Hello community, here is the log from the commit of package MozillaFirefox for openSUSE:Factory checked in at Mon Mar 9 00:26:25 CET 2009. -------- --- MozillaFirefox/MozillaFirefox.changes 2009-02-05 00:58:56.000000000 +0100 +++ /mounts/work_src_done/STABLE/MozillaFirefox/MozillaFirefox.changes 2009-03-06 08:59:49.000000000 +0100 @@ -1,0 +2,18 @@ +Sun Mar 1 11:08:58 CET 2009 - wr@rosenauer.org + +- security update to 3.0.7 (bnc#478625) + * MFSA 2009-07 - Crashes with evidence of memory corruption + CVE-2009-0771 - Layout Engine Crashes + CVE-2009-0772 - Layout Engine Crashes + CVE-2009-0773 - crashes in the JavaScript engine + CVE-2009-0774 - Layout Engine Crashes + * MFSA 2009-08/CVE-2009-0775 - (bmo#474456) + Mozilla Firefox XUL Linked Clones Double Free Vulnerability + * MFSA 2009-09/CVE-2009-0776 (bmo#414540) + XML data theft via RDFXMLDataSource and cross-domain redirect + * MFSA 2009-10/CVE-2009-0040 (bmo#478901) + Upgrade PNG library to fix memory safety hazards + * MFSA 2009-11/CVE-2009-0777 (bmo#452979) + URL spoofing with invisible control characters + +------------------------------------------------------------------- calling whatdependson for head-i586 Old: ---- firefox-3.0.6-source.tar.bz2 l10n-3.0.6.tar.bz2 New: ---- firefox-3.0.7-source.tar.bz2 l10n-3.0.7.tar.bz2 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ MozillaFirefox.spec ++++++ --- /var/tmp/diff_new_pack.x18163/_old 2009-03-09 00:25:52.000000000 +0100 +++ /var/tmp/diff_new_pack.x18163/_new 2009-03-09 00:25:52.000000000 +0100 @@ -1,5 +1,5 @@ # -# spec file for package MozillaFirefox (Version 3.0.6) +# spec file for package MozillaFirefox (Version 3.0.7) # # Copyright (c) 2009 SUSE LINUX Products GmbH, Nuernberg, Germany. # @@ -26,8 +26,8 @@ License: GPL v2 or later; LGPL v2.1 or later; MOZILLA PUBLIC LICENSE (MPL/NPL) Provides: web_browser Provides: firefox -Version: 3.0.6 -Release: 2 +Version: 3.0.7 +Release: 1 Summary: Mozilla Firefox Web Browser Url: http://www.mozilla.org/ Group: Productivity/Networking/Web/Browsers @@ -59,7 +59,7 @@ %define _use_internal_dependency_generator 0 %define __find_requires sh %{SOURCE4} %define __find_provides %{nil} -%define releasedate 2009012700 +%define releasedate 2009022800 %define progname firefox %define progdir %{_prefix}/%_lib/%{progname} %if %suse_version > 1020 @@ -339,7 +339,22 @@ %{progdir}/defaults/profile/bookmarks.html %changelog -* Wed Feb 04 2009 hfiguiere@suse.de +* Sun Mar 01 2009 wr@rosenauer.org +- security update to 3.0.7 (bnc#478625) + * MFSA 2009-07 - Crashes with evidence of memory corruption + CVE-2009-0771 - Layout Engine Crashes + CVE-2009-0772 - Layout Engine Crashes + CVE-2009-0773 - crashes in the JavaScript engine + CVE-2009-0774 - Layout Engine Crashes + * MFSA 2009-08/CVE-2009-0775 - (bmo#474456) + Mozilla Firefox XUL Linked Clones Double Free Vulnerability + * MFSA 2009-09/CVE-2009-0776 (bmo#414540) + XML data theft via RDFXMLDataSource and cross-domain redirect + * MFSA 2009-10/CVE-2009-0040 (bmo#478901) + Upgrade PNG library to fix memory safety hazards + * MFSA 2009-11/CVE-2009-0777 (bmo#452979) + URL spoofing with invisible control characters +* Thu Feb 05 2009 hfiguiere@suse.de - Review and approve changes. * Wed Jan 28 2009 wr@rosenauer.org - security update to 3.0.6 (bnc#470074) @@ -383,14 +398,14 @@ * History is properly locked down. bnc#439343 * Make sure the search bar is not put back when resetting the toolbar. bnc#439358 -* Thu Nov 20 2008 maw@suse.de +* Fri Nov 21 2008 maw@suse.de - Review and approve changes. * Thu Nov 13 2008 wr@rosenauer.org - lockdown cleanup * removed gecko-lockdown.patch from Firefox (it's in xulrunner) * stripped out some toolkit stuff from firefox-ui-lockdown * added extra default preferences for lockdown -* Wed Nov 12 2008 maw@suse.de +* Thu Nov 13 2008 maw@suse.de - Review and approve changes. * Tue Nov 11 2008 wr@rosenauer.org - update to security/maintenance release 3.0.4 (bnc#439841) @@ -431,7 +446,7 @@ - brought man-page up to date for the firefox stub (removing firefox-bin reference) - en-US locale not longer packaged in translations subpackage -* Fri Aug 15 2008 maw@novell.com +* Sat Aug 16 2008 maw@novell.com - Review and approve changes. * Mon Aug 04 2008 wr@rosenauer.org - Tweak branding split @@ -462,9 +477,9 @@ - network.protocol-handler.app.