diff --git a/MozillaFirefox.changes b/MozillaFirefox.changes index 6e723a4..cf50caf 100644 --- a/MozillaFirefox.changes +++ b/MozillaFirefox.changes @@ -1,3 +1,21 @@ +------------------------------------------------------------------- +Sun Mar 1 11:08:58 CET 2009 - wr@rosenauer.org + +- security update to 3.0.7 (bnc#478625) + * MFSA 2009-07 - Crashes with evidence of memory corruption + CVE-2009-0771 - Layout Engine Crashes + CVE-2009-0772 - Layout Engine Crashes + CVE-2009-0773 - crashes in the JavaScript engine + CVE-2009-0774 - Layout Engine Crashes + * MFSA 2009-08/CVE-2009-0775 - (bmo#474456) + Mozilla Firefox XUL Linked Clones Double Free Vulnerability + * MFSA 2009-09/CVE-2009-0776 (bmo#414540) + XML data theft via RDFXMLDataSource and cross-domain redirect + * MFSA 2009-10/CVE-2009-0040 (bmo#478901) + Upgrade PNG library to fix memory safety hazards + * MFSA 2009-11/CVE-2009-0777 (bmo#452979) + URL spoofing with invisible control characters + ------------------------------------------------------------------- Wed Feb 4 18:58:59 EST 2009 - hfiguiere@suse.de diff --git a/MozillaFirefox.spec b/MozillaFirefox.spec index b1c3079..17d118a 100644 --- a/MozillaFirefox.spec +++ b/MozillaFirefox.spec @@ -1,5 +1,5 @@ # -# spec file for package MozillaFirefox (Version 3.0.6) +# spec file for package MozillaFirefox (Version 3.0.7) # # Copyright (c) 2009 SUSE LINUX Products GmbH, Nuernberg, Germany. # @@ -26,8 +26,8 @@ BuildRequires: fdupes License: GPL v2 or later; LGPL v2.1 or later; MOZILLA PUBLIC LICENSE (MPL/NPL) Provides: web_browser Provides: firefox -Version: 3.0.6 -Release: 2 +Version: 3.0.7 +Release: 1 Summary: Mozilla Firefox Web Browser Url: http://www.mozilla.org/ Group: Productivity/Networking/Web/Browsers @@ -59,7 +59,7 @@ Requires: %{name}-branding >= 3.0 %define _use_internal_dependency_generator 0 %define __find_requires sh %{SOURCE4} %define __find_provides %{nil} -%define releasedate 2009012700 +%define releasedate 2009022800 %define progname firefox %define progdir %{_prefix}/%_lib/%{progname} %if %suse_version > 1020 @@ -339,7 +339,22 @@ fi %{progdir}/defaults/profile/bookmarks.html %changelog -* Wed Feb 04 2009 hfiguiere@suse.de +* Sun Mar 01 2009 wr@rosenauer.org +- security update to 3.0.7 (bnc#478625) + * MFSA 2009-07 - Crashes with evidence of memory corruption + CVE-2009-0771 - Layout Engine Crashes + CVE-2009-0772 - Layout Engine Crashes + CVE-2009-0773 - crashes in the JavaScript engine + CVE-2009-0774 - Layout Engine Crashes + * MFSA 2009-08/CVE-2009-0775 - (bmo#474456) + Mozilla Firefox XUL Linked Clones Double Free Vulnerability + * MFSA 2009-09/CVE-2009-0776 (bmo#414540) + XML data theft via RDFXMLDataSource and cross-domain redirect + * MFSA 2009-10/CVE-2009-0040 (bmo#478901) + Upgrade PNG library to fix memory safety hazards + * MFSA 2009-11/CVE-2009-0777 (bmo#452979) + URL spoofing with invisible control characters +* Thu Feb 05 2009 hfiguiere@suse.de - Review and approve changes. * Wed Jan 28 2009 wr@rosenauer.org - security update to 3.0.6 (bnc#470074) @@ -383,14 +398,14 @@ fi * History is properly locked down. bnc#439343 * Make sure the search bar is not put back when resetting the toolbar. bnc#439358 -* Thu Nov 20 2008 maw@suse.de +* Fri Nov 21 2008 maw@suse.de - Review and approve changes. * Thu Nov 13 2008 wr@rosenauer.org - lockdown cleanup * removed gecko-lockdown.patch from Firefox (it's in xulrunner) * stripped out some toolkit stuff from firefox-ui-lockdown * added extra default preferences for lockdown -* Wed Nov 12 2008 maw@suse.de +* Thu Nov 13 2008 maw@suse.de - Review and approve changes. * Tue Nov 11 2008 wr@rosenauer.org - update to security/maintenance release 3.0.4 (bnc#439841) @@ -431,7 +446,7 @@ fi - brought man-page up to date for the firefox stub (removing firefox-bin reference) - en-US locale not longer packaged in translations subpackage -* Fri Aug 15 2008 maw@novell.com +* Sat Aug 16 2008 maw@novell.com - Review and approve changes. * Mon Aug 04 2008 wr@rosenauer.org - Tweak branding split @@ -462,9 +477,9 @@ fi - network.protocol-handler.app.