From 9e6b91d608be05876b6c3a5770a7b7a451164fafd2a8c6ae9641517813d0c540 Mon Sep 17 00:00:00 2001 From: OBS User autobuild Date: Fri, 23 Oct 2009 12:41:12 +0000 Subject: [PATCH 1/6] checked in OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=126 --- MozillaFirefox.changes | 7 ------ MozillaFirefox.spec | 18 +++++++-------- firefox-3.5.3-source.tar.bz2 | 3 +++ firefox-3.5.4-source.tar.bz2 | 3 --- firefox-bug506901.patch | 43 ++++++++++++++++++++++++++++++++++++ l10n-3.5.3.tar.bz2 | 3 +++ l10n-3.5.4.tar.bz2 | 3 --- 7 files changed, 58 insertions(+), 22 deletions(-) create mode 100644 firefox-3.5.3-source.tar.bz2 delete mode 100644 firefox-3.5.4-source.tar.bz2 create mode 100644 firefox-bug506901.patch create mode 100644 l10n-3.5.3.tar.bz2 delete mode 100644 l10n-3.5.4.tar.bz2 diff --git a/MozillaFirefox.changes b/MozillaFirefox.changes index c1a8027..77a2d6f 100644 --- a/MozillaFirefox.changes +++ b/MozillaFirefox.changes @@ -1,10 +1,3 @@ -------------------------------------------------------------------- -Sat Oct 17 23:19:23 CEST 2009 - wr@rosenauer.org - -- security update to version 3.5.4 (bnc#545277) -- removed upstreamed patch - * firefox-bug506901.patch - ------------------------------------------------------------------- Wed Oct 7 20:11:24 CEST 2009 - llunak@novell.com diff --git a/MozillaFirefox.spec b/MozillaFirefox.spec index 1cead17..d1c4b17 100644 --- a/MozillaFirefox.spec +++ b/MozillaFirefox.spec @@ -1,5 +1,5 @@ # -# spec file for package MozillaFirefox (Version 3.5.4) +# spec file for package MozillaFirefox (Version 3.5.3) # # Copyright (c) 2009 SUSE LINUX Products GmbH, Nuernberg, Germany. # Copyright (c) 2006-2009 Wolfgang Rosenauer @@ -21,15 +21,15 @@ Name: MozillaFirefox BuildRequires: autoconf213 gcc-c++ libgnomeui-devel libidl-devel orbit-devel python unzip update-desktop-files zip -BuildRequires: mozilla-xulrunner191-devel = 1.9.1.4 +BuildRequires: mozilla-xulrunner191-devel = 1.9.1.3 %if %suse_version > 1020 BuildRequires: fdupes %endif License: GPL v2 or later ; LGPL v2.1 or later ; MPL 1.1 or later Provides: web_browser Provides: firefox -Version: 3.5.4 -Release: 1 +Version: 3.5.3 +Release: 3 Summary: Mozilla Firefox Web Browser Url: http://www.mozilla.org/ Group: Productivity/Networking/Web/Browsers @@ -49,6 +49,7 @@ Patch1: firefox-libxul-sdk.patch Patch2: firefox-no-update.patch Patch3: toolkit-download-folder.patch Patch4: mozilla-linkorder.patch +Patch5: firefox-bug506901.patch Patch6: firefox-cross-desktop.patch Patch7: firefox-kde.patch Patch8: firefox-no-gnomevfs.patch @@ -70,7 +71,7 @@ Requires: %{name}-branding = 3.5 %define __find_requires sh %{SOURCE4} %global provfind sh -c "grep -v '.so' | %__find_provides" %global __find_provides %provfind -%define releasedate 2009101600 +%define releasedate 2009090900 %define progname firefox %define progdir %{_prefix}/%_lib/%{progname} %if %suse_version > 1020 @@ -149,19 +150,18 @@ cd $RPM_BUILD_DIR/mozilla %patch2 -p1 %patch3 -p1 %patch4 -p1 +%patch5 -p1 %patch6 -p1 -%if %suse_version >= 1110 # copy current files and patch them later to keep them in sync cp browser/base/content/browser.xul browser/base/content/browser-kde.xul %patch7 -p1 -# install kde.js -install -m 644 %{SOURCE6} browser/app/profile/kde.js -%endif %patch8 -p1 %patch9 -p1 %patch10 -p1 %patch14 %patch17 +# install kde.js +install -m 644 %{SOURCE6} browser/app/profile/kde.js %build export MOZ_BUILD_DATE=%{releasedate} diff --git a/firefox-3.5.3-source.tar.bz2 b/firefox-3.5.3-source.tar.bz2 new file mode 100644 index 0000000..3b09fd1 --- /dev/null +++ b/firefox-3.5.3-source.