MozillaFirefox/MozillaFirefox.changes
author Wolfgang Rosenauer <wr@rosenauer.org>
Mon, 12 Dec 2016 22:39:38 +0100
branchfirefox50
changeset 933 7f60766aae16
parent 932 a58cc7936ce7
child 935 9ae2b79d3bb1
permissions -rw-r--r--
50.1.0 aarch64 fix
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
893
86f72f1e98a4 prepare Gtk3 based builds on a feature branch
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 892
diff changeset
     1
-------------------------------------------------------------------
933
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 932
diff changeset
     2
Mon Dec 12 21:18:41 UTC 2016 - wr@rosenauer.org
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 932
diff changeset
     3
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 932
diff changeset
     4
- update to Firefox 50.1.0 (boo#)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 932
diff changeset
     5
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 932
diff changeset
     6
-------------------------------------------------------------------
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 932
diff changeset
     7
Fri Dec  9 17:57:22 UTC 2016 - cgrobertson@novell.com
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 932
diff changeset
     8
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 932
diff changeset
     9
- added patch mozilla-aarch64-startup-crash.patch (bsc#1011922)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 932
diff changeset
    10
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 932
diff changeset
    11
-------------------------------------------------------------------
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 932
diff changeset
    12
Thu Dec  1 02:49:45 UTC 2016 - wr@rosenauer.org
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 932
diff changeset
    13
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 932
diff changeset
    14
- update to Firefox 50.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 932
diff changeset
    15
  * Firefox crashes with 3rd party Chinese IME when using IME text
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 932
diff changeset
    16
    (50.0.1)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 932
diff changeset
    17
  security fixes (in 50.0.1): (boo#1012807)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 932
diff changeset
    18
  * MFSA 2016-91
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 932
diff changeset
    19
    CVE-2016-9078: data: URL can inherit wrong origin after an
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 932
diff changeset
    20
                   HTTP redirect (bmo#1317641)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 932
diff changeset
    21
  security fixes (in 50.0.2) (boo#1012964)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 932
diff changeset
    22
  * MFSA 2016-92
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 932
diff changeset
    23
    CVE-2016-9079: Use-after-free in SVG Animation (bmo#1321066)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 932
diff changeset
    24
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 932
diff changeset
    25
-------------------------------------------------------------------
932
a58cc7936ce7 Firefox 50.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 931
diff changeset
    26
Mon Nov 14 21:07:03 UTC 2016 - wr@rosenauer.org
a58cc7936ce7 Firefox 50.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 931
diff changeset
    27
a58cc7936ce7 Firefox 50.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 931
diff changeset
    28
- update to Firefox 50.0 (boo#1009026)
a58cc7936ce7 Firefox 50.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 931
diff changeset
    29
  * requires NSS 3.26.2
a58cc7936ce7 Firefox 50.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 931
diff changeset
    30
  new features
a58cc7936ce7 Firefox 50.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 931
diff changeset
    31
  * Updates to keyboard shortcuts
a58cc7936ce7 Firefox 50.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 931
diff changeset
    32
    Set a preference to have Ctrl+Tab cycle through tabs in recently
a58cc7936ce7 Firefox 50.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 931
diff changeset
    33
    used order
a58cc7936ce7 Firefox 50.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 931
diff changeset
    34
    View a page in Reader Mode by using Ctrl+Alt+R
a58cc7936ce7 Firefox 50.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 931
diff changeset
    35
  * Added option to Find in page that allows users to limit search to
a58cc7936ce7 Firefox 50.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 931
diff changeset
    36
    whole words only
a58cc7936ce7 Firefox 50.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 931
diff changeset
    37
  * Added download protection for a large number of executable file
a58cc7936ce7 Firefox 50.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 931
diff changeset
    38
    types on Windows, Mac and Linux
a58cc7936ce7 Firefox 50.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 931
diff changeset
    39
  * Fixed rendering of dashed and dotted borders with rounded corners
a58cc7936ce7 Firefox 50.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 931
diff changeset
    40
    (border-radius)
a58cc7936ce7 Firefox 50.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 931
diff changeset
    41
  * Added a built-in Emoji set for operating systems without native
a58cc7936ce7 Firefox 50.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 931
diff changeset
    42
    Emoji fonts (Windows 8.0 and lower and Linux)
a58cc7936ce7 Firefox 50.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 931
diff changeset
    43
  * Blocked versions of libavcodec older than 54.35.1
a58cc7936ce7 Firefox 50.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 931
diff changeset
    44
  * additional locale
a58cc7936ce7 Firefox 50.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 931
diff changeset
    45
  security fixes:
a58cc7936ce7 Firefox 50.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 931
diff changeset
    46
  * MFSA 2016-89
a58cc7936ce7 Firefox 50.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 931
diff changeset
    47
    CVE-2016-5296: Heap-buffer-overflow WRITE in rasterize_edges_1
a58cc7936ce7 Firefox 50.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 931
diff changeset
    48
                   (bmo#1292443)
a58cc7936ce7 Firefox 50.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 931
diff changeset
    49
    CVE-2016-5292: URL parsing causes crash (bmo#1288482)
a58cc7936ce7 Firefox 50.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 931
diff changeset
    50
    CVE-2016-5293: Write to arbitrary file with updater and moz
a58cc7936ce7 Firefox 50.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 931
diff changeset
    51
                   maintenance service using updater.log hardlink
a58cc7936ce7 Firefox 50.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 931
diff changeset
    52
		   (Windows only) (bmo#1246945)
a58cc7936ce7 Firefox 50.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 931
diff changeset
    53
    CVE-2016-5294: Arbitrary target directory for result files of
a58cc7936ce7 Firefox 50.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 931
diff changeset
    54
                   update process (Windows only) (bmo#1246972)
a58cc7936ce7 Firefox 50.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 931
diff changeset
    55
    CVE-2016-5297: Incorrect argument length checking in Javascript
a58cc7936ce7 Firefox 50.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 931
diff changeset
    56
                   (bmo#1303678)
a58cc7936ce7 Firefox 50.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 931
diff changeset
    57
    CVE-2016-9064: Addons update must verify IDs match between
a58cc7936ce7 Firefox 50.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 931
diff changeset
    58
                   current and new versions (bmo#1303418)
a58cc7936ce7 Firefox 50.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 931
diff changeset
    59
    CVE-2016-9065: Firefox for Android location bar spoofing usingfullscreen
a58cc7936ce7 Firefox 50.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 931
diff changeset
    60
                   (Android only) (bmo#1306696)
a58cc7936ce7 Firefox 50.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 931
diff changeset
    61
    CVE-2016-9066: Integer overflow leading to a buffer overflow in
a58cc7936ce7 Firefox 50.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 931
diff changeset
    62
                   nsScriptLoadHandler (bmo#1299686)
a58cc7936ce7 Firefox 50.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 931
diff changeset
    63
    CVE-2016-9067: heap-use-after-free in nsINode::ReplaceOrInsertBefore
a58cc7936ce7 Firefox 50.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 931
diff changeset
    64
                   (bmo#1301777, bmo#1308922 (CVE-2016-9069))
a58cc7936ce7 Firefox 50.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 931
diff changeset
    65
    CVE-2016-9068: heap-use-after-free in nsRefreshDriver (bmo#1302973)
a58cc7936ce7 Firefox 50.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 931
diff changeset
    66
    CVE-2016-9072: 64-bit NPAPI sandbox isn't enabled on fresh profile
a58cc7936ce7 Firefox 50.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 931
diff changeset
    67
                   (bmo#1300083) (Windows only)
a58cc7936ce7 Firefox 50.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 931
diff changeset
    68
    CVE-2016-9075: WebExtensions can access the mozAddonManager API
a58cc7936ce7 Firefox 50.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 931
diff changeset
    69
                   and use it to gain elevated privileges (bmo#1295324)
a58cc7936ce7 Firefox 50.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 931
diff changeset
    70
    CVE-2016-9077: Canvas filters allow feDisplacementMaps to be applied
a58cc7936ce7 Firefox 50.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 931
diff changeset
    71
                   to cross-origin images, allowing timing attacks on them
a58cc7936ce7 Firefox 50.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 931
diff changeset
    72
		   (bmo#1298552)
a58cc7936ce7 Firefox 50.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 931
diff changeset
    73
    CVE-2016-5291: Same-origin policy violation using local HTML file
a58cc7936ce7 Firefox 50.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 931
diff changeset
    74
                    and saved shortcut file (bmo#1292159)
a58cc7936ce7 Firefox 50.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 931
diff changeset
    75
    CVE-2016-5295: Mozilla Maintenance Service: Ability to read
a58cc7936ce7 Firefox 50.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 931
diff changeset
    76
                   arbitrary files as SYSTEM (Windows only) (bmo#1247239)
a58cc7936ce7 Firefox 50.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 931
diff changeset
    77
    CVE-2016-5298: SSL indicator can mislead the user about the real
a58cc7936ce7 Firefox 50.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 931
diff changeset
    78
                   URL visited (bmo#1227538) (Android only)
a58cc7936ce7 Firefox 50.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 931
diff changeset
    79
    CVE-2016-5299: Firefox AuthToken in broadcast protected with
a58cc7936ce7 Firefox 50.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 931
diff changeset
    80
                   signature-level permission can be accessed by an
a58cc7936ce7 Firefox 50.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 931
diff changeset
    81
		   application installed beforehand that defines the
a58cc7936ce7 Firefox 50.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 931
diff changeset
    82
		   same permissions (bmo#1245791) (Android only)
a58cc7936ce7 Firefox 50.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 931
diff changeset
    83
    CVE-2016-9061: API Key (glocation) in broadcast protected with
a58cc7936ce7 Firefox 50.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 931
diff changeset
    84
                   signature-level permission can be accessed by an
a58cc7936ce7 Firefox 50.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 931
diff changeset
    85
		   application installed beforehand that defines the
a58cc7936ce7 Firefox 50.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 931
diff changeset
    86
		   same permissions (Android only) (bmo#1245795)
a58cc7936ce7 Firefox 50.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 931
diff changeset
    87
    CVE-2016-9062: Private browsing browser traces (android) in
a58cc7936ce7 Firefox 50.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 931
diff changeset
    88
                   browser.db and wal file (Android only) (bmo#1294438)
a58cc7936ce7 Firefox 50.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 931
diff changeset
    89
    CVE-2016-9070: Sidebar bookmark can have reference to chrome window
a58cc7936ce7 Firefox 50.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 931
diff changeset
    90
                   (bmo#1281071)
a58cc7936ce7 Firefox 50.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 931
diff changeset
    91
    CVE-2016-9073: windows.create schema doesn't specify "format": "relativeUrl"
a58cc7936ce7 Firefox 50.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 931
diff changeset
    92
                   (bmo#1289273)
a58cc7936ce7 Firefox 50.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 931
diff changeset
    93
    CVE-2016-9074: Insufficient timing side-channel resistance in
a58cc7936ce7 Firefox 50.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 931
diff changeset
    94
                   divSpoiler (bmo#1293334) (fixed via NSS 3.26.1)
a58cc7936ce7 Firefox 50.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 931
diff changeset
    95
    CVE-2016-9076: select dropdown menu can be used for URL bar
a58cc7936ce7 Firefox 50.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 931
diff changeset
    96
                   spoofing on e10s (bmo#1276976)
a58cc7936ce7 Firefox 50.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 931
diff changeset
    97
    CVE-2016-9063: Possible integer overflow to fix inside XML_Parse
a58cc7936ce7 Firefox 50.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 931
diff changeset
    98
                   in expat (bmo#1274777)
a58cc7936ce7 Firefox 50.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 931
diff changeset
    99
    CVE-2016-9071: Probe browser history via HSTS/301 redirect + CSP
a58cc7936ce7 Firefox 50.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 931
diff changeset
   100
                   (bmo#1285003)
a58cc7936ce7 Firefox 50.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 931
diff changeset
   101
    CVE-2016-5289: Memory safety bugs fixed in Firefox 50
a58cc7936ce7 Firefox 50.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 931
diff changeset
   102
    CVE-2016-5290: Memory safety bugs fixed in Firefox 50 and Firefox ESR 45.5
a58cc7936ce7 Firefox 50.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 931
diff changeset
   103
- make aarch64 build more similar to x86_64 build (remove conditionals
a58cc7936ce7 Firefox 50.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 931
diff changeset
   104
  that don't seem to be necessary anymore)
a58cc7936ce7 Firefox 50.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 931
diff changeset
   105
a58cc7936ce7 Firefox 50.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 931
diff changeset
   106
-------------------------------------------------------------------
931
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 930
diff changeset
   107
Mon Oct 24 09:41:17 UTC 2016 - astieger@suse.com
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 930
diff changeset
   108
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 930
diff changeset
   109
- Mozilla Firefox 49.0.2:
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 930
diff changeset
   110
  * CVE-2016-5287: Crash in nsTArray_base (bsc#1006475)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 930
diff changeset
   111
  * CVE-2016-5288: Web content can read cache entries (bsc#1006476)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 930
diff changeset
   112
  * Asynchronous rendering of the Flash plugins is now enabled by
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 930
diff changeset
   113
    default
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 930
diff changeset
   114
  * Change D3D9 default fallback preference to prevent graphical
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 930
diff changeset
   115
    artifacts
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 930
diff changeset
   116
  * Network issue prevents some users from seeing the Firefox UI on
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 930
diff changeset
   117
    startup
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 930
diff changeset
   118
  * Web compatibility issue with file uploads
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 930
diff changeset
   119
  * Web compatibility issue with Array.prototype.values
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 930
diff changeset
   120
  * Diagnostic information on timing for tab switching
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 930
diff changeset
   121
  * Fix a Canvas filters graphics issue affecting HTML5 apps
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 930
diff changeset
   122
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 930
diff changeset
   123
-------------------------------------------------------------------
930
fdfd88b0c2d7 latest updates including 49.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 929
diff changeset
   124
Wed Oct 12 20:42:28 UTC 2016 - badshah400@gmail.com
fdfd88b0c2d7 latest updates including 49.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 929
diff changeset
   125
fdfd88b0c2d7 latest updates including 49.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 929
diff changeset
   126
- Drop mozilla-gtk3_20.patch; obsoleted by Firefox version 49.0
fdfd88b0c2d7 latest updates including 49.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 929
diff changeset
   127
  and fixes have been incorporated by upstream.
fdfd88b0c2d7 latest updates including 49.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 929
diff changeset
   128
fdfd88b0c2d7 latest updates including 49.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 929
diff changeset
   129
-------------------------------------------------------------------
fdfd88b0c2d7 latest updates including 49.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 929
diff changeset
   130
Fri Sep 23 20:36:39 UTC 2016 - astieger@suse.com
fdfd88b0c2d7 latest updates including 49.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 929
diff changeset
   131
fdfd88b0c2d7 latest updates including 49.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 929
diff changeset
   132
- Mozilla Firefox 49.0.1:
fdfd88b0c2d7 latest updates including 49.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 929
diff changeset
   133
  * Mitigate a startup crash issue caused by Websense - bmo#1304783
fdfd88b0c2d7 latest updates including 49.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 929
diff changeset
   134
fdfd88b0c2d7 latest updates including 49.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 929
diff changeset
   135
-------------------------------------------------------------------
929
9fc2ebe6d7f1 Firefox 49.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 928
diff changeset
   136
Tue Sep 20 07:09:52 UTC 2016 - wr@rosenauer.org
9fc2ebe6d7f1 Firefox 49.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 928
diff changeset
   137
9fc2ebe6d7f1 Firefox 49.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 928
diff changeset
   138
- update to Firefox 49.0 (boo#999701)
9fc2ebe6d7f1 Firefox 49.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 928
diff changeset
   139
  new features
9fc2ebe6d7f1 Firefox 49.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 928
diff changeset
   140
  * Updated Firefox Login Manager to allow HTTPS pages to use saved
9fc2ebe6d7f1 Firefox 49.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 928
diff changeset
   141
    HTTP logins.
