Bug List: (This bug is not in your last search results)   Show last search results      Search page      Enter new bug
Bug#: 180436
Alias:
Product:
Component:
Status: RESOLVED
Resolution: FIXED
Assigned To: Gentoo Security <security@gentoo.org>
Hardware:
OS:
Version:
Priority:
Severity:
Reporter: Raúl Porcel <armin76@gentoo.org>
Add CC:
CC:
Remove selected CCs
URL:
Summary:
Status Whiteboard:
Keywords:
Flags: Requestee:
 
 
  ()

Filename Description Type Creator Created Size Actions
xulrunner-1.8.1.4-patches-0.1.tar.bz2 xulrunner-1.8.1.4-patches-0.1.tar.bz2 application/octet-stream Gergan Penkov 2007-05-31 23:58 0000 60.28 KB Details
Create a New Attachment (proposed patch, testcase, etc.) View All

Bug 180436 depends on: Show dependency tree
Bug 180436 blocks:

Additional Comments: (this is where you put emerge --info)


Not eligible to see or edit group visibility for this bug.






View Bug Activity   |   Format For Printing   |   XML   |   Clone This Bug

Description:   Opened: 2007-05-31 10:34 0000 
http://www.mozilla.org/security/announce/2007/mfsa2007-17.html
http://www.mozilla.org/security/announce/2007/mfsa2007-16.html
http://www.mozilla.org/security/announce/2007/mfsa2007-15.html
http://www.mozilla.org/security/announce/2007/mfsa2007-14.html
http://www.mozilla.org/security/announce/2007/mfsa2007-13.html
http://www.mozilla.org/security/announce/2007/mfsa2007-12.html

Are fixed in:
www-client/mozilla-firefox[-bin]-[1.5.0.12,2.0.0.4]
www-client/seamonkey[-bin]-[1.0.9,1.1.2]
mail-client/mozilla-thunderbird-[bin]-[1.5.0.12,2.0.0.4]

------- Comment #1 From Raúl Porcel 2007-05-31 11:11:38 0000 ------- 
*** Bug 175021 has been marked as a duplicate of this bug. ***

------- Comment #2 From Raúl Porcel 2007-05-31 11:27:15 0000 ------- 
xulrunner is affected too and is fixed in 1.8.1.4

------- Comment #3 From Jakub Moc (RETIRED) 2007-05-31 11:27:29 0000 ------- 
*** Bug 180406 has been marked as a duplicate of this bug. ***

------- Comment #4 From Raúl Porcel 2007-05-31 15:14:03 0000 ------- 
www-client/mozilla-firefox[-bin]-2.0.0.4
www-client/seamonkey[-bin]-1.1.2
mail-client/mozilla-thunderbird-[bin]-1.5.0.12

Are in the tree.
firefox-1.5.0.12 is discontinued, so it's not going to be in the tree.
I didn't put seamonkey-1.0.9 either, i'd prefer to use 1.1.2
thunderbird-2.0.0.4 is not yet released.
xulrunner will have to wait as we can work out the patches.

------- Comment #5 From Gergan Penkov 2007-05-31 23:58:30 0000 ------- 
Created an attachment (id=120833) [details]
xulrunner-1.8.1.4-patches-0.1.tar.bz2

reference xulrunner-1.8.1.4 patchset:
svn stat 
D      065_firefox-libgtkmozembeded.patch - applied upstream
M      125_gnome_helpers_with_params.patch - some parts redone 
D      070_dont_use_bashism.patch - applied upstream
D      009_firefox-1.5-no-textrels.patch - applied upstream
M      161_javaxpcom.patch - one of the patches was included upstream
A      620_python_extension_rpath.patch added for bug #180309
125_gnome_helpers_with_params.patch is the most critical as the logic upstream
was changed in one of the patched files - I backed parts of the patch as the
new logic was more or less equal to the one in the previous patch
Hope this could help

------- Comment #6 From Raúl Porcel 2007-06-01 12:32:44 0000 ------- 
xulrunner-1.8.1.4 on cvs, thanks as always Gergan :)

------- Comment #7 From Raphael Marichez 2007-06-01 12:39:27 0000 ------- 
Hi arches,

please could you test and mark stable the following ebuilds, due to security
upgrades for the Mozilla products. All ebuilds are not in the tree yet, i'll CC
you again when they are. Thanks in advance.


alpha amd64 arm hppa ia64 mips ppc ppc64 sparc x86:
mozilla-firefox-2.0.0.4

amd64 x86
mozilla-firefox-bin-2.0.0.4

alpha amd64 arm hppa ia64 ppc ppc64 x86:
www-client/seamonkey-1.1.2

amd64 x86
www-client/seamonkey-bin-1.1.2

alpha amd64 ia64 mips ppc sparc x86:
mail-client/mozilla-thunderbird-1.5.0.12

amd64 x86:
mail-client/mozilla-thunderbird-bin-1.5.0.12

amd64 ia64 ppc sparc x86:
net-libs/xulrunner-1.8.1.4

------- Comment #8 From Raphael Marichez 2007-06-01 12:40:28 0000 ------- 
aaah i hate that interface and its middle-air collisions

