Bug 152700 - Mozilla 1.4.2 fixes various vulns
Mozilla 1.4.2 fixes various vulns
Status: CLOSED ERRATA
Product: Fedora Legacy
Classification: Retired
Component: Package request (Show other bugs)
unspecified
All Linux
medium Severity medium
: ---
: ---
Assigned To: Fedora Legacy Bugs
LEGACY
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2004-04-28 18:14 EDT by Barry K. Nathan
Modified: 2014-01-21 17:51 EST (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2005-04-05 18:57:46 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description David Lawrence 2005-03-30 18:24:28 EST
Red Hat's advisory is here:
https://rhn.redhat.com/errata/RHSA-2004-110.html

Discussed on the mailing list in this thread:
http://www.redhat.com/archives/fedora-legacy-list/2004-March/msg00128.html



------- Additional Comments From barryn@pobox.com 2004-04-28 18:26:22 ----

By the way, I forgot to mention this advisory too (this deals with Red Hat 9;
the previous deals with RHEL 2.1 & 3):
https://rhn.redhat.com/errata/RHSA-2004-112.html




------- Additional Comments From dwb7@ccmr.cornell.edu 2004-04-29 06:44:05 ----

In addition to the comments referenced above, the latest rpms from RHEL 2.1 will
just built under 7.3. I have built and am now using on my 7.3 box. Though, looks
like I need to rebuild nautilus to see if the help system will work, again.

So, as far as using these rpms for 7.3, they would just need to have the legacy
name added and rebuilt. I can certainly do this and submit the rpms to wherever
the appropriate place is.



------- Additional Comments From skvidal@phy.duke.edu 2004-04-30 21:12:28 ----

galeon shipped with rhl 7.3 - that will need a rebuild too, I'd bet - maybe even
a newer version.

Can you check this versus galeon in 7.3, too?

Thanks




------- Additional Comments From dwb7@ccmr.cornell.edu 2004-05-03 06:53:33 ----

Is anyone actively working on this?

Anyway, so far, been unable to get nautilus to build, using either the rh7.3
srpm or the as2.1 srpm. The configure script fails to detect gtkmozembed and
therefore says that Mozilla isn't there and doesn't build the nautilus-mozilla
component.



------- Additional Comments From dwb7@ccmr.cornell.edu 2004-05-03 11:33:52 ----

Redhat 7.3 pacakges of mozilla and of galeon (built against mozilla) available
for QA:

As previously stated/implied, these are built straight from the RHAS2.1 source
rpms with just "legacy" added into the release field.

http://cf.ccmr.cornell.edu/publicdownloads/fedoralegacy-testing/mozilla-galeon-rh7.3/

My public key:

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.0.7 (GNU/Linux)

mQGiBECWtgQRBACJ8Y+PpLpzgyErXsfyBM+Uxo62IBH5KMT1ipYFl+1miEFU2QGM
ECapKO2UykQQCk3DDGLj3tUr8HpxK4uicM6VcbLv073PG4ib5vTUp4GfrxYAhjlb
NZWvcCW7k3dpgXxXks98VebTkuItrRnWosZ3xJWpxk74zUpCI4AG/9qQ7wCg6CMk
8xpvgyg620roAOY0Uur/SOsD/27k3VKSD4gQUV/HygXBwAb7sJN7kzsHPvR5ORcM
sUM+ilaDqBSaxxqmZ8N2B0DbIF7XXpb6C6o+Bxk+D/z0cF6dZ2lDPC7qb6/Ke+Zq
XDvbrn1VjK5bixQsZKg/cbtNOdX6vrpbuPq+O5SaNm8/szW3GY45Gq3nJXwrydIV
ftdfA/469xZ9JDxlrEmFJBb7By8bcXLEeUXfvunY7VFwywbiIlp4b0dFkZrFaTMB
pWBTs+kHWO0e3VapCHH6afVxaYnLCvGlIkGDCuXL8PKh7sfeCDf0vRrN/sjxZbS9
WfwVgDZdePRv+ktliCdBa6lYO1PZdMDeUCOvh5NIWYIbvdaQ1bQtRGF2aWQgQm90
c2NoIChDQ01SQ0YpIDxkd2I3QGNjbXIuY29ybmVsbC5lZHU+iFkEExECABkFAkCW
tgQECwcDAgMVAgMDFgIBAh4BAheAAAoJEEmO7O7j3/yFcWkAoLP+sCJ4vOOmq6VS
By/f9mc2hVoGAJ40JNnkh9nk4KKH2DePgrrxrLsvi7kCDQRAlrYOEAgAnePsdzXu
TlYnNCC3bRhk3uc1sSkSpd3IC/eNqTlsNaUo6pON1xCL7wgLXIp9lyUYUt1V+VGF
Aj3m+aAfMynbbWqZxkbKDKZXAsDj6lp8WUszNtrZmKzpL8XWZef5SMGtUbCpK/+w
Rx6XaUz8ltz7vVB95IixseYoEnF1qkyGog6mLFvYAHBXIzazIKu06GeMk+TdAoo5
rVuXZ/uGMS0v0AG3+8RkPUJr8+eBnF6SsVyMAufkoulpDKxVGMI/nMPBOVNIFt8+
AsEajxj/7ZfAwShkXbR//dRbi8cwB71WZx6g1Zcw/FzlFaJr6/pDeKIk2Svktbki
0+YugLbSIO2V4wADBQf9HHeGImUDPwOWIGV8wmLWEBvAFsEAtmrMl/4ZU3ym8OmL
cp/hs0kGe/mSzRq0x7mmUbvGB+AkiEANGzI3eTgWx8aNF2UlDTNX4xMbTHMyFLvJ
Re0Up9lK8wXOh6oN3rZTEzUyTVQFuO5uFEeMe35ggVS8Yb/Rc8IF2gwNHAqlb/wt
fChY/LcTWZJMupxemmujGU24IfwdTVG1LyOSAbiRKN8DatBUiXPJessT1JGpuKRQ
Tu/96XuHouyXo0DeImQgsa/3rcORmlcfD5KIOm4H+/3YkFeh2njZJWylU5jxv95O
IgF/uUiLs1ZbLuOofDe/Cf+943md+oz/URBG8srh64hGBBgRAgAGBQJAlrYOAAoJ
EEmO7O7j3/yFEqcAnRYd/3fyeeLQUjvDmtZ3ArHw5x+DAJ49URz6kY27H61QKn69
AMpXD/nuNg==
=3hjw
-----END PGP PUBLIC KEY BLOCK-----




