OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaFirefox?expand=0&rev=51

MozillaFirefox.changes

@@ -1,3 +1,21 @@
+-------------------------------------------------------------------
+Sun Mar  1 11:08:58 CET 2009 - wr@rosenauer.org
+
+- security update to 3.0.7 (bnc#478625)
+  * MFSA 2009-07 - Crashes with evidence of memory corruption
+    CVE-2009-0771 - Layout Engine Crashes
+    CVE-2009-0772 - Layout Engine Crashes
+    CVE-2009-0773 - crashes in the JavaScript engine
+    CVE-2009-0774 - Layout Engine Crashes
+  * MFSA 2009-08/CVE-2009-0775 - (bmo#474456)
+    Mozilla Firefox XUL Linked Clones Double Free Vulnerability
+  * MFSA 2009-09/CVE-2009-0776 (bmo#414540)
+    XML data theft via RDFXMLDataSource and cross-domain redirect
+  * MFSA 2009-10/CVE-2009-0040 (bmo#478901)
+    Upgrade PNG library to fix memory safety hazards
+  * MFSA 2009-11/CVE-2009-0777 (bmo#452979)
+    URL spoofing with invisible control characters
+
 -------------------------------------------------------------------
 Wed Feb  4 18:58:59 EST 2009 - hfiguiere@suse.de
 

MozillaFirefox.spec

@@ -1,5 +1,5 @@
 #
-# spec file for package MozillaFirefox (Version 3.0.6)
+# spec file for package MozillaFirefox (Version 3.0.7)
 #
 # Copyright (c) 2009 SUSE LINUX Products GmbH, Nuernberg, Germany.
 #
@@ -26,8 +26,8 @@ BuildRequires:  fdupes
 License:        GPL v2 or later; LGPL v2.1 or later; MOZILLA PUBLIC LICENSE (MPL/NPL)
 Provides:       web_browser
 Provides:       firefox
-Version:        3.0.6
+Version:        3.0.7
-Release:        2
+Release:        1
 Summary:        Mozilla Firefox Web Browser
 Url:            http://www.mozilla.org/
 Group:          Productivity/Networking/Web/Browsers
@@ -59,7 +59,7 @@ Requires:       %{name}-branding >= 3.0
 %define _use_internal_dependency_generator 0
 %define __find_requires sh %{SOURCE4}
 %define __find_provides %{nil}
-%define releasedate 2009012700
+%define releasedate 2009022800
 %define progname firefox
 %define progdir %{_prefix}/%_lib/%{progname}
 %if %suse_version > 1020
@@ -339,7 +339,22 @@ fi
 %{progdir}/defaults/profile/bookmarks.html
 