9fc2ebe6d7f1 Firefox 49.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 928
diff changeset
   142
  * Added features to Reader Mode that make it easier on the eyes and
9fc2ebe6d7f1 Firefox 49.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 928
diff changeset
   143
    the ears
9fc2ebe6d7f1 Firefox 49.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 928
diff changeset
   144
  * Improved video performance for users on systems that support
9fc2ebe6d7f1 Firefox 49.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 928
diff changeset
   145
    SSE3 without hardware acceleration
9fc2ebe6d7f1 Firefox 49.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 928
diff changeset
   146
  * Added context menu controls to HTML5 audio and video that let users
9fc2ebe6d7f1 Firefox 49.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 928
diff changeset
   147
    loops files or play files at 1.25x speed
9fc2ebe6d7f1 Firefox 49.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 928
diff changeset
   148
  * Improvements in about:memory reports for tracking font memory usage
9fc2ebe6d7f1 Firefox 49.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 928
diff changeset
   149
  security related
9fc2ebe6d7f1 Firefox 49.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 928
diff changeset
   150
  * MFSA 2016-85
9fc2ebe6d7f1 Firefox 49.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 928
diff changeset
   151
    CVE-2016-2827 (bmo#1289085) - Out-of-bounds read in
9fc2ebe6d7f1 Firefox 49.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 928
diff changeset
   152
    mozilla::net::IsValidReferrerPolicy
9fc2ebe6d7f1 Firefox 49.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 928
diff changeset
   153
    CVE-2016-5270 (bmo#1291016) - Heap-buffer-overflow in
9fc2ebe6d7f1 Firefox 49.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 928
diff changeset
   154
    nsCaseTransformTextRunFactory::TransformString
9fc2ebe6d7f1 Firefox 49.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 928
diff changeset
   155
    CVE-2016-5271 (bmo#1288946) - Out-of-bounds read in
9fc2ebe6d7f1 Firefox 49.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 928
diff changeset
   156
    PropertyProvider::GetSpacingInternal
9fc2ebe6d7f1 Firefox 49.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 928
diff changeset
   157
    CVE-2016-5272 (bmo#1297934) - Bad cast in nsImageGeometryMixin
9fc2ebe6d7f1 Firefox 49.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 928
diff changeset
   158
    CVE-2016-5273 (bmo#1280387) - crash in
9fc2ebe6d7f1 Firefox 49.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 928
diff changeset
   159
    mozilla::a11y::HyperTextAccessible::GetChildOffset
9fc2ebe6d7f1 Firefox 49.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 928
diff changeset
   160
    CVE-2016-5276 (bmo#1287721) - Heap-use-after-free in
9fc2ebe6d7f1 Firefox 49.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 928
diff changeset
   161
    mozilla::a11y::DocAccessible::ProcessInvalidationList
9fc2ebe6d7f1 Firefox 49.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 928
diff changeset
   162
    CVE-2016-5274 (bmo#1282076) - use-after-free in
9fc2ebe6d7f1 Firefox 49.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 928
diff changeset
   163
    nsFrameManager::CaptureFrameState
9fc2ebe6d7f1 Firefox 49.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 928
diff changeset
   164
    CVE-2016-5277 (bmo#1291665) - Heap-use-after-free in nsRefreshDriver::Tick
9fc2ebe6d7f1 Firefox 49.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 928
diff changeset
   165
    CVE-2016-5275 (bmo#1287316) - global-buffer-overflow in
9fc2ebe6d7f1 Firefox 49.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 928
diff changeset
   166
    mozilla::gfx::FilterSupport::ComputeSourceNeededRegions
9fc2ebe6d7f1 Firefox 49.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 928
diff changeset
   167
    CVE-2016-5278 (bmo#1294677) - Heap-buffer-overflow in
9fc2ebe6d7f1 Firefox 49.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 928
diff changeset
   168
    nsBMPEncoder::AddImageFrame
9fc2ebe6d7f1 Firefox 49.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 928
diff changeset
   169
    CVE-2016-5279 (bmo#1249522) - Full local path of files is available
9fc2ebe6d7f1 Firefox 49.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 928
diff changeset
   170
    to web pages after drag and drop
9fc2ebe6d7f1 Firefox 49.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 928
diff changeset
   171
    CVE-2016-5280 (bmo#1289970) - Use-after-free in
9fc2ebe6d7f1 Firefox 49.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 928
diff changeset
   172
    mozilla::nsTextNodeDirectionalityMap::RemoveElementFromMap
9fc2ebe6d7f1 Firefox 49.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 928
diff changeset
   173
    CVE-2016-5281 (bmo#1284690) - use-after-free in DOMSVGLength
9fc2ebe6d7f1 Firefox 49.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 928
diff changeset
   174
    CVE-2016-5282 (bmo#932335) - Don't allow content to request favicons
9fc2ebe6d7f1 Firefox 49.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 928
diff changeset
   175
    from non-whitelisted schemes
9fc2ebe6d7f1 Firefox 49.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 928
diff changeset
   176
    CVE-2016-5283 (bmo#928187) - <iframe src> fragment timing attack can
9fc2ebe6d7f1 Firefox 49.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 928
diff changeset
   177
    reveal cross-origin data
9fc2ebe6d7f1 Firefox 49.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 928
diff changeset
   178
    CVE-2016-5284 (bmo#1303127) - Add-on update site certificate pin expiration
9fc2ebe6d7f1 Firefox 49.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 928
diff changeset
   179
    CVE-2016-5256 - Memory safety bugs fixed in Firefox 49
9fc2ebe6d7f1 Firefox 49.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 928
diff changeset
   180
    CVE-2016-5257 - Memory safety bugs fixed in Firefox 49 and Firefox ESR 45.4
9fc2ebe6d7f1 Firefox 49.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 928
diff changeset
   181
- removed obsolete patches:
9fc2ebe6d7f1 Firefox 49.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 928
diff changeset
   182
  * mozilla-aarch64-48bit-va.patch
9fc2ebe6d7f1 Firefox 49.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 928
diff changeset
   183
  * mozilla-exclude-nametablecpp.patch
9fc2ebe6d7f1 Firefox 49.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 928
diff changeset
   184
  * mozilla-old_configure-bmo1282843.patch
9fc2ebe6d7f1 Firefox 49.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 928
diff changeset
   185
- added patch mozilla-skia-overflow.patch (bmo#1304114)
9fc2ebe6d7f1 Firefox 49.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 928
diff changeset
   186
- requires NSS 3.25
9fc2ebe6d7f1 Firefox 49.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 928
diff changeset
   187
9fc2ebe6d7f1 Firefox 49.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 928
diff changeset
   188
-------------------------------------------------------------------
928
4663386a04de update to 48.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 927
diff changeset
   189
Tue Aug 30 20:25:38 UTC 2016 - astieger@suse.com
4663386a04de update to 48.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 927
diff changeset
   190
4663386a04de update to 48.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 927
diff changeset
   191
- Mozilla Firefox 48.0.2:
4663386a04de update to 48.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 927
diff changeset
   192
  * Mitigate a startup crash issue caused on Windows (bmo#1291738)
4663386a04de update to 48.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 927
diff changeset
   193
4663386a04de update to 48.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 927
diff changeset
   194
-------------------------------------------------------------------
927
300ed867f7fd 48.0.1 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 926
diff changeset
   195
Sat Aug 20 10:58:26 UTC 2016 - astieger@suse.com
300ed867f7fd 48.0.1 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 926
diff changeset
   196
300ed867f7fd 48.0.1 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 926
diff changeset
   197
- Mozilla Firefox 48.0.1:
300ed867f7fd 48.0.1 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 926
diff changeset
   198
  * Fix an audio regression impacting some major websites
300ed867f7fd 48.0.1 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 926
diff changeset
   199
    (bmo#1295296)
300ed867f7fd 48.0.1 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 926
diff changeset
   200
  * Fix a top crash in the JavaScript engine (bmo#1290469)
300ed867f7fd 48.0.1 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 926
diff changeset
   201
  * Fix a startup crash issue caused by Websense (bmo#1291738)
300ed867f7fd 48.0.1 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 926
diff changeset
   202
  * Fix a different behavior with e10s / non-e10s on <select> and
300ed867f7fd 48.0.1 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 926
diff changeset
   203
    mouse events (bmo#1291078)
300ed867f7fd 48.0.1 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 926
diff changeset
   204
  * Fix a top crash caused by plugin issues (bmo#1264530)
300ed867f7fd 48.0.1 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 926
diff changeset
   205
  * Fix a shutdown issue (bmo#1276920)
300ed867f7fd 48.0.1 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 926
diff changeset
   206
  * Fix a crash in WebRTC
300ed867f7fd 48.0.1 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 926
diff changeset
   207
300ed867f7fd 48.0.1 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 926
diff changeset
   208
-------------------------------------------------------------------
925
05d175c5957e added upstream patch so system plugins/extensions are correctly
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 924
diff changeset
   209
Mon Aug 15 11:24:00 UTC 2016 - wr@rosenauer.org
05d175c5957e added upstream patch so system plugins/extensions are correctly
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 924
diff changeset
   210
05d175c5957e added upstream patch so system plugins/extensions are correctly
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 924
diff changeset
   211
- added upstream patch so system plugins/extensions are correctly
05d175c5957e added upstream patch so system plugins/extensions are correctly
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 924
diff changeset
   212
  loaded again on x86-64 (bmo#1282843)
05d175c5957e added upstream patch so system plugins/extensions are correctly
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 924
diff changeset
   213
  (mozilla-old_configure-bmo1282843.patch)
05d175c5957e added upstream patch so system plugins/extensions are correctly
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 924
diff changeset
   214
05d175c5957e added upstream patch so system plugins/extensions are correctly
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 924
diff changeset
   215
-------------------------------------------------------------------
926
6ab8b16f232c merge latest changes from Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 925
diff changeset
   216
Fri Aug  5 13:47:12 UTC 2016 - pcerny@suse.com
6ab8b16f232c merge latest changes from Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 925
diff changeset
   217
6ab8b16f232c merge latest changes from Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 925
diff changeset
   218
- Fix for possible buffer overrun (bsc#990856)
6ab8b16f232c merge latest changes from Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 925
diff changeset
   219
  CVE-2016-6354 (bmo#1292534)
6ab8b16f232c merge latest changes from Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 925
diff changeset
   220
  [mozilla-flex_buffer_overrun.patch]
6ab8b16f232c merge latest changes from Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 925
diff changeset
   221
6ab8b16f232c merge latest changes from Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 925
diff changeset
   222
-------------------------------------------------------------------
6ab8b16f232c merge latest changes from Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 925
diff changeset
   223
Wed Aug  3 03:38:47 UTC 2016 - badshah400@gmail.com
6ab8b16f232c merge latest changes from Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 925
diff changeset
   224
6ab8b16f232c merge latest changes from Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 925
diff changeset
   225
- Update mozilla-gtk3_20.patch to latest version from Fedora.
6ab8b16f232c merge latest changes from Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 925
diff changeset
   226
6ab8b16f232c merge latest changes from Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 925
diff changeset
   227
-------------------------------------------------------------------
923
3cc9f17ca9bb prepare FF48
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 921
diff changeset
   228
Mon Aug  1 12:37:05 UTC 2016 - wr@rosenauer.org
3cc9f17ca9bb prepare FF48
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 921
diff changeset
   229
924
199d5cf40e86 changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 923
diff changeset
   230
- update to Firefox 48.0 (boo#991809)
923
3cc9f17ca9bb prepare FF48
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 921
diff changeset
   231
  * requires NSS 3.24
3cc9f17ca9bb prepare FF48
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 921
diff changeset
   232
  * Process separation (e10s) is enabled for some of you
3cc9f17ca9bb prepare FF48
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 921
diff changeset
   233
  * Add-ons that have not been verified and signed by Mozilla will not load
3cc9f17ca9bb prepare FF48
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 921
diff changeset
   234
  * WebRTC embetterments
3cc9f17ca9bb prepare FF48
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 921
diff changeset
   235
  * The media parser has been redeveloped using the Rust programming
3cc9f17ca9bb prepare FF48
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 921
diff changeset
   236
    language
3cc9f17ca9bb prepare FF48
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 921
diff changeset
   237
  * better Canvas performance with speedy Skia support
924
199d5cf40e86 changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 923
diff changeset
   238
  security fixes:
199d5cf40e86 changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 923
diff changeset
   239
  * MFSA 2016-62/CVE-2016-2835/CVE-2016-2836
199d5cf40e86 changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 923
diff changeset
   240
    Miscellaneous memory safety hazards
199d5cf40e86 changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 923
diff changeset
   241
  * MFSA 2016-63/CVE-2016-2830 (bmo#1255270)
199d5cf40e86 changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 923
diff changeset
   242
    Favicon network connection can persist when page is closed
199d5cf40e86 changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 923
diff changeset
   243
  * MFSA 2016-64/CVE-2016-2838 (bmo#1279814)
199d5cf40e86 changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 923
diff changeset
   244
    Buffer overflow rendering SVG with bidirectional content
199d5cf40e86 changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 923
diff changeset
   245
  * MFSA 2016-65/CVE-2016-2839 (bmo#1275339)
199d5cf40e86 changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 923
diff changeset
   246
    Cairo rendering crash due to memory allocation issue with FFmpeg 0.10
199d5cf40e86 changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 923
diff changeset
   247
  * MFSA 2016-66/CVE-2016-5251 (bmo#1255570)
199d5cf40e86 changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 923
diff changeset
   248
    Location bar spoofing via data URLs with malformed/invalid mediatypes
199d5cf40e86 changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 923
diff changeset
   249
  * MFSA 2016-67/CVE-2016-5252 (bmo#1268854)
199d5cf40e86 changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 923
diff changeset
   250
    Stack underflow during 2D graphics rendering
199d5cf40e86 changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 923
diff changeset
   251
  * MFSA 2016-68/CVE-2016-0718 (bmo#1236923)
199d5cf40e86 changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 923
diff changeset
   252
    Out-of-bounds read during XML parsing in Expat library
199d5cf40e86 changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 923
diff changeset
   253
  * MFSA 2016-69/CVE-2016-5253 (bmo#1246944)
199d5cf40e86 changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 923
diff changeset
   254
    Arbitrary file manipulation by local user through Mozilla updater
199d5cf40e86 changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 923
diff changeset
   255
    and callback application path parameter (Windows-only)
199d5cf40e86 changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 923
diff changeset
   256
  * MFSA 2016-70/CVE-2016-5254 (bmo#1266963)
199d5cf40e86 changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 923
diff changeset
   257
    Use-after-free when using alt key and toplevel menus
199d5cf40e86 changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 923
diff changeset
   258
  * MFSA 2016-71/CVE-2016-5255 (bmo#1212356)
199d5cf40e86 changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 923
diff changeset
   259
    Crash in incremental garbage collection in JavaScript
199d5cf40e86 changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 923
diff changeset
   260
  * MFSA 2016-72/CVE-2016-5258 (bmo#1279146)
199d5cf40e86 changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 923
diff changeset
   261
    Use-after-free in DTLS during WebRTC session shutdown
199d5cf40e86 changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 923
diff changeset
   262
  * MFSA 2016-73/CVE-2016-5259 (bmo#1282992)
199d5cf40e86 changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 923
diff changeset
   263
    Use-after-free in service workers with nested sync events
199d5cf40e86 changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 923
diff changeset
   264
  * MFSA 2016-74/CVE-2016-5260 (bmo#1280294)
199d5cf40e86 changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 923
diff changeset
   265
    Form input type change from password to text can store plain
199d5cf40e86 changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 923
diff changeset
   266
    text password in session restore file
199d5cf40e86 changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 923
diff changeset
   267
  * MFSA 2016-75/CVE-2016-5261 (bmo#1287266)
199d5cf40e86 changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 923
diff changeset
   268
    Integer overflow in WebSockets during data buffering
199d5cf40e86 changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 923
diff changeset
   269
  * MFSA 2016-76/CVE-2016-5262 (bmo#1277475)
199d5cf40e86 changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 923
diff changeset
   270
    Scripts on marquee tag can execute in sandboxed iframes
199d5cf40e86 changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 923
diff changeset
   271
  * MFSA 2016-77/CVE-2016-2837 (bmo#1274637)
199d5cf40e86 changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 923
diff changeset
   272
    Buffer overflow in ClearKey Content Decryption Module (CDM)
199d5cf40e86 changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 923
diff changeset
   273
    during video playback
199d5cf40e86 changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 923
diff changeset
   274
  * MFSA 2016-78/CVE-2016-5263 (bmo#1276897)
199d5cf40e86 changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 923
diff changeset
   275
    Type confusion in display transformation
199d5cf40e86 changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 923
diff changeset
   276
  * MFSA 2016-79/CVE-2016-5264 (bmo#1286183)
199d5cf40e86 changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 923
diff changeset
   277
    Use-after-free when applying SVG effects
199d5cf40e86 changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 923
diff changeset
   278
  * MFSA 2016-80/CVE-2016-5265 (bmo#1278013)
199d5cf40e86 changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 923
diff changeset
   279
    Same-origin policy violation using local HTML file and saved shortcut file
199d5cf40e86 changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 923
diff changeset
   280
  * MFSA 2016-81/CVE-2016-5266 (bmo#1226977)
199d5cf40e86 changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 923
diff changeset
   281
    Information disclosure and local file manipulation through drag and drop
199d5cf40e86 changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 923
diff changeset
   282
  * MFSA 2016-82/CVE-2016-5267 (bmo#1284372)
199d5cf40e86 changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 923
diff changeset
   283
    Addressbar spoofing with right-to-left characters on Firefox for Android
199d5cf40e86 changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 923
diff changeset
   284
    (Android only)
199d5cf40e86 changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 923
diff changeset
   285
  * MFSA 2016-83/CVE-2016-5268 (bmo#1253673)
199d5cf40e86 changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 923
diff changeset
   286
    Spoofing attack through text injection into internal error pages
199d5cf40e86 changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 923
diff changeset
   287
  * MFSA 2016-84/CVE-2016-5250 (bmo#1254688)
199d5cf40e86 changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 923
diff changeset
   288
    Information disclosure through Resource Timing API during page navigation
923
3cc9f17ca9bb prepare FF48
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 921
diff changeset
   289
- removed obsolete mozilla-gcc6.patch
3cc9f17ca9bb prepare FF48
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 921
diff changeset
   290
3cc9f17ca9bb prepare FF48
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 921
diff changeset
   291
-------------------------------------------------------------------
921
4f801233e935 merge contributions from OBS
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 920
diff changeset
   292
Fri Jul 29 01:26:13 UTC 2016 - badshah400@gmail.com
4f801233e935 merge contributions from OBS
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 920
diff changeset
   293
4f801233e935 merge contributions from OBS
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 920
diff changeset
   294
- Update description and screenshots in appdata.xml file.