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:2f79209d34f558f7fdc8528c176bdb42de553a16ddb5132fb2176b8000c2008f +size 46604125 diff --git a/firefox-3.5.4-source.tar.bz2 b/firefox-3.5.4-source.tar.bz2 deleted file mode 100644 index bfc04b2..0000000 --- a/firefox-3.5.4-source.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:5fbb775d99a3b10a5ac90494307283ed44df9edad87bd8bc170bb71cf02ac9d2 -size 46568319 diff --git a/firefox-bug506901.patch b/firefox-bug506901.patch new file mode 100644 index 0000000..9e394a3 --- /dev/null +++ b/firefox-bug506901.patch @@ -0,0 +1,43 @@ +diff --git a/browser/components/preferences/advanced.js b/browser/components/preferences/advanced.js +--- a/browser/components/preferences/advanced.js ++++ b/browser/components/preferences/advanced.js +@@ -46,32 +46,32 @@ var gAdvancedPane = { + /** + * Brings the appropriate tab to the front and initializes various bits of UI. + */ + init: function () + { + this._inited = true; + var advancedPrefs = document.getElementById("advancedPrefs"); + ++#ifdef MOZ_UPDATER ++ this.updateAppUpdateItems(); ++ this.updateAutoItems(); ++ this.updateModeItems(); ++#endif ++ this.updateOfflineApps(); ++ + var extraArgs = window.arguments[1]; + if (extraArgs && extraArgs["advancedTab"]){ + advancedPrefs.selectedTab = document.getElementById(extraArgs["advancedTab"]); + } else { + var preference = document.getElementById("browser.preferences.advanced.selectedTabIndex"); + if (preference.value === null) + return; + advancedPrefs.selectedIndex = preference.value; + } +- +-#ifdef MOZ_UPDATER +- this.updateAppUpdateItems(); +- this.updateAutoItems(); +- this.updateModeItems(); +-#endif +- this.updateOfflineApps(); + }, + + /** + * Stores the identity of the current tab in preferences so that the selected + * tab can be persisted between openings of the preferences window. + */ + tabSelectionChanged: function () + { diff --git a/l10n-3.5.3.tar.bz2 b/l10n-3.5.3.tar.bz2 new file mode 100644 index 0000000..7ea44de --- /dev/null +++ b/l10n-3.5.3.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:34ba43d6bcfe77a0856fac75ff40ceed0b45514641d22ccc0891cb71431ab5cb +size 36119024 diff --git a/l10n-3.5.4.tar.bz2 b/l10n-3.5.4.tar.bz2 deleted file mode 100644 index f7df695..0000000 --- a/l10n-3.5.4.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:6f9645eb4efba565312c9c50e45af2f1b397790df0e14c822f1cc48deee347dd -size 36379898 From b53949ab332476794c54b28d905b610871a93d242b1eb2a89ce312bf0dbd653c Mon Sep 17 00:00:00 2001 From: Wolfgang Rosenauer Date: Wed, 28 Oct 2009 06:18:17 +0000 Subject: [PATCH 2/6] fixed up changelog OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=127 --- MozillaFirefox.changes | 29 ++++++++++++++++++++++++ MozillaFirefox.spec | 18 +++++++-------- firefox-3.5.3-source.tar.bz2 | 3 --- firefox-3.5.4-source.tar.bz2 | 3 +++ firefox-bug506901.patch | 43 ------------------------------------ l10n-3.5.3.tar.bz2 | 3 --- l10n-3.5.4.tar.bz2 | 3 +++ 7 files changed, 44 insertions(+), 58 deletions(-) delete mode 100644 firefox-3.5.3-source.tar.bz2 create mode 