Firefox-2.0.0.1

[dnicholson@…]

Next major version of Firefox. 2.0.0.1 contains a security fix.

​http://www.mozilla.com/en-US/firefox/2.0/releasenotes/ ​http://www.mozilla.com/en-US/firefox/2.0.0.1/releasenotes/

[Luca]

To maintain coherency with other packages than can be localized (with instrs. or comments already in the book, example OpenOffice), and as per some comments with Dan, Firefox and the other Mozilla-based packages (Thunderbird, Seamonkey, Mozilla and NVU based on some build I made, haven't tried other), here are some infos about localization:

In the .mozconfig file created as per book it's possible to add the following two lines:

ac_add_options --enable-ui-locale=<ll>
mk_add_options MOZ_CO_LOCALES=<ll>

and change the build command to:

make -f client.mk checkout build

to build localized versions (checkout is needed to download localized files). According to [path-to-sources]/mozilla/toolkit/locales/all-locales working and integrated locales are: cs, el, fi, fr, ga-IE, he, hu, it, nb-NO, nl, pl, ro, sv-SE, ru; missing localizations can be done manually by simply translating the stuff from original American-English to the desired one (example: I installed Thunderbird-2.0a1 localized but since it-sources are not available I translated by myself EN-US ones to it and placed them in [path-to-sources]/l10n/it hierarchy, used the same commands and now I use Thunderbird in italian). If the localization isn't avaible and you translated by yourself/someone else translated for you or you have it already in place the "checkout" can be removed from the build command. The localized files may have a different version number (example: Firefox-2.x uses it "langpack" 1.8.1 so it is worth to take a look before building to avoid missing xul references and so on). These infos apply to 1.5.x versions too.

[dnicholson@…]

The checkout requires CVS, correct?

[Luca]

Replying to dnicholson@linuxfromscratch.org:

The checkout requires CVS, correct?

Yes, cvs is required to download sources.

Doh, I just re-read what I wrote and there are some unclear things... it should have been written: Firefox and the other Mozilla-based packages (...) can be built localized, here are some infos about localization

[Ag. Hatzimanikas]

Version increment to 2.0.0.2

Fixes the serious "location.hostname" security flaw. (1)

You can find if your version of firefox is vulnerable in the following link (2),where you can also follow instructions for a workaround,if you are not wishing to upgrade.

I am upgrading now to the new version,although I am not really qualified to comment about the build procedure since I deviate in some ways from the book.

Release notes. ​http://www.mozilla.com/en-US/firefox/2.0.0.2/releasenotes/

1. ​https://bugzilla.mozilla.org/show_bug.cgi?id=370445

2. ​http://lcamtuf.dione.cc/ffhostname.html

[dnicholson@…]

Yikes. If anyone is reading this and already has 2.0.0.1 installed, you can very likely use the same commands to install the new version. The Firefox folks are very conservative about what gets applied to the same patchlevel. Usually, the build fixes have to wait for the next major or minor version.

[bdubbs@…]

seamonkey-1.1 is also vulnerable as shown in the link Ag gave, but I didn't see a fix released yet.

[Ag. Hatzimanikas]

Replying to bdubbs@linuxfromscratch.org:

seamonkey-1.1 is also vulnerable as shown in the link Ag gave, but I didn't see a fix released yet.

Yes it makes sense since they share the same code. I will reopen the ticket and make a build with the patch from the aforementioned bug in bugzilla.

The workaround seems to work however.

Replying to dnicholson@linuxfromscratch.org:

If anyone is reading this and already has 2.0.0.1 installed, you can very likely use the same commands to install the new version.

That's true. I did two upgrades in 2 different machines without any problem.

[dnicholson@…]

Fixed in #6758. As for the --enable-ui-locale stuff, it's on the wiki, and I think that's the only place it can be since it requires CVS.

[(none)]

Milestone 6.2.1 deleted