* prefs are no longer supported; remove references to them from firefox-suse-default-prefs.js (bnc#383697). -* Wed Apr 02 2008 maw@suse.de +* Thu Apr 03 2008 maw@suse.de - Update to Firefox 3.0b5 (2.9.95) (thanks, Wolfgang). -* Tue Mar 25 2008 maw@suse.de +* Wed Mar 26 2008 maw@suse.de - Merge changes from the build service (thanks, Wolfgang) - Update to the fourth Firefox 3.0 Beta (2.9.94): + Based upon the Gecko 1.9 Web rendering platform, which improves @@ -574,7 +589,7 @@ fi - Add mozilla-maxpathlen.patch (#354150 and bmo #412610). * Fri Dec 21 2007 maw@suse.de - Add firefox-348446-empty-lists.patch (bnc#348446). -* Tue Dec 04 2007 maw@suse.de +* Wed Dec 05 2007 maw@suse.de - Respin proxy-dev.patch (bnc#340678) -- thanks, Anders! * Tue Nov 27 2007 maw@suse.de - Security update to version 2.0.0.10 (#341905, #341591): @@ -589,7 +604,7 @@ fi - Build with -ftree-vrp -fwrapv, per advice in #342603#c17. * Tue Nov 13 2007 maw@suse.de - Add firefox-gcc4.3-fixes.patch. -* Thu Oct 18 2007 maw@suse.de +* Fri Oct 19 2007 maw@suse.de - Security update to version 2.0.0.8 (#332512) (thanks, Wolfgang) * MFSA 2007-29 Crashes with evidence of memory corruption * MFSA 2007-30 onUnload Tailgating @@ -666,7 +681,7 @@ fi - Use mozilla.sh.in from the build service (#230681). * Tue Jun 05 2007 sbrabec@suse.cz - Removed invalid desktop category "Application" (#254654). -* Mon Jun 04 2007 maw@suse.de +* Tue Jun 05 2007 maw@suse.de - Security update to version 2.0.0.4 - Refresh configure.patch, startup.patch, and visibility.patch - Now use l10n-%%{version}.tar.bz2 instead of l10n.tar.bz2. @@ -716,7 +731,7 @@ fi - readd MozillaFirebird provides (was incorrect in removing it). * Mon Jan 08 2007 meissner@suse.de - Do not provide MozillaFirebird, just obsolete it. -* Thu Nov 30 2006 maw@suse.de +* Fri Dec 01 2006 maw@suse.de - Update gecko-lockdown.patch (#220616). * Thu Nov 30 2006 maw@suse.de - Update firefox-suse-default-prefs.js, adding @@ -750,7 +765,7 @@ fi - updated tango theme * Sun Oct 29 2006 aj@suse.de - Another fix for 214125, patch by Wolfgang Rosenauer. -* Wed Oct 25 2006 aj@suse.de +* Thu Oct 26 2006 aj@suse.de - Fix gcc warnings about undefined operations, patch by Robert O'Callahan. - Update system-proxies.patch to fix error box (214125), patch by @@ -785,7 +800,7 @@ fi - added symlink for Firefox 1.0.x compatibility * Sat Jul 29 2006 stark@suse.de - update to regression release 1.5.0.6 (#195043) -* Wed Jul 26 2006 stark@suse.de +* Thu Jul 27 2006 stark@suse.de - security update to version 1.5.0.5 (#195043) * observer-lock.patch integrated now - fixed leak in JS' liveconnect (#186066) @@ -808,7 +823,7 @@ fi - complete implementation of startup-notification (#115417) (including autoconf and remote support) - different home-pages for SLE10 and SL (#177881) -* Mon May 15 2006 stark@suse.de +* Tue May 16 2006 stark@suse.de - fixed potential deadlock in nsObserverList::RemoveObserver (#173986, bmo #338069) - base startup notification on libstartup-notification (#115417) @@ -928,7 +943,7 @@ fi * Mon Oct 31 2005 stark@suse.de - updated l10n archive (20051030) - fixed postinstall script to copy plugin links instead of files -* Thu Oct 27 2005 stark@suse.de +* Fri Oct 28 2005 stark@suse.de - update to 1.5rc1 (20051027) - fixed profile locking on FAT partitions (bmo #313360) - introduced an rpath again @@ -977,7 +992,7 @@ fi * Thu Sep 01 2005 stark@suse.de - changed default font to sans-serif (#114464) - removed de-de parts of the bookmark-links (#114279) -* Sun Aug 21 2005 stark@suse.de +* Mon Aug 22 2005 stark@suse.de - install gconf schema for lockdown also on non-NLD - added backports (firefox-backports.patch) * gtk_im_context_set_cursor_location() is not used (bmo #281339) @@ -1000,7 +1015,7 @@ fi * Fri Aug 05 2005 stark@suse.de - fixed profile locking (bmo #151188) - install beagle extension globally -* Thu Jul 28 2005 stark@suse.de +* Fri Jul 29 2005 stark@suse.de - don't require and provide NSS libs (#98002) - fixed printing error 'You cannot print while in print