 %changelog
-* Wed Feb 04 2009 hfiguiere@suse.de
+* Sun Mar 01 2009 wr@rosenauer.org
+- security update to 3.0.7 (bnc#478625)
+  * MFSA 2009-07 - Crashes with evidence of memory corruption
+  CVE-2009-0771 - Layout Engine Crashes
+  CVE-2009-0772 - Layout Engine Crashes
+  CVE-2009-0773 - crashes in the JavaScript engine
+  CVE-2009-0774 - Layout Engine Crashes
+  * MFSA 2009-08/CVE-2009-0775 - (bmo#474456)
+  Mozilla Firefox XUL Linked Clones Double Free Vulnerability
+  * MFSA 2009-09/CVE-2009-0776 (bmo#414540)
+  XML data theft via RDFXMLDataSource and cross-domain redirect
+  * MFSA 2009-10/CVE-2009-0040 (bmo#478901)
+  Upgrade PNG library to fix memory safety hazards
+  * MFSA 2009-11/CVE-2009-0777 (bmo#452979)
+  URL spoofing with invisible control characters
+* Thu Feb 05 2009 hfiguiere@suse.de
 - Review and approve changes.
 * Wed Jan 28 2009 wr@rosenauer.org
 - security update to 3.0.6 (bnc#470074)
@@ -383,14 +398,14 @@ fi
   * History is properly locked down. bnc#439343
   * Make sure the search bar is not put back when resetting the
   toolbar. bnc#439358
-* Thu Nov 20 2008 maw@suse.de
+* Fri Nov 21 2008 maw@suse.de
 - Review and approve changes.
 * Thu Nov 13 2008 wr@rosenauer.org
 - lockdown cleanup
   * removed gecko-lockdown.patch from Firefox (it's in xulrunner)
   * stripped out some toolkit stuff from firefox-ui-lockdown
   * added extra default preferences for lockdown
-* Wed Nov 12 2008 maw@suse.de
+* Thu Nov 13 2008 maw@suse.de
 - Review and approve changes.
 * Tue Nov 11 2008 wr@rosenauer.org
 - update to security/maintenance release 3.0.4 (bnc#439841)
@@ -431,7 +446,7 @@ fi
 - brought man-page up to date for the firefox stub
   (removing firefox-bin reference)
 - en-US locale not longer packaged in translations subpackage
-* Fri Aug 15 2008 maw@novell.com
+* Sat Aug 16 2008 maw@novell.com
 - Review and approve changes.
 * Mon Aug 04 2008 wr@rosenauer.org
 - Tweak branding split
@@ -462,9 +477,9 @@ fi
 - network.protocol-handler.app.* prefs are no longer supported;
   remove references to them from firefox-suse-default-prefs.js
   (bnc#383697).
-* Wed Apr 02 2008 maw@suse.de
+* Thu Apr 03 2008 maw@suse.de
 - Update to Firefox 3.0b5 (2.9.95) (thanks, Wolfgang).
-* Tue Mar 25 2008 maw@suse.de
+* Wed Mar 26 2008 maw@suse.de
 - Merge changes from the build service (thanks, Wolfgang)
 - Update to the fourth Firefox 3.0 Beta (2.9.94):
   + Based upon the Gecko 1.9 Web rendering platform, which improves
@@ -574,7 +589,7 @@ fi
 - Add mozilla-maxpathlen.patch (#354150 and bmo #412610).
 * Fri Dec 21 2007 maw@suse.de
 - Add firefox-348446-empty-lists.patch (bnc#348446).
-* Tue Dec 04 2007 maw@suse.de
+* Wed Dec 05 2007 maw@suse.de
 - Respin proxy-dev.patch (bnc#340678) -- thanks, Anders!
 * Tue Nov 27 2007 maw@suse.de
 - Security update to version 2.0.0.10 (#341905, #341591):
@@ -589,7 +604,7 @@ fi
 - Build with -ftree-vrp -fwrapv, per advice in #342603#c17.
 * Tue Nov 13 2007 maw@suse.de
 - Add firefox-gcc4.3-fixes.patch.
-* Thu Oct 18 2007 maw@suse.de
+* Fri Oct 19 2007 maw@suse.de
 - Security update to version 2.0.0.8 (#332512) (thanks, Wolfgang)
   * MFSA 2007-29 Crashes with evidence of memory corruption
   * MFSA 2007-30 onUnload Tailgating
@@ -666,7 +681,7 @@ fi
