# HG changeset patch # User Wolfgang Rosenauer # Date 1440227225 -7200 # Node ID 2d6ccc01ea9efa75da62cfa320aec0b37ff0287b # Parent f3a4634b3a4ea17e0ac59803b7ee1e0b46940165 40.0 final diff -r f3a4634b3a4e -r 2d6ccc01ea9e MozillaFirefox/MozillaFirefox.changes --- a/MozillaFirefox/MozillaFirefox.changes Fri Aug 07 09:43:50 2015 +0200 +++ b/MozillaFirefox/MozillaFirefox.changes Sat Aug 22 09:07:05 2015 +0200 @@ -1,7 +1,51 @@ ------------------------------------------------------------------- -Fri Jul 31 17:10:11 UTC 2015 - wr@rosenauer.org - -- update to Firefox 40.0b9 +Fri Aug 7 07:49:49 UTC 2015 - wr@rosenauer.org + +- update to Firefox 40.0 (bnc#940806) + * Added protection against unwanted software downloads + * Suggested Tiles show sites of interest, based on categories + from your recent browsing history + * Hello allows adding a link to conversations to provide context + on what the conversation will be about + * New style for add-on manager based on the in-content + preferences style + * Improved scrolling, graphics, and video playback performance + with off main thread compositing (GNU/Linux only) + * Graphic blocklist mechanism improved: Firefox version ranges + can be specified, limiting the number of devices blocked + security fixes: + * MFSA 2015-79/CVE-2015-4473/CVE-2015-4474 + Miscellaneous memory safety hazards + * MFSA 2015-80/CVE-2015-4475 (bmo#1175396) + Out-of-bounds read with malformed MP3 file + * MFSA 2015-81/CVE-2015-4477 (bmo#1179484) + Use-after-free in MediaStream playback + * MFSA 2015-82/CVE-2015-4478 (bmo#1105914) + Redefinition of non-configurable JavaScript object properties + * MFSA 2015-83/CVE-2015-4479/CVE-2015-4480/CVE-2015-4493 + Overflow issues in libstagefright + * MFSA 2015-84/CVE-2015-4481 (bmo1171518) + Arbitrary file overwriting through Mozilla Maintenance Service + with hard links (only affected Windows) + * MFSA 2015-85/CVE-2015-4482 (bmo#1184500) + Out-of-bounds write with Updater and malicious MAR file + (does not affect openSUSE RPM packages which do not ship the + updater) + * MFSA 2015-86/CVE-2015-4483 (bmo#1148732) + Feed protocol with POST bypasses mixed content protections + * MFSA 2015-87/CVE-2015-4484 (bmo#1171540) + Crash when using shared memory in JavaScript + * MFSA 2015-88/CVE-2015-4491 (bmo#1184009) + Heap overflow in gdk-pixbuf when scaling bitmap images + * MFSA 2015-89/CVE-2015-4485/CVE-2015-4486 (bmo#1177948, bmo#1178148) + Buffer overflows on Libvpx when decoding WebM video + * MFSA 2015-90/CVE-2015-4487/CVE-2015-4488/CVE-2015-4489 + Vulnerabilities found through code inspection + * MFSA 2015-91/CVE-2015-4490 (bmo#1086999) + Mozilla Content Security Policy allows for asterisk wildcards + in violation of CSP specification + * MFSA 2015-92/CVE-2015-4492 (bmo#1185820) + Use-after-free in XMLHttpRequest with shared workers - added mozilla-no-stdcxx-check.patch - removed obsolete patches * mozilla-add-glibcxx_use_cxx11_abi.patch diff -r f3a4634b3a4e -r 2d6ccc01ea9e MozillaFirefox/MozillaFirefox.spec --- a/MozillaFirefox/MozillaFirefox.spec Fri Aug 07 09:43:50 2015 +0200 +++ b/MozillaFirefox/MozillaFirefox.spec Sat Aug 22 09:07:05 2015 +0200 @@ -18,10 +18,10 @@ # changed with every update -%define major 39 -%define mainver %major.99 -%define update_channel beta -%define releasedate 2015073000 +%define major 40 +%define mainver %major.0 +%define update_channel release +%define releasedate 2015080700 # general build definitions %if "%{update_channel}" != "aurora" diff -r f3a4634b3a4e -r 2d6ccc01ea9e MozillaFirefox/create-tar.sh --- a/MozillaFirefox/create-tar.sh Fri Aug 07 09:43:50 2015 +0200 +++ b/MozillaFirefox/create-tar.sh Sat Aug 22 09:07:05 2015 +0200 @@ -1,9 +1,9 @@ #!/bin/bash -CHANNEL="beta" +CHANNEL="release" BRANCH="releases/mozilla-$CHANNEL" -RELEASE_TAG="FIREFOX_40_0b9_RELEASE" -VERSION="39.99" +RELEASE_TAG="FIREFOX_40_0_RELEASE" +VERSION="40.0" # mozilla if [ -d mozilla ]; then