Hello community,
here is the log from the commit of package MozillaFirefox
checked in at Thu Nov 29 18:25:12 CET 2007.
--------
--- MozillaFirefox/MozillaFirefox.changes 2007-11-26 18:27:50.000000000 +0100
+++ /mounts/work_src_done/STABLE/MozillaFirefox/MozillaFirefox.changes 2007-11-27 18:25:44.908309000 +0100
@@ -1,0 +2,12 @@
+Tue Nov 27 18:25:25 CET 2007 - maw@suse.de
+
+- Security update to version 2.0.0.10 (#341905, #341591):
+ + MFSA 2007-39 Referer-spoofing via window.location race condition
+ + MFSA 2007-38 Memory corruption vulnerabilities (rv:1.8.1.10)
+ + MFSA 2007-37 jar: URI scheme XSS hazard
+ + Fixes for regressions introduced in 2.0.0.8
+ + Updated dbus.patch, startup.patch, misc.dif, and configure.patch
+- Add mozilla-gcc4.3-fixes.patch
+- Add mozilla-canvas-1.8.1.10.patch (#341591#c10).
+
+-------------------------------------------------------------------
Old:
----
firefox-2.0.0.8-source.tar.bz2
firefox-gcc4.3-fixes.patch
l10n-2.0.0.8.tar.bz2
New:
----
firefox-2.0.0.10-source.tar.bz2
l10n-2.0.0.10.tar.bz2
mozilla-canvas-1.8.1.10.patch
mozilla-gcc4.3-fixes.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ MozillaFirefox.spec ++++++
--- /var/tmp/diff_new_pack.C19755/_old 2007-11-29 18:24:48.000000000 +0100
+++ /var/tmp/diff_new_pack.C19755/_new 2007-11-29 18:24:48.000000000 +0100
@@ -1,5 +1,5 @@
#
-# spec file for package MozillaFirefox (Version 2.0.0.8)
+# spec file for package MozillaFirefox (Version 2.0.0.10)
#
# Copyright (c) 2007 SUSE LINUX Products GmbH, Nuernberg, Germany.
# This file and all modifications and additions to the pristine
@@ -28,8 +28,8 @@
%if %sles_version == 10
Obsoletes: mozilla
%endif
-Version: 2.0.0.8
-Release: 22
+Version: 2.0.0.10
+Release: 1
Summary: Mozilla Firefox Web Browser
Url: http://www.mozilla.org/
Group: Productivity/Networking/Web/Browsers
@@ -59,6 +59,7 @@
Patch1: visibility.patch
Patch2: rpath.patch
Patch3: gcc-undefined-ops.patch
+Patch4: mozilla-gcc4.3-fixes.patch
Patch5: abuild.patch
# NSPR bmo #270502
Patch6: nspr-prdtoa.patch
@@ -91,9 +92,9 @@
# integration
Patch34: skin-selection.patch
Patch36: greasemonkey.patch
+Patch37: mozilla-canvas-1.8.1.10.patch
Patch38: tango-maxversion.patch
Patch39: x11-session.patch
-Patch40: firefox-gcc4.3-fixes.patch
# gconf.patch dbus.patch startup.patch
Patch100: configure.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
@@ -188,6 +189,7 @@
%patch1
%patch2
%patch3
+%patch4
%patch5
%patch6
%patch7
@@ -216,11 +218,11 @@
%patch33
%patch34
%patch36
+%patch37
pushd $RPM_BUILD_DIR
%patch38
popd
%patch39 -p1
-%patch40 -p1
%patch100
%if %has_system_nss
#%patch101
@@ -557,6 +559,15 @@
%endif
%changelog
+* Tue Nov 27 2007 - maw@suse.de
+- Security update to version 2.0.0.10 (#341905, #341591):
+ + MFSA 2007-39 Referer-spoofing via window.location race condition
+ + MFSA 2007-38 Memory corruption vulnerabilities (rv:1.8.1.10)
+ + MFSA 2007-37 jar: URI scheme XSS hazard
+ + Fixes for regressions introduced in 2.0.0.8
+ + Updated dbus.patch, startup.patch, misc.dif, and configure.patch
+- Add mozilla-gcc4.3-fixes.patch
+- Add mozilla-canvas-1.8.1.10.patch (#341591#c10).
* Mon Nov 26 2007 - maw@suse.de
- Build with -ftree-vrp -fwrapv, per advice in #342603#c17.
