author | Wolfgang Rosenauer <wr@rosenauer.org> |
Mon, 15 Aug 2016 13:29:52 +0200 | |
branch | firefox48 |
changeset 925 | 05d175c5957e |
parent 924 | 199d5cf40e86 |
child 926 | 6ab8b16f232c |
permissions | -rw-r--r-- |
893
86f72f1e98a4
prepare Gtk3 based builds on a feature branch
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
892
diff
changeset
|
1 |
------------------------------------------------------------------- |
925
05d175c5957e
added upstream patch so system plugins/extensions are correctly
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
924
diff
changeset
|
2 |
Mon Aug 15 11:24:00 UTC 2016 - wr@rosenauer.org |
05d175c5957e
added upstream patch so system plugins/extensions are correctly
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
924
diff
changeset
|
3 |
|
05d175c5957e
added upstream patch so system plugins/extensions are correctly
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
924
diff
changeset
|
4 |
- added upstream patch so system plugins/extensions are correctly |
05d175c5957e
added upstream patch so system plugins/extensions are correctly
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
924
diff
changeset
|
5 |
loaded again on x86-64 (bmo#1282843) |
05d175c5957e
added upstream patch so system plugins/extensions are correctly
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
924
diff
changeset
|
6 |
(mozilla-old_configure-bmo1282843.patch) |
05d175c5957e
added upstream patch so system plugins/extensions are correctly
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
924
diff
changeset
|
7 |
|
05d175c5957e
added upstream patch so system plugins/extensions are correctly
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
924
diff
changeset
|
8 |
------------------------------------------------------------------- |
923 | 9 |
Mon Aug 1 12:37:05 UTC 2016 - wr@rosenauer.org |
10 |
||
924 | 11 |
- update to Firefox 48.0 (boo#991809) |
923 | 12 |
* requires NSS 3.24 |
13 |
* Process separation (e10s) is enabled for some of you |
|
14 |
* Add-ons that have not been verified and signed by Mozilla will not load |
|
15 |
* WebRTC embetterments |
|
16 |
* The media parser has been redeveloped using the Rust programming |
|
17 |
language |
|
18 |
* better Canvas performance with speedy Skia support |
|
924 | 19 |
security fixes: |
20 |
* MFSA 2016-62/CVE-2016-2835/CVE-2016-2836 |
|
21 |
Miscellaneous memory safety hazards |
|
22 |
* MFSA 2016-63/CVE-2016-2830 (bmo#1255270) |
|
23 |
Favicon network connection can persist when page is closed |
|
24 |
* MFSA 2016-64/CVE-2016-2838 (bmo#1279814) |
|
25 |
Buffer overflow rendering SVG with bidirectional content |
|
26 |
* MFSA 2016-65/CVE-2016-2839 (bmo#1275339) |
|
27 |
Cairo rendering crash due to memory allocation issue with FFmpeg 0.10 |
|
28 |
* MFSA 2016-66/CVE-2016-5251 (bmo#1255570) |
|
29 |
Location bar spoofing via data URLs with malformed/invalid mediatypes |
|
30 |
* MFSA 2016-67/CVE-2016-5252 (bmo#1268854) |
|
31 |
Stack underflow during 2D graphics rendering |
|
32 |
* MFSA 2016-68/CVE-2016-0718 (bmo#1236923) |
|
33 |
Out-of-bounds read during XML parsing in Expat library |
|
34 |
* MFSA 2016-69/CVE-2016-5253 (bmo#1246944) |
|
35 |
Arbitrary file manipulation by local user through Mozilla updater |
|
36 |
and callback application path parameter (Windows-only) |
|
37 |
* MFSA 2016-70/CVE-2016-5254 (bmo#1266963) |
|
38 |
Use-after-free when using alt key and toplevel menus |
|
39 |
* MFSA 2016-71/CVE-2016-5255 (bmo#1212356) |
|
40 |
Crash in incremental garbage collection in JavaScript |
|
41 |
* MFSA 2016-72/CVE-2016-5258 (bmo#1279146) |
|
42 |
Use-after-free in DTLS during WebRTC session shutdown |
|
43 |
* MFSA 2016-73/CVE-2016-5259 (bmo#1282992) |
|
44 |
Use-after-free in service workers with nested sync events |
|
45 |
* MFSA 2016-74/CVE-2016-5260 (bmo#1280294) |
|
46 |
Form input type change from password to text can store plain |
|
47 |
text password in session restore file |
|
48 |
* MFSA 2016-75/CVE-2016-5261 (bmo#1287266) |
|
49 |
Integer overflow in WebSockets during data buffering |
|
50 |
* MFSA 2016-76/CVE-2016-5262 (bmo#1277475) |
|
51 |
Scripts on marquee tag can execute in sandboxed iframes |
|
52 |
* MFSA 2016-77/CVE-2016-2837 (bmo#1274637) |
|
53 |
Buffer overflow in ClearKey Content Decryption Module (CDM) |
|
54 |
during video playback |
|
55 |
* MFSA 2016-78/CVE-2016-5263 (bmo#1276897) |
|
56 |
Type confusion in display transformation |
|
57 |
* MFSA 2016-79/CVE-2016-5264 (bmo#1286183) |
|
58 |
Use-after-free when applying SVG effects |
|
59 |
* MFSA 2016-80/CVE-2016-5265 (bmo#1278013) |
|
60 |
Same-origin policy violation using local HTML file and saved shortcut file |
|
61 |
* MFSA 2016-81/CVE-2016-5266 (bmo#1226977) |
|
62 |
Information disclosure and local file manipulation through drag and drop |
|
63 |
* MFSA 2016-82/CVE-2016-5267 (bmo#1284372) |
|
64 |
Addressbar spoofing with right-to-left characters on Firefox for Android |
|
65 |
(Android only) |
|
66 |
* MFSA 2016-83/CVE-2016-5268 (bmo#1253673) |
|
67 |
Spoofing attack through text injection into internal error pages |
|
68 |
* MFSA 2016-84/CVE-2016-5250 (bmo#1254688) |
|
69 |
Information disclosure through Resource Timing API during page navigation |
|
923 | 70 |
- removed obsolete mozilla-gcc6.patch |
71 |
||
72 |
------------------------------------------------------------------- |
|
921
4f801233e935
merge contributions from OBS
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
920
diff
changeset
|
73 |
Fri Jul 29 01:26:13 UTC 2016 - badshah400@gmail.com |
4f801233e935
merge contributions from OBS
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
920
diff
changeset
|
74 |
|
4f801233e935
merge contributions from OBS
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
920
diff
changeset
|
75 |
- Update description and screenshots in appdata.xml file. |
4f801233e935
merge contributions from OBS
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
920
diff
changeset
|
76 |
|
4f801233e935
merge contributions from OBS
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
920
diff
changeset
|
77 |
------------------------------------------------------------------- |
4f801233e935
merge contributions from OBS
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
920
diff
changeset
|
78 |
Sat Jul 23 20:13:08 UTC 2016 - antoine.belvire@laposte.net |
4f801233e935
merge contributions from OBS
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
920
diff
changeset
|
79 |
|
4f801233e935
merge contributions from OBS
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
920
diff
changeset
|
80 |
- Fix Firefox crash on startup on i586 (boo#986541): |
4f801233e935
merge contributions from OBS
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
920
diff
changeset
|
81 |
* Add -fno-delete-null-pointer-checks and |
4f801233e935
merge contributions from OBS
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
920
diff
changeset
|
82 |
-fno-inline-small-functions to CFLAGS |
4f801233e935
merge contributions from OBS
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
920
diff
changeset
|
83 |
|
4f801233e935
merge contributions from OBS
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
920
diff
changeset
|
84 |
------------------------------------------------------------------- |
4f801233e935
merge contributions from OBS
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
920
diff
changeset
|
85 |
Tue Jul 19 20:12:11 UTC 2016 - mailaender@opensuse.org |
4f801233e935
merge contributions from OBS
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
920
diff
changeset
|
86 |
|
4f801233e935
merge contributions from OBS
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
920
diff
changeset
|
87 |
- Update the appdata.xml file (replace Windows XP screenshot) |
4f801233e935
merge contributions from OBS
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
920
diff
changeset
|
88 |
|
4f801233e935
merge contributions from OBS
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
920
diff
changeset
|
89 |
------------------------------------------------------------------- |
4f801233e935
merge contributions from OBS
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
920
diff
changeset
|
90 |
Wed Jun 29 09:25:41 UTC 2016 - astieger@suse.com |
4f801233e935
merge contributions from OBS
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
920
diff
changeset
|
91 |
|
4f801233e935
merge contributions from OBS
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
920
diff
changeset
|
92 |
- Mozilla Firefox 47.0.1: |
4f801233e935
merge contributions from OBS
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
920
diff
changeset
|
93 |
* Selenium WebDriver may cause Firefox to crash at startup |
4f801233e935
merge contributions from OBS
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
920
diff
changeset
|
94 |
(bmo#1280854) |
4f801233e935
merge contributions from OBS
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
920
diff
changeset
|
95 |
|
4f801233e935
merge contributions from OBS
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
920
diff
changeset
|
96 |
------------------------------------------------------------------- |
920
4e5807284ef0
https://bugzilla.opensuse.org/show_bug.cgi?id=984637
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
919
diff
changeset
|
97 |
Wed Jun 15 07:52:18 UTC 2016 - wr@rosenauer.org |
4e5807284ef0
https://bugzilla.opensuse.org/show_bug.cgi?id=984637
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
919
diff
changeset
|
98 |
|
4e5807284ef0
https://bugzilla.opensuse.org/show_bug.cgi?id=984637
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
919
diff
changeset
|
99 |
- mozilla-binutils-visibility.patch to fix build issues with |
921
4f801233e935
merge contributions from OBS
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
920
diff
changeset
|
100 |
gcc/binutils combination used in Leap 42.2 (boo#984637) |
920
4e5807284ef0
https://bugzilla.opensuse.org/show_bug.cgi?id=984637
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
919
diff
changeset
|
101 |
|
4e5807284ef0
https://bugzilla.opensuse.org/show_bug.cgi?id=984637
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
919
diff
changeset
|
102 |
------------------------------------------------------------------- |
919
6838f0c032f8
-------------------------------------------------------------------
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
916
diff
changeset
|
103 |
Tue Jun 14 08:35:03 UTC 2016 - badshah400@gmail.com |
6838f0c032f8
-------------------------------------------------------------------
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
916
diff
changeset
|
104 |
|
6838f0c032f8
-------------------------------------------------------------------
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
916
diff
changeset
|
105 |
- Update mozilla-gtk3_20.patch to latest version from Fedora. |
6838f0c032f8