100644 firefox-3.5.4-source.tar.bz2 delete mode 100644 firefox-bug506901.patch delete mode 100644 l10n-3.5.3.tar.bz2 create mode 100644 l10n-3.5.4.tar.bz2 diff --git a/MozillaFirefox.changes b/MozillaFirefox.changes index 77a2d6f..78e9ba0 100644 --- a/MozillaFirefox.changes +++ b/MozillaFirefox.changes @@ -1,3 +1,32 @@ +------------------------------------------------------------------- +Sat Oct 17 23:19:23 CEST 2009 - wr@rosenauer.org + +- security update to version 3.5.4 (bnc#545277) + * MFSA 2009-52/CVE-2009-3370 (bmo#511615) + Form history vulnerable to stealing + * MFSA 2009-53/CVE-2009-3274 (bmo#514823) + Local downloaded file tampering + * MFSA 2009-54/CVE-2009-3371 (bmo#514554) + Crash with recursive web-worker calls + * MFSA 2009-55/CVE-2009-3372 (bmo#500644) + Crash in proxy auto-configuration regexp parsing + * MFSA 2009-56/CVE-2009-3373 (bmo#511689) + Heap buffer overflow in GIF color map parser + * MFSA 2009-57/CVE-2009-3374 (bmo#505988) + Chrome privilege escalation in XPCVariant::VariantDataToJS() + * MFSA 2009-59/CVE-2009-1563 (bmo#516396, bmo#516862) + Heap buffer overflow in string to number conversion + * MFSA 2009-61/CVE-2009-3375 (bmo#503226) + Cross-origin data theft through document.getSelection() + * MFSA 2009-62/CVE-2009-3376 (bmo#511521) + Download filename spoofing with RTL override + * MFSA 2009-63/CVE-2009-3377/CVE-2009-3379/CVE-2009-3378 + Upgrade media libraries to fix memory safety bugs + * MFSA 2009-64/CVE-2009-3380/CVE-2009-3381/CVE-2009-3383 + Crashes with evidence of memory corruption +- removed upstreamed patch + * firefox-bug506901.patch + ------------------------------------------------------------------- Wed Oct 7 20:11:24 CEST 2009 - llunak@novell.com diff --git a/MozillaFirefox.spec b/MozillaFirefox.spec index d1c4b17..1cead17 100644 --- a/MozillaFirefox.spec +++ b/MozillaFirefox.spec @@ -1,5 +1,5 @@ # -# spec file for package MozillaFirefox (Version 3.5.3) +# spec file for package MozillaFirefox (Version 3.5.4) # # Copyright (c) 2009 SUSE LINUX Products GmbH, Nuernberg, Germany. # Copyright (c) 2006-2009 Wolfgang Rosenauer @@ -21,15 +21,15 @@ Name: MozillaFirefox BuildRequires: autoconf213 gcc-c++ libgnomeui-devel libidl-devel orbit-devel python unzip update-desktop-files zip -BuildRequires: mozilla-xulrunner191-devel = 1.9.1.3 +BuildRequires: mozilla-xulrunner191-devel = 1.9.1.4 %if %suse_version > 1020 BuildRequires: fdupes %endif License: GPL v2 or later ; LGPL v2.1 or later ; MPL 1.1 or later Provides: web_browser Provides: firefox -Version: 3.5.3 -Release: 3 +Version: 3.5.4 +Release: 1 Summary: Mozilla Firefox Web Browser Url: http://www.mozilla.org/ Group: Productivity/Networking/Web/Browsers @@ -49,7 +49,6 @@ Patch1: firefox-libxul-sdk.patch Patch2: firefox-no-update.patch Patch3: toolkit-download-folder.patch Patch4: mozilla-linkorder.patch -Patch5: firefox-bug506901.patch Patch6: firefox-cross-desktop.patch Patch7: firefox-kde.patch Patch8: firefox-no-gnomevfs.patch @@ -71,7 +70,7 @@ Requires: %{name}-branding = 3.5 %define __find_requires sh %{SOURCE4} %global provfind sh -c "grep -v '.so' | %__find_provides" %global __find_provides %provfind -%define releasedate 2009090900 +%define releasedate 2009101600 %define progname firefox %define progdir %{_prefix}/%_lib/%{progname} %if %suse_version > 1020 @@ -150,18 +149,19 @@ cd $RPM_BUILD_DIR/mozilla %patch2 -p1 %patch3 -p1 %patch4 -p1 -%patch5 -p1 %patch6 -p1 +%if %suse_version >= 1110 # copy current files and patch them later to keep them in sync cp browser/base/content/browser.xul browser/base/content/browser-kde.xul %patch7 -p1 +# install kde.js +install -m 644 %{SOURCE6} browser/app/profile/kde.js +%endif %patch8 -p1 %patch9 -p1 %patch10 -p1 %patch14 %patch17 -# install kde.js -install -m 644 %{SOURCE6} browser/app/profile/kde.js %build export MOZ_BUILD_DATE=%{releasedate} diff --git a/firefox-3.5.3-source.tar.bz2 b/firefox-3.5.3-source.tar.bz2 deleted file mode 100644 index 3b09fd1..0000000 --- a/firefox-3.5.3-source.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:2f79209d34f558f7fdc8528c176bdb42de553a16ddb5132fb2176b8000c2008f -size 46604125 diff --git a/firefox-3.5.4-source.tar.bz2 b/firefox-3.5.4-source.tar.bz2 new file mode 100644 index 0000000..bfc04b2 --- /dev/null +++ b/firefox-3.5.4-source.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:5fbb775d99a3b10a5ac90494307283ed44df9edad87bd8bc170bb71cf02ac9d2 +size 46568319 diff --git a/firefox-bug506901.patch b/firefox-bug506901.patch deleted file mode 100644 index 9e394a3..0000000 --- a/firefox-bug506901.patch +++ /dev/null @@ -1,43 +0,0 @@ -diff --git a/browser/components/preferences/advanced.js b/browser/components/preferences/advanced.js ---- a/browser/components/preferences/advanced.js -+++ b/browser/components/preferences/advanced.js -@@ -46,32 +46,32 @@ var gAdvancedPane = { - /** - * Brings the appropriate tab to the front and initializes various bits of UI. - */ - init: function () - { - this._inited = true; - var advancedPrefs = document.getElementById("advancedPrefs"); - -+#ifdef MOZ_UPDATER -+ this.updateAppUpdateItems(); -+ this.updateAutoItems(); -+ this.updateModeItems(); -+#endif -+ this.updateOfflineApps(); -+ - var extraArgs = window.arguments[1]; - if (extraArgs && extraArgs["advancedTab"]){ - advancedPrefs.selectedTab = document.getElementById(extraArgs["advancedTab"]); - } else { - var preference = document.getElementById("browser.preferences.advanced.selectedTabIndex"); - if (preference.value === null) - return; - advancedPrefs.selectedIndex = preference.value; - } -- --#ifdef MOZ_UPDATER -- this.updateAppUpdateItems(); -- this.updateAutoItems(); -- this.updateModeItems(); --#endif -- this.updateOfflineApps(); - }, - - /** - * Stores the identity of the current tab in preferences so that the selected - * tab can be persisted between openings of the preferences window. - */ - tabSelectionChanged: function () - { diff --git a/l10n-3.5.3.tar.bz2 b/l10n-3.5.3.tar.bz2 deleted file mode 100644 index 7ea44de..0000000 --- a/l10n-3.5.3.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:34ba43d6bcfe77a0856fac75ff40ceed0b45514641d22ccc0891cb71431ab5cb -size 36119024 diff --git a/l10n-3.5.4.tar.bz2 b/l10n-3.5.4.tar.bz2 new file mode 100644 index 0000000..f7df695 --- /dev/null +++ b/l10n-3.5.4.