4f801233e935 merge contributions from OBS
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 920
diff changeset
   295
4f801233e935 merge contributions from OBS
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 920
diff changeset
   296
-------------------------------------------------------------------
4f801233e935 merge contributions from OBS
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 920
diff changeset
   297
Sat Jul 23 20:13:08 UTC 2016 - antoine.belvire@laposte.net
4f801233e935 merge contributions from OBS
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 920
diff changeset
   298
4f801233e935 merge contributions from OBS
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 920
diff changeset
   299
- Fix Firefox crash on startup on i586 (boo#986541):
4f801233e935 merge contributions from OBS
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 920
diff changeset
   300
  * Add -fno-delete-null-pointer-checks and
4f801233e935 merge contributions from OBS
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 920
diff changeset
   301
    -fno-inline-small-functions to CFLAGS
4f801233e935 merge contributions from OBS
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 920
diff changeset
   302
4f801233e935 merge contributions from OBS
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 920
diff changeset
   303
-------------------------------------------------------------------
4f801233e935 merge contributions from OBS
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 920
diff changeset
   304
Tue Jul 19 20:12:11 UTC 2016 - mailaender@opensuse.org
4f801233e935 merge contributions from OBS
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 920
diff changeset
   305
4f801233e935 merge contributions from OBS
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 920
diff changeset
   306
- Update the appdata.xml file (replace Windows XP screenshot)
4f801233e935 merge contributions from OBS
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 920
diff changeset
   307
4f801233e935 merge contributions from OBS
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 920
diff changeset
   308
-------------------------------------------------------------------
4f801233e935 merge contributions from OBS
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 920
diff changeset
   309
Wed Jun 29 09:25:41 UTC 2016 - astieger@suse.com
4f801233e935 merge contributions from OBS
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 920
diff changeset
   310
4f801233e935 merge contributions from OBS
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 920
diff changeset
   311
- Mozilla Firefox 47.0.1:
4f801233e935 merge contributions from OBS
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 920
diff changeset
   312
  * Selenium WebDriver may cause Firefox to crash at startup
4f801233e935 merge contributions from OBS
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 920
diff changeset
   313
    (bmo#1280854)
4f801233e935 merge contributions from OBS
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 920
diff changeset
   314
4f801233e935 merge contributions from OBS
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 920
diff changeset
   315
-------------------------------------------------------------------
920
4e5807284ef0 https://bugzilla.opensuse.org/show_bug.cgi?id=984637
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 919
diff changeset
   316
Wed Jun 15 07:52:18 UTC 2016 - wr@rosenauer.org
4e5807284ef0 https://bugzilla.opensuse.org/show_bug.cgi?id=984637
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 919
diff changeset
   317
4e5807284ef0 https://bugzilla.opensuse.org/show_bug.cgi?id=984637
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 919
diff changeset
   318
- mozilla-binutils-visibility.patch to fix build issues with
921
4f801233e935 merge contributions from OBS
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 920
diff changeset
   319
  gcc/binutils combination used in Leap 42.2 (boo#984637)
920
4e5807284ef0 https://bugzilla.opensuse.org/show_bug.cgi?id=984637
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 919
diff changeset
   320
4e5807284ef0 https://bugzilla.opensuse.org/show_bug.cgi?id=984637
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 919
diff changeset
   321
-------------------------------------------------------------------
919
6838f0c032f8 -------------------------------------------------------------------
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 916
diff changeset
   322
Tue Jun 14 08:35:03 UTC 2016 - badshah400@gmail.com
6838f0c032f8 -------------------------------------------------------------------
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 916
diff changeset
   323
6838f0c032f8 -------------------------------------------------------------------
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 916
diff changeset
   324
- Update mozilla-gtk3_20.patch to latest version from Fedora.
6838f0c032f8 -------------------------------------------------------------------
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 916
diff changeset
   325
6838f0c032f8 -------------------------------------------------------------------
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 916
diff changeset
   326
-------------------------------------------------------------------
6838f0c032f8 -------------------------------------------------------------------
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 916
diff changeset
   327
Mon Jun 13 20:28:01 UTC 2016 - agraf@suse.com
6838f0c032f8 -------------------------------------------------------------------
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 916
diff changeset
   328
6838f0c032f8 -------------------------------------------------------------------
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 916
diff changeset
   329
- Fix running on 48bit va aarch64 (bsc#984126)
6838f0c032f8 -------------------------------------------------------------------
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 916
diff changeset
   330
  * add patch mozilla-aarch64-48bit-va.patch
6838f0c032f8 -------------------------------------------------------------------
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 916
diff changeset
   331
6838f0c032f8 -------------------------------------------------------------------
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 916
diff changeset
   332
-------------------------------------------------------------------
6838f0c032f8 -------------------------------------------------------------------
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 916
diff changeset
   333
Mon Jun 13 15:27:13 UTC 2016 - wr@rosenauer.org
6838f0c032f8 -------------------------------------------------------------------
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 916
diff changeset
   334
6838f0c032f8 -------------------------------------------------------------------
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 916
diff changeset
   335
- fix XUL dialog button order under KDE session (boo#984403)
6838f0c032f8 -------------------------------------------------------------------
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 916
diff changeset
   336
6838f0c032f8 -------------------------------------------------------------------
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 916
diff changeset
   337
-------------------------------------------------------------------
916
2f9f2e040647 Firefox 47.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 914
diff changeset
   338
Tue Jun  7 19:47:25 UTC 2016 - wr@rosenauer.org
2f9f2e040647 Firefox 47.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 914
diff changeset
   339
2f9f2e040647 Firefox 47.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 914
diff changeset
   340
- update to Firefox 47.0 (boo#983549)
2f9f2e040647 Firefox 47.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 914
diff changeset
   341
  * Enable VP9 video codec for users with fast machines
2f9f2e040647 Firefox 47.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 914
diff changeset
   342
  * Embedded YouTube videos now play with HTML5 video if Flash is
2f9f2e040647 Firefox 47.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 914
diff changeset
   343
    not installed
2f9f2e040647 Firefox 47.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 914
diff changeset
   344
  * View and search open tabs from your smartphone or another
2f9f2e040647 Firefox 47.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 914
diff changeset
   345
    computer in a sidebar
2f9f2e040647 Firefox 47.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 914
diff changeset
   346
  * Allow no-cache on back/forward navigations for https resources
2f9f2e040647 Firefox 47.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 914
diff changeset
   347
  security fixes:
2f9f2e040647 Firefox 47.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 914
diff changeset
   348
  * MFSA 2016-49/CVE-2016-2815/CVE-2016-2818
2f9f2e040647 Firefox 47.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 914
diff changeset
   349
    (boo#983638)
2f9f2e040647 Firefox 47.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 914
diff changeset
   350
    (bmo#1241896, bmo#1242798, bmo#1243466, bmo#1245743,
2f9f2e040647 Firefox 47.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 914
diff changeset
   351
     bmo#1264300, bmo#1271037, bmo#1234147, bmo#1256493,
2f9f2e040647 Firefox 47.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 914
diff changeset
   352
     bmo#1256739, bmo#1256968, bmo#1261230, bmo#1261752,
2f9f2e040647 Firefox 47.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 914
diff changeset
   353
     bmo#1263384, bmo#1264575, bmo#1265577, bmo#1267130,
2f9f2e040647 Firefox 47.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 914
diff changeset
   354
     bmo#1269729, bmo#1273202, bmo#1273701)
2f9f2e040647 Firefox 47.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 914
diff changeset
   355
    Miscellaneous memory safety hazards (rv:47.0 / rv:45.2)
2f9f2e040647 Firefox 47.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 914
diff changeset
   356
  * MFSA 2016-50/CVE-2016-2819 (boo#983655) (bmo#1270381)
2f9f2e040647 Firefox 47.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 914
diff changeset
   357
    Buffer overflow parsing HTML5 fragments
2f9f2e040647 Firefox 47.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 914
diff changeset
   358
  * MFSA 2016-51/CVE-2016-2821 (bsc#983653) (bmo#1271460)
2f9f2e040647 Firefox 47.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 914
diff changeset
   359
    Use-after-free deleting tables from a contenteditable document
2f9f2e040647 Firefox 47.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 914
diff changeset
   360
  * MFSA 2016-52/CVE-2016-2822 (boo#983652) (bmo#1273129)
2f9f2e040647 Firefox 47.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 914
diff changeset
   361
    Addressbar spoofing though the SELECT element
2f9f2e040647 Firefox 47.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 914
diff changeset
   362
  * MFSA 2016-53/CVE-2016-2824 (boo#983651) (bmo#1248580)
2f9f2e040647 Firefox 47.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 914
diff changeset
   363
    Out-of-bounds write with WebGL shader
2f9f2e040647 Firefox 47.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 914
diff changeset
   364
  * MFSA 2016-54/CVE-2016-2825 (boo#983649) (bmo#1193093)
2f9f2e040647 Firefox 47.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 914
diff changeset
   365
    Partial same-origin-policy through setting location.host
2f9f2e040647 Firefox 47.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 914
diff changeset
   366
    through data URI
2f9f2e040647 Firefox 47.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 914
diff changeset
   367
  * MFSA 2016-56/CVE-2016-2828 (boo#983646) (bmo#1223810)
2f9f2e040647 Firefox 47.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 914
diff changeset
   368
    Use-after-free when textures are used in WebGL operations
2f9f2e040647 Firefox 47.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 914
diff changeset
   369
    after recycle pool destruction
2f9f2e040647 Firefox 47.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 914
diff changeset
   370
  * MFSA 2016-57/CVE-2016-2829 (boo#983644) (bmo#1248329)
2f9f2e040647 Firefox 47.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 914
diff changeset
   371
    Incorrect icon displayed on permissions notifications
2f9f2e040647 Firefox 47.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 914
diff changeset
   372
  * MFSA 2016-58/CVE-2016-2831 (boo#983643) (bmo#1261933)
2f9f2e040647 Firefox 47.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 914
diff changeset
   373
    Entering fullscreen and persistent pointerlock without user
2f9f2e040647 Firefox 47.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 914
diff changeset
   374
    permission
2f9f2e040647 Firefox 47.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 914
diff changeset
   375
  * MFSA 2016-59/CVE-2016-2832 (boo#983632) (bmo#1025267)
2f9f2e040647 Firefox 47.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 914
diff changeset
   376
    Information disclosure of disabled plugins through CSS
2f9f2e040647 Firefox 47.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 914
diff changeset
   377
    pseudo-classes
2f9f2e040647 Firefox 47.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 914
diff changeset
   378
  * MFSA 2016-60/CVE-2016-2833 (boo#983640) (bmo#908933)
2f9f2e040647 Firefox 47.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 914
diff changeset
   379
    Java applets bypass CSP protections
2f9f2e040647 Firefox 47.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 914
diff changeset
   380
  * MFSA 2016-62/CVE-2016-2834 (boo#983639) (bmo#1206283,
2f9f2e040647 Firefox 47.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 914
diff changeset
   381
    bmo#1221620, bmo#1241034, bmo#1241037)
2f9f2e040647 Firefox 47.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 914
diff changeset
   382
    Network Security Services (NSS) vulnerabilities
2f9f2e040647 Firefox 47.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 914
diff changeset
   383
    fixed by requiring NSS 3.23
2f9f2e040647 Firefox 47.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 914
diff changeset
   384
  packaging changes:
2f9f2e040647 Firefox 47.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 914
diff changeset
   385
  * cleanup configure options (boo#981695):
2f9f2e040647 Firefox 47.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 914
diff changeset
   386
    - notably remove GStreamer support which is gone from FF
2f9f2e040647 Firefox 47.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 914
diff changeset
   387
  * remove obsolete patches
2f9f2e040647 Firefox 47.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 914
diff changeset
   388
    - mozilla-libproxy.patch
2f9f2e040647 Firefox 47.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 914
diff changeset
   389
    - mozilla-repo.patch
2f9f2e040647 Firefox 47.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 914
diff changeset
   390
2f9f2e040647 Firefox 47.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 914
diff changeset
   391
-------------------------------------------------------------------
2f9f2e040647 Firefox 47.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 914
diff changeset
   392
Wed May 25 16:36:23 UTC 2016 - badshah400@gmail.com
2f9f2e040647 Firefox 47.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 914
diff changeset
   393
2f9f2e040647 Firefox 47.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 914
diff changeset
   394
- The conditional testing for gcc was failing for different
2f9f2e040647 Firefox 47.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 914
diff changeset
   395
  openSUSE versions, drop it and apply patches unconditionally.
2f9f2e040647 Firefox 47.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 914
diff changeset
   396
2f9f2e040647 Firefox 47.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 914
diff changeset
   397
-------------------------------------------------------------------
2f9f2e040647 Firefox 47.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 914
diff changeset
   398
Mon May 23 15:30:27 UTC 2016 - badshah400@gmail.com
2f9f2e040647 Firefox 47.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 914
diff changeset
   399
2f9f2e040647 Firefox 47.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 914
diff changeset
   400
- Add patches to fix building with gcc6:
2f9f2e040647 Firefox 47.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 914
diff changeset
   401
  + mozilla-gcc6.patch: fix building with gcc >= 6.1; patch
2f9f2e040647 Firefox 47.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 914
diff changeset
   402
    taken from upstream:
2f9f2e040647 Firefox 47.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 914
diff changeset
   403
    https://hg.mozilla.org/mozilla-central/rev/55212130f19d.