-------------------------------------------------------------------
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
916
diff
changeset
|
106 |
|
6838f0c032f8
-------------------------------------------------------------------
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
916
diff
changeset
|
107 |
------------------------------------------------------------------- |
6838f0c032f8
-------------------------------------------------------------------
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
916
diff
changeset
|
108 |
Mon Jun 13 20:28:01 UTC 2016 - agraf@suse.com |
6838f0c032f8
-------------------------------------------------------------------
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
916
diff
changeset
|
109 |
|
6838f0c032f8
-------------------------------------------------------------------
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
916
diff
changeset
|
110 |
- Fix running on 48bit va aarch64 (bsc#984126) |
6838f0c032f8
-------------------------------------------------------------------
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
916
diff
changeset
|
111 |
* add patch mozilla-aarch64-48bit-va.patch |
6838f0c032f8
-------------------------------------------------------------------
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
916
diff
changeset
|
112 |
|
6838f0c032f8
-------------------------------------------------------------------
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
916
diff
changeset
|
113 |
------------------------------------------------------------------- |
6838f0c032f8
-------------------------------------------------------------------
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
916
diff
changeset
|
114 |
Mon Jun 13 15:27:13 UTC 2016 - wr@rosenauer.org |
6838f0c032f8
-------------------------------------------------------------------
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
916
diff
changeset
|
115 |
|
6838f0c032f8
-------------------------------------------------------------------
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
916
diff
changeset
|
116 |
- fix XUL dialog button order under KDE session (boo#984403) |
6838f0c032f8
-------------------------------------------------------------------
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
916
diff
changeset
|
117 |
|
6838f0c032f8
-------------------------------------------------------------------
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
916
diff
changeset
|
118 |
------------------------------------------------------------------- |
916 | 119 |
Tue Jun 7 19:47:25 UTC 2016 - wr@rosenauer.org |
120 |
||
121 |
- update to Firefox 47.0 (boo#983549) |
|
122 |
* Enable VP9 video codec for users with fast machines |
|
123 |
* Embedded YouTube videos now play with HTML5 video if Flash is |
|
124 |
not installed |
|
125 |
* View and search open tabs from your smartphone or another |
|
126 |
computer in a sidebar |
|
127 |
* Allow no-cache on back/forward navigations for https resources |
|
128 |
security fixes: |
|
129 |
* MFSA 2016-49/CVE-2016-2815/CVE-2016-2818 |
|
130 |
(boo#983638) |
|
131 |
(bmo#1241896, bmo#1242798, bmo#1243466, bmo#1245743, |
|
132 |
bmo#1264300, bmo#1271037, bmo#1234147, bmo#1256493, |
|
133 |
bmo#1256739, bmo#1256968, bmo#1261230, bmo#1261752, |
|
134 |
bmo#1263384, bmo#1264575, bmo#1265577, bmo#1267130, |
|
135 |
bmo#1269729, bmo#1273202, bmo#1273701) |
|
136 |
Miscellaneous memory safety hazards (rv:47.0 / rv:45.2) |
|
137 |
* MFSA 2016-50/CVE-2016-2819 (boo#983655) (bmo#1270381) |
|
138 |
Buffer overflow parsing HTML5 fragments |
|
139 |
* MFSA 2016-51/CVE-2016-2821 (bsc#983653) (bmo#1271460) |
|
140 |
Use-after-free deleting tables from a contenteditable document |
|
141 |
* MFSA 2016-52/CVE-2016-2822 (boo#983652) (bmo#1273129) |
|
142 |
Addressbar spoofing though the SELECT element |
|
143 |
* MFSA 2016-53/CVE-2016-2824 (boo#983651) (bmo#1248580) |
|
144 |
Out-of-bounds write with WebGL shader |
|
145 |
* MFSA 2016-54/CVE-2016-2825 (boo#983649) (bmo#1193093) |
|
146 |
Partial same-origin-policy through setting location.host |
|
147 |
through data URI |
|
148 |
* MFSA 2016-56/CVE-2016-2828 (boo#983646) (bmo#1223810) |
|
149 |
Use-after-free when textures are used in WebGL operations |
|
150 |
after recycle pool destruction |
|
151 |
* MFSA 2016-57/CVE-2016-2829 (boo#983644) (bmo#1248329) |
|
152 |
Incorrect icon displayed on permissions notifications |
|
153 |
* MFSA 2016-58/CVE-2016-2831 (boo#983643) (bmo#1261933) |
|
154 |
Entering fullscreen and persistent pointerlock without user |
|
155 |
permission |
|
156 |
* MFSA 2016-59/CVE-2016-2832 (boo#983632) (bmo#1025267) |
|
157 |
Information disclosure of disabled plugins through CSS |
|
158 |
pseudo-classes |
|
159 |
* MFSA 2016-60/CVE-2016-2833 (boo#983640) (bmo#908933) |
|
160 |
Java applets bypass CSP protections |
|
161 |
* MFSA 2016-62/CVE-2016-2834 (boo#983639) (bmo#1206283, |
|
162 |
bmo#1221620, bmo#1241034, bmo#1241037) |
|
163 |
Network Security Services (NSS) vulnerabilities |
|
164 |
fixed by requiring NSS 3.23 |
|
165 |
packaging changes: |
|
166 |
* cleanup configure options (boo#981695): |
|
167 |
- notably remove GStreamer support which is gone from FF |
|
168 |
* remove obsolete patches |
|
169 |
- mozilla-libproxy.patch |
|
170 |
- mozilla-repo.patch |
|
171 |
||
172 |
------------------------------------------------------------------- |
|
173 |
Wed May 25 16:36:23 UTC 2016 - badshah400@gmail.com |
|
174 |
||
175 |
- The conditional testing for gcc was failing for different |
|
176 |
openSUSE versions, drop it and apply patches unconditionally. |
|
177 |
||
178 |
------------------------------------------------------------------- |
|
179 |
Mon May 23 15:30:27 UTC 2016 - badshah400@gmail.com |
|
180 |
||
181 |
- Add patches to fix building with gcc6: |
|
182 |
+ mozilla-gcc6.patch: fix building with gcc >= 6.1; patch |
|
183 |
taken from upstream: |
|
184 |
https://hg.mozilla.org/mozilla-central/rev/55212130f19d. |
|
185 |
+ mozilla-exclude-nametablecpp.patch: Exclude NameTable.cpp |
|
186 |
from unified compilation because #include <cmath> in other |
|
187 |
source files causes gcc6 compilation failure; patch taken from |
|
188 |
upstream: |
|
189 |
https://hg.mozilla.org/mozilla-central/rev/9c57b7cacffc. |
|
190 |
||
191 |
------------------------------------------------------------------- |
|
192 |
Fri May 13 00:00:00 CEST 2016 - dsterba@suse.cz |
|
193 |
||
194 |
- enable build with PIE and full relro on x86_64 (boo#980384) |
|
195 |
||
196 |
------------------------------------------------------------------- |
|
914 | 197 |
Wed May 4 10:27:43 UTC 2016 - wr@rosenauer.org |
198 |
||
199 |
- update to Firefox 46.0.1 |
|
200 |
Fixed: |
|
201 |
* Search plugin issue for various locales |
|
202 |
* Add-on signing certificate expiration |
|
203 |
* Service worker update issue |
|
204 |
* Build issue when jit is disabled |
|
205 |
* Limit Sync registration updates |
|
206 |
- removed now obsolete mozilla-jit_branch64.patch |
|
207 |
||
208 |
------------------------------------------------------------------- |
|
913 | 209 |
Tue May 3 15:47:18 UTC 2016 - normand@linux.vnet.ibm.com |
210 |
||
211 |
- add mozilla-jit_branch64.patch to avoid PowerPC build failure |
|
212 |
(from bmo#1266366) |
|
213 |
||
214 |
------------------------------------------------------------------- |
|
909 | 215 |
Wed Apr 27 08:39:28 UTC 2016 - badshah400@gmail.com |
216 |
||
217 |
- Update mozilla-gtk3_20.patch for Firefox 46.0 (sync to latest |
|
218 |
version from Fedora). |
|
219 |
||
220 |
------------------------------------------------------------------- |
|
221 |
Wed Apr 27 06:09:30 UTC 2016 - wr@rosenauer.org |
|
222 |
||
223 |
- update to Firefox 46.0 (boo#977333) |
|
224 |
* Improved security of the JavaScript Just In Time (JIT) Compiler |
|
225 |
* WebRTC fixes to improve performance and stability |
|
226 |
* Added support for document.elementsFromPoint |
|
227 |
* Added HKDF support for Web Crypto API |
|
228 |
* requires NSPR 4.12 and NSS 3.22.3 |
|
229 |
* added patch to fix unchecked return value |
|
230 |
mozilla-check_return.patch |
|
231 |
* Gtk3 builds not supported at the moment |
|
232 |
security fixes: |
|
233 |
* MFSA 2016-39/CVE-2016-2804/CVE-2016-2806/CVE-2016-2807 |
|
913 | 234 |
(boo#977373, boo#977375, boo#977376) |
909 | 235 |
Miscellaneous memory safety hazards |
913 | 236 |
* MFSA 2016-40/CVE-2016-2809 (bmo#1212939, boo#977377) |
909 | 237 |
Privilege escalation through file deletion by Maintenance Service updater |
238 |
(Windows only) |
|
913 | 239 |
* MFSA 2016-41/CVE-2016-2810 (bmo#1229681, boo#977378) |
909 | 240 |
Content provider permission bypass allows malicious application |
241 |
to access data (Android only) |
|
913 | 242 |
* MFSA 2016-42/CVE-2016-2811/CVE-2016-2812 |
243 |
(bmo#1252330, bmo#1261776, boo#977379) |
|
909 | 244 |
Use-after-free and buffer overflow in Service Workers |
913 | 245 |
* MFSA 2016-43/CVE-2016-2813 (bmo#1197901, bmo#2714650, boo#977380) |
909 | 246 |
Disclosure of user actions through JavaScript with motion and |
247 |
orientation sensors (only affects mobile variants) |
|
913 | 248 |
* MFSA 2016-44/CVE-2016-2814 (bmo#1254721, boo#977381) |
909 | 249 |
Buffer overflow in libstagefright with CENC offsets |
913 | 250 |
* MFSA 2016-45/CVE-2016-2816 (bmo#1223743, boo#977382) |
909 | 251 |
CSP not applied to pages sent with multipart/x-mixed-replace |
913 | 252 |
* MFSA 2016-46/CVE-2016-2817 (bmo#1227462, boo#977384) |
909 | 253 |
Elevation of privilege with chrome.tabs.update API in web extensions |
913 | 254 |
* MFSA 2016-47/CVE-2016-2808 (bmo#1246061, boo#977386) |
909 | 255 |
Write to invalid HashMap entry through JavaScript.watch() |
913 | 256 |
* MFSA 2016-48/CVE-2016-2820 (bmo#870870, boo#977388) |
909 | 257 |
Firefox Health Reports could accept events from untrusted domains |
258 |
||
259 |
------------------------------------------------------------------- |
|
908
b29b47737173
sync from mozilla:Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
907
diff
changeset
|
260 |
Thu Apr 21 12:00:28 UTC 2016 - badshah400@gmail.com |
b29b47737173
sync from mozilla:Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
907
diff
changeset
|
261 |
|
b29b47737173
sync from mozilla:Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
907
diff
changeset
|
262 |
- Update mozilla-gtk3_20.patch to fix scrollbar appearance under |
b29b47737173
sync from mozilla:Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
907
diff
changeset
|
263 |
gtk >= 3.20 (patch synced to Fedora's version). |
b29b47737173
sync from mozilla:Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
907
diff
changeset
|
264 |
|
b29b47737173
sync from mozilla:Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
907
diff
changeset
|
265 |
------------------------------------------------------------------- |
907 | 266 |
