Hello community, here is the log from the commit of package mozilla-xulrunner190 for openSUSE:Factory checked in at Wed Apr 29 00:46:21 CEST 2009. -------- --- mozilla-xulrunner190/mozilla-xulrunner190.changes 2009-03-27 09:59:20.000000000 +0100 +++ mozilla-xulrunner190/mozilla-xulrunner190.changes 2009-04-28 10:55:55.000000000 +0200 @@ -1,0 +2,37 @@ +Tue Apr 28 10:42:23 CEST 2009 - wr@rosenauer.org + +- update to 1.9.0.10 + * MFSA 2009-23/CVE-2009-1313 (bmo#489647) + Crash in nsTextFrame::ClearTextRun() +- fix preprocessor statement to fix build with gcc 4.4 + +------------------------------------------------------------------- +Thu Apr 16 13:44:47 CEST 2009 - wr@rosenauer.org + +- security update to 1.9.0.9 (bnc#495473) + * MFSA 2009-14/CVE-2009-1302/CVE-2009-1303/CVE-2009-1304/CVE-2009-1305 + Crashes with evidence of memory corruption (rv:1.9.0.9) + * MFSA 2009-15/CVE-2009-0652 (bmo#479336) + URL spoofing with box drawing character + * MFSA 2009-16/CVE-2009-1306 (bmo#474536) + jar: scheme ignores the content-disposition: header on the + inner URI + * MFSA 2009-17/CVE-2009-1307 (bmo#481342) + Same-origin violations when Adobe Flash loaded via + view-source: scheme + * MFSA 2009-18/CVE-2009-1308 (bmo#481558) + XSS hazard using third-party stylesheets and XBL bindings + * MFSA 2009-19/CVE-2009-1309 (bmo#482206,478433) + Same-origin violations in XMLHttpRequest and + XPCNativeWrapper.toString + * MFSA 2009-20/CVE-2009-1310 (bmo#483086) + Malicious search plugins can inject code into arbitrary sites + * MFSA 2009-21/CVE-2009-1311 (bmo#471962) + POST data sent to wrong site when saving web page with + embedded frame + * MFSA 2009-22/CVE-2009-1312 (bmo#475636) + Firefox allows Refresh header to redirect to javascript: URIs +- removed bnc465284-VUL-designMode.patch since it's integrated + in 1.9.0.9 + +------------------------------------------------------------------- calling whatdependson for head-i586 Old: ---- bnc465284-VUL-designMode.patch l10n-1.9.0.8.tar.bz2 xulrunner-source-1.9.0.8.tar.bz2 New: ---- l10n-1.9.0.10.tar.bz2 mozilla-gcc44.patch xulrunner-source-1.9.0.10.tar.bz2 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ mozilla-xulrunner190.spec ++++++ --- /var/tmp/diff_new_pack.W21188/_old 2009-04-29 00:41:03.000000000 +0200 +++ /var/tmp/diff_new_pack.W21188/_new 2009-04-29 00:41:03.000000000 +0200 @@ -1,5 +1,5 @@ # -# spec file for package mozilla-xulrunner190 (Version 1.9.0.8) +# spec file for package mozilla-xulrunner190 (Version 1.9.0.10) # # Copyright (c) 2009 SUSE LINUX Products GmbH, Nuernberg, Germany. # @@ -32,7 +32,7 @@ BuildRequires: nss-shared-helper-devel %endif License: GPL v2 or later; LGPL v2.1 or later; MOZILLA PUBLIC LICENSE (MPL/NPL) -Version: 1.9.0.8 +Version: 1.9.0.10 Release: 1 Summary: Mozilla Runtime Environment 1.9 Url: http://www.mozilla.org @@ -52,6 +52,7 @@ Patch3: mozilla-pkgconfig.patch Patch4: idldir.patch Patch5: mozilla-path_len.patch +Patch6: mozilla-gcc44.patch Patch7: mozilla-nongnome-proxies.patch Patch8: mozilla-helper-app.patch Patch9: mozilla-system-hunspell.patch.bz2 @@ -65,7 +66,6 @@ Patch18: toolkit-ui-lockdown.patch Patch22: mozilla-shared-nss-db.patch Patch23: bmo472464.patch -Patch24: bnc465284-VUL-designMode.patch Patch25: lcms-bnc479606.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build PreReq: libstdc++ expat pango xorg-x11-libs fontconfig freetype2 @@ -82,10 +82,10 @@ %if %suse_version > 1100 %define has_system_cairo 1 %endif -%define releasedate 2009032600 +%define releasedate 2009042700 %define version_internal %{version} %define apiversion 1.9 -%define uaweight 190800 +%define uaweight 190910 ### configuration end ### %define _use_internal_dependency_generator 0 %define __find_requires sh %{SOURCE2} @@ -199,6 +199,7 @@ %patch3 %patch4 %patch5 -p1 +%patch6 %patch7 %patch8 pushd extensions @@ -213,7 +214,6 @@ %patch18 -p1 %patch22 %patch23 -%patch24 -p1 pushd modules/lcms %patch25 -p1 popd @@ -484,19 +484,50 @@ %defattr(-,root,root) %endif %changelog +* Tue Apr 