2f9f2e040647 Firefox 47.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 914
diff changeset
   404
  + mozilla-exclude-nametablecpp.patch: Exclude NameTable.cpp
2f9f2e040647 Firefox 47.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 914
diff changeset
   405
    from unified compilation because #include <cmath> in other
2f9f2e040647 Firefox 47.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 914
diff changeset
   406
    source files causes gcc6 compilation failure; patch taken from
2f9f2e040647 Firefox 47.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 914
diff changeset
   407
    upstream:
2f9f2e040647 Firefox 47.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 914
diff changeset
   408
    https://hg.mozilla.org/mozilla-central/rev/9c57b7cacffc.
2f9f2e040647 Firefox 47.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 914
diff changeset
   409
2f9f2e040647 Firefox 47.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 914
diff changeset
   410
-------------------------------------------------------------------
2f9f2e040647 Firefox 47.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 914
diff changeset
   411
Fri May 13 00:00:00 CEST 2016 - dsterba@suse.cz
2f9f2e040647 Firefox 47.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 914
diff changeset
   412
2f9f2e040647 Firefox 47.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 914
diff changeset
   413
- enable build with PIE and full relro on x86_64 (boo#980384)
2f9f2e040647 Firefox 47.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 914
diff changeset
   414
2f9f2e040647 Firefox 47.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 914
diff changeset
   415
-------------------------------------------------------------------
914
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 913
diff changeset
   416
Wed May  4 10:27:43 UTC 2016 - wr@rosenauer.org
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 913
diff changeset
   417
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 913
diff changeset
   418
- update to Firefox 46.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 913
diff changeset
   419
  Fixed:
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 913
diff changeset
   420
  * Search plugin issue for various locales
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 913
diff changeset
   421
  * Add-on signing certificate expiration
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 913
diff changeset
   422
  * Service worker update issue
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 913
diff changeset
   423
  * Build issue when jit is disabled
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 913
diff changeset
   424
  * Limit Sync registration updates
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 913
diff changeset
   425
- removed now obsolete mozilla-jit_branch64.patch
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 913
diff changeset
   426
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 913
diff changeset
   427
-------------------------------------------------------------------
913
9f3ecc7dc9e3 fix PPC64LE
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 909
diff changeset
   428
Tue May  3 15:47:18 UTC 2016 - normand@linux.vnet.ibm.com
9f3ecc7dc9e3 fix PPC64LE
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 909
diff changeset
   429
9f3ecc7dc9e3 fix PPC64LE
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 909
diff changeset
   430
- add mozilla-jit_branch64.patch to avoid PowerPC build failure
9f3ecc7dc9e3 fix PPC64LE
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 909
diff changeset
   431
  (from bmo#1266366)
9f3ecc7dc9e3 fix PPC64LE
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 909
diff changeset
   432
9f3ecc7dc9e3 fix PPC64LE
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 909
diff changeset
   433
-------------------------------------------------------------------
909
c6717354928b Firefox 46.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 908
diff changeset
   434
Wed Apr 27 08:39:28 UTC 2016 - badshah400@gmail.com
c6717354928b Firefox 46.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 908
diff changeset
   435
c6717354928b Firefox 46.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 908
diff changeset
   436
- Update mozilla-gtk3_20.patch for Firefox 46.0 (sync to latest
c6717354928b Firefox 46.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 908
diff changeset
   437
  version from Fedora).
c6717354928b Firefox 46.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 908
diff changeset
   438
c6717354928b Firefox 46.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 908
diff changeset
   439
-------------------------------------------------------------------
c6717354928b Firefox 46.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 908
diff changeset
   440
Wed Apr 27 06:09:30 UTC 2016 - wr@rosenauer.org
c6717354928b Firefox 46.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 908
diff changeset
   441
c6717354928b Firefox 46.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 908
diff changeset
   442
- update to Firefox 46.0 (boo#977333)
c6717354928b Firefox 46.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 908
diff changeset
   443
  * Improved security of the JavaScript Just In Time (JIT) Compiler
c6717354928b Firefox 46.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 908
diff changeset
   444
  * WebRTC fixes to improve performance and stability
c6717354928b Firefox 46.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 908
diff changeset
   445
  * Added support for document.elementsFromPoint
c6717354928b Firefox 46.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 908
diff changeset
   446
  * Added HKDF support for Web Crypto API
c6717354928b Firefox 46.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 908
diff changeset
   447
  * requires NSPR 4.12 and NSS 3.22.3
c6717354928b Firefox 46.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 908
diff changeset
   448
  * added patch to fix unchecked return value
c6717354928b Firefox 46.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 908
diff changeset
   449
    mozilla-check_return.patch
c6717354928b Firefox 46.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 908
diff changeset
   450
  * Gtk3 builds not supported at the moment
c6717354928b Firefox 46.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 908
diff changeset
   451
  security fixes:
c6717354928b Firefox 46.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 908
diff changeset
   452
  * MFSA 2016-39/CVE-2016-2804/CVE-2016-2806/CVE-2016-2807
913
9f3ecc7dc9e3 fix PPC64LE
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 909
diff changeset
   453
    (boo#977373, boo#977375, boo#977376)
909
c6717354928b Firefox 46.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 908
diff changeset
   454
    Miscellaneous memory safety hazards
913
9f3ecc7dc9e3 fix PPC64LE
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 909
diff changeset
   455
  * MFSA 2016-40/CVE-2016-2809 (bmo#1212939, boo#977377)
909
c6717354928b Firefox 46.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 908
diff changeset
   456
    Privilege escalation through file deletion by Maintenance Service updater
c6717354928b Firefox 46.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 908
diff changeset
   457
    (Windows only)
913
9f3ecc7dc9e3 fix PPC64LE
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 909
diff changeset
   458
  * MFSA 2016-41/CVE-2016-2810 (bmo#1229681, boo#977378)
909
c6717354928b Firefox 46.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 908
diff changeset
   459
    Content provider permission bypass allows malicious application
c6717354928b Firefox 46.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 908
diff changeset
   460
    to access data (Android only)
913
9f3ecc7dc9e3 fix PPC64LE
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 909
diff changeset
   461
  * MFSA 2016-42/CVE-2016-2811/CVE-2016-2812
9f3ecc7dc9e3 fix PPC64LE
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 909
diff changeset
   462
    (bmo#1252330, bmo#1261776, boo#977379)
909
c6717354928b Firefox 46.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 908
diff changeset
   463
    Use-after-free and buffer overflow in Service Workers
913
9f3ecc7dc9e3 fix PPC64LE
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 909
diff changeset
   464
  * MFSA 2016-43/CVE-2016-2813 (bmo#1197901, bmo#2714650, boo#977380)
909
c6717354928b Firefox 46.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 908
diff changeset
   465
    Disclosure of user actions through JavaScript with motion and
c6717354928b Firefox 46.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 908
diff changeset
   466
    orientation sensors (only affects mobile variants)
913
9f3ecc7dc9e3 fix PPC64LE
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 909
diff changeset
   467
  * MFSA 2016-44/CVE-2016-2814 (bmo#1254721, boo#977381)
909
c6717354928b Firefox 46.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 908
diff changeset
   468
    Buffer overflow in libstagefright with CENC offsets
913
9f3ecc7dc9e3 fix PPC64LE
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 909
diff changeset
   469
  * MFSA 2016-45/CVE-2016-2816 (bmo#1223743, boo#977382)
909
c6717354928b Firefox 46.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 908
diff changeset
   470
    CSP not applied to pages sent with multipart/x-mixed-replace
913
9f3ecc7dc9e3 fix PPC64LE
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 909
diff changeset
   471
  * MFSA 2016-46/CVE-2016-2817 (bmo#1227462, boo#977384)
909
c6717354928b Firefox 46.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 908
diff changeset
   472
    Elevation of privilege with chrome.tabs.update API in web extensions
913
9f3ecc7dc9e3 fix PPC64LE
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 909
diff changeset
   473
  * MFSA 2016-47/CVE-2016-2808 (bmo#1246061, boo#977386)
909
c6717354928b Firefox 46.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 908
diff changeset
   474
    Write to invalid HashMap entry through JavaScript.watch()
913
9f3ecc7dc9e3 fix PPC64LE
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 909
diff changeset
   475
  * MFSA 2016-48/CVE-2016-2820 (bmo#870870, boo#977388)
909
c6717354928b Firefox 46.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 908
diff changeset
   476
    Firefox Health Reports could accept events from untrusted domains
c6717354928b Firefox 46.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 908
diff changeset
   477
c6717354928b Firefox 46.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 908
diff changeset
   478
-------------------------------------------------------------------
908
b29b47737173 sync from mozilla:Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 907
diff changeset
   479
Thu Apr 21 12:00:28 UTC 2016 - badshah400@gmail.com
b29b47737173 sync from mozilla:Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 907
diff changeset
   480
b29b47737173 sync from mozilla:Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 907
diff changeset
   481
- Update mozilla-gtk3_20.patch to fix scrollbar appearance under
b29b47737173 sync from mozilla:Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 907
diff changeset
   482
  gtk >= 3.20 (patch synced to Fedora's version).
b29b47737173 sync from mozilla:Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 907
diff changeset
   483
b29b47737173 sync from mozilla:Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 907
diff changeset
   484
-------------------------------------------------------------------
907
3ccb278a9ceb prepare gtk3
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 906
diff changeset
   485
Tue Apr 12 19:11:30 UTC 2016 - badshah400@gmail.com
3ccb278a9ceb prepare gtk3
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 906
diff changeset
   486
3ccb278a9ceb prepare gtk3
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 906
diff changeset
   487
- Compile against gtk3 depending on whether the macro
3ccb278a9ceb prepare gtk3
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 906
diff changeset
   488
  %firefox_use_gtk3 is defined or not (e.g., at the prjconf
3ccb278a9ceb prepare gtk3
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 906
diff changeset
   489
  level); macro is undefined by default and so gtk2 is used as the
3ccb278a9ceb prepare gtk3
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 906
diff changeset
   490
  default toolkit.
3ccb278a9ceb prepare gtk3
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 906
diff changeset
   491
- Add BuildRequires for additional packages needed when building
3ccb278a9ceb prepare gtk3
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 906
diff changeset
   492
  against gtk3: pkgconfig(glib-2.0), pkgconfig(gobject-2.0),
3ccb278a9ceb prepare gtk3
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 906
diff changeset
   493
  pkgconfig(gtk+-3.0) >= 3.4.0, pkgconfig(gtk+-unix-print-3.0).
3ccb278a9ceb prepare gtk3
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 906
diff changeset
   494
- Add firefox-gtk3_20.patch to fix appearance with gtk3 >= 3.20;
3ccb278a9ceb prepare gtk3
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 906
diff changeset
   495
  patch taken from Fedora (bmo#1230955).
3ccb278a9ceb prepare gtk3
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 906
diff changeset
   496
3ccb278a9ceb prepare gtk3
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 906
diff changeset
   497
-------------------------------------------------------------------
906
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 904
diff changeset
   498
Mon Apr 11 22:49:24 UTC 2016 - astieger@suse.com
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 904
diff changeset
   499
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 904
diff changeset
   500
- Mozilla Firefox 45.0.2:
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 904
diff changeset
   501
  * Fix an issue impacting the cookie header when third-party
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 904
diff changeset
   502
    cookies are blocked (bmo#1257861)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 904
diff changeset
   503
  * Fix a web compatibility regression impacting the srcset
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 904
diff changeset
   504
    attribute of the image tag (bmo#1259482)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 904
diff changeset
   505
  * Fix a crash impacting the video playback with Media Source
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 904
diff changeset
   506
    Extension (bmo#1258562)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 904
diff changeset
   507
  * Fix a regression impacting some specific uploads (bmo#1255735)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 904
diff changeset
   508
  * Fix a regression with the copy and paste with some old versions
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 904
diff changeset
   509
    of some Gecko applications like Thunderbird (bmo#1254980)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 904
diff changeset
   510
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 904
diff changeset
   511
-------------------------------------------------------------------
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 904
diff changeset
   512
Fri Mar 18 08:52:58 UTC 2016 - astieger@suse.com
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 904
diff changeset
   513
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 904
diff changeset
   514
- Mozilla Firefox 45.0.1:
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 904
diff changeset
   515
  * Fix a regression causing search engine settings to be lost in
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 904
diff changeset
   516
    some context (bmo#1254694)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 904
diff changeset
   517
  * Bring back non-standard jar: URIs to fix a regression in IBM
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 904
diff changeset
   518
    iNotes (bmo#1255139)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 904
diff changeset
   519
  * XSLTProcessor.importStylesheet was failing when <import> was
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 904
diff changeset
   520
    used (bmo#1249572)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 904
diff changeset
   521
  * Fix an issue which could cause the list of search provider to
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 904
diff changeset
   522
    be empty (bmo#1255605)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 904
diff changeset
   523
  * Fix a regression when using the location bar (bmo#1254503)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 904
diff changeset
   524
  * Fix some loading issues when Accept third-party cookies: was
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 904
diff changeset
   525
    set to Never (bmo#1254856)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 904
diff changeset
   526
  * Disabled Graphite font shaping library
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 904
diff changeset
   527
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 904
diff changeset
   528
-------------------------------------------------------------------
904
6a889427cd4f 45.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 903
diff changeset
   529
Sun Mar  6 19:52:13 UTC 2016 - wr@rosenauer.org
6a889427cd4f 45.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 903
diff changeset
   530
906
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 904
diff changeset
   531
- update to Firefox 45.0 (boo#969894)
904
6a889427cd4f 45.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 903
diff changeset
   532
  * requires NSPR 4.12 / NSS 3.21.1
6a889427cd4f 45.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 903
diff changeset
   533
  * Instant browser tab sharing through Hello
6a889427cd4f 45.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 903
diff changeset
   534
  * Synced Tabs button in button bar
6a889427cd4f 45.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 903
diff changeset
   535
  * Tabs synced via Firefox Accounts from other devices are now shown
6a889427cd4f 45.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 903
diff changeset
   536
    in dropdown area of Awesome Bar when searching
6a889427cd4f 45.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 903
diff changeset
   537
  * Introduce a new preference (network.dns.blockDotOnion) to allow
6a889427cd4f 45.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 903
diff changeset
   538
    blocking .onion at the DNS level
6a889427cd4f 45.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 903
diff changeset
   539
  * Tab Groups (Panorama) feature removed
906
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 904
diff changeset
   540
  * MFSA 2016-16/CVE-2016-1952/CVE-2016-1953
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 904
diff changeset
   541
    Miscellaneous memory safety hazards
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 904
diff changeset
   542
  * MFSA 2016-17/CVE-2016-1954 (bmo#1243178)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 904
diff changeset
   543
    Local file overwriting and potential privilege escalation through
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 904
diff changeset
   544
    CSP reports
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 904
diff changeset
   545
  * MFSA 2016-18/CVE-2016-1955 (bmo#1208946)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 904
diff changeset
   546
    CSP reports fail to strip location information for embedded iframe pages
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 904
diff changeset
   547
  * MFSA 2016-19/CVE-2016-1956 (bmo#1199923)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 904
diff changeset
   548
    Linux video memory DOS with Intel drivers
