--- a/MozillaFirefox/MozillaFirefox.changes Sat Oct 31 20:58:31 2015 +0100
+++ b/MozillaFirefox/MozillaFirefox.changes Sun Dec 06 22:08:01 2015 +0100
@@ -1,4 +1,12 @@
-------------------------------------------------------------------
+Sun Nov 15 19:52:20 UTC 2015 - wr@rosenauer.org
+
+- Add desktop menu action for private browsing window to desktop
+ file (boo#954747)
+- remove obsolete patch mozilla-bmo1005535.patch completely from
+ source package to avoid automatic check failures
+
+-------------------------------------------------------------------
Sat Oct 31 19:50:03 UTC 2015 - wr@rosenauer.org
- update to Firefox 42.0 (bnc#952810)
@@ -9,7 +17,49 @@
* WebRTC improvements
* Indicator added to tabs that play audio with one-click muting
* Media Source Extension for HTML5 video available for all sites
-- requires NSPR 4.10.10 and NSS 3.19.4
+ security fixes:
+ * MFSA 2015-116/CVE-2015-4513/CVE-2015-4514
+ Miscellaneous memory safety hazards
+ * MFSA 2015-117/CVE-2015-4515 (bmo#1046421)
+ Information disclosure through NTLM authentication
+ * MFSA 2015-118/CVE-2015-4518 (bmo#1182778, bmo#1136692)
+ CSP bypass due to permissive Reader mode whitelist
+ * MFSA 2015-119/CVE-2015-7185 (bmo#1149000) (Android only)
+ Firefox for Android addressbar can be removed after fullscreen mode
+ * MFSA 2015-120/CVE-2015-7186 (bmo#1193027) (Android only)
+ Reading sensitive profile files through local HTML file on Android
+ * MFSA 2015-121/CVE-2015-7187 (bmo#1195735)
+ disabling scripts in Add-on SDK panels has no effect
+ * MFSA 2015-122/CVE-2015-7188 (bmo#1199430)
+ Trailing whitespace in IP address hostnames can bypass same-origin policy
+ * MFSA 2015-123/CVE-2015-7189 (bmo#1205900)
+ Buffer overflow during image interactions in canvas
+ * MFSA 2015-124/CVE-2015-7190 (bmo#1208520) (Android only)
+ Android intents can be used on Firefox for Android to open privileged files
+ * MFSA 2015-125/CVE-2015-7191 (bmo#1208956) (Android only)
+ XSS attack through intents on Firefox for Android
+ * MFSA 2015-126/CVE-2015-7192 (bmo#1210023) (OS X only)
+ Crash when accessing HTML tables with accessibility tools on OS X
+ * MFSA 2015-127/CVE-2015-7193 (bmo#1210302)
+ CORS preflight is bypassed when non-standard Content-Type headers
+ are received
+ * MFSA 2015-128/CVE-2015-7194 (bmo#1211262)
+ Memory corruption in libjar through zip files
+ * MFSA 2015-129/CVE-2015-7195 (bmo#1211871)
+ Certain escaped characters in host of Location-header are being
+ treated as non-escaped
+ * MFSA 2015-130/CVE-2015-7196 (bmo#1140616)
+ JavaScript garbage collection crash with Java applet
+ * MFSA 2015-131/CVE-2015-7198/CVE-2015-7199/CVE-2015-7200
+ (bmo#1188010, bmo#1204061, bmo#1204155)
+ Vulnerabilities found through code inspection
+ * MFSA 2015-132/CVE-2015-7197 (bmo#1204269)
+ Mixed content WebSocket policy bypass through workers
+ * MFSA 2015-133/CVE-2015-7181/CVE-2015-7182/CVE-2015-7183
+ (bmo#1202868, bmo#1205157)
+ NSS and NSPR memory corruption issues
+ (fixed in mozilla-nspr and mozilla-nss packages)
+- requires NSPR >= 4.10.10 and NSS >= 3.19.4
- removed obsolete patches
* mozilla-arm-disable-edsp.patch
* mozilla-icu-strncat.patch
--- a/MozillaFirefox/MozillaFirefox.desktop Sat Oct 31 20:58:31 2015 +0100
+++ b/MozillaFirefox/MozillaFirefox.desktop Sun Dec 06 22:08:01 2015 +0100
@@ -10,3 +10,9 @@
StartupNotify=true
MimeType=text/html;text/xml;application/xhtml+xml;application/vnd.mozilla.xul+xml;text/mml;application/x-xpinstall;x-scheme-handler/http;x-scheme-handler/https;x-scheme-handler/ftp;
Type=Application
+
+Actions=PrivateBrowsing;
+
+[Desktop Action PrivateBrowsing]
+Name=New Private Browsing Window
+Exec=%EXEC --private-window %u
--- a/MozillaFirefox/MozillaFirefox.spec Sat Oct 31 20:58:31 2015 +0100
+++ b/MozillaFirefox/MozillaFirefox.spec Sun Dec 06 22:08:01 2015 +0100
@@ -18,9 +18,9 @@
# changed with every update
-%define major 41
-%define mainver %major.99
-%define update_channel beta
+%define major 42
+%define mainver %major.0
+%define update_channel release
%define releasedate 2015103000
# general build definitions
@@ -145,7 +145,6 @@
Patch6: mozilla-ntlm-full-path.patch
Patch7: mozilla-repo.patch
Patch8: mozilla-openaes-decl.patch
-Patch9: mozilla-bmo1005535.patch
Patch10: mozilla-no-stdcxx-check.patch
Patch11: mozilla-libproxy.patch
# Firefox/browser
@@ -255,7 +254,6 @@
%patch6 -p1
%patch7 -p1
%patch8 -p1
-#%patch9 -p1
%patch10 -p1
%patch11 -p1
# Firefox
--- a/MozillaFirefox/create-tar.sh Sat Oct 31 20:58:31 2015 +0100
+++ b/MozillaFirefox/create-tar.sh Sun Dec 06 22:08:01 2015 +0100
@@ -1,9 +1,9 @@
#!/bin/bash
-CHANNEL="beta"
+CHANNEL="release"
BRANCH="releases/mozilla-$CHANNEL"
-RELEASE_TAG="FIREFOX_42_0b9_RELEASE"
-VERSION="41.99"
+RELEASE_TAG="FIREFOX_42_0_RELEASE"
+VERSION="42.0"
# mozilla
if [ -d mozilla ]; then