# HG changeset patch # User Wolfgang Rosenauer # Date 1460481191 -7200 # Node ID 7e9a2b678bba6d32428309249fbfff005a5d868b # Parent 6a889427cd4fc7e3aa3d276b9001c95b68494c5f 45.0.2 diff -r 6a889427cd4f -r 7e9a2b678bba MozillaFirefox/MozillaFirefox.changes --- a/MozillaFirefox/MozillaFirefox.changes Sat Mar 12 08:51:29 2016 +0100 +++ b/MozillaFirefox/MozillaFirefox.changes Tue Apr 12 19:13:11 2016 +0200 @@ -1,7 +1,38 @@ ------------------------------------------------------------------- +Mon Apr 11 22:49:24 UTC 2016 - astieger@suse.com + +- Mozilla Firefox 45.0.2: + * Fix an issue impacting the cookie header when third-party + cookies are blocked (bmo#1257861) + * Fix a web compatibility regression impacting the srcset + attribute of the image tag (bmo#1259482) + * Fix a crash impacting the video playback with Media Source + Extension (bmo#1258562) + * Fix a regression impacting some specific uploads (bmo#1255735) + * Fix a regression with the copy and paste with some old versions + of some Gecko applications like Thunderbird (bmo#1254980) + +------------------------------------------------------------------- +Fri Mar 18 08:52:58 UTC 2016 - astieger@suse.com + +- Mozilla Firefox 45.0.1: + * Fix a regression causing search engine settings to be lost in + some context (bmo#1254694) + * Bring back non-standard jar: URIs to fix a regression in IBM + iNotes (bmo#1255139) + * XSLTProcessor.importStylesheet was failing when was + used (bmo#1249572) + * Fix an issue which could cause the list of search provider to + be empty (bmo#1255605) + * Fix a regression when using the location bar (bmo#1254503) + * Fix some loading issues when Accept third-party cookies: was + set to Never (bmo#1254856) + * Disabled Graphite font shaping library + +------------------------------------------------------------------- Sun Mar 6 19:52:13 UTC 2016 - wr@rosenauer.org -- update to Firefox 45.0 +- update to Firefox 45.0 (boo#969894) * requires NSPR 4.12 / NSS 3.21.1 * Instant browser tab sharing through Hello * Synced Tabs button in button bar @@ -10,6 +41,60 @@ * Introduce a new preference (network.dns.blockDotOnion) to allow blocking .onion at the DNS level * Tab Groups (Panorama) feature removed + * MFSA 2016-16/CVE-2016-1952/CVE-2016-1953 + Miscellaneous memory safety hazards + * MFSA 2016-17/CVE-2016-1954 (bmo#1243178) + Local file overwriting and potential privilege escalation through + CSP reports + * MFSA 2016-18/CVE-2016-1955 (bmo#1208946) + CSP reports fail to strip location information for embedded iframe pages + * MFSA 2016-19/CVE-2016-1956 (bmo#1199923) + Linux video memory DOS with Intel drivers + * MFSA 2016-20/CVE-2016-1957 (bmo#1227052) + Memory leak in libstagefright when deleting an array during MP4 + processing + * MFSA 2016-21/CVE-2016-1958 (bmo#1228754) + Displayed page address can be overridden + * MFSA 2016-22/CVE-2016-1959 (bmo#1234949) + Service Worker Manager out-of-bounds read in Service Worker Manager + * MFSA 2016-23/CVE-2016-1960/ZDI-CAN-3545 (bmo#1246014) + Use-after-free in HTML5 string parser + * MFSA 2016-24/CVE-2016-1961/ZDI-CAN-3574 (bmo#1249377) + Use-after-free in SetBody + * MFSA 2016-25/CVE-2016-1962 (bmo#1240760) + Use-after-free when using multiple WebRTC data channels + * MFSA 2016-26/CVE-2016-1963 (bmo#1238440) + Memory corruption when modifying a file being read by FileReader + * MFSA 2016-27/CVE-2016-1964 (bmo#1243335) + Use-after-free during XML transformations + * MFSA 2016-28/CVE-2016-1965 (bmo#1245264) + Addressbar spoofing though history navigation and Location protocol + property + * MFSA 2016-29/CVE-2016-1967 (bmo#1246956) + Same-origin policy violation using perfomance.getEntries and + history navigation with session restore + * MFSA 2016-30/CVE-2016-1968 (bmo#1246742) + Buffer overflow in Brotli decompression + * MFSA 2016-31/CVE-2016-1966 (bmo#1246054) + Memory corruption with malicious NPAPI plugin + * MFSA 2016-32/CVE-2016-1970/CVE-2016-1971/CVE-2016-1975/ + CVE-2016-1976/CVE-2016-1972 + WebRTC and LibVPX vulnerabilities found through code inspection + * MFSA 2016-33/CVE-2016-1973 (bmo#1219339) + Use-after-free in GetStaticInstance in WebRTC + * MFSA 2016-34/CVE-2016-1974 (bmo#1228103) + Out-of-bounds read in HTML parser following a failed allocation + * MFSA 2016-35/CVE-2016-1950 (bmo#1245528) + Buffer overflow during ASN.1 decoding in NSS + (fixed by requiring 3.21.1) + * MFSA 2016-36/CVE-2016-1979 (bmo#1185033) + Use-after-free during processing of DER encoded keys in NSS + (fixed by requiring 3.21.1) + * MFSA 2016-37/CVE-2016-1977/CVE-2016-2790/CVE-2016-2791/ + CVE-2016-2792/CVE-2016-2793/CVE-2016-2794/CVE-2016-2795/ + CVE-2016-2796/CVE-2016-2797/CVE-2016-2798/CVE-2016-2799/ + CVE-2016-2800/CVE-2016-2801/CVE-2016-2802 + Font vulnerabilities in the Graphite 2 library ------------------------------------------------------------------- Sat Mar 5 15:27:00 UTC 2016 - olaf@aepfle.de diff -r 6a889427cd4f -r 7e9a2b678bba MozillaFirefox/MozillaFirefox.spec --- a/MozillaFirefox/MozillaFirefox.spec Sat Mar 12 08:51:29 2016 +0100 +++ b/MozillaFirefox/MozillaFirefox.spec Tue Apr 12 19:13:11 2016 +0200 @@ -19,9 +19,9 @@ # changed with every update %define major 45 -%define mainver %major.0 +%define mainver %major.0.2 %define update_channel release -%define releasedate 2016030500 +%define releasedate 2016041100 # general build definitions %if "%{update_channel}" != "aurora" diff -r 6a889427cd4f -r 7e9a2b678bba MozillaFirefox/create-tar.sh --- a/MozillaFirefox/create-tar.sh Sat Mar 12 08:51:29 2016 +0100 +++ b/MozillaFirefox/create-tar.sh Tue Apr 12 19:13:11 2016 +0200 @@ -2,8 +2,8 @@ CHANNEL="release" BRANCH="releases/mozilla-$CHANNEL" -RELEASE_TAG="FIREFOX_45_0_RELEASE" -VERSION="45.0" +RELEASE_TAG="FIREFOX_45_0_2_RELEASE" +VERSION="45.0.2" # mozilla if [ -d mozilla ]; then