Mailinglist Archive: opensuse-commit (857 mails)

< Previous Next >
commit MozillaFirefox
  • From: root@xxxxxxxxxxxxxxx (h_root)
  • Date: Thu, 29 Nov 2007 18:25:12 +0100
  • Message-id: <20071129172512.A84D5678335@xxxxxxxxxxxxxxx>

Hello community,

here is the log from the commit of package MozillaFirefox
checked in at Thu Nov 29 18:25:12 CET 2007.

--------
--- MozillaFirefox/MozillaFirefox.changes 2007-11-26 18:27:50.000000000
+0100
+++ /mounts/work_src_done/STABLE/MozillaFirefox/MozillaFirefox.changes
2007-11-27 18:25:44.908309000 +0100
@@ -1,0 +2,12 @@
+Tue Nov 27 18:25:25 CET 2007 - maw@xxxxxxx
+
+- Security update to version 2.0.0.10 (#341905, #341591):
+ + MFSA 2007-39 Referer-spoofing via window.location race condition
+ + MFSA 2007-38 Memory corruption vulnerabilities (rv:1.8.1.10)
+ + MFSA 2007-37 jar: URI scheme XSS hazard
+ + Fixes for regressions introduced in 2.0.0.8
+ + Updated dbus.patch, startup.patch, misc.dif, and configure.patch
+- Add mozilla-gcc4.3-fixes.patch
+- Add mozilla-canvas-1.8.1.10.patch (#341591#c10).
+
+-------------------------------------------------------------------

Old:
----
firefox-2.0.0.8-source.tar.bz2
firefox-gcc4.3-fixes.patch
l10n-2.0.0.8.tar.bz2

New:
----
firefox-2.0.0.10-source.tar.bz2
l10n-2.0.0.10.tar.bz2
mozilla-canvas-1.8.1.10.patch
mozilla-gcc4.3-fixes.patch

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ MozillaFirefox.spec ++++++
--- /var/tmp/diff_new_pack.C19755/_old 2007-11-29 18:24:48.000000000 +0100
+++ /var/tmp/diff_new_pack.C19755/_new 2007-11-29 18:24:48.000000000 +0100
@@ -1,5 +1,5 @@
#
-# spec file for package MozillaFirefox (Version 2.0.0.8)
+# spec file for package MozillaFirefox (Version 2.0.0.10)
#
# Copyright (c) 2007 SUSE LINUX Products GmbH, Nuernberg, Germany.
# This file and all modifications and additions to the pristine
@@ -28,8 +28,8 @@
%if %sles_version == 10
Obsoletes: mozilla
%endif
-Version: 2.0.0.8
-Release: 22
+Version: 2.0.0.10
+Release: 1
Summary: Mozilla Firefox Web Browser
Url: http://www.mozilla.org/
Group: Productivity/Networking/Web/Browsers
@@ -59,6 +59,7 @@
Patch1: visibility.patch
Patch2: rpath.patch
Patch3: gcc-undefined-ops.patch
+Patch4: mozilla-gcc4.3-fixes.patch
Patch5: abuild.patch
# NSPR bmo #270502
Patch6: nspr-prdtoa.patch
@@ -91,9 +92,9 @@
# integration
Patch34: skin-selection.patch
Patch36: greasemonkey.patch
+Patch37: mozilla-canvas-1.8.1.10.patch
Patch38: tango-maxversion.patch
Patch39: x11-session.patch
-Patch40: firefox-gcc4.3-fixes.patch
# gconf.patch dbus.patch startup.patch
Patch100: configure.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
@@ -188,6 +189,7 @@
%patch1
%patch2
%patch3
+%patch4
%patch5
%patch6
%patch7
@@ -216,11 +218,11 @@
%patch33
%patch34
%patch36
+%patch37
pushd $RPM_BUILD_DIR
%patch38
popd
%patch39 -p1
-%patch40 -p1
%patch100
%if %has_system_nss
#%patch101
@@ -557,6 +559,15 @@
%endif