* prefs are no longer supported; remove references to them from firefox-suse-default-prefs.js (bnc#383697). -* Wed Apr 02 2008 maw@suse.de +* Thu Apr 03 2008 maw@suse.de - Update to Firefox 3.0b5 (2.9.95) (thanks, Wolfgang). -* Tue Mar 25 2008 maw@suse.de +* Wed Mar 26 2008 maw@suse.de - Merge changes from the build service (thanks, Wolfgang) - Update to the fourth Firefox 3.0 Beta (2.9.94): + Based upon the Gecko 1.9 Web rendering platform, which improves @@ -574,7 +589,7 @@ - Add mozilla-maxpathlen.patch (#354150 and bmo #412610). * Fri Dec 21 2007 maw@suse.de - Add firefox-348446-empty-lists.patch (bnc#348446). -* Tue Dec 04 2007 maw@suse.de +* Wed Dec 05 2007 maw@suse.de - Respin proxy-dev.patch (bnc#340678) -- thanks, Anders! * Tue Nov 27 2007 maw@suse.de - Security update to version 2.0.0.10 (#341905, #341591): @@ -589,7 +604,7 @@ - Build with -ftree-vrp -fwrapv, per advice in #342603#c17. * Tue Nov 13 2007 maw@suse.de - Add firefox-gcc4.3-fixes.patch. -* Thu Oct 18 2007 maw@suse.de +* Fri Oct 19 2007 maw@suse.de - Security update to version 2.0.0.8 (#332512) (thanks, Wolfgang) * MFSA 2007-29 Crashes with evidence of memory corruption * MFSA 2007-30 onUnload Tailgating @@ -666,7 +681,7 @@ - Use mozilla.sh.in from the build service (#230681). * Tue Jun 05 2007 sbrabec@suse.cz - Removed invalid desktop category "Application" (#254654). -* Mon Jun 04 2007 maw@suse.de +* Tue Jun 05 2007 maw@suse.de - Security update to version 2.0.0.4 - Refresh configure.patch, startup.patch, and visibility.patch - Now use l10n-%%{version}.tar.bz2 instead of l10n.tar.bz2. @@ -716,7 +731,7 @@ - readd MozillaFirebird provides (was incorrect in removing it). * Mon Jan 08 2007 meissner@suse.de - Do not provide MozillaFirebird, just obsolete it. -* Thu Nov 30 2006 maw@suse.de +* Fri Dec 01 2006 maw@suse.de - Update gecko-lockdown.patch (#220616). * Thu Nov 30 2006 maw@suse.de - Update firefox-suse-default-prefs.js, adding @@ -750,7 +765,7 @@ - updated tango theme * Sun Oct 29 2006 aj@suse.de - Another fix for 214125, patch by Wolfgang Rosenauer. -* Wed Oct 25 2006 aj@suse.de +* Thu Oct 26 2006 aj@suse.de - Fix gcc warnings about undefined operations, patch by Robert O'Callahan. - Update system-proxies.patch to fix error box (214125), patch by @@ -785,7 +800,7 @@ - added symlink for Firefox 1.0.x compatibility * Sat Jul 29 2006 stark@suse.de - update to regression release 1.5.0.6 (#195043) -* Wed Jul 26 2006 stark@suse.de +* Thu Jul 27 2006 stark@suse.de - security update to version 1.5.0.5 (#195043) * observer-lock.patch integrated now - fixed leak in JS' liveconnect (#186066) @@ -808,7 +823,7 @@ - complete implementation of startup-notification (#115417) (including autoconf and remote support) - different home-pages for SLE10 and SL (#177881) -* Mon May 15 2006 stark@suse.de +* Tue May 16 2006 stark@suse.de - fixed potential deadlock in nsObserverList::RemoveObserver (#173986, bmo #338069) - base startup notification on libstartup-notification (#115417) @@ -928,7 +943,7 @@ * Mon Oct 31 2005 stark@suse.de - updated l10n archive (20051030) - fixed postinstall script to copy plugin links instead of files -* Thu Oct 27 2005 stark@suse.de +* Fri Oct 28 2005 stark@suse.de - update to 1.5rc1 (20051027) - fixed profile locking on FAT partitions (bmo #313360) - introduced an rpath again @@ -977,7 +992,7 @@ * Thu Sep 01 2005 stark@suse.de - changed default font to sans-serif (#114464) - removed de-de parts of the bookmark-links (#114279) -* Sun Aug 21 2005 stark@suse.de +* Mon Aug 22 2005 