(hi arches, please see previous comment)

------- Comment #9 From Raphael Marichez 2007-06-01 12:40:44 0000 ------- 
aaah i hate that interface and its middle-air collisions

(hi arches, please see previous comment)

------- Comment #10 From Christoph Mende 2007-06-01 15:37:23 0000 ------- 
amd64 done

------- Comment #11 From Raúl Porcel 2007-06-01 20:48:17 0000 ------- 
alpha/ia64/x86 stable

------- Comment #12 From René Nussbaumer 2007-06-02 21:21:45 0000 ------- 
stable on ppc.

------- Comment #13 From Markus Rothe 2007-06-03 10:31:03 0000 ------- 
ppc64 stable

------- Comment #14 From Gustavo Zacarias (RETIRED) 2007-06-04 12:08:43 0000 ------- 
sparc done.

------- Comment #15 From Jeroen Roovers 2007-06-07 22:39:24 0000 ------- 
Despite the issues of bug #180870, all can be built against by working GUIs so
stable all around for HPPA for:

www-client/mozilla-firefox-2.0.0.4
www-client/seamonkey-1.1.2
net-libs/xulrunner-1.8.1.4

------- Comment #16 From Raphael Marichez 2007-06-09 20:52:56 0000 ------- 
thanks arches

------- Comment #17 From Raphael Marichez 2007-06-11 21:51:30 0000 ------- 
Moz team, i don't see mozilla-thunderbird[-bin]-2.0.0.4 in the tree. The latest
stable version on most arches in still vulnerable (2.0.0.0). Please could you
do your magic, thanks.

Furthermore, do you have a reason we can add in our GLSA for the stopped
support of mozilla-firefox-1.5.*? thanks

------- Comment #18 From Raúl Porcel 2007-06-11 22:26:33 0000 ------- 
(In reply to comment #17)
> Moz team, i don't see mozilla-thunderbird[-bin]-2.0.0.4 in the tree. The latest
> stable version on most arches in still vulnerable (2.0.0.0). Please could you
> do your magic, thanks.
> 
> Furthermore, do you have a reason we can add in our GLSA for the stopped
> support of mozilla-firefox-1.5.*? thanks
> 

mozilla-thunderbird-2.0.0.4 is not out yet. Probably it will be released during
this week.

mozilla-firefox-1.5.* is unsupported both upstream and both Gentoo, since 2.0
have been working fine on all arches since October 2006 and it has been already
stable on those arches.

------- Comment #19 From Raúl Porcel 2007-06-13 11:59:38 0000 ------- 
ppc you need to do xulrunner

------- Comment #20 From Tobias Scherbaum 2007-06-13 20:54:59 0000 ------- 
(In reply to comment #19)
> ppc you need to do xulrunner
> 

once again: ppc stable

------- Comment #21 From Vlastimil Babka (Caster) 2007-06-15 05:15:14 0000 ------- 
(In reply to comment #18)
> mozilla-thunderbird-2.0.0.4 is not out yet. Probably it will be released during
> this week.

it's out

------- Comment #22 From Raúl Porcel 2007-06-15 11:41:43 0000 ------- 
=mail-client/mozilla-thunderbird[-bin]-2.0.0.4 in the tree

------- Comment #23 From Raphael Marichez 2007-06-15 16:41:47 0000 ------- 
Hi again arches,

please could you test and mark mozilla-thunderbird[-bin]-2.0.0.4 stable, thanks

------- Comment #24 From Raúl Porcel 2007-06-15 17:30:00 0000 ------- 
alpha/ia64/x86 stable

------- Comment #25 From Christoph Mende 2007-06-15 18:53:37 0000 ------- 
amd64 done

------- Comment #26 From Tobias Scherbaum 2007-06-15 19:42:14 0000 ------- 
ppc stable

------- Comment #27 From Markus Rothe 2007-06-17 08:13:49 0000 ------- 
ppc64 stable

------- Comment #28 From Gustavo Zacarias (RETIRED) 2007-06-19 13:23:34 0000 ------- 
sparc stable.

------- Comment #29 From Raphael Marichez 2007-06-19 21:02:34 0000 ------- 
ready for glsa

------- Comment #30 From Raphael Marichez 2007-06-19 21:07:10 0000 ------- 
GLSA 200706-06, thanks everybody!
Bug List: (This bug is not in your last search results)   Show last search results      Search page      Enter new bug