# HG changeset patch # User Wolfgang Rosenauer # Date 1350310605 -7200 # Node ID 8349c239bff98cd7b4eaa79fa6ccb4b2574b7ca2 # Parent a30fcfcd2e53c4db1a09cea433ef04342d02fa3b preparing Aurora 18 diff -r a30fcfcd2e53 -r 8349c239bff9 MozillaFirefox/MozillaFirefox.changes --- a/MozillaFirefox/MozillaFirefox.changes Tue Oct 09 13:43:09 2012 +0200 +++ b/MozillaFirefox/MozillaFirefox.changes Mon Oct 15 16:16:45 2012 +0200 @@ -1,19 +1,64 @@ ------------------------------------------------------------------- -Thu Oct 4 04:51:23 UTC 2012 - wr@rosenauer.org - -- update to Aurora 17 (20121003) +Mon Oct 15 14:15:53 UTC 2012 - wr@rosenauer.org + +- update to Aurora 18 (20121015) + +------------------------------------------------------------------- +Mon Oct 15 14:07:12 UTC 2012 - wr@rosenauer.org + +- update to Firefox 17.0b1 - use internal NSPR for now (bmo#776877) ------------------------------------------------------------------- -Thu Sep 27 18:20:18 UTC 2012 - wr@rosenauer.org - -- update to Firefox 16.0b5 +Thu Oct 11 01:51:16 UTC 2012 - wr@rosenauer.org + +- update to Firefox 16.0.1 (bnc#783533) + * MFSA 2012-88/CVE-2012-4191 (bmo#798045) + Miscellaneous memory safety hazards + * MFSA 2012-89/CVE-2012-4192/CVE-2012-4193 (bmo#799952, bmo#720619) + defaultValue security checks not applied + +------------------------------------------------------------------- +Sun Oct 7 21:40:14 UTC 2012 - wr@rosenauer.org + +- update to Firefox 16.0 (bnc#783533) + * MFSA 2012-74/CVE-2012-3982/CVE-2012-3983 + Miscellaneous memory safety hazards + * MFSA 2012-75/CVE-2012-3984 (bmo#575294) + select element persistance allows for attacks + * MFSA 2012-76/CVE-2012-3985 (bmo#655649) + Continued access to initial origin after setting document.domain + * MFSA 2012-77/CVE-2012-3986 (bmo#775868) + Some DOMWindowUtils methods bypass security checks + * MFSA 2012-79/CVE-2012-3988 (bmo#725770) + DOS and crash with full screen and history navigation + * MFSA 2012-80/CVE-2012-3989 (bmo#783867) + Crash with invalid cast when using instanceof operator + * MFSA 2012-81/CVE-2012-3991 (bmo#783260) + GetProperty function can bypass security checks + * MFSA 2012-82/CVE-2012-3994 (bmo#765527) + top object and location property accessible by plugins + * MFSA 2012-83/CVE-2012-3993/CVE-2012-4184 (bmo#768101, bmo#780370) + Chrome Object Wrapper (COW) does not disallow acces to privileged + functions or properties + * MFSA 2012-84/CVE-2012-3992 (bmo#775009) + Spoofing and script injection through location.hash + * MFSA 2012-85/CVE-2012-3995/CVE-2012-4179/CVE-2012-4180/ + CVE-2012-4181/CVE-2012-4182/CVE-2012-4183 + Use-after-free, buffer overflow, and out of bounds read issues + found using Address Sanitizer + * MFSA 2012-86/CVE-2012-4185/CVE-2012-4186/CVE-2012-4187/ + CVE-2012-4188 + Heap memory corruption issues found using Address Sanitizer + * MFSA 2012-87/CVE-2012-3990 (bmo#787704) + Use-after-free in the IME State Manager - requires NSPR 4.9.2 - improve GStreamer integration (bmo#760140) - removed upstreamed mozilla-crashreporter-restart-args.patch - webapprt now included - use kmozillahelper's new REVEAL command (bnc#777415) (requires mozilla-kde4-integration >= 0.6.4) +- updated translations-other with new languages ------------------------------------------------------------------- Mon Sep 10 19:37:56 UTC 2012 - wr@rosenauer.org diff -r a30fcfcd2e53 -r 8349c239bff9 MozillaFirefox/MozillaFirefox.spec --- a/MozillaFirefox/MozillaFirefox.spec Tue Oct 09 13:43:09 2012 +0200 +++ b/MozillaFirefox/MozillaFirefox.spec Mon Oct 15 16:16:45 2012 +0200 @@ -17,7 +17,7 @@ # -%define major 16 +%define major 17 %define mainver %major.98 %define update_channel aurora @@ -54,7 +54,7 @@ %endif Version: %{mainver} Release: 0 -%define releasedate 2012100300 +%define releasedate 2012101500 Provides: firefox = %{mainver} Provides: firefox = %{version}-%{release} Provides: web_browser @@ -94,10 +94,10 @@ Patch9: mozilla-repo.patch Patch10: mozilla-sle11.patch Patch11: mozilla-disable-neon-option.patch -Patch13: mozilla-arm-disable-edsp.patch -Patch15: mozilla-gstreamer.patch -Patch16: mozilla-ppc.patch -Patch17: mozilla-gstreamer-760140.patch +Patch12: mozilla-arm-disable-edsp.patch +Patch13: mozilla-gstreamer.patch +Patch14: mozilla-ppc.patch +Patch15: mozilla-gstreamer-760140.patch # Firefox/browser Patch30: firefox-browser-css.patch Patch31: firefox-kde.patch @@ -223,10 +223,10 @@ %patch10 -p1 %endif #%patch11 -p1 +%patch12 -p1 %patch13 -p1 +%patch14 -p1 %patch15 -p1 -%patch16 -p1 -%patch17 -p1 # %patch30 -p1 %if %suse_version >= 1110 diff -r a30fcfcd2e53 -r 8349c239bff9 MozillaFirefox/create-tar.sh --- a/MozillaFirefox/create-tar.sh Tue Oct 09 13:43:09 2012 +0200 +++ b/MozillaFirefox/create-tar.sh Mon Oct 15 16:16:45 2012 +0200 @@ -3,7 +3,7 @@ CHANNEL="aurora" BRANCH="releases/mozilla-$CHANNEL" RELEASE_TAG="default" -VERSION="16.98" +VERSION="17.98" # mozilla echo "cloning $BRANCH..."