SECURITY UPDATE: mozilla-firefox-2.0.0.12

Bernd Ahlers Fri, 08 Feb 2008 07:19:54 -0800

Security update to mozilla-firefox-2.0.0.12.

Fixes multiple vulnerabilities:


CVE-2008-0412
CVE-2008-0413
CVE-2008-0414
CVE-2008-0415
CVE-2008-0419
CVE-2008-0591
CVE-2008-0593

More infos:
http://secunia.com/advisories/28758/

Works here on i386. Please test/comment/okay.

Thanks,
        Bernd


 Makefile                                                        |    6 ++---
 distinfo                                                        |   10 ++++----
 patches/patch-configure_in                                      |   10 ++++----
 patches/patch-content_canvas_src_nsCanvasRenderingContext2D_cpp |   12 
----------
 patches/patch-modules_libpref_src_init_all_js                   |    8 +++---
 pkg/PLIST                                                       |    1 
 6 files changed, 17 insertions(+), 30 deletions(-)

Index: Makefile
===================================================================
RCS file: /home/OpenBSD/cvs/ports/www/mozilla-firefox/Makefile,v
retrieving revision 1.91
diff -u -p -r1.91 Makefile
--- Makefile    23 Jan 2008 16:41:40 -0000      1.91
+++ Makefile    8 Feb 2008 12:21:00 -0000
@@ -5,10 +5,10 @@ ONLY_FOR_ARCHS=       alpha amd64 arm i386 pow
 
 COMMENT=       redesign of Mozilla's browser component
 
-VER=           2.0.0.10
+VER=           2.0.0.12
 DISTNAME=      mozilla
-PKGNAME=       mozilla-firefox-${VER}p3
-SO_VERSION=    19.0
+PKGNAME=       mozilla-firefox-${VER}
+SO_VERSION=    20.0
 # NOTE: Must bump minor version if any shlib's are removed from the
 # components dir to avoid pkg_add -r issues.
 .for _lib in accessibility appcomps auth autoconfig browsercomps \
Index: distinfo
===================================================================
RCS file: /home/OpenBSD/cvs/ports/www/mozilla-firefox/distinfo,v
retrieving revision 1.30
diff -u -p -r1.30 distinfo
--- distinfo    28 Nov 2007 20:22:25 -0000      1.30
+++ distinfo    8 Feb 2008 12:19:33 -0000
@@ -1,5 +1,5 @@
-MD5 (firefox-2.0.0.10-source.tar.bz2) = XC8T1qJ/Ri7GuGLa/KIuew==
-RMD160 (firefox-2.0.0.10-source.tar.bz2) = U1az03lJaAdESC0djAabXyM0/sU=
-SHA1 (firefox-2.0.0.10-source.tar.bz2) = cUbzH+n0zm2+pezZj5k6i2AVR3A=
-SHA256 (firefox-2.0.0.10-source.tar.bz2) = 
xocolDhjt8f3NjyURuweCHGY9niXzKWKM3PnYaL1lco=
-SIZE (firefox-2.0.0.10-source.tar.bz2) = 37474489
+MD5 (firefox-2.0.0.12-source.tar.bz2) = Nh6txPITIof1gSdil49D7g==
+RMD160 (firefox-2.0.0.12-source.tar.bz2) = BcAiMX69Bl0ZU+SzcGx7ElxXOkY=
+SHA1 (firefox-2.0.0.12-source.tar.bz2) = dm8+lFFF2eTTbV6z5VG160Sh2GI=
+SHA256 (firefox-2.0.0.12-source.tar.bz2) = 
x59u/kbk3JE31rsHURItDWa1O3e1dwtP+xMUhqmA2C4=
+SIZE (firefox-2.0.0.12-source.tar.bz2) = 37442741
Index: patches/patch-configure_in
===================================================================
RCS file: 
/home/OpenBSD/cvs/ports/www/mozilla-firefox/patches/patch-configure_in,v
retrieving revision 1.12
diff -u -p -r1.12 patch-configure_in
--- patches/patch-configure_in  28 Nov 2007 20:22:25 -0000      1.12
+++ patches/patch-configure_in  8 Feb 2008 12:29:39 -0000
@@ -1,7 +1,7 @@
 $OpenBSD: patch-configure_in,v 1.12 2007/11/28 20:22:25 martynas Exp $
---- configure.in.orig  Thu Nov  8 21:13:08 2007
-+++ configure.in       Tue Nov 27 11:43:26 2007
-@@ -1994,7 +1994,7 @@ case "$target" in
+--- configure.in.orig  Tue Dec 18 22:34:10 2007
++++ configure.in       Fri Feb  8 13:28:28 2008
+@@ -2028,7 +2028,7 @@ case "$target" in
        ;;
  