Tue Apr 12 19:11:30 UTC 2016 - badshah400@gmail.com |
267 |
||
268 |
- Compile against gtk3 depending on whether the macro |
|
269 |
%firefox_use_gtk3 is defined or not (e.g., at the prjconf |
|
270 |
level); macro is undefined by default and so gtk2 is used as the |
|
271 |
default toolkit. |
|
272 |
- Add BuildRequires for additional packages needed when building |
|
273 |
against gtk3: pkgconfig(glib-2.0), pkgconfig(gobject-2.0), |
|
274 |
pkgconfig(gtk+-3.0) >= 3.4.0, pkgconfig(gtk+-unix-print-3.0). |
|
275 |
- Add firefox-gtk3_20.patch to fix appearance with gtk3 >= 3.20; |
|
276 |
patch taken from Fedora (bmo#1230955). |
|
277 |
||
278 |
------------------------------------------------------------------- |
|
906 | 279 |
Mon Apr 11 22:49:24 UTC 2016 - astieger@suse.com |
280 |
||
281 |
- Mozilla Firefox 45.0.2: |
|
282 |
* Fix an issue impacting the cookie header when third-party |
|
283 |
cookies are blocked (bmo#1257861) |
|
284 |
* Fix a web compatibility regression impacting the srcset |
|
285 |
attribute of the image tag (bmo#1259482) |
|
286 |
* Fix a crash impacting the video playback with Media Source |
|
287 |
Extension (bmo#1258562) |
|
288 |
* Fix a regression impacting some specific uploads (bmo#1255735) |
|
289 |
* Fix a regression with the copy and paste with some old versions |
|
290 |
of some Gecko applications like Thunderbird (bmo#1254980) |
|
291 |
||
292 |
------------------------------------------------------------------- |
|
293 |
Fri Mar 18 08:52:58 UTC 2016 - astieger@suse.com |
|
294 |
||
295 |
- Mozilla Firefox 45.0.1: |
|
296 |
* Fix a regression causing search engine settings to be lost in |
|
297 |
some context (bmo#1254694) |
|
298 |
* Bring back non-standard jar: URIs to fix a regression in IBM |
|
299 |
iNotes (bmo#1255139) |
|
300 |
* XSLTProcessor.importStylesheet was failing when <import> was |
|
301 |
used (bmo#1249572) |
|
302 |
* Fix an issue which could cause the list of search provider to |
|
303 |
be empty (bmo#1255605) |
|
304 |
* Fix a regression when using the location bar (bmo#1254503) |
|
305 |
* Fix some loading issues when Accept third-party cookies: was |
|
306 |
set to Never (bmo#1254856) |
|
307 |
* Disabled Graphite font shaping library |
|
308 |
||
309 |
------------------------------------------------------------------- |
|
904 | 310 |
Sun Mar 6 19:52:13 UTC 2016 - wr@rosenauer.org |
311 |
||
906 | 312 |
- update to Firefox 45.0 (boo#969894) |
904 | 313 |
* requires NSPR 4.12 / NSS 3.21.1 |
314 |
* Instant browser tab sharing through Hello |
|
315 |
* Synced Tabs button in button bar |
|
316 |
* Tabs synced via Firefox Accounts from other devices are now shown |
|
317 |
in dropdown area of Awesome Bar when searching |
|
318 |
* Introduce a new preference (network.dns.blockDotOnion) to allow |
|
319 |
blocking .onion at the DNS level |
|
320 |
* Tab Groups (Panorama) feature removed |
|
906 | 321 |
* MFSA 2016-16/CVE-2016-1952/CVE-2016-1953 |
322 |
Miscellaneous memory safety hazards |
|
323 |
* MFSA 2016-17/CVE-2016-1954 (bmo#1243178) |
|
324 |
Local file overwriting and potential privilege escalation through |
|
325 |
CSP reports |
|
326 |
* MFSA 2016-18/CVE-2016-1955 (bmo#1208946) |
|
327 |
CSP reports fail to strip location information for embedded iframe pages |
|
328 |
* MFSA 2016-19/CVE-2016-1956 (bmo#1199923) |
|
329 |
Linux video memory DOS with Intel drivers |
|
330 |
* MFSA 2016-20/CVE-2016-1957 (bmo#1227052) |
|
331 |
Memory leak in libstagefright when deleting an array during MP4 |
|
332 |
processing |
|
333 |
* MFSA 2016-21/CVE-2016-1958 (bmo#1228754) |
|
334 |
Displayed page address can be overridden |
|
335 |
* MFSA 2016-22/CVE-2016-1959 (bmo#1234949) |
|
336 |
Service Worker Manager out-of-bounds read in Service Worker Manager |
|
337 |
* MFSA 2016-23/CVE-2016-1960/ZDI-CAN-3545 (bmo#1246014) |
|
338 |
Use-after-free in HTML5 string parser |
|
339 |
* MFSA 2016-24/CVE-2016-1961/ZDI-CAN-3574 (bmo#1249377) |
|
340 |
Use-after-free in SetBody |
|
341 |
* MFSA 2016-25/CVE-2016-1962 (bmo#1240760) |
|
342 |
Use-after-free when using multiple WebRTC data channels |
|
343 |
* MFSA 2016-26/CVE-2016-1963 (bmo#1238440) |
|
344 |
Memory corruption when modifying a file being read by FileReader |
|
345 |
* MFSA 2016-27/CVE-2016-1964 (bmo#1243335) |
|
346 |
Use-after-free during XML transformations |
|
347 |
* MFSA 2016-28/CVE-2016-1965 (bmo#1245264) |
|
348 |
Addressbar spoofing though history navigation and Location protocol |
|
349 |
property |
|
350 |
* MFSA 2016-29/CVE-2016-1967 (bmo#1246956) |
|
351 |
Same-origin policy violation using perfomance.getEntries and |
|
352 |
history navigation with session restore |
|
353 |
* MFSA 2016-30/CVE-2016-1968 (bmo#1246742) |
|
354 |
Buffer overflow in Brotli decompression |
|
355 |
* MFSA 2016-31/CVE-2016-1966 (bmo#1246054) |
|
356 |
Memory corruption with malicious NPAPI plugin |
|
357 |
* MFSA 2016-32/CVE-2016-1970/CVE-2016-1971/CVE-2016-1975/ |
|
358 |
CVE-2016-1976/CVE-2016-1972 |
|
359 |
WebRTC and LibVPX vulnerabilities found through code inspection |
|
360 |
* MFSA 2016-33/CVE-2016-1973 (bmo#1219339) |
|
361 |
Use-after-free in GetStaticInstance in WebRTC |
|
362 |
* MFSA 2016-34/CVE-2016-1974 (bmo#1228103) |
|
363 |
Out-of-bounds read in HTML parser following a failed allocation |
|
364 |
* MFSA 2016-35/CVE-2016-1950 (bmo#1245528) |
|
365 |
Buffer overflow during ASN.1 decoding in NSS |
|
366 |
(fixed by requiring 3.21.1) |
|
367 |
* MFSA 2016-36/CVE-2016-1979 (bmo#1185033) |
|
368 |
Use-after-free during processing of DER encoded keys in NSS |
|
369 |
(fixed by requiring 3.21.1) |
|
370 |
* MFSA 2016-37/CVE-2016-1977/CVE-2016-2790/CVE-2016-2791/ |
|
371 |
CVE-2016-2792/CVE-2016-2793/CVE-2016-2794/CVE-2016-2795/ |
|
372 |
CVE-2016-2796/CVE-2016-2797/CVE-2016-2798/CVE-2016-2799/ |
|
373 |
CVE-2016-2800/CVE-2016-2801/CVE-2016-2802 |
|
374 |
Font vulnerabilities in the Graphite 2 library |
|
904 | 375 |
|
376 |
------------------------------------------------------------------- |
|
377 |
Sat Mar 5 15:27:00 UTC 2016 - olaf@aepfle.de |
|
378 |
||
379 |
- Remove B_CNT from symbols.zip filename to reduce build-compare noise |
|
380 |
||
381 |
------------------------------------------------------------------- |
|
903 | 382 |
Fri Feb 26 16:22:52 UTC 2016 - astieger@suse.com |
383 |
||
384 |
- fix build problems on i586, caused by too large unified compile |
|
385 |
units - adding mozilla-reduce-files-per-UnifiedBindings.patch |
|
386 |
||
387 |
------------------------------------------------------------------- |
|
388 |
Thu Feb 11 07:51:34 UTC 2016 - wr@rosenauer.org |
|
389 |
||
390 |
- update to Firefox 44.0.2 |
|
391 |
* MFSA 2016-13/CVE-2016-1949 (bmo#1245724, boo#966438) |
|
392 |
Same-origin-policy violation using Service Workers with plugins |
|
393 |
* Fix issue which could lead to the removal of stored passwords |
|
394 |
under certain circumstances (bmo#1242176) |
|
395 |
* Allows spaces in cookie names (bmo#1244505) |
|
396 |
* Disable opus/vorbis audio with H.264 (bmo#1245696) |
|
397 |
* Fix for graphics startup crash (GNU/Linux) (bmo#1222171) |
|
398 |
* Fix a crash in cache networking (bmo#1244076) |
|
399 |
* Fix using WebSockets in service worker controlled pages (bmo#1243942) |
|
400 |
||
401 |
------------------------------------------------------------------- |
|
908
b29b47737173
sync from mozilla:Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
907
diff
changeset
|
402 |
Sat Jan 30 08:28:17 UTC 2016 - dmueller@suse.com |
b29b47737173
sync from mozilla:Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
907
diff
changeset
|
403 |
|
b29b47737173
sync from mozilla:Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
907
diff
changeset
|
404 |
- build fixes for arm/aarch64: |
b29b47737173
sync from mozilla:Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
907
diff
changeset
|
405 |
* disable webrtc for arm/aarch64 |
b29b47737173
sync from mozilla:Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
907
diff
changeset
|
406 |
* switch away from openGL-ES backend to default for arm/aarch64 |
b29b47737173
sync from mozilla:Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
907
diff
changeset
|
407 |
since it almost never builds |
b29b47737173
sync from mozilla:Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
907
diff
changeset
|
408 |
* reenable neon |
b29b47737173
sync from mozilla:Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
907
diff
changeset
|
409 |
- reenable webrtc for powerpc as it seems to build |
b29b47737173
sync from mozilla:Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
907
diff
changeset
|
410 |
|
b29b47737173
sync from mozilla:Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
907
diff
changeset
|
411 |
------------------------------------------------------------------- |
900 | 412 |
Sun Jan 24 09:33:15 UTC 2016 - wr@rosenauer.org |
413 |
||
902 | 414 |
- update to Firefox 44.0 |
415 |
* MFSA 2016-01/CVE-2016-1930/CVE-2016-1931 boo#963633 |
|
416 |
Miscellaneous memory safety hazards |
|
417 |
* MFSA 2016-02/CVE-2016-1933 (bmo#1231761) boo#963634 |
|
418 |
Out of Memory crash when parsing GIF format images |
|
419 |
* MFSA 2016-03/CVE-2016-1935 (bmo#1220450) boo#963635 |
|
420 |
Buffer overflow in WebGL after out of memory allocation |
|
421 |
* MFSA 2016-04/CVE-2015-7208/CVE-2016-1939 (bmo#1191423, bmo#1233784) boo#963637 |
|
422 |
Firefox allows for control characters to be set in cookie names |
|
423 |
* MFSA 2016-06/CVE-2016-1937 (bmo#724353) boo#963641 |
|
424 |
Missing delay following user click events in protocol handler dialog |
|
425 |
* MFSA 2016-07/CVE-2016-1938 (bmo#1190248) boo#963731 |
|
426 |
Errors in mp_div and mp_exptmod cryptographic functions in NSS |
|
427 |
(fixed by requiring NSS 3.21) |
|
428 |
* MFSA 2016-09/CVE-2016-1942/CVE-2016-1943 (bmo#1189082, bmo#1228590) |
|
429 |
Addressbar spoofing attacks boo#963643 |
|
430 |
* MFSA 2016-10/CVE-2016-1944/CVE-2016-1945/CVE-2016-1946 |
|
431 |
(bmo#1186621, bmo#1214782, bmo#1232096) boo#963644 |
|
432 |
Unsafe memory manipulation found through code inspection |
|
433 |
* MFSA 2016-11/CVE-2016-1947 (bmo#1237103) boo#963645 |
|
434 |
Application Reputation service disabled in Firefox 43 |
|
899 | 435 |
* requires NSPR 4.11 |
436 |
* requires NSS 3.21 |
|
896
2b664b26b6b2
change was after submission
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
895
diff
changeset
|
437 |
- prepare mozilla-kde.patch for Gtk3 builds |
899 | 438 |
- rebased patches |
896
2b664b26b6b2
change was after submission
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
895
diff
changeset
|
439 |
|
2b664b26b6b2
change was after submission
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
895
diff
changeset
|
440 |
------------------------------------------------------------------- |
897 | 441 |
Mon Jan 11 08:04:24 UTC 2016 - astieger@suse.com |
442 |
||
443 |
- Mozilla Firefox 43.0.4: |
|
444 |