------- Additional Comments From dwb7@ccmr.cornell.edu 2004-05-04 06:22:04 ----

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

md5sums of the packages:

8c5610b663bf8839e4184feba87e20d8  galeon-1.2.13-0.2.1.legacy.i386.rpm
ec49610a89adb5ea5e1355e476329803  galeon-1.2.13-0.2.1.legacy.src.rpm
309f939120e8feca76f09687d426195f  mozilla-1.4.2-2.1.0.legacy.i386.rpm
e4f6aaaab6d345a119fd1f401373b6bb  mozilla-1.4.2-2.1.0.legacy.src.rpm
977d580d2a82274636708bced9d0058b  mozilla-chat-1.4.2-2.1.0.legacy.i386.rpm
149aa52a113ecb3018519f0559f4336b  mozilla-devel-1.4.2-2.1.0.legacy.i386.rpm
d4284826aad5f749d611a726a82b71cc
mozilla-dom-inspector-1.4.2-2.1.0.legacy.i386.rpm
ff5814ee944cb4168bc642a92df3b3f7
mozilla-js-debugger-1.4.2-2.1.0.legacy.i386.rpm
98ad782be7a4c620916082797a6feae4  mozilla-mail-1.4.2-2.1.0.legacy.i386.rpm
ad0802080ae6f989f7f835d0725f1deb  mozilla-nspr-1.4.2-2.1.0.legacy.i386.rpm
317d1302f17aa2f8f764ed096ba78f79
mozilla-nspr-devel-1.4.2-2.1.0.legacy.i386.rpm
353c840b6de3069c3eea6c5e0d4e9ce5  mozilla-nss-1.4.2-2.1.0.legacy.i386.rpm
966133f294e7dc16ae8bc87fde4277cb  mozilla-nss-devel-1.4.2-2.1.0.legacy.i386.rpm

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQFAl8MTSY7s7uPf/IURAgMTAKCe8sy6jhkf7DfWh4VI0yKtRb7qSwCfY6/3
gAC88vlYS+Wu0gYeo31UUD0=
=J1YH
-----END PGP SIGNATURE-----




