diff -r e969636be188 -r 2f9f2e040647 MozillaFirefox/MozillaFirefox.changes --- a/MozillaFirefox/MozillaFirefox.changes Tue Jun 07 21:44:20 2016 +0200 +++ b/MozillaFirefox/MozillaFirefox.changes Wed Jun 08 13:45:00 2016 +0200 @@ -1,4 +1,82 @@ ------------------------------------------------------------------- +Tue Jun 7 19:47:25 UTC 2016 - wr@rosenauer.org + +- update to Firefox 47.0 (boo#983549) + * Enable VP9 video codec for users with fast machines + * Embedded YouTube videos now play with HTML5 video if Flash is + not installed + * View and search open tabs from your smartphone or another + computer in a sidebar + * Allow no-cache on back/forward navigations for https resources + security fixes: + * MFSA 2016-49/CVE-2016-2815/CVE-2016-2818 + (boo#983638) + (bmo#1241896, bmo#1242798, bmo#1243466, bmo#1245743, + bmo#1264300, bmo#1271037, bmo#1234147, bmo#1256493, + bmo#1256739, bmo#1256968, bmo#1261230, bmo#1261752, + bmo#1263384, bmo#1264575, bmo#1265577, bmo#1267130, + bmo#1269729, bmo#1273202, bmo#1273701) + Miscellaneous memory safety hazards (rv:47.0 / rv:45.2) + * MFSA 2016-50/CVE-2016-2819 (boo#983655) (bmo#1270381) + Buffer overflow parsing HTML5 fragments + * MFSA 2016-51/CVE-2016-2821 (bsc#983653) (bmo#1271460) + Use-after-free deleting tables from a contenteditable document + * MFSA 2016-52/CVE-2016-2822 (boo#983652) (bmo#1273129) + Addressbar spoofing though the SELECT element + * MFSA 2016-53/CVE-2016-2824 (boo#983651) (bmo#1248580) + Out-of-bounds write with WebGL shader + * MFSA 2016-54/CVE-2016-2825 (boo#983649) (bmo#1193093) + Partial same-origin-policy through setting location.host + through data URI + * MFSA 2016-56/CVE-2016-2828 (boo#983646) (bmo#1223810) + Use-after-free when textures are used in WebGL operations + after recycle pool destruction + * MFSA 2016-57/CVE-2016-2829 (boo#983644) (bmo#1248329) + Incorrect icon displayed on permissions notifications + * MFSA 2016-58/CVE-2016-2831 (boo#983643) (bmo#1261933) + Entering fullscreen and persistent pointerlock without user + permission + * MFSA 2016-59/CVE-2016-2832 (boo#983632) (bmo#1025267) + Information disclosure of disabled plugins through CSS + pseudo-classes + * MFSA 2016-60/CVE-2016-2833 (boo#983640) (bmo#908933) + Java applets bypass CSP protections + * MFSA 2016-62/CVE-2016-2834 (boo#983639) (bmo#1206283, + bmo#1221620, bmo#1241034, bmo#1241037) + Network Security Services (NSS) vulnerabilities + fixed by requiring NSS 3.23 + packaging changes: + * cleanup configure options (boo#981695): + - notably remove GStreamer support which is gone from FF + * remove obsolete patches + - mozilla-libproxy.patch + - mozilla-repo.patch + +------------------------------------------------------------------- +Wed May 25 16:36:23 UTC 2016 - badshah400@gmail.com + +- The conditional testing for gcc was failing for different + openSUSE versions, drop it and apply patches unconditionally. + +------------------------------------------------------------------- +Mon May 23 15:30:27 UTC 2016 - badshah400@gmail.com + +- Add patches to fix building with gcc6: + + mozilla-gcc6.patch: fix building with gcc >= 6.1; patch + taken from upstream: + https://hg.mozilla.org/mozilla-central/rev/55212130f19d. + + mozilla-exclude-nametablecpp.patch: Exclude NameTable.cpp + from unified compilation because #include in other + source files causes gcc6 compilation failure; patch taken from + upstream: + https://hg.mozilla.org/mozilla-central/rev/9c57b7cacffc. + +------------------------------------------------------------------- +Fri May 13 00:00:00 CEST 2016 - dsterba@suse.cz + +- enable build with PIE and full relro on x86_64 (boo#980384) + +------------------------------------------------------------------- Wed May 4 10:27:43 UTC 2016 - wr@rosenauer.org - update to Firefox 46.0.1