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 904
diff changeset
   549
  * MFSA 2016-20/CVE-2016-1957 (bmo#1227052)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 904
diff changeset
   550
    Memory leak in libstagefright when deleting an array during MP4
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 904
diff changeset
   551
    processing
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 904
diff changeset
   552
  * MFSA 2016-21/CVE-2016-1958 (bmo#1228754)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 904
diff changeset
   553
    Displayed page address can be overridden
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 904
diff changeset
   554
  * MFSA 2016-22/CVE-2016-1959 (bmo#1234949)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 904
diff changeset
   555
    Service Worker Manager out-of-bounds read in Service Worker Manager
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 904
diff changeset
   556
  * MFSA 2016-23/CVE-2016-1960/ZDI-CAN-3545 (bmo#1246014)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 904
diff changeset
   557
    Use-after-free in HTML5 string parser
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 904
diff changeset
   558
  * MFSA 2016-24/CVE-2016-1961/ZDI-CAN-3574 (bmo#1249377)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 904
diff changeset
   559
    Use-after-free in SetBody
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 904
diff changeset
   560
  * MFSA 2016-25/CVE-2016-1962 (bmo#1240760)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 904
diff changeset
   561
    Use-after-free when using multiple WebRTC data channels
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 904
diff changeset
   562
  * MFSA 2016-26/CVE-2016-1963 (bmo#1238440)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 904
diff changeset
   563
    Memory corruption when modifying a file being read by FileReader
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 904
diff changeset
   564
  * MFSA 2016-27/CVE-2016-1964 (bmo#1243335)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 904
diff changeset
   565
    Use-after-free during XML transformations
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 904
diff changeset
   566
  * MFSA 2016-28/CVE-2016-1965 (bmo#1245264)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 904
diff changeset
   567
    Addressbar spoofing though history navigation and Location protocol
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 904
diff changeset
   568
    property
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 904
diff changeset
   569
  * MFSA 2016-29/CVE-2016-1967 (bmo#1246956)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 904
diff changeset
   570
    Same-origin policy violation using perfomance.getEntries and
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 904
diff changeset
   571
    history navigation with session restore
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 904
diff changeset
   572
  * MFSA 2016-30/CVE-2016-1968 (bmo#1246742)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 904
diff changeset
   573
    Buffer overflow in Brotli decompression
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 904
diff changeset
   574
  * MFSA 2016-31/CVE-2016-1966 (bmo#1246054)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 904
diff changeset
   575
    Memory corruption with malicious NPAPI plugin
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 904
diff changeset
   576
  * MFSA 2016-32/CVE-2016-1970/CVE-2016-1971/CVE-2016-1975/
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 904
diff changeset
   577
    CVE-2016-1976/CVE-2016-1972
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 904
diff changeset
   578
    WebRTC and LibVPX vulnerabilities found through code inspection
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 904
diff changeset
   579
  * MFSA 2016-33/CVE-2016-1973 (bmo#1219339)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 904
diff changeset
   580
    Use-after-free in GetStaticInstance in WebRTC
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 904
diff changeset
   581
  * MFSA 2016-34/CVE-2016-1974 (bmo#1228103)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 904
diff changeset
   582
    Out-of-bounds read in HTML parser following a failed allocation
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 904
diff changeset
   583
  * MFSA 2016-35/CVE-2016-1950 (bmo#1245528)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 904
diff changeset
   584
    Buffer overflow during ASN.1 decoding in NSS
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 904
diff changeset
   585
    (fixed by requiring 3.21.1)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 904
diff changeset
   586
  * MFSA 2016-36/CVE-2016-1979 (bmo#1185033)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 904
diff changeset
   587
    Use-after-free during processing of DER encoded keys in NSS
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 904
diff changeset
   588
    (fixed by requiring 3.21.1)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 904
diff changeset
   589
  * MFSA 2016-37/CVE-2016-1977/CVE-2016-2790/CVE-2016-2791/
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 904
diff changeset
   590
    CVE-2016-2792/CVE-2016-2793/CVE-2016-2794/CVE-2016-2795/
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 904
diff changeset
   591
    CVE-2016-2796/CVE-2016-2797/CVE-2016-2798/CVE-2016-2799/
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 904
diff changeset
   592
    CVE-2016-2800/CVE-2016-2801/CVE-2016-2802
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 904
diff changeset
   593
    Font vulnerabilities in the Graphite 2 library
904
6a889427cd4f 45.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 903
diff changeset
   594
6a889427cd4f 45.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 903
diff changeset
   595
-------------------------------------------------------------------
6a889427cd4f 45.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 903
diff changeset
   596
Sat Mar  5 15:27:00 UTC 2016 - olaf@aepfle.de
6a889427cd4f 45.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 903
diff changeset
   597
6a889427cd4f 45.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 903
diff changeset
   598
- Remove B_CNT from symbols.zip filename to reduce build-compare noise
6a889427cd4f 45.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 903
diff changeset
   599
6a889427cd4f 45.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 903
diff changeset
   600
-------------------------------------------------------------------
903
83801946c93f 44.0.2 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 902
diff changeset
   601
Fri Feb 26 16:22:52 UTC 2016 - astieger@suse.com
83801946c93f 44.0.2 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 902
diff changeset
   602
83801946c93f 44.0.2 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 902
diff changeset
   603
- fix build problems on i586, caused by too large unified compile
83801946c93f 44.0.2 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 902
diff changeset
   604
  units - adding mozilla-reduce-files-per-UnifiedBindings.patch
83801946c93f 44.0.2 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 902
diff changeset
   605
83801946c93f 44.0.2 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 902
diff changeset
   606
-------------------------------------------------------------------
83801946c93f 44.0.2 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 902
diff changeset
   607
Thu Feb 11 07:51:34 UTC 2016 - wr@rosenauer.org
83801946c93f 44.0.2 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 902
diff changeset
   608
83801946c93f 44.0.2 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 902
diff changeset
   609
- update to Firefox 44.0.2
83801946c93f 44.0.2 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 902
diff changeset
   610
  * MFSA 2016-13/CVE-2016-1949 (bmo#1245724, boo#966438)
83801946c93f 44.0.2 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 902
diff changeset
   611
    Same-origin-policy violation using Service Workers with plugins
83801946c93f 44.0.2 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 902
diff changeset
   612
  * Fix issue which could lead to the removal of stored passwords
83801946c93f 44.0.2 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 902
diff changeset
   613
    under certain circumstances (bmo#1242176)
83801946c93f 44.0.2 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 902
diff changeset
   614
  * Allows spaces in cookie names (bmo#1244505)
83801946c93f 44.0.2 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 902
diff changeset
   615
  * Disable opus/vorbis audio with H.264 (bmo#1245696)
83801946c93f 44.0.2 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 902
diff changeset
   616
  * Fix for graphics startup crash (GNU/Linux) (bmo#1222171)
83801946c93f 44.0.2 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 902
diff changeset
   617
  * Fix a crash in cache networking (bmo#1244076)
83801946c93f 44.0.2 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 902
diff changeset
   618
  * Fix using WebSockets in service worker controlled pages (bmo#1243942)
83801946c93f 44.0.2 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 902
diff changeset
   619
83801946c93f 44.0.2 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 902
diff changeset
   620
-------------------------------------------------------------------
908
b29b47737173 sync from mozilla:Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 907
diff changeset
   621
Sat Jan 30 08:28:17 UTC 2016 - dmueller@suse.com
b29b47737173 sync from mozilla:Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 907
diff changeset
   622
b29b47737173 sync from mozilla:Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 907
diff changeset
   623
- build fixes for arm/aarch64:
b29b47737173 sync from mozilla:Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 907
diff changeset
   624
  * disable webrtc for arm/aarch64
b29b47737173 sync from mozilla:Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 907
diff changeset
   625
  * switch away from openGL-ES backend to default for arm/aarch64
b29b47737173 sync from mozilla:Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 907
diff changeset
   626
   since it almost never builds
b29b47737173 sync from mozilla:Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 907
diff changeset
   627
  * reenable neon
b29b47737173 sync from mozilla:Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 907
diff changeset
   628
- reenable webrtc for powerpc as it seems to build
b29b47737173 sync from mozilla:Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 907
diff changeset
   629
b29b47737173 sync from mozilla:Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 907
diff changeset
   630
-------------------------------------------------------------------
900
91466ca5c8d9 latest merge from firefox43
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 899 897
diff changeset
   631
Sun Jan 24 09:33:15 UTC 2016 - wr@rosenauer.org
91466ca5c8d9 latest merge from firefox43
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 899 897
diff changeset
   632
902
11475705ab0f 44.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 900
diff changeset
   633
- update to Firefox 44.0
11475705ab0f 44.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 900
diff changeset
   634
  * MFSA 2016-01/CVE-2016-1930/CVE-2016-1931 boo#963633
11475705ab0f 44.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 900
diff changeset
   635
    Miscellaneous memory safety hazards
11475705ab0f 44.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 900
diff changeset
   636
  * MFSA 2016-02/CVE-2016-1933 (bmo#1231761) boo#963634
11475705ab0f 44.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 900
diff changeset
   637
    Out of Memory crash when parsing GIF format images
11475705ab0f 44.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 900
diff changeset
   638
  * MFSA 2016-03/CVE-2016-1935 (bmo#1220450) boo#963635
11475705ab0f 44.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 900
diff changeset
   639
    Buffer overflow in WebGL after out of memory allocation
11475705ab0f 44.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 900
diff changeset
   640
  * MFSA 2016-04/CVE-2015-7208/CVE-2016-1939 (bmo#1191423, bmo#1233784) boo#963637
11475705ab0f 44.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 900
diff changeset
   641
    Firefox allows for control characters to be set in cookie names
11475705ab0f 44.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 900
diff changeset
   642
  * MFSA 2016-06/CVE-2016-1937 (bmo#724353) boo#963641
11475705ab0f 44.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 900
diff changeset
   643
    Missing delay following user click events in protocol handler dialog
11475705ab0f 44.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 900
diff changeset
   644
  * MFSA 2016-07/CVE-2016-1938 (bmo#1190248) boo#963731
11475705ab0f 44.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 900
diff changeset
   645
    Errors in mp_div and mp_exptmod cryptographic functions in NSS
11475705ab0f 44.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 900
diff changeset
   646
    (fixed by requiring NSS 3.21)
11475705ab0f 44.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 900
diff changeset
   647
  * MFSA 2016-09/CVE-2016-1942/CVE-2016-1943 (bmo#1189082, bmo#1228590)
11475705ab0f 44.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 900
diff changeset
   648
    Addressbar spoofing attacks boo#963643
11475705ab0f 44.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 900
diff changeset
   649
  * MFSA 2016-10/CVE-2016-1944/CVE-2016-1945/CVE-2016-1946
11475705ab0f 44.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 900
diff changeset
   650
    (bmo#1186621, bmo#1214782, bmo#1232096) boo#963644
11475705ab0f 44.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 900
diff changeset
   651
    Unsafe memory manipulation found through code inspection
11475705ab0f 44.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 900
diff changeset
   652
  * MFSA 2016-11/CVE-2016-1947 (bmo#1237103) boo#963645
11475705ab0f 44.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 900
diff changeset
   653
    Application Reputation service disabled in Firefox 43
899
44a28160de40 prepare 44.0b9
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 896
diff changeset
   654
  * requires NSPR 4.11
44a28160de40 prepare 44.0b9
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 896
diff changeset
   655
  * requires NSS 3.21
896
2b664b26b6b2 change was after submission
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 895
diff changeset
   656
- prepare mozilla-kde.patch for Gtk3 builds
899
44a28160de40 prepare 44.0b9
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 896
diff changeset
   657
- rebased patches
896
2b664b26b6b2 change was after submission
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 895
diff changeset
   658
2b664b26b6b2 change was after submission
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 895
diff changeset
   659
-------------------------------------------------------------------
897
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 896
diff changeset
   660
Mon Jan 11 08:04:24 UTC 2016 - astieger@suse.com
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 896
diff changeset
   661
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 896
diff changeset
   662
- Mozilla Firefox 43.0.4:
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 896
diff changeset
   663
  * Re-enable SHA-1 certificates to prevent outdated
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 896
diff changeset
   664
    man-in-the-middle security devices from interfering with
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 896
diff changeset
   665
    properly secured SSL/TLS connections (bmo#1236975)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 896
diff changeset
   666
  * Fix for startup crash for users of a third party antivirus tool
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 896
diff changeset
   667
    (bmo#1235537)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 896
diff changeset
   668
- The following change was previously in the package as a patch:
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 896
diff changeset
   669
  * Multi-user GNU/Linux download folders can be created
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 896
diff changeset
   670
   (bmo#1233434), removed mozilla-bmo1233434.patch
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 896
diff changeset
   671
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 896
diff changeset
   672
-------------------------------------------------------------------
895
b0e57b478b1b merge change from mozilla:Factory (libXcomposite-devel requirement)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 894
diff changeset
   673
Tue Dec 29 20:29:35 UTC 2015 - wr@rosenauer.org
892
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 890
diff changeset
   674
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 890
diff changeset
   675
- update to Firefox 43.0.3
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 890
diff changeset
   676
  * requires NSS 3.20.2 to fix
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 890
diff changeset
   677
    MFSA 2015-150/CVE-2015-7575 (bmo#1158489)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 890
diff changeset
   678
    MD5 signatures accepted within TLS 1.2 ServerKeyExchange in
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 890
diff changeset
   679
    server signature
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 890
diff changeset
   680
  * various changes to support Windows update (SHA-1 vs. SHA-2)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 890
diff changeset
   681
  * workaround Youtube user agent detection issue (bmo#1233970)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 890
diff changeset
   682
- fix file download regression for multi user systems
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 890
diff changeset
   683
  (bmo#1233434) (mozilla-bmo1233434.patch)
895
b0e57b478b1b merge change from mozilla:Factory (libXcomposite-devel requirement)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 894
diff changeset
   684
- explicitely requires libXcomposite-devel
892
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 890
diff changeset
   685
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 890
diff changeset
   686
-------------------------------------------------------------------
890
4ba0eb6a14ca 43.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 889
diff changeset
   687
Sun Dec 13 23:07:56 UTC 2015 - wr@rosenauer.org
4ba0eb6a14ca 43.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 889
diff changeset
   688
4ba0eb6a14ca 43.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 889
diff changeset
   689
- update to Firefox 43.0 (bnc#959277)
889
de3a92aed259 43.0b9 build
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 886
diff changeset
   690
  * Improved API support for m4v video playback
de3a92aed259 43.0b9 build
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 886
diff changeset
   691
  * Users can opt-in to receive search suggestions from the Awesome Bar
de3a92aed259 43.0b9 build
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 886
diff changeset
   692
  * WebRTC streaming on multiple monitors
de3a92aed259 43.0b9 build
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 886
diff changeset
   693
  * User selectable second block list for Private Browsing's Tracking
de3a92aed259 43.0b9 build
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 886
diff changeset
   694
    Protection
890
4ba0eb6a14ca 43.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 889
diff changeset
   695
  security fixes:
4ba0eb6a14ca 43.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 889
diff changeset
   696
  * MFSA 2015-134/CVE-2015-7201/CVE-2015-7202
4ba0eb6a14ca 43.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 889
diff changeset
   697
    Miscellaneous memory safety hazards
4ba0eb6a14ca 43.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 889
diff changeset
   698
  * MFSA 2015-135/CVE-2015-7204 (bmo#1216130)
4ba0eb6a14ca 43.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 889
diff changeset
   699
    Crash with JavaScript variable assignment with unboxed objects
4ba0eb6a14ca 43.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 889
diff changeset
   700
  * MFSA 2015-136/CVE-2015-7207 (bmo#1185256)
4ba0eb6a14ca 43.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 889
diff changeset
   701
    Same-origin policy violation using perfomance.getEntries and
4ba0eb6a14ca 43.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 889
diff changeset
   702
    history navigation
4ba0eb6a14ca 43.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 889
diff changeset
   703
  * MFSA 2015-137/CVE-2015-7208 (bmo#1191423)
4ba0eb6a14ca 43.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 889
diff changeset
   704
    Firefox allows for control characters to be set in cookies
4ba0eb6a14ca 43.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 889
diff changeset
   705
  * MFSA 2015-138/CVE-2015-7210 (bmo#1218326)
4ba0eb6a14ca 43.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 889
diff changeset
   706
    Use-after-free in WebRTC when datachannel is used after being
4ba0eb6a14ca 43.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 889
diff changeset
   707
    destroyed
4ba0eb6a14ca 43.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 889
diff changeset
   708
  * MFSA 2015-139/CVE-2015-7212 (bmo#1222809)
4ba0eb6a14ca 43.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 889
diff changeset
   709
    Integer overflow allocating extremely large textures
4ba0eb6a14ca 43.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 889
diff changeset
   710
  * MFSA 2015-140/CVE-2015-7215 (bmo#1160890)
4ba0eb6a14ca 43.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 889
diff changeset
   711
    Cross-origin information leak through web workers error events
4ba0eb6a14ca 43.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 889
diff changeset
   712
  * MFSA 2015-141/CVE-2015-7211 (bmo#1221444)
4ba0eb6a14ca 43.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 889
diff changeset
   713
    Hash in data URI is incorrectly parsed
4ba0eb6a14ca 43.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 889
diff changeset
   714
  * MFSA 2015-142/CVE-2015-7218/CVE-2015-7219 (bmo#1194818, bmo#1194820)
4ba0eb6a14ca 43.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 889
diff changeset
   715
    DOS due to malformed frames in HTTP/2
4ba0eb6a14ca 43.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 889
diff changeset
   716
  * MFSA 2015-143/CVE-2015-7216/CVE-2015-7217 (bmo#1197059, bmo#1203078)
4ba0eb6a14ca 43.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 889
diff changeset
   717
    Linux file chooser crashes on malformed images due to flaws in
4ba0eb6a14ca 43.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 889
diff changeset
   718
    Jasper library
4ba0eb6a14ca 43.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 889
diff changeset
   719
  * MFSA 2015-144/CVE-2015-7203/CVE-2015-7220/CVE-2015-7221
4ba0eb6a14ca 43.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 889
diff changeset
   720
    (bmo#1201183, bmo#1178033, bmo#1199400)
4ba0eb6a14ca 43.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 889
diff changeset
   721
    Buffer overflows found through code inspection
4ba0eb6a14ca 43.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 889
diff changeset
   722
  * MFSA 2015-145/CVE-2015-7205 (bmo#1220493)
4ba0eb6a14ca 43.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 889
diff changeset
   723
    Underflow through code inspection
4ba0eb6a14ca 43.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 889
diff changeset
   724
  * MFSA 2015-146/CVE-2015-7213 (bmo#1206211)
4ba0eb6a14ca 43.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 889
diff changeset
   725
    Integer overflow in MP4 playback in 64-bit versions
4ba0eb6a14ca 43.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 889
diff changeset
   726
  * MFSA 2015-147/CVE-2015-7222 (bmo#1216748)
4ba0eb6a14ca 43.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 889
diff changeset
   727
    Integer underflow and buffer overflow processing MP4 metadata in
4ba0eb6a14ca 43.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 889
diff changeset
   728
    libstagefright
4ba0eb6a14ca 43.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 889
diff changeset
   729
  * MFSA 2015-148/CVE-2015-7223 (bmo#1226423)
4ba0eb6a14ca 43.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 889
diff changeset
   730
    Privilege escalation vulnerabilities in WebExtension APIs
4ba0eb6a14ca 43.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 889
diff changeset
   731
  * MFSA 2015-149/CVE-2015-7214 (bmo#1228950)
4ba0eb6a14ca 43.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 889
diff changeset
   732
    Cross-site reading attack through data and view-source URIs
889
de3a92aed259 43.0b9 build
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 886
diff changeset
   733
- rebased patches
de3a92aed259 43.0b9 build
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 886
diff changeset
   734
de3a92aed259 43.0b9 build
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 886
diff changeset
   735
-------------------------------------------------------------------
886
2e9f984bca7f changelogs and desktop file changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 885
diff changeset
   736
Sun Nov 15 19:52:20 UTC 2015 - wr@rosenauer.org
2e9f984bca7f changelogs and desktop file changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 885
diff changeset
   737
2e9f984bca7f changelogs and desktop file changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 885
diff changeset
   738
- Add desktop menu action for private browsing window to desktop
2e9f984bca7f changelogs and desktop file changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 885
diff changeset
   739
  file (boo#954747)
2e9f984bca7f changelogs and desktop file changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 885
diff changeset
   740
- remove obsolete patch mozilla-bmo1005535.patch completely from
2e9f984bca7f changelogs and desktop file changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 885
diff changeset
   741
  source package to avoid automatic check failures
2e9f984bca7f changelogs and desktop file changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 885
diff changeset
   742
2e9f984bca7f changelogs and desktop file changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 885
diff changeset
   743
-------------------------------------------------------------------
885
ee3c462047d5 42 beta cycle
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 884
diff changeset
   744
Sat Oct 31 19:50:03 UTC 2015 - wr@rosenauer.org
ee3c462047d5 42 beta cycle
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 884
diff changeset
   745
ee3c462047d5 42 beta cycle
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 884
diff changeset
   746
- update to Firefox 42.0 (bnc#952810)
ee3c462047d5 42 beta cycle
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 884
diff changeset
   747
  * Private Browsing with Tracking Protection blocks certain Web
ee3c462047d5 42 beta cycle
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 884
diff changeset
   748
    elements that could be used to record your behavior across sites
ee3c462047d5 42 beta cycle
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 884
diff changeset
   749
  * Control Center that contains site security and privacy controls
ee3c462047d5 42 beta cycle
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 884
diff changeset
   750
  * Login Manager improvements
ee3c462047d5 42 beta cycle
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 884
diff changeset
   751
  * WebRTC improvements
ee3c462047d5 42 beta cycle
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 884
diff changeset
   752
  * Indicator added to tabs that play audio with one-click muting
ee3c462047d5 42 beta cycle
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 884
diff changeset
   753
  * Media Source Extension for HTML5 video available for all sites
886
2e9f984bca7f changelogs and desktop file changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 885
diff changeset
   754
  security fixes:
2e9f984bca7f changelogs and desktop file changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 885
diff changeset
   755
  * MFSA 2015-116/CVE-2015-4513/CVE-2015-4514
2e9f984bca7f changelogs and desktop file changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 885
diff changeset
   756
    Miscellaneous memory safety hazards
2e9f984bca7f changelogs and desktop file changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 885
diff changeset
   757
  * MFSA 2015-117/CVE-2015-4515 (bmo#1046421)
2e9f984bca7f changelogs and desktop file changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 885
diff changeset
   758
    Information disclosure through NTLM authentication
2e9f984bca7f changelogs and desktop file changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 885
diff changeset
   759
  * MFSA 2015-118/CVE-2015-4518 (bmo#1182778, bmo#1136692)
2e9f984bca7f changelogs and desktop file changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 885
diff changeset
   760
    CSP bypass due to permissive Reader mode whitelist
2e9f984bca7f changelogs and desktop file changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 885
diff changeset
   761
  * MFSA 2015-119/CVE-2015-7185 (bmo#1149000) (Android only)
2e9f984bca7f changelogs and desktop file changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 885
diff changeset
   762
    Firefox for Android addressbar can be removed after fullscreen mode
2e9f984bca7f changelogs and desktop file changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 885
diff changeset
   763
  * MFSA 2015-120/CVE-2015-7186 (bmo#1193027) (Android only)
2e9f984bca7f changelogs and desktop file changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 885
diff changeset
   764
    Reading sensitive profile files through local HTML file on Android
2e9f984bca7f changelogs and desktop file changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 885
diff changeset
   765
  * MFSA 2015-121/CVE-2015-7187 (bmo#1195735)
2e9f984bca7f changelogs and desktop file changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 885
diff changeset
   766
    disabling scripts in Add-on SDK panels has no effect
2e9f984bca7f changelogs and desktop file changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 885
diff changeset
   767
  * MFSA 2015-122/CVE-2015-7188 (bmo#1199430)
2e9f984bca7f changelogs and desktop file changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 885
diff changeset
   768
    Trailing whitespace in IP address hostnames can bypass same-origin policy
2e9f984bca7f changelogs and desktop file changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 885
diff changeset
   769
  * MFSA 2015-123/CVE-2015-7189 (bmo#1205900)
2e9f984bca7f changelogs and desktop file changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 885
diff changeset
   770
    Buffer overflow during image interactions in canvas
2e9f984bca7f changelogs and desktop file changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 885
diff changeset
   771
  * MFSA 2015-124/CVE-2015-7190 (bmo#1208520) (Android only)
2e9f984bca7f changelogs and desktop file changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 885
diff changeset
   772
    Android intents can be used on Firefox for Android to open privileged files
2e9f984bca7f changelogs and desktop file changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 885
diff changeset
   773
  * MFSA 2015-125/CVE-2015-7191 (bmo#1208956) (Android only)
2e9f984bca7f changelogs and desktop file changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 885
diff changeset
   774
    XSS attack through intents on Firefox for Android
2e9f984bca7f changelogs and desktop file changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 885
diff changeset
   775
  * MFSA 2015-126/CVE-2015-7192 (bmo#1210023) (OS X only)
2e9f984bca7f changelogs and desktop file changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 885
diff changeset
   776
    Crash when accessing HTML tables with accessibility tools on OS X
2e9f984bca7f changelogs and desktop file changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 885
diff changeset
   777
  * MFSA 2015-127/CVE-2015-7193 (bmo#1210302)
2e9f984bca7f changelogs and desktop file changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 885
diff changeset
   778
    CORS preflight is bypassed when non-standard Content-Type headers
2e9f984bca7f changelogs and desktop file changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 885
diff changeset
   779
    are received
2e9f984bca7f changelogs and desktop file changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 885
diff changeset
   780
  * MFSA 2015-128/CVE-2015-7194 (bmo#1211262)
2e9f984bca7f changelogs and desktop file changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 885
diff changeset
   781
    Memory corruption in libjar through zip files
2e9f984bca7f changelogs and desktop file changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 885
diff changeset
   782
  * MFSA 2015-129/CVE-2015-7195 (bmo#1211871)
2e9f984bca7f changelogs and desktop file changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 885
diff changeset
   783
    Certain escaped characters in host of Location-header are being
2e9f984bca7f changelogs and desktop file changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 885
diff changeset
   784
    treated as non-escaped
2e9f984bca7f changelogs and desktop file changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 885
diff changeset
   785
  * MFSA 2015-130/CVE-2015-7196 (bmo#1140616)
2e9f984bca7f changelogs and desktop file changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 885
diff changeset
   786
    JavaScript garbage collection crash with Java applet
2e9f984bca7f changelogs and desktop file changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 885
diff changeset
   787
  * MFSA 2015-131/CVE-2015-7198/CVE-2015-7199/CVE-2015-7200
2e9f984bca7f changelogs and desktop file changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 885
diff changeset
   788
    (bmo#1188010, bmo#1204061, bmo#1204155)
2e9f984bca7f changelogs and desktop file changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 885
diff changeset
   789
    Vulnerabilities found through code inspection
2e9f984bca7f changelogs and desktop file changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 885
diff changeset
   790
  * MFSA 2015-132/CVE-2015-7197 (bmo#1204269)
2e9f984bca7f changelogs and desktop file changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 885
diff changeset
   791
    Mixed content WebSocket policy bypass through workers
2e9f984bca7f changelogs and desktop file changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 885
diff changeset
   792
  * MFSA 2015-133/CVE-2015-7181/CVE-2015-7182/CVE-2015-7183
2e9f984bca7f changelogs and desktop file changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 885
diff changeset
   793
    (bmo#1202868, bmo#1205157)
2e9f984bca7f changelogs and desktop file changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 885
diff changeset
   794
    NSS and NSPR memory corruption issues
2e9f984bca7f changelogs and desktop file changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 885
diff changeset
   795
    (fixed in mozilla-nspr and mozilla-nss packages)
2e9f984bca7f changelogs and desktop file changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 885
diff changeset
   796
- requires NSPR >= 4.10.10 and NSS >= 3.19.4
885
ee3c462047d5 42 beta cycle
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 884
diff changeset
   797
- removed obsolete patches
ee3c462047d5 42 beta cycle
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 884
diff changeset
   798
  * mozilla-arm-disable-edsp.patch
ee3c462047d5 42 beta cycle
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 884
diff changeset
   799
  * mozilla-icu-strncat.patch
ee3c462047d5 42 beta cycle
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 884
diff changeset
   800
  * mozilla-skia-be-le.patch
ee3c462047d5 42 beta cycle
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 884
diff changeset
   801
  * toolkit-download-folder.patch
ee3c462047d5 42 beta cycle
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 884
diff changeset
   802
- fixed build with enable-libproxy (bmo#1220399)
ee3c462047d5 42 beta cycle
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 884
diff changeset
   803
  * mozilla-libproxy.patch
ee3c462047d5 42 beta cycle
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 884
diff changeset
   804
ee3c462047d5 42 beta cycle
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 884
diff changeset
   805
-------------------------------------------------------------------
884
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 883
diff changeset
   806
Thu Oct 15 08:25:54 UTC 2015 - wr@rosenauer.org
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 883
diff changeset
   807
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 883
diff changeset
   808
- update to Firefox 41.0.2 (bnc#950686)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 883
diff changeset
   809
  * MFSA 2015-115/CVE-2015-7184 (bmo#1208339, bmo#1212669)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 883
diff changeset
   810
    Cross-origin restriction bypass using Fetch
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 883
diff changeset
   811
- added explicit appdata provides (bnc#949983)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 883
diff changeset
   812
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 883
diff changeset
   813
-------------------------------------------------------------------
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 883
diff changeset
   814
Sun Oct  4 09:20:56 UTC 2015 - wr@rosenauer.org
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 883
diff changeset
   815
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 883
diff changeset
   816
- do not build with --enable-stdcxx-compat
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 883
diff changeset
   817
  (this starts to fail build on various toolchain combinations
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 883
diff changeset
   818
  and is not required for openSUSE builds in general
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 883
diff changeset
   819
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 883
diff changeset
   820
-------------------------------------------------------------------
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 883
diff changeset
   821
Thu Oct  1 09:49:57 UTC 2015 - wr@rosenauer.org
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 883
diff changeset
   822
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 883
diff changeset
   823
- update to Firefox 41.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 883
diff changeset
   824
  * Fix a startup crash related to Yandex toolbar and Adblock Plus
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 883
diff changeset
   825
    (bmo#1209124)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 883
diff changeset
   826
  * Fix potential hangs with Flash plugins (bmo#1185639)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 883
diff changeset
   827
  * Fix a regression in the bookmark creation (bmo#1206376)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 883