%changelog
+* Tue Nov 27 2007 - maw@xxxxxxx
+- Security update to version 2.0.0.10 (#341905, #341591):
+ + MFSA 2007-39 Referer-spoofing via window.location race condition
+ + MFSA 2007-38 Memory corruption vulnerabilities (rv:1.8.1.10)
+ + MFSA 2007-37 jar: URI scheme XSS hazard
+ + Fixes for regressions introduced in 2.0.0.8
+ + Updated dbus.patch, startup.patch, misc.dif, and configure.patch
+- Add mozilla-gcc4.3-fixes.patch
+- Add mozilla-canvas-1.8.1.10.patch (#341591#c10).
* Mon Nov 26 2007 - maw@xxxxxxx
- Build with -ftree-vrp -fwrapv, per advice in #342603#c17.
* Tue Nov 13 2007 - maw@xxxxxxx




++++++ configure.patch ++++++
++++ 6177 lines (skipped)
++++ between MozillaFirefox/configure.patch
++++ and /mounts/work_src_done/STABLE/MozillaFirefox/configure.patch

++++++ dbus.patch ++++++
--- /var/tmp/diff_new_pack.C19755/_old 2007-11-29 18:24:48.000000000 +0100
+++ /var/tmp/diff_new_pack.C19755/_new 2007-11-29 18:24:48.000000000 +0100
@@ -77,7 +77,7 @@
MOZ_EXTENSIONS=`echo $MOZ_EXTENSIONS | sed -e 's|venkman||'`
--- extensions/dbus/Makefile.in
+++ extensions/dbus/Makefile.in
-@@ -0,0 +1,68 @@
+@@ -0,0 +1,70 @@
+# ###### BEGIN LICENSE BLOCK ######
+# Version: NPL 1.1/GPL 2.0/LGPL 2.1
+#
@@ -134,9 +134,11 @@
+ embedcomponents \
+ $(NULL)
+
-+EXTRA_DSO_LDOPTS = $(MOZ_DBUS_GLIB_LIBS) \
-+ $(MOZ_GTHREAD_LIBS) \
-+ $(MOZ_COMPONENT_LIBS)
++EXTRA_DSO_LDOPTS = $(XPCOM_GLUE_LDOPTS) \
++ $(NSPR_LIBS) \
++ $(MOZ_DBUS_GLIB_LIBS) \
++ $(MOZ_GTHREAD_LIBS) \
++ $(NULL)
+
+CPPSRCS = \
+ nsDBusModule.cpp \
@@ -563,3 +565,20 @@
+};
+
+NS_IMPL_NSGETMODULE(nsDBusModule, components)
+Index: config/system-headers
+===================================================================
+RCS file: /cvsroot/mozilla/config/system-headers,v
+retrieving revision 3.4.4.3
+diff -u -r3.4.4.3 system-headers
+--- config/system-headers 18 Dec 2006 23:48:58 -0000 3.4.4.3
++++ config/system-headers 13 Nov 2007 23:04:10 -0000
+@@ -141,6 +141,9 @@
+ curses.h
+ cxxabi.h
+ DateTimeUtils.h
++dbus/dbus.h
++dbus/dbus-glib.h
++dbus/dbus-glib-lowlevel.h
+ ddeml.h
+ Debug.h
+ dem.h


++++++ firefox-2.0.0.8-source.tar.bz2 -> firefox-2.0.0.10-source.tar.bz2 ++++++
MozillaFirefox/firefox-2.0.0.8-source.tar.bz2
/mounts/work_src_done/STABLE/MozillaFirefox/firefox-2.0.0.10-source.tar.bz2
differ: byte 11, line 1




++++++ l10n-2.0.0.8.tar.bz2 -> l10n-2.0.0.10.tar.bz2 ++++++
MozillaFirefox/l10n-2.0.0.8.tar.bz2
/mounts/work_src_done/STABLE/MozillaFirefox/l10n-2.0.0.10.tar.bz2 differ: byte
11, line 1

++++++ mozilla-canvas-1.8.1.10.patch ++++++
Index: content/canvas/src/nsCanvasRenderingContext2D.cpp
===================================================================
RCS file: /cvsroot/mozilla/content/canvas/src/nsCanvasRenderingContext2D.cpp,v
retrieving revision 1.102
diff -u -8 -p -r1.102 nsCanvasRenderingContext2D.cpp
--- content/canvas/src/nsCanvasRenderingContext2D.cpp 10 Oct 2007 20:31:45
-0000 1.102
+++ content/canvas/src/nsCanvasRenderingContext2D.cpp 11 Oct 2007 23:31:32
-0000
@@ -2140,17 +2140,17 @@ nsCanvasRenderingContext2D::CairoSurface
getter_AddRefs(imgRequest));
NS_ENSURE_SUCCESS(rv, rv);
if (!imgRequest)
// XXX ERRMSG we need to report an error to developers here! (bug
329026)
return NS_ERROR_NOT_AVAILABLE;