* Re-enable SHA-1 certificates to prevent outdated |
|
445 |
man-in-the-middle security devices from interfering with |
|
446 |
properly secured SSL/TLS connections (bmo#1236975) |
|
447 |
* Fix for startup crash for users of a third party antivirus tool |
|
448 |
(bmo#1235537) |
|
449 |
- The following change was previously in the package as a patch: |
|
450 |
* Multi-user GNU/Linux download folders can be created |
|
451 |
(bmo#1233434), removed mozilla-bmo1233434.patch |
|
452 |
||
453 |
------------------------------------------------------------------- |
|
895
b0e57b478b1b
merge change from mozilla:Factory (libXcomposite-devel requirement)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
894
diff
changeset
|
454 |
Tue Dec 29 20:29:35 UTC 2015 - wr@rosenauer.org |
892 | 455 |
|
456 |
- update to Firefox 43.0.3 |
|
457 |
* requires NSS 3.20.2 to fix |
|
458 |
MFSA 2015-150/CVE-2015-7575 (bmo#1158489) |
|
459 |
MD5 signatures accepted within TLS 1.2 ServerKeyExchange in |
|
460 |
server signature |
|
461 |
* various changes to support Windows update (SHA-1 vs. SHA-2) |
|
462 |
* workaround Youtube user agent detection issue (bmo#1233970) |
|
463 |
- fix file download regression for multi user systems |
|
464 |
(bmo#1233434) (mozilla-bmo1233434.patch) |
|
895
b0e57b478b1b
merge change from mozilla:Factory (libXcomposite-devel requirement)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
894
diff
changeset
|
465 |
- explicitely requires libXcomposite-devel |
892 | 466 |
|
467 |
------------------------------------------------------------------- |
|
890 | 468 |
Sun Dec 13 23:07:56 UTC 2015 - wr@rosenauer.org |
469 |
||
470 |
- update to Firefox 43.0 (bnc#959277) |
|
889 | 471 |
* Improved API support for m4v video playback |
472 |
* Users can opt-in to receive search suggestions from the Awesome Bar |
|
473 |
* WebRTC streaming on multiple monitors |
|
474 |
* User selectable second block list for Private Browsing's Tracking |
|
475 |
Protection |
|
890 | 476 |
security fixes: |
477 |
* MFSA 2015-134/CVE-2015-7201/CVE-2015-7202 |
|
478 |
Miscellaneous memory safety hazards |
|
479 |
* MFSA 2015-135/CVE-2015-7204 (bmo#1216130) |
|
480 |
Crash with JavaScript variable assignment with unboxed objects |
|
481 |
* MFSA 2015-136/CVE-2015-7207 (bmo#1185256) |
|
482 |
Same-origin policy violation using perfomance.getEntries and |
|
483 |
history navigation |
|
484 |
* MFSA 2015-137/CVE-2015-7208 (bmo#1191423) |
|
485 |
Firefox allows for control characters to be set in cookies |
|
486 |
* MFSA 2015-138/CVE-2015-7210 (bmo#1218326) |
|
487 |
Use-after-free in WebRTC when datachannel is used after being |
|
488 |
destroyed |
|
489 |
* MFSA 2015-139/CVE-2015-7212 (bmo#1222809) |
|
490 |
Integer overflow allocating extremely large textures |
|
491 |
* MFSA 2015-140/CVE-2015-7215 (bmo#1160890) |
|
492 |
Cross-origin information leak through web workers error events |
|
493 |
* MFSA 2015-141/CVE-2015-7211 (bmo#1221444) |
|
494 |
Hash in data URI is incorrectly parsed |
|
495 |
* MFSA 2015-142/CVE-2015-7218/CVE-2015-7219 (bmo#1194818, bmo#1194820) |
|
496 |
DOS due to malformed frames in HTTP/2 |
|
497 |
* MFSA 2015-143/CVE-2015-7216/CVE-2015-7217 (bmo#1197059, bmo#1203078) |
|
498 |
Linux file chooser crashes on malformed images due to flaws in |
|
499 |
Jasper library |
|
500 |
* MFSA 2015-144/CVE-2015-7203/CVE-2015-7220/CVE-2015-7221 |
|
501 |
(bmo#1201183, bmo#1178033, bmo#1199400) |
|
502 |
Buffer overflows found through code inspection |
|
503 |
* MFSA 2015-145/CVE-2015-7205 (bmo#1220493) |
|
504 |
Underflow through code inspection |
|
505 |
* MFSA 2015-146/CVE-2015-7213 (bmo#1206211) |
|
506 |
Integer overflow in MP4 playback in 64-bit versions |
|
507 |
* MFSA 2015-147/CVE-2015-7222 (bmo#1216748) |
|
508 |
Integer underflow and buffer overflow processing MP4 metadata in |
|
509 |
libstagefright |
|
510 |
* MFSA 2015-148/CVE-2015-7223 (bmo#1226423) |
|
511 |
Privilege escalation vulnerabilities in WebExtension APIs |
|
512 |
* MFSA 2015-149/CVE-2015-7214 (bmo#1228950) |
|
513 |
Cross-site reading attack through data and view-source URIs |
|
889 | 514 |
- rebased patches |
515 |
||
516 |
------------------------------------------------------------------- |
|
886
2e9f984bca7f
changelogs and desktop file changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
885
diff
changeset
|
517 |
Sun Nov 15 19:52:20 UTC 2015 - wr@rosenauer.org |
2e9f984bca7f
changelogs and desktop file changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
885
diff
changeset
|
518 |
|
2e9f984bca7f
changelogs and desktop file changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
885
diff
changeset
|
519 |
- Add desktop menu action for private browsing window to desktop |
2e9f984bca7f
changelogs and desktop file changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
885
diff
changeset
|
520 |
file (boo#954747) |
2e9f984bca7f
changelogs and desktop file changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
885
diff
changeset
|
521 |
- remove obsolete patch mozilla-bmo1005535.patch completely from |
2e9f984bca7f
changelogs and desktop file changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
885
diff
changeset
|
522 |
source package to avoid automatic check failures |
2e9f984bca7f
changelogs and desktop file changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
885
diff
changeset
|
523 |
|
2e9f984bca7f
changelogs and desktop file changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
885
diff
changeset
|
524 |
------------------------------------------------------------------- |
885 | 525 |
Sat Oct 31 19:50:03 UTC 2015 - wr@rosenauer.org |
526 |
||
527 |
- update to Firefox 42.0 (bnc#952810) |
|
528 |
* Private Browsing with Tracking Protection blocks certain Web |
|
529 |
elements that could be used to record your behavior across sites |
|
530 |
* Control Center that contains site security and privacy controls |
|
531 |
* Login Manager improvements |
|
532 |
* WebRTC improvements |
|
533 |
* Indicator added to tabs that play audio with one-click muting |
|
534 |
* Media Source Extension for HTML5 video available for all sites |
|
886
2e9f984bca7f
changelogs and desktop file changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
885
diff
changeset
|
535 |
security fixes: |
2e9f984bca7f
changelogs and desktop file changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
885
diff
changeset
|
536 |
* MFSA 2015-116/CVE-2015-4513/CVE-2015-4514 |
2e9f984bca7f
changelogs and desktop file changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
885
diff
changeset
|
537 |
Miscellaneous memory safety hazards |
2e9f984bca7f
changelogs and desktop file changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
885
diff
changeset
|
538 |
* MFSA 2015-117/CVE-2015-4515 (bmo#1046421) |
2e9f984bca7f
changelogs and desktop file changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
885
diff
changeset
|
539 |
Information disclosure through NTLM authentication |
2e9f984bca7f
changelogs and desktop file changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
885
diff
changeset
|
540 |
* MFSA 2015-118/CVE-2015-4518 (bmo#1182778, bmo#1136692) |
2e9f984bca7f
changelogs and desktop file changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
885
diff
changeset
|
541 |
CSP bypass due to permissive Reader mode whitelist |
2e9f984bca7f
changelogs and desktop file changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
885
diff
changeset
|
542 |
* MFSA 2015-119/CVE-2015-7185 (bmo#1149000) (Android only) |
2e9f984bca7f
changelogs and desktop file changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
885
diff
changeset
|
543 |
Firefox for Android addressbar can be removed after fullscreen mode |
2e9f984bca7f
changelogs and desktop file changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
885
diff
changeset
|
544 |
* MFSA 2015-120/CVE-2015-7186 (bmo#1193027) (Android only) |
2e9f984bca7f
changelogs and desktop file changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
885
diff
changeset
|
545 |
Reading sensitive profile files through local HTML file on Android |
2e9f984bca7f
changelogs and desktop file changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
885
diff
changeset
|
546 |
* MFSA 2015-121/CVE-2015-7187 (bmo#1195735) |
2e9f984bca7f
changelogs and desktop file changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
885
diff
changeset
|
547 |
disabling scripts in Add-on SDK panels has no effect |
2e9f984bca7f
changelogs and desktop file changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
885
diff
changeset
|
548 |
* MFSA 2015-122/CVE-2015-7188 (bmo#1199430) |
2e9f984bca7f
changelogs and desktop file changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
885
diff
changeset
|
549 |
Trailing whitespace in IP address hostnames can bypass same-origin policy |
2e9f984bca7f
changelogs and desktop file changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
885
diff
changeset
|
550 |
* MFSA 2015-123/CVE-2015-7189 (bmo#1205900) |
2e9f984bca7f
changelogs and desktop file changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
885
diff
changeset
|
551 |
Buffer overflow during image interactions in canvas |
2e9f984bca7f
changelogs and desktop file changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
885
diff
changeset
|
552 |
* MFSA 2015-124/CVE-2015-7190 (bmo#1208520) (Android only) |
2e9f984bca7f
changelogs and desktop file changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
885
diff
changeset
|
553 |
Android intents can be used on Firefox for Android to open privileged files |
2e9f984bca7f
changelogs and desktop file changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
885
diff
changeset
|
554 |
* MFSA 2015-125/CVE-2015-7191 (bmo#1208956) (Android only) |
2e9f984bca7f
changelogs and desktop file changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
885
diff
changeset
|
555 |
XSS attack through intents on Firefox for Android |
2e9f984bca7f
changelogs and desktop file changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
885
diff
changeset
|
556 |
* MFSA 2015-126/CVE-2015-7192 (bmo#1210023) (OS X only) |
2e9f984bca7f
changelogs and desktop file changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
885
diff
changeset
|
557 |
Crash when accessing HTML tables with accessibility tools on OS X |
2e9f984bca7f
changelogs and desktop file changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
885
diff
changeset
|
558 |
* MFSA 2015-127/CVE-2015-7193 (bmo#1210302) |
2e9f984bca7f
changelogs and desktop file changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
885
diff
changeset
|
559 |
CORS preflight is bypassed when non-standard Content-Type headers |
2e9f984bca7f
changelogs and desktop file changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
885
diff
changeset
|
560 |
are received |
2e9f984bca7f
changelogs and desktop file changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
