Accepting request 81394 from mozilla:Factory

security update to Firefox 6.0.2 - bnc#714931 OBS-URL: https://build.opensuse.org/request/show/81394 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaFirefox?expand=0&rev=128
2011-09-09 09:03:58 +00:00 · 2011-09-09 09:03:58 +00:00 · abfcc9c248
commit abfcc9c248
parent 40efc80c94 f864313e08
7 changed files with 39 additions and 12 deletions
--- a/MozillaFirefox.changes
+++ b/MozillaFirefox.changes
@ -1,8 +1,35 @@
+-------------------------------------------------------------------
+Wed Sep  7 14:30:34 UTC 2011 - pcerny@suse.com
+
+- security update to 6.0.2 (bnc#714931)
+  * Complete blocking of certificates issued by DigiNotar
+    (bmo#683449)
+
+-------------------------------------------------------------------
+Fri Sep  2 14:40:07 UTC 2011 - pcerny@suse.com
+
+- security update to 6.0.1 (bnc#714931)
+  * MFSA 2011-34
+    Protection against fraudulent DigiNotar certificates
+    (bmo#682927)
+
 -------------------------------------------------------------------
 Fri Aug 12 21:16:19 UTC 2011 - wr@rosenauer.org

- update to 6.0 (bnc#711954)
-  * included security fixes
+- update to 6.0 (bnc#712224)
+  included security fixes MFSA 2011-29
+  * CVE-2011-2989/CVE-2011-2991/CVE-2011-2992/CVE-2011-2985
+    Miscellaneous memory safety hazards
+  * CVE-2011-2993 (bmo#657267)
+    Unsigned scripts can call script inside signed JAR
+  * CVE-2011-2988 (bmo#665934)
+    Heap overflow in ANGLE library
+  * CVE-2011-0084 (bmo#648094)
+    Crash in SVGTextElement.getCharNumAtPosition()
+  * CVE-2011-2990
+    Credential leakage using Content Security Policy reports
+  * CVE-2011-2986 (bmo#655836)
+    Cross-origin data theft using canvas and Windows D2D
 - removed obsolete curl header dependency (mozilla-curl.patch)

 -------------------------------------------------------------------
--- a/MozillaFirefox.spec
+++ b/MozillaFirefox.spec
@ -19,7 +19,7 @@
 # norootforbuild

 %define major 6
-%define mainver %major.0
+%define mainver %major.0.2

 Name:           MozillaFirefox
 BuildRequires:  Mesa-devel autoconf213 fdupes gcc-c++ libcurl-devel libgnomeui-devel libidl-devel libnotify-devel python startup-notification-devel unzip update-desktop-files yasm zip
@ -35,7 +35,7 @@ BuildRequires:  nss-shared-helper-devel
 License:        MPLv1.1 or GPLv2+ or LGPLv2+
 Version:        %{mainver}
 Release:        1
-%define         releasedate 2011081200
+%define         releasedate 2011090700
 Provides:       web_browser
 Provides:       firefox = %{version}-%{release}
 Provides:       firefox = %{mainver}
--- a/create-tar.sh
+++ b/create-tar.sh
@ -1,8 +1,8 @@
 #!/bin/bash

 BRANCH="releases/mozilla-release"
-RELEASE_TAG="FIREFOX_6_0_RELEASE"
-VERSION="6.0"
+RELEASE_TAG="FIREFOX_6_0_2_RELEASE"
+VERSION="6.0.2"

 # mozilla
 hg clone http://hg.mozilla.org/$BRANCH mozilla
--- a/firefox-6.0-source.tar.bz2
+++ b/firefox-6.0-source.tar.bz2
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:e09ccc62e8bb10f419cce797058721eff9847fd89a8af3c7d51c12aff1552563
-size 67685578
--- a/firefox-6.0.2-source.tar.bz2
+++ b/firefox-6.0.2-source.tar.bz2
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:1ea81853e6f31d4987a6b7177e4e0f69a4771908d4f0cf011f09b3f4f3d3fb36
+size 66698926
--- a/l10n-6.0.2.tar.bz2
+++ b/l10n-6.0.2.tar.bz2
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:57f6f9e224bcb62a849e12f11bbce2c0d8c0fbd36d46e839c736019c3239ddfb
+size 43614218
--- a/l10n-6.0.tar.bz2
+++ b/l10n-6.0.tar.bz2
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:7a2751fecbc5b204b9ead664ad093e54b87d6de00133217a514eba12be22f739
-size 43685517