* Tue Nov 13 2007 - maw@suse.de
++++++ configure.patch ++++++
++++ 6177 lines (skipped)
++++ between MozillaFirefox/configure.patch
++++ and /mounts/work_src_done/STABLE/MozillaFirefox/configure.patch
++++++ dbus.patch ++++++
--- /var/tmp/diff_new_pack.C19755/_old 2007-11-29 18:24:48.000000000 +0100
+++ /var/tmp/diff_new_pack.C19755/_new 2007-11-29 18:24:48.000000000 +0100
@@ -77,7 +77,7 @@
MOZ_EXTENSIONS=`echo $MOZ_EXTENSIONS | sed -e 's|venkman||'`
--- extensions/dbus/Makefile.in
+++ extensions/dbus/Makefile.in
-@@ -0,0 +1,68 @@
+@@ -0,0 +1,70 @@
+# ###### BEGIN LICENSE BLOCK ######
+# Version: NPL 1.1/GPL 2.0/LGPL 2.1
+#
@@ -134,9 +134,11 @@
+ embedcomponents \
+ $(NULL)
+
-+EXTRA_DSO_LDOPTS = $(MOZ_DBUS_GLIB_LIBS) \
-+ $(MOZ_GTHREAD_LIBS) \
-+ $(MOZ_COMPONENT_LIBS)
++EXTRA_DSO_LDOPTS = $(XPCOM_GLUE_LDOPTS) \
++ $(NSPR_LIBS) \
++ $(MOZ_DBUS_GLIB_LIBS) \
++ $(MOZ_GTHREAD_LIBS) \
++ $(NULL)
+
+CPPSRCS = \
+ nsDBusModule.cpp \
@@ -563,3 +565,20 @@
+};
+
+NS_IMPL_NSGETMODULE(nsDBusModule, components)
+Index: config/system-headers
+===================================================================
+RCS file: /cvsroot/mozilla/config/system-headers,v
+retrieving revision 3.4.4.3
+diff -u -r3.4.4.3 system-headers
+--- config/system-headers 18 Dec 2006 23:48:58 -0000 3.4.4.3
++++ config/system-headers 13 Nov 2007 23:04:10 -0000
+@@ -141,6 +141,9 @@
+ curses.h
+ cxxabi.h
+ DateTimeUtils.h
++dbus/dbus.h
++dbus/dbus-glib.h
++dbus/dbus-glib-lowlevel.h
+ ddeml.h
+ Debug.h
+ dem.h
++++++ firefox-2.0.0.8-source.tar.bz2 -> firefox-2.0.0.10-source.tar.bz2 ++++++
MozillaFirefox/firefox-2.0.0.8-source.tar.bz2 /mounts/work_src_done/STABLE/MozillaFirefox/firefox-2.0.0.10-source.tar.bz2 differ: byte 11, line 1
++++++ l10n-2.0.0.8.tar.bz2 -> l10n-2.0.0.10.tar.bz2 ++++++
MozillaFirefox/l10n-2.0.0.8.tar.bz2 /mounts/work_src_done/STABLE/MozillaFirefox/l10n-2.0.0.10.tar.bz2 differ: byte 11, line 1
++++++ mozilla-canvas-1.8.1.10.patch ++++++
Index: content/canvas/src/nsCanvasRenderingContext2D.cpp
===================================================================
RCS file: /cvsroot/mozilla/content/canvas/src/nsCanvasRenderingContext2D.cpp,v
retrieving revision 1.102
diff -u -8 -p -r1.102 nsCanvasRenderingContext2D.cpp
--- content/canvas/src/nsCanvasRenderingContext2D.cpp 10 Oct 2007 20:31:45 -0000 1.102
+++ content/canvas/src/nsCanvasRenderingContext2D.cpp 11 Oct 2007 23:31:32 -0000
@@ -2140,17 +2140,17 @@ nsCanvasRenderingContext2D::CairoSurface
getter_AddRefs(imgRequest));
NS_ENSURE_SUCCESS(rv, rv);
if (!imgRequest)
// XXX ERRMSG we need to report an error to developers here! (bug 329026)
return NS_ERROR_NOT_AVAILABLE;
PRUint32 status;
imgRequest->GetImageStatus(&status);
- if (status != imgIRequest::STATUS_LOAD_COMPLETE)
+ if ((status & imgIRequest::STATUS_LOAD_COMPLETE) == 0)
return NS_ERROR_NOT_AVAILABLE;
nsCOMPtr<nsIURI> uri;
rv = imageLoader->GetCurrentURI(uriOut);
NS_ENSURE_SUCCESS(rv, rv);
*forceWriteOnlyOut = PR_FALSE;
++++++ mozilla-gcc4.3-fixes.patch ++++++
References:
https://bugzilla.mozilla.org/show_bug.cgi?id=403675
https://bugzilla.mozilla.org/show_bug.cgi?id=386362
Index: modules/libpr0n/encoders/png/nsPNGEncoder.h
===================================================================
RCS file: /cvsroot/mozilla/modules/libpr0n/encoders/png/nsPNGEncoder.h,v
retrieving revision 1.1.18.1
diff -u -p -6 -r1.1.18.1 nsPNGEncoder.h
--- modules/libpr0n/encoders/png/nsPNGEncoder.h 20 May 2006 17:20:49 -0000 1.1.18.1
+++ modules/libpr0n/encoders/png/nsPNGEncoder.h 13 Nov 2007 22:07:36 -0000
@@ -35,14 +35,16 @@
*
* ***** END LICENSE BLOCK ***** */
#include "imgIEncoder.h"
#ifdef MOZILLA_1_8_BRANCH
#define imgIEncoder imgIEncoder_MOZILLA_1_8_BRANCH
+#ifndef NS_DECL_IMGIENCODER
#define NS_DECL_IMGIENCODER NS_DECL_IMGIENCODER_MOZILLA_1_8_BRANCH
#endif
+#endif
#include