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:6f9645eb4efba565312c9c50e45af2f1b397790df0e14c822f1cc48deee347dd +size 36379898 From 0446e5b0ad3244f27ca25cd74fc341f68f5906ea88e6f9b6215801636e347962 Mon Sep 17 00:00:00 2001 From: Wolfgang Rosenauer Date: Sat, 7 Nov 2009 09:29:47 +0000 Subject: [PATCH 3/6] update to 3.5.5 OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=128 --- MozillaFirefox.changes | 5 +++++ MozillaFirefox.spec | 8 ++++---- firefox-3.5.4-source.tar.bz2 | 3 --- firefox-3.5.5-source.tar.bz2 | 3 +++ l10n-3.5.4.tar.bz2 | 3 --- l10n-3.5.5.tar.bz2 | 3 +++ 6 files changed, 15 insertions(+), 10 deletions(-) delete mode 100644 firefox-3.5.4-source.tar.bz2 create mode 100644 firefox-3.5.5-source.tar.bz2 delete mode 100644 l10n-3.5.4.tar.bz2 create mode 100644 l10n-3.5.5.tar.bz2 diff --git a/MozillaFirefox.changes b/MozillaFirefox.changes index 78e9ba0..0cdcace 100644 --- a/MozillaFirefox.changes +++ b/MozillaFirefox.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Thu Nov 5 19:49:33 UTC 2009 - wr@rosenauer.org + +- update to version 3.5.5 + ------------------------------------------------------------------- Sat Oct 17 23:19:23 CEST 2009 - wr@rosenauer.org diff --git a/MozillaFirefox.spec b/MozillaFirefox.spec index 1cead17..c4e80e3 100644 --- a/MozillaFirefox.spec +++ b/MozillaFirefox.spec @@ -1,5 +1,5 @@ # -# spec file for package MozillaFirefox (Version 3.5.4) +# spec file for package MozillaFirefox (Version 3.5.5) # # Copyright (c) 2009 SUSE LINUX Products GmbH, Nuernberg, Germany. # Copyright (c) 2006-2009 Wolfgang Rosenauer @@ -21,14 +21,14 @@ Name: MozillaFirefox BuildRequires: autoconf213 gcc-c++ libgnomeui-devel libidl-devel orbit-devel python unzip update-desktop-files zip -BuildRequires: mozilla-xulrunner191-devel = 1.9.1.4 +BuildRequires: mozilla-xulrunner191-devel = 1.9.1.5 %if %suse_version > 1020 BuildRequires: fdupes %endif License: GPL v2 or later ; LGPL v2.1 or later ; MPL 1.1 or later Provides: web_browser Provides: firefox -Version: 3.5.4 +Version: 3.5.5 Release: 1 Summary: Mozilla Firefox Web Browser Url: http://www.mozilla.org/ @@ -70,7 +70,7 @@ Requires: %{name}-branding = 3.5 %define __find_requires sh %{SOURCE4} %global provfind sh -c "grep -v '.so' | %__find_provides" %global __find_provides %provfind -%define releasedate 2009101600 +%define releasedate 2009110300 %define progname firefox %define progdir %{_prefix}/%_lib/%{progname} %if %suse_version > 1020 diff --git a/firefox-3.5.4-source.tar.bz2 b/firefox-3.5.4-source.tar.bz2 deleted file mode 100644 index bfc04b2..0000000 --- a/firefox-3.5.4-source.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:5fbb775d99a3b10a5ac90494307283ed44df9edad87bd8bc170bb71cf02ac9d2 -size 46568319 diff --git a/firefox-3.5.5-source.tar.bz2 b/firefox-3.5.5-source.tar.bz2 new file mode 100644 index 0000000..ac96492 --- /dev/null +++ b/firefox-3.5.5-source.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:91b28c6a77845ae69de4bdc56bc323dce54793f9424a0f61fdda8a3e8a936828 +size 46778633 diff --git a/l10n-3.5.4.tar.bz2 b/l10n-3.5.4.tar.bz2 deleted file mode 100644 index f7df695..0000000 --- a/l10n-3.5.4.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:6f9645eb4efba565312c9c50e45af2f1b397790df0e14c822f1cc48deee347dd -size 36379898 diff --git a/l10n-3.5.5.tar.bz2 b/l10n-3.5.5.tar.bz2 new file mode 100644 index 0000000..59c26a7 --- /dev/null +++ b/l10n-3.5.5.