PRUint32 status;
imgRequest->GetImageStatus(&status);
- if (status != imgIRequest::STATUS_LOAD_COMPLETE)
+ if ((status & imgIRequest::STATUS_LOAD_COMPLETE) == 0)
return NS_ERROR_NOT_AVAILABLE;

nsCOMPtr<nsIURI> uri;
rv = imageLoader->GetCurrentURI(uriOut);
NS_ENSURE_SUCCESS(rv, rv);

*forceWriteOnlyOut = PR_FALSE;



++++++ mozilla-gcc4.3-fixes.patch ++++++
References:
https://bugzilla.mozilla.org/show_bug.cgi?id=403675
https://bugzilla.mozilla.org/show_bug.cgi?id=386362

Index: modules/libpr0n/encoders/png/nsPNGEncoder.h
===================================================================
RCS file: /cvsroot/mozilla/modules/libpr0n/encoders/png/nsPNGEncoder.h,v
retrieving revision 1.1.18.1
diff -u -p -6 -r1.1.18.1 nsPNGEncoder.h
--- modules/libpr0n/encoders/png/nsPNGEncoder.h 20 May 2006 17:20:49 -0000
1.1.18.1
+++ modules/libpr0n/encoders/png/nsPNGEncoder.h 13 Nov 2007 22:07:36 -0000
@@ -35,14 +35,16 @@
*
* ***** END LICENSE BLOCK ***** */

#include "imgIEncoder.h"
#ifdef MOZILLA_1_8_BRANCH
#define imgIEncoder imgIEncoder_MOZILLA_1_8_BRANCH
+#ifndef NS_DECL_IMGIENCODER
#define NS_DECL_IMGIENCODER NS_DECL_IMGIENCODER_MOZILLA_1_8_BRANCH
#endif
+#endif

#include <png.h>

#define NS_PNGENCODER_CID \
{ /* 38d1592e-b81e-432b-86f8-471878bbfe07 */ \
0x38d1592e, \
@@ -60,12 +62,20 @@ public:
NS_DECL_ISUPPORTS
NS_DECL_IMGIENCODER
NS_DECL_NSIINPUTSTREAM

nsPNGEncoder();

+ NS_IMETHOD InitFromData(const PRUint8* aData,
+ PRUint32 aLength, // (unused, req'd by JS)
+ PRUint32 aWidth,
+ PRUint32 aHeight,
+ PRUint32 aStride,
+ PRUint32 aInputFormat,
+ const nsAString& aOutputOptions);
+
private:
~nsPNGEncoder();

protected:
void ConvertHostARGBRow(const PRUint8* aSrc, PRUint8* aDest,
PRUint32 aPixelWidth, PRBool aUseTransparency);
Index: modules/libpr0n/encoders/jpeg/nsJPEGEncoder.h
===================================================================
RCS file: /cvsroot/mozilla/modules/libpr0n/encoders/jpeg/nsJPEGEncoder.h,v
retrieving revision 1.1.14.1
diff -u -p -6 -r1.1.14.1 nsJPEGEncoder.h
--- modules/libpr0n/encoders/jpeg/nsJPEGEncoder.h 20 May 2006 17:20:48
-0000 1.1.14.1
+++ modules/libpr0n/encoders/jpeg/nsJPEGEncoder.h 13 Nov 2007 22:07:57
-0000
@@ -36,14 +36,16 @@
*
* ***** END LICENSE BLOCK ***** */

#include "imgIEncoder.h"
#ifdef MOZILLA_1_8_BRANCH
#define imgIEncoder imgIEncoder_MOZILLA_1_8_BRANCH
+#ifndef NS_DECL_IMGIENCODER
#define NS_DECL_IMGIENCODER NS_DECL_IMGIENCODER_MOZILLA_1_8_BRANCH
#endif
+#endif