diff changeset
   828
  * Fix a startup crash with some Intel Media Accelerator 3150
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 883
diff changeset
   829
    graphic cards (bmo#1207665)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 883
diff changeset
   830
  * Fix a graphic crash, occurring occasionally on Facebook (bmo#1178601)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 883
diff changeset
   831
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 883
diff changeset
   832
-------------------------------------------------------------------
883
7aa7715fdc8f 41.0 release and changelogs
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 882
diff changeset
   833
Sat Sep 19 20:23:29 UTC 2015 - wr@rosenauer.org
7aa7715fdc8f 41.0 release and changelogs
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 882
diff changeset
   834
7aa7715fdc8f 41.0 release and changelogs
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 882
diff changeset
   835
- update to Firefox 41.0 (bnc#947003)
7aa7715fdc8f 41.0 release and changelogs
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 882
diff changeset
   836
  * MFSA 2015-96/CVE-2015-4500/CVE-2015-4501
7aa7715fdc8f 41.0 release and changelogs
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 882
diff changeset
   837
    Miscellaneous memory safety hazards
7aa7715fdc8f 41.0 release and changelogs
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 882
diff changeset
   838
  * MFSA 2015-97/CVE-2015-4503 (bmo#994337)
7aa7715fdc8f 41.0 release and changelogs
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 882
diff changeset
   839
    Memory leak in mozTCPSocket to servers
7aa7715fdc8f 41.0 release and changelogs
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 882
diff changeset
   840
  * MFSA 2015-98/CVE-2015-4504 (bmo#1132467)
7aa7715fdc8f 41.0 release and changelogs
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 882
diff changeset
   841
    Out of bounds read in QCMS library with ICC V4 profile attributes
7aa7715fdc8f 41.0 release and changelogs
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 882
diff changeset
   842
  * MFSA 2015-99/CVE-2015-4476 (bmo#1162372) (Android only)
7aa7715fdc8f 41.0 release and changelogs
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 882
diff changeset
   843
    Site attribute spoofing on Android by pasting URL with unknown scheme
7aa7715fdc8f 41.0 release and changelogs
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 882
diff changeset
   844
  * MFSA 2015-100/CVE-2015-4505 (bmo#1177861) (Windows only)
7aa7715fdc8f 41.0 release and changelogs
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 882
diff changeset
   845
    Arbitrary file manipulation by local user through Mozilla updater
7aa7715fdc8f 41.0 release and changelogs
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 882
diff changeset
   846
  * MFSA 2015-101/CVE-2015-4506 (bmo#1192226)
7aa7715fdc8f 41.0 release and changelogs
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 882
diff changeset
   847
    Buffer overflow in libvpx while parsing vp9 format video
7aa7715fdc8f 41.0 release and changelogs
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 882
diff changeset
   848
  * MFSA 2015-102/CVE-2015-4507 (bmo#1192401)
7aa7715fdc8f 41.0 release and changelogs
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 882
diff changeset
   849
    Crash when using debugger with SavedStacks in JavaScript
7aa7715fdc8f 41.0 release and changelogs
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 882
diff changeset
   850
  * MFSA 2015-103/CVE-2015-4508 (bmo#1195976)
7aa7715fdc8f 41.0 release and changelogs
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 882
diff changeset
   851
    URL spoofing in reader mode
7aa7715fdc8f 41.0 release and changelogs
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 882
diff changeset
   852
  * MFSA 2015-104/CVE-2015-4510 (bmo#1200004)
7aa7715fdc8f 41.0 release and changelogs
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 882
diff changeset
   853
    Use-after-free with shared workers and IndexedDB
7aa7715fdc8f 41.0 release and changelogs
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 882
diff changeset
   854
  * MFSA 2015-105/CVE-2015-4511 (bmo#1200148)
7aa7715fdc8f 41.0 release and changelogs
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 882
diff changeset
   855
    Buffer overflow while decoding WebM video
7aa7715fdc8f 41.0 release and changelogs
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 882
diff changeset
   856
  * MFSA 2015-106/CVE-2015-4509 (bmo#1198435)
7aa7715fdc8f 41.0 release and changelogs
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 882
diff changeset
   857
    Use-after-free while manipulating HTML media content
7aa7715fdc8f 41.0 release and changelogs
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 882
diff changeset
   858
  * MFSA 2015-107/CVE-2015-4512 (bmo#1170390)
7aa7715fdc8f 41.0 release and changelogs
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 882
diff changeset
   859
    Out-of-bounds read during 2D canvas display on Linux 16-bit
7aa7715fdc8f 41.0 release and changelogs
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 882
diff changeset
   860
    color depth systems
7aa7715fdc8f 41.0 release and changelogs
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 882
diff changeset
   861
  * MFSA 2015-108/CVE-2015-4502 (bmo#1105045)
7aa7715fdc8f 41.0 release and changelogs
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 882
diff changeset
   862
    Scripted proxies can access inner window
7aa7715fdc8f 41.0 release and changelogs
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 882
diff changeset
   863
  * MFSA 2015-109/CVE-2015-4516 (bmo#904886)
7aa7715fdc8f 41.0 release and changelogs
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 882
diff changeset
   864
    JavaScript immutable property enforcement can be bypassed
7aa7715fdc8f 41.0 release and changelogs
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 882
diff changeset
   865
  * MFSA 2015-110/CVE-2015-4519 (bmo#1189814)
7aa7715fdc8f 41.0 release and changelogs
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 882
diff changeset
   866
    Dragging and dropping images exposes final URL after redirects
7aa7715fdc8f 41.0 release and changelogs
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 882
diff changeset
   867
  * MFSA 2015-111/CVE-2015-4520 (bmo#1200856, bmo#1200869)
7aa7715fdc8f 41.0 release and changelogs
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 882
diff changeset
   868
    Errors in the handling of CORS preflight request headers
7aa7715fdc8f 41.0 release and changelogs
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 882
diff changeset
   869
  * MFSA 2015-112/CVE-2015-4517/CVE-2015-4521/CVE-2015-4522/
7aa7715fdc8f 41.0 release and changelogs
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 882
diff changeset
   870
    CVE-2015-7174/CVE-2015-7175/CVE-2015-7176/CVE-2015-7177/
7aa7715fdc8f 41.0 release and changelogs
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 882
diff changeset
   871
    CVE-2015-7180
7aa7715fdc8f 41.0 release and changelogs
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 882
diff changeset
   872
    Vulnerabilities found through code inspection
7aa7715fdc8f 41.0 release and changelogs
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 882
diff changeset
   873
  * MFSA 2015-113/CVE-2015-7178/CVE-2015-7179 (bmo#1189860,
7aa7715fdc8f 41.0 release and changelogs
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 882
diff changeset
   874
    bmo#1190526) (Windows only)
7aa7715fdc8f 41.0 release and changelogs
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 882
diff changeset
   875
    Memory safety errors in libGLES in the ANGLE graphics library
7aa7715fdc8f 41.0 release and changelogs
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 882
diff changeset
   876
  * MFSA 2015-114 (bmo#1167498, bmo#1153672) (Windows only)
7aa7715fdc8f 41.0 release and changelogs
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 882
diff changeset
   877
    Information disclosure via the High Resolution Time API
882
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 875
diff changeset
   878
- rebased patches
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 875
diff changeset
   879
- removed obsolete patches
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 875
diff changeset
   880
  * mozilla-arm64-libjpeg-turbo.patch
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 875
diff changeset
   881
883
7aa7715fdc8f 41.0 release and changelogs
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 882
diff changeset
   882
------------------------------------------------------------------
7aa7715fdc8f 41.0 release and changelogs
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 882
diff changeset
   883
Thu Aug 27 06:03:51 UTC 2015 - wr@rosenauer.org
7aa7715fdc8f 41.0 release and changelogs
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 882
diff changeset
   884
7aa7715fdc8f 41.0 release and changelogs
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 882
diff changeset
   885
- update to Firefox 40.0.3 (bnc#943550)
7aa7715fdc8f 41.0 release and changelogs
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 882
diff changeset
   886
  * Disable the asynchronous plugin initialization (bmo#1198590)
7aa7715fdc8f 41.0 release and changelogs
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 882
diff changeset
   887
  * Fix a segmentation fault in the GStreamer support (bmo#1145230)
7aa7715fdc8f 41.0 release and changelogs
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 882
diff changeset
   888
  * Fix a regression with some Japanese fonts used in the <input>
7aa7715fdc8f 41.0 release and changelogs
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 882
diff changeset
   889
    field (bmo#1194055)
7aa7715fdc8f 41.0 release and changelogs
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 882
diff changeset
   890
  * On some sites, the selection in a select combox box using the
7aa7715fdc8f 41.0 release and changelogs
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 882
diff changeset
   891
    mouse could be broken (bmo#1194733)
7aa7715fdc8f 41.0 release and changelogs
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 882
diff changeset
   892
  security fixes
7aa7715fdc8f 41.0 release and changelogs
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 882
diff changeset
   893
  * MFSA 2015-94/CVE-2015-4497 (bmo#1164766, bmo#1175278)
7aa7715fdc8f 41.0 release and changelogs
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 882
diff changeset
   894
    Use-after-free when resizing canvas element during restyling
7aa7715fdc8f 41.0 release and changelogs
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 882
diff changeset
   895
  * MFSA 2015-95/CVE-2015-4498 (bmo#1042699)
7aa7715fdc8f 41.0 release and changelogs
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 882
diff changeset
   896
    Add-on notification bypass through data URLs
7aa7715fdc8f 41.0 release and changelogs
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 882
diff changeset
   897
882
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 875
diff changeset
   898
-------------------------------------------------------------------
875
2d6ccc01ea9e 40.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 872
diff changeset
   899
Fri Aug  7 07:49:49 UTC 2015 - wr@rosenauer.org
2d6ccc01ea9e 40.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 872
diff changeset
   900
2d6ccc01ea9e 40.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 872
diff changeset
   901
- update to Firefox 40.0 (bnc#940806)
2d6ccc01ea9e 40.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 872
diff changeset
   902
  * Added protection against unwanted software downloads
2d6ccc01ea9e 40.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 872
diff changeset
   903
  * Suggested Tiles show sites of interest, based on categories
2d6ccc01ea9e 40.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 872
diff changeset
   904
    from your recent browsing history
2d6ccc01ea9e 40.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 872
diff changeset
   905
  * Hello allows adding a link to conversations to provide context
2d6ccc01ea9e 40.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 872
diff changeset
   906
    on what the conversation will be about
2d6ccc01ea9e 40.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 872
diff changeset
   907
  * New style for add-on manager based on the in-content
2d6ccc01ea9e 40.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 872
diff changeset
   908
    preferences style
2d6ccc01ea9e 40.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 872
diff changeset
   909
  * Improved scrolling, graphics, and video playback performance
2d6ccc01ea9e 40.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 872
diff changeset
   910
    with off main thread compositing (GNU/Linux only)
2d6ccc01ea9e 40.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 872
diff changeset
   911
  * Graphic blocklist mechanism improved: Firefox version ranges
2d6ccc01ea9e 40.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 872
diff changeset
   912
    can be specified, limiting the number of devices blocked
2d6ccc01ea9e 40.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 872
diff changeset
   913
  security fixes:
2d6ccc01ea9e 40.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 872
diff changeset
   914
  * MFSA 2015-79/CVE-2015-4473/CVE-2015-4474
2d6ccc01ea9e 40.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 872
diff changeset
   915
    Miscellaneous memory safety hazards
2d6ccc01ea9e 40.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 872
diff changeset
   916
  * MFSA 2015-80/CVE-2015-4475 (bmo#1175396)
2d6ccc01ea9e 40.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 872
diff changeset
   917
    Out-of-bounds read with malformed MP3 file
2d6ccc01ea9e 40.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 872
diff changeset
   918
  * MFSA 2015-81/CVE-2015-4477 (bmo#1179484)
2d6ccc01ea9e 40.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 872
diff changeset
   919
    Use-after-free in MediaStream playback
2d6ccc01ea9e 40.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 872
diff changeset
   920
  * MFSA 2015-82/CVE-2015-4478 (bmo#1105914)
2d6ccc01ea9e 40.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 872
diff changeset
   921
    Redefinition of non-configurable JavaScript object properties
2d6ccc01ea9e 40.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 872
diff changeset
   922
  * MFSA 2015-83/CVE-2015-4479/CVE-2015-4480/CVE-2015-4493
2d6ccc01ea9e 40.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 872
diff changeset
   923
    Overflow issues in libstagefright
2d6ccc01ea9e 40.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 872
diff changeset
   924
  * MFSA 2015-84/CVE-2015-4481 (bmo1171518)
2d6ccc01ea9e 40.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 872
diff changeset
   925
    Arbitrary file overwriting through Mozilla Maintenance Service
2d6ccc01ea9e 40.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 872
diff changeset
   926
    with hard links (only affected Windows)
2d6ccc01ea9e 40.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 872
diff changeset
   927
  * MFSA 2015-85/CVE-2015-4482 (bmo#1184500)
2d6ccc01ea9e 40.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 872
diff changeset
   928
    Out-of-bounds write with Updater and malicious MAR file
2d6ccc01ea9e 40.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 872
diff changeset
   929
    (does not affect openSUSE RPM packages which do not ship the
2d6ccc01ea9e 40.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 872
diff changeset
   930
     updater)
2d6ccc01ea9e 40.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 872
diff changeset
   931
  * MFSA 2015-86/CVE-2015-4483 (bmo#1148732)
2d6ccc01ea9e 40.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 872
diff changeset
   932
    Feed protocol with POST bypasses mixed content protections
2d6ccc01ea9e 40.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 872
diff changeset
   933
  * MFSA 2015-87/CVE-2015-4484 (bmo#1171540)
2d6ccc01ea9e 40.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 872
diff changeset
   934
    Crash when using shared memory in JavaScript
2d6ccc01ea9e 40.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 872
diff changeset
   935
  * MFSA 2015-88/CVE-2015-4491 (bmo#1184009)
2d6ccc01ea9e 40.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 872
diff changeset
   936
    Heap overflow in gdk-pixbuf when scaling bitmap images
2d6ccc01ea9e 40.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 872
diff changeset
   937
  * MFSA 2015-89/CVE-2015-4485/CVE-2015-4486 (bmo#1177948, bmo#1178148)
2d6ccc01ea9e 40.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 872
diff changeset
   938
    Buffer overflows on Libvpx when decoding WebM video
2d6ccc01ea9e 40.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 872
diff changeset
   939
  * MFSA 2015-90/CVE-2015-4487/CVE-2015-4488/CVE-2015-4489
2d6ccc01ea9e 40.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 872
diff changeset
   940
    Vulnerabilities found through code inspection
2d6ccc01ea9e 40.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 872
diff changeset
   941
  * MFSA 2015-91/CVE-2015-4490 (bmo#1086999)
2d6ccc01ea9e 40.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 872
diff changeset
   942
    Mozilla Content Security Policy allows for asterisk wildcards
2d6ccc01ea9e 40.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 872
diff changeset
   943
    in violation of CSP specification
2d6ccc01ea9e 40.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 872
diff changeset
   944
  * MFSA 2015-92/CVE-2015-4492 (bmo#1185820)
2d6ccc01ea9e 40.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 872
diff changeset
   945
    Use-after-free in XMLHttpRequest with shared workers
869
0dd25a92df97 working FF 40 build
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 868
diff changeset
   946
- added mozilla-no-stdcxx-check.patch
0dd25a92df97 working FF 40 build
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 868
diff changeset
   947
- removed obsolete patches
868
284da266ec46 40beta rebase
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 867
diff changeset
   948
  * mozilla-add-glibcxx_use_cxx11_abi.patch
869
0dd25a92df97 working FF 40 build
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 868
diff changeset
   949
  * firefox-multilocale-chrome.patch
868
284da266ec46 40beta rebase
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 867
diff changeset
   950
- rebased patches
869
0dd25a92df97 working FF 40 build
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 868
diff changeset
   951
- requires version 40 of the branding package
871
4c6e8495720b beta update
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 869
diff changeset
   952
- removed browser/searchplugins/ location as it's not valid anymore
867
3af93b7e5e3d merge from firefox39 and switch to 40beta branch
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 866
diff changeset
   953
3af93b7e5e3d merge from firefox39 and switch to 40beta branch
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 866
diff changeset
   954
-------------------------------------------------------------------
870
09ffe9247f8a FF 39.0.3
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 866
diff changeset
   955
Fri Aug  7 07:09:39 UTC 2015 - wr@rosenauer.org
09ffe9247f8a FF 39.0.3
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 866
diff changeset
   956
09ffe9247f8a FF 39.0.3
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 866
diff changeset
   957
- security update to Firefox 39.0.3 (bnc#940918)
09ffe9247f8a FF 39.0.3
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 866