------- Additional Comments From dwb7@ccmr.cornell.edu 2004-05-04 07:07:17 ----

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> sha1sum -b *.rpm
2fdd7ff2ff37a2e2ba93fa1c4847468f8d643546 *galeon-1.2.13-0.2.1.legacy.i386.rpm
be077aee59974e78ac7e88f1315f2002691c069e *galeon-1.2.13-0.2.1.legacy.src.rpm
51ceb3d37da64ee7631a87f3e8b283270faafa6e *mozilla-1.4.2-2.1.0.legacy.i386.rpm
186b6f761486fd70773d124056b00a30976f0899 *mozilla-1.4.2-2.1.0.legacy.src.rpm
18f20d9c7b33b12016ee0c851b01df833799c6fa
*mozilla-chat-1.4.2-2.1.0.legacy.i386.rpm
26a8f2e3350ba1392f1746e72424c044176cb900
*mozilla-devel-1.4.2-2.1.0.legacy.i386.rpm
3afc93c569f94f01b0da21c3de7281089322878f
*mozilla-dom-inspector-1.4.2-2.1.0.legacy.i386.rpm
73ac8443a12d8e2195fbade560d1d9dbaa263a60
*mozilla-js-debugger-1.4.2-2.1.0.legacy.i386.rpm
9f747f2f596c0b547ff55c11b3cc76a305a91b8b
*mozilla-mail-1.4.2-2.1.0.legacy.i386.rpm
eb9a9891e7560c1538ed2ff2689636ba819c408c
*mozilla-nspr-1.4.2-2.1.0.legacy.i386.rpm
2a9aa0810483d2136cd8a0582f198cb0b84a16dc
*mozilla-nspr-devel-1.4.2-2.1.0.legacy.i386.rpm
996d74de9162002dda478c1b4bfac3bae0fccb96
*mozilla-nss-1.4.2-2.1.0.legacy.i386.rpm
474a2adc0d647db53eb0df4eeea44acf46146929
*mozilla-nss-devel-1.4.2-2.1.0.legacy.i386.rpm

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQFAl81nSY7s7uPf/IURAsrnAJ0THlHMkLRO6zisP+3nY0+dIEldSACggwSt
4DZ7gGfwRZuFLl/Q13L8egI=
=/xZG
-----END PGP SIGNATURE-----




------- Additional Comments From jkeating@j2solutions.net 2004-05-18 18:44:36 ----

What about 7.2/8.0 packages?  Even 7.3 QA would be nice....



------- Additional Comments From barryn@pobox.com 2004-05-18 20:41:11 ----

I think you should be able to recompile the 2.1AS RPM for 7.2. If Mozilla fails
to rebuild because stuff segfaults in the process, you may need to update gcc to
2.96-128.7.2 (from RHEL 2.1 update 4), but until I hear anyone complain about
that type of problem on i386 I'm going to assume it only affects DEC Alpha.
(Speaking of DEC Alpha... well, this actually isn't the right place to mention
it. I'll bring up the topic again in my Self-Introduction, whenever I get a
chance to finally finish and post that.)



------- Additional Comments From dwb7@ccmr.cornell.edu 2004-05-20 06:48:22 ----

Don't have a 7.2/8.0 box here to build, unfortunately. So far, mozilla seems
happy under 7.3. We don't use galeon here, so, I can't really QA that.



------- Additional Comments From marcdeslauriers@videotron.ca 2004-06-05 10:56:46 ----

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Tested rh7.3 packages:

be077aee59974e78ac7e88f1315f2002691c069e galeon-1.2.13-0.2.1.legacy.src.rpm
186b6f761486fd70773d124056b00a30976f0899 mozilla-1.4.2-2.1.0.legacy.src.rpm

- - sha1sums match
- - spec files look good
- - builds OK
- - installs OK
- - works OK

+PUBLISH

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFAwjN5LMAs/0C4zNoRAka7AJ4tpHPBFvvxOi8yQMsmQAp50+cxZQCgwOEO
YWipkcZOY8GCZCt4p+5GzLA=
=qFiU
-----END PGP SIGNATURE-----




------- Additional Comments From jkeating@j2solutions.net 2004-06-14 15:12:15 ----

Odd, I'm not able to build galeon in mach.  Complains that Mozilla 1.3 is
required.  I think maybe some builddeps aren't being satisfied.  Digging.



------- Additional Comments From jkeating@j2solutions.net 2004-06-17 04:55:29 ----

Pushed to updates-testing:

  http://download.fedoralegacy.org/redhat/
 
43f3c7ed5c1cb848478937cadab47bd5237c43dd 
7.3/updates-testing/SRPMS/mozilla-1.4.2-2.1.0.legacy.1.src.rpm
bac721ec26e0fe0a97ce17ca76a229f78e06f027 
7.3/updates-testing/i386/mozilla-1.4.2-2.1.0.legacy.1.i386.rpm
7b6f4ae222a80e06940dd2fe6fa100f4d933e92c 
7.3/updates-testing/i386/mozilla-chat-1.4.2-2.1.0.legacy.1.i386.rpm
f0ae36c8710968fec5b81e1f7eb7c21ca3aae7eb 
7.3/updates-testing/i386/mozilla-devel-1.4.2-2.1.0.legacy.1.i386.rpm
194ccdb868d8985f1e3b363229141ed69b1e1211 
7.3/updates-testing/i386/mozilla-dom-inspector-1.4.2-2.1.0.legacy.1.i386.rpm
59171244d35d111f9543b45a7399333f7d66c61e 
7.3/updates-testing/i386/mozilla-js-debugger-1.4.2-2.1.0.legacy.1.i386.rpm
3cee5e9e7f248d0d94161c2c3e27340a522825b2 
7.3/updates-testing/i386/mozilla-mail-1.4.2-2.1.0.legacy.1.i386.rpm
ea018091469857131f1c78e296e3e7d6619783bb 
7.3/updates-testing/i386/mozilla-nspr-1.4.2-2.1.0.legacy.1.i386.rpm
163f47ff39ce8cad7ca7533c69fab1e213ef73b7 
7.3/updates-testing/i386/mozilla-nspr-devel-1.4.2-2.1.0.legacy.1.i386.rpm
b956f5a47f52d1ff830ce9f858d393742849c3df 
7.3/updates-testing/i386/mozilla-nss-1.4.2-2.1.0.legacy.1.i386.rpm
326828da345d70c4c580c3403343124bed7eab1e 
7.3/updates-testing/i386/mozilla-nss-devel-1.4.2-2.1.0.legacy.1.i386.rpm

80d131ed4d9194c22438288ace539c18027594e8 
7.3/updates-testing/SRPMS/galeon-1.2.13-0.2.2.legacy.src.rpm
f66de028a8b522e3a88dd338bfc6ea99a4f5a7c5 
7.3/updates-testing/i386/galeon-1.2.13-0.2.2.legacy.i386.rpm



------- Additional Comments From rmy@tigress.co.uk 2004-06-18 05:38:57 ----

-----BEGIN PGP SIGNED MESSAGE-----

Right, I've installed these new RPMs on one of my rh73 machines.
Initially I tried 'yum update mozilla' but that complained about
dependencies ('package mozilla-nspr-devel needs mozilla = 1.0.2-2.7.3
(not provided)' and so on).  Then I explictly specified all the
RPMs and it worked.

I've been using Mozilla all day and everything I've tried has
worked, including Flash and Java plugins.  Also Mozilla mail.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iQCVAwUBQNMMcx2/joqPEUdFAQE0aAP/Y8Iha5ZRqKCRcW9AA6qwpEK0eRBIPvx3
WU+3dqYTQbtVQH9c1v+FdIAaXeFVlxk9t0l4YsRqCOGrbhFV1gmDw9ZG8mR8zm6n
z46RWIWUyqDXNgCpl4AyAemm4+kXASgd5xWO5YOZjRiV6VCjhL23AKAifyOsltGx
vdk31g38fto=
=Pl7S
-----END PGP SIGNATURE-----



------- Additional Comments From dom@earth.li 2004-06-21 06:56:02 ----

mozilla-* 1.4.2-2.1.0.legacy.1 and galeon-1.2.13-0.2.2.legacy install and run
fine on rh7.3.



------- Additional Comments From dom@earth.li 2004-06-21 06:57:10 ----

noticed that changelog was nuked. Why?



------- Additional Comments From jpdalbec@ysu.edu 2004-06-25 03:48:50 ----

No mozilla-psm package?



------- Additional Comments From marcdeslauriers@videotron.ca 2004-06-25 05:51:47 ----

The mozilla-psm files were integrated into the main mozilla rpm a while ago.



------- Additional Comments From dom@earth.li 2004-07-15 05:50:39 ----

Are there plans to release this package? It seems to have loitered for quite a
while.

I can confirm that the packages work fine on redhat 7.3

Cheers,



------- Additional Comments From dom@earth.li 2004-09-07 12:53:34 ----

Further fixes are available in mozilla 1.4.3 as detailed in bug 1834.



------- Additional Comments From barryn@pobox.com 2004-09-07 14:12:53 ----

However, 1.4.3 has a regression:
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=130644

It's not that serious IMO, but I may as well mention it so others are aware of it...



------- Additional Comments From barryn@pobox.com 2004-09-07 14:19:46 ----

I should clarify my previous comment: The regression I mentioned is in the RHEL
Mozilla 1.4.3 packages, but I have not tested the bug 1834 packages yet.



------- Bug moved to this database by dkl@redhat.com 2005-03-30 18:24 -------

This bug previously known as bug 1532 at https://bugzilla.fedora.us/
https://bugzilla.fedora.us/show_bug.cgi?id=1532
Originally filed under the Fedora Legacy product and Package request component.

Unknown priority P2. Setting to default priority "normal".
Unknown platform PC. Setting to default platform "All".
Setting qa contact to the default for this product.
   This bug either had no qa contact or an invalid one.


Note You need to log in before you can comment on or make changes to this bug.