diff -r 82af81b0a6c7 -r ee3c462047d5 MozillaFirefox/MozillaFirefox.changes --- a/MozillaFirefox/MozillaFirefox.changes Sat Sep 19 22:04:22 2015 +0200 +++ b/MozillaFirefox/MozillaFirefox.changes Sat Oct 31 20:58:31 2015 +0100 @@ -1,11 +1,116 @@ ------------------------------------------------------------------- -Sun Sep 13 21:13:35 UTC 2015 - wr@rosenauer.org - -- update to Firefox 41.0b9 +Sat Oct 31 19:50:03 UTC 2015 - wr@rosenauer.org + +- update to Firefox 42.0 (bnc#952810) + * Private Browsing with Tracking Protection blocks certain Web + elements that could be used to record your behavior across sites + * Control Center that contains site security and privacy controls + * Login Manager improvements + * WebRTC improvements + * Indicator added to tabs that play audio with one-click muting + * Media Source Extension for HTML5 video available for all sites +- requires NSPR 4.10.10 and NSS 3.19.4 +- removed obsolete patches + * mozilla-arm-disable-edsp.patch + * mozilla-icu-strncat.patch + * mozilla-skia-be-le.patch + * toolkit-download-folder.patch +- fixed build with enable-libproxy (bmo#1220399) + * mozilla-libproxy.patch + +------------------------------------------------------------------- +Thu Oct 15 08:25:54 UTC 2015 - wr@rosenauer.org + +- update to Firefox 41.0.2 (bnc#950686) + * MFSA 2015-115/CVE-2015-7184 (bmo#1208339, bmo#1212669) + Cross-origin restriction bypass using Fetch +- added explicit appdata provides (bnc#949983) + +------------------------------------------------------------------- +Sun Oct 4 09:20:56 UTC 2015 - wr@rosenauer.org + +- do not build with --enable-stdcxx-compat + (this starts to fail build on various toolchain combinations + and is not required for openSUSE builds in general + +------------------------------------------------------------------- +Thu Oct 1 09:49:57 UTC 2015 - wr@rosenauer.org + +- update to Firefox 41.0.1 + * Fix a startup crash related to Yandex toolbar and Adblock Plus + (bmo#1209124) + * Fix potential hangs with Flash plugins (bmo#1185639) + * Fix a regression in the bookmark creation (bmo#1206376) + * Fix a startup crash with some Intel Media Accelerator 3150 + graphic cards (bmo#1207665) + * Fix a graphic crash, occurring occasionally on Facebook (bmo#1178601) + +------------------------------------------------------------------- +Sat Sep 19 20:23:29 UTC 2015 - wr@rosenauer.org + +- update to Firefox 41.0 (bnc#947003) + * MFSA 2015-96/CVE-2015-4500/CVE-2015-4501 + Miscellaneous memory safety hazards + * MFSA 2015-97/CVE-2015-4503 (bmo#994337) + Memory leak in mozTCPSocket to servers + * MFSA 2015-98/CVE-2015-4504 (bmo#1132467) + Out of bounds read in QCMS library with ICC V4 profile attributes + * MFSA 2015-99/CVE-2015-4476 (bmo#1162372) (Android only) + Site attribute spoofing on Android by pasting URL with unknown scheme + * MFSA 2015-100/CVE-2015-4505 (bmo#1177861) (Windows only) + Arbitrary file manipulation by local user through Mozilla updater + * MFSA 2015-101/CVE-2015-4506 (bmo#1192226) + Buffer overflow in libvpx while parsing vp9 format video + * MFSA 2015-102/CVE-2015-4507 (bmo#1192401) + Crash when using debugger with SavedStacks in JavaScript + * MFSA 2015-103/CVE-2015-4508 (bmo#1195976) + URL spoofing in reader mode + * MFSA 2015-104/CVE-2015-4510 (bmo#1200004) + Use-after-free with shared workers and IndexedDB + * MFSA 2015-105/CVE-2015-4511 (bmo#1200148) + Buffer overflow while decoding WebM video + * MFSA 2015-106/CVE-2015-4509 (bmo#1198435) + Use-after-free while manipulating HTML media content + * MFSA 2015-107/CVE-2015-4512 (bmo#1170390) + Out-of-bounds read during 2D canvas display on Linux 16-bit + color depth systems + * MFSA 2015-108/CVE-2015-4502 (bmo#1105045) + Scripted proxies can access inner window + * MFSA 2015-109/CVE-2015-4516 (bmo#904886) + JavaScript immutable property enforcement can be bypassed + * MFSA 2015-110/CVE-2015-4519 (bmo#1189814) + Dragging and dropping images exposes final URL after redirects + * MFSA 2015-111/CVE-2015-4520 (bmo#1200856, bmo#1200869) + Errors in the handling of CORS preflight request headers + * MFSA 2015-112/CVE-2015-4517/CVE-2015-4521/CVE-2015-4522/ + CVE-2015-7174/CVE-2015-7175/CVE-2015-7176/CVE-2015-7177/ + CVE-2015-7180 + Vulnerabilities found through code inspection + * MFSA 2015-113/CVE-2015-7178/CVE-2015-7179 (bmo#1189860, + bmo#1190526) (Windows only) + Memory safety errors in libGLES in the ANGLE graphics library + * MFSA 2015-114 (bmo#1167498, bmo#1153672) (Windows only) + Information disclosure via the High Resolution Time API - rebased patches - removed obsolete patches * mozilla-arm64-libjpeg-turbo.patch +------------------------------------------------------------------ +Thu Aug 27 06:03:51 UTC 2015 - wr@rosenauer.org + +- update to Firefox 40.0.3 (bnc#943550) + * Disable the asynchronous plugin initialization (bmo#1198590) + * Fix a segmentation fault in the GStreamer support (bmo#1145230) + * Fix a regression with some Japanese fonts used in the + field (bmo#1194055) + * On some sites, the selection in a select combox box using the + mouse could be broken (bmo#1194733) + security fixes + * MFSA 2015-94/CVE-2015-4497 (bmo#1164766, bmo#1175278) + Use-after-free when resizing canvas element during restyling + * MFSA 2015-95/CVE-2015-4498 (bmo#1042699) + Add-on notification bypass through data URLs + ------------------------------------------------------------------- Fri Aug 7 07:49:49 UTC 2015 - wr@rosenauer.org