summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--firefox-35.0-flash-click-to-play.patch12
-rw-r--r--firefox.spec13
2 files changed, 19 insertions, 6 deletions
diff --git a/firefox-35.0-flash-click-to-play.patch b/firefox-35.0-flash-click-to-play.patch
new file mode 100644
index 0000000..93d218e
--- /dev/null
+++ b/firefox-35.0-flash-click-to-play.patch
@@ -0,0 +1,12 @@
+diff -up firefox-35.0/mozilla-release/browser/app/profile/firefox.js.flash firefox-35.0/mozilla-release/browser/app/profile/firefox.js
+--- firefox-35.0/mozilla-release/browser/app/profile/firefox.js.flash 2015-01-22 12:19:27.000000000 +0100
++++ firefox-35.0/mozilla-release/browser/app/profile/firefox.js 2015-01-22 12:21:45.139134814 +0100
+@@ -691,7 +691,7 @@ pref("plugin.defaultXpi.state", 2);
+
+ // Flash is enabled by default, and Java is click-to-activate by default on
+ // all channels.
+-pref("plugin.state.flash", 2);
++pref("plugin.state.flash", 1);
+ pref("plugin.state.java", 1);
+
+ // Whitelist Requests
diff --git a/firefox.spec b/firefox.spec
index 4f2595b..417a338 100644
--- a/firefox.spec
+++ b/firefox.spec
@@ -107,7 +107,7 @@
Summary: Mozilla Firefox Web browser
Name: firefox
Version: 35.0
-Release: 5%{?pre_tag}%{?dist}
+Release: 6%{?pre_tag}%{?dist}
URL: http://www.mozilla.org/projects/firefox/
License: MPLv1.1 or GPLv2+ or LGPLv2+
Group: Applications/Internet
@@ -138,9 +138,9 @@ Patch20: firefox-build-prbool.patch
# Unable to install addons from https pages
Patch204: rhbz-966424.patch
Patch215: firefox-enable-addons.patch
-#Patch217: firefox-baseline-disable.patch
Patch219: rhbz-1173156.patch
Patch220: rhbz-1014858.patch
+Patch221: firefox-35.0-flash-click-to-play.patch
# Upstream patches
Patch300: mozilla-858919.patch
@@ -294,12 +294,9 @@ cd %{tarballdir}
# Fedora patches
%patch204 -p2 -b .966424
%patch215 -p1 -b .addons
-# disable baseline JIT on i686 (rhbz#1047079)
-#%ifarch %{ix86}
-#%patch217 -p2 -b .baseline
-#%endif
%patch219 -p2 -b .rhbz-1173156
%patch220 -p1 -b .rhbz-1014858
+%patch221 -p2 -b .flash
# Upstream patches
%patch300 -p1 -b .858919
@@ -769,6 +766,10 @@ gtk-update-icon-cache %{_datadir}/icons/hicolor &>/dev/null || :
#---------------------------------------------------------------------
%changelog
+* Thu Jan 22 2015 Martin Stransky <stransky@redhat.com> - 35.0-6
+- Disabled flash by default because of 0day live flash exploit
+ (see https://isc.sans.edu/diary/Flash+0-Day+Exploit+Used+by+Angler+Exploit+Kit/19213)
+
* Mon Jan 19 2015 Martin Stransky <stransky@redhat.com> - 35.0-5
- Enable release build config
- Gtk3 - added patch for HiDPI support (mozbz#975919)
bgstack15