Don't wait for your distributor; upgrade that Firefox RPM right away

"HOWTO: How to build Firefox 1.0.4 RPM from Nightly Build", Thomas Chung

This morning, I’ve been seeing a lot of “Firefox exploits” in various news sites including [SNIP LIST]. This makes me to think “hmm, how long do we have to wait until Fedora Project releases their official Firefox updates?” “Is there a faster way of getting the latest Firefox build like RIGHT NOW?”

Yeah, brah. Just what I was wondering. See also "More Details on Arbitrary Code Execution Vulnerability".

The answer is YES! We can build Firefox 1.0.4 RPM from Mozilla/Firefox Nighlty Build Tree.

Oh. Smack. Let's do it.

First, I followed instructions in "HOWTO: How to create rpmbuild directory". You can probably skip this part if you don't mind a root-based RPM build, but I'll be wanting to do some Fedora RPM hacking later on so I might as well. As root, I installed the rpmdevtools RPM

# wget
# rpm -i fedora-rpmdevtools-1.0-1.noarch.rpm

Then as my own user:

$ fedora-buildrpmtree

There'll be no output, but you should now find:

$ ls rpmbuild/

$ cd ~/rpmbuild/SOURCES/
$ wget

Right now this build is the same as the release candidate announced by Asa Dotzler.

$ wget
$ wget
$ cd ../SPECS/
$ wget
$ cd
$ rpmbuild -ba ~/rpmbuild/SPECS/firefox.spec
$ sudo rpm -Uvh ~/rpmbuild/RPMS/i386/firefox-1.0.4-20050509.i386.rpm

You might have to su to root rather than sudo on that last command, depending on your set-up. Now just checking:

$ rpm -q firefox

Bet! There goes that round of 'spoits (let's hope).

[Uche Ogbuji]

via Copia