 - Use mozilla.sh.in from the build service (#230681).
 * Tue Jun 05 2007 sbrabec@suse.cz
 - Removed invalid desktop category "Application" (#254654).
-* Mon Jun 04 2007 maw@suse.de
+* Tue Jun 05 2007 maw@suse.de
 - Security update to version 2.0.0.4
 - Refresh configure.patch, startup.patch, and visibility.patch
 - Now use l10n-%%{version}.tar.bz2 instead of l10n.tar.bz2.
@@ -716,7 +731,7 @@ fi
 - readd MozillaFirebird provides (was incorrect in removing it).
 * Mon Jan 08 2007 meissner@suse.de
 - Do not provide MozillaFirebird, just obsolete it.
-* Thu Nov 30 2006 maw@suse.de
+* Fri Dec 01 2006 maw@suse.de
 - Update gecko-lockdown.patch (#220616).
 * Thu Nov 30 2006 maw@suse.de
 - Update firefox-suse-default-prefs.js, adding
@@ -750,7 +765,7 @@ fi
 - updated tango theme
 * Sun Oct 29 2006 aj@suse.de
 - Another fix for 214125, patch by Wolfgang Rosenauer.
-* Wed Oct 25 2006 aj@suse.de
+* Thu Oct 26 2006 aj@suse.de
 - Fix gcc warnings about undefined operations, patch by
   Robert O'Callahan.
 - Update system-proxies.patch to fix error box (214125), patch by
@@ -785,7 +800,7 @@ fi
 - added symlink for Firefox 1.0.x compatibility
 * Sat Jul 29 2006 stark@suse.de
 - update to regression release 1.5.0.6 (#195043)
-* Wed Jul 26 2006 stark@suse.de
+* Thu Jul 27 2006 stark@suse.de
 - security update to version 1.5.0.5 (#195043)
   * observer-lock.patch integrated now
 - fixed leak in JS' liveconnect (#186066)
@@ -808,7 +823,7 @@ fi
 - complete implementation of startup-notification (#115417)
   (including autoconf and remote support)
 - different home-pages for SLE10 and SL (#177881)
-* Mon May 15 2006 stark@suse.de
+* Tue May 16 2006 stark@suse.de
 - fixed potential deadlock in nsObserverList::RemoveObserver
   (#173986, bmo #338069)
 - base startup notification on libstartup-notification (#115417)
@@ -928,7 +943,7 @@ fi
 * Mon Oct 31 2005 stark@suse.de
 - updated l10n archive (20051030)
 - fixed postinstall script to copy plugin links instead of files
-* Thu Oct 27 2005 stark@suse.de
+* Fri Oct 28 2005 stark@suse.de
 - update to 1.5rc1 (20051027)
 - fixed profile locking on FAT partitions (bmo #313360)
 - introduced an rpath again
@@ -977,7 +992,7 @@ fi
 * Thu Sep 01 2005 stark@suse.de
 - changed default font to sans-serif (#114464)
 - removed de-de parts of the bookmark-links (#114279)
-* Sun Aug 21 2005 stark@suse.de
+* Mon Aug 22 2005 stark@suse.de
 - install gconf schema for lockdown also on non-NLD
 - added backports (firefox-backports.patch)
   * gtk_im_context_set_cursor_location() is not used (bmo #281339)
@@ -1000,7 +1015,7 @@ fi
 * Fri Aug 05 2005 stark@suse.de
 - fixed profile locking (bmo #151188)
 - install beagle extension globally
-* Thu Jul 28 2005 stark@suse.de
+* Fri Jul 29 2005 stark@suse.de
 - don't require and provide NSS libs (#98002)
 - fixed printing error 'You cannot print while in print preview'
   (#96991, bmo #302445)
@@ -1025,9 +1040,9 @@ fi
 - fixed plugin event starvation (bnc #94749, #94751, bmo #301161)
 * Fri Jul 15 2005 stark@suse.de
 - searchplugins can now be installed per profile (#8176)
-* Thu Jul 14 2005 stark@suse.de
+* Fri Jul 15 2005 stark@suse.de
 - update to 1.0.6 which restores API compatibility
-* Mon Jul 11 2005 stark@suse.de
+* Tue Jul 12 2005 stark@suse.de
