diff --git a/MozillaFirefox.changes b/MozillaFirefox.changes index 77a2d6f..78e9ba0 100644 --- a/MozillaFirefox.changes +++ b/MozillaFirefox.changes @@ -1,3 +1,32 @@ +------------------------------------------------------------------- +Sat Oct 17 23:19:23 CEST 2009 - wr@rosenauer.org + +- security update to version 3.5.4 (bnc#545277) + * MFSA 2009-52/CVE-2009-3370 (bmo#511615) + Form history vulnerable to stealing + * MFSA 2009-53/CVE-2009-3274 (bmo#514823) + Local downloaded file tampering + * MFSA 2009-54/CVE-2009-3371 (bmo#514554) + Crash with recursive web-worker calls + * MFSA 2009-55/CVE-2009-3372 (bmo#500644) + Crash in proxy auto-configuration regexp parsing + * MFSA 2009-56/CVE-2009-3373 (bmo#511689) + Heap buffer overflow in GIF color map parser + * MFSA 2009-57/CVE-2009-3374 (bmo#505988) + Chrome privilege escalation in XPCVariant::VariantDataToJS() + * MFSA 2009-59/CVE-2009-1563 (bmo#516396, bmo#516862) + Heap buffer overflow in string to number conversion + * MFSA 2009-61/CVE-2009-3375 (bmo#503226) + Cross-origin data theft through document.getSelection() + * MFSA 2009-62/CVE-2009-3376 (bmo#511521) + Download filename spoofing with RTL override + * MFSA 2009-63/CVE-2009-3377/CVE-2009-3379/CVE-2009-3378 + Upgrade media libraries to fix memory safety bugs + * MFSA 2009-64/CVE-2009-3380/CVE-2009-3381/CVE-2009-3383 + Crashes with evidence of memory corruption +- removed upstreamed patch + * firefox-bug506901.patch + ------------------------------------------------------------------- Wed Oct 7 20:11:24 CEST 2009 - llunak@novell.com diff --git a/MozillaFirefox.spec b/MozillaFirefox.spec index d1c4b17..1cead17 100644 --- a/MozillaFirefox.spec +++ b/MozillaFirefox.spec @@ -1,5 +1,5 @@ # -# spec file for package MozillaFirefox (Version 3.5.3) +# spec file for package MozillaFirefox (Version 3.5.4) # # Copyright (c) 2009 SUSE LINUX Products GmbH, Nuernberg, Germany. # Copyright (c) 2006-2009 Wolfgang Rosenauer @@ -21,15 +21,15 @@ Name: MozillaFirefox BuildRequires: autoconf213 gcc-c++ libgnomeui-devel libidl-devel orbit-devel python unzip update-desktop-files zip -BuildRequires: mozilla-xulrunner191-devel = 1.9.1.3 +BuildRequires: mozilla-xulrunner191-devel = 1.9.1.4 %if %suse_version > 1020 BuildRequires: fdupes %endif License: GPL v2 or later ; LGPL v2.1 or later ; MPL 1.1 or later Provides: web_browser Provides: firefox -Version: 3.5.3 -Release: 3 +Version: 3.5.4 +Release: 1 Summary: Mozilla Firefox Web Browser Url: http://www.mozilla.org/ Group: Productivity/Networking/Web/Browsers @@ -49,7 +49,6 @@ Patch1: firefox-libxul-sdk.patch Patch2: firefox-no-update.patch Patch3: toolkit-download-folder.patch Patch4: mozilla-linkorder.patch -Patch5: firefox-bug506901.patch Patch6: firefox-cross-desktop.patch Patch7: firefox-kde.patch Patch8: firefox-no-gnomevfs.patch @@ -71,7 +70,7 @@ Requires: %{name}-branding = 3.5 %define __find_requires sh %{SOURCE4} %global provfind sh -c "grep -v '.so' | %__find_provides" %global __find_provides %provfind -%define releasedate 2009090900 +%define releasedate 2009101600 %define progname firefox %define progdir %{_prefix}/%_lib/%{progname} %if %suse_version > 1020 @@ -150,18 +149,19 @@ cd $RPM_BUILD_DIR/mozilla %patch2 -p1 %patch3 -p1 %patch4 -p1 -%patch5 -p1 %patch6 -p1 +%if %suse_version >= 1110 # copy current files and patch them later to keep them in sync cp browser/base/content/browser.xul browser/base/content/browser-kde.xul %patch7 -p1 +# install kde.js +install -m 644 %{SOURCE6} browser/app/profile/kde.js +%endif %patch8 -p1 %patch9 -p1 %patch10 -p1 %patch14 %patch17 -# install kde.js -install -m 644 %{SOURCE6} browser/app/profile/kde.js %build export MOZ_BUILD_DATE=%{releasedate} diff --git a/firefox-3.5.3-source.tar.bz2 b/firefox-3.5.3-source.tar.bz2 deleted file mode 100644 index 3b09fd1..0000000 --- a/firefox-3.5.3-source.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:2f79209d34f558f7fdc8528c176bdb42de553a16ddb5132fb2176b8000c2008f -size 46604125 diff --git a/firefox-3.5.4-source.tar.bz2 b/firefox-3.5.4-source.tar.bz2 new file mode 100644 index 0000000..bfc04b2 --- /dev/null +++ b/firefox-3.5.4-source.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:5fbb775d99a3b10a5ac90494307283ed44df9edad87bd8bc170bb71cf02ac9d2 +size 46568319 diff --git a/firefox-bug506901.patch b/firefox-bug506901.patch deleted file mode 100644 index 9e394a3..0000000 --- a/firefox-bug506901.patch +++ /dev/null @@ -1,43 +0,0 @@ -diff --git a/browser/components/preferences/advanced.js b/browser/components/preferences/advanced.js ---- a/browser/components/preferences/advanced.js -+++ b/browser/components/preferences/advanced.js -@@ -46,32 +46,32 @@ var gAdvancedPane = { - /** - * Brings the appropriate tab to the front and initializes various bits of UI. - */ - init: function () - { - this._inited = true; - var advancedPrefs = document.getElementById("advancedPrefs"); - -+#ifdef MOZ_UPDATER -+ this.updateAppUpdateItems(); -+ this.updateAutoItems(); -+ this.updateModeItems(); -+#endif -+ this.updateOfflineApps(); -+ - var extraArgs = window.arguments[1]; - if (extraArgs && extraArgs["advancedTab"]){ - advancedPrefs.selectedTab = document.getElementById(extraArgs["advancedTab"]); - } else { - var preference = document.getElementById("browser.preferences.advanced.selectedTabIndex"); - if (preference.value === null) - return; - advancedPrefs.selectedIndex = preference.value; - } -- --#ifdef MOZ_UPDATER -- this.updateAppUpdateItems(); -- this.updateAutoItems(); -- this.updateModeItems(); --#endif -- this.updateOfflineApps(); - }, - - /** - * Stores the identity of the current tab in preferences so that the selected - * tab can be persisted between openings of the preferences window. - */ - tabSelectionChanged: function () - { diff --git a/l10n-3.5.3.tar.bz2 b/l10n-3.5.3.tar.bz2 deleted file mode 100644 index 7ea44de..0000000 --- a/l10n-3.5.3.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:34ba43d6bcfe77a0856fac75ff40ceed0b45514641d22ccc0891cb71431ab5cb -size 36119024 diff --git a/l10n-3.5.4.tar.bz2 b/l10n-3.5.4.tar.bz2 new file mode 100644 index 0000000..f7df695 --- /dev/null +++ b/l10n-3.5.4.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:6f9645eb4efba565312c9c50e45af2f1b397790df0e14c822f1cc48deee347dd +size 36379898