28 2009 wr@rosenauer.org +- update to 1.9.0.10 + * MFSA 2009-23/CVE-2009-1313 (bmo#489647) + Crash in nsTextFrame::ClearTextRun() +- fix preprocessor statement to fix build with gcc 4.4 +* Thu Apr 16 2009 wr@rosenauer.org +- security update to 1.9.0.9 (bnc#495473) + * MFSA 2009-14/CVE-2009-1302/CVE-2009-1303/CVE-2009-1304/CVE-2009-1305 + Crashes with evidence of memory corruption (rv:1.9.0.9) + * MFSA 2009-15/CVE-2009-0652 (bmo#479336) + URL spoofing with box drawing character + * MFSA 2009-16/CVE-2009-1306 (bmo#474536) + jar: scheme ignores the content-disposition: header on the + inner URI + * MFSA 2009-17/CVE-2009-1307 (bmo#481342) + Same-origin violations when Adobe Flash loaded via + view-source: scheme + * MFSA 2009-18/CVE-2009-1308 (bmo#481558) + XSS hazard using third-party stylesheets and XBL bindings + * MFSA 2009-19/CVE-2009-1309 (bmo#482206,478433) + Same-origin violations in XMLHttpRequest and + XPCNativeWrapper.toString + * MFSA 2009-20/CVE-2009-1310 (bmo#483086) + Malicious search plugins can inject code into arbitrary sites + * MFSA 2009-21/CVE-2009-1311 (bmo#471962) + POST data sent to wrong site when saving web page with + embedded frame + * MFSA 2009-22/CVE-2009-1312 (bmo#475636) + Firefox allows Refresh header to redirect to javascript: URIs +- removed bnc465284-VUL-designMode.patch since it's integrated + in 1.9.0.9 * Fri Mar 27 2009 wr@rosenauer.org - security update to 1.9.0.8 (bnc#488955,489411) * MFSA 2009-12/CVE-2009-1169 (bmo#460090,485217) Crash and remote code execution in XSL transformation * MFSA 2009-13/CVE-2009-1044 (bmo#484320) Arbitrary code execution via XUL tree moveToEdgeShift -* Fri Mar 13 2009 wr@rosenauer.org +* Sat Mar 14 2009 wr@rosenauer.org - make mozjs consumers using rpath to the correct location to find the library at runtime (bnc#479505) -* Wed Mar 11 2009 pwu@suse.de +* Thu Mar 12 2009 pwu@suse.de - Fixes bnc#479610(MozillaFirefox: LittleCMS integer overflows), add a patch lcms-bnc479606.patch. -* Thu Mar 05 2009 pwu@suse.de +* Fri Mar 06 2009 pwu@suse.de - Backport a patch from xulrunner191, and fix bnc#465284 and CVE-2009-0071. * Sun Mar 01 2009 wr@rosenauer.org @@ -515,7 +546,7 @@ * MFSA 2009-11/CVE-2009-0777 (bmo#452979) URL spoofing with invisible control characters - removed obsolete patch to configure system sqlite -* Wed Feb 04 2009 hfiguiere@suse.de +* Thu Feb 05 2009 hfiguiere@suse.de - Review and approve changes. * Tue Feb 03 2009 wr@rosenauer.org - security update to 1.9.0.6 (bnc#470074) @@ -646,7 +677,7 @@ * Mon May 26 2008 maw@suse.de - Fix baselibs.conf to mention mozilla-xulrunner190-translations (bnc#393856). -* Tue May 20 2008 maw@suse.de +* Wed May 21 2008 maw@suse.de - Add mozilla-pkgconfig.patch (part of bnc#381154). * Tue May 20 2008 maw@suse.de - Add mozilla-fsync-bmo499050.patch (bmo#499050). ++++++ l10n-1.9.0.8.tar.bz2 -> l10n-1.9.0.10.tar.bz2 ++++++ mozilla-xulrunner190/l10n-1.9.0.8.tar.bz2 mozilla-xulrunner190/l10n-1.9.0.10.tar.bz2 differ: byte 11, line 1 ++++++ mozilla-gcc44.patch ++++++ Index: ./toolkit/xre/nsAppRunner.cpp =================================================================== RCS file: /cvsroot/mozilla/toolkit/xre/nsAppRunner.cpp,v retrieving revision 1.215 diff -u -p -6 -r1.215 nsAppRunner.cpp --- ./toolkit/xre/nsAppRunner.cpp 17 Nov 2008 14:36:43 -0000 1.215 +++ ./toolkit/xre/nsAppRunner.cpp 27 Apr 2009 18:24:19 -0000 @@ -1456,13 +1456,13 @@ XRE_GetBinaryPath(const char* argv0, nsI rv = NS_NewNativeLocalFile(nsDependentCString(info.name), PR_TRUE, getter_AddRefs(lf)); if (NS_FAILED(rv)) return rv; -#elif +#else #error Oops, you need platform-specific code here #endif NS_ADDREF(*aResult = lf); return NS_OK; } ++++++ xulrunner-source-1.9.0.8.tar.bz2 -> xulrunner-source-1.9.0.10.tar.bz2 ++++++ mozilla-xulrunner190/xulrunner-source-1.9.0.8.tar.bz2 mozilla-xulrunner190/xulrunner-source-1.9.0.10.tar.bz2 differ: byte 11, line 1 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... -- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org