#540642) + Content policy bypass with image preloading + * MFSA 2010-14/CVE-2010-0169 (bmo#535806) + Browser chrome defacement via cached XUL stylesheets + * MFSA 2010-15/CVE-2010-0172 (bmo#537862) + Asynchronous Auth Prompt attaches to wrong window + * MFSA 2010-16/CVE-2010-0173/CVE-2010-0174 + Crashes with evidence of memory corruption + * MFSA 2010-18/CVE-2010-0176 (bmo#538308) + Dangling pointer vulnerability in nsTreeContentView + * MFSA 2010-19/CVE-2010-0177 (bmo#538310) + Dangling pointer vulnerability in nsPluginArray + * MFSA 2010-20/CVE-2010-0178 (bmo#546909) + Chrome privilege escalation via forced URL drag and drop + * MFSA 2010-22/CVE-2009-3555 (bmo#545755) + Update NSS to support TLS renegotiation indication + * MFSA 2010-23/CVE-2010-0181 (bmo#452093) + Image src redirect to mailto: URL opens email editor + * MFSA 2010-24/CVE-2010-0182 (bmo#490790) + XMLDocument::load() doesn't check nsIContentPolicy - general.useragent.locale in profile overrides intl.locale.matchOS (bmo#542999) - split mozilla-js192 package which contains libmozjs only diff -r cbbe8d04403d -r 9213a0672227 mozilla-xulrunner192/mozilla-xulrunner192.spec --- a/mozilla-xulrunner192/mozilla-xulrunner192.spec Thu Mar 25 20:10:44 2010 +0100 +++ b/mozilla-xulrunner192/mozilla-xulrunner192.spec Sun Apr 04 09:41:55 2010 +0200 @@ -1,5 +1,5 @@ # -# spec file for package mozilla-xulrunner192 (Version 1.9.2.2) +# spec file for package mozilla-xulrunner192 (Version 1.9.2.3) # # Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany. # 2006-2010 Wolfgang Rosenauer @@ -39,12 +39,12 @@ BuildRequires: wireless-tools %endif License: GPLv2+ ; LGPLv2.1+ ; MPLv1.1+ -Version: 1.9.2.2 +Version: 1.9.2.3 Release: 1 -%define releasedate 2010031700 -%define version_internal 1.9.2.2 +%define releasedate 2010040100 +%define version_internal 1.9.2.3 %define apiversion 1.9.2 -%define uaweight 192020 +%define uaweight 192030 Summary: Mozilla Runtime Environment 1.9.2 Url: http://www.mozilla.org Group: Productivity/Other @@ -154,6 +154,7 @@ Software Development Kit to embed XUL or Gecko into other applications. %if %localize + %package translations-common License: GPLv2+ ; LGPLv2.1+ ; MPLv1.1+ Summary: Common translations for XULRunner 1.9.2 @@ -202,6 +203,7 @@ %if %crashreporter + %package buildsymbols License: GPLv2+ ; LGPLv2.1+ ; MPLv1.1+ Summary: Breakpad buildsymbols for %{name} @@ -212,7 +214,6 @@ symbols meant for upload to Mozilla's crash collector database. %endif - %prep %setup -n mozilla -q -b 1 %patch1 -p1 @@ -564,6 +565,7 @@ %{_libdir}/xulrunner-%{version_internal}/components/libnkgnomevfs.so %if %localize + %files translations-common -f %{_tmppath}/translations.common %defattr(-,root,root) %dir %{_libdir}/xulrunner-%{version_internal}/ @@ -576,6 +578,7 @@ %endif %if %crashreporter + %files buildsymbols %defattr(-,root,root) %{_datadir}/mozilla/