preview' (#96991, bmo #302445) @@ -1025,9 +1040,9 @@ fi - fixed plugin event starvation (bnc #94749, #94751, bmo #301161) * Fri Jul 15 2005 stark@suse.de - searchplugins can now be installed per profile (#8176) -* Thu Jul 14 2005 stark@suse.de +* Fri Jul 15 2005 stark@suse.de - update to 1.0.6 which restores API compatibility -* Mon Jul 11 2005 stark@suse.de +* Tue Jul 12 2005 stark@suse.de - update to 1.0.5 final (#88509) - don't strip explicitely - don't ship beagle.xpi @@ -1047,7 +1062,7 @@ fi * Wed Jun 22 2005 stark@suse.de - new NLD lockdown patch which is syncing user prefs to gconf - update to 1.0.5pre security-release -* Wed Jun 08 2005 stark@suse.de +* Thu Jun 09 2005 stark@suse.de - new revision of NLD lockdown patch - fixed remote usage behaviour in start script (bnc #41903) - got more bugfixes from the branch @@ -1059,9 +1074,9 @@ fi - fixed keybinding for KP separator (bnc #84147) - pulled security related patch from upstream branch - update plastikfox theme to version 1.6 -* Wed May 11 2005 stark@suse.de +* Thu May 12 2005 stark@suse.de - update to final 1.0.4 release -* Mon May 09 2005 stark@suse.de +* Tue May 10 2005 stark@suse.de - update to 1.0.4 security release - removed s390(x) patches (upstream) - made two more files %%verify (81692) @@ -1071,7 +1086,7 @@ fi * Sat Apr 23 2005 stark@suse.de - activate usage of system NSPR for distributions after 9.3 - add patch to be able to use systen NSPR at all -* Thu Apr 21 2005 ro@suse.de +* Fri Apr 22 2005 ro@suse.de - use mozilla-gcc4.patch * Thu Apr 21 2005 stark@suse.de - don't execute gconf magic within build environment @@ -1291,7 +1306,7 @@ fi - update to 1.0PR (aka 0.10) * Fri Sep 03 2004 stark@suse.de - added ppc64 patch -* Wed Sep 01 2004 dave@suse.de +* Thu Sep 02 2004 dave@suse.de - Fixed up the .desktop installation on nld * Wed Sep 01 2004 shprasad@suse.de - Doesn't ask to set Firefox as default web-browser. @@ -1314,7 +1329,7 @@ fi - set startup homepage to Novell * Tue Aug 17 2004 stark@suse.de - update to pre-1.0.0 (20040817) -* Wed Aug 04 2004 stark@suse.de +* Thu Aug 05 2004 stark@suse.de - security update to 0.9.3 (including #43312 and others) - handle RealPlayer 9 plugin @@ -1322,11 +1337,11 @@ fi - recode desktop file to utf-8 * Wed Jul 28 2004 stark@suse.de - added fix against certificate spoofing (#43312) -* Thu Jul 22 2004 stark@suse.de +* Fri Jul 23 2004 stark@suse.de - update to 0.9.2 - added workaround for extension registry - removed old (incompatible) mozex extension -* Mon Jun 28 2004 stark@suse.de +* Tue Jun 29 2004 stark@suse.de - update to 0.9.1 - added hint to run as root first * Tue Jun 15 2004 stark@suse.de @@ -1386,7 +1401,7 @@ fi * Thu Jul 10 2003 stark@suse.de - update to snapshot 20030709 - fixed generation of symlink MozillaFirebird-xremote-client -* Thu Jun 19 2003 stark@suse.de +* Fri Jun 20 2003 stark@suse.de - update to snapshot 20030622 (0.7pre) * Mon May 19 2003 stark@suse.de - update to snapshot 20030518 (0.6) diff --git a/firefox-3.0.6-source.tar.bz2 b/firefox-3.0.6-source.tar.bz2 deleted file mode 100644 index 56096d7..0000000 --- a/firefox-3.0.6-source.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:b3e08fb462882822b4ec9b962cc517c0c33401d58ab740c85e9edef1b5cd698d -size 36878860 diff --git a/firefox-3.0.7-source.tar.bz2 b/firefox-3.0.7-source.tar.bz2 new file mode 100644 index 0000000..b35f78c --- /dev/null +++ b/firefox-3.0.7-source.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:0536214eae6ee315363c17deb5ad49d2256141f36bebba7f39cca3f5343f5bf3 +size 36900484 diff --git a/l10n-3.0.6.tar.bz2 b/l10n-3.0.6.tar.bz2 deleted file mode 100644 index 822acf7..0000000 --- a/l10n-3.0.6.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:9163c6906f7a702942ff91eb91305f6ad98f44559a14560eba11139e3d9b3ce5 -size 29350247 diff --git a/l10n-3.0.7.tar.bz2 b/l10n-3.0.7.tar.bz2 new file mode 100644 index 0000000..d14a407 --- /dev/null +++ b/l10n-3.0.7.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:cdffc42fbb363c61fa2d0ab0cbf9ddd58fd26e5f6b65b59e1042e723186a7027 +size 29348350