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:f085b3ce7be1658c5e6843f7adefcdc7e3291b81c06ef136ed92628bb89246ca +size 36657230 From 229f89760c079df2f0acb1785dc06b1f60e8fda2f4f120b0708194912744f79b Mon Sep 17 00:00:00 2001 From: Wolfgang Rosenauer Date: Sat, 7 Nov 2009 09:30:30 +0000 Subject: [PATCH 4/6] bnc#553172 OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=129 --- MozillaFirefox.changes | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/MozillaFirefox.changes b/MozillaFirefox.changes index 0cdcace..59a5295 100644 --- a/MozillaFirefox.changes +++ b/MozillaFirefox.changes @@ -1,7 +1,7 @@ ------------------------------------------------------------------- Thu Nov 5 19:49:33 UTC 2009 - wr@rosenauer.org -- update to version 3.5.5 +- update to version 3.5.5 (bnc#553172) ------------------------------------------------------------------- Sat Oct 17 23:19:23 CEST 2009 - wr@rosenauer.org From b450e390106c5f78579c0d2863fdf9d84f363472fcc82b305cba0deee5e0c80c Mon Sep 17 00:00:00 2001 From: OBS User autobuild Date: Tue, 10 Nov 2009 09:49:36 +0000 Subject: [PATCH 5/6] checked in OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=130 --- MozillaFirefox.changes | 27 --------------------------- MozillaFirefox.spec | 8 ++++---- firefox-3.5.4-source.tar.bz2 | 3 +++ firefox-3.5.5-source.tar.bz2 | 3 --- l10n-3.5.4.tar.bz2 | 3 +++ l10n-3.5.5.tar.bz2 | 3 --- 6 files changed, 10 insertions(+), 37 deletions(-) create mode 100644 firefox-3.5.4-source.tar.bz2 delete mode 100644 firefox-3.5.5-source.tar.bz2 create mode 100644 l10n-3.5.4.tar.bz2 delete mode 100644 l10n-3.5.5.tar.bz2 diff --git a/MozillaFirefox.changes b/MozillaFirefox.changes index 59a5295..c1a8027 100644 --- a/MozillaFirefox.changes +++ b/MozillaFirefox.changes @@ -1,34 +1,7 @@ -------------------------------------------------------------------- -Thu Nov 5 19:49:33 UTC 2009 - wr@rosenauer.org - -- update to version 3.5.5 (bnc#553172) - ------------------------------------------------------------------- Sat Oct 17 23:19:23 CEST 2009 - wr@rosenauer.org - security update to version 3.5.4 (bnc#545277) - * MFSA 2009-52/CVE-2009-3370 (bmo#511615) - Form history vulnerable to stealing - * MFSA 2009-53/CVE-2009-3274 (bmo#514823) - Local downloaded file tampering - * MFSA 2009-54/CVE-2009-3371 (bmo#514554) - Crash with recursive web-worker calls - * MFSA 2009-55/CVE-2009-3372 (bmo#500644) - Crash in proxy auto-configuration regexp parsing - * MFSA 2009-56/CVE-2009-3373 (bmo#511689) - Heap buffer overflow in GIF color map parser - * MFSA 2009-57/CVE-2009-3374 (bmo#505988) - Chrome privilege escalation in XPCVariant::VariantDataToJS() - * MFSA 2009-59/CVE-2009-1563 (bmo#516396, bmo#516862) - Heap buffer overflow in string to number conversion - * MFSA 2009-61/CVE-2009-3375 (bmo#503226) - Cross-origin data theft through document.getSelection() - * MFSA 2009-62/CVE-2009-3376 (bmo#511521) - Download filename spoofing with RTL override - * MFSA 2009-63/CVE-2009-3377/CVE-2009-3379/CVE-2009-3378 - Upgrade media libraries to fix memory safety bugs - * MFSA 2009-64/CVE-2009-3380/CVE-2009-3381/CVE-2009-3383 - Crashes with evidence of memory corruption - removed upstreamed patch * firefox-bug506901.patch diff --git a/MozillaFirefox.spec b/MozillaFirefox.spec index c4e80e3..1cead17 100644 --- a/MozillaFirefox.spec +++ b/MozillaFirefox.spec @@ -1,5 +1,5 @@ # -# spec file for package MozillaFirefox (Version 3.5.5) +# spec file for package MozillaFirefox (Version 3.5.4) # # Copyright (c) 2009 SUSE LINUX Products GmbH, Nuernberg, Germany. # Copyright (c) 2006-2009 Wolfgang Rosenauer @@ -21,14 +21,14 @@ Name: MozillaFirefox