Hello community, here is the log from the commit of package mozilla-xulrunner190 for openSUSE:Factory checked in at Fri Jun 12 17:37:55 CEST 2009. -------- --- mozilla-xulrunner190/mozilla-xulrunner190.changes 2009-04-28 10:55:55.000000000 +0200 +++ mozilla-xulrunner190/mozilla-xulrunner190.changes 2009-06-12 08:47:56.000000000 +0200 @@ -1,0 +2,27 @@ +Fri Jun 12 08:32:38 CEST 2009 - wr@rosenauer.org + +- security update to 1.9.0.11 (bnc#505563) + * MFSA 2009-24/CVE-2009-1392/CVE-2009-1832/CVE-2009-1833 + Crashes with evidence of memory corruption (rv:1.9.0.11) + * MFSA 2009-25/CVE-2009-1834 (bmo#479413) + URL spoofing with invalid unicode characters + * MFSA 2009-26/CVE-2009-1835 (bmo#491801) + Arbitrary domain cookie access by local file: resources + * MFSA 2009-27/CVE-2009-1836 (bmo#479880) + SSL tampering via non-200 responses to proxy CONNECT requests + * MFSA 2009-28/CVE-2009-1837 (bmo#486269) + Race condition while accessing the private data of a NPObject + JS wrapper class object + * MFSA 2009-29/CVE-2009-1838 (bmo#489131) + Arbitrary code execution using event listeners attached to an + element whose owner document is null + * MFSA 2009-30/CVE-2009-1839 (bmo#479943) + Incorrect principal set for file: resources loaded via + location bar + * MFSA 2009-31/CVE-2009-1840 (bmo#477979) + XUL scripts bypass content-policy checks + * MFSA 2009-32/CVE-2009-1841 (bmo#479560) + JavaScript chrome privilege escalation +- fixing rpath linker flags (part of bnc#501174) + +------------------------------------------------------------------- calling whatdependson for head-i586 Old: ---- l10n-1.9.0.10.tar.bz2 xulrunner-source-1.9.0.10.tar.bz2 New: ---- l10n-1.9.0.11.tar.bz2 xulrunner-source-1.9.0.11.tar.bz2 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ mozilla-xulrunner190.spec ++++++ --- /var/tmp/diff_new_pack.r29404/_old 2009-06-12 17:35:03.000000000 +0200 +++ /var/tmp/diff_new_pack.r29404/_new 2009-06-12 17:35:03.000000000 +0200 @@ -1,7 +1,8 @@ # -# spec file for package mozilla-xulrunner190 (Version 1.9.0.10) +# spec file for package mozilla-xulrunner190 (Version 1.9.0.11) # # Copyright (c) 2009 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2006-2009 Wolfgang Rosenauer # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -32,7 +33,7 @@ BuildRequires: nss-shared-helper-devel %endif License: GPL v2 or later; LGPL v2.1 or later; MOZILLA PUBLIC LICENSE (MPL/NPL) -Version: 1.9.0.10 +Version: 1.9.0.11 Release: 1 Summary: Mozilla Runtime Environment 1.9 Url: http://www.mozilla.org @@ -82,10 +83,10 @@ %if %suse_version > 1100 %define has_system_cairo 1 %endif -%define releasedate 2009042700 +%define releasedate 2009060200 %define version_internal %{version} %define apiversion 1.9 -%define uaweight 190910 +%define uaweight 190911 ### configuration end ### %define _use_internal_dependency_generator 0 %define __find_requires sh %{SOURCE2} @@ -97,9 +98,6 @@ BuildRequires: mozilla-nss-devel PreReq: mozilla-nss >= %(rpm -q --queryformat '%{VERSION}' mozilla-nss) %endif -%if %suse_version > 1030 -#BuildRequires: sqlite3-devel -%endif Recommends: %{name}-gnomevfs %description @@ -219,7 +217,7 @@ popd %build -MOZ_APP_DIR=%{_libdir}/%{name}-%{version_internal} +MOZ_APP_DIR=%{_libdir}/xulrunner-%{version_internal} export MOZ_BUILD_DATE=%{releasedate} #export LD_LIBRARY_PATH=$RPM_BUILD_DIR/mozilla/dist/bin export CFLAGS="$RPM_OPT_FLAGS -Os -fno-strict-aliasing" @@ -483,7 +481,32 @@ %files translations -f %{_tmppath}/translations.list %defattr(-,root,root) %endif + %changelog +* Fri Jun 12 2009 wr@rosenauer.org +- security update to 1.9.0.11 (bnc#505563) + * MFSA 2009-24/CVE-2009-1392/CVE-2009-1832/CVE-2009-1833 + Crashes with evidence of memory corruption (rv:1.9.0.11) + * MFSA 2009-25/CVE-2009-1834 (bmo#479413) + URL spoofing with invalid unicode characters + * MFSA 2009-26/CVE-2009-1835 (bmo#491801) + Arbitrary domain cookie access by local file: resources + * MFSA 2009-27/CVE-2009-1836 (bmo#479880) + SSL tampering via non-200 responses to proxy CONNECT requests + * MFSA 2009-28/CVE-2009-1837 (bmo#486269) + Race condition while accessing the private data of a NPObject + JS wrapper class object + * MFSA 2009-29/CVE-2009-1838 (bmo#489131) + Arbitrary code execution using event listeners attached to an + element whose owner document is null + * MFSA 2009-30/CVE-2009-1839 (bmo#479943) + Incorrect principal set for file: resources loaded via + location bar + * MFSA 2009-31/CVE-2009-1840 (bmo#477979) + XUL scripts bypass content-policy checks + * MFSA 2009-32/CVE-2009-1841 (bmo#479560) + JavaScript chrome privilege escalation +- fixing rpath linker flags (part of bnc#501174) * Tue Apr 28 2009 wr@rosenauer.org - update to 1.9.0.10 * MFSA 2009-23/CVE-2009-1313 (bmo#489647) ++++++ l10n-1.9.0.10.tar.bz2 -> l10n-1.9.0.11.tar.bz2 ++++++ mozilla-xulrunner190/l10n-1.9.0.10.tar.bz2 mozilla-xulrunner190/l10n-1.9.0.11.tar.bz2 differ: byte 11, line 1 ++++++ xulrunner-source-1.9.0.10.tar.bz2 -> xulrunner-source-1.9.0.11.tar.bz2 ++++++ mozilla-xulrunner190/xulrunner-source-1.9.0.10.tar.bz2 mozilla-xulrunner190/xulrunner-source-1.9.0.11.tar.bz2 differ: byte 11, line 1 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... -- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org