// needed for JPEG library
#include <stdio.h>

extern "C" {
#include "jpeglib.h"
@@ -66,12 +68,20 @@ public:
NS_DECL_ISUPPORTS
NS_DECL_IMGIENCODER
NS_DECL_NSIINPUTSTREAM

nsJPEGEncoder();

+ NS_IMETHOD InitFromData(const PRUint8* aData,
+ PRUint32 aLength, // (unused, req'd by JS)
+ PRUint32 aWidth,
+ PRUint32 aHeight,
+ PRUint32 aStride,
+ PRUint32 aInputFormat,
+ const nsAString& aOutputOptions);
+
private:
~nsJPEGEncoder();

protected:

void ConvertHostARGBRow(const PRUint8* aSrc, PRUint8* aDest,
Index: modules/libpr0n/public/imgIEncoder.idl
===================================================================
RCS file: /cvsroot/mozilla/modules/libpr0n/public/imgIEncoder.idl,v
retrieving revision 1.1.10.3
diff -u -p -r1.1.10.3 imgIEncoder.idl
--- modules/libpr0n/public/imgIEncoder.idl 20 May 2006 17:20:49 -0000
1.1.10.3
+++ modules/libpr0n/public/imgIEncoder.idl 14 Nov 2007 10:41:40 -0000
@@ -96,6 +96,6 @@ interface nsIFile;
[scriptable, uuid(CCC5B3AD-3E67-4e3d-97E1-B06B2E96FEF8)]
interface imgIEncoder : nsISupports
{
- void encodeClipboardImage(in nsIClipboardImage aClipboardImage, out nsIFile
aImageFile);
+ /* void encodeClipboardImage(in nsIClipboardImage aClipboardImage, out
nsIFile aImageFile); */
};

Index: xpcom/obsolete/component/nsFileSpecImpl.h
===================================================================
RCS file: /cvsroot/mozilla/xpcom/obsolete/component/nsFileSpecImpl.h,v
retrieving revision 1.3
diff -u -p -6 -r1.3 nsFileSpecImpl.h
--- xpcom/obsolete/component/nsFileSpecImpl.h 18 Apr 2004 14:18:15 -0000
1.3
+++ xpcom/obsolete/component/nsFileSpecImpl.h 14 Nov 2007 12:11:12 -0000
@@ -40,13 +40,13 @@

#include "nscore.h"
#include "nsIFileSpec.h"
#include "nsFileSpec.h"


//========================================================================================
-class nsFileSpecImpl
+class NS_COM nsFileSpecImpl

//========================================================================================
: public nsIFileSpec
{

public:

@@ -78,13 +78,13 @@ class nsFileSpecImpl

private:
~nsFileSpecImpl();
}; // class nsFileSpecImpl


//========================================================================================
-class nsDirectoryIteratorImpl
+class NS_COM nsDirectoryIteratorImpl

//========================================================================================
: public nsIDirectoryIterator
{

public:


++++++ startup.patch ++++++
--- /var/tmp/diff_new_pack.C19755/_old 2007-11-29 18:24:49.000000000 +0100
+++ /var/tmp/diff_new_pack.C19755/_new 2007-11-29 18:24:49.000000000 +0100
@@ -1193,3 +1193,22 @@
+
return NS_FAILED(rv) ? 1 : 0;
}
+Index: config/system-headers
+===================================================================
+RCS file: /cvsroot/mozilla/config/system-headers,v
+retrieving revision 3.4.4.3
+diff -u -r3.4.4.3 system-headers
+--- config/system-headers 18 Dec 2006 23:48:58 -0000 3.4.4.3
++++ config/system-headers 14 Nov 2007 09:20:50 -0000
+@@ -931,3 +934,11 @@
+ #if MOZ_NATIVE_ZLIB==1
+ zlib.h
+ #endif
++#ifdef MOZ_ENABLE_STARTUP_NOTIFICATION
++libsn/sn.h
++libsn/sn-common.h
++libsn/sn-launchee.h
++libsn/sn-launcher.h
++libsn/sn-monitor.h
++libsn/sn-util.h
++#endif


++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++



Remember to have fun...

---------------------------------------------------------------------
To unsubscribe, e-mail: opensuse-commit+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-commit+help@xxxxxxxxxxxx

< Previous Next >
This Thread