  *-openbsd*)
@@ -10,7 +10,7 @@ $OpenBSD: patch-configure_in,v 1.12 2007
      DSO_CFLAGS=''
      DSO_PIC_CFLAGS='-fPIC'
      DSO_LDOPTS='-shared -fPIC'
-@@ -3892,7 +3892,7 @@ _SAVE_LIBS=$LIBS
+@@ -3878,7 +3878,7 @@ _SAVE_LIBS=$LIBS
  CFLAGS="$ZLIB_CFLAGS $CFLAGS"
  LDFLAGS="$ZLIB_LIBS -lz $LDFLAGS"
  if test -n "${PNG_DIR}" -a "${PNG_DIR}" != "yes"; then
@@ -19,7 +19,7 @@ $OpenBSD: patch-configure_in,v 1.12 2007
      LDFLAGS="-L${PNG_DIR}/lib $LDFLAGS"
  fi
  if test -z "$PNG_DIR" -o "$PNG_DIR" = no; then
-@@ -3922,7 +3922,7 @@ LDFLAGS=$_SAVE_LDFLAGS
+@@ -3908,7 +3908,7 @@ LDFLAGS=$_SAVE_LDFLAGS
  LIBS=$_SAVE_LIBS
  
  if test "${PNG_DIR}" -a -d "${PNG_DIR}" -a "$SYSTEM_PNG" = 1; then
Index: patches/patch-content_canvas_src_nsCanvasRenderingContext2D_cpp
===================================================================
RCS file: patches/patch-content_canvas_src_nsCanvasRenderingContext2D_cpp
diff -N patches/patch-content_canvas_src_nsCanvasRenderingContext2D_cpp
--- patches/patch-content_canvas_src_nsCanvasRenderingContext2D_cpp     28 Nov 
2007 20:22:26 -0000      1.1
+++ /dev/null   1 Jan 1970 00:00:00 -0000
@@ -1,12 +0,0 @@
-$OpenBSD: patch-content_canvas_src_nsCanvasRenderingContext2D_cpp,v 1.1 
2007/11/28 20:22:26 martynas Exp $
---- content/canvas/src/nsCanvasRenderingContext2D.cpp.orig     Wed Nov 14 
13:34:35 2007
-+++ content/canvas/src/nsCanvasRenderingContext2D.cpp  Tue Nov 27 20:33:10 2007
-@@ -2143,7 +2143,7 @@ nsCanvasRenderingContext2D::CairoSurfaceFromElement(ns
- 
-         PRUint32 status;
-         imgRequest->GetImageStatus(&status);
--        if (status != imgIRequest::STATUS_LOAD_COMPLETE)
-+        if ((status & imgIRequest::STATUS_LOAD_COMPLETE) == 0)
-             return NS_ERROR_NOT_AVAILABLE;
- 
-         nsCOMPtr<nsIURI> uri;
Index: patches/patch-modules_libpref_src_init_all_js
===================================================================
RCS file: 
/home/OpenBSD/cvs/ports/www/mozilla-firefox/patches/patch-modules_libpref_src_init_all_js,v
retrieving revision 1.10
diff -u -p -r1.10 patch-modules_libpref_src_init_all_js
--- patches/patch-modules_libpref_src_init_all_js       28 Nov 2007 20:22:26 
-0000      1.10
+++ patches/patch-modules_libpref_src_init_all_js       8 Feb 2008 12:29:38 
-0000
@@ -1,7 +1,7 @@
 $OpenBSD: patch-modules_libpref_src_init_all_js,v 1.10 2007/11/28 20:22:26 
martynas Exp $
---- modules/libpref/src/init/all.js.orig       Thu Nov 15 02:17:31 2007
-+++ modules/libpref/src/init/all.js    Tue Nov 27 11:43:01 2007
-@@ -1938,33 +1938,33 @@ pref("font.name.monospace.ko", "monospace");
+--- modules/libpref/src/init/all.js.orig       Thu Jan 24 23:05:10 2008
++++ modules/libpref/src/init/all.js    Fri Feb  8 13:27:52 2008
+@@ -1940,33 +1940,33 @@ pref("font.name.monospace.ko", "monospace");
  
  // th
  
@@ -50,7 +50,7 @@ $OpenBSD: patch-modules_libpref_src_init
  
  pref("font.name.serif.zh-CN", "serif");
  pref("font.name.sans-serif.zh-CN", "sans-serif");
-@@ -2104,7 +2104,7 @@ pref("font.scale.outline.min",      6);
+@@ -2106,7 +2106,7 @@ pref("font.scale.outline.min",      6);
  
  // TrueType
  pref("font.FreeType2.enable", false);
Index: pkg/PLIST
===================================================================
RCS file: /home/OpenBSD/cvs/ports/www/mozilla-firefox/pkg/PLIST,v
retrieving revision 1.17
diff -u -p -r1.17 PLIST
--- pkg/PLIST   23 Jan 2008 16:41:40 -0000      1.17
+++ pkg/PLIST   8 Feb 2008 14:21:34 -0000
@@ -490,7 +490,6 @@ mozilla-firefox/searchplugins/creativeco
 mozilla-firefox/searchplugins/eBay.xml
 mozilla-firefox/searchplugins/google.xml
 mozilla-firefox/searchplugins/yahoo.xml
-share/applications/
 share/applications/firefox.desktop
 @exec %D/bin/update-desktop-database
 @unexec %D/bin/update-desktop-database

SECURITY UPDATE: mozilla-firefox-2.0.0.12

Reply via email to