update to 3.6.7

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=160
2010-07-21 05:20:09 +00:00 · 2010-07-21 05:20:09 +00:00 · 3e9e46a4da
commit 3e9e46a4da
parent 5931d32e54
7 changed files with 46 additions and 50 deletions
--- a/MozillaFirefox.changes
+++ b/MozillaFirefox.changes
@ -1,3 +1,39 @@
+-------------------------------------------------------------------
+Fri Jul 16 06:48:44 CEST 2010 - wr@rosenauer.org
+
+- security update to 3.6.7 (bnc#622506)
+  * MFSA 2010-34/CVE-2010-1211/CVE-2010-1212
+    Miscellaneous memory safety hazards
+  * MFSA 2010-35/CVE-2010-1208 (bmo#572986)
+    DOM attribute cloning remote code execution vulnerability
+  * MFSA 2010-36/CVE-2010-1209 (bmo#552110)
+    Use-after-free error in NodeIterator
+  * MFSA 2010-37/CVE-2010-1214 (bmo#572985)
+    Plugin parameter EnsureCachedAttrParamArrays remote code
+    execution vulnerability
+  * MFSA 2010-38/CVE-2010-1215 (bmo#567069)
+    Arbitrary code execution using SJOW and fast native function
+  * MFSA 2010-39/CVE-2010-2752 (bmo#574059)
+    nsCSSValue::Array index integer overflow
+  * MFSA 2010-40/CVE-2010-2753 (bmo#571106)
+    nsTreeSelection dangling pointer remote code execution
+    vulnerability
+  * MFSA 2010-41/CVE-2010-1205 (bmo#570451)
+    Remote code execution using malformed PNG image
+  * MFSA 2010-42/CVE-2010-1213 (bmo#568148)
+    Cross-origin data disclosure via Web Workers and importScripts
+  * MFSA 2010-43/CVE-2010-1207 (bmo#571287)
+    Same-origin bypass using canvas context
+  * MFSA 2010-44/CVE-2010-1210 (bmo#564679)
+    Characters mapped to U+FFFD in 8 bit encodings cause subsequent
+    character to vanish
+  * MFSA 2010-45/CVE-2010-1206/CVE-2010-2751 (bmo#536466,556957)
+    Multiple location bar spoofing vulnerabilities
+  * MFSA 2010-46/CVE-2010-0654 (bmo#524223)
+    Cross-domain data theft using CSS
+  * MFSA 2010-47/CVE-2010-2754 (bmo#568564)
+    Cross-origin data leakage from script filename in error messages
+
 -------------------------------------------------------------------
 Sun Jun 27 20:24:31 CEST 2010 - wr@rosenauer.org

--- a/MozillaFirefox.spec
+++ b/MozillaFirefox.spec
@ -1,5 +1,5 @@
 #
-# spec file for package MozillaFirefox (Version 3.6.6)
+# spec file for package MozillaFirefox (Version 3.6.7)
 #
 # Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany.
 #               2006-2010 Wolfgang Rosenauer
@ -22,7 +22,7 @@
 Name:           MozillaFirefox
 %define xulrunner mozilla-xulrunner192
 BuildRequires:  autoconf213 gcc-c++ libcurl-devel libgnomeui-devel libidl-devel libnotify-devel python unzip update-desktop-files zip
-BuildRequires:  %{xulrunner}-devel = 1.9.2.6
+BuildRequires:  %{xulrunner}-devel = 1.9.2.7
 %if %suse_version > 1020
 BuildRequires:  fdupes
 %endif
@ -34,9 +34,9 @@ BuildRequires:  wireless-tools
 License:        GPLv2+ ; LGPLv2.1+ ; MPLv1.1+
 Provides:       web_browser
 Provides:       firefox
-Version:        3.6.6
+Version:        3.6.7
 Release:        1
-%define         releasedate 2010062600
+%define         releasedate 2010071400
 Summary:        Mozilla Firefox Web Browser
 Url:            http://www.mozilla.org/
 Group:          Productivity/Networking/Web/Browsers
@ -63,7 +63,6 @@ Patch8:         firefox-appname.patch
 Patch9:         firefox-kde.patch
 Patch10:        firefox-ui-lockdown.patch
 Patch11:        firefox-crashreporter.patch
-Patch12:        mozilla-crashreporter-x86_64.patch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 Requires(post):   coreutils shared-mime-info desktop-file-utils
 Requires(postun): shared-mime-info desktop-file-utils
@ -167,7 +166,6 @@ install -m 644 %{SOURCE6} browser/app/profile/kde.js
 %endif
 %patch10 -p1
 %patch11 -p1
-%patch12 -p1

 %build
 export MOZ_BUILD_DATE=%{releasedate}
--- a/firefox-3.6.6-source.tar.bz2
+++ b/firefox-3.6.6-source.tar.bz2
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:9394ebaa0580fef4cdc04ac81259a91b0138150c9ebbe0c97fd12a71f1a041d0
-size 51012567
--- a/firefox-3.6.7-source.tar.bz2
+++ b/firefox-3.6.7-source.tar.bz2
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:8b4005ff435b43369849748660f652f6a2f698a3f1b652236c0b5e743cb14455
+size 50972581
--- a/l10n-3.6.6.tar.bz2
+++ b/l10n-3.6.6.tar.bz2
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:b7c1bd3113a10ec90677086bac7ad0a7188f81c9e834ecb5682c39a216b2a2de
-size 37223689
--- a/l10n-3.6.7.tar.bz2
+++ b/l10n-3.6.7.tar.bz2
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:e6fab9cbb5b565b6f8a08bcb2c7252a7fef70248a1ec6bc3f62c4f938b254096
+size 37227752
--- a/mozilla-crashreporter-x86_64.patch
+++ b/mozilla-crashreporter-x86_64.patch
@ -1,38 +0,0 @@
-# HG changeset patch
-# User Ted Mielczarek <ted.mielczarek@gmail.com>
-# Date 1269522979 14400
-# Node ID a00284a2b2f0063b0f053938c1775cf207fe25bb
-# Parent  33d05f60932bac3d66231a54840cbdd173297fff
-bug 554021 - enable compiling Breakpad on Linux/x86-64 by default
-
-diff --git a/configure.in b/configure.in
--- a/configure.in
-+++ b/configure.in
-@@ -5858,13 +5858,20 @@
- dnl = Breakpad crash reporting (on by default on supported platforms)
- dnl ========================================================
- 
-if (test "$OS_ARCH" = "WINNT" -a -z "$GNU_CC" \
-    || test "$OS_ARCH" = "Darwin" \
-    || test "$OS_ARCH" = "Linux" -a "$CPU_ARCH" = "x86" \
-    || test "$OS_ARCH" = "SunOS") \
-   && test -z "$HAVE_64BIT_OS"; then
-   MOZ_CRASHREPORTER=1
-fi
-+case $target in
-+i?86-*-mingw*)
-+  MOZ_CRASHREPORTER=1
-+  ;;
-+i?86-apple-darwin*|powerpc-apple-darwin*)
-+  MOZ_CRASHREPORTER=1
-+  ;;
-+i?86-*-linux*|x86_64-*-linux*)
-+  MOZ_CRASHREPORTER=1
-+  ;;
-+*solaris*)
-+  MOZ_CRASHREPORTER=1
-+  ;;
-+esac
- 
- MOZ_ARG_DISABLE_BOOL(crashreporter,
- [  --disable-crashreporter          Disable breakpad crash reporting],