885
diff
changeset
|
561 |
* MFSA 2015-128/CVE-2015-7194 (bmo#1211262) |
2e9f984bca7f
changelogs and desktop file changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
885
diff
changeset
|
562 |
Memory corruption in libjar through zip files |
2e9f984bca7f
changelogs and desktop file changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
885
diff
changeset
|
563 |
* MFSA 2015-129/CVE-2015-7195 (bmo#1211871) |
2e9f984bca7f
changelogs and desktop file changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
885
diff
changeset
|
564 |
Certain escaped characters in host of Location-header are being |
2e9f984bca7f
changelogs and desktop file changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
885
diff
changeset
|
565 |
treated as non-escaped |
2e9f984bca7f
changelogs and desktop file changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
885
diff
changeset
|
566 |
* MFSA 2015-130/CVE-2015-7196 (bmo#1140616) |
2e9f984bca7f
changelogs and desktop file changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
885
diff
changeset
|
567 |
JavaScript garbage collection crash with Java applet |
2e9f984bca7f
changelogs and desktop file changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
885
diff
changeset
|
568 |
* MFSA 2015-131/CVE-2015-7198/CVE-2015-7199/CVE-2015-7200 |
2e9f984bca7f
changelogs and desktop file changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
885
diff
changeset
|
569 |
(bmo#1188010, bmo#1204061, bmo#1204155) |
2e9f984bca7f
changelogs and desktop file changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
885
diff
changeset
|
570 |
Vulnerabilities found through code inspection |
2e9f984bca7f
changelogs and desktop file changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
885
diff
changeset
|
571 |
* MFSA 2015-132/CVE-2015-7197 (bmo#1204269) |
2e9f984bca7f
changelogs and desktop file changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
885
diff
changeset
|
572 |
Mixed content WebSocket policy bypass through workers |
2e9f984bca7f
changelogs and desktop file changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
885
diff
changeset
|
573 |
* MFSA 2015-133/CVE-2015-7181/CVE-2015-7182/CVE-2015-7183 |
2e9f984bca7f
changelogs and desktop file changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
885
diff
changeset
|
574 |
(bmo#1202868, bmo#1205157) |
2e9f984bca7f
changelogs and desktop file changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
885
diff
changeset
|
575 |
NSS and NSPR memory corruption issues |
2e9f984bca7f
changelogs and desktop file changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
885
diff
changeset
|
576 |
(fixed in mozilla-nspr and mozilla-nss packages) |
2e9f984bca7f
changelogs and desktop file changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
885
diff
changeset
|
577 |
- requires NSPR >= 4.10.10 and NSS >= 3.19.4 |
885 | 578 |
- removed obsolete patches |
579 |
* mozilla-arm-disable-edsp.patch |
|
580 |
* mozilla-icu-strncat.patch |
|
581 |
* mozilla-skia-be-le.patch |
|
582 |
* toolkit-download-folder.patch |
|
583 |
- fixed build with enable-libproxy (bmo#1220399) |
|
584 |
* mozilla-libproxy.patch |
|
585 |
||
586 |
------------------------------------------------------------------- |
|
884 | 587 |
Thu Oct 15 08:25:54 UTC 2015 - wr@rosenauer.org |
588 |
||
589 |
- update to Firefox 41.0.2 (bnc#950686) |
|
590 |
* MFSA 2015-115/CVE-2015-7184 (bmo#1208339, bmo#1212669) |
|
591 |
Cross-origin restriction bypass using Fetch |
|
592 |
- added explicit appdata provides (bnc#949983) |
|
593 |
||
594 |
------------------------------------------------------------------- |
|
595 |
Sun Oct 4 09:20:56 UTC 2015 - wr@rosenauer.org |
|
596 |
||
597 |
- do not build with --enable-stdcxx-compat |
|
598 |
(this starts to fail build on various toolchain combinations |
|
599 |
and is not required for openSUSE builds in general |
|
600 |
||
601 |
------------------------------------------------------------------- |
|
602 |
Thu Oct 1 09:49:57 UTC 2015 - wr@rosenauer.org |
|
603 |
||
604 |
- update to Firefox 41.0.1 |
|
605 |
* Fix a startup crash related to Yandex toolbar and Adblock Plus |
|
606 |
(bmo#1209124) |
|
607 |
* Fix potential hangs with Flash plugins (bmo#1185639) |
|
608 |
* Fix a regression in the bookmark creation (bmo#1206376) |
|
609 |
* Fix a startup crash with some Intel Media Accelerator 3150 |
|
610 |
graphic cards (bmo#1207665) |
|
611 |
* Fix a graphic crash, occurring occasionally on Facebook (bmo#1178601) |
|
612 |
||
613 |
------------------------------------------------------------------- |
|
883
7aa7715fdc8f
41.0 release and changelogs
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
882
diff
changeset
|
614 |
Sat Sep 19 20:23:29 UTC 2015 - wr@rosenauer.org |
7aa7715fdc8f
41.0 release and changelogs
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
882
diff
changeset
|
615 |
|
7aa7715fdc8f
41.0 release and changelogs
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
882
diff
changeset
|
616 |
- update to Firefox 41.0 (bnc#947003) |
7aa7715fdc8f
41.0 release and changelogs
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
882
diff
changeset
|
617 |
* MFSA 2015-96/CVE-2015-4500/CVE-2015-4501 |
7aa7715fdc8f
41.0 release and changelogs
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
882
diff
changeset
|
618 |
Miscellaneous memory safety hazards |
7aa7715fdc8f
41.0 release and changelogs
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
882
diff
changeset
|
619 |
* MFSA 2015-97/CVE-2015-4503 (bmo#994337) |
7aa7715fdc8f
41.0 release and changelogs
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
882
diff
changeset
|
620 |
Memory leak in mozTCPSocket to servers |
7aa7715fdc8f
41.0 release and changelogs
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
882
diff
changeset
|
621 |
* MFSA 2015-98/CVE-2015-4504 (bmo#1132467) |
7aa7715fdc8f
41.0 release and changelogs
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
882
diff
changeset
|
622 |
Out of bounds read in QCMS library with ICC V4 profile attributes |
7aa7715fdc8f
41.0 release and changelogs
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
882
diff
changeset
|
623 |
* MFSA 2015-99/CVE-2015-4476 (bmo#1162372) (Android only) |
7aa7715fdc8f
41.0 release and changelogs
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
882
diff
changeset
|
624 |
Site attribute spoofing on Android by pasting URL with unknown scheme |
7aa7715fdc8f
41.0 release and changelogs
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
882
diff
changeset
|
625 |
* MFSA 2015-100/CVE-2015-4505 (bmo#1177861) (Windows only) |
7aa7715fdc8f
41.0 release and changelogs
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
882
diff
changeset
|
626 |
Arbitrary file manipulation by local user through Mozilla updater |
7aa7715fdc8f
41.0 release and changelogs
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
882
diff
changeset
|
627 |
* MFSA 2015-101/CVE-2015-4506 (bmo#1192226) |
7aa7715fdc8f
41.0 release and changelogs
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
882
diff
changeset
|
628 |
Buffer overflow in libvpx while parsing vp9 format video |
7aa7715fdc8f
41.0 release and changelogs
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
882
diff
changeset
|
629 |
* MFSA 2015-102/CVE-2015-4507 (bmo#1192401) |
7aa7715fdc8f
41.0 release and changelogs
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
882
diff
changeset
|
630 |
Crash when using debugger with SavedStacks in JavaScript |
7aa7715fdc8f
41.0 release and changelogs
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
882
diff
changeset
|
631 |
* MFSA 2015-103/CVE-2015-4508 (bmo#1195976) |
7aa7715fdc8f
41.0 release and changelogs
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
882
diff
changeset
|
632 |
URL spoofing in reader mode |
7aa7715fdc8f
41.0 release and changelogs
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
882
diff
changeset
|
633 |
* MFSA 2015-104/CVE-2015-4510 (bmo#1200004) |
7aa7715fdc8f
41.0 release and changelogs
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
882
diff
changeset
|
634 |
Use-after-free with shared workers and IndexedDB |
7aa7715fdc8f
41.0 release and changelogs
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
882
diff
changeset
|
635 |
* MFSA 2015-105/CVE-2015-4511 (bmo#1200148) |
7aa7715fdc8f
41.0 release and changelogs
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
882
diff
changeset
|
636 |
Buffer overflow while decoding WebM video |
7aa7715fdc8f
41.0 release and changelogs
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
882
diff
changeset
|
637 |
* MFSA 2015-106/CVE-2015-4509 (bmo#1198435) |
7aa7715fdc8f
41.0 release and changelogs
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
882
diff
changeset
|
638 |
Use-after-free while manipulating HTML media content |
7aa7715fdc8f
41.0 release and changelogs
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
882
diff
changeset
|
639 |
* MFSA 2015-107/CVE-2015-4512 (bmo#1170390) |
7aa7715fdc8f
41.0 release and changelogs
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
882
diff
changeset
|
640 |
Out-of-bounds read during 2D canvas display on Linux 16-bit |
7aa7715fdc8f
41.0 release and changelogs
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
882
diff
changeset
|
641 |
color depth systems |
7aa7715fdc8f
41.0 release and changelogs
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
882
diff
changeset
|
642 |
* MFSA 2015-108/CVE-2015-4502 (bmo#1105045) |
7aa7715fdc8f
41.0 release and changelogs
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
882
diff
changeset
|
643 |
Scripted proxies can access inner window |
7aa7715fdc8f
41.0 release and changelogs
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
882
diff
changeset
|
644 |
* MFSA 2015-109/CVE-2015-4516 (bmo#904886) |
7aa7715fdc8f
41.0 release and changelogs
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
882
diff
changeset
|
645 |
JavaScript immutable property enforcement can be bypassed |
7aa7715fdc8f
41.0 release and changelogs
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
882
diff
changeset
|
646 |
* MFSA 2015-110/CVE-2015-4519 (bmo#1189814) |
7aa7715fdc8f
41.0 release and changelogs
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
882
diff
changeset
|
647 |
Dragging and dropping images exposes final URL after redirects |
7aa7715fdc8f
41.0 release and changelogs
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
882
diff
changeset
|
648 |
* MFSA 2015-111/CVE-2015-4520 (bmo#1200856, bmo#1200869) |
7aa7715fdc8f
41.0 release and changelogs
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
882
diff
changeset
|
649 |
Errors in the handling of CORS preflight request headers |
7aa7715fdc8f
41.0 release and changelogs
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
882
diff
changeset
|
650 |
* MFSA 2015-112/CVE-2015-4517/CVE-2015-4521/CVE-2015-4522/ |
