[meego-commits] 5312: Changes to Trunk:Testing/firefox

Jian-feng Ding jian-feng.ding at intel.com
Fri Jul 2 08:30:39 UTC 2010 

duplicate sr of #5311?
If so, please revoke one of them.

On Fri, Jul 02, 2010 at 04:13:08PM +0800, Yu WANG wrote:
> Hi,
> I have made the following changes to firefox in project Trunk:Testing. Please review and accept ASAP.
> 
> Thank You,
> Yu WANG
> 
> [This message was auto-generated]
> 
> ---
> 
> Request #5312:
> 
>   submit:   home:arron:branches:Trunk:Testing/firefox(r6)(cleanup) -> Trunk:Testing/firefox
> 
> 
> Message:
>     Upgrade to 3.6.6 fix 7 security bugs, add a patch to fix address bar spoofing BMC#3601
> 
> State:   new          2010-07-01T20:09:25 arron
> Comment: None
> 
> 
> 
> changes files:
> --------------
> --- firefox.changes
> +++ firefox.changes
> @@ -0,0 +1,4 @@
> +* Fri Jul 2 2010 Yu <yu.a.wang at intel.com> 3.6.6  
> +- Upgrade to 3.6.6 fix 7 security bugs
> +- Add a patch to fix address bar spoofing possible via window.open() + HTTP 204 responses (BMC#3601)
> +
> 
> old:
> ----
>   firefox-3.6.3.source.tar.bz2
> 
> new:
> ----
>   firefox-3.6.6.source.tar.bz2
>   fix-addressbar-spoofing.patch
>   mozilla-1.9.2-nspr4_fix.patch
> 
> spec files:
> -----------
> --- firefox.spec
> +++ firefox.spec
> @@ -4,9 +4,9 @@
>  
>  %define gecko_version 1.9.2
>  %define xulrunner_version_internal  1.9.2
> -%define firefox_internal_version 3.6.3
> +%define firefox_internal_version 3.6.6
>  
> -%define xulrunner_version 1.9.2.3
> +%define xulrunner_version 1.9.2.6
>  %define mozappdir            %{_libdir}/%{name}-%{firefox_internal_version}
>  %define xulappdir            %{_libdir}/xulrunner-%{xulrunner_version}
>  %define tarballdir mozilla-1.9.2
> @@ -15,7 +15,7 @@
>  
>  
>  %define official_branding    1
> -%define build_langpacks      1
> +%define build_langpacks      0
>  
>  %if ! %{official_branding}
>  %define cvsdate 20080327
> @@ -24,7 +24,7 @@
>  
>  Summary:        Mozilla Firefox Web browser
>  Name:           firefox
> -Version:        3.6.3
> +Version:        3.6.6
>  Release:        1
>  URL:            http://www.mozilla.org/projects/firefox/
>  License:        MPLv1.1
> @@ -60,7 +60,8 @@
>  Patch6:         mozilla-191-pkgconfig.patch
>  Patch7:         fix-sse-misalignment.patch
>  Patch8: 	mozilla-ps-pdf-simplify-operators.patch
> -
> +Patch9:         mozilla-1.9.2-nspr4_fix.patch
> +Patch10:        fix-addressbar-spoofing.patch
>  
>  # Upstream patches
>  
> @@ -163,6 +164,8 @@
>  %patch6  -p1 -b .mozilla-191-pkgconfig.patch
>  %patch7  -p1 -b .fix-sse-misalignment.patch
>  %patch8  -p1 -b .mozilla-ps-pdf-simplify-operators.patch
> +%patch9  -p1 -b .mozilla-1.9.2-nspr4_fix.patch
> +%patch10  -p1 -b .fix-addressbar-spoofing.patch
>  
>  %{__rm} -f .mozconfig
>  %{__cp} %{SOURCE10} .mozconfig
> 
> other changes:
> --------------
> 
> ++++++ firefox-3.6.6.source.tar.bz2 (new)
> 
> ++++++ fix-addressbar-spoofing.patch (new)
> --- fix-addressbar-spoofing.patch
> +++ fix-addressbar-spoofing.patch
> +--- mozilla-1.9.2/browser/base/content/browser.js	2010-06-26 13:28:08.000000000 +0800
> ++++ mozilla/browser/base/content/browser.js	2010-07-02 14:19:26.728521688 +0800
> +@@ -4340,8 +4340,13 @@
> +     var observerService = Cc["@mozilla.org/observer-service;1"]
> +                             .getService(Ci.nsIObserverService);
> + 
> ++    // Set the URI now if it isn't already set, so that the user can tell which
> ++    // site is loading. Only do this if the content window has no opener, though
> ++    // (i.e. the load wasn't triggered by a content-controlled link), to
> ++    // minimize spoofing risk.
> +     if (gURLBar &&
> +         gURLBar.value == "" &&
> ++        !content.opener &&
> +         getWebNavigation().currentURI.spec == "about:blank")
> +       URLBarSetURI(uri);
> + 
> 
> ++++++ mozilla-1.9.2-nspr4_fix.patch (new)
> --- mozilla-1.9.2-nspr4_fix.patch
> +++ mozilla-1.9.2-nspr4_fix.patch
> +--- mozilla-1.9.2/ipc/chromium/src/base/basictypes.h	2010-06-26 13:28:08.000000000 +0800
> ++++ mozilla/ipc/chromium/src/base/basictypes.h	2010-07-02 09:32:49.286522222 +0800
> +@@ -19,7 +19,7 @@
> + #define NO_NSPR_10_SUPPORT_SAVE
> + #endif
> + 
> +-#include "nspr/prtypes.h"
> ++#include "nspr4/prtypes.h"
> + 
> + #ifdef NO_NSPR_10_SUPPORT_SAVE
> + #undef NO_NSPR_10_SUPPORT_SAVE
> +@@ -31,7 +31,7 @@
> + #define _WIN32_SAVE
> + #endif
> + 
> +-#include "nspr/obsolete/protypes.h"
> ++#include "nspr4/obsolete/protypes.h"
> + 
> + #define _INT32
> + #define _UINT32
> 
> ++++++ deleted files:
> --- firefox-3.6.3.source.tar.bz2
> _______________________________________________
> Meego-commits mailing list
> Meego-commits at meego.com
> http://lists.meego.com/listinfo/meego-commits

More information about the MeeGo-commits mailing list