diff --git a/MozillaFirefox.changes b/MozillaFirefox.changes index 6774197b..01efd4e1 100644 --- a/MozillaFirefox.changes +++ b/MozillaFirefox.changes @@ -1,3 +1,39 @@ +------------------------------------------------------------------- +Fri Jul 16 06:48:44 CEST 2010 - wr@rosenauer.org + +- security update to 3.6.7 (bnc#622506) + * MFSA 2010-34/CVE-2010-1211/CVE-2010-1212 + Miscellaneous memory safety hazards + * MFSA 2010-35/CVE-2010-1208 (bmo#572986) + DOM attribute cloning remote code execution vulnerability + * MFSA 2010-36/CVE-2010-1209 (bmo#552110) + Use-after-free error in NodeIterator + * MFSA 2010-37/CVE-2010-1214 (bmo#572985) + Plugin parameter EnsureCachedAttrParamArrays remote code + execution vulnerability + * MFSA 2010-38/CVE-2010-1215 (bmo#567069) + Arbitrary code execution using SJOW and fast native function + * MFSA 2010-39/CVE-2010-2752 (bmo#574059) + nsCSSValue::Array index integer overflow + * MFSA 2010-40/CVE-2010-2753 (bmo#571106) + nsTreeSelection dangling pointer remote code execution + vulnerability + * MFSA 2010-41/CVE-2010-1205 (bmo#570451) + Remote code execution using malformed PNG image + * MFSA 2010-42/CVE-2010-1213 (bmo#568148) + Cross-origin data disclosure via Web Workers and importScripts + * MFSA 2010-43/CVE-2010-1207 (bmo#571287) + Same-origin bypass using canvas context + * MFSA 2010-44/CVE-2010-1210 (bmo#564679) + Characters mapped to U+FFFD in 8 bit encodings cause subsequent + character to vanish + * MFSA 2010-45/CVE-2010-1206/CVE-2010-2751 (bmo#536466,556957) + Multiple location bar spoofing vulnerabilities + * MFSA 2010-46/CVE-2010-0654 (bmo#524223) + Cross-domain data theft using CSS + * MFSA 2010-47/CVE-2010-2754 (bmo#568564) + Cross-origin data leakage from script filename in error messages + ------------------------------------------------------------------- Sun Jun 27 20:24:31 CEST 2010 - wr@rosenauer.org diff --git a/MozillaFirefox.spec b/MozillaFirefox.spec index cf480480..f5441e77 100644 --- a/MozillaFirefox.spec +++ b/MozillaFirefox.spec @@ -1,5 +1,5 @@ # -# spec file for package MozillaFirefox (Version 3.6.6) +# spec file for package MozillaFirefox (Version 3.6.7) # # Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany. # 2006-2010 Wolfgang Rosenauer @@ -22,7 +22,7 @@ Name: MozillaFirefox %define xulrunner mozilla-xulrunner192 BuildRequires: autoconf213 gcc-c++ libcurl-devel libgnomeui-devel libidl-devel libnotify-devel python unzip update-desktop-files zip -BuildRequires: %{xulrunner}-devel = 1.9.2.6 +BuildRequires: %{xulrunner}-devel = 1.9.2.7 %if %suse_version > 1020 BuildRequires: fdupes %endif @@ -34,9 +34,9 @@ BuildRequires: wireless-tools License: GPLv2+ ; LGPLv2.1+ ; MPLv1.1+ Provides: web_browser Provides: firefox -Version: 3.6.6 +Version: 3.6.7 Release: 1 -%define releasedate 2010062600 +%define releasedate 2010071400 Summary: Mozilla Firefox Web Browser Url: http://www.mozilla.org/ Group: Productivity/Networking/Web/Browsers @@ -63,7 +63,6 @@ Patch8: firefox-appname.patch Patch9: firefox-kde.patch Patch10: firefox-ui-lockdown.patch Patch11: firefox-crashreporter.patch -Patch12: mozilla-crashreporter-x86_64.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build Requires(post): coreutils shared-mime-info desktop-file-utils Requires(postun): shared-mime-info desktop-file-utils @@ -167,7 +166,6 @@ install -m 644 %{SOURCE6} browser/app/profile/kde.js %endif %patch10 -p1 %patch11 -p1 -%patch12 -p1 %build export MOZ_BUILD_DATE=%{releasedate} diff --git a/firefox-3.6.6-source.tar.bz2 b/firefox-3.6.6-source.tar.bz2 deleted file mode 100644 index d6ff6537..00000000 --- a/firefox-3.6.6-source.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:9394ebaa0580fef4cdc04ac81259a91b0138150c9ebbe0c97fd12a71f1a041d0 -size 51012567 diff --git a/firefox-3.6.7-source.tar.bz2 b/firefox-3.6.7-source.tar.bz2 new file mode 100644 index 00000000..80ddb75c --- /dev/null +++ b/firefox-3.6.7-source.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:8b4005ff435b43369849748660f652f6a2f698a3f1b652236c0b5e743cb14455 +size 50972581 diff --git a/l10n-3.6.6.tar.bz2 b/l10n-3.6.6.tar.bz2 deleted file mode 100644 index 918cd1cc..00000000 --- a/l10n-3.6.6.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:b7c1bd3113a10ec90677086bac7ad0a7188f81c9e834ecb5682c39a216b2a2de -size 37223689 diff --git a/l10n-3.6.7.tar.bz2 b/l10n-3.6.7.tar.bz2 new file mode 100644 index 00000000..b725788d --- /dev/null +++ b/l10n-3.6.7.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:e6fab9cbb5b565b6f8a08bcb2c7252a7fef70248a1ec6bc3f62c4f938b254096 +size 37227752 diff --git a/mozilla-crashreporter-x86_64.patch b/mozilla-crashreporter-x86_64.patch deleted file mode 100644 index 16ec0470..00000000 --- a/mozilla-crashreporter-x86_64.patch +++ /dev/null @@ -1,38 +0,0 @@ -# HG changeset patch -# User Ted Mielczarek -# Date 1269522979 14400 -# Node ID a00284a2b2f0063b0f053938c1775cf207fe25bb -# Parent 33d05f60932bac3d66231a54840cbdd173297fff -bug 554021 - enable compiling Breakpad on Linux/x86-64 by default - -diff --git a/configure.in b/configure.in ---- a/configure.in -+++ b/configure.in -@@ -5858,13 +5858,20 @@ - dnl = Breakpad crash reporting (on by default on supported platforms) - dnl ======================================================== - --if (test "$OS_ARCH" = "WINNT" -a -z "$GNU_CC" \ -- || test "$OS_ARCH" = "Darwin" \ -- || test "$OS_ARCH" = "Linux" -a "$CPU_ARCH" = "x86" \ -- || test "$OS_ARCH" = "SunOS") \ -- && test -z "$HAVE_64BIT_OS"; then -- MOZ_CRASHREPORTER=1 --fi -+case $target in -+i?86-*-mingw*) -+ MOZ_CRASHREPORTER=1 -+ ;; -+i?86-apple-darwin*|powerpc-apple-darwin*) -+ MOZ_CRASHREPORTER=1 -+ ;; -+i?86-*-linux*|x86_64-*-linux*) -+ MOZ_CRASHREPORTER=1 -+ ;; -+*solaris*) -+ MOZ_CRASHREPORTER=1 -+ ;; -+esac - - MOZ_ARG_DISABLE_BOOL(crashreporter, - [ --disable-crashreporter Disable breakpad crash reporting],