7aa7715fdc8f
41.0 release and changelogs
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
882
diff
changeset
|
651 |
CVE-2015-7174/CVE-2015-7175/CVE-2015-7176/CVE-2015-7177/ |
7aa7715fdc8f
41.0 release and changelogs
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
882
diff
changeset
|
652 |
CVE-2015-7180 |
7aa7715fdc8f
41.0 release and changelogs
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
882
diff
changeset
|
653 |
Vulnerabilities found through code inspection |
7aa7715fdc8f
41.0 release and changelogs
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
882
diff
changeset
|
654 |
* MFSA 2015-113/CVE-2015-7178/CVE-2015-7179 (bmo#1189860, |
7aa7715fdc8f
41.0 release and changelogs
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
882
diff
changeset
|
655 |
bmo#1190526) (Windows only) |
7aa7715fdc8f
41.0 release and changelogs
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
882
diff
changeset
|
656 |
Memory safety errors in libGLES in the ANGLE graphics library |
7aa7715fdc8f
41.0 release and changelogs
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
882
diff
changeset
|
657 |
* MFSA 2015-114 (bmo#1167498, bmo#1153672) (Windows only) |
7aa7715fdc8f
41.0 release and changelogs
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
882
diff
changeset
|
658 |
Information disclosure via the High Resolution Time API |
882 | 659 |
- rebased patches |
660 |
- removed obsolete patches |
|
661 |
* mozilla-arm64-libjpeg-turbo.patch |
|
662 |
||
883
7aa7715fdc8f
41.0 release and changelogs
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
882
diff
changeset
|
663 |
------------------------------------------------------------------ |
7aa7715fdc8f
41.0 release and changelogs
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
882
diff
changeset
|
664 |
Thu Aug 27 06:03:51 UTC 2015 - wr@rosenauer.org |
7aa7715fdc8f
41.0 release and changelogs
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
882
diff
changeset
|
665 |
|
7aa7715fdc8f
41.0 release and changelogs
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
882
diff
changeset
|
666 |
- update to Firefox 40.0.3 (bnc#943550) |
7aa7715fdc8f
41.0 release and changelogs
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
882
diff
changeset
|
667 |
* Disable the asynchronous plugin initialization (bmo#1198590) |
7aa7715fdc8f
41.0 release and changelogs
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
882
diff
changeset
|
668 |
* Fix a segmentation fault in the GStreamer support (bmo#1145230) |
7aa7715fdc8f
41.0 release and changelogs
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
882
diff
changeset
|
669 |
* Fix a regression with some Japanese fonts used in the <input> |
7aa7715fdc8f
41.0 release and changelogs
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
882
diff
changeset
|
670 |
field (bmo#1194055) |
7aa7715fdc8f
41.0 release and changelogs
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
882
diff
changeset
|
671 |
* On some sites, the selection in a select combox box using the |
7aa7715fdc8f
41.0 release and changelogs
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
882
diff
changeset
|
672 |
mouse could be broken (bmo#1194733) |
7aa7715fdc8f
41.0 release and changelogs
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
882
diff
changeset
|
673 |
security fixes |
7aa7715fdc8f
41.0 release and changelogs
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
882
diff
changeset
|
674 |
* MFSA 2015-94/CVE-2015-4497 (bmo#1164766, bmo#1175278) |
7aa7715fdc8f
41.0 release and changelogs
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
882
diff
changeset
|
675 |
Use-after-free when resizing canvas element during restyling |
7aa7715fdc8f
41.0 release and changelogs
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
882
diff
changeset
|
676 |
* MFSA 2015-95/CVE-2015-4498 (bmo#1042699) |
7aa7715fdc8f
41.0 release and changelogs
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
882
diff
changeset
|
677 |
Add-on notification bypass through data URLs |
7aa7715fdc8f
41.0 release and changelogs
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
882
diff
changeset
|
678 |
|
882 | 679 |
------------------------------------------------------------------- |
875 | 680 |
Fri Aug 7 07:49:49 UTC 2015 - wr@rosenauer.org |
681 |
||
682 |
- update to Firefox 40.0 (bnc#940806) |
|
683 |
* Added protection against unwanted software downloads |
|
684 |
* Suggested Tiles show sites of interest, based on categories |
|
685 |
from your recent browsing history |
|
686 |
* Hello allows adding a link to conversations to provide context |
|
687 |
on what the conversation will be about |
|
688 |
* New style for add-on manager based on the in-content |
|
689 |
preferences style |
|
690 |
* Improved scrolling, graphics, and video playback performance |
|
691 |
with off main thread compositing (GNU/Linux only) |
|
692 |
* Graphic blocklist mechanism improved: Firefox version ranges |
|
693 |
can be specified, limiting the number of devices blocked |
|
694 |
security fixes: |
|
695 |
* MFSA 2015-79/CVE-2015-4473/CVE-2015-4474 |
|
696 |
Miscellaneous memory safety hazards |
|
697 |
* MFSA 2015-80/CVE-2015-4475 (bmo#1175396) |
|
698 |
Out-of-bounds read with malformed MP3 file |
|
699 |
* MFSA 2015-81/CVE-2015-4477 (bmo#1179484) |
|
700 |
Use-after-free in MediaStream playback |
|
701 |
* MFSA 2015-82/CVE-2015-4478 (bmo#1105914) |
|
702 |
Redefinition of non-configurable JavaScript object properties |
|
703 |
* MFSA 2015-83/CVE-2015-4479/CVE-2015-4480/CVE-2015-4493 |
|
704 |
Overflow issues in libstagefright |
|
705 |
* MFSA 2015-84/CVE-2015-4481 (bmo1171518) |
|
706 |
Arbitrary file overwriting through Mozilla Maintenance Service |
|
707 |
with hard links (only affected Windows) |
|
708 |
* MFSA 2015-85/CVE-2015-4482 (bmo#1184500) |
|
709 |
Out-of-bounds write with Updater and malicious MAR file |
|
710 |
(does not affect openSUSE RPM packages which do not ship the |
|
711 |
updater) |
|
712 |
* MFSA 2015-86/CVE-2015-4483 (bmo#1148732) |
|
713 |
Feed protocol with POST bypasses mixed content protections |
|
714 |
* MFSA 2015-87/CVE-2015-4484 (bmo#1171540) |
|
715 |
Crash when using shared memory in JavaScript |
|
716 |
* MFSA 2015-88/CVE-2015-4491 (bmo#1184009) |
|
717 |
Heap overflow in gdk-pixbuf when scaling bitmap images |
|
718 |
* MFSA 2015-89/CVE-2015-4485/CVE-2015-4486 (bmo#1177948, bmo#1178148) |
|
719 |
Buffer overflows on Libvpx when decoding WebM video |
|
720 |
* MFSA 2015-90/CVE-2015-4487/CVE-2015-4488/CVE-2015-4489 |
|
721 |
Vulnerabilities found through code inspection |
|
722 |
* MFSA 2015-91/CVE-2015-4490 (bmo#1086999) |
|
723 |
Mozilla Content Security Policy allows for asterisk wildcards |
|
724 |
in violation of CSP specification |
|
725 |
* MFSA 2015-92/CVE-2015-4492 (bmo#1185820) |
|
726 |
Use-after-free in XMLHttpRequest with shared workers |
|
869 | 727 |
- added mozilla-no-stdcxx-check.patch |
728 |
- removed obsolete patches |
|
868 | 729 |
* mozilla-add-glibcxx_use_cxx11_abi.patch |
869 | 730 |
* firefox-multilocale-chrome.patch |
868 | 731 |
- rebased patches |
869 | 732 |
- requires version 40 of the branding package |
871 | 733 |
- removed browser/searchplugins/ location as it's not valid anymore |
867
3af93b7e5e3d
merge from firefox39 and switch to 40beta branch
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
866
diff
changeset
|
734 |
|
3af93b7e5e3d
merge from firefox39 and switch to 40beta branch
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
866
diff
changeset
|
735 |
------------------------------------------------------------------- |
870 | 736 |
Fri Aug 7 07:09:39 UTC 2015 - wr@rosenauer.org |
737 |
||
738 |
- security update to Firefox 39.0.3 (bnc#940918) |
|
739 |
* MFSA 2015-78/CVE-2015-4495 (bmo#1179262, bmo#1178058) |
|
740 |
Same origin violation and local file stealing via PDF reader |
|
741 |
||
742 |
------------------------------------------------------------------- |
|
866
28eb9d3ab7e8
39.0 final with changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
863
diff
changeset
|
743 |
Wed Jul 1 06:43:02 UTC 2015 - wr@rosenauer.org |
28eb9d3ab7e8
39.0 final with changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
863
diff
changeset
|
744 |
|
28eb9d3ab7e8
39.0 final with changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
863
diff
changeset
|
745 |
- update to Firefox 39.0 (bnc#935979) |
863 | 746 |
* Share Hello URLs with social networks |
747 |
* Support for 'switch' role in ARIA 1.1 (web accessibility) |
|
748 |
* SafeBrowsing malware detection lookups enabled for downloads |
|
749 |
(Mac OS X and Linux) |
|
750 |
* Support for new Unicode 8.0 skin tone emoji |
|
751 |
* Removed support for insecure SSLv3 for network communications |
|
752 |
* Disable use of RC4 except for temporarily whitelisted hosts |
|
753 |
* NPAPI Plug-in performance improved via asynchronous initialization |
|
866
28eb9d3ab7e8
39.0 final with changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
863
diff
changeset
|
754 |
security fixes: |
28eb9d3ab7e8
39.0 final with changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
863
diff
changeset
|
755 |
* MFSA 2015-59/CVE-2015-2724/CVE-2015-2725/CVE-2015-2726 |
28eb9d3ab7e8
39.0 final with changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
863
diff
changeset
|
756 |
Miscellaneous memory safety hazards |
28eb9d3ab7e8
39.0 final with changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
863
diff
changeset
|
757 |
* MFSA 2015-60/CVE-2015-2727 (bmo#1163422) |
28eb9d3ab7e8
39.0 final with changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
863
diff
changeset
|
758 |
Local files or privileged URLs in pages can be opened into new tabs |
28eb9d3ab7e8
39.0 final with changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
863
diff
changeset
|
759 |
* MFSA 2015-61/CVE-2015-2728 (bmo#1142210) |
28eb9d3ab7e8
39.0 final with changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
863
diff
changeset
|
760 |
Type confusion in Indexed Database Manager |
28eb9d3ab7e8
39.0 final with changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
863
diff
changeset
|
761 |
* MFSA 2015-62/CVE-2015-2729 (bmo#1122218) |
28eb9d3ab7e8
39.0 final with changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
863
diff
changeset
|
762 |
Out-of-bound read while computing an oscillator rendering range in Web Audio |
28eb9d3ab7e8
39.0 final with changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
863
diff
changeset
|
763 |
* MFSA 2015-63/CVE-2015-2731 (bmo#1149891) |
28eb9d3ab7e8
39.0 final with changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
863
diff
changeset
|
764 |
Use-after-free in Content Policy due to microtask execution error |
28eb9d3ab7e8
39.0 final with changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
863
diff
changeset
|
765 |
* MFSA 2015-64/CVE-2015-2730 (bmo#1125025) |