 - update to 1.0.5 final (#88509)
 - don't strip explicitely
 - don't ship beagle.xpi
@@ -1047,7 +1062,7 @@ fi
 * Wed Jun 22 2005 stark@suse.de
 - new NLD lockdown patch which is syncing user prefs to gconf
 - update to 1.0.5pre security-release
-* Wed Jun 08 2005 stark@suse.de
+* Thu Jun 09 2005 stark@suse.de
 - new revision of NLD lockdown patch
 - fixed remote usage behaviour in start script (bnc #41903)
 - got more bugfixes from the branch
@@ -1059,9 +1074,9 @@ fi
 - fixed keybinding for KP separator (bnc #84147)
 - pulled security related patch from upstream branch
 - update plastikfox theme to version 1.6
-* Wed May 11 2005 stark@suse.de
+* Thu May 12 2005 stark@suse.de
 - update to final 1.0.4 release
-* Mon May 09 2005 stark@suse.de
+* Tue May 10 2005 stark@suse.de
 - update to 1.0.4 security release
 - removed s390(x) patches (upstream)
 - made two more files %%verify (81692)
@@ -1071,7 +1086,7 @@ fi
 * Sat Apr 23 2005 stark@suse.de
 - activate usage of system NSPR for distributions after 9.3
 - add patch to be able to use systen NSPR at all
-* Thu Apr 21 2005 ro@suse.de
+* Fri Apr 22 2005 ro@suse.de
 - use mozilla-gcc4.patch
 * Thu Apr 21 2005 stark@suse.de
 - don't execute gconf magic within build environment
@@ -1291,7 +1306,7 @@ fi
 - update to 1.0PR (aka 0.10)
 * Fri Sep 03 2004 stark@suse.de
 - added ppc64 patch
-* Wed Sep 01 2004 dave@suse.de
+* Thu Sep 02 2004 dave@suse.de
 - Fixed up the .desktop installation on nld
 * Wed Sep 01 2004 shprasad@suse.de
 - Doesn't ask to set Firefox as default web-browser.
@@ -1314,7 +1329,7 @@ fi
   - set startup homepage to Novell
 * Tue Aug 17 2004 stark@suse.de
 - update to pre-1.0.0 (20040817)
-* Wed Aug 04 2004 stark@suse.de
+* Thu Aug 05 2004 stark@suse.de
 - security update to 0.9.3
   (including #43312 and others)
 - handle RealPlayer 9 plugin
@@ -1322,11 +1337,11 @@ fi
 - recode desktop file to utf-8
 * Wed Jul 28 2004 stark@suse.de
 - added fix against certificate spoofing (#43312)
-* Thu Jul 22 2004 stark@suse.de
+* Fri Jul 23 2004 stark@suse.de
 - update to 0.9.2
 - added workaround for extension registry
 - removed old (incompatible) mozex extension
-* Mon Jun 28 2004 stark@suse.de
+* Tue Jun 29 2004 stark@suse.de
 - update to 0.9.1
 - added hint to run as root first
 * Tue Jun 15 2004 stark@suse.de
@@ -1386,7 +1401,7 @@ fi
 * Thu Jul 10 2003 stark@suse.de
 - update to snapshot 20030709
 - fixed generation of symlink MozillaFirebird-xremote-client
-* Thu Jun 19 2003 stark@suse.de
+* Fri Jun 20 2003 stark@suse.de
 - update to snapshot 20030622 (0.7pre)
 * Mon May 19 2003 stark@suse.de
 - update to snapshot 20030518 (0.6)

firefox-3.0.6-source.tar.bz2

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:b3e08fb462882822b4ec9b962cc517c0c33401d58ab740c85e9edef1b5cd698d
-size 36878860

firefox-3.0.7-source.tar.bz2

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:0536214eae6ee315363c17deb5ad49d2256141f36bebba7f39cca3f5343f5bf3
+size 36900484

l10n-3.0.6.tar.bz2

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:9163c6906f7a702942ff91eb91305f6ad98f44559a14560eba11139e3d9b3ce5
-size 29350247

l10n-3.0.7.tar.bz2

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:cdffc42fbb363c61fa2d0ab0cbf9ddd58fd26e5f6b65b59e1042e723186a7027
+size 29348350