Seeing Fedora have released 1.5.0.3 for fc5 isn't it time for CentOS to rebuild 1.5.0.3 for CentOSPlus or does the current rpm have the patches?
I recall last times goof in FC5 firefox appearing in the CentOS one so I assume that CentOSPlus needs to rebuild the FC5 one again.
__________________________________________________ Improve the mailing list by performing a simple search before posting and reading the FAQ/etiquette. Protect the integrity of your installation with the yum plugins.
__________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
Mike Stankovic wrote:
Seeing Fedora have released 1.5.0.3 for fc5 isn't it time for CentOS to rebuild 1.5.0.3 for CentOSPlus or does the current rpm have the patches?
request such builds on http://bugs.centos.org/
I recall last times goof in FC5 firefox appearing in the CentOS one so I assume that CentOSPlus needs to rebuild the FC5 one again.
got any bug/issue numbers ?
iirc, we fixed the issues before FC did. Well, we actually fixed the issues, Fedora just removed the code rather than fix it.
- KB
On Sat, 2006-05-13 at 05:05 -0700, Mike Stankovic wrote:
Seeing Fedora have released 1.5.0.3 for fc5 isn't it time for CentOS to rebuild 1.5.0.3 for CentOSPlus or does the current rpm have the patches?
I recall last times goof in FC5 firefox appearing in the CentOS one so I assume that CentOSPlus needs to rebuild the FC5 one again.
The last Firefox build was a Critical security update, and we were looking to build it very fast for that reason. As KB said, we tested and fixed the code in question and our released version was good (and had nothing passed through that was bad). (as KB also said, our version was good and released properly before the upstream version)
Some people did download and inform us that our testing version had issues (which we knew ... that's why we hadn't yet sent out a release announcement :)
As to whether or not we will build every Firefox that fc5 releases ... we may or may not do that. It will depend on what they change and what it fixes.
For the record, the Firefox from fc5 doesn't build for EL4 ... it requires several changes to not use things like pango and cario and other changes too. If the change affects one of those areas, it might not even be applicable to the version we build for CentOS-4.
So ... the short answer is that the changes may not be applicable to CentOS, and even if they are, they may cause other issues. Unless someone has complained about the problems that this update addresses, or unless we can duplicate the problems, we may not follow the fc5 tree updates.
Thanks, Johnny Hughes
Firefox 1.5.0.3 is a security fix from mozilla (see http://www.mozilla.com/firefox/releases/1.5.0.3.html)
From that page you see :-
Firefox 1.5.0.3 is a security update that is part of our ongoing program to provide a safe Internet experience for our
customers. We recommend that all users upgrade to this latest version.
* Security fix for denial of service vulnerability. (see http://www.mozilla.org/security/announce/2006/mfsa2006-30.html)
Release Date: May 2, 2006
Inline with its goals, the Fedora Project does not provide backports and so they released 1.5.0.3 as a security update. They did not put a message on Fedora-announce as they did with 1.5.0.2 in April. But you can see the announcement at :- http://lwn.net/Articles/183435/
Update Information:
A bug was found in the way Firefox handles iframe.contentWindow.focus() calls. A malicious web page could potentially execute arbitrary code as the user running firefox.
Users of Firefox are advised to update to this package, which contains a version of Firefox not vulnerable to this issue.
__________________________________________________ Improve the mailing list by performing a simple search before posting and reading the FAQ/etiquette. Protect the integrity of your installation with the yum plugins.
__________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com