28eb9d3ab7e8
39.0 final with changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
863
diff
changeset
|
766 |
ECDSA signature validation fails to handle some signatures correctly |
28eb9d3ab7e8
39.0 final with changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
863
diff
changeset
|
767 |
(this fix is shipped by NSS 3.19.1 externally) |
28eb9d3ab7e8
39.0 final with changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
863
diff
changeset
|
768 |
* MFSA 2015-65/CVE-2015-2722/CVE-2015-2733 (bmo#1166924, bmo#1169867) |
28eb9d3ab7e8
39.0 final with changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
863
diff
changeset
|
769 |
Use-after-free in workers while using XMLHttpRequest |
28eb9d3ab7e8
39.0 final with changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
863
diff
changeset
|
770 |
* MFSA 2015-66/CVE-2015-2734/CVE-2015-2735/CVE-2015-2736/CVE-2015-2737 |
28eb9d3ab7e8
39.0 final with changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
863
diff
changeset
|
771 |
CVE-2015-2738/CVE-2015-2739/CVE-2015-2740 |
28eb9d3ab7e8
39.0 final with changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
863
diff
changeset
|
772 |
Vulnerabilities found through code inspection |
28eb9d3ab7e8
39.0 final with changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
863
diff
changeset
|
773 |
* MFSA 2015-67/CVE-2015-2741 (bmo#1147497) |
28eb9d3ab7e8
39.0 final with changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
863
diff
changeset
|
774 |
Key pinning is ignored when overridable errors are encountered |
28eb9d3ab7e8
39.0 final with changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
863
diff
changeset
|
775 |
* MFSA 2015-68/CVE-2015-2742 (bmo#1138669) |
28eb9d3ab7e8
39.0 final with changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
863
diff
changeset
|
776 |
OS X crash reports may contain entered key press information |
28eb9d3ab7e8
39.0 final with changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
863
diff
changeset
|
777 |
(not relevant under Linux) |
28eb9d3ab7e8
39.0 final with changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
863
diff
changeset
|
778 |
* MFSA 2015-69/CVE-2015-2743 (bmo#1163109) |
28eb9d3ab7e8
39.0 final with changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
863
diff
changeset
|
779 |
Privilege escalation in PDF.js |
28eb9d3ab7e8
39.0 final with changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
863
diff
changeset
|
780 |
* MFSA 2015-70/CVE-2015-4000 (bmo#1138554) |
28eb9d3ab7e8
39.0 final with changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
863
diff
changeset
|
781 |
NSS accepts export-length DHE keys with regular DHE cipher suites |
28eb9d3ab7e8
39.0 final with changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
863
diff
changeset
|
782 |
(this fix is shipped by NSS 3.19.1 externally) |
28eb9d3ab7e8
39.0 final with changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
863
diff
changeset
|
783 |
* MFSA 2015-71/CVE-2015-2721 (bmo#1086145) |
28eb9d3ab7e8
39.0 final with changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
863
diff
changeset
|
784 |
NSS incorrectly permits skipping of ServerKeyExchange |
28eb9d3ab7e8
39.0 final with changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
863
diff
changeset
|
785 |
(this fix is shipped by NSS 3.19.1 externally) |
857 | 786 |
- dropped mozilla-prefer_plugin_pref.patch as this feature is |
787 |
likely not worth maintaining further |
|
788 |
- rebased patches |
|
863 | 789 |
- require NSS 3.19.2 |
857 | 790 |
|
791 |
------------------------------------------------------------------- |
|
862
390088186660
mozilla-arm64-libjpeg-turbo.patch: fix libjpeg-turbo configuration
Andreas Schwab <schwab@suse.de>
parents:
861
diff
changeset
|
792 |
Thu Jun 18 10:30:18 UTC 2015 - schwab@suse.de |
390088186660
mozilla-arm64-libjpeg-turbo.patch: fix libjpeg-turbo configuration
Andreas Schwab <schwab@suse.de>
parents:
861
diff
changeset
|
793 |
|
390088186660
mozilla-arm64-libjpeg-turbo.patch: fix libjpeg-turbo configuration
Andreas Schwab <schwab@suse.de>
parents:
861
diff
changeset
|
794 |
- mozilla-arm64-libjpeg-turbo.patch: fix libjpeg-turbo configuration |
390088186660
mozilla-arm64-libjpeg-turbo.patch: fix libjpeg-turbo configuration
Andreas Schwab <schwab@suse.de>
parents:
861
diff
changeset
|
795 |
|
390088186660
mozilla-arm64-libjpeg-turbo.patch: fix libjpeg-turbo configuration
Andreas Schwab <schwab@suse.de>
parents:
861
diff
changeset
|
796 |
------------------------------------------------------------------- |
854 | 797 |
Sun Jun 7 07:09:12 UTC 2015 - wr@rosenauer.org |
798 |
||
799 |
- update to Firefox 38.0.6 |
|
855 | 800 |
* fixes bmo#1171730 which is not really relevant to oS builds |
801 |
- fix KDE regression from 38.0.5 builds (bsc#933439) |
|
854 | 802 |
|
803 |
------------------------------------------------------------------- |
|
853 | 804 |
Sat May 23 21:13:49 UTC 2015 - wr@rosenauer.org |
805 |
||
806 |
- update to Firefox 38.0.5 |
|
807 |
* Keep track of articles and videos with Pocket |
|
808 |
* Clean formatting for articles and blog posts with Reader View |
|
809 |
* Share the active tab or window in a Hello conversation |
|
810 |
- add changes file as source for SRPM (bsc#932142) |
|
811 |
||
812 |
------------------------------------------------------------------- |
|
852 | 813 |
Fri May 15 10:40:19 UTC 2015 - normand@linux.vnet.ibm.com |
814 |
||
815 |
- add mozilla-add-glibcxx_use_cxx11_abi.patch grabbed from |
|
816 |
https://bugzilla.mozilla.org/show_bug.cgi?id=1153109 |
|
817 |
||
818 |
------------------------------------------------------------------- |
|
819 |
Fri May 15 07:37:46 UTC 2015 - wr@rosenauer.org |
|
820 |
||
821 |
- update to Firefox 38.0.1 |
|
822 |
stability and regression fixes |
|
823 |
* Systems with first generation NVidia Optimus graphics cards |
|
824 |
may crash on start-up |
|
825 |
* Users who import cookies from Google Chrome can end up with |
|
826 |
broken websites |
|
827 |
* Large animated images may fail to play and may stop other |
|
828 |
images from loading |
|
829 |
||
830 |
------------------------------------------------------------------- |
|
851 | 831 |
Sun May 10 07:07:49 UTC 2015 - wr@rosenauer.org |
832 |
||
852 | 833 |
- update to Firefox 38.0 (bnc#930622) |
834 |
* New tab-based preferences |
|
835 |
* Ruby annotation support |
|
836 |
* more info: https://www.mozilla.org/en-US/firefox/38.0/releasenotes/ |
|
837 |
security fixes: |
|
838 |
* MFSA 2015-46/CVE-2015-2708/CVE-2015-2709 |
|
839 |
Miscellaneous memory safety hazards |
|
840 |
* MFSA 2015-47/VE-2015-0797 (bmo#1080995) |
|
841 |
Buffer overflow parsing H.264 video with Linux Gstreamer |
|
842 |
* MFSA 2015-48/CVE-2015-2710 (bmo#1149542) |
|
843 |
Buffer overflow with SVG content and CSS |
|
844 |
* MFSA 2015-49/CVE-2015-2711 (bmo#1113431) |
|
845 |
Referrer policy ignored when links opened by middle-click and |
|
846 |
context menu |
|
847 |
* MFSA 2015-50/CVE-2015-2712 (bmo#1152280) |
|
848 |
Out-of-bounds read and write in asm.js validation |
|
849 |
* MFSA 2015-51/CVE-2015-2713 (bmo#1153478) |
|
850 |
Use-after-free during text processing with vertical text enabled |
|
851 |
* MFSA 2015-53/CVE-2015-2715 (bmo#988698) |
|
852 |
Use-after-free due to Media Decoder Thread creation during shutdown |
|
853 |
* MFSA 2015-54/CVE-2015-2716 (bmo#1140537) |
|
854 |
Buffer overflow when parsing compressed XML |
|
855 |
* MFSA 2015-55/CVE-2015-2717 (bmo#1154683) |
|
856 |
Buffer overflow and out-of-bounds read while parsing MP4 video |
|
857 |
metadata |
|
858 |
* MFSA 2015-56/CVE-2015-2718 (bmo#1146724) |
|
859 |
Untrusted site hosting trusted page can intercept webchannel |
|
860 |
responses |
|
861 |
* MFSA 2015-57/CVE-2011-3079 (bmo#1087565) |
|
862 |
Privilege escalation through IPC channel messages |
|
850 | 863 |
- requires NSS 3.18.1 |
851 | 864 |
- removed obsolete patches: |
865 |
* mozilla-skia-bmo1136958.patch |
|
866 |
- remove gnomevfs build options as it is removed from sources |
|
867 |
- rebased patches |
|
850 | 868 |
|
869 |
------------------------------------------------------------------- |
|
870 |
Fri Apr 17 16:39:20 UTC 2015 - wr@rosenauer.org |
|
871 |
||
872 |
- update to Firefox 37.0.2 (bnc#928116) |
|
873 |
* MFSA 2015-45/CVE-2015-2706 (bmo#1141081) |
|
874 |
Memory corruption during failed plugin initialization |
|
845 | 875 |
|
876 |
------------------------------------------------------------------- |
|
844 | 877 |
Fri Apr 3 08:27:24 UTC 2015 - wr@rosenauer.org |
878 |
||
879 |
- update to Firefox 37.0.1 (bnc#926166) |
|
880 |
* MFSA 2015-43/CVE-2015-0798 (bmo#1147597) (Android only) |
|
881 |
Loading privileged content through Reader mode |
|
882 |
* MFSA 2015-44/CVE-2015-0799 (bmo#1148328) |
|
883 |
Certificate verification bypass through the HTTP/2 Alt-Svc header |
|
884 |
||
885 |
------------------------------------------------------------------- |
|
886 |
Sat Mar 28 09:46:48 UTC 2015 - wr@rosenauer.org |
|
887 |
||
888 |
- update to Firefox 37.0 (bnc#925368) |
|
889 |
* Heartbeat user rating system |
|
890 |
* Yandex set as default search provider for the Turkish locale |
|
891 |
* Bing search now uses HTTPS for secure searching |
|
892 |
* Improved protection against site impersonation via OneCRL |
|
893 |
centralized certificate revocation |
|
894 |
* Opportunistically encrypt HTTP traffic where the server supports |
|
895 |
HTTP/2 AltSvc |
|
896 |
* some more behaviour changes for TLS |
|
897 |
security fixes: |
|
898 |
* MFSA 2015-30/CVE-2015-0814/CVE-2015-0815 |
|
899 |
Miscellaneous memory safety hazards |
|
900 |
* MFSA 2015-31/CVE-2015-0813 (bmo#1106596)) |
|
901 |
Use-after-free when using the Fluendo MP3 GStreamer plugin |
|
902 |
* MFSA 2015-32/CVE-2015-0812 (bmo#1128126) |
|
903 |
Add-on lightweight theme installation approval bypassed through |
|
904 |
MITM attack |
|
905 |
* MFSA 2015-33/CVE-2015-0816 (bmo#1144991) |
|
906 |
resource:// documents can load privileged pages |
|
907 |
* MFSA-2015-34/CVE-2015-0811 (bmo#1132468) |
|
908 |
Out of bounds read in QCMS library |
|
909 |
* MFSA-2015-35/CVE-2015-0810 (bmo#1125013) |
|
910 |
Cursor clickjacking with flash and images (OS X only) |
|
911 |
* MFSA-2015-36/CVE-2015-0808 (bmo#1109552) |
|
912 |
Incorrect memory management for simple-type arrays in WebRTC |
|
913 |
* MFSA-2015-37/CVE-2015-0807 (bmo#1111834) |
|
914 |
CORS requests should not follow 30x redirections after preflight |
|
915 |
* MFSA-2015-38/CVE-2015-0805/CVE-2015-0806 (bmo#1135511, bmo#1099437) |
|
916 |
Memory corruption crashes in Off Main Thread Compositing |
|
917 |
* MFSA-2015-39/CVE-2015-0803/CVE-2015-0804 (bmo#1134560) |
|
918 |
Use-after-free due to type confusion flaws |
|
919 |
* MFSA-2015-40/CVE-2015-0801 (bmo#1146339) |
|
920 |
Same-origin bypass through anchor navigation |
|
921 |
* MFSA-2015-41/CVE-2015-0800/CVE-2012-2808 |
|
922 |