stark@suse.de - install gconf schema for lockdown also on non-NLD - added backports (firefox-backports.patch) * gtk_im_context_set_cursor_location() is not used (bmo #281339) @@ -1000,7 +1015,7 @@ * Fri Aug 05 2005 stark@suse.de - fixed profile locking (bmo #151188) - install beagle extension globally -* Thu Jul 28 2005 stark@suse.de +* Fri Jul 29 2005 stark@suse.de - don't require and provide NSS libs (#98002) - fixed printing error 'You cannot print while in print preview' (#96991, bmo #302445) @@ -1025,9 +1040,9 @@ - fixed plugin event starvation (bnc #94749, #94751, bmo #301161) * Fri Jul 15 2005 stark@suse.de - searchplugins can now be installed per profile (#8176) -* Thu Jul 14 2005 stark@suse.de +* Fri Jul 15 2005 stark@suse.de - update to 1.0.6 which restores API compatibility -* Mon Jul 11 2005 stark@suse.de +* Tue Jul 12 2005 stark@suse.de - update to 1.0.5 final (#88509) - don't strip explicitely - don't ship beagle.xpi @@ -1047,7 +1062,7 @@ * Wed Jun 22 2005 stark@suse.de - new NLD lockdown patch which is syncing user prefs to gconf - update to 1.0.5pre security-release -* Wed Jun 08 2005 stark@suse.de +* Thu Jun 09 2005 stark@suse.de - new revision of NLD lockdown patch - fixed remote usage behaviour in start script (bnc #41903) - got more bugfixes from the branch @@ -1059,9 +1074,9 @@ - fixed keybinding for KP separator (bnc #84147) - pulled security related patch from upstream branch - update plastikfox theme to version 1.6 -* Wed May 11 2005 stark@suse.de +* Thu May 12 2005 stark@suse.de - update to final 1.0.4 release -* Mon May 09 2005 stark@suse.de +* Tue May 10 2005 stark@suse.de - update to 1.0.4 security release - removed s390(x) patches (upstream) - made two more files %%verify (81692) @@ -1071,7 +1086,7 @@ * Sat Apr 23 2005 stark@suse.de - activate usage of system NSPR for distributions after 9.3 - add patch to be able to use systen NSPR at all -* Thu Apr 21 2005 ro@suse.de +* Fri Apr 22 2005 ro@suse.de - use mozilla-gcc4.patch * Thu Apr 21 2005 stark@suse.de - don't execute gconf magic within build environment @@ -1291,7 +1306,7 @@ - update to 1.0PR (aka 0.10) * Fri Sep 03 2004 stark@suse.de - added ppc64 patch -* Wed Sep 01 2004 dave@suse.de +* Thu Sep 02 2004 dave@suse.de - Fixed up the .desktop installation on nld * Wed Sep 01 2004 shprasad@suse.de - Doesn't ask to set Firefox as default web-browser. @@ -1314,7 +1329,7 @@ - set startup homepage to Novell * Tue Aug 17 2004 stark@suse.de - update to pre-1.0.0 (20040817) -* Wed Aug 04 2004 stark@suse.de +* Thu Aug 05 2004 stark@suse.de - security update to 0.9.3 (including #43312 and others) - handle RealPlayer 9 plugin @@ -1322,11 +1337,11 @@ - recode desktop file to utf-8 * Wed Jul 28 2004 stark@suse.de - added fix against certificate spoofing (#43312) -* Thu Jul 22 2004 stark@suse.de +* Fri Jul 23 2004 stark@suse.de - update to 0.9.2 - added workaround for extension registry - removed old (incompatible) mozex extension -* Mon Jun 28 2004 stark@suse.de +* Tue Jun 29 2004 stark@suse.de - update to 0.9.1 - added hint to run as root first * Tue Jun 15 2004 stark@suse.de @@ -1386,7 +1401,7 @@ * Thu Jul 10 2003 stark@suse.de - update to snapshot 20030709 - fixed generation of symlink MozillaFirebird-xremote-client -* Thu Jun 19 2003 stark@suse.de +* Fri Jun 20 2003 stark@suse.de - update to snapshot 20030622 (0.7pre) * Mon May 19 2003 stark@suse.de - update to snapshot 20030518 (0.6) ++++++ firefox-3.0.6-source.tar.bz2 -> firefox-3.0.7-source.tar.bz2 ++++++ MozillaFirefox/firefox-3.0.6-source.tar.bz2 /mounts/work_src_done/STABLE/MozillaFirefox/firefox-3.0.7-source.tar.bz2 differ: byte 11, line 1 ++++++ l10n-3.0.6.tar.bz2 -> l10n-3.0.7.tar.bz2 ++++++ MozillaFirefox/l10n-3.0.6.tar.bz2 /mounts/work_src_done/STABLE/MozillaFirefox/l10n-3.0.7.tar.bz2 differ: byte 11, line 1 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... -- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org