diff changeset
   958
  * MFSA 2015-78/CVE-2015-4495 (bmo#1179262, bmo#1178058)
09ffe9247f8a FF 39.0.3
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 866
diff changeset
   959
    Same origin violation and local file stealing via PDF reader
09ffe9247f8a FF 39.0.3
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 866
diff changeset
   960
09ffe9247f8a FF 39.0.3
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 866
diff changeset
   961
-------------------------------------------------------------------
866
28eb9d3ab7e8 39.0 final with changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 863
diff changeset
   962
Wed Jul  1 06:43:02 UTC 2015 - wr@rosenauer.org
28eb9d3ab7e8 39.0 final with changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 863
diff changeset
   963
28eb9d3ab7e8 39.0 final with changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 863
diff changeset
   964
- update to Firefox 39.0 (bnc#935979)
863
d5a1c8dec7ed Firefox 39.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 862
diff changeset
   965
  * Share Hello URLs with social networks
d5a1c8dec7ed Firefox 39.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 862
diff changeset
   966
  * Support for 'switch' role in ARIA 1.1 (web accessibility)
d5a1c8dec7ed Firefox 39.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 862
diff changeset
   967
  * SafeBrowsing malware detection lookups enabled for downloads
d5a1c8dec7ed Firefox 39.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 862
diff changeset
   968
    (Mac OS X and Linux)
d5a1c8dec7ed Firefox 39.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 862
diff changeset
   969
  * Support for new Unicode 8.0 skin tone emoji
d5a1c8dec7ed Firefox 39.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 862
diff changeset
   970
  * Removed support for insecure SSLv3 for network communications
d5a1c8dec7ed Firefox 39.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 862
diff changeset
   971
  * Disable use of RC4 except for temporarily whitelisted hosts
d5a1c8dec7ed Firefox 39.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 862
diff changeset
   972
  * NPAPI Plug-in performance improved via asynchronous initialization
866
28eb9d3ab7e8 39.0 final with changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 863
diff changeset
   973
  security fixes:
28eb9d3ab7e8 39.0 final with changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 863
diff changeset
   974
  * MFSA 2015-59/CVE-2015-2724/CVE-2015-2725/CVE-2015-2726
28eb9d3ab7e8 39.0 final with changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 863
diff changeset
   975
    Miscellaneous memory safety hazards
28eb9d3ab7e8 39.0 final with changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 863
diff changeset
   976
  * MFSA 2015-60/CVE-2015-2727 (bmo#1163422)
28eb9d3ab7e8 39.0 final with changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 863
diff changeset
   977
    Local files or privileged URLs in pages can be opened into new tabs
28eb9d3ab7e8 39.0 final with changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 863
diff changeset
   978
  * MFSA 2015-61/CVE-2015-2728 (bmo#1142210)
28eb9d3ab7e8 39.0 final with changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 863
diff changeset
   979
    Type confusion in Indexed Database Manager
28eb9d3ab7e8 39.0 final with changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 863
diff changeset
   980
  * MFSA 2015-62/CVE-2015-2729 (bmo#1122218)
28eb9d3ab7e8 39.0 final with changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 863
diff changeset
   981
    Out-of-bound read while computing an oscillator rendering range in Web Audio
28eb9d3ab7e8 39.0 final with changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 863
diff changeset
   982
  * MFSA 2015-63/CVE-2015-2731 (bmo#1149891)
28eb9d3ab7e8 39.0 final with changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 863
diff changeset
   983
    Use-after-free in Content Policy due to microtask execution error
28eb9d3ab7e8 39.0 final with changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 863
diff changeset
   984
  * MFSA 2015-64/CVE-2015-2730 (bmo#1125025)
28eb9d3ab7e8 39.0 final with changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 863
diff changeset
   985
    ECDSA signature validation fails to handle some signatures correctly
28eb9d3ab7e8 39.0 final with changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 863
diff changeset
   986
    (this fix is shipped by NSS 3.19.1 externally)
28eb9d3ab7e8 39.0 final with changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 863
diff changeset
   987
  * MFSA 2015-65/CVE-2015-2722/CVE-2015-2733 (bmo#1166924, bmo#1169867)
28eb9d3ab7e8 39.0 final with changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 863
diff changeset
   988
    Use-after-free in workers while using XMLHttpRequest
28eb9d3ab7e8 39.0 final with changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 863
diff changeset
   989
  * MFSA 2015-66/CVE-2015-2734/CVE-2015-2735/CVE-2015-2736/CVE-2015-2737
28eb9d3ab7e8 39.0 final with changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 863
diff changeset
   990
    CVE-2015-2738/CVE-2015-2739/CVE-2015-2740
28eb9d3ab7e8 39.0 final with changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 863
diff changeset
   991
    Vulnerabilities found through code inspection
28eb9d3ab7e8 39.0 final with changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 863
diff changeset
   992
  * MFSA 2015-67/CVE-2015-2741 (bmo#1147497)
28eb9d3ab7e8 39.0 final with changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 863
diff changeset
   993
    Key pinning is ignored when overridable errors are encountered
28eb9d3ab7e8 39.0 final with changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 863
diff changeset
   994
  * MFSA 2015-68/CVE-2015-2742 (bmo#1138669)
28eb9d3ab7e8 39.0 final with changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 863
diff changeset
   995
    OS X crash reports may contain entered key press information
28eb9d3ab7e8 39.0 final with changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 863
diff changeset
   996
    (not relevant under Linux)
28eb9d3ab7e8 39.0 final with changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 863
diff changeset
   997
  * MFSA 2015-69/CVE-2015-2743 (bmo#1163109)
28eb9d3ab7e8 39.0 final with changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 863
diff changeset
   998
    Privilege escalation in PDF.js
28eb9d3ab7e8 39.0 final with changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 863
diff changeset
   999
  * MFSA 2015-70/CVE-2015-4000 (bmo#1138554)
28eb9d3ab7e8 39.0 final with changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 863
diff changeset
  1000
    NSS accepts export-length DHE keys with regular DHE cipher suites
28eb9d3ab7e8 39.0 final with changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 863
diff changeset
  1001
    (this fix is shipped by NSS 3.19.1 externally)
28eb9d3ab7e8 39.0 final with changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 863
diff changeset
  1002
  * MFSA 2015-71/CVE-2015-2721 (bmo#1086145)
28eb9d3ab7e8 39.0 final with changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 863
diff changeset
  1003
    NSS incorrectly permits skipping of ServerKeyExchange
28eb9d3ab7e8 39.0 final with changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 863
diff changeset
  1004
    (this fix is shipped by NSS 3.19.1 externally)
857
ab297940ae8a rebased to 39.0b3
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 855
diff changeset
  1005
- dropped mozilla-prefer_plugin_pref.patch as this feature is
ab297940ae8a rebased to 39.0b3
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 855
diff changeset
  1006
  likely not worth maintaining further
ab297940ae8a rebased to 39.0b3
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 855
diff changeset
  1007
- rebased patches
863
d5a1c8dec7ed Firefox 39.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 862
diff changeset
  1008
- require NSS 3.19.2
857
ab297940ae8a rebased to 39.0b3
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 855
diff changeset
  1009
ab297940ae8a rebased to 39.0b3
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 855
diff changeset
  1010
-------------------------------------------------------------------
862
390088186660 mozilla-arm64-libjpeg-turbo.patch: fix libjpeg-turbo configuration
Andreas Schwab <schwab@suse.de>
parents: 861
diff changeset
  1011
Thu Jun 18 10:30:18 UTC 2015 - schwab@suse.de
390088186660 mozilla-arm64-libjpeg-turbo.patch: fix libjpeg-turbo configuration
Andreas Schwab <schwab@suse.de>
parents: 861
diff changeset
  1012
390088186660 mozilla-arm64-libjpeg-turbo.patch: fix libjpeg-turbo configuration
Andreas Schwab <schwab@suse.de>
parents: 861
diff changeset
  1013
- mozilla-arm64-libjpeg-turbo.patch: fix libjpeg-turbo configuration
390088186660 mozilla-arm64-libjpeg-turbo.patch: fix libjpeg-turbo configuration
Andreas Schwab <schwab@suse.de>
parents: 861
diff changeset
  1014
390088186660 mozilla-arm64-libjpeg-turbo.patch: fix libjpeg-turbo configuration
Andreas Schwab <schwab@suse.de>
parents: 861
diff changeset
  1015
-------------------------------------------------------------------
854
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 853
diff changeset
  1016
Sun Jun  7 07:09:12 UTC 2015 - wr@rosenauer.org
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 853
diff changeset
  1017
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 853
diff changeset
  1018
- update to Firefox 38.0.6
855
1f860c829900 correct changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 854
diff changeset
  1019
  * fixes bmo#1171730 which is not really relevant to oS builds
1f860c829900 correct changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 854
diff changeset
  1020
- fix KDE regression from 38.0.5 builds (bsc#933439)
854
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 853
diff changeset
  1021
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 853
diff changeset
  1022
-------------------------------------------------------------------
853
cf7e96afbe3a Firefox 38.0.5
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 852
diff changeset
  1023
Sat May 23 21:13:49 UTC 2015 - wr@rosenauer.org
cf7e96afbe3a Firefox 38.0.5
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 852
diff changeset
  1024
cf7e96afbe3a Firefox 38.0.5
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 852
diff changeset
  1025
- update to Firefox 38.0.5
cf7e96afbe3a Firefox 38.0.5
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 852
diff changeset
  1026
  * Keep track of articles and videos with Pocket
cf7e96afbe3a Firefox 38.0.5
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 852
diff changeset
  1027
  * Clean formatting for articles and blog posts with Reader View
cf7e96afbe3a Firefox 38.0.5
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 852
diff changeset
  1028
  * Share the active tab or window in a Hello conversation
cf7e96afbe3a Firefox 38.0.5
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 852
diff changeset
  1029
- add changes file as source for SRPM (bsc#932142)
cf7e96afbe3a Firefox 38.0.5
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 852
diff changeset
  1030
cf7e96afbe3a Firefox 38.0.5
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 852
diff changeset
  1031
-------------------------------------------------------------------
852
e11af0d6cb48 38.0.1 update
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 851
diff changeset
  1032
Fri May 15 10:40:19 UTC 2015 - normand@linux.vnet.ibm.com
e11af0d6cb48 38.0.1 update
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 851
diff changeset
  1033
e11af0d6cb48 38.0.1 update
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 851
diff changeset
  1034
- add mozilla-add-glibcxx_use_cxx11_abi.patch grabbed from
e11af0d6cb48 38.0.1 update
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 851
diff changeset
  1035
  https://bugzilla.mozilla.org/show_bug.cgi?id=1153109
e11af0d6cb48 38.0.1 update
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 851
diff changeset
  1036
e11af0d6cb48 38.0.1 update
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 851
diff changeset
  1037
-------------------------------------------------------------------
e11af0d6cb48 38.0.1 update
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 851
diff changeset
  1038
Fri May 15 07:37:46 UTC 2015 - wr@rosenauer.org
e11af0d6cb48 38.0.1 update
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 851
diff changeset
  1039
e11af0d6cb48 38.0.1 update
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 851
diff changeset
  1040
- update to Firefox 38.0.1
e11af0d6cb48 38.0.1 update
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 851
diff changeset
  1041
  stability and regression fixes
e11af0d6cb48 38.0.1 update
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 851
diff changeset
  1042
  * Systems with first generation NVidia Optimus graphics cards
e11af0d6cb48 38.0.1 update
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 851
diff changeset
  1043
    may crash on start-up
e11af0d6cb48 38.0.1 update
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 851
diff changeset
  1044
  * Users who import cookies from Google Chrome can end up with
e11af0d6cb48 38.0.1 update
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 851
diff changeset
  1045
    broken websites
e11af0d6cb48 38.0.1 update
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 851
diff changeset
  1046
  * Large animated images may fail to play and may stop other
e11af0d6cb48 38.0.1 update
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 851
diff changeset
  1047
    images from loading
e11af0d6cb48 38.0.1 update
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 851
diff changeset
  1048
e11af0d6cb48 38.0.1 update
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 851
diff changeset
  1049
-------------------------------------------------------------------
851
0855c4ac4793 Firefox 38.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 850
diff changeset
  1050
Sun May 10 07:07:49 UTC 2015 - wr@rosenauer.org
0855c4ac4793 Firefox 38.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 850
diff changeset
  1051
852
e11af0d6cb48 38.0.1 update
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 851
diff changeset
  1052
- update to Firefox 38.0 (bnc#930622)
e11af0d6cb48 38.0.1 update
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 851
diff changeset
  1053
  * New tab-based preferences
e11af0d6cb48 38.0.1 update
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 851
diff changeset
  1054
  * Ruby annotation support
e11af0d6cb48 38.0.1 update
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 851
diff changeset
  1055
  * more info: https://www.mozilla.org/en-US/firefox/38.0/releasenotes/
e11af0d6cb48 38.0.1 update
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 851
diff changeset
  1056
  security fixes:
e11af0d6cb48 38.0.1 update
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 851
diff changeset
  1057
  * MFSA 2015-46/CVE-2015-2708/CVE-2015-2709
e11af0d6cb48 38.0.1 update
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 851
diff changeset
  1058
    Miscellaneous memory safety hazards
e11af0d6cb48 38.0.1 update
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 851
diff changeset
  1059
  * MFSA 2015-47/VE-2015-0797 (bmo#1080995)
e11af0d6cb48 38.0.1 update
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 851
diff changeset
  1060
    Buffer overflow parsing H.264 video with Linux Gstreamer
e11af0d6cb48 38.0.1 update
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 851
diff changeset
  1061
  * MFSA 2015-48/CVE-2015-2710 (bmo#1149542)
e11af0d6cb48 38.0.1 update
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 851
diff changeset
  1062
    Buffer overflow with SVG content and CSS
e11af0d6cb48 38.0.1 update
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 851
diff changeset
  1063
  * MFSA 2015-49/CVE-2015-2711 (bmo#1113431)
e11af0d6cb48 38.0.1 update
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 851
diff changeset
  1064
    Referrer policy ignored when links opened by middle-click and
e11af0d6cb48 38.0.1 update
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 851
diff changeset
  1065
    context menu
e11af0d6cb48 38.0.1 update
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 851
diff changeset
  1066
  * MFSA 2015-50/CVE-2015-2712 (bmo#1152280)
e11af0d6cb48 38.0.1 update
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 851
diff changeset
  1067
    Out-of-bounds read and write in asm.js validation
e11af0d6cb48 38.0.1 update
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 851
diff changeset
  1068
  * MFSA 2015-51/CVE-2015-2713 (bmo#1153478)
e11af0d6cb48 38.0.1 update
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 851
diff changeset
  1069
    Use-after-free during text processing with vertical text enabled
e11af0d6cb48 38.0.1 update
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 851
diff changeset
  1070
  * MFSA 2015-53/CVE-2015-2715 (bmo#988698)
e11af0d6cb48 38.0.1 update
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 851
diff changeset
  1071
    Use-after-free due to Media Decoder Thread creation during shutdown
e11af0d6cb48 38.0.1 update
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 851
diff changeset
  1072
  * MFSA 2015-54/CVE-2015-2716 (bmo#1140537)
e11af0d6cb48 38.0.1 update
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 851
diff changeset
  1073
    Buffer overflow when parsing compressed XML
e11af0d6cb48 38.0.1 update
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 851
diff changeset
  1074
  * MFSA 2015-55/CVE-2015-2717 (bmo#1154683)
e11af0d6cb48 38.0.1 update
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 851
diff changeset
  1075
    Buffer overflow and out-of-bounds read while parsing MP4 video
e11af0d6cb48 38.0.1 update
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 851
diff changeset
  1076
    metadata
e11af0d6cb48 38.0.1 update
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 851
diff changeset
  1077
  * MFSA 2015-56/CVE-2015-2718 (bmo#1146724)
e11af0d6cb48 38.0.1 update
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 851
diff changeset
  1078
    Untrusted site hosting trusted page can intercept webchannel
e11af0d6cb48 38.0.1 update
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 851
diff changeset
  1079
    responses
e11af0d6cb48 38.0.1 update
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 851
diff changeset
  1080
  * MFSA 2015-57/CVE-2011-3079 (bmo#1087565)
e11af0d6cb48 38.0.1 update
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 851
diff changeset
  1081
    Privilege escalation through IPC channel messages
850
a2bdff616a0e prepare 38beta
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 845
diff changeset
  1082
- requires NSS 3.18.1
851
0855c4ac4793 Firefox 38.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 850
diff changeset
  1083
- removed obsolete patches:
0855c4ac4793 Firefox 38.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 850
diff changeset
  1084
  * mozilla-skia-bmo1136958.patch
0855c4ac4793 Firefox 38.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 850
diff changeset
  1085
- remove gnomevfs build options as it is removed from sources
0855c4ac4793 Firefox 38.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 850
diff changeset
  1086
- rebased patches
850
a2bdff616a0e prepare 38beta
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 845
diff changeset
  1087
a2bdff616a0e prepare 38beta
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 845
diff changeset
  1088
-------------------------------------------------------------------
a2bdff616a0e prepare 38beta
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 845
diff changeset
  1089
Fri Apr 17 16:39:20 UTC 2015 - wr@rosenauer.org
a2bdff616a0e prepare 38beta
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 845