PRNG weakness allows for DNS poisoning on Android (only) |
|
923 |
* MFSA-2015-42/CVE-2015-0802 (bmo#1124898) |
|
924 |
Windows can retain access to privileged content on navigation |
|
925 |
to unprivileged pages |
|
926 |
- removed obsolete patches |
|
837 | 927 |
* mozilla-bmo1088588.patch |
844 | 928 |
* mozilla-bmo1108834.patch |
836
12530a091878
prepare 37 beta cycle
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
831
diff
changeset
|
929 |
- requires NSPR 4.10.8 |
12530a091878
prepare 37 beta cycle
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
831
diff
changeset
|
930 |
|
12530a091878
prepare 37 beta cycle
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
831
diff
changeset
|
931 |
------------------------------------------------------------------- |
844 | 932 |
Tue Mar 24 15:35:24 UTC 2015 - dvaleev@suse.com |
933 |
||
934 |
- Fix builds with skia on Power |
|
935 |
mozilla-skia-be-le.patch (patch from #bmo1136958) |
|
936 |
mozilla-bmo1108834.patch |
|
937 |
mozilla-bmo1005535.patch |
|
938 |
||
939 |
------------------------------------------------------------------- |
|
839 | 940 |
Sat Mar 21 09:03:12 UTC 2015 - wr@rosenauer.org |
941 |
||
840 | 942 |
- update to Firefox 36.0.4 (bnc#923534) |
839 | 943 |
* MFSA 2015-28/CVE-2015-0818 (bmo#1144988) |
944 |
Privilege escalation through SVG navigation |
|
945 |
* MFSA 2015-29/CVE-2015-0817 (bmo#1145255) |
|
946 |
Code execution through incorrect JavaScript bounds checking |
|
947 |
elimination |
|
948 |
||
949 |
------------------------------------------------------------------- |
|
950 |
Fri Mar 20 15:02:33 UTC 2015 - dimstar@opensuse.org |
|
951 |
||
952 |
- Copy the icons to /usr/share/icons instead of symlinking them: |
|
953 |
in preparation for containerized apps (e.g. xdg-app) as well as |
|
954 |
AppStream metadata extraction, there are a couple locations that |
|
955 |
need to be real files for system integration (.desktop files, |
|
956 |
icons, mime-type info). |
|
957 |
||
958 |
------------------------------------------------------------------- |
|
838 | 959 |
Sat Mar 7 07:40:56 UTC 2015 - wr@rosenauer.org |
960 |
||
961 |
- update to Firefox 36.0.1 |
|
962 |
Bugfixes: |
|
963 |
* Disable the usage of the ANY DNS query type (bmo#1093983) |
|
964 |
* Hello may become inactive until restart (bmo#1137469) |
|
965 |
* Print preferences may not be preserved (bmo#1136855) |
|
966 |
* Hello contact tabs may not be visible (bmo#1137141) |
|
967 |
* Accept hostnames that include an underscore character ("_") |
|
968 |
(bmo#1136616) |
|
969 |
* WebGL may use significant memory with Canvas2d (bmo#1137251) |
|
970 |
* Option -remote has been restored (bmo#1080319) |
|
840 | 971 |
- added mozilla-skia-bmo1136958.patch to fix build issues for |
972 |
ARM and PPC |
|
838 | 973 |
|
974 |
------------------------------------------------------------------- |
|
832 | 975 |
Fri Feb 20 22:53:39 UTC 2015 - wr@rosenauer.org |
976 |
||
977 |
- update to Firefox 36.0 (bnc#917597) |
|
828 | 978 |
* mozilla-xremote-client was removed |
979 |
* added libclearkey.so media plugin |
|
832 | 980 |
* Pinned tiles on the new tab page can be synced |
981 |
* Support for the full HTTP/2 protocol. HTTP/2 enables a faster, |
|
982 |
more scalable, and more responsive web. |
|
983 |
* Locale added: Uzbek (uz) |
|
835 | 984 |
security fixes: |
985 |
* MFSA 2015-11/CVE-2015-0835/CVE-2015-0836 |
|
986 |
Miscellaneous memory safety hazards |
|
987 |
* MFSA 2015-12/CVE-2015-0833 (bmo#945192) |
|
988 |
Invoking Mozilla updater will load locally stored DLL files |
|
989 |
(Windows only) |
|
990 |
* MFSA 2015-13/CVE-2015-0832 (bmo#1065909) |
|
991 |
Appended period to hostnames can bypass HPKP and HSTS protections |
|
992 |
* MFSA 2015-14/CVE-2015-0830 (bmo#1110488) |
|
993 |
Malicious WebGL content crash when writing strings |
|
994 |
* MFSA 2015-15/CVE-2015-0834 (bmo#1098314) |
|
995 |
TLS TURN and STUN connections silently fail to simple TCP connections |
|
996 |
* MFSA 2015-16/CVE-2015-0831 (bmo#1130514) |
|
997 |
Use-after-free in IndexedDB |
|
998 |
* MFSA 2015-17/CVE-2015-0829 (bmo#1128939) |
|
999 |
Buffer overflow in libstagefright during MP4 video playback |
|
1000 |
* MFSA 2015-18/CVE-2015-0828 (bmo#1030667, bmo#988675) |
|
1001 |
Double-free when using non-default memory allocators with a |
|
1002 |
zero-length XHR |
|
1003 |
* MFSA 2015-19/CVE-2015-0827 (bmo#1117304) |
|
1004 |
Out-of-bounds read and write while rendering SVG content |
|
1005 |
* MFSA 2015-20/CVE-2015-0826 (bmo#1092363) |
|
1006 |
Buffer overflow during CSS restyling |
|
1007 |
* MFSA 2015-21/CVE-2015-0825 (bmo#1092370) |
|
1008 |
Buffer underflow during MP3 playback |
|
1009 |
* MFSA 2015-22/CVE-2015-0824 (bmo#1095925) |
|
1010 |
Crash using DrawTarget in Cairo graphics library |
|
1011 |
* MFSA 2015-23/CVE-2015-0823 (bmo#1098497) |
|
1012 |
Use-after-free in Developer Console date with OpenType Sanitiser |
|
1013 |
* MFSA 2015-24/CVE-2015-0822 (bmo#1110557) |
|
1014 |
Reading of local files through manipulation of form autocomplete |
|
1015 |
* MFSA 2015-25/CVE-2015-0821 (bmo#1111960) |
|
1016 |
Local files or privileged URLs in pages can be opened into new tabs |
|
1017 |
* MFSA 2015-26/CVE-2015-0819 (bmo#1079554) |
|
1018 |
UI Tour whitelisted sites in background tab can spoof foreground |
|
1019 |
tabs |
|
1020 |
* MFSA 2015-27CVE-2015-0820 (bmo#1125398) |
|
1021 |
Caja Compiler JavaScript sandbox bypass |
|
832 | 1022 |
- rebased patches |
830 | 1023 |
- requires NSS 3.17.4 |
1024 |
||
1025 |
------------------------------------------------------------------- |
|
1026 |
Sat Jan 31 18:37:38 UTC 2015 - wr@rosenauer.org |
|
1027 |
||
1028 |
- update to Firefox 35.0.1 |
|
1029 |
* With the Enhanced Steam extension, Firefox could crash (bmo#1123732) |
|
1030 |
* Kerberos authentication did not work with alias (bmo#1108971) |
|
1031 |
* SVG / CSS animation had a regression causing rendering issues on |
|
1032 |
websites like openstreemap.org (bmo#1083079) |
|
1033 |
* On Godaddy webmail, Firefox could crash (bmo#1113121) |
|
1034 |
* document.baseURI did not get updated to document.location after |
|
1035 |
base tag was removed from DOM for site with a CSP (bmo#1121857) |
|
1036 |
* With a Right-to-left (RTL) version of Firefox, the text selection |
|
1037 |
could be broken (bmo#1104036) |
|
1038 |
* CSP had a change in behavior with regard to case sensitivity |
|
1039 |
resources loading (bmo#1122445) |
|
828 | 1040 |
|
1041 |
------------------------------------------------------------------- |
|
826 | 1042 |
Sat Jan 10 18:36:37 UTC 2015 - wr@rosenauer.org |
1043 |
||
1044 |
- update to Firefox 35.0 (bnc#910669) |
|
827 | 1045 |
notable features: |
1046 |
* Firefox Hello with new rooms-based conversations model |
|
1047 |
* Implemented HTTP Public Key Pinning Extension (for enhanced |
|
1048 |
authentication of encrypted connections) |
|
1049 |
security fixes: |
|
1050 |
* MFSA 2015-01/CVE-2014-8634/CVE-2014-8635 |
|
1051 |
Miscellaneous memory safety hazards |
|
1052 |
* MFSA 2015-02/CVE-2014-8637 (bmo#1094536) |
|
1053 |
Uninitialized memory use during bitmap rendering |
|
1054 |
* MFSA 2015-03/CVE-2014-8638 (bmo#1080987) |
|
1055 |
sendBeacon requests lack an Origin header |
|
1056 |
* MFSA 2015-04/CVE-2014-8639 (bmo#1095859) |
|
1057 |
Cookie injection through Proxy Authenticate responses |
|
1058 |
* MFSA 2015-05/CVE-2014-8640 (bmo#1100409) |
|
1059 |
Read of uninitialized memory in Web Audio |
|
1060 |
* MFSA 2015-06/CVE-2014-8641 (bmo#1108455) |
|
1061 |
Read-after-free in WebRTC |
|
1062 |
* MFSA 2015-07/CVE-2014-8643 (bmo#1114170) (Windows-only) |
|
1063 |
Gecko Media Plugin sandbox escape |
|
1064 |
* MFSA 2015-08/CVE-2014-8642 (bmo#1079658) |
|
1065 |
Delegated OCSP responder certificates failure with |
|
1066 |
id-pkix-ocsp-nocheck extension |
|
1067 |
* MFSA 2015-09/CVE-2014-8636 (bmo#987794) |
|
1068 |
XrayWrapper bypass through DOM objects |
|
807
f54c68340963
Aurora 35.0 (20141115) uplift
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
806
diff
changeset
|
1069 |
- rebased patches |
809
af47260a332c
morphed Aurora packaging into Firefox Developer Edition
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
807
diff
changeset
|
1070 |
- dropped explicit support for everything older than 12.3 |
af47260a332c
morphed Aurora packaging into Firefox Developer Edition
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
807
diff
changeset
|
1071 |
(including SLES11) |
af47260a332c
morphed Aurora packaging into Firefox Developer Edition
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
807
diff
changeset
|
1072 |
* merge firefox-kde.patch and firefox-kde-114.patch |
af47260a332c
morphed Aurora packaging into Firefox Developer Edition
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
807
diff
changeset
|
1073 |
* dropped mozilla-sle11.patch |
af47260a332c
morphed Aurora packaging into Firefox Developer Edition
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
807
diff
changeset
|
1074 |
- reworked specfile to build conditionally based on release channel |
af47260a332c
morphed Aurora packaging into Firefox Developer Edition
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
807
diff
changeset
|
1075 |
either Firefox or Firefox Developer Edition |
af47260a332c
morphed Aurora packaging into Firefox Developer Edition
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
807
diff
changeset
|
1076 |
- added mozilla-openaes-decl.patch to fix implicit declarations |
819
5a18bd66e46c
[Bug 908892] Updated Firefox (33.0-1.90.1 -> 34.0.5-1.94.3) crashes in tracker-miner-firefox
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
818
diff
changeset
|
1077 |
- obsolete tracker-miner-firefox < 0.15 because it leads to startup |
5a18bd66e46c
[Bug 908892] Updated Firefox (33.0-1.90.1 -> 34.0.5-1.94.3) crashes in tracker-miner-firefox
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
818
diff
changeset
|
1078 |
crashes (bnc#908892) |
807
f54c68340963
Aurora 35.0 (20141115) uplift
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
806
diff
changeset
|
1079 |
|
f54c68340963
Aurora 35.0 (20141115) uplift
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
806
diff
changeset
|
1080 |
------------------------------------------------------------------- |
820 | 1081 |
Sat Dec 13 22:13:00 UTC 2014 - Led <ledest@gmail.com> |
1082 |
||
1083 |
- fix bashism in mozilla.sh script |
|
1084 |
||
1085 |
------------------------------------------------------------------- |
|
813
9e3063dcc69e
Firefox 34.0.5 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
811
diff
changeset
|
1086 |
Sat Nov 29 21:23:03 UTC 2014 - wr@rosenauer.org |
9e3063dcc69e
Firefox 34.0.5 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
811
diff
changeset
|
1087 |
|
9e3063dcc69e
Firefox 34.0.5 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
811
diff
changeset
|
1088 |
- update to Firefox 34.0.5 (bnc#908009) |