BuildRequires: autoconf213 gcc-c++ libgnomeui-devel libidl-devel orbit-devel python unzip update-desktop-files zip -BuildRequires: mozilla-xulrunner191-devel = 1.9.1.5 +BuildRequires: mozilla-xulrunner191-devel = 1.9.1.4 %if %suse_version > 1020 BuildRequires: fdupes %endif License: GPL v2 or later ; LGPL v2.1 or later ; MPL 1.1 or later Provides: web_browser Provides: firefox -Version: 3.5.5 +Version: 3.5.4 Release: 1 Summary: Mozilla Firefox Web Browser Url: http://www.mozilla.org/ @@ -70,7 +70,7 @@ Requires: %{name}-branding = 3.5 %define __find_requires sh %{SOURCE4} %global provfind sh -c "grep -v '.so' | %__find_provides" %global __find_provides %provfind -%define releasedate 2009110300 +%define releasedate 2009101600 %define progname firefox %define progdir %{_prefix}/%_lib/%{progname} %if %suse_version > 1020 diff --git a/firefox-3.5.4-source.tar.bz2 b/firefox-3.5.4-source.tar.bz2 new file mode 100644 index 0000000..bfc04b2 --- /dev/null +++ b/firefox-3.5.4-source.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:5fbb775d99a3b10a5ac90494307283ed44df9edad87bd8bc170bb71cf02ac9d2 +size 46568319 diff --git a/firefox-3.5.5-source.tar.bz2 b/firefox-3.5.5-source.tar.bz2 deleted file mode 100644 index ac96492..0000000 --- a/firefox-3.5.5-source.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:91b28c6a77845ae69de4bdc56bc323dce54793f9424a0f61fdda8a3e8a936828 -size 46778633 diff --git a/l10n-3.5.4.tar.bz2 b/l10n-3.5.4.tar.bz2 new file mode 100644 index 0000000..f7df695 --- /dev/null +++ b/l10n-3.5.4.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:6f9645eb4efba565312c9c50e45af2f1b397790df0e14c822f1cc48deee347dd +size 36379898 diff --git a/l10n-3.5.5.tar.bz2 b/l10n-3.5.5.tar.bz2 deleted file mode 100644 index 59c26a7..0000000 --- a/l10n-3.5.5.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:f085b3ce7be1658c5e6843f7adefcdc7e3291b81c06ef136ed92628bb89246ca -size 36657230 From fbbc8b5a7f345f08a0a7042cf71faccf3c581ab6907d2b6bff6b68e3cddfb47a Mon Sep 17 00:00:00 2001 From: OBS User buildservice-autocommit Date: Tue, 10 Nov 2009 09:49:37 +0000 Subject: [PATCH 6/6] Updating link to change in openSUSE:Factory/MozillaFirefox revision 72.0 OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=c9654f309cbb13a8859e6dd8e971a40a --- MozillaFirefox.changes | 27 +++++++++++++++++++++++++++ MozillaFirefox.spec | 8 ++++---- firefox-3.5.4-source.tar.bz2 | 3 --- firefox-3.5.5-source.tar.bz2 | 3 +++ l10n-3.5.4.tar.bz2 | 3 --- l10n-3.5.5.tar.bz2 | 3 +++ 6 files changed, 37 insertions(+), 10 deletions(-) delete mode 100644 firefox-3.5.4-source.tar.bz2 create mode 100644 firefox-3.5.5-source.tar.bz2 delete mode 100644 l10n-3.5.4.tar.bz2 create mode 100644 l10n-3.5.5.tar.bz2 diff --git a/MozillaFirefox.changes b/MozillaFirefox.changes index c1a8027..59a5295 100644 --- a/MozillaFirefox.changes +++ b/MozillaFirefox.changes @@ -1,7 +1,34 @@ +------------------------------------------------------------------- +Thu Nov 5 19:49:33 UTC 2009 - wr@rosenauer.org + +- update to version 3.5.5 (bnc#553172) + ------------------------------------------------------------------- Sat Oct 17 23:19:23 CEST 2009 - wr@rosenauer.org - security update to version 3.5.4 (bnc#545277) + * MFSA 2009-52/CVE-2009-3370 (bmo#511615) + Form history vulnerable to stealing + * MFSA 2009-53/CVE-2009-3274 (bmo#514823) + Local downloaded file tampering + * MFSA 2009-54/CVE-2009-3371 (bmo#514554) + Crash with recursive web-worker calls + * MFSA 2009-55/CVE-2009-3372 (bmo#500644) + Crash in proxy auto-configuration regexp parsing + * MFSA 2009-56/CVE-2009-3373 (bmo#511689) + Heap buffer overflow in GIF color map parser + * MFSA 2009-57/CVE-2009-3374 (bmo#505988) + Chrome privilege escalation in XPCVariant::VariantDataToJS() + * MFSA 2009-59/CVE-2009-1563 (bmo#516396, bmo#516862) + Heap buffer overflow in string to number conversion + * MFSA 2009-61/CVE-2009-3375 (bmo#503226) + Cross-origin data theft through document.getSelection() + * MFSA 2009-62/CVE-2009-3376 (bmo#511521) + Download filename spoofing with RTL override + * MFSA 2009-63/CVE-2009-3377/CVE-2009-3379/CVE-2009-3378 + Upgrade media libraries to fix memory safety bugs + * MFSA 2009-64/CVE-2009-3380/CVE-2009-3381/CVE-2009-3383 + Crashes with evidence of memory corruption - removed upstreamed patch * firefox-bug506901.patch diff --git a/MozillaFirefox.spec b/MozillaFirefox.spec index 1cead17..c4e80e3 100644 --- a/MozillaFirefox.spec +++ b/MozillaFirefox.spec @@ -1,5 +1,5 @@ # -# spec file for package MozillaFirefox (Version 3.5.4) +# spec file for package MozillaFirefox (Version 3.5.5) # # Copyright (c) 2009 SUSE LINUX Products GmbH, Nuernberg, Germany. # Copyright (c) 2006-2009 Wolfgang Rosenauer @@ -21,14 +21,14 @@ Name: MozillaFirefox BuildRequires: autoconf213 gcc-c++ libgnomeui-devel libidl-devel orbit-devel python unzip update-desktop-files zip -BuildRequires: mozilla-xulrunner191-devel = 1.9.1.4 +BuildRequires: mozilla-xulrunner191-devel = 1.9.1.5 %if %suse_version > 1020 BuildRequires: fdupes %endif License: GPL v2 or later ; LGPL v2.1 or later ; MPL 1.1 or later Provides: web_browser Provides: firefox -Version: 3.5.4 +Version: 3.5.5 Release: 1 Summary: Mozilla Firefox Web Browser Url: http://www.mozilla.org/ @@ -70,7 +70,7 @@ Requires: %{name}-branding = 3.5 %define __find_requires sh %{SOURCE4} %global provfind sh -c "grep -v '.so' | %__find_provides" %global __find_provides %provfind -%define releasedate 2009101600 +%define releasedate 2009110300 %define progname firefox %define progdir %{_prefix}/%_lib/%{progname} %if %suse_version > 1020 diff --git a/firefox-3.5.4-source.tar.bz2 b/firefox-3.5.4-source.tar.bz2 deleted file mode 100644 index bfc04b2..0000000 --- a/firefox-3.5.4-source.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:5fbb775d99a3b10a5ac90494307283ed44df9edad87bd8bc170bb71cf02ac9d2 -size 46568319 diff --git a/firefox-3.5.5-source.tar.bz2 b/firefox-3.5.5-source.tar.bz2 new file mode 100644 index 0000000..ac96492 --- /dev/null +++ b/firefox-3.5.5-source.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:91b28c6a77845ae69de4bdc56bc323dce54793f9424a0f61fdda8a3e8a936828 +size 46778633 diff --git a/l10n-3.5.4.tar.bz2 b/l10n-3.5.4.tar.bz2 deleted file mode 100644 index f7df695..0000000 --- a/l10n-3.5.4.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:6f9645eb4efba565312c9c50e45af2f1b397790df0e14c822f1cc48deee347dd -size 36379898 diff --git a/l10n-3.5.5.tar.bz2 b/l10n-3.5.5.tar.bz2 new file mode 100644 index 0000000..59c26a7 --- /dev/null +++ b/l10n-3.5.5.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:f085b3ce7be1658c5e6843f7adefcdc7e3291b81c06ef136ed92628bb89246ca +size 36657230